chore(deps-dev): update ruff requirement from <1,>=0.15.17 to >=0.15.19,<1#106
chore(deps-dev): update ruff requirement from <1,>=0.15.17 to >=0.15.19,<1#106dependabot[bot] wants to merge 1 commit into
Conversation
Updates the requirements on [ruff](https://github.com/astral-sh/ruff) to permit the latest version. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.15.17...0.15.19) --- updated-dependencies: - dependency-name: ruff dependency-version: 0.15.19 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
…ut v0.19.5 (#111) Bundles the six open Dependabot PRs (#105–#110). All six were failing the CI `security` gate on the same stale lock pin: pydantic-settings==2.14.1 (GHSA-4xgf-cpjx-pc3j, fixed in 2.14.2). The gate audits requirements.lock, which Dependabot never regenerates, so every PR was blocked by a CVE most of them don't touch. Regenerating the lockfile clears it. - fastapi >=0.136.3 → >=0.138.0 (#107) - slowapi >=0.1.9 → >=0.1.10 (#108) - pydantic-settings >=2.14.1 → >=2.14.2 (#110) - ruff >=0.15.17 → >=0.15.19 (#106, dev) - pytest >=9.1.0 → >=9.1.1 (#109, dev) - actions/checkout v6 → v7 (#105, CI) Lockfile regen also floated anyio, click, fastapi, wrapt transitives. pip-audit -r requirements.lock: no known vulnerabilities. 222 tests pass. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Superseded by #111 (merged as part of the v0.19.5 dependency bundle), which applies this bump along with the regenerated |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
1 participant
Updates the requirements on ruff to permit the latest version.
Release notes
Sourced from ruff's releases.
... (truncated)
Changelog
Sourced from ruff's changelog.
... (truncated)
Commits
7f04365Bump version to 0.15.19 (#26291)a30ba16[ty] Infer definite equality comparison results (#26290)bcd2028[ty] Avoid recursion when projecting narrowing constraints (#26276)c0e083e[ty] Avoid bypassing lazy constraints for Divergent (#26288)fb13596Record configured crates.io packages (#26281)85da759[ty] Fix ParamSpec callable signature extraction for callable instances (#26279)4c98a81[ty] Make multi-arm TypeOf cycle recovery monotonic (#26275)7b84361[ty] Preserve regular kind for callable instances (#26253)93c8c59[flake8-pyi] Note thatPYI051is an opinionated stylistic rule (#26179)bc9bb05[ty] Infer types for names bound in match patterns (#25940)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)