Bump the pip-deps group across 1 directory with 5 updates

[dependabot]

Bumps the pip-deps group with 5 updates in the / directory:

Package	From	To
boto3	1.40.16	1.40.30
cryptography	45.0.6	45.0.7
cfn-lint	1.39.0	1.39.1
ruff	0.12.10	0.13.0
mypy	1.17.1	1.18.1

Updates boto3 from 1.40.16 to 1.40.30

Commits

• b01d02d Merge branch 'release-1.40.30'
• 065a46d Bumping version to 1.40.30
• f78c83b Add changelog entries from botocore
• 97fd5d9 Merge pull request #4613 from adev-code/documentation-only
• 2a0d0ad Merge branch 'release-1.40.29'
• 12750f6 Merge branch 'release-1.40.29' into develop
• 62ea501 Bumping version to 1.40.29
• 32f7dea Add changelog entries from botocore
• c1d11ea Fix ExtraArgs documentation in S3 copy methods to reference ALLOWED_COPY_ARGS
• 14fc68d Fix ExtraArgs documentation in S3 copy methods to reference ALLOWED_COPY_ARGS
• Additional commits viewable in compare view

Updates cryptography from 45.0.6 to 45.0.7

Changelog

Sourced from cryptography's changelog.

45.0.7 - 2025-09-01

* Added a function to support an upcoming ``pyOpenSSL`` release.
.. _v45-0-6:

Commits

• f52a3e1 prep for a 45.0.7 release (#13378)
• See full diff in compare view

Updates cfn-lint from 1.39.0 to 1.39.1

Release notes

Sourced from cfn-lint's releases.

Release v1.39.1

What's Changed

• Remove rule E3056 by @​kddejong in aws-cloudformation/cfn-lint#4230
• Update CloudFormation schemas to 2025-08-26 by @​github-actions[bot] in aws-cloudformation/cfn-lint#4226
• Reformat format keyword in some json files by @​kddejong in aws-cloudformation/cfn-lint#4232
• Update StateMachine map to support legacy Iterator by @​kddejong in aws-cloudformation/cfn-lint#4231
• Add output to Statemachine choice by @​kddejong in aws-cloudformation/cfn-lint#4233
• Update SAM transform URI replacement to allow Fn::If by @​kddejong in aws-cloudformation/cfn-lint#4234
• SAM transform comma lists to array by @​kddejong in aws-cloudformation/cfn-lint#4235
• Update I3510 to skip dynamic references by @​kddejong in aws-cloudformation/cfn-lint#4236

Full Changelog: aws-cloudformation/cfn-lint@v1.39.0...v1.39.1

Changelog

Sourced from cfn-lint's changelog.

v1.39.1

What's Changed

• Remove rule E3056 by @​kddejong in aws-cloudformation/cfn-lint#4230
• Update CloudFormation schemas to 2025-08-26 by @​github-actions[bot] in aws-cloudformation/cfn-lint#4226
• Reformat format keyword in some json files by @​kddejong in aws-cloudformation/cfn-lint#4232
• Update StateMachine map to support legacy Iterator by @​kddejong in aws-cloudformation/cfn-lint#4231
• Add output to Statemachine choice by @​kddejong in aws-cloudformation/cfn-lint#4233
• Update SAM transform URI replacement to allow Fn::If by @​kddejong in aws-cloudformation/cfn-lint#4234
• SAM transform comma lists to array by @​kddejong in aws-cloudformation/cfn-lint#4235
• Update I3510 to skip dynamic references by @​kddejong in aws-cloudformation/cfn-lint#4236

Full Changelog: aws-cloudformation/cfn-lint@v1.39.0...v1.39.1

Commits

• d52fa16 Release v1.39.1 (#4237)
• 64e0962 Update I3510 to skip dynamic references (#4236)
• 89ea045 SAM transform comma lists to array (#4235)
• 8fdec9a Update SAM transform URI replacement to allow IF (#4234)
• 44a96c7 Add output to Statemachine choice (#4233)
• 2f83f73 Update StateMachine map to support legacy Iterator (#4231)
• ea9bfd1 Reformat format keyword in some json files (#4232)
• 43376a6 Update CloudFormation schemas to 2025-08-26 (#4226)
• 8a8b963 Remove rule E3056 (#4230)
• See full diff in compare view

Updates ruff from 0.12.10 to 0.13.0

Release notes

Sourced from ruff's releases.

0.13.0

Release Notes

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

• Several rules can now add from __future__ import annotations automatically

  TC001, TC002, TC003, RUF013, and UP037 now add from __future__ import annotations as part of their fixes when the lint.future-annotations setting is enabled. This allows the rules to move more imports into TYPE_CHECKING blocks (TC001, TC002, and TC003), use PEP 604 union syntax on Python versions before 3.10 (RUF013), and unquote more annotations (UP037).

• Full module paths are now used to verify first-party modules

  Ruff now checks that the full path to a module exists on disk before categorizing it as a first-party import. This change makes first-party import detection more accurate, helping to avoid false positives on local directories with the same name as a third-party dependency, for example. See the FAQ section on import categorization for more details.

• Deprecated rules must now be selected by exact rule code

  Ruff will no longer activate deprecated rules selected by their group name or prefix. As noted below, the two remaining deprecated rules were also removed in this release, so this won't affect any current rules, but it will still affect any deprecations in the future.

• The deprecated macOS configuration directory fallback has been removed

  Ruff will no longer look for a user-level configuration file at ~/Library/Application Support/ruff/ruff.toml on macOS. This feature was deprecated in v0.5 in favor of using the XDG specification (usually resolving to ~/.config/ruff/ruff.toml), like on Linux. The fallback and accompanying deprecation warning have now been removed.

Removed Rules

The following rules have been removed:

• pandas-df-variable-name (PD901)
• non-pep604-isinstance (UP038)

Stabilization

The following rules have been stabilized and are no longer in preview:

• airflow-dag-no-schedule-argument (AIR002)
• airflow3-removal (AIR301)
• airflow3-moved-to-provider (AIR302)
• airflow3-suggested-update (AIR311)
• airflow3-suggested-to-move-to-provider (AIR312)
• long-sleep-not-forever (ASYNC116)
• f-string-number-format (FURB116)
• os-symlink (PTH211)
• generic-not-last-base-class (PYI059)
• redundant-none-literal (PYI061)
• pytest-raises-ambiguous-pattern (RUF043)
• unused-unpacked-variable (RUF059)
• useless-class-metaclass-type (UP050)

The following behaviors have been stabilized:

... (truncated)

Changelog

Sourced from ruff's changelog.

0.13.0

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

• Several rules can now add from __future__ import annotations automatically

  TC001, TC002, TC003, RUF013, and UP037 now add from __future__ import annotations as part of their fixes when the lint.future-annotations setting is enabled. This allows the rules to move more imports into TYPE_CHECKING blocks (TC001, TC002, and TC003), use PEP 604 union syntax on Python versions before 3.10 (RUF013), and unquote more annotations (UP037).

• Full module paths are now used to verify first-party modules

  Ruff now checks that the full path to a module exists on disk before categorizing it as a first-party import. This change makes first-party import detection more accurate, helping to avoid false positives on local directories with the same name as a third-party dependency, for example. See the FAQ section on import categorization for more details.

• Deprecated rules must now be selected by exact rule code

  Ruff will no longer activate deprecated rules selected by their group name or prefix. As noted below, the two remaining deprecated rules were also removed in this release, so this won't affect any current rules, but it will still affect any deprecations in the future.

• The deprecated macOS configuration directory fallback has been removed

  Ruff will no longer look for a user-level configuration file at ~/Library/Application Support/ruff/ruff.toml on macOS. This feature was deprecated in v0.5 in favor of using the XDG specification (usually resolving to ~/.config/ruff/ruff.toml), like on Linux. The fallback and accompanying deprecation warning have now been removed.

Removed Rules

The following rules have been removed:

• pandas-df-variable-name (PD901)
• non-pep604-isinstance (UP038)

Stabilization

The following rules have been stabilized and are no longer in preview:

... (truncated)

Commits

• a1fdd66 Bump 0.13.0 (#20336)
• 8770b95 [ty] introduce DivergentType (#20312)
• 65982a1 [ty] Use 'unknown' specialization for upper bound on Self (#20325)
• 57d1f71 [ty] Simplify unions of enum literals and subtypes thereof (#20324)
• 7a75702 Ignore deprecated rules unless selected by exact code (#20167)
• 9ca632c Stabilize adding future import via config option (#20277)
• 64fe7d3 [flake8-errmsg] Stabilize extending raw-string-in-exception (EM101) to ...
• beeeb8d Stabilize the remaining Airflow rules (#20250)
• b6fca52 [flake8-bugbear] Stabilize support for non-context-manager calls in `assert...
• ac7f882 [flake8-commas] Stabilize support for trailing comma checks in type paramet...
• Additional commits viewable in compare view

Updates mypy from 1.17.1 to 1.18.1

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 1.18

We’ve just uploaded mypy 1.18 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Mypy Performance Improvements

Mypy 1.18 includes numerous performance improvements, resulting in about 40% speedup compared to 1.17 when type checking mypy itself. In extreme cases, the improvement can be 10x or higher. The list below is an overview of the various mypy optimizations. Many mypyc improvements (discussed in a separate section below) also improve performance.

Type caching optimizations have a small risk of causing regressions. When reporting issues with unexpected inferred types, please also check if --disable-expression-cache will work around the issue, as it turns off some of these optimizations.

• Improve self check performance by 1.8% (Jukka Lehtosalo, PR 19768, 19769, 19770)
• Optimize fixed-format deserialization (Ivan Levkivskyi, PR 19765)
• Use macros to optimize fixed-format deserialization (Ivan Levkivskyi, PR 19757)
• Two additional micro‑optimizations (Ivan Levkivskyi, PR 19627)
• Another set of micro‑optimizations (Ivan Levkivskyi, PR 19633)
• Cache common types (Ivan Levkivskyi, PR 19621)
• Skip more method bodies in third‑party libraries for speed (Ivan Levkivskyi, PR 19586)
• Simplify the representation of callable types (Ivan Levkivskyi, PR 19580)
• Add cache for types of some expressions (Ivan Levkivskyi, PR 19505)
• Use cache for dictionary expressions (Ivan Levkivskyi, PR 19536)
• Use cache for binary operations (Ivan Levkivskyi, PR 19523)
• Cache types of type objects (Ivan Levkivskyi, PR 19514)
• Avoid duplicate work when checking boolean operations (Ivan Levkivskyi, PR 19515)
• Optimize generic inference passes (Ivan Levkivskyi, PR 19501)
• Speed up the default plugin (Jukka Lehtosalo, PRs 19385 and 19462)
• Remove nested imports from the default plugin (Ivan Levkivskyi, PR 19388)
• Micro‑optimize type expansion (Jukka Lehtosalo, PR 19461)
• Micro‑optimize type indirection (Jukka Lehtosalo, PR 19460)
• Micro‑optimize the plugin framework (Jukka Lehtosalo, PR 19464)
• Avoid temporary set creation in subtype checking (Jukka Lehtosalo, PR 19463)
• Subtype checking micro‑optimization (Jukka Lehtosalo, PR 19384)
• Return early where possible in subtype check (Stanislav Terliakov, PR 19400)
• Deduplicate some types before joining (Stanislav Terliakov, PR 19409)
• Speed up type checking by caching argument inference context (Jukka Lehtosalo, PR 19323)

... (truncated)

Commits

• 03fbaa9 bump version to 1.18.1 due to wheels failure
• b44a1fb removed +dev from version
• 7197a99 Removed Unreleased in the Changelog for Release 1.18 (#19827)
• ee61cec Updates to 1.18 changelog (#19826)
• 24eed0b Initial changelog for release 1.18 (#19818)
• 0ca1f2a Expose --fixed-format-cache if compiled (#19815)
• 2ce1bb2 [mypyc] Fix subclass processing in detect_undefined_bitmap (#19787)
• a6b55f0 feat: new mypyc primitives for weakref.proxy (#19217)
• 5a323dd Make --allow-redefinition-new argument public (#19796)
• 8638eb4 [stubtest] temporary --ignore-disjoint-bases flag (#19740)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions