chore(deps): update all non-major dependencies

[renovate-coveooss]

DEF-160

This PR contains the following updates:

Package	Type	Update	Change
bandit (source, changelog)	dev-dependencies	patch	1.7.8 -> 1.7.9
mypy (source, changelog)	dev-dependencies	patch	1.10.0 -> 1.10.1
pycodestyle (changelog)	dev-dependencies	minor	2.11.1 -> 2.12.0
pylint (changelog)	dev-dependencies	patch	3.2.2 -> 3.2.5
pytest (changelog)	dev-dependencies	patch	8.2.1 -> 8.2.2

---

Release Notes

PyCQA/bandit (bandit)

v1.7.9

Compare Source

What's Changed

• Bump docker/build-push-action from 5.1.0 to 5.2.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1117
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/PyCQA/bandit/pull/1119
• New logo for Bandit based on raccoon by @​ericwb in https://github.com/PyCQA/bandit/pull/1121
• Start testing on Python 3.13 by @​ericwb in https://github.com/PyCQA/bandit/pull/1122
• Bump docker/build-push-action from 5.2.0 to 5.3.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1123
• Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1124
• Bump docker/login-action from 3.0.0 to 3.1.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1125
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/PyCQA/bandit/pull/1126
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/PyCQA/bandit/pull/1127
• Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1130
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/PyCQA/bandit/pull/1131
• Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1132
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/PyCQA/bandit/pull/1133
• Updates banner logo so it renders well in dark mode by @​ericwb in https://github.com/PyCQA/bandit/pull/1134
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/PyCQA/bandit/pull/1135
• Add a sponsor section to README by @​ericwb in https://github.com/PyCQA/bandit/pull/1137
• Ensure sarif extra is included as part of doc build by @​ericwb in https://github.com/PyCQA/bandit/pull/1139
• Bump docker/login-action from 3.1.0 to 3.2.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1142
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/PyCQA/bandit/pull/1143
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/PyCQA/bandit/pull/1145
• Guard against empty call argument list by @​ericwb in https://github.com/PyCQA/bandit/pull/1146
• Bump docker/build-push-action from 5.3.0 to 5.4.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1144
• Support configfile in .bandit file by @​bersbersbers in https://github.com/PyCQA/bandit/pull/1052

New Contributors

• @​pre-commit-ci made their first contribution in https://github.com/PyCQA/bandit/pull/1119
• @​bersbersbers made their first contribution in https://github.com/PyCQA/bandit/pull/1052

Full Changelog: PyCQA/bandit@1.7.8...1.7.9

python/mypy (mypy)

v1.10.1

Compare Source

• Fix error reporting on cached run after uninstallation of third party library (Shantanu, PR 17420)

pylint-dev/pylint (pylint)

v3.2.5

Compare Source

What's new in Pylint 3.2.5 ?

Release date: 2024-06-28

Other Bug Fixes

• Fixed a false positive unreachable-code when using typing.Any as return type in python
  3.8, the typing.NoReturn are not taken into account anymore for python 3.8 however.

  Closes #​9751

v3.2.4

Compare Source

What's new in Pylint 3.2.4?

Release date: 2024-06-26

False Positives Fixed

• Prevent emitting possibly-used-before-assignment when relying on names
  only potentially not defined in conditional blocks guarded by functions
  annotated with typing.Never or typing.NoReturn.

  Closes #​9674

Other Bug Fixes

• Fixed a crash when the lineno of a variable used as an annotation wasn't available for undefined-variable.

  Closes #​8866

• Fixed a crash when the start value in an enumerate was non-constant and impossible to infer
  (like inenumerate(apples, start=int(random_apple_index)) for unnecessary-list-index-lookup.

  Closes #​9078

• Fixed a crash in symilar when the -d or -i short option were not properly recognized.
  It's still impossible to do -d=1 (you must do -d 1).

  Closes #​9343

v3.2.3

Compare Source

False Positives Fixed

• Classes with only an Ellipsis (...) in their body do not trigger 'multiple-statements'
  anymore if they are inlined (in accordance with black's 2024 style).

  Closes #​9398

• Fix a false positive for redefined-outer-name when there is a name defined in an exception-handling block which shares the same name as a local variable that has been defined in a function body.

  Closes #​9671

• Fix a false positive for use-yield-from when using the return value from the yield atom.

  Closes #​9696

pytest-dev/pytest (pytest)

v8.2.2

Compare Source

pytest 8.2.2 (2024-06-04)

Bug Fixes

• #​12355: Fix possible catastrophic performance slowdown on a certain parametrization pattern involving many higher-scoped parameters.
• #​12367: Fix a regression in pytest 8.2.0 where unittest class instances (a fresh one is created for each test) were not released promptly on test teardown but only on session teardown.
• #​12381: Fix possible "Directory not empty" crashes arising from concurent cache dir (.pytest_cache) creation. Regressed in pytest 8.2.0.

Improved Documentation

• #​12290: Updated Sphinx theme to use Furo instead of Flask, enabling Dark mode theme.
• #​12356: Added a subsection to the documentation for debugging flaky tests to mention
  lack of thread safety in pytest as a possible source of flakyness.
• #​12363: The documentation webpages now links to a canonical version to reduce outdated documentation in search engine results.

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" in timezone America/Toronto, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ❌ 1 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

poetry.lock

Package	Version	License	Issue Type
pylint	3.2.5	GPL-2.0-only AND GPL-2.0-or-later	Incompatible License
pycodestyle	2.12.0	Null	Unknown License

Allowed Licenses: 0BSD, Apache-2.0, Apache-2.0 AND MIT, Apache-2.0 AND BSD-3-Clause AND Python-2.0, Beerware, BlueOak-1.0.0, BSD-1-Clause, BSD-2-Clause, BSD-2-Clause-Patent, BSD-2-Clause-Views, BSD-2-Clause AND MIT, BSD-3-Clause, BSD-3-Clause-Attribution, BSD-3-Clause-Clear, BSL-1.0, CC-BY-3.0, CC-BY-4.0, CC0-1.0, CNRI-Python, curl, HPND, IBM-pibs, ImageMagick, ISC, JSON, MIT, MIT-0, MIT AND ISC, MIT AND Python-2.0, MIT-advertising, mpi-permissive, NCSA, ODC-By-1.0, PDDL-1.0, Plexus, PostgreSQL, PSF-2.0, Python-2.0, Python-2.0.1, SAX-PD, Unlicense, UPL-1.0, W3C, Wsuipa, WTFPL, X11, X11-distribute-modifications-variant, Xerox, Zlib, ZPL-2.1

OpenSSF Scorecard

Package	Version	Score	Details
pip/bandit	1.7.9	🟢 6.6	Details Check Score Reason Code-Review 🟢 9 Found 11/12 approved changesets -- score normalized to 9 Maintained 🟢 10 24 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities 🟢 9 1 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/mypy	1.10.1	🟢 5.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 22/29 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/pycodestyle	2.12.0	🟢 5.4	Details Check Score Reason Maintained 🟢 10 10 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 6 Found 5/8 approved changesets -- score normalized to 6 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/pylint	3.2.5	🟢 7.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices 🟢 5 badge detected: Passing License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 9 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 9 SAST tool detected but not run on all commits Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
pip/pytest	8.2.2	🟢 6.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/bandit	1.7.8	🟢 6.6	Details Check Score Reason Code-Review 🟢 9 Found 11/12 approved changesets -- score normalized to 9 Maintained 🟢 10 24 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities 🟢 9 1 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/mypy	1.10.0	🟢 5.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 22/29 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/pycodestyle	2.11.1	🟢 5.4	Details Check Score Reason Maintained 🟢 10 10 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 6 Found 5/8 approved changesets -- score normalized to 6 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/pylint	3.2.2	🟢 7.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices 🟢 5 badge detected: Passing License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 9 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 9 SAST tool detected but not run on all commits Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
pip/pytest	8.2.1	🟢 6.4	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Manifest Files

poetry.lock

• bandit@1.7.9
• mypy@1.10.1
• pycodestyle@2.12.0
• pylint@3.2.5
• pytest@8.2.2
• bandit@1.7.8
• mypy@1.10.0
• pycodestyle@2.11.1
• pylint@3.2.2
• pytest@8.2.1

pyproject.toml

• bandit@1.7.9
• mypy@1.10.1
• pycodestyle@2.12.0
• pylint@3.2.5
• pytest@8.2.2
• bandit@1.7.8
• mypy@1.10.0
• pycodestyle@2.11.1
• pylint@3.2.2
• pytest@8.2.1