Skip to content

build(deps): bump the quality group across 1 directory with 4 updates#634

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/main/quality-0e1b5d8391
Open

build(deps): bump the quality group across 1 directory with 4 updates#634
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/main/quality-0e1b5d8391

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the quality group with 4 updates in the / directory: ruff, ty, prek and types-requests.

Updates ruff from 0.15.15 to 0.15.21

Release notes

Sourced from ruff's releases.

0.15.21

Release Notes

Released on 2026-07-09.

Preview features

  • Add --add-ignore for adding ruff:ignore comments (#26346)
  • [flake8-comprehensions] Drop C409 tuple comprehension preview behavior (#25707)
  • Avoid whitespace normalization when formatting comments (#26455)
  • [pyupgrade] Lint and fix use of deprecated abc decorators (UP051) (#26417)

Bug fixes

  • Refine non-empty f-string detection (#26526)
  • Detect syntax errors in individual notebook cells (#26419)
  • [flake8-implicit-str-concat] Fix ISC003 autofix incorrectly stripping + from comments (#26554)

Rule changes

  • [flake8-executable] Mark EXE004 fix as unsafe (#26033)
  • [flake8-pyi] Mark PYI061 fixes as unsafe in Python files (#26533)
  • [pydocstyle] Skip overload-with-docstring in stub files (D418) (#26318)

Performance

  • Avoid per-token source index visitor calls (#26506)
  • Cache parenthesized expression boundaries in the formatter (#26344)
  • Improve performance of rendering edits in preview mode (#26565)
  • Inline fits_element in formatter (#26429)
  • Inline formatter printing hot paths (#26504)
  • Lazily create builtin bindings (#26510)
  • Skip empty trivia scans in the source indexer (#26507)
  • Use ICF for macOS release builds (#25780)

Formatter

  • Add --extend-exclude to ruff format (#26372)

Documentation

  • Add "How does Ruff's import sorting compare to isort?" link to README (#26530)
  • Fix Mozilla Firefox repository link in README (#26537)
  • [flake8-bandit] Fix misleading docstring for mako-templates (S702) (#26432)
  • [ruff] Fix non-triggering example for if-key-in-dict-del (RUF051) (#26433)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.21

Released on 2026-07-09.

Preview features

  • Add --add-ignore for adding ruff:ignore comments (#26346)
  • [flake8-comprehensions] Drop C409 tuple comprehension preview behavior (#25707)
  • Avoid whitespace normalization when formatting comments (#26455)
  • [pyupgrade] Lint and fix use of deprecated abc decorators (UP051) (#26417)

Bug fixes

  • Refine non-empty f-string detection (#26526)
  • Detect syntax errors in individual notebook cells (#26419)
  • [flake8-implicit-str-concat] Fix ISC003 autofix incorrectly stripping + from comments (#26554)

Rule changes

  • [flake8-executable] Mark EXE004 fix as unsafe (#26033)
  • [flake8-pyi] Mark PYI061 fixes as unsafe in Python files (#26533)
  • [pydocstyle] Skip overload-with-docstring in stub files (D418) (#26318)

Performance

  • Avoid per-token source index visitor calls (#26506)
  • Cache parenthesized expression boundaries in the formatter (#26344)
  • Improve performance of rendering edits in preview mode (#26565)
  • Inline fits_element in formatter (#26429)
  • Inline formatter printing hot paths (#26504)
  • Lazily create builtin bindings (#26510)
  • Skip empty trivia scans in the source indexer (#26507)
  • Use ICF for macOS release builds (#25780)

Formatter

  • Add --extend-exclude to ruff format (#26372)

Documentation

  • Add "How does Ruff's import sorting compare to isort?" link to README (#26530)
  • Fix Mozilla Firefox repository link in README (#26537)
  • [flake8-bandit] Fix misleading docstring for mako-templates (S702) (#26432)
  • [ruff] Fix non-triggering example for if-key-in-dict-del (RUF051) (#26433)

Contributors

... (truncated)

Commits

Updates ty from 0.0.42 to 0.0.59

Release notes

Sourced from ty's releases.

0.0.59

Release Notes

Released on 2026-07-12.

Bug fixes

  • Guard descriptor classification cycles (#26690)
  • Respect init=False in dataclass field-order checks (#26749)
  • Avoid duplicate diagnostics for overloaded TypeIs (#26716)

Library support

  • Pydantic: Support custom __init__ methods (#26699)
  • Pydantic: Support field metadata in Annotated (#26650)

Core type checking

  • Allow unsound equality-based narrowing for builtins (#26414)
  • Bind Self in implicit dunder calls (#26711)
  • Correct protocol method receiver binding (#26701)
  • Exempt ParamSpec callables from the dunder descriptor heuristic (#26696)
  • Remove transitive TypeVar artifacts during collection inference (#26714)

LSP server

  • Avoid broad invalidation from file check eligibility (#26741)
  • Correct how we expand tabs in docstrings (#26679)
  • Resolve ambiguity in Google-style docstring parsing in favour of observations from popular projects (#26673)

CLI

  • Avoid allocation for every stdout write (#26698)
  • Buffer diagnostic output (#26702)

Performance

  • Cache generic context (#26745)
  • Cache known class instances (#26746)
  • Reuse common TypedDict constraints through intersections (#26747)
  • Use purpose-specific types for completion and module text (#26664)

Contributors

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.59

Released on 2026-07-12.

Bug fixes

  • Guard descriptor classification cycles (#26690)
  • Respect init=False in dataclass field-order checks (#26749)
  • Avoid duplicate diagnostics for overloaded TypeIs (#26716)

Library support

  • Pydantic: Support custom __init__ methods (#26699)
  • Pydantic: Support field metadata in Annotated (#26650)

Core type checking

  • Allow unsound equality-based narrowing for builtins (#26414)
  • Bind Self in implicit dunder calls (#26711)
  • Correct protocol method receiver binding (#26701)
  • Exempt ParamSpec callables from the dunder descriptor heuristic (#26696)
  • Remove transitive TypeVar artifacts during collection inference (#26714)

LSP server

  • Avoid broad invalidation from file check eligibility (#26741)
  • Correct how we expand tabs in docstrings (#26679)
  • Resolve ambiguity in Google-style docstring parsing in favour of observations from popular projects (#26673)

CLI

  • Avoid allocation for every stdout write (#26698)
  • Buffer diagnostic output (#26702)

Performance

  • Cache generic context (#26745)
  • Cache known class instances (#26746)
  • Reuse common TypedDict constraints through intersections (#26747)
  • Use purpose-specific types for completion and module text (#26664)

Contributors

... (truncated)

Commits

Updates prek from 0.4.3 to 0.4.9

Release notes

Sourced from prek's releases.

0.4.9

Release Notes

Released on 2026-07-11.

Note: This release changes the repository identity schema stored in cached hook environments. Existing hook environments will be invalidated, and prek will reinstall them automatically when needed.

Enhancements

  • Preserve additional dependency order (#2311)
  • Remove parallel Ruby gem installation (#2307)
  • Warn for missing update repositories (#2316)

Bug fixes

  • Fix mixed workspace selectors (#2306)
  • Fix try-repo local path resolution (#2310)
  • Use resolved gem executable (#2308)
  • Validate complete XML documents in check-xml (#2312)

Contributors

Install prek 0.4.9

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/j178/prek/releases/download/v0.4.9/prek-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/j178/prek/releases/download/v0.4.9/prek-installer.ps1 | iex"

Install prebuilt binaries via Homebrew

brew install prek

Download prek 0.4.9

File Platform Checksum
prek-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum

... (truncated)

Changelog

Sourced from prek's changelog.

0.4.9

Released on 2026-07-11.

Note: This release changes the repository identity schema stored in cached hook environments. Existing hook environments will be invalidated, and prek will reinstall them automatically when needed.

Enhancements

  • Preserve additional dependency order (#2311)
  • Remove parallel Ruby gem installation (#2307)
  • Warn for missing update repositories (#2316)

Bug fixes

  • Fix mixed workspace selectors (#2306)
  • Fix try-repo local path resolution (#2310)
  • Use resolved gem executable (#2308)
  • Validate complete XML documents in check-xml (#2312)

Contributors

0.4.8

Released on 2026-07-04.

Enhancements

  • Add default_env configuration (#2288)
  • Rename auto-update to update (#2286)

Bug fixes

  • Fix progress collapse ordering (#2291)
  • Fix progress insertion after collapsed rows (#2292)

Contributors

0.4.6

Released on 2026-07-01.

Enhancements

  • Verify managed toolchain downloads before installation (#2229)
  • Add PREK_DOCKER_NO_INIT to opt-out Docker --init (#2242)

... (truncated)

Commits

Updates types-requests from 2.33.0.20260518 to 2.33.0.20260712

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the quality group with 4 updates in the / directory: [ruff](https://github.com/astral-sh/ruff), [ty](https://github.com/astral-sh/ty), [prek](https://github.com/j178/prek) and [types-requests](https://github.com/python/typeshed).


Updates `ruff` from 0.15.15 to 0.15.21
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.15...0.15.21)

Updates `ty` from 0.0.42 to 0.0.59
- [Release notes](https://github.com/astral-sh/ty/releases)
- [Changelog](https://github.com/astral-sh/ty/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ty@0.0.42...0.0.59)

Updates `prek` from 0.4.3 to 0.4.9
- [Release notes](https://github.com/j178/prek/releases)
- [Changelog](https://github.com/j178/prek/blob/master/CHANGELOG.md)
- [Commits](j178/prek@v0.4.3...v0.4.9)

Updates `types-requests` from 2.33.0.20260518 to 2.33.0.20260712
- [Commits](https://github.com/python/typeshed/commits)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.15.21
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: quality
- dependency-name: ty
  dependency-version: 0.0.59
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: quality
- dependency-name: prek
  dependency-version: 0.4.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: quality
- dependency-name: types-requests
  dependency-version: 2.33.0.20260712
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: quality
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file type: misc labels Jul 13, 2026
@github-actions github-actions Bot added the topic: build Related to build, installation & CI label Jul 13, 2026
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedpypi/​prek@​0.4.3 ⏵ 0.4.9100100100100100
Updatedpypi/​ty@​0.0.42 ⏵ 0.0.59100100100100100
Updatedpypi/​ruff@​0.15.15 ⏵ 0.15.21100 +1100100100100
Updatedpypi/​types-requests@​2.33.0.20260518 ⏵ 2.33.0.20260712100100100100100

View full report

@codecov

codecov Bot commented Jul 13, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.97%. Comparing base (096889d) to head (67562a3).

Additional details and impacted files
@@            Coverage Diff             @@
##             main     #634      +/-   ##
==========================================
- Coverage   93.44%   90.97%   -2.48%     
==========================================
  Files          59        3      -56     
  Lines        3053      133    -2920     
==========================================
- Hits         2853      121    -2732     
+ Misses        200       12     -188     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file topic: build Related to build, installation & CI type: misc

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants