Bump the all-minor-and-patch-dependency-updates group with 7 updates

[dependabot]

Bumps the all-minor-and-patch-dependency-updates group with 7 updates:

Package	From	To
bandit	1.8.0	1.8.2
setuptools	75.7.0	75.8.0
fastapi	0.115.6	0.115.8
numpy	2.2.1	2.2.2
scipy	1.15.0	1.15.1
tox	4.23.2	4.24.1
ruff	0.8.6	0.9.4

Updates bandit from 1.8.0 to 1.8.2

Release notes

Sourced from bandit's releases.

1.8.2

What's Changed

• Revert "Start testing with 3.14 alphas" by @​ericwb in PyCQA/bandit#1217

Full Changelog: PyCQA/bandit@1.8.1...1.8.2

1.8.1

What's Changed

• Bump docker/build-push-action from 6.9.0 to 6.10.0 by @​dependabot in PyCQA/bandit#1209
• Update the bug template with latest bandit version by @​ericwb in PyCQA/bandit#1208
• Add Mercedes-Benz to sponsor list by @​ericwb in PyCQA/bandit#1210
• Bump docker/setup-buildx-action from 3.7.1 to 3.8.0 by @​dependabot in PyCQA/bandit#1211
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in PyCQA/bandit#1213
• Start testing with 3.14 alphas by @​ericwb in PyCQA/bandit#1189
• Remove lxml (B320 & B410) from blacklist by @​djbrown in PyCQA/bandit#1212
• Clarify "getting started" docs by @​Flimm in PyCQA/bandit#963

New Contributors

• @​djbrown made their first contribution in PyCQA/bandit#1212
• @​Flimm made their first contribution in PyCQA/bandit#963

Full Changelog: PyCQA/bandit@1.8.0...1.8.1

Commits

• c2c336d Revert "Start testing with 3.14 alphas" (#1217)
• e58379c Clarify "getting started" docs (#963)
• e4da0b3 Remove lxml (B320 & B410) from blacklist (#1212)
• 13d3406 Start testing with 3.14 alphas (#1189)
• 1abd1d7 [pre-commit.ci] pre-commit autoupdate (#1213)
• 8e3c928 Bump docker/setup-buildx-action from 3.7.1 to 3.8.0 (#1211)
• 929d597 Add Mercedes-Benz to sponsor list (#1210)
• ead6717 Update the bug template with latest bandit version (#1208)
• 65ddf8f Bump docker/build-push-action from 6.9.0 to 6.10.0 (#1209)
• See full diff in compare view

Updates setuptools from 75.7.0 to 75.8.0

Changelog

Sourced from setuptools's changelog.

v75.8.0

Features

• Implemented Dynamic field for core metadata (as introduced in PEP 643). The existing implementation is currently experimental and the exact approach may change in future releases. (#4698)

Commits

• 5c9d980 Bump version: 75.7.0 → 75.8.0
• 72c4222 Avoid using Any in function
• 1c61d47 Add news fragments for PEP 643
• f285d01 Implement PEP 643 (Dynamic field for core metadata) (#4698)
• a50f6e2 Fix _static.Dict.ior for Python 3.8
• b055895 Add extra tests for static/dynamic metadata
• 770b4fc Remove test workaround for unmarked static values from pyproject.toml
• 8b22d73 Mark values from pyproject.toml as static
• f699fd8 Fix spelling error
• 8b4c8a3 Add tests for static 'attr' directive
• Additional commits viewable in compare view

Updates fastapi from 0.115.6 to 0.115.8

Release notes

Sourced from fastapi's releases.

0.115.8

Fixes

• 🐛 Fix OAuth2PasswordRequestForm and OAuth2PasswordRequestFormStrict fixed grant_type "password" RegEx. PR #9783 by @​skarfie123.

Refactors

• ✅ Simplify tests for body_multiple_params . PR #13237 by @​alejsdev.
• ♻️ Move duplicated code portion to a static method in the APIKeyBase super class. PR #3142 by @​ShahriyarR.
• ✅ Simplify tests for request_files. PR #13182 by @​alejsdev.

Docs

• 📝 Change the word "unwrap" to "unpack" in docs/en/docs/tutorial/extra-models.md. PR #13061 by @​timothy-jeong.
• 📝 Update Request Body's tutorial002 to deal with tax=0 case. PR #13230 by @​togogh.
• 👥 Update FastAPI People - Experts. PR #13269 by @​tiangolo.

Translations

• 🌐 Add Japanese translation for docs/ja/docs/environment-variables.md. PR #13226 by @​k94-ishi.
• 🌐 Add Russian translation for docs/ru/docs/advanced/async-tests.md. PR #13227 by @​Rishat-F.
• 🌐 Update Russian translation for docs/ru/docs/tutorial/dependencies/dependencies-in-path-operation-decorators.md. PR #13252 by @​Rishat-F.
• 🌐 Add Russian translation for docs/ru/docs/tutorial/bigger-applications.md. PR #13154 by @​alv2017.

Internal

• ⬆️ Add support for Python 3.13. PR #13274 by @​tiangolo.
• ⬆️ Upgrade AnyIO max version for tests, new range: >=3.2.1,<5.0.0. PR #13273 by @​tiangolo.
• 🔧 Update Sponsors badges. PR #13271 by @​tiangolo.
• ♻️ Fix notify_translations.py empty env var handling for PR label events vs workflow_dispatch. PR #13272 by @​tiangolo.
• ♻️ Refactor and move scripts/notify_translations.py, no need for a custom GitHub Action. PR #13270 by @​tiangolo.
• 🔨 Update FastAPI People Experts script, refactor and optimize data fetching to handle rate limits. PR #13267 by @​tiangolo.
• ⬆ Bump pypa/gh-action-pypi-publish from 1.12.3 to 1.12.4. PR #13251 by @​dependabot[bot].

0.115.7

Upgrades

• ⬆️ Upgrade python-multipart to >=0.0.18. PR #13219 by @​DanielKusyDev.
• ⬆️ Bump Starlette to allow up to 0.45.0: >=0.40.0,<0.46.0. PR #13117 by @​Kludex.
• ⬆️ Upgrade jinja2 to >=3.1.5. PR #13194 by @​DanielKusyDev.

Refactors

• ✅ Simplify tests for websockets. PR #13202 by @​alejsdev.
• ✅ Simplify tests for request_form_models . PR #13183 by @​alejsdev.
• ✅ Simplify tests for separate_openapi_schemas. PR #13201 by @​alejsdev.
• ✅ Simplify tests for security. PR #13200 by @​alejsdev.
• ✅ Simplify tests for schema_extra_example. PR #13197 by @​alejsdev.
• ✅ Simplify tests for request_model. PR #13195 by @​alejsdev.
• ✅ Simplify tests for request_forms_and_files. PR #13185 by @​alejsdev.

... (truncated)

Commits

• 7128971 🔖 Release version 0.115.8
• 55f8a44 📝 Update release notes
• 83ab6ac 📝 Change the word "unwrap" to "unpack" in `docs/en/docs/tutorial/extra-models...
• 3d02a92 📝 Update release notes
• 1b00f8a ✅ Simplify tests for body_multiple_params (#13237)
• d97647f 📝 Update release notes
• 9667ce8 📝 Update Request Body's tutorial002 to deal with tax=0 case (#13230)
• 0541693 📝 Update release notes
• 041b2e1 📝 Update release notes
• 30b270b ♻️ Move duplicated code portion to a static method in the APIKeyBase super ...
• Additional commits viewable in compare view

Updates numpy from 2.2.1 to 2.2.2

Release notes

Sourced from numpy's releases.

2.2.2 (Jan 18, 2025)

NumPy 2.2.2 Release Notes

NumPy 2.2.2 is a patch release that fixes bugs found after the 2.2.1 release. The number of typing fixes/updates is notable. This release supports Python versions 3.10-3.13.

Contributors

A total of 8 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Alicia Boya García +
• Charles Harris
• Joren Hammudoglu
• Kai Germaschewski +
• Nathan Goldbaum
• PTUsumit +
• Rohit Goswami
• Sebastian Berg

Pull requests merged

A total of 16 pull requests were merged for this release.

• #28050: MAINT: Prepare 2.2.x for further development
• #28055: TYP: fix void arrays not accepting str keys in __setitem__
• #28066: TYP: fix unnecessarily broad integer binop return types (#28065)
• #28112: TYP: Better ndarray binop return types for float64 &...
• #28113: TYP: Return the correct bool from issubdtype
• #28114: TYP: Always accept date[time] in the datetime64 constructor
• #28120: BUG: Fix auxdata initialization in ufunc slow path
• #28131: BUG: move reduction initialization to ufunc initialization
• #28132: TYP: Fix interp to accept and return scalars
• #28137: BUG: call PyType_Ready in f2py to avoid data races
• #28145: BUG: remove unnecessary call to PyArray_UpdateFlags
• #28160: BUG: Avoid data race in PyArray_CheckFromAny_int
• #28175: BUG: Fix f2py directives and --lower casing
• #28176: TYP: Fix overlapping overloads issue in 2->1 ufuncs
• #28177: TYP: preserve shape-type in ndarray.astype()
• #28178: TYP: Fix missing and spurious top-level exports

Checksums

MD5

749cb2adf8043551aae22bbf0ed3130a  numpy-2.2.2-cp310-cp310-macosx_10_9_x86_64.whl
bc79fa2e44316b7ce9bacb48a993ed91  numpy-2.2.2-cp310-cp310-macosx_11_0_arm64.whl
c6b2caa2bbb645b5950dccb77efb1dbb  numpy-2.2.2-cp310-cp310-macosx_14_0_arm64.whl
8c410efac169af880cacbbac8a731658  numpy-2.2.2-cp310-cp310-macosx_14_0_x86_64.whl

... (truncated)

Commits

• fd8a68e Merge pull request #28184 from charris/prepare-2.2.2
• 0d106a5 REL: Prepare for the NumPy 2.2.2 release [wheel build]
• dfdd35a Merge pull request #28175 from charris/backport-28056
• e4517a8 Merge pull request #28176 from charris/backport-28168
• 2c0432b Merge pull request #28178 from charris/backport-28170
• 2230a08 Merge pull request #28177 from charris/backport-28169
• b04e32c TYP: Fix missing and spurious top-level exports
• 6a5f537 TYP: preserve shape-type in ndarray.astype()
• f782790 TYP: Fix overlapping overloads issue in 2->1 ufuncs
• a19acf1 BUG: Fix casing for f2py directives
• Additional commits viewable in compare view

Updates scipy from 1.15.0 to 1.15.1

Release notes

Sourced from scipy's releases.

SciPy 1.15.1 Release Notes

SciPy 1.15.1 is a bug-fix release with no new features compared to 1.15.0. Importantly, an issue with the import of scipy.optimize breaking other packages has been fixed.

Authors

• Name (commits)
• Ralf Gommers (3)
• Rohit Goswami (1)
• Matt Haberland (2)
• Tyler Reddy (7)
• Daniel Schmitz (1)

A total of 5 people contributed to this release. People with a "+" by their names contributed a patch for the first time. This list of names is automatically generated, and may not be fully complete.

Commits

• df134ea REL: 1.15.1 rel commit [wheel build]
• f939c19 Merge pull request #22296 from tylerjereddy/treddy_1.15.1_backports
• 609bb3c DOC: PR 22296 revisions
• 5bfd6a2 TST: stats.Normal: bump tolerance on test of logcdf (#22276)
• f9a549c DOC: update 1.15.1 relnotes
• 6f011d8 MAINT: Update highs subproject commit
• 0ff01de TST: fix thread safety issue in interpolate.bsplines memmap test
• 21c65ab BLD: fix some issues with undeclared internal build dependencies
• 826759e MAINT: fix url for array-api-extra git submodule
• 9af1fcd Merge pull request #22235 from tylerjereddy/treddy_prep_1.15.1
• Additional commits viewable in compare view

Updates tox from 4.23.2 to 4.24.1

Release notes

Sourced from tox's releases.

4.24.1

What's Changed

• Adds ability to configure stderr output color by @​ssbarnea in tox-dev/tox#3426

Full Changelog: tox-dev/tox@4.24.0...4.24.1

4.24.0

What's Changed

• fix docs config typo by @​wooshaun53 in tox-dev/tox#3424
• Allow users to disable use of pre-commit-uv by @​ssbarnea in tox-dev/tox#3430
• Pass nix-ld related variables by default in pass_env (fixes #3425) by @​albertodonato in tox-dev/tox#3434
• Improve testenv docs consistency by @​thatch in tox-dev/tox#3440
• Display exception name when subprocesses raise them by @​ssbarnea in tox-dev/tox#3450
• Fix the CI after setuptools 75.6 change by @​gaborbernat in tox-dev/tox#3452
• Update pre-commit hooks with mypy fix by @​ssbarnea in tox-dev/tox#3454
• Fix a typo in a code block in the User Guide by @​bryant1410 in tox-dev/tox#3462
• Update pre-commit hooks by @​ssbarnea in tox-dev/tox#3460
• 💅 Make SVG image compatible with Firefox by @​webknjaz in tox-dev/tox#3466
• feat: adding a json schema command by @​henryiii in tox-dev/tox#3446

New Contributors

• @​wooshaun53 made their first contribution in tox-dev/tox#3424
• @​albertodonato made their first contribution in tox-dev/tox#3434
• @​thatch made their first contribution in tox-dev/tox#3440
• @​bryant1410 made their first contribution in tox-dev/tox#3462
• @​henryiii made their first contribution in tox-dev/tox#3446

Full Changelog: tox-dev/tox@4.23.2...4.24.0

Changelog

Sourced from tox's changelog.

v4.24.1 (2025-01-21)

Misc - 4.24.1

- :issue:`3426`
v4.24.0 (2025-01-21)
Features - 4.24.0

• Add a schema command to produce a JSON Schema for tox and the current plugins.

  • by :user:henryiii (:issue:3446)

Bugfixes - 4.24.0

- Log exception name when subprocess execution produces one.

by :user:ssbarnea (:issue:3450)

Improved Documentation - 4.24.0

• Fix typo in docs/config.rst from {} to {:}.

  • by :user:wooshaun53 (:issue:3424)

• Pass NIX_LD and NIX_LD_LIBRARY_PATH variables by default in pass_env to make generic binaries work under Nix/NixOS.

  • by :user:albertodonato (:issue:3425)

Commits

• d4276dc release 4.24.1
• ee660b9 Adds ability to configure stderr output color (#3426)
• eca61ed release 4.24.0
• bbd9663 [pre-commit.ci] pre-commit autoupdate (#3464)
• 825c68b feat: adding a json schema command (#3446)
• fccbe2a 💅 Make SVG image compatible with Firefox (#3466)
• e3e77a6 Bump astral-sh/setup-uv from 4 to 5 (#3463)
• c0b490d Update pre-commit hooks (#3460)
• fbac078 Fix a typo in a code block in the User Guide (#3462)
• c7f2caf Bump pypa/gh-action-pypi-publish from 1.12.2 to 1.12.3 (#3459)
• Additional commits viewable in compare view

Updates ruff from 0.8.6 to 0.9.4

Release notes

Sourced from ruff's releases.

0.9.4

Release Notes

Preview features

• [airflow] Extend airflow context parameter check for BaseOperator.execute (AIR302) (#15713)
• [airflow] Update AIR302 to check for deprecated context keys (#15144)
• [flake8-bandit] Permit suspicious imports within stub files (S4) (#15822)
• [pylint] Do not trigger PLR6201 on empty collections (#15732)
• [refurb] Do not emit diagnostic when loop variables are used outside loop body (FURB122) (#15757)
• [ruff] Add support for more re patterns (RUF055) (#15764)
• [ruff] Check for shadowed map before suggesting fix (RUF058) (#15790)
• [ruff] Do not emit diagnostic when all arguments to zip() are variadic (RUF058) (#15744)
• [ruff] Parenthesize fix when argument spans multiple lines for unnecessary-round (RUF057) (#15703)

Rule changes

• Preserve quote style in generated code (#15726, #15778, #15794)
• [flake8-bugbear] Exempt NewType calls where the original type is immutable (B008) (#15765)
• [pylint] Honor banned top-level imports by TID253 in PLC0415. (#15628)
• [pyupgrade] Ignore is_typeddict and TypedDict for deprecated-import (UP035) (#15800)

CLI

• Fix formatter warning message for flake8-quotes option (#15788)
• Implement tab autocomplete for ruff config (#15603)

Bug fixes

• [flake8-comprehensions] Do not emit unnecessary-map diagnostic when lambda has different arity (C417) (#15802)
• [flake8-comprehensions] Parenthesize sorted when needed for unnecessary-call-around-sorted (C413) (#15825)
• [pyupgrade] Handle end-of-line comments for quoted-annotation (UP037) (#15824)

Documentation

• Add missing config docstrings (#15803)
• Add references to trio.run_process and anyio.run_process (#15761)
• Use uv init --lib in tutorial (#15718)

Contributors

• @​AlexWaygood
• @​Garrett-R
• @​InSyncWithFoo
• @​JelleZijlstra
• @​Lee-W
• @​MichaReiser
• @​charliermarsh
• @​dcreager
• @​dhruvmanila
• @​dylwil3

... (truncated)

Changelog

Sourced from ruff's changelog.

0.9.4

Preview features

• [airflow] Extend airflow context parameter check for BaseOperator.execute (AIR302) (#15713)
• [airflow] Update AIR302 to check for deprecated context keys (#15144)
• [flake8-bandit] Permit suspicious imports within stub files (S4) (#15822)
• [pylint] Do not trigger PLR6201 on empty collections (#15732)
• [refurb] Do not emit diagnostic when loop variables are used outside loop body (FURB122) (#15757)
• [ruff] Add support for more re patterns (RUF055) (#15764)
• [ruff] Check for shadowed map before suggesting fix (RUF058) (#15790)
• [ruff] Do not emit diagnostic when all arguments to zip() are variadic (RUF058) (#15744)
• [ruff] Parenthesize fix when argument spans multiple lines for unnecessary-round (RUF057) (#15703)

Rule changes

• Preserve quote style in generated code (#15726, #15778, #15794)
• [flake8-bugbear] Exempt NewType calls where the original type is immutable (B008) (#15765)
• [pylint] Honor banned top-level imports by TID253 in PLC0415. (#15628)
• [pyupgrade] Ignore is_typeddict and TypedDict for deprecated-import (UP035) (#15800)

CLI

• Fix formatter warning message for flake8-quotes option (#15788)
• Implement tab autocomplete for ruff config (#15603)

Bug fixes

• [flake8-comprehensions] Do not emit unnecessary-map diagnostic when lambda has different arity (C417) (#15802)
• [flake8-comprehensions] Parenthesize sorted when needed for unnecessary-call-around-sorted (C413) (#15825)
• [pyupgrade] Handle end-of-line comments for quoted-annotation (UP037) (#15824)

Documentation

• Add missing config docstrings (#15803)
• Add references to trio.run_process and anyio.run_process (#15761)
• Use uv init --lib in tutorial (#15718)

0.9.3

Preview features

• [airflow] Argument fail_stop in DAG has been renamed as fail_fast (AIR302) (#15633)
• [airflow] Extend AIR303 with more symbols (#15611)
• [flake8-bandit] Report all references to suspicious functions (S3) (#15541)
• [flake8-pytest-style] Do not emit diagnostics for empty for loops (PT012, PT031) (#15542)
• [flake8-simplify] Avoid double negations (SIM103) (#15562)
• [pyflakes] Fix infinite loop with unused local import in __init__.py (F401) (#15517)
• [pylint] Do not report methods with only one EM101-compatible raise (PLR6301) (#15507)
• [pylint] Implement redefined-slots-in-subclass (W0244) (#9640)

... (truncated)

Commits

• 854ab03 Bump version to 0.9.4 (#15831)
• b0b8b06 Remove semicolon after TypeScript interface definition (#15827)
• 451f251 [red-knot] Clarify behavior when redeclaring base class attributes (#15826)
• 13cf3e6 [flake8-comprehensions] Parenthesize sorted when needed for `unnecessary-...
• 56f956a [pyupgrade] Handle end-of-line comments for quoted-annotation (UP037) (...
• 7a10a40 [flake8-bandit] Permit suspicious imports within stub files (S4) (#15822)
• 3125332 [red-knot] Format mdtest snippets with the latest version of black (#15819)
• 15d886a [red-knot] Consider all definitions after terminal statements unreachable (#1...
• e1c9d10 [flake8-comprehensions] Do not emit unnecessary-map diagnostic when lambd...
• 23c9884 Preserve quotes in generated f-strings (#15794)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @amitschang.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

📢 Thoughts on this report? Let us know!

[amitschang]

@dependabot squash and merge