⬆️(dependencies) update python dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
Brotli	==1.1.0 -> ==1.2.0
arrow	==1.3.0 -> ==1.4.0
cryptography (changelog)	==46.0.2 -> ==46.0.3
django-countries (changelog)	==7.6.1 -> ==8.2.0
django-viewflow	==2.2.13 -> ==2.2.14
drf_spectacular	==0.28.0 -> ==0.29.0
markdown (changelog)	==3.9 -> ==3.10
pdfminer-six	==20250506 -> ==20251107
psycopg (source, changelog)	==3.2.10 -> ==3.2.13
pyfakefs (changelog)	==5.10.0 -> ==5.10.2
pylint (changelog)	==3.3.8 -> ==4.0.3
pytest (changelog)	==8.4.2 -> ==9.0.1
pytest-subtests	==0.14.1 -> ==0.15.0
ruff (source, changelog)	==0.14.0 -> ==0.14.6
sentry-sdk (changelog)	==2.41.0 -> ==2.46.0

---

Release Notes

google/brotli (Brotli)

v1.2.0

Compare Source

SECURITY

• python: added Decompressor::can_accept_more_data method and optional
  output_buffer_limit argument Decompressor::process;
  that allows mitigation of unexpectedly large output;
  reported by Charles Chan (https://github.com/charleswhchan)

Added

• decoder / encoder: added static initialization to reduce binary size
• python: allow limiting decoder output (see SECURITY section)
• CLI: brcat alias; allow decoding concatenated brotli streams
• kt: pure Kotlin decoder
• cgo: support "raw" dictionaries
• build: Bazel modules

Removed

• java: dropped finalize() for native entities

Fixed

• java: in compress pass correct length to native encoder

Improved

• build: install man pages
• build: updated / fixed / refined Bazel buildfiles
• encoder: faster encoding
• cgo: link via pkg-config
• python: modernize extension / allow multi-phase module initialization

Changed

• decoder / encoder: static tables use "small" model (allows 2GiB+ binaries)

arrow-py/arrow (arrow)

v1.4.0

Compare Source

• [ADDED] Added week_start parameter to floor() and ceil() methods. PR #&#8203;1222 <https://github.com/arrow-py/arrow/pull/1222>_
• [ADDED] Added FORMAT_RFC3339_STRICT with a T separator. PR #&#8203;1201 <https://github.com/arrow-py/arrow/pull/1201>_
• [ADDED] Added Macedonian in Latin locale support. PR #&#8203;1200 <https://github.com/arrow-py/arrow/pull/1200>_
• [ADDED] Added Persian/Farsi locale support. PR #&#8203;1190 <https://github.com/arrow-py/arrow/pull/1190>_
• [ADDED] Added week and weeks to Thai locale timeframes. PR #&#8203;1218 <https://github.com/arrow-py/arrow/pull/1218>_
• [ADDED] Added weeks to Catalan locale. PR #&#8203;1189 <https://github.com/arrow-py/arrow/pull/1189>_
• [ADDED] Added Persian names of months, month-abbreviations and day-abbreviations in Gregorian calendar. PR #&#8203;1172 <https://github.com/arrow-py/arrow/pull/1172>_
• [CHANGED] Migrated Arrow to use ZoneInfo for timezones instead of pytz. PR #&#8203;1217 <https://github.com/arrow-py/arrow/pull/1217>_
• [FIXED] Fixed humanize month limits. PR #&#8203;1224 <https://github.com/arrow-py/arrow/pull/1224>_
• [FIXED] Fixed type hint of Arrow.__getattr__. PR #&#8203;1171 <https://github.com/arrow-py/arrow/pull/1171>_
• [FIXED] Fixed spelling and removed poorly used expressions in Korean locale. PR #&#8203;1181 <https://github.com/arrow-py/arrow/pull/1181>_
• [FIXED] Updated shift() method for issue #​1145. PR #&#8203;1194 <https://github.com/arrow-py/arrow/pull/1194>_
• [FIXED] Improved Greek locale translations (seconds, days, "ago", and month typo). PR #&#8203;1184 <https://github.com/arrow-py/arrow/pull/1184>, PR #&#8203;1186 <https://github.com/arrow-py/arrow/pull/1186>
• [FIXED] Addressed datetime.utcnow deprecation warning. PR #&#8203;1182 <https://github.com/arrow-py/arrow/pull/1182>_
• [INTERNAL] Added codecov test results. PR #&#8203;1223 <https://github.com/arrow-py/arrow/pull/1223>_
• [INTERNAL] Updated CI dependencies (actions/setup-python, actions/checkout, codecov/codecov-action, actions/cache).
• [INTERNAL] Added docstrings to parser.py. PR #&#8203;1010 <https://github.com/arrow-py/arrow/pull/1010>_
• [INTERNAL] Updated Python versions support and bumped CI dependencies. PR #&#8203;1177 <https://github.com/arrow-py/arrow/pull/1177>_
• [INTERNAL] Added dependabot for GitHub actions. PR #&#8203;1193 <https://github.com/arrow-py/arrow/pull/1193>_
• [INTERNAL] Moved dateutil types to test requirements. PR #&#8203;1183 <https://github.com/arrow-py/arrow/pull/1183>_
• [INTERNAL] Added documentation link for arrow.format. PR #&#8203;1180 <https://github.com/arrow-py/arrow/pull/1180>_

pyca/cryptography (cryptography)

v46.0.3

Compare Source

SmileyChris/django-countries (django-countries)

v8.2.0

Compare Source

Features

• Add django_countries.django_filters.CountryFilter for django-filters integration with support for custom empty_label. This filter automatically sets country choices and seamlessly integrates with django-filters FilterSets, making it easier to add country filtering to your views. (#​307)

• Enable CountryFieldMixin to accept name_only, country_dict, and output customization options via Meta.extra_kwargs. You can now configure country field serialization behavior without explicitly declaring serializer fields, making it easier to customize output for both single and multiple country fields. (#​414)

• CountryField(country_dict=...) now accepts either a boolean (existing behaviour) or an iterable/string of keys so you can control exactly which values appear in the serialized country dict (for example ("code", "name", "alpha3") or just "alpha3"). (#​416)

• Add COUNTRIES_FIRST_BY_LANGUAGE and COUNTRIES_FIRST_AUTO_DETECT settings for dynamic country ordering based on user language. Countries can now be automatically reordered based on the current language, with locale-based auto-detection (e.g., fr-CA users see Canada prepended to the French country group). (#​418)

• Add support for custom flag_url in COUNTRIES_OVERRIDE setting. You can now specify a custom flag URL for overridden countries:

  COUNTRIES_OVERRIDE = {
      "IND": {
          "names": ["Indonesia"],
          "ioc_code": "INA",
          "flag_url": "flags/id.gif",
      },
  }

  This is particularly useful when using custom country codes that need to reference existing flag images. (#​449)

• Add countries_context() context manager for temporary, thread-local override of country configuration options. Supports all country options (first, only, first_sort, first_repeat, first_break, first_by_language, first_auto_detect), enabling per-request customization based on user preferences, IP geolocation, or other dynamic factors. Each option independently overrides its corresponding setting with the highest priority.

Bugfixes

• Fix CountryField serializer to respect current language when deserializing localized country names. The field now automatically uses Django's get_language() to detect the active language and falls back to English if the country name is not found in the current language. (#​407)
• Fixed CountryFilter to support filtering on CountryField through relations (e.g., list_filter = [("contact__country", CountryFilter)]). Previously this would fail with a FieldError. (#​432)
• Fixed CountryFilter admin filter to work correctly with CountryField(multiple=True). The filter now uses the __contains lookup instead of exact matching to properly find records where the selected country appears in the comma-separated country list. (#​445)
• Added support for empty_label parameter in CountryField.formfield() to customize the blank choice label in form fields. This allows using empty_label="" for an empty label or empty_label="Custom text" for custom text, resolving the issue where empty_label was previously ignored. (#​466)
• Fixed type annotation for CountryField.countries parameter in stub file to accept type[Countries] instead of Countries instance, resolving mypy errors when using custom Countries subclasses. Also removed unnecessary exclusion of tests from mypy checking. (#​482)

Misc

• Refactored deployment script from bash (244 lines) to Python using click for better maintainability and testability. The script is now in scripts/deploy.py with these improvements:

  • Interactive mode: Run just deploy without arguments to get an interactive prompt showing version options (e.g., "8.1.1 → 8.2.0")
  • Enhanced dry-run: DRY_RUN=1 now validates package builds, documentation builds, runs pre-commit checks, shows full changelog preview, checks PyPI for existing versions, displays translation status, and checks for uncommitted changes (same as real run)
  • Comprehensive summary: Shows a detailed list of completed steps at the end of each run
  • Allow dirty: --allow-dirty flag to bypass git status check when needed (not recommended for production)
  • Better error handling: Clear error messages with proper exception types
  • Colorful output: Uses click's styling for better readability

v8.1.1

Compare Source

Bugfixes

• Fixed CountryField(multiple=True) not marking selected options in Django forms. (#​480)

v8.1.0

Compare Source

Features

• DRF serializer fields now respect the allow_null parameter, returning None for NULL values when allow_null=True.
  This enables better API consistency and is particularly useful with unique=True constraints, which allow multiple NULL values but not multiple empty strings in the database. (#​453)
• Add support for null=True on multiple country fields, allowing This nullable unique constraints on multiple country fields.
  CountryField(multiple=True, null=True) now returns None for NULL database values instead of crashing and the historical system check E100 that blocked multiple=True + null=True has been removed. (#​453)

Bugfixes

• Fixed OpenAPI schema generation for CountryField when using country_dict=True or name_only=True. The field now correctly generates an object schema (with code and name properties) for country_dict=True and a string schema for name_only=True, instead of incorrectly generating an enum schema. This fixes schema generation for both DRF's built-in OpenAPI support and drf-spectacular, enabling accurate TypeScript client generation and other API tooling. (#​441)
• Major performance enhancement for Django admin. Added per-language caching to Countries.__iter__(), delivering 20-40× speedup when displaying CountryField in list_display (admin changelist now renders in <0.5s instead of 6-10s). (#​454)
• Fixed a regression where a country field allowing for selection of multiple countries could not be added to using the + operator. (#​455)

v8.0.1

Compare Source

Bugfixes

• Fixed required attribute not being rendered on form widgets when using COUNTRIES_FIRST_BREAK setting. The separator option now correctly allows the field to remain required for HTML5 validation. (#​280)
• Fixed Transifex translation pull workflow to use git commit timestamps instead of filesystem modification times, preventing translations from being incorrectly skipped. Updated German (de), Afrikaans (af), Slovak (sk), and Slovenian (sl) translations.

Misc

• Add OLD_NAMES for Bahamas and Netherlands to support translation fallback when country names change. Updated translation workflow to generate English source locale and automatically push to Transifex during releases.

v8.0.0

Compare Source

Note: This release includes all changes from the yanked versions 7.8, 7.9, and 7.9.1, which were yanked because they inadvertently dropped Python 3.7 support without a major version bump.

Features

• Added common names for six additional countries/territories: Democratic Republic of the Congo (CD), South Georgia (GS), Netherlands (NL), Palestine (PS), Saint Helena (SH), and Vatican City (VA). These provide friendlier, shorter names when COUNTRIES_COMMON_NAMES is enabled (default).

Bugfixes

• Fix COUNTRIES_OVERRIDE to support custom country codes that are 3 characters long. Previously, 3-character codes were incorrectly treated as alpha3 codes and resolved to existing countries. (#​474)
• Fixed TypeError "unhashable type: 'list'" when using CountryField(multiple=True) in Django admin list_display. (#​311)
• Fixed CountryField(multiple=True) displaying "-" instead of country names in Django admin readonly_fields. (#​463)
• Fixed incorrect max_length calculation for CountryField(multiple=True) when using COUNTRIES_FIRST with COUNTRIES_FIRST_REPEAT. (#​469)
• Updated country names to match ISO 3166-1 OBP: Bahamas (The) and Netherlands (Kingdom of the). Also improved self_generate() regex to handle type hints in dictionary declarations.

Improved Documentation

• Added MkDocs documentation site and simplified README to focus on quick start with link to full documentation.
• Consolidated release documentation into CONTRIBUTING.md and improved development setup instructions.
• Added documentation warning that CountryField does not support Django's autocomplete_fields in admin or third-party admin filter packages like more_admin_filters. (#​473)
• Added comprehensive documentation on ISO 3166-1 country name formatting, explaining parentheses vs commas usage, capitalization of "the", and addressing common political objections about territories like Taiwan, Kosovo, Hong Kong, and Palestine.

Deprecations and Removals

• Drop Python 3.7 support. Python 3.7 reached end-of-life in June 2023. The minimum supported Python version is now 3.8.

Misc

• Expanded test matrix to cover Python 3.8-3.13 and Django 3.2-5.1 with improved test infrastructure.
• Fixed various code quality issues identified by ruff linter, including improved string formatting and file handling.
• Migrated build system from setuptools to uv_build for faster and more modern package building.
• Simplified release process with automated just deploy command and towncrier for changelog management.
• Fix unnecessary list comprehension in test_tags.py

v7.9.1

Compare Source

Bugfixes

• Fix COUNTRIES_OVERRIDE to support custom country codes that are 3 characters long. Previously, 3-character codes were incorrectly treated as alpha3 codes and resolved to existing countries. (#​474)

Note: This release was yanked because it inadvertently dropped Python 3.7 support without a major version bump. Use 8.0.0 or later instead.

v7.9

Compare Source

Bugfixes

• Fix COUNTRIES_OVERRIDE to support custom country codes that are 3 characters long. Previously, 3-character codes were incorrectly treated as alpha3 codes and resolved to existing countries. (#​474)

Note: This release was yanked because it inadvertently dropped Python 3.7 support without a major version bump. Use 8.0.0 or later instead.

v7.8

Compare Source

Where'd 7.7 go? Well 7.6 was accidentally bumped to 7.8 because of the new release process!

Note: This release was yanked because it inadvertently dropped Python 3.7 support without a major version bump. Use 8.0.0 or later instead.

Improved Documentation

• Added MkDocs documentation site and simplified README to focus on quick start with link to full documentation.
• Consolidated release documentation into CONTRIBUTING.md and improved development setup instructions.

Misc

• Expanded test matrix to cover Python 3.8-3.13 and Django 3.2-5.1 with improved test infrastructure.
• Fixed various code quality issues identified by ruff linter, including improved string formatting and file handling.
• Migrated build system from setuptools to uv_build for faster and more modern package building.
• Simplified release process with automated just deploy command and towncrier for changelog management.

tfranzel/drf-spectacular (drf_spectacular)

v0.29.0

Compare Source

• Add l18n handling for Decimal field #&#8203;1466 <https://github.com/tfranzel/drf-spectacular/issues/1466>_
• Fix LogoutSerializer for JWT/dj_rest_auth #&#8203;1392 <https://github.com/tfranzel/drf-spectacular/issues/1392>_
• fix: support token blacklist feature in rest_auth [Bart van Andel]
• [django-filter] Add null_label if set in ChoiceFilter (#&#8203;1450 <https://github.com/tfranzel/drf-spectacular/issues/1450>_) [Enric Pou]
• fix: camelize tuples/fixed length array (#&#8203;1432 <https://github.com/tfranzel/drf-spectacular/issues/1432>_) [Chris Wesseling]
• Fix items:False case in enum hook #&#8203;1432 <https://github.com/tfranzel/drf-spectacular/issues/1432>_
• Add option to overwrite serializer description #&#8203;1463 <https://github.com/tfranzel/drf-spectacular/issues/1463>_
• Fix OpenApiViewExtension not providing view instance under self.target (#&#8203;1405 <https://github.com/tfranzel/drf-spectacular/issues/1405>_) [astro-stan]
• Move list default fix to source of the problem #&#8203;1436 <https://github.com/tfranzel/drf-spectacular/issues/1436>_
• Improve confusing doc #&#8203;1461 <https://github.com/tfranzel/drf-spectacular/issues/1461>_
• Add assert to pagination test #&#8203;1459 <https://github.com/tfranzel/drf-spectacular/issues/1459>_
• fix SafeString handling for picky CDumper (#&#8203;1435 <https://github.com/tfranzel/drf-spectacular/issues/1435>_)
• Remove EOL 3.7 from suite; pydantic not updated for <=3.8
• Fix DecimalField with decimal_places and max_digits equal. [keter2002]
• fix test for i18n changes on DRF (#&#8203;1444 <https://github.com/tfranzel/drf-spectacular/issues/1444>_)
• Improve to_filter_name support for django_filter [Matwey V. Kornilov]
• fixes prefix estimation on windows [Luis Nell]
• Fix default for array types [Stanislav Khlud]
• fix: use CSafeDumper for render yaml if available [florian]
• fix: sort list to produce same hash [florian]
• Add typing.Generic to default lib_doc_excludes [Max Howald]
• Add get_doc test for class that inherits from Generic [Max Howald]
• Add Django REST framework 3.16 support [Paolo Melchiorre]
• Fix memory leak [artemkucher]
• Fix python 3.11 slice index [Egor Litvinov]
• fix: correct port mapping for the container in README [Maksym Bieńkowski]
• Update docs [q0w]
• Allow setting callable for ENUM_NAME_OVERRIDES [q0w]
• Add allauth's DRF token auth #&#8203;1401 <https://github.com/tfranzel/drf-spectacular/issues/1401>_
• update away from retired GH worker image
• add condition to check, that serializer Meta has model attribute [aliev_vt]
• Fix docs compile issue and update some old code (#&#8203;1389 <https://github.com/tfranzel/drf-spectacular/issues/1389>_) [Mike Manger]
• Fix location of @​extend_schema_field [johnthagen]
• Remove reference to non-exposed lazy_serializer [johnthagen]
• Document how to lazily define a recursive SerializerMethod [johnthagen]
• Link to SerializerMethod docs [johnthagen]
• Document Django 5.1 support in README [johnthagen]
• Bump django from 4.2.11 to 4.2.18 in /requirements [dependabot[bot]]
• Enhance bug report template with instructions for better clarity [antoliny0919]
• add pydantic computed field to tests #&#8203;1354 <https://github.com/tfranzel/drf-spectacular/issues/1354>_

Breaking changes / important additions:

• Finally fixed the memory leak thanks to @​artKucher.
• Another performance improvement is the usage of the C versions of yaml, if available.
• Apart from that, there are a lot of small improvements and bugfixes.

Python-Markdown/markdown (markdown)

v3.10

Compare Source

pdfminer/pdfminer.six (pdfminer-six)

v20251107

Compare Source

Fixed

• Arbitrary code execution when loading pickle cmaps (issue)

psycopg/psycopg (psycopg)

v3.2.13

Compare Source

v3.2.12

Compare Source

v3.2.11

Compare Source

pytest-dev/pyfakefs (pyfakefs)

v5.10.2

Compare Source

Fixes a problem with pathlib.glob in Python 3.14.

Fixes

• fixed pathlib.glob() for Python 3.14 (see #​1239)

v5.10.1

Compare Source

Fixes a regression introduced in version 5.9.0.

Fixes

• fixed a deadlock in shutil.copytree if copying using an shutil function as
  copy_function argument (see #​1235)

pylint-dev/pylint (pylint)

v4.0.3

Compare Source

What's new in Pylint 4.0.3?

Release date: 2025-11-13

False Positives Fixed

• Add Enum dunder methods _generate_next_value_, _missing_, _numeric_repr_, _add_alias_, and _add_value_alias_ to the list passed to --good-dunder-names.

  Closes #​10435

• Fixed false positive for invalid-name with typing.Annotated.

  Closes #​10696

• Fix false positive for f-string-without-interpolation with template strings
  when using format spec.

  Closes #​10702

• Fix a false positive when an UPPER_CASED class attribute was raising an
  invalid-name when typed with Final.

  Closes #​10711

• Fix a false positive for unbalanced-tuple-unpacking when a tuple is assigned to a function call and the structure of the function's return value is ambiguous.

  Closes #​10721

Other Bug Fixes

• Make 'ignore' option work as expected again.

  Closes #​10669

• Fix crash for consider-using-assignment-expr when a variable annotation without assignment
  is used as the if test expression.

  Closes #​10707

• Fix crash for prefer-typing-namedtuple and consider-math-not-float when
  a slice object is called.

  Closes #​10708

v4.0.2

Compare Source

False Positives Fixed

• Fix false positive for invalid-name on a partially uninferable module-level constant.

  Closes #​10652

• Fix a false positive for invalid-name on exclusive module-level assignments
  composed of three or more branches. We won't raise disallowed-name on module-level names that can't be inferred
  until a further refactor to remove this false negative is done.

  Closes #​10664

• Fix false positive for invalid-name for TypedDict instances.

  Closes #​10672

v4.0.1

Compare Source

What's new in Pylint 4.0.1?

Release date: 2025-10-14

False Positives Fixed

• Exclude __all__ and __future__.annotations from unused-variable.

  Closes #​10019

• Fix false-positive for bare-name-capture-pattern if a case guard is used.

  Closes #​10647

• Check enums created with the Enum() functional syntax to pass against the
  --class-rgx for the invalid-name check, like other enums.

  Closes #​10660

v4.0.0

Compare Source

• Pylint now supports Python 3.14.

• Pylint's inference engine (astroid) is now much more precise,
  understanding implicit booleanness and ternary expressions. (Thanks @​zenlyj!)

Consider this example:

class Result:
    errors: dict | None = None

result = Result()
if result.errors:
    result.errors[field_key]

##### inference engine understands result.errors cannot be None
##### pylint no longer raises unsubscriptable-object

The required astroid version is now 4.0.0. See the astroid changelog for additional fixes, features, and performance improvements applicable to pylint.

• Handling of invalid-name at the module level was patchy. Now,
  module-level constants that are reassigned are treated as variables and checked
  against --variable-rgx rather than --const-rgx. Module-level lists,
  sets, and objects can pass against either regex.

Here, LIMIT is reassigned, so pylint only uses --variable-rgx:

LIMIT = 500  # [invalid-name]
if sometimes:
    LIMIT = 1  # [invalid-name]

If this is undesired, refactor using exclusive assignment so that it is
evident that this assignment happens only once:

if sometimes:
    LIMIT = 1
else:
    LIMIT = 500  # exclusive assignment: uses const regex, no warning

Lists, sets, and objects still pass against either const-rgx or variable-rgx
even if reassigned, but are no longer completely skipped:

MY_LIST = []
my_list = []
My_List = []  # [invalid-name]

Remember to adjust the regexes and allow lists to your liking.

Breaking Changes

• invalid-name now distinguishes module-level constants that are assigned only once
  from those that are reassigned and now applies --variable-rgx to the latter. Values
  other than literals (lists, sets, objects) can pass against either the constant or
  variable regexes (e.g. "LOGGER" or "logger" but not "LoGgEr").

  Remember that --good-names or --good-names-rgxs can be provided to explicitly
  allow good names.

  Closes #​3585

• The unused pylintrc argument to PyLinter.__init__() is deprecated
  and will be removed.

  Refs #​6052

• Commented out code blocks such as # bar() # TODO: remove dead code will no longer emit fixme.

  Refs #​9255

• pyreverse Run was changed to no longer call sys.exit() in its __init__.
  You should now call Run(args).run() which will return the exit code instead.
  Having a class that always raised a SystemExit exception was considered a bug.

  Normal usage of pyreverse through the CLI will not be affected by this change.

  Refs #​9689

• The suggestion-mode option was removed, as pylint now always emits user-friendly hints instead
  of false-positive error messages. You should remove it from your conf if it's defined.

  Refs #​9962

• The async.py checker module has been renamed to async_checker.py since async is a Python keyword
  and cannot be imported directly. This allows for better testing and extensibility of the async checker functionality.

  Refs #​10071

• The message-id of continue-in-finally was changed from E0116 to W0136. The warning is
  now emitted for every Python version since it will raise a syntax warning in Python 3.14.
  See PEP 765 - Disallow return/break/continue that exit a finally block.

  Refs #​10480

• Removed support for nmp.NaN alias for numpy.NaN being recognized in ':ref:nan-comparison'. Use np or numpy instead.

  Refs #​10583

• Version requirement for isort has been bumped to >=5.0.0.
  The internal compatibility for older isort versions exposed via pylint.utils.IsortDriver has
  been removed.

  Refs #​10637

New Features

• comparison-of-constants now uses the unicode from the ast instead of reformatting from
  the node's values preventing some bad formatting due to utf-8 limitation. The message now uses
  " instead of ' to better work with what the python ast returns.

  Refs #​8736

• Enhanced pyreverse to properly distinguish between UML relationship types (association, aggregation, composition) based on object ownership semantics. Type annotations without assignment are now treated as associations, parameter assignments as aggregations, and object instantiation as compositions.

  Closes #​9045
  Closes #​9267

• The fixme check can now search through docstrings as well as comments, by using
  check-fixme-in-docstring = true in the [tool.pylint.miscellaneous] section.

  Closes #​9255

• The use-implicit-booleaness-not-x checks now distinguish between comparisons
  used in boolean contexts and those that are not, enabling them to provide more accurate refactoring suggestions.

  Closes #​9353

• The verbose option now outputs the filenames of the files that have been checked.
  Previously, it only included the number of checked and skipped files.

  Closes #​9357

• colorized reporter now colorizes messages/categories that have been configured as fail-on in red inverse.
  This makes it easier to quickly find the errors that are causing pylint CI job failures.

  Closes #​9898

• Enhanced support for @​property decorator in pyreverse to correctly display return types of annotated properties when generating class diagrams.

  Closes #​10057

• Add --max-depth option to pyreverse to control diagram complexity. A depth of 0 shows only top-level packages, 1 shows one level of subpackages, etc.
  This helps manage visualization of large codebases by limiting the depth of displayed packages and classes.

  Refs #​10077

• Handle deferred evaluation of annotations in Python 3.14.

  Closes #​10149

• Enhanced pyreverse to properly detect aggregations for comprehensions (list, dict, set, generator).

  Closes #​10236

• pyreverse: add support for colorized output when using output format mmd (MermaidJS) and html.

  Closes #​10242

• pypy 3.11 is now officially supported.

  Refs #​10287

• Add support for Python 3.14.

  Refs #​10467

• Add naming styles for ParamSpec and TypeVarTuple that align with the TypeVar style.

  Refs #​10541

New Checks

• Add match-statements checker and the following message:
  bare-name-capture-pattern.
  This will emit an error message when a name capture pattern is used in a match statement which would make the remaining patterns unreachable.
  This code is a SyntaxError at runtime.

  Closes #​7128

• Add new check async-context-manager-with-regular-with to detect async context managers used with regular with statements instead of async with.

  Refs #​10408

• Add break-in-finally warning. Using break inside the finally clause
  will raise a syntax warning in Python 3.14.
  See PEP 765 - Disallow return/break/continue that exit a finally block <https://peps.python.org/pep-0765/>_.

  Refs #​10480

• Add new checks for invalid uses of class patterns in :keyword:match.

  • :ref:invalid-match-args-definition is emitted if :py:data:object.__match_args__ isn't a tuple of strings.
  • :ref:too-many-positional-sub-patterns if there are more positional sub-patterns than specified in :py:data:object.__match_args__.
  • :ref:multiple-class-sub-patterns if there are multiple sub-patterns for the same attribute.

  Refs #​10559

• Add additional checks for suboptimal uses of class patterns in :keyword:match.

  • :ref:match-class-bind-self is emitted if a name is bound to self instead of
    using an as pattern.
  • :ref:match-class-positional-attributes is emitted if a class pattern has positional
    attributes when keywords could be used.

  Refs #​10587

• Add a consider-math-not-float message. float("nan") and float("inf") are slower
  than their counterpart math.inf and math.nan by a factor of 4 (notwithstanding
  the initial import of math) and they are also not well typed when using mypy.
  This check also catches typos in float calls as a side effect.

  The :ref:pylint.extensions.code_style need to be activated for this check to work.

  Refs #​10621

False Positives Fixed

• Fix a false positive for used-before-assignment when a variable defined under
  an if and via a named expression (walrus operator) is used later when guarded
  under the same if test.

  Closes #​10061

• Fix :ref:no-name-in-module for members of concurrent.futures with Python 3.14.

  Closes #​10632

False Negatives Fixed

• Fix false negative for used-before-assignment when a TYPE_CHECKING import is used as a type annotation prior to erroneous usage.

  Refs #​8893

• Match cases are now counted as edges in the McCabe graph and will increase the complexity accordingly.

  Refs #​9667

• Check module-level constants with type annotations for invalid-name.
  Remember to adjust const-naming-style or const-rgx to your liking.

  Closes #​9770

• Fix false negative where function-redefined (E0102) was not reported for functions with a leading underscore.

  Closes #​9894

• We now raise a logging-too-few-args for format string with no
  interpolation arguments at all (i.e. for something like logging.debug("Awaiting process %s")
  or logging.debug("Awaiting process {pid}")). Previously we did not raise for such case.

  Closes #​9999

• Fix false negative for used-before-assignment when a function is defined inside a TYPE_CHECKING guard block and used later.

  Closes #​10028

• Fix a false negative for possibly-used-before-assignment when a variable is conditionally defined
  and later assigned to a type-annotated variable.

  Closes #​10421

• Fix false negative for deprecated-module when a __import__ method is used instead of import sentence.

  Refs #​10453

• Count match cases for too-many-branches check.

  Refs #​10542

• Fix false-negative where :ref:unused-import was not reported for names referenced in a preceding global statement.

  Refs #​10633

Other Bug Fixes

• When displaying unicode with surrogates (or other potential UnicodeEncodeError),
  pylint will now display a '?' character (using encode(encoding="utf-8", errors="replace"))
  instead of crashing. The functional tests classes are also updated to handle this case.

  Closes #​8736

• Fixed unidiomatic-typecheck only checking left-hand side.

  Closes #​10217

• Fix a crash caused by malformed format strings when using .format with keyword arguments.

  Closes #​10282

• Fix false positive inconsistent-return-statements when using quit() or exit() functions.

  Closes #​10508

• Fix a crash in :ref:nested-min-max when using builtins.min or builtins.max
  instead of min or max directly.

  Closes #​10626

• Fixed a crash in :ref:unnecessary-dict-index-lookup when the index of an enumerated list
  was deleted inside a for loop.

  Closes #​10627

Other Changes

• Remove support for launching pylint with Python 3.9.
  Code that supports Python 3.9 can still be linted with the --py-version=3.9 setting.

  Refs #​10405

Internal Changes

• Modified test framework to allow for different test output for different Python versions.

  Refs #​10382

v3.3.9

Compare Source

What's new in Pylint 3.3.9?

Release date: 2025-10-05

False Positives Fixed

• Fix used-before-assignment for PEP 695 type aliases and parameters.

  Closes #​9815

• No longer flag undeprecated functions in importlib.resources as deprecated.

  Closes #​10593

• Fix false positive inconsistent-return-statements when using quit() or exit() functions.

  Closes #​10508

• Fix false positive undefined-variable (E0602) for for-loop variable shadowing patterns like for item in item: when the variable was previously defined.

  Closes #​10562

Other Bug Fixes

• Fixed crash in 'unnecessary-list-index-lookup' when starting an enumeration using
  minus the length of an iterable inside a dict comprehension when the len call was only
  made in this dict comprehension, and not elsewhere. Also changed the approach,
  to use inference in all cases but the simple ones, so we don't have to fix crashes
  one by one for arbitrarily complex expressions in enumerate.

  Closes #​10510

pytest-dev/pytest (pytest)

v9.0.1

Compare Source

pytest 9.0.1 (2025-11-12)

Bug fixes

• #​13895: Restore support for skipping tests via raise unittest.SkipTest.
• #​13896: The terminal progress plugin added in pytest 9.0 is now automatically disabled when iTerm2 is detected, it generated desktop notifications instead of the desired functionality.
• #​13904: Fixed the TOML type of the verbosity settings in the API reference from number to string.
• #​13910: Fixed UserWarning: Do not expect file_or_dir on some earlier Python 3.12 and 3.13 point versions.

Packaging updates and notes for downstreams

• #​13933: The tox configuration has been adjusted to make sure the desired
  version string can be passed into its package_env through
  the SETUPTOOLS_SCM_PRETEND_VERSION_FOR_PYTEST environment
  variable as a part of the release process -- by webknjaz.

Contributor-facing changes

• #​13891, #​13942: The CI/CD part of the release automation is now capable of
  creating GitHub Releases without having a Git checkout on
  disk -- by bluetech and webknjaz.
• #​13933: The tox configuration has been adjusted to make sure the desired
  version string can be passed into its package_env through
  the SETUPTOOLS_SCM_PRETEND_VERSION_FOR_PYTEST environment
  variable as a part of the release process -- by webknjaz.

v9.0.0

Compare Source

pytest 9.0.0 (2025-11-05)

New features

• #​1367: Support for subtests has been added.

  subtests <subtests> are an alternative to parametrization, useful in situations where the parametrization values are not all known at collection time.

  Example:

  def contains_docstring(p: Path) -> bool:
      """Return True if the given Python file contains a top-level docstring."""
      ...
  
  def test_py_files_contain_docstring(subtests: pytest.Subtests) -> None:
      for path in Path.cwd().glob("*.py"):
          with subtests.test(path=str(path)):
              assert contains_docstring(path)

  Each assert failure or error is caught by the context manager and reported individually, giving a clear picture of all files that are missing a docstring.

  In addition, unittest.TestCase.subTest is now also supported.

  This feature was originally implemented as a separate plugin in pytest-subtests, but since then has been merged into the core.

  [!NOTE]
  This feature is experimental and will likely evolve in future releases. By that we mean that we might change how subtests are reported on failure, but the functionality and how to use it are stable.

• #​13743: Added support for native TOML configuration files.

  While pytest, since version 6, supports configuration in pyproject.toml files under [tool.pytest.ini_options],
  it does so in an "INI compatibility mode", where all configuration values are treated as strings or list of strings.
  Now, pytest supports the native TOML data model.

  In pyproject.toml, the native TOML configuration is under the [tool.pytest] table.

  # pyproject.toml
  [tool.pytest]
  minversion = "9.0"
  addopts = ["-ra", "-q"]
  testpaths = [
      "tests",
      "integration",
  ]

  The [tool.pytest.ini_options] table remains supported, but both tables cannot be used at the same time.

  If you prefer to use a separate configuration file, or don't use pyproject.toml, you can use pytest.toml or .pytest.toml:

  # pytest.toml or .pytest.toml
  [pytest]
  minversion = "9.0"
  addopts = ["-ra", "-q"]
  testpaths = [
      "tests",
      "integration",
  ]

  The documentation now (sometimes) shows configuration snippets in both TOML and INI formats, in a tabbed interface.

  See config file formats for full details.

• #​13823: Added a "strict mode" enabled by the strict configu

---

Configuration

📅 Schedule: Branch creation - "before 7am on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.