Deps: Bump the python-packages group with 4 updates

[dependabot]

Bumps the python-packages group with 4 updates: python-gvm, black, pytokens and ruff.

Updates python-gvm from 26.7.0 to 26.7.1

Release notes

Sourced from python-gvm's releases.

python-gvm 26.7.1

26.7.1 - 2025-11-06

🐛 Bug Fixes

• Fix Add or Update detect-hidden-unicode.yml by @​greenbonebot in #1270
• Fix Add or Update detect-hidden-unicode.yml by @​greenbonebot in #1272

🚢 Dependencies

• Bump the python-packages group with 4 updates by @​dependabot[bot] in #1268
• Bump the python-packages group across 1 directory with 2 updates by @​dependabot[bot] in #1271

Commits

• c4644e1 Automatic release to 26.7.1
• e3df82d Fix Add or Update detect-hidden-unicode.yml (#1272)
• 572877c Deps: Bump the python-packages group across 1 directory with 2 updates
• f1e735b Fix Add or Update detect-hidden-unicode.yml (#1270)
• 2ec18a0 Deps: Bump the python-packages group with 4 updates
• 5cf8acc Automatic adjustments after release [skip ci]
• See full diff in compare view

Updates black from 25.9.0 to 25.11.0

Release notes

Sourced from black's releases.

25.11.0

Highlights

• Enable base 3.14 support (#4804)
• Add support for the new Python 3.14 t-string syntax introduced by PEP 750 (#4805)

Stable style

• Fix bug where comments between # fmt: off and # fmt: on were reformatted (#4811)
• Comments containing fmt directives now preserve their exact formatting instead of being normalized (#4811)

Preview style

• Move multiline_string_handling from --unstable to --preview (#4760)
• Fix bug where module docstrings would be treated as normal strings if preceded by comments (#4764)
• Fix bug where python 3.12 generics syntax split line happens weirdly (#4777)
• Standardize type comments to form # type: <value> (#4645)
• Fix fix_fmt_skip_in_one_liners preview feature to respect # fmt: skip for compound statements with semicolon-separated bodies (#4800)

Configuration

• Add no_cache option to control caching behavior. (#4803)

Packaging

• Releases now include arm64 Linux binaries (#4773)

Output

• Write unchanged content to stdout when excluding formatting from stdin using pipes (#4610)

Blackd

• Implemented BlackDClient. This simple python client allows to easily send formatting requests to blackd (#4774)

Integrations

• Enable 3.14 base CI (#4804)
• Enhance GitHub Action psf/black to support the required-version major-version-only "stability" format when using pyproject.toml (#4770)
• Improve error message for vim plugin users. It now handles independently vim version
• Vim: Warn on unsupported Vim and Python versions independently (#4772)
• Vim: Print the import paths when importing black fails (#4675)
• Vim: Fix handling of virtualenvs that have a different Python version (#4675)

Changelog

Sourced from black's changelog.

25.11.0

Highlights

• Enable base 3.14 support (#4804)
• Add support for the new Python 3.14 t-string syntax introduced by PEP 750 (#4805)

Stable style

• Fix bug where comments between # fmt: off and # fmt: on were reformatted (#4811)
• Comments containing fmt directives now preserve their exact formatting instead of being normalized (#4811)

Preview style

• Move multiline_string_handling from --unstable to --preview (#4760)
• Fix bug where module docstrings would be treated as normal strings if preceded by comments (#4764)
• Fix bug where python 3.12 generics syntax split line happens weirdly (#4777)
• Standardize type comments to form # type: <value> (#4645)
• Fix fix_fmt_skip_in_one_liners preview feature to respect # fmt: skip for compound statements with semicolon-separated bodies (#4800)

Configuration

• Add no_cache option to control caching behavior. (#4803)

Packaging

• Releases now include arm64 Linux binaries (#4773)

Output

• Write unchanged content to stdout when excluding formatting from stdin using pipes (#4610)

Blackd

• Implemented BlackDClient. This simple python client allows to easily send formatting requests to blackd (#4774)

Integrations

• Enable 3.14 base CI (#4804)
• Enhance GitHub Action psf/black to support the required-version major-version-only "stability" format when using pyproject.toml (#4770)
• Improve error message for vim plugin users. It now handles independently vim version
• Vim: Warn on unsupported Vim and Python versions independently (#4772)
• Vim: Print the import paths when importing black fails (#4675)
• Vim: Fix handling of virtualenvs that have a different Python version (#4675)

Commits

• 05f0a8c Prepare for 25.11.0 release (#4825)
• ae17c61 Fix tests on pytest 9 (#4835)
• 138745e Include Windows and Python 3.14 in PR wheel build matrix, fix Windows build (...
• 18170d6 ci: add label for running all builds on a pull request (#4833)
• 0e793e3 fix windows wheels (#4830)
• b71f36c Use build[uv] as cibuildwheel frontend (#4831)
• a7bd594 Skip free threaded builds in cibuildwheel (#4829)
• 862dee9 Update cibuildwheel (#4828)
• b5f354c build: restrict to pytest 9.0 due to breakage in custom pytest_configure (#4827)
• f705197 t-string support (#4805)
• Additional commits viewable in compare view

Updates pytokens from 0.2.0 to 0.3.0

Commits

• 5d02d6d Merge pull request #7 from tusharsadhwani/py314
• 23a9d93 Bump version
• b0e77e1 remove debug log
• 7fe68db fix nested t string and f string edge case
• 858eff1 Merge pull request #11 from cjwatson/no-pycache
• a130b98 Don't include tests/pycache in sdists
• 7dd6c2c Add t-string support
• See full diff in compare view

Updates ruff from 0.14.3 to 0.14.4

Release notes

Sourced from ruff's releases.

0.14.4

Release Notes

Released on 2025-11-06.

Preview features

• [formatter] Allow newlines after function headers without docstrings (#21110)
• [formatter] Avoid extra parentheses for long match patterns with as captures (#21176)
• [refurb] Expand fix safety for keyword arguments and Decimals (FURB164) (#21259)
• [refurb] Preserve argument ordering in autofix (FURB103) (#20790)

Bug fixes

• [server] Fix missing diagnostics for notebooks (#21156)
• [flake8-bugbear] Ignore non-NFKC attribute names in B009 and B010 (#21131)
• [refurb] Fix false negative for underscores before sign in Decimal constructor (FURB157) (#21190)
• [ruff] Fix false positives on starred arguments (RUF057) (#21256)

Rule changes

• [airflow] extend deprecated argument concurrency in airflow..DAG (AIR301) (#21220)

Documentation

• Improve extend docs (#21135)
• [flake8-comprehensions] Fix typo in C416 documentation (#21184)
• Revise Ruff setup instructions for Zed editor (#20935)

Other changes

• Make ruff analyze graph work with jupyter notebooks (#21161)

Contributors

• @​chirizxc
• @​Lee-W
• @​musicinmybrain
• @​MichaReiser
• @​tjkuson
• @​danparizher
• @​renovate
• @​ntBre
• @​gauthsvenkat
• @​LoicRiegel

Install ruff 0.14.4

Install prebuilt binaries via shell script

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.4

Released on 2025-11-06.

Preview features

• [formatter] Allow newlines after function headers without docstrings (#21110)
• [formatter] Avoid extra parentheses for long match patterns with as captures (#21176)
• [refurb] Expand fix safety for keyword arguments and Decimals (FURB164) (#21259)
• [refurb] Preserve argument ordering in autofix (FURB103) (#20790)

Bug fixes

• [server] Fix missing diagnostics for notebooks (#21156)
• [flake8-bugbear] Ignore non-NFKC attribute names in B009 and B010 (#21131)
• [refurb] Fix false negative for underscores before sign in Decimal constructor (FURB157) (#21190)
• [ruff] Fix false positives on starred arguments (RUF057) (#21256)

Rule changes

• [airflow] extend deprecated argument concurrency in airflow..DAG (AIR301) (#21220)

Documentation

• Improve extend docs (#21135)
• [flake8-comprehensions] Fix typo in C416 documentation (#21184)
• Revise Ruff setup instructions for Zed editor (#20935)

Other changes

• Make ruff analyze graph work with jupyter notebooks (#21161)

Contributors

• @​chirizxc
• @​Lee-W
• @​musicinmybrain
• @​MichaReiser
• @​tjkuson
• @​danparizher
• @​renovate
• @​ntBre
• @​gauthsvenkat
• @​LoicRiegel

Commits

• c7ff982 Bump 0.14.4 (#21306)
• 35640dd Fix main by using infer_expression (#21299)
• cb2e277 [ty] Understand legacy and PEP 695 ParamSpec (#21139)
• 132d10f [ty] Discover site-packages from the environment that ty is installed in (#21...
• f189aad [ty] Make special cases for UnionType slightly narrower (#21276)
• 5517c99 Require ignore 0.4.24 in Cargo.toml (#21292)
• b5ff965 [ty] Favour imported symbols over builtin symbols (#21285)
• c6573b1 docs: revise Ruff setup instructions for Zed editor (#20935)
• 76127e5 [ty] Update salsa (#21281)
• cddc0fe [syntax-error]: no binding for nonlocal PLE0117 as a semantic syntax error (...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA e00fd9a.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package	Version	Score	Details
pip/black	25.11.0	🟢 6.6	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 8 Found 21/26 approved changesets -- score normalized to 8 Security-Policy 🟢 10 security policy file detected Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/python-gvm	26.7.1	🟢 6	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 28 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 5 Found 6/12 approved changesets -- score normalized to 5 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Vulnerabilities ⚠️ 1 9 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits
pip/pytokens	0.3.0	Unknown	Unknown
pip/ruff	0.14.4	Unknown	Unknown

Scanned Files

• poetry.lock

[greenbonebot]

Scan: 'poetry.lock'

Nothing detected in poetry.lock
Scan took 0.02 seconds

[github-actions]

Conventional Commits Report

Type	Number
Dependencies	1

🚀 Conventional commits found.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 49.31%. Comparing base (a464f94) to head (e00fd9a).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1275   +/-   ##
=======================================
  Coverage   49.31%   49.31%           
=======================================
  Files          18       18           
  Lines        1239     1239           
=======================================
  Hits          611      611           
  Misses        628      628           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.