Update library dependencies

[jvanderaa]

Summary

Roll up the open Renovate dependency update PRs into a single coordinated update so we can land them as one cohesive change rather than ten individual merges with overlapping poetry.lock conflicts.

Scope

Python version support

• Update Python #347 Add Python 3.14 to the supported range. Updates pyproject.toml from python = ">=3.10,<3.14" to python = ">=3.10,<3.15" and adds "3.14" to the CI matrix. Floor stays at Python 3.10, which is the minimum currently receiving any support from python.org (security-only until October 2026). Renovate's original PR collapses the range to 3.14-only, which we are not doing.

Python dependencies (poetry.lock and/or pyproject.toml)

• Update dependency netconan to ^0.15.0 #358 netconan: ^0.12.3 → ^0.15.0 (pyproject range bump)
• Update dependency ruff to v0.15.14 #365 ruff → 0.15.12 (lockfile)
• Update dependency coverage to v7.14.0 #392 coverage → 7.13.5 (lockfile)
• Update dependency click to v8.4.1 #408 click → 8.3.3 (lockfile)
• Update dependency mkdocs-redirects to v1.2.3 #409 mkdocs-redirects → 1.2.3 (lockfile, minor)
• Update dependency pylint to v4.0.5 #413 pylint → 4.0.5 (lockfile, patch within v4)

GitHub Actions workflows

• Update docker/setup-buildx-action action to v3.12.0 #351 docker/setup-buildx-action → v3.12.0
• Update pypa/gh-action-pypi-publish action to v1.14.0 #352 pypa/gh-action-pypi-publish → v1.14.0
• Update actions/checkout action to v6 #362 actions/checkout v4 → v6 (major)

Approach

1. Single branch off latest develop (e.g. chore/dependency-bumps-2026-05).
2. Update pyproject.toml for the version-range bumps (Update Python #347 ceiling, Update dependency netconan to ^0.15.0 #358, Update dependency mkdocs-redirects to v1.2.3 #409).
3. Run poetry lock once to regenerate the lockfile cleanly across all included updates, rather than cherry-picking ten conflicting lockfiles.
4. Update workflow YAML for the three GitHub Actions bumps and the CI matrix Python 3.14 addition.
5. Add a single towncrier fragment under changes/<pr>.housekeeping.
6. Open one PR that closes Update Python #347, Update docker/setup-buildx-action action to v3.12.0 #351, Update pypa/gh-action-pypi-publish action to v1.14.0 #352, Update dependency netconan to ^0.15.0 #358, Update actions/checkout action to v6 #362, Update dependency ruff to v0.15.14 #365, Update dependency coverage to v7.14.0 #392, Update dependency click to v8.4.1 #408, Update dependency mkdocs-redirects to v1.2.3 #409, Update dependency pylint to v4.0.5 #413. Renovate will rebase or close them automatically.

Notes

• actions/checkout@v6 and pylint v4 are the only updates with non-trivial blast radius. CI is the gate. If either misbehaves, drop it from the bundle and ship the rest.
• Python 3.10 reaches end-of-life in October 2026, ~5 months from now. A follow-up issue should bump the floor to 3.11 around that time.