build(deps): Bump the pip group across 1 directory with 3 updates

[dependabot]

Bumps the pip group with 3 updates in the / directory: cryptography, pip and pytest.

Updates cryptography from 44.0.2 to 45.0.3

Changelog

Sourced from cryptography's changelog.

45.0.3 - 2025-05-25

* Fixed decrypting PKCS#8 files encrypted with long salts (this impacts keys
  encrypted by Bouncy Castle).
* Fixed decrypting PKCS#8 files encrypted with DES-CBC-MD5. While wildly
  insecure, this remains prevalent.
.. _v45-0-2:
45.0.2 - 2025-05-17

• Fixed using mypy with cryptography on older versions of Python.

.. _v45-0-1:

45.0.1 - 2025-05-17

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.0.
.. _v45-0-0:
45.0.0 - 2025-05-17 (YANKED)

• Support for Python 3.7 is deprecated and will be removed in the next cryptography release.
• Updated the minimum supported Rust version (MSRV) to 1.74.0, from 1.65.0.
• Added support for serialization of PKCS#12 Java truststores in :func:~cryptography.hazmat.primitives.serialization.pkcs12.serialize_java_truststore
• Added :meth:~cryptography.hazmat.primitives.kdf.argon2.Argon2id.derive_phc_encoded and :meth:~cryptography.hazmat.primitives.kdf.argon2.Argon2id.verify_phc_encoded methods to support password hashing in the PHC string format
• Added support for PKCS7 decryption and encryption using AES-256 as the content algorithm, in addition to AES-128.
• BACKWARDS INCOMPATIBLE: Made SSH private key loading more consistent with other private key loading: :func:~cryptography.hazmat.primitives.serialization.load_ssh_private_key now raises a TypeError if the key is unencrypted but a password is provided (previously no exception was raised), and raises a TypeError if the key is encrypted but no password is provided (previously a ValueError was raised).
• Added __copy__ to the :class:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey, :class:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey, :class:~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey, :class:~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey, :class:~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey,

... (truncated)

Commits

• 5038495 backports for 45.0.3 release (#12979)
• f81c075 Backport mypy fixes for release (#12930)
• 8ea28e0 bump for 45.0.1 (#12922)
• 6784097 bump for 45 release (#12886)
• 2d9c1c9 bump MSRV to 1.74 (#12919)
• 6c18874 Bump BoringSSL, OpenSSL, AWS-LC in CI (#12918)
• 43fd312 add test vectors for upcoming explicit curve loading (#12913)
• 6bfa0a3 chore(deps): bump asn1 from 0.21.2 to 0.21.3 (#12914)
• a88dd66 chore(deps): bump cc from 1.2.22 to 1.2.23 (#12912)
• e4e9840 chore(deps): bump uv from 0.7.3 to 0.7.4 in /.github/requirements (#12911)
• Additional commits viewable in compare view

Updates pip from 25.1 to 25.1.1

Changelog

Sourced from pip's changelog.

25.1.1 (2025-05-02)

Bug Fixes

• Fix req.source_dir AssertionError when using the legacy resolver. ([#13353](https://github.com/pypa/pip/issues/13353) <https://github.com/pypa/pip/issues/13353>_)
• Fix crash on Python 3.9.6 and lower when pip failed to compile a Python module during installation. ([#13364](https://github.com/pypa/pip/issues/13364) <https://github.com/pypa/pip/issues/13364>_)
• Names in dependency group includes are now normalized before lookup, which fixes incorrect Dependency group '...' not found errors. ([#13372](https://github.com/pypa/pip/issues/13372) <https://github.com/pypa/pip/issues/13372>_)

Vendored Libraries

• Fix issues with using tomllib from the stdlib if available, rather than tomli
• Upgrade dependency-groups to 1.3.1

Commits

• 01857ef Bump for release
• 08d8bb9 Merge pull request #13374 from pfmoore/fixups
• 2bff84e Merge pull request #13363 from sbidoul/fix-source_dir-assert
• 644e71d News file fixups
• 426856f Merge pull request #13364 from ichard26/bugfix/python39
• b7e3aea Merge pull request #13356 from eli-schwartz/tomllib
• 8c678fe Merge pull request #13373 from sirosen/update-vendored-dependency-groups
• 7d00639 Update newsfiles for dependency-groups patch
• 6d28bbf Update version of dependency-groups to v1.3.1
• 94bd66d Revert StreamWrapper removal to restore Python 3.9.{0,6} compat
• Additional commits viewable in compare view

Updates pytest from 8.3.5 to 8.4.0

Release notes

Sourced from pytest's releases.

8.4.0

pytest 8.4.0 (2025-06-02)

Removals and backward incompatible breaking changes

• #11372: Async tests will now fail, instead of warning+skipping, if you don't have any suitable plugin installed.

• #12346: Tests will now fail, instead of raising a warning, if they return any value other than None.

• #12874: We dropped support for Python 3.8 following its end of life (2024-10-07).

• #12960: Test functions containing a yield now cause an explicit error. They have not been run since pytest 4.0, and were previously marked as an expected failure and deprecation warning.

  See the docs <yield tests deprecated>{.interpreted-text role="ref"} for more information.

Deprecations (removal in next major release)

• #10839: Requesting an asynchronous fixture without a [pytest_fixture_setup]{.title-ref} hook that resolves it will now give a DeprecationWarning. This most commonly happens if a sync test requests an async fixture. This should have no effect on a majority of users with async tests or fixtures using async pytest plugins, but may affect non-standard hook setups or autouse=True. For guidance on how to work around this warning see sync-test-async-fixture{.interpreted-text role="ref"}.

New features

• #11538: Added pytest.RaisesGroup{.interpreted-text role="class"} as an equivalent to pytest.raises{.interpreted-text role="func"} for expecting ExceptionGroup{.interpreted-text role="exc"}. Also adds pytest.RaisesExc{.interpreted-text role="class"} which is now the logic behind pytest.raises{.interpreted-text role="func"} and used as parameter to pytest.RaisesGroup{.interpreted-text role="class"}. RaisesGroup includes the ability to specify multiple different expected exceptions, the structure of nested exception groups, and flags for emulating except* <except_star>{.interpreted-text role="ref"}. See assert-matching-exception-groups{.interpreted-text role="ref"} and docstrings for more information.

• #12081: Added capteesys{.interpreted-text role="fixture"} to capture AND pass output to next handler set by --capture=.

• #12504: pytest.mark.xfail{.interpreted-text role="func"} now accepts pytest.RaisesGroup{.interpreted-text role="class"} for the raises parameter when you expect an exception group. You can also pass a pytest.RaisesExc{.interpreted-text role="class"} if you e.g. want to make use of the check parameter.

• #12713: New [--force-short-summary]{.title-ref} option to force condensed summary output regardless of verbosity level.

  This lets users still see condensed summary output of failures for quick reference in log files from job outputs, being especially useful if non-condensed output is very verbose.

• #12749: pytest traditionally collects classes/functions in the test module namespace even if they are imported from another file.

  For example:

  # contents of src/domain.py
  class Testament: ...
  contents of tests/test_testament.py
  from domain import Testament
  def test_testament(): ...

  In this scenario with the default options, pytest will collect the class [Testament]{.title-ref} from [tests/test_testament.py]{.title-ref} because it starts with [Test]{.title-ref}, even though in this case it is a production class being imported in the test module namespace.

  This behavior can now be prevented by setting the new collect_imported_tests{.interpreted-text role="confval"} configuration option to false, which will make pytest collect classes/functions from test files only if they are defined in that file.

... (truncated)

Commits

• 315b3ae Prepare release version 8.4.0
• 1498ba3 Merge pull request #13467 from pytest-dev/towncrier-create
• e4389ac Remove resultlog from the docs (#13465)
• 64b2301 scripts/release: add missing build to towncrier call
• 4c205cf testing/plugins_integration: update Django (#13463)
• 4dcbcc9 Merge pull request #13458 from pytest-dev/dup-param-error
• 5293016 Merge pull request #13459 from pytest-dev/pyright-minor-fixes
• 7a48181 Add pyright configuration
• 9fc6db9 pytester: avoid confusing x self parameter
• 9aa198b mark/expression: fix self -> cls
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions