update: bump the pip-packages group across 1 directory with 4 updates

[dependabot]

Bumps the pip-packages group with 4 updates in the / directory: semgrep, mkdocs-material, black and pylint.

Updates semgrep from 1.104.0 to 1.107.0

Release notes

Sourced from semgrep's releases.

Release v1.107.0

1.107.0 - 2025-02-04

Added

• More testing of pnpm-lock.yaml dependency parsing. (gh-2999)
• Added a progress indicator during dependency resolution for supply chain scans. (sc-2045)

Fixed

• The pro engine now respects the correct order of field resolution in Scala's multiple inheritance. The type that appears later takes precedence when resolving fields. For example, in class A extends B with C with D, the order of precedence is D, C, B, and A. (code-7891)
• pro: taint: Fixed bug in callback support, see https://semgrep.dev/playground/s/oqobX (code-7976)
• pro: python: Fixed resolution of calls to the implementation of abstract methods. See https://semgrep.dev/playground/s/X5kZ4. (code-7987)
• Fixed the semgrep ci --help to not include experimental options like --semgrep-branch (saf-1746)
• Peer dependency relationships in package-lock.json files are tracked when parsing a dependency graph (sc-2032)
• Peer dependency relationships in pnpm-lock.yaml files are tracked when parsing a dependency graph (sc-2033)

Infra/Release Changes

• Upgrade from OCaml 4.14.0 to OCaml 5.2.1 for our Docker images (ocaml5-docker)

Release v1.106.0

1.106.0 - 2025-01-29

See 1.105.0 Changelog:

1.105.0 - 2025-01-29

Added

• Semgrep can dynamically resolve dependencies for C# Solutions denoted by *.csproj (sc-2015)

Changed

• Added extra defensive try/catch around lockfile parsing (parsing)

Fixed

• LSP shortlinks in diagnostics should no longer drop anchors or query parameters in URIs. (gh-10687)
• Some bug fixes to pnpm lockfile parsing. (gh-2955)
• Fix npm aliasing bug in yarn parser. (sc-2052)
• Fixed bug where supply chain diff scans of package-lock.json v2 projects incorrectly produced non-new findings (sc-2060)

Changelog

Sourced from semgrep's changelog.

1.107.0 - 2025-02-04

Added

• More testing of pnpm-lock.yaml dependency parsing. (gh-2999)
• Added a progress indicator during dependency resolution for supply chain scans. (sc-2045)

Fixed

• The pro engine now respects the correct order of field resolution in Scala's multiple inheritance. The type that appears later takes precedence when resolving fields. For example, in class A extends B with C with D, the order of precedence is D, C, B, and A. (code-7891)
• pro: taint: Fixed bug in callback support, see https://semgrep.dev/playground/s/oqobX (code-7976)
• pro: python: Fixed resolution of calls to the implementation of abstract methods. See https://semgrep.dev/playground/s/X5kZ4. (code-7987)
• Fixed the semgrep ci --help to not include experimental options like --semgrep-branch (saf-1746)
• Peer dependency relationships in package-lock.json files are tracked when parsing a dependency graph (sc-2032)
• Peer dependency relationships in pnpm-lock.yaml files are tracked when parsing a dependency graph (sc-2033)

Infra/Release Changes

• Upgrade from OCaml 4.14.0 to OCaml 5.2.1 for our Docker images (ocaml5-docker)

1.106.0 - 2025-01-29

No significant changes.

1.105.0 - 2025-01-29

Added

• Semgrep can dynamically resolve dependencies for C# Solutions denoted by *.csproj (sc-2015)

Changed

... (truncated)

Commits

• 92313a4 chore: release version 1.107.0
• 92a64b9semgrep/semgrep-proprietary#3033
• 50a6842semgrep/semgrep-proprietary#3031
• b839082 chore(ci): merge pre-commit jobs into a single pre-commit job. (semgrep/semgr...
• 7b31117semgrep/semgrep-proprietary#3025
• f277bb9semgrep/semgrep-proprietary#3
• 458c844 chore(dep-resolution): add progress indicator while resolving dependencies (s...
• 75de25esemgrep/semgrep-proprietary#3016
• 337d734semgrep/semgrep-proprietary#2990
• 7b834cb Implement correct method resolution for multiple trait inheritance in Scala (...
• Additional commits viewable in compare view

Updates mkdocs-material from 9.5.50 to 9.6.2

Release notes

Sourced from mkdocs-material's releases.

mkdocs-material-9.6.2

• Fixed #7955: Excessively long words don't break on narrow screens
• Fixed #7947: Scope setting interferes with outdated version banner

mkdocs-material-9.6.1

• Fixed #7943: Tags plugin crashing due to merge error

mkdocs-material-9.6.0

• Added meta plugin
• Rewrite of the tags plugin
• Added support for allow lists in tags plugin
• Added support for and custom sorting in tags plugin
• Added support for related links in blog plugin
• Added support for custom index pages in blog plugin
• Added support for navigation subtitles
• Fixed #7924: Anchors might require two clicks when using instant navigation

Changelog

Sourced from mkdocs-material's changelog.

mkdocs-material-9.6.2 (2025-02-03)

• Fixed #7955: Excessively long words don't break on narrow screens
• Fixed #7947: Scope setting interferes with outdated version banner

mkdocs-material-9.6.1 (2025-01-31)

• Fixed #7943: Tags plugin crashing due to merge error

mkdocs-material-9.6.0 (2025-01-31)

• Added meta plugin
• Rewrite of the tags plugin
• Added support for allow lists in tags plugin
• Added support for and custom sorting in tags plugin
• Added support for related links in blog plugin
• Added support for custom index pages in blog plugin
• Added support for navigation subtitles
• Fixed #7924: Anchors might require two clicks when using instant navigation

mkdocs-material-9.5.50 (2025-01-18)

• Fixed #7913: Social plugin renders attribute lists in page title

mkdocs-material-9.5.49+insiders-4.53.15 (2025-01-15)

• Fixed #7896: Scoped tags listings not rendering in subsections

mkdocs-material-9.5.49 (2024-12-16)

• Adjusted title color in dark mode for all supported Mermaid.js diagrams
• Fixed #7803: Privacy plugin crashes on generated files
• Fixed #7781: Mermaid.js flow chart title not visible in dark mode

mkdocs-material-9.5.48 (2024-12-08)

• Fixed #7774: Disabling social cards doesn't work

mkdocs-material-9.5.47 (2024-12-01)

• Fixed #7750: Numeric tags break search
• Fixed #7748: Blog plugin breaks when using future drafts (9.5.45 regression)

mkdocs-material-9.5.46 (2024-11-25)

• Added support for removing preload hints in privacy plugin
• Fixed #7734: Code blocks in h5 headlines are uppercased
• Fixed #7725: Blog plugin crashing on missing timezone (9.5.45 regression)

mkdocs-material-9.5.45 (2024-11-20)

... (truncated)

Commits

• 1648d56 Prepare 9.6.2 release
• cf46186 Fixed side effect of scope on outdated banner (#7959)
• 26a32ea Documentation (#7957)
• 66f1fc6 Added demo repository badge (#7915)
• 2c52fa2 Fixed word breaks for excessively long words
• 454af62 Prepare 9.6.1 release
• 2d147c7 Fixed crashing tags plugin
• 34dc4fe Updated Premium sponsors
• 8edc6f8 Updated Premium sponsors
• 0be1d6b Documentation
• Additional commits viewable in compare view

Updates black from 24.10.0 to 25.1.0

Release notes

Sourced from black's releases.

25.1.0

Highlights

This release introduces the new 2025 stable style (#4558), stabilizing the following changes:

• Normalize casing of Unicode escape characters in strings to lowercase (#2916)
• Fix inconsistencies in whether certain strings are detected as docstrings (#4095)
• Consistently add trailing commas to typed function parameters (#4164)
• Remove redundant parentheses in if guards for case blocks (#4214)
• Add parentheses to if clauses in case blocks when the line is too long (#4269)
• Whitespace before # fmt: skip comments is no longer normalized (#4146)
• Fix line length computation for certain expressions that involve the power operator (#4154)
• Check if there is a newline before the terminating quotes of a docstring (#4185)
• Fix type annotation spacing between * and more complex type variable tuple (#4440)

The following changes were not in any previous release:

• Remove parentheses around sole list items (#4312)
• Generic function definitions are now formatted more elegantly: parameters are split over multiple lines first instead of type parameter definitions (#4553)

Stable style

• Fix formatting cells in IPython notebooks with magic methods and starting or trailing empty lines (#4484)
• Fix crash when formatting with statements containing tuple generators/unpacking (#4538)

Preview style

• Fix/remove string merging changing f-string quotes on f-strings with internal quotes (#4498)
• Collapse multiple empty lines after an import into one (#4489)
• Prevent string_processing and wrap_long_dict_values_in_parens from removing parentheses around long dictionary values (#4377)
• Move wrap_long_dict_values_in_parens from the unstable to preview style (#4561)

Packaging

• Store license identifier inside the License-Expression metadata field, see PEP 639. (#4479)

Performance

• Speed up the is_fstring_start function in Black's tokenizer (#4541)

Integrations

• If using stdin with --stdin-filename set to a force excluded path, stdin won't be

... (truncated)

Changelog

Sourced from black's changelog.

25.1.0

Highlights

This release introduces the new 2025 stable style (#4558), stabilizing the following changes:

• Normalize casing of Unicode escape characters in strings to lowercase (#2916)
• Fix inconsistencies in whether certain strings are detected as docstrings (#4095)
• Consistently add trailing commas to typed function parameters (#4164)
• Remove redundant parentheses in if guards for case blocks (#4214)
• Add parentheses to if clauses in case blocks when the line is too long (#4269)
• Whitespace before # fmt: skip comments is no longer normalized (#4146)
• Fix line length computation for certain expressions that involve the power operator (#4154)
• Check if there is a newline before the terminating quotes of a docstring (#4185)
• Fix type annotation spacing between * and more complex type variable tuple (#4440)

The following changes were not in any previous release:

• Remove parentheses around sole list items (#4312)
• Generic function definitions are now formatted more elegantly: parameters are split over multiple lines first instead of type parameter definitions (#4553)

Stable style

• Fix formatting cells in IPython notebooks with magic methods and starting or trailing empty lines (#4484)
• Fix crash when formatting with statements containing tuple generators/unpacking (#4538)

Preview style

• Fix/remove string merging changing f-string quotes on f-strings with internal quotes (#4498)
• Collapse multiple empty lines after an import into one (#4489)
• Prevent string_processing and wrap_long_dict_values_in_parens from removing parentheses around long dictionary values (#4377)
• Move wrap_long_dict_values_in_parens from the unstable to preview style (#4561)

Packaging

• Store license identifier inside the License-Expression metadata field, see PEP 639. (#4479)

Performance

• Speed up the is_fstring_start function in Black's tokenizer (#4541)

Integrations

... (truncated)

Commits

• 8a737e7 Prepare release 25.1.0 (#4563)
• d330dee docs: We're not going to use backslashes for the with statement (#4564)
• 3d81290 Move wrap_long_dict_values_in_parens to the preview style (#4561)
• 459562c Improve function declaration wrapping when it contains generic type definitio...
• 99dbf30 Cache executor to avoid hitting open file limits (#4560)
• c0b92f3 Prepare the 2025 stable style (#4558)
• e58baf1 Add test for #1187 (#4559)
• 1455ae4 Fix docs CI (#4555)
• 584d033 fix: Don't remove parenthesis around long dictionary values (#4377)
• 6e96540 Fix CI (#4551)
• Additional commits viewable in compare view

Updates pylint from 3.3.3 to 3.3.4

Commits

• c2b01c3 Bump pylint to 3.3.4, update changelog
• 023cd43 [isort] Permit to use isort 6 (#10204)
• 050acfe Calculate linter.config.jobs in cgroupsv2 environments (#10089) (#10169)
• d6992b8 fix "skipped files" count calculation (#10141)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 5af93f4.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package	Version	Score	Details
pip/black	25.1.0	🟢 6.6	Details Check Score Reason Code-Review 🟢 8 Found 24/28 approved changesets -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/mkdocs-material	9.6.2	🟢 4.8	Details Check Score Reason Code-Review ⚠️ 2 Found 6/26 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 4 6 existing vulnerabilities detected
pip/pylint	3.3.4	🟢 6.5	Details Check Score Reason Code-Review 🟢 7 Found 13/17 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 4 6 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits
pip/semgrep	1.107.0	Unknown	Unknown
pip/semgrep	1.107.0	Unknown	Unknown

Scanned Files

• poetry.lock
• pyproject.toml

[github-actions]

Coverage Report

File	Stmts	Miss	Cover	Missing
semgr8s
__main__.py	18	18	0%	5–32
app.py	81	4	95%	117, 177–178, 209
k8s_api.py	22	2	91%	43–44
updater.py	29	2	93%	49–50
TOTAL	202	26	87%

Tests	Skipped	Failures	Errors	Time
18	0 💤	0 ❌	0 🔥	1.815s ⏱️

[dependabot]

Superseded by #424.