build(deps): bump the pip group with 6 updates

[dependabot]

Updates the requirements on boto3, requests, typing-extensions, moto[ec2], pyright and setuptools-scm to permit the latest version.
Updates boto3 from 1.40.6 to 1.40.21

Commits

• 8f8cca7 Merge branch 'release-1.40.21'
• f52857a Bumping version to 1.40.21
• 2929a26 Add changelog entries from botocore
• 3e12c82 Merge branch 'release-1.40.20'
• 95ccc42 Merge branch 'release-1.40.20' into develop
• 8b5d5ce Bumping version to 1.40.20
• 5be943b Add changelog entries from botocore
• 2438288 Merge branch 'release-1.40.19'
• 7630391 Merge branch 'release-1.40.19' into develop
• 29c8360 Bumping version to 1.40.19
• Additional commits viewable in compare view

Updates requests from 2.32.4 to 2.32.5

Release notes

Sourced from requests's releases.

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

Changelog

Sourced from requests's changelog.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

Commits

• b25c87d v2.32.5
• 131e506 Merge pull request #7010 from psf/dependabot/github_actions/actions/checkout-...
• b336cb2 Bump actions/checkout from 4.2.0 to 5.0.0
• 46e939b Update publish workflow to use artifact-id instead of name
• 4b9c546 Merge pull request #6999 from psf/dependabot/github_actions/step-security/har...
• 7618dbe Bump step-security/harden-runner from 2.12.0 to 2.13.0
• 2edca11 Add support for Python 3.14 and drop support for Python 3.8 (#6993)
• fec96cd Update Makefile rules (#6996)
• d58d8aa docs: clarify timeout parameter uses seconds in Session.request (#6994)
• 91a3eab Bump github/codeql-action from 3.28.5 to 3.29.0
• Additional commits viewable in compare view

Updates typing-extensions from 4.14.1 to 4.15.0

Release notes

Sourced from typing-extensions's releases.

4.15.0

No user-facing changes since 4.15.0rc1.

New features since 4.14.1:

• Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
• Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
• Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.

4.15.0rc1

• Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
• Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
• Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.

Changelog

Sourced from typing-extensions's changelog.

Release 4.15.0 (August 25, 2025)

No user-facing changes since 4.15.0rc1.

Release 4.15.0rc1 (August 18, 2025)

• Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
• Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
• Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.

Commits

• 9d1637e Prepare release 4.15.0 (#658)
• 4bd67c5 Coverage: exclude some noise (#656)
• e589a26 Coverage: add detailed report to job summary (#655)
• 67d37fe Coverage: Implement fail_under (#654)
• e9ae26f Don't delete previous coverage comment (#653)
• ac80bb7 Add Coverage workflow (#623)
• abaaafd Prepare release 4.15.0rc1 (#650)
• 9810405 Add @disjoint_base (PEP 800) (#634)
• 7ee9e05 Backport type_params fix from CPython (#646)
• 1e8eb9c Do not refer to PEP 705 as being experimental (#648)
• Additional commits viewable in compare view

Updates moto[ec2] from 5.1.8 to 5.1.11

Changelog

Sourced from moto[ec2]'s changelog.

5.1.11

Docker Digest for 5.1.11: sha256:8ca337023ebaa5c0b8b33503b178d4db3326fca184551d6f47b07b8dd8532644

New Methods:
    * Athena:
        * list_tags_for_resource()
* Comprehend:
    * delete_resource_policy()
    * describe_document_classification_job()
    * describe_dominant_language_detection_job()
    * describe_entities_detection_job()
    * describe_events_detection_job()
    * describe_key_phrases_detection_job()
    * describe_pii_entities_detection_job()
    * describe_resource_policy()
    * describe_sentiment_detection_job()
    * describe_targeted_sentiment_detection_job()
    * describe_topics_detection_job()
    * list_document_classification_jobs()
    * list_dominant_language_detection_jobs()
    * list_entities_detection_jobs()
    * list_events_detection_jobs()
    * list_key_phrases_detection_jobs()
    * list_pii_entities_detection_jobs()
    * list_sentiment_detection_jobs()
    * list_targeted_sentiment_detection_jobs()
    * list_topics_detection_jobs()
    * put_resource_policy()
    * start_document_classification_job()
    * start_dominant_language_detection_job()
    * start_entities_detection_job()
    * start_events_detection_job()
    * start_key_phrases_detection_job()
    * start_pii_entities_detection_job()
    * start_sentiment_detection_job()
    * start_targeted_sentiment_detection_job()
    * start_topics_detection_job()
    * stop_dominant_language_detection_job()
    * stop_entities_detection_job()
    * stop_events_detection_job()
    * stop_key_phrases_detection_job()
    * stop_pii_entities_detection_job()
    * stop_sentiment_detection_job()
    * stop_targeted_sentiment_detection_job()

ElasticSearch:

describe_elasticsearch_domain_config()

... (truncated)

Commits

• 9689fb3 Pre-Release: Up Version Number
• 24a2c7a Prep release 5.1.11 (#9215)
• e400585 chore: update SSM default parameters (#9214)
• 1376020 chore: update EC2 Instance Types (#9213)
• 2c6de02 chore: update EC2 Instance Offerings (#9212)
• d8cc7e5 chore: update EMR Instance Types (#9211)
• 680d195 ELB: Improve parity for TargetGroup and LoadBalancer responses (#9201)
• cedad58 Admin: Rename test-files to *integration.py (#9210)
• 00b7549 EC2: Add missing attributes to Elastic Network Interfaces (#9202)
• c2fb71e S3: complete_multipart_upload() should respect IfNoneMatch for existing multi...
• Additional commits viewable in compare view

Updates pyright from 1.1.403 to 1.1.404

Commits

• d393df1 Pyright NPM Package update to 1.1.404 (#352)
• See full diff in compare view

Updates setuptools-scm to 9.2.0

Release notes

Sourced from setuptools-scm's releases.

v9.2.0

What's Changed

• reiterate version inference by @​RonnyPfannschmidt in pypa/setuptools-scm#1202

simple activation now requires a extra instead of setting up many pre-existing projects for failure/error

Full Changelog: pypa/setuptools-scm@v9.1.1...v9.2.0

Changelog

Sourced from setuptools-scm's changelog.

v9.2.0

Added

• add simplified activation via setuptools-scm[simple] extra

  A new streamlined way to enable version inference without requiring a [tool.setuptools_scm] section. When setuptools-scm[simple] is in build-system.requires and version is in project.dynamic, version inference is automatically enabled with default settings.

removed

• unchecked simplified activation - too many projects use setups where it would fail

changed

• refine activation logic and add unittest for the relevant cases instead of trying to speedrun setuptools

v9.1.1 (yanked)

fixed

• fix #1194: correctly handle version keyword when pyproject metadata is missing

v9.1.0 (yanked)

fixed

• complete reiteration of the decision logic for enabling version inference on setuptools_scm

  • shared logic for the important parts
  • proper deferring based in precedence of finalize options vs version keyword
  • unittestable for the parsing parts and the decision steps

v9.0.3 (yanked)

fixed

• fix 1184: verify version is dynamic if the dependency is used as indicator for enabling

v9.0.2 (yanked)

Fixed

• fix #1184: in case setuptools-scm is a indirect dependency and no pyproject.toml section exists - don't infer the version

... (truncated)

Commits

• 6bf6746 Merge pull request #1206 from pypa/RonnyPfannschmidt-changelog
• c49467d Update CHANGELOG.md
• 3baa398 Merge pull request #1202 from RonnyPfannschmidt/version-infer-again
• 861df20 Merge pull request #1199 from pypa/dependabot/github_actions/actions/download...
• daf68b5 Merge pull request #1200 from pypa/dependabot/github_actions/actions/checkout-5
• 229946a Merge pull request #1197 from pypa/pre-commit-ci-update-config
• b8a2920 Add simple extra to pyproject.toml
• 250b5c2 add test migration plan for llms + fix changelog formatting
• 56a7a00 split version inference into the part that needs a distribution object and th...
• 206742a return simplified activation with a extra to prevent regressions
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions