Skip to content

deps: bump the python-dependencies group with 3 updates#16

Merged
Karib0u merged 1 commit into
mainfrom
dependabot/uv/python-dependencies-0266047290
Jun 16, 2026
Merged

deps: bump the python-dependencies group with 3 updates#16
Karib0u merged 1 commit into
mainfrom
dependabot/uv/python-dependencies-0266047290

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-dependencies group with 3 updates: yara-x, ruff and ty.

Updates yara-x from 1.17.0 to 1.18.0

Release notes

Sourced from yara-x's releases.

v1.18.0

  • Improve scan performance by ignoring patterns that can't match due to file header constraints (#676).
  • Optimize regular expression evaluation (#678).
  • New --cpu-limit option for the CLI (e9ee494).
  • BUGFIX: fix issues in atom extraction logic from regular expressions (#673).
  • BUGFIX: stack overflow when compiling rules if YARA-X uses musl (#666).

Contributors: @​FranciscoPombal @​webknjaz

Commits
  • 0f199ae fix: remove .js extension from module import path.
  • 8ca089a ci: upgrade to NodeJS 24.
  • 8f451e8 chore: bump version to 1.18.0.
  • 5ea6709 ci: upgrade Codecov workflow to version 7.0.0.
  • 08fd021 chore: upgrade daachorse to version 3.0.2.
  • e37701e chore(deps): bump pyo3 from 0.28.3 to 0.29.0 (#679)
  • 31e2ca6 style: run cargo fmt.
  • 1c10308 refactor: consolidate proto JSON and YAML serialization into yara-x-proto
  • 1c6bdc3 build: conditionalize ANSI support to Windows only
  • 630516b fix: prune header constraints on snapshot restore
  • Additional commits viewable in compare view

Updates ruff from 0.15.16 to 0.15.17

Release notes

Sourced from ruff's releases.

0.15.17

Release Notes

Released on 2026-06-11.

Preview features

  • Allow human-readable names in suppression comments (#25614)
  • Fix handling of ignore comments within a disable/enable pair (#25845)
  • Prioritize human-readable names in CLI output (#25869)
  • Respect diagnostic start and parent ranges and trailing comments in ruff:ignore suppressions (#25673)
  • [flake8-async] Add trio.as_safe_channel to safe decorators (ASYNC119) (#25775)
  • [flake8-pytest-style] Also check pytest_asyncio fixtures (#25375)
  • [ruff] Ban pytest autouse fixtures (RUF076) (#25477)
  • [pyupgrade] Add from __future__ import annotations automatically (UP007, UP045) (#23259)

Bug fixes

  • Fix diagnostic when ruff:enable or ruff:disable appears where ruff:ignore is expected (#25700)
  • [pyupgrade] Preserve leading empty literals to avoid syntax errors (UP032) (#25491)

Rule changes

  • [flake8-pytest-style] Clarify diagnostic message for single parameters (PT007) (#25592)
  • [numpy] Drop autofix for np.in1d (NPY201) (#25612)
  • [pylint] Exempt Python version comparisons (PLR2004) (#25743)

Performance

  • Reserve AST Vecs with correct capacity for common cases (#25451)

Formatter

  • Preserve whitespace for Quarto cell option comments (#25641)

CLI

  • Allow rule names in ruff rule (#25640)

Other changes

  • Fix playground diagnostics scrollbars (#25642)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.17

Released on 2026-06-11.

Preview features

  • Allow human-readable names in suppression comments (#25614)
  • Fix handling of ignore comments within a disable/enable pair (#25845)
  • Prioritize human-readable names in CLI output (#25869)
  • Respect diagnostic start and parent ranges and trailing comments in ruff:ignore suppressions (#25673)
  • [flake8-async] Add trio.as_safe_channel to safe decorators (ASYNC119) (#25775)
  • [flake8-pytest-style] Also check pytest_asyncio fixtures (#25375)
  • [ruff] Ban pytest autouse fixtures (RUF076) (#25477)
  • [pyupgrade] Add from __future__ import annotations automatically (UP007, UP045) (#23259)

Bug fixes

  • Fix diagnostic when ruff:enable or ruff:disable appears where ruff:ignore is expected (#25700)
  • [pyupgrade] Preserve leading empty literals to avoid syntax errors (UP032) (#25491)

Rule changes

  • [flake8-pytest-style] Clarify diagnostic message for single parameters (PT007) (#25592)
  • [numpy] Drop autofix for np.in1d (NPY201) (#25612)
  • [pylint] Exempt Python version comparisons (PLR2004) (#25743)

Performance

  • Reserve AST Vecs with correct capacity for common cases (#25451)

Formatter

  • Preserve whitespace for Quarto cell option comments (#25641)

CLI

  • Allow rule names in ruff rule (#25640)

Other changes

  • Fix playground diagnostics scrollbars (#25642)

Contributors

... (truncated)

Commits
  • 7c645a9 Bump 0.15.17 (#25872)
  • f381eb1 Prioritize human-readable names in CLI output (#25869)
  • b9b4546 Minor workflow simplification (#25870)
  • 1e77ba0 [ty] Move PreformattedBlockScanner to format-agnostic location. (#25856)
  • 6f2b772 [ty] Preserve nominal type of enum.property instances (#25849)
  • be4777c [ty] Fix site-package error when multiple versions of pythons are installed i...
  • 53f6ff7 Allow human-readable names in suppression comments (#25614)
  • 6740325 [ty] Restrict uncached raw signature access (#25866)
  • 970b1bf Auto-update snapshots when syncing typeshed (#25841)
  • 0785793 Fix handling of ignore comments within a disable/enable pair (#25845)
  • Additional commits viewable in compare view

Updates ty from 0.0.45 to 0.0.49

Release notes

Sourced from ty's releases.

0.0.49

Release Notes

Released on 2026-06-11.

Bug fixes

  • Fix site-package error when multiple versions of Python are installed in system path (#25769)

Diagnostics

  • Point at attribute's binding site in `invalid-await diagnostic (#24628)
  • Report redefined legacy TypeVars (#25854)

Performance

  • Add dedicated TDDs for narrowing constraints (#25834)
  • Avoid caching same-file raw signatures (#25761)
  • Cache reachability evaluations during inference (#25696)
  • Compact retained definition maps (#25737)
  • Omit redundant definition inference owner keys (#25837)

Core type checking

  • Preserve nominal type of enum.property instances (#25849)
  • Restrict length narrowing to types that encode their length (#25840)
  • Use peer context for collection literals (#25848)

Contributors

Install ty 0.0.49

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.49/ty-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ty/releases/download/0.0.49/ty-installer.ps1 | iex"

Download ty 0.0.49

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.49

Released on 2026-06-11.

Bug fixes

  • Fix site-package error when multiple versions of Python are installed in system path (#25769)

Diagnostics

  • Point at attribute's binding site in `invalid-await diagnostic (#24628)
  • Report redefined legacy TypeVars (#25854)

Performance

  • Add dedicated TDDs for narrowing constraints (#25834)
  • Avoid caching same-file raw signatures (#25761)
  • Cache reachability evaluations during inference (#25696)
  • Compact retained definition maps (#25737)
  • Omit redundant definition inference owner keys (#25837)

Core type checking

  • Preserve nominal type of enum.property instances (#25849)
  • Restrict length narrowing to types that encode their length (#25840)
  • Use peer context for collection literals (#25848)

Contributors

0.0.48

Released on 2026-06-10.

Performance

  • Avoid redundant constraint saturation work (#25786)

Core type checking

  • Add support for TypedDict extra_items (#25591)
  • Improve closed=True TypedDict precision (#25651)
  • Require subtyping for transitive constraint pivots (#25778)
  • Sync vendored typeshed stubs (#25828). Typeshed diff

Contributors

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps: bump the python-dependencies group with 3 updates
e516558 
Bumps the python-dependencies group with 3 updates: [yara-x](https://github.com/VirusTotal/yara-x), [ruff](https://github.com/astral-sh/ruff) and [ty](https://github.com/astral-sh/ty).


Updates `yara-x` from 1.17.0 to 1.18.0
- [Release notes](https://github.com/VirusTotal/yara-x/releases)
- [Commits](VirusTotal/yara-x@v1.17.0...v1.18.0)

Updates `ruff` from 0.15.16 to 0.15.17
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.16...0.15.17)

Updates `ty` from 0.0.45 to 0.0.49
- [Release notes](https://github.com/astral-sh/ty/releases)
- [Changelog](https://github.com/astral-sh/ty/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ty@0.0.45...0.0.49)

---
updated-dependencies:
- dependency-name: yara-x
  dependency-version: 1.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: ruff
  dependency-version: 0.15.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: ty
  dependency-version: 0.0.49
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 15, 2026
@Karib0u Karib0u merged commit 2147920 into main Jun 16, 2026
4 checks passed
@Karib0u Karib0u deleted the dependabot/uv/python-dependencies-0266047290 branch June 16, 2026 17:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Karib0u