chore(deps): Bump the pip-version-updates group across 1 directory with 11 updates

[dependabot]

Bumps the pip-version-updates group with 10 updates in the / directory:

Package	From	To
pytest	8.3.3	8.3.4
ruff	0.7.3	0.8.3
safety	3.2.10	3.2.13
asttokens	2.4.1	3.0.0
debugpy	1.8.8	1.8.11
jedi	0.19.1	0.19.2
six	1.16.0	1.17.0
tornado	6.4.1	6.4.2
typer	0.13.0	0.15.1
virtualenv	20.27.1	20.28.0

Updates pytest from 8.3.3 to 8.3.4

Release notes

Sourced from pytest's releases.

8.3.4

pytest 8.3.4 (2024-12-01)

Bug fixes

• #12592: Fixed KeyError{.interpreted-text role="class"} crash when using --import-mode=importlib in a directory layout where a directory contains a child directory with the same name.

• #12818: Assertion rewriting now preserves the source ranges of the original instructions, making it play well with tools that deal with the AST, like executing.

• #12849: ANSI escape codes for colored output now handled correctly in pytest.fail{.interpreted-text role="func"} with [pytrace=False]{.title-ref}.

• #9353: pytest.approx{.interpreted-text role="func"} now uses strict equality when given booleans.

Improved documentation

• #10558: Fix ambiguous docstring of pytest.Config.getoption{.interpreted-text role="func"}.

• #10829: Improve documentation on the current handling of the --basetemp option and its lack of retention functionality (temporary directory location and retention{.interpreted-text role="ref"}).

• #12866: Improved cross-references concerning the recwarn{.interpreted-text role="fixture"} fixture.

• #12966: Clarify filterwarnings{.interpreted-text role="ref"} docs on filter precedence/order when using multiple @pytest.mark.filterwarnings <pytest.mark.filterwarnings ref>{.interpreted-text role="ref"} marks.

Contributor-facing changes

• #12497: Fixed two failing pdb-related tests on Python 3.13.

Commits

• 53f8b4e Update pypa/gh-action-pypi-publish to v1.12.2
• 98dff36 Prepare release version 8.3.4
• 1b474e2 approx: use exact comparison for bool (#13013)
• b541721 docs: Fix wrong statement about sys.modules with importlib import mode (#1298...
• 16cb87b pytest.fail: fix ANSI escape codes for colored output (#12959) (#12990)
• be6bc81 Issue #12966 Clarify filterwarnings docs on precedence when using multiple ma...
• 7aeb72b Improve docs on basetemp and retention (#12912) (#12928)
• c875841 Merge pull request #12917 from pytest-dev/patchback/backports/8.3.x/ded1f44e5...
• 6502816 Merge pull request #12913 from jakkdl/dontfailonbadpath
• 52135b0 Merge pull request #12885 from The-Compiler/pdb-py311 (#12887)
• Additional commits viewable in compare view

Updates ruff from 0.7.3 to 0.8.3

Release notes

Sourced from ruff's releases.

0.8.3

Release Notes

Preview features

• Fix fstring formatting removing overlong implicit concatenated string in expression part (#14811)
• [airflow] Add fix to remove deprecated keyword arguments (AIR302) (#14887)
• [airflow]: Extend rule to include deprecated names for Airflow 3.0 (AIR302) (#14765 and #14804)
• [flake8-bugbear] Improve error messages for except* (B025, B029, B030, B904) (#14815)
• [flake8-bugbear] itertools.batched() without explicit strict (B911) (#14408)
• [flake8-use-pathlib] Dotless suffix passed to Path.with_suffix() (PTH210) (#14779)
• [pylint] Include parentheses and multiple comparators in check for boolean-chained-comparison (PLR1716) (#14781)
• [ruff] Do not simplify round() calls (RUF046) (#14832)
• [ruff] Don't emit used-dummy-variable on function parameters (RUF052) (#14818)
• [ruff] Implement if-key-in-dict-del (RUF051) (#14553)
• [ruff] Mark autofix for RUF052 as always unsafe (#14824)
• [ruff] Teach autofix for used-dummy-variable about TypeVars etc. (RUF052) (#14819)

Rule changes

• [flake8-bugbear] Offer unsafe autofix for no-explicit-stacklevel (B028) (#14829)
• [flake8-pyi] Skip all type definitions in string-or-bytes-too-long (PYI053) (#14797)
• [pyupgrade] Do not report when a UTF-8 comment is followed by a non-UTF-8 one (UP009) (#14728)
• [pyupgrade] Mark fixes for convert-typed-dict-functional-to-class and convert-named-tuple-functional-to-class as unsafe if they will remove comments (UP013, UP014) (#14842)

Bug fixes

• Raise syntax error for mixing except and except* (#14895)
• [flake8-bugbear] Fix B028 to allow stacklevel to be explicitly assigned as a positional argument (#14868)
• [flake8-bugbear] Skip B028 if warnings.warn is called with *args or **kwargs (#14870)
• [flake8-comprehensions] Skip iterables with named expressions in unnecessary-map (C417) (#14827)
• [flake8-pyi] Also remove self and cls's annotation (PYI034) (#14801)
• [flake8-pytest-style] Fix pytest-parametrize-names-wrong-type (PT006) to edit both argnames and argvalues if both of them are single-element tuples/lists (#14699)
• [perflint] Improve autofix for PERF401 (#14369)
• [pylint] Fix PLW1508 false positive for default string created via a mult operation (#14841)

Contributors

• @​AlexWaygood
• @​BurntSushi
• @​DimitriPapadopoulos
• @​Glyphack
• @​InSyncWithFoo
• @​Lee-W
• @​MichaReiser
• @​UnknownPlatypus
• @​carljm
• @​cclauss
• @​dcreager
• @​dhruvmanila
• @​dylwil3

... (truncated)

Changelog

Sourced from ruff's changelog.

0.8.3

Preview features

• Fix fstring formatting removing overlong implicit concatenated string in expression part (#14811)
• [airflow] Add fix to remove deprecated keyword arguments (AIR302) (#14887)
• [airflow]: Extend rule to include deprecated names for Airflow 3.0 (AIR302) (#14765 and #14804)
• [flake8-bugbear] Improve error messages for except* (B025, B029, B030, B904) (#14815)
• [flake8-bugbear] itertools.batched() without explicit strict (B911) (#14408)
• [flake8-use-pathlib] Dotless suffix passed to Path.with_suffix() (PTH210) (#14779)
• [pylint] Include parentheses and multiple comparators in check for boolean-chained-comparison (PLR1716) (#14781)
• [ruff] Do not simplify round() calls (RUF046) (#14832)
• [ruff] Don't emit used-dummy-variable on function parameters (RUF052) (#14818)
• [ruff] Implement if-key-in-dict-del (RUF051) (#14553)
• [ruff] Mark autofix for RUF052 as always unsafe (#14824)
• [ruff] Teach autofix for used-dummy-variable about TypeVars etc. (RUF052) (#14819)

Rule changes

• [flake8-bugbear] Offer unsafe autofix for no-explicit-stacklevel (B028) (#14829)
• [flake8-pyi] Skip all type definitions in string-or-bytes-too-long (PYI053) (#14797)
• [pyupgrade] Do not report when a UTF-8 comment is followed by a non-UTF-8 one (UP009) (#14728)
• [pyupgrade] Mark fixes for convert-typed-dict-functional-to-class and convert-named-tuple-functional-to-class as unsafe if they will remove comments (UP013, UP014) (#14842)

Bug fixes

• Raise syntax error for mixing except and except* (#14895)
• [flake8-bugbear] Fix B028 to allow stacklevel to be explicitly assigned as a positional argument (#14868)
• [flake8-bugbear] Skip B028 if warnings.warn is called with *args or **kwargs (#14870)
• [flake8-comprehensions] Skip iterables with named expressions in unnecessary-map (C417) (#14827)
• [flake8-pyi] Also remove self and cls's annotation (PYI034) (#14801)
• [flake8-pytest-style] Fix pytest-parametrize-names-wrong-type (PT006) to edit both argnames and argvalues if both of them are single-element tuples/lists (#14699)
• [perflint] Improve autofix for PERF401 (#14369)
• [pylint] Fix PLW1508 false positive for default string created via a mult operation (#14841)

0.8.2

Preview features

• [airflow] Avoid deprecated values (AIR302) (#14582)
• [airflow] Extend removed names for AIR302 (#14734)
• [ruff] Extend unnecessary-regular-expression to non-literal strings (RUF055) (#14679)
• [ruff] Implement used-dummy-variable (RUF052) (#14611)
• [ruff] Implement unnecessary-cast-to-int (RUF046) (#14697)

Rule changes

• [airflow] Check AIR001 from builtin or providers operators module (#14631)
• [flake8-pytest-style] Remove @ in pytest.mark.parametrize rule messages (#14770)
• [pandas-vet] Skip rules if the panda module hasn't been seen (#14671)

... (truncated)

Commits

• 53f2d72 Revert certain double quotes from workflow shell script (#14939)
• 3629cbf Use double quotes consistently for shell scripts (#14938)
• 37f4338 Bump version to 0.8.3 (#14937)
• 45b565c [red-knot] Any cannot be parameterized (#14933)
• 82faa9b Add tests demonstrating f-strings with debug expressions in replacements that...
• 2eac00c [perflint] fix invalid hoist in perf401 (#14369)
• 033ecf5 Also have zizmor check for low-severity security issues (#14893)
• 5509a3d Add LSP settings example for Zed editor (#14894)
• e4885a2 [red-knot] Understand typing.Tuple (#14927)
• a7e5e42 [red-knot] Make attributes.md test future-proof (#14923)
• Additional commits viewable in compare view

Updates safety from 3.2.10 to 3.2.13

Changelog

Sourced from safety's changelog.

[3.2.13] - 2024-12-10

• Remove email verification for running scans (#645)

[3.2.12] - 2024-12-10

• Add CVE Details and Single-Key Filtering for JSON Output in safety scan (#643)
• feature/add-branch-name (#641)
• feat/add --headless to --help (#636)

[3.2.11] - 2024-11-12

• chore/upgrade-dparse (#633)
• Migrate to PyPI Trusted Publisher for Automated Package Deployment (#632)
• fix/fix-test-validate-func (#631)
• feat: api keys now work without specifying the env (#630)
• fix:jupyter notebook rich format removal (#628)

Commits

• 1b5a104 Merge pull request #646 from pyupio/feat/update-version
• 24e86d9 feat(changelog): update version
• 8435529 Merge pull request #645 from pyupio/feat(utils.py)-remove-email-verification
• c2ca852 feat(utils.py): remove email verification
• 728c7c1 chore/release-3.2.12 (#644)
• 25abf95 feature/cve-data-filter-flag (#643)
• 7654596 Merge pull request #618 from pyupio/chore/use-specific-safety-schemas-release
• b87d13f chore:Use specific safety schema version
• 4b18043 feature/add-branch-name (#641)
• 223ad60 feat/add --headless to --help (#636)
• Additional commits viewable in compare view

Updates asttokens from 2.4.1 to 3.0.0

Commits

• 0ebecde Update setup.cfg to use newer licence_files key; update commands and notes in...
• 89f02d2 More cleanup of code for Python before 3.8, fix astroid import (#156)
• eb1e401 Bump requests from 2.31.0 to 2.32.2 in /docs (#154)
• 4eebd86 remove dependency on six (#155)
• ad41ab6 Bump urllib3 from 2.0.7 to 2.2.2 in /docs (#146)
• d8910b4 Bump certifi from 2023.7.22 to 2024.7.4 in /docs (#147)
• 7a8f3a8 trim Python2 <-> 3 hybridation (#153)
• d025140 Test Python 3.13 (#152)
• 0224610 Fix edge cases in test failures involving padding and TypeVar (#151)
• 71ea82b Stop testing on Python < 3.8 (#149)
• Additional commits viewable in compare view

Updates debugpy from 1.8.8 to 1.8.11

Release notes

Sourced from debugpy's releases.

debugpy v1.8.11

Full Changelog: microsoft/debugpy@v1.8.9...v1.8.11

Fixes for:

• microsoft/debugpy#1763

debugpy v1.8.9

Fixes for:

• microsoft/debugpy#1733

Commits

• 34cc53b Merge pull request #1779 from microsoft/remove_bytecode_distinfo
• a99d933 Remove bytecode distinfo causing PyPi publish errors and ignore it from now on
• 5014f25 Properly update pydevd._settrace.called (#1751)
• 43f4102 Make sure attach binaries are built before running tox (#1753)
• a78e5c2 Fix path modification for windows filesystems that can't handle .. (#1752)
• 3823aba Fix problem with lineno being none when generating traceback (#1750)
• f4ba976 Subrepo command wasn't checked in correctly (#1737)
• 73be8fb Takes some changes from pydevd to fix line numbers being None (#1734)
• See full diff in compare view

Updates jedi from 0.19.1 to 0.19.2

Changelog

Sourced from jedi's changelog.

0.19.2 (2024-11-10) +++++++++++++++++++

• Python 3.13 support

Commits

• 41e9e95 Increase Jedi version
• b225678 Add a release for Python 3.13
• 30adf43 Merge pull request #2027 from WutingjiaX/feat/filterImported
• be6df62 filter imported names during completion
• e53359a Fix a test that had issues with a minor upgrade of Python 3.12
• 6e5d5b7 Enable workflow_dispatch in CI
• 91ffdea Sort completions by input resemblance. (#2018)
• 2859e4f Support inferring not expr to bool (#2016)
• 8ee4c26 Merge pull request #2014 from WutingjiaX/feat/in_operator
• 4d09ac0 When inferring comparison operators, return a definite type instead of NO_VAL...
• Additional commits viewable in compare view

Updates safety-schemas from 0.0.9 to 0.0.10

Commits

• See full diff in compare view

Updates six from 1.16.0 to 1.17.0

Changelog

Sourced from six's changelog.

1.17.0

• Pull request #388: Remove URLopener and FancyURLopener classes from urllib.request when running on Python 3.14 or greater.

• Pull request #365, issue #283: six.moves.UserDict now points to UserDict.IterableUserDict instead of UserDict.UserDict on Python 2.

Commits

• ebd9b3a six 1.17.0
• 40d248e Expunge travis.
• dd7940e Add PyPI publication workflow. (#390)
• 8cb688f Update copyright years.
• 86f89c5 Add a GitHub actions CI workflow. (#389)
• 06430b9 Make test_getoutput work on Windows.
• ceddaf2 Add a changelog for #314.
• 9a05aab Python 3.14 removed the URLopener and FancyURLopener classes from urllib.req...
• c1b416f Fix deprecation warning from setuptools (#382)
• 02c3bca tkinter.tix was removed from Python 3.13, skip the test (#377)
• Additional commits viewable in compare view

Updates tornado from 6.4.1 to 6.4.2

Changelog

Sourced from tornado's changelog.

Release notes

.. toctree:: :maxdepth: 2

releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1 releases/v3.2.0 releases/v3.1.1 releases/v3.1.0 releases/v3.0.2 releases/v3.0.1 releases/v3.0.0 releases/v2.4.1 releases/v2.4.0

... (truncated)

Commits

• a5ecfab Bump version to 6.4.2
• bc7df6b Fix tests with Twisted 24.7.0
• d5ba4a1 httputil: Fix quadratic performance of cookie parsing
• See full diff in compare view

Updates typer from 0.13.0 to 0.15.1

Release notes

Sourced from typer's releases.

0.15.1

Features

• 🗑️ Deprecate shell_complete and continue to use autocompletion for CLI parameters. PR #974 by @​svlandeg.

Docs

• ✏️ Fix a few typos in the source and documentation. PR #1028 by @​kkirsche.
• 📝 Fix minor inconsistencies and typos in tutorial. PR #1067 by @​tvoirand.
• ✏️ Fix a few small typos in the documentation. PR #1077 by @​svlandeg.

Internal

• 🔧 Update build-docs filter patterns. PR #1080 by @​tiangolo.
• 🔨 Update deploy docs preview script. PR #1079 by @​tiangolo.
• 🔧 Update members. PR #1078 by @​tiangolo.
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1071 by @​pre-commit-ci[bot].
• ⬆ Update httpx requirement from =0.27.0,<0.29.0. PR #1065 by @​dependabot[bot].

0.15.0

Features

• ✨ Add support for extending typer apps without passing a name, add commands to the top level. PR #1037 by @​patrick91.
  • New docs: One File Per Command.

Internal

• ⬆ Bump mkdocs-material from 9.5.46 to 9.5.47. PR #1070 by @​dependabot[bot].
• ⬆ Bump ruff from 0.8.0 to 0.8.1. PR #1066 by @​dependabot[bot].

0.14.0

Breaking Changes

• 🔥 Remove auto naming of groups added via add_typer based on the group's callback function name. PR #1052 by @​patrick91.

Before, it was supported to infer the name of a command group from the callback function name in the sub-app, so, in this code:

import typer
app = typer.Typer()
users_app = typer.Typer()
app.add_typer(users_app)
@​users_app.callback()
def users():  # <-- This was the inferred command group name
"""
Manage users in the app.
</tr></table>

... (truncated)

Changelog

Sourced from typer's changelog.

0.15.1

Features

• 🗑️ Deprecate shell_complete and continue to use autocompletion for CLI parameters. PR #974 by @​svlandeg.

Docs

• ✏️ Fix a few typos in the source and documentation. PR #1028 by @​kkirsche.
• 📝 Fix minor inconsistencies and typos in tutorial. PR #1067 by @​tvoirand.
• ✏️ Fix a few small typos in the documentation. PR #1077 by @​svlandeg.

Internal

• 🔧 Update build-docs filter patterns. PR #1080 by @​tiangolo.
• 🔨 Update deploy docs preview script. PR #1079 by @​tiangolo.
• 🔧 Update members. PR #1078 by @​tiangolo.
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1071 by @​pre-commit-ci[bot].
• ⬆ Update httpx requirement from =0.27.0,<0.29.0. PR #1065 by @​dependabot[bot].

0.15.0

Features

• ✨ Add support for extending typer apps without passing a name, add commands to the top level. PR #1037 by @​patrick91.
  • New docs: One File Per Command.

Internal

• ⬆ Bump mkdocs-material from 9.5.46 to 9.5.47. PR #1070 by @​dependabot[bot].
• ⬆ Bump ruff from 0.8.0 to 0.8.1. PR #1066 by @​dependabot[bot].

0.14.0

Breaking Changes

• 🔥 Remove auto naming of groups added via add_typer based on the group's callback function name. PR #1052 by @​patrick91.

Before, it was supported to infer the name of a command group from the callback function name in the sub-app, so, in this code:

import typer
app = typer.Typer()
users_app = typer.Typer()
app.add_typer(users_app)
@​users_app.callback()
</tr></table>

... (truncated)

Commits

• 0b89650 🔖 Release version 0.15.1
• bd89bf6 📝 Update release notes
• 3b9ce47 ✏️ Fix a few typos in the source and documentation (#1028)
• 95ba85f 📝 Update release notes
• dbc335b 📝 Fix minor inconsistencies and typos in tutorial (#1067)
• b88c327 📝 Update release notes
• d8e56e2 🗑️ Deprecate shell_complete and continue to use autocompletion for CLI pa...
• 5f378ee 📝 Update release notes
• b826dc4 ✏️ Fix a few small typos in the documentation (#1077)
• 9be60da 📝 Update release notes
• Additional commits viewable in compare view

Updates virtualenv from 20.27.1 to 20.28.0

Release notes

Sourced from virtualenv's releases.

20.28.0

What's Changed

• fix: Update run_with_catch log flushing by @​neilramsay in pypa/virtualenv#2806
• feat: Write CACHEDIR.TAG file by @​neilramsay in pypa/virtualenv#2805

Full Changelog: pypa/virtualenv@20.27.2...20.28.0

20.27.2

What's Changed

• release 20.27.1 by @​gaborbernat in pypa/virtualenv#2791
• Upgrade setuptools to 75.3 by @​gaborbernat in pypa/virtualenv#2798
• Upgrade setuptools to 75.5 and wheel to 0.45 by @​gaborbernat in pypa/virtualenv#2804
• No longer forcibly echo off during windows batch activation by @​wiktorinox in pypa/virtualenv#2801
• feat: Write CACHEDIR.TAG file by @​neilramsay in pypa/virtualenv#2803

New Contributors

• @​wiktorinox made their first contribution in pypa/virtualenv#2801
• @​neilramsay made their first contribution in pypa/virtualenv#2803

Full Changelog: pypa/virtualenv@20.27.1...20.27.2

Changelog

Sourced from virtualenv's changelog.

v20.28.0 (2024-11-25)

Features - 20.28.0

- Write CACHEDIR.TAG file on creation - by "user:`neilramsay`. (:issue:`2803`)
v20.27.2 (2024-11-25)
Bugfixes - 20.27.2

• Upgrade embedded wheels:

  • setuptools to 75.3.0 from 75.2.0 (:issue:2798)

• Upgrade embedded wheels:

  • wheel to 0.45.0 from 0.44.0
  • setuptools to 75.5.0 (:issue:2800)

• no longer forcibly echo off during windows batch activation (:issue:2801)

• Upgrade embedded wheels:

  • setuptools to 75.6.0 from 75.5.0
  • wheel to 0.45.1 from 0.45.0 (:issue:2804)

Commits

• bfc04e3 release 20.28.0
• 2a29a1b feat: Write CACHEDIR.TAG file (#2805)
• d619967 fix: Update run_with_catch log flushing (#2806)
• f74c000 release 20.27.2
• 6f70bf5 Revert "feat: Write CACHEDIR.TAG file (#2803)"
• f5d7cb4 [pre-commit.ci] pre-commit autoupdate (#2799)
• be19526 feat: Write CACHEDIR.TAG file (#2803)
• b3e2b6f No longer forcibly echo off during windows batch activation (#2801)
• fd6c16b Bump astral-sh/setup-uv from 3 to 4 (#2802)
• 898abfd Upgrade setuptools to 75.5 and wheel to 0.45 (#2804)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.