[pip] (deps): Bump the dev-dependencies group across 1 directory with 9 updates

[dependabot]

Bumps the dev-dependencies group with 9 updates in the / directory:

Package	From	To
charset-normalizer	3.4.4	3.4.6
coverage	7.13.4	7.13.5
filelock	3.25.0	3.25.2
identify	2.6.17	2.6.18
platformdirs	4.9.2	4.9.4
pytest-cov	7.0.0	7.1.0
pytest-github-actions-annotate-failures	0.3.0	0.4.0
ruff	0.15.4	0.15.7
virtualenv	21.1.0	21.2.0

Updates charset-normalizer from 3.4.4 to 3.4.6

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.6

3.4.6 (2026-03-15)

Changed

• Flattened the logic in charset_normalizer.md for higher performance. Removed eligible(..) and feed(...) in favor of feed_info(...).
• Raised upper bound for mypy[c] to 1.20, for our optimized version.
• Updated UNICODE_RANGES_COMBINED using Unicode blocks v17.

Fixed

• Edge case where noise difference between two candidates can be almost insignificant. (#672)
• CLI --normalize writing to wrong path when passing multiple files in. (#702)

Misc

• Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (#616)

Version 3.4.5

3.4.5 (2026-03-06)

Changed

• Update setuptools constraint to setuptools>=68,<=82.
• Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

• Add explicit link to lib math in our optimized build. (#692)
• Logger level not restored correctly for empty byte sequences. (#701)
• TypeError when passing bytearray to from_bytes. (#703)

Misc

• Applied safe micro-optimizations in both our noise detector and language detector.
• Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
• Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.

[!WARNING]
mypyc changed the usual binary output for the optimized wheel. Beware, especially if using PyInstaller or alike. See jawah/charset_normalizer#714

Changelog

Sourced from charset-normalizer's changelog.

3.4.6 (2026-03-15)

Changed

• Flattened the logic in charset_normalizer.md for higher performance. Removed eligible(..) and feed(...) in favor of feed_info(...).
• Raised upper bound for mypy[c] to 1.20, for our optimized version.
• Updated UNICODE_RANGES_COMBINED using Unicode blocks v17.

Fixed

• Edge case where noise difference between two candidates can be almost insignificant. (#672)
• CLI --normalize writing to wrong path when passing multiple files in. (#702)

Misc

• Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (#616)

3.4.5 (2026-03-06)

Changed

• Update setuptools constraint to setuptools>=68,<=82.
• Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

• Add explicit link to lib math in our optimized build. (#692)
• Logger level not restored correctly for empty byte sequences. (#701)
• TypeError when passing bytearray to from_bytes. (#703)

Misc

• Applied safe micro-optimizations in both our noise detector and language detector.
• Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
• Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.

Commits

• 5478b84 Merge pull request #715 from jawah/release-3.4.6
• 5c0a09e ✔️ add confidence for threading usage, mostly due to lru_cach...
• ef826b2 📝 update changelog
• 5564f1a 📝 update docs accordingly
• 0f2cf7d 📝 update changelog
• 54a1894 🐛 fix --normalize writing to wrong path with multiple files
• 2177e28 📝 update changelog
• b2497a5 🐛 edge case where noise difference between two candidates can be almost i...
• 13a5d0b 🔧 upgrade ci requirements
• b9ffbd4 🔧 enable 3.14t nox mypyc session
• Additional commits viewable in compare view

Updates coverage from 7.13.4 to 7.13.5

Changelog

Sourced from coverage's changelog.

Version 7.13.5 — 2026-03-17

• Fix: issue 2138_ describes a memory leak that happened when repeatedly using the Coverage API with in-memory data. This is now fixed.

• Fix: the markdown-formatted coverage report didn't fully escape special characters in file paths (issue 2141). This would be very unlikely to cause a problem, but now it's done properly, thanks to Ellie Ayla <pull 2142_>.

• Fix: the C extension wouldn't build on VS2019, but now it does (issue 2145_).

.. _issue 2138: coveragepy/coveragepy#2138 .. _issue 2141: coveragepy/coveragepy#2141 .. _pull 2142: coveragepy/coveragepy#2142 .. _issue 2145: coveragepy/coveragepy#2145

.. _changes_7-13-4:

Commits

• c88da14 docs: sample HTML for 7.13.5
• e2ac3e1 build: sample HTML shouldn't include the status.json file
• 910f8f3 docs: prep for 7.13.5
• 3a4819c style: make workflows more uniform
• 2a53705 chore: bump the action-dependencies group across 1 directory with 4 updates (...
• e7c878d chore: make upgrade
• ab4db40 build: use --generate-hashes when pinning
• a438753 chore: make upgrade
• 7b33457 refactor: some leftover pyupgrade 3.10 bits
• 2ff968d refactor: this type wasn't used anywhere
• Additional commits viewable in compare view

Updates filelock from 3.25.0 to 3.25.2

Release notes

Sourced from filelock's releases.

3.25.2

What's Changed

• 🐛 fix(unix): suppress EIO on close in Docker bind mounts by @​gaborbernat in tox-dev/filelock#513

Full Changelog: tox-dev/filelock@3.25.1...3.25.2

3.25.1

What's Changed

• 📝 docs(logo): add branded project logo by @​gaborbernat in tox-dev/filelock#507
• 🐛 fix(win): restore best-effort lock file cleanup on release by @​gaborbernat in tox-dev/filelock#511

Full Changelog: tox-dev/filelock@3.25.0...3.25.1

Changelog

Sourced from filelock's changelog.

########### Changelog ###########

---

3.25.2 (2026-03-11)

---

• 🐛 fix(unix): suppress EIO on close in Docker bind mounts :pr:513

---

3.25.1 (2026-03-09)

---

• [pre-commit.ci] pre-commit autoupdate :pr:510 - by :user:pre-commit-ci[bot]
• 🐛 fix(win): restore best-effort lock file cleanup on release :pr:511
• [pre-commit.ci] pre-commit autoupdate :pr:508 - by :user:pre-commit-ci[bot]
• 📝 docs(logo): add branded project logo :pr:507

---

3.25.0 (2026-03-01)

---

• ✨ feat(async): add AsyncReadWriteLock :pr:506
• Standardize .github files to .yaml suffix
• build(deps): bump actions/download-artifact from 7 to 8 :pr:503 - by :user:dependabot[bot]
• build(deps): bump actions/upload-artifact from 6 to 7 :pr:502 - by :user:dependabot[bot]
• Move SECURITY.md to .github/SECURITY.md
• Add security policy
• Add permissions to check workflow :pr:500
• [pre-commit.ci] pre-commit autoupdate :pr:499 - by :user:pre-commit-ci[bot]

---

3.24.3 (2026-02-19)

---

• 🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire :pr:495
• 🐛 fix(ci): add trailing blank line after changelog entries :pr:492

---

3.24.2 (2026-02-16)

---

• 🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race :pr:491
• 🐛 fix(test): resolve flaky write non-starvation test :pr:490
• 📝 docs: restructure using Diataxis framework :pr:489

---

3.24.1 (2026-02-15)

---

... (truncated)

Commits

• 5b9872c Release 3.25.2
• 42b740a 🐛 fix(unix): suppress EIO on close in Docker bind mounts (#513)
• d8b04b5 Release 3.25.1
• 0633386 [pre-commit.ci] pre-commit autoupdate (#510)
• 7f2247d 🐛 fix(win): restore best-effort lock file cleanup on release (#511)
• 5ae1c4e [pre-commit.ci] pre-commit autoupdate (#508)
• bcffcfe 📝 docs(logo): add branded project logo (#507)
• See full diff in compare view

Updates identify from 2.6.17 to 2.6.18

Commits

• 07a8017 v2.6.18
• 2609c0a Merge pull request #581 from pre-commit/mxr-patch-1
• 74d7931 Configure pyproject.toml to have custom 'pyproject' file type
• See full diff in compare view

Updates platformdirs from 4.9.2 to 4.9.4

Release notes

Sourced from platformdirs's releases.

4.9.4

What's Changed

• Add permissions to workflows by @​gaborbernat in tox-dev/platformdirs#455
• Move SECURITY.md to .github/SECURITY.md by @​gaborbernat in tox-dev/platformdirs#456
• Standardize .github files to .yaml suffix by @​gaborbernat in tox-dev/platformdirs#458
• 📝 docs: add project logo to documentation by @​gaborbernat in tox-dev/platformdirs#459

Full Changelog: tox-dev/platformdirs@4.9.3...4.9.4

4.9.3

What's Changed

• Fix test failures on BSD for runtime directory defaults by @​Fridayai700 in tox-dev/platformdirs#451
• Respect XDG_CONFIG_HOME in _get_user_dirs_folder by @​bysiber in tox-dev/platformdirs#453
• Add missing _optionally_create_directory in Android user_log_dir and user_runtime_dir by @​bysiber in tox-dev/platformdirs#452

New Contributors

• @​Fridayai700 made their first contribution in tox-dev/platformdirs#451
• @​bysiber made their first contribution in tox-dev/platformdirs#453

Full Changelog: tox-dev/platformdirs@4.9.2...4.9.3

Changelog

Sourced from platformdirs's changelog.

########### Changelog ###########

---

4.9.4 (2026-03-05)

---

• [pre-commit.ci] pre-commit autoupdate :pr:461 - by :user:pre-commit-ci[bot]
• Update README.md
• 📝 docs: add project logo to documentation :pr:459
• Standardize .github files to .yaml suffix
• build(deps): bump the all group with 2 updates :pr:457 - by :user:dependabot[bot]
• Move SECURITY.md to .github/SECURITY.md
• Add permissions to workflows :pr:455
• Add security policy
• [pre-commit.ci] pre-commit autoupdate :pr:454 - by :user:pre-commit-ci[bot]

---

4.9.2 (2026-02-16)

---

• 📝 docs: restructure following Diataxis framework :pr:448
• 📝 docs(platforms): fix RST formatting and TOC hierarchy :pr:447

---

4.9.1 (2026-02-14)

---

• 📝 docs: enhance README, fix issues, and reorganize platforms.rst :pr:445

---

4.9.0 (2026-02-14)

---

• 📚 docs: split usage guide into tutorial, how-to, and reference :pr:441
• ✨ feat(api): add site_bin_dir property :pr:443
• ✨ feat(api): add site_applications_dir property :pr:442
• 🐛 fix(unix): use correct runtime dir path for OpenBSD :pr:440
• 📝 docs(usage): document use_site_for_root parameter :pr:439

---

4.8.0 (2026-02-14)

---

• 📝 docs(usage): note that home dir is in stdlib :pr:431
• ✨ feat(api): add user_applications_dir property :pr:432
• ✨ feat(api): add user_bin_dir property :pr:430
• 🐛 fix(macos): yield individual site dirs in iter_*_dirs :pr:429
• ✨ feat(windows): add WIN_PD_OVERRIDE_* env var overrides :pr:428

... (truncated)

Commits

• 3fdb23e Release 4.9.4
• 96e0ed0 [pre-commit.ci] pre-commit autoupdate (#461)
• 455f98e Update README.md
• 423bc18 📝 docs: add project logo to documentation (#459)
• b10b8c5 Standardize .github files to .yaml suffix
• 27582df build(deps): bump the all group with 2 updates (#457)
• da59cc6 Move SECURITY.md to .github/SECURITY.md
• 5ef8a10 Add permissions to workflows (#455)
• 2f0cd48 Add security policy
• aeb0da1 [pre-commit.ci] pre-commit autoupdate (#454)
• Additional commits viewable in compare view

Updates pytest-cov from 7.0.0 to 7.1.0

Changelog

Sourced from pytest-cov's changelog.

7.1.0 (2026-03-21)

• Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See [#641](https://github.com/pytest-dev/pytest-cov/issues/641) <https://github.com/pytest-dev/pytest-cov/issues/641>_.

• Improve handling of ResourceWarning from sqlite3.

  The plugin adds warning filter for sqlite3 ResourceWarning unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.

  With this fix one can suppress ResourceWarning from sqlite3 from command line::

  pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...

• Various improvements to documentation. Contributed by Art Pelling in [#718](https://github.com/pytest-dev/pytest-cov/issues/718) <https://github.com/pytest-dev/pytest-cov/pull/718>_ and "vivodi" in [#738](https://github.com/pytest-dev/pytest-cov/issues/738) <https://github.com/pytest-dev/pytest-cov/pull/738>. Also closed [#736](https://github.com/pytest-dev/pytest-cov/issues/736) <https://github.com/pytest-dev/pytest-cov/issues/736>.

• Fixed some assertions in tests. Contributed by in Markéta Machová in [#722](https://github.com/pytest-dev/pytest-cov/issues/722) <https://github.com/pytest-dev/pytest-cov/pull/722>_.

• Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).

Commits

• 66c8a52 Bump version: 7.0.0 → 7.1.0
• f707662 Make the examples use pypy 3.11.
• 6049a78 Make context test use the old ctracer (seems the new sysmon tracer behaves di...
• 8ebf20b Update changelog.
• 861d30e Remove the backup context manager - shouldn't be needed since coverage 5.0, ...
• fd4c956 Pass the precision on the nulled total (seems that there's some caching goion...
• 78c9c4e Only run the 3.9 on older deps.
• 4849a92 Punctuation.
• 197c35e Update changelog and hopefully I don't forget to publish release again :))
• 14dc1c9 Update examples to use 3.11 and make the adhoc layout example look a bit more...
• Additional commits viewable in compare view

Updates pytest-github-actions-annotate-failures from 0.3.0 to 0.4.0

Release notes

Sourced from pytest-github-actions-annotate-failures's releases.

v0.4.0

Breaking

• breaking: require python>=3.10 (#131) @​ssbarnea
• Require pytest 7+ (#116) @​edgarrmondragon

Features

• feat: Support Pytest 9+ subtests (#121) @​edgarrmondragon

Fixes

• fix: use setuptools-scm and release drafter (#128) @​ssbarnea
• fix(warnings): use GITHUB_WORKSPACE instead of GITHUB_WORKFLOW (#124) @​rmuir
• Fix internal error when processing warnings (#117) @​edgarrmondragon
• docs: examples should use newest actions (#109) @​vil02

Maintenance

• chore: release drafter part2 (#130) @​ssbarnea
• chore: enable release drafter (#129) @​ssbarnea
• ci: Test with Pytest 9 (#120) @​edgarrmondragon
• build(deps): bump actions/attest-build-provenance from 3 to 4 (#126) @dependabot[bot]
• build(deps): bump actions/download-artifact from 7 to 8 (#127) @dependabot[bot]
• build(deps): bump actions/download-artifact from 6 to 7 (#123) @dependabot[bot]
• build(deps): bump actions/checkout from 5 to 6 (#122) @dependabot[bot]
• build(deps): bump actions/download-artifact from 5 to 6 (#119) @dependabot[bot]
• build(deps): bump astral-sh/setup-uv from 6 to 7 (#118) @dependabot[bot]
• Test on Python 3.14 (#115) @​edgarrmondragon
• build(deps): bump actions/setup-python from 5 to 6 (#114) @dependabot[bot]
• build(deps): bump actions/attest-build-provenance from 2 to 3 (#112) @dependabot[bot]
• build(deps): bump actions/checkout from 4 to 5 (#111) @dependabot[bot]
• build(deps): bump actions/download-artifact from 4 to 5 (#110) @dependabot[bot]
• build(deps): bump astral-sh/setup-uv from 5 to 6 (#108) @dependabot[bot]

Commits

• f48349e fix: use setuptools-scm and release drafter (#128)
• f6004c8 feat!: require python>=3.10 (#131)
• 8991a45 chore: release drafter part2 (#130)
• 7b40174 chore: enable release drafter (#129)
• 58be6ad feat: Support Pytest 9+ subtests (#121)
• 26a0c80 Test with Pytest 9 (#120)
• d33d199 build(deps): bump actions/attest-build-provenance from 3 to 4 (#126)
• 4e6cbca build(deps): bump actions/download-artifact from 7 to 8 (#127)
• 3c82f58 fix(warnings): use GITHUB_WORKSPACE instead of GITHUB_WORKFLOW (#124)
• 67da723 build(deps): bump actions/download-artifact from 6 to 7 (#123)
• Additional commits viewable in compare view

Updates ruff from 0.15.4 to 0.15.7

Release notes

Sourced from ruff's releases.

0.15.7

Release Notes

Released on 2026-03-19.

Preview features

• Display output severity in preview (#23845)
• Don't show noqa hover for non-Python documents (#24040)

Rule changes

• [pycodestyle] Recognize pyrefly: as a pragma comment (E501) (#24019)

Server

• Don't return code actions for non-Python documents (#23905)

Documentation

• Add company AI policy to contributing guide (#24021)
• Document editor features for Markdown code formatting (#23924)
• [pylint] Improve phrasing (PLC0208) (#24033)

Other changes

• Use PEP 639 license information (#19661)

Contributors

• @​tmimmanuel
• @​DimitriPapadopoulos
• @​amyreese
• @​statxc
• @​dylwil3
• @​hunterhogan
• @​renovate

Install ruff 0.15.7

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.7/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.7/ruff-installer.ps1 | iex"
</tr></table> 

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.7

Released on 2026-03-19.

Preview features

• Display output severity in preview (#23845)
• Don't show noqa hover for non-Python documents (#24040)

Rule changes

• [pycodestyle] Recognize pyrefly: as a pragma comment (E501) (#24019)

Server

• Don't return code actions for non-Python documents (#23905)

Documentation

• Add company AI policy to contributing guide (#24021)
• Document editor features for Markdown code formatting (#23924)
• [pylint] Improve phrasing (PLC0208) (#24033)

Other changes

• Use PEP 639 license information (#19661)

Contributors

• @​tmimmanuel
• @​DimitriPapadopoulos
• @​amyreese
• @​statxc
• @​dylwil3
• @​hunterhogan
• @​renovate

0.15.6

Released on 2026-03-12.

Preview features

• Add support for lazy import parsing (#23755)
• Add support for star-unpacking of comprehensions (PEP 798) (#23788)
• Reject semantic syntax errors for lazy imports (#23757)
• Drop a few rules from the preview default set (#23879)
• [airflow] Flag Variable.get() calls outside of task execution context (AIR003) (#23584)
• [airflow] Flag runtime-varying values in DAG/task constructor arguments (AIR304) (#23631)
• [flake8-bugbear] Implement delattr-with-constant (B043) (#23737)

... (truncated)

Commits

• 0ef39de Bump 0.15.7 (#24049)
• beb543b [ty] ecosystem-analyzer: Fail on newly panicking projects (#24043)
• 378fe73 Don't show noqa hover for non-Python documents (#24040)
• b5665bd [pylint] Improve phrasing (PLC0208) (#24033)
• 6e20f22 test: migrate show_settings and version tests to use CliTest (#23702)
• f99b284 Drain file watcher events during test setup (#24030)
• 744c996 [ty] Filter out unsatisfiable inference attempts during generic call narrowin...
• 1616095 [ty] Avoid inferring intersection types for call arguments (#23933)
• 7f275f4 [ty] Pin mypy_primer in setup_primer_project.py (#24020)
• 7255e36 [pycodestyle] Recognize pyrefly: as a pragma comment (E501) (#24019)
• Additional commits viewable in compare view

Updates virtualenv from 21.1.0 to 21.2.0

Release notes

Sourced from virtualenv's releases.

21.2.0

What's Changed

• Move SECURITY.md to .github/SECURITY.md by @​gaborbernat in pypa/virtualenv#3077
• Standardize .github files to .yaml suffix by @​gaborbernat in pypa/virtualenv#3079
• Add type annotations to embed wheel generator output by @​rahuldevikar in pypa/virtualenv#3085
• fix broken README heading introduced in docs restructure by @​rahuldevikar in pypa/virtualenv#3088
• 🐛 fix(bash): use BASH_SOURCE in activate relocation by @​gaborbernat in pypa/virtualenv#3091
• 🐛 fix(create): prevent venv from racing virtualenv on gitignore creation by @​gaborbernat in pypa/virtualenv#3092

Full Changelog: pypa/virtualenv@21.1.0...21.2.0

Changelog

Sourced from virtualenv's changelog.

Features - 21.2.0

• Update embed wheel generator (tasks/upgrade_wheels.py) to include type annotations in generated output - by :user:rahuldevikar. (:issue:3075)

Bugfixes - 21.2.0

• Pass --without-scm-ignore-files to subprocess venv on Python 3.13+ so virtualenv controls .gitignore creation, fixing flaky test_create_no_seed and --no-vcs-ignore being ignored in subprocess path - by :user:gaborbernat. (:issue:3089)
• Use BASH_SOURCE[0] instead of $0 in the bash activate script relocation fallback, fixing incorrect PATH when sourcing the activate script from a different directory - by :user:gaborbernat. (:issue:3090)

---

v21.1.0 (2026-02-27)

---

Commits

• 0b6f444 release 21.2.0
• e1af35d 🐛 fix(create): prevent venv from racing virtualenv on gitignore creation (#3092)
• f05bf08 🐛 fix(bash): use BASH_SOURCE in activate relocation (#3091)
• 0cd0e09 fix broken README heading introduced in docs restructure (#3088)
• b7ab17e [pre-commit.ci] pre-commit autoupdate (#3087)
• f2062bc chore(deps): bump astral-sh/setup-uv from 4 to 7 (#3086)
• eb27e55 Add type annotations to embed wheel generator output (#3085)
• fbb3bd1 chore(deps): bump peter-evans/create-pull-request from 7 to 8 (#3081)
• a1d3963 chore(deps): bump actions/setup-python from 5 to 6 (#3080)
• e768d56 chore(deps): bump actions/upload-artifact from 4 to 7 (#3082)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Coverage report

This PR does not seem to contain any modification to coverable code.