deps: bump the prod-deps group across 1 directory with 9 updates

[dependabot]

Bumps the prod-deps group with 9 updates in the / directory:

Package	From	To
psycopg2-binary	2.9.7	2.9.11
xmlschema	4.1.0	4.3.1
xmltodict	1.0.2	1.0.3
jellyfish	1.2.0	1.2.1
uwsgi	2.0.30	2.0.31
coveralls	4.0.1	4.0.2
coverage	7.10.7	7.13.4
pre-commit	4.3.0	4.5.1
tox	4.30.3	4.36.0

Updates psycopg2-binary from 2.9.7 to 2.9.11

Changelog

Sourced from psycopg2-binary's changelog.

Current release

What's new in psycopg 2.9.11 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.14.
• Avoid a segfault passing more arguments than placeholders if Python is built with assertions enabled (:ticket:[#1791](https://github.com/psycopg/psycopg2/issues/1791)).
• Add riscv64 platform binary packages (:ticket:[#1813](https://github.com/psycopg/psycopg2/issues/1813)).
• ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 18.
• Drop support for Python 3.8.

What's new in psycopg 2.9.10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.13.
• Receive notifications on commit (:ticket:[#1728](https://github.com/psycopg/psycopg2/issues/1728)).
• ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 17.
• Drop support for Python 3.7.

What's new in psycopg 2.9.9 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.12.
• Drop support for Python 3.6.

What's new in psycopg 2.9.8 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Wheel package bundled with PostgreSQL 16 libpq in order to add support for recent features, such as sslcertmode.

What's new in psycopg 2.9.7 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Fix propagation of exceptions raised during module initialization (:ticket:[#1598](https://github.com/psycopg/psycopg2/issues/1598)).
• Fix building when pg_config returns an empty string (:ticket:[#1599](https://github.com/psycopg/psycopg2/issues/1599)).
• Wheel package bundled with OpenSSL 1.1.1v.

What's new in psycopg 2.9.6 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

... (truncated)

Commits

• fd9ae8c chore: bump to version 2.9.11
• d923840 chore: update docs requirements
• d42dc71 Merge branch 'fix-1791'
• 4fde656 fix: avoid failed assert passing more arguments than placeholders
• 8308c19 fix: drop warning about the use of deprecated PyWeakref_GetObject function
• 1a1eabf build(deps): bump actions/github-script from 7 to 8
• 897af8b build(deps): bump peter-evans/repository-dispatch from 3 to 4
• ceefd30 build(deps): bump actions/checkout from 4 to 5
• 4dc5854 build(deps): bump actions/setup-python from 5 to 6
• 1945788 Merge pull request #1802 from edgarrmondragon/cp314-wheels
• Additional commits viewable in compare view

Updates xmlschema from 4.1.0 to 4.3.1

Release notes

Sourced from xmlschema's releases.

v4.3.1 (2026-01-17)

• normalize_url(): workaround for issue #467 (UNC paths with Python < 3.12.5)
• META_SCHEMA and BASE_SCHEMA paths converted to 'file' URL scheme
• Clean optional dependencies

v4.3.0 (2026-01-06)

• Add arguments validation for schemas and validation methods (by validation contexts)
• Add custom XPath parser for find/findall/iterfind APIs on schemas for match singleton sequence also if position is a number greater than 1 in predicate expression (issue #468)
• Improve build of XSD elements and groups, using a three-state built flag for components
• Extend and fix memory tests (Python 3.14+ seems to consume more memory)
• Drop support for Python 3.9 and add development support for Python 3.15

v4.2.0 (2025-10-14)

• Add arguments validation for schemas and validation methods (by validation contexts)
• Add SchemaSettings dataclass for storing read-only settings for schema instances and for managing package default settings
• Add block argument to XMLResource class (issue #464)
• Add MAX_SCHEMA_SOURCES package limit (1000, applied to XsdGlobals global maps instances)
• Add MAX_XML_ELEMENTS package limit (1,000,000, applied to non-lazy XMLResource instances)
• Reduce MAX_XML_DEPTH limit to 1000 and apply it to all XMLResource instances
• Fix for substitute match in case of unexpected child (issue #461)

Changelog

Sourced from xmlschema's changelog.

v4.3.1_ (2026-01-17)

• normalize_url(): workaround for issue #467 (UNC paths with Python < 3.12.5)
• META_SCHEMA and BASE_SCHEMA paths converted to 'file' URL scheme
• Clean optional dependencies

v4.3.0_ (2026-01-03)

• Add arguments validation for schemas and validation methods (by validation contexts)
• Add custom XPath parser for find/findall/iterfind APIs on schemas for match singleton sequence also if position is a number greater than 1 in predicate expression (issue #468)
• Improve build of XSD elements and groups, using a three-state built flag for components
• Extend and fix memory tests (Python 3.14+ seems to consume more memory)
• Drop support for Python 3.9 and add development support for Python 3.15

v4.2.0_ (2025-10-14)

• Add arguments validation for schemas and validation methods (by validation contexts)
• Add SchemaSettings dataclass for storing read-only settings for schema instances and for managing package default settings
• Add block argument to XMLResource class (issue #464)
• Add MAX_SCHEMA_SOURCES package limit (1000, applied to XsdGlobals global maps instances)
• Add MAX_XML_ELEMENTS package limit (1,000,000, applied to non-lazy XMLResource instances)
• Reduce MAX_XML_DEPTH limit to 1000 and apply it to all XMLResource instances
• Fix for substitute match in case of unexpected child (issue #461)

Commits

• 64b103f Add a test for meta-schema URLs and relax memory test for Python 3.14
• 508d1a2 Update bugfix release information and clean deps of pyproject.toml
• 4fc64bd Refactor LocationPath and add a workaround for issue #467
• dfec443 Don't serialize cached properties
• 91c1956 Add caching module with class SchemaCache
• 2bfb931 Update CI tests and release info
• a1d7d3c Change built status of components from bool to optional bool
• ce822bd Extend and fix memory tests
• fa41056 Add a custom XPath parser for schema find/findall/iterfind APIs
• b237528 Add a test with UNC path
• Additional commits viewable in compare view

Updates xmltodict from 1.0.2 to 1.0.3

Release notes

Sourced from xmltodict's releases.

v1.0.3

1.0.3 (2026-02-15)

Bug Fixes

• unparse: serialize None text/attrs as empty values (fixes #401) (aa16511)

Documentation

• readme: fix Fedora and Arch package links (fd6a73b)

Changelog

Sourced from xmltodict's changelog.

1.0.3 (2026-02-15)

Bug Fixes

• unparse: serialize None text/attrs as empty values (fixes #401) (aa16511)

Documentation

• readme: fix Fedora and Arch package links (fd6a73b)

Commits

• 89c4bf7 chore(master): release 1.0.3
• fd6a73b docs(readme): fix Fedora and Arch package links
• aa16511 fix(unparse): serialize None text/attrs as empty values (fixes #401)
• f7d76c9 style: lines required between function definitions
• 1bfb267 build: remove unnecessary wheel from dependencies
• d9f6d40 build: no need for README.md in MANIFEST.in
• 34378ef build: pep 639 compliance
• See full diff in compare view

Updates jellyfish from 1.2.0 to 1.2.1

Updates uwsgi from 2.0.30 to 2.0.31

Updates coveralls from 4.0.1 to 4.0.2

Release notes

Sourced from coveralls's releases.

4.0.2 (2025-11-07)

Internal

• update python support: drop EOL'd versions (3.8, 3.9), begin testing on new versions (3.13, 3.14), and mark explicit future compatibility up to <4.0

Changelog

Sourced from coveralls's changelog.

4.0.2 (2025-11-07)

Internal

• update python support: drop EOL'd versions (3.8, 3.9), begin testing on new versions (3.13, 3.14), and mark explicit future compatibility up to <4.0

Commits

• 3304564 chore: re-lock poetry lockfile
• 113f52f chore(release): bump version
• 120cf1e chore(compat): bump pythons
• a0d0cf6 chore(deps): update dependency docker to v4 (#616)
• fd2302a chore(deps): update pandoc/core docker tag to v3.8.2 (#630)
• 12ad037 chore(deps): lock file maintenance (#629)
• d357cc4 chore(deps): lock file maintenance (#627)
• 8feab27 chore(deps): update actions/dependency-review-action action to v4.8.1 (#624)
• 9bc44a4 chore(deps): lock file maintenance (#622)
• 7ff4351 chore(deps): update actions/dependency-review-action action to v4.8.0 (#620)
• Additional commits viewable in compare view

Updates coverage from 7.10.7 to 7.13.4

Changelog

Sourced from coverage's changelog.

Version 7.13.4 — 2026-02-09

• Fix: the third-party code fix in 7.13.3 required examining the parent directories where coverage was run. In the unusual situation that one of the parent directories is unreadable, a PermissionError would occur, as described in issue 2129_. This is now fixed.

• Fix: in test suites that change sys.path, coverage.py could fail with "RuntimeError: Set changed size during iteration" as described and fixed in pull 2130_. Thanks, Noah Fatsi.

• We now publish ppc64le wheels, thanks to Pankhudi Jain <pull 2121_>_.

.. _pull 2121: coveragepy/coveragepy#2121 .. _issue 2129: coveragepy/coveragepy#2129 .. _pull 2130: coveragepy/coveragepy#2130

.. _changes_7-13-3:

Version 7.13.3 — 2026-02-03

• Fix: in some situations, third-party code was measured when it shouldn't have been, slowing down test execution. This happened with layered virtual environments such as uv sometimes makes. The problem is fixed, closing issue 2082_. Now any directory on sys.path that is inside a virtualenv is considered third-party code.

.. _issue 2082: coveragepy/coveragepy#2082

.. _changes_7-13-2:

Version 7.13.2 — 2026-01-25

• Fix: when Python is installed via symlinks, for example with Homebrew, the standard library files could be incorrectly included in coverage reports. This is now fixed, closing issue 2115_.

• Fix: if a data file is created with no read permissions, the combine step would fail completely. Now a warning is issued and the file is skipped. Closes issue 2117_.

.. _issue 2115: coveragepy/coveragepy#2115 .. _issue 2117: coveragepy/coveragepy#2117

... (truncated)

Commits

• 4f78d57 build: no need to publish status.json
• f8616ff docs: sample HTML for 7.13.4
• fcf8c68 docs: prep for 7.13.4
• 189ecfd docs: thanks Pankhudi Jain for ppc64le wheels #2121
• 58aade0 build: add support for ppc64le architecture (#2121)
• 8ea42c8 chore: bump actions/attest-build-provenance (#2131)
• c09595f docs: Janine put a lot of effort into debugging issue #2128
• 8ee1760 docs: Greg wrote a great issue: #2129
• 76ba043 docs: thanks, Noah Fatsi
• 371fcc5 fix: set fixed paths_list in TreeMatcher init (#2130)
• Additional commits viewable in compare view

Updates pre-commit from 4.3.0 to 4.5.1

Release notes

Sourced from pre-commit's releases.

pre-commit v4.5.1

Fixes

• Fix language: python with repo: local without additional_dependencies.
  • #3597 PR by @​asottile.

pre-commit v4.5.0

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

pre-commit v4.4.0

Features

• Add --fail-fast option to pre-commit run.
  • #3528 PR by @​JulianMaurin.
• Upgrade ruby-build / rbenv.
  • #3566 PR by @​asottile.
  • #3565 issue by @​MRigal.
• Add language: unsupported / language: unsupported_script as aliases for language: system / language: script (which will eventually be deprecated).
  • #3577 PR by @​asottile.
• Add support docker-in-docker detection for cgroups v2.
  • #3535 PR by @​br-rhrbacek.
  • #3360 issue by @​JasonAlt.

Fixes

• Handle when docker gives SecurityOptions: null.
  • #3537 PR by @​asottile.
  • #3514 issue by @​jenstroeger.
• Fix error context for invalid stages in .pre-commit-config.yaml.
  • #3576 PR by @​asottile.

Changelog

Sourced from pre-commit's changelog.

4.5.1 - 2025-12-16

Fixes

• Fix language: python with repo: local without additional_dependencies.
  • #3597 PR by @​asottile.

4.5.0 - 2025-11-22

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

4.4.0 - 2025-11-08

Features

• Add --fail-fast option to pre-commit run.
  • #3528 PR by @​JulianMaurin.
• Upgrade ruby-build / rbenv.
  • #3566 PR by @​asottile.
  • #3565 issue by @​MRigal.
• Add language: unsupported / language: unsupported_script as aliases for language: system / language: script (which will eventually be deprecated).
  • #3577 PR by @​asottile.
• Add support docker-in-docker detection for cgroups v2.
  • #3535 PR by @​br-rhrbacek.
  • #3360 issue by @​JasonAlt.

Fixes

• Handle when docker gives SecurityOptions: null.
  • #3537 PR by @​asottile.
  • #3514 issue by @​jenstroeger.
• Fix error context for invalid stages in .pre-commit-config.yaml.
  • #3576 PR by @​asottile.

Commits

• 8a0630c v4.5.1
• fcbc745 Merge pull request #3597 from pre-commit/empty-setup-py
• 51592ee fix python local template when artifact dirs are present
• 67e8faf Merge pull request #3596 from pre-commit/pre-commit-ci-update-config
• c251e6b [pre-commit.ci] pre-commit autoupdate
• 98ccafa Merge pull request #3593 from pre-commit/pre-commit-ci-update-config
• 4895355 [pre-commit.ci] pre-commit autoupdate
• 2cedd58 Merge pull request #3588 from pre-commit/pre-commit-ci-update-config
• 465192d [pre-commit.ci] pre-commit autoupdate
• fd42f96 Merge pull request #3586 from pre-commit/zipapp-sha256-file-not-needed
• Additional commits viewable in compare view

Updates tox from 4.30.3 to 4.36.0

Release notes

Sourced from tox's releases.

4.36.0

What's Changed

• ✨ feat(config): allow skip_missing_interpreters per environment by @​gaborbernat in tox-dev/tox#3684
• Return non-zero exit code from tox config when exceptions occur by @​veeceey in tox-dev/tox#3683
• Update development.rst to reflect current standards by @​rahuldevikar in tox-dev/tox#3685
• Build dependencies should only come from build backend by @​rahuldevikar in tox-dev/tox#3687
• Add packaging environment docs to regular Configuration by @​rahuldevikar in tox-dev/tox#3686
• 🔧 chore(type): migrate from mypy to ty by @​gaborbernat in tox-dev/tox#3688
• 📝 docs(plugins): document CLI argument conventions by @​gaborbernat in tox-dev/tox#3689
• Exclude self-dependencies in run_order to prevent KeyError by @​rahuldevikar in tox-dev/tox#3690
• Drop setup.py mentions from the installation page by @​rahuldevikar in tox-dev/tox#3693
• 🚀 perf(tests): prevent stale fixture state and fix flaky timing assertions by @​gaborbernat in tox-dev/tox#3692
• ✨ feat(run): add fail-fast option to stop on first failure by @​gaborbernat in tox-dev/tox#3691
• 📝 docs(plugins): document toxfile.py inline plugins by @​gaborbernat in tox-dev/tox#3694
• ✨ feat(cli): add shell completion via argcomplete by @​gaborbernat in tox-dev/tox#3695
• ✨ feat(package): validate extras against package metadata by @​gaborbernat in tox-dev/tox#3696
• ✨ feat(depends): add glob pattern support for depends option by @​gaborbernat in tox-dev/tox#3697
• ✨ feat(env): add disallow_pass_env to exclude env vars by @​gaborbernat in tox-dev/tox#3698
• 📝 docs: restructure documentation following Diataxis framework by @​gaborbernat in tox-dev/tox#3702
• 📝 docs: config enhancements, man page, version tracking by @​gaborbernat in tox-dev/tox#3703
• Added a _resolve_path() static method to InstallPackageAction by @​rahuldevikar in tox-dev/tox#3699
• Follow FORCE_COLOR. Any non-empty value now enables color by @​rahuldevikar in tox-dev/tox#3700

New Contributors

• @​veeceey made their first contribution in tox-dev/tox#3683

Full Changelog: tox-dev/tox@4.35.0...4.36.0

4.35.0

What's Changed

• docs: fix misleading ENVDIR reference in devenv description by @​VedantMadane in tox-dev/tox#3670
• Fix CI post packaging releese by @​gaborbernat in tox-dev/tox#3673
• Fix code block format in docs/plugins.rst by @​mushitoriami in tox-dev/tox#3675
• fix(docs): correct path for built documentation by @​daniel7an in tox-dev/tox#3680
• Document injected environment variables by @​rahuldevikar in tox-dev/tox#3681
• Show toxfile.py inline plugin in --version output by @​rahuldevikar in tox-dev/tox#3682

New Contributors

• @​VedantMadane made their first contribution in tox-dev/tox#3670
• @​mushitoriami made their first contribution in tox-dev/tox#3675
• @​daniel7an made their first contribution in tox-dev/tox#3680
• @​rahuldevikar made their first contribution in tox-dev/tox#3681

Full Changelog: tox-dev/tox@4.34.1...4.35.0

4.34.1

... (truncated)

Changelog

Sourced from tox's changelog.

Features - 4.36.0

• Allow skip_missing_interpreters to be set per environment, overriding the global setting. This enables marking specific environments as optional while keeping others required. (:issue:435)
• Add --fail-fast CLI flag and fail_fast per-environment config option to stop executing remaining environments when the first failure occurs - by :user:gaborbernat. (:issue:578)
• Add shell completion support for bash, zsh, and fish via :pypi:argcomplete - by :user:gaborbernat (:issue:918)
• Validate that configured extras exist in package metadata, raising a clear error for unknown extras - by :user:gaborbernat (:issue:1113)
• Add glob pattern support in depends (e.g. depends = py3*) to match environments by wildcard instead of listing them explicitly - by :user:gaborbernat (:issue:1152)
• Add disallow_pass_env configuration option to exclude specific environment variables after pass_env glob expansion - by :user:gaborbernat (:issue:1387)
• Support file: URIs in --installpkg (e.g. --installpkg file:///path/to/pkg.whl), including proper handling of percent-encoded characters - by :user:rahuldevikar. (:issue:3498)

Bugfixes - 4.36.0

• Raise an error when deps is configured on a PEP-517 packaging environment (e.g. .pkg), since build dependencies should be specified via the [build-system] table in pyproject.toml - by :user:rahuldevikar (:issue:3412)
• Follow FORCE_COLOR <https://force-color.org/>_ recommendations: any non-empty value now enables color (previously only yes, true, or 1 were accepted, and other values caused a crash). Also add support for TTY_COMPATIBLE (1 forces color, 0 disables it) — by :user:rahuldevikar. (:issue:3579)
• Return non-zero exit code from tox config when configuration exceptions occur. (:issue:3649)
• Fix flaky spinner test assertion caused by timing variations on slower systems. (:issue:3692)

Documentation - 4.36.0

• Document how to provide environments via toxfile.py inline plugins using tox_extend_envs and MemoryLoader
  • by :user:gaborbernat. (:issue:828)
• Document shell completion setup for bash, zsh, and fish in the CLI reference - by :user:gaborbernat (:issue:918)
• Document negative factor conditions and multi-factor combinations with negation in the INI configuration reference - by :user:gaborbernat (:issue:3276)
• Add a substitution quick reference table covering all available {...} replacement variables - by :user:gaborbernat (:issue:3326)
• Add TOML configuration reference with complete examples for tox.toml and pyproject.toml formats, and emphasize TOML as the recommended format throughout - by :user:gaborbernat (:issue:3393)
• Document the tox exec subcommand with usage examples in the how-to guides - by :user:gaborbernat (:issue:3403)
• Comprehensive documentation improvements: added how-to guides for tox exec, CI/CD, coverage, build backends, labels, migration, debugging, and extras; expanded plugin documentation with all hook examples and packaging guide; added env var handling guide, factor conditions reference, and substitution quick reference; integrated docstrfmt for consistent RST formatting; fixed docstring issues in source code - by :user:gaborbernat (:issue:3475)
• Update development.rst to reflect current standards: replace references to flake8/black/isort/pyupgrade with ruff, remove outdated Python 2.7 compatibility note, and fix CI config filename - by :user:rahuldevikar (:issue:3483)
• Drop setup.py mentions from the installation page — by :user:rahuldevikar. (:issue:3588)

... (truncated)

Commits

• 5408fd1 release 4.36.0
• 99c315f 👷 ci(release): add workflow dispatch for release preparation (#3704)
• f03d166 Follow FORCE_COLOR. Any non-empty value now enables color (#3700)
• 03185a7 Added a _resolve_path() static method to InstallPackageAction (#3699)
• 30884c2 📝 docs: enhance config reference, expand guides, integrate docstrfmt (#3703)
• d6687f2 📝 docs: restructure documentation following Diataxis framework (#3702)
• a40b7da ✨ feat(env): add disallow_pass_env to exclude env vars (#3698)
• 8e85762 ✨ feat(depends): add glob pattern support for depends option (#3697)
• 4afd60b ✨ feat(package): validate extras against package metadata (#3696)
• c50d343 ✨ feat(cli): add shell completion via argcomplete (#3695)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions