Skip to content

Bump the all group with 3 updates#246

Merged
thomas-chauchefoin-tob merged 1 commit intomasterfrom
dependabot/uv/all-92aaccfd21
Mar 12, 2026
Merged

Bump the all group with 3 updates#246
thomas-chauchefoin-tob merged 1 commit intomasterfrom
dependabot/uv/all-92aaccfd21

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 12, 2026

Bumps the all group with 3 updates: ruff, ty and huggingface-hub.

Updates ruff from 0.15.2 to 0.15.4

Release notes

Sourced from ruff's releases.

0.15.4

Release Notes

Released on 2026-02-26.

This is a follow-up release to 0.15.3 that resolves a panic when the new rule PLR1712 was enabled with any rule that analyzes definitions, such as many of the ANN or D rules.

Bug fixes

  • Fix panic on access to definitions after analyzing definitions (#23588)
  • [pyflakes] Suppress false positive in F821 for names used before del in stub files (#23550)

Documentation

  • Clarify first-party import detection in Ruff (#23591)
  • Fix incorrect import-heading example (#23568)

Contributors

Install ruff 0.15.4

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.ps1 | iex"

Download ruff 0.15.4

File Platform Checksum
ruff-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
ruff-x86_64-apple-darwin.tar.gz Intel macOS checksum
ruff-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
ruff-i686-pc-windows-msvc.zip x86 Windows checksum
ruff-x86_64-pc-windows-msvc.zip x64 Windows checksum
ruff-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
ruff-i686-unknown-linux-gnu.tar.gz x86 Linux checksum
ruff-powerpc64-unknown-linux-gnu.tar.gz PPC64 Linux checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.4

Released on 2026-02-26.

This is a follow-up release to 0.15.3 that resolves a panic when the new rule PLR1712 was enabled with any rule that analyzes definitions, such as many of the ANN or D rules.

Bug fixes

  • Fix panic on access to definitions after analyzing definitions (#23588)
  • [pyflakes] Suppress false positive in F821 for names used before del in stub files (#23550)

Documentation

  • Clarify first-party import detection in Ruff (#23591)
  • Fix incorrect import-heading example (#23568)

Contributors

0.15.3

Released on 2026-02-26.

Preview features

  • Drop explicit support for .qmd file extension (#23572)

    This can now be enabled instead by setting the extension option:

    # ruff.toml
extension = { qmd = "markdown" }
pyproject.toml
[tool.ruff]
extension = { qmd = "markdown" }

  • Include configured extensions in file discovery (#23400)

  • [flake8-bandit] Allow suspicious imports in TYPE_CHECKING blocks (S401-S415) (#23441)

  • [flake8-bugbear] Allow B901 in pytest hook wrappers (#21931)

  • [flake8-import-conventions] Add missing conventions from upstream (ICN001, ICN002) (#21373)

... (truncated)

Commits
  • f14edd8 Bump 0.15.4 (#23595)
  • fd09d37 Fix panic on access to definitions after analyzing definitions (#23588)
  • 81d655f [pyflakes] suppress false positive in F821 for names used before del in...
  • 625b4f5 [ruff] docs: Clarify first-party import detection in Ruff (#23591)
  • 60facfa one word typo fix in a while_loop.md test case (#23589)
  • fbb9fa7 docs: fix incorrect import-heading example (#23568)
  • 5bc49a9 Increase the ruleset size to 16 bits (#23586)
  • a62ba8c [ty] Fix overloaded callable assignability for unary Callable targets (#23277)
  • e5f2f36 Bump 0.15.3 (#23585)
  • 0e19fc9 [ty] defer calculating conjunctions in narrowing constraints (#23552)
  • Additional commits viewable in compare view

Updates ty from 0.0.18 to 0.0.20

Release notes

Sourced from ty's releases.

0.0.20

Release Notes

Released on 2026-03-02.

Bug fixes

  • Disallow negative narrowing for isinstance() or issubclass() checks involving type[] types (#23598)
  • Fix binary operations between an instance of a NewType of float and an instance of Any/Unknown (#23620)
  • Fix bug where ty would think that a Callable with a variadic positional parameter could be a subtype of a Callable with a positional-or-keyword parameter (#23610)
  • Fix inference of t.__mro__ if t is an instance of type[Any] (#23632)
  • Fix overloaded callable assignability for unary Callable targets (#23277)
  • Limit recursion depth when displaying self-referential function types (#23647)
  • Ensure that python -m ty works even when ty was installed into an ephemeral virtual environment (#2852)

LSP server

  • Add support for the LSP protocol's "type hierarchy" feature (#23566)

Type checking

  • Add more ParamSpec validation for P.args and P.kwargs (#23640)
  • Ban nested Required/NotRequired, and ban them both outside of TypedDict fields (#23627)
  • Detect inconsistent generic base class specializations that appear in the same MRO (#23615)
  • Detect invalid uses of @final on non-methods (#23604)
  • Add partial support and validation for Unpack when used with tuple types (#23651)
  • Recurse into tuples and nested tuples when applying special-cased validation of arguments passed to isinstance() and issubclass() (#23607)
  • Reject ellipsis literals in odd places in type/annotation expressions (#23611)
  • Reject functions with PEP-695 type parameters that shadow type parameters from enclosing scopes (#23619)
  • Reject generic metaclasses parameterized by type variables (#23628)
  • Treat dataclass_transform dataclasses as neither frozen nor non-frozen (#23366)
  • Validate that type variable defaults don't reference later type parameters or type parameters out of scope (#23623)

Typeshed

Contributors

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.20

Released on 2026-03-02.

Bug fixes

  • Disallow negative narrowing for isinstance() or issubclass() checks involving type[] types (#23598)
  • Fix binary operations between an instance of a NewType of float and an instance of Any/Unknown (#23620)
  • Fix bug where ty would think that a Callable with a variadic positional parameter could be a subtype of a Callable with a positional-or-keyword parameter (#23610)
  • Fix inference of t.__mro__ if t is an instance of type[Any] (#23632)
  • Fix overloaded callable assignability for unary Callable targets (#23277)
  • Limit recursion depth when displaying self-referential function types (#23647)
  • Ensure that python -m ty works even when ty was installed into an ephemeral virtual environment (#2852)

LSP server

  • Add support for the LSP protocol's "type hierarchy" feature (#23566)

Type checking

  • Add more ParamSpec validation for P.args and P.kwargs (#23640)
  • Ban nested Required/NotRequired, and ban them both outside of TypedDict fields (#23627)
  • Detect inconsistent generic base class specializations that appear in the same MRO (#23615)
  • Detect invalid uses of @final on non-methods (#23604)
  • Add partial support and validation for Unpack when used with tuple types (#23651)
  • Recurse into tuples and nested tuples when applying special-cased validation of arguments passed to isinstance() and issubclass() (#23607)
  • Reject ellipsis literals in odd places in type/annotation expressions (#23611)
  • Reject functions with PEP-695 type parameters that shadow type parameters from enclosing scopes (#23619)
  • Reject generic metaclasses parameterized by type variables (#23628)
  • Treat dataclass_transform dataclasses as neither frozen nor non-frozen (#23366)
  • Validate that type variable defaults don't reference later type parameters or type parameters out of scope (#23623)

Typeshed

Contributors

... (truncated)

Commits

Updates huggingface-hub from 1.4.1 to 1.5.0

Release notes

Sourced from huggingface-hub's releases.

[v1.5.0]: Buckets API, Agent-first CLI, Spaces Hot-Reload and more

This release introduces major new features including Buckets (xet-based large scale object storage), CLI Extensions, Space Hot-Reload, and significant improvements for AI coding agents. The CLI has been completely overhauled with centralized error handling, better help output, and new commands for collections, papers, and more.

🪣 Buckets: S3-like Object Storage on the Hub

Buckets provide S3-like object storage on Hugging Face, powered by the Xet storage backend. Unlike repositories (which are git-based and track file history), buckets are remote object storage containers designed for large-scale files with content-addressable deduplication. Use them for training checkpoints, logs, intermediate artifacts, or any large collection of files that doesn't need version control.

# Create a bucket
hf buckets create my-bucket --private
Upload a directory
hf buckets sync ./data hf://buckets/username/my-bucket
Download from bucket
hf buckets sync hf://buckets/username/my-bucket ./data
List files
hf buckets list username/my-bucket -R --tree

The Buckets API includes full CLI and Python support for creating, listing, moving, and deleting buckets; uploading, downloading, and syncing files; and managing bucket contents with include/exclude patterns.

📚 Documentation: Buckets guide

🤖 AI Agent Support

This release includes several features designed to improve the experience for AI coding agents (Claude Code, OpenCode, Cursor, etc.):

  • Centralized CLI error handling: Clean user-facing messages without tracebacks (set HF_DEBUG=1 for full traces) by @​hanouticelina in #3754
  • Token-efficient skill: The hf skills add command now installs a compact skill (~1.2k tokens vs ~12k before) by @​hanouticelina in #3802
  • Agent-friendly hf jobs logs: Prints available logs and exits by default; use -f to stream by @​davanstrien in #3783
  • Add AGENTS.md: Dev setup and codebase guide for AI agents by @​Wauplin in #3789
# Install the hf-cli skill for Claude
hf skills add --claude
Install for project-level
hf skills add --project

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the all group with 3 updates
448a1dc 
Bumps the all group with 3 updates: [ruff](https://github.com/astral-sh/ruff), [ty](https://github.com/astral-sh/ty) and [huggingface-hub](https://github.com/huggingface/huggingface_hub).


Updates `ruff` from 0.15.2 to 0.15.4
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.2...0.15.4)

Updates `ty` from 0.0.18 to 0.0.20
- [Release notes](https://github.com/astral-sh/ty/releases)
- [Changelog](https://github.com/astral-sh/ty/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ty@0.0.18...0.0.20)

Updates `huggingface-hub` from 1.4.1 to 1.5.0
- [Release notes](https://github.com/huggingface/huggingface_hub/releases)
- [Commits](huggingface/huggingface_hub@v1.4.1...v1.5.0)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.15.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ty
  dependency-version: 0.0.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: huggingface-hub
  dependency-version: 1.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 12, 2026
@dependabot dependabot bot requested a review from ESultanik as a code owner March 12, 2026 11:47
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 12, 2026
@thomas-chauchefoin-tob thomas-chauchefoin-tob merged commit e243fbb into master Mar 12, 2026
9 checks passed
@thomas-chauchefoin-tob thomas-chauchefoin-tob deleted the dependabot/uv/all-92aaccfd21 branch March 12, 2026 12:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thomas-chauchefoin-tob thomas-chauchefoin-tob thomas-chauchefoin-tob approved these changes

@ESultanik ESultanik Awaiting requested review from ESultanik ESultanik is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thomas-chauchefoin-tob