build(deps): bump the general group across 1 directory with 3 updates

[dependabot]

Bumps the general group with 3 updates in the / directory: ipython, pip and tinycss2.

Updates ipython from 8.28.0 to 8.29.0

Commits

• af19fb0 release 8.29.0
• b2fc308 Whats new 8.29 (#14560)
• 9c221bb Whats new 8.29
• d022657 Fix line stripping edge case for %load magic command (#14495)
• 25703b5 Refactor with Pathlib for setupbase.py (#14543)
• de562f8 Fix re pattern pretty print (#14559)
• 298e9f5 Fix formatting
• 2888354 Fix line stripping logic
• d7d58a3 ENH: add webp support to IPython.display.Image and complete identification of...
• 5f39fd8 Fix str error in path again
• Additional commits viewable in compare view

Updates pip from 24.2 to 24.3.1

Changelog

Sourced from pip's changelog.

24.3.1 (2024-10-27)

Bug Fixes

• Allow multiple nested inclusions of the same requirements file again. ([#13046](https://github.com/pypa/pip/issues/13046) <https://github.com/pypa/pip/issues/13046>_)

24.3 (2024-10-27)

Deprecations and Removals

• Deprecate wheel filenames that are not compliant with :pep:440. ([#12918](https://github.com/pypa/pip/issues/12918) <https://github.com/pypa/pip/issues/12918>_)

Features

• Detect recursively referencing requirements files and help users identify the source. ([#12653](https://github.com/pypa/pip/issues/12653) <https://github.com/pypa/pip/issues/12653>_)
• Support for :pep:730 iOS wheels. ([#12961](https://github.com/pypa/pip/issues/12961) <https://github.com/pypa/pip/issues/12961>_)

Bug Fixes

• Display a better error message when an already installed package has an invalid requirement. ([#12953](https://github.com/pypa/pip/issues/12953) <https://github.com/pypa/pip/issues/12953>_)
• Ignore PIP_TARGET and pip.conf global.target when preparing a build environment. ([#8438](https://github.com/pypa/pip/issues/8438) <https://github.com/pypa/pip/issues/8438>_)
• Restore support for macOS 10.12 and older (via truststore). ([#12901](https://github.com/pypa/pip/issues/12901) <https://github.com/pypa/pip/issues/12901>_)
• Allow installing pip in editable mode in a virtual environment on Windows. ([#12666](https://github.com/pypa/pip/issues/12666) <https://github.com/pypa/pip/issues/12666>_)

Vendored Libraries

• Upgrade certifi to 2024.8.30
• Upgrade distlib to 0.3.9
• Upgrade truststore to 0.10.0
• Upgrade urllib3 to 1.26.20

Commits

• 05293b6 Bump for release
• 6a5db8b Merge pull request #13047 from sbidoul/fix-13046
• 7be54ce Don't fail when the same req file is included more than once
• 4f6aeb1 Merge pull request #13044 from sbidoul/release/24.3
• e1b1d51 Bump for development
• cdba22f Bump for release
• 27f8374 Update AUTHORS.txt
• c79d019 Merge pull request #13033 from sbidoul/vendoring-24.3-sbi
• 3ca8921 Merge pull request #13041 from sethmlarson/truststore-0.10.0
• 0cc7375 Upgrade vendored truststore to 0.10.0
• Additional commits viewable in compare view

Updates tinycss2 from 1.3.0 to 1.4.0

Release notes

Sourced from tinycss2's releases.

v1.4.0

• Support CSS Color Level 4

Changelog

Sourced from tinycss2's changelog.

Version 1.4.0

Released on 2024-10-24

• Support CSS Color Level 4

Commits

• c35b34e Version 1.4.0
• 58e4fa2 Merge pull request #53 from Kozea/color4
• ebef899 List supported combinations for color space conversion
• a2f4d22 Move color conversion code to the bottom of the file
• 56c498b Use degrees and radians functions instead of manual conversion
• 95d681f Don’t use too recent math.cbrt
• a9d5371 Update tests for color specifications
• 2c4233d WIP
• 911de48 Support color function
• 3ffe0e6 Handle None values
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
pip/ipython	8.29.0	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 7/9 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 2 badge detected: InProgress License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/pip	24.3.1	🟢 5.8	Details Check Score Reason Code-Review 🟢 9 Found 12/13 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found CII-Best-Practices ⚠️ 2 badge detected: InProgress Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts ⚠️ 0 binaries present in source code SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/tinycss2	1.4.0	🟢 4.1	Details Check Score Reason Code-Review ⚠️ 0 Found 1/15 approved changesets -- score normalized to 0 Maintained ⚠️ 0 0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• requirements.txt

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud