Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the dev-dependencies group across 1 directory with 4 updates #2400

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the dev-dependencies group across 1 directory with 4 updates #2400

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 3, 2025

Bumps the dev-dependencies group with 4 updates in the /export directory: mypy, types-setuptools, pytest and semgrep.

Updates mypy from 1.13.0 to 1.15.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Different Property Getter and Setter Types

Mypy now supports using different types for property getter and setter.

class A:
    value: int
@property
def f(self) -> int:
    return self.value
@f.setter
def f(self, x: str | int) -> None:
    try:
        self.value = int(x)
    except ValueError:
        raise Exception(f"'{x}' is not a valid value for 'f'")

Contributed by Ivan Levkivskyi (PR 18510)

Selectively Disable Deprecated Warnings

It's now possible to selectively disable warnings generated from warnings.deprecated using the --deprecated-calls-exclude option.

# mypy --enable-error-code deprecated
#      --deprecated-calls-exclude=foo.A
import foo
foo.A().func()  # OK, the deprecated warning is ignored
file foo.py
from typing_extensions import deprecated
class A:
@​deprecated("Use A.func2 instead")
def func(self): pass

Contributed by Marc Mueller (PR 18641)

Mypy 1.15

We’ve just uploaded mypy 1.15 to the Python Package Index (PyPI).

... (truncated)

Commits
  • 9397454 remove +dev from version ahead of final release
  • 686b591 remove "unreleased" from 1.15 changelog entry
  • cb4b243 Various small updates to 1.15 changelog (#18599)
  • 1a26502 Prepare changelog for 1.15 release (#18583)
  • d4515e4 Fix a few PR links in the changelog (#18586)
  • f83b643 Add object self-type to tuple test fixture (#18592)
  • ebc2cb8 Prevent crash on generic NamedTuple with unresolved typevar bound (#18585)
  • 63c251e empty commit to trigger wheel rebuild
  • c30573e Fix literal context for ternary expressions (for real) (#18545)
  • 23d862d Fix isinstance with explicit (non generic) type alias (#18512)
  • Additional commits viewable in compare view

Updates types-setuptools from 75.6.0.20241126 to 75.8.2.20250301

Commits

Updates pytest from 8.3.4 to 8.3.5

Release notes

Sourced from pytest's releases.

8.3.5

pytest 8.3.5 (2025-03-02)

Bug fixes

  • #11777: Fixed issue where sequences were still being shortened even with -vv verbosity.
  • #12888: Fixed broken input when using Python 3.13+ and a libedit build of Python, such as on macOS or with uv-managed Python binaries from the python-build-standalone project. This could manifest e.g. by a broken prompt when using Pdb, or seeing empty inputs with manual usage of input() and suspended capturing.
  • #13026: Fixed AttributeError{.interpreted-text role="class"} crash when using --import-mode=importlib when top-level directory same name as another module of the standard library.
  • #13053: Fixed a regression in pytest 8.3.4 where, when using --import-mode=importlib, a directory containing py file with the same name would cause an ImportError
  • #13083: Fixed issue where pytest could crash if one of the collected directories got removed during collection.

Improved documentation

  • #12842: Added dedicated page about using types with pytest.

    See types{.interpreted-text role="ref"} for detailed usage.

Contributor-facing changes

  • #13112: Fixed selftest failures in test_terminal.py with Pygments >= 2.19.0
  • #13256: Support for Towncrier versions released in 2024 has been re-enabled when building Sphinx docs -- by webknjaz{.interpreted-text role="user"}.
Commits

Updates semgrep from 1.100.0 to 1.110.0

Release notes

Sourced from semgrep's releases.

Release v1.110.0

1.110.0 - 2025-02-26

Added

  • pro: Inter-file analysis will now process Javascript and Typescript files together, so that taint can be tracked across both languages. (code-8076)

  • Pro: new metavariable-name operator which allows for expressing a constraint against the fully qualified name or nearest equivalent of a metavariable (useful mainly in JavaScript and TypeScript, where there is no first-class syntax for this, or where such names or pseudo-names containt symbols which cannot appear in identifiers). Requires pro naming passes and works best with interfile naming.

    Additional documentation forthcoming. (code-8121)

Changed

  • Upgrade from OCaml 4.14.0 to OCaml 5.2.1 for our PyPI and Homebrew distributions. Our Docker images have been built with OCaml 5.2.1 since Semgrep 1.107.0. (ocaml5)

Fixed

  • Fixed a regression in pro interfile mode where type inference for the var keyword in Java was not functioning correctly. (code-7991)

  • PRO: Fix the range not found error when using a metavariable pattern match on a typed metavariable. For example, the following metavariable pattern rule will no longer trigger the error:

    patterns:
  - pattern: ($FOO $VAR).bar()
  - metavariable-pattern:
      metavariable: $FOO
      pattern-either:
        - pattern: org.foo.Foo
``` (code-8007)

  • lsp will no longer send diagnostics where the message is MarkupContent since our current implementation does not discriminate on the client capability for recieiving such diagnostics (to-be-added in 3.18). (code-8120)

  • Yarn.lock parser now correctly denotes NPM organization scope. (sc-2107)

  • Packages in Package.resolved without a version are now ignored. (sc-2116)

  • Updated Package.swift parser to support:

    • The url value in a .package entry doesn't have to end with .git
    • You can have an exact field that looks like exact: "1.0.0" instead of .exact("1.0.0")

... (truncated)

Changelog

Sourced from semgrep's changelog.

1.110.0 - 2025-02-26

Added

  • pro: Inter-file analysis will now process Javascript and Typescript files together, so that taint can be tracked across both languages. (code-8076)

  • Pro: new metavariable-name operator which allows for expressing a constraint against the fully qualified name or nearest equivalent of a metavariable (useful mainly in JavaScript and TypeScript, where there is no first-class syntax for this, or where such names or pseudo-names containt symbols which cannot appear in identifiers). Requires pro naming passes and works best with interfile naming.

    Additional documentation forthcoming. (code-8121)

Changed

  • Upgrade from OCaml 4.14.0 to OCaml 5.2.1 for our PyPI and Homebrew distributions. Our Docker images have been built with OCaml 5.2.1 since Semgrep 1.107.0. (ocaml5)

Fixed

  • Fixed a regression in pro interfile mode where type inference for the var keyword in Java was not functioning correctly. (code-7991)

  • PRO: Fix the range not found error when using a metavariable pattern match on a typed metavariable. For example, the following metavariable pattern rule will no longer trigger the error:

    patterns:
  - pattern: ($FOO $VAR).bar()
  - metavariable-pattern:
      metavariable: $FOO
      pattern-either:
        - pattern: org.foo.Foo
``` (code-8007)

  • lsp will no longer send diagnostics where the message is MarkupContent since our current implementation does not discriminate on the client capability for recieiving such diagnostics (to-be-added in 3.18). (code-8120)

  • Yarn.lock parser now correctly denotes NPM organization scope. (sc-2107)

  • Packages in Package.resolved without a version are now ignored. (sc-2116)

  • Updated Package.swift parser to support:

    • The url value in a .package entry doesn't have to end with .git
    • You can have an exact field that looks like exact: "1.0.0" instead of .exact("1.0.0")
    • The exact version can be an object like Version(1,2,3) instead of a string

... (truncated)

Commits
  • ffdd67f chore: release version 1.110.0
  • 9e09482semgrep/semgrep-proprietary#3211
  • 66c8e6d feat(sca): enable dynamic resolution for multi-lockfile dependency sources (s...
  • 9477b52 feat: improve show debugsemgrep/semgrep-proprietary#3131
  • e4ddc36 refactor: use Cmdliner for Show_CLIsemgrep/semgrep-proprietary#3130
  • 963f46fsemgrep/semgrep-proprietary#3208
  • 5e7485d Add Windows dev setup fixes, workarounds, and documentation (semgrep/semgrep-...
  • 2d773a1semgrep/semgrep-proprietary#3204
  • bda4a54semgrep/semgrep-proprietary#3206
  • 4956c6bsemgrep/semgrep-proprietary#3188
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the dev-dependencies group across 1 directory with 4 updates
d1cd08e 
Bumps the dev-dependencies group with 4 updates in the /export directory: [mypy](https://github.com/python/mypy), [types-setuptools](https://github.com/python/typeshed), [pytest](https://github.com/pytest-dev/pytest) and [semgrep](https://github.com/returntocorp/semgrep).


Updates `mypy` from 1.13.0 to 1.15.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v1.13.0...v1.15.0)

Updates `types-setuptools` from 75.6.0.20241126 to 75.8.2.20250301
- [Commits](https://github.com/python/typeshed/commits)

Updates `pytest` from 8.3.4 to 8.3.5
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@8.3.4...8.3.5)

Updates `semgrep` from 1.100.0 to 1.110.0
- [Release notes](https://github.com/returntocorp/semgrep/releases)
- [Changelog](https://github.com/semgrep/semgrep/blob/develop/CHANGELOG.md)
- [Commits](semgrep/semgrep@v1.100.0...v1.110.0)

---
updated-dependencies:
- dependency-name: mypy
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: types-setuptools
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: semgrep
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 3, 2025
@dependabot dependabot bot requested a review from a team as a code owner March 3, 2025 21:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants