Bump the python-packages group with 4 updates

[dependabot]

Bumps the python-packages group with 4 updates: sqlalchemy, faker, coverage and mypy.

Updates sqlalchemy from 2.0.41 to 2.0.42

Release notes

Sourced from sqlalchemy's releases.

2.0.42

Released: July 29, 2025

orm

• [orm] [usecase] Added dataclass_metadata argument to all ORM attribute constructors that accept dataclasses parameters, e.g. mapped_column.dataclass_metadata, relationship.dataclass_metadata, etc. It's passed to the underlying dataclass metadata attribute of the dataclass field. Pull request courtesy Sigmund Lahn.

  References: #10674

• [orm] [bug] Implemented the _orm.defer(), _orm.undefer() and _orm.load_only() loader options to work for composite attributes, a use case that had never been supported previously.

  References: #12593

• [orm] [bug] Fixed bug where the ORM would pull in the wrong column into an UPDATE when a key name inside of the ValuesBase.values() method could be located from an ORM entity mentioned in the statement, but where that ORM entity was not the actual table that the statement was inserting or updating. An extra check for this edge case is added to avoid this problem.

  References: #12692

engine

• [engine] Improved validation of execution parameters passed to the _engine.Connection.execute() and similar methods to provided a better error when tuples are passed in. Previously the execution would fail with a difficult to understand error message.

sql

• [sql] [usecase] The _sql.values() construct gains a new method _sql.Values.cte(), which allows creation of a named, explicit-columns CTE against an unnamed VALUES expression, producing a syntax that allows column-oriented selection from a VALUES construct on modern versions of PostgreSQL, SQLite, and MariaDB.

  References: #12734

• [sql] [bug] Fixed issue where select() of a free-standing scalar expression that

... (truncated)

Commits

• See full diff in compare view

Updates faker from 37.4.2 to 37.5.3

Release notes

Sourced from faker's releases.

Release v37.5.3

See CHANGELOG.md.

Release v37.5.2

See CHANGELOG.md.

Release v37.5.1

See CHANGELOG.md.

Release v37.5.0

See CHANGELOG.md.

Release v37.4.3

See CHANGELOG.md.

Changelog

Sourced from faker's changelog.

v37.5.3 - 2025-07-30

• Allow Decimal type for min_value and max_value in pydecimal. Thanks @​sshishov.

v37.5.2 - 2025-07-30

• Fix Turkish Republic National Number (TCKN) provider. Thanks @​fleizean.

v37.5.1 - 2025-07-30

• Fix unnatural Korean company names in ko_KR locale. Thanks @​r-4bb1t.

v37.5.0 - 2025-07-30

• Add Spanish lorem provider for es_ES, es_AR and es_MX. Thanks @​Pandede.

v37.4.3 - 2025-07-30

• Fix male names in sv_SE locale. Thanks @​peterk.

Commits

• c7db7f5 Bump version: 37.5.2 → 37.5.3
• f4fbe8f 📝 Update CHANGELOG.md
• 2a55697 format code
• 614e325 Placate mypy
• f8e5d86 fix(pydecimal): allow Decimal type for min_value and max_value in `pyde...
• 4cf2671 Bump version: 37.5.1 → 37.5.2
• fecc037 📝 Update CHANGELOG.md
• 3e94c67 Fix Turkish Republic National Number (TCKN) provider (#2232)
• 867b08e more samples
• 5acc936 update stubs
• Additional commits viewable in compare view

Updates coverage from 7.10.1 to 7.10.2

Changelog

Sourced from coverage's changelog.

Version 7.10.2 — 2025-08-03

• Fix: some code with NOP bytecodes could report missing branches that are actually executed. This is now fixed, closing issue 1999_. Python 3.9 still shows the problem.

.. _issue 1999: nedbat/coveragepy#1999

.. _changes_7-10-1:

Commits

• a867852 docs: sample HTML for 7.10.2
• e7bfabe docs: prep for 7.10.2
• 5dbd736 test: this test often borks metacov, retry it
• b7430fa debug: more convenient run_trace.py
• e2039d0 refactor: less redundancy in branch_trails
• c177731 fix: see through nop bytecodes to get the right arcs. #1999
• 7a83ab0 test: don't try to make pth files when invoked from pth #2011
• 6d8b091 refactor: remove a commented-out line
• fc507ad test: add a case for an extension-less Python file parse error
• 05a6e8d test: no need for skip, we already skip windows
• Additional commits viewable in compare view

Updates mypy from 1.17.0 to 1.17.1

Changelog

Sourced from mypy's changelog.

Mypy 1.17.1

• Retain None as constraints bottom if no bottoms were provided (Stanislav Terliakov, PR 19485)
• Fix "ignored exception in hasattr" in dmypy (Stanislav Terliakov, PR 19428)
• Prevent a crash when InitVar is redefined with a method in a subclass (Stanislav Terliakov, PR 19453)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

• Alexey Makridenko
• Brian Schubert
• Chad Dombrova
• Chainfire
• Charlie Denton
• Charulata
• Christoph Tyralla
• CoolCat467
• Donal Burns
• Guy Wilson
• Ivan Levkivskyi
• johnthagen
• Jukka Lehtosalo
• Łukasz Kwieciński
• Marc Mueller
• Michael J. Sullivan
• Mikhail Golubev
• Sebastian Rittau
• Shantanu
• Stanislav Terliakov
• wyattscarpenter

I’d also like to thank my employer, Dropbox, for supporting mypy development.

Mypy 1.16

We’ve just uploaded mypy 1.16 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Different Property Getter and Setter Types

Mypy now supports using different types for a property getter and setter:

class A:
    _value: int
</tr></table> 

... (truncated)

Commits

• acb2983 Bump version to 1.17.1
• 933c913 Retain None as constraints bottom if no bottoms were provided (#19485)
• 5f4428f Fix "ignored exception in hasattr" in dmypy (#19428)
• 88fdeaa Prevent a crash when InitVar is redefined with a method in a subclass (#19453)
• e44d14f Bump version to 1.17.1+dev
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions