Bump the actions group with 3 updates

[dependabot]

Bumps the actions group with 3 updates: ruff, beartype and pyrefly.

Updates ruff from 0.14.2 to 0.14.3

Release notes

Sourced from ruff's releases.

0.14.3

Release Notes

Released on 2025-10-30.

Preview features

• Respect --output-format with --watch (#21097)
• [pydoclint] Fix false positive on explicit exception re-raising (DOC501, DOC502) (#21011)
• [pyflakes] Revert to stable behavior if imports for module lie in alternate branches for F401 (#20878)
• [pylint] Implement stop-iteration-return (PLR1708) (#20733)
• [ruff] Add support for additional eager conversion patterns (RUF065) (#20657)

Bug fixes

• Fix finding keyword range for clause header after statement ending with semicolon (#21067)
• Fix syntax error false positive on nested alternative patterns (#21104)
• [ISC001] Fix panic when string literals are unclosed (#21034)
• [flake8-django] Apply DJ001 to annotated fields (#20907)
• [flake8-pyi] Fix PYI034 to not trigger on metaclasses (PYI034) (#20881)
• [flake8-type-checking] Fix TC003 false positive with future-annotations (#21125)
• [pyflakes] Fix false positive for __class__ in lambda expressions within class definitions (F821) (#20564)
• [pyupgrade] Fix false positive for TypeVar with default on Python <3.13 (UP046,UP047) (#21045)

Rule changes

• Add missing docstring sections to the numpy list (#20931)
• [airflow] Extend airflow.models..Param check (AIR311) (#21043)
• [airflow] Warn that airflow....DAG.create_dagrun has been removed (AIR301) (#21093)
• [refurb] Preserve digit separators in Decimal constructor (FURB157) (#20588)

Server

• Avoid sending an unnecessary "clear diagnostics" message for clients supporting pull diagnostics (#21105)

Documentation

• [flake8-bandit] Fix correct example for S308 (#21128)

Other changes

• Clearer error message when line-length goes beyond threshold (#21072)

Contributors

• @​danparizher
• @​jvacek
• @​ntBre
• @​augustelalande
• @​prakhar1144

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.3

Released on 2025-10-30.

Preview features

• Respect --output-format with --watch (#21097)
• [pydoclint] Fix false positive on explicit exception re-raising (DOC501, DOC502) (#21011)
• [pyflakes] Revert to stable behavior if imports for module lie in alternate branches for F401 (#20878)
• [pylint] Implement stop-iteration-return (PLR1708) (#20733)
• [ruff] Add support for additional eager conversion patterns (RUF065) (#20657)

Bug fixes

• Fix finding keyword range for clause header after statement ending with semicolon (#21067)
• Fix syntax error false positive on nested alternative patterns (#21104)
• [ISC001] Fix panic when string literals are unclosed (#21034)
• [flake8-django] Apply DJ001 to annotated fields (#20907)
• [flake8-pyi] Fix PYI034 to not trigger on metaclasses (PYI034) (#20881)
• [flake8-type-checking] Fix TC003 false positive with future-annotations (#21125)
• [pyflakes] Fix false positive for __class__ in lambda expressions within class definitions (F821) (#20564)
• [pyupgrade] Fix false positive for TypeVar with default on Python <3.13 (UP046,UP047) (#21045)

Rule changes

• Add missing docstring sections to the numpy list (#20931)
• [airflow] Extend airflow.models..Param check (AIR311) (#21043)
• [airflow] Warn that airflow....DAG.create_dagrun has been removed (AIR301) (#21093)
• [refurb] Preserve digit separators in Decimal constructor (FURB157) (#20588)

Server

• Avoid sending an unnecessary "clear diagnostics" message for clients supporting pull diagnostics (#21105)

Documentation

• [flake8-bandit] Fix correct example for S308 (#21128)

Other changes

• Clearer error message when line-length goes beyond threshold (#21072)

Contributors

• @​danparizher
• @​jvacek
• @​ntBre
• @​augustelalande
• @​prakhar1144
• @​TaKO8Ki

... (truncated)

Commits

• 8737a2d Bump v0.14.3 (#21152)
• 3be3a10 [ty] Don't provide completions when in class or function definition (#21146)
• 13375d0 [ty] Use the top materialization of classes for narrowing in class-patterns f...
• c0b04d4 [ty] Update "constraint implication" relation to work on constraints between ...
• 1c7ea69 [flake8-type-checking] Fix TC003 false positive with future-annotations...
• 9bacd19 [ty] Fix lookup of __new__ on instances (#21147)
• f0fe6d6 Fix syntax error false positive on nested alternative patterns (#21104)
• 10bda3d [pyupgrade] Fix false positive for TypeVar with default on Python <3.13 (...
• e55bc94 [ty] Reachability and narrowing for enum methods (#21130)
• 1b0ee46 [ty] Use range instead of custom IntIterable (#21138)
• Additional commits viewable in compare view

Updates beartype from 0.22.4 to 0.22.5

Release notes

Sourced from beartype's releases.

Beartype 0.22.5: Beloved Even by PYTHONOPTIMIZE=1

@​beartype 0.22.5 does stuff. Uhhh. Wait. Why are we releasing yet another @​beartype 0.22.x patch within the span of ten seconds? We were just here. We already released @​beartype 0.22.4 a week ago. Wasn't that good enough!? I... I guess not. Turns out ${PYTHONOPTIMIZE} support has been busted in @​beartype for literally years. Probably decades. Nobody cared – until somebody cared. I blame only myself despite wanting to point the finger at somebody else. Anybody else. I'll take anybody. Let's start over.

@​beartype 0.22.5 valiantly arises from the ashes of our issue tracker like a burning phoenix on fire!!!! You can't stop this:

# Via "pip", the once-great venerable master packager now fallen on hard times:
$ pip install --upgrade beartype        # <-- you go, pipe-smoking pip
Via "uv", the plucky upstart spiky-haired kid wielding a sword larger than its body:
$ uv lock --upgrade-package beartype    # <-- you do what you need to do, ultraviolet radiation

@​beartype 0.22.5 stoically puts on the sunglasses so you don't have to.

The sky is blue and I have hair again.

@​beartype 0.22.5 is helping @​leycec and his beautiful science wife to eat food. Thanks entirely to...

GitHub Sponsors: Befriend the Bear and Get a Bear for Life

This release comes courtesy these proud GitHub Sponsors, without whom everyone in the @​leycec family would currently be eating grasshoppers in the abandoned back lot again:

• @​sesco-llc (SESCO Enterprises), "The Power of Innovation in Trading": this inspires me to get out of the house and do something https://sescollc.com
• @​DylanModesitt (Dylan Modesitt), quantitative strategies energy trading associate: ...wikipedia, don't fail me now! https://dylanmodesitt.com
• [Tidelift][], graciously paying out recurring income to security-sensitive open-source projects like @​beartype: so much hype https://www.sonarsource.com/products/sonarqube/advanced-security

If you represent a security-conscious corporate, government, or non-profit, the best way bar none for you to support @​beartype and secure your own workflow is by subscribing to [Tidelift][] through [SonarQube Advanced Security][]. Security giant [Sonar][] recently acquired [Tidelift][], guaranteeing the economic viability of the Tidelift model for billions of future open-source projects that have yet to be born. Join the jargon-laden conversation and pay someone else to think about unreadable acronyms like SAST, SCA, and SBOM for once.

Thanks so much, masters of fintech and lifted tides.

The Masters of Fintech and Lifted Tides. That's who.

Gods Not Another Patch Release. What's Still Wrong with You, @​beartype?

@​beartype 0.22.5 is a patch release that guarantees compatibility with Python optimization. Both the @beartype decorator and beartype.claw import hooks now silently reduce to noops (i.e., do nothing rather than type-checking everything) when users:

• Pass one or more -O options to the Python interpreter (e.g., python -O worldshattering_app_shatters_world_accidentally.py).
• Set the ${PYTHONOPTIMIZE} environment variable to a positive integer (e.g., PYTHONOPTIMIZE=1 python worldrepairing_app_repairs_world_shattered_by_worldshattering_app.py).

FastMCP users really care about Python optimization. Apparently, nobody else does. Makes sense. Even @​beartype is too slow for those speed-obsessed LLM gurus. How can this be!? It's never enough for the AI. In the relentless drive for faster query turnaround times, FastMCP is plumbing the depths of the impossible. There are always casualties on the road to progress. @​beartype was one of those casualties. But no more.

@​beartype 0.22.5 is a burning phoenix on fire. It's not a metaphor anymore. We're pretty sure our issue tracker is on fire. What is it now? Still 98 open issues despite a flurry of recent issue resolutions that took our last will to code? Yup. 98 open issues. My... my gods. GitHub. Does no one sleep around here? 😮‍💨

@​beartype + PYTHONOPTIMIZE=1: because you're too tired to even run @​beartype anymore.

... (truncated)

Commits

• ec7400f Beartype 0.22.5: Beloved Even by PYTHONOPTIMIZE=1
• d639335 beartype.claw + ${PYTHONOPTIMIZE}.
• e114bd1 @beartype(conf=...) + ${PYTHONOPTIMIZE}.
• 2a29e8e Continuous integration (CI) badge.
• ab9a65b pip -> uv code review.
• aa5f097 snatching away the low hanging fruits from papa bear (UV rocks) (#574)
• 57f3de3 typing.TypeAliasType.
• 4e3db95 Azure-compliant "beartype.claw" handling x 1.
• c293bdd GitHub Actions macOS runner disabled x 1.
• 0faf2f0 Beartype 0.22.5 started.
• See full diff in compare view

Updates pyrefly from 0.39.0 to 0.40.0

Commits

• 2da1c29 Update pyrefly version]
• 6f911c4 Add a #[derive(Debug)]
• 6979465 Refactor getting the PK type into its own function
• 1c984aa Clean up type annotation in django.rs
• 1c4cdb0 Add fk test that uses custom PK
• 905f7f9 Resolve into Override targets when resolve_name
• f71b145 Detect a couple more [open-unpacking] errors
• c665aad Make PartialTypedDictMissingField more extendable
• ec13e58 Add off-by-default [open-unpacking] error
• e2039e5 Don't allow extra keys when unpacking one TypedDict into another
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions