Bump the dependencies group with 9 updates

[dependabot]

Bumps the dependencies group with 9 updates:

Package	From	To
alabaster	0.7.16	1.0.0
urllib3	2.6.0	2.6.2
coverage[toml]	7.12.0	7.13.1
black	25.9.0	25.12.0
filelock	3.20.0	3.20.1
humanize	4.14.0	4.15.0
librt	0.7.3	0.7.5
mypy	1.19.0	1.19.1
types-setuptools	80.9.0.20250822	80.9.0.20251223

Updates alabaster from 0.7.16 to 1.0.0

Release notes

Sourced from alabaster's releases.

Alabaster 1.0.0

Changelog: https://alabaster.readthedocs.io/en/latest/changelog.html

Changelog

Sourced from alabaster's changelog.

:git_tag:1.0.0 -- 2024-07-26

• Dropped support for Python 3.9 and earlier.
• Dropped support for Sphinx 6.1 and earlier.
• Use a new SVG image for the GitHub banner.
• :feature:217 Use the new searchfield component for the search box. Patch by Tim Hoffmann.
• :feature:104 Allow translating strings in relations.html.
• 🐛125 Do not underline linked images. Patch by Joshua Bronson.
• 🐛169 Do not ignore the Pygments background colour. Patch by Matthias Geier.
• 🐛174 Fix clipping caused by incorrect CSS breakpoints.

Commits

• fba58a4 Bump to 1.0.0
• 7d5c318 Update project maintainers
• d25c4bc List basic.css in theme.conf (#219)
• 97235d1 Fix incorrect breakpoints that cause clipping around 875px (#174)
• 5bb4411 Remove explicit width for search field input (#218)
• 9fdb57c Update references to searchbox
• a35a1df Don't ignore the Pygments background (#169)
• 17e55e5 Fix for "Don't put an underline on linked images" (#125)
• 73be878 Allow translations for strings in relations.html (#104)
• eb522b8 Use searchfield instead of searchbox component in sidebar (#217)
• Additional commits viewable in compare view

Updates urllib3 from 2.6.0 to 2.6.2

Release notes

Sourced from urllib3's releases.

2.6.2

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

• Fixed HTTPResponse.read_chunked() to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (urllib3/urllib3#3734)

2.6.1

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

• Restore previously removed HTTPResponse.getheaders() and HTTPResponse.getheader() methods. (#3731)

Changelog

Sourced from urllib3's changelog.

2.6.2 (2025-12-11)

• Fixed HTTPResponse.read_chunked() to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. ([#3734](https://github.com/urllib3/urllib3/issues/3734) <https://github.com/urllib3/urllib3/issues/3734>__)

2.6.1 (2025-12-08)

• Restore previously removed HTTPResponse.getheaders() and HTTPResponse.getheader() methods. ([#3731](https://github.com/urllib3/urllib3/issues/3731) <https://github.com/urllib3/urllib3/issues/3731>__)

Commits

• 83f8643 Release 2.6.2
• 571a9b7 Fix HTTPResponse.read_chunked when leftover data is present in decoder's bu...
• bfe8e19 Release 2.6.1
• 3ceeb84 Restore getheaders() and getheader() (#3732)
• See full diff in compare view

Updates coverage[toml] from 7.12.0 to 7.13.1

Release notes

Sourced from coverage[toml]'s releases.

7.13.1

Version 7.13.1 — 2025-12-28

• Added: the JSON report now includes a "start_line" key for function and class regions, indicating the first line of the region in the source. Closes issue 2110.
• Added: The debug data command now takes file names as arguments on the command line, so you can inspect specific data files without needing to set the COVERAGE_FILE environment variable.
• Fix: the JSON report used to report module docstrings as executed lines, which no other report did, as described in issue 2105. This is now fixed, thanks to Jianrong Zhao.
• Fix: coverage.py uses a more disciplined approach to detecting where third-party code is installed, and avoids measuring it. This shouldn’t change any behavior. If you find that it does, please get in touch.
• Performance: data files that will be combined now record their hash as part of the file name. This lets us skip duplicate data more quickly, speeding the combining step.
• Docs: added a section explaining more about what is considered a missing branch and how it is reported: Examples of missing branches, as requested in issue 1597. Thanks to Ayisha Mohammed.
• Tests: the test suite misunderstood what core was being tested if COVERAGE_CORE wasn’t set on 3.14+. This is now fixed, closing issue 2109.

➡️  PyPI page: coverage 7.13.1. :arrow_right:  To install: python3 -m pip install coverage==7.13.1

7.13.0

Version 7.13.0 — 2025-12-08

• Feature: coverage.py now supports .coveragerc.toml configuration files. These files use TOML syntax and take priority over pyproject.toml but lower priority than .coveragerc files. Closes issue 1643 thanks to Olena Yefymenko.
• Fix: we now include a permanent .pth file which is installed with the code, fixing issue 2084. In 7.12.1b1 this was done incorrectly: it didn’t work when using the source wheel (py3-none-any). This is now fixed. Thanks, Henry Schreiner.
• Deprecated: when coverage.py is installed, it creates three command entry points: coverage, coverage3, and coverage-3.10 (if installed for Python 3.10). The second and third of these are not needed and will eventually be removed. They still work for now, but print a message about their deprecation.

➡️  PyPI page: coverage 7.13.0. :arrow_right:  To install: python3 -m pip install coverage==7.13.0

7.12.1b1

Version 7.12.1b1 — 2025-11-30

• Fix: coverage.py now includes a permanent .pth file in the distribution which is installed with the code. This fixes issue 2084: failure to patch for subprocess measurement when site-packages is not writable.

➡️  PyPI page: coverage 7.12.1b1. :arrow_right:  To install: python3 -m pip install coverage==7.12.1b1

Changelog

Sourced from coverage[toml]'s changelog.

Version 7.13.1 — 2025-12-28

• Added: the JSON report now includes a "start_line" key for function and class regions, indicating the first line of the region in the source. Closes issue 2110_.

• Added: The debug data command now takes file names as arguments on the command line, so you can inspect specific data files without needing to set the COVERAGE_FILE environment variable.

• Fix: the JSON report used to report module docstrings as executed lines, which no other report did, as described in issue 2105_. This is now fixed, thanks to Jianrong Zhao.

• Fix: coverage.py uses a more disciplined approach to detecting where third-party code is installed, and avoids measuring it. This shouldn't change any behavior. If you find that it does, please get in touch.

• Performance: data files that will be combined now record their hash as part of the file name. This lets us skip duplicate data more quickly, speeding the combining step.

• Docs: added a section explaining more about what is considered a missing branch and how it is reported: :ref:branch_explain, as requested in issue 1597. Thanks to Ayisha Mohammed <pull 2092_>.

• Tests: the test suite misunderstood what core was being tested if COVERAGE_CORE wasn't set on 3.14+. This is now fixed, closing issue 2109_.

.. _issue 1597: coveragepy/coveragepy#1597 .. _pull 2092: coveragepy/coveragepy#2092 .. _issue 2105: coveragepy/coveragepy#2105 .. _issue 2109: coveragepy/coveragepy#2109 .. _issue 2110: coveragepy/coveragepy#2110

.. _changes_7-13-0:

Version 7.13.0 — 2025-12-08

• Feature: coverage.py now supports :file:.coveragerc.toml configuration files. These files use TOML syntax and take priority over :file:pyproject.toml but lower priority than :file:.coveragerc files. Closes issue 1643_ thanks to Olena Yefymenko <pull 1952_>_.

• Fix: we now include a permanent .pth file which is installed with the code, fixing issue 2084_. In 7.12.1b1 this was done incorrectly: it didn't work when using the source wheel (py3-none-any). This is now fixed. Thanks,

... (truncated)

Commits

• a6afdc3 docs: sample HTML for 7.13.1
• a497081 docs: prep for 7.13.1
• e992033 docs: polish up CHANGES
• 18bba6e chore: bump the action-dependencies group with 4 updates (#2111)
• 80fb808 refactor: (?x:...) lets us use re.VERBOSE even when combining later
• cc272bd docs: leave a comment so we'll find this when 3.12 is the minimum
• 70d007d types: be explicit
• a2c1940 types: fully import modules that will be patched
• 57b975d types: explicit Protocol inheritance permits changing parameter names
• 63ec12d types: clarify that morfs arguments can be a single morf
• Additional commits viewable in compare view

Updates black from 25.9.0 to 25.12.0

Release notes

Sourced from black's releases.

25.12.0

Please test out the draft 2026 style in version 26.1a1! This style will be finalized in the January release (26.1.0). Most of the changes in --preview will be in the 2026 stable style, but not all. Please share your feedback!

This release (25.12.0) will still produce the 2025 style.

Highlights

• Black no longer supports running with Python 3.9 (#4842)

Stable style

• Fix bug where comments preceding # fmt: off/# fmt: on blocks were incorrectly removed, particularly affecting Jupytext's # %% [markdown] comments (#4845)
• Fix crash when multiple # fmt: skip comments are used in a multi-part if-clause, on string literals, or on dictionary entries with long lines (#4872)
• Fix possible crash when fmt: directives aren't on the top level (#4856)

Preview style

• Fix fmt: skip skipping the line after instead of the line it's on (#4855)
• Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting (#4865)
• Fix fix_fmt_skip_in_one_liners crashing on with statements (#4853)
• Fix fix_fmt_skip_in_one_liners crashing on annotated parameters (#4854)
• Fix new lines being added after imports with # fmt: skip on them (#4894)

Packaging

• Releases now include arm64 Windows binaries and wheels (#4814)

Integrations

• Add output-file input to GitHub Action psf/black to write formatter output to a file for artifact capture and log cleanliness (#4824)

25.11.0

Highlights

• Enable base 3.14 support (#4804)
• Add support for the new Python 3.14 t-string syntax introduced by PEP 750 (#4805)

Stable style

• Fix bug where comments between # fmt: off and # fmt: on were reformatted (#4811)
• Comments containing fmt directives now preserve their exact formatting instead of being normalized (#4811)

... (truncated)

Changelog

Sourced from black's changelog.

25.12.0

Highlights

• Black no longer supports running with Python 3.9 (#4842)

Stable style

• Fix bug where comments preceding # fmt: off/# fmt: on blocks were incorrectly removed, particularly affecting Jupytext's # %% [markdown] comments (#4845)
• Fix crash when multiple # fmt: skip comments are used in a multi-part if-clause, on string literals, or on dictionary entries with long lines (#4872)
• Fix possible crash when fmt: directives aren't on the top level (#4856)

Preview style

• Fix fmt: skip skipping the line after instead of the line it's on (#4855)
• Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting (#4865)
• Fix fix_fmt_skip_in_one_liners crashing on with statements (#4853)
• Fix fix_fmt_skip_in_one_liners crashing on annotated parameters (#4854)
• Fix new lines being added after imports with # fmt: skip on them (#4894)

Packaging

• Releases now include arm64 Windows binaries and wheels (#4814)

Integrations

• Add output-file input to GitHub Action psf/black to write formatter output to a file for artifact capture and log cleanliness (#4824)

25.11.0

Highlights

• Enable base 3.14 support (#4804)
• Add support for the new Python 3.14 t-string syntax introduced by PEP 750 (#4805)

Stable style

• Fix bug where comments between # fmt: off and # fmt: on were reformatted (#4811)
• Comments containing fmt directives now preserve their exact formatting instead of being normalized (#4811)

Preview style

• Move multiline_string_handling from --unstable to --preview (#4760)
• Fix bug where module docstrings would be treated as normal strings if preceded by comments (#4764)

... (truncated)

Commits

• 782e560 Pin actions/[email protected] (#4895)
• f0f4094 Fix new lines being added after imports with # fmt: skip on them (#4894)
• 70fc194 Revert "Fix # fmt: skip ignored in deeply nested expressions" (#4893)
• 7044b14 Prepare 25.12.0 release (#4891)
• 5b470f0 Fix # fmt: skip ignored in deeply nested expressions (#4883)
• 1b342ef Fix crash when multiple # fmt: skip comments are used in multi-part if-clau...
• 7b265f1 Pin Hatch to hopefully fix Docker builds (#4878)
• c9523f4 Attempt to fix Docker build failures (#4876)
• 0f376e0 Fix crashes when fmt directives are indented (#4856)
• a8bfcc1 Fix fmt: skip skipping the line after instead of the line it's on (#4855)
• Additional commits viewable in compare view

Updates filelock from 3.20.0 to 3.20.1

Release notes

Sourced from filelock's releases.

3.20.1

What's Changed

• CVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation by @​gaborbernat in tox-dev/filelock#461

Full Changelog: tox-dev/filelock@3.20.0...3.20.1

Commits

• 377f622 [pre-commit.ci] pre-commit autoupdate (#460)
• 4724d7f Fix TOCTOU symlink vulnerability in lock file creation (#461)
• cb69414 Bump actions/upload-artifact from 5 to 6 (#459)
• 0769294 Bump actions/download-artifact from 6 to 7 (#458)
• 414193a [pre-commit.ci] pre-commit autoupdate (#457)
• 1456797 [pre-commit.ci] pre-commit autoupdate (#456)
• 8d6bf90 Bump actions/checkout from 5 to 6 (#455)
• f7edeeb [pre-commit.ci] pre-commit autoupdate (#454)
• fb09235 [pre-commit.ci] pre-commit autoupdate (#453)
• f5825d8 [pre-commit.ci] pre-commit autoupdate (#452)
• Additional commits viewable in compare view

Updates humanize from 4.14.0 to 4.15.0

Release notes

Sourced from humanize's releases.

4.15.0

Added

• Add locale support for decimal separator in intword (#287) @​hugovk
• Add support for Python 3.15 (#275) @​hugovk

Changed

• Replace pre-commit with prek (#276) @​hugovk

Fixed

• naturaldelta: round the value to nearest unit that makes sense (#272) @​dangillet
• Fix plural form for intword and improve performance (#273) @​dangillet
• Replace Exception with more specific FileNotFoundError (#286) @​hugovk

Commits

• 2ddb590 Replace Exception with more specific FileNotFoundError (#286)
• e87f2e2 Add locale support for decimal separator in intword (#287)
• 7175184 Add locale support for decimal separator in intword
• 2526999 Update config (#285)
• ba532d9 Replace Exception with more specific FileNotFoundError
• bdc49ea Don't ignore UP038, it's been removed from Ruff
• 86f116b Add seven-day cooldown to Renovate
• e3f7116 No need for setup-python with prek-action
• 3dca143 naturaldelta: round the value to nearest unit that makes sense (#272)
• bac6f26 Apply suggestion from @​hugovk
• Additional commits viewable in compare view

Updates librt from 0.7.3 to 0.7.5

Commits

• 47bf2ee Sync mypy and bump version to 0.7.5
• 87e3647 Sync mypy and bump version to 0.7.4
• 62e0564 Add some badges to README (#25)
• See full diff in compare view

Updates mypy from 1.19.0 to 1.19.1

Changelog

Sourced from mypy's changelog.

Mypy 1.19.1

• Fix noncommutative joins with bounded TypeVars (Shantanu, PR 20345)
• Respect output format for cached runs by serializing raw errors in cache metas (Ivan Levkivskyi, PR 20372)
• Allow types.NoneType in match cases (A5rocks, PR 20383)
• Fix mypyc generator regression with empty tuple (BobTheBuidler, PR 20371)
• Fix crash involving Unpack-ed TypeVarTuple (Shantanu, PR 20323)
• Fix crash on star import of redefinition (Ivan Levkivskyi, PR 20333)
• Fix crash on typevar with forward ref used in other module (Ivan Levkivskyi, PR 20334)
• Fail with an explicit error on PyPy (Ivan Levkivskyi, PR 20389)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

• A5rocks
• BobTheBuidler
• bzoracler
• Chainfire
• Christoph Tyralla
• David Foster
• Frank Dana
• Guo Ci
• iap
• Ivan Levkivskyi
• James Hilton-Balfe
• jhance
• Joren Hammudoglu
• Jukka Lehtosalo
• KarelKenens
• Kevin Kannammalil
• Marc Mueller
• Michael Carlstrom
• Michael J. Sullivan
• Piotr Sawicki
• Randolf Scholz
• Shantanu
• Sigve Sebastian Farstad
• sobolevn
• Stanislav Terliakov
• Stephen Morton
• Theodore Ando
• Thiago J. Barbalho
• wyattscarpenter

I’d also like to thank my employer, Dropbox, for supporting mypy development.

Mypy 1.18

We’ve just uploaded mypy 1.18.1 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance

... (truncated)

Commits

• 412c19a Bump version to 1.19.1
• 20aea0a Update changelog for 1.19.1 (#20414)
• 2b23b50 Serialize raw errors in cache metas (#20372)
• f60f90f Fail on PyPy in main instead of setup.py (#20389)
• 58d485b Fail with an explicit error on PyPy (#20384)
• a4b31a2 Allow types.NoneType in match cases (#20383)
• 8a6eff4 [mypyc] fix generator regression with empty tuple (#20371)
• 70eceea Fix noncommutative joins with bounded TypeVars (#20345)
• 3890fc4 Fix crash involving Unpack-ed TypeVarTuple (#20323)
• c93d917 Fix crash on star import of redefinition (#20333)
• Additional commits viewable in compare view

Updates types-setuptools from 80.9.0.20250822 to 80.9.0.20251223

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions