Skip to content

chore(deps-dev)(deps-dev): bump the linting group across 1 directory with 4 updates#20

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/backend/linting-458dd9682d
Open

chore(deps-dev)(deps-dev): bump the linting group across 1 directory with 4 updates#20
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/backend/linting-458dd9682d

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 4, 2026
edited
Loading

Updates the requirements on ruff, ty, bandit and typos to permit the latest version.
Updates ruff to 0.15.13

Release notes

Sourced from ruff's releases.

0.15.13

Release Notes

Released on 2026-05-14.

Preview features

  • Add a rule to flag lazy imports that are eagerly evaluated (#25016)
  • [pylint] Standardize diagnostic message (PLR0914, PLR0917) (#24996)

Bug fixes

  • Fix F811 false positive for class methods (#24933)
  • Fix setting selection for multi-folder workspace (#24819)
  • [eradicate] Fix false positive for lines with leading whitespace (ERA001) (#25122)
  • [flake8-pyi] Fix false positive for f-string debug specifier (PYI016) (#24098)

Rule changes

  • Always include panic payload in panic diagnostic message (#24873)
  • Restrict PYI034 for in-place operations to enclosing class (#24511)
  • Improve error message for parameters that are declared global (#24902)
  • Update known stdlib (#25103)

Performance

  • [isort] Avoid constructing glob::Patterns for literal known modules (#25123)

CLI

  • Add TOML examples to --config help text (#25013)
  • Colorize ruff check 'All checks passed' (#25085)

Configuration

  • Increase max allowed value of line-length setting (#24962)

Documentation

  • Add D203 to rules that conflict with the formatter (#25044)
  • Clarify COM819 and formatter interaction (#25045)
  • Clarify that NotImplemented is a value, not an exception (F901) (#25054)
  • Update number of lint rules supported (#24942)

Other changes

  • Simplify the playground's markdown template (#24924)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.13

Released on 2026-05-14.

Preview features

  • Add a rule to flag lazy imports that are eagerly evaluated (#25016)
  • [pylint] Standardize diagnostic message (PLR0914, PLR0917) (#24996)

Bug fixes

  • Fix F811 false positive for class methods (#24933)
  • Fix setting selection for multi-folder workspace (#24819)
  • [eradicate] Fix false positive for lines with leading whitespace (ERA001) (#25122)
  • [flake8-pyi] Fix false positive for f-string debug specifier (PYI016) (#24098)

Rule changes

  • Always include panic payload in panic diagnostic message (#24873)
  • Restrict PYI034 for in-place operations to enclosing class (#24511)
  • Improve error message for parameters that are declared global (#24902)
  • Update known stdlib (#25103)

Performance

  • [isort] Avoid constructing glob::Patterns for literal known modules (#25123)

CLI

  • Add TOML examples to --config help text (#25013)
  • Colorize ruff check 'All checks passed' (#25085)

Configuration

  • Increase max allowed value of line-length setting (#24962)

Documentation

  • Add D203 to rules that conflict with the formatter (#25044)
  • Clarify COM819 and formatter interaction (#25045)
  • Clarify that NotImplemented is a value, not an exception (F901) (#25054)
  • Update number of lint rules supported (#24942)

Other changes

  • Simplify the playground's markdown template (#24924)

Contributors

... (truncated)

Commits
  • 2afb467 Bump 0.15.13 (#25157)
  • 3008796 [ty] classify TypeVar semantic tokens as type parameters (#24891)
  • 79470e3 [isort] Avoid constructing glob::Patterns for literal known modules (#25123)
  • 2522549 Remove shellcheck from prek (#25154)
  • 7db7170 [ty] Support TypedDict key completions in incomplete, anonymous contexts (#25...
  • bb3dd53 [ty] Run full iteration analysis on narrowed typevars (#25143)
  • 828cdb7 [ty] Isolate file-watching test environment (#25151)
  • 89e1d86 [ty] Preserve TypedDict keys through dict unpacking (#24523)
  • 86f3064 [ty] Avoid accessing args[0] for static_assert (#25149)
  • ed819f9 [ty] Treat custom enum __new__ values as dynamic (#25136)
  • Additional commits viewable in compare view

Updates ty to 0.0.37

Release notes

Sourced from ty's releases.

0.0.37

Release Notes

Released on 2026-05-16.

Bug fixes

  • Avoid unsound not in narrowing (#25161)
  • Fix async iteration over narrowed typevars (#25155)
  • Fix panic in double-inference for single starred positional TypedDict (#25176)
  • Fix panic in disjoint base check (#25187)
  • Fix panic in recursive binary inference (#25189)
  • Fix panic in cyclic __new__ (#25185)
  • Fix panic in reveal_protocol, reveal_mro, etc. with keyword arguments (#25179)
  • Fix panic in imported overload definition (#25168)

LSP server

  • Don't show argument inlay for case-insensitive matches or prefix/suffixes (#25174)
  • Reduce CPU usage of the LSP when switching between large changesets (#25142)

Core type checking

  • Avoid enforcing __new__ with custom metaclasses (#25180)
  • Make overload public type reachability-aware (#25171)
  • Only specialized types of generic class instances should influence variance (#25124)
  • Preserve ParamSpec argument context through wrapper calls (#24934)
  • Support partially specialized type context for collection literals (#24506)

Contributors

Install ty 0.0.37

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.37/ty-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ty/releases/download/0.0.37/ty-installer.ps1 | iex"

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.37

Released on 2026-05-16.

Bug fixes

  • Avoid unsound not in narrowing (#25161)
  • Fix async iteration over narrowed typevars (#25155)
  • Fix panic in double-inference for single starred positional TypedDict (#25176)
  • Fix panic in disjoint base check (#25187)
  • Fix panic in recursive binary inference (#25189)
  • Fix panic in cyclic __new__ (#25185)
  • Fix panic in reveal_protocol, reveal_mro, etc. with keyword arguments (#25179)
  • Fix panic in imported overload definition (#25168)

LSP server

  • Don't show argument inlay for case-insensitive matches or prefix/suffixes (#25174)
  • Reduce CPU usage of the LSP when switching between large changesets (#25142)

Core type checking

  • Avoid enforcing __new__ with custom metaclasses (#25180)
  • Make overload public type reachability-aware (#25171)
  • Only specialized types of generic class instances should influence variance (#25124)
  • Preserve ParamSpec argument context through wrapper calls (#24934)
  • Support partially specialized type context for collection literals (#24506)

Contributors

0.0.36

Released on 2026-05-14.

Bug fixes

  • Fix Go To-Definition for self-imported submodules (#25106)
  • Fix ClassVar[Self] assignment checks for class objects (#24657)
  • Fix attribute access on Callable-bounded TypeVars (#24793)
  • Fix panic from TypedDict schema cycle with Self fields (#25094)
  • Fix panic from accessing args[0] for static_assert (#25149)
  • Fix panic from non-name walrus target access (#25121)
  • Fix singleton classification for runtime typing objects (#25099)
  • Guard self-referential TypeOf recursion in generic callables (#24668)
  • Preserve lexical ParamSpec scope for returned Callable annotations (#24909)

... (truncated)

Commits

Updates bandit to 1.9.4

Release notes

Sourced from bandit's releases.

1.9.4

What's Changed

New Contributors

Full Changelog: PyCQA/bandit@1.9.3...1.9.4

Commits
  • 92ae8b8 Fix B106 reporting wrong line number on multiline function calls (#1360)
  • c8c8a55 Lower version guard in check_ast_node to Python 3.12 (#1355)
  • 8f2f928 Fix B615 false positive when revision is set via variable (#1358)
  • e27493f Include filename in nosec 'no failed test' warning (#1363)
  • b69b336 Fix B613 crash when reading from stdin (#1361)
  • e418b79 Bump docker/build-push-action from 6.18.0 to 6.19.2 (#1357)
  • ff646fd Bump docker/login-action from 3.6.0 to 3.7.0 (#1353)
  • c0def6c chore: fixed some typos in comments (#1351)
  • 765f00d Limit B614 to torch.load deserializers (#1348)
  • 06fbbab Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (#1347)
  • Additional commits viewable in compare view

Updates typos to 1.46.1

Release notes

Sourced from typos's releases.

v1.46.1

[1.46.1] - 2026-05-08

Fixes

  • Don't correct to confidentials
Changelog

Sourced from typos's changelog.

[1.46.1] - 2026-05-08

Fixes

  • Don't correct to confidentials

[1.46.0] - 2026-04-30

Features

  • Updated the dictionary with the April 2026 changes

[1.45.2] - 2026-04-27

Fixes

  • Ignore ssh ed25519 public keys

[1.45.1] - 2026-04-13

Fixes

  • (action) Use a temp dir for caching

[1.45.0] - 2026-04-01

Features

  • Updated the dictionary with the March 2026 changes

[1.44.0] - 2026-02-27

Features

[1.43.5] - 2026-02-16

Fixes

  • (pypi) Hopefully fix the sdist build

[1.43.4] - 2026-02-09

Fixes

  • Don't correct pincher

[1.43.3] - 2026-02-06

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 4, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 4, 2026

Assignees

The following users could not be added as assignees: LauritsFromberg, lauritsfromberg. Either they do not exist or they do not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: backend. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from lfr-ai as a code owner May 4, 2026 06:46
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 4, 2026
@dependabot dependabot Bot changed the title chore(deps-dev)(deps-dev): bump the linting group in /backend with 4 updates chore(deps-dev)(deps-dev): bump the linting group across 1 directory with 4 updates May 5, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/backend/linting-458dd9682d branch 2 times, most recently from ebb86f6 to 0737976 Compare May 11, 2026 04:50
@dependabot
chore(deps-dev)(deps-dev): bump the linting group across 1 directory …
e781dfd 
…with 4 updates

Updates the requirements on [ruff](https://github.com/astral-sh/ruff), [ty](https://github.com/astral-sh/ty), [bandit](https://github.com/PyCQA/bandit) and [typos](https://github.com/crate-ci/typos) to permit the latest version.

Updates `ruff` to 0.15.13
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.12.0...0.15.13)

Updates `ty` to 0.0.37
- [Release notes](https://github.com/astral-sh/ty/releases)
- [Changelog](https://github.com/astral-sh/ty/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ty@0.0.32...0.0.37)

Updates `bandit` to 1.9.4
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](PyCQA/bandit@1.8.6...1.9.4)

Updates `typos` to 1.46.1
- [Release notes](https://github.com/crate-ci/typos/releases)
- [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md)
- [Commits](crate-ci/typos@v1.35.5...v1.46.1)

---
updated-dependencies:
- dependency-name: bandit
  dependency-version: 1.9.4
  dependency-type: direct:development
  dependency-group: linting
- dependency-name: ruff
  dependency-version: 0.15.12
  dependency-type: direct:development
  dependency-group: linting
- dependency-name: ty
  dependency-version: 0.0.34
  dependency-type: direct:development
  dependency-group: linting
- dependency-name: typos
  dependency-version: 1.46.0
  dependency-type: direct:development
  dependency-group: linting
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/backend/linting-458dd9682d branch from 0737976 to e781dfd Compare May 16, 2026 08:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lfr-ai lfr-ai Awaiting requested review from lfr-ai lfr-ai is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants