chore(deps-dev): bump the minor-and-patch group across 1 directory with 5 updates

[dependabot]

Bumps the minor-and-patch group with 5 updates in the / directory:

Package	From	To
ruff	0.15.8	0.15.10
pydantic	2.12.5	2.13.0
pytest	9.0.2	9.0.3
basedpyright	1.38.4	1.39.0
zensical	0.0.30	0.0.32

Updates ruff from 0.15.8 to 0.15.10

Release notes

Sourced from ruff's releases.

0.15.10

Release Notes

Released on 2026-04-09.

Preview features

• [flake8-logging] Allow closures in except handlers (LOG004) (#24464)
• [flake8-self] Make SLF diagnostics robust to non-self-named variables (#24281)
• [flake8-simplify] Make the fix for collapsible-if safe in preview (SIM102) (#24371)

Bug fixes

• Avoid emitting multi-line f-string elements before Python 3.12 (#24377)
• Avoid syntax error from E502 fixes in f-strings and t-strings (#24410)
• Strip form feeds from indent passed to dedent_to (#24381)
• [pyupgrade] Fix panic caused by handling of octals (UP012) (#24390)
• Reject multi-line f-string elements before Python 3.12 (#24355)

Rule changes

• [ruff] Treat f-string interpolation as potential side effect (RUF019) (#24426)

Server

• Add support for custom file extensions (#24463)

Documentation

• Document adding fixes in CONTRIBUTING.md (#24393)
• Fix JSON typo in settings example (#24517)

Contributors

• @​charliermarsh
• @​dylwil3
• @​silverstein
• @​anishgirianish
• @​shizukushq
• @​zanieb
• @​AlexWaygood

Install ruff 0.15.10

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.10/ruff-installer.sh | sh

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.10

Released on 2026-04-09.

Preview features

• [flake8-logging] Allow closures in except handlers (LOG004) (#24464)
• [flake8-self] Make SLF diagnostics robust to non-self-named variables (#24281)
• [flake8-simplify] Make the fix for collapsible-if safe in preview (SIM102) (#24371)

Bug fixes

• Avoid emitting multi-line f-string elements before Python 3.12 (#24377)
• Avoid syntax error from E502 fixes in f-strings and t-strings (#24410)
• Strip form feeds from indent passed to dedent_to (#24381)
• [pyupgrade] Fix panic caused by handling of octals (UP012) (#24390)
• Reject multi-line f-string elements before Python 3.12 (#24355)

Rule changes

• [ruff] Treat f-string interpolation as potential side effect (RUF019) (#24426)

Server

• Add support for custom file extensions (#24463)

Documentation

• Document adding fixes in CONTRIBUTING.md (#24393)
• Fix JSON typo in settings example (#24517)

Contributors

• @​charliermarsh
• @​dylwil3
• @​silverstein
• @​anishgirianish
• @​shizukushq
• @​zanieb
• @​AlexWaygood

0.15.9

Released on 2026-04-02.

Preview features

• [pyflakes] Flag annotated variable redeclarations as F811 in preview mode (#24244)
• [ruff] Allow dunder-named assignments in non-strict mode for RUF067 (#24089)

... (truncated)

Commits

• 252f761 Bump 0.15.10 (#24519)
• 37a1ec8 [ty] Fix assignability of intersections with bounded typevars (#24502)
• f518cc9 [ty] Allow partially stringified type[…] annotations (#24518)
• 16c4090 docs: fix JSON typo in settings example (#24517)
• 99d97bd [ty] Tighten up a few edge cases in Concatenate type-expression parsing (#2...
• 2714e34 [ty] Enable pull-diagnostics by default in E2E tests (#24516)
• d8bc700 LSP: Add support for custom extensions (#24463)
• a45f96d [ty] stop special-casing str constructor (#24514)
• 87a0f01 [ruff] Treat f-string interpolation as potential side effect in RUF019 (#24426)
• e9ba848 [ty] Fix excess subscript argument inference for non-generic types (#24354)
• Additional commits viewable in compare view

Updates pydantic from 2.12.5 to 2.13.0

Release notes

Sourced from pydantic's releases.

v2.13.0 2026-04-13

v2.13.0 (2026-04-13)

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

Packaging

• Add zizmor for GitHub Actions workflow linting by @​Viicos in #13039
• Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by @​Viicos in #13064

New Features

• Allow default factories of private attributes to take validated model data by @​Viicos in #13013

Changes

• Warn when serializing fixed length tuples with too few items by @​arvindsaripalli in #13016

Fixes

• Change type of Any when synthesizing _build_sources for BaseSettings.__init__() signature in the mypy plugin by @​Viicos in #13049
• Fix model equality when using runtime extra configuration by @​Viicos in #13062

New Contributors

• @​arvindsaripalli made their first contribution in #13016

Full Changelog: pydantic/pydantic@v2.12.0...v2.13.0

v2.13.0b3 2026-03-31

What's Changed

Packaging

• Add riscv64 build target for manylinux by @​boosterl in #12723

New Features

• Add ascii_only option to StringConstraints by @​ai-man-codes in #12907
• Support exclude_if in computed fields by @​andresliszt in #12748
• Push down constraints in unions involving MISSING sentinel by @​Viicos in #12908

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.13.0 (2026-04-13)

GitHub release

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

New Features

• Allow default factories of private attributes to take validated model data by @​Viicos in #13013

Changes

• Warn when serializing fixed length tuples with too few items by @​arvindsaripalli in #13016

Fixes

• Change type of Any when synthesizing _build_sources for BaseSettings.__init__() signature in the mypy plugin by @​Viicos in #13049
• Fix model equality when using runtime extra configuration by @​Viicos in #13062

Packaging

• Add zizmor for GitHub Actions workflow linting by @​Viicos in #13039
• Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by @​Viicos in #13064

New Contributors

• @​arvindsaripalli made their first contribution in #13016

v2.13.0b3 (2026-03-31)

GitHub release

What's Changed

New Features

• Add ascii_only option to StringConstraints by @​ai-man-codes in #12907
• Support exclude_if in computed fields by @​andresliszt in #12748
• Push down constraints in unions involving MISSING sentinel by @​Viicos in #12908

Changes

... (truncated)

Commits

• 46bf4fa Fix Pydantic release workflow (#13067)
• 1b359ed Prepare release v2.13.0 (#13065)
• b1bf194 Fix model equality when using runtime extra configuration (#13062)
• 17a35e3 Update jiter to v0.14.0 (#13064)
• feea402 Use simulation mode in Codspeed CI (#13063)
• 671c9b0 Add basic benchmarks for model equality (#13061)
• d17d71e Bump cryptography from 46.0.6 to 46.0.7 (#13056)
• 919d61a 👥 Update Pydantic People (#13059)
• e7cf5dc Fix people workflow (#13047)
• 2a806ad Add regression test for MISSING sentinel serialization with subclasses (#13...
• Additional commits viewable in compare view

Updates pytest from 9.0.2 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

• #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

• #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

  Previously this resulted in an internal assertion failure during plugin loading.

  Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

• #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

• #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

• #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

• #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
• #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
• #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
• #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

• #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

  -- by aleguy02

Commits

• a7d58d7 Prepare release version 9.0.3
• 089d981 Merge pull request #14366 from bluetech/revert-14193-backport
• 8127eaf Revert "Fix: assertrepr_compare respects dict insertion order (#14050) (#14193)"
• 99a7e60 Merge pull request #14363 from pytest-dev/patchback/backports/9.0.x/95d8423bd...
• ddee02a Merge pull request #14343 from bluetech/cve-2025-71176-simple
• 74eac69 doc: Update training info (#14298) (#14301)
• f92dee7 Merge pull request #14267 from pytest-dev/patchback/backports/9.0.x/d6fa26c62...
• 7ee58ac Merge pull request #12378 from Pierre-Sassoulas/fix-implicit-str-concat-and-d...
• 37da870 Merge pull request #14259 from mitre88/patch-4 (#14268)
• c34bfa3 Add explanation for string context diffs (#14257) (#14266)
• Additional commits viewable in compare view

Updates basedpyright from 1.38.4 to 1.39.0

Commits

• d4b4104 1.39.0
• 241c884 fix diagnostic ruleset defaults for reportEmptyAbstractUsage
• b4774cb cherrypick python/typeshed#15488 to prevent false pos...
• df077f6 flag abstract base classes with no abstract methods
• be98166 set uv exclude-newer to 1 week
• b2ebfba Update SECURITY.md
• See full diff in compare view

Updates zensical from 0.0.30 to 0.0.32

Release notes

Sourced from zensical's releases.

0.0.32

Summary

This version fixes a bug where Markdown files used as snippets were included into auto-generated navigation, and a bug with prefix stripping when the site URL contains a path component. Additionally, the Pygments dependency was updated to mitigate a vulnerability.

Changelog

Bug fixes

• ca5d2d5 zensical-serve – strip base URL prefix as URL segment, not string (#499)
• 3a2358a – update to latest Pygments to mitigate vulnerability (#485)
• 92b5622 zensical – only collect markdown pages in docs directory (#490)

0.0.31

Summary

This version updates the user interface to v0.0.12, which includes the removal of 19 brand icons due to the update of Lucide to v1, and the addition of 166 new icons, most of them in SimpleIcons and FontAwesome. Additionally, there are bug fixes related to the latest changes of the table of contents in the modern theme and instant navigation on anchor links.

Changelog

Bug fixes

• 198c1d6 ui – update ui to v0.0.12
• 24be9ab compat – support pymdownx blocks tab extension's slugify function (#483)

Commits

• ce00f38 chore: release v0.0.32
• ca5d2d5 fix: strip base URL prefix as URL segment, not string (#499)
• 3a2358a fix: update to latest Pygments to mitigate vulnerability (#485)
• 92b5622 fix: only collect markdown pages in docs directory (#490)
• 62ca63b chore: release v0.0.31
• 198c1d6 fix: update ui to v0.0.12
• 24be9ab fix: support pymdownx blocks tab extension's slugify function (#483)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions