Bump the dependencies group in /.config with 5 updates

[dependabot]

Bumps the dependencies group in /.config with 5 updates:

Package	From	To
certifi	2025.4.26	2025.6.15
coverage	7.8.2	7.9.1
requests	2.32.3	2.32.4
typing-extensions	4.13.2	4.14.0
uv	0.7.12	0.7.13

Updates certifi from 2025.4.26 to 2025.6.15

Commits

• e767d59 2025.06.15 (#357)
• 3e70765 Bump actions/setup-python from 5.5.0 to 5.6.0
• 9afd2ff Bump actions/download-artifact from 4.2.1 to 4.3.0
• d7c816c remove code that's no longer required that 3.7 is our minimum (#351)
• 1899613 Declare setuptools as the build backend in pyproject.toml (#350)
• c874142 update CI for ubuntu 20.04 deprecation (#348)
• See full diff in compare view

Updates coverage from 7.8.2 to 7.9.1

Changelog

Sourced from coverage's changelog.

Version 7.9.1 — 2025-06-13

• The "no-ctracer" warning is not issued for Python pre-release versions. Coverage doesn't ship compiled wheels for those versions, so this was far too noisy.

• On Python 3.14+, the "sysmon" core is now the default if it's supported for your configuration. Plugins and dynamic contexts are still not supported with it.

.. _changes_7-9-0:

Version 7.9.0 — 2025-06-11

• Added a [run] core configuration setting to specify the measurement core, which was previously only available through the COVERAGE_CORE environment variable. Finishes issue 1746_.

• Fixed incorrect rendering of f-strings with doubled braces, closing issue 1980_.

• If the C tracer core can't be imported, a warning ("no-ctracer") is issued with the reason.

• The C tracer core extension module now conforms to PEP 489, closing issue 1977. Thanks, Adam Turner <pull 1978_>_.

• Fixed a "ValueError: min() arg is an empty sequence" error caused by strange empty modules, found by oss-fuzz_.

.. _issue 1746: nedbat/coveragepy#1746 .. _issue 1977: nedbat/coveragepy#1977 .. _pull 1978: nedbat/coveragepy#1978 .. _issue 1980: nedbat/coveragepy#1980 .. _PEP 489: https://peps.python.org/pep-0489 .. _oss-fuzz: https://google.github.io/oss-fuzz/

.. _changes_7-8-2:

Commits

• 4fa1b71 docs: sample HTML for 7.9.1
• 5cf757b docs: prep for 7.9.1
• bea6204 fix: better defaulting of core
• 7795441 fix: fewer warnings, default to sys.monitoring on 3.14+
• 18aa074 fix: some custom builds don't have file
• 8c5bf65 chore: make upgrade
• 128c4f4 build: bump version to 7.9.1
• 452d86f docs: sample HTML for 7.9.0
• a670927 docs: prep for 7.9.0
• 3b0cb87 build: windows 3.14 is fixed
• Additional commits viewable in compare view

Updates requests from 2.32.3 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS. (#6926)
• Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS.
• Dropped support for pypy 3.9 following its end of support.

Commits

• 021dc72 Polish up release tooling for last manual release
• 821770e Bump version and add release notes for v2.32.4
• 59f8aa2 Add netrc file search information to authentication documentation (#6876)
• 5b4b64c Add more tests to prevent regression of CVE 2024 47081
• 7bc4587 Add new test to check netrc auth leak (#6962)
• 96ba401 Only use hostname to do netrc lookup instead of netloc
• 7341690 Merge pull request #6951 from tswast/patch-1
• 6716d7c remove links
• a7e1c74 Update docs/conf.py
• c799b81 docs: fix dead links to kenreitz.org
• Additional commits viewable in compare view

Updates typing-extensions from 4.13.2 to 4.14.0

Release notes

Sourced from typing-extensions's releases.

4.14.0

This release adds several new features, including experimental support for inline typed dictionaries (PEP 764) and sentinels (PEP 661), and support for changes in Python 3.14. In addition, Python 3.8 is no longer supported.

Changes since 4.14.0rc1:

• Remove __or__ and __ror__ methods from typing_extensions.Sentinel on Python versions <3.10. PEP 604 was introduced in Python 3.10, and typing_extensions does not generally attempt to backport PEP-604 methods to prior versions.
• Further update typing_extensions.evaluate_forward_ref with changes in Python 3.14.

Changes included in 4.14.0rc1:

• Drop support for Python 3.8 (including PyPy-3.8). Patch by Victorien Plot.
• Do not attempt to re-export names that have been removed from typing, anticipating the removal of typing.no_type_check_decorator in Python 3.15. Patch by Jelle Zijlstra.
• Update typing_extensions.Format, typing_extensions.evaluate_forward_ref, and typing_extensions.TypedDict to align with changes in Python 3.14. Patches by Jelle Zijlstra.
• Fix tests for Python 3.14 and 3.15. Patches by Jelle Zijlstra.

New features:

• Add support for inline typed dictionaries (PEP 764). Patch by Victorien Plot.
• Add typing_extensions.Reader and typing_extensions.Writer. Patch by Sebastian Rittau.
• Add support for sentinels (PEP 661). Patch by Victorien Plot.

4.14.0rc1

Major changes:

• Drop support for Python 3.8 (including PyPy-3.8). Patch by Victorien Plot.
• Do not attempt to re-export names that have been removed from typing, anticipating the removal of typing.no_type_check_decorator in Python 3.15. Patch by Jelle Zijlstra.
• Update typing_extensions.Format, typing_extensions.evaluate_forward_ref, and typing_extensions.TypedDict to align with changes in Python 3.14. Patches by Jelle Zijlstra.
• Fix tests for Python 3.14 and 3.15. Patches by Jelle Zijlstra.

New features:

• Add support for inline typed dictionaries (PEP 764). Patch by Victorien Plot.
• Add typing_extensions.Reader and typing_extensions.Writer. Patch by Sebastian Rittau.
• Add support for sentinels (PEP 661). Patch by

... (truncated)

Changelog

Sourced from typing-extensions's changelog.

Release 4.14.0 (June 2, 2025)

Changes since 4.14.0rc1:

• Remove __or__ and __ror__ methods from typing_extensions.Sentinel on Python versions <3.10. PEP 604 was introduced in Python 3.10, and typing_extensions does not generally attempt to backport PEP-604 methods to prior versions.
• Further update typing_extensions.evaluate_forward_ref with changes in Python 3.14.

Release 4.14.0rc1 (May 24, 2025)

• Drop support for Python 3.8 (including PyPy-3.8). Patch by Victorien Plot.
• Do not attempt to re-export names that have been removed from typing, anticipating the removal of typing.no_type_check_decorator in Python 3.15. Patch by Jelle Zijlstra.
• Update typing_extensions.Format, typing_extensions.evaluate_forward_ref, and typing_extensions.TypedDict to align with changes in Python 3.14. Patches by Jelle Zijlstra.
• Fix tests for Python 3.14 and 3.15. Patches by Jelle Zijlstra.

New features:

• Add support for inline typed dictionaries (PEP 764). Patch by Victorien Plot.
• Add typing_extensions.Reader and typing_extensions.Writer. Patch by Sebastian Rittau.
• Add support for sentinels (PEP 661). Patch by Victorien Plot.

Commits

• b07d245 Prepare release 4.14.0 (#612)
• fcf5265 Backport evaluate_forward_ref() changes (#611)
• fadc1ed Remove PEP-604 methods from Sentinel on Python <3.10 (#605)
• 44de568 Add 3.14 to project classifiers and tox.ini (#604)
• 36cc476 Prepare release 4.14.0rc1 (#603)
• ec1876c More fixes for 3.14 and 3.15 (#602)
• e89d789 Update _caller() implementation (#598)
• 34bfd84 third party: fix typeguard (#600)
• 479dae1 Add support for sentinels (PEP 661) (#594)
• f74a56a Update PEP 649/749 implementation (#596)
• Additional commits viewable in compare view

Updates uv from 0.7.12 to 0.7.13

Release notes

Sourced from uv's releases.

0.7.13

Release Notes

Python

• Add Python 3.14.0b2
• Add Python 3.13.5
• Fix stability of uuid.getnode on 3.13

See the python-build-standalone release notes for more details.

Enhancements

• Download versions in uv python pin if not found (#13946)
• Use TTY detection to determine if SIGINT forwarding is enabled (#13925)
• Avoid fetching an exact, cached Git commit, even if it isn't locked (#13748)
• Add zstd and deflate to Accept-Encoding (#13982)
• Build binaries for riscv64 (#12688)

Bug fixes

• Check if relative URL is valid directory before treating as index (#13917)
• Ignore Python discovery errors during uv python pin (#13944)
• Do not allow uv add --group ... --script (#13997)

Preview changes

• Build backend: Support namespace packages (#13833)

Documentation

• Add 3.14 to the supported platform reference (#13990)
• Add an llms.txt to uv (#13929)
• Add supported macOS version to the platform reference (#13993)
• Update platform support reference to include Python implementation list (#13991)
• Update pytorch.md (#13899)
• Update the CLI help and reference to include references to the Python bin directory (#13978)

Install uv 0.7.13

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.7.13/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/uv/releases/download/0.7.13/uv-installer.ps1 | iex"
</tr></table> 

... (truncated)

Changelog

Sourced from uv's changelog.

0.7.13

Python

• Add Python 3.14.0b2
• Add Python 3.13.5
• Fix stability of uuid.getnode on 3.13

See the python-build-standalone release notes for more details.

Enhancements

• Download versions in uv python pin if not found (#13946)
• Use TTY detection to determine if SIGINT forwarding is enabled (#13925)
• Avoid fetching an exact, cached Git commit, even if it isn't locked (#13748)
• Add zstd and deflate to Accept-Encoding (#13982)
• Build binaries for riscv64 (#12688)

Bug fixes

• Check if relative URL is valid directory before treating as index (#13917)
• Ignore Python discovery errors during uv python pin (#13944)
• Do not allow uv add --group ... --script (#13997)

Preview changes

• Build backend: Support namespace packages (#13833)

Documentation

• Add 3.14 to the supported platform reference (#13990)
• Add an llms.txt to uv (#13929)
• Add supported macOS version to the platform reference (#13993)
• Update platform support reference to include Python implementation list (#13991)
• Update pytorch.md (#13899)
• Update the CLI help and reference to include references to the Python bin directory (#13978)

Commits

• 62ed17b Bump version to 0.7.13 (#14002)
• 7316bd0 Build backend: Support namespace packages (#13833)
• 95ad8e5 Add 3.14 to the supported platform reference (#13990)
• e067118 Add supported macOS version to the platform reference (#13993)
• f82909a Update platform support reference to include Python implementation list (#13991)
• d9c3425 Sync latest Python releases (#13996)
• a1f9f28 Do not allow uv add --group ... --script (#13997)
• 806cc5c Debug sync_dry_run flake by panicking with verbose output on failure (#13817)
• 87ab57e Update the CLI help and reference to include references to the Python bin dir...
• b3d7f79 Universal sync_required_environment_hint test (#13975)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions