Deps: Bump the python-packages group across 1 directory with 4 updates

[dependabot]

Bumps the python-packages group with 4 updates in the / directory: certifi, importlib-metadata, mypy and ruff.

Updates certifi from 2024.6.2 to 2024.7.4

Commits

• bd81538 2024.07.04 (#295)
• 06a2cbf Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)
• 13bba02 Bump actions/checkout from 4.1.6 to 4.1.7 (#293)
• e8abcd0 Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)
• See full diff in compare view

Updates importlib-metadata from 7.2.1 to 8.0.0

Changelog

Sourced from importlib-metadata's changelog.

v8.0.0

Deprecations and Removals

• Message.getitem now raises a KeyError on missing keys. (#371)
• Removed deprecated support for Distribution subclasses not implementing abstract methods.

Commits

• f390168 Finalize
• c3bae1e Merge pull request #491 from python/debt/remove-legacy
• a970a49 Message.getitem now raises a KeyError on missing keys.
• 32c14aa Removed deprecated support for Distribution subclasses not implementing abstr...
• See full diff in compare view

Updates mypy from 1.10.0 to 1.10.1

Changelog

Sourced from mypy's changelog.

Mypy 1.10.1

• Fix error reporting on cached run after uninstallation of third party library (Shantanu, PR 17420)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

• Alex Waygood
• Ali Hamdan
• Edward Paget
• Evgeniy Slobodkin
• Hashem
• hesam
• Hugo van Kemenade
• Ihor
• James Braza
• Jelle Zijlstra
• jhance
• Jukka Lehtosalo
• Loïc Simon
• Marc Mueller
• Matthieu Devlin
• Michael R. Crusoe
• Nikita Sobolev
• Oskari Lehto
• Riccardo Di Maio
• Richard Si
• roberfi
• Roman Solomatin
• Sam Xifaras
• Shantanu
• Spencer Brown
• Srinivas Lade
• Tamir Duberstein
• youkaichao

I’d also like to thank my employer, Dropbox, for supporting mypy development.

Mypy 1.9

We’ve just uploaded mypy 1.9 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Breaking Changes

Because the version of typeshed we use in mypy 1.9 doesn't support 3.7, neither does mypy 1.9. (Jared Hance, PR 16883)

... (truncated)

Commits

• c28b525 [1.10 backport] Fix error reporting on cached run after uninstallation of thi...
• See full diff in compare view

Updates ruff from 0.4.10 to 0.5.1

Release notes

Sourced from ruff's releases.

0.5.1

Release Notes

Preview features

• [flake8-bugbear] Implement mutable-contextvar-default (B039) (#12113)
• [pycodestyle] Whitespace after decorator (E204) (#12140)
• [pytest] Reverse PT001 and PT0023 defaults (#12106)

Rule changes

• Enable token-based rules on source with syntax errors (#11950)
• [flake8-bandit] Detect httpx for S113 (#12174)
• [numpy] Update NPY201 to include exception deprecations (#12065)
• [pylint] Generate autofix for duplicate-bases (PLE0241) (#12105)

Server

• Avoid syntax error notification for source code actions (#12148)
• Consider the content of the new cells during notebook sync (#12203)
• Fix replacement edit range computation (#12171)

Bug fixes

• Disable auto-fix when source has syntax errors (#12134)
• Fix cache key collisions for paths with separators (#12159)
• Make requires-python inference robust to == (#12091)
• Use char-wise width instead of str-width (#12135)
• [pycodestyle] Avoid E275 if keyword followed by comma (#12136)
• [pycodestyle] Avoid E275 if keyword is followed by a semicolon (#12095)
• [pylint] Skip dummy variables for PLR1704 (#12190)

Performance

• Remove allocation in parse_identifier (#12103)
• Use CompactString for Identifier AST node (#12101)

Contributors

• @​AlexWaygood
• @​MichaReiser
• @​Peiffap
• @​ThomasFaivre
• @​bersace
• @​charliermarsh
• @​dhruvmanila
• @​github-actions
• @​jkauerl
• @​mkniewallner
• @​mtsokol
• @​renovate

... (truncated)

Changelog

Sourced from ruff's changelog.

0.5.1

Preview features

• [flake8-bugbear] Implement mutable-contextvar-default (B039) (#12113)
• [pycodestyle] Whitespace after decorator (E204) (#12140)
• [pytest] Reverse PT001 and PT0023 defaults (#12106)

Rule changes

• Enable token-based rules on source with syntax errors (#11950)
• [flake8-bandit] Detect httpx for S113 (#12174)
• [numpy] Update NPY201 to include exception deprecations (#12065)
• [pylint] Generate autofix for duplicate-bases (PLE0241) (#12105)

Server

• Avoid syntax error notification for source code actions (#12148)
• Consider the content of the new cells during notebook sync (#12203)
• Fix replacement edit range computation (#12171)

Bug fixes

• Disable auto-fix when source has syntax errors (#12134)
• Fix cache key collisions for paths with separators (#12159)
• Make requires-python inference robust to == (#12091)
• Use char-wise width instead of str-width (#12135)
• [pycodestyle] Avoid E275 if keyword followed by comma (#12136)
• [pycodestyle] Avoid E275 if keyword is followed by a semicolon (#12095)
• [pylint] Skip dummy variables for PLR1704 (#12190)

Performance

• Remove allocation in parse_identifier (#12103)
• Use CompactString for Identifier AST node (#12101)

0.5.0

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

See also, the "Remapped rules" section which may result in disabled rules.

• Follow the XDG specification to discover user-level configurations on macOS (same as on other Unix platforms)
• Selecting ALL now excludes deprecated rules
• The released archives now include an extra level of nesting, which can be removed with --strip-components=1 when untarring.
• The release artifact's file name no longer includes the version tag. This enables users to install via /latest URLs on GitHub.
• The diagnostic ranges for some flake8-bandit rules were modified (#10667).

... (truncated)

Commits

• 3a72400 Rename publish workflow file extension (yaml -> yml) (#12206)
• 1b3bff0 Bump version to 0.5.1 (#12205)
• 0f6f73e [red-knot] Require that FileSystem objects implement Debug (#12204)
• 7910bee Consider the content of the new cells during notebook sync (#12203)
• f3ccd15 Revert "Remove --preview as a required argument for ruff server (#12053)"...
• 1e07bfa [pycodestyle] Whitespace after decorator (E204) (#12140)
• 5e7ba05 docs(*): fix a few typos, consistency issues and links (#12193)
• d12570e docs(options): fix some typos and improve consistency (#12191)
• 2f3264e fix(rules): skip dummy variables for PLR1704 (#12190)
• e2e0889 [red-knot] Add very basic benchmark (#12182)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA ca8ad89.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package	Version	Score	Details
pip/certifi	2024.6.2	🟢 7	Details Check Score Reason Code-Review 🟢 3 Found 1/3 approved changesets -- score normalized to 3 Maintained 🟢 10 13 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/certifi	2024.7.4	🟢 7	Details Check Score Reason Code-Review 🟢 3 Found 1/3 approved changesets -- score normalized to 3 Maintained 🟢 10 13 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/importlib-metadata	8.0.0	🟢 6.4	Details Check Score Reason Code-Review ⚠️ 0 Found 1/21 approved changesets -- score normalized to 0 Maintained 🟢 10 28 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 8 binaries present in source code Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/mypy	1.10.1	🟢 5.6	Details Check Score Reason Code-Review 🟢 8 Found 24/29 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/ruff	0.5.1	Unknown	Unknown
pip/importlib-metadata	7.2.1	🟢 6.4	Details Check Score Reason Code-Review ⚠️ 0 Found 1/21 approved changesets -- score normalized to 0 Maintained 🟢 10 28 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 8 binaries present in source code Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/mypy	1.10.0	🟢 5.6	Details Check Score Reason Code-Review 🟢 8 Found 24/29 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/ruff	0.4.10	Unknown	Unknown

Scanned Manifest Files

poetry.lock

• certifi@2024.6.2
• certifi@2024.7.4
• importlib-metadata@8.0.0
• mypy@1.10.1
• ruff@0.5.1
• importlib-metadata@7.2.1
• mypy@1.10.0
• ruff@0.4.10

[github-actions]

Conventional Commits Report

Type	Number
Dependencies	1

🚀 Conventional commits found.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.