build(deps-dev): Bump the development-dependencies group with 2 updates

[dependabot]

Bumps the development-dependencies group with 2 updates: black and pyright.

Updates black from 25.9.0 to 25.11.0

Release notes

Sourced from black's releases.

25.11.0

Highlights

• Enable base 3.14 support (#4804)
• Add support for the new Python 3.14 t-string syntax introduced by PEP 750 (#4805)

Stable style

• Fix bug where comments between # fmt: off and # fmt: on were reformatted (#4811)
• Comments containing fmt directives now preserve their exact formatting instead of being normalized (#4811)

Preview style

• Move multiline_string_handling from --unstable to --preview (#4760)
• Fix bug where module docstrings would be treated as normal strings if preceded by comments (#4764)
• Fix bug where python 3.12 generics syntax split line happens weirdly (#4777)
• Standardize type comments to form # type: <value> (#4645)
• Fix fix_fmt_skip_in_one_liners preview feature to respect # fmt: skip for compound statements with semicolon-separated bodies (#4800)

Configuration

• Add no_cache option to control caching behavior. (#4803)

Packaging

• Releases now include arm64 Linux binaries (#4773)

Output

• Write unchanged content to stdout when excluding formatting from stdin using pipes (#4610)

Blackd

• Implemented BlackDClient. This simple python client allows to easily send formatting requests to blackd (#4774)

Integrations

• Enable 3.14 base CI (#4804)
• Enhance GitHub Action psf/black to support the required-version major-version-only "stability" format when using pyproject.toml (#4770)
• Improve error message for vim plugin users. It now handles independently vim version
• Vim: Warn on unsupported Vim and Python versions independently (#4772)
• Vim: Print the import paths when importing black fails (#4675)
• Vim: Fix handling of virtualenvs that have a different Python version (#4675)

Changelog

Sourced from black's changelog.

25.11.0

Highlights

• Enable base 3.14 support (#4804)
• Add support for the new Python 3.14 t-string syntax introduced by PEP 750 (#4805)

Stable style

• Fix bug where comments between # fmt: off and # fmt: on were reformatted (#4811)
• Comments containing fmt directives now preserve their exact formatting instead of being normalized (#4811)

Preview style

• Move multiline_string_handling from --unstable to --preview (#4760)
• Fix bug where module docstrings would be treated as normal strings if preceded by comments (#4764)
• Fix bug where python 3.12 generics syntax split line happens weirdly (#4777)
• Standardize type comments to form # type: <value> (#4645)
• Fix fix_fmt_skip_in_one_liners preview feature to respect # fmt: skip for compound statements with semicolon-separated bodies (#4800)

Configuration

• Add no_cache option to control caching behavior. (#4803)

Packaging

• Releases now include arm64 Linux binaries (#4773)
• Releases now include arm64 Windows binaries and wheels (#4814)

Output

• Write unchanged content to stdout when excluding formatting from stdin using pipes (#4610)

Blackd

• Implemented BlackDClient. This simple python client allows to easily send formatting requests to blackd (#4774)

Integrations

• Enable 3.14 base CI (#4804)
• Enhance GitHub Action psf/black to support the required-version major-version-only "stability" format when using pyproject.toml (#4770)
• Add output-file input to GitHub Action psf/black to write formatter output to a file for artifact capture and log cleanliness (#4824)
• Improve error message for vim plugin users. It now handles independently vim version

... (truncated)

Commits

• 05f0a8c Prepare for 25.11.0 release (#4825)
• ae17c61 Fix tests on pytest 9 (#4835)
• 138745e Include Windows and Python 3.14 in PR wheel build matrix, fix Windows build (...
• 18170d6 ci: add label for running all builds on a pull request (#4833)
• 0e793e3 fix windows wheels (#4830)
• b71f36c Use build[uv] as cibuildwheel frontend (#4831)
• a7bd594 Skip free threaded builds in cibuildwheel (#4829)
• 862dee9 Update cibuildwheel (#4828)
• b5f354c build: restrict to pytest 9.0 due to breakage in custom pytest_configure (#4827)
• f705197 t-string support (#4805)
• Additional commits viewable in compare view

Updates pyright from 1.1.406 to 1.1.407

Commits

• 53e8efb Pyright NPM Package update to 1.1.407 (#356)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
pip/black	25.11.0	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 7 Found 21/28 approved changesets -- score normalized to 7 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
pip/click	8.3.1	🟢 6.7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 4 Found 7/17 approved changesets -- score normalized to 4 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases 🟢 4 2 out of the last 5 releases have a total of 2 signed artifacts. Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Security-Policy 🟢 9 security policy file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/platformdirs	4.5.0	Unknown	Unknown
pip/pyright	1.1.407	🟢 4.4	Details Check Score Reason Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 3 4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/pytokens	0.3.0	Unknown	Unknown

Scanned Files

• Pipfile.lock