Skip to content

build(deps): bump the pip group across 1 directory with 5 updates #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

build(deps): bump the pip group across 1 directory with 5 updates #10

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Dec 16, 2024
edited
Loading

Bumps the pip group with 5 updates in the / directory:

Package From To
mypy 1.11.2 1.13.0
ruff 0.6.9 0.8.3
bandit 1.7.10 1.8.0
semgrep 1.90.0 1.100.0
pre-commit 4.0.0 4.0.1

Updates mypy from 1.11.2 to 1.13.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next release

Change to enum membership semantics

As per the updated typing specification for enums, enum members must be left unannotated.

class Pet(Enum):
    CAT = 1  # Member attribute
    DOG = 2  # Member attribute
    WOLF: int = 3  # New error: Enum members must be left unannotated
species: str  # Considered a non-member attribute

In particular, the specification change can result in issues in type stubs (.pyi files), since historically it was common to leave the value absent:

# In a type stub (.pyi file)
class Pet(Enum):
# Change in semantics: previously considered members, now non-member attributes
CAT: int
DOG: int
# Mypy will now issue a warning if it detects this situation in type stubs:
# > Detected enum "Pet" in a type stub with zero members.
# > There is a chance this is due to a recent change in the semantics of enum membership.
# > If so, use `member = value` to mark an enum member, instead of `member: type`

class Pet(Enum):
# As per the specification, you should now do one of the following:
DOG = 1  # Member attribute with value 1 and known type
WOLF = cast(int, ...)  # Member attribute with unknown value but known type
LION = ...  # Member attribute with unknown value and unknown type

Contributed by Terence Honles in PR 17207 and Shantanu Jain in PR 18068.

Mypy 1.13

We’ve just uploaded mypy 1.13 to the Python Package Index (PyPI). Mypy is a static type checker for Python. You can install it as follows:

python3 -m pip install -U mypy

... (truncated)

Commits

Updates ruff from 0.6.9 to 0.8.3

Release notes

Sourced from ruff's releases.

0.8.3

Release Notes

Preview features

  • Fix fstring formatting removing overlong implicit concatenated string in expression part (#14811)
  • [airflow] Add fix to remove deprecated keyword arguments (AIR302) (#14887)
  • [airflow]: Extend rule to include deprecated names for Airflow 3.0 (AIR302) (#14765 and #14804)
  • [flake8-bugbear] Improve error messages for except* (B025, B029, B030, B904) (#14815)
  • [flake8-bugbear] itertools.batched() without explicit strict (B911) (#14408)
  • [flake8-use-pathlib] Dotless suffix passed to Path.with_suffix() (PTH210) (#14779)
  • [pylint] Include parentheses and multiple comparators in check for boolean-chained-comparison (PLR1716) (#14781)
  • [ruff] Do not simplify round() calls (RUF046) (#14832)
  • [ruff] Don't emit used-dummy-variable on function parameters (RUF052) (#14818)
  • [ruff] Implement if-key-in-dict-del (RUF051) (#14553)
  • [ruff] Mark autofix for RUF052 as always unsafe (#14824)
  • [ruff] Teach autofix for used-dummy-variable about TypeVars etc. (RUF052) (#14819)

Rule changes

  • [flake8-bugbear] Offer unsafe autofix for no-explicit-stacklevel (B028) (#14829)
  • [flake8-pyi] Skip all type definitions in string-or-bytes-too-long (PYI053) (#14797)
  • [pyupgrade] Do not report when a UTF-8 comment is followed by a non-UTF-8 one (UP009) (#14728)
  • [pyupgrade] Mark fixes for convert-typed-dict-functional-to-class and convert-named-tuple-functional-to-class as unsafe if they will remove comments (UP013, UP014) (#14842)

Bug fixes

  • Raise syntax error for mixing except and except* (#14895)
  • [flake8-bugbear] Fix B028 to allow stacklevel to be explicitly assigned as a positional argument (#14868)
  • [flake8-bugbear] Skip B028 if warnings.warn is called with *args or **kwargs (#14870)
  • [flake8-comprehensions] Skip iterables with named expressions in unnecessary-map (C417) (#14827)
  • [flake8-pyi] Also remove self and cls's annotation (PYI034) (#14801)
  • [flake8-pytest-style] Fix pytest-parametrize-names-wrong-type (PT006) to edit both argnames and argvalues if both of them are single-element tuples/lists (#14699)
  • [perflint] Improve autofix for PERF401 (#14369)
  • [pylint] Fix PLW1508 false positive for default string created via a mult operation (#14841)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.8.3

Preview features

  • Fix fstring formatting removing overlong implicit concatenated string in expression part (#14811)
  • [airflow] Add fix to remove deprecated keyword arguments (AIR302) (#14887)
  • [airflow]: Extend rule to include deprecated names for Airflow 3.0 (AIR302) (#14765 and #14804)
  • [flake8-bugbear] Improve error messages for except* (B025, B029, B030, B904) (#14815)
  • [flake8-bugbear] itertools.batched() without explicit strict (B911) (#14408)
  • [flake8-use-pathlib] Dotless suffix passed to Path.with_suffix() (PTH210) (#14779)
  • [pylint] Include parentheses and multiple comparators in check for boolean-chained-comparison (PLR1716) (#14781)
  • [ruff] Do not simplify round() calls (RUF046) (#14832)
  • [ruff] Don't emit used-dummy-variable on function parameters (RUF052) (#14818)
  • [ruff] Implement if-key-in-dict-del (RUF051) (#14553)
  • [ruff] Mark autofix for RUF052 as always unsafe (#14824)
  • [ruff] Teach autofix for used-dummy-variable about TypeVars etc. (RUF052) (#14819)

Rule changes

  • [flake8-bugbear] Offer unsafe autofix for no-explicit-stacklevel (B028) (#14829)
  • [flake8-pyi] Skip all type definitions in string-or-bytes-too-long (PYI053) (#14797)
  • [pyupgrade] Do not report when a UTF-8 comment is followed by a non-UTF-8 one (UP009) (#14728)
  • [pyupgrade] Mark fixes for convert-typed-dict-functional-to-class and convert-named-tuple-functional-to-class as unsafe if they will remove comments (UP013, UP014) (#14842)

Bug fixes

  • Raise syntax error for mixing except and except* (#14895)
  • [flake8-bugbear] Fix B028 to allow stacklevel to be explicitly assigned as a positional argument (#14868)
  • [flake8-bugbear] Skip B028 if warnings.warn is called with *args or **kwargs (#14870)
  • [flake8-comprehensions] Skip iterables with named expressions in unnecessary-map (C417) (#14827)
  • [flake8-pyi] Also remove self and cls's annotation (PYI034) (#14801)
  • [flake8-pytest-style] Fix pytest-parametrize-names-wrong-type (PT006) to edit both argnames and argvalues if both of them are single-element tuples/lists (#14699)
  • [perflint] Improve autofix for PERF401 (#14369)
  • [pylint] Fix PLW1508 false positive for default string created via a mult operation (#14841)

0.8.2

Preview features

  • [airflow] Avoid deprecated values (AIR302) (#14582)
  • [airflow] Extend removed names for AIR302 (#14734)
  • [ruff] Extend unnecessary-regular-expression to non-literal strings (RUF055) (#14679)
  • [ruff] Implement used-dummy-variable (RUF052) (#14611)
  • [ruff] Implement unnecessary-cast-to-int (RUF046) (#14697)

Rule changes

  • [airflow] Check AIR001 from builtin or providers operators module (#14631)
  • [flake8-pytest-style] Remove @ in pytest.mark.parametrize rule messages (#14770)
  • [pandas-vet] Skip rules if the panda module hasn't been seen (#14671)

... (truncated)

Commits

Updates bandit from 1.7.10 to 1.8.0

Release notes

Sourced from bandit's releases.

1.8.0

What's Changed

Full Changelog: PyCQA/bandit@1.7.10...1.8.0

Commits

Updates semgrep from 1.90.0 to 1.100.0

Release notes

Sourced from semgrep's releases.

Release v1.100.0

1.100.0 - 2024-12-12

Added

  • Pro engine now correctly distinguishes overloaded Scala methods based on their arity and parameter types, e.g., foo(x: Int, y: String) vs. foo(x: String, y: Int). (code-7870)

Changed

  • The minimum Python version for semgrep is now 3.9. We are dropping support for Python 3.8 (python)

Fixed

  • pro: Fixed a bug in interprocedural index-sensitive taint analysis that caused false negatives when a function updated an arbitrary index, e.g.:

    var x = {};

    function foo(k) {
x[k] = source();
}
    

    function test(k) {
foo(k);
sink(x); // finding here!
} (CODE-7838)

  • Fixed bug affecting taint tracking through static fields when mixing accesses using the class name and using an instance object, e.g.:

    class C {
    static String s;
}

    ...
    

        C o = new C();
    C.s = taint;
    sink(o.s); // finding ! (CODE-7871)

  • No more RPC error when using --sarif with some join-mode rules. Moreover, regular rules without the 'languages:' field will be skipped instead of aborting the whole scan. (gh-10723)

... (truncated)

Changelog

Sourced from semgrep's changelog.

1.100.0 - 2024-12-12

Added

  • Pro engine now correctly distinguishes overloaded Scala methods based on their arity and parameter types, e.g., foo(x: Int, y: String) vs. foo(x: String, y: Int). (code-7870)

Changed

  • The minimum Python version for semgrep is now 3.9. We are dropping support for Python 3.8 (python)

Fixed

  • pro: Fixed a bug in interprocedural index-sensitive taint analysis that caused false negatives when a function updated an arbitrary index, e.g.:

    var x = {};

    function foo(k) {
x[k] = source();
}
    

    function test(k) {
foo(k);
sink(x); // finding here!
} (CODE-7838)

  • Fixed bug affecting taint tracking through static fields when mixing accesses using the class name and using an instance object, e.g.:

    class C {
    static String s;
}

    ...
    

        C o = new C();
    C.s = taint;
    sink(o.s); // finding ! (CODE-7871)

  • No more RPC error when using --sarif with some join-mode rules. Moreover, regular rules without the 'languages:' field will be skipped instead of aborting the whole scan. (gh-10723)

... (truncated)

Commits
  • 2a5266d chore: release version 1.100.0
  • f598c5dsemgrep/semgrep-proprietary#2786
  • e8219f9 chore: Remove check-builtin-literals pre-commit from OSS (semgrep/semgrep-pro...
  • 28b6672semgrep/semgrep-proprietary#2773
  • 8da1b56semgrep/semgrep-proprietary#2778
  • 77cd7a6 Fix osemgrep target selection bugs for reg file and symlinks on the command l...
  • 0dc9518 Add format_context to SARIF RPC and gate some fields (semgrep/semgrep-proprie...
  • 75361cbsemgrep/semgrep-proprietary#2605
  • dd81e79semgrep/semgrep-proprietary#2763
  • 47faae9semgrep/semgrep-proprietary#2762
  • Additional commits viewable in compare view

Updates pre-commit from 4.0.0 to 4.0.1

Release notes

Sourced from pre-commit's releases.

pre-commit v4.0.1

Fixes

Changelog

Sourced from pre-commit's changelog.

4.0.1 - 2024-10-08

Fixes

Commits
  • cc4a522 v4.0.1
  • 772d7d4 Merge pull request #3324 from pre-commit/migrate-config-purelib
  • 222c62b fix migrate-config for purelib yaml
  • 3d5548b Merge pull request #3323 from pre-commit/pre-commit-ci-update-config
  • 4235a87 [pre-commit.ci] pre-commit autoupdate
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the pip group across 1 directory with 5 updates
5400a85 
Bumps the pip group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [mypy](https://github.com/python/mypy) | `1.11.2` | `1.13.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.6.9` | `0.8.3` |
| [bandit](https://github.com/PyCQA/bandit) | `1.7.10` | `1.8.0` |
| [semgrep](https://github.com/returntocorp/semgrep) | `1.90.0` | `1.100.0` |
| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.0.0` | `4.0.1` |



Updates `mypy` from 1.11.2 to 1.13.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v1.11.2...v1.13.0)

Updates `ruff` from 0.6.9 to 0.8.3
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.6.9...0.8.3)

Updates `bandit` from 1.7.10 to 1.8.0
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](PyCQA/bandit@1.7.10...1.8.0)

Updates `semgrep` from 1.90.0 to 1.100.0
- [Release notes](https://github.com/returntocorp/semgrep/releases)
- [Changelog](https://github.com/semgrep/semgrep/blob/develop/CHANGELOG.md)
- [Commits](semgrep/semgrep@v1.90.0...v1.100.0)

Updates `pre-commit` from 4.0.0 to 4.0.1
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md)
- [Commits](pre-commit/pre-commit@v4.0.0...v4.0.1)

---
updated-dependencies:
- dependency-name: mypy
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip
- dependency-name: bandit
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip
- dependency-name: semgrep
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip
- dependency-name: pre-commit
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Dec 16, 2024
@dependabot dependabot bot mentioned this pull request Dec 16, 2024
Closed
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Dec 23, 2024

Superseded by #11.

@dependabot dependabot bot closed this Dec 23, 2024
@dependabot dependabot bot deleted the dependabot/pip/pip-950d8073c2 branch December 23, 2024 20:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants