Bump the python group with 4 updates

[dependabot]

Bumps the python group with 4 updates: click, githubkit, lxml and ruff.

Updates click from 8.2.1 to 8.3.0

Release notes

Sourced from click's releases.

8.3.0

This is the Click 8.3.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.

We encourage everyone to upgrade. You can read more about our Version Support Policy on our website.

PyPI: https://pypi.org/project/click/8.3.0/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-0 Milestone https://github.com/pallets/click/milestone/27

• Improved flag option handling: Reworked the relationship between flag_value and default parameters for better consistency:

  • The default parameter value is now preserved as-is and passed directly to CLI functions (no more unexpected transformations)
  • Exception: flag options with default=True maintain backward compatibility by defaulting to their flag_value
  • The default parameter can now be any type (bool, None, etc.)
  • Fixes inconsistencies reported in: #1992 #2514 #2610 #3024 #3030

• Allow default to be set on Argument for nargs = -1. #2164 #3030

• Show correct auto complete value for nargs option in combination with flag option #2813

• Show correct auto complete value for nargs option in combination with flag option #2813

• Fix handling of quoted and escaped parameters in Fish autocompletion. #2995 #3013

• Lazily import shutil. #3023

• Properly forward exception information to resources registered with click.core.Context.with_resource(). #2447 #3058

• Fix regression related to EOF handling in CliRunner. #2939 #2940

8.2.2

This is the Click 8.2.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.2.2/ Changes: https://click.palletsprojects.com/page/changes/#version-8-2-2 Milestone: https://github.com/pallets/click/milestone/25

• Fix reconciliation of default, flag_value and type parameters for flag options, as well as parsing and normalization of environment variables. #2952 #2956
• Fix typing issue in BadParameter and MissingParameter exceptions for the parameter param_hint that did not allow for a sequence of string where the underlying functino _join_param_hints allows for it. #2777 #2990
• Use the value of Enum choices to render their default value in help screen. #2911 #3004
• Fix completion for the Z shell (zsh) for completion items containing colons. #2703 #2846
• Don't include envvar in error hint when not configured. #2971 #2972

... (truncated)

Changelog

Sourced from click's changelog.

Version 8.3.0

Released 2025-09-15

• Improved flag option handling: Reworked the relationship between flag_value and default parameters for better consistency:

  • The default parameter value is now preserved as-is and passed directly to CLI functions (no more unexpected transformations)
  • Exception: flag options with default=True maintain backward compatibility by defaulting to their flag_value
  • The default parameter can now be any type (bool, None, etc.)
  • Fixes inconsistencies reported in: :issue:1992 :issue:2514 :issue:2610 :issue:3024 :pr:3030

• Allow default to be set on Argument for nargs = -1. :issue:2164 :pr:3030

• Show correct auto complete value for nargs option in combination with flag option :issue:2813

• Show correct auto complete value for nargs option in combination with flag option :issue:2813

• Fix handling of quoted and escaped parameters in Fish autocompletion. :issue:2995 :pr:3013

• Lazily import shutil. :pr:3023

• Properly forward exception information to resources registered with click.core.Context.with_resource(). :issue:2447 :pr:3058

• Fix regression related to EOF handling in CliRunner. :issue:2939:pr:2940

Version 8.2.2

Released 2025-07-31

• Fix reconciliation of default, flag_value and type parameters for flag options, as well as parsing and normalization of environment variables. :issue:2952 :pr:2956
• Fix typing issue in BadParameter and MissingParameter exceptions for the parameter param_hint that did not allow for a sequence of string where the underlying function _join_param_hints allows for it. :issue:2777 :pr:2990
• Use the value of Enum choices to render their default value in help screen. Refs :issue:2911 :pr:3004
• Fix completion for the Z shell (zsh) for completion items containing colons. :issue:2703 :pr:2846
• Don't include envvar in error hint when not configured. :issue:2971 :pr:2972
• Fix a rare race in click.testing.StreamMixer's finalization that manifested as a ValueError on close in a multi-threaded test session. :issue:2993 :pr:2991

Commits

• 00fadb8 Release version 8.3.0
• 2a0e3ba testing/CliRunner: Fix regression related to EOF introduced in 262bdf0 (#2940)
• e11a1ef Merge branch 'main' into fix-cli-runner-prompt-eof-handling
• 36deba8 Forward exception information to resources registered in a context (#3058)
• f2cae7a #2447 Add summary of PR to changelog for 8.3.x
• 7c7ec36 #2447 Split resource exception handling tests in single and nested
• 92129c5 #2447 Added exception forwarding to context tests
• 555fa9b #2447 Forward exception data to exit stack when calling __exit__
• 16fe802 Add more tests on Enum rendering (#3053)
• d36de6f Add more tests on Enum rendering their item's names and not values
• Additional commits viewable in compare view

Updates githubkit from 0.13.2 to 0.13.3

Release notes

Sourced from githubkit's releases.

Release 0.13.3

What's Changed

• Fix: some rest apis use the wrong path param names to construct url
• re-generate openapi models and apis

Full Changelog: yanyongyu/githubkit@v0.13.2...v0.13.3

Commits

• f35789d 🔖 bump version 0.13.3
• ac67e96 🐛 fix url eval param name error
• c678937 ⬆️ upgrade dependencies
• See full diff in compare view

Updates lxml from 6.0.1 to 6.0.2

Changelog

Sourced from lxml's changelog.

6.0.2 (2025-09-21)

Bugs fixed

• LP#2125278: Compilation with libxml2 2.15.0 failed. Original patch by Xi Ruoyao.

• Setting decompress=True in the parser had no effect in libxml2 2.15.

• Binary wheels on Linux and macOS use the library version libxml2 2.14.6. See https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.6

• Test failures in libxml2 2.15.0 were fixed.

Other changes

• Binary wheels for Py3.9-3.11 on the riscv64 architecture were added.

• Error constants were updated to match libxml2 2.15.0.

• Built using Cython 3.1.4.

Commits

• 283d02e Build: Minor readability cleanup.
• 52cf97c Revert "Build: Avoid redundant manylinux2014 builds across newer jobs."
• a21e474 Build: Avoid redundant manylinux2014 builds across newer jobs.
• 58d4d2b Build: Upgrade libxml2 to 2.14.6.
• e5d80da Build: Clean up and simplify target selection and environment setup in pyproj...
• e913380 Build: Limit optimised wheel builds to AMD64 and Arm64 to save time and resou...
• d22f6a1 Build: bump actions/setup-python in the github-actions group (GH-479)
• f8fa76d Build: Prevent redundant branch wheel builds for pull requests.
• b3e9372 Build: bump pypa/cibuildwheel in the github-actions group (GH-478)
• a7ec229 Prepare release of lxml 6.0.2.
• Additional commits viewable in compare view

Updates ruff from 0.13.0 to 0.13.1

Release notes

Sourced from ruff's releases.

0.13.1

Release Notes

Released on 2025-09-18.

Preview features

• [flake8-simplify] Detect unnecessary None default for additional key expression types (SIM910) (#20343)
• [flake8-use-pathlib] Add fix for PTH123 (#20169)
• [flake8-use-pathlib] Fix PTH101, PTH104, PTH105, PTH121 fixes (#20143)
• [flake8-use-pathlib] Make PTH111 fix unsafe because it can change behavior (#20215)
• [pycodestyle] Fix E301 to only trigger for functions immediately within a class (#19768)
• [refurb] Mark single-item-membership-test fix as always unsafe (FURB171) (#20279)

Bug fixes

• Handle t-strings for token-based rules and suppression comments (#20357)
• [flake8-bandit] Fix truthiness: dict-only ** displays not truthy for shell (S602, S604, S609) (#20177)
• [flake8-simplify] Fix diagnostic to show correct method name for str.rsplit calls (SIM905) (#20459)
• [flynt] Use triple quotes for joined raw strings with newlines (FLY002) (#20197)
• [pyupgrade] Fix false positive when class name is shadowed by local variable (UP008) (#20427)
• [pyupgrade] Prevent infinite loop with I002 and UP026 (#20327)
• [ruff] Recognize t-strings, generators, and lambdas in invalid-index-type (RUF016) (#20213)

Rule changes

• [RUF102] Respect rule redirects in invalid rule code detection (#20245)
• [flake8-bugbear] Mark the fix for unreliable-callable-check as always unsafe (B004) (#20318)
• [ruff] Allow dataclass attribute value instantiation from nested frozen dataclass (RUF009) (#20352)

CLI

• Add fixes to output-format=sarif (#20300)
• Treat panics as fatal diagnostics, sort panics last (#20258)

Documentation

• [ruff] Add analyze.string-imports-min-dots to settings (#20375)
• Update README.md with Albumentations new repository URL (#20415)

Other changes

• Bump MSRV to Rust 1.88 (#20470)
• Enable inline noqa for multiline strings in playground (#20442)

Contributors

• @​chirizxc
• @​danparizher
• @​IDrokin117

... (truncated)

Changelog

Sourced from ruff's changelog.

0.13.1

Released on 2025-09-18.

Preview features

• [flake8-simplify] Detect unnecessary None default for additional key expression types (SIM910) (#20343)
• [flake8-use-pathlib] Add fix for PTH123 (#20169)
• [flake8-use-pathlib] Fix PTH101, PTH104, PTH105, PTH121 fixes (#20143)
• [flake8-use-pathlib] Make PTH111 fix unsafe because it can change behavior (#20215)
• [pycodestyle] Fix E301 to only trigger for functions immediately within a class (#19768)
• [refurb] Mark single-item-membership-test fix as always unsafe (FURB171) (#20279)

Bug fixes

• Handle t-strings for token-based rules and suppression comments (#20357)
• [flake8-bandit] Fix truthiness: dict-only ** displays not truthy for shell (S602, S604, S609) (#20177)
• [flake8-simplify] Fix diagnostic to show correct method name for str.rsplit calls (SIM905) (#20459)
• [flynt] Use triple quotes for joined raw strings with newlines (FLY002) (#20197)
• [pyupgrade] Fix false positive when class name is shadowed by local variable (UP008) (#20427)
• [pyupgrade] Prevent infinite loop with I002 and UP026 (#20327)
• [ruff] Recognize t-strings, generators, and lambdas in invalid-index-type (RUF016) (#20213)

Rule changes

• [RUF102] Respect rule redirects in invalid rule code detection (#20245)
• [flake8-bugbear] Mark the fix for unreliable-callable-check as always unsafe (B004) (#20318)
• [ruff] Allow dataclass attribute value instantiation from nested frozen dataclass (RUF009) (#20352)

CLI

• Add fixes to output-format=sarif (#20300)
• Treat panics as fatal diagnostics, sort panics last (#20258)

Documentation

• [ruff] Add analyze.string-imports-min-dots to settings (#20375)
• Update README.md with Albumentations new repository URL (#20415)

Other changes

• Bump MSRV to Rust 1.88 (#20470)
• Enable inline noqa for multiline strings in playground (#20442)

Contributors

• @​chirizxc
• @​danparizher
• @​IDrokin117
• @​amyreese

... (truncated)

Commits

• 706be0a Add pyproject.toml to rooster config version_files and bump to 0.13.1 (#2...
• 7b40428 Bump 0.13.1 (#20473)
• b9b5755 Upgrade to the latest rooster version and include contributors in CHANGELOG (...
• b4b5d67 [flynt] Use triple quotes for joined raw strings with newlines (FLY002) (...
• 0b60584 Bump MSRV to Rust 1.88 (#20470)
• 821b2f8 [refurb] Mark single-item-membership-test fix as always unsafe (FURB171...
• 1758f26 Update rust toolchain to 1.90 (#20469)
• 2502ff7 [ty] Make TypeIs invariant in its type argument (#20428)
• 144373f [flake8-use-pathlib] Fix PTH101, PTH104, PTH105, PTH121 fixes (#20143)
• 91995aa [pyupgrade] Fix false positive when class name is shadowed by local variabl...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions