ci: bump the ci-dependencies group in /.github/workflows with 3 updates

[dependabot[bot]]

Bumps the ci-dependencies group in /.github/workflows with 3 updates: griffe, pip and uv.

Updates griffe from 0.47.0 to 0.48.0

Release notes

Sourced from griffe's releases.

0.48.0

0.48.0 - 2024-07-15

Compare with 0.47.0

WARNING: ⚡ Imminent v1! ⚡🚀 See v0.46.

Deprecations

• All submodules are deprecated. All objects are now exposed in the top-level griffe module.
• All logger names are deprecated, and will be replaced with "griffe" in v1. In v1 our single "griffe" logger will provide a method to temporarily disable logging, [logger.disable()][griffe.Logger.disable], since that's the most common third-party use.
• The get_logger function is deprecated. Instead, we'll use a global logger internally, and users are welcome to use it too.
• The patch_loggers function is renamed patch_logger.
• Following the logging changes, the [docstring_warning][griffe.docstring_warning] function can now directly log a warning message instead of returning a callable that does. Passing it a logger name (to get a callable) is deprecated in favor of passing it a docstring, message and offset directly.

Features

• Support FORCE_COLOR environment variable (e1b7bd9 by Timothée Mazzucotelli).

Bug Fixes

• Don't take a shortcut to the end of an alias chain when getting/setting/deleting alias members (1930609 by Timothée Mazzucotelli).
• Short-circuit __all__ convention when checking if a module is public (5abf4e3 by Timothée Mazzucotelli).
• Reuse existing loggers, preventing overwriting issues (3c2825f by Timothée Mazzucotelli).
• Ignore .pth files that are not utf-8 encoded (ea299dc by Andrew Sansom). Issue-300, PR-301
• Attributes without annotations cannot be dataclass parameters (c9b2e09 by Hassan Kibirige). PR-297
• When deciding to alias an object or not during inspection, consider module paths to be equivalent even with arbitrary private components (8c9f6e6 by Timothée Mazzucotelli). Issue-296
• Fix target path computation: use qualified names to maintain classes in the path (6e17def by Timothée Mazzucotelli). Issue-296

Code Refactoring

• Prepare loggers for simplification (381f10f by Timothée Mazzucotelli).
• Add all previous modules for backward compatibility (a86e44e by Timothée Mazzucotelli).
• Add main public modules (fb860b3 by Timothée Mazzucotelli).
• Simplify "is imported" check in is_public property (c2bbc10 by Timothée Mazzucotelli).
• Use string and integer enumerations (06b383b by Timothée Mazzucotelli).
• Renamed agents nodes modules (ddc5b0c by Timothée Mazzucotelli).
• Clean up and document internal API, mark legacy code (92594a9 by Timothée Mazzucotelli).
• Renamed dataclasses internal modules to models (5555de6 by Timothée Mazzucotelli).
• Move sources under _griffe internal package (cbce6a5 by Timothée Mazzucotelli).

Changelog

Sourced from griffe's changelog.

0.48.0 - 2024-07-15

Compare with 0.47.0

WARNING: ⚡ Imminent v1! ⚡🚀 See v0.46.

Deprecations

• All submodules are deprecated. All objects are now exposed in the top-level griffe module.
• All logger names are deprecated, and will be replaced with "griffe" in v1. In v1 our single "griffe" logger will provide a method to temporarily disable logging, [logger.disable()][griffe.Logger.disable], since that's the most common third-party use.
• The get_logger function is deprecated. Instead, we'll use a global logger internally, and users are welcome to use it too.
• The patch_loggers function is renamed patch_logger.
• Following the logging changes, the [docstring_warning][griffe.docstring_warning] function can now directly log a warning message instead of returning a callable that does. Passing it a logger name (to get a callable) is deprecated in favor of passing it a docstring, message and offset directly.

Features

• Support FORCE_COLOR environment variable (e1b7bd9 by Timothée Mazzucotelli).

Bug Fixes

• Don't take a shortcut to the end of an alias chain when getting/setting/deleting alias members (1930609 by Timothée Mazzucotelli).
• Short-circuit __all__ convention when checking if a module is public (5abf4e3 by Timothée Mazzucotelli).
• Reuse existing loggers, preventing overwriting issues (3c2825f by Timothée Mazzucotelli).
• Ignore .pth files that are not utf-8 encoded (ea299dc by Andrew Sansom). Issue-300, PR-301
• Attributes without annotations cannot be dataclass parameters (c9b2e09 by Hassan Kibirige). PR-297
• When deciding to alias an object or not during inspection, consider module paths to be equivalent even with arbitrary private components (8c9f6e6 by Timothée Mazzucotelli). Issue-296
• Fix target path computation: use qualified names to maintain classes in the path (6e17def by Timothée Mazzucotelli). Issue-296

Code Refactoring

• Prepare loggers for simplification (381f10f by Timothée Mazzucotelli).
• Add all previous modules for backward compatibility (a86e44e by Timothée Mazzucotelli).
• Add main public modules (fb860b3 by Timothée Mazzucotelli).
• Simplify "is imported" check in is_public property (c2bbc10 by Timothée Mazzucotelli).
• Use string and integer enumerations (06b383b by Timothée Mazzucotelli).
• Renamed agents nodes modules (ddc5b0c by Timothée Mazzucotelli).
• Clean up and document internal API, mark legacy code (92594a9 by Timothée Mazzucotelli).
• Renamed dataclasses internal modules to models (5555de6 by Timothée Mazzucotelli).
• Move sources under _griffe internal package (cbce6a5 by Timothée Mazzucotelli).

Commits

• 14a43ab chore: Prepare release 0.48.0
• 145e0bc docs: Add missing pymdownx.blocks.tab extension
• 4d93fd6 docs: Copy readme contents from insiders repo
• ab7ba17 docs: Fix link in readme
• 4bd9fb0 ci: Run inventory tests in CI
• 4e7ef6c tests: Ignore deprecated public module in api/inventory test
• 7207449 ci: Fix comparison
• 0477db5 ci: Don't use parameter headings insiders feature since it breaks in CI
• 39a1174 ci: Ignore dot subprocess error in CI
• 5c154b3 ci: Fix code block execution without direnv
• Additional commits viewable in compare view

Updates pip from 24.1.1 to 24.2

Changelog

Sourced from pip's changelog.

24.2 (2024-07-28)

Deprecations and Removals

• Deprecate pip install --editable falling back to setup.py develop when using a setuptools version that does not support :pep:660 (setuptools v63 and older). ([#11457](https://github.com/pypa/pip/issues/11457) <https://github.com/pypa/pip/issues/11457>_)

Features

• Check unsupported packages for the current platform. ([#11054](https://github.com/pypa/pip/issues/11054) <https://github.com/pypa/pip/issues/11054>_)

• Use system certificates and certifi certificates to verify HTTPS connections on Python 3.10+. Python 3.9 and earlier only use certifi.

  To revert to previous behaviour, pass the flag --use-deprecated=legacy-certs. ([#11647](https://github.com/pypa/pip/issues/11647) <https://github.com/pypa/pip/issues/11647>_)

• Improve discovery performance of installed packages when the importlib.metadata backend is used to load distribution metadata (used by default under Python 3.11+). ([#12656](https://github.com/pypa/pip/issues/12656) <https://github.com/pypa/pip/issues/12656>_)

• Improve performance when the same requirement string appears many times during resolution, by consistently caching the parsed requirement string. ([#12663](https://github.com/pypa/pip/issues/12663) <https://github.com/pypa/pip/issues/12663>_)

• Minor performance improvement of finding applicable package candidates by not repeatedly calculating their versions ([#12664](https://github.com/pypa/pip/issues/12664) <https://github.com/pypa/pip/issues/12664>_)

• Disable pip's self version check when invoking a pip subprocess to install PEP 517 build requirements. ([#12683](https://github.com/pypa/pip/issues/12683) <https://github.com/pypa/pip/issues/12683>_)

• Improve dependency resolution performance by caching platform compatibility tags during wheel cache lookup. ([#12712](https://github.com/pypa/pip/issues/12712) <https://github.com/pypa/pip/issues/12712>_)

• wheel is no longer explicitly listed as a build dependency of pip. setuptools injects this dependency in the get_requires_for_build_wheel() hook and no longer needs it on newer versions. ([#12728](https://github.com/pypa/pip/issues/12728) <https://github.com/pypa/pip/issues/12728>_)

• Ignore --require-virtualenv for pip check and pip freeze ([#12842](https://github.com/pypa/pip/issues/12842) <https://github.com/pypa/pip/issues/12842>_)

• Improve package download and install performance.

  Increase chunk sizes when downloading (256 kB, up from 10 kB) and reading files (1 MB, up from 8 kB). This reduces the frequency of updates to pip's progress bar. ([#12810](https://github.com/pypa/pip/issues/12810) <https://github.com/pypa/pip/issues/12810>_)

• Improve pip install performance.

  Files are now extracted in 1MB blocks, or in one block matching the file size for smaller files. A decompressor is no longer instantiated when extracting 0 bytes files, it is not necessary because there is no data to decompress. ([#12803](https://github.com/pypa/pip/issues/12803) <https://github.com/pypa/pip/issues/12803>_)

Bug Fixes

• Set no_color to global rich.Console instance. ([#11045](https://github.com/pypa/pip/issues/11045) <https://github.com/pypa/pip/issues/11045>_)
• Fix resolution to respect --python-version when checking Requires-Python. ([#12216](https://github.com/pypa/pip/issues/12216) <https://github.com/pypa/pip/issues/12216>_)
• Perform hash comparisons in a case-insensitive manner. ([#12680](https://github.com/pypa/pip/issues/12680) <https://github.com/pypa/pip/issues/12680>_)
• Avoid dlopen failure for glibc detection in musl builds ([#12716](https://github.com/pypa/pip/issues/12716) <https://github.com/pypa/pip/issues/12716>_)
• Avoid keyring logging crashes when pip is run in verbose mode. ([#12751](https://github.com/pypa/pip/issues/12751) <https://github.com/pypa/pip/issues/12751>_)

... (truncated)

Commits

• 97146c7 Bump for release
• ef81b2e Update AUTHORS.txt
• 350a057 Bump the github-actions group with 2 updates (#12876)
• 184390f Update dependabot.yml to bump group updates (#12572)
• 48917f1 Merge pull request #12875 from hellozee/fix-unit-test
• dd85c28 Fix invalid origin test to check all the logged messages
• 203780b Merge pull request #12865 from pradyunsg/better-exception-handling-around-sel...
• e503141 Properly mock _self_version_check_logic
• 3518d32 Rework how --debug is handled in main
• be21d82 Move exception suppression to cover more of self-version-check logic
• Additional commits viewable in compare view

Updates uv from 0.2.18 to 0.2.32

Release notes

Sourced from uv's releases.

0.2.32

Release Notes

Enhancements

• Deprecate the --isolated flag in favor of --no-config (#5466)
• Re-enable requires-python narrowing in forks (#5583)

Performance

• Skip copying to empty entries in seekable zip (#5571)
• Use a consistent buffer size for downloads (#5569)
• Use a consistent buffer size when writing out zip files (#5570)

Bug fixes

• Avoid setting executable permissions on files we might not own (#5582)
• Statically link liblzma (#5577)

Install uv 0.2.32

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.2.32/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -c "irm https://github.com/astral-sh/uv/releases/download/0.2.32/uv-installer.ps1 | iex"

Download uv 0.2.32

File	Platform	Checksum
uv-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
uv-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
uv-i686-pc-windows-msvc.zip	x86 Windows	checksum
uv-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
uv-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
uv-i686-unknown-linux-gnu.tar.gz	x86 Linux	checksum
uv-powerpc64-unknown-linux-gnu.tar.gz	PPC64 Linux	checksum
uv-powerpc64le-unknown-linux-gnu.tar.gz	PPC64LE Linux	checksum
uv-s390x-unknown-linux-gnu.tar.gz	S390x Linux	checksum
uv-x86_64-unknown-linux-gnu.tar.gz	x64 Linux	checksum
uv-armv7-unknown-linux-gnueabihf.tar.gz	ARMv7 Linux	checksum
uv-aarch64-unknown-linux-musl.tar.gz	ARM64 MUSL Linux	checksum
uv-i686-unknown-linux-musl.tar.gz	x86 MUSL Linux	checksum

... (truncated)

Changelog

Sourced from uv's changelog.

0.2.32

Enhancements

• Deprecate the --isolated flag in favor of --no-config (#5466)
• Re-enable requires-python narrowing in forks (#5583)

Performance

• Skip copying to empty entries in seekable zip (#5571)
• Use a consistent buffer size for downloads (#5569)
• Use a consistent buffer size when writing out zip files (#5570)

Bug fixes

• Avoid setting executable permissions on files we might not own (#5582)
• Statically link liblzma (#5577)

0.2.31

Enhancements

• Add --relocatable flag to uv venv (#5515)
• Support xz-compressed packages (#5513)
• Warn, but don't error, when encountering tilde .dist-info directories (#5520)

Bug fixes

• Make pip list --editable conflict with --exclude-editable (#5506)
• Add some missing reinstall-refresh calls (#5497)
• Avoid warning users for missing self-extra lower bounds (#5518)
• Generate hashes for --find-links entries (#5544)
• Retain editable designation for cached wheel installs (#5545)
• Use 666 rather than 644 for default permissions (#5498)
• Retry on incomplete body (#5555)
• Ban --no-cache with --link-mode=symlink (#5519)

0.2.30

Enhancements

• Infer missing .exe in Windows Python discovery (#5456)
• Make --reinstall imply --refresh (#5425)

CLI

• Add --no-config to replace --isolated (#5463)
• Cache metadata for source tree dependencies (#5423)

Bug fixes

... (truncated)

Commits

• 38c232e Bump version to v0.2.32 (#5641)
• 5d727cb Deprecate the --isolated flag (#5466)
• f971631 Wrap documentation at 100 characters (#5635)
• b081425 Improvements to the project concept docs (#5634)
• 67b3bfa Add --isolated support to uv run (#5471)
• ff3bcbb Reframe use of --isolated in tool run (#5470)
• 8545ae2 Rename more use of "lock file" to "lockfile" (#5629)
• d6c319a Suppress resolver output by default in uv run and uv tool run (#5580)
• f7494f2 Remove --isolated usages from the uv python API (#5468)
• 5830a53 Add links to documentation footer (#5616)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

---

📚 Documentation preview 📚: https://citric--1173.org.readthedocs.build/en/1173/

[sonarcloud[bot]]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 100.00%. Comparing base (95b4d4a) to head (2ed5290).

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #1173 +/- ## ========================================= Coverage 100.00% 100.00% ========================================= Files 10 10 Lines 482 482 Branches 25 25 ========================================= Hits 482 482 ``` | [Flag](https://app.codecov.io/gh/edgarrmondragon/citric/pull/1173/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Edgar+Ram%C3%ADrez+Mondrag%C3%B3n) | Coverage Δ | | |---|---|---| | [integration](https://app.codecov.io/gh/edgarrmondragon/citric/pull/1173/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Edgar+Ram%C3%ADrez+Mondrag%C3%B3n) | `91.28% <ø> (ø)` | | | [unit](https://app.codecov.io/gh/edgarrmondragon/citric/pull/1173/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Edgar+Ram%C3%ADrez+Mondrag%C3%B3n) | `93.77% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Edgar+Ram%C3%ADrez+Mondrag%C3%B3n#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[edgarrmondragon]

@dependabot merge