Bump the patches group across 1 directory with 10 updates

[dependabot]

Bumps the patches group with 10 updates in the / directory:

Package	From	To
django-polymorphic	4.11.0	4.11.2
reportlab	4.4.9	4.4.10
markdown	3.10.1	3.10.2
pyjwt	2.12.0	2.12.1
mysqlclient	2.2.7	2.2.8
coverage	7.13.3	7.13.5
pylint	4.0.4	4.0.5
sphinx-github-changelog	1.7.1	1.7.2
prek	0.3.1	0.3.8
ruff	0.15.0	0.15.7

Updates django-polymorphic from 4.11.0 to 4.11.2

Release notes

Sourced from django-polymorphic's releases.

v4.11.2

What's Changed

• CI updates by @​bckohan in jazzband/django-polymorphic#869
• Bump github/codeql-action from 4.32.4 to 4.32.6 in the gha-updates group by @​dependabot[bot] in jazzband/django-polymorphic#870
• fix test path restriction by @​bckohan in jazzband/django-polymorphic#871
• reinclude lockfile - need it to avoid mysql builds by @​bckohan in jazzband/django-polymorphic#872
• Add Comprehensive Security Testing to CI Pipeline by @​JohananOppongAmoateng in jazzband/django-polymorphic#762
• remove unnecessary mark_safe, potentially vulnerable to xss by @​bckohan in jazzband/django-polymorphic#873
• update changelog by @​bckohan in jazzband/django-polymorphic#874
• switch default branch master -> main by @​bckohan in jazzband/django-polymorphic#875

Full Changelog: jazzband/django-polymorphic@v4.11.1...v4.11.2

v4.11.1

Fix for Release 4.11 causes UPDATE query to be routed to reader DB

What's Changed

• better release version parsing by @​bckohan in jazzband/django-polymorphic#861
• fix CI on oracle dj5.2 by @​bckohan in jazzband/django-polymorphic#862
• Bump cryptography from 46.0.4 to 46.0.5 by @​dependabot[bot] in jazzband/django-polymorphic#864
• Fix database routing bug on save() by @​bckohan in jazzband/django-polymorphic#866
• fix validate_version recipe by @​bckohan in jazzband/django-polymorphic#867

Full Changelog: jazzband/django-polymorphic@v4.11.0...v4.11.1

Commits

• fa735f2 switch default branch master -> main
• fc10d06 update changelog
• 13b36cf add admin tests for coverage
• 81f7ccb add more admin tests for coverage
• 8ad3483 broaden bandit triggers
• 6c6114d remove unnecessary mark_safe, potentially vulnerable to xss
• 488e1bf Add bandit security scanning to CI
• 13521c6 reinclude lockfile - need it to avoid mysql builds
• c05a2df fix test path restriction
• d6adb62 Merge pull request #870 from jazzband/dependabot/github_actions/gha-updates-b...
• Additional commits viewable in compare view

Updates reportlab from 4.4.9 to 4.4.10

Updates markdown from 3.10.1 to 3.10.2

Release notes

Sourced from markdown's releases.

Release 3.10.2

Fixed

• Fix a regression related to comment handling (#1590).
• More reliable fix for </ (#1593).

Changelog

Sourced from markdown's changelog.

[3.10.2] - 2026-02-09

Fixed

• Fix a regression related to comment handling (#1590).
• More reliable fix for </ (#1593).

Commits

• e7a0efb Bump version to 3.10.2
• 6301833 Document HTML sanitation policy
• 7f29f1a More reliable fix for </
• c438647 Fix regression of special comments
• See full diff in compare view

Updates pyjwt from 2.12.0 to 2.12.1

Release notes

Sourced from pyjwt's releases.

2.12.1

What's Changed

• Add typing_extensions dependency for Python < 3.11 by @​jpadilla in jpadilla/pyjwt#1151

Full Changelog: jpadilla/pyjwt@2.12.0...2.12.1

Changelog

Sourced from pyjwt's changelog.

v2.12.1 <https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1>__

Fixed

- Add missing ``typing_extensions`` dependency for Python < 3.11 in `[#1150](https://github.com/jpadilla/pyjwt/issues/1150) <https://github.com/jpadilla/pyjwt/issues/1150>`__

Commits

• a4e1a3d Add typing_extensions dependency for Python < 3.11 (#1151)
• See full diff in compare view

Updates mysqlclient from 2.2.7 to 2.2.8

Release notes

Sourced from mysqlclient's releases.

v2.2.8

What's Changed

• support local_infile_dir option by @​RasmusKard in PyMySQL/mysqlclient#755
• update readthedocs conf by @​methane in PyMySQL/mysqlclient#759
• update mariadb-connector to 3.4.8 by @​methane in PyMySQL/mysqlclient#773
• add Python 3.14 and drop Python 3.9 by @​methane in PyMySQL/mysqlclient#774
• update pyproject.toml to support Python 3.14 by @​MysticEntity-dev in PyMySQL/mysqlclient#772
• free threading: do not enable GIL by @​methane in PyMySQL/mysqlclient#775
• release v2.2.8 by @​methane in PyMySQL/mysqlclient#776

New Contributors

• @​RasmusKard made their first contribution in PyMySQL/mysqlclient#755
• @​MysticEntity-dev made their first contribution in PyMySQL/mysqlclient#772

Full Changelog: PyMySQL/mysqlclient@v2.2.7...v2.2.8

Changelog

Sourced from mysqlclient's changelog.

What's new in 2.2.8

Release: 2026-02-10

• Add local_infile_dir option to restrict LOAD DATA LOCAL INFILE file path. (#755)
• windows wheel: Update mariadb-connector to 3.4.8 (#773)
• Add Python 3.14 and drop Python 3.8, 3.9 support. (#774)
• Experimental support for free threaded Python. Importing MySQLdb doesn't enable the GIL anymore. This doesn't mean mysqlclient is thread safe. You must not use same connection object from multiple threads concurrently. (#775)

======================

Commits

• 33f3948 release v2.2.8 (#776)
• aeff560 free threading: do not enable GIL (#775)
• d0371b2 update pyproject.toml to support Python 3.14 (#772)
• 21b99a0 add Python 3.14 and drop Python 3.9 (#774)
• af50276 update mariadb-connector to 3.4.8 (#773)
• e54e861 update readthedocs conf (#759)
• 5b35866 support local_infile_dir option (#755)
• See full diff in compare view

Updates coverage from 7.13.3 to 7.13.5

Changelog

Sourced from coverage's changelog.

Version 7.13.5 — 2026-03-17

• Fix: issue 2138_ describes a memory leak that happened when repeatedly using the Coverage API with in-memory data. This is now fixed.

• Fix: the markdown-formatted coverage report didn't fully escape special characters in file paths (issue 2141). This would be very unlikely to cause a problem, but now it's done properly, thanks to Ellie Ayla <pull 2142_>.

• Fix: the C extension wouldn't build on VS2019, but now it does (issue 2145_).

.. _issue 2138: coveragepy/coveragepy#2138 .. _issue 2141: coveragepy/coveragepy#2141 .. _pull 2142: coveragepy/coveragepy#2142 .. _issue 2145: coveragepy/coveragepy#2145

.. _changes_7-13-4:

Version 7.13.4 — 2026-02-09

• Fix: the third-party code fix in 7.13.3 required examining the parent directories where coverage was run. In the unusual situation that one of the parent directories is unreadable, a PermissionError would occur, as described in issue 2129_. This is now fixed.

• Fix: in test suites that change sys.path, coverage.py could fail with "RuntimeError: Set changed size during iteration" as described and fixed in pull 2130_. Thanks, Noah Fatsi.

• We now publish ppc64le wheels, thanks to Pankhudi Jain <pull 2121_>_.

.. _pull 2121: coveragepy/coveragepy#2121 .. _issue 2129: coveragepy/coveragepy#2129 .. _pull 2130: coveragepy/coveragepy#2130

.. _changes_7-13-3:

Commits

• c88da14 docs: sample HTML for 7.13.5
• e2ac3e1 build: sample HTML shouldn't include the status.json file
• 910f8f3 docs: prep for 7.13.5
• 3a4819c style: make workflows more uniform
• 2a53705 chore: bump the action-dependencies group across 1 directory with 4 updates (...
• e7c878d chore: make upgrade
• ab4db40 build: use --generate-hashes when pinning
• a438753 chore: make upgrade
• 7b33457 refactor: some leftover pyupgrade 3.10 bits
• 2ff968d refactor: this type wasn't used anywhere
• Additional commits viewable in compare view

Updates pylint from 4.0.4 to 4.0.5

Commits

• 88e1ab7 Bump pylint to 4.0.5, update changelog (#10860)
• d96d489 [Backport maintenance/4.0.x] Relax isort version constraint to allow isort 8 ...
• 0b08ccb Fix dynamic color mapping for "fail-on" messages when using multiple reporter...
• 154dba4 [Backport maintenance/4.0.x] Fix FP for invalid-name with typing.Final on...
• 7b73bfd Disable unspecified-encoding for py-version above Python 3.15 (#10800)
• 4cc98be [Backport maintenance/4.0.x] Fix setting options for import order checker (#1...
• f0d30a2 Sync astroid version with requirements file again
• 38bdf02 [Backport maintenance/4.0.x] Fix logging-unsupported-format when logging ...
• f08c33a [Backport maintenance/4.0.x] Properly detect self.fail() as a terminating...
• See full diff in compare view

Updates sphinx-github-changelog from 1.7.1 to 1.7.2

Release notes

Sourced from sphinx-github-changelog's releases.

1.7.2

What's Changed

• Fix expiring image URLs in release descriptions by @​ashnair1 in ewjoachim/sphinx-github-changelog#184

New Contributors

• @​ashnair1 made their first contribution in ewjoachim/sphinx-github-changelog#184

Full Changelog: ewjoachim/sphinx-github-changelog@1.7.1...1.7.2

Commits

• 0b75b5a Merge pull request #184 from ashnair1/image-fix
• 0f39b09 Fix expiring image URLs in release descriptions
• 7924b3a Merge pull request #183 from ewjoachim/dependabot/uv/urllib3-2.6.3
• ffbc013 [pre-commit.ci] auto fixes from pre-commit.com hooks
• 7e63072 Bump urllib3 from 2.5.0 to 2.6.3
• fe53204 Update jakebailey/pyright-action action to v3 (#182)
• f5dfbd7 Lock file maintenance (#180)
• 70357be Update actions/checkout action to v6 (#179)
• 0eaa707 Lock file maintenance (#178)
• 12bbe99 Lock file maintenance (#177)
• Additional commits viewable in compare view

Updates prek from 0.3.1 to 0.3.8

Release notes

Sourced from prek's releases.

0.3.8

Release Notes

Released on 2026-03-23.

Enhancements

• Add experimental language: deno support (#1516)
• Add pretty-format-json as builtin hook (#915)
• Add check-vcs-permalinks as builtin hook (#1842)
• Add check-illegal-windows-names as builtin hook (#1841)
• Add check-shebang-scripts-are-executable builtin hook (#1847)
• Add destroyed-symlinks builtin hook (#1851)
• Add file-contents-sorter as builtin hook (#1846)
• Add --all flag to prek uninstall (#1817)
• Improve file pattern parse errors (#1829)
• Validate uv binary after download (#1825)

Bug fixes

• Fix workspace-relative added file paths (#1852)
• Relax alias-anchor ratio check for check-yaml (#1839)

Contributors

• @​j178
• @​shaanmajid
• @​mvanhorn
• @​feliblo
• @​Tiryoh

Install prek 0.3.8

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/j178/prek/releases/download/v0.3.8/prek-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/j178/prek/releases/download/v0.3.8/prek-installer.ps1 | iex"

Install prebuilt binaries via Homebrew

brew install prek

... (truncated)

Changelog

Sourced from prek's changelog.

0.3.8

Released on 2026-03-23.

Enhancements

• Add experimental language: deno support (#1516)
• Add pretty-format-json as builtin hook (#915)
• Add check-vcs-permalinks as builtin hook (#1842)
• Add check-illegal-windows-names as builtin hook (#1841)
• Add check-shebang-scripts-are-executable builtin hook (#1847)
• Add destroyed-symlinks builtin hook (#1851)
• Add file-contents-sorter as builtin hook (#1846)
• Add --all flag to prek uninstall (#1817)
• Improve file pattern parse errors (#1829)
• Validate uv binary after download (#1825)

Bug fixes

• Fix workspace-relative added file paths (#1852)
• Relax alias-anchor ratio check for check-yaml (#1839)

Contributors

• @​j178
• @​shaanmajid
• @​mvanhorn
• @​feliblo
• @​Tiryoh

0.3.7

Due to a release process failure, this version was republished as 0.3.8.

0.3.6

Released on 2026-03-16.

Enhancements

• Allow selectors for hook ids containing colons (#1782)
• Rename prek install-hooks to prek prepare-hooks and prek install --install-hooks to prek install --prepare-hooks (#1766)
• Retry auth-failed repo clones with terminal prompts enabled (#1761)

Performance

• Optimize detect_private_key by chunked reading and using aho-corasick (#1791)
• Optimize fix_byte_order_marker by shifting file contents in place (#1790)

Bug fixes

... (truncated)

Commits

• bb412c0 Bump version to 0.3.8 (#1858)
• 21de0b9 Fix permission for publish-npm
• 00e7be7 Clarify why check-illegal-windows-names stays builtin-only (#1857)
• 1dbec0c Bump version to 0.3.7 (#1856)
• ba62c04 Add pretty_format_json as builtin hook (#915)
• dbca904 Fix workspace-relative added file paths (#1852)
• 24f2d62 Add destroyed-symlinks builtin hook (#1851)
• fc529df Add check-shebang-scripts-are-executable builtin hook (#1847)
• addddb8 Add file-contents-sorter as builtin hook (#1846)
• cb3f71c Add check-vcs-permalinks as builtin hook (#1842)
• Additional commits viewable in compare view

Updates ruff from 0.15.0 to 0.15.7

Release notes

Sourced from ruff's releases.

0.15.7

Release Notes

Released on 2026-03-19.

Preview features

• Display output severity in preview (#23845)
• Don't show noqa hover for non-Python documents (#24040)

Rule changes

• [pycodestyle] Recognize pyrefly: as a pragma comment (E501) (#24019)

Server

• Don't return code actions for non-Python documents (#23905)

Documentation

• Add company AI policy to contributing guide (#24021)
• Document editor features for Markdown code formatting (#23924)
• [pylint] Improve phrasing (PLC0208) (#24033)

Other changes

• Use PEP 639 license information (#19661)

Contributors

• @​tmimmanuel
• @​DimitriPapadopoulos
• @​amyreese
• @​statxc
• @​dylwil3
• @​hunterhogan
• @​renovate

Install ruff 0.15.7

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.7/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.7/ruff-installer.ps1 | iex"
</tr></table> 

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.7

Released on 2026-03-19.

Preview features

• Display output severity in preview (#23845)
• Don't show noqa hover for non-Python documents (#24040)

Rule changes

• [pycodestyle] Recognize pyrefly: as a pragma comment (E501) (#24019)

Server

• Don't return code actions for non-Python documents (#23905)

Documentation

• Add company AI policy to contributing guide (#24021)
• Document editor features for Markdown code formatting (#23924)
• [pylint] Improve phrasing (PLC0208) (#24033)

Other changes

• Use PEP 639 license information (#19661)

Contributors

• @​tmimmanuel
• @​DimitriPapadopoulos
• @​amyreese
• @​statxc
• @​dylwil3
• @​hunterhogan
• @​renovate

0.15.6

Released on 2026-03-12.

Preview features

• Add support for lazy import parsing (#23755)
• Add support for star-unpacking of comprehensions (PEP 798) (#23788)
• Reject semantic syntax errors for lazy imports (#23757)
• Drop a few rules from the preview default set (#23879)
• [airflow] Flag Variable.get() calls outside of task execution context (AIR003) (#23584)
• [airflow] Flag runtime-varying values in DAG/task constructor arguments (AIR304) (#23631)
• [flake8-bugbear] Implement delattr-with-constant (B043) (#23737)

... (truncated)

Commits

• 0ef39de Bump 0.15.7 (#24049)
• beb543b [ty] ecosystem-analyzer: Fail on newly panicking projects (#24043)
• 378fe73 Don't show noqa hover for non-Python documents (#24040)
• b5665bd [pylint] Improve phrasing (PLC0208) (#24033)
• 6e20f22 test: migrate show_settings and version tests to use CliTest (#23702)
• f99b284 Drain file watcher events during test setup (#24030)
• 744c996 [ty] Filter out unsatisfiable inference attempts during generic call narrowin...
• 1616095 [ty] Avoid inferring intersection types for call arguments (#23933)
• 7f275f4 [ty] Pin mypy_primer in setup_primer_project.py (#24020)
• 7255e36 [pycodestyle] Recognize pyrefly: as a pragma comment (E501) (#24019)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[coveralls]

coverage: 81.356%. remained the same
when pulling 8f5c687 on dependabot/uv/patches-8ebc814fea
into f4ef166 on main.