Skip to content

pip: bump the pip-updates group across 1 directory with 3 updates#1538

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/sync/pip-updates-853383a4b3
Open

pip: bump the pip-updates group across 1 directory with 3 updates#1538
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/sync/pip-updates-853383a4b3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on ruff, coverage and anyio to permit the latest version.
Updates ruff to 0.15.21

Release notes

Sourced from ruff's releases.

0.15.21

Release Notes

Released on 2026-07-09.

Preview features

  • Add --add-ignore for adding ruff:ignore comments (#26346)
  • [flake8-comprehensions] Drop C409 tuple comprehension preview behavior (#25707)
  • Avoid whitespace normalization when formatting comments (#26455)
  • [pyupgrade] Lint and fix use of deprecated abc decorators (UP051) (#26417)

Bug fixes

  • Refine non-empty f-string detection (#26526)
  • Detect syntax errors in individual notebook cells (#26419)
  • [flake8-implicit-str-concat] Fix ISC003 autofix incorrectly stripping + from comments (#26554)

Rule changes

  • [flake8-executable] Mark EXE004 fix as unsafe (#26033)
  • [flake8-pyi] Mark PYI061 fixes as unsafe in Python files (#26533)
  • [pydocstyle] Skip overload-with-docstring in stub files (D418) (#26318)

Performance

  • Avoid per-token source index visitor calls (#26506)
  • Cache parenthesized expression boundaries in the formatter (#26344)
  • Improve performance of rendering edits in preview mode (#26565)
  • Inline fits_element in formatter (#26429)
  • Inline formatter printing hot paths (#26504)
  • Lazily create builtin bindings (#26510)
  • Skip empty trivia scans in the source indexer (#26507)
  • Use ICF for macOS release builds (#25780)

Formatter

  • Add --extend-exclude to ruff format (#26372)

Documentation

  • Add "How does Ruff's import sorting compare to isort?" link to README (#26530)
  • Fix Mozilla Firefox repository link in README (#26537)
  • [flake8-bandit] Fix misleading docstring for mako-templates (S702) (#26432)
  • [ruff] Fix non-triggering example for if-key-in-dict-del (RUF051) (#26433)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.21

Released on 2026-07-09.

Preview features

  • Add --add-ignore for adding ruff:ignore comments (#26346)
  • [flake8-comprehensions] Drop C409 tuple comprehension preview behavior (#25707)
  • Avoid whitespace normalization when formatting comments (#26455)
  • [pyupgrade] Lint and fix use of deprecated abc decorators (UP051) (#26417)

Bug fixes

  • Refine non-empty f-string detection (#26526)
  • Detect syntax errors in individual notebook cells (#26419)
  • [flake8-implicit-str-concat] Fix ISC003 autofix incorrectly stripping + from comments (#26554)

Rule changes

  • [flake8-executable] Mark EXE004 fix as unsafe (#26033)
  • [flake8-pyi] Mark PYI061 fixes as unsafe in Python files (#26533)
  • [pydocstyle] Skip overload-with-docstring in stub files (D418) (#26318)

Performance

  • Avoid per-token source index visitor calls (#26506)
  • Cache parenthesized expression boundaries in the formatter (#26344)
  • Improve performance of rendering edits in preview mode (#26565)
  • Inline fits_element in formatter (#26429)
  • Inline formatter printing hot paths (#26504)
  • Lazily create builtin bindings (#26510)
  • Skip empty trivia scans in the source indexer (#26507)
  • Use ICF for macOS release builds (#25780)

Formatter

  • Add --extend-exclude to ruff format (#26372)

Documentation

  • Add "How does Ruff's import sorting compare to isort?" link to README (#26530)
  • Fix Mozilla Firefox repository link in README (#26537)
  • [flake8-bandit] Fix misleading docstring for mako-templates (S702) (#26432)
  • [ruff] Fix non-triggering example for if-key-in-dict-del (RUF051) (#26433)

Contributors

... (truncated)

Commits

Updates coverage to 7.15.1

Changelog

Sourced from coverage's changelog.

Version 7.15.1 — 2026-07-12

  • Fix: in the HTML report with show_contexts enabled, a context label containing </script> (for example a parametrized pytest node id) could close the inline <script> element in a file page early, injecting markup. Context labels are now fully escaped. Thanks, Rajath Mohare <pull 2224_>_.

  • A number of performance improvements thanks to Paul Kehrer, in pull requests 2213 <pull 2213_>, 2214 <pull 2214_>, 2215 <pull 2215_>, 2216 <pull 2216_>, 2218 <pull 2218_>, 2220 <pull 2220_>, and 2221 <pull 2221_>_.

.. _pull 2213: coveragepy/coveragepy#2213 .. _pull 2214: coveragepy/coveragepy#2214 .. _pull 2215: coveragepy/coveragepy#2215 .. _pull 2216: coveragepy/coveragepy#2216 .. _pull 2218: coveragepy/coveragepy#2218 .. _pull 2220: coveragepy/coveragepy#2220 .. _pull 2221: coveragepy/coveragepy#2221 .. _pull 2224: coveragepy/coveragepy#2224

.. _changes_7-15-0:

Version 7.15.0 — 2026-07-02

  • Since 7.14.0, reporting commands implicitly combine parallel data files. Now those commands have a new option --keep-combined to retain the data files after combining them instead of the default, which is to delete them. Finishes issue 2198_.

  • Fix: the LCOV report would incorrectly count excluded functions as uncovered, as described in issue 2205. This is now fixed thanks to Martin Kuntz Jacobsen <pull 2206_>.

  • When running your program, coverage now correctly sets yourmodule.__spec__.loader as strongly recommended <--loader--_>, avoiding the deprecation warning described in issue 2208. Thanks, A5rocks <pull 2209_>_.

  • Fix: with Python 3.10, running with the -I (isolated mode) option didn't correctly omit the current directory from the module search path, as described in issue 2103. That is now fixed thanks to Ilia Sorokin <pull 2211_>.

.. --loader--: https://docs.python.org/3/reference/datamodel.html#module.__loader_ .. _issue 2103: coveragepy/coveragepy#2103 .. _issue 2198: coveragepy/coveragepy#2198 .. _issue 2205: coveragepy/coveragepy#2205

... (truncated)

Commits
  • da63bed docs: sample HTML for 7.15.1
  • bc35e64 docs: prep for 7.15.1
  • 182b010 perf: resolve sysmon branch events lazily, one pair at a time (#2221)
  • ee271ee perf: compute multiline maps cheaply in the sysmon core (#2220)
  • 1441b96 chore: bump the action-dependencies group with 6 updates (#2225)
  • dd80635 fix: escape context labels in html report inline script block (#2224)
  • 7c3ae71 docs: normalize earlier history order (#2222)
  • 088dc60 chore: make upgrade
  • f7e15a8 test: upload .json and .xml coverage reports
  • 3b62112 docs: thanks, Paul Kehrer
  • Additional commits viewable in compare view

Updates anyio from 4.14.1 to 4.14.2

Release notes

Sourced from anyio's releases.

4.14.2

  • Changed ByteReceiveStream.receive() implementations to raise a ValueError when max_bytes is not a positive integer (#1191)
  • Fixed CapacityLimiter.total_tokens rejecting float("inf") when the limiter was instantiated outside of an event loop. The adapter setter checked for infinity by identity (value is math.inf), so only the exact math.inf singleton was accepted, while every backend setter (using math.isinf()) accepts any positive infinity (#1189; PR by @​greymoth-jp).
  • Fixed to_process.run_sync() deadlocking when the worker function writes enough data to sys.stderr to fill the (undrained) pipe buffer. The worker process now redirects sys.stderr to os.devnull as well, matching the documented behavior
  • Fixed TLSStream.wrap() matching an internationalized (unicode) host name against the peer certificate using IDNA 2003 (via the standard library) instead of IDNA 2008, which could cause the host name to be matched against the wrong certificate (#1208)
  • Fixed anyio.open_process() (and run_process()) ignoring the extra_groups argument, as it mistakenly passed the value of the group argument instead (#1209)
  • Fixed CapacityLimiter.acquire_nowait() and CapacityLimiter.acquire_nowait_on_behalf_of() raising trio.WouldBlock instead of anyio.WouldBlock on the trio backend when there are no tokens available (#1218)
  • Fixed CapacityLimiter on the asyncio backend over-granting tokens (borrowed_tokens exceeding total_tokens and available_tokens going negative) when a non-blocking acquire was made in the window between a token being released and the notified waiter resuming. The freed token is now reserved for the woken waiter right away, so the non-blocking acquire correctly raises WouldBlock (#1170; PR by @​gaoflow)
  • Fixed unnecessary CPU spin when delivering cancellation from CancelScope on asyncio under certain conditions, including improper cancel scope nesting (#1111)
Commits
  • c384f99 Bumped up the version
  • dbba29d Fixed 100% CPU spin on cancel scope misuse (#1217)
  • 6bbc6c3 Fix CapacityLimiter over-granting tokens on asyncio (#1172)
  • 6f82b25 Refactored TestTLSStream.test_receive_invalid_max_bytes() to be less flaky
  • be24b04 Relaxed timeouts to fix test flakiness
  • 8113506 Fix test flakiness caused by slow callback duration logging
  • 1e988b6 Fixed CapacityLimiter raising trio.WouldBlock instead of anyio.WouldBlock (#1...
  • 44713f3 Pin setup-uv to a commit sha across downstream jobs (#1213)
  • f1b7301 Fixed stderr writes in a worker subprocess causing a deadlock (#1207)
  • 212be93 Fix flaky test_tcp_listener_same_port using a hardcoded port (#1206)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Updates the requirements on [ruff](https://github.com/astral-sh/ruff), [coverage](https://github.com/coveragepy/coveragepy) and [anyio](https://github.com/agronholm/anyio) to permit the latest version.

Updates `ruff` to 0.15.21
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.20...0.15.21)

Updates `coverage` to 7.15.1
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.15.0...7.15.1)

Updates `anyio` from 4.14.1 to 4.14.2
- [Release notes](https://github.com/agronholm/anyio/releases)
- [Commits](agronholm/anyio@4.14.1...4.14.2)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.15.21
  dependency-type: direct:production
  dependency-group: pip-updates
- dependency-name: coverage
  dependency-version: 7.15.1
  dependency-type: direct:production
  dependency-group: pip-updates
- dependency-name: anyio
  dependency-version: 4.14.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added automation This issue or pull request was created by automation pip-update This pull request updates a pip package sync This issue or pull request affects sync labels Jul 13, 2026
@dependabot
dependabot Bot requested a review from a team as a code owner July 13, 2026 21:05
@dependabot dependabot Bot added sync This issue or pull request affects sync automation This issue or pull request was created by automation pip-update This pull request updates a pip package labels Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

automation This issue or pull request was created by automation pip-update This pull request updates a pip package sync This issue or pull request affects sync

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants