Bump the minor-and-patches group with 4 updates

[dependabot]

Bumps the minor-and-patches group with 4 updates: mypy, mypy-zope, phonenumbers and pysaml2.

Updates mypy from 1.17.1 to 1.18.2

Changelog

Sourced from mypy's changelog.

Mypy 1.18.2

• Fix crash on recursive alias (Ivan Levkivskyi, PR 19845)
• Add additional guidance for stubtest errors when runtime is object.__init__ (Stephen Morton, PR 19733)
• Fix handling of None values in f-string expressions in mypyc (BobTheBuidler, PR 19846)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

• Ali Hamdan
• Anthony Sottile
• BobTheBuidler
• Brian Schubert
• Chainfire
• Charlie Denton
• Christoph Tyralla
• CoolCat467
• Daniel Hnyk
• Emily
• Emma Smith
• Ethan Sarp
• Ivan Levkivskyi
• Jahongir Qurbonov
• Jelle Zijlstra
• Joren Hammudoglu
• Jukka Lehtosalo
• Marc Mueller
• Omer Hadari
• Piotr Sawicki
• PrinceNaroliya
• Randolf Scholz
• Robsdedude
• Saul Shanabrook
• Shantanu
• Stanislav Terliakov
• Stephen Morton
• wyattscarpenter

I’d also like to thank my employer, Dropbox, for supporting mypy development.

Mypy 1.17

We’ve just uploaded mypy 1.17 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

... (truncated)

Commits

• df05f05 remove +dev from version
• 01a7a12 Update changelog for 1.18.2 (#19873)
• ca5abf0 Typeshed cherry-pick: Make type of unitest.mock.Any a subclass of Any (#1...
• 9d794b5 [mypyc] fix: inappropriate Nones in f-strings (#19846)
• 2c0510c stubtest: additional guidance on errors when runtime is object.init (#19733)
• 2f3f03c Bump version to 1.18.2+dev for point release
• 7669841 Fix crash on recursive alias in indirection.py (#19845)
• 03fbaa9 bump version to 1.18.1 due to wheels failure
• b44a1fb removed +dev from version
• 7197a99 Removed Unreleased in the Changelog for Release 1.18 (#19827)
• Additional commits viewable in compare view

Updates mypy-zope from 1.0.13 to 1.0.14

Changelog

Sourced from mypy-zope's changelog.

1.0.14 (2025-12-01)

---

• Support mypy-1.19
• Support mypy-1.18

Commits

• 38d22f3 Preparing release 1.0.14
• 76762ec Maintain changelog
• 4971d98 Merge pull request #134 from Shoobx/dependabot/pip/mypy-gte-1.0.0-and-lt-1.20.0
• 47af89d Update mypy requirement from <1.19.0,>=1.0.0 to >=1.0.0,<1.20.0
• 0c596ff Maintain changelog
• dcaa278 Merge pull request #132 from Shoobx/dependabot/pip/mypy-gte-1.0.0-and-lt-1.19.0
• 8f7b677 Update mypy requirement from <1.18.0,>=1.0.0 to >=1.0.0,<1.19.0
• 91b275b Back to development: 1.0.14
• See full diff in compare view

Updates phonenumbers from 9.0.18 to 9.0.19

Commits

• 38f2ffe Prep for 9.0.19 release
• cd7f0cc Generated files for metadata
• 40ae18f Merge metadata changes from upstream 9.0.19
• See full diff in compare view

Does not update pysaml2 from 7.5.0 to 7.5.4 since this would downgrade pyOpenSSL

Release notes

Sourced from pysaml2's releases.

Version v7.5.4

v7.5.4 (2025-10-07)

• Minor refactor to handle shelve.open and dbm errors
• Remove import of deprecated cgi module
• Replace deprecated datetime.utcnow() by datetime.now(timezone.utc)
• deps: Remove the importlib_metadata dependency
• deps: Remove the importlib_resources dependency
• deps: Update dependency versions and lockfile
• build: Update pyproject and lockfile to be compatible with PEP 621
• docs: Correct spelling mistakes
• docs: Fix interal references/links
• docs: Clarify units for accepted_time_diff config param
• docs: Correct documentation for contact_person

Version 7.5.3

7.5.3 (2025-10-04)

• #973 Fix prepare_for_negotiated_authenticate to avoid double signing redirect requests

Version 7.5.2

7.5.2 (2025-02-10)

• Include the XSD of the XML Encryption Syntax and Processing Version 1.1 to the schema validator

Version 7.5.1

7.5.1 (2025-02-10)

• deps: restrict pyOpenSSL up to v24.2.1 until it is replaced
• deps: update dependncies for the lockfile and examples

Changelog

Sourced from pysaml2's changelog.

v7.5.4 (2025-10-07)

• Minor refactor to handle shelve.open and dbm errors
• Remove import of deprecated cgi module
• Replace deprecated datetime.utcnow() by datetime.now(timezone.utc)
• deps: Remove the importlib_metadata dependency
• deps: Remove the importlib_resources dependency
• deps: Update dependency versions and lockfile
• build: Update pyproject and lockfile to be compatible with PEP 621
• docs: Correct spelling mistakes
• docs: Fix interal references/links
• docs: Clarify units for accepted_time_diff config param
• docs: Correct documentation for contact_person

7.5.3 (2025-10-04)

• #973 Fix prepare_for_negotiated_authenticate to avoid double signing redirect requests

7.5.2 (2025-02-10)

• Include the XSD of the XML Encryption Syntax and Processing Version 1.1 to the schema validator

7.5.1 (2025-02-10)

• deps: restrict pyOpenSSL up to v24.2.1 until it is replaced
• deps: update dependencies for the lockfile and examples

Commits

• 9cf71f7 Release version 7.5.4
• c3ec719 Refactor _shelve_compat
• 1d6ea60 Remove import of deprecated cgi module
• c45eb9d Replace deprecated datetime.utcnow() by datetime.now(timezone.utc)
• 178f6d1 Remove unneeded dependencies
• 1f0a25a remove importlib_metadata import
• 099f716 remove importlib_resources imports
• 3fa11ee spelling updates.
• 4b7887f update link.
• bc8d3b4 update link.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions