Bump the minor-and-patch group with 4 updates

[dependabot]

Bumps the minor-and-patch group with 4 updates: pypdf, pytest-cov, ty and git-changelog.

Updates pypdf from 6.9.0 to 6.9.1

Release notes

Sourced from pypdf's releases.

Version 6.9.1, 2026-03-17

What's new

Security (SEC)

• Improve performance and limit length of array-based content streams (#3686) by @​stefan6419846

Full Changelog

Changelog

Sourced from pypdf's changelog.

Version 6.9.1, 2026-03-17

Security (SEC)

• Improve performance and limit length of array-based content streams (#3686)

Full Changelog

Commits

• 0e5157c REL: 6.9.1
• 0b5d05d SEC: Improve performance and limit length of array-based content streams (#3686)
• 87aa1d4 DEV: Remove unused reverse encoding dicts (#3685)
• 84f5266 MAINT: Use placeholder-based approach for logger_error (#3673)
• See full diff in compare view

Updates pytest-cov from 7.0.0 to 7.1.0

Changelog

Sourced from pytest-cov's changelog.

7.1.0 (2026-03-21)

• Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See [#641](https://github.com/pytest-dev/pytest-cov/issues/641) <https://github.com/pytest-dev/pytest-cov/issues/641>_.

• Improve handling of ResourceWarning from sqlite3.

  The plugin adds warning filter for sqlite3 ResourceWarning unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.

  With this fix one can suppress ResourceWarning from sqlite3 from command line::

  pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...

• Various improvements to documentation. Contributed by Art Pelling in [#718](https://github.com/pytest-dev/pytest-cov/issues/718) <https://github.com/pytest-dev/pytest-cov/pull/718>_ and "vivodi" in [#738](https://github.com/pytest-dev/pytest-cov/issues/738) <https://github.com/pytest-dev/pytest-cov/pull/738>. Also closed [#736](https://github.com/pytest-dev/pytest-cov/issues/736) <https://github.com/pytest-dev/pytest-cov/issues/736>.

• Fixed some assertions in tests. Contributed by in Markéta Machová in [#722](https://github.com/pytest-dev/pytest-cov/issues/722) <https://github.com/pytest-dev/pytest-cov/pull/722>_.

• Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).

Commits

• 66c8a52 Bump version: 7.0.0 → 7.1.0
• f707662 Make the examples use pypy 3.11.
• 6049a78 Make context test use the old ctracer (seems the new sysmon tracer behaves di...
• 8ebf20b Update changelog.
• 861d30e Remove the backup context manager - shouldn't be needed since coverage 5.0, ...
• fd4c956 Pass the precision on the nulled total (seems that there's some caching goion...
• 78c9c4e Only run the 3.9 on older deps.
• 4849a92 Punctuation.
• 197c35e Update changelog and hopefully I don't forget to publish release again :))
• 14dc1c9 Update examples to use 3.11 and make the adhoc layout example look a bit more...
• Additional commits viewable in compare view

Updates ty from 0.0.23 to 0.0.24

Release notes

Sourced from ty's releases.

0.0.24

Release Notes

Released on 2026-03-19.

Bug fixes

• Ensure TypedDict subscripts for unknown keys return Unknown (#23926)
• Fix overflow with recursive TypeIs (#23784)
• Fix variance of frozen dataclass-transform models (#23931)

LSP server

• Improve semantic token classification for attribute access on union types (#23841)

Core type checking

• Improve performance and correctness by avoiding inferring intersection types for call arguments as a result of bidirectional inference (#23933)
• Narrow keyword arguments when unpacking dictionary instances (#23436)
• Discover /usr/local/lib dist-packages on Debian/Ubuntu (#23797)
• Sync vendored typeshed stubs (#23963). Typeshed diff

Install ty 0.0.24

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.24/ty-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ty/releases/download/0.0.24/ty-installer.ps1 | iex"

Download ty 0.0.24

File	Platform	Checksum
ty-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ty-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ty-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
ty-i686-pc-windows-msvc.zip	x86 Windows	checksum
ty-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
ty-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
ty-i686-unknown-linux-gnu.tar.gz	x86 Linux	checksum
ty-powerpc64-unknown-linux-gnu.tar.gz	PPC64 Linux	checksum
ty-powerpc64le-unknown-linux-gnu.tar.gz	PPC64LE Linux	checksum
ty-s390x-unknown-linux-gnu.tar.gz	S390x Linux	checksum

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.24

Released on 2026-03-19.

Bug fixes

• Ensure TypedDict subscripts for unknown keys return Unknown (#23926)
• Fix overflow with recursive TypeIs (#23784)
• Fix variance of frozen dataclass-transform models (#23931)

LSP server

• Improve semantic token classification for attribute access on union types (#23841)

Core type checking

• Improve performance and correctness by avoiding inferring intersection types for call arguments as a result of bidirectional inference (#23933)
• Narrow keyword arguments when unpacking dictionary instances (#23436)
• Discover /usr/local/lib dist-packages on Debian/Ubuntu (#23797)
• Sync vendored typeshed stubs (#23963). Typeshed diff

Performance

• Introduce fast path for protocol non-assignability (#23952)
• Improved generic-solver performance in cases involving overload sets (#23881)

Contributors

• @​Geo5
• @​ibraheemdev
• @​charliermarsh
• @​dcreager
• @​ollema
• @​sharkdp

Commits

• 8762330 Bump version to 0.0.24 (#3084)
• a6f24e1 Update prek dependencies (#3045)
• 95150e7 Typing FAQ: New entry explaining invariance (#3073)
• bc9e8a8 Remove the repository code of conduct in favor of the organization one (#3058)
• 3d12b2e Update astral-sh/setup-uv action to v7.6.0 (#3054)
• 64fe9c2 Update actions/attest-build-provenance action to v4 (#3046)
• 86d05eb Update docker/setup-buildx-action action to v4 (#3050)
• eb3f320 Update docker/metadata-action action to v6 (#3049)
• 7da93b8 Update docker/login-action action to v4 (#3048)
• fa4db72 Update docker/build-push-action action to v7 (#3047)
• Additional commits viewable in compare view

Updates git-changelog from 2.9.0 to 2.9.2

Release notes

Sourced from git-changelog's releases.

2.9.2

2.9.2 - 2026-03-20

Compare with 2.9.1

Bug Fixes

• Add Linux convention as choice in CLI (1bee765 by Timothée Mazzucotelli). Issue-120

2.9.1

2.9.1 - 2026-03-17

Compare with 2.9.0

Bug Fixes

• Change Debian version regex to be more permissive (2e2fd9c by Patrik Dufresne). PR-119, Signed-off-by: Patrik Dufresne patrik@ikus-soft.com

Changelog

Sourced from git-changelog's changelog.

2.9.2 - 2026-03-20

Compare with 2.9.1

Bug Fixes

• Add Linux convention as choice in CLI (1bee765 by Timothée Mazzucotelli). Issue-120

2.9.1 - 2026-03-17

Compare with 2.9.0

Bug Fixes

• Change Debian version regex to be more permissive (2e2fd9c by Patrik Dufresne). PR-119, Signed-off-by: Patrik Dufresne patrik@ikus-soft.com

Commits

• dbd8e93 chore: Prepare release 2.9.2
• 1bee765 fix: Add Linux convention as choice in CLI
• f8f4aea chore: Prepare release 2.9.1
• 2e2fd9c fix: Change Debian version regex to be more permissive
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions