Bump the python-deps group across 1 directory with 6 updates

[dependabot]

Bumps the python-deps group with 5 updates in the / directory:

Package	From	To
authlib	1.6.9	1.7.0
seleniumbase	4.47.9	4.48.2
basedpyright	1.39.0	1.39.3
prek	0.3.8	0.3.10
ruff	0.15.10	0.15.11

Updates authlib from 1.6.9 to 1.7.0

Release notes

Sourced from authlib's releases.

v1.7.0

What's Changed

• Authorization and token endpoints request empty scope parameter management by @​azmeuk in authlib/authlib#847
• Support from Python 3.10 to 3.14 by @​azmeuk in authlib/authlib#850
• Allow composition of AuthorizationServerMetadata by @​azmeuk in authlib/authlib#853
• Make require_oauth parenthesis optional by @​azmeuk in authlib/authlib#855
• Fix expires_at behavior when its value is 0 by @​azmeuk in authlib/authlib#854
• Migration to joserfc by @​lepture in authlib/authlib#852
• RP-initiated logout by @​frohrlich in authlib/authlib#849
• Fix get_jwt_config by @​lepture in authlib/authlib#858
• chore(ci): Update PyPy version from 3.10 to 3.11 by @​cclauss in authlib/authlib#863
• fix: remove "none" from default authlib.jose.jwt algorithms by @​lepture in authlib/authlib#860
• fix: normalize resolve_client_public_key method by @​lepture in authlib/authlib#861
• Implement rfc9700 PKCE downgrade countermeasure by @​azmeuk in authlib/authlib#864
• Use correct syntax for tox.requires in tox.ini by @​alex-ball in authlib/authlib#868
• Set client session User-Agent when fetching server metadata and JWKs by @​alex-ball in authlib/authlib#867
• fix: use the real application object for Flask by @​nblock in authlib/authlib#869
• Accept the issuer URL as a valid audience by @​azmeuk in authlib/authlib#865
• Don't nest InvalidTokenError extra attribute by @​azmeuk in authlib/authlib#872
• Documentation overhaul by @​azmeuk in authlib/authlib#875
• Update README.md docs.authlib.org/en/latest => docs.authlib.org/en/stable by @​guillett in authlib/authlib#876
• Merge release/1.6 branch by @​lepture in authlib/authlib#877

New Contributors

• @​frohrlich made their first contribution in authlib/authlib#849
• @​cclauss made their first contribution in authlib/authlib#863
• @​alex-ball made their first contribution in authlib/authlib#868
• @​nblock made their first contribution in authlib/authlib#869
• @​guillett made their first contribution in authlib/authlib#876

Full Changelog: authlib/authlib@v1.6.10...v1.7.0

v1.6.11

Full Changelog: authlib/authlib@v1.6.10...v1.6.11

• Fix CSRF issue with starlette client

v1.6.10

Full Changelog: authlib/authlib@v1.6.9...v1.6.10

• Fix redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError.

Commits

• 5d2e603 chore: release 1.7.0
• 767f08b fix: CSRF issue with starlette client
• e9aaef3 Merge pull request #877 from authlib/merge/1.6
• 3c8ec9a Merge branch 'main' into merge/1.6
• ef09aeb chore: release 1.6.10
• 3be0846 fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError
• 4cf6f97 Merge pull request #876 from guillett/patch-1
• 23f67b4 Update README.md docs.authlib.org/en/latest => docs.authlib.org/en/stable
• 1040163 chore: prek autoupdate
• 491209f Merge pull request #875 from azmeuk/doc
• Additional commits viewable in compare view

Updates seleniumbase from 4.47.9 to 4.48.2

Release notes

Sourced from seleniumbase's releases.

Fix unzip in powershell

• Fix unzip in powershell for paths that contain spaces
• Refresh Python dependencies

What's Changed

• Fix unzip in powershell by @​mdmintz in seleniumbase/SeleniumBase#4330

Full Changelog: seleniumbase/SeleniumBase@v4.48.1...v4.48.2

4.48.1 - Browser config updates

Browser config updates

• Update default config for Chrome and Edge
• Refresh Python dependencies

What's Changed

• Browser config updates by @​mdmintz in seleniumbase/SeleniumBase#4323

Full Changelog: seleniumbase/SeleniumBase@v4.48.0...v4.48.1

4.48.0 - Selenium and CDP updates

Selenium and CDP updates

• Update CDP Mode --> solve_captcha() now supports "Friendly Captcha" --> nest-asyncio is patched from within to avoid deprecation warnings on Python 3.14
• Refresh Python dependencies --> Includes a selenium upgrade
• Add an example that bypasses "Friendly Captcha"
• Add Stealthy Playwright examples for BrowserScan
• Warn when await is missing from async method calls
• Support "Friendly Captcha" solving in async mode
• Add async example of solving "Friendly Captcha"

What's Changed

• Selenium and CDP updates by @​mdmintz in seleniumbase/SeleniumBase#4319

Full Changelog: seleniumbase/SeleniumBase@v4.47.9...v4.48.0

Commits

• a9605ae Merge pull request #4330 from seleniumbase/fix-unzip-in-powershell
• 3a38776 Version 4.48.2
• b0518dc Refresh Python dependencies
• 2bc7763 Fix unzip in powershell for paths that contain spaces
• a0aceea Merge pull request #4323 from seleniumbase/browser-config-updates
• 9dc951b Version 4.48.1
• 77ea8fc Refresh Python dependencies
• bfb94e2 Update default config for Chrome and Edge
• a381c35 Update documentation in migration examples
• 377c3d2 Merge pull request #4319 from seleniumbase/selenium-and-cdp-updates
• Additional commits viewable in compare view

Updates basedpyright from 1.39.0 to 1.39.3

Commits

• 5f66727 1.39.3
• d8741df hopefully fix docs deployment job
• ceb200c 1.39.2
• eb7a92c try to fix browser-basedpyright being published with nothing in it
• dec5306 update package-lock.json
• 6db43de 1.39.1
• 335e486 fix failing tests from merge
• bbe71b6 delete newly added github action from upstream that we don't use
• 8f22618 update prettierignore
• ff1f5a4 fix compile errors from merge
• Additional commits viewable in compare view

Updates prek from 0.3.8 to 0.3.10

Release notes

Sourced from prek's releases.

0.3.10

Release Notes

Released on 2026-04-21.

Enhancements

• Disallow rev for non-remote repos in schema (#1964)
• Hide up-to-date output in non-verbose mode (#1942)
• Improve merge conflict marker detection (#1937)
• Keep finished hooks visible (#1967)
• Preserve frozen comment spacing in auto-update (#1945)
• Reimplement @j178/prek npm package (#1973)

Bug fixes

• Prefer stable Rust toolchains (#1974)

Documentation

• Add SKILL.md for prek (#1950)
• Document gh skill install j178/prek prek to install prek skill for agents (#1951)
• Improve compatibility and migration docs (#1940)

Other changes

• Sync latest identify tags (#1947)

Contributors

• @​github-actions
• @​renovate
• @​j178

Install prek 0.3.10

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/j178/prek/releases/download/v0.3.10/prek-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/j178/prek/releases/download/v0.3.10/prek-installer.ps1 | iex"

Install prebuilt binaries via Homebrew

... (truncated)

Changelog

Sourced from prek's changelog.

0.3.10

Released on 2026-04-21.

Enhancements

• Disallow rev for non-remote repos in schema (#1964)
• Hide up-to-date output in non-verbose mode (#1942)
• Improve merge conflict marker detection (#1937)
• Keep finished hooks visible (#1967)
• Preserve frozen comment spacing in auto-update (#1945)
• Reimplement @j178/prek npm package (#1973)

Bug fixes

• Prefer stable Rust toolchains (#1974)

Documentation

• Add SKILL.md for prek (#1950)
• Document gh skill install j178/prek prek to install prek skill for agents (#1951)
• Improve compatibility and migration docs (#1940)

Other changes

• Sync latest identify tags (#1947)

Contributors

• @​github-actions
• @​renovate
• @​j178

0.3.9

Released on 2026-04-13.

Highlight

prek auto-update is now stricter about pinned revisions and more useful in CI. It now keeps rev and # frozen: comments in sync, can detect impostor commits when validating pinned SHAs, and lets you use prek auto-update --check to fail on both available updates and frozen-ref mismatches without rewriting the config.

Examples:

$ prek auto-update
# updates revs and repairs stale `# frozen:` comments
</tr></table> 

... (truncated)

Commits

• 1981c51 Bump version to 0.3.10
• ba745f6 Prefer stable Rust toolchains (#1974)
• b6c591d Reimplement @j178/prek npm package (#1973)
• fba1c85 Keep finished hooks visible (#1967)
• bce57a3 Disallow rev for non-remote repos in schema (#1964)
• afac10c Split auto_update.rs into modules (#1962)
• c3b9f11 Update GitHub Actions (major) (#1961)
• 6ca0443 Update Rust crate annotate-snippets to v0.12.15 (#1955)
• 776277e Update Rust crate tokio to v1.51.1 (#1957)
• c2b445a Update Rust crate toml_edit to v0.25.11 (#1958)
• Additional commits viewable in compare view

Updates pytest from 9.0.2 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

• #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

• #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

  Previously this resulted in an internal assertion failure during plugin loading.

  Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

• #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

• #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

• #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

• #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
• #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
• #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
• #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

• #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

  -- by aleguy02

Commits

• a7d58d7 Prepare release version 9.0.3
• 089d981 Merge pull request #14366 from bluetech/revert-14193-backport
• 8127eaf Revert "Fix: assertrepr_compare respects dict insertion order (#14050) (#14193)"
• 99a7e60 Merge pull request #14363 from pytest-dev/patchback/backports/9.0.x/95d8423bd...
• ddee02a Merge pull request #14343 from bluetech/cve-2025-71176-simple
• 74eac69 doc: Update training info (#14298) (#14301)
• f92dee7 Merge pull request #14267 from pytest-dev/patchback/backports/9.0.x/d6fa26c62...
• 7ee58ac Merge pull request #12378 from Pierre-Sassoulas/fix-implicit-str-concat-and-d...
• 37da870 Merge pull request #14259 from mitre88/patch-4 (#14268)
• c34bfa3 Add explanation for string context diffs (#14257) (#14266)
• Additional commits viewable in compare view

Updates ruff from 0.15.10 to 0.15.11

Release notes

Sourced from ruff's releases.

0.15.11

Release Notes

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

• [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

• [flake8-async] Add override mention to ASYNC109 docs (#24666)
• Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

• @​augustelalande
• @​anishgirianish
• @​benberryallwood
• @​charliermarsh
• @​Dev-iL

Install ruff 0.15.11

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.ps1 | iex"

Download ruff 0.15.11

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ruff-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
ruff-i686-pc-windows-msvc.zip	x86 Windows	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.11

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

• [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

• [flake8-async] Add override mention to ASYNC109 docs (#24666)
• Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

• @​augustelalande
• @​anishgirianish
• @​benberryallwood
• @​charliermarsh
• @​Dev-iL

Commits

• 53554b1 Bump 0.15.11 (#24678)
• 08c56c8 Factor out the mdtest crate (#24616)
• 725fbb7 [ty] Use partially qualified names when reporting diagnostics regarding bad c...
• ddd6a30 [ty] Do not suggest argument completion when at value of keyword argument (#2...
• 9282e61 Disallow @​disjoint_base on TypedDicts and Protocols (#24671)
• e9986d8 [ty] Reject using properties with Never setters or deleters (#24510)
• 9cf212f [ty] Normalize property setter and deleter wrappers (#24509)
• 12a1589 Add override mention to ASYNC109 docs (#24666)
• dccb03d [ty] Avoid panicking on overloaded Callable type context (#24661)
• 61f9a0a [ty] Sync vendored typeshed stubs (#24646)
• Additional commits viewable in compare view