chore(deps)(deps-dev): bump the all-dependencies group with 5 updates

[dependabot]

Updates the requirements on pytest-cov, mutmut, isort, pre-commit and twine to permit the latest version.
Updates pytest-cov to 7.0.0

Changelog

Sourced from pytest-cov's changelog.

7.0.0 (2025-09-09)

• Dropped support for subprocesses measurement.

  It was a feature added long time ago when coverage lacked a nice way to measure subprocesses created in tests. It relied on a .pth file, there was no way to opt-out and it created bad interations with coverage's new patch system <https://coverage.readthedocs.io/en/latest/config.html#run-patch>_ added in 7.10 <https://coverage.readthedocs.io/en/7.10.6/changes.html#version-7-10-0-2025-07-24>_.

  To migrate to this release you might need to enable the suprocess patch, example for .coveragerc:

  .. code-block:: ini

  [run] patch = subprocess

  This release also requires at least coverage 7.10.6.

• Switched packaging to have metadata completely in pyproject.toml and use hatchling <https://pypi.org/project/hatchling/>_ for building. Contributed by Ofek Lev in [#551](https://github.com/pytest-dev/pytest-cov/issues/551) <https://github.com/pytest-dev/pytest-cov/pull/551>_ with some extras in [#716](https://github.com/pytest-dev/pytest-cov/issues/716) <https://github.com/pytest-dev/pytest-cov/pull/716>_.

• Removed some not really necessary testing deps like six.

6.3.0 (2025-09-06)

• Added support for markdown reports. Contributed by Marcos Boger in [#712](https://github.com/pytest-dev/pytest-cov/issues/712) <https://github.com/pytest-dev/pytest-cov/pull/712>_ and [#714](https://github.com/pytest-dev/pytest-cov/issues/714) <https://github.com/pytest-dev/pytest-cov/pull/714>_.
• Fixed some formatting issues in docs. Anonymous contribution in [#706](https://github.com/pytest-dev/pytest-cov/issues/706) <https://github.com/pytest-dev/pytest-cov/pull/706>_.

6.2.1 (2025-06-12)

• Added a version requirement for pytest's pluggy dependency (1.2.0, released 2023-06-21) that has the required new-style hookwrapper API.

• Removed deprecated license classifier (packaging).

• Disabled coverage warnings in two more situations where they have no value:

  • "module-not-measured" in workers
  • "already-imported" in subprocesses

6.2.0 (2025-06-11)

• The plugin now adds 3 rules in the filter warnings configuration to prevent common coverage warnings being raised as obscure errors::

  default:unclosed database in <sqlite3.Connection object at:ResourceWarning once::PytestCovWarning

... (truncated)

Commits

• 224d896 Bump version: 6.3.0 → 7.0.0
• 73424e3 Cleanup the docs a bit.
• 36f1cc2 Bump pins in template.
• f299c59 Bump the github-actions group with 2 updates
• 25f0b2e Update docs/config.rst
• bb23eac Improve configuration docs
• a19531e Switch from build/pre-commit to uv/prek - this should make this faster.
• 82f9993 Update changelog.
• 211b5cd Fix links.
• 97aadd7 Update some ci config, reformat and apply some lint fixes.
• Additional commits viewable in compare view

Updates mutmut to 3.3.1

Changelog

Sourced from mutmut's changelog.

3.3.1

* Increased threshold for mutant timeouts


Added tests_dir config. Accepts a single entry or a list of directories.


Async generators fixes


Fixed bad mutations for certain string escape sequences


Performance fixes


Various internal bug fixes


3.3.0

• Python 3.13 compatibility!

• New argument --show-killed for mutmut browse

• Fix to avoid accidentally importing the un-mutated original code

• Handle segfault for mutant subprocesses

• Added mutations for string literals

• Added mutations for common string methods

• Faster mutant generation via subprocesses

• Fix self parameter for mutated class methods

• Fix trampoline generation for function calls with 'orig' or 'mutants' as argument names.

• Copy full source directory before creating mutants

• Improved error message when forced fail test fails

• Fixed issue with spaces in the python executable path

• Do not mutate __new__

• Annotate mutant dicts (and fixes compatibility with Pydantic)

• Replaced parso with LibCST

... (truncated)

Commits

• 0f2586a Release
• 6a5c471 Pass mutation generation errors from subprocess to main process
• 7b03f4b Update timeout values
• 3cd39fa Merge pull request #408 from souradeep-das/souradeep/add_tests_dir
• 3e52e5e modify e2e tests
• 10bb451 merge latest
• d4980ab fix: accept lists as tests_dir
• 22f3924 Improve diff view performance a bit
• eb37032 Make rlimit signal SIGXCPU first; only fallback to SIGKILL later on
• 99ecd32 fix timeout checker "dictionary changed size during iteration" bug (#411)
• Additional commits viewable in compare view

Updates isort to 6.1.0

Release notes

Sourced from isort's releases.

