Bump the packages group across 1 directory with 2 updates

[dependabot]

Updates the requirements on chardet and cookiecutter to permit the latest version.
Updates chardet to 7.0.1

Release notes

Sourced from chardet's releases.

7.0.1

Fixes

• Fixed false UTF-7 detection of SHA-1 git hashes (#324, fixing #323) — requirements files with VCS pins (e.g., +4bafdea3...) were misdetected as UTF-7, breaking tools like tox
• Fixed _SINGLE_LANG_MAP missing aliases for single-language encoding lookup (e.g., big5 → big5hkscs)
• Fixed PyPy TypeError in UTF-7 codec handling

Improvements

• Retrained bigram models — 24 previously failing test cases now pass
• Updated language equivalences for mutual intelligibility (Slovak/Czech, East Slavic + Bulgarian, Malay/Indonesian, Scandinavian languages)

New Contributors

• @​rembish made their first contribution — both reporting the UTF-7 false detection issue and submitting the fix! (#323, #324)

Changelog

Sourced from chardet's changelog.

7.0.1 (2026-03-04)

Fixes:

• Fixed false UTF-7 detection of SHA-1 git hashes ([#324](https://github.com/chardet/chardet/issues/324) <https://github.com/chardet/chardet/issues/324>_)
• Fixed _SINGLE_LANG_MAP missing aliases for single-language encoding lookup (e.g., big5 → big5hkscs)
• Fixed PyPy TypeError in UTF-7 codec handling

Improvements:

• Retrained bigram models — 24 previously failing test cases now pass
• Updated language equivalences for mutual intelligibility (Slovak/Czech, East Slavic + Bulgarian, Malay/Indonesian, Scandinavian languages)

7.0.0 (2026-03-02)

Ground-up, MIT-licensed rewrite of chardet. Same package name, same public API — drop-in replacement for chardet 5.x/6.x.

Highlights:

• MIT license (previous versions were LGPL)
• 96.8% accuracy on 2,179 test files (+2.3pp vs chardet 6.0.0, +7.7pp vs charset-normalizer)
• 41x faster than chardet 6.0.0 with mypyc (28x pure Python), 7.5x faster than charset-normalizer
• Language detection for every result (90.5% accuracy across 49 languages)
• 99 encodings across six eras (MODERN_WEB, LEGACY_ISO, LEGACY_MAC, LEGACY_REGIONAL, DOS, MAINFRAME)
• 12-stage detection pipeline — BOM, UTF-16/32 patterns, escape sequences, binary detection, markup charset, ASCII, UTF-8 validation, byte validity, CJK gating, structural probing, statistical scoring, post-processing
• Bigram frequency models trained on CulturaX multilingual corpus data for all supported language/encoding pairs
• Optional mypyc compilation — 1.49x additional speedup on CPython
• Thread-safe detect() and detect_all() with no measurable overhead; scales on free-threaded Python 3.13t+
• Negligible import memory (96 B)
• Zero runtime dependencies

Breaking changes vs 6.0.0:

• detect() and detect_all() now default to encoding_era=EncodingEra.ALL (6.0.0 defaulted to MODERN_WEB)

... (truncated)

Commits

• 330e41e docs: update benchmark numbers for expanded test suite (2,510 files)
• 83eb965 fix: remove unused cached_specs and add version mismatch diagnostic
• b5ef193 feat: skip venv creation when full cache exists for detector
• d98e26a fix: use project_root parameter instead of pip_args[0] in _resolve_version_wi...
• 5a85c25 feat: add helpers for venv-less version/tag resolution and cache checking
• f4917a3 Remove plans
• 06ae339 Use package name in cache filenames and enrich display labels
• 90fff1d Fix precommit hook failures
• 611fc0b Bump coverage requirements up to 95% since we have 100%
• cc21964 Add separate lint job back
• Additional commits viewable in compare view

Updates cookiecutter to 2.7.1

Release notes

Sourced from cookiecutter's releases.

Cookiecutter 2.7.1: The One Where It Knows Its Own Name

You know that thing where you release an album, it's on the shelves, people are buying it, and then someone points out the spine says it's your previous album? That's what happened with Cookiecutter 2.7.0. We put out the long-awaited release with 27 improvements and 17 contributors, and cookiecutter -V proudly announced: 2.6.0.

$ cookiecutter -V
Cookiecutter 2.6.0
$ # narrator voice: it was not 2.6.0

Go on, run this and see for yourself that the 2.7.1 release knows its own version number now:

uv tool upgrade cookiecutter

What's fixed

cookiecutter -V now reports the real version. Rather than patch VERSION.txt, this release removes it entirely. The version is now read from package metadata at runtime, so pyproject.toml is the single source of truth and there's nothing left to drift. Thanks @​bollwyvl for the bug report PR and for suggesting the importlib.metadata approach, and thanks @​tranzystorekk for filing #2195!

What's better

CI runs each Python version as its own job. Tests for 3.10 through 3.14 used to run sequentially inside a single job per OS, which pushed Windows past 30 minutes. Each version now runs in parallel with a 15-minute timeout. Windows tests focus on the boundary versions (3.10 and 3.14) since intermediate versions add little signal beyond Ubuntu and macOS.

Contributors

@​audreyfeldroy (Audrey M. Roy Greenfeld) and @​pydanny (Daniel Roy Greenfeld) built this release, with help from Claude roleplaying as David Bowie.

Thanks to @​bollwyvl (Nicholas Bollweg) for the version fix PR and the importlib.metadata suggestion, and @​tranzystorekk for reporting the version mismatch.

Commits

• 083dd3c Release 2.7.1
• 59e7eb1 Ground the runtime version in package metadata instead of a hand-maintained file
• 730d2eb Run each Python version as its own CI job instead of sequentially
• db674d8 Reflect that PyPI publishing runs automatically on tag push
• 718f685 Release 2.7.0
• 14da090 Let contributors focus on what interests them, not a milestone plan
• a4a7e99 Give release managers a safe, documented path from version bump to PyPI
• cf3bd2f Drop the Release Drafter integration
• 0ff1fa8 Tell template creators what Cookiecutter actually gives them
• 154d946 Modernize the README around uv and a leaner project page
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions