Skip to content

MAINT: Bump the python-deps group across 1 directory with 3 updates#295

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/requirements/python-deps-991fc87063
Open

MAINT: Bump the python-deps group across 1 directory with 3 updates#295
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/requirements/python-deps-991fc87063

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 14, 2026
edited
Loading

Updates the requirements on pyrefly, gitpython and delvewheel to permit the latest version.
Updates pyrefly from 0.63.1 to 0.64.0

Release notes

Sourced from pyrefly's releases.

Pyrefly v0.64.0

Status : BETA Release date: May 05, 2026

Pyrefly v0.64.0 bundles 190 commits from 20 contributors.

✨ New & Improved

Area What's new
Type Checking - You can now pass generic or overloaded callables to higher-order functions and Pyrefly will preserve their structure in the return type. For example, identity(identity) now correctly returns a generic callable instead of degrading to Unknown. - Same-scope class rebinds (like Real = Dummy after class Real) are now checked against the original class as if it were an implicit type[Real] annotation, preventing silent type changes and fixing spurious constructor-call errors. - Generic classes with missing type arguments in lax mode now default to Any instead of raising variance errors, improving consistency with how we handle other incomplete types. - Pydantic field_validator decorators with mode='before' and mode='plain' are now supported, allowing validators to accept broader input types before coercion. - Spurious unpack diagnostics are no longer emitted when the right-hand side involves Never (e.g. a, b, c = never() or a, b = (never(), 1)). The unpack solver is now Never-aware, recognizing that the producing expression cannot complete and any error message at the unpack site would be misleading. - assert statements now check that __bool__ is callable on the test expression, matching the behavior already in place for if, while, and ternary expressions (and aligning with mypy and pyright).
Language Server - The language server now advertises both source.fixAll and source.fixAll.pyrefly code action kinds, enabling selective fix-on-save configuration across editors that implement the LSP protocol. - Document highlights now correctly distinguish between read and write references, setting DocumentHighlightKind::WRITE for assignments and declarations. - Go-to-definition on relative imports in site-packages files now correctly resolves to the package source instead of returning null when a pyproject.toml exists at the project root. - Notebook cell index resolution has been fixed to prevent mismatches between code cells and markdown cells, eliminating panics and incorrect byte offset calculations in Jupyter notebooks. - Cross-module "find references" (external references) is now enabled by default, returning references across the entire project rather than just the current file. - A new quick fix turns the existing "Did you mean Foo.BAR?" diagnostic note for missing enum members into a code action that replaces the offending string literal with the proper enum member access. - A new # pyrefly: ignore quick fix inserts a suppression comment for the diagnostic at the cursor, automatically merging into an existing pyrefly-ignore directive on the same line or on a comment-only line above when present. - Numeric parameter defaults now preserve their source spelling (e.g. 0o777, 0xFF, 0b101) in hover and signature display rather than being normalized to decimal. - Code actions documentation has been added to the IDE Supported Features page, covering quick fixes and source.fixAll.pyrefly configuration.
Onboarding & VS Code Extension - A redesigned unconfigured-project experience: when no pyrefly.toml is found, Pyrefly auto-detects nearby mypy.ini, pyrightconfig.json, or [tool.mypy]/[tool.pyright] sections in pyproject.toml and synthesizes an in-memory configuration migrated from those settings (using the legacy or default preset respectively). With no detectable configuration, the new basic preset is used. - A new python.pyrefly.typeCheckingMode workspace setting (auto / off / basic / legacy / default / strict, default auto) lets users pick a preset for files not covered by an explicit Pyrefly configuration, directly from the VS Code settings UI. The legacy python.pyrefly.displayTypeErrors setting is now deprecated, with values transparently mapped to the new model. - A new python.pyrefly.disableTypeErrors workspace setting provides a clean per-workspace kill switch for diagnostics, independent of the type-checking mode. - The VS Code status bar has been redesigned: it now shows the active preset (e.g. "Pyrefly (Legacy)", "Pyrefly (Basic)") and the tooltip explains why that preset was chosen and links to the relevant docs. - After a pyrefly check on an unconfigured project, the CLI now prints a short upsell to stderr explaining what configuration was synthesized and pointing at pyrefly init. The message is routed to stderr so machine-readable stdout formats (e.g. --output-format json) remain untouched.
Configuration - Configuration presets (off, basic, legacy, default, strict) are now available via the preset option, providing named collections of error severities and behavior settings as a base configuration that user settings can override. - The legacy preset is now used by pyrefly init for mypy migration, disabling checks mypy doesn't have and setting looser inference defaults. - The implicit-any error code has been split into sub-kinds (implicit-any-attribute, implicit-any-empty-container, implicit-any-parameter, implicit-any-type-argument) with implicit-any as the parent, allowing finer-grained control over where implicit Any is flagged. - The unbound-name error is now disabled in the legacy preset to match mypy's default behavior, which does not flag possibly-undefined variables.
Error Reporting - A new incompatible-overload-residual error kind has been introduced for cases where all branches of an overloaded callable are pruned during higher-order function analysis, making it easier to configure these errors independently. - Error messages for all-pruned overload residuals now describe the incompatibility in terms of "solved type variables" rather than "solved type constraints" for better clarity. - The pyrefly suppress command now correctly handles removal of unused ignores via the --remove-unused flag, which was previously broken.
Factory Boy Support - Pyrefly now infers the correct model return types for create(), build(), create_batch(), and build_batch() methods on DjangoModelFactory subclasses by reading the inner Meta.model attribute. - False-positive bad-override errors on the inner Meta class in factory-boy factories are now suppressed, matching how we handle Django and Marshmallow.
Reporting - The pyrefly report JSON output now includes a path field on each ModuleReport, for compatibility with typestats and similar tooling.
Performance - Deeply-nested dict literals no longer cause exponential memory growth during type inference. A depth-25 dict literal that previously consumed ~7.7 GB now uses ~239 MB by computing the union of field types on demand instead of storing it redundantly. - Callable residual finalization has been optimized to avoid redundant type cloning and traversals, reducing memory churn in attribute-heavy code. - Eliminated some bugs that caused Pyrefly to unnecessarily analyze dependencies, improving latency and memory use, especially in the IDE.

🐛 bug fixes

We closed 15 bug issues this release 👏

  • #3057: Fixed an issue where string concatenation with the + operator was incorrectly flagging str as not assignable to LiteralString attributes. Pyrefly now preserves LiteralString style when adding two explicit string literals and uses implicit style otherwise.
  • #105: Fixed premature type pinning in function calls where arguments were incorrectly narrowed before all constraints were solved. For example, foo(x, y) with x: int | None and y: int | None no longer incorrectly narrows x to None when passed to a generic foo[T](https://github.com/facebook/pyrefly/blob/HEAD/a: T, b: T).
  • #3198: Fixed pyrefly suppress --remove-unused which was not actually removing unused error suppressions. The command now correctly processes the --remove-unused flag.
  • #3024: The language server now advertises source.fixAll.pyrefly in addition to source.fixAll, allowing users to selectively enable or disable Pyrefly's fix-all actions in editors that support LSP code action kinds.
  • #2819: Fixed incorrect variance errors when using generic classes like Pydantic's RootModel in lax mode. Missing type arguments now degrade to Any instead of raising errors, matching our handling of other incomplete types.
  • #3000: Fixed "find references" failures in Cursor and other editors caused by relative imports in site-packages not resolving correctly when a pyproject.toml existed at the project root.
  • #2563: Fixed go-to-definition on relative imports in virtual environment site-packages, which was returning null because the project root's import path was matching before the more specific site-package prefix.
  • #3193: Fixed an error where list["A|B"] was incorrectly rejected as not-a-type. Type argument subscripts are now bound as type expressions even in value context, allowing forward-ref strings to be parsed.
  • #3286: Fixed exponential memory blowup when type-checking deeply-nested dict literals, which could cause VSCode to be killed by the OS. Memory usage for a depth-25 dict dropped from ~7.7 GB to ~239 MB.
  • #3261: Fixed a false positive bad-class-definition when a dataclass field was assigned inside a @classmethod or __init_subclass__. Pyrefly was incorrectly extracting these as dataclass fields, even though Python's dataclasses.dataclass ignores them at runtime.
  • #2914: assert statements now flag a non-callable __bool__ on the test expression, closing a gap that previously only caught the issue inside if, while, and ternary expressions.
  • #2867: Fixed urlunparse being inferred as returning Literal[b''] instead of str. The fix reworks as_superclass so tuple-like NamedTuple subclasses are upcast through their erased tuple element types, which stops ParseResult from spuriously matching Iterable[None] and selecting the bytes overload.
  • #3266: Added a quick fix for the existing "Did you mean Foo.BAR?" diagnostic note for missing enum members, turning the suggestion into a code action that rewrites the surrounding string literal.
  • #3230: Numeric parameter defaults now preserve their original spelling (e.g. 0o777) in hover and signature display rather than being normalized to a decimal value.
  • #3302: Added a path field to the pyrefly report JSON ModuleReport, restoring compatibility with typestats.

Thank-you to all our contributors who found these bugs and reported them! Did you know this is one of the most helpful contributions you can make to an open-source project? If you find any bugs in Pyrefly we want to know about them! Please open a bug report issue here

📦 Upgrade

... (truncated)

Commits
  • e267ba6 Fix provide_type race condition with config recheck cancellation (#3316)
  • fe26ba3 Fix failing quick fix test
  • 6d9611d Use FuncMetadata::def to reduce code duplication
  • a545b3a Add a more general FuncMetadata::def helper
  • 18b7331 Rename FuncMetadata::def to FuncMetadata::method
  • 4ecf8c7 Remove unnecessary parameters from FuncMetadata::def
  • c3c3668 Deduplicate property handling code in class_field.rs and attr.rs.
  • 937054b Add a bunch more tests for constructing properties via property(...) call
  • 5a95af5 Fix handling of fset=None in property(...) calls
  • ea94a54 fix Recognize explicitly constructed properties as such #3141 (#3144)
  • Additional commits viewable in compare view

Updates gitpython to 3.1.50

Release notes

Sourced from gitpython's releases.

3.1.50

What's Changed

New Contributors

Full Changelog: gitpython-developers/GitPython@3.1.49...3.1.50

Commits

Updates delvewheel from 1.12.0 to 1.12.1

Changelog

Sourced from delvewheel's changelog.

1.12.1 (6 May 2026)

  • Support the abi3t tag defined in PEP 803.
  • Improve the Limitations section of the README.
  • Improve support for abi3 wheels targeting the very old Python 3.3 and 3.4.
  • Add combase.dll to DLL exclusion list.
  • Update GitHub Actions.
  • Exclude DLLs needed for GraalPy runtime when repairing GraalPy wheels.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
MAINT: Bump the python-deps group across 1 directory with 3 updates
328e6eb 
Updates the requirements on [pyrefly](https://github.com/facebook/pyrefly), [gitpython](https://github.com/gitpython-developers/GitPython) and [delvewheel](https://github.com/adang1345/delvewheel) to permit the latest version.

Updates `pyrefly` from 0.63.1 to 0.64.0
- [Release notes](https://github.com/facebook/pyrefly/releases)
- [Commits](facebook/pyrefly@0.63.1...0.64.0)

Updates `gitpython` to 3.1.50
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](gitpython-developers/GitPython@3.1.49...3.1.50)

Updates `delvewheel` from 1.12.0 to 1.12.1
- [Changelog](https://github.com/adang1345/delvewheel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/adang1345/delvewheel/commits)

---
updated-dependencies:
- dependency-name: pyrefly
  dependency-version: 0.64.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-deps
- dependency-name: gitpython
  dependency-version: 3.1.50
  dependency-type: direct:production
  dependency-group: python-deps
- dependency-name: delvewheel
  dependency-version: 1.12.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

03 - Maintenance

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants