Bump the python group with 4 updates

[dependabot]

Updates the requirements on tox, pytest, flake8 and hatchling to permit the latest version.
Updates tox to 4.52.1

Release notes

Sourced from tox's releases.

v4.52.1

What's Changed

• use normalize_isa for architecture factor matching by @​rahuldevikar in tox-dev/tox#3919
• 🐛 fix(pip): invalidate install cache on resolution env var changes by @​gaborbernat in tox-dev/tox#3921

Full Changelog: tox-dev/tox@4.52.0...4.52.1

Changelog

Sourced from tox's changelog.

Bug fixes - 4.52.1

• Changing a resolution-affecting environment variable via set_env (e.g. PIP_INDEX_URL) now invalidates the install cache and triggers a reinstall, rather than incorrectly reusing the cached environment - by :user:gaborbernat. (:issue:3917)
• Use normalize_isa from python-discovery for architecture factor matching, supporting aliases like i686 → x86 and aarch64 → arm64 - by :user:rahuldevikar. (:issue:3919)

---

v4.52.0 (2026-03-30)

---

Features - 4.52.0

• Add virtualenv-pep-723 runner that reads dependencies and Python version from :PEP:723 inline script metadata — no need to duplicate them in tox config - by :user:gaborbernat. (:issue:3897)
• Support escaped dots (\.) in -x/--override keys, allowing overrides to target environments with dots in their names such as py3.14 - by :user:gaborbernat. (:issue:3910)

Bug fixes - 4.52.0

• Auto-generate the manpage from the CLI argparse parser at wheel build time, fixing broken section headers and documenting all commands and options - by :user:gaborbernat. (:issue:3878)

Miscellaneous internal changes - 4.52.0

• Remove unsupported --remote flag from gh repo fork in the update-schemastore workflow, as recent versions of gh no longer accept it - by :user:rahuldevikar. (:issue:3908)

---

v4.51.0 (2026-03-27)

---

Features - 4.51.0

• Add base_python_file configuration option to read the base Python version from a file (e.g. .python-version), similar to GitHub Actions' python-version-file - by :user:rahuldevikar (:issue:3894)

Bug fixes - 4.51.0

• Prevent implicit machine ISA (e.g. arm64, x86_64) from overriding explicit architecture factors in environment names, fixing cross-architecture conflicts in multiline factor conditionals - by :user:rahuldevikar. (:issue:3903)
• Nested environment list configuration values are now properly parsed, validated and expanded by the TOML parser. This allows you to use generative environment lists in tox-gh via the TOML format. Previously this was only possible

... (truncated)

Commits

• 71ef9bf release 4.52.1
• d15c8fa 🐛 fix(pip): invalidate install cache on resolution env var changes (#3921)
• c1add25 build(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (#3920)
• 1866b9d use normalize_isa for architecture factor matching (#3919)
• ec77d9f [pre-commit.ci] pre-commit autoupdate (#3918)
• e7052a6 build(deps): bump astral-sh/setup-uv from 7.6.0 to 8.0.0 (#3915)
• d83d577 release 4.52.0
• da0f890 ✨ feat(runner): add PEP 723 inline script metadata support (#3912)
• b232d2d 🐛 fix(docs): auto-generate manpage from CLI parser (#3911)
• 84958f7 [pre-commit.ci] pre-commit autoupdate (#3909)
• Additional commits viewable in compare view

Updates pytest to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

• #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

• #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

  Previously this resulted in an internal assertion failure during plugin loading.

  Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

• #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

• #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

• #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

• #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
• #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
• #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
• #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

• #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

  -- by aleguy02

Commits

• a7d58d7 Prepare release version 9.0.3
• 089d981 Merge pull request #14366 from bluetech/revert-14193-backport
• 8127eaf Revert "Fix: assertrepr_compare respects dict insertion order (#14050) (#14193)"
• 99a7e60 Merge pull request #14363 from pytest-dev/patchback/backports/9.0.x/95d8423bd...
• ddee02a Merge pull request #14343 from bluetech/cve-2025-71176-simple
• 74eac69 doc: Update training info (#14298) (#14301)
• f92dee7 Merge pull request #14267 from pytest-dev/patchback/backports/9.0.x/d6fa26c62...
• 7ee58ac Merge pull request #12378 from Pierre-Sassoulas/fix-implicit-str-concat-and-d...
• 37da870 Merge pull request #14259 from mitre88/patch-4 (#14268)
• c34bfa3 Add explanation for string context diffs (#14257) (#14266)
• Additional commits viewable in compare view

Updates flake8 to 7.3.0

Commits

• c48217e Release 7.3.0
• f9e0f33 Merge pull request #1986 from PyCQA/document-f542
• 6bcdb62 document F542
• 70a15b8 Merge pull request #1985 from PyCQA/upgrade-deps
• 4941a3e upgrade pyflakes / pycodestyle
• 23e4005 Merge pull request #1983 from PyCQA/py314
• 019424b add support for t-strings
• 6b6f3d5 Merge pull request #1980 from PyCQA/asottile-patch-1
• 8dfa669 add rtd sphinx config
• ce34111 Merge pull request #1976 from PyCQA/document-f824
• Additional commits viewable in compare view

Updates hatchling to 1.29.0

Release notes

Sourced from hatchling's releases.

Hatchling v1.29.0

Fixed:

• Source Date Epoch no longer fails when set to date before 1980.

Commits

• 1a74daa Noqa release command to unblock GHA for PRs
• 78065f4 For Immutable Releases (#2188)
• 592c0a9 release Hatchling v1.29.0 (#2186)
• 874059b Prerelease doc updates. (#2183)
• 0e31bb6 Immutable releases ci (#2182)
• f400be1 Support a SOURCE_DATE_EPOCH prior to 1980 (#1999)
• 47b55ce Fixing failing tests for changes in Rich markdown rendering (#2172)
• cc4acd6 Add a note guiding users to include SBOM files in the source distribution (#2...
• 9068758 Fix #2164 keep_env type error for hatch shell (#2165)
• bc31cfc Fix warning and tests with packaging 26.0 (#2159)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[Copilot]

Pull request overview

This PR updates the Python toolchain dependency constraints in pyproject.toml to allow newer versions of key developer tools (tox, pytest, flake8, hatchling).

Changes:

• Bump build-system.requires hatchling minimum version to >=1.29.0.
• Bump dependency-groups minimum versions for tox, pytest, and flake8.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.