build(deps-dev): bump the pip-dependencies group in /requirements.d with 5 updates

[dependabot]

Bumps the pip-dependencies group in /requirements.d with 5 updates:

Package	From	To
setuptools	82.0.0	82.0.1
pip	26.1	26.1.1
virtualenv	21.3.2	21.3.3
tox	4.52.1	4.53.0
types-pyyaml	6.0.12.20260510	6.0.12.20260518

Updates setuptools from 82.0.0 to 82.0.1

Changelog

Sourced from setuptools's changelog.

v82.0.1

Bugfixes

• Fix the loading of launcher manifest.xml file. (#5047)
• Replaced deprecated json.__version__ with fixture in tests. (#5186)

Improved Documentation

• Add advice about how to improve predictability when installing sdists. (#5168)

Misc

• #4941, #5157, #5169, #5175

Commits

• 5a13876 Bump version: 82.0.0 → 82.0.1
• 51ab8f1 Avoid using (deprecated) 'json.version' in tests (#5194)
• f9c37b2 Docs/CI: Fix intersphinx references (#5195)
• 8173db2 Docs: Fix intersphinx references
• 09bafbc Fix past tense on newsfragment
• 461ea56 Add news fragment
• c4ffe53 Avoid using (deprecated) 'json.version' in tests
• 749258b Cleanup pkg_resources dependencies and configuration (#5175)
• 2019c16 Parse ext-module.define-macros from pyproject.toml as list of tuples (#5169)
• b809c86 Sync setuptools schema with validate-pyproject (#5157)
• Additional commits viewable in compare view

Updates pip from 26.1 to 26.1.1

Changelog

Sourced from pip's changelog.

26.1.1 (2026-05-04)

Bug Fixes

• Fix issue where uninstallation left behind empty directories. Revert the removal of the adjacent __pycache__ directory when a .py file is removed. ([#13973](https://github.com/pypa/pip/issues/13973) <https://github.com/pypa/pip/issues/13973>_)

Commits

• 4432a37 Bump for release
• 4943e17 Merge pull request #13973 from pypa/revert-13725-vfazio-remove-all-optimizati...
• e9e7b90 Add news
• 0ff6964 Revert "Remove pycache when package is removed"
• cc6b082 Merge pull request #13951 from sbidoul/release/26.1
• b2671f1 Bump for development
• See full diff in compare view

Updates virtualenv from 21.3.2 to 21.3.3

Release notes

Sourced from virtualenv's releases.

21.3.3

What's Changed

• Accept GraalPy implementation name. by @​timfel in pypa/virtualenv#3144

Full Changelog: pypa/virtualenv@21.3.2...21.3.3

Changelog

Sourced from virtualenv's changelog.

Bugfixes - 21.3.3

• recognize GraalPy interpreters using the normalized GraalPy name - by :user:timfel. (:issue:3144)

---

v21.3.2 (2026-05-12)

---

No significant changes.

---

v21.3.1 (2026-05-05)

---

Bugfixes - 21.3.1

• Upgrade embedded wheels:

  • pip to 26.1.1 from 26.1 (:issue:3138)

---

v21.3.0 (2026-04-27)

---

Features - 21.3.0

• Re-introduce xonsh shell activator (activate.xsh) previously removed in 20.7.0, and make the plugin loader prefer virtualenv's built-in entry points so a third-party package cannot override them by registering a duplicate name. (:issue:3003)

Bugfixes - 21.3.0

• Upgrade embedded wheels:

  • pip to 26.1 (:issue:3132)

---

v21.2.4 (2026-04-14)

---

Bugfixes - 21.2.4

• Security hardening: validate each entry of a seed wheel archive before extracting it so a tampered wheel cannot escape the app-data image directory via an absolute path or .. traversal. (:issue:3118)
• Security hardening: verify the SHA-256 of every bundled seed wheel when it is loaded so a corrupted or tampered file

... (truncated)

Commits

• e6dba2a release 21.3.3
• e7517c0 Accept GraalPy implementation name. (#3144)
• See full diff in compare view

Updates tox from 4.52.1 to 4.53.0

Release notes

Sourced from tox's releases.

v4.53.0

What's Changed

• ✨ feat(toml): allow bare range/labeled dicts in env_list by @​gaborbernat in tox-dev/tox#3923

Full Changelog: tox-dev/tox@4.52.1...4.53.0

Changelog

Sourced from tox's changelog.

Features - 4.53.0

• TOML env_list now accepts bare range dicts ({ prefix = "3.", start = 12, stop = 14 }) and bare labeled dicts ({ ecosystem = ["oci", "python"] }) as top-level items, removing the { product = [...] } wrapper when there is only a single factor group - by :user:gaborbernat. (:issue:3923)

Bug fixes - 4.53.0

• Nesting a range or labeled dict inside a product factor-group list now raises a clear error pointing at the un-nesting fix, instead of silently producing a malformed environment name - by :user:gaborbernat. (:issue:3923)

---

v4.52.1 (2026-04-09)

---

Commits

• 4c584f2 release 4.53.0
• ddd7280 ✨ feat(toml): allow bare range/labeled dicts in env_list (#3923)
• 3e7f9df [pre-commit.ci] pre-commit autoupdate (#3922)
• See full diff in compare view

Updates types-pyyaml from 6.0.12.20260510 to 6.0.12.20260518

Commits

• See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
tox	[>= 4.49.dev0, < 4.50]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions