chore(pip): bump the python group with 5 updates

[dependabot]

Bumps the python group with 5 updates:

Package	From	To
bazel-runfiles	1.9.0	2.0.2
wcwidth	0.2.14	0.8.1
bmw-lobster	1.0.2	1.0.3
basedpyright	1.35.0	1.39.7
pytest	9.0.1	9.0.3

Updates bazel-runfiles from 1.9.0 to 2.0.2

Release notes

Sourced from bazel-runfiles's releases.

2.0.2

For more detailed setup instructions, see https://rules-python.readthedocs.io/en/latest/getting-started.html

For the user-facing changelog see here

Using Bzlmod

Add to your MODULE.bazel file:

bazel_dep(name = "rules_python", version = "2.0.2")
python = use_extension("@​rules_python//python/extensions:python.bzl", "python")
python.toolchain(
python_version = "3.13",
)
pip = use_extension("@​rules_python//python/extensions:pip.bzl", "pip")
pip.parse(
hub_name = "pypi",
python_version = "3.13",
requirements_lock = "//:requirements_lock.txt",
)
use_repo(pip, "pypi")

Using WORKSPACE

Paste this snippet into your WORKSPACE file:

load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
http_archive(
name = "rules_python",
sha256 = "2119ca04726066c53b8f1ff42dffa090ea7f3e42a75679f1cfda937406cf7753",
strip_prefix = "rules_python-2.0.2",
url = "https://github.com/bazel-contrib/rules_python/releases/download/2.0.2/rules_python-2.0.2.tar.gz",
)
load("@​rules_python//python:repositories.bzl", "py_repositories")
py_repositories()

Gazelle plugin

Paste this snippet into your WORKSPACE file:

... (truncated)

Changelog

Sourced from bazel-runfiles's changelog.

2.0.2 - 2026-05-14

{#v2-0-2-added}

Added

• (toolchains) 3.13.12, 3.14.3 Python toolchain from 20260325 release.
• (toolchains) 3.10.20, 3.11.15, 3.12.13, 3.13.13 3.14.4, 3.15.0a8
• Python toolchain from 20260414 release.

{#v2-0-1}

2.0.1 - 2026-05-08

{#v2-0-1-fixed}

Fixed

• (pypi) Fix the versions of packages that we are recording to a MODULE.bazel.lock file facts by passing all of the versions to the get_index function. Fixes #3756.
• (bzlmod) Reduce default verbosity of our loggers for non-root modules (#3749).

{#v2-0-0}

2.0.0 - 2026-04-09

{#v2-0-0-removed}

Removed

• Nothing removed.

{#v2-0-0-changed}

Changed

Breaking

• {obj}--windows_enable_symlinks is required. Add startup --windows_enable_symlinks to your .bazelrc to enable Bazel using full symlink support on Windows.
• venv-based binaries are created by default ({obj}--bootstrap_impl=system_python) on supported platforms (Linux/Mac with Bazel 8+, or Windows).
• --build_python_zip on Windows is ignored. Use {obj}py_zipapp_binary to create zips of Python programs.
• (pypi) Previously experimental_index_url users would not need to specify target platforms if cross-building is required. From now we will only pull wheels for the host OS to better align with how the rules work with the legacy

... (truncated)

Commits

• 6aad882 ci: update RBE toolchain version from ubuntu2204 to ubuntu2404 (#3778)
• 06bc9f7 feat(toolchains): Add 3.10.20, 3.11.15, 3.12.13, 3.13.{12,13} 3.14.{3,4}, 3.1...
• e29c577 test: finish fixing the mocks in the pypi_cache
• ed05762 fix(test): update the lock-file to corresspond to the current deps
• 2852efd fix(logger): do not output WARN level logs for non-root modules (#3760)
• d876cfe fix(pypi): pass the correct versions to get_index_urls and fix cache invalida...
• 1390b36 fix(pypi): don't resolve python interpreter when not necessary (#3727)
• 91b3224 fix(pypi): build the environment on the fly (#3720)
• 577bb1f fix(pypi): correctly write the used facts back (#3719)
• 8c726cb fix(pypi): skip index lookups when all package overrides are specified (#3710)
• Additional commits viewable in compare view

Updates wcwidth from 0.2.14 to 0.8.1

Release notes

Sourced from wcwidth's releases.

0.8.1: Improved corrections tables

• Improved corrections tables by @​jquast in jquast/wcwidth#226

Full Changelog: jquast/wcwidth@0.8.0...0.8.1

0.8.0: new terminal-aware wcstwidth() function

• New support for Variation Selector 15 Emojis as narrow, #211.
• New argument, term_program for wcstwidth(), width(), clip(), wrap(), ljust(), rjust(), and center(). False disables corrections; True auto-detects by TERM_PROGRAM or TERM; string values accept canonical names matching list_term_programs(). wcstwidth()_ defaults to True; all other functions default to False.
• Improved performance on Python 3.15 using standard library iter_graphemes() #206.
• Improved memory usage and import time for Python 3.15 using lazy imports #221.
• Bugfix Invisible_Stacker viramas now form conjuncts (Burmese, Khmer, etc.) and change some Virama width calculations to match jacobsandlund/uucode_ (ghostty) #223.
• Updated graphemes width maximum now 2, matching Ghostty, foot, and Windows Terminal #224.

Full Changelog: jquast/wcwidth@0.7.0...0.8.0

0.7.0

• New support for kitty text sizing protocol (OSC 66) in width() and clip().
• New clip() parameter control_codes='parse', 'ignore', and 'strict'. clip() is now able to clip OSC 8 hyperlinks and OSC 66 text sizing sequences.
• Improved clip() and width() to support horizontal cursor sequences (cub, cuf, hpa). Cursor-left (cub) or backspace (\b) now overwrites text. column_address (hpa) and carriage return (\r) are now parsed, and more values conditionally raise ValueError when control_codes='strict'.

PR's

• Remove docs, add utils by @​jquast in jquast/wcwidth#209
• Bump requests from 2.32.5 to 2.33.0 in /docs by @​dependabot[bot] in jquast/wcwidth#210
• Bump pygments from 2.19.2 to 2.20.0 in /docs by @​dependabot[bot] in jquast/wcwidth#212
• dependabot nonsense by @​jquast in jquast/wcwidth#215
• Expand terminal escape sequence for three more ECMA-48 "families" by @​jquast in jquast/wcwidth#214
• Improve clip() and width() with hyperlinks and overtyping by @​jquast in jquast/wcwidth#216
• Improve width() and clip() with kitty Text Sizing Protocol by @​jquast in jquast/wcwidth#213

Full Changelog: jquast/wcwidth@0.6.0...0.7.0

0.6.0

• Complete textwrap.wrap() with 6 missing params! by @​jquast in jquast/wcwidth#207

Full Changelog: jquast/wcwidth@0.5.3...0.6.0

0.5.3

• Add Virama conjunct for the Brahmic scripts by @​jquast in jquast/wcwidth#204

Full Changelog: jquast/wcwidth@0.5.2...0.5.3

0.5.2

• Do not distribute any data files by @​jquast in jquast/wcwidth#199
• Update specs and zero-width tables regarding Mc by @​jquast in jquast/wcwidth#200
• Standalone emoji support by @​jquast in jquast/wcwidth#202

... (truncated)

Commits

• d1c99fe hyperlink and wordfix
• edb344a set to 0.8.1 not 2, not yet
• 00d6fef Improve corrections tables (zeroer, narrow_wider, narrow_zeroer) (#226)
• e8405a6 'of of' -> 'of', formatting
• 1de17df set release date for 0.8.0 in readme
• 9df7261 more docs
• be0fdb2 document better
• 2d9925b wcstwidth(term_program=True) default argument
• 169c846 Terminal software identity-assisted wcswidth() (#220)
• e4f76d5 bugfix virama with mc width is capped at 2, also (#225)
• Additional commits viewable in compare view

Updates bmw-lobster from 1.0.2 to 1.0.3

Release notes

Sourced from bmw-lobster's releases.

Release 1.0.3

• lobster-html-report:

  • [Bazel]: Added a parameter to specify the source root of the html report. Make sure that links to source files work correctly.

• lobster-pkg:

  • Introduced API function. Added API function for the tool lobster-pkg which takes PkgToolConfig as input and extracts tracing values from package files. This is similar to running the tool lobster-pkg.

• lobster-trlc:

  • Updated documentation to explain how to use the version flag (version-field) parameter in conversion rules and how it affects generated versioned tags.

• lobster-report:

  • Fixed edge-case exception when loading a *.lobster file raised an AssertionError. The error was not propagated to the error output stream, but another exception was created instead.

• lobster-json:

  • Fixed crash when processing empty JSON files. The tool now exits gracefully with return code 1 and prints a proper error message to stderr: "Input file contains invalid JSON."

• All tools now automatically create output directories if they don't exist. Previously, tools would crash with an exception if the specified output directory path did not exist. This enhancement improves usability and prevents unexpected failures when working with nested directory structures.

• lobster-codebeamer:

  • Improved error messages with detailed troubleshooting information:
    • Connection timeout errors now include the URL and suggest increasing timeout parameter
    • Connection errors provide actionable steps like checking internet connection and increasing retries
    • Network errors include clear failure reasons and suggested actions
    • HTTP response errors now include status code and reason
  • Changed default value of verify_ssl to True
  • If the configuration file contains an invalid schema value, an exception is raised. Earlier the fallback "activity" was used.

• API documentation

  • Created comprehensive API documentation using Sphinx for better user experience across all LOBSTER tools.
  • Added detailed examples and configuration parameters for lobster-codebeamer, lobster-cpptest, lobster-report, lobster-html-report, and lobster-online-report tools.

• Included Python 3.13 in the CI test matrix.

Changelog

Sourced from bmw-lobster's changelog.

1.0.3

• lobster-html-report:

  • [Bazel]: Added a parameter to specify the source root of the html report. Make sure that links to source files work correctly.

• lobster-pkg:

  • Introduced API function. Added API function for the tool lobster-pkg which takes PkgToolConfig as input and extracts tracing values from package files. This is similar to running the tool lobster-pkg.

• lobster-trlc:

  • Updated documentation to explain how to use the version flag (version-field) parameter in conversion rules and how it affects generated versioned tags.

• lobster-report:

  • Fixed edge-case exception when loading a *.lobster file raised an AssertionError. The error was not propagated to the error output stream, but another exception was created instead.

• lobster-json:

  • Fixed crash when processing empty JSON files. The tool now exits gracefully with return code 1 and prints a proper error message to stderr: "Input file contains invalid JSON."

• All tools now automatically create output directories if they don't exist. Previously, tools would crash with an exception if the specified output directory path did not exist. This enhancement improves usability and prevents unexpected failures when working with nested directory structures.

• lobster-codebeamer:

  • Improved error messages with detailed troubleshooting information:
    • Connection timeout errors now include the URL and suggest increasing timeout parameter
    • Connection errors provide actionable steps like checking internet connection and increasing retries
    • Network errors include clear failure reasons and suggested actions
    • HTTP response errors now include status code and reason
  • Changed default value of verify_ssl to True
  • If the configuration file contains an invalid schema value, an exception is raised. Earlier the fallback "activity" was used.

• API documentation

  • Created comprehensive API documentation using Sphinx for better user experience across all LOBSTER tools.
  • Added detailed examples and configuration parameters for lobster-codebeamer, lobster-cpptest, lobster-report, lobster-html-report, and lobster-online-report tools.

• Included Python 3.13 in the CI test matrix.

Commits

• 5ae311e Remove dev 1.0.4 dev (#576)
• 623e4cd bump lobster version to 1.0.4 (#575)
• a606b96 LOBSTER Release 1.0.3 (#574)
• 765085b Updates CHANGELOG (#573)
• 6f5134c Adds test and requirement traces for text feature (#567)
• f4cf740 Bump gitpython from 3.1.46 to 3.1.47 (#572)
• bd9a0e4 Formatting Cleanup (#569)
• 6e3b8e8 Bump python-dotenv from 1.2.1 to 1.2.2 (#568)
• 170cd8f Fix/pkg API Function (#547)
• d528fbd Include Python 3.13 in the test matrix (#565)
• Additional commits viewable in compare view

Updates basedpyright from 1.35.0 to 1.39.7

Commits

• c9a757d 1.39.7
• d253d82 avoid duplicated capability registrations
• 19c3545 fix empty semantic tokens response interfering with other language servers wh...
• b018192 update baseline file
• 15ee8f1 revert upstream's ai generated bash clusterfuck of an attempt at fixing the p...
• daec470 try using pyprojectx to install primer instead of uv
• f9650c5 update mypy_primer repo
• 48fe1c8 don't recurse submodules when cloning repos in the primer, it screws up becau...
• af9a1fd fix completely useless CalledProcesError messages
• 3b5becb update this project's basedpyright/ruff config for the mypy_primer repo
• Additional commits viewable in compare view

Updates pytest from 9.0.1 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

• #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

• #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

  Previously this resulted in an internal assertion failure during plugin loading.

  Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

• #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

• #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

• #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

• #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
• #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
• #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
• #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

• #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

  -- by aleguy02

9.0.2

pytest 9.0.2 (2025-12-06)

Bug fixes

• #13896: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.

  You may enable it again by passing -p terminalprogress. We may enable it by default again once compatibility improves in the future.

  Additionally, when the environment variable TERM is dumb, the escape codes are no longer emitted, even if the plugin is enabled.

• #13904: Fixed the TOML type of the tmp_path_retention_count settings in the API reference from number to string.

• #13946: The private config.inicfg attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.

... (truncated)

Commits

• a7d58d7 Prepare release version 9.0.3
• 089d981 Merge pull request #14366 from bluetech/revert-14193-backport
• 8127eaf Revert "Fix: assertrepr_compare respects dict insertion order (#14050) (#14193)"
• 99a7e60 Merge pull request #14363 from pytest-dev/patchback/backports/9.0.x/95d8423bd...
• ddee02a Merge pull request #14343 from bluetech/cve-2025-71176-simple
• 74eac69 doc: Update training info (#14298) (#14301)
• f92dee7 Merge pull request #14267 from pytest-dev/patchback/backports/9.0.x/d6fa26c62...
• 7ee58ac Merge pull request #12378 from Pierre-Sassoulas/fix-implicit-str-concat-and-d...
• 37da870 Merge pull request #14259 from mitre88/patch-4 (#14268)
• c34bfa3 Add explanation for string context diffs (#14257) (#14266)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.