chore(deps): bump the default group with 4 updates

[dependabot]

Bumps the default group with 4 updates: boto3, uv, coverage and moto.

Updates boto3 from 1.38.46 to 1.39.3

Commits

• 0e651f9 Merge branch 'release-1.39.3'
• 910c8bc Bumping version to 1.39.3
• 579757a Add changelog entries from botocore
• 0eec555 Merge branch 'release-1.39.2'
• 0dca550 Merge branch 'release-1.39.2' into develop
• 7605794 Bumping version to 1.39.2
• f37d23b Add changelog entries from botocore
• 25a2eba Merge branch 'release-1.39.1'
• 663f92d Merge branch 'release-1.39.1' into develop
• ed51302 Bumping version to 1.39.1
• Additional commits viewable in compare view

Updates uv from 0.7.17 to 0.7.19

Release notes

Sourced from uv's releases.

0.7.19

Release Notes

The uv build backend is now stable, and considered ready for production use.

The uv build backend is a great choice for pure Python projects. It has reasonable defaults, with the goal of requiring zero configuration for most users, but provides flexible configuration to accommodate most Python project structures. It integrates tightly with uv, to improve messaging and user experience. It validates project metadata and structures, preventing common mistakes. And, finally, it's very fast — uv sync on a new project (from uv init) is 10-30x faster than with other build backends.

To use uv as a build backend in an existing project, add uv_build to the [build-system] section in your pyproject.toml:

[build-system]
requires = ["uv_build>=0.7.19,<0.8.0"]
build-backend = "uv_build"

In a future release, it will replace hatchling as the default in uv init. As before, uv will remain compatible with all standards-compliant build backends.

Python

• Add PGO distributions of Python for aarch64 Linux, which are more optimized for better performance

See the python-build-standalone release for more details.

Enhancements

• Ignore Python patch version for --universal pip compile (#14405)
• Update the tilde version specifier warning to include more context (#14335)
• Clarify behavior and hint on tool install when no executables are available (#14423)

Bug fixes

• Make project and interpreter lock acquisition non-fatal (#14404)
• Includes sys.prefix in cached environment keys to avoid --with collisions across projects (#14403)

Documentation

• Add a migration guide from pip to uv projects (#12382)

Install uv 0.7.19

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.7.19/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/uv/releases/download/0.7.19/uv-installer.ps1 | iex"
</tr></table> 

... (truncated)

Changelog

Sourced from uv's changelog.

0.7.19

The uv build backend is now stable, and considered ready for production use.

The uv build backend is a great choice for pure Python projects. It has reasonable defaults, with the goal of requiring zero configuration for most users, but provides flexible configuration to accommodate most Python project structures. It integrates tightly with uv, to improve messaging and user experience. It validates project metadata and structures, preventing common mistakes. And, finally, it's very fast — uv sync on a new project (from uv init) is 10-30x faster than with other build backends.

To use uv as a build backend in an existing project, add uv_build to the [build-system] section in your pyproject.toml:

[build-system]
requires = ["uv_build>=0.7.19,<0.8.0"]
build-backend = "uv_build"

In a future release, it will replace hatchling as the default in uv init. As before, uv will remain compatible with all standards-compliant build backends.

Python

• Add PGO distributions of Python for aarch64 Linux, which are more optimized for better performance

See the python-build-standalone release for more details.

Enhancements

• Ignore Python patch version for --universal pip compile (#14405)
• Update the tilde version specifier warning to include more context (#14335)
• Clarify behavior and hint on tool install when no executables are available (#14423)

Bug fixes

• Make project and interpreter lock acquisition non-fatal (#14404)
• Includes sys.prefix in cached environment keys to avoid --with collisions across projects (#14403)

Documentation

• Add a migration guide from pip to uv projects (#12382)

0.7.18

Python

• Added arm64 Windows Python 3.11, 3.12, 3.13, and 3.14

  These are not downloaded by default, since x86-64 Python has broader ecosystem support on Windows. However, they can be requested with cpython-<version>-windows-aarch64.

See the python-build-standalone release for more details.

Enhancements

... (truncated)

Commits

• 38ee6ec Bump version to 0.7.19 (#14431)
• 71b5ba1 Stabilize the uv build backend (#14311)
• 5f2857a Add linux aarch64 smoke tests (#14427)
• a58969f Fix workspace_unsatisfiable_member_dependencies (#14429)
• 3bb8ac6 Sync latest Python releases (#14426)
• ec54dce Includes sys.prefix in cached environment keys to avoid --with collisions...
• a6bb65c Clarify behavior and hint on tool install when no executables are available (...
• 743260b Make project and interpreter lock acquisition non-fatal (#14404)
• 2f53ea5 Add a migration guide from pip to uv projects (#12382)
• a9ea756 Ignore Python patch version for --universal pip compile (#14405)
• Additional commits viewable in compare view

Updates coverage from 7.9.1 to 7.9.2

Changelog

Sourced from coverage's changelog.

Version 7.9.2 — 2025-07-03

• Fix: complex conditionals within a line might cause a KeyError when using sys.monitoring, as reported in issue 1991_. This is now fixed.

• Fix: we can now measure coverage for code in Python archive (.par) files. Thanks, Itamer Oren <pull 1984_>_.

.. _pull 1984: nedbat/coveragepy#1984 .. _issue 1991: nedbat/coveragepy#1991

.. _changes_7-9-1:

Commits

• 6e77492 docs: oops, beta 3
• b24cf7e docs: sample HTML for 7.9.2
• 35305c3 docs: prep for 7.9.2
• 9a8d9b6 docs: add pull request link
• 88dcaa2 fix: assume a missing line number is intra-line. #1991
• 678ec80 build: use pyenv for nightly builds. Thanks, Paul Timmins
• a3d00d5 build: workflow jobs should have names
• 279310a chore: bump the action-dependencies group with 2 updates (#1988)
• 614dfbf fix: enable measuring test coverage for Python archive (.par) files (#1984)
• 42bf82c chore: bump the action-dependencies group with 2 updates (#1985)
• Additional commits viewable in compare view

Updates moto from 5.1.6 to 5.1.8

Changelog

Sourced from moto's changelog.

Moto Changelog

5.1.7

Docker Digest for 5.1.7:

New Methods:
* Connect-Campaigns:
    * get_campaign_state()
    * list_campaigns()
    * list_tags_for_resource()
    * pause_campaign()
    * resume_campaign()
    * start_campaign()
    * stop_campaign()
    * tag_resource()
    * untag_resource()


ECS:

delete_task_definitions()



ElastiCache:

create_cache_subnet_group()
describe_cache_subnet_groups()



RAM:

list_permissions()
list_resource_types()



RDS:

create_blue_green_deployment()
delete_blue_green_deployment()
describe_blue_green_deployments()
switchover_blue_green_deployment()





Miscellaneous:
* Athena: get_query_execution() now returns some additional attributes: 'ResultReuseConfiguration', 'Status.CompletionDateTime', 'Status.ServicePreProcessingTimeInMillis', 'Status.ResultReuseInformation'
* DynamoDB: query() now validates that all attributes in the KeyConditionExpression are actually keys
* DynamoDB: update_item() now validates unused ExpressionAttributeNames/ExpressionAttributeValues
* EC2: modify_vpc_attribute() now correctly handles the EnableDnsHostnames-attribute
* ECS: list_task_definitions() now supports the status-parameter
* ELB: describe_load_balancer_attributes() now returns the AdditionalAttributes-attribute
* ElastiCache: list_tags_for_resource() now supports SubnetGroups
* EventBridge: put_events() no longer throws a KeyError: 'time' for targets with a custom InputTemplate that do not specify the time
* Logs: get_query_results() now returns values as strings, in-line with how AWS behaves
* NetworkFirewall: describe_logging_configuration() no longer throws an error for LoggingConfigurations without tags

... (truncated)

Commits

• 60378f7 Pre-Release: Up Version Number
• 7149837 Prep release 5.1.7 (#9045)
• 2e1d35d chore: update SSM default parameters (#9046)
• c7ba45a chore: update EC2 Instance Types (#9044)
• db2e276 chore: update EC2 Instance Offerings (#9043)
• c5616b6 Admin: Skip Sagemaker-Core==1.0.42 to avoid test breakage (#9042)
• d348cec [Comprehend] Enhanced support for comprehend ResourceGroupTagging api (#9039)
• 9c7d939 Docs: Change MOTO_ALLOW_NONEXISTENT_REGION example to use a string value (#9037)
• 96c1231 [ELB] Added additional attribute to ELB response. (#9026)
• 7ae26ff S3: Add ID field to CORS rule (#9013)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions