chore(pip): bump the python group with 5 updates

[dependabot]

Bumps the python group with 5 updates:

Package	From	To
bazel-runfiles	1.9.0	2.1.0
wcwidth	0.2.14	0.8.1
bmw-lobster	1.0.2	1.0.3
basedpyright	1.35.0	1.39.9
pytest	9.0.3	9.1.1

Updates bazel-runfiles from 1.9.0 to 2.1.0

Release notes

Sourced from bazel-runfiles's releases.

2.1.0

For more detailed setup instructions, see https://rules-python.readthedocs.io/en/latest/getting-started.html

For the user-facing changelog see here

Using Bzlmod

Add to your MODULE.bazel file:

bazel_dep(name = "rules_python", version = "2.1.0")
python = use_extension("@​rules_python//python/extensions:python.bzl", "python")
python.toolchain(
python_version = "3.13",
)
pip = use_extension("@​rules_python//python/extensions:pip.bzl", "pip")
pip.parse(
hub_name = "pypi",
python_version = "3.13",
requirements_lock = "//:requirements_lock.txt",
)
use_repo(pip, "pypi")

Using WORKSPACE

Paste this snippet into your WORKSPACE file:

load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
http_archive(
name = "rules_python",
sha256 = "5453dafcb177e886961cd1ec9812972316db4beca5ca379916a627732d4b7d11",
strip_prefix = "rules_python-2.1.0",
url = "https://github.com/bazel-contrib/rules_python/releases/download/2.1.0/rules_python-2.1.0.tar.gz",
)
load("@​rules_python//python:repositories.bzl", "py_repositories")
py_repositories()

Gazelle plugin

Paste this snippet into your WORKSPACE file:

... (truncated)

Changelog

Sourced from bazel-runfiles's changelog.

2.1.0 - 2026-06-17

{#v2-1-0-removed}

Removed

• (build_data) Removed CONFIG_MODE from build data (#3793).
• (coverage) Support for python 3.8 has been dropped from the bundled coverage.py wheel set, since coverage.py 7.6.2 dropped it.

{#v2-1-0-changed}

Changed

• (bzlmod) How default runtimes are registered has changed to use a manifest of SHAs and URLs. TOOL_VERSIONS in python/versions.bzl is now empty under bzlmod.
• (gazelle) WORKSPACE's bazel-gazelle dependency bumped from 0.36.0 to 0.47.0. The go version was also bumped from 1.21.13 to 1.22.9.
• (gazelle) python_generate_pyi_deps and python_generate_pyi_srcs now default to true.
• (pypi) The data files of a wheel (bin, includes, etc) are now always included as a library's data dependencies.
• (coverage) When configure_coverage_tool = True is set but the bundled coverage.py wheel set has no entry for the requested python version and platform, a warning is now printed instead of silently producing an empty coverage report.

{#v2-1-0-fixed}

Fixed

• (gazelle) py_library and py_test targets with missing source files can now be removed by Gazelle (#3375). However map_kind and alias_kind will not be removed unless people are running a gazelle version that includes bazel-gazelle#2362
• (bootstrap) Fixed a potential race condition with symlink creation during startup.
• (gazelle) Fixed handling of auto-included __init__.py files when generating py_binary targets (#3729).
• (entry_point) From now on mypy type checking will be skipped on the generated files (#3126).
• (pypi) Support --experimental_isolated_extension_usages (#3668).
• (uv) use the astral.sh mirror as the preferred url for binary downloads, with github.com as a fallback; for uv >= 0.11.0, read the checksums directly from the dist-manifest contents.
• (pypi) Fix importlib.metadata.files by ensuring RECORD is included in installed wheel targets, except when built from sdist (#3024).
• (system_python) Fix AttributeError exception on Debian 10 Buster python installations which may not set sys._base_executable

... (truncated)

Commits

• 5c32fa9 chore: prepare 2.1 release (#3829)
• 102b501 feat: expose interpreter files-to-run on PyRuntimeInfo (#3795)
• 6ce7840 fix(coverage): handle nested coverage collection (#3823)
• 44ec76f docs: update changelog for 2.0.3 release (#3820)
• 99d0c3d refactor(toolchains): register runtimes using manifest (#3812)
• 7053e26 Gazelle: Delete stale py_library and py_test targets (#3817)
• 42c8e75 feat(toolchains): support runtime registration from manifest (#3802)
• c0fef46 fix(uv): respect uv.tool settings in pyproject.toml (#3811)
• 8b38325 build: configure secondary mirror fallback (#3814)
• dcb7dfa feat: add //command_line_option:extra_toolchains pseudo-flag (#3810)
• Additional commits viewable in compare view

Updates wcwidth from 0.2.14 to 0.8.1

Release notes

Sourced from wcwidth's releases.

0.8.1: Improved corrections tables

• Improved corrections tables by @​jquast in jquast/wcwidth#226

Full Changelog: jquast/wcwidth@0.8.0...0.8.1

0.8.0: new terminal-aware wcstwidth() function

• New support for Variation Selector 15 Emojis as narrow, #211.
• New argument, term_program for wcstwidth(), width(), clip(), wrap(), ljust(), rjust(), and center(). False disables corrections; True auto-detects by TERM_PROGRAM or TERM; string values accept canonical names matching list_term_programs(). wcstwidth()_ defaults to True; all other functions default to False.
• Improved performance on Python 3.15 using standard library iter_graphemes() #206.
• Improved memory usage and import time for Python 3.15 using lazy imports #221.
• Bugfix Invisible_Stacker viramas now form conjuncts (Burmese, Khmer, etc.) and change some Virama width calculations to match jacobsandlund/uucode_ (ghostty) #223.
• Updated graphemes width maximum now 2, matching Ghostty, foot, and Windows Terminal #224.

Full Changelog: jquast/wcwidth@0.7.0...0.8.0

0.7.0

• New support for kitty text sizing protocol (OSC 66) in width() and clip().
• New clip() parameter control_codes='parse', 'ignore', and 'strict'. clip() is now able to clip OSC 8 hyperlinks and OSC 66 text sizing sequences.
• Improved clip() and width() to support horizontal cursor sequences (cub, cuf, hpa). Cursor-left (cub) or backspace (\b) now overwrites text. column_address (hpa) and carriage return (\r) are now parsed, and more values conditionally raise ValueError when control_codes='strict'.

PR's

• Remove docs, add utils by @​jquast in jquast/wcwidth#209
• Bump requests from 2.32.5 to 2.33.0 in /docs by @​dependabot[bot] in jquast/wcwidth#210
• Bump pygments from 2.19.2 to 2.20.0 in /docs by @​dependabot[bot] in jquast/wcwidth#212
• dependabot nonsense by @​jquast in jquast/wcwidth#215
• Expand terminal escape sequence for three more ECMA-48 "families" by @​jquast in jquast/wcwidth#214
• Improve clip() and width() with hyperlinks and overtyping by @​jquast in jquast/wcwidth#216
• Improve width() and clip() with kitty Text Sizing Protocol by @​jquast in jquast/wcwidth#213

Full Changelog: jquast/wcwidth@0.6.0...0.7.0

0.6.0

• Complete textwrap.wrap() with 6 missing params! by @​jquast in jquast/wcwidth#207

Full Changelog: jquast/wcwidth@0.5.3...0.6.0

0.5.3

• Add Virama conjunct for the Brahmic scripts by @​jquast in jquast/wcwidth#204

Full Changelog: jquast/wcwidth@0.5.2...0.5.3

0.5.2

• Do not distribute any data files by @​jquast in jquast/wcwidth#199
• Update specs and zero-width tables regarding Mc by @​jquast in jquast/wcwidth#200
• Standalone emoji support by @​jquast in jquast/wcwidth#202

... (truncated)

Commits

• d1c99fe hyperlink and wordfix
• edb344a set to 0.8.1 not 2, not yet
• 00d6fef Improve corrections tables (zeroer, narrow_wider, narrow_zeroer) (#226)
• e8405a6 'of of' -> 'of', formatting
• 1de17df set release date for 0.8.0 in readme
• 9df7261 more docs
• be0fdb2 document better
• 2d9925b wcstwidth(term_program=True) default argument
• 169c846 Terminal software identity-assisted wcswidth() (#220)
• e4f76d5 bugfix virama with mc width is capped at 2, also (#225)
• Additional commits viewable in compare view

Updates bmw-lobster from 1.0.2 to 1.0.3

Release notes

Sourced from bmw-lobster's releases.

Release 1.0.3

• lobster-html-report:

  • [Bazel]: Added a parameter to specify the source root of the html report. Make sure that links to source files work correctly.

• lobster-pkg:

  • Introduced API function. Added API function for the tool lobster-pkg which takes PkgToolConfig as input and extracts tracing values from package files. This is similar to running the tool lobster-pkg.

• lobster-trlc:

  • Updated documentation to explain how to use the version flag (version-field) parameter in conversion rules and how it affects generated versioned tags.

• lobster-report:

  • Fixed edge-case exception when loading a *.lobster file raised an AssertionError. The error was not propagated to the error output stream, but another exception was created instead.

• lobster-json:

  • Fixed crash when processing empty JSON files. The tool now exits gracefully with return code 1 and prints a proper error message to stderr: "Input file contains invalid JSON."

• All tools now automatically create output directories if they don't exist. Previously, tools would crash with an exception if the specified output directory path did not exist. This enhancement improves usability and prevents unexpected failures when working with nested directory structures.

• lobster-codebeamer:

  • Improved error messages with detailed troubleshooting information:
    • Connection timeout errors now include the URL and suggest increasing timeout parameter
    • Connection errors provide actionable steps like checking internet connection and increasing retries
    • Network errors include clear failure reasons and suggested actions
    • HTTP response errors now include status code and reason
  • Changed default value of verify_ssl to True
  • If the configuration file contains an invalid schema value, an exception is raised. Earlier the fallback "activity" was used.

• API documentation

  • Created comprehensive API documentation using Sphinx for better user experience across all LOBSTER tools.
  • Added detailed examples and configuration parameters for lobster-codebeamer, lobster-cpptest, lobster-report, lobster-html-report, and lobster-online-report tools.

• Included Python 3.13 in the CI test matrix.

Changelog

Sourced from bmw-lobster's changelog.

1.0.3

• lobster-html-report:

  • [Bazel]: Added a parameter to specify the source root of the html report. Make sure that links to source files work correctly.

• lobster-pkg:

  • Introduced API function. Added API function for the tool lobster-pkg which takes PkgToolConfig as input and extracts tracing values from package files. This is similar to running the tool lobster-pkg.

• lobster-trlc:

  • Updated documentation to explain how to use the version flag (version-field) parameter in conversion rules and how it affects generated versioned tags.

• lobster-report:

  • Fixed edge-case exception when loading a *.lobster file raised an AssertionError. The error was not propagated to the error output stream, but another exception was created instead.

• lobster-json:

  • Fixed crash when processing empty JSON files. The tool now exits gracefully with return code 1 and prints a proper error message to stderr: "Input file contains invalid JSON."

• All tools now automatically create output directories if they don't exist. Previously, tools would crash with an exception if the specified output directory path did not exist. This enhancement improves usability and prevents unexpected failures when working with nested directory structures.

• lobster-codebeamer:

  • Improved error messages with detailed troubleshooting information:
    • Connection timeout errors now include the URL and suggest increasing timeout parameter
    • Connection errors provide actionable steps like checking internet connection and increasing retries
    • Network errors include clear failure reasons and suggested actions
    • HTTP response errors now include status code and reason
  • Changed default value of verify_ssl to True
  • If the configuration file contains an invalid schema value, an exception is raised. Earlier the fallback "activity" was used.

• API documentation

  • Created comprehensive API documentation using Sphinx for better user experience across all LOBSTER tools.
  • Added detailed examples and configuration parameters for lobster-codebeamer, lobster-cpptest, lobster-report, lobster-html-report, and lobster-online-report tools.

• Included Python 3.13 in the CI test matrix.

Commits

• 5ae311e Remove dev 1.0.4 dev (#576)
• 623e4cd bump lobster version to 1.0.4 (#575)
• a606b96 LOBSTER Release 1.0.3 (#574)
• 765085b Updates CHANGELOG (#573)
• 6f5134c Adds test and requirement traces for text feature (#567)
• f4cf740 Bump gitpython from 3.1.46 to 3.1.47 (#572)
• bd9a0e4 Formatting Cleanup (#569)
• 6e3b8e8 Bump python-dotenv from 1.2.1 to 1.2.2 (#568)
• 170cd8f Fix/pkg API Function (#547)
• d528fbd Include Python 3.13 in the test matrix (#565)
• Additional commits viewable in compare view

Updates basedpyright from 1.35.0 to 1.39.9

Commits

• 2802042 fix pnpm view command and simplify the outcome check
• f6e62d3 fix crash during publish
• 816614e 1.39.9
• c79697f remove more webpack remnants
• 2921109 microsoft/vscode-vsce#421
• 5812074 fix new test from upstream. that representation of a paramspec is wrong, espe...
• eaaaf62 prettier ignore new files from upstream
• 8baf13e switch to pnpm because npm is the worst package manager ever made.
• f228a80 fixes from merge
• 2170274 Merge tag '1.1.411' into merge-1.1.411
• Additional commits viewable in compare view

Updates pytest from 9.0.3 to 9.1.1

Release notes

Sourced from pytest's releases.

9.1.1

pytest 9.1.1 (2026-06-19)

Bug fixes

• #14220: Fixed a logic bug in pytest.RaisesGroup which would might cause it to display incorrect "It matches FooError() which was paired with BarError" messages.
• #14591: Fixed a regression in pytest 9.1.0 which caused overriding a parametrized fixture with an indirect @​pytest.mark.parametrize to fail with "duplicate parametrization of '<fixture name>'".
• #14606: Fixed list-item typing errors from mypy in @pytest.mark.parametrize <pytest.mark.parametrize ref> argvalues parameter.
• #14608: Fixed a regression in pytest 9.1.0 where conftest.py files located in <invocation dir>/test* were no longer loaded as initial conftests when invoked without arguments. This could cause certain hooks (like pytest_addoption) in these files to not fire.

9.1.0

pytest 9.1.0 (2026-06-13)

Removals and backward incompatible breaking changes

• #14533: When using --doctest-modules, autouse fixtures with module, package or session scope that are defined inline in Python test modules (not plugins or conftests) will now possibly execute twice.

  If this is undesirable, move the fixture definition to a conftest.py file if possible.

  Technical explanation for those interested: When using --doctest-modules, pytest possibly collects Python modules twice, once as pytest.Module and once as a DoctestModule (depending on the configuration). Due to improvements in pytest's fixture implementation, if e.g. the DoctestModule collects a fixture, it is now visible to it only, and not to the Module. This means that both need to register the fixtures independently.

Deprecations (removal in next major release)

• #10819: Added a deprecation warning for class-scoped fixtures defined as instance methods (without @classmethod). Such fixtures set attributes on a different instance than the test methods use, leading to unexpected behavior. Use @classmethod decorator instead -- by yastcher.

  See 10819 and 14011.

• #12882: Calling request.getfixturevalue() <pytest.FixtureRequest.getfixturevalue> during teardown to request a fixture that was not already requested is now deprecated and will become an error in pytest 10.

  See dynamic-fixture-request-during-teardown for details.

• #13409: Using non-~collections.abc.Collection iterables (such as generators, iterators, or custom iterable objects) for the argvalues parameter in @pytest.mark.parametrize <pytest.mark.parametrize ref> and metafunc.parametrize <pytest.Metafunc.parametrize> is now deprecated.

  These iterables get exhausted after the first iteration, leading to tests getting unexpectedly skipped in cases such as running pytest.main() multiple times, using class-level parametrize decorators, or collecting tests multiple times.

  See parametrize-iterators for details and suggestions.

• #13946: The private config.inicfg attribute is now deprecated. Use config.getini() <pytest.Config.getini> to access configuration values instead.

  See config-inicfg for more details.

• #14004: Passing baseid to ~pytest.FixtureDef or nodeid strings to fixture registration APIs is now deprecated. These are internal pytest APIs that are used by some plugins.

... (truncated)

Commits

• cf470ec Prepare release version 9.1.1
• e0c8ce6 Merge pull request #14625 from pytest-dev/patchback/backports/9.1.x/a07c31a97...
• 1b82d16 Merge pull request #14624 from pytest-dev/patchback/backports/9.1.x/b375b79ec...
• 501c4bc Merge pull request #14596 from bluetech/doc-classmethod
• b61f588 Merge pull request #14622 from chrisburr/fix-14608-initial-conftest-test-subdir
• 9a567e0 [automated] Update plugin list (#14617) (#14618)
• ef8b299 Merge pull request #14620 from pytest-dev/patchback/backports/9.1.x/680f9f3ed...
• 66abd07 Merge pull request #14220 from bysiber/fix-stale-iexp-raisesgroup
• 79fbf93 Merge pull request #14612 from pytest-dev/patchback/backports/9.1.x/974ed48b6...
• 0d312eb Merge pull request #14611 from bluetech/parametrize-argvalues-typing
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[hoe-jo]

Not required

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml