Skip to content

chore(deps-dev): bump the development-dependencies group with 3 updates#100

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/development-dependencies-42901cc297
Open

chore(deps-dev): bump the development-dependencies group with 3 updates#100
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/development-dependencies-42901cc297

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the development-dependencies group with 3 updates: coverage, gitpython and python-semantic-release.

Updates coverage from 7.15.0 to 7.15.1

Changelog

Sourced from coverage's changelog.

Version 7.15.1 — 2026-07-12

  • Fix: in the HTML report with show_contexts enabled, a context label containing </script> (for example a parametrized pytest node id) could close the inline <script> element in a file page early, injecting markup. Context labels are now fully escaped. Thanks, Rajath Mohare <pull 2224_>_.

  • A number of performance improvements thanks to Paul Kehrer, in pull requests 2213 <pull 2213_>, 2214 <pull 2214_>, 2215 <pull 2215_>, 2216 <pull 2216_>, 2218 <pull 2218_>, 2220 <pull 2220_>, and 2221 <pull 2221_>_.

.. _pull 2213: coveragepy/coveragepy#2213 .. _pull 2214: coveragepy/coveragepy#2214 .. _pull 2215: coveragepy/coveragepy#2215 .. _pull 2216: coveragepy/coveragepy#2216 .. _pull 2218: coveragepy/coveragepy#2218 .. _pull 2220: coveragepy/coveragepy#2220 .. _pull 2221: coveragepy/coveragepy#2221 .. _pull 2224: coveragepy/coveragepy#2224

.. _changes_7-15-0:

Commits
  • da63bed docs: sample HTML for 7.15.1
  • bc35e64 docs: prep for 7.15.1
  • 182b010 perf: resolve sysmon branch events lazily, one pair at a time (#2221)
  • ee271ee perf: compute multiline maps cheaply in the sysmon core (#2220)
  • 1441b96 chore: bump the action-dependencies group with 6 updates (#2225)
  • dd80635 fix: escape context labels in html report inline script block (#2224)
  • 7c3ae71 docs: normalize earlier history order (#2222)
  • 088dc60 chore: make upgrade
  • f7e15a8 test: upload .json and .xml coverage reports
  • 3b62112 docs: thanks, Paul Kehrer
  • Additional commits viewable in compare view

Updates gitpython from 3.1.50 to 3.1.51

Release notes

Sourced from gitpython's releases.

3.1.51 - Security

What's Changed

New Contributors

Full Changelog: gitpython-developers/GitPython@3.1.50...3.1.51

Commits
  • 7b0764d bump to v3.1.51
  • af027be Merge pull request #2163 from gitpython-developers/fix-unguarded-blame
  • 701ce32 fix: Guard unsafe git command options (GHSA-956x-8gvw-wg5v)
  • 65a7283 Merge pull request #2168 from gitpython-developers/advisory-fix-1
  • 3e59876 Merge pull request #2169 from gitpython-developers/fix-config-assert
  • f033017 chore: avoid duplicate runs of CI in PRs
  • 1551238 fix: allow relative config paths with includes (#2103)
  • 5680608 fix: reject joined unsafe short options
  • 181e8ed Address review feedback about unsafe option abbreviations
  • 40f1424 Add Commit.is_shallow property; document stats() limitation at shallow bounda...
  • Additional commits viewable in compare view

Updates python-semantic-release from 10.6.0 to 10.6.1

Release notes

Sourced from python-semantic-release's releases.

v10.6.1 (2026-07-06)

This release is published under the MIT License.

🪲 Bug Fixes

  • changelog: Fix handling of whitespace commit bodies in changelog template filter (PR#1457, d95e46e)

  • cmd-version: Fix non-styled error msg when strict & no new version (PR#1437, 5e8f94c)

  • config: Eliminate .git/ in parent dir warnings for monorepos configured with .. (PR#1444, 7a1f822)

📖 Documentation

  • CHANGELOG: Add v9.21.2 changelog details for website (a4115cf)

  • configuration: Document repo_dir config option (PR#1444, 7a1f822)

⚙️ Build System

  • deps: Expand python-gitlab dependency range to include v8.0.0+ (PR#1451, a4b9a43)

  • deps: Expand tomlkit dependency range to include v0.14.0+ & v0.15.0+ (028d539)

  • deps: Extend click dependency range to include v8.2+ (01707ea)

✅ Resolved Issues

  • #1418: Extrenous "Found .git/ in higher parent directory" warning in monorepo setup

  • #1423: Misformated error message


Detailed Changes: v10.6.0...v10.6.1


Installable artifacts are available from:

Changelog

Sourced from python-semantic-release's changelog.

v10.6.1 (2026-07-06)

🪲 Bug Fixes

  • changelog: Fix handling of whitespace commit bodies in changelog template filter (PR#1457, d95e46e)

  • cmd-version: Fix non-styled error msg when strict & no new version, closes [#1423](https://github.com/python-semantic-release/python-semantic-release/issues/1423)_ (PR#1437, 5e8f94c)

  • config: Eliminate .git/ in parent dir warnings for monorepos configured with .., closes [#1418](https://github.com/python-semantic-release/python-semantic-release/issues/1418)_ (PR#1444, 7a1f822)

📖 Documentation

  • CHANGELOG: Add v9.21.2 changelog details for website (a4115cf_)

  • configuration: Document repo_dir config option (PR#1444, 7a1f822)

⚙️ Build System

  • deps: Expand python-gitlab dependency range to include v8.0.0+ (PR#1451, a4b9a43)

  • deps: Expand tomlkit dependency range to include v0.14.0+ & v0.15.0+ (028d539_)

  • deps: Extend click dependency range to include v8.2+ (01707ea_)

.. _#1418: python-semantic-release/python-semantic-release#1418 .. _#1423: python-semantic-release/python-semantic-release#1423 .. _01707ea: python-semantic-release/python-semantic-release@01707ea .. _028d539: python-semantic-release/python-semantic-release@028d539 .. _5e8f94c: python-semantic-release/python-semantic-release@5e8f94c .. _7a1f822: python-semantic-release/python-semantic-release@7a1f822 .. _a4115cf: python-semantic-release/python-semantic-release@a4115cf .. _a4b9a43: python-semantic-release/python-semantic-release@a4b9a43 .. _d95e46e: python-semantic-release/python-semantic-release@d95e46e .. _PR#1437: python-semantic-release/python-semantic-release#1437 .. _PR#1444: python-semantic-release/python-semantic-release#1444 .. _PR#1451: python-semantic-release/python-semantic-release#1451 .. _PR#1457: python-semantic-release/python-semantic-release#1457

.. _changelog-v10.6.0:

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the development-dependencies group with 3 updates: [coverage](https://github.com/coveragepy/coveragepy), [gitpython](https://github.com/gitpython-developers/GitPython) and [python-semantic-release](https://github.com/python-semantic-release/python-semantic-release).


Updates `coverage` from 7.15.0 to 7.15.1
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.15.0...7.15.1)

Updates `gitpython` from 3.1.50 to 3.1.51
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](gitpython-developers/GitPython@3.1.50...3.1.51)

Updates `python-semantic-release` from 10.6.0 to 10.6.1
- [Release notes](https://github.com/python-semantic-release/python-semantic-release/releases)
- [Changelog](https://github.com/python-semantic-release/python-semantic-release/blob/master/CHANGELOG.rst)
- [Commits](python-semantic-release/python-semantic-release@v10.6...v10.6.1)

---
updated-dependencies:
- dependency-name: coverage
  dependency-version: 7.15.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: gitpython
  dependency-version: 3.1.51
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: python-semantic-release
  dependency-version: 10.6.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor Author

Assignees

The following users could not be added as assignees: jonzeolla. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from JonZeolla as a code owner July 13, 2026 08:09

@ai-coding-guardrails ai-coding-guardrails Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work! 😎

I didn't find anything of concern

List of skipped files due to configuration

Risk: 🟢 Low

Risk analysis

The highest scoring dimensions are blast_radius and operational_risk. blast_radius scores a 2 because the changes affect development dependencies used across the project, potentially impacting build processes and developer workflows. operational_risk scores a 1 due to the possibility of compatibility issues or unexpected behavior from updated dependencies, though the updates are minor versions and include bug fixes. Other dimensions score 0 as they do not introduce direct security concerns, data integrity risks, or significant reversibility challenges.

Reviewed with 🤟 by Zenable

@ai-coding-guardrails ai-coding-guardrails Bot added the zenable/risk:low Zenable assessed this PR as LOW risk. label Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

zenable/risk:low Zenable assessed this PR as LOW risk.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant