Sourced from coverage's changelog.

Version 7.13.1 — 2025-12-28

• Added: the JSON report now includes a "start_line" key for function and class regions, indicating the first line of the region in the source. Closes issue 2110_.

• Added: The debug data command now takes file names as arguments on the command line, so you can inspect specific data files without needing to set the COVERAGE_FILE environment variable.

• Fix: the JSON report used to report module docstrings as executed lines, which no other report did, as described in issue 2105_. This is now fixed, thanks to Jianrong Zhao.

• Fix: coverage.py uses a more disciplined approach to detecting where third-party code is installed, and avoids measuring it. This shouldn't change any behavior. If you find that it does, please get in touch.

• Performance: data files that will be combined now record their hash as part of the file name. This lets us skip duplicate data more quickly, speeding the combining step.

• Docs: added a section explaining more about what is considered a missing branch and how it is reported: :ref:branch_explain, as requested in issue 1597. Thanks to Ayisha Mohammed <pull 2092_>.

• Tests: the test suite misunderstood what core was being tested if COVERAGE_CORE wasn't set on 3.14+. This is now fixed, closing issue 2109_.

.. _issue 1597: coveragepy/coveragepy#1597 .. _pull 2092: coveragepy/coveragepy#2092 .. _issue 2105: coveragepy/coveragepy#2105 .. _issue 2109: coveragepy/coveragepy#2109 .. _issue 2110: coveragepy/coveragepy#2110

.. _changes_7-13-0:

• a6afdc3 docs: sample HTML for 7.13.1
• a497081 docs: prep for 7.13.1
• e992033 docs: polish up CHANGES
• 18bba6e chore: bump the action-dependencies group with 4 updates (#2111)
• 80fb808 refactor: (?x:...) lets us use re.VERBOSE even when combining later
• cc272bd docs: leave a comment so we'll find this when 3.12 is the minimum
• 70d007d types: be explicit
• a2c1940 types: fully import modules that will be patched
• 57b975d types: explicit Protocol inheritance permits changing parameter names
• 63ec12d types: clarify that morfs arguments can be a single morf
• Additional commits viewable in compare view

• e31a62b v2.6.16
• de8beb6 Merge pull request #558 from seanbudd/patch-1
• b5574ac Add support for '.xliff' file extension
• 059831f Merge pull request #555 from Roxedus/feat/ipxe
• 7e6b541 Add .ipxe extension
• 9e78792 Merge pull request #554 from pre-commit/pre-commit-ci-update-config
• a35c416 [pre-commit.ci] pre-commit autoupdate
• 5cab69e Merge pull request #553 from pre-commit/pre-commit-ci-update-config
• c8edd7e [pre-commit.ci] pre-commit autoupdate
• 47d582b Merge pull request #551 from pre-commit/pre-commit-ci-update-config
• Additional commits viewable in compare view

Sourced from importlib-metadata's changelog.

v8.7.1

Bugfixes

• Fixed errors in FastPath under fork-multiprocessing. (#520)
• Removed cruft from Python 3.8. (#524)

• 84e9028 Finalize
• 36ed6f6 Merge pull request #521 from 2xB/fix520
• f6eee56 Rely on passthrough to designate a wrapper for its side effect.
• 3c9510b Prefer noop for degenerate behavior.
• a36bab9 Avoid if block.
• 8dd2937 Decouple clear_after_fork from lru_cache and then compose.
• 1da3f45 Add news fragment.
• a1c25d8 🧎‍♀️ Genuflect to the types.
• 4e962a8 👹 Feed the hobgoblins (delint).
• 6a30ab9 Allow initial currsize to be greater than one (as happens when running the te...
• Additional commits viewable in compare view

• 0c28fe5 release 9.9.0
• b33b134 whats new 9.9 (#15113)
• 3841c05 whats new 99
• 0423da8 Stop assuming that memory addresses are signed (#15111)
• 4d0cb19 Stop assuming that memory addresses are signed
• 4d71bcf Fix completions for methods starting with _ (#15106)
• 28d83b9 fix-test
• 74bf6d0 add-end-to-end-test
• e62c4ba fix-completions-for-private-attr
• 11e1f40 Add prompt_toolkit's unix_word_rubout to assignable commands for shortcuts (#...
• Additional commits viewable in compare view

Sourced from nodeenv's releases.

1.10.0 - drop

What's Changed

Fixed bugs 🐛

• Use lowercase lookup for archmap by @​robmoss2k in ekalinin/nodeenv#382

Improvements 🛠

• Add support for Python 3.13 by @​hugovk in ekalinin/nodeenv#367
• Add UV Virtual Environment support by @​Vizonex in ekalinin/nodeenv#386
• Use sh instead of bash by @​WhyNotHugo in ekalinin/nodeenv#389
• Replace additional use of which(1) with shutil.which() by @​mgorny in ekalinin/nodeenv#355

Other Changes

• Support leading v in .node-version by @​nix6839 in ekalinin/nodeenv#359
• Check host platform when finding node version by @​max0x53 in ekalinin/nodeenv#363

New Contributors

• @​hugovk made their first contribution in ekalinin/nodeenv#367
• @​nix6839 made their first contribution in ekalinin/nodeenv#359
• @​max0x53 made their first contribution in ekalinin/nodeenv#363
• @​robmoss2k made their first contribution in ekalinin/nodeenv#382
• @​Vizonex made their first contribution in ekalinin/nodeenv#386
• @​WhyNotHugo made their first contribution in ekalinin/nodeenv#389
• @​mgorny made their first contribution in ekalinin/nodeenv#355

Full Changelog: https://github.com/ekalinin/nodeenv/compare/1.9.1...1.10.0

• 9dee547 chore: bump nodeenv version to 1.10.0
• d45aabb chore: add pyright ignore comments for compatibility
• 55d6c21 chore: update AUTHORS
• 5f694e6 test: update test test_node_system_creates_shim
• fa3fdfb Merge branch 'master' of github.com:ekalinin/nodeenv
• e868dbe Replace additional use of which(1) with shutil.which() (#355)
• b4cd00d test: enhance activation tests for nodeenv with custom prompts and file handling
• 0b5ea9d refactor(tests): improve readability of mock patches in nodeenv tests
• 37c0c30 ci: add GH workflow for testing and coverage in PR
• 326a7a4 test: add comprehensive tests for install_npm and install_npm_win functions
• Additional commits viewable in compare view

Sourced from pre-commit's releases.

pre-commit v4.5.1

Fixes

• Fix language: python with repo: local without additional_dependencies.
  • #3597 PR by @​asottile.

Sourced from pre-commit's changelog.

4.5.1 - 2025-12-16

Fixes

• Fix language: python with repo: local without additional_dependencies.
  • #3597 PR by @​asottile.

• 8a0630c v4.5.1
• fcbc745 Merge pull request #3597 from pre-commit/empty-setup-py
• 51592ee fix python local template when artifact dirs are present
• 67e8faf Merge pull request #3596 from pre-commit/pre-commit-ci-update-config
• c251e6b [pre-commit.ci] pre-commit autoupdate
• 98ccafa Merge pull request #3593 from pre-commit/pre-commit-ci-update-config
• 4895355 [pre-commit.ci] pre-commit autoupdate
• 2cedd58 Merge pull request #3588 from pre-commit/pre-commit-ci-update-config
• 465192d [pre-commit.ci] pre-commit autoupdate
• fd42f96 Merge pull request #3586 from pre-commit/zipapp-sha256-file-not-needed
• Additional commits viewable in compare view

Sourced from pyparsing's changelog.

Version 3.3.1 - December, 2025

• Added license info to metadata, following PEP-639. Thanks to Gedalia Pasternak and Marc Mueller for submitted issue and PR. Fixes #626.

Version 3.3.0 - December, 2025

=========================================================================================== The version 3.3.0 release will begin emitting DeprecationWarnings for pyparsing methods that have been renamed to PEP8-compliant names (introduced in pyparsing 3.0.0, in August, 2021, with legacy names retained as aliases). In preparation, I added in pyparsing 3.2.2 a utility for finding and replacing the legacy method names with the new names. This utility is located at pyparsing/tools/cvt_pep8_names.py. This script will scan all Python files specified on the command line, and if the -u option is selected, will replace all occurrences of the old method names with the new PEP8-compliant names, updating the files in place.

Here is an example that converts all the files in the pyparsing /examples directory:

  python -m pyparsing.tools.cvt_pyparsing_pep8_names -u examples/*.py

The new names are compatible with pyparsing versions 3.0.0 and later.

• Deprecated indentedBlock, when converted using the cvt_pyparsing_pep8_names utility, will emit UserWarnings that additional code changes will be required. This is because the new IndentedBlock class no longer requires the calling code to supply an indent stack, while adding support for nested indentation levels and grouping.

• Deprecated locatedExpr, when converted using the cvt_pyparsing_pep8_names utility, will emit UserWarnings that additional code changes may be required. The new Located class removes the extra grouping level of the parsed values. (If the original locatedExpr parser was defined with a results name, then the extra grouping is retained, so that the results name nesting works properly; in this case, no code changes would be required.)

• Updated all examples and test cases to use PEP8 names (unless the test case is specifically designed to test behavior of a legacy method). Added railroad diagrams for some examples.

• Added exception handling when calling formatted_message(), so that str(exception) always returns at least something.

• All unit tests pass with Python 3.14, including 3.14t. This does not necessarily mean that pyparsing is now thread-safe, just that when run in the free-threaded interpreter, there were no errors. None of the unit tests try to do any parsing with multiple threads - they test the basic functionality of the library, under various versions of packrat and left-recursive parsing.

... (truncated)

• d73ce7a Update CHANGES file to reflect PR 627
• 1089724 Mark for 3.3.1 dev/release
• 421d20a Update license metadata to follow PEP 639
• e4895d3 Reduced recursive grammar in tiny_parser.py to avoid
• b6b0111 Blackening before releasing
• 7fbbcbd Revert transform_string perf penalty in _flatten (introduced in 3.2.0b2)
• 336647a Update perf scripts to run additional 3.2.x releases
• 6413afc Prep for 3.3.0 release
• 9223660 Added copyright line to LICENSE file
• 92d8368 Remove obsolete comment
• Additional commits viewable in compare view

Sourced from tox's releases.

4.34.1

What's Changed

• fix: wheel corruption when running parallel tox processes by @​gaborbernat in tox-dev/tox#3667

Full Changelog: https://github.com/tox-dev/tox/compare/4.34.0...4.34.1

4.34.0

What's Changed

• feat: Support depenedcy groups with self references by @​Czaki in tox-dev/tox#3666

Full Changelog: https://github.com/tox-dev/tox/compare/4.33.0...4.34.0

4.33.0

What's Changed

• Pass LOCALAPPDATA by default on Windows (#3639) by @​clint-lawrence in tox-dev/tox#3640
• Docs: Add caution about ranges like py{39-314} by @​ferdnyc in tox-dev/tox#3652
• CLI Parser: Drop epilog message for Sphinx help by @​ferdnyc in tox-dev/tox#3653
• 📚 Integrate sphinx-issues extension by @​webknjaz in tox-dev/tox#3655
• Fix sphinx doc build by @​gaborbernat in tox-dev/tox#3662
• feat: add conditional set_env support via PEP-496 markers by @​gaborbernat in tox-dev/tox#3663

New Contributors

• @​clint-lawrence made their first contribution in tox-dev/tox#3640
• @​ferdnyc made their first contribution in tox-dev/tox#3652

Full Changelog: https://github.com/tox-dev/tox/compare/4.32.0...4.33.0

Sourced from tox's changelog.

v4.34.1 (2026-01-09)

Bugfixes - 4.34.1

- Fix wheel corruption errors when the build backend updates the file in place - by :user:`gaborbernat`. (:issue:`3667`)
v4.34.0 (2026-01-08)
Features - 4.34.0

• Support installing extras from the current project in dependency groups. -- by :user:czaki. (:issue:3561)

v4.33.0 (2026-01-02)

Features - 4.33.0

- Add support for conditional ``set_env`` using PEP-496 environment markers. In INI format use
  ``VAR=value; marker`` syntax, in TOML format use ``set_env.VAR = { value = "...", marker = "..." }``
  -- by :user:`gaborbernat`. (:issue:`3663`)
Bugfixes - 4.33.0

• Added 'LocalAppData' to the default passed environment variables on Windows. (:issue:3639)

Improved Documentation - 4.33.0

- Sphinx is now set up to use :pypi:`sphinx-issues` for referencing
  GitHub issues and pull requests in the docs -- by :user:`webknjaz`. (:issue:`3202`)

• abd774e release 4.34.1
• 96658e0 fix: use copy instead of hard link for session package views (#3667)
• 078a0f8 release 4.34.0
• e8a7c03 feat: Support depenedcy groups with self references (#3666)
• 8a69efd Update weekly.yaml
• 9c5fe79 release 4.33.0
• c569868 feat: add conditional set_env support via PEP-508 markers (#3663)
• 7b9610e fix: update for Sphinx 9.1 compatibility (#3662)
• fa51801 [pre-commit.ci] pre-commit autoupdate (#3661)
• 29cdaab [pre-commit.ci] pre-commit autoupdate (#3659)
• Additional commits viewable in compare view

Sourced from virtualenv's releases.

20.36.1

What's Changed

• release 20.36.0 by @​gaborbernat in pypa/virtualenv#3011
• fix: resolve TOCTOU vulnerabilities in app_data and lock directory creation by @​gaborbernat in pypa/virtualenv#3013

Full Changelog: https://github.com/pypa/virtualenv/compare/20.36.0...20.36.1

20.36.0

What's Changed

• release 20.35.3 by @​gaborbernat in pypa/virtualenv#2981
• fix: Prevent NameError when accessing _DISTUTILS_PATCH during file ov… by @​gracetyy in pypa/virtualenv#2982
• Upgrade pip and fix 3.15 picking old wheel by @​gaborbernat in pypa/virtualenv#2989
• release 20.35.4 by @​gaborbernat in pypa/virtualenv#2990
• fix: wrong path on migrated venv by @​sk1234567891 in pypa/virtualenv#2996
• test_too_many_open_files: assert on errno.EMFILE instead of strerror by @​pltrz in pypa/virtualenv#3001
• fix: update filelock dependency version to 3.20.1 to fix CVE CVE-2025-68146 by @​pythonhubdev in pypa/virtualenv#3002
• fix: resolve EncodingWarning in tox upgrade environment by @​gaborbernat in pypa/virtualenv#3007
• Fix Interpreter discovery bug wrt. Microsoft Store shortcut using Latin-1 by @​rahuldevikar in pypa/virtualenv#3006
• Add support for PEP 440 version specifiers in the --python flag. by @​rahuldevikar in pypa/virtualenv#3008

New Contributors

• @​gracetyy made their first contribution in pypa/virtualenv#2982
• @​sk1234567891 made their first contribution in pypa/virtualenv#2996
• @​pltrz made their first contribution in pypa/virtualenv#3001
• @​pythonhubdev made their first contribution in pypa/virtualenv#3002
• @​rahuldevikar made their first contribution in pypa/virtualenv#3006

Full Changelog: https://github.com/pypa/virtualenv/compare/20.35.3...20.36.0

Sourced from virtualenv's changelog.

v20.36.1 (2026-01-09)

Bugfixes - 20.36.1

- Fix TOCTOU vulnerabilities in app_data and lock directory creation that could be exploited via symlink attacks - reported by :user:`tsigouris007`, fixed by :user:`gaborbernat`. (:issue:`3013`)
v20.36.0 (2026-01-07)
Features - 20.36.0

• Add support for PEP 440 version specifiers in the --python flag. Users can now specify Python versions using operators like >=, <=, ~=, etc. For example: virtualenv --python=">=3.12" myenv . (:issue:2994`)

• d0ad11d release 20.36.1
• dec4cec Merge pull request #3013 from gaborbernat/fix-sec
• 5fe5d38 release 20.36.0 (#3011)
• 9719376 release 20.36.0
• 0276db6 Add support for PEP 440 version specifiers in the --python flag. (#3008)
• 4f900c2 Fix Interpreter discovery bug wrt. Microsoft Store shortcut using Latin-1 (#3...
• 13afcc6 fix: resolve EncodingWarning in tox upgrade environment (#3007)
• 31b5d31 [pre-commit.ci] pre-commit autoupdate (#2997)
• 7c28422 fix: update filelock dependency version to 3.20.1 to fix CVE CVE-2025-68146 (...
• 365628c test_too_many_open_files: assert on errno.EMFILE instead of strerror (#3001)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions