chore(deps): bump the pip group with 6 updates

[dependabot]

Bumps the pip group with 6 updates:

Package	From	To
mkdocs-material	9.5.40	9.5.42
mkdocs-macros-plugin	1.3.5	1.3.6
mypy	1.12.0	1.12.1
ruff	0.6.9	0.7.0
semgrep	1.91.0	1.92.0
coverage[toml]	7.6.1	7.6.4

Updates mkdocs-material from 9.5.40 to 9.5.42

Release notes

Sourced from mkdocs-material's releases.

mkdocs-material-9.5.42

• Fixed #7625: Invalid encoding of boolean attributes in privacy plugin
• Fixed #7624: Crash when disabling privacy plugin (9.5.41 regression)

mkdocs-material-9.5.41

• Fixed #7619: Improved tooltip on logo disappears after instant navigation
• Fixed #7616: Race condition in built-in privacy plugin when inlining assets
• Fixed #7615: Comments and "Was this page helpful?" visible when printing

Changelog

Sourced from mkdocs-material's changelog.

mkdocs-material-9.5.42 (2024-10-20)

• Fixed #7625: Invalid encoding of boolean attributes in privacy plugin
• Fixed #7624: Crash when disabling privacy plugin (9.5.41 regression)

mkdocs-material-9.5.41 (2024-10-15)

• Fixed #7619: Improved tooltip on logo disappears after instant navigation
• Fixed #7616: Race condition in built-in privacy plugin when inlining assets
• Fixed #7615: Comments and "Was this page helpful?" visible when printing

mkdocs-material-9.5.40 (2024-10-10)

• Updated Latvian translations
• Fixed #7597: Social cards not using site name on home page

mkdocs-material-9.5.39+insiders-4.53.14 (2024-09-29)

• Fixed #7567: Empty headlines when using typeset plugin with anchorlinks

mkdocs-material-9.5.39 (2024-09-29)

• Fixed #7226: not staying on page when using mike's canonical versioning

mkdocs-material-9.5.38 (2024-09-26)

• Added Albanian translations

mkdocs-material-9.5.37 (2024-09-25)

• Added 4th and 5th level ordered list styles
• Fixed #7548: Tags have no spacing in search

mkdocs-material-9.5.36 (2024-09-21)

• Fixed #7544: Social cards incorrectly rendering HTML entities
• Fixed #7542: Improved support for setting custom list styles

mkdocs-material-9.5.35 (2024-09-18)

• Fixed #7498: Search not showing for Vietnamese language

mkdocs-material-9.5.34+insiders-4.53.13 (2024-09-14)

• Fixed #7520: Social plugin errors for generated files (MkDocs 1.6+)

mkdocs-material-9.5.34 (2024-08-31)

• Updated Mermaid.js to version 11 (latest)

... (truncated)

Commits

• f3a390e Prepare 9.5.42 release
• ade227c Updated README.md (#7631)
• cc1508f Fixed encoding of boolean attributes in privacy plugin
• e2c621f Fixed regression in privacy plugin
• 5eef815 Prepare 9.5.41 release
• 2d2e041 Updated dependencies
• 790b0e8 JSON schema (#7622)
• 649abd2 Fixed tooltip on logo lost on instant navigation
• 0418a22 Updated README.md (#7618)
• e29e124 Fixed feedback visible on print
• Additional commits viewable in compare view

Updates mkdocs-macros-plugin from 1.3.5 to 1.3.6

Changelog

Sourced from mkdocs-macros-plugin's changelog.

1.3.6, 2024-10-17

• Added: complete test framework, using pytest and Mkdocs-Test (#244) A number of automated test cases are implemented.
• Changed: move from setup.py to pyproject.toml (#250)

1.2.0, 2024-09-15

• Added: three hooks register_variables/macros/filters to facilitate cooperation with other MkDocs plugins.
• Fixed: `define_env() was always required in module (#191)
• Added: trace the case when no module is found (INFO)
• Improved documentation, particularly about HTML pages
• Added: parameters j2_comment_start_string and j2_comment_end_string to plugin's parameters, to specify alternate markers for comments.
• Added the multiline parameter force_render_paths in the config file, to specify directories or file patterns to be rendered for the case when render_by_default = false (the render_macros parameter in the YAML header of the page has the last word).

1.0.5, 2023-10-31

• Added: git.short_tag (#183)
• Added: Mermaid diagrams in the documentation (Readthedocs)
• Fixed: Changelog was no longer displayed (#186)

1.0.4, 2023-08-07

• Fixed: Warning due to filter issue with mkdocs >= 1.5
• Fixed: Debug html tables (including for macro_info()) are now readable also in dark mode.

1.0.2, 2023-07-02

• Added: it is now possible to use macros in page titles, in the nav section of the yaml file, or in the level 1 titles; the macros are correctly interpreted in the navigation part of the page.

1.0.1, 2023-05-25

1.0.0-alpha, 2023-04-23

• Improved user guide, with introduction of two new pages: "Controlling macro rendering" and "Post production".

• Fixed: (#158) In modules, on_pre_page_macros(), the env.markdown attribute is now available to create a header or footer.

• Changed: In on_post_page_macros() use env.markdown instead of env.raw_markdown, for the same purpose.

... (truncated)

Commits

• 3a73707 Migrate to pyproject.toml
• 99733be Demote info messages as debug (#248)
• See full diff in compare view

Updates mypy from 1.12.0 to 1.12.1

Changelog

Sourced from mypy's changelog.

Mypy 1.12.1

• Fix crash when showing partially analyzed type in error message (Ivan Levkivskyi, PR 17961)
• Fix iteration over union (when self type is involved) (Shantanu, PR 17976)
• Fix type object with type var default in union context (Jukka Lehtosalo, PR 17991)
• Revert change to os.path stubs affecting use of os.PathLike[Any] (Shantanu, PR 17995)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

• Ali Hamdan
• Anders Kaseorg
• Bénédikt Tran
• Brian Schubert
• bzoracler
• Chelsea Durazo
• Danny Yang
• Edgar Ramírez Mondragón
• Eric Mark Martin
• InSync
• Ivan Levkivskyi
• Jordandev678
• Katrina Connors
• Kirill Podoprigora
• Marc Mueller
• Max Muoto
• Max Murin
• Michael Carlstrom
• Michael I Chen
• Pradyun Gedam
• quinn-sasha
• Raphael Krupinski
• Sebastian Rittau
• Shantanu
• sobolevn
• Soubhik Kumar Mitra
• Stanislav Terliakov
• wyattscarpenter

I’d also like to thank my employer, Dropbox, for supporting mypy development.

Mypy 1.11

We’ve just uploaded mypy 1.11 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Support Python 3.12 Syntax for Generics (PEP 695)

... (truncated)

Commits

• 050d12f Bump version to 1.12.1
• 346e370 [1.12 backport] revert os.path change (#17995)
• 71e1f05 Fix type object with type var default in union context (#17991)
• 34d8603 Fix iteration over union (when self type is involved) (#17976)
• 2485bed Use kw-only args for member access booleans (#17975)
• a5e9b0b Fix crash when showing partially analyzed type in error message (#17961)
• 4775da1 Bump version to 1.12.1+dev
• See full diff in compare view

Updates ruff from 0.6.9 to 0.7.0

Release notes

Sourced from ruff's releases.

0.7.0

Release Notes

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

• The pytest rules PT001 and PT023 now default to omitting the decorator parentheses when there are no arguments (#12838, #13292). This was a change that we attempted to make in Ruff v0.6.0, but only partially made due to an error on our part. See the blog post for more details.
• The useless-try-except rule (in our tryceratops category) has been recoded from TRY302 to TRY203 (#13502). This ensures Ruff's code is consistent with the same rule in the tryceratops linter.
• The lint.allow-unused-imports setting has been removed (#13677). Use lint.pyflakes.allow-unused-imports instead.

Formatter preview style

• Normalize implicit concatenated f-string quotes per part (#13539)

Preview linter features

• [refurb] implement hardcoded-string-charset (FURB156) (#13530)
• [refurb] Count codepoints not bytes for slice-to-remove-prefix-or-suffix (FURB188) (#13631)

Rule changes

• [pylint] Mark PLE1141 fix as unsafe (#13629)
• [flake8-async] Consider async generators to be "checkpoints" for cancel-scope-no-checkpoint (ASYNC100) (#13639)
• [flake8-bugbear] Do not suggest setting parameter strict= to False in B905 diagnostic message (#13656)
• [flake8-todos] Only flag the word "TODO", not words starting with "todo" (TD006) (#13640)
• [pycodestyle] Fix whitespace-related false positives and false negatives inside type-parameter lists (E231, E251) (#13704)
• [flake8-simplify] Stabilize preview behavior for SIM115 so that the rule can detect files being opened from a wider range of standard-library functions (#12959).

CLI

• Add explanation of fixable in --statistics command (#13774)

Bug fixes

• [pyflakes] Allow ipytest cell magic (F401) (#13745)
• [flake8-use-pathlib] Fix PTH123 false positive when open is passed a file descriptor (#13616)
• [flake8-bandit] Detect patterns from multi line SQL statements (S608) (#13574)
• [flake8-pyi] - Fix dropped expressions in PYI030 autofix (#13727)

Contributors

• @​AlexWaygood

... (truncated)

Changelog

Sourced from ruff's changelog.

0.7.0

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

• The pytest rules PT001 and PT023 now default to omitting the decorator parentheses when there are no arguments (#12838, #13292). This was a change that we attempted to make in Ruff v0.6.0, but only partially made due to an error on our part. See the blog post for more details.
• The useless-try-except rule (in our tryceratops category) has been recoded from TRY302 to TRY203 (#13502). This ensures Ruff's code is consistent with the same rule in the tryceratops linter.
• The lint.allow-unused-imports setting has been removed (#13677). Use lint.pyflakes.allow-unused-imports instead.

Formatter preview style

• Normalize implicit concatenated f-string quotes per part (#13539)

Preview linter features

• [refurb] implement hardcoded-string-charset (FURB156) (#13530)
• [refurb] Count codepoints not bytes for slice-to-remove-prefix-or-suffix (FURB188) (#13631)

Rule changes

• [pylint] Mark PLE1141 fix as unsafe (#13629)
• [flake8-async] Consider async generators to be "checkpoints" for cancel-scope-no-checkpoint (ASYNC100) (#13639)
• [flake8-bugbear] Do not suggest setting parameter strict= to False in B905 diagnostic message (#13656)
• [flake8-todos] Only flag the word "TODO", not words starting with "todo" (TD006) (#13640)
• [pycodestyle] Fix whitespace-related false positives and false negatives inside type-parameter lists (E231, E251) (#13704)
• [flake8-simplify] Stabilize preview behavior for SIM115 so that the rule can detect files being opened from a wider range of standard-library functions (#12959).

CLI

• Add explanation of fixable in --statistics command (#13774)

Bug fixes

• [pyflakes] Allow ipytest cell magic (F401) (#13745)
• [flake8-use-pathlib] Fix PTH123 false positive when open is passed a file descriptor (#13616)
• [flake8-bandit] Detect patterns from multi line SQL statements (S608) (#13574)
• [flake8-pyi] - Fix dropped expressions in PYI030 autofix (#13727)

Commits

• 5e6de4e Changelog for Ruff v0.7 (#13794)
• 70e5c4a Recode TRY302 to TRY203 (#13502)
• 9218d6b Remove allow-unused-imports setting from the common lint options (#13677)
• 1b79ae9 [ruff-0.7] Stabilise the expansion of open-file-with-context-handler to wor...
• 2b87587 [flake8-pytest-style] Fix defaults when lint.flake8-pytest-style config s...
• d1e15f6 Remove tab-size setting (#12835)
• 89a8215 Remove error messages for removed CLI aliases (#12833)
• 202c6a6 Remove output-format=text setting (#12836)
• 5c3c0c4 [red-knot] Inference for comparison of union types (#13781)
• 6b7a738 Add explanation of fixable in --statistics command (#13774)
• Additional commits viewable in compare view

Updates semgrep from 1.91.0 to 1.92.0

Release notes

Sourced from semgrep's releases.

Release v1.92.0

1.92.0 - 2024-10-17

Added

• Pro: taint-mode: Semgrep has now basic support to track taint through callbacks, when they lead to a sink, e.g.:

  function unsafe_callback(x) {
    sink(x); // finding here now !
  }
  function withCallback(val, callback) {
  
  callback(val);
  
  }
  withCallback(taint, unsafe_callback); (code-7476)
  
  

• New subcommand dump-cst for tree-sitter languages available via semgrep show. This shows the concrete syntax tree for a given file. (code-7653)

• Pro only: Updated C# parser supporting all versions of the language up to 13.0 (.NET 9) (saf-1610)

• Added support for the Move-on-sui language! (sui)

• Pro-only: semgrep test now supports the --pro flag to not only use pro languages but also run the tests with the --pro-intrafile engine flag. If a finding is detected only by the pro engine, please use proruleid: instead of ruleid: and if an OSS finding is actually a false positive for the pro engine, please add the prook: to your test annotation. (test_pro)

Fixed

• pro: dataflow: Fixed a bug that could cause a class constructor to not be analyzed in the correct dependency order, potentially leading to FNs. (code-7649)

• Display an ✘ instead of a ✔ in the scan status print out when scanning with Semgrep OSS code is not enabled. (grow-422)

• semgrep will no longer randomly segfault when --trace is on with -j > 2 (saf-1590)

• Previously, semgrep fails when --trace-endpoint is specified, but --trace is not.

  Now, we relax this requirement a bit. In this case, we disable tracing, print out a warning, and continue to scan. (sms-550)

Changelog

Sourced from semgrep's changelog.

1.92.0 - 2024-10-17

Added

• Pro: taint-mode: Semgrep has now basic support to track taint through callbacks, when they lead to a sink, e.g.:

  function unsafe_callback(x) {
    sink(x); // finding here now !
  }
  function withCallback(val, callback) {
  
  callback(val);
  
  }
  withCallback(taint, unsafe_callback); (code-7476)
  
  

• New subcommand dump-cst for tree-sitter languages available via semgrep show. This shows the concrete syntax tree for a given file. (code-7653)

• Pro only: Updated C# parser supporting all versions of the language up to 13.0 (.NET 9) (saf-1610)

• Added support for the Move-on-sui language! (sui)

• Pro-only: semgrep test now supports the --pro flag to not only use pro languages but also run the tests with the --pro-intrafile engine flag. If a finding is detected only by the pro engine, please use proruleid: instead of ruleid: and if an OSS finding is actually a false positive for the pro engine, please add the prook: to your test annotation. (test_pro)

Fixed

• pro: dataflow: Fixed a bug that could cause a class constructor to not be analyzed in the correct dependency order, potentially leading to FNs. (code-7649)

• Display an ✘ instead of a ✔ in the scan status print out when scanning with Semgrep OSS code is not enabled. (grow-422)

• semgrep will no longer randomly segfault when --trace is on with -j > 2 (saf-1590)

• Previously, semgrep fails when --trace-endpoint is specified, but --trace is not.

  Now, we relax this requirement a bit. In this case, we disable tracing, print out a warning, and continue to scan. (sms-550)

Commits

• 458d3d0 chore: release version 1.92.0
• f3693besemgrep/semgrep-proprietary#2435
• 8dac090semgrep/semgrep-proprietary#2430
• 8711f0a Cron - update semgrep-rules and semgrep-rules-pro submodules (semgrep/semgrep...
• e28ad6esemgrep/semgrep-proprietary#10589
• 159c76esemgrep/semgrep-proprietary#2386
• bfe4e41 opt(memory): Discard irrelevant rules according to targeting. (semgrep/semgre...
• f8419c2 chore(ux): Use conditional to show / hide the Semgrep OSS status (semgrep/sem...
• cb5bc61 Adding support for Move on Sui to semgrep (#10589)
• d69e1a0 Fix List_.map in libs/python-str-rep and adjust precommit exclude (semgrep/se...
• Additional commits viewable in compare view

Updates coverage[toml] from 7.6.1 to 7.6.4

Release notes

Sourced from coverage[toml]'s releases.

7.6.4

Version 7.6.4 — 2024-10-20

• fix: multi-line with statements could cause contained branches to be incorrectly marked as missing (issue 1880). This is now fixed.

➡️  PyPI page: coverage 7.6.4. :arrow_right:  To install: python3 -m pip install coverage==7.6.4

7.6.3

Version 7.6.3 — 2024-10-13

• Fix: nested context managers could incorrectly be analyzed to flag a missing branch on the last context manager, as described in issue 1876. This is now fixed.
• Fix: the missing branch message about not exiting a module had an extra “didn’t,” as described in issue 1873. This is now fixed.

➡️  PyPI page: coverage 7.6.3. :arrow_right:  To install: python3 -m pip install coverage==7.6.3

7.6.2

Version 7.6.2 — 2024-10-09

• Dropped support for Python 3.8 and PyPy 3.8.
• Fix: a final wildcard match/case clause assigning to a name (case _ as value) was incorrectly marked as a missing branch. This is now fixed, closing issue 1860.
• Fewer things are considered branches now. Lambdas, comprehensions, and generator expressions are no longer marked as missing branches if they don’t complete execution. Closes issue 1852.
• Fix: the HTML report didn’t properly show multi-line f-strings that end with a backslash continuation. This is now fixed, closing issue 1836, thanks to LiuYinCarl and Marco Ricci.
• Fix: the LCOV report now has correct line numbers (fixing issue 1846) and better branch descriptions for BRDA records (fixing issue 1850). There are other changes to lcov also, including a new configuration option line_checksums to control whether line checksums are included in the lcov report. The default is false. To keep checksums set it to true. All this work is thanks to Zack Weinberg (pull 1849 and pull 1851).
• Fixed the docs for multi-line regex exclusions, closing issue 1863.
• Fixed a potential crash in the C tracer, closing issue 1835, thanks to Jan Kühle.

➡️  PyPI page: coverage 7.6.2. :arrow_right:  To install: python3 -m pip install coverage==7.6.2

Changelog

Sourced from coverage[toml]'s changelog.

Version 7.6.4 — 2024-10-20

• fix: multi-line with statements could cause contained branches to be incorrectly marked as missing (issue 1880_). This is now fixed.

.. _issue 1880: nedbat/coveragepy#1880

.. _changes_7-6-3:

Version 7.6.3 — 2024-10-13

• Fix: nested context managers could incorrectly be analyzed to flag a missing branch on the last context manager, as described in issue 1876_. This is now fixed.

• Fix: the missing branch message about not exiting a module had an extra "didn't," as described in issue 1873_. This is now fixed.

.. _issue 1873: nedbat/coveragepy#1873 .. _issue 1876: nedbat/coveragepy#1876

.. _changes_7-6-2:

Version 7.6.2 — 2024-10-09

• Dropped support for Python 3.8 and PyPy 3.8.

• Fix: a final wildcard match/case clause assigning to a name (case _ as value) was incorrectly marked as a missing branch. This is now fixed, closing issue 1860_.

• Fewer things are considered branches now. Lambdas, comprehensions, and generator expressions are no longer marked as missing branches if they don't complete execution. Closes issue 1852_.

• Fix: the HTML report didn't properly show multi-line f-strings that end with a backslash continuation. This is now fixed, closing issue 1836, thanks to LiuYinCarl and Marco Ricci <pull 1838_>.

• Fix: the LCOV report now has correct line numbers (fixing issue 1846) and better branch descriptions for BRDA records (fixing issue 1850). There are other changes to lcov also, including a new configuration option :ref:line_checksums <config_lcov_line_checksums> to control whether line checksums are included in the lcov report. The default is false. To keep checksums set it to true. All this work is thanks to Zack Weinberg

... (truncated)

Commits

• f24f76b docs: sample HTML for 7.6.4
• 96e10f7 docs: prep for 7.6.4
• b8c236a fix: multi-line with-statements exit correctly. #1880
• 64b7a45 docs: another discord reference
• 68d7427 docs: Python Discord
• 43adcea build: include 3.14 in the usual Pythons
• fb2b49f build: github_releases can update older releases, and pauses to get the sorti...
• ca550ca 3.0b2 wasn't correctly titled
• debcc77 build: bump version
• 342a4cb docs: sample HTML for 7.6.3
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions