Skip to content

Bump the pip-dependencies group across 1 directory with 7 updates#626

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/pip-dependencies-75c6837511
Open

Bump the pip-dependencies group across 1 directory with 7 updates#626
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/pip-dependencies-75c6837511

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the pip-dependencies group with 7 updates in the / directory:

Package From To
mashumaro 3.21 3.22
isort 6.1.0 8.0.1
pytest-asyncio 1.3.0 1.4.0
flake8-simplify 0.22.0 0.30.0
ruff 0.14.7 0.15.15
safety 3.7.0 3.8.1
syrupy 5.2.0 5.3.1

Updates mashumaro from 3.21 to 3.22

Release notes

Sourced from mashumaro's releases.

v3.22

Changes

  • Added support for using Annotated[..., JSONSchema(...)] in JSON Schema generation (#326)
  • Added new fields contentEncoding, contentMediaType, contentSchema to JSONSchema (#326)
Commits

Updates isort from 6.1.0 to 8.0.1

Release notes

Sourced from isort's releases.

8.0.1

Changes

8.0.0

Changes

🚀 Features

👷 Continuous Integration

📦 Dependencies

7.0.0

Changes

💥 Breaking Changes

🚀 Features

🪲 Fixes

... (truncated)

Changelog

Sourced from isort's changelog.

Changelog

NOTE: isort follows the semver versioning standard. Find out more about isort's release policy here.

Releases

Unreleased

8.0.0 February 19 2026

  • Removed --old-finders and --magic-placement flags and old_finders configuration option. The legacy finder logic that relied on environment introspection has been removed (#2445) @​joao-faria-dev
  • Update the plone profile to not clash with black (#2456) @​ale-rt
Commits
  • a333737 Merge pull request #2463 from FinlayTheBerry/issue/2461
  • 878ba7e Added compression to stdlibs for Python 3.14 in isort/stdlibs/py314.py
  • b5f06a7 Merge pull request #2459 from Fridayai700/fix-unindented-comment-corruption
  • 3459bde Merge pull request #2460 from PyCQA/DanielNoord-patch-1
  • 6e70bb6 Update CHANGELOG for version 8.0.0
  • fd2514b Fix unindented comments being corrupted in indented blocks
  • b0f2dab Merge pull request #2458 from skv0zsneg/issue/1882
  • 313797b Fix lint.
  • 7d3a6f5 Add ignore for cyclomatic complexity check.
  • 6b9f895 Remove debug prints.
  • Additional commits viewable in compare view

Updates pytest-asyncio from 1.3.0 to 1.4.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio v1.4.0

1.4.0 - 2026-05-26

Deprecated

  • Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

  • Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

    The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged.

    Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

  • Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
  • Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)
  • Updated minimum supported pytest version to v8.4.0. (#1397)

Fixed

  • Fixed a ResourceWarning: unclosed event loop warning that could occur when a synchronous test called asyncio.run() or otherwise unset the current event loop after pytest-asyncio had run an async test or fixture. (#724)

Notes for Downstream Packagers

  • Added dependency on sphinx-tabs >= 3.5 to organize documentation examples into tabs. (#1395)

pytest-asyncio v1.4.0a2

1.4.0a2 - 2026-05-02

Deprecated

  • Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

  • Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

    The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged on pytest 8.4+.

    Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

  • Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
  • Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)

... (truncated)

Commits
  • 6e14cd2 chore: Prepare release of v1.4.0.
  • 4b900fb Build(deps): Bump codecov/codecov-action from 6.0.0 to 6.0.1
  • ab9f632 Build(deps): Bump zipp from 3.23.1 to 4.1.0
  • a56fc77 Build(deps): Bump hypothesis from 6.152.6 to 6.152.8
  • e8bae9b Build(deps): Bump requests from 2.34.0 to 2.34.2
  • fc43340 Build(deps): Bump idna from 3.14 to 3.15
  • 762eaf5 Build(deps): Bump jaraco-functools from 4.4.0 to 4.5.0
  • b62e222 Build(deps): Bump click from 8.3.3 to 8.4.0
  • 9190447 Build(deps): Bump pydantic from 2.13.3 to 2.13.4
  • 82a393c ci: Remove unnecessary debug output.
  • Additional commits viewable in compare view

Updates flake8-simplify from 0.22.0 to 0.30.0

Changelog

Sourced from flake8-simplify's changelog.

0.30.0

Release on 01.01.2025

BREAKING CHANGE:

  • Deprecated support for Python 3.6, 3.7 and 3.8. Minimum supported Python version is now 3.9.

Other changes:

  • Added support for Python 3.13
  • Removed dependency on astor

0.21.0

Release on 23.09.2023

New rules:

  • SIM911: zip(dict.keys(), dict.values()) → dict.items()

0.20.0

Release on 30.03.2023

New rules:

  • SIM910: dict.get(key, None) → dict.get(key)

0.19.3

Released on 28.07.2022

  • SIM104: Remove false-positives in case the loop is not a direct child of an async function (#147) by @​wyuenho

0.19.2

Released on 29.03.2022

Removed rules due to false-positives:

  • SIM903: Positional-only parameters cannot be identified in the AST
  • SIM909: Class attribute assignments are not reflexive assignments

0.19.1

Released on 29.03.2022

Removed rules due to false-positives:

  • SIM902: Positional-only parameters cannot be identified in the AST
  • SIM908: Ensure that the assigned name is equal to the name in the if.test

... (truncated)

Commits

Updates ruff from 0.14.7 to 0.15.15

Release notes

Sourced from ruff's releases.

0.15.15

Release Notes

Released on 2026-05-28.

Preview features

  • Fix Markdown closing fence handling (#25310)
  • [pyflakes] Report duplicate imports in typing.TYPE_CHECKING block (F811) (#22560)

Bug fixes

  • [pyflakes] Treat function-scope bare annotations as locals per PEP 526 (F821) (#21540)

Performance

  • Avoid redundant TokenValue drops in the lexer (#25300)
  • Reduce memory usage by dropping token-excess capacity and improve performance by approximating the initial tokens Vec size (#25354)
  • Use ThinVec in AST to shrink Stmt (#25361)

Documentation

  • Fix line-length example for --config option (#25389)
  • [flake8-comprehensions] Document RecursionError edge case in __len__ (C416) (#25286)
  • [mccabe] Improve example (C901) (#25287)
  • [pyupgrade] Clarify fix safety docs (UP007, UP045) (#25288)
  • [refurb] Document FURB192 exception change for empty sequences (#25317)
  • [ruff] Document false negative for user-defined types (RUF013) (#25289)

Formatter

  • Fix formatting of lambdas nested within f-strings (#25398)

Server

  • Return code action for codeAction/resolve requests that contain no or no valid URL (#25365)

Other changes

  • Expand semantic syntax errors for invalid walruses (#25415)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.15

Released on 2026-05-28.

Preview features

  • Fix Markdown closing fence handling (#25310)
  • [pyflakes] Report duplicate imports in typing.TYPE_CHECKING block (F811) (#22560)

Bug fixes

  • [pyflakes] Treat function-scope bare annotations as locals per PEP 526 (F821) (#21540)

Performance

  • Avoid redundant TokenValue drops in the lexer (#25300)
  • Reduce memory usage by dropping token-excess capacity and improve performance by approximating the initial tokens Vec size (#25354)
  • Use ThinVec in AST to shrink Stmt (#25361)

Documentation

  • Fix line-length example for --config option (#25389)
  • [flake8-comprehensions] Document RecursionError edge case in __len__ (C416) (#25286)
  • [mccabe] Improve example (C901) (#25287)
  • [pyupgrade] Clarify fix safety docs (UP007, UP045) (#25288)
  • [refurb] Document FURB192 exception change for empty sequences (#25317)
  • [ruff] Document false negative for user-defined types (RUF013) (#25289)

Formatter

  • Fix formatting of lambdas nested within f-strings (#25398)

Server

  • Return code action for codeAction/resolve requests that contain no or no valid URL (#25365)

Other changes

  • Expand semantic syntax errors for invalid walruses (#25415)

Contributors

... (truncated)

Commits
  • db5aa0a Bump 0.15.15 (#25431)
  • 366fe21 [ty] Improve diagnostics for syntax errors in forward annotations (#25158)
  • e2e1e64 [ty] Remove excess capacity from more Salsa cached collections (#25411)
  • 1bd77e1 [ty] Use diagnostic message as tie breaker when sorting (#25424)
  • 7e1bc1e Add agent skills for working on ty (#25422)
  • 574e107 Expand semantic syntax errors for invalid walruses (#25415)
  • 4a7ca06 [ty] Display docs for matching parameter when hovering over the name of an ar...
  • 5432709 Refine a few agents instructions (#25423)
  • 3cb09eb [ty] Support typing.TypeForm (#25334)
  • c8cd59f [ty] Infer class attributes assigned by metaclass initialization (#25342)
  • Additional commits viewable in compare view

Updates safety from 3.7.0 to 3.8.1

Release notes

Sourced from safety's releases.

Version 3.8.1

What's Changed

  • bump: version 3.8.0 → 3.8.1 (ec3368a)
  • fix: support SFTY-format vulnerability IDs in policy files (#868) (796af4d)

Version 3.8.0

What's Changed

  • bump: version 3.8.0b4 → 3.8.0 (a4d6a5c)
  • chore: update system-scan details in the README (#867) (2042d7b)

Version 3.8.0b4

What's Changed

  • bump: version 3.8.0b3 → 3.8.0b4 (7dfee9a)
  • fix: pin typer <0.26.0 to fix CLI import crash (#865) (304fe88)
  • chore(core): remove system-scan command (#846) (5049dbf)
  • chore: format codebase (#844) (a86ed3c)

Version 3.8.0b3

What's Changed

  • bump: version 3.8.0b2 → 3.8.0b3 (c272016)
  • feat: report global/user packages linked (#843) (456f649)

Version 3.8.0b2

What's Changed

  • bump: version 3.8.0b1 → 3.8.0b2 (d84f1b5)
  • fix(firewall): configure global package manager indexes on firewall init (#842) (29b0bb5)
  • feat(firewall): emit v2.0 auth envelope for machine token (MDM) auth (#841) (0e74d51)
  • feat(auth): implement cross-org enrollment prevention (CLI side) (#839) (c321c5a)

Version 3.8.0b1

What's Changed

  • bump: version 3.8.0b0 → 3.8.0b1 (caf06b5)
  • fix: drop FF for MDM authd cases (#838) (0f73aab)
  • fix(system-scan): disable feature flag gate for MDM auth compatibility (#837) (1da01ee)
  • fix(system-scan): resolve tool detection for versioned Windows executables (#835) (81d7ead)
  • feat: implement MDM enrollment authentication system (#834) (6c6a744)
  • fix(cli): correct typos in check command docstring (#833) (2aecf79)
  • feat: display system scan summary to stdout after interactive scan completes (#832) (592e559)
  • feat: major revamp of the system scan beta command (#829) (6314fbe)

Version 3.8.0b0

What's Changed

  • bump: version 3.7.0 → 3.8.0b0 (37883d4)
  • feat: [WARNING: behavior change] migrate to httpx with explicit TLS/proxy configuration (#824) (c561027)
  • feat(config): add TLS and proxy configuration modules (#823) (6a4515d)
Changelog

Sourced from safety's changelog.

3.8.1 (2026-05-27)

Fix

  • support SFTY-format vulnerability IDs in policy files (#868)

3.8.0 (2026-05-26)

3.8.0b4 (2026-05-26)

Fix

  • pin typer <0.26.0 to fix CLI import crash (#865)

3.8.0b3 (2026-03-12)

Feat

  • report global/user packages linked (#843)

3.8.0b2 (2026-03-10)

Feat

  • firewall: emit v2.0 auth envelope for machine token (MDM) auth (#841)
  • auth: implement cross-org enrollment prevention (CLI side) (#839)
  • auth: add org_slug to MachineCredentialConfig from enrollment API

Fix

  • firewall: configure global package manager indexes on firewall init (#842)
  • firewall: align auth priority in index_credentials with platform client
  • auth: align auth priority to API Key > OAuth > Machine Token everywhere
  • scan: display machine token auth in scan header instead of "Offline"

3.8.0b1 (2026-02-25)

Feat

  • implement MDM enrollment authentication system (#834)
  • display system scan summary to stdout after interactive scan completes (#832)
  • major revamp of the system scan beta command (#829)

Fix

  • drop FF for MDM authd cases (#838)
  • system-scan: disable feature flag gate for MDM auth compatibility (#837)
  • system-scan: resolve tool detection for versioned Windows executables (#835)
  • cli: correct typos in check command docstring (#833)

... (truncated)

Commits
  • ec3368a bump: version 3.8.0 → 3.8.1
  • 796af4d fix: support SFTY-format vulnerability IDs in policy files (#868)
  • a4d6a5c bump: version 3.8.0b4 → 3.8.0
  • 2042d7b chore: update system-scan details in the README (#867)
  • 7dfee9a bump: version 3.8.0b3 → 3.8.0b4
  • 304fe88 fix: pin typer <0.26.0 to fix CLI import crash (#865)
  • 5049dbf chore(core): remove system-scan command (#846)
  • a86ed3c chore: format codebase (#844)
  • c272016 bump: version 3.8.0b2 → 3.8.0b3
  • 456f649 feat: report global/user packages linked (#843)
  • Additional commits viewable in compare view

Updates syrupy from 5.2.0 to 5.3.1

Release notes

Sourced from syrupy's releases.

v5.3.1

What's Changed

Fixes

  • fix(test): mark pydantic and attrs as dependencies for running internal tests by @​noahnu in syrupy-project/syrupy#1108 -- This only affects users trying to run the syrupy tests themselves, not consumers of syrupy.

Misc

Full Changelog: syrupy-project/syrupy@v5.3.0...v5.3.1

v5.3.0

What's Changed

Features

Misc.

New Contributors

Full Changelog: syrupy-project/syrupy@v5.2.0...v5.3.0

Changelog

Sourced from syrupy's changelog.

v5.3.1 (2026-05-31)

What's Changed

Fixes

  • fix(test): mark pydantic and attrs as dependencies for running internal tests by @​noahnu in syrupy-project/syrupy#1108 -- This only affects users trying to run the syrupy tests themselves, not consumers of syrupy.

Misc

Full Changelog: syrupy-project/syrupy@v5.3.0...v5.3.1

v5.3.0 (2026-05-31)

What's Changed

Features

Misc.

New Contributors

Full Changelog: syrupy-project/syrupy@v5.2.0...v5.3.0

Commits
  • c528216 fix(test): mark pydantic and attrs as dependencies for running internal tests...
  • 32b9ccb chore(deps): update benchmark-action/github-action-benchmark action to v1.22....
  • 520f813 chore(deps): update python docker tag to v3.14.4 (#1102)
  • 9ad6eb4 chore(deps): update astral-sh/setup-uv action to v8.1.0 (#1103)
  • 06c5ab4 chore(release): 5.3.0 [skip ci]
  • 5887f25 chore: update dev dependencies (#1101)
  • 2daa56e feat: add --snapshot-update-new-only flag (#843) (#1098)
  • 61c4e07 chore: skip benchmark on forks (#1100)
  • a4880a7 fix: include tests in sdist (#1099)
  • 719a71a chore(deps): update dependency pytest to v9.0.3 (#1096)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the pip-dependencies group across 1 directory with 7 updates
3dfff1c 
Bumps the pip-dependencies group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [mashumaro](https://github.com/Fatal1ty/mashumaro) | `3.21` | `3.22` |
| [isort](https://github.com/PyCQA/isort) | `6.1.0` | `8.0.1` |
| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `1.3.0` | `1.4.0` |
| [flake8-simplify](https://github.com/MartinThoma/flake8-simplify) | `0.22.0` | `0.30.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.14.7` | `0.15.15` |
| [safety](https://github.com/pyupio/safety) | `3.7.0` | `3.8.1` |
| [syrupy](https://github.com/syrupy-project/syrupy) | `5.2.0` | `5.3.1` |



Updates `mashumaro` from 3.21 to 3.22
- [Release notes](https://github.com/Fatal1ty/mashumaro/releases)
- [Commits](Fatal1ty/mashumaro@v3.21...v3.22)

Updates `isort` from 6.1.0 to 8.0.1
- [Release notes](https://github.com/PyCQA/isort/releases)
- [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md)
- [Commits](PyCQA/isort@6.1.0...8.0.1)

Updates `pytest-asyncio` from 1.3.0 to 1.4.0
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](pytest-dev/pytest-asyncio@v1.3.0...v1.4.0)

Updates `flake8-simplify` from 0.22.0 to 0.30.0
- [Release notes](https://github.com/MartinThoma/flake8-simplify/releases)
- [Changelog](https://github.com/MartinThoma/flake8-simplify/blob/main/CHANGELOG.md)
- [Commits](https://github.com/MartinThoma/flake8-simplify/commits)

Updates `ruff` from 0.14.7 to 0.15.15
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.14.7...0.15.15)

Updates `safety` from 3.7.0 to 3.8.1
- [Release notes](https://github.com/pyupio/safety/releases)
- [Changelog](https://github.com/pyupio/safety/blob/main/CHANGELOG.md)
- [Commits](pyupio/safety@3.7.0...3.8.1)

Updates `syrupy` from 5.2.0 to 5.3.1
- [Release notes](https://github.com/syrupy-project/syrupy/releases)
- [Changelog](https://github.com/syrupy-project/syrupy/blob/main/CHANGELOG.md)
- [Commits](syrupy-project/syrupy@v5.2.0...v5.3.1)

---
updated-dependencies:
- dependency-name: mashumaro
  dependency-version: '3.22'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-dependencies
- dependency-name: isort
  dependency-version: 8.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: pip-dependencies
- dependency-name: pytest-asyncio
  dependency-version: 1.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: pip-dependencies
- dependency-name: flake8-simplify
  dependency-version: 0.30.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: pip-dependencies
- dependency-name: ruff
  dependency-version: 0.15.15
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: pip-dependencies
- dependency-name: safety
  dependency-version: 3.8.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: pip-dependencies
- dependency-name: syrupy
  dependency-version: 5.3.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: pip-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 1, 2026
@codecov

codecov Bot commented Jun 1, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.27%. Comparing base (eaa93d3) to head (3dfff1c).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #626   +/-   ##
=======================================
  Coverage   99.27%   99.27%           
=======================================
  Files           9        9           
  Lines         685      685           
  Branches       65       65           
=======================================
  Hits          680      680           
  Misses          2        2           
  Partials        3        3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants