chore(deps): bump the uv group across 1 directory with 6 updates

[dependabot]

Bumps the uv group with 6 updates in the / directory:

Package	From	To
h11	0.14.0	0.16.0
idna	3.10	3.15
pip	26.0	26.1
pycares	4.5.0	4.9.0
setuptools	75.8.2	78.1.1
uv	0.1.43	0.11.6

Updates h11 from 0.14.0 to 0.16.0

Commits

• 1c5b075 this time for surer
• d9c3699 this time for sure...
• d91b9dd blacken
• 5a4683c Soothe mypy
• 9c9567f Bump version to 0.16.0
• 114803a Merge commit from fork
• 9462006 Bump version to 0.15.0
• 70a96be Merge pull request #181 from Julien00859/Julien00859/get_int_max_str_digits
• 60782ad Reject Content-Length longer 1 billion TB
• dff7cc3 Validate Chunked-Encoding chunk footer
• Additional commits viewable in compare view

Updates idna from 3.10 to 3.15

Changelog

Sourced from idna's changelog.

3.15 (2026-05-12)

• Enforce DNS-length cap on individual labels early in check_label, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.
• Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared _unicode_dots_re from idna.core in the codec module.
• Use raise ... from err for proper exception chaining and switch internal string formatting to f-strings.
• Allow flit_core 4.x in the build backend.
• Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.
• Add Dependabot configuration for GitHub Actions.
• Convert README and HISTORY from reStructuredText to Markdown.
• Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.

Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.

3.14 (2026-05-10)

• Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]

Thanks to Stan Ulbrych for reporting the issue.

3.13 (2026-04-22)

• Correct classification error for codepoint U+A7F1

3.12 (2026-04-21)

• Update to Unicode 17.0.0.
• Issue a deprecation warning for the transitional argument.
• Added lazy-loading to provide some performance improvements.
• Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.

Thanks to Rodrigo Nogueira for contributions to this release.

3.11 (2025-10-12)

• Update to Unicode 16.0.0, including significant changes to UTS46 processing. As a result of Unicode ending support for it, transitional processing no longer has an effect and returns the same result.

... (truncated)

Commits

• af30a09 Release 3.15
• 30314d4 Pre-release 3.15rc0
• 05d4b21 Merge pull request #237 from kjd/convert-docs-to-markdown
• 2987fdb Convert README and HISTORY from reStructuredText to Markdown
• 59fa800 Merge pull request #236 from kjd/dependabot/github_actions/actions-f3e34333ea
• def6983 Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea
• bbd8004 Merge pull request #234 from StanFromIreland/patch-1
• edd07c0 Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group
• 5557db0 Merge branch 'master' into patch-1
• f11746c Merge pull request #235 from StanFromIreland/patch-2
• Additional commits viewable in compare view

Updates pip from 26.0 to 26.1

Changelog

Sourced from pip's changelog.

26.1 (2026-04-26)

Deprecations and Removals

• Drop support for Python 3.9. ([#13795](https://github.com/pypa/pip/issues/13795) <https://github.com/pypa/pip/issues/13795>_)

Features

• Add experimental support to read requirements from standardized pylock.toml files (-r pylock.toml). ([#13876](https://github.com/pypa/pip/issues/13876) <https://github.com/pypa/pip/issues/13876>_)
• Allow --uploaded-prior-to to accept a duration in days (e.g., P3D for 3 days ago). ([#13674](https://github.com/pypa/pip/issues/13674) <https://github.com/pypa/pip/issues/13674>_)

Enhancements

• Speed up dependency resolution when there are complex conflicts. ([#13859](https://github.com/pypa/pip/issues/13859) <https://github.com/pypa/pip/issues/13859>_)
• Reduce memory usage when resolving large dependency trees. ([#13843](https://github.com/pypa/pip/issues/13843) <https://github.com/pypa/pip/issues/13843>_)
• Emit a deprecation warning when pip imports an unexpected module after installation of a distribution has started. ([#13912](https://github.com/pypa/pip/issues/13912) <https://github.com/pypa/pip/issues/13912>_)
• Allow URL constraints to apply to requirements with extras. ([#12018](https://github.com/pypa/pip/issues/12018) <https://github.com/pypa/pip/issues/12018>_)
• Allow unpinned requirements to use hashes from constraints. Constraints like {name}=={version} --hash=... feeds into hash verification for a corresponding requirement. ([#9243](https://github.com/pypa/pip/issues/9243) <https://github.com/pypa/pip/issues/9243>_)
• Improve conflict reports that involve direct URLs. ([#13932](https://github.com/pypa/pip/issues/13932) <https://github.com/pypa/pip/issues/13932>_)
• Show all errors instead of first error for faulty dependency_groups definitions. ([#13917](https://github.com/pypa/pip/issues/13917) <https://github.com/pypa/pip/issues/13917>_)

Bug Fixes

• Fix recovery hint for missing RECORD file to use --ignore-installed instead of --force-reinstall. ([#12645](https://github.com/pypa/pip/issues/12645) <https://github.com/pypa/pip/issues/12645>_)
• Fix misleading error message when a constraint file cannot be opened. ([#13226](https://github.com/pypa/pip/issues/13226) <https://github.com/pypa/pip/issues/13226>_)
• Show the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. ([#13494](https://github.com/pypa/pip/issues/13494) <https://github.com/pypa/pip/issues/13494>_)
• Remove the adjacent __pycache__ directory when a .py file is removed. ([#13725](https://github.com/pypa/pip/issues/13725) <https://github.com/pypa/pip/issues/13725>_)
• Force UTF-8 encoding for :pep:723 metadata. ([#13861](https://github.com/pypa/pip/issues/13861) <https://github.com/pypa/pip/issues/13861>_)
• Minor performance improvement when filtering candidates during resolution. ([#13916](https://github.com/pypa/pip/issues/13916) <https://github.com/pypa/pip/issues/13916>_)
• Fix a hang on Windows when stdout is closed during verbose output. ([#13927](https://github.com/pypa/pip/issues/13927) <https://github.com/pypa/pip/issues/13927>_)
• Common path prefixes are determined by path segment, not character by character. ([#13847](https://github.com/pypa/pip/issues/13847) <https://github.com/pypa/pip/issues/13847>_)
• Fix installing .tar.gz source distributions that look like a zip file. ([#13867](https://github.com/pypa/pip/issues/13867) <https://github.com/pypa/pip/issues/13867>_)

Vendored Libraries

• Upgrade certifi to 2026.2.25
• Upgrade packaging to 26.2
• Upgrade requests to 2.33.1
• Upgrade tomli to 2.3.1
• Upgrade urllib3 to 2.6.3

... (truncated)

Commits

• 90b2b3e Bump for release
• 193f289 Update AUTHORS.txt
• 63c3709 Merge pull request #13876 from sbidoul/install-from-pylock-reqs-sbi
• e5fe702 Merge pull request #13949 from pypa/revert-13888-resolver-editable-links
• 122a14a Revert "Allow editable installs to satisfy direct-URL dependencies (#13888)"
• c335252 -r pylock.toml: add pip-wheel -r pylock.toml test
• ba2fc12 -r pylock.toml: proper error with remote pylock.toml containing directory ent...
• 747c4ae Merge pull request #13948 from ichard26/reword-news
• 3517841 -r pylock: refine filename pylock-ness test
• 2f7ad8c -r pylock.toml: fix crash with pip wheel and pip lock
• Additional commits viewable in compare view

Updates pycares from 4.5.0 to 4.9.0

Commits

• 4c761b4 Set version to 4.9.0
• c4131d5 Add support for windows arm64 (#233)
• ebfd7d7 Fix shutdown race
• ca0a4c9 Pin Python version to 3.13.3 to avoid Windows build error
• b572e28 build(deps): bump pypa/cibuildwheel from 2.22.0 to 2.23.3 (#227)
• 1e2aae0 Create dependabot configuration (#226)
• 1e4bd77 Update README.rst
• 58c5165 USe Python 3.11 to build the docs
• 031e6ad Fix building docs
• 186e278 Rename .readthedocs.yml to .readthedocs.yaml
• Additional commits viewable in compare view

Updates setuptools from 75.8.2 to 78.1.1

Changelog

Sourced from setuptools's changelog.

v78.1.1

Bugfixes

• More fully sanitized the filename in PackageIndex._download. (#4946)

v78.1.0

Features

• Restore access to _get_vc_env with a warning. (#4874)

v78.0.2

Bugfixes

• Postponed removals of deprecated dash-separated and uppercase fields in setup.cfg. All packages with deprecated configurations are advised to move before 2026. (#4911)

v78.0.1

Misc

• #4909

v78.0.0

Bugfixes

• Reverted distutils changes that broke the monkey patching of command classes. (#4902)

Deprecations and Removals

• Setuptools no longer accepts options containing uppercase or dash characters in setup.cfg.

... (truncated)

Commits

• 8e4868a Bump version: 78.1.0 → 78.1.1
• 100e9a6 Merge pull request #4951
• 8faf1d7 Add news fragment.
• 2ca4a9f Rely on re.sub to perform the decision in one expression.
• e409e80 Extract _sanitize method for sanitizing the filename.
• 250a6d1 Add a check to ensure the name resolves relative to the tmpdir.
• d8390fe Extract _resolve_download_filename with test.
• 4e1e893 Merge https://github.com/jaraco/skeleton
• 3a3144f Fix typo: pyproject.license -> project.license (#4931)
• d751068 Fix typo: pyproject.license -> project.license
• Additional commits viewable in compare view

Updates uv from 0.1.43 to 0.11.6

Release notes

Sourced from uv's releases.

0.11.6

Release Notes

Released on 2026-04-09.

This release resolves a low severity security advisory in which wheels with malformed RECORD entries could delete arbitrary files on uninstall. See GHSA-pjjw-68hj-v9mw for details.

Bug fixes

• Do not remove files outside the venv on uninstall (#18942)
• Validate and heal wheel RECORD during installation (#18943)
• Avoid uv cache clean errors due to Win32 path normalization (#18856)

Install uv 0.11.6

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.6/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.6/uv-installer.ps1 | iex"

Download uv 0.11.6

File	Platform	Checksum
uv-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
uv-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
uv-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
uv-i686-pc-windows-msvc.zip	x86 Windows	checksum
uv-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
uv-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
uv-i686-unknown-linux-gnu.tar.gz	x86 Linux	checksum
uv-powerpc64le-unknown-linux-gnu.tar.gz	PPC64LE Linux	checksum
uv-riscv64gc-unknown-linux-gnu.tar.gz	RISCV Linux	checksum
uv-s390x-unknown-linux-gnu.tar.gz	S390x Linux	checksum
uv-x86_64-unknown-linux-gnu.tar.gz	x64 Linux	checksum
uv-armv7-unknown-linux-gnueabihf.tar.gz	ARMv7 Linux	checksum
uv-aarch64-unknown-linux-musl.tar.gz	ARM64 MUSL Linux	checksum
uv-i686-unknown-linux-musl.tar.gz	x86 MUSL Linux	checksum
uv-riscv64gc-unknown-linux-musl.tar.gz	RISCV MUSL Linux	checksum
uv-x86_64-unknown-linux-musl.tar.gz	x64 MUSL Linux	checksum
uv-arm-unknown-linux-musleabihf.tar.gz	ARMv6 MUSL Linux (Hardfloat)	checksum
uv-armv7-unknown-linux-musleabihf.tar.gz	ARMv7 MUSL Linux	checksum

... (truncated)

Changelog

Sourced from uv's changelog.

0.11.6

Released on 2026-04-09.

This release resolves a low severity security advisory in which wheels with malformed RECORD entries could delete arbitrary files on uninstall. See GHSA-pjjw-68hj-v9mw for details.

Bug fixes

• Do not remove files outside the venv on uninstall (#18942)
• Validate and heal wheel RECORD during installation (#18943)
• Avoid uv cache clean errors due to Win32 path normalization (#18856)

0.11.5

Released on 2026-04-08.

Python

• Add CPython 3.13.13, 3.14.4, and 3.15.0a8 (#18908)

Enhancements

• Fix build_system.requires error message (#18911)
• Remove trailing path separators in path normalization (#18915)
• Improve error messages for unsupported or invalid TLS certificates (#18924)

Preview features

• Add exclude-newer to [[tool.uv.index]] (#18839)
• uv audit: add context/warnings for ignored vulnerabilities (#18905)

Bug fixes

• Normalize persisted fork markers before lock equality checks (#18612)
• Clear junction properly when uninstalling Python versions on Windows (#18815)
• Report error cleanly instead of panicking on TLS certificate error (#18904)

Documentation

• Remove the legacy PIP_COMPATIBILITY.md redirect file (#18928)
• Fix uv init example-bare --bare examples (#18822, #18925)

0.11.4

Released on 2026-04-07.

Enhancements

• Add support for --upgrade-group (#18266)
• Merge repeated archive URL hashes by version ID (#18841)

... (truncated)

Commits

• 6595080 Bump version to 0.11.6 (#18948)
• 7983c7a Validate and heal RECORD during installation (#18943)
• b38439b Avoid uv cache clean errors due to Win32 path normalization (#18856)
• a0e461a Do not remove files outside the venv on uninstall (#18942)
• 95eaa68 Bump version to 0.11.5 (#18930)
• f6d67d5 Improve certificate loading error messages (#18924)
• 39b83c3 Add exclude-newer to [[tool.uv.index]] (#18839)
• 7924ba5 uv audit: add context/warnings for ignored vulnerabilities (#18905)
• a352ce0 Remove the legacy PIP_COMPATIBILITY.md redirect file (#18928)
• 33b6338 Normalize persisted fork markers before lock equality checks (#18612)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Coverage Report

File	Stmts	Miss	Cover	Missing
__init__.py	51	28	45%	40–41, 43, 50, 52–53, 58, 60–61, 63, 65–70, 72–73, 82, 84, 89, 94, 98, 100, 102–103, 109, 113
api.py	98	50	48%	59–67, 75–76, 78, 82, 84–87, 89–91, 93, 112, 117, 132, 147–148, 152–153, 157–158, 164, 166, 170–171, 173, 177, 179–180, 183, 185–186, 192–193, 199–201, 204–206, 208
config_flow.py	50	19	62%	41–42, 46–47, 49–53, 55, 70–71, 73–78, 80
const.py	15	0	100%
coordinator.py	53	29	45%	38–39, 42–43, 46–59, 69, 75–76, 84–86, 90, 93–96
models.py	28	0	100%
sensor.py	16	4	75%	130–131, 133, 139
utils.py	24	0	100%
sensors
air_quality_index.py	43	14	67%	17, 49, 56, 66, 75–76, 78, 91, 96, 106, 111, 115–117
parcel_locker_sensor.py	30	10	66%	51, 53–59, 63, 66
sensors/aqi
european.py	78	55	29%	35–89
polish.py	78	55	29%	36–90
TOTAL	564	264	53%

[github-actions]

tests: Run #14

Tests 📝	Passed ✅	Failed ❌	Skipped ⏭️	Pending ⏳	Other ❓	Flaky 🍂	Duration ⏱️
11	9	0	2	0	0	0	7ms

🎉 All tests passed!

Github Test Reporter by CTRF 💚