Lock file maintenance Python dependencies (main)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
		lockFileMaintenance	All locks refreshed
boto3	dependencies	patch	^1.40.2 -> ^1.40.7
coverage	unit	patch	^7.10.2 -> ^7.10.3
cryptography (changelog)	charm-libs	patch	45.0.5 -> 45.0.6
ruff (source, changelog)	format	patch	^0.12.7 -> ^0.12.8

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Release Notes

boto/boto3 (boto3)

v1.40.7

Compare Source

======

• api-change:bedrock: [botocore] This release includes model updates and enhanced SDK documentation for union fields in automated reasoning policy components. Added docs cover policy definitions, mutations (add/update for rules/types/variables), build assets, workflow sources, test results, and tag exception handling.
• api-change:cognito-idp: [botocore] Remove SigV4 auth requirement for GetTokensFromRefreshToken
• api-change:connect: [botocore] Updating SearchUserHierarchyGroups API
• api-change:deadline: [botocore] Adds support for Wait and Save feature in service-managed fleets
• api-change:ec2: [botocore] This release adds AvailabilityZoneId support for CreateVolume, DescribeVolume, LaunchTemplates, RunInstances, DescribeInstances, CreateDefaultSubnet, SpotInstances, and CreateDefaultSubnet APIs.
• api-change:evs: [botocore] Update for general availability of Amazon Elastic VMware Service (EVS).
• api-change:lambda: [botocore] Doc-only update for Lambda that updates the maximum payload size for response streaming invocations to 200 MB.
• api-change:quicksight: [botocore] Add RowAxisDisplayOptions and ColumnAxisDisplayOptions to HeatMapConfiguration, add Actions to PluginVisual, increase limit for CalculatedFields list
• api-change:sso-admin: [botocore] Added support for managing user background session for applications

v1.40.6

Compare Source

======

• api-change:connect: [botocore] This release adds a new API GetContactMetrics for Amazon Connect.
• api-change:inspector2: [botocore] Add CVSSV4 to Vulnerability Search API and update enable/disable account id list length to 5
• api-change:iot-data: [botocore] Adding DeleteConnection API to IoT Data Plane
• api-change:sagemaker: [botocore] Adds support for GB200 UltraServers in Amazon SageMaker training jobs, training plans, and HyperPod clusters
• api-change:transcribe: [botocore] Update documentation to use key ARN only in OutputEncryptionKMSKeyId request parameter
• bugfix:stub: [botocore] Fixes a bug which causes the stubber to begin failing for DynamoDB when SSO or AssumeRole credentials fail to load

v1.40.5

Compare Source

======

• api-change:batch: [botocore] This feature allows customers to use AWS Batch with Linux with ARM64 CPU Architecture with Fargate Spot compute support.
• api-change:cloudfront: [botocore] Added new viewer security policy, TLSv1.3_2025, for CloudFront.
• api-change:codebuild: [botocore] AWS CodeBuild now supports comment-based pull request control.
• api-change:gameliftstreams: [botocore] Adds Proton 9.0-2 to the list of runtime environment options available when creating an Amazon GameLift Streams application
• api-change:glue: [botocore] AWS Glue Data Catalog now supports Iceberg Optimization settings at the Catalog level, and supports new options to control the optimization job run rate.
• api-change:guardduty: [botocore] Added support for VPC owner account ID associated with DNS request in the GuardDuty finding.

v1.40.4

Compare Source

======

• api-change:appstream: [botocore] Added support for G6 instances
• api-change:budgets: [botocore] Adds support for billing views. Billing views let you control access to cost and usage data through an AWS resource, streamlining the process of sharing cost and usage data across account boundaries. With this release, you can now create and view budgets based on billing views.
• api-change:ec2: [botocore] Mark Elastic Inference Accelerators and Elastic Graphics Processor parameters as deprecated on the RunInstances and LaunchTemplate APIs.
• api-change:opensearchserverless: [botocore] Features: add Index APIs in OpenSearchServerless to support managed semantic enrichment
• api-change:qbusiness: [botocore] Amazon Q Business now supports the GetDocumentContent() API that enables customers to securely access the source documents through clickable citation links at query time

v1.40.3

Compare Source

======

• api-change:bedrock: [botocore] This release introduces Automated Reasoning checks for Amazon Bedrock Guardrails. The feature adds new APIs for policy building, refinement, version management, and testing. Guardrail APIs now support Automated Reasoning policy configuration and validation output.
• api-change:bedrock-runtime: [botocore] This release adds support for Automated Reasoning checks output models for the Amazon Bedrock Guardrails ApplyGuardrail API.
• api-change:eks: [botocore] Add support for deletion protection on EKS clusters
• api-change:rds: [botocore] Adds a new Aurora Serverless v2 attribute to the DBCluster resource to expose the platform version. Also updates the attribute to be part of both the engine version and platform version descriptions.
• api-change:sagemaker: [botocore] Add support for SageMaker Hyperpod continuous scaling and custom AMI; Introduce new APIs: ListClusterEvents, DescribeClusterEvent, BatchAddClusterNodes

nedbat/coveragepy (coverage)

v7.10.3

Compare Source

• Fixes for patch = subprocess:

  • If subprocesses spawned yet more subprocesses simultaneously, some coverage
    could be missed. This is now fixed, closing issue 2024_.

  • If subprocesses were created in other directories, their data files were
    stranded there and not combined into the totals, as described in issue 2025_. This is now fixed.

  • On Windows (or maybe only some Windows?) the patch would fail with a
    ModuleNotFound error trying to import coverage. This is now fixed,
    closing issue 2022_.

  • Originally only options set in the coverage configuration file would apply
    to subprocesses. Options set on the coverage run command line (such as
    --branch) wouldn't be communicated to the subprocesses. This could
    lead to combining failures, as described in issue 2021_. Now the entire
    configuration is used in subprocesses, regardless of its origin.

  • Added debug=patch to help diagnose problems.

• Fix: really close all SQLite databases, even in-memory ones. Closes issue 2017_.

.. _issue 2017:https://github.com/nedbat/coveragepy/issues/20177
.. _issue 2021https://github.com/nedbat/coveragepy/issues/202121
.. _issue 202https://github.com/nedbat/coveragepy/issues/2022022
.. _issue 20https://github.com/nedbat/coveragepy/issues/20242024
.. _issue 2https://github.com/nedbat/coveragepy/issues/2025/2025

.. _changes_7-10-2:

pyca/cryptography (cryptography)

v45.0.6

Compare Source

astral-sh/ruff (ruff)

v0.12.8

Compare Source

Preview features

• [flake8-use-pathlib] Expand PTH201 to check all PurePath subclasses (#​19440)

Bug fixes

• [flake8-blind-except] Change BLE001 to correctly parse exception tuples (#​19747)
• [flake8-errmsg] Exclude typing.cast from EM101 (#​19656)
• [flake8-simplify] Fix raw string handling in SIM905 for embedded quotes (#​19591)
• [flake8-import-conventions] Avoid false positives for NFKC-normalized __debug__ import aliases in ICN001 (#​19411)
• [isort] Fix syntax error after docstring ending with backslash (I002) (#​19505)
• [pylint] Mark PLC0207 fixes as unsafe when *args unpacking is present (#​19679)
• [pyupgrade] Prevent infinite loop with I002 (UP010, UP035) (#​19413)
• [ruff] Parenthesize generator expressions in f-strings (RUF010) (#​19434)

Rule changes

• [eradicate] Don't flag pyrefly pragmas as unused code (ERA001) (#​19731)

Documentation

• Replace "associative" with "commutative" in docs for RUF036 (#​19706)
• Fix copy and line separator colors in dark mode (#​19630)
• Fix link to typing documentation (#​19648)
• [refurb] Make more examples error out-of-the-box (#​19695,#​19673,#​19672)

Other changes

• Include column numbers in GitLab output format (#​19708)
• Always expand tabs to four spaces in diagnostics (#​19618)
• Update pre-commit's ruff id (#​19654)

---

Configuration

📅 Schedule: Branch creation - Between 01:00 AM and 05:59 AM, only on Tuesday ( * 1-5 * * 2 ) in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 75.74%. Comparing base (86a7d6c) to head (e010c69).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1091   +/-   ##
=======================================
  Coverage   75.74%   75.74%           
=======================================
  Files          16       16           
  Lines        4156     4156           
  Branches      628      628           
=======================================
  Hits         3148     3148           
  Misses        786      786           
  Partials      222      222           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.