build(deps): bump the pipenv group across 1 directory with 16 updates

[dependabot]

Bumps the pipenv group with 16 updates in the / directory:

Package	From	To
fastapi	0.116.1	0.123.0
uvicorn	0.35.0	0.38.0
dynaconf	3.2.11	3.2.12
celery	5.5.3	5.6.0
redis	6.4.0	7.1.0
black	25.1.0	25.11.0
isort	6.0.1	7.0.0
tox	4.28.4	4.32.0
coverage	7.10.4	7.12.0
pytest	8.4.1	9.0.1
pytest-cov	6.2.1	7.0.0
cryptography	45.0.6	46.0.3
sphinxcontrib-plantuml	0.30	0.31
mistune	3.1.3	3.1.4
pre-commit	4.3.0	4.5.0
bandit	1.8.6	1.9.2

Updates fastapi from 0.116.1 to 0.123.0

Release notes

Sourced from fastapi's releases.

0.123.0

Fixes

• 🐛 Cache dependencies that don't use scopes and don't have sub-dependencies with scopes. PR #14419 by @​tiangolo.

0.122.1

Fixes

• 🐛 Fix hierarchical security scope propagation. PR #5624 by @​kristjanvalur.

Docs

• 💅 Update CSS to explicitly use emoji font. PR #14415 by @​tiangolo.

Internal

• ⬆ Bump markdown-include-variants from 0.0.5 to 0.0.6. PR #14418 by @​YuriiMotov.

0.122.0

Fixes

• 🐛 Use 401 status code in security classes when credentials are missing. PR #13786 by @​YuriiMotov.
  • If your code depended on these classes raising the old (less correct) 403 status code, check the new docs about how to override the classes, to use the same old behavior: Use Old 403 Authentication Error Status Codes.

Internal

• 🔧 Configure labeler to exclude files that start from underscore for lang-all label. PR #14213 by @​YuriiMotov.
• 👷 Add pre-commit config with local script for permalinks. PR #14398 by @​tiangolo.
• 💄 Use font Fira Code to fix display of Rich panels in docs in Windows. PR #14387 by @​tiangolo.
• 👷 Add custom pre-commit CI. PR #14397 by @​tiangolo.
• ⬆ Bump actions/checkout from 5 to 6. PR #14381 by @​dependabot[bot].
• 👷 Upgrade latest-changes GitHub Action and pin actions/checkout@v5. PR #14403 by @​svlandeg.
• 🛠️ Add add-permalinks and add-permalinks-page to scripts/docs.py. PR #14033 by @​YuriiMotov.
• 🔧 Upgrade Material for MkDocs and remove insiders. PR #14375 by @​tiangolo.

0.121.3

Refactors

• ♻️ Make the result of Depends() and Security() hashable, as a workaround for other tools interacting with these internal parts. PR #14372 by @​tiangolo.

Upgrades

• ⬆️ Bump Starlette to <0.51.0. PR #14282 by @​musicinmybrain.

Docs

• 📝 Add missing hash part. PR #14369 by @​nilslindemann.
• 📝 Fix typos in code comments. PR #14364 by @​Edge-Seven.
• 📝 Add docs for using FastAPI Cloud. PR #14359 by @​tiangolo.

... (truncated)

Commits

• f2bab95 🔖 Release version 0.123.0
• c38e3e0 📝 Update release notes
• 7fbd304 🐛 Cache dependencies that don't use scopes and don't have sub-dependencies wi...
• 63d7a2b 🔖 Release version 0.122.1
• 7681f29 📝 Update release notes
• 378ad68 🐛 Fix hierarchical security scope propagation (#5624)
• c6487ed 📝 Update release notes
• 62a6974 ⬆ Bump markdown-include-variants from 0.0.5 to 0.0.6 (#14418)
• 9982882 📝 Update release notes
• 8ab7167 💅 Update CSS to explicitly use emoji font (#14415)
• Additional commits viewable in compare view

Updates uvicorn from 0.35.0 to 0.38.0

Release notes

Sourced from uvicorn's releases.

Version 0.38.0

What's Changed

• Support Python 3.14 by @​Kludex in Kludex/uvicorn#2723

---

New Contributors

• @​NGANAMODEIJunior made their first contribution in Kludex/uvicorn#2713

Full Changelog: Kludex/uvicorn@0.37.0...0.38.0

Version 0.37.0

What's Changed

• Add --timeout-worker-healthcheck setting by @​Kludex in Kludex/uvicorn#2711
• Add os.PathLike[str] type to ssl_ca_certs by @​rnv812 in Kludex/uvicorn#2676

New Contributors

• @​LincolnPuzey made their first contribution in Kludex/uvicorn#2669
• @​rnv812 made their first contribution in Kludex/uvicorn#2676

Full Changelog: Kludex/uvicorn@0.36.1...0.37.0

Version 0.36.1

What's Changed

• Raise an exception when calling removed Config.setup_event_loop() by @​Kludex in Kludex/uvicorn#2709

Full Changelog: Kludex/uvicorn@0.36.0...0.36.1

Version 0.36.0

Added

• Support custom IOLOOPs by @​gnir-work in Kludex/uvicorn#2435
• Allow to provide importable string in --http, --ws and --loop by @​Kludex in Kludex/uvicorn#2658

---

New Contributors

• @​gnir-work made their first contribution in Kludex/uvicorn#2435
• @​musicinmybrain made their first contribution in Kludex/uvicorn#2659
• @​secrett2633 made their first contribution in Kludex/uvicorn#2684

Full Changelog: Kludex/uvicorn@0.35.0...0.36.0

Changelog

Sourced from uvicorn's changelog.

0.38.0 (October 18, 2025)

Added

• Support Python 3.14 (#2723)

0.37.0 (September 23, 2025)

Added

• Add --timeout-worker-healthcheck option (#2711)
• Add os.PathLike[str] type to ssl_ca_certs (#2676)

0.36.1 (September 23, 2025)

Fixed

• Raise an exception when calling removed Config.setup_event_loop() (#2709)

0.36.0 (September 20, 2025)

Added

• Support custom IOLOOPs (#2435)
• Allow to provide importable string in --http, --ws and --loop (#2658)

Commits

• 3850ad6 Version 0.38.0 (#2733)
• 9b3f17a Support Python 3.14 (#2723)
• ce79f95 Revert "Add Marcelo Trylesinski to the license (#2699)" (#2730)
• dbf8797 docs: add social icons (#2728)
• 58f28be Add section about event loop (#2725)
• 93d9510 Bump docs dependencies (#2724)
• 9b1c6c4 Move Marcelo Trylesinski to maintainers in pyproject.toml (#2719)
• 57a61d8 Add discord to README (#2718)
• 7ef5f9f chore(deps): bump astral-sh/setup-uv from 6.7.0 to 6.8.0 (#2717)
• 6d26d88 Update pyproject.toml for PEP639 compliance (#2713)
• Additional commits viewable in compare view

Updates dynaconf from 3.2.11 to 3.2.12

Release notes

Sourced from dynaconf's releases.

3.2.12

What's Changed

• Incremental improvment to access performance by @​pedro-psb in dynaconf/dynaconf#1304
• fix: get method to return Any type. by @​rochacbruno in dynaconf/dynaconf#1314
• perf: add lru caching to find_the_correct_casing function by @​pedro-psb in dynaconf/dynaconf#1326

Full Changelog: dynaconf/dynaconf@3.2.11...3.2.12

Changelog

Sourced from dynaconf's changelog.

3.2.12 - 2025-10-10

Bug Fixes

• get method to return Any type.. By Bruno Rocha.
• remove unnecessary recursive evaluation call on Settings.get. By Pedro Brochado.
• improve performance of settings access in a loop (part 1). By Pedro Brochado.

Commits

• 7606f35 Release version 3.2.12
• da44e51 perf: add lru caching to find_the_correct_casing function (#1326)
• b75eda0 fix: get method to return Any type.
• 4f3df1a misc: add some profile/perf scripts
• 420aceb refactor: merge safe{get,copy} into .get and .copy
• 18c0c84 fix: remove unnecessary recursive evaluation call on Settings.get
• 0fde96f refactor: rewrite decorator as explicit call
• 52efd9e Bump to version 3.2.12-dev0
• See full diff in compare view

Updates celery from 5.5.3 to 5.6.0

Release notes

Sourced from celery's releases.

v5.6.0

Celery v5.6.0 is now available.

Key Highlights

See What's new in Celery 5.6 for a complete overview or read the main highlights below.

Python 3.9 Minimum Version

Celery 5.6.0 drops support for Python 3.8 (EOL). The minimum required Python version is now 3.9. Users still on Python 3.8 must upgrade their Python version before upgrading to Celery 5.6.0.

Additionally, this release includes initial support for Python 3.14.

SQS: Reverted to pycurl from urllib3

The switch from pycurl to urllib3 for the SQS transport (introduced in Celery 5.5.0 via Kombu) has been reverted due to critical issues affecting SQS users.

Contributed by @​auvipy in celery/celery#9620.

Security Fix: Broker Credential Leak Prevention

Fixed a security issue where broker URLs containing passwords were being logged in plaintext by the delayed delivery mechanism. Broker credentials are now properly sanitized in all log output.

Contributed by @​giancarloromeo in celery/celery#9997.

Memory Leak Fixes

Two significant memory leaks have been fixed in this release:

Exception Handling Memory Leak: Fixed a critical memory leak in task exception handling that was particularly severe on Python 3.11+ due to enhanced traceback data. The fix properly breaks reference cycles in tracebacks to allow garbage collection.

Contributed by @​jaiganeshs21 in celery/celery#9799.

Pending Result Memory Leak: Fixed a memory leak where AsyncResult subscriptions were not being cleaned up when results were forgotten.

Contributed by @​tsoos99dev in celery/celery#9806.

ETA Task Memory Limit

New configuration option worker_eta_task_limit to prevent out-of-memory crashes when workers fetch large numbers of ETA or countdown tasks. Previously, workers could exhaust available memory when the broker contained many scheduled tasks.

Example usage:

app.conf.worker_eta_task_limit = 1000

Contributed by @​sashu2310 in celery/celery#9853.

Queue Type Selection for Auto-created Queues

... (truncated)

Changelog

Sourced from celery's changelog.

5.6.0

:release-date: 2025-11-30 :release-by: Tomer Nosrati

Celery v5.6.0 is now available.

Key Highlights

See :ref:`whatsnew-5.6` for a complete overview or read the main highlights below.
Python 3.9 Minimum Version
Celery 5.6.0 drops support for Python 3.8 (EOL). The minimum required Python
version is now 3.9. Users still on Python 3.8 must upgrade their Python version
before upgrading to Celery 5.6.0.
Additionally, this release includes initial support for Python 3.14.
SQS: Reverted to pycurl from urllib3
The switch from pycurl to urllib3 for the SQS transport (introduced in
Celery 5.5.0 via Kombu) has been reverted due to critical issues affecting SQS
users:

Processing throughput dropped from ~100 tasks/sec to ~3/sec in some environments
UnknownOperationException errors causing container crash loops
Silent message processing failures with no error logs

Users of the SQS transport must ensure pycurl is installed. If you removed
pycurl after upgrading to Celery 5.5.0, you will need to reinstall it.
Contributed by @auvipy <https://github.com/auvipy>_ in
[#9620](https://github.com/celery/celery/issues/9620) <https://github.com/celery/celery/pull/9620>_.
Security Fix: Broker Credential Leak Prevention
Fixed a security issue where broker URLs containing passwords were being logged
in plaintext by the delayed delivery mechanism. Broker credentials are now
properly sanitized in all log output.
Contributed by @giancarloromeo <https://github.com/giancarloromeo>_ in
[#9997](https://github.com/celery/celery/issues/9997) <https://github.com/celery/celery/pull/9997>_.
Memory Leak Fixes
</tr></table>

... (truncated)

Commits

• cca1116 Prepare for release: v5.6.0 (#10010)
• 1133f22 Bump mypy from 1.14.1 to 1.19.0 (#10008)
• 0932d2c [pre-commit.ci] pre-commit autoupdate (#10007)
• b446910 Prepare for (pre) release: v5.6.0rc2 (#10005)
• 3f0f0fe asynpool: Don't return from inside a finally block (#10000)
• 95d0552 Bump actions/checkout from 5 to 6 (#10003)
• f32b92f Add Py39-314t to CI (#9999)
• 63c1910 Don't fail task on timeout during cold shutdown (#9678)
• 30649db Fix log leaking broker credentials (#9997)
• 929412e Remove Python 4.0 version condition for pytest dependencies (#9993)
• Additional commits viewable in compare view

Updates redis from 6.4.0 to 7.1.0

Release notes

Sourced from redis's releases.

7.1.0

Changes

🚀 New Features

• Adding MSETEX command support. (#3823)
• Adding CLAIM option to XREADGROUP command + unit tests (#3825)
• Apply routing and response aggregation policies in OSS Cluster mode (#3834)

🧪 Experimental Features

• Adding support for CAS/CAD commands. (#3837)
• Adding support for HYBRID search. (#3813 #3843)

🔥 Breaking changes (in experimental features)

• Replace default health check and failure detector with custom (#3822)

🐛 Bug Fixes

• Add **options to parse functions for sentinel (#3831)
• Generating unique command cache key (#3765)

🧰 Maintenance

• Adding Redis 8.4 RC1 image to test matrix. (#3820)
• Remove Python 3.9 support. Add Python 3.14 support. (#3814)
• Sync readme with 7.0.1 and update lib version to latest stable released version - 7.0.1 (#3821)
• Bump rojopolis/spellcheck-github-actions from 0.52.0 to 0.53.0 (#3827)
• Bump actions/upload-artifact from 4 to 5 (#3828)
• Bump github/codeql-action from 3 to 4 (#3829)
• Fixing flaky tests (#3833 #3838)
• Update 8.4 RC image tag to 8.4-RC1-pre.2 for pipeline test matrix (#3832)
• Add missing f-string when returning an error. (#3841)
• Adding latest 8.4 image to test matrix. Updating the Hybrid VSIM query format to be in sync with spec after srv issue was fixed. (#3843)
• Expand cluster READ_COMMANDS with additional read-only commands and reorganize the list of commands by category (#3845)
• Update Type Hints for List Command Parameters from str to KeyT (#3848)
• Changing log level to be debug for failed maintenance notification enablement when enabled='auto' (#3851)
• Added custom event handler section (#3853)
• Changing current version to 8.4 as it is already GA (#3854)

We'd like to thank all the contributors who worked on this release! @​ShubhamKaudewar @​matthewwiese @​peperon @​vladvildanov @​petyaslavova

7.0.1

Changes

This release adds small fixes related to documentation.

🧰 Maintenance

• Add 'multi_database' section to documentation index (313d93f)
• Revised multi-database client documentation(78df745)
• Adding info about Multi-database client in README.md (3f7a55e)

... (truncated)

Commits

• f7c1755 Changing current version to 8.4 as it is already GA (#3854)
• 2235cc7 Added custom event handler section (#3853)
• 8cc50a5 Changing log level to be debug for failed maintenance notification enablement...
• d1769a2 #3612 Generating unique command cache key (#3765)
• b49dce1 Update Type Hints for List Command Parameters from str to KeyT (#3848)
• 46ff042 Expand cluster READ_COMMANDS with additional read-only commands and reorganiz...
• dc47675 Updating lib version to 7.1.0 and added note in README that Python 3.9 suppor...
• f026c1e Adding latest 8.4 image to test matrix. Updating the Hybrid VSIM query format...
• a5ab18f Adding support for HYBRID search. (#3813)
• e6fb505 Adding support for CAS/CAD commands. (#3837)
• Additional commits viewable in compare view

Updates black from 25.1.0 to 25.11.0

Release notes

Sourced from black's releases.

25.11.0

Highlights

• Enable base 3.14 support (#4804)
• Add support for the new Python 3.14 t-string syntax introduced by PEP 750 (#4805)

Stable style

• Fix bug where comments between # fmt: off and # fmt: on were reformatted (#4811)
• Comments containing fmt directives now preserve their exact formatting instead of being normalized (#4811)

Preview style

• Move multiline_string_handling from --unstable to --preview (#4760)
• Fix bug where module docstrings would be treated as normal strings if preceded by comments (#4764)
• Fix bug where python 3.12 generics syntax split line happens weirdly (#4777)
• Standardize type comments to form # type: <value> (#4645)
• Fix fix_fmt_skip_in_one_liners preview feature to respect # fmt: skip for compound statements with semicolon-separated bodies (#4800)

Configuration

• Add no_cache option to control caching behavior. (#4803)

Packaging

• Releases now include arm64 Linux binaries (#4773)

Output

• Write unchanged content to stdout when excluding formatting from stdin using pipes (#4610)

Blackd

• Implemented BlackDClient. This simple python client allows to easily send formatting requests to blackd (#4774)

Integrations

• Enable 3.14 base CI (#4804)
• Enhance GitHub Action psf/black to support the required-version major-version-only "stability" format when using pyproject.toml (#4770)
• Improve error message for vim plugin users. It now handles independently vim version
• Vim: Warn on unsupported Vim and Python versions independently (#4772)
• Vim: Print the import paths when importing black fails (#4675)
• Vim: Fix handling of virtualenvs that have a different Python version (#4675)

... (truncated)

Changelog

Sourced from black's changelog.

25.11.0

Highlights

• Enable base 3.14 support (#4804)
• Add support for the new Python 3.14 t-string syntax introduced by PEP 750 (#4805)

Stable style

• Fix bug where comments between # fmt: off and # fmt: on were reformatted (#4811)
• Comments containing fmt directives now preserve their exact formatting instead of being normalized (#4811)

Preview style

• Move multiline_string_handling from --unstable to --preview (#4760)
• Fix bug where module docstrings would be treated as normal strings if preceded by comments (#4764)
• Fix bug where python 3.12 generics syntax split line happens weirdly (#4777)
• Standardize type comments to form # type: <value> (#4645)
• Fix fix_fmt_skip_in_one_liners preview feature to respect # fmt: skip for compound statements with semicolon-separated bodies (#4800)

Configuration

• Add no_cache option to control caching behavior. (#4803)

Packaging

• Releases now include arm64 Linux binaries (#4773)
• Releases now include arm64 Windows binaries and wheels (#4814)

Output

• Write unchanged content to stdout when excluding formatting from stdin using pipes (#4610)

Blackd

• Implemented BlackDClient. This simple python client allows to easily send formatting requests to blackd (#4774)

Integrations

• Enable 3.14 base CI (#4804)
• Enhance GitHub Action psf/black to support the required-version major-version-only "stability" format when using pyproject.toml (#4770)
• Add output-file input to GitHub Action psf/black to write formatter output to a file for artifact capture and log cleanliness (#4824)
• Improve error message for vim plugin users. It now handles independently vim version

... (truncated)

Commits

• 05f0a8c Prepare for 25.11.0 release (#4825)
• ae17c61 Fix tests on pytest 9 (#4835)
• 138745e Include Windows and Python 3.14 in PR wheel build matrix, fix Windows build (...
• 18170d6 ci: add label for running all builds on a pull request (#4833)
• 0e793e3 fix windows wheels (#4830)
• b71f36c Use build[uv] as cibuildwheel frontend (#4831)
• a7bd594 Skip free threaded builds in cibuildwheel (#4829)
• 862dee9 Update cibuildwheel (#4828)
• b5f354c build: restrict to pytest 9.0 due to breakage in custom pytest_configure (#4827)
• f705197 t-string support (#4805)
• Additional commits viewable in compare view

Updates isort from 6.0.1 to 7.0.0

Release notes

Sourced from isort's releases.

7.0.0

Changes

💥 Breaking Changes

• Drop support for Python 3.9 (#2430) @​DanielNoord

🚀 Features

• Show absolute paths in skipped file messages (#2416) @​pranlawate

🪲 Fixes

• Some fixes for Python 3.14 (#2433) @​DanielNoord
• Test on 3.14 and fix any bugs (#2425) @​DanielNoord
• Update CHANGELOG.md + Fix Formatting and Grammar (#2419) @​lukbrew25
• Fix output of hanging indent for long lines with noqa (#2407) @​matan1008

👷 Continuous Integration

• Format with ruff instead of black (#2432) @​DanielNoord
• Target 3.10 for ruff (#2431) @​DanielNoord
• Update development dependencies to latest version (#2426) @​DanielNoord
• docs: update pre-commit examples to version 6.1.0 (#2413) @​pranlawate
• Small cleanup for developer environment (#2418) @​DanielNoord

📦 Dependencies

• Bump actions/setup-python from 5 to 6 in the github-actions group (#2411) @dependabot[bot]

6.1.0

Changes

• Update docs discussions channel (#2410) @​staticdev
• Add python 3.14 classifier and badge (#2409) @​staticdev
• Drop use of non-standard pkg_resources API (#2405) @​dvarrazzo
• Use working isort version in pre-commit example (#2402) @​iainelder
• fix typo in _get_files_from_dir_cached test (#2392) @​tiltingpenguin
• Resolve bandit warnings (#2379) @​kurtmckee
• Add tox for cross-platform, parallel test suite execution (#2378) @​kurtmckee
• Add Project URLs to PyPI Side Panel (#2387) @​guillermodotn
• Fix typos (#2376) @​co63oc

👷 Continuous Integration

• Add make bash scripts portable (#2377) @​staticdev

📦 Dependencies

• Bump actions/checkout from 4 to 5 in the github-actions group (#2406) @dependabot[bot]

... (truncated)

Changelog

Sourced from isort's changelog.

Changelog

NOTE: isort follows the semver versioning standard. Find out more about isort's release policy here.

Unreleased

• Removed --old-finders and --magic-placement flags and old_finders configuration option. The legacy finder logic that relied on environment introspection has been removed (#2445) @​joao-faria-dev

6.1.0 October 1 2025

• Add python 3.14 classifier and badge (#2409) @​staticdev
• Drop use of non-standard pkg_resources API (#2405) @​dvarrazzo

Commits

• 0a09c78 Merge pull request #2433 from DanielNoord/python-314
• 0fee794 Add 3.14 to stdlibds
• 332a1ad Bump zstandard for 3.14 compat
• f756e56 Merge pull request #2432 from DanielNoord/ruff-it-up
• 52f5134 Format with ruff instead of black
• 012aa69 Merge pull request #2431 from DanielNoord/ruff-it-up
• 89773db Target 3.10 with ruff
• 933e382 Merge pull request #2430 from DanielNoord/drop-39
• 8b6e00c Remove support for Python 3.9
• b5f9f29 Bump profile plugin to 3.10+ and re-lock
• Additional commits viewable in compare view

Updates tox from 4.28.4 to 4.32.0

Release notes

Sourced from tox's releases.

4.32.0

What's Changed

• docs: Add Python 3.14 and 3.14t to config examples by @​cclauss in tox-dev/tox#3626
• Fix broken log message (in that branch it did not match the arguments). by @​ionelmc in tox-dev/tox#3634
• Allow braced range syntax in internal sections of tox.ini file by @​marcosboger in tox-dev/tox#3631
• fix: ensure log folder is created before writing the execution logs by @​ssbarnea in tox-dev/tox#3633
• TST: add weekly compatibility checks for CPython 3.15 by @​neutrinoceros in tox-dev/tox#3629

New Contributors

• @​ionelmc made their first contribution in tox-dev/tox#3634
• @​marcosboger made their first contribution in tox-dev/tox#3631
• @​neutrinoceros made their first contribution in tox-dev/tox#3629

Full Changelog: tox-dev/tox@4.31.0...4.32.0

4.31.0

What's Changed

• Address a type-conversion noted during doc builds by @​kurtmckee in tox-dev/tox#3623
• Add 3.14, drop 3.9 and support | union style by @​gaborbernat in tox-dev/tox#3624

Full Changelog: tox-dev/tox@4.30.3...4.31.0

4.30.3

What's Changed

• Isolate the test suite from any existing DEFAULT_CONFIG_FILE file by @​kurtmckee in tox-dev/tox#3612
• Fix none config file issue 3611 by @​kurtmckee in tox-dev/tox#3613
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in tox-dev/tox#3608
• Fix incorrect type annotations in PythonPathPackageWithDeps (fixes #3607) by @​PreistlyPython in tox-dev/tox#3616
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in tox-dev/tox#3615

New Contributors

• @​PreistlyPython made their first contribution in tox-dev/tox#3616

Full Changelog: tox-dev/tox@4.30.2...4.30.3

4.30.2

What's Changed

• Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 by @​dependabot[bot] in tox-dev/tox#3603
• Ensure automatically provisioned environment is torn down by @​vytas7 in tox-dev/tox#3601
• Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 in /.github/workflows by @​dependabot[bot] in tox-dev/tox#3604

... (truncated)

Changelog

Sourced from tox's changelog.

v4.32.0 (2025-10-24)

Bugfixes - 4.32.0

- Expand braced range syntax in all internal sections of ``tox.ini`` (e.g. ``deps``, ``testenv``). Syntax like py3{10-14} can be used in those sections now.
  - by :user:`marcosboger` (:issue:`3571`)
Improved Documentation - 4.32.0

• Add Python 3.14 and 3.14t to config examples
  • by :user:cclauss (:issue:3626)

Misc - 4.32.0

- :issue:`3629`
v4.31.0 (2025-10-09)
No significant changes.
v4.30.3 (2025-10-02)
Bugfixes - 4.30.3

• Fix incorrect type annotation in PythonPathPackageWithDeps.__init__() where deps was annotated as Sequence[Package] but should be Sequence[Requirement] to match actual runtime usage - by :user:PreistlyPython (:issue:3607)
• Fix None appearing as the config filename in error output when the user's default config file is corrupt. - by :user:kurtmckee (:issue:3611)

v4.30.2 (2025-09-04)

Bugfixes - 4.30.2

- Previously, when tox ran in an automatically provisioned environment, it could hang waiting for a PEP 517 build backend
  if used in conjunction with the ``--installpkg`` option. This has been fixed by properly tearing down the automatically
  provisioned environment after the tests.
  - by :user:`vytas7` (:issue:`3600`)
v4.30.1 (2025-09-03)
Bugfixes - 4.30.1

• Prevent tox from hanging upon exit due to orphaned build threads and subprocesses when the --installpkg option is

... (truncated)

Commits

• 511782e release 4.32.0
• d5035fa TST: add weekly compatibility checks for CPython 3.15 (#3629)
• 5220e07 fix: ensure log folder is created before writing the execution logs (#3633)
• f8a88c1 Allow braced range syntax in internal sections of tox.ini file (#3631)
• 6432872 Fix broken log message (in that branch it did not match the arguments). (#3634)
• b036f7d [pre-commit.ci] pre-commit autoupdate (#3630)
• 5d73948 [pre-commit.ci] pre-commit autoupdate (#3627)
• 95f15ad docs: Add Python 3.14 and 3.14t to config examples (#3626)
• 5b0f7e4 Fix release changelog generation config
• eac78c1 release 4.31.0
• Additional commits viewable in compare view

Updates coverage from 7.10.4 to 7.12.0

Changelog

Sourced from coverage's changelog.

Version 7.12.0 — 2025-11-18

• The HTML report now shows separate coverage totals for statements and branches, as well as the usual combined coverage percentage. Thanks to Ryuta Otsuka for the discussion <issue 2081_>_ and the implementation <pull 2085_>_.

• The JSON report now includes separate coverage totals for statements and branches, thanks to Ryuta Otsuka <pull 2090_>_.

• Fix: except* clauses were not handled properly under the "sysmon" measurement core, causing KeyError exceptions as described in issue 2086_. This is now fixed.

• Fix: we now defend against aggressive mocking of open() that could cause errors inside coverage.py. An example of a failure is in issue 2083_.

• Fix: in unusual cases where a test suite intentionally exhausts the system's file descriptors to test handling errors in open(), coverage.py would fail when trying to open source files, as described in issue 2091_. This is now fixed.

• A small tweak to the HTML report: file paths now use thin spaces around slashes to make them easier to read.

.. _issue 2081: coveragepy/coveragepy#2081 .. _issue 2083: coveragepy/coveragepy#2083 .. _pull 2085: coveragepy/coveragepy#2085 .. _issue 2086: coveragepy/coveragepy#2086 .. _pull 2090: coveragepy/coveragepy#2090 .. _issue 2091: coveragepy/coveragepy#2091

.. _changes_7-11-3:

Version 7.11.3 — 2025-11-09

• Fix: the 7.11.1 changes meant that conflicts between a requested measurement core and other settings would raise an error. This was a breaking change from previous behavior, as reported in issue 2076_ and issue 2078_.

  The previous behavior has been restored: when the requested core conflicts with other settings, another core is used instead, and a warning is issued.

• For contributors: the repo has moved from Ned's nedbat GitHub account_ to the coveragepy GitHub organization_. The default branch has changed from master to main.

  Description has been truncated