chore(deps): bump the minor-and-patch group across 1 directory with 5 updates

[dependabot]

Bumps the minor-and-patch group with 5 updates in the / directory:

Package	From	To
algorand-python	2.7.0	2.8.0
ruff	0.11.2	0.11.9
pytest-cov	6.1.0	6.1.1
pip-audit	2.8.0	2.9.0
puyapy	4.6.1	4.8.1

Updates algorand-python from 2.7.0 to 2.8.0

Commits

• See full diff in compare view

Updates ruff from 0.11.2 to 0.11.9

Release notes

Sourced from ruff's releases.

0.11.9

Release Notes

Preview features

• Default to latest supported Python version for version-related syntax errors (#17529)
• Implement deferred annotations for Python 3.14 (#17658)
• [airflow] Fix SQLTableCheckOperator typo (AIR302) (#17946)
• [airflow] Remove airflow.utils.dag_parsing_context.get_parsing_context (AIR301) (#17852)
• [airflow] Skip attribute check in try catch block (AIR301) (#17790)
• [flake8-bandit] Mark tuples of string literals as trusted input in S603 (#17801)
• [isort] Check full module path against project root(s) when categorizing first-party imports (#16565)
• [ruff] Add new rule in-empty-collection (RUF060) (#16480)

Bug fixes

• Fix missing combine call for lint.typing-extensions setting (#17823)
• [flake8-async] Fix module name in ASYNC110, ASYNC115, and ASYNC116 fixes (#17774)
• [pyupgrade] Add spaces between tokens as necessary to avoid syntax errors in UP018 autofix (#17648)
• [refurb] Fix false positive for float and complex numbers in FURB116 (#17661)
• [parser] Flag single unparenthesized generator expr with trailing comma in arguments. (#17893)

Documentation

• Add instructions on how to upgrade to a newer Rust version (#17928)
• Update code of conduct email address (#17875)
• Add fix safety sections to PLC2801, PLR1722, and RUF013 (#17825, #17826, #17759)
• Add link to check-typed-exception from S110 and S112 (#17786)

Other changes

• Allow passing a virtual environment to ruff analyze graph (#17743)

Contributors

• @​AlexWaygood
• @​BurntSushi
• @​Gankra
• @​Glyphack
• @​InSyncWithFoo
• @​LaBatata101
• @​Lee-W
• @​MichaReiser
• @​VascoSch92
• @​abhijeetbodas2001
• @​carljm
• @​charliermarsh
• @​dcreager
• @​dhruvmanila
• @​dylwil3
• @​ercbot

... (truncated)

Changelog

Sourced from ruff's changelog.

0.11.9

Preview features

• Default to latest supported Python version for version-related syntax errors (#17529)
• Implement deferred annotations for Python 3.14 (#17658)
• [airflow] Fix SQLTableCheckOperator typo (AIR302) (#17946)
• [airflow] Remove airflow.utils.dag_parsing_context.get_parsing_context (AIR301) (#17852)
• [airflow] Skip attribute check in try catch block (AIR301) (#17790)
• [flake8-bandit] Mark tuples of string literals as trusted input in S603 (#17801)
• [isort] Check full module path against project root(s) when categorizing first-party imports (#16565)
• [ruff] Add new rule in-empty-collection (RUF060) (#16480)

Bug fixes

• Fix missing combine call for lint.typing-extensions setting (#17823)
• [flake8-async] Fix module name in ASYNC110, ASYNC115, and ASYNC116 fixes (#17774)
• [pyupgrade] Add spaces between tokens as necessary to avoid syntax errors in UP018 autofix (#17648)
• [refurb] Fix false positive for float and complex numbers in FURB116 (#17661)
• [parser] Flag single unparenthesized generator expr with trailing comma in arguments. (#17893)

Documentation

• Add instructions on how to upgrade to a newer Rust version (#17928)
• Update code of conduct email address (#17875)
• Add fix safety sections to PLC2801, PLR1722, and RUF013 (#17825, #17826, #17759)
• Add link to check-typed-exception from S110 and S112 (#17786)

Other changes

• Allow passing a virtual environment to ruff analyze graph (#17743)

0.11.8

Preview features

• [airflow] Apply auto fixes to cases where the names have changed in Airflow 3 (AIR302, AIR311) (#17553, #17570, #17571)
• [airflow] Extend AIR301 rule (#17598)
• [airflow] Update existing AIR302 rules with better suggestions (#17542)
• [refurb] Mark fix as safe for readlines-in-for (FURB129) (#17644)
• [syntax-errors] nonlocal declaration at module level (#17559)
• [syntax-errors] Detect single starred expression assignment x = *y (#17624)

Bug fixes

• [flake8-pyi] Ensure Literal[None,] | Literal[None,] is not autofixed to None | None (PYI061) (#17659)
• [flake8-use-pathlib] Avoid suggesting Path.iterdir() for os.listdir with file descriptor (PTH208) (#17715)
• [flake8-use-pathlib] Fix PTH104 false positive when rename is passed a file descriptor (#17712)
• [flake8-use-pathlib] Fix PTH116 false positive when stat is passed a file descriptor (#17709)
• [flake8-use-pathlib] Fix PTH123 false positive when open is passed a file descriptor from a function call (#17705)

... (truncated)

Commits

• 2370297 Bump 0.11.9 (#17986)
• a137cb1 [ty] Display "All checks passed!" message in green (#17982)
• 03a4d56 [ty] Change range of revealed-type diagnostic to be the range of the argume...
• 642eac4 [ty] Recursive protocols (#17929)
• c1b8757 [ty] CLI reference (#17978)
• 6cd8a49 [ty] Update salsa (#17964)
• 12ce445 [ty] Document configuration schema (#17950)
• f46ed8d [ty] Add --config CLI arg (#17697)
• 6c177e2 [ty] primer updates (#17903)
• 3d2485e [ty] fix more ecosystem/fuzzer panics with fixpoint (#17758)
• Additional commits viewable in compare view

Updates pytest-cov from 6.1.0 to 6.1.1

Changelog

Sourced from pytest-cov's changelog.

6.1.1 (2025-04-05)

• Fixed breakage that occurs when --cov-context and the no_cover marker are used together.

Commits

• 9463242 Bump version: 6.1.0 → 6.1.1
• 7f2781b Update changelog.
• a59548f Allow the context plugin to check if the controller is running or not. Fixes ...
• See full diff in compare view

Updates pip-audit from 2.8.0 to 2.9.0

Release notes

Sourced from pip-audit's releases.

v2.9.0

Added

• pip-audit now supports PEP 751 lockfiles. These lockfiles can be audited in "project" mode by passing --locked to pip-audit (#888)

Changelog

Sourced from pip-audit's changelog.

[2.9.0]

Added

• pip-audit now supports PEP 751 lockfiles. These lockfiles can be audited in "project" mode by passing --locked to pip-audit (#888)

Commits

• 89ba959 Merge pull request #890 from pypa/ww/release
• 1af5719 chore: prep 2.9.0
• 74f0102 Update README.md (#889)
• b07f28f PEP 751 support (#888)
• 97588cf build(deps): bump actions/setup-python from 5.4.0 to 5.5.0 (#886)
• 78e1e3f build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 (#885)
• 4bd5b52 build(deps): update cyclonedx-python-lib requirement (#883)
• 63c6841 build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 (#882)
• 7089879 build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 (#881)
• See full diff in compare view

Updates puyapy from 4.6.1 to 4.8.1

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[CiottiGiorgio]

@dependabot show algokit-utils ignore conditions

[dependabot]

Sorry, only users with push access can use that command.

[cusma]

@dependabot show algokit-utils ignore conditions

[dependabot]

No ignore conditions found for the dependency algokit-utils

[dependabot]

No ignore conditions found for the dependency algokit-utils

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.