Bump the minor-and-patch group across 1 directory with 6 updates

[dependabot]

Bumps the minor-and-patch group with 6 updates in the / directory:

Package	From	To
tqdm	4.67.1	4.67.3
mypy	1.19.0	1.19.1
pre-commit	4.5.0	4.5.1
types-tqdm	4.67.0.20250809	4.67.3.20260205
mkdocs-material	9.7.0	9.7.1
safety	3.6.2	3.7.0

Updates tqdm from 4.67.1 to 4.67.3

Release notes

Sourced from tqdm's releases.

tqdm v4.67.3 stable

• fix py3.7 dependencies (#1706 <- #1705)

tqdm v4.67.2 stable

• support pandas>=3 (#1703 <- #1701, #1650, #1700)
• fix format_interval for negative numbers (#1703)
• misc linting
• framework updates (#1704)
  • bump CI workflow & pre-commit dependencies
  • add pyupgrade
  • add py3.13 support
  • fix py3.7 tests
  • update setuptools-scm usage
  • support auto-dedented docstrings when building docs in py3.13
• tests: relax flaky benchmarks

Commits

• 75bdb6c fix py3.7 compat
• 09a863b bump version, merge pull request #1704 from tqdm/devel
• 33d24cd update pyproject syntax
• 70b9124 add py3.13 support
• a74d8f8 drop _dist_ver
• 14d72e2 Merge pull request #1703 from wingding12/fix-pandas-3.0-and-negative-interval
• a69dac8 fix dedented docstrings
• a986d22 tests: fix pandas deprecation warnings
• bb7aa4d tests: fix pandas deprecated applymap
• 0647db1 misc tidy
• Additional commits viewable in compare view

Updates mypy from 1.19.0 to 1.19.1

Changelog

Sourced from mypy's changelog.

Mypy 1.19.1

• Fix noncommutative joins with bounded TypeVars (Shantanu, PR 20345)
• Respect output format for cached runs by serializing raw errors in cache metas (Ivan Levkivskyi, PR 20372)
• Allow types.NoneType in match cases (A5rocks, PR 20383)
• Fix mypyc generator regression with empty tuple (BobTheBuidler, PR 20371)
• Fix crash involving Unpack-ed TypeVarTuple (Shantanu, PR 20323)
• Fix crash on star import of redefinition (Ivan Levkivskyi, PR 20333)
• Fix crash on typevar with forward ref used in other module (Ivan Levkivskyi, PR 20334)
• Fail with an explicit error on PyPy (Ivan Levkivskyi, PR 20389)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

• A5rocks
• BobTheBuidler
• bzoracler
• Chainfire
• Christoph Tyralla
• David Foster
• Frank Dana
• Guo Ci
• iap
• Ivan Levkivskyi
• James Hilton-Balfe
• jhance
• Joren Hammudoglu
• Jukka Lehtosalo
• KarelKenens
• Kevin Kannammalil
• Marc Mueller
• Michael Carlstrom
• Michael J. Sullivan
• Piotr Sawicki
• Randolf Scholz
• Shantanu
• Sigve Sebastian Farstad
• sobolevn
• Stanislav Terliakov
• Stephen Morton
• Theodore Ando
• Thiago J. Barbalho
• wyattscarpenter

I’d also like to thank my employer, Dropbox, for supporting mypy development.

Mypy 1.18

We’ve just uploaded mypy 1.18.1 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance

... (truncated)

Commits

• 412c19a Bump version to 1.19.1
• 20aea0a Update changelog for 1.19.1 (#20414)
• 2b23b50 Serialize raw errors in cache metas (#20372)
• f60f90f Fail on PyPy in main instead of setup.py (#20389)
• 58d485b Fail with an explicit error on PyPy (#20384)
• a4b31a2 Allow types.NoneType in match cases (#20383)
• 8a6eff4 [mypyc] fix generator regression with empty tuple (#20371)
• 70eceea Fix noncommutative joins with bounded TypeVars (#20345)
• 3890fc4 Fix crash involving Unpack-ed TypeVarTuple (#20323)
• c93d917 Fix crash on star import of redefinition (#20333)
• Additional commits viewable in compare view

Updates pre-commit from 4.5.0 to 4.5.1

Release notes

Sourced from pre-commit's releases.

pre-commit v4.5.1

Fixes

• Fix language: python with repo: local without additional_dependencies.
  • #3597 PR by @​asottile.

Changelog

Sourced from pre-commit's changelog.

4.5.1 - 2025-12-16

Fixes

• Fix language: python with repo: local without additional_dependencies.
  • #3597 PR by @​asottile.

Commits

• 8a0630c v4.5.1
• fcbc745 Merge pull request #3597 from pre-commit/empty-setup-py
• 51592ee fix python local template when artifact dirs are present
• 67e8faf Merge pull request #3596 from pre-commit/pre-commit-ci-update-config
• c251e6b [pre-commit.ci] pre-commit autoupdate
• 98ccafa Merge pull request #3593 from pre-commit/pre-commit-ci-update-config
• 4895355 [pre-commit.ci] pre-commit autoupdate
• 2cedd58 Merge pull request #3588 from pre-commit/pre-commit-ci-update-config
• 465192d [pre-commit.ci] pre-commit autoupdate
• fd42f96 Merge pull request #3586 from pre-commit/zipapp-sha256-file-not-needed
• Additional commits viewable in compare view

Updates types-tqdm from 4.67.0.20250809 to 4.67.3.20260205

Commits

• See full diff in compare view

Updates mkdocs-material from 9.7.0 to 9.7.1

Release notes

Sourced from mkdocs-material's releases.

mkdocs-material-9.7.1

[!WARNING]

Material for MkDocs is in maintenance mode

Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs until November 2026.

Read the full announcement on our blog

Changes

• Updated requests to 2.30+ to mitigate CVE in urllib
• Fixed privacy plugin not picking up protocol-relative URLs
• Fixed #8542: false positives and negatives captured in privacy plugin

Changelog

Sourced from mkdocs-material's changelog.

mkdocs-material-9.7.1 (2025-12-18)

• Updated requests to 2.30+ to mitigate CVE in urllib
• Fixed privacy plugin not picking up protocol-relative URLs
• Fixed #8542: false positives and negatives captured in privacy plugin

mkdocs-material-9.7.0 (2025-11-11)

⚠️ Material for MkDocs is now in maintenance mode

This is the last release of Material for MkDocs that will receive new features. Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs for 12 months at least.

Read the full announcement on our blog: https://squidfunk.github.io/mkdocs-material/blog/2025/11/05/zensical/

This release includes all features that were previously exclusive to the Insiders edition. These features are now freely available to everyone.

Note on deprecated plugins: The projects and typeset plugins are included in this release, but must be considered deprecated. Both plugins proved unsustainable to maintain and represent architectural dead ends. They are provided as-is without ongoing support.

Changes:

• Added support for pinned blog posts and author profiles
• Added support for customizing pagination for blog index pages
• Added support for customizing blog category sort order
• Added support for staying on page when switching languages
• Added support for disabling tags in table of contents
• Added support for nested tags and shadow tags
• Added support for footnote tooltips
• Added support for instant previews
• Added support for instant prefetching
• Added support for custom social card layouts
• Added support for custom social card background images
• Added support for selectable rangs in code blocks
• Added support for custom selectors for code annotations
• Added support for configurable log level in privacy plugin
• Added support for processing of external links in privacy plugin
• Added support for automatic image optimization via optimize plugin
• Added support for navigation paths (breadcrumbs)
• Fixed #8519: Vector accents do not render when using KaTeX

mkdocs-material-9.6.23 (2025-11-01)

• Updated Burmese translation

... (truncated)

Commits

• 7e236f6 Temporarily disable publishing
• 3941491 Fixed CI
• 034eaf7 Prepare 9.7.1 release
• 79ba428 Fixed privacy plugin not picking up protocol-relative URLs
• 61cad24 Updated dependencies
• dde13ce Fixed false positives and negatives captured in privacy plugin (#8542)
• 291012d Updated requests to 2.30+ to mitigate CVE in urllib
• 673d8ca Fixed links
• 1722784 Documentation
• aee925f Fixed links
• Additional commits viewable in compare view

Updates safety from 3.6.2 to 3.7.0

Release notes

Sourced from safety's releases.

Version 3.7.0

What's Changed

• bump: version 3.7.0b5 → 3.7.0 (9df3a6f)
• fix: npm ecosystem check on render package details (#820) (9780ac2)

Version 3.7.0b5

What's Changed

• bump: version 3.7.0b4 → 3.7.0b5 (7f138f1)
• fix: bash priority issues (#819) (933dc82)

Version 3.7.0b4

What's Changed

• bump: version 3.7.0b3 → 3.7.0b4 (3b1e4dc)
• ci: remove version from the artifacts name (#818) (c5134b5)

Version 3.7.0b3

What's Changed

• bump: version 3.7.0b2 → 3.7.0b3 (04f24e5)
• ci: separate checksum artifacts for signed and unsigned builds (#817) (a08a347)

Version 3.7.0b0

What's Changed

• bump: version 3.6.2 → 3.7.0b0 (b289a6c)
• fix: replace deprecated pkg_resources with importlib.metadata (#813) (c1e07ef)
• chore: drop python 3.8 support (#791) (a41c82b)
• chore: set minimum tenacity version to 8.1.0 (#812) (973a265)
• chore: restructure GitHub issue templates and remove bug bounty references (#811) (2fcbe72)
• feat: add firewall support for NPM (#800) (5d44edf)

Changelog

Sourced from safety's changelog.

3.7.0 (2025-11-06)

Fix

• npm ecosystem check on render package details (#820)

3.7.0b5 (2025-11-04)

Fix

• bash priority issues (#819)

3.7.0b4 (2025-11-03)

3.7.0b3 (2025-11-03)

3.7.0b2 (2025-11-03)

3.7.0b1 (2025-11-03)

3.7.0b0 (2025-10-22)

Feat

• add firewall support for NPM (#800)

Fix

• replace deprecated pkg_resources with importlib.metadata (#813)

Commits

• 9df3a6f bump: version 3.7.0b5 → 3.7.0
• 9780ac2 fix: npm ecosystem check on render package details (#820)
• 7f138f1 bump: version 3.7.0b4 → 3.7.0b5
• 933dc82 fix: bash priority issues (#819)
• 3b1e4dc bump: version 3.7.0b3 → 3.7.0b4
• c5134b5 ci: remove version from the artifacts name (#818)
• 04f24e5 bump: version 3.7.0b2 → 3.7.0b3
• a08a347 ci: separate checksum artifacts for signed and unsigned builds (#817)
• 2ff7ace bump: version 3.7.0b1 → 3.7.0b2
• 2964f19 ci: load version on release jobs (#816)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.