build(deps): bump the dependencies group across 1 directory with 9 updates

[dependabot]

Bumps the dependencies group with 9 updates in the / directory:

Package	From	To
certifi	2024.7.4	2024.8.30
cffi	1.16.0	1.17.1
cryptography	42.0.8	43.0.1
idna	3.7	3.8
coverage	7.5.4	7.6.1
ruff	0.5.1	0.6.4
mypy	1.10.1	1.11.2
build	1.2.1	1.2.2
tox	4.1.2	4.18.1

Updates certifi from 2024.7.4 to 2024.8.30

Commits

• 325c2fd 2024.08.30 (#304)
• d66bf5f Bump actions/upload-artifact from 4.3.5 to 4.3.6 (#302)
• 2150f23 Bump actions/upload-artifact from 4.3.4 to 4.3.5 (#301)
• fc9b771 Bump actions/setup-python from 5.1.0 to 5.1.1 (#300)
• 965b239 Bump actions/download-artifact from 4.1.7 to 4.1.8 (#297)
• c1f50cc Bump actions/upload-artifact from 4.3.3 to 4.3.4 (#296)
• See full diff in compare view

Updates cffi from 1.16.0 to 1.17.1

Release notes

Sourced from cffi's releases.

v1.17.1

• Fix failing distutils.msvc9compiler imports under Windows (#118).
• ffibuilder.emit_python_code() and ffibuiler.emit_c_code() accept file-like objects (#115).
• ffiplatform calls are bypassed by ffibuilder.emit_python_code() and ffibuilder.emit_c_code() (#81).

Full Changelog: python-cffi/cffi@v1.17.0...v1.17.1

v1.17.0

• Add support for Python 3.13.
  • Free-threaded CPython builds (i.e. python3.13t and the 3.13t ABI) are not currently supported.
• In API mode, when you get a function from a C library by writing fn = lib.myfunc, you get an object of a special type for performance reasons, instead of a <cdata 'C-function-type'>. Before version 1.17 you could only call such objects. You could write ffi.addressof(lib, "myfunc") in order to get a real <cdata> object, based on the idea that in these cases in C you'd usually write &myfunc instead of myfunc. In version 1.17, the special object lib.myfunc can now be passed in many places where CFFI expects a regular <cdata> object. For example, you can now pass it as a callback to a C function call, or write it inside a C structure field of the correct pointer-to-function type, or use ffi.cast() or ffi.typeof() on it.

Full Changelog: python-cffi/cffi@v1.16.0...v1.17.0

v1.17.0rc1

• Add support for Python 3.13.
• In API mode, when you get a function from a C library by writing fn = lib.myfunc, you get an object of a special type for performance reasons, instead of a object. For example, you can now pass it as a callback to a C function call, or write it inside a C structure field of the correct pointer-to-function type, or use ffi.cast() or ffi.typeof() on it.
• Build wheels for musllinux aarch64.

Commits

• 38bd6be release 1.17.1
• ba10180 update whatsnew.rst for 1.17.1 (#121)
• 61deb5f add yet another flag to recompile() to avoid calling ffiplatform (#81)
• 1c292c1 Handle distutils without distutils.msvc9compiler.MSVCCompiler class (#118)
• 182ffc4 Allow writing generated code to a file-like object. (#115)
• 74731f9 Release 1.17.0 (#108)
• 181fa00 1.17.0rc1 release (#80)
• 772528e Add 3.13 to trove classifiers (#72)
• e36042d 1.17.0b1 prep (#79)
• 39bdab2 avoid null-pointer-subtraction error (#78)
• Additional commits viewable in compare view

Updates cryptography from 42.0.8 to 43.0.1

Changelog

Sourced from cryptography's changelog.

43.0.1 - 2024-09-03

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.2.
.. _v43-0-0:
43.0.0 - 2024-07-20

• BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e has been removed. Users on older version of OpenSSL will need to upgrade.
• BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8.
• Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1.
• Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0.
• :func:~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is still considered insecure, users should generally use a key size of 2048-bits.
• :func:~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates now emits ASN.1 that more closely follows the recommendations in :rfc:2315.
• Added new :doc:/hazmat/decrepit/index module which contains outdated and insecure cryptographic primitives. :class:~cryptography.hazmat.primitives.ciphers.algorithms.CAST5, :class:~cryptography.hazmat.primitives.ciphers.algorithms.SEED, :class:~cryptography.hazmat.primitives.ciphers.algorithms.IDEA, and :class:~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish, which were deprecated in 37.0.0, have been added to this module. They will be removed from the cipher module in 45.0.0.
• Moved :class:~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES and :class:~cryptography.hazmat.primitives.ciphers.algorithms.ARC4 into :doc:/hazmat/decrepit/index and deprecated them in the cipher module. They will be removed from the cipher module in 48.0.0.
• Added support for deterministic :class:~cryptography.hazmat.primitives.asymmetric.ec.ECDSA (:rfc:6979)
• Added support for client certificate verification to the :mod:X.509 path validation <cryptography.x509.verification> APIs in the form of :class:~cryptography.x509.verification.ClientVerifier, :class:~cryptography.x509.verification.VerifiedClient, and PolicyBuilder :meth:~cryptography.x509.verification.PolicyBuilder.build_client_verifier.
• Added Certificate :attr:~cryptography.x509.Certificate.public_key_algorithm_oid and Certificate Signing Request :attr:~cryptography.x509.CertificateSigningRequest.public_key_algorithm_oid to determine the :class:~cryptography.hazmat._oid.PublicKeyAlgorithmOID Object Identifier of the public key found inside the certificate.
• Added :attr:~cryptography.x509.InvalidityDate.invalidity_date_utc, a timezone-aware alternative to the naïve datetime attribute :attr:~cryptography.x509.InvalidityDate.invalidity_date.
• Added support for parsing empty DN string in

... (truncated)

Commits

• a773387 bump for 43.0.1 (#11533)
• 0393fef Backport setuptools version ban (#11526)
• 6687bab Bump openssl from 0.10.65 to 0.10.66 in /src/rust (#11320) (#11324)
• ebf14f2 bump for 43.0.0 and update changelog (#11311)
• 42788a0 Fix exchange with keys that had Q automatically computed (#11309)
• 2dbdfb8 don't assign unused name (#11310)
• ccc66e6 Bump openssl from 0.10.64 to 0.10.65 in /src/rust (#11308)
• 4310c87 Bump sphinxcontrib-qthelp from 1.0.7 to 1.0.8 (#11307)
• f66a9c4 Bump sphinxcontrib-htmlhelp from 2.0.5 to 2.0.6 (#11306)
• a8fcf18 Bump openssl-sys from 0.9.102 to 0.9.103 in /src/rust (#11305)
• Additional commits viewable in compare view

Updates idna from 3.7 to 3.8

Release notes

Sourced from idna's releases.

v3.8

What's Changed

• Fix regression where IDNAError exception was not being produced for certain inputs.
• Add support for Python 3.13, drop support for Python 3.5 as it is no longer testable.
• Documentation improvements
• Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.

Full Changelog: kjd/idna@v3.7...v3.8

Changelog

Sourced from idna's changelog.

3.8 (2024-08-23) ++++++++++++++++

• Fix regression where IDNAError exception was not being produced for certain inputs.
• Add support for Python 3.13, drop support for Python 3.5 as it is no longer testable.
• Documentation improvements
• Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.

Commits

• 784c6f4 Release v3.8
• 28c7c9e Typo fix
• a2b41c3 Pin remainder of Github Actions flagged in code scanning
• 1f613c5 More Github Action dependency pinning
• a87e2b6 Update OSSF scorecard to latest version
• 12d4dd1 Merge pull request #182 from kjd/github-pypi-actions
• e1a1541 Pin Github Actions dependencies
• c109d3a Merge branch 'master' into github-pypi-actions
• f8a8de4 Do not try to build/send packages to TestPyPI for now
• 613bdde Update regexp to move global flag to start of expression
• Additional commits viewable in compare view

Updates coverage from 7.5.4 to 7.6.1

Changelog

Sourced from coverage's changelog.

Version 7.6.1 — 2024-08-04

• Fix: coverage used to fail when measuring code using :func:runpy.run_path <python:runpy.run_path> with a :class:Path <python:pathlib.Path> argument. This is now fixed, thanks to Ask Hjorth Larsen <pull 1819_>_.

• Fix: backslashes preceding a multi-line backslashed string could confuse the HTML report. This is now fixed, thanks to LiuYinCarl <pull 1828_>_.

• Now we publish wheels for Python 3.13, both regular and free-threaded.

.. _pull 1819: nedbat/coveragepy#1819 .. _pull 1828: nedbat/coveragepy#1828

.. _changes_7-6-0:

Version 7.6.0 — 2024-07-11

• Exclusion patterns can now be multi-line, thanks to Daniel Diniz <pull 1807_>. This enables many interesting exclusion use-cases, including those requested in issues 118 <issue 118_> (entire files), 996 <issue 996_>_ (multiple lines only when appearing together), 1741 <issue 1741_>_ (remainder of a function), and 1803 <issue 1803_>_ (arbitrary sequence of marked lines). See the :ref:multi_line_exclude section of the docs for more details and examples.

• The JSON report now includes per-function and per-class coverage information. Thanks to Daniel Diniz <pull 1809_>_ for getting the work started. This closes issue 1793_ and issue 1532_.

• Fixed an incorrect calculation of "(no class)" lines in the HTML classes report.

• Python 3.13.0b3 is supported.

.. _issue 118: nedbat/coveragepy#118 .. _issue 996: nedbat/coveragepy#996 .. _issue 1532: nedbat/coveragepy#1532 .. _issue 1741: nedbat/coveragepy#1741 .. _issue 1793: nedbat/coveragepy#1793 .. _issue 1803: nedbat/coveragepy#1803 .. _pull 1807: nedbat/coveragepy#1807 .. _pull 1809: nedbat/coveragepy#1809

.. _changes_7-5-4:

Commits

• 29f5898 docs: sample HTML for 7.6.1
• 9b829f1 docs: prep for 7.6.1
• ebbb6a2 build: wheels for 3.13rc1
• 3872525 chore: make upgrade
• 7a27f40 test: fix a test on free-threading, use abiflags to get site-packages path co...
• 2b53664 build: include gil/nogil in the version banner
• da1682f docs: changelog and contributor for #1828
• dc819ff test: two tests for #1828
• 9aaa404 fix: properly handle backslash before multi-line string (#1828)
• 9c50270 chore: make upgrade
• Additional commits viewable in compare view

Updates ruff from 0.5.1 to 0.6.4

Release notes

Sourced from ruff's releases.

0.6.4

Release Notes

Preview features

• [flake8-builtins] Use dynamic builtins list based on Python version (#13172)
• [pydoclint] Permit yielding None in DOC402 and DOC403 (#13148)
• [pylint] Update diagnostic message for PLW3201 (#13194)
• [ruff] Implement post-init-default (RUF033) (#13192)
• [ruff] Implement useless if-else (RUF034) (#13218)

Rule changes

• [flake8-pyi] Respect pep8_naming.classmethod-decorators settings when determining if a method is a classmethod in custom-type-var-return-type (PYI019) (#13162)
• [flake8-pyi] Teach various rules that annotations might be stringized (#12951)
• [pylint] Avoid no-self-use for attrs-style validators (#13166)
• [pylint] Recurse into subscript subexpressions when searching for list/dict lookups (PLR1733, PLR1736) (#13186)
• [pyupgrade] Detect aiofiles.open calls in UP015 (#13173)
• [pyupgrade] Mark sys.version_info[0] < 3 and similar comparisons as outdated (UP036) (#13175)

CLI

• Enrich messages of SARIF results (#13180)
• Handle singular case for incompatible rules warning in ruff format output (#13212)

Bug fixes

• [pydocstyle] Improve heuristics for detecting Google-style docstrings (#13142)
• [refurb] Treat sep arguments with effects as unsafe removals (FURB105) (#13165)

Contributors

• @​AlexWaygood
• @​Jinior
• @​MichaReiser
• @​RubenVanEldik
• @​RussellLuo
• @​Slyces
• @​carljm
• @​charliermarsh
• @​chriskrycho
• @​dhruvmanila
• @​dylwil3
• @​github-actions
• @​iamlucasvieira
• @​jamesbraza
• @​renovate
• @​tjkuson
• @​zhoufanjin

Install ruff 0.6.4

... (truncated)

Changelog

Sourced from ruff's changelog.

0.6.4

Preview features

• [flake8-builtins] Use dynamic builtins list based on Python version (#13172)
• [pydoclint] Permit yielding None in DOC402 and DOC403 (#13148)
• [pylint] Update diagnostic message for PLW3201 (#13194)
• [ruff] Implement post-init-default (RUF033) (#13192)
• [ruff] Implement useless if-else (RUF034) (#13218)

Rule changes

• [flake8-pyi] Respect pep8_naming.classmethod-decorators settings when determining if a method is a classmethod in custom-type-var-return-type (PYI019) (#13162)
• [flake8-pyi] Teach various rules that annotations might be stringized (#12951)
• [pylint] Avoid no-self-use for attrs-style validators (#13166)
• [pylint] Recurse into subscript subexpressions when searching for list/dict lookups (PLR1733, PLR1736) (#13186)
• [pyupgrade] Detect aiofiles.open calls in UP015 (#13173)
• [pyupgrade] Mark sys.version_info[0] < 3 and similar comparisons as outdated (UP036) (#13175)

CLI

• Enrich messages of SARIF results (#13180)
• Handle singular case for incompatible rules warning in ruff format output (#13212)

Bug fixes

• [pydocstyle] Improve heuristics for detecting Google-style docstrings (#13142)
• [refurb] Treat sep arguments with effects as unsafe removals (FURB105) (#13165)

0.6.3

Preview features

• [flake8-simplify] Extend open-file-with-context-handler to work with dbm.sqlite3 (SIM115) (#13104)
• [pycodestyle] Disable E741 in stub files (.pyi) (#13119)
• [pydoclint] Avoid DOC201 on explicit returns in functions that only return None (#13064)

Rule changes

• [flake8-async] Disable check for asyncio before Python 3.11 (ASYNC109) (#13023)

Bug fixes

• [FastAPI] Avoid introducing invalid syntax in fix for fast-api-non-annotated-dependency (FAST002) (#13133)
• [flake8-implicit-str-concat] Normalize octals before merging concatenated strings in single-line-implicit-string-concatenation (ISC001) (#13118)
• [flake8-pytest-style] Improve help message for pytest-incorrect-mark-parentheses-style (PT023) (#13092)
• [pylint] Avoid autofix for calls that aren't min or max as starred expression (PLW3301) (#13089)
• [ruff] Add datetime.time, datetime.tzinfo, and datetime.timezone as immutable function calls (RUF009) (#13109)
• [ruff] Extend comment deletion for RUF100 to include trailing text from noqa directives while preserving any following comments on the same line, if any (#13105)
• Fix dark theme on initial page load for the Ruff playground (#13077)

... (truncated)

Commits

• 65cc6ec Bump version to 0.6.4 (#13253)
• 66fe226 [red-knot] fix lookup of nonlocal names in deferred annotations (#13236)
• e965f9c [red-knot] Infer Unknown for the loop var in async for loops (#13243)
• 0512428 [red-knot] Emit a diagnostic if the value of a starred expression or a `yield...
• 46a4573 [red-knot] Add type inference for basic for loops (#13195)
• 5728909 Make mypy pass on black in knot_benchmark (#13235)
• 9d1bd7a [pylint] removed dunder methods in Python 3 (PLW3201) (#13194)
• e37bde4 [ruff] implement useless if-else (RUF034) (#13218)
• 862bd0c [red-knot] Add debug assert to check for duplicate definitions (#13214)
• e1e9143 [red-knot] Handle multiple comprehension targets (#13213)
• Additional commits viewable in compare view

Updates mypy from 1.10.1 to 1.11.2

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next release

Mypy 1.11

We’ve just uploaded mypy 1.11 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Support Python 3.12 Syntax for Generics (PEP 695)

Mypy now supports the new type parameter syntax introduced in Python 3.12 (PEP 695). This feature is still experimental and must be enabled with the --enable-incomplete-feature=NewGenericSyntax flag, or with enable_incomplete_feature = NewGenericSyntax in the mypy configuration file. We plan to enable this by default in the next mypy feature release.

This example demonstrates the new syntax:

# Generic function
def f[T](https://github.com/python/mypy/blob/master/x: T) -> T: ...
reveal_type(f(1))  # Revealed type is 'int'
Generic class
class C[T]:
def init(self, x: T) -> None:
self.x = x
c = C('a')
reveal_type(c.x)  # Revealed type is 'str'
Type alias
type A[T] = C[list[T]]

This feature was contributed by Jukka Lehtosalo.

Support for functools.partial

Mypy now type checks uses of functools.partial. Previously mypy would accept arbitrary arguments.

This example will now produce an error:

from functools import partial
</tr></table> 

... (truncated)

Commits

• 789f02c Bump version to 1.11.2
• 917cc75 An alternative fix for a union-like literal string (#17639)
• 7d805b3 Unwrap TypedDict item types before storing (#17640)
• 32675dd Revert "Fix Literal strings containing pipe characters" (#17638)
• 778542b Revert "Fix RawExpressionType.accept crash with --cache-fine-grained" (#1...
• 14ab742 Bump version to 1.11.2+dev
• 570b90a Bump version to 1.11
• b3a102e Fix RawExpressionType.accept crash with --cache-fine-grained (#17588)
• aec04c7 Fix PEP 604 isinstance caching (#17563)
• cb44e4d Fix typing.TypeAliasType being undefined on python < 3.12 (#17558)
• Additional commits viewable in compare view

Updates build from 1.2.1 to 1.2.2

Release notes

Sourced from build's releases.

Version 1.2.2

What's Changed

• Add editable to builder.get_requries_for_build's static types (PR #764, fixes issue #763)
• Include artifact attestations in our release (PR #782)
• Fix typing compatibility with typed pyproject-hooks (PR #788)
• Mark more tests with network (PR #808)
• Add more intersphinx links to docs (PR #804)
• Make uv optional for tests (PR #807 and #813)

New Contributors

• @​carlwgeorge made their first contribution in pypa/build#808
• @​edgarrmondragon made their first contribution in pypa/build#804

Full Changelog: pypa/build@1.2.1...1.2.2

Changelog

Sourced from build's changelog.

1.2.2 (2024-09-06)

• Add editable to builder.get_requries_for_build's static types (PR :pr:764, fixes issue :issue:763)
• Include artifact attestations in our release (PR :pr:782)
• Fix typing compatibility with typed pyproject-hooks (PR :pr:788)
• Mark more tests with network (PR :pr:808)
• Add more intersphinx links to docs (PR :pr:804)
• Make uv optional for tests (PR :pr:807 and :pr:813)

Commits

• 3b0b5d0 docs: changelog for 1.2.2 (#812)
• b44a886 docs: more info in README
• 8e19948 build(deps): bump actions/attest-build-provenance in the actions group (#814)
• b90956c tests: add module case to uv detection (#813)
• e79f1b3 ci: remove bot comments from generated release notes (#810)
• f6da25a pre-commit: bump repositories (#801)
• 9a52c50 tests: optional uv (#807)
• 553b700 docs: Add a few intersphinx links to the Python Packaging User Guide (#804)
• 336efcb build(deps): bump actions/attest-build-provenance in the actions group (#802)
• 73b7213 tests: mark more network tests (#808)
• Additional commits viewable in compare view

Updates tox from 4.1.2 to 4.18.1

Release notes

Sourced from tox's releases.

4.18.1

What's Changed

• Fixup the spec string for sys.executable by @​hroncok in tox-dev/tox#3327
• Fix issue link in changelog by @​schlamar in tox-dev/tox#3332
• Properly document the tox_env_teardown hook by @​kemzeb in tox-dev/tox#3333
• Add 3.13 to CI and bump deps by @​gaborbernat in tox-dev/tox#3339

New Contributors

• @​schlamar made their first contribution in tox-dev/tox#3332
• @​kemzeb made their first contribution in tox-dev/tox#3333

Full Changelog: tox-dev/tox@4.18.0...4.18.1

4.18.0

What's Changed

• Fix #3278 - Boost temporary directories cleanup in tests by @​ziima in tox-dev/tox#3323
• Fix absolute base python paths conflicting by @​gaborbernat in tox-dev/tox#3325
• Fix #3318 - Suppress spinner in parallel runs in CI by @​ziima in tox-dev/tox#3321

Full Changelog: tox-dev/tox@4.17.1...4.18.0

4.17.1

What's Changed

• Restore limited <major>.<minor> environment name support by @​gaborbernat in tox-dev/tox#3319
• fix(tox_env.python): do not process absolute paths to interpreter as PythonSpec by @​paveldikov in tox-dev/tox#3311

New Contributors

• @​paveldikov made their first contribution in tox-dev/tox#3311

Full Changelog: tox-dev/tox@4.17.0...4.17.1

4.17.0

What's Changed

• Fix user guide system overview so nodes don't overlap. by @​Tom01098 in tox-dev/tox#3307
• Table with list of default env vars per OS by @​seyidaniels in tox-dev/tox#3291
• Add GraalPy and test both GraalPy and Jython env identifiers by @​timfel in tox-dev/tox#3312
• Add on platform constat to core by @​gaborbernat in tox-dev/tox#3315

New Contributors

• @​Tom01098 made their first contribution in tox-dev/tox#3307
• @​timfel made their first contribution in tox-dev/tox#3312

... (truncated)

Changelog

Sourced from tox's changelog.

v4.18.1 (2024-09-07)

Bugfixes - 4.18.1

- Fix and test the string spec for the ``sys.executable`` interpreter (introduced in :pull:`3325`)
  - by :user:`hroncok` (:issue:`3327`)
Improved Documentation - 4.18.1

• Changes the tox_env_teardown docstring to explain the hook is called after a tox env was teared down. (:issue:3305)

v4.18.0 (2024-08-13)

Features - 4.18.0

- Suppress spinner in parallel runs in CI - by :user:`ziima`. (:issue:`3318`)
Bugfixes - 4.18.0

• Boost temporary directories cleanup in tests - by :user:ziima. (:issue:3278)
• Fix absolute base python paths conflicting - by :user:gaborbernat. (:issue:3325)

v4.17.1 (2024-08-07)

Bugfixes - 4.17.1

- Support for running ``-e <major>.<minor>`` has been lost, fixing it - by :user:`gaborbernat`. (:issue:`2849`)
- ``base_python`` now accepts absolute paths to interpreter executable - by :user:`paveldikov`. (:issue:`3191`)
v4.17.0 (2024-08-05)
Features - 4.17.0

• Add graalpy prefix as a supported base python (:issue:3312)
• Add :ref:on_platform core configuration holding the tox platform and do not install package when exec an environment
  • by :user:gaborbernat. (:issue:3315)

Bugfixes - 4.17.0

- Add table with default environment variables per OS (:issue:`2753`)
v4.16.0 (2024-07-02)
Bugfixes - 4.16.0

... (truncated)

Commits

• df34192 release 4.18.1
• 9c6f835 Add 3.13 to CI and bump deps (#3339)
• 9138e15 Bump pypa/gh-action-pypi-publish from 1.9.0 to 1.10.1 (#3338)
• 3f004fc [pre-commit.ci] pre-commit autoupdate (#3329)
• fab358e Properly document the tox_env_teardown hook (#3333)
• 8d0a47c Fix issue link in changelog (#3332)
• 874e9af Fixup the spec string for sys.executable (#3327)
• dde4964 Fix docs
• ea72694 release 4.18.0
• 3b3628d Fix #3318 - Suppress spinner in parallel runs in CI (#3321)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.