Bump the python-non-major group with 9 updates

[dependabot]

Bumps the python-non-major group with 9 updates:

Package	From	To
boto3	1.43.25	1.43.36
django-environ	0.13.0	0.14.0
google-auth	2.53.0	2.55.0
google-cloud-bigquery	3.25.0	3.42.1
phonenumberslite	9.0.32	9.0.33
redis	8.0.0	8.0.1
sentry-sdk[django]	2.62.0	2.63.0
pytest	9.0.3	9.1.1
ruff	0.15.18	0.15.19

Updates boto3 from 1.43.25 to 1.43.36

Commits

• 1d26f21 Merge branch 'release-1.43.36'
• 111333b Bumping version to 1.43.36
• 9d1fa23 Add changelog entries from botocore
• 6d7f3c2 Update security docs to use newer versions of openssl and python (#4796)
• c5b26ca Merge branch 'release-1.43.35'
• c3750ac Merge branch 'release-1.43.35' into develop
• 46e77cd Bumping version to 1.43.35
• 9919ede Add changelog entries from botocore
• 1820b7d Merge branch 'release-1.43.34'
• 0065dbe Merge branch 'release-1.43.34' into develop
• Additional commits viewable in compare view

Updates django-environ from 0.13.0 to 0.14.0

Release notes

Sourced from django-environ's releases.

v0.14.0

django-environ 0.14.0 improves type annotations across Env and updates Env.read_env() to support caller-owned file-like objects without closing them.

This is the final django-environ release supporting Python 3.9.

Added

• Type annotations and matching docstring information for Env methods.
• A conditional typing_extensions dependency providing TypeAlias on Python 3.9.

Changed

• Env.read_env() now accepts path-like and file-like objects without closing file-like objects supplied by the caller.

Fixed

• Env.read_env() now raises an explicit error when it cannot determine the caller frame used to resolve the default .env path.

Full changelog: joke2k/django-environ@v0.13.0...v0.14.0

PyPI: https://pypi.org/project/django-environ/0.14.0/

Changelog

Sourced from django-environ's changelog.

v0.14.0_ - 18-June-2026

Added +++++

• Added type annotations and matching docstring information to Env methods [#633](https://github.com/joke2k/django-environ/issues/633) <https://github.com/joke2k/django-environ/pull/633>_.
• Added a Python 3.9 compatibility dependency on typing_extensions for TypeAlias [#633](https://github.com/joke2k/django-environ/issues/633) <https://github.com/joke2k/django-environ/pull/633>_.

Changed +++++++

• Updated Env.read_env() to accept path-like and file-like objects without closing file-like objects supplied by the caller [#633](https://github.com/joke2k/django-environ/issues/633) <https://github.com/joke2k/django-environ/pull/633>_.

Fixed +++++

• Added an explicit error when Env.read_env() cannot determine its caller frame while resolving the default .env path [#633](https://github.com/joke2k/django-environ/issues/633) <https://github.com/joke2k/django-environ/pull/633>_.

Commits

• 6e1b461 Merge pull request #635 from joke2k/release/0.14.0
• b65f66e chore(release): prepare 0.14.0
• 39f980a Merge pull request #633 from joke2k/hotfix/0.14-apply-pr-600
• 020825c ci: allow release and hotfix PRs to target main
• 6c1dd5b fix(typing): support TypeAlias on Python 3.9
• c0d7b2b Ensure Env.read_env supports any file-like object
• c41ee54 Guard against an inability to read stack frames
• 64bfe4b Add type information to docstrings
• 791df95 Add type annotations to str and bool parameters of methods in Env
• 4370592 Merge branch 'develop' into main
• See full diff in compare view

Updates google-auth from 2.53.0 to 2.55.0

Release notes

Sourced from google-auth's releases.

google-auth: v2.55.0

v2.55.0 (2026-06-15)

Features

• make RAB feature production ready (#17390) (af193931)

Bug Fixes

• run async background boundary refresh on detached session (#17441) (56cbea85)

Commits

• 08a8f90 chore: librarian release pull request: 20260615T173024Z (#17468)
• 305f5bd test(auth): assert quota project header injection in google-auth tests (#17448)
• af19393 feat(auth): make RAB feature production ready (#17390)
• 00ec9bf chore: release bigframes v2.43.0 (#17460)
• f4945bd tests: fix compatibility with pytest 9.1.0 (#17465)
• 56cbea8 fix(rab): run async background boundary refresh on detached session (#17441)
• b50cf1a chore(google-auth): drop python 3.7 EOL false positives and refactor metrics ...
• 145034a fix: preserve aliases on cast columns and fix star selection in sqlglot (#173...
• dd59d36 chore: address pandas 3 failure and remove inherently flaky system test (#17452)
• 4d3447d chore: skip sqlalchemy-bigquery test to unblock CI (#17288)
• Additional commits viewable in compare view

Updates google-cloud-bigquery from 3.25.0 to 3.42.1

Release notes

Sourced from google-cloud-bigquery's releases.

google-cloud-bigquery: v3.40.1

3.40.1 (2026-02-12)

Bug Fixes

• updates timeout/retry code to respect hanging server (#2408) (24d45d0d)

• add timeout parameter to to_dataframe and to_arrow met… (#2354) (4f67ba20)

Documentation

• clarify that only jobs.query and jobs.getQueryResults are affec… (#2349) (73228432)

google-cloud-bigquery 3.40.0

3.40.0 (2026-01-08)

Features

• support load_table and list_rows with picosecond timestamp (#2351) (46764a59)

• support timestamp_precision in table schema (#2333) (8d5785ae)

google-cloud-bigquery 3.39.0

3.39.0 (2025-12-12)

Features

• adds support for Python runtime 3.14 (#2322) (6065e14c)

• Add ExternalRuntimeOptions to BigQuery routine (#2311) (fa76e310)

Bug Fixes

• remove ambiguous error codes from query retries (#2308) (8bbd3d01)

• include io.Base in the PathType (#2323) (b11e09cb)

• honor custom retry in job.result() (#2302) (e118b029)

Documentation

• remove experimental annotations from GA features (#2303) (1f1f9d41)

v3.38.0

3.38.0 (2025-09-15)

Features

• Add additional query stats (#2270) (7b1b718)

... (truncated)

Changelog

Sourced from google-cloud-bigquery's changelog.

Changelog

PyPI History

3.40.1 (2026-02-12)

Documentation

• clarify that only jobs.query and jobs.getQueryResults are affec… (#2349) (73228432a3c821db05d898ea4a4788adf15b033d)

Bug Fixes

• updates timeout/retry code to respect hanging server (#2408) (24d45d0d5bf89762f253ba6bd6fdbee9d5993422)
• add timeout parameter to to_dataframe and to_arrow met… (#2354) (4f67ba20b49159e81f645ed98e401b9bb1359c1a)

3.40.0 (2026-01-08)

Features

• support load_table and list_rows with picosecond timestamp (#2351) (46764a59ca7a21ed14ad2c91eb7f98c302736c22)
• support timestamp_precision in table schema (#2333) (8d5785aea50b9f9e5b13bd4c91e8a08d6dac7778)

3.39.0 (2025-12-12)

Documentation

• remove experimental annotations from GA features (#2303) (1f1f9d41e8a2c9016198d848ad3f1cbb88cf77b0)

Features

• adds support for Python runtime 3.14 (#2322) (6065e14c448cb430189982dd70025fa0575777ca)
• Add ExternalRuntimeOptions to BigQuery routine (#2311) (fa76e310a16ea6cba0071ff1d767ca1c71514da7)

Bug Fixes

• include io.Base in the PathType (#2323) (b11e09cb6ee32e451b37eda66bece2220b9ceaba)
• honor custom retry in job.result() (#2302) (e118b029bbc89a5adbab83f39858c356c23665bf)
• remove ambiguous error codes from query retries (#2308) (8bbd3d01026c493dfa5903b397d2b01c0e9bf43b)

3.38.0 (2025-09-15)

... (truncated)

Commits

• See full diff in compare view

Updates phonenumberslite from 9.0.32 to 9.0.33

Commits

• 0efec90 Fix lint
• 6400333 Prep for 9.0.33 release
• 4419992 Generated files for metadata
• 2e01d60 Merge metadata changes from upstream 9.0.33
• bdee3ff Merge code changes from upstream v9.0.33
• See full diff in compare view

Updates redis from 8.0.0 to 8.0.1

Release notes

Sourced from redis's releases.

8.0.1

Changes

🐛 Bug Fixes

• Fix Unix socket maintenance notification handling and tests (#4097)
• Fix async cluster node connection release on write errors (#4111)
• Fixed async MultiDBClient with underlying RedisCluster (#4108)
• Fix hiredis readiness checks for high file descriptors (#4115)
• fix(search): parse RESP3 FT.SEARCH responses with bytes-typed keys (#4109)
• Fixing pubsub's listen method to be blocking. (#4119)
• fix(asyncio): release pooled connection when Pipeline.reset() is cancelled (#4123)
• Avoid per-check fd allocation in hiredis _socket_can_read() — use poll() instead of a per-call selector (#4118)

🧰 Maintenance

• Updating PyJWT dependency. (#4100)
• Update CI badge in README.md (#4099)
• Add missing url query argument parser for ssl_min_version (#4047)
• ci: least-privilege permissions on spellcheck (read) and stale-issues (job-level write for actions/stale) (#4080)
• Bumping github-versions actions (#4102)
• Updating lib version + supported Redis versions in README.md + updating the Redis versions in CI test matrix (#4092)

We'd like to thank all the contributors who worked on this release! @​violuke @​mokashang @​arpitjain099 @​coredumperror @​elena-kolevska @​vladvildanov @​petyaslavova

Commits

• 7c0fd11 Updating lib version to 8.0.1
• b7a4d7d Avoid per-check fd allocation in hiredis _socket_can_read() — use poll() ...
• eec778e fix(asyncio): release pooled connection when Pipeline.reset() is cancelled (#...
• 08e01bb Fixing pubsub's listen method to be blocking. (#4119)
• 3d5257a fix(search): parse RESP3 FT.SEARCH responses with bytes-typed keys (#4109)
• cce28ff Fix hiredis readiness checks for high file descriptors (#4115)
• e20691c Fixed async MultiDBClient with underlying RedisCluster (#4108)
• ea37fcc Fix async cluster node connection release on write errors (#4111)
• f4146fa Updating lib version + supported Redis versions in README.md + updating the R...
• d47674e Bumping github-versions actions (#4102)
• Additional commits viewable in compare view

Updates sentry-sdk[django] from 2.62.0 to 2.63.0

Release notes

Sourced from sentry-sdk[django]'s releases.

2.63.0

Bug Fixes 🐛

Fastapi

• Prevent double wrapping of sync handlers on FastAPI >= 0.137 by @​jhonny-on in #6569
• Use effective_route_context path for prefixed routers by @​ericapisani in #6572

Other

• (asgi) Gate query string and client IP behind send_default_pii by @​ericapisani in #6501
• (serializer) Avoid creating reference cycles on every call by @​Malkiz223 in #6563
• (user) Set user.ip_address on telemetry if present by @​sentrivana in #6555
• Remove 0000 trace_id fallbacks by @​sl0thentr0py in #6570
• MANIFEST.in: Graft tests directory. by @​charlesroelli in #6237

Internal Changes 🔧

• (fastapi) Verify request info capture with POST endpoints by @​alexander-alderman-webb in #6287
• (starlette) Verify request info capture with POST endpoints by @​alexander-alderman-webb in #6269

Changelog

Sourced from sentry-sdk[django]'s changelog.

2.63.0

Bug Fixes 🐛

Fastapi

• Prevent double wrapping of sync handlers on FastAPI >= 0.137 by @​jhonny-on in #6569
• Use effective_route_context path for prefixed routers by @​ericapisani in #6572

Other

• (asgi) Gate query string and client IP behind send_default_pii by @​ericapisani in #6501
• (serializer) Avoid creating reference cycles on every call by @​Malkiz223 in #6563
• (user) Set user.ip_address on telemetry if present by @​sentrivana in #6555
• Remove 0000 trace_id fallbacks by @​sl0thentr0py in #6570
• MANIFEST.in: Graft tests directory. by @​charlesroelli in #6237

Internal Changes 🔧

• (fastapi) Verify request info capture with POST endpoints by @​alexander-alderman-webb in #6287
• (starlette) Verify request info capture with POST endpoints by @​alexander-alderman-webb in #6269

Commits

• 44b008a update changelog
• 0b2af51 Update CHANGELOG.md
• 250caad release: 2.63.0
• 72a57de fix(flask): Set user data on scope at request start (#6566)
• 6a4c3a1 fix: Remove 0000 trace_id fallbacks (#6570)
• 1df9835 feat(falcon): Set name and source on request span when streaming (#6562)
• 77874bd test(falcon): Support span streaming (#6561)
• 6bcfb9c fix(fastapi): Prevent double wrapping of sync handlers on FastAPI >= 0.137 (#...
• 72d972c fix(fastapi): use effective_route_context path for prefixed routers (#6572)
• cc802f6 feat(chalice): Add span streaming support to Chalice integration (#6503)
• Additional commits viewable in compare view

Updates pytest from 9.0.3 to 9.1.1

Release notes

Sourced from pytest's releases.

9.1.1

pytest 9.1.1 (2026-06-19)

Bug fixes

• #14220: Fixed a logic bug in pytest.RaisesGroup which would might cause it to display incorrect "It matches FooError() which was paired with BarError" messages.
• #14591: Fixed a regression in pytest 9.1.0 which caused overriding a parametrized fixture with an indirect @​pytest.mark.parametrize to fail with "duplicate parametrization of '<fixture name>'".
• #14606: Fixed list-item typing errors from mypy in @pytest.mark.parametrize <pytest.mark.parametrize ref> argvalues parameter.
• #14608: Fixed a regression in pytest 9.1.0 where conftest.py files located in <invocation dir>/test* were no longer loaded as initial conftests when invoked without arguments. This could cause certain hooks (like pytest_addoption) in these files to not fire.

9.1.0

pytest 9.1.0 (2026-06-13)

Removals and backward incompatible breaking changes

• #14533: When using --doctest-modules, autouse fixtures with module, package or session scope that are defined inline in Python test modules (not plugins or conftests) will now possibly execute twice.

  If this is undesirable, move the fixture definition to a conftest.py file if possible.

  Technical explanation for those interested: When using --doctest-modules, pytest possibly collects Python modules twice, once as pytest.Module and once as a DoctestModule (depending on the configuration). Due to improvements in pytest's fixture implementation, if e.g. the DoctestModule collects a fixture, it is now visible to it only, and not to the Module. This means that both need to register the fixtures independently.

Deprecations (removal in next major release)

• #10819: Added a deprecation warning for class-scoped fixtures defined as instance methods (without @classmethod). Such fixtures set attributes on a different instance than the test methods use, leading to unexpected behavior. Use @classmethod decorator instead -- by yastcher.

  See 10819 and 14011.

• #12882: Calling request.getfixturevalue() <pytest.FixtureRequest.getfixturevalue> during teardown to request a fixture that was not already requested is now deprecated and will become an error in pytest 10.

  See dynamic-fixture-request-during-teardown for details.

• #13409: Using non-~collections.abc.Collection iterables (such as generators, iterators, or custom iterable objects) for the argvalues parameter in @pytest.mark.parametrize <pytest.mark.parametrize ref> and metafunc.parametrize <pytest.Metafunc.parametrize> is now deprecated.

  These iterables get exhausted after the first iteration, leading to tests getting unexpectedly skipped in cases such as running pytest.main() multiple times, using class-level parametrize decorators, or collecting tests multiple times.

  See parametrize-iterators for details and suggestions.

• #13946: The private config.inicfg attribute is now deprecated. Use config.getini() <pytest.Config.getini> to access configuration values instead.

  See config-inicfg for more details.

• #14004: Passing baseid to ~pytest.FixtureDef or nodeid strings to fixture registration APIs is now deprecated. These are internal pytest APIs that are used by some plugins.

... (truncated)

Commits

• cf470ec Prepare release version 9.1.1
• e0c8ce6 Merge pull request #14625 from pytest-dev/patchback/backports/9.1.x/a07c31a97...
• 1b82d16 Merge pull request #14624 from pytest-dev/patchback/backports/9.1.x/b375b79ec...
• 501c4bc Merge pull request #14596 from bluetech/doc-classmethod
• b61f588 Merge pull request #14622 from chrisburr/fix-14608-initial-conftest-test-subdir
• 9a567e0 [automated] Update plugin list (#14617) (#14618)
• ef8b299 Merge pull request #14620 from pytest-dev/patchback/backports/9.1.x/680f9f3ed...
• 66abd07 Merge pull request #14220 from bysiber/fix-stale-iexp-raisesgroup
• 79fbf93 Merge pull request #14612 from pytest-dev/patchback/backports/9.1.x/974ed48b6...
• 0d312eb Merge pull request #14611 from bluetech/parametrize-argvalues-typing
• Additional commits viewable in compare view

Updates ruff from 0.15.18 to 0.15.19

Release notes

Sourced from ruff's releases.

0.15.19

Release Notes

Released on 2026-06-23.

Preview features

• Support human-readable names when hovering suppression comments and in code actions (#26114)

Bug fixes

• Fall back to default settings when editor-only settings are invalid (#26244)
• Fix panic when inserting text at a notebook cell boundary (#26111)

Rule changes

• [pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#26239)

Performance

• Avoid allocating when parsing single string literals (#26200)
• Avoid reallocating singleton call arguments (#26223)
• Lazily create source files for lint diagnostics (#26226)
• Optimize formatter text width and indentation (#26236)
• Reserve capacity for builtin bindings (#26229)
• Skip repeated-key checks for singleton dictionaries (#26228)
• Use ArrayVec for qualified name segments (#26224)

Documentation

• [flake8-pyi] Note that PYI051 is an opinionated stylistic rule (#26179)
• [pyupgrade] Clarify UP029 as a Python 2 compatibility rule (#26243)

Other changes

• Publish Ruff crates to crates.io (#26271)

Contributors

• @​MakenRosa
• @​MichaReiser
• @​trilamsr
• @​ntBre
• @​sanjibani
• @​charliermarsh

Install ruff 0.15.19

Install prebuilt binaries via shell script

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.19

Released on 2026-06-23.

Preview features

• Support human-readable names when hovering suppression comments and in code actions (#26114)

Bug fixes

• Fall back to default settings when editor-only settings are invalid (#26244)
• Fix panic when inserting text at a notebook cell boundary (#26111)

Rule changes

• [pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#26239)

Performance

• Avoid allocating when parsing single string literals (#26200)
• Avoid reallocating singleton call arguments (#26223)
• Lazily create source files for lint diagnostics (#26226)
• Optimize formatter text width and indentation (#26236)
• Reserve capacity for builtin bindings (#26229)
• Skip repeated-key checks for singleton dictionaries (#26228)
• Use ArrayVec for qualified name segments (#26224)

Documentation

• [flake8-pyi] Note that PYI051 is an opinionated stylistic rule (#26179)
• [pyupgrade] Clarify UP029 as a Python 2 compatibility rule (#26243)

Other changes

• Publish Ruff crates to crates.io (#26271)

Contributors

• @​MakenRosa
• @​MichaReiser
• @​trilamsr
• @​ntBre
• @​sanjibani
• @​charliermarsh

Commits

• 7f04365 Bump version to 0.15.19 (#26291)
• a30ba16 [ty] Infer definite equality comparison results (#26290)
• bcd2028 [ty] Avoid recursion when projecting narrowing constraints (#26276)
• c0e083e [ty] Avoid bypassing lazy constraints for Divergent (#26288)
• fb13596 Record configured crates.io packages (#26281)
• 85da759 [ty] Fix ParamSpec callable signature extraction for callable instances (#26279)
• 4c98a81 [ty] Make multi-arm TypeOf cycle recovery monotonic (#26275)
• 7b84361 [ty] Preserve regular kind for callable instances (#26253)
• 93c8c59 [flake8-pyi] Note that PYI051 is an opinionated stylistic rule (#26179)
• bc9bb05 [ty] Infer types for names bound in match patterns (#25940)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.