Deps: Bump the python-packages group with 4 updates

[dependabot[bot]]

Bumps the python-packages group with 4 updates: idna, importlib-metadata, mypy and ruff.

Updates idna from 3.7 to 3.8

Release notes

Sourced from idna's releases.

v3.8

What's Changed

• Fix regression where IDNAError exception was not being produced for certain inputs.
• Add support for Python 3.13, drop support for Python 3.5 as it is no longer testable.
• Documentation improvements
• Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.

Full Changelog: https://github.com/kjd/idna/compare/v3.7...v3.8

Changelog

Sourced from idna's changelog.

3.8 (2024-08-23) ++++++++++++++++

• Fix regression where IDNAError exception was not being produced for certain inputs.
• Add support for Python 3.13, drop support for Python 3.5 as it is no longer testable.
• Documentation improvements
• Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.

Commits

• 784c6f4 Release v3.8
• 28c7c9e Typo fix
• a2b41c3 Pin remainder of Github Actions flagged in code scanning
• 1f613c5 More Github Action dependency pinning
• a87e2b6 Update OSSF scorecard to latest version
• 12d4dd1 Merge pull request #182 from kjd/github-pypi-actions
• e1a1541 Pin Github Actions dependencies
• c109d3a Merge branch 'master' into github-pypi-actions
• f8a8de4 Do not try to build/send packages to TestPyPI for now
• 613bdde Update regexp to move global flag to start of expression
• Additional commits viewable in compare view

Updates importlib-metadata from 8.2.0 to 8.4.0

Changelog

Sourced from importlib-metadata's changelog.

v8.4.0

Features

• Deferred import of inspect for import performance. (#499)

v8.3.0

Features

• Disallow passing of 'dist' to EntryPoints.select.

Commits

• 1616cb3 Finalize
• 71b4678 Add news fragment.
• ebcdcfd Remove workaround for python/typeshed#10328.
• 2c43cfe Merge pull request #499 from danielhollas/defer-inspect
• a7aaf72 Use third-person imperative voice and link to issue in comment.
• e99c105 Restore single-expression logic.
• debb516 Don't use global var
• 3c8e1ec Finalize
• 5035755 Merge pull request #498 from python/feature/entry-points-disallow-dist-match
• 6d9b766 Remove MetadataPathFinder regardless of its position.
• Additional commits viewable in compare view

Updates mypy from 1.11.1 to 1.11.2

Commits

• 789f02c Bump version to 1.11.2
• 917cc75 An alternative fix for a union-like literal string (#17639)
• 7d805b3 Unwrap TypedDict item types before storing (#17640)
• 32675dd Revert "Fix Literal strings containing pipe characters" (#17638)
• 778542b Revert "Fix RawExpressionType.accept crash with --cache-fine-grained" (#1...
• 14ab742 Bump version to 1.11.2+dev
• See full diff in compare view

Updates ruff from 0.6.1 to 0.6.2

Release notes

Sourced from ruff's releases.

0.6.2

Release Notes

Preview features

• [flake8-simplify] Extend open-file-with-context-handler to work with other standard-library IO modules (SIM115) (#12959)
• [ruff] Avoid unused-async for functions with FastAPI route decorator (RUF029) (#12938)
• [ruff] Ignore fstring-missing-syntax (RUF027) for fastAPI paths (#12939)
• [ruff] Implement check for Decimal called with a float literal (RUF032) (#12909)

Rule changes

• [flake8-bugbear] Update diagnostic message when expression is at the end of function (B015) (#12944)
• [flake8-pyi] Skip type annotations in string-or-bytes-too-long (PYI053) (#13002)
• [flake8-type-checking] Always recognise relative imports as first-party (#12994)
• [flake8-unused-arguments] Ignore unused arguments on stub functions (ARG001) (#12966)
• [pylint] Ignore augmented assignment for self-cls-assignment (PLW0642) (#12957)

Server

• Show full context in error log messages (#13029)

Bug fixes

• [pep8-naming] Don't flag from imports following conventional import names (N817) (#12946)
• [pylint] - Allow __new__ methods to have cls as their first argument even if decorated with @staticmethod for bad-staticmethod-argument (PLW0211) (#12958)

Documentation

• Add hyperfine installation instructions; update hyperfine code samples (#13034)
• Expand note to use Ruff with other language server in Kate (#12806)
• Update example for PT001 as per the new default behavior (#13019)
• [perflint] Improve docs for try-except-in-loop (PERF203) (#12947)
• [pydocstyle] Add reference to lint.pydocstyle.ignore-decorators setting to rule docs (#12996)

Contributors

• @​AlexWaygood
• @​FinchPowers
• @​InSyncWithFoo
• @​MichaReiser
• @​Skylion007
• @​TomerBin
• @​carljm
• @​charliermarsh
• @​dhruvmanila
• @​diceroll123
• @​dsal3389
• @​dylwil3
• @​kbaskett248
• @​lengau

... (truncated)

Changelog

Sourced from ruff's changelog.

0.6.2

Preview features

• [flake8-simplify] Extend open-file-with-context-handler to work with other standard-library IO modules (SIM115) (#12959)
• [ruff] Avoid unused-async for functions with FastAPI route decorator (RUF029) (#12938)
• [ruff] Ignore fstring-missing-syntax (RUF027) for fastAPI paths (#12939)
• [ruff] Implement check for Decimal called with a float literal (RUF032) (#12909)

Rule changes

• [flake8-bugbear] Update diagnostic message when expression is at the end of function (B015) (#12944)
• [flake8-pyi] Skip type annotations in string-or-bytes-too-long (PYI053) (#13002)
• [flake8-type-checking] Always recognise relative imports as first-party (#12994)
• [flake8-unused-arguments] Ignore unused arguments on stub functions (ARG001) (#12966)
• [pylint] Ignore augmented assignment for self-cls-assignment (PLW0642) (#12957)

Server

• Show full context in error log messages (#13029)

Bug fixes

• [pep8-naming] Don't flag from imports following conventional import names (N817) (#12946)
• [pylint] - Allow __new__ methods to have cls as their first argument even if decorated with @staticmethod for bad-staticmethod-argument (PLW0211) (#12958)

Documentation

• Add hyperfine installation instructions; update hyperfine code samples (#13034)
• Expand note to use Ruff with other language server in Kate (#12806)
• Update example for PT001 as per the new default behavior (#13019)
• [perflint] Improve docs for try-except-in-loop (PERF203) (#12947)
• [pydocstyle] Add reference to lint.pydocstyle.ignore-decorators setting to rule docs (#12996)

Commits

• 02c4373 Bump version to 0.6.2 (#13056)
• d37e2e5 [flake8-simplify] Extend open-file-with-context-handler to work with other ...
• d1d0678 [red-knot] Remove notebook support from the server (#13040)
• 93f9023 Add hyperfine installation instructions; update hyperfine code samples (#...
• 8144a11 [red-knot] Add definition for with items (#12920)
• dce87c2 Eagerly validate typeshed versions (#12786)
• f873d2a Revert "Use the system allocator for codspeed benchmarks" (#13035)
• ecd9e6a [red-knot] Improve the unresolved-import check (#13007)
• 785c399 Use ZIP file size metadata to allocate string (#13032)
• a35cdbb Fix various panicks when linting black/src (#13033)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[github-actions[bot]]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ❌ 1 package(s) with incompatible licenses
• ❌ 1 package(s) with invalid SPDX license definitions
• ✅ 0 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 63a291c97ed55273619679336ff3f1dd29bcd4ed.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

poetry.lock

Package	Version	License	Issue Type
idna	3.8	BSD-2-Clause AND BSD-3-Clause	Incompatible License
mypy	1.11.2	MIT AND NOASSERTION AND Python-2.0	Invalid SPDX License

Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-or-later, ISC, LGPL-2.0-only, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, MIT, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-DFS-2016, Unlicense

OpenSSF Scorecard

Package	Version	Score	Details
pip/idna	3.8	:green_circle: 7.1	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 6 out of 6 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :warning: 1 Found 2/14 approved changesets -- score normalized to 1 Contributors :green_circle: 10 project has 41 contributing companies or organizations Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :warning: 0 no update tool detected Fuzzing :green_circle: 10 project is fuzzed License :green_circle: 10 license file detected Maintained :green_circle: 10 23 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Packaging :green_circle: 10 packaging workflow detected Pinned-Dependencies :green_circle: 4 dependency not pinned by hash detected -- score normalized to 4 SAST :green_circle: 7 SAST tool is not run on all commits -- score normalized to 7 Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: 0 Project has not signed or included provenance with any releases. Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected
pip/importlib-metadata	8.4.0	:green_circle: 6.4	Details Check Score Reason Code-Review :warning: 0 Found 1/25 approved changesets -- score normalized to 0 Maintained :green_circle: 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Security-Policy :green_circle: 10 security policy file detected Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts :green_circle: 8 binaries present in source code Branch-Protection :warning: 0 branch protection not enabled on development/release branches Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Fuzzing :green_circle: 10 project is fuzzed SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/mypy	1.11.2	:green_circle: 5.4	Details Check Score Reason Code-Review :green_circle: 6 Found 18/28 approved changesets -- score normalized to 6 Maintained :green_circle: 10 30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Signed-Releases :warning: -1 no releases found License :green_circle: 9 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Fuzzing :warning: 0 project is not fuzzed Security-Policy :warning: 0 security policy file not detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected
pip/ruff	0.6.2	Unknown	Unknown

Scanned Manifest Files

poetry.lock

• idna@3.8
• importlib-metadata@8.4.0
• mypy@1.11.2
• ruff@0.6.2
• idna@3.7
• importlib-metadata@8.2.0
• mypy@1.11.1
• ruff@0.6.1

[github-actions[bot]]

Conventional Commits Report

Type	Number
Dependencies	1

:rocket: Conventional commits found.