chore(deps): bump the development group across 1 directory with 9 updates

[dependabot]

Bumps the development group with 9 updates in the / directory:

Package	From	To
black	25.1.0	25.12.0
isort	6.0.1	6.1.0
pytest	8.4.1	8.4.2
pytest-asyncio	1.1.0	1.3.0
pytest-cov	6.2.1	6.3.0
pytest-mock	3.14.1	3.15.1
bandit	1.8.6	1.9.2
pytest-env	1.1.5	1.2.0
pytest-httpx	0.35.0	0.36.0

Updates black from 25.1.0 to 25.12.0

Release notes

Sourced from black's releases.

25.12.0

Please test out the draft 2026 style in version 26.1a1! This style will be finalized in the January release (26.1.0). Most of the changes in --preview will be in the 2026 stable style, but not all. Please share your feedback!

This release (25.12.0) will still produce the 2025 style.

Highlights

• Black no longer supports running with Python 3.9 (#4842)

Stable style

• Fix bug where comments preceding # fmt: off/# fmt: on blocks were incorrectly removed, particularly affecting Jupytext's # %% [markdown] comments (#4845)
• Fix crash when multiple # fmt: skip comments are used in a multi-part if-clause, on string literals, or on dictionary entries with long lines (#4872)
• Fix possible crash when fmt: directives aren't on the top level (#4856)

Preview style

• Fix fmt: skip skipping the line after instead of the line it's on (#4855)
• Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting (#4865)
• Fix fix_fmt_skip_in_one_liners crashing on with statements (#4853)
• Fix fix_fmt_skip_in_one_liners crashing on annotated parameters (#4854)
• Fix new lines being added after imports with # fmt: skip on them (#4894)

Packaging

• Releases now include arm64 Windows binaries and wheels (#4814)

Integrations

• Add output-file input to GitHub Action psf/black to write formatter output to a file for artifact capture and log cleanliness (#4824)

25.11.0

Highlights

• Enable base 3.14 support (#4804)
• Add support for the new Python 3.14 t-string syntax introduced by PEP 750 (#4805)

Stable style

• Fix bug where comments between # fmt: off and # fmt: on were reformatted (#4811)
• Comments containing fmt directives now preserve their exact formatting instead of being normalized (#4811)

... (truncated)

Changelog

Sourced from black's changelog.

25.12.0

Highlights

• Black no longer supports running with Python 3.9 (#4842)

Stable style

• Fix bug where comments preceding # fmt: off/# fmt: on blocks were incorrectly removed, particularly affecting Jupytext's # %% [markdown] comments (#4845)
• Fix crash when multiple # fmt: skip comments are used in a multi-part if-clause, on string literals, or on dictionary entries with long lines (#4872)
• Fix possible crash when fmt: directives aren't on the top level (#4856)

Preview style

• Fix fmt: skip skipping the line after instead of the line it's on (#4855)
• Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting (#4865)
• Fix fix_fmt_skip_in_one_liners crashing on with statements (#4853)
• Fix fix_fmt_skip_in_one_liners crashing on annotated parameters (#4854)
• Fix new lines being added after imports with # fmt: skip on them (#4894)

Packaging

• Releases now include arm64 Windows binaries and wheels (#4814)

Integrations

• Add output-file input to GitHub Action psf/black to write formatter output to a file for artifact capture and log cleanliness (#4824)

25.11.0

Highlights

• Enable base 3.14 support (#4804)
• Add support for the new Python 3.14 t-string syntax introduced by PEP 750 (#4805)

Stable style

• Fix bug where comments between # fmt: off and # fmt: on were reformatted (#4811)
• Comments containing fmt directives now preserve their exact formatting instead of being normalized (#4811)

Preview style

• Move multiline_string_handling from --unstable to --preview (#4760)
• Fix bug where module docstrings would be treated as normal strings if preceded by comments (#4764)

... (truncated)

Commits

• 782e560 Pin actions/checkout@v5.0.0 (#4895)
• f0f4094 Fix new lines being added after imports with # fmt: skip on them (#4894)
• 70fc194 Revert "Fix # fmt: skip ignored in deeply nested expressions" (#4893)
• 7044b14 Prepare 25.12.0 release (#4891)
• 5b470f0 Fix # fmt: skip ignored in deeply nested expressions (#4883)
• 1b342ef Fix crash when multiple # fmt: skip comments are used in multi-part if-clau...
• 7b265f1 Pin Hatch to hopefully fix Docker builds (#4878)
• c9523f4 Attempt to fix Docker build failures (#4876)
• 0f376e0 Fix crashes when fmt directives are indented (#4856)
• a8bfcc1 Fix fmt: skip skipping the line after instead of the line it's on (#4855)
• Additional commits viewable in compare view

Updates isort from 6.0.1 to 6.1.0

Release notes

Sourced from isort's releases.

6.1.0

Changes

• Update docs discussions channel (#2410) @​staticdev
• Add python 3.14 classifier and badge (#2409) @​staticdev
• Drop use of non-standard pkg_resources API (#2405) @​dvarrazzo
• Use working isort version in pre-commit example (#2402) @​iainelder
• fix typo in _get_files_from_dir_cached test (#2392) @​tiltingpenguin
• Resolve bandit warnings (#2379) @​kurtmckee
• Add tox for cross-platform, parallel test suite execution (#2378) @​kurtmckee
• Add Project URLs to PyPI Side Panel (#2387) @​guillermodotn
• Fix typos (#2376) @​co63oc

👷 Continuous Integration

• Add make bash scripts portable (#2377) @​staticdev

📦 Dependencies

• Bump actions/checkout from 4 to 5 in the github-actions group (#2406) @dependabot[bot]
• Bump astral-sh/setup-uv from 5 to 6 in the github-actions group (#2395) @dependabot[bot]

Changelog

Sourced from isort's changelog.

6.1.0 October 1 2025

• Add python 3.14 classifier and badge (#2409) @​staticdev
• Drop use of non-standard pkg_resources API (#2405) @​dvarrazzo

Commits

• ec0efae Merge pull request #2410 from PyCQA/docs/discussion
• 8af675f Update docs discussions channel
• a03dae8 Merge pull request #2409 from PyCQA/build/py314-classifier
• 2232a26 Add python 3.14 classifier and badge
• ec48dd7 Merge pull request #2405 from dvarrazzo/fix/drop-pkg-resources
• be46cd4 refactor: make importlib metadata package import lazy
• 18ecd0c chore: drop branch guarding unsupported Python versions
• 1d42e56 fix: drop use of non-standard pkg_resources API
• 0c8fc82 Merge pull request #2406 from PyCQA/dependabot/github_actions/github-actions-...
• 3478763 Bump actions/checkout from 4 to 5 in the github-actions group
• Additional commits viewable in compare view

Updates pytest from 8.4.1 to 8.4.2

Release notes

Sourced from pytest's releases.

8.4.2

pytest 8.4.2 (2025-09-03)

Bug fixes

• #13478: Fixed a crash when using console_output_style{.interpreted-text role="confval"} with times and a module is skipped.

• #13530: Fixed a crash when using pytest.approx{.interpreted-text role="func"} and decimal.Decimal{.interpreted-text role="class"} instances with the decimal.FloatOperation{.interpreted-text role="class"} trap set.

• #13549: No longer evaluate type annotations in Python 3.14 when inspecting function signatures.

  This prevents crashes during module collection when modules do not explicitly use from __future__ import annotations and import types for annotations within a if TYPE_CHECKING: block.

• #13559: Added missing [int]{.title-ref} and [float]{.title-ref} variants to the [Literal]{.title-ref} type annotation of the [type]{.title-ref} parameter in pytest.Parser.addini{.interpreted-text role="meth"}.

• #13563: pytest.approx{.interpreted-text role="func"} now only imports numpy if NumPy is already in sys.modules. This fixes unconditional import behavior introduced in [8.4.0]{.title-ref}.

Improved documentation

• #13577: Clarify that pytest_generate_tests is discovered in test modules/classes; other hooks must be in conftest.py or plugins.

Contributor-facing changes

• #13480: Self-testing: fixed a few test failures when run with -Wdefault or a similar override.
• #13547: Self-testing: corrected expected message for test_doctest_unexpected_exception in Python 3.14.
• #13684: Make pytest's own testsuite insensitive to the presence of the CI environment variable -- by ogrisel{.interpreted-text role="user"}.

Commits

• bfae422 Prepare release version 8.4.2
• 8990538 Fix passenv CI in tox ini and make tests insensitive to the presence of the C...
• ca676bf Merge pull request #13687 from pytest-dev/patchback/backports/8.4.x/e63f6e51c...
• 975a60a Merge pull request #13686 from pytest-dev/patchback/backports/8.4.x/12bde8af6...
• 7723ce8 Merge pull request #13683 from even-even/fix_Exeption_to_Exception_in_errorMe...
• b7f0568 Merge pull request #13685 from CoretexShadow/fix/docs-pytest-generate-tests
• 2c94c4a add missing colon (#13640) (#13641)
• c3d7684 Merge pull request #13606 from pytest-dev/patchback/backports/8.4.x/5f9938563...
• dc6e3be Merge pull request #13605 from The-Compiler/training-update-2025-07
• f87289c Fix crash with times output style and skipped module (#13573) (#13579)
• Additional commits viewable in compare view

Updates pytest-asyncio from 1.1.0 to 1.3.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio 1.3.0

1.3.0 - 2025-11-10

Removed

• Support for Python 3.9 (#1278)

Added

• Support for pytest 9 (#1279)

Notes for Downstream Packagers

• Tested Python versions include free threaded Python 3.14t (#1274)
• Tests are run in the same pytest process, instead of spawning a subprocess with pytest.Pytester.runpytest_subprocess. This prevents the test suite from accidentally using a system installation of pytest-asyncio, which could result in test errors. (#1275)

pytest-asyncio 1.2.0

1.2.0 - 2025-09-12

Added

• --asyncio-debug CLI option and asyncio_debug configuration option to enable asyncio debug mode for the default event loop. (#980)
• A pytest.UsageError for invalid configuration values of asyncio_default_fixture_loop_scope and asyncio_default_test_loop_scope. (#1189)
• Compatibility with the Pyright type checker (#731)

Fixed

• RuntimeError: There is no current event loop in thread 'MainThread' when any test unsets the event loop (such as when using asyncio.run and asyncio.Runner). (#1177)
• Deprecation warning when decorating an asynchronous fixture with @pytest.fixture in [strict]{.title-ref} mode. The warning message now refers to the correct package. (#1198)

Notes for Downstream Packagers

• Bump the minimum required version of tox to v4.28. This change is only relevant if you use the tox.ini file provided by pytest-asyncio to run tests.
• Extend dependency on typing-extensions>=4.12 from Python<3.10 to Python<3.13.

pytest-asyncio 1.1.1

v1.1.1 - 2025-09-12

Notes for Downstream Packagers

- Addresses a build problem with setuptoos-scm >= 9 caused by invalid setuptools-scm configuration in pytest-asyncio. (#1192)

Commits

• 2e9695f docs: Compile changelog for v1.3.0
• dd0e9ba docs: Reference correct issue in news fragment.
• 4c31abe Build(deps): Bump nh3 from 0.3.1 to 0.3.2
• 13e9477 Link to migration guides from changelog
• 4d2cf3c tests: handle Python 3.14 DefaultEventLoopPolicy deprecation warnings
• ee3549b test: Remove obsolete test for the event_loop fixture.
• 7a67c82 tests: Fix failing test by preventing warning conversion to error.
• a17b689 test: add pytest config to isolated test directories
• 18afc9d fix(tests): replace runpytest_subprocess with runpytest
• cdc6bd1 Add support for pytest 9 and drop Python 3.9 support
• Additional commits viewable in compare view

Updates pytest-cov from 6.2.1 to 6.3.0

Changelog

Sourced from pytest-cov's changelog.

6.3.0 (2025-09-06)

• Added support for markdown reports. Contributed by Marcos Boger in [#712](https://github.com/pytest-dev/pytest-cov/issues/712) <https://github.com/pytest-dev/pytest-cov/pull/712>_ and [#714](https://github.com/pytest-dev/pytest-cov/issues/714) <https://github.com/pytest-dev/pytest-cov/pull/714>_.
• Fixed some formatting issues in docs. Anonymous contribution in [#706](https://github.com/pytest-dev/pytest-cov/issues/706) <https://github.com/pytest-dev/pytest-cov/pull/706>_.

Commits

• a69d1ab Bump version: 6.2.1 → 6.3.0
• 475bf32 Update changelog.
• 3834009 Add GitHub Actions example and fix example to not break with default markdown...
• 0824728 Small phrasing adustments in Markdown docs
• 474c1f4 Move markdown dest files check to StoreReport for earlier error and parser.er...
• 7b21833 Default markdown-append to coverage.md and raise warning if both markdown opt...
• 3a15312 Fix usage of Path.open() to write/append to files
• 4b79449 Change output file cov-append.md in md-append example
• 40e9e8e Add docs and update AUTHORS.rst
• f5ca33a Add tests for markdown and markdown-append
• Additional commits viewable in compare view

Updates pytest-mock from 3.14.1 to 3.15.1

Release notes

Sourced from pytest-mock's releases.

v3.15.1

2025-09-16

• #529: Fixed itertools._tee object has no attribute error -- now duplicate_iterators=True must be passed to mocker.spy to duplicate iterators.

v3.15.0

2025-09-04

• Python 3.8 (EOL) is no longer supported.
• #524: Added spy_return_iter to mocker.spy, which contains a duplicate of the return value of the spied method if it is an Iterator.

Changelog

Sourced from pytest-mock's changelog.

3.15.1

2025-09-16

• [#529](https://github.com/pytest-dev/pytest-mock/issues/529) <https://github.com/pytest-dev/pytest-mock/issues/529>_: Fixed itertools._tee object has no attribute error -- now duplicate_iterators=True must be passed to mocker.spy to duplicate iterators.

3.15.0

2025-09-04

• Python 3.8 (EOL) is no longer supported.
• [#524](https://github.com/pytest-dev/pytest-mock/issues/524) <https://github.com/pytest-dev/pytest-mock/pull/524>_: Added spy_return_iter to mocker.spy, which contains a duplicate of the return value of the spied method if it is an Iterator.

Commits

• e1b5c62 Release 3.15.1
• 184eb19 Set spy_return_iter only when explicitly requested (#537)
• 4fa0088 [pre-commit.ci] pre-commit autoupdate (#536)
• f5aff33 Fix test failure with pytest 8+ and verbose mode (#535)
• adc4187 Bump actions/setup-python from 5 to 6 in the github-actions group (#533)
• 95ad570 [pre-commit.ci] pre-commit autoupdate (#532)
• e696bf0 Fix standalone mock support (#531)
• 5b29b03 Fix gen-release-notes script
• 7d22ef4 Merge pull request #528 from pytest-dev/release-3.15.0
• 90b29f8 Update CHANGELOG for 3.15.0
• Additional commits viewable in compare view

Updates bandit from 1.8.6 to 1.9.2

Release notes

Sourced from bandit's releases.

1.9.2

What's Changed

• Argparse Python 3.14 enhancements by @​ericwb in PyCQA/bandit#1331
• Check whether Constant value is str by @​ericwb in PyCQA/bandit#1333

Full Changelog: PyCQA/bandit@1.9.1...1.9.2

1.9.1

What's Changed

• More Python version related fixes by @​ericwb in PyCQA/bandit#1327

Full Changelog: PyCQA/bandit@1.9.0...1.9.1

1.9.0

What's Changed

• Add instructions for Maintainers to create/publish a release by @​ericwb in PyCQA/bandit#1275
• Bump sigstore/cosign-installer from 3.9.1 to 3.9.2 by @​dependabot[bot] in PyCQA/bandit#1289
• Bump docker/login-action from 3.4.0 to 3.5.0 by @​dependabot[bot] in PyCQA/bandit#1290
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1291
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in PyCQA/bandit#1292
• Replace deprecated datetime.datetime.utcnow() by @​purplezimmermann in PyCQA/bandit#1295
• Bump actions/setup-python from 5 to 6 by @​dependabot[bot] in PyCQA/bandit#1296
• Bump sigstore/cosign-installer from 3.9.2 to 3.10.0 by @​dependabot[bot] in PyCQA/bandit#1298
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1303
• Fix typos by @​Shortfinga in PyCQA/bandit#1305
• Bump docker/login-action from 3.5.0 to 3.6.0 by @​dependabot[bot] in PyCQA/bandit#1306
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1315
• Bump sigstore/cosign-installer from 3.10.0 to 4.0.0 by @​dependabot[bot] in PyCQA/bandit#1317
• Support of Python 3.14 by @​ericwb in PyCQA/bandit#1323
• Drop support of end-of-life Python 3.9 by @​ericwb in PyCQA/bandit#1325
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1324

New Contributors

• @​purplezimmermann made their first contribution in PyCQA/bandit#1295
• @​Shortfinga made their first contribution in PyCQA/bandit#1305

Full Changelog: PyCQA/bandit@1.8.6...1.9.0

Commits

• ea0d187 Check whether Constant value is str (#1333)
• 8bf7594 Argparse Python 3.14 enhancements (#1331)
• a255dfa More Python version related fixes (#1327)
• 3f07bb0 [pre-commit.ci] pre-commit autoupdate (#1324)
• c8c3fb8 Drop support of end-of-life Python 3.9 (#1325)
• 5c30350 Support of Python 3.14 (#1323)
• e1ffdf6 Bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#1317)
• 176d4ca [pre-commit.ci] pre-commit autoupdate (#1315)
• 2fc3e9c Bump docker/login-action from 3.5.0 to 3.6.0 (#1306)
• 6a68546 Fix typos (#1305)
• Additional commits viewable in compare view

Updates pytest-env from 1.1.5 to 1.2.0

Release notes

Sourced from pytest-env's releases.

1.2.0

What's Changed

• Add support for 3.14 and drop 3.9 by @​gaborbernat in pytest-dev/pytest-env#163

Full Changelog: pytest-dev/pytest-env@1.1.5...1.2.0

Commits

• 2b49978 Add support for 3.14 and drop 3.9 (#163)
• 26472ca Bump astral-sh/setup-uv from 6 to 7 (#162)
• d80b980 [pre-commit.ci] pre-commit autoupdate (#161)
• 8c4184b [pre-commit.ci] pre-commit autoupdate (#160)
• 7437167 [pre-commit.ci] pre-commit autoupdate (#159)
• 60f4379 [pre-commit.ci] pre-commit autoupdate (#158)
• 8b51263 [pre-commit.ci] pre-commit autoupdate (#157)
• 0a09760 Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 (#156)
• 4ec5d17 [pre-commit.ci] pre-commit autoupdate (#155)
• 97dd3a1 [pre-commit.ci] pre-commit autoupdate (#154)
• Additional commits viewable in compare view

Updates pytest-httpx from 0.35.0 to 0.36.0

Release notes

Sourced from pytest-httpx's releases.

0.36.0 (2025-12-02)

Changed

• pytest required version is now 9.

Added

• Explicit support for python 3.14.
• match_params parameter is now available on responses and callbacks registration, as well as request(s) retrieval. Allowing to provide query parameters as a dict instead of being part of the matched URL.
  • This parameter allows to perform partial query params matching (refer to documentation for more information).

Fixed

• URL with more than one value for the same parameter were not matched properly (matching was performed on the first value).
• httpx_mock.add_exception is now properly documented (accepts BaseException instead of Exception).

Removed

• pytest 8 is not supported anymore.
• python 3.9 is not supported anymore.

Changelog

Sourced from pytest-httpx's changelog.

[0.36.0] - 2025-12-02

Changed

• pytest required version is now 9.

Added

• Explicit support for python 3.14.
• match_params parameter is now available on responses and callbacks registration, as well as request(s) retrieval. Allowing to provide query parameters as a dict instead of being part of the matched URL.
  • This parameter allows to perform partial query params matching (refer to documentation for more information).

Fixed

• URL with more than one value for the same parameter were not matched properly (matching was performed on the first value).
• httpx_mock.add_exception is now properly documented (accepts BaseException instead of Exception).

Removed

• pytest 8 is not supported anymore.
• python 3.9 is not supported anymore.

Commits

• 9e5387d Release version 0.36.0
• dbc20d7 Release version 0.36.0 today
• e02259c Use subprocess coverage
• 63b1ff1 Switch version to 0.36.0 and document breaking changes
• 4d1c417 Release version 0.35.1
• 308b8dc Handle base exception
• 7b612dd Keep the number of test cases up to date
• ced1c3a Document the fact that add_exception can receive BaseException derived exception
• c3dd346 Accept BaseException in add_exception
• 9a3a9dc Prevent invalid match_params setup
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

PR Quick Check Results

Check	Status
pr-validation	✅ success
python-lint	✅ success
security-scan	✅ success
quick-test	✅ success
docker-lint	✅ success

✅ All quick checks passed!

[github-actions]

Pull Request Validation Results

✅ Code Quality: success
✅ API Contract Tests: success
✅ Docker Validation: success
❌ Integration Tests: skipped (disabled for CI)

Summary

⚠️ Some checks failed. Please review the errors above and fix them before merging.

Runtime: ~15-20 minutes
Triggered by: @dependabot[bot]