chore(deps): bump the elt-common-dependencies group across 1 directory with 4 updates

[dependabot]

Bumps the elt-common-dependencies group with 4 updates in the /elt-common directory: authlib, tenacity, prek and ruff.

Updates authlib from 1.6.6 to 1.6.7

Release notes

Sourced from authlib's releases.

v1.6.7

Full Changelog: authlib/authlib@v1.6.6...v1.6.7

Set supported algorithms for the default jwt instance.

Changelog

Sourced from authlib's changelog.

Changelog

.. meta:: :description: The full list of changes between each Authlib release.

Here you can see the full list of changes between each Authlib release.

Version 1.7.0

Unreleased

• Add support for OpenID Connect RP-Initiated Logout 1.0 <https://openid.net/specs/openid-connect-rpinitiated-1_0.html>_. See :ref:specs/rpinitiated for details. :issue:500
• Per RFC 6749 Section 3.3, the scope parameter is now optional at both authorization and token endpoints. client.get_allowed_scope() is called to determine the default scope when omitted. :issue:845
• Stop support for Python 3.9, start support Python 3.14. :pr:850
• Allow AuthorizationServerMetadata.validate() to compose with RFC extension classes.
• Fix expires_at=0 being incorrectly treated as None. :issue:530
• Allow ResourceProtector decorator to be used without parentheses. :issue:604

Upgrade Guide: :ref:joserfc_upgrade.

Commits

• 38e872a chore: release 1.6.7
• b87c32e fix: remove "none" algorithm from default jwt instance
• See full diff in compare view

Updates tenacity from 9.1.2 to 9.1.4

Release notes

Sourced from tenacity's releases.

9.1.4

What's Changed

• Fix retry() annotations with async sleep= function by @​Zac-HD in jd/tenacity#555

Full Changelog: jd/tenacity@9.1.3...9.1.4

9.1.3

What's Changed

• Apply formatting to num seconds in before_sleep_log by @​aguinane in jd/tenacity#489
• Support Python 3.14 by @​sandrobonazzola in jd/tenacity#528
• Typing: Accept non-standard logger in helpers logging something by @​k4nar in jd/tenacity#540
• feat(wait): add wait_exception strategy by @​capitan-davide in jd/tenacity#541
• docs: fix syntax error in wait_chain docstring example by @​VedantMadane in jd/tenacity#548
• chore: drop Python 3.9 support (EOL) by @​Zac-HD in jd/tenacity#552
• Support async sleep for sync fn-to-retry by @​Zac-HD in jd/tenacity#551

New Contributors

• @​aguinane made their first contribution in jd/tenacity#489
• @​sandrobonazzola made their first contribution in jd/tenacity#528
• @​k4nar made their first contribution in jd/tenacity#540
• @​capitan-davide made their first contribution in jd/tenacity#541
• @​VedantMadane made their first contribution in jd/tenacity#548
• @​Zac-HD made their first contribution in jd/tenacity#552

Full Changelog: jd/tenacity@9.1.2...9.1.3

Commits

• d4e868d Fix retry() annotations with async sleep= function (#555)
• 24415eb support async sleep for sync fn (#551)
• 3bf33b4 chore: drop Python 3.9 support (EOL) (#552)
• 7027da3 chore(deps): bump the github-actions group with 2 updates (#550)
• 21ae7d0 docs: fix syntax error in wait_chain docstring example (#548)
• ef12c9e chore(deps): bump actions/checkout in the github-actions group (#547)
• c35a4b3 chore(deps): bump the github-actions group with 2 updates (#545)
• e792bba ci: fix mypy (#546)
• 0f55245 ci: remove reno requirements (#542)
• 815c34f feat(wait): add wait_exception strategy (#541)
• Additional commits viewable in compare view

Updates prek from 0.3.1 to 0.3.2

Release notes

Sourced from prek's releases.

0.3.2

Release Notes

Released on 2026-02-06.

Highlights

• prek.toml is here!

  You can now use prek.toml as an alternative to .pre-commit-config.yaml for configuring prek. prek.toml mirrors the structure of .pre-commit-config.yaml, but TOML is less error-prone. Your existing .pre-commit-config.yaml will continue to work, but for new users and new projects, prek.toml may make more sense. If you want to switch, run prek util yaml-to-toml to convert YAML configs to prek.toml. See configuration docs for details.

  For example, this config:

  repos:
    - repo: https://github.com/pre-commit/pre-commit-hooks
      rev: v6.0.0
      hooks:
        - id: check-yaml

  Can be written as prek.toml like this:

  [[repos]]
  repo = "https://github.com/pre-commit/pre-commit-hooks"
  rev = "v6.0.0"
  hooks = [ { id = "check-yaml" } ]

• serde-yaml has been replaced with serde-saphyr

  We replaced the long-deprecated serde-yaml crate with serde-saphyr for YAML parsing. It is written in safe Rust and has better error messages, performance, and security. This lets us provide precise location information for configuration parsing errors, which should make it easier to fix config issues.

  For example, this invalid config:

  repos:
    - repo: https://github.com/crate-ci/typos
      hooks:
        - id: typos

  Before:

  $ prek run
  error: Failed to parse `.pre-commit-config.yaml`
    caused by: Invalid remote repo: missing field `rev`

... (truncated)

Changelog

Sourced from prek's changelog.

0.3.2

Released on 2026-02-06.

Highlights

• prek.toml is here!

  You can now use prek.toml as an alternative to .pre-commit-config.yaml for configuring prek. prek.toml mirrors the structure of .pre-commit-config.yaml, but TOML is less error-prone. Your existing .pre-commit-config.yaml will continue to work, but for new users and new projects, prek.toml may make more sense. If you want to switch, run prek util yaml-to-toml to convert YAML configs to prek.toml. See configuration docs for details.

  For example, this config:

  repos:
    - repo: https://github.com/pre-commit/pre-commit-hooks
      rev: v6.0.0
      hooks:
        - id: check-yaml

  Can be written as prek.toml like this:

  [[repos]]
  repo = "https://github.com/pre-commit/pre-commit-hooks"
  rev = "v6.0.0"
  hooks = [ { id = "check-yaml" } ]

• serde-yaml has been replaced with serde-saphyr

  We replaced the long-deprecated serde-yaml crate with serde-saphyr for YAML parsing. It is written in safe Rust and has better error messages, performance, and security. This lets us provide precise location information for configuration parsing errors, which should make it easier to fix config issues.

  For example, this invalid config:

  repos:
    - repo: https://github.com/crate-ci/typos
      hooks:
        - id: typos

  Before:

  $ prek run
  error: Failed to parse `.pre-commit-config.yaml`
    caused by: Invalid remote repo: missing field `rev`

... (truncated)

Commits

• 71790f3 Bump version to 0.3.2 (#1587)
• 9172278 Use semver fallback sort when tag timestamps are equal (#1579)
• 294325c Remove emoji in README.md (#1589)
• dc7d09d Remove upper bound constraintof uv version (#1588)
• 72a78ee Do not make the child a session leader (#1586)
• 3fa9187 Add prek util yaml-to-toml to convert .pre-commit-config.yaml to `prek.to...
• 2314871 Bump the supported uv version upper limit to 0.11.0 (#1580)
• 4ff825e Include prek.toml in run hint for config filename (#1578)
• b516d66 Update quick start to use prek.toml (#1576)
• 60eb3f4 Document that use --refresh to pick up .prekignore changes (#1575)
• Additional commits viewable in compare view

Updates ruff from 0.14.14 to 0.15.0

Release notes

Sourced from ruff's releases.

0.15.0

Release Notes

Released on 2026-02-03.

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

• Ruff now formats your code according to the 2026 style guide. See the formatter section below or in the blog post for a detailed list of changes.

• The linter now supports block suppression comments. For example, to suppress N803 for all parameters in this function:

  # ruff: disable[N803]
  def foo(
      legacyArg1,
      legacyArg2,
      legacyArg3,
      legacyArg4,
  ): ...
  # ruff: enable[N803]

  See the documentation for more details.

• The ruff:alpine Docker image is now based on Alpine 3.23 (up from 3.21).

• The ruff:debian and ruff:debian-slim Docker images are now based on Debian 13 "Trixie" instead of Debian 12 "Bookworm."

• Binaries for the ppc64 (64-bit big-endian PowerPC) architecture are no longer included in our releases. It should still be possible to build Ruff manually for this platform, if needed.

• Ruff now resolves all extended configuration files before falling back on a default Python version.

Stabilization

The following rules have been stabilized and are no longer in preview:

• blocking-http-call-httpx-in-async-function (ASYNC212)
• blocking-path-method-in-async-function (ASYNC240)
• blocking-input-in-async-function (ASYNC250)
• map-without-explicit-strict (B912)
• if-exp-instead-of-or-operator (FURB110)
• single-item-membership-test (FURB171)
• missing-maxsplit-arg (PLC0207)
• unnecessary-lambda (PLW0108)
• unnecessary-empty-iterable-within-deque-call (RUF037)
• in-empty-collection (RUF060)
• legacy-form-pytest-raises (RUF061)
• non-octal-permissions (RUF064)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.0

Released on 2026-02-03.

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

• Ruff now formats your code according to the 2026 style guide. See the formatter section below or in the blog post for a detailed list of changes.

• The linter now supports block suppression comments. For example, to suppress N803 for all parameters in this function:

  # ruff: disable[N803]
  def foo(
      legacyArg1,
      legacyArg2,
      legacyArg3,
      legacyArg4,
  ): ...
  # ruff: enable[N803]

  See the documentation for more details.

• The ruff:alpine Docker image is now based on Alpine 3.23 (up from 3.21).

• The ruff:debian and ruff:debian-slim Docker images are now based on Debian 13 "Trixie" instead of Debian 12 "Bookworm."

• Binaries for the ppc64 (64-bit big-endian PowerPC) architecture are no longer included in our releases. It should still be possible to build Ruff manually for this platform, if needed.

• Ruff now resolves all extended configuration files before falling back on a default Python version.

Stabilization

The following rules have been stabilized and are no longer in preview:

• blocking-http-call-httpx-in-async-function (ASYNC212)
• blocking-path-method-in-async-function (ASYNC240)
• blocking-input-in-async-function (ASYNC250)
• map-without-explicit-strict (B912)
• if-exp-instead-of-or-operator (FURB110)
• single-item-membership-test (FURB171)

... (truncated)

Commits

• ce5f7b6 Bump 0.15.0 (#23055)
• b4e40f5 [ty] Fix __contains__ to respect descriptors (#23056)
• 848cb72 [ty] Fix narrowing of nonlocal variables with conditional assignments (#22966)
• da7f33a [ty] Add a diagnostic for Final without assignment (#23001)
• e65f9a6 Document markdown formatting feature (#22990)
• c0c1b98 Format markdown code blocks with line-by-line regex parse (#22996)
• 9f8f3e1 Allow positional-only params with defaults in method overrides (#23037)
• ef83810 [ty] ecosystem-analyzer: Support bare git repositories (#23054)
• 54dfee4 Customize where the fix_title sub-diagnostic appears (#23044)
• b534607 2026 Ruff Formatter Style (#22735)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions