Skip to content

Update all dependencies#65

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all
Open

Update all dependencies#65
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all

Conversation

@renovate

@renovate renovate Bot commented Aug 11, 2025

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Type Update Change Pending Age Confidence
actions/checkout action major v4v7 age confidence
actions/download-artifact action major v4v8 age confidence
actions/setup-python action major v5v6 age confidence
actions/upload-artifact action major v4v7 age confidence
coverage dependencies minor 7.14.17.15.0 7.15.1 age confidence
pylint (changelog) dependencies major ^3.0.0^4.0.0 age confidence
sphinxcontrib-apidoc dependencies minor ^0.5.0^0.6.0 age confidence

Release Notes

actions/checkout (actions/checkout)

v7.0.0

Compare Source

v7

Compare Source

v6.0.3

Compare Source

v6.0.2

Compare Source

v6.0.1

Compare Source

v6.0.0

Compare Source

v6

Compare Source

v5.0.1

Compare Source

v5.0.0

Compare Source

v5

Compare Source

actions/download-artifact (actions/download-artifact)

v8.0.1

Compare Source

What's Changed

Full Changelog: actions/download-artifact@v8...v8.0.1

v8.0.0

Compare Source

v8 - What's new

[!IMPORTANT]
actions/download-artifact@​v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.

[!IMPORTANT]
Hash mismatches will now error by default. Users can override this behavior with a setting change (see below).

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to true.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @​actions/* packages, we've upgraded the package to ESM.

What's Changed

Full Changelog: actions/download-artifact@v7...v8.0.0

v8

Compare Source

v7.0.0

Compare Source

v7 - What's new

[!IMPORTANT]
actions/download-artifact@​v7 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

New Contributors

Full Changelog: actions/download-artifact@v6.0.0...v7.0.0

v7

Compare Source

v6.0.0

Compare Source

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

New Contributors

Full Changelog: actions/download-artifact@v5...v6.0.0

v6

Compare Source

v5.0.0

Compare Source

What's Changed

v5.0.0

🚨 Breaking Change

This release fixes an inconsistency in path behavior for single artifact downloads by ID. If you're downloading single artifacts by ID, the output path may change.

What Changed

Previously, single artifact downloads behaved differently depending on how you specified the artifact:

  • By name: name: my-artifact → extracted to path/ (direct)
  • By ID: artifact-ids: 12345 → extracted to path/my-artifact/ (nested)

Now both methods are consistent:

  • By name: name: my-artifact → extracted to path/ (unchanged)
  • By ID: artifact-ids: 12345 → extracted to path/ (fixed - now direct)
Migration Guide
✅ No Action Needed If:
  • You download artifacts by name
  • You download multiple artifacts by ID
  • You already use merge-multiple: true as a workaround
⚠️ Action Required If:

You download single artifacts by ID and your workflows expect the nested directory structure.

Before v5 (nested structure):

- uses: actions/download-artifact@v4
  with:
    artifact-ids: 12345
    path: dist

# Files were in: dist/my-artifact/

Where my-artifact is the name of the artifact you previously uploaded

To maintain old behavior (if needed):

- uses: actions/download-artifact@v5
  with:
    artifact-ids: 12345
    path: dist/my-artifact  # Explicitly specify the nested path

New Contributors

Full Changelog: actions/download-artifact@v4...v5.0.0

v5

Compare Source

actions/setup-python (actions/setup-python)

v6.3.0

Compare Source

What's Changed
Enhancement
Dependency update
Documentation
New Contributors

Full Changelog: actions/setup-python@v6...v6.3.0

v6.2.0

Compare Source

What's Changed

Dependency Upgrades

Full Changelog: actions/setup-python@v6...v6.2.0

v6.1.0

Compare Source

What's Changed

Enhancements:
Dependency and Documentation updates:

New Contributors

Full Changelog: actions/setup-python@v6...v6.1.0

v6.0.0

Compare Source

What's Changed

Breaking Changes

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:
Bug fixes:
Dependency updates:

New Contributors

Full Changelog: actions/setup-python@v5...v6.0.0

v6

Compare Source

actions/upload-artifact (actions/upload-artifact)

v7.0.1

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v7...v7.0.1

v7.0.0

Compare Source

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

v7

Compare Source

v6.0.0

Compare Source

v6 - What's new

[!IMPORTANT]
actions/upload-artifact@​v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v6

Compare Source

v5.0.0

Compare Source

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

New Contributors

Full Changelog: actions/upload-artifact@v4...v5.0.0

v5

Compare Source

coveragepy/coveragepy (coverage)

v7.15.0

Compare Source

  • Since 7.14.0, reporting commands implicitly combine parallel data files. Now
    those commands have a new option --keep-combined to retain the data files
    after combining them instead of the default, which is to delete them.
    Finishes issue 2198_.

  • Fix: the LCOV report would incorrectly count excluded functions as uncovered,
    as described in issue 2205. This is now fixed thanks to Martin Kuntz Jacobsen <pull 2206_>.

  • When running your program, coverage now correctly sets
    yourmodule.__spec__.loader as strongly recommended <--loader--_>,
    avoiding the deprecation warning described in issue 2208
    . Thanks, A5rocks <pull 2209_>_.

  • Fix: with Python 3.10, running with the -I (isolated mode) option didn't
    correctly omit the current directory from the module search path, as
    described in issue 2103. That is now fixed thanks to Ilia Sorokin <pull 2211_>.

.. --loader--: https://docs.python.org/3/reference/datamodel.html#module.__loader_
.. _issue 2103: #​2103
.. _issue 2198: #​2198
.. _issue 2205: #​2205
.. _pull 2206: #​2206
.. _issue 2208: #​2208
.. _pull 2209: #​2209
.. _pull 2211: #​2211

.. _changes_7-14-3:

v7.14.3

Compare Source

  • Fix: the default ... exclusion rule now also matches function bodies
    whose closing return-type bracket is on its own line (for example, after a
    long -> dict[ ... ] annotation that a formatter has split over multiple
    lines). Closes issue 2185, thanks Mengjia Shang <pull 2196_>.

  • Fix: On 3.13t, we incorrectly issued Couldn't import C tracer errors.
    We can't import the C tracer because in 7.14.2 we stopped shipping compiled
    wheels for 3.13t. Thanks, Hugo van Kemenade <pull 2203_>_.

.. _issue 2185: #​2185
.. _pull 2196: #​2196
.. _pull 2203: #​2203

.. _changes_7-14-2:

v7.14.2

Compare Source

  • Fix: some messages were being written to stdout, making coverage json -o - useless for capturing JSON output. Now messages are written to stderr,
    fixing issue 2197_.

  • Fix: CoverageData kept one SQLite connection per thread that recorded
    coverage, but never closed them when those threads terminated. On long runs
    with many short-lived threads this leaked one file descriptor per dead
    thread, eventually failing with OSError: [Errno 24] Too many open files.
    Connections belonging to terminated threads are now closed and dropped.
    Fixes issue 2192_.

  • Fix: when using sys.monitoring, we were assuming we could use the
    COVERAGE_ID tool id. But other tools might also assume they could use
    that id. Pre-allocated ids don't really make sense, so now we search for a
    usable one instead. Fixes issue 2187. Thanks, Matthew Lloyd <pull 2198_>.

  • Following the advice of cibuildwheel <no-13t_>_, we no longer distribute
    wheels for Python 3.13 free-threaded.

.. _issue 2187: #​2187
.. _issue 2192: #​2192
.. _issue 2197: #​2197
.. _pull 2198: #​2198
.. _no-13t: https://py-free-threading.github.io/ci/#building-free-threaded-wheels-with-cibuildwheel

.. _changes_7-14-1:

pylint-dev/pylint (pylint)

v4.0.6

Compare Source

What's new in Pylint 4.0.6?

Release date: 2026-06-14

False Positives Fixed

  • implicit-str-concat is no longer emitted for an implicit concatenation of
    a raw string with a non-raw one (e.g. r"\d" "\n"). Such literals cannot be
    merged into a single string, so the concatenation is intentional rather than a
    forgotten comma.

    Closes #​6663

  • Fix a false positive for invalid-name (C0103) where the default
    typevar-rgx rejected TypeVar names containing digits, such as
    Ec2T.

    Closes #​8499

  • Fix a false positive for too-many-arguments in (non-static) methods and classmethods.

    Closes #​8675

  • Fix a false positive for no-member when a value is inferred to several
    possible types and at least one of them defines a dynamic __getattr__.

    Closes #​9833

  • Fix a false positive for function-redefined (E0102) when reusing names that
    match dummy-variables-rgx (such as _), which is common for
    pytest-bdd step definitions. This restores the behavior from before pylint
    4.0.0; as a consequence the false negative fixed in #​9894 is reintroduced for
    functions whose name matches dummy-variables-rgx.

    Closes #​10665

  • Fix undefined-variable false positive when a name used as a metaclass
    argument in a nested class is referenced again later in the module.

    Closes #​10823

  • Fix a false positive for unused-variable where global variables matching
    dummy-variables-rgx were still reported as unused when
    allow-global-unused-variables was disabled.

    Closes #​10890

  • Fix a false positive for bad-dunder-name when there is a user-defined __suppress_context__ attribute on exception subclasses.

    Closes #​10960

  • Fix used-before-assignment false positive for names bound by from X import * in every branch of an if/elif/else chain.

    Refs #​10980

  • Check for metaclass call signature when evaluating arguments of a class call.

    Closes #​11032

  • Fix false positive method-hidden when cached_property is imported directly with from functools import cached_property.

    Refs #​11037

Other Bug Fixes

  • Fix the suggestion of unnecessary-comprehension for a dict comprehension
    that iterates a dict directly, e.g. {a: b for a, b in d}. Iterating a dict
    yields its keys, so the suggestion is now dict(d.keys()) instead of the
    incorrect dict(d), which would simply copy d.

    Closes #​8256

  • Fix a crash in consider-using-enumerate when the for loop target is an attribute (e.g. for self.idx in range(len(x))) rather than a simple variable name.

    Closes #​10099

  • Fix crash when checking attribute-defined-outside-init on classes that inherit from a base class pylint cannot fully analyze.

    Closes #​10892

  • Fix add_message silently overwriting an explicit col_offset=0 (or any other zero-valued line/end_lineno/end_col_offset) with the AST node's value. The internal _add_one_message helper used a falsey check (if not col_offset:) to detect an omitted argument, which incorrectly treated a legitimate 0 the same as None. It now uses an identity check against None.

    Refs #​11020

  • Fix a crash in the name checker when a non-constant value is passed as the covariant or contravariant argument of a TypeVar.

    Closes #​11022

  • Fix a crash in the variable checker when a name resolves to a dataclass-synthesized __init__, which has no line number.

    Closes #​11023

  • Fix a crash in the variables checker when NotImplemented is used as the test of an if statement, which raised a TypeError in a boolean context on Python 3.14.

    Closes #​11025

  • Avoided a crash from the implicit booleaness checker for len() calls without arguments.

    Closes #​11028

  • Fix a crash in the variables checker when a class declares a metaclass whose
    attribute-access chain does not bottom out at a name (e.g.
    class C(metaclass=None._)).
    Originally reported as pylint-dev/astroid#3066.

    Refs #​11031

  • Fix a crash in the name checker when a chained assignment of a TypeAlias
    value has a non-name target such as a Subscript (for example
    a[0] = b = TypeAlias).

    Closes #​11056

  • Fix a crash in the deprecated checker when __import__ is called with a
    non-string constant argument (for example __import__(1)).

    Closes #​11059

  • Avoid crashing when enum member inference fails while checking enum subclasses.

    Closes #​11069

  • Prevent a crash in unexpected-keyword-arg analysis when
    infer_call_result() raises InferenceError while inspecting
    decorator return signatures.

    Closes #​11070

  • Fix a crash in the typecheck checker when a class uses a non-class object
    (for example a function) as its metaclass= argument.

    Closes #​11071

  • Allow digits in ParamSpec and TypeVarTuple names for invalid-name check.

    The default paramspec-rgx and typevartuple-rgx patterns rejected names
    containing digits (e.g. Ec2P, S3Ts), emitting a false invalid-name
    (C0103). Allow digits in the lowercase segments, consistent with the
    typevar and typealias patterns.

    Closes #​11090

Performance Improvements

  • The duplicate-code checker no longer runs when its message (R0801) is disabled, even if reports=yes is set. Previously, the checker's report (RP0801) would cause the expensive similarity computation to run regardless.

    Closes #​3443

v4.0.5

Compare Source

What's new in Pylint 4.0.5?

Release date: 2026-02-20

False Positives Fixed

  • Fix possibly-used-before-assignment false positive when using self.fail() in tests.

    Closes #​10743

  • Fixed false positive for logging-unsupported-format when no arguments are provided to logging functions.

    According to Python's logging documentation, no formatting is performed when no arguments are supplied, so strings like logging.error("%test") are valid.

    Closes #​10752

  • Fix a false positive for invalid-name where a dataclass field typed with Final
    was evaluated against the class_const regex instead of the class_attribute regex.

    Closes #​10790

  • Avoid emitting unspecified-encoding (W1514) when py-version is 3.15+.

    Refs #​10791

Other Bug Fixes

  • Fix --known_third_party config being ignored.

    Closes #​10801

  • Fixed dynamic color mapping for "fail-on" messages when using multiple reporter/output formats.

    Closes #​10825

  • dependency on isort is now set to <9, permitting to use isort 8.

    Closes #​10857

v4.0.4

Compare Source

What's new in Pylint 4.0.4?

Release date: 2025-11-30

False Positives Fixed

  • Fixed false positive for invalid-name where module-level constants were incorrectly classified as variables when a class-level attribute with the same name exists.

    Closes #​10719

  • Fix a false positive for invalid-name on an UPPER_CASED name inside an if branch that assigns an object.

    Closes #​10745

v4.0.3

Compare Source

What's new in Pylint 4.0.3?

Release date: 2025-11-13

False Positives Fixed

  • Add Enum dunder methods _generate_next_value_, _missing_, _numeric_repr_, _add_alias_, and _add_value_alias_ to the list passed to --good-dunder-names.

    Closes #​10435

  • Fixed false positive for invalid-name with typing.Annotated.

    Closes #​10696

  • Fix false positive for f-string-without-interpolation with template strings
    when using format spec.

    Closes #​10702

  • Fix a false positive when an UPPER_CASED class attribute was raising an
    invalid-name when typed with Final.

    Closes #​10711

  • Fix a false positive for unbalanced-tuple-unpacking when a tuple is assigned to a function call and the structure of the function's return value is ambiguous.

    Closes #​10721

Other Bug Fixes

  • Make 'ignore' option work as expected again.

    Closes #​10669

  • Fix crash for consider-using-assignment-expr when a variable annotation without assignment
    is used as the if test expression.

    Closes #​10707

  • Fix crash for prefer-typing-namedtuple and consider-math-not-float when
    a slice object is called.

    Closes #​10708

v4.0.2

Compare Source

False Positives Fixed

  • Fix false positive for invalid-name on a partially uninferable module-level constant.

    Closes #​10652

  • Fix a false positive for invalid-name on exclusive module-level assignments
    composed of three or more branches. We won't raise disallowed-name on module-level names that can't be inferred
    until a further refactor to remove this false negative is done.

    Closes #​10664

  • Fix false positive for invalid-name for TypedDict instances.

    Closes #​10672

v4.0.1

Compare Source

What's new in Pylint 4.0.1?

Release date: 2025-10-14

False Positives Fixed

  • Exclude __all__ and __future__.annotations from unused-variable.

    Closes #​10019

  • Fix false-positive for bare-name-capture-pattern if a case guard is used.

    Closes #​10647

  • Check enums created with the Enum() functional syntax to pass against the
    --class-rgx for the invalid-name check, like other enums.

    Closes #​10660

v4.0.0

Compare Source

  • Pylint now supports Python 3.14.

  • Pylint's inference engine (astroid) is now much more precise,
    understanding implicit booleanness and ternary expressions. (Thanks @​zenlyj!)

Consider this example:

class Result:
    errors: dict | None = None

result = Result()
if result.errors:
    result.errors[field_key]

##### inference engine understands result.errors cannot be None
##### pylint no longer raises unsubscriptable-object

The required astroid version is now 4.0.0. See the astroid changelog for additional fixes, features, and performance improvements applicable to pylint.

  • Handling of invalid-name at the module level was patchy. Now,
    module-level constants that are reassigned are treated as variables and checked
    against --variable-rgx rather than --const-rgx. Module-level lists,
    sets, and objects can pass against either regex.

Here, LIMIT is reassigned, so pylint only uses --variable-rgx:

LIMIT = 500  # [invalid-name]
if sometimes:
    LIMIT = 1  # [invalid-name]

If this is undesired, refactor using exclusive assignment so that it is
evident that this assignment happens only once:

if sometimes:
    LIMIT = 1
else:
    LIMIT = 500  # exclusive assignment: uses const regex, no warning

Lists, sets, and objects still pass against either const-rgx or variable-rgx
even if reassigned, but are no longer completely skipped:

MY_LIST = []
my_list = []
My_List = []  # [invalid-name]

Remember to adjust the regexes and allow lists to your liking.

Breaking Changes

  • invalid-name now distinguishes module-level constants that are assigned only once
    from those that are reassigned and now applies --variable-rgx to the latter. Values
    other than literals (lists, sets, objects) can pass against either the constant or
    variable regexes (e.g. "LOGGER" or "logger" but not "LoGgEr").

    Remember that --good-names or --good-names-rgxs can be provided to explicitly
    allow good names.

    Closes #​3585

  • The unused pylintrc argument to PyLinter.__init__() is deprecated
    and will be removed.

    Refs #​6052

  • Commented out code blocks such as # bar() # TODO: remove dead code will no longer emit fixme.

    Refs #​9255

  • pyreverse Run was changed to no longer call sys.exit() in its __init__.
    You should now call Run(args).run() which will return the exit code instead.
    Having a class that always raised a SystemExit exception was considered a bug.

    Normal usage of pyreverse through the CLI will not be affected by this change.

    Refs #​9689

  • The suggestion-mode option was removed, as pylint now always emits user-friendly hints instead
    of false-positive error messages. You should remove it from your conf if it's defined.

    Refs [#​9962](https://redirect.github.com/pylint-dev/pyli

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/all branch 3 times, most recently from 496ca9c to 8eba457 Compare October 15, 2025 17:52
@renovate renovate Bot force-pushed the renovate/all branch 2 times, most recently from 1ecf877 to 23fcabe Compare October 24, 2025 21:55
@renovate renovate Bot force-pushed the renovate/all branch 4 times, most recently from f3242b5 to aaae1a3 Compare November 13, 2025 20:44
@renovate renovate Bot force-pushed the renovate/all branch 2 times, most recently from 2f44e26 to 019c492 Compare November 20, 2025 17:56
@renovate renovate Bot force-pushed the renovate/all branch 2 times, most recently from 390516c to 0d2d39f Compare December 12, 2025 21:34
@renovate renovate Bot force-pushed the renovate/all branch 2 times, most recently from 1cae755 to 5284c15 Compare February 9, 2026 13:42
@renovate renovate Bot force-pushed the renovate/all branch 2 times, most recently from cc75f9e to eb6ff6d Compare February 26, 2026 20:52
@renovate renovate Bot force-pushed the renovate/all branch from f9f76b2 to 505afa6 Compare May 10, 2026 21:11
@renovate renovate Bot force-pushed the renovate/all branch 2 times, most recently from f03525e to ce46521 Compare May 26, 2026 22:04
@renovate renovate Bot force-pushed the renovate/all branch from ce46521 to a30dcae Compare June 1, 2026 23:02
@renovate renovate Bot force-pushed the renovate/all branch 2 times, most recently from 066f259 to 25db451 Compare June 14, 2026 16:58
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate Bot force-pushed the renovate/all branch from 7f30793 to 30df0e9 Compare July 5, 2026 13:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants