Deps: Bump the dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the dependencies group with 5 updates in the / directory:

Package	From	To
pontos	25.7.2	25.8.0
coverage	7.10.2	7.10.4
anyio	4.9.0	4.10.0
charset-normalizer	3.4.2	3.4.3
ruff	0.12.7	0.12.9

Updates pontos from 25.7.2 to 25.8.0

Release notes

Sourced from pontos's releases.

pontos 25.8.0

25.8.0 - 2025-08-12

Changed

• Make it possible to read [workspace.project] in cargo.toml 57ca3c2c

Bug Fixes

• Use 'Array' in cargo tests instead of 'Table' cabc6ea7

Dependencies

• Bump the python-packages group with 3 updates a5e524c5
• Bump the python-packages group with 3 updates 0be16215

Commits

• f004abb Automatic release to 25.8.0
• cabc6ea Fix: Use 'Array' in cargo tests instead of 'Table'
• 57ca3c2 change: Make it possible to read [workspace.project] in cargo.toml
• a5e524c Deps: Bump the python-packages group with 3 updates
• 0be1621 Deps: Bump the python-packages group with 3 updates
• 3c8a746 Automatic adjustments after release [skip ci]
• See full diff in compare view

Updates coverage from 7.10.2 to 7.10.4

Changelog

Sourced from coverage's changelog.

Version 7.10.4 — 2025-08-16

• Added patch = fork for times when the built-in forking support is insufficient.

• Fix: patch = execv also inherits the entire coverage configuration now.

.. _changes_7-10-3:

Version 7.10.3 — 2025-08-10

• Fixes for patch = subprocess:

  • If subprocesses spawned yet more subprocesses simultaneously, some coverage could be missed. This is now fixed, closing issue 2024_.

  • If subprocesses were created in other directories, their data files were stranded there and not combined into the totals, as described in issue 2025_. This is now fixed.

  • On Windows (or maybe only some Windows?) the patch would fail with a ModuleNotFound error trying to import coverage. This is now fixed, closing issue 2022_.

  • Originally only options set in the coverage configuration file would apply to subprocesses. Options set on the coverage run command line (such as --branch) wouldn't be communicated to the subprocesses. This could lead to combining failures, as described in issue 2021_. Now the entire configuration is used in subprocesses, regardless of its origin.

  • Added debug=patch to help diagnose problems.

• Fix: really close all SQLite databases, even in-memory ones. Closes issue 2017_.

.. _issue 2017: nedbat/coveragepy#2017 .. _issue 2021: nedbat/coveragepy#2021 .. _issue 2022: nedbat/coveragepy#2022 .. _issue 2024: nedbat/coveragepy#2024 .. _issue 2025: nedbat/coveragepy#2025

.. _changes_7-10-2:

Commits

• 1cd29f2 docs: sample HTML for 7.10.4
• 92a91e9 docs: prep for 7.10.4
• 9ee6390 debug: more details in debug messages
• 6af8a5d feat: patch=fork
• 0eb292d refactor: a nicer way to inject config from the environment
• 183cd9b build: tweaks to how the python build is bannered for tox
• 6c2fb87 chore: make upgrade
• a22436c test: since 62434e79 we don't need to account for .tox
• 4ab4bb0 test: add a test for env var truncation
• bf1a970 refactor: better style for constants
• Additional commits viewable in compare view

Updates anyio from 4.9.0 to 4.10.0

Release notes

Sourced from anyio's releases.

4.10.0

• Added the feed_data() method to the BufferedByteReceiveStream class, allowing users to inject data directly into the buffer
• Added various class methods to wrap existing sockets as listeners or socket streams:
  • SocketListener.from_socket()
  • SocketStream.from_socket()
  • UNIXSocketStream.from_socket()
  • UDPSocket.from_socket()
  • ConnectedUDPSocket.from_socket()
  • UNIXDatagramSocket.from_socket()
  • ConnectedUNIXDatagramSocket.from_socket()
• Added a hierarchy of connectable stream classes for transparently connecting to various remote or local endpoints for exchanging bytes or objects
• Added context manager mix-in classes (anyio.ContextManagerMixin and anyio.AsyncContextManagerMixin) to help write classes that embed other context managers, particularly cancel scopes or task groups (#905; PR by @​agronholm and @​tapetersen)
• Added the ability to specify the thread name in start_blocking_portal() (#818; PR by @​davidbrochart)
• Added anyio.notify_closing to allow waking anyio.wait_readable and anyio.wait_writable before closing a socket. Among other things, this prevents an OSError on the ProactorEventLoop. (#896; PR by @​graingert)
• Incorporated several documentation improvements from the EuroPython 2025 sprint (special thanks to the sprinters: Emmanuel Okedele, Jan Murre, Euxenia Miruna Goia and Christoffer Fjord)
• Added a documentation page explaining why one might want to use AnyIO's APIs instead of asyncio's
• Updated the to_interpreters module to use the public concurrent.interpreters API on Python 3.14 or later
• Fixed anyio.Path.copy() and anyio.Path.copy_into() failing on Python 3.14.0a7
• Fixed return annotation of __aexit__ on async context managers. CMs which can suppress exceptions should return bool, or None otherwise. (#913; PR by @​Enegg)
• Fixed rollover boundary check in SpooledTemporaryFile so that rollover only occurs when the buffer size exceeds max_size (#915; PR by @​11kkw)
• Migrated testing and documentation dependencies from extras to dependency groups
• Fixed compatibility of anyio.to_interpreter with Python 3.14.0b2 (#926; PR by @​hroncok)
• Fixed SyntaxWarning on Python 3.14 about return in finally (#816)
• Fixed RunVar name conflicts. RunVar instances with the same name should not share storage (#880; PR by @​vimfu)
• Renamed the BrokenWorkerIntepreter exception to BrokenWorkerInterpreter. The old name is available as a deprecated alias. (#938; PR by @​ayussh-verma)
• Fixed an edge case in CapacityLimiter on asyncio where a task, waiting to acquire a limiter gets cancelled and is subsequently granted a token from the limiter, but before the cancellation is delivered, and then fails to notify the next waiting task (#947)

Changelog

Sourced from anyio's changelog.

Version history

This library adheres to Semantic Versioning 2.0 <http://semver.org/>_.

4.10.0

• Added the feed_data() method to the BufferedByteReceiveStream class, allowing users to inject data directly into the buffer

• Added various class methods to wrap existing sockets as listeners or socket streams:

  • SocketListener.from_socket()
  • SocketStream.from_socket()
  • UNIXSocketStream.from_socket()
  • UDPSocket.from_socket()
  • ConnectedUDPSocket.from_socket()
  • UNIXDatagramSocket.from_socket()
  • ConnectedUNIXDatagramSocket.from_socket()

• Added a hierarchy of connectable stream classes for transparently connecting to various remote or local endpoints for exchanging bytes or objects

• Added context manager mix-in classes (anyio.ContextManagerMixin and anyio.AsyncContextManagerMixin) to help write classes that embed other context managers, particularly cancel scopes or task groups ([#905](https://github.com/agronholm/anyio/issues/905) <https://github.com/agronholm/anyio/pull/905>_; PR by @​agronholm and @​tapetersen)

• Added the ability to specify the thread name in start_blocking_portal() ([#818](https://github.com/agronholm/anyio/issues/818) <https://github.com/agronholm/anyio/issues/818>_; PR by @​davidbrochart)

• Added anyio.notify_closing to allow waking anyio.wait_readable and anyio.wait_writable before closing a socket. Among other things, this prevents an OSError on the ProactorEventLoop. ([#896](https://github.com/agronholm/anyio/issues/896) <https://github.com/agronholm/anyio/pull/896>_; PR by @​graingert)

• Incorporated several documentation improvements from the EuroPython 2025 sprint (special thanks to the sprinters: Emmanuel Okedele, Jan Murre, Euxenia Miruna Goia and Christoffer Fjord)

• Added a documentation page explaining why one might want to use AnyIO's APIs instead of asyncio's

• Updated the to_interpreters module to use the public concurrent.interpreters API on Python 3.14 or later

• Fixed anyio.Path.copy() and anyio.Path.copy_into() failing on Python 3.14.0a7

• Fixed return annotation of __aexit__ on async context managers. CMs which can suppress exceptions should return bool, or None otherwise. ([#913](https://github.com/agronholm/anyio/issues/913) <https://github.com/agronholm/anyio/pull/913>_; PR by @​Enegg)

• Fixed rollover boundary check in SpooledTemporaryFile so that rollover only occurs when the buffer size exceeds max_size ([#915](https://github.com/agronholm/anyio/issues/915) <https://github.com/agronholm/anyio/pull/915>_; PR by @​11kkw)

• Migrated testing and documentation dependencies from extras to dependency groups

• Fixed compatibility of anyio.to_interpreter with Python 3.14.0b2 ([#926](https://github.com/agronholm/anyio/issues/926) <https://github.com/agronholm/anyio/issues/926>_; PR by @​hroncok)

• Fixed SyntaxWarning on Python 3.14 about return in finally ([#816](https://github.com/agronholm/anyio/issues/816) <https://github.com/agronholm/anyio/issues/816>_)

... (truncated)

Commits

• 0cf55b8 Bumped up the version
• b029df5 Updated the to_interpreter module to use the public API on Python 3.14 (#956)
• 01f02cf Incorporated EP2025 sprint feedback and added a new section (#955)
• d896480 [pre-commit.ci] pre-commit autoupdate (#954)
• 0282b81 Added the BufferedByteReceiveStream.feed_data() method (#945)
• 19e5477 Fixed a cancellation edge case for asyncio CapacityLimiter (#952)
• 4666df3 [pre-commit.ci] pre-commit autoupdate (#946)
• 38c2567 [pre-commit.ci] pre-commit autoupdate (#942)
• 3db73ac Add missing imports for Readcting to cancellation in worker threads example (...
• 2eda004 Added an example on how to use move_on_after() with shielding
• Additional commits viewable in compare view

Updates charset-normalizer from 3.4.2 to 3.4.3

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.3

3.4.3 (2025-08-09)

Changed

• mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
• automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

• Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
• Support for Python 3.14

Fixed

• sdist archive contained useless directories.
• automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. (#633)

Misc

• SBOM are automatically published to the relevant GitHub release to comply with regulatory changes. Each published wheel comes with its SBOM. We choose CycloneDX as the format.
• Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel.

Changelog

Sourced from charset-normalizer's changelog.

3.4.3 (2025-08-09)

Changed

• mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
• automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

• Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
• Support for Python 3.14

Fixed

• sdist archive contained useless directories.
• automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. (#633)

Misc

• SBOM are automatically published to the relevant GitHub release to comply with regulatory changes. Each published wheel comes with its SBOM. We choose CycloneDX as the format.
• Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel.

Commits

• 46f662d Release 3.4.3 (#638)
• 1a059b2 🔧 skip building on freethreaded as we're not confident it is stable
• 2275e3d 📝 final note in CHANGELOG.md
• c96acdf 📝 update release date on CHANGELOG.md
• 43e5460 📝 update README.md
• f277074 🔧 automatically lower confidence on small bytes str on non Unicode res...
• 15ae241 🐛 automatically fallback on valid UTF-16 or UTF-32 even if the md says it...
• 37397c1 🔧 enable 3.14 in nox test_mypyc session
• cb82537 ⏪ revert license due to compat python 3.7 issue setuptools
• 6a2efeb 🎨 fix linter errors
• Additional commits viewable in compare view

Updates ruff from 0.12.7 to 0.12.9

Release notes

Sourced from ruff's releases.

0.12.9

Release Notes

Preview features

• [airflow] Add check for airflow.secrets.cache.SecretCache (AIR301) (#17707)
• [ruff] Offer a safe fix for multi-digit zeros (RUF064) (#19847)

Bug fixes

• [flake8-blind-except] Fix BLE001 false-positive on raise ... from None (#19755)
• [flake8-comprehensions] Fix false positive for C420 with attribute, subscript, or slice assignment targets (#19513)
• [flake8-simplify] Fix handling of U+001C..U+001F whitespace (SIM905) (#19849)

Rule changes

• [pylint] Use lowercase hex characters to match the formatter (PLE2513) (#19808)

Documentation

• Fix lint.future-annotations link (#19876)

Other changes

• Build riscv64 binaries for release (#19819)
• Add rule code to error description in GitLab output (#19896)

Contributors

• @​AlexWaygood
• @​Gankra
• @​MatthewMckee4
• @​MichaReiser
• @​PrettyWood
• @​RazerM
• @​carljm
• @​danparizher
• @​dcreager
• @​deliro
• @​dhruvmanila
• @​ember91
• @​ffgan
• @​harupy
• @​ibraheemdev
• @​mtshiba
• @​nguu0123
• @​ntBre
• @​oconnor663
• @​prabhusneha
• @​renovate

... (truncated)

Changelog

Sourced from ruff's changelog.

0.12.9

Preview features

• [airflow] Add check for airflow.secrets.cache.SecretCache (AIR301) (#17707)
• [ruff] Offer a safe fix for multi-digit zeros (RUF064) (#19847)

Bug fixes

• [flake8-blind-except] Fix BLE001 false-positive on raise ... from None (#19755)
• [flake8-comprehensions] Fix false positive for C420 with attribute, subscript, or slice assignment targets (#19513)
• [flake8-simplify] Fix handling of U+001C..U+001F whitespace (SIM905) (#19849)

Rule changes

• [pylint] Use lowercase hex characters to match the formatter (PLE2513) (#19808)

Documentation

• Fix lint.future-annotations link (#19876)

Other changes

• Build riscv64 binaries for release (#19819)
• Add rule code to error description in GitLab output (#19896)

0.12.8

Preview features

• [flake8-use-pathlib] Expand PTH201 to check all PurePath subclasses (#19440)

Bug fixes

• [flake8-blind-except] Change BLE001 to correctly parse exception tuples (#19747)
• [flake8-errmsg] Exclude typing.cast from EM101 (#19656)
• [flake8-simplify] Fix raw string handling in SIM905 for embedded quotes (#19591)
• [flake8-import-conventions] Avoid false positives for NFKC-normalized __debug__ import aliases in ICN001 (#19411)
• [isort] Fix syntax error after docstring ending with backslash (I002) (#19505)
• [pylint] Mark PLC0207 fixes as unsafe when *args unpacking is present (#19679)
• [pyupgrade] Prevent infinite loop with I002 (UP010, UP035) (#19413)
• [ruff] Parenthesize generator expressions in f-strings (RUF010) (#19434)

Rule changes

• [eradicate] Don't flag pyrefly pragmas as unused code (ERA001) (#19731)

Documentation

• Replace "associative" with "commutative" in docs for RUF036 (#19706)

... (truncated)

Commits

• ef42246 Bump 0.12.9 (#19917)
• dc2e8ab [ty] support kw_only=True for dataclass() and field() (#19677)
• 9aaa82d Feature/build riscv64 bin (#19819)
• 3288ac2 [ty] Add caching to CodeGeneratorKind::matches() (#19912)
• 1167ed6 [ty] Rename functionArgumentNames to callArgumentNames inlay hint setting...
• 2ee47d8 [ty] Default ty.inlayHints.* server settings to true (#19910)
• d324ced [ty] Remove py-fuzzer skips for seeds that are no longer slow (#19906)
• 5a570c8 [ty] fix deferred name loading in PEP695 generic classes/functions (#19888)
• baadb5a [ty] Add some additional type safety to CycleDetector (#19903)
• df0648a [flake8-blind-except] Fix BLE001 false-positive on raise ... from None ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Conventional Commits Report

Type	Number
Dependencies	1

🚀 Conventional commits found.