Deps: Bump the python-packages group with 4 updates

[dependabot]

Bumps the python-packages group with 4 updates: httpcore, rich, ruff and tomli.

Updates httpcore from 1.0.5 to 1.0.6

Release notes

Sourced from httpcore's releases.

Version 1.0.6 (October 1st, 2024)

• Relax trio dependency pinning. (#956)
• Handle trio raising NotImplementedError on unsupported platforms. (#955)
• Handle mapping ssl.SSLError to httpcore.ConnectError. (#918)

Changelog

Sourced from httpcore's changelog.

Version 1.0.6 (October 1st, 2024)

• Relax trio dependency pinning. (#956)
• Handle trio raising NotImplementedError on unsupported platforms. (#955)
• Handle mapping ssl.SSLError to httpcore.ConnectError. (#918)

Commits

• 4ee1ca2 Version 1.0.6 (#957)
• 0804ea6 Relax trio dependency pin. (#956)
• 17409bb Handle trio raising NotImplementedError on unsupported platforms. (#955)
• 4aac649 Add pragma: nocover
• ba3f942 Bump aiohttp from 3.9.5 to 3.10.2 (#942)
• 7d87c9d Update werkzeug requirement from <2.1 to <3.1 (#940)
• acf7d15 Bump the python-packages group with 7 updates (#933)
• 711292e Bump urllib3 from 2.2.1 to 2.2.2 (#931)
• da86ca4 Add benchmarking script (#923)
• 48651f6 Bump the python-packages group with 6 updates (#916)
• Additional commits viewable in compare view

Updates rich from 13.8.1 to 13.9.2

Release notes

Sourced from rich's releases.

The Splitting segments Release

A hotfix for highlighting in the table, and a fix for Segment.split_cells

[13.9.2] - 2024-10-04

Fixed

• Fixed Table columns not highlighting when added by add_row Textualize/rich#3517
• Fixed an issue with Segment.split_cells reported in Textual Textualize/textual#5090

Hotfix for dependency issue

[13.9.1] - 2024-10-01

Fixed

• Fixed typing_extensions dependency

The so long Python 3.7 release

This version adds support for fine-grained information in tracebacks. In other words, it will highlight columns in tracebacks (for supported Python versions). Here's an example:

This version also drops support for Python 3.7, which has long since reached its EOL. If you are stuck on Python3.7 for any reason, you will not be able to upgrade to this version, but nothing should break.

See below for other changes in this release.

[13.9.0] - 2024-10-01

Changed

• Dropped support for Python3.7 Textualize/rich#3509
• Rich will display tracebacks with finely grained error locations on python 3.11+ Textualize/rich#3486

Fixed

• Fixed issue with Segment._split_cells Textualize/rich#3506
• Fix auto detection of terminal size on Windows Textualize/rich#2916
• Text.style now respected in Panel title/subtitle Textualize/rich#3509

Changelog

Sourced from rich's changelog.

[13.9.2] - 2024-10-04

Fixed

• Fixed Table columns not highlighting when added by add_row Textualize/rich#3517
• Fixed an issue with Segment.split_cells reported in Textual Textualize/textual#5090

[13.9.1] - 2024-10-01

Fixed

• Fixed typing_extensions dependency

[13.9.0] - 2024-10-01

Changed

• Dropped support for Python3.7 Textualize/rich#3509
• Rich will display tracebacks with finely grained error locations on python 3.11+ Textualize/rich#3486

Fixed

• Fixed issue with Segment._split_cells Textualize/rich#3506
• Fix auto detection of terminal size on Windows Textualize/rich#2916
• Text.style now respected in Panel title/subtitle Textualize/rich#3509

Commits

• 0f2f51b Merge pull request #3521 from Textualize/splitcells-fix
• 8b84ee9 Merge pull request #3514 from mdmintz/complete-the-3.7-drop
• 661ae8d version bump
• 834d178 tests
• babf74a more tests
• 4f40703 fix for split cells
• 6607492 Merge pull request #3518 from TomJGooding/fix-table-highlight-columns-added-b...
• e732952 Merge pull request #3519 from TomJGooding/docs-table-add-column-highlight-option
• 0176bef docs(table): add column highlight option
• 16b3830 fix(table): highlight columns added by add_row
• Additional commits viewable in compare view

Updates ruff from 0.6.8 to 0.6.9

Release notes

Sourced from ruff's releases.

0.6.9

Release Notes

Preview features

• Fix codeblock dynamic line length calculation for indented docstring examples (#13523)
• [refurb] Mark FURB118 fix as unsafe (#13613)

Rule changes

• [pydocstyle] Don't raise D208 when last line is non-empty (#13372)
• [pylint] Preserve trivia (i.e. comments) in PLR5501 autofix (#13573)

Configuration

• [pyflakes] Add allow-unused-imports setting for unused-import rule (F401) (#13601)

Bug fixes

• Support ruff discovery in pip build environments (#13591)
• [flake8-bugbear] Avoid short circuiting B017 for multiple context managers (#13609)
• [pylint] Do not offer an invalid fix for PLR1716 when the comparisons contain parenthesis (#13527)
• [pyupgrade] Fix UP043 to apply to collections.abc.Generator and collections.abc.AsyncGenerator (#13611)
• [refurb] Fix handling of slices in tuples for FURB118, e.g., x[:, 1] (#13518)

Documentation

• Update GitHub Action link to astral-sh/ruff-action (#13551)

Install ruff 0.6.9

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.6.9/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy ByPass -c "irm https://github.com/astral-sh/ruff/releases/download/0.6.9/ruff-installer.ps1 | iex"

Download ruff 0.6.9

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ruff-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.6.9

Preview features

• Fix codeblock dynamic line length calculation for indented docstring examples (#13523)
• [refurb] Mark FURB118 fix as unsafe (#13613)

Rule changes

• [pydocstyle] Don't raise D208 when last line is non-empty (#13372)
• [pylint] Preserve trivia (i.e. comments) in PLR5501 autofix (#13573)

Configuration

• [pyflakes] Add allow-unused-imports setting for unused-import rule (F401) (#13601)

Bug fixes

• Support ruff discovery in pip build environments (#13591)
• [flake8-bugbear] Avoid short circuiting B017 for multiple context managers (#13609)
• [pylint] Do not offer an invalid fix for PLR1716 when the comparisons contain parenthesis (#13527)
• [pyupgrade] Fix UP043 to apply to collections.abc.Generator and collections.abc.AsyncGenerator (#13611)
• [refurb] Fix handling of slices in tuples for FURB118, e.g., x[:, 1] (#13518)

Documentation

• Update GitHub Action link to astral-sh/ruff-action (#13551)

Commits

• 975be9c Bump version to 0.6.9 (#13624)
• 99e4566 Mark FURB118 fix as unsafe (#13613)
• 7ad07c2 Add allow-unused-imports setting for unused-import rule (F401) (#13601)
• 4aefe52 Support ruff discovery in pip build environments (#13591)
• cc1f766 Preserve trivia (i.e. comments) in PLR5501 (#13573)
• fdd0a22 Move to maintained mirror of prettier (#13592)
• 3728d5b [pyupgrade] Fix UP043 to apply to collections.abc.Generator and `collecti...
• 7e3894f Avoid short circuiting B017 for multiple context managers (#13609)
• c3b40da Use backticks for code in red-knot messages (#13599)
• ef45185 Allow users to provide custom diagnostic messages when unwrapping calls (#13597)
• Additional commits viewable in compare view

Updates tomli from 2.0.1 to 2.0.2

Changelog

Sourced from tomli's changelog.

2.0.2

• Removed
  • Python 3.7 support
• Improved
  • Make loads raise TypeError not AttributeError on bad input types that do not have the replace attribute. Improve error message when bytes is received.
• Type annotations
  • Type annotate load input as typing.IO[bytes] (previously typing.BinaryIO).

Commits

• 3ec6775 Bump version: 2.0.1 → 2.0.2
• 1dcd317 Add v2.0.2 changelog
• c94ee69 Fix GitHub Actions badge
• 4e245a4 tomli.loads: Raise TypeError not AttributeError. Improve message (#229)
• facdab0 Update pre-commit. Remove docformatter
• a613867 Use sys.version_info in compatibility layer (#220)
• 39eff9b Add support for Python 3.12, drop EOL 3.7 (#224)
• 0054e60 [pre-commit.ci] pre-commit autoupdate (#208)
• 1bd3345 Test against Python 3.12-dev
• 5646e69 Type annotate as IO[bytes], not BinaryIO
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 7886d02.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package	Version	Score	Details
pip/httpcore	1.0.6	🟢 6.6	Details Check Score Reason Code-Review 🟢 9 Found 18/20 approved changesets -- score normalized to 9 Maintained 🟢 5 6 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/rich	13.9.2	🟢 7.6	Details Check Score Reason Code-Review 🟢 6 Found 5/8 approved changesets -- score normalized to 6 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 9 1 existing vulnerabilities detected
pip/ruff	0.6.9	Unknown	Unknown
pip/tomli	2.0.2	🟢 5.3	Details Check Score Reason Code-Review ⚠️ 2 Found 6/24 approved changesets -- score normalized to 2 Maintained 🟢 6 6 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 6 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Manifest Files

poetry.lock

• httpcore@1.0.6
• rich@13.9.2
• ruff@0.6.9
• tomli@2.0.2
• httpcore@1.0.5
• rich@13.8.1
• ruff@0.6.8
• tomli@2.0.1

[github-actions]

Conventional Commits Report

Type	Number
Dependencies	1

🚀 Conventional commits found.