Skip to content

Bump the python-packages group with 2 updates#563

Merged
greenbonebot merged 1 commit intomainfrom
dependabot/pip/python-packages-5b4e946f78
Apr 7, 2025
Merged

Bump the python-packages group with 2 updates#563
greenbonebot merged 1 commit intomainfrom
dependabot/pip/python-packages-5b4e946f78

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 7, 2025
edited
Loading

Bumps the python-packages group with 2 updates: sphinxext-opengraph and typing-extensions.

Updates sphinxext-opengraph from 0.9.1 to 0.10.0

Release notes

Sourced from sphinxext-opengraph's releases.

v0.10.0

What's Changed

New Contributors

Full Changelog: sphinx-doc/sphinxext-opengraph@v0.9.1...v0.10.0

Commits
  • 935e434 Bump to 0.10.0 final
  • 1429b43 Update .readthedocs.yml
  • d71e242 Export UV_PYTHON for free-threaded tests
  • aeb4ae5 Resolve warnings in tests
  • eebe9b7 Bump Ruff to 0.11.4
  • 5960126 Reformat with single quotes
  • 12c8fd6 Use the package version in the documentation
  • c766eff Move most README content to the documentation
  • 435ac88 Convert documentation to reStructuredText
  • c3a689f Convert README to reStructuredText
  • Additional commits viewable in compare view

Updates typing-extensions from 4.12.2 to 4.13.1

Release notes

Sourced from typing-extensions's releases.

4.13.1

This is a bugfix release fixing two edge cases that appear on old bugfix releases of CPython.

Bugfixes:

  • Fix regression in 4.13.0 on Python 3.10.2 causing a TypeError when using Concatenate. Patch by Daraan.
  • Fix TypeError when using evaluate_forward_ref on Python 3.10.1-2 and 3.9.8-10. Patch by Daraan.

4.13.0

New features:

  • Add typing_extensions.TypeForm from PEP 747. Patch by Jelle Zijlstra.
  • Add typing_extensions.get_annotations, a backport of inspect.get_annotations that adds features specified by PEP 649. Patches by Jelle Zijlstra and Alex Waygood.
  • Backport evaluate_forward_ref from CPython PR #119891 to evaluate ForwardRefs. Patch by Daraan, backporting a CPython PR by Jelle Zijlstra.

Bugfixes and changed features:

  • Update PEP 728 implementation to a newer version of the PEP. Patch by Jelle Zijlstra.
  • Copy the coroutine status of functions and methods wrapped with @typing_extensions.deprecated. Patch by Sebastian Rittau.
  • Fix bug where TypeAliasType instances could be subscripted even where they were not generic. Patch by Daraan.
  • Fix bug where a subscripted TypeAliasType instance did not have all attributes of the original TypeAliasType instance on older Python versions. Patch by Daraan and Alex Waygood.
  • Fix bug where subscripted TypeAliasType instances (and some other subscripted objects) had wrong parameters if they were directly subscripted with an Unpack object. Patch by Daraan.
  • Backport to Python 3.10 the ability to substitute ... in generic Callable aliases that have a Concatenate special form as their argument. Patch by Daraan.
  • Extended the Concatenate backport for Python 3.8-3.10 to now accept Ellipsis as an argument. Patch by Daraan.
  • Fix backport of get_type_hints to reflect Python 3.11+ behavior which does not add Union[..., NoneType] to annotations that have a None default value anymore. This fixes wrapping of Annotated in an unwanted Optional in such cases. Patch by Daraan.
  • Fix error in subscription of Unpack aliases causing nested Unpacks to not be resolved correctly. Patch by Daraan.
  • Backport CPython PR #124795: fix TypeAliasType not raising an error on non-tuple inputs for type_params. Patch by Daraan.
  • Fix that lists and ... could not be used for parameter expressions for TypeAliasType

... (truncated)

Changelog

Sourced from typing-extensions's changelog.

Release 4.13.1 (April 3, 2025)

Bugfixes:

  • Fix regression in 4.13.0 on Python 3.10.2 causing a TypeError when using Concatenate. Patch by Daraan.
  • Fix TypeError when using evaluate_forward_ref on Python 3.10.1-2 and 3.9.8-10. Patch by Daraan.

Release 4.13.0 (March 25, 2025)

No user-facing changes since 4.13.0rc1.

Release 4.13.0rc1 (March 18, 2025)

New features:

  • Add typing_extensions.TypeForm from PEP 747. Patch by Jelle Zijlstra.
  • Add typing_extensions.get_annotations, a backport of inspect.get_annotations that adds features specified by PEP 649. Patches by Jelle Zijlstra and Alex Waygood.
  • Backport evaluate_forward_ref from CPython PR #119891 to evaluate ForwardRefs. Patch by Daraan, backporting a CPython PR by Jelle Zijlstra.

Bugfixes and changed features:

  • Update PEP 728 implementation to a newer version of the PEP. Patch by Jelle Zijlstra.
  • Copy the coroutine status of functions and methods wrapped with @typing_extensions.deprecated. Patch by Sebastian Rittau.
  • Fix bug where TypeAliasType instances could be subscripted even where they were not generic. Patch by Daraan.
  • Fix bug where a subscripted TypeAliasType instance did not have all attributes of the original TypeAliasType instance on older Python versions. Patch by Daraan and Alex Waygood.
  • Fix bug where subscripted TypeAliasType instances (and some other subscripted objects) had wrong parameters if they were directly subscripted with an Unpack object. Patch by Daraan.
  • Backport to Python 3.10 the ability to substitute ... in generic Callable aliases that have a Concatenate special form as their argument. Patch by Daraan.
  • Extended the Concatenate backport for Python 3.8-3.10 to now accept Ellipsis as an argument. Patch by Daraan.
  • Fix backport of get_type_hints to reflect Python 3.11+ behavior which does not add Union[..., NoneType] to annotations that have a None default value anymore. This fixes wrapping of Annotated in an unwanted Optional in such cases. Patch by Daraan.
  • Fix error in subscription of Unpack aliases causing nested Unpacks to not be resolved correctly. Patch by Daraan.

... (truncated)

Commits
  • 45a8847 Prepare release 4.13.1 (#573)
  • f264e58 Move CI to "ubuntu-latest" (round 2) (#570)
  • 5ce0e69 Fix TypeError with evaluate_forward_ref on some 3.10 and 3.9 versions (#558)
  • 304f5cb Add SQLAlchemy to third-party daily tests (#561)
  • ebe2b94 Fix duplicated keywords for typing._ConcatenateGenericAlias in 3.10.2 (#557)
  • 9f93d6f Add intersphinx links for 3.13 typing features (#550)
  • c893401 Prepare release 4.13.0 (#555)
  • 6239d86 Use latest Python docs as intersphinx base rather than 3.12 docs (#549)
  • 671a337 Fix 'Test and lint' workflow running on forks (#551)
  • e77e8e2 Disable pyanalyze tests for now (#554)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the python-packages group with 2 updates
bbebaca 
Bumps the python-packages group with 2 updates: [sphinxext-opengraph](https://github.com/sphinx-doc/sphinxext-opengraph) and [typing-extensions](https://github.com/python/typing_extensions).


Updates `sphinxext-opengraph` from 0.9.1 to 0.10.0
- [Release notes](https://github.com/sphinx-doc/sphinxext-opengraph/releases)
- [Commits](sphinx-doc/sphinxext-opengraph@v0.9.1...v0.10.0)

Updates `typing-extensions` from 4.12.2 to 4.13.1
- [Release notes](https://github.com/python/typing_extensions/releases)
- [Changelog](https://github.com/python/typing_extensions/blob/main/CHANGELOG.md)
- [Commits](python/typing_extensions@4.12.2...4.13.1)

---
updated-dependencies:
- dependency-name: sphinxext-opengraph
  dependency-version: 0.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: typing-extensions
  dependency-version: 4.13.1
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 7, 2025
@dependabot dependabot bot requested review from a team as code owners April 7, 2025 04:14
@greenbonebot greenbonebot enabled auto-merge (rebase) April 7, 2025 04:14
@github-actions
Copy link

github-actions bot commented Apr 7, 2025

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA bbebaca.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

poetry.lock

PackageVersionLicenseIssue Type
typing-extensions4.13.1NullUnknown License
Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-only, GPL-3.0-or-later, GPL-3.0, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-DFS-2016, Unlicense, Zlib, ZPL-2.1

OpenSSF Scorecard

PackageVersionScoreDetails
pip/sphinxext-opengraph 0.10.0 UnknownUnknown
pip/typing-extensions 4.13.1 🟢 6.6
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 8Found 26/30 approved changesets -- score normalized to 8
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1019 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 37 existing vulnerabilities detected

Scanned Files

  • poetry.lock

@dependabot dependabot bot temporarily deployed to github-pages April 7, 2025 04:15 Inactive
@greenbonebot greenbonebot merged commit 1c19a9e into main Apr 7, 2025
4 checks passed
@greenbonebot greenbonebot deleted the dependabot/pip/python-packages-5b4e946f78 branch April 7, 2025 06:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bjoernricks bjoernricks bjoernricks approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bjoernricks @greenbonebot