⬆️ deps: Update dependencies (non-major)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
pyo3	dependencies	patch	0.24.0 -> 0.24.1
ruff (source, changelog)	project.optional-dependencies	patch	==0.11.2 -> ==0.11.5

---

Release Notes

pyo3/pyo3 (pyo3)

v0.24.1

Compare Source

This release is a security fix for the PyString::from_object method, which passed &str data to the Python C API without checking for a terminating nul byte. All historical PyO3 versions are affected, and we recommend you upgrade if you are using PyString::from_object. Thank you to @​vthib for the report and @​Dr-Emann for the fix. A RUSTSEC advisory will be published shortly.

Aside from the security fix, this release contains a number of other non-breaking additions:

• An abi3-py313 feature to support compiling with the Python 3.13 stable ABI.
• PyAnyMethods::getattr_opt to get optional attributes without paying the cost of a Python exception when the attribute in question does not exist.
• Constructor for PyInt::new.
• with_critical_section2 for locking two objects at the same time on the free-threaded build.
• Fix for a PyO3 0.24.0 regression with Option<&str> and Option<&T> (where T: PyClass) function arguments no longer being permitted

There are also a few other small bug fixes for edge cases, mostly related to compile errors from PyO3's macro code.

Thank you to the following contributors for the improvements:

@​bschoenmaeckers
@​davidhewitt
@​Dr-Emann
@​emmagordon
@​epontan
@​Icxolu
@​IvanIsCoding
@​jelmer
@​jonaspleyer
@​ngoldbaum
@​Owen-CH-Leung
@​Tpt
@​Trolldemorted
@​XuehaiPan

astral-sh/ruff (ruff)

v0.11.5

Compare Source

Preview features

• [airflow] Add missing AIR302 attribute check (#​17115)
• [airflow] Expand module path check to individual symbols (AIR302) (#​17278)
• [airflow] Extract AIR312 from AIR302 rules (AIR302, AIR312) (#​17152)
• [airflow] Update oudated AIR301, AIR302 rules (#​17123)
• [syntax-errors] Async comprehension in sync comprehension (#​17177)
• [syntax-errors] Check annotations in annotated assignments (#​17283)
• [syntax-errors] Extend annotation checks to await (#​17282)

Bug fixes

• [flake8-pie] Avoid false positive for multiple assignment with auto() (PIE796) (#​17274)

Rule changes

• [ruff] Fix RUF100 to detect unused file-level noqa directives with specific codes (#​17042) (#​17061)
• [flake8-pytest-style] Avoid false positive for legacy form of pytest.raises (PT011) (#​17231)

Documentation

• Fix formatting of "See Style Guide" link (#​17272)

v0.11.4

Compare Source

Preview features

• [ruff] Implement invalid-rule-code as RUF102 (#​17138)
• [syntax-errors] Detect duplicate keys in match mapping patterns (#​17129)
• [syntax-errors] Detect duplicate attributes in match class patterns (#​17186)
• [syntax-errors] Detect invalid syntax in annotations (#​17101)

Bug fixes

• [syntax-errors] Fix multiple assignment error for class fields in match patterns (#​17184)
• Don't skip visiting non-tuple slice in typing.Annotated subscripts (#​17201)

v0.11.3

Compare Source

Preview features

• [airflow] Add more autofixes for AIR302 (#​16876, #​16977, #​16976, #​16965)
• [airflow] Move AIR301 to AIR002 (#​16978)
• [airflow] Move AIR302 to AIR301 and AIR303 to AIR302 (#​17151)
• [flake8-bandit] Mark str and list[str] literals as trusted input (S603) (#​17136)
• [ruff] Support slices in RUF005 (#​17078)
• [syntax-errors] Start detecting compile-time syntax errors (#​16106)
• [syntax-errors] Duplicate type parameter names (#​16858)
• [syntax-errors] Irrefutable case pattern before final case (#​16905)
• [syntax-errors] Multiple assignments in case pattern (#​16957)
• [syntax-errors] Single starred assignment target (#​17024)
• [syntax-errors] Starred expressions in return, yield, and for (#​17134)
• [syntax-errors] Store to or delete __debug__ (#​16984)

Bug fixes

• Error instead of panic! when running Ruff from a deleted directory (#​16903) (#​17054)
• [syntax-errors] Fix false positive for parenthesized tuple index (#​16948)

CLI

• Check pyproject.toml correctly when it is passed via stdin (#​16971)

Configuration

• [flake8-import-conventions] Add import numpy.typing as npt to default flake8-import-conventions.aliases (#​17133)

Documentation

• [refurb] Document why UserDict, UserList, and UserString are preferred over dict, list, and str (FURB189) (#​16927)

---

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.