Skip to content

chore(deps): bump the python-minor-patch group across 1 directory with 5 updates#248

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/python-minor-patch-06c8b131b3
Open

chore(deps): bump the python-minor-patch group across 1 directory with 5 updates#248
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/python-minor-patch-06c8b131b3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-minor-patch group with 5 updates in the / directory:

Package From To
prettytable 3.17.0 3.18.0
pytest 9.0.3 9.1.1
ruff 0.15.14 0.15.19
uv 0.11.17 0.11.24
hatch 1.16.5 1.17.0

Updates prettytable from 3.17.0 to 3.18.0

Release notes

Sourced from prettytable's releases.

Release 3.18.0

Added

Changed

Deprecated

  • Performance: deprecate and defer import of OptionsType (#462) @​hugovk
  • Performance: deprecate and defer import of TableHandler (#460) @​hugovk

Fixed

Commits
  • 069405f Speed up import time (#471)
  • 95810e2 Add support for Python 3.16 (#470)
  • 868b51e Stop testing experimental Python 3.13t (#469)
  • d02b216 Expand tabs in cell values so columns stay aligned (#468)
  • e4c9c69 Drop stale align/valign keys when field_names are renamed (#465)
  • 266ff5d Document header_horizontal_char and remove a duplicate docstring line (#467)
  • 144749c Performance: deprecate and defer import of OptionsType (#462)
  • 23f3eb7 Bump mypy from 1.20.2 to 2.1.0 in the pip group (#466)
  • 2fe26d3 Bump mypy from 1.19.1 to 1.20.2 in the actions group (#464)
  • e4babc3 Hash pin GitHub Actions (#463)
  • Additional commits viewable in compare view

Updates pytest from 9.0.3 to 9.1.1

Release notes

Sourced from pytest's releases.

9.1.1

pytest 9.1.1 (2026-06-19)

Bug fixes

  • #14220: Fixed a logic bug in pytest.RaisesGroup which would might cause it to display incorrect "It matches FooError() which was paired with BarError" messages.
  • #14591: Fixed a regression in pytest 9.1.0 which caused overriding a parametrized fixture with an indirect @​pytest.mark.parametrize to fail with "duplicate parametrization of '<fixture name>'".
  • #14606: Fixed list-item typing errors from mypy in @pytest.mark.parametrize <pytest.mark.parametrize ref> argvalues parameter.
  • #14608: Fixed a regression in pytest 9.1.0 where conftest.py files located in <invocation dir>/test* were no longer loaded as initial conftests when invoked without arguments. This could cause certain hooks (like pytest_addoption) in these files to not fire.

9.1.0

pytest 9.1.0 (2026-06-13)

Removals and backward incompatible breaking changes

  • #14533: When using --doctest-modules, autouse fixtures with module, package or session scope that are defined inline in Python test modules (not plugins or conftests) will now possibly execute twice.

    If this is undesirable, move the fixture definition to a conftest.py file if possible.

    Technical explanation for those interested: When using --doctest-modules, pytest possibly collects Python modules twice, once as pytest.Module and once as a DoctestModule (depending on the configuration). Due to improvements in pytest's fixture implementation, if e.g. the DoctestModule collects a fixture, it is now visible to it only, and not to the Module. This means that both need to register the fixtures independently.

Deprecations (removal in next major release)

  • #10819: Added a deprecation warning for class-scoped fixtures defined as instance methods (without @classmethod). Such fixtures set attributes on a different instance than the test methods use, leading to unexpected behavior. Use @classmethod decorator instead -- by yastcher.

    See 10819 and 14011.

  • #12882: Calling request.getfixturevalue() <pytest.FixtureRequest.getfixturevalue> during teardown to request a fixture that was not already requested is now deprecated and will become an error in pytest 10.

    See dynamic-fixture-request-during-teardown for details.

  • #13409: Using non-~collections.abc.Collection iterables (such as generators, iterators, or custom iterable objects) for the argvalues parameter in @pytest.mark.parametrize <pytest.mark.parametrize ref> and metafunc.parametrize <pytest.Metafunc.parametrize> is now deprecated.

    These iterables get exhausted after the first iteration, leading to tests getting unexpectedly skipped in cases such as running pytest.main() multiple times, using class-level parametrize decorators, or collecting tests multiple times.

    See parametrize-iterators for details and suggestions.

  • #13946: The private config.inicfg attribute is now deprecated. Use config.getini() <pytest.Config.getini> to access configuration values instead.

    See config-inicfg for more details.

  • #14004: Passing baseid to ~pytest.FixtureDef or nodeid strings to fixture registration APIs is now deprecated. These are internal pytest APIs that are used by some plugins.

... (truncated)

Commits
  • cf470ec Prepare release version 9.1.1
  • e0c8ce6 Merge pull request #14625 from pytest-dev/patchback/backports/9.1.x/a07c31a97...
  • 1b82d16 Merge pull request #14624 from pytest-dev/patchback/backports/9.1.x/b375b79ec...
  • 501c4bc Merge pull request #14596 from bluetech/doc-classmethod
  • b61f588 Merge pull request #14622 from chrisburr/fix-14608-initial-conftest-test-subdir
  • 9a567e0 [automated] Update plugin list (#14617) (#14618)
  • ef8b299 Merge pull request #14620 from pytest-dev/patchback/backports/9.1.x/680f9f3ed...
  • 66abd07 Merge pull request #14220 from bysiber/fix-stale-iexp-raisesgroup
  • 79fbf93 Merge pull request #14612 from pytest-dev/patchback/backports/9.1.x/974ed48b6...
  • 0d312eb Merge pull request #14611 from bluetech/parametrize-argvalues-typing
  • Additional commits viewable in compare view

Updates ruff from 0.15.14 to 0.15.19

Release notes

Sourced from ruff's releases.

0.15.19

Release Notes

Released on 2026-06-23.

Preview features

  • Support human-readable names when hovering suppression comments and in code actions (#26114)

Bug fixes

  • Fall back to default settings when editor-only settings are invalid (#26244)
  • Fix panic when inserting text at a notebook cell boundary (#26111)

Rule changes

  • [pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#26239)

Performance

  • Avoid allocating when parsing single string literals (#26200)
  • Avoid reallocating singleton call arguments (#26223)
  • Lazily create source files for lint diagnostics (#26226)
  • Optimize formatter text width and indentation (#26236)
  • Reserve capacity for builtin bindings (#26229)
  • Skip repeated-key checks for singleton dictionaries (#26228)
  • Use ArrayVec for qualified name segments (#26224)

Documentation

  • [flake8-pyi] Note that PYI051 is an opinionated stylistic rule (#26179)
  • [pyupgrade] Clarify UP029 as a Python 2 compatibility rule (#26243)

Other changes

  • Publish Ruff crates to crates.io (#26271)

Contributors

Install ruff 0.15.19

Install prebuilt binaries via shell script

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.19

Released on 2026-06-23.

Preview features

  • Support human-readable names when hovering suppression comments and in code actions (#26114)

Bug fixes

  • Fall back to default settings when editor-only settings are invalid (#26244)
  • Fix panic when inserting text at a notebook cell boundary (#26111)

Rule changes

  • [pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#26239)

Performance

  • Avoid allocating when parsing single string literals (#26200)
  • Avoid reallocating singleton call arguments (#26223)
  • Lazily create source files for lint diagnostics (#26226)
  • Optimize formatter text width and indentation (#26236)
  • Reserve capacity for builtin bindings (#26229)
  • Skip repeated-key checks for singleton dictionaries (#26228)
  • Use ArrayVec for qualified name segments (#26224)

Documentation

  • [flake8-pyi] Note that PYI051 is an opinionated stylistic rule (#26179)
  • [pyupgrade] Clarify UP029 as a Python 2 compatibility rule (#26243)

Other changes

  • Publish Ruff crates to crates.io (#26271)

Contributors

0.15.18

Released on 2026-06-18.

Preview features

... (truncated)

Commits
  • 7f04365 Bump version to 0.15.19 (#26291)
  • a30ba16 [ty] Infer definite equality comparison results (#26290)
  • bcd2028 [ty] Avoid recursion when projecting narrowing constraints (#26276)
  • c0e083e [ty] Avoid bypassing lazy constraints for Divergent (#26288)
  • fb13596 Record configured crates.io packages (#26281)
  • 85da759 [ty] Fix ParamSpec callable signature extraction for callable instances (#26279)
  • 4c98a81 [ty] Make multi-arm TypeOf cycle recovery monotonic (#26275)
  • 7b84361 [ty] Preserve regular kind for callable instances (#26253)
  • 93c8c59 [flake8-pyi] Note that PYI051 is an opinionated stylistic rule (#26179)
  • bc9bb05 [ty] Infer types for names bound in match patterns (#25940)
  • Additional commits viewable in compare view

Updates uv from 0.11.17 to 0.11.24

Release notes

Sourced from uv's releases.

0.11.24

Release Notes

Released on 2026-06-23.

Python

  • Add CPython 3.15.0b3 (#19964)

Preview features

  • Make project environments relocatable under preview (#19965)

Performance

  • Use a compact index for lazy version maps (#19959)

Bug fixes

  • Allow disabling exclude-newer (#19934)
  • Avoid archive id collisions (#19949)
  • Reapply "Fix transparent Python upgrades in project environments" (#19928)
  • Clean up partial tool entrypoint installs (#19966)
  • Fix relocatable activate.fish and broaden Fish version support (#19856)

Install uv 0.11.24

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-installer.ps1 | iex"

Download uv 0.11.24

File Platform Checksum
uv-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
uv-x86_64-apple-darwin.tar.gz Intel macOS checksum
uv-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
uv-i686-pc-windows-msvc.zip x86 Windows checksum
uv-x86_64-pc-windows-msvc.zip x64 Windows checksum
uv-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
uv-i686-unknown-linux-gnu.tar.gz x86 Linux checksum

... (truncated)

Changelog

Sourced from uv's changelog.

0.11.24

Released on 2026-06-23.

Python

  • Add CPython 3.15.0b3 (#19964)

Preview features

  • Make project environments relocatable under preview (#19965)

Performance

  • Use a compact index for lazy version maps (#19959)

Bug fixes

  • Allow disabling exclude-newer (#19934)
  • Avoid archive id collisions (#19949)
  • Reapply "Fix transparent Python upgrades in project environments" (#19928)
  • Clean up partial tool entrypoint installs (#19966)
  • Fix relocatable activate.fish and broaden Fish version support (#19856)

0.11.23

Released on 2026-06-19.

Bug fixes

  • Revert "Fix transparent Python upgrades in project environments" to mitigate unintended breakage in pre-commit-uv (#19925)
  • Restore old behavior where workspace members "hidden" by an intermediate pyproject.toml would be treated as standalone projects (#19926)

0.11.22

Released on 2026-06-18.

Enhancements

  • Publish wheels before sdists in uv publish (#19831)
  • Add TY and RUFF env vars for providing paths for binaries used by uv format and uv check (#19821)

Preview features

  • Allow configuring preview features in uv.toml and pyproject.toml (#18437)
  • Update the lockfile during uv check --no-sync (#19909)
  • Add --script to uv check and uv metadata (#19860)
  • Report workspace-exclusive dependency groups in workspace metadata (#19862)
  • Support SARIF as a uv audit output (#19872)

... (truncated)

Commits

Updates hatch from 1.16.5 to 1.17.0

Release notes

Sourced from hatch's releases.

Hatchling v1.17.0

Added:

  • The app build target now embeds the project version in the name of binaries

Hatch v1.17.0

Changed:

  • The hatch fmt command is now deprecated in favor of the new hatch check command group
  • Migrate HTTP client from httpx to httpx2

Added:

  • Add hatch check command group with subcommands for check code (linting), check fmt (formatting), and check types (type checking)
  • Add hatch check types command for type checking using Pyrefly, with --summarize and --cover flags
  • Add hatch env lock command to generate PEP 751 compliant lockfiles (pylock.toml) for environments
  • Add hatch dep lock and hatch lock commands as shortcuts for locking the active environment
  • Add hatch dep sync command for syncing dependencies from a lockfile
  • Add pluggable dependency locker interface with built-in UV and pip implementations
  • Add --cover-xml and --cover-xml-output flags to the hatch test command for generating XML coverage reports
  • Add linehaul telemetry data to User-Agent header for PyPI download statistics
  • Auto-create environment when locking if it doesn't exist

Fixed:

  • Fix help output formatting for the run command
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…h 5 updates

Bumps the python-minor-patch group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [prettytable](https://github.com/prettytable/prettytable) | `3.17.0` | `3.18.0` |
| [pytest](https://github.com/pytest-dev/pytest) | `9.0.3` | `9.1.1` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.14` | `0.15.19` |
| [uv](https://github.com/astral-sh/uv) | `0.11.17` | `0.11.24` |
| [hatch](https://github.com/pypa/hatch) | `1.16.5` | `1.17.0` |



Updates `prettytable` from 3.17.0 to 3.18.0
- [Release notes](https://github.com/prettytable/prettytable/releases)
- [Changelog](https://github.com/prettytable/prettytable/blob/main/CHANGELOG.md)
- [Commits](prettytable/prettytable@3.17.0...3.18.0)

Updates `pytest` from 9.0.3 to 9.1.1
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.0.3...9.1.1)

Updates `ruff` from 0.15.14 to 0.15.19
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.14...0.15.19)

Updates `uv` from 0.11.17 to 0.11.24
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](astral-sh/uv@0.11.17...0.11.24)

Updates `hatch` from 1.16.5 to 1.17.0
- [Release notes](https://github.com/pypa/hatch/releases)
- [Commits](pypa/hatch@hatch-v1.16.5...hatch-v1.17.0)

---
updated-dependencies:
- dependency-name: prettytable
  dependency-version: 3.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor-patch
- dependency-name: pytest
  dependency-version: 9.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor-patch
- dependency-name: ruff
  dependency-version: 0.15.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: uv
  dependency-version: 0.11.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: hatch
  dependency-version: 1.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 1, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 1, 2026 14:05
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 1, 2026
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedpypi/​pytest@​9.0.3 ⏵ 9.1.187 +1100100100100
Updatedpypi/​hatch@​1.16.5 ⏵ 1.17.095100100100100
Updatedpypi/​uv@​0.11.17 ⏵ 0.11.24100 +1100100100100
Updatedpypi/​ruff@​0.15.14 ⏵ 0.15.19100100100100100
Updatedpypi/​prettytable@​3.17.0 ⏵ 3.18.0100100100100100

View full report

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: pypi hatch is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pyproject.tomlpypi/hatch@1.17.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore pypi/hatch@1.17.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@socket-security-staging

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedpypi/​pytest@​9.0.3 ⏵ 9.1.187 +1100100100100
Updatedpypi/​uv@​0.11.17 ⏵ 0.11.24100 +1100100100100
Updatedpypi/​ruff@​0.15.14 ⏵ 0.15.19100100100100100
Updatedpypi/​prettytable@​3.17.0 ⏵ 3.18.0100100100100100

View full report

@socket-security-staging

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: pypi ruff is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pyproject.tomlpypi/ruff@0.15.19

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity-Staging ignore pypi/ruff@0.15.19. You can also ignore all packages with @SocketSecurity-Staging ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants