chore(deps): bump the pip-dependency-updates group across 3 directories with 5 updates

[dependabot]

Updates the requirements on hatchling, virtualenv, keyring, click and rich-click to permit the latest version.
Updates hatchling from 1.27.0 to 1.29.0

Release notes

Sourced from hatchling's releases.

Hatchling v1.29.0

Fixed:

• Source Date Epoch no longer fails when set to date before 1980.

Hatchling v1.28.0

Changed:

• Drop support for Python 3.9

Added:

• Add sbom-files option and sbom_files build data to the wheel build target for including Software Bill of Materials files.

Commits

• 1a74daa Noqa release command to unblock GHA for PRs
• 78065f4 For Immutable Releases (#2188)
• 592c0a9 release Hatchling v1.29.0 (#2186)
• 874059b Prerelease doc updates. (#2183)
• 0e31bb6 Immutable releases ci (#2182)
• f400be1 Support a SOURCE_DATE_EPOCH prior to 1980 (#1999)
• 47b55ce Fixing failing tests for changes in Rich markdown rendering (#2172)
• cc4acd6 Add a note guiding users to include SBOM files in the source distribution (#2...
• 9068758 Fix #2164 keep_env type error for hatch shell (#2165)
• bc31cfc Fix warning and tests with packaging 26.0 (#2159)
• Additional commits viewable in compare view

Updates virtualenv from 20.39.1 to 21.1.0

Release notes

Sourced from virtualenv's releases.

21.1.0

What's Changed

• add comprehensive type annotations across the entire codebase by @​rahuldevikar in pypa/virtualenv#3076

Full Changelog: pypa/virtualenv@21.0.0...21.1.0

21.0.0

What's Changed

• ♻️ refactor(discovery): extract py_discovery as self-contained package by @​gaborbernat in pypa/virtualenv#3070
• 📝 docs(changelog): add removal entry for python-discovery extraction by @​gaborbernat in pypa/virtualenv#3074

Full Changelog: pypa/virtualenv@20.39.1...21.0.0

Changelog

Sourced from virtualenv's changelog.

Features - 21.1.0

• Add comprehensive type annotations across the entire codebase and ship a PEP 561 py.typed marker so downstream consumers and type checkers recognize virtualenv as an inline-typed package - by :user:rahuldevikar. (:issue:3075)

---

v21.0.0 (2026-02-25)

---

Deprecations and Removals - 21.0.0

• The Python discovery logic has been extracted into a standalone python-discovery package on PyPI (documentation <https://python-discovery.readthedocs.io/>_) and is now consumed as a dependency. If you previously imported discovery internals directly (e.g. from virtualenv.discovery.py_info import PythonInfo), switch to from python_discovery import PythonInfo. Backward-compatibility re-export shims are provided at virtualenv.discovery.py_info, virtualenv.discovery.py_spec, and virtualenv.discovery.cached_py_info, however these are considered unsupported and may be removed in a future release - by :user:gaborbernat. (:issue:3070)

---

v20.39.1 (2026-02-25)

---

Commits

• 404a3e5 release 21.1.0
• 981d87c add comprehensive type annotations across the entire codebase (#3076)
• 17d98ba Add security policy
• 7687420 release 21.0.0
• 8ec3142 📝 docs(changelog): add removal entry for python-discovery extraction (#3074)
• f89d46c ♻️ refactor(discovery): extract py_discovery as self-contained package (#3070)
• See full diff in compare view

Updates keyring from 25.6.0 to 25.7.0

Changelog

Sourced from keyring's changelog.

v25.7.0

Features

• Improved support for KWallet 6. (#728)

Bugfixes

• Removed cruft from Python 3.8. (#722)

Commits

• 38c0401 Finalize
• e5b7d2a Revert "Disable type checking on filter call. Fixes #659."
• 2ce2d46 Add news fragment.
• 4bb5ece Merge pull request #722 from hugovk/rm-3.8
• d7c0aa4 Merge branch 'main' into rm-3.8
• ea1d763 Merge pull request #721 from hugovk/fix-tests
• 30eea9d Merge https://github.com/jaraco/skeleton
• fb6e52c Merge pull request #724 from dachucky/patch-1
• 9ff8459 Generalize the guidance around tox.
• e7fbfa7 Prefer imperative third-person voice.
• Additional commits viewable in compare view

Updates click to 8.3.1

Release notes

Sourced from click's releases.

8.3.1

This is the Click 8.3.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.3.1/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-1 Milestone: https://github.com/pallets/click/milestone/28

• Don't discard pager arguments by correctly using subprocess.Popen. #3039 #3055
• Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. #3066 #3065 #3068
• Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. #3071 #3079
• Fix rendering when prompt and confirm parameter prompt_suffix is empty. #3019 #3021
• When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. #3069 #3090
• Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. #3136 #3137

Changelog

Sourced from click's changelog.

Version 8.3.1

Released 2025-11-15

• Don't discard pager arguments by correctly using subprocess.Popen. :issue:3039 :pr:3055
• Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. :issue:3066 :issue:3065 :pr:3068
• Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. :issue:3071 :pr:3079
• Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. :issue:3136 :pr:3137
• Fix rendering when prompt and confirm parameter prompt_suffix is empty. :issue:3019 :pr:3021
• When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. :issue:3069 :pr:3090

Version 8.3.0

Released 2025-09-17

• Improved flag option handling: Reworked the relationship between flag_value and default parameters for better consistency:

  • The default parameter value is now preserved as-is and passed directly to CLI functions (no more unexpected transformations)
  • Exception: flag options with default=True maintain backward compatibility by defaulting to their flag_value
  • The default parameter can now be any type (bool, None, etc.)
  • Fixes inconsistencies reported in: :issue:1992 :issue:2514 :issue:2610 :issue:3024 :pr:3030

• Allow default to be set on Argument for nargs = -1. :issue:2164 :pr:3030

• Show correct auto complete value for nargs option in combination with flag option :issue:2813

• Fix handling of quoted and escaped parameters in Fish autocompletion. :issue:2995 :pr:3013

• Lazily import shutil. :pr:3023

• Properly forward exception information to resources registered with click.core.Context.with_resource(). :issue:2447 :pr:3058

• Fix regression related to EOF handling in CliRunner. :issue:2939 :pr:2940

Version 8.2.2

Released 2025-07-31

• Fix reconciliation of default, flag_value and type parameters for flag options, as well as parsing and normalization of environment variables.

... (truncated)

Commits

• 1d038f2 release version 8.3.1
• 03f3889 Fix Ruff UP038 warning (#3141)
• 3867781 Fix Ruff UP038 warning
• b91bb95 Provide altered context to callbacks to hide UNSET values as None (#3137)
• 437e1e3 Temporarily provide a fake context to the callback to hide UNSET values as ...
• ea70da4 Don't test using a file in docs/ (#3102)
• e27b307 Make uv run --all-extras pyright --verifytypes click pass (#3072)
• a92c573 Fix test_edit to work with BSD sed (#3129)
• bd131e1 Fix test_edit to work with BSD sed
• 0b5c6b7 Add Best practices section (#3127)
• Additional commits viewable in compare view

Updates rich-click to 1.9.7

Release notes

Sourced from rich-click's releases.

v1.9.7

• Fix click_version check when build metadata is included. [#324] (@​ccoulombe)

Changelog

Sourced from rich-click's changelog.

Version 1.9.7 (2026-01-30)

• Fix click_version check when build metadata is included. [#324] (@​ccoulombe)

Version 1.9.6 (2026-01-21)

• Fix minor Typer incompatibilities, most notably default panel placements.
• Added default_panels_first config option which places default panels above user-defined panels.
• Fix to .pyi file [#319] (@​nemowang2003)

Version 1.9.5 (2025-12-21)

• Fix no_args_is_help for Typer CLIs. [#313]
• Fix strange encoding issue on Windows in GH Actions [#314]

Version 1.9.4 (2025-10-24)

• Added Typer 0.20 support
• Fix lack of support for flag_value=....

Version 1.9.3 (2025-10-09)

• Fixed subcommand discovery in help text. Behavior should now be the same as 1.8. [#304]

Version 1.9.2 (2025-10-04)

• Fixed legacy windows rendering
• Fix issue with parent click.Group and child rich_click.RichCommand error formatter not resolving.
• Add headers to tables (by default these are not shown).

Version 1.9.1 (2025-09-20)

• Fixed bug where running the rich-click CLI on a @rich_click.argument() sometimes caused arguments show up in the option panel when it shouldn't.
• Slightly reduced horizontal padding of the modern theme format.
• Fixed Click 8.3 compatibility with rendering defaults in help text.

Version 1.9.0 (2025-09-16)

[!WARNING] Version 1.9.0 deprecates support for a lot of old versions of things:

• Python 3.7 support is removed. The minimum supported Python version is 3.8.
• Click 7 support is removed. The minimum supported Click version is 8.0.
• Rich 10 and 11 support is removed. The minimum supported Rich version is 12.

[!WARNING] Version 1.9.0 introduces a minor breaking change: The DEFAULT_STRING, ENVVAR_STRING, REQUIRED_STRING, and DEPRECATED_STRING config options are now rendered with Text.from_markup. So for example, REQUIRED_STRING = "[required]" would be rendered as Rich markup. You must now escape the rich markup: REQUIRED_STRING = "\\[required]"

... (truncated)

Commits

• 7f554a3 version bump
• 8fc129c click_version fix (#324)
• 0eed6b2 Generate new screengrabs with rich-codex
• 7f2bb5a Merge pull request #323 from dwreeves/fix-rich-14-3-tests
• e9c8b13 Fix failing unit-tests
• 5cb336f Generate new screengrabs with rich-codex
• 9096d02 Merge pull request #320 from dwreeves/minor-typer-compat-fixes
• f5e4b10 Fix Typer incompatibilities
• cf09124 Merge pull request #319 from nemowang2003/fix-pyi
• d97ac2d Fix incorrect type hint in rich_command.pyi
• Additional commits viewable in compare view

Updates hatchling from 1.27.0 to 1.29.0

Release notes

Sourced from hatchling's releases.

Hatchling v1.29.0

Fixed:

• Source Date Epoch no longer fails when set to date before 1980.

Hatchling v1.28.0

Changed:

• Drop support for Python 3.9

Added:

• Add sbom-files option and sbom_files build data to the wheel build target for including Software Bill of Materials files.

Commits

• 1a74daa Noqa release command to unblock GHA for PRs
• 78065f4 For Immutable Releases (#2188)
• 592c0a9 release Hatchling v1.29.0 (#2186)
• 874059b Prerelease doc updates. (#2183)
• 0e31bb6 Immutable releases ci (#2182)
• f400be1 Support a SOURCE_DATE_EPOCH prior to 1980 (#1999)
• 47b55ce Fixing failing tests for changes in Rich markdown rendering (#2172)
• cc4acd6 Add a note guiding users to include SBOM files in the source distribution (#2...
• 9068758 Fix #2164 keep_env type error for hatch shell (#2165)
• bc31cfc Fix warning and tests with packaging 26.0 (#2159)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions