Bump the "dependencies" group with 2 updates across multiple ecosystems

[dependabot]

Bumps the dependencies group with 3 updates: tox-uv, setuptools-scm and setuptools.

Updates tox-uv from 1.33.0 to 1.34.0

Release notes

Sourced from tox-uv's releases.

1.34.0

What's Changed

• 🔒 ci(workflows): add zizmor security auditing by @​gaborbernat in tox-dev/tox-uv#317
• ✨ feat(runner): add PEP 723 inline script metadata support by @​gaborbernat in tox-dev/tox-uv#319

Full Changelog: tox-dev/tox-uv@1.33.4...1.34.0

1.33.4

What's Changed

• 🐛 fix(meta): remove tox_uv namespace conflict by @​gaborbernat in tox-dev/tox-uv#314

Full Changelog: tox-dev/tox-uv@1.33.3...1.33.4

1.33.3

What's Changed

• 🐛 fix(venv): reject non-Python env names as interpreter specs by @​gaborbernat in tox-dev/tox-uv#312
• 🐛 fix(venv): resolve env names with trailing digits correctly by @​gaborbernat in tox-dev/tox-uv#313

Full Changelog: tox-dev/tox-uv@1.33.2...1.33.3

1.33.2

What's Changed

• 🐛 fix(venv): resolve Python spec from env name when tox passes fallback path by @​gaborbernat in tox-dev/tox-uv#308

Full Changelog: tox-dev/tox-uv@1.33.1...1.33.2

1.33.1

What's Changed

• Move SECURITY.md to .github/SECURITY.md by @​gaborbernat in tox-dev/tox-uv#302
• 🐛 fix(venv): use virtualenv PythonInfo from new location by @​gaborbernat in tox-dev/tox-uv#303
• Add permissions to workflows by @​gaborbernat in tox-dev/tox-uv#299
• Add missing .github config files by @​gaborbernat in tox-dev/tox-uv#304
• Standardize .github files to .yaml suffix by @​gaborbernat in tox-dev/tox-uv#305

Full Changelog: tox-dev/tox-uv@1.33.0...1.33.1

Commits

• d9b72cf ✨ feat(runner): add PEP 723 inline script metadata support (#319)
• 0215281 [pre-commit.ci] pre-commit autoupdate (#318)
• 4deee33 🔒 ci(workflows): add zizmor security auditing (#317)
• 60d1fd6 [pre-commit.ci] pre-commit autoupdate (#316)
• 93eecc2 [pre-commit.ci] pre-commit autoupdate (#315)
• e0b9d0f 🐛 fix(meta): remove tox_uv namespace conflict (#314)
• 8cee50b 🐛 fix(venv): resolve env names with trailing digits correctly (#313)
• ff811cb 🐛 fix(venv): reject non-Python env names as interpreter specs (#312)
• ef8450c [pre-commit.ci] pre-commit autoupdate (#307)
• 906a243 🐛 fix(venv): resolve Python spec from env name when tox passes fallback path ...
• Additional commits viewable in compare view

Updates setuptools-scm from 9.2.2 to 10.0.5

Release notes

Sourced from setuptools-scm's releases.

setuptools-scm v10.0.5

Fixed

• Allow dump_version() deprecation warning to be silenced by passing scm_version=None. (#1286)
• Remove [tool.uv.sources] from setuptools-scm/pyproject.toml to fix sdist builds outside the workspace — the workspace root already declares the source mapping for development. (#1330)

setuptools-scm v10.0.4

Fixed

• Anchor get_version in setup.py with relative_to and fallback_root so SCM fallbacks (e.g. PKG-INFO) do not resolve against the wrong directory when the build cwd is the workspace or repo root. (#1302)
• Enter GlobalOverrides for SETUPTOOLS_SCM when using setuptools_scm.get_version / _get_version, avoiding implicit context warnings for direct API callers. (#1314)

Miscellaneous

• Upgrade pre-commit hooks (Ruff, mypy, codespell), align locked Ruff with hooks, and add Ruff per-file configuration for setuptools_scm re-export modules. (#1311)

setuptools-scm v10.0.3

Fixed

• Remove monorepo-only ../vcs-versioning/src from build-system.backend-path so sdists install under PEP 517 (paths must stay inside the source tree). (#1306)

Miscellaneous

• Add griffecli to test dependencies so the API stability check keeps working after the Griffe CLI was split into a separate package. (#1310)

setuptools-scm v10.0.2

Fixed

• Fix version file not generated for editable installs. Version files are now written to the source tree by default during inference (restoring pre-10.x behavior), and also registered as build_py outputs so strict editable installs include them in the persistent auxiliary directory. Set SETUPTOOLS_SCM_WRITE_TO_SOURCE=0 to disable source-tree writing (e.g., for read-only source directories). (#1298)

setuptools-scm v10.0.1

Miscellaneous

• Simplify release tag creation to use a single createRelease API call instead of separate createTag/createRef/createRelease calls, avoiding dangling tag objects on partial failures. (#release-pipeline)

setuptools-scm v10.0.0

Removed

• Drop Python 3.8 and 3.9 support. Minimum Python version is now 3.10. (#1228)

Added

• setuptools-scm now depends on vcs-versioning for core version inference logic. This enables other build backends to use the same version inference without setuptools dependency. (#1228)
• Version files (write_to and version_file) are now written to the build directory during build_py instead of the source tree during version inference. This enables installing packages from read-only source directories (e.g., Bazel builds).

... (truncated)

Commits

• e2ba34f Merge pull request #1328 from pypa/release/main
• d34d072 Prepare release: setuptools-scm v10.0.5
• 7c62809 Merge pull request #1332 from RonnyPfannschmidt/fix/1330-remove-workspace-sou...
• f600a29 fix: remove workspace source override from setuptools-scm member (fixes #1330)
• f76244e Merge pull request #1327 from RonnyPfannschmidt/update-classifiers-python-3.14
• 8c23c5b Merge pull request #1286 from effigies/scm_version_sentinel
• 629842a build: update trove classifiers and add Python 3.14 support
• 6a1fc3b Merge pull request #1318 from pypa/release/main
• a63b13a Prepare release: setuptools-scm v10.0.4, vcs-versioning v1.1.0
• 59275f7 Merge pull request #1325 from RonnyPfannschmidt/issue-1302-setuptools-build-b...
• Additional commits viewable in compare view

Updates setuptools from 82.0.0 to 82.0.1

Changelog

Sourced from setuptools's changelog.

v82.0.1

Bugfixes

• Fix the loading of launcher manifest.xml file. (#5047)
• Replaced deprecated json.__version__ with fixture in tests. (#5186)

Improved Documentation

• Add advice about how to improve predictability when installing sdists. (#5168)

Misc

• #4941, #5157, #5169, #5175

Commits

• 5a13876 Bump version: 82.0.0 → 82.0.1
• 51ab8f1 Avoid using (deprecated) 'json.version' in tests (#5194)
• f9c37b2 Docs/CI: Fix intersphinx references (#5195)
• 8173db2 Docs: Fix intersphinx references
• 09bafbc Fix past tense on newsfragment
• 461ea56 Add news fragment
• c4ffe53 Avoid using (deprecated) 'json.version' in tests
• 749258b Cleanup pkg_resources dependencies and configuration (#5175)
• 2019c16 Parse ext-module.define-macros from pyproject.toml as list of tuples (#5169)
• b809c86 Sync setuptools schema with validate-pyproject (#5157)
• Additional commits viewable in compare view

Bumps the dependencies group with 2 updates: actions/download-artifact and ncipollo/release-action.

Updates actions/download-artifact from 8.0.0 to 8.0.1

Release notes

Sourced from actions/download-artifact's releases.

v8.0.1

What's Changed

• Support for CJK characters in the artifact name by @​danwkennedy in actions/download-artifact#471
• Add a regression test for artifact name + content-type mismatches by @​danwkennedy in actions/download-artifact#472

Full Changelog: actions/download-artifact@v8...v8.0.1

Commits

• 3e5f45b Add regression tests for CJK characters (#471)
• e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
• See full diff in compare view

Updates ncipollo/release-action from 1.20.0 to 1.21.0

Release notes

Sourced from ncipollo/release-action's releases.

v1.21.0

What's Changed

• Bump jest-circus from 29.7.0 to 30.2.0 by @​dependabot[bot] in ncipollo/release-action#557
• Bump typescript from 5.8.3 to 5.9.3 by @​dependabot[bot] in ncipollo/release-action#556
• Bump actions/setup-node from 4 to 5 by @​dependabot[bot] in ncipollo/release-action#551
• Bump @​types/node from 22.15.29 to 24.6.1 by @​dependabot[bot] in ncipollo/release-action#555
• Bump actions/setup-node from 5 to 6 by @​dependabot[bot] in ncipollo/release-action#559
• Bump ts-jest from 29.3.4 to 29.4.5 by @​dependabot[bot] in ncipollo/release-action#561
• Bump @​biomejs/biome from 1.9.4 to 2.3.2 by @​dependabot[bot] in ncipollo/release-action#564
• Bump @​types/node from 24.6.1 to 24.9.2 by @​dependabot[bot] in ncipollo/release-action#563
• Bump js-yaml from 3.14.1 to 3.14.2 by @​dependabot[bot] in ncipollo/release-action#567
• Bump glob from 11.0.3 to 11.1.0 by @​dependabot[bot] in ncipollo/release-action#568
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in ncipollo/release-action#569
• Bump @​biomejs/biome from 2.3.2 to 2.3.8 by @​dependabot[bot] in ncipollo/release-action#575
• Bump glob from 11.1.0 to 13.0.0 by @​dependabot[bot] in ncipollo/release-action#573
• Bump @​octokit/types from 13.10.0 to 16.0.0 by @​dependabot[bot] in ncipollo/release-action#577
• Bump @​biomejs/biome from 2.3.8 to 2.3.10 by @​dependabot[bot] in ncipollo/release-action#578
• Bump @​actions/core from 1.11.1 to 2.0.1 by @​dependabot[bot] in ncipollo/release-action#579
• Bump @​types/node from 24.10.1 to 25.0.3 by @​dependabot[bot] in ncipollo/release-action#580
• Bump @​biomejs/biome from 2.3.10 to 2.3.13 by @​dependabot[bot] in ncipollo/release-action#586
• Bump @​types/node from 25.0.3 to 25.1.0 by @​dependabot[bot] in ncipollo/release-action#583
• Bump to core-3.0.0, move to vitest, support ESM modules by @​ncipollo in ncipollo/release-action#587
• Bump @​actions/github from 6.0.1 to 9.0.0 by @​dependabot[bot] in ncipollo/release-action#585
• Bump glob from 13.0.0 to 13.0.6 by @​dependabot[bot] in ncipollo/release-action#592
• Bump @​biomejs/biome from 2.3.13 to 2.4.4 by @​dependabot[bot] in ncipollo/release-action#591
• Fixes #593 Pass commitish into release notes request when present by @​ncipollo in ncipollo/release-action#594

Full Changelog: ncipollo/release-action@v1...v1.21.0

Commits

• 339a818 preparing release 1.21.0
• df17233 Resolve pnpm audit results
• 813e942 Update release script
• 7df3a0e Update sheepit to use pnpm
• caacf56 Fixes #595 Bump to node 24
• c074b5e Fixes #593 Pass commitish into release notes request when present (#594)
• 9e03662 Bump @​biomejs/biome from 2.3.13 to 2.4.4 (#591)
• 5b4b195 Bump glob from 13.0.0 to 13.0.6 (#592)
• 89bab4d debug build
• 00cbfdc Bump @​actions/github from 6.0.1 to 9.0.0 (#585)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions