Skip to content

⬆ Bump the python-packages group across 1 directory with 4 updates#285

Merged
YuriiMotov merged 1 commit into
mainfrom
dependabot/uv/python-packages-103fc01a97
Jul 5, 2026
Merged

⬆ Bump the python-packages group across 1 directory with 4 updates#285
YuriiMotov merged 1 commit into
mainfrom
dependabot/uv/python-packages-103fc01a97

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-packages group with 4 updates in the / directory: pytest, ruff, ty and zizmor.

Updates pytest from 9.1.0 to 9.1.1

Release notes

Sourced from pytest's releases.

9.1.1

pytest 9.1.1 (2026-06-19)

Bug fixes

  • #14220: Fixed a logic bug in pytest.RaisesGroup which would might cause it to display incorrect "It matches FooError() which was paired with BarError" messages.
  • #14591: Fixed a regression in pytest 9.1.0 which caused overriding a parametrized fixture with an indirect @​pytest.mark.parametrize to fail with "duplicate parametrization of '<fixture name>'".
  • #14606: Fixed list-item typing errors from mypy in @pytest.mark.parametrize <pytest.mark.parametrize ref> argvalues parameter.
  • #14608: Fixed a regression in pytest 9.1.0 where conftest.py files located in <invocation dir>/test* were no longer loaded as initial conftests when invoked without arguments. This could cause certain hooks (like pytest_addoption) in these files to not fire.
Commits
  • cf470ec Prepare release version 9.1.1
  • e0c8ce6 Merge pull request #14625 from pytest-dev/patchback/backports/9.1.x/a07c31a97...
  • 1b82d16 Merge pull request #14624 from pytest-dev/patchback/backports/9.1.x/b375b79ec...
  • 501c4bc Merge pull request #14596 from bluetech/doc-classmethod
  • b61f588 Merge pull request #14622 from chrisburr/fix-14608-initial-conftest-test-subdir
  • 9a567e0 [automated] Update plugin list (#14617) (#14618)
  • ef8b299 Merge pull request #14620 from pytest-dev/patchback/backports/9.1.x/680f9f3ed...
  • 66abd07 Merge pull request #14220 from bysiber/fix-stale-iexp-raisesgroup
  • 79fbf93 Merge pull request #14612 from pytest-dev/patchback/backports/9.1.x/974ed48b6...
  • 0d312eb Merge pull request #14611 from bluetech/parametrize-argvalues-typing
  • Additional commits viewable in compare view

Updates ruff from 0.15.17 to 0.15.20

Release notes

Sourced from ruff's releases.

0.15.20

Release Notes

Released on 2026-06-25.

Preview features

  • Allow human-readable names in rule selectors (#25887)
  • Emit a warning instead of an error for unknown rule selectors (#26113)
  • Match noqa shebang handling in ruff:ignore comments (#26286)
  • [ruff] Remove pytest-fixture-autouse (RUF076) (#26240, #26371)

Documentation

  • Add versioning sections to custom crate READMEs (#26317)
  • Update ruff_python_parser README for crates.io (#26315)
  • [perflint] Clarify that PERF402 applies to any iterable (#26242)

Contributors

Install ruff 0.15.20

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.ps1 | iex"

Download ruff 0.15.20

File Platform Checksum
ruff-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
ruff-x86_64-apple-darwin.tar.gz Intel macOS checksum
ruff-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
ruff-i686-pc-windows-msvc.zip x86 Windows checksum
ruff-x86_64-pc-windows-msvc.zip x64 Windows checksum
ruff-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
ruff-i686-unknown-linux-gnu.tar.gz x86 Linux checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.20

Released on 2026-06-25.

Preview features

  • Allow human-readable names in rule selectors (#25887)
  • Emit a warning instead of an error for unknown rule selectors (#26113)
  • Match noqa shebang handling in ruff:ignore comments (#26286)
  • [ruff] Remove pytest-fixture-autouse (RUF076) (#26240, #26371)

Documentation

  • Add versioning sections to custom crate READMEs (#26317)
  • Update ruff_python_parser README for crates.io (#26315)
  • [perflint] Clarify that PERF402 applies to any iterable (#26242)

Contributors

0.15.19

Released on 2026-06-23.

Preview features

  • Support human-readable names when hovering suppression comments and in code actions (#26114)

Bug fixes

  • Fall back to default settings when editor-only settings are invalid (#26244)
  • Fix panic when inserting text at a notebook cell boundary (#26111)

Rule changes

  • [pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#26239)

Performance

  • Avoid allocating when parsing single string literals (#26200)
  • Avoid reallocating singleton call arguments (#26223)
  • Lazily create source files for lint diagnostics (#26226)
  • Optimize formatter text width and indentation (#26236)
  • Reserve capacity for builtin bindings (#26229)
  • Skip repeated-key checks for singleton dictionaries (#26228)
  • Use ArrayVec for qualified name segments (#26224)

... (truncated)

Commits
  • f82a36b Bump 0.15.20 (#26376)
  • af32943 Improve the summarise-ecosystem-results skill (#26378)
  • 485ebab Remove RUF076 name from schema (#26371)
  • ef81835 [ty] Implement rust-analyzer's "Click for full compiler diagnostic" feature (...
  • 572b31e [ruff] Remove pytest-fixture-autouse (RUF076) (#26240)
  • f703f21 Allow human-readable names in rule selectors (#25887)
  • 0d726b2 [ty] Reuse equality semantics for membership compatibility (#25955)
  • dbe6e98 [ty] Infer definite equality comparison results (#26337)
  • e700ea3 [ty] Prove TypedDict structural patterns exhaustive (#26285)
  • 6a0d2ec [ty] Widen inferred class-valued instance attributes (#26338)
  • Additional commits viewable in compare view

Updates ty from 0.0.49 to 0.0.54

Release notes

Sourced from ty's releases.

0.0.54

Release Notes

Released on 2026-06-25.

Bug fixes

  • Avoid duplicate configuration error output (#26375)
  • Avoid stack overflows in reachability analysis (#26272)
  • Fix divergent recursive tuple cycle handling in ty (#26316)
  • Fix panic from relation queries during cycle recovery (#26335)
  • Fix panics by reverting recursive TypeOf cycle recovery (#26339)
  • Support basic usages of __class__ closure cells in methods (#26329)

LSP server

  • Fix typealias token classification inconsistency (#26255)
  • Implement rust-analyzer's "Click for full compiler diagnostic" feature (#26269)

Performance

  • Co-locate retained definition usage state (#26019)
  • Use never-change durability for immutable file inputs (#26353)

Diagnostics

  • Reject undeclared protocol instance attributes (#26336)

Core type checking

  • Allow replacing ordinary methods with compatible functions (#26158)
  • Distinguish typing.TypedDict from typing_extensions.TypedDict (#25843)
  • Don't treat non-empty ranges as single-valued (#26351)
  • Handle TypeVar bounds over type[...] in attribute lookup (#26146)
  • Infer definite equality comparison results (#26337)
  • Infer mismatched literal comparisons (#26313)
  • match statements: make class-pattern fallthrough member-aware (#26283)
  • match statements: prove TypedDict structural patterns exhaustive (#26285)
  • match statements: resolve positional class-pattern exhaustiveness (#26284)
  • Model non-exhaustive enum member sets (enum.Flags) (#26277)
  • Reduce retained definition map storage (#26348)
  • Reuse equality semantics for membership compatibility (#25955)
  • Sync vendored typeshed stubs to support builtins.sentinel (#26341)
  • Treat non-empty range calls as non-empty for reachability (#25220)
  • Use assignability for divergent constraints (#26334)
  • Widen inferred class-valued instance attributes (#26338)

Contributors

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.54

Released on 2026-06-25.

Bug fixes

  • Avoid duplicate configuration error output (#26375)
  • Avoid stack overflows in reachability analysis (#26272)
  • Fix divergent recursive tuple cycle handling in ty (#26316)
  • Fix panic from relation queries during cycle recovery (#26335)
  • Fix panics by reverting recursive TypeOf cycle recovery (#26339)
  • Support basic usages of __class__ closure cells in methods (#26329)

LSP server

  • Fix typealias token classification inconsistency (#26255)
  • Implement rust-analyzer's "Click for full compiler diagnostic" feature (#26269)

Performance

  • Co-locate retained definition usage state (#26019)
  • Use never-change durability for immutable file inputs (#26353)

Diagnostics

  • Reject undeclared protocol instance attributes (#26336)

Core type checking

  • Allow replacing ordinary methods with compatible functions (#26158)
  • Distinguish typing.TypedDict from typing_extensions.TypedDict (#25843)
  • Don't treat non-empty ranges as single-valued (#26351)
  • Handle TypeVar bounds over type[...] in attribute lookup (#26146)
  • Infer definite equality comparison results (#26337)
  • Infer mismatched literal comparisons (#26313)
  • match statements: make class-pattern fallthrough member-aware (#26283)
  • match statements: prove TypedDict structural patterns exhaustive (#26285)
  • match statements: resolve positional class-pattern exhaustiveness (#26284)
  • Model non-exhaustive enum member sets (enum.Flags) (#26277)
  • Reduce retained definition map storage (#26348)
  • Reuse equality semantics for membership compatibility (#25955)
  • Sync vendored typeshed stubs to support builtins.sentinel (#26341)
  • Treat non-empty range calls as non-empty for reachability (#25220)
  • Use assignability for divergent constraints (#26334)
  • Widen inferred class-valued instance attributes (#26338)

Contributors

... (truncated)

Commits

Updates zizmor from 1.25.2 to 1.26.1

Release notes

Sourced from zizmor's releases.

v1.26.1

This is a small corrective release for 1.26.0.

v1.26.0

New Features 🌈🔗

  • New audit: typosquat-uses detects uses: clauses that reference likely typoed actions (#1985)

    Many thanks to @​andrew for proposing and implementing this improvement!

  • New audit: unsound-ternary detects pseudo-ternary expressions that don't evaluate as expected (#2085)

    Many thanks to @​terror for proposing and implementing this improvement!

  • New audit: adhoc-packages detects run: steps that install packages in an ad-hoc manner (#2061)

    Many thanks to @​connorshea for proposing and implementing this improvement!

Enhancements 🌱🔗

Performance Improvements 🚄🔗

  • Most online audits are significantly faster, thanks to more precise retry handling (#2036) Bug Fixes 🐛🔗

  • Fixed a bug where zizmor's LSP would not recognize dependabot.yaml files in its default configuration (#2026)

    Many thanks to @​fionn for implementing this fix!

  • Fixed a bug where ref-version-mismatch would fail to fully match some version comments (#2040)

  • Fixed a bug where dependabot-cooldown would fail to honor the user's configured days when performing autofixes (#2055)

  • Steps and jobs gated by statically-false if: conditions (e.g. if: false, if: ${{ false }}) are now skipped during auditing, since they cannot execute (#2059, #2069)

  • Fixed a bug where ref-version-mismatch would fail to identify some valid version comments (#2073)

  • Fixed a bug where unpinned-images would incorrectly flag empty matrix expansions as unpinned container image references (#2102)

  • Fixed a bug where unpinned-images would incorrectly flag some matrix expansions as unpinned (#2098)

  • The SARIF (--format=sarif) and GitHub Annotations (--format=github) output formats now provide more correct/useful paths, particularly when the user provides a relative path as input to zizmor rather than zizmor . (#1748, #2095)

... (truncated)

Changelog

Sourced from zizmor's changelog.

1.26.1

This is a small corrective release for 1.26.0.

1.26.0

New Features 🌈

  • New audit: [typosquat-uses] detects #!yaml uses: clauses that reference likely typoed actions (#1985)

    Many thanks to @​andrew for proposing and implementing this improvement!

  • New audit: [unsound-ternary] detects pseudo-ternary expressions that don't evaluate as expected (#2085)

    Many thanks to @​terror for proposing and implementing this improvement!

  • New audit: [adhoc-packages] detects #!yaml run: steps that install packages in an ad-hoc manner (#2061)

    Many thanks to @​connorshea for proposing and implementing this improvement!

Enhancements 🌱

  • The [cache-poisoning] audit now detects additional cache disablement heuristics (#2053)

  • The [known-vulnerable-actions] audit is now configurable. See the configuration documentation for details (#2084)

  • The [excessive-permissions] audit is now aware of the code-quality permission (#2088)

  • The [unpinned-uses] audit's auto-fix now uses the fully qualified version tag (e.g. # v6.0.2) when fixing a major-version ref (e.g. @v6) (#2127)

Performance Improvements 🚄

  • Most online audits are significantly faster, thanks to more precise retry handling (#2036)

Bug Fixes 🐛

  • Fixed a bug where zizmor's LSP would not recognize dependabot.yaml files in its default configuration (#2026)

    Many thanks to @​fionn for implementing this fix!

  • Fixed a bug where [ref-version-mismatch] would fail to fully match some version comments (#2040)

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 1, 2026
@YuriiMotov

Copy link
Copy Markdown
Member

@dependabot rebase

Bumps the python-packages group with 4 updates in the / directory: [pytest](https://github.com/pytest-dev/pytest), [ruff](https://github.com/astral-sh/ruff), [ty](https://github.com/astral-sh/ty) and [zizmor](https://github.com/zizmorcore/zizmor).


Updates `pytest` from 9.1.0 to 9.1.1
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.1.0...9.1.1)

Updates `ruff` from 0.15.17 to 0.15.20
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.17...0.15.20)

Updates `ty` from 0.0.49 to 0.0.54
- [Release notes](https://github.com/astral-sh/ty/releases)
- [Changelog](https://github.com/astral-sh/ty/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ty@0.0.49...0.0.54)

Updates `zizmor` from 1.25.2 to 1.26.1
- [Release notes](https://github.com/zizmorcore/zizmor/releases)
- [Changelog](https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md)
- [Commits](zizmorcore/zizmor@v1.25.2...v1.26.1)

---
updated-dependencies:
- dependency-name: pytest
  dependency-version: 9.1.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: ruff
  dependency-version: 0.15.19
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: ty
  dependency-version: 0.0.53
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: zizmor
  dependency-version: 1.26.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title ⬆ Bump the python-packages group with 4 updates ⬆ Bump the python-packages group across 1 directory with 4 updates Jul 3, 2026
@dependabot dependabot Bot force-pushed the dependabot/uv/python-packages-103fc01a97 branch from ee7a05f to e86ea8e Compare July 3, 2026 20:00
@YuriiMotov YuriiMotov added the internal Internal changes label Jul 5, 2026
@YuriiMotov YuriiMotov merged commit c20a836 into main Jul 5, 2026
21 of 22 checks passed
@YuriiMotov YuriiMotov deleted the dependabot/uv/python-packages-103fc01a97 branch July 5, 2026 07:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file internal Internal changes python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant