Skip to content

Bump the python group with 2 updates#3697

Merged
mergify[bot] merged 1 commit into
mainfrom
dependabot/pip/python-3681669d03
Jun 22, 2026
Merged

Bump the python group with 2 updates#3697
mergify[bot] merged 1 commit into
mainfrom
dependabot/pip/python-3681669d03

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Warning

Dependabot will stop supporting python v3.9!

Please upgrade to one of the following versions: v3.9, v3.10, v3.11, v3.12, v3.13, or v3.14.

Bumps the python group with 2 updates: uv and ruff.

Updates uv from 0.11.21 to 0.11.23

Release notes

Sourced from uv's releases.

0.11.23

Release Notes

Released on 2026-06-19.

Bug fixes

  • Revert "Fix transparent Python upgrades in project environments" to mitigate unintended breakage in pre-commit-uv (#19925)
  • Restore old behavior where workspace members "hidden" by an intermediate pyproject.toml would be treated as standalone projects (#19926)

Install uv 0.11.23

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-installer.ps1 | iex"

Download uv 0.11.23

File Platform Checksum
uv-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
uv-x86_64-apple-darwin.tar.gz Intel macOS checksum
uv-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
uv-i686-pc-windows-msvc.zip x86 Windows checksum
uv-x86_64-pc-windows-msvc.zip x64 Windows checksum
uv-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
uv-i686-unknown-linux-gnu.tar.gz x86 Linux checksum
uv-powerpc64le-unknown-linux-gnu.tar.gz PPC64LE Linux checksum
uv-riscv64gc-unknown-linux-gnu.tar.gz RISCV Linux checksum
uv-s390x-unknown-linux-gnu.tar.gz S390x Linux checksum
uv-x86_64-unknown-linux-gnu.tar.gz x64 Linux checksum
uv-armv7-unknown-linux-gnueabihf.tar.gz ARMv7 Linux checksum
uv-aarch64-unknown-linux-musl.tar.gz ARM64 MUSL Linux checksum
uv-i686-unknown-linux-musl.tar.gz x86 MUSL Linux checksum
uv-riscv64gc-unknown-linux-musl.tar.gz RISCV MUSL Linux checksum
uv-x86_64-unknown-linux-musl.tar.gz x64 MUSL Linux checksum
uv-arm-unknown-linux-musleabihf.tar.gz ARMv6 MUSL Linux (Hardfloat) checksum
uv-armv7-unknown-linux-musleabihf.tar.gz ARMv7 MUSL Linux checksum

Verifying GitHub Artifact Attestations

The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:

... (truncated)

Changelog

Sourced from uv's changelog.

0.11.23

Released on 2026-06-19.

Bug fixes

  • Revert "Fix transparent Python upgrades in project environments" to mitigate unintended breakage in pre-commit-uv (#19925)
  • Restore old behavior where workspace members "hidden" by an intermediate pyproject.toml would be treated as standalone projects (#19926)

0.11.22

Released on 2026-06-18.

Enhancements

  • Publish wheels before sdists in uv publish (#19831)
  • Add TY and RUFF env vars for providing paths for binaries used by uv format and uv check (#19821)

Preview features

  • Allow configuring preview features in uv.toml and pyproject.toml (#18437)
  • Update the lockfile during uv check --no-sync (#19909)
  • Add --script to uv check and uv metadata (#19860)
  • Report workspace-exclusive dependency groups in workspace metadata (#19862)
  • Support SARIF as a uv audit output (#19872)

Performance

  • Use a more deadlock-resistant concurrent hashmap in the resolver (#19532)

Bug fixes

  • Update string marker ordering semantics to match upstream clarified rules (#19808)
  • Reject extras that have the same normalized name (#19871)
  • Reject dependency group include-group entries that have additional fields (#19866)
  • Reject invalid UTF-8 URL credentials (#19814)
  • Validate that PEP 517 backend-paths exist when building sdists (#19834)
  • Validate that pylock.toml files do not have an unsupported a lock-version (#19869)
  • Validate that the environment satisfies the packages.requires-python of a pylock.toml (#19868)
  • Allow uv to be recursively invoked by PEP 517 build hooks (#19879)
  • Allow empty credentials.toml files (#19815)
  • Fix transparent Python upgrades in project environments (#19890)
  • Handle non-file editable URLs in uv pip list (#19867)
  • Fix incorrect output from uv tree --invert (#19910)
  • Fix environment locking of uv venv in a project (#19837)
  • Fix handling of workspace-exclusive dependency groups in uv tree (#19905)

Documentation

  • Archive the 0.10.x changelog (#19813)

... (truncated)

Commits

Updates ruff from 0.15.17 to 0.15.18

Release notes

Sourced from ruff's releases.

0.15.18

Release Notes

Released on 2026-06-18.

Preview features

  • Handle nested ruff:ignore comments (#25791)
  • Stop displaying severity in output (#26050)
  • Use human-readable names in CLI output (#25937)
  • Use human-readable names in LSP and playground diagnostics (#26058)
  • [pydocstyle] Prevent property docstrings starting with verbs (D421) (#23775)
  • [flake8-pyi] Extend PYI033 to Python files (#26129)

Bug fixes

  • Detect equivalent numeric mapping keys (#26009)
  • Detect mapping keys equivalent to booleans (#25982)
  • Detect repeated signed and complex dictionary keys (#26007)

Rule changes

  • [flake8-pyi] Rename PYI033 to legacy-type-comment (#26131)

Performance

  • Use ThinVec for call keywords (#25999)
  • Inline parser recovery context checks (#26038)
  • Match parser keywords as bytes (#26037)
  • Move value parsing out of lexing (#25360)

Server

  • Render subdiagnostics and secondary annotations as related information (#26011)

Documentation

  • Update fix availability for always-fixable rules (#26091)
  • [flake8-tidy-imports] Add fix safety section (TID252) (#17491)

Parser

  • Reject __debug__ lambda parameters (#26022)
  • Reject _ as a match-pattern target (#25977)
  • Reject multiple starred names in sequence patterns (#25976)
  • Reject parenthesized star imports (#26021)
  • Reject starred comprehension targets (#26023)
  • Reject unparenthesized generator expressions in class bases (#25978)
  • Reject yield expressions after commas (#26024)
  • Validate function type parameter default order (#25981)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.18

Released on 2026-06-18.

Preview features

  • Handle nested ruff:ignore comments (#25791)
  • Stop displaying severity in output (#26050)
  • Use human-readable names in CLI output (#25937)
  • Use human-readable names in LSP and playground diagnostics (#26058)
  • [pydocstyle] Prevent property docstrings starting with verbs (D421) (#23775)
  • [flake8-pyi] Extend PYI033 to Python files (#26129)

Bug fixes

  • Detect equivalent numeric mapping keys (#26009)
  • Detect mapping keys equivalent to booleans (#25982)
  • Detect repeated signed and complex dictionary keys (#26007)

Rule changes

  • [flake8-pyi] Rename PYI033 to legacy-type-comment (#26131)

Performance

  • Use ThinVec for call keywords (#25999)
  • Inline parser recovery context checks (#26038)
  • Match parser keywords as bytes (#26037)
  • Move value parsing out of lexing (#25360)

Server

  • Render subdiagnostics and secondary annotations as related information (#26011)

Documentation

  • Update fix availability for always-fixable rules (#26091)
  • [flake8-tidy-imports] Add fix safety section (TID252) (#17491)

Parser

  • Reject __debug__ lambda parameters (#26022)
  • Reject _ as a match-pattern target (#25977)
  • Reject multiple starred names in sequence patterns (#25976)
  • Reject parenthesized star imports (#26021)
  • Reject starred comprehension targets (#26023)
  • Reject unparenthesized generator expressions in class bases (#25978)
  • Reject yield expressions after commas (#26024)
  • Validate function type parameter default order (#25981)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the python group with 2 updates
a614b82 
Bumps the python group with 2 updates: [uv](https://github.com/astral-sh/uv) and [ruff](https://github.com/astral-sh/ruff).


Updates `uv` from 0.11.21 to 0.11.23
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](astral-sh/uv@0.11.21...0.11.23)

Updates `ruff` from 0.15.17 to 0.15.18
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.17...0.15.18)

---
updated-dependencies:
- dependency-name: uv
  dependency-version: 0.11.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python
- dependency-name: ruff
  dependency-version: 0.15.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 22, 2026
@mergify

mergify Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

Tick the box to add this pull request to the merge queue (same as @mergifyio queue).

  • Queue this pull request

@mergify mergify Bot merged commit 416b435 into main Jun 22, 2026
36 checks passed
@mergify mergify Bot deleted the dependabot/pip/python-3681669d03 branch June 22, 2026 12:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mergify mergify[bot] mergify[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants