[pip] (deps): Bump the dev-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the dev-dependencies group with 6 updates in the / directory:

Package	From	To
python-json-logger	4.0.0	4.1.0
charset-normalizer	3.4.6	3.4.7
pychoir	0.0.29	0.0.30
requests	2.32.5	2.33.1
pygments	2.19.2	2.20.0
ruff	0.15.7	0.15.9

Updates python-json-logger from 4.0.0 to 4.1.0

Release notes

Sourced from python-json-logger's releases.

4.1.0

4.1.0 - 2026-03-29

Added

• Add support for Python 3.14, PyPy 3.11

Removed

• Remove support for Python 3.8, 3.9 (includes PyPy versions).

Changelog

Sourced from python-json-logger's changelog.

4.1.0 - 2026-03-29

Added

• Add support for Python 3.14, PyPy 3.11

Removed

• Remove support for Python 3.8, 3.9 (includes PyPy versions).

Commits

• d80c68d Release v4.1.0
• b589b2a [pyproject] Update license table to PEP 639 format
• 2bb784a Update code unlocked by Python 3.10 minimum version
• 79599b5 Drop python 3.8, 3.9 support
• 622650c [docs.contributing] Update unsupported JSON encoders
• 06165bb [tests.test_formatters] Add non-printable bytes to test_common_types_encoded
• 61f88a9 [docs.contributing] Clarify which packages have been considered and rejected
• 0add524 [docs.contributing] Clarify when we will add support for new third-party pack...
• eee9505 [pylint] Remove old command
• 8045926 [mypy] Don't ignore orjson
• Additional commits viewable in compare view

Updates charset-normalizer from 3.4.6 to 3.4.7

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.7

3.4.7 (2026-04-02)

Changed

• Pre-built optimized version using mypy[c] v1.20.
• Relax setuptools constraint to setuptools>=68,<82.1.

Fixed

• Correctly remove SIG remnant in utf-7 decoded string. (#718) (#716)

Changelog

Sourced from charset-normalizer's changelog.

3.4.7 (2026-04-02)

Changed

• Pre-built optimized version using mypy[c] v1.20.
• Relax setuptools constraint to setuptools>=68,<82.1.

Fixed

• Correctly remove SIG remnant in utf-7 decoded string. (#718) (#716)

Commits

• 0f07891 Merge pull request #729 from jawah/release-3.4.7
• fdbeb29 chore: update dev, and ci requirements
• b66f922 chore: add ft classifier
• f94249d chore: add test cases for utf_7 recent fix
• 95c866f chore: bump version to 3.4.7
• 4f429bb chore: bump mypy pre-commit to v1.20
• b579cd6 fix: correctly remove SIG remnant in utf-7 decoded string
• 58bf944 ⬆️ Bump github/codeql-action from 4.32.4 to 4.35.1 (#728)
• 44cf8a1 ⬆️ Bump actions/download-artifact from 8.0.0 to 8.0.1 (#726)
• 362bc20 ⬆️ Bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (#725)
• Additional commits viewable in compare view

Updates pychoir from 0.0.29 to 0.0.30

Release notes

Sourced from pychoir's releases.

Thirtieth release

• Python 3.14
• Dev deps update

Commits

• 99ff3e5 Upgrade dev deps
• 33c9ef8 Python 3.14
• 1089c0a Automatic package versioning from tag
• See full diff in compare view

Updates requests from 2.32.5 to 2.33.1

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

New Contributors

• @​ferdnyc made their first contribution in psf/requests#7277

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

v2.33.0

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

New Contributors

• @​M0d3v1 made their first contribution in psf/requests#6865
• @​aminvakil made their first contribution in psf/requests#7220
• @​E8Price made their first contribution in psf/requests#6960
• @​mitre88 made their first contribution in psf/requests#7244
• @​magsen made their first contribution in psf/requests#6553
• @​Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

Commits

• 111d2b7 v2.33.1
• f0198e6 Fix malformed value parsing for Content-Type (#7309)
• bc7dd0f Fix cosmetic header validity parsing regex (#7308)
• 4443b1a Fix unintended test extra (#7306)
• 389eea5 Cleanup extracted file after extract_zipped_path test (#7305)
• 7407309 Packaging: DRY out extras definition (#7277)
• bc04dfd v2.33.0
• 66d21cb Merge commit from fork
• 8b9bc8f Move badges to top of README (#7293)
• e331a28 Remove unused extraction call (#7292)
• Additional commits viewable in compare view

Updates pygments from 2.19.2 to 2.20.0

Release notes

Sourced from pygments's releases.

2.20.0

• New lexers:

  • Rell (#2914)

• Updated lexers:

  • archetype: Fix catastrophic backtracking in GUID and ID patterns (#3064)
  • ASN.1: Recognize minus sign and fix range operator (#3014, #3060)
  • C++: Add C++26 keywords (#2955), add integer literal suffixes (#2966)
  • ComponentPascal: Fix analyse_text (#3028, #3032)
  • Coq renamed to Rocq (#2883, #2908)
  • Cython: Various improvements (#2932, #2933)
  • Debian control: Improve architecture parsing (#3052)
  • Devicetree: Add support for overlay/fragments (#3021), add bytestring support (#3022), fix catastrophic backtracking (#3057)
  • Fennel: Various improvements (#2911)
  • Haskell: Handle escape sequences in character literals (#3069, #1795)
  • Java: Add module keywords (#2955)
  • Lean4: Add operators ]', ]?, ]! (#2946)
  • LESS: Support single-line comments (#3005)
  • LilyPond: Update to 2.25.29 (#2974)
  • LLVM: Support C-style comments (#3023, #2978)
  • Lua(u): Fix catastrophic backtracking (#3047)
  • Macaulay2: Update to 1.25.05 (#2893), 1.25.11 (#2988)
  • Mathematica: Various improvements (#2957)
  • meson: Add additional operators (#2919)
  • MySQL: Update keywords (#2970)
  • org-Mode: Support both schedule and deadline (#2899)
  • PHP: Add __PROPERTY__ magic constant (#2924), add reserved keywords (#3002)
  • PostgreSQL: Add more keywords (#2985)
  • protobuf: Fix namespace tokenization (#2929)
  • Python: Add t-string support (#2973, #3009, #3010)
  • Tablegen: Fix infinite loop (#2972, #2940)
  • Tera Term macro: Add commands introduced in v5.3 through v5.6 (#2951)
  • TOML: Support TOML 1.1.0 (#3026, #3027)
  • Turtle: Allow empty comment lines (#2980)
  • XML: Added .xbrl as file ending (#2890, #2891)

• Drop Python 3.8, and add Python 3.14 as a supported version (#2987, #3012)

• Various improvements to autopygmentize (#2894)

• Update onedark style to support more token types (#2977)

• Update rtt style to support more token types (#2895)

• Cache entry points to improve performance (#2979)

• Fix xterm-256 color table (#3043)

• Fix kwargs dictionary getting mutated on each call (#3044)

Changelog

Sourced from pygments's changelog.

Version 2.20.0

(released March 29th, 2026)

• New lexers:

  • Rell (#2914)

• Updated lexers:

  • archetype: Fix catastrophic backtracking in GUID and ID patterns (#3064)
  • ASN.1: Recognize minus sign and fix range operator (#3014, #3060)
  • C++: Add C++26 keywords (#2955), add integer literal suffixes (#2966)
  • ComponentPascal: Fix analyse_text (#3028, #3032)
  • Coq renamed to Rocq (#2883, #2908)
  • Cython: Various improvements (#2932, #2933)
  • Debian control: Improve architecture parsing (#3052)
  • Devicetree: Add support for overlay/fragments (#3021), add bytestring support (#3022), fix catastrophic backtracking (#3057)
  • Fennel: Various improvements (#2911)
  • Haskell: Handle escape sequences in character literals (#3069, #1795)
  • Java: Add module keywords (#2955)
  • Lean4: Add operators ]', ]?, ]! (#2946)
  • LESS: Support single-line comments (#3005)
  • LilyPond: Update to 2.25.29 (#2974)
  • LLVM: Support C-style comments (#3023, #2978)
  • Lua(u): Fix catastrophic backtracking (#3047)
  • Macaulay2: Update to 1.25.05 (#2893), 1.25.11 (#2988)
  • Mathematica: Various improvements (#2957)
  • meson: Add additional operators (#2919)
  • MySQL: Update keywords (#2970)
  • org-Mode: Support both schedule and deadline (#2899)
  • PHP: Add __PROPERTY__ magic constant (#2924), add reserved keywords (#3002)
  • PostgreSQL: Add more keywords (#2985)
  • protobuf: Fix namespace tokenization (#2929)
  • Python: Add t-string support (#2973, #3009, #3010)
  • Tablegen: Fix infinite loop (#2972, #2940)
  • Tera Term macro: Add commands introduced in v5.3 through v5.6 (#2951)
  • TOML: Support TOML 1.1.0 (#3026, #3027)
  • Turtle: Allow empty comment lines (#2980)
  • XML: Added .xbrl as file ending (#2890, #2891)

• Drop Python 3.8, and add Python 3.14 as a supported version (#2987, #3012)

• Various improvements to autopygmentize (#2894)

• Update onedark style to support more token types (#2977)

• Update rtt style to support more token types (#2895)

• Cache entry points to improve performance (#2979)

• Fix xterm-256 color table (#3043)

• Fix kwargs dictionary getting mutated on each call (#3044)

Commits

• 708197d Fix underline length.
• 1d4538a Prepare 2.20 release.
• 2ceaee4 Update CHANGES.
• e3a3c54 Fix Haskell lexer: handle escape sequences in character literals (#3069)
• d7c3453 Merge pull request #3071 from pygments/harden-html-formatter
• 0f97e7c Harden the HTML formatter against CSS.
• 9f981b2 Update CHANGES.
• 1d88915 Update CHANGES.
• c3d93ad Fix ASN.1 lexer: recognize minus sign and fix range operator (#3060)
• 4f06bcf fix bad behaving backtracking regex in CommonLispLexer
• Additional commits viewable in compare view

Updates ruff from 0.15.7 to 0.15.9

Release notes

Sourced from ruff's releases.

0.15.9

Release Notes

Released on 2026-04-02.

Preview features

• [pyflakes] Flag annotated variable redeclarations as F811 in preview mode (#24244)
• [ruff] Allow dunder-named assignments in non-strict mode for RUF067 (#24089)

Bug fixes

• [flake8-errmsg] Avoid shadowing existing msg in fix for EM101 (#24363)
• [flake8-simplify] Ignore pre-initialization references in SIM113 (#24235)
• [pycodestyle] Fix W391 fixes for consecutive empty notebook cells (#24236)
• [pyupgrade] Fix UP008 nested class matching (#24273)
• [pyupgrade] Ignore strings with string-only escapes (UP012) (#16058)
• [ruff] RUF072: skip formfeeds on dedent (#24308)
• [ruff] Avoid re-using symbol in RUF024 fix (#24316)
• [ruff] Parenthesize expression in RUF050 fix (#24234)
• Disallow starred expressions as values of starred expressions (#24280)

Rule changes

• [flake8-simplify] Suppress SIM105 for except* before Python 3.12 (#23869)
• [pyflakes] Extend F507 to flag %-format strings with zero placeholders (#24215)
• [pyupgrade] UP018 should detect more unnecessarily wrapped literals (UP018) (#24093)
• [pyupgrade] Fix UP008 callable scope handling to support lambdas (#24274)
• [ruff] RUF010: Mark fix as unsafe when it deletes a comment (#24270)

Formatter

• Add nested-string-quote-style formatting option (#24312)

Documentation

• [flake8-bugbear] Clarify RUF071 fix safety for non-path string comparisons (#24149)
• [flake8-type-checking] Clarify import cycle wording for TC001/TC002/TC003 (#24322)

Other changes

• Avoid rendering fix lines with trailing whitespace after | (#24343)

Contributors

• @​charliermarsh
• @​MichaReiser
• @​tranhoangtu-it
• @​dylwil3
• @​zsol

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.9

Released on 2026-04-02.

Preview features

• [pyflakes] Flag annotated variable redeclarations as F811 in preview mode (#24244)
• [ruff] Allow dunder-named assignments in non-strict mode for RUF067 (#24089)

Bug fixes

• [flake8-errmsg] Avoid shadowing existing msg in fix for EM101 (#24363)
• [flake8-simplify] Ignore pre-initialization references in SIM113 (#24235)
• [pycodestyle] Fix W391 fixes for consecutive empty notebook cells (#24236)
• [pyupgrade] Fix UP008 nested class matching (#24273)
• [pyupgrade] Ignore strings with string-only escapes (UP012) (#16058)
• [ruff] RUF072: skip formfeeds on dedent (#24308)
• [ruff] Avoid re-using symbol in RUF024 fix (#24316)
• [ruff] Parenthesize expression in RUF050 fix (#24234)
• Disallow starred expressions as values of starred expressions (#24280)

Rule changes

• [flake8-simplify] Suppress SIM105 for except* before Python 3.12 (#23869)
• [pyflakes] Extend F507 to flag %-format strings with zero placeholders (#24215)
• [pyupgrade] UP018 should detect more unnecessarily wrapped literals (UP018) (#24093)
• [pyupgrade] Fix UP008 callable scope handling to support lambdas (#24274)
• [ruff] RUF010: Mark fix as unsafe when it deletes a comment (#24270)

Formatter

• Add nested-string-quote-style formatting option (#24312)

Documentation

• [flake8-bugbear] Clarify RUF071 fix safety for non-path string comparisons (#24149)
• [flake8-type-checking] Clarify import cycle wording for TC001/TC002/TC003 (#24322)

Other changes

• Avoid rendering fix lines with trailing whitespace after | (#24343)

Contributors

• @​charliermarsh
• @​MichaReiser
• @​tranhoangtu-it
• @​dylwil3
• @​zsol
• @​renovate

... (truncated)

Commits

• 724ccc1 Bump 0.15.9 (#24369)
• 96d9e09 [ty] Move the deferred submodule inside infer/builder (#24368)
• 130da28 [ty] Infer the extra_items keyword argument to class-based TypedDicts as an...
• a617c54 [ty] Validate type qualifiers in functional TypedDict fields and the `extra_i...
• d851708 [ty] Improve robustness of various type-qualifier-related checks (#24251)
• aecb587 Only run the release-gate on workflow dispatch (#24366)
• b889571 [ty] Use infer_type_expression for parsing parameter annotations and return...
• 3286a62 Add a "release-gate" step to the release workflow (#24365)
• 5f88756 Disallow starred expressions as values of starred expressions (#24280)
• 5c59f8a [pyupgrade] Ignore strings with string-only escapes (UP012) (#16058)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Coverage report

This PR does not seem to contain any modification to coverable code.