Sourced from ty's releases.

0.0.16

Release Notes

Released on 2026-02-10.

Bug fixes

• Allow stringified argument in PEP-613 alias to Optional (#23200)
• Fix fuzzer panic on slice expression in unclosed comprehension (#23146)
• Fix combinatorial explosion due to fixed-length tuple expansion in overload matching (#23190)
• Respect @no_type_check when combined with other decorators (#23177)
• Fix diagnostic location for an incorrect sub-call to a specialized ParamSpec (#23036)

LSP server

• Assign lower completions ranking to deprecated functions and classes (#23089)
• Change goto-def for class constructors to always go to class definition (#23071)
• Ensure diagnostic mode is consistent across projects inside the LSP server (#23121)
• Don't include the class Foo in autocomplete suggestions when the user is typing out Foo's bases (#23141)
• Fix parameter references across files via keyword args (#23012)
• Fix wrong inlay hints for overloaded function arguments (#23179)
• Support diagnostics in newly created files inside neovim (#23095)
• Exclude already-included classes when providing completion suggestions for class bases (#23085)

CLI

• Add support for TY_OUTPUT_FORMAT environment variable (#23123)
• Fall back to python3 found in $PATH if no environment is found (#22843)

Type checking

• Add inconsistent-mro autofix to move Generic[] to the end of the bases list (#22998)
• Add precise return-type inference for struct.unpack (#22562, #23130)
• Disallow TypeVars within ClassVars (#23184)
• Emit diagnostic on unbound call to abstract @classmethod or @staticmethod (#23182)
• Fix false-positive diagnostics when providing the total= keyword to TypedDict classes that had PEP-695 type parameters (#23114)
• Narrow both left- and right-hand operands where possible (#23084)
• Narrow chained operators (#23093)
• Narrow equality subscripts on either operand (#23104)
• Recognize __dataclass_transform__ to support SQLModel (#23070)
• Relax the attribute narrowing condition to support deeper-nested attribute type narrowing (#22440)
• Support constrained TypeVar compatibility across function boundaries (#23103)
• Support comparison methods (__gt__, etc.) where a parameter is annotated with a Literal type (#23100)
• Support partially specialized type context (#22748)
• Use type context when inferring constructor argument types (#23139)
• Validate TypedDict constructor calls for generic aliases and type[...] targets (#23113)

Performance

• Conservative narrowing places optimization (#22734)

... (truncated)

Sourced from ty's changelog.

0.0.16

Released on 2026-02-10.

Bug fixes

• Allow stringified argument in PEP-613 alias to Optional (#23200)
• Fix fuzzer panic on slice expression in unclosed comprehension (#23146)
• Fix combinatorial explosion due to fixed-length tuple expansion in overload matching (#23190)
• Respect @no_type_check when combined with other decorators (#23177)
• Fix diagnostic location for an incorrect sub-call to a specialized ParamSpec (#23036)

LSP server

• Assign lower completions ranking to deprecated functions and classes (#23089)
• Change goto-def for class constructors to always go to class definition (#23071)
• Ensure diagnostic mode is consistent across projects inside the LSP server (#23121)
• Don't include the class Foo in autocomplete suggestions when the user is typing out Foo's bases (#23141)
• Fix parameter references across files via keyword args (#23012)
• Fix wrong inlay hints for overloaded function arguments (#23179)
• Support diagnostics in newly created files inside neovim (#23095)
• Exclude already-included classes when providing completion suggestions for class bases (#23085)

CLI

• Add support for TY_OUTPUT_FORMAT environment variable (#23123)
• Fall back to python3 found in $PATH if no environment is found (#22843)

Type checking

• Add inconsistent-mro autofix to move Generic[] to the end of the bases list (#22998)
• Add precise return-type inference for struct.unpack (#22562, #23130)
• Disallow TypeVars within ClassVars (#23184)
• Emit diagnostic on unbound call to abstract @classmethod or @staticmethod (#23182)
• Fix false-positive diagnostics when providing the total= keyword to TypedDict classes that had PEP-695 type parameters (#23114)
• Narrow both left- and right-hand operands where possible (#23084)
• Narrow chained operators (#23093)
• Narrow equality subscripts on either operand (#23104)
• Recognize __dataclass_transform__ to support SQLModel (#23070)
• Relax the attribute narrowing condition to support deeper-nested attribute type narrowing (#22440)
• Support constrained TypeVar compatibility across function boundaries (#23103)
• Support comparison methods (__gt__, etc.) where a parameter is annotated with a Literal type (#23100)
• Support partially specialized type context (#22748)
• Use type context when inferring constructor argument types (#23139)
• Validate TypedDict constructor calls for generic aliases and type[...] targets (#23113)

Performance

• Conservative narrowing places optimization (#22734)

... (truncated)

• e96ea4c Bump version to 0.0.16 (#2779)
• b393d32 Update docker/login-action action to v3.7.0 (#2754)
• 532b111 Update actions/cache action to v5.0.3 (#2751)
• 61b0376 Update astral-sh/setup-uv action to v7.3.0 (#2753)
• 216f8dc Update prek dependencies (#2752)
• 044af7f FAQ: Why doesn't ty warn about missing type annotations? (#2721)
• See full diff in compare view

Sourced from huggingface-hub's releases.

[v1.4.1] Fix file corruption when server ignores Range header on download retry

Fix file corruption when server ignores Range header on download retry. Full details in huggingface/huggingface_hub#3778 by @​XciD.

Full Changelog: huggingface/huggingface_hub@v1.4.0...v1.4.1

• 5035d73 Release: v1.4.1
• 8d3db25 Fix file corruption when server ignores Range header on download retry (#3778)
• See full diff in compare view

Sourced from picklescan's releases.

v1.0.2

What's Changed

• Make CodeType test payload more realistic by @​mmaitre314 in mmaitre314/picklescan#62
• Include/exclude paths by @​mmaitre314 in mmaitre314/picklescan#63

Full Changelog: mmaitre314/picklescan@v1.0.1...v1.0.2

• 9f8b998 Users/mmaitre/include exclude (#63)
• b3d7a79 Make CodeType test payload more realistic (#62)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions