Update all dependencies

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
actions/checkout	action	major	v5 → v6
actions/setup-python	action	major	v5 → v6
attrs (changelog)	dependencies	minor	25.3.0 → 25.4.0
bandit (source, changelog)	dev	minor	1.8.6 → 1.9.2
black (changelog)	dev	major	25.1.0 → 26.1.0
codecov/codecov-action (changelog)	action	digest	fdcc847 → 671740a
mypy (changelog)	dev	minor	1.17.1 → 1.19.1
pubtools-pulplib (changelog)	dependencies	minor	2.42.1 → 2.43.0
pylint (changelog)	dev	major	3.3.8 → 4.0.4
pytest (changelog)	test	major	8.4.1 → 9.0.2
pytest-cov (changelog)	dev	major	6.2.1 → 7.0.0
requests-gssapi	dependencies	minor	1.3.0 → 1.4.0
sphinx (changelog)	docs	major	8.2.3 → 9.1.0
ubi-config	dependencies	patch	3.2.1 → 3.2.2

---

Release Notes

actions/checkout (actions/checkout)

v6

Compare Source

actions/setup-python (actions/setup-python)

v6

Compare Source

python-attrs/attrs (attrs)

v25.4.0

Compare Source

Backwards-incompatible Changes

• Class-level kw_only=True behavior is now consistent with dataclasses.

  Previously, a class that sets kw_only=True makes all attributes keyword-only, including those from base classes.
  If an attribute sets kw_only=False, that setting is ignored, and it is still made keyword-only.

  Now, only the attributes defined in that class that doesn't explicitly set kw_only=False are made keyword-only.

  This shouldn't be a problem for most users, unless you have a pattern like this:

  @​attrs.define(kw_only=True)
  class Base:
      a: int
      b: int = attrs.field(default=1, kw_only=False)
  
  @​attrs.define
  class Subclass(Base):
      c: int

  Here, we have a kw_only=True attrs class (Base) with an attribute that sets kw_only=False and has a default (Base.b), and then create a subclass (Subclass) with required arguments (Subclass.c).
  Previously this would work, since it would make Base.b keyword-only, but now this fails since Base.b is positional, and we have a required positional argument (Subclass.c) following another argument with defaults.
  #​1457

Changes

• Values passed to the __init__() method of attrs classes are now correctly passed to __attrs_pre_init__() instead of their default values (in cases where kw_only was not specified).
  #​1427

• Added support for Python 3.14 and PEP 749.
  #​1446,
  #​1451

• attrs.validators.deep_mapping() now allows to leave out either key_validator xor value_validator.
  #​1448

• attrs.validators.deep_iterator() and attrs.validators.deep_mapping() now accept lists and tuples for all validators and wrap them into a attrs.validators.and_().
  #​1449

• Added a new experimental way to inspect classes:

  attrs.inspect(cls) returns the effective class-wide parameters that were used by attrs to construct the class.

  The returned class is the same data structure that attrs uses internally to decide how to construct the final class.
  #​1454

• Fixed annotations for attrs.field(converter=...).
  Previously, a tuple of converters was only accepted if it had exactly one element.
  #​1461

• The performance of attrs.asdict() has been improved by 45–260%.
  #​1463

• The performance of attrs.astuple() has been improved by 49–270%.
  #​1469

• The type annotation for attrs.validators.or_() now allows for different types of validators.

  This was only an issue on Pyright.
  #​1474

PyCQA/bandit (bandit)

v1.9.2

Compare Source

What's Changed

• Argparse Python 3.14 enhancements by @​ericwb in #​1331
• Check whether Constant value is str by @​ericwb in #​1333

Full Changelog: PyCQA/bandit@1.9.1...1.9.2

v1.9.1

Compare Source

What's Changed

• More Python version related fixes by @​ericwb in #​1327

Full Changelog: PyCQA/bandit@1.9.0...1.9.1

psf/black (black)

v26.1.0

Compare Source

Highlights

Introduces the 2026 stable style (#​4892), stabilizing the following changes:

• always_one_newline_after_import: Always force one blank line after import
  statements, except when the line after the import is a comment or an import statement
  (#​4489)
• fix_fmt_skip_in_one_liners: Fix # fmt: skip behavior on one-liner declarations,
  such as def foo(): return "mock" # fmt: skip, where previously the declaration would
  have been incorrectly collapsed (#​4800)
• fix_module_docstring_detection: Fix module docstrings being treated as normal
  strings if preceded by comments (#​4764)
• fix_type_expansion_split: Fix type expansions split in generic functions (#​4777)
• multiline_string_handling: Make expressions involving multiline strings more compact
  (#​1879)
• normalize_cr_newlines: Add \r style newlines to the potential newlines to
  normalize file newlines both from and to (#​4710)
• remove_parens_around_except_types: Remove parentheses around multiple exception
  types in except and except* without as (#​4720)
• remove_parens_from_assignment_lhs: Remove unnecessary parentheses from the left-hand
  side of assignments while preserving magic trailing commas and intentional multiline
  formatting (#​4865)
• standardize_type_comments: Format type comments which have zero or more spaces
  between # and type: or between type: and value to # type: (value) (#​4645)

The following change was not in any previous stable release:

• Regenerated the _width_table.py and added tests for the Khmer language (#​4253)

This release alo bumps pathspec to v1 and fixes inconsistencies with Git's
.gitignore logic (#​4958). Now, files will be ignored if a pattern matches them, even
if the parent directory is directly unignored. For example, Black would previously
format exclude/not_this/foo.py with this .gitignore:

exclude/
!exclude/not_this/

Now, exclude/not_this/foo.py will remain ignored. To ensure exclude/not_this/ and
all of it's children are included in formatting (and in Git), use this .gitignore:

*/exclude/*
!*/exclude/not_this/

This new behavior matches Git. The leading */ are only necessary if you wish to ignore
matching subdirectories (like the previous behavior did), and not just matching root
directories.

Output

• Explicitly shutdown the multiprocessing manager when run in diff mode too (#​4952)

Integrations

• Upgraded PyPI upload workflow to use Trusted Publishing (#​4611)

v25.12.0

Compare Source

Highlights

• Black no longer supports running with Python 3.9 (#​4842)

Stable style

• Fix bug where comments preceding # fmt: off/# fmt: on blocks were incorrectly
  removed, particularly affecting Jupytext's # %% [markdown] comments (#​4845)
• Fix crash when multiple # fmt: skip comments are used in a multi-part if-clause, on
  string literals, or on dictionary entries with long lines (#​4872)
• Fix possible crash when fmt: directives aren't on the top level (#​4856)

Preview style

• Fix fmt: skip skipping the line after instead of the line it's on (#​4855)
• Remove unnecessary parentheses from the left-hand side of assignments while preserving
  magic trailing commas and intentional multiline formatting (#​4865)
• Fix fix_fmt_skip_in_one_liners crashing on with statements (#​4853)
• Fix fix_fmt_skip_in_one_liners crashing on annotated parameters (#​4854)
• Fix new lines being added after imports with # fmt: skip on them (#​4894)

Packaging

• Releases now include arm64 Windows binaries and wheels (#​4814)

Integrations

• Add output-file input to GitHub Action psf/black to write formatter output to a
  file for artifact capture and log cleanliness (#​4824)

v25.11.0

Compare Source

Highlights

• Enable base 3.14 support (#​4804)
• Add support for the new Python 3.14 t-string syntax introduced by PEP 750 (#​4805)

Stable style

• Fix bug where comments between # fmt: off and # fmt: on were reformatted (#​4811)
• Comments containing fmt directives now preserve their exact formatting instead of
  being normalized (#​4811)

Preview style

• Move multiline_string_handling from --unstable to --preview (#​4760)
• Fix bug where module docstrings would be treated as normal strings if preceded by
  comments (#​4764)
• Fix bug where python 3.12 generics syntax split line happens weirdly (#​4777)
• Standardize type comments to form # type: <value> (#​4645)
• Fix fix_fmt_skip_in_one_liners preview feature to respect # fmt: skip for compound
  statements with semicolon-separated bodies (#​4800)

Configuration

• Add no_cache option to control caching behavior. (#​4803)

Packaging

• Releases now include arm64 Linux binaries (#​4773)

Output

• Write unchanged content to stdout when excluding formatting from stdin using pipes
  (#​4610)

Blackd

• Implemented BlackDClient. This simple python client allows to easily send formatting
  requests to blackd (#​4774)

Integrations

• Enable 3.14 base CI (#​4804)
• Enhance GitHub Action psf/black to support the required-version major-version-only
  "stability" format when using pyproject.toml (#​4770)
• Improve error message for vim plugin users. It now handles independently vim version
• Vim: Warn on unsupported Vim and Python versions independently (#​4772)
• Vim: Print the import paths when importing black fails (#​4675)
• Vim: Fix handling of virtualenvs that have a different Python version (#​4675)

v25.9.0

Compare Source

Highlights

• Remove support for pre-python 3.7 await/async as soft keywords/variable names
  (#​4676)

Stable style

• Fix crash while formatting a long del statement containing tuples (#​4628)
• Fix crash while formatting expressions using the walrus operator in complex with
  statements (#​4630)
• Handle # fmt: skip followed by a comment at the end of file (#​4635)
• Fix crash when a tuple appears in the as clause of a with statement (#​4634)
• Fix crash when tuple is used as a context manager inside a with statement (#​4646)
• Fix crash when formatting a \ followed by a \r followed by a comment (#​4663)
• Fix crash on a \\r\n (#​4673)
• Fix crash on await ... (where ... is a literal Ellipsis) (#​4676)
• Fix crash on parenthesized expression inside a type parameter bound (#​4684)
• Fix crash when using line ranges excluding indented single line decorated items
  (#​4670)

Preview style

• Fix a bug where one-liner functions/conditionals marked with # fmt: skip would still
  be formatted (#​4552)
• Improve multiline_string_handling with ternaries and dictionaries (#​4657)
• Fix a bug where string_processing would not split f-strings directly after
  expressions (#​4680)
• Wrap the in clause of comprehensions across lines if necessary (#​4699)
• Remove parentheses around multiple exception types in except and except* without
  as. (#​4720)
• Add \r style newlines to the potential newlines to normalize file newlines both from
  and to (#​4710)

Parser

• Rewrite tokenizer to improve performance and compliance (#​4536)
• Fix bug where certain unusual expressions (e.g., lambdas) were not accepted in type
  parameter bounds and defaults. (#​4602)

Performance

• Avoid using an extra process when running with only one worker (#​4734)

Integrations

• Fix the version check in the vim file to reject Python 3.8 (#​4567)
• Enhance GitHub Action psf/black to read Black version from an additional section in
  pyproject.toml: [project.dependency-groups] (#​4606)
• Build gallery docker image with python3-slim and reduce image size (#​4686)

Documentation

• Add FAQ entry for windows emoji not displaying (#​4714)

python/mypy (mypy)

v1.19.1

Compare Source

• Fix noncommutative joins with bounded TypeVars (Shantanu, PR 20345)
• Respect output format for cached runs by serializing raw errors in cache metas (Ivan Levkivskyi, PR 20372)
• Allow types.NoneType in match cases (A5rocks, PR 20383)
• Fix mypyc generator regression with empty tuple (BobTheBuidler, PR 20371)
• Fix crash involving Unpack-ed TypeVarTuple (Shantanu, PR 20323)
• Fix crash on star import of redefinition (Ivan Levkivskyi, PR 20333)
• Fix crash on typevar with forward ref used in other module (Ivan Levkivskyi, PR 20334)
• Fail with an explicit error on PyPy (Ivan Levkivskyi, PR 20389)

v1.19.0

Compare Source

v1.18.2

Compare Source

• Fix crash on recursive alias (Ivan Levkivskyi, PR 19845)
• Add additional guidance for stubtest errors when runtime is object.__init__ (Stephen Morton, PR 19733)
• Fix handling of None values in f-string expressions in mypyc (BobTheBuidler, PR 19846)

v1.18.1

Compare Source

We’ve just uploaded mypy 1.18.1 to the Python Package Index (PyPI).
Mypy is a static type checker for Python. This release includes new features, performance
improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Mypy Performance Improvements

Mypy 1.18.1 includes numerous performance improvements, resulting in about 40% speedup
compared to 1.17 when type checking mypy itself. In extreme cases, the improvement
can be 10x or higher. The list below is an overview of the various mypy optimizations.
Many mypyc improvements (discussed in a separate section below) also improve performance.

Type caching optimizations have a small risk of causing regressions. When
reporting issues with unexpected inferred types, please also check if
--disable-expression-cache will work around the issue, as it turns off some of
these optimizations.

• Improve self check performance by 1.8% (Jukka Lehtosalo, PR 19768, 19769, 19770)
• Optimize fixed-format deserialization (Ivan Levkivskyi, PR 19765)
• Use macros to optimize fixed-format deserialization (Ivan Levkivskyi, PR 19757)
• Two additional micro‑optimizations (Ivan Levkivskyi, PR 19627)
• Another set of micro‑optimizations (Ivan Levkivskyi, PR 19633)
• Cache common types (Ivan Levkivskyi, PR 19621)
• Skip more method bodies in third‑party libraries for speed (Ivan Levkivskyi, PR 19586)
• Simplify the representation of callable types (Ivan Levkivskyi, PR 19580)
• Add cache for types of some expressions (Ivan Levkivskyi, PR 19505)
• Use cache for dictionary expressions (Ivan Levkivskyi, PR 19536)
• Use cache for binary operations (Ivan Levkivskyi, PR 19523)
• Cache types of type objects (Ivan Levkivskyi, PR 19514)
• Avoid duplicate work when checking boolean operations (Ivan Levkivskyi, PR 19515)
• Optimize generic inference passes (Ivan Levkivskyi, PR 19501)
• Speed up the default plugin (Jukka Lehtosalo, PRs 19385 and 19462)
• Remove nested imports from the default plugin (Ivan Levkivskyi, PR 19388)
• Micro‑optimize type expansion (Jukka Lehtosalo, PR 19461)
• Micro‑optimize type indirection (Jukka Lehtosalo, PR 19460)
• Micro‑optimize the plugin framework (Jukka Lehtosalo, PR 19464)
• Avoid temporary set creation in subtype checking (Jukka Lehtosalo, PR 19463)
• Subtype checking micro‑optimization (Jukka Lehtosalo, PR 19384)
• Return early where possible in subtype check (Stanislav Terliakov, PR 19400)
• Deduplicate some types before joining (Stanislav Terliakov, PR 19409)
• Speed up type checking by caching argument inference context (Jukka Lehtosalo, PR 19323)
• Optimize binding method self argument type and deprecation checks (Ivan Levkivskyi, PR 19556)
• Keep trivial instance types/aliases during expansion (Ivan Levkivskyi, PR 19543)

Fixed‑Format Cache (Experimental)

Mypy now supports a new cache format used for faster incremental builds. It makes
incremental builds up to twice as fast. The feature is experimental and
currently only supported when using a compiled version of mypy. Use --fixed-format-cache
to enable the new format, or fixed_format_cache = True in a configuration file.

We plan to enable this by default in a future mypy release, and we'll eventually
deprecate and remove support for the original JSON-based format.

Unlike the JSON-based cache format, the new binary format is currently
not easy to parse and inspect by mypy users. We are planning to provide a tool to
convert fixed-format cache files to JSON, but details of the output JSON may be
different from the current JSON format. If you rely on being able to inspect
mypy cache files, we recommend creating a GitHub issue and explaining your use
case, so that we can more likely provide support for it. (Using
MypyFile.read(binary_data) to inspect cache data may be sufficient to support
some use cases.)

This feature was contributed by Ivan Levkivskyi (PR 19668, 19735, 19750, 19681, 19752, 19815).

Flexible Variable Definitions: Update

Mypy 1.16.0 introduced --allow-redefinition-new, which allows redefining variables
with different types, and inferring union types for variables from multiple assignments.
The feature is now documented in the --help output, but the feature is still experimental.

We are planning to enable this by default in mypy 2.0, and we will also deprecate the
older --allow-redefinition flag. Since the new behavior differs significantly from
the older flag, we encourage users of --allow-redefinition to experiment with
--allow-redefinition-new and create a GitHub issue if the new functionality doesn't
support some important use cases.

This feature was contributed by Jukka Lehtosalo.

Inferred Type for Bare ClassVar

A ClassVar without an explicit type annotation now causes the type of the variable
to be inferred from the initializer:

from typing import ClassVar

class Item:

### Type of 'next_id' is now 'int' (it was 'Any')
    next_id: ClassVar = 1

    ...

This feature was contributed by Ivan Levkivskyi (PR 19573).

Disjoint Base Classes (@​disjoint_base, PEP 800)

Mypy now understands disjoint bases (PEP 800): it recognizes the @disjoint_base
decorator, and rejects class definitions that combine mutually incompatible base classes,
and takes advantage of the fact that such classes cannot exist in reachability and
narrowing logic.

This class definition will now generate an error:

release-engineering/pubtools-pulplib (pubtools-pulplib)

v2.43.0

Compare Source

• Added filelist attr and get_files() method to RpmUnit

pylint-dev/pylint (pylint)

v4.0.4

Compare Source

What's new in Pylint 4.0.4?

Release date: 2025-11-30

False Positives Fixed

• Fixed false positive for invalid-name where module-level constants were incorrectly classified as variables when a class-level attribute with the same name exists.

  Closes #​10719

• Fix a false positive for invalid-name on an UPPER_CASED name inside an if branch that assigns an object.

  Closes #​10745

v4.0.3

Compare Source

What's new in Pylint 4.0.3?

Release date: 2025-11-13

False Positives Fixed

• Add Enum dunder methods _generate_next_value_, _missing_, _numeric_repr_, _add_alias_, and _add_value_alias_ to the list passed to --good-dunder-names.

  Closes #​10435

• Fixed false positive for invalid-name with typing.Annotated.

  Closes #​10696

• Fix false positive for f-string-without-interpolation with template strings
  when using format spec.

  Closes #​10702

• Fix a false positive when an UPPER_CASED class attribute was raising an
  invalid-name when typed with Final.

  Closes #​10711

• Fix a false positive for unbalanced-tuple-unpacking when a tuple is assigned to a function call and the structure of the function's return value is ambiguous.

  Closes #​10721

Other Bug Fixes

• Make 'ignore' option work as expected again.

  Closes #​10669

• Fix crash for consider-using-assignment-expr when a variable annotation without assignment
  is used as the if test expression.

  Closes #​10707

• Fix crash for prefer-typing-namedtuple and consider-math-not-float when
  a slice object is called.

  Closes #​10708

v4.0.2

Compare Source

False Positives Fixed

• Fix false positive for invalid-name on a partially uninferable module-level constant.

  Closes #​10652

• Fix a false positive for invalid-name on exclusive module-level assignments
  composed of three or more branches. We won't raise disallowed-name on module-level names that can't be inferred
  until a further refactor to remove this false negative is done.

  Closes #​10664

• Fix false positive for invalid-name for TypedDict instances.

  Closes #​10672

v4.0.1

Compare Source

What's new in Pylint 4.0.1?

Release date: 2025-10-14

False Positives Fixed

• Exclude __all__ and __future__.annotations from unused-variable.

  Closes #​10019

• Fix false-positive for bare-name-capture-pattern if a case guard is used.

  Closes #​10647

• Check enums created with the Enum() functional syntax to pass against the
  --class-rgx for the invalid-name check, like other enums.

  Closes #​10660

v4.0.0

Compare Source

• Pylint now supports Python 3.14.

• Pylint's inference engine (astroid) is now much more precise,
  understanding implicit booleanness and ternary expressions. (Thanks @​zenlyj!)

Consider this example:

class Result:
    errors: dict | None = None

result = Result()
if result.errors:
    result.errors[field_key]

##### inference engine understands result.errors cannot be None
##### pylint no longer raises unsubscriptable-object

The required astroid version is now 4.0.0. See the astroid changelog for additional fixes, features, and performance improvements applicable to pylint.

• Handling of invalid-name at the module level was patchy. Now,
  module-level constants that are reassigned are treated as variables and checked
  against --variable-rgx rather than --const-rgx. Module-level lists,
  sets, and objects can pass against either regex.

Here, LIMIT is reassigned, so pylint only uses --variable-rgx:

LIMIT = 500  # [invalid-name]
if sometimes:
    LIMIT = 1  # [invalid-name]

If this is undesired, refactor using exclusive assignment so that it is
evident that this assignment happens only once:

if sometimes:
    LIMIT = 1
else:
    LIMIT = 500  # exclusive assignment: uses const regex, no warning

Lists, sets, and objects still pass against either const-rgx or variable-rgx
even if reassigned, but are no longer completely skipped:

MY_LIST = []
my_list = []
My_List = []  # [invalid-name]

Remember to adjust the regexes and allow lists to your liking.

Breaking Changes

• invalid-name now distinguishes module-level constants that are assigned only once
  from those that are reassigned and now applies --variable-rgx to the latter. Values
  other than literals (lists, sets, objects) can pass against either the constant or
  variable regexes (e.g. "LOGGER" or "logger" but not "LoGgEr").

  Remember that --good-names or --good-names-rgxs can be provided to explicitly
  allow good names.

  Closes #​3585

• The unused pylintrc argument to PyLinter.__init__() is deprecated
  and will be removed.

  Refs #​6052

• Commented out code blocks such as # bar() # TODO: remove dead code will no longer emit fixme.

  Refs #​9255

• pyreverse Run was changed to no longer call sys.exit() in its __init__.
  You should now call Run(args).run() which will return the exit code instead.
  Having a class that always raised a SystemExit exception was considered a bug.

  Normal usage of pyreverse through the CLI will not be affected by this change.

  Refs #​9689

• The suggestion-mode option was removed, as pylint now always emits user-friendly hints instead
  of false-positive error messages. You should remove it from your conf if it's defined.

  Refs #​9962

• The async.py checker module has been renamed to async_checker.py since async is a Python keyword
  and cannot be imported directly. This allows for better testing and extensibility of the async checker functionality.

  Refs #​10071

• The message-id of continue-in-finally was changed from E0116 to W0136. The warning is
  now emitted for every Python version since it will raise a syntax warning in Python 3.14.
  See PEP 765 - Disallow return/break/continue that exit a finally block.

  Refs #​10480

• Removed support for nmp.NaN alias for numpy.NaN being recognized in ':ref:nan-comparison'. Use np or numpy instead.

  Refs #​10583

• Version requirement for isort has been bumped to >=5.0.0.
  The internal compatibility for older isort versions exposed via pylint.utils.IsortDriver has
  been removed.

  Refs #​10637

New Features

• comparison-of-constants now uses the unicode from the ast instead of reformatting from
  the node's values preventing some bad formatting due to utf-8 limitation. The message now uses
  " instead of ' to better work with what the python ast returns.

  Refs #​8736

• Enhanced pyreverse to properly distinguish between UML relationship types (association, aggregation, composition) based on object ownership semantics. Type annotations without assignment are now treated as associations, parameter assignments as aggregations, and object instantiation as compositions.

  Closes #​9045
  Closes #​9267

• The fixme check can now search through docstrings as well as comments, by using
  check-fixme-in-docstring = true in the [tool.pylint.miscellaneous] section.

  Closes #​9255

• The use-implicit-booleaness-not-x checks now distinguish between comparisons
  used in boolean contexts and those that are not, enabling them to provide more accurate refactoring suggestions.

  Closes #​9353

• The verbose option now outputs the filenames of the files that have been checked.
  Previously, it only included the number of checked and skipped files.

  Closes #​9357

• colorized reporter now colorizes messages/categories that have been configured as fail-on in red inverse.
  This makes it easier to quickly find the errors that are causing pylint CI job failures.

  Closes #​9898

• Enhanced support for @​property decorator in pyreverse to correctly display return types of annotated properties when generating class diagrams.

  Closes #​10057

• Add --max-depth option to pyreverse to control diagram complexity. A depth of 0 shows only top-level packages, 1 shows one level of subpackages, etc.
  This helps manage visualization of large codebases by limiting the depth of displayed packages and classes.

  Refs #​10077

• Handle deferred evaluation of annotations in Python 3.14.

  Closes #​10149

• Enhanced pyreverse to properly detect aggregations for comprehensions (list, dict, set, generator).

  Closes #​10236

• pyreverse: add support for colorized output when using output format mmd (MermaidJS) and html.

  Closes #​10242

• pypy 3.11 is now officially supported.

  Refs #​10287

• Add support for Python 3.14.

  Refs #​10467

• Add naming styles for ParamSpec and TypeVarTuple that align with the TypeVar style.

  Refs #​10541

New Checks

• Add match-statements checker and the following message:
  bare-name-capture-pattern.
  This will emit an error message when a name capture pattern is used in a match statement which would make the remaining patterns unreachable.
  This code is a SyntaxError at runtime.

  Closes #​7128

• Add new check async-context-manager-with-regular-with to detect async context managers used with regular with statements instead of async with.

  Refs #​10408

• Add break-in-finally warning. Using break inside the finally clause
  will raise a syntax warning in Python 3.14.
  See PEP 765 - Disallow return/break/continue that exit a finally block <https://peps.python.org/pep-0765/>_.

  Refs #​10480

• Add new checks for invalid uses of class patterns in :keyword:match.

  • :ref:invalid-match-args-definition is emitted if :py:data:object.__match_args__ isn't a tuple of strings.
  • :ref:too-many-positional-sub-patterns if there are more positional sub-patterns than specified in :py:data:object.__match_args__.
  • :ref:multiple-class-sub-patterns if there are multiple sub-patterns for the same attribute.

  Refs #​10559

• Add additional checks for suboptimal uses of class patterns in :keyword:match.

  • :ref:match-class-bind-self is emitted if a name is bound to self instead of
    using an as pattern.
  • :ref:match-class-positional-attributes is emitted if a class pattern has positional
    attributes when keywords could be used.

  Refs #​10587

• Add a consider-math-not-float message. float("nan") and float("inf") are slower
  than their counterpart math.inf and math.nan by a factor of 4 (notwithstanding
  the initial import of math) and they are also not well typed when using mypy.
  This check also catches typos in float calls as a side effect.

  The :ref:pylint.extensions.code_style need to be activated for this check to work.

  Refs #​10621

False Positives Fixed

• Fix a false positive for used-before-assignment when a variable defined under
  an if and via a named expression (walrus operator) is used later when guarded
  under the same if test.

  Closes #​10061

• Fix :ref:no-name-in-module for members of concurrent.futures with Python 3.14.

  Closes #​10632

False Negatives Fixed

• Fix false negative for used-before-assignment when a TYPE_CHECKING import is used as a type annotation prior to erroneous usage.

  Refs #​8893

• Match cases are now counted as edges in the McCabe graph and will increase the complexity accordingly.

  Refs #​9667

• Check module-level constants with type annotations for invalid-name.
  Remember to adjust const-naming-style or const-rgx to your liking.

  Closes #​9770

• Fix false negative where function-redefined (E0102) was not reported for functions with a leading underscore.

  Closes #​9894

• We now raise a logging-too-few-args for format string with no
  interpolation arguments at all (i.e. for something like logging.debug("Awaiting process %s")
  or logging.debug("Awaiting process {pid}")). Previously we did not raise for such case.

  Closes #​9999

• Fix false negative for used-before-assignment when a function is defined inside a TYPE_CHECKING guard block and used later.

  Closes #​10028

• Fix a false negative for possibly-used-before-assignment when a variable is conditionally defined
  and later assigned to a type-annotated variable.

  Closes #​10421

• Fix false negative for deprecated-module when a __import__ method is used instead of import sentence.

  Refs #​10453

• Count match cases for too-many-branches check.

  Refs #​10542

• Fix false-negative where :ref:unused-import was not reported for names referenced in a preceding global statement.

  Refs #​10633

Other Bug Fixes

• When displaying unicode with surrogates (or other potential UnicodeEncodeError),
  pylint will now display a '?' character (using encode(encoding="utf-8", errors="replace"))
  instead of crashing. The functional tests classes are also updated to handle this case.

  Closes #​8736

• Fixed unidiomatic-typecheck only checking left-hand side.

  Closes #​10217

• Fix a crash caused by malformed format strings when using .format with keyword arguments.

  Closes #​10282

• Fix false positive inconsistent-return-statements when using quit() or exit() functions.

  Closes #​10508

• Fix a crash in :ref:nested-min-max when using builtins.min or builtins.max
  instead of min or max directly.

  Closes #​10626

• Fixed a crash in :ref:unnecessary-dict-index-lookup when the index of an enumerated list
  was deleted inside a for loop.

  Closes #​10627

Other Changes

• Remove support for launching pylint with Python 3.9.
  Code that supports Python 3.9 can still be linted with the --py-version=3.9 setting.

  Refs #​10405

Internal Changes

• Modified test framework to allow for different test output for different Python versions.

  Refs #​10382

v3.3.9

Compare Source

What's new in Pylint 3.3.9?

Release date: 2025-10-05

False Positives Fixed

• Fix used-before-assignment for PEP 695 type aliases and parameters.

  Closes #​9815

• No longer flag undeprecated functions in importlib.resources as deprecated.

  Closes #​10593

• Fix false positive inconsistent-return-statements when using quit() or exit() functions.

  Closes #​10508

• Fix false positive undefined-variable (E0602) for for-loop variable shadowing patterns like for item in item: when the variable was previously defined.

  Closes #​10562

Other Bug Fixes

• Fixed crash in 'unnecessary-list-index-lookup' when starting an enumeration using
  minus the length of an iterable inside a dict comprehension when the len call was only
  made in this dict comprehension, and not elsewhere. Also changed the approach,
  to use inference in all cases but the simple ones, so we don't have to fix crashes
  one by one for arbitrarily complex expressions in enumerate.

  Closes #​10510

pytest-dev/pytest (pytest)

v9.0.2

Compare Source

pytest 9.0.2 (2025-12-06)

Bug fixes

• #​13896: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.

  You may enable it again by passing -p terminalprogress. We may enable it by default again once compatibility improves in the future.

  Additionally, when the environment variable TERM is dumb, the escape codes are no longer emitted, even if the plugin is enabled.

• #​13904: Fixed the TOML type of the tmp_path_retention_count settings in the API reference from number to string.

• #​13946: The private config.inicfg attribute was changed in a breaking manner in pytest 9.0.0.
  Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim.
  It will be deprecated in pytest 9.1 and removed in pytest 10.

• #​13965: Fixed quadratic-time behavior when handling unittest subtests in Python 3.10.

Improved documentation

• #​4492: The API Reference now contains cross-reference-able documentation of pytest's command-line flags <command-line-flags>.

v9.0.1

Compare Source

pytest 9.0.1 (2025-11-12)

Bug fixes

• #​13895: Restore support for skipping tests via raise unittest.SkipTest.
• #​13896: The terminal progress plugin added in pytest 9.0 is now automatically disabled when iTerm2 is detected, it generated desktop notifications instead of the desired functionality.
• #​13904: Fixed the TOML type of the verbosity settings in the API reference from number to string.
• #​13910: Fixed UserWarning: Do not expect file_or_dir on some earlier Python 3.12 and 3.13 point versions.

Packaging updates and notes for downstreams

• #​13933: The tox configuration has been adjusted to make sure the desired
  version string can be passed into its package_env through
  the SETUPTOOLS_SCM_PRETEND_VERSION_FOR_PYTEST environment
  variable as a part of the release process -- by webknjaz.

Contributor-facing changes

• #​13891, #​13942: The CI/CD part of the release automation is now capable of
  creating GitHub Releases without having a Git checkout on
  disk -- by bluetech and `webknja

---

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.70%. Comparing base (2cfdacc) to head (5108939).

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #280   +/-   ##
=======================================
  Coverage   98.70%   98.70%           
=======================================
  Files           6        6           
  Lines         696      696           
=======================================
  Hits          687      687           
  Misses          9        9           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[rbikar]

run tests

[rbikar]

run tests

[rbikar]

run tests

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: poetry.lock

Updating dependencies
Resolving dependencies...

Creating virtualenv ubi-population-tool-crxXe_nh-py3.14 in /home/ubuntu/.cache/pypoetry/virtualenvs

The current project's supported Python range (>=3.9,<3.11) is not compatible with some of the required packages Python requirement:
  - pylint requires Python >=3.10.0, so it will not be installable for Python >=3.9,<3.10.0

Because ubi-population-tool depends on pylint (4.0.4) which requires Python >=3.10.0, version solving failed.

  * Check your dependencies Python requirement: The Python requirement can be specified via the `python` or `markers` properties

    For pylint, a possible solution would be to set the `python` property to ">=3.10.0,<3.11"

    https://python-poetry.org/docs/dependency-specification/#python-restricted-dependencies,
    https://python-poetry.org/docs/dependency-specification/#using-environment-markers

[rbikar]

run tests