deps(deps-dev): bump the python-development group with 10 updates

[dependabot]

Bumps the python-development group with 10 updates:

Package	From	To
ipython	9.11.0	9.14.1
locust	2.43.3	2.44.4
mypy	1.19.1	2.1.0
pre-commit	4.5.1	4.6.0
pytest-asyncio	1.3.0	1.4.0
pytest-cov	7.0.0	7.1.0
pytest-randomly	4.0.1	4.1.0
ruff	0.14.14	0.15.19
types-cachetools	6.2.0.20251022	7.0.0.20260518
types-pyyaml	6.0.12.20250915	6.0.12.20260518

Updates ipython from 9.11.0 to 9.14.1

Commits

• 352c35b release 9.14.1
• df72b1f Add forward compatibility for pdb.Pdb's mode argument (#15235)
• a957d81 Handle pdb.Pdb mode argument and test signature compatibility
• 3e1c054 ci: add zizmor GitHub Actions security analysis and harden workflows (#15238)
• 0181ae3 ci: add zizmor GitHub Actions security analysis and harden workflows
• fb831cc back to dev
• 9d1f24b release 9.14.0
• d8b9d11 Add IPython 9.14 release notes (#15228)
• 80cc1b9 Apply suggestions from code review
• 99feaad Prepare release notes for 9.14
• Additional commits viewable in compare view

Updates locust from 2.43.3 to 2.44.4

Release notes

Sourced from locust's releases.

2.44.4

What's Changed

• docs: fix typos by @​juliosuas in locustio/locust#3426
• fix: reject partially-matched timespan strings in parse_timespan by @​JSap0914 in locustio/locust#3425
• Other minor doc fixes

New Contributors

• @​JSap0914 made their first contribution in locustio/locust#3425

Full Changelog: locustio/locust@2.44.3...2.44.4

2.44.3

(fix build fail in 2.44.2, no real changes)

Full Changelog: locustio/locust@2.44.2...2.44.3

2.44.2

What's Changed

• docs: add Azure Load Testing callout banner to Hosted load testing page by @​Arun-Thangaraj in locustio/locust#3422
• Add OTEL locust.client.duration histogram for response times by @​cyberw in locustio/locust#3424

New Contributors

• @​Arun-Thangaraj made their first contribution in locustio/locust#3422

Full Changelog: locustio/locust@2.44.1...2.44.2

2.44.1

What's Changed

• up pre-commit 3.xx to 4.xxx by @​even-even in locustio/locust#3412
• Add aiolocust and azure load testing to docs by @​cyberw in locustio/locust#3414
• docs: guard custom web routes without web UI by @​puneetdixit200 in locustio/locust#3416
• Add hostname, locustfile and profile to otel Resource by @​cyberw in locustio/locust#3420
• Add logging support to for OTEL by @​cyberw in locustio/locust#3421

New Contributors

• @​puneetdixit200 made their first contribution in locustio/locust#3416

Full Changelog: locustio/locust@2.44.0...2.44.1

2.44.0

What's Changed

• fix(fasthttp): catch FAILURE_EXCEPTIONS during response body read by @​jorgetamayo21 in locustio/locust#3397
• Fix FastHttpUser crash on Python 3.13+ due to GC collecting dict reference cycle by @​armorbreak001 in locustio/locust#3398
• Add first seen / last seen timestamps to failure stats by @​tugkanboz in locustio/locust#3403
• fix(fasthttp): handle zlib.error for truncated gzip streams under high load by @​jorgetamayo21 in locustio/locust#3405
• fix(fasthttp): add 308 to redirect_resonse_codes in LocustUserAgent by @​jorgetamayo21 in locustio/locust#3406
• Disable UI lib npm package publication by @​cyberw in locustio/locust#3408
• Add AI-optimized documentation (llms.txt) by @​nk-tedo-001 in locustio/locust#3399
• feat(contrib): add CsvRequestLogger for per-request CSV logging by @​AKIB473 in locustio/locust#3404
• unify ruff in pyproject.toml and pre-commits by @​even-even in locustio/locust#3409

... (truncated)

Changelog

Sourced from locust's changelog.

Detailed changelog

The most important changes can also be found in the documentation.

2.44.1 (2026-06-01)

Full Changelog

Merged pull requests:

• Add logging support to for OTEL #3421 (cyberw)
• Add hostname, locustfile and profile to otel Resource #3420 (cyberw)
• docs: guard custom web routes without web UI #3416 (puneetdixit200)
• Add aiolocust and azure load testing to docs #3414 (cyberw)
• up pre-commit 3.xx to 4.xxx #3412 (even-even)

2.44.0 (2026-05-11)

Full Changelog

Fixed bugs:

• FastHttpUser crashes with TypeError: on_request() missing 4 required positional arguments on Python 3.13+ #3388

Closed issues:

• Show when each failure was first and last seen in the Failures tab #3402
• Add CSV Export of Detailed Request Logs #3389
• [Docs] Publish AI-optimized documentation #3372

Merged pull requests:

• unify ruff in pyproject.toml and pre-commits #3409 (even-even)
• Disable UI lib npm package publication #3408 (cyberw)
• fix(fasthttp): add 308 to redirect_resonse_codes in LocustUserAgent #3406 (jorgetamayo21)
• fix(fasthttp): handle zlib.error for truncated gzip streams under high load #3405 (jorgetamayo21)
• Add first seen / last seen timestamps to failure stats #3403 (tugkanboz)
• Add AI-optimized documentation (llms.txt) #3399 (nk-tedo-001)
• Fix FastHttpUser crash on Python 3.13+ due to GC collecting __dict__ reference cycle #3398 (armorbreak001)
• fix(fasthttp): catch FAILURE_EXCEPTIONS during response body read #3397 (jorgetamayo21)

2.43.4 (2026-04-01)

Full Changelog

Fixed bugs:

• HTML report uses current_rps instead of total_rps for req/s column #3355
• Using --processes with --print-stats causes all workers to print stats #3352
• Docker image does not have OTEL libraries installed #3309

... (truncated)

Commits

• 7596188 Merge pull request #3425 from JSap0914/fix/parse-timespan-partial-match-valid...
• 527044d Merge pull request #3426 from juliosuas/codex/fix-doc-comment-typos-20260617
• 6c9ec7e docs: fix typos
• 689fad7 style: ruff
• 38ceb64 fix: reject partially-matched timespan strings in parse_timespan
• 204a3c6 Link quickstart guide
• c4d5685 Add microsoft logo to readme
• daba10c dont require all arguments for otel request event handler
• 9df5e20 type hint set
• 382dbed release notes
• Additional commits viewable in compare view

Updates mypy from 1.19.1 to 2.1.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 2.1

We’ve just uploaded mypy 2.1.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

librt.vecs: Fast Growable Array Type for Mypyc

The new librt.vecs module provides an efficient growable array type vec that is optimized for mypyc use. It provides fast, packed arrays with integer and floating point value types, which can be several times faster than list, and tens of times faster than array.array in code compiled using mypyc. It also supports nested vec objects and non-value-type items, such as vec[vec[str]].

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo.

librt.random: Fast Pseudo-Random Number Generation

The new librt.random module provides fast pseudo-random number generation that is optimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib random module in compiled code.

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo (PR 21433).

Mypyc Improvements

• Enable incremental self-compilation (Vaggelis Danias, PR 21369)
• Make compilation order with multiple files consistent (Piotr Sawicki, PR 21419)
• Fix crash on accessing StopAsyncIteration (Piotr Sawicki, PR 21406)
• Fix incremental compilation with separate flag (Vaggelis Danias, PR 21299)

Fixes to Crashes

• Fix crash on partial type with --allow-redefinition and global declaration (Jukka Lehtosalo, PR 21428)
• Fix broken awaitable generator patching (Ivan Levkivskyi, PR 21435)

... (truncated)

Commits

• c1c336d Remove +dev from version
• 74df14b Add changelog for mypy 2.1 (#21464)
• 022d9bc Revert "TypeForm: Enable by default (#21262)"
• 8826288 [mypyc] Document librt.random (#21463)
• 3f4067b Bump librt version to 0.11.0 (#21458)
• 2b1eb58 [mypyc] Enable incremental self-compilation (#21369)
• 8152f4a Respect file config comments for stale modules (#21444)
• 116d60b Fix nondeterminism from nonassociativity of overload joins (#21455)
• 6c4af8e Fix function call message change for small number of args (#21432)
• 4b8fdca [mypyc] Add librt.random module (#21433)
• Additional commits viewable in compare view

Updates pre-commit from 4.5.1 to 4.6.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.6.0

Features

• pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.
  • #3662 PR by @​asottile.

Fixes

• pre-commit hook-impl: --hook-type is required.
  • #3661 PR by @​asottile.

Changelog

Sourced from pre-commit's changelog.

4.6.0 - 2026-04-21

Features

• pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.
  • #3662 PR by @​asottile.

Fixes

• pre-commit hook-impl: --hook-type is required.
  • #3661 PR by @​asottile.

Commits

• f35134b v4.6.0
• 2a51ffc Merge pull request #3662 from pre-commit/hook-impl-optional-hook-dir
• d7dee32 make --hook-dir optional for hook-impl
• 965aeb1 Merge pull request #3661 from pre-commit/hook-impl-required
• 2eacc06 --hook-type is required for hook-impl
• f5678bf Merge pull request #3657 from pre-commit/pre-commit-ci-update-config
• 054cc5b [pre-commit.ci] pre-commit autoupdate
• 5c0f302 Merge pull request #3652 from pre-commit/pre-commit-ci-update-config
• a5d9114 [pre-commit.ci] pre-commit autoupdate
• 129a1f5 Merge pull request #3641 from pre-commit/mxr-patch-1
• Additional commits viewable in compare view

Updates pytest-asyncio from 1.3.0 to 1.4.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio v1.4.0

1.4.0 - 2026-05-26

Deprecated

• Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

• Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

  The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged.

  Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

• Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
• Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)
• Updated minimum supported pytest version to v8.4.0. (#1397)

Fixed

• Fixed a ResourceWarning: unclosed event loop warning that could occur when a synchronous test called asyncio.run() or otherwise unset the current event loop after pytest-asyncio had run an async test or fixture. (#724)

Notes for Downstream Packagers

• Added dependency on sphinx-tabs >= 3.5 to organize documentation examples into tabs. (#1395)

pytest-asyncio v1.4.0a2

1.4.0a2 - 2026-05-02

Deprecated

• Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

• Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

  The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged on pytest 8.4+.

  Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

• Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
• Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)

... (truncated)

Commits

• 6e14cd2 chore: Prepare release of v1.4.0.
• 4b900fb Build(deps): Bump codecov/codecov-action from 6.0.0 to 6.0.1
• ab9f632 Build(deps): Bump zipp from 3.23.1 to 4.1.0
• a56fc77 Build(deps): Bump hypothesis from 6.152.6 to 6.152.8
• e8bae9b Build(deps): Bump requests from 2.34.0 to 2.34.2
• fc43340 Build(deps): Bump idna from 3.14 to 3.15
• 762eaf5 Build(deps): Bump jaraco-functools from 4.4.0 to 4.5.0
• b62e222 Build(deps): Bump click from 8.3.3 to 8.4.0
• 9190447 Build(deps): Bump pydantic from 2.13.3 to 2.13.4
• 82a393c ci: Remove unnecessary debug output.
• Additional commits viewable in compare view

Updates pytest-cov from 7.0.0 to 7.1.0

Changelog

Sourced from pytest-cov's changelog.

7.1.0 (2026-03-21)

• Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See [#641](https://github.com/pytest-dev/pytest-cov/issues/641) <https://github.com/pytest-dev/pytest-cov/issues/641>_.

• Improve handling of ResourceWarning from sqlite3.

  The plugin adds warning filter for sqlite3 ResourceWarning unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.

  With this fix one can suppress ResourceWarning from sqlite3 from command line::

  pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...

• Various improvements to documentation. Contributed by Art Pelling in [#718](https://github.com/pytest-dev/pytest-cov/issues/718) <https://github.com/pytest-dev/pytest-cov/pull/718>_ and "vivodi" in [#738](https://github.com/pytest-dev/pytest-cov/issues/738) <https://github.com/pytest-dev/pytest-cov/pull/738>. Also closed [#736](https://github.com/pytest-dev/pytest-cov/issues/736) <https://github.com/pytest-dev/pytest-cov/issues/736>.

• Fixed some assertions in tests. Contributed by in Markéta Machová in [#722](https://github.com/pytest-dev/pytest-cov/issues/722) <https://github.com/pytest-dev/pytest-cov/pull/722>_.

• Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).

Commits

• 66c8a52 Bump version: 7.0.0 → 7.1.0
• f707662 Make the examples use pypy 3.11.
• 6049a78 Make context test use the old ctracer (seems the new sysmon tracer behaves di...
• 8ebf20b Update changelog.
• 861d30e Remove the backup context manager - shouldn't be needed since coverage 5.0, ...
• fd4c956 Pass the precision on the nulled total (seems that there's some caching goion...
• 78c9c4e Only run the 3.9 on older deps.
• 4849a92 Punctuation.
• 197c35e Update changelog and hopefully I don't forget to publish release again :))
• 14dc1c9 Update examples to use 3.11 and make the adhoc layout example look a bit more...
• Additional commits viewable in compare view

Updates pytest-randomly from 4.0.1 to 4.1.0

Changelog

Sourced from pytest-randomly's changelog.

4.1.0 (2026-04-20)

• Fix a crash with Faker installed when explicitly enabling and disabling the plugin (via -p randomly -p no:randomly).

  Thanks to mojosan77 for the report in Issue [#718](https://github.com/pytest-dev/pytest-randomly/issues/718) <https://github.com/pytest-dev/pytest-randomly/issues/718>__.

• Drop Python 3.9 support.

Commits

• c412c8d Version 4.1.0
• 657d9c3 Upgrade dependencies (#722)
• 49c8c1b Fix a crash with Faker installed and plugin disabled (#721)
• c9181c2 Bump django from 5.2.12 to 5.2.13 (#717)
• 1292cc0 Upgrade pre-commit to Python 3.14 (#716)
• 56d1388 [pre-commit.ci] pre-commit autoupdate (#715)
• 43702c1 Upgrade dependencies (#714)
• c3dc97c Bump pygments from 2.19.2 to 2.20.0 (#713)
• a2dee8a Improve Coverage.py configuration (#712)
• fed4766 Upgrade dependencies (#711)
• Additional commits viewable in compare view

Updates ruff from 0.14.14 to 0.15.19

Release notes

Sourced from ruff's releases.

0.15.19

Release Notes

Released on 2026-06-23.

Preview features

• Support human-readable names when hovering suppression comments and in code actions (#26114)

Bug fixes

• Fall back to default settings when editor-only settings are invalid (#26244)
• Fix panic when inserting text at a notebook cell boundary (#26111)

Rule changes

• [pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#26239)

Performance

• Avoid allocating when parsing single string literals (#26200)
• Avoid reallocating singleton call arguments (#26223)
• Lazily create source files for lint diagnostics (#26226)
• Optimize formatter text width and indentation (#26236)
• Reserve capacity for builtin bindings (#26229)
• Skip repeated-key checks for singleton dictionaries (#26228)
• Use ArrayVec for qualified name segments (#26224)

Documentation

• [flake8-pyi] Note that PYI051 is an opinionated stylistic rule (#26179)
• [pyupgrade] Clarify UP029 as a Python 2 compatibility rule (#26243)

Other changes

• Publish Ruff crates to crates.io (#26271)

Contributors

• @​MakenRosa
• @​MichaReiser
• @​trilamsr
• @​ntBre
• @​sanjibani
• @​charliermarsh

Install ruff 0.15.19

Install prebuilt binaries via shell script

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.19

Released on 2026-06-23.

Preview features

• Support human-readable names when hovering suppression comments and in code actions (#26114)

Bug fixes

• Fall back to default settings when editor-only settings are invalid (#26244)
• Fix panic when inserting text at a notebook cell boundary (#26111)

Rule changes

• [pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#26239)

Performance

• Avoid allocating when parsing single string literals (#26200)
• Avoid reallocating singleton call arguments (#26223)
• Lazily create source files for lint diagnostics (#26226)
• Optimize formatter text width and indentation (#26236)
• Reserve capacity for builtin bindings (#26229)
• Skip repeated-key checks for singleton dictionaries (#26228)
• Use ArrayVec for qualified name segments (#26224)

Documentation

• [flake8-pyi] Note that PYI051 is an opinionated stylistic rule (#26179)
• [pyupgrade] Clarify UP029 as a Python 2 compatibility rule (#26243)

Other changes

• Publish Ruff crates to crates.io (#26271)

Contributors

• @​MakenRosa
• @​MichaReiser
• @​trilamsr
• @​ntBre
• @​sanjibani
• @​charliermarsh

0.15.18

Released on 2026-06-18.

Preview features

... (truncated)

Commits

• 7f04365 Bump version to 0.15.19 (#26291)
• a30ba16 [ty] Infer definite equality comparison results (#26290)
• bcd2028 [ty] Avoid recursion when projecting narrowing constraints (#26276)
• c0e083e [ty] Avoid bypassing lazy constraints for Divergent (#26288)
• fb13596 Record configured crates.io packages (#26281)
• 85da759 [ty] Fix ParamSpec callable signature extraction for callable instances (#26279)
• 4c98a81 [ty] Make multi-arm TypeOf cycle recovery monotonic (#26275)
• 7b84361 [ty] Preserve regular kind for callable instances (#26253)
• 93c8c59 [flake8-pyi] Note that PYI051 is an opinionated stylistic rule (#26179)
• bc9bb05 [ty] Infer types for names bound in match patterns (#25940)
• Additional commits viewable in compare view

Updates types-cachetools from 6.2.0.20251022 to 7.0.0.20260518

Commits

• See full diff in compare view

Updates types-pyyaml from 6.0.12.20250915 to 6.0.12.20260518

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud