Update development dependencies

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@bitwarden/cli (source)	2025.10.0 -> 2025.11.0			devDependencies	minor
DavidAnson/markdownlint-cli2	v0.18.1 -> v0.20.0			repository	minor
ansible-community/ansible-lint	v25.9.2 -> v25.12.0			repository	minor
ansible-lint (changelog)	==25.9.2 -> ==25.12.0			pre-commit-python	minor
ansible-lint (changelog)	==25.9.2 -> ==25.12.0				minor
astral-sh/ruff-pre-commit	v0.14.0 -> v0.14.8			repository	patch
boto3-stubs	==1.40.48 -> ==1.42.4			pre-commit-python	minor
boto3-stubs	==1.40.48 -> ==1.42.4				minor
gitleaks/gitleaks	v8.28.0 -> v8.30.0			repository	minor
markdownlint-cli2	^0.18.0 -> ^0.20.0			devDependencies	minor
mitmproxy	==11.0.2 -> ==12.2.1			pre-commit-python	major
molecule (changelog)	==25.9.0 -> ==25.12.0				minor
mypy (changelog)	==1.18.2 -> ==1.19.0				minor
node (source)	>=22 <23 -> >=22 <25			engines	major
pre-commit	==4.3.0 -> ==4.5.0				minor
pre-commit/mirrors-mypy	v1.18.2 -> v1.19.0			repository	minor
prettier (source)	3.6.2 -> 3.7.4			pre-commit-node	minor
prettier (source)	3.6.2 -> 3.7.4			devDependencies	minor
pyspellchecker	==0.8.3 -> ==0.8.4			pre-commit-python	patch
pyspellchecker	==0.8.3 -> ==0.8.4				patch
pytest (changelog)	==8.4.2 -> ==9.0.2			pre-commit-python	major
pytest (changelog)	==8.4.2 -> ==9.0.2				major
requests (source, changelog)	==2.32.3 -> ==2.32.5			pre-commit-python	patch
ruff (source, changelog)	==0.14.0 -> ==0.14.8				patch
tofuutils/pre-commit-opentofu	v2.2.1 -> v2.2.2			repository	patch
tombi	==0.6.25 -> ==0.7.4				minor
tombi-toml/tombi-pre-commit	v0.6.25 -> v0.7.3			repository	minor
types-requests (changelog)	==2.32.0.20250328 -> ==2.32.4.20250913			pre-commit-python	patch

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

bitwarden/clients (@​bitwarden/cli)

v2025.11.0

Compare Source

DavidAnson/markdownlint-cli2 (DavidAnson/markdownlint-cli2)

v0.20.0

Compare Source

v0.19.1

Compare Source

v0.19.0

Compare Source

ansible-community/ansible-lint (ansible-community/ansible-lint)

v25.12.0

Compare Source

Maintenance

• chore: Remove cffi, importlib-metadata, reduce core lower bound (#​4860) @​cidrblock

v25.11.1

Compare Source

Features

• feat: detect missing prefix in role's handlers vars (#​4826) @​cavcrosby

Fixes

• Migrate RTD URLs to docs.ansible.com (#​4842) @​gundalow
• fix: Pass module spec via stdin instead of command line args (#​4844) @​apollo13
• fix: Update mypy python version to 3.12 (#​4846) @​alisonlhart

Maintenance

• chore(deps): update all dependencies (#​4833) @​renovate[bot]
• chore(deps): bump js-yaml from 4.1.0 to 4.1.1 in /test/schemas (#​4849) @​dependabot[bot]
• chore(deps-dev): bump glob from 10.4.5 to 10.5.0 in /test/schemas (#​4847) @​dependabot[bot]
• Add support for Fedora 43 (#​4836) @​jsf9k

v25.11.0

Compare Source

Fixes

• fix: require ansible-core>=2.17.10 (#​4835) @​ssbarnea
• fix: ignore internal types false positives with jinja[invalid] (#​4823) @​anusshukla
• fix: make repository key optional in galaxy.yml (#​4798) @​rivv0
• fix: github action ref doesn't checkout that ref (#​4774) @​rohun-apex
• fix: add set-environment and unset-environment in executable_options for systemctl (#​4785) @​ziegenberg
• Fix typos (#​4814) @​jsf9k

Maintenance

• chore: pre-commit autoupdate (#​4834) @​pre-commit-ci[bot]
• chore: Test cspell configuration (#​4828) @​alisonlhart
• chore(deps): update all dependencies (#​4817) @​renovate[bot]
• Add finalize workflow for secure sonarcloud checks (#​4820) @​alisonlhart
• Update sonar-project.properties (#​4815) @​alisonlhart

ansible/ansible-lint (ansible-lint)

v25.12.0

Compare Source

Maintenance

• chore: Remove cffi, importlib-metadata, reduce core lower bound (#​4860) @​cidrblock

v25.11.1

Compare Source

Features

• feat: detect missing prefix in role's handlers vars (#​4826) @​cavcrosby

Fixes

• Migrate RTD URLs to docs.ansible.com (#​4842) @​gundalow
• fix: Pass module spec via stdin instead of command line args (#​4844) @​apollo13
• fix: Update mypy python version to 3.12 (#​4846) @​alisonlhart

Maintenance

• chore(deps): update all dependencies (#​4833) @​renovate[bot]
• chore(deps): bump js-yaml from 4.1.0 to 4.1.1 in /test/schemas (#​4849) @​dependabot[bot]
• chore(deps-dev): bump glob from 10.4.5 to 10.5.0 in /test/schemas (#​4847) @​dependabot[bot]
• Add support for Fedora 43 (#​4836) @​jsf9k

v25.11.0

Compare Source

Fixes

• fix: require ansible-core>=2.17.10 (#​4835) @​ssbarnea
• fix: ignore internal types false positives with jinja[invalid] (#​4823) @​anusshukla
• fix: make repository key optional in galaxy.yml (#​4798) @​rivv0
• fix: github action ref doesn't checkout that ref (#​4774) @​rohun-apex
• fix: add set-environment and unset-environment in executable_options for systemctl (#​4785) @​ziegenberg
• Fix typos (#​4814) @​jsf9k

Maintenance

• chore: pre-commit autoupdate (#​4834) @​pre-commit-ci[bot]
• chore: Test cspell configuration (#​4828) @​alisonlhart
• chore(deps): update all dependencies (#​4817) @​renovate[bot]
• Add finalize workflow for secure sonarcloud checks (#​4820) @​alisonlhart
• Update sonar-project.properties (#​4815) @​alisonlhart

astral-sh/ruff-pre-commit (astral-sh/ruff-pre-commit)

v0.14.8

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.14.8

v0.14.7

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.14.7

v0.14.6

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.14.6

v0.14.5

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.14.5

v0.14.4

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.14.4

v0.14.3

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.14.3

v0.14.2

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.14.2

v0.14.1

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.14.1

gitleaks/gitleaks (gitleaks/gitleaks)

v8.30.0

Compare Source

Changelog

• 6eaad03 0 to 5 - notes on recursive decoding (#​1994)
• 09242ce Add new Looker client ID and client secret rules (#​1947)
• c98e5e0 feat: add Airtable Personnal Access Token detection (#​1952)
• 4ed0ca4 build: upgrade Go & alpine version (#​1989)

v8.29.1

Compare Source

Changelog

• fb5d707 thats a paddlin
• 50493db feat: document stdout report path (#​1990)

v8.29.0

Compare Source

Changelog

• ed65b65 Add trace log for skipped archive file when not enabled (#​1961)
• c5ccbb9 Respect contexts with timeouts (#​1948)
• 3821f30 Config min version (#​1955)
• d223718 fix(config): validate rules when [extend] is used (#​1592)
• 87d9629 feat: add Amazon Bedrock API key detection (#​1935)
• 228396b Add GitHub Sponsors section and Discord link
• a82bc53 feat: improve regex to detect Sonar tokens with prefixes (#​1931)

mitmproxy/mitmproxy (mitmproxy)

v12.2.1

Compare Source

• Make TCP inactivity timeout configurable through a new tcp_timeout option (default: 600 seconds).
  Previously, the timeout was hardcoded to 10 minutes for all TCP connections.
  (#​7909, @​keshavkrishnadav)
• Flush flow file after each flow to allow further processing.
  (#​7967, @​caiquejjx)
• infer_content_encoding: Fallback to UTF-8 for more content types
  (#​7961, @​xu-cheng)
• Remove bless from hex editors to avoid issues with macOS
  (#​7937, @​caiquejjx)
• Improves is_mostly_bin check to support chinese characters
  (#​7933, @​caiquejjx, @​mhils)
• Fix various issues in infer_content_encoding
  (#​7928, @​xu-cheng)
• Add example addon to spoof DNS responses.
  (#​7973, @​mhils)
• Gracefully handle decoding of raw binary payloads that previously caused
  "Raw cannot decode" or "failed to parse as JSON" errors
  (#​7940, @​AdityaPatadiya)
• Show query parameters for empty-body requests in the mitmproxy console.
  (#​7923, @​lups2000)
• mitmweb is now built with Vite, improving the development workflow.
  (#​7971, @​sleeyax, @​mhils)
• Fix URL of mitmweb when --web-host is an IPv6 address.
  (#​7963, @​Julien00859)
• Fix event loop leak when running tests
  (#​7982, @​DNEGEL3125)

v12.2.0

Compare Source

• mitmproxy now supports Python 3.14. Binary releases ship with 3.14 by default.
  (#​7918, @​mhils)
• Replace htpasswd file parser with a custom implementation to migrate off unmaintained
  passlib dependency. The new parser only supports bcrypt and SHA-1 hashing.
  Contributions for additional formats are welcome as long as they don't introduce new
  dependencies.
  (#​7906, @​mhils)

v12.1.2

Compare Source

• Docker images are now build with Debian Trixie.
  (#​7851, @​mhils)
• Fix mitmweb auth cookie always using the default web_port option.
  (#​7827, @​sujaldev)
• fix: missing content-length header in curl export
  (#​7810, @​mheguy)
• fix: update log message with correct header name
  (#​7802, @​kristof-mattei)
• Update deprecated windows-2019 runner to windows-2025.
  (#​7801, @​chedieck)
• Do not escape non-ascii characters in the JSON contentview.
  (#​7740, @​mhils)
• Fix crash in mitmweb when no explicit Server-Connection is logged.
  (#​7734, @​lups2000)
• Add syntax highlighting for CSS and JavaScript contentviews.
  (#​7749, @​mhils)
• Display local timezone in the Timing tab of mitmweb.
  (#​7804, @​lups2000)
• Prevent showing the quit message in the console when no flows are available under specific configurations.
  (#​7833, @​lups2000)

Security Fixes

• GHSA-847f-9342-265h:
  Upgrade hyper-h2 to fix a request smuggling vulnerability that affects mitmproxy's
  HTTP/2 -> HTTP/1 translation. (@​mhils)

v12.1.1

Compare Source

• Fix a race condition when updating the flow list in mitmweb.
  (#​7729, @​mhils)

v12.1.0

Compare Source

• mitmweb now supports filtering by body contents (~b, ~bq, ~bs).
  (#​7704, @​lups2000, @​mhils)
• Fix raw response export incorrectly zeroing non-zero Content-Length header for HEAD requests.
  (#​7701, @​sujaldev)
• Fix concurrent mitmweb instances overwrite each other's auth cookie.
  (#​7690, @​turboOrange)

v12.0.1

Compare Source

• Fix a crash when editing raw messages bodies in mitmproxy.
  (#​7697, @​mhils)
• Added an option to pass the web token as Authentication: Bearer ... header
  (#​7681, @​gschaer)
• In DNS proxy mode, user-provided addons now trigger before DNS resolution has taken place.
  (#​7685, @​Florigolo)

v12.0.0

Compare Source

New Contentview System (#​7623, @​mhils)

• Contentviews can now be interactive and re-encode prettified data.
  For example, the new Protobuf view pretty-prints to YAML, which the user
  can edit and then re-serialize into binary representation.
• Replace the existing gRPC and Protobuf contentviews with an interactive contentview that
  supports both existing proto definitions and completely unknown protos.
• The MsgPack contentview is now interactive, too.
• The contentview API has been drastically simplified.
  Contentviews now return a plain str with the prettified data.
  Syntax highlighting is now signaled off-band (and based on tree-sitter).
• Docs: Add new documentation page and API reference for contentviews.
• Contentviews can now be written in Rust for better performance and access to
  the crates ecosystem.

Other Changes

• Add a new feature to store streamed bodies for requests and responses.
  (#​7637, @​mkiami)
• Add support for TLS 1.3 Post Handshake Authentication.
  (#​7576, @​mhils, @​cataggar)
• Add search functionality to the documentation.
  (#​7603, @​mhils)
• Introduce a new theme for docs.mitmproxy.org.
  (#​7593, @​mhils)
• Add CRL entries to dummy cert when the upstream certificate has some.
  (#​7609, @​Yepoleb, @​JordanPlayz158)
• Fix a bug where mitmproxy would incorrectly send empty HTTP/2 data frames.
  (#​7574, @​mhils, @​Dieken)
• Enhance homebrew installation command for Brewfile users.
  (#​7566, @​AntoineJT)
• Fix a bug where mitmdump would exit prematurely in server replay mode.
  (#​7571, @​mhils)
• Fix a bug where WebSocket Messages view jumps to top when a message is received
  (#​7572, @​DenizenB)
• Create content view for Socket.IO over WebSocket transport
  (#​7570, @​DenizenB)
• Correctly forward HTTP_1_1_REQUIRED errors in HTTP/2 streams.
  (#​7575, @​mhils)
• Fix a bug where HAR export would crash for malformed flows.
  (#​7666, @​mhils)
• Fix a bug where mitmweb would crash when viewing flows with undefined headers.
  (#​7595, @​emanuele-em)
• Fix a bug where mitmproxy does not listen on IPv4 and IPv6 by default in wireguard mode.
  (#​7589, @​errorxyz)
• Adjust popover placement for browsers that support anchor positioning (Chrome, Edge)
  (#​7642, @​lups2000)
• Fix mitmweb crash when searching or highlighting using ~h, ~hq, or ~hs.
  (#​7652, @​lups2000)
• mitmproxy.dns.Message has been renamed to mitmproxy.dns.DNSMessage
  (#​7670, @​mhils)
• Added support for selecting multiple flows in mitmweb using Ctrl+Click and Shift+Click. Multi-selection is now supported for deleting, duplicating, marking, reverting, replaying ,resuming, and aborting flows.
  (#​7319, @​lups2000, @​mhils)

v11.1.3

Compare Source

• Update mitmproxy_rs dependency to fix several bugs in local capture mode.
  (#​7564, @​mhils)
• Add documentation for local capture mode.
  (#​7540, @​mhils)
• Revise documentation on proxy modes.
  (#​7545, @​mhils)
• Add a log message to point Docker mitmweb users towards web_password.
  (#​7554, @​mhils)
• Fix a bug where UTF-8 surrogates would crash the export addon.
  (#​7562, @​mhils)
• Add help entries for all options in mitmweb that didn't have them.
  (#​7563, @​mhils)

v11.1.2

Compare Source

• CVE-2025-23217:
  mitmweb's API now requires an authentication token by default.
  The mitmweb API is bound to localhost only, but @​gronke found that an attacker can circumvent that restriction
  by tunneling requests through the proxy server itself in an SSRF-style attack.
  (fa89055, @​mhils)
• Add (optional) password protection for mitmweb. The web_password option replaces the randomly-generated token
  authentication with a fixed secret that survives mitmproxy restarts.
  (0bd573a, @​mhils)
• mitmweb can now be hosted under arbitrary domains, the previously-used DNS rebind protection is not required anymore.
  (62693af, @​mhils)
• Security Hardening: mitmweb's xsrf_token cookie is now HttpOnly; SameSite=Strict.
  (#​7491, @​mhils)
• We now provide standalone binaries for Linux arm64.
  (#​7484, @​mhils)
• Standalone binaries are now compiled with Python 3.13.
  (#​7485, @​mhils)
• Fix console freezing due to DNS queries with an empty question section.
  (#​7497, @​sujaldev)
• Add mitmweb tutorial to docs.
  (#​7509, @​EstherRoeth)
• Fixed a bug that caused mitmproxy to crash when loading prior knowledge h2 flows.
  (#​7514, @​sujaldev)
• Fix a bug where mitmproxy would get stuck in secure web proxy mode when using ignore_hosts or allow_hosts.
  (#​7519, @​mhils)
• Copy request/response data to the clipboard in mitmweb
  (#​7352, @​lups2000)
• Fix a bug where exporting a curl or httpie command with escaped characters would lead to different data being sent.
  (#​7520, @​proteusvacuum)

v11.1.0

Compare Source

• Local Capture Mode is now available on Linux as well.
  (#​7440, @​mhils)
• mitmproxy now requires Python 3.12 or above.
  (#​7440, @​mhils)
• Add cache-busting for mitmweb's front end code.
  (#​7386, @​mhils)
• Clicking the URL in mitmweb now places the cursor at the current position instead of selecting the entire URL.
  (#​7385, @​lups2000)
• Add missing status codes
  (#​7455, @​jwadolowski)
• All filter expressions are now case-insensitive by default.
  Users can opt into case-sensitive filters by setting MITMPROXY_CASE_SENSITIVE_FILTERS=1
  as an environment variable.
  (#​7458, @​mhils, @​AdityaPatadiya)
• Remove filter expression lowercasing in block_list addon
  (#​7456, @​jwadolowski)
• Remove check for status codes in the blocklist add-on.
  (#​7453, @​lups2000, @​AdityaPatadiya)
• Prompt user before clearing screen
  (#​7445, @​errorxyz)

ansible-community/molecule (molecule)

v25.12.0

Compare Source

Maintenance

• chore: Add check for platform versions (#​4584) @​cidrblock
• chore(deps): update all dependencies (#​4580) @​renovate[bot]
• chore(deps): update all dependencies (#​4579) @​renovate[bot]

v25.11.1

Compare Source

Fixes

• docs: migrate RTD URLs to docs.ansible.com (#​4575) @​gundalow

Maintenance

• chore: Temporarily ignore tombi schema strict checking in pyproject.toml (#​4577) @​alisonlhart

v25.11.0

Compare Source

Fixes

• Fix molecule list with ansible-native configs. (#​4570) @​Qalthos
• fix: adopt uv.lock and newer packaging (#​4554) @​ssbarnea
• Remove default ansible.cfg configuration option ansible_managed as it's deprecated (#​4553) @​ziegenberg

Maintenance

• chore(deps): update all dependencies (#​4573) @​renovate[bot]
• chore(deps): update all dependencies (#​4572) @​renovate[bot]
• chore(deps): update all dependencies (#​4571) @​renovate[bot]
• chore(deps): update all dependencies (#​4565) @​renovate[bot]
• Add finalize workflow for secure sonarcloud checks (#​4567) @​alisonlhart
• chore: update hooks (#​4566) @​ssbarnea
• Update sonar-project.properties configuration (#​4564) @​alisonlhart
• [pre-commit.ci] pre-commit autoupdate (#​4561) @​pre-commit-ci[bot]
• chore: rename sonar config file (#​4563) @​ssbarnea
• chore(deps): update all dependencies (#​4560) @​renovate[bot]
• chore(deps): update all dependencies (#​4559) @​renovate[bot]
• chore(deps): update all dependencies (#​4555) @​renovate[bot]
• chore: minor cleanups (#​4557) @​ssbarnea

python/mypy (mypy)

v1.19.0

Compare Source

nodejs/node (node)

v24.11.1

Compare Source

v24.11.0

Compare Source

v24.10.0: 2025-10-08, Version 24.10.0 (Current), @​RafaelGSS

Compare Source

Notable Changes

• [31bb476895] - (SEMVER-MINOR) console: allow per-stream inspectOptions option (Anna Henningsen) #​60082
• [3b92be2fb8] - (SEMVER-MINOR) lib: remove util.getCallSite (Rafael Gonzaga) #​59980
• [18c79d9e1c] - (SEMVER-MINOR) sqlite: create authorization api (Guilherme Araújo) #​59928

Commits

• [e8cff3d51e] - benchmark: remove unused variable from util/priority-queue (Bruno Rodrigues) #​59872
• [03294252ab] - benchmark: update count to n in permission startup (Bruno Rodrigues) #​59872
• [3c8a609d9b] - benchmark: update num to n in dgram offset-length (Bruno Rodrigues) #​59872
• [7b2032b13e] - benchmark: adjust dgram offset-length len values (Bruno Rodrigues) #​59708
• [552d887aee] - benchmark: update num to n in dgram offset-length (Bruno Rodrigues) #​59708
• [31bb476895] - (SEMVER-MINOR) console: allow per-stream inspectOptions option (Anna Henningsen) #​60082
• [0bf022d4c0] - console,util: improve array inspection performance (Ruben Bridgewater) #​60037
• [04d568e591] - deps: V8: cherry-pick f93055f (Olivier Flückiger) #​60105
• [621058b3bf] - deps: update archs files for openssl-3.5.4 (Node.js GitHub Bot) #​60101
• [81b3009fe6] - deps: upgrade openssl sources to openssl-3.5.4 (Node.js GitHub Bot) #​60101
• [dc44c9f349] - deps: upgrade npm to 11.6.1 (npm team) #​60012
• [ec0f137198] - deps: update ada to 3.3.0 (Node.js GitHub Bot) #​60045
• [f490f91874] - deps: update amaro to 1.1.4 (pmarchini) #​60044
• [de7a7cd0d7] - deps: update ada to 3.2.9 (Node.js GitHub Bot) #​59987
• [a533e5b5db] - doc: add automated migration info to deprecations (Augustin Mauroy) #​60022
• [7fb8fe4875] - doc: fix typo on child_process.md (Angelo Gazzola) #​60114
• [24c1ef9846] - doc: remove optional title prefixes (Aviv Keller) [#​6008

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.