Skip to content

Update most test/lint dependencies #14354

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 1, 2025
Merged

Update most test/lint dependencies #14354

merged 3 commits into from
Jul 1, 2025

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jul 1, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
aiohttp ==3.11.15 -> ==3.12.13 age adoption passing confidence minor
astral-sh/ruff-pre-commit v0.11.4 -> v0.12.1 age adoption passing confidence repository minor
mypy (changelog) ==1.16.0 -> ==1.16.1 age adoption passing confidence patch
packaging ==24.2 -> ==25.0 age adoption passing confidence major
pycqa/flake8 7.2.0 -> 7.3.0 age adoption passing confidence repository minor
ruff (source, changelog) ==0.11.4 -> ==0.12.1 age adoption passing confidence minor
tomlkit ==0.13.2 -> ==0.13.3 age adoption passing confidence patch
uv (source, changelog) ==0.7.4 -> ==0.7.17 age adoption passing confidence patch

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

Release Notes

aio-libs/aiohttp (aiohttp)

v3.12.13

Compare Source

====================

Bug fixes

  • Fixed auto-created :py:class:~aiohttp.TCPConnector not using the session's event loop when :py:class:~aiohttp.ClientSession is created without an explicit connector -- by :user:bdraco.

    Related issues and pull requests on GitHub:
    :issue:11147.

v3.12.12

Compare Source

====================

Bug fixes

  • Fixed cookie unquoting to properly handle octal escape sequences in cookie values (e.g., \012 for newline) by vendoring the correct _unquote implementation from Python's http.cookies module -- by :user:bdraco.

    Related issues and pull requests on GitHub:
    :issue:11173.

  • Fixed Cookie header parsing to treat attribute names as regular cookies per :rfc:6265#section-5.4 -- by :user:bdraco.

    Related issues and pull requests on GitHub:
    :issue:11178.

v3.12.11

Compare Source

====================

Features

  • Improved SSL connection handling by changing the default ssl_shutdown_timeout
    from 0.1 to 0 seconds. SSL connections now use Python's default graceful
    shutdown during normal operation but are aborted immediately when the connector
    is closed, providing optimal behavior for both cases. Also added support for
    ssl_shutdown_timeout=0 on all Python versions. Previously, this value was
    rejected on Python 3.11+ and ignored on earlier versions. Non-zero values on
    Python < 3.11 now trigger a RuntimeWarning -- by :user:bdraco.

    The ssl_shutdown_timeout parameter is now deprecated and will be removed in
    aiohttp 4.0 as there is no clear use case for changing the default.

    Related issues and pull requests on GitHub:
    :issue:11148.

Deprecations (removal in next major release)

  • Improved SSL connection handling by changing the default ssl_shutdown_timeout
    from 0.1 to 0 seconds. SSL connections now use Python's default graceful
    shutdown during normal operation but are aborted immediately when the connector
    is closed, providing optimal behavior for both cases. Also added support for
    ssl_shutdown_timeout=0 on all Python versions. Previously, this value was
    rejected on Python 3.11+ and ignored on earlier versions. Non-zero values on
    Python < 3.11 now trigger a RuntimeWarning -- by :user:bdraco.

    The ssl_shutdown_timeout parameter is now deprecated and will be removed in
    aiohttp 4.0 as there is no clear use case for changing the default.

    Related issues and pull requests on GitHub:
    :issue:11148.

v3.12.10

Compare Source

====================

Bug fixes

  • Fixed leak of aiodns.DNSResolver when :py:class:~aiohttp.TCPConnector is closed and no resolver was passed when creating the connector -- by :user:Tasssadar.

    This was a regression introduced in version 3.12.0 (:pr:10897).

    Related issues and pull requests on GitHub:
    :issue:11150.

v3.12.9

Compare Source

===================

Bug fixes

  • Fixed IOBasePayload and TextIOPayload reading entire files into memory when streaming large files -- by :user:bdraco.

    When using file-like objects with the aiohttp client, the entire file would be read into memory if the file size was provided in the Content-Length header. This could cause out-of-memory errors when uploading large files. The payload classes now correctly read data in chunks of READ_SIZE (64KB) regardless of the total content length.

    Related issues and pull requests on GitHub:
    :issue:11138.

v3.12.8

Compare Source

===================

Features

  • Added preemptive digest authentication to :class:~aiohttp.DigestAuthMiddleware -- by :user:bdraco.

    The middleware now reuses authentication credentials for subsequent requests to the same
    protection space, improving efficiency by avoiding extra authentication round trips.
    This behavior matches how web browsers handle digest authentication and follows
    :rfc:7616#section-3.6.

    Preemptive authentication is enabled by default but can be disabled by passing
    preemptive=False to the middleware constructor.

    Related issues and pull requests on GitHub:
    :issue:11128, :issue:11129.

v3.12.7

Compare Source

===================

.. warning::

This release fixes an issue where the quote_cookie parameter was not being properly
respected for shared cookies (domain="", path=""). If your server does not handle quoted
cookies correctly, you may need to disable cookie quoting by setting quote_cookie=False
when creating your :class:~aiohttp.ClientSession or :class:~aiohttp.CookieJar.
See :ref:aiohttp-client-cookie-quoting-routine for details.

Bug fixes

  • Fixed cookie parsing to be more lenient when handling cookies with special characters
    in names or values. Cookies with characters like {, }, and / in names are now
    accepted instead of causing a :exc:~http.cookies.CookieError and 500 errors. Additionally,
    cookies with mismatched quotes in values are now parsed correctly, and quoted cookie
    values are now handled consistently whether or not they include special attributes
    like Domain. Also fixed :class:~aiohttp.CookieJar to ensure shared cookies (domain="", path="")
    respect the quote_cookie parameter, making cookie quoting behavior consistent for
    all cookies -- by :user:bdraco.

    Related issues and pull requests on GitHub:
    :issue:2683, :issue:5397, :issue:7993, :issue:11112.

  • Fixed an issue where cookies with duplicate names but different domains or paths
    were lost when updating the cookie jar. The :class:~aiohttp.ClientSession
    cookie jar now correctly stores all cookies even if they have the same name but
    different domain or path, following the :rfc:6265#section-5.3 storage model -- by :user:bdraco.

    Note that :attr:ClientResponse.cookies <aiohttp.ClientResponse.cookies> returns
    a :class:~http.cookies.SimpleCookie which uses the cookie name as a key, so
    only the last cookie with each name is accessible via this interface. All cookies
    can be accessed via :meth:ClientResponse.headers.getall('Set-Cookie') <multidict.MultiDictProxy.getall> if needed.

    Related issues and pull requests on GitHub:
    :issue:4486, :issue:11105, :issue:11106.

Miscellaneous internal changes

  • Avoided creating closed futures in ResponseHandler that will never be awaited -- by :user:bdraco.

    Related issues and pull requests on GitHub:
    :issue:11107.

  • Downgraded the logging level for connector close errors from ERROR to DEBUG, as these are expected behavior with TLS 1.3 connections -- by :user:bdraco.

    Related issues and pull requests on GitHub:
    :issue:11114.

v3.12.6

Compare Source

===================

Bug fixes

  • Fixed spurious "Future exception was never retrieved" warnings for connection lost errors when the connector is not closed -- by :user:bdraco.

    When connections are lost, the exception is now marked as retrieved since it is always propagated through other means, preventing unnecessary warnings in logs.

    Related issues and pull requests on GitHub:
    :issue:11100.

v3.12.4

Compare Source

===================

Bug fixes

  • Fixed connector not waiting for connections to close before returning from :meth:~aiohttp.BaseConnector.close (partial backport of :pr:3733) -- by :user:atemate and :user:bdraco.

    Related issues and pull requests on GitHub:
    :issue:1925, :issue:11074.

v3.12.3

Compare Source

===================

Bug fixes

  • Fixed memory leak in :py:meth:~aiohttp.CookieJar.filter_cookies that caused unbounded memory growth
    when making requests to different URL paths -- by :user:bdraco and :user:Cycloctane.

    Related issues and pull requests on GitHub:
    :issue:11052, :issue:11054.

v3.12.2

Compare Source

===================

Bug fixes

  • Fixed Content-Length header not being set to 0 for non-GET requests with None body -- by :user:bdraco.

    Non-GET requests (POST, PUT, PATCH, DELETE) with None as the body now correctly set the Content-Length header to 0, matching the behavior of requests with empty bytes (b""). This regression was introduced in aiohttp 3.12.1.

    Related issues and pull requests on GitHub:
    :issue:11035.

v3.12.1

Compare Source

====================

Bug fixes

  • Fixed auto-created :py:class:~aiohttp.TCPConnector not using the session's event loop when :py:class:~aiohttp.ClientSession is created without an explicit connector -- by :user:bdraco.

    Related issues and pull requests on GitHub:
    :issue:11147.

v3.12.0: 3.12.0

Compare Source

Bug fixes

  • Fixed :py:attr:~aiohttp.web.WebSocketResponse.prepared property to correctly reflect the prepared state, especially during timeout scenarios -- by :user:bdraco

    Related issues and pull requests on GitHub:
    #​6009, #​10988.

  • Response is now always True, instead of using MutableMapping behaviour (False when map is empty)

    Related issues and pull requests on GitHub:
    #​10119.

  • Fixed connection reuse for file-like data payloads by ensuring buffer
    truncation respects content-length boundaries and preventing premature
    connection closure race -- by :user:bdraco.

    Related issues and pull requests on GitHub:
    #​10325, #​10915, #​10941, #​10943.

  • Fixed pytest plugin to not use deprecated :py:mod:asyncio policy APIs.

    Related issues and pull requests on GitHub:
    #​10851.

  • Fixed :py:class:~aiohttp.resolver.AsyncResolver not using the loop argument in versions 3.x where it should still be supported -- by :user:bdraco.

    Related issues and pull requests on GitHub:
    #​10951.

Features

  • Added a comprehensive HTTP Digest Authentication client middleware (DigestAuthMiddleware)
    that implements RFC 7616. The middleware supports all standard hash algorithms
    (MD5, SHA, SHA-256, SHA-512) with session variants, handles both 'auth' and
    'auth-int' quality of protection options, and automatically manages the
    authentication flow by intercepting 401 responses and retrying with proper
    credentials -- by :user:feus4177, :user:TimMenninger, and :user:bdraco.

    Related issues and pull requests on GitHub:
    #​2213, #​10725.

  • Added client middleware support -- by :user:bdraco and :user:Dreamsorcerer.

    This change allows users to add middleware to the client session and requests, enabling features like
    authentication, logging, and request/response modification without modifying the core
    request logic. Additionally, the session attribute was added to ClientRequest,
    allowing middleware to access the session for making additional requests.

    Related issues and pull requests on GitHub:
    #​9732, #​10902, #​10945, #​10952, #​10959, #​10968.

  • Allow user setting zlib compression backend -- by :user:TimMenninger

    This change allows the user to call :func:aiohttp.set_zlib_backend() with the
    zlib compression module of their choice. Default behavior continues to use
    the builtin zlib library.

    Related issues and pull requests on GitHub:
    #​9798.

  • Added support for overriding the base URL with an absolute one in client sessions
    -- by :user:vivodi.

    Related issues and pull requests on GitHub:
    #​10074.

  • Added host parameter to aiohttp_server fixture -- by :user:christianwbrock.

    Related issues and pull requests on GitHub:
    #​10120.

  • Detect blocking calls in coroutines using BlockBuster -- by :user:cbornet.

    Related issues and pull requests on GitHub:
    #​10433.

  • Added socket_factory to :py:class:aiohttp.TCPConnector to allow specifying custom socket options
    -- by :user:TimMenninger.

    Related issues and pull requests on GitHub:
    #​10474, #​10520, #​10961, #​10962.

  • Started building armv7l manylinux wheels -- by :user:bdraco.

    Related issues and pull requests on GitHub:
    #​10797.

  • Implemented shared DNS resolver management to fix excessive resolver object creation
    when using multiple client sessions. The new _DNSResolverManager singleton ensures
    only one DNSResolver object is created for default configurations, significantly
    reducing resource usage and improving performance for applications using multiple
    client sessions simultaneously -- by :user:bdraco.

    Related issues and pull requests on GitHub:
    #​10847, #​10923, #​10946.

  • Upgraded to LLHTTP 9.3.0 -- by :user:Dreamsorcerer.

    Related issues and pull requests on GitHub:
    #​10972.

  • Optimized small HTTP requests/responses by coalescing headers and body into a single TCP packet -- by :user:bdraco.

    This change enhances network efficiency by reducing the number of packets sent for small HTTP payloads, improving latency and reducing overhead. Most importantly, this fixes compatibility with memory-constrained IoT devices that can only perform a single read operation and expect HTTP requests in one packet. The optimization uses zero-copy writelines when coalescing data and works with both regular and chunked transfer encoding.

    When aiohttp uses client middleware to communicate with an aiohttp server, connection reuse is more likely to occur since complete responses arrive in a single packet for small payloads.

    This aligns aiohttp with other popular HTTP clients that already coalesce small requests.

    Related issues and pull requests on GitHub:
    #​10991.

Improved documentation

  • Improved documentation for middleware by adding warnings and examples about
    request body stream consumption. The documentation now clearly explains that
    request body streams can only be read once and provides best practices for
    sharing parsed request data between middleware and handlers -- by :user:bdraco.

    Related issues and pull requests on GitHub:
    #​2914.

Packaging updates and notes for downstreams

  • Removed non SPDX-license description from setup.cfg -- by :user:devanshu-ziphq.

    Related issues and pull requests on GitHub:
    #​10662.

  • Added support for building against system llhttp library -- by :user:mgorny.

    This change adds support for :envvar:AIOHTTP_USE_SYSTEM_DEPS environment variable that
    can be used to build aiohttp against the system install of the llhttp library rather
    than the vendored one.

    Related issues and pull requests on GitHub:
    #​10759.

  • aiodns is now installed on Windows with speedups extra -- by :user:bdraco.

    As of aiodns 3.3.0, SelectorEventLoop is no longer required when using pycares 4.7.0 or later.

    Related issues and pull requests on GitHub:
    #​10823.

  • Fixed compatibility issue with Cython 3.1.1 -- by :user:bdraco

    Related issues and pull requests on GitHub:
    #​10877.

Contributor-facing changes

  • Sped up tests by disabling blockbuster fixture for test_static_file_huge and test_static_file_huge_cancel tests -- by :user:dikos1337.

    Related issues and pull requests on GitHub:
    #​9705, #​10761.

  • Updated tests to avoid using deprecated :py:mod:asyncio policy APIs and
    make it compatible with Python 3.14.

    Related issues and pull requests on GitHub:
    #​10851.

  • Added Winloop to test suite to support in the future -- by :user:Vizonex.

    Related issues and pull requests on GitHub:
    #​10922.

Miscellaneous internal changes

  • Added support for the partitioned attribute in the set_cookie method.

    Related issues and pull requests on GitHub:
    #​9870.

  • Setting :attr:aiohttp.web.StreamResponse.last_modified to an unsupported type will now raise :exc:TypeError instead of silently failing -- by :user:bdraco.

    Related issues and pull requests on GitHub:
    #​10146.

v3.11.18

Compare Source

====================

Bug fixes

  • Disabled TLS in TLS warning (when using HTTPS proxies) for uvloop and newer Python versions -- by :user:lezgomatt.

    Related issues and pull requests on GitHub:
    :issue:7686.

  • Fixed reading fragmented WebSocket messages when the payload was masked -- by :user:bdraco.

    The problem first appeared in 3.11.17

    Related issues and pull requests on GitHub:
    :issue:10764.

v3.11.17

Compare Source

====================

Miscellaneous internal changes

  • Optimized web server performance when access logging is disabled by reducing time syscalls -- by :user:bdraco.

    Related issues and pull requests on GitHub:
    :issue:10713.

  • Improved web server performance when connection can be reused -- by :user:bdraco.

    Related issues and pull requests on GitHub:
    :issue:10714.

  • Improved performance of the WebSocket reader -- by :user:bdraco.

    Related issues and pull requests on GitHub:
    :issue:10740.

  • Improved performance of the WebSocket reader with large messages -- by :user:bdraco.

    Related issues and pull requests on GitHub:
    :issue:10744.

v3.11.16

Compare Source

====================

Bug fixes

  • Replaced deprecated asyncio.iscoroutinefunction with its counterpart from inspect
    -- by :user:layday.

    Related issues and pull requests on GitHub:
    :issue:10634.

  • Fixed :class:multidict.CIMultiDict being mutated when passed to :class:aiohttp.web.Response -- by :user:bdraco.

    Related issues and pull requests on GitHub:
    :issue:10672.

astral-sh/ruff-pre-commit (astral-sh/ruff-pre-commit)

v0.12.1

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.12.1

v0.12.0

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.12.0

v0.11.13

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.11.13

v0.11.12

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.11.12

v0.11.11

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.11.11

v0.11.10

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.11.10

v0.11.9

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.11.9

v0.11.8

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.11.8

v0.11.7

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.11.7

v0.11.6

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.11.6

v0.11.5

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.11.5

python/mypy (mypy)

v1.16.1

Compare Source

pypa/packaging (packaging)

v25.0

Compare Source

What's Changed

New Contributors

Full Changelog: pypa/packaging@24.2...25.0

pycqa/flake8 (pycqa/flake8)

v7.3.0

Compare Source

astral-sh/ruff (ruff)

v0.12.1

Compare Source

Preview features
  • [flake8-errmsg] Extend EM101 to support byte strings (#​18867)
  • [flake8-use-pathlib] Add autofix for PTH202 (#​18763)
  • [pygrep-hooks] Add AsyncMock methods to invalid-mock-access (PGH005) (#​18547)
  • [pylint] Ignore __init__.py files in (PLC0414) (#​18400)
  • [ruff] Trigger RUF037 for empty string and byte strings (#​18862)
  • [formatter] Fix missing blank lines before decorated classes in .pyi files (#​18888)
Bug fixes
  • Avoid generating diagnostics with per-file ignores (#​18801)
  • Handle parenthesized arguments in remove_argument (#​18805)
  • [flake8-logging] Avoid false positive for exc_info=True outside logger.exception (LOG014) (#​18737)
  • [flake8-pytest-style] Enforce pytest import for decorators (#​18779)
  • [flake8-pytest-style] Mark autofix for PT001 and PT023 as unsafe if there's comments in the decorator (#​18792)
  • [flake8-pytest-style] PT001/PT023 fix makes syntax error on parenthesized decorator (#​18782)
  • [flake8-raise] Make fix unsafe if it deletes comments (RSE102) (#​18788)
  • [flake8-simplify] Fix SIM911 autofix creating a syntax error (#​18793)
  • [flake8-simplify] Fix false negatives for shadowed bindings (SIM910, SIM911) (#​18794)
  • [flake8-simplify] Preserve original behavior for except () and bare except (SIM105) (#​18213)
  • [flake8-pyi] Fix PYI041's fix causing TypeError with None | None | ... (#​18637)
  • [perflint] Fix PERF101 autofix creating a syntax error and mark autofix as unsafe if there are comments in the list call expr (#​18803)
  • [perflint] Fix false negative in PERF401 (#​18866)
  • [pylint] Avoid flattening nested min/max when outer call has single argument (PLW3301) (#​16885)
  • [pylint] Fix PLC2801 autofix creating a syntax error (#​18857)
  • [pylint] Mark PLE0241 autofix as unsafe if there's comments in the base classes (#​18832)
  • [pylint] Suppress PLE2510/PLE2512/PLE2513/PLE2514/PLE2515 autofix if the text contains an odd number of backslashes (#​18856)
  • [refurb] Detect more exotic float literals in FURB164 (#​18925)
  • [refurb] Fix FURB163 autofix creating a syntax error for yield expressions (#​18756)
  • [refurb] Mark FURB129 autofix as unsafe if there's comments in the readlines call (#​18858)
  • [ruff] Fix false positives and negatives in RUF010 (#​18690)
  • Fix casing of analyze.direction variant names (#​18892)
Rule changes
  • Fix f-string interpolation escaping in generated fixes (#​18882)
  • [flake8-return] Mark RET501 fix unsafe if comments are inside (#​18780)
  • [flake8-async] Fix detection for large integer sleep durations in ASYNC116 rule (#​18767)
  • [flake8-async] Mark autofix for ASYNC115 as unsafe if the call expression contains comments (#​18753)
  • [flake8-bugbear] Mark autofix for B004 as unsafe if the hasattr call expr contains comments (#​18755)
  • [flake8-comprehension] Mark autofix for C420 as unsafe if there's comments inside the dict comprehension (#​18768)
  • [flake8-comprehensions] Handle template strings for comprehension fixes (#​18710)
  • [flake8-future-annotations] Add autofix (FA100) (#​18903)
  • [pyflakes] Mark F504/F522/F523 autofix as unsafe if there's a call with side effect (#​18839)
  • [pylint] Allow fix with comments and document performance implications (PLW3301) (#​18936)
  • [pylint] Detect more exotic NaN literals in PLW0177 (#​18630)
  • [pylint] Fix PLC1802 autofix creating a syntax error and mark autofix as unsafe if there's comments in the len call (#​18836)
  • [pyupgrade] Extend version detection to include sys.version_info.major (UP036) (#​18633)
  • [ruff] Add lint rule RUF064 for calling chmod with non-octal integers (#​18541)
  • [ruff] Added cls.__dict__.get('__annotations__') check (RUF063) (#​18233)
  • [ruff] Frozen dataclass default should be valid (RUF009) (#​18735)
Server
  • Consider virtual path for various server actions (#​18910)
Documentation
Other changes
  • Disallow newlines in format specifiers of single quoted f- or t-strings (#​18708)
  • [flake8-logging] Add fix safety section to LOG002 (#​18840)
  • [pyupgrade] Add fix safety section to UP010 (#​18838)

v0.12.0

Compare Source

Check out the blog post for a migration
guide and overview of the changes!

Breaking changes

  • Detection of more syntax errors

    Ruff now detects version-related syntax errors, such as the use of the match
    statement on Python versions before 3.10, and syntax errors emitted by
    CPython's compiler, such as irrefutable match patterns before the final
    case arm.

  • New default Python version handling for syntax errors

    Ruff will default to the latest supported Python version (3.13) when
    checking for the version-related syntax errors mentioned above to prevent
    false positives in projects without a Python version configured. The default
    in all other cases, like applying lint rules, is unchanged and remains at the
    minimum supported Python version (3.9).

  • Updated f-string formatting

    Ruff now formats multi-line f-strings with format specifiers to avoid adding a
    line break after the format specifier. This addresses a change to the Python
    grammar in version 3.13.4 that made such a line break a syntax error.

  • rust-toolchain.toml is no longer included in source distributions

    The rust-toolchain.toml is used to specify a higher Rust version than Ruff's
    minimum supported Rust version (MSRV) for development and building release
    artifacts. However, when present in source distributions, it would also cause
    downstream package maintainers to pull in the same Rust toolchain, even if
    their available toolchain was MSRV-compatible.

Removed Rules

The following rules have been removed:

Deprecated Rules

The following rules have been deprecated:

Stabilization

The following rules have been stabilized and are no longer in preview:

The following behaviors have been stabilized:

  • [collection-literal-concatenation] (RUF005) now recognizes slices, in
    addition to list literals and variables.
  • The fix for [readlines-in-for] (FURB129) is now marked as always safe.
  • [if-else-block-instead-of-if-exp] (SIM108) will now further simplify
    expressions to use or instead of an if expression, where possible.
  • [unused-noqa] (RUF100) now checks for file-level noqa comments as well
    as inline comments.
  • [subprocess-without-shell-equals-true] (S603) now accepts literal strings,
    as well as lists and tuples of literal strings, as trusted input.
  • [boolean-type-hint-positional-argument] (FBT001) now applies to types that
    include bool, like bool | int or typing.Optional[bool], in addition to
    plain bool annotations.
  • [non-pep604-annotation-union] (UP007) has now been split into two rules.
    UP007 now applies only to typing.Union, while
    [non-pep604-annotation-optional] (UP045) checks for use of
    typing.Optional. UP045 has also been stabilized in this release, but you
    may need to update existing include, ignore, or noqa settings to
    accommodate this change.
Preview features
  • [ruff] Check for non-context-manager use of pytest.raises, pytest.warns, and pytest.deprecated_call (RUF061) (#​17368)
  • [syntax-errors] Raise unsupported syntax error for template strings prior to Python 3.14 (#​18664)
Bug fixes
  • Add syntax error when conversion flag does not immediately follow exclamation mark (#​18706)
  • Add trailing space around readlines (#​18542)
  • Fix \r and \r\n handling in t- and f-string debug texts (#​18673)
  • Hug closing } when f-string expression has a format specifier (#​18704)
  • [flake8-pyi] Avoid syntax error in the case of starred and keyword arguments (PYI059) (#​18611)
  • [flake8-return] Fix RET504 autofix generating a syntax error (#​18428)
  • [pep8-naming] Suppress fix for N804 and N805 if the recommended name is already used (#​18472)
  • [pycodestyle] Avoid causing a syntax error in expressions spanning multiple lines (E731) (#​18479)
  • [pyupgrade] Suppress UP008 if super is shadowed (#​18688)
  • [refurb] Parenthesize lambda and ternary expressions (FURB122, FURB142) (#​18592)
  • [ruff] Handle extra arguments to deque (RUF037) (#​18614)
  • [ruff] Preserve parentheses around deque in fix for unnecessary-empty-iterable-within-deque-call (RUF037) (#​18598)
  • [ruff] Validate arguments before offering a fix (RUF056) (#​18631)
  • [ruff] Skip fix for RUF059 if dummy name is already bound (#​18509)
  • [pylint] Fix PLW0128 to check assignment targets in square brackets and after asterisks (#​18665)
Rule changes
  • Fix false positive on mutations in return statements (B909) (#​18408)
  • Treat ty: comments as pragma comments (#​18532)
  • [flake8-pyi] Apply custom-typevar-for-self to string annotations (PYI019) (#​18311)
  • [pyupgrade] Don't offer a fix for Optional[None] (UP007, UP045) (#​18545)
  • [pyupgrade] Fix super(__class__, self) detection (UP008) (#​18478)
  • [refurb] Make the fix for FURB163 unsafe for log2, log10, *args, and deleted comments (#​18645)
Server
Documentation
  • Drop confusing second * from glob pattern example for per-file-target-version (#​18709)
  • Update Neovim configuration examples (#​18491)
  • [pylint] De-emphasize __hash__ = Parent.__hash__ (PLW1641) (#​18613)
  • [refurb] Add a note about float literal handling (FURB157) (#​18615)

v0.11.13

Compare Source

Preview features
Bug fixes
  • [perflint] Fix missing parentheses for lambda and ternary conditions (PERF401, PERF403) (#​18412)
  • [pyupgrade] Apply UP035 only on py313+ for get_type_hints() (#​18476)
  • [pyupgrade] Make fix unsafe if it deletes comments (UP004,UP050) (#​18393, #​18390)
Rule changes
  • [fastapi] Avoid false positive for class dependencies (FAST003) (#​18271)
Documentation
  • Update editor setup docs for Neovim and Vim (#​18324)
Other changes
  • Support Python 3.14 template strings (t-strings) in formatter and parser (#​17851)

v0.11.12

Compare Source

Preview features
  • [airflow] Revise fix titles (AIR3) (#​18215)
  • [pylint] Implement missing-maxsplit-arg (PLC0207) (#​17454)
  • [pyupgrade] New rule UP050 (useless-class-metaclass-type) (#​18334)
  • [flake8-use-pathlib] Replace os.symlink with Path.symlink_to (PTH211) (#​18337)
Bug fixes
  • [flake8-bugbear] Ignore __debug__ attribute in B010 (#​18357)
  • [flake8-async] Fix anyio.sleep argument name (ASYNC115, ASYNC116) (#​18262)
  • [refurb] Fix FURB129 autofix generating invalid syntax (#​18235)
Rule changes
  • [flake8-implicit-str-concat] Add autofix for ISC003 (#​18256)
  • [pycodestyle] Improve the diagnostic message for E712 (#​18328)
  • [flake8-2020] Fix diagnostic message for != comparisons (YTT201) (#​18293)
  • [pyupgrade] Make fix unsafe if it deletes comments (UP010) (#​18291)
Documentation
  • Simplify rules table to improve readability (#​18297)
  • Update editor integrations link in README (#​17977)
  • [flake8-bugbear] Add fix safety section (B006) (#​17652)

v0.11.11

Compare Source

Release Notes

Preview features
  • [airflow] Add autofixes for AIR302 and AIR312 (#​17942)
  • [airflow] Move rules from AIR312 to AIR302 (#​17940)
  • [airflow] Update AIR301 and AIR311 with the latest Airflow implementations (#​17985)
  • [flake8-simplify] Enable fix in preview mode (SIM117) (#​18208)
Bug fixes
  • Fix inconsistent formatting of match-case on [] and _ (#​18147)
  • [pylint] Fix PLW1514 not recognizing the encoding positional argument of codecs.open (#​18109)
CLI
  • Add full option name in formatter warning (#​18217)
Documentation
  • Fix rendering of admonition in docs (#​18163)
  • [flake8-print] Improve print/pprint docs for T201 and T203 (#​18130)
  • [flake8-simplify] Add fix safety section (SIM110,SIM210) (#​18114,#​18100)
  • [pylint] Fix docs example that produced different output (PLW0603) (#​18216)

Contributors

@renovate renovate bot added the bot: dependencies 🤖 Dependency file updates by renovate 🤖 label Jul 1, 2025
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@AlexWaygood
Copy link
Member

Flake8 7.3.0 seems to bring with it lots of F821 false positives (likely due to a pyflakes upgrade?)...

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 1, 2025

Diff from mypy_primer, showing the effect of this PR on open source code:

discord.py (https://github.com/Rapptz/discord.py)
- ...typeshed_to_test/stdlib/typing.pyi:1014: note: "update" of "TypedDict" defined here
+ ...typeshed_to_test/stdlib/typing.pyi:1013: note: "update" of "TypedDict" defined here
- ...typeshed_to_test/stdlib/typing.pyi:1014: note: "update" of "TypedDict" defined here
+ ...typeshed_to_test/stdlib/typing.pyi:1013: note: "update" of "TypedDict" defined here

@AlexWaygood AlexWaygood merged commit 75d8c88 into main Jul 1, 2025
104 checks passed
@AlexWaygood AlexWaygood deleted the renovate/most-testlint-dependencies branch July 1, 2025 09:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bot: dependencies 🤖 Dependency file updates by renovate 🤖
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@AlexWaygood