chore(deps): bump the pip group with 5 updates #2154

dependabot · 2025-03-31T11:10:14Z

Bumps the pip group with 5 updates:

Package	From	To
mkdocs-material	`9.6.9`	`9.6.10`
mkdocstrings[python]	`0.29.0`	`0.29.1`
semgrep	`1.114.0`	`1.116.0`
coverage[toml]	`7.7.1`	`7.8.0`
pytest-asyncio	`0.25.3`	`0.26.0`

Updates mkdocs-material from 9.6.9 to 9.6.10

Release notes

Sourced from mkdocs-material's releases.

mkdocs-material-9.6.10

This version is a pure refactoring release, and does not contain new features or bug fixes. It strives to improve the compatibility of our templates with alternative Jinja-like template engines that we're currently exploring, including minijinja.

Additionally, it replaces several instances of Python function invocations with idiomatic use of template filters. All instances where variables have been mutated inside templates have been replaced. Most changes have been made in partials, and only a few in blocks, and all of them are fully backward compatible, so no changes to overrides are necessary.

Note that this release does not replace the Jinja template engine with minijinja. However, our templates are now 99% compatible with minijinja, which means we can explore alternative Jinja-compatible implementations. Additionally, immutability and removal of almost all Python function invocations means much more idiomatic templating.

Changelog

Sourced from mkdocs-material's changelog.

mkdocs-material-9.6.10 (2025-03-30)

This version is a pure refactoring release, and does not contain new features or bug fixes. It strives to improve the compatibility of our templates with alternative Jinja-like template engines that we're currently exploring, including minijinja.

Additionally, it replaces several instances of Python function invocations with idiomatic use of template filters. All instances where variables have been mutated inside templates have been replaced. Most changes have been made in partials, and only a few in blocks, and all of them are fully backward compatible, so no changes to overrides are necessary.

Note that this release does not replace the Jinja template engine with minijinja. However, our templates are now 99% compatible with minijinja, which means we can explore alternative Jinja-compatible implementations. Additionally, immutability and removal of almost all Python function invocations means much more idiomatic templating.

mkdocs-material-9.6.9 (2025-03-17)

Updated Serbo-Croatian translations

Fixed #8086: Custom SVG icons containing hashes break rendering

Fixed #8067: Drawer has gap on right side in Firefox on some OSs

mkdocs-material-9.6.8+insiders-4.53.16 (2025-03-13)

Fixed #8019: Tooltips have precedence over instant previews

mkdocs-material-9.6.8 (2025-03-13)

Added Welsh translations

Fixed #8076: Privacy plugin crashes if HTTP download fails

mkdocs-material-9.6.7 (2025-03-03)

Fixed #8056: Error in backrefs implementation (9.6.6 regression)

Fixed #8054: Unescaped quotes in ARIA labels of table of contents

mkdocs-material-9.6.6 (2025-03-01)

Fixed #8040: Privacy plugin not replacing exteral assets (9.6.5 regression)

Fixed #8031: Replace unmaintained regex package in search plugin

mkdocs-material-9.6.5 (2025-02-20)

Fixed #8016: Tags listing not showing when when file name has spaces

Fixed #8012: Privacy plugin crashes if HTTP download fails

mkdocs-material-9.6.4 (2025-02-12)

... (truncated)

Commits

7bd6b92 Prepare 9.6.10 release
dc7d75e Updated dependencies
c18630f Removed usage of circular members in nav_item partial
fb0c27c Replaced items call with use of filter
ec38e30 Ensured compatibility with minijinja (Rust)
e66107e Documentation
See full diff in compare view

Updates mkdocstrings[python] from 0.29.0 to 0.29.1

Release notes

Sourced from mkdocstrings[python]'s releases.

0.29.1

0.29.1 - 2025-03-31

Compare with 0.29.0

Dependencies

Remove unused typing-extensions dependency (ba98661 by Timothée Mazzucotelli).

Bug Fixes

Ignore invalid inventory lines (81caff5 by Josh Mitchell). PR-748

Code Refactoring

Rename loggers to "mkdocstrings" (1a98040 by Timothée Mazzucotelli).

Changelog

Sourced from mkdocstrings[python]'s changelog.

0.29.1 - 2025-03-31

Compare with 0.29.0

Dependencies

Remove unused typing-extensions dependency (ba98661 by Timothée Mazzucotelli).

Bug Fixes

Ignore invalid inventory lines (81caff5 by Josh Mitchell). PR-748

Code Refactoring

Rename loggers to "mkdocstrings" (1a98040 by Timothée Mazzucotelli).

Commits

df4e7c8 chore: Prepare release 0.29.1
1a98040 refactor: Rename loggers to "mkdocstrings"
81caff5 fix: Ignore invalid inventory lines
0bc4799 style: Format and configure for Ruff >= 0.10.0
ccf65c1 docs: Remove 'sponsors only' labels
983b3cd chore: Mark legacy stuff with Yore comments
9464579 tests: Remove old skip conditions
ba98661 deps: Remove unused typing-extensions dependency
See full diff in compare view

Updates semgrep from 1.114.0 to 1.116.0

Release notes

Sourced from semgrep's releases.

Release v1.116.0

1.116.0 - 2025-03-28

Fixed

Use value of $XDG_CACHE_HOME before hardcoded ~/.cache for semgrep_version file (gh-4465)

Changelog

Sourced from semgrep's changelog.

1.116.0 - 2025-03-28

Fixed

Use value of $XDG_CACHE_HOME before hardcoded ~/.cache for semgrep_version file (gh-4465)

1.115.0 - 2025-03-26

Added
pro: Extended the requires: key for taint sinks to specify multiple conditions associated with different metavariables.

For example:
pattern-sinks:
- patterns:
  - pattern: $OBJ.foo($SINK, $ARG1)
  - focus-metavariable: $SINK
  requires:
  - $SINK: TAINT
  - $OBJ: OBJ
  - $ARG1: ARG1
With a regular requires: the condition can only apply to whatever the sink is matching, in this case, $SINK. With a "multi-requires" we are able to restrict $SINK, $OBJ and $ARG1 independently, each one having its own condition.

Note that requires: is part of the experimental taint labels feature. (code-7912)
In the text output of semgrep scan and semgrep ci, a warning message announcing the upcoming Semgrepignore v2 is now displayed. Differences in target selection are shown. (semgrepignore-v2-warning)

Commits

012bdf7 chore: release version 1.116.0
66b6304semgrep/semgrep-proprietary#3528
b9d220f chore(windows): nudge Windows users away at build and runtime (semgrep/semgr...
e61b44c fix: remove extraneous debugging statement from SAF-1842 (semgrep/semgrep-pro...
bb5df23 fix(ci): refer to the same directory in the OSS workflow (semgrep/semgrep-pro...
5500992 fix: apply windows patch to OSS windows workflow (semgrep/semgrep-proprietary...
3136d06 fix(SAF-1842): don't suggest --verbose if already set (semgrep/semgrep-propri...
bb5e745semgrep/semgrep-proprietary#3514
7953db9 chore: update to use latest opentelemetry version (semgrep/semgrep-proprietar...
5f5d861semgrep/semgrep-proprietary#3505
Additional commits viewable in compare view

Updates coverage[toml] from 7.7.1 to 7.8.0

Release notes

Sourced from coverage[toml]'s releases.

7.8.0

Version 7.8.0 — 2025-03-30

Added a new source_dirs setting for symmetry with the existing source_pkgs setting. It’s preferable to the existing source setting, because you’ll get a clear error when directories don’t exist. Fixes issue 1942. Thanks, Jeremy Fleischman.

Fix: the PYTHONSAFEPATH environment variable new in Python 3.11 is properly supported, closing issue 1696. Thanks, Philipp A.. This works properly except for a detail when using the coverage command on Windows. There you can use python -m coverage instead if you need exact emulation.

➡️ PyPI page: coverage 7.8.0. :arrow_right: To install: python3 -m pip install coverage==7.8.0

Changelog

Sourced from coverage[toml]'s changelog.

Version 7.8.0 — 2025-03-30

Added a new source_dirs setting for symmetry with the existing source_pkgs setting. It's preferable to the existing source setting, because you'll get a clear error when directories don't exist. Fixes issue 1942. Thanks, Jeremy Fleischman <pull 1943_>.

Fix: the PYTHONSAFEPATH environment variable new in Python 3.11 is properly supported, closing issue 1696. Thanks, Philipp A. <pull 1700_>. This works properly except for a detail when using the coverage command on Windows. There you can use python -m coverage instead if you need exact emulation.

.. _issue 1696: nedbat/coveragepy#1696 .. _pull 1700: nedbat/coveragepy#1700 .. _issue 1942: nedbat/coveragepy#1942 .. _pull 1943: nedbat/coveragepy#1943

.. _changes_7-7-1:

Commits

6d5ced9 docs: sample HTML for 7.8.0
49c194f docs: prep for 7.8.0
38782cb docs: finish up source_dirs. bump to 7.8.0
7aea2f3 feat: add new source_dirs option (#1943)
f464155 test: some simple bytecode tests
cf1dec0 refactor: these pypy modules are available in all our versions
a876052 test: a general helper for iterating over our own source files
82cff3e perf: sets are better than lists
a66bd61 refactor: move bytecode code into bytecode.py
d64ce5f chore: bump the action-dependencies group with 3 updates (#1940)
Additional commits viewable in compare view

Updates pytest-asyncio from 0.25.3 to 0.26.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio 0.26.0

Adds configuration option that sets default event loop scope for all tests #793

Improved type annotations for pytest_asyncio.fixture #1045

Added typing-extensions as additional dependency for Python <3.10 #1045

Commits

4f8ce45 docs: Prepare release of v0.26.0.
498e8a7 Build(deps): Bump attrs from 25.1.0 to 25.3.0 in /dependencies/default
01c22ff build: Update project metadata to use SPDX license identifier
78191c9 [pre-commit.ci] pre-commit autoupdate
9a45551 Build(deps): Bump hypothesis in /dependencies/default
6680409 Build(deps): Bump coverage from 7.7.0 to 7.7.1 in /dependencies/default
aa82c57 Build(deps): Bump iniconfig from 2.0.0 to 2.1.0 in /dependencies/default
cca587e [pre-commit.ci] pre-commit autoupdate
5d90b29 Build(deps): Bump hypothesis in /dependencies/default
c262262 Build(deps): Bump coverage from 7.6.12 to 7.7.0 in /dependencies/default
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the pip group with 5 updates: | Package | From | To | | --- | --- | --- | | [mkdocs-material](https://github.com/squidfunk/mkdocs-material) | `9.6.9` | `9.6.10` | | [mkdocstrings[python]](https://github.com/mkdocstrings/mkdocstrings) | `0.29.0` | `0.29.1` | | [semgrep](https://github.com/returntocorp/semgrep) | `1.114.0` | `1.116.0` | | [coverage[toml]](https://github.com/nedbat/coveragepy) | `7.7.1` | `7.8.0` | | [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `0.25.3` | `0.26.0` | Updates `mkdocs-material` from 9.6.9 to 9.6.10 - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](squidfunk/mkdocs-material@9.6.9...9.6.10) Updates `mkdocstrings[python]` from 0.29.0 to 0.29.1 - [Release notes](https://github.com/mkdocstrings/mkdocstrings/releases) - [Changelog](https://github.com/mkdocstrings 8000 /mkdocstrings/blob/main/CHANGELOG.md) - [Commits](mkdocstrings/mkdocstrings@0.29.0...0.29.1) Updates `semgrep` from 1.114.0 to 1.116.0 - [Release notes](https://github.com/returntocorp/semgrep/releases) - [Changelog](https://github.com/semgrep/semgrep/blob/develop/CHANGELOG.md) - [Commits](semgrep/semgrep@v1.114.0...v1.116.0) Updates `coverage[toml]` from 7.7.1 to 7.8.0 - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](nedbat/coveragepy@7.7.1...7.8.0) Updates `pytest-asyncio` from 0.25.3 to 0.26.0 - [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases) - [Commits](pytest-dev/pytest-asyncio@v0.25.3...v0.26.0) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch dependency-group: pip - dependency-name: mkdocstrings[python] dependency-type: direct:production update-type: version-update:semver-patch dependency-group: pip - dependency-name: semgrep dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip - dependency-name: coverage[toml] dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip - dependency-name: pytest-asyncio dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 31, 2025

davorrunje enabled auto-merge March 31, 2025 11:12

davorrunje approved these changes Mar 31, 2025

View reviewed changes

davorrunje added this pull request to the merge queue Mar 31, 2025

Merged via the queue into main with commit 1c84c03 Mar 31, 2025
31 checks passed

davorrunje deleted the dependabot/pip/pip-7278946ddb branch March 31, 2025 11:38

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the pip group with 5 updates #2154

chore(deps): bump the pip group with 5 updates #2154

Uh oh!

Uh oh!

Uh oh!

Uh oh!

chore(deps): bump the pip group with 5 updates #2154

chore(deps): bump the pip group with 5 updates #2154

Uh oh!

Conversation

mkdocs-material-9.6.10

0.29.1

0.29.1 - 2025-03-31

Dependencies

Bug Fixes

Code Refactoring

0.29.1 - 2025-03-31

Dependencies

Bug Fixes

Code Refactoring

Release v1.116.0

1.116.0 - 2025-03-28

Fixed

1.116.0 - 2025-03-28

Fixed

1.115.0 - 2025-03-26

Added

7.8.0

Version 7.8.0 — 2025-03-30

Version 7.8.0 — 2025-03-30

pytest-asyncio 0.26.0

Uh oh!

Uh oh!

Uh oh!