Deps: Bump the python-packages group with 4 updates

[dependabot]

Bumps the python-packages group with 4 updates: python-gvm, furo, ruff and starlette.

Updates python-gvm from 26.3.0 to 26.4.0

Release notes

Sourced from python-gvm's releases.

python-gvm 26.4.0

26.4.0 - 2025-07-16

👷 Changed

• Use all upper case GMP everywhere by @​bjoernricks in #1246

🚢 Dependencies

• Bump the python-packages group with 3 updates by @​dependabot[bot] in #1245

Commits

• 6c25fb8 Automatic release to 26.4.0
• 33b153b change: Use all upper case GMP everywhere
• f6b0a37 Adjust GMPNext imports
• 9965654 Rename GMPv228 to GMPNext and packages accordingly
• 79156d7 Deps: Bump the python-packages group with 3 updates
• e9760ae Automatic adjustments after release [skip ci]
• See full diff in compare view

Updates furo from 2024.8.6 to 2025.7.19

Changelog

Sourced from furo's changelog.

Changelog

2025.07.19 -- Frozen Flame

• ✨ Switch to accessible-pygments themes
• ✨ Prefetch the sidebar logos
• ✨ Fix flickering header drop shadow on Safari
• Add rel=edit attribute to "Edit this page" link/icon
• Bump NodeJS and npm dependency versions
• Bump Saas & Webpack major versions
• Improve current page detection to be resilient to sticky elements above header
• Modernise Sass and use @use + @forward
• Remove top of code border-radius with captions
• Remove "debug printf" for headerTop value
• Use distinct images for light and dark mode in the documentation
• Use the modern Saas Modules

2024.08.06 -- Energetic Eminence

• ✨ Add support for Sphinx 8
• ✨ Add smoother transitions between breakpoints
• Increase specificity of table-wrapper selector
• Avoid page breaks inside paragraphs

2024.07.18 -- Dull Denim

• Improve how icons are handled and aligned.
• Improve scroll event handler.
• Hide the copybutton by default.
• Fix source_view_link configuration handling.
• Fix close tag on pencil icon.

2024.05.06 -- Cheerful Cerulean

• ✨ Add new custom icons for auto mode, reflecting the currently active theme.
• ✨ Add a view this page button.
• ✨ Add colours and highlighting to "version modified" API helpers.
• ✨ Add release information to various customisation knobs.
• Make all icons bigger and use a thinner stroke with them.

... (truncated)

Commits

• e2cbfce Prepare release: 2025.07.19
• 2753741 Update changelog
• 5dc72a3 Prefetch the sidebar logos
• 01eb613 Use @use variables as *
• 0dab870 Modernise Sass and use @use + @forward
• 6a76aa7 Silence mypy on pygments attributes
• 7d57173 Use distinct images for light and dark mode
• 007374a Drop the URL to unsplash
• 03c8880 Make current page section detection resilient to sticky elements above header...
• ff34139 Fix flickering header drop shadow (#884)
• Additional commits viewable in compare view

Updates ruff from 0.12.3 to 0.12.4

Release notes

Sourced from ruff's releases.

0.12.4

Release Notes

Preview features

• [flake8-type-checking, pyupgrade, ruff] Add from __future__ import annotations when it would allow new fixes (TC001, TC002, TC003, UP037, RUF013) (#19100)
• [flake8-use-pathlib] Add autofix for PTH109 (#19245)
• [pylint] Detect indirect pathlib.Path usages for unspecified-encoding (PLW1514) (#19304)

Bug fixes

• [flake8-bugbear] Fix B017 false negatives for keyword exception arguments (#19217)
• [flake8-use-pathlib] Fix false negative on direct Path() instantiation (PTH210) (#19388)
• [flake8-django] Fix DJ008 false positive for abstract models with type-annotated abstract field (#19221)
• [isort] Fix I002 import insertion after docstring with multiple string statements (#19222)
• [isort] Treat form feed as valid whitespace before a semicolon (#19343)
• [pydoclint] Fix SyntaxError from fixes with line continuations (D201, D202) (#19246)
• [refurb] FURB164 fix should validate arguments and should usually be marked unsafe (#19136)

Rule changes

• [flake8-use-pathlib] Skip single dots for invalid-pathlib-with-suffix (PTH210) on versions >= 3.14 (#19331)
• [pep8_naming] Avoid false positives on standard library functions with uppercase names (N802) (#18907)
• [pycodestyle] Handle brace escapes for t-strings in logical lines (#19358)
• [pylint] Extend invalid string character rules to include t-strings (#19355)
• [ruff] Allow strict kwarg when checking for starmap-zip (RUF058) in Python 3.14+ (#19333)

Documentation

• [flake8-type-checking] Make TC010 docs example more realistic (#19356)
• Make more documentation examples error out-of-the-box (#19288,#19272,#19291,#19296,#19292,#19295,#19297,#19309)

Contributors

• @​AlexWaygood
• @​BurntSushi
• @​Gankra
• @​MatthewMckee4
• @​MeGaGiGaGon
• @​MichaReiser
• @​UnboundVariable
• @​chirizxc
• @​close2code-palm
• @​corneliusroemer
• @​danparizher
• @​dcreager
• @​dhruvmanila
• @​dylwil3
• @​github-actions
• @​ntBre
• @​oconnor663

... (truncated)

Changelog

Sourced from ruff's changelog.

0.12.4

Preview features

• [flake8-type-checking, pyupgrade, ruff] Add from __future__ import annotations when it would allow new fixes (TC001, TC002, TC003, UP037, RUF013) (#19100)
• [flake8-use-pathlib] Add autofix for PTH109 (#19245)
• [pylint] Detect indirect pathlib.Path usages for unspecified-encoding (PLW1514) (#19304)

Bug fixes

• [flake8-bugbear] Fix B017 false negatives for keyword exception arguments (#19217)
• [flake8-use-pathlib] Fix false negative on direct Path() instantiation (PTH210) (#19388)
• [flake8-django] Fix DJ008 false positive for abstract models with type-annotated abstract field (#19221)
• [isort] Fix I002 import insertion after docstring with multiple string statements (#19222)
• [isort] Treat form feed as valid whitespace before a semicolon (#19343)
• [pydoclint] Fix SyntaxError from fixes with line continuations (D201, D202) (#19246)
• [refurb] FURB164 fix should validate arguments and should usually be marked unsafe (#19136)

Rule changes

• [flake8-use-pathlib] Skip single dots for invalid-pathlib-with-suffix (PTH210) on versions >= 3.14 (#19331)
• [pep8_naming] Avoid false positives on standard library functions with uppercase names (N802) (#18907)
• [pycodestyle] Handle brace escapes for t-strings in logical lines (#19358)
• [pylint] Extend invalid string character rules to include t-strings (#19355)
• [ruff] Allow strict kwarg when checking for starmap-zip (RUF058) in Python 3.14+ (#19333)

Documentation

• [flake8-type-checking] Make TC010 docs example more realistic (#19356)
• Make more documentation examples error out-of-the-box (#19288,#19272,#19291,#19296,#19292,#19295,#19297,#19309)

Commits

• ee2759b Bump 0.12.4 (#19406)
• 35f33d9 [ty] publish settings diagnostics (#19335)
• 5d78b31 [flake8-use-pathlib] Add autofix for PTH109 (#19245)
• c2a05b4 [ty] Use bitflags for resolved client capabilities (#19393)
• fae0b5c [ty] Initial implementation of declaration and definition providers. (#19371)
• cbe94b0 [ty] Support empty function bodies in if TYPE_CHECKING blocks (#19372)
• 029de78 [flake8-use-pathlib] Fix false negative on direct Path() instantiation (`...
• ff94fe7 Treat form feed as valid whitespace before a semicolon (#19343)
• b2501b4 [pylint] Detect indirect pathlib.Path usages for unspecified-encoding (...
• 291699b [refurb] FURB164 fix should validate arguments and should usually be mark...
• Additional commits viewable in compare view

Updates starlette from 0.47.1 to 0.47.2

Release notes

Sourced from starlette's releases.

0.47.2

Fixed

• Make UploadFile check for future rollover #2962.

---

New Contributors

• @​HonakerM made their first contribution in encode/starlette#2962

Full Changelog: Kludex/starlette@0.47.1...0.47.2

Changelog

Sourced from starlette's changelog.

0.47.2 (July 20, 2025)

Fixed

• Make UploadFile check for future rollover #2962.

Commits

• 6ee94f2 Version 0.47.2 (#2965)
• 9f7ec2e Make UploadFile check for future rollover (#2962)
• 540ff5f Bump the python-packages group with 7 updates (#2957)
• d4dd545 docs: add Google Analytics (#2963)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA f311499.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package	Version	Score	Details
pip/accessible-pygments	0.0.5	Unknown	Unknown
pip/furo	2025.7.19	🟢 3.9	Details Check Score Reason Maintained ⚠️ 2 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 Code-Review ⚠️ 0 Found 2/24 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
pip/python-gvm	26.4.0	🟢 5.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 4 Found 3/7 approved changesets -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities ⚠️ 1 9 existing vulnerabilities detected
pip/ruff	0.12.4	Unknown	Unknown
pip/starlette	0.47.2	🟢 6	Details Check Score Reason Code-Review 🟢 5 Found 14/25 approved changesets -- score normalized to 5 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 13 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• poetry.lock

[github-actions]

Conventional Commits Report

Type	Number
Dependencies	1

🚀 Conventional commits found.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 49.27%. Comparing base (0cbe8bd) to head (f311499).
Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1234   +/-   ##
=======================================
  Coverage   49.27%   49.27%           
=======================================
  Files          18       18           
  Lines        1240     1240           
=======================================
  Hits          611      611           
  Misses        629      629           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.