build(deps): bump attrs from 24.2.0 to 26.1.0

[dependabot]

Bumps attrs from 24.2.0 to 26.1.0.

Release notes

Sourced from attrs's releases.

26.1.0

Highlights

The main outward change here only affects people using field transformers, but it should be a nice quality of life improvement!

Full changelog below!

Special Thanks

This release would not be possible without my generous sponsors! Thank you to all of you making sustainable maintenance possible! If you would like to join them, go to https://github.com/sponsors/hynek and check out the sweet perks!

Above and Beyond

Variomedia AG (@variomedia), Tidelift (@tidelift), Kraken Tech (@kraken-tech), Privacy Solutions GmbH (@privacy-solutions), FilePreviews (@filepreviews), Ecosystems (@ecosyste-ms), TestMu AI Open Source Office (Formerly LambdaTest) (@LambdaTest-Inc), Doist (@Doist), Daniel Fortunov (@asqui), and Kevin P. Fleming (@kpfleming).

Maintenance Sustainers

Buttondown (@buttondown), Christopher Dignam (@chdsbd), Magnus Watn (@magnuswatn), David Cramer (@dcramer), Rivo Laks (@rivol), Polar (@polarsource), Mike Fiedler (@miketheman), Duncan Hill (@cricalix), Colin Marquardt (@cmarqu), Pieter Swinkels (@swinkels), Nick Libertini (@libertininick), Brian M. Dennis (@crossjam), Celebrity News AG (@celebritynewsag), The Westervelt Company (@westerveltco), Sławomir Ehlert (@slafs), Mostafa Khalil (@khadrawy), Filip Mularczyk (@mukiblejlok), Thomas Klinger (@thmsklngr), Andreas Poehlmann (@ap--), August Trapper Bigelow (@atbigelow), Carlton Gibson (@carltongibson), and Roboflow (@roboflow).

Full Changelog

Backwards-incompatible Changes

• Field aliases are now resolved before calling field_transformer, so transformers receive fully populated Attribute objects with usable alias values instead of None. The new Attribute.alias_is_default flag indicates whether the alias was auto-generated (True) or explicitly set by the user (False). #1509

Changes

• Fix type annotations for attrs.validators.optional(), so it no longer rejects tuples with more than one validator. #1496
• The attrs.validators.disabled() contextmanager can now be nested. #1513
• Frozen classes can set on_setattr=attrs.setters.NO_OP in addition to None. #1515
• It's now possible to pass attrs instances in addition to attrs classes to attrs.fields(). #1529

---

This release contains contributions from @​bysiber, @​DavidCEllis, @​finite-state-machine, @​hynek, @​veeceey, and @​vstinner.

Artifact Attestations

You can verify this release's artifact attestions using GitHub's CLI tool by downloading the sdist and wheel from PyPI and running:

$ gh attestation verify --owner python-attrs attrs-26.1.0.tar.gz

... (truncated)

Changelog

Sourced from attrs's changelog.

26.1.0 - 2026-03-19

Backwards-incompatible Changes

• Field aliases are now resolved before calling field_transformer, so transformers receive fully populated Attribute objects with usable alias values instead of None. The new Attribute.alias_is_default flag indicates whether the alias was auto-generated (True) or explicitly set by the user (False). #1509

Changes

• Fix type annotations for attrs.validators.optional(), so it no longer rejects tuples with more than one validator. #1496
• The attrs.validators.disabled() contextmanager can now be nested. #1513
• Frozen classes can set on_setattr=attrs.setters.NO_OP in addition to None. #1515
• It's now possible to pass attrs instances in addition to attrs classes to attrs.fields(). #1529

25.4.0 - 2025-10-06

Backwards-incompatible Changes

• Class-level kw_only=True behavior is now consistent with dataclasses.

  Previously, a class that sets kw_only=True makes all attributes keyword-only, including those from base classes. If an attribute sets kw_only=False, that setting is ignored, and it is still made keyword-only.

  Now, only the attributes defined in that class that doesn't explicitly set kw_only=False are made keyword-only.

  This shouldn't be a problem for most users, unless you have a pattern like this:

  @attrs.define(kw_only=True)
  class Base:
      a: int
      b: int = attrs.field(default=1, kw_only=False)
  @​attrs.define
  class Subclass(Base):
  c: int

  Here, we have a kw_only=True attrs class (Base) with an attribute that sets kw_only=False and has a default (Base.b), and then create a subclass (Subclass) with required arguments (Subclass.c). Previously this would work, since it would make Base.b keyword-only, but now this fails since Base.b is positional, and we have a required positional argument (Subclass.c) following another argument with defaults. #1457

... (truncated)

Commits

• 7bfc49e Prepare 26.1.0
• 31e0286 Update test_validators.py for Python 3.15a7 (#1530)
• 48b8611 Add instance support to attrs.fields() (#1529)
• 3a68d49 dev: document missing git tags failure mode
• a572c3a Allow field(on_setattr=NO_OP) on frozen classes
• af9c510 Fix validators.disabled() to save/restore state on nesting (#1513)
• ab7f8b2 update dev
• ce89f5d Fix message passing in frozen errors
• eccd966 Fix optional validator to accept tuples of len > 1 (#1496)
• e92fe52 policies: tighten screws (#1528)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.