Skip to content

build(deps-dev): bump the uv-dependencies group with 2 updates#115

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-dependencies-65e4499d90
Open

build(deps-dev): bump the uv-dependencies group with 2 updates#115
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-dependencies-65e4499d90

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 12, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on ruff and uv-build to permit the latest version.
Updates ruff from 0.15.20 to 0.15.21

Release notes

Sourced from ruff's releases.

0.15.21

Release Notes

Released on 2026-07-09.

Preview features

  • Add --add-ignore for adding ruff:ignore comments (#26346)
  • [flake8-comprehensions] Drop C409 tuple comprehension preview behavior (#25707)
  • Avoid whitespace normalization when formatting comments (#26455)
  • [pyupgrade] Lint and fix use of deprecated abc decorators (UP051) (#26417)

Bug fixes

  • Refine non-empty f-string detection (#26526)
  • Detect syntax errors in individual notebook cells (#26419)
  • [flake8-implicit-str-concat] Fix ISC003 autofix incorrectly stripping + from comments (#26554)

Rule changes

  • [flake8-executable] Mark EXE004 fix as unsafe (#26033)
  • [flake8-pyi] Mark PYI061 fixes as unsafe in Python files (#26533)
  • [pydocstyle] Skip overload-with-docstring in stub files (D418) (#26318)

Performance

  • Avoid per-token source index visitor calls (#26506)
  • Cache parenthesized expression boundaries in the formatter (#26344)
  • Improve performance of rendering edits in preview mode (#26565)
  • Inline fits_element in formatter (#26429)
  • Inline formatter printing hot paths (#26504)
  • Lazily create builtin bindings (#26510)
  • Skip empty trivia scans in the source indexer (#26507)
  • Use ICF for macOS release builds (#25780)

Formatter

  • Add --extend-exclude to ruff format (#26372)

Documentation

  • Add "How does Ruff's import sorting compare to isort?" link to README (#26530)
  • Fix Mozilla Firefox repository link in README (#26537)
  • [flake8-bandit] Fix misleading docstring for mako-templates (S702) (#26432)
  • [ruff] Fix non-triggering example for if-key-in-dict-del (RUF051) (#26433)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.21

Released on 2026-07-09.

Preview features

  • Add --add-ignore for adding ruff:ignore comments (#26346)
  • [flake8-comprehensions] Drop C409 tuple comprehension preview behavior (#25707)
  • Avoid whitespace normalization when formatting comments (#26455)
  • [pyupgrade] Lint and fix use of deprecated abc decorators (UP051) (#26417)

Bug fixes

  • Refine non-empty f-string detection (#26526)
  • Detect syntax errors in individual notebook cells (#26419)
  • [flake8-implicit-str-concat] Fix ISC003 autofix incorrectly stripping + from comments (#26554)

Rule changes

  • [flake8-executable] Mark EXE004 fix as unsafe (#26033)
  • [flake8-pyi] Mark PYI061 fixes as unsafe in Python files (#26533)
  • [pydocstyle] Skip overload-with-docstring in stub files (D418) (#26318)

Performance

  • Avoid per-token source index visitor calls (#26506)
  • Cache parenthesized expression boundaries in the formatter (#26344)
  • Improve performance of rendering edits in preview mode (#26565)
  • Inline fits_element in formatter (#26429)
  • Inline formatter printing hot paths (#26504)
  • Lazily create builtin bindings (#26510)
  • Skip empty trivia scans in the source indexer (#26507)
  • Use ICF for macOS release builds (#25780)

Formatter

  • Add --extend-exclude to ruff format (#26372)

Documentation

  • Add "How does Ruff's import sorting compare to isort?" link to README (#26530)
  • Fix Mozilla Firefox repository link in README (#26537)
  • [flake8-bandit] Fix misleading docstring for mako-templates (S702) (#26432)
  • [ruff] Fix non-triggering example for if-key-in-dict-del (RUF051) (#26433)

Contributors

... (truncated)

Commits

Updates uv-build to 0.11.28

Release notes

Sourced from uv-build's releases.

0.11.28

Release Notes

Released on 2026-07-07.

Security

This release updates our ZIP library, astral-async-zip, to v0.0.20, which includes 15 changes that harden our ZIP handling against parser differentials. uv may reject ZIP archives with malformed or ambiguous content that were previously accepted.

See the upstream commits for a full list of changes.

Python

  • Upgrade GraalPy to 25.1.3 (#20069)

Enhancements

  • Improve trace logs for unexpected error chains (#20220)
  • Move lockfile update guidance to a hint (#20219)
  • Preserve indentation for multiline error causes (#20156)
  • Render user errors with their cause chains (#20217)
  • Route final command errors through the printer to respect -q and -qq (#20163)
  • Use standard rendering for uv build errors (#20159)
  • Use standard rendering for tool requirement errors (#20160)

Performance

  • Only compile bytecode for installed distributions in uv pip install (#19914)
  • Avoid allocating URL-safe Git revisions (#20194)
  • Avoid allocating canonical Python request strings (#20193)
  • Avoid allocating custom Astral mirror URLs (#20204)
  • Avoid allocating expanded compatibility tags (#20190)
  • Avoid allocating shell strings that need no escaping (#20196)
  • Avoid allocating static ABI descriptions (#20201)
  • Avoid allocating static Windows executable names (#20200)
  • Avoid allocating static dependency table names (#20199)
  • Avoid allocating static platform triple components (#20195)
  • Avoid allocating static resolver report labels (#20198)
  • Avoid allocating static unavailable-version messages (#20197)
  • Avoid allocating unchanged Python download architectures (#20202)
  • Avoid allocating unchanged paths during case normalization (#20203)
  • Avoid allocations when expanding group conflicts (#20211)
  • Avoid allocations when formatting requirements (#20206)
  • Avoid cloning credential lookup services (#20210)
  • Avoid cloning dry-run distributions (#20209)
  • Avoid cloning owned dependency metadata (#20212)
  • Avoid redundant direct URL clones (#20207)
  • Create metadata version errors lazily (#20205)
  • Optimize expanded tag compatibility checks (#20171)
  • Optimize parsing of single-digit three-part versions (#20118)

... (truncated)

Changelog

Sourced from uv-build's changelog.

0.11.28

Released on 2026-07-07.

Security

This release updates our ZIP library, astral-async-zip, to v0.0.20, which includes 15 changes that harden our ZIP handling against parser differentials. uv may reject ZIP archives with malformed or ambiguous content that were previously accepted.

See the upstream commits for a full list of changes.

Python

  • Upgrade GraalPy to 25.1.3 (#20069)

Enhancements

  • Improve trace logs for unexpected error chains (#20220)
  • Move lockfile update guidance to a hint (#20219)
  • Preserve indentation for multiline error causes (#20156)
  • Render user errors with their cause chains (#20217)
  • Route final command errors through the printer to respect -q and -qq (#20163)
  • Use standard rendering for uv build errors (#20159)
  • Use standard rendering for tool requirement errors (#20160)

Performance

  • Only compile bytecode for installed distributions in uv pip install (#19914)
  • Avoid allocating URL-safe Git revisions (#20194)
  • Avoid allocating canonical Python request strings (#20193)
  • Avoid allocating custom Astral mirror URLs (#20204)
  • Avoid allocating expanded compatibility tags (#20190)
  • Avoid allocating shell strings that need no escaping (#20196)
  • Avoid allocating static ABI descriptions (#20201)
  • Avoid allocating static Windows executable names (#20200)
  • Avoid allocating static dependency table names (#20199)
  • Avoid allocating static platform triple components (#20195)
  • Avoid allocating static resolver report labels (#20198)
  • Avoid allocating static unavailable-version messages (#20197)
  • Avoid allocating unchanged Python download architectures (#20202)
  • Avoid allocating unchanged paths during case normalization (#20203)
  • Avoid allocations when expanding group conflicts (#20211)
  • Avoid allocations when formatting requirements (#20206)
  • Avoid cloning credential lookup services (#20210)
  • Avoid cloning dry-run distributions (#20209)
  • Avoid cloning owned dependency metadata (#20212)
  • Avoid redundant direct URL clones (#20207)
  • Create metadata version errors lazily (#20205)
  • Optimize expanded tag compatibility checks (#20171)
  • Optimize parsing of single-digit three-part versions (#20118)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Updates the requirements on [ruff](https://github.com/astral-sh/ruff) and [uv-build](https://github.com/astral-sh/uv) to permit the latest version.

Updates `ruff` from 0.15.20 to 0.15.21
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.20...0.15.21)

Updates `uv-build` to 0.11.28
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](astral-sh/uv@0.11.26...0.11.28)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.15.21
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: uv-dependencies
- dependency-name: uv-build
  dependency-version: 0.11.28
  dependency-type: direct:development
  dependency-group: uv-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants