build(deps): Bump the python-packages group across 1 directory with 4 updates

[dependabot]

Bumps the python-packages group with 4 updates in the / directory: sqlalchemy, ruff, mypy and matplotlib.

Updates sqlalchemy from 2.0.36 to 2.0.37

Release notes

Sourced from sqlalchemy's releases.

2.0.37

Released: January 9, 2025

orm

• [orm] [bug] Fixed issue regarding Union types that would be present in the _orm.registry.type_annotation_map of a _orm.registry or declarative base class, where a Mapped element that included one of the subtypes present in that Union would be matched to that entry, potentially ignoring other entries that matched exactly. The correct behavior now takes place such that an entry should only match in _orm.registry.type_annotation_map exactly, as a Union type is a self-contained type. For example, an attribute with Mapped[float] would previously match to a _orm.registry.type_annotation_map entry Union[float, Decimal]; this will no longer match and will now only match to an entry that states float. Pull request courtesy Frazer McLean.

  References: #11370

• [orm] [bug] Fixed bug in how type unions were handled within _orm.registry.type_annotation_map as well as _orm.Mapped that made the lookup behavior of a | b different from that of Union[a, b].

  References: #11944

• [orm] [bug] Consistently handle TypeAliasType (defined in PEP 695) obtained with the type X = int syntax introduced in python 3.12. Now in all cases one such alias must be explicitly added to the type map for it to be usable inside Mapped. This change also revises the approach added in #11305, now requiring the TypeAliasType to be added to the type map. Documentation on how unions and type alias types are handled by SQLAlchemy has been added in the orm_declarative_mapped_column_type_map section of the documentation.

  References: #11955

• [orm] [bug] Fixed regression caused by an internal code change in response to recent Mypy releases that caused the very unusual case of a list of ORM-mapped attribute expressions passed to ColumnOperators.in_() to no longer be accepted.

  References: #12019

• [orm] [bug] Fixed issues in type handling within the _orm.registry.type_annotation_map feature which prevented the use of unions, using either pep-604 or Union syntaxes under future

... (truncated)

Commits

• See full diff in compare view

Updates ruff from 0.8.0 to 0.9.2

Release notes

Sourced from ruff's releases.

0.9.2

Release Notes

Preview features

• [airflow] Fix typo "security_managr" to "security_manager" (AIR303) (#15463)
• [airflow] extend and fix AIR302 rules (#15525)
• [fastapi] Handle parameters with Depends correctly (FAST003) (#15364)
• [flake8-pytest-style] Implement pytest.warns diagnostics (PT029, PT030, PT031) (#15444)
• [flake8-pytest-style] Test function parameters with default arguments (PT028) (#15449)
• [flake8-type-checking] Avoid false positives for | in TC008 (#15201)

Rule changes

• [flake8-todos] Allow VSCode GitHub PR extension style links in missing-todo-link (TD003) (#15519)
• [pyflakes] Show syntax error message for F722 (#15523)

Formatter

• Fix curly bracket spacing around f-string expressions containing curly braces (#15471)
• Fix joining of f-strings with different quotes when using quote style Preserve (#15524)

Server

• Avoid indexing the same workspace multiple times (#15495)
• Display context for ruff.configuration errors (#15452)

Configuration

• Remove flatten to improve deserialization error messages (#15414)

Bug fixes

• Parse triple-quoted string annotations as if parenthesized (#15387)
• [fastapi] Update Annotated fixes (FAST002) (#15462)
• [flake8-bandit] Check for builtins instead of builtin (S102, PTH123) (#15443)
• [flake8-pathlib] Fix --select for os-path-dirname (PTH120) (#15446)
• [ruff] Fix false positive on global keyword (RUF052) (#15235)

Contributors

• @​AlexWaygood
• @​BurntSushi
• @​Daverball
• @​Garrett-R
• @​Glyphack
• @​InSyncWithFoo
• @​Lee-W
• @​MichaReiser
• @​cake-monotone

... (truncated)

Changelog

Sourced from ruff's changelog.

0.9.2

Preview features

• [airflow] Fix typo "security_managr" to "security_manager" (AIR303) (#15463)
• [airflow] extend and fix AIR302 rules (#15525)
• [fastapi] Handle parameters with Depends correctly (FAST003) (#15364)
• [flake8-pytest-style] Implement pytest.warns diagnostics (PT029, PT030, PT031) (#15444)
• [flake8-pytest-style] Test function parameters with default arguments (PT028) (#15449)
• [flake8-type-checking] Avoid false positives for | in TC008 (#15201)

Rule changes

• [flake8-todos] Allow VSCode GitHub PR extension style links in missing-todo-link (TD003) (#15519)
• [pyflakes] Show syntax error message for F722 (#15523)

Formatter

• Fix curly bracket spacing around f-string expressions containing curly braces (#15471)
• Fix joining of f-strings with different quotes when using quote style Preserve (#15524)

Server

• Avoid indexing the same workspace multiple times (#15495)
• Display context for ruff.configuration errors (#15452)

Configuration

• Remove flatten to improve deserialization error messages (#15414)

Bug fixes

• Parse triple-quoted string annotations as if parenthesized (#15387)
• [fastapi] Update Annotated fixes (FAST002) (#15462)
• [flake8-bandit] Check for builtins instead of builtin (S102, PTH123) (#15443)
• [flake8-pathlib] Fix --select for os-path-dirname (PTH120) (#15446)
• [ruff] Fix false positive on global keyword (RUF052) (#15235)

0.9.1

Preview features

• [pycodestyle] Run too-many-newlines-at-end-of-file on each cell in notebooks (W391) (#15308)
• [ruff] Omit diagnostic for shadowed private function parameters in used-dummy-variable (RUF052) (#15376)

Rule changes

• [flake8-bugbear] Improve assert-raises-exception message (B017) (#15389)

Formatter

... (truncated)

Commits

• 0a39348 Include build binaries
• 027f800 Comment out non-npm-publish jobs
• 425870d Upload npm publish logs when failed
• c20255a Bump version to 0.9.2 (#15529)
• 4203658 Fix joining of f-strings with different quotes when using quote style `Preser...
• fc9dd63 [airflow] extend and fix AIR302 rules (#15525)
• 79e52c7 [pyflakes] Show syntax error message for F722 (#15523)
• cf4ab7c Parse triple quoted string annotations as if parenthesized (#15387)
• d2656e8 [flake8-todos] Allow VSCode GitHub PR extension style links in `missing-tod...
• c53ee60 Typeshed-sync workflow: add appropriate labels, link directly to failing run ...
• Additional commits viewable in compare view

Updates mypy from 1.13.0 to 1.14.1

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next release

Performance improvements

Mypy may be 5-30% faster. This improvement comes largely from tuning the performance of the garbage collector.

Contributed by Jukka Lehtosalo (PR 18306).

Drop Support for Python 3.8

Mypy no longer supports running with Python 3.8, which has reached end-of-life. When running mypy with Python 3.9+, it is still possible to type check code that needs to support Python 3.8 with the --python-version 3.8 argument. Support for this will be dropped in the first half of 2025!

Contributed by Marc Mueller (PR 17492).

Mypyc accelerated mypy wheels for aarch64

Mypy can compile itself to C extension modules using mypyc. This makes mypy 3-5x faster than if mypy is interpreted with pure Python. We now build and upload mypyc accelerated mypy wheels for manylinux_aarch64 to PyPI, making it easy for users on such platforms to realise this speedup.

Contributed by Christian Bundy (PR mypy_mypyc-wheels#76)

--strict-bytes

By default, mypy treats an annotation of bytes as permitting bytearray and memoryview. PEP 688 specified the removal of this special case. Use this flag to disable this behavior. --strict-bytes will be enabled by default in mypy 2.0.

Contributed by Ali Hamdan (PR 18137) and Shantanu Jain (PR 13952).

Improvements to reachability analysis and partial type handling in loops

This change results in mypy better modelling control flow within loops and hence detecting several issues it previously did not detect. In some cases, this change may require use of an additional explicit annotation of a variable.

Contributed by Christoph Tyralla (PR 18180, PR).

(Speaking of partial types, another reminder that mypy plans on enabling --local-partial-types by default in mypy 2.0).

... (truncated)

Commits

• 251d12f Remove +dev from version for release 1.14.1
• 667e5f7 Revert "Remove redundant inheritances from Iterator in builtins" (#18324)
• 67f673a Fix enum truthiness for StrEnum (#18379)
• 3755abb Fix getargs argument passing (#18350)
• b9fa8ee Update version to 1.14.1+dev for point release
• 6f37859 Remove +dev from version for release 1.14
• 5a6a754 Minor updates to 1.14 changelog (#18310)
• 9772d48 Update changelog for release 1.14 (#18301)
• 92473c8 Warn about --follow-untyped-imports (#18249)
• e6ce8be PEP 702 (@​deprecated): descriptors (#18090)
• Additional commits viewable in compare view

Updates matplotlib from 3.9.2 to 3.10.0

Release notes

Sourced from matplotlib's releases.

REL: v3.10.0

Highlights of this release include:

- Preliminary support for free-threaded CPython 3.13
- New more-accessible color cycle
- Dark-mode diverging colormaps
- Exception handling control
- InsetIndicator artist
- FillBetweenPolyCollection
- Fill between 3D lines
- Data in 3D plots can now be dynamically clipped to the axes view limits
- Rotating 3d plots with the mouse
- Increased Figure limits with Agg renderer
- Subfigures no longer provisional
- Subfigures are now added in row-major order

Matplotlib v3.10.0rc1

This is the first release candidate for Matplotlib 3.10.0

REL: 3.9.4

This is the fourth bugfix release of the 3.9.x series.

This release contains two bug-fixes:

• Fix toolbar icons in GTK backend
• Fix Poly3DCollection initialization with list of lists

REL: 3.9.3

This is the third bugfix release of the 3.9.x series.

This release contains several bug-fixes and adjustments:

• Fix axline with extremely small slopes
• Fix axline with non-linear axis scales
• Fix minimumSizeHint with Qt backend
• Fix config directory usage when it's behind a symlink
• Fix draggable legend when blitting is enabled
• Fix high CPU utilization in the macosx backend
• Fix multiple hatch edgecolors passed to contourf
• Improve compatibility with pytest 8.2.0

Commits

• 8d64f03 REL: v3.10.0 release
• d9dfee8 [doc] Fix dead links
• 87a603f Update release notes for 3.10.0
• cdecf97 Update github stats for 3.10
• b8d19bd Merge pull request #29306 from meeseeksmachine/auto-backport-of-pr-29242-on-v...
• a42d0ed Backport PR #29242: DOC: Add kwdoc list to scatter() docstring
• 1900640 Merge pull request #29299 from QuLogic/merge-v39x
• 815389c Merge branch 'v3.9.x' into v3.10.x
• 73873c0 DOC: Create release notes for 3.9.4
• 9d17a2b DOC: Add Zenodo DOI for 3.9.4
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Superseded by #7.