chore(deps): bump the dependencies group in /AegisLab/scripts/command with 6 updates

[dependabot]

Bumps the dependencies group in /AegisLab/scripts/command with 6 updates:

Package	From	To
typer	0.24.2	0.25.1
uv	0.11.7	0.11.8
gitpython	3.1.47	3.1.49
pymysql	1.1.2	1.1.3
ruff	0.15.11	0.15.12
pytest-order	1.3.0	1.4.0

Updates typer from 0.24.2 to 0.25.1

Release notes

Sourced from typer's releases.

0.25.1

Features

• 🔧 Add Typer Library Skill for Agents. PR #1620 by @​svlandeg.

Internal

• ⬆ Bump ruff from 0.15.11 to 0.15.12. PR #1722 by @​dependabot[bot].
• ⬆ Bump prek from 0.3.10 to 0.3.11. PR #1723 by @​dependabot[bot].

0.25.0

Features

• 🚸 Don't truncate code lines in traceback when formatted with Rich. PR #1695 by @​YuriiMotov.

Changelog

Sourced from typer's changelog.

0.25.1 (2026-04-30)

Features

• 🔧 Add Typer Library Skill for Agents. PR #1620 by @​svlandeg.

Internal

• ⬆ Bump ruff from 0.15.11 to 0.15.12. PR #1722 by @​dependabot[bot].
• ⬆ Bump prek from 0.3.10 to 0.3.11. PR #1723 by @​dependabot[bot].

0.25.0 (2026-04-26)

Features

• 🚸 Don't truncate code lines in traceback when formatted with Rich. PR #1695 by @​YuriiMotov.

Commits

• cfcc2ef 🔖 Release version 0.25.1
• 13846cc 📝 Update release notes
• a437469 🔧 Add Typer Library Skill for Agents (#1620)
• ba6cc2c 📝 Update release notes
• 0f3ead0 ⬆ Bump ruff from 0.15.11 to 0.15.12 (#1722)
• db4ade6 📝 Update release notes
• 5a5206c ⬆ Bump prek from 0.3.10 to 0.3.11 (#1723)
• 959845e 🔖 Release version 0.25.0
• 5e1fcfb 📝 Update release notes
• dfb21ad 🚸 Don't truncate code lines in traceback when formatted with Rich (#1695)
• See full diff in compare view

Updates uv from 0.11.7 to 0.11.8

Release notes

Sourced from uv's releases.

0.11.8

Release Notes

Released on 2026-04-27.

Enhancements

• Add --python-downloads-json-url to python pin (#19092)
• Fetch uv from Astral mirror during self-update (#18682)
• Support pip uninstall -y (#19082)
• Allow exclude-newer to be missing from the lockfile when exclude-newer-span is present (#19024)
• Only show the version number in uv self version --short (#19019)
• Silence warnings on empty SSL_CERT_DIR directory (#19018)
• Use a sentinel timestamp for relative exclude-newer and exclude-newer-package values in lockfiles (#19022, #19101)

Configuration

• Add UV_PYTHON_NO_REGISTRY (#19035)
• Add an environment variable for UV_NO_PROJECT (#19052)
• Expose UV_PYTHON_SEARCH_PATH for Python discovery PATH overrides (#19034)

Bug fixes

• Add rust-toolchain.toml to uv-build sdist (#19131)
• Ensure uv invocations of git do not inherit repository location environment variables (#19088)
• Redact pre-signed upload URLs in verbose output (#19146)
• Handle transitive URL dependencies in PEP 517 build requirements (#19076, #19086)
• Support uv lock on a pyproject.toml that only contains dependency-groups (#19087)
• Disable transparent Python upgrades in projects when a patch version is requested via .python-version (#19102)
• Fix Python variant tagging in the Windows registry (#19012)
• Ban external symlinks in .tar.zst wheels (#19144)

Distributions

• Remove deprecated license classifiers from uv-build and add Python 3.14 classifier (#19130)

Documentation

• Bump astral-sh/setup-uv version in docs (#19030)
• Update PyTorch documentation for PyTorch 2.11 (#19095)

Install uv 0.11.8

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.8/uv-installer.sh | sh

Install prebuilt binaries via powershell script

... (truncated)

Changelog

Sourced from uv's changelog.

0.11.8

Released on 2026-04-27.

Enhancements

• Add --python-downloads-json-url to python pin (#19092)
• Fetch uv from Astral mirror during self-update (#18682)
• Support pip uninstall -y (#19082)
• Allow exclude-newer to be missing from the lockfile when exclude-newer-span is present (#19024)
• Only show the version number in uv self version --short (#19019)
• Silence warnings on empty SSL_CERT_DIR directory (#19018)
• Use a sentinel timestamp for relative exclude-newer and exclude-newer-package values in lockfiles (#19022, #19101)

Configuration

• Add UV_PYTHON_NO_REGISTRY (#19035)
• Add an environment variable for UV_NO_PROJECT (#19052)
• Expose UV_PYTHON_SEARCH_PATH for Python discovery PATH overrides (#19034)

Bug fixes

• Add rust-toolchain.toml to uv-build sdist (#19131)
• Ensure uv invocations of git do not inherit repository location environment variables (#19088)
• Redact pre-signed upload URLs in verbose output (#19146)
• Handle transitive URL dependencies in PEP 517 build requirements (#19076, #19086)
• Support uv lock on a pyproject.toml that only contains dependency-groups (#19087)
• Disable transparent Python upgrades in projects when a patch version is requested via .python-version (#19102)
• Fix Python variant tagging in the Windows registry (#19012)
• Ban external symlinks in .tar.zst wheels (#19144)

Distributions

• Remove deprecated license classifiers from uv-build and add Python 3.14 classifier (#19130)

Documentation

• Bump astral-sh/setup-uv version in docs (#19030)
• Update PyTorch documentation for PyTorch 2.11 (#19095)

Commits

• 0e961dd Bump version to 0.11.8 (#19184)
• 3e9c333 Configure logging before globals (#19155)
• 84a3244 Redact pre-signed upload URLs in verbose output (#19146)
• 51448c2 Use a single codepath for extracting a .tar.zst wheel (#19144)
• 5f461d6 Allow scripts/build-trampolines.sh to try podman when it's available (#19134)
• dea9815 uv-build: fixup classifiers (#19130)
• 15118d7 Drop whoami dependency (#19132)
• 992be06 Add rust-toolchain.toml to uv-build sdist (#19131)
• d46a7b6 Fix pip_compile test (#19129)
• 282919c Share pylock.toml reading and resolution in pip commands (#19125)
• Additional commits viewable in compare view

Updates gitpython from 3.1.47 to 3.1.49

Release notes

Sourced from gitpython's releases.

3.1.49 - Security

What's Changed

• reject control chars in written values in configuration by @​Byron in gitpython-developers/GitPython#2137
• Improve pure Python rev-parse coverage and behavior by @​Copilot in gitpython-developers/GitPython#2136

Full Changelog: gitpython-developers/GitPython@3.1.48...3.1.49

3.1.48 - Security

Accidentally deleted the previous GH release, it did mention the advisory this fixes.

What's Changed

• prevent out-of-repo access when manipulating references. by @​Byron in gitpython-developers/GitPython#2134

Full Changelog: gitpython-developers/GitPython@3.1.47...3.1.48

Commits

• aee2fd5 bump version to 3.1.49
• 1c4ea96 Merge pull request #2136 from gitpython-developers/copilot/create-reproducing...
• 6cf7ac3 Address rev-parse review feedback
• b049a13 Merge pull request #2137 from gitpython-developers/fix-config-injection
• bdbdf4b Fix rev-parse CI issues
• d7ce6fc Improve pure Python rev-parse coverage and behavior (#2135)
• 8e24503 avoid duplicate validation in set_value
• c417af4 reject control chars in written values in configuration
• 5a15361 a new release with safer reference creation
• dbfa264 Merge pull request #2134 from gitpython-developers/validate-ref-creation
• Additional commits viewable in compare view

Updates pymysql from 1.1.2 to 1.1.3

Release notes

Sourced from pymysql's releases.

v1.1.3

What's Changed

• callproc: escape procname by @​methane in PyMySQL/PyMySQL#1225
• use ubuntu-slim and dependabot by @​methane in PyMySQL/PyMySQL#1226
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in PyMySQL/PyMySQL#1227
• Bump codecov/codecov-action from 5 to 6 by @​dependabot[bot] in PyMySQL/PyMySQL#1228
• Bump actions/setup-python from 5 to 6 by @​dependabot[bot] in PyMySQL/PyMySQL#1229
• release 1.1.3 by @​methane in PyMySQL/PyMySQL#1230

New Contributors

• @​dependabot[bot] made their first contribution in PyMySQL/PyMySQL#1227

Full Changelog: PyMySQL/PyMySQL@v1.1.2...v1.1.3

Changelog

Sourced from pymysql's changelog.

v1.1.3

Release date: 2026-05-01

Security

• Fix Cursor.callproc() didn't escape procedure name. (#1206) There was a possibility of SQL injection when calling a procedure with a string received from an untrusted source as the procedure name.

  NOTICE: This change may cause backward compatibility issues. If you specified a procedure name like "dbname.funcname", the previous version called CALL dbname.funcname, but from this version, it will call CALL `dbname.funcname` so you cannot specify procedure name with database name anymore.

Commits

• 5613187 release 1.1.3 (#1230)
• d498f5e Bump actions/setup-python from 5 to 6 (#1229)
• a38d40f Bump codecov/codecov-action from 5 to 6 (#1228)
• d37c7df Bump actions/checkout from 4 to 6 (#1227)
• b157d4f dependabot: enable grouping
• 61b30d8 use ubuntu-slim and dependabot (#1226)
• 8116389 callproc: escape procname (#1225)
• See full diff in compare view

Updates ruff from 0.15.11 to 0.15.12

Release notes

Sourced from ruff's releases.

0.15.12

Release Notes

Released on 2026-04-24.

Preview features

• Implement #ruff:file-ignore file-level suppressions (#23599)
• Implement #ruff:ignore logical-line suppressions (#23404)
• Revert preview changes to displayed diagnostic severity in LSP (#24789)
• [airflow] Implement task-branch-as-short-circuit (AIR004) (#23579)
• [flake8-bugbear] Fix break/continue handling in loop-iterator-mutation (B909) (#24440)
• [pylint] Fix PLC2701 for type parameter scopes (#24576)

Rule changes

• [pandas-vet] Suggest .array as well in PD011 (#24805)

CLI

• Respect default Unix permissions for cache files (#24794)

Documentation

• [pylint] Fix PLR0124 description not to claim self-comparison always returns the same value (#24749)
• [pyupgrade] Expand docs on reusable TypeVars and scoping (UP046) (#24153)
• Improve rules table accessibility (#24711)

Contributors

• @​dylwil3
• @​AlexWaygood
• @​woodruffw
• @​avasis-ai
• @​Dev-iL
• @​denyszhak
• @​ShipItAndPray
• @​anishgirianish
• @​augustelalande
• @​amyreese
• @​majiayu000

Install ruff 0.15.12

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.12/ruff-installer.sh | sh

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.12

Released on 2026-04-24.

Preview features

• Implement #ruff:file-ignore file-level suppressions (#23599)
• Implement #ruff:ignore logical-line suppressions (#23404)
• Revert preview changes to displayed diagnostic severity in LSP (#24789)
• [airflow] Implement task-branch-as-short-circuit (AIR004) (#23579)
• [flake8-bugbear] Fix break/continue handling in loop-iterator-mutation (B909) (#24440)
• [pylint] Fix PLC2701 for type parameter scopes (#24576)

Rule changes

• [pandas-vet] Suggest .array as well in PD011 (#24805)

CLI

• Respect default Unix permissions for cache files (#24794)

Documentation

• [pylint] Fix PLR0124 description not to claim self-comparison always returns the same value (#24749)
• [pyupgrade] Expand docs on reusable TypeVars and scoping (UP046) (#24153)
• Improve rules table accessibility (#24711)

Contributors

• @​dylwil3
• @​AlexWaygood
• @​woodruffw
• @​avasis-ai
• @​Dev-iL
• @​denyszhak
• @​ShipItAndPray
• @​anishgirianish
• @​augustelalande
• @​amyreese
• @​majiayu000

Commits

• 66f93cf Bump 0.15.12 (#24815)
• 476a4d0 [ty] Complete support for more detailed diagnostics on possibly unbound error...
• ed669ea Implement #ruff:file-ignore file-level suppressions (#23599)
• e73d952 [ty] Include inferred type in invalid-key concise diagnostic for union/inte...
• 80feb29 [ty] report only dead annotation-only locals as unused (#24811)
• 0fbf2bc Drop deprecated license classifier (#24808)
• 43b174c [ty] Infer lambda parameter types with Callable type context (#24317)
• 4f449ae [ty] Add error context for intersection types (#24772)
• 5b4e753 [ty] Add support for goto in literal enum member inlay hint (#24792)
• e7cc762 [ty] Add error context for TypedDict assignments (#24790)
• Additional commits viewable in compare view

Updates pytest-order from 1.3.0 to 1.4.0

Release notes

Sourced from pytest-order's releases.

pytest-order 1.4.0

Allows the plugin to run after --failed-first and similar options. Check the release notes for all changes.

Changelog

Sourced from pytest-order's changelog.

Version 1.4.0 (2026-04-26)

Allows the plugin to run after --failed-first and similar options.

Changes

• removed official support for Python 3.7-3.9 (EOL), added Python 3.13 and 3.14

New features

• added option --order-after-ff, that allows to run pytest-order after built-in hooks like the --failed-first option (see #234)

Infrastructure

• use trusted publisher for release (see https://docs.pypi.org/trusted-publishers/)
• use pyproject.toml for project setup

Documentation

• use a theme for documentation supporting dark mode
• added use case for ordering test modules (see #51)
• fixed documentation for --indulgent-ordering option

Commits

• 43375ca Release 1.4.0
• 0e1d1ef Added option --order-after-ff
• 3c5f6f9 Remove Python 3.9, add Python 3.14 to CI
• 66dd806 [pre-commit.ci] pre-commit autoupdate
• 6a76a94 [pre-commit.ci] pre-commit autoupdate
• 87112f4 [pre-commit.ci] pre-commit autoupdate
• 4d84b46 Bump codecov/codecov-action from 5 to 6
• 9933cf5 [pre-commit.ci] pre-commit autoupdate
• f9c43a1 [pre-commit.ci] pre-commit autoupdate
• 783c9b6 [pre-commit.ci] pre-commit autoupdate
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

aegisctl schema diff

• PR: chore(deps): bump the dependencies group in /AegisLab/scripts/command with 6 updates #351
• Base: 1068cd1
• Head: 2c6acf0

No schema changes were detected.

Gate result: PASS

No action required from schema-gate policy.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.