chore(deps): bump the python-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the python-dependencies group with 5 updates in the / directory:

Package	From	To
sqlalchemy	2.0.44	2.0.45
newrelic	11.1.0	11.2.0
ruff	0.14.6	0.14.8
pytest	9.0.1	9.0.2
mypy	1.18.2	1.19.0

Updates sqlalchemy from 2.0.44 to 2.0.45

Release notes

Sourced from sqlalchemy's releases.

2.0.45

Released: December 9, 2025

orm

• [orm] [bug] Fixed issue where calling Mapper.add_property() within mapper event hooks such as MapperEvents.instrument_class(), MapperEvents.after_mapper_constructed(), or MapperEvents.before_mapper_configured() would raise an AttributeError because the mapper's internal property collections were not yet initialized. The Mapper.add_property() method now handles early-stage property additions correctly, allowing properties including column properties, deferred columns, and relationships to be added during mapper initialization events. Pull request courtesy G Allajmi.

  References: #12858

• [orm] [bug] Fixed issue in Python 3.14 where dataclass transformation would fail when a mapped class using MappedAsDataclass included a relationship() referencing a class that was not available at runtime (e.g., within a TYPE_CHECKING block). This occurred when using Python 3.14's PEP 649 deferred annotations feature, which is the default behavior without a from __future__ import annotations directive.

  References: #12952

examples

• [examples] [bug] Fixed the "short_selects" performance example where the cache was being used in all the examples, making it impossible to compare performance with and without the cache. Less important comparisons like "lambdas" and "baked queries" have been removed.

sql

• [sql] [bug] Some improvements to the _sql.ClauseElement.params() method to replace bound parameters in a query were made, however the ultimate issue in #12915 involving ORM _orm.aliased() cannot be fixed fully until 2.1, where the method is being rewritten to work without relying on Core cloned traversal.

  References: #12915

• [sql] [bug] Fixed issue where using the ColumnOperators.in_() operator with a nested CompoundSelect statement (e.g. an INTERSECT of UNION queries) would raise a NotImplementedError when the

... (truncated)

Commits

• See full diff in compare view

Updates newrelic from 11.1.0 to 11.2.0

Release notes

Sourced from newrelic's releases.

v11.2.0

Notes

This release of the Python agent adds support for the following:

• Strands
• AWS Bedrock Converse Streaming
• Redis methods hybrid_search and msetex
• Langchain role assignments for LLM events
• LLM event timestamp captured at time of LLM request
• loop_factory parameter in asyncio.Runner

This release also addresses a bug in ASGI instrumentation where headers are not reported by the web server.

Install the agent using easy_install/pip/distribute via the Python Package Index, using conda via the Conda-Forge Package Index, or download it directly from the New Relic download site.

Features

• Add support for Strands

  • Add instrumentation for Strands tools and agents in single and multi-agent (swarms, graphs, etc.) setups

• Add support for AWS Bedrock Converse Streaming

  • Add monitoring support for streaming Converse API. This includes support for Converse chat completion calls made with boto3 and aioboto3 clients using converse_stream().

• Add support for Redis methods

  • Add support for the following methods:
  • hybrid_search
  • msetex

• Add support for loop_factory in asyncio.Runner

  • In Python 3.11, the asyncio.Runner class was added as well as the loop_factory parameter. The loop_factory parameter provides a replacement for loop policies. Now, the loop that is created is instrumented, regardless of whether it is through a global event loop setting or a custom event loop.

• Capture Langchain role assignments in LLM events

  • Langchain LlmChatCompletionMessage events now contains the assigned role from Langchain.

• Capture LLM event timestamp at time of LLM request

  • Previously, the LLM event's timestamp was captured at the time of event creation. Now, it is more accurately captured at the time of the LLM request.

Bug fixes

• ASGI header consumption

  • When an ASGIWebTransaction consumes the headers from a http.response.start event, it was doing so without regard to the allowable input types. When the headers are a generator, the generator was consumed by the call to process_response() leaving no headers remaining for the web server to send. This has now been fixed.

Commits

• ac9682c Merge pull request #1601 from newrelic/sgoel/fixed_tool_type_bug
• ac6eb5f Merge branch 'main' into sgoel/fixed_tool_type_bug
• c31c334 Merge pull request #1600 from newrelic/develop-strands
• 6cedff1 Merge branch 'main' into develop-strands
• 661efd8 Merge branch 'main' into sgoel/fixed_tool_type_bug
• 6860fc1 Add safeguarding to converse attr extraction. (#1603)
• 7853b9e Merge branch 'main' into develop-strands
• ea07f00 Merge branch 'main' into sgoel/fixed_tool_type_bug
• 7bea863 Pin langchain & langchain_core (#1604)
• 12b8ba1 Merge branch 'main' into sgoel/fixed_tool_type_bug
• Additional commits viewable in compare view

Updates ruff from 0.14.6 to 0.14.8

Release notes

Sourced from ruff's releases.

0.14.8

Release Notes

Released on 2025-12-04.

Preview features

• [flake8-bugbear] Catch yield expressions within other statements (B901) (#21200)
• [flake8-use-pathlib] Mark fixes unsafe for return type changes (PTH104, PTH105, PTH109, PTH115) (#21440)

Bug fixes

• Fix syntax error false positives for await outside functions (#21763)
• [flake8-simplify] Fix truthiness assumption for non-iterable arguments in tuple/list/set calls (SIM222, SIM223) (#21479)

Documentation

• Suggest using --output-file option in GitLab integration (#21706)

Other changes

• [syntax-error] Default type parameter followed by non-default type parameter (#21657)

Contributors

• @​kieran-ryan
• @​11happy
• @​danparizher
• @​ntBre

Install ruff 0.14.8

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.14.8/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/ruff/releases/download/0.14.8/ruff-installer.ps1 | iex"

Download ruff 0.14.8

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.8

Released on 2025-12-04.

Preview features

• [flake8-bugbear] Catch yield expressions within other statements (B901) (#21200)
• [flake8-use-pathlib] Mark fixes unsafe for return type changes (PTH104, PTH105, PTH109, PTH115) (#21440)

Bug fixes

• Fix syntax error false positives for await outside functions (#21763)
• [flake8-simplify] Fix truthiness assumption for non-iterable arguments in tuple/list/set calls (SIM222, SIM223) (#21479)

Documentation

• Suggest using --output-file option in GitLab integration (#21706)

Other changes

• [syntax-error] Default type parameter followed by non-default type parameter (#21657)

Contributors

• @​kieran-ryan
• @​11happy
• @​danparizher
• @​ntBre

0.14.7

Released on 2025-11-28.

Preview features

• [flake8-bandit] Handle string literal bindings in suspicious-url-open-usage (S310) (#21469)
• [pylint] Fix PLR1708 false positives on nested functions (#21177)
• [pylint] Fix suppression for empty dict without tuple key annotation (PLE1141) (#21290)
• [ruff] Add rule RUF066 to detect unnecessary class properties (#21535)
• [ruff] Catch more dummy variable uses (RUF052) (#19799)

Bug fixes

• [server] Set severity for non-rule diagnostics (#21559)
• [flake8-implicit-str-concat] Avoid invalid fix in (ISC003) (#21517)
• [parser] Fix panic when parsing IPython escape command expressions (#21480)

CLI

• Show partial fixability indicator in statistics output (#21513)

... (truncated)

Commits

• 9d4f1c6 Bump 0.14.8 (#21791)
• 326025d [ty] Always register rename provider if client doesn't support dynamic regist...
• 3aefe85 [ty] Ensure rename CursorTest calls can_rename before renaming (#21790)
• b8ecc83 Fix clippy errors on main (#21788)
• 6491932 [ty] Fix crash when hovering an unknown string annotation (#21782)
• a9f2bb4 [ty] Don't send publish diagnostics for clients supporting pull diagnostics (...
• e2b72fb [ty] cleanup test path (#21781)
• 14fce0d [ty] Improve the display of various special-form types (#21775)
• 8ebecb2 [ty] Add subdiagnostic hint if the user wrote X = Any rather than X: Any ...
• 45ac30a [ty] Teach ty the meaning of desperation (try ancestor pyproject.tomls as...
• Additional commits viewable in compare view

Updates pytest from 9.0.1 to 9.0.2

Release notes

Sourced from pytest's releases.

9.0.2

pytest 9.0.2 (2025-12-06)

Bug fixes

• #13896: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.

  You may enable it again by passing -p terminalprogress. We may enable it by default again once compatibility improves in the future.

  Additionally, when the environment variable TERM is dumb, the escape codes are no longer emitted, even if the plugin is enabled.

• #13904: Fixed the TOML type of the tmp_path_retention_count settings in the API reference from number to string.

• #13946: The private config.inicfg attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.

• #13965: Fixed quadratic-time behavior when handling unittest subtests in Python 3.10.

Improved documentation

• #4492: The API Reference now contains cross-reference-able documentation of pytest's command-line flags <command-line-flags>.

Commits

• 3d10b51 Prepare release version 9.0.2
• 188750b Merge pull request #14030 from pytest-dev/patchback/backports/9.0.x/1e4b01d1f...
• b7d7bef Merge pull request #14014 from bluetech/compat-note
• bd08e85 Merge pull request #14013 from pytest-dev/patchback/backports/9.0.x/922b60377...
• bc78386 Add CLI options reference documentation (#13930)
• 5a4e398 Fix docs typo (#14005) (#14008)
• d7ae6df Merge pull request #14006 from pytest-dev/maintenance/update-plugin-list-tmpl...
• 556f6a2 pre-commit: fix rst-lint after new release (#13999) (#14001)
• c60fbe6 Fix quadratic-time behavior when handling unittest subtests in Python 3.10 ...
• 73d9b01 Merge pull request #13995 from nicoddemus/patchback/backports/9.0.x/1b5200c0f...
• Additional commits viewable in compare view

Updates mypy from 1.18.2 to 1.19.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Drop Support for Python 3.9

Mypy no longer supports running with Python 3.9, which has reached end-of-life. When running mypy with Python 3.10+, it is still possible to type check code that needs to support Python 3.9 with the --python-version 3.9 argument. Support for this will be dropped in the first half of 2026!

Contributed by Marc Mueller (PR 20156).

Removed flags --force-uppercase-builtins and --force-union-syntax

The --force-uppercase-builtins flag was deprecated and has been a no-op since mypy 1.17.0. Since mypy has dropped support for Python 3.9, the --force-union-syntax flag is no longer necessary.

Contributed by Marc Mueller (PR 20410) and (PR 20405).

Mypy 1.19

We’ve just uploaded mypy 1.19.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Python 3.9 Support Ending Soon

This is the last mypy feature release that supports Python 3.9, which reached end of life in October 2025.

Performance Improvements

• Switch to a more dynamic SCC processing logic (Ivan Levkivskyi, PR 20053)
• Speed up type aliases (Ivan Levkivskyi, PR 19810)

Fixed‑Format Cache Improvements

Mypy uses a cache by default to speed up incremental runs by reusing partial results from earlier runs. Mypy 1.18 added a new binary fixed-format cache representation as an experimental feature. The feature is no longer experimental, and we are planning to enable it by default in a future mypy release (possibly 1.20), since it's faster and uses less space than the original, JSON-based cache format. Use --fixed-format-cache to enable the fixed-format cache.

... (truncated)

Commits

• 0f068c9 Remove +dev
• 6d5cf52 Various updates to 1.19 changelog (#20304)
• 3c81308 Add draft version of 1.19 release notes (#20296)
• 1999a20 [mypyc] librt base64: use existing SIMD CPU dispatch by customizing build fla...
• 1b94fbb [mypyc] Fix vtable pointer with inherited dunder new (#20302)
• 13369cb [mypyc] Fix crash on super in generator (#20291)
• a087a58 Update import map when new modules added (#20271)
• 35e843c [mypyc] Add efficient librt.base64.b64decode (#20263)
• 094f66d [mypyc] Add repr to AssignmentTarget subclasses (#20258)
• 0738db3 Do not push partial types to the binder (#20202)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.