Bump the all-minor-and-patch-dependency-updates group with 9 updates

[dependabot]

Bumps the all-minor-and-patch-dependency-updates group with 9 updates:

Package	From	To
bandit	1.9.2	1.9.3
setuptools	80.9.0	80.10.2
ruff	0.14.7	0.14.14
pytest	9.0.1	9.0.2
gitpython	3.1.45	3.1.46
cachetools	6.2.1	6.2.6
build	1.3.0	1.4.0
tox	4.32.0	4.34.1
sphinx	9.0.0	9.0.4

Updates bandit from 1.9.2 to 1.9.3

Release notes

Sourced from bandit's releases.

1.9.3

What's Changed

• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in PyCQA/bandit#1334
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1335
• Fix B608 to detect VALUES( without space by @​kfess in PyCQA/bandit#1337
• Add check for hardcoded passwords in dicts. by @​alanverresen in PyCQA/bandit#1338
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1341
• Update tox tests for Python 3.10 by @​willschlitzer in PyCQA/bandit#1346
• Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 by @​dependabot[bot] in PyCQA/bandit#1347
• Limit B614 to torch.load deserializers by @​dibussoc in PyCQA/bandit#1348

New Contributors

• @​kfess made their first contribution in PyCQA/bandit#1337
• @​alanverresen made their first contribution in PyCQA/bandit#1338
• @​willschlitzer made their first contribution in PyCQA/bandit#1346
• @​dibussoc made their first contribution in PyCQA/bandit#1348

Full Changelog: PyCQA/bandit@1.9.2...1.9.3

Commits

• 765f00d Limit B614 to torch.load deserializers (#1348)
• 06fbbab Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (#1347)
• 36d6f3c Update tox tests for Python 3.10 (#1346)
• da0d338 [pre-commit.ci] pre-commit autoupdate (#1341)
• 649b9bd Add check for hardcoded passwords in dicts. (#1338)
• 3c56109 Fix B608 to detect VALUES( without space (#1337)
• b790ce2 [pre-commit.ci] pre-commit autoupdate (#1335)
• 0b73bbe Bump actions/checkout from 5 to 6 (#1334)
• See full diff in compare view

Updates setuptools from 80.9.0 to 80.10.2

Changelog

Sourced from setuptools's changelog.

v80.10.2

Bugfixes

• Update vendored dependencies. (#5159)

Misc

• #5115, #5128

v80.10.1

Misc

• #5152

v80.10.0

Features

• Remove post-release tags on setuptools' own build. (#4530)
• Refreshed vendored dependencies. (#5139)

Misc

• #5033

Commits

• 5cf2d08 Bump version: 80.10.1 → 80.10.2
• 852cd5e Merge pull request #5166 from pypa/bugfix/5159-vendor-bin-free
• 11115ee Suppress deprecation warning.
• 5cf9185 Update vendored dependencies.
• cf59f41 Delete all binaries generated by vendored package install.
• 89a5981 Add missing newsfragments
• c0114af Postpone deprecation warnings related to PEP 639 to 2027-Feb-18 (#5115)
• de07603 Revert "[CI] Constraint transient test dependency on pyobjc" (#5128)
• 3afd5d6 Revert "[CI] Constraint transient test dependency on pyobjc"
• adfb0c9 Bump version: 80.10.0 → 80.10.1
• Additional commits viewable in compare view

Updates ruff from 0.14.7 to 0.14.14

Release notes

Sourced from ruff's releases.

0.14.14

Release Notes

Released on 2026-01-22.

Preview features

• Preserve required parentheses in lambda bodies (#22747)
• Combine range suppression code diagnostics (#22613)
• [airflow] Second positional argument to Asset/Dataset should not be a dictionary (AIR303) (#22453)
• [ruff] Detect duplicate entries in __all__ (RUF068) (#22114)

Bug fixes

• [pyupgrade] Allow shadowing non-builtin bindings (UP029) (#22749)
• [pyupgrade] Apply UP045 to string arguments of typing.cast (#22320)
• [flake8-pie] Detect duplicated declared class fields in PIE794 (#22717)

Rule changes

• [flake8-pyi] Fix inconsistent handling of forward references for __new__, __enter__, __aenter__ in PYI034 (#22798)
• [flake8-pytest-style] Support check parameter in PT011 (#22725)
• [ruff] Add exception for ctypes.Structure._fields_ (RUF012) (#22559)
• Many fixes are now marked unsafe if they would remove comments:
  • [flake8-bugbear] B009, B010, B013, B014, B033
  • [flake8-simplify] SIM910, SIM911
  • [pyupgrade] UP007, UP039, UP041, UP045
  • [refurb] FURB105, FURB116, FURB136, FURB140, FURB145, FURB154, FURB157, FURB164,FURB181, FURB188
  • [ruff] RUF019, RUF020

Documentation

• Add --exit-non-zero-on-format to formatter exit codes section (#22761)
• Update contributing guide for adding a new rule (#22779)
• [FastAPI] Document fix safety for FAST001 (#22655)
• [flake8-async] Tweak explanation to focus on latency/efficiency tradeoff (ASYNC110) (#22715)
• [pandas-vet] Make example error out-of-the-box (PD002) (#22561)
• [refurb] Make the example work out of box (FURB101) (#22770)
• [refurb] Make the example work out of box (FURB103) (#22769)

Contributors

• @​alejsdev
• @​ntBre
• @​caiquejjx
• @​chirizxc
• @​denyszhak
• @​sjyangkevin
• @​MeGaGiGaGon
• @​leandrobbraga

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.14

Released on 2026-01-22.

Preview features

• Preserve required parentheses in lambda bodies (#22747)
• Combine range suppression code diagnostics (#22613)
• [airflow] Second positional argument to Asset/Dataset should not be a dictionary (AIR303) (#22453)
• [ruff] Detect duplicate entries in __all__ (RUF068) (#22114)

Bug fixes

• [pyupgrade] Allow shadowing non-builtin bindings (UP029) (#22749)
• [pyupgrade] Apply UP045 to string arguments of typing.cast (#22320)
• [flake8-pie] Detect duplicated declared class fields in PIE794 (#22717)

Rule changes

• [flake8-pyi] Fix inconsistent handling of forward references for __new__, __enter__, __aenter__ in PYI034 (#22798)
• [flake8-pytest-style] Support check parameter in PT011 (#22725)
• [ruff] Add exception for ctypes.Structure._fields_ (RUF012) (#22559)
• Many fixes are now marked unsafe if they would remove comments:
  • [flake8-bugbear] B009, B010, B013, B014, B033
  • [flake8-simplify] SIM910, SIM911
  • [pyupgrade] UP007, UP039, UP041, UP045
  • [refurb] FURB105, FURB116, FURB136, FURB140, FURB145, FURB154, FURB157, FURB164,FURB181, FURB188
  • [ruff] RUF019, RUF020

Documentation

• Add --exit-non-zero-on-format to formatter exit codes section (#22761)
• Update contributing guide for adding a new rule (#22779)
• [FastAPI] Document fix safety for FAST001 (#22655)
• [flake8-async] Tweak explanation to focus on latency/efficiency tradeoff (ASYNC110) (#22715)
• [pandas-vet] Make example error out-of-the-box (PD002) (#22561)
• [refurb] Make the example work out of box (FURB101) (#22770)
• [refurb] Make the example work out of box (FURB103) (#22769)

Contributors

• @​alejsdev
• @​ntBre
• @​caiquejjx
• @​chirizxc
• @​denyszhak
• @​sjyangkevin
• @​MeGaGiGaGon
• @​leandrobbraga
• @​MichaReiser

... (truncated)

Commits

• 8b2e7b3 Prepare release v0.14.14 (#22813)
• 4c7d1f5 [ty] Infer TypedDict types with >=1 required key as being always truthy (#2...
• b7de434 add CCfW hooks (#22803)
• b912dfc [pyupgrade] Apply UP045 to string arguments of typing.cast (#22320)
• 1ff062d [ty] Improve completion rankings for raise-from/except contexts (#22775)
• 7e408a5 Update dependency wrangler to v4.59.1 (#22793)
• ceb876b [flake8-pyi] Fix inconsistent handling of forward references for __new__,...
• c5b4ee6 [ty] Support solving generics involving PEP 695 type aliases (#22678)
• b9a6129 [ty] Improve support for kwarg splats in dictionary literals (#22781)
• f516d47 Update contributing guide for adding a new rule (#22779)
• Additional commits viewable in compare view

Updates pytest from 9.0.1 to 9.0.2

Release notes

Sourced from pytest's releases.

9.0.2

pytest 9.0.2 (2025-12-06)

Bug fixes

• #13896: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.

  You may enable it again by passing -p terminalprogress. We may enable it by default again once compatibility improves in the future.

  Additionally, when the environment variable TERM is dumb, the escape codes are no longer emitted, even if the plugin is enabled.

• #13904: Fixed the TOML type of the tmp_path_retention_count settings in the API reference from number to string.

• #13946: The private config.inicfg attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.

• #13965: Fixed quadratic-time behavior when handling unittest subtests in Python 3.10.

Improved documentation

• #4492: The API Reference now contains cross-reference-able documentation of pytest's command-line flags <command-line-flags>.

Commits

• 3d10b51 Prepare release version 9.0.2
• 188750b Merge pull request #14030 from pytest-dev/patchback/backports/9.0.x/1e4b01d1f...
• b7d7bef Merge pull request #14014 from bluetech/compat-note
• bd08e85 Merge pull request #14013 from pytest-dev/patchback/backports/9.0.x/922b60377...
• bc78386 Add CLI options reference documentation (#13930)
• 5a4e398 Fix docs typo (#14005) (#14008)
• d7ae6df Merge pull request #14006 from pytest-dev/maintenance/update-plugin-list-tmpl...
• 556f6a2 pre-commit: fix rst-lint after new release (#13999) (#14001)
• c60fbe6 Fix quadratic-time behavior when handling unittest subtests in Python 3.10 ...
• 73d9b01 Merge pull request #13995 from nicoddemus/patchback/backports/9.0.x/1b5200c0f...
• Additional commits viewable in compare view

Updates gitpython from 3.1.45 to 3.1.46

Release notes

Sourced from gitpython's releases.

3.1.46

What's Changed

• Prepare a new release by @​Byron in gitpython-developers/GitPython#2063
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in gitpython-developers/GitPython#2067
• Bump git/ext/gitdb from 335c0f6 to 39d7dbf by @​dependabot[bot] in gitpython-developers/GitPython#2068
• Bump actions/setup-python from 5 to 6 by @​dependabot[bot] in gitpython-developers/GitPython#2070
• Bump git/ext/gitdb from 39d7dbf to f8fdfec by @​dependabot[bot] in gitpython-developers/GitPython#2071
• Fix type hint for SymbolicReference.reference property by @​emmanuel-ferdman in gitpython-developers/GitPython#2074
• feat: Add support for hasconfig git rule. by @​bvanelli in gitpython-developers/GitPython#2075
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in gitpython-developers/GitPython#2076
• Use actual return type in annotation for method submodule_update by @​extrwi in gitpython-developers/GitPython#2078
• Bump git/ext/gitdb from f8fdfec to 65321a2 by @​dependabot[bot] in gitpython-developers/GitPython#2082
• Preliminary support for index format v3 by @​blahgeek in gitpython-developers/GitPython#2081
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in gitpython-developers/GitPython#2084
• Pin mypy==1.18.2 by @​George-Ogden in gitpython-developers/GitPython#2087
• Respect os.Pathlike by @​George-Ogden in gitpython-developers/GitPython#2086
• Bump git/ext/gitdb from 65321a2 to 4c63ee6 by @​dependabot[bot] in gitpython-developers/GitPython#2093
• Join Pathlike Object to Tree by @​George-Ogden in gitpython-developers/GitPython#2094

New Contributors

• @​emmanuel-ferdman made their first contribution in gitpython-developers/GitPython#2074
• @​bvanelli made their first contribution in gitpython-developers/GitPython#2075
• @​extrwi made their first contribution in gitpython-developers/GitPython#2078
• @​blahgeek made their first contribution in gitpython-developers/GitPython#2081
• @​George-Ogden made their first contribution in gitpython-developers/GitPython#2087

Full Changelog: gitpython-developers/GitPython@3.1.45...3.1.46

Commits

• 9e24eb6 Prepare next release
• b8bb60e Merge pull request #2094 from George-Ogden/join-pathlike
• c8b58c0 Update test/test_tree.py
• 88e2614 Allow joining path to tree
• 9fa28ae Add failing tests for joining paths
• 6d66a02 Merge pull request #2093 from gitpython-developers/dependabot/submodules/git/...
• f738029 Bump git/ext/gitdb from 65321a2 to 4c63ee6
• eecc28d Merge pull request #2086 from George-Ogden/true-pathlike
• 0cb55fb Revert "Add tests with non-ascii characters"
• 1710626 Add tests with non-ascii characters
• Additional commits viewable in compare view

Updates cachetools from 6.2.1 to 6.2.6

Changelog

Sourced from cachetools's changelog.

v6.2.6 (2026-01-27)

• Improve typedkey performance.

• Minor documentation improvements.

• Minor testing improvements.

• Minor code readability improvements.

v6.2.5 (2026-01-25)

• Improve documentation regarding @cachedmethod with lock parameter.

• Add test cases for cache stampede scenarios.

• Update CI environment.

v6.2.4 (2025-12-15)

• Fix license information displayed on PyPI be using an updated version of twine for uploading.

v6.2.3 (2025-12-12)

• Improve documentation regarding @cachedmethod with condition parameter.

• Minor style and readability improvements.

• Modernize build environment.

• Update CI environment.

v6.2.2 (2025-11-13)

• Minor improvements from GitHub Copilot code review.

• Improve documentation.

Commits

• 318ed71 Release v6.2.6.
• 48443ff Fix Cache.popitem test.
• 709819c Fix test method naming.
• 68e4b9c Minor documentation improvements.
• 8ee4015 Minor code readability improvements.
• ea47f99 Improve typedkey performance.
• 7158a30 Release v6.2.5.
• c9e3e26 Fix #379: Improve @​cachedmethod example by using a lock.
• d99c023 Bump copyright year.
• 5a87ee0 Add test cases for cache stampede scenarios.
• Additional commits viewable in compare view

Updates build from 1.3.0 to 1.4.0

Release notes

Sourced from build's releases.

1.4.0

• Add --quiet flag (PR #947)
• Add option to dump PEP 517 metadata with --metadata (PR #940, PR #943)
• Support UV environment variable (PR #971)
• Remove a workaround for 3.14b1 (PR #960)
• In 3.14 final release, color defaults to True already (PR #962)
• Pass sp-repo-review (PR #942)
• In pytest configuration, log_level is better than log_cli_level (PR #950)
• Split up typing and mypy (PR #944)
• Use types-colorama (PR #945)
• In docs, first argument for _has_dependency is a name (PR #970)
• Fix test failure when flit-core is installed (PR #921)

Changelog

Sourced from build's changelog.

1.4.0 (2026-01-08)

• Add --quiet flag (:pr:947)
• Add option to dump PEP 517 metadata with --metadata (:pr:940, :pr:943)
• Support UV environment variable (:pr:971)
• Remove a workaround for 3.14b1 (:pr:960)
• In 3.14 final release, color defaults to True already (:pr:962)
• Pass sp-repo-review (:pr:942)
• In pytest configuration, log_level is better than log_cli_level (:pr:950)
• Split up typing and mypy (:pr:944)
• Use types-colorama (:pr:945)
• In docs, first argument for _has_dependency is a name (PR :pr:970)
• Fix test failure when flit-core is installed (PR :pr:921)

Commits

• 54f238d chore: prepare for 1.4.0 (#972)
• f219276 docs: first argument for _has_dependency is a name (#970)
• 7adb29e fix: support UV environment variable (#971)
• a40623b build(deps): bump actions/attest-build-provenance in the actions group (#968)
• c8fae34 pre-commit: bump repositories (#965)
• ed9c379 build(deps): bump actions/download-artifact in the actions group
• 0e44fd2 Add quiet flag (#947)
• 60e15ed chore: color defaults to True in 3.14 (#962)
• 0486d9d pre-commit: bump repositories (#961)
• 393b775 MNT: remove workaround for 3.14b1 (#960)
• Additional commits viewable in compare view

Updates tox from 4.32.0 to 4.34.1

Release notes

Sourced from tox's releases.

4.34.1

What's Changed

• fix: wheel corruption when running parallel tox processes by @​gaborbernat in tox-dev/tox#3667

Full Changelog: tox-dev/tox@4.34.0...4.34.1

4.34.0

What's Changed

• feat: Support depenedcy groups with self references by @​Czaki in tox-dev/tox#3666

Full Changelog: tox-dev/tox@4.33.0...4.34.0

4.33.0

What's Changed

• Pass LOCALAPPDATA by default on Windows (#3639) by @​clint-lawrence in tox-dev/tox#3640
• Docs: Add caution about ranges like py{39-314} by @​ferdnyc in tox-dev/tox#3652
• CLI Parser: Drop epilog message for Sphinx help by @​ferdnyc in tox-dev/tox#3653
• 📚 Integrate sphinx-issues extension by @​webknjaz in tox-dev/tox#3655
• Fix sphinx doc build by @​gaborbernat in tox-dev/tox#3662
• feat: add conditional set_env support via PEP-496 markers by @​gaborbernat in tox-dev/tox#3663

New Contributors

• @​clint-lawrence made their first contribution in tox-dev/tox#3640
• @​ferdnyc made their first contribution in tox-dev/tox#3652

Full Changelog: tox-dev/tox@4.32.0...4.33.0

Changelog

Sourced from tox's changelog.

v4.34.1 (2026-01-09)

Bugfixes - 4.34.1

- Fix wheel corruption errors when the build backend updates the file in place - by :user:`gaborbernat`. (:issue:`3667`)
v4.34.0 (2026-01-08)
Features - 4.34.0

• Support installing extras from the current project in dependency groups. -- by :user:czaki. (:issue:3561)

v4.33.0 (2026-01-02)

Features - 4.33.0

- Add support for conditional ``set_env`` using PEP-496 environment markers. In INI format use
  ``VAR=value; marker`` syntax, in TOML format use ``set_env.VAR = { value = "...", marker = "..." }``
  -- by :user:`gaborbernat`. (:issue:`3663`)
Bugfixes - 4.33.0

• Added 'LocalAppData' to the default passed environment variables on Windows. (:issue:3639)

Improved Documentation - 4.33.0

- Sphinx is now set up to use :pypi:`sphinx-issues` for referencing
  GitHub issues and pull requests in the docs -- by :user:`webknjaz`. (:issue:`3202`)

Commits

• abd774e release 4.34.1
• 96658e0 fix: use copy instead of hard link for session package views (#3667)
• 078a0f8 release 4.34.0
• e8a7c03 feat: Support depenedcy groups with self references (#3666)
• 8a69efd Update weekly.yaml
• 9c5fe79 release 4.33.0
• c569868 feat: add conditional set_env support via PEP-508 markers (#3663)
• 7b9610e fix: update for Sphinx 9.1 compatibility (#3662)
• fa51801 [pre-commit.ci] pre-commit autoupdate (#3661)
• 29cdaab [pre-commit.ci] pre-commit autoupdate (#3659)
• Additional commits viewable in compare view

Updates sphinx from 9.0.0 to 9.0.4

Release notes

Sourced from sphinx's releases.

Sphinx 9.0.4

Changelog: https://www.sphinx-doc.org/en/master/changes/9.0.html

Bugs fixed

• #14143: Fix spurious build warnings when translators reorder references in strings, or use translated display text in references. Patch by Matt Wang.

Sphinx 9.0.3

Changelog: https://www.sphinx-doc.org/en/master/changes/9.0.html

Bugs fixed

• #14142: autodoc: Restore some missing exports in sphinx.ext.autodoc. Patch by Adam Turner.

Sphinx 9.0.2

Changelog: https://www.sphinx-doc.org/en/master/changes/9.0.html

Bugs fixed

• #14142: autodoc: Restore sphinx.ext.autodoc.mock. Patch by Adam Turner.

Sphinx 9.0.1

Changelog: https://www.sphinx-doc.org/en/master/changes/9.0.html

Bugs fixed

• #13942: autodoc: Restore the mapping interface for options objects. Patch by Adam Turner.
• #13942: autodoc: Deprecate the mapping interface for options objects. Patch by Adam Turner.
• #13387: Update translations.

Changelog

Sourced from sphinx's changelog.

Release 9.0.4 (released Dec 04, 2025)

Bugs fixed

• #14143: Fix spurious build warnings when translators reorder references in strings, or use translated display text in references. Patch by Matt Wang.

Release 9.0.3 (released Dec 04, 2025)

Bugs fixed

• #14142: autodoc: Restore some missing exports in :mod:!sphinx.ext.autodoc. Patch by Adam Turner.

Release 9.0.2 (released Dec 03, 2025)

Bugs fixed

• #14142: autodoc: Restore :mod:!sphinx.ext.autodoc.mock. Patch by Adam Turner.

Release 9.0.1 (released Dec 01, 2025)

Bugs fixed

• #13942: autodoc: Restore the mapping interface for options objects. Patch by Adam Turner.
• #13942: autodoc: Deprecate the mapping interface for options objects. Patch by Adam Turner.
• #13387: Update translations.

Commits

• 8ddba7e Bump to 9.0.4 final
• 6959633 [bot]: Update message catalogues (#14155)
• 88a4a97 Allow reordered refs and translated display text in pending_xref (#14144)
• f666208 Bump version
• df8a9e7 Bump to 9.0.3 final
• bd89f96 Import names from defining module
• 7d05936 autodoc: Restore some missing exports
• b745a11 Bump version
• 1ac581c Bump to 9.0.2 final
• 1281a83 autodoc: Restore mock module for compatibility (#14152)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.