Bump the dependencies group with 5 updates

[dependabot]

Bumps the dependencies group with 5 updates:

Package	From	To
bandit	1.8.0	1.8.2
poethepoet	0.32.0	0.32.2
ruff	0.8.4	0.9.4
pytest-asyncio	0.25.0	0.25.3
mkdocs-material	9.5.49	9.6.1

Updates bandit from 1.8.0 to 1.8.2

Release notes

Sourced from bandit's releases.

1.8.2

What's Changed

• Revert "Start testing with 3.14 alphas" by @​ericwb in PyCQA/bandit#1217

Full Changelog: PyCQA/bandit@1.8.1...1.8.2

1.8.1

What's Changed

• Bump docker/build-push-action from 6.9.0 to 6.10.0 by @​dependabot in PyCQA/bandit#1209
• Update the bug template with latest bandit version by @​ericwb in PyCQA/bandit#1208
• Add Mercedes-Benz to sponsor list by @​ericwb in PyCQA/bandit#1210
• Bump docker/setup-buildx-action from 3.7.1 to 3.8.0 by @​dependabot in PyCQA/bandit#1211
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in PyCQA/bandit#1213
• Start testing with 3.14 alphas by @​ericwb in PyCQA/bandit#1189
• Remove lxml (B320 & B410) from blacklist by @​djbrown in PyCQA/bandit#1212
• Clarify "getting started" docs by @​Flimm in PyCQA/bandit#963

New Contributors

• @​djbrown made their first contribution in PyCQA/bandit#1212
• @​Flimm made their first contribution in PyCQA/bandit#963

Full Changelog: PyCQA/bandit@1.8.0...1.8.1

Commits

• c2c336d Revert "Start testing with 3.14 alphas" (#1217)
• e58379c Clarify "getting started" docs (#963)
• e4da0b3 Remove lxml (B320 & B410) from blacklist (#1212)
• 13d3406 Start testing with 3.14 alphas (#1189)
• 1abd1d7 [pre-commit.ci] pre-commit autoupdate (#1213)
• 8e3c928 Bump docker/setup-buildx-action from 3.7.1 to 3.8.0 (#1211)
• 929d597 Add Mercedes-Benz to sponsor list (#1210)
• ead6717 Update the bug template with latest bandit version (#1208)
• 65ddf8f Bump docker/build-push-action from 6.9.0 to 6.10.0 (#1209)
• See full diff in compare view

Updates poethepoet from 0.32.0 to 0.32.2

Release notes

Sourced from poethepoet's releases.

0.32.2

Fixes

• Improve detection of poetry 2.0 projects via the build-system table by @​nat-n in nat-n/poethepoet#274
• Fix usage without Poetry doc link in the readme by @​johnthagen in nat-n/poethepoet#273

New Contributors

• @​johnthagen made their first contribution in nat-n/poethepoet#273

Full Changelog: nat-n/poethepoet@v0.32.1...v0.32.2

0.32.1

Enhancements

• feat: Upgrade poetry dependency to make the poetry plugin work with poetry 2.0 by @​nat-n in nat-n/poethepoet#269

Full Changelog: nat-n/poethepoet@v0.32.0...v0.32.1

Commits

• See full diff in compare view

Updates ruff from 0.8.4 to 0.9.4

Release notes

Sourced from ruff's releases.

0.9.4

Release Notes

Preview features

• [airflow] Extend airflow context parameter check for BaseOperator.execute (AIR302) (#15713)
• [airflow] Update AIR302 to check for deprecated context keys (#15144)
• [flake8-bandit] Permit suspicious imports within stub files (S4) (#15822)
• [pylint] Do not trigger PLR6201 on empty collections (#15732)
• [refurb] Do not emit diagnostic when loop variables are used outside loop body (FURB122) (#15757)
• [ruff] Add support for more re patterns (RUF055) (#15764)
• [ruff] Check for shadowed map before suggesting fix (RUF058) (#15790)
• [ruff] Do not emit diagnostic when all arguments to zip() are variadic (RUF058) (#15744)
• [ruff] Parenthesize fix when argument spans multiple lines for unnecessary-round (RUF057) (#15703)

Rule changes

• Preserve quote style in generated code (#15726, #15778, #15794)
• [flake8-bugbear] Exempt NewType calls where the original type is immutable (B008) (#15765)
• [pylint] Honor banned top-level imports by TID253 in PLC0415. (#15628)
• [pyupgrade] Ignore is_typeddict and TypedDict for deprecated-import (UP035) (#15800)

CLI

• Fix formatter warning message for flake8-quotes option (#15788)
• Implement tab autocomplete for ruff config (#15603)

Bug fixes

• [flake8-comprehensions] Do not emit unnecessary-map diagnostic when lambda has different arity (C417) (#15802)
• [flake8-comprehensions] Parenthesize sorted when needed for unnecessary-call-around-sorted (C413) (#15825)
• [pyupgrade] Handle end-of-line comments for quoted-annotation (UP037) (#15824)

Documentation

• Add missing config docstrings (#15803)
• Add references to trio.run_process and anyio.run_process (#15761)
• Use uv init --lib in tutorial (#15718)

Contributors

• @​AlexWaygood
• @​Garrett-R
• @​InSyncWithFoo
• @​JelleZijlstra
• @​Lee-W
• @​MichaReiser
• @​charliermarsh
• @​dcreager
• @​dhruvmanila
• @​dylwil3

... (truncated)

Changelog

Sourced from ruff's changelog.

0.9.4

Preview features

• [airflow] Extend airflow context parameter check for BaseOperator.execute (AIR302) (#15713)
• [airflow] Update AIR302 to check for deprecated context keys (#15144)
• [flake8-bandit] Permit suspicious imports within stub files (S4) (#15822)
• [pylint] Do not trigger PLR6201 on empty collections (#15732)
• [refurb] Do not emit diagnostic when loop variables are used outside loop body (FURB122) (#15757)
• [ruff] Add support for more re patterns (RUF055) (#15764)
• [ruff] Check for shadowed map before suggesting fix (RUF058) (#15790)
• [ruff] Do not emit diagnostic when all arguments to zip() are variadic (RUF058) (#15744)
• [ruff] Parenthesize fix when argument spans multiple lines for unnecessary-round (RUF057) (#15703)

Rule changes

• Preserve quote style in generated code (#15726, #15778, #15794)
• [flake8-bugbear] Exempt NewType calls where the original type is immutable (B008) (#15765)
• [pylint] Honor banned top-level imports by TID253 in PLC0415. (#15628)
• [pyupgrade] Ignore is_typeddict and TypedDict for deprecated-import (UP035) (#15800)

CLI

• Fix formatter warning message for flake8-quotes option (#15788)
• Implement tab autocomplete for ruff config (#15603)

Bug fixes

• [flake8-comprehensions] Do not emit unnecessary-map diagnostic when lambda has different arity (C417) (#15802)
• [flake8-comprehensions] Parenthesize sorted when needed for unnecessary-call-around-sorted (C413) (#15825)
• [pyupgrade] Handle end-of-line comments for quoted-annotation (UP037) (#15824)

Documentation

• Add missing config docstrings (#15803)
• Add references to trio.run_process and anyio.run_process (#15761)
• Use uv init --lib in tutorial (#15718)

0.9.3

Preview features

• [airflow] Argument fail_stop in DAG has been renamed as fail_fast (AIR302) (#15633)
• [airflow] Extend AIR303 with more symbols (#15611)
• [flake8-bandit] Report all references to suspicious functions (S3) (#15541)
• [flake8-pytest-style] Do not emit diagnostics for empty for loops (PT012, PT031) (#15542)
• [flake8-simplify] Avoid double negations (SIM103) (#15562)
• [pyflakes] Fix infinite loop with unused local import in __init__.py (F401) (#15517)
• [pylint] Do not report methods with only one EM101-compatible raise (PLR6301) (#15507)
• [pylint] Implement redefined-slots-in-subclass (W0244) (#9640)

... (truncated)

Commits

• 854ab03 Bump version to 0.9.4 (#15831)
• b0b8b06 Remove semicolon after TypeScript interface definition (#15827)
• 451f251 [red-knot] Clarify behavior when redeclaring base class attributes (#15826)
• 13cf3e6 [flake8-comprehensions] Parenthesize sorted when needed for `unnecessary-...
• 56f956a [pyupgrade] Handle end-of-line comments for quoted-annotation (UP037) (...
• 7a10a40 [flake8-bandit] Permit suspicious imports within stub files (S4) (#15822)
• 3125332 [red-knot] Format mdtest snippets with the latest version of black (#15819)
• 15d886a [red-knot] Consider all definitions after terminal statements unreachable (#1...
• e1c9d10 [flake8-comprehensions] Do not emit unnecessary-map diagnostic when lambd...
• 23c9884 Preserve quotes in generated f-strings (#15794)
• Additional commits viewable in compare view

Updates pytest-asyncio from 0.25.0 to 0.25.3

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio 0.25.3

• Avoid errors in cleanup of async generators when event loop is already closed #1040

pytest-asyncio 0.25.2

• Call loop.shutdown_asyncgens() before closing the event loop to ensure async generators are closed in the same manner as asyncio.run does #1034

pytest-asyncio 0.25.1

• Fixes an issue that caused a broken event loop when a function-scoped test was executed in between two tests with wider loop scope #950
• Improves test collection speed in auto mode #1020
• Corrects the warning that is emitted upon redefining the event_loop fixture

Commits

• 7c50192 fix: Avoid errors in cleanup of async generators when event loop is already c...
• 2188cdb build: Prepare release of v0.25.2.
• c3ad634 fix: Shutdown generators before closing event loops.
• e8ffb10 [pre-commit.ci] pre-commit autoupdate
• aae43d4 Build(deps): Bump hypothesis in /dependencies/default
• 941e8b5 Build(deps): Bump pygments from 2.18.0 to 2.19.1 in /dependencies/docs
• 623ab74 docs: Prepare release of v0.25.1.
• c236550 docs: Fix broken link to the pytest.mark.asyncio reference.
• 41c645b fix: Correct warning message when redefining the event_loop fixture.
• 2fd10f8 docs: Clarify deprecation of event_loop fixture.
• Additional commits viewable in compare view

Updates mkdocs-material from 9.5.49 to 9.6.1

Release notes

Sourced from mkdocs-material's releases.

mkdocs-material-9.6.1

• Fixed #7943: Tags plugin crashing due to merge error

mkdocs-material-9.6.0

• Added meta plugin
• Rewrite of the tags plugin
• Added support for allow lists in tags plugin
• Added support for and custom sorting in tags plugin
• Added support for related links in blog plugin
• Added support for custom index pages in blog plugin
• Added support for navigation subtitles
• Fixed #7924: Anchors might require two clicks when using instant navigation

mkdocs-material-9.5.50

• Fixed #7913: Social plugin renders attribute lists in page title

Changelog

Sourced from mkdocs-material's changelog.

mkdocs-material-9.6.1 (2025-01-31)

• Fixed #7943: Tags plugin crashing due to merge error

mkdocs-material-9.6.0 (2025-01-31)

• Added meta plugin
• Rewrite of the tags plugin
• Added support for allow lists in tags plugin
• Added support for and custom sorting in tags plugin
• Added support for related links in blog plugin
• Added support for custom index pages in blog plugin
• Added support for navigation subtitles
• Fixed #7924: Anchors might require two clicks when using instant navigation

mkdocs-material-9.5.50 (2025-01-18)

• Fixed #7913: Social plugin renders attribute lists in page title

mkdocs-material-9.5.49+insiders-4.53.15 (2025-01-15)

• Fixed #7896: Scoped tags listings not rendering in subsections

mkdocs-material-9.5.49 (2024-12-16)

• Adjusted title color in dark mode for all supported Mermaid.js diagrams
• Fixed #7803: Privacy plugin crashes on generated files
• Fixed #7781: Mermaid.js flow chart title not visible in dark mode

mkdocs-material-9.5.48 (2024-12-08)

• Fixed #7774: Disabling social cards doesn't work

mkdocs-material-9.5.47 (2024-12-01)

• Fixed #7750: Numeric tags break search
• Fixed #7748: Blog plugin breaks when using future drafts (9.5.45 regression)

mkdocs-material-9.5.46 (2024-11-25)

• Added support for removing preload hints in privacy plugin
• Fixed #7734: Code blocks in h5 headlines are uppercased
• Fixed #7725: Blog plugin crashing on missing timezone (9.5.45 regression)

mkdocs-material-9.5.45 (2024-11-20)

• Reduced size of Docker image through multi-stage build
• Fixed #7708: Blog plugin crashing on YAML dates with timezones

mkdocs-material-9.5.44 (2024-11-05)

... (truncated)

Commits

• 454af62 Prepare 9.6.1 release
• 2d147c7 Fixed crashing tags plugin
• 34dc4fe Updated Premium sponsors
• 8edc6f8 Updated Premium sponsors
• 0be1d6b Documentation
• 34e301d Fixed build badge
• 4ca5214 Corrected position of related links in blog post
• 627737a Merge pull request #7942 from squidfunk/merge/chipotle
• 49daf57 Updated dependencies
• 1416697 Prepare 9.6.0 release
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (6d232fa) to head (d52996f).
Report is 25 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##              main       #69    +/-   ##
==========================================
  Coverage   100.00%   100.00%            
==========================================
  Files           48        29    -19     
  Lines          662       354   -308     
==========================================
- Hits           662       354   -308     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.