chore(deps-dev): bump the development-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the development-dependencies group with 7 updates in the / directory:

Package	From	To
pytest	8.4.2	9.0.2
flask-cors	6.0.1	6.0.2
meltano	4.0.1	4.0.8
types-boto3	1.40.64	1.42.25
mypy	1.18.2	1.19.1
ty	0.0.1a24	0.0.11
types-requests	2.32.4.20250913	2.32.4.20260107

Updates pytest from 8.4.2 to 9.0.2

Release notes

Sourced from pytest's releases.

9.0.2

pytest 9.0.2 (2025-12-06)

Bug fixes

• #13896: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.

  You may enable it again by passing -p terminalprogress. We may enable it by default again once compatibility improves in the future.

  Additionally, when the environment variable TERM is dumb, the escape codes are no longer emitted, even if the plugin is enabled.

• #13904: Fixed the TOML type of the tmp_path_retention_count settings in the API reference from number to string.

• #13946: The private config.inicfg attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.

• #13965: Fixed quadratic-time behavior when handling unittest subtests in Python 3.10.

Improved documentation

• #4492: The API Reference now contains cross-reference-able documentation of pytest's command-line flags <command-line-flags>.

9.0.1

pytest 9.0.1 (2025-11-12)

Bug fixes

• #13895: Restore support for skipping tests via raise unittest.SkipTest.
• #13896: The terminal progress plugin added in pytest 9.0 is now automatically disabled when iTerm2 is detected, it generated desktop notifications instead of the desired functionality.
• #13904: Fixed the TOML type of the verbosity settings in the API reference from number to string.
• #13910: Fixed UserWarning: Do not expect file_or_dir on some earlier Python 3.12 and 3.13 point versions.

Packaging updates and notes for downstreams

• #13933: The tox configuration has been adjusted to make sure the desired version string can be passed into its package_env through the SETUPTOOLS_SCM_PRETEND_VERSION_FOR_PYTEST environment variable as a part of the release process -- by webknjaz.

Contributor-facing changes

• #13891, #13942: The CI/CD part of the release automation is now capable of creating GitHub Releases without having a Git checkout on disk -- by bluetech and webknjaz.
• #13933: The tox configuration has been adjusted to make sure the desired version string can be passed into its package_env through the SETUPTOOLS_SCM_PRETEND_VERSION_FOR_PYTEST environment variable as a part of the release process -- by webknjaz.

... (truncated)

Commits

• 3d10b51 Prepare release version 9.0.2
• 188750b Merge pull request #14030 from pytest-dev/patchback/backports/9.0.x/1e4b01d1f...
• b7d7bef Merge pull request #14014 from bluetech/compat-note
• bd08e85 Merge pull request #14013 from pytest-dev/patchback/backports/9.0.x/922b60377...
• bc78386 Add CLI options reference documentation (#13930)
• 5a4e398 Fix docs typo (#14005) (#14008)
• d7ae6df Merge pull request #14006 from pytest-dev/maintenance/update-plugin-list-tmpl...
• 556f6a2 pre-commit: fix rst-lint after new release (#13999) (#14001)
• c60fbe6 Fix quadratic-time behavior when handling unittest subtests in Python 3.10 ...
• 73d9b01 Merge pull request #13995 from nicoddemus/patchback/backports/9.0.x/1b5200c0f...
• Additional commits viewable in compare view

Updates flask-cors from 6.0.1 to 6.0.2

Release notes

Sourced from flask-cors's releases.

6.0.2

What's Changed

• Update license pyproject.toml by @​wagenrace in corydolphin/flask-cors#395

New Contributors

• @​wagenrace made their first contribution in corydolphin/flask-cors#395

Full Changelog: corydolphin/flask-cors@6.0.1...6.0.2

Commits

• fa55dcb Update license pyproject.toml (#395)
• See full diff in compare view

Updates meltano from 4.0.1 to 4.0.8

Release notes

Sourced from meltano's releases.

v4.0.8 (2025-12-17)

🐛 Fixes

• #9688 Fixed typo in migration error message
• #9687 Serialize nested date-time values in plugin configuration
• #9669 Parse plugin logs coming out during meltano invoke

⚙️ Under the Hood

• #9689 Use the Project.dirs API in more places

v4.0.7 (2025-12-09)

⚙️ Under the Hood

• #9665 Remove dependency on click-didyoumean

📚 Documentation Improvements

• #9675 Update meltano config examples to use new command syntax/order

📦 Packaging changes

• #9673 Bump build requirement hatchling to 1.28.0

v4.0.6 (2025-11-19)

🐛 Fixes

• #9637 Bump fasteners to 0.20

📚 Documentation Improvements

• #9634 Fix command syntax in troubleshooting docs -- Thanks @​visch!

v4.0.5 (2025-11-04)

🐛 Fixes

• #9626 Expand environment variables in mapping configuration

⚙️ Under the Hood

• #9627 Use pattern matching to update the schedule in meltano schedule set

📦 Packaging changes

... (truncated)

Changelog

Sourced from meltano's changelog.

v4.0.8 (2025-12-17)

🐛 Fixes

• #9688 Fixed typo in migration error message
• #9687 Serialize nested date-time values in plugin configuration
• #9669 Parse plugin logs coming out during meltano invoke

⚙️ Under the Hood

• #9689 Use the Project.dirs API in more places

v4.0.7 (2025-12-09)

⚙️ Under the Hood

• #9665 Remove dependency on click-didyoumean

📚 Documentation Improvements

• #9675 Update meltano config examples to use new command syntax/order

📦 Packaging changes

• #9673 Bump build requirement hatchling to 1.28.0

v4.0.6 (2025-11-19)

🐛 Fixes

• #9637 Bump fasteners to 0.20

📚 Documentation Improvements

• #9634 Fix command syntax in troubleshooting docs -- Thanks @​visch!

v4.0.5 (2025-11-04)

🐛 Fixes

• #9626 Expand environment variables in mapping configuration

⚙️ Under the Hood

• #9627 Use pattern matching to update the schedule in meltano schedule set

📦 Packaging changes

• #9609 Remove unmaintained dependency flatten-dict

... (truncated)

Commits

• 2b049aa chore: Release v4.0.8 (#9691)
• 1702852 ci: Safe interpolation in inline workflow scripts (#9690)
• 09e3436 refactor: Use the Project.dirs API in more places (#9689)
• f6c7802 fix: Fixed typo in migration error message (#9688)
• 23b678b fix: Serialize nested date-time values in plugin configuration (#9687)
• e649af7 chore: Fix up some tracker tests
• e149ffa chore(deps): Lock file maintenance (#9684)
• 429884b chore(deps-dev): Bump prettier from 3.7.3 to 3.7.4 in /docs in the developmen...
• 8a40d4b ci: Fix triggers in dependency review workflow (#9682)
• 3a0c279 ci: Audit action permissions (#9681)
• Additional commits viewable in compare view

Updates types-boto3 from 1.40.64 to 1.42.25

Release notes

Sourced from types-boto3's releases.

8.8.0 - Python 3.8 runtime is back

Changed

• [services] install_requires section is calculated based on dependencies in use, so typing-extensions version is set properly
• [all] Replaced typing imports with collections.abc with a fallback to typing for Python <3.9
• [all] Added aliases for builtins.list, builtins.set, builtins.dict, and builtins.type, so Python 3.8 runtime should work as expected again (reported by @​YHallouard in #340 and @​Omri-Ben-Yair in #336)
• [all] Unions use the same type annotations as the rest of the structures due to proper fallbacks

Fixed

• [services] Universal input/output shapes were not replaced properly in service subresources
• [docs] Simplified doc links rendering for services
• [services] Cleaned up unnecessary imports in client.pyi
• [builder] Import records with fallback are always rendered

Commits

• See full diff in compare view

Updates mypy from 1.18.2 to 1.19.1

Changelog

Sourced from mypy's changelog.

Mypy 1.19.1

• Fix noncommutative joins with bounded TypeVars (Shantanu, PR 20345)
• Respect output format for cached runs by serializing raw errors in cache metas (Ivan Levkivskyi, PR 20372)
• Allow types.NoneType in match cases (A5rocks, PR 20383)
• Fix mypyc generator regression with empty tuple (BobTheBuidler, PR 20371)
• Fix crash involving Unpack-ed TypeVarTuple (Shantanu, PR 20323)
• Fix crash on star import of redefinition (Ivan Levkivskyi, PR 20333)
• Fix crash on typevar with forward ref used in other module (Ivan Levkivskyi, PR 20334)
• Fail with an explicit error on PyPy (Ivan Levkivskyi, PR 20389)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

• A5rocks
• BobTheBuidler
• bzoracler
• Chainfire
• Christoph Tyralla
• David Foster
• Frank Dana
• Guo Ci
• iap
• Ivan Levkivskyi
• James Hilton-Balfe
• jhance
• Joren Hammudoglu
• Jukka Lehtosalo
• KarelKenens
• Kevin Kannammalil
• Marc Mueller
• Michael Carlstrom
• Michael J. Sullivan
• Piotr Sawicki
• Randolf Scholz
• Shantanu
• Sigve Sebastian Farstad
• sobolevn
• Stanislav Terliakov
• Stephen Morton
• Theodore Ando
• Thiago J. Barbalho
• wyattscarpenter

I’d also like to thank my employer, Dropbox, for supporting mypy development.

Mypy 1.18

We’ve just uploaded mypy 1.18.1 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance

... (truncated)

Commits

• 412c19a Bump version to 1.19.1
• 20aea0a Update changelog for 1.19.1 (#20414)
• 2b23b50 Serialize raw errors in cache metas (#20372)
• f60f90f Fail on PyPy in main instead of setup.py (#20389)
• 58d485b Fail with an explicit error on PyPy (#20384)
• a4b31a2 Allow types.NoneType in match cases (#20383)
• 8a6eff4 [mypyc] fix generator regression with empty tuple (#20371)
• 70eceea Fix noncommutative joins with bounded TypeVars (#20345)
• 3890fc4 Fix crash involving Unpack-ed TypeVarTuple (#20323)
• c93d917 Fix crash on star import of redefinition (#20333)
• Additional commits viewable in compare view

Updates ty from 0.0.1a24 to 0.0.11

Release notes

Sourced from ty's releases.

0.0.11

Release Notes

Released on 2026-01-09.

Bug fixes

• Fix super() with TypeVar-annotated self and cls parameter (#22208)
• Only consider fully static pivots when deriving transitive constraints (#22444)

LSP server

• Don't show diagnostics for excluded files (#22455)
• Fix goto definition for relative imports in third-party files (#22457)
• Improve completion ranking based on origin and exact match (#22460)
• Rank top-level module symbols above most other symbols (#22465)

Configuration

• Enable unused-ignore-comment by default (#22474)

Performance

• Improve UnionBuilder performance by changing Type::is_subtype_of calls to Type::is_redundant_with (#22337)
• Optimize union building for unions with many enum-literal members (#22363)-

Other changes

• Declare support for Python 3.14 (#2407)
• Remove dark-mode handling from PyPI-uploaded README (#2422)

Contributors

• @​dhruvmanila
• @​AlexWaygood
• @​charliermarsh
• @​BurntSushi
• @​MichaReiser
• @​dcreager

Install ty 0.0.11

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ty/releases/download/0.0.11/ty-installer.sh | sh

Install prebuilt binaries via powershell script

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.11

Released on 2026-01-09.

Bug fixes

• Fix super() with TypeVar-annotated self and cls parameter (#22208)
• Only consider fully static pivots when deriving transitive constraints (#22444)

LSP server

• Don't show diagnostics for excluded files (#22455)
• Fix goto definition for relative imports in third-party files (#22457)
• Improve completion ranking based on origin and exact match (#22460)
• Rank top-level module symbols above most other symbols (#22465)

Configuration

• Enable unused-type-ignore-comment by default (#22474)

Performance

• Improve UnionBuilder performance by changing Type::is_subtype_of calls to Type::is_redundant_with (#22337)
• Optimize union building for unions with many enum-literal members (#22363)-

Other changes

• Declare support for Python 3.14 (#2407)
• Remove dark-mode handling from PyPI-uploaded README (#2422)

Contributors

• @​dhruvmanila
• @​AlexWaygood
• @​charliermarsh
• @​BurntSushi
• @​MichaReiser
• @​dcreager

0.0.10

Released on 2026-01-07.

Bug fixes

• Fix stack overflow due to too small stack size (#22433)
• Fix stale semantic tokens after opening the same document with new content (#22414)
• Fix handling of ParamSpec in overloaded functions (#22416)
• Fix comparisons and arithmetic with NewTypes of float (#22105)
• Fix several issues with unannotated function return types (#22425)

... (truncated)

Commits

• 830cb9c Bump version to 0.0.11 (#2425)
• c5d2a86 Remove dark-mode handling from PyPI-uploaded README (#2422)
• a3f7f6a Add language: golang to actionlint pre-commit hook (#2423)
• d630988 Declare support for Python 3.14 (#2407)
• 4f5197a pin maturin version to the same one uv uses (#2387)
• d18902c Bump version to 0.0.10 (#2381)
• f1652f0 Bump version to 0.0.9 (#2338)
• aaa9c82 Update actions/checkout to 6.0.1 in release workflow (#2330)
• 3c2f43f Update actions/download-artifact 7.0.0 in release workflow (#2331)
• 9d8fd86 Update actions/upload-artifact digest to 6.0.0 in release workflow (#2332)
• Additional commits viewable in compare view

Updates types-requests from 2.32.4.20250913 to 2.32.4.20260107

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions