Skip to content

chore(deps-dev): Bump the linters group with 4 updates#163

Merged
jodal merged 1 commit into
mainfrom
dependabot/pip/linters-1df3371db3
Jul 1, 2026
Merged

chore(deps-dev): Bump the linters group with 4 updates#163
jodal merged 1 commit into
mainfrom
dependabot/pip/linters-1df3371db3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the linters group with 4 updates: basedpyright, ruff, ty and zizmor.

Updates basedpyright from 1.39.6 to 1.39.8

Commits
  • fab7323 1.39.8
  • c685372 Avoid auto f-string conversion for raw strings
  • a55c2a4 docs: document typeCheckingMode off behavior
  • 61b9817 fix: clarify implicit abstract class diagnostic
  • 7dd1aaf fix default value in pythonPlatform documentation, which differs from upstream
  • c9a757d 1.39.7
  • d253d82 avoid duplicated capability registrations
  • 19c3545 fix empty semantic tokens response interfering with other language servers wh...
  • b018192 update baseline file
  • 15ee8f1 revert upstream's ai generated bash clusterfuck of an attempt at fixing the p...
  • Additional commits viewable in compare view

Updates ruff from 0.15.14 to 0.15.19

Release notes

Sourced from ruff's releases.

0.15.19

Release Notes

Released on 2026-06-23.

Preview features

  • Support human-readable names when hovering suppression comments and in code actions (#26114)

Bug fixes

  • Fall back to default settings when editor-only settings are invalid (#26244)
  • Fix panic when inserting text at a notebook cell boundary (#26111)

Rule changes

  • [pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#26239)

Performance

  • Avoid allocating when parsing single string literals (#26200)
  • Avoid reallocating singleton call arguments (#26223)
  • Lazily create source files for lint diagnostics (#26226)
  • Optimize formatter text width and indentation (#26236)
  • Reserve capacity for builtin bindings (#26229)
  • Skip repeated-key checks for singleton dictionaries (#26228)
  • Use ArrayVec for qualified name segments (#26224)

Documentation

  • [flake8-pyi] Note that PYI051 is an opinionated stylistic rule (#26179)
  • [pyupgrade] Clarify UP029 as a Python 2 compatibility rule (#26243)

Other changes

  • Publish Ruff crates to crates.io (#26271)

Contributors

Install ruff 0.15.19

Install prebuilt binaries via shell script

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.19

Released on 2026-06-23.

Preview features

  • Support human-readable names when hovering suppression comments and in code actions (#26114)

Bug fixes

  • Fall back to default settings when editor-only settings are invalid (#26244)
  • Fix panic when inserting text at a notebook cell boundary (#26111)

Rule changes

  • [pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#26239)

Performance

  • Avoid allocating when parsing single string literals (#26200)
  • Avoid reallocating singleton call arguments (#26223)
  • Lazily create source files for lint diagnostics (#26226)
  • Optimize formatter text width and indentation (#26236)
  • Reserve capacity for builtin bindings (#26229)
  • Skip repeated-key checks for singleton dictionaries (#26228)
  • Use ArrayVec for qualified name segments (#26224)

Documentation

  • [flake8-pyi] Note that PYI051 is an opinionated stylistic rule (#26179)
  • [pyupgrade] Clarify UP029 as a Python 2 compatibility rule (#26243)

Other changes

  • Publish Ruff crates to crates.io (#26271)

Contributors

0.15.18

Released on 2026-06-18.

Preview features

... (truncated)

Commits
  • 7f04365 Bump version to 0.15.19 (#26291)
  • a30ba16 [ty] Infer definite equality comparison results (#26290)
  • bcd2028 [ty] Avoid recursion when projecting narrowing constraints (#26276)
  • c0e083e [ty] Avoid bypassing lazy constraints for Divergent (#26288)
  • fb13596 Record configured crates.io packages (#26281)
  • 85da759 [ty] Fix ParamSpec callable signature extraction for callable instances (#26279)
  • 4c98a81 [ty] Make multi-arm TypeOf cycle recovery monotonic (#26275)
  • 7b84361 [ty] Preserve regular kind for callable instances (#26253)
  • 93c8c59 [flake8-pyi] Note that PYI051 is an opinionated stylistic rule (#26179)
  • bc9bb05 [ty] Infer types for names bound in match patterns (#25940)
  • Additional commits viewable in compare view

Updates ty from 0.0.39 to 0.0.53

Release notes

Sourced from ty's releases.

0.0.53

Release Notes

Released on 2026-06-23.

Bug fixes

  • Avoid bypassing lazy constraints for Divergent (#26288)
  • Avoid recursion when projecting narrowing constraints (#26276)
  • Fix ParamSpec callable signature extraction for callable instances (#26279)
  • Make multi-arm TypeOf cycle recovery monotonic (#26275)

LSP server

  • Document all special forms in ty_extensions (#26263)

Performance

  • Avoid cloning fallback condition flow snapshots (#26203)
  • Avoid constructing discarded speculative diagnostics (#26251)
  • Avoid path lookups when sorting same-file diagnostics (#26257)
  • Cache is_never_satisfied results (#26261)
  • Defer applying type context to simple standalone expressions (#26252)

Core type checking

  • Infer types for names bound in match patterns (#25940)
  • Preserve regular kind for callable instances (#26253)
  • Simplify intersections of invariant generic types with Any specializations (#26127)

Contributors

Install ty 0.0.53

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.53/ty-installer.sh | sh

Install prebuilt binaries via powershell script

</tr></table> 

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.53

Released on 2026-06-23.

Bug fixes

  • Avoid bypassing lazy constraints for Divergent (#26288)
  • Avoid recursion when projecting narrowing constraints (#26276)
  • Fix ParamSpec callable signature extraction for callable instances (#26279)
  • Make multi-arm TypeOf cycle recovery monotonic (#26275)

LSP server

  • Document all special forms in ty_extensions (#26263)

Performance

  • Avoid cloning fallback condition flow snapshots (#26203)
  • Avoid constructing discarded speculative diagnostics (#26251)
  • Avoid path lookups when sorting same-file diagnostics (#26257)
  • Cache is_never_satisfied results (#26261)
  • Defer applying type context to simple standalone expressions (#26252)

Core type checking

  • Infer types for names bound in match patterns (#25940)
  • Preserve regular kind for callable instances (#26253)
  • Simplify intersections of invariant generic types with Any specializations (#26127)

Contributors

0.0.52

Released on 2026-06-22.

Bug fixes

  • Avoid shadowing hints for attribute assignments (#26164)
  • Fix dict.pop overloads to accept arbitrary keys with defaults (#26241)
  • Normalize recursive TypeOf across multiple union arms (#26230)
  • Normalize recursive TypeOf growth during cycle recovery (#26163)
  • Normalize recursive protocol growth during cycle recovery (#26246)
  • Preserve generic alias identity during cycle recovery (#26166)

... (truncated)

Commits

Updates zizmor from 1.25.2 to 1.26.1

Release notes

Sourced from zizmor's releases.

v1.26.1

This is a small corrective release for 1.26.0.

v1.26.0

New Features 🌈🔗

  • New audit: typosquat-uses detects uses: clauses that reference likely typoed actions (#1985)

    Many thanks to @​andrew for proposing and implementing this improvement!

  • New audit: unsound-ternary detects pseudo-ternary expressions that don't evaluate as expected (#2085)

    Many thanks to @​terror for proposing and implementing this improvement!

  • New audit: adhoc-packages detects run: steps that install packages in an ad-hoc manner (#2061)

    Many thanks to @​connorshea for proposing and implementing this improvement!

Enhancements 🌱🔗

Performance Improvements 🚄🔗

  • Most online audits are significantly faster, thanks to more precise retry handling (#2036) Bug Fixes 🐛🔗

  • Fixed a bug where zizmor's LSP would not recognize dependabot.yaml files in its default configuration (#2026)

    Many thanks to @​fionn for implementing this fix!

  • Fixed a bug where ref-version-mismatch would fail to fully match some version comments (#2040)

  • Fixed a bug where dependabot-cooldown would fail to honor the user's configured days when performing autofixes (#2055)

  • Steps and jobs gated by statically-false if: conditions (e.g. if: false, if: ${{ false }}) are now skipped during auditing, since they cannot execute (#2059, #2069)

  • Fixed a bug where ref-version-mismatch would fail to identify some valid version comments (#2073)

  • Fixed a bug where unpinned-images would incorrectly flag empty matrix expansions as unpinned container image references (#2102)

  • Fixed a bug where unpinned-images would incorrectly flag some matrix expansions as unpinned (#2098)

  • The SARIF (--format=sarif) and GitHub Annotations (--format=github) output formats now provide more correct/useful paths, particularly when the user provides a relative path as input to zizmor rather than zizmor . (#1748, #2095)

... (truncated)

Changelog

Sourced from zizmor's changelog.

1.26.1

This is a small corrective release for 1.26.0.

1.26.0

New Features 🌈

  • New audit: [typosquat-uses] detects #!yaml uses: clauses that reference likely typoed actions (#1985)

    Many thanks to @​andrew for proposing and implementing this improvement!

  • New audit: [unsound-ternary] detects pseudo-ternary expressions that don't evaluate as expected (#2085)

    Many thanks to @​terror for proposing and implementing this improvement!

  • New audit: [adhoc-packages] detects #!yaml run: steps that install packages in an ad-hoc manner (#2061)

    Many thanks to @​connorshea for proposing and implementing this improvement!

Enhancements 🌱

  • The [cache-poisoning] audit now detects additional cache disablement heuristics (#2053)

  • The [known-vulnerable-actions] audit is now configurable. See the configuration documentation for details (#2084)

  • The [excessive-permissions] audit is now aware of the code-quality permission (#2088)

  • The [unpinned-uses] audit's auto-fix now uses the fully qualified version tag (e.g. # v6.0.2) when fixing a major-version ref (e.g. @v6) (#2127)

Performance Improvements 🚄

  • Most online audits are significantly faster, thanks to more precise retry handling (#2036)

Bug Fixes 🐛

  • Fixed a bug where zizmor's LSP would not recognize dependabot.yaml files in its default configuration (#2026)

    Many thanks to @​fionn for implementing this fix!

  • Fixed a bug where [ref-version-mismatch] would fail to fully match some version comments (#2040)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jul 1, 2026
@codecov

codecov Bot commented Jul 1, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (771278c) to head (c5e9e05).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff            @@
##              main      #163   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            8         8           
  Lines          318       318           
  Branches         9         9           
=========================================
  Hits           318       318           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Bumps the linters group with 4 updates: [basedpyright](https://github.com/detachhead/basedpyright), [ruff](https://github.com/astral-sh/ruff), [ty](https://github.com/astral-sh/ty) and [zizmor](https://github.com/zizmorcore/zizmor).


Updates `basedpyright` from 1.39.6 to 1.39.8
- [Release notes](https://github.com/detachhead/basedpyright/releases)
- [Commits](DetachHead/basedpyright@v1.39.6...v1.39.8)

Updates `ruff` from 0.15.14 to 0.15.19
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.14...0.15.19)

Updates `ty` from 0.0.39 to 0.0.53
- [Release notes](https://github.com/astral-sh/ty/releases)
- [Changelog](https://github.com/astral-sh/ty/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ty@0.0.39...0.0.53)

Updates `zizmor` from 1.25.2 to 1.26.1
- [Release notes](https://github.com/zizmorcore/zizmor/releases)
- [Changelog](https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md)
- [Commits](zizmorcore/zizmor@v1.25.2...v1.26.1)

---
updated-dependencies:
- dependency-name: basedpyright
  dependency-version: 1.39.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: linters
- dependency-name: ruff
  dependency-version: 0.15.19
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: linters
- dependency-name: ty
  dependency-version: 0.0.53
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: linters
- dependency-name: zizmor
  dependency-version: 1.26.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: linters
...

Signed-off-by: dependabot[bot] <support@github.com>
@jodal jodal force-pushed the dependabot/pip/linters-1df3371db3 branch from 66ca02a to c5e9e05 Compare July 1, 2026 14:46
@jodal jodal merged commit cffc2d1 into main Jul 1, 2026
13 checks passed
@jodal jodal deleted the dependabot/pip/linters-1df3371db3 branch July 1, 2026 14:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Development

Successfully merging this pull request may close these issues.

1 participant