[pip] (deps): Bump the dev-dependencies group with 5 updates

[dependabot]

Bumps the dev-dependencies group with 5 updates:

Package	From	To
idna	3.17	3.18
distlib	0.4.0	0.4.1
filelock	3.29.0	3.29.1
pyright	1.1.409	1.1.410
ruff	0.15.15	0.15.16

Updates idna from 3.17 to 3.18

Changelog

Sourced from idna's changelog.

3.18 (2026-06-02)

• When decoding a domain, add a display argument that will pass through invalid labels rather than raising an exception.

Commits

• f39ea90 Release 3.18
• 40f4e40 Pre-release 3.18rc0
• 1a5bf80 Merge pull request #253 from kjd/lenient-decode
• 5bbb26f Merge branch 'master' into lenient-decode
• c532bae Rename decode() lenient= option to display= (issue #248)
• 0b1758b Merge pull request #252 from kjd/release-3.17
• 47b5cde Add lenient option to decode() for best-effort label recovery (issue #248)
• See full diff in compare view

Updates distlib from 0.4.0 to 0.4.1

Changelog

Sourced from distlib's changelog.

0.4.1

Released: 2026-06-02


scripts

Fix path traversal bug in handling entry points which allowed escaping the scripts directory.
Thanks to tonghuaroot for the comprehensive report.



tests

Fix #251: Change test function following a reorganization which happened in the Python stdlib.

Commits

• d562ad5 Changes for 0.4.1.
• 6286442 Fix #251: Use more appropriate function in test.
• e3b1cd6 Bump version.
• da3e90a Added tag 0.4.0 for changeset d31f0b340fde
• See full diff in compare view

Updates filelock from 3.29.0 to 3.29.1

Release notes

Sourced from filelock's releases.

3.29.1

What's Changed

• docs: fix API docs of release() by @​MrAnno in tox-dev/filelock#540
• docs: clarify per-thread scope of FileLock configuration by @​Gares95 in tox-dev/filelock#543
• chore: improve filelock maintenance path by @​lphuc2250gma in tox-dev/filelock#542
• chore: improve filelock maintenance path by @​lphuc2250gma in tox-dev/filelock#544
• chore: improve filelock maintenance path by @​lphuc2250gma in tox-dev/filelock#545
• 🐛 fix(soft): refuse to follow symlinks when reading the lock file by @​dxbjavid in tox-dev/filelock#548

New Contributors

• @​MrAnno made their first contribution in tox-dev/filelock#540
• @​Gares95 made their first contribution in tox-dev/filelock#543
• @​lphuc2250gma made their first contribution in tox-dev/filelock#542
• @​dxbjavid made their first contribution in tox-dev/filelock#548

Full Changelog: tox-dev/filelock@3.29.0...3.29.1

Changelog

Sourced from filelock's changelog.

########### Changelog ###########

---

3.29.1 (2026-06-03)

---

• 🐛 fix(soft): refuse to follow symlinks when reading the lock file :pr:548 - by :user:dxbjavid
• [pre-commit.ci] pre-commit autoupdate :pr:547 - by :user:pre-commit-ci[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:546 - by :user:pre-commit-ci[bot]
• chore: improve filelock maintenance path :pr:545 - by :user:lphuc2250gma
• chore: improve filelock maintenance path :pr:544 - by :user:lphuc2250gma
• chore: improve filelock maintenance path :pr:542 - by :user:lphuc2250gma
• docs: clarify per-thread scope of FileLock configuration :pr:543 - by :user:Gares95
• [pre-commit.ci] pre-commit autoupdate :pr:541 - by :user:pre-commit-ci[bot]
• docs: fix API docs of release() :pr:540 - by :user:MrAnno
• [pre-commit.ci] pre-commit autoupdate :pr:539 - by :user:pre-commit-ci[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:538 - by :user:pre-commit-ci[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:537 - by :user:pre-commit-ci[bot]
• build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 :pr:536 - by :user:dependabot[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:535 - by :user:pre-commit-ci[bot]

---

3.29.0 (2026-04-19)

---

• ✨ feat(soft): enable stale lock detection on Windows :pr:534
• 🐛 fix(async): use single-thread executor for lock consistency :pr:533
• build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 :pr:530 - by :user:dependabot[bot]

---

3.28.0 (2026-04-14)

---

• 🐛 fix(ci): unbreak release workflow, publish to PyPI again :pr:529

---

3.26.1 (2026-04-09)

---

• 🐛 fix(asyncio): add exit to BaseAsyncFileLock and fix del loop handling :pr:518 - by :user:naarob
• build(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 :pr:525 - by :user:dependabot[bot]

---

3.26.0 (2026-04-06)

---

• ✨ feat(soft): add PID inspection and lock breaking :pr:524
• [pre-commit.ci] pre-commit autoupdate :pr:523 - by :user:pre-commit-ci[bot]

... (truncated)

Commits

• 438b6fe Release 3.29.1
• bfbfa76 🐛 fix(soft): refuse to follow symlinks when reading the lock file (#548)
• c51a72c [pre-commit.ci] pre-commit autoupdate (#547)
• cc05fd7 [pre-commit.ci] pre-commit autoupdate (#546)
• cb947e5 chore: improve filelock maintenance path (#545)
• e087ca9 chore: improve filelock maintenance path (#544)
• f9dd949 chore: improve filelock maintenance path (#542)
• 9200f1f docs: clarify per-thread scope of FileLock configuration (#543)
• 9d8985f [pre-commit.ci] pre-commit autoupdate (#541)
• 7d1f48c docs: fix API docs of release() (#540)
• Additional commits viewable in compare view

Updates pyright from 1.1.409 to 1.1.410

Commits

• 509391a Pyright NPM Package update to 1.1.410 (#361)
• See full diff in compare view

Updates ruff from 0.15.15 to 0.15.16

Release notes

Sourced from ruff's releases.

0.15.16

Release Notes

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.16

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

Commits

• 6c498ab Bump 0.15.16 (#25635)
• e51e132 [flake8-async] Implement yield-in-context-manager-in-async-generator (`AS...
• 7c6dcd9 [ty] Add caching for pattern match narrowing (#25613)
• 27058fc [ty] Compact retained definition and expression identities (#25606)
• bf80d05 Fix CODEOWNERS syntax (#25622)
• 10ccd51 Shrink additional parser AST collections (#25465)
• 0d7135f [ty] Upgrade Salsa (#25545)
• 49493a3 [ty] Show type alias value on hover (#25381)
• 85207d3 [ty] sys.implementation.version is not sys.version_info (#25608)
• a8a0614 [ty] Avoid retaining duplicate function signatures (#25609)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Coverage report

This PR does not seem to contain any modification to coverable code.