Bump the minor-and-patch group across 1 directory with 10 updates

[dependabot]

Bumps the minor-and-patch group with 10 updates in the / directory:

Package	From	To
coverage	7.13.0	7.13.2
identify	2.6.15	2.6.16
importlib-metadata	8.7.0	8.7.1
ipython	9.8.0	9.9.0
nodeenv	1.9.1	1.10.0
pre-commit	4.5.0	4.5.1
pyparsing	3.2.5	3.3.2
tox	4.32.0	4.34.1
virtualenv	20.35.4	20.36.1
wcwidth	0.2.14	0.4.0

Updates coverage from 7.13.0 to 7.13.2

Changelog

Sourced from coverage's changelog.

Version 7.13.2 — 2026-01-25

• Fix: when Python is installed via symlinks, for example with Homebrew, the standard library files could be incorrectly included in coverage reports. This is now fixed, closing issue 2115_.

• Fix: if a data file is created with no read permissions, the combine step would fail completely. Now a warning is issued and the file is skipped. Closes issue 2117_.

.. _issue 2115: coveragepy/coveragepy#2115 .. _issue 2117: coveragepy/coveragepy#2117

.. _changes_7-13-1:

Version 7.13.1 — 2025-12-28

• Added: the JSON report now includes a "start_line" key for function and class regions, indicating the first line of the region in the source. Closes issue 2110_.

• Added: The debug data command now takes file names as arguments on the command line, so you can inspect specific data files without needing to set the COVERAGE_FILE environment variable.

• Fix: the JSON report used to report module docstrings as executed lines, which no other report did, as described in issue 2105_. This is now fixed, thanks to Jianrong Zhao.

• Fix: coverage.py uses a more disciplined approach to detecting where third-party code is installed, and avoids measuring it. This shouldn't change any behavior. If you find that it does, please get in touch.

• Performance: data files that will be combined now record their hash as part of the file name. This lets us skip duplicate data more quickly, speeding the combining step.

• Docs: added a section explaining more about what is considered a missing branch and how it is reported: :ref:branch_explain, as requested in issue 1597. Thanks to Ayisha Mohammed <pull 2092_>.

• Tests: the test suite misunderstood what core was being tested if COVERAGE_CORE wasn't set on 3.14+. This is now fixed, closing issue 2109_.

.. _issue 1597: coveragepy/coveragepy#1597 .. _pull 2092: coveragepy/coveragepy#2092

... (truncated)

Commits

• 513e971 docs: sample HTML for 7.13.2
• 27a8230 docs: prep for 7.13.2
• 27d8daa refactor: plural does more
• a2f248c fix: stdlib might be through a symlink. #2115
• bc52a22 debug: re-organize Matchers to show more of what they do
• f338d81 debug: build is a tuple, don't show it on two lines
• 92020e4 refactor(test): convert to parametrized
• 6387d0a test: let (most) tests run with no network
• 1d31e33 build: workflows sometimes need more than 10 min
• 6294978 refactor: an error message is now uniform across versions
• Additional commits viewable in compare view

Updates identify from 2.6.15 to 2.6.16

Commits

• e31a62b v2.6.16
• de8beb6 Merge pull request #558 from seanbudd/patch-1
• b5574ac Add support for '.xliff' file extension
• 059831f Merge pull request #555 from Roxedus/feat/ipxe
• 7e6b541 Add .ipxe extension
• 9e78792 Merge pull request #554 from pre-commit/pre-commit-ci-update-config
• a35c416 [pre-commit.ci] pre-commit autoupdate
• 5cab69e Merge pull request #553 from pre-commit/pre-commit-ci-update-config
• c8edd7e [pre-commit.ci] pre-commit autoupdate
• 47d582b Merge pull request #551 from pre-commit/pre-commit-ci-update-config
• Additional commits viewable in compare view

Updates importlib-metadata from 8.7.0 to 8.7.1

Changelog

Sourced from importlib-metadata's changelog.

v8.7.1

Bugfixes

• Fixed errors in FastPath under fork-multiprocessing. (#520)
• Removed cruft from Python 3.8. (#524)

Commits

• 84e9028 Finalize
• 36ed6f6 Merge pull request #521 from 2xB/fix520
• f6eee56 Rely on passthrough to designate a wrapper for its side effect.
• 3c9510b Prefer noop for degenerate behavior.
• a36bab9 Avoid if block.
• 8dd2937 Decouple clear_after_fork from lru_cache and then compose.
• 1da3f45 Add news fragment.
• a1c25d8 🧎‍♀️ Genuflect to the types.
• 4e962a8 👹 Feed the hobgoblins (delint).
• 6a30ab9 Allow initial currsize to be greater than one (as happens when running the te...
• Additional commits viewable in compare view

Updates ipython from 9.8.0 to 9.9.0

Commits

• 0c28fe5 release 9.9.0
• b33b134 whats new 9.9 (#15113)
• 3841c05 whats new 99
• 0423da8 Stop assuming that memory addresses are signed (#15111)
• 4d0cb19 Stop assuming that memory addresses are signed
• 4d71bcf Fix completions for methods starting with _ (#15106)
• 28d83b9 fix-test
• 74bf6d0 add-end-to-end-test
• e62c4ba fix-completions-for-private-attr
• 11e1f40 Add prompt_toolkit's unix_word_rubout to assignable commands for shortcuts (#...
• Additional commits viewable in compare view

Updates nodeenv from 1.9.1 to 1.10.0

Release notes

Sourced from nodeenv's releases.

1.10.0 - drop

What's Changed

Fixed bugs 🐛

• Use lowercase lookup for archmap by @​robmoss2k in ekalinin/nodeenv#382

Improvements 🛠

• Add support for Python 3.13 by @​hugovk in ekalinin/nodeenv#367
• Add UV Virtual Environment support by @​Vizonex in ekalinin/nodeenv#386
• Use sh instead of bash by @​WhyNotHugo in ekalinin/nodeenv#389
• Replace additional use of which(1) with shutil.which() by @​mgorny in ekalinin/nodeenv#355

Other Changes

• Support leading v in .node-version by @​nix6839 in ekalinin/nodeenv#359
• Check host platform when finding node version by @​max0x53 in ekalinin/nodeenv#363

New Contributors

• @​hugovk made their first contribution in ekalinin/nodeenv#367
• @​nix6839 made their first contribution in ekalinin/nodeenv#359
• @​max0x53 made their first contribution in ekalinin/nodeenv#363
• @​robmoss2k made their first contribution in ekalinin/nodeenv#382
• @​Vizonex made their first contribution in ekalinin/nodeenv#386
• @​WhyNotHugo made their first contribution in ekalinin/nodeenv#389
• @​mgorny made their first contribution in ekalinin/nodeenv#355

Full Changelog: ekalinin/nodeenv@1.9.1...1.10.0

Commits

• 9dee547 chore: bump nodeenv version to 1.10.0
• d45aabb chore: add pyright ignore comments for compatibility
• 55d6c21 chore: update AUTHORS
• 5f694e6 test: update test test_node_system_creates_shim
• fa3fdfb Merge branch 'master' of github.com:ekalinin/nodeenv
• e868dbe Replace additional use of which(1) with shutil.which() (#355)
• b4cd00d test: enhance activation tests for nodeenv with custom prompts and file handling
• 0b5ea9d refactor(tests): improve readability of mock patches in nodeenv tests
• 37c0c30 ci: add GH workflow for testing and coverage in PR
• 326a7a4 test: add comprehensive tests for install_npm and install_npm_win functions
• Additional commits viewable in compare view

Updates pre-commit from 4.5.0 to 4.5.1

Release notes

Sourced from pre-commit's releases.

pre-commit v4.5.1

Fixes

• Fix language: python with repo: local without additional_dependencies.
  • #3597 PR by @​asottile.

Changelog

Sourced from pre-commit's changelog.

4.5.1 - 2025-12-16

Fixes

• Fix language: python with repo: local without additional_dependencies.
  • #3597 PR by @​asottile.

Commits

• 8a0630c v4.5.1
• fcbc745 Merge pull request #3597 from pre-commit/empty-setup-py
• 51592ee fix python local template when artifact dirs are present
• 67e8faf Merge pull request #3596 from pre-commit/pre-commit-ci-update-config
• c251e6b [pre-commit.ci] pre-commit autoupdate
• 98ccafa Merge pull request #3593 from pre-commit/pre-commit-ci-update-config
• 4895355 [pre-commit.ci] pre-commit autoupdate
• 2cedd58 Merge pull request #3588 from pre-commit/pre-commit-ci-update-config
• 465192d [pre-commit.ci] pre-commit autoupdate
• fd42f96 Merge pull request #3586 from pre-commit/zipapp-sha256-file-not-needed
• Additional commits viewable in compare view

Updates pyparsing from 3.2.5 to 3.3.2

Changelog

Sourced from pyparsing's changelog.

Version 3.3.2 - January, 2026

• Defined pyparsing-specific warning classes so that they can be selectively enabled or disabled without affecting warnings raised by other libraries in the same Python app:

  • PyparsingWarning - base warning for all pyparsing-specific warnings (inherits from UserWarning)
  • PyparsingDeprecationWarning - warning for using deprecated features (inherits from PyparsingWarning and DeprecationWarning)
  • PyparsingDiagnosticWarning - warning raised when pyparsing diagnostics are enabled and a diagnostic feature is used (inherits from PyparsingWarning)

• Added as_datetime parse action to pyparsing.common - a more generalized version of the convert_to_datetime parse action (supports any expression that extracts date/time fields into "year", "month", "day", etc. results names), and validates that the parsed fields represent a valid date and time.

• Added iso8601_date_validated and iso8601_datetime_validated expressions to pyparsing.common, which return a Python datetime.datetime

• Various performance improvements in ParseResults class and core functions, with 10-20% performance overall.

• Added regex_inverter web page (using PyScript) to demonstrate using the inv_regex.py example.

• Expanded regex forms handled by the examples/inv_regex.py example:

  • named capturing groups (?P<name>)
  • partial repetition ({m,} and {,n})
  • negated character classes ([^...])

• Added SPy (Simplified Python) parser to examples.

Version 3.3.1 - December, 2025

• Added license info to metadata, following PEP-639. Thanks to Gedalia Pasternak and Marc Mueller for submitted issue and PR. Fixes #626.

Version 3.3.0 - December, 2025

=========================================================================================== The version 3.3.0 release will begin emitting DeprecationWarnings for pyparsing methods that have been renamed to PEP8-compliant names (introduced in pyparsing 3.0.0, in August, 2021, with legacy names retained as aliases). In preparation, I added in pyparsing 3.2.2 a utility for finding and replacing the legacy method names with the new names. This utility is located at pyparsing/tools/cvt_pep8_names.py. This script will scan all Python files specified on the command line, and if the -u option is selected, will replace all occurrences of the old method names with the new PEP8-compliant names,

... (truncated)

Commits

• fa24016 Sync regex_inverter example from pyparsing
• ea22046 Updates to regex_inverter example: handle cancel during long max_results inte...
• 7df5c09 Sync regex_inverter example from pyparsing
• e862afa Add Regular Expressions Quick Reference to regex_inverter/index.html
• 6fdbd88 Sync regex_inverter example from pyparsing
• 5b33045 Add note in the regex inverter that only the 7-bit ASCII characters are used ...
• e403f2c Merge branch 'master' of https://github.com/pyparsing/pyparsing
• e7b5f1c Fix repo sync action in sync-regex-inverter.yml
• ea463fa Sync regex_inverter example from pyparsing
• afcbdac Change repetition instructions to use {,4} instead of {,10}
• Additional commits viewable in compare view

Updates tox from 4.32.0 to 4.34.1

Release notes

Sourced from tox's releases.

4.34.1

What's Changed

• fix: wheel corruption when running parallel tox processes by @​gaborbernat in tox-dev/tox#3667

Full Changelog: tox-dev/tox@4.34.0...4.34.1

4.34.0

What's Changed

• feat: Support depenedcy groups with self references by @​Czaki in tox-dev/tox#3666

Full Changelog: tox-dev/tox@4.33.0...4.34.0

4.33.0

What's Changed

• Pass LOCALAPPDATA by default on Windows (#3639) by @​clint-lawrence in tox-dev/tox#3640
• Docs: Add caution about ranges like py{39-314} by @​ferdnyc in tox-dev/tox#3652
• CLI Parser: Drop epilog message for Sphinx help by @​ferdnyc in tox-dev/tox#3653
• 📚 Integrate sphinx-issues extension by @​webknjaz in tox-dev/tox#3655
• Fix sphinx doc build by @​gaborbernat in tox-dev/tox#3662
• feat: add conditional set_env support via PEP-496 markers by @​gaborbernat in tox-dev/tox#3663

New Contributors

• @​clint-lawrence made their first contribution in tox-dev/tox#3640
• @​ferdnyc made their first contribution in tox-dev/tox#3652

Full Changelog: tox-dev/tox@4.32.0...4.33.0

Changelog

Sourced from tox's changelog.

v4.34.1 (2026-01-09)

Bugfixes - 4.34.1

- Fix wheel corruption errors when the build backend updates the file in place - by :user:`gaborbernat`. (:issue:`3667`)
v4.34.0 (2026-01-08)
Features - 4.34.0

• Support installing extras from the current project in dependency groups. -- by :user:czaki. (:issue:3561)

v4.33.0 (2026-01-02)

Features - 4.33.0

- Add support for conditional ``set_env`` using PEP-496 environment markers. In INI format use
  ``VAR=value; marker`` syntax, in TOML format use ``set_env.VAR = { value = "...", marker = "..." }``
  -- by :user:`gaborbernat`. (:issue:`3663`)
Bugfixes - 4.33.0

• Added 'LocalAppData' to the default passed environment variables on Windows. (:issue:3639)

Improved Documentation - 4.33.0

- Sphinx is now set up to use :pypi:`sphinx-issues` for referencing
  GitHub issues and pull requests in the docs -- by :user:`webknjaz`. (:issue:`3202`)

Commits

• abd774e release 4.34.1
• 96658e0 fix: use copy instead of hard link for session package views (#3667)
• 078a0f8 release 4.34.0
• e8a7c03 feat: Support depenedcy groups with self references (#3666)
• 8a69efd Update weekly.yaml
• 9c5fe79 release 4.33.0
• c569868 feat: add conditional set_env support via PEP-508 markers (#3663)
• 7b9610e fix: update for Sphinx 9.1 compatibility (#3662)
• fa51801 [pre-commit.ci] pre-commit autoupdate (#3661)
• 29cdaab [pre-commit.ci] pre-commit autoupdate (#3659)
• Additional commits viewable in compare view

Updates virtualenv from 20.35.4 to 20.36.1

Release notes

Sourced from virtualenv's releases.

20.36.1

What's Changed

• release 20.36.0 by @​gaborbernat in pypa/virtualenv#3011
• fix: resolve TOCTOU vulnerabilities in app_data and lock directory creation by @​gaborbernat in pypa/virtualenv#3013

Full Changelog: pypa/virtualenv@20.36.0...20.36.1

20.36.0

What's Changed

• release 20.35.3 by @​gaborbernat in pypa/virtualenv#2981
• fix: Prevent NameError when accessing _DISTUTILS_PATCH during file ov… by @​gracetyy in pypa/virtualenv#2982
• Upgrade pip and fix 3.15 picking old wheel by @​gaborbernat in pypa/virtualenv#2989
• release 20.35.4 by @​gaborbernat in pypa/virtualenv#2990
• fix: wrong path on migrated venv by @​sk1234567891 in pypa/virtualenv#2996
• test_too_many_open_files: assert on errno.EMFILE instead of strerror by @​pltrz in pypa/virtualenv#3001
• fix: update filelock dependency version to 3.20.1 to fix CVE CVE-2025-68146 by @​pythonhubdev in pypa/virtualenv#3002
• fix: resolve EncodingWarning in tox upgrade environment by @​gaborbernat in pypa/virtualenv#3007
• Fix Interpreter discovery bug wrt. Microsoft Store shortcut using Latin-1 by @​rahuldevikar in pypa/virtualenv#3006
• Add support for PEP 440 version specifiers in the --python flag. by @​rahuldevikar in pypa/virtualenv#3008

New Contributors

• @​gracetyy made their first contribution in pypa/virtualenv#2982
• @​sk1234567891 made their first contribution in pypa/virtualenv#2996
• @​pltrz made their first contribution in pypa/virtualenv#3001
• @​pythonhubdev made their first contribution in pypa/virtualenv#3002
• @​rahuldevikar made their first contribution in pypa/virtualenv#3006

Full Changelog: pypa/virtualenv@20.35.3...20.36.0

Changelog

Sourced from virtualenv's changelog.

v20.36.1 (2026-01-09)

Bugfixes - 20.36.1

- Fix TOCTOU vulnerabilities in app_data and lock directory creation that could be exploited via symlink attacks - reported by :user:`tsigouris007`, fixed by :user:`gaborbernat`. (:issue:`3013`)
v20.36.0 (2026-01-07)
Features - 20.36.0

• Add support for PEP 440 version specifiers in the --python flag. Users can now specify Python versions using operators like >=, <=, ~=, etc. For example: virtualenv --python=">=3.12" myenv . (:issue:2994`)

Commits

• d0ad11d release 20.36.1
• dec4cec Merge pull request #3013 from gaborbernat/fix-sec
• 5fe5d38 release 20.36.0 (#3011)
• 9719376 release 20.36.0
• 0276db6 Add support for PEP 440 version specifiers in the --python flag. (#3008)
• 4f900c2 Fix Interpreter discovery bug wrt. Microsoft Store shortcut using Latin-1 (#3...
• 13afcc6 fix: resolve EncodingWarning in tox upgrade environment (#3007)
• 31b5d31 [pre-commit.ci] pre-commit autoupdate (#2997)
• 7c28422 fix: update filelock dependency version to 3.20.1 to fix CVE CVE-2025-68146 (...
• 365628c test_too_many_open_files: assert on errno.EMFILE instead of strerror (#3001)
• Additional commits viewable in compare view

Updates wcwidth from 0.2.14 to 0.4.0

Release notes

Sourced from wcwidth's releases.

0.4.0

• Bugfix: OSC Hyperlinks should not be broken by wrap() by @​jquast in jquast/wcwidth#191
• New functions: iter_graphemes_reverse(), grapheme_boundary_before() by @​jquast in jquast/wcwidth#192

Full Changelog: jquast/wcwidth@0.3.5...0.4.0

0.3.5

• Re-stamp package version correctly, 0.3.4 packaged a failing test

Full Changelog: jquast/wcwidth@0.3.4...0.3.5

0.3.4

• bugfix our center() padding algorithm by @​jquast in jquast/wcwidth#188
• docfix: accidental double-escapes \t -> \t by @​jquast in jquast/wcwidth#187

Full Changelog: jquast/wcwidth@0.3.3...0.3.4

0.3.3

• Add fast path for ASCII printables to width() by @​hugovk in jquast/wcwidth#185
• Add py.typed file and Typing :: Typed classifier by @​hugovk in jquast/wcwidth#184

Full Changelog: jquast/wcwidth@0.3.2...0.3.3

0.3.2

• type hinting for full mympy --strict compliance, by @​penguinolog jquast/wcwidth#183

Full Changelog: jquast/wcwidth@0.3.1...0.3.2

0.3.1

• Add benchmarking using codspeed.io by @​jquast in jquast/wcwidth#180
• improve width() performance by @​jquast in jquast/wcwidth#181

Full Changelog: jquast/wcwidth@0.3.0...0.3.1

0.3.0

Major changes since 0.2.14, in order

• Migrate from setup.py + setuptools to pyproject.toml + hatchling by @​hugovk in jquast/wcwidth#156
• Small improvements to update-tables.py and wcwidth-browser.py by @​jquast in jquast/wcwidth#160
• New: iter_graphemes() by @​jquast in jquast/wcwidth#165
• New: width() terminal-aware string measurement by @​jquast in jquast/wcwidth#166
• New: ljust(), rjust(), center() justify text by @​jquast in jquast/wcwidth#168
• New: wrap() by @​jquast in jquast/wcwidth#169
• improve wcswidth() performance ~30% by @​jquast in jquast/wcwidth#171
• New ambigous_width=1 argument by @​jquast in jquast/wcwidth#172
• New strip_sequences() and cut() functions by @​jquast in jquast/wcwidth#173
• Width 0 for Default_Ignorable_Code_Point characters by @​jquast in jquast/wcwidth#174
• Bugfix for Prepended_Concatenation_Mark characters by @​jquast in jquast/wcwidth#176

Full Changelog: jquast/wcwidth@0.2.14...0.3.0

Commits

• b297eaf New functions: iter_graphemes_reverse(), grapheme_boundary_before() (#192)
• b1cdbdf Bugfix: OSC Hyperlinks should not be broken by wrap() (#191)
• c3310f9 release 0.3.5 for failing test
• ecd25bb clarify dropped support for python 3.6 and 3.7 :(
• 2e34217 prepare for 0.3.4
• 030b4b5 Bugfix our center() padding algorithm (#188)
• a1b9a83 hyperlink to width in intro
• b9ef4df docfix: accidental double-escapes \t -> \t (#187)
• 3bf7ba5 note the correct function in changelog
• 14a1f46 prepare for 0.3.3 release
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions