chore(deps): bump the minor-and-patch group across 1 directory with 8 updates

[dependabot]

Bumps the minor-and-patch group with 8 updates in the / directory:

Package	From	To
algokit-utils	4.1.0	4.2.3
ruff	0.12.4	0.14.14
mypy	1.17.0	1.19.1
pip-audit	2.9.0	2.10.0
pre-commit	4.2.0	4.5.1
poethepoet	0.36.0	0.40.0
setuptools	80.9.0	80.10.2
pytest-sugar	1.0.0	1.1.1

Updates algokit-utils from 4.1.0 to 4.2.3

Commits

• See full diff in compare view

Updates ruff from 0.12.4 to 0.14.14

Release notes

Sourced from ruff's releases.

0.14.14

Release Notes

Released on 2026-01-22.

Preview features

• Preserve required parentheses in lambda bodies (#22747)
• Combine range suppression code diagnostics (#22613)
• [airflow] Second positional argument to Asset/Dataset should not be a dictionary (AIR303) (#22453)
• [ruff] Detect duplicate entries in __all__ (RUF068) (#22114)

Bug fixes

• [pyupgrade] Allow shadowing non-builtin bindings (UP029) (#22749)
• [pyupgrade] Apply UP045 to string arguments of typing.cast (#22320)
• [flake8-pie] Detect duplicated declared class fields in PIE794 (#22717)

Rule changes

• [flake8-pyi] Fix inconsistent handling of forward references for __new__, __enter__, __aenter__ in PYI034 (#22798)
• [flake8-pytest-style] Support check parameter in PT011 (#22725)
• [ruff] Add exception for ctypes.Structure._fields_ (RUF012) (#22559)
• Many fixes are now marked unsafe if they would remove comments:
  • [flake8-bugbear] B009, B010, B013, B014, B033
  • [flake8-simplify] SIM910, SIM911
  • [pyupgrade] UP007, UP039, UP041, UP045
  • [refurb] FURB105, FURB116, FURB136, FURB140, FURB145, FURB154, FURB157, FURB164,FURB181, FURB188
  • [ruff] RUF019, RUF020

Documentation

• Add --exit-non-zero-on-format to formatter exit codes section (#22761)
• Update contributing guide for adding a new rule (#22779)
• [FastAPI] Document fix safety for FAST001 (#22655)
• [flake8-async] Tweak explanation to focus on latency/efficiency tradeoff (ASYNC110) (#22715)
• [pandas-vet] Make example error out-of-the-box (PD002) (#22561)
• [refurb] Make the example work out of box (FURB101) (#22770)
• [refurb] Make the example work out of box (FURB103) (#22769)

Contributors

• @​alejsdev
• @​ntBre
• @​caiquejjx
• @​chirizxc
• @​denyszhak
• @​sjyangkevin
• @​MeGaGiGaGon
• @​leandrobbraga

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.14

Released on 2026-01-22.

Preview features

• Preserve required parentheses in lambda bodies (#22747)
• Combine range suppression code diagnostics (#22613)
• [airflow] Second positional argument to Asset/Dataset should not be a dictionary (AIR303) (#22453)
• [ruff] Detect duplicate entries in __all__ (RUF068) (#22114)

Bug fixes

• [pyupgrade] Allow shadowing non-builtin bindings (UP029) (#22749)
• [pyupgrade] Apply UP045 to string arguments of typing.cast (#22320)
• [flake8-pie] Detect duplicated declared class fields in PIE794 (#22717)

Rule changes

• [flake8-pyi] Fix inconsistent handling of forward references for __new__, __enter__, __aenter__ in PYI034 (#22798)
• [flake8-pytest-style] Support check parameter in PT011 (#22725)
• [ruff] Add exception for ctypes.Structure._fields_ (RUF012) (#22559)
• Many fixes are now marked unsafe if they would remove comments:
  • [flake8-bugbear] B009, B010, B013, B014, B033
  • [flake8-simplify] SIM910, SIM911
  • [pyupgrade] UP007, UP039, UP041, UP045
  • [refurb] FURB105, FURB116, FURB136, FURB140, FURB145, FURB154, FURB157, FURB164,FURB181, FURB188
  • [ruff] RUF019, RUF020

Documentation

• Add --exit-non-zero-on-format to formatter exit codes section (#22761)
• Update contributing guide for adding a new rule (#22779)
• [FastAPI] Document fix safety for FAST001 (#22655)
• [flake8-async] Tweak explanation to focus on latency/efficiency tradeoff (ASYNC110) (#22715)
• [pandas-vet] Make example error out-of-the-box (PD002) (#22561)
• [refurb] Make the example work out of box (FURB101) (#22770)
• [refurb] Make the example work out of box (FURB103) (#22769)

Contributors

• @​alejsdev
• @​ntBre
• @​caiquejjx
• @​chirizxc
• @​denyszhak
• @​sjyangkevin
• @​MeGaGiGaGon
• @​leandrobbraga
• @​MichaReiser

... (truncated)

Commits

• 8b2e7b3 Prepare release v0.14.14 (#22813)
• 4c7d1f5 [ty] Infer TypedDict types with >=1 required key as being always truthy (#2...
• b7de434 add CCfW hooks (#22803)
• b912dfc [pyupgrade] Apply UP045 to string arguments of typing.cast (#22320)
• 1ff062d [ty] Improve completion rankings for raise-from/except contexts (#22775)
• 7e408a5 Update dependency wrangler to v4.59.1 (#22793)
• ceb876b [flake8-pyi] Fix inconsistent handling of forward references for __new__,...
• c5b4ee6 [ty] Support solving generics involving PEP 695 type aliases (#22678)
• b9a6129 [ty] Improve support for kwarg splats in dictionary literals (#22781)
• f516d47 Update contributing guide for adding a new rule (#22779)
• Additional commits viewable in compare view

Updates mypy from 1.17.0 to 1.19.1

Changelog

Sourced from mypy's changelog.

Mypy 1.19.1

• Fix noncommutative joins with bounded TypeVars (Shantanu, PR 20345)
• Respect output format for cached runs by serializing raw errors in cache metas (Ivan Levkivskyi, PR 20372)
• Allow types.NoneType in match cases (A5rocks, PR 20383)
• Fix mypyc generator regression with empty tuple (BobTheBuidler, PR 20371)
• Fix crash involving Unpack-ed TypeVarTuple (Shantanu, PR 20323)
• Fix crash on star import of redefinition (Ivan Levkivskyi, PR 20333)
• Fix crash on typevar with forward ref used in other module (Ivan Levkivskyi, PR 20334)
• Fail with an explicit error on PyPy (Ivan Levkivskyi, PR 20389)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

• A5rocks
• BobTheBuidler
• bzoracler
• Chainfire
• Christoph Tyralla
• David Foster
• Frank Dana
• Guo Ci
• iap
• Ivan Levkivskyi
• James Hilton-Balfe
• jhance
• Joren Hammudoglu
• Jukka Lehtosalo
• KarelKenens
• Kevin Kannammalil
• Marc Mueller
• Michael Carlstrom
• Michael J. Sullivan
• Piotr Sawicki
• Randolf Scholz
• Shantanu
• Sigve Sebastian Farstad
• sobolevn
• Stanislav Terliakov
• Stephen Morton
• Theodore Ando
• Thiago J. Barbalho
• wyattscarpenter

I’d also like to thank my employer, Dropbox, for supporting mypy development.

Mypy 1.18

We’ve just uploaded mypy 1.18.1 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance

... (truncated)

Commits

• 412c19a Bump version to 1.19.1
• 20aea0a Update changelog for 1.19.1 (#20414)
• 2b23b50 Serialize raw errors in cache metas (#20372)
• f60f90f Fail on PyPy in main instead of setup.py (#20389)
• 58d485b Fail with an explicit error on PyPy (#20384)
• a4b31a2 Allow types.NoneType in match cases (#20383)
• 8a6eff4 [mypyc] fix generator regression with empty tuple (#20371)
• 70eceea Fix noncommutative joins with bounded TypeVars (#20345)
• 3890fc4 Fix crash involving Unpack-ed TypeVarTuple (#20323)
• c93d917 Fix crash on star import of redefinition (#20333)
• Additional commits viewable in compare view

Updates pip-audit from 2.9.0 to 2.10.0

Release notes

Sourced from pip-audit's releases.

v2.10.0

Added

• pip-audit now supports the --osv-url URL flag, which can be used to retrieve vulnerabilities from a custom OSV service. This is useful for organizations that host their own mirror of the OSV database, or that have custom OSV records (#810)

• pip-audit now supports the Ecosyste.ms vulnerability service with --vulnerability-service=esms (#903).

Changed

• The minimum version of Python is now 3.10 (#905)

Fixed

• Fixed a bug where pip-audit would fail to parse pyproject.toml files containing TOML 1.0.0 features (#910)

• CycloneDX JSON/XML output now correctly links vulnerabilities to their affected components via the affects field (#980)

Changelog

Sourced from pip-audit's changelog.

[2.10.0]

Added

• pip-audit now supports the --osv-url URL flag, which can be used to retrieve vulnerabilities from a custom OSV service. This is useful for organizations that host their own mirror of the OSV database, or that have custom OSV records (#810)

• pip-audit now supports the Ecosyste.ms vulnerability service with --vulnerability-service=esms (#903).

Changed

• The minimum version of Python is now 3.10 (#905)

Fixed

• Fixed a bug where pip-audit would fail to parse pyproject.toml files containing TOML 1.0.0 features (#910)

• CycloneDX JSON/XML output now correctly links vulnerabilities to their affected components via the affects field (#980)

Commits

• dec2165 chore: prep release v2.10.0 (#905)
• d191a22 Fix CycloneDX vulnerability-component linking (#980) (#981)
• a3f69b1 dependabot: add cooldowns (#978)
• 42df1b2 build(deps): bump astral-sh/setup-uv from 7.1.3 to 7.1.4 (#976)
• d4cbb66 build(deps): bump actions/checkout from 5.0.1 to 6.0.0 (#977)
• 0f2889d build(deps): bump github/codeql-action from 4.31.3 to 4.31.4 (#975)
• ad15644 build(deps): bump actions/checkout from 5.0.0 to 5.0.1 (#974)
• 831ca98 build(deps): bump astral-sh/setup-uv from 7.1.2 to 7.1.3 (#972)
• afeb9ea build(deps): bump github/codeql-action from 4.31.2 to 4.31.3 (#973)
• 2969e7c build(deps): bump github/codeql-action from 4.31.0 to 4.31.2 (#971)
• Additional commits viewable in compare view

Updates pre-commit from 4.2.0 to 4.5.1

Release notes

Sourced from pre-commit's releases.

pre-commit v4.5.1

Fixes

• Fix language: python with repo: local without additional_dependencies.
  • #3597 PR by @​asottile.

pre-commit v4.5.0

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

pre-commit v4.4.0

Features

• Add --fail-fast option to pre-commit run.
  • #3528 PR by @​JulianMaurin.
• Upgrade ruby-build / rbenv.
  • #3566 PR by @​asottile.
  • #3565 issue by @​MRigal.
• Add language: unsupported / language: unsupported_script as aliases for language: system / language: script (which will eventually be deprecated).
  • #3577 PR by @​asottile.
• Add support docker-in-docker detection for cgroups v2.
  • #3535 PR by @​br-rhrbacek.
  • #3360 issue by @​JasonAlt.

Fixes

• Handle when docker gives SecurityOptions: null.
  • #3537 PR by @​asottile.
  • #3514 issue by @​jenstroeger.
• Fix error context for invalid stages in .pre-commit-config.yaml.
  • #3576 PR by @​asottile.

pre-commit v4.3.0

Features

• language: docker / language: docker_image: detect rootless docker.
  • #3446 PR by @​matthewhughes934.
  • #1243 issue by @​dkolepp.
• language: julia: avoid startup.jl when executing hooks.
  • #3496 PR by @​ericphanson.
• language: dart: support latest dart versions which require a higher sdk lower bound.
  • #3507 PR by @​bc-lee.

Changelog

Sourced from pre-commit's changelog.

4.5.1 - 2025-12-16

Fixes

• Fix language: python with repo: local without additional_dependencies.
  • #3597 PR by @​asottile.

4.5.0 - 2025-11-22

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

4.4.0 - 2025-11-08

Features

• Add --fail-fast option to pre-commit run.
  • #3528 PR by @​JulianMaurin.
• Upgrade ruby-build / rbenv.
  • #3566 PR by @​asottile.
  • #3565 issue by @​MRigal.
• Add language: unsupported / language: unsupported_script as aliases for language: system / language: script (which will eventually be deprecated).
  • #3577 PR by @​asottile.
• Add support docker-in-docker detection for cgroups v2.
  • #3535 PR by @​br-rhrbacek.
  • #3360 issue by @​JasonAlt.

Fixes

• Handle when docker gives SecurityOptions: null.
  • #3537 PR by @​asottile.
  • #3514 issue by @​jenstroeger.
• Fix error context for invalid stages in .pre-commit-config.yaml.
  • #3576 PR by @​asottile.

4.3.0 - 2025-08-09

Features

• language: docker / language: docker_image: detect rootless docker.
  • #3446 PR by @​matthewhughes934.
  • #1243 issue by @​dkolepp.
• language: julia: avoid startup.jl when executing hooks.
  • #3496 PR by @​ericphanson.
• language: dart: support latest dart versions which require a higher sdk lower bound.
  • #3507 PR by @​bc-lee.

Commits

• 8a0630c v4.5.1
• fcbc745 Merge pull request #3597 from pre-commit/empty-setup-py
• 51592ee fix python local template when artifact dirs are present
• 67e8faf Merge pull request #3596 from pre-commit/pre-commit-ci-update-config
• c251e6b [pre-commit.ci] pre-commit autoupdate
• 98ccafa Merge pull request #3593 from pre-commit/pre-commit-ci-update-config
• 4895355 [pre-commit.ci] pre-commit autoupdate
• 2cedd58 Merge pull request #3588 from pre-commit/pre-commit-ci-update-config
• 465192d [pre-commit.ci] pre-commit autoupdate
• fd42f96 Merge pull request #3586 from pre-commit/zipapp-sha256-file-not-needed
• Additional commits viewable in compare view

Updates poethepoet from 0.36.0 to 0.40.0

Release notes

Sourced from poethepoet's releases.

0.40.0

Enhancements

• Allow optional envfiles without warnings by @​cnaples79 in nat-n/poethepoet#337
• Add support for the capture_output option in ref tasks by @​kzrnm in nat-n/poethepoet#343
• Set uv to quiet mode during shell completion to avoid console spam by @​nat-n in nat-n/poethepoet#338
• Support ignore_fail on execution task types and ref tasks by @​nat-n in nat-n/poethepoet#347
• Add choices option to constrain named arguments by @​nat-n in nat-n/poethepoet#348

Fixes

• Handle SIGHUP and SIGBREAK signals to stop tasks by @​nat-n in nat-n/poethepoet#344
• Accept string for type name in global executor option by @​kzrnm in nat-n/poethepoet#340

Code improvements

• Modernize type annotations by @​nat-n in nat-n/poethepoet#339
• Ensure test virtual environments are always cleaned up by @​kzrnm in nat-n/poethepoet#346

Full Changelog: nat-n/poethepoet@v0.39.0...v0.40.0

0.39.0

Enhancements

• Add support for uv executor options by @​rochacbruno and @​nat-n in nat-n/poethepoet#327
  • feat: add various options to the uv executor to be passed to the uv run command
  • feat: allow task executor to be configure with just the type as a string
  • feat executor options to be set at runtime via the new --executor-opt cli global option
  • feat: allow inheritance of compatible executor options from global to task to runtime
  • refactor: extend PoeOptions to support annotating config fields with a config_name to parse, separate from the attribute name
  • refactor: some micro-optimizations to PoeOptions and AnnotationType
  • doc: Add guide for replacing tox with poe + uv
  • doc: tidy up executor docs
  • doc: fix typo in doc for expr task
  • test: improve test coverage of PoeOptions
  • test: disable some test cases on windows that are too flaky

New Contributors

• @​rochacbruno made their first contribution in nat-n/poethepoet#327

Full Changelog: nat-n/poethepoet@v0.38.0...v0.39.0

0.38.0

Enhancements

• feat: Add parallel task type by @​nat-n in nat-n/poethepoet#323

Breaking changes

... (truncated)

Commits

• 0a7247d Bump version to 0.40.0
• 312e74a feat: Add choices option to constrain named arguments (#348)
• 5e0b3e5 feat: support ignore_fail on execution task types and ref tasks (#347)
• a3c97e1 test: ensure the test virtual environment is always removed (#346)
• bc04e2f feat: support capture_output on ref tasks (#343)
• f7b82ef fix: global executor option (#340)
• 8e7b116 fix: handle SIGHUP and SIGBREAK signals to stop tasks (#344)
• 8e51f2b refactor: modernize type annotations (#339)
• 72a9225 fix: set uv to quiet during shell completion (#338)
• c6c7306 feat: allow optional envfiles without warnings (#337)
• Additional commits viewable in compare view

Updates setuptools from 80.9.0 to 80.10.2

Changelog

Sourced from setuptools's changelog.

v80.10.2

Bugfixes

• Update vendored dependencies. (#5159)

Misc

• #5115, #5128

v80.10.1

Misc

• #5152

v80.10.0

Features

• Remove post-release tags on setuptools' own build. (#4530)
• Refreshed vendored dependencies. (#5139)

Misc

• #5033

Commits

• 5cf2d08 Bump version: 80.10.1 → 80.10.2
• 852cd5e Merge pull request #5166 from pypa/bugfix/5159-vendor-bin-free
• 11115ee Suppress deprecation warning.
• 5cf9185 Update vendored dependencies.
• cf59f41 Delete all binaries generated by vendored package install.
• 89a5981 Add missing newsfragments
• c0114af Postpone deprecation warnings related to PEP 639 to 2027-Feb-18 (#5115)
• de07603 Revert "[CI] Constraint transient test dependency on pyobjc" (#5128)
• 3afd5d6 Revert "[CI] Constraint transient test dependency on pyobjc"
• adfb0c9 Bump version: 80.10.0 → 80.10.1
• Additional commits viewable in compare view

Updates pytest-sugar from 1.0.0 to 1.1.1

Release notes

Sourced from pytest-sugar's releases.

pytest-sugar 1.1.1

Adjust signature of SugarTerminalReporter to avoid conflicts with other pytest plugins (#297 by @​TolstochenkoDaniil)

pytest-sugar 1.1.0

Add Playwright trace file detection and display support for failed tests (#296 by @​kiebak3r)

This enhancement automatically detects and displays Playwright trace.zip files with viewing commands when tests fail, making debugging easier for Playwright users.

New command-line options:

• --sugar-trace-dir: Configure the directory name for Playwright trace files (default: test-results)
• --sugar-no-trace: Disable Playwright trace file detection and display

Changelog

Sourced from pytest-sugar's changelog.

1.1.1 - 2025-08-23 ^^^^^^^^^^^^^^^^^^

Adjust signature of SugarTerminalReporter to avoid conflicts with other pytest plugins

Contributed by Daniil via [PR #297](Teemu/pytest-sugar#297)

1.1.0 - 2025-08-16 ^^^^^^^^^^^^^^^^^^

Add Playwright trace file detection and display support for failed tests. This enhancement automatically detects and displays Playwright trace.zip files with viewing commands when tests fail, making debugging easier for Playwright users.

New command-line options:

• --sugar-trace-dir: Configure the directory name for Playwright trace files (default: test-results)
• --sugar-no-trace: Disable Playwright trace file detection and display

Contributed by kie via [PR #296](Teemu/pytest-sugar#296)

Commits

• 8133503 Release pytest-sugar 1.1.1
• 6798042 Fix conflict with other Pytest plugins (#297)
• 43bbdd0 Release pytest-sugar 1.1.0
• 855d661 Feature - Playwright Support for Trace Zip Mapping (#296)
• 2a5862a Merge pull request #293 from cgoldberg/add-py313
• ca26d98 Add support for Python 3.13
• 69989eb Clarify license as BSD 3-Clause License
• 3c86a5c Merge pull request #289 from deronnax/remove-packaging-dep
• c123be0 remove 'packaging' package
• efafd9c Merge pull request #282 from penguinpee/main
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions