Bump the dev-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the dev-dependencies group with 6 updates in the /export directory:

Package	From	To
mypy	1.10.0	1.13.0
types-setuptools	70.0.0.20240524	75.2.0.20241025
pytest	8.2.2	8.3.3
pytest-cov	5.0.0	6.0.0
semgrep	1.76.0	1.95.0
types-pexpect	4.9.0.20240311	4.9.0.20240806

Updates mypy from 1.10.0 to 1.13.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next release

Change to enum membership semantics

As per the updated typing specification for enums, enum members must be left unannotated.

class Pet(Enum):
    CAT = 1  # Member attribute
    DOG = 2  # Member attribute
    WOLF: int = 3  # New error: Enum members must be left unannotated
species: str  # Considered a non-member attribute

In particular, the specification change can result in issues in type stubs (.pyi files), since historically it was common to leave the value absent:

# In a type stub (.pyi file)
class Pet(Enum):
# Change in semantics: previously considered members, now non-member attributes
CAT: int
DOG: int
# Mypy will now issue a warning if it detects this situation in type stubs:
# > Detected enum "Pet" in a type stub with zero members.
# > There is a chance this is due to a recent change in the semantics of enum membership.
# > If so, use `member = value` to mark an enum member, instead of `member: type`

class Pet(Enum):
# As per the specification, you should now do one of the following:
DOG = 1  # Member attribute with value 1 and known type
WOLF = cast(int, ...)  # Member attribute with unknown value but known type
LION = ...  # Member attribute with unknown value and unknown type

Contributed by Terence Honles in PR 17207 and Shantanu Jain in PR 18068.

Mypy 1.13

We’ve just uploaded mypy 1.13 to the Python Package Index (PyPI). Mypy is a static type checker for Python. You can install it as follows:

python3 -m pip install -U mypy

... (truncated)

Commits

• eb31034 Bump version to 1.13.0
• 2eeb588 Update changelog for 1.12.1 (#17999)
• bc0386b Changelog for 1.13 (#18000)
• 5c4d2db Add faster-cache extra, test in CI (#17978)
• 854ad18 Make is_sub_path faster (#17962)
• 50aa4ca Speed up stubs suggestions (#17965)
• 7c27808 Use orjson instead of json, when available (#17955)
• 2cd2406 Use fast path in modulefinder more often (#17950)
• e20aaee Let mypyc optimise os.path.join (#17949)
• 159974c Use sha1 for hashing (#17953)
• Additional commits viewable in compare view

Updates types-setuptools from 70.0.0.20240524 to 75.2.0.20241025

Commits

• See full diff in compare view

Updates pytest from 8.2.2 to 8.3.3

Release notes

Sourced from pytest's releases.

8.3.3

pytest 8.3.3 (2024-09-09)

Bug fixes

• #12446: Avoid calling @property (and other instance descriptors) during fixture discovery -- by asottile{.interpreted-text role="user"}

• #12659: Fixed the issue of not displaying assertion failure differences when using the parameter --import-mode=importlib in pytest>=8.1.

• #12667: Fixed a regression where type change in [ExceptionInfo.errisinstance]{.title-ref} caused [mypy]{.title-ref} to fail.

• #12744: Fixed typing compatibility with Python 3.9 or less -- replaced [typing.Self]{.title-ref} with [typing_extensions.Self]{.title-ref} -- by Avasam{.interpreted-text role="user"}

• #12745: Fixed an issue with backslashes being incorrectly converted in nodeid paths on Windows, ensuring consistent path handling across environments.

• #6682: Fixed bug where the verbosity levels where not being respected when printing the "msg" part of failed assertion (as in assert condition, msg).

• #9422: Fix bug where disabling the terminal plugin via -p no:terminal would cause crashes related to missing the verbose option.

  -- by GTowers1{.interpreted-text role="user"}

Improved documentation

• #12663: Clarify that the [pytest_deselected]{.title-ref} hook should be called from [pytest_collection_modifyitems]{.title-ref} hook implementations when items are deselected.
• #12678: Remove erroneous quotes from [tmp_path_retention_policy]{.title-ref} example in docs.

Miscellaneous internal changes

• #12769: Fix typos discovered by codespell and add codespell to pre-commit hooks.

8.3.2

pytest 8.3.2 (2024-07-24)

Bug fixes

• #12652: Resolve regression [conda]{.title-ref} environments where no longer being automatically detected.

  -- by RonnyPfannschmidt{.interpreted-text role="user"}

8.3.1

pytest 8.3.1 (2024-07-20)

The 8.3.0 release failed to include the change notes and docs for the release. This patch release remedies this. There are no other changes.

... (truncated)

Commits

• d0f136f build(deps): Bump pypa/gh-action-pypi-publish from 1.10.0 to 1.10.1 (#12790)
• 972f307 Prepare release version 8.3.3
• 0dabdcf Include co-authors in release announcement (#12795) (#12797)
• a9910a4 Do not discover properties when iterating fixtures (#12781) (#12788)
• 0f10b6b Fix issue with slashes being turned into backslashes on Windows (#12760) (#12...
• 300d13d Merge pull request #12785 from pytest-dev/patchback/backports/8.3.x/57cccf7f4...
• e5d32c7 Merge pull request #12784 from svenevs/fix/docs-example-parametrize-minor-typo
• bc913d1 Streamline checks for verbose option (#12706) (#12778)
• 01cfcc9 Fix typos and introduce codespell pre-commit hook (#12769) (#12774)
• 4873394 doc: Remove past training (#12772) (#12773)
• Additional commits viewable in compare view

Updates pytest-cov from 5.0.0 to 6.0.0

Changelog

Sourced from pytest-cov's changelog.

6.0.0 (2024-10-29)

• Updated various documentation inaccuracies, especially on subprocess handling.
• Changed fail under checks to use the precision set in the coverage configuration. Now it will perform the check just like coverage report would.
• Added a --cov-precision cli option that can override the value set in your coverage configuration.
• Dropped support for now EOL Python 3.8.

Commits

• 9540437 Bump version: 5.0.0 → 6.0.0
• 9f81754 Further trim down envs and drop Python 3.8.
• b12b5ec Update conf.
• 23f4b27 Update changelog.
• 291a04f Bump test deps and trim config.
• 08f1101 Add --cov-precision option. Close #655.
• 76fe2a7 Move the warnings/errors in a place that doesn't import anything.
• a9ea7b7 Implement error/warning for the bad dynamic_context being set in config.
• c299e01 Add explicit suffixing to make it easier to see the identify the sources/usag...
• c87e546 Add reproducer for weird xdist dynamic_context interaction. Ref #604.
• Additional commits viewable in compare view

Updates semgrep from 1.76.0 to 1.95.0

Release notes

Sourced from semgrep's releases.

Release v1.95.0

1.95.0 - 2024-10-31

Changed

• Remove deprecated --enable-experimental-requirements flag. Functionality has been always enabled since Semgrep 1.93.0. (ssc-1903)

Fixed

• osemgrep: Running osemgrep with the Pro Engine now correctly runs rules with proprietary languages (saf-1686)
• Fixed bug where semgrep would crash if --trace was passed (saf-tracing)

Release v1.94.0

1.94.0 - 2024-10-30

Fixed

• pro: taint-mode: Semgrep should no longer confuse a return in a lambda with a return in its enclosing function.

  E.g. In the example below the return value of foo is NOT tainted:

  function foo() {
      bar(() => taint);
      return ok;
  } (code-7657)
  

• OCaml: matching will now recognized "local open" so that a pattern like Foo.bar ... will now correctly match code such as let open Foo in bar 1 or Foo.(bar 1) in addition to the classic Foo.bar 1. (local_open)

• Project files lacking sufficient read permissions are now skipped gracefully by semgrep. (saf-1598)

• Semgrep will now print stderr and additional debugging info when semgrep-core exits with a fatal error code but still returns a json repsonse (finishes scanning) (saf-1672)

• semgrep ci should parse correctly git logs to compute the set of contributors even if some authors have special characters in their names. (saf-1681)

Release v1.93.0

1.93.0 - 2024-10-23

Added

... (truncated)

Changelog

Sourced from semgrep's changelog.

1.95.0 - 2024-10-31

Changed

• Remove deprecated --enable-experimental-requirements flag. Functionality has been always enabled since Semgrep 1.93.0. (ssc-1903)

Fixed

• osemgrep: Running osemgrep with the Pro Engine now correctly runs rules with proprietary languages (saf-1686)
• Fixed bug where semgrep would crash if --trace was passed (saf-tracing)

1.94.0 - 2024-10-30

Fixed

• pro: taint-mode: Semgrep should no longer confuse a return in a lambda with a return in its enclosing function.

  E.g. In the example below the return value of foo is NOT tainted:

  function foo() {
      bar(() => taint);
      return ok;
  } (code-7657)
  

• OCaml: matching will now recognized "local open" so that a pattern like Foo.bar ... will now correctly match code such as let open Foo in bar 1 or Foo.(bar 1) in addition to the classic Foo.bar 1. (local_open)

• Project files lacking sufficient read permissions are now skipped gracefully by semgrep. (saf-1598)

• Semgrep will now print stderr and additional debugging info when semgrep-core exits with a fatal error code but still returns a json repsonse (finishes scanning) (saf-1672)

• semgrep ci should parse correctly git logs to compute the set of contributors even if some authors have special characters in their names. (saf-1681)

1.93.0 - 2024-10-23

Added

... (truncated)

Commits

• 4472baa chore: release version 1.95.0
• e09d3e3semgrep/semgrep-proprietary#2533
• f982784 fix(sca): lowercase python packages when parsing from rule (semgrep/semgrep-p...
• 84bd900semgrep/semgrep-proprietary#2530
• b3cd676 chore(sca): remove --enable-experimental-requirements flag (semgrep/semgrep...
• fadc8f1 fix(osemgrep): enable proprietary parsers in osemgrep-pro (semgrep/semgrep-pr...
• bf1847c chore(dep-resolution): update interfaces for new manifest kinds (semgrep/semg...
• 33f320esemgrep/semgrep-proprietary#2527
• 459dd34semgrep/semgrep-proprietary#2524
• d48d887semgrep/semgrep-proprietary#2523
• Additional commits viewable in compare view

Updates types-pexpect from 4.9.0.20240311 to 4.9.0.20240806

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[zenmonkeykstop]

LGTM, good bot.