update deps(deps): bump the python-packages group across 1 directory with 3 updates

[dependabot]

Bumps the python-packages group with 3 updates in the / directory: lxml, termcolor and mypy.

Updates lxml from 5.3.1 to 5.4.0

Release notes

Sourced from lxml's releases.

lxml-5.4.0

5.4.0 (2025-04-22)

Bugs fixed

• LP#2107279: Binary wheels use libxml2 2.13.8 and libxslt 1.1.43 to resolve several CVEs. (Binary wheels for Windows continue to use a patched libxml2 2.11.9 and libxslt 1.1.39.) Issue found by Anatoly Katyushin, see https://bugs.launchpad.net/lxml/+bug/2107279

lxml-5.3.2

No release notes provided.

Changelog

Sourced from lxml's changelog.

5.4.0 (2025-04-22)

Bugs fixed

• LP#2107279: Binary wheels use libxml2 2.13.8 and libxslt 1.1.43 to resolve several CVEs. (Binary wheels for Windows continue to use a patched libxml2 2.11.9 and libxslt 1.1.39.) Issue found by Anatoly Katyushin.

5.3.2 (2025-04-05)

This release resolves CVE-2025-24928 as described in https://gitlab.gnome.org/GNOME/libxml2/-/issues/847

Bugs fixed

• Binary wheels use libxml2 2.12.10 and libxslt 1.1.42.

• Binary wheels for Windows use a patched libxml2 2.11.9 and libxslt 1.1.39.

Commits

• 6e76d57 Build: Exclude slow Py3.9 wheel builds for s390/ppc and Py3.7 for ARM64.
• ee10c02 Prepare release of lxml 5.4.0.
• 0e4f3c3 Prepare release of lxml 5.3.3.
• b4703fc Update changelog.
• db723bb Build: Use libxslt 1.1.43 instead of 1.1.42 to resolve some CVEs.
• a664877 Build: Use libxml2 2.13.8 instead of 2.12.x to resolve some CVEs.
• df4633e Remove appveyor usage.
• 820db89 CI: Allow Py3.14 jobs to fail.
• 93ad02a docs: Add a note about C compiler installation to error message (GH-454)
• 16878da Add some hints to the documentation on how to build lxml (GH-453)
• Additional commits viewable in compare view

Updates termcolor from 2.5.0 to 3.1.0

Release notes

Sourced from termcolor's releases.

Release 3.1.0

Added

• Add true colour RGB option as input arguments (#102) @​icyveins7
• Cache system lookups to save invocation time (#107) @​miketheman
• Advertise typing via classifier (#104) @​miketheman

Changed

• Migrate coverage configuration to pyproject.toml (#105) @​miketheman

Release 3.0.1

Fixed

• Fix licence filename in metadata (#100) @​hugovk

Release 3.0.0

Added

• Add support for Python 3.14 (#87) @​hugovk

Changed

• Only apply FORCE_COLOR, NO_COLOR and ANSI_COLORS_DISABLED when present and not an empty string (#92) @​hugovk
• Replace deprecated classifier with licence expression (PEP 639) (#95) @​hugovk
• Speedup: move typing imports into type-checking block (#94) @​hugovk
• Lint with faster action-pre-commit-uv: 1m22s -> 48s and 21s -> 15s (#86) @​hugovk

Removed

• Replace literal types with strings (#97) @​hugovk
• Remove deprecated __ALL__, use __all__ instead (#93) @​hugovk

Commits

• 1e0ae11 Test free-threaded Python 3.13t and 3.14t (#111)
• 9e3f5bb Test free-threaded Python 3.13t and 3.14t
• 52bf721 Add mutation testing (#109)
• 968cfa5 Add tests for cprint kwargs
• 6048bd5 Add mutation testing
• fd08149 Test code branches (#108)
• b32a006 Test code branches
• 60815d2 Cache system lookups to save invocation time (#107)
• 7e1e892 Complete coverage via added tests (#106)
• e516dd5 Cache system lookups to save invocation time
• Additional commits viewable in compare view

Updates mypy from 1.15.0 to 1.16.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 1.16

We’ve just uploaded mypy 1.16 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Different Property Getter and Setter Types

Mypy now supports using different types for a property getter and setter:

class A:
    _value: int
@property
def foo(self) -> int:
    return self._value
@foo.setter
def foo(self, x: str | int) -> None:
try:
self._value = int(x)
except ValueError:
raise Exception(f"'{x}' is not a valid value for 'foo'")

This was contributed by Ivan Levkivskyi (PR 18510).

Flexible Variable Redefinitions (Experimental)

Mypy now allows unannotated variables to be freely redefined with different types when using the experimental --allow-redefinition-new flag. You will also need to enable --local-partial-types. Mypy will now infer a union type when different types are assigned to a variable:

# mypy: allow-redefinition-new, local-partial-types
def f(n: int, b: bool) -> int | str:
if b:
x = n
else:
</tr></table>

... (truncated)

Commits

• 9e72e96 Update version to 1.16.0
• 8fe719f Add changelog for 1.16 (#19138)
• 2a036e7 Revert "Infer correct types with overloads of Type[Guard | Is] (#19161)
• b6da4fc Allow enum members to have type objects as values (#19160)
• 334469f [mypyc] Improve documentation of native and non-native classes (#19154)
• a499d9f Document --allow-redefinition-new (#19153)
• 96525a2 Merge commit '9e45dadcf6d8dbab36f83d9df94a706c0b4f9207' into release-1.16
• 9e45dad Clear more data in TypeChecker.reset() instead of asserting (#19087)
• 772cd0c Add --strict-bytes to --strict (#19049)
• 0b65f21 Admit that Final variables are never redefined (#19083)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Reviewers

The following users could not be added as reviewers: oliverkillane. Either the username does not exist or it does not have the correct permissions to be added as a reviewer.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

The reviewers field in the dependabot.yml file will be removed soon. Please use the code owners file to specify reviewers for Dependabot PRs. For more information, see this blog post.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.