Bump the python-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the python-dependencies group with 5 updates in the / directory:

Package	From	To
click	8.3.1	8.3.2
pytest	9.0.2	9.0.3
ruff	0.15.7	0.15.11
ty	0.0.24	0.0.31
mkdocstrings	1.0.3	1.0.4

Updates click from 8.3.1 to 8.3.2

Release notes

Sourced from click's releases.

8.3.2

This is the Click 8.3.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.3.2/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-2 Milestone: https://github.com/pallets/click/milestone/29

• Fix handling of flag_value when is_flag=False to allow such options to be used without an explicit value. #3084 #3152
• Hide Sentinel.UNSET values as None when using lookup_default(). #3136 #3199 #3202 #3209 #3212 #3224
• Prevent _NamedTextIOWrapper from closing streams owned by StreamMixer. #824 #2991 #2993 #3110 #3139 #3140
• Add comprehensive tests for CliRunner stream lifecycle, covering logging interaction, multi-threaded safety, and sequential invocation isolation. Add high-iteration stress tests behind a stress marker with a dedicated CI job. #3139
• Fix callable flag_value being instantiated when used as a default via default=True. #3121 #3201 #3213 #3225

Changelog

Sourced from click's changelog.

Version 8.3.2

Released 2026-04-02

• Fix handling of flag_value when is_flag=False to allow such options to be used without an explicit value. :issue:3084 :pr:3152
• Hide Sentinel.UNSET values as None when using lookup_default(). :issue:3136 :pr:3199 :pr:3202 :pr:3209 :pr:3212 :pr:3224
• Prevent _NamedTextIOWrapper from closing streams owned by StreamMixer. :issue:824 :issue:2991 :issue:2993 :issue:3110 :pr:3139 :pr:3140
• Add comprehensive tests for CliRunner stream lifecycle, covering logging interaction, multi-threaded safety, and sequential invocation isolation. Add high-iteration stress tests behind a stress marker with a dedicated CI job. :pr:3139
• Fix callable flag_value being instantiated when used as a default via default=True. :issue:3121 :pr:3201 :pr:3213 :pr:3225

Commits

• 052c006 Change update release date.
• 502b7ce Merge branch 'stable' of https://github.com/pallets/click into release-8.3.2
• a0a37e4 Change publish to werkzeug latest. (#3301)
• 57be6fc Change publish to werkzeug latest.
• 781d6a8 Update publish workflows (#3266)
• ff795b6 Update precommit pins with tox
• dd87ef4 Update github action pins with tox
• 93d3f9d Release version 8.3.2
• 3299ba1 Add missing PR to changelog. (#3264)
• b7f62c4 Add missing PR to changelog.
• Additional commits viewable in compare view

Updates pytest from 9.0.2 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

• #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

• #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

  Previously this resulted in an internal assertion failure during plugin loading.

  Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

• #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

• #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

• #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

• #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
• #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
• #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
• #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

• #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

  -- by aleguy02

Commits

• a7d58d7 Prepare release version 9.0.3
• 089d981 Merge pull request #14366 from bluetech/revert-14193-backport
• 8127eaf Revert "Fix: assertrepr_compare respects dict insertion order (#14050) (#14193)"
• 99a7e60 Merge pull request #14363 from pytest-dev/patchback/backports/9.0.x/95d8423bd...
• ddee02a Merge pull request #14343 from bluetech/cve-2025-71176-simple
• 74eac69 doc: Update training info (#14298) (#14301)
• f92dee7 Merge pull request #14267 from pytest-dev/patchback/backports/9.0.x/d6fa26c62...
• 7ee58ac Merge pull request #12378 from Pierre-Sassoulas/fix-implicit-str-concat-and-d...
• 37da870 Merge pull request #14259 from mitre88/patch-4 (#14268)
• c34bfa3 Add explanation for string context diffs (#14257) (#14266)
• Additional commits viewable in compare view

Updates ruff from 0.15.7 to 0.15.11

Release notes

Sourced from ruff's releases.

0.15.11

Release Notes

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

• [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

• [flake8-async] Add override mention to ASYNC109 docs (#24666)
• Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

• @​augustelalande
• @​anishgirianish
• @​benberryallwood
• @​charliermarsh
• @​Dev-iL

Install ruff 0.15.11

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.ps1 | iex"

Download ruff 0.15.11

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ruff-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
ruff-i686-pc-windows-msvc.zip	x86 Windows	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.11

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

• [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

• [flake8-async] Add override mention to ASYNC109 docs (#24666)
• Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

• @​augustelalande
• @​anishgirianish
• @​benberryallwood
• @​charliermarsh
• @​Dev-iL

0.15.10

Released on 2026-04-09.

Preview features

• [flake8-logging] Allow closures in except handlers (LOG004) (#24464)
• [flake8-self] Make SLF diagnostics robust to non-self-named variables (#24281)
• [flake8-simplify] Make the fix for collapsible-if safe in preview (SIM102) (#24371)

Bug fixes

• Avoid emitting multi-line f-string elements before Python 3.12 (#24377)
• Avoid syntax error from E502 fixes in f-strings and t-strings (#24410)
• Strip form feeds from indent passed to dedent_to (#24381)
• [pyupgrade] Fix panic caused by handling of octals (UP012) (#24390)
• Reject multi-line f-string elements before Python 3.12 (#24355)

Rule changes

• [ruff] Treat f-string interpolation as potential side effect (RUF019) (#24426)

Server

... (truncated)

Commits

• 53554b1 Bump 0.15.11 (#24678)
• 08c56c8 Factor out the mdtest crate (#24616)
• 725fbb7 [ty] Use partially qualified names when reporting diagnostics regarding bad c...
• ddd6a30 [ty] Do not suggest argument completion when at value of keyword argument (#2...
• 9282e61 Disallow @​disjoint_base on TypedDicts and Protocols (#24671)
• e9986d8 [ty] Reject using properties with Never setters or deleters (#24510)
• 9cf212f [ty] Normalize property setter and deleter wrappers (#24509)
• 12a1589 Add override mention to ASYNC109 docs (#24666)
• dccb03d [ty] Avoid panicking on overloaded Callable type context (#24661)
• 61f9a0a [ty] Sync vendored typeshed stubs (#24646)
• Additional commits viewable in compare view

Updates ty from 0.0.24 to 0.0.31

Release notes

Sourced from ty's releases.

0.0.31

Release Notes

Released on 2026-04-15.

Bug fixes

• Avoid panic from double inference for namedtuple(typename=T, field_names=x, **{}) (#24641)
• Avoid panic from double inference with missing functional Enum(...) names (#24638)
• Avoid panic from double inference with functional Enum(value=...) (#24639)
• Fix cases where invalid-key fix doesn't converge, and override-of-final-method produces invalid syntax (#24649)
• Fix unnecessary ty:ignore comments inserted by --add-ignore for diagnostics starting on the same line (#24651)

CLI

• Add --fix mode to enable auto-fix for diagnostics (#24097)

Performance

• Avoid excessive memory usage for dataclasses with many fields (#24620)

Core type checking

• Check inherited NamedTuple field conflicts (#24542)
• Error when duplicate keywords are provided to TypedDict constructors (#24449)
• Respect mixed positional and keyword arguments in TypedDict constructor (#24448)
• Respect subclass shadowing for inherited NamedTuple fields (#24640)
• Skip EnumMeta.__call__ for enum constructor signatures (#24513)

Contributors

• @​sharkdp
• @​Glyphack
• @​MichaReiser
• @​charliermarsh

Install ty 0.0.31

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.31/ty-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ty/releases/download/0.0.31/ty-installer.ps1 | iex"

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.31

Released on 2026-04-15.

Bug fixes

• Avoid panic from double inference for namedtuple(typename=T, field_names=x, **{}) (#24641)
• Avoid panic from double inference with missing functional Enum(...) names (#24638)
• Avoid panic from double inference with functional Enum(value=...) (#24639)
• Fix cases where invalid-key fix doesn't converge, and override-of-final-method produces invalid syntax (#24649)
• Fix unnecessary ty:ignore comments inserted by --add-ignore for diagnostics starting on the same line (#24651)

CLI

• Add --fix mode to enable auto-fix for diagnostics (#24097)

Performance

• Avoid excessive memory usage for dataclasses with many fields (#24620)

Core type checking

• Check inherited NamedTuple field conflicts (#24542)
• Error when duplicate keywords are provided to TypedDict constructors (#24449)
• Respect mixed positional and keyword arguments in TypedDict constructor (#24448)
• Respect subclass shadowing for inherited NamedTuple fields (#24640)
• Skip EnumMeta.__call__ for enum constructor signatures (#24513)

Contributors

• @​sharkdp
• @​Glyphack
• @​MichaReiser
• @​charliermarsh

0.0.30

Released on 2026-04-13.

As of v0.0.30, ty no longer unions Unknown into most inferred types of unannotated attributes. For example:

class Foo:
    def __init__(self) -> None:
        self.value = 1
reveal_type(Foo().value)  # revealed: int
Foo().value = "x"  # error: [invalid-assignment]

... (truncated)

Commits

• daaa404 Bump version to 0.0.31 (#3280)
• 12e86b5 Bump version to 0.0.30 (#3270)
• 67077ad Reorder sections in FAQ (#3267)
• 01144db Update docker/login-action action to v4.1.0 (#3262)
• 48b3fe3 Update prek dependencies (#3261)
• 7c81338 Create a "deployment" for the release-gate job (#3239)
• a447e03 Add a "release-gate" step to the release workflow (#3205)
• 5131a0e Update prek dependencies (#3221)
• 438a78d Bump version to 0.0.29 (#3218)
• 927aad2 Bump version to 0.0.28 (#3206)
• Additional commits viewable in compare view

Updates mkdocstrings from 1.0.3 to 1.0.4

Release notes

Sourced from mkdocstrings's releases.

1.0.4

1.0.4 - 2026-04-15

Compare with 1.0.3

Bug Fixes

• Add timeout when downloading inventories (10 seconds) (3d1969a by Simon Lloyd). Issue-819

Changelog

Sourced from mkdocstrings's changelog.

1.0.4 - 2026-04-15

Compare with 1.0.3

Bug Fixes

• Add timeout when downloading inventories (10 seconds) (3d1969a by Simon Lloyd). Issue-819

Commits

• a938528 chore: Prepare release 1.0.4
• 1eaa224 ci: Lint and type-check
• 80e090d Merge branch 'main' of github.com:mkdocstrings/mkdocstrings
• 5f82a58 chore: Template upgrade
• 3d1969a fix: Add timeout when downloading inventories (10 seconds)
• a0c47b9 docs: Fix broken link in README
• e500a2b chore: Update sponsors section in README
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions