Skip to content

Comments

Deps: Bump the python-packages group with 5 updates#175

Merged
greenbonebot merged 1 commit intomainfrom
dependabot/pip/python-packages-9a0b742918
Nov 24, 2025
Merged

Deps: Bump the python-packages group with 5 updates#175
greenbonebot merged 1 commit intomainfrom
dependabot/pip/python-packages-9a0b742918

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 24, 2025

Bumps the python-packages group with 5 updates:

Package From To
ruff 0.14.4 0.14.6
autohooks 25.4.1 25.11.0
certifi 2025.10.5 2025.11.12
exceptiongroup 1.3.0 1.3.1
shtab 1.7.2 1.8.0

Updates ruff from 0.14.4 to 0.14.6

Release notes

Sourced from ruff's releases.

0.14.6

Release Notes

Released on 2025-11-21.

Preview features

  • [flake8-bandit] Support new PySNMP API paths (S508, S509) (#21374)

Bug fixes

  • Adjust own-line comment placement between branches (#21185)
  • Avoid syntax error when formatting attribute expressions with outer parentheses, parenthesized value, and trailing comment on value (#20418)
  • Fix panic when formatting comments in unary expressions (#21501)
  • Respect fmt: skip for compound statements on a single line (#20633)
  • [refurb] Fix FURB103 autofix (#21454)
  • [ruff] Fix false positive for complex conversion specifiers in logging-eager-conversion (RUF065) (#21464)

Rule changes

  • [ruff] Avoid false positive on ClassVar reassignment (RUF012) (#21478)

CLI

  • Render hyperlinks for lint errors (#21514)
  • Add a ruff analyze option to skip over imports in TYPE_CHECKING blocks (#21472)

Documentation

  • Limit eglot-format hook to eglot-managed Python buffers (#21459)
  • Mention force-exclude in "Configuration > Python file discovery" (#21500)

Contributors

Install ruff 0.14.6

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.14.6/ruff-installer.sh | sh
</tr></table>

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.6

Released on 2025-11-21.

Preview features

  • [flake8-bandit] Support new PySNMP API paths (S508, S509) (#21374)

Bug fixes

  • Adjust own-line comment placement between branches (#21185)
  • Avoid syntax error when formatting attribute expressions with outer parentheses, parenthesized value, and trailing comment on value (#20418)
  • Fix panic when formatting comments in unary expressions (#21501)
  • Respect fmt: skip for compound statements on a single line (#20633)
  • [refurb] Fix FURB103 autofix (#21454)
  • [ruff] Fix false positive for complex conversion specifiers in logging-eager-conversion (RUF065) (#21464)

Rule changes

  • [ruff] Avoid false positive on ClassVar reassignment (RUF012) (#21478)

CLI

  • Render hyperlinks for lint errors (#21514)
  • Add a ruff analyze option to skip over imports in TYPE_CHECKING blocks (#21472)

Documentation

  • Limit eglot-format hook to eglot-managed Python buffers (#21459)
  • Mention force-exclude in "Configuration > Python file discovery" (#21500)

Contributors

0.14.5

Released on 2025-11-13.

Preview features

  • [flake8-simplify] Apply SIM113 when index variable is of type int (#21395)

... (truncated)

Commits
  • 59c6cb5 Bump 0.14.6 (#21558)
  • 54dba15 [ty] Improve debug messages when imports fail (#21555)
  • 1af3185 [ty] Add support for relative import completions
  • 553e568 [ty] Refactor detection of import statements for completions
  • cdef3f5 [ty] Use dedicated collector for completions
  • 6178822 [ty] Attach subdiagnostics to unresolved-import errors for relative imports...
  • 6b7adb0 [ty] support PEP 613 type aliases (#21394)
  • 06941c1 [ty] More low-hanging fruit for inlay hint goto-definition (#21548)
  • eb7c098 [ty] implement TypedDict structural assignment (#21467)
  • 1b28fc1 [ty] Add more random TypeDetails and tests (#21546)
  • Additional commits viewable in compare view

Updates autohooks from 25.4.1 to 25.11.0

Release notes

Sourced from autohooks's releases.

autohooks 25.11.0

25.11.0 - 2025-11-12

Added

Dependencies

  • Bump the dependencies group with 3 updates 20ebe2e
  • Bump the dependencies group with 2 updates 23aa3ce
  • Bump ruff from 0.14.1 to 0.14.2 in the dependencies group 281256f
  • Bump the dependencies group with 3 updates 854ad74
  • Bump the dependencies group with 4 updates d300d01
  • Bump github/codeql-action from 3 to 4 in the dependencies group 3a831d3
  • Bump the dependencies group across 1 directory with 11 updates 884f854
  • Bump the dependencies group with 2 updates 9c353bd
  • Bump ruff from 0.12.11 to 0.12.12 in the dependencies group 83b15f6
  • Bump the dependencies group with 5 updates 4406ed8
  • Bump actions/checkout from 4 to 5 in the dependencies group cb2ace3
  • Bump the dependencies group with 7 updates cb1e5ed
  • Bump the dependencies group across 1 directory with 5 updates d9ea536
  • Bump the dependencies group across 1 directory with 7 updates a285e18
  • Bump the dependencies group with 3 updates f86ae40
  • Bump the dependencies group across 1 directory with 8 updates 6db3de9
  • Bump urllib3 from 2.4.0 to 2.5.0 d7575e1
  • Bump the dependencies group with 4 updates 2a2d6c0
  • Bump the dependencies group with 3 updates a34e40c
  • Bump the dependencies group with 3 updates 8b38426
  • Bump the dependencies group with 2 updates 0810181
  • Bump ruff from 0.11.9 to 0.11.10 in the dependencies group e66e3b4
  • Bump the dependencies group with 4 updates 389ddfc
  • Bump the dependencies group with 3 updates 51dcf29
  • Bump the dependencies group with 2 updates cc8c5e4
Commits
  • fbc2f2e Automatic release to 25.11.0
  • 20ebe2e Deps: Bump the dependencies group with 3 updates
  • 23aa3ce Deps: Bump the dependencies group with 2 updates
  • 5e4a2f3 Fix Add or Update detect-hidden-unicode.yml (#753)
  • 281256f Deps: Bump ruff from 0.14.1 to 0.14.2 in the dependencies group
  • 854ad74 Deps: Bump the dependencies group with 3 updates
  • d300d01 Deps: Bump the dependencies group with 4 updates
  • 3a831d3 Deps: Bump github/codeql-action from 3 to 4 in the dependencies group
  • 884f854 Deps: Bump the dependencies group across 1 directory with 11 updates
  • 9c353bd Deps: Bump the dependencies group with 2 updates
  • Additional commits viewable in compare view

Updates certifi from 2025.10.5 to 2025.11.12

Commits

Updates exceptiongroup from 1.3.0 to 1.3.1

Release notes

Sourced from exceptiongroup's releases.

1.3.1

  • Fixed AttributeError: 'TracebackException' object has no attribute 'exceptions' when formatting unpickled TBEs from another Python process which did not apply the exceptiongroup patches (#144)
Changelog

Sourced from exceptiongroup's changelog.

Version history

This library adheres to Semantic Versioning 2.0 <http://semver.org/>_.

1.3.1

  • Fixed AttributeError: 'TracebackException' object has no attribute 'exceptions' when formatting unpickled TBEs from another Python process which did not apply the exceptiongroup patches ([#144](https://github.com/agronholm/exceptiongroup/issues/144) <https://github.com/agronholm/exceptiongroup/issues/144>_)

1.3.0

  • Added **kwargs to function and method signatures as appropriate to match the signatures in the standard library
  • In line with the stdlib typings in typeshed, updated (Base)ExceptionGroup generic types to define defaults for their generic arguments (defaulting to BaseExceptionGroup[BaseException] and ExceptionGroup[Exception]) (PR by @​mikenerone)
  • Changed BaseExceptionGroup.__init__() to directly call BaseException.__init__() instead of the superclass __init__() in order to emulate the CPython behavior (broken or not) (PR by @​cfbolz)
  • Changed the exceptions attribute to always return the same tuple of exceptions, created from the original exceptions sequence passed to BaseExceptionGroup to match CPython behavior ([#143](https://github.com/agronholm/exceptiongroup/issues/143) <https://github.com/agronholm/exceptiongroup/issues/143>_)

1.2.2

  • Removed an assert in exceptiongroup._formatting that caused compatibility issues with Sentry ([#123](https://github.com/agronholm/exceptiongroup/issues/123) <https://github.com/agronholm/exceptiongroup/issues/123>_)

1.2.1

  • Updated the copying of __notes__ to match CPython behavior (PR by CF Bolz-Tereick)
  • Corrected the type annotation of the exception handler callback to accept a BaseExceptionGroup instead of BaseException
  • Fixed type errors on Python < 3.10 and the type annotation of suppress() (PR by John Litborn)

1.2.0

  • Added special monkeypatching if Apport <https://github.com/canonical/apport>_ has overridden sys.excepthook so it will format exception groups correctly (PR by John Litborn)
  • Added a backport of contextlib.suppress() from Python 3.12.1 which also handles suppressing exceptions inside exception groups
  • Fixed bare raise in a handler reraising the original naked exception rather than an exception group which is what is raised when you do a raise in an except*

... (truncated)

Commits
  • ddddb6f Added the release version
  • 49c5e60 Fixed AttributeError when formatting unpickled TBEs from an unpatched process
  • 1be517f [pre-commit.ci] pre-commit autoupdate (#152)
  • af0ea2f [pre-commit.ci] pre-commit autoupdate (#149)
  • 7c980a8 Removed pin on pyright version
  • ef85336 Fixed typing job not finding Python 3.14
  • 080b3f4 Pinned pyright version to fix typeshed related failure
  • ac66090 Added Python 3.14 to the test matrix
  • a0da94d Fixed test failures on Python 3.14
  • See full diff in compare view

Updates shtab from 1.7.2 to 1.8.0

Release notes

Sourced from shtab's releases.

shtab v1.8.0 stable

  • ❓ fix bash error on optional nargs="?" (#184 <- #181)
  • 🔀 fix zsh duplicate default remainder & swapped one_or_more/remainder (#200 <- #183, #198)
  • 💅 misc minor docs updates (#202)
    • 🗒️ add own/example CLI file output (#192)
  • 🛠️ misc framework updates (#203, #197, #193, #191)
    • 🐍 test support for Python 3.14
Commits
  • ca1d284 docs: fix minor typos
  • 6c48520 Merge pull request #203 from ThomasWaldmann/setuptools-requirement
  • 31618f9 update minimum setuptools requirement for SPDX license support
  • ad3d4ce Merge pull request #200 from ThomasWaldmann/doubled-rest-fix
  • 171be68 fix tests
  • e96c96f zsh: fix duplicate default REMAINDER (fixes #183)
  • acc76fd Merge pull request #197 from hroncok/patch-1
  • a23e335 Do not require wheel for building
  • 2f87e26 Merge pull request #193 from mikelolasagasti/license-pyproject
  • 980a906 Merge pull request #198 from ThomasWaldmann/fix/zsh-variadic-var-swap
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Nov 24, 2025
@dependabot dependabot bot requested a review from a team as a code owner November 24, 2025 04:09
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Nov 24, 2025
@greenbonebot greenbonebot enabled auto-merge (rebase) November 24, 2025 04:09
@github-actions
Copy link

github-actions bot commented Nov 24, 2025
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 2 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 690cb7d.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

poetry.lock

PackageVersionLicenseIssue Type
exceptiongroup1.3.1NullUnknown License
shtab1.8.0NullUnknown License
Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-only, GPL-3.0-or-later, GPL-3.0, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-3.0, Unicode-DFS-2016, Unlicense, Zlib, ZPL-2.1

OpenSSF Scorecard

PackageVersionScoreDetails
pip/autohooks 25.11.0 🟢 6.8
Details
CheckScoreReason
Code-Review🟢 5Found 2/4 approved changesets -- score normalized to 5
Maintained🟢 1015 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases🟢 85 out of the last 5 releases have a total of 5 signed artifacts.
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy🟢 10security policy file detected
SAST🟢 10SAST tool is run on all commits
pip/certifi 2025.11.12 🟢 6.7
Details
CheckScoreReason
Code-Review🟢 5Found 2/4 approved changesets -- score normalized to 5
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 88 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 8
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/exceptiongroup 1.3.1 UnknownUnknown
pip/ruff 0.14.6 UnknownUnknown
pip/shtab 1.8.0 🟢 5
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 5Found 8/14 approved changesets -- score normalized to 5
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Maintained🟢 1014 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 91 existing vulnerabilities detected
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • poetry.lock

@greenbonebot
Copy link
Member

greenbonebot commented Nov 24, 2025

Scan: 'poetry.lock'

Nothing detected in poetry.lock
Scan took 0.01 seconds

@github-actions
Copy link

github-actions bot commented Nov 24, 2025

Conventional Commits Report

Type Number
Dependencies 1

🚀 Conventional commits found.

@dependabot @y0urself
Deps: Bump the python-packages group with 5 updates
690cb7d 
Bumps the python-packages group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [ruff](https://github.com/astral-sh/ruff) | `0.14.4` | `0.14.6` |
| [autohooks](https://github.com/greenbone/autohooks) | `25.4.1` | `25.11.0` |
| [certifi](https://github.com/certifi/python-certifi) | `2025.10.5` | `2025.11.12` |
| [exceptiongroup](https://github.com/agronholm/exceptiongroup) | `1.3.0` | `1.3.1` |
| [shtab](https://github.com/iterative/shtab) | `1.7.2` | `1.8.0` |


Updates `ruff` from 0.14.4 to 0.14.6
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.14.4...0.14.6)

Updates `autohooks` from 25.4.1 to 25.11.0
- [Release notes](https://github.com/greenbone/autohooks/releases)
- [Commits](greenbone/autohooks@v25.4.1...v25.11.0)

Updates `certifi` from 2025.10.5 to 2025.11.12
- [Commits](certifi/python-certifi@2025.10.05...2025.11.12)

Updates `exceptiongroup` from 1.3.0 to 1.3.1
- [Release notes](https://github.com/agronholm/exceptiongroup/releases)
- [Changelog](https://github.com/agronholm/exceptiongroup/blob/main/CHANGES.rst)
- [Commits](agronholm/exceptiongroup@1.3.0...1.3.1)

Updates `shtab` from 1.7.2 to 1.8.0
- [Release notes](https://github.com/iterative/shtab/releases)
- [Commits](iterative/shtab@v1.7.2...v1.8.0)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.14.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: autohooks
  dependency-version: 25.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: certifi
  dependency-version: 2025.11.12
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: exceptiongroup
  dependency-version: 1.3.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: shtab
  dependency-version: 1.8.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@y0urself y0urself force-pushed the dependabot/pip/python-packages-9a0b742918 branch from 841c03b to 690cb7d Compare November 24, 2025 07:58
@greenbonebot greenbonebot merged commit bcba2df into main Nov 24, 2025
15 checks passed
@greenbonebot greenbonebot deleted the dependabot/pip/python-packages-9a0b742918 branch November 24, 2025 07:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@y0urself y0urself y0urself approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@greenbonebot @y0urself