Deps: Bump the python-packages group with 5 updates

[dependabot]

Bumps the python-packages group with 5 updates:

Package	From	To
sqlalchemy	2.0.44	2.0.45
stamina	25.1.0	25.2.0
coverage	7.12.0	7.13.0
ruff	0.14.8	0.14.9
tzdata	2025.2	2025.3

Updates sqlalchemy from 2.0.44 to 2.0.45

Release notes

Sourced from sqlalchemy's releases.

2.0.45

Released: December 9, 2025

orm

• [orm] [bug] Fixed issue where calling Mapper.add_property() within mapper event hooks such as MapperEvents.instrument_class(), MapperEvents.after_mapper_constructed(), or MapperEvents.before_mapper_configured() would raise an AttributeError because the mapper's internal property collections were not yet initialized. The Mapper.add_property() method now handles early-stage property additions correctly, allowing properties including column properties, deferred columns, and relationships to be added during mapper initialization events. Pull request courtesy G Allajmi.

  References: #12858

• [orm] [bug] Fixed issue in Python 3.14 where dataclass transformation would fail when a mapped class using MappedAsDataclass included a relationship() referencing a class that was not available at runtime (e.g., within a TYPE_CHECKING block). This occurred when using Python 3.14's PEP 649 deferred annotations feature, which is the default behavior without a from __future__ import annotations directive.

  References: #12952

examples

• [examples] [bug] Fixed the "short_selects" performance example where the cache was being used in all the examples, making it impossible to compare performance with and without the cache. Less important comparisons like "lambdas" and "baked queries" have been removed.

sql

• [sql] [bug] Some improvements to the _sql.ClauseElement.params() method to replace bound parameters in a query were made, however the ultimate issue in #12915 involving ORM _orm.aliased() cannot be fixed fully until 2.1, where the method is being rewritten to work without relying on Core cloned traversal.

  References: #12915

• [sql] [bug] Fixed issue where using the ColumnOperators.in_() operator with a nested CompoundSelect statement (e.g. an INTERSECT of UNION queries) would raise a NotImplementedError when the

... (truncated)

Commits

• See full diff in compare view

Updates stamina from 25.1.0 to 25.2.0

Release notes

Sourced from stamina's releases.

25.2.0

Highlights

The headliners for this release are that on hooks now may return a manual back-off value (think: Retry-After headers!) and the support for generator functions (sync and async).

Full changelog below!

Special Thanks

This release would not be possible without my generous sponsors! Thank you to all of you making sustainable maintenance possible! If you would like to join them, go to https://github.com/sponsors/hynek and check out the sweet perks!

Above and Beyond

Variomedia AG (@variomedia), Tidelift (@tidelift), Privacy Solutions GmbH (@privacy-solutions), FilePreviews (@filepreviews), LambdaTest (@LambdaTest-Inc), Doist (@Doist), Daniel Fortunov (@asqui), and Kevin P. Fleming (@kpfleming).

Maintenance Sustainers

Buttondown (@buttondown), Christopher Dignam (@chdsbd), Magnus Watn (@magnuswatn), David Cramer (@dcramer), Jesse Snyder (@jessesnyder), Rivo Laks (@rivol), Polar (@polarsource), Mike Fiedler (@miketheman), Duncan Hill (@cricalix), Colin Marquardt (@cmarqu), Pieter Swinkels (@swinkels), Nick Libertini (@libertininick), Brian M. Dennis (@crossjam), Celebrity News AG (@celebritynewsag), The Westervelt Company (@westerveltco), Sławomir Ehlert (@slafs), Mostafa Khalil (@khadrawy), Filip Mularczyk (@mukiblejlok), Thomas Klinger (@thmsklngr), Andreas Poehlmann (@ap--), August Trapper Bigelow (@atbigelow), Carlton Gibson (@carltongibson), and Roboflow (@roboflow).

Full Changelog

Removed

• Support for Python 3.8 and 3.9.

Added

• The type hints for our public API are now also verified using Pyrefly and ty. #124

• stamina.retry() now retries wrapped generator functions and async generator functions.

  Warning: Being able to asend and athrow into wrapped async generators introduced nontrivial complexity in the implementation and is therefore provisional. If supporting these features causes problems, they may be removed again in a future version. #123

• An on hook can now return a float or a datetime.timedelta to specify a custom backoff that overrides the default backoff. #103 #125

Fixed

• Prevent unbounded stop condition when both attempts and timeout are non-None falsy values. #109

• Default wait_exp_base parameter is now an integer to prevent an OverflowError after the 1023th retry. #104

• Attempt.next_wait now returns the correct value. #115

---

... (truncated)

Changelog

Sourced from stamina's changelog.

25.2.0 - 2025-12-11

Removed

• Support for Python 3.8 and 3.9.

Added

• The type hints for our public API are now also verified using Pyrefly and ty. #124

• stamina.retry() now retries wrapped generator functions and async generator functions.

  Warning: Being able to asend and athrow into wrapped async generators introduced nontrivial complexity in the implementation and is therefore provisional. If supporting these features causes problems, they may be removed again in a future version. #123

• An on hook can now return a float or a datetime.timedelta to specify a custom backoff that overrides the default backoff. #103 #125

Fixed

• Prevent unbounded stop condition when both attempts and timeout are non-None falsy values. #109

• Default wait_exp_base parameter is now an integer to prevent an OverflowError after the 1023th retry. #104

• Attempt.next_wait now returns the correct value. #115

Commits

• 79739a0 Prepare 25.2.0
• ae05d15 Exclude httpbin from linkcheck
• 5163027 update dev
• 5a192ba Exclude Wikipedia from linkcheck
• 0e4b849 [pre-commit.ci] pre-commit autoupdate (#128)
• 6c6197d Update dev (#127)
• 474613c Allow predicates to return floats (#125)
• 2e291c1 Switch to native fonts
• e9be245 Update funding
• 941f95e Cap wait in 2 tests
• Additional commits viewable in compare view

Updates coverage from 7.12.0 to 7.13.0

Changelog

Sourced from coverage's changelog.

Version 7.13.0 — 2025-12-08

• Feature: coverage.py now supports :file:.coveragerc.toml configuration files. These files use TOML syntax and take priority over :file:pyproject.toml but lower priority than :file:.coveragerc files. Closes issue 1643_ thanks to Olena Yefymenko <pull 1952_>_.

• Fix: we now include a permanent .pth file which is installed with the code, fixing issue 2084. In 7.12.1b1 this was done incorrectly: it didn't work when using the source wheel (py3-none-any). This is now fixed. Thanks, Henry Schreiner <pull 2100_>.

• Deprecated: when coverage.py is installed, it creates three command entry points: coverage, coverage3, and coverage-3.10 (if installed for Python 3.10). The second and third of these are not needed and will eventually be removed. They still work for now, but print a message about their deprecation.

.. _issue 1643: coveragepy/coveragepy#1643 .. _pull 1952: coveragepy/coveragepy#1952 .. _pull 2100: coveragepy/coveragepy#2100

.. _changes_7-12-1b1:

Version 7.12.1b1 — 2025-11-30

• Fix: coverage.py now includes a permanent .pth file in the distribution which is installed with the code. This fixes issue 2084_: failure to patch for subprocess measurement when site-packages is not writable.

.. _issue 2084: coveragepy/coveragepy#2084

.. _changes_7-12-0:

Commits

• 52fde9c docs: sample HTML for 7.13.0
• 69de009 docs: prep for 7.13.0
• 01387fc docs: tweak changes
• 60206e8 chore: make edit_for_release
• 78cfd57 docs: tweak CHANGES.rst
• 21e726f feat: support .coveragerc.toml for configuration (#1952)
• 3914e50 chore: bump the action-dependencies group with 2 updates (#2102)
• d5e7c3a test: no need to group tests by needs_pth
• ed516c4 test: fix metacov again
• da833a1 fix: use Development Status classifier properly. #2101
• Additional commits viewable in compare view

Updates ruff from 0.14.8 to 0.14.9

Release notes

Sourced from ruff's releases.

0.14.9

Release Notes

Released on 2025-12-11.

Preview features

• [ruff] New RUF100 diagnostics for unused range suppressions (#21783)
• [pylint] Detect subclasses of builtin exceptions (PLW0133) (#21382)

Bug fixes

• Fix comment placement in lambda parameters (#21868)
• Skip over trivia tokens after re-lexing (#21895)
• [flake8-bandit] Fix false positive when using non-standard CSafeLoader path (S506). (#21830)
• [flake8-bugbear] Accept immutable slice default arguments (B008) (#21823)

Rule changes

• [pydocstyle] Suppress D417 for parameters with Unpack annotations (#21816)

Performance

• Use memchr for computing line indexes (#21838)

Documentation

• Document *.pyw is included by default in preview (#21885)
• Document range suppressions, reorganize suppression docs (#21884)
• Update mkdocs-material to 9.7.0 (Insiders now free) (#21797)

Contributors

• @​Avasam
• @​MichaReiser
• @​charliermarsh
• @​amyreese
• @​phongddo
• @​prakhar1144
• @​mahiro72
• @​ntBre
• @​LoicRiegel

Install ruff 0.14.9

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.14.9/ruff-installer.sh | sh

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.9

Released on 2025-12-11.

Preview features

• [ruff] New RUF100 diagnostics for unused range suppressions (#21783)
• [pylint] Detect subclasses of builtin exceptions (PLW0133) (#21382)

Bug fixes

• Fix comment placement in lambda parameters (#21868)
• Skip over trivia tokens after re-lexing (#21895)
• [flake8-bandit] Fix false positive when using non-standard CSafeLoader path (S506). (#21830)
• [flake8-bugbear] Accept immutable slice default arguments (B008) (#21823)

Rule changes

• [pydocstyle] Suppress D417 for parameters with Unpack annotations (#21816)

Performance

• Use memchr for computing line indexes (#21838)

Documentation

• Document *.pyw is included by default in preview (#21885)
• Document range suppressions, reorganize suppression docs (#21884)
• Update mkdocs-material to 9.7.0 (Insiders now free) (#21797)

Contributors

• @​Avasam
• @​MichaReiser
• @​charliermarsh
• @​amyreese
• @​phongddo
• @​prakhar1144
• @​mahiro72
• @​ntBre
• @​LoicRiegel

Commits

• 3f63ea4 Prepare 0.14.9 release (#21927)
• c8851ec [ty] Defer all parameter and return type annotations (#21906)
• d442433 [ty] Fix workspace symbols to return members too (#21926)
• c055d66 Document range suppressions, reorganize suppression docs (#21884)
• 7a578ce Ignore ruff:isort like ruff:noqa in new suppressions (#21922)
• 34f7a04 [ty] Handle Definitions in SemanticModel::scope (#21919)
• c9fe4e2 [ty] Attach salsa db when running ide tests for easier debugging (#21917)
• fbeeb05 [ty] Don't show hover for expressions with no inferred type (#21924)
• 4fdb4e8 [ty] avoid unions of generic aliases of the same class in fixpoint (#21909)
• c548ef2 [ty] Squash false positive logs for failing to find builtins as a real module
• Additional commits viewable in compare view

Updates tzdata from 2025.2 to 2025.3

Release notes

Sourced from tzdata's releases.

2025.3: Release of upstream tzdata 2025c

Version 2025.3

Upstream version 2025c released 2025-12-10T22:42:37+00:00

Briefly:

Several code changes for compatibility with FreeBSD.

Changes to past timestamps

Baja California agreed with California’s DST rules in 1953 and in 1961 through 1975, instead of observing standard time all year. (Thanks to Alois Treindl.)

Changes to commentary

The leapseconds file contains commentary about the IERS and NIST last-modified and expiration timestamps for leap second data. (Thanks to Judah Levine.)

Commentary now also uses characters from the set –‘’“”•≤ as this can be useful and should work with current applications. This also affects data in iso3166.tab and zone1970.tab, which now contain strings like “Côte d’Ivoire” instead of “Côte d'Ivoire”.

Changelog

Sourced from tzdata's changelog.

Version 2025.3

Upstream version 2025c released 2025-12-10T22:42:37+00:00

Briefly:

Several code changes for compatibility with FreeBSD.

Changes to past timestamps

Baja California agreed with California’s DST rules in 1953 and in 1961 through 1975, instead of observing standard time all year. (Thanks to Alois Treindl.)

Changes to commentary

The leapseconds file contains commentary about the IERS and NIST last-modified and expiration timestamps for leap second data. (Thanks to Judah Levine.)

Commentary now also uses characters from the set –‘’“”•≤ as this can be useful and should work with current applications. This also affects data in iso3166.tab and zone1970.tab, which now contain strings like “Côte d’Ivoire” instead of “Côte d'Ivoire”.

---

Commits

• d14cebc Update tzdata to version '2025c'
• 4045188 Bump actions/checkout from 5 to 6 in the actions group (#117)
• 9b58dd1 Stop requiring pytest-subtests for python>3.9, it has been incorporated int...
• 7dc1b6c Update pre-commit repos
• a9c68ae Add newlines to update PR description and commit (#106)
• d619f31 Test Python 3.14t
• b5ab93f Verify signatures of tarballs (#108)
• 6f866b8 Use raw strings for regex
• b1b3051 Fix dependabot config
• dddc234 Commit
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[greenbonebot]

Scan: 'poetry.lock'

Nothing detected in poetry.lock
Scan took 0.01 seconds