chore(deps): update dependency pip-tools to v7.5.3

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Confidence
pip-tools (changelog)	==7.5.1 → ==7.5.3

---

Release Notes

jazzband/pip-tools (pip-tools)

v7.5.3

Compare Source

2026-02-09

Bug fixes

• The option --unsafe-package is now normalized -- by {user}shifqu.

  PRs and issues: {issue}2150

• Fixed a bug in which pip-compile lost any index URL options when
  looking up hashes -- by {user}sirosen.

  This caused errors when a package was only available from an extra
  index, and caused pip-compile to incorrectly drop index URL options
  from output, even when they were present in the input requirements.

  PRs and issues: {issue}2220, {issue}2294, {issue}2305

• Fixed removal of temporary files used when reading requirements from stdin
  -- by {user}sirosen.

Features

• pip-tools is now tested against Python 3.14 and 3.14t in CI, and
  marks them as supported in the core packaging metadata
  -- by {user}webknjaz.

  PRs and issues: {issue}2255

• pip-tools is now compatible with pip 26.0 -- by {user}sirosen.

  PRs and issues: {issue}2319, {issue}2320

Removals and backward incompatible breaking changes

• Removed support for Python 3.8 -- by {user}sirosen.

Improved documentation

• The change log management infra now allows the maintainers to add notes
  before and after the regular categories -- by {user}webknjaz.

  PRs and issues: {issue}2287, {issue}2322

• Added documentation clarifying that pip-compile reads the existing
  output file as a constraint source, and how to use --upgrade to
  refresh dependencies -- by {user}maliktafheem.

  PRs and issues: {issue}2307

Packaging updates and notes for downstreams

• pip-tools is now tested against Python 3.14 and 3.14t in CI, and
  marks them as supported in the core packaging metadata
  -- by {user}webknjaz.

  PRs and issues: {issue}2255

Contributor-facing changes

• Consistency of the Markdown files is now being enforced by linting
  with {pypi}pymarkdownlnt -- by {user}webknjaz.

  PRs and issues: {issue}2256

• The linting is now set up to perform structured GitHub Actions
  workflows and actions checks against json schemas
  -- by {user}webknjaz.

  PRs and issues: {issue}2273

• The CI/CD is now set up so that the distribution build job
  is a part of the test pipeline. That pipeline is included in
  the release workflow which sources the artifact in produces.
  The tests must now pass for the release to be published to PyPI.

  -- by {user}webknjaz

  PRs and issues: {issue}2274

• Fix actionlint hook usage to always include shellcheck integration -- by {user}sirosen.

  PRs and issues: {issue}2281

• Utilities for interacting with pip have started to move into the
  :py:mod:piptools._internal._pip_api subpackage -- by {user}sirosen.

  PRs and issues: {issue}2285

• The change log management infra now allows the maintainers to add notes
  before and after the regular categories -- by {user}webknjaz.

  PRs and issues: {issue}2287, {issue}2322

• The linting is now set up to demand that {py:mod}typing is always
  imported as a module under the name of _t -- by {user}webknjaz.

  This is enforced by {user}sirosen's {pypi}flake8-typing-as-t
  plugin for {pypi}flake8.

  PRs and issues: {issue}2289

• The {file}tox.ini and {file}.github/ parts of the repository now
  have project leads assigned as GitHub code owners -- by {user}webknjaz.

  PRs and issues: {issue}2291

• Remove a redundant 'v' prefix from the CI release workflow job name -- by {user}anandvenugopal-tech.

  PRs and issues: {issue}2300

• The check-jsonschema ReadTheDocs hook has been enabled, and
  the config has been tweaked to pass -- by {user}sirosen.

v7.5.2

Compare Source

2025-11-11

Bug fixes

• Fixed pip-compile to handle relative path includes which are not subpaths of
  the current working directory -- by {user}sirosen.

  PRs and issues: {issue}2231, {issue}2260

• Using --upgrade-package and dynamically building project metadata no
  longer causes an {exc}AttributeError when pip encounters an error during the
  build -- by {user}Epic_Wink and {user}tusharsadhwani.

  PRs and issues: {issue}2258

Features

• Test and declare Python 3.13 support -- by {user}jayaddison (for OpenCulinary).

  PRs and issues: {issue}2251

• pip-tools is now compatible with pip 25.3 -- by {user}shifqu.

  PRs and issues: {issue}2252, {issue}2253

Packaging updates and notes for downstreams

• pip-tools now supports installation from git archives by providing
  setuptools-scm with .git_archival.txt data.

  PRs and issues: {issue}2225

Contributor-facing changes

• The change log entry bot has been explicitly configured to stop requiring
  news fragments in pull requests having the bot:chronographer:skip label set
  -- by {user}sirosen and {user}webknjaz.

  It was also set up to reference our change log authoring document from the
  GitHub Checks pages. And the reported check name is now set to Change log entry.

  PRs and issues: {issue}2201

• The CI is now set up to invoke failed tests again with
  maximum level of detail -- by {user}webknjaz.

  The change is aimed at helping troubleshoot failures
  that might be difficult to reproduce locally.

  PRs and issues: {issue}2254

• The integration with Codecov has been updated to ensure that reports
  are uploaded to the service even on failures -- by {user}webknjaz.

  GitHub Actions is now configured to also send an explicit notification
  to Codecov about the completion of previously initiated uploads.

  Additionally, the configuration file is now {file}.codecov.yml.

  PRs and issues: {issue}2265

• The linting suite now runs actionlint -- by {user}webknjaz.

  This tool checks typical problems with GitHub Actions workflow
  definitions and has a registry of widely-used GitHub Action
  arguments that it validates.

  PRs and issues: {issue}2266

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request updates the pip-tools dependency to its latest version, 7.5.3. This update incorporates a range of bug fixes, enhances compatibility with newer Python and pip versions, and streamlines dependency management processes. It also signifies the removal of support for Python 3.8.

Highlights

• Dependency Update: The pip-tools dependency has been updated from version 7.5.1 to 7.5.3.
• Bug Fixes: Several bugs were addressed, including normalization of the --unsafe-package option, preventing pip-compile from losing index URL options, and ensuring proper removal of temporary files. Additionally, pip-compile now correctly handles relative path includes, and an AttributeError with --upgrade-package has been resolved.
• Compatibility Enhancements: The updated pip-tools now supports Python 3.14 and pip 26.0. It also added support for Python 3.13 and pip 25.3 in previous minor versions.
• Python 3.8 Support Removed: Official support for Python 3.8 has been removed in this update.

Changelog

• requirements.txt
  • Updated pip-tools to version 7.5.3.
  • Refreshed the SHA256 hashes for the pip-tools package.

Activity

• The pull request was automatically generated by Renovate Bot to update the pip-tools dependency.
• Renovate Bot provided detailed release notes for pip-tools versions 7.5.2 and 7.5.3.
• Automerge is currently disabled, requiring manual review and merging.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates the pip-tools dependency from version 7.5.1 to 7.5.3. The release notes indicate that support for Python 3.8 has been dropped in this new version. I have reviewed the noxfile.py and confirmed that the project's test environments use Python 3.9 or newer, so this change should not cause any issues. The changes in requirements.txt are consistent with this dependency update.

_{Note: Security Review has been skipped due to the limited scope of the PR.}