fix(deps): update all non-major dependencies (!9) · Merge requests · Information Services / DevOps / Experiments / wm383 Testing / wm383-test WebApp

This MR contains the following updates:

Package	Change	Type	Update
@types/node (source)	`24.10.4` → `24.10.9`	dependencies	patch
alessandrojcm/commitlint-pre-commit-hook	`v9.23.0` → `v9.24.0`	repository	minor
externalsettings	`2.0.4` → `2.0.10`	dependencies	patch
mkdocs-material (changelog)	`9.7.0` → `9.7.1`	docs	patch
poetry (changelog)	`2.2.1` → `2.3.2`		minor
pre-commit/mirrors-mypy	`v1.19.0` → `v1.19.1`	repository	patch
python-poetry/poetry	`2.2.1` → `2.3.2`	repository	minor
social-auth-app-django (changelog)	`5.6.0` → `5.7.0`	dependencies	minor
tox (changelog)	`4.32.0` → `4.34.1`		minor
tox (changelog)	`<4.33.0` → `<4.34.2`	dev	minor
uis/devops/continuous-delivery/ci-templates	`v7.25.6` → `v7.26.2`	repository	minor
vite-tsconfig-paths	`^6.0.0` → `^6.0.3`	devDependencies	patch

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

Release Notes

alessandrojcm/commitlint-pre-commit-hook (alessandrojcm/commitlint-pre-commit-hook)

`v9.24.0`

Compare Source

Features

bump the commitlint group with 2 updates (f275344)
bump the commitlint group with 2 updates (d68a0ba)
bump the commitlint group with 2 updates (9a3ee85)

squidfunk/mkdocs-material (mkdocs-material)

`v9.7.1`: mkdocs-material-9.7.1

Compare Source

Updated requests to 2.30+ to mitigate CVE in urllib
Fixed privacy plugin not picking up protocol-relative URLs
Fixed #8542: false positives and negatives captured in privacy plugin

python-poetry/poetry (poetry)

`v2.3.2`

Compare Source

Changed

Allow dulwich>=1.0 (#10701).

poetry-core (`2.3.1`)

Fix an issue where platform_release could not be parsed on Windows Server (#911).

`v2.3.1`

Compare Source

Fixed

Fix an issue where cached information about each package was always considered outdated (#10699).

Docs

Document SHELL_VERBOSITY environment variable (#10678).

`v2.3.0`

Compare Source

Added

Add support for exporting pylock.toml files with poetry-plugin-export (#10677).
Add support for specifying build constraints for dependencies (#10388).
Add support for publishing artifacts whose version is determined dynamically by the build-backend (#10644).
Add support for editable project plugins (#10661).
Check requires-poetry before any other validation (#10593).
Validate the content of project.readme when running poetry check (#10604).
Add the option to clear all caches by making the cache name in poetry cache clear optional (#10627).
Automatically update the cache for packages where the locked files differ from cached files (#10657).
Suggest to clear the cache if running a command with --no-cache solves an issue (#10585).
Propose poetry init when trying poetry new for an existing directory (#10563).
Add support for poetry publish --skip-existing for new Nexus OSS versions (#10603).
Show Poetry's own Python's path in poetry debug info (#10588).

Changed

Drop support for Python 3.9 (#10634).
Change the default of installer.re-resolve from true to false (#10622).
PEP 735 dependency groups are considered in the lock file hash (#10621).
Deprecate poetry.utils._compat.metadata, which is sometimes used in plugins, in favor of importlib.metadata (#10634).
Improve managing free-threaded Python versions with poetry python (#10606).
Prefer JSON API to HTML API in legacy repositories (#10672).
When running poetry init, only add the readme field in the pyproject.toml if the readme file exists (#10679).
Raise an error if no hash can be determined for any distribution link of a package (#10673).
Require dulwich>=0.25.0 (#10674).

Fixed

Fix an issue where poetry remove did not work for PEP 735 dependency groups with include-group items (#10587).
Fix an issue where poetry remove caused dangling include-group references in PEP 735 dependency groups (#10590).
Fix an issue where poetry add did not work for PEP 735 dependency groups with include-group items (#10636).
Fix an issue where PEP 735 dependency groups were not considered in the lock file hash (#10621).
Fix an issue where wrong markers were locked for a dependency that was required by several groups with different markers (#10613).
Fix an issue where non-deterministic markers were created in a method used by poetry-plugin-export (#10667).
Fix an issue where wrong wheels were chosen for installation in free-threaded Python environments if Poetry itself was not installed with free-threaded Python (#10614).
Fix an issue where poetry publish used the metadata of the project instead of the metadata of the build artifact (#10624).
Fix an issue where poetry env use just used another Python version instead of failing when the requested version was not supported by the project (#10685).
Fix an issue where poetry env activate returned the wrong command for dash (#10696).
Fix an issue where data-dir and python.installation-dir could not be set (#10595).
Fix an issue where Python and pip executables were not correctly detected on Windows (#10645).
Fix an issue where invalid template variables in virtualenvs.prompt caused an incomprehensible error message (#10648).

Docs

Add a warning about ~/.netrc for Poetry credential configuration (#10630).
Clarify that the local configuration takes precedence over the global configuration (#10676).
Add an explanation in which cases packages are automatically detected (#10680).

poetry-core (`2.3.0`)

Normalize versions (#893).
Fix an issue where unsatisfiable requirements did not raise an error (#891).
Fix an issue where the implicit main group did not exist if it was explicitly declared as not having any dependencies (#892).
Fix an issue where python_full_version markers with pre-release versions were parsed incorrectly (#893).

pre-commit/mirrors-mypy (pre-commit/mirrors-mypy)

`v1.19.1`

Compare Source

python-social-auth/social-app-django (social-auth-app-django)

`v5.7.0`

Compare Source

Changed

Integrated with social_core using registry instead of monkey patching it

tox-dev/tox (tox)

`v4.34.1`

Compare Source

What's Changed

fix: wheel corruption when running parallel tox processes by @gaborbernat in #3667

Full Changelog: https://github.com/tox-dev/tox/compare/4.34.0...4.34.1

`v4.34.0`

Compare Source

What's Changed

feat: Support depenedcy groups with self references by @Czaki in #3666

Full Changelog: https://github.com/tox-dev/tox/compare/4.33.0...4.34.0

`v4.33.0`

Compare Source

What's Changed

Pass LOCALAPPDATA by default on Windows (#3639) by @clint-lawrence in #3640
Docs: Add caution about ranges like py{39-314} by @ferdnyc in #3652
CLI Parser: Drop epilog message for Sphinx help by @ferdnyc in #3653
📚 Integrate sphinx-issues extension by @webknjaz in #3655
Fix sphinx doc build by @gaborbernat in #3662
feat: add conditional set_env support via PEP-496 markers by @gaborbernat in #3663