Skip to content

Bump the dependencies group with 5 updates#8

Merged
mdxs merged 1 commit into
masterfrom
dependabot/uv/dependencies-e4e021f949
Jul 2, 2026
Merged

Bump the dependencies group with 5 updates#8
mdxs merged 1 commit into
masterfrom
dependabot/uv/dependencies-e4e021f949

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the dependencies group with 5 updates:

Package From To
pip-audit 2.10.0 2.10.1
ruff 0.15.15 0.15.20
ty 0.0.42 0.0.55
certifi 2026.5.20 2026.6.17
idna 3.17 3.18

Updates pip-audit from 2.10.0 to 2.10.1

Release notes

Sourced from pip-audit's releases.

v2.10.1

Fixed

  • Fixed a KeyError crash when an OSV vulnerability record contains an affected entry that omits the optional ranges field (#1046)
Changelog

Sourced from pip-audit's changelog.

[2.10.1]

Fixed

  • Fixed a KeyError crash when an OSV vulnerability record contains an affected entry that omits the optional ranges field (#1046)
Commits
  • 8894eb8 Merge pull request #1056 from pypa/copilot/release-2101
  • 1c625b7 Update version in README.md to 2.10.1
  • fd2094b Prep 2.10.1 release
  • 58d2488 build(deps): bump github/codeql-action from 4.35.2 to 4.36.1 (#1052)
  • 8df9420 build(deps): bump zizmorcore/zizmor-action from 0.5.3 to 0.5.6 (#1044)
  • 3f618d3 build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#1053)
  • 4849132 Restrict OIDC token to publish job (#1050)
  • c1eb69a Fix KeyError when OSV affected entry omits optional ranges field (#1046)
  • 68de07f Merge pull request #1054 from pypa/fix/1047
  • ef31c9e Formatting fixes
  • Additional commits viewable in compare view

Updates ruff from 0.15.15 to 0.15.20

Release notes

Sourced from ruff's releases.

0.15.20

Release Notes

Released on 2026-06-25.

Preview features

  • Allow human-readable names in rule selectors (#25887)
  • Emit a warning instead of an error for unknown rule selectors (#26113)
  • Match noqa shebang handling in ruff:ignore comments (#26286)
  • [ruff] Remove pytest-fixture-autouse (RUF076) (#26240, #26371)

Documentation

  • Add versioning sections to custom crate READMEs (#26317)
  • Update ruff_python_parser README for crates.io (#26315)
  • [perflint] Clarify that PERF402 applies to any iterable (#26242)

Contributors

Install ruff 0.15.20

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.ps1 | iex"

Download ruff 0.15.20

File Platform Checksum
ruff-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
ruff-x86_64-apple-darwin.tar.gz Intel macOS checksum
ruff-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
ruff-i686-pc-windows-msvc.zip x86 Windows checksum
ruff-x86_64-pc-windows-msvc.zip x64 Windows checksum
ruff-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
ruff-i686-unknown-linux-gnu.tar.gz x86 Linux checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.20

Released on 2026-06-25.

Preview features

  • Allow human-readable names in rule selectors (#25887)
  • Emit a warning instead of an error for unknown rule selectors (#26113)
  • Match noqa shebang handling in ruff:ignore comments (#26286)
  • [ruff] Remove pytest-fixture-autouse (RUF076) (#26240, #26371)

Documentation

  • Add versioning sections to custom crate READMEs (#26317)
  • Update ruff_python_parser README for crates.io (#26315)
  • [perflint] Clarify that PERF402 applies to any iterable (#26242)

Contributors

0.15.19

Released on 2026-06-23.

Preview features

  • Support human-readable names when hovering suppression comments and in code actions (#26114)

Bug fixes

  • Fall back to default settings when editor-only settings are invalid (#26244)
  • Fix panic when inserting text at a notebook cell boundary (#26111)

Rule changes

  • [pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#26239)

Performance

  • Avoid allocating when parsing single string literals (#26200)
  • Avoid reallocating singleton call arguments (#26223)
  • Lazily create source files for lint diagnostics (#26226)
  • Optimize formatter text width and indentation (#26236)
  • Reserve capacity for builtin bindings (#26229)
  • Skip repeated-key checks for singleton dictionaries (#26228)
  • Use ArrayVec for qualified name segments (#26224)

... (truncated)

Commits
  • f82a36b Bump 0.15.20 (#26376)
  • af32943 Improve the summarise-ecosystem-results skill (#26378)
  • 485ebab Remove RUF076 name from schema (#26371)
  • ef81835 [ty] Implement rust-analyzer's "Click for full compiler diagnostic" feature (...
  • 572b31e [ruff] Remove pytest-fixture-autouse (RUF076) (#26240)
  • f703f21 Allow human-readable names in rule selectors (#25887)
  • 0d726b2 [ty] Reuse equality semantics for membership compatibility (#25955)
  • dbe6e98 [ty] Infer definite equality comparison results (#26337)
  • e700ea3 [ty] Prove TypedDict structural patterns exhaustive (#26285)
  • 6a0d2ec [ty] Widen inferred class-valued instance attributes (#26338)
  • Additional commits viewable in compare view

Updates ty from 0.0.42 to 0.0.55

Release notes

Sourced from ty's releases.

0.0.55

Release Notes

Released on 2026-06-26.

LSP server

  • Render full diagnostics in color (#26384)

Documentation

  • Document colored diagnostic output (#3858)

Performance

  • Improve vendored filesystem concurrency (#26408)
  • Optimize enum comparisons in equality evaluation (#26340)
  • Remove redundant semantic index shrinks (#26392)
  • Use never-change durability for one-shot checks (#26359)

Core type checking

  • Correct enum alias detection and scalar constructors (#26345)
  • Fix structural pattern binding inference (#26411)
  • Improve variable-length tuple slicing (#26151)
  • Infer class and mapping pattern bindings (#25941)
  • Infer empty collection constructors from later uses (#26389)
  • Skip shadowed submodule bindings during import analysis (#26385)
  • Sync vendored typeshed stubs (#26406). Typeshed diff
  • Track literal iterable emptiness for reachability (#25222)
  • Validate positional class patterns against __match_args__ (#26195)

Contributors

Install ty 0.0.55

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.55/ty-installer.sh | sh

Install prebuilt binaries via powershell script

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.55

Released on 2026-06-26.

LSP server

  • Render full diagnostics in color (#26384)

Documentation

  • Document colored diagnostic output (#3858)

Performance

  • Improve vendored filesystem concurrency (#26408)
  • Optimize enum comparisons in equality evaluation (#26340)
  • Remove redundant semantic index shrinks (#26392)
  • Use never-change durability for one-shot checks (#26359)

Core type checking

  • Correct enum alias detection and scalar constructors (#26345)
  • Fix structural pattern binding inference (#26411)
  • Improve variable-length tuple slicing (#26151)
  • Infer class and mapping pattern bindings (#25941)
  • Infer empty collection constructors from later uses (#26389)
  • Skip shadowed submodule bindings during import analysis (#26385)
  • Sync vendored typeshed stubs (#26406). Typeshed diff
  • Track literal iterable emptiness for reachability (#25222)
  • Validate positional class patterns against __match_args__ (#26195)

Contributors

0.0.54

Released on 2026-06-25.

Bug fixes

  • Avoid duplicate configuration error output (#26375)
  • Avoid stack overflows in reachability analysis (#26272)
  • Fix divergent recursive tuple cycle handling in ty (#26316)
  • Fix panic from relation queries during cycle recovery (#26335)

... (truncated)

Commits

Updates certifi from 2026.5.20 to 2026.6.17

Commits

Updates idna from 3.17 to 3.18

Changelog

Sourced from idna's changelog.

3.18 (2026-06-02)

  • When decoding a domain, add a display argument that will pass through invalid labels rather than raising an exception.
Commits
  • f39ea90 Release 3.18
  • 40f4e40 Pre-release 3.18rc0
  • 1a5bf80 Merge pull request #253 from kjd/lenient-decode
  • 5bbb26f Merge branch 'master' into lenient-decode
  • c532bae Rename decode() lenient= option to display= (issue #248)
  • 0b1758b Merge pull request #252 from kjd/release-3.17
  • 47b5cde Add lenient option to decode() for best-effort label recovery (issue #248)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [pip-audit](https://github.com/pypa/pip-audit) | `2.10.0` | `2.10.1` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.15` | `0.15.20` |
| [ty](https://github.com/astral-sh/ty) | `0.0.42` | `0.0.55` |
| [certifi](https://github.com/certifi/python-certifi) | `2026.5.20` | `2026.6.17` |
| [idna](https://github.com/kjd/idna) | `3.17` | `3.18` |


Updates `pip-audit` from 2.10.0 to 2.10.1
- [Release notes](https://github.com/pypa/pip-audit/releases)
- [Changelog](https://github.com/pypa/pip-audit/blob/main/CHANGELOG.md)
- [Commits](pypa/pip-audit@v2.10.0...v2.10.1)

Updates `ruff` from 0.15.15 to 0.15.20
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.15...0.15.20)

Updates `ty` from 0.0.42 to 0.0.55
- [Release notes](https://github.com/astral-sh/ty/releases)
- [Changelog](https://github.com/astral-sh/ty/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ty@0.0.42...0.0.55)

Updates `certifi` from 2026.5.20 to 2026.6.17
- [Commits](certifi/python-certifi@2026.05.20...2026.06.17)

Updates `idna` from 3.17 to 3.18
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md)
- [Commits](kjd/idna@v3.17...v3.18)

---
updated-dependencies:
- dependency-name: pip-audit
  dependency-version: 2.10.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: ruff
  dependency-version: 0.15.20
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: ty
  dependency-version: 0.0.55
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: certifi
  dependency-version: 2026.6.17
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: idna
  dependency-version: '3.18'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 1, 2026
@mdxs mdxs merged commit 23568c0 into master Jul 2, 2026
1 check passed
@dependabot dependabot Bot deleted the dependabot/uv/dependencies-e4e021f949 branch July 2, 2026 14:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant