Skip to content

chore(deps): bump the minor group with 2 updates#191

Open
dependabot[bot] wants to merge 1 commit into
developmentfrom
dependabot/uv/development/minor-47c4752a7e
Open

chore(deps): bump the minor group with 2 updates#191
dependabot[bot] wants to merge 1 commit into
developmentfrom
dependabot/uv/development/minor-47c4752a7e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor group with 2 updates: coverage[toml] and hydra-core.

Updates coverage[toml] from 7.14.3 to 7.15.0

Release notes

Sourced from coverage[toml]'s releases.

7.15.0

Version 7.15.0 — 2026-07-02

  • Since 7.14.0, reporting commands implicitly combine parallel data files. Now those commands have a new option --keep-combined to retain the data files after combining them instead of the default, which is to delete them. Finishes issue 2198.
  • Fix: the LCOV report would incorrectly count excluded functions as uncovered, as described in issue 2205. This is now fixed thanks to Martin Kuntz Jacobsen.
  • When running your program, coverage now correctly sets yourmodule.__spec__.loader as strongly recommended, avoiding the deprecation warning described in issue 2208. Thanks, A5rocks.
  • Fix: with Python 3.10, running with the -I (isolated mode) option didn’t correctly omit the current directory from the module search path, as described in issue 2103. That is now fixed thanks to Ilia Sorokin.

➡️  PyPI page: coverage 7.15.0. :arrow_right:  To install: python3 -m pip install coverage==7.15.0

Changelog

Sourced from coverage[toml]'s changelog.

Version 7.15.0 — 2026-07-02

  • Since 7.14.0, reporting commands implicitly combine parallel data files. Now those commands have a new option --keep-combined to retain the data files after combining them instead of the default, which is to delete them. Finishes issue 2198_.

  • Fix: the LCOV report would incorrectly count excluded functions as uncovered, as described in issue 2205. This is now fixed thanks to Martin Kuntz Jacobsen <pull 2206_>.

  • When running your program, coverage now correctly sets yourmodule.__spec__.loader as strongly recommended <--loader--_>, avoiding the deprecation warning described in issue 2208. Thanks, A5rocks <pull 2209_>_.

  • Fix: with Python 3.10, running with the -I (isolated mode) option didn't correctly omit the current directory from the module search path, as described in issue 2103. That is now fixed thanks to Ilia Sorokin <pull 2211_>.

.. --loader--: https://docs.python.org/3/reference/datamodel.html#module.__loader_ .. _issue 2103: coveragepy/coveragepy#2103 .. _issue 2198: coveragepy/coveragepy#2198 .. _issue 2205: coveragepy/coveragepy#2205 .. _pull 2206: coveragepy/coveragepy#2206 .. _issue 2208: coveragepy/coveragepy#2208 .. _pull 2209: coveragepy/coveragepy#2209 .. _pull 2211: coveragepy/coveragepy#2211

.. _changes_7-14-3:

Commits
  • c8c8020 docs: sample HTML for 7.15.0
  • ae19db1 docs: prep for 7.15.0
  • 17b45a1 docs: --keep-combined in the man page
  • 6f9fa1e fix: preserve isolated sys.path on Python 3.10 (#2211)
  • 787af5f chore: bump actions/checkout in the action-dependencies group (#2210)
  • 1ed3998 fix: start attaching the loader on __spec__ #2208 (#2209)
  • 1ab1122 docs: remove stray comma
  • f24a91f feat: --keep-combined for reporting commands. #2198
  • 5e70751 test: canonicalize mock calls in test_cmdline to reduce diff noise
  • 65979cc fix: skip excluded functions in LCOV function totals (#2206)
  • Additional commits viewable in compare view

Updates hydra-core from 1.3.3 to 1.3.4

Release notes

Sourced from hydra-core's releases.

Hydra 1.3.4

Security patch release for the 1.3 line.

  • Add a blocklist to hydra.utils.instantiate() for security-sensitive _target_ callables.

Users on Hydra 1.3 should upgrade from hydra-core<=1.3.3 to hydra-core==1.3.4.

Changelog

Sourced from hydra-core's changelog.

1.3.4 (2026-07-05)

Bug Fixes

  • Add an instantiate target blocklist for security-sensitive callables. (#3259)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the minor group with 2 updates: [coverage[toml]](https://github.com/coveragepy/coveragepy) and [hydra-core](https://github.com/facebookresearch/hydra).


Updates `coverage[toml]` from 7.14.3 to 7.15.0
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.14.3...7.15.0)

Updates `hydra-core` from 1.3.3 to 1.3.4
- [Release notes](https://github.com/facebookresearch/hydra/releases)
- [Changelog](https://github.com/facebookresearch/hydra/blob/v1.3.4/NEWS.md)
- [Commits](facebookresearch/hydra@v1.3.3...v1.3.4)

---
updated-dependencies:
- dependency-name: coverage[toml]
  dependency-version: 7.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: hydra-core
  dependency-version: 1.3.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 9, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: bot. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants