Skip to content

chore(deps): update all dependencies #384

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 27, 2025
Merged

chore(deps): update all dependencies #384

merged 1 commit into from
Oct 27, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Oct 27, 2025

This PR contains the following updates:

Package Change Age Confidence Type Update Pending
argcomplete (changelog) 3.6.2 -> 3.6.3 age confidence dependency-groups patch
astral-sh/ruff-pre-commit v0.14.1 -> v0.14.2 age confidence repository patch
astral-sh/uv-pre-commit 0.9.3 -> 0.9.5 age confidence repository patch
jsh9/pydoclint 0.7.3 -> 0.7.4 age confidence repository patch 0.7.6 (+1)
pycqa/pylint v4.0.1 -> v4.0.2 age confidence repository patch
All locks refreshed lockFileMaintenance
pip (changelog) 25.2 -> 25.3 age confidence dependency-groups minor
pydoclint 0.7.3 -> 0.7.4 age confidence dependency-groups patch 0.7.6 (+1)
pylint (changelog) 4.0.1 -> 4.0.2 age confidence dependency-groups patch
ruff (source, changelog) 0.14.1 -> 0.14.2 age confidence dependency-groups patch
tox (changelog) 4.31.0 -> 4.32.0 age confidence dependency-groups minor
uv (source, changelog) 0.9.4 -> 0.9.5 age confidence dependency-groups patch

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

Release Notes

kislyuk/argcomplete (argcomplete)

v3.6.3

Compare Source

===============================

  • Make RE PCRE compatible. Fixes #​539

  • Only execute Python interpreters (#​536)

  • fish: set variable scope to local to avoid clobbering global or
    universal variables (#​534)

  • Documentation and help improvements

astral-sh/ruff-pre-commit (astral-sh/ruff-pre-commit)

v0.14.2

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.14.2

astral-sh/uv-pre-commit (astral-sh/uv-pre-commit)

v0.9.5

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.9.5

v0.9.4

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.9.4

jsh9/pydoclint (jsh9/pydoclint)

v0.7.4

Compare Source

pycqa/pylint (pycqa/pylint)

v4.0.2

Compare Source

False Positives Fixed

  • Fix false positive for invalid-name on a partially uninferable module-level constant.

    Closes #​10652

  • Fix a false positive for invalid-name on exclusive module-level assignments
    composed of three or more branches. We won't raise disallowed-name on module-level names that can't be inferred
    until a further refactor to remove this false negative is done.

    Closes #​10664

  • Fix false positive for invalid-name for TypedDict instances.

    Closes #​10672

pypa/pip (pip)

v25.3

Compare Source

pylint-dev/pylint (pylint)

v4.0.2

Compare Source

False Positives Fixed

  • Fix false positive for invalid-name on a partially uninferable module-level constant.

    Closes #​10652

  • Fix a false positive for invalid-name on exclusive module-level assignments
    composed of three or more branches. We won't raise disallowed-name on module-level names that can't be inferred
    until a further refactor to remove this false negative is done.

    Closes #​10664

  • Fix false positive for invalid-name for TypedDict instances.

    Closes #​10672

astral-sh/ruff (ruff)

v0.14.2

Compare Source

Released on 2025-10-23.

Preview features
  • [flake8-gettext] Resolve qualified names and built-in bindings (INT001, INT002, INT003) (#​19045)
Bug fixes
  • Avoid reusing nested, interpolated quotes before Python 3.12 (#​20930)
  • Catch syntax errors in nested interpolations before Python 3.12 (#​20949)
  • [fastapi] Handle ellipsis defaults in FAST002 autofix (#​20810)
  • [flake8-simplify] Skip SIM911 when unknown arguments are present (#​20697)
  • [pyupgrade] Always parenthesize assignment expressions in fix for f-string (UP032) (#​21003)
  • [pyupgrade] Fix UP032 conversion for decimal ints with underscores (#​21022)
  • [fastapi] Skip autofix for keyword and __debug__ path params (FAST003) (#​20960)
Rule changes
  • [flake8-bugbear] Skip B905 and B912 for fewer than two iterables and no starred arguments (#​20998)
  • [ruff] Use DiagnosticTag for more pyflakes and pandas rules (#​20801)
CLI
  • Improve JSON output from ruff rule (#​20168)
Documentation
Other changes
  • [syntax-errors] Name is parameter and global (#​20426)
  • [syntax-errors] Alternative match patterns bind different names (#​20682)
Contributors
tox-dev/tox (tox)

v4.32.0

Compare Source

What's Changed

New Contributors

Full Changelog: tox-dev/tox@4.31.0...4.32.0

astral-sh/uv (uv)

v0.9.5

Compare Source

Released on 2025-10-21.

This release contains an upgrade to astral-tokio-tar, which addresses a vulnerability in tar extraction on malformed archives with mismatching size information between the ustar header and PAX extensions. While the astral-tokio-tar advisory has been graded as "high" due its potential broader impact, the specific impact to uv is low due to a lack of novel attacker capability. Specifically, uv only processes tar archives from source distributions, which already possess the capability for full arbitrary code execution by design, meaning that an attacker gains no additional capabilities through astral-tokio-tar.

Regardless, we take the hypothetical risk of parser differentials very seriously. Out of an abundance of caution, we have assigned this upgrade an advisory: GHSA-w476-p2h3-79g9

Security
  • Upgrade astral-tokio-tar to 0.5.6 to address a parsing differential (#​16387)
Enhancements
  • Add required environment marker example to hint (#​16244)
  • Fix typo in MissingTopLevel warning (#​16351)
  • Improve 403 Forbidden error message to indicate package may not exist (#​16353)
  • Add a hint on uv pip install failure if the --system flag is used to select an externally managed interpreter (#​16318)
Bug fixes
  • Fix backtick escaping for PowerShell (#​16307)
Documentation
  • Document metadata consistency expectation (#​15683)
  • Remove outdated aarch64 musl note (#​16385)

Configuration

📅 Schedule: Branch creation - "before 4am on monday" in timezone UTC, Automerge - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) in timezone UTC.

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner October 27, 2025 00:58
@renovate renovate bot enabled auto-merge (squash) October 27, 2025 00:58
@github-actions github-actions bot added chore and removed chore labels Oct 27, 2025
@github-actions github-actions bot added chore and removed chore labels Oct 27, 2025
@renovate renovate bot merged commit 50e2f0f into main Oct 27, 2025
18 checks passed
@renovate renovate bot deleted the renovate/all branch October 27, 2025 01:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ansibuddy ansibuddy ansibuddy approved these changes

Assignees

No one assigned

Labels

chore dependencies

Projects

🧰 devtools project board
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ansibuddy