Bump the python-packages group with 14 updates

[dependabot]

Updates the requirements on requests, pandas, python-dotenv, openpyxl, click, alive-progress, pytest, coverage, mypy, black, ruff, pylint, nox and tox to permit the latest version.
Updates requests to 2.33.1

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

New Contributors

• @​ferdnyc made their first contribution in psf/requests#7277

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.

... (truncated)

Commits

• 111d2b7 v2.33.1
• f0198e6 Fix malformed value parsing for Content-Type (#7309)
• bc7dd0f Fix cosmetic header validity parsing regex (#7308)
• 4443b1a Fix unintended test extra (#7306)
• 389eea5 Cleanup extracted file after extract_zipped_path test (#7305)
• 7407309 Packaging: DRY out extras definition (#7277)
• bc04dfd v2.33.0
• 66d21cb Merge commit from fork
• 8b9bc8f Move badges to top of README (#7293)
• e331a28 Remove unused extraction call (#7292)
• Additional commits viewable in compare view

Updates pandas to 3.0.2

Release notes

Sourced from pandas's releases.

pandas 3.0.2

We are pleased to announce the release of pandas 3.0.2. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Commits

• ab90747 RLS: 3.0.2 (#64934)
• 6f27013 Backport PR #64931 on branch 3.0.x (DOC/BLD: temporary disable upload of docs...
• 48ddc60 Backport PR #64664 on branch 3.0.x (BUG: DataFrame.sum() crashes on empty Dat...
• 8774488 [backport 3.0.x] PERF: fix slow python loop in validation for ArrowStringArra...
• 33af6cc Backport PR #64133 on branch 3.0.x (BUG: str.find returns byte offset instead...
• 4ef49d8 [backport 3.0.x] BUG: fix convert_dtypes dropping values from sliced mixed-dt...
• 0668f34 [backport 3.0.x] BUG: Fix HDFStore.put with StringDtype columns and compressi...
• 23f2f44 [backport 3.0.x] BUG: Suppress unnecessary RuntimeWarning in to_datetime with...
• 83ba804 Backport PR #64886: BUG: Compute Variance of Complex Numbers Correctly (#64892)
• bb5ca1a Backport PR #64386 on branch 3.0.x (BUG: fix sort_index AssertionError with R...
• Additional commits viewable in compare view

Updates python-dotenv to 1.2.2

Release notes

Sourced from python-dotenv's releases.

v1.2.2

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#)

Changed

• The dotenv run command now forwards flags directly to the specified command by @​bbc2 in theskumar/python-dotenv#607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by @​bbc2 in #790c5
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by @​JYOuyang in theskumar/python-dotenv#590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Misc

• skip 000 permission tests for root user by @​burnout-projects in theskumar/python-dotenv#561
• Bump actions/checkout from 5 to 6 in the github-actions group by @​dependabot[bot] in theskumar/python-dotenv#593
• Add Windows testing to CI by @​bbc2 in theskumar/python-dotenv#604
• Improve workflow efficiency with best practices by @​theskumar in theskumar/python-dotenv#609
• Remove the use of sh in tests by @​bbc2 in theskumar/python-dotenv#612

New Contributors

• @​JYOuyang made their first contribution in theskumar/python-dotenv#590
• @​burnout-projects made their first contribution in theskumar/python-dotenv#561
• @​cpackham-atlnz made their first contribution in theskumar/python-dotenv#597

Full Changelog: theskumar/python-dotenv@v1.2.1...v1.2.2

Changelog

Sourced from python-dotenv's changelog.

[1.2.2] - 2026-03-01

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#588)

Changed

• The dotenv run command now forwards flags directly to the specified command by [@​bbc2] in #607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Dropped Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by [@​bbc2] in [790c5c0]
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@​JYOuyang] in #590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

[1.2.1] - 2025-10-26

• Move more config to pyproject.toml, removed setup.cfg
• Add support for reading .env from FIFOs (Unix) by [@​sidharth-sudhir] in #586

[1.2.0] - 2025-10-26

• Upgrade build system to use PEP 517 & PEP 518 to use build and pyproject.toml by [@​EpicWink] in #583
• Add support for Python 3.14 by [@​23f3001135] in #579
• Add support for disabling of load_dotenv() using PYTHON_DOTENV_DISABLED env var. by [@​matthewfranglen] in #569

[1.1.1] - 2025-06-24

Fixed

• CLI: Ensure find_dotenv work reliably on python 3.13 by [@​theskumar] in #563

... (truncated)

Commits

• 36004e0 Bump version: 1.2.1 → 1.2.2
• eb20252 docs: update changelog for v1.2.2
• 790c5c0 Merge commit from fork
• 43340da Remove the use of sh in tests (#612)
• 09d7cee docs: clarify override behavior and document FIFO support (#610)
• c8de288 ci: improve workflow efficiency with best practices (#609)
• 7bd9e3d Add Windows testing to CI (#604)
• 1baaf04 Drop Python 3.9 support and update to PyPy 3.11 (#608)
• 4a22cf8 ci: enable testing on Python 3.14t (free-threaded) (#588)
• e2e8e77 Fix license specifier (#597)
• Additional commits viewable in compare view

Updates openpyxl to 3.1.5

Updates click to 8.3.2

Release notes

Sourced from click's releases.

8.3.2

This is the Click 8.3.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.3.2/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-2 Milestone: https://github.com/pallets/click/milestone/29

• Fix handling of flag_value when is_flag=False to allow such options to be used without an explicit value. #3084 #3152
• Hide Sentinel.UNSET values as None when using lookup_default(). #3136 #3199 #3202 #3209 #3212 #3224
• Prevent _NamedTextIOWrapper from closing streams owned by StreamMixer. #824 #2991 #2993 #3110 #3139 #3140
• Add comprehensive tests for CliRunner stream lifecycle, covering logging interaction, multi-threaded safety, and sequential invocation isolation. Add high-iteration stress tests behind a stress marker with a dedicated CI job. #3139
• Fix callable flag_value being instantiated when used as a default via default=True. #3121 #3201 #3213 #3225

Changelog

Sourced from click's changelog.

Version 8.3.2

Released 2026-04-02

• Fix handling of flag_value when is_flag=False to allow such options to be used without an explicit value. :issue:3084 :pr:3152
• Hide Sentinel.UNSET values as None when using lookup_default(). :issue:3136 :pr:3199 :pr:3202 :pr:3209 :pr:3212 :pr:3224
• Prevent _NamedTextIOWrapper from closing streams owned by StreamMixer. :issue:824 :issue:2991 :issue:2993 :issue:3110 :pr:3139 :pr:3140
• Add comprehensive tests for CliRunner stream lifecycle, covering logging interaction, multi-threaded safety, and sequential invocation isolation. Add high-iteration stress tests behind a stress marker with a dedicated CI job. :pr:3139
• Fix callable flag_value being instantiated when used as a default via default=True. :issue:3121 :pr:3201 :pr:3213 :pr:3225

Version 8.3.1

Released 2025-11-15

• Don't discard pager arguments by correctly using subprocess.Popen. :issue:3039 :pr:3055
• Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. :issue:3066 :issue:3065 :pr:3068
• Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. :issue:3071 :pr:3079
• Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. :issue:3136 :pr:3137
• Fix rendering when prompt and confirm parameter prompt_suffix is empty. :issue:3019 :pr:3021
• When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. :issue:3069 :pr:3090

Version 8.3.0

Released 2025-09-17

• Improved flag option handling: Reworked the relationship between flag_value and default parameters for better consistency:

  • The default parameter value is now preserved as-is and passed directly to CLI functions (no more unexpected transformations)
  • Exception: flag options with default=True maintain backward compatibility by defaulting to their flag_value
  • The default parameter can now be any type (bool, None, etc.)
  • Fixes inconsistencies reported in: :issue:1992 :issue:2514 :issue:2610

... (truncated)

Commits

• 052c006 Change update release date.
• 502b7ce Merge branch 'stable' of https://github.com/pallets/click into release-8.3.2
• a0a37e4 Change publish to werkzeug latest. (#3301)
• 57be6fc Change publish to werkzeug latest.
• 781d6a8 Update publish workflows (#3266)
• ff795b6 Update precommit pins with tox
• dd87ef4 Update github action pins with tox
• 93d3f9d Release version 8.3.2
• 3299ba1 Add missing PR to changelog. (#3264)
• b7f62c4 Add missing PR to changelog.
• Additional commits viewable in compare view

Updates alive-progress to 3.3.0

Changelog

Sourced from alive-progress's changelog.

3.3.0 - Jul 19, 2025

• the final receipt is available in the alive_bar handle
• the elapsed time is available in the alive_bar handle, in seconds with full precision
• bar title and text can be changed even after the bar has finished
• changed the grapheme dependency which was no longer maintained to graphemeu, which is a maintained fork of the original one
• added py.typed in the distribution to satisfy mypy and other type checking tools
• included Python 3.14 support (in CI for now)

3.2.0 - Oct 26, 2024

• print/logging hooks now support multithreading
• rounded ETAs for long tasks
• support for zero and even negative bar increments
• custom offset for enriched print/logging messages
• improved compatibility with PyInstaller
• improved compatibility with Celery
• drop python 3.7 and 3.8, hello 3.12 and 3.13

3.1.5 - Nov 08, 2023

• ignore more errors when trying to set hooks (it seems pyam uses setuptools_scm which does assert value is sys.stderr in setStream() for whatever reason)

3.1.4 - May 31, 2023

• support spaces at the start and end of titles and units (removed trim)

3.1.3 - May 26, 2023

• better error handling of invalid alive_it calls before iterating it
• detect nested uses of alive_progress and throw a clearer error message

3.1.2 - May 08, 2023

• fix some exotic ANSI Escape Codes not being printed by supporting terminal OSC

3.1.1 - Apr 08, 2023

• support for printing ANSI Escape Codes without extra newlines, like "set console title"
• typing annotations in alive_it, so collection types are correctly identified

3.1.0 - Mar 23, 2023

• new resuming computations support with skipped items
• new max_cols config setting, the number of columns to use if not possible to fetch it, like in jupyter and other platforms which doesn't support size
• fix fetching the size of the terminal when using stderr
• officially supports Python 3.11
• included ruff linter before building

3.0.1 - Jan 01, 2023

• fix for logging streams that extend StreamHandler but doesn't allow changing streams (import dill/tensorflow/dask issues)

3.0.0 - Dec 22, 2022

• units with automatic scaling and configurable precision
• automatic scaling for slow throughputs
• support for using stderr and other files instead of stdout
• smooth out the rate estimation
• more queries into the currently running widgets' data, including monitor, rate, and ETA

... (truncated)

Commits

• 71bfcb2 bump version
• 36cbaad new title tests
• 88014b4 allow title to be reset to the sent parameter or empty ''
• 05461d9 fix ANSI escape codes being included in bar.receipt()
• a5c8764 allow to change title and text after the bar has finished
• 8c851ed improve descriptor tests
• 569676e increase default term cols to 100
• d24cc1d make the final receipt available (fix #284)
• ed5c35a add "py.typed" file to support type checking (fix #273)
• d69cc17 include elapsed in alive_bar handle (fixes #290)
• Additional commits viewable in compare view

Updates pytest to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

• #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

• #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

  Previously this resulted in an internal assertion failure during plugin loading.

  Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

• #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

• #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

• #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

• #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
• #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
• #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
• #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

• #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

  -- by aleguy02

Commits

• a7d58d7 Prepare release version 9.0.3
• 089d981 Merge pull request #14366 from bluetech/revert-14193-backport
• 8127eaf Revert "Fix: assertrepr_compare respects dict insertion order (#14050) (#14193)"
• 99a7e60 Merge pull request #14363 from pytest-dev/patchback/backports/9.0.x/95d8423bd...
• ddee02a Merge pull request #14343 from bluetech/cve-2025-71176-simple
• 74eac69 doc: Update training info (#14298) (#14301)
• f92dee7 Merge pull request #14267 from pytest-dev/patchback/backports/9.0.x/d6fa26c62...
• 7ee58ac Merge pull request #12378 from Pierre-Sassoulas/fix-implicit-str-concat-and-d...
• 37da870 Merge pull request #14259 from mitre88/patch-4 (#14268)
• c34bfa3 Add explanation for string context diffs (#14257) (#14266)
• Additional commits viewable in compare view

Updates coverage to 7.13.5

Changelog

Sourced from coverage's changelog.

Version 7.13.5 — 2026-03-17

• Fix: issue 2138_ describes a memory leak that happened when repeatedly using the Coverage API with in-memory data. This is now fixed.

• Fix: the markdown-formatted coverage report didn't fully escape special characters in file paths (issue 2141). This would be very unlikely to cause a problem, but now it's done properly, thanks to Ellie Ayla <pull 2142_>.

• Fix: the C extension wouldn't build on VS2019, but now it does (issue 2145_).

.. _issue 2138: coveragepy/coveragepy#2138 .. _issue 2141: coveragepy/coveragepy#2141 .. _pull 2142: coveragepy/coveragepy#2142 .. _issue 2145: coveragepy/coveragepy#2145

.. _changes_7-13-4:

Version 7.13.4 — 2026-02-09

• Fix: the third-party code fix in 7.13.3 required examining the parent directories where coverage was run. In the unusual situation that one of the parent directories is unreadable, a PermissionError would occur, as described in issue 2129_. This is now fixed.

• Fix: in test suites that change sys.path, coverage.py could fail with "RuntimeError: Set changed size during iteration" as described and fixed in pull 2130_. Thanks, Noah Fatsi.

• We now publish ppc64le wheels, thanks to Pankhudi Jain <pull 2121_>_.

.. _pull 2121: coveragepy/coveragepy#2121 .. _issue 2129: coveragepy/coveragepy#2129 .. _pull 2130: coveragepy/coveragepy#2130

.. _changes_7-13-3:

Version 7.13.3 — 2026-02-03

• Fix: in some situations, third-party code was measured when it shouldn't have been, slowing down test execution. This happened with layered virtual environments such as uv sometimes makes. The problem is fixed, closing issue 2082_. Now any directory on sys.path that is inside a virtualenv is considered third-party code.

... (truncated)

Commits

• c88da14 docs: sample HTML for 7.13.5
• e2ac3e1 build: sample HTML shouldn't include the status.json file
• 910f8f3 docs: prep for 7.13.5
• 3a4819c style: make workflows more uniform
• 2a53705 chore: bump the action-dependencies group across 1 directory with 4 updates (...
• e7c878d chore: make upgrade
• ab4db40 build: use --generate-hashes when pinning
• a438753 chore: make upgrade
• 7b33457 refactor: some leftover pyupgrade 3.10 bits
• 2ff968d refactor: this type wasn't used anywhere
• Additional commits viewable in compare view

Updates mypy to 1.20.2

Changelog

Sourced from mypy's changelog.

Mypy 1.20.2

• Use WAL with SQLite cache and fix close (Shantanu, PR 21154)
• Adjust SQLite journal mode (Ivan Levkivskyi, PR 21217)
• Correctly aggregate narrowing information on parent expressions (Shantanu, PR 21206)
• Fix regression related to generic callables (Shantanu, PR 21208)
• Fix regression by avoiding widening types in some contexts (Shantanu, PR 21242)
• Fix slicing in non-strict optional mode (Shantanu, PR 21282)
• mypyc: Fix match statement semantics for "or" pattern (Shantanu, PR 21156)
• mypyc: Fix issue with module dunder attributes (Piotr Sawicki, PR 21275)
• Initial support for Python 3.15.0a8 (Marc Mueller, PR 21255)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

• A5rocks
• Aaron Wieczorek
• Adam Turner
• Ali Hamdan
• asce
• BobTheBuidler
• Brent Westbrook
• Brian Schubert
• bzoracler
• Chris Burroughs
• Christoph Tyralla
• Colin Watson
• Donghoon Nam
• E. M. Bray
• Emma Smith
• Ethan Sarp
• George Ogden
• getzze
• grayjk
• Gregor Riepl
• Ivan Levkivskyi
• James Hilliard
• James Le Cuirot
• Jeremy Nimmer
• Joren Hammudoglu
• Kai (Kazuya Ito)
• kaushal trivedi
• Kevin Kannammalil
• Lukas Geiger
• Łukasz Langa
• Marc Mueller
• Michael R. Crusoe
• michaelm-openai
• Neil Schemenauer
• Piotr Sawicki

... (truncated)

Commits

• 145a062 Bump version to 1.20.2
• 81cd492 Fix slicing with nonstrict optional (#21282)
• 908d344 [mypyc] Set dunder attrs when adding module to sys.modules (#21275)
• ba28610 Initial support for Python 3.15.0a8 (#21255)
• 7b0e09f Fix match statement semantics for "or" pattern (#21156)
• 92b74f2 Avoid widening types in conditional_types (#21242)
• 0dcbfaa Fix is_overlapping_types for generic callables (#21208)
• 210f518 Correctly aggregate narrowing information on parent expressions (#21206)
• c34530e Only set journal mode in coordinator (#21217)
• 79a3ec6 Use WAL with SQLite cache, fix close (#21154)
• Additional commits viewable in compare view

Updates black to 26.3.1

Release notes

Sourced from black's releases.

26.3.1

Stable style

• Prevent Jupyter notebook magic masking collisions from corrupting cells by using exact-length placeholders for short magics and aborting if a placeholder can no longer be unmasked safely (#5038)

Configuration

• Always hash cache filename components derived from --python-cell-magics so custom magic names cannot affect cache paths (#5038)

Blackd

• Disable browser-originated requests by default, add configurable origin allowlisting and request body limits, and bound executor submissions to improve backpressure (#5039)

Changelog

Sourced from black's changelog.

Version 26.3.1

Stable style

• Prevent Jupyter notebook magic masking collisions from corrupting cells by using exact-length placeholders for short magics and aborting if a placeholder can no longer be unmasked safely (#5038)

Configuration

• Always hash cache filename components derived from --python-cell-magics so custom magic names cannot affect cache paths (#5038)

Blackd

• Disable browser-originated requests by default, add configurable origin allowlisting and request body limits, and bound executor submissions to improve backpressure (#5039)

Version 26.3.0

Stable style

• Don't double-decode input, causing non-UTF-8 files to be corrupted (#4964)
• Fix crash on standalone comment in lambda default arguments (#4993)
• Preserve parentheses when # type: ignore comments would be merged with other comments on the same line, preventing AST equivalence failures (#4888)

Preview style

• Fix bug where if guards in case blocks were incorrectly split when the pattern had a trailing comma (#4884)
• Fix string_processing crashing on unassigned long string literals with trailing commas (one-item tuples) (#4929)
• Simplify implementation of the power operator "hugging" logic (#4918)

Packaging

• Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (#4930)

Performance

• Introduce winloop for windows as an alternative to uvloop (#4996)
• Remove deprecated function uvloop.install() in favor of uvloop.new_event_loop() (#4996)
• Rename maybe_install_uvloop function to maybe_use_uvloop to simplify loop installation and creation of either a uvloop/winloop eventloop or default eventloop (#4996)

... (truncated)

Commits

• c6755bb Prepare release 26.3.1 (#5046)
• 69973fd Harden blackd browser-facing request handling (#5039)
• 4937fe6 Fix some shenanigans with the cache file and IPython (#5038)
• 2e641d1 docs: remove outdated Black Playground references (#5044)
• c014b22 Remove unused internal code (#5041)
• 0dae20b Add new changelog (#5036)
• c5c1cbd Minor release patches (#5035)
• 7e5a828 docs: clarify relationship between Black style and PEP 8 (#5025)
• 69705de docs: add clearer pyproject configuration guidance (#5026)
• 35ea679 Prepare release 26.3.0 (#5032)
• Additional commits viewable in compare view

Updates ruff to 0.15.11

Release notes

Sourced from ruff's releases.

0.15.11

Release Notes

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

• [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

• [flake8-async] Add override mention to ASYNC109 docs (#24666)
• Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

• @​augustelalande
• @​anishgirianish
• @​benberryallwood
• @​charliermarsh
• @​Dev-iL

Install ruff 0.15.11

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.ps1 | iex"

Download ruff 0.15.11

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ruff-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
ruff-i686-pc-windows-msvc.zip	x86 Windows	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.11

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

• [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

• [flake8-async] Add override mention to ASYNC109 docs (#24666)
• Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

• @​augustelalande
• @​anishgirianish
• @​benberryallwood
• @​charliermarsh
• @​Dev-iL

0.15.10

Released on 2026-04-09.

Preview features

• [flake8-logging] Allow closures in except handlers (LOG004) (#24464)
• [flake8-self] Make SLF diagnostics robust to non-self-named variables (#24281)
• [flake8-simplify] Make the fix for collapsible-if safe in preview (SIM102) (#24371)

Bug fixes

• Avoid emitting multi-line f-string elements before Python 3.12 (#24377)
• Avoid syntax error from E502 fixes in f-strings and t-strings (#24410)
• Strip form feeds from indent passed to dedent_to (#24381)
• [pyupgrade] Fix panic caused by handling of octals (UP012) (#24390)
• Reject multi-line f-string elements before Python 3.12 (#24355)

Rule changes

• [ruff] Treat f-string interpolation as potential side effect (RUF019) (#24426)

Server

... (truncated)

Commits

• 53554b1 Bump 0.15.11 (#24678)
• 08c56c8 Factor out the mdte...

  Description has been truncated

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 14 package(s) with unknown licenses.

See the Details below.

License Issues

requirements.txt

Package	Version	License	Issue Type
alive_progress	>= 3.3.0	Null	Unknown License
black	>= 26.3.1	Null	Unknown License
click	>= 8.3.2	Null	Unknown License
coverage	>= 7.13.5	Null	Unknown License
mypy	>= 1.20.2	Null	Unknown License
nox	>= 2026.4.10	Null	Unknown License
openpyxl	>= 3.1.5	Null	Unknown License
pandas	>= 3.0.2	Null	Unknown License
pylint	>= 4.0.5	Null	Unknown License
pytest	>= 9.0.3	Null	Unknown License
python-dotenv	>= 1.2.2	Null	Unknown License
requests	>= 2.33.1	Null	Unknown License
ruff	>= 0.15.11	Null	Unknown License
tox	>= 4.53.0	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/alive_progress	>= 3.3.0	Unknown	Unknown
pip/black	>= 26.3.1	Unknown	Unknown
pip/click	>= 8.3.2	Unknown	Unknown
pip/coverage	>= 7.13.5	Unknown	Unknown
pip/mypy	>= 1.20.2	Unknown	Unknown
pip/nox	>= 2026.4.10	Unknown	Unknown
pip/openpyxl	>= 3.1.5	Unknown	Unknown
pip/pandas	>= 3.0.2	Unknown	Unknown
pip/pylint	>= 4.0.5	Unknown	Unknown
pip/pytest	>= 9.0.3	Unknown	Unknown
pip/python-dotenv	>= 1.2.2	Unknown	Unknown
pip/requests	>= 2.33.1	Unknown	Unknown
pip/ruff	>= 0.15.11	Unknown	Unknown
pip/tox	>= 4.53.0	Unknown	Unknown

Scanned Files

• requirements.txt

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 14 package(s) with unknown licenses.

See the Details below.

License Issues

requirements.txt

Package	Version	License	Issue Type
alive_progress	>= 3.3.0	Null	Unknown License
black	>= 26.3.1	Null	Unknown License
click	>= 8.3.2	Null	Unknown License
coverage	>= 7.13.5	Null	Unknown License
mypy	>= 1.20.2	Null	Unknown License
nox	>= 2026.4.10	Null	Unknown License
openpyxl	>= 3.1.5	Null	Unknown License
pandas	>= 3.0.2	Null	Unknown License
pylint	>= 4.0.5	Null	Unknown License
pytest	>= 9.0.3	Null	Unknown License
python-dotenv	>= 1.2.2	Null	Unknown License
requests	>= 2.33.1	Null	Unknown License
ruff	>= 0.15.11	Null	Unknown License
tox	>= 4.53.0	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/alive_progress	>= 3.3.0	Unknown	Unknown
pip/black	>= 26.3.1	Unknown	Unknown
pip/click	>= 8.3.2	Unknown	Unknown
pip/coverage	>= 7.13.5	Unknown	Unknown
pip/mypy	>= 1.20.2	Unknown	Unknown
pip/nox	>= 2026.4.10	Unknown	Unknown
pip/openpyxl	>= 3.1.5	Unknown	Unknown
pip/pandas	>= 3.0.2	Unknown	Unknown
pip/pylint	>= 4.0.5	Unknown	Unknown
pip/pytest	>= 9.0.3	Unknown	Unknown
pip/python-dotenv	>= 1.2.2	Unknown	Unknown
pip/requests	>= 2.33.1	Unknown	Unknown
pip/ruff	>= 0.15.11	Unknown	Unknown
pip/tox	>= 4.53.0	Unknown	Unknown

Scanned Files

• requirements.txt