Skip to content

Bump the python group across 1 directory with 3 updates#175

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/uv/python-af809949ba
Open

Bump the python group across 1 directory with 3 updates#175
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/uv/python-af809949ba

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Contributor

Bumps the python group with 3 updates in the / directory: cyclonedx-python-lib, tqdm and ruff.

Updates cyclonedx-python-lib from 11.9.0 to 11.10.0

Release notes

Sourced from cyclonedx-python-lib's releases.

v11.10.0 (2026-06-11)

Bug Fixes

  • Lossless flattening of dependency graph during JSON serialization (#993, d0e10ca)

  • Typing in contrib.bom.utils.BomDependencyGraphFlatMerger (#998, 988a937)

Documentation

  • Improve docs of contrib.bom.utils.BomRefDiscriminator (#996, 9beaf5c)

Features

  • Add contrib.bom.utils.BomDependencyGraphFlatMerger (#997, 78b8d8b)

  • Move output.BomRefDiscriminator to contrib.bom.utils.BomRefDiscriminator (#995, 3bb87aa)

Performance Improvements

  • contrib.bom.utils.bomdependencygraphflatmerger._flatten_merge (#999, a8579b8)

What's Changed

Full Changelog: CycloneDX/cyclonedx-python-lib@v11.9.0...v11.10.0

Changelog

Sourced from cyclonedx-python-lib's changelog.

v11.10.0 (2026-06-11)

Bug Fixes

  • Lossless flattening of dependency graph during JSON serialization (#993, d0e10ca)

  • Typing in contrib.bom.utils.BomDependencyGraphFlatMerger (#998, 988a937)

Documentation

  • Improve docs of contrib.bom.utils.BomRefDiscriminator (#996, 9beaf5c)

Features

  • Add contrib.bom.utils.BomDependencyGraphFlatMerger (#997, 78b8d8b)

  • Move output.BomRefDiscriminator to contrib.bom.utils.BomRefDiscriminator (#995, 3bb87aa)

Performance Improvements

  • contrib.bom.utils.bomdependencygraphflatmerger._flatten_merge (#999, a8579b8)
Commits
  • bdeaa91 chore(release): 11.10.0
  • d0e10ca fix: lossless flattening of dependency graph during JSON serialization (#993)
  • a8579b8 perf: contrib.bom.utils.BomDependencyGraphFlatMerger._flatten_merge (#999)
  • 988a937 fix: typing in contrib.bom.utils.BomDependencyGraphFlatMerger (#998)
  • 78b8d8b feat: add contrib.bom.utils.BomDependencyGraphFlatMerger (#997)
  • 9beaf5c docs: improve docs of contrib.bom.utils.BomRefDiscriminator (#996)
  • 3bb87aa feat: move output.BomRefDiscriminator to `contrib.bom.utils.BomRefDiscrimin...
  • See full diff in compare view

Updates tqdm from 4.68.1 to 4.68.2

Release notes

Sourced from tqdm's releases.

tqdm v4.68.2 stable

  • revert accidental change to ascii default (fixes #1760)
    • UnicodeEncodeError: 'charmap' codec can't encode characters in position 6-7: character maps to <undefined> can be fixed by installing tqdm!=4.68.0,!=4.68.1
  • misc docs updates
    • fix links
    • replace stray rst -> md syntax
    • consistent "progress bar" terminology (#1737)
  • tests: fix coverage (fixes #1760)
Commits

Updates ruff from 0.15.16 to 0.15.17

Release notes

Sourced from ruff's releases.

0.15.17

Release Notes

Released on 2026-06-11.

Preview features

  • Allow human-readable names in suppression comments (#25614)
  • Fix handling of ignore comments within a disable/enable pair (#25845)
  • Prioritize human-readable names in CLI output (#25869)
  • Respect diagnostic start and parent ranges and trailing comments in ruff:ignore suppressions (#25673)
  • [flake8-async] Add trio.as_safe_channel to safe decorators (ASYNC119) (#25775)
  • [flake8-pytest-style] Also check pytest_asyncio fixtures (#25375)
  • [ruff] Ban pytest autouse fixtures (RUF076) (#25477)
  • [pyupgrade] Add from __future__ import annotations automatically (UP007, UP045) (#23259)

Bug fixes

  • Fix diagnostic when ruff:enable or ruff:disable appears where ruff:ignore is expected (#25700)
  • [pyupgrade] Preserve leading empty literals to avoid syntax errors (UP032) (#25491)

Rule changes

  • [flake8-pytest-style] Clarify diagnostic message for single parameters (PT007) (#25592)
  • [numpy] Drop autofix for np.in1d (NPY201) (#25612)
  • [pylint] Exempt Python version comparisons (PLR2004) (#25743)

Performance

  • Reserve AST Vecs with correct capacity for common cases (#25451)

Formatter

  • Preserve whitespace for Quarto cell option comments (#25641)

CLI

  • Allow rule names in ruff rule (#25640)

Other changes

  • Fix playground diagnostics scrollbars (#25642)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.17

Released on 2026-06-11.

Preview features

  • Allow human-readable names in suppression comments (#25614)
  • Fix handling of ignore comments within a disable/enable pair (#25845)
  • Prioritize human-readable names in CLI output (#25869)
  • Respect diagnostic start and parent ranges and trailing comments in ruff:ignore suppressions (#25673)
  • [flake8-async] Add trio.as_safe_channel to safe decorators (ASYNC119) (#25775)
  • [flake8-pytest-style] Also check pytest_asyncio fixtures (#25375)
  • [ruff] Ban pytest autouse fixtures (RUF076) (#25477)
  • [pyupgrade] Add from __future__ import annotations automatically (UP007, UP045) (#23259)

Bug fixes

  • Fix diagnostic when ruff:enable or ruff:disable appears where ruff:ignore is expected (#25700)
  • [pyupgrade] Preserve leading empty literals to avoid syntax errors (UP032) (#25491)

Rule changes

  • [flake8-pytest-style] Clarify diagnostic message for single parameters (PT007) (#25592)
  • [numpy] Drop autofix for np.in1d (NPY201) (#25612)
  • [pylint] Exempt Python version comparisons (PLR2004) (#25743)

Performance

  • Reserve AST Vecs with correct capacity for common cases (#25451)

Formatter

  • Preserve whitespace for Quarto cell option comments (#25641)

CLI

  • Allow rule names in ruff rule (#25640)

Other changes

  • Fix playground diagnostics scrollbars (#25642)

Contributors

... (truncated)

Commits
  • 7c645a9 Bump 0.15.17 (#25872)
  • f381eb1 Prioritize human-readable names in CLI output (#25869)
  • b9b4546 Minor workflow simplification (#25870)
  • 1e77ba0 [ty] Move PreformattedBlockScanner to format-agnostic location. (#25856)
  • 6f2b772 [ty] Preserve nominal type of enum.property instances (#25849)
  • be4777c [ty] Fix site-package error when multiple versions of pythons are installed i...
  • 53f6ff7 Allow human-readable names in suppression comments (#25614)
  • 6740325 [ty] Restrict uncached raw signature access (#25866)
  • 970b1bf Auto-update snapshots when syncing typeshed (#25841)
  • 0785793 Fix handling of ignore comments within a disable/enable pair (#25845)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the python group across 1 directory with 3 updates
d088eab 
Bumps the python group with 3 updates in the / directory: [cyclonedx-python-lib](https://github.com/CycloneDX/cyclonedx-python-lib), [tqdm](https://github.com/tqdm/tqdm) and [ruff](https://github.com/astral-sh/ruff).


Updates `cyclonedx-python-lib` from 11.9.0 to 11.10.0
- [Release notes](https://github.com/CycloneDX/cyclonedx-python-lib/releases)
- [Changelog](https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md)
- [Commits](CycloneDX/cyclonedx-python-lib@v11.9.0...v11.10.0)

Updates `tqdm` from 4.68.1 to 4.68.2
- [Release notes](https://github.com/tqdm/tqdm/releases)
- [Commits](tqdm/tqdm@v4.68.1...v4.68.2)

Updates `ruff` from 0.15.16 to 0.15.17
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.16...0.15.17)

---
updated-dependencies:
- dependency-name: cyclonedx-python-lib
  dependency-version: 11.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python
- dependency-name: tqdm
  dependency-version: 4.68.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python
- dependency-name: ruff
  dependency-version: 0.15.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 19, 2026
@dependabot dependabot Bot requested a review from evandowning as a code owner June 19, 2026 06:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@evandowning evandowning Awaiting requested review from evandowning evandowning is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants