Skip to content

Bump the all group with 3 updates#282

Merged
thomas-chauchefoin-tob merged 1 commit into
masterfrom
dependabot/uv/all-99d156251f
Jun 18, 2026
Merged

Bump the all group with 3 updates#282
thomas-chauchefoin-tob merged 1 commit into
masterfrom
dependabot/uv/all-99d156251f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 18, 2026

Copy link
Copy Markdown
Contributor

Bumps the all group with 3 updates: ruff, ty and huggingface-hub.

Updates ruff from 0.15.14 to 0.15.16

Release notes

Sourced from ruff's releases.

0.15.16

Release Notes

Released on 2026-06-04.

Preview features

  • [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
  • [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
  • [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

  • [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
  • [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
  • [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
  • [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
  • [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

  • [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

  • Drop excess capacity from statement suites during parsing (#25368)

Documentation

  • [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
  • [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
  • Fix typo bin/activebin/activate in tutorial (#25473)

Other changes

  • Shrink additional parser AST collections (#25465)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.16

Released on 2026-06-04.

Preview features

  • [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
  • [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
  • [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

  • [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
  • [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
  • [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
  • [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
  • [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

  • [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

  • Drop excess capacity from statement suites during parsing (#25368)

Documentation

  • [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
  • [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
  • Fix typo bin/activebin/activate in tutorial (#25473)

Other changes

  • Shrink additional parser AST collections (#25465)

Contributors

0.15.15

... (truncated)

Commits

Updates ty from 0.0.40 to 0.0.48

Release notes

Sourced from ty's releases.

0.0.48

Release Notes

Released on 2026-06-10.

Performance

  • Avoid redundant constraint saturation work (#25786)

Core type checking

  • Add support for TypedDict extra_items (#25591)
  • Improve closed=True TypedDict precision (#25651)
  • Require subtyping for transitive constraint pivots (#25778)
  • Sync vendored typeshed stubs (#25828). Typeshed diff

Contributors

Install ty 0.0.48

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.48/ty-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ty/releases/download/0.0.48/ty-installer.ps1 | iex"

Download ty 0.0.48

File Platform Checksum
ty-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
ty-x86_64-apple-darwin.tar.gz Intel macOS checksum
ty-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
ty-i686-pc-windows-msvc.zip x86 Windows checksum
ty-x86_64-pc-windows-msvc.zip x64 Windows checksum
ty-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
ty-i686-unknown-linux-gnu.tar.gz x86 Linux checksum
ty-powerpc64-unknown-linux-gnu.tar.gz PPC64 Linux checksum
ty-powerpc64le-unknown-linux-gnu.tar.gz PPC64LE Linux checksum
ty-riscv64gc-unknown-linux-gnu.tar.gz RISCV Linux checksum
ty-s390x-unknown-linux-gnu.tar.gz S390x Linux checksum

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.48

Released on 2026-06-10.

Performance

  • Avoid redundant constraint saturation work (#25786)

Core type checking

  • Add support for TypedDict extra_items (#25591)
  • Improve closed=True TypedDict precision (#25651)
  • Require subtyping for transitive constraint pivots (#25778)
  • Sync vendored typeshed stubs (#25828). Typeshed diff

Contributors

0.0.47

Released on 2026-06-10.

Bug fixes

  • Avoid panicking on encountering a recursive NamedTuple that references a recursive NewType (#25764)
  • Fix out-of-bound panic in notebooks involving suppression comments (#25629)

Core type checking

Performance and memory-usage improvements

  • Avoid caching specialization-invariant known instances (#25816)
  • Avoid resolving overload sets for ordinary functions (#25817)
  • Store common definition inference results inline (#25814)
  • Use Box<SystemPath> etc. in Files (#25554)

Contributors

0.0.46

Released on 2026-06-08.

... (truncated)

Commits

Updates huggingface-hub from 1.16.4 to 1.18.0

Release notes

Sourced from huggingface-hub's releases.

[v1.18.0] Unified file copying, web URL support, and storage usage

🖥️ Unified hf cp command

A single hf cp command now handles all file-copy workflows (upload a local file, download from the Hub, or copy between two remote locations) with consistent hf:// URI syntax for both repositories and buckets. It is also available as hf repos cp and hf buckets cp; all three aliases are identical, so you can use whichever reads best for your workflow. You can stream from stdin (-) or to stdout (-), and a trailing / on the source path gives you rsync-style semantics (copy the folder contents, not the folder itself). Note that remote-to-remote copies only work within the same storage region, and bucket-to-repo is not yet supported.

# Upload a local file to a repo
hf cp ./model.safetensors hf://username/my-model/model.safetensors
Download a file to stdout
hf cp hf://username/my-model/config.json - | jq .
Copy between two Hub repos
hf cp hf://username/source-model/config.json hf://username/dest-model/config.json

📚 Documentation: CLI guide — Copy files

  • [CLI] Add unified hf cp command (aliased as hf repos cp and hf buckets cp) by @​Wauplin in #4295

🥚 Easter egg:explore your storage usage

🔗 Paste web URLs directly

parse_hf_uri now accepts Hugging Face web URLs so you can paste a link straight into the CLI or the library and it "just works".

# Copy-paste a URL from the website
hf cp https://huggingface.co/nvidia/LocateAnything-3B/blob/main/config.json - | jq '.architectures'

📚 Documentation: HF URIs — Web URLs

  • [URIs] Parse web URLs in parse_hf_uri + add HfUri.to_url by @​Wauplin in #4296

🚨 Breaking change

On Lustre, GPFS, and some NFS mounts, flock(2) silently succeeds for every caller, which means filelock provides no mutual exclusion. When multiple hf_hub_download calls race for the same file, they can append to the same .incomplete file and silently corrupt the blob cache. This release fixes that by always downloading to a fresh temporary file instead of resuming an incomplete one, making the download path safe even when file locking is broken. filelock is still used as a "best-effort" hint to avoid unnecessary duplicate downloads, but correctness no longer depends on it. This is a breaking change: resuming a previously failed partial download is no longer possible. However, file resumability was already a niche use case only applicable when hf_xet is disabled.

  • [Fix] Make concurrent downloads safe even when file locking is broken by @​Wauplin in #4306

🖥️ CLI

... (truncated)

Commits
  • 64e5356 Release: v1.18.0
  • b1c4c20 Release: v1.18.0.rc0
  • c505f77 [Fix] Make concurrent downloads safe even when file locking is broken (#4306)
  • d04c3b2 [URIs] Parse web URLs in parse_hf_uri + add HfUri.to_url (#4296)
  • 0e57086 Bump the actions group with 2 updates (#4309)
  • e628f15 [Download] Probe umask next to incomplete file instead of two levels above de...
  • f4a91c2 [CLI] inline enum choices in the generated CLI skill (#4299)
  • 1138933 [Docs] Mention storage region limitation for server-side copy (#4302)
  • 26a6df1 [Docs] Document missing parameters in hf_hub_url and preupload_lfs_files (#4300)
  • c6dfc6d [Docs] Document missing endpoint and template_str parameters (#4298)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the all group with 3 updates
7b37898 
Bumps the all group with 3 updates: [ruff](https://github.com/astral-sh/ruff), [ty](https://github.com/astral-sh/ty) and [huggingface-hub](https://github.com/huggingface/huggingface_hub).


Updates `ruff` from 0.15.14 to 0.15.16
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.14...0.15.16)

Updates `ty` from 0.0.40 to 0.0.48
- [Release notes](https://github.com/astral-sh/ty/releases)
- [Changelog](https://github.com/astral-sh/ty/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ty@0.0.40...0.0.48)

Updates `huggingface-hub` from 1.16.4 to 1.18.0
- [Release notes](https://github.com/huggingface/huggingface_hub/releases)
- [Commits](huggingface/huggingface_hub@v1.16.4...v1.18.0)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.15.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ty
  dependency-version: 0.0.48
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: huggingface-hub
  dependency-version: 1.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 18, 2026
@dependabot dependabot Bot requested a review from ESultanik as a code owner June 18, 2026 11:45
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 18, 2026
@thomas-chauchefoin-tob thomas-chauchefoin-tob merged commit 5fcd2b7 into master Jun 18, 2026
9 checks passed
@thomas-chauchefoin-tob thomas-chauchefoin-tob deleted the dependabot/uv/all-99d156251f branch June 18, 2026 11:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thomas-chauchefoin-tob thomas-chauchefoin-tob thomas-chauchefoin-tob approved these changes

@ESultanik ESultanik Awaiting requested review from ESultanik ESultanik is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thomas-chauchefoin-tob