Skip to content

Bump the all group with 3 updates#257

Merged
thomas-chauchefoin-tob merged 1 commit intomasterfrom
dependabot/uv/all-6ecb327e95
Mar 26, 2026
Merged

Bump the all group with 3 updates#257
thomas-chauchefoin-tob merged 1 commit intomasterfrom
dependabot/uv/all-6ecb327e95

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 26, 2026

Bumps the all group with 3 updates: ruff, ty and huggingface-hub.

Updates ruff from 0.15.5 to 0.15.6

Release notes

Sourced from ruff's releases.

0.15.6

Release Notes

Released on 2026-03-12.

Preview features

  • Add support for lazy import parsing (#23755)
  • Add support for star-unpacking of comprehensions (PEP 798) (#23788)
  • Reject semantic syntax errors for lazy imports (#23757)
  • Drop a few rules from the preview default set (#23879)
  • [airflow] Flag Variable.get() calls outside of task execution context (AIR003) (#23584)
  • [airflow] Flag runtime-varying values in DAG/task constructor arguments (AIR304) (#23631)
  • [flake8-bugbear] Implement delattr-with-constant (B043) (#23737)
  • [flake8-tidy-imports] Add TID254 to enforce lazy imports (#23777)
  • [flake8-tidy-imports] Allow users to ban lazy imports with TID254 (#23847)
  • [isort] Retain lazy keyword when sorting imports (#23762)
  • [pyupgrade] Add from __future__ import annotations automatically (UP006) (#23260)
  • [refurb] Support newline parameter in FURB101 for Python 3.13+ (#23754)
  • [ruff] Add os-path-commonprefix (RUF071) (#23814)
  • [ruff] Add unsafe fix for os-path-commonprefix (RUF071) (#23852)
  • [ruff] Limit RUF036 to typing contexts; make it unsafe for non-typing-only (#23765)
  • [ruff] Use starred unpacking for RUF017 in Python 3.15+ (#23789)

Bug fixes

  • Fix --add-noqa creating unwanted leading whitespace (#23773)
  • Fix --add-noqa breaking shebangs (#23577)
  • [formatter] Fix lambda body formatting for multiline calls and subscripts (#23866)
  • [formatter] Preserve required annotation parentheses in annotated assignments (#23865)
  • [formatter] Preserve type-expression parentheses in the formatter (#23867)
  • [flake8-annotations] Fix stack overflow in ANN401 on quoted annotations with escape sequences (#23912)
  • [pep8-naming] Check naming conventions in match pattern bindings (N806, N815, N816) (#23899)
  • [perflint] Fix comment duplication in fixes (PERF401, PERF403) (#23729)
  • [pyupgrade] Properly trigger super change in nested class (UP008) (#22677)
  • [ruff] Avoid syntax errors in RUF036 fixes (#23764)

Rule changes

  • [flake8-bandit] Flag S501 with requests.request (#23873)
  • [flake8-executable] Fix WSL detection in non-Docker containers (#22879)
  • [flake8-print] Ignore pprint calls with stream= (#23787)

Documentation

  • Update docs for Markdown code block formatting (#23871)
  • [flake8-bugbear] Fix misleading description for B904 (#23731)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.6

Released on 2026-03-12.

Preview features

  • Add support for lazy import parsing (#23755)
  • Add support for star-unpacking of comprehensions (PEP 798) (#23788)
  • Reject semantic syntax errors for lazy imports (#23757)
  • Drop a few rules from the preview default set (#23879)
  • [airflow] Flag Variable.get() calls outside of task execution context (AIR003) (#23584)
  • [airflow] Flag runtime-varying values in DAG/task constructor arguments (AIR304) (#23631)
  • [flake8-bugbear] Implement delattr-with-constant (B043) (#23737)
  • [flake8-tidy-imports] Add TID254 to enforce lazy imports (#23777)
  • [flake8-tidy-imports] Allow users to ban lazy imports with TID254 (#23847)
  • [isort] Retain lazy keyword when sorting imports (#23762)
  • [pyupgrade] Add from __future__ import annotations automatically (UP006) (#23260)
  • [refurb] Support newline parameter in FURB101 for Python 3.13+ (#23754)
  • [ruff] Add os-path-commonprefix (RUF071) (#23814)
  • [ruff] Add unsafe fix for os-path-commonprefix (RUF071) (#23852)
  • [ruff] Limit RUF036 to typing contexts; make it unsafe for non-typing-only (#23765)
  • [ruff] Use starred unpacking for RUF017 in Python 3.15+ (#23789)

Bug fixes

  • Fix --add-noqa creating unwanted leading whitespace (#23773)
  • Fix --add-noqa breaking shebangs (#23577)
  • [formatter] Fix lambda body formatting for multiline calls and subscripts (#23866)
  • [formatter] Preserve required annotation parentheses in annotated assignments (#23865)
  • [formatter] Preserve type-expression parentheses in the formatter (#23867)
  • [flake8-annotations] Fix stack overflow in ANN401 on quoted annotations with escape sequences (#23912)
  • [pep8-naming] Check naming conventions in match pattern bindings (N806, N815, N816) (#23899)
  • [perflint] Fix comment duplication in fixes (PERF401, PERF403) (#23729)
  • [pyupgrade] Properly trigger super change in nested class (UP008) (#22677)
  • [ruff] Avoid syntax errors in RUF036 fixes (#23764)

Rule changes

  • [flake8-bandit] Flag S501 with requests.request (#23873)
  • [flake8-executable] Fix WSL detection in non-Docker containers (#22879)
  • [flake8-print] Ignore pprint calls with stream= (#23787)

Documentation

  • Update docs for Markdown code block formatting (#23871)
  • [flake8-bugbear] Fix misleading description for B904 (#23731)

Contributors

... (truncated)

Commits
  • e4c7f35 Bump 0.15.6 (#23919)
  • edfe6c1 [ty] Narrow type context during collection literal inference (#23844)
  • dd16d68 Exclude broken symlink in ecosystem check (#23921)
  • 3f94c6a Fix stack overflow in ANN401 on quoted annotations with escape sequences (#23...
  • 91fc7bd [ty] Fix false-positive diagnostics for PEP-604 union annotations on attribut...
  • 04229cf [ty] Initial test suite for PEP-728 TypedDict features (#23832)
  • 728b9d6 [pep8-naming] Check naming conventions in match pattern bindings (N806,...
  • 88d1eec [ty] Ensure a type[] type T is always considered assignable to a union th...
  • 37cdd61 Fix lambda body formatting for multiline calls and subscripts (#23866)
  • a25a4df [ty] Disambiguate duplicate-looking overloaded callables in union display (#2...
  • Additional commits viewable in compare view

Updates ty from 0.0.21 to 0.0.23

Release notes

Sourced from ty's releases.

0.0.23

Release Notes

Released on 2026-03-13.

Bug fixes

  • Fix false-positive diagnostics for PEP-604 union annotations on attribute targets on Python 3.9 when from __future__ import annotations is active (#23915)
  • dataclass_transform: Respect kw_only overwrites in dataclasses (#23930)
  • Fix too-many-cycle panics when inferring loop variables with Literal types (#23875)

Server

Core type checking

  • Split errors for possibly missing submodules into a new possibly-missing-submodule error code (enabled by default), and make possibly-missing-attribute ignored by default (#23918)
  • Improve handling of bidirectional inference when (#23844)
  • Fix inference of conditionally defined properties (#23925)

Improvements to diagnostics

  • Clarify in diagnostics that from __future__ import annotations only stringifies type annotations (#23928)

Performance improvements

  • Avoid duplicated work during multi-inference (#23923)

Contributors

Install ty 0.0.23

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.23/ty-installer.sh | sh

Install prebuilt binaries via powershell script

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.23

Released on 2026-03-13.

Bug fixes

  • Fix false-positive diagnostics for PEP-604 union annotations on attribute targets on Python 3.9 when from __future__ import annotations is active (#23915)
  • dataclass_transform: Respect kw_only overwrites in dataclasses (#23930)
  • Fix too-many-cycle panics when inferring loop variables with Literal types (#23875)

Server

Core type checking

  • Split errors for possibly missing submodules into a new possibly-missing-submodule error code (enabled by default), and make possibly-missing-attribute ignored by default (#23918)
  • Improve handling of bidirectional inference when (#23844)
  • Fix inference of conditionally defined properties (#23925)

Improvements to diagnostics

  • Clarify in diagnostics that from __future__ import annotations only stringifies type annotations (#23928)

Performance improvements

  • Avoid duplicated work during multi-inference (#23923)

Contributors

0.0.22

Released on 2026-03-12.

Bug fixes

  • Fix issue where variables could be inferred as Divergent if they were assigned using tuple unpacking in loops (#23812)
  • Allow error = "all" in a root pyproject.toml file to be overridden using tool.ty.overrides in a subdirectory's pyproject.toml file (#23712)
  • Only unsoundly upcast type[] types to their constructor Callable type during assignability checks, not during redundancy/subtyping checks (#23834, #23901)
  • Fix stack overflow that could occur with certain recursive protocols (#23870)

... (truncated)

Commits

Updates huggingface-hub from 1.6.0 to 1.7.1

Release notes

Sourced from huggingface-hub's releases.

[v1.7.0] pip-installable CLI extensions and multiple QoL improvements

This release brings major improvements to the hf CLI with extension discoverability, unified list commands, and multiple QoL improvements in the CLI.

🎉 The Homebrew formula of the Hugging Face CLI has been renamed to hf. Existing users just need to run brew update - Homebrew handles the rename automatically. New users can install with brew install hf.

🧩 CLI Extensions: pip-installable packages and discoverability

The hf CLI extensions system gets a major upgrade in this release. Extensions can now be full Python packages (with a pyproject.toml) installed in isolated virtual environments, in addition to the existing shell script approach. This means extension authors can use Python dependencies without conflicting with the user's system. The install command auto-detects whether a GitHub repo is a script or a Python package and handles both transparently.

A new hf extensions search command lets users discover available extensions directly from the terminal by querying GitHub repositories tagged with the hf-extension topic. Results are sorted by stars and show whether each extension is already installed locally. Additionally, a comprehensive guide on how to build, publish, and make extensions discoverable has been added to the documentation.

# Install a Python-based extension
hf extensions install alvarobartt/hf-mem
Discover available extensions
hf extensions search
NAME   REPO                    STARS DESCRIPTION                         INSTALLED

claude hanouticelina/hf-claude     2 Extension for hf CLI to launch... yes
agents hanouticelina/hf-agents       HF extension to run local coding...

📚 Documentation: Create a CLI extension

🔐 hf auth login CLI update

A new --force flag lets you explicitly go through the full login flow again when needed, for example to switch tokens.

# Already logged in — returns immediately
hf auth login
Force re-login to switch tokens
hf auth login --force

📚 Documentation: CLI guide

📦 Xet optimizations and fixes

hf-xet has been bumped to v1.4.2 with some optimizations:

  • Avoid duplicate sha256 computation when uploading to a model/dataset repo
  • Skip sha256 computation when uploading to a bucket

... (truncated)

Commits
  • 9b518ff Release: v1.7.1
  • 4171dde Merge branch 'v1.7-release' of github.com:huggingface/huggingface_hub into v1...
  • f2d9fd3 Merge branch 'main' into v1.7-release
  • 787603e feat: pass skip_sha256=True to hf_xet for bucket uploads (#3900)
  • 72871b9 Prepare for v1.8.0 release (#3927)
  • 3770383 Release: v1.7.0
  • c062fb7 Merge branch 'main' into v1.7-release
  • 141fcfd feat: pass pre-computed SHA-256 to hf_xet upload (#3876)
  • f945c6f Validate release notes have no extra PRs from other releases (#3926)
  • c94df18 Release: v1.7.0.rc1
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 26, 2026
@dependabot dependabot bot requested a review from ESultanik as a code owner March 26, 2026 11:47
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 26, 2026
@dependabot @thomas-chauchefoin-tob
Bump the all group with 3 updates
c336fa1 
Bumps the all group with 3 updates: [ruff](https://github.com/astral-sh/ruff), [ty](https://github.com/astral-sh/ty) and [huggingface-hub](https://github.com/huggingface/huggingface_hub).


Updates `ruff` from 0.15.5 to 0.15.6
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.5...0.15.6)

Updates `ty` from 0.0.21 to 0.0.23
- [Release notes](https://github.com/astral-sh/ty/releases)
- [Changelog](https://github.com/astral-sh/ty/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ty@0.0.21...0.0.23)

Updates `huggingface-hub` from 1.6.0 to 1.7.1
- [Release notes](https://github.com/huggingface/huggingface_hub/releases)
- [Commits](huggingface/huggingface_hub@v1.6.0...v1.7.1)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.15.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ty
  dependency-version: 0.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: huggingface-hub
  dependency-version: 1.7.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@thomas-chauchefoin-tob thomas-chauchefoin-tob force-pushed the dependabot/uv/all-6ecb327e95 branch from d58eaa0 to c336fa1 Compare March 26, 2026 22:51
@thomas-chauchefoin-tob thomas-chauchefoin-tob merged commit 6e6ed51 into master Mar 26, 2026
13 checks passed
@thomas-chauchefoin-tob thomas-chauchefoin-tob deleted the dependabot/uv/all-6ecb327e95 branch March 26, 2026 22:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thomas-chauchefoin-tob thomas-chauchefoin-tob thomas-chauchefoin-tob approved these changes

@ESultanik ESultanik Awaiting requested review from ESultanik ESultanik is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thomas-chauchefoin-tob