[pip] (deps): Bump the dev-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the dev-dependencies group with 7 updates in the / directory:

Package	From	To
charset-normalizer	3.4.4	3.4.6
filelock	3.25.0	3.25.2
identify	2.6.17	2.6.18
platformdirs	4.9.2	4.9.4
pytest-github-actions-annotate-failures	0.3.0	0.4.0
ruff	0.15.4	0.15.6
virtualenv	21.1.0	21.2.0

Updates charset-normalizer from 3.4.4 to 3.4.6

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.6

3.4.6 (2026-03-15)

Changed

• Flattened the logic in charset_normalizer.md for higher performance. Removed eligible(..) and feed(...) in favor of feed_info(...).
• Raised upper bound for mypy[c] to 1.20, for our optimized version.
• Updated UNICODE_RANGES_COMBINED using Unicode blocks v17.

Fixed

• Edge case where noise difference between two candidates can be almost insignificant. (#672)
• CLI --normalize writing to wrong path when passing multiple files in. (#702)

Misc

• Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (#616)

Version 3.4.5

3.4.5 (2026-03-06)

Changed

• Update setuptools constraint to setuptools>=68,<=82.
• Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

• Add explicit link to lib math in our optimized build. (#692)
• Logger level not restored correctly for empty byte sequences. (#701)
• TypeError when passing bytearray to from_bytes. (#703)

Misc

• Applied safe micro-optimizations in both our noise detector and language detector.
• Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
• Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.

[!WARNING]
mypyc changed the usual binary output for the optimized wheel. Beware, especially if using PyInstaller or alike. See jawah/charset_normalizer#714

Changelog

Sourced from charset-normalizer's changelog.

3.4.6 (2026-03-15)

Changed

• Flattened the logic in charset_normalizer.md for higher performance. Removed eligible(..) and feed(...) in favor of feed_info(...).
• Raised upper bound for mypy[c] to 1.20, for our optimized version.
• Updated UNICODE_RANGES_COMBINED using Unicode blocks v17.

Fixed

• Edge case where noise difference between two candidates can be almost insignificant. (#672)
• CLI --normalize writing to wrong path when passing multiple files in. (#702)

Misc

• Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (#616)

3.4.5 (2026-03-06)

Changed

• Update setuptools constraint to setuptools>=68,<=82.
• Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

• Add explicit link to lib math in our optimized build. (#692)
• Logger level not restored correctly for empty byte sequences. (#701)
• TypeError when passing bytearray to from_bytes. (#703)

Misc

• Applied safe micro-optimizations in both our noise detector and language detector.
• Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
• Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.

Commits

• 5478b84 Merge pull request #715 from jawah/release-3.4.6
• 5c0a09e ✔️ add confidence for threading usage, mostly due to lru_cach...
• ef826b2 📝 update changelog
• 5564f1a 📝 update docs accordingly
• 0f2cf7d 📝 update changelog
• 54a1894 🐛 fix --normalize writing to wrong path with multiple files
• 2177e28 📝 update changelog
• b2497a5 🐛 edge case where noise difference between two candidates can be almost i...
• 13a5d0b 🔧 upgrade ci requirements
• b9ffbd4 🔧 enable 3.14t nox mypyc session
• Additional commits viewable in compare view

Updates filelock from 3.25.0 to 3.25.2

Release notes

Sourced from filelock's releases.

3.25.2

What's Changed

• 🐛 fix(unix): suppress EIO on close in Docker bind mounts by @​gaborbernat in tox-dev/filelock#513

Full Changelog: tox-dev/filelock@3.25.1...3.25.2

3.25.1

What's Changed

• 📝 docs(logo): add branded project logo by @​gaborbernat in tox-dev/filelock#507
• 🐛 fix(win): restore best-effort lock file cleanup on release by @​gaborbernat in tox-dev/filelock#511

Full Changelog: tox-dev/filelock@3.25.0...3.25.1

Changelog

Sourced from filelock's changelog.

########### Changelog ###########

---

3.25.2 (2026-03-11)

---

• 🐛 fix(unix): suppress EIO on close in Docker bind mounts :pr:513

---

3.25.1 (2026-03-09)

---

• [pre-commit.ci] pre-commit autoupdate :pr:510 - by :user:pre-commit-ci[bot]
• 🐛 fix(win): restore best-effort lock file cleanup on release :pr:511
• [pre-commit.ci] pre-commit autoupdate :pr:508 - by :user:pre-commit-ci[bot]
• 📝 docs(logo): add branded project logo :pr:507

---

3.25.0 (2026-03-01)

---

• ✨ feat(async): add AsyncReadWriteLock :pr:506
• Standardize .github files to .yaml suffix
• build(deps): bump actions/download-artifact from 7 to 8 :pr:503 - by :user:dependabot[bot]
• build(deps): bump actions/upload-artifact from 6 to 7 :pr:502 - by :user:dependabot[bot]
• Move SECURITY.md to .github/SECURITY.md
• Add security policy
• Add permissions to check workflow :pr:500
• [pre-commit.ci] pre-commit autoupdate :pr:499 - by :user:pre-commit-ci[bot]

---

3.24.3 (2026-02-19)

---

• 🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire :pr:495
• 🐛 fix(ci): add trailing blank line after changelog entries :pr:492

---

3.24.2 (2026-02-16)

---

• 🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race :pr:491
• 🐛 fix(test): resolve flaky write non-starvation test :pr:490
• 📝 docs: restructure using Diataxis framework :pr:489

---

3.24.1 (2026-02-15)

---

... (truncated)

Commits

• 5b9872c Release 3.25.2
• 42b740a 🐛 fix(unix): suppress EIO on close in Docker bind mounts (#513)
• d8b04b5 Release 3.25.1
• 0633386 [pre-commit.ci] pre-commit autoupdate (#510)
• 7f2247d 🐛 fix(win): restore best-effort lock file cleanup on release (#511)
• 5ae1c4e [pre-commit.ci] pre-commit autoupdate (#508)
• bcffcfe 📝 docs(logo): add branded project logo (#507)
• See full diff in compare view

Updates identify from 2.6.17 to 2.6.18

Commits

• 07a8017 v2.6.18
• 2609c0a Merge pull request #581 from pre-commit/mxr-patch-1
• 74d7931 Configure pyproject.toml to have custom 'pyproject' file type
• See full diff in compare view

Updates platformdirs from 4.9.2 to 4.9.4

Release notes

Sourced from platformdirs's releases.

4.9.4

What's Changed

• Add permissions to workflows by @​gaborbernat in tox-dev/platformdirs#455
• Move SECURITY.md to .github/SECURITY.md by @​gaborbernat in tox-dev/platformdirs#456
• Standardize .github files to .yaml suffix by @​gaborbernat in tox-dev/platformdirs#458
• 📝 docs: add project logo to documentation by @​gaborbernat in tox-dev/platformdirs#459

Full Changelog: tox-dev/platformdirs@4.9.3...4.9.4

4.9.3

What's Changed

• Fix test failures on BSD for runtime directory defaults by @​Fridayai700 in tox-dev/platformdirs#451
• Respect XDG_CONFIG_HOME in _get_user_dirs_folder by @​bysiber in tox-dev/platformdirs#453
• Add missing _optionally_create_directory in Android user_log_dir and user_runtime_dir by @​bysiber in tox-dev/platformdirs#452

New Contributors

• @​Fridayai700 made their first contribution in tox-dev/platformdirs#451
• @​bysiber made their first contribution in tox-dev/platformdirs#453

Full Changelog: tox-dev/platformdirs@4.9.2...4.9.3

Changelog

Sourced from platformdirs's changelog.

########### Changelog ###########

---

4.9.4 (2026-03-05)

---

• [pre-commit.ci] pre-commit autoupdate :pr:461 - by :user:pre-commit-ci[bot]
• Update README.md
• 📝 docs: add project logo to documentation :pr:459
• Standardize .github files to .yaml suffix
• build(deps): bump the all group with 2 updates :pr:457 - by :user:dependabot[bot]
• Move SECURITY.md to .github/SECURITY.md
• Add permissions to workflows :pr:455
• Add security policy
• [pre-commit.ci] pre-commit autoupdate :pr:454 - by :user:pre-commit-ci[bot]

---

4.9.2 (2026-02-16)

---

• 📝 docs: restructure following Diataxis framework :pr:448
• 📝 docs(platforms): fix RST formatting and TOC hierarchy :pr:447

---

4.9.1 (2026-02-14)

---

• 📝 docs: enhance README, fix issues, and reorganize platforms.rst :pr:445

---

4.9.0 (2026-02-14)

---

• 📚 docs: split usage guide into tutorial, how-to, and reference :pr:441
• ✨ feat(api): add site_bin_dir property :pr:443
• ✨ feat(api): add site_applications_dir property :pr:442
• 🐛 fix(unix): use correct runtime dir path for OpenBSD :pr:440
• 📝 docs(usage): document use_site_for_root parameter :pr:439

---

4.8.0 (2026-02-14)

---

• 📝 docs(usage): note that home dir is in stdlib :pr:431
• ✨ feat(api): add user_applications_dir property :pr:432
• ✨ feat(api): add user_bin_dir property :pr:430
• 🐛 fix(macos): yield individual site dirs in iter_*_dirs :pr:429
• ✨ feat(windows): add WIN_PD_OVERRIDE_* env var overrides :pr:428

... (truncated)

Commits

• 3fdb23e Release 4.9.4
• 96e0ed0 [pre-commit.ci] pre-commit autoupdate (#461)
• 455f98e Update README.md
• 423bc18 📝 docs: add project logo to documentation (#459)
• b10b8c5 Standardize .github files to .yaml suffix
• 27582df build(deps): bump the all group with 2 updates (#457)
• da59cc6 Move SECURITY.md to .github/SECURITY.md
• 5ef8a10 Add permissions to workflows (#455)
• 2f0cd48 Add security policy
• aeb0da1 [pre-commit.ci] pre-commit autoupdate (#454)
• Additional commits viewable in compare view

Updates pytest-github-actions-annotate-failures from 0.3.0 to 0.4.0

Release notes

Sourced from pytest-github-actions-annotate-failures's releases.

v0.4.0

Breaking

• breaking: require python>=3.10 (#131) @​ssbarnea
• Require pytest 7+ (#116) @​edgarrmondragon

Features

• feat: Support Pytest 9+ subtests (#121) @​edgarrmondragon

Fixes

• fix: use setuptools-scm and release drafter (#128) @​ssbarnea
• fix(warnings): use GITHUB_WORKSPACE instead of GITHUB_WORKFLOW (#124) @​rmuir
• Fix internal error when processing warnings (#117) @​edgarrmondragon
• docs: examples should use newest actions (#109) @​vil02

Maintenance

• chore: release drafter part2 (#130) @​ssbarnea
• chore: enable release drafter (#129) @​ssbarnea
• ci: Test with Pytest 9 (#120) @​edgarrmondragon
• build(deps): bump actions/attest-build-provenance from 3 to 4 (#126) @dependabot[bot]
• build(deps): bump actions/download-artifact from 7 to 8 (#127) @dependabot[bot]
• build(deps): bump actions/download-artifact from 6 to 7 (#123) @dependabot[bot]
• build(deps): bump actions/checkout from 5 to 6 (#122) @dependabot[bot]
• build(deps): bump actions/download-artifact from 5 to 6 (#119) @dependabot[bot]
• build(deps): bump astral-sh/setup-uv from 6 to 7 (#118) @dependabot[bot]
• Test on Python 3.14 (#115) @​edgarrmondragon
• build(deps): bump actions/setup-python from 5 to 6 (#114) @dependabot[bot]
• build(deps): bump actions/attest-build-provenance from 2 to 3 (#112) @dependabot[bot]
• build(deps): bump actions/checkout from 4 to 5 (#111) @dependabot[bot]
• build(deps): bump actions/download-artifact from 4 to 5 (#110) @dependabot[bot]
• build(deps): bump astral-sh/setup-uv from 5 to 6 (#108) @dependabot[bot]

Commits

• f48349e fix: use setuptools-scm and release drafter (#128)
• f6004c8 feat!: require python>=3.10 (#131)
• 8991a45 chore: release drafter part2 (#130)
• 7b40174 chore: enable release drafter (#129)
• 58be6ad feat: Support Pytest 9+ subtests (#121)
• 26a0c80 Test with Pytest 9 (#120)
• d33d199 build(deps): bump actions/attest-build-provenance from 3 to 4 (#126)
• 4e6cbca build(deps): bump actions/download-artifact from 7 to 8 (#127)
• 3c82f58 fix(warnings): use GITHUB_WORKSPACE instead of GITHUB_WORKFLOW (#124)
• 67da723 build(deps): bump actions/download-artifact from 6 to 7 (#123)
• Additional commits viewable in compare view

Updates ruff from 0.15.4 to 0.15.6

Release notes

Sourced from ruff's releases.

0.15.6

Release Notes

Released on 2026-03-12.

Preview features

• Add support for lazy import parsing (#23755)
• Add support for star-unpacking of comprehensions (PEP 798) (#23788)
• Reject semantic syntax errors for lazy imports (#23757)
• Drop a few rules from the preview default set (#23879)
• [airflow] Flag Variable.get() calls outside of task execution context (AIR003) (#23584)
• [airflow] Flag runtime-varying values in DAG/task constructor arguments (AIR304) (#23631)
• [flake8-bugbear] Implement delattr-with-constant (B043) (#23737)
• [flake8-tidy-imports] Add TID254 to enforce lazy imports (#23777)
• [flake8-tidy-imports] Allow users to ban lazy imports with TID254 (#23847)
• [isort] Retain lazy keyword when sorting imports (#23762)
• [pyupgrade] Add from __future__ import annotations automatically (UP006) (#23260)
• [refurb] Support newline parameter in FURB101 for Python 3.13+ (#23754)
• [ruff] Add os-path-commonprefix (RUF071) (#23814)
• [ruff] Add unsafe fix for os-path-commonprefix (RUF071) (#23852)
• [ruff] Limit RUF036 to typing contexts; make it unsafe for non-typing-only (#23765)
• [ruff] Use starred unpacking for RUF017 in Python 3.15+ (#23789)

Bug fixes

• Fix --add-noqa creating unwanted leading whitespace (#23773)
• Fix --add-noqa breaking shebangs (#23577)
• [formatter] Fix lambda body formatting for multiline calls and subscripts (#23866)
• [formatter] Preserve required annotation parentheses in annotated assignments (#23865)
• [formatter] Preserve type-expression parentheses in the formatter (#23867)
• [flake8-annotations] Fix stack overflow in ANN401 on quoted annotations with escape sequences (#23912)
• [pep8-naming] Check naming conventions in match pattern bindings (N806, N815, N816) (#23899)
• [perflint] Fix comment duplication in fixes (PERF401, PERF403) (#23729)
• [pyupgrade] Properly trigger super change in nested class (UP008) (#22677)
• [ruff] Avoid syntax errors in RUF036 fixes (#23764)

Rule changes

• [flake8-bandit] Flag S501 with requests.request (#23873)
• [flake8-executable] Fix WSL detection in non-Docker containers (#22879)
• [flake8-print] Ignore pprint calls with stream= (#23787)

Documentation

• Update docs for Markdown code block formatting (#23871)
• [flake8-bugbear] Fix misleading description for B904 (#23731)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.6

Released on 2026-03-12.

Preview features

• Add support for lazy import parsing (#23755)
• Add support for star-unpacking of comprehensions (PEP 798) (#23788)
• Reject semantic syntax errors for lazy imports (#23757)
• Drop a few rules from the preview default set (#23879)
• [airflow] Flag Variable.get() calls outside of task execution context (AIR003) (#23584)
• [airflow] Flag runtime-varying values in DAG/task constructor arguments (AIR304) (#23631)
• [flake8-bugbear] Implement delattr-with-constant (B043) (#23737)
• [flake8-tidy-imports] Add TID254 to enforce lazy imports (#23777)
• [flake8-tidy-imports] Allow users to ban lazy imports with TID254 (#23847)
• [isort] Retain lazy keyword when sorting imports (#23762)
• [pyupgrade] Add from __future__ import annotations automatically (UP006) (#23260)
• [refurb] Support newline parameter in FURB101 for Python 3.13+ (#23754)
• [ruff] Add os-path-commonprefix (RUF071) (#23814)
• [ruff] Add unsafe fix for os-path-commonprefix (RUF071) (#23852)
• [ruff] Limit RUF036 to typing contexts; make it unsafe for non-typing-only (#23765)
• [ruff] Use starred unpacking for RUF017 in Python 3.15+ (#23789)

Bug fixes

• Fix --add-noqa creating unwanted leading whitespace (#23773)
• Fix --add-noqa breaking shebangs (#23577)
• [formatter] Fix lambda body formatting for multiline calls and subscripts (#23866)
• [formatter] Preserve required annotation parentheses in annotated assignments (#23865)
• [formatter] Preserve type-expression parentheses in the formatter (#23867)
• [flake8-annotations] Fix stack overflow in ANN401 on quoted annotations with escape sequences (#23912)
• [pep8-naming] Check naming conventions in match pattern bindings (N806, N815, N816) (#23899)
• [perflint] Fix comment duplication in fixes (PERF401, PERF403) (#23729)
• [pyupgrade] Properly trigger super change in nested class (UP008) (#22677)
• [ruff] Avoid syntax errors in RUF036 fixes (#23764)

Rule changes

• [flake8-bandit] Flag S501 with requests.request (#23873)
• [flake8-executable] Fix WSL detection in non-Docker containers (#22879)
• [flake8-print] Ignore pprint calls with stream= (#23787)

Documentation

• Update docs for Markdown code block formatting (#23871)
• [flake8-bugbear] Fix misleading description for B904 (#23731)

Contributors

• @​zsol

... (truncated)

Commits

• e4c7f35 Bump 0.15.6 (#23919)
• edfe6c1 [ty] Narrow type context during collection literal inference (#23844)
• dd16d68 Exclude broken symlink in ecosystem check (#23921)
• 3f94c6a Fix stack overflow in ANN401 on quoted annotations with escape sequences (#23...
• 91fc7bd [ty] Fix false-positive diagnostics for PEP-604 union annotations on attribut...
• 04229cf [ty] Initial test suite for PEP-728 TypedDict features (#23832)
• 728b9d6 [pep8-naming] Check naming conventions in match pattern bindings (N806,...
• 88d1eec [ty] Ensure a type[] type T is always considered assignable to a union th...
• 37cdd61 Fix lambda body formatting for multiline calls and subscripts (#23866)
• a25a4df [ty] Disambiguate duplicate-looking overloaded callables in union display (#2...
• Additional commits viewable in compare view

Updates virtualenv from 21.1.0 to 21.2.0

Release notes

Sourced from virtualenv's releases.

21.2.0

What's Changed

• Move SECURITY.md to .github/SECURITY.md by @​gaborbernat in pypa/virtualenv#3077
• Standardize .github files to .yaml suffix by @​gaborbernat in pypa/virtualenv#3079
• Add type annotations to embed wheel generator output by @​rahuldevikar in pypa/virtualenv#3085
• fix broken README heading introduced in docs restructure by @​rahuldevikar in pypa/virtualenv#3088
• 🐛 fix(bash): use BASH_SOURCE in activate relocation by @​gaborbernat in pypa/virtualenv#3091
• 🐛 fix(create): prevent venv from racing virtualenv on gitignore creation by @​gaborbernat in pypa/virtualenv#3092

Full Changelog: pypa/virtualenv@21.1.0...21.2.0

Changelog

Sourced from virtualenv's changelog.

Features - 21.2.0

• Update embed wheel generator (tasks/upgrade_wheels.py) to include type annotations in generated output - by :user:rahuldevikar. (:issue:3075)

Bugfixes - 21.2.0

• Pass --without-scm-ignore-files to subprocess venv on Python 3.13+ so virtualenv controls .gitignore creation, fixing flaky test_create_no_seed and --no-vcs-ignore being ignored in subprocess path - by :user:gaborbernat. (:issue:3089)
• Use BASH_SOURCE[0] instead of $0 in the bash activate script relocation fallback, fixing incorrect PATH when sourcing the activate script from a different directory - by :user:gaborbernat. (:issue:3090)

---

v21.1.0 (2026-02-27)

---

Commits

• 0b6f444 release 21.2.0
• e1af35d 🐛 fix(create): prevent venv from racing virtualenv on gitignore creation (#3092)
• f05bf08 🐛 fix(bash): use BASH_SOURCE in activate relocation (#3091)
• 0cd0e09 fix broken README heading introduced in docs restructure (#3088)
• b7ab17e [pre-commit.ci] pre-commit autoupdate (#3087)
• f2062bc chore(deps): bump astral-sh/setup-uv from 4 to 7 (#3086)
• eb27e55 Add type annotations to embed wheel generator output (#3085)
• fbb3bd1 chore(deps): bump peter-evans/create-pull-request from 7 to 8 (#3081)
• a1d3963 chore(deps): bump actions/setup-python from 5 to 6 (#3080)
• e768d56 chore(deps): bump actions/upload-artifact from 4 to 7 (#3082)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Coverage report

This PR does not seem to contain any modification to coverable code.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.