chore(deps): Bump the all-dependencies group across 1 directory with 3 updates

[dependabot]

Bumps the all-dependencies group with 3 updates in the / directory: yamllint, zizmor and pyyaml.

Updates yamllint from 1.35.1 to 1.37.1

Changelog

Sourced from yamllint's changelog.

1.37.1 (2025-05-04)

• Rule comments: tell how many spaces are expected
• Rule quoted-strings: Fix only-when-needed on multiline with backslash
• Config: Report if rules is not a dict
• Fix test_codec_built_in_equivalent() test when run with pytest
• CI: Fix TestPyPI "dev0" versions for master commits on tags
• Docs: Add links to GitHub repository and releases
• Docs: Fix GitLab integration example
• Docs: Fix GitLab integration link
• Fix the tests badge link on the README

1.37.0 (2025-03-23)

• Automatically detect Unicode character encoding of files
• Publish pushes to master branch to TestPyPI

1.36.2 (2025-03-17)

• Build: Restore missing documentation and tests in sdist

1.36.1 (2025-03-15)

• Publish PyPI releases using GitHub Actions workflows

1.36.0 (2025-03-11)

• Add support for Python 3.13, drop support for Python 3.8
• Rule key-ordering: add ignored-keys option
• Rule quoted-strings: fix only-when-needed and escaped special chars
• Fix TTY-related tests on Python 3.14
• Docs: fix import of yamllint.config rather than yamllint

Commits

• 79a6b2b yamllint version 1.37.1
• b6fe397 config: Report if 'rules' is not a dict
• 2ec2d7a docs: Fix GitLab integration link
• 1a6542c quoted-strings: Fix only-when-needed on multiline with backslash
• 2d10aaa docs: Fix GitLab integration example
• 263fb88 README: Fix the tests badge link
• a942f5c Rename tests.common.test_codec_built_in_equivalent()
• 639a7c6 comments: Tell how many spaces are expected in 'min-spaces-from-content'
• 0f2fbb0 docs: Add links to GitHub repository and releases
• bce26d6 CI: Fix TestPyPI "dev0" versions for master commits on tags
• Additional commits viewable in compare view

Updates zizmor from 1.3.1 to 1.14.2

Release notes

Sourced from zizmor's releases.

v1.14.2

Bug Fixes 🐛🔗

• Fixed a bug where the use-trusted-publishing audit would produce-false positive findings for some run: blocks that implicitly performed trusted publishing (#1191)

v1.14.1

Bug Fixes 🐛🔗

• Fixed a bug where the ref-version-mismatch would incorrectly show the wrong commit SHAs in its findings (#1183)

v1.14.0

New Features 🌈🔗

• New audit: ref-version-mismatch detects mismatches between hash-pinned action references and their version comments (#972)

  Many thanks to @​segiddins for implementing this audit!

Enhancements 🌱🔗

• zizmor no longer uses the "Unknown" severity or confidence levels for any findings. All findings previously categorized at these levels are now given a more meaningful level (#1164)

• The use-trusted-publishing audit now detects various Trusted Publishing patterns for the npm ecosystem (#1161)

  Many thanks to @​KristianGrafana for implementing this improvement!

• The unsound-condition audit now supports auto-fixes for many findings (#1089)

  Many thanks to @​mostafa for implementing this improvement!

• zizmor's error handling has been restructured, improving the quality of error messages and their associated suggestions (#1169)

Bug Fixes 🐛🔗

• Fixed a bug where the cache-poisoning audit would fail to detect some cache usage variants in newer versions of actions/setup-node (#1152)

• Fixed a bug where the obfuscation audit would incorrectly flag some subexpressions as constant-reducible when they were not (#1170)

Deprecations ⚠️🔗

• The unknown values for --min-severity and --min-confidence are now deprecated. These values were already no-ops (and have been since introduction), and will be removed in a future release (#1164)

  Until removal, using these values will emit a warning.

v1.13.0

New Features 🌈🔗

• New audit: undocumented-permissions detects explicit permission grants that lack an explanatory comment (#1131)

  Many thanks to @​johnbillion for proposing and implementing this audit!

... (truncated)

Changelog

Sourced from zizmor's changelog.

1.14.2

Bug Fixes 🐛

• Fixed a bug where the [use-trusted-publishing] audit would produce-false positive findings for some run: blocks that implicitly performed trusted publishing (#1191)

1.14.1

Bug Fixes 🐛

• Fixed a bug where the [ref-version-mismatch] would incorrectly show the wrong commit SHAs in its findings (#1183)

1.14.0

New Features 🌈

• New audit: [ref-version-mismatch] detects mismatches between hash-pinned action references and their version comments (#972)

  Many thanks to @​segiddins for implementing this audit!

Enhancements 🌱

• zizmor no longer uses the "Unknown" severity or confidence levels for any findings. All findings previously categorized at these levels are now given a more meaningful level (#1164)

• The [use-trusted-publishing] audit now detects various Trusted Publishing patterns for the npm ecosystem (#1161)

  Many thanks to @​KristianGrafana for implementing this improvement!

• The [unsound-condition] audit now supports auto-fixes for many findings (#1089)

  Many thanks to @​mostafa for implementing this improvement!

• zizmor's error handling has been restructured, improving the quality of error messages and their associated suggestions (#1169)

Bug Fixes 🐛

• Fixed a bug where the [cache-poisoning] audit would fail to detect some cache usage variants in newer versions of actions/setup-node (#1152)

• Fixed a bug where the [obfuscation] audit would incorrectly flag

... (truncated)

Commits

• 03af241 prep release 1.14.2 (#1193)
• 0b8b2b0 fix(use-trusted-publishing): eliminate FPs (#1192)
• 6c8b251 prep 1.14.1 (#1185)
• 15784e6 fix(ref-version-mismatch): correct commit SHA in audit message (#1183)
• cc88277 docs: bump trophies (#1182)
• b5334ce prep for 1.14.0 release (#1180)
• 48b8ece docs: document ref-version-mismatch audit (#1179)
• 9ed3607 fix(obfuscation): don't consider fromJSON(...) constant-reducible (#1178)
• ffd91b1 refactor: formalize input collection errors (#1169)
• 896470e docs: bump trophies (#1173)
• Additional commits viewable in compare view

Updates pyyaml from 6.0.2 to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

• Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

• yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)

Commits

• 49790e7 Release 6.0.3 (#889)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 41.09%. Comparing base (6ad32d1) to head (adcd09f).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #102   +/-   ##
=======================================
  Coverage   41.09%   41.09%           
=======================================
  Files          20       20           
  Lines        1173     1173           
=======================================
  Hits          482      482           
  Misses        646      646           
  Partials       45       45           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.