chore(deps): bump the pip group across 1 directory with 4 updates

[dependabot]

Bumps the pip group with 4 updates in the / directory: black, filelock, ansible and cryptography.

Updates black from 24.3.0 to 26.3.1

Release notes

Sourced from black's releases.

26.3.1

Stable style

• Prevent Jupyter notebook magic masking collisions from corrupting cells by using exact-length placeholders for short magics and aborting if a placeholder can no longer be unmasked safely (#5038)

Configuration

• Always hash cache filename components derived from --python-cell-magics so custom magic names cannot affect cache paths (#5038)

Blackd

• Disable browser-originated requests by default, add configurable origin allowlisting and request body limits, and bound executor submissions to improve backpressure (#5039)

26.3.0

Stable style

• Don't double-decode input, causing non-UTF-8 files to be corrupted (#4964)
• Fix crash on standalone comment in lambda default arguments (#4993)
• Preserve parentheses when # type: ignore comments would be merged with other comments on the same line, preventing AST equivalence failures (#4888)

Preview style

• Fix bug where if guards in case blocks were incorrectly split when the pattern had a trailing comma (#4884)
• Fix string_processing crashing on unassigned long string literals with trailing commas (one-item tuples) (#4929)
• Simplify implementation of the power operator "hugging" logic (#4918)

Packaging

• Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (#4930)

Performance

• Introduce winloop for windows as an alternative to uvloop (#4996)
• Remove deprecated function uvloop.install() in favor of uvloop.new_event_loop() (#4996)
• Rename maybe_install_uvloop function to maybe_use_uvloop to simplify loop installation and creation of either a uvloop/winloop evenloop or default eventloop (#4996)

Output

... (truncated)

Changelog

Sourced from black's changelog.

Version 26.3.1

Stable style

• Prevent Jupyter notebook magic masking collisions from corrupting cells by using exact-length placeholders for short magics and aborting if a placeholder can no longer be unmasked safely (#5038)

Configuration

• Always hash cache filename components derived from --python-cell-magics so custom magic names cannot affect cache paths (#5038)

Blackd

• Disable browser-originated requests by default, add configurable origin allowlisting and request body limits, and bound executor submissions to improve backpressure (#5039)

Version 26.3.0

Stable style

• Don't double-decode input, causing non-UTF-8 files to be corrupted (#4964)
• Fix crash on standalone comment in lambda default arguments (#4993)
• Preserve parentheses when # type: ignore comments would be merged with other comments on the same line, preventing AST equivalence failures (#4888)

Preview style

• Fix bug where if guards in case blocks were incorrectly split when the pattern had a trailing comma (#4884)
• Fix string_processing crashing on unassigned long string literals with trailing commas (one-item tuples) (#4929)
• Simplify implementation of the power operator "hugging" logic (#4918)

Packaging

• Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (#4930)

Performance

• Introduce winloop for windows as an alternative to uvloop (#4996)
• Remove deprecated function uvloop.install() in favor of uvloop.new_event_loop() (#4996)
• Rename maybe_install_uvloop function to maybe_use_uvloop to simplify loop installation and creation of either a uvloop/winloop eventloop or default eventloop (#4996)

... (truncated)

Commits

• c6755bb Prepare release 26.3.1 (#5046)
• 69973fd Harden blackd browser-facing request handling (#5039)
• 4937fe6 Fix some shenanigans with the cache file and IPython (#5038)
• 2e641d1 docs: remove outdated Black Playground references (#5044)
• c014b22 Remove unused internal code (#5041)
• 0dae20b Add new changelog (#5036)
• c5c1cbd Minor release patches (#5035)
• 7e5a828 docs: clarify relationship between Black style and PEP 8 (#5025)
• 69705de docs: add clearer pyproject configuration guidance (#5026)
• 35ea679 Prepare release 26.3.0 (#5032)
• Additional commits viewable in compare view

Updates filelock from 3.13.1 to 3.20.3

Release notes

Sourced from filelock's releases.

3.20.3

What's Changed

• Fix TOCTOU symlink vulnerability in SoftFileLock by @​gaborbernat in tox-dev/filelock#465

Full Changelog: tox-dev/filelock@3.20.2...3.20.3

3.20.2

What's Changed

• Support Unix systems without O_NOFOLLOW by @​mwilliamson in tox-dev/filelock#463
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in tox-dev/filelock#464

New Contributors

• @​mwilliamson made their first contribution in tox-dev/filelock#463

Full Changelog: tox-dev/filelock@3.20.1...3.20.2

3.20.1

What's Changed

• CVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation by @​gaborbernat in tox-dev/filelock#461

Full Changelog: tox-dev/filelock@3.20.0...3.20.1

3.20.0

What's Changed

• Add tox.toml to sdist by @​mtelka in tox-dev/filelock#436
• Update docs with example by @​znichollscr in tox-dev/filelock#438
• Add 3.14 support and drop 3.9 by @​gaborbernat in tox-dev/filelock#448

New Contributors

• @​mtelka made their first contribution in tox-dev/filelock#436
• @​znichollscr made their first contribution in tox-dev/filelock#438

Full Changelog: tox-dev/filelock@3.19.1...3.20.0

3.19.1

What's Changed

• add 3.14t (free threading) to matrix by @​paultiq in tox-dev/filelock#433
• Increase test coverage by @​paultiq in tox-dev/filelock#434

... (truncated)

Changelog

Sourced from filelock's changelog.

########### Changelog ###########

---

3.29.0 (2026-04-19)

---

• ✨ feat(soft): enable stale lock detection on Windows :pr:534
• 🐛 fix(async): use single-thread executor for lock consistency :pr:533
• build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 :pr:530 - by :user:dependabot[bot]

---

3.28.0 (2026-04-14)

---

• 🐛 fix(ci): unbreak release workflow, publish to PyPI again :pr:529

---

3.26.1 (2026-04-09)

---

• 🐛 fix(asyncio): add exit to BaseAsyncFileLock and fix del loop handling :pr:518 - by :user:naarob
• build(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 :pr:525 - by :user:dependabot[bot]

---

3.26.0 (2026-04-06)

---

• ✨ feat(soft): add PID inspection and lock breaking :pr:524
• [pre-commit.ci] pre-commit autoupdate :pr:523 - by :user:pre-commit-ci[bot]
• build(deps): bump astral-sh/setup-uv from 7.6.0 to 8.0.0 :pr:522 - by :user:dependabot[bot]
• Remove persist-credentials: false from release job :pr:520
• [pre-commit.ci] pre-commit autoupdate :pr:519 - by :user:pre-commit-ci[bot]
• 🔒 ci(workflows): add zizmor security auditing :pr:517
• [pre-commit.ci] pre-commit autoupdate :pr:516 - by :user:pre-commit-ci[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:514 - by :user:pre-commit-ci[bot]

---

3.25.2 (2026-03-11)

---

• 🐛 fix(unix): suppress EIO on close in Docker bind mounts :pr:513

---

3.25.1 (2026-03-09)

---

• [pre-commit.ci] pre-commit autoupdate :pr:510 - by :user:pre-commit-ci[bot]
• 🐛 fix(win): restore best-effort lock file cleanup on release :pr:511

... (truncated)

Commits

• 41b42dd Fix TOCTOU symlink vulnerability in SoftFileLock (#465)
• f2e7d40 [pre-commit.ci] pre-commit autoupdate (#464)
• 5088854 Support Unix systems without O_NOFOLLOW (#463)
• 377f622 [pre-commit.ci] pre-commit autoupdate (#460)
• 4724d7f Fix TOCTOU symlink vulnerability in lock file creation (#461)
• cb69414 Bump actions/upload-artifact from 5 to 6 (#459)
• 0769294 Bump actions/download-artifact from 6 to 7 (#458)
• 414193a [pre-commit.ci] pre-commit autoupdate (#457)
• 1456797 [pre-commit.ci] pre-commit autoupdate (#456)
• 8d6bf90 Bump actions/checkout from 5 to 6 (#455)
• Additional commits viewable in compare view

Updates ansible from 10.7.0 to 12.2.0

Commits

• ff7b95b Ansible 12.2.0: Dependencies, changelog and porting guide (#621)
• 21dc7c1 Remove deprecated community.digitalocean from Ansible 13.0.0b1. (#620)
• 4dc8c5e Ansible 13.0.0a5: Dependencies, changelog and porting guide (#619)
• 6fda54d Bump actions/upload-artifact from 4 to 5 (#617)
• 8ad093e Bump actions/download-artifact from 5 to 6 (#616)
• e3f1851 Ansible 13.0.0a4: Dependencies, changelog and porting guide (#615)
• daac485 Bump wntrblm/nox from 2025.05.01 to 2025.10.16 (#614)
• 65d2b26 Ansible 13.0.0a3: Dependencies, changelog and porting guide (#613)
• ed34a59 Revert "Restrict ibm.storage_virtualize to < 3.1.0. (#608)" (#612)
• d5be323 Ansible 13.0.0a2: Dependencies, changelog and porting guide (#611)
• Additional commits viewable in compare view

Updates cryptography from 43.0.1 to 46.0.7

Changelog

Sourced from cryptography's changelog.

46.0.7 - 2026-04-07

* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be
  passed to APIs that accept Python buffers, which could lead to buffer
  overflow. **CVE-2026-39892**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.
.. _v46-0-6:
46.0.6 - 2026-03-25

• SECURITY ISSUE: Fixed a bug where name constraints were not applied to peer names during verification when the leaf certificate contains a wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug, including those used by the Web PKI. Credit to Oleh Konko (1seal) for reporting the issue. CVE-2026-34073

.. _v46-0-5:

46.0.5 - 2026-02-10

* An attacker could create a malicious public key that reveals portions of your
  private key when using certain uncommon elliptic curves (binary curves).
  This version now includes additional security checks to prevent this attack.
  This issue only affects binary elliptic curves, which are rarely used in
  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and
  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.
  **CVE-2026-26007**
* Support for ``SECT*`` binary elliptic curves is deprecated and will be
  removed in the next release.
.. v46-0-4:
46.0.4 - 2026-01-27

• Dropped support for win_arm64 wheels_.
• Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.

.. _v46-0-3:

46.0.3 - 2025-10-15

* Fixed compilation when using LibreSSL 4.2.0.
.. _v46-0-2:

</tr></table>

... (truncated)

Commits

• 622d672 46.0.7 release (#14602)
• 91d7288 Cherry-pick #14542 (#14543)
• 06e120e bump version for 46.0.5 release (#14289)
• 0eebb9d EC check key on cofactor > 1 (#14287)
• bedf6e1 fix openssl version on 46 branch (#14220)
• e6f44fc bump for 46.0.4 and drop win arm64 due to CI issues (#14217)
• c0af4dd release 46.0.3 (#13681)
• 99efe5a bump version for 46.0.2 (#13531)
• e735cfc release 46.0.1 (#13450)
• 4e457ff Explicitly specify python in mac uv build invocation (#13447)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.