Bump the development-dependencies group with 4 updates

[dependabot]

Bumps the development-dependencies group with 4 updates: boto3-stubs, ruff, moto and tox.

Updates boto3-stubs from 1.40.50 to 1.40.59

Release notes

Sourced from boto3-stubs's releases.

8.8.0 - Python 3.8 runtime is back

Changed

• [services] install_requires section is calculated based on dependencies in use, so typing-extensions version is set properly
• [all] Replaced typing imports with collections.abc with a fallback to typing for Python <3.9
• [all] Added aliases for builtins.list, builtins.set, builtins.dict, and builtins.type, so Python 3.8 runtime should work as expected again (reported by @​YHallouard in #340 and @​Omri-Ben-Yair in #336)
• [all] Unions use the same type annotations as the rest of the structures due to proper fallbacks

Fixed

• [services] Universal input/output shapes were not replaced properly in service subresources
• [docs] Simplified doc links rendering for services
• [services] Cleaned up unnecessary imports in client.pyi
• [builder] Import records with fallback are always rendered

Commits

• See full diff in compare view

Updates ruff from 0.14.0 to 0.14.2

Release notes

Sourced from ruff's releases.

0.14.2

Release Notes

Released on 2025-10-23.

Preview features

• [flake8-gettext] Resolve qualified names and built-in bindings (INT001, INT002, INT003) (#19045)

Bug fixes

• Avoid reusing nested, interpolated quotes before Python 3.12 (#20930)
• Catch syntax errors in nested interpolations before Python 3.12 (#20949)
• [fastapi] Handle ellipsis defaults in FAST002 autofix (#20810)
• [flake8-simplify] Skip SIM911 when unknown arguments are present (#20697)
• [pyupgrade] Always parenthesize assignment expressions in fix for f-string (UP032) (#21003)
• [pyupgrade] Fix UP032 conversion for decimal ints with underscores (#21022)
• [fastapi] Skip autofix for keyword and __debug__ path params (FAST003) (#20960)

Rule changes

• [flake8-bugbear] Skip B905 and B912 for fewer than two iterables and no starred arguments (#20998)
• [ruff] Use DiagnosticTag for more pyflakes and pandas rules (#20801)

CLI

• Improve JSON output from ruff rule (#20168)

Documentation

• Add source to testimonial (#20971)
• Document when a rule was added (#21035)

Other changes

• [syntax-errors] Name is parameter and global (#20426)
• [syntax-errors] Alternative match patterns bind different names (#20682)

Contributors

• @​hengky-kurniawan-1
• @​ShalokShalom
• @​robsdedude
• @​LoicRiegel
• @​TaKO8Ki
• @​dylwil3
• @​11happy
• @​ntBre

Install ruff 0.14.2

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.2

Released on 2025-10-23.

Preview features

• [flake8-gettext] Resolve qualified names and built-in bindings (INT001, INT002, INT003) (#19045)

Bug fixes

• Avoid reusing nested, interpolated quotes before Python 3.12 (#20930)
• Catch syntax errors in nested interpolations before Python 3.12 (#20949)
• [fastapi] Handle ellipsis defaults in FAST002 autofix (#20810)
• [flake8-simplify] Skip SIM911 when unknown arguments are present (#20697)
• [pyupgrade] Always parenthesize assignment expressions in fix for f-string (UP032) (#21003)
• [pyupgrade] Fix UP032 conversion for decimal ints with underscores (#21022)
• [fastapi] Skip autofix for keyword and __debug__ path params (FAST003) (#20960)

Rule changes

• [flake8-bugbear] Skip B905 and B912 for fewer than two iterables and no starred arguments (#20998)
• [ruff] Use DiagnosticTag for more pyflakes and pandas rules (#20801)

CLI

• Improve JSON output from ruff rule (#20168)

Documentation

• Add source to testimonial (#20971)
• Document when a rule was added (#21035)

Other changes

• [syntax-errors] Name is parameter and global (#20426)
• [syntax-errors] Alternative match patterns bind different names (#20682)

Contributors

• @​hengky-kurniawan-1
• @​ShalokShalom
• @​robsdedude
• @​LoicRiegel
• @​TaKO8Ki
• @​dylwil3
• @​11happy
• @​ntBre

0.14.1

... (truncated)

Commits

• 83a3bc4 Bump 0.14.2 (#21051)
• 155fd60 Document when a rule was added (#21035)
• 48f1771 [ty] fix infinite recursion with generic type aliases (#20969)
• 4ca7459 [ty] Consider type_check_only when ranking completions (#20910)
• dab3d4e [ty] Improve invalid-argument-type diagnostics where a union type was provi...
• 0169551 Disable npm caching for playground (#21039)
• e92fd51 [ty] Add cycle handling to lazy_default (#20967)
• c3631c7 [ty] Add docstrings for ty_extensions functions (#21036)
• 589e8ac [ty] Infer type for implicit self parameters in method bodies (#20922)
• 76a5531 Fix rare multithreaded related hang (#21038)
• Additional commits viewable in compare view

Updates moto from 5.1.14 to 5.1.15

Changelog

Sourced from moto's changelog.

5.1.15

Docker Digest for 5.1.15: sha256:8860b18917e1ee4d067df19a406ae95dc26037e6965d5b499e1cffd33755b914

General:
    * Python 3.14 is now officially supported
New Methods:
* IdentityStore:
* get_user_id()
* SESv2:
    * delete_email_identity()

VPCLattice:

create_access_log_subscription()
delete_access_log_subscription()
get_access_log_subscription()
list_access_log_subscriptions()
update_access_log_subscription()





Miscellaneous:
* ACM: request_certificate() now supports the Option-parameter
* ACM: list_certificates() now supports the Includes-parameter, supporting Exportable Public Certificates
* APIGatewayV2: get_domain_name() now returns the DomainNameArn-attribute
* Athena: Executions can now be delayed using state transitions
* CloudFormation: validate_template() now supports short function refs (!Sub)
* Config: Now supports "AWS::SNS::Topic"-resources
* EC2: create_subnet() now supports the Ipv6Native-parameter
* EC2: create_transit_gateway_vpc_attachment() now validates that the TransitGateway exists
* EC2: create_transit_gateway_vpc_attachment() now validates that no other attachment to this VPC exists
* EC2: create_transit_gateway_vpc_attachment() now automatically adds the attachment to the default RouteTable
* EC2: create_transit_gateway_vpc_attachment() now correctly creates multiple attachments if called twice (for different VPC's)
* EC2: create_vpn_connection() now validates that only one of [VPNGateway|TransitGateway] is provided
* EC2: create_vpn_connection() now validates that the provided CustomerGateway and TransitGateway exists
* EC2: create/modify/describe_vpc_endpoint_service_configuration now supports the SupportedRegions-param
* EC2: describe_transit_gateway_attachments() now returns the correct RouteTableID
* EC2: describe_vpc_endpoints() now supports the 'vpc-endpoint-state'-filter
* Lambda: list_layer_versions() now returns the layers in the correct order - latest version first.
* ResourceGroupsTaggingAPI: get_resources() now supports SSM Parameters
* ResourceGroupsTaggingAPI: get_resources() now supports the 'kms:key' type
* SESv2: send_email() can now use an email registered by create_email_identity(), instead of having the SESv1:verify_domain_identity()-method

Commits

• 98bf6b5 Pre-Release: Up Version Number
• c5d34ab Prepare release 5.1.15 (#9380)
• 7aea351 CI: Use separate action to build Docker image once and reuse it (#9379)
• c1a58b4 Tests: Verify CDK tests for S3+EventBridge (#9378)
• e0d4dff Core: deprecate and limit use of XFormedDict (#9376)
• 5d5d4f6 IdentityStore: Add implementation for get-user-id (#9375)
• 85f9ee0 SQS: Protocol Test Improvements (#9373)
• bd78773 Core: create unified interface for interacting with Botocore service models (...
• 3508afc ElastiCache: Enable IPv6 test (#9371)
• 1befbbb CI: Test Moto against Python 3.14 (#9370)
• Additional commits viewable in compare view

Updates tox from 4.15.1 to 4.30.3

Release notes

Sourced from tox's releases.

4.30.3

What's Changed

• Isolate the test suite from any existing DEFAULT_CONFIG_FILE file by @​kurtmckee in tox-dev/tox#3612
• Fix none config file issue 3611 by @​kurtmckee in tox-dev/tox#3613
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in tox-dev/tox#3608
• Fix incorrect type annotations in PythonPathPackageWithDeps (fixes #3607) by @​PreistlyPython in tox-dev/tox#3616
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in tox-dev/tox#3615

New Contributors

• @​PreistlyPython made their first contribution in tox-dev/tox#3616

Full Changelog: tox-dev/tox@4.30.2...4.30.3

4.30.2

What's Changed

• Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 by @​dependabot[bot] in tox-dev/tox#3603
• Ensure automatically provisioned environment is torn down by @​vytas7 in tox-dev/tox#3601
• Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 in /.github/workflows by @​dependabot[bot] in tox-dev/tox#3604

Full Changelog: tox-dev/tox@4.30.1...4.30.2

4.30.1

What's Changed

• Prevent Tox from hanging with --installpkg sdist due to orphaned build backend by @​vytas7 in tox-dev/tox#3530

New Contributors

• @​vytas7 made their first contribution in tox-dev/tox#3530

Full Changelog: tox-dev/tox@4.30.0...4.30.1

4.30.0

What's Changed

• Pass through CI as __TOX_ENVIRONMENT_VARIABLE_ORIGINAL_CI by @​Liam-DeVoe in tox-dev/tox#3592
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in tox-dev/tox#3596
• Fix the built docs HTML path hint in tox.toml by @​webknjaz in tox-dev/tox#3594
• Add a "version added" note for tox_extend_envs by @​webknjaz in tox-dev/tox#3595
• fix: provide clear messaging about config file loading by @​ssbarnea in tox-dev/tox#3578
• Ensure tox_extend_envs list can be read twice by @​webknjaz in tox-dev/tox#3598

New Contributors

• @​Liam-DeVoe made their first contribution in tox-dev/tox#3592

... (truncated)

Changelog

Sourced from tox's changelog.

v4.30.3 (2025-10-02)

Bugfixes - 4.30.3

- Fix incorrect type annotation in ``PythonPathPackageWithDeps.__init__()``
  where ``deps`` was annotated as ``Sequence[Package]`` but should be
  ``Sequence[Requirement]`` to match actual runtime usage - by :user:`PreistlyPython` (:issue:`3607`)
- Fix ``None`` appearing as the config filename in error output
  when the user's default config file is corrupt. - by :user:`kurtmckee` (:issue:`3611`)
v4.30.2 (2025-09-04)
Bugfixes - 4.30.2

• Previously, when tox ran in an automatically provisioned environment, it could hang waiting for a PEP 517 build backend if used in conjunction with the --installpkg option. This has been fixed by properly tearing down the automatically provisioned environment after the tests.
  • by :user:vytas7 (:issue:3600)

v4.30.1 (2025-09-03)

Bugfixes - 4.30.1

- Prevent tox from hanging upon exit due to orphaned build threads and subprocesses when the ``--installpkg`` option is
  used with *sdist*.
  - by :user:`vytas7` (:issue:`3530`)
v4.30.0 (2025-09-03)
Features - 4.30.0

• Add __TOX_ENVIRONMENT_VARIABLE_ORIGINAL_CI, which passes through the CI variable if present. This is intended for use by other libraries to detect if tox is running under CI. (:issue:3442)

Bugfixes - 4.30.0

- Makes the error message more clear when pyproject.toml file cannot be loaded
  or is missing expected keys. (:issue:`3578`)
- The :func:`tox_extend_envs() hook <tox.plugin.spec.tox_extend_envs>`
  recently added in :pull:`3591` turned out to not work well with
  ``tox run``. It was fixed internally, not to exhaust the underlying
  iterator on the first use.
-- by :user:webknjaz (:issue:3598)
v4.29.0 (2025-08-29)
</tr></table>

... (truncated)

Commits

• 01442da release 4.30.3
• 984dc78 [pre-commit.ci] pre-commit autoupdate (#3615)
• 660adb5 Fix incorrect type annotations in PythonPathPackageWithDeps (fixes #3607) (#3...
• 393de39 [pre-commit.ci] pre-commit autoupdate (#3608)
• 6e32426 Fix none config file issue 3611 (#3613)
• 0805c83 Isolate the test suite from any existing DEFAULT_CONFIG_FILE file (#3612)
• 5e0784a release 4.30.2
• 64e8a34 Bump pypa/gh-action-pypi-publish in /.github/workflows (#3604)
• 7230088 Ensure automatically provisioned environment is torn down (#3601)
• 2c31dbc Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 (#3603)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.