fix(deps): update all non-major dependencies

[a-klos]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
@types/node (source)	22.19.7 -> 22.19.10			devDependencies	patch	22.19.11
admin-api-lib (source)	==4.2.0 -> ==4.2.0.post20260210203817			prod	patch
authlib	1.6.6 -> 1.6.7			dependencies	patch	1.6.8
bitnamilegacy/clickhouse (source)	25.2.1-debian-12-r0 -> 25.7.5-debian-12-r0				minor
black (changelog)	25.11.0 -> 25.12.0			lint	minor
black (changelog)	25.9.0 -> 25.12.0			lint	minor
boto3	1.42.39 -> 1.42.44			dependencies	patch	1.42.49 (+4)
boto3	1.42.32 -> 1.42.44			dependencies	patch	1.42.49 (+4)
botocore	1.42.32 -> 1.42.44			dependencies	patch	1.42.49 (+4)
coverage	7.10.7 -> 7.13.3			test	minor	7.13.4
coverage	7.11.3 -> 7.13.3			test	minor	7.13.4
coverage	7.13.1 -> 7.13.3			test	patch	7.13.4
daisyui (source)	5.5.16 -> 5.5.18			devDependencies	patch
debugpy (source)	1.8.17 -> 1.8.20			dev	patch
debugpy (source)	1.8.19 -> 1.8.20			dev	patch
dependency-injector	4.48.2 -> 4.48.3			dependencies	patch
deprecated	1.2.18 -> 1.3.1			dependencies	minor
docling (changelog)	2.71.0 -> 2.72.0			dependencies	minor	2.73.1 (+1)
extractor-api-lib (source)	==4.2.0 -> ==4.2.0.post20260210203817			prod	patch
fastapi (changelog)	0.128.1 -> 0.128.4			dependencies	patch	0.129.0 (+4)
fastembed	0.7.3 -> 0.7.4			dependencies	patch
flake8-pyproject (changelog)	1.2.3 -> 1.2.4			lint	patch
flake8-pytest-style (source)	2.1.0 -> 2.2.0			lint	minor
ingress-nginx	4.14.2 -> 4.14.3				patch
langchain-ollama (source, changelog)	1.0.0 -> 1.0.1			dependencies	patch
langchain-text-splitters (source, changelog)	1.0.0 -> 1.1.0			dependencies	minor
langfuse	3.10.1 -> 3.13.0			dependencies	minor	3.14.1 (+1)
langfuse/langfuse	3.150.0 -> 3.151.0				minor	3.153.0 (+1)
langfuse/langfuse-worker	3.150.0 -> 3.151.0				minor	3.153.0 (+1)
langgraph (source, changelog)	1.0.3 -> 1.0.8			dependencies	patch
numpy (changelog)	2.2.6 -> 2.4.2			dependencies	minor
ollama (source)	1.40.0 -> 1.41.0				minor	1.42.0
opencv-python-headless	4.13.0.90 -> 4.13.0.92			dependencies	patch
python	>=3.13,<3.14 -> >=3.14,<3.15			dependencies	minor
python	3.13 -> 3.14			uses-with	minor
python	3.13-bookworm -> 3.14-bookworm			final	minor
python	3.13-bookworm -> 3.14-bookworm			stage	minor
python	3.13.7-bookworm -> 3.14.3-bookworm			final	minor
python	3.13.7-bookworm -> 3.14.3-bookworm			stage	minor
qdrant-client	1.15.1 -> 1.16.2			dependencies	minor
rag-core-api (source)	==4.2.0 -> ==4.2.0.post20260210203817			prod	patch
rag-core-lib (source)	==4.2.0 -> ==4.2.0.post20260210203817			prod	patch
setuptools (changelog)	80.8.0 -> 80.10.2			dependencies	minor
stackit (source)	~> 0.79.0 -> ~> 0.80.0			required_provider	minor
starlette (changelog)	0.49.3 -> 0.52.1			dependencies	minor
starlette (changelog)	0.50.0 -> 0.52.1			dependencies	minor
tenacity	9.1.2 -> 9.1.4			dependencies	patch
torch	^2.9.0+cpu -> ^2.9.0			dependencies	minor
torchvision	^0.24.1+cpu -> ^0.25.0			dependencies	minor
unstructured	0.18.18 -> 0.18.31			dependencies	patch	0.20.2 (+1)

---

Release Notes

authlib/authlib (authlib)

v1.6.7

Compare Source

Full Changelog: authlib/authlib@v1.6.6...v1.6.7

Set supported algorithms for the default jwt instance.

psf/black (black)

v25.12.0

Compare Source

Highlights

• Black no longer supports running with Python 3.9 (#​4842)

Stable style

• Fix bug where comments preceding # fmt: off/# fmt: on blocks were incorrectly
  removed, particularly affecting Jupytext's # %% [markdown] comments (#​4845)
• Fix crash when multiple # fmt: skip comments are used in a multi-part if-clause, on
  string literals, or on dictionary entries with long lines (#​4872)
• Fix possible crash when fmt: directives aren't on the top level (#​4856)
• Preserve parentheses when # type: ignore comments would be merged with other
  comments on the same line, preventing AST equivalence failures (#​4888)

Preview style

• Fix fmt: skip skipping the line after instead of the line it's on (#​4855)
• Remove unnecessary parentheses from the left-hand side of assignments while preserving
  magic trailing commas and intentional multiline formatting (#​4865)
• Fix fix_fmt_skip_in_one_liners crashing on with statements (#​4853)
• Fix fix_fmt_skip_in_one_liners crashing on annotated parameters (#​4854)
• Fix new lines being added after imports with # fmt: skip on them (#​4894)

Packaging

• Releases now include arm64 Windows binaries and wheels (#​4814)

Integrations

• Add output-file input to GitHub Action psf/black to write formatter output to a
  file for artifact capture and log cleanliness (#​4824)

boto/boto3 (boto3)

v1.42.44

Compare Source

=======

• api-change:bedrock-data-automation-runtime: [botocore] Add OutputConfiguration to InvokeDataAutomation input and output to support S3 output
• api-change:deadline: [botocore] Adds support for tagging jobs during job creation
• api-change:iot-managed-integrations: [botocore] Adding support for Custom(General) Authorization in managed integrations for AWS IoT Device Management cloud connectors.
• api-change:partnercentral-selling: [botocore] Releasing AWS Opportunity Snapshots for SDK release.
• api-change:sagemaker: [botocore] Adding g7e instance support in Sagemaker Training

v1.42.43

Compare Source

=======

• api-change:arc-region-switch: [botocore] Updates documentation for ARC Region switch and provides stronger validation for Amazon Aurora Global Database execution block parameters.
• api-change:athena: [botocore] Reduces the minimum TargetDpus to create or update capacity reservations from 24 to 4.
• api-change:bedrock-agentcore: [botocore] Support Browser profile persistence (cookies and local storage) across sessions for AgentCore Browser.
• api-change:bedrock-agentcore-control: [botocore] Support Browser profile persistence (cookies and local storage) across sessions for AgentCore Browser.
• api-change:glue: [botocore] This release adds the capability to easily create custom AWS Glue connections to data sources with REST APIs.
• api-change:medialive: [botocore] Outputs using the AV1 codec in CMAF Ingest output groups in MediaLive now have the ability to specify a target bit depth of 8 or 10.
• api-change:neptune-graph: [botocore] Minor neptune-graph documentation changes
• api-change:ram: [botocore] Added ListSourceAssociations API. Allows RAM resource share owners to list source associations that determine which sources can access resources through service principal associations. Supports filtering by resource share ARN, source ID, source type, or status, with pagination.
• api-change:transfer: [botocore] Adds support for the customer to send custom HTTP headers and configure an AS2 Connector to receive Asynchronous MDNs from their trading partner
• api-change:workspaces: [botocore] Added support for 12 new graphics-optimized compute types - Graphics.g6 (xlarge, 2xlarge, 4xlarge, 8xlarge, 16xlarge), Graphics.gr6 (4xlarge, 8xlarge), Graphics.g6f (large, xlarge, 2xlarge, 4xlarge), and Graphics.gr6f (4xlarge).
• enhancement:HTTP session: [botocore] Set blocksize from default 16KB to 128KB if urllib3 v2 is installed

v1.42.42

Compare Source

=======

• api-change:bedrock-runtime: [botocore] Added support for structured outputs to Converse and ConverseStream APIs.
• api-change:connectcases: [botocore] Amazon Connect Cases now supports larger, multi-line text fields with up to 4,100 characters. Administrators can use the Admin UI to select the appropriate configuration (single-line or multi-line) on a per-field basis, improving case documentation capabilities.
• api-change:eks: [botocore] Update delete cluster description
• api-change:medialive: [botocore] AWS Elemental MediaLive now supports SRT listener mode for inputs and outputs, in addition to the existing SRT caller mode.
• api-change:redshift: [botocore] We have increased the maximum duration for a deferred maintenance window from 45 days to 60 days for Amazon Redshift provisioned clusters. This enhancement provides customers with greater flexibility in scheduling patching and maintenance activities while also maintaining security compliance.
• api-change:workspaces-web: [botocore] Support for configuring and managing custom domain names for WorkSpaces Secure Browser portals.
• enhancement:Validation: [botocore] Updated list validation to add fast-path for list members that only require basic type checking.

v1.42.41

Compare Source

=======

• api-change:batch: [botocore] AWS Batch Array Job Visibility feature support. Includes new statusSummaryLastUpdatedAt for array job parent DescribeJobs responses for the last time the statusSummary was updated. Includes both statusSummary and statusSummaryLastUpdatedAt in ListJobs responses for array job parents.
• api-change:dynamodb: [botocore] This change supports the creation of multi-account global tables. It adds two new arguments to CreateTable, GlobalTableSourceArn and GlobalTableSettingsReplicationMode. DescribeTable is also updated to include information about GlobalTableSettingsReplicationMode.
• api-change:endpoint-rules: [botocore] Update endpoint-rules client to latest version
• api-change:geo-maps: [botocore] Added support for optional style parameters in maps, including 3D terrain and 3D Buildings
• api-change:kinesis: [botocore] Adds StreamId parameter to AWS Kinesis Data Streams APIs that is reserved for future use.
• api-change:marketplace-catalog: [botocore] Adds support for Catalog API us-east-1 dualstack endpoint catalog-marketplace.us-east-1.api.aws
• api-change:organizations: [botocore] Updated the CloseAccount description.
• api-change:sso-admin: [botocore] Added new Region management APIs to support multi-Region replication in IAM Identity Center.

v1.42.40

Compare Source

=======

• api-change:bedrock-agentcore-control: [botocore] Adds tagging support for AgentCore Evaluations (evaluator and online evaluation config)
• api-change:cloudfront: [botocore] Add OriginMTLS support to CloudFront Distribution APIs
• api-change:mpa: [botocore] Updates to multi-party approval (MPA) service to add support for multi-factor authentication (MFA) for voting operations.

boto/botocore (botocore)

v1.42.44

Compare Source

=======

• api-change:bedrock-data-automation-runtime: Add OutputConfiguration to InvokeDataAutomation input and output to support S3 output
• api-change:deadline: Adds support for tagging jobs during job creation
• api-change:iot-managed-integrations: Adding support for Custom(General) Authorization in managed integrations for AWS IoT Device Management cloud connectors.
• api-change:partnercentral-selling: Releasing AWS Opportunity Snapshots for SDK release.
• api-change:sagemaker: Adding g7e instance support in Sagemaker Training

v1.42.43

Compare Source

=======

• api-change:arc-region-switch: Updates documentation for ARC Region switch and provides stronger validation for Amazon Aurora Global Database execution block parameters.
• api-change:athena: Reduces the minimum TargetDpus to create or update capacity reservations from 24 to 4.
• api-change:bedrock-agentcore: Support Browser profile persistence (cookies and local storage) across sessions for AgentCore Browser.
• api-change:bedrock-agentcore-control: Support Browser profile persistence (cookies and local storage) across sessions for AgentCore Browser.
• api-change:glue: This release adds the capability to easily create custom AWS Glue connections to data sources with REST APIs.
• api-change:medialive: Outputs using the AV1 codec in CMAF Ingest output groups in MediaLive now have the ability to specify a target bit depth of 8 or 10.
• api-change:neptune-graph: Minor neptune-graph documentation changes
• api-change:ram: Added ListSourceAssociations API. Allows RAM resource share owners to list source associations that determine which sources can access resources through service principal associations. Supports filtering by resource share ARN, source ID, source type, or status, with pagination.
• api-change:transfer: Adds support for the customer to send custom HTTP headers and configure an AS2 Connector to receive Asynchronous MDNs from their trading partner
• api-change:workspaces: Added support for 12 new graphics-optimized compute types - Graphics.g6 (xlarge, 2xlarge, 4xlarge, 8xlarge, 16xlarge), Graphics.gr6 (4xlarge, 8xlarge), Graphics.g6f (large, xlarge, 2xlarge, 4xlarge), and Graphics.gr6f (4xlarge).
• enhancement:HTTP session: Set blocksize from default 16KB to 128KB if urllib3 v2 is installed

v1.42.42

Compare Source

=======

• api-change:bedrock-runtime: Added support for structured outputs to Converse and ConverseStream APIs.
• api-change:connectcases: Amazon Connect Cases now supports larger, multi-line text fields with up to 4,100 characters. Administrators can use the Admin UI to select the appropriate configuration (single-line or multi-line) on a per-field basis, improving case documentation capabilities.
• api-change:eks: Update delete cluster description
• api-change:medialive: AWS Elemental MediaLive now supports SRT listener mode for inputs and outputs, in addition to the existing SRT caller mode.
• api-change:redshift: We have increased the maximum duration for a deferred maintenance window from 45 days to 60 days for Amazon Redshift provisioned clusters. This enhancement provides customers with greater flexibility in scheduling patching and maintenance activities while also maintaining security compliance.
• api-change:workspaces-web: Support for configuring and managing custom domain names for WorkSpaces Secure Browser portals.
• enhancement:Validation: Updated list validation to add fast-path for list members that only require basic type checking.

v1.42.41

Compare Source

=======

• api-change:batch: AWS Batch Array Job Visibility feature support. Includes new statusSummaryLastUpdatedAt for array job parent DescribeJobs responses for the last time the statusSummary was updated. Includes both statusSummary and statusSummaryLastUpdatedAt in ListJobs responses for array job parents.
• api-change:dynamodb: This change supports the creation of multi-account global tables. It adds two new arguments to CreateTable, GlobalTableSourceArn and GlobalTableSettingsReplicationMode. DescribeTable is also updated to include information about GlobalTableSettingsReplicationMode.
• api-change:endpoint-rules: Update endpoint-rules client to latest version
• api-change:geo-maps: Added support for optional style parameters in maps, including 3D terrain and 3D Buildings
• api-change:kinesis: Adds StreamId parameter to AWS Kinesis Data Streams APIs that is reserved for future use.
• api-change:marketplace-catalog: Adds support for Catalog API us-east-1 dualstack endpoint catalog-marketplace.us-east-1.api.aws
• api-change:organizations: Updated the CloseAccount description.
• api-change:sso-admin: Added new Region management APIs to support multi-Region replication in IAM Identity Center.

v1.42.40

Compare Source

=======

• api-change:bedrock-agentcore-control: Adds tagging support for AgentCore Evaluations (evaluator and online evaluation config)
• api-change:cloudfront: Add OriginMTLS support to CloudFront Distribution APIs
• api-change:mpa: Updates to multi-party approval (MPA) service to add support for multi-factor authentication (MFA) for voting operations.

v1.42.39

Compare Source

=======

• api-change:connect: This release adds Estimated Wait Time support to the GetContactMetrics API for Amazon Connect.
• api-change:quicksight: Improve SessionTag usage guidelines in the GenerateEmbedURLForAnonymousUser API documentation. Update the GetIdentityContext document with the region support context.

v1.42.38

Compare Source

=======

• api-change:ec2: G7e instances feature up to 8 NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs with 768 GB of memory and 5th generation Intel Xeon Scalable processors. Supporting up to 192 vCPUs, 1600 Gbps networking bandwidth with EFA, up to 2 TiB of system memory, and up to 15.2 TB of local NVMe SSD storage.
• api-change:gamelift: Amazon GameLift Servers now supports automatic scaling to and from zero instances based on game session activity. Fleets scale down to zero following a defined period of no game session activity and scale up from zero when game sessions are requested, providing an option for cost optimization.

v1.42.37

Compare Source

=======

• api-change:cognito-idp: This release adds support for a new lambda trigger to transform federated user attributes during the authentication with external identity providers on Cognito Managed Login.
• api-change:connect: Adds support for filtering search results based on tags assigned to contacts.
• api-change:ec2: SearchTransitGatewayRoutes API response now includes a NextToken field, enabling pagination when retrieving large sets of transit gateway routes. Pass the returned NextToken value in subsequent requests to retrieve the next page of results.
• api-change:lambda: We are launching ESM Metrics and logging for Kafka ESM to allow customers to monitor Kafka event processing using CloudWatch Metrics and Logs.
• api-change:mediaconnect: This release adds support for NDI flow sources in AWS Elemental MediaConnect. You can now send content to your MediaConnect transport streams directly from your NDI environment using the new NDI source type. Also adds support for LARGE 4X flow size, which can be used when creating CDI JPEG-XS flows.
• api-change:mediaconvert: This release adds a follow source mode for audio output channel count, an AES audio frame wrapping option for MXF outputs, and an option to signal DolbyVision compatibility using the SUPPLEMENTAL-CODECS tag in HLS manifests.
• api-change:s3: Adds support for the UpdateObjectEncryption API to change the server-side encryption type of objects in general purpose buckets.
• api-change:s3control: Adds support for the UpdateObjectEncryption API to change the server-side encryption type of objects in general purpose buckets.

v1.42.36

Compare Source

=======

• api-change:connect: Added support for task attachments. The StartTaskContact API now accepts file attachments, enabling customers to include files (.csv, .doc, .docx, .heic, .jfif, .jpeg, .jpg, .mov, .mp4, .pdf, .png, .ppt, .pptx, .rtf, .txt, etc.) when creating Task contacts. Supports up to 5 attachments per task.
• api-change:deadline: AWS Deadline Cloud now supports editing job names and descriptions after submission.
• api-change:ec2: Releasing new EC2 instances. C8gb and M8gb with highest EBS performance, M8gn with 600 Gbps network bandwidth, X8aedz and M8azn with 5GHz AMD processors, X8i with Intel Xeon 6 processors and up to 6TB memory, and Mac-m4max with Apple M4 Max chip for 25 percent faster builds.
• api-change:medialive: AWS Elemental MediaLive released two new features that allows customers 1) to set Output Timecode for AV1 encoder, 2) to set a Custom Epoch for CMAF Ingest and MediaPackage V2 output groups when using Pipeline Locking or Disabled Locking modes.
• api-change:sagemaker: Idle resource sharing enables teams to borrow unused compute resources in your SageMaker HyperPod cluster. This capability maximizes resource utilization by allowing teams to borrow idle compute capacity beyond their allocated compute quotas.

v1.42.35

Compare Source

=======

• api-change:connectcases: Amazon Connect now enables you to use tag-based access controls to define who can access specific cases. You can associate tags with case templates and configure security profiles to determine which users can access cases with those tags.
• api-change:ec2: DescribeInstanceTypes API response now includes an additionalFlexibleNetworkInterfaces field, the number of interfaces attachable to an instance when using flexible Elastic Network Adapter (ENA) queues in addition to the base number specified by maximumNetworkInterfaces.
• api-change:evidently: Deprecate all Evidently API for AWS CloudWatch Evidently deprecation
• api-change:groundstation: Adds support for AWS Ground Station Telemetry.

v1.42.34

Compare Source

=======

• api-change:connect: Amazon Connect now offers public APIs to programmatically configure and run automated tests for contact center experiences. Integrate testing into CICD pipelines, run multiple tests at scale, and retrieve results via API to automate validation of voice interactions and workflows.
• api-change:datazone: Added api for deleting data export configuration for a domain
• api-change:qconnect: Fixes incorrect types in the UpdateAssistantAIAgent API request, adds MESSAGE to TargetType enum, and other minor changes.

v1.42.33

Compare Source

=======

• api-change:autoscaling: This release adds support for Amazon EC2 Auto Scaling group deletion protection
• api-change:budgets: Add Budget FilterExpression and Metrics fields to DescribeBudgetPerformanceHistory to support more granular filtering options.
• api-change:dynamodb: Adds additional waiters to Amazon DynamoDB.
• api-change:ec2: Add better support for fractional GPU instances in DescribeInstanceTypes API. The new fields, logicalGpuCount, gpuPartitionSize, and workload array enable better GPU resource selection and filtering for both full and fractional GPU instance types.
• api-change:endpoint-rules: Update endpoint-rules client to latest version
• api-change:gamelift: Amazon GameLift Servers Realtime now supports Node.js 24.x runtime on the Amazon Linux 2023 operating system.
• api-change:guardduty: Adding new enum value for ScanStatusReason
• api-change:health: Updates the lower range for the maxResults request property for DescribeAffectedEntities, DescribeAffectedEntitiesForOrganization, DescribeEvents, and DescribeEventsForOrganization API request properties.
• api-change:meteringmarketplace: Customer Identifier parameter deprecation date has been removed. For new implementations, we recommend using the CustomerAWSAccountID. Your current integration will continue to work. When updating your implementation, consider migrating to CustomerAWSAccountID for improved integration.
• api-change:verifiedpermissions: Adding documentation to user guide and API documentation for how customers can create new encrypted policy stores by passing in their customer managed key during policy store creation.

coveragepy/coveragepy (coverage)

v7.13.3

Compare Source

• Fix: in some situations, third-party code was measured when it shouldn't have
  been, slowing down test execution. This happened with layered virtual
  environments such as uv sometimes makes. The problem is fixed, closing issue 2082_. Now any directory on sys.path that is inside a virtualenv is
  considered third-party code.

.. _issue 2082: #​2082

.. _changes_7-13-2:

v7.13.2

Compare Source

• Fix: when Python is installed via symlinks, for example with Homebrew, the
  standard library files could be incorrectly included in coverage reports.
  This is now fixed, closing issue 2115_.

• Fix: if a data file is created with no read permissions, the combine step
  would fail completely. Now a warning is issued and the file is skipped.
  Closes issue 2117_.

.. _issue 2115: #​2115
.. _issue 2117: #​2117

.. _changes_7-13-1:

v7.13.1

Compare Source

• Added: the JSON report now includes a "start_line" key for function and
  class regions, indicating the first line of the region in the source. Closes
  issue 2110_.

• Added: The debug data command now takes file names as arguments on the
  command line, so you can inspect specific data files without needing to set
  the COVERAGE_FILE environment variable.

• Fix: the JSON report used to report module docstrings as executed lines,
  which no other report did, as described in issue 2105_. This is now fixed,
  thanks to Jianrong Zhao.

• Fix: coverage.py uses a more disciplined approach to detecting where
  third-party code is installed, and avoids measuring it. This shouldn't change
  any behavior. If you find that it does, please get in touch.

• Performance: data files that will be combined now record their hash as part
  of the file name. This lets us skip duplicate data more quickly, speeding the
  combining step.

• Docs: added a section explaining more about what is considered a missing
  branch and how it is reported: :ref:branch_explain, as requested in issue 1597. Thanks to Ayisha Mohammed <pull 2092_>.

• Tests: the test suite misunderstood what core was being tested if
  COVERAGE_CORE wasn't set on 3.14+. This is now fixed, closing issue 2109_.

.. _issue 1597: #​1597
.. _pull 2092: #​2092
.. _issue 2105: #​2105
.. _issue 2109: #​2109
.. _issue 2110: #​2110

.. _changes_7-13-0:

v7.13.0

Compare Source

• Feature: coverage.py now supports :file:.coveragerc.toml configuration
  files. These files use TOML syntax and take priority over
  :file:pyproject.toml but lower priority than :file:.coveragerc files.
  Closes issue 1643_ thanks to Olena Yefymenko <pull 1952_>_.

• Fix: we now include a permanent .pth file which is installed with the code,
  fixing issue 2084. In 7.12.1b1 this was done incorrectly: it didn't work
  when using the source wheel (py3-none-any). This is now fixed. Thanks,
  Henry Schreiner <pull 2100_>.

• Deprecated: when coverage.py is installed, it creates three command entry
  points: coverage, coverage3, and coverage-3.10 (if installed for
  Python 3.10). The second and third of these are not needed and will
  eventually be removed. They still work for now, but print a message about
  their deprecation.

.. _issue 1643: #​1643
.. _pull 1952: #​1952
.. _pull 2100: #​2100

.. _changes_7-12-1b1:

v7.12.0

Compare Source

• The HTML report now shows separate coverage totals for statements and
  branches, as well as the usual combined coverage percentage. Thanks to Ryuta
  Otsuka for the discussion <issue 2081_>_ and the implementation <pull 2085_>_.

• The JSON report now includes separate coverage totals for statements and
  branches, thanks to Ryuta Otsuka <pull 2090_>_.

• Fix: except* clauses were not handled properly under the "sysmon"
  measurement core, causing KeyError exceptions as described in issue 2086_.
  This is now fixed.

• Fix: we now defend against aggressive mocking of open() that could cause
  errors inside coverage.py. An example of a failure is in issue 2083_.

• Fix: in unusual cases where a test suite intentionally exhausts the system's
  file descriptors to test handling errors in open(), coverage.py would
  fail when trying to open source files, as described in issue 2091_. This
  is now fixed.

• A small tweak to the HTML report: file paths now use thin spaces around
  slashes to make them easier to read.

.. _issue 2081: #​2081
.. _issue 2083: #​2083
.. _pull 2085: #​2085
.. _issue 2086: #​2086
.. _pull 2090: #​2090
.. _issue 2091: #​2091

.. _changes_7-11-3:

v7.11.3

Compare Source

• Fix: the 7.11.1 changes meant that conflicts between a requested measurement
  core and other settings would raise an error. This was a breaking change from
  previous behavior, as reported in issue 2076_ and issue 2078_.

  The previous behavior has been restored: when the requested core conflicts
  with other settings, another core is used instead, and a warning is issued.

• For contributors: the repo has moved from Ned's nedbat GitHub account_ to
  the coveragepy GitHub organization_. The default branch has changed from
  master to main.

.. _issue 2076: #​2076
.. _issue 2078: #​2078
.. _nedbat GitHub account: https://github.com/nedbat
.. _coveragepy GitHub organization: https://github.com/coveragepy

.. _changes_7-11-2:

v7.11.2

Compare Source

• Fix: using the "sysmon" measurement core in 7.11.1, if Python code was
  claimed to come from a non-Python file, a NotPython exception could be
  raised. This could happen for example with Jinja templates compiled to
  Python, as reported in issue 2077_. This is now fixed.

• Doc: corrected the first entry in the 7.11.1 changelog.

.. _issue 2077: #​2077

.. _changes_7-11-1:

v7.11.1

Compare Source

• Fix: some chanages to details of how the measurement core is chosen, and how
  conflicting settings are handled. The "sysmon" core cannot be used with some
  concurrency settings, with dynamic context, and in Python 3.12/3.13, with
  branch measurement.

  • If the core is not specified and defaults to "sysmon" (Python 3.14+), but
    other settings conflict with sysmon, then the "ctrace" core will be used
    instead with no warning. For concurrency conflicts, this used to produce an
    error, as described in issue 2064_.

  • If the "sysmon" core is explicitly requested in your configuration, but
    other settings conflict, an error is now raised. This used to produce a
    warning.

• Fix: some multi-line case clauses or for loops (and probably other
  constructs) could cause incorrect claims of missing branches with the
  sys.monitoring core, as described in issue 2070_. This is now fixed.

• Fix: when running in pytest under coverage, a breakpoint() would stop in
  the wrong frame, one level down from where it should, as described in issue 1420_. This was due to a coverage change in v6.4.1 that seemed to give a
  slight performance improvement, but I couldn't reproduce the performance
  gain, so it's been reverted, fixing the debugger problem.

• A new debug option --debug=core shows which core is in use and why.

• Split sqlite debugging information out of the sys :ref:coverage debug <cmd_debug> and :ref:cmd_run_debug options since it's bulky and not
  very useful.

• Updated the :ref:howitworks page to better describe the three different
  measurement cores.

.. _issue 1420: #​1420
.. _issue 2064: #​2064
.. _issue 2070: #​2070

.. _changes_7-11-0:

v7.11.0

[Compare Source](https://redirect.github.com/cover

---

Configuration

📅 Schedule: Branch creation - "before 4am" in timezone UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[a-klos]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: libs/extractor-api-lib/poetry.lock

Updating dependencies
Resolving dependencies...

Creating virtualenv extractor-api-lib-dSQcVejG-py3.14 in /home/ubuntu/.cache/pypoetry/virtualenvs

The current project's supported Python range (>=3.14,<3.15) is not compatible with some of the required packages Python requirement:
  - youtube-transcript-api requires Python <3.14,>=3.8, so it will not be installable for Python >=3.14,<3.15
  - youtube-transcript-api requires Python <3.14,>=3.8, so it will not be installable for Python >=3.14,<3.15
  - youtube-transcript-api requires Python <3.14,>=3.8, so it will not be installable for Python >=3.14,<3.15
  - youtube-transcript-api requires Python <3.14,>=3.8, so it will not be installable for Python >=3.14,<3.15

    Because no versions of markitdown match >0.1.3,<0.1.4 || >0.1.4,<0.1.5b1 || >0.1.5b1,<0.2.0
 and markitdown[all] (0.1.5b1) depends on youtube-transcript-api (>=1.0.0,<1.1.0), markitdown[all] (>0.1.3,<0.1.4 || >0.1.4,<0.2.0) requires youtube-transcript-api (>=1.0.0,<1.1.0).
(1) So, because markitdown[all] (0.1.3) depends on youtube-transcript-api (>=1.0.0,<1.1.0)
 and markitdown[all] (0.1.4) depends on youtube-transcript-api (>=1.0.0,<1.1.0), markitdown[all] (>=0.1.3,<0.2.0) requires youtube-transcript-api (>=1.0.0,<1.1.0).

    Because no versions of youtube-transcript-api match >1.0.0,<1.0.1 || >1.0.1,<1.0.2 || >1.0.2,<1.0.3 || >1.0.3,<1.1.0
 and youtube-transcript-api (1.0.0) requires Python <3.14,>=3.8, youtube-transcript-api is forbidden.
    And because youtube-transcript-api (1.0.1) requires Python <3.14,>=3.8, youtube-transcript-api is forbidden.
    And because youtube-transcript-api (1.0.2) requires Python <3.14,>=3.8
 and youtube-transcript-api (1.0.3) requires Python <3.14,>=3.8, youtube-transcript-api is forbidden.
    And because markitdown[all] (>=0.1.3,<0.2.0) requires youtube-transcript-api (>=1.0.0,<1.1.0) (1), markitdown is forbidden
    So, because extractor-api-lib depends on markitdown[all] (^0.1.3), version solving failed.

  * Check your dependencies Python requirement: The Python requirement can be specified via the `python` or `markers` properties

    For youtube-transcript-api, a possible solution would be to set the `python` property to "<empty>"
For youtube-transcript-api, a possible solution would be to set the `python` property to "<empty>"
For youtube-transcript-api, a possible solution would be to set the `python` property to "<empty>"
For youtube-transcript-api, a possible solution would be to set the `python` property to "<empty>"

    https://python-poetry.org/docs/dependency-specification/#python-restricted-dependencies,
    https://python-poetry.org/docs/dependency-specification/#using-environment-markers

File name: services/admin-backend/poetry.lock

Updating dependencies
Resolving dependencies...

Creating virtualenv admin-backend-usecase-example-WTtlf6Hl-py3.14 in /home/ubuntu/.cache/pypoetry/virtualenvs

Incompatible constraints in requirements of admin-backend-usecase-example (v3.4.0):
admin-api-lib @ file:///tmp/renovate/repos/github/stackitcloud/rag-template/libs/admin-api-lib (4.2.0)
admin-api-lib (==4.2.0.post20260210203817)

File name: services/document-extractor/poetry.lock

Updating dependencies
Resolving dependencies...

Creating virtualenv extractor-server-JVU6rL5B-py3.14 in /home/ubuntu/.cache/pypoetry/virtualenvs

Incompatible constraints in requirements of extractor-server (v3.4.0):
extractor-api-lib @ file:///tmp/renovate/repos/github/stackitcloud/rag-template/libs/extractor-api-lib (4.2.0)
extractor-api-lib (==4.2.0.post20260210203817)

File name: services/rag-backend/poetry.lock

Updating dependencies
Resolving dependencies...

Creating virtualenv rag-backend-usecase-example-c65mWSLL-py3.14 in /home/ubuntu/.cache/pypoetry/virtualenvs

Incompatible constraints in requirements of rag-backend-usecase-example (v3.4.0):
rag-core-api @ file:///tmp/renovate/repos/github/stackitcloud/rag-template/libs/rag-core-api (4.2.0)
rag-core-api (==4.2.0.post20260210203817)