Skip to content

chore(deps): bump the all-dependencies group with 4 updates#758

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/uv/all-dependencies-6389b7306d
Open

chore(deps): bump the all-dependencies group with 4 updates#758
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/uv/all-dependencies-6389b7306d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the all-dependencies group with 4 updates: ruff, tox, uv and click.

Updates ruff from 0.15.18 to 0.15.20

Release notes

Sourced from ruff's releases.

0.15.20

Release Notes

Released on 2026-06-25.

Preview features

  • Allow human-readable names in rule selectors (#25887)
  • Emit a warning instead of an error for unknown rule selectors (#26113)
  • Match noqa shebang handling in ruff:ignore comments (#26286)
  • [ruff] Remove pytest-fixture-autouse (RUF076) (#26240, #26371)

Documentation

  • Add versioning sections to custom crate READMEs (#26317)
  • Update ruff_python_parser README for crates.io (#26315)
  • [perflint] Clarify that PERF402 applies to any iterable (#26242)

Contributors

Install ruff 0.15.20

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.ps1 | iex"

Download ruff 0.15.20

File Platform Checksum
ruff-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
ruff-x86_64-apple-darwin.tar.gz Intel macOS checksum
ruff-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
ruff-i686-pc-windows-msvc.zip x86 Windows checksum
ruff-x86_64-pc-windows-msvc.zip x64 Windows checksum
ruff-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
ruff-i686-unknown-linux-gnu.tar.gz x86 Linux checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.20

Released on 2026-06-25.

Preview features

  • Allow human-readable names in rule selectors (#25887)
  • Emit a warning instead of an error for unknown rule selectors (#26113)
  • Match noqa shebang handling in ruff:ignore comments (#26286)
  • [ruff] Remove pytest-fixture-autouse (RUF076) (#26240, #26371)

Documentation

  • Add versioning sections to custom crate READMEs (#26317)
  • Update ruff_python_parser README for crates.io (#26315)
  • [perflint] Clarify that PERF402 applies to any iterable (#26242)

Contributors

0.15.19

Released on 2026-06-23.

Preview features

  • Support human-readable names when hovering suppression comments and in code actions (#26114)

Bug fixes

  • Fall back to default settings when editor-only settings are invalid (#26244)
  • Fix panic when inserting text at a notebook cell boundary (#26111)

Rule changes

  • [pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#26239)

Performance

  • Avoid allocating when parsing single string literals (#26200)
  • Avoid reallocating singleton call arguments (#26223)
  • Lazily create source files for lint diagnostics (#26226)
  • Optimize formatter text width and indentation (#26236)
  • Reserve capacity for builtin bindings (#26229)
  • Skip repeated-key checks for singleton dictionaries (#26228)
  • Use ArrayVec for qualified name segments (#26224)

... (truncated)

Commits
  • f82a36b Bump 0.15.20 (#26376)
  • af32943 Improve the summarise-ecosystem-results skill (#26378)
  • 485ebab Remove RUF076 name from schema (#26371)
  • ef81835 [ty] Implement rust-analyzer's "Click for full compiler diagnostic" feature (...
  • 572b31e [ruff] Remove pytest-fixture-autouse (RUF076) (#26240)
  • f703f21 Allow human-readable names in rule selectors (#25887)
  • 0d726b2 [ty] Reuse equality semantics for membership compatibility (#25955)
  • dbe6e98 [ty] Infer definite equality comparison results (#26337)
  • e700ea3 [ty] Prove TypedDict structural patterns exhaustive (#26285)
  • 6a0d2ec [ty] Widen inferred class-valued instance attributes (#26338)
  • Additional commits viewable in compare view

Updates tox from 4.55.1 to 4.56.1

Release notes

Sourced from tox's releases.

v4.56.1

What's Changed

New Contributors

Full Changelog: tox-dev/tox@4.56.0...4.56.1

v4.56.0

What's Changed

New Contributors

Full Changelog: tox-dev/tox@4.55.1...4.56.0

Changelog

Sourced from tox's changelog.

Bug fixes - 4.56.1

  • Fix { replace = "if" ... extend = true } corrupting the resulting list when then or else is a scalar string (e.g. then = "-v"): a non-empty scalar string is now appended as a single element instead of being iterated character-by-character, while a false if with no else (yielding "") contributes nothing rather than an empty element, and list/set results are still spread into the parent. (:issue:3969)

v4.56.0 (2026-06-23)

Features - 4.56.0

  • Derive :ref:virtualenv_spec automatically: when an environment targets a Python version the installed :pypi:virtualenv can no longer create (e.g. py38 with virtualenv 21.5+), tox now pins the newest virtualenv that still supports it and bootstraps it for that environment only. The downgrade happens only when every base_python candidate is unsupported, so environments targeting current interpreters are unaffected. This fixes py38 (and other end-of-life interpreters) being silently skipped after a virtualenv upgrade - by :user:gaborbernat. (:issue:3965) (:issue:3965)

Bug fixes - 4.56.0

  • The default value of skip_missing_interpreters changed from True to False — missing interpreters now fail the run by default, matching tox 3 behavior. The tox 4 rewrite unintentionally changed this default. To restore the previous (incorrect) behavior, set skip_missing_interpreters = true in your tox configuration or pass --skip-missing-interpreters on the command line. (:issue:3965)

Improved documentation - 4.56.0

  • Fix nested list items being rendered with continued numbering instead of as sub-items in development.rst, onboarding.rst and explanation.rst. (:issue:3960)
  • Replace stale http://tox.readthedocs.org URL with https://tox.wiki in pyproject.toml (Homepage), .github/CONTRIBUTING.md, and .github/PULL_REQUEST_TEMPLATE.md. (:issue:3963)

v4.55.1 (2026-06-03)

Commits

Updates uv from 0.11.23 to 0.11.25

Release notes

Sourced from uv's releases.

0.11.25

Release Notes

Released on 2026-06-26.

Security

This release updates our tar library, astral-tokio-tar, to v0.6.3, which includes over 20 changes that harden our tar handling against parser differentials. uv may reject source distributions with malformed or ambiguous content that were previously accepted.

See the upstream commits for a full list of changes.

Enhancements

  • Add a full "lockfile" to tool receipts (#18937)
  • Allow scoped overrides to add dependencies (#19974)
  • Avoid writing redundant lockfile markers with tool.uv.environments (#19933)
  • Factor supported environments out of lockfile markers (#19969)
  • Recommend our own build backend in the build frontend (#19994)
  • Reject wheels with multiple .dist-info directories (#19986)
  • Simplify dependency markers under parent reachability (#19971)
  • Support scoped dependency exclusions (#19977)
  • Support scoped dependency overrides (#19970)
  • Explain why files are skipped in registry index parsing (#19983)

Preview features

  • Add uv workspace list --scripts (#20009)
  • Support centralised environments in uv venv (#19912)
  • Use locked ty versions in uv check (#19884)
  • Add centralized storage of project environments (#18214)
  • Verify lockfile hashes before reusing a cached ty in uv check (#19995)
  • Use locked dependency selection for uv check --script (#19989)

Bug fixes

  • Preserve standalone markers in workspace metadata (#20011)
  • Reject uv build if the cache dir is enclosed (#19991)

Install uv 0.11.25

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.25/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.25/uv-installer.ps1 | iex"
</tr></table>

... (truncated)

Changelog

Sourced from uv's changelog.

0.11.25

Released on 2026-06-26.

Security

This release updates our tar library, astral-tokio-tar, to v0.6.3, which includes over 20 changes that harden our tar handling against parser differentials. uv may reject source distributions with malformed or ambiguous content that were previously accepted.

See the upstream commits for a full list of changes.

Enhancements

  • Add a full "lockfile" to tool receipts (#18937)
  • Allow scoped overrides to add dependencies (#19974)
  • Avoid writing redundant lockfile markers with tool.uv.environments (#19933)
  • Factor supported environments out of lockfile markers (#19969)
  • Recommend our own build backend in the build frontend (#19994)
  • Reject wheels with multiple .dist-info directories (#19986)
  • Simplify dependency markers under parent reachability (#19971)
  • Support scoped dependency exclusions (#19977)
  • Support scoped dependency overrides (#19970)
  • Explain why files are skipped in registry index parsing (#19983)

Preview features

  • Add uv workspace list --scripts (#20009)
  • Support centralised environments in uv venv (#19912)
  • Use locked ty versions in uv check (#19884)
  • Add centralized storage of project environments (#18214)
  • Verify lockfile hashes before reusing a cached ty in uv check (#19995)
  • Use locked dependency selection for uv check --script (#19989)

Bug fixes

  • Preserve standalone markers in workspace metadata (#20011)
  • Reject uv build if the cache dir is enclosed (#19991)

0.11.24

Released on 2026-06-23.

Python

  • Add CPython 3.15.0b3 (#19964)

Preview features

  • Make project environments relocatable under preview (#19965)

Performance

... (truncated)

Commits

Updates click from 8.4.1 to 8.4.2

Release notes

Sourced from click's releases.

8.4.2

This is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.4.2/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-2 Milestone: https://github.com/pallets/click/milestone/34

  • Fix Fish shell completion broken in 8.4.0 by #3126. Newlines and tabs in option help text are now escaped, keeping the original completion format while still supporting multi-line help. #3502 #3043 #3504 #3508
  • Deprecated commands and options with empty or missing help text no longer render a stray leading space before the (DEPRECATED) label. #3509
  • A {class}Group with invoke_without_command=True marks its subcommand as optional in the usage help, showing [COMMAND] instead of COMMAND. #3059 #3507
  • echo_via_pager flushes after each write, so passing a generator streams output to the pager incrementally instead of staying hidden until the pipe buffer fills. #3242 #2542 #3534
  • echo_via_pager and get_pager_file no longer close a borrowed stdout stream when no external pager runs, completing the partial I/O operation on closed file fix from #3482. #3449 #3533
  • Fix CLI usage symopsis for optional arguments producing double square brackets [[a|b|c]]... whose type already brackets their metavar. #3578
  • {func}version_option resolves a package_name that does not match an installed distribution as an import (top-level module) name via {func}importlib.metadata.packages_distributions. Packages whose top-level module name differs from their distribution name (PIL vs Pillow, jwt vs PyJWT) no longer raise RuntimeError out of the box. #2331 #1884 #3125 #3582
Changelog

Sourced from click's changelog.

Version 8.4.2

Unreleased

  • Fix Fish shell completion broken in 8.4.0 by {pr}3126. Newlines and tabs in option help text are now escaped, keeping the original completion format while still supporting multi-line help. {issue}3502 {issue}3043 {pr}3504 {pr}3508
  • Deprecated commands and options with empty or missing help text no longer render a stray leading space before the (DEPRECATED) label. {pr}3509
  • A {class}Group with invoke_without_command=True marks its subcommand as optional in the usage help, showing [COMMAND] instead of COMMAND. {issue}3059 {pr}3507
  • echo_via_pager flushes after each write, so passing a generator streams output to the pager incrementally instead of staying hidden until the pipe buffer fills. {issue}3242 {issue}2542 {pr}3534
  • echo_via_pager and get_pager_file no longer close a borrowed stdout stream when no external pager runs, completing the partial I/O operation on closed file fix from {pr}3482. {issue}3449 {pr}3533
Commits
  • b2e30a1 Release version 8.4.2
  • 7a16b20 Fix package_name resolution when module differs from distribution name (#3582)
  • bec5928 Fix package_name resolution when top-level module differs from distribution...
  • 916883a Fix tests to not rely on -Wdefault option (#3591)
  • 09195f6 Fix double-bracketing of choices in synopsis (#3578)
  • 1557e26 Check for warning exception with idiomatic context manager
  • d9ff133 Static typing improvements in click.shell_completion (#3460)
  • 762c97e Fix double-bracketing of choices in synopsis
  • 8929d39 Convert changes to markdown. (#3559)
  • 237be50 Move changes headings down a level.
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the all-dependencies group with 4 updates
0f223e4 
Bumps the all-dependencies group with 4 updates: [ruff](https://github.com/astral-sh/ruff), [tox](https://github.com/tox-dev/tox), [uv](https://github.com/astral-sh/uv) and [click](https://github.com/pallets/click).


Updates `ruff` from 0.15.18 to 0.15.20
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.18...0.15.20)

Updates `tox` from 4.55.1 to 4.56.1
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst)
- [Commits](tox-dev/tox@4.55.1...4.56.1)

Updates `uv` from 0.11.23 to 0.11.25
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](astral-sh/uv@0.11.23...0.11.25)

Updates `click` from 8.4.1 to 8.4.2
- [Release notes](https://github.com/pallets/click/releases)
- [Changelog](https://github.com/pallets/click/blob/main/CHANGES.md)
- [Commits](pallets/click@8.4.1...8.4.2)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.15.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: tox
  dependency-version: 4.56.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: uv
  dependency-version: 0.11.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: click
  dependency-version: 8.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 29, 2026
@github-actions github-actions Bot enabled auto-merge (squash) June 29, 2026 16:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants