Bump the python-packages group across 1 directory with 4 updates

[dependabot]

Updates the requirements on pytest, isort, pyright and django to permit the latest version.
Updates pytest to 9.0.0

Release notes

Sourced from pytest's releases.

9.0.0

pytest 9.0.0 (2025-11-05)

New features

• #1367: Support for subtests has been added.

  subtests <subtests> are an alternative to parametrization, useful in situations where the parametrization values are not all known at collection time.

  Example:

  def contains_docstring(p: Path) -> bool:
      """Return True if the given Python file contains a top-level docstring."""
      ...
  def test_py_files_contain_docstring(subtests: pytest.Subtests) -> None:
  for path in Path.cwd().glob("*.py"):
  with subtests.test(path=str(path)):
  assert contains_docstring(path)

  Each assert failure or error is caught by the context manager and reported individually, giving a clear picture of all files that are missing a docstring.

  In addition, unittest.TestCase.subTest is now also supported.

  This feature was originally implemented as a separate plugin in pytest-subtests, but since then has been merged into the core.

  [!NOTE] This feature is experimental and will likely evolve in future releases. By that we mean that we might change how subtests are reported on failure, but the functionality and how to use it are stable.

• #13743: Added support for native TOML configuration files.

  While pytest, since version 6, supports configuration in pyproject.toml files under [tool.pytest.ini_options], it does so in an "INI compatibility mode", where all configuration values are treated as strings or list of strings. Now, pytest supports the native TOML data model.

  In pyproject.toml, the native TOML configuration is under the [tool.pytest] table.

  # pyproject.toml
  [tool.pytest]
  minversion = "9.0"
  addopts = ["-ra", "-q"]
  testpaths = [
      "tests",
      "integration",
  ]

... (truncated)

Commits

• f4b0fd2 Prepare release version 9.0.0
• 52d8e68 Merge pull request #13889 from bluetech/regendoc-restore
• d6d3e4a doc: fixes for regendoc
• 7cb3974 doc: restore missing "# content of pytest.toml" regendoc commands
• 5ae9e47 build(deps): Bump django in /testing/plugins_integration (#13881)
• adb3658 Merge pull request #13864 from bluetech/config-cleanups-2
• a28c08e Merge pull request #13875 from bluetech/ci-tweaks
• a250954 ci: split publish-to-pypi and push-tag jobs
• ebc152f ci: update setup python's from 3.11 or 3.* to 3.13
• dfd796f ci: move running update-plugin-list script to tox
• Additional commits viewable in compare view

Updates isort from 6.1.0 to 7.0.0

Release notes

Sourced from isort's releases.

7.0.0

Changes

💥 Breaking Changes

• Drop support for Python 3.9 (#2430) @​DanielNoord

🚀 Features

• Show absolute paths in skipped file messages (#2416) @​pranlawate

🪲 Fixes

• Some fixes for Python 3.14 (#2433) @​DanielNoord
• Test on 3.14 and fix any bugs (#2425) @​DanielNoord
• Update CHANGELOG.md + Fix Formatting and Grammar (#2419) @​lukbrew25
• Fix output of hanging indent for long lines with noqa (#2407) @​matan1008

👷 Continuous Integration

• Format with ruff instead of black (#2432) @​DanielNoord
• Target 3.10 for ruff (#2431) @​DanielNoord
• Update development dependencies to latest version (#2426) @​DanielNoord
• docs: update pre-commit examples to version 6.1.0 (#2413) @​pranlawate
• Small cleanup for developer environment (#2418) @​DanielNoord

📦 Dependencies

• Bump actions/setup-python from 5 to 6 in the github-actions group (#2411) @dependabot[bot]

Changelog

Sourced from isort's changelog.

Changelog

NOTE: isort follows the semver versioning standard. Find out more about isort's release policy here.

Commits

• 0a09c78 Merge pull request #2433 from DanielNoord/python-314
• 0fee794 Add 3.14 to stdlibds
• 332a1ad Bump zstandard for 3.14 compat
• f756e56 Merge pull request #2432 from DanielNoord/ruff-it-up
• 52f5134 Format with ruff instead of black
• 012aa69 Merge pull request #2431 from DanielNoord/ruff-it-up
• 89773db Target 3.10 with ruff
• 933e382 Merge pull request #2430 from DanielNoord/drop-39
• 8b6e00c Remove support for Python 3.9
• b5f9f29 Bump profile plugin to 3.10+ and re-lock
• Additional commits viewable in compare view

Updates pyright from 1.1.406 to 1.1.407

Commits

• 53e8efb Pyright NPM Package update to 1.1.407 (#356)
• See full diff in compare view

Updates django from 5.2.7 to 5.2.8

Commits

• 47fe39a [5.2.x] Bumped version for 5.2.8 release.
• ac9fcf6 [5.2.x] Refs CVE-2025-64459 -- Avoided propagating invalid arguments to Q on ...
• 6703f36 [5.2.x] Fixed CVE-2025-64459 -- Prevented SQL injections in Q/QuerySet via th...
• 4f5d904 [5.2.x] Fixed CVE-2025-64458 -- Mitigated potential DoS in HttpResponseRedire...
• cbdf128 [5.2.x] Fixed #36704 -- Fixed system check error for proxy model with a compo...
• 6775888 [5.2.x] Fixed #36696 -- Fixed NameError when inspecting functions with deferr...
• d5dfffa [5.2.x] Added stub release notes and release date for 5.2.8, 5.1.14, and 4.2.26.
• 368f955 [5.2.x] Fixed #36681 -- Removed English pluralization bias from example in do...
• 71267c9 [5.2.x] Fixed #35095 -- Clarified Swiss number formatting in docs/topics/i18n...
• 9b37bd5 [5.2.x] Made RemoteTestResultTest.test_pickle_errors_detection() compatible w...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.