Deps: Bump the python-packages group with 4 updates

[dependabot]

Bumps the python-packages group with 4 updates: python-gvm, pontos, coverage and ruff.

Updates python-gvm from 26.4.0 to 26.5.0

Release notes

Sourced from python-gvm's releases.

python-gvm 26.5.0

26.5.0 - 2025-08-12

✨ Added

• GMP commands for agents and agent groups in GmpNext by @​ozgen in 30daff5
• Added GMP commands for OCI image targets by @​a-h-abdelsalam in #1249
• Support for agent group tasks in GmpNext by @​ozgen in #1252

🚢 Dependencies

• Bump the python-packages group with 3 updates by @​dependabot[bot] in #1247
• Bump the python-packages group with 4 updates by @​dependabot[bot] in #1250
• Bump the python-packages group with 7 updates by @​dependabot[bot] in #1251
• Bump the python-packages group with 6 updates by @​dependabot[bot] in #1253
• Bump actions/checkout from 4 to 5 in the github-actions group by @​dependabot[bot] in #1254

Commits

• 8f0581f Automatic release to 26.5.0
• 4588f00 Deps: Bump actions/checkout from 4 to 5 in the github-actions group
• efd08bb Deps: Bump the python-packages group with 6 updates
• a323cb9 Add: support for agent group tasks in GmpNext
• e78e2b1 Deps: Bump the python-packages group with 7 updates
• 7e8feb6 Deps: Bump the python-packages group with 4 updates
• 73e8626 Add: Added GMP commands for OCI image targets
• 4be8ae6 Update gvm/protocols/gmp/_gmpnext.py
• fdf6a2f Update gvm/protocols/gmp/requests/next/_agent_groups.py
• 30daff5 Add: GMP commands for agents and agent groups in GmpNext
• Additional commits viewable in compare view

Updates pontos from 25.7.2 to 25.8.0

Release notes

Sourced from pontos's releases.

pontos 25.8.0

25.8.0 - 2025-08-12

Changed

• Make it possible to read [workspace.project] in cargo.toml 57ca3c2c

Bug Fixes

• Use 'Array' in cargo tests instead of 'Table' cabc6ea7

Dependencies

• Bump the python-packages group with 3 updates a5e524c5
• Bump the python-packages group with 3 updates 0be16215

Commits

• f004abb Automatic release to 25.8.0
• cabc6ea Fix: Use 'Array' in cargo tests instead of 'Table'
• 57ca3c2 change: Make it possible to read [workspace.project] in cargo.toml
• a5e524c Deps: Bump the python-packages group with 3 updates
• 0be1621 Deps: Bump the python-packages group with 3 updates
• 3c8a746 Automatic adjustments after release [skip ci]
• See full diff in compare view

Updates coverage from 7.10.3 to 7.10.4

Changelog

Sourced from coverage's changelog.

Version 7.10.4 — 2025-08-16

• Added patch = fork for times when the built-in forking support is insufficient.

• Fix: patch = execv also inherits the entire coverage configuration now.

.. _changes_7-10-3:

Commits

• 1cd29f2 docs: sample HTML for 7.10.4
• 92a91e9 docs: prep for 7.10.4
• 9ee6390 debug: more details in debug messages
• 6af8a5d feat: patch=fork
• 0eb292d refactor: a nicer way to inject config from the environment
• 183cd9b build: tweaks to how the python build is bannered for tox
• 6c2fb87 chore: make upgrade
• a22436c test: since 62434e79 we don't need to account for .tox
• 4ab4bb0 test: add a test for env var truncation
• bf1a970 refactor: better style for constants
• Additional commits viewable in compare view

Updates ruff from 0.12.8 to 0.12.9

Release notes

Sourced from ruff's releases.

0.12.9

Release Notes

Preview features

• [airflow] Add check for airflow.secrets.cache.SecretCache (AIR301) (#17707)
• [ruff] Offer a safe fix for multi-digit zeros (RUF064) (#19847)

Bug fixes

• [flake8-blind-except] Fix BLE001 false-positive on raise ... from None (#19755)
• [flake8-comprehensions] Fix false positive for C420 with attribute, subscript, or slice assignment targets (#19513)
• [flake8-simplify] Fix handling of U+001C..U+001F whitespace (SIM905) (#19849)

Rule changes

• [pylint] Use lowercase hex characters to match the formatter (PLE2513) (#19808)

Documentation

• Fix lint.future-annotations link (#19876)

Other changes

• Build riscv64 binaries for release (#19819)
• Add rule code to error description in GitLab output (#19896)

Contributors

• @​AlexWaygood
• @​Gankra
• @​MatthewMckee4
• @​MichaReiser
• @​PrettyWood
• @​RazerM
• @​carljm
• @​danparizher
• @​dcreager
• @​deliro
• @​dhruvmanila
• @​ember91
• @​ffgan
• @​harupy
• @​ibraheemdev
• @​mtshiba
• @​nguu0123
• @​ntBre
• @​oconnor663
• @​prabhusneha
• @​renovate

... (truncated)

Changelog

Sourced from ruff's changelog.

0.12.9

Preview features

• [airflow] Add check for airflow.secrets.cache.SecretCache (AIR301) (#17707)
• [ruff] Offer a safe fix for multi-digit zeros (RUF064) (#19847)

Bug fixes

• [flake8-blind-except] Fix BLE001 false-positive on raise ... from None (#19755)
• [flake8-comprehensions] Fix false positive for C420 with attribute, subscript, or slice assignment targets (#19513)
• [flake8-simplify] Fix handling of U+001C..U+001F whitespace (SIM905) (#19849)

Rule changes

• [pylint] Use lowercase hex characters to match the formatter (PLE2513) (#19808)

Documentation

• Fix lint.future-annotations link (#19876)

Other changes

• Build riscv64 binaries for release (#19819)
• Add rule code to error description in GitLab output (#19896)

Commits

• ef42246 Bump 0.12.9 (#19917)
• dc2e8ab [ty] support kw_only=True for dataclass() and field() (#19677)
• 9aaa82d Feature/build riscv64 bin (#19819)
• 3288ac2 [ty] Add caching to CodeGeneratorKind::matches() (#19912)
• 1167ed6 [ty] Rename functionArgumentNames to callArgumentNames inlay hint setting...
• 2ee47d8 [ty] Default ty.inlayHints.* server settings to true (#19910)
• d324ced [ty] Remove py-fuzzer skips for seeds that are no longer slow (#19906)
• 5a570c8 [ty] fix deferred name loading in PEP695 generic classes/functions (#19888)
• baadb5a [ty] Add some additional type safety to CycleDetector (#19903)
• df0648a [flake8-blind-except] Fix BLE001 false-positive on raise ... from None ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
pip/coverage	7.10.4	🟢 8.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 28 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 3/29 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Vulnerabilities 🟢 10 0 existing vulnerabilities detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed CII-Best-Practices 🟢 5 badge detected: Passing Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits
pip/pontos	25.8.0	🟢 7.3	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 2 Found 4/14 approved changesets -- score normalized to 2 Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Packaging 🟢 10 packaging workflow detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected CI-Tests 🟢 10 13 out of 13 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 6 project has 2 contributing companies or organizations -- score normalized to 6
pip/python-gvm	26.5.0	🟢 6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 5 Found 6/12 approved changesets -- score normalized to 5 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Vulnerabilities ⚠️ 1 9 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits
pip/ruff	0.12.9	Unknown	Unknown

Scanned Files

• poetry.lock

[github-actions]

Conventional Commits Report

Type	Number
Dependencies	1

🚀 Conventional commits found.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 49.31%. Comparing base (c677235) to head (0fcfeb8).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1242   +/-   ##
=======================================
  Coverage   49.31%   49.31%           
=======================================
  Files          18       18           
  Lines        1239     1239           
=======================================
  Hits          611      611           
  Misses        628      628           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.