build(deps): bump the minor-and-patch group with 12 updates

[dependabot]

Bumps the minor-and-patch group with 12 updates:

Package	From	To
coverage	7.10.7	7.11.0
charset-normalizer	3.4.3	3.4.4
cryptography	46.0.2	46.0.3
iniconfig	2.1.0	2.3.0
numpy	2.3.3	2.3.4
psutil	7.1.0	7.1.1
pydantic	2.12.0	2.12.3
pydantic-core	2.41.1	2.41.4
pytokens	0.1.10	0.2.0
referencing	0.36.2	0.37.0
uvicorn	0.37.0	0.38.0
watchfiles	1.1.0	1.1.1

Updates coverage from 7.10.7 to 7.11.0

Changelog

Sourced from coverage's changelog.

Version 7.11.0 — 2025-10-15

• Dropped support for Python 3.9, declared support for Python 3.15 alpha.

.. _changes_7-10-7:

Commits

• 20ef00b docs: sample HTML for 7.11.0
• 5edf8eb docs: prep for 7.11.0
• 2c023ae build: 3.15 is supported
• 2f1b95b refactor: no need for _BaseCoverageException
• 72b1bcc build: test light-threads on all versions of Python
• 16e9379 refactor: move core tests to their own file
• bc8875d test: change a test to be in-process so metacov can capture its work
• 8e5d5b1 build: tweak some version info
• b0236df test: more tests for core selection, and some refactoring of them
• 56edde6 build: next version will be 7.11.0
• Additional commits viewable in compare view

Updates charset-normalizer from 3.4.3 to 3.4.4

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.4

3.4.4 (2025-10-13)

Changed

• Bound setuptools to a specific constraint setuptools>=68,<=81.
• Raised upper bound of mypyc for the optional pre-built extension to v1.18.2

Removed

• setuptools-scm as a build dependency.

Misc

• Enforced hashes in dev-requirements.txt and created ci-requirements.txt for security purposes.
• Additional pre-built wheels for riscv64, s390x, and armv7l architectures.
• Restore multiple.intoto.jsonl in GitHub releases in addition to individual attestation file per wheel.

Changelog

Sourced from charset-normalizer's changelog.

3.4.4 (2025-10-13)

Changed

• Bound setuptools to a specific constraint setuptools>=68,<=81.
• Raised upper bound of mypyc for the optional pre-built extension to v1.18.2

Removed

• setuptools-scm as a build dependency.

Misc

• Enforced hashes in dev-requirements.txt and created ci-requirements.txt for security purposes.
• Additional pre-built wheels for riscv64, s390x, and armv7l architectures.
• Restore multiple.intoto.jsonl in GitHub releases in addition to individual attestation file per wheel.

Commits

• b30ffdc 🔧 fix checksum step in cd.yml
• d3fbfcf 🔧 fix cd.yml
• dafbb95 Release 3.4.4 (#658)
• 1f18ffa ⬆️ raise mypy upper bound to 1.18.2
• ef4ac69 Merge branch 'release-3.4.4' of github.com:jawah/charset_normalizer into rele...
• 4b35dda 📝 write changelog for 3.4.4
• 0ec6452 🔧 update cd.yml workflow (add riscv64, s390x and armv7l)
• f341ede ⬆️ upgrade dependencies (dev, ci)
• a308841 📝 write changelog for 3.4.4
• 9c906da 🔧 update cd.yml workflow (add riscv64, s390x and armv7l)
• Additional commits viewable in compare view

Updates cryptography from 46.0.2 to 46.0.3

Changelog

Sourced from cryptography's changelog.

46.0.3 - 2025-10-15

* Fixed compilation when using LibreSSL 4.2.0.
.. _v46-0-2:

Commits

• c0af4dd release 46.0.3 (#13681)
• See full diff in compare view

Updates iniconfig from 2.1.0 to 2.3.0

Release notes

Sourced from iniconfig's releases.

Version 2.3.0

What's Changed

• Add IniConfig.parse() with inline comment stripping and Unicode whitespace handling by @​RonnyPfannschmidt in pytest-dev/iniconfig#70

Full Changelog: pytest-dev/iniconfig@v2.2.0...v2.3.0

Version 2.2.0

No release notes provided.

Changelog

Sourced from iniconfig's changelog.

2.3.0

• add IniConfig.parse() classmethod with strip_inline_comments parameter (fixes #55)
  • by default (strip_inline_comments=True), inline comments are properly stripped from values
  • set strip_inline_comments=False to preserve old behavior if needed
• IniConfig() constructor maintains backward compatibility (does not strip inline comments)
• users should migrate to IniConfig.parse() for correct comment handling
• add strip_section_whitespace parameter to IniConfig.parse() (regarding #4)
  • opt-in parameter to strip Unicode whitespace from section names
  • when True, strips Unicode whitespace (U+00A0, U+2000, U+3000, etc.) from section names
  • when False (default), preserves existing behavior for backward compatibility
• clarify Unicode whitespace handling (regarding #4)
  • since iniconfig 2.0.0 (Python 3 only), all strings are Unicode by default
  • Python 3's str.strip() has handled Unicode whitespace since Python 3.0 (2008)
  • iniconfig automatically benefits from this in all supported versions (Python >= 3.10)
  • key names and values have Unicode whitespace properly stripped using Python's built-in methods

2.2.0

• drop Python 3.8 and 3.9 support (now requires Python >= 3.10)
• add Python 3.14 classifier
• migrate from hatchling to setuptools 77 with setuptools_scm
• adopt PEP 639 license specifiers and PEP 740 build attestations
• migrate from black + pyupgrade to ruff
• migrate CI to uv and unified test workflow
• automate GitHub releases and PyPI publishing via Trusted Publishing
• include tests in sdist
• modernize code for Python 3.10+ (remove future annotations, TYPE_CHECKING guards)
• rename _ParsedLine to ParsedLine

Commits

• 7faed13 Merge pull request #70 from RonnyPfannschmidt/comments
• 58c0869 Refactor: Simplify IniConfig constructor and parse() method
• 6d0af45 Add strip_section_whitespace parameter to address issue #4
• e2d89f5 Add IniConfig.parse() classmethod to fix inline comment handling
• 57b7ed9 Merge pull request #66 from killiandesse/pep639
• 27ac49f Merge pull request #69 from RonnyPfannschmidt/limit-attestation
• 3402322 Disable build attestations for PRs from forks
• 27e6a7b Merge branch 'main' into pep639
• 6522881 Merge pull request #68 from pytest-dev/fix-build
• 8b2bccb Update CHANGELOG and automate releases
• Additional commits viewable in compare view

Updates numpy from 2.3.3 to 2.3.4

Release notes

Sourced from numpy's releases.

v2.3.4 (Oct 15, 2025)

NumPy 2.3.4 Release Notes

The NumPy 2.3.4 release is a patch release split between a number of maintenance updates and bug fixes. This release supports Python versions 3.11-3.14. This release is based on Python 3.14.0 final.

Changes

The npymath and npyrandom libraries now have a .lib rather than a .a file extension on win-arm64, for compatibility for building with MSVC and setuptools. Please note that using these static libraries is discouraged and for existing projects using it, it's best to use it with a matching compiler toolchain, which is clang-cl on Windows on Arm.

(gh-29750)

Contributors

A total of 17 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• !DWesl
• Charles Harris
• Christian Barbia +
• Evgeni Burovski
• Joren Hammudoglu
• Maaz +
• Mateusz Sokół
• Matti Picus
• Nathan Goldbaum
• Ralf Gommers
• Riku Sakamoto +
• Sandeep Gupta +
• Sayed Awad
• Sebastian Berg
• Sergey Fedorov +
• Warren Weckesser
• dependabot[bot]

Pull requests merged

A total of 30 pull requests were merged for this release.

• #29725: MAINT: Prepare 2.3.x for further development
• #29781: MAINT: Pin some upstream dependences
• #29782: BLD: enable x86-simd-sort to build on KNL with -mavx512f
• #29783: BUG: Include python-including headers first (#29281)
• #29784: TYP: fix np.number and np.*integer method declaration
• #29785: TYP: mypy 1.18.1

... (truncated)

Commits

• 1458b9e REL: Prepare for the NumPy 2.3.4 release (#29955)
• 7583bed Merge pull request #29950 from charris/backport-29885
• 3186751 Merge pull request #29949 from charris/backport-29948
• 7fd2ad9 STY: rename @classmethod arg to cls
• fe8447d MAINT: Simplify string arena growth strategy (#29885)
• a90f073 Merge pull request #29940 from charris/backport-29937
• 55d91ab MAINT: Bump pypa/cibuildwheel from 3.1.4 to 3.2.1
• e2f0383 Merge pull request #29926 from charris/backport-29609
• b427e83 BUG: fix negative samples generated by Wald distribution (#29609)
• 36363d6 Merge pull request #29922 from charris/backport-29914
• Additional commits viewable in compare view

Updates psutil from 7.1.0 to 7.1.1

Changelog

Sourced from psutil's changelog.

7.1.1

2025-10-19

Enhancements

• 2645_, [SunOS]: dropped support for SunOS 10.
• 2646_, [SunOS]: add CI test runner for SunOS.

Bug fixes

• 2641_, [SunOS]: cannot compile psutil from sources due to missing C include.
• 2357_, [SunOS]: Process.cmdline()_ does not handle spaces properly. (patch by Ben Raz)

Compatibility notes

• 2645_: SunOS 10 is no longer supported.

Commits

• a07e87a Pre release
• 7a0756f Upgrade actions/setup-python@v6
• 03c5c69 setup.py: link external libs also when compiling _psutil_posix.c ext
• 49b56c2 [SunOS] Drop SunOS 10 support (#2647)
• 8aca550 [SunOS] add CI test runner for SunOS (#2646)
• c4dd48a Rename psutil_get_proc_list() to _psutil_pids()
• 567b6c9 CI: rename ci-* Makefile target
• c3f6551 avoid raising the result of pytest.skip/pytest.fail (#2638)
• a2091b9 Centralize distribution sanity check into Makefile
• 4250b8e Make ruff happy
• Additional commits viewable in compare view

Updates pydantic from 2.12.0 to 2.12.3

Release notes

Sourced from pydantic's releases.

v2.12.3 2025-10-17

v2.12.3 (2025-10-17)

What's Changed

This is the third 2.13 patch release, fixing issues related to the FieldInfo class, and reverting a change to the supported after model validator function signatures.

• Raise a warning when an invalid after model validator function signature is raised by @​Viicos in #12414. Starting in 2.12.0, using class methods for after model validators raised an error, but the error wasn't raised concistently. We decided to emit a deprecation warning instead.
• Add FieldInfo.asdict() method, improve documentation around FieldInfo by @​Viicos in #12411. This also adds back support for mutations on FieldInfo classes, that are reused as Annotated metadata. However, note that this is still not a supported pattern. Instead, please refer to the added example in the documentation.

The blog post section on changes was also updated to document the changes related to serialize_as_any.

Full Changelog: pydantic/pydantic@v2.12.2...v2.12.3

v2.12.2 2025-10-14

v2.12.2 (2025-10-14)

What's Changed

Fixes

• Release a new pydantic-core version, as a corrupted CPython 3.10 manylinux2014_aarch64 wheel got uploaded (pydantic-core#1843).
• Fix issue with recursive generic models with a parent model class by @​Viicos in #12398

Full Changelog: pydantic/pydantic@v2.12.1...v2.12.2

v2.12.1 2025-10-13

v2.12.1 (2025-10-13)

GitHub release

What's Changed

This is the first 2.12 patch release, addressing most (but not all yet) regressions from the initial 2.12.0 release.

Fixes

• Do not evaluate annotations when inspecting validators and serializers by @​Viicos in #12355
• Make sure None is converted as NoneType in Python 3.14 by @​Viicos in #12370
• Backport V1 runtime warning when using Python 3.14 by @​Viicos in #12367
• Fix error message for invalid validator signatures by @​Viicos in #12366
• Populate field name in ValidationInfo for validation of default value by @​Viicos in pydantic-core#1826
• Encode credentials in MultiHostUrl builder by @​willswire in pydantic-core#1829
• Respect field serializers when using serialize_as_any serialization flag by @​davidhewitt in pydantic-core#1829
• Fix various RootModel serialization issues by @​davidhewitt in pydantic-core#1836

New Contributors

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.12.3 (2025-10-17)

GitHub release

What's Changed

This is the third 2.13 patch release, fixing issues related to the FieldInfo class, and reverting a change to the supported after model validator function signatures.

• Raise a warning when an invalid after model validator function signature is raised by @​Viicos in #12414. Starting in 2.12.0, using class methods for after model validators raised an error, but the error wasn't raised concistently. We decided to emit a deprecation warning instead.
• Add FieldInfo.asdict() method, improve documentation around FieldInfo by @​Viicos in #12411. This also add back support for mutations on FieldInfo classes, that are reused as Annotated metadata. However, note that this is still not a supported pattern. Instead, please refer to the added example in the documentation.

The blog post section on changes was also updated to document the changes related to serialize_as_any.

v2.12.2 (2025-10-14)

GitHub release

What's Changed

Fixes

• Release a new pydantic-core version, as a corrupted CPython 3.10 manylinux2014_aarch64 wheel got uploaded (pydantic-core#1843).
• Fix issue with recursive generic models with a parent model class by @​Viicos in #12398

v2.12.1 (2025-10-13)

GitHub release

What's Changed

This is the first 2.12 patch release, addressing most (but not all yet) regressions from the initial 2.12.0 release.

Fixes

• Do not evaluate annotations when inspecting validators and serializers by @​Viicos in #12355
• Make sure None is converted as NoneType in Python 3.14 by @​Viicos in #12370
• Backport V1 runtime warning when using Python 3.14 by @​Viicos in #12367
• Fix error message for invalid validator signatures by @​Viicos in #12366
• Populate field name in ValidationInfo for validation of default value by @​Viicos in pydantic-core#1826
• Encode credentials in MultiHostUrl builder by @​willswire in pydantic-core#1829
• Respect field serializers when using serialize_as_any serialization flag by @​davidhewitt in pydantic-core#1829
• Fix various RootModel serialization issues by @​davidhewitt in pydantic-core#1836

New Contributors

... (truncated)

Commits

• 1a8850d Prepare release 2.12.3
• 09dbcf2 Add FieldInfo.asdict() method, improve documentation around FieldInfo
• 5da4331 Improve documentation about serialize as any behavior
• 9c86324 Raise a warning when an invalid after model validator function signature is r...
• 36a73c6 Update pydantic-extra-types dependency to version >=2.10.6
• 1e616a3 Prepare release v2.12.2
• dc302e2 Fix issue with recursive generic models with a parent model class
• 6876485 Bump pydantic-core to v2.41.4
• b4076c6 Prepare release 2.12.1
• b67f072 Bump pydantic-core to v2.41.3
• Additional commits viewable in compare view

Updates pydantic-core from 2.41.1 to 2.41.4

Release notes

Sourced from pydantic-core's releases.

v2.41.4

No release notes provided.

v2.41.3

No release notes provided.

v2.41.2 2025-10-13

What's Changed

• Populate field name for validation of default value by @​Viicos in pydantic/pydantic-core#1826
• build PyPy manylinux wheels for x86_64 by @​davidhewitt in pydantic/pydantic-core#1831
• fix: encode credentials in MultiHostUrl builder by @​willswire in pydantic/pydantic-core#1829
• Populate field_name in InternalValidator by @​Viicos in pydantic/pydantic-core#1834
• respect field_serializer when using serialize_as_any=True by @​davidhewitt in pydantic/pydantic-core#1835
• ci: PGO-optimize linux aarch64, restore builds for windows aarch64 by @​davidhewitt in pydantic/pydantic-core#1837
• fix various RootModel serialization issues by @​davidhewitt in pydantic/pydantic-core#1836

New Contributors

• @​willswire made their first contribution in pydantic/pydantic-core#1829

Full Changelog: pydantic/pydantic-core@v2.41.1...v2.41.2

Commits

• 396499c Only check integrity before publishing (#1846)
• f0a9670 Fix integrity checking of wheel files during release (#1845)
• bd04c18 Prepare release v2.41.4 (#1844)
• 31f5107 Check integrity of wheel files during release (#1843)
• e158fa1 Prepare release v2.41.3 (#1840)
• 1f12559 fix runs-on condition for linux builds (#1839)
• ff1aeae release: 2.41.2 (#1838)
• 0344763 fix various RootModel serialization issues (#1836)
• d90a93b ci: PGO-optimize linux aarch64, restore builds for windows aarch64 (#1837)
• eb48cad respect field_serializer when using serialize_as_any=True (#1835)
• Additional commits viewable in compare view

Updates pytokens from 0.1.10 to 0.2.0

Commits

• 0a9c1d4 Merge pull request #6 from tusharsadhwani/packaging
• 606253e Update tests and fix packaging
• 594b445 Update docs: pytokens is no longer a console script
• See full diff in compare view

Updates referencing from 0.36.2 to 0.37.0

Release notes

Sourced from referencing's releases.

v0.37.0

What's Changed

• Declare support for Python 3.14 and 3.14t by @​cclauss in python-jsonschema/referencing#270
• Drop support for Python 3.9

New Contributors

• @​cclauss made their first contribution in python-jsonschema/referencing#270

Full Changelog: python-jsonschema/referencing@v0.36.2...v0.37.0

Changelog

Sourced from referencing's changelog.

v0.37.0

• Declare support for Python 3.14.
• Drop support for Python 3.9 which is near EOL.

Commits

• 944ed5a Style.
• 6382532 Prepare the CHANGELOG for v0.37.
• 91b4bf5 Drop support for 3.9, which is near EOL.
• 0c14d46 Update requirements.
• 2928df5 Add the 3.14 classifier.
• 3ce7f9a Merge pull request #270 from cclauss/patch-1
• b6fc425 ci: Add Python 3.14 and 3.14t to the testing
• 9d1efc5 Merge pull request #265 from python-jsonschema/pre-commit-ci-update-config
• 1513a51 Merge pull request #268 from python-jsonschema/dependabot/submodules/suite-79...
• 8ebb38f Merge pull request #269 from python-jsonschema/dependabot/github_actions/astr...
• Additional commits viewable in compare view

Updates uvicorn from 0.37.0 to 0.38.0

Release notes

Sourced from uvicorn's releases.

Version 0.38.0

What's Changed

• Support Python 3.14 by @​Kludex in Kludex/uvicorn#2723

---

New Contributors

• @​NGANAMODEIJunior made their first contribution in Kludex/uvicorn#2713

Full Changelog: Kludex/uvicorn@0.37.0...0.38.0

Changelog

Sourced from uvicorn's changelog.

0.38.0 (October 18, 2025)

Added

• Support Python 3.14 (#2723)

Commits

• 3850ad6 Version 0.38.0 (#2733)
• 9b3f17a Support Python 3.14 (#2723)
• ce79f95 Revert "Add Marcelo Trylesinski to the license (#2699)" (#2730)
• dbf8797 docs: add social icons (#2728)
• 58f28be Add section about event loop (#2725)
• 93d9510 Bump docs dependencies (#2724)
• 9b1c6c4 Move Marcelo Trylesinski to maintainers in pyproject.toml (#2719)
• 57a61d8 Add discord to README (#2718)
• 7ef5f9f chore(deps): bump astral-sh/setup-uv from 6.7.0 to 6.8.0 (#2717)
• 6d26d88 Update pyproject.toml for PEP639 compliance (#2713)
• See full diff in compare view

Updates watchfiles from 1.1.0 to 1.1.1

Release notes

Sourced from watchfiles's releases.

v1.1.1 2025-10-14

What's Changed

• Add support for Python 3.14 on windows builds by @​zerocewl in samuelcolvin/watchfiles#352
• prepare for v1.1.1 release by @​samuelcolvin in samuelcolvin/watchfiles#353

New Contributors

• @​zerocewl made their first contribution in samuelcolvin/watchfiles#352

Full Changelog: samuelcolvin/watchfiles@v1.1.0...v1.1.1

Commits

• 2b2327f prepare for v1.1.1 release (#353)
• c4bd302 Add support for Python 3.14 on windows builds (#352)
• e3c956b fix license years
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions