Skip to content

Deps: Bump the python-packages group with 4 updates #1250

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
greenbonebot merged 1 commit into from
Jul 28, 2025
Merged

Deps: Bump the python-packages group with 4 updates #1250

greenbonebot merged 1 commit into from
Jul 28, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 28, 2025

Bumps the python-packages group with 4 updates: coverage, git-cliff, rich and ruff.

Updates coverage from 7.9.2 to 7.10.1

Changelog

Sourced from coverage's changelog.

Version 7.10.1 — 2025-07-27

  • Fix: the exclusion for if TYPE_CHECKING: was wrong: it marked the branch as partial, but it should have been a line exclusion so the entire clause would be excluded. Improves issue 831_.

  • Fix: changed where .pth files are written for patch = subprocess, closing issue 2006_.

.. _issue 2006: nedbat/coveragepy#2006

.. _changes_7-10-0:

Version 7.10.0 — 2025-07-24

  • A new configuration option: ":ref:config_run_patch" specifies named patches to work around some limitations in coverage measurement. These patches are available:

    • patch = _exit lets coverage save its data even when :func:os._exit() <python:os._exit> is used to abruptly end the process. This closes long-standing issue 310_ as well as its duplicates: issue 312, issue 1673, issue 1845, and issue 1941.

    • patch = subprocess measures coverage in Python subprocesses created with :mod:subprocess, :func:os.system, or one of the :func:execv <python:os.execl> or :func:spawnv <python:os.spawnl> family of functions. Closes old issue 367_ and duplicate issue 378_.

    • patch = execv adjusts the :func:execv <python:os.execl> family of functions to save coverage data before ending the current program and starting the next. Not available on Windows. Closes issue 43_ after 15 years!

  • The HTML report now dimly colors subsequent lines in multi-line statements. They used to have no color. This gives a better indication of the amount of code missing in the report. Closes issue 1308_.

  • Two new exclusion patterns are part of the defaults: ... is automatically excluded as a line and if TYPE_CHECKING: is excluded as a branch. Closes issue 831_.

  • A new command-line option: --save-signal=USR1 specifies a signal that coverage.py will listen for. When the signal is sent, the coverage data will be saved. This makes it possible to save data from within long-running processes. Thanks, Arkady Gilinsky <pull 1998_>_.

... (truncated)

Commits
  • 7fdcbeb docs: sample HTML for 7.10.1
  • c9e9625 docs: prep for 7.10.1
  • e8193ff chore: make upgrade
  • 9aad22a test: improve the if TYPE_CHECKING: exclusion test
  • 1e2f41a fix: excluding TYPE_CHECKING should have been the line not the branch
  • 2134e57 fix: use getsitepackages for writing .pth files. #2006
  • a4300a7 test: signal statuses are mysterious. #2008
  • 2fd4961 docs: update the man page, for once
  • a13607f build: comment_on_fixes should show html urls
  • 0f00d49 build: bump version to 7.10.1
  • Additional commits viewable in compare view

Updates git-cliff from 2.9.1 to 2.10.0

Release notes

Sourced from git-cliff's releases.

Release v2.10.0

animation

2.10.0 - 2025-07-27

⛰️ Features

  • (config) Support using include and exclude paths in the config (#1173) - (7c2f922)
  • (parser) Support regex matching on JSON arrays with scalar elements (#1163) - (dc458ea)
  • (template) Support adding commit statistics to the changelog (#1151) - (05a50d7)

🐛 Bug Fixes

  • (config) [breaking] Use empty header and footer as default (#1161) (#1172) - (3e9311e)
  • (config) Check if commit.footers is defined in detailed example (#1170) - (078545f)
  • (fixtures) Update expected.md after config change (#1176) - (76d3e81)
  • (generation) Ensure skip_tags condition is evaluated first (#1190) - (318be66)
  • (repo) Use the correct order while diffing paths (#1188) - (ff6c310)

🚜 Refactor

  • (ci) Apply security best practices (#1180) - (a32deca)
  • (config) Implement FromStr instead of Config::parse_from_str() (#1185) - (692345e)
  • (test) Standardize unit tests for commit module (#1147) - (0446d6a)

📚 Documentation

  • (context) Add example usage for statistics (#1162) - (4f7379a)
  • (quickstart) Remove repetitive words (#1200) - (434f9ee)
  • (readme) Fix twitter badge (#1164) - (68bd85e)
  • (readme) Polish badges (#1159) - (941cc2b)
  • (remote) Fix inconsistency in remote integration documentation (#1165) - (deb29dc)
  • (website) Add highlights for 2.10.0 (#1225) - (a3fe8c9)
  • (website) Add installation instructions for gentoo-linux (#1203) - (07fe6bf)

🎨 Styling

  • (formatting) Use spaces instead of tabs (#1184) - (0027300)

🧪 Testing

  • (fixture) Add test fixture for overriding the conventional scope (#1166) - (cb84a08)

⚙️ Miscellaneous Tasks

  • (build) Bump MSRV to 1.85.1 - (d8279d4)
  • (cd) Use macos-15 runner - (c156fc5)
  • (cd) Re-enable sccache for maturin - (871c3c9)
  • (crate) Remove Rust nightly requirement - (4f3e5af)
  • (fixture) Update test-regex-json-array fixture (#1178) - (95f4056)

... (truncated)

Changelog

Sourced from git-cliff's changelog.

2.10.0 - 2025-07-27

⛰️ Features

  • (config) Support using include and exclude paths in the config (#1173) - (7c2f922)
  • (parser) Support regex matching on JSON arrays with scalar elements (#1163) - (dc458ea)
  • (template) Support adding commit statistics to the changelog (#1151) - (05a50d7)

🐛 Bug Fixes

  • (config) [breaking] Use empty header and footer as default (#1161) (#1172) - (3e9311e)
  • (config) Check if commit.footers is defined in detailed example (#1170) - (078545f)
  • (fixtures) Update expected.md after config change (#1176) - (76d3e81)
  • (generation) Ensure skip_tags condition is evaluated first (#1190) - (318be66)
  • (repo) Use the correct order while diffing paths (#1188) - (ff6c310)

🚜 Refactor

  • (ci) Apply security best practices (#1180) - (a32deca)
  • (config) Implement FromStr instead of Config::parse_from_str() (#1185) - (692345e)
  • (test) Standardize unit tests for commit module (#1147) - (0446d6a)

📚 Documentation

  • (context) Add example usage for statistics (#1162) - (4f7379a)
  • (quickstart) Remove repetitive words (#1200) - (434f9ee)
  • (readme) Fix twitter badge (#1164) - (68bd85e)
  • (readme) Polish badges (#1159) - (941cc2b)
  • (remote) Fix inconsistency in remote integration documentation (#1165) - (deb29dc)
  • (website) Add highlights for 2.10.0 (#1225) - (a3fe8c9)
  • (website) Add installation instructions for gentoo-linux (#1203) - (07fe6bf)

🎨 Styling

  • (formatting) Use spaces instead of tabs (#1184) - (0027300)

🧪 Testing

  • (fixture) Add test fixture for overriding the conventional scope (#1166) - (cb84a08)

⚙️ Miscellaneous Tasks

  • (build) Bump MSRV to 1.85.1 - (d8279d4)
  • (cd) Use macos-15 runner - (c156fc5)
  • (cd) Re-enable sccache for maturin - (871c3c9)
  • (crate) Remove Rust nightly requirement - (4f3e5af)
  • (fixture) Update test-regex-json-array fixture (#1178) - (95f4056)
  • (format) Format module imports for readability (#1183) - (6db7d49)
  • (git) Add .git-blame-ignore-revs - (5b64131)
  • (npm) Bump git-cliff to 2.9.1 (#1156) - (e13b158)

... (truncated)

Commits
  • 8b5a547 chore(release): prepare for v2.10.0
  • e95b504 chore(release): prepare for v2.10.0-rc.0
  • a3fe8c9 docs(website): add highlights for 2.10.0 (#1225)
  • 5b64131 chore(git): add .git-blame-ignore-revs
  • 0027300 style(formatting): use spaces instead of tabs (#1184)
  • e721a88 chore(deps-dev): bump @​types/node in /npm/git-cliff
  • d6055bd chore(deps): update NPM dependencies
  • d8279d4 chore(build): bump MSRV to 1.85.1
  • cf1085f chore(deps): revert execa bump
  • f593eb5 chore(deps): revert cacache bump
  • Additional commits viewable in compare view

Updates rich from 14.0.0 to 14.1.0

Release notes

Sourced from rich's releases.

The Lively Release

Live objects may now be nested. Previously a progress bar inside another progress context would fail. See the changelog below for this and other changes.

[14.1.0] - 2025-06-25

Changed

Fixed

Added

  • Added TTY_INTERACTIVE environment variable to force interactive mode off or on Textualize/rich#3777
Changelog

Sourced from rich's changelog.

[14.1.0] - 2025-06-25

Changed

Fixed

Added

  • Added TTY_INTERACTIVE environment variable to force interactive mode off or on Textualize/rich#3777
Commits

Updates ruff from 0.12.4 to 0.12.5

Release notes

Sourced from ruff's releases.

0.12.5

Release Notes

Preview features

  • [flake8-use-pathlib] Add autofix for PTH101, PTH104, PTH105, PTH121 (#19404)
  • [ruff] Support byte strings (RUF055) (#18926)

Bug fixes

  • Fix unreachable panic in parser (#19183)
  • [flake8-pyi] Skip fix if all Union members are None (PYI016) (#19416)
  • [perflint] Parenthesize generator expressions (PERF401) (#19325)
  • [pylint] Handle empty comments after line continuation (PLR2044) (#19405)

Rule changes

  • [pep8-naming] Fix N802 false positives for CGIHTTPRequestHandler and SimpleHTTPRequestHandler (#19432)

Contributors

Install ruff 0.12.5

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.12.5/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

... (truncated)

Changelog

Sourced from ruff's changelog.

0.12.5

Preview features

  • [flake8-use-pathlib] Add autofix for PTH101, PTH104, PTH105, PTH121 (#19404)
  • [ruff] Support byte strings (RUF055) (#18926)

Bug fixes

  • Fix unreachable panic in parser (#19183)
  • [flake8-pyi] Skip fix if all Union members are None (PYI016) (#19416)
  • [perflint] Parenthesize generator expressions (PERF401) (#19325)
  • [pylint] Handle empty comments after line continuation (PLR2044) (#19405)

Rule changes

  • [pep8-naming] Fix N802 false positives for CGIHTTPRequestHandler and SimpleHTTPRequestHandler (#19432)
Commits
  • d13228a Bump 0.12.5 (#19528)
  • 9461d30 [ty] Rename type_api => ty_extensions (#19523)
  • 63d1d33 [ty] Added support for "go to references" in ty playground. (#19516)
  • e0149cd [ty] Return a tuple spec from the iterator protocol (#19496)
  • 2a00eca [ty] Exhaustiveness checking & reachability for match statements (#19508)
  • 3d17897 [ty] Fix narrowing and reachability of class patterns with arguments (#19512)
  • fa1df4c [ty] Implemented partial support for "find references" language server featur...
  • 89258f1 [flake8-use-pathlib] Add autofix for PTH101, PTH104, PTH105, PTH121...
  • 1dcef1a [perflint] Parenthesize generator expressions (PERF401) (#19325)
  • ba629fe [pep8-naming] Fix N802 false positives for CGIHTTPRequestHandler and `S...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Deps: Bump the python-packages group with 4 updates
cf7c12b 
Bumps the python-packages group with 4 updates: [coverage](https://github.com/nedbat/coveragepy), [git-cliff](https://github.com/orhun/git-cliff), [rich](https://github.com/Textualize/rich) and [ruff](https://github.com/astral-sh/ruff).


Updates `coverage` from 7.9.2 to 7.10.1
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.9.2...7.10.1)

Updates `git-cliff` from 2.9.1 to 2.10.0
- [Release notes](https://github.com/orhun/git-cliff/releases)
- [Changelog](https://github.com/orhun/git-cliff/blob/main/CHANGELOG.md)
- [Commits](orhun/git-cliff@v2.9.1...v2.10.0)

Updates `rich` from 14.0.0 to 14.1.0
- [Release notes](https://github.com/Textualize/rich/releases)
- [Changelog](https://github.com/Textualize/rich/blob/master/CHANGELOG.md)
- [Commits](Textualize/rich@v14.0.0...v14.1.0)

Updates `ruff` from 0.12.4 to 0.12.5
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.12.4...0.12.5)

---
updated-dependencies:
- dependency-name: coverage
  dependency-version: 7.10.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: git-cliff
  dependency-version: 2.10.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: rich
  dependency-version: 14.1.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: ruff
  dependency-version: 0.12.5
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jul 28, 2025
@dependabot dependabot bot requested review from a team as code owners July 28, 2025 06:08
@github-actions
Copy link

github-actions bot commented Jul 28, 2025

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA cf7c12b.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

PackageVersionScoreDetails
pip/coverage 7.10.1 🟢 8.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Code-Review⚠️ 0Found 1/29 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices🟢 5badge detected: Passing
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
Fuzzing🟢 10project is fuzzed
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool is run on all commits
pip/git-cliff 2.10.0 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 7Found 21/29 approved changesets -- score normalized to 7
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Packaging🟢 10packaging workflow detected
Pinned-Dependencies🟢 10all dependencies are pinned
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases🟢 85 out of the last 5 releases have a total of 5 signed artifacts.
SAST🟢 7SAST tool detected but not run on all commits
Vulnerabilities⚠️ 034 existing vulnerabilities detected
pip/rich 14.1.0 🟢 7.2
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 3Found 5/16 approved changesets -- score normalized to 3
Maintained🟢 1030 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities🟢 91 existing vulnerabilities detected
SAST🟢 9SAST tool detected but not run on all commits
pip/ruff 0.12.5 UnknownUnknown

Scanned Files

  • poetry.lock

@greenbonebot greenbonebot enabled auto-merge (rebase) July 28, 2025 06:08
@github-actions
Copy link

github-actions bot commented Jul 28, 2025

Conventional Commits Report

Type Number
Dependencies 1

🚀 Conventional commits found.

@greenbonebot greenbonebot merged commit 7e8feb6 into main Jul 28, 2025
22 checks passed
@greenbonebot greenbonebot deleted the dependabot/pip/python-packages-4448c434fd branch July 28, 2025 06:09
@codecov
Copy link

codecov bot commented Jul 28, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.17%. Comparing base (73e8626) to head (cf7c12b).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1250      +/-   ##
==========================================
+ Coverage   98.05%   98.17%   +0.12%     
==========================================
  Files          86       86              
  Lines        5720     5713       -7     
  Branches     1003      996       -7     
==========================================
  Hits         5609     5609              
  Misses         75       75              
+ Partials       36       29       -7

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bjoernricks bjoernricks bjoernricks approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bjoernricks @greenbonebot