chore(deps-py): bump the minor group across 1 directory with 2 updates

[dependabot]

Bumps the minor group with 2 updates in the / directory: graphviz and pip.

Updates graphviz from 0.20.3 to 0.21

Changelog

Sourced from graphviz's changelog.

Version 0.21

Drop Python 3.8 support (end of life 2024-10-07).

Tag Python 3.13 support.

Add support for format='svg_inline', available since upstream Graphviz 10.0.1. Produces header-less SVG suitable for inlining into HTML (see https://www.graphviz.org/docs/outputs/svg/).

Switch project to pyproject.toml and build to python -m build) (https://build.pypa.io). This changes the source distribution format from .zip to PEP 625 compliant .tar.gz (https://peps.python.org/pep-0625/).

Commits

• 19b16bf release 0.21
• 45da7c2 document removal of Python 3.8 support and tagging of Python 3.13 support
• 2f3204a docmument new format='svg_inline' and add test coverage
• fb70498 bump version for switch to pyproject.toml and https://build.pypa.io
• bff786f Add svg_inline to formats.py
• 421925a update build instructions for https://build.pypa.io
• 77769e7 actually make lint-code.py respect pyroject.toml configuration
• 8a3a2b7 make lint-code.py respect pyroject.toml configuration
• ac77cf0 fix coverage section name
• 115ad34 replace setup.py, setup.cfg, and tox.ini with pyproject.toml
• Additional commits viewable in compare view

Updates pip from 25.2 to 25.3

Changelog

Sourced from pip's changelog.

25.3 (2025-10-24)

Deprecations and Removals

• Remove support for the legacy setup.py develop editable method in setuptools editable installs; setuptools >= 64 is now required. ([#11457](https://github.com/pypa/pip/issues/11457) <https://github.com/pypa/pip/issues/11457>_)

• Remove the deprecated --global-option and --build-option. --config-setting is now the only way to pass options to the build backend. ([#11859](https://github.com/pypa/pip/issues/11859) <https://github.com/pypa/pip/issues/11859>_)

• Deprecate the PIP_CONSTRAINT environment variable for specifying build constraints.

  Use the --build-constraint option or the PIP_BUILD_CONSTRAINT environment variable instead. When build constraints are used, PIP_CONSTRAINT no longer affects isolated build environments. To enable this behavior without specifying any build constraints, use --use-feature=build-constraint. ([#13534](https://github.com/pypa/pip/issues/13534) <https://github.com/pypa/pip/issues/13534>_)

• Remove support for non-standard legacy wheel filenames. ([#13581](https://github.com/pypa/pip/issues/13581) <https://github.com/pypa/pip/issues/13581>_)

• Remove support for the deprecated setup.py bdist_wheel mechanism. Consequently, --use-pep517 is now always on, and --no-use-pep517 has been removed. ([#6334](https://github.com/pypa/pip/issues/6334) <https://github.com/pypa/pip/issues/6334>_)

Features

• When :pep:658 metadata is available, full distribution files are no longer downloaded when using pip lock or pip install --dry-run. ([#12603](https://github.com/pypa/pip/issues/12603) <https://github.com/pypa/pip/issues/12603>_)
• Add support for installing an editable requirement written as a Direct URL (PackageName @ URL). ([#13495](https://github.com/pypa/pip/issues/13495) <https://github.com/pypa/pip/issues/13495>_)
• Add support for build constraints via the --build-constraint option. This allows constraining the versions of packages used during the build process (e.g., setuptools) without affecting the final installation. ([#13534](https://github.com/pypa/pip/issues/13534) <https://github.com/pypa/pip/issues/13534>_)
• On ResolutionImpossible errors, include a note about causes with no candidates. ([#13588](https://github.com/pypa/pip/issues/13588) <https://github.com/pypa/pip/issues/13588>_)
• Building pip itself from source now uses flit-core instead of setuptools. This does not affect how pip installs or builds packages you use. ([#13473](https://github.com/pypa/pip/issues/13473) <https://github.com/pypa/pip/issues/13473>_)

Bug Fixes

• Handle malformed Version metadata entries and show a sensible error message instead of crashing. ([#13443](https://github.com/pypa/pip/issues/13443) <https://github.com/pypa/pip/issues/13443>_)
• Permit spaces between a filepath and extras in an install requirement. ([#13523](https://github.com/pypa/pip/issues/13523) <https://github.com/pypa/pip/issues/13523>_)
• Ensure the self-check files in the cache have the same permissions as the rest of the cache. ([#13528](https://github.com/pypa/pip/issues/13528) <https://github.com/pypa/pip/issues/13528>_)
• Avoid concurrency issues and improve performance when caching locally built wheels, especially when the temporary build directory is on a different filesystem than the cache. The wheel directory passed to the build backend is now a temporary subdirectory inside the cache directory. ([#13540](https://github.com/pypa/pip/issues/13540) <https://github.com/pypa/pip/issues/13540>_)
• Include relevant user-supplied constraints in logs when reporting dependency conflicts. ([#13545](https://github.com/pypa/pip/issues/13545) <https://github.com/pypa/pip/issues/13545>_)
• Fix a regression in configuration parsing that was turning a single value into a list and thus leading to a validation error. ([#13548](https://github.com/pypa/pip/issues/13548) <https://github.com/pypa/pip/issues/13548>_)
• For Python versions that do not support :pep:706, pip will now raise an installation error for a source distribution when it includes a symlink that points outside the source distribution archive. ([#13550](https://github.com/pypa/pip/issues/13550) <https://github.com/pypa/pip/issues/13550>_)
• Prevent --user installs if site.ENABLE_USER_SITE is set to False. ([#8794](https://github.com/pypa/pip/issues/8794) <https://github.com/pypa/pip/issues/8794>_)

... (truncated)

Commits

• a520693 Bump for release
• 0f2973e Fix up authors by adding entry to .mailmap
• 87828dc Update AUTHORS.txt
• ce6a38c Merge pull request #13628 from sbidoul/imp-doc-pep517-sbi
• ee16c81 Merge pull request #13629 from notatallshaw/bump-gone_in="25.3"
• 3e227aa Bump gone_in="25.3"
• 4ad1828 Merge pull request #13495 from ichard26/feat/direct-editables
• 66ded3b Merge pull request #13570 from ShubhamNagure/fix-constraint-reporting-13545
• 67e8ac2 Merge pull request #13588 from notatallshaw/hint-on-resolution-impossible-whe...
• 990ca8a Merge pull request #8796 from pelson/honour_user_site
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 78.81%. Comparing base (bcf1d4c) to head (bf102f5).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1204   +/-   ##
=======================================
  Coverage   78.81%   78.81%           
=======================================
  Files         153      153           
  Lines       18910    18910           
  Branches    17808    17808           
=======================================
  Hits        14903    14903           
  Misses       3065     3065           
  Partials      942      942           

Flag	Coverage Δ
python	92.65% <ø> (ø)
qis-compiler	68.40% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.