Bump the development-dependencies group with 3 updates

[dependabot]

Bumps the development-dependencies group with 3 updates: hypothesis, jupyterlab and ruff.

Updates hypothesis from 6.139.2 to 6.140.2

Release notes

Sourced from hypothesis's releases.

Hypothesis for Python - version 6.140.2

The automatic switch to the CI "settings profile" now works under tox (for "tox >= 4.30.0").

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.140.1

This patch re-enables the warning for incompatible "shared()" strategies that was first enabled in v6.133.0 but disabled in v6.135.15.

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.140.0

"characters()" now validates that the elements of the "exclude_characters" and "include_characters" arguments are single characters, which was always assumed internally. For example, "exclude_characters=["a", "b"]" is valid while "exclude_characters=["ab"]" will now raise an error up-front.

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.139.3

Add "phase" to the hypothesis-specific metadata in observability.

The canonical version of these notes (with links) is on readthedocs.

Commits

• 275d496 Bump hypothesis-python version to 6.140.2 and update changelog
• 3b95a47 Merge pull request #4553 from Liam-DeVoe/tox-ci
• 549d8cd Bump hypothesis-python version to 6.140.1 and update changelog
• b3146b0 Merge pull request #4509 from jobh/fix_shared_strategy_warnings
• af304d9 Remove a redundant hash in calc_label
• 43a65dc Revert changes to integers/floats label calculation
• f1e78f7 Add test for coverage
• c5fa0d4 formatting, lint
• b5dc8ff Update a test
• 7cb9389 lint and flatmap
• Additional commits viewable in compare view

Updates jupyterlab from 4.4.7 to 4.4.9

Release notes

Sourced from jupyterlab's releases.

v4.4.9

4.4.9

(Full Changelog)

Bugs fixed

• Correctly dispose TerminalManager even if terminals are not available #17876 (@​krassowski)
• Fix scrolling to targets within notebook #17928 (@​krassowski)

Contributors to this release

(GitHub contributors page for this release)

@​jupyterlab-probot | @​krassowski | @​martinRenou | @​meeseeksmachine

v4.4.8

4.4.8

(Full Changelog)

Bugs fixed

• Debugger: Only send the configurationDone message once as per the DAP #17912 (@​martinRenou)
• Fix output prompt overlay height for large outputs #17863 (@​Meriem-BenIsmail)
• Prevent overlay of content from other columns when renaming a file in the file browser #17857 (@​CrafterKolyan)
• Fix notebook toolbar item order #17866 (@​Darshan808)

Maintenance and upkeep improvements

• Ignore npmjs.com in check-links #17915 (@​jtpio)

Documentation improvements

• Add JupyterCon banner and Jupyter colors #17906 (@​choldgraf)

Contributors to this release

(GitHub contributors page for this release)

@​brichet | @​github-actions | @​HaudinFlorence | @​jtpio | @​jupyterlab-probot | @​krassowski | @​martinRenou | @​meeseeksmachine | @​Meriem-BenIsmail | @​williamstein

Commits

• 9a217d0 [ci skip] Publish 4.4.9
• 80d2a2c Backport PR #17876: Correctly dispose TerminalManager even if terminals are...
• 5c06ebf Backport PR #17928: Fix scrolling to targets within notebook (#17933)
• a889bb5 [ci skip] Publish 4.4.8
• 51c585b Fix integrity
• f8841dc Merge commit from fork
• 526a3d7 Backport PR #17915: Ignore npmjs.com in check-links (#17921)
• 911ff90 Backport PR #17912: Debugger: Only send the configurationDone message once ...
• 2d0ff31 Backport PR #17906: Add JupyterCon banner and Jupyter colors (#17908)
• 276b38c Backport PR #17863: Fix output prompt overlay height for large outputs (#17889)
• Additional commits viewable in compare view

Updates ruff from 0.13.1 to 0.13.2

Release notes

Sourced from ruff's releases.

0.13.2

Release Notes

Released on 2025-09-25.

Preview features

• [flake8-async] Implement blocking-path-method (ASYNC240) (#20264)
• [flake8-bugbear] Implement map-without-explicit-strict (B912) (#20429)
• [flake8-bultins] Detect class-scope builtin shadowing in decorators, default args, and attribute initializers (A003) (#20178)
• [ruff] Implement logging-eager-conversion (RUF065) (#19942)
• Include .pyw files by default when linting and formatting (#20458)

Bug fixes

• Deduplicate input paths (#20105)
• [flake8-comprehensions] Preserve trailing commas for single-element lists (C409) (#19571)
• [flake8-pyi] Avoid syntax error from conflict with PIE790 (PYI021) (#20010)
• [flake8-simplify] Correct fix for positive maxsplit without separator (SIM905) (#20056)
• [pyupgrade] Fix UP008 not to apply when __class__ is a local variable (#20497)
• [ruff] Fix B004 to skip invalid hasattr/getattr calls (#20486)
• [ruff] Replace -nan with nan when using the value to construct a Decimal (FURB164 ) (#20391)

Documentation

• Add 'Finding ways to help' to CONTRIBUTING.md (#20567)
• Update import path to ruff-wasm-web (#20539)
• [flake8-bandit] Clarify the supported hashing functions (S324) (#20534)

Other changes

• [playground] Allow hover quick fixes to appear for overlapping diagnostics (#20527)
• [playground] Fix non‑BMP code point handling in quick fixes and markers (#20526)

Contributors

• @​BurntSushi
• @​mtshiba
• @​second-ed
• @​danparizher
• @​ShikChen
• @​PieterCK
• @​GDYendell
• @​RazerM
• @​TaKO8Ki
• @​amyreese
• @​ntbre
• @​MichaReiser

Install ruff 0.13.2

... (truncated)

Changelog

Sourced from ruff's changelog.

0.13.2

Released on 2025-09-25.

Preview features

• [flake8-async] Implement blocking-path-method (ASYNC240) (#20264)
• [flake8-bugbear] Implement map-without-explicit-strict (B912) (#20429)
• [flake8-bultins] Detect class-scope builtin shadowing in decorators, default args, and attribute initializers (A003) (#20178)
• [ruff] Implement logging-eager-conversion (RUF065) (#19942)
• Include .pyw files by default when linting and formatting (#20458)

Bug fixes

• Deduplicate input paths (#20105)
• [flake8-comprehensions] Preserve trailing commas for single-element lists (C409) (#19571)
• [flake8-pyi] Avoid syntax error from conflict with PIE790 (PYI021) (#20010)
• [flake8-simplify] Correct fix for positive maxsplit without separator (SIM905) (#20056)
• [pyupgrade] Fix UP008 not to apply when __class__ is a local variable (#20497)
• [ruff] Fix B004 to skip invalid hasattr/getattr calls (#20486)
• [ruff] Replace -nan with nan when using the value to construct a Decimal (FURB164 ) (#20391)

Documentation

• Add 'Finding ways to help' to CONTRIBUTING.md (#20567)
• Update import path to ruff-wasm-web (#20539)
• [flake8-bandit] Clarify the supported hashing functions (S324) (#20534)

Other changes

• [playground] Allow hover quick fixes to appear for overlapping diagnostics (#20527)
• [playground] Fix non‑BMP code point handling in quick fixes and markers (#20526)

Contributors

• @​BurntSushi
• @​mtshiba
• @​second-ed
• @​danparizher
• @​ShikChen
• @​PieterCK
• @​GDYendell
• @​RazerM
• @​TaKO8Ki
• @​amyreese
• @​ntbre
• @​MichaReiser

Commits

• b0bdf03 Bump 0.13.2 (#20576)
• 7331d39 Update rooster to 0.1.0 (#20575)
• 529e5fa [ty] Ecosystem analyzer: timing report (#20571)
• efbb80f [ty] Remove hack in protocol satisfiability check (#20568)
• 9f3cffc Add 'Finding ways to help' to CONTRIBUTING.md (#20567)
• 21be94a [ty] Explicitly test assignability/subtyping between unions of nominal types ...
• b7d5dc9 [ty] Add tests for interactions of @classmethod, @staticmethod, and proto...
• e1bb74b [ty] Match variadic argument to variadic parameter (#20511)
• edeb458 [ty] fallback to resolve_real_module in file_to_module (#20461)
• bea92c8 [ty] More precise type inference for dictionary literals (#20523)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions