Deps: Bump the python-packages group with 7 updates

[dependabot]

Bumps the python-packages group with 7 updates:

Package	From	To
paramiko	3.5.0	3.5.1
coverage	7.6.10	7.6.11
autohooks-plugin-ruff	24.1.0	25.2.0
autohooks	24.2.0	25.2.0
beautifulsoup4	4.13.0	4.13.3
mypy	1.14.1	1.15.0
ruff	0.9.4	0.9.5

Updates paramiko from 3.5.0 to 3.5.1

Commits

• ed8b097 Cut 3.5.1
• 1d9e496 Changelog re #2490, closes #2490
• 3acc790 When decrypting a private key, unpad it before deserialization
• See full diff in compare view

Updates coverage from 7.6.10 to 7.6.11

Changelog

Sourced from coverage's changelog.

Version 7.6.11 — 2025-02-08

• Fix: a memory leak in CTracer has been fixed. The details are in issue 1924_ and pytest-dev 676_. This should reduce the memory footprint for everyone even if it hadn't caused a problem before.

• We now ship a py3-none-any.whl wheel file. Thanks, Russell Keith-Magee <pull 1914_>_.

.. _pull 1914: nedbat/coveragepy#1914 .. _issue 1924: nedbat/coveragepy#1924 .. _pytest-dev 676: pytest-dev/pytest-cov#676

.. _changes_7-6-10:

Commits

• a20898d docs: sample HTML for 7.6.11
• 938d519 docs: prep for 7.6.11
• 27ee4ff test: free-threading builds were failing the old leak test #1924
• f473b87 test: it could be useful to disable branch coverage in this helper
• f85d9b7 fix: prevent code objects from leaking #1924
• ae8d3b9 chore: make upgrade
• 156981f build: zizmor can't tell this is safe
• 6603021 chore: bump the action-dependencies group with 6 updates (#1922)
• d6a1e5b test: run the pytracer first so .tox is left with a c extension for ad-hoc use
• cd2db93 docs: a reminder about when RESUME applies
• Additional commits viewable in compare view

Updates autohooks-plugin-ruff from 24.1.0 to 25.2.0

Commits

• See full diff in compare view

Updates autohooks from 24.2.0 to 25.2.0

Release notes

Sourced from autohooks's releases.

autohooks 25.2.0

[25.2.0] - 2025-02-04

Added

• Allow to check if a Config has a key 52e7ea9
• Allow to load a config from a string b4ea89a

Changed

• Use poetry group for declaring dev dependencies b54e905

Bug Fixes

• Linting in CI via ruff check f2d11b9

Dependencies

• Bump the dependencies group with 9 updates 537b609
• Bump semver from 3.0.3 to 3.0.4 in the dependencies group 0a98d0e
• Bump the dependencies group with 2 updates cd3f0ce
• Bump the dependencies group with 3 updates 6a7fb3a
• Bump the dependencies group with 4 updates 1f7613e
• Bump the dependencies group with 2 updates b2514f1
• Bump the dependencies group with 6 updates 64b2a77
• Bump the dependencies group with 3 updates 10360c4
• Bump the dependencies group across 1 directory with 7 updates 1d6668b
• Bump the dependencies group with 4 updates a13a639
• Bump the dependencies group with 3 updates 098b784
• Bump the dependencies group with 2 updates 91afcd9
• Bump the dependencies group with 3 updates 382ce0a
• Bump the dependencies group with 5 updates ba996b3
• Bump the dependencies group with 6 updates 21ac5b6
• Bump the dependencies group with 4 updates 6a198a6
• Bump ruff from 0.6.7 to 0.6.8 in the dependencies group (#684) 23c66dc
• Bump the dependencies group with 3 updates d238e5a
• Bump the dependencies group with 8 updates 885cd29
• Bump the dependencies group across 1 directory with 7 updates 9e3d9e2
• Bump the dependencies group with 4 updates b899778
• Bump the dependencies group with 3 updates cd28f75
• Bump the dependencies group with 6 updates 55374a1
• Bump the dependencies group with 4 updates 6ab3546
• Bump the dependencies group with 7 updates 740fd7e
• Bump the dependencies group with 6 updates 027c99a
• Bump the dependencies group with 4 updates 152fb36
• Bump the dependencies group across 1 directory with 4 updates c812998
• Bump certifi from 2024.6.2 to 2024.7.4 02c703d
• Bump urllib3 from 2.2.1 to 2.2.2 f59e430
• Bump ruff from 0.4.8 to 0.4.9 in the dependencies group 7dd2970
• Bump the dependencies group with 4 updates 751534b
• Bump the dependencies group with 6 updates b5a7ce0
• Bump the dependencies group with 6 updates a2e3a37
• Bump the dependencies group with 3 updates 4138aac
• Bump the dependencies group with 4 updates aaecf68

... (truncated)

Commits

• 3179489 Automatic release to 25.2.0
• 52e7ea9 Add: Allow to check if a Config has a key
• b4ea89a Add: Allow to load a config from a string
• 232e20d Update beatifulsoup4 dependency
• b54e905 Change: Use poetry group for declaring dev dependencies
• 537b609 Deps: Bump the dependencies group with 9 updates
• 0a98d0e Deps: Bump semver from 3.0.3 to 3.0.4 in the dependencies group
• cd3f0ce Deps: Bump the dependencies group with 2 updates
• 6a7fb3a Deps: Bump the dependencies group with 3 updates
• 1f7613e Deps: Bump the dependencies group with 4 updates
• Additional commits viewable in compare view

Updates beautifulsoup4 from 4.13.0 to 4.13.3

Updates mypy from 1.14.1 to 1.15.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

...

Mypy 1.15

We’ve just uploaded mypy 1.15 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Performance Improvements

Mypy is up to 40% faster in some use cases. This improvement comes largely from tuning the performance of the garbage collector. Additionally, the release includes several micro-optimizations that may be impactful for large projects.

Contributed by Jukka Lehtosalo

• PR 18306
• PR 18302
• PR 18298
• PR 18299

Mypyc Accelerated Mypy Wheels for ARM Linux

For best performance, mypy can be compiled to C extension modules using mypyc. This makes mypy 3-5x faster than when interpreted with pure Python. We now build and upload mypyc accelerated mypy wheels for manylinux_aarch64 to PyPI, making it easy for Linux users on ARM platforms to realise this speedup -- just pip install the latest mypy.

Contributed by Christian Bundy and Marc Mueller (PR mypy_mypyc-wheels#76, PR mypy_mypyc-wheels#89).

--strict-bytes

By default, mypy treats bytearray and memoryview values as assignable to the bytes type, for historical reasons. Use the --strict-bytes flag to disable this behavior. PEP 688 specified the removal of this special case. The flag will be enabled by default in mypy 2.0.

Contributed by Ali Hamdan (PR 18263) and Shantanu Jain (PR 13952).

Improvements to Reachability Analysis and Partial Type Handling in Loops

... (truncated)

Commits

• 9397454 remove +dev from version ahead of final release
• 686b591 remove "unreleased" from 1.15 changelog entry
• cb4b243 Various small updates to 1.15 changelog (#18599)
• 1a26502 Prepare changelog for 1.15 release (#18583)
• d4515e4 Fix a few PR links in the changelog (#18586)
• f83b643 Add object self-type to tuple test fixture (#18592)
• ebc2cb8 Prevent crash on generic NamedTuple with unresolved typevar bound (#18585)
• 63c251e empty commit to trigger wheel rebuild
• c30573e Fix literal context for ternary expressions (for real) (#18545)
• 23d862d Fix isinstance with explicit (non generic) type alias (#18512)
• Additional commits viewable in compare view

Updates ruff from 0.9.4 to 0.9.5

Release notes

Sourced from ruff's releases.

0.9.5

Release Notes

Preview features

• Recognize all symbols named TYPE_CHECKING for in_type_checking_block (#15719)
• [flake8-comprehensions] Handle builtins at top of file correctly for unnecessary-dict-comprehension-for-iterable (C420) (#15837)
• [flake8-logging] .exception() and exc_info= outside exception handlers (LOG004, LOG014) (#15799)
• [flake8-pyi] Fix incorrect behaviour of custom-typevar-return-type preview-mode autofix if typing was already imported (PYI019) (#15853)
• [flake8-pyi] Fix more complex cases (PYI019) (#15821)
• [flake8-pyi] Make PYI019 autofixable for .py files in preview mode as well as stubs (#15889)
• [flake8-pyi] Remove type parameter correctly when it is the last (PYI019) (#15854)
• [pylint] Fix missing parens in unsafe fix for unnecessary-dunder-call (PLC2801) (#15762)
• [pyupgrade] Better messages and diagnostic range (UP015) (#15872)
• [pyupgrade] Rename private type parameters in PEP 695 generics (UP049) (#15862)
• [refurb] Also report non-name expressions (FURB169) (#15905)
• [refurb] Mark fix as unsafe if there are comments (FURB171) (#15832)
• [ruff] Classes with mixed type variable style (RUF053) (#15841)
• [airflow] BashOperator has been moved to airflow.providers.standard.operators.bash.BashOperator (AIR302) (#15922)
• [flake8-pyi] Add autofix for unused-private-type-var (PYI018) (#15999)
• [flake8-pyi] Significantly improve accuracy of PYI019 if preview mode is enabled (#15888)

Rule changes

• Preserve triple quotes and prefixes for strings (#15818)
• [flake8-comprehensions] Skip when TypeError present from too many (kw)args for C410,C411, and C418 (#15838)
• [flake8-pyi] Rename PYI019 and improve its diagnostic message (#15885)
• [pep8-naming] Ignore @override methods (N803) (#15954)
• [pyupgrade] Reuse replacement logic from UP046 and UP047 to preserve more comments (UP040) (#15840)
• [ruff] Analyze deferred annotations before enforcing mutable-(data)class-default and function-call-in-dataclass-default-argument (RUF008,RUF009,RUF012) (#15921)
• [pycodestyle] Exempt sys.path += ... calls (E402) (#15980)

Configuration

• Config error only when flake8-import-conventions alias conflicts with isort.required-imports bound name (#15918)
• Workaround Even Better TOML crash related to allOf (#15992)

Bug fixes

• [flake8-comprehensions] Unnecessary list comprehension (rewrite as a set comprehension) (C403) - Handle extraneous parentheses around list comprehension (#15877)
• [flake8-comprehensions] Handle trailing comma in fixes for unnecessary-generator-list/set (C400,C401) (#15929)
• [flake8-pyi] Fix several correctness issues with custom-type-var-return-type (PYI019) (#15851)
• [pep8-naming] Consider any number of leading underscore for N801 (#15988)
• [pyflakes] Visit forward annotations in TypeAliasType as types (F401) (#15829)
• [pylint] Correct min/max auto-fix and suggestion for (PL1730) (#15930)
• [refurb] Handle unparenthesized tuples correctly (FURB122, FURB142) (#15953)
• [refurb] Avoid None | None as well as better detection and fix (FURB168) (#15779)

Documentation

... (truncated)

Changelog

Sourced from ruff's changelog.

0.9.5

Preview features

• Recognize all symbols named TYPE_CHECKING for in_type_checking_block (#15719)
• [flake8-comprehensions] Handle builtins at top of file correctly for unnecessary-dict-comprehension-for-iterable (C420) (#15837)
• [flake8-logging] .exception() and exc_info= outside exception handlers (LOG004, LOG014) (#15799)
• [flake8-pyi] Fix incorrect behaviour of custom-typevar-return-type preview-mode autofix if typing was already imported (PYI019) (#15853)
• [flake8-pyi] Fix more complex cases (PYI019) (#15821)
• [flake8-pyi] Make PYI019 autofixable for .py files in preview mode as well as stubs (#15889)
• [flake8-pyi] Remove type parameter correctly when it is the last (PYI019) (#15854)
• [pylint] Fix missing parens in unsafe fix for unnecessary-dunder-call (PLC2801) (#15762)
• [pyupgrade] Better messages and diagnostic range (UP015) (#15872)
• [pyupgrade] Rename private type parameters in PEP 695 generics (UP049) (#15862)
• [refurb] Also report non-name expressions (FURB169) (#15905)
• [refurb] Mark fix as unsafe if there are comments (FURB171) (#15832)
• [ruff] Classes with mixed type variable style (RUF053) (#15841)
• [airflow] BashOperator has been moved to airflow.providers.standard.operators.bash.BashOperator (AIR302) (#15922)
• [flake8-pyi] Add autofix for unused-private-type-var (PYI018) (#15999)
• [flake8-pyi] Significantly improve accuracy of PYI019 if preview mode is enabled (#15888)

Rule changes

• Preserve triple quotes and prefixes for strings (#15818)
• [flake8-comprehensions] Skip when TypeError present from too many (kw)args for C410,C411, and C418 (#15838)
• [flake8-pyi] Rename PYI019 and improve its diagnostic message (#15885)
• [pep8-naming] Ignore @override methods (N803) (#15954)
• [pyupgrade] Reuse replacement logic from UP046 and UP047 to preserve more comments (UP040) (#15840)
• [ruff] Analyze deferred annotations before enforcing mutable-(data)class-default and function-call-in-dataclass-default-argument (RUF008,RUF009,RUF012) (#15921)
• [pycodestyle] Exempt sys.path += ... calls (E402) (#15980)

Configuration

• Config error only when flake8-import-conventions alias conflicts with isort.required-imports bound name (#15918)
• Workaround Even Better TOML crash related to allOf (#15992)

Bug fixes

• [flake8-comprehensions] Unnecessary list comprehension (rewrite as a set comprehension) (C403) - Handle extraneous parentheses around list comprehension (#15877)
• [flake8-comprehensions] Handle trailing comma in fixes for unnecessary-generator-list/set (C400,C401) (#15929)
• [flake8-pyi] Fix several correctness issues with custom-type-var-return-type (PYI019) (#15851)
• [pep8-naming] Consider any number of leading underscore for N801 (#15988)
• [pyflakes] Visit forward annotations in TypeAliasType as types (F401) (#15829)
• [pylint] Correct min/max auto-fix and suggestion for (PL1730) (#15930)
• [refurb] Handle unparenthesized tuples correctly (FURB122, FURB142) (#15953)
• [refurb] Avoid None | None as well as better detection and fix (FURB168) (#15779)

Documentation

• Add deprecation warning for ruff-lsp related settings (#15850)

... (truncated)

Commits

• 10d3e64 Bump version to 0.9.5 (#16002)
• 84ceddc [ruff] Classes with mixed type variable style (RUF053) (#15841)
• ba2f0e9 [flake8-pyi] Add autofix for unused-private-type-var (PYI018) (#15999)
• 18b497a [red-knot] Fixup a couple of nits in the red_knot_test README (#15996)
• 7cac0da Workaround Even Better TOML crash related to allOf (#15992)
• b66cc94 Add deprecation warning for ruff-lsp related settings (#15850)
• e345307 [red-knot] Fix diagnostic range for non-iterable unpacking assignments (#15994)
• 5588c75 [red-knot] Fix relative imports in src.root (#15990)
• 9d2105b add instance variable examples to RUF012 (#15982)
• 8fcac0f Recognize all symbols named TYPE_CHECKING for in_type_checking_block (#15...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ❌ 1 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 5ca74a9.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

poetry.lock

Package	Version	License	Issue Type
ruff	0.9.5	0BSD AND Apache-2.0 AND BSD-3-Clause AND MIT	Incompatible License
beautifulsoup4	4.13.3	Null	Unknown License
mypy	1.15.0	Null	Unknown License

Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-or-later, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-DFS-2016, Unlicense, Zlib

OpenSSF Scorecard

Package	Version	Score	Details
pip/autohooks	25.2.0	🟢 6.9	Details Check Score Reason Maintained 🟢 10 18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 6 Found 3/5 approved changesets -- score normalized to 6 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy 🟢 10 security policy file detected SAST 🟢 10 SAST tool is run on all commits
pip/autohooks-plugin-ruff	25.2.0	Unknown	Unknown
pip/beautifulsoup4	4.13.3	Unknown	Unknown
pip/coverage	7.6.11	🟢 8.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 1 Found 3/29 approved changesets -- score normalized to 1 Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Fuzzing 🟢 10 project is fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits
pip/mypy	1.15.0	🟢 7.3	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/paramiko	3.5.1	🟢 5.1	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ -1 No tokens found Maintained ⚠️ 2 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 Dangerous-Workflow ⚠️ -1 no workflows found Packaging ⚠️ -1 packaging workflow not detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
pip/ruff	0.9.5	Unknown	Unknown

Scanned Files

• poetry.lock

[github-actions]

Conventional Commits Report

Type	Number
Dependencies	1

🚀 Conventional commits found.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 97.74%. Comparing base (02311f6) to head (5ca74a9).
Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1200   +/-   ##
=======================================
  Coverage   97.74%   97.74%           
=======================================
  Files          71       71           
  Lines        4967     4967           
  Branches      895      895           
=======================================
  Hits         4855     4855           
  Misses         76       76           
  Partials       36       36           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.