Deps: Bump the python-packages group with 6 updates

[dependabot]

Bumps the python-packages group with 6 updates:

Package	From	To
charset-normalizer	3.4.6	3.4.7
click	8.3.1	8.3.2
mypy	1.19.1	1.20.0
requests	2.33.0	2.33.1
ruff	0.15.8	0.15.9
uvicorn	0.42.0	0.43.0

Updates charset-normalizer from 3.4.6 to 3.4.7

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.7

3.4.7 (2026-04-02)

Changed

• Pre-built optimized version using mypy[c] v1.20.
• Relax setuptools constraint to setuptools>=68,<82.1.

Fixed

• Correctly remove SIG remnant in utf-7 decoded string. (#718) (#716)

Changelog

Sourced from charset-normalizer's changelog.

3.4.7 (2026-04-02)

Changed

• Pre-built optimized version using mypy[c] v1.20.
• Relax setuptools constraint to setuptools>=68,<82.1.

Fixed

• Correctly remove SIG remnant in utf-7 decoded string. (#718) (#716)

Commits

• 0f07891 Merge pull request #729 from jawah/release-3.4.7
• fdbeb29 chore: update dev, and ci requirements
• b66f922 chore: add ft classifier
• f94249d chore: add test cases for utf_7 recent fix
• 95c866f chore: bump version to 3.4.7
• 4f429bb chore: bump mypy pre-commit to v1.20
• b579cd6 fix: correctly remove SIG remnant in utf-7 decoded string
• 58bf944 ⬆️ Bump github/codeql-action from 4.32.4 to 4.35.1 (#728)
• 44cf8a1 ⬆️ Bump actions/download-artifact from 8.0.0 to 8.0.1 (#726)
• 362bc20 ⬆️ Bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (#725)
• Additional commits viewable in compare view

Updates click from 8.3.1 to 8.3.2

Release notes

Sourced from click's releases.

8.3.2

This is the Click 8.3.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.3.2/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-2 Milestone: https://github.com/pallets/click/milestone/29

• Fix handling of flag_value when is_flag=False to allow such options to be used without an explicit value. #3084 #3152
• Hide Sentinel.UNSET values as None when using lookup_default(). #3136 #3199 #3202 #3209 #3212 #3224
• Prevent _NamedTextIOWrapper from closing streams owned by StreamMixer. #824 #2991 #2993 #3110 #3139 #3140
• Add comprehensive tests for CliRunner stream lifecycle, covering logging interaction, multi-threaded safety, and sequential invocation isolation. Add high-iteration stress tests behind a stress marker with a dedicated CI job. #3139
• Fix callable flag_value being instantiated when used as a default via default=True. #3121 #3201 #3213 #3225

Changelog

Sourced from click's changelog.

Version 8.3.2

Released 2026-04-02

• Fix handling of flag_value when is_flag=False to allow such options to be used without an explicit value. :issue:3084 :pr:3152
• Hide Sentinel.UNSET values as None when using lookup_default(). :issue:3136 :pr:3199 :pr:3202 :pr:3209 :pr:3212 :pr:3224
• Prevent _NamedTextIOWrapper from closing streams owned by StreamMixer. :issue:824 :issue:2991 :issue:2993 :issue:3110 :pr:3139 :pr:3140
• Add comprehensive tests for CliRunner stream lifecycle, covering logging interaction, multi-threaded safety, and sequential invocation isolation. Add high-iteration stress tests behind a stress marker with a dedicated CI job. :pr:3139
• Fix callable flag_value being instantiated when used as a default via default=True. :issue:3121 :pr:3201 :pr:3213 :pr:3225

Commits

• 052c006 Change update release date.
• 502b7ce Merge branch 'stable' of https://github.com/pallets/click into release-8.3.2
• a0a37e4 Change publish to werkzeug latest. (#3301)
• 57be6fc Change publish to werkzeug latest.
• 781d6a8 Update publish workflows (#3266)
• ff795b6 Update precommit pins with tox
• dd87ef4 Update github action pins with tox
• 93d3f9d Release version 8.3.2
• 3299ba1 Add missing PR to changelog. (#3264)
• b7f62c4 Add missing PR to changelog.
• Additional commits viewable in compare view

Updates mypy from 1.19.1 to 1.20.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 1.20

We’ve just uploaded mypy 1.20.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Planned Changes to Defaults and Flags in Mypy 2.0

As a reminder, we are planning to enable --local-partial-types by default in mypy 2.0, which will likely be the next feature release. This will often require at least minor code changes. This option is implicitly enabled by mypy daemon, so this makes the behavior of daemon and non-daemon modes consistent.

Note that this release improves the compatibility of --local-partial-types significantly to make the switch easier (see below for more).

This can also be configured in a mypy configuration file (use False to disable):

local_partial_types = True

For more information, refer to the documentation.

We will also enable --strict-bytes by default in mypy 2.0. This usually requires at most minor code changes to adopt. For more information, refer to the documentation.

Finally, --allow-redefinition-new will be renamed to --allow-redefinition. If you want to continue using the older --allow-redefinition semantics which are less flexible (e.g. limited support for conditional redefinitions), you can switch to --allow-redefinition-old, which is currently supported as an alias to the legacy --allow-redefinition behavior. To use --allow-redefinition in the upcoming mypy 2.0, you can't use --no-local-partial-types. For more information, refer to the documentation.

Better Type Narrowing

Mypy's implementation of narrowing has been substantially reworked. Mypy will now narrow more aggressively, more consistently, and more correctly. In particular, you are likely to notice new narrowing behavior in equality expressions (==), containment expressions (in),

... (truncated)

Commits

• 770d3ca Remove +dev from version
• 4738ffa Changelog updates for 1.20 (#21109)
• b4f07a7 Use 'native-parser' instead of 'native-parse' for optional dependency (#21115)
• 7bec7b7 [mypyc] Document librt and librt.base64 (#21114)
• c482596 --allow-redefinition-new is no longer experimental (#21110)
• c916ca3 sdist: include misc/{diff-cache,apply-cache-diff}.py for `mypy/test/test_di...
• b137e4e [mypyc] Speed up native-to-native imports within the same group (#21101)
• 978b711 [mypyc] Fix range loop variable off-by-one after loop exit (#21098)
• 67ada30 [stubtest] Check runtime availability of private types not marked `@type_chec...
• bdef6ef librt cache tests: build respecting MYPY_TEST_PREFIX (#21097)
• Additional commits viewable in compare view

Updates requests from 2.33.0 to 2.33.1

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

New Contributors

• @​ferdnyc made their first contribution in psf/requests#7277

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

Commits

• 111d2b7 v2.33.1
• f0198e6 Fix malformed value parsing for Content-Type (#7309)
• bc7dd0f Fix cosmetic header validity parsing regex (#7308)
• 4443b1a Fix unintended test extra (#7306)
• 389eea5 Cleanup extracted file after extract_zipped_path test (#7305)
• 7407309 Packaging: DRY out extras definition (#7277)
• See full diff in compare view

Updates ruff from 0.15.8 to 0.15.9

Release notes

Sourced from ruff's releases.

0.15.9

Release Notes

Released on 2026-04-02.

Preview features

• [pyflakes] Flag annotated variable redeclarations as F811 in preview mode (#24244)
• [ruff] Allow dunder-named assignments in non-strict mode for RUF067 (#24089)

Bug fixes

• [flake8-errmsg] Avoid shadowing existing msg in fix for EM101 (#24363)
• [flake8-simplify] Ignore pre-initialization references in SIM113 (#24235)
• [pycodestyle] Fix W391 fixes for consecutive empty notebook cells (#24236)
• [pyupgrade] Fix UP008 nested class matching (#24273)
• [pyupgrade] Ignore strings with string-only escapes (UP012) (#16058)
• [ruff] RUF072: skip formfeeds on dedent (#24308)
• [ruff] Avoid re-using symbol in RUF024 fix (#24316)
• [ruff] Parenthesize expression in RUF050 fix (#24234)
• Disallow starred expressions as values of starred expressions (#24280)

Rule changes

• [flake8-simplify] Suppress SIM105 for except* before Python 3.12 (#23869)
• [pyflakes] Extend F507 to flag %-format strings with zero placeholders (#24215)
• [pyupgrade] UP018 should detect more unnecessarily wrapped literals (UP018) (#24093)
• [pyupgrade] Fix UP008 callable scope handling to support lambdas (#24274)
• [ruff] RUF010: Mark fix as unsafe when it deletes a comment (#24270)

Formatter

• Add nested-string-quote-style formatting option (#24312)

Documentation

• [flake8-bugbear] Clarify RUF071 fix safety for non-path string comparisons (#24149)
• [flake8-type-checking] Clarify import cycle wording for TC001/TC002/TC003 (#24322)

Other changes

• Avoid rendering fix lines with trailing whitespace after | (#24343)

Contributors

• @​charliermarsh
• @​MichaReiser
• @​tranhoangtu-it
• @​dylwil3
• @​zsol

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.9

Released on 2026-04-02.

Preview features

• [pyflakes] Flag annotated variable redeclarations as F811 in preview mode (#24244)
• [ruff] Allow dunder-named assignments in non-strict mode for RUF067 (#24089)

Bug fixes

• [flake8-errmsg] Avoid shadowing existing msg in fix for EM101 (#24363)
• [flake8-simplify] Ignore pre-initialization references in SIM113 (#24235)
• [pycodestyle] Fix W391 fixes for consecutive empty notebook cells (#24236)
• [pyupgrade] Fix UP008 nested class matching (#24273)
• [pyupgrade] Ignore strings with string-only escapes (UP012) (#16058)
• [ruff] RUF072: skip formfeeds on dedent (#24308)
• [ruff] Avoid re-using symbol in RUF024 fix (#24316)
• [ruff] Parenthesize expression in RUF050 fix (#24234)
• Disallow starred expressions as values of starred expressions (#24280)

Rule changes

• [flake8-simplify] Suppress SIM105 for except* before Python 3.12 (#23869)
• [pyflakes] Extend F507 to flag %-format strings with zero placeholders (#24215)
• [pyupgrade] UP018 should detect more unnecessarily wrapped literals (UP018) (#24093)
• [pyupgrade] Fix UP008 callable scope handling to support lambdas (#24274)
• [ruff] RUF010: Mark fix as unsafe when it deletes a comment (#24270)

Formatter

• Add nested-string-quote-style formatting option (#24312)

Documentation

• [flake8-bugbear] Clarify RUF071 fix safety for non-path string comparisons (#24149)
• [flake8-type-checking] Clarify import cycle wording for TC001/TC002/TC003 (#24322)

Other changes

• Avoid rendering fix lines with trailing whitespace after | (#24343)

Contributors

• @​charliermarsh
• @​MichaReiser
• @​tranhoangtu-it
• @​dylwil3
• @​zsol
• @​renovate

... (truncated)

Commits

• 724ccc1 Bump 0.15.9 (#24369)
• 96d9e09 [ty] Move the deferred submodule inside infer/builder (#24368)
• 130da28 [ty] Infer the extra_items keyword argument to class-based TypedDicts as an...
• a617c54 [ty] Validate type qualifiers in functional TypedDict fields and the `extra_i...
• d851708 [ty] Improve robustness of various type-qualifier-related checks (#24251)
• aecb587 Only run the release-gate on workflow dispatch (#24366)
• b889571 [ty] Use infer_type_expression for parsing parameter annotations and return...
• 3286a62 Add a "release-gate" step to the release workflow (#24365)
• 5f88756 Disallow starred expressions as values of starred expressions (#24280)
• 5c59f8a [pyupgrade] Ignore strings with string-only escapes (UP012) (#16058)
• Additional commits viewable in compare view

Updates uvicorn from 0.42.0 to 0.43.0

Release notes

Sourced from uvicorn's releases.

Version 0.43.0

Changed

• Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)
• Use native context parameter for create_task on Python 3.11+ (#2859)
• Drop cast in ASGI types (#2875)

---

Full Changelog: Kludex/uvicorn@0.42.0...0.43.0

Changelog

Sourced from uvicorn's changelog.

0.43.0 (April 3, 2026)

You can quit Uvicorn now. We heard you, @​pamelafox - all 47 of your Ctrl+C's (thanks for flagging it, and thanks to @​tiangolo for the fix 🙏). See the tweet.

Changed

• Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)
• Use native context parameter for create_task on Python 3.11+ (#2859)
• Drop cast in ASGI types (#2875)

Commits

• 8d397c7 Version 0.43.0 (#2885)
• 587042d 🐛 Emit http.disconnect ASGI receive() event on server shutting down for s...
• c9a75fb chore(deps): bump the github-actions group with 3 updates (#2878)
• 84fd578 chore(deps): bump pygments from 2.19.2 to 2.20.0 (#2877)
• cd52d34 Use native context parameter for create_task on Python 3.11+ (#2859)
• 5211880 Drop cast in ASGI types (#2875)
• 1cb8e74 Add websocket 500 fallback header test (#2874)
• 28efbb2 chore(deps-dev): bump cryptography from 46.0.5 to 46.0.6 (#2873)
• 042ffeb ci: add zizmor (#2872)
• c61f9d4 chore(deps): bump requests from 2.32.5 to 2.33.0 (#2871)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Conventional Commits Report

Type	Number
Dependencies	1

🚀 Conventional commits found.