chore(deps): bump the pip group across 1 directory with 7 updates

[dependabot]

Bumps the pip group with 7 updates in the / directory:

Package	From	To
black	25.11.0	26.3.1
pillow	12.0.0	12.1.1
pyinstaller	6.16.0	6.19.0
pylint	4.0.3	4.0.5
pyside6	6.10.1	6.11.0
pytest	9.0.1	9.0.2
requests	2.32.5	2.33.0

Updates black from 25.11.0 to 26.3.1

Release notes

Sourced from black's releases.

26.3.1

Stable style

• Prevent Jupyter notebook magic masking collisions from corrupting cells by using exact-length placeholders for short magics and aborting if a placeholder can no longer be unmasked safely (#5038)

Configuration

• Always hash cache filename components derived from --python-cell-magics so custom magic names cannot affect cache paths (#5038)

Blackd

• Disable browser-originated requests by default, add configurable origin allowlisting and request body limits, and bound executor submissions to improve backpressure (#5039)

26.3.0

Stable style

• Don't double-decode input, causing non-UTF-8 files to be corrupted (#4964)
• Fix crash on standalone comment in lambda default arguments (#4993)
• Preserve parentheses when # type: ignore comments would be merged with other comments on the same line, preventing AST equivalence failures (#4888)

Preview style

• Fix bug where if guards in case blocks were incorrectly split when the pattern had a trailing comma (#4884)
• Fix string_processing crashing on unassigned long string literals with trailing commas (one-item tuples) (#4929)
• Simplify implementation of the power operator "hugging" logic (#4918)

Packaging

• Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (#4930)

Performance

• Introduce winloop for windows as an alternative to uvloop (#4996)
• Remove deprecated function uvloop.install() in favor of uvloop.new_event_loop() (#4996)
• Rename maybe_install_uvloop function to maybe_use_uvloop to simplify loop installation and creation of either a uvloop/winloop evenloop or default eventloop (#4996)

Output

... (truncated)

Changelog

Sourced from black's changelog.

26.3.1

Stable style

• Prevent Jupyter notebook magic masking collisions from corrupting cells by using exact-length placeholders for short magics and aborting if a placeholder can no longer be unmasked safely (#5038)

Configuration

• Always hash cache filename components derived from --python-cell-magics so custom magic names cannot affect cache paths (#5038)

Blackd

• Disable browser-originated requests by default, add configurable origin allowlisting and request body limits, and bound executor submissions to improve backpressure (#5039)

26.3.0

Stable style

• Don't double-decode input, causing non-UTF-8 files to be corrupted (#4964)
• Fix crash on standalone comment in lambda default arguments (#4993)
• Preserve parentheses when # type: ignore comments would be merged with other comments on the same line, preventing AST equivalence failures (#4888)

Preview style

• Fix bug where if guards in case blocks were incorrectly split when the pattern had a trailing comma (#4884)
• Fix string_processing crashing on unassigned long string literals with trailing commas (one-item tuples) (#4929)
• Simplify implementation of the power operator "hugging" logic (#4918)

Packaging

• Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (#4930)

Performance

• Introduce winloop for windows as an alternative to uvloop (#4996)
• Remove deprecated function uvloop.install() in favor of uvloop.new_event_loop() (#4996)
• Rename maybe_install_uvloop function to maybe_use_uvloop to simplify loop installation and creation of either a uvloop/winloop eventloop or default eventloop (#4996)

... (truncated)

Commits

• c6755bb Prepare release 26.3.1 (#5046)
• 69973fd Harden blackd browser-facing request handling (#5039)
• 4937fe6 Fix some shenanigans with the cache file and IPython (#5038)
• 2e641d1 docs: remove outdated Black Playground references (#5044)
• c014b22 Remove unused internal code (#5041)
• 0dae20b Add new changelog (#5036)
• c5c1cbd Minor release patches (#5035)
• 7e5a828 docs: clarify relationship between Black style and PEP 8 (#5025)
• 69705de docs: add clearer pyproject configuration guidance (#5026)
• 35ea679 Prepare release 26.3.0 (#5032)
• Additional commits viewable in compare view

Updates pillow from 12.0.0 to 12.1.1

Release notes

Sourced from pillow's releases.

12.1.1

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html

Dependencies

• Patch libavif for svt-av1 4.0 compatibility #9413 [@​hugovk]

Other changes

• Fix OOB Write with invalid tile extents #9427 [@​radarhere]

12.1.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html

Deprecations

• Deprecate getdata(), in favour of new get_flattened_data() #9292 [@​radarhere]

Documentation

• Specify APNG duration type when opening #9368 [@​radarhere]
• Added release notes for #9350 #9366 [@​radarhere]
• Update ImageMorph documentation #9349 [@​radarhere]
• Docs: update major bump cadence #9334 [@​hugovk]
• Add release notes for #9070 #9320 [@​radarhere]
• Updated Ubuntu version #9306 [@​radarhere]
• Update macOS tested Pillow versions #9265 [@​radarhere]

Dependencies

• Update harfbuzz to 12.3.0 #9355 [@​radarhere]
• Update xz to 5.8.2 #9343 [@​radarhere]
• Updated libjpeg-turbo to 3.1.3 #9333 [@​radarhere]
• Updated zlib-ng to 2.3.2 #9324 [@​radarhere]
• Updated libpng to 1.6.53 #9325 [@​radarhere]
• Update actions/checkout action to v6 #9323 [@renovate[bot]]
• Update dependency mypy to v1.19.0 #9322 [@renovate[bot]]
• Updated libpng to 1.6.51 #9305 [@​radarhere]
• Updated brotli to 1.2.0 #9284 [@​radarhere]
• Update libimagequant to 4.4.1 #9301 [@​radarhere]
• Update zlib-ng to 2.3.1, except on manylinux2014 aarch64 #9312 [@​radarhere]
• Updated harfbuzz to 12.2.0 #9289 [@​radarhere]
• Update github-actions #9277 [@renovate[bot]]

Testing

• Replace pre-commit with prek #9360 [@​hugovk]
• Test PyQt6 on Python 3.14 on Windows #9353 [@​radarhere]
• Test 32-bit Windows on Windows Server 2022 #9345 [@​radarhere]
• Correct variable type #9335 [@​radarhere]

... (truncated)

Commits

• 5158d98 12.1.1 version bump
• 9000313 Fix OOB Write with invalid tile extents (#9427)
• cd01118 Patch libavif for svt-av1 4.0 compatibility
• 46f45f6 12.1.0 version bump
• c9ac097 Simplify band splitting (#9291)
• 3baedf2 Deprecate getdata(), in favour of new get_flattened_data() (#9292)
• b51a036 Specify APNG duration type when opening (#9368)
• 8d08e31 Add release notes for #9348 (#9369)
• 432707e Added release notes for #9348
• 2d58910 Specify APNG duration type when opening
• Additional commits viewable in compare view

Updates pyinstaller from 6.16.0 to 6.19.0

Release notes

Sourced from pyinstaller's releases.

v6.19.0

Please see the v6.19.0 section of the changelog for a list of the changes since v6.18.0.

v6.18.0

Please see the v6.18.0 section of the changelog for a list of the changes since v6.17.0.

v6.17.0

Please see the v6.17.0 section of the changelog for a list of the changes since v6.16.0.

Changelog

Sourced from pyinstaller's changelog.

6.19.0 (2026-02-14)

Bugfix

* (Windows) Fix collection of ``numpy`` DLLs when ``numpy`` PyPI wheel is
  installed using ``uv`` instead of ``pip``. (:issue:`9360`)
* Extend suppression of missing ``api-ms-win-*.dll`` warnings to Windows Server
  (formerly Windows 10 and 11). (:issue:`9355`)
* (Conda) Fix error during initialization of the `conda` hook utility module in
  Anaconda environments where the metadata for packages with no dependencies
  omit their *dependencies* key. (:issue:`9345`)
Hooks

* (Windows) Fix installer check in ``numpy`` hook to enable explicit collection
  of DLLs from ``numpy.libs`` directory when ``numpy`` PyPI wheels are installed
  through an installer other than ``pip`` - for example, ``uv``. (:issue:`9365`)
* (Windows) Update the ``pandas`` hook to explicitly collect the DLLs
  from ``pandas.libs`` directory that has been used in Windows PyPI wheels
  since ``pandas`` 2.1.0. (:issue:`9365`)
6.18.0 (2026-01-13)
Features

</code></pre>

<ul>

<li>Implement support for Tcl/Tk 9 in splash screen. (:issue:<code>9313</code>)</li>

</ul>

<p>Bugfix</p>

<pre><code>

(macOS) Improve the .framework bundle fix-up code to remove file entries

that would be placed under restored symlinked directories. This fixes

file-already-exists errors at build time (onedir) or run-time (onefile)

when user or a hook tries to collect (all) files from a package that

ships a .framework bundle with symlinks mangled into hard-copies

(for example, due to lack of symlink support in PyPI wheels). (:issue:9335)
Have hook for stdlib platform module exclude the _ios_support

module when sys.platform != 'ios'. This prevents unnecessary

collection of ctypes-imported libobjc shared library if the

latter happens to be available on the build system. (:issue:9333)

&lt;/tr&gt;&lt;/table&gt;

</code></pre>

</blockquote>

<p>... (truncated)</p>

</details>

<details>

<summary>Commits</summary>
<ul>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/9ae6e2afa4e55c3a784ec88ac74a71688a2a37c8&quot;&gt;&lt;code&gt;9ae6e2a&lt;/code&gt;&lt;/a> Release v6.19.0. [skip ci]</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/50eebf41d1b9309000b4ca6a74c0cc3c3f9b6a73&quot;&gt;&lt;code&gt;50eebf4&lt;/code&gt;&lt;/a> ci: cygwin: add the work-around for broken setuptools upgrade</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/a09778bb289fc24fb34dc675a9e71d3f09794a0a&quot;&gt;&lt;code&gt;a09778b&lt;/code&gt;&lt;/a> ci: extend the work-around for broken setuptools upgrade</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/a7f87e58c2023ff699610b6af47f4fe4b3a12313&quot;&gt;&lt;code&gt;a7f87e5&lt;/code&gt;&lt;/a> tests: port remaining metadata tests to importlib.metadata</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/2e751ba399ccf10f0aeb843cbb2f183c22509a6b&quot;&gt;&lt;code&gt;2e751ba&lt;/code&gt;&lt;/a> tests: add missing importorskip('pkg_resources') decorators</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/611f658dae8881eab3f2264bb90aac136a2152aa&quot;&gt;&lt;code&gt;611f658&lt;/code&gt;&lt;/a> tests: update setuptools to 82.0.0</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/38ae78854b07bd33359929c6d1a9df52c4544085&quot;&gt;&lt;code&gt;38ae788&lt;/code&gt;&lt;/a> Tests: Requirements: Scheduled weekly dependency update for week 06 (<a href="https://redirect.github.com/pyinstaller/pyinstaller/issues/9369&quot;&gt;#9369&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/e937d76ea5e2177f295488bcaaa6d641adc328cf&quot;&gt;&lt;code&gt;e937d76&lt;/code&gt;&lt;/a> Tests: Requirements: Scheduled weekly dependency update for week 05 (<a href="https://redirect.github.com/pyinstaller/pyinstaller/issues/9366&quot;&gt;#9366&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/ce6d02ce7ac3d19a6b5a4ef57775d589bc125b4d&quot;&gt;&lt;code&gt;ce6d02c&lt;/code&gt;&lt;/a> hooks: pandas: use delvewheel hook utility function to collect DLLs</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/f0ee7305a607969fee6c02b76e387669df0e0ad7&quot;&gt;&lt;code&gt;f0ee730&lt;/code&gt;&lt;/a> hooks: numpy: relax installer-type check for delvewheel codepath</li>

<li>Additional commits viewable in <a href="https://github.com/pyinstaller/pyinstaller/compare/v6.16.0...v6.19.0&quot;&gt;compare view</a></li>

</ul>

</details>
<br />

Updates pylint from 4.0.3 to 4.0.5

Commits

88e1ab7 Bump pylint to 4.0.5, update changelog (#10860)
d96d489 [Backport maintenance/4.0.x] Relax isort version constraint to allow isort 8 ...
0b08ccb Fix dynamic color mapping for "fail-on" messages when using multiple reporter...
154dba4 [Backport maintenance/4.0.x] Fix FP for invalid-name with typing.Final on...
7b73bfd Disable unspecified-encoding for py-version above Python 3.15 (#10800)
4cc98be [Backport maintenance/4.0.x] Fix setting options for import order checker (#1...
f0d30a2 Sync astroid version with requirements file again
38bdf02 [Backport maintenance/4.0.x] Fix logging-unsupported-format when logging ...
f08c33a [Backport maintenance/4.0.x] Properly detect self.fail() as a terminating...
e16f942 Bump pylint to 4.0.4, update changelog
Additional commits viewable in compare view




Updates pyside6 from 6.10.1 to 6.11.0
Updates pytest from 9.0.1 to 9.0.2

Release notes
Sourced from pytest's releases.

9.0.2
pytest 9.0.2 (2025-12-06)
Bug fixes


#13896: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.
You may enable it again by passing -p terminalprogress. We may enable it by default again once compatibility improves in the future.
Additionally, when the environment variable TERM is dumb, the escape codes are no longer emitted, even if the plugin is enabled.


#13904: Fixed the TOML type of the tmp_path_retention_count settings in the API reference from number to string.


#13946: The private config.inicfg attribute was changed in a breaking manner in pytest 9.0.0.
Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim.
It will be deprecated in pytest 9.1 and removed in pytest 10.


#13965: Fixed quadratic-time behavior when handling unittest subtests in Python 3.10.


Improved documentation

#4492: The API Reference now contains cross-reference-able documentation of pytest's command-line flags <command-line-flags>.




Commits

3d10b51 Prepare release version 9.0.2
188750b Merge pull request #14030 from pytest-dev/patchback/backports/9.0.x/1e4b01d1f...
b7d7bef Merge pull request #14014 from bluetech/compat-note
bd08e85 Merge pull request #14013 from pytest-dev/patchback/backports/9.0.x/922b60377...
bc78386 Add CLI options reference documentation (#13930)
5a4e398 Fix docs typo (#14005) (#14008)
d7ae6df Merge pull request #14006 from pytest-dev/maintenance/update-plugin-list-tmpl...
556f6a2 pre-commit: fix rst-lint after new release (#13999) (#14001)
c60fbe6 Fix quadratic-time behavior when handling unittest subtests in Python 3.10 ...
73d9b01 Merge pull request #13995 from nicoddemus/patchback/backports/9.0.x/1b5200c0f...
Additional commits viewable in compare view




Updates requests from 2.32.5 to 2.33.0

Release notes
Sourced from requests's releases.

v2.33.0
2.33.0 (2026-03-25)
Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

New Contributors

@​M0d3v1 made their first contribution in psf/requests#6865
@​aminvakil made their first contribution in psf/requests#7220
@​E8Price made their first contribution in psf/requests#6960
@​mitre88 made their first contribution in psf/requests#7244
@​magsen made their first contribution in psf/requests#6553
@​Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25



Changelog
Sourced from requests's changelog.

2.33.0 (2026-03-25)
Announcements

📣 Requests is adding inline types. If you have a typed code base that
uses Requests, please take a look at #7271. Give it a try, and report
any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts
contents to a non-deterministic location to prevent malicious file
replacement. This does not affect default usage of Requests, only
applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause
malformed authentication to be applied to Requests on
Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.




Commits

bc04dfd v2.33.0
66d21cb Merge commit from fork
8b9bc8f Move badges to top of README (#7293)
e331a28 Remove unused extraction call (#7292)
753fd08 docs: fix FAQ grammar in httplib2 example
774a0b8 docs(socks): same block as other sections
9c72a41 Bump github/codeql-action from 4.33.0 to 4.34.1
ebf7190 Bump github/codeql-action from 4.32.0 to 4.33.0
0e4ae38 docs: exclude Response.is_permanent_redirect from API docs (#7244)
d568f47 docs: clarify Quickstart POST example (#6960)
Additional commits viewable in compare view




Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions