Bump the python group across 1 directory with 4 updates

[dependabot]

Bumps the python group with 4 updates in the / directory: requests, mypy, ruff and types-jsonschema.

Updates requests from 2.32.3 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS. (#6926)
• Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS.
• Dropped support for pypy 3.9 following its end of support.

Commits

• 021dc72 Polish up release tooling for last manual release
• 821770e Bump version and add release notes for v2.32.4
• 59f8aa2 Add netrc file search information to authentication documentation (#6876)
• 5b4b64c Add more tests to prevent regression of CVE 2024 47081
• 7bc4587 Add new test to check netrc auth leak (#6962)
• 96ba401 Only use hostname to do netrc lookup instead of netloc
• 7341690 Merge pull request #6951 from tswast/patch-1
• 6716d7c remove links
• a7e1c74 Update docs/conf.py
• c799b81 docs: fix dead links to kenreitz.org
• Additional commits viewable in compare view

Updates mypy from 1.15.0 to 1.16.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Remove Support for targeting Python 3.8

Mypy now requires --python-version 3.9 or greater. Support for only Python 3.8 is fully removed now. Given an unsupported version, mypy will default to the oldest supported one, currently 3.9.

This change is necessary because typeshed stopped supporting Python 3.8 after it reached its End of Life in October 2024.

Contributed by Marc Mueller (PR 19157, PR 19162).

Initial Support for Python 3.14

Mypy is now tested on 3.14 and mypyc works with 3.14.0b3 and later. Mypyc compiled wheels of mypy itself will be available for new versions after 3.14.0rc1 is released.

Note that not all new features might be supported just yet.

Contributed by Marc Mueller (PR 19164)

Deprecated Flag: --force-uppercase-builtins

Mypy only supports Python 3.9+. The --force-uppercase-builtins flag is now deprecated and a no-op. It will be removed in a future version.

Contributed by Marc Mueller (PR 19176)

Mypy 1.16

We’ve just uploaded mypy 1.16 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Different Property Getter and Setter Types

Mypy now supports using different types for a property getter and setter:

class A:
    _value: int
@property

</tr></table>

... (truncated)

Commits

• 9e72e96 Update version to 1.16.0
• 8fe719f Add changelog for 1.16 (#19138)
• 2a036e7 Revert "Infer correct types with overloads of Type[Guard | Is] (#19161)
• b6da4fc Allow enum members to have type objects as values (#19160)
• 334469f [mypyc] Improve documentation of native and non-native classes (#19154)
• a499d9f Document --allow-redefinition-new (#19153)
• 96525a2 Merge commit '9e45dadcf6d8dbab36f83d9df94a706c0b4f9207' into release-1.16
• 9e45dad Clear more data in TypeChecker.reset() instead of asserting (#19087)
• 772cd0c Add --strict-bytes to --strict (#19049)
• 0b65f21 Admit that Final variables are never redefined (#19083)
• Additional commits viewable in compare view

Updates ruff from 0.11.11 to 0.11.13

Release notes

Sourced from ruff's releases.

0.11.13

Release Notes

Preview features

• [airflow] Add unsafe fix for module moved cases (AIR301,AIR311,AIR312,AIR302) (#18367,#18366,#18363,#18093)
• [refurb] Add coverage of set and frozenset calls (FURB171) (#18035)
• [refurb] Mark FURB180 fix unsafe when class has bases (#18149)

Bug fixes

• [perflint] Fix missing parentheses for lambda and ternary conditions (PERF401, PERF403) (#18412)
• [pyupgrade] Apply UP035 only on py313+ for get_type_hints() (#18476)
• [pyupgrade] Make fix unsafe if it deletes comments (UP004,UP050) (#18393, #18390)

Rule changes

• [fastapi] Avoid false positive for class dependencies (FAST003) (#18271)

Documentation

• Update editor setup docs for Neovim and Vim (#18324)

Other changes

• Support Python 3.14 template strings (t-strings) in formatter and parser (#17851)

Contributors

• @​AlexWaygood
• @​BurntSushi
• @​InSyncWithFoo
• @​Lee-W
• @​MatthewMckee4
• @​MichaReiser
• @​Viicos
• @​abhijeetbodas2001
• @​carljm
• @​chirizxc
• @​dcreager
• @​dhruvmanila
• @​dylwil3
• @​github-actions
• @​ibraheemdev
• @​lipefree
• @​mtshiba
• @​naslundx
• @​ntBre
• @​otakutyrant
• @​renovate
• @​robsdedude

... (truncated)

Changelog

Sourced from ruff's changelog.

0.11.13

Preview features

• [airflow] Add unsafe fix for module moved cases (AIR301,AIR311,AIR312,AIR302) (#18367,#18366,#18363,#18093)
• [refurb] Add coverage of set and frozenset calls (FURB171) (#18035)
• [refurb] Mark FURB180 fix unsafe when class has bases (#18149)

Bug fixes

• [perflint] Fix missing parentheses for lambda and ternary conditions (PERF401, PERF403) (#18412)
• [pyupgrade] Apply UP035 only on py313+ for get_type_hints() (#18476)
• [pyupgrade] Make fix unsafe if it deletes comments (UP004,UP050) (#18393, #18390)

Rule changes

• [fastapi] Avoid false positive for class dependencies (FAST003) (#18271)

Documentation

• Update editor setup docs for Neovim and Vim (#18324)

Other changes

• Support Python 3.14 template strings (t-strings) in formatter and parser (#17851)

0.11.12

Preview features

• [airflow] Revise fix titles (AIR3) (#18215)
• [pylint] Implement missing-maxsplit-arg (PLC0207) (#17454)
• [pyupgrade] New rule UP050 (useless-class-metaclass-type) (#18334)
• [flake8-use-pathlib] Replace os.symlink with Path.symlink_to (PTH211) (#18337)

Bug fixes

• [flake8-bugbear] Ignore __debug__ attribute in B010 (#18357)
• [flake8-async] Fix anyio.sleep argument name (ASYNC115, ASYNC116) (#18262)
• [refurb] Fix FURB129 autofix generating invalid syntax (#18235)

Rule changes

• [flake8-implicit-str-concat] Add autofix for ISC003 (#18256)
• [pycodestyle] Improve the diagnostic message for E712 (#18328)
• [flake8-2020] Fix diagnostic message for != comparisons (YTT201) (#18293)
• [pyupgrade] Make fix unsafe if it deletes comments (UP010) (#18291)

Documentation

... (truncated)

Commits

• 5faf72a Bump 0.11.13 (#18484)
• 28dbc5c [ty] Fix completion order in playground (#18480)
• ce216c7 Remove Message::to_rule (#18447)
• 33468cc [pyupgrade] Apply UP035 only on py313+ for get_type_hints() (#18476)
• 8531f4b [ty] Add infrastructure for AST garbage collection (#18445)
• 5510020 [ty] IDE: add support for object.\<CURSOR> completions (#18468)
• c0bb83b [perflint] fix missing parentheses for lambda and ternary conditions (PERF4...
• 74a4e9a Combine lint and syntax error handling (#18471)
• 8485dbb [ty] Fix --python argument for Windows, and improve error messages for bad ...
• 0858896 [ty] type narrowing by attribute/subscript assignments (#18041)
• Additional commits viewable in compare view

Updates types-jsonschema from 4.23.0.20250516 to 4.24.0.20250528

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions