chore(deps): bump the all-dependencies group with 5 updates

[dependabot]

Updates the requirements on structlog, python-multipart, moto[s3], ruff and boto3-stubs[s3] to permit the latest version.
Updates structlog from 25.5.0 to 26.1.0

Release notes

Sourced from structlog's releases.

26.1.0

Highlights

Given how long this release took, it's pretty thicc with nice things all over the board! Apologies for the long release cycle; it's been a victim of the slopocalypse and me trying to navigate my way thru the new normal. Extra big thanks to my sponsors for not abandoning me in these unironically trying times. ❤️

Full changelog below!

Special Thanks

This release would not be possible without my generous sponsors! Thank you to all of you making sustainable maintenance possible! If you would like to join them, go to https://github.com/sponsors/hynek and check out the sweet perks!

Above and Beyond

Variomedia AG (@variomedia), Tidelift (@tidelift), Kraken Tech (@kraken-tech), Klaviyo (@klaviyo), Privacy Solutions GmbH (@privacy-solutions), FilePreviews (@filepreviews), Ecosystems (@ecosyste-ms), TestMu AI Open Source Office (Formerly LambdaTest) (@LambdaTest-Inc), GitHub (@github), Doist (@Doist), Daniel Fortunov (@asqui), and Kevin P. Fleming (@kpfleming).

Maintenance Sustainers

Buttondown (@buttondown), Christopher Dignam (@chdsbd), Magnus Watn (@magnuswatn), David Cramer (@dcramer), Rivo Laks (@rivol), Polar (@polarsource), Mike Fiedler (@miketheman), Duncan Hill (@cricalix), Colin Marquardt (@cmarqu), Pieter Swinkels (@swinkels), Nick Libertini (@libertininick), Brian M. Dennis (@crossjam), Al Sweigart (@asweigart), Celebrity News AG (@celebritynewsag), The Westervelt Company (@westerveltco), Sławomir Ehlert (@slafs), Mostafa Khalil (@khadrawy), Filip Mularczyk (@mukiblejlok), Thomas Klinger (@thmsklngr), Andreas Poehlmann (@ap--), August Trapper Bigelow (@atbigelow), Carlton Gibson (@carltongibson), and Roboflow (@roboflow).

Full Changelog

Removed

• Python 3.8 and 3.9 support.

Deprecated

• Support for better-exceptions is deprecated and will be removed within a year. Use our Rich integration or copy-paste the one line of code you need. #802

Added

• Python 3.15 support. #813

• structlog.dev.rich_monochrome_traceback for Rich-based monochrome exception rendering and add support for it throughout structlog.dev.ConsoleRenderer when the user asks for no colors. #794

• structlog.BytesLogger now has a name attribute which allows you to use it with the structlog.stdlib.add_logger_name() processor without using the standard library integration. #786

• structlog.processors.CallsiteParameterAdder now supports CallsiteParameter.QUAL_MODULE that adds the qualified import name of the module of the callsite, or __main__ if the module is the entry point. This is only available for structlog-originated events since the standard library has no equivalent (except for the convention of setting the logger's name to __name__). #812

• structlog.stdlib.BoundLogger now has is_enabled_for() and get_effective_level() methods that are snake_case aliases for its isEnabledFor() and getEffectiveLevel() methods. This makes it more compatible with the native structlog.typing.FilteringBoundLogger, so you can swap configurations without changing your call sites. #818

Changed

• structlog.dev.ConsoleRenderer does not warn anymore when the exception key has a rendered value despite having a fancy formatter configured. #790

... (truncated)

Changelog

Sourced from structlog's changelog.

26.1.0 - 2026-06-06

Removed

• Python 3.8 and 3.9 support.

Deprecated

• Support for better-exceptions is deprecated and will be removed within a year. Use our Rich integration or copy-paste the one line of code you need. #802

Added

• Python 3.15 support. #813

• structlog.dev.rich_monochrome_traceback for Rich-based monochrome exception rendering and add support for it throughout structlog.dev.ConsoleRenderer when the user asks for no colors. #794

• structlog.BytesLogger now has a name attribute which allows you to use it with the structlog.stdlib.add_logger_name() processor without using the standard library integration. #786

• structlog.processors.CallsiteParameterAdder now supports CallsiteParameter.QUAL_MODULE that adds the qualified import name of the module of the callsite, or __main__ if the module is the entry point. This is only available for structlog-originated events since the standard library has no equivalent (except for the convention of setting the logger's name to __name__). #812

• structlog.stdlib.BoundLogger now has is_enabled_for() and get_effective_level() methods that are snake_case aliases for its isEnabledFor() and getEffectiveLevel() methods. This makes it more compatible with the native structlog.typing.FilteringBoundLogger, so you can swap configurations without changing your call sites. #818

Changed

• structlog.dev.ConsoleRenderer does not warn anymore when the exception key has a rendered value despite having a fancy formatter configured. #790

Fixed

• structlog.BytesLogger, structlog.PrintLogger, and structlog.WriteLogger now hold weak references to the files they use for output. This prevents their leakage in long-running processes that open many logfiles, such as task executors that create a per-task BytesLogger or WriteLogger. #807

• structlog.WriteLogger is usable after unpickling. #787

• structlog.processors.CallsiteParameterAdder now reports the calling thread's id and name for async log methods, instead of the thread from the executor pool that runs the underlying sync logger.

... (truncated)

Commits

• 8174a86 Prepare 26.1.0
• f168bda docs: fix msgspec URL
• 34abbd9 update dev
• 212a694 [pre-commit.ci] pre-commit autoupdate (#820)
• 0eef50d stdlib: Add snake_case shims for isEnabledFor & getEffectiveLevel (#818)
• f194271 docs/stdlib: be direct w/ advising against AsyncBoundLogger
• 72943b3 Add a recipe for customizing exc dict formatting (#817)
• fcdca9f update dev
• fe9858d docs: remove italics
• ba1a178 Add CallsiteParameter.QUAL_MODULE (#812)
• Additional commits viewable in compare view

Updates python-multipart from 0.0.30 to 0.0.32

Release notes

Sourced from python-multipart's releases.

Version 0.0.32

What's Changed

• Replace per-byte partial-boundary scan with rfind lookbehind by @​Kludex in Kludex/python-multipart#300

Full Changelog: Kludex/python-multipart@0.0.31...0.0.32

Version 0.0.31

What's Changed

• Speed up multipart header parsing and callback dispatch by @​Kludex in Kludex/python-multipart#295
• Bound header field name size before validating by @​Kludex in Kludex/python-multipart#296
• Validate Content-Length is non-negative in parse_form by @​Kludex in Kludex/python-multipart#297

Full Changelog: Kludex/python-multipart@0.0.30...0.0.31

Changelog

Sourced from python-multipart's changelog.

0.0.32 (2026-06-04)

• Speed up partial-boundary scanning for CR/LF-dense part data #300.

0.0.31 (2026-06-04)

• Speed up multipart header parsing and callback dispatch #295.
• Bound header field name size before validating #296.
• Validate Content-Length is non-negative in parse_form #297.

Commits

• 238ead6 Version 0.0.32 (#302)
• 8672979 Replace per-byte partial-boundary scan with rfind lookbehind (#300)
• 8190779 Bump the python-packages group with 7 updates (#301)
• 0d3c086 Use uv package ecosystem for Dependabot (#299)
• 4cffc68 Version 0.0.31 (#298)
• c814948 Reject negative Content-Length in parse_form (#297)
• 6b837d4 Bound header field name size before validating (#296)
• e0c4f9d Bump the github-actions group with 3 updates (#294)
• b8a01bb Bump the python-packages group with 3 updates (#293)
• 6732164 Speed up multipart header parsing and callback dispatch (#295)
• See full diff in compare view

Updates moto[s3] to 5.2.2

Changelog

Sourced from moto[s3]'s changelog.

5.2.2

Docker Digest for 5.2.2: sha256:d8ae5edc2bf080e7e4c13f9bd4b29b53ac3b4427e92956318db3dbe23ec43eb7

New Methods:
    * DS:
        * disable_radius()
        * enable_radius()
* KinesisAnalyticsV2:
    * untag_resource()


Logs:

start_live_tail()



SESv2:

update_contact()
update_contact_list()



SWF:

tag_resource()
untag_resource()





Miscellaneous:
* ACM: import_certificate() now accepts certificates without a CN
* ACM: request_certificate() now preserves the default options when not all are provided
* CloudFormation: Created Lambda resources now take the use_docker-configuration into account
* CloudFormation: update_stack_instances() now validates that a StackInstance exists
* Events: create_partner_event_source() now returns the EventSourceArn-attribute
* Route53: list_resource_record_sets() no longer returns a TTL for aliases
* S3: completed_multipart_upload() is now compatible with external tools like PyArrow
* S3: get_object() now supports all Response* headers

5.2.1

Docker Digest for 5.2.1: sha256:fe6575dcd878842124f05d20e4ffde2d1126e1e38ad03e196353b9e53649bcdf

Miscellaneous:
    * DynamoDB: batch_write_item() now correctly handles PUT requests with Binary (B) attributes (broken in 5.2.0)
    * S3: Uploading files no longer fails with 'Unsupported protocol' (broken in 5.2.0)
    * S3: create_multipart_upload() is now compatible with Java SDK again (broken in 5.2.0)
    * Route53: update_health_check() now correctly updates falsy values (broken in 5.2.0)

5.2.0

Docker Digest for 5.2.0: sha256:d8d063e3e704d256cbe8165072fa273c17698be91311e49fc602b7716f459bea

General:

... (truncated)

Commits

• 8375955 Pre-Release: Up Version Number
• 325f859 Prepare release 5.2.2 (#10059)
• a3ced98 S3: get_object() now honors ResponseContentDisposition etc headers (#10057)
• d0cf348 ACM: support certs without CN (#9912)
• cbd409a Bump the go-deps group in /other_langs/tests_go with 6 updates (#10054)
• f47b7b1 Bump the java-deps group in /other_langs/tests_java with 5 updates (#10053)
• 33c406f Bump ruby/setup-ruby from 1.306.0 to 1.310.0 (#10052)
• be0341c S3: fix CompleteMultipartUpload root level XML tag (#10056)
• 0f171e3 chore: update SSM default parameters (#10051)
• 2329a62 chore: update EC2 Instance Offerings (#10048)
• Additional commits viewable in compare view

Updates ruff from 0.15.15 to 0.15.16

Release notes

Sourced from ruff's releases.

0.15.16

Release Notes

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.16

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

Commits

• 6c498ab Bump 0.15.16 (#25635)
• e51e132 [flake8-async] Implement yield-in-context-manager-in-async-generator (`AS...
• 7c6dcd9 [ty] Add caching for pattern match narrowing (#25613)
• 27058fc [ty] Compact retained definition and expression identities (#25606)
• bf80d05 Fix CODEOWNERS syntax (#25622)
• 10ccd51 Shrink additional parser AST collections (#25465)
• 0d7135f [ty] Upgrade Salsa (#25545)
• 49493a3 [ty] Show type alias value on hover (#25381)
• 85207d3 [ty] sys.implementation.version is not sys.version_info (#25608)
• a8a0614 [ty] Avoid retaining duplicate function signatures (#25609)
• Additional commits viewable in compare view

Updates boto3-stubs[s3] to 1.43.24

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions