Update dependency black to v26

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
black (changelog)	^25.0.0 → ^26.0.0

---

Release Notes

psf/black (black)

v26.1.0

Compare Source

Highlights

Introduces the 2026 stable style (#​4892), stabilizing the following changes:

• always_one_newline_after_import: Always force one blank line after import
  statements, except when the line after the import is a comment or an import statement
  (#​4489)
• fix_fmt_skip_in_one_liners: Fix # fmt: skip behavior on one-liner declarations,
  such as def foo(): return "mock" # fmt: skip, where previously the declaration would
  have been incorrectly collapsed (#​4800)
• fix_module_docstring_detection: Fix module docstrings being treated as normal
  strings if preceded by comments (#​4764)
• fix_type_expansion_split: Fix type expansions split in generic functions (#​4777)
• multiline_string_handling: Make expressions involving multiline strings more compact
  (#​1879)
• normalize_cr_newlines: Add \r style newlines to the potential newlines to
  normalize file newlines both from and to (#​4710)
• remove_parens_around_except_types: Remove parentheses around multiple exception
  types in except and except* without as (#​4720)
• remove_parens_from_assignment_lhs: Remove unnecessary parentheses from the left-hand
  side of assignments while preserving magic trailing commas and intentional multiline
  formatting (#​4865)
• standardize_type_comments: Format type comments which have zero or more spaces
  between # and type: or between type: and value to # type: (value) (#​4645)

The following change was not in any previous stable release:

• Regenerated the _width_table.py and added tests for the Khmer language (#​4253)

This release alo bumps pathspec to v1 and fixes inconsistencies with Git's
.gitignore logic (#​4958). Now, files will be ignored if a pattern matches them, even
if the parent directory is directly unignored. For example, Black would previously
format exclude/not_this/foo.py with this .gitignore:

exclude/
!exclude/not_this/

Now, exclude/not_this/foo.py will remain ignored. To ensure exclude/not_this/ and
all of it's children are included in formatting (and in Git), use this .gitignore:

*/exclude/*
!*/exclude/not_this/

This new behavior matches Git. The leading */ are only necessary if you wish to ignore
matching subdirectories (like the previous behavior did), and not just matching root
directories.

Output

• Explicitly shutdown the multiprocessing manager when run in diff mode too (#​4952)

Integrations

• Upgraded PyPI upload workflow to use Trusted Publishing (#​4611)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
⚠️ ACTION	actionlint	4		3	0	0.06s
✅ COPYPASTE	jscpd	yes		no	no	1.18s
⚠️ DOCKERFILE	hadolint	2		1	0	0.09s
✅ JSON	jsonlint	3		0	0	0.44s
✅ JSON	prettier	3	0	0	0	0.44s
✅ JSON	v8r	3		0	0	3.61s
⚠️ MARKDOWN	markdownlint	12	0	17	0	1.03s
✅ MARKDOWN	markdown-table-formatter	12	0	0	0	0.25s
✅ PYTHON	bandit	7		0	0	1.36s
✅ PYTHON	black	7	0	0	0	1.98s
✅ PYTHON	flake8	7		0	0	0.72s
✅ PYTHON	isort	7	0	0	0	0.22s
⚠️ PYTHON	mypy	7		5	0	4.6s
✅ PYTHON	pylint	7		0	0	7.35s
⚠️ PYTHON	pyright	7		4	0	6.1s
✅ PYTHON	ruff	7	0	0	0	0.06s
✅ REPOSITORY	checkov	yes		no	no	17.67s
✅ REPOSITORY	gitleaks	yes		no	no	16.1s
✅ REPOSITORY	git_diff	yes		no	no	0.02s
⚠️ REPOSITORY	grype	yes		11	no	39.96s
✅ REPOSITORY	secretlint	yes		no	no	0.71s
✅ REPOSITORY	syft	yes		no	no	2.14s
❌ REPOSITORY	trivy	yes		1	no	11.26s
✅ REPOSITORY	trivy-sbom	yes		no	no	5.39s
✅ REPOSITORY	trufflehog	yes		no	no	4.72s
✅ SPELL	cspell	49		0	0	3.68s
⚠️ SPELL	lychee	30		2	0	3.3s
✅ YAML	prettier	15	0	0	0	0.67s
✅ YAML	v8r	15		0	0	7.17s
✅ YAML	yamllint	15		0	0	0.45s

Detailed Issues

❌ REPOSITORY / trivy - 1 error

2026-01-18T05:14:35Z	INFO	[vulndb] Need to update DB
2026-01-18T05:14:35Z	INFO	[vulndb] Downloading vulnerability DB...
2026-01-18T05:14:35Z	INFO	[vulndb] Downloading artifact...	repo="mirror.gcr.io/aquasec/trivy-db:2"
24.55 MiB / 78.83 MiB [------------------>__________________________________________] 31.14% ? p/s ?55.72 MiB / 78.83 MiB [------------------------------------------->_________________] 70.68% ? p/s ?78.83 MiB / 78.83 MiB [----------------------------------------------------------->] 100.00% ? p/s ?78.83 MiB / 78.83 MiB [---------------------------------------------->] 100.00% 90.44 MiB p/s ETA 0s78.83 MiB / 78.83 MiB [---------------------------------------------->] 100.00% 90.44 MiB p/s ETA 0s78.83 MiB / 78.83 MiB [---------------------------------------------->] 100.00% 90.44 MiB p/s ETA 0s78.83 MiB / 78.83 MiB [---------------------------------------------->] 100.00% 84.61 MiB p/s ETA 0s78.83 MiB / 78.83 MiB [---------------------------------------------->] 100.00% 84.61 MiB p/s ETA 0s78.83 MiB / 78.83 MiB [---------------------------------------------->] 100.00% 84.61 MiB p/s ETA 0s78.83 MiB / 78.83 MiB [---------------------------------------------->] 100.00% 79.15 MiB p/s ETA 0s78.83 MiB / 78.83 MiB [---------------------------------------------->] 100.00% 79.15 MiB p/s ETA 0s78.83 MiB / 78.83 MiB [---------------------------------------------->] 100.00% 79.15 MiB p/s ETA 0s78.83 MiB / 78.83 MiB [---------------------------------------------->] 100.00% 74.04 MiB p/s ETA 0s78.83 MiB / 78.83 MiB [---------------------------------------------->] 100.00% 74.04 MiB p/s ETA 0s78.83 MiB / 78.83 MiB [---------------------------------------------->] 100.00% 74.04 MiB p/s ETA 0s78.83 MiB / 78.83 MiB [---------------------------------------------->] 100.00% 69.27 MiB p/s ETA 0s78.83 MiB / 78.83 MiB [---------------------------------------------->] 100.00% 69.27 MiB p/s ETA 0s78.83 MiB / 78.83 MiB [---------------------------------------------->] 100.00% 69.27 MiB p/s ETA 0s78.83 MiB / 78.83 MiB [---------------------------------------------->] 100.00% 64.80 MiB p/s ETA 0s78.83 MiB / 78.83 MiB [---------------------------------------------->] 100.00% 64.80 MiB p/s ETA 0s78.83 MiB / 78.83 MiB [---------------------------------------------->] 100.00% 64.80 MiB p/s ETA 0s78.83 MiB / 78.83 MiB [-------------------------------------------------] 100.00% 18.88 MiB p/s 4.4s2026-01-18T05:14:40Z	INFO	[vulndb] Artifact successfully downloaded	repo="mirror.gcr.io/aquasec/trivy-db:2"
2026-01-18T05:14:40Z	INFO	[vuln] Vulnerability scanning is enabled
2026-01-18T05:14:40Z	INFO	[misconfig] Misconfiguration scanning is enabled
2026-01-18T05:14:40Z	INFO	[misconfig] Need to update the checks bundle
2026-01-18T05:14:40Z	INFO	[misconfig] Downloading the checks bundle...
165.46 KiB / 165.46 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2026-01-18T05:14:45Z	INFO	[python] Licenses acquired from one or more METADATA files may be subject to additional terms. Use `--debug` flag to see all affected packages.
2026-01-18T05:14:45Z	INFO	Suppressing dependencies for development and testing. To display them, try the '--include-dev-deps' flag.
2026-01-18T05:14:45Z	INFO	Number of language-specific files	num=2
2026-01-18T05:14:45Z	INFO	[pip] Detecting vulnerabilities...
2026-01-18T05:14:45Z	INFO	[poetry] Detecting vulnerabilities...
2026-01-18T05:14:45Z	INFO	Detected config files	num=2

Report Summary

┌───────────────────┬────────────┬─────────────────┬───────────────────┐
│      Target       │    Type    │ Vulnerabilities │ Misconfigurations │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ poetry.lock       │   poetry   │       10        │         -         │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ requirements.txt  │    pip     │       10        │         -         │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ Dockerfile        │ dockerfile │        -        │         0         │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ docker/Dockerfile │ dockerfile │        -        │         0         │
└───────────────────┴────────────┴─────────────────┴───────────────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/docs/v0.68/guide/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


poetry.lock (poetry)
=

(Truncated to 5000 characters out of 18010)

⚠️ ACTION / actionlint - 3 errors

.github/workflows/github-dependents-info.yml:53:9: shellcheck reported issue in this script: SC2086:info:1:15: Double quote to prevent globbing and word splitting [shellcheck]
   |
53 |         run: sudo chown -R $USER:$USER .
   |         ^~~~
.github/workflows/github-dependents-info.yml:53:9: shellcheck reported issue in this script: SC2086:info:1:21: Double quote to prevent globbing and word splitting [shellcheck]
   |
53 |         run: sudo chown -R $USER:$USER .
   |         ^~~~
.github/workflows/release.yml:63:9: shellcheck reported issue in this script: SC2086:info:1:55: Double quote to prevent globbing and word splitting [shellcheck]
   |
63 |         run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> ${GITHUB_ENV}
   |         ^~~~

⚠️ REPOSITORY / grype - 11 errors

[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) from=syft
NAME        INSTALLED  FIXED IN  TYPE    VULNERABILITY        SEVERITY  EPSS           RISK   
aiohttp     3.13.2     3.13.3    python  GHSA-6mq8-rvhq-8wgg  High      < 0.1% (17th)  < 0.1  
aiohttp     3.13.2     3.13.3    python  GHSA-6jhg-hg63-jvvf  Medium    < 0.1% (17th)  < 0.1  
aiohttp     3.13.2     3.13.3    python  GHSA-jj3x-wxrx-4x23  Medium    < 0.1% (17th)  < 0.1  
aiohttp     3.13.2     3.13.3    python  GHSA-g84x-mcqj-x9qq  Medium    < 0.1% (14th)  < 0.1  
aiohttp     3.13.2     3.13.3    python  GHSA-54jq-c3m8-4m76  Low       < 0.1% (17th)  < 0.1  
urllib3     2.6.2      2.6.3     python  GHSA-38jv-5279-wg99  High      < 0.1% (3rd)   < 0.1  
aiohttp     3.13.2     3.13.3    python  GHSA-mqqc-3gqh-h2x8  Low       < 0.1% (12th)  < 0.1  
aiohttp     3.13.2     3.13.3    python  GHSA-69f9-5gxw-wvc2  Low       < 0.1% (11th)  < 0.1  
aiohttp     3.13.2     3.13.3    python  GHSA-fh55-r93g-j68g  Low       < 0.1% (11th)  < 0.1  
filelock    3.20.1     3.20.3    python  GHSA-qmgc-5h2g-mvrw  Medium    < 0.1% (2nd)   < 0.1  
virtualenv  20.35.4    20.36.1   python  GHSA-597g-3phw-6986  Medium    < 0.1% (2nd)   < 0.1
[0039] ERROR discovered vulnerabilities at or above the severity threshold

⚠️ DOCKERFILE / hadolint - 1 error

Dockerfile:5 DL3013 warning: Pin versions in pip. Instead of `pip install <package>` use `pip install <package>==<version>` or `pip install --requirement <requirements file>`
docker/Dockerfile:7 DL3008 warning: Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
docker/Dockerfile:12 DL3045 warning: `COPY` to a relative destination without `WORKDIR` set.
docker/Dockerfile:15 DL3003 warning: Use WORKDIR to switch to a directory
docker/Dockerfile:15 DL4006 warning: Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check
docker/Dockerfile:15 SC2226 warning: This ln has no destination. Check the arguments, or specify '.' explicitly.
docker/Dockerfile:24 DL3025 warning: Use arguments JSON notation for CMD and ENTRYPOINT arguments

⚠️ SPELL / lychee - 2 errors

[IGNORED] docker://nvuillam/github-dependents-info:v3.0.0 | Unsupported: Error creating request client: builder error for url (docker://nvuillam/github-dependents-info:v3.0.0)
[404] https://docs.github.com/en/github/administering-a-repository/keeping-your-dependencies-updated-automatically | Network error: Not Found
[404] https://github.com/actions-marketplace-validations/AkhileshNS_heroku-deploy | Network error: Not Found
📝 Summary
---------------------
🔍 Total..........177
✅ Successful.....138
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded........36
❓ Unknown..........0
🚫 Errors...........2

Errors in docs/github-dependents-info.md
[404] https://github.com/actions-marketplace-validations/AkhileshNS_heroku-deploy | Network error: Not Found

Errors in .github/dependabot.yml
[404] https://docs.github.com/en/github/administering-a-repository/keeping-your-dependencies-updated-automatically | Network error: Not Found

⚠️ MARKDOWN / markdownlint - 17 errors

.github/PULL_REQUEST_TEMPLATE.md:1 error MD041/first-line-heading/first-line-h1 First line in a file should be a top-level heading [Context: "## Description"]
docs/github-dependents-info.md:8:401 error MD013/line-length Line length [Expected: 400; Actual: 1092]
README.md:47:2 error MD045/no-alt-text Images should have alternate text (alt text)
README.md:48:2 error MD045/no-alt-text Images should have alternate text (alt text)
README.md:49:2 error MD045/no-alt-text Images should have alternate text (alt text)
README.md:50:2 error MD045/no-alt-text Images should have alternate text (alt text)
README.md:216:3 error MD051/link-fragments Link fragments should be valid [Context: "[Installation](#⚙️-installation)"]
README.md:217:3 error MD051/link-fragments Link fragments should be valid [Context: "[Usage](#🛠️-usage)"]
README.md:218:3 error MD051/link-fragments Link fragments should be valid [Context: "[Examples](#🧪-examples)"]
README.md:276 error MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:280 error MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:285 error MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:289 error MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:293 error MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:297 error MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:301 error MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:328:1 error MD045/no-alt-text Images should have alternate text (alt text)

⚠️ PYTHON / mypy - 5 errors

github_dependents_info/gh_dependents_info.py:50: error: Need type annotation for "packages" (hint: "packages: list[<type>] = ...")  [var-annotated]
github_dependents_info/gh_dependents_info.py:51: error: Need type annotation for "all_public_dependent_repos" (hint: "all_public_dependent_repos: list[<type>] = ...")  [var-annotated]
github_dependents_info/gh_dependents_info.py:52: error: Need type annotation for "badges" (hint: "badges: dict[<type>, <type>] = ...")  [var-annotated]
github_dependents_info/gh_dependents_info.py:53: error: Need type annotation for "result" (hint: "result: dict[<type>, <type>] = ...")  [var-annotated]
github_dependents_info/gh_dependents_info.py:240: error: Item "None" of "Path | None" has no attribute "mkdir"  [union-attr]
Found 5 errors in 1 file (checked 7 source files)

⚠️ PYTHON / pyright - 4 errors

github_dependents_info/__main__.py
  github_dependents_info/__main__.py:7:6 - error: Import "rich.console" could not be resolved (reportMissingImports)
github_dependents_info/gh_dependents_info.py
  github_dependents_info/gh_dependents_info.py:13:8 - error: Import "pandas" could not be resolved (reportMissingImports)
  github_dependents_info/gh_dependents_info.py:14:6 - error: Import "bs4" could not be resolved (reportMissingImports)
  github_dependents_info/gh_dependents_info.py:240:32 - error: "mkdir" is not a known attribute of "None" (reportOptionalMemberAccess)
4 errors, 0 warnings, 0 informations

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@beta --custom-flavor-setup --custom-flavor-linters PYTHON_PYLINT,PYTHON_BLACK,PYTHON_FLAKE8,PYTHON_ISORT,PYTHON_BANDIT,PYTHON_MYPY,PYTHON_PYRIGHT,PYTHON_RUFF,ACTION_ACTIONLINT,COPYPASTE_JSCPD,DOCKERFILE_HADOLINT,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_CSPELL,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

Show us your support by starring ⭐ the repository