Update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
bandit (source, changelog)	==1.8.6 → ==1.9.3			dependency-groups	minor
mypy (changelog)	==1.17.1 → ==1.19.1			dependency-groups	minor
pylint (changelog)	==4.0.2 → ==4.0.4			dependency-groups	patch
pytest (changelog)	==8.4.1 → ==8.4.2			dependency-groups	patch
python	3.13 → 3.14			uses-with	minor
python	3.13-alpine → 3.14-alpine			final	minor
tox (changelog)	==4.28.4 → ==4.34.1			dependency-groups	minor
uv_build (source, changelog)	>=0.9.5,<0.10.0 → >=0.10.0,<0.11.0			build-system.requires	minor
werkzeug (changelog)	==3.1.3 → ==3.1.5			dependency-groups	patch
wheel (changelog)	==0.45.1 → ==0.46.3			dependency-groups	minor
yamllint	==1.37.1 → ==1.38.0			dependency-groups	minor

---

Release Notes

PyCQA/bandit (bandit)

v1.9.3

Compare Source

What's Changed

• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in #​1334
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in #​1335
• Fix B608 to detect VALUES( without space by @​kfess in #​1337
• Add check for hardcoded passwords in dicts. by @​alanverresen in #​1338
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in #​1341
• Update tox tests for Python 3.10 by @​willschlitzer in #​1346
• Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 by @​dependabot[bot] in #​1347
• Limit B614 to torch.load deserializers by @​dibussoc in #​1348

New Contributors

• @​kfess made their first contribution in #​1337
• @​alanverresen made their first contribution in #​1338
• @​willschlitzer made their first contribution in #​1346
• @​dibussoc made their first contribution in #​1348

Full Changelog: PyCQA/bandit@1.9.2...1.9.3

v1.9.2

Compare Source

What's Changed

• Argparse Python 3.14 enhancements by @​ericwb in #​1331
• Check whether Constant value is str by @​ericwb in #​1333

Full Changelog: PyCQA/bandit@1.9.1...1.9.2

v1.9.1

Compare Source

What's Changed

• More Python version related fixes by @​ericwb in #​1327

Full Changelog: PyCQA/bandit@1.9.0...1.9.1

python/mypy (mypy)

v1.19.1

Compare Source

• Fix noncommutative joins with bounded TypeVars (Shantanu, PR 20345)
• Respect output format for cached runs by serializing raw errors in cache metas (Ivan Levkivskyi, PR 20372)
• Allow types.NoneType in match cases (A5rocks, PR 20383)
• Fix mypyc generator regression with empty tuple (BobTheBuidler, PR 20371)
• Fix crash involving Unpack-ed TypeVarTuple (Shantanu, PR 20323)
• Fix crash on star import of redefinition (Ivan Levkivskyi, PR 20333)
• Fix crash on typevar with forward ref used in other module (Ivan Levkivskyi, PR 20334)
• Fail with an explicit error on PyPy (Ivan Levkivskyi, PR 20389)

v1.19.0

Compare Source

v1.18.2

Compare Source

• Fix crash on recursive alias (Ivan Levkivskyi, PR 19845)
• Add additional guidance for stubtest errors when runtime is object.__init__ (Stephen Morton, PR 19733)
• Fix handling of None values in f-string expressions in mypyc (BobTheBuidler, PR 19846)

v1.18.1

Compare Source

We’ve just uploaded mypy 1.18.1 to the Python Package Index (PyPI).
Mypy is a static type checker for Python. This release includes new features, performance
improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Mypy Performance Improvements

Mypy 1.18.1 includes numerous performance improvements, resulting in about 40% speedup
compared to 1.17 when type checking mypy itself. In extreme cases, the improvement
can be 10x or higher. The list below is an overview of the various mypy optimizations.
Many mypyc improvements (discussed in a separate section below) also improve performance.

Type caching optimizations have a small risk of causing regressions. When
reporting issues with unexpected inferred types, please also check if
--disable-expression-cache will work around the issue, as it turns off some of
these optimizations.

• Improve self check performance by 1.8% (Jukka Lehtosalo, PR 19768, 19769, 19770)
• Optimize fixed-format deserialization (Ivan Levkivskyi, PR 19765)
• Use macros to optimize fixed-format deserialization (Ivan Levkivskyi, PR 19757)
• Two additional micro‑optimizations (Ivan Levkivskyi, PR 19627)
• Another set of micro‑optimizations (Ivan Levkivskyi, PR 19633)
• Cache common types (Ivan Levkivskyi, PR 19621)
• Skip more method bodies in third‑party libraries for speed (Ivan Levkivskyi, PR 19586)
• Simplify the representation of callable types (Ivan Levkivskyi, PR 19580)
• Add cache for types of some expressions (Ivan Levkivskyi, PR 19505)
• Use cache for dictionary expressions (Ivan Levkivskyi, PR 19536)
• Use cache for binary operations (Ivan Levkivskyi, PR 19523)
• Cache types of type objects (Ivan Levkivskyi, PR 19514)
• Avoid duplicate work when checking boolean operations (Ivan Levkivskyi, PR 19515)
• Optimize generic inference passes (Ivan Levkivskyi, PR 19501)
• Speed up the default plugin (Jukka Lehtosalo, PRs 19385 and 19462)
• Remove nested imports from the default plugin (Ivan Levkivskyi, PR 19388)
• Micro‑optimize type expansion (Jukka Lehtosalo, PR 19461)
• Micro‑optimize type indirection (Jukka Lehtosalo, PR 19460)
• Micro‑optimize the plugin framework (Jukka Lehtosalo, PR 19464)
• Avoid temporary set creation in subtype checking (Jukka Lehtosalo, PR 19463)
• Subtype checking micro‑optimization (Jukka Lehtosalo, PR 19384)
• Return early where possible in subtype check (Stanislav Terliakov, PR 19400)
• Deduplicate some types before joining (Stanislav Terliakov, PR 19409)
• Speed up type checking by caching argument inference context (Jukka Lehtosalo, PR 19323)
• Optimize binding method self argument type and deprecation checks (Ivan Levkivskyi, PR 19556)
• Keep trivial instance types/aliases during expansion (Ivan Levkivskyi, PR 19543)

Fixed‑Format Cache (Experimental)

Mypy now supports a new cache format used for faster incremental builds. It makes
incremental builds up to twice as fast. The feature is experimental and
currently only supported when using a compiled version of mypy. Use --fixed-format-cache
to enable the new format, or fixed_format_cache = True in a configuration file.

We plan to enable this by default in a future mypy release, and we'll eventually
deprecate and remove support for the original JSON-based format.

Unlike the JSON-based cache format, the new binary format is currently
not easy to parse and inspect by mypy users. We are planning to provide a tool to
convert fixed-format cache files to JSON, but details of the output JSON may be
different from the current JSON format. If you rely on being able to inspect
mypy cache files, we recommend creating a GitHub issue and explaining your use
case, so that we can more likely provide support for it. (Using
MypyFile.read(binary_data) to inspect cache data may be sufficient to support
some use cases.)

This feature was contributed by Ivan Levkivskyi (PR 19668, 19735, 19750, 19681, 19752, 19815).

Flexible Variable Definitions: Update

Mypy 1.16.0 introduced --allow-redefinition-new, which allows redefining variables
with different types, and inferring union types for variables from multiple assignments.
The feature is now documented in the --help output, but the feature is still experimental.

We are planning to enable this by default in mypy 2.0, and we will also deprecate the
older --allow-redefinition flag. Since the new behavior differs significantly from
the older flag, we encourage users of --allow-redefinition to experiment with
--allow-redefinition-new and create a GitHub issue if the new functionality doesn't
support some important use cases.

This feature was contributed by Jukka Lehtosalo.

Inferred Type for Bare ClassVar

A ClassVar without an explicit type annotation now causes the type of the variable
to be inferred from the initializer:

from typing import ClassVar

class Item:

### Type of 'next_id' is now 'int' (it was 'Any')
    next_id: ClassVar = 1

    ...

This feature was contributed by Ivan Levkivskyi (PR 19573).

Disjoint Base Classes (@​disjoint_base, PEP 800)

Mypy now understands disjoint bases (PEP 800): it recognizes the @disjoint_base
decorator, and rejects class definitions that combine mutually incompatible base classes,
and takes advantage of the fact that such classes cannot exist in reachability and
narrowing logic.

This class definition will now generate an error:

pylint-dev/pylint (pylint)

v4.0.4

Compare Source

What's new in Pylint 4.0.4?

Release date: 2025-11-30

False Positives Fixed

• Fixed false positive for invalid-name where module-level constants were incorrectly classified as variables when a class-level attribute with the same name exists.

  Closes #​10719

• Fix a false positive for invalid-name on an UPPER_CASED name inside an if branch that assigns an object.

  Closes #​10745

v4.0.3

Compare Source

What's new in Pylint 4.0.3?

Release date: 2025-11-13

False Positives Fixed

• Add Enum dunder methods _generate_next_value_, _missing_, _numeric_repr_, _add_alias_, and _add_value_alias_ to the list passed to --good-dunder-names.

  Closes #​10435

• Fixed false positive for invalid-name with typing.Annotated.

  Closes #​10696

• Fix false positive for f-string-without-interpolation with template strings
  when using format spec.

  Closes #​10702

• Fix a false positive when an UPPER_CASED class attribute was raising an
  invalid-name when typed with Final.

  Closes #​10711

• Fix a false positive for unbalanced-tuple-unpacking when a tuple is assigned to a function call and the structure of the function's return value is ambiguous.

  Closes #​10721

Other Bug Fixes

• Make 'ignore' option work as expected again.

  Closes #​10669

• Fix crash for consider-using-assignment-expr when a variable annotation without assignment
  is used as the if test expression.

  Closes #​10707

• Fix crash for prefer-typing-namedtuple and consider-math-not-float when
  a slice object is called.

  Closes #​10708

pytest-dev/pytest (pytest)

v8.4.2

Compare Source

pytest 8.4.2 (2025-09-03)

Bug fixes

• #​13478: Fixed a crash when using console_output_style{.interpreted-text role="confval"} with times and a module is skipped.

• #​13530: Fixed a crash when using pytest.approx{.interpreted-text role="func"} and decimal.Decimal{.interpreted-text role="class"} instances with the decimal.FloatOperation{.interpreted-text role="class"} trap set.

• #​13549: No longer evaluate type annotations in Python 3.14 when inspecting function signatures.

  This prevents crashes during module collection when modules do not explicitly use from __future__ import annotations and import types for annotations within a if TYPE_CHECKING: block.

• #​13559: Added missing [int]{.title-ref} and [float]{.title-ref} variants to the [Literal]{.title-ref} type annotation of the [type]{.title-ref} parameter in pytest.Parser.addini{.interpreted-text role="meth"}.

• #​13563: pytest.approx{.interpreted-text role="func"} now only imports numpy if NumPy is already in sys.modules. This fixes unconditional import behavior introduced in [8.4.0]{.title-ref}.

Improved documentation

• #​13577: Clarify that pytest_generate_tests is discovered in test modules/classes; other hooks must be in conftest.py or plugins.

Contributor-facing changes

• #​13480: Self-testing: fixed a few test failures when run with -Wdefault or a similar override.
• #​13547: Self-testing: corrected expected message for test_doctest_unexpected_exception in Python 3.14.
• #​13684: Make pytest's own testsuite insensitive to the presence of the CI environment variable -- by ogrisel{.interpreted-text role="user"}.

actions/python-versions (python)

v3.14.3: 3.14.3

Compare Source

Python 3.14.3

v3.14.2: 3.14.2

Compare Source

Python 3.14.2

v3.14.1: 3.14.1

Compare Source

Python 3.14.1

v3.14.0: 3.14.0

Compare Source

Python 3.14.0

tox-dev/tox (tox)

v4.34.1

Compare Source

What's Changed

• fix: wheel corruption when running parallel tox processes by @​gaborbernat in #​3667

Full Changelog: tox-dev/tox@4.34.0...4.34.1

v4.34.0

Compare Source

What's Changed

• feat: Support depenedcy groups with self references by @​Czaki in #​3666

Full Changelog: tox-dev/tox@4.33.0...4.34.0

v4.33.0

Compare Source

What's Changed

• Pass LOCALAPPDATA by default on Windows (#​3639) by @​clint-lawrence in #​3640
• Docs: Add caution about ranges like py{39-314} by @​ferdnyc in #​3652
• CLI Parser: Drop epilog message for Sphinx help by @​ferdnyc in #​3653
• 📚 Integrate sphinx-issues extension by @​webknjaz in #​3655
• Fix sphinx doc build by @​gaborbernat in #​3662
• feat: add conditional set_env support via PEP-496 markers by @​gaborbernat in #​3663

New Contributors

• @​clint-lawrence made their first contribution in #​3640
• @​ferdnyc made their first contribution in #​3652

Full Changelog: tox-dev/tox@4.32.0...4.33.0

v4.32.0

Compare Source

What's Changed

• docs: Add Python 3.14 and 3.14t to config examples by @​cclauss in #​3626
• Fix broken log message (in that branch it did not match the arguments). by @​ionelmc in #​3634
• Allow braced range syntax in internal sections of tox.ini file by @​marcosboger in #​3631
• fix: ensure log folder is created before writing the execution logs by @​ssbarnea in #​3633
• TST: add weekly compatibility checks for CPython 3.15 by @​neutrinoceros in #​3629

New Contributors

• @​ionelmc made their first contribution in #​3634
• @​marcosboger made their first contribution in #​3631
• @​neutrinoceros made their first contribution in #​3629

Full Changelog: tox-dev/tox@4.31.0...4.32.0

v4.31.0

Compare Source

What's Changed

• Address a type-conversion noted during doc builds by @​kurtmckee in #​3623
• Add 3.14, drop 3.9 and support | union style by @​gaborbernat in #​3624

Full Changelog: tox-dev/tox@4.30.3...4.31.0

v4.30.3

Compare Source

What's Changed

• Isolate the test suite from any existing DEFAULT_CONFIG_FILE file by @​kurtmckee in #​3612
• Fix none config file issue 3611 by @​kurtmckee in #​3613
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in #​3608
• Fix incorrect type annotations in PythonPathPackageWithDeps (fixes #​3607) by @​PreistlyPython in #​3616
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in #​3615

New Contributors

• @​PreistlyPython made their first contribution in #​3616

Full Changelog: tox-dev/tox@4.30.2...4.30.3

v4.30.2

Compare Source

What's Changed

• Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 by @​dependabot[bot] in #​3603
• Ensure automatically provisioned environment is torn down by @​vytas7 in #​3601
• Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 in /.github/workflows by @​dependabot[bot] in #​3604

Full Changelog: tox-dev/tox@4.30.1...4.30.2

v4.30.1

Compare Source

What's Changed

• Prevent Tox from hanging with --installpkg sdist due to orphaned build backend by @​vytas7 in #​3530

New Contributors

• @​vytas7 made their first contribution in #​3530

Full Changelog: tox-dev/tox@4.30.0...4.30.1

v4.30.0

Compare Source

What's Changed

• Pass through CI as __TOX_ENVIRONMENT_VARIABLE_ORIGINAL_CI by @​Liam-DeVoe in #​3592
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in #​3596
• Fix the built docs HTML path hint in tox.toml by @​webknjaz in #​3594
• Add a "version added" note for tox_extend_envs by @​webknjaz in #​3595
• fix: provide clear messaging about config file loading by @​ssbarnea in #​3578
• Ensure tox_extend_envs list can be read twice by @​webknjaz in #​3598

New Contributors

• @​Liam-DeVoe made their first contribution in #​3592

Full Changelog: tox-dev/tox@4.29.0...4.30.0

v4.29.0

Compare Source

What's Changed

• Docs: environment variables contain strings by @​hroncok in #​3575
• 🐍 Fix sys_platform Fixture Leakage breaking the CI by @​gaborbernat in #​3589
• Expose a new tox_extend_envs hook in plugins API by @​webknjaz in #​3591

Full Changelog: tox-dev/tox@4.28.4...4.29.0

astral-sh/uv (uv_build)

v0.10.0

Compare Source

Since we released uv 0.9.0 in October of 2025, we've accumulated various changes that improve correctness and user experience, but could break some workflows. This release contains those changes; many have been marked as breaking out of an abundance of caution. We expect most users to be able to upgrade without making changes.

This release also includes the stabilization of preview features. Python upgrades are now stable, including the uv python upgrade command, uv python install --upgrade, and automatically upgrading Python patch versions in virtual environments when a new version is installed. The add-bounds and extra-build-dependencies settings are now stable. Finally, the uv workspace dir and uv workspace list utilities for writing scripts against workspace members are now stable.

Breaking changes

• Require --clear to remove existing virtual environments in uv venv (#​17757)

  Previously, uv venv would prompt for confirmation before removing an existing virtual environment in interactive contexts, and remove it without confirmation in non-interactive contexts. Now, uv venv requires the --clear flag to remove an existing virtual environment. A warning for this change was added in uv 0.8.

  You can opt out of this behavior by passing the --clear flag or setting UV_VENV_CLEAR=1.

• Error if multiple indexes include default = true (#​17011)

  Previously, uv would silently accept multiple indexes with default = true and use the first one. Now, uv will error if multiple indexes are marked as the default.

  You cannot opt out of this behavior. Remove default = true from all but one index.

• Error when an explicit index is unnamed (#​17777)

  Explicit indexes can only be used via the [tool.uv.sources] table, which requires referencing the index by name. Previously, uv would silently accept unnamed explicit indexes, which could never be referenced. Now, uv will error if an explicit index does not have a name.

  You cannot opt out of this behavior. Add a name to the explicit index or remove the entry.

• Install alternative Python executables using their implementation name (#​17756, #​17760)

  Previously, uv python install would install PyPy, GraalPy, and Pyodide executables with names like python3.10 into the bin directory. Now, these executables will be named using their implementation name, e.g., pypy3.10, graalpy3.10, and pyodide3.12, to avoid conflicting with CPython installations.

  You cannot opt out of this behavior.

• Respect global Python version pins in uv tool run and uv tool install (#​14112)

  Previously, uv tool run and uv tool install did not respect the global Python version pin (set via uv python pin --global). Now, these commands will use the global Python version when no explicit version is requested.

  For uv tool install, if the tool is already installed, the Python version will not change unless --reinstall or --python is provided. If the tool was previously installed with an explicit --python flag, the global pin will not override it.

  You can opt out of this behavior by providing an explicit --python flag.

• Remove Debian Bookworm, Alpine 3.21, and Python 3.8 Docker images (#​17755)

  The Debian Bookworm and Alpine 3.21 images were replaced by Debian Trixie and Alpine 3.22 as defaults in uv 0.9. These older images are now removed. Python 3.8 images are also removed, as Python 3.8 is no longer supported in the Trixie or Alpine base images.

  The following image tags are no longer published:

  • uv:bookworm, uv:bookworm-slim
  • uv:alpine3.21
  • uv:python3.8-*

  Use uv:debian or uv:trixie instead of uv:bookworm, uv:alpine or uv:alpine3.22 instead of uv:alpine3.21, and a newer Python version instead of uv:python3.8-*.

• Drop PPC64 (big endian) builds (#​17626)

  uv no longer provides pre-built binaries for PPC64 (big endian). This platform appears to be largely unused and is only supported on a single manylinux version. PPC64LE (little endian) builds are unaffected.

  Building uv from source is still supported for this platform.

• Skip generating activate.csh for relocatable virtual environments (#​17759)

  Previously, uv venv --relocatable would generate an activate.csh script that contained hardcoded paths, making it incompatible with relocation. Now, the activate.csh script is not generated for relocatable virtual environments.

  You cannot opt out of this behavior.

• Require username when multiple credentials match a URL (#​16983)

  When using uv auth login to store credentials, you can register multiple username and password combinations for the same host. Previously, when uv needed to authenticate and multiple credentials matched the URL (e.g., when retrieving a token with uv auth token), uv would pick the first match. Now, uv will error instead.

  You cannot opt out of this behavior. Include the username in the request, e.g., uv auth token --username foo example.com.

• Avoid invalidating the lockfile versions after an exclude-newer change (#​17721)

  Previously, changing the exclude-newer setting would cause package versions to be upgraded, ignoring the lockfile entirely. Now, uv will only change package versions if they are no longer within the exclude-newer range.

  You can restore the previous behavior by using --upgrade or --upgrade-package to opt-in to package version changes.

• Upgrade uv format to Ruff 0.15.0 (#​17838)

  uv format now uses Ruff 0.15.0, which uses the 2026 style guide. See the blog post for details.

  The formatting of code is likely to change. You can opt out of this behavior by requesting an older Ruff version, e.g., uv format --version 0.14.14.

• Update uv crate test features to use test- as a prefix (#​17860)

  This change only affects redistributors of uv. The Cargo features used to gate test dependencies, e.g., pypi, have been renamed with a test- prefix for clarity, e.g., test-pypi.

Stabilizations

• uv python upgrade and uv python install --upgrade (#​17766)

  When installing Python versions, an intermediary directory without the patch version attached will be created, and virtual environments will be transparently upgraded to new patch versions.

  See the Python version documentation for more details.

• uv add --bounds and the add-bounds configuration option (#​17660)

  This does not come with any behavior changes. You will no longer see an experimental warning when using uv add --bounds or add-bounds in configuration.

• uv workspace list and uv workspace dir (#​17768)

  This does not come with any behavior changes. You will no longer see an experimental warning when using these commands.

• extra-build-dependencies (#​17767)

  This does not come with any behavior changes. You will no longer see an experimental warning when using extra-build-dependencies in configuration.

Enhancements

• Improve ABI tag error message phrasing (#​17878)
• Introduce a 10s connect timeout (#​17733)
• Allow using pyx.dev as a target in uv auth commands despite PYX_API_URL differing (#​17856)

Bug fixes

• Support all CPython ABI tag suffixes properly (#​17817)
• Add support for detecting PowerShell on Linux and macOS (#​17870)
• Retry timeout errors for streams (#​17875)

pallets/werkzeug (werkzeug)

v3.1.5

Compare Source

Released 2026-01-08

• safe_join on Windows does not allow more special device names, regardless
  of extension or surrounding spaces. :ghsa:87hc-h4r5-73f7
• The multipart form parser handles a \r\n sequence at a chunk boundary.
  This fixes the previous attempt, which caused incorrect content lengths.
  :issue:3065 :issue:3077
• Fix AttributeError when initializing DebuggedApplication with
  pin_security=False. :issue:3075

v3.1.4

Compare Source

Released 2025-11-28

• safe_join on Windows does not allow special device names. This prevents
  reading from these when using send_from_directory. secure_filename
  already prevented writing to these. :ghsa:hgf8-39gv-g3f2
• The debugger pin fails after 10 attempts instead of 11. :pr:3020
• The multipart form parser handles a \r\n sequence at a chunk boundary.
  :issue:3065
• Improve CPU usage during Watchdog reloader. :issue:3054
• Request.json annotation is more accurate. :issue:3067
• Traceback rendering handles when the line number is beyond the available
  source lines. :issue:3044
• HTTPException.get_response annotation and doc better conveys the
  distinction between WSGI and sans-IO responses. :issue:3056

pypa/wheel (wheel)

v0.46.3

Compare Source

• Fixed ImportError: cannot import name '_setuptools_logging' from 'wheel' when installed alongside an old version of setuptools and running the bdist_wheel command (#​676)

v0.46.2

Compare Source

• Restored the bdist_wheel command for compatibility with setuptools older than v70.1
• Importing wheel.bdist_wheel now emits a FutureWarning instead of a DeprecationWarning
• Fixed wheel unpack potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)

v0.46.1

Compare Source

• Temporarily restored the wheel.macosx_libfile module (#​659)

v0.46.0

Compare Source

• Dropped support for Python 3.8
• Removed the bdist_wheel setuptools command implementation and entry point. The wheel.bdist_wheel module is now just an alias to setuptools.command.bdist_wheel, emitting a deprecation warning on import.
• Removed vendored packaging in favor of a run-time dependency on it
• Made the wheel.metadata module private (with a deprecation warning if it's imported
• Made the wheel.cli package private (no deprecation warning)
• Fixed an exception when calling the convert command with an empty description field

adrienverge/yamllint (yamllint)

v1.38.0

Compare Source

• Add support for Python 3.14, drop support for Python 3.9
• Require pathspec ≥ 1.0.0
• Config: Follow gitignore implementation in yaml-files and ignore
• Config: Use "mapping" instead of "dict" for user-facing errors
• Rule indentation: Fix error message for check-multi-line-strings
• Rule quoted-strings: Add quote-type: consistent
• Docs: Update the name of BSD ports
• Docs: Enhance wording of recursive directory lint in README
• Docs: Add Alpine Linux installation instructions in README

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.