fix(deps): update dependency pywin32 to v311

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
pywin32 (changelog)	>=310,<311 -> >=311,<312

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

mhammond/pywin32 (pywin32)

v311

• Fix use-after-free in CertDeleteCertificateFromStore (#​2637)
• Better support for COM identifiers with non-ascii characters (#​2632)
• pywin32's own warnings will now refer to the caller, rather than to the internal source of warning itself (#​2594, [@​Avasam][Avasam])
• Fixed a regression that broke special __dunder__ methods with CoClass. (#​1870, #​2493, [@​Avasam][Avasam], [@​geppi][geppi])
• Fixed TypeError: cannot unpack non-iterable NoneType object when registering an axscript client ScriptItem (#​2513, [@​Avasam][Avasam])
• Fixed a memory leak when SafeArrays are used as out parameters ([@​the-snork][the-snork])
• Fixed dispatch handling for properties ([@​the-snork][the-snork])
• Resolved a handful of deprecation warnings (#​2567, #​2576, [@​Avasam][Avasam])
• The following classes now produce a valid eval string representation when calling repr: (#​2573, [@​Avasam][Avasam])
  • pywin.tools.browser.HLIPythonObject
  • win32com.server.exception.COMException
  • win32comext.axscript.client.error.AXScriptException
  • win32comext.axscript.client.pyscript.NamedScriptAttribute
• Added initial DECIMAL/VT_DECIMAL support (#​1501, [@​gesslerpd][gesslerpd])

---

Configuration

📅 Schedule: Branch creation - "before 2am every weekday" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Claude finished @renovate[bot]'s task —— View job

---

✅ PR Review: Update pywin32 to v311

This is a straightforward dependency update from Renovate that updates pywin32 from version 310 to 311. The dependency is Windows-only (sys_platform == 'win32'), so this change only affects Windows builds.

---

📋 Summary of Changes

Files Modified:

• pyproject.toml: Dependency version constraint updated to >=311,<312
• uv.lock: Lock file updated with new pywin32 v311 wheel hashes

Dependency Scope:

• Windows-only dependency (sys_platform == 'win32')
• No impact on Linux or macOS builds

---

🔍 Analysis

pywin32 Usage in SDK

The SDK uses pywin32 in two locations:

1. src/aignostics/third_party/showinfm/system/windows.py

   • Uses win32com.shell for Windows File Explorer integration
   • Functions: SHGetDesktopFolder, SHILCreateFromPath, SHOpenFolderAndSelectItems
   • Purpose: Open File Explorer and select files in folders

2. src/aignostics/utils/_gui.py:176

   • Uses win32api.GetLogicalDriveStrings() for drive enumeration
   • Purpose: Display drive selection toggle in GUI file picker on Windows

pywin32 v311 Changelog Review

From the release notes:

✅ Security Fixes:

• Fixed use-after-free vulnerability in CertDeleteCertificateFromStore (#2637)

✅ Bug Fixes:

• Fixed memory leak when SafeArrays used as out parameters
• Fixed dispatch handling for properties
• Fixed CoClass __dunder__ method regression
• Fixed TypeError in axscript client registration

✅ Improvements:

• Better support for COM identifiers with non-ASCII characters
• Warnings now refer to caller instead of internal source
• Initial DECIMAL/VT_DECIMAL support

✅ No Breaking Changes: All changes are backward-compatible fixes and improvements.

---

✅ Compliance Checks

1. Architecture Compliance

✅ PASS - No architectural changes. Dependency update only.

2. Breaking Changes

✅ PASS - No breaking changes in pywin32 v311. All APIs remain compatible.

3. Security

✅ PASS - This update includes a security fix for use-after-free vulnerability.

• Recommendation: Merge this PR to get the security fix.

4. Test Coverage

✅ PASS - No new code added, existing tests sufficient.

• The Windows-specific code paths are conditionally loaded
• CI runs on multiple platforms (Windows tests will validate)

5. Code Quality (Linting/Type Checking)

✅ PASS - Only version constraints changed, no code modifications.

• No linting required
• No type checking impact

6. Documentation

✅ PASS - No documentation updates needed for dependency bumps.

7. CI/CD Status

⏳ PENDING - CI workflows are currently queued/in progress:

• + CI/CD (queued)
• + Build Native Only (queued)
• + Claude Code / Automation / PR Review (in progress)

---

🎯 Recommendation

✅ APPROVE AND MERGE after CI passes.

Rationale:

1. ✅ Security improvement - Fixes use-after-free vulnerability
2. ✅ No breaking changes - Backward-compatible update
3. ✅ Bug fixes included - Memory leaks and dispatch handling improvements
4. ✅ Limited scope - Windows-only dependency, no Linux/macOS impact
5. ✅ Safe usage - SDK only uses basic APIs (win32api, win32com.shell) that are stable

Next Steps:

1. ⏳ Wait for CI to complete (all checks should pass)
2. ✅ Merge once CI is green
3. 🚀 No additional testing required beyond CI validation

---

📝 Notes

• The pywin32 v311 update includes multiple bug fixes and a security patch, making this a beneficial update
• The SDK's usage of pywin32 is limited to stable APIs (file manager integration, drive enumeration) that are not affected by the changes in v311
• Windows native builds will automatically pick up the new version
• No migration guide needed - this is a drop-in replacement

---

Reviewed by: Claude Code
Review Date: 2025-11-10
PR: #236
Branch: renovate/pywin32-311.x → main

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud