Build(deps-dev): Bump the patch group with 4 updates

[dependabot]

Bumps the patch group with 4 updates: mkdocstrings, mypy, uv and pytest.

Updates mkdocstrings from 1.0.3 to 1.0.4

Release notes

Sourced from mkdocstrings's releases.

1.0.4

1.0.4 - 2026-04-15

Compare with 1.0.3

Bug Fixes

• Add timeout when downloading inventories (10 seconds) (3d1969a by Simon Lloyd). Issue-819

Changelog

Sourced from mkdocstrings's changelog.

1.0.4 - 2026-04-15

Compare with 1.0.3

Bug Fixes

• Add timeout when downloading inventories (10 seconds) (3d1969a by Simon Lloyd). Issue-819

Commits

• a938528 chore: Prepare release 1.0.4
• 1eaa224 ci: Lint and type-check
• 80e090d Merge branch 'main' of github.com:mkdocstrings/mkdocstrings
• 5f82a58 chore: Template upgrade
• 3d1969a fix: Add timeout when downloading inventories (10 seconds)
• a0c47b9 docs: Fix broken link in README
• e500a2b chore: Update sponsors section in README
• See full diff in compare view

Updates mypy from 1.20.0 to 1.20.2

Changelog

Sourced from mypy's changelog.

Mypy 1.20.2

• Use WAL with SQLite cache and fix close (Shantanu, PR 21154)
• Adjust SQLite journal mode (Ivan Levkivskyi, PR 21217)
• Correctly aggregate narrowing information on parent expressions (Shantanu, PR 21206)
• Fix regression related to generic callables (Shantanu, PR 21208)
• Fix regression by avoiding widening types in some contexts (Shantanu, PR 21242)
• Fix slicing in non-strict optional mode (Shantanu, PR 21282)
• mypyc: Fix match statement semantics for "or" pattern (Shantanu, PR 21156)
• mypyc: Fix issue with module dunder attributes (Piotr Sawicki, PR 21275)
• Initial support for Python 3.15.0a8 (Marc Mueller, PR 21255)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

• A5rocks
• Aaron Wieczorek
• Adam Turner
• Ali Hamdan
• asce
• BobTheBuidler
• Brent Westbrook
• Brian Schubert
• bzoracler
• Chris Burroughs
• Christoph Tyralla
• Colin Watson
• Donghoon Nam
• E. M. Bray
• Emma Smith
• Ethan Sarp
• George Ogden
• getzze
• grayjk
• Gregor Riepl
• Ivan Levkivskyi
• James Hilliard
• James Le Cuirot
• Jeremy Nimmer
• Joren Hammudoglu
• Kai (Kazuya Ito)
• kaushal trivedi
• Kevin Kannammalil
• Lukas Geiger
• Łukasz Langa
• Marc Mueller
• Michael R. Crusoe
• michaelm-openai
• Neil Schemenauer
• Piotr Sawicki

... (truncated)

Commits

• 145a062 Bump version to 1.20.2
• 81cd492 Fix slicing with nonstrict optional (#21282)
• 908d344 [mypyc] Set dunder attrs when adding module to sys.modules (#21275)
• ba28610 Initial support for Python 3.15.0a8 (#21255)
• 7b0e09f Fix match statement semantics for "or" pattern (#21156)
• 92b74f2 Avoid widening types in conditional_types (#21242)
• 0dcbfaa Fix is_overlapping_types for generic callables (#21208)
• 210f518 Correctly aggregate narrowing information on parent expressions (#21206)
• c34530e Only set journal mode in coordinator (#21217)
• 79a3ec6 Use WAL with SQLite cache, fix close (#21154)
• Additional commits viewable in compare view

Updates uv from 0.11.2 to 0.11.8

Release notes

Sourced from uv's releases.

0.11.8

Release Notes

Released on 2026-04-27.

Enhancements

• Add --python-downloads-json-url to python pin (#19092)
• Fetch uv from Astral mirror during self-update (#18682)
• Support pip uninstall -y (#19082)
• Allow exclude-newer to be missing from the lockfile when exclude-newer-span is present (#19024)
• Only show the version number in uv self version --short (#19019)
• Silence warnings on empty SSL_CERT_DIR directory (#19018)
• Use a sentinel timestamp for relative exclude-newer and exclude-newer-package values in lockfiles (#19022, #19101)

Configuration

• Add UV_PYTHON_NO_REGISTRY (#19035)
• Add an environment variable for UV_NO_PROJECT (#19052)
• Expose UV_PYTHON_SEARCH_PATH for Python discovery PATH overrides (#19034)

Bug fixes

• Add rust-toolchain.toml to uv-build sdist (#19131)
• Ensure uv invocations of git do not inherit repository location environment variables (#19088)
• Redact pre-signed upload URLs in verbose output (#19146)
• Handle transitive URL dependencies in PEP 517 build requirements (#19076, #19086)
• Support uv lock on a pyproject.toml that only contains dependency-groups (#19087)
• Disable transparent Python upgrades in projects when a patch version is requested via .python-version (#19102)
• Fix Python variant tagging in the Windows registry (#19012)
• Ban external symlinks in .tar.zst wheels (#19144)

Distributions

• Remove deprecated license classifiers from uv-build and add Python 3.14 classifier (#19130)

Documentation

• Bump astral-sh/setup-uv version in docs (#19030)
• Update PyTorch documentation for PyTorch 2.11 (#19095)

Install uv 0.11.8

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.8/uv-installer.sh | sh

Install prebuilt binaries via powershell script

... (truncated)

Changelog

Sourced from uv's changelog.

0.11.8

Released on 2026-04-27.

Enhancements

• Add --python-downloads-json-url to python pin (#19092)
• Fetch uv from Astral mirror during self-update (#18682)
• Support pip uninstall -y (#19082)
• Allow exclude-newer to be missing from the lockfile when exclude-newer-span is present (#19024)
• Only show the version number in uv self version --short (#19019)
• Silence warnings on empty SSL_CERT_DIR directory (#19018)
• Use a sentinel timestamp for relative exclude-newer and exclude-newer-package values in lockfiles (#19022, #19101)

Configuration

• Add UV_PYTHON_NO_REGISTRY (#19035)
• Add an environment variable for UV_NO_PROJECT (#19052)
• Expose UV_PYTHON_SEARCH_PATH for Python discovery PATH overrides (#19034)

Bug fixes

• Add rust-toolchain.toml to uv-build sdist (#19131)
• Ensure uv invocations of git do not inherit repository location environment variables (#19088)
• Redact pre-signed upload URLs in verbose output (#19146)
• Handle transitive URL dependencies in PEP 517 build requirements (#19076, #19086)
• Support uv lock on a pyproject.toml that only contains dependency-groups (#19087)
• Disable transparent Python upgrades in projects when a patch version is requested via .python-version (#19102)
• Fix Python variant tagging in the Windows registry (#19012)
• Ban external symlinks in .tar.zst wheels (#19144)

Distributions

• Remove deprecated license classifiers from uv-build and add Python 3.14 classifier (#19130)

Documentation

• Bump astral-sh/setup-uv version in docs (#19030)
• Update PyTorch documentation for PyTorch 2.11 (#19095)

0.11.7

Released on 2026-04-15.

Python

• Upgrade CPython build to 20260414 including an OpenSSL security upgrade (#19004)

Enhancements

... (truncated)

Commits

• 0e961dd Bump version to 0.11.8 (#19184)
• 3e9c333 Configure logging before globals (#19155)
• 84a3244 Redact pre-signed upload URLs in verbose output (#19146)
• 51448c2 Use a single codepath for extracting a .tar.zst wheel (#19144)
• 5f461d6 Allow scripts/build-trampolines.sh to try podman when it's available (#19134)
• dea9815 uv-build: fixup classifiers (#19130)
• 15118d7 Drop whoami dependency (#19132)
• 992be06 Add rust-toolchain.toml to uv-build sdist (#19131)
• d46a7b6 Fix pip_compile test (#19129)
• 282919c Share pylock.toml reading and resolution in pip commands (#19125)
• Additional commits viewable in compare view

Updates pytest from 9.0.2 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

• #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

• #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

  Previously this resulted in an internal assertion failure during plugin loading.

  Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

• #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

• #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

• #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

• #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
• #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
• #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
• #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

• #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

  -- by aleguy02

Commits

• a7d58d7 Prepare release version 9.0.3
• 089d981 Merge pull request #14366 from bluetech/revert-14193-backport
• 8127eaf Revert "Fix: assertrepr_compare respects dict insertion order (#14050) (#14193)"
• 99a7e60 Merge pull request #14363 from pytest-dev/patchback/backports/9.0.x/95d8423bd...
• ddee02a Merge pull request #14343 from bluetech/cve-2025-71176-simple
• 74eac69 doc: Update training info (#14298) (#14301)
• f92dee7 Merge pull request #14267 from pytest-dev/patchback/backports/9.0.x/d6fa26c62...
• 7ee58ac Merge pull request #12378 from Pierre-Sassoulas/fix-implicit-str-concat-and-d...
• 37da870 Merge pull request #14259 from mitre88/patch-4 (#14268)
• c34bfa3 Add explanation for string context diffs (#14257) (#14266)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions