fix: ensure all dependency files have consistent latest versions

- Updated pre-commit from 4.3.0 to 4.5.1 in all template files
- Updated pyhocon from 0.3.59 to 0.3.61 in cookiecutter template
- Updated wheel from 0.46.2 to 0.46.3 in requirements-dev.txt
- Added v1.3.0 link to CHANGELOG.md
All dependency files now consistently use the latest versions:
- pyproject.toml (root & template) ✅
- requirements-dev.txt ✅
- environment-dev.yml ✅
- CHANGELOG.md ✅

Author: ChrsBaur

.github/workflows/tests-poetry.yml

@@ -25,7 +25,7 @@ jobs:
       - uses: actions/checkout@v5
 
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: ${{ matrix.python-version }}
 

CHANGELOG.md

@@ -7,8 +7,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+- Placeholder for future updates and new features.
+
+## [1.3.0] - 2026-01-27
+
+### ⚠️ Breaking Changes
+- **Minimum Python version increased from 3.9 to 3.10** (required for secure dependency versions)
+
 ### Security
-- **BREAKING CHANGE**: Upgraded minimum Python version from 3.9 to 3.10 to support secure dependency versions
 - Fixed CVE-2024-47081: Updated `requests` from 2.32.3 to 2.32.5 (Moderate - .netrc credentials leak)
 - Fixed CVE-2025-50181: Updated `urllib3` from 2.4.0 to 2.6.3 (Moderate - redirects not disabled with retries)
 - Fixed CVE-2025-50182: Updated `urllib3` to 2.6.3 (Moderate - redirects in browsers/Node.js)
@@ -23,9 +30,48 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
 - Updated CI/CD workflows to test Python 3.10 and 3.13 (dropped 3.9)
 - Updated all template files and documentation to reflect Python 3.10 minimum requirement
+- Updated GitHub Actions `actions/setup-python` from v5 to v6
+- Updated `cookiecutter` from 2.3 to 2.6
+- Updated `pre-commit` from 4.3.0 to 4.5.1
+- Updated `pytest` from 8.4.1 to 9.0.2
+- Updated `pytest-cov` from 6.2.1 to 7.0.0
+- Updated `pytest-mock` from 3.14.1 to 3.15.1
+- Updated `pyyaml` from 6.0.2 to 6.0.3
+- Updated `typer` from 0.16.1 to 0.21.1
+- Updated `setuptools` from 80.9.0 to 80.10.2
+- Updated pre-commit hook `astral-sh/ruff-pre-commit` from v0.12.10 to v0.14.14
+- Updated pre-commit hook `pycqa/isort` from v6.0.1 to v6.1.0
+- Updated pre-commit hook `asottile/pyupgrade` args from `--py39-plus` to `--py310-plus`
+- Updated Python base images in GitLab CI from 3.9 to 3.10
+- Fixed YAML parsing issue in GitHub Actions workflow (quoted Python versions to prevent 3.10 → 3.1)
+
+### Dependency Updates (Transitive)
+- Updated `arrow` from 1.3.0 to 1.4.0
+- Updated `certifi` from 2025.4.26 to 2026.1.4
+- Updated `cfgv` from 3.4.0 to 3.5.0
+- Updated `charset-normalizer` from 3.4.2 to 3.4.4
+- Updated `click` from 8.1.8 to 8.3.1
+- Updated `coverage` from 7.8.2 to 7.13.2
+- Updated `distlib` from 0.3.9 to 0.4.0
+- Updated `exceptiongroup` from 1.3.0 to 1.3.1
+- Updated `identify` from 2.6.12 to 2.6.16
+- Updated `idna` from 3.10 to 3.11
+- Updated `iniconfig` from 2.1.0 to 2.3.0
+- Updated `markdown-it-py` from 3.0.0 to 4.0.0
+- Updated `markupsafe` from 3.0.2 to 3.0.3
+- Updated `nodeenv` from 1.9.1 to 1.10.0
+- Updated `packaging` from 25.0 to 26.0
+- Updated `platformdirs` from 4.3.8 to 4.5.1
+- Updated `pygments` from 2.19.1 to 2.19.2
+- Updated `pyparsing` from 3.2.3 to 3.3.2
+- Updated `rich` from 14.0.0 to 14.3.1
+- Updated `tomli` from 2.2.1 to 2.4.0
+- Added `tzdata` 2025.3
+
+### Summary
+All 10 Dependabot security vulnerabilities have been resolved (4 High, 6 Moderate).
+All dependencies updated to latest stable versions as of January 2026.
 
-### Added
-- Placeholder for future updates and new features.
 
 ## [1.2.2] - 2025-08-22
 ### Changed
@@ -162,7 +208,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ---
 
-[Unreleased]: https://github.com/at-gmbh/at-python-template/compare/v1.2.2...HEAD
+[Unreleased]: https://github.com/at-gmbh/at-python-template/compare/v1.3.0...HEAD
+[1.3.0]: https://github.com/at-gmbh/at-python-template/compare/v1.2.2...v1.3.0
 [1.2.2]: https://github.com/at-gmbh/at-python-template/compare/v1.2.1...v1.2.2
 [1.2.1]: https://github.com/at-gmbh/at-python-template/compare/v1.2.0...v1.2.1
 [1.2.0]: https://github.com/at-gmbh/at-python-template/compare/v1.1.1...v1.2.0

poetry.lock

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "at-python-template"
-version = "1.2.2"
+version = "1.3.0"
 description = "This is the official Python Project Template of Alexander Thamm GmbH (AT)"
 authors = [
     "Christian Baur <christian.baur@alexanderthamm.com>",
@@ -16,22 +16,22 @@ packages = [{ include = "{{cookiecutter.module_name}}", from = "{{cookiecutter.p
 
 [tool.poetry.dependencies]
 python = "^3.10"
-cookiecutter = "^2.3"
-pre-commit = "^4.3.0"
-pytest-mock = "^3.12"
-pyhocon = "^0.3.60"
-pyyaml = "^6.0"
-typer = "^0.16.1"
-setuptools = "^80.9.0"
-requests = ">=2.32.4"
+cookiecutter = "^2.6"
+pre-commit = "^4.5.1"
+pytest-mock = "^3.15.1"
+pyhocon = "^0.3.61"
+pyyaml = "^6.0.3"
+typer = "^0.21.1"
+setuptools = "^80.10.2"
+requests = ">=2.32.5"
 urllib3 = ">=2.6.3"
-wheel = ">=0.46.2"
+wheel = "~=0.46.3"
 filelock = ">=3.20.3"
 virtualenv = ">=20.36.1"
 
 [tool.poetry.group.dev.dependencies]
-pytest = "^8.4.1"
-pytest-cov = "^6.2.1"
+pytest = "^9.0.2"
+pytest-cov = "^7.0.0"
 
 [build-system]
 requires = ["poetry-core"]

pyproject.toml

@@ -16,18 +16,18 @@ repos:
     rev: 'stable'
     hooks:
       - id: black
-        language_version: python3.9
+        language_version: python3.10
         exclude: ^notebooks{% else %}
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: 'v0.12.10'
+    rev: 'v0.14.14'
     hooks:
       - id: ruff{% endif %}
   - repo: https://github.com/pycqa/isort
-    rev: '6.0.1'
+    rev: '6.1.0'
     hooks:
       - id: isort
   - repo: https://github.com/asottile/pyupgrade
     rev: 'v3.20.0'
     hooks:
       - id: pyupgrade
-        args: [ --py39-plus ]
+        args: [ --py310-plus ]

{{cookiecutter.project_slug}}/.pre-commit-config.yaml

@@ -8,10 +8,10 @@ channels:
 
 dependencies:
   - python>=3.10
-  - pytest>=8.4.1
-  - pytest-cov>=6.2.1
-  - pre-commit>=4.3.0
-  - isort>=6.0.0{% if cookiecutter.use_notebooks == 'yes' %}
+  - pytest>=9.0.2
+  - pytest-cov>=7.0.0
+  - pre-commit>=4.5.1
+  - isort>=6.1.0{% if cookiecutter.use_notebooks == 'yes' %}
   - jupyterlab>=4.3.5{% endif %}
   - pip{% if cookiecutter.code_formatter == 'black' %}
   - pip:

{{cookiecutter.project_slug}}/environment-dev.yml

@@ -9,7 +9,7 @@ channels:
 dependencies:
   - python>=3.10{% if cookiecutter.config_file == 'hocon' %}
   - pyhocon>=0.3.61{% elif cookiecutter.config_file == 'yaml' %}
-  - PyYAML>=6.0.2{% endif %}
+  - PyYAML>=6.0.3{% endif %}
   - pip  {% if cookiecutter.create_cli == 'yes' %}
   - pip:
-      - typer==0.15.1{% endif %}
+      - typer==0.21.1{% endif %}

{{cookiecutter.project_slug}}/environment.yml

@@ -11,17 +11,17 @@ include = ["src/{{ cookiecutter.module_name }}/res/*"]
 [tool.poetry.dependencies]
 python = "^3.10"
 {%- if cookiecutter.config_file == 'hocon' %}
-pyhocon = "^0.3.59"
+pyhocon = "^0.3.61"
 {%- elif cookiecutter.config_file == 'yaml' %}
-PyYAML = "^6.0"
+PyYAML = "^6.0.3"
 {%- endif %}
 {%- if cookiecutter.create_cli == 'yes' %}
-typer = "^0.16.1"
+typer = "^0.21.1"
 {%- endif %}
 
 [tool.poetry.group.test.dependencies]
-pytest = "^8.4.1"
-pytest-cov = "^6.2.1"
+pytest = "^9.0.2"
+pytest-cov = "^7.0.0"
 
 [tool.poetry.group.linter.dependencies]
 {%- if cookiecutter.code_formatter == 'black' %}
@@ -32,7 +32,7 @@ ruff = "^0.1.7"
 isort = "^5.12.0"
 
 [tool.poetry.group.dev.dependencies]
-pre-commit = "^4.3.0"
+pre-commit = "^4.5.1"
 {%- if cookiecutter.use_notebooks == 'yes' %}
 jupyterlab = "^3.5"
 {%- endif %}

{{cookiecutter.project_slug}}/pyproject.toml

@@ -2,7 +2,7 @@
 # with this project (e.g. for testing or useful development tools).
 # The regular project dependencies are defined in requirements.txt{% if cookiecutter.code_formatter == 'black' %}
 black~=25.1.0{% endif %}
-pre-commit~=4.3.0
-pytest~=8.4.1
-pytest-cov~=6.2.1
-wheel>=0.46.2
+pre-commit~=4.5.1
+pytest~=9.0.2
+pytest-cov~=7.0.0
+wheel~=0.46.3