Deps: Bump the dependencies group with 4 updates

[dependabot]

Bumps the dependencies group with 4 updates: coverage, anyio, charset-normalizer and ruff.

Updates coverage from 7.10.2 to 7.10.3

Changelog

Sourced from coverage's changelog.

Version 7.10.3 — 2025-08-10

• Fixes for patch = subprocess:

  • If subprocesses spawned yet more subprocesses simultaneously, some coverage could be missed. This is now fixed, closing issue 2024_.

  • If subprocesses were created in other directories, their data files were stranded there and not combined into the totals, as described in issue 2025_. This is now fixed.

  • On Windows (or maybe only some Windows?) the patch would fail with a ModuleNotFound error trying to import coverage. This is now fixed, closing issue 2022_.

  • Originally only options set in the coverage configuration file would apply to subprocesses. Options set on the coverage run command line (such as --branch) wouldn't be communicated to the subprocesses. This could lead to combining failures, as described in issue 2021_. Now the entire configuration is used in subprocesses, regardless of its origin.

  • Added debug=patch to help diagnose problems.

• Fix: really close all SQLite databases, even in-memory ones. Closes issue 2017_.

.. _issue 2017: nedbat/coveragepy#2017 .. _issue 2021: nedbat/coveragepy#2021 .. _issue 2022: nedbat/coveragepy#2022 .. _issue 2024: nedbat/coveragepy#2024 .. _issue 2025: nedbat/coveragepy#2025

.. _changes_7-10-2:

Commits

• 0691ce5 docs: sample HTML for 7.10.3
• 34c9aca docs: prep for 7.10.3
• fd83f21 style: lists for homogenous collections
• d961800 docs: remove an unused reference
• 697d4bb fix: subprocesses inherit the entire configuration. #2021
• b6db3b7 build: show the total during local metacov
• cfbceb5 docs: reverted #2018
• 264bbd3 refactor: more patch logging
• 3ecdfaf chore: bump the action-dependencies group with 2 updates (#2026)
• 41a2256 fix: revert "thread safe resume (#2018)" (#2027)
• Additional commits viewable in compare view

Updates anyio from 4.9.0 to 4.10.0

Release notes

Sourced from anyio's releases.

4.10.0

• Added the feed_data() method to the BufferedByteReceiveStream class, allowing users to inject data directly into the buffer
• Added various class methods to wrap existing sockets as listeners or socket streams:
  • SocketListener.from_socket()
  • SocketStream.from_socket()
  • UNIXSocketStream.from_socket()
  • UDPSocket.from_socket()
  • ConnectedUDPSocket.from_socket()
  • UNIXDatagramSocket.from_socket()
  • ConnectedUNIXDatagramSocket.from_socket()
• Added a hierarchy of connectable stream classes for transparently connecting to various remote or local endpoints for exchanging bytes or objects
• Added context manager mix-in classes (anyio.ContextManagerMixin and anyio.AsyncContextManagerMixin) to help write classes that embed other context managers, particularly cancel scopes or task groups (#905; PR by @​agronholm and @​tapetersen)
• Added the ability to specify the thread name in start_blocking_portal() (#818; PR by @​davidbrochart)
• Added anyio.notify_closing to allow waking anyio.wait_readable and anyio.wait_writable before closing a socket. Among other things, this prevents an OSError on the ProactorEventLoop. (#896; PR by @​graingert)
• Incorporated several documentation improvements from the EuroPython 2025 sprint (special thanks to the sprinters: Emmanuel Okedele, Jan Murre, Euxenia Miruna Goia and Christoffer Fjord)
• Added a documentation page explaining why one might want to use AnyIO's APIs instead of asyncio's
• Updated the to_interpreters module to use the public concurrent.interpreters API on Python 3.14 or later
• Fixed anyio.Path.copy() and anyio.Path.copy_into() failing on Python 3.14.0a7
• Fixed return annotation of __aexit__ on async context managers. CMs which can suppress exceptions should return bool, or None otherwise. (#913; PR by @​Enegg)
• Fixed rollover boundary check in SpooledTemporaryFile so that rollover only occurs when the buffer size exceeds max_size (#915; PR by @​11kkw)
• Migrated testing and documentation dependencies from extras to dependency groups
• Fixed compatibility of anyio.to_interpreter with Python 3.14.0b2 (#926; PR by @​hroncok)
• Fixed SyntaxWarning on Python 3.14 about return in finally (#816)
• Fixed RunVar name conflicts. RunVar instances with the same name should not share storage (#880; PR by @​vimfu)
• Renamed the BrokenWorkerIntepreter exception to BrokenWorkerInterpreter. The old name is available as a deprecated alias. (#938; PR by @​ayussh-verma)
• Fixed an edge case in CapacityLimiter on asyncio where a task, waiting to acquire a limiter gets cancelled and is subsequently granted a token from the limiter, but before the cancellation is delivered, and then fails to notify the next waiting task (#947)

Changelog

Sourced from anyio's changelog.

Version history

This library adheres to Semantic Versioning 2.0 <http://semver.org/>_.

4.10.0

• Added the feed_data() method to the BufferedByteReceiveStream class, allowing users to inject data directly into the buffer

• Added various class methods to wrap existing sockets as listeners or socket streams:

  • SocketListener.from_socket()
  • SocketStream.from_socket()
  • UNIXSocketStream.from_socket()
  • UDPSocket.from_socket()
  • ConnectedUDPSocket.from_socket()
  • UNIXDatagramSocket.from_socket()
  • ConnectedUNIXDatagramSocket.from_socket()

• Added a hierarchy of connectable stream classes for transparently connecting to various remote or local endpoints for exchanging bytes or objects

• Added context manager mix-in classes (anyio.ContextManagerMixin and anyio.AsyncContextManagerMixin) to help write classes that embed other context managers, particularly cancel scopes or task groups ([#905](https://github.com/agronholm/anyio/issues/905) <https://github.com/agronholm/anyio/pull/905>_; PR by @​agronholm and @​tapetersen)

• Added the ability to specify the thread name in start_blocking_portal() ([#818](https://github.com/agronholm/anyio/issues/818) <https://github.com/agronholm/anyio/issues/818>_; PR by @​davidbrochart)

• Added anyio.notify_closing to allow waking anyio.wait_readable and anyio.wait_writable before closing a socket. Among other things, this prevents an OSError on the ProactorEventLoop. ([#896](https://github.com/agronholm/anyio/issues/896) <https://github.com/agronholm/anyio/pull/896>_; PR by @​graingert)

• Incorporated several documentation improvements from the EuroPython 2025 sprint (special thanks to the sprinters: Emmanuel Okedele, Jan Murre, Euxenia Miruna Goia and Christoffer Fjord)

• Added a documentation page explaining why one might want to use AnyIO's APIs instead of asyncio's

• Updated the to_interpreters module to use the public concurrent.interpreters API on Python 3.14 or later

• Fixed anyio.Path.copy() and anyio.Path.copy_into() failing on Python 3.14.0a7

• Fixed return annotation of __aexit__ on async context managers. CMs which can suppress exceptions should return bool, or None otherwise. ([#913](https://github.com/agronholm/anyio/issues/913) <https://github.com/agronholm/anyio/pull/913>_; PR by @​Enegg)

• Fixed rollover boundary check in SpooledTemporaryFile so that rollover only occurs when the buffer size exceeds max_size ([#915](https://github.com/agronholm/anyio/issues/915) <https://github.com/agronholm/anyio/pull/915>_; PR by @​11kkw)

• Migrated testing and documentation dependencies from extras to dependency groups

• Fixed compatibility of anyio.to_interpreter with Python 3.14.0b2 ([#926](https://github.com/agronholm/anyio/issues/926) <https://github.com/agronholm/anyio/issues/926>_; PR by @​hroncok)

• Fixed SyntaxWarning on Python 3.14 about return in finally ([#816](https://github.com/agronholm/anyio/issues/816) <https://github.com/agronholm/anyio/issues/816>_)

... (truncated)

Commits

• 0cf55b8 Bumped up the version
• b029df5 Updated the to_interpreter module to use the public API on Python 3.14 (#956)
• 01f02cf Incorporated EP2025 sprint feedback and added a new section (#955)
• d896480 [pre-commit.ci] pre-commit autoupdate (#954)
• 0282b81 Added the BufferedByteReceiveStream.feed_data() method (#945)
• 19e5477 Fixed a cancellation edge case for asyncio CapacityLimiter (#952)
• 4666df3 [pre-commit.ci] pre-commit autoupdate (#946)
• 38c2567 [pre-commit.ci] pre-commit autoupdate (#942)
• 3db73ac Add missing imports for Readcting to cancellation in worker threads example (...
• 2eda004 Added an example on how to use move_on_after() with shielding
• Additional commits viewable in compare view

Updates charset-normalizer from 3.4.2 to 3.4.3

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.3

3.4.3 (2025-08-09)

Changed

• mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
• automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

• Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
• Support for Python 3.14

Fixed

• sdist archive contained useless directories.
• automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. (#633)

Misc

• SBOM are automatically published to the relevant GitHub release to comply with regulatory changes. Each published wheel comes with its SBOM. We choose CycloneDX as the format.
• Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel.

Changelog

Sourced from charset-normalizer's changelog.

3.4.3 (2025-08-09)

Changed

• mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
• automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

• Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
• Support for Python 3.14

Fixed

• sdist archive contained useless directories.
• automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. (#633)

Misc

• SBOM are automatically published to the relevant GitHub release to comply with regulatory changes. Each published wheel comes with its SBOM. We choose CycloneDX as the format.
• Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel.

Commits

• 46f662d Release 3.4.3 (#638)
• 1a059b2 🔧 skip building on freethreaded as we're not confident it is stable
• 2275e3d 📝 final note in CHANGELOG.md
• c96acdf 📝 update release date on CHANGELOG.md
• 43e5460 📝 update README.md
• f277074 🔧 automatically lower confidence on small bytes str on non Unicode res...
• 15ae241 🐛 automatically fallback on valid UTF-16 or UTF-32 even if the md says it...
• 37397c1 🔧 enable 3.14 in nox test_mypyc session
• cb82537 ⏪ revert license due to compat python 3.7 issue setuptools
• 6a2efeb 🎨 fix linter errors
• Additional commits viewable in compare view

Updates ruff from 0.12.7 to 0.12.8

Release notes

Sourced from ruff's releases.

0.12.8

Release Notes

Preview features

• [flake8-use-pathlib] Expand PTH201 to check all PurePath subclasses (#19440)

Bug fixes

• [flake8-blind-except] Change BLE001 to correctly parse exception tuples (#19747)
• [flake8-errmsg] Exclude typing.cast from EM101 (#19656)
• [flake8-simplify] Fix raw string handling in SIM905 for embedded quotes (#19591)
• [flake8-import-conventions] Avoid false positives for NFKC-normalized __debug__ import aliases in ICN001 (#19411)
• [isort] Fix syntax error after docstring ending with backslash (I002) (#19505)
• [pylint] Mark PLC0207 fixes as unsafe when *args unpacking is present (#19679)
• [pyupgrade] Prevent infinite loop with I002 (UP010, UP035) (#19413)
• [ruff] Parenthesize generator expressions in f-strings (RUF010) (#19434)

Rule changes

• [eradicate] Don't flag pyrefly pragmas as unused code (ERA001) (#19731)

Documentation

• Replace "associative" with "commutative" in docs for RUF036 (#19706)
• Fix copy and line separator colors in dark mode (#19630)
• Fix link to typing documentation (#19648)
• [refurb] Make more examples error out-of-the-box (#19695,#19673,#19672)

Other changes

• Include column numbers in GitLab output format (#19708)
• Always expand tabs to four spaces in diagnostics (#19618)
• Update pre-commit's ruff id (#19654)

Contributors

• @​AlexWaygood
• @​BurntSushi
• @​MatthewMckee4
• @​MeGaGiGaGon
• @​MichaReiser
• @​UnboundVariable
• @​cristian64
• @​danparizher
• @​dcreager
• @​deliro
• @​dhruvmanila
• @​github-actions
• @​harshil21
• @​hunterhogan

... (truncated)

Changelog

Sourced from ruff's changelog.

0.12.8

Preview features

• [flake8-use-pathlib] Expand PTH201 to check all PurePath subclasses (#19440)

Bug fixes

• [flake8-blind-except] Change BLE001 to correctly parse exception tuples (#19747)
• [flake8-errmsg] Exclude typing.cast from EM101 (#19656)
• [flake8-simplify] Fix raw string handling in SIM905 for embedded quotes (#19591)
• [flake8-import-conventions] Avoid false positives for NFKC-normalized __debug__ import aliases in ICN001 (#19411)
• [isort] Fix syntax error after docstring ending with backslash (I002) (#19505)
• [pylint] Mark PLC0207 fixes as unsafe when *args unpacking is present (#19679)
• [pyupgrade] Prevent infinite loop with I002 (UP010, UP035) (#19413)
• [ruff] Parenthesize generator expressions in f-strings (RUF010) (#19434)

Rule changes

• [eradicate] Don't flag pyrefly pragmas as unused code (ERA001) (#19731)

Documentation

• Replace "associative" with "commutative" in docs for RUF036 (#19706)
• Fix copy and line separator colors in dark mode (#19630)
• Fix link to typing documentation (#19648)
• [refurb] Make more examples error out-of-the-box (#19695,#19673,#19672)

Other changes

• Include column numbers in GitLab output format (#19708)
• Always expand tabs to four spaces in diagnostics (#19618)
• Update pre-commit's ruff id (#19654)

Commits

• f51a228 Bump 0.12.8 (#19813)
• d5e1b79 [ty] Fix static assertion size check (#19814)
• 7dfde3b Update Rust toolchain to 1.89 (#19807)
• b22586f [ty] Add ty.inlayHints.variableTypes server option (#19780)
• c401a6d [ty] Add failing tests for tuple subclasses (#19803)
• 7b6abfb [ty] Add ty.experimental.rename server setting (#19800)
• b005cdb [ty] Implemented support for "rename" language server feature (#19551)
• b96aa46 [ty] Reduce size of member table (#19572)
• cc97579 [ty] Move server capabilities creation (#19798)
• ef1802b [ty] Repurpose FunctionType.into_bound_method_type to return `BoundMethodTy...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Conventional Commits Report

Type	Number
Dependencies	1

🚀 Conventional commits found.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.