chore(deps): bump the pip group with 5 updates

[dependabot]

Updates the requirements on typer, mkdocs-git-revision-date-localized-plugin, mypy, ruff and semgrep to permit the latest version.
Updates typer to 0.16.0

Release notes

Sourced from typer's releases.

0.16.0

Upgrades

• ⬆️ Add compatibility with Click 8.2. PR #1222 by @​tiangolo.

When using the CliRunner with Click < 8.2, to be able to access the stderr output, you needed to set the mix_stderr parameter to True. Since Click 8.2 (and Typer 0.160 this release supporting it) this is no longer necessary, so this parameter has been removed.

Refactors

• ✅ Refactor tests for compatibility with Click 8.2. PR #1230 by @​tiangolo.

Internal

• 🔧 Remove Google Analytics. PR #1229 by @​tiangolo.

Changelog

Sourced from typer's changelog.

0.16.0

Upgrades

• ⬆️ Add compatibility with Click 8.2. PR #1222 by @​tiangolo.

When using the CliRunner with Click < 8.2, to be able to access the stderr output, you needed to set the mix_stderr parameter to True. Since Click 8.2 (and Typer 0.160 this release supporting it) this is no longer necessary, so this parameter has been removed.

Refactors

• ✅ Refactor tests for compatibility with Click 8.2. PR #1230 by @​tiangolo.

Internal

• 🔧 Remove Google Analytics. PR #1229 by @​tiangolo.

0.15.4

Upgrades

• 📌 Pin Click to = 8.2 will be added in a future version. PR #1225 by @​tiangolo.

0.15.3

Fixes

• 🐛 Ensure that autocompletion works for Path arguments/options. PR #1138 by @​svlandeg.
• 🐛 Fix newline after header in help text, and add more tests for the behaviour of rich_markup_mode . PR #964 by @​svlandeg.

Internal

• ⬆ Bump astral-sh/setup-uv from 5 to 6. PR #1203 by @​dependabot[bot].
• ⬆ Bump ruff from 0.11.2 to 0.11.6. PR #1200 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1196 by @​pre-commit-ci[bot].
• ⬆ Bump ruff from 0.11.1 to 0.11.2. PR #1186 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1187 by @​pre-commit-ci[bot].
• ⬆ Bump ruff from 0.11.0 to 0.11.1. PR #1185 by @​dependabot[bot].
• ⬆ Bump ruff from 0.9.10 to 0.11.0. PR #1180 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1181 by @​pre-commit-ci[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1176 by @​pre-commit-ci[bot].
• ⬆ Bump ruff from 0.9.9 to 0.9.10. PR #1175 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1171 by @​pre-commit-ci[bot].
• ⬆ Bump ruff from 0.9.7 to 0.9.9. PR #1166 by @​dependabot[bot].
• ✏️ Fix typo in test name. PR #1165 by @​svlandeg.

0.15.2

Features

• ✨ Allow custom styles for commands in help output. PR #1103 by @​TheTechromancer.

... (truncated)

Commits

• 9138340 🔖 Release version 0.16.0
• 32c74b9 📝 Update release notes
• 40747a1 📝 Update release notes
• 74e0923 ⬆️ Add compatibility with Click 8.2 (#1222)
• 3ce5032 📝 Update release notes
• 4fe4822 ✅ Refactor tests for compatibility with Click 8.2 (#1230)
• ca2559a 📝 Update release notes
• 17aaacc 🔧 Remove Google Analytics (#1229)
• 38cbb1f 🔖 Release version 0.15.4
• e46db8f 📝 Update release notes
• Additional commits viewable in compare view

Updates mkdocs-git-revision-date-localized-plugin from 1.4.6 to 1.4.7

Release notes

Sourced from mkdocs-git-revision-date-localized-plugin's releases.

revision-date-localized v1.4.7

What's Changed

• Fix tests for click >= 8.2.0 by @​mgorny in timvink/mkdocs-git-revision-date-localized-plugin#187

New Contributors

• @​mgorny made their first contribution in timvink/mkdocs-git-revision-date-localized-plugin#187

Full Changelog: timvink/mkdocs-git-revision-date-localized-plugin@v1.4.6...v1.4.7

Commits

• c511b3f Merge branch 'master' of https://github.com/timvink/mkdocs-git-revision-date-...
• 992c38f bump to v1.4.7
• 666bee0 Merge pull request #187 from mgorny/click82
• 78ff40b Fix tests for click >= 8.2.0
• e0babba Pin dev dependency of click to <8.2.0
• See full diff in compare view

Updates mypy from 1.15.0 to 1.16.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 1.16

We’ve just uploaded mypy 1.16 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Different Property Getter and Setter Types

Mypy now supports using different types for a property getter and setter:

class A:
    _value: int
@property
def foo(self) -> int:
    return self._value
@foo.setter
def foo(self, x: str | int) -> None:
try:
self._value = int(x)
except ValueError:
raise Exception(f"'{x}' is not a valid value for 'foo'")

This was contributed by Ivan Levkivskyi (PR 18510).

Flexible Variable Redefinitions (Experimental)

Mypy now allows unannotated variables to be freely redefined with different types when using the experimental --allow-redefinition-new flag. You will also need to enable --local-partial-types. Mypy will now infer a union type when different types are assigned to a variable:

# mypy: allow-redefinition-new, local-partial-types
def f(n: int, b: bool) -> int | str:
if b:
x = n
else:
</tr></table>

... (truncated)

Commits

• 9e72e96 Update version to 1.16.0
• 8fe719f Add changelog for 1.16 (#19138)
• 2a036e7 Revert "Infer correct types with overloads of Type[Guard | Is] (#19161)
• b6da4fc Allow enum members to have type objects as values (#19160)
• 334469f [mypyc] Improve documentation of native and non-native classes (#19154)
• a499d9f Document --allow-redefinition-new (#19153)
• 96525a2 Merge commit '9e45dadcf6d8dbab36f83d9df94a706c0b4f9207' into release-1.16
• 9e45dad Clear more data in TypeChecker.reset() instead of asserting (#19087)
• 772cd0c Add --strict-bytes to --strict (#19049)
• 0b65f21 Admit that Final variables are never redefined (#19083)
• Additional commits viewable in compare view

Updates ruff from 0.11.11 to 0.11.12

Release notes

Sourced from ruff's releases.

0.11.12

Release Notes

Preview features

• [airflow] Revise fix titles (AIR3) (#18215)
• [pylint] Implement missing-maxsplit-arg (PLC0207) (#17454)
• [pyupgrade] New rule UP050 (useless-class-metaclass-type) (#18334)
• [flake8-use-pathlib] Replace os.symlink with Path.symlink_to (PTH211) (#18337)

Bug fixes

• [flake8-bugbear] Ignore __debug__ attribute in B010 (#18357)
• [flake8-async] Fix anyio.sleep argument name (ASYNC115, ASYNC116) (#18262)
• [refurb] Fix FURB129 autofix generating invalid syntax (#18235)

Rule changes

• [flake8-implicit-str-concat] Add autofix for ISC003 (#18256)
• [pycodestyle] Improve the diagnostic message for E712 (#18328)
• [flake8-2020] Fix diagnostic message for != comparisons (YTT201) (#18293)
• [pyupgrade] Make fix unsafe if it deletes comments (UP010) (#18291)

Documentation

• Simplify rules table to improve readability (#18297)
• Update editor integrations link in README (#17977)
• [flake8-bugbear] Add fix safety section (B006) (#17652)

Contributors

• @​AlexWaygood
• @​CodeMan62
• @​InSyncWithFoo
• @​Kalmaegi
• @​LaBatata101
• @​Lee-W
• @​MaddyGuthridge
• @​MatthewMckee4
• @​MichaReiser
• @​Vasanth-96
• @​carljm
• @​charliermarsh
• @​chirizxc
• @​dcreager
• @​dhruvmanila
• @​dsherret
• @​dylwil3
• @​felixscherz
• @​fennr

... (truncated)

Changelog

Sourced from ruff's changelog.

0.11.12

Preview features

• [airflow] Revise fix titles (AIR3) (#18215)
• [pylint] Implement missing-maxsplit-arg (PLC0207) (#17454)
• [pyupgrade] New rule UP050 (useless-class-metaclass-type) (#18334)
• [flake8-use-pathlib] Replace os.symlink with Path.symlink_to (PTH211) (#18337)

Bug fixes

• [flake8-bugbear] Ignore __debug__ attribute in B010 (#18357)
• [flake8-async] Fix anyio.sleep argument name (ASYNC115, ASYNC116) (#18262)
• [refurb] Fix FURB129 autofix generating invalid syntax (#18235)

Rule changes

• [flake8-implicit-str-concat] Add autofix for ISC003 (#18256)
• [pycodestyle] Improve the diagnostic message for E712 (#18328)
• [flake8-2020] Fix diagnostic message for != comparisons (YTT201) (#18293)
• [pyupgrade] Make fix unsafe if it deletes comments (UP010) (#18291)

Documentation

• Simplify rules table to improve readability (#18297)
• Update editor integrations link in README (#17977)
• [flake8-bugbear] Add fix safety section (B006) (#17652)

Commits

• aee3af0 Bump 0.11.12 (#18369)
• 04dc48e [refurb] Fix FURB129 autofix generating invalid syntax (#18235)
• 27743ef [pylint] Implement missing-maxsplit-arg (PLC0207) (#17454)
• c60b4d7 [ty] Add subtyping between Callable types and class literals with __init__ ...
• 16621fa [flake8-bugbear ] Add fix safety section (B006) (#17652)
• e23d4ea [flake8-bugbear] Ignore __debug__ attribute in B010 (#18357)
• 452f992 [ty] Simplify signature types, use them in CallableType (#18344)
• a5ebb3f [ty] Support ephemeral uv virtual environments (#18335)
• 9925910 Add a ViolationMetadata::rule method (#18234)
• a3ee6bb Return DiagnosticGuard from Checker::report_diagnostic (#18232)
• Additional commits viewable in compare view

Updates semgrep from 1.122.0 to 1.123.0

Release notes

Sourced from semgrep's releases.

Release v1.123.0

1.123.0 - 2025-05-28

Fixed

• Fixed bug where supply chain reachability rules which match multiple dependencies could produce reachable findings on transitive dependencies even when the actually used direct dependency was not vulnerable. (SC-2088)
• Fixed documentation to reflect that, for --metrics="auto", pseudoanonymous metrics are sent when the user is logged in. (gh-11028)

Changelog

Sourced from semgrep's changelog.

1.123.0 - 2025-05-28

Fixed

• Fixed bug where supply chain reachability rules which match multiple dependencies could produce reachable findings on transitive dependencies even when the actually used direct dependency was not vulnerable. (SC-2088)
• Fixed documentation to reflect that, for --metrics="auto", pseudoanonymous metrics are sent when the user is logged in. (gh-11028)

Commits

• 2646b87 chore: release version 1.123.0
• 096ce75semgrep/semgrep-proprietary#3966
• 0967d99 Correct semgrep whoami to semgrep show identity (semgrep/semgrep-proprietary#...
• 14b2bd7 chore(multicore): Memoize calls to Analyze_rule.regex_prefilter (semgrep/semg...
• 4e369e2semgrep/semgrep-proprietary#3903
• 8b67a62 feat (multicore): Memoized functions to become fiber-safe (semgrep/semgrep-pr...
• bce7f56 chore(multicore): Change Hook semantics for all-EIO runs (semgrep/semgrep-pro...
• 5927d24semgrep/semgrep-proprietary#3960
• ccb1ba4semgrep/semgrep-proprietary#3858
• 114b21d fix(multicore): spacegrep: yield to Eio during matching (semgrep/semgrep-prop...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ Lancetnik
❌ dependabot[bot]
_{You have signed the CLA already but the status is still pending? Let us recheck it.}