update: bump the pip-packages group across 1 directory with 7 updates

[dependabot]

Bumps the pip-packages group with 7 updates in the / directory:

Package	From	To
semgrep	1.104.0	1.116.0
mkdocs-material	9.5.50	9.6.11
bandit	1.8.2	1.8.3
black	24.10.0	25.1.0
pylint	3.3.3	3.3.6
pytest	8.3.4	8.3.5
pytest-cov	6.0.0	6.1.0

Updates semgrep from 1.104.0 to 1.116.0

Release notes

Sourced from semgrep's releases.

Release v1.116.0

1.116.0 - 2025-03-28

Fixed

• Use value of $XDG_CACHE_HOME before hardcoded ~/.cache for semgrep_version file (gh-4465)

v1.114.0

1.114.0 - 2025-03-19

Fixed

• Pro Engine now more accurately tracks the scope of Python local variables. For example, the following code defines two z variables that should be tracked separately.

  z = 1
  def foo():
  
  z = 2
  
  a = z
  
  

  The Pro engine now correctly recognizes that the z assigned to a is the one defined in the local scope, not the global scope. (code-8114)

v1.113.0

1.113.0 - 2025-03-17

Fixed

• Semgrep will no longer fail a diff scan if there is a relative safe directory (saf-1851)

Release v1.112.0

1.112.0 - 2025-03-13

Added

• TypeScript parser now allows ellipses in class bodies. For example, you can write the pattern like:

... (truncated)

Changelog

Sourced from semgrep's changelog.

1.116.0 - 2025-03-28

Fixed

• Use value of $XDG_CACHE_HOME before hardcoded ~/.cache for semgrep_version file (gh-4465)

1.115.0 - 2025-03-26

Added

• pro: Extended the requires: key for taint sinks to specify multiple conditions associated with different metavariables.

  For example:

  pattern-sinks:
  - patterns:
    - pattern: $OBJ.foo($SINK, $ARG1)
    - focus-metavariable: $SINK
    requires:
    - $SINK: TAINT
    - $OBJ: OBJ
    - $ARG1: ARG1
  

  With a regular requires: the condition can only apply to whatever the sink is matching, in this case, $SINK. With a "multi-requires" we are able to restrict $SINK, $OBJ and $ARG1 independently, each one having its own condition.

  Note that requires: is part of the experimental taint labels feature. (code-7912)

• In the text output of semgrep scan and semgrep ci, a warning message announcing the upcoming Semgrepignore v2 is now displayed. Differences in target selection are shown. (semgrepignore-v2-warning)

1.114.0 - 2025-03-19

Fixed

• Pro Engine now more accurately tracks the scope of Python local variables. For example, the following code defines two z variables that should be tracked separately.

... (truncated)

Commits

• 012bdf7 chore: release version 1.116.0
• 66b6304semgrep/semgrep-proprietary#3528
• b9d220f chore(windows): nudge Windows users away at build and runtime (semgrep/semgr...
• e61b44c fix: remove extraneous debugging statement from SAF-1842 (semgrep/semgrep-pro...
• bb5df23 fix(ci): refer to the same directory in the OSS workflow (semgrep/semgrep-pro...
• 5500992 fix: apply windows patch to OSS windows workflow (semgrep/semgrep-proprietary...
• 3136d06 fix(SAF-1842): don't suggest --verbose if already set (semgrep/semgrep-propri...
• bb5e745semgrep/semgrep-proprietary#3514
• 7953db9 chore: update to use latest opentelemetry version (semgrep/semgrep-proprietar...
• 5f5d861semgrep/semgrep-proprietary#3505
• Additional commits viewable in compare view

Updates mkdocs-material from 9.5.50 to 9.6.11

Release notes

Sourced from mkdocs-material's releases.

mkdocs-material-9.6.11

• Updated Docker image to latest Alpine Linux
• Bump required Jinja version to 3.1
• Fixed #8133: Jinja filter items not available (9.6.10 regression)
• Fixed #8128: Search plugin not entirely disabled via enabled setting

mkdocs-material-9.6.10

This version is a pure refactoring release, and does not contain new features or bug fixes. It strives to improve the compatibility of our templates with alternative Jinja-like template engines that we're currently exploring, including minijinja.

Additionally, it replaces several instances of Python function invocations with idiomatic use of template filters. All instances where variables have been mutated inside templates have been replaced. Most changes have been made in partials, and only a few in blocks, and all of them are fully backward compatible, so no changes to overrides are necessary.

Note that this release does not replace the Jinja template engine with minijinja. However, our templates are now 99% compatible with minijinja, which means we can explore alternative Jinja-compatible implementations. Additionally, immutability and removal of almost all Python function invocations means much more idiomatic templating.

mkdocs-material-9.6.9

• Updated Serbo-Croatian translations
• Fixed #8086: Custom SVG icons containing hashes break rendering
• Fixed #8067: Drawer has gap on right side in Firefox on some OSs

mkdocs-material-9.6.8

• Added Welsh translations
• Fixed #8076: Privacy plugin crashes if HTTP download fails

mkdocs-material-9.6.7

• Fixed #8056: Error in backrefs implementation (9.6.6 regression)
• Fixed #8054: Unescaped quotes in ARIA labels of table of contents

mkdocs-material-9.6.6

• Fixed #8040: Privacy plugin not replacing exteral assets (9.6.5 regression)
• Fixed #8031: Replace unmaintained regex package in search plugin

mkdocs-material-9.6.5

• Fixed #8016: Tags listing not showing when when file name has spaces
• Fixed #8012: Privacy plugin crashes if HTTP download fails

mkdocs-material-9.6.4

• Fixed #7985: Blog content sometimes not stretching to full width
• Fixed #7978: Navigation rendering bug in Safari 18.3

mkdocs-material-9.6.3

• Fixed rendering of arrow heads in Mermaid.js class diagrams
• Fixed #7960: Tags plugin crashes on numeric metadata titles

mkdocs-material-9.6.2

• Fixed #7955: Excessively long words don't break on narrow screens
• Fixed #7947: Scope setting interferes with outdated version banner

mkdocs-material-9.6.1

• Fixed #7943: Tags plugin crashing due to merge error

... (truncated)

Changelog

Sourced from mkdocs-material's changelog.

mkdocs-material-9.6.11 (2025-04-01)

• Updated Docker image to latest Alpine Linux
• Bump required Jinja version to 3.1
• Fixed #8133: Jinja filter items not available (9.6.10 regression)
• Fixed #8128: Search plugin not entirely disabled via enabled setting

mkdocs-material-9.6.10 (2025-03-30)

This version is a pure refactoring release, and does not contain new features or bug fixes. It strives to improve the compatibility of our templates with alternative Jinja-like template engines that we're currently exploring, including minijinja.

Additionally, it replaces several instances of Python function invocations with idiomatic use of template filters. All instances where variables have been mutated inside templates have been replaced. Most changes have been made in partials, and only a few in blocks, and all of them are fully backward compatible, so no changes to overrides are necessary.

Note that this release does not replace the Jinja template engine with minijinja. However, our templates are now 99% compatible with minijinja, which means we can explore alternative Jinja-compatible implementations. Additionally, immutability and removal of almost all Python function invocations means much more idiomatic templating.

mkdocs-material-9.6.9 (2025-03-17)

• Updated Serbo-Croatian translations
• Fixed #8086: Custom SVG icons containing hashes break rendering
• Fixed #8067: Drawer has gap on right side in Firefox on some OSs

mkdocs-material-9.6.8+insiders-4.53.16 (2025-03-13)

• Fixed #8019: Tooltips have precedence over instant previews

mkdocs-material-9.6.8 (2025-03-13)

• Added Welsh translations
• Fixed #8076: Privacy plugin crashes if HTTP download fails

mkdocs-material-9.6.7 (2025-03-03)

• Fixed #8056: Error in backrefs implementation (9.6.6 regression)
• Fixed #8054: Unescaped quotes in ARIA labels of table of contents

mkdocs-material-9.6.6 (2025-03-01)

• Fixed #8040: Privacy plugin not replacing exteral assets (9.6.5 regression)
• Fixed #8031: Replace unmaintained regex package in search plugin

... (truncated)

Commits

• 7661f07 Prepare 9.6.11 release
• bf1fe5a Upgraded dependencies
• 3e9bb53 Bumped required version of jinja2 to ~=3.1 (#8132)
• 64635ba Fixed search not honoring enabled setting in templates
• 5d30815 Updated README
• 8438fed Updated premium sponsors
• 2f4f384 Updated Alpine base image in Dockerfile
• 7bd6b92 Prepare 9.6.10 release
• dc7d75e Updated dependencies
• c18630f Removed usage of circular members in nav_item partial
• Additional commits viewable in compare view

Updates bandit from 1.8.2 to 1.8.3

Release notes

Sourced from bandit's releases.

1.8.3

What's Changed

• Bump docker/build-push-action from 6.10.0 to 6.11.0 by @​dependabot in PyCQA/bandit#1220
• Bump docker/build-push-action from 6.11.0 to 6.12.0 by @​dependabot in PyCQA/bandit#1221
• Bump docker/build-push-action from 6.12.0 to 6.13.0 by @​dependabot in PyCQA/bandit#1222
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in PyCQA/bandit#1229
• Update bug template to include latest released versions by @​ericwb in PyCQA/bandit#1218
• Add markupsafe.Markup XSS plugin by @​Daverball in PyCQA/bandit#1225
• Warn not error on an nonexistant test given by @​ericwb in PyCQA/bandit#1230
• Bump sigstore/cosign-installer from 3.7.0 to 3.8.0 by @​dependabot in PyCQA/bandit#1233
• Bump docker/setup-buildx-action from 3.8.0 to 3.9.0 by @​dependabot in PyCQA/bandit#1234
• B107: Skip None values in hardcoded password detection by @​lukehinds in PyCQA/bandit#1232
• Pytorch fix by @​lukehinds in PyCQA/bandit#1231

New Contributors

• @​Daverball made their first contribution in PyCQA/bandit#1225

Full Changelog: PyCQA/bandit@1.8.2...1.8.3

Commits

• 8ff25e0 Pytorch fix (#1231)
• def123a B107: Skip None values in hardcoded password detection (#1232)
• 00b1e95 Bump docker/setup-buildx-action from 3.8.0 to 3.9.0 (#1234)
• a324f42 Bump sigstore/cosign-installer from 3.7.0 to 3.8.0 (#1233)
• affd4fd Warn not error on an nonexistant test given (#1230)
• 5e3e694 Add markupsafe.Markup XSS plugin (#1225)
• 6133e08 Update bug template to include latest released versions (#1218)
• 7619cc4 [pre-commit.ci] pre-commit autoupdate (#1229)
• 3348781 Bump docker/build-push-action from 6.12.0 to 6.13.0 (#1222)
• ef0090f Bump docker/build-push-action from 6.11.0 to 6.12.0 (#1221)
• Additional commits viewable in compare view

Updates black from 24.10.0 to 25.1.0

Release notes

Sourced from black's releases.

25.1.0

Highlights

This release introduces the new 2025 stable style (#4558), stabilizing the following changes:

• Normalize casing of Unicode escape characters in strings to lowercase (#2916)
• Fix inconsistencies in whether certain strings are detected as docstrings (#4095)
• Consistently add trailing commas to typed function parameters (#4164)
• Remove redundant parentheses in if guards for case blocks (#4214)
• Add parentheses to if clauses in case blocks when the line is too long (#4269)
• Whitespace before # fmt: skip comments is no longer normalized (#4146)
• Fix line length computation for certain expressions that involve the power operator (#4154)
• Check if there is a newline before the terminating quotes of a docstring (#4185)
• Fix type annotation spacing between * and more complex type variable tuple (#4440)

The following changes were not in any previous release:

• Remove parentheses around sole list items (#4312)
• Generic function definitions are now formatted more elegantly: parameters are split over multiple lines first instead of type parameter definitions (#4553)

Stable style

• Fix formatting cells in IPython notebooks with magic methods and starting or trailing empty lines (#4484)
• Fix crash when formatting with statements containing tuple generators/unpacking (#4538)

Preview style

• Fix/remove string merging changing f-string quotes on f-strings with internal quotes (#4498)
• Collapse multiple empty lines after an import into one (#4489)
• Prevent string_processing and wrap_long_dict_values_in_parens from removing parentheses around long dictionary values (#4377)
• Move wrap_long_dict_values_in_parens from the unstable to preview style (#4561)

Packaging

• Store license identifier inside the License-Expression metadata field, see PEP 639. (#4479)

Performance

• Speed up the is_fstring_start function in Black's tokenizer (#4541)

Integrations

• If using stdin with --stdin-filename set to a force excluded path, stdin won't be

... (truncated)

Changelog

Sourced from black's changelog.

25.1.0

Highlights

This release introduces the new 2025 stable style (#4558), stabilizing the following changes:

• Normalize casing of Unicode escape characters in strings to lowercase (#2916)
• Fix inconsistencies in whether certain strings are detected as docstrings (#4095)
• Consistently add trailing commas to typed function parameters (#4164)
• Remove redundant parentheses in if guards for case blocks (#4214)
• Add parentheses to if clauses in case blocks when the line is too long (#4269)
• Whitespace before # fmt: skip comments is no longer normalized (#4146)
• Fix line length computation for certain expressions that involve the power operator (#4154)
• Check if there is a newline before the terminating quotes of a docstring (#4185)
• Fix type annotation spacing between * and more complex type variable tuple (#4440)

The following changes were not in any previous release:

• Remove parentheses around sole list items (#4312)
• Generic function definitions are now formatted more elegantly: parameters are split over multiple lines first instead of type parameter definitions (#4553)

Stable style

• Fix formatting cells in IPython notebooks with magic methods and starting or trailing empty lines (#4484)
• Fix crash when formatting with statements containing tuple generators/unpacking (#4538)

Preview style

• Fix/remove string merging changing f-string quotes on f-strings with internal quotes (#4498)
• Collapse multiple empty lines after an import into one (#4489)
• Prevent string_processing and wrap_long_dict_values_in_parens from removing parentheses around long dictionary values (#4377)
• Move wrap_long_dict_values_in_parens from the unstable to preview style (#4561)

Packaging

• Store license identifier inside the License-Expression metadata field, see PEP 639. (#4479)

Performance

• Speed up the is_fstring_start function in Black's tokenizer (#4541)

Integrations

... (truncated)

Commits

• 8a737e7 Prepare release 25.1.0 (#4563)
• d330dee docs: We're not going to use backslashes for the with statement (#4564)
• 3d81290 Move wrap_long_dict_values_in_parens to the preview style (#4561)
• 459562c Improve function declaration wrapping when it contains generic type definitio...
• 99dbf30 Cache executor to avoid hitting open file limits (#4560)
• c0b92f3 Prepare the 2025 stable style (#4558)
• e58baf1 Add test for #1187 (#4559)
• 1455ae4 Fix docs CI (#4555)
• 584d033 fix: Don't remove parenthesis around long dictionary values (#4377)
• 6e96540 Fix CI (#4551)
• Additional commits viewable in compare view

Updates pylint from 3.3.3 to 3.3.6

Commits

• 7ac5a4d Bump pylint to 3.3.6, update changelog
• 32871c5 Move deprecated 'tool.setuptools.license-files', remove license classifier (#...
• 6455c45 Add pyproject.fmt to the pre-commit tooling (#10220)
• e394611 Bump types-setuptools from 75.8.2.20250305 to 76.0.0.20250313 (#10279)
• 544464a [used-before-assignment] Fix FP for inner function return type (#10275) (#10285)
• f28d768 Ref #10260 -- Add documentation for the github output format (#10272) (#10273)
• 6b68f91 Add additional permissions for backport workflow (#10269) (#10270)
• 819d606 Minor improvements to release workflow (#10267)
• aaab3cc Bump pylint to 3.3.5, update changelog (#10266)
• 1052bc8 Bump pylint to 3.3.5a0, update changelog
• Additional commits viewable in compare view

Updates pytest from 8.3.4 to 8.3.5

Release notes

Sourced from pytest's releases.

8.3.5

pytest 8.3.5 (2025-03-02)

Bug fixes

• #11777: Fixed issue where sequences were still being shortened even with -vv verbosity.
• #12888: Fixed broken input when using Python 3.13+ and a libedit build of Python, such as on macOS or with uv-managed Python binaries from the python-build-standalone project. This could manifest e.g. by a broken prompt when using Pdb, or seeing empty inputs with manual usage of input() and suspended capturing.
• #13026: Fixed AttributeError{.interpreted-text role="class"} crash when using --import-mode=importlib when top-level directory same name as another module of the standard library.
• #13053: Fixed a regression in pytest 8.3.4 where, when using --import-mode=importlib, a directory containing py file with the same name would cause an ImportError
• #13083: Fixed issue where pytest could crash if one of the collected directories got removed during collection.

Improved documentation

• #12842: Added dedicated page about using types with pytest.

  See types{.interpreted-text role="ref"} for detailed usage.

Contributor-facing changes

• #13112: Fixed selftest failures in test_terminal.py with Pygments >= 2.19.0
• #13256: Support for Towncrier versions released in 2024 has been re-enabled when building Sphinx docs -- by webknjaz{.interpreted-text role="user"}.

Commits

• b55ab2a Prepare release version 8.3.5
• e217726 Added dedicated page about using types with pytest #12842 (#12963) (#13260)
• 2fa3f83 Add more resources and studies to flaky tests page in docs (#13250) (#13259)
• e5c2efe Merge pull request #13256 from webknjaz/maintenance/towncrier-bump (#13258)
• 3419674 Merge pull request #13187 from pytest-dev/patchback/backports/8.3.x/b4009b319...
• b75cfb1 Add readline workaround for libedit (#13176)
• edbfff7 doc: Clarify capturing .readouterr() return value (#13222) (#13225)
• 2ebba00 Merge pull request #13199 from jakkdl/tox_docs_no_fetch (#13200)
• eb6496b doc: Change training to remote only (#13196) (#13197)
• 78cf1f6 ci: Bump build-and-inspect-python-package (#13188)
• Additional commits viewable in compare view

Updates pytest-cov from 6.0.0 to 6.1.0

Changelog

Sourced from pytest-cov's changelog.

6.1.0 (2025-04-01)

• Change terminal output to use full width lines for the coverage header. Contributed by Tsvika Shapira in [#678](https://github.com/pytest-dev/pytest-cov/issues/678) <https://github.com/pytest-dev/pytest-cov/pull/678>_.
• Removed unnecessary CovFailUnderWarning. Fixes [#675](https://github.com/pytest-dev/pytest-cov/issues/675) <https://github.com/pytest-dev/pytest-cov/issues/675>_.
• Fixed the term report not using the precision specified via --cov-precision.

Commits

• 10f8cde Bump version: 6.0.0 → 6.1.0
• 10b14af Update changelog.
• aa57aed Refactor a bit the internals to be a bit less boilerplatey and have more clar...
• e760099 Make sure the CLI precision is used when creating report. Fixes #674.
• 44540e1 Remove unnecessary CovFailUnderWarning. Closes #675.
• 204af14 Update changelog.
• 089e7bb Upgrade ruff.
• ab2cd26 Add py 3.13 to test grid and update some deps.
• 2de0c6c add reference to code source
• 362a359 move section between functions
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions