Lock file maintenance Python dependencies (main)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
		lockFileMaintenance	All locks refreshed
boto3	dependencies	patch	^1.38.33 -> ^1.38.41
coverage	unit	minor	^7.8.2 -> ^7.9.1
pytest (changelog)	integration	patch	^8.4.0 -> ^8.4.1
pytest (changelog)	unit	patch	^8.4.0 -> ^8.4.1
ruff (source, changelog)	format	minor	^0.11.13 -> ^0.12.0

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Release Notes

boto/boto3 (boto3)

v1.38.41

Compare Source

=======

• api-change:bedrock: [botocore] Add support for tiers in Content Filters and Denied Topics for Amazon Bedrock Guardrails.
• api-change:ecs: [botocore] Add ECS support for Windows Server 2025
• api-change:geo-places: [botocore] Geocode, ReverseGeocode, and GetPlace APIs added Intersections and SecondaryAddresses. To use, add to the AdditionalFeatures list in your request. This provides info about nearby intersections and secondary addresses that are associated with a main address. Also added MainAddress and ParsedQuery.
• api-change:glue: [botocore] AWS Glue Data Quality now provides aggregated metrics in evaluation results when publishAggregatedMetrics with row-level results are enabled. These metrics include summary statistics showing total counts of processed, passed, and failed rows and rules in a single view.
• api-change:mediaconvert: [botocore] This release adds a new SPECIFIED_OPTIMAL option for handling DDS when using DVB-Sub with high resolution video.

v1.38.40

Compare Source

=======

• api-change:bedrock: [botocore] This release of the SDK has the API and documentation for the createcustommodel API. This feature lets you copy a trained model into Amazon Bedrock for inference.
• api-change:emr-serverless: [botocore] This release adds the capability to enable IAM IdentityCenter Trusted Identity Propagation for users running Interactive Sessions on EMR Serverless Applications.
• api-change:lambda: [botocore] Support Schema Registry feature for Kafka Event Source Mapping. Customers can now configure a Schema Registry to enable schema validation and filtering for Avro, Protobuf, and JSON-formatted events in Lambda for Kafka Event Source.
• api-change:payment-cryptography: [botocore] Additional support for managing HMAC keys that adheres to changes documented in X9.143-2021 and provides better interoperability for key import/export
• api-change:payment-cryptography-data: [botocore] Additional support for managing HMAC keys that adheres to changes documented in X9.143-2021 and provides better interoperability for key import/export
• api-change:sagemaker: [botocore] This release introduces alternative support for utilizing CFN templates from S3 for SageMaker Projects.

v1.38.39

Compare Source

=======

• api-change:aiops: [botocore] This is the initial SDK release for Amazon AI Operations (AIOps). AIOps is a generative AI-powered assistant that helps you respond to incidents in your system by scanning your system's telemetry and quickly surface suggestions that might be related to your issue.
• api-change:autoscaling: [botocore] Add IncludeInstances parameter to DescribeAutoScalingGroups API
• api-change:imagebuilder: [botocore] Added paginators for imagebuilder.
• api-change:logs: [botocore] Added CloudWatch Logs Transformer support for converting CloudTrail, VPC Flow, EKS Audit, AWS WAF and Route53 Resolver logs to OCSF v1.1 format.
• api-change:s3: [botocore] Added support for renaming objects within the same bucket using the new RenameObject API.
• api-change:sagemaker: [botocore] Add support for p6-b200 instance type for SageMaker Hyperpod

v1.38.38

Compare Source

=======

• api-change:accessanalyzer: [botocore] We are launching a new analyzer type, internal access analyzer. The new analyzer will generate internal access findings, which help customers understand who within their AWS organization or AWS Account has access to their critical AWS resources.
• api-change:acm: [botocore] Adds support for Exportable Public Certificates
• api-change:backup: [botocore] AWS Backup is adding support for integration of its logically air-gapped vaults with the AWS Organizations Multi-party approval capability.
• api-change:bedrock: [botocore] This release of the SDK has the API and documentation for the createcustommodel API. This feature lets you copy a trained model into Amazon Bedrock for inference.
• api-change:dms: [botocore] Add "Virtual" field to Data Provider as well as "S3Path" and "S3AccessRoleArn" fields to DataProvider settings
• api-change:guardduty: [botocore] Adding support for extended threat detection for EKS Audit Logs and EKS Runtime Monitoring.
• api-change:inspector2: [botocore] Add Code Repository Scanning as part of AWS InspectorV2
• api-change:mpa: [botocore] This release enables customers to create Multi-party approval teams and approval requests to protect supported operations.
• api-change:network-firewall: [botocore] Release of Active Threat Defense in Network Firewall
• api-change:organizations: [botocore] Add support for policy operations on the SECURITYHUB_POLICY policy type.
• api-change:securityhub: [botocore] Adds operations, structures, and exceptions required for public preview release of Security Hub V2.
• api-change:sts: [botocore] The AWS Security Token Service APIs AssumeRoleWithSAML and AssumeRoleWithWebIdentity can now be invoked without pre-configured AWS credentials in the SDK configuration.
• api-change:wafv2: [botocore] AWS WAF can now suggest protection packs for you based on the application information you provide when you create a webACL.

v1.38.37

Compare Source

=======

• api-change:bedrock: [botocore] This release of the SDK has the API and documentation for the createcustommodel API. This feature lets you copy a Amazon SageMaker trained Amazon Nova model into Amazon Bedrock for inference.
• api-change:ecr: [botocore] The DescribeImageScanning API now includes lastInUseAt and InUseCount fields that can be used to prioritize vulnerability remediation for images that are actively being used.
• api-change:network-firewall: [botocore] You can now create firewalls using a Transit Gateway instead of a VPC, resulting in a TGW attachment.
• api-change:sagemaker: [botocore] This release 1) adds a new S3DataType Converse for SageMaker training 2)adds C8g R7gd M8g C6in P6 P6e instance type for SageMaker endpoint 3) adds m7i, r7i, c7i instance type for SageMaker Training and Processing.

v1.38.36

Compare Source

=======

• api-change:apigateway: [botocore] Documentation updates for Amazon API Gateway
• api-change:apigatewayv2: [botocore] Documentation updates for Amazon API Gateway
• api-change:connectcampaignsv2: [botocore] Added PutInstanceCommunicationLimits and GetInstanceCommunicationLimits APIs
• api-change:ecs: [botocore] This Amazon ECS release supports updating the capacityProviderStrategy parameter in update-service.
• api-change:emr-serverless: [botocore] This release adds support for retrieval of the optional executionIamPolicy field in the GetJobRun API response.
• api-change:iotfleetwise: [botocore] Add new status READY_FOR_CHECKIN used for vehicle synchronisation
• api-change:kms: [botocore] AWS KMS announces the support of ML-DSA key pairs that creates post-quantum safe digital signatures.
• api-change:pcs: [botocore] Fixed regex patterns for ARN fields.

v1.38.35

Compare Source

=======

• api-change:controlcatalog: [botocore] Introduced ListControlMappings API that retrieves control mappings. Added control aliases and governed resources fields in GetControl and ListControls APIs. New filtering capability in ListControls API, with implementation identifiers and implementation types.
• api-change:eks: [botocore] Release for EKS Pod Identity Cross Account feature and disableSessionTags flag.
• api-change:lexv2-models: [botocore] Add support for the Assisted NLU feature to improve bot performance
• api-change:networkmanager: [botocore] Add support for public DNS hostname resolution to private IP addresses across Cloud WAN-managed VPCs. Add support for security group referencing across Cloud WAN-managed VPCs.
• api-change:rds: [botocore] Updates Amazon RDS documentation for Amazon RDS for Db2 cross-Region replicas in standby mode.
• api-change:wafv2: [botocore] WAF now provides two DDoS protection options: resource-level monitoring for Application Load Balancers and the AWSManagedRulesAntiDDoSRuleSet managed rule group for CloudFront distributions.
• bugfix:Serialization: [botocore] Fixes a bug where instances of decimal.Decimal were unable to be passed into JSON serialization

v1.38.34

Compare Source

=======

• api-change:gameliftstreams: [botocore] Documentation updates for Amazon GameLift Streams to address formatting errors, correct resource ID examples, and update links to other guides

nedbat/coveragepy (coverage)

v7.9.1

Compare Source

• The "no-ctracer" warning is not issued for Python pre-release versions.
  Coverage doesn't ship compiled wheels for those versions, so this was far too
  noisy.

• On Python 3.14+, the "sysmon" core is now the default if it's supported for
  your configuration. Plugins and dynamic contexts are still not supported
  with it.

.. _changes_7-9-0:

v7.9.0

Compare Source

• Added a [run] core configuration setting to specify the measurement core,
  which was previously only available through the COVERAGE_CORE environment
  variable. Finishes issue 1746_.

• Fixed incorrect rendering of f-strings with doubled braces, closing issue 1980_.

• If the C tracer core can't be imported, a warning ("no-ctracer") is issued
  with the reason.

• The C tracer core extension module now conforms to PEP 489, closing issue 1977. Thanks, Adam Turner <pull 1978_>_.

• Fixed a "ValueError: min() arg is an empty sequence" error caused by strange
  empty modules, found by oss-fuzz_.

.. _issue 1746:https://github.com/nedbat/coveragepy/issues/17466
.. _issue 1977https://github.com/nedbat/coveragepy/issues/197777
.. _pull 197https://github.com/nedbat/coveragepy/pull/1978978
.. _issue 19https://github.com/nedbat/coveragepy/issues/19801980
.. _PEP 489: https://peps.python.org/pep-0489
.. _oss-fuzz: https://google.github.io/oss-fuzz/

.. _changes_7-8-2:

pytest-dev/pytest (pytest)

v8.4.1

Compare Source

pytest 8.4.1 (2025-06-17)

Bug fixes

• #​13461: Corrected _pytest.terminal.TerminalReporter.isatty to support
  being called as a method. Before it was just a boolean which could
  break correct code when using -o log_cli=true).

• #​13477: Reintroduced pytest.PytestReturnNotNoneWarning{.interpreted-text role="class"} which was removed by accident in pytest [8.4]{.title-ref}.

  This warning is raised when a test functions returns a value other than None, which is often a mistake made by beginners.

  See return-not-none{.interpreted-text role="ref"} for more information.

• #​13497: Fixed compatibility with Twisted 25+.

Improved documentation

• #​13492: Fixed outdated warning about faulthandler not working on Windows.

astral-sh/ruff (ruff)

v0.12.0

Compare Source

Check out the blog post for a migration
guide and overview of the changes!

Breaking changes

• Detection of more syntax errors

  Ruff now detects version-related syntax errors, such as the use of the match
  statement on Python versions before 3.10, and syntax errors emitted by
  CPython's compiler, such as irrefutable match patterns before the final
  case arm.

• New default Python version handling for syntax errors

  Ruff will default to the latest supported Python version (3.13) when
  checking for the version-related syntax errors mentioned above to prevent
  false positives in projects without a Python version configured. The default
  in all other cases, like applying lint rules, is unchanged and remains at the
  minimum supported Python version (3.9).

• Updated f-string formatting

  Ruff now formats multi-line f-strings with format specifiers to avoid adding a
  line break after the format specifier. This addresses a change to the Python
  grammar in version 3.13.4 that made such a line break a syntax error.

• rust-toolchain.toml is no longer included in source distributions

  The rust-toolchain.toml is used to specify a higher Rust version than Ruff's
  minimum supported Rust version (MSRV) for development and building release
  artifacts. However, when present in source distributions, it would also cause
  downstream package maintainers to pull in the same Rust toolchain, even if
  their available toolchain was MSRV-compatible.

Removed Rules

The following rules have been removed:

• suspicious-xmle-tree-usage
  (S320)

Deprecated Rules

The following rules have been deprecated:

• pandas-df-variable-name

Stabilization

The following rules have been stabilized and are no longer in preview:

• for-loop-writes (FURB122)
• check-and-remove-from-set (FURB132)
• verbose-decimal-constructor (FURB157)
• fromisoformat-replace-z (FURB162)
• int-on-sliced-str (FURB166)
• exc-info-outside-except-handler (LOG014)
• import-outside-top-level (PLC0415)
• unnecessary-dict-index-lookup (PLR1733)
• nan-comparison (PLW0177)
• eq-without-hash (PLW1641)
• pytest-parameter-with-default-argument (PT028)
• pytest-warns-too-broad (PT030)
• pytest-warns-with-multiple-statements (PT031)
• invalid-formatter-suppression-comment (RUF028)
• dataclass-enum (RUF049)
• class-with-mixed-type-vars (RUF053)
• unnecessary-round (RUF057)
• starmap-zip (RUF058)
• non-pep604-annotation-optional (UP045)
• non-pep695-generic-class (UP046)
• non-pep695-generic-function (UP047)
• private-type-parameter (UP049)

The following behaviors have been stabilized:

• [collection-literal-concatenation] (RUF005) now recognizes slices, in
  addition to list literals and variables.
• The fix for [readlines-in-for] (FURB129) is now marked as always safe.
• [if-else-block-instead-of-if-exp] (SIM108) will now further simplify
  expressions to use or instead of an if expression, where possible.
• [unused-noqa] (RUF100) now checks for file-level noqa comments as well
  as inline comments.
• [subprocess-without-shell-equals-true] (S603) now accepts literal strings,
  as well as lists and tuples of literal strings, as trusted input.
• [boolean-type-hint-positional-argument] (FBT001) now applies to types that
  include bool, like bool | int or typing.Optional[bool], in addition to
  plain bool annotations.
• [non-pep604-annotation-union] (UP007) has now been split into two rules.
  UP007 now applies only to typing.Union, while
  [non-pep604-annotation-optional] (UP045) checks for use of
  typing.Optional. UP045 has also been stabilized in this release, but you
  may need to update existing include, ignore, or noqa settings to
  accommodate this change.

Preview features

• [ruff] Check for non-context-manager use of pytest.raises, pytest.warns, and pytest.deprecated_call (RUF061) (#​17368)
• [syntax-errors] Raise unsupported syntax error for template strings prior to Python 3.14 (#​18664)

Bug fixes

• Add syntax error when conversion flag does not immediately follow exclamation mark (#​18706)
• Add trailing space around readlines (#​18542)
• Fix \r and \r\n handling in t- and f-string debug texts (#​18673)
• Hug closing } when f-string expression has a format specifier (#​18704)
• [flake8-pyi] Avoid syntax error in the case of starred and keyword arguments (PYI059) (#​18611)
• [flake8-return] Fix RET504 autofix generating a syntax error (#​18428)
• [pep8-naming] Suppress fix for N804 and N805 if the recommended name is already used (#​18472)
• [pycodestyle] Avoid causing a syntax error in expressions spanning multiple lines (E731) (#​18479)
• [pyupgrade] Suppress UP008 if super is shadowed (#​18688)
• [refurb] Parenthesize lambda and ternary expressions (FURB122, FURB142) (#​18592)
• [ruff] Handle extra arguments to deque (RUF037) (#​18614)
• [ruff] Preserve parentheses around deque in fix for unnecessary-empty-iterable-within-deque-call (RUF037) (#​18598)
• [ruff] Validate arguments before offering a fix (RUF056) (#​18631)
• [ruff] Skip fix for RUF059 if dummy name is already bound (#​18509)
• [pylint] Fix PLW0128 to check assignment targets in square brackets and after asterisks (#​18665)

Rule changes

• Fix false positive on mutations in return statements (B909) (#​18408)
• Treat ty: comments as pragma comments (#​18532)
• [flake8-pyi] Apply custom-typevar-for-self to string annotations (PYI019) (#​18311)
• [pyupgrade] Don't offer a fix for Optional[None] (UP007, UP045) (#​18545)
• [pyupgrade] Fix super(__class__, self) detection (UP008) (#​18478)
• [refurb] Make the fix for FURB163 unsafe for log2, log10, *args, and deleted comments (#​18645)

Server

• Support cancellation requests (#​18627)

Documentation

• Drop confusing second * from glob pattern example for per-file-target-version (#​18709)
• Update Neovim configuration examples (#​18491)
• [pylint] De-emphasize __hash__ = Parent.__hash__ (PLW1641) (#​18613)
• [refurb] Add a note about float literal handling (FURB157) (#​18615)

---

Configuration

📅 Schedule: Branch creation - Between 01:00 AM and 05:59 AM, only on Tuesday ( * 1-5 * * 2 ) in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 72.10%. Comparing base (06228cb) to head (1d4f699).
Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #976   +/-   ##
=======================================
  Coverage   72.10%   72.10%           
=======================================
  Files          16       16           
  Lines        4097     4097           
  Branches      619      619           
=======================================
  Hits         2954     2954           
  Misses        948      948           
  Partials      195      195           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.