Deps: Bump the python-packages group with 4 updates

[dependabot]

Bumps the python-packages group with 4 updates: python-gvm, rope, certifi and ruff.

Updates python-gvm from 26.2.0 to 26.3.0

Release notes

Sourced from python-gvm's releases.

python-gvm 26.3.0

26.3.0 - 2025-07-10

✨ Added

• New GMP version 22.8 with agent installers by @​timopollmeier in #1243
• Support for the openvasd HTTP API by @​timopollmeier in f5e8929
• Add documentation for HTTP APIs, small refactoring by @​timopollmeier in 8b3837c
• Address linter warnings by @​timopollmeier in abbf759
• Address linter warnings in HTTP tests by @​timopollmeier in 4ce9b5f
• Add http2 packages to poetry files. by @​ozgen in 38935d2
• Add new HTTP API structure and introduce modular sub-APIs by @​ozgen in 55b5543
• Add dataclass-based scan creation and get_preferences endpoint by @​ozgen in #1215

👷 Changed

• Require httpx as direct dependency for openvasd API by @​bjoernricks in added46

🐛 Bug Fixes

• Fix type hints for change to httpx by @​timopollmeier in 8d323c9
• Fix the conflict in the poetry.lock by @​ozgen in ff4b626

🔥 Removed

• Remove core package from protocols.http by @​ozgen in a102353
• Remove old implementation of openvasd1 by @​ozgen in 19f2057

📚 Documentation

• Update and fix openvasd API documentation pages by @​ozgen in 56e2268
• Add sphinx autobuild for auto rebuilding the docs in a local server by @​bjoernricks in ea59759

🚢 Dependencies

• Bump urllib3 from 2.4.0 to 2.5.0 by @​dependabot[bot] in #1237
• Bump the python-packages group across 1 directory with 6 updates by @​dependabot[bot] in #1238
• Bump pygments from 2.19.1 to 2.19.2 in the python-packages group by @​dependabot[bot] in #1239
• Bump the python-packages group with 3 updates by @​dependabot[bot] in #1240
• Bump the python-packages group with 5 updates by @​dependabot[bot] in #1242

python-gvm 26.2.1

[26.2.1] - 2025-06-11

🐛 Bug Fixes

• Correctly determine GMP 22.7 as supported protocol by @​wiegandm in 8f3ea98
• Remove duplicate test for '22.6' by @​wiegandm in #1235

... (truncated)

Commits

• a759e13 Automatic release to 26.3.0
• 7102566 Add dataclass-based scan creation and get_preferences endpoint
• ea59759 docs: Add sphinx autobuild for auto rebuilding the docs in a local server
• 3a4e921 Improve returned objects of Metadata API methods
• 3f39150 Improve docs for openvasd http v1 API
• 89bd2a8 Cleanup and improve the openvasd API
• added46 change: Require httpx as direct dependency for openvasd API
• 113d7e6 Mark all modules of openvasd API as private
• 05a6939 Mark OpenvasdHttpAPIv1 as public for gvm.protocols.http.openvasd
• 70a50b0 Rename openvasd API class
• Additional commits viewable in compare view

Updates rope from 1.13.0 to 1.14.0

Release notes

Sourced from rope's releases.

1.14.0

What's Changed

• Isolate tests that uses external_fixturepkg into a venv by @​lieryan in python-rope/rope#783
• Refactor movetest.py by @​lieryan in python-rope/rope#785
• Update github workflows by @​lieryan in python-rope/rope#786
• Add type hints to importinfo.py and add repr to ImportInfo by @​lieryan in python-rope/rope#787
• Fix mention of Move -> create_move in docs by @​smheidrich in python-rope/rope#795
• Implement preferred_import_style by @​lieryan in python-rope/rope#788
• Add explicit sphinx.configuration key by @​lieryan in python-rope/rope#820
• Update GHA Python versions by @​lieryan in python-rope/rope#805
• Python3.13 compat by @​Nowa-Ammerlaan in python-rope/rope#809
• Adapt conditional for Python 3.14 by @​penguinpee in python-rope/rope#818

New Contributors

• @​smheidrich made their first contribution in python-rope/rope#795
• @​Nowa-Ammerlaan made their first contribution in python-rope/rope#809
• @​penguinpee made their first contribution in python-rope/rope#818

Full Changelog: python-rope/rope@1.13.0-rc1...1.14.0

Changelog

Sourced from rope's changelog.

Release 1.14.0

• #787 Add type hints to importinfo.py and add repr to ImportInfo (@​lieryan)
• #786 Upgrade Actions used in Github Workflows (@​lieryan)
• #785 Refactoring movetest.py (@​lieryan)
• #788 Introduce the preferred_import_style configuration (@​nicoolas25, @​lieryan)
• #820 Add explicit sphinx.configuration key (@​lieryan)
• #805 Update GHA Python versions by (@​lieryan)
• #809 Python3.13 compat (@​Nowa-Ammerlaan)
• #818 Adapt conditional for Python 3.14 (@​penguinpee)

Commits

• a32584f Update python-publish.yml
• ed27cae Fix CHANGELOG.md
• 42a6994 Update CHANGELOG.md
• 3eab746 Bump version
• af941c5 add penguinpee as a contributor for code
• 9137e63 Merge pull request #818 from penguinpee/py314
• e200801 Merge branch 'master' into py314
• a665d09 add Nowa-Ammerlaan as a contributor for code
• 03c3970 Merge pull request #805 from python-rope/lieryan-update-python-actions-versions
• 084e955 Merge pull request #820 from python-rope/lieryan-fix-rtd
• Additional commits viewable in compare view

Updates certifi from 2025.6.15 to 2025.7.14

Commits

• ddd90c6 2025.07.14 (#359)
• d905221 2025.07.09 (#358)
• See full diff in compare view

Updates ruff from 0.12.2 to 0.12.3

Release notes

Sourced from ruff's releases.

0.12.3

Release Notes

Preview features

• [flake8-bugbear] Support non-context-manager calls in B017 (#19063)
• [flake8-use-pathlib] Add autofixes for PTH100, PTH106, PTH107, PTH108, PTH110, PTH111, PTH112, PTH113, PTH114, PTH115, PTH117, PTH119, PTH120 (#19213)
• [flake8-use-pathlib] Add autofixes for PTH203, PTH204, PTH205 (#18922)

Bug fixes

• [flake8-return] Fix false-positive for variables used inside nested functions in RET504 (#18433)
• Treat form feed as valid whitespace before a line continuation (#19220)
• [flake8-type-checking] Fix syntax error introduced by fix (TC008) (#19150)
• [pyupgrade] Keyword arguments in super should suppress the UP008 fix (#19131)

Documentation

• [flake8-pyi] Make example error out-of-the-box (PYI007, PYI008) (#19103)
• [flake8-simplify] Make example error out-of-the-box (SIM116) (#19111)
• [flake8-type-checking] Make example error out-of-the-box (TC001) (#19151)
• [flake8-use-pathlib] Make example error out-of-the-box (PTH210) (#19189)
• [pycodestyle] Make example error out-of-the-box (E272) (#19191)
• [pycodestyle] Make example not raise unnecessary SyntaxError (E114) (#19190)
• [pydoclint] Make example error out-of-the-box (DOC501) (#19218)
• [pylint, pyupgrade] Fix syntax errors in examples (PLW1501, UP028) (#19127)
• [pylint] Update missing-maxsplit-arg docs and error to suggest proper usage (PLC0207) (#18949)
• [flake8-bandit] Make example error out-of-the-box (S412) (#19241)

Contributors

• @​AlexWaygood
• @​BurntSushi
• @​Gankra
• @​InSyncWithFoo
• @​LaBatata101
• @​MatthewMckee4
• @​MeGaGiGaGon
• @​MichaReiser
• @​NamelessGO
• @​UnboundVariable
• @​abhijeetbodas2001
• @​carljm
• @​charliermarsh
• @​chirizxc
• @​danparizher
• @​dhruvmanila
• @​fdosani
• @​github-actions
• @​ibraheemdev

... (truncated)

Changelog

Sourced from ruff's changelog.

0.12.3

Preview features

• [flake8-bugbear] Support non-context-manager calls in B017 (#19063)
• [flake8-use-pathlib] Add autofixes for PTH100, PTH106, PTH107, PTH108, PTH110, PTH111, PTH112, PTH113, PTH114, PTH115, PTH117, PTH119, PTH120 (#19213)
• [flake8-use-pathlib] Add autofixes for PTH203, PTH204, PTH205 (#18922)

Bug fixes

• [flake8-return] Fix false-positive for variables used inside nested functions in RET504 (#18433)
• Treat form feed as valid whitespace before a line continuation (#19220)
• [flake8-type-checking] Fix syntax error introduced by fix (TC008) (#19150)
• [pyupgrade] Keyword arguments in super should suppress the UP008 fix (#19131)

Documentation

• [flake8-pyi] Make example error out-of-the-box (PYI007, PYI008) (#19103)
• [flake8-simplify] Make example error out-of-the-box (SIM116) (#19111)
• [flake8-type-checking] Make example error out-of-the-box (TC001) (#19151)
• [flake8-use-pathlib] Make example error out-of-the-box (PTH210) (#19189)
• [pycodestyle] Make example error out-of-the-box (E272) (#19191)
• [pycodestyle] Make example not raise unnecessary SyntaxError (E114) (#19190)
• [pydoclint] Make example error out-of-the-box (DOC501) (#19218)
• [pylint, pyupgrade] Fix syntax errors in examples (PLW1501, UP028) (#19127)
• [pylint] Update missing-maxsplit-arg docs and error to suggest proper usage (PLC0207) (#18949)
• [flake8-bandit] Make example error out-of-the-box (S412) (#19241)

Commits

• 5bc81f2 Bump 0.12.3 (#19279)
• 6908e26 Filter ruff_linter::VERSION out of SARIF output tests (#19280)
• 25c4295 [ty] Avoid stale diagnostics for open files diagnostic mode (#19273)
• 426fa4b [ty] Add signature help provider to playground (#19276)
• b0b65c2 [ty] Initial implementation of signature help provider (#19194)
• 08bc6d2 Add simple integration tests for all output formats (#19265)
• f2ae12b [flake8-return] Fix false-positive for variables used inside nested functio...
• 965f415 [ty] Add a --quiet mode (#19233)
• 83b5bbf Treat form feed as valid whitespace before a line continuation (#19220)
• 87f6f08 [ty] Make check_file a salsa query (#19255)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA bd974b8.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

poetry.lock

Package	Version	License	Issue Type
certifi	2025.7.14	Null	Unknown License

Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-only, GPL-3.0-or-later, GPL-3.0, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-DFS-2016, Unlicense, Zlib, ZPL-2.1

OpenSSF Scorecard

Package	Version	Score	Details
pip/certifi	2025.7.14	🟢 7	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 4 Found 2/5 approved changesets -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Maintained 🟢 9 8 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 9 Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 9 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/python-gvm	26.3.0	🟢 5.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 1/3 approved changesets -- score normalized to 3 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities ⚠️ 1 9 existing vulnerabilities detected
pip/rope	1.14.0	🟢 5.1	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Code-Review ⚠️ 1 Found 1/9 approved changesets -- score normalized to 1 Maintained 🟢 5 7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST 🟢 8 SAST tool detected but not run on all commits
pip/ruff	0.12.3	Unknown	Unknown

Scanned Files

• poetry.lock

[github-actions]

Conventional Commits Report

Type	Number
Dependencies	1

🚀 Conventional commits found.