build(deps): bump the minor group across 1 directory with 8 updates

[dependabot]

Bumps the minor group with 8 updates in the / directory:

Package	From	To
python-dotenv	1.1.1	1.2.1
componentize-py	0.17.2	0.19.3
typer	0.15.4	0.20.0
ruff	0.9.10	0.14.7
mypy	1.18.2	1.19.0
pre-commit	4.3.0	4.5.0
pydoclint	0.6.11	0.8.3
pyright	1.1.406	1.1.407

Updates python-dotenv from 1.1.1 to 1.2.1

Release notes

Sourced from python-dotenv's releases.

v1.2.1

What's Changed

• Support reading .env from FIFOs (Unix) by @​sidharth-sudhir in theskumar/python-dotenv#586
• Update CI to use trusted publishing on PyPI

New Contributors

• @​sidharth-sudhir made their first contribution in theskumar/python-dotenv#586

Full Changelog: theskumar/python-dotenv@v1.2.0...v1.2.1

v1.2.0

What's Changed

• style: upgrade to use ruff by @​theskumar in theskumar/python-dotenv#567
• Use sys.exit() instead of exit() by @​theskumar in theskumar/python-dotenv#568
• feat: add PYTHON_DOTENV_DISABLED flag to disable load_dotenv (fixes #510) by @​matthewfranglen in theskumar/python-dotenv#569
• Added Python@3.14: Github CI & tox.ini by @​23f3001135 in theskumar/python-dotenv#579
• ocs: clarify what load_dotenv() does in README by @​cybercoded in theskumar/python-dotenv#575
• Bump the github-actions group across 1 directory with 2 updates by @​dependabot[bot] in theskumar/python-dotenv#577
• Move project metadata and config to pyproject.toml by @​EpicWink in theskumar/python-dotenv#583

New Contributors

• @​matthewfranglen made their first contribution in theskumar/python-dotenv#569
• @​23f3001135 made their first contribution in theskumar/python-dotenv#579
• @​cybercoded made their first contribution in theskumar/python-dotenv#575
• @​EpicWink made their first contribution in theskumar/python-dotenv#583

Full Changelog: theskumar/python-dotenv@v1.1.1...v1.2.0

Changelog

Sourced from python-dotenv's changelog.

[1.2.1] - 2025-10-26

• Move more config to pyproject.toml, removed setup.cfg
• Add support for reading .env from FIFOs (Unix) by [@​sidharth-sudhir] in #586

[1.2.0] - 2025-10-26

• Upgrade build system to use PEP 517 & PEP 518 to use build and pyproject.toml by [@​EpicWink] in #583
• Add support for Python 3.14 by [@​23f3001135] in #579
• Add support for disabling of load_dotenv() using PYTHON_DOTENV_DISABLED env var. by [@​matthewfranglen] in #569

Commits

• eaf2a91 Do not remove .coverage file
• 8716196 Bump version: 1.2.0 → 1.2.1
• b87807f Update changelog
• 3af77d3 Support reading .env from FIFOs (Unix) (#586)
• 467ee22 Fix test failures after moving config to pyproject.toml
• 76999e7 Move more config pyproject.toml
• 222ce2c Update to use trusted publisher on pypi
• 8ed4f79 Update docs requirements
• 5bf8822 Bump version: 1.1.1 → 1.2.0
• 1fe11cc upadate changelog
• Additional commits viewable in compare view

Updates componentize-py from 0.17.2 to 0.19.3

Commits

• See full diff in compare view

Updates typer from 0.15.4 to 0.20.0

Release notes

Sourced from typer's releases.

0.20.0

Features

• ✨ Enable command suggestions on typo by default. PR #1371 by @​savannahostrowski.

Upgrades

• ⬆️ Add support for Python 3.14. PR #1372 by @​svlandeg.

Internal

• 👷 Add nightly workflow to run tests against CPython main branch. PR #1374 by @​savannahostrowski.
• ⬆ Bump mkdocs-material from 9.6.21 to 9.6.22. PR #1377 by @​dependabot[bot].
• 🔧 Configure reminder for waiting label in issue-manager. PR #1378 by @​YuriiMotov.
• ⬆ Bump ruff from 0.13.3 to 0.14.0. PR #1368 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1376 by @​pre-commit-ci[bot].
• ⬆ Bump mkdocs-macros-plugin from 1.3.9 to 1.4.0. PR #1354 by @​dependabot[bot].
• ⬆ Bump mkdocs-material from 9.6.20 to 9.6.21. PR #1360 by @​dependabot[bot].
• ⬆ Bump mypy from 1.4.1 to 1.11.2. PR #957 by @​dependabot[bot].
• ⬆ Bump astral-sh/setup-uv from 6 to 7. PR #1369 by @​dependabot[bot].
• ⬆ Bump ruff from 0.13.2 to 0.13.3. PR #1366 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1367 by @​pre-commit-ci[bot].
• ⬆ Bump tiangolo/issue-manager from 0.5.1 to 0.6.0. PR #1361 by @​dependabot[bot].
• ⬆ Bump ruff from 0.13.1 to 0.13.2. PR #1357 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1358 by @​pre-commit-ci[bot].
• 👷 Update docs previews comment, single comment, add failure status. PR #1359 by @​tiangolo.

0.19.2

Fixes

• 🐛 Fix list convertor with an empty list default factory . PR #1350 by @​svlandeg.

Refactors

• 🔥 Drop support for Python 3.7. PR #830 by @​kinuax.

Internal

• ⬆ Bump ruff from 0.13.0 to 0.13.1. PR #1339 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1351 by @​pre-commit-ci[bot].
• ⬆ Bump markdown-include-variants from 0.0.4 to 0.0.5. PR #1348 by @​dependabot[bot].

0.19.1

Note: this is the last version to support Python 3.7, going forward Typer will require Python 3.8+. And soon Python 3.8 will also be dropped as Python 3.8 reached it's end of life almost a year ago.

Fixes

• 🐛 Ensure that Optional[list] values work correctly with callbacks. PR #1018 by @​solesensei.

0.19.0

... (truncated)

Changelog

Sourced from typer's changelog.

0.20.0

Features

• ✨ Enable command suggestions on typo by default. PR #1371 by @​savannahostrowski.

Upgrades

• ⬆️ Add support for Python 3.14. PR #1372 by @​svlandeg.

Internal

• 👷 Add nightly workflow to run tests against CPython main branch. PR #1374 by @​savannahostrowski.
• ⬆ Bump mkdocs-material from 9.6.21 to 9.6.22. PR #1377 by @​dependabot[bot].
• 🔧 Configure reminder for waiting label in issue-manager. PR #1378 by @​YuriiMotov.
• ⬆ Bump ruff from 0.13.3 to 0.14.0. PR #1368 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1376 by @​pre-commit-ci[bot].
• ⬆ Bump mkdocs-macros-plugin from 1.3.9 to 1.4.0. PR #1354 by @​dependabot[bot].
• ⬆ Bump mkdocs-material from 9.6.20 to 9.6.21. PR #1360 by @​dependabot[bot].
• ⬆ Bump mypy from 1.4.1 to 1.11.2. PR #957 by @​dependabot[bot].
• ⬆ Bump astral-sh/setup-uv from 6 to 7. PR #1369 by @​dependabot[bot].
• ⬆ Bump ruff from 0.13.2 to 0.13.3. PR #1366 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1367 by @​pre-commit-ci[bot].
• ⬆ Bump tiangolo/issue-manager from 0.5.1 to 0.6.0. PR #1361 by @​dependabot[bot].
• ⬆ Bump ruff from 0.13.1 to 0.13.2. PR #1357 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1358 by @​pre-commit-ci[bot].
• 👷 Update docs previews comment, single comment, add failure status. PR #1359 by @​tiangolo.

0.19.2

Fixes

• 🐛 Fix list convertor with an empty list default factory . PR #1350 by @​svlandeg.

Refactors

• 🔥 Drop support for Python 3.7. PR #830 by @​kinuax.

Internal

• ⬆ Bump ruff from 0.13.0 to 0.13.1. PR #1339 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1351 by @​pre-commit-ci[bot].
• ⬆ Bump markdown-include-variants from 0.0.4 to 0.0.5. PR #1348 by @​dependabot[bot].

0.19.1

Note: this is the last version to support Python 3.7, going forward Typer will require Python 3.8+. And soon Python 3.8 will also be dropped as Python 3.8 reached it's end of life almost a year ago.

Fixes

... (truncated)

Commits

• 1b74bfe 🔖 Release version 0.20.0
• e9ee0e7 📝 Update release notes
• f6718b8 ✨ Enable command suggestions on typo by default (#1371)
• ffbaed5 📝 Update release notes
• 9e4764d ⬆️ Add support for Python 3.14 (#1372)
• a06eb77 📝 Update release notes
• 6cd1a9e 👷 Add nightly workflow to run tests against CPython main branch (#1374)
• 9f38ada 📝 Update release notes
• e0ca377 ⬆ Bump mkdocs-material from 9.6.21 to 9.6.22 (#1377)
• dc2fd89 📝 Update release notes
• Additional commits viewable in compare view

Updates ruff from 0.9.10 to 0.14.7

Release notes

Sourced from ruff's releases.

0.14.7

Release Notes

Released on 2025-11-28.

Preview features

• [flake8-bandit] Handle string literal bindings in suspicious-url-open-usage (S310) (#21469)
• [pylint] Fix PLR1708 false positives on nested functions (#21177)
• [pylint] Fix suppression for empty dict without tuple key annotation (PLE1141) (#21290)
• [ruff] Add rule RUF066 to detect unnecessary class properties (#21535)
• [ruff] Catch more dummy variable uses (RUF052) (#19799)

Bug fixes

• [server] Set severity for non-rule diagnostics (#21559)
• [flake8-implicit-str-concat] Avoid invalid fix in (ISC003) (#21517)
• [parser] Fix panic when parsing IPython escape command expressions (#21480)

CLI

• Show partial fixability indicator in statistics output (#21513)

Contributors

• @​mikeleppane
• @​senekor
• @​ShaharNaveh
• @​JumboBear
• @​prakhar1144
• @​tsvikas
• @​danparizher
• @​chirizxc
• @​AlexWaygood
• @​MichaReiser

Install ruff 0.14.7

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.14.7/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/ruff/releases/download/0.14.7/ruff-installer.ps1 | iex"

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.7

Released on 2025-11-28.

Preview features

• [flake8-bandit] Handle string literal bindings in suspicious-url-open-usage (S310) (#21469)
• [pylint] Fix PLR1708 false positives on nested functions (#21177)
• [pylint] Fix suppression for empty dict without tuple key annotation (PLE1141) (#21290)
• [ruff] Add rule RUF066 to detect unnecessary class properties (#21535)
• [ruff] Catch more dummy variable uses (RUF052) (#19799)

Bug fixes

• [server] Set severity for non-rule diagnostics (#21559)
• [flake8-implicit-str-concat] Avoid invalid fix in (ISC003) (#21517)
• [parser] Fix panic when parsing IPython escape command expressions (#21480)

CLI

• Show partial fixability indicator in statistics output (#21513)

Contributors

• @​mikeleppane
• @​senekor
• @​ShaharNaveh
• @​JumboBear
• @​prakhar1144
• @​tsvikas
• @​danparizher
• @​chirizxc
• @​AlexWaygood
• @​MichaReiser

0.14.6

Released on 2025-11-21.

Preview features

• [flake8-bandit] Support new PySNMP API paths (S508, S509) (#21374)

Bug fixes

• Adjust own-line comment placement between branches (#21185)
• Avoid syntax error when formatting attribute expressions with outer parentheses, parenthesized value, and trailing comment on value (#20418)
• Fix panic when formatting comments in unary expressions (#21501)
• Respect fmt: skip for compound statements on a single line (#20633)
• [refurb] Fix FURB103 autofix (#21454)

... (truncated)

Commits

• ecab623 Bump 0.14.7 (#21684)
• 42f1521 [ty] Generic types aliases (implicit and PEP 613) (#21553)
• 594b7b0 [ty] Preserve quoting style when autofixing TypedDict keys (#21682)
• b5b4917 [ty] Fix override of final method summary (#21681)
• 0084e94 [ty] Fix subtyping of type[Any] / type[T] and protocols (#21678)
• 566c959 [ty] Rename ReferenceRequestHandler file (#21680)
• 8bcfc19 [ty] Implement typing.final for methods (#21646)
• c534bfa [ty] Implement patterns and typevars in the LSP (#21671)
• 5e1b2ee [ty] implement rendering of .. code:: lang in docstrings (#21665)
• 98681b9 [ty] Add db parameter to Parameters::new method (#21674)
• Additional commits viewable in compare view

Updates mypy from 1.18.2 to 1.19.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Drop Support for Python 3.9

Mypy no longer supports running with Python 3.9, which has reached end-of-life. When running mypy with Python 3.10+, it is still possible to type check code that needs to support Python 3.9 with the --python-version 3.9 argument. Support for this will be dropped in the first half of 2026!

Contributed by Marc Mueller (PR 20156).

Mypy 1.19

We’ve just uploaded mypy 1.19.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Python 3.9 Support Ending Soon

This is the last mypy feature release that supports Python 3.9, which reached end of life in October 2025.

Performance Improvements

• Switch to a more dynamic SCC processing logic (Ivan Levkivskyi, PR 20053)
• Speed up type aliases (Ivan Levkivskyi, PR 19810)

Fixed‑Format Cache Improvements

Mypy uses a cache by default to speed up incremental runs by reusing partial results from earlier runs. Mypy 1.18 added a new binary fixed-format cache representation as an experimental feature. The feature is no longer experimental, and we are planning to enable it by default in a future mypy release (possibly 1.20), since it's faster and uses less space than the original, JSON-based cache format. Use --fixed-format-cache to enable the fixed-format cache.

Mypy now has an extra dependency on the librt PyPI package, as it's needed for cache serialization and deserialization.

Mypy ships with a tool to convert fixed-format cache files to the old JSON format. Example of how to use this:

$ python -m mypy.exportjson .mypy_cache/.../my_module.data.ff

... (truncated)

Commits

• 0f068c9 Remove +dev
• 6d5cf52 Various updates to 1.19 changelog (#20304)
• 3c81308 Add draft version of 1.19 release notes (#20296)
• 1999a20 [mypyc] librt base64: use existing SIMD CPU dispatch by customizing build fla...
• 1b94fbb [mypyc] Fix vtable pointer with inherited dunder new (#20302)
• 13369cb [mypyc] Fix crash on super in generator (#20291)
• a087a58 Update import map when new modules added (#20271)
• 35e843c [mypyc] Add efficient librt.base64.b64decode (#20263)
• 094f66d [mypyc] Add repr to AssignmentTarget subclasses (#20258)
• 0738db3 Do not push partial types to the binder (#20202)
• Additional commits viewable in compare view

Updates pre-commit from 4.3.0 to 4.5.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.5.0

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

pre-commit v4.4.0

Features

• Add --fail-fast option to pre-commit run.
  • #3528 PR by @​JulianMaurin.
• Upgrade ruby-build / rbenv.
  • #3566 PR by @​asottile.
  • #3565 issue by @​MRigal.
• Add language: unsupported / language: unsupported_script as aliases for language: system / language: script (which will eventually be deprecated).
  • #3577 PR by @​asottile.
• Add support docker-in-docker detection for cgroups v2.
  • #3535 PR by @​br-rhrbacek.
  • #3360 issue by @​JasonAlt.

Fixes

• Handle when docker gives SecurityOptions: null.
  • #3537 PR by @​asottile.
  • #3514 issue by @​jenstroeger.
• Fix error context for invalid stages in .pre-commit-config.yaml.
  • #3576 PR by @​asottile.

Changelog

Sourced from pre-commit's changelog.

4.5.0 - 2025-11-22

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

4.4.0 - 2025-11-08

Features

• Add --fail-fast option to pre-commit run.
  • #3528 PR by @​JulianMaurin.
• Upgrade ruby-build / rbenv.
  • #3566 PR by @​asottile.
  • #3565 issue by @​MRigal.
• Add language: unsupported / language: unsupported_script as aliases for language: system / language: script (which will eventually be deprecated).
  • #3577 PR by @​asottile.
• Add support docker-in-docker detection for cgroups v2.
  • #3535 PR by @​br-rhrbacek.
  • #3360 issue by @​JasonAlt.

Fixes

• Handle when docker gives SecurityOptions: null.
  • #3537 PR by @​asottile.
  • #3514 issue by @​jenstroeger.
• Fix error context for invalid stages in .pre-commit-config.yaml.
  • #3576 PR by @​asottile.

Commits

• 1af6c8f v4.5.0
• 3358a3b Merge pull request #3585 from pre-commit/hazmat
• bdf6879 add pre-commit hazmat
• e436690 Merge pull request #3584 from pre-commit/exitstack
• 8d34f95 use ExitStack instead of start + stop
• 9c7ea88 Merge pull request #3583 from pre-commit/forward-compat-map-manifest
• 844dacc add forward-compat error message
• 6a1d543 Merge pull request #3582 from pre-commit/move-gc-back
• 66278a9 move logic for gc back to commands.gc
• 1b32c50 Merge pull request #3579 from pre-commit/pre-commit-ci-update-config
• Additional commits viewable in compare view

Updates pydoclint from 0.6.11 to 0.8.3

Release notes

Sourced from pydoclint's releases.

0.8.3

What's Changed

• Fix baseline renegeration bug by @​jsh9 in jsh9/pydoclint#275
• Add config option to allow omitting stars in varargs by @​jsh9:
  • jsh9/pydoclint#276
  • jsh9/pydoclint#277

Full Changelog: jsh9/pydoclint@0.8.2...0.8.3

0.8.2

What's Changed

• Add ability to partially match violation codes by @​jsh9 in jsh9/pydoclint#272
• Fix how multiple init() are recognized by @​jsh9 in jsh9/pydoclint#273

Full Changelog: jsh9/pydoclint@0.8.1...0.8.2

0.8.1

What's Changed

• Change logic to detect docstring style mismatch by @​jsh9 in jsh9/pydoclint#271

Full Changelog: jsh9/pydoclint@0.8.0...0.8.1

0.8.0

What's Changed

• Add inline violation suppression for native mode by @​jsh9 in jsh9/pydoclint#270

Full Changelog: jsh9/pydoclint@0.7.6...0.8.0

0.7.6

What's Changed

• Refresh linters & formatters by @​jsh9 in jsh9/pydoclint#269

Full Changelog: jsh9/pydoclint@0.7.5...0.7.6

0.7.5

What's Changed

• Support @property + @abstractmethod without a Returns: section by @​barometz in jsh9/pydoclint#261

New Contributors

• @​barometz made their first contribution in jsh9/pydoclint#261

Full Changelog: jsh9/pydoclint@0.7.4...0.7.5

0.7.4

What's Changed

... (truncated)

Changelog

Sourced from pydoclint's changelog.

[0.8.3] - 2025-11-26

• Added
  • A new config option --omit-stars-when-documenting-varargs (shortform: -oswdv) so docstrings may describe varargs without the leading * characters (jsh9/pydoclint#268)
• Fixed
  • A bug where --auto-regenerate-baseline removes entries of files that have not yet been fixed (jsh9/pydoclint#274)
• Full diff
  • jsh9/pydoclint@0.8.2...0.8.3

[0.8.2] - 2025-11-21

• Added
  • Ability to partially match violation codes in inline noqa in the native mode (which flake8 already supports)
• Fixed
  • A bug: when there are more than one __init__() in a class (overloaded), the first __init__() is incorrectly recognized as the "right" one. (The last __init__() should be considered the right one.)
• Full diff
  • jsh9/pydoclint@0.8.1...0.8.2

[0.8.1] - 2025-11-03

• Changed
  • The logic to detect docstring style mismatches, fixing a false positive case where non-Sphinx style docstrings are detected as Sphinx style (because there are some rST keywords in them)
• Full diff
  • jsh9/pydoclint@0.8.0...0.8.1

[0.8.0] - 2025-11-03

• Added
  • New functionality: pydoclint native mode can parse "noqa" comments and thus users can suppress violations in the native mode.
• Full diff
  • jsh9/pydoclint@0.7.6...0.8.0

[0.7.6] - 2025-10-26

• Changed
  • Updated linter and auto-formatter configurations
  • Made a lot of changes to fix code style; some logic was also updated per the suggestions of linters
• Full diff
  • jsh9/pydoclint@0.7.5...0.7.6

... (truncated)

Commits

• 98bb10c Add config option to allow omitting stars in varargs (#277)
• c37407d Fix baseline renegeration bug (#276)
• 3386cd2 Fix baseline renegeration bug (#275)
• 8c10818 Fix how multiple init() are recognized (#273)
• 51435e3 Add ability to partially match violation codes (#272)
• e361239 Change logic to detect docstring style mismatch (#271)
• bf4c402 Add hyperlink
• a758527 Update --check-style-mismatch explanations in config_options.md
• e8ffd89 Add inline violation suppression for native mode (#270)
• 0a9ad0c Refresh linters & formatters (#269)
• Additional commits viewable in compare view

Updates pyright from 1.1.406 to 1.1.407

Commits

• 53e8efb Pyright NPM Package update to 1.1.407 (#356)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.