Deps: Bump the python-packages group with 3 updates

[dependabot]

Bumps the python-packages group with 3 updates: mypy, ruff and zipp.

Updates mypy from 1.15.0 to 1.16.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 1.16

We’ve just uploaded mypy 1.16 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Different Property Getter and Setter Types

Mypy now supports using different types for a property getter and setter:

class A:
    _value: int
@property
def foo(self) -> int:
    return self._value
@foo.setter
def foo(self, x: str | int) -> None:
try:
self._value = int(x)
except ValueError:
raise Exception(f"'{x}' is not a valid value for 'foo'")

This was contributed by Ivan Levkivskyi (PR 18510).

Flexible Variable Redefinitions (Experimental)

Mypy now allows unannotated variables to be freely redefined with different types when using the experimental --allow-redefinition-new flag. You will also need to enable --local-partial-types. Mypy will now infer a union type when different types are assigned to a variable:

# mypy: allow-redefinition-new, local-partial-types
def f(n: int, b: bool) -> int | str:
if b:
x = n
else:
</tr></table>

... (truncated)

Commits

• 9e72e96 Update version to 1.16.0
• 8fe719f Add changelog for 1.16 (#19138)
• 2a036e7 Revert "Infer correct types with overloads of Type[Guard | Is] (#19161)
• b6da4fc Allow enum members to have type objects as values (#19160)
• 334469f [mypyc] Improve documentation of native and non-native classes (#19154)
• a499d9f Document --allow-redefinition-new (#19153)
• 96525a2 Merge commit '9e45dadcf6d8dbab36f83d9df94a706c0b4f9207' into release-1.16
• 9e45dad Clear more data in TypeChecker.reset() instead of asserting (#19087)
• 772cd0c Add --strict-bytes to --strict (#19049)
• 0b65f21 Admit that Final variables are never redefined (#19083)
• Additional commits viewable in compare view

Updates ruff from 0.11.11 to 0.11.12

Release notes

Sourced from ruff's releases.

0.11.12

Release Notes

Preview features

• [airflow] Revise fix titles (AIR3) (#18215)
• [pylint] Implement missing-maxsplit-arg (PLC0207) (#17454)
• [pyupgrade] New rule UP050 (useless-class-metaclass-type) (#18334)
• [flake8-use-pathlib] Replace os.symlink with Path.symlink_to (PTH211) (#18337)

Bug fixes

• [flake8-bugbear] Ignore __debug__ attribute in B010 (#18357)
• [flake8-async] Fix anyio.sleep argument name (ASYNC115, ASYNC116) (#18262)
• [refurb] Fix FURB129 autofix generating invalid syntax (#18235)

Rule changes

• [flake8-implicit-str-concat] Add autofix for ISC003 (#18256)
• [pycodestyle] Improve the diagnostic message for E712 (#18328)
• [flake8-2020] Fix diagnostic message for != comparisons (YTT201) (#18293)
• [pyupgrade] Make fix unsafe if it deletes comments (UP010) (#18291)

Documentation

• Simplify rules table to improve readability (#18297)
• Update editor integrations link in README (#17977)
• [flake8-bugbear] Add fix safety section (B006) (#17652)

Contributors

• @​AlexWaygood
• @​CodeMan62
• @​InSyncWithFoo
• @​Kalmaegi
• @​LaBatata101
• @​Lee-W
• @​MaddyGuthridge
• @​MatthewMckee4
• @​MichaReiser
• @​Vasanth-96
• @​carljm
• @​charliermarsh
• @​chirizxc
• @​dcreager
• @​dhruvmanila
• @​dsherret
• @​dylwil3
• @​felixscherz
• @​fennr

... (truncated)

Changelog

Sourced from ruff's changelog.

0.11.12

Preview features

• [airflow] Revise fix titles (AIR3) (#18215)
• [pylint] Implement missing-maxsplit-arg (PLC0207) (#17454)
• [pyupgrade] New rule UP050 (useless-class-metaclass-type) (#18334)
• [flake8-use-pathlib] Replace os.symlink with Path.symlink_to (PTH211) (#18337)

Bug fixes

• [flake8-bugbear] Ignore __debug__ attribute in B010 (#18357)
• [flake8-async] Fix anyio.sleep argument name (ASYNC115, ASYNC116) (#18262)
• [refurb] Fix FURB129 autofix generating invalid syntax (#18235)

Rule changes

• [flake8-implicit-str-concat] Add autofix for ISC003 (#18256)
• [pycodestyle] Improve the diagnostic message for E712 (#18328)
• [flake8-2020] Fix diagnostic message for != comparisons (YTT201) (#18293)
• [pyupgrade] Make fix unsafe if it deletes comments (UP010) (#18291)

Documentation

• Simplify rules table to improve readability (#18297)
• Update editor integrations link in README (#17977)
• [flake8-bugbear] Add fix safety section (B006) (#17652)

Commits

• aee3af0 Bump 0.11.12 (#18369)
• 04dc48e [refurb] Fix FURB129 autofix generating invalid syntax (#18235)
• 27743ef [pylint] Implement missing-maxsplit-arg (PLC0207) (#17454)
• c60b4d7 [ty] Add subtyping between Callable types and class literals with __init__ ...
• 16621fa [flake8-bugbear ] Add fix safety section (B006) (#17652)
• e23d4ea [flake8-bugbear] Ignore __debug__ attribute in B010 (#18357)
• 452f992 [ty] Simplify signature types, use them in CallableType (#18344)
• a5ebb3f [ty] Support ephemeral uv virtual environments (#18335)
• 9925910 Add a ViolationMetadata::rule method (#18234)
• a3ee6bb Return DiagnosticGuard from Checker::report_diagnostic (#18232)
• Additional commits viewable in compare view

Updates zipp from 3.21.0 to 3.22.0

Changelog

Sourced from zipp's changelog.

v3.22.0

Features

• Backported simplified tests from python/cpython#123424. (#142)

Bugfixes

• Fixed .name, .stem, and other basename-based properties on Windows when working with a zipfile on disk. (#133)

Commits

• 30fe7ce Finalize
• fe1690b Remove duplicate changelog.
• 91bb1b6 Merge pull request #140 from barneygale/fix-133
• f49ec30 Add news fragment.
• 309ecd3 Re-use self.filename
• 60bb91d Return in a single expression.
• 6470c39 Extract a separate test for root characteristics on disk.
• 3503c8b Use Windows path rules to parse ZipFile.filename on Windows
• a706776 Tweak PyPy stacklevel adjustment.
• 73cdd55 Merge pull request #142 from jaraco/backport-gh-123429
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ❌ 2 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ✅ 0 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 7e7aad3.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

poetry.lock

Package	Version	License	Issue Type
mypy	1.16.0	MIT AND Python-2.0.1	Incompatible License
ruff	0.11.12	0BSD AND Apache-2.0 AND BSD-3-Clause AND MIT	Incompatible License

Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-only, GPL-3.0-or-later, GPL-3.0, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-DFS-2016, Unlicense, Zlib, ZPL-2.1

OpenSSF Scorecard

Package	Version	Score	Details
pip/mypy	1.16.0	🟢 7.4	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 28/30 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/ruff	0.11.12	Unknown	Unknown
pip/zipp	3.22.0	🟢 6.2	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 0 Found 1/21 approved changesets -- score normalized to 0 Maintained 🟢 10 29 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing 🟢 10 project is fuzzed License ⚠️ 0 license file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• poetry.lock

[github-actions]

Conventional Commits Report

Type	Number
Dependencies	1

🚀 Conventional commits found.