Bump the dependencies group with 6 updates

[dependabot]

Bumps the dependencies group with 6 updates:

Package	From	To
aiohttp	3.10.5	3.10.7
bandit	1.7.9	1.7.10
poethepoet	0.28.0	0.29.0
ruff	0.6.5	0.6.8
mkdocs-material	9.5.34	9.5.38
mkdocstrings	0.25.2	0.26.1

Updates aiohttp from 3.10.5 to 3.10.7

Release notes

Sourced from aiohttp's releases.

3.10.7

Bug fixes

• Fixed assembling the :class:~yarl.URL for web requests when the host contains a non-default port or IPv6 address -- by :user:bdraco.

  Related issues and pull requests on GitHub: #9309.

Miscellaneous internal changes

• Improved performance of determining if a URL is absolute -- by :user:bdraco.

  The property :attr:~yarl.URL.absolute is more performant than the method URL.is_absolute() and preferred when newer versions of yarl are used.

  Related issues and pull requests on GitHub: #9171.

• Replaced code that can now be handled by yarl -- by :user:bdraco.

  Related issues and pull requests on GitHub: #9301.

---

3.10.6

Bug fixes

• Added :exc:aiohttp.ClientConnectionResetError. Client code that previously threw :exc:ConnectionResetError will now throw this -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub: #9137.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.10.7 (2024-09-27)

Bug fixes

• Fixed assembling the :class:~yarl.URL for web requests when the host contains a non-default port or IPv6 address -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:9309.

Miscellaneous internal changes

• Improved performance of determining if a URL is absolute -- by :user:bdraco.

  The property :attr:~yarl.URL.absolute is more performant than the method URL.is_absolute() and preferred when newer versions of yarl are used.

  Related issues and pull requests on GitHub: :issue:9171.

• Replaced code that can now be handled by yarl -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:9301.

---

3.10.6 (2024-09-24)

Bug fixes

• Added :exc:aiohttp.ClientConnectionResetError. Client code that previously threw :exc:ConnectionResetError will now throw this -- by :user:Dreamsorcerer.

... (truncated)

Commits

• f9a9e85 Release 3.10.7 (#9320)
• 8220ced [PR #9309/e4028333 backport][3.10] Fix building the URL in BaseRequest when t...
• d32d580 [PR #9301/c240b52 backport][3.10] Replace code that can now be handled by yar...
• fd5ece6 Bump yarl to 1.13.0 (#9302) (#9304)
• d6d2bcc [PR #9294/552dea53 backport][3.10] Backport type fix from #9226 (#9299)
• e6bcfbe [PR #9171/0462ae6b backport][3.10] Switch to using yarl.URL.absolute over `...
• 0b82655 [PR #9083/a6dd415 backport][3.10] Remove unused backwards compatibility code ...
• 2a92a5c Bump version
• a8542a8 Merge 3.6
• 2272c2b Release v3.10.6 (#9288)
• Additional commits viewable in compare view

Updates bandit from 1.7.9 to 1.7.10

Release notes

Sourced from bandit's releases.

1.7.10

What's Changed

• Bump docker/build-push-action from 5.4.0 to 6.0.0 by @​dependabot in PyCQA/bandit#1147
• Suggested small refactors in assignments by @​ericwb in PyCQA/bandit#1150
• Performance improvement in blacklist function by @​ericwb in PyCQA/bandit#1148
• Add test for usage of FTP_TLS by @​ericwb in PyCQA/bandit#1149
• New check: B113: TrojanSource - Bidirectional control characters by @​Lucas-C in PyCQA/bandit#757
• Bump docker/build-push-action from 6.0.0 to 6.1.0 by @​dependabot in PyCQA/bandit#1152
• feat(plugins): add support for httpx in B113 by @​mkniewallner in PyCQA/bandit#1060
• Nit: remove unused variable by @​ericwb in PyCQA/bandit#1153
• Add recent releases to version choice in bug report by @​ericwb in PyCQA/bandit#1151
• Bump docker/build-push-action from 6.1.0 to 6.2.0 by @​dependabot in PyCQA/bandit#1155
• Bump docker/build-push-action from 6.2.0 to 6.3.0 by @​dependabot in PyCQA/bandit#1157
• Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by @​dependabot in PyCQA/bandit#1156
• Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 by @​dependabot in PyCQA/bandit#1158
• Bump docker/login-action from 3.2.0 to 3.3.0 by @​dependabot in PyCQA/bandit#1159
• Bump docker/build-push-action from 6.3.0 to 6.5.0 by @​dependabot in PyCQA/bandit#1160
• Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 by @​dependabot in PyCQA/bandit#1163
• Bump docker/build-push-action from 6.5.0 to 6.6.1 by @​dependabot in PyCQA/bandit#1166
• Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by @​dependabot in PyCQA/bandit#1165
• Bump docker/build-push-action from 6.6.1 to 6.7.0 by @​dependabot in PyCQA/bandit#1168
• Use consistent file naming of docs by @​ericwb in PyCQA/bandit#1170
• Pytorch Load / Save Plugin by @​lukehinds in PyCQA/bandit#1114

New Contributors

• @​Lucas-C made their first contribution in PyCQA/bandit#757

Full Changelog: PyCQA/bandit@1.7.9...1.7.10

Commits

• 36fd650 Pytorch Load / Save Plugin (#1114)
• 4ac55df Use consistent file naming of docs (#1170)
• 68022aa Bump docker/build-push-action from 6.6.1 to 6.7.0 (#1168)
• 77566a0 Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 (#1165)
• 221ced6 Bump docker/build-push-action from 6.5.0 to 6.6.1 (#1166)
• 701b7d5 Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 (#1163)
• 320495c Bump docker/build-push-action from 6.3.0 to 6.5.0 (#1160)
• 90490c7 Bump docker/login-action from 3.2.0 to 3.3.0 (#1159)
• 708ab74 Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 (#1158)
• 89d2345 Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 (#1156)
• Additional commits viewable in compare view

Updates poethepoet from 0.28.0 to 0.29.0

Release notes

Sourced from poethepoet's releases.

0.29.0

Enhancements

• Add support for poe_tasks.toml or yaml or json files by @​nat-n in nat-n/poethepoet#241 📖
• Add support for help messages spanning multiple lines by @​taconi in nat-n/poethepoet#240
• Only depend on tomli for python<3.11 by @​nat-n in nat-n/poethepoet#243

New Contributors

• @​taconi made their first contribution in nat-n/poethepoet#240

Full Changelog: nat-n/poethepoet@v0.28.0...v0.29.0

Commits

• 72892b1 Bump version to 0.29.0
• 1bcc691 chore: only depend on tomli for older pythons (#243)
• 62c6061 Allow help text with line breaks (#240)
• de19a42 docs: Suggest edgar as name for global tasks alias
• ad24166 chore: update CONTRIBUTING.md and add pull_request_template.md
• 0dc3cc0 chore: Update GH action
• fa2f2cd Add support for poe_tasks files in toml, yaml, or json (#241)
• c5841bc Update GH actions
• See full diff in compare view

Updates ruff from 0.6.5 to 0.6.8

Release notes

Sourced from ruff's releases.

0.6.8

Release Notes

Preview features

• Remove unnecessary parentheses around match case clauses (#13510)
• Parenthesize overlong if guards in match..case clauses (#13513)
• Detect basic wildcard imports in ruff analyze graph (#13486)
• [pylint] Implement boolean-chained-comparison (R1716) (#13435)

Rule changes

• [lake8-simplify] Detect SIM910 when using variadic keyword arguments, i.e., **kwargs (#13503)
• [pyupgrade] Avoid false negatives with non-reference shadowed bindings of loop variables (UP028) (#13504)

Bug fixes

• Detect tuples bound to variadic positional arguments i.e. *args (#13512)
• Exit gracefully on broken pipe errors (#13485)
• Avoid panic when analyze graph hits broken pipe (#13484)

Performance

• Reuse BTreeSets in module resolver (#13440)
• Skip traversal for non-compound statements (#13441)

Contributors

• @​MichaReiser
• @​TomerBin
• @​charliermarsh
• @​diceroll123
• @​dylwil3
• @​haarisr
• @​renovate
• @​sbrugman
• @​vincevannoort
• @​zanieb

Install ruff 0.6.8

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.6.8/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

... (truncated)

Changelog

Sourced from ruff's changelog.

0.6.8

Preview features

• Remove unnecessary parentheses around match case clauses (#13510)
• Parenthesize overlong if guards in match..case clauses (#13513)
• Detect basic wildcard imports in ruff analyze graph (#13486)
• [pylint] Implement boolean-chained-comparison (R1716) (#13435)

Rule changes

• [lake8-simplify] Detect SIM910 when using variadic keyword arguments, i.e., **kwargs (#13503)
• [pyupgrade] Avoid false negatives with non-reference shadowed bindings of loop variables (UP028) (#13504)

Bug fixes

• Detect tuples bound to variadic positional arguments i.e. *args (#13512)
• Exit gracefully on broken pipe errors (#13485)
• Avoid panic when analyze graph hits broken pipe (#13484)

Performance

• Reuse BTreeSets in module resolver (#13440)
• Skip traversal for non-compound statements (#13441)

0.6.7

Preview features

• Add Python version support to ruff analyze CLI (#13426)
• Add exclude support to ruff analyze (#13425)
• Fix parentheses around return type annotations (#13381)

Rule changes

• [pycodestyle] Fix: Don't autofix if the first line ends in a question mark? (D400) (#13399)

Bug fixes

• Respect lint.exclude in ruff check --add-noqa (#13427)

Performance

• Avoid tracking module resolver files in Salsa (#13437)
• Use forget for module resolver database (#13438)

0.6.6

Preview features

... (truncated)

Commits

• ae39ce5 Bump version to 0.6.8 (#13522)
• ff2d214 Don't skip over imports and other nodes containing nested statements in impor...
• 9442cd8 Parenthesize match..case if guards (#13513)
• 8012707 Align formatting of patterns in match-cases with expression formatting in cla...
• d7ffe46 Disable the typeset plugin (#13517)
• 7c83af4 red-knot: Implement the not operator for all Type variants (#13432)
• bbb044e Detect tuples bound to variadic positional arguments i.e. *args (#13512)
• 4810652 Avoid UP028 false negatives with non-reference shadowed bindings of loop vari...
• 11f06e0 Detect SIM910 when using variadic keyword arguments, i.e., **kwargs (#13503)
• f27a8b8 [internal] ComparableExpr (f)strings and bytes made invariant under concate...
• Additional commits viewable in compare view

Updates mkdocs-material from 9.5.34 to 9.5.38

Release notes

Sourced from mkdocs-material's releases.

mkdocs-material-9.5.38

• Added Albanian translations

Thanks go to @​gerardkraja for their contributions

mkdocs-material-9.5.37

• Added 4th and 5th level ordered list styles
• Fixed #7548: Tags have no spacing in search

mkdocs-material-9.5.36

• Fixed #7544: Social cards incorrectly rendering HTML entities
• Fixed #7542: Improved support for setting custom list styles

mkdocs-material-9.5.35

• Fixed #7498: Search not showing for Vietnamese language

Changelog

Sourced from mkdocs-material's changelog.

mkdocs-material-9.5.38 (2024-09-26)

• Added Albanian translations

mkdocs-material-9.5.37 (2024-09-25)

• Added 4th and 5th level ordered list styles
• Fixed #7548: Tags have no spacing in search

mkdocs-material-9.5.36 (2024-09-21)

• Fixed #7544: Social cards incorrectly rendering HTML entities
• Fixed #7542: Improved support for setting custom list styles

mkdocs-material-9.5.35 (2024-09-18)

• Fixed #7498: Search not showing for Vietnamese language

mkdocs-material-9.5.34+insiders-4.53.13 (2024-09-14)

• Fixed #7520: Social plugin errors for generated files (MkDocs 1.6+)

mkdocs-material-9.5.34 (2024-08-31)

• Updated Mermaid.js to version 11 (latest)

mkdocs-material-9.5.33 (2024-08-23)

• Fixed #7453: Incorrect position of tooltip when sorting table

mkdocs-material-9.5.32 (2024-08-19)

• Fixed RXSS vulnerability via deep link in search results
• Added support for fetching latest release from GitLab

mkdocs-material-9.5.31+insiders-4.53.12 (2024-08-02)

• Fixed #7410: Instant previews jump on content tabs with anchor links
• Fixed #7408: Instant previews jump on content tabs

mkdocs-material-9.5.31 (2024-08-02)

• Fixed #7405: DockerHub missing images > 9.5.27 due to change in Alpine/APK

mkdocs-material-9.5.30 (2024-07-23)

• Fixed #7380: Navigation icons disappearing on hover in Safari
• Fixed #7367: Blog readtime computation includes SVG text content

mkdocs-material-9.5.29 (2024-07-14)

... (truncated)

Commits

• 117250a Prepare 9.5.38 release
• 74ca234 Added Albanian translations
• 84ddbba Prepare 9.5.37 release
• fd98413 Documentation (#7557)
• 573d23d Updated dependencies
• 06fe18a Fixed rendering of tags in search
• 43a22b6 Fixed ordered list markers
• 71b64f4 Prepare 9.5.36 release
• bbb76b8 Updated dependencies
• 57765c4 Updated dependencies
• Additional commits viewable in compare view

Updates mkdocstrings from 0.25.2 to 0.26.1

Release notes

Sourced from mkdocstrings's releases.

0.26.1

0.26.1 - 2024-09-06

Compare with 0.26.0

Bug Fixes

• Instantiate config of the autorefs plugin when it is not enabled by the user (db2ab34 by Timothée Mazzucotelli). Issue-autorefs#57

0.26.0

0.26.0 - 2024-09-02

Compare with 0.25.2

Build

• Upgrade Python-Markdown lower bound to 3.6 (28565f9 by Timothée Mazzucotelli).

Dependencies

• Depend on mkdocs-autorefs v1 (33aa573 by Timothée Mazzucotelli).

Features

• Allow hooking into autorefs when converting Markdown docstrings (b63e726 by Timothée Mazzucotelli). Based-on-PR-autorefs#46

Changelog

Sourced from mkdocstrings's changelog.

0.26.1 - 2024-09-06

Compare with 0.26.0

Bug Fixes

• Instantiate config of the autorefs plugin when it is not enabled by the user (db2ab34 by Timothée Mazzucotelli). Issue-autorefs#57

0.26.0 - 2024-09-02

Compare with 0.25.2

Build

• Upgrade Python-Markdown lower bound to 3.6 (28565f9 by Timothée Mazzucotelli).

Dependencies

• Depend on mkdocs-autorefs v1 (33aa573 by Timothée Mazzucotelli).

Features

• Allow hooking into autorefs when converting Markdown docstrings (b63e726 by Timothée Mazzucotelli). Based-on-PR-autorefs#46

Commits

• 651d176 chore: Prepare release 0.26.1
• db2ab34 fix: Instantiate config of the autorefs plugin when it is not enabled by the ...
• a65035a docs: Clarify that Installation section
• b1aa042 chore: Prepare release 0.26.0
• b63e726 feat: Allow hooking into autorefs when converting Markdown docstrings
• 3c878b7 chore: Upgrade mkdocs-redirects lower bound to avoid deprecation warning
• 28565f9 build: Upgrade Python-Markdown lower bound to 3.6
• 52fad11 style: Format
• c6ca522 docs: Fix dead link
• 8041ef3 docs: Update code highlight lines
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Superseded by #58.