chore(deps-dev): bump the all-dependencies group across 1 directory with 9 updates

[dependabot]

Updates the requirements on redis, pillow, mypy, coverage, pytest, types-requests, types-tqdm, types-redis and ruff to permit the latest version.
Updates redis to 7.4.0

Release notes

Sourced from redis's releases.

7.4.0

Changes

🐛 Bug Fixes

• Fix AttributeError in cluster metrics recording when connection is None or ClusterNode object instance is used to extract the connection info (#3999)
• Fixing security concern in repr methods for ConnectionPools - passwords might leak in plain text logs (#3998)
• Refactored connection count and SCH metric collection (#4001)

🧪 Experimental Features

-Refactored health check logic for MultiDBClient (#3994)

🧰 Maintenance

• Expose basic Otel classes and functions to be importable through redis.observability to match the examples in the readthedocs (#3996)

We'd like to thank all the contributors who worked on this release! @​vladvildanov @​petyaslavova

Commits

• b72f24a Updating lib version to 7.4.0
• 0a4e0af Refactored health check logic for MultiDBClient (#3994)
• 15492c9 Refactored connection count and SCH metric collection (#4001)
• cd964ac Expose basic Otel classes and funtions to be importable through redis.observa...
• 46ab74d Fixing security concern in repr methods for ConnectionPools - passwords m...
• 26482db Fix AttributeError in cluster metrics recording when connection is None or Cl...
• 8ecbc7a Updating lib version to 7.3.0
• 11043df typing: accept single-key input for blpop and brpop (#3990)
• d958125 fix: use KeysT for blpop and brpop keys parameter type annotation (#3987)
• 75bf91b [async] Adding access to cluster client's nodes_manager and set_response_call...
• Additional commits viewable in compare view

Updates pillow to 12.2.0

Release notes

Sourced from pillow's releases.

12.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html

Documentation

• Update 12.2.0 release notes #9522 [@​hugovk]
• Add loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm #9482 [@​bitplane]
• Update Python versions #9515 [@​radarhere]
• Jeffrey A. Clark -> Jeffrey 'Alex' Clark #9513 [@​aclark4life]
• Add release notes for #9394, #9419 and #9456 #9467 [@​radarhere]
• Add Amiga Workbench .info loader to 3rd party plugins list #9459 [@​bitplane]
• Merge PFM documentation into PPM #9434 [@​radarhere]
• Update macOS tested Pillow versions #9431 [@​radarhere]
• Fix CVE number #9430 [@​hugovk]

Dependencies

• Update xz to 5.8.3 #9523 [@​radarhere]
• Update libjpeg-turbo to 3.1.4.1 #9507 [@​radarhere]
• Update libpng to 1.6.56 #9499 [@​radarhere]
• Update freetype to 2.14.3 #9485 [@​radarhere]
• Updated libavif to 1.4.1 #9479 [@​radarhere]
• Updated harfbuzz to 13.2.1 #9461 [@​radarhere]
• Update Ghostscript to 10.7.0 #9469 [@​radarhere]
• Update harfbuzz to 13.0.1 #9453 [@​radarhere]
• Update libavif to 1.4.0 #9460 [@​radarhere]
• Update freetype to 2.14.2 #9449 [@​radarhere]
• Update actions/download-artifact action to v8 #9451 [@renovate[bot]]
• Updated libpng to 1.6.55 #9425 [@​radarhere]

Testing

• Cleanup .spider extension in the same test where it is added #9517 [@​radarhere]
• Run tests in parallel via tox for 3.5x speedup #9516 [@​hugovk]
• Enable colour in CI logs #9486 [@​hugovk]
• Update Ghostscript to 10.7.0 #9469 [@​radarhere]
• Simplify TGA test code #9477 [@​radarhere]
• Update tests to check for ValueError when encoding an empty image #9464 [@​radarhere]
• Upgrade CI from macos-15-intel to macos-26-intel #9454 [@​hugovk]
• Add check-case-conflict hook #9446 [@​radarhere]
• Specify platform when pulling docker image #9440 [@​radarhere]
• GHA: Cache libavif and webp builds for Ubuntu #9437 [@​hugovk]
• Update macOS tested Pillow versions #9431 [@​radarhere]

Other changes

• Check calloc return value #9527 [@​radarhere]
• Check all allocs in the Arrow tree #9488 [@​wiredfool]
• Reject non-numeric elements inside list coords #9526 [@​hugovk]
• Move variable declaration inside define #9525 [@​radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

Changelog (Pillow)

11.1.0 and newer

See GitHub Releases:

• https://github.com/python-pillow/Pillow/releases

11.0.0 (2024-10-15)

• Update licence to MIT-CMU #8460 [hugovk]

• Conditionally define ImageCms type hint to avoid requiring core #8197 [radarhere]

• Support writing LONG8 offsets in AppendingTiffWriter #8417 [radarhere]

• Use ImageFile.MAXBLOCK when saving TIFF images #8461 [radarhere]

• Do not close provided file handles with libtiff when saving #8458 [radarhere]

• Support ImageFilter.BuiltinFilter for I;16* images #8438 [radarhere]

• Use ImagingCore.ptr instead of ImagingCore.id #8341 [homm, radarhere, hugovk]

• Updated EPS mode when opening images without transparency #8281 [Yay295, radarhere]

• Use transparency when combining P frames from APNGs #8443 [radarhere]

• Support all resampling filters when resizing I;16* images #8422 [radarhere]

• Free memory on early return #8413 [radarhere]

• Cast int before potentially exceeding INT_MAX #8402 [radarhere]

... (truncated)

Commits

• 3c41c09 12.2.0 version bump
• cdaa29e Check calloc return value (#9527)
• 585b2f5 Check calloc return value
• ecf011e Check all allocs in the Arrow tree (#9488)
• cf6de8c Reject non-numeric elements inside list coords (#9526)
• ffdcede Update 12.2.0 release notes (#9522)
• 7929d77 Added security release notes (#149)
• c4f7aa5 Added security release notes
• 22cdb5f Move variable declaration inside define (#9525)
• fc15b3b Resize tall images vertically first (#9524)
• Additional commits viewable in compare view

Updates mypy from 1.17.1 to 1.20.2

Changelog

Sourced from mypy's changelog.

Mypy 1.20.2

• Use WAL with SQLite cache and fix close (Shantanu, PR 21154)
• Adjust SQLite journal mode (Ivan Levkivskyi, PR 21217)
• Correctly aggregate narrowing information on parent expressions (Shantanu, PR 21206)
• Fix regression related to generic callables (Shantanu, PR 21208)
• Fix regression by avoiding widening types in some contexts (Shantanu, PR 21242)
• Fix slicing in non-strict optional mode (Shantanu, PR 21282)
• mypyc: Fix match statement semantics for "or" pattern (Shantanu, PR 21156)
• mypyc: Fix issue with module dunder attributes (Piotr Sawicki, PR 21275)
• Initial support for Python 3.15.0a8 (Marc Mueller, PR 21255)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

• A5rocks
• Aaron Wieczorek
• Adam Turner
• Ali Hamdan
• asce
• BobTheBuidler
• Brent Westbrook
• Brian Schubert
• bzoracler
• Chris Burroughs
• Christoph Tyralla
• Colin Watson
• Donghoon Nam
• E. M. Bray
• Emma Smith
• Ethan Sarp
• George Ogden
• getzze
• grayjk
• Gregor Riepl
• Ivan Levkivskyi
• James Hilliard
• James Le Cuirot
• Jeremy Nimmer
• Joren Hammudoglu
• Kai (Kazuya Ito)
• kaushal trivedi
• Kevin Kannammalil
• Lukas Geiger
• Łukasz Langa
• Marc Mueller
• Michael R. Crusoe
• michaelm-openai
• Neil Schemenauer
• Piotr Sawicki

... (truncated)

Commits

• 145a062 Bump version to 1.20.2
• 81cd492 Fix slicing with nonstrict optional (#21282)
• 908d344 [mypyc] Set dunder attrs when adding module to sys.modules (#21275)
• ba28610 Initial support for Python 3.15.0a8 (#21255)
• 7b0e09f Fix match statement semantics for "or" pattern (#21156)
• 92b74f2 Avoid widening types in conditional_types (#21242)
• 0dcbfaa Fix is_overlapping_types for generic callables (#21208)
• 210f518 Correctly aggregate narrowing information on parent expressions (#21206)
• c34530e Only set journal mode in coordinator (#21217)
• 79a3ec6 Use WAL with SQLite cache, fix close (#21154)
• Additional commits viewable in compare view

Updates coverage from 7.13.4 to 7.13.5

Changelog

Sourced from coverage's changelog.

Version 7.13.5 — 2026-03-17

• Fix: issue 2138_ describes a memory leak that happened when repeatedly using the Coverage API with in-memory data. This is now fixed.

• Fix: the markdown-formatted coverage report didn't fully escape special characters in file paths (issue 2141). This would be very unlikely to cause a problem, but now it's done properly, thanks to Ellie Ayla <pull 2142_>.

• Fix: the C extension wouldn't build on VS2019, but now it does (issue 2145_).

.. _issue 2138: coveragepy/coveragepy#2138 .. _issue 2141: coveragepy/coveragepy#2141 .. _pull 2142: coveragepy/coveragepy#2142 .. _issue 2145: coveragepy/coveragepy#2145

.. _changes_7-13-4:

Commits

• c88da14 docs: sample HTML for 7.13.5
• e2ac3e1 build: sample HTML shouldn't include the status.json file
• 910f8f3 docs: prep for 7.13.5
• 3a4819c style: make workflows more uniform
• 2a53705 chore: bump the action-dependencies group across 1 directory with 4 updates (...
• e7c878d chore: make upgrade
• ab4db40 build: use --generate-hashes when pinning
• a438753 chore: make upgrade
• 7b33457 refactor: some leftover pyupgrade 3.10 bits
• 2ff968d refactor: this type wasn't used anywhere
• Additional commits viewable in compare view

Updates pytest from 9.0.2 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

• #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

• #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

  Previously this resulted in an internal assertion failure during plugin loading.

  Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

• #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

• #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

• #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

• #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
• #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
• #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
• #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

• #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

  -- by aleguy02

Commits

• a7d58d7 Prepare release version 9.0.3
• 089d981 Merge pull request #14366 from bluetech/revert-14193-backport
• 8127eaf Revert "Fix: assertrepr_compare respects dict insertion order (#14050) (#14193)"
• 99a7e60 Merge pull request #14363 from pytest-dev/patchback/backports/9.0.x/95d8423bd...
• ddee02a Merge pull request #14343 from bluetech/cve-2025-71176-simple
• 74eac69 doc: Update training info (#14298) (#14301)
• f92dee7 Merge pull request #14267 from pytest-dev/patchback/backports/9.0.x/d6fa26c62...
• 7ee58ac Merge pull request #12378 from Pierre-Sassoulas/fix-implicit-str-concat-and-d...
• 37da870 Merge pull request #14259 from mitre88/patch-4 (#14268)
• c34bfa3 Add explanation for string context diffs (#14257) (#14266)
• Additional commits viewable in compare view

Updates types-requests from 2.32.4.20260107 to 2.33.0.20260408

Commits

• See full diff in compare view

Updates types-tqdm from 4.67.3.20260205 to 4.67.3.20260408

Commits

• See full diff in compare view

Updates types-redis from 4.6.0.20240425 to 4.6.0.20241004

Commits

• See full diff in compare view

Updates ruff from 0.15.0 to 0.15.12

Release notes

Sourced from ruff's releases.

0.15.12

Release Notes

Released on 2026-04-24.

Preview features

• Implement #ruff:file-ignore file-level suppressions (#23599)
• Implement #ruff:ignore logical-line suppressions (#23404)
• Revert preview changes to displayed diagnostic severity in LSP (#24789)
• [airflow] Implement task-branch-as-short-circuit (AIR004) (#23579)
• [flake8-bugbear] Fix break/continue handling in loop-iterator-mutation (B909) (#24440)
• [pylint] Fix PLC2701 for type parameter scopes (#24576)

Rule changes

• [pandas-vet] Suggest .array as well in PD011 (#24805)

CLI

• Respect default Unix permissions for cache files (#24794)

Documentation

• [pylint] Fix PLR0124 description not to claim self-comparison always returns the same value (#24749)
• [pyupgrade] Expand docs on reusable TypeVars and scoping (UP046) (#24153)
• Improve rules table accessibility (#24711)

Contributors

• @​dylwil3
• @​AlexWaygood
• @​woodruffw
• @​avasis-ai
• @​Dev-iL
• @​denyszhak
• @​ShipItAndPray
• @​anishgirianish
• @​augustelalande
• @​amyreese
• @​majiayu000

Install ruff 0.15.12

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.12/ruff-installer.sh | sh

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.12

Released on 2026-04-24.

Preview features

• Implement #ruff:file-ignore file-level suppressions (#23599)
• Implement #ruff:ignore logical-line suppressions (#23404)
• Revert preview changes to displayed diagnostic severity in LSP (#24789)
• [airflow] Implement task-branch-as-short-circuit (AIR004) (#23579)
• [flake8-bugbear] Fix break/continue handling in loop-iterator-mutation (B909) (#24440)
• [pylint] Fix PLC2701 for type parameter scopes (#24576)

Rule changes

• [pandas-vet] Suggest .array as well in PD011 (#24805)

CLI

• Respect default Unix permissions for cache files (#24794)

Documentation

• [pylint] Fix PLR0124 description not to claim self-comparison always returns the same value (#24749)
• [pyupgrade] Expand docs on reusable TypeVars and scoping (UP046) (#24153)
• Improve rules table accessibility (#24711)

Contributors

• @​dylwil3
• @​AlexWaygood
• @​woodruffw
• @​avasis-ai
• @​Dev-iL
• @​denyszhak
• @​ShipItAndPray
• @​anishgirianish
• @​augustelalande
• @​amyreese
• @​majiayu000

0.15.11

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

... (truncated)

Commits

• 66f93cf Bump 0.15.12 (#24815)
• 476a4d0 [ty] Complete support for more detailed diagnostics on possibly unbound error...
• ed669ea Implement #ruff:file-ignore file-level suppressions (#23599)
• e73d952 [ty] Include inferred type in invalid-key concise diagnostic for union/inte...
• 80feb29 [ty] report only dead annotation-only locals as unused (#24811)
• 0fbf2bc Drop deprecated license classifier (#24808)
• 43b174c [ty] Infer lambda parameter types with Callable type context (#24317)
• 4f449ae [ty] Add error context for intersection types (#24772)
• 5b4e753 [ty] Add support for goto in literal enum member inlay hint (#24792)
• e7cc762 [ty] Add error context for TypedDict assignments (#24790)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud