chore(deps): bump the uv-version-updates group across 1 directory with 10 updates

[dependabot]

Bumps the uv-version-updates group with 10 updates in the / directory:

Package	From	To
requests	2.33.0	2.33.1
pytest-cov	7.0.0	7.1.0
tox	4.32.0	4.52.0
types-python-dateutil	2.9.0.20251115	2.9.0.20260402
testcontainers	4.14.1	4.14.2
python-dotenv	1.1.1	1.2.2
ruff	0.14.10	0.15.8
sphinx	7.4.7	8.1.3
fawltydeps	0.19.0	0.20.0
ty	0.0.5	0.0.27

Updates requests from 2.33.0 to 2.33.1

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

New Contributors

• @​ferdnyc made their first contribution in psf/requests#7277

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

Commits

• 111d2b7 v2.33.1
• f0198e6 Fix malformed value parsing for Content-Type (#7309)
• bc7dd0f Fix cosmetic header validity parsing regex (#7308)
• 4443b1a Fix unintended test extra (#7306)
• 389eea5 Cleanup extracted file after extract_zipped_path test (#7305)
• 7407309 Packaging: DRY out extras definition (#7277)
• See full diff in compare view

Updates pytest-cov from 7.0.0 to 7.1.0

Changelog

Sourced from pytest-cov's changelog.

7.1.0 (2026-03-21)

• Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See [#641](https://github.com/pytest-dev/pytest-cov/issues/641) <https://github.com/pytest-dev/pytest-cov/issues/641>_.

• Improve handling of ResourceWarning from sqlite3.

  The plugin adds warning filter for sqlite3 ResourceWarning unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.

  With this fix one can suppress ResourceWarning from sqlite3 from command line::

  pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...

• Various improvements to documentation. Contributed by Art Pelling in [#718](https://github.com/pytest-dev/pytest-cov/issues/718) <https://github.com/pytest-dev/pytest-cov/pull/718>_ and "vivodi" in [#738](https://github.com/pytest-dev/pytest-cov/issues/738) <https://github.com/pytest-dev/pytest-cov/pull/738>. Also closed [#736](https://github.com/pytest-dev/pytest-cov/issues/736) <https://github.com/pytest-dev/pytest-cov/issues/736>.

• Fixed some assertions in tests. Contributed by in Markéta Machová in [#722](https://github.com/pytest-dev/pytest-cov/issues/722) <https://github.com/pytest-dev/pytest-cov/pull/722>_.

• Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).

Commits

• 66c8a52 Bump version: 7.0.0 → 7.1.0
• f707662 Make the examples use pypy 3.11.
• 6049a78 Make context test use the old ctracer (seems the new sysmon tracer behaves di...
• 8ebf20b Update changelog.
• 861d30e Remove the backup context manager - shouldn't be needed since coverage 5.0, ...
• fd4c956 Pass the precision on the nulled total (seems that there's some caching goion...
• 78c9c4e Only run the 3.9 on older deps.
• 4849a92 Punctuation.
• 197c35e Update changelog and hopefully I don't forget to publish release again :))
• 14dc1c9 Update examples to use 3.11 and make the adhoc layout example look a bit more...
• Additional commits viewable in compare view

Updates tox from 4.32.0 to 4.52.0

Release notes

Sourced from tox's releases.

v4.52.0

What's Changed

• remove unsupported --remote flag from gh repo fork by @​rahuldevikar in tox-dev/tox#3908
• ✨ feat(config): support escaped dots in -x override keys by @​gaborbernat in tox-dev/tox#3910
• 🐛 fix(docs): auto-generate manpage from CLI parser by @​gaborbernat in tox-dev/tox#3911
• ✨ feat(runner): add PEP 723 inline script metadata support by @​gaborbernat in tox-dev/tox#3912

Full Changelog: tox-dev/tox@4.51.0...4.52.0

v4.51.0

What's Changed

• 🔒 ci(workflows): add zizmor security auditing by @​gaborbernat in tox-dev/tox#3896
• Add base_python_file config option by @​rahuldevikar in tox-dev/tox#3899
• prevent machine ISA from overriding explicit env factors by @​rahuldevikar in tox-dev/tox#3904
• 🐛 fix(config): fix handling of env_list in nested contexts by @​Daverball in tox-dev/tox#3905
• fix: enable persist-credentials for release workflow by @​rahuldevikar in tox-dev/tox#3907

New Contributors

• @​Daverball made their first contribution in tox-dev/tox#3905

Full Changelog: tox-dev/tox@4.50.3...4.51.0

v4.50.3

What's Changed

• 🐛 fix(pkg): distinguish free-threaded Python in wheel build env by @​gaborbernat in tox-dev/tox#3891

Full Changelog: tox-dev/tox@4.50.2...4.50.3

v4.50.2

What's Changed

• fix(sdist): include docs/man/tox.1.rst by @​branchv in tox-dev/tox#3890

New Contributors

• @​branchv made their first contribution in tox-dev/tox#3890

Full Changelog: tox-dev/tox@4.50.1...4.50.2

v4.50.1

... (truncated)

Changelog

Sourced from tox's changelog.

Features - 4.52.0

• Add virtualenv-pep-723 runner that reads dependencies and Python version from :PEP:723 inline script metadata — no need to duplicate them in tox config - by :user:gaborbernat. (:issue:3897)
• Support escaped dots (\.) in -x/--override keys, allowing overrides to target environments with dots in their names such as py3.14 - by :user:gaborbernat. (:issue:3910)

Bug fixes - 4.52.0

• Auto-generate the manpage from the CLI argparse parser at wheel build time, fixing broken section headers and documenting all commands and options - by :user:gaborbernat. (:issue:3878)

Miscellaneous internal changes - 4.52.0

• Remove unsupported --remote flag from gh repo fork in the update-schemastore workflow, as recent versions of gh no longer accept it - by :user:rahuldevikar. (:issue:3908)

---

v4.51.0 (2026-03-27)

---

Features - 4.51.0

• Add base_python_file configuration option to read the base Python version from a file (e.g. .python-version), similar to GitHub Actions' python-version-file - by :user:rahuldevikar (:issue:3894)

Bug fixes - 4.51.0

• Prevent implicit machine ISA (e.g. arm64, x86_64) from overriding explicit architecture factors in environment names, fixing cross-architecture conflicts in multiline factor conditionals - by :user:rahuldevikar. (:issue:3903)
• Nested environment list configuration values are now properly parsed, validated and expanded by the TOML parser. This allows you to use generative environment lists in tox-gh via the TOML format. Previously this was only possible with the INI format. - by :user:Daverball (:issue:3905)

Miscellaneous internal changes - 4.51.0

• Enable persist-credentials: true in the actions/checkout step of the prepare-release workflow so that git push operations succeed during automated releases - by :user:rahuldevikar. (:issue:3907)

---

v4.50.3 (2026-03-20)

---

Bug fixes - 4.50.3

... (truncated)

Commits

• d83d577 release 4.52.0
• da0f890 ✨ feat(runner): add PEP 723 inline script metadata support (#3912)
• b232d2d 🐛 fix(docs): auto-generate manpage from CLI parser (#3911)
• 84958f7 [pre-commit.ci] pre-commit autoupdate (#3909)
• 15d9ac0 ✨ feat(config): support escaped dots in -x override keys (#3910)
• 0eda3a2 remove unsupported --remote flag from gh repo fork (#3908)
• 5f1ec1a release 4.51.0
• b5f9b13 fix: enable persist-credentials for release workflow (#3907)
• 8c9c199 🐛 fix(config): fix handling of env_list in nested contexts (#3905)
• 451aa9c prevent machine ISA from overriding explicit env factors (#3904)
• Additional commits viewable in compare view

Updates types-python-dateutil from 2.9.0.20251115 to 2.9.0.20260402

Commits

• See full diff in compare view

Updates testcontainers from 4.14.1 to 4.14.2

Release notes

Sourced from testcontainers's releases.

testcontainers: v4.14.2

4.14.2 (2026-03-18)

Features

• kafka: allow configurable listener name and security protocol (#966) (44dd40b)

Changelog

Sourced from testcontainers's changelog.

4.14.2 (2026-03-18)

Features

• kafka: allow configurable listener name and security protocol (#966) (44dd40b)

Commits

• 5c67efb chore(main): release testcontainers 4.14.2 (#969)
• 44dd40b feat(kafka): allow configurable listener name and security protocol (#966)
• a78475a chore(main): Migrate to uv (#960)
• See full diff in compare view

Updates python-dotenv from 1.1.1 to 1.2.2

Release notes

Sourced from python-dotenv's releases.

v1.2.2

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#)

Changed

• The dotenv run command now forwards flags directly to the specified command by @​bbc2 in theskumar/python-dotenv#607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by @​bbc2 in #790c5
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by @​JYOuyang in theskumar/python-dotenv#590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Misc

• skip 000 permission tests for root user by @​burnout-projects in theskumar/python-dotenv#561
• Bump actions/checkout from 5 to 6 in the github-actions group by @​dependabot[bot] in theskumar/python-dotenv#593
• Add Windows testing to CI by @​bbc2 in theskumar/python-dotenv#604
• Improve workflow efficiency with best practices by @​theskumar in theskumar/python-dotenv#609
• Remove the use of sh in tests by @​bbc2 in theskumar/python-dotenv#612

New Contributors

• @​JYOuyang made their first contribution in theskumar/python-dotenv#590
• @​burnout-projects made their first contribution in theskumar/python-dotenv#561
• @​cpackham-atlnz made their first contribution in theskumar/python-dotenv#597

Full Changelog: theskumar/python-dotenv@v1.2.1...v1.2.2

v1.2.1

What's Changed

... (truncated)

Changelog

Sourced from python-dotenv's changelog.

[1.2.2] - 2026-03-01

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#588)

Changed

• The dotenv run command now forwards flags directly to the specified command by [@​bbc2] in #607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Dropped Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by [@​bbc2] in [790c5c0]
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@​JYOuyang] in #590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

[1.2.1] - 2025-10-26

• Move more config to pyproject.toml, removed setup.cfg
• Add support for reading .env from FIFOs (Unix) by [@​sidharth-sudhir] in #586

[1.2.0] - 2025-10-26

• Upgrade build system to use PEP 517 & PEP 518 to use build and pyproject.toml by [@​EpicWink] in #583
• Add support for Python 3.14 by [@​23f3001135] in #579
• Add support for disabling of load_dotenv() using PYTHON_DOTENV_DISABLED env var. by [@​matthewfranglen] in #569

Commits

• 36004e0 Bump version: 1.2.1 → 1.2.2
• eb20252 docs: update changelog for v1.2.2
• 790c5c0 Merge commit from fork
• 43340da Remove the use of sh in tests (#612)
• 09d7cee docs: clarify override behavior and document FIFO support (#610)
• c8de288 ci: improve workflow efficiency with best practices (#609)
• 7bd9e3d Add Windows testing to CI (#604)
• 1baaf04 Drop Python 3.9 support and update to PyPy 3.11 (#608)
• 4a22cf8 ci: enable testing on Python 3.14t (free-threaded) (#588)
• e2e8e77 Fix license specifier (#597)
• Additional commits viewable in compare view

Updates ruff from 0.14.10 to 0.15.8

Release notes

Sourced from ruff's releases.

0.15.8

Release Notes

Released on 2026-03-26.

Preview features

• [ruff] New rule unnecessary-if (RUF050) (#24114)
• [ruff] New rule useless-finally (RUF072) (#24165)
• [ruff] New rule f-string-percent-format (RUF073): warn when using % operator on an f-string (#24162)
• [pyflakes] Recognize frozendict as a builtin for Python 3.15+ (#24100)

Bug fixes

• [flake8-async] Use fully-qualified anyio.lowlevel import in autofix (ASYNC115) (#24166)
• [flake8-bandit] Check tuple arguments for partial paths in S607 (#24080)
• [pyflakes] Skip undefined-name (F821) for conditionally deleted variables (#24088)
• E501/W505/formatter: Exclude nested pragma comments from line width calculation (#24071)
• Fix %foo? parsing in IPython assignment expressions (#24152)
• analyze graph: resolve string imports that reference attributes, not just modules (#24058)

Rule changes

• [eradicate] ignore ty: ignore comments in ERA001 (#24192)
• [flake8-bandit] Treat sys.executable as trusted input in S603 (#24106)
• [flake8-self] Recognize Self annotation and self assignment in SLF001 (#24144)
• [pyflakes] F507: Fix false negative for non-tuple RHS in %-formatting (#24142)
• [refurb] Parenthesize generator arguments in FURB142 fixer (#24200)

Performance

• Speed up diagnostic rendering (#24146)

Server

• Warn when Markdown files are skipped due to preview being disabled (#24150)

Documentation

• Clarify extend-ignore and extend-select settings documentation (#24064)
• Mention AI policy in PR template (#24198)

Other changes

• Use trusted publishing for NPM packages (#24171)

Contributors

• @​bitloi
• @​Sim-hu

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.8

Released on 2026-03-26.

Preview features

• [ruff] New rule unnecessary-if (RUF050) (#24114)
• [ruff] New rule useless-finally (RUF072) (#24165)
• [ruff] New rule f-string-percent-format (RUF073): warn when using % operator on an f-string (#24162)
• [pyflakes] Recognize frozendict as a builtin for Python 3.15+ (#24100)

Bug fixes

• [flake8-async] Use fully-qualified anyio.lowlevel import in autofix (ASYNC115) (#24166)
• [flake8-bandit] Check tuple arguments for partial paths in S607 (#24080)
• [pyflakes] Skip undefined-name (F821) for conditionally deleted variables (#24088)
• E501/W505/formatter: Exclude nested pragma comments from line width calculation (#24071)
• Fix %foo? parsing in IPython assignment expressions (#24152)
• analyze graph: resolve string imports that reference attributes, not just modules (#24058)

Rule changes

• [eradicate] ignore ty: ignore comments in ERA001 (#24192)
• [flake8-bandit] Treat sys.executable as trusted input in S603 (#24106)
• [flake8-self] Recognize Self annotation and self assignment in SLF001 (#24144)
• [pyflakes] F507: Fix false negative for non-tuple RHS in %-formatting (#24142)
• [refurb] Parenthesize generator arguments in FURB142 fixer (#24200)

Performance

• Speed up diagnostic rendering (#24146)

Server

• Warn when Markdown files are skipped due to preview being disabled (#24150)

Documentation

• Clarify extend-ignore and extend-select settings documentation (#24064)
• Mention AI policy in PR template (#24198)

Other changes

• Use trusted publishing for NPM packages (#24171)

Contributors

• @​bitloi
• @​Sim-hu
• @​mvanhorn

... (truncated)

Commits

• c2a8815 Release 0.15.8 (#24217)
• d444d52 [ty] Infer lambda expressions with Callable type context (#22633)
• 9622285 [ty] Autocomplete arguments if in arguments node (#24167)
• d812662 Use the release environment in publish-docs (#24214)
• eda2355 [ty] Show Final source in final assignment diagnostic (#24194)
• 929eb52 [ty] Enforce Final attribute assignment rules for annotated and augmented wri...
• 34998be [ty] Fix typo in comment (#24211)
• 560aca0 [ty] Minor simplifications to some benchmark code (#24209)
• 683bae5 [ty] Track non-terminal-call constraints in global scope (#23245)
• 4704c2a [ty] Remove unnecessary intermediate collection in `StaticClassLiteral::field...
• Additional commits viewable in compare view

Updates sphinx from 7.4.7 to 8.1.3

Release notes

Sourced from sphinx's releases.

Sphinx 8.1.3

Changelog: https://www.sphinx-doc.org/en/master/changes/8.1.html

Bugs fixed

• #13013: Restore support for cut_lines() with no object type. Patch by Adam Turner.

Sphinx 8.1.2

Changelog: https://www.sphinx-doc.org/en/master/changes/8.1.html

Bugs fixed

• #13012: Expose sphinx.errors.ExtensionError in sphinx.util for backwards compatibility. This will be removed in Sphinx 9, as exposing the exception in sphinx.util was never intentional. ExtensionError has been part of sphinx.errors since Sphinx 0.9. Patch by Adam Turner.

Sphinx 8.1.1

Changelog: https://www.sphinx-doc.org/en/master/changes/8.1.html

Bugs fixed

• #13006: Use the preferred https://www.cve.org/ URL for the :cve: role. Patch by Hugo van Kemenade.
• #13007: LaTeX: Improve resiliency when the required fontawesome or fontawesome5 packages are not installed. Patch by Jean-François B.

Sphinx 8.1.0

Changelog: https://www.sphinx-doc.org/en/master/changes/8.1.html

Dependencies

• #12756: Add lower-bounds to the sphinxcontrib-* dependencies. Patch by Adam Turner.
• #12833: Update the LaTeX parskip package from 2001 to 2018. Patch by Jean-François B.

Incompatible changes

• #12763: Remove unused internal class sphinx.util.Tee. Patch by Adam Turner.
• #12822: LaTeX: for Unicode engines, the fvset default is changed to '\\fvset{fontsize=auto}' from '\\fvset{fontsize=\\small}'. Code-blocks are unchanged as FreeMono is now loaded with Scale=0.9. An adjustment to existing projects is needed only if they used a custom fontpkg configuration and did not set fvset.

... (truncated)

Changelog

Sourced from sphinx's changelog.

Release 8.1.3 (released Oct 13, 2024)

Bugs fixed

• #13013: Restore support for :func:!cut_lines with no object type. Patch by Adam Turner.

Release 8.1.2 (released Oct 12, 2024)

Bugs fixed

• #13012: Expose :exc:sphinx.errors.ExtensionError in sphinx.util for backwards compatibility. This will be removed in Sphinx 9, as exposing the exception in sphinx.util was never intentional. :exc:!ExtensionError has been part of sphinx.errors since Sphinx 0.9. Patch by Adam Turner.

Release 8.1.1 (released Oct 11, 2024)

Bugs fixed

• #13006: Use the preferred https://www.cve.org/ URL for the :rst:role::cve: <cve> role. Patch by Hugo van Kemenade.
• #13007: LaTeX: Improve resiliency when the required fontawesome or fontawesome5 packages are not installed. Patch by Jean-François B.

Release 8.1.0 (released Oct 10, 2024)

Dependencies

• #12756: Add lower-bounds to the sphinxcontrib-* dependencies. Patch by Adam Turner.
• #12833: Update the LaTeX parskip package from 2001 to 2018. Patch by Jean-François B.

Incompatible changes

• #12763: Remove unused internal class sphinx.util.Tee.

... (truncated)

Commits

• a1510de Bump to 8.1.3 final
• 62e9606 Restore support for cut_lines() with no object type (#13015)
• 5ae32ce Bump version
• a72b47b Bump to 8.1.2 final
• 39a45ad Expose ExtensionError in sphinx.util for backwards compatibility.
• 5a4859a Add docs about sphinx-autobuild (#13011)
• 05679ef Type-check the 'autodoc_intenum' example (#12827)
• 86d1d31 Prune CHANGES of unneeded sections
• b6269d3 Improve documentation for the Builder API (#13008)
• c46abc4 Improve clarity for master_doc and root_doc
• Additional commits viewable in compare view

Updates fawltydeps from 0.19.0 to 0.20.0

Release notes

Sourced from fawltydeps's releases.

v0.20.0

As we're nearing the release of v1.0, here is an update with various quality-of-life improvements.

Suggesting package names for undeclared dependencies

When FawltyDeps finds a 3rd-party import that is not declared, it will output that import name as an undeclared dependency. But as we've talked about before, import names in Python are not necessarily synonymous with the package names that you would have to declare in order to make those import names available.

For example, if you import sklearn in your code, it might not be obvious that the corresponding dependency declaration should be scikit-learn, and not sklearn.

Starting with this version, if you run FawltyDeps with the --detailed option, and if there happens to be one or more (undeclared) packages in your Python environment that provide the relevant import name, then FawltyDeps will suggest these packages as potential solutions to your undeclared dependency.

For the sklearn/scikit-learn example:

These imports appear to be undeclared dependencies:
- 'sklearn'
    imported at:
      some/file.py:123
    may be provided by these packages:
      'scikit-learn'

New option to control where FawltyDeps looks for 1st-party imports

By default (and before this release) FawltyDeps looks at the paths on the command-line to deduce where 1st-party imports (i.e. your project's own modules) can be found. In some corner cases this deduction fails, and the result is typically that a 1st-party import is flagged by FawltyDeps as an undeclared dependency.

The new --base-dir allows you to control where FawltyDeps looks for 1st-party imports, and it can help fix those cases where the default deduction fails, for example in cases where you are passing individual file names (instead of directory names) on the FawltyDeps command line.

We have a new section in our FAQ to more precisely describe how the new option works, and when it's needed.

Thanks to our new co-maintainer @​layus for suggesting and contributing both of the above improvements!

Otherwise

This release also includes various quality-of-life improvements for us maintainers, not necessarily user visible:

• We now have CodeQL and actionlint checks running in our CI pipeline, thanks to @​smelc 🎉
• Improved documentation
• Various internal cleanups and modernizations

What's Changed

• Expand user defined mapping documentation. by @​obscurerichard in tweag/FawltyDeps#480
• Follow-up after removing support for Python v3.8 by @​jherland in tweag/FawltyDeps#475
• Work around top-level venv special case by @​jherland in tweag/FawltyDeps#468
• Upgrade project declarations in pyproject.toml by @​jherland in tweag/FawltyDeps#481
• Suggest package names for undeclared imports, when possible by @​jherland in tweag/FawltyDeps#470
• CI: call actionlint to check workflow files by @​smelc in tweag/FawltyDeps#485
• Add support for *-wildcards in ignore-undeclared and ignore-unused by @​jherland in tweag/FawltyDeps#479
• RFC/Follow-up to actionlint CI action by @​jherland in tweag/FawltyDeps#488
• Follow-up to #484: Add a --base-dir option by @​jherland in tweag/FawltyDeps#489
• CI: run CodeQL by @​smelc in tweag/FawltyDeps#487
• CI: call the CodeQL workflow from the main workflow file by @​smelc in tweag/FawltyDeps#491

... (truncated)

Commits

• c0ed1a1 Bump version to v0.20.0
• b0c9d77 test_sample_projects: Fix incorrect type annotation, found by new Mypy
• 437361e Bump minimum Python version to allow update of transitive dependency
• 3e8636a Update lock file, re-pin dependencies
• b7208c7 extract_imports.parse_source: Improve interaction with dirs_between()
• d7be28c extract_imports.parse_source(): Fix case when base_dir is not a parent
• 7b581f8 test_extract_imports_simple: Add failing test case for issue #490
• de7c126 test_extract_imports_simple: Reformat test vectors with dataclass
• 4ea2c22 CI: call the CodeQL workflow from the main workflow file
• ce4b485 Rename codeql.yml to use the yaml extension
• Additional commits viewable in compare view

Updates ty from 0.0.5 to 0.0.27

Release notes

Sourced from ty's releases.

0.0.27

Release Notes

Released on 2026-03-31.

Bug fixes

• Fix panic on debug builds when attempting to provide autocomplete suggestions for list[int]<CURSOR>() (#24167)
• Fix instance-attribute lookup in methods of protocol classes (#24213)
• Fix nested global and nonlocal lookups through forwarding scopes (#24279)
• Fix panic on list[Annotated[()]] (#24303)
• Fix stack overflow on type A = TypeIs[Callable[[], A]] (#24245)
• Use _cls as the name of the first argument for synthesized collections.namedtuple constructor methods (#24333)

LSP server

• Fix semantic token classification for properties accessed on instances (#24065)
• Grey out unused bindings in the editor (#23305)

Core type checking

• Add bidirectional type context for TypedDict get() defaults (#24231)
• Add bidirectional type context for TypedDict pop() defaults (#24229)
• Add support for functional TypedDict (#24174, #24331, #24295)
• Ban type qualifiers in PEP-695 type aliases (#24242)
• Enforce Final attribute assignment rules for annotated and augmented writes (#23880)
• Improve support for Callable type context (#23888)
• Infer lambda expressions with Callable type context (#22633)
• Don't incorrectly infer the type of a method as being a singleton type when it's accessed off an instance (#24039)
• Propagate type context through await expressions (#24256)
• Resolve union-likes in emitting union attribute errors (#24263)
• Show the user where the variable was declared as Final when emitting a diagnostic about a Final variable being reassigned (#24194)

Contributors

• @​carljm
• @​mvanhorn
• @​oconnor663
• @​ibraheemdev
• @​zanieb
• @​denyszhak
• @​Glyphack
• @​charliermarsh
• @​AlexWaygood

Install ty 0.0.27

Install prebuilt binaries via shell script

</tr></table> 

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.27

Released on 2026-03-31.

Bug fixes

• Fix panic on debug builds when attempting to provide autocomplete suggestions for list[int]<CURSOR>() (#24167)
• Fix instance-attribute lookup in methods of protocol classes (#24213)
• Fix nested global and nonlocal lookups through forwarding scopes (#24279)
• Fix panic on list[Annotated[()]] (#24303)
• Fix stack overflow on type A = TypeIs[Callable[[], A]] (#24245)
• Use _cls as the name of the first argument for synthesized collections.namedtuple constructor methods (#24333)

LSP server

• Fix semantic token classification for properties accessed on instances (#24065)
• Grey out unused bindings in the editor (#23305)

Core type checking

• Add bidirectional type context for TypedDict get() defaults (#24231)
• Add bidirectional type context for TypedDict pop() defaults (#24229)
• Add support for functional TypedDict (#24174, #24331, #24295)
• Ban type qualifiers in PEP-695 type aliases (#24242)
• Enforce Final attribute assignment rules for annotated and augmented writes (#23880)
• Improve support for Callable type context (#23888)
• Infer lambda expressions with Callable type context (#22633)
• Don't incorrectly infer the type of a method as being a singleton type when it's accessed off an instance (#24039)
• Propagate type context through await expressions (#24256)
• Resolve union-likes in emitting union attribute errors (#24263Description has been truncated