[pip] (deps): Bump the dev-dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the dev-dependencies group with 10 updates in the / directory:

Package	From	To
certifi	2026.5.20	2026.6.17
idna	3.17	3.18
coverage	7.14.1	7.14.2
distlib	0.4.0	0.4.3
filelock	3.29.0	3.29.4
pyright	1.1.409	1.1.410
pytest	9.0.3	9.1.1
pytest-github-actions-annotate-failures	0.4.0	0.4.2
ruff	0.15.15	0.15.18
virtualenv	21.4.2	21.5.1

Updates certifi from 2026.5.20 to 2026.6.17

Commits

• d0ac52f 2026.06.17 (#418)
• d46de62 Bump actions/checkout from 6.0.2 to 6.0.3 (#417)
• 6c183ec fix: update Requests docs link to canonical URL (#415)
• 36e3568 Bump dessant/lock-threads from 6.0.0 to 6.0.2
• See full diff in compare view

Updates idna from 3.17 to 3.18

Changelog

Sourced from idna's changelog.

3.18 (2026-06-02)

• When decoding a domain, add a display argument that will pass through invalid labels rather than raising an exception.

Commits

• f39ea90 Release 3.18
• 40f4e40 Pre-release 3.18rc0
• 1a5bf80 Merge pull request #253 from kjd/lenient-decode
• 5bbb26f Merge branch 'master' into lenient-decode
• c532bae Rename decode() lenient= option to display= (issue #248)
• 0b1758b Merge pull request #252 from kjd/release-3.17
• 47b5cde Add lenient option to decode() for best-effort label recovery (issue #248)
• See full diff in compare view

Updates coverage from 7.14.1 to 7.14.2

Changelog

Sourced from coverage's changelog.

Version 7.14.2 — 2026-06-20

• Fix: some messages were being written to stdout, making coverage json -o - useless for capturing JSON output. Now messages are written to stderr, fixing issue 2197_.

• Fix: CoverageData kept one SQLite connection per thread that recorded coverage, but never closed them when those threads terminated. On long runs with many short-lived threads this leaked one file descriptor per dead thread, eventually failing with OSError: [Errno 24] Too many open files. Connections belonging to terminated threads are now closed and dropped. Fixes issue 2192. Thanks, Matthew Lloyd <pull 2193_>.

• Fix: when using sys.monitoring, we were assuming we could use the COVERAGE_ID tool id. But other tools might also assume they could use that id. Pre-allocated ids don't really make sense, so now we search for a usable one instead. Fixes issue 2187_.

• Following the advice of cibuildwheel <no-13t_>_, we no longer distribute wheels for Python 3.13 free-threaded.

.. _issue 2187: coveragepy/coveragepy#2187 .. _issue 2192: coveragepy/coveragepy#2192 .. _pull 2193: coveragepy/coveragepy#2193 .. _issue 2197: coveragepy/coveragepy#2197 .. _no-13t: https://py-free-threading.github.io/ci/#building-free-threaded-wheels-with-cibuildwheel

.. _changes_7-14-1:

Commits

• 153f932 docs: sample HTML for 7.14.2
• 311bc67 docs: prep for 7.14.2
• 7f314be docs: thanks, Matthew Lloyd #2193
• f960696 Fix: close SQLite connections from terminated threads (#2192) (#2193)
• 2429615 docs: fix a changelog entry
• ced7f8a build: cibuildwheel 4.0.0 no longer has this enable option
• 30a567c chore: make upgrade
• 27c11f1 fix: write messages to stderr. #2197
• bdbe01f chore: bump the action-dependencies group with 3 updates (#2191)
• dc2fd3b chore: bump the action-dependencies group with 2 updates (#2188)
• Additional commits viewable in compare view

Updates distlib from 0.4.0 to 0.4.3

Changelog

Sourced from distlib's changelog.

0.4.3

Released: 2026-06-12


resources

Removed too-restrictive check for escaping resources.



0.4.2

Released: 2026-06-08

• locators

  • Fix URL percent-encoding using space-padding instead of zero-padding. Thanks to Kadir Can Ozden for the patch.

  • Harden decompression against malicious input. Thanks to tonghuaroot for the patch, which was adapted slightly.

• manifest

  • Use os.lstat in findall to correctly detect symlinked directories. Thanks to Kadir Can Ozden for the patch.

• metadata

  • Improve logic to incorporate newer metadata versions.

• resources

  • Ensure that constructed resource paths don't escape the package. Thanks to tonghuaroot for the patch.

• util

  • Fix #255: Update cache_from_source() for Python 3.15. Thanks to Victor Stinner for the patch.

  • Check during unarchiving that the destination directory isn't escaped via symlinks. Thanks to tonghuaroot for the patch.

  • Improved performance of normalize_name using dual replace. Thanks to Hugo van Kemenade for the patch.

• wheel

... (truncated)

Commits

• 3f4a377 Changes for 0.4.3.
• 5ee19e6 Relax too-strict escaping check for resources.
• f0e3d1a Bump version.
• 06e010d Add upper version limit for setuptools for build, to keep metadata version to...
• 8b5aa55 Added tag 0.4.2 for changeset 5295c0ceb419
• 8183ea6 Update change log.
• 55ca016 Changes for 0.4.2.
• 7e282ab Update metadata logic to incorporate newer versions.
• fa4ea50 Remove non-portable portion of test.
• e06a1d5 Further refine tests.
• Additional commits viewable in compare view

Updates filelock from 3.29.0 to 3.29.4

Release notes

Sourced from filelock's releases.

3.29.4

What's Changed

• verify inode in break_lock_file before unlinking a stale lock by @​dxbjavid in tox-dev/filelock#561
• keep the read/write heartbeat alive on a transient touch error by @​dxbjavid in tox-dev/filelock#562

Full Changelog: tox-dev/filelock@3.29.3...3.29.4

3.29.3

What's Changed

• 🔧 ci(release): publish to PyPI on tag push by @​gaborbernat in tox-dev/filelock#557
• validate pid range in _parse_lock_holder by @​dxbjavid in tox-dev/filelock#556
• 🐛 fix(ci): restore release environment on tag job by @​gaborbernat in tox-dev/filelock#559
• 🐛 fix(ci): publish from release.yaml on tag push by @​gaborbernat in tox-dev/filelock#560

Full Changelog: tox-dev/filelock@3.29.2...3.29.3

3.29.2

What's Changed

• open marker reads non-blocking to refuse attacker-placed fifo by @​dxbjavid in tox-dev/filelock#549
• 🔒 fix(soft): harden stale-lock breaking and self-heal malformed locks by @​gaborbernat in tox-dev/filelock#551
• check hostname in is_lock_held_by_us by @​dxbjavid in tox-dev/filelock#553

Full Changelog: tox-dev/filelock@3.29.1...3.29.2

3.29.1

What's Changed

• docs: fix API docs of release() by @​MrAnno in tox-dev/filelock#540
• docs: clarify per-thread scope of FileLock configuration by @​Gares95 in tox-dev/filelock#543
• chore: improve filelock maintenance path by @​lphuc2250gma in tox-dev/filelock#542
• chore: improve filelock maintenance path by @​lphuc2250gma in tox-dev/filelock#544
• chore: improve filelock maintenance path by @​lphuc2250gma in tox-dev/filelock#545
• 🐛 fix(soft): refuse to follow symlinks when reading the lock file by @​dxbjavid in tox-dev/filelock#548

New Contributors

• @​MrAnno made their first contribution in tox-dev/filelock#540
• @​Gares95 made their first contribution in tox-dev/filelock#543
• @​lphuc2250gma made their first contribution in tox-dev/filelock#542
• @​dxbjavid made their first contribution in tox-dev/filelock#548

... (truncated)

Changelog

Sourced from filelock's changelog.

########### Changelog ###########

---

3.29.4 (2026-06-13)

---

• keep the read/write heartbeat alive on a transient touch error :pr:562 - by :user:dxbjavid
• verify inode in break_lock_file before unlinking a stale lock :pr:561 - by :user:dxbjavid

---

3.29.3 (2026-06-10)

---

• 🐛 fix(ci): restore release environment on tag job :pr:559
• validate pid range in _parse_lock_holder :pr:556 - by :user:dxbjavid
• 🔧 ci(release): publish to PyPI on tag push :pr:557
• build(deps): bump astral-sh/setup-uv from 8.1.0 to 8.2.0 :pr:558 - by :user:dependabot[bot]

---

3.29.2 (2026-06-10)

---

• build(deps): bump actions/checkout from 6.0.2 to 6.0.3 :pr:555 - by :user:dependabot[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:554 - by :user:pre-commit-ci[bot]
• check hostname in is_lock_held_by_us :pr:553 - by :user:dxbjavid
• 🔒 fix(soft): harden stale-lock breaking and self-heal malformed locks :pr:551
• open marker reads non-blocking to refuse attacker-placed fifo :pr:549 - by :user:dxbjavid

---

3.29.1 (2026-06-03)

---

• 🐛 fix(soft): refuse to follow symlinks when reading the lock file :pr:548 - by :user:dxbjavid
• [pre-commit.ci] pre-commit autoupdate :pr:547 - by :user:pre-commit-ci[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:546 - by :user:pre-commit-ci[bot]
• chore: improve filelock maintenance path :pr:545 - by :user:lphuc2250gma
• chore: improve filelock maintenance path :pr:544 - by :user:lphuc2250gma
• chore: improve filelock maintenance path :pr:542 - by :user:lphuc2250gma
• docs: clarify per-thread scope of FileLock configuration :pr:543 - by :user:Gares95
• [pre-commit.ci] pre-commit autoupdate :pr:541 - by :user:pre-commit-ci[bot]
• docs: fix API docs of release() :pr:540 - by :user:MrAnno
• [pre-commit.ci] pre-commit autoupdate :pr:539 - by :user:pre-commit-ci[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:538 - by :user:pre-commit-ci[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:537 - by :user:pre-commit-ci[bot]
• build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 :pr:536 - by :user:dependabot[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:535 - by :user:pre-commit-ci[bot]

---

... (truncated)

Commits

• f3c11c0 Release 3.29.4
• 5d663ee keep the read/write heartbeat alive on a transient touch error (#562)
• 406d0a2 verify inode in break_lock_file before unlinking a stale lock (#561)
• 85e73d7 🐛 fix(ci): publish from release.yaml on tag push (#560)
• f86dcb1 Release 3.29.3
• 643bdbe 🐛 fix(ci): restore release environment on tag job (#559)
• 7a8f74a validate pid range in _parse_lock_holder (#556)
• d1d49a0 🔧 ci(release): publish to PyPI on tag push (#557)
• b37e162 build(deps): bump astral-sh/setup-uv from 8.1.0 to 8.2.0 (#558)
• d9216de Release 3.29.2
• Additional commits viewable in compare view

Updates pyright from 1.1.409 to 1.1.410

Commits

• 509391a Pyright NPM Package update to 1.1.410 (#361)
• See full diff in compare view

Updates pytest from 9.0.3 to 9.1.1

Release notes

Sourced from pytest's releases.

9.1.1

pytest 9.1.1 (2026-06-19)

Bug fixes

• #14220: Fixed a logic bug in pytest.RaisesGroup which would might cause it to display incorrect "It matches FooError() which was paired with BarError" messages.
• #14591: Fixed a regression in pytest 9.1.0 which caused overriding a parametrized fixture with an indirect @​pytest.mark.parametrize to fail with "duplicate parametrization of '<fixture name>'".
• #14606: Fixed list-item typing errors from mypy in @pytest.mark.parametrize <pytest.mark.parametrize ref> argvalues parameter.
• #14608: Fixed a regression in pytest 9.1.0 where conftest.py files located in <invocation dir>/test* were no longer loaded as initial conftests when invoked without arguments. This could cause certain hooks (like pytest_addoption) in these files to not fire.

9.1.0

pytest 9.1.0 (2026-06-13)

Removals and backward incompatible breaking changes

• #14533: When using --doctest-modules, autouse fixtures with module, package or session scope that are defined inline in Python test modules (not plugins or conftests) will now possibly execute twice.

  If this is undesirable, move the fixture definition to a conftest.py file if possible.

  Technical explanation for those interested: When using --doctest-modules, pytest possibly collects Python modules twice, once as pytest.Module and once as a DoctestModule (depending on the configuration). Due to improvements in pytest's fixture implementation, if e.g. the DoctestModule collects a fixture, it is now visible to it only, and not to the Module. This means that both need to register the fixtures independently.

Deprecations (removal in next major release)

• #10819: Added a deprecation warning for class-scoped fixtures defined as instance methods (without @classmethod). Such fixtures set attributes on a different instance than the test methods use, leading to unexpected behavior. Use @classmethod decorator instead -- by yastcher.

  See 10819 and 14011.

• #12882: Calling request.getfixturevalue() <pytest.FixtureRequest.getfixturevalue> during teardown to request a fixture that was not already requested is now deprecated and will become an error in pytest 10.

  See dynamic-fixture-request-during-teardown for details.

• #13409: Using non-~collections.abc.Collection iterables (such as generators, iterators, or custom iterable objects) for the argvalues parameter in @pytest.mark.parametrize <pytest.mark.parametrize ref> and metafunc.parametrize <pytest.Metafunc.parametrize> is now deprecated.

  These iterables get exhausted after the first iteration, leading to tests getting unexpectedly skipped in cases such as running pytest.main() multiple times, using class-level parametrize decorators, or collecting tests multiple times.

  See parametrize-iterators for details and suggestions.

• #13946: The private config.inicfg attribute is now deprecated. Use config.getini() <pytest.Config.getini> to access configuration values instead.

  See config-inicfg for more details.

• #14004: Passing baseid to ~pytest.FixtureDef or nodeid strings to fixture registration APIs is now deprecated. These are internal pytest APIs that are used by some plugins.

... (truncated)

Commits

• cf470ec Prepare release version 9.1.1
• e0c8ce6 Merge pull request #14625 from pytest-dev/patchback/backports/9.1.x/a07c31a97...
• 1b82d16 Merge pull request #14624 from pytest-dev/patchback/backports/9.1.x/b375b79ec...
• 501c4bc Merge pull request #14596 from bluetech/doc-classmethod
• b61f588 Merge pull request #14622 from chrisburr/fix-14608-initial-conftest-test-subdir
• 9a567e0 [automated] Update plugin list (#14617) (#14618)
• ef8b299 Merge pull request #14620 from pytest-dev/patchback/backports/9.1.x/680f9f3ed...
• 66abd07 Merge pull request #14220 from bysiber/fix-stale-iexp-raisesgroup
• 79fbf93 Merge pull request #14612 from pytest-dev/patchback/backports/9.1.x/974ed48b6...
• 0d312eb Merge pull request #14611 from bluetech/parametrize-argvalues-typing
• Additional commits viewable in compare view

Updates pytest-github-actions-annotate-failures from 0.4.0 to 0.4.2

Release notes

Sourced from pytest-github-actions-annotate-failures's releases.

v0.4.2

Fixes

• fix: Handle warning filename when the file and the CWD are on different Windows drives (#148) @​edgarrmondragon

v0.4.1

• build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 (#137) @dependabot[bot]

Fixes

• fix: Ensure the first failure of a flaky test is annotated when using in tandem with pytest-rerunfailures (#144) @​edgarrmondragon
• fix: Avoid emitthing duplicate GitHub Actions error annotations when running with pytest-xdist (#140) @​atsuoishimoto
• fix: respect PYTEST_RUN_PATH in warning annotations (#138) @​pl4nty

Maintenance

• chore: Migrate to tox.toml (#146) @​edgarrmondragon
• chore: Use tox generative ranges (#145) @​edgarrmondragon
• chore: Use pytester fixture to test the plugin (#133) @​edgarrmondragon
• refactor: remove unused PYTEST_VERSION and packaging import (#141) @​henryiii
• chore: bump pre-commit (#143) @​henryiii
• docs: fix --exclude-warning-annotations help text (#142) @​henryiii
• ci: Update _extends syntax to what Release Drafter v7 expects (#136) @​edgarrmondragon
• build(deps): bump astral-sh/setup-uv from 8.1.0 to 8.2.0 (#139) @dependabot[bot]
• ci: bump setup-uv to maintained tag scheme (#135) @​henryiii

Commits

• 9fb5db2 fix: Handle warning filename when the file and the CWD are on different Windo...
• 6b022cd chore: Migrate to tox.toml (#146)
• 8fa8b07 fix: Ensure the first failure of a flaky test is annotated when using in tand...
• e62eadf chore: Use tox generative ranges (#145)
• 466b4e2 chore: Use pytester fixture to test the plugin (#133)
• c28d7ab refactor: remove unused PYTEST_VERSION and packaging import (#141)
• 96e1bc4 chore: bump pre-commit (#143)
• 2dce8a7 docs: fix --exclude-warning-annotations help text (#142)
• 174c3f8 ci: Update _extends syntax to what Release Drafter v7 expects (#136)
• 70d0656 fix: Avoid emitthing duplicate GitHub Actions error annotations when running ...
• Additional commits viewable in compare view

Updates ruff from 0.15.15 to 0.15.18

Release notes

Sourced from ruff's releases.

0.15.18

Release Notes

Released on 2026-06-18.

Preview features

• Handle nested ruff:ignore comments (#25791)
• Stop displaying severity in output (#26050)
• Use human-readable names in CLI output (#25937)
• Use human-readable names in LSP and playground diagnostics (#26058)
• [pydocstyle] Prevent property docstrings starting with verbs (D421) (#23775)
• [flake8-pyi] Extend PYI033 to Python files (#26129)

Bug fixes

• Detect equivalent numeric mapping keys (#26009)
• Detect mapping keys equivalent to booleans (#25982)
• Detect repeated signed and complex dictionary keys (#26007)

Rule changes

• [flake8-pyi] Rename PYI033 to legacy-type-comment (#26131)

Performance

• Use ThinVec for call keywords (#25999)
• Inline parser recovery context checks (#26038)
• Match parser keywords as bytes (#26037)
• Move value parsing out of lexing (#25360)

Server

• Render subdiagnostics and secondary annotations as related information (#26011)

Documentation

• Update fix availability for always-fixable rules (#26091)
• [flake8-tidy-imports] Add fix safety section (TID252) (#17491)

Parser

• Reject __debug__ lambda parameters (#26022)
• Reject _ as a match-pattern target (#25977)
• Reject multiple starred names in sequence patterns (#25976)
• Reject parenthesized star imports (#26021)
• Reject starred comprehension targets (#26023)
• Reject unparenthesized generator expressions in class bases (#25978)
• Reject yield expressions after commas (#26024)
• Validate function type parameter default order (#25981)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.18

Released on 2026-06-18.

Preview features

• Handle nested ruff:ignore comments (#25791)
• Stop displaying severity in output (#26050)
• Use human-readable names in CLI output (#25937)
• Use human-readable names in LSP and playground diagnostics (#26058)
• [pydocstyle] Prevent property docstrings starting with verbs (D421) (#23775)
• [flake8-pyi] Extend PYI033 to Python files (#26129)

Bug fixes

• Detect equivalent numeric mapping keys (#26009)
• Detect mapping keys equivalent to booleans (#25982)
• Detect repeated signed and complex dictionary keys (#26007)

Rule changes

• [flake8-pyi] Rename PYI033 to legacy-type-comment (#26131)

Performance

• Use ThinVec for call keywords (#25999)
• Inline parser recovery context checks (#26038)
• Match parser keywords as bytes (#26037)
• Move value parsing out of lexing (#25360)

Server

• Render subdiagnostics and secondary annotations as related information (#26011)

Documentation

• Update fix availability for always-fixable rules (#26091)
• [flake8-tidy-imports] Add fix safety section (TID252) (#17491)

Parser

• Reject __debug__ lambda parameters (#26022)
• Reject _ as a match-pattern target (#25977)
• Reject multiple starred names in sequence patterns (#25976)
• Reject parenthesized star imports (#26021)
• Reject starred comprehension targets (#26023)
• Reject unparenthesized generator expressions in class bases (#25978)
• Reject yield expressions after commas (#26024)
• Validate function type parameter default order (#25981)

... (truncated)

Commits

• 6686f63 Bump 0.15.18 (#26135)
• efbb732 [ty] Suggest keyword-only arguments between variadic parameters (#26134)
• c256d5f [ty] Support Annotated[Any, ...] as a class base (#26133)
• 19a4bea [flake8-pyi] Rename PYI033 to legacy-type-comment (#26131)
• 1d9866c Bump ecosystem-analyzer commit (#26130)
• 8656c73 [ty] Compact indexed AST node storage (#25998)
• c17c8d9 [ty] Garbage-collect cached constraint sets (#26116)
• ef0fb8f [ty] Fix bound TypeVar default cycle recovery (#26124)
• b83c024 [flake8-pyi] Extend PYI033 to Python files in preview (#26129)
• e8a5e38 Update Rust crate zip to v8 (#26078)
• Additional commits viewable in compare view

Updates virtualenv from 21.4.2 to 21.5.1

Release notes

Sourced from virtualenv's releases.

21.5.1

What's Changed

• 🐛 fix(seed): refuse to seed unsupported Python versions by @​gaborbernat in pypa/virtualenv#3173

Full Changelog: pypa/virtualenv@21.5.0...21.5.1

21.5.0

What's Changed

• Set git identity in upgrade changelog rename step by @​gaborbernat in pypa/virtualenv#3169
• Upgrade embedded pip/setuptools/wheel by @​github-actions[bot] in pypa/virtualenv#3168
• ✨ feat: drop Python 3.8 support by @​gaborbernat in pypa/virtualenv#3170

Full Changelog: pypa/virtualenv@21.4.3...21.5.0

21.4.3

What's Changed

• ci: silence avoidable check workflow notices by @​gaborbernat in pypa/virtualenv#3154
• Upgrade embedded pip/setuptools/wheel by @​github-actions[bot] in pypa/virtualenv#3155
• Fish activator passes VIRTUAL_ENV through cygpath by @​LuNoX in pypa/virtualenv#3161
• Stop exporting PS1 in bash activator by @​karlhillx in pypa/virtualenv#3162
• Add wheel-0.47.0 to seed packages as mitigation of CVE-2026-24049 by @​apophizzz in pypa/virtualenv#3167
• 🐛 fix(discovery): resolve base interpreter executable-only symlinks by @​gaborbernat in pypa/virtualenv#3166

New Contributors

• @​LuNoX made their first contribution in pypa/virtualenv#3161
• @​karlhillx made their first contribution in pypa/virtualenv#3162
• @​apophizzz made their first contribution in pypa/virtualenv#3167

Full Changelog: pypa/virtualenv@21.4.2...21.4.3

Changelog

Sourced from virtualenv's changelog.

Bugfixes - 21.5.1

• Refuse to create environments whose Python the bundled wheels no longer cover (currently below 3.9). virtualenv used to substitute the newest bundled pip, which cannot run on such a target, leaving a broken environment; seeder selection now rejects it up front with a clear error. --no-seed and third-party seeders that ship compatible wheels still work - by :user:gaborbernat. (:issue:3171)

---

v21.5.0 (2026-06-13)

---

Features - 21.5.0

• Drop support for Python 3.8; virtualenv now requires Python 3.9 or later to run and to create environments. Remove the embedded wheel seed package, which virtualenv bundled only for Python 3.8. The --wheel and --no-wheel options stay as no-ops, but now warn that virtualenv will remove them in a release after 2026-12 - by :user:gaborbernat. (:issue:3170)

Bugfixes - 21.5.0

• Upgrade embedded wheels:

  Removed wheel of 0.47.0 (:issue:u)

---

v21.4.3 (2026-06-11)

---

Bugfixes - 21.4.3

• Upgrade embedded wheels:

  • pip to 26.1.2 from 26.1.1 (:issue:u)

• Resolve executable-only symlinks when recording home and base-executable in pyvenv.cfg, mirroring CPython's getpath.realpathpython/cpython#115237 binary locate the base stdlib (for example python-build-standalone); a fully symlinked interpreter tree is kept as-is

  • by :user:gaborbernat. (:issue:3157)

• Stop exporting PS1 from the bash activator so child processes do not inherit shell prompt state. (:issue:3158)

• Handle CYGWIN/MSYS/MINGW path conversions in fish activation script - by user::LuNoX. (:issue:3160)

---

v21.4.2 (2026-05-31)

---

Commits

• e1db75c release 21.5.1
• 2bbb35c 🐛 fix(seed): refuse to seed unsupported Python versions (#3173)
• 7042705 [pre-commit.ci] pre-commit autoupdate (#3172)
• 90735e0 release 21.5.0
• 79ce906 ✨ feat: drop Python 3.8 support (#3170)
• f1f4d68 Upgrade embedded pip/setuptools/wheel (#3168)
• 78df6f0 Set git identity in upgrade changelog rename step (#3169)
• 134b080 release 21.4.3
• 2a36128 🐛 fix(discovery): resolve base interpreter executable-only symlinks (#3166)
• 5389c25 Add wheel-0.47.0 to seed packages as mitigation of CVE-2026-24049 (#3167)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Coverage report

This PR does not seem to contain any modification to coverable code.