Deps: Bump the python-packages group with 5 updates #1187

dependabot · 2025-02-17T04:24:23Z

Bumps the python-packages group with 5 updates:

Package	From	To
python-gvm	`26.0.0`	`26.1.0`
coverage	`7.6.11`	`7.6.12`
lxml	`5.3.0`	`5.3.1`
ruff	`0.9.5`	`0.9.6`
websockets	`14.2`	`15.0`

Updates python-gvm from 26.0.0 to 26.1.0

Release notes

Sourced from python-gvm's releases.

python-gvm 26.1.0

26.1.0 - 2025-02-14

Dependencies

Bump the python-packages group with 7 updates ee406049

Commits

49a3e40 Automatic release to 26.1.0
ee40604 Deps: Bump the python-packages group with 7 updates
186c6c7 Automatic adjustments after release [skip ci]
See full diff in compare view

Updates coverage from 7.6.11 to 7.6.12

Changelog

Sourced from coverage's changelog.

Version 7.6.12 — 2025-02-11

Fix: some aarch64 distributions were missing (issue 1927_). These are now building reliably.

.. _issue 1927: nedbat/coveragepy#1927

.. _changes_7-6-11:

Commits

7e5373e docs: sample HTML for 7.6.12
a4ed38b docs: prep for 7.6.12
ce4efdc build: fix aarch64 kits #1927
a1f3192 build: don't publish if kit building failed
bb68f99 chore: bump the action-dependencies group with 2 updates (#1926)
f3d6b4a refactor: check for more kinds of constant tests
67899ea refactor: we no longer care what kind of constant the compile-time constants are
c850f20 refactor: macOS is MACOS, not OSX
a1b2c1a build: there are always tweaks to howto.txt
9c03039 build: bump version to 7.6.12
See full diff in compare view

Updates lxml from 5.3.0 to 5.3.1

Changelog

Sourced from lxml's changelog.

5.3.1 (2025-02-09)

Bugs fixed

GH#440: Some tests were adapted for libxml2 2.14.0. Patch by Nick Wellnhofer.

LP#2097175: DTD(external_id="…") erroneously required a byte string as ID value.

GH#450: iterparse() internally triggered the `DeprecationWarning`` added in lxml 5.3.0 when parsing HTML.

Other changes

GH#442: Binary wheels for macOS no longer use the linker flag -flat_namespace.

Commits

1dd5001 Update changelog.
7b177e4 CI: Fix dependency issues.
088c9e5 CI: Use older Ubuntu image to fix builds.
58af8b3 CI: Try to get legacy jobs working again.
37cdbb5 Prepare release of lxml 5.3.1.
64ac58f Build/CI: Update cache action from deprecated version.
6b654c9 Buld: Downgrade Ubuntu build image to fix dependency issues.
71fda3f Update changelog.
306041e iterparse: ignore "strip_cdata" when parsing HTML (GH-450)
e73c466 Fix DTD(external_id="...") option.
Additional commits viewable in compare view

Updates ruff from 0.9.5 to 0.9.6

Release notes

Sourced from ruff's releases.

0.9.6

Release Notes

Preview features

[airflow] Add external_task.{ExternalTaskMarker, ExternalTaskSensor} for AIR302 (#16014)

[flake8-builtins] Make strict module name comparison optional (A005) (#15951)

[flake8-pyi] Extend fix to Python <= 3.9 for redundant-none-literal (PYI061) (#16044)

[pylint] Also report when the object isn't a literal (PLE1310) (#15985)

[ruff] Implement indented-form-feed (RUF054) (#16049)

[ruff] Skip type definitions for missing-f-string-syntax (RUF027) (#16054)

Rule changes

[flake8-annotations] Correct syntax for typing.Union in suggested return type fixes for ANN20x rules (#16025)

[flake8-builtins] Match upstream module name comparison (A005) (#16006)

[flake8-comprehensions] Detect overshadowed list/set/dict, ignore variadics and named expressions (C417) (#15955)

[flake8-pie] Remove following comma correctly when the unpacked dictionary is empty (PIE800) (#16008)

[flake8-simplify] Only trigger SIM401 on known dictionaries (#15995)

[pylint] Do not report calls when object type and argument type mismatch, remove custom escape handling logic (PLE1310) (#15984)

[pyupgrade] Comments within parenthesized value ranges should not affect applicability (UP040) (#16027)

[pyupgrade] Don't introduce invalid syntax when upgrading old-style type aliases with parenthesized multiline values (UP040) (#16026)

[pyupgrade] Ensure we do not rename two type parameters to the same name (UP049) (#16038)

[pyupgrade] [ruff] Don't apply renamings if the new name is shadowed in a scope of one of the references to the binding (UP049, RUF052) (#16032)

[ruff] Update RUF009 to behave similar to B008 and ignore attributes with immutable types (#16048)

Server

Root exclusions in the server to project root (#16043)

Bug fixes

[flake8-datetime] Ignore .replace() calls while looking for .astimezone (#16050)

[flake8-type-checking] Avoid TC004 false positive where the runtime definition is provided by __getattr__ (#16052)

Documentation

Improve ruff-lsp migration document (#16072)

Undeprecate ruff.nativeServer (#16039)

Contributors

@AlexWaygood

@Daverball

@InSyncWithFoo

@Lee-W

@MichaReiser

@carlosgmartin

@dhruvmanila

@dylwil3

@junhsonjb

... (truncated)

Changelog

Sourced from ruff's changelog.

0.9.6

Preview features

[airflow] Add external_task.{ExternalTaskMarker, ExternalTaskSensor} for AIR302 (#16014)

[flake8-builtins] Make strict module name comparison optional (A005) (#15951)

[flake8-pyi] Extend fix to Python <= 3.9 for redundant-none-literal (PYI061) (#16044)

[pylint] Also report when the object isn't a literal (PLE1310) (#15985)

[ruff] Implement indented-form-feed (RUF054) (#16049)

[ruff] Skip type definitions for missing-f-string-syntax (RUF027) (#16054)

Rule changes

[flake8-annotations] Correct syntax for typing.Union in suggested return type fixes for ANN20x rules (#16025)

[flake8-builtins] Match upstream module name comparison (A005) (#16006)

[flake8-comprehensions] Detect overshadowed list/set/dict, ignore variadics and named expressions (C417) (#15955)

[flake8-pie] Remove following comma correctly when the unpacked dictionary is empty (PIE800) (#16008)

[flake8-simplify] Only trigger SIM401 on known dictionaries (#15995)

[pylint] Do not report calls when object type and argument type mismatch, remove custom escape handling logic (PLE1310) (#15984)

[pyupgrade] Comments within parenthesized value ranges should not affect applicability (UP040) (#16027)

[pyupgrade] Don't introduce invalid syntax when upgrading old-style type aliases with parenthesized multiline values (UP040) (#16026)

[pyupgrade] Ensure we do not rename two type parameters to the same name (UP049) (#16038)

[pyupgrade] [ruff] Don't apply renamings if the new name is shadowed in a scope of one of the references to the binding (UP049, RUF052) (#16032)

[ruff] Update RUF009 to behave similar to B008 and ignore attributes with immutable types (#16048)

Server

Root exclusions in the server to project root (#16043)

Bug fixes

[flake8-datetime] Ignore .replace() calls while looking for .astimezone (#16050)

[flake8-type-checking] Avoid TC004 false positive where the runtime definition is provided by __getattr__ (#16052)

Documentation

Improve ruff-lsp migration document (#16072)

Undeprecate ruff.nativeServer (#16039)

Commits

524cf6e Bump version to 0.9.6 (#16074)
857cf0d Revert tailwindcss v4 update (#16075)
0f1eb1e Improve migration document (#16072)
b69eb90 Fix reference definition labels for backtick-quoted shortcut links (#16035)
d2f661f RUF009 should behave similar to B008 and ignore attributes with immutable typ...
07cf885 [pylint] Also report when the object isn't a literal (PLE1310) (#15985)
c089896 Update Rust crate rustc-hash to v2.1.1 (#16060)
869a954 Root exclusions in the server to project root (#16043)
cc0a5dd Directly include Settings struct for the server (#16042)
b54e390 Update Rust crate clap to v4.5.28 (#16059)
Additional commits viewable in compare view

Updates websockets from 14.2 to 15.0

Release notes

Sourced from websockets's releases.

15.0

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

Commits

7ac73c6 Release version 15.0.
a1ba01d Rewrite interactive client (again) without threads.
bc3fd29 Simplify enabling VT100 mode on Windows.
963f13f Restore display of close code and reason.
667e418 Review how-to guides, notably the patterns guide.
e934680 Broaden type of extension parameters.
61a6a7a Clean up quick start guides.
82dfd83 Improve index page for topic guides.
e60e04c Unify examples for topic guides under experiments.
7bfb114 Add standalone guide to enable debug logs.
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the python-packages group with 5 updates: | Package | From | To | | --- | --- | --- | | [python-gvm](https://github.com/greenbone/python-gvm) | `26.0.0` | `26.1.0` | | [coverage](https://github.com/nedbat/coveragepy) | `7.6.11` | `7.6.12` | | [lxml](https://github.com/lxml/lxml) | `5.3.0` | `5.3.1` | | [ruff](https://github.com/astral-sh/ruff) | `0.9.5` | `0.9.6` | | [websockets](https://github.com/python-websockets/websockets) | `14.2` | `15.0` | Updates `python-gvm` from 26.0.0 to 26.1.0 - [Release notes](https://github.com/greenbone/python-gvm/releases) - [Commits](greenbone/python-gvm@v26.0.0...v26.1.0) Updates `coverage` from 7.6.11 to 7.6.12 - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](nedbat/coveragepy@7.6.11...7.6.12) Updates `lxml` from 5.3.0 to 5.3.1 - [Release notes](https://github.com/lxml/lxml/releases) - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) - [Commits](lxml/lxml@lxml-5.3.0...lxml-5.3.1) Updates `ruff` from 0.9.5 to 0.9.6 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.9.5...0.9.6) Updates `websockets` from 14.2 to 15.0 - [Release notes](https://github.com/python-websockets/websockets/releases) - [Commits](python-websockets/websockets@14.2...15.0) --- updated-dependencies: - dependency-name: python-gvm dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-packages - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-packages - dependency-name: lxml dependency-type: indirect update-type: version-update:semver-patch dependency-group: python-packages - dependency-name: ruff dependency-type: indirect update-type: version-update:semver-patch dependency-group: python-packages - dependency-name: websockets dependency-type: indirect update-type: version-update:semver-major dependency-group: python-packages ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2025-02-17T04:24:37Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
❌ 2 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
✅ 0 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 5b5fb60.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

poetry.lock

Package	Version	License	Issue Type
lxml	5.3.1	BSD-3-Clause AND GPL-1.0-or-later	Incompatible License
ruff	0.9.6	0BSD AND Apache-2.0 AND BSD-3-Clause AND MIT	Incompatible License

Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-or-later, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-DFS-2016, Unlicense

OpenSSF Scorecard

Package

Version

Score

Details

pip/coverage

7.6.12

🟢 8.5

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
Fuzzing	🟢 10	project is fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
CII-Best-Practices	🟢 5	badge detected: Passing
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Packaging	🟢 10	packaging workflow detected
SAST	🟢 10	SAST tool is run on all commits

pip/lxml

5.3.1

🟢 6.6

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 2/29 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing	🟢 10	project is fuzzed
Pinned-Dependencies	⚠️ 1	dependency not pinned by hash detected -- score normalized to 1
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.

pip/python-gvm

26.1.0

🟢 5.8

Details

Check	Score	Reason
Code-Review	🟢 4	Found 4/10 approved changesets -- score normalized to 4
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 10	30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Signed-Releases	🟢 8	5 out of the last 5 releases have a total of 5 signed artifacts.
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	🟢 10	security policy file detected
Vulnerabilities	⚠️ 0	10 existing vulnerabilities detected
SAST	🟢 10	SAST tool is run on all commits

pip/ruff

0.9.6

Unknown

pip/websockets

15.0

🟢 5

Details

Check	Score	Reason
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 10	30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	⚠️ 0	Found 1/23 approved changesets -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Signed-Releases	⚠️ -1	no releases found
Packaging	🟢 10	packaging workflow detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 0	17 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

Scanned Files

poetry.lock

github-actions · 2025-02-17T04:24:55Z

Conventional Commits Report

Type	Number
Dependencies	1

🚀 Conventional commits found.

codecov · 2025-02-17T04:26:09Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 49.27%. Comparing base (666c896) to head (5b5fb60).
Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1187   +/-   ##
=======================================
  Coverage   49.27%   49.27%           
=======================================
  Files          18       18           
  Lines        1240     1240           
=======================================
  Hits          611      611           
  Misses        629      629

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

dependabot bot requested a review from a team as a code owner February 17, 2025 04:24

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Feb 17, 2025

greenbonebot enabled auto-merge (rebase) February 17, 2025 04:24

bjoernricks approved these changes Feb 17, 2025

View reviewed changes

greenbonebot merged commit 2a962e0 into main Feb 17, 2025
27 of 28 checks passed

greenbonebot deleted the dependabot/pip/python-packages-1badd186fb branch February 17, 2025 07:14

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Deps: Bump the python-packages group with 5 updates #1187

Deps: Bump the python-packages group with 5 updates #1187

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Deps: Bump the python-packages group with 5 updates #1187

Deps: Bump the python-packages group with 5 updates #1187

Uh oh!

Conversation

Uh oh!

python-gvm 26.1.0

26.1.0 - 2025-02-14

Dependencies

Version 7.6.12 — 2025-02-11

5.3.1 (2025-02-09)

Bugs fixed

Other changes

0.9.6

Release Notes

Preview features

Rule changes

Server

Bug fixes

Documentation

Contributors

0.9.6

Preview features

Rule changes

Server

Bug fixes

Documentation

15.0

Uh oh!

Dependency Review

Snapshot Warnings

License Issues

poetry.lock

OpenSSF Scorecard

Scanned Files

Uh oh!

Conventional Commits Report

Uh oh!

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Uh oh!