build(deps): bump the python-minor group across 1 directory with 3 updates

[dependabot]

Bumps the python-minor group with 3 updates in the / directory: black, bandit and maturin.

Updates black from 26.1.0 to 26.3.0

Release notes

Sourced from black's releases.

26.3.0

Stable style

• Don't double-decode input, causing non-UTF-8 files to be corrupted (#4964)
• Fix crash on standalone comment in lambda default arguments (#4993)
• Preserve parentheses when # type: ignore comments would be merged with other comments on the same line, preventing AST equivalence failures (#4888)

Preview style

• Fix bug where if guards in case blocks were incorrectly split when the pattern had a trailing comma (#4884)
• Fix string_processing crashing on unassigned long string literals with trailing commas (one-item tuples) (#4929)
• Simplify implementation of the power operator "hugging" logic (#4918)

Packaging

• Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (#4930)

Performance

• Introduce winloop for windows as an alternative to uvloop (#4996)
• Remove deprecated function uvloop.install() in favor of uvloop.new_event_loop() (#4996)
• Rename maybe_install_uvloop function to maybe_use_uvloop to simplify loop installation and creation of either a uvloop/winloop evenloop or default eventloop (#4996)

Output

• Emit a clear warning when the target Python version is newer than the running Python version, since AST safety checks cannot parse newer syntax. Also replace the misleading "INTERNAL ERROR" message with an actionable error explaining the version mismatch (#4983)

Blackd

• Introduce winloop to be used when windows in use which enables blackd to run faster on windows when winloop is installed. (#4996)

Integrations

• Remove unused gallery script (#5030)
• Harden parsing of black requirements in the GitHub Action when use_pyproject is enabled so that only version specifiers are accepted and direct references such as black @ https://... are rejected. Users should upgrade to the latest version of the action as soon as possible. This update is received automatically when using psf/black@stable, and is independent of the version of Black installed by the

... (truncated)

Changelog

Sourced from black's changelog.

26.3.0

Stable style

• Don't double-decode input, causing non-UTF-8 files to be corrupted (#4964)
• Fix crash on standalone comment in lambda default arguments (#4993)
• Preserve parentheses when # type: ignore comments would be merged with other comments on the same line, preventing AST equivalence failures (#4888)

Preview style

• Fix bug where if guards in case blocks were incorrectly split when the pattern had a trailing comma (#4884)
• Fix string_processing crashing on unassigned long string literals with trailing commas (one-item tuples) (#4929)
• Simplify implementation of the power operator "hugging" logic (#4918)

Packaging

• Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (#4930)

Performance

• Introduce winloop for windows as an alternative to uvloop (#4996)
• Remove deprecated function uvloop.install() in favor of uvloop.new_event_loop() (#4996)
• Rename maybe_install_uvloop function to maybe_use_uvloop to simplify loop installation and creation of either a uvloop/winloop evenloop or default eventloop (#4996)

Output

• Emit a clear warning when the target Python version is newer than the running Python version, since AST safety checks cannot parse newer syntax. Also replace the misleading "INTERNAL ERROR" message with an actionable error explaining the version mismatch (#4983)

Blackd

• Introduce winloop to be used when windows in use which enables blackd to run faster on windows when winloop is installed. (#4996)

Integrations

• Remove unused gallery script (#5030)
• Harden parsing of black requirements in the GitHub Action when use_pyproject is enabled so that only version specifiers are accepted and direct references such as black @ https://... are rejected. Users should upgrade to the latest version of the action as soon as possible. This update is received automatically when using

... (truncated)

Commits

• 35ea679 Prepare release 26.3.0 (#5032)
• 4d81750 Remove gallery/ (#5030)
• 0a2560b Harden Black action version parsing (#5031)
• deab5d6 Revert "Bump hatch from 1.15.1 to 1.16.4" (#5028)
• 2beece7 Bump hatch from 1.15.1 to 1.16.4 (#5020)
• d764c0b Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#5024)
• f5be8e0 Bump actions/download-artifact from 7.0.0 to 8.0.0 (#5019)
• 8b9d3e3 add winloop support and remove deprecated functionality from uvloop (#4996)
• 457320a [pre-commit.ci] pre-commit autoupdate (#5018)
• 4da809e Do not encourage the use of an obsolete GitHub Actions (#5016)
• Additional commits viewable in compare view

Updates bandit from 1.9.3 to 1.9.4

Release notes

Sourced from bandit's releases.

1.9.4

What's Changed

• chore: fixed some typos in comments by @​jakob1379 in PyCQA/bandit#1351
• Bump docker/login-action from 3.6.0 to 3.7.0 by @​dependabot[bot] in PyCQA/bandit#1353
• Bump docker/build-push-action from 6.18.0 to 6.19.2 by @​dependabot[bot] in PyCQA/bandit#1357
• Fix B613 crash when reading from stdin by @​worksbyfriday in PyCQA/bandit#1361
• Include filename in nosec 'no failed test' warning by @​worksbyfriday in PyCQA/bandit#1363
• Fix B615 false positive when revision is set via variable by @​worksbyfriday in PyCQA/bandit#1358
• Lower version guard in check_ast_node to Python 3.12 by @​rcgray in PyCQA/bandit#1355
• Fix B106 reporting wrong line number on multiline function calls by @​worksbyfriday in PyCQA/bandit#1360

New Contributors

• @​jakob1379 made their first contribution in PyCQA/bandit#1351
• @​worksbyfriday made their first contribution in PyCQA/bandit#1361
• @​rcgray made their first contribution in PyCQA/bandit#1355

Full Changelog: PyCQA/bandit@1.9.3...1.9.4

Commits

• 92ae8b8 Fix B106 reporting wrong line number on multiline function calls (#1360)
• c8c8a55 Lower version guard in check_ast_node to Python 3.12 (#1355)
• 8f2f928 Fix B615 false positive when revision is set via variable (#1358)
• e27493f Include filename in nosec 'no failed test' warning (#1363)
• b69b336 Fix B613 crash when reading from stdin (#1361)
• e418b79 Bump docker/build-push-action from 6.18.0 to 6.19.2 (#1357)
• ff646fd Bump docker/login-action from 3.6.0 to 3.7.0 (#1353)
• c0def6c chore: fixed some typos in comments (#1351)
• See full diff in compare view

Updates maturin from 1.12.4 to 1.12.6

Release notes

Sourced from maturin's releases.

v1.12.6

What's Changed

• Sync legacy_py.rs with upstream PyPI warehouse legacy.py (#3053)
• Keep cargo build artifact at original path after staging (#3054)

Full Changelog: PyO3/maturin@v1.12.5...v1.12.6

v1.12.5

What's Changed

• feat: include debug info files (.pdb, .dSYM, .dwp) in wheels by @​messense in PyO3/maturin#3024
• Fix wrong abi3 tag for conditional cargo features enabled pyo3 abi3 feature by @​messense in PyO3/maturin#3029
• fix: maturin build --sdist wheel name/layout for excluded workspace crates by @​messense in PyO3/maturin#3031
• fix: preserve wheel output dir when building from unpacked sdist by @​messense in PyO3/maturin#3036
• feat: add python-implementation condition to conditional features by @​messense in PyO3/maturin#3038
• Update zip to 8.1 by @​musicinmybrain in PyO3/maturin#3039
• Use the latest version of github actions by @​Armavica in PyO3/maturin#3040
• Use renovate and pinned hashes for GitHub Actions by @​konstin in PyO3/maturin#3043
• chore(deps): update taiki-e/install-action digest to 7410117 by @​renovate[bot] in PyO3/maturin#3046
• Fix non-existent comment tag by @​konstin in PyO3/maturin#3044
• chore(deps): update dtolnay/rust-toolchain digest to efa25f7 by @​renovate[bot] in PyO3/maturin#3045
• chore(deps): update actions/attest-build-provenance action to v4 by @​renovate[bot] in PyO3/maturin#3047
• Use mmap for faster warn_missing_py_init by @​orlp in PyO3/maturin#2950, to be safe we now move the cargo built artifact to target/maturin so this may cause breakage if you rely on it in standard cargo target/ location

New Contributors

• @​Armavica made their first contribution in PyO3/maturin#3040
• @​renovate[bot] made their first contribution in PyO3/maturin#3046
• @​orlp made their first contribution in PyO3/maturin#2950

Full Changelog: PyO3/maturin@v1.12.4...v1.12.5

Changelog

Sourced from maturin's changelog.

1.12.6

• Sync legacy_py.rs with upstream PyPI warehouse legacy.py (#3053)
• Keep cargo build artifact at original path after staging (#3054)

1.12.5

• Feat: include debug info files (.pdb, .dSYM, .dwp) in wheels (#3024)
• Fix wrong abi3 tag for conditional cargo features enabled pyo3 abi3 feature (#3029)
• Fix: maturin build --sdist wheel name/layout for excluded workspace crates (#3031)
• Fix: preserve wheel output dir when building from unpacked sdist (#3036)
• Feat: add python-implementation condition to conditional features (#3038)
• Update zip to 8.1 (#3039)
• Use the latest version of github actions (#3040)
• Use renovate and pinned hashes for GitHub Actions (#3043)
• Chore(deps): update taiki-e/install-action digest to 7410117 (#3046)
• Chore(deps): update dtolnay/rust-toolchain digest to efa25f7 (#3045)
• Chore(deps): update actions/attest-build-provenance action to v4 (#3047)
• Use mmap for faster warn_missing_py_init (#2950)

Commits

• b61a28e Release v1.12.6
• 92d919f Keep cargo build artifact at original path after staging
• 7c69ef6 Sync legacy_py.rs with upstream PyPI warehouse legacy.py (#3053)
• 90091c8 Fix Windows binary placed in subdirectory inside zip archive
• 917fa7f Release v1.12.5
• 1bfaa8c Use mmap for faster warn_missing_py_init (#2950)
• 569b5f5 chore(deps): update actions/attest-build-provenance action to v4 (#3047)
• 00580be chore(deps): update dtolnay/rust-toolchain digest to efa25f7 (#3045)
• e4fa36d Fix non-existent comment tag (#3044)
• 8870594 chore(deps): update taiki-e/install-action digest to 7410117 (#3046)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!