Bump the dev-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the dev-dependencies group with 5 updates in the / directory:

Package	From	To
pytest	8.3.4	8.3.5
pytest-cov	6.0.0	6.1.1
pre-commit	4.1.0	4.2.0
flake8	7.1.1	7.2.0
bandit	1.8.2	1.8.3

Updates pytest from 8.3.4 to 8.3.5

Release notes

Sourced from pytest's releases.

8.3.5

pytest 8.3.5 (2025-03-02)

Bug fixes

• #11777: Fixed issue where sequences were still being shortened even with -vv verbosity.
• #12888: Fixed broken input when using Python 3.13+ and a libedit build of Python, such as on macOS or with uv-managed Python binaries from the python-build-standalone project. This could manifest e.g. by a broken prompt when using Pdb, or seeing empty inputs with manual usage of input() and suspended capturing.
• #13026: Fixed AttributeError{.interpreted-text role="class"} crash when using --import-mode=importlib when top-level directory same name as another module of the standard library.
• #13053: Fixed a regression in pytest 8.3.4 where, when using --import-mode=importlib, a directory containing py file with the same name would cause an ImportError
• #13083: Fixed issue where pytest could crash if one of the collected directories got removed during collection.

Improved documentation

• #12842: Added dedicated page about using types with pytest.

  See types{.interpreted-text role="ref"} for detailed usage.

Contributor-facing changes

• #13112: Fixed selftest failures in test_terminal.py with Pygments >= 2.19.0
• #13256: Support for Towncrier versions released in 2024 has been re-enabled when building Sphinx docs -- by webknjaz{.interpreted-text role="user"}.

Commits

• b55ab2a Prepare release version 8.3.5
• e217726 Added dedicated page about using types with pytest #12842 (#12963) (#13260)
• 2fa3f83 Add more resources and studies to flaky tests page in docs (#13250) (#13259)
• e5c2efe Merge pull request #13256 from webknjaz/maintenance/towncrier-bump (#13258)
• 3419674 Merge pull request #13187 from pytest-dev/patchback/backports/8.3.x/b4009b319...
• b75cfb1 Add readline workaround for libedit (#13176)
• edbfff7 doc: Clarify capturing .readouterr() return value (#13222) (#13225)
• 2ebba00 Merge pull request #13199 from jakkdl/tox_docs_no_fetch (#13200)
• eb6496b doc: Change training to remote only (#13196) (#13197)
• 78cf1f6 ci: Bump build-and-inspect-python-package (#13188)
• Additional commits viewable in compare view

Updates pytest-cov from 6.0.0 to 6.1.1

Changelog

Sourced from pytest-cov's changelog.

6.1.1 (2025-04-05)

• Fixed breakage that occurs when --cov-context and the no_cover marker are used together.

6.1.0 (2025-04-01)

• Change terminal output to use full width lines for the coverage header. Contributed by Tsvika Shapira in [#678](https://github.com/pytest-dev/pytest-cov/issues/678) <https://github.com/pytest-dev/pytest-cov/pull/678>_.
• Removed unnecessary CovFailUnderWarning. Fixes [#675](https://github.com/pytest-dev/pytest-cov/issues/675) <https://github.com/pytest-dev/pytest-cov/issues/675>_.
• Fixed the term report not using the precision specified via --cov-precision.

Commits

• 9463242 Bump version: 6.1.0 → 6.1.1
• 7f2781b Update changelog.
• a59548f Allow the context plugin to check if the controller is running or not. Fixes ...
• 10f8cde Bump version: 6.0.0 → 6.1.0
• 10b14af Update changelog.
• aa57aed Refactor a bit the internals to be a bit less boilerplatey and have more clar...
• e760099 Make sure the CLI precision is used when creating report. Fixes #674.
• 44540e1 Remove unnecessary CovFailUnderWarning. Closes #675.
• 204af14 Update changelog.
• 089e7bb Upgrade ruff.
• Additional commits viewable in compare view

Updates pre-commit from 4.1.0 to 4.2.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.2.0

Features

• For language: python first attempt a versioned python executable for the default language version before consulting a potentially unversioned sys.executable.
  • #3430 PR by @​asottile.

Fixes

• Handle error during conflict detection when a file is named "HEAD"
  • #3425 PR by @​tusharsadhwani.

Changelog

Sourced from pre-commit's changelog.

4.2.0 - 2025-03-18

Features

• For language: python first attempt a versioned python executable for the default language version before consulting a potentially unversioned sys.executable.
  • #3430 PR by @​asottile.

Fixes

• Handle error during conflict detection when a file is named "HEAD"
  • #3425 PR by @​tusharsadhwani.

Commits

• aa48766 v4.2.0
• bf6f11d Merge pull request #3430 from pre-commit/preferential-sys-impl
• 3e8d0f5 adjust python default_language_version to prefer versioned exe
• ff7256c Merge pull request #3425 from tusharsadhwani/ambiguous-ref
• b7eb412 fix: crash on ambiguous ref 'HEAD'
• 7b88c63 Merge pull request #3404 from pre-commit/pre-commit-ci-update-config
• 94b97e2 [pre-commit.ci] pre-commit autoupdate
• 2f93b80 Merge pull request #3401 from pre-commit/pre-commit-ci-update-config
• 4f90a1e [pre-commit.ci] pre-commit autoupdate
• aba1ce0 Merge pull request #3396 from pre-commit/all-repos_autofix_all-repos-sed
• Additional commits viewable in compare view

Updates flake8 from 7.1.1 to 7.2.0

Commits

• 16f5f28 Release 7.2.0
• ebad305 Merge pull request #1974 from PyCQA/update-plugins
• d56d569 update versions of pycodestyle / pyflakes
• a7e8f62 Merge pull request #1973 from PyCQA/py39-plus
• 9d55ccd py39+
• e492aeb Merge pull request #1967 from PyCQA/unnecessary-mocks
• fa2ed71 remove a few unnecessary mocks in test_checker_manager
• fffee8b Release 7.1.2
• 19001f7 Merge pull request #1966 from PyCQA/limit-procs-to-file-count
• f35737a avoid starting unnecessary processes when file count is limited
• See full diff in compare view

Updates bandit from 1.8.2 to 1.8.3

Release notes

Sourced from bandit's releases.

1.8.3

What's Changed

• Bump docker/build-push-action from 6.10.0 to 6.11.0 by @​dependabot in PyCQA/bandit#1220
• Bump docker/build-push-action from 6.11.0 to 6.12.0 by @​dependabot in PyCQA/bandit#1221
• Bump docker/build-push-action from 6.12.0 to 6.13.0 by @​dependabot in PyCQA/bandit#1222
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in PyCQA/bandit#1229
• Update bug template to include latest released versions by @​ericwb in PyCQA/bandit#1218
• Add markupsafe.Markup XSS plugin by @​Daverball in PyCQA/bandit#1225
• Warn not error on an nonexistant test given by @​ericwb in PyCQA/bandit#1230
• Bump sigstore/cosign-installer from 3.7.0 to 3.8.0 by @​dependabot in PyCQA/bandit#1233
• Bump docker/setup-buildx-action from 3.8.0 to 3.9.0 by @​dependabot in PyCQA/bandit#1234
• B107: Skip None values in hardcoded password detection by @​lukehinds in PyCQA/bandit#1232
• Pytorch fix by @​lukehinds in PyCQA/bandit#1231

New Contributors

• @​Daverball made their first contribution in PyCQA/bandit#1225

Full Changelog: PyCQA/bandit@1.8.2...1.8.3

Commits

• 8ff25e0 Pytorch fix (#1231)
• def123a B107: Skip None values in hardcoded password detection (#1232)
• 00b1e95 Bump docker/setup-buildx-action from 3.8.0 to 3.9.0 (#1234)
• a324f42 Bump sigstore/cosign-installer from 3.7.0 to 3.8.0 (#1233)
• affd4fd Warn not error on an nonexistant test given (#1230)
• 5e3e694 Add markupsafe.Markup XSS plugin (#1225)
• 6133e08 Update bug template to include latest released versions (#1218)
• 7619cc4 [pre-commit.ci] pre-commit autoupdate (#1229)
• 3348781 Bump docker/build-push-action from 6.12.0 to 6.13.0 (#1222)
• ef0090f Bump docker/build-push-action from 6.11.0 to 6.12.0 (#1221)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml