fix(deps): update minor dependencies

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
@reduxjs/toolkit (source)	2.9.2 → 2.11.2			dependencies	minor
@vitest/eslint-plugin	1.4.4 → 1.6.6			devDependencies	minor
alembic (changelog)	==1.17.2 → ==1.18.0			packages	minor
black (changelog)	==25.9.0 → ==25.12.0			dev-packages	minor
cypress (source)	15.5.0 → 15.8.2			devDependencies	minor
docker/metadata-action	v5.8.0 → v5.10.0			action	minor
docker/setup-buildx-action	v3.11.1 → v3.12.0			action	minor
eslint-plugin-testing-library	7.13.6 → 7.15.4			devDependencies	minor
flake8-bugbear (changelog)	==25.10.21 → ==25.11.29			dev-packages	minor
ipython	==9.6.0 → ==9.9.0			dev-packages	minor
ipython	==9.6.0 → ==9.9.0			packages	minor
json5 (changelog)	==0.12.1 → ==0.13.0			packages	minor
locust	==2.41.6 → ==2.43.0			dev-packages	minor	2.43.1
msw (source)	2.11.6 → 2.12.7			devDependencies	minor
mypy (changelog)	==1.18.2 → ==1.19.1			packages	minor
nox	==2025.10.16 → ==2025.11.12			dev-packages	minor
oven-sh/setup-bun	v2.0.2 → v2.1.0			action	minor
prettier (source)	3.6.2 → 3.7.4			devDependencies	minor
python-dotenv	==1.1.1 → ==1.2.1			packages	minor
renovatebot/pre-commit-hooks	42.0.3 → 42.76.4			repository	minor	42.80.1 (+9)
rollup (source)	4.52.5 → 4.55.1			overrides	minor
sass	1.93.3 → 1.97.2			dependencies	minor
styled-components (source)	6.1.19 → 6.2.0			dependencies	minor	6.3.5 (+5)
vite (source)	7.1.12 → 7.3.1			devDependencies	minor

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

reduxjs/redux-toolkit (@​reduxjs/toolkit)

v2.11.2

Compare Source

v2.11.1

Compare Source

This bugfix release fixes an issue with our internal AbortSignal handling that was reported as causing an error in a rare reset situation. We've also restructured our publishing process to use NPM Trusted Publishing, and updated our TS support matrix to only support TS 5.4+.

Changelog

Publishing Changes

We've previously done most of our releases semi-manually locally, with various release process CLI tools. With the changes to NPM publishing security and the recent wave of NPM attacks, we've updated our publishing process to solely use NPM Trusted Publishing via workflows. We've also done a hardening pass on our own CI setup.

We had done a couple releases via CI workflows previously, and later semi-manual releases caused PNPM to warn that RTK was no longer trusted. This release should be trusted and will resolve that issue.

Thanks to the e18e folks and their excellent guide at https://e18e.dev/docs/publishing for making this process easier!

TS Support Matrix Updates

We've previously mentioned rolling changes to our TS support matrix in release notes, but didn't officially document our support policy. We've added a description of the support policy (last 2 years of TS releases, matching DefinitelyTyped) and the current oldest TS version we support in the docs:

• https://redux-toolkit.js.org/introduction/getting-started#typescript
• https://redux-toolkit.js.org/usage/usage-with-typescript#introduction

As of today, we've updated the support matrix to be TS 5.4+ . As always, it's possible RTK will work if you're using an earlier version of TS, but we don't test against earlier versions and don't support any issues with those versions.

We have run an initial test with the upcoming TS 7.0 native tsgo release. We found a couple minor issues with our own TS build and test setup, but no obvious issues with using RTK with TS 7.0.

Bug Fixes

A user reported a rare edge case where the combination of resetApiState and retry() could lead to an error calling an AbortController. We've restructured our AbortController handling logic to avoid that (and simplified a bit of our internals in the process).

What's Changed

• Use trusted publishing and harden workflows by @​markerikson in #​5152
• Update TS typecheck matrix and add TS native job by @​markerikson in #​5155
• Officially document TS support by @​markerikson in #​5158
• Tweaks to AbortSignal logic by @​EskiMojo14 in #​5150

Full Changelog: reduxjs/redux-toolkit@v2.11.0...v2.11.1

v2.11.0

Compare Source

v2.10.1

Compare Source

This bugfix release fixes an issue with window access breaking in SSR due to the byte-shaving work in 2.10.

What's Changed

• Fix window SSR breakage by @​markerikson in #​5132

Full Changelog: reduxjs/redux-toolkit@v2.10.0...v2.10.1

v2.10.0

Compare Source

vitest-dev/eslint-plugin-vitest (@​vitest/eslint-plugin)

v1.6.6

Compare Source

   🚀 Features

• Add require-test-timeout rule  -  by @​hamirmahal in #​863 (0829c)

    View changes on GitHub

v1.6.5

Compare Source

   🚀 Features

• No-conditional-expect takes expect.assertions into account  -  by @​vidarc in #​840 (01f6d)

   🐞 Bug Fixes

• Treat vitest and vi the same  -  by @​G-Rath in #​851 (48aa6)
• prefer-mock-return-shorthand:
  • Ignore use of update expressions  -  by @​G-Rath in #​858 (da4b6)
  • Ignore async implementations  -  by @​G-Rath in #​857 (1881e)
  • Don't report mutable implementations  -  by @​G-Rath in #​1908 and #​855 (9636a)

    View changes on GitHub

What's Changed

• refactor: apply prettier to whole codebase by @​G-Rath in #​853
• fix: treat vitest and vi the same by @​G-Rath in #​851
• test(unbound-method): port most of the test suite by @​G-Rath in #​850
• chore: update eslint-remote-tester by @​G-Rath in #​859
• fix(prefer-mock-return-shorthand): ignore use of update expressions by @​G-Rath in #​858
• fix(prefer-mock-return-shorthand): ignore async implementations by @​G-Rath in #​857
• fix(prefer-mock-return-shorthand): don't report mutable implementations by @​G-Rath in #​855
• refactor: Require rule name in createTestingLibraryRule return type and use rule.name in tests by @​y-hsgw in #​860
• feat: no-conditional-expect takes expect.assertions into account by @​vidarc in #​840
• docs: put rule descriptions after title by @​G-Rath in #​861

New Contributors

• @​vidarc made their first contribution in #​840

Full Changelog: vitest-dev/eslint-plugin-vitest@v1.6.4...v1.6.5

v1.6.4

Compare Source

   🚀 Features

• Create new prefer-mock-return-shorthand rule  -  by @​G-Rath in #​848 (c0b72)

   🐞 Bug Fixes

• unbound-method: Ignore functions passed to vi.mocked  -  by @​G-Rath in #​849 (aa8af)

    View changes on GitHub

What's Changed

• docs(no-conditional-expect): add asymmetric matchers to example usage by @​wjhsf in #​847
• fix(unbound-method): ignore functions passed to vi.mocked by @​G-Rath in #​849
• feat: create new prefer-mock-return-shorthand rule by @​G-Rath in #​848

New Contributors

• @​wjhsf made their first contribution in #​847

Full Changelog: vitest-dev/eslint-plugin-vitest@v1.6.3...v1.6.4

v1.6.3

Compare Source

   🚀 Features

• Option to disable autofix of prefer-import-in-mock  -  by @​nunomarks in #​846 (3046a)

    View changes on GitHub

What's Changed

• feat: Option to disable autofix of prefer-import-in-mock by @​nunomarks in #​846

New Contributors

• @​nunomarks made their first contribution in #​846

Full Changelog: vitest-dev/eslint-plugin-vitest@v1.6.1...v1.6.2

v1.6.1

Compare Source

   🐞 Bug Fixes

• Treat test.extend results as test calls  -  by @​y-hsgw in #​843 (7a401)

    View changes on GitHub

What's Changed

• fix: Treat test.extend results as test calls by @​y-hsgw in #​843
• New rule: prefer-to-have-been-called-times by @​y-hsgw in #​842
• remove duplicate rules by @​veritem in #​844
• remove patched package by @​veritem in #​845

Full Changelog: vitest-dev/eslint-plugin-vitest@v1.5.4...v1.6.0

v1.5.4

Compare Source

No significant changes

    View changes on GitHub

v1.5.2

Compare Source

   🐞 Bug Fixes

• Regression for valid-title and prefer-hooks-on-top when using test.scoped  -  by @​y-hsgw in #​836 (bdf8e)

    View changes on GitHub

v1.5.1

Compare Source

   🐞 Bug Fixes

• no-alias-methods: Align no-alias-methods rule with Vitest by aliasing toThrow to toThrowError  -  by @​y-hsgw in #​832 (4ea56)

    View changes on GitHub

v1.5.0

Compare Source

   🚀 Features

• Add rule to recommended Vitest ESLint config  -  by @​y-hsgw in #​827 (bc95b)

   🐞 Bug Fixes

• consistent-test-it: Handle aliased Vitest imports when enforcing consistent test names  -  by @​y-hsgw in #​828 (54be6)

    View changes on GitHub

What's Changed

• fix(consistent-test-it): Handle aliased Vitest imports when enforcing consistent test names by @​y-hsgw in #​828
• feat: Add rule to recommended Vitest ESLint config by @​y-hsgw in #​827

Full Changelog: vitest-dev/eslint-plugin-vitest@v1.4.4...v1.5.0

psf/black (black)

v25.12.0

Compare Source

Highlights

• Black no longer supports running with Python 3.9 (#​4842)

Stable style

• Fix bug where comments preceding # fmt: off/# fmt: on blocks were incorrectly
  removed, particularly affecting Jupytext's # %% [markdown] comments (#​4845)
• Fix crash when multiple # fmt: skip comments are used in a multi-part if-clause, on
  string literals, or on dictionary entries with long lines (#​4872)
• Fix possible crash when fmt: directives aren't on the top level (#​4856)

Preview style

• Fix fmt: skip skipping the line after instead of the line it's on (#​4855)
• Remove unnecessary parentheses from the left-hand side of assignments while preserving
  magic trailing commas and intentional multiline formatting (#​4865)
• Fix fix_fmt_skip_in_one_liners crashing on with statements (#​4853)
• Fix fix_fmt_skip_in_one_liners crashing on annotated parameters (#​4854)
• Fix new lines being added after imports with # fmt: skip on them (#​4894)

Packaging

• Releases now include arm64 Windows binaries and wheels (#​4814)

Integrations

• Add output-file input to GitHub Action psf/black to write formatter output to a
  file for artifact capture and log cleanliness (#​4824)

v25.11.0

Compare Source

Highlights

• Enable base 3.14 support (#​4804)
• Add support for the new Python 3.14 t-string syntax introduced by PEP 750 (#​4805)

Stable style

• Fix bug where comments between # fmt: off and # fmt: on were reformatted (#​4811)
• Comments containing fmt directives now preserve their exact formatting instead of
  being normalized (#​4811)

Preview style

• Move multiline_string_handling from --unstable to --preview (#​4760)
• Fix bug where module docstrings would be treated as normal strings if preceded by
  comments (#​4764)
• Fix bug where python 3.12 generics syntax split line happens weirdly (#​4777)
• Standardize type comments to form # type: <value> (#​4645)
• Fix fix_fmt_skip_in_one_liners preview feature to respect # fmt: skip for compound
  statements with semicolon-separated bodies (#​4800)

Configuration

• Add no_cache option to control caching behavior. (#​4803)

Packaging

• Releases now include arm64 Linux binaries (#​4773)

Output

• Write unchanged content to stdout when excluding formatting from stdin using pipes
  (#​4610)

Blackd

• Implemented BlackDClient. This simple python client allows to easily send formatting
  requests to blackd (#​4774)

Integrations

• Enable 3.14 base CI (#​4804)
• Enhance GitHub Action psf/black to support the required-version major-version-only
  "stability" format when using pyproject.toml (#​4770)
• Improve error message for vim plugin users. It now handles independently vim version
• Vim: Warn on unsupported Vim and Python versions independently (#​4772)
• Vim: Print the import paths when importing black fails (#​4675)
• Vim: Fix handling of virtualenvs that have a different Python version (#​4675)

cypress-io/cypress (cypress)

v15.8.2

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-8-2

v15.8.1

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-8-1

v15.8.0

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-8-0

v15.7.1

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-7-1

v15.7.0

Compare Source

v15.6.0

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-6-0

docker/metadata-action (docker/metadata-action)

v5.10.0

Compare Source

• Bump @​docker/actions-toolkit from 0.66.0 to 0.68.0 in #​559 #​569
• Bump js-yaml from 3.14.1 to 3.14.2 in #​564

Full Changelog: docker/metadata-action@v5.9.0...v5.10.0

v5.9.0

Compare Source

• Add tag-names output to return tag names without image base name by @​crazy-max in #​553
• Bump @​babel/runtime-corejs3 from 7.14.7 to 7.28.2 in #​539
• Bump @​docker/actions-toolkit from 0.62.1 to 0.66.0 in #​555
• Bump brace-expansion from 1.1.11 to 1.1.12 in #​540
• Bump csv-parse from 5.6.0 to 6.1.0 in #​532
• Bump semver from 7.7.2 to 7.7.3 in in #​554
• Bump tmp from 0.2.3 to 0.2.5 in #​541

Full Changelog: docker/metadata-action@v5.8.0...v5.9.0

docker/setup-buildx-action (docker/setup-buildx-action)

v3.12.0

Compare Source

• Deprecate install input by @​crazy-max in #​455
• Bump @​docker/actions-toolkit from 0.62.1 to 0.63.0 in #​434
• Bump brace-expansion from 1.1.11 to 1.1.12 in #​436
• Bump form-data from 2.5.1 to 2.5.5 in #​432
• Bump undici from 5.28.4 to 5.29.0 in #​435

Full Changelog: docker/setup-buildx-action@v3.11.1...v3.12.0

testing-library/eslint-plugin-testing-library (eslint-plugin-testing-library)

v7.15.4

Compare Source

Bug Fixes

• deps: bump typescript-eslint to v8.51.0 (#​1171) (b8ef377)

v7.15.3

Compare Source

Bug Fixes

• deps: bump typescript-eslint to v8.50.0 (#​1164) (c23f025)

v7.15.2

Compare Source

Bug Fixes

• expose correct meta version (#​1163) (d994f0c)

v7.15.1

Compare Source

Bug Fixes

• prevent unchecked indexed access (#​1132) (d865ce0)

v7.15.0

Compare Source

Features

• bundle in CJS and ESM formats (#​1130) (166e37c), closes #​900

v7.14.0

Compare Source

Features

• prefer-user-event-setup: add new rule (#​1125) (03f8736), closes #​646

PyCQA/flake8-bugbear (flake8-bugbear)

v25.11.29

Compare Source

• B043: Add new check to state don't call delattr with constant (#​514)
• B042: ignore overloaded init, ignore if str+pickle dunder, improve README

ipython/ipython (ipython)

v9.9.0

Compare Source

v9.8.0

Compare Source

v9.7.0

Compare Source

dpranke/pyjson5 (json5)

v0.13.0

Compare Source

locustio/locust (locust)

v2.43.0

Compare Source

Full Changelog

Closed issues:

• Support for requests >=2.32.5 (compatibility with LangChain/AI ecosystem) #​3307
• Multiple select in web UI for custom arguments #​3260
• Suggestion to Add "iter_lines" Support for "FastHttpUser" in Locust #​3018

Merged pull requests:

• Provide a better error message when spawn rate is set to zero #​3317 (amadeuppereira)
• Support requests>=2.32.5, reimplement the fix previously there for only loading ssl certificates once #​3316 (amadeuppereira)
• Remove references to locust.cloud now that it is shutting down #​3314 (amadeuppereira)
• Allow users to stop test run by raising StopTest, use it on missing host in locustfile (and no --host param) #​3313 (amadeuppereira)
• Locust Cloud demo tab: update domain from auth.locust.cloud to app.locust.cloud #​3312 (andrewbaldwin44)
• Solving the iter_lines problem #​3311 (MasterKey-Pro)
• Refactor parse_options #​3310 (andrewbaldwin44)
• Capture stacktrace on KeyboardInterrupt on greenlets #​3306 (amadeuppereira)
• Bump js-yaml from 4.1.0 to 4.1.1 in /locust/webui #​3305 (dependabot[bot])
• Bump glob from 10.4.5 to 10.5.0 in /locust/webui #​3304 (dependabot[bot])

v2.42.6

Compare Source

What's Changed

• GH Actions: Bump actions/checkout from 5 to 6 in the all_dependencies group by @​dependabot[bot] in #​3287
• Fix Toml Parser Being Called on Conf Files by @​andrewbaldwin44 in #​3293
• Only log "OpenTelemetry enabled" message when success by @​amadeuppereira in #​3294
• Add otel unit tests by @​amadeuppereira in #​3295
• Log duplicate client_ready messages as debug instead of info level by @​cyberw in #​3296
• Improve tests by @​amadeuppereira in #​3297
• Add OTel documentation by @​amadeuppereira in #​3298
• Update OTel setup by @​amadeuppereira in #​3300
• Use match-case instead of gigantic if-elif statement when handling zmq messages in master-worker communication by @​cyberw in #​3299
• refactor case statements and update to use 3.10 set syntax by @​cyberw in #​3301
• Don't import pytest unless it is really needed, to speed up startup by @​cyberw in #​3302

Full Changelog: locustio/locust@2.42.5...2.42.6

v2.42.5

Compare Source

Full Changelog

Merged pull requests:

• Log when otel is enabled #​3284 (amadeuppereira)

v2.42.4

Compare Source

Full Changelog

Merged pull requests:

• Log when otel is enabled #​3284 (amadeuppereira)

v2.42.3

Compare Source

What's Changed

• Fix single line .conf files incorrectly being treated as toml by @​cyberw in #​3257
• GH Actions: update uv version, ensure uv.lock doesn't contain anything not in pyproject.toml by @​cyberw in #​3259
• Creates dependabot file to keep gh actions updated by @​jairhenrique in #​3264
• Bump the all_dependencies group with 7 updates by @​dependabot[bot] in #​3266

New Contributors

• @​jairhenrique made their first contribution in #​3264

Full Changelog: locustio/locust@2.42.2...2.42.3

v2.42.2

Compare Source

What's Changed

• fix: MQTT client_id and protocol not passed down to Client by @​ionutab in #​3252
• remove setuptools from dependencies by @​dotlambda in #​3253
• Update uv.lock by @​cyberw in #​3254
• Revert "modified ui_extra_args_dict function to pick arguments" by @​cyberw in #​3255
• Bump locust-cloud version, fixing an issue with .conf-files by @​cyberw in #​3256

New Contributors

• @​dotlambda made their first contribution in #​3253

Full Changelog: locustio/locust@2.42.1...2.42.2

v2.42.1

Compare Source

Full Changelog

Merged pull requests:

• Add VS Code Extension and k8s operator to documentation #​3251 (cyberw)
• Bump vite from 6.3.5 to 6.4.1 in /locust/webui #​3249 (dependabot[bot])
• Bumped the gRPC example server’s worker pool to 100 #​3248 (sonianuj287)
• modified ui_extra_args_dict function to pick arguments #​3245 (sonianuj287)

v2.42.0

Compare Source

What's Changed

• loosen dependency on gevent by @​bollwyvl in #​3236
• Fix reset button not working after stopping the run by @​andrewbaldwin44 in #​3238
• Added readme badge for supported python versions by @​Nirzak in #​3237
• Introduce DNSUser by @​cyberw in #​3243
• Avoid using most recent python-requests because it may introduce performance issues by @​cyberw in #​3244

New Contributors

• @​bollwyvl made their first contribution in #​3236
• @​Nirzak made their first contribution in #​3237

Full Changelog: locustio/locust@2.41.6...2.42.0

mswjs/msw (msw)

v2.12.7

Compare Source

v2.12.7 (2025-12-27)

Bug Fixes

• graphql: export the GraphQLLinkHandlers type (#​2647) (cfab780) @​kettanaito
• graphql: support TypedDocumentString as request predicate (#​2646) (494d5e8) @​kettanaito
• graphql: remove redundant DocumentNode union (#​2645) (0f6e28f) @​kettanaito

v2.12.6

Compare Source

v2.12.6 (2025-12-26)

Bug Fixes

• sse: respect the worker quiet option (#​2644) (d50f73e) @​kettanaito

v2.12.5

Compare Source

v2.12.5 (2025-12-26)

Bug Fixes

• sse: handle multi-line messages (#​2643) (1266f61) @​BSteffaniak @​kettanaito

v2.12.4

Compare Source

v2.12.4 (2025-12-03)

Bug Fixes

• handle incomplete localStorage in Node.js v25 (#​2636) (3da2c76) @​rvagg

v2.12.3

Compare Source

v2.12.3 (2025-11-23)

Bug Fixes

• publish the types used in HttpHandler (#​2560) (1af6cee) @​SerkanSipahi @​kettanaito
• update dependencies (#​2634) (9efe103) @​kettanaito
• toPublicUrl: remove search parameters in Node.js (#​2629) (18d7d3d) @​Enet4 @​kettanaito

v2.12.2

Compare Source

v2.12.2 (2025-11-14)

Bug Fixes

• node: move browser and react-native export conditions lower (#​2627) (102d85a) @​vidschofelix

v2.12.1

Compare Source

v2.12.1 (2025-11-09)

Bug Fixes

• setupWorker: fix response init in response:* events (#​2621) (7f48f21) @​jbms

v2.12.0

Compare Source

v2.12.0 (2025-11-05)

Features

• support server-sent events (SSE) (#​2299) (d5a16d8) @​kettanaito @​Andarist

<d

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[github-actions]

🎉 This PR is included in version 1.258.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