[py] Bump versions and remove unnecessary dev/test dependencies

[cgoldberg]

User description

💥 What does this PR do?

This PR updates all Python dev/test dependencies and generates new lock files (py/requirements_lock.txt, multitool.lock.json) with updated hashes, and removes some unnecessary test dependencies when running bazel.

🔄 Types of changes

• Cleanup
• Dev/Test/Build/CI

---

PR Type

Enhancement

---

Description

• Bump ruff from 0.14.9 to 0.14.10 with updated checksums

• Update Python dev/test dependencies to latest versions

• Remove unnecessary test dependencies from Bazel configuration

• Regenerate lock files with updated package hashes

---

Diagram Walkthrough

flowchart LR
  A["Python Dependencies"] -->|Update versions| B["requirements.txt"]
  A -->|Update hashes| C["requirements_lock.txt"]
  A -->|Update ruff| D["multitool.lock.json"]
  E["Test Dependencies"] -->|Remove unnecessary| F["py/BUILD.bazel"]
  B --> G["Lock Files Generated"]
  C --> G

Loading

File Walkthrough

	Relevant files
Dependencies	multitool.lock.json Upgrade ruff to 0.14.10 with new checksums                              multitool.lock.json Upgrade ruff from version 0.14.9 to 0.14.10 Update SHA256 checksums for all platform-specific ruff binaries Includes updates for Linux (aarch64, x86_64), macOS (aarch64, x86_64), and Windows (x86_64) +10/-10  requirements.txt Update and clean up Python dependencies                                    py/requirements.txt Remove 11 packages: cachetools, chardet, debugpy, distlib, filelock, importlib_metadata (version bump), jaraco.context (version bump), jaraco.functools (version bump), keyring (version bump), platformdirs, py, pyproject-api, tox, virtualenv Add 2 new packages: backports.tarfile, exceptiongroup Update versions for multiple packages: certifi, importlib_metadata, jaraco.context, jaraco.functools, keyring, pytest, secretstorage, urllib3, wsproto +12/-20  requirements_lock.txt Regenerate lock file with updated dependencies                      py/requirements_lock.txt Remove cachetools, chardet, debugpy, distlib, filelock, multidict, platformdirs, py, pyproject-api, tox, virtualenv packages entirely Update version hashes for certifi, exceptiongroup, importlib-metadata, jaraco-context, jaraco-functools, keyring, pytest, secretstorage, urllib3, wsproto Add exceptiongroup to direct requirements Update tomli dependency source from pyproject-api to direct requirement +34/-272
Configuration changes	BUILD.bazel Remove unnecessary test dependencies from Bazel                    py/BUILD.bazel Remove 13 unnecessary test dependencies from TEST_DEPS list Removed packages: attrs, debugpy, idna, iniconfig, importlib_metadata, h11, more-itertools, multidict, outcome, pluggy, py, sortedcontainers, sniffio Keep essential test dependencies: filetype, pytest, pytest-instafail, pytest-trio, pytest-mock, zipp +0/-13    tox.ini Update ruff version in tox configuration                                  py/tox.ini Update ruff version from 0.14.9 to 0.14.10 in linting testenv +1/-1

---

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	re-add pytest plugin dependency Re-add the pluggy requirement to TEST_DEPS as it is a necessary dependency for pytest. py/BUILD.bazel [74-82] TEST_DEPS = [ requirement("filetype"), requirement("pytest"), + requirement("pluggy"), requirement("pytest-instafail"), requirement("pytest-trio"), requirement("pytest-mock"), requirement("zipp"), "@rules_python//python/runfiles", ] [To ensure code accuracy, apply this suggestion manually] Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies that removing the pluggy dependency, which is essential for pytest, will likely break the test suite in a Bazel environment that requires explicit dependency declarations.	High
	add attrs to test dependencies Re-add the attrs requirement to TEST_DEPS to prevent potential import errors during test execution. py/BUILD.bazel [74-82] TEST_DEPS = [ requirement("filetype"), + requirement("attrs"), requirement("pytest"), ... ] [To ensure code accuracy, apply this suggestion manually] Suggestion importance[1-10]: 8 __ Why: The suggestion correctly points out that removing attrs, a common transitive dependency for test utilities, is likely to cause import errors in a strict Bazel environment.	Medium
High-level	Re-evaluate removal of tox dependency The PR removes tox from requirements.txt but updates tox.ini, creating a contradiction. The suggestion is to either restore tox as a dependency or remove tox.ini if it's no longer used. Examples: py/requirements.txt [45] tomli==2.3.0 py/tox.ini [45-46] deps = ruff==0.14.10 Solution Walkthrough: Before: # py/requirements.txt ... tox==4.32.0 ... # py/tox.ini [testenv:linting] deps = ruff==0.14.9 commands = ruff check ... After: # Option 1: Restore tox if it's still used # py/requirements.txt ... tox==<latest_version> ... # py/tox.ini [testenv:linting] deps = ruff==0.14.10 commands = ruff check ... # Option 2: Remove tox.ini if tox is no longer used # (file py/tox.ini is deleted) Suggestion importance[1-10]: 7 __ Why: The suggestion correctly identifies a logical contradiction where tox is removed as a dependency while its configuration file tox.ini is updated, which could break development workflows.	Medium
More