Deps: Bump the python-packages group with 9 updates

[dependabot]

Bumps the python-packages group with 9 updates:

Package	From	To
black	24.10.0	25.1.0
babel	2.16.0	2.17.0
beautifulsoup4	4.12.3	4.13.0
certifi	2024.12.14	2025.1.31
h2	4.1.0	4.2.0
hpack	4.0.0	4.1.0
hyperframe	6.0.1	6.1.0
importlib-metadata	8.5.0	8.6.1
ruff	0.9.2	0.9.4

Updates black from 24.10.0 to 25.1.0

Release notes

Sourced from black's releases.

25.1.0

Highlights

This release introduces the new 2025 stable style (#4558), stabilizing the following changes:

• Normalize casing of Unicode escape characters in strings to lowercase (#2916)
• Fix inconsistencies in whether certain strings are detected as docstrings (#4095)
• Consistently add trailing commas to typed function parameters (#4164)
• Remove redundant parentheses in if guards for case blocks (#4214)
• Add parentheses to if clauses in case blocks when the line is too long (#4269)
• Whitespace before # fmt: skip comments is no longer normalized (#4146)
• Fix line length computation for certain expressions that involve the power operator (#4154)
• Check if there is a newline before the terminating quotes of a docstring (#4185)
• Fix type annotation spacing between * and more complex type variable tuple (#4440)

The following changes were not in any previous release:

• Remove parentheses around sole list items (#4312)
• Generic function definitions are now formatted more elegantly: parameters are split over multiple lines first instead of type parameter definitions (#4553)

Stable style

• Fix formatting cells in IPython notebooks with magic methods and starting or trailing empty lines (#4484)
• Fix crash when formatting with statements containing tuple generators/unpacking (#4538)

Preview style

• Fix/remove string merging changing f-string quotes on f-strings with internal quotes (#4498)
• Collapse multiple empty lines after an import into one (#4489)
• Prevent string_processing and wrap_long_dict_values_in_parens from removing parentheses around long dictionary values (#4377)
• Move wrap_long_dict_values_in_parens from the unstable to preview style (#4561)

Packaging

• Store license identifier inside the License-Expression metadata field, see PEP 639. (#4479)

Performance

• Speed up the is_fstring_start function in Black's tokenizer (#4541)

Integrations

• If using stdin with --stdin-filename set to a force excluded path, stdin won't be

... (truncated)

Changelog

Sourced from black's changelog.

25.1.0

Highlights

This release introduces the new 2025 stable style (#4558), stabilizing the following changes:

• Normalize casing of Unicode escape characters in strings to lowercase (#2916)
• Fix inconsistencies in whether certain strings are detected as docstrings (#4095)
• Consistently add trailing commas to typed function parameters (#4164)
• Remove redundant parentheses in if guards for case blocks (#4214)
• Add parentheses to if clauses in case blocks when the line is too long (#4269)
• Whitespace before # fmt: skip comments is no longer normalized (#4146)
• Fix line length computation for certain expressions that involve the power operator (#4154)
• Check if there is a newline before the terminating quotes of a docstring (#4185)
• Fix type annotation spacing between * and more complex type variable tuple (#4440)

The following changes were not in any previous release:

• Remove parentheses around sole list items (#4312)
• Generic function definitions are now formatted more elegantly: parameters are split over multiple lines first instead of type parameter definitions (#4553)

Stable style

• Fix formatting cells in IPython notebooks with magic methods and starting or trailing empty lines (#4484)
• Fix crash when formatting with statements containing tuple generators/unpacking (#4538)

Preview style

• Fix/remove string merging changing f-string quotes on f-strings with internal quotes (#4498)
• Collapse multiple empty lines after an import into one (#4489)
• Prevent string_processing and wrap_long_dict_values_in_parens from removing parentheses around long dictionary values (#4377)
• Move wrap_long_dict_values_in_parens from the unstable to preview style (#4561)

Packaging

• Store license identifier inside the License-Expression metadata field, see PEP 639. (#4479)

Performance

• Speed up the is_fstring_start function in Black's tokenizer (#4541)

Integrations

... (truncated)

Commits

• 8a737e7 Prepare release 25.1.0 (#4563)
• d330dee docs: We're not going to use backslashes for the with statement (#4564)
• 3d81290 Move wrap_long_dict_values_in_parens to the preview style (#4561)
• 459562c Improve function declaration wrapping when it contains generic type definitio...
• 99dbf30 Cache executor to avoid hitting open file limits (#4560)
• c0b92f3 Prepare the 2025 stable style (#4558)
• e58baf1 Add test for #1187 (#4559)
• 1455ae4 Fix docs CI (#4555)
• 584d033 fix: Don't remove parenthesis around long dictionary values (#4377)
• 6e96540 Fix CI (#4551)
• Additional commits viewable in compare view

Updates babel from 2.16.0 to 2.17.0

Release notes

Sourced from babel's releases.

v2.17.0

Happy 2025! This release is being made from FOSDEM 2025, in Brussels, Belgium. 🇧🇪

Thank you to all contributors, new and old, and here's to another great year of internationalization and localization!

---

The changelog below is auto-generated by GitHub.

Please see CHANGELOG.rst for additional details.

---

What's Changed

• Fix deprecation warnings for datetime.utcnow() by @​tomasr8 in python-babel/babel#1119
• Enclose white spaces in references by @​Dunedan in python-babel/babel#1105
• Replace str.index with str.find by @​tomasr8 in python-babel/babel#1130
• Replace more alternate characters in format_skeleton by @​tomasr8 in python-babel/babel#1122
• Fix extracted lineno with nested calls by @​dylankiss in python-babel/babel#1126
• "Deleted duplicate code in test" by @​mattdiaz007 in python-babel/babel#1138
• Fix of list index out of range error in PoFileParser.add_message when translations is empty by @​gabe-sherman in python-babel/babel#1135
• Make seconds optional in parse_time time formats by @​tomasr8 in python-babel/babel#1141
• Mark wraptext deprecated; use TextWrapper directly in write_po by @​akx in python-babel/babel#1140
• Fix the way obsolete messages are stored by @​tomasr8 in python-babel/babel#1132
• Replace OrderedDict with just dict by @​tomasr8 in python-babel/babel#1149
• Use CLDR 46 by @​tomasr8 in python-babel/babel#1145
• Update CI to use python 3.13 and Ubuntu 24.04 by @​tomasr8 in python-babel/babel#1153
• Adjust docs/conf.py to add compatibility with sphinx 8 by @​hrnciar in python-babel/babel#1155
• Allow specifying an explicit format in parse_date/parse_time by @​tomasr8 in python-babel/babel#1131
• Simplify read_mo logic regarding catalog.charset by @​tomasr8 in python-babel/babel#1148
• Bump CI/tool versions by @​akx in python-babel/babel#1160
• fix: check_and_call_extract_file uses the first matching method and options, instead of the first matching method and last matching options by @​jpmckinney in python-babel/babel#1121
• Prevent wrapping file locations containing white space by @​tomasr8 in python-babel/babel#1120
• Add tzdata as dev dependency and sync with tox.ini by @​wandrew004 in python-babel/babel#1159
• Support short and narrow formats for format_timedelta when using add_direction by @​akx in python-babel/babel#1163
• Improve handling for locale=None by @​akx in python-babel/babel#1164
• Use pytest.raises(match=...) by @​akx in python-babel/babel#1166
• Strip extra leading slashes in /etc/localtime by @​akx in python-babel/babel#1165
• Remove redundant assignment in Catalog.__setitem__ by @​tomasr8 in python-babel/babel#1167
• Small cleanups by @​akx in python-babel/babel#1170
• Small test cleanup by @​akx in python-babel/babel#1172
• Add Message.python_brace_format by @​tomasr8 in python-babel/babel#1169
• Import Literal from the typing module by @​tomasr8 in python-babel/babel#1175
• Prefer LC_MONETARY when formatting currencies by @​akx in python-babel/babel#1173
• Fix dates formatting Y, w and W symbols for week-numbering by @​jun66j5 in python-babel/babel#1179
• Increase test coverage of the python_format checker by @​tomasr8 in python-babel/babel#1176
• Prepare for 2.17.0 by @​akx in python-babel/babel#1182

New Contributors

• @​Dunedan made their first contribution in python-babel/babel#1105

... (truncated)

Changelog

Sourced from babel's changelog.

Version 2.17.0

Happy 2025! This release is being made from FOSDEM 2025, in Brussels, Belgium.

Thank you to all contributors, new and old, and here's to another great year of internationalization and localization!

Features

* CLDR: Babel now uses CLDR 46, by @tomasr8 in :gh:`1145`
* Dates: Allow specifying an explicit format in parse_date/parse_time by @tomasr8 in :gh:`1131`
* Dates: More alternate characters are now supported by `format_skeleton`. By @tomasr8 in :gh:`1122`
* Dates: Support short and narrow formats for format_timedelta when using `add_direction`, by @akx in :gh:`1163`
* Messages: .po files now enclose white spaces in filenames like GNU gettext does. By @Dunedan in :gh:`1105`, and @tomasr8 in :gh:`1120`
* Messages: Initial support for `Message.python_brace_format`, by @tomasr8 in :gh:`1169`
* Numbers: LC_MONETARY is now preferred when formatting currencies, by @akx in :gh:`1173`
Bugfixes

• Dates: Make seconds optional in parse_time time formats by @​tomasr8 in :gh:1141
• Dates: Replace str.index with str.find by @​tomasr8 in :gh:1130
• Dates: Strip extra leading slashes in /etc/localtime by @​akx in :gh:1165
• Dates: Week numbering and formatting of dates with week numbers was repaired by @​jun66j5 in :gh:1179
• General: Improve handling for locale=None by @​akx in :gh:1164
• General: Remove redundant assignment in Catalog.__setitem__ by @​tomasr8 in :gh:1167
• Messages: Fix extracted lineno with nested calls, by @​dylankiss in :gh:1126
• Messages: Fix of list index out of range when translations is empty, by @​gabe-sherman in :gh:1135
• Messages: Fix the way obsolete messages are stored by @​tomasr8 in :gh:1132
• Messages: Simplify read_mo logic regarding catalog.charset by @​tomasr8 in :gh:1148
• Messages: Use the first matching method & options, rather than first matching method & last options, by @​jpmckinney in :gh:1121

Deprecation and compatibility

* Dates: Fix deprecation warnings for `datetime.utcnow()` by @tomasr8 in :gh:`1119`
* Docs: Adjust docs/conf.py to add compatibility with sphinx 8 by @hrnciar in :gh:`1155`
* General: Import `Literal` from the typing module by @tomasr8 in :gh:`1175`
* General: Replace `OrderedDict` with just `dict` by @tomasr8 in :gh:`1149`
* Messages: Mark `wraptext` deprecated; use `TextWrapper` directly in `write_po` by @akx in :gh:`1140`
Infrastructure

* Add tzdata as dev dependency and sync with tox.ini by @wandrew004 in :gh:`1159`
* Duplicate test code was deleted by @mattdiaz007 in :gh:`1138`
* Increase test coverage of the `python_format` checker by @tomasr8 in :gh:`1176`
* Small cleanups by @akx in :gh:`1160`, :gh:`1166`, :gh:`1170` and :gh:`1172`
</tr></table> 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>

<li><a href="https://github.com/python-babel/babel/commit/b50a1d2186c20f3359f7e10853d2b2225a46ed40&quot;&gt;&lt;code&gt;b50a1d2&lt;/code&gt;&lt;/a> Prepare for 2.17.0 (<a href="https://redirect.github.com/python-babel/babel/issues/1182&quot;&gt;#1182&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/python-babel/babel/commit/5f117b2689573aa98acc8a47108c49b99f4d1394&quot;&gt;&lt;code&gt;5f117b2&lt;/code&gt;&lt;/a> Increase test coverage of the <code>python_format</code> checker (<a href="https://redirect.github.com/python-babel/babel/issues/1176&quot;&gt;#1176&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/python-babel/babel/commit/363ad7531fb5dcdc3e9844573592b0b44afb914b&quot;&gt;&lt;code&gt;363ad75&lt;/code&gt;&lt;/a> Fix dates formatting <code>Y</code>, <code>w</code> and <code>W</code> symbols for week-numbering (<a href="https://redirect.github.com/python-babel/babel/issues/1179&quot;&gt;#1179&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/python-babel/babel/commit/e9c3ef8d0de3080ca59f7f8dbabf9b52983adc7d&quot;&gt;&lt;code&gt;e9c3ef8&lt;/code&gt;&lt;/a> Merge pull request <a href="https://redirect.github.com/python-babel/babel/issues/1173&quot;&gt;#1173&lt;/a> from python-babel/lc-monetary-2</li>

<li><a href="https://github.com/python-babel/babel/commit/56ef7c7f578a904917464c187e399abb762bd5e3&quot;&gt;&lt;code&gt;56ef7c7&lt;/code&gt;&lt;/a> Prefer LC_MONETARY when formatting currency</li>

<li><a href="https://github.com/python-babel/babel/commit/aee6d698b541dc50439280d7e093092cc0d4b832&quot;&gt;&lt;code&gt;aee6d69&lt;/code&gt;&lt;/a> <code>default_locale</code>: support multiple keys</li>

<li><a href="https://github.com/python-babel/babel/commit/2d8a808864d1aae5d3d02d4f95917c79740c5d35&quot;&gt;&lt;code&gt;2d8a808&lt;/code&gt;&lt;/a> Import <code>Literal</code> &amp; <code>TypedDict</code> from the typing module (<a href="https://redirect.github.com/python-babel/babel/issues/1175&quot;&gt;#1175&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/python-babel/babel/commit/98b9562c05e5276038c27ec12c12f3e92dc027b6&quot;&gt;&lt;code&gt;98b9562&lt;/code&gt;&lt;/a> Add basic support for <code>Message.python_brace_format</code> (<a href="https://redirect.github.com/python-babel/babel/issues/1169&quot;&gt;#1169&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/python-babel/babel/commit/0c1091c9de9543e30bc4b845eb10b5bf84516d7b&quot;&gt;&lt;code&gt;0c1091c&lt;/code&gt;&lt;/a> Small test cleanup (<a href="https://redirect.github.com/python-babel/babel/issues/1172&quot;&gt;#1172&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/python-babel/babel/commit/db4879136a7fbcef475f26b75dbdd65d0ce488f9&quot;&gt;&lt;code&gt;db48791&lt;/code&gt;&lt;/a> Merge pull request <a href="https://redirect.github.com/python-babel/babel/issues/1170&quot;&gt;#1170&lt;/a> from python-babel/small-cleanup</li>

<li>Additional commits viewable in <a href="https://github.com/python-babel/babel/compare/v2.16.0...v2.17.0&quot;&gt;compare view</a></li>

</ul>

</details>
<br />


Updates beautifulsoup4 from 4.12.3 to 4.13.0
Updates certifi from 2024.12.14 to 2025.1.31

Commits

088f931 2025.01.31 (#336)
1c17795 Bump pypa/gh-action-pypi-publish from 1.12.3 to 1.12.4 (#335)
a2e88f0 Bump actions/upload-artifact from 4.5.0 to 4.6.0 (#334)
82284ed Bump peter-evans/create-pull-request from 7.0.5 to 7.0.6 (#333)
10d3d1d Bump actions/upload-artifact from 4.4.3 to 4.5.0 (#332)
See full diff in compare view




Updates h2 from 4.1.0 to 4.2.0

Changelog
Sourced from h2's changelog.

4.2.0 (2025-02-01)
API Changes (Backward Incompatible)

Support for Python 3.6 has been removed.
Support for Python 3.7 has been removed.
Support for Python 3.8 has been removed.
Remove mistakenly set max_inbound_frame_size attribute on H2Stream.

API Changes (Backward Compatible)

Support for Python 3.11 has been added.
Support for Python 3.12 has been added.
Support for Python 3.13 has been added.
Add an ability to send outbound cookies separately to improve headers compression.
Updated packaging and testing infrastructure.

Bugfixes

Fix repr() checks for Python 3.11
Fix asyncio / wsgi examples.
Clarify docs on using curl with http2.




Commits

dacd614 v4.2.0
0b98b24 tests: linting++
9bfb877 fix backward-compatibility of semi-public API for #1275
3f5a608 linting++
01c080a enable type checking using mypy
1acf9c1 add typing information
82d97da clarify RequestReceived CONTINUATION frame behavior
ee4fa16 migrate tox.ini into pyproject.toml
b0485e9 bump codecov integration
20c8e71 update changelog
Additional commits viewable in compare view




Updates hpack from 4.0.0 to 4.1.0

Changelog
Sourced from hpack's changelog.

4.1.0 (2025-01-22)
API Changes (Backward Incompatible)

Support for Python 3.6 has been removed.
Support for Python 3.7 has been removed.
Support for Python 3.8 has been removed.
Renamed InvalidTableIndex exception to InvalidTableIndexError.

API Changes (Backward Compatible)

Support for Python 3.9 has been added.
Support for Python 3.10 has been added.
Support for Python 3.11 has been added.
Support for Python 3.12 has been added.
Support for Python 3.13 has been added.
Optimized bytes encoding of headers.
Updated packaging and testing infrastructure.
Code cleanup and linting.
Added type hints.




Commits

d78d4cb v4.1.0
27e8a86 lint++
9a54234 typing++
2602e6c add simple code sample to readme
53a18de nuke left-over documentation
ae788d9 migrate tox.ini into pyproject.toml
96f12a3 bump codecov integration
f8ee36b modernize everything
131b44c add typing information
3789435 add test for full coverage
Additional commits viewable in compare view




Updates hyperframe from 6.0.1 to 6.1.0

Changelog
Sourced from hyperframe's changelog.

6.1.0 (2025-01-22)
API Changes (Backward Incompatible)

Support for Python 3.6 has been removed.
Support for Python 3.7 has been removed.
Support for Python 3.8 has been removed.

API Changes (Backward Compatible)

Support for Python 3.10 has been added.
Support for Python 3.11 has been added.
Support for Python 3.12 has been added.
Support for Python 3.13 has been added.
Updated packaging and testing infrastructure.
Code cleanup and linting.
Improved type hints.




Commits

ab477ba v6.1.0
0be70d1 lint++
2595cf6 migrate tox.ini into pyproject.toml
06993da bump codecov integration
5039d79 fix coverage path mapping
0b85069 modernize everything
48965e0 improve typing information
b72d64b linting
8174dfd update supported Python versions
554fcad docs: fix function parameter reference
Additional commits viewable in compare view




Updates importlib-metadata from 8.5.0 to 8.6.1

Changelog
Sourced from importlib-metadata's changelog.

v8.6.1
Bugfixes

Fixed indentation logic to also honor blank lines.

v8.6.0
Features

python/cpython#119650




Commits

45e8bde Finalize
506beb7 Fixed indentation logic to also honor blank lines.
dad7380 Finalize
dab1dd8 When transforming the payload to a Description key, clear the payload.
07aa607 Add support for rendering metadata where some fields have newlines (python/cp...
b92ec18 Merge https://github.com/jaraco/skeleton
5c34e69 Use extend for proper workaround.
694e5b4 Merge https://github.com/jaraco/skeleton
750a189 Require Python 3.9 or later now that Python 3.8 is EOL.
e61a9df Include pyproject.toml in ruff.toml.
Additional commits viewable in compare view




Updates ruff from 0.9.2 to 0.9.4

Release notes
Sourced from ruff's releases.

0.9.4
Release Notes
Preview features

[airflow] Extend airflow context parameter check for BaseOperator.execute (AIR302) (#15713)
[airflow] Update AIR302 to check for deprecated context keys (#15144)
[flake8-bandit] Permit suspicious imports within stub files (S4) (#15822)
[pylint] Do not trigger PLR6201 on empty collections (#15732)
[refurb] Do not emit diagnostic when loop variables are used outside loop body (FURB122) (#15757)
[ruff] Add support for more re patterns (RUF055) (#15764)
[ruff] Check for shadowed map before suggesting fix (RUF058) (#15790)
[ruff] Do not emit diagnostic when all arguments to zip() are variadic (RUF058) (#15744)
[ruff] Parenthesize fix when argument spans multiple lines for unnecessary-round (RUF057) (#15703)

Rule changes

Preserve quote style in generated code (#15726, #15778, #15794)
[flake8-bugbear] Exempt NewType calls where the original type is immutable (B008) (#15765)
[pylint] Honor banned top-level imports by TID253 in PLC0415. (#15628)
[pyupgrade] Ignore is_typeddict and TypedDict for deprecated-import (UP035) (#15800)

CLI

Fix formatter warning message for flake8-quotes option (#15788)
Implement tab autocomplete for ruff config (#15603)

Bug fixes

[flake8-comprehensions] Do not emit unnecessary-map diagnostic when lambda has different arity (C417) (#15802)
[flake8-comprehensions] Parenthesize sorted when needed for unnecessary-call-around-sorted (C413) (#15825)
[pyupgrade] Handle end-of-line comments for quoted-annotation (UP037) (#15824)

Documentation

Add missing config docstrings (#15803)
Add references to trio.run_process and anyio.run_process (#15761)
Use uv init --lib in tutorial (#15718)

Contributors

@​AlexWaygood
@​Garrett-R
@​InSyncWithFoo
@​JelleZijlstra
@​Lee-W
@​MichaReiser
@​charliermarsh
@​dcreager
@​dhruvmanila
@​dylwil3



... (truncated)


Changelog
Sourced from ruff's changelog.

0.9.4
Preview features

[airflow] Extend airflow context parameter check for BaseOperator.execute (AIR302) (#15713)
[airflow] Update AIR302 to check for deprecated context keys (#15144)
[flake8-bandit] Permit suspicious imports within stub files (S4) (#15822)
[pylint] Do not trigger PLR6201 on empty collections (#15732)
[refurb] Do not emit diagnostic when loop variables are used outside loop body (FURB122) (#15757)
[ruff] Add support for more re patterns (RUF055) (#15764)
[ruff] Check for shadowed map before suggesting fix (RUF058) (#15790)
[ruff] Do not emit diagnostic when all arguments to zip() are variadic (RUF058) (#15744)
[ruff] Parenthesize fix when argument spans multiple lines for unnecessary-round (RUF057) (#15703)

Rule changes

Preserve quote style in generated code (#15726, #15778, #15794)
[flake8-bugbear] Exempt NewType calls where the original type is immutable (B008) (#15765)
[pylint] Honor banned top-level imports by TID253 in PLC0415. (#15628)
[pyupgrade] Ignore is_typeddict and TypedDict for deprecated-import (UP035) (#15800)

CLI

Fix formatter warning message for flake8-quotes option (#15788)
Implement tab autocomplete for ruff config (#15603)

Bug fixes

[flake8-comprehensions] Do not emit unnecessary-map diagnostic when lambda has different arity (C417) (#15802)
[flake8-comprehensions] Parenthesize sorted when needed for unnecessary-call-around-sorted (C413) (#15825)
[pyupgrade] Handle end-of-line comments for quoted-annotation (UP037) (#15824)

Documentation

Add missing config docstrings (#15803)
Add references to trio.run_process and anyio.run_process (#15761)
Use uv init --lib in tutorial (#15718)

0.9.3
Preview features

[airflow] Argument fail_stop in DAG has been renamed as fail_fast (AIR302) (#15633)
[airflow] Extend AIR303 with more symbols (#15611)
[flake8-bandit] Report all references to suspicious functions (S3) (#15541)
[flake8-pytest-style] Do not emit diagnostics for empty for loops (PT012, PT031) (#15542)
[flake8-simplify] Avoid double negations (SIM103) (#15562)
[pyflakes] Fix infinite loop with unused local import in __init__.py (F401) (#15517)
[pylint] Do not report methods with only one EM101-compatible raise (PLR6301) (#15507)
[pylint] Implement redefined-slots-in-subclass (W0244) (#9640)



... (truncated)


Commits

854ab03 Bump version to 0.9.4 (#15831)
b0b8b06 Remove semicolon after TypeScript interface definition (#15827)
451f251 [red-knot] Clarify behavior when redeclaring base class attributes (#15826)
13cf3e6 [flake8-comprehensions] Parenthesize sorted when needed for `unnecessary-...
56f956a [pyupgrade] Handle end-of-line comments for quoted-annotation (UP037) (...
7a10a40 [flake8-bandit] Permit suspicious imports within stub files (S4) (#15822)
3125332 [red-knot] Format mdtest snippets with the latest version of black (#15819)
15d886a [red-knot] Consider all definitions after terminal statements unreachable (#1...
e1c9d10 [flake8-comprehensions] Do not emit unnecessary-map diagnostic when lambd...
23c9884 Preserve quotes in generated f-strings (#15794)
Additional commits viewable in compare view




Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ❌ 1 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 2a6e229.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

poetry.lock

Package	Version	License	Issue Type
ruff	0.9.4	0BSD AND Apache-2.0 AND BSD-3-Clause AND MIT	Incompatible License
beautifulsoup4	4.13.0	Null	Unknown License

Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-or-later, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-DFS-2016, Unlicense

OpenSSF Scorecard

Package	Version	Score	Details
pip/babel	2.17.0	🟢 6.1	Details Check Score Reason Code-Review 🟢 9 Found 10/11 approved changesets -- score normalized to 9 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/beautifulsoup4	4.13.0	Unknown	Unknown
pip/black	25.1.0	🟢 6.6	Details Check Score Reason Code-Review 🟢 8 Found 24/28 approved changesets -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/certifi	2025.1.31	🟢 7	Details Check Score Reason Maintained 🟢 7 8 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 7 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Code-Review 🟢 6 Found 2/3 approved changesets -- score normalized to 6 Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 9 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/h2	4.2.0	🟢 5.2	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Code-Review 🟢 4 Found 6/13 approved changesets -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 15 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/hpack	4.1.0	🟢 5	Details Check Score Reason Code-Review ⚠️ 2 Found 4/20 approved changesets -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 13 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
pip/hyperframe	6.1.0	🟢 4.8	Details Check Score Reason Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained 🟢 8 10 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8 Code-Review ⚠️ 2 Found 5/23 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/importlib-metadata	8.6.1	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 1 Found 4/24 approved changesets -- score normalized to 1 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Maintained 🟢 6 5 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 6 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 8 binaries present in source code CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/ruff	0.9.4	Unknown	Unknown

Scanned Files

• poetry.lock

[github-actions]

Conventional Commits Report

Type	Number
Dependencies	1

🚀 Conventional commits found.