Bump the dependencies group across 1 directory with 9 updates

[dependabot]

Bumps the dependencies group with 9 updates in the / directory:

Package	From	To
authlib	1.3.2	1.5.1
certifi	2024.12.14	2025.1.31
cryptography	44.0.0	44.0.2
black	24.10.0	25.1.0
pytest	8.3.4	8.3.5
zizmor	1.0.0	1.4.1
charset-normalizer	3.4.0	3.4.1
click	8.1.7	8.1.8
urllib3	2.2.3	2.3.0

Updates authlib from 1.3.2 to 1.5.1

Release notes

Sourced from authlib's releases.

Version 1.5.0

• Fix token introspection auth method for clients. #662
• Optional typ claim in JWT tokens. #696
• JWT validation leeway. #689
• Implement server-side RFC9207. #700 #701
• generate_id_token can take a kid parameter. #702
• More detailed InvalidClientError. #706
• OpenID Connect Dynamic Client Registration implementation. #707

Version 1.4.1

• Improve garbage collection on OAuth clients. #698
• Fix client parameters for httpx. #694

Version 1.4.0

Bugfixes

• Fix id_token decoding when kid is null. #659
• Support for Python 3.13. #682
• Force login if the prompt parameter value is login. #637
• Support for httpx 0.28. #695

Breaking changes

• Stop support for Python 3.8. #682

Changelog

Sourced from authlib's changelog.

Version 1.5.1

Released on Feb 28, 2025

• Fix RFC9207 iss parameter. :pr:715

Version 1.5.0

Released on Feb 25, 2025

• Fix token introspection auth method for clients. :pr:662
• Optional typ claim in JWT tokens. :pr:696
• JWT validation leeway. :pr:689
• Implement server-side :rfc:RFC9207 <9207>. :issue:700 :pr:701
• generate_id_token can take a kid parameter. :pr:702
• More detailed InvalidClientError. :pr:706
• OpenID Connect Dynamic Client Registration implementation. :pr:707

Version 1.4.1

Released on Jan 28, 2025

• Improve garbage collection on OAuth clients. :issue:698
• Fix client parameters for httpx. :issue:694

Version 1.4.0

Released on Dec 20, 2024

• Fix id_token decoding when kid is null. :pr:659
• Support for Python 3.13. :pr:682
• Force login if the prompt parameter value is login. :pr:637
• Support for httpx 0.28, :pr:695

Breaking changes:

• Stop support for Python 3.8. :pr:682

Commits

• 4eafdc2 chore: release 1.5.1
• 0e7e344 Merge pull request #715 from azmeuk/rfc9207
• b57932b fix: RFC9207 iss parameter
• 7833a88 Merge pull request #713 from geigerzaehler/full-entropy
• 642dfa3 doc: fix an example import for rfc9207
• 5c507a8 fix: Use full entropy from specified oct key size
• 2d0396e chore: release 1.5.0
• da87c8b doc: update changelog
• b79d868 Merge pull request #662 from AdamWill/oauth2-fix-introspect-endpoint
• 24c2bd8 chore: add a dependency group for the documentation
• Additional commits viewable in compare view

Updates certifi from 2024.12.14 to 2025.1.31

Commits

• 088f931 2025.01.31 (#336)
• 1c17795 Bump pypa/gh-action-pypi-publish from 1.12.3 to 1.12.4 (#335)
• a2e88f0 Bump actions/upload-artifact from 4.5.0 to 4.6.0 (#334)
• 82284ed Bump peter-evans/create-pull-request from 7.0.5 to 7.0.6 (#333)
• 10d3d1d Bump actions/upload-artifact from 4.4.3 to 4.5.0 (#332)
• See full diff in compare view

Updates cryptography from 44.0.0 to 44.0.2

Changelog

Sourced from cryptography's changelog.

44.0.2 - 2025-03-01

* We now build wheels for PyPy 3.11.
.. _v44-0-1:
44.0.1 - 2025-02-11

• Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.1.
• We now build armv7l manylinux wheels and publish them to PyPI.
• We now build manylinux_2_34 wheels and publish them to PyPI.

.. _v44-0-0:

Commits

• 56cfce6 44.0.2 release (#12537)
• 7b4cc26 Backport PyPy3.11 support (#12536)
• adaaaed Bump for 44.0.1 release (#12441)
• ccc61da [backport] test and build on armv7l (#12420) (#12431)
• See full diff in compare view

Updates black from 24.10.0 to 25.1.0

Release notes

Sourced from black's releases.

25.1.0

Highlights

This release introduces the new 2025 stable style (#4558), stabilizing the following changes:

• Normalize casing of Unicode escape characters in strings to lowercase (#2916)
• Fix inconsistencies in whether certain strings are detected as docstrings (#4095)
• Consistently add trailing commas to typed function parameters (#4164)
• Remove redundant parentheses in if guards for case blocks (#4214)
• Add parentheses to if clauses in case blocks when the line is too long (#4269)
• Whitespace before # fmt: skip comments is no longer normalized (#4146)
• Fix line length computation for certain expressions that involve the power operator (#4154)
• Check if there is a newline before the terminating quotes of a docstring (#4185)
• Fix type annotation spacing between * and more complex type variable tuple (#4440)

The following changes were not in any previous release:

• Remove parentheses around sole list items (#4312)
• Generic function definitions are now formatted more elegantly: parameters are split over multiple lines first instead of type parameter definitions (#4553)

Stable style

• Fix formatting cells in IPython notebooks with magic methods and starting or trailing empty lines (#4484)
• Fix crash when formatting with statements containing tuple generators/unpacking (#4538)

Preview style

• Fix/remove string merging changing f-string quotes on f-strings with internal quotes (#4498)
• Collapse multiple empty lines after an import into one (#4489)
• Prevent string_processing and wrap_long_dict_values_in_parens from removing parentheses around long dictionary values (#4377)
• Move wrap_long_dict_values_in_parens from the unstable to preview style (#4561)

Packaging

• Store license identifier inside the License-Expression metadata field, see PEP 639. (#4479)

Performance

• Speed up the is_fstring_start function in Black's tokenizer (#4541)

Integrations

• If using stdin with --stdin-filename set to a force excluded path, stdin won't be

... (truncated)

Changelog

Sourced from black's changelog.

25.1.0

Highlights

This release introduces the new 2025 stable style (#4558), stabilizing the following changes:

• Normalize casing of Unicode escape characters in strings to lowercase (#2916)
• Fix inconsistencies in whether certain strings are detected as docstrings (#4095)
• Consistently add trailing commas to typed function parameters (#4164)
• Remove redundant parentheses in if guards for case blocks (#4214)
• Add parentheses to if clauses in case blocks when the line is too long (#4269)
• Whitespace before # fmt: skip comments is no longer normalized (#4146)
• Fix line length computation for certain expressions that involve the power operator (#4154)
• Check if there is a newline before the terminating quotes of a docstring (#4185)
• Fix type annotation spacing between * and more complex type variable tuple (#4440)

The following changes were not in any previous release:

• Remove parentheses around sole list items (#4312)
• Generic function definitions are now formatted more elegantly: parameters are split over multiple lines first instead of type parameter definitions (#4553)

Stable style

• Fix formatting cells in IPython notebooks with magic methods and starting or trailing empty lines (#4484)
• Fix crash when formatting with statements containing tuple generators/unpacking (#4538)

Preview style

• Fix/remove string merging changing f-string quotes on f-strings with internal quotes (#4498)
• Collapse multiple empty lines after an import into one (#4489)
• Prevent string_processing and wrap_long_dict_values_in_parens from removing parentheses around long dictionary values (#4377)
• Move wrap_long_dict_values_in_parens from the unstable to preview style (#4561)

Packaging

• Store license identifier inside the License-Expression metadata field, see PEP 639. (#4479)

Performance

• Speed up the is_fstring_start function in Black's tokenizer (#4541)

Integrations

... (truncated)

Commits

• 8a737e7 Prepare release 25.1.0 (#4563)
• d330dee docs: We're not going to use backslashes for the with statement (#4564)
• 3d81290 Move wrap_long_dict_values_in_parens to the preview style (#4561)
• 459562c Improve function declaration wrapping when it contains generic type definitio...
• 99dbf30 Cache executor to avoid hitting open file limits (#4560)
• c0b92f3 Prepare the 2025 stable style (#4558)
• e58baf1 Add test for #1187 (#4559)
• 1455ae4 Fix docs CI (#4555)
• 584d033 fix: Don't remove parenthesis around long dictionary values (#4377)
• 6e96540 Fix CI (#4551)
• Additional commits viewable in compare view

Updates pytest from 8.3.4 to 8.3.5

Release notes

Sourced from pytest's releases.

8.3.5

pytest 8.3.5 (2025-03-02)

Bug fixes

• #11777: Fixed issue where sequences were still being shortened even with -vv verbosity.
• #12888: Fixed broken input when using Python 3.13+ and a libedit build of Python, such as on macOS or with uv-managed Python binaries from the python-build-standalone project. This could manifest e.g. by a broken prompt when using Pdb, or seeing empty inputs with manual usage of input() and suspended capturing.
• #13026: Fixed AttributeError{.interpreted-text role="class"} crash when using --import-mode=importlib when top-level directory same name as another module of the standard library.
• #13053: Fixed a regression in pytest 8.3.4 where, when using --import-mode=importlib, a directory containing py file with the same name would cause an ImportError
• #13083: Fixed issue where pytest could crash if one of the collected directories got removed during collection.

Improved documentation

• #12842: Added dedicated page about using types with pytest.

  See types{.interpreted-text role="ref"} for detailed usage.

Contributor-facing changes

• #13112: Fixed selftest failures in test_terminal.py with Pygments >= 2.19.0
• #13256: Support for Towncrier versions released in 2024 has been re-enabled when building Sphinx docs -- by webknjaz{.interpreted-text role="user"}.

Commits

• b55ab2a Prepare release version 8.3.5
• e217726 Added dedicated page about using types with pytest #12842 (#12963) (#13260)
• 2fa3f83 Add more resources and studies to flaky tests page in docs (#13250) (#13259)
• e5c2efe Merge pull request #13256 from webknjaz/maintenance/towncrier-bump (#13258)
• 3419674 Merge pull request #13187 from pytest-dev/patchback/backports/8.3.x/b4009b319...
• b75cfb1 Add readline workaround for libedit (#13176)
• edbfff7 doc: Clarify capturing .readouterr() return value (#13222) (#13225)
• 2ebba00 Merge pull request #13199 from jakkdl/tox_docs_no_fetch (#13200)
• eb6496b doc: Change training to remote only (#13196) (#13197)
• 78cf1f6 ci: Bump build-and-inspect-python-package (#13188)
• Additional commits viewable in compare view

Updates zizmor from 1.0.0 to 1.4.1

Release notes

Sourced from zizmor's releases.

v1.4.1

This is a small corrective release for v1.4.0.

Bug Fixes 🐛🔗

• Findings produced by (unredacted-secrets) now use the correct ID and link to the correct URL in the audit documentation (#566)

v1.4.0

This release comes with one new audit (unredacted-secrets), plus a handful of bugfixes and analysis improvements to existing audits. It also comes with improvements to SARIF presentation, ignore comments, as well as an official Docker image!

New Features 🌈🔗

• zizmor now has official Docker images! You can find them on the GitHub Container Registry under ghcr.io/woodruffw/zizmor (#532)
• New audit: unredacted-secrets detects secret accesses that are not redacted in logs (#549)

Improvements 🌱🔗

• SARIF outputs are now slightly more aligned with GitHub Code Scanning expectations (#528)
• # zizmor: ignore[rule] comments can now have trailing explanations, e.g. # zizmor: ignore[rule] because reasons (#531)
• The bot-conditions audit now detects github.triggering_actor as another spoofable actor check (#559)

Bug Fixes 🐛🔗

• Fixed a bug where zizmor would fail to parse workflows with workflow_dispatch triggers that contained non-string inputs (#563)

Upcoming Changes 🚧🔗

• The next minor release of zizmor will be built with Rust 2024. This should have no effect on most users, but may require users who build zizmor from source to update their Rust toolchain.

v1.3.1

Improvements 🌱🔗

• Passing both --offline and a GitHub token (either implicitly with GH_TOKEN or explicitly with --gh-token) no longer results in an error. --offline is now given precedence, regardless of any other flags or environment settings (#519)

Bug Fixes 🐛🔗

• Fixed a bug where zizmor would fail to parse composite actions with inputs/outputs that are missing descriptions (#502)
• Expressions that contain indices with non-semantic whitespace are now parsed correctly (#511)
• Fixed a false positive in [ref-confusion] where partial tag matches were incorrectly considered confusable (#519)
• Fixed a bug where zizmor would fail to parse workflow definitions with an expression inside strategy.max-parallel (#522)

v1.3.0

This release comes with one new audit (overprovisioned-secrets), plus a handful of bugfixes and analysis improvements to existing audits. It also comes with a special easter egg for those who wish to kvell about their audit results.

New Features 🌈🔗

• New audit: overprovisioned-secrets detects uses of the secrets context that result in excessive secret provisioning (#485)
• Added a special naches mode for when you're feeling particularly proud of your audit results (#490)

Improvements 🌱🔗

• zizmor produces slightly more informative error messages when given an invalid input file (#482)
• Case insensitivity in contexts is now handeled more consistently and pervasively (#491)

... (truncated)

Changelog

Sourced from zizmor's changelog.

v1.4.1

This is a small corrective release for v1.4.0.

Bug Fixes 🐛

• Findings produced by ([unredacted-secrets]) now use the correct ID and link to the correct URL in the audit documentation (#566)

v1.4.0

This release comes with one new audit ([unredacted-secrets]), plus a handful of bugfixes and analysis improvements to existing audits. It also comes with improvements to SARIF presentation, ignore comments, as well as an official Docker image!

New Features 🌈

• zizmor now has official Docker images! You can find them on the GitHub Container Registry under ghcr.io/woodruffw/zizmor (#532)
• New audit: [unredacted-secrets] detects secret accesses that are not redacted in logs (#549)

Improvements 🌱

• SARIF outputs are now slightly more aligned with GitHub Code Scanning expectations (#528)
• # zizmor: ignore[rule] comments can now have trailing explanations, e.g. # zizmor: ignore[rule] because reasons (#531)
• The [bot-conditions] audit now detects github.triggering_actor as another spoofable actor check (#559)

Bug Fixes 🐛

• Fixed a bug where zizmor would fail to parse workflows with workflow_dispatch triggers that contained non-string inputs (#563)

Upcoming Changes 🚧

• The next minor release of zizmor will be built with Rust 2024. This should have no effect on most users, but may require users who build zizmor from source to update their Rust toolchain.

v1.3.1

Improvements 🌱

... (truncated)

Commits

• 7c7e415 chore: prep 1.4.1 release (#568)
• be5d9e8 docker: use ZIZMOR_VERSION correctly (#567)
• 75035f7 bugfix: fix audit id for unredacted secrets audit (#566)
• ff55188 chore: prep for 1.4.0 release (#565)
• 6363412 bugfix: bump github-actions-models to 0.26.0 (#563)
• 6928433 chore(deps): bump the github-actions group with 5 updates (#561)
• 8543192 chore(deps): bump the cargo group with 8 updates (#560)
• 02d4bac feat: bot-conditions: check github.triggering_actor (#559)
• 976879f docs: fix release notes for Rust 2024 (#557)
• 92f27a8 Revert "chore: cargo: actually bump the edition (#553)" (#554)
• Additional commits viewable in compare view

Updates charset-normalizer from 3.4.0 to 3.4.1

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.1

🚀 We're still raising awareness around HTTP/2, and HTTP/3!

Did you know that Internet Explorer 11 shipped with an optional HTTP/2 support back in 2013? also libcurl did ship it in 2014[...] Using Requests today is the rough equivalent of using EOL Windows 8! We promptly invite Python developers to look at the first drop-in replacement for Requests, namely Niquests. Ship with native WebSocket, SSE, Happy Eyeballs, DNS over HTTPS, and so on[...] All of this while remaining compatible with all Requests prior plug-ins / add-ons.

It leverages charset-normalizer in a better way! Check it out, you will gain up to being 3X faster and get a real/respectable support with it.

3.4.1 (2024-12-24)

Changed

• Project metadata are now stored using pyproject.toml instead of setup.cfg using setuptools as the build backend.
• Enforce annotation delayed loading for a simpler and consistent types in the project.
• Optional mypyc compilation upgraded to version 1.14 for Python >= 3.8

Added

• pre-commit configuration.
• noxfile.

Removed

• build-requirements.txt as per using pyproject.toml native build configuration.
• bin/integration.py and bin/serve.py in favor of downstream integration test (see noxfile).
• setup.cfg in favor of pyproject.toml metadata configuration.
• Unused utils.range_scan function.

Fixed

• Converting content to Unicode bytes may insert utf_8 instead of preferred utf-8. (#572)
• Deprecation warning "'count' is passed as positional argument" when converting to Unicode bytes on Python 3.13+

Changelog

Sourced from charset-normalizer's changelog.

3.4.1 (2024-12-24)

Changed

• Project metadata are now stored using pyproject.toml instead of setup.cfg using setuptools as the build backend.
• Enforce annotation delayed loading for a simpler and consistent types in the project.
• Optional mypyc compilation upgraded to version 1.14 for Python >= 3.8

Added

• pre-commit configuration.
• noxfile.

Removed

• build-requirements.txt as per using pyproject.toml native build configuration.
• bin/integration.py and bin/serve.py in favor of downstream integration test (see noxfile).
• setup.cfg in favor of pyproject.toml metadata configuration.
• Unused utils.range_scan function.

Fixed

• Converting content to Unicode bytes may insert utf_8 instead of preferred utf-8. (#572)
• Deprecation warning "'count' is passed as positional argument" when converting to Unicode bytes on Python 3.13+

Commits

• ffdf7f5 🔧 fix long description content-type inferred as rst instead of md
• c7197b7 📝 fix changelog entries (#582)
• c390e1f Merge pull request #581 from jawah/refresh-part-2
• f9d6b8c 🔒 add CODEOWNERS
• 7ce1ef1 🔧 use ubuntu-22.04 for cibuildwheel in continuous deployment workflow
• deed205 🔧 update LICENSE copyright
• f11f571 🔧 include noxfile in sdist
• 1ec7c06 🔧 update changelog
• 14b4649 🐛 output(...) replace declarative mark using non iana compliant encoding ...
• 1b06bc0 Merge branch 'refresh-part-2' of github.com:jawah/charset_normalizer into ref...
• Additional commits viewable in compare view

Updates click from 8.1.7 to 8.1.8

Release notes

Sourced from click's releases.

8.1.8

This is the Click 8.1.8 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.1.8/ Changes: https://click.palletsprojects.com/en/stable/changes/#version-8-1-8 Milestone https://github.com/pallets/click/milestones/23?closed=1

• Fix an issue with type hints for click.open_file(). #2717
• Fix issue where error message for invalid click.Path displays on multiple lines. #2697
• Fixed issue that prevented a default value of "" from being displayed in the help for an option. #2500
• The test runner handles stripping color consistently on Windows. #2705
• Show correct value for flag default when using default_map. #2632
• Fix click.echo(color=...) passing color to coloroma so it can be forced on Windows. #2606.
• More robust bash version check, fixing problem on Windows with git-bash. #2638
• Cache the help option generated by the help_option_names setting to respect its eagerness. #2811
• Replace uses of os.system with subprocess.Popen. #1476
• Exceptions generated during a command will use the context's color setting when being displayed. #2193
• Error message when defining option with invalid name is more descriptive. #2452
• Refactor code generating default --help option to deduplicate code. #2563
• Test CLIRunner resets patched _compat.should_strip_ansi. #2732

Changelog

Sourced from click's changelog.

Version 8.1.8

Unreleased

• Fix an issue with type hints for click.open_file(). :issue:2717
• Fix issue where error message for invalid click.Path displays on multiple lines. :issue:2697
• Fixed issue that prevented a default value of "" from being displayed in the help for an option. :issue:2500
• The test runner handles stripping color consistently on Windows. :issue:2705
• Show correct value for flag default when using default_map. :issue:2632
• Fix click.echo(color=...) passing color to coloroma so it can be forced on Windows. :issue:2606.

Commits

• 934813e release version 8.1.8
• c23223b Add links to third-party projects enhancing Click (#2815)
• 822d4fd Add links to third-party projects
• 8e7bed0 Break up arguments section (#2586)
• 3241541 Remove some typing hints.
• bed0377 remove test pypi
• 6534590 update dev dependencies
• b1e392e fix typos
• fdc6b02 Fix missing reset in isolation function (#2733)
• ffd43e9 Fixed missing reset on _compat.should_strip_ansi.
• Additional commits viewable in compare view

Updates urllib3 from 2.2.3 to 2.3.0

Release notes

Sourced from urllib3's releases.

2.3.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Features

• Added HTTPResponse.shutdown() to stop any ongoing or future reads for a specific response. It calls shutdown(SHUT_RD) on the underlying socket. This feature was sponsored by LaunchDarkly. (urllib3/urllib3#2868)
• Added support for JavaScript Promise Integration on Emscripten. This enables more efficient WebAssembly requests and streaming, and makes it possible to use in Node.js if you launch it as node --experimental-wasm-stack-switching. (urllib3/urllib3#3400)
• Added the proxy_is_tunneling property to HTTPConnection and HTTPSConnection. (urllib3/urllib3#3285)
• Added pickling support to NewConnectionError and NameResolutionError. (urllib3/urllib3#3480)

Bugfixes

• Fixed an issue in debug logs where the HTTP version was rendering as "HTTP/11" instead of "HTTP/1.1". (urllib3/urllib3#3489)

Deprecations and Removals

• Removed support for Python 3.8. (urllib3/urllib3#3492)

Full Changelog: urllib3/urllib3@2.2.3...2.3.0

Changelog

Sourced from urllib3's changelog.

2.3.0 (2024-12-22)

Features

• Added HTTPResponse.shutdown() to stop any ongoing or future reads for a specific response. It calls shutdown(SHUT_RD) on the underlying socket. This feature was sponsored by LaunchDarkly <https://opencollective.com/urllib3/contributions/815307>. ([#2868](https://github.com/urllib3/urllib3/issues/2868) <https://github.com/urllib3/urllib3/issues/2868>)
• Added support for JavaScript Promise Integration on Emscripten. This enables more efficient WebAssembly requests and streaming, and makes it possible to use in Node.js if you launch it as node --experimental-wasm-stack-switching. ([#3400](https://github.com/urllib3/urllib3/issues/3400) <https://github.com/urllib3/urllib3/issues/3400>__)
• Added the proxy_is_tunneling property to HTTPConnection and HTTPSConnection. ([#3285](https://github.com/urllib3/urllib3/issues/3285) <https://github.com/urllib3/urllib3/issues/3285>__)
• Added pickling support to NewConnectionError and NameResolutionError. ([#3480](https://github.com/urllib3/urllib3/issues/3480) <https://github.com/urllib3/urllib3/issues/3480>__)

Bugfixes

• Fixed an issue in debug logs where the HTTP version was rendering as "HTTP/11" instead of "HTTP/1.1". ([#3489](https://github.com/urllib3/urllib3/issues/3489) <https://github.com/urllib3/urllib3/issues/3489>__)

Deprecations and Removals

• Removed support for Python 3.8. ([#3492](https://github.com/urllib3/urllib3/issues/3492) <https://github.com/urllib3/urllib3/issues/3492>__)

Commits

• 2f68c53 Release 2.3.0
• f7bcf69 Add HTTPResponse.shutdown() to stop blocking reads (#3527)
• e942249 Update .readthedocs.yml addressing a deprecation (#3534)
• 905549d Upgrade Python pre-commit tools (#3529)
• 716d834 Fix PyPI publish with Core metadata 2.4 (#3531)
• 7ab935c Address zizmor issues
• 181357e Bump Quart to fix CI (#3524)
• 0e7e0df Start testing with Python 3.14
• d67d09b Bump mypy version
• 20032ec Drop unneeded dependency pins and a warning filter
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions