chore(deps): pin dependencies

[khepri-bot]

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
actions/checkout	action	pinDigest	→ 34e1148
codespell	tool.pdm.dev-dependencies	pin	~=2.2.6 → ==2.2.6
github/codeql-action	action	pinDigest	→ 5c8a8a6
mypy (changelog)	tool.pdm.dev-dependencies	pin	~=1.9.0 → ==1.9.0
pdm-project/setup-pdm	action	pinDigest	→ 94a8231
pylint (changelog)	tool.pdm.dev-dependencies	pin	~=3.1.0 → ==3.1.0
pytest (changelog)	tool.pdm.dev-dependencies	pin	~=8.1.1 → ==8.1.1
pytest-mock (changelog)	tool.pdm.dev-dependencies	pin	~=3.14.0 → ==3.14.0
pytest-sugar	tool.pdm.dev-dependencies	pin	~=1.0.0 → ==1.0.0
python (source)	requires-python	pin	>=3.8 → ==3.14.4
requests (changelog)	tool.pdm.dev-dependencies	pin	>=2.31.0 → ==2.31.0
ruff (source, changelog)	tool.pdm.dev-dependencies	pin	~=0.3.7 → ==0.3.7
safety (changelog)	tool.pdm.dev-dependencies	minor	==3.1.0 → ==3.7.0
tox (changelog)	tool.pdm.dev-dependencies	pin	~=4.14.2 → ==4.14.2
tox-pdm	tool.pdm.dev-dependencies	pin	~=0.7.2 → ==0.7.2

---

Release Notes

pyupio/safety (safety)

v3.7.0

Compare Source

Fix

• npm ecosystem check on render package details (#​820)

v3.6.2

Compare Source

v3.6.1

Compare Source

Fix

• Import rich_utils as a module and don't access as an attribute. (#​780)

v3.6.0

Compare Source

v3.5.2

Compare Source

Fix

• resolve logger warnings (#​761)

v3.5.1

Compare Source

v3.5.0

Compare Source

Fix

• poetry error on source and parsing pyproject.toml (#​739)

v3.4.0

Compare Source

v3.3.1

Compare Source

v3.3.0

Compare Source

v3.2.14

Compare Source

• Add fun-mode (#​649)
• Package version upgrade for psutil and filelock (#​652)
• Package version upgrade for typer (#​654)
• Package version upgrade for pydantic (#​655)
• Add "--use-server-matching" arguement (#​640)
• Bugfix for safety "NoneType is not iterable" error (#​657)

v3.2.13

Compare Source

• Remove email verification for running scans (#​645)

v3.2.12

Compare Source

• Add CVE Details and Single-Key Filtering for JSON Output in safety scan (#​643)
• feature/add-branch-name (#​641)
• feat/add --headless to --help (#​636)

v3.2.11

Compare Source

• chore/upgrade-dparse (#​633)
• Migrate to PyPI Trusted Publisher for Automated Package Deployment (#​632)
• fix/fix-test-validate-func (#​631)
• feat: api keys now work without specifying the env (#​630)
• fix:jupyter notebook rich format removal (#​628)

v3.2.10

Compare Source

• Support for scanning pyproject.toml files (#​625)
• Update safety-schemas version used (#​624)
• Fix basic poloicy test (#​622)

v3.2.9

Compare Source

• chore: deprection-message-for-license-command (4149b70)
• feat: add-pull-request-template (#​604) (61b2fe2)
• fix: devcontainer fix (be42d8e)
• fix: safety error when scan is run without being authed (5ec80dd)
• feat: add-devcontainers-support (0591838)
• fix: internal-server-error (04d7efb)
• fix: clarify-vulnerabilities-found/ Fixed the issue where the vulnerabilities (07bc5b7)
• chore: added check arg depreciation warning (78109e5)
• feature: release-script: add release script (#​602) (cc49542)

v3.2.8

Compare Source

• feat: enhance version comparison logic for check-updates command (#​605)
• docs: add demo Jupyter Notebook (#​601)
• feat: add script to generate CONTRIBUTORS.md with Shields.io badges based on merged PRs (#​600)
• chore: fix CLI help text by removing rich formatting for cleaner output (#​599)
• chore: hide system scan from help text (#​598)
• chore: add LICENSES.md file to document dependency licenses (#​597)
• docs: add SECURITY.md file with security policy and bug bounty details (#​593)

v3.2.7

Compare Source

• fix/increase-auth-timeout: increase timeout to 5s (#​583)
• Update Issue Templates: Add Feature Request Template and Improve Issue Submission Process (#​580)

v3.2.6

Compare Source

• fix/update-schemas-0-0-4 (#​581)
• chore/update-coc-email (#​579)
• docs(contributing): add CONTRIBUTING.md with guidelines for contributors (#​571)
• chore: update-network-url (#​569)

v3.2.5

Compare Source

• fix: increment schemas version (#​567)
• Add SLA Document (#​565)
• Add Table of Contents to README.md (#​564)
• docs: code of conduct (#​559)
• Add More Badges (#​558)
• feat: fixed issue responder (#​561)
• feat(logger): config.ini, proxy, network stats (#​547)
• refactor: replace private typer functions with rich module equivalents (#​556)
• feat(safety_cli): docstrings, type hints, comments (#​549)
• feat: add GitHub Action to automatically respond to new issues (#​554)
• readme: add download badge to readme (#​557)
• fix(debug): fix --debug flag and associated tests (#​552)
• chore: release 3.2.4 (#​545)
• fix(cache): handle get_from_cache=None and ensure directory exists (#​544)
• REQUEST_TIMEOUT Env Var (#​541)
• Update URLs, Lint (#​540)

v3.2.4

Compare Source

• Handle get_from_cache=None and ensure directory exists (#​538)
• Switch filelock package to compatible release clause (#​538)
• Add filelock to install_requires (#​538)

v3.2.3

Compare Source

• Increase request timeout to 30 seconds (#​535)
• fix: fail on none severities (#​534)

v3.2.2

Compare Source

• fix: include scan template in build (#​531)

v3.2.1

Compare Source

• Add fun-mode (#​649)
• Package version upgrade for psutil and filelock (#​652)
• Package version upgrade for typer (#​654)
• Package version upgrade for pydantic (#​655)
• Add "--use-server-matching" arguement (#​640)
• Bugfix for safety "NoneType is not iterable" error (#​657)

v3.2.0

Compare Source

• feat: add SAFETY_DB_DIR env var to the scan command (#​523)
• fix: update pyinstaller target (#​522)
• docs: added note on hiring and added careers page link (#​510)

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 05:59 AM, only on Monday ( * 0-5 * * 1 ) in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[khepri-bot]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pdm.lock

spawn pdm ENOENT