6.1.0

Changes

• Update docs discussions channel (#2410) @​staticdev
• Add python 3.14 classifier and badge (#2409) @​staticdev
• Drop use of non-standard pkg_resources API (#2405) @​dvarrazzo
• Use working isort version in pre-commit example (#2402) @​iainelder
• fix typo in _get_files_from_dir_cached test (#2392) @​tiltingpenguin
• Resolve bandit warnings (#2379) @​kurtmckee
• Add tox for cross-platform, parallel test suite execution (#2378) @​kurtmckee
• Add Project URLs to PyPI Side Panel (#2387) @​guillermodotn
• Fix typos (#2376) @​co63oc

👷 Continuous Integration

• Add make bash scripts portable (#2377) @​staticdev

📦 Dependencies

• Bump actions/checkout from 4 to 5 in the github-actions group (#2406) @dependabot[bot]
• Bump astral-sh/setup-uv from 5 to 6 in the github-actions group (#2395) @dependabot[bot]

Changelog

Sourced from isort's changelog.

6.1.0 October 1 2025

• Add python 3.14 classifier and badge (#2409) @​staticdev
• Drop use of non-standard pkg_resources API (#2405) @​dvarrazzo

6.0.1 Febuary 26 2025

• Add OSError handling in find_imports_in_file (#2331) @​kobarity

6.0.0 January 27 2025

• Remove support for Python 3.8 (#2327) @​DanielNoord
• Python 3.13 support (#2306) @​mayty
• Speed up exists_case_sensitive calls (#2264) @​correctmost
• Ensure that split_on_trailing_comma works with as imports (#2340) @​DanielNoord
• Black profile: enable magic comma (#2236) @​MrMino
• Update line_length and single_line_exclusions in google profile (#2149) @​jagapiou
• Allow --diff to be used with --jobs (#2302) @​mnakama
• Fix wemake profile to have correct character limit (#2241) @​sobolevn
• Fix sort_reexports code mangling (#2283) @​Helveg
• Fix correct group by package tokenization (#2136) @​glasnt

5.13.2 December 13 2023

• Apply the bracket fix from issue #471 only for use_parentheses=True (#2184) @​bp72
• Confine pre-commit to stages (#2213) @​davidculley
• Fixed colors extras (#2212) @​staticdev

5.13.1 December 11 2023

• Fixed integration tests (#2208) @​bp72
• Fixed normalizing imports from more than one level of parent modules (issue/2152) (#2191) @​bp72
• Remove optional dependencies without extras (#2207) @​staticdev

5.13.0 December 9 2023

• Cleanup deprecated extras (#2089) @​staticdev
• Fixed #1989: settings lookup when working in stream based mode
• Fixed 80 line length for wemake linter (#2183) @​skatromb
• Add support for Python 3.12 (#2175) @​hugovk
• Fixed: add newest version to pre-commit docs (#2190) @​AzulGarza
• Fixed assertions in test_git_hook (#2196) @​mgorny
• Removed check for include_trailing_comma for the Hanging Indent wrap mode (#2192) @​bp72
• Use the standard library tomllib on sufficiently new python (#2202) @​eli-schwartz
• Update pre-commit.md version number (#2197) @​nicobako
• doc: Update black_compatibility.md (#2177) @​JSS95
• Fixed safety sept 2023 (#2178) @​staticdev
• docs: fix black profile documentation (#2163) @​nijel
• Fixed typo: indended -> indented (#2161) @​vadimkerr
• Docs(configuration/options.md): fix missing trailing spaces for hard linebreak (#2157) @​JoeyTeng

... (truncated)

Commits

• ec0efae Merge pull request #2410 from PyCQA/docs/discussion
• 8af675f Update docs discussions channel
• a03dae8 Merge pull request #2409 from PyCQA/build/py314-classifier
• 2232a26 Add python 3.14 classifier and badge
• ec48dd7 Merge pull request #2405 from dvarrazzo/fix/drop-pkg-resources
• be46cd4 refactor: make importlib metadata package import lazy
• 18ecd0c chore: drop branch guarding unsupported Python versions
• 1d42e56 fix: drop use of non-standard pkg_resources API
• 0c8fc82 Merge pull request #2406 from PyCQA/dependabot/github_actions/github-actions-...
• 3478763 Bump actions/checkout from 4 to 5 in the github-actions group
• Additional commits viewable in compare view

Updates pre-commit to 4.3.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.3.0

Features

• language: docker / language: docker_image: detect rootless docker.
  • #3446 PR by @​matthewhughes934.
  • #1243 issue by @​dkolepp.
• language: julia: avoid startup.jl when executing hooks.
  • #3496 PR by @​ericphanson.
• language: dart: support latest dart versions which require a higher sdk lower bound.
  • #3507 PR by @​bc-lee.

Changelog

Sourced from pre-commit's changelog.

4.3.0 - 2025-08-09

Features

• language: docker / language: docker_image: detect rootless docker.
  • #3446 PR by @​matthewhughes934.
  • #1243 issue by @​dkolepp.
• language: julia: avoid startup.jl when executing hooks.
  • #3496 PR by @​ericphanson.
• language: dart: support latest dart versions which require a higher sdk lower bound.
  • #3507 PR by @​bc-lee.

4.2.0 - 2025-03-18

Features

• For language: python first attempt a versioned python executable for the default language version before consulting a potentially unversioned sys.executable.
  • #3430 PR by @​asottile.

Fixes

• Handle error during conflict detection when a file is named "HEAD"
  • #3425 PR by @​tusharsadhwani.

4.1.0 - 2025-01-20

Features

• Add language: julia.
  • #3348 PR by @​fredrikekre.
  • #2689 issue @​jmuchovej.

Fixes

• Disable automatic toolchain switching for language: golang.
  • #3304 PR by @​AleksaC.
  • #3300 issue by @​AleksaC.
  • #3149 issue by @​nijel.
• Fix language: r installation when initiated by RStudio.
  • #3389 PR by @​lorenzwalthert.
  • #3385 issue by @​lorenzwalthert.

4.0.1 - 2024-10-08

Fixes

• Fix pre-commit migrate-config for unquoted deprecated stages names with purelib pyyaml.

... (truncated)

Commits

• b74a22d v4.3.0
• cc899de Merge pull request #3507 from bc-lee/dart-fix
• 2a0bcea Downgrade Dart SDK version installed in the CI
• f1cc7a4 Make Dart pre-commit hook compatible with the latest Dart SDKs
• 72a3b71 Merge pull request #3504 from pre-commit/pre-commit-ci-update-config
• c8925a4 [pre-commit.ci] pre-commit autoupdate
• a5fe6c5 Merge pull request #3496 from ericphanson/eph/jl-startup
• 6f1f433 Julia language: skip startup.jl file
• c681721 Merge pull request #3499 from pre-commit/pre-commit-ci-update-config
• 4fd4537 [pre-commit.ci] pre-commit autoupdate
• Additional commits viewable in compare view

Updates twine to 6.2.0

Changelog

Sourced from twine's changelog.

twine 6.2.0 (2025-09-04)

Features ^^^^^^^^

• Automatically refresh short-lived PyPI token in long running Trusted Publishing uploads.

  In the event that a trusted publishing upload job is taking longer than the validity period of a trusted publishing token (15 minutes at the time of this writing), and we are already 10 minutes into that validity period, we will begin to attempt to replace the token on each subsequent request. ([#1246](https://github.com/pypa/twine/issues/1246) <https://github.com/pypa/twine/issues/1246>_)

Bugfixes ^^^^^^^^

• Fix compatibility kludge for invalid License-File metadata entries emitted by build backends to work also with packaging version 24.0. ([#1217](https://github.com/pypa/twine/issues/1217) <https://github.com/pypa/twine/issues/1217>_)
• Fix a couple of incorrectly rendered error messages. ([#1224](https://github.com/pypa/twine/issues/1224) <https://github.com/pypa/twine/issues/1224>_)
• twine now enforces keyring >= 21.2.0, which was previously implicitly required by API usage. ([#1229](https://github.com/pypa/twine/issues/1229) <https://github.com/pypa/twine/issues/1229>_)
• twine now catches configparser.Error to prevent accidental leaks of secret tokens or passwords to the user's console. ([#1240](https://github.com/pypa/twine/issues/1240) <https://github.com/pypa/twine/issues/1240>_)

Deprecations and Removals ^^^^^^^^^^^^^^^^^^^^^^^^^

• Remove hacks that support --skip-existing for indexes other than PyPI and TestPyPI.

  To date, these hacks continue to accrue and there have been numerous issues with them, not the least of which being that every time we update them, the paid index providers change things to break the compatibility we implement for them. Beyond that, these hacks do not work when text is internationalized in the response from the index provider.

  For a sample of past issues, see:

  • pypa/twine#1251

  • pypa/twine#918

  • pypa/twine#856

  • pypa/twine#693

  • pypa/twine#332 ([#1251](https://github.com/pypa/twine/issues/1251) <https://github.com/pypa/twine/issues/1251>_)

... (truncated)

Commits

• 14ceb29 Update changelog for 6.2.0 (#1264)
• 60e377b build(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#1263)
• 88821f2 feat(package): remove MD5 hashing entirely (#1262)
• ce5fe53 build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0
• 6a696ed PEP 639 compliance
• 9175334 rename 1247.misc.rst to changelog/1247.misc.rst
• d94a475 fix(tests): update expected error message
• c1c02d1 Remove --skip-existing support for non-PyPI indices
• a24d308 Set trusted publishing logging to INFO/WARN (#1247)
• becf1a8 Fix py3.9 mypy error in __init__ around PackageMetadata
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud