build(deps): bump the general group with 3 updates

[dependabot]

Bumps the general group with 3 updates: attrs, pyzmq and wheel.

Updates attrs from 23.2.0 to 24.1.0

Commits

• See full diff in compare view

Updates pyzmq from 26.0.3 to 26.1.0

Release notes

Sourced from pyzmq's releases.

v26.1.0

See release notes, or pyzmq on PyPI.

Install with:

pip install 'pyzmq==26.1.0'

Commits

• a4abc3c Bump to 26.1.0
• 2eb6f03 Merge pull request #2008 from minrk/bump
• 4592112 Merge pull request #2009 from minrk/261
• f80c53c changelog for 26.1
• dc6878f cibuildwheel 2.20
• 2ef5633 Merge pull request #2007 from minrk/3.13t
• 74c919b Bump to 26.1.0.dev
• d6d8c22 fix skip syntax
• 3fbb0b4 Merge pull request #2005 from minrk/3.13t
• af8f660 Merge pull request #2006 from minrk/extra-index-env
• Additional commits viewable in compare view

Updates wheel from 0.43.0 to 0.44.0

Release notes

Sourced from wheel's releases.

0.44.0

• Canonicalized requirements in METADATA file (PR by Wim Jeantine-Glenn)
• Deprecated the bdist_wheel module, as the code was migrated to setuptools itself

Changelog

Sourced from wheel's changelog.

Release Notes

0.44.0 (2024-08-04)

• Canonicalized requirements in METADATA file (PR by Wim Jeantine-Glenn)
• Deprecated the bdist_wheel module, as the code was migrated to setuptools itself

0.43.0 (2024-03-11)

• Dropped support for Python 3.7
• Updated vendored packaging to 24.0

0.42.0 (2023-11-26)

• Allowed removing build tag with wheel tags --build ""
• Fixed wheel pack and wheel tags writing updated WHEEL fields after a blank line, causing other tools to ignore them
• Fixed wheel pack and wheel tags writing WHEEL with CRLF line endings or a mix of CRLF and LF
• Fixed wheel pack --build-number "" not removing build tag from WHEEL (above changes by Benjamin Gilbert)

0.41.3 (2023-10-30)

• Updated vendored packaging to 23.2
• Fixed ABI tag generation for CPython 3.13a1 on Windows (PR by Sam Gross)

0.41.2 (2023-08-22)

• Fixed platform tag detection for GraalPy and 32-bit python running on an aarch64 kernel (PR by Matthieu Darbois)
• Fixed wheel tags to not list directories in RECORD files (PR by Mike Taves)
• Fixed ABI tag generation for GraalPy (PR by Michael Simacek)

0.41.1 (2023-08-05)

• Fixed naming of the data_dir directory in the presence of local version segment given via egg_info.tag_build (PR by Anderson Bravalheri)
• Fixed version specifiers in Requires-Dist being wrapped in parentheses

0.41.0 (2023-07-22)

• Added full support of the build tag syntax to wheel tags (you can now set a build tag like 123mytag)
• Fixed warning on Python 3.12 about onerror deprecation. (PR by Henry Schreiner)
• Support testing on Python 3.12 betas (PR by Ewout ter Hoeven)

... (truncated)

Commits

• 7bb46d7 Created a new release
• 0add7d6 Deprecated bdist_wheel and updated the README (#631)
• 46c2389 chore: make sure local ruff runs don't touch vendored (#618)
• 78b9ea9 Updated Cirrus CI config to use FreeBSD 14
• 3d3916a [pre-commit.ci] pre-commit autoupdate (#627)
• 1e00742 Revert "Apply new ruff/pyupgrade rule UP032 (#617)"
• 16206e6 Apply new ruff/pyupgrade rule UP032 (#617)
• 0b7771e Updated pre-commit modules and applied ruff fixes
• bd8ab85 Extended the ruff rule list and applied fixes
• 376373b Allow bdist_wheel working without ctypes (#613)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
pip/attrs	24.1.0	🟢 7.4	Details Check Score Reason Code-Review ⚠️ 0 Found 2/29 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices 🟢 5 badge detected: Passing Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 7 SAST tool detected but not run on all commits Packaging 🟢 10 packaging workflow detected
pip/pyzmq	26.1.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 0 Found 0/10 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 4 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Packaging 🟢 10 packaging workflow detected
pip/wheel	0.44.0	🟢 5.3	Details Check Score Reason Maintained 🟢 4 5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4 Code-Review 🟢 3 Found 9/24 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected Security-Policy ⚠️ 0 security policy file not detected SAST 🟢 4 SAST tool is not run on all commits -- score normalized to 4

Scanned Manifest Files

requirements.txt

• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]