chore(deps): bump the pip group across 1 directory with 6 updates

[dependabot]

Bumps the pip group with 6 updates in the / directory:

Package	From	To
black	24.8.0	24.10.0
configobj	5.0.8	5.0.9
pillow	10.4.0	11.0.0
pyinstaller	6.10.0	6.11.1
pylint	3.3.0	3.3.1
pyside6	6.7.2	6.8.0.2

Updates black from 24.8.0 to 24.10.0

Release notes

Sourced from black's releases.

24.10.0

Highlights

• Black is now officially tested with Python 3.13 and provides Python 3.13 mypyc-compiled wheels. (#4436) (#4449)
• Black will issue an error when used with Python 3.12.5, due to an upstream memory safety issue in Python 3.12.5 that can cause Black's AST safety checks to fail. Please use Python 3.12.6 or Python 3.12.4 instead. (#4447)
• Black no longer supports running with Python 3.8 (#4452)

Stable style

• Fix crashes involving comments in parenthesised return types or X | Y style unions. (#4453)
• Fix skipping Jupyter cells with unknown %% magic (#4462)

Preview style

• Fix type annotation spacing between * and more complex type variable tuple (i.e. def fn(*args: *tuple[*Ts, T]) -> None: pass) (#4440)

Caching

• Fix bug where the cache was shared between runs with and without --unstable (#4466)

Packaging

• Upgrade version of mypyc used to 1.12 beta (#4450) (#4449)
• blackd now requires a newer version of aiohttp. (#4451)

Output

• Added Python target version information on parse error (#4378)
• Add information about Black version to internal error messages (#4457)

Changelog

Sourced from black's changelog.

24.10.0

Highlights

• Black is now officially tested with Python 3.13 and provides Python 3.13 mypyc-compiled wheels. (#4436) (#4449)
• Black will issue an error when used with Python 3.12.5, due to an upstream memory safety issue in Python 3.12.5 that can cause Black's AST safety checks to fail. Please use Python 3.12.6 or Python 3.12.4 instead. (#4447)
• Black no longer supports running with Python 3.8 (#4452)

Stable style

• Fix crashes involving comments in parenthesised return types or X | Y style unions. (#4453)
• Fix skipping Jupyter cells with unknown %% magic (#4462)

Preview style

• Fix type annotation spacing between * and more complex type variable tuple (i.e. def fn(*args: *tuple[*Ts, T]) -> None: pass) (#4440)

Caching

• Fix bug where the cache was shared between runs with and without --unstable (#4466)

Packaging

• Upgrade version of mypyc used to 1.12 beta (#4450) (#4449)
• blackd now requires a newer version of aiohttp. (#4451)

Output

• Added Python target version information on parse error (#4378)
• Add information about Black version to internal error messages (#4457)

Commits

• 1b2427a Prepare release 24.10.0 (#4471)
• a22b1eb Add mypyc 3.13 wheel build (#4449)
• b7d0e72 Bump AndreMiras/coveralls-python-action from 65c1672f0b8a201702d86c81b79187df...
• f1a2f92 Include --unstable in cache key (#4466)
• 8d9d18c Fix skipping Jupyter cells with unknown %% magic (#4462)
• bbfdba3 Fix docs CI: use venv for uv to fix 'failed to create directory' (#4460)
• 8fb2add Use builtin generics (#4458)
• 2a45cec Fix crashes with comments in parentheses (#4453)
• b4d6d86 Drop Python 3.8 support (#4452)
• ac018c1 Require newer aiohttp for blackd (#4451)
• Additional commits viewable in compare view

Updates configobj from 5.0.8 to 5.0.9

Release notes

Sourced from configobj's releases.

5.0.9

What's Changed

• Address CVE-2023-26112 ReDoS by @​cdcadman in DiffSK/configobj#236
• Drop Python 2 support and compatibility code by @​jelmer in DiffSK/configobj#237
• Extra 2014 by @​jelmer in DiffSK/configobj#245
• setup.py: fix license tag by @​yegorich in DiffSK/configobj#241
• Update minimum python to 3.7 everywhere, and add 3.12 by @​jelmer in DiffSK/configobj#246

New Contributors

• @​cdcadman made their first contribution in DiffSK/configobj#236
• @​yegorich made their first contribution in DiffSK/configobj#241

Full Changelog: DiffSK/configobj@v5.0.8...v5.0.9

Changelog

Sourced from configobj's changelog.

Changelog

Release 5.0.9 """""""""""""

• drop support for Python 2 and <3.7
• fix CVE-2023-26112, ReDoS attack

Release 5.0.8 """""""""""""

• fixing/test for a regression introduced in 5.0.7 that prevented import validate from working

Release 5.0.7 """""""""""""

• update testing to validate against python version 2.7 and 3.5-3.11
• update broken links / non-existent services and references

Older Releases """"""""""""""

• Release 5.0.6 improves error messages in certain edge cases
• Release 5.0.5 corrects a unicode-bug that still existed in writing files
• Release 5.0.4 corrects a unicode-bug that still existed in reading files after fixing lists of string in 5.0.3
• Release 5.0.3 corrects errors related to the incorrectly handling unicode encoding and writing out files
• Release 5.0.2 adds a specific error message when trying to install on Python versions older than 2.5
• Release 5.0.1 fixes a regression with unicode conversion not happening in certain cases PY2
• Release 5.0.0 updates the supported Python versions to 2.6, 2.7, 3.2, 3.3 and is otherwise unchanged
• Release 4.7.2 fixes several bugs in 4.7.1
• Release 4.7.1 fixes a bug with the deprecated options keyword in 4.7.0.
• Release 4.7.0 improves performance adds features for validation and fixes some bugs.

Commits

• 242dfd0 release 5.0.9
• 8857b08 Merge pull request #246 from DiffSK/python-version
• d6f7597 Update minimum python to 3.7 everywhere, and add 3.12
• 8ffcf0c Merge pull request #241 from yegorich/license
• 5e2f143 Merge pull request #245 from jelmer/extra-2014
• fdf3634 Drop extra '2014' in LICENSE file. Fixes #233
• 3480a6e Merge pull request #237 from jelmer/drop-python2
• 008165c Drop python 3.5 from GitHub action, since it now fails to download
• 861383c Drop support for Python < 3.5
• 7c618b0 Merge pull request #236 from cdcadman/cve_2023_26112
• Additional commits viewable in compare view

Updates pillow from 10.4.0 to 11.0.0

Release notes

Sourced from pillow's releases.

11.0.0

https://pillow.readthedocs.io/en/stable/releasenotes/11.0.0.html

Changes

• Do not create core image in TIFF seek() #8392 [@​radarhere]
• Removed custom build_openjpeg #8365 [@​radarhere]
• Support writing LONG8 offsets in AppendingTiffWriter #8417 [@​radarhere]
• Use ImageFile.MAXBLOCK when saving TIFF images #8461 [@​radarhere]
• Always raise warnings for deprecated feature checks #8459 [@​radarhere]
• Do not close provided file handles with libtiff when saving #8458 [@​radarhere]
• Revert "Skip QEMU-emulated wheels on workflow dispatch event" #8455 [@​radarhere]
• Support ImageFilter.BuiltinFilter for I;16* images #8438 [@​radarhere]
• [pre-commit.ci] pre-commit autoupdate #8448 [@​pre-commit-ci]
• Use ImagingCore.ptr instead of ImagingCore.id #8341 [@​homm]
• Simplified code #8445 [@​radarhere]
• Removed unused code #8447 [@​radarhere]
• Updated EPS mode when opening images without transparency #8281 [@​Yay295]
• Use transparency when combining P frames from APNGs #8443 [@​radarhere]
• Generate and upload attestations to PyPI #8441 [@​hugovk]
• Do not convert images unnecessarily in ImageEnhance #8431 [@​radarhere]
• Raise an error if path is compacted during mapping #8416 [@​radarhere]
• Support all resampling filters when resizing I;16* images #8422 [@​radarhere]
• Free memory on early return #8413 [@​radarhere]
• Cast int before potentially exceeding INT_MAX #8402 [@​radarhere]
• Prevent division by zero #8408 [@​radarhere]
• Check image value before use #8400 [@​radarhere]
• Use ruff check #8423 [@​radarhere]
• Change harfbuzz versions in wheels #8421 [@​radarhere]
• Use Capsule for WebP saving #8386 [@​homm]
• Fixed writing multiple StripOffsets to TIFF #8317 [@​Yay295]
• Updated macOS deployment target for PyPy on Intel to 10.15 #8414 [@​radarhere]
• Fix dereference before checking for NULL in ImagingTransformAffine #8398 [@​PavlNekrasov]
• Use transposed size after opening for TIFF images #8390 [@​radarhere]
• Improve ImageFont error messages #8338 [@​yngvem]
• Mention MAX_TEXT_CHUNK limit in PNG error message #8391 [@​radarhere]
• Cast Dib handle to int #8385 [@​radarhere]
• Updated macOS deployment target for Python >= 3.12 on Intel to 10.13 #8379 [@​radarhere]
• Removed unused ImagePath variable #8377 [@​radarhere]
• Change macos-14 to macos-latest #8376 [@​radarhere]
• Accept float stroke widths #8369 [@​radarhere]
• Remove comments #8370 [@​radarhere]
• Removed libffi-dev #8368 [@​radarhere]
• Improved handling of RGBA palettes when saving GIF images #8366 [@​radarhere]
• Support converting more modes to LAB by converting to RGBA first #8358 [@​radarhere]
• Optimize getbbox() and getextrema() routines #8194 [@​homm]
• Removed unused TiffImagePlugin IFD_LEGACY_API #8355 [@​radarhere]
• Handle duplicate EXIF header #8350 [@​zakajd]
• Use (void) for empty function parameters #8002 [@​Yay295]
• Return early from BoxBlur if either width or height is zero #8347 [@​radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

11.0.0 (2024-10-15)

• Update licence to MIT-CMU #8460 [hugovk]

• Conditionally define ImageCms type hint to avoid requiring core #8197 [radarhere]

• Support writing LONG8 offsets in AppendingTiffWriter #8417 [radarhere]

• Use ImageFile.MAXBLOCK when saving TIFF images #8461 [radarhere]

• Do not close provided file handles with libtiff when saving #8458 [radarhere]

• Support ImageFilter.BuiltinFilter for I;16* images #8438 [radarhere]

• Use ImagingCore.ptr instead of ImagingCore.id #8341 [homm, radarhere, hugovk]

• Updated EPS mode when opening images without transparency #8281 [Yay295, radarhere]

• Use transparency when combining P frames from APNGs #8443 [radarhere]

• Support all resampling filters when resizing I;16* images #8422 [radarhere]

• Free memory on early return #8413 [radarhere]

• Cast int before potentially exceeding INT_MAX #8402 [radarhere]

• Check image value before use #8400 [radarhere]

• Improved copying imagequant libraries #8420 [radarhere]

• Use Capsule for WebP saving #8386 [homm, radarhere]

• Fixed writing multiple StripOffsets to TIFF #8317 [Yay295, radarhere]

... (truncated)

Commits

• 204aae6 11.0.0 version bump
• f2cc87b Update CHANGES.rst [ci skip]
• c855e8e Merge pull request #8464 from radarhere/imagemath_type_hint
• dc37515 Merge pull request #8463 from hugovk/update-3.13-date
• c3d81d6 Update Python 3.13 release date
• a60610c Added type hints
• a5c58f2 Merge pull request #8460 from hugovk/mit-cmu
• e74994e Update licence to MIT-CMU
• b5e1115 Update CHANGES.rst [ci skip]
• 686b5e2 Merge pull request #8392 from radarhere/tiff_seek
• Additional commits viewable in compare view

Updates pyinstaller from 6.10.0 to 6.11.1

Release notes

Sourced from pyinstaller's releases.

v6.11.1

Please see the v6.11.1 section of the changelog for a list of the changes since v6.11.0.

v6.11.0

Please see the v6.11.0 section of the changelog for a list of the changes since v6.10.0.

Changelog

Sourced from pyinstaller's changelog.

6.11.1 (2024-11-10)

Bugfix

* (GNU/Linux) Fix resolving binary dependencies linked using ``$ORIGIN``.
  (:issue:`8868`)
* (Linux) Fix discovery and collection of Python shared library when using
  ``uv``-installed or ``rye``-installed Python that happens to be of same
  version as the system-installed Python. (:issue:`8850`)
* (Linux/musl) Prevent ``ld-musl-x86_64.so.1`` from being collected.
  (:issue:`8868`)
* (Windows) Add a retry loop to ``onefile`` temporary directory cleanup
  as an attempt to mitigate situations when bundled DLLs and python
  extension modules remain locked by the OS and/or anti-virus program
  for a short while after the application process exits. (:issue:`8870`)
* (Windows) Fix Qt run-time hooks failing to add the top-level application
  directory to ``PATH`` when the latter already contains a sub-directory
  of the top-level application directory (for example, ``pywin32_system32``
  sub-directory added to ``PATH`` by ``pywin32`` run-time hook). This
  failure prevented QtNetwork from discovering bundled OpenSSL DLLs, and
  caused it to (attempt to) load them from other locations that happened
  to be in ``PATH``. (:issue:`8857`)
* Fix macOS's default icons being missing from wheels (regression introduced in
  v6.11.0) (:issue:`8855`)
* Prevent :mod:`tkinter` from being collected if it is unusable.
  (:issue:`8868`)
Hooks

* Prevent ``IPython`` from being packaged redundantly if ``matplotlib`` is
  imported. (:issue:`8868`)
6.11.0 (2024-10-15)
Features

</code></pre>

<ul>

<li>Implement a mechanism that allows hooks to inform PyInstaller's binary

dependency analysis that it should not create symbolic links to top-level

application directory for certain shared libraries (applicable to platforms

where such symbolic links are created in the first place). This mechanism

is intended as a work around for corner cases when such symbolic links

disrupt run-time discovery of other shared libraries that are stored in

the linked library's true location. (:issue:<code>8761</code>)</li>

</ul>

<!-- raw HTML omitted -->

</blockquote>

<p>... (truncated)</p>

</details>

<details>

<summary>Commits</summary>
<ul>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/1318b8bc26d348147c4e99c0a7b60052a27eb1cc&quot;&gt;&lt;code&gt;1318b8b&lt;/code&gt;&lt;/a> Release v6.11.1. [skip ci]</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/9a113fed6bd245f602a9a636c9f9f86a86157bd3&quot;&gt;&lt;code&gt;9a113fe&lt;/code&gt;&lt;/a> tests: increase the waiting time in test_onefile_signal_handling</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/1ddbbe0dc8ffb1602edf798772a9d0aacbec257d&quot;&gt;&lt;code&gt;1ddbbe0&lt;/code&gt;&lt;/a> bootloader: add a retry loop for deleting onefile temp. dir. on Windows</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/160475ce4d6f715f43a44e89998091930f4074c5&quot;&gt;&lt;code&gt;160475c&lt;/code&gt;&lt;/a> bootloader: attempt to remove temp dir again only if some DLLs were unloaded</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/3e3a768a7152c7dd9ffcfa901fd5f4fad4960408&quot;&gt;&lt;code&gt;3e3a768&lt;/code&gt;&lt;/a> bootloader: move mitigation of locked temporary directory into helper function</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/235f6b97368d0ae58c4bf65953c391b0522fee36&quot;&gt;&lt;code&gt;235f6b9&lt;/code&gt;&lt;/a> bootloader: POSIX: install signal handlers before forking the child process</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/e073700b4c50e1954e93fa826f993bfb5c70a6e0&quot;&gt;&lt;code&gt;e073700&lt;/code&gt;&lt;/a> tests: nested multiprocessing: do not assume order of results</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/d0d767b4ca0df9ef39ccd11958b8fecea4df2356&quot;&gt;&lt;code&gt;d0d767b&lt;/code&gt;&lt;/a> ci: Increase pytest-xdist forks</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/eabd58f7b76ec58482279d8357b0ffefaefc659c&quot;&gt;&lt;code&gt;eabd58f&lt;/code&gt;&lt;/a> hooks: Exclude IPython as a dependency of matplotlib.{pyplot,backend_bases}</li>

<li><a href="https://github.com/pyinstaller/pyinstaller/commit/cc12d93359d7378344a4dc39f87c9386e64899e6&quot;&gt;&lt;code&gt;cc12d93&lt;/code&gt;&lt;/a> Prevent broken tkinter from being packaged</li>

<li>Additional commits viewable in <a href="https://github.com/pyinstaller/pyinstaller/compare/v6.10.0...v6.11.1&quot;&gt;compare view</a></li>

</ul>

</details>
<br />


Updates pylint from 3.3.0 to 3.3.1

Commits

76bce72 Bump pylint to 3.3.1, update changelog (#9954)
55ee816 Bump astroid to 3.3.4 (#9951) (#9952)
See full diff in compare view




Updates pyside6 from 6.7.2 to 6.8.0.2
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions