build(deps): bump the dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the dependencies group with 10 updates in the / directory:

Package	From	To
certifi	2024.7.4	2024.8.30
cffi	1.16.0	1.17.1
cryptography	42.0.8	43.0.1
idna	3.7	3.10
urllib3	2.2.2	2.2.3
coverage	7.5.4	7.6.1
build	1.2.1	1.2.2
tox	4.1.2	4.20.0
ruff	0.5.1	0.6.8
mypy	1.10.1	1.11.2

Updates certifi from 2024.7.4 to 2024.8.30

Commits

• 325c2fd 2024.08.30 (#304)
• d66bf5f Bump actions/upload-artifact from 4.3.5 to 4.3.6 (#302)
• 2150f23 Bump actions/upload-artifact from 4.3.4 to 4.3.5 (#301)
• fc9b771 Bump actions/setup-python from 5.1.0 to 5.1.1 (#300)
• 965b239 Bump actions/download-artifact from 4.1.7 to 4.1.8 (#297)
• c1f50cc Bump actions/upload-artifact from 4.3.3 to 4.3.4 (#296)
• See full diff in compare view

Updates cffi from 1.16.0 to 1.17.1

Release notes

Sourced from cffi's releases.

v1.17.1

• Fix failing distutils.msvc9compiler imports under Windows (#118).
• ffibuilder.emit_python_code() and ffibuiler.emit_c_code() accept file-like objects (#115).
• ffiplatform calls are bypassed by ffibuilder.emit_python_code() and ffibuilder.emit_c_code() (#81).

Full Changelog: python-cffi/cffi@v1.17.0...v1.17.1

v1.17.0

• Add support for Python 3.13.
  • Free-threaded CPython builds (i.e. python3.13t and the 3.13t ABI) are not currently supported.
• In API mode, when you get a function from a C library by writing fn = lib.myfunc, you get an object of a special type for performance reasons, instead of a <cdata 'C-function-type'>. Before version 1.17 you could only call such objects. You could write ffi.addressof(lib, "myfunc") in order to get a real <cdata> object, based on the idea that in these cases in C you'd usually write &myfunc instead of myfunc. In version 1.17, the special object lib.myfunc can now be passed in many places where CFFI expects a regular <cdata> object. For example, you can now pass it as a callback to a C function call, or write it inside a C structure field of the correct pointer-to-function type, or use ffi.cast() or ffi.typeof() on it.

Full Changelog: python-cffi/cffi@v1.16.0...v1.17.0

v1.17.0rc1

• Add support for Python 3.13.
• In API mode, when you get a function from a C library by writing fn = lib.myfunc, you get an object of a special type for performance reasons, instead of a object. For example, you can now pass it as a callback to a C function call, or write it inside a C structure field of the correct pointer-to-function type, or use ffi.cast() or ffi.typeof() on it.
• Build wheels for musllinux aarch64.

Commits

• 38bd6be release 1.17.1
• ba10180 update whatsnew.rst for 1.17.1 (#121)
• 61deb5f add yet another flag to recompile() to avoid calling ffiplatform (#81)
• 1c292c1 Handle distutils without distutils.msvc9compiler.MSVCCompiler class (#118)
• 182ffc4 Allow writing generated code to a file-like object. (#115)
• 74731f9 Release 1.17.0 (#108)
• 181fa00 1.17.0rc1 release (#80)
• 772528e Add 3.13 to trove classifiers (#72)
• e36042d 1.17.0b1 prep (#79)
• 39bdab2 avoid null-pointer-subtraction error (#78)
• Additional commits viewable in compare view

Updates cryptography from 42.0.8 to 43.0.1

Changelog

Sourced from cryptography's changelog.

43.0.1 - 2024-09-03

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.2.
.. _v43-0-0:
43.0.0 - 2024-07-20

• BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e has been removed. Users on older version of OpenSSL will need to upgrade.
• BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8.
• Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1.
• Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0.
• :func:~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is still considered insecure, users should generally use a key size of 2048-bits.
• :func:~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates now emits ASN.1 that more closely follows the recommendations in :rfc:2315.
• Added new :doc:/hazmat/decrepit/index module which contains outdated and insecure cryptographic primitives. :class:~cryptography.hazmat.primitives.ciphers.algorithms.CAST5, :class:~cryptography.hazmat.primitives.ciphers.algorithms.SEED, :class:~cryptography.hazmat.primitives.ciphers.algorithms.IDEA, and :class:~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish, which were deprecated in 37.0.0, have been added to this module. They will be removed from the cipher module in 45.0.0.
• Moved :class:~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES and :class:~cryptography.hazmat.primitives.ciphers.algorithms.ARC4 into :doc:/hazmat/decrepit/index and deprecated them in the cipher module. They will be removed from the cipher module in 48.0.0.
• Added support for deterministic :class:~cryptography.hazmat.primitives.asymmetric.ec.ECDSA (:rfc:6979)
• Added support for client certificate verification to the :mod:X.509 path validation <cryptography.x509.verification> APIs in the form of :class:~cryptography.x509.verification.ClientVerifier, :class:~cryptography.x509.verification.VerifiedClient, and PolicyBuilder :meth:~cryptography.x509.verification.PolicyBuilder.build_client_verifier.
• Added Certificate :attr:~cryptography.x509.Certificate.public_key_algorithm_oid and Certificate Signing Request :attr:~cryptography.x509.CertificateSigningRequest.public_key_algorithm_oid to determine the :class:~cryptography.hazmat._oid.PublicKeyAlgorithmOID Object Identifier of the public key found inside the certificate.
• Added :attr:~cryptography.x509.InvalidityDate.invalidity_date_utc, a timezone-aware alternative to the naïve datetime attribute :attr:~cryptography.x509.InvalidityDate.invalidity_date.
• Added support for parsing empty DN string in

... (truncated)

Commits

• a773387 bump for 43.0.1 (#11533)
• 0393fef Backport setuptools version ban (#11526)
• 6687bab Bump openssl from 0.10.65 to 0.10.66 in /src/rust (#11320) (#11324)
• ebf14f2 bump for 43.0.0 and update changelog (#11311)
• 42788a0 Fix exchange with keys that had Q automatically computed (#11309)
• 2dbdfb8 don't assign unused name (#11310)
• ccc66e6 Bump openssl from 0.10.64 to 0.10.65 in /src/rust (#11308)
• 4310c87 Bump sphinxcontrib-qthelp from 1.0.7 to 1.0.8 (#11307)
• f66a9c4 Bump sphinxcontrib-htmlhelp from 2.0.5 to 2.0.6 (#11306)
• a8fcf18 Bump openssl-sys from 0.9.102 to 0.9.103 in /src/rust (#11305)
• Additional commits viewable in compare view

Updates idna from 3.7 to 3.10

Release notes

Sourced from idna's releases.

v3.10

No release notes provided.

v3.9

No release notes provided.

v3.8

What's Changed

• Fix regression where IDNAError exception was not being produced for certain inputs.
• Add support for Python 3.13, drop support for Python 3.5 as it is no longer testable.
• Documentation improvements
• Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.

Full Changelog: kjd/idna@v3.7...v3.8

Changelog

Sourced from idna's changelog.

3.10 (2024-09-15) +++++++++++++++++

• Reverted to Unicode 15.1.0 data. Unicode 16 has some significant changes to UTS46 processing that will require more work to properly implement.

3.9 (2024-09-13) ++++++++++++++++

• Update to Unicode 16.0.0
• Deprecate setup.cfg in favour of pyproject.toml
• Use ruff for code formatting

Thanks to Waket Zheng for contributions to this release.

3.8 (2024-08-23) ++++++++++++++++

• Fix regression where IDNAError exception was not being produced for certain inputs.
• Add support for Python 3.13, drop support for Python 3.5 as it is no longer testable.
• Documentation improvements
• Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.

Commits

• 729225d Release v3.10
• 3eef168 Merge pull request #194 from kjd/revert-unicode-16
• ceca619 Revert Unicode 16.0.0 data updates
• c43ac75 Merge pull request #191 from kjd/release-3.9
• 1b8800a Release v3.9
• a1fd168 Merge pull request #190 from kjd/unicode-16
• 7732c61 Merge branch 'master' into unicode-16
• 4ed183d Refactor membership test
• 762216b Format with ruff
• 580ece9 Implement changes to UTS46 algorithm
• Additional commits viewable in compare view

Updates urllib3 from 2.2.2 to 2.2.3

Release notes

Sourced from urllib3's releases.

2.2.3

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Features

• Added support for Python 3.13. (#3473)

Bugfixes

• Fixed the default encoding of chunked request bodies to be UTF-8 instead of ISO-8859-1. All other methods of supplying a request body already use UTF-8 starting in urllib3 v2.0. (#3053)
• Fixed ResourceWarning on CONNECT with Python < 3.11.4 by backporting python/cpython#103472. (`#3252)
• Adjust tolerance for floating-point comparison on Windows to avoid flakiness in CI (#3413)
• Fixed a crash where certain standard library hash functions were absent in restricted environments. (#3432)
• Fixed mypy error when adding to HTTPConnection.default_socket_options. (#3448)

HTTP/2 (experimental)

HTTP/2 support is still in early development.

• Excluded Transfer-Encoding: chunked from HTTP/2 request body (#3425)
• Added version checking for h2 (https://pypi.org/project/h2/) usage. Now only accepting supported h2 major version 4.x.x. (#3290)
• Added a probing mechanism for determining whether a given target origin supports HTTP/2 via ALPN. (#3301)
• Add support for sending a request body with HTTP/2 (#3302)

Full Changelog: urllib3/urllib3@2.2.2...2.2.3

Changelog

Sourced from urllib3's changelog.

2.2.3 (2024-09-12)

Features

• Added support for Python 3.13. ([#3473](https://github.com/urllib3/urllib3/issues/3473) <https://github.com/urllib3/urllib3/issues/3473>__)

Bugfixes

• Fixed the default encoding of chunked request bodies to be UTF-8 instead of ISO-8859-1. All other methods of supplying a request body already use UTF-8 starting in urllib3 v2.0. ([#3053](https://github.com/urllib3/urllib3/issues/3053) <https://github.com/urllib3/urllib3/issues/3053>__)
• Fixed ResourceWarning on CONNECT with Python `__)
• Adjust tolerance for floating-point comparison on Windows to avoid flakiness in CI ([#3413](https://github.com/urllib3/urllib3/issues/3413) <https://github.com/urllib3/urllib3/issues/3413>__)
• Fixed a crash where certain standard library hash functions were absent in restricted environments. ([#3432](https://github.com/urllib3/urllib3/issues/3432) <https://github.com/urllib3/urllib3/issues/3432>__)
• Fixed mypy error when adding to HTTPConnection.default_socket_options. ([#3448](https://github.com/urllib3/urllib3/issues/3448) <https://github.com/urllib3/urllib3/issues/3448>__)

HTTP/2 (experimental)

HTTP/2 support is still in early development.

• Excluded Transfer-Encoding: chunked from HTTP/2 request body ([#3425](https://github.com/urllib3/urllib3/issues/3425) <https://github.com/urllib3/urllib3/issues/3425>__)

• Added version checking for h2 (https://pypi.org/project/h2/) usage.

  Now only accepting supported h2 major version 4.x.x. ([#3290](https://github.com/urllib3/urllib3/issues/3290) <https://github.com/urllib3/urllib3/issues/3290>__)

• Added a probing mechanism for determining whether a given target origin supports HTTP/2 via ALPN. ([#3301](https://github.com/urllib3/urllib3/issues/3301) <https://github.com/urllib3/urllib3/issues/3301>__)

• Add support for sending a request body with HTTP/2 ([#3302](https://github.com/urllib3/urllib3/issues/3302) <https://github.com/urllib3/urllib3/issues/3302>__)

Deprecations and Removals

• Note for downstream distributors: the _version.py file has been removed and is now created at build time by hatch-vcs. ([#3412](https://github.com/urllib3/urllib3/issues/3412) <https://github.com/urllib3/urllib3/issues/3412>__)
• Drop support for end-of-life PyPy3.8 and PyPy3.9. ([#3475](https://github.com/urllib3/urllib3/issues/3475) <https://github.com/urllib3/urllib3/issues/3475>__)

Commits

• 2458bfc Release 2.2.3
• 9b25db6 Only attempt to publish for upstream
• b9adeef Drop support for EOL PyPy3.8 and PyPy3.9
• b1d4649 Add explicit support for Python 3.13
• cc42860 Bump cryptography from 42.0.4 to 43.0.1 (#3470)
• 3dae2e9 Bump pypa/gh-action-pypi-publish from 1.9.0 to 1.10.1 (#3469)
• 1e94feb Revert "Add TLS settings for HTTP/2 (#3456)" (#3466)
• aa73abc Bump actions/setup-python from 5.1.0 to 5.2.0 (#3468)
• abbfbcb Add 1.26.20 to changelog and make the publish workflow the same (#3464)
• d480615 Add TLS settings for HTTP/2 (#3456)
• Additional commits viewable in compare view

Updates coverage from 7.5.4 to 7.6.1

Changelog

Sourced from coverage's changelog.

Version 7.6.1 — 2024-08-04

• Fix: coverage used to fail when measuring code using :func:runpy.run_path <python:runpy.run_path> with a :class:Path <python:pathlib.Path> argument. This is now fixed, thanks to Ask Hjorth Larsen <pull 1819_>_.

• Fix: backslashes preceding a multi-line backslashed string could confuse the HTML report. This is now fixed, thanks to LiuYinCarl <pull 1828_>_.

• Now we publish wheels for Python 3.13, both regular and free-threaded.

.. _pull 1819: nedbat/coveragepy#1819 .. _pull 1828: nedbat/coveragepy#1828

.. _changes_7-6-0:

Version 7.6.0 — 2024-07-11

• Exclusion patterns can now be multi-line, thanks to Daniel Diniz <pull 1807_>. This enables many interesting exclusion use-cases, including those requested in issues 118 <issue 118_> (entire files), 996 <issue 996_>_ (multiple lines only when appearing together), 1741 <issue 1741_>_ (remainder of a function), and 1803 <issue 1803_>_ (arbitrary sequence of marked lines). See the :ref:multi_line_exclude section of the docs for more details and examples.

• The JSON report now includes per-function and per-class coverage information. Thanks to Daniel Diniz <pull 1809_>_ for getting the work started. This closes issue 1793_ and issue 1532_.

• Fixed an incorrect calculation of "(no class)" lines in the HTML classes report.

• Python 3.13.0b3 is supported.

.. _issue 118: nedbat/coveragepy#118 .. _issue 996: nedbat/coveragepy#996 .. _issue 1532: nedbat/coveragepy#1532 .. _issue 1741: nedbat/coveragepy#1741 .. _issue 1793: nedbat/coveragepy#1793 .. _issue 1803: nedbat/coveragepy#1803 .. _pull 1807: nedbat/coveragepy#1807 .. _pull 1809: nedbat/coveragepy#1809

.. _changes_7-5-4:

Commits

• 29f5898 docs: sample HTML for 7.6.1
• 9b829f1 docs: prep for 7.6.1
• ebbb6a2 build: wheels for 3.13rc1
• 3872525 chore: make upgrade
• 7a27f40 test: fix a test on free-threading, use abiflags to get site-packages path co...
• 2b53664 build: include gil/nogil in the version banner
• da1682f docs: changelog and contributor for #1828
• dc819ff test: two tests for #1828
• 9aaa404 fix: properly handle backslash before multi-line string (#1828)
• 9c50270 chore: make upgrade
• Additional commits viewable in compare view

Updates build from 1.2.1 to 1.2.2

Release notes

Sourced from build's releases.

Version 1.2.2

What's Changed

• Add editable to builder.get_requries_for_build's static types (PR #764, fixes issue #763)
• Include artifact attestations in our release (PR #782)
• Fix typing compatibility with typed pyproject-hooks (PR #788)
• Mark more tests with network (PR #808)
• Add more intersphinx links to docs (PR #804)
• Make uv optional for tests (PR #807 and #813)

New Contributors

• @​carlwgeorge made their first contribution in pypa/build#808
• @​edgarrmondragon made their first contribution in pypa/build#804

Full Changelog: pypa/build@1.2.1...1.2.2

Changelog

Sourced from build's changelog.

1.2.2 (2024-09-06)

• Add editable to builder.get_requries_for_build's static types (PR :pr:764, fixes issue :issue:763)
• Include artifact attestations in our release (PR :pr:782)
• Fix typing compatibility with typed pyproject-hooks (PR :pr:788)
• Mark more tests with network (PR :pr:808)
• Add more intersphinx links to docs (PR :pr:804)
• Make uv optional for tests (PR :pr:807 and :pr:813)

Commits

• 3b0b5d0 docs: changelog for 1.2.2 (#812)
• b44a886 docs: more info in README
• 8e19948 build(deps): bump actions/attest-build-provenance in the actions group (#814)
• b90956c tests: add module case to uv detection (#813)
• e79f1b3 ci: remove bot comments from generated release notes (#810)
• f6da25a pre-commit: bump repositories (#801)
• 9a52c50 tests: optional uv (#807)
• 553b700 docs: Add a few intersphinx links to the Python Packaging User Guide (#804)
• 336efcb build(deps): bump actions/attest-build-provenance in the actions group (#802)
• 73b7213 tests: mark more network tests (#808)
• Additional commits viewable in compare view

Updates tox from 4.1.2 to 4.20.0

Release notes

Sourced from tox's releases.

4.18.1

What's Changed

• Fixup the spec string for sys.executable by @​hroncok in tox-dev/tox#3327
• Fix issue link in changelog by @​schlamar in tox-dev/tox#3332
• Properly document the tox_env_teardown hook by @​kemzeb in tox-dev/tox#3333
• Add 3.13 to CI and bump deps by @​gaborbernat in tox-dev/tox#3339

New Contributors

• @​schlamar made their first contribution in tox-dev/tox#3332
• @​kemzeb made their first contribution in tox-dev/tox#3333

Full Changelog: tox-dev/tox@4.18.0...4.18.1

4.18.0

What's Changed

• Fix #3278 - Boost temporary directories cleanup in tests by @​ziima in tox-dev/tox#3323
• Fix absolute base python paths conflicting by @​gaborbernat in tox-dev/tox#3325
• Fix #3318 - Suppress spinner in parallel runs in CI by @​ziima in tox-dev/tox#3321

Full Changelog: tox-dev/tox@4.17.1...4.18.0

4.17.1

What's Changed

• Restore limited <major>.<minor> environment name support by @​gaborbernat in tox-dev/tox#3319
• fix(tox_env.python): do not process absolute paths to interpreter as PythonSpec by @​paveldikov in tox-dev/tox#3311

New Contributors

• @​paveldikov made their first contribution in tox-dev/tox#3311

Full Changelog: tox-dev/tox@4.17.0...4.17.1

4.17.0

What's Changed

• Fix user guide system overview so nodes don't overlap. by @​Tom01098 in tox-dev/tox#3307
• Table with list of default env vars per OS by @​seyidaniels in tox-dev/tox#3291
• Add GraalPy and test both GraalPy and Jython env identifiers by @​timfel in tox-dev/tox#3312
• Add on platform constat to core by @​gaborbernat in tox-dev/tox#3315

New Contributors

• @​Tom01098 made their first contribution in tox-dev/tox#3307
• @​timfel made their first contribution in tox-dev/tox#3312

... (truncated)

Changelog

Sourced from tox's changelog.

v4.20.0 (2024-09-18)

Features - 4.20.0

- Separate the list dependencies functionality to a separate abstract class allowing code reuse in plugins (such as
  ``tox-uv``) - by :gaborbernat`. (:issue:`3347`)
v4.19.0 (2024-09-17)
Features - 4.19.0

• Support pypy-<major>.<minor> environment names for PyPy environments - by :user:gaborbernat. (:issue:3346)

v4.18.1 (2024-09-07)

Bugfixes - 4.18.1

- Fix and test the string spec for the ``sys.executable`` interpreter (introduced in :pull:`3325`)
  - by :user:`hroncok` (:issue:`3327`)
Improved Documentation - 4.18.1

• Changes the tox_env_teardown docstring to explain the hook is called after a tox env was teared down. (:issue:3305)

v4.18.0 (2024-08-13)

Features - 4.18.0

- Suppress spinner in parallel runs in CI - by :user:`ziima`. (:issue:`3318`)
Bugfixes - 4.18.0

• Boost temporary directories cleanup in tests - by :user:ziima. (:issue:3278)
• Fix absolute base python paths conflicting - by :user:gaborbernat. (:issue:3325)

v4.17.1 (2024-08-07)

Bugfixes - 4.17.1

- Support for running ``-e <major>.<minor>`` has been lost, fixing it - by :user:`gaborbernat`. (:issue:`2849`)
- ``base_python`` now accepts absolute paths to interpreter executable - by :user:`paveldikov`. (:issue:`3191`)
v4.17.0 (2024-08-05)
</tr></table>

... (truncated)

Commits

• a04cc3a release 4.20.0
• 4d8f5fd Separate list dependencies to a separate installer class (#3347)
• 0cb816c YML to YAML
• 2f83624 release 4.19.0
• ed6b0dc Add pypy-major.minor environment name support (#3346)
• 8127c7f [pre-commit.ci] pre-commit autoupdate (#3345)
• 8cadfa2 [pre-commit.ci] pre-commit autoupdate (#3341)
• df34192 release 4.18.1
• 9c6f835 Add 3.13 to CI and bump deps (#3339)
• 9138e15 Bump pypa/gh-action-pypi-publish from 1.9.0 to 1.10.1 (#3338)
• Additional commits viewable in compare view

Updates ruff from 0.5.1 to 0.6.8

Release notes

Sourced from ruff's releases.

0.6.8

Release Notes

Preview features

• Remove unnecessary parentheses around match case clauses (#13510)
• Parenthesize overlong if guards in match..case clauses (#13513)
• Detect basic wildcard imports in ruff analyze graph (#13486)
• [pylint] Implement boolean-chained-comparison (R1716) (#13435)

Rule changes

• [lake8-simplify] Detect SIM910 when using variadic keyword arguments, i.e., **kwargs (#13503)
• [pyupgrade] Avoid false negatives with non-reference shadowed bindings of loop variables (UP028) (#13504)

Bug fixes

• Detect tuples bound to variadic positional arguments i.e. *args (#13512)
• Exit gracefully on broken pipe errors (#13485)
• Avoid panic when analyze graph hits broken pipe (#13484)

Performance

• Reuse BTreeSets in module resolver (#13440)
• Skip traversal for non-compound statements (#13441)

Contributors

• @​MichaReiser
• @​TomerBin
• @​charliermarsh
• @​diceroll123
• @​dylwil3
• @​haarisr
• @​renovate
• @​sbrugman
• @​vincevannoort
• @​zanieb

Install ruff 0.6.8

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.6.8/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

... (truncated)

Changelog

Sourced from ruff's changelog.

0.6.8

Preview features

• Remove unnecessary parentheses around match case clauses (#13510)
• Parenthesize overlong if guards in match..case clauses (#13513)
• Detect basic wildcard imports in ruff analyze graph (#13486)
• [pylint] Implement boolean-chained-comparison (R1716) (#13435)

Rule changes

• [lake8-simplify] Detect SIM910 when using variadic keyword arguments, i.e., **kwargs (#13503)
• [pyupgrade] Avoid false negatives with non-reference shadowed bindings of loop variables (UP028) (#13504)

Bug fixes

• Detect tuples bound to variadic positional arguments i.e. *args (#13512)
• Exit gracefully on broken pipe errors (#13485)
• Avoid panic when analyze graph hits broken pipe (#13484)

Performance

• Reuse BTreeSets in module resolver (#13440)
• Skip traversal for non-compound statements (#13441)

0.6.7

Preview features

• Add Python version support to ruff analyze CLI (#13426)
• Add exclude support to ruff analyze (#13425)
• Fix parentheses around return type annotations (#13381)

Rule changes

• [pycodestyle] Fix: Don't autofix if the first line ends in a question mark? (D400) (#13399)

Bug fixes

• Respect lint.exclude in ruff check --add-noqa (#13427)

Performance

• Avoid tracking module resolver files in Salsa (#13437)
• Use forget for module resolver database (#13438)

0.6.6

Preview features

... (truncated)

Commits

• ae39ce5 Bump version to 0.6.8 (#13522)
• ff2d214 Don't skip over imports and other nodes containing nested statements in impor...
• 9442cd8 Parenthesize match..case if guards (#13513)
• 8012707 Align formatting of patterns in match-cases with expression formatting in cla...
• d7ffe46 Disable the typeset plugin (#13517)
• 7c83af4 red-knot: Implement the not operator for all Type variants (#13432)
• bbb044e Detect tuples bound to variadic positional arguments i.e. *args (#13512)
• 4810652 Avoid UP028 false negatives with non-reference shadowed bindings of loop vari...
• 11f06e0 Detect SIM910 when using variadic keyword arguments, i.e., **kwargs (#13503)
• f27a8b8 [internal] ComparableExpr (f)strings and bytes made invariant under concate...
• Additional commits viewable in compare view

Updates mypy from 1.10.1 to 1.11.2

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next release

Mypy 1.11

We’ve just uploaded mypy 1.11 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Support Python 3.12 Syntax for Generics (PEP 695)

Mypy now supports the new type parameter syntax introduced in Python 3.12 (PEP 695). This feature is still experimental and must be enabled with the --enable-incomplete-feature=NewGenericSyntax flag, or with enable_incomplete_feature = NewGenericSyntax in the mypy configuration file. We plan to enable this by default in the next mypy feature release.

This example demonstrates the new syntax:

# Generic function
def f[T](https://github.com/python/mypy/blob/master/x: T) -> T: ...
reveal_type(f(1))  # Revealed type is 'int'
Generic class
class C[T]:
def init(self, x: T) -> None:
self.x = x
c = C('a')
reveal_type(c.x)  # Revealed type is 'str'
Type alias
type A[T] = C[list[T]]

This feature was contributed by Jukka Lehtosalo.

Support for functools.partial

Mypy now type checks uses of functools.partial. Previously mypy would accept arbitrary arguments.

This example will now produce an error:

from functools import partial
</tr></table> 

... (truncated)

Commits

• 789f02c Bump version to 1.11.2
• 917cc75 An alternative fix for a union-like literal string (#17639)
• 7d805b3 Unwrap TypedDict item types before storing (#17640)
• 32675dd Revert "Fix Literal strings containing pipe characters" (#17638)
• 778542b Revert "Fix RawExpressionType.accept crash with --cache-fine-grained" (#1...
• 14ab742 Bump version to 1.11.2+dev
• 570b90a Bump version to 1.11
• b3a102e Fix RawExpressionType.accept crash with --cache-fine-grained (#17588)
• aec04c7 Fix PEP 604 isinstance caching (#17563)
• cb44e4d Fix typing.TypeAliasType being undefined on python < 3.12 (#17558)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions