Update dependency isort to v6 - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
isort (changelog)	^5.12.0 -> ^6.0.0
isort (changelog)	^5.13.2 -> ^6.0.0

---

Release Notes

PyCQA/isort (isort)

v6.1.0

Compare Source

• Add python 3.14 classifier and badge (#​2409) @​staticdev
  • Drop use of non-standard pkg_resources API (#​2405) @​dvarrazzo

v6.0.1

Compare Source

• Add OSError handling in find_imports_in_file (#​2331) @​kobarity

v6.0.0

Compare Source

• Remove support for Python 3.8 (#​2327) @​DanielNoord
  • Python 3.13 support (#​2306) @​mayty
  • Speed up exists_case_sensitive calls (#​2264) @​correctmost
  • Ensure that split_on_trailing_comma works with as imports (#​2340) @​DanielNoord
  • Black profile: enable magic comma (#​2236) @​MrMino
  • Update line_length and single_line_exclusions in google profile (#​2149) @​jagapiou
  • Allow --diff to be used with --jobs (#​2302) @​mnakama
  • Fix wemake profile to have correct character limit (#​2241) @​sobolevn
  • Fix sort_reexports code mangling (#​2283) @​Helveg
  • Fix correct group by package tokenization (#​2136) @​glasnt

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
⚠️ ACTION	actionlint	4		3	0	0.42s
✅ COPYPASTE	jscpd	yes		no	no	2.05s
⚠️ DOCKERFILE	hadolint	2		1	0	0.4s
✅ JSON	jsonlint	3		0	0	0.16s
✅ JSON	prettier	3	0	0	0	0.44s
✅ JSON	v8r	3		0	0	3.8s
⚠️ MARKDOWN	markdownlint	12	0	18	0	1.17s
✅ MARKDOWN	markdown-table-formatter	12	1	0	0	0.31s
✅ PYTHON	bandit	6		0	0	1.1s
✅ PYTHON	black	6	0	0	0	1.04s
✅ PYTHON	flake8	6		0	0	0.54s
✅ PYTHON	isort	6	0	0	0	0.21s
⚠️ PYTHON	mypy	6		4	0	5.72s
✅ PYTHON	pylint	6		0	0	5.06s
⚠️ PYTHON	pyright	6		6	0	1.99s
✅ PYTHON	ruff	6	0	0	0	0.02s
✅ REPOSITORY	gitleaks	yes		no	no	8.18s
✅ REPOSITORY	git_diff	yes		no	no	0.02s
⚠️ REPOSITORY	grype	yes		19	no	26.28s
✅ REPOSITORY	secretlint	yes		no	no	0.52s
✅ REPOSITORY	syft	yes		no	no	1.18s
❌ REPOSITORY	trivy	yes		1	no	7.09s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.48s
✅ REPOSITORY	trufflehog	yes		no	no	2.56s
✅ SPELL	cspell	47		0	0	4.16s
✅ SPELL	lychee	29		0	0	1.72s
✅ YAML	prettier	14	0	0	0	0.99s
✅ YAML	v8r	14		0	0	5.32s
✅ YAML	yamllint	14		0	0	0.71s

Detailed Issues

❌ REPOSITORY / trivy - 1 error

2025-10-01T20:24:37Z	INFO	[vulndb] Need to update DB
2025-10-01T20:24:37Z	INFO	[vulndb] Downloading vulnerability DB...
2025-10-01T20:24:37Z	INFO	[vulndb] Downloading artifact...	repo="mirror.gcr.io/aquasec/trivy-db:2"
8.00 MiB / 71.77 MiB [------>_______________________________________________________] 11.15% ? p/s ?48.00 MiB / 71.77 MiB [---------------------------------------->____________________] 66.88% ? p/s ?71.77 MiB / 71.77 MiB [----------------------------------------------------------->] 100.00% ? p/s ?71.77 MiB / 71.77 MiB [--------------------------------------------->] 100.00% 106.41 MiB p/s ETA 0s71.77 MiB / 71.77 MiB [--------------------------------------------->] 100.00% 106.41 MiB p/s ETA 0s71.77 MiB / 71.77 MiB [--------------------------------------------->] 100.00% 106.41 MiB p/s ETA 0s71.77 MiB / 71.77 MiB [---------------------------------------------->] 100.00% 99.54 MiB p/s ETA 0s71.77 MiB / 71.77 MiB [---------------------------------------------->] 100.00% 99.54 MiB p/s ETA 0s71.77 MiB / 71.77 MiB [---------------------------------------------->] 100.00% 99.54 MiB p/s ETA 0s71.77 MiB / 71.77 MiB [---------------------------------------------->] 100.00% 93.12 MiB p/s ETA 0s71.77 MiB / 71.77 MiB [---------------------------------------------->] 100.00% 93.12 MiB p/s ETA 0s71.77 MiB / 71.77 MiB [---------------------------------------------->] 100.00% 93.12 MiB p/s ETA 0s71.77 MiB / 71.77 MiB [-------------------------------------------------] 100.00% 29.93 MiB p/s 2.6s2025-10-01T20:24:41Z	INFO	[vulndb] Artifact successfully downloaded	repo="mirror.gcr.io/aquasec/trivy-db:2"
2025-10-01T20:24:41Z	INFO	[vuln] Vulnerability scanning is enabled
2025-10-01T20:24:41Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-10-01T20:24:41Z	INFO	[misconfig] Need to update the checks bundle
2025-10-01T20:24:41Z	INFO	[misconfig] Downloading the checks bundle...
165.20 KiB / 165.20 KiB [---------------------------------------------------------] 100.00% ? p/s 0s2025-10-01T20:24:43Z	INFO	Suppressing dependencies for development and testing. To display them, try the '--include-dev-deps' flag.
2025-10-01T20:24:43Z	INFO	Number of language-specific files	num=2
2025-10-01T20:24:43Z	INFO	[pip] Detecting vulnerabilities...
2025-10-01T20:24:43Z	INFO	[poetry] Detecting vulnerabilities...
2025-10-01T20:24:43Z	INFO	Detected config files	num=2

Report Summary

┌───────────────────┬────────────┬─────────────────┬───────────────────┐
│      Target       │    Type    │ Vulnerabilities │ Misconfigurations │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ poetry.lock       │   poetry   │        7        │         -         │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ requirements.txt  │    pip     │        0        │         -         │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ Dockerfile        │ dockerfile │        -        │         1         │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ docker/Dockerfile │ dockerfile │        -        │         0         │
└───────────────────┴────────────┴─────────────────┴───────────────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/v0.66/docs/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


poetry.lock (poetry)
====================
Total: 7 (UNKNOWN: 0, LOW: 1, MEDIUM: 6, HIGH: 0, CRITICAL: 0)

┌──────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬──────────────────────────────────────────────────────────────┐
│ Library  │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                            Title                             │
├──────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ certifi  │ CVE-2024-39689 │ LOW      │ fixed  │ 2024.2.2          │ 2024.7.4       │ python-certifi: Remove root certificates from `GLOBALTRUST`  │
│          │                │          │        │                   │                │ from the root store                                          │
│          │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-39689                   │
├──────────┼────────────────┼──────────┤        ├───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ idna     │ CVE-2024-3651  │ MEDIUM   │        │ 3.6               │ 3.7            │ python-idna: potential DoS via resource consumption via      │
│          │                │          │        │                   │                │ specially crafted inputs to idna.encode()...                 │
│          │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-3651                    │
├──────────┼────────────────┤          │        ├───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ requests │ CVE-2024-35195 │          │        │ 2.31.0

(Truncated to 5714 characters out of 9386)

⚠️ ACTION / actionlint - 3 errors

.github/workflows/github-dependents-info.yml:52:9: shellcheck reported issue in this script: SC2086:info:1:15: Double quote to prevent globbing and word splitting [shellcheck]
   |
52 |         run: sudo chown -R $USER:$USER .
   |         ^~~~
.github/workflows/github-dependents-info.yml:52:9: shellcheck reported issue in this script: SC2086:info:1:21: Double quote to prevent globbing and word splitting [shellcheck]
   |
52 |         run: sudo chown -R $USER:$USER .
   |         ^~~~
.github/workflows/release.yml:63:9: shellcheck reported issue in this script: SC2086:info:1:55: Double quote to prevent globbing and word splitting [shellcheck]
   |
63 |         run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> ${GITHUB_ENV}
   |         ^~~~

⚠️ REPOSITORY / grype - 19 errors

[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal)
NAME          INSTALLED  FIXED IN  TYPE    VULNERABILITY        SEVERITY  EPSS           RISK   
certifi       2024.2.2   2024.7.4  python  GHSA-248v-346w-9cwc  Low       21.2% (95th)   6.4    
setuptools    69.1.1     70.0.0    python  GHSA-cx63-2mw6-8hw5  High      4.2% (88th)    3.5    
virtualenv    20.25.1    20.26.6   python  GHSA-rqc4-2hc7-8c8v  High      1.4% (79th)    1.1    
jinja2        3.1.3      3.1.4     python  GHSA-h75v-3vvj-5mfj  Medium    0.6% (67th)    0.3    
idna          3.6        3.7       python  GHSA-jjg7-2v4v-x38h  Medium    0.4% (57th)    0.2    
setuptools    69.1.1     78.1.1    python  GHSA-5rjg-fvgr-3xxf  High      0.2% (37th)    0.1    
cryptography  42.0.5     44.0.1    python  GHSA-79v4-65xg-pq4g  Low       0.3% (53rd)    < 0.1  
authlib       1.3.0      1.3.1     python  GHSA-5357-c2jx-v7qh  High      0.1% (31st)    < 0.1  
urllib3       2.2.1      2.2.2     python  GHSA-34jh-p97f-mpxf  Medium    0.1% (35th)    < 0.1  
jinja2        3.1.3      3.1.5     python  GHSA-q2x7-8rv6-6q7h  Medium    < 0.1% (26th)  < 0.1  
jinja2        3.1.3      3.1.6     python  GHSA-cpwx-vrp4-4pq7  Medium    0.1% (28th)    < 0.1  
requests      2.31.0     2.32.4    python  GHSA-9hjg-9r4m-mvj7  Medium    < 0.1% (24th)  < 0.1  
black         24.2.0     24.3.0    python  GHSA-fj7x-q9j7-g6q6  Medium    < 0.1% (19th)  < 0.1  
requests      2.31.0     2.32.0    python  GHSA-9wx4-h78v-vm56  Medium    < 0.1% (8th)   < 0.1  
jinja2        3.1.3      3.1.5     python  GHSA-gmj6-6f8f-6699  Medium    < 0.1% (5th)   < 0.1  
authlib       1.3.0      1.6.4     python  GHSA-9ggr-2464-2j32  High      < 0.1% (3rd)   < 0.1  
urllib3       2.2.1      2.5.0     python  GHSA-pq67-6m6q-mj2v  Medium    < 0.1% (2nd)   < 0.1  
urllib3       2.2.1      2.5.0     python  GHSA-48p4-8xcf-vxj5  Medium    < 0.1% (1st)   < 0.1  
cryptography  42.0.5     43.0.1    python  GHSA-h4gh-qq45-vh27  Medium    N/A            N/A
[0026] ERROR discovered vulnerabilities at or above the severity threshold

⚠️ DOCKERFILE / hadolint - 1 error

Dockerfile:6 DL3013 warning: Pin versions in pip. Instead of `pip install <package>` use `pip install <package>==<version>` or `pip install --requirement <requirements file>`
docker/Dockerfile:7 DL3008 warning: Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
docker/Dockerfile:12 DL3045 warning: `COPY` to a relative destination without `WORKDIR` set.
docker/Dockerfile:15 DL3003 warning: Use WORKDIR to switch to a directory
docker/Dockerfile:15 DL4006 warning: Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check
docker/Dockerfile:15 SC2226 warning: This ln has no destination. Check the arguments, or specify '.' explicitly.
docker/Dockerfile:24 DL3025 warning: Use arguments JSON notation for CMD and ENTRYPOINT arguments

⚠️ MARKDOWN / markdownlint - 18 errors

.github/PULL_REQUEST_TEMPLATE.md:1 MD041/first-line-heading/first-line-h1 First line in a file should be a top-level heading [Context: "## Description"]
README.md:45:2 MD045/no-alt-text Images should have alternate text (alt text)
README.md:46:2 MD045/no-alt-text Images should have alternate text (alt text)
README.md:47:2 MD045/no-alt-text Images should have alternate text (alt text)
README.md:48:2 MD045/no-alt-text Images should have alternate text (alt text)
README.md:212:3 MD051/link-fragments Link fragments should be valid [Context: "[Installation](#⚙️-installation)"]
README.md:213:3 MD051/link-fragments Link fragments should be valid [Context: "[Usage](#🛠️-usage)"]
README.md:214:3 MD051/link-fragments Link fragments should be valid [Context: "[Examples](#🧪-examples)"]
README.md:240:185 MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]
README.md:241:1 MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: trailing_only; Missing leading pipe]
README.md:241:271 MD056/table-column-count Table column count [Expected: 3; Actual: 1; Too few cells, row will be missing data]
README.md:256 MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:260 MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:265 MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:269 MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:273 MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:277 MD046/code-block-style Code block style [Expected: fenced; Actual: indented]
README.md:281 MD046/code-block-style Code block style [Expected: fenced; Actual: indented]

⚠️ PYTHON / mypy - 4 errors

Collecting types-requests
  Downloading types_requests-2.32.4.20250913-py3-none-any.whl.metadata (2.0 kB)
Collecting urllib3>=2 (from types-requests)
  Downloading urllib3-2.5.0-py3-none-any.whl.metadata (6.5 kB)
Downloading types_requests-2.32.4.20250913-py3-none-any.whl (20 kB)
Downloading urllib3-2.5.0-py3-none-any.whl (129 kB)
Installing collected packages: urllib3, types-requests

   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 2/2 [types-requests]

Successfully installed types-requests-2.32.4.20250913 urllib3-2.5.0
github_dependents_info/gh_dependents_info.py:43: error: Need type annotation for "packages" (hint: "packages: list[<type>] = ...")  [var-annotated]
github_dependents_info/gh_dependents_info.py:44: error: Need type annotation for "all_public_dependent_repos" (hint: "all_public_dependent_repos: list[<type>] = ...")  [var-annotated]
github_dependents_info/gh_dependents_info.py:45: error: Need type annotation for "badges" (hint: "badges: dict[<type>, <type>] = ...")  [var-annotated]
github_dependents_info/gh_dependents_info.py:46: error: Need type annotation for "result" (hint: "result: dict[<type>, <type>] = ...")  [var-annotated]
Installing missing stub packages:
/venvs/mypy/bin/python3 -m pip install types-requests


Found 4 errors in 1 file (checked 6 source files)

⚠️ PYTHON / pyright - 6 errors

github_dependents_info/__main__.py
  github_dependents_info/__main__.py:3:8 - error: Import "typer" could not be resolved (reportMissingImports)
  github_dependents_info/__main__.py:6:6 - error: Import "rich.console" could not be resolved (reportMissingImports)
github_dependents_info/gh_dependents_info.py
  github_dependents_info/gh_dependents_info.py:8:8 - error: Import "pandas" could not be resolved (reportMissingImports)
  github_dependents_info/gh_dependents_info.py:10:6 - error: Import "bs4" could not be resolved (reportMissingImports)
  github_dependents_info/gh_dependents_info.py:12:6 - error: Import "requests.packages.urllib3.util.retry" could not be resolved (reportMissingImports)
  github_dependents_info/gh_dependents_info.py:144:49 - error: "total_public_stars" is possibly unbound (reportPossiblyUnboundVariable)
6 errors, 0 warnings, 0 informations

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@beta --custom-flavor-setup --custom-flavor-linters PYTHON_PYLINT,PYTHON_BLACK,PYTHON_FLAKE8,PYTHON_ISORT,PYTHON_BANDIT,PYTHON_MYPY,PYTHON_PYRIGHT,PYTHON_RUFF,ACTION_ACTIONLINT,COPYPASTE_JSCPD,DOCKERFILE_HADOLINT,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_CSPELL,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R