Skip to content

Update all non-major dependencies#429

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch
Open

Update all non-major dependencies#429
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch

Conversation

@renovate

@renovate renovate Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence Type Update Pending
apscheduler (changelog) ==3.11.2==3.11.3 age confidence project.dependencies patch
astral-sh/setup-uv v8.2.0v8.3.1 age confidence action minor v8.3.2
astral-sh/uv 0.11.230.11.28 age confidence uses-with patch 0.11.29
click (changelog) ==8.4.1==8.4.2 age confidence project.dependencies patch
mcp ==1.28.0==1.28.1 age confidence project.dependencies patch
mypy (changelog) ==2.1.0==2.2.0 age confidence dependency-groups minor 2.3.0
python-nso-client ==0.1.3==0.2.0 age confidence project.dependencies minor
ruff (source, changelog) ==0.15.18==0.15.20 age confidence dependency-groups patch 0.15.21

Release Notes

agronholm/apscheduler (apscheduler)

v3.11.3

Compare Source

  • Fixed sub-minute interval jobs stalling for the duration of a DST spring-forward gap when the scheduler was configured with a ZoneInfo time zone, caused by the wakeup delay being computed from the naive wall-clock difference instead of the actual UTC difference (#​1103)
  • Fixed imported jobs missing their scheduler and job store links (#​1119)
astral-sh/setup-uv (astral-sh/setup-uv)

v8.3.1

Compare Source

v8.3.0

Compare Source

astral-sh/uv (astral-sh/uv)

v0.11.28

Compare Source

Released on 2026-07-07.

Security

This release updates our ZIP library, astral-async-zip, to v0.0.20, which includes 15 changes that harden our ZIP handling against parser differentials. uv may reject ZIP archives with malformed or ambiguous content that were previously accepted.

See the upstream commits for a full list of changes.

Python
Enhancements
  • Improve trace logs for unexpected error chains (#​20220)
  • Move lockfile update guidance to a hint (#​20219)
  • Preserve indentation for multiline error causes (#​20156)
  • Render user errors with their cause chains (#​20217)
  • Route final command errors through the printer to respect -q and -qq (#​20163)
  • Use standard rendering for uv build errors (#​20159)
  • Use standard rendering for tool requirement errors (#​20160)
Performance
  • Only compile bytecode for installed distributions in uv pip install (#​19914)
  • Avoid allocating URL-safe Git revisions (#​20194)
  • Avoid allocating canonical Python request strings (#​20193)
  • Avoid allocating custom Astral mirror URLs (#​20204)
  • Avoid allocating expanded compatibility tags (#​20190)
  • Avoid allocating shell strings that need no escaping (#​20196)
  • Avoid allocating static ABI descriptions (#​20201)
  • Avoid allocating static Windows executable names (#​20200)
  • Avoid allocating static dependency table names (#​20199)
  • Avoid allocating static platform triple components (#​20195)
  • Avoid allocating static resolver report labels (#​20198)
  • Avoid allocating static unavailable-version messages (#​20197)
  • Avoid allocating unchanged Python download architectures (#​20202)
  • Avoid allocating unchanged paths during case normalization (#​20203)
  • Avoid allocations when expanding group conflicts (#​20211)
  • Avoid allocations when formatting requirements (#​20206)
  • Avoid cloning credential lookup services (#​20210)
  • Avoid cloning dry-run distributions (#​20209)
  • Avoid cloning owned dependency metadata (#​20212)
  • Avoid redundant direct URL clones (#​20207)
  • Create metadata version errors lazily (#​20205)
  • Optimize expanded tag compatibility checks (#​20171)
  • Optimize parsing of single-digit three-part versions (#​20118)
Bug fixes
  • Avoid overflow when computing HTTP cache age (#​20178)
  • Respect --upgrade when upgrade-package is configured (#​19955)
  • Support uv tree in dependency-group-only projects (#​20167)
  • Treat cache entries as stale at exact expiration (#​20183)

v0.11.27

Compare Source

Released on 2026-07-06.

Enhancements
  • Continue on ignored errors when fetching wheel metadata (#​12255)
  • Use caching for --python-downloads-json-url (#​16749)
Preview features
  • Discover extensionless shebang scripts in uv workspace list --scripts (#​20099)
Performance
  • Avoid full site-packages scans for direct reinstalls (#​20119)
  • Avoid redundant pyproject parsing (#​20076)
  • Cache default dependency markers when reading locks (#​20125)
  • Enable SIMD-accelerated TOML parsing (#​20079)
  • Intern requires-python specifiers in Simple API parsing (#​20104)
  • Read cache entries into exact-sized buffers (#​20120)
  • Reduce VersionSpecifiers parsing allocations (#​20105)
  • Reduce site-packages scan allocation overhead (#​20087)
  • Reuse package names when parsing wheel filenames (#​20110)
  • Sort Simple API files after grouping (#​20112)
Bug fixes
  • Always emit packages table for pylock.toml (#​20145)
  • Avoid blank line for empty uv pip tree (#​20062)
  • Encode hashes in file paths (#​19807)
  • Error on a registry uv.lock package without a version instead of panicking (#​19855)
  • Preserve conditional extra markers in exports (#​20148)
  • Skip the ambiguous authority check for file transport VCS URLs (#​20086)
  • Sync index format when uv add --index updates an existing index URL (#​19818)
Other changes

v0.11.26

Compare Source

Released on 2026-06-30.

Performance
  • Adapt uv to IDs-only PubGrub dependencies (#​20048)
  • Avoid allocations in ForkMap::contains (#​20023)
  • Reuse resolver work across PubGrub iterations (#​20020)
  • Speed up candidate selection for disjoint ranges (#​20026)
Bug fixes
  • Warn when the build cache is inside the source directory (#​20056)

v0.11.25

Compare Source

Released on 2026-06-26.

Security

This release updates our tar library, astral-tokio-tar, to v0.6.3, which includes over 20 changes that harden our tar handling against parser differentials. uv may reject source distributions with malformed or ambiguous content that were previously accepted.

See the upstream commits for a full list of changes.

Enhancements
  • Add a full "lockfile" to tool receipts (#​18937)
  • Allow scoped overrides to add dependencies (#​19974)
  • Avoid writing redundant lockfile markers with tool.uv.environments (#​19933)
  • Factor supported environments out of lockfile markers (#​19969)
  • Recommend our own build backend in the build frontend (#​19994)
  • Reject wheels with multiple .dist-info directories (#​19986)
  • Simplify dependency markers under parent reachability (#​19971)
  • Support scoped dependency exclusions (#​19977)
  • Support scoped dependency overrides (#​19970)
  • Explain why files are skipped in registry index parsing (#​19983)
Preview features
  • Add uv workspace list --scripts (#​20009)
  • Support centralised environments in uv venv (#​19912)
  • Use locked ty versions in uv check (#​19884)
  • Add centralized storage of project environments (#​18214)
  • Verify lockfile hashes before reusing a cached ty in uv check (#​19995)
  • Use locked dependency selection for uv check --script (#​19989)
Bug fixes
  • Preserve standalone markers in workspace metadata (#​20011)
  • Reject uv build if the cache dir is enclosed (#​19991)

v0.11.24

Compare Source

Released on 2026-06-23.

Python
Preview features
  • Make project environments relocatable under preview (#​19965)
Performance
  • Use a compact index for lazy version maps (#​19959)
Bug fixes
  • Allow disabling exclude-newer (#​19934)
  • Avoid archive id collisions (#​19949)
  • Reapply "Fix transparent Python upgrades in project environments" (#​19928)
  • Clean up partial tool entrypoint installs (#​19966)
  • Fix relocatable activate.fish and broaden Fish version support (#​19856)
pallets/click (click)

v8.4.2

Compare Source

Released 2026-06-24

  • Fix Fish shell completion broken in 8.4.0 by {pr}3126. Newlines and
    tabs in option help text are now escaped, keeping the original completion
    format while still supporting multi-line help. {issue}3502
    {issue}3043 {pr}3504 {pr}3508
  • Deprecated commands and options with empty or missing help text no longer
    render a stray leading space before the (DEPRECATED) label. {pr}3509
  • A {class}Group with invoke_without_command=True marks its subcommand as
    optional in the usage help, showing [COMMAND] instead of COMMAND.
    {issue}3059 {pr}3507
  • echo_via_pager flushes after each write, so passing a generator streams
    output to the pager incrementally instead of staying hidden until the pipe
    buffer fills. {issue}3242 {issue}2542 {pr}3534
  • echo_via_pager and get_pager_file no longer close a borrowed stdout
    stream when no external pager runs, completing the partial
    I/O operation on closed file fix from {pr}3482. {issue}3449
    {pr}3533
  • Fix CLI usage symopsis for optional arguments producing double square brackets
    [[a|b|c]]... whose type already brackets their metavar. {pr}3578
  • {func}version_option resolves a package_name that does not match an
    installed distribution as an import (top-level module) name via
    {func}importlib.metadata.packages_distributions. Packages whose
    top-level module name differs from their distribution name (PIL vs
    Pillow, jwt vs PyJWT) no longer raise RuntimeError out of the
    box. {issue}2331 {issue}1884 {issue}3125 {pr}3582
modelcontextprotocol/python-sdk (mcp)

v1.28.1

Compare Source

What's Changed

  • [v1.x] Buffer per-request StreamableHTTP streams; store priming event before dispatch by @​maxisbey in #​2948
  • [v1.x] Set Development Status classifier to Production/Stable by @​maxisbey in #​2976
  • [v1.x] Support TransportSecuritySettings in the WebSocket server transport by @​maxisbey in #​2992

Full Changelog: modelcontextprotocol/python-sdk@v1.28.0...v1.28.1

python/mypy (mypy)

v2.2.0

Compare Source

astral-sh/ruff (ruff)

v0.15.20

Compare Source

Released on 2026-06-25.

Preview features
  • Allow human-readable names in rule selectors (#​25887)
  • Emit a warning instead of an error for unknown rule selectors (#​26113)
  • Match noqa shebang handling in ruff:ignore comments (#​26286)
  • [ruff] Remove pytest-fixture-autouse (RUF076) (#​26240, #​26371)
Documentation
  • Add versioning sections to custom crate READMEs (#​26317)
  • Update ruff_python_parser README for crates.io (#​26315)
  • [perflint] Clarify that PERF402 applies to any iterable (#​26242)
Contributors

v0.15.19

Compare Source

Released on 2026-06-23.

Preview features
  • Support human-readable names when hovering suppression comments and in code actions (#​26114)
Bug fixes
  • Fall back to default settings when editor-only settings are invalid (#​26244)
  • Fix panic when inserting text at a notebook cell boundary (#​26111)
Rule changes
  • [pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#​26239)
Performance
  • Avoid allocating when parsing single string literals (#​26200)
  • Avoid reallocating singleton call arguments (#​26223)
  • Lazily create source files for lint diagnostics (#​26226)
  • Optimize formatter text width and indentation (#​26236)
  • Reserve capacity for builtin bindings (#​26229)
  • Skip repeated-key checks for singleton dictionaries (#​26228)
  • Use ArrayVec for qualified name segments (#​26224)
Documentation
  • [flake8-pyi] Note that PYI051 is an opinionated stylistic rule (#​26179)
  • [pyupgrade] Clarify UP029 as a Python 2 compatibility rule (#​26243)
Other changes
  • Publish Ruff crates to crates.io (#​26271)
Contributors

Configuration

📅 Schedule: (in timezone Europe/Amsterdam)

  • Branch creation
    • Between 01:00 AM and 05:59 AM, Monday through Wednesday (* 1-5 * * 1-3)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@codecov

codecov Bot commented Jul 13, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 76.08%. Comparing base (fe5d329) to head (a59a935).

Additional details and impacted files
@@           Coverage Diff           @@
##             main     #429   +/-   ##
=======================================
  Coverage   76.08%   76.08%           
=======================================
  Files          36       36           
  Lines        3621     3621           
  Branches      290      290           
=======================================
  Hits         2755     2755           
  Misses        795      795           
  Partials       71       71           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 5 times, most recently from 1ee6634 to b9dcc9f Compare July 16, 2026 00:46
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from b9dcc9f to a59a935 Compare July 16, 2026 05:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants