Skip to content

Bump the development-dependencies group with 4 updates #138

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the development-dependencies group with 4 updates #138

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 4, 2025
edited
Loading

Bumps the development-dependencies group with 4 updates: flake8, bandit, mypy and ruff.

Updates flake8 from 7.0.0 to 7.3.0

Commits

Updates bandit from 1.7.8 to 1.8.6

Release notes

Sourced from bandit's releases.

1.8.6

What's Changed

New Contributors

Full Changelog: PyCQA/bandit@1.8.5...1.8.6

1.8.5

What's Changed

Full Changelog: PyCQA/bandit@1.8.4...1.8.5

1.8.4

What's Changed

New Contributors

... (truncated)

Commits

Updates mypy from 1.9.0 to 1.17.1

Changelog

Sourced from mypy's changelog.

Mypy 1.17.1

  • Retain None as constraints bottom if no bottoms were provided (Stanislav Terliakov, PR 19485)
  • Fix "ignored exception in hasattr" in dmypy (Stanislav Terliakov, PR 19428)
  • Prevent a crash when InitVar is redefined with a method in a subclass (Stanislav Terliakov, PR 19453)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

  • Alexey Makridenko
  • Brian Schubert
  • Chad Dombrova
  • Chainfire
  • Charlie Denton
  • Charulata
  • Christoph Tyralla
  • CoolCat467
  • Donal Burns
  • Guy Wilson
  • Ivan Levkivskyi
  • johnthagen
  • Jukka Lehtosalo
  • Łukasz Kwieciński
  • Marc Mueller
  • Michael J. Sullivan
  • Mikhail Golubev
  • Sebastian Rittau
  • Shantanu
  • Stanislav Terliakov
  • wyattscarpenter

I’d also like to thank my employer, Dropbox, for supporting mypy development.

Mypy 1.16

We’ve just uploaded mypy 1.16 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Different Property Getter and Setter Types

Mypy now supports using different types for a property getter and setter:

class A:
    _value: int
</tr></table>

... (truncated)

Commits
  • acb2983 Bump version to 1.17.1
  • 933c913 Retain None as constraints bottom if no bottoms were provided (#19485)
  • 5f4428f Fix "ignored exception in hasattr" in dmypy (#19428)
  • 88fdeaa Prevent a crash when InitVar is redefined with a method in a subclass (#19453)
  • e44d14f Bump version to 1.17.1+dev
  • 0260991 Update version string
  • 3901aa2 Updates to 1.17 changelog (#19436)
  • 7d13396 Initial changelog for 1.17 release (#19427)
  • a182dec Combine the revealed types of multiple iteration steps in a more robust manne...
  • ab4fd57 Improve the handling of "iteration dependent" errors and notes in finally cla...
  • Additional commits viewable in compare view

Updates ruff from 0.3.4 to 0.12.12

Release notes

Sourced from ruff's releases.

0.12.12

Release Notes

Preview features

  • Show fixes by default (#19919)
  • [airflow] Convert DatasetOrTimeSchedule(datasets=...) to AssetOrTimeSchedule(assets=...) (AIR311) (#20202)
  • [airflow] Improve the AIR002 error message (#20173)
  • [airflow] Move airflow.operators.postgres_operator.Mapping from AIR302 to AIR301 (#20172)
  • [flake8-async] Implement blocking-input rule (ASYNC250) (#20122)
  • [flake8-use-pathlib] Make PTH119 and PTH120 fixes unsafe because they can change behavior (#20118)
  • [pylint] Add U+061C to PLE2502 (#20106)
  • [ruff] Fix false negative for empty f-strings in deque calls (RUF037) (#20109)

Bug fixes

  • Less confidently mark f-strings as empty when inferring truthiness (#20152)
  • [fastapi] Fix false positive for paths with spaces around parameters (FAST003) (#20077)
  • [flake8-comprehensions] Skip C417 when lambda contains yield/yield from (#20201)
  • [perflint] Handle tuples in dictionary comprehensions (PERF403) (#19934)

Rule changes

  • [pycodestyle] Preserve return type annotation for ParamSpec (E731) (#20108)

Documentation

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.12.12

Preview features

  • Show fixes by default (#19919)
  • [airflow] Convert DatasetOrTimeSchedule(datasets=...) to AssetOrTimeSchedule(assets=...) (AIR311) (#20202)
  • [airflow] Improve the AIR002 error message (#20173)
  • [airflow] Move airflow.operators.postgres_operator.Mapping from AIR302 to AIR301 (#20172)
  • [flake8-async] Implement blocking-input rule (ASYNC250) (#20122)
  • [flake8-use-pathlib] Make PTH119 and PTH120 fixes unsafe because they can change behavior (#20118)
  • [pylint] Add U+061C to PLE2502 (#20106)
  • [ruff] Fix false negative for empty f-strings in deque calls (RUF037) (#20109)

Bug fixes

  • Less confidently mark f-strings as empty when inferring truthiness (#20152)
  • [fastapi] Fix false positive for paths with spaces around parameters (FAST003) (#20077)
  • [flake8-comprehensions] Skip C417 when lambda contains yield/yield from (#20201)
  • [perflint] Handle tuples in dictionary comprehensions (PERF403) (#19934)

Rule changes

  • [pycodestyle] Preserve return type annotation for ParamSpec (E731) (#20108)

Documentation

0.12.11

Preview features

  • [airflow] Extend AIR311 and AIR312 rules (#20082)
  • [airflow] Replace wrong path airflow.io.storage with airflow.io.store (AIR311) (#20081)
  • [flake8-async] Implement blocking-http-call-httpx-in-async-function (ASYNC212) (#20091)
  • [flake8-logging-format] Add auto-fix for f-string logging calls (G004) (#19303)
  • [flake8-use-pathlib] Add autofix for PTH211 (#20009)
  • [flake8-use-pathlib] Make PTH100 fix unsafe because it can change behavior (#20100)

Bug fixes

  • [pyflakes, pylint] Fix false positives caused by __class__ cell handling (F841, PLE0117) (#20048)
  • [pyflakes] Fix allowed-unused-imports matching for top-level modules (F401) (#20115)
  • [ruff] Fix false positive for t-strings in default-factory-kwarg (RUF026) (#20032)
  • [ruff] Preserve relative whitespace in multi-line expressions (RUF033) (#19647)

Rule changes

  • [ruff] Handle empty t-strings in unnecessary-empty-iterable-within-deque-call (RUF037) (#20045)

... (truncated)

Commits
  • c6516e9 Bump 0.12.12 (#20242)
  • 1aaa084 [ty] More tests for TypedDict (#20205)
  • b49aa35 Split LICENSE addendum by derivation type (#20222)
  • 1e34f3f [ty] Fix small test typo (#20220)
  • 77b2cee [ty] Add functions for revealing assignability/subtyping constraints (#20217)
  • 200349c [flake8-comprehensions] Skip C417 when lambda contains yield/`yield fro...
  • 0d4f7dd [ty] Treat __new__ as a static method (#20212)
  • cb1ba0d Expose Indentation in ruff_python_codegen (#20216)
  • cda376a [ty]eliminate definitely-impossible types from union in equality narrowing (#...
  • b14fc96 Update Rust crate tracing-subscriber to v0.3.20 (#20162)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the development-dependencies group with 4 updates
5cec82a 
Bumps the development-dependencies group with 4 updates: [flake8](https://github.com/pycqa/flake8), [bandit](https://github.com/PyCQA/bandit), [mypy](https://github.com/python/mypy) and [ruff](https://github.com/astral-sh/ruff).


Updates `flake8` from 7.0.0 to 7.3.0
- [Commits](PyCQA/flake8@7.0.0...7.3.0)

Updates `bandit` from 1.7.8 to 1.8.6
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](PyCQA/bandit@1.7.8...1.8.6)

Updates `mypy` from 1.9.0 to 1.17.1
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@1.9.0...v1.17.1)

Updates `ruff` from 0.3.4 to 0.12.12
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@v0.3.4...0.12.12)

---
updated-dependencies:
- dependency-name: flake8
  dependency-version: 7.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: bandit
  dependency-version: 1.8.6
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: mypy
  dependency-version: 1.17.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: ruff
  dependency-version: 0.12.12
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Sep 4, 2025
@dependabot dependabot bot requested a review from aegilops as a code owner September 4, 2025 17:01
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Sep 4, 2025
@dependabot dependabot bot mentioned this pull request Sep 4, 2025
Closed
@dependabot dependabot bot requested a review from GeekMasher September 4, 2025 17:01
This was referenced Sep 4, 2025
Closed
Closed
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 4, 2025

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
pip/bandit 1.8.6 🟢 6.6
Details
CheckScoreReason
Security-Policy🟢 10security policy file detected
Code-Review🟢 9Found 14/15 approved changesets -- score normalized to 9
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Maintained🟢 1013 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities🟢 91 existing vulnerabilities detected
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/flake8 7.3.0 🟢 5.6
Details
CheckScoreReason
Code-Review⚠️ 1Found 2/15 approved changesets -- score normalized to 1
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Maintained🟢 1013 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/mypy 1.17.1 🟢 7.4
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 9Found 29/30 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
pip/ruff 0.12.12 UnknownUnknown

Scanned Files

  • secretscanning/dev-requirements.txt

@dependabot dependabot bot mentioned this pull request Sep 4, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aegilops aegilops Awaiting requested review from aegilops aegilops is a code owner

@GeekMasher GeekMasher Awaiting requested review from GeekMasher

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants