Bump the python-packages group across 1 directory with 8 updates

[dependabot]

Bumps the python-packages group with 8 updates in the / directory:

Package	From	To
mkdocs-material	9.5.47	9.6.1
twine	6.0.1	6.1.0
coverage[toml]	7.6.1	7.6.10
mypy	1.13.0	1.14.1
ruff	0.8.1	0.9.4
trio	0.27.0	0.28.0
trustme	1.2.0	1.2.1
uvicorn	0.32.1	0.34.0

Updates mkdocs-material from 9.5.47 to 9.6.1

Release notes

Sourced from mkdocs-material's releases.

mkdocs-material-9.6.1

• Fixed #7943: Tags plugin crashing due to merge error

mkdocs-material-9.6.0

• Added meta plugin
• Rewrite of the tags plugin
• Added support for allow lists in tags plugin
• Added support for and custom sorting in tags plugin
• Added support for related links in blog plugin
• Added support for custom index pages in blog plugin
• Added support for navigation subtitles
• Fixed #7924: Anchors might require two clicks when using instant navigation

mkdocs-material-9.5.50

• Fixed #7913: Social plugin renders attribute lists in page title

mkdocs-material-9.5.49

• Adjusted title color in dark mode for all supported Mermaid.js diagrams
• Fixed #7803: Privacy plugin crashes on generated files
• Fixed #7781: Mermaid.js flow chart title not visible in dark mode

mkdocs-material-9.5.48

• Fixed #7774: Disabling social cards doesn't work

Changelog

Sourced from mkdocs-material's changelog.

mkdocs-material-9.6.1 (2025-01-31)

• Fixed #7943: Tags plugin crashing due to merge error

mkdocs-material-9.6.0 (2025-01-31)

• Added meta plugin
• Rewrite of the tags plugin
• Added support for allow lists in tags plugin
• Added support for and custom sorting in tags plugin
• Added support for related links in blog plugin
• Added support for custom index pages in blog plugin
• Added support for navigation subtitles
• Fixed #7924: Anchors might require two clicks when using instant navigation

mkdocs-material-9.5.50 (2025-01-18)

• Fixed #7913: Social plugin renders attribute lists in page title

mkdocs-material-9.5.49+insiders-4.53.15 (2025-01-15)

• Fixed #7896: Scoped tags listings not rendering in subsections

mkdocs-material-9.5.49 (2024-12-16)

• Adjusted title color in dark mode for all supported Mermaid.js diagrams
• Fixed #7803: Privacy plugin crashes on generated files
• Fixed #7781: Mermaid.js flow chart title not visible in dark mode

mkdocs-material-9.5.48 (2024-12-08)

• Fixed #7774: Disabling social cards doesn't work

mkdocs-material-9.5.47 (2024-12-01)

• Fixed #7750: Numeric tags break search
• Fixed #7748: Blog plugin breaks when using future drafts (9.5.45 regression)

mkdocs-material-9.5.46 (2024-11-25)

• Added support for removing preload hints in privacy plugin
• Fixed #7734: Code blocks in h5 headlines are uppercased
• Fixed #7725: Blog plugin crashing on missing timezone (9.5.45 regression)

mkdocs-material-9.5.45 (2024-11-20)

• Reduced size of Docker image through multi-stage build
• Fixed #7708: Blog plugin crashing on YAML dates with timezones

mkdocs-material-9.5.44 (2024-11-05)

... (truncated)

Commits

• 454af62 Prepare 9.6.1 release
• 2d147c7 Fixed crashing tags plugin
• 34dc4fe Updated Premium sponsors
• 8edc6f8 Updated Premium sponsors
• 0be1d6b Documentation
• 34e301d Fixed build badge
• 4ca5214 Corrected position of related links in blog post
• 627737a Merge pull request #7942 from squidfunk/merge/chipotle
• 49daf57 Updated dependencies
• 1416697 Prepare 9.6.0 release
• Additional commits viewable in compare view

Updates twine from 6.0.1 to 6.1.0

Changelog

Sourced from twine's changelog.

Twine 6.1.0 (2025-01-17)

Features ^^^^^^^^

• Twine now has preliminary built-in support for Trusted Publishing <https://docs.pypi.org/trusted-publishers/>_ as an authentication mechanism. ([#1194](https://github.com/pypa/twine/issues/1194) <https://github.com/pypa/twine/pull/1194>_)

Deprecations and Removals ^^^^^^^^^^^^^^^^^^^^^^^^^

• Remove support for egg and wininst distribution types. These are not accepted by PyPI and not produced by any modern build-backends. ([#1195](https://github.com/pypa/twine/issues/1195) <https://github.com/pypa/twine/issues/1195>_)

• Twine no longer supports .tar.bz2 source distributions. ([#1200](https://github.com/pypa/twine/issues/1200) <https://github.com/pypa/twine/pull/1200>_)

Misc ^^^^

• packaging is used instead of pkginfo for parsing and validating metadata. This aligns metadata validation to the one performed by PyPI. packaging version 24.0 or later is required. Support for metadata version 2.4 requires packaging 24.2 or later. pkginfo is not a dependency anymore. ([#1180](https://github.com/pypa/twine/issues/1180) <https://github.com/pypa/twine/issues/1180>_)

• Use "source" instead of None as pyversion for sdist uploads. This is what PyPI (and most likely other package indexes) expects. ([#1191](https://github.com/pypa/twine/issues/1191) <https://github.com/pypa/twine/issues/1191>_)

Commits

• aa3a910 Update changelog for 6.1.0 (#1214)
• 4406034 Merge pull request #1208 from dnicolodi/rm-setuptools
• 2ca55db Simplify generation of test packages used in test_check
• bffd296 Move build_archive() from test_sdist to common helpers module
• fd0646e Merge pull request #1206 from dnicolodi/rm-binary-blobs-part1
• ab4ec8c Merge pull request #1211 from pypa/dependabot/github_actions/actions/upload-a...
• b562f74 build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0
• b2832de Remove tests/fixtures/twine-1.5.0.zip
• 970851d Remove tests/alt-fixtures/twine-1.5.0-py2.py3-none-any.whl
• 2386ca5 build(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0 (#1205)
• Additional commits viewable in compare view

Updates coverage[toml] from 7.6.1 to 7.6.10

Release notes

Sourced from coverage[toml]'s releases.

7.6.10

Version 7.6.10 — 2024-12-26

• Fix: some descriptions of missing branches in HTML and LCOV reports were incorrect when multi-line statements were involved (issue 1874 and issue 1875). These are now fixed.
• Fix: Python 3.14 defers evaluation of annotations by moving them into separate code objects. That code is rarely executed, so coverage.py would mark them as missing, as reported in issue 1908. Now they are ignored by coverage automatically.
• Fixed an obscure and mysterious problem on PyPy 3.10 seemingly involving mocks, imports, and trace functions: issue 1902. To be honest, I don’t understand the problem or the solution, but git bisect helped find it, and now it’s fixed.
• Docs: re-wrote the Measuring subprocesses page to put multiprocessing first and to highlight the correct use of https://docs.python.org/3/library/multiprocessing.html#multiprocessing.pool.Pool.

➡️  PyPI page: coverage 7.6.10. :arrow_right:  To install: python3 -m pip install coverage==7.6.10

7.6.9

Version 7.6.9 — 2024-12-06

• Fix: Tomas Uribe fixed a performance problem in the XML report. Large code bases should produce XML reports much faster now.

➡️  PyPI page: coverage 7.6.9. :arrow_right:  To install: python3 -m pip install coverage==7.6.9

7.6.8

Version 7.6.8 — 2024-11-23

• Fix: the LCOV report code assumed that a branch line that took no branches meant that the entire line was unexecuted. This isn’t true in a few cases: the line might always raise an exception, or might have been optimized away. Fixes issue 1896.
• Fix: similarly, the HTML report will now explain that a line that jumps to none of its expected destinations must have always raised an exception. Previously, it would say something nonsensical like, “line 4 didn’t jump to line 5 because line 4 was never true, and it didn’t jump to line 7 because line 4 was always true.” This was also shown in issue 1896.

➡️  PyPI page: coverage 7.6.8. :arrow_right:  To install: python3 -m pip install coverage==7.6.8

7.6.7

Version 7.6.7 — 2024-11-15

• Fix: ugh, the other assert from 7.6.5 can also be encountered in the wild, so it’s been restored to a conditional. Sorry for the churn.

➡️  PyPI page: coverage 7.6.7. :arrow_right:  To install: python3 -m pip install coverage==7.6.7

7.6.6

Version 7.6.6 — 2024-11-15

• One of the new asserts from 7.6.5 caused problems in real projects, as reported in issue 1891. The assert has been removed.

➡️  PyPI page: coverage 7.6.6. :arrow_right:  To install: python3 -m pip install coverage==7.6.6

7.6.5

Version 7.6.5 — 2024-11-14

• Fix: fine-tuned the exact Python version (3.12.6) when exiting from with statements changed how they traced. This affected whether people saw the fix for issue 1880.
• Fix: isolate our code more from mocking in the os module that in rare cases can cause bizarre behavior.
• Refactor: some code unreachable code paths in parser.py were changed to asserts. If you encounter any of these, please let me know!

... (truncated)

Changelog

Sourced from coverage[toml]'s changelog.

Commits

• f0dcf65 docs: sample HTML for 7.6.10
• 0f26f35 docs: prep for 7.6.10
• 81c5e43 docs: rewrite the subprocess page
• 878410c chore: make doc_upgrade
• f1d320d chore: make upgrade
• 67f1440 debug: this condition is never true. really?
• c85eaba fix: multi-line statements no longer confuse branch target descriptions. #187...
• 73e58fa refactor: clarify the code that fixes with-statement exits
• e16c9cc typo: backslask
• 865fd7f chore: bump the action-dependencies group with 4 updates (#1909)
• Additional commits viewable in compare view

Updates mypy from 1.13.0 to 1.14.1

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next release

Performance improvements

Mypy may be 5-30% faster. This improvement comes largely from tuning the performance of the garbage collector.

Contributed by Jukka Lehtosalo (PR 18306).

Mypyc accelerated mypy wheels for aarch64

Mypy can compile itself to C extension modules using mypyc. This makes mypy 3-5x faster than if mypy is interpreted with pure Python. We now build and upload mypyc accelerated mypy wheels for manylinux_aarch64 to PyPI, making it easy for users on such platforms to realise this speedup.

Contributed by Christian Bundy and Marc Mueller (PR mypy_mypyc-wheels#76, PR mypy_mypyc-wheels#89).

--strict-bytes

By default, mypy treats an annotation of bytes as permitting bytearray and memoryview. PEP 688 specified the removal of this special case. Use this flag to disable this behavior. --strict-bytes will be enabled by default in mypy 2.0.

Contributed by Ali Hamdan (PR 18137) and Shantanu Jain (PR 13952).

Improvements to reachability analysis and partial type handling in loops

This change results in mypy better modelling control flow within loops and hence detecting several issues it previously did not detect. In some cases, this change may require use of an additional explicit annotation of a variable.

Contributed by Christoph Tyralla (PR 18180, PR).

(Speaking of partial types, another reminder that mypy plans on enabling --local-partial-types by default in mypy 2.0).

Better discovery of configuration files

Mypy will now walk up the filesystem (up until a repository or file system root) to discover configuration files. See the mypy configuration file documentation for more details.

... (truncated)

Commits

• 251d12f Remove +dev from version for release 1.14.1
• 667e5f7 Revert "Remove redundant inheritances from Iterator in builtins" (#18324)
• 67f673a Fix enum truthiness for StrEnum (#18379)
• 3755abb Fix getargs argument passing (#18350)
• b9fa8ee Update version to 1.14.1+dev for point release
• 6f37859 Remove +dev from version for release 1.14
• 5a6a754 Minor updates to 1.14 changelog (#18310)
• 9772d48 Update changelog for release 1.14 (#18301)
• 92473c8 Warn about --follow-untyped-imports (#18249)
• e6ce8be PEP 702 (@​deprecated): descriptors (#18090)
• Additional commits viewable in compare view

Updates ruff from 0.8.1 to 0.9.4

Release notes

Sourced from ruff's releases.

0.9.4

Release Notes

Preview features

• [airflow] Extend airflow context parameter check for BaseOperator.execute (AIR302) (#15713)
• [airflow] Update AIR302 to check for deprecated context keys (#15144)
• [flake8-bandit] Permit suspicious imports within stub files (S4) (#15822)
• [pylint] Do not trigger PLR6201 on empty collections (#15732)
• [refurb] Do not emit diagnostic when loop variables are used outside loop body (FURB122) (#15757)
• [ruff] Add support for more re patterns (RUF055) (#15764)
• [ruff] Check for shadowed map before suggesting fix (RUF058) (#15790)
• [ruff] Do not emit diagnostic when all arguments to zip() are variadic (RUF058) (#15744)
• [ruff] Parenthesize fix when argument spans multiple lines for unnecessary-round (RUF057) (#15703)

Rule changes

• Preserve quote style in generated code (#15726, #15778, #15794)
• [flake8-bugbear] Exempt NewType calls where the original type is immutable (B008) (#15765)
• [pylint] Honor banned top-level imports by TID253 in PLC0415. (#15628)
• [pyupgrade] Ignore is_typeddict and TypedDict for deprecated-import (UP035) (#15800)

CLI

• Fix formatter warning message for flake8-quotes option (#15788)
• Implement tab autocomplete for ruff config (#15603)

Bug fixes

• [flake8-comprehensions] Do not emit unnecessary-map diagnostic when lambda has different arity (C417) (#15802)
• [flake8-comprehensions] Parenthesize sorted when needed for unnecessary-call-around-sorted (C413) (#15825)
• [pyupgrade] Handle end-of-line comments for quoted-annotation (UP037) (#15824)

Documentation

• Add missing config docstrings (#15803)
• Add references to trio.run_process and anyio.run_process (#15761)
• Use uv init --lib in tutorial (#15718)

Contributors

• @​AlexWaygood
• @​Garrett-R
• @​InSyncWithFoo
• @​JelleZijlstra
• @​Lee-W
• @​MichaReiser
• @​charliermarsh
• @​dcreager
• @​dhruvmanila
• @​dylwil3

... (truncated)

Changelog

Sourced from ruff's changelog.

0.9.4

Preview features

• [airflow] Extend airflow context parameter check for BaseOperator.execute (AIR302) (#15713)
• [airflow] Update AIR302 to check for deprecated context keys (#15144)
• [flake8-bandit] Permit suspicious imports within stub files (S4) (#15822)
• [pylint] Do not trigger PLR6201 on empty collections (#15732)
• [refurb] Do not emit diagnostic when loop variables are used outside loop body (FURB122) (#15757)
• [ruff] Add support for more re patterns (RUF055) (#15764)
• [ruff] Check for shadowed map before suggesting fix (RUF058) (#15790)
• [ruff] Do not emit diagnostic when all arguments to zip() are variadic (RUF058) (#15744)
• [ruff] Parenthesize fix when argument spans multiple lines for unnecessary-round (RUF057) (#15703)

Rule changes

• Preserve quote style in generated code (#15726, #15778, #15794)
• [flake8-bugbear] Exempt NewType calls where the original type is immutable (B008) (#15765)
• [pylint] Honor banned top-level imports by TID253 in PLC0415. (#15628)
• [pyupgrade] Ignore is_typeddict and TypedDict for deprecated-import (UP035) (#15800)

CLI

• Fix formatter warning message for flake8-quotes option (#15788)
• Implement tab autocomplete for ruff config (#15603)

Bug fixes

• [flake8-comprehensions] Do not emit unnecessary-map diagnostic when lambda has different arity (C417) (#15802)
• [flake8-comprehensions] Parenthesize sorted when needed for unnecessary-call-around-sorted (C413) (#15825)
• [pyupgrade] Handle end-of-line comments for quoted-annotation (UP037) (#15824)

Documentation

• Add missing config docstrings (#15803)
• Add references to trio.run_process and anyio.run_process (#15761)
• Use uv init --lib in tutorial (#15718)

0.9.3

Preview features

• [airflow] Argument fail_stop in DAG has been renamed as fail_fast (AIR302) (#15633)
• [airflow] Extend AIR303 with more symbols (#15611)
• [flake8-bandit] Report all references to suspicious functions (S3) (#15541)
• [flake8-pytest-style] Do not emit diagnostics for empty for loops (PT012, PT031) (#15542)
• [flake8-simplify] Avoid double negations (SIM103) (#15562)
• [pyflakes] Fix infinite loop with unused local import in __init__.py (F401) (#15517)
• [pylint] Do not report methods with only one EM101-compatible raise (PLR6301) (#15507)
• [pylint] Implement redefined-slots-in-subclass (W0244) (#9640)

... (truncated)

Commits

• 854ab03 Bump version to 0.9.4 (#15831)
• b0b8b06 Remove semicolon after TypeScript interface definition (#15827)
• 451f251 [red-knot] Clarify behavior when redeclaring base class attributes (#15826)
• 13cf3e6 [flake8-comprehensions] Parenthesize sorted when needed for `unnecessary-...
• 56f956a [pyupgrade] Handle end-of-line comments for quoted-annotation (UP037) (...
• 7a10a40 [flake8-bandit] Permit suspicious imports within stub files (S4) (#15822)
• 3125332 [red-knot] Format mdtest snippets with the latest version of black (#15819)
• 15d886a [red-knot] Consider all definitions after terminal statements unreachable (#1...
• e1c9d10 [flake8-comprehensions] Do not emit unnecessary-map diagnostic when lambd...
• 23c9884 Preserve quotes in generated f-strings (#15794)
• Additional commits viewable in compare view

Updates trio from 0.27.0 to 0.28.0

Release notes

Sourced from trio's releases.

v0.28.0

Full Changelog: python-trio/trio@v0.27.0...v0.28.0

Bugfixes

• :func:inspect.iscoroutinefunction and the like now give correct answers when called on KI-protected functions. (python-trio/trio#2670)

• Rework KeyboardInterrupt protection to track code objects, rather than frames, as protected or not. The new implementation no longer needs to access frame.f_locals dictionaries, so it won't artificially extend the lifetime of local variables. Since KeyboardInterrupt protection is now imposed statically (when a protected function is defined) rather than each time the function runs, its previously-noticeable performance overhead should now be near zero. The lack of a call-time wrapper has some other benefits as well:

  • :func:inspect.iscoroutinefunction and the like now give correct answers when called on KI-protected functions.

  • Calling a synchronous KI-protected function no longer pushes an additional stack frame, so tracebacks are clearer.

  • A synchronous KI-protected function invoked from C code (such as a weakref finalizer) is now guaranteed to start executing; previously there would be a brief window in which KeyboardInterrupt could be raised before the protection was established.

  One minor drawback of the new approach is that multiple instances of the same closure share a single KeyboardInterrupt protection state (because they share a single code object). That means that if you apply trio.lowlevel.enable_ki_protection to some of them and not others, you won't get the protection semantics you asked for. See the documentation of trio.lowlevel.enable_ki_protection for more details and a workaround. (python-trio/trio#3108)

• Rework foreign async generator finalization to track async generator ids rather than mutating ag_frame.f_locals. This fixes an issue with the previous implementation: locals' lifetimes will no longer be extended by materialization in the ag_frame.f_locals dictionary that the previous finalization dispatcher logic needed to access to do its work. (python-trio/trio#3112)

• Ensure that Pyright recognizes our underscore prefixed attributes for attrs classes. (python-trio/trio#3114)

• Fix trio.testing.RaisesGroup's typing. (python-trio/trio#3141)

Improved documentation

• Improve error message when run after gevent's monkey patching. (python-trio/trio#3087)
• Document that trio.sleep_forever is guaranteed to raise an exception now. (python-trio/trio#3113)

... (truncated)

Commits

• e5e17ef Bump version to 0.28.0
• 8a28c55 Merge pull request #3171 from A5rocks/remove-explained-xfails
• e7e7c4a Explain why our MacOS 14 runners failed with CPython 3.13.1
• 2d87c0e Merge pull request #3157 from jakkdl/cleanup_checksh
• 3260974 Merge pull request #3169 from python-trio/pre-commit-ci-update-config
• 613fa4e Fixing RUF043, use raw strings in match=
• 2b08c98 Update version of ruff used in tests
• 58f7bc4 [pre-commit.ci] pre-commit autoupdate
• 2bc884c Merge branch 'main' into cleanup_checksh
• 8f787d6 it seems uv pip-compile is sorting the requirements now
• Additional commits viewable in compare view

Updates trustme from 1.2.0 to 1.2.1

Release notes

Sourced from trustme's releases.

1.2.1

Bugfixes

• Update from deprecated pyOpenSSL APIs to non-deprecated cryptography APIs. (python-trio/trustme#670)

Commits

• 6d39f51 Bump version to 1.2.1
• 4290066 Polish off #670
• a49a64b Switch to nox (#668)
• e3dc904 Use cryptography to load the pyOpenSSL certificates (#670)
• 00a906d Bump the dependencies group with 10 updates (#669)
• 49b59dd Fix 1.2.0 release notes (#667)
• dd1778b Bump version to 1.2.0+dev
• See full diff in compare view

Updates uvicorn from 0.32.1 to 0.34.0

Release notes

Sourced from uvicorn's releases.

Version 0.34.0

What's Changed

• Add content-length to 500 response in wsproto by @​Kludex in encode/uvicorn#2542
• Drop Python 3.8 by @​Kludex in encode/uvicorn#2543

---

Full Changelog: encode/uvicorn@0.33.0...0.34.0

Version 0.33.0

What's Changed

• Remove WatchGod by @​Kludex in encode/uvicorn#2536

New Contributors

• @​bwells made their first contribution in encode/uvicorn#2491
• @​tback made their first contribution in encode/uvicorn#2528

Full Changelog: encode/uvicorn@0.32.1...0.33.0

Changelog

Sourced from uvicorn's changelog.

0.34.0 (December 15, 2024)

Added

• Add content-length to 500 response in wsproto implementation (#2542)

Removed

• Drop support for Python 3.8 (#2543)

0.33.0 (December 14, 2024)

Removed

• Remove WatchGod support for --reload (#2536)

Commits

• 7983c1a Version 0.34.0 (#2546)
• 75d4402 Add alls-green job (#2544)
• 4156ccb Drop Python 3.8 (#2543)
• 3575cba Add content-length to 500 response in wsproto (#2542)
• a500513 Version 0.33.0 (#2539)
• 038f8ef Bump the python-packages group across 1 directory with 9 updates (#2538)
• 3aa1d01 Remove WatchGod (#2536)
• a3cc360 docs: add note about server behavior on exceptions (#2535)
• 6725ebb docs: add more mkdocs-material features (#2534)
• bfa754eencode/uvicorn#2527#2528)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Superseded by #3501.