Bump the dev-dependencies group across 1 directory with 3 updates

[dependabot]

Bumps the dev-dependencies group with 3 updates in the /export directory: mypy, types-setuptools and semgrep.

Updates mypy from 1.13.0 to 1.15.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Different Property Getter and Setter Types

Mypy now supports using different types for property getter and setter.

class A:
    value: int
@property
def f(self) -> int:
    return self.value
@f.setter
def f(self, x: str | int) -> None:
    try:
        self.value = int(x)
    except ValueError:
        raise Exception(f"'{x}' is not a valid value for 'f'")

Contributed by Ivan Levkivskyi (PR 18510)

Selectively Disable Deprecated Warnings

It's now possible to selectively disable warnings generated from warnings.deprecated using the --deprecated-calls-exclude option.

# mypy --enable-error-code deprecated
#      --deprecated-calls-exclude=foo.A
import foo
foo.A().func()  # OK, the deprecated warning is ignored
file foo.py
from typing_extensions import deprecated
class A:
@​deprecated("Use A.func2 instead")
def func(self): pass

Contributed by Marc Mueller (PR 18641)

Mypy 1.15

We’ve just uploaded mypy 1.15 to the Python Package Index (PyPI).

... (truncated)

Commits

• 9397454 remove +dev from version ahead of final release
• 686b591 remove "unreleased" from 1.15 changelog entry
• cb4b243 Various small updates to 1.15 changelog (#18599)
• 1a26502 Prepare changelog for 1.15 release (#18583)
• d4515e4 Fix a few PR links in the changelog (#18586)
• f83b643 Add object self-type to tuple test fixture (#18592)
• ebc2cb8 Prevent crash on generic NamedTuple with unresolved typevar bound (#18585)
• 63c251e empty commit to trigger wheel rebuild
• c30573e Fix literal context for ternary expressions (for real) (#18545)
• 23d862d Fix isinstance with explicit (non generic) type alias (#18512)
• Additional commits viewable in compare view

Updates types-setuptools from 75.6.0.20241126 to 75.8.0.20250210

Commits

• See full diff in compare view

Updates semgrep from 1.100.0 to 1.108.0

Release notes

Sourced from semgrep's releases.

Release v1.108.0

1.108.0 - 2025-02-12

Added

• pro: Semgrep can now dynamically resolve dependencies for Python projects using pip, allowing it to determine transitive dependencies automatically. (sc-2069)

Changed

• Bump base Alpine docker image from 3.19 to 3.21. (alpine-version)
• The semgrep-appsec-platform specific metadata fields "semgrep.dev:" and "semgrep.policy:" are now filtered from the JSON output unless you are logged in with the Semgrep appsec platform. See https://semgrep.dev/docs/semgrep-appsec-platform/json-and-sarif#json for more information. (metadata-filter)
• The Semgrep Docker image now uses Python 3.12 (bumped from 3.11). (python-version)

Fixed

• This PR changes the way we handle failures in git worktree remove more gracefully. Instead of erroring, we continue to scan so that the user can still get results, but log the error. It also adds a guard so that this failure is less likely to happen and will include more debugging information when it does. (sms-521)

Release v1.107.0

1.107.0 - 2025-02-04

Added

• More testing of pnpm-lock.yaml dependency parsing. (gh-2999)
• Added a progress indicator during dependency resolution for supply chain scans. (sc-2045)

Fixed

• The pro engine now respects the correct order of field resolution in Scala's multiple inheritance. The type that appears later takes precedence when resolving fields. For example, in class A extends B with C with D, the order of precedence is D, C, B, and A. (code-7891)
• pro: taint: Fixed bug in callback support, see https://semgrep.dev/playground/s/oqobX (code-7976)
• pro: python: Fixed resolution of calls to the implementation of abstract methods. See https://semgrep.dev/playground/s/X5kZ4. (code-7987)

... (truncated)

Changelog

Sourced from semgrep's changelog.

1.108.0 - 2025-02-12

Added

• pro: Semgrep can now dynamically resolve dependencies for Python projects using pip, allowing it to determine transitive dependencies automatically. (sc-2069)

Changed

• Bump base Alpine docker image from 3.19 to 3.21. (alpine-version)
• The semgrep-appsec-platform specific metadata fields "semgrep.dev:" and "semgrep.policy:" are now filtered from the JSON output unless you are logged in with the Semgrep appsec platform. See https://semgrep.dev/docs/semgrep-appsec-platform/json-and-sarif#json for more information. (metadata-filter)
• The Semgrep Docker image now uses Python 3.12 (bumped from 3.11). (python-version)

Fixed

• This PR changes the way we handle failures in git worktree remove more gracefully. Instead of erroring, we continue to scan so that the user can still get results, but log the error. It also adds a guard so that this failure is less likely to happen and will include more debugging information when it does. (sms-521)

1.107.0 - 2025-02-04

Added

• More testing of pnpm-lock.yaml dependency parsing. (gh-2999)
• Added a progress indicator during dependency resolution for supply chain scans. (sc-2045)

Fixed

• The pro engine now respects the correct order of field resolution in Scala's multiple inheritance. The type that appears later takes precedence when resolving fields. For example, in class A extends B with C with D, the order of precedence is D, C, B, and A. (code-7891)
• pro: taint: Fixed bug in callback support, see https://semgrep.dev/playground/s/oqobX (code-7976)
• pro: python: Fixed resolution of calls to the implementation of abstract methods. See https://semgrep.dev/playground/s/X5kZ4. (code-7987)
• Fixed the semgrep ci --help to not include experimental options

... (truncated)

Commits

• 2fc9561 chore: release version 1.108.0
• 5014e89semgrep/semgrep-proprietary#3100
• db0cd24semgrep/semgrep-proprietary#3
• db7b46e Update Generic Secrets to only show the messaging in CI context [SCRT-831] (s...
• e8be00f refactor: Add GetTargets Python -> OCaml RPC call (semgrep/semgrep-proprietar...
• b5d0bce chore(lfs): Bump base docker image to alpine:3.21 (semgrep/semgrep-propriet...
• b595c25semgrep/semgrep-proprietary#3064
• 01e54c5semgrep/semgrep-proprietary#3082
• 94dc594 Update docs to reflect the symbol analysis data that we can collect for scrat...
• 6ed0d6c refactor: Enforce keyword args for TargetManager constructor and one method (...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions