Bump the dependencies group across 1 directory with 13 updates

[dependabot]

Bumps the dependencies group with 12 updates in the / directory:

Package	From	To
certifi	2024.12.14	2025.10.5
cryptography	44.0.0	46.0.2
requests	2.32.4	2.32.5
ruff	0.12.8	0.14.0
pytest	8.3.4	8.4.2
zizmor	1.0.0	1.15.2
charset-normalizer	3.4.0	3.4.4
idna	3.10	3.11
iniconfig	2.0.0	2.1.0
packaging	24.2	25.0
pluggy	1.5.0	1.6.0
pycparser	2.22	2.23

Updates certifi from 2024.12.14 to 2025.10.5

Commits

• fb14ac4 2025.10.05 (#371)
• 2c7c7ee Add Python 3.14 classifier in setup.py
• 1a5cb7b Bump actions/setup-python from 5.6.0 to 6.0.0 (#367)
• dea5960 Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 (#366)
• 83566b7 Bump actions/checkout from 4.2.2 to 5.0.0
• ca2e121 Bump actions/download-artifact from 4.3.0 to 5.0.0
• a97d9ad 2025.08.03 (#362)
• ddd90c6 2025.07.14 (#359)
• d905221 2025.07.09 (#358)
• e767d59 2025.06.15 (#357)
• Additional commits viewable in compare view

Updates cryptography from 44.0.0 to 46.0.2

Changelog

Sourced from cryptography's changelog.

46.0.2 - 2025-09-30

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.
.. _v46-0-1:
46.0.1 - 2025-09-16

• Fixed an issue where users installing via pip on Python 3.14 development versions would not properly install a dependency.
• Fixed an issue building the free-threaded macOS 3.14 wheels.

.. _v46-0-0:

46.0.0 - 2025-09-16

* **BACKWARDS INCOMPATIBLE:** Support for Python 3.7 has been removed.
* Support for OpenSSL < 3.0 is deprecated and will be removed in the next
  release.
* Support for ``x86_64`` macOS (including publishing wheels) is deprecated
  and will be removed in two releases. We will switch to publishing an
  ``arm64`` only wheel for macOS.
* Support for 32-bit Windows (including publishing wheels) is deprecated
  and will be removed in two releases. Users should move to a 64-bit
  Python installation.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.3.
* We now build ``ppc64le`` ``manylinux`` wheels and publish them to PyPI.
* We now build ``win_arm64`` (Windows on Arm) wheels and publish them to PyPI.
* Added support for free-threaded Python 3.14.
* Removed the deprecated ``get_attribute_for_oid`` method on
  :class:`~cryptography.x509.CertificateSigningRequest`. Users should use
  :meth:`~cryptography.x509.Attributes.get_attribute_for_oid` instead.
* Removed the deprecated ``CAST5``, ``SEED``, ``IDEA``, and ``Blowfish``
  classes from the cipher module. These are still available in
  :doc:`/hazmat/decrepit/index`.
* In X.509, when performing a PSS signature with a SHA-3 hash, it is now
  encoded with the official NIST SHA3 OID.
.. _v45-0-7:
45.0.7 - 2025-09-01

• Added a function to support an upcoming pyOpenSSL release.

.. _v45-0-6:

... (truncated)

Commits

• 99efe5a bump version for 46.0.2 (#13531)
• e735cfc release 46.0.1 (#13450)
• 4e457ff Explicitly specify python in mac uv build invocation (#13447)
• 2726efd Depend on CFFI 2.0.0 or newer on Python > 3.8 (#13448)
• 6223062 release 46.0.0 (#13446)
• 563c491 Update comment for pyopenssl-release tag (#13445)
• d2f6f7f Bump downstream dependencies in CI (#13439)
• e7ab02b we'll ship this with 3.5.3 why not (#13442)
• 0b68a4b Another pair of bump dependencies fix (#13444)
• e076d08 Attempt to fix commit message for bump downstreams (#13440)
• Additional commits viewable in compare view

Updates requests from 2.32.4 to 2.32.5

Release notes

Sourced from requests's releases.

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

Changelog

Sourced from requests's changelog.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

Commits

• b25c87d v2.32.5
• 131e506 Merge pull request #7010 from psf/dependabot/github_actions/actions/checkout-...
• b336cb2 Bump actions/checkout from 4.2.0 to 5.0.0
• 46e939b Update publish workflow to use artifact-id instead of name
• 4b9c546 Merge pull request #6999 from psf/dependabot/github_actions/step-security/har...
• 7618dbe Bump step-security/harden-runner from 2.12.0 to 2.13.0
• 2edca11 Add support for Python 3.14 and drop support for Python 3.8 (#6993)
• fec96cd Update Makefile rules (#6996)
• d58d8aa docs: clarify timeout parameter uses seconds in Session.request (#6994)
• 91a3eab Bump github/codeql-action from 3.28.5 to 3.29.0
• Additional commits viewable in compare view

Updates ruff from 0.12.8 to 0.14.0

Release notes

Sourced from ruff's releases.

0.14.0

Release Notes

Released on 2025-10-07.

Breaking changes

• Update default and latest Python versions for 3.14 (#20725)

Preview features

• [flake8-bugbear] Include certain guaranteed-mutable expressions: tuples, generators, and assignment expressions (B006) (#20024)
• [refurb] Add fixes for FURB101 and FURB103 (#20520)
• [ruff] Extend FA102 with listed PEP 585-compatible APIs (#20659)

Bug fixes

• [flake8-annotations] Fix return type annotations to handle shadowed builtin symbols (ANN201, ANN202, ANN204, ANN205, ANN206) (#20612)
• [flynt] Fix f-string quoting for mixed quote joiners (FLY002) (#20662)
• [isort] Fix inserting required imports before future imports (I002) (#20676)
• [ruff] Handle argfile expansion errors gracefully (#20691)
• [ruff] Skip RUF051 if else/elif block is present (#20705)
• [ruff] Improve handling of intermixed comments inside from-imports (#20561)

Documentation

• [flake8-comprehensions] Clarify fix safety documentation (C413) (#20640)

Contributors

• @​danparizher
• @​terror
• @​TaKO8Ki
• @​ntBre
• @​njhearp
• @​amyreese
• @​IDrokin117
• @​chirizxc

Install ruff 0.14.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.14.0/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

</tr></table> 

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.0

Released on 2025-10-07.

Breaking changes

• Update default and latest Python versions for 3.14 (#20725)

Preview features

• [flake8-bugbear] Include certain guaranteed-mutable expressions: tuples, generators, and assignment expressions (B006) (#20024)
• [refurb] Add fixes for FURB101 and FURB103 (#20520)
• [ruff] Extend FA102 with listed PEP 585-compatible APIs (#20659)

Bug fixes

• [flake8-annotations] Fix return type annotations to handle shadowed builtin symbols (ANN201, ANN202, ANN204, ANN205, ANN206) (#20612)
• [flynt] Fix f-string quoting for mixed quote joiners (FLY002) (#20662)
• [isort] Fix inserting required imports before future imports (I002) (#20676)
• [ruff] Handle argfile expansion errors gracefully (#20691)
• [ruff] Skip RUF051 if else/elif block is present (#20705)
• [ruff] Improve handling of intermixed comments inside from-imports (#20561)

Documentation

• [flake8-comprehensions] Clarify fix safety documentation (C413) (#20640)

Contributors

• @​danparizher
• @​terror
• @​TaKO8Ki
• @​ntBre
• @​njhearp
• @​amyreese
• @​IDrokin117
• @​chirizxc

0.13.x

See changelogs/0.13.x

0.12.x

See changelogs/0.12.x

0.11.x

See changelogs/0.11.x

... (truncated)

Commits

• beea8cd Bump 0.14.0 (#20751)
• 416e956 [ty] Infer better specializations of unions with None (etc) (#20749)
• 88c0ce3 Update default and latest Python versions for 3.14 (#20725)
• 8fb29ea [ruff] improve handling of intermixed comments inside from-imports (#20561)
• 23ebfe7 [ty] Fix tiny mistake in protocol tests (#20743)
• f90d646 [ty] Make infer_method_information less confusing (#20740)
• 15af4c0 Move --show-settings snapshots to separate files (#20741)
• 76f8e5b Refactor Rust lint test structure to use RuffTestFixture (#20689)
• b66a3e7 [refurb] Add fixes for FURB101, FURB103 (#20520)
• 70f51e9 [ty] Print display of types when a property test fails (#20720)
• Additional commits viewable in compare view

Updates pytest from 8.3.4 to 8.4.2

Release notes

Sourced from pytest's releases.

8.4.2

pytest 8.4.2 (2025-09-03)

Bug fixes

• #13478: Fixed a crash when using console_output_style{.interpreted-text role="confval"} with times and a module is skipped.

• #13530: Fixed a crash when using pytest.approx{.interpreted-text role="func"} and decimal.Decimal{.interpreted-text role="class"} instances with the decimal.FloatOperation{.interpreted-text role="class"} trap set.

• #13549: No longer evaluate type annotations in Python 3.14 when inspecting function signatures.

  This prevents crashes during module collection when modules do not explicitly use from __future__ import annotations and import types for annotations within a if TYPE_CHECKING: block.

• #13559: Added missing [int]{.title-ref} and [float]{.title-ref} variants to the [Literal]{.title-ref} type annotation of the [type]{.title-ref} parameter in pytest.Parser.addini{.interpreted-text role="meth"}.

• #13563: pytest.approx{.interpreted-text role="func"} now only imports numpy if NumPy is already in sys.modules. This fixes unconditional import behavior introduced in [8.4.0]{.title-ref}.

Improved documentation

• #13577: Clarify that pytest_generate_tests is discovered in test modules/classes; other hooks must be in conftest.py or plugins.

Contributor-facing changes

• #13480: Self-testing: fixed a few test failures when run with -Wdefault or a similar override.
• #13547: Self-testing: corrected expected message for test_doctest_unexpected_exception in Python 3.14.
• #13684: Make pytest's own testsuite insensitive to the presence of the CI environment variable -- by ogrisel{.interpreted-text role="user"}.

8.4.1

pytest 8.4.1 (2025-06-17)

Bug fixes

• #13461: Corrected _pytest.terminal.TerminalReporter.isatty to support being called as a method. Before it was just a boolean which could break correct code when using -o log_cli=true).

• #13477: Reintroduced pytest.PytestReturnNotNoneWarning{.interpreted-text role="class"} which was removed by accident in pytest [8.4]{.title-ref}.

  This warning is raised when a test functions returns a value other than None, which is often a mistake made by beginners.

  See return-not-none{.interpreted-text role="ref"} for more information.

• #13497: Fixed compatibility with Twisted 25+.

Improved documentation

• #13492: Fixed outdated warning about faulthandler not working on Windows.

8.4.0

pytest 8.4.0 (2025-06-02)

... (truncated)

Commits

• bfae422 Prepare release version 8.4.2
• 8990538 Fix passenv CI in tox ini and make tests insensitive to the presence of the C...
• ca676bf Merge pull request #13687 from pytest-dev/patchback/backports/8.4.x/e63f6e51c...
• 975a60a Merge pull request #13686 from pytest-dev/patchback/backports/8.4.x/12bde8af6...
• 7723ce8 Merge pull request #13683 from even-even/fix_Exeption_to_Exception_in_errorMe...
• b7f0568 Merge pull request #13685 from CoretexShadow/fix/docs-pytest-generate-tests
• 2c94c4a add missing colon (#13640) (#13641)
• c3d7684 Merge pull request #13606 from pytest-dev/patchback/backports/8.4.x/5f9938563...
• dc6e3be Merge pull request #13605 from The-Compiler/training-update-2025-07
• f87289c Fix crash with times output style and skipped module (#13573) (#13579)
• Additional commits viewable in compare view

Updates zizmor from 1.0.0 to 1.15.2

Release notes

Sourced from zizmor's releases.

v1.15.2

Bug Fixes 🐛🔗

• Fixed a bug where zizmor would fail to parse some Dependabot configuration files due to missing support for some schedule formats (#1247)

v1.15.1

Bug Fixes 🐛🔗

• Fixed a bug where zizmor would fail to parse Dependabot configuration files due to missing support for some package ecosystems (#1240)

v1.15.0

This release comes with support for auditing Dependabot configuration files! Like with composite action definition auditing (introduced in v1.0.0), Dependabot configuration auditing is enabled by default but can be disabled as part of input collection.

To complement this new functionality, this release comes with two new audits: dependabot-execution and dependabot-cooldown.

New Features 🌈🔗

• New audit: dependabot-execution detects Dependabot configurations that allow insecure external code execution (#1220)

• New audit: dependabot-cooldown detects Dependabot configurations that do not include cooldown settings, or that set an insufficient cooldown (#1223)

Performance Improvements 🚄🔗

• zizmor now uses jemalloc as its default allocator on non-MSVC targets, which should significantly improve performance for Linux and macOS users (#1200)

Enhancements 🌱🔗

• zizmor now unconditionally emits its version number to stderr on startup (#1199)

• The ref-version-mismatch audit now supports auto-fixes for many findings (#1205)

  Many thanks to @​mostafa for implementing this improvement!

• The [impostor-commit] audit now supports auto-fixes for many findings (#1090)

  Many thanks to @​mostafa for implementing this improvement!

• zizmor is now more resilient to sporadic request failures when performing GitHub API requests (#1219)

• --collect=dependabot is now supported as a collection option, allowing users to audit only Dependabot configuration files (#1215)

• The --fix mode (introduced with v1.10.0) is now considered stable and no longer experimental (#1232)

Bug Fixes 🐛🔗

• Fixed a bug where zizmor would fail instead of analyzing single-file inputs that lacked an explicit parent path component, e.g. zizmor foo.yml instead of zizmor ./foo.yml (#1212)

Deprecations ⚠️🔗

• The workflows-only and actions-only values for --collect are now deprecated. These values have been replaced with workflows and actions, respectively, which have the same behavior but can be composed together with other collection modes. The deprecated modes will be removed in a future release (#1228)

... (truncated)

Changelog

Sourced from zizmor's changelog.

1.15.2

Bug Fixes 🐛

• Fixed a bug where zizmor would fail to parse some Dependabot configuration files due to missing support for some schedule formats (#1247)

1.15.1

Bug Fixes 🐛

• Fixed a bug where zizmor would fail to parse Dependabot configuration files due to missing support for some package ecosystems (#1240)

1.15.0

This release comes with support for auditing Dependabot configuration files! Like with composite action definition auditing (introduced in v1.0.0), Dependabot configuration auditing is enabled by default but can be disabled as part of input collection.

To complement this new functionality, this release comes with two new audits: [dependabot-execution] and [dependabot-cooldown].

New Features 🌈

• New audit: [dependabot-execution] detects Dependabot configurations that allow insecure external code execution (#1220)

• New audit: [dependabot-cooldown] detects Dependabot configurations that do not include cooldown settings, or that set an insufficient cooldown (#1223)

Performance Improvements 🚄

• zizmor now uses jemalloc as its default allocator on non-MSVC targets, which should significantly improve performance for Linux and macOS users (#1200)

Enhancements 🌱

• zizmor now unconditionally emits its version number to stderr on startup (#1199)

• The [ref-version-mismatch] audit now supports auto-fixes for many findings (#1205)

  Many thanks to @​mostafa for implementing this improvement!

... (truncated)

Commits

• a4c6c3b chore: release zizmor 1.15.2 (#1249)
• 41b3983 bump github-actions-models to 0.36.0 (#1248)
• 2189780 feat: Add validation for extended Dependabot schedule intervals (#1247)
• 7984062 chore: prep release 1.15.1 (#1243)
• e9e4eb9 models: add devcontainers as a known ecosystem (#1240)
• 4494b8a prep for 1.15.0 release (#1236)
• cbe25bb deps: bump tower-http (#1234)
• 6e1a300 chore: bump github-actions-models to 0.33.0 (#1233)
• d9c2d95 feat: stabilize the auto-fix mode (#1232)
• 7ad9afb docs: bump trophies (#1231)
• Additional commits viewable in compare view

Updates cffi from 1.17.1 to 2.0.0

Release notes

Sourced from cffi's releases.

v2.0.0

What's Changed

• Add Python 3.14 support.
• Add CPython free-threaded support (3.14t+ only) - huge thanks to the folks at Quansight Labs for all the work to get this one sorted!
• Drop Python <= 3.8 support.
• Fix order dependency affecting nested type size calculation (#148).

Full Changelog: python-cffi/cffi@v1.17.1...v2.0.0

v2.0.0b1

What's Changed

• Add Python 3.14 support.
• Add CPython free-threaded support (3.14t+ only).
• Drop Python <= 3.8 support.
• Fix order dependency affecting nested type size calculation (#148).

Full Changelog: python-cffi/cffi@v1.17.1...v2.0.0b1

Commits

• 6366c01 release 2.0.0 (#196)
• 95c8476 2.0.0 post beta backports (#195)
• 195cbda Release 2.0.0b1 (#183)
• b4bbe79 fix version test to support beta
• 7ed073d Add support for the free-threaded build (#178)
• 67a170d Change the license from MIT to MIT-no-attribution, which is the same without ...
• 92645ec Add Python 3.14 support/testing (#177)
• 2b81170 doc: update test commands in Section Testing/development tips (#158)
• 25172b8 doc: update year (#153)
• b57a92c issue 147: force-compute nested structs before parent structs. Occurs mainly...
• Additional commits viewable in compare view

Updates charset-normalizer from 3.4.0 to 3.4.4

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.4

3.4.4 (2025-10-13)

Changed

• Bound setuptools to a specific constraint setuptools>=68,<=81.
• Raised upper bound of mypyc for the optional pre-built extension to v1.18.2

Removed

• setuptools-scm as a build dependency.

Misc

• Enforced hashes in dev-requirements.txt and created ci-requirements.txt for security purposes.
• Additional pre-built wheels for riscv64, s390x, and armv7l architectures.
• Restore multiple.intoto.jsonl in GitHub releases in addition to individual attestation file per wheel.

Version 3.4.3

3.4.3 (2025-08-09)

Changed

• mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
• automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

• Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
• Support for Python 3.14

Fixed

• sdist archive contained useless directories.
• automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. (#633)

Misc

• SBOM are automatically published to the relevant GitHub release to comply with regulatory changes. Each published wheel comes with its SBOM. We choose CycloneDX as the format.
• Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel.

Version 3.4.2

3.4.2 (2025-05-02)

Fixed

• Addressed the DeprecationWarning in our CLI regarding argparse.FileType by backporting the target class into the package. (#591)
• Improved the overall reliability of the detector with CJK Ideographs. (#605) (#587)

Changed

• Optional mypyc compilation upgraded to version 1.15 for Python >= 3.9

Version 3.4.1

🚀 We're still raising awareness around HTTP/2, and HTTP/3!

Did you know that Internet Explorer 11 shipped with an optional HTTP/2 support back in 2013? also libcurl did ship it in 2014[...] Using Requests today is the rough equivalent of using EOL Windows 8! We promptly invite Python developers to look at the first drop-in replacement for Requests, namely Niquests. Ship with native WebSocket, SSE, Happy Eyeballs, DNS over HTTPS, and so on[...] All of this while remaining compatible with all Requests prior plug-ins / add-ons.

... (truncated)

Changelog

Sourced from charset-normalizer's changelog.

3.4.4 (2025-10-13)

Changed

• Bound setuptools to a specific constraint setuptools>=68,<=81.
• Raised upper bound of mypyc for the optional pre-built extension to v1.18.2

Removed

• setuptools-scm as a build dependency.

Misc

• Enforced hashes in dev-requirements.txt and created ci-requirements.txt for security purposes.
• Additional pre-built wheels for riscv64, s390x, and armv7l architectures.
• Restore multiple.intoto.jsonl in GitHub releases in addition to individual attestation file per wheel.

3.4.3 (2025-08-09)

Changed

• mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
• automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

• Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
• Support for Python 3.14

Fixed

• sdist archive contained useless directories.
• automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. (#633)

Misc

• SBOM are automatically published to the relevant GitHub release to comply with regulatory changes. Each published wheel comes with its SBOM. We choose CycloneDX as the format.
• Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel.

3.4.2 (2025-05-02)

Fixed

• Addressed the DeprecationWarning in our CLI regarding argparse.FileType by backporting the target class into the package. (#591)
• Improved the overall reliability of the detector with CJK Ideographs. (#605) (#587)

Changed

• Optional mypyc compilation upgraded to version 1.15 for Python >= 3.8

3.4.1 (2024-12-24)

Changed

• Project metadata are now stored using pyproject.toml instead of setup.cfg using setuptools as the build backend.
• Enforce annotation delayed loading for a simpler and consistent types in the project.
• Optional mypyc compilation upgraded to version 1.14 for Python >= 3.8

Added

... (truncated)

Commits

• b30ffdc 🔧 fix checksum step in cd.yml
• d3fbfcf 🔧 fix cd.yml
• dafbb95 Release 3.4.4 (#658)
• 1f18ffa ⬆️ raise mypy upper bound to 1.18.2
• ef4ac69 Merge branch 'release-3.4.4' of github.com:jawah/charset_normalizer into rele...
• 4b35dda 📝 write changelog for 3.4.4
• 0ec6452 🔧 update cd.yml workflow (add riscv64, s390x and armv7l)
• f341ede ⬆️ upgrade dependencies (dev, ci)
• a308841 📝 write changelog for 3.4.4
• 9c906da 🔧 update cd.yml workflow (add riscv64, s390x and armv7l)
• Additional commits viewable in compare view

Updates idna from 3.10 to 3.11

Changelog

Sourced from idna's changelog.

3.11 (2025-10-12)

• Update to Unicode 16.0.0, including significant changes to UTS46 processing. As a result of Unicode ending support for it, transitional processing no longer has an effect and returns the same result.
• Add support for Python 3.14, lowest supported version is Python 3.8.
• Various updates to packaging, including PEP 740 support.

Commits

• ad949ee Release v3.11
• cae4ba7 Second release candidate for 3.11
• 8adb305 Add space in RST link
• 74cb2b6 Release candidate for 3.11
• 05dab09 Format idna-data with ruff
• 90eac78 Apply ruff formatting
• a31ce7e Remove errant test vectors
• 81f0333 Omit vectors known to be broken in test suite
• a0f3257 Merge branch 'master' into unicode-16-uts46-changes
• 38d9886 Remove extra UTS46 test vector
• Additional commits viewable in compare view

Updates iniconfig from 2.0.0 to 2.1.0

Release notes

Sourced from iniconfig's releases.

v2.1.0

What's Changed

• fix #26 - list individuals in license file by @​RonnyPfannschmidt in pytest-dev/iniconfig#52
• Run tests in CI by @​nicoddemus in pytest-dev/iniconfig#53
• Use pypa/gh-action-pypi-publish@release/v1 @ GHA by @​webknjaz in pytest-dev/iniconfig#54
• Add support for Python 3.12-3.13 and drop EOL 3.7 by @​hugovk in pytest-dev/iniconfig#56

New Contributors

• @​nicoddemus made their first contribution in pytest-dev/iniconfig#53
• @​webknjaz made their first contribution in pytest-dev/iniconfig#54

Full Changelog: pytest-dev/iniconfig@v2.0.0...v2.1.0

Changelog

Sourced from iniconfig's changelog.

2.1.0

• fix artifact building - pin minimal version of hatch
• drop eol python 3.8
• add python 3.12 and 3.13

Commits

• 34793a6 pre-commit
• 136435d update changelog
• 0bb99ad fix #62: require a minimal hatch version with correct metadata
• 16793ea Merge pull request #56 from hugovk/add-3.12
• 3dc2b2d Add support for Python 3.13
• 2eb8abf Bump GitHub Actions
• 8c4bb5b Set python-version for pre-commit to remove CI warning
• 58b22b2 Drop support for EOL Python 3.7
• 4a53042 Add support for Python 3.12
• 9cae431 Merge pull request #54 from webknjaz/patch-1
• Additional commits viewable in compare view

Updates packaging from 24.2 to 25.0

Release notes

Sourced from packaging's releases.

25.0

What's Changed

• Re-add a test for Unicode file name parsing by @​Siddhesh-Agarwal in pypa/packaging#863
• Upgrade to ruff 0.9.1 by @​DimitriPapadopoulos in pypa/packaging#865
• Add support for PEP 738 Android tags by @​mhsmith in pypa/packaging#880
• feat(markers): support 'extras' and 'dependency_groups' markers by @​frostming in pypa/packaging#888

New Contributors

• @​Siddhesh-Agarwal made their first contribution in pypa/packaging#863
• @​mhsmith made their first contribution in pypa/packaging#880
• @​frostming made their first contribution in pypa/packaging#888

Full Changelog: pypa/packaging@24.2...25.0

Changelog

Sourced from packaging's changelog.

25.0 - 2025-04-19

* PEP 751: Add support for ``extras`` and ``dependency_groups`` markers. (:issue:`885`)
* PEP 738: Add support for Android platform tags. (:issue:`880`)

Commits

• f585376 Bump for release
• 600ecea Add changelog entries
• 3910129 support 'extras' and 'dependency_groups' markers (#888)
• 8e49b43 Add support for PEP 738 Android tags (#880)
• e624d8e Bump the github-actions group with 3 updates (#886)
• 71f38d8 Bump the github-actions group with 2 updates (#878)
• 9b4922d Bump the github-actions group with 3 updates (#870)
• 8510bd9 Upgrade to ruff 0.9.1 (#865)
• 9375ec2 Re-add tests for Unicode file name parsing (#863)
• 2256ed4 Bump the github-actions group across 1 directory with 2 updates (#864)
• Additional commits viewable in compare view

Updates pluggy from 1.5.0 to 1.6.0

Changelog

Sourced from pluggy's changelog.

pluggy 1.6.0 (2025-05-15)

Deprecations and Removals

• [#556](https://github.com/pytest-dev/pluggy/issues/556) <https://github.com/pytest-dev/pluggy/issues/556>_: Python 3.8 is no longer supported.

Bug Fixes

• [#504](https://github.com/pytest-dev/pluggy/issues/504) <https://github.com/pytest-dev/pluggy/issues/504>_: Fix a regression in pluggy 1.1.0 where using :func:result.get_result() <pluggy.Result.get_result> on the same failed :class:~pluggy.Result causes the exception's traceback to get longer and longer.

• [#544](https://github.com/pytest-dev/pluggy/issues/544) <https://github.com/pytest-dev/pluggy/issues/544>_: Correctly pass :class:StopIteration through ...

  Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.