Skip to content

deps: bump ruff from 0.15.17 to 0.15.18#25

Merged
helebest merged 1 commit into
mainfrom
dependabot/uv/ruff-0.15.18
Jun 22, 2026
Merged

deps: bump ruff from 0.15.17 to 0.15.18#25
helebest merged 1 commit into
mainfrom
dependabot/uv/ruff-0.15.18

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Bumps ruff from 0.15.17 to 0.15.18.

Release notes

Sourced from ruff's releases.

0.15.18

Release Notes

Released on 2026-06-18.

Preview features

  • Handle nested ruff:ignore comments (#25791)
  • Stop displaying severity in output (#26050)
  • Use human-readable names in CLI output (#25937)
  • Use human-readable names in LSP and playground diagnostics (#26058)
  • [pydocstyle] Prevent property docstrings starting with verbs (D421) (#23775)
  • [flake8-pyi] Extend PYI033 to Python files (#26129)

Bug fixes

  • Detect equivalent numeric mapping keys (#26009)
  • Detect mapping keys equivalent to booleans (#25982)
  • Detect repeated signed and complex dictionary keys (#26007)

Rule changes

  • [flake8-pyi] Rename PYI033 to legacy-type-comment (#26131)

Performance

  • Use ThinVec for call keywords (#25999)
  • Inline parser recovery context checks (#26038)
  • Match parser keywords as bytes (#26037)
  • Move value parsing out of lexing (#25360)

Server

  • Render subdiagnostics and secondary annotations as related information (#26011)

Documentation

  • Update fix availability for always-fixable rules (#26091)
  • [flake8-tidy-imports] Add fix safety section (TID252) (#17491)

Parser

  • Reject __debug__ lambda parameters (#26022)
  • Reject _ as a match-pattern target (#25977)
  • Reject multiple starred names in sequence patterns (#25976)
  • Reject parenthesized star imports (#26021)
  • Reject starred comprehension targets (#26023)
  • Reject unparenthesized generator expressions in class bases (#25978)
  • Reject yield expressions after commas (#26024)
  • Validate function type parameter default order (#25981)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.18

Released on 2026-06-18.

Preview features

  • Handle nested ruff:ignore comments (#25791)
  • Stop displaying severity in output (#26050)
  • Use human-readable names in CLI output (#25937)
  • Use human-readable names in LSP and playground diagnostics (#26058)
  • [pydocstyle] Prevent property docstrings starting with verbs (D421) (#23775)
  • [flake8-pyi] Extend PYI033 to Python files (#26129)

Bug fixes

  • Detect equivalent numeric mapping keys (#26009)
  • Detect mapping keys equivalent to booleans (#25982)
  • Detect repeated signed and complex dictionary keys (#26007)

Rule changes

  • [flake8-pyi] Rename PYI033 to legacy-type-comment (#26131)

Performance

  • Use ThinVec for call keywords (#25999)
  • Inline parser recovery context checks (#26038)
  • Match parser keywords as bytes (#26037)
  • Move value parsing out of lexing (#25360)

Server

  • Render subdiagnostics and secondary annotations as related information (#26011)

Documentation

  • Update fix availability for always-fixable rules (#26091)
  • [flake8-tidy-imports] Add fix safety section (TID252) (#17491)

Parser

  • Reject __debug__ lambda parameters (#26022)
  • Reject _ as a match-pattern target (#25977)
  • Reject multiple starred names in sequence patterns (#25976)
  • Reject parenthesized star imports (#26021)
  • Reject starred comprehension targets (#26023)
  • Reject unparenthesized generator expressions in class bases (#25978)
  • Reject yield expressions after commas (#26024)
  • Validate function type parameter default order (#25981)

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
deps: bump ruff from 0.15.17 to 0.15.18
394f29a 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.15.17 to 0.15.18.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.17...0.15.18)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.15.18
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: deps. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@helebest Claude

helebest commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

Automated Dependabot PR Review

Step 1: Code Review ✅

Consistency: The PR title and description accurately describe the change — bumping ruff from 0.15.17 to 0.15.18. The diff confirms exactly this: one line in pyproject.toml and the corresponding lock entry/hashes in uv.lock.

Correctness: The version specifier is updated from >=0.15.17 to >=0.15.18, and the lock file resolves to 0.15.18 with valid PyPI URLs and SHA256 hashes for all platforms. No logic errors.

Conventions: Only the expected files (pyproject.toml, uv.lock) are modified. The change is scoped to the dev dependency group, which is correct — ruff is a linting tool only.

Security: This is a patch release of a dev-only linting tool with no runtime impact. The 0.15.18 changelog contains bug fixes (duplicate dictionary key detection), parser hardening, and performance improvements. No security advisories or breaking changes.

Effectiveness: The bump achieves its stated purpose — updating the pinned linter to the latest patch release.

Test coverage: No functional code was introduced; no additional tests are needed.

Step 2: Regression Verification ✅

Checked out the PR branch and ran uv run ruff check . against the new version — all checks passed. The pytest collection errors present in this environment are identical on main (missing editable installs / pytest_httpx) and are pre-existing, not caused by this change.

Step 3: CI ✅

All 4 checks completed successfully:

  • test (3.12) — success
  • test (3.13) — success
  • analyze — success
  • CodeQL — success

Step 4: Merging

All steps passed. Proceeding with squash merge.

Generated by Claude Code

@helebest helebest merged commit da35b64 into main Jun 22, 2026
4 checks passed
@helebest helebest deleted the dependabot/uv/ruff-0.15.18 branch June 22, 2026 23:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@helebest