Update all dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
allure-framework/allure-action	action	minor	v0.6.6 → v0.7.1
astral-sh/ruff-pre-commit	repository	patch	v0.15.12 → v0.15.15
mcr.microsoft.com/playwright	container	minor	v1.59.1 → v1.60.0
playwright (changelog)	project.dependencies	minor	==1.59.0 → ==1.60.0
pytest-flakiness	dependency-groups	major	==0.18.0 → ==1.0.0
pytest-playwright	project.dependencies	minor	==0.7.2 → ==0.8.0
python	uses-with	minor	3.13 → 3.14
requests (changelog)	project.dependencies	minor	==2.33.1 → ==2.34.2
ruff (source, changelog)	dependency-groups	patch	==0.15.12 → ==0.15.15

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

allure-framework/allure-action (allure-framework/allure-action)

v0.7.1

Compare Source

What's Changed

• Escape markdown symbols by @​epszaw in #​53

Full Changelog: allure-framework/allure-action@v0...v0.7.1

v0.7.0

Compare Source

What's Changed

• chore: update deps, migrate to oxlint/oxfmt, migrate to lefthook by @​vdvukhzhilov in #​40
• chore: update deps by @​vdvukhzhilov in #​43
• Add static remote href by @​epszaw in #​44
• Bump lodash from 4.17.23 to 4.18.1 by @​dependabot[bot] in #​47
• Bump vite from 8.0.3 to 8.0.8 by @​dependabot[bot] in #​49
• Bump defu from 6.1.4 to 6.1.7 by @​dependabot[bot] in #​46
• Use node 24 by @​epszaw in #​45
• Fix the action run condition by @​epszaw in #​50
• Bump axios from 1.13.6 to 1.15.0 by @​dependabot[bot] in #​48
• Fix report name from allure-report to allure-action by @​TBxy in #​42
• Bump axios to 1.15.0 by @​epszaw in #​51
• Add comments sections by @​epszaw in #​52

New Contributors

• @​vdvukhzhilov made their first contribution in #​40
• @​TBxy made their first contribution in #​42

Full Changelog: allure-framework/allure-action@v0...v0.7.0

astral-sh/ruff-pre-commit (astral-sh/ruff-pre-commit)

v0.15.15

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.15.15

v0.15.14

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.15.14

v0.15.13

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.15.13

Microsoft/playwright-python (playwright)

v1.60.0

Compare Source

🐍 Python improvements

• New FormData class for building multipart/form-data request bodies — pass to api_request_context.post(form=…) etc.
• expect.soft(...) soft assertions collect multiple failures in a test instead of stopping at the first one. Requires up-to-date pytest integration to work.
• All timeout parameters now accept datetime.timedelta — applies wherever a timeout is taken, e.g. page.goto(), locator.click(), expect(...).to_be_visible().
• Async context manager support across more APIs — async with now works for objects returned from screencast.show_actions(), screencast.show_overlays(), etc.
• page.expect_request(...) and page.expect_response(...) now accept async predicates.
• Typed overloads for expect_event / wait_for_event so the event payload type is inferred per event name.

🌐 HAR recording on Tracing

tracing.start_har() / tracing.stop_har() expose HAR recording as a first-class tracing API, with the same content, mode and url_filter options as record_har:

context.tracing.start_har("trace.har")
page = context.new_page()
page.goto("https://playwright.dev")
context.tracing.stop_har()

🪝 Drop API

New locator.drop() simulates an external drag-and-drop of files or clipboard-like data onto an element. Playwright dispatches dragenter, dragover, and drop with a synthetic DataTransfer in the page context — works cross-browser and is great for testing upload zones:

page.locator("#dropzone").drop(
    files={"name": "note.txt", "mime_type": "text/plain", "buffer": b"hello"},
)

page.locator("#dropzone").drop(
    data={
        "text/plain": "hello world",
        "text/uri-list": "https://example.com",
    },
)

🎯 Aria snapshots

• expect(page).to_match_aria_snapshot() now works on a Page, in addition to a Locator — equivalent to asserting against page.locator("body").
• New boxes option on locator.aria_snapshot() / page.aria_snapshot() appends each element's bounding box as [box=x,y,width,height], useful for AI consumption.

New APIs

Browser, Context and Page

• Event browser.on("context") — fired when a new context is created on the browser.
• BrowserContext now mirrors lifecycle events from its pages: browser_context.on("download"), browser_context.on("frameattached"), browser_context.on("framedetached"), browser_context.on("framenavigated"), browser_context.on("pageclose"), browser_context.on("pageload").

Locators and Assertions

• New option description in page.get_by_role() / locator.get_by_role() / frame.get_by_role() / frame_locator.get_by_role() for matching the accessible description.
• New option pseudo in expect(locator).to_have_css() reads computed styles from ::before or ::after.
• New option style in locator.highlight() applies extra inline CSS to the highlight overlay, plus new page.hide_highlight() to clear all highlights.

Network

• web_socket_route.protocols() returns the WebSocket subprotocols requested by the page.
• New option no_defaults in browser_type.connect_over_cdp() disables Playwright's default overrides on the default context (download behavior, focus emulation, media emulation), so attaching to a user's daily-driver browser doesn't disturb its state.

Errors

• New web_error.location() mirrors console_message.location().
• console_message.location() now exposes line / column properties (line_number / column_number are deprecated).

🛠️ Other improvements

• Trace Viewer adds a pretty-print toggle for JSON / form request and response bodies in the network details panel.

Breaking Changes ⚠️

• Removed long-deprecated handle option on browser_context.expose_binding() and page.expose_binding().

Browser Versions

• Chromium 148.0.7778.96
• Mozilla Firefox 150.0.2
• WebKit 26.4

This version was also tested against the following stable channels:

• Google Chrome 147
• Microsoft Edge 147

flakiness/pytest-flakiness (pytest-flakiness)

v1.0.0

Compare Source

pytest-flakiness graduates to 1.0

The pytest plugin's options and the emitted JSON report are now considered stable; future breaking changes will follow semver. This release aligns pytest-flakiness with the rest of the Flakiness reporter family — Playwright, Vitest, Jest, and Cucumber-JS — which are already on 1.x.

What's Changed

• feat: include runtime information by @​aslushnikov in #​20

Full Changelog: flakiness/pytest-flakiness@v0.18.0...v1.0.0

microsoft/playwright-pytest (pytest-playwright)

v0.8.0

Compare Source

Adds support for expect.soft() soft assertions.

actions/python-versions (python)

v3.14.5: 3.14.5

Compare Source

Python 3.14.5

v3.14.4: 3.14.4

Compare Source

Python 3.14.4

v3.14.3: 3.14.3

Compare Source

Python 3.14.3

v3.14.2: 3.14.2

Compare Source

Python 3.14.2

v3.14.1: 3.14.1

Compare Source

Python 3.14.1

v3.14.0: 3.14.0

Compare Source

Python 3.14.0

psf/requests (requests)

v2.34.2

Compare Source

• Moved headers input type back to Mapping to avoid invariance issues
  with MutableMapping and inferred dict types. Users calling
  Request.headers.update() may need to narrow typing in their code. (#​7441)

v2.34.1

Compare Source

Bugfixes

• Widened json input type from dict and list to Mapping
  and Sequence. (#​7436)
• Changed headers input type to MutableMapping and removed None from
  Request.headers typing to improve handling for users. (#​7431)
• Response.reason moved from str | None to str to improve handling
  for users. (#​7437)
• Fixed a bug where some bodies with custom __getattr__ implementations
  weren't being properly detected as Iterables. (#​7433)

v2.34.0

Compare Source

Announcements

• Requests 2.34.0 introduces inline types, replacing those provided by
  typeshed. Public API types should be fully compatible with mypy, pyright,
  and ty. We believe types are comprehensive but if you find issues, please
  report them to the pinned tracking issue.

  Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for
  helping review and test the types ahead of the release. (#​7272)

Improvements

• Digest Auth hashing algorithms have added usedforsecurity=False to clarify
  security considerations. (#​7310)
• Requests added support for Python 3.15 based on beta1. Downstream projects
  should be able to start testing prior to its release in October. (#​7422)
• Requests added support for Python 3.14t. (#​7419)

Bugfixes

• Response.history no longer contains a reference to itself, preventing
  accidental looping when traversing the history list. (#​7328)
• Requests no longer performs greedy matching on no_proxy domains. The
  proxy_bypass implementation has been updated with CPython's fix from
  bpo-39057. (#​7427)
• Requests no longer incorrectly strips duplicate leading slashes in
  URI paths. This should address user issues with specific presigned
  URLs. Note the full fix requires urllib3 2.7.0+. (#​7315)

astral-sh/ruff (ruff)

v0.15.15

Compare Source

Released on 2026-05-28.

Preview features

• Fix Markdown closing fence handling (#​25310)
• [pyflakes] Report duplicate imports in typing.TYPE_CHECKING block (F811) (#​22560)

Bug fixes

• [pyflakes] Treat function-scope bare annotations as locals per PEP 526 (F821) (#​21540)

Performance

• Avoid redundant TokenValue drops in the lexer (#​25300)
• Reduce memory usage by dropping token-excess capacity and improve performance by approximating the initial tokens Vec size (#​25354)
• Use ThinVec in AST to shrink Stmt (#​25361)

Documentation

• Fix line-length example for --config option (#​25389)
• [flake8-comprehensions] Document RecursionError edge case in __len__ (C416) (#​25286)
• [mccabe] Improve example (C901) (#​25287)
• [pyupgrade] Clarify fix safety docs (UP007, UP045) (#​25288)
• [refurb] Document FURB192 exception change for empty sequences (#​25317)
• [ruff] Document false negative for user-defined types (RUF013) (#​25289)

Formatter

• Fix formatting of lambdas nested within f-strings (#​25398)

Server

• Return code action for codeAction/resolve requests that contain no or no valid URL (#​25365)

Other changes

• Expand semantic syntax errors for invalid walruses (#​25415)

Contributors

• @​chirizxc
• @​ntBre
• @​adityasingh2400
• @​charliermarsh
• @​fallintoplace
• @​martin-schlossarek
• @​MichaReiser
• @​Ruchir28

v0.15.14

Compare Source

Released on 2026-05-21.

Preview features

• [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#​25152)
• [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#​25086)
• [pylint] Implement too-many-try-statements (W0717) (#​23970)
• [ruff] Add incorrect-decorator-order (RUF074) (#​23461)
• [ruff] Add fallible-context-manager (RUF075) (#​22844)

Bug fixes

• Fix lambda formatting in interpolated string expressions (#​25144)
• Treat generic frozenset annotations as immutable (#​25251)
• [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#​25035)
• [pylint] Avoid false positives in else clause (PLR1733) (#​25177)

Rule changes

• [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#​25272)
• [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#​25061)

Performance

• Avoid unnecessary parser lookahead for operators (#​25290)

Documentation

• Update code example setting Neovim LSP log level (#​25284)

Other changes

• Add full PEP 798 support (#​25104)
• Add a parser recursion limit (#​24810)
• Update various ruff_python_stdlib APIs (#​25273)

Contributors

• @​ocaballeror
• @​lerebear
• @​samuelcolvin
• @​baltasarblanco
• @​aconal-com
• @​anishgirianish
• @​JelleZijlstra
• @​AlexWaygood
• @​ntBre
• @​adityasingh2400
• @​charliermarsh
• @​Dev-iL
• @​neutrinoceros
• @​shivamtiwari3
• @​Dev-X25874

v0.15.13

Compare Source

Released on 2026-05-14.

Preview features

• Add a rule to flag lazy imports that are eagerly evaluated (#​25016)
• [pylint] Standardize diagnostic message (PLR0914, PLR0917) (#​24996)

Bug fixes

• Fix F811 false positive for class methods (#​24933)
• Fix setting selection for multi-folder workspace (#​24819)
• [eradicate] Fix false positive for lines with leading whitespace (ERA001) (#​25122)
• [flake8-pyi] Fix false positive for f-string debug specifier (PYI016) (#​24098)

Rule changes

• Always include panic payload in panic diagnostic message (#​24873)
• Restrict PYI034 for in-place operations to enclosing class (#​24511)
• Improve error message for parameters that are declared global (#​24902)
• Update known stdlib (#​25103)

Performance

• [isort] Avoid constructing glob::Patterns for literal known modules (#​25123)

CLI

• Add TOML examples to --config help text (#​25013)
• Colorize ruff check 'All checks passed' (#​25085)

Configuration

• Increase max allowed value of line-length setting (#​24962)

Documentation

• Add D203 to rules that conflict with the formatter (#​25044)
• Clarify COM819 and formatter interaction (#​25045)
• Clarify that NotImplemented is a value, not an exception (F901) (#​25054)
• Update number of lint rules supported (#​24942)

Other changes

• Simplify the playground's markdown template (#​24924)

Contributors

• @​MichaReiser
• @​brian-c11
• @​Andrej730
• @​denyszhak
• @​darestack
• @​sharkdp
• @​charliermarsh
• @​EkriirkE
• @​eyupcanakman
• @​Hrk84ya
• @​thernstig
• @​ntBre

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "monthly"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.