chore(deps): bump the python-minor-patch group across 1 directory with 9 updates

[dependabot]

Bumps the python-minor-patch group with 9 updates in the / directory:

Package	From	To
snakemake	9.23.0	9.23.1
ruff	0.15.17	0.15.18
pytest	9.1.0	9.1.1
hypothesis	6.155.3	6.155.7
fastapi	0.137.1	0.138.0
pydantic-settings	2.14.1	2.14.2
semgrep	1.166.0	1.167.0
prettytable	3.17.0	3.18.0
msgpack	1.2.0	1.2.1

Updates snakemake from 9.23.0 to 9.23.1

Release notes

Sourced from snakemake's releases.

v9.23.1

9.23.1 (2026-06-17)

Bug Fixes

• LoggerManager.shutdown() error handling, flush all loggers (#4196) (5bcdbf3)
• temp files not deleted when using remote storage plugins (#4232) (7c58f53)

Documentation

• mention sponsoring in docs (c659d62)

Changelog

Sourced from snakemake's changelog.

9.23.1 (2026-06-17)

Bug Fixes

• LoggerManager.shutdown() error handling, flush all loggers (#4196) (5bcdbf3)
• temp files not deleted when using remote storage plugins (#4232) (7c58f53)

Documentation

• mention sponsoring in docs (c659d62)

Commits

• 3d933e6 chore(main): release 9.23.1 (#4227)
• 7c58f53 fix: temp files not deleted when using remote storage plugins (#4232)
• 2a95afb build(deps): bump actions/checkout from 6.0.2 to 6.0.3 in the dependencies gr...
• 84d7941 fmt
• c659d62 docs: mention sponsoring in docs
• eaa3c34 configure sponsor button
• 5bcdbf3 fix: LoggerManager.shutdown() error handling, flush all loggers (#4196)
• See full diff in compare view

Updates ruff from 0.15.17 to 0.15.18

Release notes

Sourced from ruff's releases.

0.15.18

Release Notes

Released on 2026-06-18.

Preview features

• Handle nested ruff:ignore comments (#25791)
• Stop displaying severity in output (#26050)
• Use human-readable names in CLI output (#25937)
• Use human-readable names in LSP and playground diagnostics (#26058)
• [pydocstyle] Prevent property docstrings starting with verbs (D421) (#23775)
• [flake8-pyi] Extend PYI033 to Python files (#26129)

Bug fixes

• Detect equivalent numeric mapping keys (#26009)
• Detect mapping keys equivalent to booleans (#25982)
• Detect repeated signed and complex dictionary keys (#26007)

Rule changes

• [flake8-pyi] Rename PYI033 to legacy-type-comment (#26131)

Performance

• Use ThinVec for call keywords (#25999)
• Inline parser recovery context checks (#26038)
• Match parser keywords as bytes (#26037)
• Move value parsing out of lexing (#25360)

Server

• Render subdiagnostics and secondary annotations as related information (#26011)

Documentation

• Update fix availability for always-fixable rules (#26091)
• [flake8-tidy-imports] Add fix safety section (TID252) (#17491)

Parser

• Reject __debug__ lambda parameters (#26022)
• Reject _ as a match-pattern target (#25977)
• Reject multiple starred names in sequence patterns (#25976)
• Reject parenthesized star imports (#26021)
• Reject starred comprehension targets (#26023)
• Reject unparenthesized generator expressions in class bases (#25978)
• Reject yield expressions after commas (#26024)
• Validate function type parameter default order (#25981)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.18

Released on 2026-06-18.

Preview features

• Handle nested ruff:ignore comments (#25791)
• Stop displaying severity in output (#26050)
• Use human-readable names in CLI output (#25937)
• Use human-readable names in LSP and playground diagnostics (#26058)
• [pydocstyle] Prevent property docstrings starting with verbs (D421) (#23775)
• [flake8-pyi] Extend PYI033 to Python files (#26129)

Bug fixes

• Detect equivalent numeric mapping keys (#26009)
• Detect mapping keys equivalent to booleans (#25982)
• Detect repeated signed and complex dictionary keys (#26007)

Rule changes

• [flake8-pyi] Rename PYI033 to legacy-type-comment (#26131)

Performance

• Use ThinVec for call keywords (#25999)
• Inline parser recovery context checks (#26038)
• Match parser keywords as bytes (#26037)
• Move value parsing out of lexing (#25360)

Server

• Render subdiagnostics and secondary annotations as related information (#26011)

Documentation

• Update fix availability for always-fixable rules (#26091)
• [flake8-tidy-imports] Add fix safety section (TID252) (#17491)

Parser

• Reject __debug__ lambda parameters (#26022)
• Reject _ as a match-pattern target (#25977)
• Reject multiple starred names in sequence patterns (#25976)
• Reject parenthesized star imports (#26021)
• Reject starred comprehension targets (#26023)
• Reject unparenthesized generator expressions in class bases (#25978)
• Reject yield expressions after commas (#26024)
• Validate function type parameter default order (#25981)

... (truncated)

Commits

• 6686f63 Bump 0.15.18 (#26135)
• efbb732 [ty] Suggest keyword-only arguments between variadic parameters (#26134)
• c256d5f [ty] Support Annotated[Any, ...] as a class base (#26133)
• 19a4bea [flake8-pyi] Rename PYI033 to legacy-type-comment (#26131)
• 1d9866c Bump ecosystem-analyzer commit (#26130)
• 8656c73 [ty] Compact indexed AST node storage (#25998)
• c17c8d9 [ty] Garbage-collect cached constraint sets (#26116)
• ef0fb8f [ty] Fix bound TypeVar default cycle recovery (#26124)
• b83c024 [flake8-pyi] Extend PYI033 to Python files in preview (#26129)
• e8a5e38 Update Rust crate zip to v8 (#26078)
• Additional commits viewable in compare view

Updates pytest from 9.1.0 to 9.1.1

Release notes

Sourced from pytest's releases.

9.1.1

pytest 9.1.1 (2026-06-19)

Bug fixes

• #14220: Fixed a logic bug in pytest.RaisesGroup which would might cause it to display incorrect "It matches FooError() which was paired with BarError" messages.
• #14591: Fixed a regression in pytest 9.1.0 which caused overriding a parametrized fixture with an indirect @​pytest.mark.parametrize to fail with "duplicate parametrization of '<fixture name>'".
• #14606: Fixed list-item typing errors from mypy in @pytest.mark.parametrize <pytest.mark.parametrize ref> argvalues parameter.
• #14608: Fixed a regression in pytest 9.1.0 where conftest.py files located in <invocation dir>/test* were no longer loaded as initial conftests when invoked without arguments. This could cause certain hooks (like pytest_addoption) in these files to not fire.

Commits

• cf470ec Prepare release version 9.1.1
• e0c8ce6 Merge pull request #14625 from pytest-dev/patchback/backports/9.1.x/a07c31a97...
• 1b82d16 Merge pull request #14624 from pytest-dev/patchback/backports/9.1.x/b375b79ec...
• 501c4bc Merge pull request #14596 from bluetech/doc-classmethod
• b61f588 Merge pull request #14622 from chrisburr/fix-14608-initial-conftest-test-subdir
• 9a567e0 [automated] Update plugin list (#14617) (#14618)
• ef8b299 Merge pull request #14620 from pytest-dev/patchback/backports/9.1.x/680f9f3ed...
• 66abd07 Merge pull request #14220 from bysiber/fix-stale-iexp-raisesgroup
• 79fbf93 Merge pull request #14612 from pytest-dev/patchback/backports/9.1.x/974ed48b6...
• 0d312eb Merge pull request #14611 from bluetech/parametrize-argvalues-typing
• Additional commits viewable in compare view

Updates hypothesis from 6.155.3 to 6.155.7

Commits

• 929e5fb Bump hypothesis version to 6.155.7 and update changelog
• 93ee3c9 Merge pull request #4772 from Liam-DeVoe/recursive-property-thread-safety
• 0bb0f2f drop more 3.13t
• de6bd79 drop inbetween
• ff583cc drop 313t jobs
• a5474e4 claude: re-trigger CI
• 55d2b97 claude: re-trigger CI (flaky conjecture-coverage + transient scipy/OpenBLAS b...
• 0a2bdae claude: fix recursive_property thread-safety; install Python via fresh uv met...
• 4641d65 Bump hypothesis version to 6.155.6 and update changelog
• 7d90a93 Merge pull request #4770 from Liam-DeVoe/ignore-up037
• Additional commits viewable in compare view

Updates fastapi from 0.137.1 to 0.138.0

Release notes

Sourced from fastapi's releases.

0.138.0

Features

• ✨ Add support for app.frontend("/", directory="dist") and router.frontend("/", directory="dist"). PR #15800 by @​tiangolo.
  • Read the docs: Frontend.

Docs

• 📝 Fix typo in release notes. PR #15807 by @​tiangolo.
• 📝 Add app.frontend() instructions to Agent Library Skill. PR #15805 by @​tiangolo.
• 📝 Update release notes link. PR #15802 by @​tiangolo.
• ✏️ Update white space characters in bigger apps. PR #15801 by @​tiangolo.
• ✏️ Fix grammar, typos, and broken links in docs. PR #15694 by @​YuriiMotov.

Translations

• 🌐 Enable Hindi docs translations. PR #15554 by @​YuriiMotov.

Internal

• 🐛 Fix failing test, update format for raised errors. PR #15804 by @​tiangolo.
• 👷 Fix test-alls-green. PR #15803 by @​tiangolo.
• 🔧 Enable checking release-notes.md for typos. PR #15796 by @​YuriiMotov.
• 📝 Tweak wording about deploying to FastAPI Cloud. PR #15793 by @​tiangolo.
• 🔨 Use gpt-5.5 model in translate.py, specify -chat to avoid warnings. PR #15792 by @​YuriiMotov.

0.137.2

Features

• ✨ Add iter_route_contexts() for advanced use cases that used to use router.routes (e.g. Jupyverse). PR #15785 by @​tiangolo.

Translations

• 🌐 Fix broken Markdown in Korean custom response docs. PR #15774 by @​kooqooo.
• 🌐 Update translations for fr (update-outdated). PR #15761 by @​tiangolo.
• 🌐 Update translations for zh-hant (update-outdated). PR #15760 by @​tiangolo.
• 🌐 Update translations for de (update-outdated). PR #15759 by @​tiangolo.
• 🌐 Update translations for ko (update-outdated). PR #15757 by @​tiangolo.
• 🌐 Update translations for uk (update-outdated). PR #15756 by @​tiangolo.
• 🌐 Update translations for zh (update-outdated). PR #15755 by @​tiangolo.
• 🌐 Update translations for tr (update-outdated). PR #15754 by @​tiangolo.
• 🌐 Update translations for pt (update-outdated). PR #15753 by @​tiangolo.
• 🌐 Update translations for es (update-outdated). PR #15752 by @​tiangolo.
• 🌐 Update translations for ja (update-outdated). PR #15751 by @​tiangolo.
• 🌐 Update translations for ru (update-outdated). PR #15758 by @​tiangolo.

Internal

• 🔧 Update sponsors: add BairesDev. PR #15787 by @​tiangolo.
• 🔨 Update sponsors script to simplify previews. PR #15786 by @​tiangolo.

... (truncated)

Commits

• 4b83b0d 🔖 Release version 0.138.0 (#15808)
• 041cb0c 📝 Update release notes
• 1039384 📝 Fix typo in release notes (#15807)
• 0303491 📝 Update release notes
• 190f6e2 📝 Add Frontend instructions to Agent Library Skill (#15805)
• 17945e5 📝 Update release notes
• 2260afa 🐛 Fix failing test, update format for raised errors (#15804)
• 0cd5001 📝 Update release notes
• 7cb1ab6 👷 Fix test-alls-green (#15803)
• 9c7eceb 📝 Update release notes
• Additional commits viewable in compare view

Updates pydantic-settings from 2.14.1 to 2.14.2

Release notes

Sourced from pydantic-settings's releases.

v2.14.2

What's Changed

This is a security patch release.

• Prevent NestedSecretsSettingsSource from following symlinks outside secrets_dir by @​hramezani in pydantic/pydantic-settings#889
• Prepare release 2.14.2 by @​hramezani in pydantic/pydantic-settings#890

Security

Fixes GHSA-4xgf-cpjx-pc3j: NestedSecretsSettingsSource with secrets_nested_subdir=True could follow a symbolic link inside secrets_dir pointing outside it, reading out-of-tree files into settings values and bypassing the secrets_dir_max_size cap. Affected versions: >= 2.12.0, < 2.14.2.

Full Changelog: pydantic/pydantic-settings@v2.14.1...v2.14.2

Commits

• d703bd7 Prepare release 2.14.2 (#890)
• See full diff in compare view

Updates semgrep from 1.166.0 to 1.167.0

Release notes

Sourced from semgrep's releases.

Release v1.167.0

1.167.0 - 2026-06-17

### Added

• Added support for more operators for folding for constant propagation, including subtraction, division, bit ops, bit shifts, comparisons, and more. (const-folding)
• Added a nosemgrep_disabled field to the scan configuration so the platform can disable nosemgrep inline ignore comments org-wide for a scan. (APPEX-1122)
• Semgrep now skips binary files (images, archives, compiled executables, etc.) during scanning by default, detected via matching file extensions to known file-format magic bytes Pass --no-exclude-binary-files to scan binary files as before. (ENGINE-2708)

### Fixed

• semgrep ci with --sarif now correctly populates the output's ignores field with nosemgrep-suppressed findings, in accordance with other output formatters. (gh-6651)

### Infra/Release Changes

• Updated the ocaml-tree-sitter-core submodule to the latest upstream main, providing

  • improved thread-safety
  • bumps the tree-sitter CLI option used from 0.20.6 to 0.20.8.

  (ocaml-tree-sitter-core-bump)

Changelog

Sourced from semgrep's changelog.

1.167.0 - 2026-06-17

### Added

• Added support for more operators for folding for constant propagation, including subtraction, division, bit ops, bit shifts, comparisons, and more. (const-folding)
• Added a nosemgrep_disabled field to the scan configuration so the platform can disable nosemgrep inline ignore comments org-wide for a scan. (APPEX-1122)
• Semgrep now skips binary files (images, archives, compiled executables, etc.) during scanning by default, detected via matching file extensions to known file-format magic bytes Pass --no-exclude-binary-files to scan binary files as before. (ENGINE-2708)

### Fixed

• semgrep ci with --sarif now correctly populates the output's ignores field with nosemgrep-suppressed findings, in accordance with other output formatters. (gh-6651)

### Infra/Release Changes

• Updated the ocaml-tree-sitter-core submodule to the latest upstream main, providing

  • improved thread-safety
  • bumps the tree-sitter CLI option used from 0.20.6 to 0.20.8.

  (ocaml-tree-sitter-core-bump)

Commits

• 2e64163 chore: release 1.167.0
• 4e0501d chore(partial-scans): add atd types and cli flag for specifying partial scan ...
• 3d1c0acsemgrep/semgrep-proprietary#6480
• c9fee93 fix: add event trigger type to wait-for logic (semgrep/semgrep-proprietar...
• 008fd21 chore: update ocaml-tree-sitter-core submodule to use tree-sitter 0.20.8 (sem...
• 8d0fc8a chore: split Dockerfilesemgrep/semgrep-proprietary#6553
• a7a6827semgrep/semgrep-proprietary#6444
• fd6d28d feat(ci): cut osx-x86 make test to subset smoke test (semgrep/semgrep-propr...
• b203aa2semgrep/semgrep-proprietary#6574
• fe22e0a feat(cli): Honor nosemgrep_disabled scan config setting in semgrep ci (semg...
• Additional commits viewable in compare view

Updates prettytable from 3.17.0 to 3.18.0

Release notes

Sourced from prettytable's releases.

Release 3.18.0

Added

• Add support for Python 3.16 (#470) @​hugovk
• Support multiline headers (#451) @​wyllys66
• Support reStructuredText tables (#449) @​hugovk
• Support int_format, float_format and custom_format for CSV (#448) @​hugovk
• Add caption support for Markdown (#342) (#430) @​stuertz
• Validate column-specific options when dict attrs are modified (#429) @​stuertz
• Overwrite int/float formatter with custom_formatter (#425) @​stuertz
• Document paginate() (#420) @​stuertz
• Docs: add example of using custom_format (#405) @​stuertz
• Improve type coverage of colortable (#459) @​jorenham

Changed

• Improve wcwidth>=0.3.5 integration and performance (#440) @​jquast
• Replace re.split with str.split and remove re import (#443) @​hugovk
• Speed up import time (#471) @​hugovk
• Stop testing experimental Python 3.13t (#469) @​hugovk

Deprecated

• Performance: deprecate and defer import of OptionsType (#462) @​hugovk
• Performance: deprecate and defer import of TableHandler (#460) @​hugovk

Fixed

• Expand tabs in cell values so columns stay aligned (#468) @​gaoflow
• Drop stale align/valign keys when field_names are renamed (#465) @​SAY-5
• Fix bleeding of wrapped colours into table edges (#452) @​jquast
• Fix horizontal_align_char getter (#445) @​hugovk
• Allow different types for Cursor than only sqlite3.Cursor (#419) @​stuertz
• Remove duplicate line (#446) @​hugovk
• Document header_horizontal_char and remove a duplicate docstring line (#467) @​Labib-Bin-Salam

Commits

• 069405f Speed up import time (#471)
• 95810e2 Add support for Python 3.16 (#470)
• 868b51e Stop testing experimental Python 3.13t (#469)
• d02b216 Expand tabs in cell values so columns stay aligned (#468)
• e4c9c69 Drop stale align/valign keys when field_names are renamed (#465)
• 266ff5d Document header_horizontal_char and remove a duplicate docstring line (#467)
• 144749c Performance: deprecate and defer import of OptionsType (#462)
• 23f3eb7 Bump mypy from 1.20.2 to 2.1.0 in the pip group (#466)
• 2fe26d3 Bump mypy from 1.19.1 to 1.20.2 in the actions group (#464)
• e4babc3 Hash pin GitHub Actions (#463)
• Additional commits viewable in compare view

Updates msgpack from 1.2.0 to 1.2.1

Release notes

Sourced from msgpack's releases.

v1.2.1

What's Changed

• Bump pypa/cibuildwheel from 4.0.0 to 4.1.0 in the all-dependencies group by @​dependabot[bot] in msgpack/msgpack-python#694
• release v1.2.1 by @​methane in msgpack/msgpack-python#698

Full Changelog: msgpack/msgpack-python@v1.2.0...v1.2.1

Changelog

Sourced from msgpack's changelog.

1.2.1

Release Date: 2026-06-19

Fix a segfault when calling Unpacker.unpack() or Unpacker.skip() after an unpacking failure. But note that reusing the same Unpacker instance after an unpacking failure is not supported. Please create a new Unpacker instance instead. GHSA-6v7p-g79w-8964

Commits

• 448d43f release v1.2.1 (#698)
• 2c56ddb Merge commit from fork
• 0f4f350 Bump pypa/cibuildwheel from 4.0.0 to 4.1.0 in the all-dependencies group (#694)
• See full diff in compare view

[Gavin-Borges]

@dependabot rebase

[Gavin-Borges]

@dependabot rebase

[Gavin-Borges]

All CI green. Companion python-minor-patch group bump with same security packages.

[Gavin-Borges]

Superseded: root requirements.in was updated by the merged PR #87 and the requirements.txt hashes have been manually synced directly on main (same Dependabot-verified hashes). environments/ files were fully covered by PR #87. No remaining delta.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml