Update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
cyclonedx-python-lib (changelog)	11.6.0 → 11.7.0
editorconfig-checker	3.6.0 → 3.6.1
mypy (changelog)	1.19.1 → 1.20.0
ruff (source, changelog)	0.15.0 → 0.15.8

---

Release Notes

CycloneDX/cyclonedx-python-lib (cyclonedx-python-lib)

v11.7.0

Compare Source

Documentation

• Add comprehensive SBOM validation guide
  (#​933,
  bf596c0)

• Docstrings for schema version classes
  (#​946,
  6460b71)

• Modernize RTF setup (#​921,
  af0059d)

Features

• Add properties for licenses according to CycloneDX 1.5
  (#​947,
  375d209)

• Make schema deprecation warnings handle-able
  (#​945,
  71edacf)

editorconfig-checker/editorconfig-checker.python (editorconfig-checker)

v3.6.1

Compare Source

python/mypy (mypy)

v1.20.0

Compare Source

astral-sh/ruff (ruff)

v0.15.8

Compare Source

Released on 2026-03-26.

Preview features

• [ruff] New rule unnecessary-if (RUF050) (#​24114)
• [ruff] New rule useless-finally (RUF072) (#​24165)
• [ruff] New rule f-string-percent-format (RUF073): warn when using % operator on an f-string (#​24162)
• [pyflakes] Recognize frozendict as a builtin for Python 3.15+ (#​24100)

Bug fixes

• [flake8-async] Use fully-qualified anyio.lowlevel import in autofix (ASYNC115) (#​24166)
• [flake8-bandit] Check tuple arguments for partial paths in S607 (#​24080)
• [pyflakes] Skip undefined-name (F821) for conditionally deleted variables (#​24088)
• E501/W505/formatter: Exclude nested pragma comments from line width calculation (#​24071)
• Fix %foo? parsing in IPython assignment expressions (#​24152)
• analyze graph: resolve string imports that reference attributes, not just modules (#​24058)

Rule changes

• [eradicate] ignore ty: ignore comments in ERA001 (#​24192)
• [flake8-bandit] Treat sys.executable as trusted input in S603 (#​24106)
• [flake8-self] Recognize Self annotation and self assignment in SLF001 (#​24144)
• [pyflakes] F507: Fix false negative for non-tuple RHS in %-formatting (#​24142)
• [refurb] Parenthesize generator arguments in FURB142 fixer (#​24200)

Performance

• Speed up diagnostic rendering (#​24146)

Server

• Warn when Markdown files are skipped due to preview being disabled (#​24150)

Documentation

• Clarify extend-ignore and extend-select settings documentation (#​24064)
• Mention AI policy in PR template (#​24198)

Other changes

• Use trusted publishing for NPM packages (#​24171)

Contributors

• @​bitloi
• @​Sim-hu
• @​mvanhorn
• @​chinar-amrutkar
• @​markjm
• @​RenzoMXD
• @​vivekkhimani
• @​seroperson
• @​moktamd
• @​charliermarsh
• @​ntBre
• @​zanieb
• @​dylwil3
• @​MichaReiser

v0.15.7

Compare Source

Released on 2026-03-19.

Preview features

• Display output severity in preview (#​23845)
• Don't show noqa hover for non-Python documents (#​24040)

Rule changes

• [pycodestyle] Recognize pyrefly: as a pragma comment (E501) (#​24019)

Server

• Don't return code actions for non-Python documents (#​23905)

Documentation

• Add company AI policy to contributing guide (#​24021)
• Document editor features for Markdown code formatting (#​23924)
• [pylint] Improve phrasing (PLC0208) (#​24033)

Other changes

• Use PEP 639 license information (#​19661)

Contributors

• @​tmimmanuel
• @​DimitriPapadopoulos
• @​amyreese
• @​statxc
• @​dylwil3
• @​hunterhogan
• @​renovate

v0.15.6

Compare Source

Released on 2026-03-12.

Preview features

• Add support for lazy import parsing (#​23755)
• Add support for star-unpacking of comprehensions (PEP 798) (#​23788)
• Reject semantic syntax errors for lazy imports (#​23757)
• Drop a few rules from the preview default set (#​23879)
• [airflow] Flag Variable.get() calls outside of task execution context (AIR003) (#​23584)
• [airflow] Flag runtime-varying values in DAG/task constructor arguments (AIR304) (#​23631)
• [flake8-bugbear] Implement delattr-with-constant (B043) (#​23737)
• [flake8-tidy-imports] Add TID254 to enforce lazy imports (#​23777)
• [flake8-tidy-imports] Allow users to ban lazy imports with TID254 (#​23847)
• [isort] Retain lazy keyword when sorting imports (#​23762)
• [pyupgrade] Add from __future__ import annotations automatically (UP006) (#​23260)
• [refurb] Support newline parameter in FURB101 for Python 3.13+ (#​23754)
• [ruff] Add os-path-commonprefix (RUF071) (#​23814)
• [ruff] Add unsafe fix for os-path-commonprefix (RUF071) (#​23852)
• [ruff] Limit RUF036 to typing contexts; make it unsafe for non-typing-only (#​23765)
• [ruff] Use starred unpacking for RUF017 in Python 3.15+ (#​23789)

Bug fixes

• Fix --add-noqa creating unwanted leading whitespace (#​23773)
• Fix --add-noqa breaking shebangs (#​23577)
• [formatter] Fix lambda body formatting for multiline calls and subscripts (#​23866)
• [formatter] Preserve required annotation parentheses in annotated assignments (#​23865)
• [formatter] Preserve type-expression parentheses in the formatter (#​23867)
• [flake8-annotations] Fix stack overflow in ANN401 on quoted annotations with escape sequences (#​23912)
• [pep8-naming] Check naming conventions in match pattern bindings (N806, N815, N816) (#​23899)
• [perflint] Fix comment duplication in fixes (PERF401, PERF403) (#​23729)
• [pyupgrade] Properly trigger super change in nested class (UP008) (#​22677)
• [ruff] Avoid syntax errors in RUF036 fixes (#​23764)

Rule changes

• [flake8-bandit] Flag S501 with requests.request (#​23873)
• [flake8-executable] Fix WSL detection in non-Docker containers (#​22879)
• [flake8-print] Ignore pprint calls with stream= (#​23787)

Documentation

• Update docs for Markdown code block formatting (#​23871)
• [flake8-bugbear] Fix misleading description for B904 (#​23731)

Contributors

• @​zsol
• @​carljm
• @​ntBre
• @​Bortlesboat
• @​sososonia-cyber
• @​chirizxc
• @​leandrobbraga
• @​11happy
• @​Acelogic
• @​anishgirianish
• @​amyreese
• @​xvchris
• @​charliermarsh
• @​getehen
• @​Dev-iL

v0.15.5

Compare Source

Released on 2026-03-05.

Preview features

• Discover Markdown files by default in preview mode (#​23434)
• [perflint] Extend PERF102 to comprehensions and generators (#​23473)
• [refurb] Fix FURB101 and FURB103 false positives when I/O variable is used later (#​23542)
• [ruff] Add fix for none-not-at-end-of-union (RUF036) (#​22829)
• [ruff] Fix false positive for re.split with empty string pattern (RUF055) (#​23634)

Bug fixes

• [fastapi] Handle callable class dependencies with __call__ method (FAST003) (#​23553)
• [pydocstyle] Fix numpy section ordering (D420) (#​23685)
• [pyflakes] Fix false positive for names shadowing re-exports (F811) (#​23356)
• [pyupgrade] Avoid inserting redundant None elements in UP045 (#​23459)

Documentation

• Document extension mapping for Markdown code formatting (#​23574)
• Update default Python version examples (#​23605)

Other changes

• Publish releases to Astral mirror (#​23616)

Contributors

• @​amyreese
• @​stakeswky
• @​chirizxc
• @​anishgirianish
• @​bxff
• @​zsol
• @​charliermarsh
• @​ntBre
• @​kar-ganap

v0.15.4

Compare Source

Released on 2026-02-26.

This is a follow-up release to 0.15.3 that resolves a panic when the new rule PLR1712 was enabled with any rule that analyzes definitions, such as many of the ANN or D rules.

Bug fixes

• Fix panic on access to definitions after analyzing definitions (#​23588)
• [pyflakes] Suppress false positive in F821 for names used before del in stub files (#​23550)

Documentation

• Clarify first-party import detection in Ruff (#​23591)
• Fix incorrect import-heading example (#​23568)

Contributors

• @​stakeswky
• @​ntBre
• @​thejcannon
• @​GeObts

v0.15.3

Compare Source

Released on 2026-02-26.

Preview features

• Drop explicit support for .qmd file extension (#​23572)

  This can now be enabled instead by setting the extension option:

  # ruff.toml
  extension = { qmd = "markdown" }
  
  # pyproject.toml
  [tool.ruff]
  extension = { qmd = "markdown" }

• Include configured extensions in file discovery (#​23400)

• [flake8-bandit] Allow suspicious imports in TYPE_CHECKING blocks (S401-S415) (#​23441)

• [flake8-bugbear] Allow B901 in pytest hook wrappers (#​21931)

• [flake8-import-conventions] Add missing conventions from upstream (ICN001, ICN002) (#​21373)

• [pydocstyle] Add rule to enforce docstring section ordering (D420) (#​23537)

• [pylint] Implement swap-with-temporary-variable (PLR1712) (#​22205)

• [ruff] Add unnecessary-assign-before-yield (RUF070) (#​23300)

• [ruff] Support file-level noqa in RUF102 (#​23535)

• [ruff] Suppress diagnostic for invalid f-strings before Python 3.12 (RUF027) (#​23480)

• [flake8-bandit] Don't flag BaseLoader/CBaseLoader as unsafe (S506) (#​23510)

Bug fixes

• Avoid infinite loop between I002 and PYI025 (#​23352)
• [pyflakes] Fix false positive for @overload from lint.typing-modules (F811) (#​23357)
• [pyupgrade] Fix false positive for TypeVar default before Python 3.12 (UP046) (#​23540)
• [pyupgrade] Fix handling of \N in raw strings (UP032) (#​22149)

Rule changes

• Render sub-diagnostics in the GitHub output format (#​23455)

• [flake8-bugbear] Tag certain B007 diagnostics as unnecessary (#​23453)

• [ruff] Ignore unknown rule codes in RUF100 (#​23531)

  These are now flagged by RUF102 instead.

Documentation

• Fix missing settings links for several linters (#​23519)
• Update isort action comments heading (#​23515)
• [pydocstyle] Fix double comma in description of D404 (#​23440)

Other changes

• Update the Python module (notably find_ruff_bin) for parity with uv (#​23406)

Contributors

• @​zanieb
• @​o1x3
• @​assadyousuf
• @​kar-ganap
• @​denyszhak
• @​amyreese
• @​carljm
• @​anishgirianish
• @​Bnyro
• @​danparizher
• @​ntBre
• @​gcomneno
• @​jaap3
• @​stakeswky

v0.15.2

Compare Source

Released on 2026-02-19.

Preview features

• Expand the default rule set (#​23385)

  In preview, Ruff now enables a significantly expanded default rule set of 412
  rules, up from the stable default set of 59 rules. The new rules are mostly a
  superset of the stable defaults, with the exception of these rules, which are
  removed from the preview defaults:

  • multiple-imports-on-one-line (E401)
  • module-import-not-at-top-of-file (E402)
  • module-import-not-at-top-of-file (E701)
  • multiple-statements-on-one-line-semicolon (E702)
  • useless-semicolon (E703)
  • none-comparison (E711)
  • true-false-comparison (E712)
  • not-in-test (E713)
  • not-is-test (E714)
  • type-comparison (E721)
  • lambda-assignment (E731)
  • ambiguous-variable-name (E741)
  • ambiguous-class-name (E742)
  • ambiguous-function-name (E743)
  • undefined-local-with-import-star (F403)
  • undefined-local-with-import-star-usage (F405)
  • undefined-local-with-nested-import-star-usage (F406)
  • forward-annotation-syntax-error (F722)

  If you use preview and prefer the old defaults, you can restore them with
  configuration like:

  # ruff.toml
  
  [lint]
  select = ["E4", "E7", "E9", "F"]
  
  # pyproject.toml
  
  [tool.ruff.lint]
  select = ["E4", "E7", "E9", "F"]

  If you do give them a try, feel free to share your feedback in the GitHub
  discussion!

• [flake8-pyi] Also check string annotations (PYI041) (#​19023)

Bug fixes

• [flake8-async] Fix in_async_context logic (#​23426)
• [ruff] Fix for RUF102 should delete entire comment (#​23380)
• [ruff] Suppress diagnostic for strings with backslashes in interpolations before Python 3.12 (RUF027) (#​21069)
• [flake8-bugbear] Fix B023 false positive for immediately-invoked lambdas (#​23294)
• [parser] Fix false syntax error for match-like annotated assignments (#​23297)
• [parser] Fix indentation tracking after line continuations (#​23417)

Rule changes

• [flake8-executable] Allow global flags in uv shebangs (EXE003) (#​22582)
• [pyupgrade] Fix handling of typing.{io,re} (UP035) (#​23131)
• [ruff] Detect PLC0207 on chained str.split() calls (#​23275)

CLI

• Remove invalid inline noqa warning (#​23270)

Configuration

• Add extension mapping to configuration file options (#​23384)

Documentation

• Add Q004 to the list of conflicting rules (#​23340)
• [ruff] Expand lint.external docs and add sub-diagnostic (RUF100, RUF102) (#​23268)

Contributors

• @​dylwil3
• @​Jkhall81
• @​danparizher
• @​dhruvmanila
• @​harupy
• @​ngnpope
• @​amyreese
• @​kar-ganap
• @​robsdedude
• @​shaanmajid
• @​ntBre
• @​toslunar

v0.15.1

Compare Source

Released on 2026-02-12.

Preview features

• [airflow] Add ruff rules to catch deprecated Airflow imports for Airflow 3.1 (AIR321) (#​22376)
• [airflow] Third positional parameter not named ti_key should be flagged for BaseOperatorLink.get_link (AIR303) (#​22828)
• [flake8-gettext] Fix false negatives for plural argument of ngettext (INT001, INT002, INT003) (#​21078)
• [pyflakes] Fix infinite loop in preview fix for unused-import (F401) (#​23038)
• [pygrep-hooks] Detect non-existent mock methods in standalone expressions (PGH005) (#​22830)
• [pylint] Allow dunder submodules and improve diagnostic range (PLC2701) (#​22804)
• [pyupgrade] Improve diagnostic range for tuples (UP024) (#​23013)
• [refurb] Check subscripts in tuple do not use lambda parameters in reimplemented-operator (FURB118) (#​23079)
• [ruff] Detect mutable defaults in field calls (RUF008) (#​23046)
• [ruff] Ignore std cmath.inf (RUF069) (#​23120)
• [ruff] New rule float-equality-comparison (RUF069) (#​20585)
• Don't format unlabeled Markdown code blocks (#​23106)
• Markdown formatting support in LSP (#​23063)
• Support Quarto Markdown language markers (#​22947)
• Support formatting pycon Markdown code blocks (#​23112)
• Use extension mapping to select Markdown code block language (#​22934)

Bug fixes

• Avoid false positive for undefined variables in FAST001 (#​23224)
• Avoid introducing syntax errors for FAST003 autofix (#​23227)
• Avoid suggesting InitVar for __post_init__ that references PEP 695 type parameters (#​23226)
• Deduplicate type variables in generic functions (#​23225)
• Fix exception handler parenthesis removal for Python 3.14+ (#​23126)
• Fix f-string middle panic when parsing t-strings (#​23232)
• Wrap RUF020 target for multiline fixes (#​23210)
• Wrap UP007 target for multiline fixes (#​23208)
• Fix missing diagnostics for last range suppression in file (#​23242)
• [pyupgrade] Fix syntax error on string with newline escape and comment (UP037) (#​22968)

Rule changes

• Use ruff instead of Ruff as the program name in GitHub output format (#​23240)
• [PT006] Fix syntax error when unpacking nested tuples in parametrize fixes (#​22441) (#​22464)
• [airflow] Catch deprecated attribute access from context key for Airflow 3.0 (AIR301) (#​22850)
• [airflow] Capture deprecated arguments and a decorator (AIR301) (#​23170)
• [flake8-boolean-trap] Add multiprocessing.Value to excluded functions for FBT003 (#​23010)
• [flake8-bugbear] Add a secondary annotation showing the previous occurrence (B033) (#​22634)
• [flake8-type-checking] Add sub-diagnostic showing the runtime use of an annotation (TC004) (#​23091)
• [isort] Support configurable import section heading comments (#​23151)
• [ruff] Improve the diagnostic for RUF012 (#​23202)

Formatter

• Suppress diagnostic output for format --check --silent (#​17736)

Documentation

• Add tabbed shell completion documentation (#​23169)
• Explain how to enable Markdown formatting for pre-commit hook (#​23077)
• Fixed import in runtime-evaluated-decorators example (#​23187)
• Update ruff server contributing guide (#​23060)

Other changes

• Exclude WASM artifacts from GitHub releases (#​23221)

Contributors

• @​mkniewallner
• @​bxff
• @​dylwil3
• @​Avasam
• @​amyreese
• @​charliermarsh
• @​Alex-ley-scrub
• @​Kalmaegi
• @​danparizher
• @​AiyionPrime
• @​eureka928
• @​11happy
• @​Jkhall81
• @​chirizxc
• @​leandrobbraga
• @​tvatter
• @​anishgirianish
• @​shaanmajid
• @​ntBre
• @​sjyangkevin

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.