Bump the poetry-dependencies group with 9 updates

[dependabot]

Bumps the poetry-dependencies group with 9 updates:

Package	From	To
ruff	0.15.1	0.15.4
typeguard	4.5.0	4.5.1
pyarrow	23.0.0	23.0.1
certifi	2026.1.4	2026.2.25
filelock	3.24.2	3.24.3
librt	0.8.0	0.8.1
responses	0.25.8	0.26.0
uvicorn	0.40.0	0.41.0
virtualenv	20.36.1	21.1.0

Updates ruff from 0.15.1 to 0.15.4

Release notes

Sourced from ruff's releases.

0.15.4

Release Notes

Released on 2026-02-26.

This is a follow-up release to 0.15.3 that resolves a panic when the new rule PLR1712 was enabled with any rule that analyzes definitions, such as many of the ANN or D rules.

Bug fixes

• Fix panic on access to definitions after analyzing definitions (#23588)
• [pyflakes] Suppress false positive in F821 for names used before del in stub files (#23550)

Documentation

• Clarify first-party import detection in Ruff (#23591)
• Fix incorrect import-heading example (#23568)

Contributors

• @​stakeswky
• @​ntBre
• @​thejcannon
• @​GeObts

Install ruff 0.15.4

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.ps1 | iex"

Download ruff 0.15.4

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ruff-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
ruff-i686-pc-windows-msvc.zip	x86 Windows	checksum
ruff-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
ruff-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
ruff-i686-unknown-linux-gnu.tar.gz	x86 Linux	checksum
ruff-powerpc64-unknown-linux-gnu.tar.gz	PPC64 Linux	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.4

Released on 2026-02-26.

This is a follow-up release to 0.15.3 that resolves a panic when the new rule PLR1712 was enabled with any rule that analyzes definitions, such as many of the ANN or D rules.

Bug fixes

• Fix panic on access to definitions after analyzing definitions (#23588)
• [pyflakes] Suppress false positive in F821 for names used before del in stub files (#23550)

Documentation

• Clarify first-party import detection in Ruff (#23591)
• Fix incorrect import-heading example (#23568)

Contributors

• @​stakeswky
• @​ntBre
• @​thejcannon
• @​GeObts

0.15.3

Released on 2026-02-26.

Preview features

• Drop explicit support for .qmd file extension (#23572)

  This can now be enabled instead by setting the extension option:

  # ruff.toml
  extension = { qmd = "markdown" }
  pyproject.toml
  [tool.ruff]
  extension = { qmd = "markdown" }

• Include configured extensions in file discovery (#23400)

• [flake8-bandit] Allow suspicious imports in TYPE_CHECKING blocks (S401-S415) (#23441)

• [flake8-bugbear] Allow B901 in pytest hook wrappers (#21931)

• [flake8-import-conventions] Add missing conventions from upstream (ICN001, ICN002) (#21373)

... (truncated)

Commits

• f14edd8 Bump 0.15.4 (#23595)
• fd09d37 Fix panic on access to definitions after analyzing definitions (#23588)
• 81d655f [pyflakes] suppress false positive in F821 for names used before del in...
• 625b4f5 [ruff] docs: Clarify first-party import detection in Ruff (#23591)
• 60facfa one word typo fix in a while_loop.md test case (#23589)
• fbb9fa7 docs: fix incorrect import-heading example (#23568)
• 5bc49a9 Increase the ruleset size to 16 bits (#23586)
• a62ba8c [ty] Fix overloaded callable assignability for unary Callable targets (#23277)
• e5f2f36 Bump 0.15.3 (#23585)
• 0e19fc9 [ty] defer calculating conjunctions in narrowing constraints (#23552)
• Additional commits viewable in compare view

Updates typeguard from 4.5.0 to 4.5.1

Release notes

Sourced from typeguard's releases.

4.5.1

• Fixed iterable unpacking incorrectly calculating the cut-off offset of the item list when assigning remaining values to the star variable (#546)

Commits

• 67cae3d Added release date
• 8005884 Fixed incorrect calculation of cutoff_offset in check_variable_assignment()
• See full diff in compare view

Updates pyarrow from 23.0.0 to 23.0.1

Release notes

Sourced from pyarrow's releases.

Apache Arrow 23.0.1

Release Notes URL: https://arrow.apache.org/release/23.0.1.html

Apache Arrow 23.0.1 RC0

Release Notes: Release Candidate: 23.0.1 RC0

Commits

• 82a374e MINOR: [Release] Update versions for 23.0.1
• c1ae37c MINOR: [Release] Update .deb/.rpm changelogs for 23.0.1
• 8f6e557 MINOR: [Release] Update CHANGELOG.md for 23.0.1
• 4e16a1a GH-49159: [C++][Gandiva] Detect overflow in repeat() (#49160)
• 985621d GH-48817 [R][C++] Bump C++20 in R build infrastructure (#48819)
• 1bea06a GH-49024: [CI] Update Debian version in .env (#49032)
• 147bcd6 GH-49156: [Python] Require GIL for string comparison (#49161)
• e4f922b GH-49138: [Packaging][Python] Remove nightly cython install from manylinux wh...
• f9376e4 GH-49003: [C++] Don't consider out_of_range an error in float parsing (#49095)
• ab2c0ad GH-49044: [CI][Python] Fix test_download_tzdata_on_windows by adding required...
• Additional commits viewable in compare view

Updates certifi from 2026.1.4 to 2026.2.25

Commits

• 8571a4b 2026.02.25 (#395)
• 6f7de00 Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#390)
• a1de59b Bump actions/checkout from 6.0.1 to 6.0.2 (#391)
• 7f5ade5 Bump actions/setup-python from 6.1.0 to 6.2.0 (#392)
• See full diff in compare view

Updates filelock from 3.24.2 to 3.24.3

Release notes

Sourced from filelock's releases.

3.24.3

What's Changed

• 🐛 fix(ci): add trailing blank line after changelog entries by @​gaborbernat in tox-dev/filelock#492
• 🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire by @​gaborbernat in tox-dev/filelock#495

Full Changelog: tox-dev/filelock@3.24.2...3.24.3

Changelog

Sourced from filelock's changelog.

########### Changelog ###########

---

3.24.3 (2026-02-19)

---

• 🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire :pr:495
• 🐛 fix(ci): add trailing blank line after changelog entries :pr:492

---

3.24.2 (2026-02-16)

---

• 🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race :pr:491
• 🐛 fix(test): resolve flaky write non-starvation test :pr:490
• 📝 docs: restructure using Diataxis framework :pr:489

---

3.24.1 (2026-02-15)

---

• 🐛 fix(soft): resolve Windows deadlock and test race condition :pr:488

---

3.24.0 (2026-02-14)

---

• ✨ feat(lock): add lifetime parameter for lock expiration (#68) :pr:486
• ✨ feat(lock): add cancel_check to acquire (#309) :pr:487
• 🐛 fix(api): detect same-thread self-deadlock :pr:481
• ✨ feat(mode): respect POSIX default ACLs (#378) :pr:483
• 🐛 fix(win): eliminate lock file race in threaded usage :pr:484
• ✨ feat(lock): add poll_interval to constructor :pr:482
• 🐛 fix(unix): auto-fallback to SoftFileLock on ENOSYS :pr:480

---

3.23.0 (2026-02-14)

---

• 📝 docs: move from Unlicense to MIT :pr:479
• 📝 docs: add fasteners to similar libraries :pr:478

---

3.22.0 (2026-02-14)

---

• 🐛 fix(soft): skip stale detection on Windows :pr:477
• ✨ feat(soft): detect and break stale locks :pr:476

... (truncated)

Commits

• b34b3df Release 3.24.3
• e266937 🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire (#495)
• e65c3b8 [pre-commit.ci] pre-commit autoupdate (#493)
• a67ae00 🐛 fix(ci): add trailing blank line after changelog entries (#492)
• See full diff in compare view

Updates librt from 0.8.0 to 0.8.1

Commits

• e9c167e Sync mypy
• See full diff in compare view

Updates responses from 0.25.8 to 0.26.0

Release notes

Sourced from responses's releases.

0.26.0

• When using assert_all_requests_are_fired=True, assertions about unfired requests are now raised even when an exception occurs in the context manager or decorated function. Previously, these assertions were suppressed when exceptions occurred. This new behavior provides valuable debugging context about which mocked requests were or weren't called.
• Consider the Retry-After header when handling retries

Changelog

Sourced from responses's changelog.

0.26.0

• When using assert_all_requests_are_fired=True, assertions about unfired requests are now raised even when an exception occurs in the context manager or decorated function. Previously, these assertions were suppressed when exceptions occurred. This new behavior provides valuable debugging context about which mocked requests were or weren't called.
• Consider the Retry-After header when handling retries

Commits

• 94913d0 release: 0.26.0
• 051b79e Make assert_all_requests_are_fired always assert on exception (#782)
• 0905cb8 Fix query_param_matcher not matching empty query parameter values (#787)
• e0c6faa ci(release): Switch from action-prepare-release to Craft (#785)
• 1be3a73 fix: Consider the Retry-After header when handling retries (#784)
• c6730fb Merge branch 'release/0.25.8'
• See full diff in compare view

Updates uvicorn from 0.40.0 to 0.41.0

Release notes

Sourced from uvicorn's releases.

Version 0.41.0

Added

• Add --limit-max-requests-jitter to stagger worker restarts (#2707)
• Add socket path to scope["server"] (#2561)

Changed

• Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

• Ignore permission denied errors in watchfiles reloader (#2817)
• Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
• Reduce the log level of 'request limit exceeded' messages (#2788)

---

New Contributors

• @​t-kawasumi made their first contribution in Kludex/uvicorn#2776
• @​fardyn made their first contribution in Kludex/uvicorn#2800
• @​ewie made their first contribution in Kludex/uvicorn#2807
• @​shevron made their first contribution in Kludex/uvicorn#2788
• @​jonashaag made their first contribution in Kludex/uvicorn#2707

---

Full Changelog: Kludex/uvicorn@0.40.0...0.41.0

Changelog

Sourced from uvicorn's changelog.

0.41.0 (February 16, 2026)

Added

• Add --limit-max-requests-jitter to stagger worker restarts (#2707)
• Add socket path to scope["server"] (#2561)

Changed

• Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

• Ignore permission denied errors in watchfiles reloader (#2817)
• Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
• Reduce the log level of 'request limit exceeded' messages (#2788)

Commits

• 9283c0f Version 0.41.0 (#2821)
• a01a33e Add --limit-max-requests-jitter to stagger worker restarts (#2707)
• 2ce65bd Ignore permission denied errors in watchfiles reloader (#2817)
• 654f2ed Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
• a03d9f6 Reduce the log level of 'request limit exceeded' messages (#2788)
• e377de4 Add socket path to scope["server"] (#2561)
• 0779f7f Poll for readiness in test_multiprocess_health_check and run_server (#2816)
• 7e9ce2c Poll for PID changes in test_multiprocess_sighup instead of fixed sleep (#2...
• 99f0d87 Fix grep warning in scripts/sync-version (#2807)
• 7ae2e63 chore(deps): bump the python-packages group with 18 updates (#2801)
• Additional commits viewable in compare view

Updates virtualenv from 20.36.1 to 21.1.0

Release notes

Sourced from virtualenv's releases.

21.1.0

What's Changed

• add comprehensive type annotations across the entire codebase by @​rahuldevikar in pypa/virtualenv#3076

Full Changelog: pypa/virtualenv@21.0.0...21.1.0

21.0.0

What's Changed

• ♻️ refactor(discovery): extract py_discovery as self-contained package by @​gaborbernat in pypa/virtualenv#3070
• 📝 docs(changelog): add removal entry for python-discovery extraction by @​gaborbernat in pypa/virtualenv#3074

Full Changelog: pypa/virtualenv@20.39.1...21.0.0

20.39.1

What's Changed

• Align dependency versions across projects by @​gaborbernat in pypa/virtualenv#3069
• ✨ feat(create): add RustPython support by @​gaborbernat in pypa/virtualenv#3071
• 🐛 fix(create): add pythonw3.exe to Windows venvs by @​gaborbernat in pypa/virtualenv#3073

Full Changelog: pypa/virtualenv@20.39.0...20.39.1

20.39.0

What's Changed

• Move from extras to dependency-groups by @​gaborbernat in pypa/virtualenv#3056
• 🐛 fix(sdist): include tox.toml in sdist by @​gaborbernat in pypa/virtualenv#3063
• 🐛 fix(seed): add --ignore-installed to pip invoke seeder by @​gaborbernat in pypa/virtualenv#3064
• 👷 ci(brew): add missing Homebrew Python versions and fix discovery by @​gaborbernat in pypa/virtualenv#3066
• 🧪 test(discovery): fix test_py_info_cache_clear outside venv by @​gaborbernat in pypa/virtualenv#3065
• Add architecture (ISA) awareness to Python discovery by @​rahuldevikar in pypa/virtualenv#3058
• 🐛 fix(discovery): resolve version-manager shims to real binaries by @​gaborbernat in pypa/virtualenv#3067
• Add auto-upgrade workflow for embedded dependencies by @​rahuldevikar in pypa/virtualenv#3057

Full Changelog: pypa/virtualenv@20.38.0...20.39.0

20.38.0

What's Changed

... (truncated)

Changelog

Sourced from virtualenv's changelog.

Features - 21.1.0

• Add comprehensive type annotations across the entire codebase and ship a PEP 561 py.typed marker so downstream consumers and type checkers recognize virtualenv as an inline-typed package - by :user:rahuldevikar. (:issue:3075)

---

v21.0.0 (2026-02-25)

---

Deprecations and Removals - 21.0.0

• The Python discovery logic has been extracted into a standalone python-discovery package on PyPI (documentation <https://python-discovery.readthedocs.io/>_) and is now consumed as a dependency. If you previously imported discovery internals directly (e.g. from virtualenv.discovery.py_info import PythonInfo), switch to from python_discovery import PythonInfo. Backward-compatibility re-export shims are provided at virtualenv.discovery.py_info, virtualenv.discovery.py_spec, and virtualenv.discovery.cached_py_info, however these are considered unsupported and may be removed in a future release - by :user:gaborbernat. (:issue:3070)

---

v20.39.1 (2026-02-25)

---

Features - 20.39.1

• Add support for creating virtual environments with RustPython - by :user:elmjag. (:issue:3010)

---

v20.39.0 (2026-02-23)

---

Features - 20.39.0

• Automatically resolve version manager shims (pyenv, mise, asdf) to the real Python binary during discovery, preventing incorrect interpreter selection when shims are on PATH - by :user:gaborbernat. (:issue:3049)
• Add architecture (ISA) awareness to Python discovery — users can now specify a CPU architecture suffix in the --python spec string (e.g. cpython3.12-64-arm64) to distinguish between interpreters that share the same version and bitness but target different architectures. Uses sysconfig.get_platform() as the data source, with cross-platform normalization (amd64 ↔ x86_64, aarch64 ↔ arm64). Omitting the suffix preserves existing behavior - by :user:rahuldevikar. (:issue:3059)

---

v20.38.0 (2026-02-19)

---

Features - 20.38.0

... (truncated)

Commits

• 404a3e5 release 21.1.0
• 981d87c add comprehensive type annotations across the entire codebase (#3076)
• 17d98ba Add security policy
• 7687420 release 21.0.0
• 8ec3142 📝 docs(changelog): add removal entry for python-discovery extraction (#3074)
• f89d46c ♻️ refactor(discovery): extract py_discovery as self-contained package (#3070)
• 0272c72 release 20.39.1
• b1ca37f 🐛 fix(create): add pythonw3.exe to Windows venvs (#3073)
• 1d4a338 ✨ feat(create): add RustPython support (#3071)
• a10c5d4 Align dependency versions across projects (#3069)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions