chore(deps-dev)(deps-dev): bump the linting group across 1 directory with 4 updates

[dependabot]

Updates the requirements on ruff, ty, bandit and typos to permit the latest version.
Updates ruff to 0.15.12

Release notes

Sourced from ruff's releases.

0.15.12

Release Notes

Released on 2026-04-24.

Preview features

• Implement #ruff:file-ignore file-level suppressions (#23599)
• Implement #ruff:ignore logical-line suppressions (#23404)
• Revert preview changes to displayed diagnostic severity in LSP (#24789)
• [airflow] Implement task-branch-as-short-circuit (AIR004) (#23579)
• [flake8-bugbear] Fix break/continue handling in loop-iterator-mutation (B909) (#24440)
• [pylint] Fix PLC2701 for type parameter scopes (#24576)

Rule changes

• [pandas-vet] Suggest .array as well in PD011 (#24805)

CLI

• Respect default Unix permissions for cache files (#24794)

Documentation

• [pylint] Fix PLR0124 description not to claim self-comparison always returns the same value (#24749)
• [pyupgrade] Expand docs on reusable TypeVars and scoping (UP046) (#24153)
• Improve rules table accessibility (#24711)

Contributors

• @​dylwil3
• @​AlexWaygood
• @​woodruffw
• @​avasis-ai
• @​Dev-iL
• @​denyszhak
• @​ShipItAndPray
• @​anishgirianish
• @​augustelalande
• @​amyreese
• @​majiayu000

Install ruff 0.15.12

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.12/ruff-installer.sh | sh

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.12

Released on 2026-04-24.

Preview features

• Implement #ruff:file-ignore file-level suppressions (#23599)
• Implement #ruff:ignore logical-line suppressions (#23404)
• Revert preview changes to displayed diagnostic severity in LSP (#24789)
• [airflow] Implement task-branch-as-short-circuit (AIR004) (#23579)
• [flake8-bugbear] Fix break/continue handling in loop-iterator-mutation (B909) (#24440)
• [pylint] Fix PLC2701 for type parameter scopes (#24576)

Rule changes

• [pandas-vet] Suggest .array as well in PD011 (#24805)

CLI

• Respect default Unix permissions for cache files (#24794)

Documentation

• [pylint] Fix PLR0124 description not to claim self-comparison always returns the same value (#24749)
• [pyupgrade] Expand docs on reusable TypeVars and scoping (UP046) (#24153)
• Improve rules table accessibility (#24711)

Contributors

• @​dylwil3
• @​AlexWaygood
• @​woodruffw
• @​avasis-ai
• @​Dev-iL
• @​denyszhak
• @​ShipItAndPray
• @​anishgirianish
• @​augustelalande
• @​amyreese
• @​majiayu000

0.15.11

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

... (truncated)

Commits

• 66f93cf Bump 0.15.12 (#24815)
• 476a4d0 [ty] Complete support for more detailed diagnostics on possibly unbound error...
• ed669ea Implement #ruff:file-ignore file-level suppressions (#23599)
• e73d952 [ty] Include inferred type in invalid-key concise diagnostic for union/inte...
• 80feb29 [ty] report only dead annotation-only locals as unused (#24811)
• 0fbf2bc Drop deprecated license classifier (#24808)
• 43b174c [ty] Infer lambda parameter types with Callable type context (#24317)
• 4f449ae [ty] Add error context for intersection types (#24772)
• 5b4e753 [ty] Add support for goto in literal enum member inlay hint (#24792)
• e7cc762 [ty] Add error context for TypedDict assignments (#24790)
• Additional commits viewable in compare view

Updates ty to 0.0.35

Release notes

Sourced from ty's releases.

0.0.35

Release Notes

Released on 2026-05-10.

Bug fixes

• Allow ParamSpec specialization through unioned generic classes (#24826)
• Fix cross-file find-references for keyword arguments (#25043)
• Fix comparison between negative and positive literal integers (#25023)
• Reject dataclass decorator parameters based on supported Python version (#25029)

LSP server

• Adjust start of block folding range to preserve visible header for character-precise LSP clients. (#24917)
• Emit folding ranges from the language server for multi-line block headers. (#24978)
• Skip global search for references if identifier is not externally visible (#25033)
• Speed-up find-references by using multithreading for cross-file searches (#25042)

CLI

• Include severity in JUnit diagnostics (#25080)

Core type checking

• Check non-generic overload implementations (#24936)
• Expand support for narrowing within walruses (#24968)
• Filter overloads based on return type for ParamSpec mapping (#24769)
• Improve support for recursive types (#24773)
• Include TypedDict type context when inferring mixed constructors (#25039)
• Include TypedDict type context when inferring string keys (#25037)
• Preserve NewType and TypeAliasType in implicit aliases (#25072)
• Provide type cntext for generator expression yields (#25069)
• Provide type context for boolean operands (#25070)
• Selectively promote a union of homogeneous fixed-length tuples to a single variadic tuple (#24705)
• Support narrowing on __class__ checks (#24997)
• Use more precise exception types when catching a union (#25076)

Diagnostics

• Include error context for overload consistency diagnostics (#24950)

Performance

• Cache results in desperate module resolution (#24977)
• Lazily initialize builder when transforming a union type (#24929)
• Project reachability constraints before narrowing (#24982)
• Skip parameter accumulation for object variadics (#24976)

Contributors

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.35

Released on 2026-05-10.

Bug fixes

• Allow ParamSpec specialization through unioned generic classes (#24826)
• Fix cross-file find-references for keyword arguments (#25043)
• Fix comparison between negative and positive literal integers (#25023)
• Reject dataclass decorator parameters based on supported Python version (#25029)

LSP server

• Adjust start of block folding range to preserve visible header for character-precise LSP clients. (#24917)
• Emit folding ranges from the language server for multi-line block headers. (#24978)
• Skip global search for references if identifier is not externally visible (#25033)
• Speed-up find-references by using multithreading for cross-file searches (#25042)

CLI

• Include severity in JUnit diagnostics (#25080)

Core type checking

• Check non-generic overload implementations (#24936)
• Expand support for narrowing within walruses (#24968)
• Filter overloads based on return type for ParamSpec mapping (#24769)
• Improve support for recursive types (#24773)
• Include TypedDict type context when inferring mixed constructors (#25039)
• Include TypedDict type context when inferring string keys (#25037)
• Preserve NewType and TypeAliasType in implicit aliases (#25072)
• Provide type cntext for generator expression yields (#25069)
• Provide type context for boolean operands (#25070)
• Selectively promote a union of homogeneous fixed-length tuples to a single variadic tuple (#24705)
• Support narrowing on __class__ checks (#24997)
• Use more precise exception types when catching a union (#25076)

Diagnostics

• Include error context for overload consistency diagnostics (#24950)

Performance

• Cache results in desperate module resolution (#24977)
• Lazily initialize builder when transforming a union type (#24929)
• Project reachability constraints before narrowing (#24982)
• Skip parameter accumulation for object variadics (#24976)

Contributors

... (truncated)

Commits

• bc12d1c Bump version to 0.0.35 (#3436)
• fb34d89 Build riscv64 manylinux binary (#3402)
• 05def00 Update maturin to v1.13.1 (#3417)
• 569c081 Update prek dependencies (#3416)
• 608f8ff Update renovate configuration (#3379)
• 518b61d Update uraimo/run-on-arch-action action to v3.1.0 (#3405)
• 5542959 Update pre-commit hook astral-sh/ruff-pre-commit to v0.15.12 (#3404)
• d00448e Bump version to 0.0.34 (#3392)
• e9e4c90 docs: Reference correct issue in FAQ regarding strict mode (#3385)
• 1b70eae Release: move 'diagnostics' section further down (#3373)
• Additional commits viewable in compare view

Updates bandit to 1.9.4

Release notes

Sourced from bandit's releases.

1.9.4

What's Changed

• chore: fixed some typos in comments by @​jakob1379 in PyCQA/bandit#1351
• Bump docker/login-action from 3.6.0 to 3.7.0 by @​dependabot[bot] in PyCQA/bandit#1353
• Bump docker/build-push-action from 6.18.0 to 6.19.2 by @​dependabot[bot] in PyCQA/bandit#1357
• Fix B613 crash when reading from stdin by @​worksbyfriday in PyCQA/bandit#1361
• Include filename in nosec 'no failed test' warning by @​worksbyfriday in PyCQA/bandit#1363
• Fix B615 false positive when revision is set via variable by @​worksbyfriday in PyCQA/bandit#1358
• Lower version guard in check_ast_node to Python 3.12 by @​rcgray in PyCQA/bandit#1355
• Fix B106 reporting wrong line number on multiline function calls by @​worksbyfriday in PyCQA/bandit#1360

New Contributors

• @​jakob1379 made their first contribution in PyCQA/bandit#1351
• @​worksbyfriday made their first contribution in PyCQA/bandit#1361
• @​rcgray made their first contribution in PyCQA/bandit#1355

Full Changelog: PyCQA/bandit@1.9.3...1.9.4

Commits

• 92ae8b8 Fix B106 reporting wrong line number on multiline function calls (#1360)
• c8c8a55 Lower version guard in check_ast_node to Python 3.12 (#1355)
• 8f2f928 Fix B615 false positive when revision is set via variable (#1358)
• e27493f Include filename in nosec 'no failed test' warning (#1363)
• b69b336 Fix B613 crash when reading from stdin (#1361)
• e418b79 Bump docker/build-push-action from 6.18.0 to 6.19.2 (#1357)
• ff646fd Bump docker/login-action from 3.6.0 to 3.7.0 (#1353)
• c0def6c chore: fixed some typos in comments (#1351)
• 765f00d Limit B614 to torch.load deserializers (#1348)
• 06fbbab Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (#1347)
• Additional commits viewable in compare view

Updates typos to 1.46.1

Release notes

Sourced from typos's releases.

v1.46.1

[1.46.1] - 2026-05-08

Fixes

• Don't correct to confidentials

Changelog

Sourced from typos's changelog.

[1.46.1] - 2026-05-08

Fixes

• Don't correct to confidentials

[1.46.0] - 2026-04-30

Features

• Updated the dictionary with the April 2026 changes

[1.45.2] - 2026-04-27

Fixes

• Ignore ssh ed25519 public keys

[1.45.1] - 2026-04-13

Fixes

• (action) Use a temp dir for caching

[1.45.0] - 2026-04-01

Features

• Updated the dictionary with the March 2026 changes

[1.44.0] - 2026-02-27

Features

• Updated the dictionary with the February 2026 changes

[1.43.5] - 2026-02-16

Fixes

• (pypi) Hopefully fix the sdist build

[1.43.4] - 2026-02-09

Fixes

• Don't correct pincher

[1.43.3] - 2026-02-06

... (truncated)

Commits

• 5374cbf chore: Release
• 52448f5 docs: Update changelog
• 030c719 Merge pull request #1552 from epage/fixes
• 7a688c7 fix(dict): Confidentials isn't valid
• 3bcd3b3 Merge pull request #1548 from crate-ci/renovate/maturin-1.x
• 5294011 chore(deps): Update compatible (#1547)
• c3be360 chore(deps): Update dependency maturin to >=1.13,<1.14
• bbaefad chore: Release
• c19f54c chore: Release
• d65608b docs: Update changelog
• Additional commits viewable in compare view

[dependabot]

Assignees

The following users could not be added as assignees: LauritsFromberg, lauritsfromberg. Either they do not exist or they do not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: backend. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.