chore: merge next release

.github/workflows/_build.yaml

@@ -55,7 +55,7 @@ jobs:
     steps:
 
     - name: Harden Runner
-      uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+      uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
         disable-sudo: true
@@ -134,7 +134,7 @@ jobs:
     # Currently reusable workflows do not support setting strategy property from the caller workflow.
     - name: Upload the package artifact for debugging and release
       if: matrix.os == env.ARTIFACT_OS && matrix.python == env.ARTIFACT_PYTHON
-      uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+      uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
       with:
         name: artifact-${{ matrix.os }}-python-${{ matrix.python }}
         path: dist

.github/workflows/_generate-rebase.yaml

@@ -34,7 +34,7 @@ jobs:
     steps:
 
     - name: Harden Runner
-      uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+      uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 

.github/workflows/_wiki-documentation.yaml

@@ -41,7 +41,7 @@ jobs:
     steps:
 
     - name: Harden Runner
-      uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+      uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
         disable-sudo: true

.github/workflows/codeql-analysis.yaml

@@ -37,7 +37,7 @@ jobs:
     steps:
 
     - name: Harden Runner
-      uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+      uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
         disable-sudo: true
@@ -58,7 +58,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
+      uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
       with:
         languages: ${{ matrix.language }}
         config-file: .github/codeql/codeql-config.yaml
@@ -71,4 +71,4 @@ jobs:
         # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
+      uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0

.github/workflows/pr-conventional-commits.yaml

@@ -36,7 +36,7 @@ jobs:
     - name: Set up Commitizen
       run: |
         pip install --upgrade pip wheel
-        pip install 'commitizen ==3.31.0'
+        pip install 'commitizen ==4.1.0'
 
     # Run Commitizen to check the title of the PR which triggered this workflow, and check
     # all commit messages of the PR's branch. If any of the checks fails then this job fails.

.github/workflows/release.yaml

@@ -30,7 +30,7 @@ jobs:
     steps:
 
     - name: Harden Runner
-      uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+      uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
         disable-sudo: true
@@ -49,7 +49,7 @@ jobs:
     - name: Set up Commitizen
       run: |
         pip install --upgrade pip wheel
-        pip install 'commitizen ==3.31.0'
+        pip install 'commitizen ==4.1.0'
 
     - name: Set up user
       run: |
@@ -98,7 +98,7 @@ jobs:
     steps:
 
     - name: Harden Runner
-      uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+      uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
         disable-sudo: true
@@ -133,7 +133,7 @@ jobs:
     - name: Set up Commitizen
       run: |
         pip install --upgrade pip wheel
-        pip install 'commitizen ==3.31.0'
+        pip install 'commitizen ==4.1.0'
 
     - name: Create Release Notes
       run: cz changelog --dry-run "$(cz version --project)" > RELEASE_NOTES.md
@@ -199,7 +199,7 @@ jobs:
     steps:
 
     - name: Harden Runner
-      uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+      uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
         disable-sudo: true

.github/workflows/scorecards-analysis.yaml

@@ -26,7 +26,7 @@ jobs:
     steps:
 
     - name: Harden Runner
-      uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+      uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
         disable-sudo: true
@@ -52,13 +52,13 @@ jobs:
 
     # Upload the results as artifacts (optional).
     - name: Upload artifact
-      uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+      uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
       with:
         name: SARIF file
         path: results.sarif
 
     # Upload the results to GitHub's code scanning dashboard.
     - name: Upload to code-scanning
-      uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
+      uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
       with:
         sarif_file: results.sarif

.pre-commit-config.yaml

@@ -15,7 +15,7 @@ repos:
 
 # Commitizen enforces semantic and conventional commit messages.
 - repo: https://github.com/commitizen-tools/commitizen
-  rev: v3.31.0
+  rev: v4.1.0
   hooks:
   - id: commitizen
     name: Check conventional commit message
@@ -28,6 +28,7 @@ repos:
   - id: isort
     name: Sort import statements
     args: [--settings-path, pyproject.toml]
+    stages: [pre-commit]
 
 # Add Black code formatters.
 - repo: https://github.com/ambv/black

Makefile

@@ -150,7 +150,7 @@ audit:
 	python -m pip_audit --skip-editable --desc on --fix --dry-run
 
 # Run some or all checks over the package code base.
-.PHONY: check check-code check-bandit check-flake8 check-lint check-mypy
+.PHONY: check check-code check-bandit check-flake8 check-lint check-mypy check-actionlint
 check-code: check-bandit check-flake8 check-lint check-mypy check-actionlint
 check-bandit:
 	pre-commit run bandit --all-files
@@ -232,11 +232,13 @@ clean: dist-clean
 	rm -fr docs/_build/
 
 # Remove code caches, or the entire virtual environment.
-.PHONY: nuke-caches nuke
-nuke-caches: clean
+.PHONY: nuke-git-hooks nuke-caches nuke
+nuke-git-hooks:
+	find .git/hooks/ -type f ! -name '*.sample' -exec rm -fr {} +
+nuke-caches:
 	find src/ -type d -name __pycache__ -exec rm -fr {} +
 	find tests/ -type d -name __pycache__ -exec rm -fr {} +
-nuke: nuke-caches
+nuke: clean nuke-git-hooks nuke-caches
 	if [ ! -z "${VIRTUAL_ENV}" ]; then \
 	  echo "Please deactivate the virtual environment first!" && exit 1; \
 	fi

pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "flit_core.buildapi"
 
 [project]
 name = "package"
-requires-python = ">=3.10"
+requires-python = ">=3.10.0,<3.14.0"
 authors = [{name = "Author", email = "author@email"}]
 maintainers = [{name = "Maintainer", email = "maintainer@email"}]
 dynamic = ["version", "description"]
@@ -41,12 +41,12 @@ something = "package.__main__:main"
 # We keep them listed here to ensure the infrastructure BOM is consistent with what's
 # installed. Make sure to keep the requirements in sync with the workflows!
 actions = [
-    "commitizen ==3.31.0",
-    "twine ==5.1.1",
+    "commitizen ==4.1.0",
+    "twine ==6.0.1",
 ]
 dev = [
     "flit >=3.2.0,<4.0.0",
-    "mypy >=1.0.0,<1.14",
+    "mypy >=1.0.0,<1.15",
     "pip-audit >=2.4.4,<3.0.0",
     "pylint >=3.0.0,<3.4.0",
     "perflint >=0.8.0,<1.0.0",
@@ -61,11 +61,11 @@ hooks = [
 ]
 # Note that the `custom_exit_code` and `env` plugins may currently be unmaintained.
 test = [
-    "hypothesis >=6.21.0,<6.119.4",
+    "hypothesis >=6.21.0,<6.122.8",
     "pytest >=7.2.0,<9.0.0",
     "pytest-custom_exit_code ==0.3.0",
     "pytest-cov ==6.0.0",
-    "pytest-doctestplus ==1.2.1",
+    "pytest-doctestplus ==1.3.0",
     "pytest-env ==1.1.5",
 ]
 
@@ -251,7 +251,7 @@ max-line-length = 120
 # https://github.com/yashtodi94/pytest-custom_exit_code
 [tool.pytest.ini_options]
 minversion = "7.0"
-addopts = """-vv -ra --tb native \
+addopts = """-vv -ra --tb native --durations 0 \
     --hypothesis-show-statistics --hypothesis-explain --hypothesis-verbosity verbose \
     --doctest-modules --doctest-continue-on-failure --doctest-glob '*.rst' --doctest-plus \
     --suppress-no-test-exit-code \