Deps: Bump the python-packages group across 1 directory with 7 updates

[dependabot]

Bumps the python-packages group with 7 updates in the / directory:

Package	From	To
coverage	7.6.3	7.6.4
anyio	4.6.2	4.6.2.post1
cryptography	43.0.1	43.0.3
markupsafe	3.0.1	3.0.2
mypy	1.11.2	1.13.0
rich	13.9.2	13.9.3
ruff	0.6.9	0.7.1

Updates coverage from 7.6.3 to 7.6.4

Changelog

Sourced from coverage's changelog.

Version 7.6.4 — 2024-10-20

• fix: multi-line with statements could cause contained branches to be incorrectly marked as missing (issue 1880_). This is now fixed.

.. _issue 1880: nedbat/coveragepy#1880

.. _changes_7-6-3:

Commits

• f24f76b docs: sample HTML for 7.6.4
• 96e10f7 docs: prep for 7.6.4
• b8c236a fix: multi-line with-statements exit correctly. #1880
• 64b7a45 docs: another discord reference
• 68d7427 docs: Python Discord
• 43adcea build: include 3.14 in the usual Pythons
• fb2b49f build: github_releases can update older releases, and pauses to get the sorti...
• ca550ca 3.0b2 wasn't correctly titled
• debcc77 build: bump version
• See full diff in compare view

Updates anyio from 4.6.2 to 4.6.2.post1

Commits

• See full diff in compare view

Updates cryptography from 43.0.1 to 43.0.3

Changelog

Sourced from cryptography's changelog.

43.0.3 - 2024-10-18

* Fixed release metadata for ``cryptography-vectors``
.. _v43-0-2:
43.0.2 - 2024-10-18

• Fixed compilation when using LibreSSL 4.0.0.

.. _v43-0-1:

Commits

• c2afb4f Backport metadata fix for vectors (#11797)
• 9a3cdb5 43.0.2 release: fix libressl 4.0.0 (#11796)
• See full diff in compare view

Updates markupsafe from 3.0.1 to 3.0.2

Release notes

Sourced from markupsafe's releases.

3.0.2

This is the MarkupSafe 3.0.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/MarkupSafe/3.0.2/ Changes: https://markupsafe.palletsprojects.com/en/stable/changes/#version-3-0-2 Milestone: https://github.com/pallets/markupsafe/milestone/14?closed=1

• Fix compatibility when __str__ returns a str subclass. #472
• Build requires setuptools >= 70.1. #475

Changelog

Sourced from markupsafe's changelog.

Version 3.0.2

Released 2024-10-18

• Fix compatibility when __str__ returns a str subclass. :issue:472
• Build requires setuptools >= 70.1. :issue:475

Commits

• 28ace20 release version 3.0.2
• 6b51fd8 build requires at least setuptools 70.1 (#478)
• 99dda9f build requires at least setuptools 70.1
• 3d8fd8c fix version
• 1933c4b fix version
• e85aff4 relax speedups str check (#477)
• 8cb1691 relax speedups str check
• 4dafb7c start version 3.1.0
• 9c44ecf update docs build
• 275c769 Merge branch '2.1.x' into 3.0.x
• Additional commits viewable in compare view

Updates mypy from 1.11.2 to 1.13.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next release

Mypy 1.13

We’ve just uploaded mypy 1.13 to the Python Package Index (PyPI). Mypy is a static type checker for Python. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Note that unlike typical releases, Mypy 1.13 does not have any changes to type checking semantics from 1.12.1.

Improved performance

Mypy 1.13 contains several performance improvements. Users can expect mypy to be 5-20% faster. In environments with long search paths (such as environments using many editable installs), mypy can be significantly faster, e.g. 2.2x faster in the use case targeted by these improvements.

Mypy 1.13 allows use of the orjson library for handling the cache instead of the stdlib json, for improved performance. You can ensure the presence of orjson using the faster-cache extra:

python3 -m pip install -U mypy[faster-cache]

Mypy may depend on orjson by default in the future.

These improvements were contributed by Shantanu.

List of changes:

• Significantly speed up file handling error paths (Shantanu, PR 17920)
• Use fast path in modulefinder more often (Shantanu, PR 17950)
• Let mypyc optimise os.path.join (Shantanu, PR 17949)
• Make is_sub_path faster (Shantanu, PR 17962)
• Speed up stubs suggestions (Shantanu, PR 17965)
• Use sha1 for hashing (Shantanu, PR 17953)
• Use orjson instead of json, when available (Shantanu, PR 17955)
• Add faster-cache extra, test in CI (Shantanu, PR 17978)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

• Shantanu Jain
• Jukka Lehtosalo

Mypy 1.12

We’ve just uploaded mypy 1.12 to the Python Package Index (PyPI). Mypy is a static type

... (truncated)

Commits

• eb31034 Bump version to 1.13.0
• 2eeb588 Update changelog for 1.12.1 (#17999)
• bc0386b Changelog for 1.13 (#18000)
• 5c4d2db Add faster-cache extra, test in CI (#17978)
• 854ad18 Make is_sub_path faster (#17962)
• 50aa4ca Speed up stubs suggestions (#17965)
• 7c27808 Use orjson instead of json, when available (#17955)
• 2cd2406 Use fast path in modulefinder more often (#17950)
• e20aaee Let mypyc optimise os.path.join (#17949)
• 159974c Use sha1 for hashing (#17953)
• Additional commits viewable in compare view

Updates rich from 13.9.2 to 13.9.3

Release notes

Sourced from rich's releases.

The irregular expression release

Fix a broken regex that resulted in the slow path being chosen for some operations. This fix should result in notable speedups for some operations, such as wrapping text.

[13.9.3] - 2024-10-22

Fixed

• Fixed broken regex that may have resulted in poor performance. Textualize/rich#3535

Changelog

Sourced from rich's changelog.

[13.9.3] - 2024-10-22

Fixed

• Fixed broken regex that may have resulted in poor performance. Textualize/rich#3535

Commits

• afcc5c5 Merge pull request #3535 from Textualize/regex-error
• 60f3b61 changelog
• 04db8c2 update regex
• b93d3b6 test single cell widths
• be42f1b test and added box drawing characters
• ad6b886 version bump
• db2e3e8 assert cut
• 68e1b63 fix regex
• See full diff in compare view

Updates ruff from 0.6.9 to 0.7.1

Release notes

Sourced from ruff's releases.

0.7.1

Release Notes

Preview features

• Fix E221 and E222 to flag missing or extra whitespace around == operator (#13890)
• Formatter: Alternate quotes for strings inside f-strings in preview (#13860)
• Formatter: Join implicit concatenated strings when they fit on a line (#13663)
• [pylint] Restrict iteration-over-set to only work on sets of literals (PLC0208) (#13731)

Rule changes

• [flake8-type-checking] Support auto-quoting when annotations contain quotes (#11811)

Server

• Avoid indexing the workspace for single-file mode (#13770)

Bug fixes

• Make ARG002 compatible with EM101 when raising NotImplementedError (#13714)

Other changes

• Introduce more Docker tags for Ruff (similar to uv) (#13274)

Contributors

• @​Aditya-PS-05
• @​AlexWaygood
• @​Glyphack
• @​Lexxxzy
• @​MichaReiser
• @​TomerBin
• @​Watercycle
• @​cake-monotone
• @​carljm
• @​dhruvmanila
• @​diceroll123
• @​mihaic
• @​ndmitchell
• @​pilleye
• @​renovate
• @​rtpg
• @​samypr100
• @​sharkdp

Install ruff 0.7.1

Install prebuilt binaries via shell script

... (truncated)

Changelog

Sourced from ruff's changelog.

0.7.1

Preview features

• Fix E221 and E222 to flag missing or extra whitespace around == operator (#13890)
• Formatter: Alternate quotes for strings inside f-strings in preview (#13860)
• Formatter: Join implicit concatenated strings when they fit on a line (#13663)
• [pylint] Restrict iteration-over-set to only work on sets of literals (PLC0208) (#13731)

Rule changes

• [flake8-type-checking] Support auto-quoting when annotations contain quotes (#11811)

Server

• Avoid indexing the workspace for single-file mode (#13770)

Bug fixes

• Make ARG002 compatible with EM101 when raising NotImplementedError (#13714)

Other changes

• Introduce more Docker tags for Ruff (similar to uv) (#13274)

0.7.0

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

• The pytest rules PT001 and PT023 now default to omitting the decorator parentheses when there are no arguments (#12838, #13292). This was a change that we attempted to make in Ruff v0.6.0, but only partially made due to an error on our part. See the blog post for more details.
• The useless-try-except rule (in our tryceratops category) has been recoded from TRY302 to TRY203 (#13502). This ensures Ruff's code is consistent with the same rule in the tryceratops linter.
• The lint.allow-unused-imports setting has been removed (#13677). Use lint.pyflakes.allow-unused-imports instead.

Formatter preview style

• Normalize implicit concatenated f-string quotes per part (#13539)

Preview linter features

• [refurb] implement hardcoded-string-charset (FURB156) (#13530)
• [refurb] Count codepoints not bytes for slice-to-remove-prefix-or-suffix (FURB188) (#13631)

... (truncated)

Commits

• 337af83 Bump version to 0.7.1 (#13913)
• 113ce84 Fix normalize arguments when fstring_formatting is disabled (#13910)
• 7272f83 Fix preview style name in can_omit_parentheses to is_f_string_formatting_en...
• 3eb4546 [red-knot] Format mdtest Python snippets more concisely (#13905)
• 77ae0cc [red-knot] Infer subscript expression types for bytes literals (#13901)
• 73ee72b Join implicit concatenated strings when they fit on a line (#13663)
• e402e27 Use referencial equality in traversal helper methods (#13895)
• de4181d Remove "default" remark from ruff check (#13900)
• 2c57c2d [red-knot] Type narrowing for isinstance checks (#13894)
• 72c18c8 Fix E221 and E222 to flag missing or extra whitespace around == operator (#...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ❌ 1 package(s) with incompatible licenses
• ❌ 1 package(s) with invalid SPDX license definitions
• ✅ 0 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 12f3290.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

poetry.lock

Package	Version	License	Issue Type
markupsafe	3.0.2	BSD-2-Clause AND BSD-3-Clause	Incompatible License
mypy	1.13.0	MIT AND NOASSERTION AND Python-2.0	Invalid SPDX License

Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-or-later, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, MIT, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-DFS-2016, Unlicense

OpenSSF Scorecard

Package	Version	Score	Details
pip/anyio	4.6.2.post1	🟢 5.5	Details Check Score Reason Code-Review 🟢 4 Found 11/24 approved changesets -- score normalized to 4 Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/coverage	7.6.4	🟢 8.5	Details Check Score Reason Code-Review ⚠️ 0 Found 1/29 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits
pip/cryptography	43.0.3	🟢 8.2	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Fuzzing 🟢 10 project is fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Packaging 🟢 10 packaging workflow detected Vulnerabilities 🟢 7 3 existing vulnerabilities detected
pip/markupsafe	3.0.2	🟢 6.7	Details Check Score Reason Code-Review ⚠️ 0 Found 0/24 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Signed-Releases 🟢 10 5 out of the last 5 releases have a total of 5 signed artifacts. Packaging 🟢 10 packaging workflow detected Security-Policy 🟢 9 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/mypy	1.13.0	🟢 6.2	Details Check Score Reason Code-Review 🟢 7 Found 21/28 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/rich	13.9.3	🟢 7.4	Details Check Score Reason Code-Review 🟢 5 Found 5/9 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected SAST 🟢 10 SAST tool is run on all commits Fuzzing 🟢 10 project is fuzzed Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
pip/ruff	0.7.1	Unknown	Unknown

Scanned Manifest Files

poetry.lock

• anyio@4.6.2.post1
• coverage@7.6.4
• cryptography@43.0.3
• markupsafe@3.0.2
• mypy@1.13.0
• rich@13.9.3
• ruff@0.7.1
• anyio@4.6.2
• coverage@7.6.3
• cryptography@43.0.1
• markupsafe@3.0.1
• mypy@1.11.2
• rich@13.9.2
• ruff@0.6.9

[github-actions]

Conventional Commits Report

Type	Number
Dependencies	1

🚀 Conventional commits found.