Bump rules_python from 1.9.0 to 2.0.3

[dependabot]

Bumps rules_python from 1.9.0 to 2.0.3.

Release notes

Sourced from rules_python's releases.

2.0.3

For more detailed setup instructions, see https://rules-python.readthedocs.io/en/latest/getting-started.html

For the user-facing changelog see here

Using Bzlmod

Add to your MODULE.bazel file:

bazel_dep(name = "rules_python", version = "2.0.3")
python = use_extension("@​rules_python//python/extensions:python.bzl", "python")
python.toolchain(
python_version = "3.13",
)
pip = use_extension("@​rules_python//python/extensions:pip.bzl", "pip")
pip.parse(
hub_name = "pypi",
python_version = "3.13",
requirements_lock = "//:requirements_lock.txt",
)
use_repo(pip, "pypi")

Using WORKSPACE

Paste this snippet into your WORKSPACE file:

load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
http_archive(
name = "rules_python",
sha256 = "2610f57b934dc55d1df2728290199519b11cc53508dec34fd5ef0424bcb50242",
strip_prefix = "rules_python-2.0.3",
url = "https://github.com/bazel-contrib/rules_python/releases/download/2.0.3/rules_python-2.0.3.tar.gz",
)
load("@​rules_python//python:repositories.bzl", "py_repositories")
py_repositories()

Gazelle plugin

Paste this snippet into your WORKSPACE file:

... (truncated)

Changelog

Sourced from rules_python's changelog.

2.0.3 - 2026-06-15

{#v2-0-3-fixed}

Fixed

• (pypi) Assume that all of the packages are available on a particular hub if there is only a single PyPI compatible index to be used. This saves us an expensive PyPI download and supports PyPI mirror implementations that do not support the root index functionality. Fixes #3769.

{#v2-0-2}

2.0.2 - 2026-05-14

{#v2-0-2-added}

Added

• (toolchains) 3.13.12, 3.14.3 Python toolchain from 20260325 release.
• (toolchains) 3.10.20, 3.11.15, 3.12.13, 3.13.13 3.14.4, 3.15.0a8
• Python toolchain from 20260414 release.

{#v2-0-1}

2.0.1 - 2026-05-08

{#v2-0-1-fixed}

Fixed

• (pypi) Fix the versions of packages that we are recording to a MODULE.bazel.lock file facts by passing all of the versions to the get_index function. Fixes #3756.
• (bzlmod) Reduce default verbosity of our loggers for non-root modules (#3749).

{#v2-0-0}

2.0.0 - 2026-04-09

{#v2-0-0-removed}

Removed

• Nothing removed.

{#v2-0-0-changed}

Changed

... (truncated)

Commits

• e7d1378 Release 2.0.3: Update changelog
• 366cd40 fix(pypi): do not fail on indexes without root index (#3799)
• 6aad882 ci: update RBE toolchain version from ubuntu2204 to ubuntu2404 (#3778)
• 06bc9f7 feat(toolchains): Add 3.10.20, 3.11.15, 3.12.13, 3.13.{12,13} 3.14.{3,4}, 3.1...
• e29c577 test: finish fixing the mocks in the pypi_cache
• ed05762 fix(test): update the lock-file to corresspond to the current deps
• 2852efd fix(logger): do not output WARN level logs for non-root modules (#3760)
• d876cfe fix(pypi): pass the correct versions to get_index_urls and fix cache invalida...
• 1390b36 fix(pypi): don't resolve python interpreter when not necessary (#3727)
• 91b3224 fix(pypi): build the environment on the fly (#3720)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0e1e81d9a5

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Pin the override to the 2.0.3 source

When this module is resolved with Bzlmod, the git_override below still supplies the actual @rules_python source from the unchanged old commit (bac549...), even though this line now advertises version 2.0.3 and the surrounding comment says these direct dependencies must be pinned by both module version and release source commit. As a result CI/builds continue testing the previously pinned rules_python code rather than the 2.0.3 release; update or remove the override alongside the version bump.

Useful? React with 👍 / 👎.