Deps: Bump the python-packages group with 3 updates

[dependabot]

Bumps the python-packages group with 3 updates: exceptiongroup, ruff and shtab.

Updates exceptiongroup from 1.3.0 to 1.3.1

Release notes

Sourced from exceptiongroup's releases.

1.3.1

• Fixed AttributeError: 'TracebackException' object has no attribute 'exceptions' when formatting unpickled TBEs from another Python process which did not apply the exceptiongroup patches (#144)

Changelog

Sourced from exceptiongroup's changelog.

Version history

This library adheres to Semantic Versioning 2.0 <http://semver.org/>_.

1.3.1

• Fixed AttributeError: 'TracebackException' object has no attribute 'exceptions' when formatting unpickled TBEs from another Python process which did not apply the exceptiongroup patches ([#144](https://github.com/agronholm/exceptiongroup/issues/144) <https://github.com/agronholm/exceptiongroup/issues/144>_)

1.3.0

• Added **kwargs to function and method signatures as appropriate to match the signatures in the standard library
• In line with the stdlib typings in typeshed, updated (Base)ExceptionGroup generic types to define defaults for their generic arguments (defaulting to BaseExceptionGroup[BaseException] and ExceptionGroup[Exception]) (PR by @​mikenerone)
• Changed BaseExceptionGroup.__init__() to directly call BaseException.__init__() instead of the superclass __init__() in order to emulate the CPython behavior (broken or not) (PR by @​cfbolz)
• Changed the exceptions attribute to always return the same tuple of exceptions, created from the original exceptions sequence passed to BaseExceptionGroup to match CPython behavior ([#143](https://github.com/agronholm/exceptiongroup/issues/143) <https://github.com/agronholm/exceptiongroup/issues/143>_)

1.2.2

• Removed an assert in exceptiongroup._formatting that caused compatibility issues with Sentry ([#123](https://github.com/agronholm/exceptiongroup/issues/123) <https://github.com/agronholm/exceptiongroup/issues/123>_)

1.2.1

• Updated the copying of __notes__ to match CPython behavior (PR by CF Bolz-Tereick)
• Corrected the type annotation of the exception handler callback to accept a BaseExceptionGroup instead of BaseException
• Fixed type errors on Python < 3.10 and the type annotation of suppress() (PR by John Litborn)

1.2.0

• Added special monkeypatching if Apport <https://github.com/canonical/apport>_ has overridden sys.excepthook so it will format exception groups correctly (PR by John Litborn)
• Added a backport of contextlib.suppress() from Python 3.12.1 which also handles suppressing exceptions inside exception groups
• Fixed bare raise in a handler reraising the original naked exception rather than an exception group which is what is raised when you do a raise in an except*

... (truncated)

Commits

• ddddb6f Added the release version
• 49c5e60 Fixed AttributeError when formatting unpickled TBEs from an unpatched process
• 1be517f [pre-commit.ci] pre-commit autoupdate (#152)
• af0ea2f [pre-commit.ci] pre-commit autoupdate (#149)
• 7c980a8 Removed pin on pyright version
• ef85336 Fixed typing job not finding Python 3.14
• 080b3f4 Pinned pyright version to fix typeshed related failure
• ac66090 Added Python 3.14 to the test matrix
• a0da94d Fixed test failures on Python 3.14
• See full diff in compare view

Updates ruff from 0.14.5 to 0.14.6

Release notes

Sourced from ruff's releases.

0.14.6

Release Notes

Released on 2025-11-21.

Preview features

• [flake8-bandit] Support new PySNMP API paths (S508, S509) (#21374)

Bug fixes

• Adjust own-line comment placement between branches (#21185)
• Avoid syntax error when formatting attribute expressions with outer parentheses, parenthesized value, and trailing comment on value (#20418)
• Fix panic when formatting comments in unary expressions (#21501)
• Respect fmt: skip for compound statements on a single line (#20633)
• [refurb] Fix FURB103 autofix (#21454)
• [ruff] Fix false positive for complex conversion specifiers in logging-eager-conversion (RUF065) (#21464)

Rule changes

• [ruff] Avoid false positive on ClassVar reassignment (RUF012) (#21478)

CLI

• Render hyperlinks for lint errors (#21514)
• Add a ruff analyze option to skip over imports in TYPE_CHECKING blocks (#21472)

Documentation

• Limit eglot-format hook to eglot-managed Python buffers (#21459)
• Mention force-exclude in "Configuration > Python file discovery" (#21500)

Contributors

• @​ntBre
• @​dylwil3
• @​gauthsvenkat
• @​MichaReiser
• @​thamer
• @​Ruchir28
• @​thejcannon
• @​danparizher
• @​chirizxc

Install ruff 0.14.6

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.14.6/ruff-installer.sh | sh
</tr></table> 

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.6

Released on 2025-11-21.

Preview features

• [flake8-bandit] Support new PySNMP API paths (S508, S509) (#21374)

Bug fixes

• Adjust own-line comment placement between branches (#21185)
• Avoid syntax error when formatting attribute expressions with outer parentheses, parenthesized value, and trailing comment on value (#20418)
• Fix panic when formatting comments in unary expressions (#21501)
• Respect fmt: skip for compound statements on a single line (#20633)
• [refurb] Fix FURB103 autofix (#21454)
• [ruff] Fix false positive for complex conversion specifiers in logging-eager-conversion (RUF065) (#21464)

Rule changes

• [ruff] Avoid false positive on ClassVar reassignment (RUF012) (#21478)

CLI

• Render hyperlinks for lint errors (#21514)
• Add a ruff analyze option to skip over imports in TYPE_CHECKING blocks (#21472)

Documentation

• Limit eglot-format hook to eglot-managed Python buffers (#21459)
• Mention force-exclude in "Configuration > Python file discovery" (#21500)

Contributors

• @​ntBre
• @​dylwil3
• @​gauthsvenkat
• @​MichaReiser
• @​thamer
• @​Ruchir28
• @​thejcannon
• @​danparizher
• @​chirizxc

Commits

• 59c6cb5 Bump 0.14.6 (#21558)
• 54dba15 [ty] Improve debug messages when imports fail (#21555)
• 1af3185 [ty] Add support for relative import completions
• 553e568 [ty] Refactor detection of import statements for completions
• cdef3f5 [ty] Use dedicated collector for completions
• 6178822 [ty] Attach subdiagnostics to unresolved-import errors for relative imports...
• 6b7adb0 [ty] support PEP 613 type aliases (#21394)
• 06941c1 [ty] More low-hanging fruit for inlay hint goto-definition (#21548)
• eb7c098 [ty] implement TypedDict structural assignment (#21467)
• 1b28fc1 [ty] Add more random TypeDetails and tests (#21546)
• Additional commits viewable in compare view

Updates shtab from 1.7.2 to 1.8.0

Release notes

Sourced from shtab's releases.

shtab v1.8.0 stable

• ❓ fix bash error on optional nargs="?" (#184 <- #181)
• 🔀 fix zsh duplicate default remainder & swapped one_or_more/remainder (#200 <- #183, #198)
• 💅 misc minor docs updates (#202)
  • 🗒️ add own/example CLI file output (#192)
• 🛠️ misc framework updates (#203, #197, #193, #191)
  • 🐍 test support for Python 3.14

Commits

• ca1d284 docs: fix minor typos
• 6c48520 Merge pull request #203 from ThomasWaldmann/setuptools-requirement
• 31618f9 update minimum setuptools requirement for SPDX license support
• ad3d4ce Merge pull request #200 from ThomasWaldmann/doubled-rest-fix
• 171be68 fix tests
• e96c96f zsh: fix duplicate default REMAINDER (fixes #183)
• acc76fd Merge pull request #197 from hroncok/patch-1
• a23e335 Do not require wheel for building
• 2f87e26 Merge pull request #193 from mikelolasagasti/license-pyproject
• 980a906 Merge pull request #198 from ThomasWaldmann/fix/zsh-variadic-var-swap
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 3125a67.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

poetry.lock

Package	Version	License	Issue Type
exceptiongroup	1.3.1	Null	Unknown License
shtab	1.8.0	Null	Unknown License

Allowed Licenses:

0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-only, GPL-3.0-or-later, GPL-3.0, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-3.0, Unicode-DFS-2016, Unlicense, Zlib, ZPL-2.1

OpenSSF Scorecard

Package	Version	Score	Details
pip/exceptiongroup	1.3.1	Unknown	Unknown
pip/ruff	0.14.6	Unknown	Unknown
pip/shtab	1.8.0	🟢 5	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 5 Found 8/14 approved changesets -- score normalized to 5 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Maintained 🟢 10 14 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 9 1 existing vulnerabilities detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• poetry.lock

[greenbonebot]

Scan: 'poetry.lock'

Nothing detected in poetry.lock
Scan took 0.02 seconds

[github-actions]

Conventional Commits Report

Type	Number
Dependencies	1

🚀 Conventional commits found.