Deps: Bump the python-packages group across 1 directory with 8 updates

[dependabot]

Bumps the python-packages group with 8 updates in the / directory:

Package	From	To
pontos	25.8.1	26.2.0
autohooks	25.11.0	26.2.0
certifi	2026.1.4	2026.2.25
librt	0.7.8	0.8.1
pygments	2.19.2	2.20.0
rich	14.3.2	14.3.3
ruff	0.15.0	0.15.8
tomli	2.4.0	2.4.1

Updates pontos from 25.8.1 to 26.2.0

Release notes

Sourced from pontos's releases.

pontos 26.2.0

[26.2.0] - 2026-02-20

Added

• Add --project-type to release create and all version CLI commands a6ff904e
• add test a5d5d0f7

Bug Fixes

• Add or Update detect-hidden-unicode.yml 4e995a14
• fix linting 823399a1
• fix error 2fcf4ada
• fix errors 88d2a2b7
• formatting 1c2a48e0
• fix linting a9b74c9b
• fix linting 9c28e94b

Dependencies

• Bump the python-packages group with 2 updates e6ee003d
• Bump ruff from 0.14.14 to 0.15.0 in the python-packages group 9e2ece33
• Bump the python-packages group with 4 updates f15e15d9
• Bump actions/checkout from 6.0.1 to 6.0.2 in the actions group 43f5f9ae
• Bump the python-packages group with 5 updates 51838e2c
• Bump the python-packages group with 4 updates 60b8e915
• Bump the python-packages group with 4 updates a7b75e65
• Bump urllib3 from 2.6.2 to 2.6.3 7d7eaf82
• Bump the python-packages group with 2 updates b6433dd5
• Bump librt from 0.7.4 to 0.7.5 in the python-packages group c15f3cb1
• Bump the python-packages group with 7 updates bb9ad208
• Bump actions/upload-artifact in the actions group 0e79c666
• Bump the python-packages group with 2 updates 4361aeb1
• Bump actions/checkout from 6.0.0 to 6.0.1 in the actions group 7c9fea85
• Bump the python-packages group with 3 updates c6dac7a3
• Bump the python-packages group with 4 updates 9ecb7ee9
• Bump actions/checkout from 5.0.0 to 6.0.0 in the actions group 2ba4bf91
• Bump the python-packages group with 3 updates bce90a24
• Bump the python-packages group with 3 updates 0f929fd1
• Bump the python-packages group with 3 updates e0bf5947
• Bump actions/upload-artifact in the actions group 770ddc90
• Bump the python-packages group with 3 updates ec1f62c3
• Bump ruff from 0.14.1 to 0.14.2 in the python-packages group 7bc68fc0
• Bump the python-packages group with 5 updates 6bea2e02
• Bump the python-packages group with 4 updates 48ec5950
• Bump ossf/scorecard-action in the actions group 86a2faa0
• Bump the python-packages group with 3 updates a2d17964
• Bump the python-packages group across 1 directory with 11 updates e8850f23
• Bump the python-packages group with 3 updates a046f472
• Bump pypa/gh-action-pypi-publish in the actions group ccb073b8
• Bump ruff from 0.11.13 to 0.12.12 in the python-packages group d99e8f00
• Bump the python-packages group with 4 updates 6d36a9e9
• Bump the actions group with 2 updates 01c1f450

... (truncated)

Commits

• ff7b80e Automatic release to 26.2.0
• a6ff904 Add: Add --project-type to release create and all version CLI commands
• e6ee003 Deps: Bump the python-packages group with 2 updates
• 9e2ece3 Deps: Bump ruff from 0.14.14 to 0.15.0 in the python-packages group
• f15e15d Deps: Bump the python-packages group with 4 updates
• 43f5f9a Deps: Bump actions/checkout from 6.0.1 to 6.0.2 in the actions group
• 51838e2 Deps: Bump the python-packages group with 5 updates
• 60b8e91 Deps: Bump the python-packages group with 4 updates
• e9eb455 Fix Add or Update detect-hidden-unicode.yml (#1177)
• a7b75e6 Deps: Bump the python-packages group with 4 updates
• Additional commits viewable in compare view

Updates autohooks from 25.11.0 to 26.2.0

Release notes

Sourced from autohooks's releases.

autohooks 26.2.0

26.2.0 - 2026-02-25

Added

• Unit tests for uv mode fe57e13
• Support for uv 329294f

Changed

• Make ruff & black happy 2c1bd9d
• Update documentation 37739c4

Dependencies

• Bump the dependencies group across 1 directory with 4 updates edf8288
• Bump ruff from 0.14.14 to 0.15.0 in the dependencies group ed561e2
• Bump the dependencies group across 1 directory with 7 updates 9ccd4f2
• Bump the dependencies group with 4 updates 83af4d2
• Bump the dependencies group across 1 directory with 4 updates 8c2c3cd
• Bump urllib3 from 2.6.2 to 2.6.3 cc2fac6
• Bump the dependencies group with 2 updates 690bed5
• Bump librt from 0.7.4 to 0.7.5 in the dependencies group b1ad308
• Bump the dependencies group with 6 updates 307e261
• Bump the dependencies group with 2 updates 59f09ca
• Bump actions/checkout from 5 to 6 in the dependencies group 5b0c306
• Bump the dependencies group across 1 directory with 5 updates 1e257b0
• Bump the dependencies group across 1 directory with 4 updates 2b8fbb7

Commits

• 00c9ab4 Automatic release to 26.2.0
• 2c1bd9d Change: Make ruff & black happy
• 37739c4 Change: Update documentation
• fe57e13 Add: Unit tests for uv mode
• 329294f Add: Support for uv
• edf8288 Deps: Bump the dependencies group across 1 directory with 4 updates
• ed561e2 Deps: Bump ruff from 0.14.14 to 0.15.0 in the dependencies group
• 9ccd4f2 Deps: Bump the dependencies group across 1 directory with 7 updates
• 83af4d2 Deps: Bump the dependencies group with 4 updates
• 8c2c3cd Deps: Bump the dependencies group across 1 directory with 4 updates
• Additional commits viewable in compare view

Updates certifi from 2026.1.4 to 2026.2.25

Commits

• 8571a4b 2026.02.25 (#395)
• 6f7de00 Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#390)
• a1de59b Bump actions/checkout from 6.0.1 to 6.0.2 (#391)
• 7f5ade5 Bump actions/setup-python from 6.1.0 to 6.2.0 (#392)
• See full diff in compare view

Updates librt from 0.7.8 to 0.8.1

Commits

• e9c167e Sync mypy
• 26eb1d2 Bump version to 0.8.0; add tests for base64
• 588d6c6 Sync mypy: base64 is non-experimental now
• 80dcab7 feat: Build wheel for riscv64 (#31)
• See full diff in compare view

Updates pygments from 2.19.2 to 2.20.0

Release notes

Sourced from pygments's releases.

2.20.0

• New lexers:

  • Rell (#2914)

• Updated lexers:

  • archetype: Fix catastrophic backtracking in GUID and ID patterns (#3064)
  • ASN.1: Recognize minus sign and fix range operator (#3014, #3060)
  • C++: Add C++26 keywords (#2955), add integer literal suffixes (#2966)
  • ComponentPascal: Fix analyse_text (#3028, #3032)
  • Coq renamed to Rocq (#2883, #2908)
  • Cython: Various improvements (#2932, #2933)
  • Debian control: Improve architecture parsing (#3052)
  • Devicetree: Add support for overlay/fragments (#3021), add bytestring support (#3022), fix catastrophic backtracking (#3057)
  • Fennel: Various improvements (#2911)
  • Haskell: Handle escape sequences in character literals (#3069, #1795)
  • Java: Add module keywords (#2955)
  • Lean4: Add operators ]', ]?, ]! (#2946)
  • LESS: Support single-line comments (#3005)
  • LilyPond: Update to 2.25.29 (#2974)
  • LLVM: Support C-style comments (#3023, #2978)
  • Lua(u): Fix catastrophic backtracking (#3047)
  • Macaulay2: Update to 1.25.05 (#2893), 1.25.11 (#2988)
  • Mathematica: Various improvements (#2957)
  • meson: Add additional operators (#2919)
  • MySQL: Update keywords (#2970)
  • org-Mode: Support both schedule and deadline (#2899)
  • PHP: Add __PROPERTY__ magic constant (#2924), add reserved keywords (#3002)
  • PostgreSQL: Add more keywords (#2985)
  • protobuf: Fix namespace tokenization (#2929)
  • Python: Add t-string support (#2973, #3009, #3010)
  • Tablegen: Fix infinite loop (#2972, #2940)
  • Tera Term macro: Add commands introduced in v5.3 through v5.6 (#2951)
  • TOML: Support TOML 1.1.0 (#3026, #3027)
  • Turtle: Allow empty comment lines (#2980)
  • XML: Added .xbrl as file ending (#2890, #2891)

• Drop Python 3.8, and add Python 3.14 as a supported version (#2987, #3012)

• Various improvements to autopygmentize (#2894)

• Update onedark style to support more token types (#2977)

• Update rtt style to support more token types (#2895)

• Cache entry points to improve performance (#2979)

• Fix xterm-256 color table (#3043)

• Fix kwargs dictionary getting mutated on each call (#3044)

Changelog

Sourced from pygments's changelog.

Version 2.20.0

(released March 29th, 2026)

• New lexers:

  • Rell (#2914)

• Updated lexers:

  • archetype: Fix catastrophic backtracking in GUID and ID patterns (#3064)
  • ASN.1: Recognize minus sign and fix range operator (#3014, #3060)
  • C++: Add C++26 keywords (#2955), add integer literal suffixes (#2966)
  • ComponentPascal: Fix analyse_text (#3028, #3032)
  • Coq renamed to Rocq (#2883, #2908)
  • Cython: Various improvements (#2932, #2933)
  • Debian control: Improve architecture parsing (#3052)
  • Devicetree: Add support for overlay/fragments (#3021), add bytestring support (#3022), fix catastrophic backtracking (#3057)
  • Fennel: Various improvements (#2911)
  • Haskell: Handle escape sequences in character literals (#3069, #1795)
  • Java: Add module keywords (#2955)
  • Lean4: Add operators ]', ]?, ]! (#2946)
  • LESS: Support single-line comments (#3005)
  • LilyPond: Update to 2.25.29 (#2974)
  • LLVM: Support C-style comments (#3023, #2978)
  • Lua(u): Fix catastrophic backtracking (#3047)
  • Macaulay2: Update to 1.25.05 (#2893), 1.25.11 (#2988)
  • Mathematica: Various improvements (#2957)
  • meson: Add additional operators (#2919)
  • MySQL: Update keywords (#2970)
  • org-Mode: Support both schedule and deadline (#2899)
  • PHP: Add __PROPERTY__ magic constant (#2924), add reserved keywords (#3002)
  • PostgreSQL: Add more keywords (#2985)
  • protobuf: Fix namespace tokenization (#2929)
  • Python: Add t-string support (#2973, #3009, #3010)
  • Tablegen: Fix infinite loop (#2972, #2940)
  • Tera Term macro: Add commands introduced in v5.3 through v5.6 (#2951)
  • TOML: Support TOML 1.1.0 (#3026, #3027)
  • Turtle: Allow empty comment lines (#2980)
  • XML: Added .xbrl as file ending (#2890, #2891)

• Drop Python 3.8, and add Python 3.14 as a supported version (#2987, #3012)

• Various improvements to autopygmentize (#2894)

• Update onedark style to support more token types (#2977)

• Update rtt style to support more token types (#2895)

• Cache entry points to improve performance (#2979)

• Fix xterm-256 color table (#3043)

• Fix kwargs dictionary getting mutated on each call (#3044)

Commits

• 708197d Fix underline length.
• 1d4538a Prepare 2.20 release.
• 2ceaee4 Update CHANGES.
• e3a3c54 Fix Haskell lexer: handle escape sequences in character literals (#3069)
• d7c3453 Merge pull request #3071 from pygments/harden-html-formatter
• 0f97e7c Harden the HTML formatter against CSS.
• 9f981b2 Update CHANGES.
• 1d88915 Update CHANGES.
• c3d93ad Fix ASN.1 lexer: recognize minus sign and fix range operator (#3060)
• 4f06bcf fix bad behaving backtracking regex in CommonLispLexer
• Additional commits viewable in compare view

Updates rich from 14.3.2 to 14.3.3

Release notes

Sourced from rich's releases.

The infinite Release

Fixed a infinite loop in split_graphemes

[14.3.3] - 2026-02-19

Fixed

• Fixed infinite loop with cells.split_graphemes Textualize/rich#4006

Changelog

Sourced from rich's changelog.

[14.3.3] - 2026-02-19

Fixed

• Fixed infinite loop with cells.split_graphemes Textualize/rich#4006

Commits

• ce01188 Merge pull request #4008 from Textualize/bump1433
• 14a47c9 bump
• f54bfe0 Merge pull request #4007 from Textualize/copilot/sub-pr-4006
• 7338cb9 Merge pull request #4006 from Textualize/fix-grapheme-stuck
• 905b397 Update tests/test_cells.py
• b031dca Update tests/test_cells.py
• f07a3fc Add regression tests for VS16 after zero-width chars in split_graphemes
• b618ccc spelling
• 378c34b Initial plan
• 87e7ca2 refinements, and tests
• Additional commits viewable in compare view

Updates ruff from 0.15.0 to 0.15.8

Release notes

Sourced from ruff's releases.

0.15.8

Release Notes

Released on 2026-03-26.

Preview features

• [ruff] New rule unnecessary-if (RUF050) (#24114)
• [ruff] New rule useless-finally (RUF072) (#24165)
• [ruff] New rule f-string-percent-format (RUF073): warn when using % operator on an f-string (#24162)
• [pyflakes] Recognize frozendict as a builtin for Python 3.15+ (#24100)

Bug fixes

• [flake8-async] Use fully-qualified anyio.lowlevel import in autofix (ASYNC115) (#24166)
• [flake8-bandit] Check tuple arguments for partial paths in S607 (#24080)
• [pyflakes] Skip undefined-name (F821) for conditionally deleted variables (#24088)
• E501/W505/formatter: Exclude nested pragma comments from line width calculation (#24071)
• Fix %foo? parsing in IPython assignment expressions (#24152)
• analyze graph: resolve string imports that reference attributes, not just modules (#24058)

Rule changes

• [eradicate] ignore ty: ignore comments in ERA001 (#24192)
• [flake8-bandit] Treat sys.executable as trusted input in S603 (#24106)
• [flake8-self] Recognize Self annotation and self assignment in SLF001 (#24144)
• [pyflakes] F507: Fix false negative for non-tuple RHS in %-formatting (#24142)
• [refurb] Parenthesize generator arguments in FURB142 fixer (#24200)

Performance

• Speed up diagnostic rendering (#24146)

Server

• Warn when Markdown files are skipped due to preview being disabled (#24150)

Documentation

• Clarify extend-ignore and extend-select settings documentation (#24064)
• Mention AI policy in PR template (#24198)

Other changes

• Use trusted publishing for NPM packages (#24171)

Contributors

• @​bitloi
• @​Sim-hu

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.8

Released on 2026-03-26.

Preview features

• [ruff] New rule unnecessary-if (RUF050) (#24114)
• [ruff] New rule useless-finally (RUF072) (#24165)
• [ruff] New rule f-string-percent-format (RUF073): warn when using % operator on an f-string (#24162)
• [pyflakes] Recognize frozendict as a builtin for Python 3.15+ (#24100)

Bug fixes

• [flake8-async] Use fully-qualified anyio.lowlevel import in autofix (ASYNC115) (#24166)
• [flake8-bandit] Check tuple arguments for partial paths in S607 (#24080)
• [pyflakes] Skip undefined-name (F821) for conditionally deleted variables (#24088)
• E501/W505/formatter: Exclude nested pragma comments from line width calculation (#24071)
• Fix %foo? parsing in IPython assignment expressions (#24152)
• analyze graph: resolve string imports that reference attributes, not just modules (#24058)

Rule changes

• [eradicate] ignore ty: ignore comments in ERA001 (#24192)
• [flake8-bandit] Treat sys.executable as trusted input in S603 (#24106)
• [flake8-self] Recognize Self annotation and self assignment in SLF001 (#24144)
• [pyflakes] F507: Fix false negative for non-tuple RHS in %-formatting (#24142)
• [refurb] Parenthesize generator arguments in FURB142 fixer (#24200)

Performance

• Speed up diagnostic rendering (#24146)

Server

• Warn when Markdown files are skipped due to preview being disabled (#24150)

Documentation

• Clarify extend-ignore and extend-select settings documentation (#24064)
• Mention AI policy in PR template (#24198)

Other changes

• Use trusted publishing for NPM packages (#24171)

Contributors

• @​bitloi
• @​Sim-hu
• @​mvanhorn

... (truncated)

Commits

• c2a8815 Release 0.15.8 (#24217)
• d444d52 [ty] Infer lambda expressions with Callable type context (#22633)
• 9622285 [ty] Autocomplete arguments if in arguments node (#24167)
• d812662 Use the release environment in publish-docs (#24214)
• eda2355 [ty] Show Final source in final assignment diagnostic (#24194)
• 929eb52 [ty] Enforce Final attribute assignment rules for annotated and augmented wri...
• 34998be [ty] Fix typo in comment (#24211)
• 560aca0 [ty] Minor simplifications to some benchmark code (#24209)
• 683bae5 [ty] Track non-terminal-call constraints in global scope (#23245)
• 4704c2a [ty] Remove unnecessary intermediate collection in `StaticClassLiteral::field...
• Additional commits viewable in compare view

Updates tomli from 2.4.0 to 2.4.1

Changelog

Sourced from tomli's changelog.

2.4.1

• Fixed
  • Limit number of parts of a TOML key to address quadratic time complexity

Commits

• c5f4469 Bump version: 2.4.0 → 2.4.1
• 2bcd262 Add change log for 2.4.1 and 2.3.1
• e1fdb94 Limit number of parts of a key (#286)
• c20c491 pre-commit autoupdate
• 920e20b Update performance benchmark and results
• 064e492 Merge pull request #280 from hukkin/version-2.4.0
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions