Update python-statemachine[diagrams] requirement from >=3.0.0 to >=3.1.2

[dependabot]

Updates the requirements on python-statemachine[diagrams] to permit the latest version.

Release notes

Sourced from python-statemachine[diagrams]'s releases.

v3.1.2

Bug fixes in 3.1.2

pydot is optional again

Starting in 3.1.0, defining any StateMachine or StateChart subclass implicitly required pydot to be installed. The metaclass invokes _expand_docstring() for every class, and that path eagerly imported the diagram formatter, which in turn imported pydot at module load time, so import of a user module failed with ModuleNotFoundError: No module named 'pydot' even when no diagrams were rendered.

Two changes restore the original behavior:

• _expand_docstring now short-circuits when the class docstring contains no {statechart:FORMAT} placeholder, skipping the formatter import for the common case.
• statemachine.contrib.diagram no longer re-exports renderer classes at the package top level, and renderer modules are only imported when actually used. The dependency is only resolved when dot/svg rendering is requested. Mermaid and Markdown/RST formats work without pydot.

If your code imports DotRenderer, DotRendererConfig, MermaidRenderer or MermaidRendererConfig directly from statemachine.contrib.diagram, import them from the renderer submodule instead:

from statemachine.contrib.diagram.renderers.dot import DotRenderer
from statemachine.contrib.diagram.renderers.mermaid import MermaidRenderer

#622.

Other changes in 3.1.2

Security and dependency bumps

Picked up from the dependency refresh applied to main:

• ruff >=0.15.13
• pytest >=9.0.3 (CVE-2025, tmpdir handling) for py>=3.10
• django >=5.2.14 for py3.10/3.11 (multiple CVEs)
• pillow >=12.2.0 for py>=3.10 (multiple CVEs)
• transitive: urllib3 2.6.3 -> 2.7.0 (GHSA-qccp-gfcp-xxvc), requests 2.33.1 -> 2.34.2

CI workflows: actions/checkout v4 → v5, actions/setup-python v5 → v6, astral-sh/setup-uv v3 → v8 (pinned to v8.1.0), codecov/codecov-action v4 → v6.

Commits

• 7adc760 Merge branch 'hotfix/3.1.2' (CI fix for v3.1.2 release)
• 1918d9d ci: pin astral-sh/setup-uv to v8.1.0
• a396910 Merge branch 'hotfix/3.1.2'
• 54f917b chore: prepare release 3.1.2
• 6a51df9 fix: make pydot optional again (#622)
• e3b3398 Merge branch 'develop': dependency and CI security updates
• 4548478 chore(deps): bump dependencies and CI actions to address security alerts
• e859e97 Merge branch 'main' into develop
• 7c495bb Merge branch 'release/3.1.1'
• e33f34a fix: thread-safety hardening of Configuration (cache and in-place mutation ra...
• Additional commits viewable in compare view