Skip to content

Bump the python-packages group across 1 directory with 4 updates #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the python-packages group across 1 directory with 4 updates #4

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Sep 19, 2025
edited
Loading

Bumps the python-packages group with 4 updates in the / directory: nox, ruff, black and coverage.

Updates nox from 2025.2.9 to 2025.5.1

Release notes

Sourced from nox's releases.

2025.05.01 🌸

This is a bugfix release that primarily adds support for uv 0.7+. A few other small fixes were made.

We'd like to thank the following folks who contributed to this release:

Bugfixes:

Documentation:

Internal changes:

Changelog

Sourced from nox's changelog.

Changelog

2025.05.01

This is a bugfix release that primarily adds support for uv 0.7+. A few other small fixes were made.

We'd like to thank the following folks who contributed to this release:

Bugfixes:

Documentation:

Internal changes:

2025.02.09

This release improves PEP 723 support, including adding dependencies to the noxfile itself ("plugins"). It adds the long-awaited "requires" option, allowing sessions to require other sessions. And it brings further improvements to the pyproject.toml support, including helpers for dependency-groups and Python version lists.

We'd like to thank the following folks who contributed to this release:

... (truncated)

Commits
  • 2254a1e chore: bump version to 2025.05.01 (#960)
  • e0b5e33 fix: conda_install issue with newer conda (#957)
  • a58fe60 fix: support forcing Python on parametrized session (#958)
  • aa475d6 fix: add UV_PYTHON to disallowed vars (#959)
  • 1acbb4e chore: use PEP 639 license (#956)
  • 7219be7 chore(deps): bump astral-sh/setup-uv from 5 to 6 in the actions group (#952)
  • b943f95 fix: uv version is now uv self version, support UV (#955)
  • 1d52c8f Never ignore URL dependencies in PEP 723 noxfiles (#935)
  • 4e7f644 feat: show skip reason by default (#941)
  • 70df6ab fix: use Python 3.12 for action, allow 3.13, drop 3.8 from auto versions (#946)
  • Additional commits viewable in compare view

Updates ruff from 0.11.6 to 0.13.1

Release notes

Sourced from ruff's releases.

0.13.1

Release Notes

Released on 2025-09-18.

Preview features

  • [flake8-simplify] Detect unnecessary None default for additional key expression types (SIM910) (#20343)
  • [flake8-use-pathlib] Add fix for PTH123 (#20169)
  • [flake8-use-pathlib] Fix PTH101, PTH104, PTH105, PTH121 fixes (#20143)
  • [flake8-use-pathlib] Make PTH111 fix unsafe because it can change behavior (#20215)
  • [pycodestyle] Fix E301 to only trigger for functions immediately within a class (#19768)
  • [refurb] Mark single-item-membership-test fix as always unsafe (FURB171) (#20279)

Bug fixes

  • Handle t-strings for token-based rules and suppression comments (#20357)
  • [flake8-bandit] Fix truthiness: dict-only ** displays not truthy for shell (S602, S604, S609) (#20177)
  • [flake8-simplify] Fix diagnostic to show correct method name for str.rsplit calls (SIM905) (#20459)
  • [flynt] Use triple quotes for joined raw strings with newlines (FLY002) (#20197)
  • [pyupgrade] Fix false positive when class name is shadowed by local variable (UP008) (#20427)
  • [pyupgrade] Prevent infinite loop with I002 and UP026 (#20327)
  • [ruff] Recognize t-strings, generators, and lambdas in invalid-index-type (RUF016) (#20213)

Rule changes

  • [RUF102] Respect rule redirects in invalid rule code detection (#20245)
  • [flake8-bugbear] Mark the fix for unreliable-callable-check as always unsafe (B004) (#20318)
  • [ruff] Allow dataclass attribute value instantiation from nested frozen dataclass (RUF009) (#20352)

CLI

  • Add fixes to output-format=sarif (#20300)
  • Treat panics as fatal diagnostics, sort panics last (#20258)

Documentation

  • [ruff] Add analyze.string-imports-min-dots to settings (#20375)
  • Update README.md with Albumentations new repository URL (#20415)

Other changes

  • Bump MSRV to Rust 1.88 (#20470)
  • Enable inline noqa for multiline strings in playground (#20442)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.13.1

Released on 2025-09-18.

Preview features

  • [flake8-simplify] Detect unnecessary None default for additional key expression types (SIM910) (#20343)
  • [flake8-use-pathlib] Add fix for PTH123 (#20169)
  • [flake8-use-pathlib] Fix PTH101, PTH104, PTH105, PTH121 fixes (#20143)
  • [flake8-use-pathlib] Make PTH111 fix unsafe because it can change behavior (#20215)
  • [pycodestyle] Fix E301 to only trigger for functions immediately within a class (#19768)
  • [refurb] Mark single-item-membership-test fix as always unsafe (FURB171) (#20279)

Bug fixes

  • Handle t-strings for token-based rules and suppression comments (#20357)
  • [flake8-bandit] Fix truthiness: dict-only ** displays not truthy for shell (S602, S604, S609) (#20177)
  • [flake8-simplify] Fix diagnostic to show correct method name for str.rsplit calls (SIM905) (#20459)
  • [flynt] Use triple quotes for joined raw strings with newlines (FLY002) (#20197)
  • [pyupgrade] Fix false positive when class name is shadowed by local variable (UP008) (#20427)
  • [pyupgrade] Prevent infinite loop with I002 and UP026 (#20327)
  • [ruff] Recognize t-strings, generators, and lambdas in invalid-index-type (RUF016) (#20213)

Rule changes

  • [RUF102] Respect rule redirects in invalid rule code detection (#20245)
  • [flake8-bugbear] Mark the fix for unreliable-callable-check as always unsafe (B004) (#20318)
  • [ruff] Allow dataclass attribute value instantiation from nested frozen dataclass (RUF009) (#20352)

CLI

  • Add fixes to output-format=sarif (#20300)
  • Treat panics as fatal diagnostics, sort panics last (#20258)

Documentation

  • [ruff] Add analyze.string-imports-min-dots to settings (#20375)
  • Update README.md with Albumentations new repository URL (#20415)

Other changes

  • Bump MSRV to Rust 1.88 (#20470)
  • Enable inline noqa for multiline strings in playground (#20442)

Contributors

... (truncated)

Commits
  • 706be0a Add pyproject.toml to rooster config version_files and bump to 0.13.1 (#2...
  • 7b40428 Bump 0.13.1 (#20473)
  • b9b5755 Upgrade to the latest rooster version and include contributors in CHANGELOG (...
  • b4b5d67 [flynt] Use triple quotes for joined raw strings with newlines (FLY002) (...
  • 0b60584 Bump MSRV to Rust 1.88 (#20470)
  • 821b2f8 [refurb] Mark single-item-membership-test fix as always unsafe (FURB171...
  • 1758f26 Update rust toolchain to 1.90 (#20469)
  • 2502ff7 [ty] Make TypeIs invariant in its type argument (#20428)
  • 144373f [flake8-use-pathlib] Fix PTH101, PTH104, PTH105, PTH121 fixes (#20143)
  • 91995aa [pyupgrade] Fix false positive when class name is shadowed by local variabl...
  • Additional commits viewable in compare view

Updates black from 25.1.0 to 25.9.0

Release notes

Sourced from black's releases.

25.9.0

Highlights

  • Remove support for pre-python 3.7 await/async as soft keywords/variable names (#4676)

Stable style

  • Fix crash while formatting a long del statement containing tuples (#4628)
  • Fix crash while formatting expressions using the walrus operator in complex with statements (#4630)
  • Handle # fmt: skip followed by a comment at the end of file (#4635)
  • Fix crash when a tuple appears in the as clause of a with statement (#4634)
  • Fix crash when tuple is used as a context manager inside a with statement (#4646)
  • Fix crash when formatting a \ followed by a \r followed by a comment (#4663)
  • Fix crash on a \\r\n (#4673)
  • Fix crash on await ... (where ... is a literal Ellipsis) (#4676)
  • Fix crash on parenthesized expression inside a type parameter bound (#4684)
  • Fix crash when using line ranges excluding indented single line decorated items (#4670)

Preview style

  • Fix a bug where one-liner functions/conditionals marked with # fmt: skip would still be formatted (#4552)
  • Improve multiline_string_handling with ternaries and dictionaries (#4657)
  • Fix a bug where string_processing would not split f-strings directly after expressions (#4680)
  • Wrap the in clause of comprehensions across lines if necessary (#4699)
  • Remove parentheses around multiple exception types in except and except* without as. (#4720)
  • Add \r style newlines to the potential newlines to normalize file newlines both from and to (#4710)

Parser

  • Rewrite tokenizer to improve performance and compliance (#4536)
  • Fix bug where certain unusual expressions (e.g., lambdas) were not accepted in type parameter bounds and defaults. (#4602)

Performance

  • Avoid using an extra process when running with only one worker (#4734)

Integrations

  • Fix the version check in the vim file to reject Python 3.8 (#4567)
  • Enhance GitHub Action psf/black to read Black version from an additional section in pyproject.toml: [project.dependency-groups] (#4606)
  • Build gallery docker image with python3-slim and reduce image size (#4686)

... (truncated)

Changelog

Sourced from black's changelog.

25.9.0

Highlights

  • Remove support for pre-python 3.7 await/async as soft keywords/variable names (#4676)

Stable style

  • Fix crash while formatting a long del statement containing tuples (#4628)
  • Fix crash while formatting expressions using the walrus operator in complex with statements (#4630)
  • Handle # fmt: skip followed by a comment at the end of file (#4635)
  • Fix crash when a tuple appears in the as clause of a with statement (#4634)
  • Fix crash when tuple is used as a context manager inside a with statement (#4646)
  • Fix crash when formatting a \ followed by a \r followed by a comment (#4663)
  • Fix crash on a \\r\n (#4673)
  • Fix crash on await ... (where ... is a literal Ellipsis) (#4676)
  • Fix crash on parenthesized expression inside a type parameter bound (#4684)
  • Fix crash when using line ranges excluding indented single line decorated items (#4670)

Preview style

  • Fix a bug where one-liner functions/conditionals marked with # fmt: skip would still be formatted (#4552)
  • Improve multiline_string_handling with ternaries and dictionaries (#4657)
  • Fix a bug where string_processing would not split f-strings directly after expressions (#4680)
  • Wrap the in clause of comprehensions across lines if necessary (#4699)
  • Remove parentheses around multiple exception types in except and except* without as. (#4720)
  • Add \r style newlines to the potential newlines to normalize file newlines both from and to (#4710)

Parser

  • Rewrite tokenizer to improve performance and compliance (#4536)
  • Fix bug where certain unusual expressions (e.g., lambdas) were not accepted in type parameter bounds and defaults. (#4602)

Performance

  • Avoid using an extra process when running with only one worker (#4734)

Integrations

  • Fix the version check in the vim file to reject Python 3.8 (#4567)
  • Enhance GitHub Action psf/black to read Black version from an additional section in pyproject.toml: [project.dependency-groups] (#4606)

... (truncated)

Commits

Updates coverage from 7.8.0 to 7.10.6

Changelog

Sourced from coverage's changelog.

Version 7.10.6 — 2025-08-29

  • Fix: source directories were not properly communicated to subprocesses that ran in different directories, as reported in issue 1499_. This is now fixed.

  • Performance: Alex Gaynor continues fine-tuning <pull 2038_>_ the speed of combination, especially with many contexts.

.. _issue 1499: nedbat/coveragepy#1499 .. _pull 2038: nedbat/coveragepy#2038

.. _changes_7-10-5:

Version 7.10.5 — 2025-08-23

  • Big speed improvements for coverage combine: it's now about twice as fast! Huge thanks to Alex Gaynor for pull requests 2032 <pull 2032_>, 2033 <pull 2033_>, and 2034 <pull 2034_>_.

.. _pull 2032: nedbat/coveragepy#2032 .. _pull 2033: nedbat/coveragepy#2033 .. _pull 2034: nedbat/coveragepy#2034

.. _changes_7-10-4:

Version 7.10.4 — 2025-08-16

  • Added patch = fork for times when the built-in forking support is insufficient.

  • Fix: patch = execv also inherits the entire coverage configuration now.

.. _changes_7-10-3:

Version 7.10.3 — 2025-08-10

  • Fixes for patch = subprocess:

    • If subprocesses spawned yet more subprocesses simultaneously, some coverage could be missed. This is now fixed, closing issue 2024_.

    • If subprocesses were created in other directories, their data files were

... (truncated)

Commits
  • 88c55ff docs: sample HTML for 7.10.6
  • 01d8995 docs: prep for 7.10.6
  • 9b0c24f docs: thanks Alex #2038
  • 66d6910 fix: make source paths absolute where they exist. #1499
  • bb3382f build: no need for the combine/html times now
  • 9ea349a lab: warn_executed.py
  • 808c9b4 build: changing metacov.ini should trigger metacov
  • 384f5f2 build: oops, some 'if's are really line pragmas
  • a7224af perf: pre-compute the mapping between other_db.context and main.context (#2038)
  • 5c00c5b chore: bump the action-dependencies group with 3 updates (#2039)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the python-packages group across 1 directory with 4 updates
a56b33c 
Bumps the python-packages group with 4 updates in the / directory: [nox](https://github.com/wntrblm/nox), [ruff](https://github.com/astral-sh/ruff), [black](https://github.com/psf/black) and [coverage](https://github.com/nedbat/coveragepy).


Updates `nox` from 2025.2.9 to 2025.5.1
- [Release notes](https://github.com/wntrblm/nox/releases)
- [Changelog](https://github.com/wntrblm/nox/blob/main/CHANGELOG.md)
- [Commits](wntrblm/nox@2025.02.09...2025.05.01)

Updates `ruff` from 0.11.6 to 0.13.1
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.11.6...0.13.1)

Updates `black` from 25.1.0 to 25.9.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@25.1.0...25.9.0)

Updates `coverage` from 7.8.0 to 7.10.6
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.8.0...7.10.6)

---
updated-dependencies:
- dependency-name: nox
  dependency-version: 2025.5.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: ruff
  dependency-version: 0.13.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: black
  dependency-version: 25.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: coverage
  dependency-version: 7.10.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Sep 19, 2025
@github-actions
Copy link

github-actions bot commented Sep 19, 2025
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
pip/black 25.9.0 🟢 6.7
Details
CheckScoreReason
Code-Review🟢 9Found 25/26 approved changesets -- score normalized to 9
Maintained🟢 1027 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities🟢 100 existing vulnerabilities detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/coverage 7.10.6 🟢 8.5
Details
CheckScoreReason
Security-Policy🟢 10security policy file detected
Code-Review⚠️ 0Found 1/29 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices🟢 5badge detected: Passing
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Fuzzing🟢 10project is fuzzed
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool is run on all commits
pip/nox 2025.5.1 UnknownUnknown
pip/ruff 0.13.1 UnknownUnknown

Scanned Files

  • requirements.txt

@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Nov 17, 2025

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants