Bump the workflows-dependencies group in /.github/workflows with 5 updates

[dependabot]

Bumps the workflows-dependencies group in /.github/workflows with 5 updates:

Package	From	To
pip	25.0.1	25.1.1
nox	2025.2.9	2025.5.1
nox-poetry	1.1.0	1.2.0
poetry	2.1.1	2.1.3
virtualenv	20.29.2	20.31.2

Updates pip from 25.0.1 to 25.1.1

Changelog

Sourced from pip's changelog.

25.1.1 (2025-05-02)

Bug Fixes

• Fix req.source_dir AssertionError when using the legacy resolver. ([#13353](https://github.com/pypa/pip/issues/13353) <https://github.com/pypa/pip/issues/13353>_)
• Fix crash on Python 3.9.6 and lower when pip failed to compile a Python module during installation. ([#13364](https://github.com/pypa/pip/issues/13364) <https://github.com/pypa/pip/issues/13364>_)
• Names in dependency group includes are now normalized before lookup, which fixes incorrect Dependency group '...' not found errors. ([#13372](https://github.com/pypa/pip/issues/13372) <https://github.com/pypa/pip/issues/13372>_)

Vendored Libraries

• Fix issues with using tomllib from the stdlib if available, rather than tomli
• Upgrade dependency-groups to 1.3.1

25.1 (2025-04-26)

Deprecations and Removals

• Drop support for Python 3.8. ([#12989](https://github.com/pypa/pip/issues/12989) <https://github.com/pypa/pip/issues/12989>_)
• On python 3.14+, the pkg_resources metadata backend cannot be used anymore. ([#13010](https://github.com/pypa/pip/issues/13010) <https://github.com/pypa/pip/issues/13010>_)
• Hide --no-python-version-warning from CLI help and documentation as it's useless since Python 2 support was removed. Despite being formerly slated for removal, the flag will remain as a no-op to avoid breakage. ([#13303](https://github.com/pypa/pip/issues/13303) <https://github.com/pypa/pip/issues/13303>_)
• A warning is emitted when the deprecated pkg_resources library is used to inspect and discover installed packages. This warning should only be visible to users who set an undocumented environment variable to disable the default importlib.metadata backend. ([#13318](https://github.com/pypa/pip/issues/13318) <https://github.com/pypa/pip/issues/13318>_)
• Deprecate the legacy setup.py bdist_wheel mechanism. To silence the warning, and future-proof their setup, users should enable --use-pep517 or add a pyproject.toml file to the projects they control. ([#13319](https://github.com/pypa/pip/issues/13319) <https://github.com/pypa/pip/issues/13319>_)

Features

• Suggest checking "pip config debug" in case of an InvalidProxyURL error. ([#12649](https://github.com/pypa/pip/issues/12649) <https://github.com/pypa/pip/issues/12649>_)
• Using --debug also enables verbose logging. ([#12710](https://github.com/pypa/pip/issues/12710) <https://github.com/pypa/pip/issues/12710>_)
• Display a transient progress bar during package installation. ([#12712](https://github.com/pypa/pip/issues/12712) <https://github.com/pypa/pip/issues/12712>_)
• Minor performance improvement when installing packages with a large number of dependencies by increasing the requirement string cache size. ([#12873](https://github.com/pypa/pip/issues/12873) <https://github.com/pypa/pip/issues/12873>_)
• Add a --group option which allows installation from :pep:735 Dependency Groups. --group accepts arguments of the form group or path:group, where the default path is pyproject.toml, and installs

... (truncated)

Commits

• 01857ef Bump for release
• 08d8bb9 Merge pull request #13374 from pfmoore/fixups
• 2bff84e Merge pull request #13363 from sbidoul/fix-source_dir-assert
• 644e71d News file fixups
• 426856f Merge pull request #13364 from ichard26/bugfix/python39
• b7e3aea Merge pull request #13356 from eli-schwartz/tomllib
• 8c678fe Merge pull request #13373 from sirosen/update-vendored-dependency-groups
• 7d00639 Update newsfiles for dependency-groups patch
• 6d28bbf Update version of dependency-groups to v1.3.1
• 94bd66d Revert StreamWrapper removal to restore Python 3.9.{0,6} compat
• Additional commits viewable in compare view

Updates nox from 2025.2.9 to 2025.5.1

Release notes

Sourced from nox's releases.

2025.05.01 🌸

This is a bugfix release that primarily adds support for uv 0.7+. A few other small fixes were made.

We'd like to thank the following folks who contributed to this release:

• @​chirizxc
• @​gschaffner
• @​henryiii
• @​living180
• @​Spectre5 (first contribution)

Bugfixes:

• uv version is now uv self version, respect UV by @​henryiii and @​Spectre5 in wntrblm/nox#955
• Add UV_PYTHON to disallowed vars by @​henryiii in wntrblm/nox#959
• Never ignore URL dependencies in PEP 723 noxfiles by @​gschaffner in wntrblm/nox#935
• Support forcing Python on parametrized session by @​henryiii in wntrblm/nox#958
• Fix conda_install issue with newer conda (only Unix) by @​henryiii in wntrblm/nox#957
• Show skip reason by default by @​chirizxc in wntrblm/nox#941
• Support Path for envdir by @​henryiii in wntrblm/nox#932
• Use Python 3.12 for action, allow 3.13, drop 3.8 from auto versions by @​henryiii in wntrblm/nox#946

Documentation:

• Fix a typo in the changelog by @​gschaffner in wntrblm/nox#936
• Update uv recipe by @​henryiii in wntrblm/nox#933
• Fix parametrized session tagging example by @​living180 in wntrblm/nox#942
• uv now supports pip install . reinstallation by @​henryiii in wntrblm/nox#947

Internal changes:

• Use PEP 639 license info by @​henryiii in wntrblm/nox#956
• Make test skips a bit smarter by @​henryiii in wntrblm/nox#929
• Add our own requirements to conda too by @​henryiii in wntrblm/nox#945

Changelog

Sourced from nox's changelog.

Changelog

2025.05.01

This is a bugfix release that primarily adds support for uv 0.7+. A few other small fixes were made.

We'd like to thank the following folks who contributed to this release:

• @​chirizxc
• @​gschaffner
• @​henryiii
• @​living180
• @​Spectre5 (first contribution)

Bugfixes:

• uv version is now uv self version, respect UV by @​henryiii and @​Spectre5 in wntrblm/nox#955
• Add UV_PYTHON to disallowed vars by @​henryiii in wntrblm/nox#959
• Never ignore URL dependencies in PEP 723 noxfiles by @​gschaffner in wntrblm/nox#935
• Support forcing Python on parametrized session by @​henryiii in wntrblm/nox#958
• Fix conda_install issue with newer conda (only Unix) by @​henryiii in wntrblm/nox#957
• Show skip reason by default by @​chirizxc in wntrblm/nox#941
• Support Path for envdir by @​henryiii in wntrblm/nox#932
• Use Python 3.12 for action, allow 3.13, drop 3.8 from auto versions by @​henryiii in wntrblm/nox#946

Documentation:

• Fix a typo in the changelog by @​gschaffner in wntrblm/nox#936
• Update uv recipe by @​henryiii in wntrblm/nox#933
• Fix parametrized session tagging example by @​living180 in wntrblm/nox#942
• uv now supports pip install . reinstallation by @​henryiii in wntrblm/nox#947

Internal changes:

• Use PEP 639 license info by @​henryiii in wntrblm/nox#956
• Make test skips a bit smarter by @​henryiii in wntrblm/nox#929
• Add our own requirements to conda too by @​henryiii in wntrblm/nox#945

2025.02.09

This release improves PEP 723 support, including adding dependencies to the noxfile itself ("plugins"). It adds the long-awaited "requires" option, allowing sessions to require other sessions. And it brings further improvements to the pyproject.toml support, including helpers for dependency-groups and Python version lists.

We'd like to thank the following folks who contributed to this release:

• @​btemplep (first contribution)
• @​chirizxc (first contribution)
• @​davidhewitt (first contribution)
• @​gschaffner (first contribution)

... (truncated)

Commits

• 2254a1e chore: bump version to 2025.05.01 (#960)
• e0b5e33 fix: conda_install issue with newer conda (#957)
• a58fe60 fix: support forcing Python on parametrized session (#958)
• aa475d6 fix: add UV_PYTHON to disallowed vars (#959)
• 1acbb4e chore: use PEP 639 license (#956)
• 7219be7 chore(deps): bump astral-sh/setup-uv from 5 to 6 in the actions group (#952)
• b943f95 fix: uv version is now uv self version, support UV (#955)
• 1d52c8f Never ignore URL dependencies in PEP 723 noxfiles (#935)
• 4e7f644 feat: show skip reason by default (#941)
• 70df6ab fix: use Python 3.12 for action, allow 3.13, drop 3.8 from auto versions (#946)
• Additional commits viewable in compare view

Updates nox-poetry from 1.1.0 to 1.2.0

Release notes

Sourced from nox-poetry's releases.

v1.2.0

Changes

• Release 1.2.0 (#1316) @​edgarrmondragon
• Update release workflow (#1315) @​edgarrmondragon
• Use build PEP 517 build frontend to build the package (#1303) @​edgarrmondragon
• Enable FIPS compliance by calling blake2b with usedforsecurity=False (#1307) @​davemcphee
• Use Python 3.13 and Ubuntu 24.04 for RTD build (#1309) @​edgarrmondragon
• Drop support for Python 3.8 (#1302) @​edgarrmondragon
• Update tested Poetry versions (#1295) @​edgarrmondragon
• Cancel in-progress runs for the same branch or in retries of the same workflow run (#1286) @​edgarrmondragon
• Trigger test workflow only in PRs and pushes to main (#1282) @​edgarrmondragon
• Fix Dependabot group patterns (#1281) @​edgarrmondragon
• chore: Group dependabot updates (#1278) @​edgarrmondragon

📦 Dependencies

• ⬆️ Bump the lockfile-dev group with 2 updates (#1314) @dependabot[bot]
• Bump actions/upload-artifact from 4.6.0 to 4.6.1 in the actions group (#1312) @dependabot[bot]
• Bump sphinx from 8.2.0 to 8.2.1 in /docs in the docs group (#1313) @dependabot[bot]
• ⬆️ Bump the lockfile-dev group across 1 directory with 6 updates (#1311) @dependabot[bot]
• ⬆️ Bump sphinx from 8.1.3 to 8.2.0 in /docs in the docs group (#1304) @dependabot[bot]
• ⬆️ Bump actions/cache from 4.2.0 to 4.2.1 in the actions group (#1305) @dependabot[bot]
• ⬆️ Bump the lockfile-runtime group across 1 directory with 2 updates (#1297) @dependabot[bot]
• Bump myst-parser from 4.0.0 to 4.0.1 in /docs in the docs group (#1299) @dependabot[bot]
• Bump poetry from 2.0.1 to 2.1.1 in /.github/workflows in the ci group (#1301) @dependabot[bot]
• ⬆️ [dev]: Bump safety from 3.2.14 to 3.3.0 in the lockfile-dev group (#1300) @dependabot[bot]
• Bump the actions group across 1 directory with 4 updates (#1290) @dependabot[bot]
• ⬆️ [dev]: Bump the lockfile-dev group across 1 directory with 6 updates (#1293) @dependabot[bot]
• Bump the ci group across 1 directory with 3 updates (#1296) @dependabot[bot]
• Bump the actions group with 8 updates (#1285) @dependabot[bot]
• Bump the ci group in /.github/workflows with 3 updates (#1283) @dependabot[bot]
• ⬆️ Bump the lockfile-runtime group with 6 updates (#1280) @dependabot[bot]
• Bump the docs group in /docs with 3 updates (#1284) @dependabot[bot]
• ⬆️ Bump the lockfile-dev group with 23 updates (#1279) @dependabot[bot]
• ⬆️ [dev]: Bump charset-normalizer from 3.3.2 to 3.4.1 (#1238) @dependabot[bot]
• ⬆️ [dev]: Bump certifi from 2024.8.30 to 2024.12.14 (#1240) @dependabot[bot]
• Bump virtualenv from 20.26.3 to 20.29.1 in /.github/workflows (#1235) @dependabot[bot]
• ⬆️ [dev]: Bump rich from 13.9.2 to 13.9.4 (#1236) @dependabot[bot]
• ⬆️ [dev]: Bump click from 8.1.7 to 8.1.8 (#1237) @dependabot[bot]
• Bump actions/setup-python from 4.6.1 to 5.3.0 (#1233) @dependabot[bot]

Commits

• b9b6dcf 🔖 Release 1.2.0 (#1316)
• 0afa261 Update release workflow (#1315)
• 43abbd4 Merge pull request #1314 from cjolowicz/dependabot/pip/lockfile-dev-9a05e95988
• 33fd3bf ⬆️ Bump the lockfile-dev group with 2 updates
• c6a024a Merge pull request #1312 from cjolowicz/dependabot/github_actions/actions-19a...
• d4df64e Merge pull request #1313 from cjolowicz/dependabot/pip/docs/docs-13bf812558
• d4e3e1c Bump sphinx from 8.2.0 to 8.2.1 in /docs in the docs group
• 698b427 Bump actions/upload-artifact from 4.6.0 to 4.6.1 in the actions group
• af0c06b Merge pull request #1311 from cjolowicz/dependabot/pip/lockfile-dev-c3028c24da
• a836160 ⬆️ Bump the lockfile-dev group across 1 directory with 6 updates
• Additional commits viewable in compare view

Updates poetry from 2.1.1 to 2.1.3

Release notes

Sourced from poetry's releases.

2.1.3

Changed

• Require importlib-metadata<8.7 for Python 3.9 because of a breaking change in importlib-metadata 8.7 (#10374).

Fixed

• Fix an issue where re-locking failed for incomplete multiple-constraints dependencies with explicit sources (#10324).
• Fix an issue where the --directory option did not work if a plugin, which accesses the poetry instance during its activation, was installed (#10352).
• Fix an issue where poetry env activate -v printed additional information to stdout instead of stderr so that the output could not be used as designed (#10353).
• Fix an issue where the original error was not printed if building a git dependency failed (#10366).
• Fix an issue where wheels for the wrong platform were installed in rare cases. (#10361).

poetry-core (2.1.3)

• Fix an issue where the union of specific inverse or partially inverse markers was not simplified (#858).
• Fix an issue where optional dependencies defined in the project section were treated as non-optional when a source was defined for them in the tool.poetry section (#857).
• Fix an issue where markers with === were not parsed correctly (#860).
• Fix an issue where local versions with upper case letters caused an error (#859).
• Fix an issue where extra markers with a value starting with "in" were not validated correctly (#862).

2.1.2

Changed

• Improve performance of locking dependencies (#10275).

Fixed

• Fix an issue where markers were not locked correctly (#10240).
• Fix an issue where the result of poetry lock was not deterministic (#10276).
• Fix an issue where poetry env activate returned the wrong command for tcsh (#10243).
• Fix an issue where poetry env activate returned the wrong command for pwsh on Linux (#10256).

Docs

• Update basic usage section to reflect new default layout (#10203).

poetry-core (2.1.2)

• Improve performance of marker operations (#851).
• Fix an issue where incorrect markers were calculated when removing parts covered by the project's Python constraint (#841, #846).
• Fix an issue where extra markers were not simplified (#842, #845, #847).
• Fix an issue where the intersection and union of markers was not deterministic (#843).
• Fix an issue where the intersection of python_version markers was not recognized as empty (#849).
• Fix an issue where python_version markers were not simplified (#848, #851).
• Fix an issue where Python constraints on a package were converted into invalid markers (#853).

Changelog

Sourced from poetry's changelog.

[2.1.3] - 2025-05-04

Changed

• Require importlib-metadata<8.7 for Python 3.9 because of a breaking change in importlib-metadata 8.7 (#10374).

Fixed

• Fix an issue where re-locking failed for incomplete multiple-constraints dependencies with explicit sources (#10324).
• Fix an issue where the --directory option did not work if a plugin, which accesses the poetry instance during its activation, was installed (#10352).
• Fix an issue where poetry env activate -v printed additional information to stdout instead of stderr so that the output could not be used as designed (#10353).
• Fix an issue where the original error was not printed if building a git dependency failed (#10366).
• Fix an issue where wheels for the wrong platform were installed in rare cases. (#10361).

poetry-core (2.1.3)

• Fix an issue where the union of specific inverse or partially inverse markers was not simplified (#858).
• Fix an issue where optional dependencies defined in the project section were treated as non-optional when a source was defined for them in the tool.poetry section (#857).
• Fix an issue where markers with === were not parsed correctly (#860).
• Fix an issue where local versions with upper case letters caused an error (#859).
• Fix an issue where extra markers with a value starting with "in" were not validated correctly (#862).

[2.1.2] - 2025-03-29

Changed

• Improve performance of locking dependencies (#10275).

Fixed

• Fix an issue where markers were not locked correctly (#10240).
• Fix an issue where the result of poetry lock was not deterministic (#10276).
• Fix an issue where poetry env activate returned the wrong command for tcsh (#10243).
• Fix an issue where poetry env activate returned the wrong command for pwsh on Linux (#10256).

Docs

• Update basic usage section to reflect new default layout (#10203).

poetry-core (2.1.2)

• Improve performance of marker operations (#851).
• Fix an issue where incorrect markers were calculated when removing parts covered by the project's Python constraint (#841, #846).
• Fix an issue where extra markers were not simplified (#842, #845, #847).
• Fix an issue where the intersection and union of markers was not deterministic (#843).
• Fix an issue where the intersection of python_version markers was not recognized as empty (#849).

... (truncated)

Commits

• 84eeadc release: bump version to 2.1.3
• aa08f25 chore: update dependencies (especially poetry-core) ... (#10374)
• 865e928 add useful information to error message (#10367)
• b0a982e Rename ruff ruleset: TCH → TC (#10373)
• 14221f5 fix get_supported_tags in cases where the target env has a different platfo...
• b739891 fix error handling for git dependencies (#10366)
• 13e78ba docs: update path dependency specification example (#10171)
• b516801 outputs 'env activate' verbose message on stderr (#10353)
• 8e5426d Poetry documentation proofread (#10354)
• 7cb58f6 chore: update dependencies and actions (#10362)
• Additional commits viewable in compare view

Updates virtualenv from 20.29.2 to 20.31.2

Release notes

Sourced from virtualenv's releases.

20.31.2

What's Changed

• release 20.31.1 by @​gaborbernat in pypa/virtualenv#2882
• Reintroduce the --wheel CLI option, even though it has no effect on Python > 3.8 by @​hroncok in pypa/virtualenv#2884

Full Changelog: pypa/virtualenv@20.31.1...20.31.2

20.31.1

What's Changed

• release 20.31.0 by @​gaborbernat in pypa/virtualenv#2879
• Bump setuptools and pip by @​gaborbernat in pypa/virtualenv#2880

Full Changelog: pypa/virtualenv@20.31.0...20.31.1

20.31.0

What's Changed

• release 20.30.0 by @​gaborbernat in pypa/virtualenv#2864
• Stop including 'wheel', setuptools 70.1 has native bdist_wheel support by @​stefanor in pypa/virtualenv#2868
• Revert a large part of the wheel removal, to support Python 3.8 by @​stefanor in pypa/virtualenv#2876
• Fix HelpFormatter for Python 3.14 by @​cdce8p in pypa/virtualenv#2878
• Fix get_embed_wheel for unknown wheels by @​tiran in pypa/virtualenv#2877

New Contributors

• @​cdce8p made their first contribution in pypa/virtualenv#2878
• @​tiran made their first contribution in pypa/virtualenv#2877

Full Changelog: pypa/virtualenv@20.30.0...20.31.0

20.30.0

What's Changed

• release 20.29.3 by @​gaborbernat in pypa/virtualenv#2855
• Add GraalPy support by @​timfel in pypa/virtualenv#2859
• Upgrade setuptools by @​gaborbernat in pypa/virtualenv#2863

New Contributors

• @​timfel made their first contribution in pypa/virtualenv#2859

Full Changelog: pypa/virtualenv@20.29.3...20.30.0

20.29.3

... (truncated)

Changelog

Sourced from virtualenv's changelog.

v20.31.2 (2025-05-08)

No significant changes.

v20.31.1 (2025-05-05)

Bugfixes - 20.31.1

- Upgrade embedded wheels:

pip to 25.1.1 from 25.1
setuptools to 80.3.1 from 78.1.0 (:issue:2880)

v20.31.0 (2025-05-05)
Features - 20.31.0

• No longer bundle wheel wheels (except on Python 3.8), setuptools includes native bdist_wheel support. Update pip to 25.1. (:issue:2868)

Bugfixes - 20.31.0

- ``get_embed_wheel()`` no longer fails with a :exc:`TypeError` when it is
  called with an unknown *distribution*. (:issue:`2877`)
- Fix ``HelpFormatter`` error with Python 3.14.0b1. (:issue:`2878`)
v20.30.0 (2025-03-31)
Features - 20.30.0

• Add support for GraalPy <https://github.com/oracle/graalpython>_. (:issue:2832)

Bugfixes - 20.30.0

- Upgrade embedded wheels:

setuptools to 78.1.0 from 75.3.2 (:issue:2863)

v20.29.3 (2025-03-06)
Bugfixes - 20.29.3

• Ignore unreadable directories in PATH. (:issue:2794)

Commits

• 91cf771 release 20.31.2
• 9c4cd8e Merge pull request #2884 from hroncok/wheel-option-back
• e9b6ba7 Merge pull request #2882 from pypa/release-20.31.1
• 71d6f0a Update changelog.rst
• 572aa23 release 20.31.1
• 715268e Merge pull request #2880 from gaborbernat/main
• 472157d Bump setuptools and pip
• f7d440d release 20.31.0 (#2879)
• 2b7ea30 release 20.31.0
• a2e76cb Fix get_embed_wheel for unknown wheels (#2877)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions