Skip to content

internal: bump the uv-dependencies group with 3 updates#27

Merged
joce merged 1 commit into
mainfrom
dependabot/uv/uv-dependencies-a1bccb612b
Jul 13, 2026
Merged

internal: bump the uv-dependencies group with 3 updates#27
joce merged 1 commit into
mainfrom
dependabot/uv/uv-dependencies-a1bccb612b

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown
Contributor

Bumps the uv-dependencies group with 3 updates: tox, ruff and tzdata.

Updates tox from 4.56.1 to 4.56.4

Release notes

Sourced from tox's releases.

v4.56.4

What's Changed

Full Changelog: tox-dev/tox@4.56.3...4.56.4

v4.56.3

What's Changed

New Contributors

Full Changelog: tox-dev/tox@4.56.2...4.56.3

v4.56.2

What's Changed

Full Changelog: tox-dev/tox@4.56.1...4.56.2

Changelog

Sourced from tox's changelog.

Bug fixes - 4.56.4

  • Discover debug (Py_DEBUG) interpreters set as base_python, such as Debian's python3.13-dbg - the spec was misread as a machine named dbg and no interpreter matched. Requires python-discovery>=1.4.4 - by :user:gaborbernat. (:issue:3977)

v4.56.3 (2026-07-08)


Bug fixes - 4.56.3

  • Stop double-closing the child pty file descriptor when running under a tty, which could race a parallel run that had reused the freed descriptor number and cause intermittent Bad file descriptor/Input/output error failures - by :user:apoorvdarshan. (:issue:3975)

v4.56.2 (2026-07-07)


Bug fixes - 4.56.2

  • Fix a batch of latent defects found in a codebase audit:

    • stop duplicating --extra-index-url when a merged requirements line repeats an already-seen index;
    • render --no-binary/--only-binary as comma-joined strings instead of leaking the internal set into the pip command line;
    • report a clear error instead of IndexError for a bare one-argument flag (-c, -r, -f, -e) in deps or constraints;
    • canonicalize optional-dependencies keys and self-referential (recursive) extra names so non-canonical spellings no longer silently drop dependencies;
    • raise a clear error instead of KeyError when dependency_groups is requested without a [dependency-groups] table;
    • stop a native TOML { replace = "env" } reference from leaking its resolution chain into sibling list entries and tripping a spurious circular chain error;
    • expand the range that actually matched in a factor expression rather than the first identical digit-range substring;
    • strip the backslash from an escaped \; in set_env values;
    • skip option values during command auto-detection so an environment named like a subcommand (e.g. tox -e list) is no longer misread;
    • treat an empty list-typed environment variable (e.g. TOX_DISCOVER=) as an empty list rather than [""];
    • report an environment whose name is an empty string as present in Config membership tests;
    • fail evaluation gracefully instead of crashing the driver thread when tox p -p all is run with an empty selection;
    • avoid rebuilding a throwaway PEP 517 frontend against the previous root when a package environment's root is reassigned before a frontend exists;
    • avoid crashing create_session_view when the package and its session copy share no common path (e.g. different Windows drives);

... (truncated)

Commits
  • a44a942 release 4.56.4
  • 7790501 🐛 fix(discovery): find debug interpreters like python3.13-dbg (#3978)
  • 4dac7fe release 4.56.3
  • 6f8dabc Don't double-close the child pty fd (fixes parallel Bad file descriptor) (#39...
  • 5458a28 release 4.56.2
  • d3dc2d1 Fix 17 bugs found in a deep codebase sweep (#3974)
  • b55fe2f [pre-commit.ci] pre-commit autoupdate (#3973)
  • 7ba0f81 💰 Surface GitHub Sponsors + thanks.dev
  • 03c2d58 build(deps): bump actions/cache from 5.0.5 to 6.1.0 (#3972)
  • 34962f1 [pre-commit.ci] pre-commit autoupdate (#3971)
  • Additional commits viewable in compare view

Updates ruff from 0.15.20 to 0.15.21

Release notes

Sourced from ruff's releases.

0.15.21

Release Notes

Released on 2026-07-09.

Preview features

  • Add --add-ignore for adding ruff:ignore comments (#26346)
  • [flake8-comprehensions] Drop C409 tuple comprehension preview behavior (#25707)
  • Avoid whitespace normalization when formatting comments (#26455)
  • [pyupgrade] Lint and fix use of deprecated abc decorators (UP051) (#26417)

Bug fixes

  • Refine non-empty f-string detection (#26526)
  • Detect syntax errors in individual notebook cells (#26419)
  • [flake8-implicit-str-concat] Fix ISC003 autofix incorrectly stripping + from comments (#26554)

Rule changes

  • [flake8-executable] Mark EXE004 fix as unsafe (#26033)
  • [flake8-pyi] Mark PYI061 fixes as unsafe in Python files (#26533)
  • [pydocstyle] Skip overload-with-docstring in stub files (D418) (#26318)

Performance

  • Avoid per-token source index visitor calls (#26506)
  • Cache parenthesized expression boundaries in the formatter (#26344)
  • Improve performance of rendering edits in preview mode (#26565)
  • Inline fits_element in formatter (#26429)
  • Inline formatter printing hot paths (#26504)
  • Lazily create builtin bindings (#26510)
  • Skip empty trivia scans in the source indexer (#26507)
  • Use ICF for macOS release builds (#25780)

Formatter

  • Add --extend-exclude to ruff format (#26372)

Documentation

  • Add "How does Ruff's import sorting compare to isort?" link to README (#26530)
  • Fix Mozilla Firefox repository link in README (#26537)
  • [flake8-bandit] Fix misleading docstring for mako-templates (S702) (#26432)
  • [ruff] Fix non-triggering example for if-key-in-dict-del (RUF051) (#26433)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.21

Released on 2026-07-09.

Preview features

  • Add --add-ignore for adding ruff:ignore comments (#26346)
  • [flake8-comprehensions] Drop C409 tuple comprehension preview behavior (#25707)
  • Avoid whitespace normalization when formatting comments (#26455)
  • [pyupgrade] Lint and fix use of deprecated abc decorators (UP051) (#26417)

Bug fixes

  • Refine non-empty f-string detection (#26526)
  • Detect syntax errors in individual notebook cells (#26419)
  • [flake8-implicit-str-concat] Fix ISC003 autofix incorrectly stripping + from comments (#26554)

Rule changes

  • [flake8-executable] Mark EXE004 fix as unsafe (#26033)
  • [flake8-pyi] Mark PYI061 fixes as unsafe in Python files (#26533)
  • [pydocstyle] Skip overload-with-docstring in stub files (D418) (#26318)

Performance

  • Avoid per-token source index visitor calls (#26506)
  • Cache parenthesized expression boundaries in the formatter (#26344)
  • Improve performance of rendering edits in preview mode (#26565)
  • Inline fits_element in formatter (#26429)
  • Inline formatter printing hot paths (#26504)
  • Lazily create builtin bindings (#26510)
  • Skip empty trivia scans in the source indexer (#26507)
  • Use ICF for macOS release builds (#25780)

Formatter

  • Add --extend-exclude to ruff format (#26372)

Documentation

  • Add "How does Ruff's import sorting compare to isort?" link to README (#26530)
  • Fix Mozilla Firefox repository link in README (#26537)
  • [flake8-bandit] Fix misleading docstring for mako-templates (S702) (#26432)
  • [ruff] Fix non-triggering example for if-key-in-dict-del (RUF051) (#26433)

Contributors

... (truncated)

Commits

Updates tzdata from 2026.2 to 2026.3

Release notes

Sourced from tzdata's releases.

2026.3: Release of upstream tzdata 2026c

Version 2026.3

Upstream version 2026c released 2026-07-08T17:23:58+00:00

Briefly:

Alberta moved to permanent -06 on 2026-06-18. Morocco moves to permanent +00 on 2026-09-20. More integer overflow bugs have been fixed in zic.

Changes to future timestamps

Alberta’s 2026-03-08 spring forward was its last foreseeable clock change, as it moved to permanent -06 thereafter. (Thanks to Roozbeh Pournader and others.) Model this with its traditional abbreviation CST. Although the change to permanent -06 legally took place on 2026-06-18, temporarily model the change to occur on 2026-11-01 at 02:00 instead, for the same reason we introduced a similarly temporary hack for British Columbia in 2026b.

Although another TZDB release will likely be needed soon because Northwest Territories will likely follow Alberta, the legal formalities have not yet taken place.

Morocco plans to move back to permanent UTC, without daylight saving time transitions, on 2026-09-20 at 02:00. This also affects Western Sahara.

Changes to commentary

Northwest Territories is expected to move to permanent -06 prior to 2026-11-01 02:00, when clocks would otherwise fall back. (Thanks to Tim Parenti and James Bellaire.) Model this with its traditional abbreviation CST. Unfortunately the change is not yet official, so it is currently present only as comments that can be uncommented as needed.

Changelog

Sourced from tzdata's changelog.

Version 2026.3

Upstream version 2026c released 2026-07-08T17:23:58+00:00

Briefly:

Alberta moved to permanent -06 on 2026-06-18. Morocco moves to permanent +00 on 2026-09-20. More integer overflow bugs have been fixed in zic.

Changes to future timestamps

Alberta’s 2026-03-08 spring forward was its last foreseeable clock change, as it moved to permanent -06 thereafter. (Thanks to Roozbeh Pournader and others.) Model this with its traditional abbreviation CST. Although the change to permanent -06 legally took place on 2026-06-18, temporarily model the change to occur on 2026-11-01 at 02:00 instead, for the same reason we introduced a similarly temporary hack for British Columbia in 2026b.

Although another TZDB release will likely be needed soon because Northwest Territories will likely follow Alberta, the legal formalities have not yet taken place.

Morocco plans to move back to permanent UTC, without daylight saving time transitions, on 2026-09-20 at 02:00. This also affects Western Sahara.

Changes to commentary

Northwest Territories is expected to move to permanent -06 prior to 2026-11-01 02:00, when clocks would otherwise fall back. (Thanks to Tim Parenti and James Bellaire.) Model this with its traditional abbreviation CST. Unfortunately the change is not yet official, so it is currently present only as comments that can be uncommented as needed.


Commits
  • a442794 Update tzdata to version 2026c (#145)
  • 8f35937 Use the release environment for TestPyPI publishes (#146)
  • ba0b891 Few fixes to the maintaining doc
  • 9a7e6a0 Add Stan Ulbrych to license
  • 1cab5e2 Bump actions/checkout from 6.0.2 to 7.0.0 (#144)
  • e71cff9 Bump hynek/build-and-inspect-python-package action (#143)
  • 14b2953 Make open PR check stricter (#141)
  • 68d4d51 Isolate package build and publish (#137)
  • 5bb6232 Fix punctuation in README.
  • e313d95 Raise with an informative message when release is missing from NEWS file
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the uv-dependencies group with 3 updates: [tox](https://github.com/tox-dev/tox), [ruff](https://github.com/astral-sh/ruff) and [tzdata](https://github.com/python/tzdata).


Updates `tox` from 4.56.1 to 4.56.4
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst)
- [Commits](tox-dev/tox@4.56.1...4.56.4)

Updates `ruff` from 0.15.20 to 0.15.21
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.20...0.15.21)

Updates `tzdata` from 2026.2 to 2026.3
- [Release notes](https://github.com/python/tzdata/releases)
- [Changelog](https://github.com/python/tzdata/blob/master/NEWS.md)
- [Commits](python/tzdata@2026.2...2026.3)

---
updated-dependencies:
- dependency-name: tox
  dependency-version: 4.56.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: uv-dependencies
- dependency-name: ruff
  dependency-version: 0.15.21
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: uv-dependencies
- dependency-name: tzdata
  dependency-version: '2026.3'
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: uv-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 10, 2026
@joce
joce merged commit 56cc5d7 into main Jul 13, 2026
16 checks passed
@joce
joce deleted the dependabot/uv/uv-dependencies-a1bccb612b branch July 13, 2026 00:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant