Skip to content

deps(python): bump the pip group across 1 directory with 7 updates #7265

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ferrarimarco merged 1 commit into from
Dec 10, 2025
Merged

deps(python): bump the pip group across 1 directory with 7 updates #7265

ferrarimarco merged 1 commit into from
Dec 10, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 8, 2025
edited
Loading

Bumps the pip group with 7 updates in the /dependencies/python directory:

Package From To
zizmor 1.16.3 1.18.0
snakemake 9.13.7 9.14.1
cfn-lint 1.41.0 1.42.0
ruff 0.14.6 0.14.7
mypy 1.18.2 1.19.0
pylint 4.0.3 4.0.4
ansible-lint 25.11.0 25.12.0

Updates zizmor from 1.16.3 to 1.18.0

Release notes

Sourced from zizmor's releases.

v1.18.0

Enhancements 🌱🔗

Bug Fixes 🐛🔗

  • Fixed additional edge cases where auto-fixed would fail to preserve a document's final newline (#1372)

v1.18.0-rc3

No release notes provided.

v1.18.0-rc2

No release notes provided.

v1.18.0-rc1

No release notes provided.

v1.17.0

Enhancements 🌱🔗

  • zizmor now produces a more useful error message when asked to collect only workflows from a remote input that contains no workflows (#1324)

  • zizmor now produces more precise severities on actions/checkout versions that have more misuse-resistant credentials persistence behavior (#1353)

    Many thanks to @​ManuelLerchnerQC for proposing and implementing this improvement!

  • The use-trusted-publishing audit now correctly detecting more "dry-run" patterns, making it significantly more accurate (#1357)

  • The obfuscation audit now detects usages of shell: cmd and similar, as the Windows CMD shell lacks a formal grammar and limits analysis of run: blocks in other audits (#1361)

Performance Improvements 🚄🔗

  • zizmor's core has been refactored to be asynchronous, making online and I/O-heavy audits significantly faster. Typical user workloads should see speedups of 40% to 70% (#1314)

Bug Fixes 🐛🔗

  • Fixed a bug where auto-fixes would fail to preserve a document's final newline (#1323)

  • zizmor now uses the native (OS) TLS roots when performing HTTPS requests, improving compatibility with user environments that perform TLS interception (#1328)

  • The github-env audit now falls back to assuming bash-like shell syntax in run: blocks if it can't infer the shell being used (#1336)

  • The concurrency-limits audit now correctly detects job-level concurrency settings, in addition to workflow-level settings (#1338)

... (truncated)

Changelog

Sourced from zizmor's changelog.

1.18.0

Enhancements 🌱

  • The [use-trusted-publishing] audit now detects NuGet publishing commands (#1369)

  • The [dependabot-cooldown] audit now flags cooldown periods of less than 7 days by default (#1375)

  • The [dependabot-cooldown] audit can now be configured with a custom minimum cooldown period via rules.dependabot-cooldown.config.days (#1377)

  • zizmor now produces slightly more useful error messages when the user supplies an invalid configuration for the [forbidden-uses] audit (#1381)

Bug Fixes 🐛

  • Fixed additional edge cases where auto-fixed would fail to preserve a document's final newline (#1372)

1.17.0

Enhancements 🌱

  • zizmor now produces a more useful error message when asked to collect only workflows from a remote input that contains no workflows (#1324)

  • zizmor now produces more precise severities on @​actions/checkout versions that have more misuse-resistant credentials persistence behavior (#1353)

    Many thanks to @​ManuelLerchnerQC for proposing and implementing this improvement!

  • The [use-trusted-publishing] audit now correctly detecting more "dry-run" patterns, making it significantly more accurate (#1357)

  • The [obfuscation] audit now detects usages of #!yaml shell: cmd and similar, as the Windows CMD shell lacks a formal grammar and limits analysis of #!yaml run: blocks in other audits (#1361)

Performance Improvements 🚄

  • zizmor's core has been refactored to be asynchronous, making online and I/O-heavy audits significantly faster. Typical user workloads should see speedups of 40% to 70% (#1314)

Bug Fixes 🐛

  • Fixed a bug where auto-fixes would fail to preserve a document's final

... (truncated)

Commits

Updates snakemake from 9.13.7 to 9.14.1

Release notes

Sourced from snakemake's releases.

v9.14.1

9.14.1 (2025-12-02)

Bug Fixes

  • always raise FileNotFoundError in case of missing files in resource expressions that do size evaluations (#3854) (0f1991a)
  • ensure that spawned jobs do not handle retries themselves. The main process does that. (#3855) (396271b)

v9.14.0

9.14.0 (2025-11-27)

Features

Bug Fixes

  • Add support for pathlib in notebook field (#3811) (7b2180a)
  • Addressed race condition in workdir_handler.py (#3844) (8dbfcfb)
  • cleanup update-marked output files of failed jobs if there was no backup to restore them (#3843) (41f1ce8)
  • correct Windows callable path handling (#3832) (5caad70)
  • expand env vars on resources (#3823) (fcfa1bc)
  • fix backup for output marked by update (#3839) (09c64b7)
  • Minor fixes/additions to logging module. (#3802) (3b3986d)
  • mount local storage prefix into containers (#3840) (f1e8b62)
  • properly format input/output files in case of missing rule to produce them (#3849) (69d5d24)
  • Unpack AnnotatedString in _apply_wildcards (#3798) (7886508)

Performance Improvements

  • retrieve storage inputs immediately before scheduling jobs instead of before running the entire workflow (#3850) (4ac6cda)
Changelog

Sourced from snakemake's changelog.

9.14.1 (2025-12-02)

Bug Fixes

  • always raise FileNotFoundError in case of missing files in resource expressions that do size evaluations (#3854) (0f1991a)
  • ensure that spawned jobs do not handle retries themselves. The main process does that. (#3855) (396271b)

9.14.0 (2025-11-27)

Features

Bug Fixes

  • Add support for pathlib in notebook field (#3811) (7b2180a)
  • Addressed race condition in workdir_handler.py (#3844) (8dbfcfb)
  • cleanup update-marked output files of failed jobs if there was no backup to restore them (#3843) (41f1ce8)
  • correct Windows callable path handling (#3832) (5caad70)
  • expand env vars on resources (#3823) (fcfa1bc)
  • fix backup for output marked by update (#3839) (09c64b7)
  • Minor fixes/additions to logging module. (#3802) (3b3986d)
  • mount local storage prefix into containers (#3840) (f1e8b62)
  • properly format input/output files in case of missing rule to produce them (#3849) (69d5d24)
  • Unpack AnnotatedString in _apply_wildcards (#3798) (7886508)

Performance Improvements

  • retrieve storage inputs immediately before scheduling jobs instead of before running the entire workflow (#3850) (4ac6cda)
Commits
  • 476e110 chore(main): release 9.14.1 (#3858)
  • 396271b fix: ensure that spawned jobs do not handle retries themselves. The main proc...
  • 0f1991a fix: always raise FileNotFoundError in case of missing files in resource expr...
  • 12ce6c6 chore(main): release 9.14.0 (#3835)
  • 4ac6cda perf: retrieve storage inputs immediately before scheduling jobs instead of b...
  • 7886508 fix: Unpack AnnotatedString in _apply_wildcards (#3798)
  • 7b2180a fix: Add support for pathlib in notebook field (#3811)
  • e58d8c6 build(deps): bump prefix-dev/setup-pixi from 0.9.1 to 0.9.3 (#3825)
  • f1e8b62 fix: mount local storage prefix into containers (#3840)
  • 5caad70 fix: correct Windows callable path handling (#3832)
  • Additional commits viewable in compare view

Updates cfn-lint from 1.41.0 to 1.42.0

Release notes

Sourced from cfn-lint's releases.

Release v1.42.0

What's Changed

New Contributors

Full Changelog: aws-cloudformation/cfn-lint@v1.41.0...v1.41.1

Changelog

Sourced from cfn-lint's changelog.

v1.42.0

What's Changed

New Contributors

Full Changelog: aws-cloudformation/cfn-lint@v1.41.0...v1.41.1

Commits

Updates ruff from 0.14.6 to 0.14.7

Release notes

Sourced from ruff's releases.

0.14.7

Release Notes

Released on 2025-11-28.

Preview features

  • [flake8-bandit] Handle string literal bindings in suspicious-url-open-usage (S310) (#21469)
  • [pylint] Fix PLR1708 false positives on nested functions (#21177)
  • [pylint] Fix suppression for empty dict without tuple key annotation (PLE1141) (#21290)
  • [ruff] Add rule RUF066 to detect unnecessary class properties (#21535)
  • [ruff] Catch more dummy variable uses (RUF052) (#19799)

Bug fixes

  • [server] Set severity for non-rule diagnostics (#21559)
  • [flake8-implicit-str-concat] Avoid invalid fix in (ISC003) (#21517)
  • [parser] Fix panic when parsing IPython escape command expressions (#21480)

CLI

  • Show partial fixability indicator in statistics output (#21513)

Contributors

Install ruff 0.14.7

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.14.7/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/ruff/releases/download/0.14.7/ruff-installer.ps1 | iex"

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.7

Released on 2025-11-28.

Preview features

  • [flake8-bandit] Handle string literal bindings in suspicious-url-open-usage (S310) (#21469)
  • [pylint] Fix PLR1708 false positives on nested functions (#21177)
  • [pylint] Fix suppression for empty dict without tuple key annotation (PLE1141) (#21290)
  • [ruff] Add rule RUF066 to detect unnecessary class properties (#21535)
  • [ruff] Catch more dummy variable uses (RUF052) (#19799)

Bug fixes

  • [server] Set severity for non-rule diagnostics (#21559)
  • [flake8-implicit-str-concat] Avoid invalid fix in (ISC003) (#21517)
  • [parser] Fix panic when parsing IPython escape command expressions (#21480)

CLI

  • Show partial fixability indicator in statistics output (#21513)

Contributors

Commits

Updates mypy from 1.18.2 to 1.19.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Drop Support for Python 3.9

Mypy no longer supports running with Python 3.9, which has reached end-of-life. When running mypy with Python 3.10+, it is still possible to type check code that needs to support Python 3.9 with the --python-version 3.9 argument. Support for this will be dropped in the first half of 2026!

Contributed by Marc Mueller (PR 20156).

Mypy 1.19

We’ve just uploaded mypy 1.19.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Python 3.9 Support Ending Soon

This is the last mypy feature release that supports Python 3.9, which reached end of life in October 2025.

Performance Improvements

  • Switch to a more dynamic SCC processing logic (Ivan Levkivskyi, PR 20053)
  • Speed up type aliases (Ivan Levkivskyi, PR 19810)

Fixed‑Format Cache Improvements

Mypy uses a cache by default to speed up incremental runs by reusing partial results from earlier runs. Mypy 1.18 added a new binary fixed-format cache representation as an experimental feature. The feature is no longer experimental, and we are planning to enable it by default in a future mypy release (possibly 1.20), since it's faster and uses less space than the original, JSON-based cache format. Use --fixed-format-cache to enable the fixed-format cache.

Mypy now has an extra dependency on the librt PyPI package, as it's needed for cache serialization and deserialization.

Mypy ships with a tool to convert fixed-format cache files to the old JSON format. Example of how to use this:

$ python -m mypy.exportjson .mypy_cache/.../my_module.data.ff

... (truncated)

Commits

Updates pylint from 4.0.3 to 4.0.4

Commits
  • e16f942 Bump pylint to 4.0.4, update changelog
  • 657b386 [Backport maintenance/4.0.x] [invalid-name] Fix FP for exclusive assignment o...
  • 03f8a92 [Backport maintenance/4.0.x] fix: avoid false positive when module-level name...
  • See full diff in compare view

Updates ansible-lint from 25.11.0 to 25.12.0

Release notes

Sourced from ansible-lint's releases.

v25.12.0

Maintenance

v25.11.1

Features

Fixes

Maintenance

Commits
  • 36075fa chore: Remove cffi, importlib-metadata, reduce core lower bound (#4860)
  • 61a8e7b feat: detect missing prefix in role's handlers vars (#4826)
  • 63d27d1 chore(deps): update all dependencies (#4833)
  • 1512fe6 chore(deps): bump js-yaml from 4.1.0 to 4.1.1 in /test/schemas (#4849)
  • 6d55ca6 chore(deps-dev): bump glob from 10.4.5 to 10.5.0 in /test/schemas (#4847)
  • 460868e Add support for Fedora 43 (#4836)
  • 0378fe5 Migrate RTD URLs to docs.ansible.com (#4842)
  • f43c73b fix: Pass module spec via stdin instead of command line args (#4844)
  • d14f242 fix: Update mypy python version to 3.12 (#4846)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Dec 8, 2025
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Dec 8, 2025
@github-actions github-actions bot enabled auto-merge December 8, 2025 13:15
@dependabot dependabot bot force-pushed the dependabot/pip/dependencies/python/pip-f552f7ff87 branch from 05d7d98 to 7da24af Compare December 9, 2025 18:47
@ferrarimarco
Copy link
Collaborator

ferrarimarco commented Dec 9, 2025

@dependabot rebase

@dependabot dependabot bot force-pushed the dependabot/pip/dependencies/python/pip-f552f7ff87 branch from 7da24af to f9be420 Compare December 9, 2025 20:51
@ferrarimarco ferrarimarco added this to the 8.3.1 milestone Dec 9, 2025
@dependabot @ferrarimarco
deps(python): bump the pip group across 1 directory with 7 updates
fb1dde4 
Bumps the pip group with 7 updates in the /dependencies/python directory:

| Package | From | To |
| --- | --- | --- |
| [zizmor](https://github.com/zizmorcore/zizmor) | `1.16.3` | `1.18.0` |
| [snakemake](https://github.com/snakemake/snakemake) | `9.13.7` | `9.14.1` |
| [cfn-lint](https://github.com/aws-cloudformation/cfn-lint) | `1.41.0` | `1.42.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.14.6` | `0.14.7` |
| [mypy](https://github.com/python/mypy) | `1.18.2` | `1.19.0` |
| [pylint](https://github.com/pylint-dev/pylint) | `4.0.3` | `4.0.4` |
| [ansible-lint](https://github.com/ansible/ansible-lint) | `25.11.0` | `25.12.0` |

Updates `zizmor` from 1.16.3 to 1.18.0
- [Release notes](https://github.com/zizmorcore/zizmor/releases)
- [Changelog](https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md)
- [Commits](zizmorcore/zizmor@v1.16.3...v1.18.0)

Updates `snakemake` from 9.13.7 to 9.14.1
- [Release notes](https://github.com/snakemake/snakemake/releases)
- [Changelog](https://github.com/snakemake/snakemake/blob/main/CHANGELOG.md)
- [Commits](snakemake/snakemake@v9.13.7...v9.14.1)

Updates `cfn-lint` from 1.41.0 to 1.42.0
- [Release notes](https://github.com/aws-cloudformation/cfn-lint/releases)
- [Changelog](https://github.com/aws-cloudformation/cfn-lint/blob/main/CHANGELOG.md)
- [Commits](aws-cloudformation/cfn-lint@v1.41.0...v1.42.0)

Updates `ruff` from 0.14.6 to 0.14.7
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.14.6...0.14.7)

Updates `mypy` from 1.18.2 to 1.19.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v1.18.2...v1.19.0)

Updates `pylint` from 4.0.3 to 4.0.4
- [Release notes](https://github.com/pylint-dev/pylint/releases)
- [Commits](pylint-dev/pylint@v4.0.3...v4.0.4)

Updates `ansible-lint` from 25.11.0 to 25.12.0
- [Release notes](https://github.com/ansible/ansible-lint/releases)
- [Commits](ansible/ansible-lint@v25.11.0...v25.12.0)

---
updated-dependencies:
- dependency-name: zizmor
  dependency-version: 1.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip
- dependency-name: snakemake
  dependency-version: 9.14.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip
- dependency-name: cfn-lint
  dependency-version: 1.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip
- dependency-name: ruff
  dependency-version: 0.14.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip
- dependency-name: mypy
  dependency-version: 1.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip
- dependency-name: pylint
  dependency-version: 4.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip
- dependency-name: ansible-lint
  dependency-version: 25.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@ferrarimarco ferrarimarco force-pushed the dependabot/pip/dependencies/python/pip-f552f7ff87 branch from f9be420 to fb1dde4 Compare December 10, 2025 17:09
@ferrarimarco ferrarimarco merged commit 026d3fe into main Dec 10, 2025
176 of 177 checks passed
@ferrarimarco ferrarimarco deleted the dependabot/pip/dependencies/python/pip-f552f7ff87 branch December 10, 2025 17:46
@github-actions github-actions bot mentioned this pull request Dec 10, 2025
Merged
@marcusmai-telia marcusmai-telia mentioned this pull request Dec 16, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zkoppert zkoppert Awaiting requested review from zkoppert zkoppert is a code owner

@Hanse00 Hanse00 Awaiting requested review from Hanse00 Hanse00 is a code owner

@ferrarimarco ferrarimarco Awaiting requested review from ferrarimarco ferrarimarco is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

8.3.1

Development

Successfully merging this pull request may close these issues.

2 participants

@ferrarimarco