Bump the patch group with 14 updates

[dependabot]

Bumps the patch group with 14 updates:

Package	From	To
tqdm	4.67.2	4.67.3
boto3	1.42.39	1.42.59
botocore	1.42.39	1.42.59
bermuda	0.1.6	0.1.7
napari-plugin-engine	0.2.0	0.2.1
napari-plugin-manager	0.1.9	0.1.10
parso	0.8.5	0.8.6
qtconsole	5.7.0	5.7.1
superqt	0.7.7	0.7.8
coverage	7.13.2	7.13.4
lxml-html-clean	0.4.3	0.4.4
nh3	0.3.2	0.3.3
jupyterlab	4.5.3	4.5.5
notebook	7.5.3	7.5.4

Updates tqdm from 4.67.2 to 4.67.3

Release notes

Sourced from tqdm's releases.

tqdm v4.67.3 stable

• fix py3.7 dependencies (#1706 <- #1705)

Commits

• 75bdb6c fix py3.7 compat
• See full diff in compare view

Updates boto3 from 1.42.39 to 1.42.59

Commits

• cef3033 Merge branch 'release-1.42.59'
• 463794a Bumping version to 1.42.59
• 591d881 Add changelog entries from botocore
• d327a89 Merge branch 'release-1.42.58'
• 8727558 Merge branch 'release-1.42.58' into develop
• 14eee00 Bumping version to 1.42.58
• dbe54fa Add changelog entries from botocore
• 1536571 Merge branch 'release-1.42.57'
• 8108f80 Merge branch 'release-1.42.57' into develop
• 20eb2f4 Bumping version to 1.42.57
• Additional commits viewable in compare view

Updates botocore from 1.42.39 to 1.42.59

Commits

• c204bb1 Merge branch 'release-1.42.59'
• 7e59865 Bumping version to 1.42.59
• b38a03c Update to latest models
• 97336ff Merge customizations for ARC Region switch
• f76046b Merge branch 'release-1.42.58'
• be2689a Merge branch 'release-1.42.58' into develop
• 47f8789 Bumping version to 1.42.58
• 14bc74f Update to latest models
• 8c0427a Add support for None values in list parsing (#3618)
• 86d9ec3 Merge branch 'release-1.42.57'
• Additional commits viewable in compare view

Updates bermuda from 0.1.6 to 0.1.7

Commits

• ca8ae20 Bump pypa/cibuildwheel from 3.3.0 to 3.3.1 (#125)
• eff17c1 [pre-commit.ci] pre-commit autoupdate (#131)
• e88e118 Bump astral-sh/setup-uv from 7.2.0 to 7.3.0 (#134)
• cb6c766 Bump actions/cache from 5.0.2 to 5.0.3 in the actions group (#132)
• 00607e1 Bump actions/checkout from 6.0.1 to 6.0.2 in the actions group (#130)
• 4e007a0 Bump actions/setup-python from 6.1.0 to 6.2.0 in the actions group (#129)
• 573f906 [pre-commit.ci] pre-commit autoupdate (#128)
• 034ea04 Bump actions/cache from 5.0.1 to 5.0.2 in the actions group (#127)
• 7688b04 [pre-commit.ci] pre-commit autoupdate (#124)
• c82a933 Bump astral-sh/setup-uv from 7.1.6 to 7.2.0 (#126)
• Additional commits viewable in compare view

Updates napari-plugin-engine from 0.2.0 to 0.2.1

Commits

• 67b3fb4 move return part out of finally block (#75)
• ed06229 [pre-commit.ci] pre-commit autoupdate (#73)
• 3a6cc35 [pre-commit.ci] pre-commit autoupdate (#71)
• a2385b9 ci(dependabot): bump the github-actions group across 1 directory with 4 updat...
• 870e763 [pre-commit.ci] pre-commit autoupdate (#69)
• c745090 [pre-commit.ci] pre-commit autoupdate (#64)
• 6914056 ci(dependabot): bump the github-actions group across 1 directory with 3 updat...
• 1ac9e34 Pin Github Actions actions to their hashes (#65)
• b6f1979 [Maint] Fix CI (#63)
• aa9bccd Add a more prominent deprecation to README (#61)
• Additional commits viewable in compare view

Updates napari-plugin-manager from 0.1.9 to 0.1.10

Commits

• cad2c38 Use api.napari.org instead of vercel domain (#201)
• 1c550c6 Add testing against napari 0.6.6 (#200)
• d5446cd Wrap plugin_manager imports in try/except (#195)
• 77e126d [pre-commit.ci] pre-commit autoupdate (#199)
• 42edbba ci(dependabot): bump the github-actions group across 1 directory with 8 updat...
• 58be64e [pre-commit.ci] pre-commit autoupdate (#179)
• a91be17 Allow direct entry bar to show on bundle (#196)
• ef11372 Fix ci by not using packaging in a test the checks if install is canceled (#197)
• See full diff in compare view

Updates parso from 0.8.5 to 0.8.6

Changelog

Sourced from parso's changelog.

0.8.6 (2026-02-09) ++++++++++++++++++

• Switch the type checker to Zuban. It's faster and now also checks untyped code.

Commits

• 28005a5 Upgrade to 0.8.6
• 0e774b0 Add a changelog
• cc2c562 Merge pull request #235 from davidhalter/typing
• 341a60b Upgrade zuban
• c0f6b96 Add a way to debug github CI
• 5954156 Better dependencies
• a0fa3ae Pass older Python versions
• d13000a Fix a flake8 issue
• 0b6800c Use zuban instead of Mypy
• 59f4282 Fix a typing issue
• Additional commits viewable in compare view

Updates qtconsole from 5.7.0 to 5.7.1

Commits

• aac18d2 Release 5.7.1
• e2ea771 Update changelog
• e8b3dc9 Merge pull request #649 from ccordoba12/update-readme-and-setup.py
• e2e6dfd Fix coverage status after move to the Spyder org
• 5596166 Update Readme and setup.py due to the move to the Spyder org
• f6e548e Merge pull request #647 from hlouzada/fix-kernel-restart-handling
• b652156 fix: clear console shell if kernel restarted and not died
• e606e6e fix: handle restarting state
• 7bdb672 Discard iopub_welcome message from tests (#644)
• 8b65e08 Merge pull request #646 from spyder-ide/make-workflow-reusable
• Additional commits viewable in compare view

Updates superqt from 0.7.7 to 0.7.8

Release notes

Sourced from superqt's releases.

v0.7.8

What's Changed

• chore: Group dependabot updates in a single PR by @​Czaki in pyapp-kit/superqt#321
• Update qt beckends that superqt is tested against with napari by @​Czaki in pyapp-kit/superqt#324
• ci: [pre-commit.ci] autoupdate by @​pre-commit-ci[bot] in pyapp-kit/superqt#314
• ci(dependabot): bump the actions group with 3 updates by @​dependabot[bot] in pyapp-kit/superqt#322
• fix: Update text after settings decimals in SliderLabel by @​TimMonko in pyapp-kit/superqt#323
• Fix values of slider label when range/value is set outside default by @​TimMonko in pyapp-kit/superqt#320
• fix: Use faint color for disabled on-state toggle switch by @​hanjinliu in pyapp-kit/superqt#325
• ci: [pre-commit.ci] autoupdate by @​pre-commit-ci[bot] in pyapp-kit/superqt#326

New Contributors

• @​TimMonko made their first contribution in pyapp-kit/superqt#323

Full Changelog: pyapp-kit/superqt@v0.7.7...v0.7.8

What's Changed

• chore: Group dependabot updates in a single PR by @​Czaki in pyapp-kit/superqt#321
• Update qt beckends that superqt is tested against with napari by @​Czaki in pyapp-kit/superqt#324
• ci: [pre-commit.ci] autoupdate by @​pre-commit-ci[bot] in pyapp-kit/superqt#314
• ci(dependabot): bump the actions group with 3 updates by @​dependabot[bot] in pyapp-kit/superqt#322
• fix: Update text after settings decimals in SliderLabel by @​TimMonko in pyapp-kit/superqt#323
• Fix values of slider label when range/value is set outside default by @​TimMonko in pyapp-kit/superqt#320
• fix: Use faint color for disabled on-state toggle switch by @​hanjinliu in pyapp-kit/superqt#325
• ci: [pre-commit.ci] autoupdate by @​pre-commit-ci[bot] in pyapp-kit/superqt#326

New Contributors

• @​TimMonko made their first contribution in pyapp-kit/superqt#323

Full Changelog: pyapp-kit/superqt@v0.7.7...v0.7.8

Changelog

Sourced from superqt's changelog.

v0.7.8 (2026-02-03)

Full Changelog

Fixed bugs:

• fix: Use faint color for disabled on-state toggle switch #325 (hanjinliu)
• fix: Update text after settings decimals in SliderLabel #323 (TimMonko)
• Fix values of slider label when range/value is set outside default #320 (TimMonko)

Tests & CI:

• Update qt beckends that superqt is tested against with napari #324 (Czaki)

Merged pull requests:

• ci: [pre-commit.ci] autoupdate #326 (pre-commit-ci[bot])
• ci(dependabot): bump the actions group with 3 updates #322 (dependabot[bot])
• chore: Group dependabot updates in a single PR #321 (Czaki)
• ci: [pre-commit.ci] autoupdate #314 (pre-commit-ci[bot])

Commits

• 872dff1 remove test
• 68fc56e Merge branch 'main' of https://github.com/pyapp-kit/superqt
• 1ee2305 chore: changelog v0.7.8
• b9941d6 ci: [pre-commit.ci] autoupdate (#326)
• 8d6dc33 use faint color for disabled on-state toggle switch (#325)
• cd67217 Fix values of slider label when range/value is set outside default (#320)
• 8eb941e fix: Update text after settings decimals in SliderLabel (#323)
• 20ffc3e ci(dependabot): bump the actions group with 3 updates (#322)
• e55b208 ci: [pre-commit.ci] autoupdate (#314)
• c7a894a Update qt beckends that superqt is tested against with napari (#324)
• Additional commits viewable in compare view

Updates coverage from 7.13.2 to 7.13.4

Changelog

Sourced from coverage's changelog.

Version 7.13.4 — 2026-02-09

• Fix: the third-party code fix in 7.13.3 required examining the parent directories where coverage was run. In the unusual situation that one of the parent directories is unreadable, a PermissionError would occur, as described in issue 2129_. This is now fixed.

• Fix: in test suites that change sys.path, coverage.py could fail with "RuntimeError: Set changed size during iteration" as described and fixed in pull 2130_. Thanks, Noah Fatsi.

• We now publish ppc64le wheels, thanks to Pankhudi Jain <pull 2121_>_.

.. _pull 2121: coveragepy/coveragepy#2121 .. _issue 2129: coveragepy/coveragepy#2129 .. _pull 2130: coveragepy/coveragepy#2130

.. _changes_7-13-3:

Version 7.13.3 — 2026-02-03

• Fix: in some situations, third-party code was measured when it shouldn't have been, slowing down test execution. This happened with layered virtual environments such as uv sometimes makes. The problem is fixed, closing issue 2082_. Now any directory on sys.path that is inside a virtualenv is considered third-party code.

.. _issue 2082: coveragepy/coveragepy#2082

.. _changes_7-13-2:

Commits

• 4f78d57 build: no need to publish status.json
• f8616ff docs: sample HTML for 7.13.4
• fcf8c68 docs: prep for 7.13.4
• 189ecfd docs: thanks Pankhudi Jain for ppc64le wheels #2121
• 58aade0 build: add support for ppc64le architecture (#2121)
• 8ea42c8 chore: bump actions/attest-build-provenance (#2131)
• c09595f docs: Janine put a lot of effort into debugging issue #2128
• 8ee1760 docs: Greg wrote a great issue: #2129
• 76ba043 docs: thanks, Noah Fatsi
• 371fcc5 fix: set fixed paths_list in TreeMatcher init (#2130)
• Additional commits viewable in compare view

Updates lxml-html-clean from 0.4.3 to 0.4.4

Changelog

Sourced from lxml-html-clean's changelog.

0.4.4 (2026-02-26)

Bugs fixed

• Fixed a bug where Unicode escapes in CSS were not properly decoded before security checks. This prevents attackers from bypassing filters using escape sequences.
• Fixed a security issue where <base> tags could be used for URL hijacking attacks. The <base> tag is now automatically removed whenever the <head> tag is removed (via page_structure=True or manual configuration), as <base> must be inside <head> according to HTML specifications.

Commits

• fd10d79 Add more tests for different combinations of backslashes and unicode
• 5b7e228 Restore the removal of all backslashes from styles after decoding of unicode ...
• 88da8f9 Prepare release 0.4.4
• 9c5612c Remove <base> tags to prevent URL hijacking attacks
• 2ef7326 Implement unicode escape decoding
• 7c854af Add missing Python 3.14 to classifiers
• 80cebf7 Continue using the package link
• 1cef82e Update safe sanitizer recommendation
• 79f35f4 CI: Drop Python 3.8, add 3.14
• See full diff in compare view

Updates nh3 from 0.3.2 to 0.3.3

Release notes

Sourced from nh3's releases.

v0.3.3

What's Changed

• Bump pyo3 from 0.27.1 to 0.27.2 by @​dependabot[bot] in messense/nh3#106
• Bump actions/checkout from 5 to 6 in the github-actions group by @​dependabot[bot] in messense/nh3#105
• Bump the github-actions group with 2 updates by @​dependabot[bot] in messense/nh3#108
• Add riscv64 build, and make target list more explicit by @​threexc in messense/nh3#110
• Bump pyo3 from 0.27.2 to 0.28.0 by @​dependabot[bot] in messense/nh3#111

New Contributors

• @​threexc made their first contribution in messense/nh3#110

Full Changelog: messense/nh3@v0.3.2...v0.3.3

Commits

• ff59ac4 Fix docker run in install built wheel
• 8308136 Bump version to 0.3.3
• 7d3b8f4 Bump pyo3 from 0.27.2 to 0.28.0 (#111)
• 260e1b1 Add riscv64 build, and make target list more explicit (#110)
• cbcec4f Update Python and Rust versions in Read the Docs config
• 6179e83 Bump the github-actions group with 2 updates (#108)
• 6b49487 Bump actions/checkout from 5 to 6 in the github-actions group (#105)
• b4979bc Bump pyo3 from 0.27.1 to 0.27.2 (#106)
• See full diff in compare view

Updates jupyterlab from 4.5.3 to 4.5.5

Release notes

Sourced from jupyterlab's releases.

v4.5.5

4.5.5

(Full Changelog)

Bugs fixed

• Fix theme settings broken in non-English locales #18530 (@​apoorvdarshan)
• Fix comms subshell resource management on disposal and when changing settings #18531 (@​krassowski)
• Upgrade @codemirror/view, fixing slow selection when line wrapping is enabled #18479 (@​krassowski)
• Only turn off overflow anchor when windowing is active #18503 (@​jasongrout)
• Fix table of contents navigation for Markdown files #18411 (@​itsmevichu)

Maintenance and upkeep improvements

• Update to marked 17.0.2 and mermaid 11.12.3 #18532 (@​bollwyvl, @​krassowski)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​apoorvdarshan (activity) | @​bollwyvl (activity) | @​itsmevichu (activity) | @​jasongrout (activity) | @​krassowski (activity)

v4.5.4

4.5.4

(Full Changelog)

Bugs fixed

• Avoid using system clipboard in Notebook widget #18474 (@​brichet)
• Update CodeMirror versions, fixing a few selection issues #18466 (@​krassowski)
• Fix debugger variable panel to render value 0 properly #18464 (@​itsmevichu)
• Consider both the content type and pattern match in DocumentRegistry.getFileTypeForModel() #18409 (@​krassowski)
• false in saveAs to avoid fetching file body #18379 (@​DeborahOlaboye)

Maintenance and upkeep improvements

• Bump Lumino packages to the 2026.2.5 release, fixing iframe resizing #18440 (@​jasongrout)

Documentation improvements

• Clarify notebook and cell metadata API changes in JupyterLab 4 #18304 (@​Krish-876)

... (truncated)

Commits

• 72d29f4 [ci skip] Publish 4.5.5
• 4a223c0 Backport PR #18530 on branch 4.5.x (Fix theme settings broken in non-English ...
• 2d54b65 Backport PR #18531 on branch 4.5.x (Fix comms subshell resource management on...
• 5f01903 Update to marked 17.0.2 and mermaid 11.12.3 (#18532)
• 1fa6809 Backport PR #18479 on branch 4.5.x (Upgrade @​codemirror/view, fixing slow sel...
• 277f814 Backport PR #18503 on branch 4.5.x (Only turn off overflow anchor when window...
• b824b96 Backport PR #18411 on branch 4.5.x (Fix table of contents navigation for Mark...
• 2ecc1ee [ci skip] Publish 4.5.4
• 19f81fc Backport PR #18474 on branch 4.5.x (Avoid using system clipboard in Notebook ...
• b82e6d7 Backport PR #18466 on branch 4.5.x (Update CodeMirror versions, fixing a few ...
• Additional commits viewable in compare view

Updates notebook from 7.5.3 to 7.5.4

Release notes

Sourced from notebook's releases.

v7.5.4

7.5.4

(Full Changelog)

Maintenance and upkeep improvements

• Update to JupyterLab v4.5.5 #7842 (@​jtpio)
• Fix PyO3 CI failure with Python 3.15 #7836 (@​jtpio)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​jtpio (activity)

Changelog

Sourced from notebook's changelog.

7.5.4

(Full Changelog)

Maintenance and upkeep improvements

• Update to JupyterLab v4.5.5 #7842 (@​jtpio)
• Fix PyO3 CI failure with Python 3.15 #7836 (@​jtpio)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​jtpio (activity)

Commits

• ecc3aaf Publish 7.5.4
• e5d8418 Update to JupyterLab v4.5.5 (#7842)
• 6fe4f8e Backport PR #7836: Fix PyO3 CI failure with Python 3.15 (#7837)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions