chore(deps): bump the all-dependencies group with 6 updates

[dependabot]

Bumps the all-dependencies group with 6 updates:

Package	From	To
hypothesis	6.152.4	6.152.6
mypy	1.20.2	2.1.0
types-setuptools	82.0.0.20260408	82.0.0.20260508
tox-uv	1.35.1	1.35.2
uv	0.11.8	0.11.13
cryptography	47.0.0	48.0.0

Updates hypothesis from 6.152.4 to 6.152.6

Release notes

Sourced from hypothesis's releases.

Hypothesis for Python - version 6.152.6

This patch adds a shrinking pass that tries natural text transformations - unicode decomposition (NFD/NFKD) and case mapping - on individual characters in string choices. Failures involving e.g. ""À" != "À".lower()" will now reliably shrink to ""A"" rather than sometimes getting stuck on the high-codepoint accented form (issue #4725).

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.152.5

This patch improves the "Phase.explain" phase so that simple cases like "assert n1 == n2" no longer get a misleading "# or any other generated value" comment (issue #4715). Before falling back to random sampling, we now also try borrowing values from each other arg slice with matching shape.

The canonical version of these notes (with links) is on readthedocs.

Commits

• e7be868 Bump hypothesis-python version to 6.152.6 and update changelog
• bc203c0 Merge pull request #4726 from HypothesisWorks/DRMacIver/unicode-normalization
• df78fb8 Cache _natural_simpler_chars and extend candidates with all chars
• 5421485 Bump hypothesis-python version to 6.152.5 and update changelog
• 9c503ea Merge pull request #4718 from Zac-HD/claude/fix-issue-4715-uonex
• 08f6bbb Drop unreachable defensive branches from _natural_simpler_chars
• 4082379 Add a shrink pass for natural unicode text transformations
• c236887 Merge pull request #4724 from HypothesisWorks/DRMacIver/fix-pyiodide
• 0150df4 Bump pyodide-build to 0.34.3 to fix CI
• c31c869 Document the format-before-push requirement for Claude Code
• Additional commits viewable in compare view

Updates mypy from 1.20.2 to 2.1.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 2.1

We’ve just uploaded mypy 2.1.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

librt.vecs: Fast Growable Array Type for Mypyc

The new librt.vecs module provides an efficient growable array type vec that is optimized for mypyc use. It provides fast, packed arrays with integer and floating point value types, which can be several times faster than list, and tens of times faster than array.array in code compiled using mypyc. It also supports nested vec objects and non-value-type items, such as vec[vec[str]].

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo.

librt.random: Fast Pseudo-Random Number Generation

The new librt.random module provides fast pseudo-random number generation that is optimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib random module in compiled code.

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo (PR 21433).

Mypyc Improvements

• Make compilation order with multiple files consistent (Piotr Sawicki, PR 21419)
• Fix crash on accessing StopAsyncIteration (Piotr Sawicki, PR 21406)
• Fix incremental compilation with separate flag (Vaggelis Danias, PR 21299)

Fixes to Crashes

• Fix crash on partial type with --allow-redefinition and global declaration (Jukka Lehtosalo, PR 21428)
• Fix broken awaitable generator patching (Ivan Levkivskyi, PR 21435)

Changes to Messages

... (truncated)

Commits

• c1c336d Remove +dev from version
• 74df14b Add changelog for mypy 2.1 (#21464)
• 022d9bc Revert "TypeForm: Enable by default (#21262)"
• 8826288 [mypyc] Document librt.random (#21463)
• 3f4067b Bump librt version to 0.11.0 (#21458)
• 2b1eb58 [mypyc] Enable incremental self-compilation (#21369)
• 8152f4a Respect file config comments for stale modules (#21444)
• 116d60b Fix nondeterminism from nonassociativity of overload joins (#21455)
• 6c4af8e Fix function call message change for small number of args (#21432)
• 4b8fdca [mypyc] Add librt.random module (#21433)
• Additional commits viewable in compare view

Updates types-setuptools from 82.0.0.20260408 to 82.0.0.20260508

Commits

• See full diff in compare view

Updates tox-uv from 1.35.1 to 1.35.2

Release notes

Sourced from tox-uv's releases.

1.35.2

What's Changed

• Honor constraints opt for all packages by @​stephenfin in tox-dev/tox-uv#332
• 🐛 fix(lock): honor --recreate in uv-venv-lock-runner by @​gaborbernat in tox-dev/tox-uv#338

New Contributors

• @​stephenfin made their first contribution in tox-dev/tox-uv#332

Full Changelog: tox-dev/tox-uv@1.35.1...1.35.2

Commits

• 595721d 🐛 fix(lock): honor --recreate in uv-venv-lock-runner (#338)
• 1026808 [pre-commit.ci] pre-commit autoupdate (#337)
• 3f7ea4d [pre-commit.ci] pre-commit autoupdate (#334)
• f976fc1 build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 (#333)
• c0fabe3 Honor constraints opt for all packages (#332)
• d4aa96d [pre-commit.ci] pre-commit autoupdate (#331)
• ac78519 build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#329)
• 8bab9b8 [pre-commit.ci] pre-commit autoupdate (#328)
• See full diff in compare view

Updates uv from 0.11.8 to 0.11.13

Release notes

Sourced from uv's releases.

0.11.13

Release Notes

Released on 2026-05-10.

Bug fixes

• Include data files in editable builds (#19312)
• Respect --require-hashes when installing from pylock.toml files (#19334)

Python

• Add CPython 3.14.5

Install uv 0.11.13

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.13/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.13/uv-installer.ps1 | iex"

Download uv 0.11.13

File	Platform	Checksum
uv-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
uv-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
uv-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
uv-i686-pc-windows-msvc.zip	x86 Windows	checksum
uv-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
uv-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
uv-i686-unknown-linux-gnu.tar.gz	x86 Linux	checksum
uv-powerpc64le-unknown-linux-gnu.tar.gz	PPC64LE Linux	checksum
uv-riscv64gc-unknown-linux-gnu.tar.gz	RISCV Linux	checksum
uv-s390x-unknown-linux-gnu.tar.gz	S390x Linux	checksum
uv-x86_64-unknown-linux-gnu.tar.gz	x64 Linux	checksum
uv-armv7-unknown-linux-gnueabihf.tar.gz	ARMv7 Linux	checksum
uv-aarch64-unknown-linux-musl.tar.gz	ARM64 MUSL Linux	checksum
uv-i686-unknown-linux-musl.tar.gz	x86 MUSL Linux	checksum
uv-riscv64gc-unknown-linux-musl.tar.gz	RISCV MUSL Linux	checksum
uv-x86_64-unknown-linux-musl.tar.gz	x64 MUSL Linux	checksum
uv-arm-unknown-linux-musleabihf.tar.gz	ARMv6 MUSL Linux (Hardfloat)	checksum
uv-armv7-unknown-linux-musleabihf.tar.gz	ARMv7 MUSL Linux	checksum

... (truncated)

Changelog

Sourced from uv's changelog.

0.11.13

Released on 2026-05-10.

Bug fixes

• Include data files in editable builds (#19312)
• Respect --require-hashes when installing from pylock.toml files (#19334)

Python

• Add CPython 3.14.5

0.11.12

Released on 2026-05-08.

Python

• Add CPython 3.15.0b1

Enhancements

• Add --no-editable support to uv pip install (#19306)
• Require git refs in URLs to be percent-encoded (#19320)

Bug fixes

• Respect --no-dev over UV_DEV=1 (#19313)
• Don't suggest non-existent --no-frozen flag (#19290) (#19294)

Documentation

• Fix bug from inconsistent workflow name in GHA-PyPI guide example (#19309)

0.11.11

Released on 2026-05-06.

Bug fixes

• Accept legacy ID format from pre-0.11.9 cache entries (#19301)

0.11.10

Released on 2026-05-05.

Bug fixes

• Allow pre-release Python requests with non-zero patch versions (#19286)

... (truncated)

Commits

• 4512a39 Bump version to 0.11.13 (#19345)
• 16db957 Update Rust crate criterion to v4.6.0 (#19352)
• 4d7da7a Update taiki-e/install-action action to v2.75.30 (#19349)
• ddbdf7c Update dependency astral-sh/uv to v0.11.12 (#19346)
• 60017e9 Sync latest Python releases (#19342)
• 3719026 [codex] Remove stale uv-bench platform tags input (#19341)
• 2abd501 Include data files in editable builds (#19312)
• e3187b3 Respect --require-hashes when installing from pylock.toml files (#19334)
• b58e670 Upload JUnit summaries for our tests (#19330)
• 63c5f57 Bump version to 0.11.12 (#19331)
• Additional commits viewable in compare view

Updates cryptography from 47.0.0 to 48.0.0

Changelog

Sourced from cryptography's changelog.

48.0.0 - 2026-05-04

* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.
  ``cryptography`` now requires Python 3.9 or later.
* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner
  ``TBSCertList.signature`` algorithm does not match the outer
  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs
  were parsed successfully and only rejected during signature validation.
* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and
  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or
  later, in addition to the existing AWS-LC and BoringSSL support. This means
  post-quantum algorithms are now available to users of our wheels.

Note: Going forward, we do not guarantee that all functionality

in cryptography will be available when building against

OpenSSL. See :doc:/statements/state-of-openssl for more information.

.. _v47-0-0:

Commits

• 8e03e30 bump for 48.0.0 release (#14796)
• 295e0d2 Add AGENTS.md with CLAUDE.md symlink (#14794)
• 104a2de Bump BoringSSL, OpenSSL, AWS-LC in CI (#14793)
• 67ec1e5 call check_length early on AesSiv::encrypt (#14792)
• b2da57a changelog for mldsa/mlkem for openssl (#14791)
• 3cf44ad ML-KEM OpenSSL support (#14781)
• 2e31639 ML-DSA OpenSSL support (#14773)
• 5affe5a fix rust nightly clippy (#14790)
• 2e73ca4 bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (#1...
• 82ebd3b Bump BoringSSL, OpenSSL, AWS-LC in CI (#14785)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions