chore(deps-py): bump the dev group across 1 directory with 4 updates

[dependabot]

Bumps the dev group with 4 updates in the / directory: ruff, hypothesis, pip and conan.

Updates ruff from 0.15.11 to 0.15.12

Release notes

Sourced from ruff's releases.

0.15.12

Release Notes

Released on 2026-04-24.

Preview features

• Implement #ruff:file-ignore file-level suppressions (#23599)
• Implement #ruff:ignore logical-line suppressions (#23404)
• Revert preview changes to displayed diagnostic severity in LSP (#24789)
• [airflow] Implement task-branch-as-short-circuit (AIR004) (#23579)
• [flake8-bugbear] Fix break/continue handling in loop-iterator-mutation (B909) (#24440)
• [pylint] Fix PLC2701 for type parameter scopes (#24576)

Rule changes

• [pandas-vet] Suggest .array as well in PD011 (#24805)

CLI

• Respect default Unix permissions for cache files (#24794)

Documentation

• [pylint] Fix PLR0124 description not to claim self-comparison always returns the same value (#24749)
• [pyupgrade] Expand docs on reusable TypeVars and scoping (UP046) (#24153)
• Improve rules table accessibility (#24711)

Contributors

• @​dylwil3
• @​AlexWaygood
• @​woodruffw
• @​avasis-ai
• @​Dev-iL
• @​denyszhak
• @​ShipItAndPray
• @​anishgirianish
• @​augustelalande
• @​amyreese
• @​majiayu000

Install ruff 0.15.12

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.12/ruff-installer.sh | sh

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.12

Released on 2026-04-24.

Preview features

• Implement #ruff:file-ignore file-level suppressions (#23599)
• Implement #ruff:ignore logical-line suppressions (#23404)
• Revert preview changes to displayed diagnostic severity in LSP (#24789)
• [airflow] Implement task-branch-as-short-circuit (AIR004) (#23579)
• [flake8-bugbear] Fix break/continue handling in loop-iterator-mutation (B909) (#24440)
• [pylint] Fix PLC2701 for type parameter scopes (#24576)

Rule changes

• [pandas-vet] Suggest .array as well in PD011 (#24805)

CLI

• Respect default Unix permissions for cache files (#24794)

Documentation

• [pylint] Fix PLR0124 description not to claim self-comparison always returns the same value (#24749)
• [pyupgrade] Expand docs on reusable TypeVars and scoping (UP046) (#24153)
• Improve rules table accessibility (#24711)

Contributors

• @​dylwil3
• @​AlexWaygood
• @​woodruffw
• @​avasis-ai
• @​Dev-iL
• @​denyszhak
• @​ShipItAndPray
• @​anishgirianish
• @​augustelalande
• @​amyreese
• @​majiayu000

Commits

• 66f93cf Bump 0.15.12 (#24815)
• 476a4d0 [ty] Complete support for more detailed diagnostics on possibly unbound error...
• ed669ea Implement #ruff:file-ignore file-level suppressions (#23599)
• e73d952 [ty] Include inferred type in invalid-key concise diagnostic for union/inte...
• 80feb29 [ty] report only dead annotation-only locals as unused (#24811)
• 0fbf2bc Drop deprecated license classifier (#24808)
• 43b174c [ty] Infer lambda parameter types with Callable type context (#24317)
• 4f449ae [ty] Add error context for intersection types (#24772)
• 5b4e753 [ty] Add support for goto in literal enum member inlay hint (#24792)
• e7cc762 [ty] Add error context for TypedDict assignments (#24790)
• Additional commits viewable in compare view

Updates hypothesis from 6.152.1 to 6.152.4

Release notes

Sourced from hypothesis's releases.

Hypothesis for Python - version 6.152.4

This patch fixes a rare internal error during "Phase.explain" introduced in version 6.149.0 for certain strategies (issue #4708).

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.152.3

The "hypothesis-urandom" backend now reads from "/dev/urandom" with buffering disabled, which improves the control of those hooking "/dev/urandom" to change or read Hypothesis's random decisions.

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.152.2

This release further improves printing of generated values, building on the changes in version 6.151.11.

Principle changes:

• In many cases where we would have printed a complex expression producing a value, we now print the repr (or a pretty-printed version of it).

• Additionally, in some cases where we would print a complex expression that involved a lambda, we are now able to simplify that expression into a more readable one.

The canonical version of these notes (with links) is on readthedocs.

Commits

• 84f92dc Bump hypothesis-python version to 6.152.4 and update changelog
• c6814df Merge pull request #4717 from HypothesisWorks/DRMacIver/issue4708
• 82e9446 Address PR review feedback
• c77d7e7 Merge pull request #4719 from Liam-DeVoe/fix-mobile-word-wrapping
• 609de04 Bump hypothesis-python version to 6.152.3 and update changelog
• 902f1ba Merge pull request #4720 from Liam-DeVoe/urandom-disable-buffering
• da81118 claude: open /dev/urandom with buffering=0 in URandomProvider
• 4d6a7f0 fix footnote overflow on mobile
• 80fada3 Merge pull request #4714 from HypothesisWorks/DRMacIver/uv
• 4b554b0 Fix AssertionError in Shrinker.explain() for unstable span labels
• Additional commits viewable in compare view

Updates pip from 26.0.1 to 26.1.1

Changelog

Sourced from pip's changelog.

26.1.1 (2026-05-04)

Bug Fixes

• Fix issue where uninstallation left behind empty directories. Revert the removal of the adjacent __pycache__ directory when a .py file is removed. ([#13973](https://github.com/pypa/pip/issues/13973) <https://github.com/pypa/pip/issues/13973>_)

26.1 (2026-04-26)

Deprecations and Removals

• Drop support for Python 3.9. ([#13795](https://github.com/pypa/pip/issues/13795) <https://github.com/pypa/pip/issues/13795>_)

Features

• Add experimental support to read requirements from standardized pylock.toml files (-r pylock.toml). ([#13876](https://github.com/pypa/pip/issues/13876) <https://github.com/pypa/pip/issues/13876>_)
• Allow --uploaded-prior-to to accept a duration in days (e.g., P3D for 3 days ago). ([#13674](https://github.com/pypa/pip/issues/13674) <https://github.com/pypa/pip/issues/13674>_)

Enhancements

• Speed up dependency resolution when there are complex conflicts. ([#13859](https://github.com/pypa/pip/issues/13859) <https://github.com/pypa/pip/issues/13859>_)
• Reduce memory usage when resolving large dependency trees. ([#13843](https://github.com/pypa/pip/issues/13843) <https://github.com/pypa/pip/issues/13843>_)
• Emit a deprecation warning when pip imports an unexpected module after installation of a distribution has started. ([#13912](https://github.com/pypa/pip/issues/13912) <https://github.com/pypa/pip/issues/13912>_)
• Allow URL constraints to apply to requirements with extras. ([#12018](https://github.com/pypa/pip/issues/12018) <https://github.com/pypa/pip/issues/12018>_)
• Allow unpinned requirements to use hashes from constraints. Constraints like {name}=={version} --hash=... feeds into hash verification for a corresponding requirement. ([#9243](https://github.com/pypa/pip/issues/9243) <https://github.com/pypa/pip/issues/9243>_)
• Improve conflict reports that involve direct URLs. ([#13932](https://github.com/pypa/pip/issues/13932) <https://github.com/pypa/pip/issues/13932>_)
• Show all errors instead of first error for faulty dependency_groups definitions. ([#13917](https://github.com/pypa/pip/issues/13917) <https://github.com/pypa/pip/issues/13917>_)

Bug Fixes

• Fix recovery hint for missing RECORD file to use --ignore-installed instead of --force-reinstall. ([#12645](https://github.com/pypa/pip/issues/12645) <https://github.com/pypa/pip/issues/12645>_)
• Fix misleading error message when a constraint file cannot be opened. ([#13226](https://github.com/pypa/pip/issues/13226) <https://github.com/pypa/pip/issues/13226>_)
• Show the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. ([#13494](https://github.com/pypa/pip/issues/13494) <https://github.com/pypa/pip/issues/13494>_)
• Remove the adjacent __pycache__ directory when a .py file is removed. ([#13725](https://github.com/pypa/pip/issues/13725) <https://github.com/pypa/pip/issues/13725>_)
• Force UTF-8 encoding for :pep:723 metadata. ([#13861](https://github.com/pypa/pip/issues/13861) <https://github.com/pypa/pip/issues/13861>_)
• Minor performance improvement when filtering candidates during resolution. ([#13916](https://github.com/pypa/pip/issues/13916) <https://github.com/pypa/pip/issues/13916>_)
• Fix a hang on Windows when stdout is closed during verbose output. ([#13927](https://github.com/pypa/pip/issues/13927) <https://github.com/pypa/pip/issues/13927>_)
• Common path prefixes are determined by path segment, not character by character. ([#13847](https://github.com/pypa/pip/issues/13847) <https://github.com/pypa/pip/issues/13847>_)
• Fix installing .tar.gz source distributions that look like a zip file. ([#13867](https://github.com/pypa/pip/issues/13867) <https://github.com/pypa/pip/issues/13867>_)

... (truncated)

Commits

• 4432a37 Bump for release
• 4943e17 Merge pull request #13973 from pypa/revert-13725-vfazio-remove-all-optimizati...
• e9e7b90 Add news
• 0ff6964 Revert "Remove pycache when package is removed"
• cc6b082 Merge pull request #13951 from sbidoul/release/26.1
• b2671f1 Bump for development
• 90b2b3e Bump for release
• 193f289 Update AUTHORS.txt
• 63c3709 Merge pull request #13876 from sbidoul/install-from-pylock-reqs-sbi
• e5fe702 Merge pull request #13949 from pypa/revert-13888-resolver-editable-links
• Additional commits viewable in compare view

Updates conan from 2.27.1 to 2.28.1

Release notes

Sourced from conan's releases.

2.28.1 (30-Apr-2026)

• Bugfix: Fix regression for downloads without sha256. (conan-io/conan#19934)

2.28.0 (28-Apr-2026)

• Feature: conan upload --allow-disabled to allow uploading to a disabled remote. (conan-io/conan#19916)
• Feature: Allow using patch-ng 1.19 to incorporate fixes (conan-io/conan#19913)
• Feature: Use a OR policy between core:policies and recipe required_conan_version. (conan-io/conan#19907). Docs: 📃
• Feature: conan config install-pkg --insecure new feature. Also supported for conanconfig.yml files (conan-io/conan#19900). Docs: 📃
• Feature: Introduce policies in core:policies conf to control Conan behaviour. (conan-io/conan#19892). Docs: 📃
• Feature: Colorize output of conan config list and conan config show (conan-io/conan#19889)
• Feature: Add ability to show transitive requires in conan graph info ... -f=html output (conan-io/conan#19884)
• Feature: Add ability to show node subgraph in conan graph info ... -f=html output (conan-io/conan#19884)
• Feature: Add ability to filter by file extensions in conan report diff ... -f=html output (conan-io/conan#19884)
• Feature: New compiler flags flags_map() Python plugin to be able to translate, remove or handle compiler flags coming from compatible binaries built with a different compiler trying to inject compiler flags for that compiler. (conan-io/conan#19879). Docs: 📃
• Feature: tools.build:install_strip now accepts a list of possible build systems (conan-io/conan#19874). Docs: 📃
• Feature: Add new "certified" variant to settings VxWorks and new "safe" variant to Neutrino (conan-io/conan#19861)
• Feature: Allow patterns for recipe names in --update flag (conan-io/conan#19856)
• Feature: Add --strict flag to conan remote auth. (conan-io/conan#19848). Docs: 📃
• Feature: Avoid detecting default package manager when overridden from profile (conan-io/conan#19847)
• Feature: Add new experimental contextual output for conan export command (conan-io/conan#19836)
• Feature: Added default package manager for CachyOS. (conan-io/conan#19788)
• Feature: Introduce new consistent=True requirement trait to be able to have diamond structures for visible=False requirements. (conan-io/conan#19286). Docs: 📃
• Fix: Test publishing Conan wheels to test PyPi. (conan-io/conan#19906)
• Fix: Ignore local package lockfiles in conan workspace install/build and use consistently a global lockfile if provided or found by default. (conan-io/conan#19896)
• Fix: Force --order-by in conan graph build-order. Old deprecated behaviour can be restored until Conan 2.32 with the deprecated_build_order_args policy (conan-io/conan#19892). Docs: 📃
• Fix: Remove support for empty version ranges. Old deprecated behaviour can be restored until Conan 2.32 with the deprecated_empty_version_range policy (conan-io/conan#19892). Docs: 📃
• Fix: Remove deprecated system_tools profile section (conan-io/conan#19877)
• Fix: Remove deprecated detect_compiler method in detect api (conan-io/conan#19877)
• Fix: Remove deprecated deploy folder in conan home (conan-io/conan#19877)
• Fix: Remove deprecated methods from PackagesList (conan-io/conan#19877)
• Fix: Remove deprecated cmake_set_interface_link_directories property (conan-io/conan#19877)
• Fix: Remove deprecated Node::dependencies method (conan-io/conan#19877)
• Fix: Warn when credentials environment variables are set but not used because the server accepted anonymous access and point users to add --force to force authentication. (conan-io/conan#19872)
• Fix: Documenting CommandAPI and better docs for ProfilesAPI (conan-io/conan#19871)
• Fix: Fix output of options with "error" in its name in conan list command. (conan-io/conan#19867)
• Fix: Forward underlying system package manager error messages (conan-io/conan#19858)
• Fix: Deprecate build_requires, use tool_requires instead (conan-io/conan#19849). Docs: 📃
• Fix: Inline transitive dependencies to avoid Xcode recursion crashes. (conan-io/conan#19844). Docs: 📃
• Fix: finalize() output folder should be printed only once (conan-io/conan#19834)
• Fix: Change default core.download:retry_wait from 0 to 1 second. Document retry conf defaults for conan config list (conan-io/conan#19830)
• Fix: Use user locale in conan list ... -f=html output. (conan-io/conan#19828)
• Fix: Avoid subtle errors with casing errors like requires("myPkg/[*]") using version ranges. (conan-io/conan#19799)
• Fix: Add support for Xcode 26.4 with Apple Clang 21. (conan-io/conan#19795)
• Fix: Add -ur/-ubr/-upr for conan lock upgrade as short forms for --update-requires, etc. (conan-io/conan#19791)
• Fix: Propagate build requirement run trait to upstream shared dependency. (conan-io/conan#19751)
• Fix: Make components from same package full link in CMakeConfigDeps. (conan-io/conan#19641)
• Bugfix: Solve crash of conan workspace install/build --lockfile=mylock --lockfile-partial (conan-io/conan#19896)
• Bugfix: conan install --lockfile=xxxx will raise if the lockfile contains config_requires and the current installed configuration packages do not align with it (conan-io/conan#19875). Docs: 📃
• Bugfix: Change propagation on bindirs for VirtualBuildEnv respecting requirement run trait, based on the new required_conan_version=">=2.28" recipe version or global.conf using core:policies=["required_conan_version>=2.28"] (conan-io/conan#19849). Docs: 📃
• Bugfix: Solve incorrect .ps1 file generation when unsetting the conf with -c tools.env.virtualenv:powershell=!. (conan-io/conan#19820)

... (truncated)

Commits

• d6abf87 Fix regression for downloads without sha256 (#19934)
• 77a2ac4 Conan 2.28.1
• 058dfec conan 2.28.0
• 717f1c1 Remove deprecated_conanfile_path_methods (#19919)
• 69d0e84 Use a OR policy between core:required_conan_version and recipe ``required...
• 4fb7de4 Inline transitive dependencies to avoid Xcode recursion crashes (#19844)
• 48dca6c Proposing new flags plugin for compatibility (#19879)
• 0b8d92e allow upload to disabled remotes (#19916)
• 84ccc2a experiment with visible=False trait equivalence (#19286)
• fe43ada Allow using patch-ng 1.19 as a dependency (#19913)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 83.81%. Comparing base (394a610) to head (f46565a).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1575   +/-   ##
=======================================
  Coverage   83.81%   83.81%           
=======================================
  Files         188      188           
  Lines       29062    29062           
  Branches    27936    27936           
=======================================
  Hits        24359    24359           
  Misses       3541     3541           
  Partials     1162     1162           

Flag	Coverage Δ
python	92.39% <ø> (ø)
qis-compiler	91.66% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.