fix(deps): update all non-major dependencies

This MR contains the following updates:

Package	Change	Age	Confidence	Type	Update
coverage	7.11.0 -> 7.11.3			dev	patch
google-auth	2.42.0 -> 2.43.0			dependencies	minor
pre-commit	4.3.0 -> 4.4.0			dev	minor
psf/black	25.9.0 -> 25.11.0			repository	minor
pydantic (changelog)	2.12.3 -> 2.12.4			dependencies	patch
uis/devops/continuous-delivery/ci-templates	v7.20.0 -> v7.20.3			repository	patch

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

coveragepy/coveragepy (coverage)

v7.11.3

Compare Source

• Fix: the 7.11.1 changes meant that conflicts between a requested measurement core and other settings would raise an error. This was a breaking change from previous behavior, as reported in issue 2076_ and issue 2078_.

  The previous behavior has been restored: when the requested core conflicts with other settings, another core is used instead, and a warning is issued.

• For contributors: the repo has moved from Ned's nedbat GitHub account_ to the coveragepy GitHub organization_. The default branch has changed from master to main.

.. _issue 2076: #​2076 .. _issue 2078: #​2078 .. _nedbat GitHub account: https://github.com/nedbat .. _coveragepy GitHub organization: https://github.com/coveragepy

.. _changes_7-11-2:

v7.11.2

Compare Source

• Fix: using the "sysmon" measurement core in 7.11.1, if Python code was claimed to come from a non-Python file, a NotPython exception could be raised. This could happen for example with Jinja templates compiled to Python, as reported in issue 2077_. This is now fixed.

• Doc: corrected the first entry in the 7.11.1 changelog.

.. _issue 2077: #​2077

.. _changes_7-11-1:

v7.11.1

Compare Source

• Fix: some chanages to details of how the measurement core is chosen, and how conflicting settings are handled. The "sysmon" core cannot be used with some conurrency settings, with dynamic context, and in Python 3.12/3.13, with branch measurement.

  • If the core is not specified and defaults to "sysmon" (Python 3.14+), but other settings conflict with sysmon, then the "ctrace" core will be used instead with no warning. For concurrency conflicts, this used to produce an error, as described in issue 2064_.

  • If the "sysmon" core is explicitly requested in your configuration, but other settings conflict, an error is now raised. This used to produce a warning.

• Fix: some multi-line case clauses or for loops (and probably other constructs) could cause incorrect claims of missing branches with the sys.monitoring core, as described in issue 2070_. This is now fixed.

• Fix: when running in pytest under coverage, a breakpoint() would stop in the wrong frame, one level down from where it should, as described in issue 1420_. This was due to a coverage change in v6.4.1 that seemed to give a slight performance improvement, but I couldn't reproduce the performance gain, so it's been reverted, fixing the debugger problem.

• A new debug option --debug=core shows which core is in use and why.

• Split sqlite debugging information out of the sys :ref:coverage debug <cmd_debug> and :ref:cmd_run_debug options since it's bulky and not very useful.

• Updated the :ref:howitworks page to better describe the three different measurement cores.

.. _issue 1420: #​1420 .. _issue 2064: #​2064 .. _issue 2070: #​2070

.. _changes_7-11-0:

googleapis/google-auth-library-python (google-auth)

v2.43.0

Compare Source

Features

• Add public wrapper for _mtls_helper.check_use_client_cert which enables mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509 cert sources detected (#​1859) Add public wrapper for check_use_client_cert which enables mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509 cert sources detected. Also, fix check_use_client_cert to return boolean value. Change #​1848 added the check_use_client_cert method that helps know if client cert should be used for mTLS connection. However, that was in a private class, thus, created a public wrapper of the same function so that it can be used by python Client Libraries. Also, updated check_use_client_cert to return a boolean value instead of existing string value for better readability and future scope. --------- (1535eccbff0ad8f3fd6a9775316ac8b77dca66ba)
• Enable mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, if the MWID/X.509 cert sources detected (#​1848) The Python SDK will use a hybrid approach for mTLS enablement:

• If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is set (either true or false), the SDK will respect that setting. This is necessary for test scenarios and users who need to explicitly control mTLS behavior.
• If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is not set, the SDK will automatically enable mTLS only if it detects Managed Workload Identity (MWID) or X.509 Workforce Identity Federation (WIF) certificate sources. In other cases where the variable is not set, mTLS will remain disabled. ** This change also adds the helper method check_use_client_cert and it's unit test, which will be used for checking the criteria for setting the mTLS to true ** This change is only for Auth-Library, other changes will be created for Client-Library use-cases. --------- (395e405b64b56ddb82ee639958c2e8056ad2e82b)

• onboard google-auth to librarian (#​1838) This MR onboards google-auth library to the Librarian system. Wait for #​1819. (c503eaa511357d7a76cc1e1f1d3a3be2dabd5bca)

v2.42.1

Compare Source

Bug Fixes

• Catch ValueError for json.loads() (#​1842) (b074cad)

pre-commit/pre-commit (pre-commit)

v4.4.0

Compare Source

==================

Features

• Add --fail-fast option to pre-commit run.
  • #​3528 MR by @​JulianMaurin.
• Upgrade ruby-build / rbenv.
  • #​3566 MR by @​asottile.
  • #​3565 issue by @​MRigal.
• Add language: unsupported / language: unsupported_script as aliases for language: system / language: script (which will eventually be deprecated).
  • #​3577 MR by @​asottile.
• Add support docker-in-docker detection for cgroups v2.
  • #​3535 MR by @​br-rhrbacek.
  • #​3360 issue by @​JasonAlt.

Fixes

• Handle when docker gives SecurityOptions: null.
  • #​3537 MR by @​asottile.
  • #​3514 issue by @​jenstroeger.
• Fix error context for invalid stages in .pre-commit-config.yaml.
  • #​3576 MR by @​asottile.

psf/black (psf/black)

v25.11.0

Compare Source

Highlights

• Enable base 3.14 support (#​4804)
• Add support for the new Python 3.14 t-string syntax introduced by PEP 750 (#​4805)

Stable style

• Fix bug where comments between # fmt: off and # fmt: on were reformatted (#​4811)
• Comments containing fmt directives now preserve their exact formatting instead of being normalized (#​4811)

Preview style

• Move multiline_string_handling from --unstable to --preview (#​4760)
• Fix bug where module docstrings would be treated as normal strings if preceded by comments (#​4764)
• Fix bug where python 3.12 generics syntax split line happens weirdly (#​4777)
• Standardize type comments to form # type: <value> (#​4645)
• Fix fix_fmt_skip_in_one_liners preview feature to respect # fmt: skip for compound statements with semicolon-separated bodies (#​4800)

Configuration

• Add no_cache option to control caching behavior. (#​4803)

Packaging

• Releases now include arm64 Linux binaries (#​4773)

Output

• Write unchanged content to stdout when excluding formatting from stdin using pipes (#​4610)

Blackd

• Implemented BlackDClient. This simple python client allows to easily send formatting requests to blackd (#​4774)

Integrations

• Enable 3.14 base CI (#​4804)
• Enhance GitHub Action psf/black to support the required-version major-version-only "stability" format when using pyproject.toml (#​4770)
• Improve error message for vim plugin users. It now handles independently vim version
• Vim: Warn on unsupported Vim and Python versions independently (#​4772)
• Vim: Print the import paths when importing black fails (#​4675)
• Vim: Fix handling of virtualenvs that have a different Python version (#​4675)

pydantic/pydantic (pydantic)

v2.12.4: 2025-11-05

Compare Source

v2.12.4 (2025-11-05)

This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.

This patch release also fixes an issue with the serialization of IP address types, when serialize_as_any is used. The next patch release will try to address the remaining issues with serialize as any behavior by introducing a new polymorphic serialization feature, that should be used in most cases in place of serialize as any.

• Fix issue with forward references in parent TypedDict classes by @​Viicos in #​12427.

  This issue is only relevant on Python 3.14 and greater.

• Exclude fields with exclude_if from JSON Schema required fields by @​Viicos in #​12430

• Revert URL percent-encoding of credentials in the build() method of the AnyUrl and Dsn types by @​davidhewitt in pydantic-core#1833.

  This was initially considered as a bugfix, but caused regressions and as such was fully reverted. The next release will include an opt-in option to percent-encode components of the URL.

• Add type inference for IP address types by @​davidhewitt in pydantic-core#1868.

  The 2.12 changes to the serialize_as_any behavior made it so that IP address types could not properly serialize to JSON.

• Avoid getting default values from defaultdict by @​davidhewitt in pydantic-core#1853.

  This fixes a subtle regression in the validation behavior of the collections.defaultdict type.

• Fix issue with field serializers on nested typed dictionaries by @​davidhewitt in pydantic-core#1879.

• Add more pydantic-core builds for the three-threaded version of Python 3.14 by @​davidhewitt in pydantic-core#1864.

Full Changelog: https://github.com/pydantic/pydantic/compare/v2.12.3...v2.12.4

uis/devops/continuous-delivery/ci-templates (uis/devops/continuous-delivery/ci-templates)

v7.20.3: 7.20.3

Compare Source

7.20.3 (2025-11-03)

Bug Fixes

• use only needed bits of Terraform-Module.gitlab-ci.yml to avoid duplicate jobs (ff646a0)

v7.20.2: 7.20.2

Compare Source

7.20.2 (2025-10-30)

Bug Fixes

• check-latest-tag-in-changelog: skip job if tag is an alpha or beta release (210ffd5)

v7.20.1: 7.20.1

Compare Source

7.20.1 (2025-10-29)

Bug Fixes

• allow no test coverage in maven (40db7bf)

---

Configuration

📅 Schedule: Branch creation - Monday through Friday ( * * * * 1-5 ) in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This MR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.