Famedly release v1.134.0_1 by jason-famedly · Pull Request #70 · famedly/synapse

jason-famedly · 2025-07-21T13:11:12Z

New version of Synapse

`v1.133.0_1` -> `v1.134.0_1`

Notes:

As an oddity, pyicu was replaced with a rust version, thus eliminating the need for installation of libicu as part of installation. It appears it is still in the dockerfile though. I will be watching for this, and may send this change upstream

Famedly additions since last release:

New docker image tagging for Famedly production builds (Jason Little)
Reduce trial test runners to *2 from *3 of nproc (Jason Little)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

The background updates are being registered on an object that is for the _state_ database, but the actual tables are on the _main_ database. This just moves them to a different store that can access the right stuff. I noticed this when trying to do a full schema dump cause I was curious what has changed since the last one. Fixes #16054 ### Pull Request Checklist  * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))

When a request gets ratelimited we (optionally) wait ~500ms before returning to mitigate clients that like to tightloop on request failures. However, this is currently implemented by pausing request processing when we check for ratelimits, which might be deep within request processing, and e.g. while locks are held. Instead, let's hoist the pause to the very top of the HTTP handler. Hopefully, this mitigates the issue where a user sending lots of events to a single room can see their requests time out due to the combination of the linearizer and the pausing of the request. Instead, they should see the requests 429 after ~500ms. The first commit is a refactor to pass the `Clock` to `AsyncResource`, the second commit is the behavioural change.

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Co-authored-by: Sebastian Spaeth <Sebastian@SSpaeth.de> Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>

As that appears in the module API. Broke in #18595.

This adds the capability from matrix-org/matrix-spec-proposals#4267 under an experimental feature. Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>

It came up that this was somewhat confusing and an example might help. So here's an example :) --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>

<ol> <li> Reorder columns in `event_txn_id_device_id_txn_id` index \ This now satisfies the foreign key on `(user_id, device_id)` making reverse lookups, as needed for device deletions, more efficient. This improves device deletion performance by on the order of 8 to 10× on matrix.org. </li> </ol> Rationale: ## On the `event_txn_id_device_id` table: We currently have this index: ```sql -- This ensures that there is only one mapping per (room_id, user_id, device_id, txn_id) tuple. CREATE UNIQUE INDEX IF NOT EXISTS event_txn_id_device_id_txn_id ON event_txn_id_device_id(room_id, user_id, device_id, txn_id); ``` The main way we use this table is ```python return await self.db_pool.simple_select_one_onecol( table="event_txn_id_device_id", keyvalues={ "room_id": room_id, "user_id": user_id, "device_id": device_id, "txn_id": txn_id, }, retcol="event_id", allow_none=True, desc="get_event_id_from_transaction_id_and_device_id", ) ``` But this foreign key is relatively unsupported, making deletions in the devices table inefficient (full index scan on the above index): ```sql FOREIGN KEY (user_id, device_id) REFERENCES devices (user_id, device_id) ON DELETE CASCADE ``` I propose re-ordering the columns in that index to: `(user_id, device_id, room_id, txn_id)` (by replacing it). That way the foreign key back-check can rely on the prefix of this index, but it's still useful for the original purpose it was made for. It doesn't take any extra disk space and does not harm write performance (because the same amount of writing work needs to be performed). --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>

Co-authored-by: Andrew Morgan <andrew@amorgan.xyz>

This is to handle the case of deleting lots of "bot" devices at once. Reviewable commit-by-commit --------- Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>

### Pull Request Checklist Implementation of [MSC4235](matrix-org/matrix-spec-proposals#4235) as per suggestion in [pull request 17750](element-hq/synapse#17750 (comment)).  * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: Quentin Gliech <quenting@element.io>

Co-authored-by: Quentin Gliech <quenting@element.io> Co-authored-by: Eric Eastwood <erice@element.io>

Fixes: #18502 --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>

So we can see what we're deleting.

Request to raise the defensive version cap for poetry-core from 1.9.1 to 2.1.3. My understanding is that the major version bump of poetry signals the transition to standardized pyproject.toml metadata, but does not affect backwards compatibility. This is a subset of the changes in #18432 Fixes #18200 ### Pull Request Checklist  * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))

Discussed in the [Synapse Dev room](https://matrix.to/#/!vcyiEtMVHIhWXcJAfl:sw1v.org/$K4UojQtvaSpxSe35TWFXtKWGoAuHwHFcKo8qn2lwxSs?via=matrix.org&via=element.io&via=envs.net) ### Pull Request Checklist  * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))

Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.9.0 to 3.9.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's releases</a>.</em></p> <blockquote> <h2>v3.9.1</h2> <h2>What's Changed</h2> <ul> <li>default action install to use release v2.5.1 by <a href="https://github.com/cpanato"><code>@cpanato</code></a> in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/193">sigstore/cosign-installer#193</a></li> <li>default cosign to v2.5.2 by <a href="https://github.com/cpanato"><code>@cpanato</code></a> in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/194">sigstore/cosign-installer#194</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v3.9.0...v3.9.1">https://github.com/sigstore/cosign-installer/compare/v3.9.0...v3.9.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sigstore/cosign-installer/commit/398d4b0eeef1380460a10c8013a76f728fb906ac"><code>398d4b0</code></a> default cosign to v2.5.2 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/194">#194</a>)</li> <li><a href="https://github.com/sigstore/cosign-installer/commit/84f54a2bcd1ecf70e51a05388183dce4e1487230"><code>84f54a2</code></a> default action install to use release v2.5.1 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/193">#193</a>)</li> <li>See full diff in <a href="https://github.com/sigstore/cosign-installer/compare/fb28c2b6339dcd94da6e4cbcbc5e888961f6f8c3...398d4b0eeef1380460a10c8013a76f728fb906ac">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=3.9.0&new-version=3.9.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [types-jsonschema](https://github.com/typeshed-internal/stub_uploader) from 4.23.0.20250516 to 4.24.0.20250528. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/typeshed-internal/stub_uploader/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=types-jsonschema&package-manager=pip&previous-version=4.23.0.20250516&new-version=4.24.0.20250528)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [treq](https://github.com/twisted/treq) from 24.9.1 to 25.5.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/twisted/treq/blob/trunk/CHANGELOG.rst">treq's changelog</a>.</em></p> <blockquote> <h1>25.5.0 (2025-05-31)</h1> <h2>Features</h2> <ul> <li>treq is packaged with Hatchling, and consequently no longer directly depends on setuptools. (<code>[#388](twisted/treq#388) <https://github.com/twisted/treq/issues/388></code>__)</li> </ul> <h2>Improved Documentation</h2> <ul> <li>Update documentation to use <code>async</code>/<code>await</code> syntax (<code>[#409](twisted/treq#409) <https://github.com/twisted/treq/issues/409></code>__)</li> </ul> <h2>Deprecations and Removals</h2> <ul> <li>Support for Python 3.8, which has reached end of support, is deprecated. This is the last release with support for Python 3.8. (<code>[#407](twisted/treq#407) <https://github.com/twisted/treq/issues/407></code>__)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/twisted/treq/commit/6869fa5d09f306e2fa225428516f947da0b8fae7"><code>6869fa5</code></a> Merge pull request <a href="https://redirect.github.com/twisted/treq/issues/410">#410</a> from twisted/release-25.5.0</li> <li><a href="https://github.com/twisted/treq/commit/56266566cfa71fc2a92ba5c9ace90c43ac774170"><code>5626656</code></a> Test with Python 3.13 final</li> <li><a href="https://github.com/twisted/treq/commit/f10185e4da4b404fa7592a7d948b6d573a9819da"><code>f10185e</code></a> Generate the changelog</li> <li><a href="https://github.com/twisted/treq/commit/4b846664f18261a666ad1bd6de4b59dd67db1fc5"><code>4b84666</code></a> Version 25.5.0</li> <li><a href="https://github.com/twisted/treq/commit/72a4441f599ac93c6a6a78a398366c103db6fb05"><code>72a4441</code></a> Merge pull request <a href="https://redirect.github.com/twisted/treq/issues/409">#409</a> from twisted/rtd-shiny</li> <li><a href="https://github.com/twisted/treq/commit/0a814edd8a6927e1c5288500ac98ee457cb53a9e"><code>0a814ed</code></a> Add changefragment</li> <li><a href="https://github.com/twisted/treq/commit/993cc47df5ae415dcb361f1215d9c50c31be6983"><code>993cc47</code></a> Fix changelog warnings</li> <li><a href="https://github.com/twisted/treq/commit/3992177456df67811d0960160ce0c343d1969926"><code>3992177</code></a> Link to CookieJar</li> <li><a href="https://github.com/twisted/treq/commit/cff43d93b6fbb6ce68f7721938906573b6ba55ad"><code>cff43d9</code></a> Update source_suffix conf</li> <li><a href="https://github.com/twisted/treq/commit/e39c8511b12c0cf809c6bc3e22f031597ad27067"><code>e39c851</code></a> async def print_response</li> <li>Additional commits viewable in <a href="https://github.com/twisted/treq/compare/treq-24.9.1...treq-25.5.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=treq&package-manager=pip&previous-version=24.9.1&new-version=25.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Co-authored-by: anoa's Codex Agent <codex@amorgan.xyz> Co-authored-by: Quentin Gliech <quenting@element.io>

Bumps [ruff](https://github.com/astral-sh/ruff) from 0.11.11 to 0.12.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/releases">ruff's releases</a>.</em></p> <blockquote> <h2>0.12.1</h2> <h2>Release Notes</h2> <h3>Preview features</h3> <ul> <li>[<code>flake8-errmsg</code>] Extend <code>EM101</code> to support byte strings (<a href="https://redirect.github.com/astral-sh/ruff/pull/18867">#18867</a>)</li> <li>[<code>flake8-use-pathlib</code>] Add autofix for <code>PTH202</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18763">#18763</a>)</li> <li>[<code>pygrep-hooks</code>] Add <code>AsyncMock</code> methods to <code>invalid-mock-access</code> (<code>PGH005</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18547">#18547</a>)</li> <li>[<code>pylint</code>] Ignore <code>__init__.py</code> files in (<code>PLC0414</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18400">#18400</a>)</li> <li>[<code>ruff</code>] Trigger <code>RUF037</code> for empty string and byte strings (<a href="https://redirect.github.com/astral-sh/ruff/pull/18862">#18862</a>)</li> <li>[formatter] Fix missing blank lines before decorated classes in <code>.pyi</code> files (<a href="https://redirect.github.com/astral-sh/ruff/pull/18888">#18888</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>Avoid generating diagnostics with per-file ignores (<a href="https://redirect.github.com/astral-sh/ruff/pull/18801">#18801</a>)</li> <li>Handle parenthesized arguments in <code>remove_argument</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18805">#18805</a>)</li> <li>[<code>flake8-logging</code>] Avoid false positive for <code>exc_info=True</code> outside <code>logger.exception</code> (<code>LOG014</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18737">#18737</a>)</li> <li>[<code>flake8-pytest-style</code>] Enforce <code>pytest</code> import for decorators (<a href="https://redirect.github.com/astral-sh/ruff/pull/18779">#18779</a>)</li> <li>[<code>flake8-pytest-style</code>] Mark autofix for <code>PT001</code> and <code>PT023</code> as unsafe if there's comments in the decorator (<a href="https://redirect.github.com/astral-sh/ruff/pull/18792">#18792</a>)</li> <li>[<code>flake8-pytest-style</code>] <code>PT001</code>/<code>PT023</code> fix makes syntax error on parenthesized decorator (<a href="https://redirect.github.com/astral-sh/ruff/pull/18782">#18782</a>)</li> <li>[<code>flake8-raise</code>] Make fix unsafe if it deletes comments (<code>RSE102</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18788">#18788</a>)</li> <li>[<code>flake8-simplify</code>] Fix <code>SIM911</code> autofix creating a syntax error (<a href="https://redirect.github.com/astral-sh/ruff/pull/18793">#18793</a>)</li> <li>[<code>flake8-simplify</code>] Fix false negatives for shadowed bindings (<code>SIM910</code>, <code>SIM911</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18794">#18794</a>)</li> <li>[<code>flake8-simplify</code>] Preserve original behavior for <code>except ()</code> and bare <code>except</code> (<code>SIM105</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18213">#18213</a>)</li> <li>[<code>flake8-pyi</code>] Fix <code>PYI041</code>'s fix causing <code>TypeError</code> with <code>None | None | ...</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18637">#18637</a>)</li> <li>[<code>perflint</code>] Fix <code>PERF101</code> autofix creating a syntax error and mark autofix as unsafe if there are comments in the <code>list</code> call expr (<a href="https://redirect.github.com/astral-sh/ruff/pull/18803">#18803</a>)</li> <li>[<code>perflint</code>] Fix false negative in <code>PERF401</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18866">#18866</a>)</li> <li>[<code>pylint</code>] Avoid flattening nested <code>min</code>/<code>max</code> when outer call has single argument (<code>PLW3301</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/16885">#16885</a>)</li> <li>[<code>pylint</code>] Fix <code>PLC2801</code> autofix creating a syntax error (<a href="https://redirect.github.com/astral-sh/ruff/pull/18857">#18857</a>)</li> <li>[<code>pylint</code>] Mark <code>PLE0241</code> autofix as unsafe if there's comments in the base classes (<a href="https://redirect.github.com/astral-sh/ruff/pull/18832">#18832</a>)</li> <li>[<code>pylint</code>] Suppress <code>PLE2510</code>/<code>PLE2512</code>/<code>PLE2513</code>/<code>PLE2514</code>/<code>PLE2515</code> autofix if the text contains an odd number of backslashes (<a href="https://redirect.github.com/astral-sh/ruff/pull/18856">#18856</a>)</li> <li>[<code>refurb</code>] Detect more exotic float literals in <code>FURB164</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18925">#18925</a>)</li> <li>[<code>refurb</code>] Fix <code>FURB163</code> autofix creating a syntax error for <code>yield</code> expressions (<a href="https://redirect.github.com/astral-sh/ruff/pull/18756">#18756</a>)</li> <li>[<code>refurb</code>] Mark <code>FURB129</code> autofix as unsafe if there's comments in the <code>readlines</code> call (<a href="https://redirect.github.com/astral-sh/ruff/pull/18858">#18858</a>)</li> <li>[<code>ruff</code>] Fix false positives and negatives in <code>RUF010</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18690">#18690</a>)</li> <li>Fix casing of <code>analyze.direction</code> variant names (<a href="https://redirect.github.com/astral-sh/ruff/pull/18892">#18892</a>)</li> </ul> <h3>Rule changes</h3> <ul> <li>Fix f-string interpolation escaping in generated fixes (<a href="https://redirect.github.com/astral-sh/ruff/pull/18882">#18882</a>)</li> <li>[<code>flake8-return</code>] Mark <code>RET501</code> fix unsafe if comments are inside (<a href="https://redirect.github.com/astral-sh/ruff/pull/18780">#18780</a>)</li> <li>[<code>flake8-async</code>] Fix detection for large integer sleep durations in <code>ASYNC116</code> rule (<a href="https://redirect.github.com/astral-sh/ruff/pull/18767">#18767</a>)</li> <li>[<code>flake8-async</code>] Mark autofix for <code>ASYNC115</code> as unsafe if the call expression contains comments (<a href="https://redirect.github.com/astral-sh/ruff/pull/18753">#18753</a>)</li> <li>[<code>flake8-bugbear</code>] Mark autofix for <code>B004</code> as unsafe if the <code>hasattr</code> call expr contains comments (<a href="https://redirect.github.com/astral-sh/ruff/pull/18755">#18755</a>)</li> <li>[<code>flake8-comprehension</code>] Mark autofix for <code>C420</code> as unsafe if there's comments inside the dict comprehension (<a href="https://redirect.github.com/astral-sh/ruff/pull/18768">#18768</a>)</li> <li>[<code>flake8-comprehensions</code>] Handle template strings for comprehension fixes (<a href="https://redirect.github.com/astral-sh/ruff/pull/18710">#18710</a>)</li> <li>[<code>flake8-future-annotations</code>] Add autofix (<code>FA100</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18903">#18903</a>)</li> <li>[<code>pyflakes</code>] Mark <code>F504</code>/<code>F522</code>/<code>F523</code> autofix as unsafe if there's a call with side effect (<a href="https://redirect.github.com/astral-sh/ruff/pull/18839">#18839</a>)</li> <li>[<code>pylint</code>] Allow fix with comments and document performance implications (<code>PLW3301</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18936">#18936</a>)</li> <li>[<code>pylint</code>] Detect more exotic <code>NaN</code> literals in <code>PLW0177</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18630">#18630</a>)</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's changelog</a>.</em></p> <blockquote> <h2>0.12.1</h2> <h3>Preview features</h3> <ul> <li>[<code>flake8-errmsg</code>] Extend <code>EM101</code> to support byte strings (<a href="https://redirect.github.com/astral-sh/ruff/pull/18867">#18867</a>)</li> <li>[<code>flake8-use-pathlib</code>] Add autofix for <code>PTH202</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18763">#18763</a>)</li> <li>[<code>pygrep-hooks</code>] Add <code>AsyncMock</code> methods to <code>invalid-mock-access</code> (<code>PGH005</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18547">#18547</a>)</li> <li>[<code>pylint</code>] Ignore <code>__init__.py</code> files in (<code>PLC0414</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18400">#18400</a>)</li> <li>[<code>ruff</code>] Trigger <code>RUF037</code> for empty string and byte strings (<a href="https://redirect.github.com/astral-sh/ruff/pull/18862">#18862</a>)</li> <li>[formatter] Fix missing blank lines before decorated classes in <code>.pyi</code> files (<a href="https://redirect.github.com/astral-sh/ruff/pull/18888">#18888</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>Avoid generating diagnostics with per-file ignores (<a href="https://redirect.github.com/astral-sh/ruff/pull/18801">#18801</a>)</li> <li>Handle parenthesized arguments in <code>remove_argument</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18805">#18805</a>)</li> <li>[<code>flake8-logging</code>] Avoid false positive for <code>exc_info=True</code> outside <code>logger.exception</code> (<code>LOG014</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18737">#18737</a>)</li> <li>[<code>flake8-pytest-style</code>] Enforce <code>pytest</code> import for decorators (<a href="https://redirect.github.com/astral-sh/ruff/pull/18779">#18779</a>)</li> <li>[<code>flake8-pytest-style</code>] Mark autofix for <code>PT001</code> and <code>PT023</code> as unsafe if there's comments in the decorator (<a href="https://redirect.github.com/astral-sh/ruff/pull/18792">#18792</a>)</li> <li>[<code>flake8-pytest-style</code>] <code>PT001</code>/<code>PT023</code> fix makes syntax error on parenthesized decorator (<a href="https://redirect.github.com/astral-sh/ruff/pull/18782">#18782</a>)</li> <li>[<code>flake8-raise</code>] Make fix unsafe if it deletes comments (<code>RSE102</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18788">#18788</a>)</li> <li>[<code>flake8-simplify</code>] Fix <code>SIM911</code> autofix creating a syntax error (<a href="https://redirect.github.com/astral-sh/ruff/pull/18793">#18793</a>)</li> <li>[<code>flake8-simplify</code>] Fix false negatives for shadowed bindings (<code>SIM910</code>, <code>SIM911</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18794">#18794</a>)</li> <li>[<code>flake8-simplify</code>] Preserve original behavior for <code>except ()</code> and bare <code>except</code> (<code>SIM105</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18213">#18213</a>)</li> <li>[<code>flake8-pyi</code>] Fix <code>PYI041</code>'s fix causing <code>TypeError</code> with <code>None | None | ...</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18637">#18637</a>)</li> <li>[<code>perflint</code>] Fix <code>PERF101</code> autofix creating a syntax error and mark autofix as unsafe if there are comments in the <code>list</code> call expr (<a href="https://redirect.github.com/astral-sh/ruff/pull/18803">#18803</a>)</li> <li>[<code>perflint</code>] Fix false negative in <code>PERF401</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18866">#18866</a>)</li> <li>[<code>pylint</code>] Avoid flattening nested <code>min</code>/<code>max</code> when outer call has single argument (<code>PLW3301</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/16885">#16885</a>)</li> <li>[<code>pylint</code>] Fix <code>PLC2801</code> autofix creating a syntax error (<a href="https://redirect.github.com/astral-sh/ruff/pull/18857">#18857</a>)</li> <li>[<code>pylint</code>] Mark <code>PLE0241</code> autofix as unsafe if there's comments in the base classes (<a href="https://redirect.github.com/astral-sh/ruff/pull/18832">#18832</a>)</li> <li>[<code>pylint</code>] Suppress <code>PLE2510</code>/<code>PLE2512</code>/<code>PLE2513</code>/<code>PLE2514</code>/<code>PLE2515</code> autofix if the text contains an odd number of backslashes (<a href="https://redirect.github.com/astral-sh/ruff/pull/18856">#18856</a>)</li> <li>[<code>refurb</code>] Detect more exotic float literals in <code>FURB164</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18925">#18925</a>)</li> <li>[<code>refurb</code>] Fix <code>FURB163</code> autofix creating a syntax error for <code>yield</code> expressions (<a href="https://redirect.github.com/astral-sh/ruff/pull/18756">#18756</a>)</li> <li>[<code>refurb</code>] Mark <code>FURB129</code> autofix as unsafe if there's comments in the <code>readlines</code> call (<a href="https://redirect.github.com/astral-sh/ruff/pull/18858">#18858</a>)</li> <li>[<code>ruff</code>] Fix false positives and negatives in <code>RUF010</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18690">#18690</a>)</li> <li>Fix casing of <code>analyze.direction</code> variant names (<a href="https://redirect.github.com/astral-sh/ruff/pull/18892">#18892</a>)</li> </ul> <h3>Rule changes</h3> <ul> <li>Fix f-string interpolation escaping in generated fixes (<a href="https://redirect.github.com/astral-sh/ruff/pull/18882">#18882</a>)</li> <li>[<code>flake8-return</code>] Mark <code>RET501</code> fix unsafe if comments are inside (<a href="https://redirect.github.com/astral-sh/ruff/pull/18780">#18780</a>)</li> <li>[<code>flake8-async</code>] Fix detection for large integer sleep durations in <code>ASYNC116</code> rule (<a href="https://redirect.github.com/astral-sh/ruff/pull/18767">#18767</a>)</li> <li>[<code>flake8-async</code>] Mark autofix for <code>ASYNC115</code> as unsafe if the call expression contains comments (<a href="https://redirect.github.com/astral-sh/ruff/pull/18753">#18753</a>)</li> <li>[<code>flake8-bugbear</code>] Mark autofix for <code>B004</code> as unsafe if the <code>hasattr</code> call expr contains comments (<a href="https://redirect.github.com/astral-sh/ruff/pull/18755">#18755</a>)</li> <li>[<code>flake8-comprehension</code>] Mark autofix for <code>C420</code> as unsafe if there's comments inside the dict comprehension (<a href="https://redirect.github.com/astral-sh/ruff/pull/18768">#18768</a>)</li> <li>[<code>flake8-comprehensions</code>] Handle template strings for comprehension fixes (<a href="https://redirect.github.com/astral-sh/ruff/pull/18710">#18710</a>)</li> <li>[<code>flake8-future-annotations</code>] Add autofix (<code>FA100</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18903">#18903</a>)</li> <li>[<code>pyflakes</code>] Mark <code>F504</code>/<code>F522</code>/<code>F523</code> autofix as unsafe if there's a call with side effect (<a href="https://redirect.github.com/astral-sh/ruff/pull/18839">#18839</a>)</li> <li>[<code>pylint</code>] Allow fix with comments and document performance implications (<code>PLW3301</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18936">#18936</a>)</li> <li>[<code>pylint</code>] Detect more exotic <code>NaN</code> literals in <code>PLW0177</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18630">#18630</a>)</li> <li>[<code>pylint</code>] Fix <code>PLC1802</code> autofix creating a syntax error and mark autofix as unsafe if there's comments in the <code>len</code> call (<a href="https://redirect.github.com/astral-sh/ruff/pull/18836">#18836</a>)</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/astral-sh/ruff/commit/32c54189cb45a9d0409a1140265ce6d5fcec214d"><code>32c5418</code></a> Bump 0.12.1 (<a href="https://redirect.github.com/astral-sh/ruff/issues/18969">#18969</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/b85c219283dcdae474642e9174352da5d9aee132"><code>b85c219</code></a> [<code>FastAPI</code>] Add fix safety section to <code>FAST002</code> (<a href="https://redirect.github.com/astral-sh/ruff/issues/18940">#18940</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/b1d1cf1d382acd745a57a391a7befb6c300f6c9a"><code>b1d1cf1</code></a> [ty] Add regression test for leading tab mis-alignment in diagnostic renderin...</li> <li><a href="https://github.com/astral-sh/ruff/commit/1dcdf7f41d80b819576b8e146c1af9e72b44d2da"><code>1dcdf7f</code></a> [ty] Resolve python environment in <code>Options::to_program_settings</code> (<a href="https://redirect.github.com/astral-sh/ruff/issues/18960">#18960</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/d00697621e2a772e9ad0b25c4c74f1572d72fd29"><code>d006976</code></a> [<code>ruff</code>] Fix false positives and negatives in <code>RUF010</code> (<a href="https://redirect.github.com/astral-sh/ruff/issues/18690">#18690</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/76619b96e504d63e574227e8d31d6ecfcd32d1c7"><code>76619b9</code></a> [ty] Fix rendering of long lines that are indented with tabs</li> <li><a href="https://github.com/astral-sh/ruff/commit/6e25cfba2b2fb607e16102cb5cd84cd775882d80"><code>6e25cfb</code></a> [ty] Add regression test for diagnostic rendering panic</li> <li><a href="https://github.com/astral-sh/ruff/commit/76387295a581ed5c665b685e1d69fe2751ad24b1"><code>7638729</code></a> [ty] Move venv and conda env discovery to <code>SearchPath::from_settings</code> (<a href="https://redirect.github.com/astral-sh/ruff/issues/18938">#18938</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/d04e63a6d9dbb5c751c99d113d7eaf98b765b426"><code>d04e63a</code></a> [ty] Add regression-benchmark for attribute-assignment hang (<a href="https://redirect.github.com/astral-sh/ruff/issues/18957">#18957</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/86fd9b634e5526d2093aeb5a37dc6f30cefc1925"><code>86fd9b6</code></a> [ty] Format conflicting types as an enumeration (<a href="https://redirect.github.com/astral-sh/ruff/issues/18956">#18956</a>)</li> <li>Additional commits viewable in <a href="https://github.com/astral-sh/ruff/compare/0.11.11...0.12.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ruff&package-manager=pip&previous-version=0.11.11&new-version=0.12.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [types-setuptools](https://github.com/typeshed-internal/stub_uploader) from 75.2.0.20241019 to 80.9.0.20250529. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/typeshed-internal/stub_uploader/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=types-setuptools&package-manager=pip&previous-version=75.2.0.20241019&new-version=80.9.0.20250529)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [msgpack](https://github.com/msgpack/msgpack-python) from 1.1.0 to 1.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/msgpack/msgpack-python/releases">msgpack's releases</a>.</em></p> <blockquote> <h2>v1.1.1</h2> <h2>What's Changed</h2> <ul> <li>Add Python 3.13 trove classifier by <a href="https://github.com/edgarrmondragon"><code>@edgarrmondragon</code></a> in <a href="https://redirect.github.com/msgpack/msgpack-python/pull/626">msgpack/msgpack-python#626</a></li> <li>update Cython to 3.1.1 by <a href="https://github.com/methane"><code>@methane</code></a> in <a href="https://redirect.github.com/msgpack/msgpack-python/pull/637">msgpack/msgpack-python#637</a></li> <li>update cibuildwheel to v2.23.3 by <a href="https://github.com/methane"><code>@methane</code></a> in <a href="https://redirect.github.com/msgpack/msgpack-python/pull/638">msgpack/msgpack-python#638</a></li> <li>upload to PyPI on create a release by <a href="https://github.com/methane"><code>@methane</code></a> in <a href="https://redirect.github.com/msgpack/msgpack-python/pull/639">msgpack/msgpack-python#639</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/edgarrmondragon"><code>@edgarrmondragon</code></a> made their first contribution in <a href="https://redirect.github.com/msgpack/msgpack-python/pull/626">msgpack/msgpack-python#626</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/msgpack/msgpack-python/compare/v1.1.0...v1.1.1">https://github.com/msgpack/msgpack-python/compare/v1.1.0...v1.1.1</a></p> <h2>v1.1.1rc1</h2> <h2>What's Changed</h2> <ul> <li>Add Python 3.13 trove classifier by <a href="https://github.com/edgarrmondragon"><code>@edgarrmondragon</code></a> in <a href="https://redirect.github.com/msgpack/msgpack-python/pull/626">msgpack/msgpack-python#626</a></li> <li>update Cython to 3.1.1 by <a href="https://github.com/methane"><code>@methane</code></a> in <a href="https://redirect.github.com/msgpack/msgpack-python/pull/637">msgpack/msgpack-python#637</a></li> <li>update cibuildwheel to v2.23.3 by <a href="https://github.com/methane"><code>@methane</code></a> in <a href="https://redirect.github.com/msgpack/msgpack-python/pull/638">msgpack/msgpack-python#638</a></li> <li>upload to PyPI on create a release by <a href="https://github.com/methane"><code>@methane</code></a> in <a href="https://redirect.github.com/msgpack/msgpack-python/pull/639">msgpack/msgpack-python#639</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/edgarrmondragon"><code>@edgarrmondragon</code></a> made their first contribution in <a href="https://redirect.github.com/msgpack/msgpack-python/pull/626">msgpack/msgpack-python#626</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/msgpack/msgpack-python/compare/v1.1.0...v1.1.1rc1">https://github.com/msgpack/msgpack-python/compare/v1.1.0...v1.1.1rc1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/msgpack/msgpack-python/blob/main/ChangeLog.rst">msgpack's changelog</a>.</em></p> <blockquote> <h1>1.1.1</h1> <p>Release Date: 2025-06-13</p> <ul> <li>No change from 1.1.1rc1.</li> </ul> <h1>1.1.1rc1</h1> <p>Release Date: 2025-06-06</p> <ul> <li>Update Cython to 3.1.1 and cibuildwheel to 2.23.3.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/msgpack/msgpack-python/commit/42f056f3cfaf2e3ec220db2f864e7613d433ad48"><code>42f056f</code></a> v1.1.1</li> <li><a href="https://github.com/msgpack/msgpack-python/commit/e6445d3b922ca0b9bc82695dd9d1c1529763095a"><code>e6445d3</code></a> v1.1.1rc1</li> <li><a href="https://github.com/msgpack/msgpack-python/commit/fe9e620a607702b31476f092ad01a387cff4cfbd"><code>fe9e620</code></a> upload to PyPI on create a release (<a href="https://redirect.github.com/msgpack/msgpack-python/issues/639">#639</a>)</li> <li><a href="https://github.com/msgpack/msgpack-python/commit/cdc764450370ff80e7c83edbe8d015f08f6fb9b3"><code>cdc7644</code></a> update cibuildwheel to v2.23.3 (<a href="https://redirect.github.com/msgpack/msgpack-python/issues/638">#638</a>)</li> <li><a href="https://github.com/msgpack/msgpack-python/commit/868aa2cd83f39237deb957c68ce7232422a5950b"><code>868aa2c</code></a> update Cython to 3.1.1 (<a href="https://redirect.github.com/msgpack/msgpack-python/issues/637">#637</a>)</li> <li><a href="https://github.com/msgpack/msgpack-python/commit/0eeabfb453844b441a4a77097b3d5aa0cb6645b6"><code>0eeabfb</code></a> Add Python 3.13 trove classifier (<a href="https://redirect.github.com/msgpack/msgpack-python/issues/626">#626</a>)</li> <li>See full diff in <a href="https://github.com/msgpack/msgpack-python/compare/v1.1.0...v1.1.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=msgpack&package-manager=pip&previous-version=1.1.0&new-version=1.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [ijson](https://github.com/ICRAR/ijson) from 3.3.0 to 3.4.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ICRAR/ijson/blob/master/CHANGELOG.md">ijson's changelog</a>.</em></p> <blockquote> <h2>[3.4.0]</h2> <ul> <li>Added support for PEP 489 multi-phase initialisation and per-module state for our C extension, allowing us to support sub-interpreters with per-interpreter GIL.</li> <li>Advertise support for free-threading python mode.</li> <li>Removed support for Python < 3.9.</li> <li>Enhanced generators so they yield all possible results to users before errors are raised (<a href="https://redirect.github.com/ICRAR/ijson/issues/123">#123</a>).</li> <li>Added <code>ijson.ALL_BACKENDS</code> constant listing all supported backends (which might or not be available at runtime).</li> <li>Added a <code>capabilities</code> constant to each backend describing which capabilities it supports.</li> <li>Exposing backend's name under <code><backend>.backend_name</code>, and default backend's name under <code>ijson.backend_name</code>. This is similar to the already existing <code>name</code> constant, only slightly better named to hopefully avoid confusion.</li> <li>Restructured source code so all code lives under <code>src/</code>, and the <code>ijson.backends._yajl2</code> extension under <code>src/ijson/backends/ext/_yajl2</code>. This allows C backend tests to actually run on cibuildwheel.</li> <li>Improved performance of <code>parse</code> routine in C backend by ~4%.</li> <li>Fixed several potential stability issues in C backend around correct error handling.</li> <li>Fixed corner-case wrong behaviour of <code>yajl2_c</code> backend, which didn't work correctly with user-provided event names.</li> <li>Pointing to our own fork of yajl (for when we build it ourselves) that contains fixes for all known CVEs (<a href="https://redirect.github.com/ICRAR/ijson/issues/126">#126</a>).</li> <li>Removed leftover compatibility bits in the C backend.</li> <li>Fixed potential issue with <code>yajl</code> and <code>yajl2</code> backends where crashes could occur at interpreter shutdown.</li> <li>Removed tox.</li> <li>Moved static project metadata to <code>pyproject.toml</code>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ICRAR/ijson/commit/36701bed11497ec5fee22239f0a8c2e4a8358e78"><code>36701be</code></a> Release ijson 3.4.0</li> <li><a href="https://github.com/ICRAR/ijson/commit/cfb044a36fc1f1f6959e7680b7e79edc6a109828"><code>cfb044a</code></a> Modernize packaging (<a href="https://redirect.github.com/ICRAR/ijson/issues/138">#138</a>)</li> <li><a href="https://github.com/ICRAR/ijson/commit/044cf9b6b97f23bb1dffc0dadab5a08f509d29f8"><code>044cf9b</code></a> Bump pypa/cibuildwheel from 2.23.2 to 2.23.3 (<a href="https://redirect.github.com/ICRAR/ijson/issues/140">#140</a>)</li> <li><a href="https://github.com/ICRAR/ijson/commit/81e24b4045b8a9cc730ba67dce2d96d0c1884e31"><code>81e24b4</code></a> Allow building embedded yajl with cmake 4.0</li> <li><a href="https://github.com/ICRAR/ijson/commit/b3f9647a54acfae7472d615303a0974dbcd6f9fa"><code>b3f9647</code></a> Bump pypa/cibuildwheel from 2.23.1 to 2.23.2 (<a href="https://redirect.github.com/ICRAR/ijson/issues/137">#137</a>)</li> <li><a href="https://github.com/ICRAR/ijson/commit/d8fd6d2ef5646b8df58b3fb76921fe9368d05533"><code>d8fd6d2</code></a> Bump pypa/cibuildwheel from 2.23.0 to 2.23.1 (<a href="https://redirect.github.com/ICRAR/ijson/issues/134">#134</a>)</li> <li><a href="https://github.com/ICRAR/ijson/commit/caebc6fa38f0aeaee1f9705975c73b8b2d248ac1"><code>caebc6f</code></a> Bump pypa/cibuildwheel from 2.22.0 to 2.23.0 (<a href="https://redirect.github.com/ICRAR/ijson/issues/133">#133</a>)</li> <li><a href="https://github.com/ICRAR/ijson/commit/698b114e7cf780f7aedde57fd79d2f10d58b8e26"><code>698b114</code></a> Downgrade to ubuntu-22.04 to avoid gcc segfault</li> <li><a href="https://github.com/ICRAR/ijson/commit/9f28dc0d54d1273dbed15fd7f4a4fcd8a62b90b0"><code>9f28dc0</code></a> Allow certain branches to trigger a full CI build</li> <li><a href="https://github.com/ICRAR/ijson/commit/901fd3b3bda1120aa60efe9b23195536e3dd8bc9"><code>901fd3b</code></a> Add custom event name interning to yajl2_c</li> <li>Additional commits viewable in <a href="https://github.com/ICRAR/ijson/compare/v3.3.0...v3.4.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ijson&package-manager=pip&previous-version=3.3.0&new-version=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [authlib](https://github.com/authlib/authlib) from 1.5.2 to 1.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/authlib/authlib/releases">authlib's releases</a>.</em></p> <blockquote> <h2>Version 1.6.0</h2> <ul> <li>Fix issue when <a href="https://datatracker.ietf.org/doc/html/rfc9207.html">RFC9207</a> is enabled and the authorization endpoint response is not a redirection. [pull request <a href="https://redirect.github.com/authlib/authlib/issues/733">#733</a>](<a href="https://redirect.github.com/authlib/authlib/pull/733">authlib/authlib#733</a>)</li> <li>Fix missing state parameter in authorization error responses. [issue <a href="https://redirect.github.com/authlib/authlib/issues/525">#525</a>](<a href="https://redirect.github.com/authlib/authlib/issues/525">authlib/authlib#525</a>)</li> <li>Support for acr and amr claims in id_token. [issue <a href="https://redirect.github.com/authlib/authlib/issues/734">#734</a>](<a href="https://redirect.github.com/authlib/authlib/issues/734">authlib/authlib#734</a>)</li> <li>Support for the none JWS algorithm.</li> <li>Fix response_types strict order during dynamic client registration. [issue <a href="https://redirect.github.com/authlib/authlib/issues/760">#760</a>](<a href="https://redirect.github.com/authlib/authlib/issues/760">authlib/authlib#760</a>)</li> <li>Implement <a href="https://datatracker.ietf.org/doc/html/rfc9101.html">RFC9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)</a>. [issue <a href="https://redirect.github.com/authlib/authlib/issues/723">#723</a>](<a href="https://redirect.github.com/authlib/authlib/issues/723">authlib/authlib#723</a>)</li> <li>OIDC <a href="https://docs.authlib.org/en/latest/specs/oidc.html#authlib.oidc.core.UserInfoEndpoint">UserInfo endpoint</a> support. [issue <a href="https://redirect.github.com/authlib/authlib/issues/459">#459</a>](<a href="https://redirect.github.com/authlib/authlib/issues/459">authlib/authlib#459</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/authlib/authlib/blob/main/docs/changelog.rst">authlib's changelog</a>.</em></p> <blockquote> <h2>Version 1.6.0</h2> <p><strong>Released on May 22, 2025</strong></p> <ul> <li>Fix issue when :rfc:<code>RFC9207 <9207></code> is enabled and the authorization endpoint response is not a redirection. :pr:<code>733</code></li> <li>Fix missing <code>state</code> parameter in authorization error responses. :issue:<code>525</code></li> <li>Support for <code>acr</code> and <code>amr</code> claims in <code>id_token</code>. :issue:<code>734</code></li> <li>Support for the <code>none</code> JWS algorithm.</li> <li>Fix <code>response_types</code> strict order during dynamic client registration. :issue:<code>760</code></li> <li>Implement :rfc:<code>RFC9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR) <9101></code>. :issue:<code>723</code></li> <li>OIDC :class:<code>UserInfo endpoint <authlib.oidc.core.userinfo.UserInfoEndpoint></code> support. :issue:<code>459</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/authlib/authlib/commit/fe87a117f941975793bf4063e9b08b90e88b230a"><code>fe87a11</code></a> chore: release version 1.6.0</li> <li><a href="https://github.com/authlib/authlib/commit/036a0b71532ada9371f0fc41f6bcd2287666bb20"><code>036a0b7</code></a> Merge pull request <a href="https://redirect.github.com/authlib/authlib/issues/774">#774</a> from azmeuk/459-userinfo</li> <li><a href="https://github.com/authlib/authlib/commit/449a1a24a42f5090f339dc60cab29ac89203e971"><code>449a1a2</code></a> feat: OIDC userinfo endpoint support</li> <li><a href="https://github.com/authlib/authlib/commit/d429c36717cfa1df8723139ca4c8d5939ed7fd73"><code>d429c36</code></a> Merge pull request <a href="https://redirect.github.com/authlib/authlib/issues/749">#749</a> from azmeuk/724-jar</li> <li><a href="https://github.com/authlib/authlib/commit/a524d23e95a1ef4e1fd0d4b4cdb0c0005cc74757"><code>a524d23</code></a> chore: move 1.7 deprecations to 1.8</li> <li><a href="https://github.com/authlib/authlib/commit/f37e60ec0cac660df3b1e4256883e77107aa5d78"><code>f37e60e</code></a> feat: implement rfc9101 JWT authorization request</li> <li><a href="https://github.com/authlib/authlib/commit/8a6c714fdbfd8ad574f51eb880590efdc6235912"><code>8a6c714</code></a> refactor: OAuth2 hook mechanism overhaul</li> <li><a href="https://github.com/authlib/authlib/commit/ff1b66bedc736a86ba596ad5d0344c5c2c2f03ad"><code>ff1b66b</code></a> refactor: extract OAuth2Payload from OAuth2Request</li> <li><a href="https://github.com/authlib/authlib/commit/98eebd14b99411235da75457a7aec21d473d448e"><code>98eebd1</code></a> refactor: remove uncovered code in OAuth2Request</li> <li><a href="https://github.com/authlib/authlib/commit/1b848e2a1e0aadc70762f4a707ab91e1b99f2300"><code>1b848e2</code></a> refactor: create_authorization_response can take an optional 'grant' arg</li> <li>Additional commits viewable in <a href="https://github.com/authlib/authlib/compare/v1.5.2...v1.6.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=authlib&package-manager=pip&previous-version=1.5.2&new-version=1.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [attrs](https://github.com/sponsors/hynek) from 24.2.0 to 25.3.0. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/sponsors/hynek/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=attrs&package-manager=pip&previous-version=24.2.0&new-version=25.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [phonenumbers](https://github.com/daviddrysdale/python-phonenumbers) from 9.0.2 to 9.0.8. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/9959754cdfca33facb25c1417c419f6f7251eb5c"><code>9959754</code></a> Prep for 9.0.8 release</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/6ffa6ffbec5297485a8a58e1d90a978bfaa595e4"><code>6ffa6ff</code></a> Generated files for metadata</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/4b028b4bd30b9d49a64feb4afb8e5a9ce136221a"><code>4b028b4</code></a> Merge metadata changes from upstream 9.0.8</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/6817dfb5ab6bb19a176c2c6bd4f5972736bd8d2f"><code>6817dfb</code></a> Prep for 9.0.7 release</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/e9a48434e2ba777bbc36d5d9f37e4a65bc00c576"><code>e9a4843</code></a> Generated files for metadata</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/8580645ba92ea2c2e0ae455b1aa2b89233881c80"><code>8580645</code></a> Merge metadata changes from upstream 9.0.7</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/e6d5f6270eae4e72c058c6b4cfa51f859ebf04b3"><code>e6d5f62</code></a> Prep for 9.0.6 release</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/e4e7dbec6c4e1d26e1b53792a221160654bef560"><code>e4e7dbe</code></a> Generated files for metadata</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/a8425e7a911e20a4bd6ee9076dcb8f463338f89d"><code>a8425e7</code></a> Merge metadata changes from upstream 9.0.6</li> <li><a href="https://github.com/daviddrysdale/python-phonenumbers/commit/e90d8ea1167ee6afa173822ce4fef0d7ac31be17"><code>e90d8ea</code></a> Prep for 9.0.5 release</li> <li>Additional commits viewable in <a href="https://github.com/daviddrysdale/python-phonenumbers/compare/v9.0.2...v9.0.8">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=phonenumbers&package-manager=pip&previous-version=9.0.2&new-version=9.0.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [typing-extensions](https://github.com/python/typing_extensions) from 4.12.2 to 4.14.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python/typing_extensions/releases">typing-extensions's releases</a>.</em></p> <blockquote> <h2>4.14.0</h2> <p>This release adds several new features, including experimental support for inline typed dictionaries (<a href="https://peps.python.org/pep-0764/">PEP 764</a>) and sentinels (<a href="https://peps.python.org/pep-0661/">PEP 661</a>), and support for changes in Python 3.14. In addition, Python 3.8 is no longer supported.</p> <p>Changes since 4.14.0rc1:</p> <ul> <li>Remove <code>__or__</code> and <code>__ror__</code> methods from <code>typing_extensions.Sentinel</code> on Python versions <3.10. PEP 604 was introduced in Python 3.10, and <code>typing_extensions</code> does not generally attempt to backport PEP-604 methods to prior versions.</li> <li>Further update <code>typing_extensions.evaluate_forward_ref</code> with changes in Python 3.14.</li> </ul> <p>Changes included in 4.14.0rc1:</p> <ul> <li>Drop support for Python 3.8 (including PyPy-3.8). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> <li>Do not attempt to re-export names that have been removed from <code>typing</code>, anticipating the removal of <code>typing.no_type_check_decorator</code> in Python 3.15. Patch by Jelle Zijlstra.</li> <li>Update <code>typing_extensions.Format</code>, <code>typing_extensions.evaluate_forward_ref</code>, and <code>typing_extensions.TypedDict</code> to align with changes in Python 3.14. Patches by Jelle Zijlstra.</li> <li>Fix tests for Python 3.14 and 3.15. Patches by Jelle Zijlstra.</li> </ul> <p>New features:</p> <ul> <li>Add support for inline typed dictionaries (<a href="https://peps.python.org/pep-0764/">PEP 764</a>). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> <li>Add <code>typing_extensions.Reader</code> and <code>typing_extensions.Writer</code>. Patch by Sebastian Rittau.</li> <li>Add support for sentinels (<a href="https://peps.python.org/pep-0661/">PEP 661</a>). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> </ul> <h2>4.14.0rc1</h2> <p>Major changes:</p> <ul> <li>Drop support for Python 3.8 (including PyPy-3.8). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> <li>Do not attempt to re-export names that have been removed from <code>typing</code>, anticipating the removal of <code>typing.no_type_check_decorator</code> in Python 3.15. Patch by Jelle Zijlstra.</li> <li>Update <code>typing_extensions.Format</code>, <code>typing_extensions.evaluate_forward_ref</code>, and <code>typing_extensions.TypedDict</code> to align with changes in Python 3.14. Patches by Jelle Zijlstra.</li> <li>Fix tests for Python 3.14 and 3.15. Patches by Jelle Zijlstra.</li> </ul> <p>New features:</p> <ul> <li>Add support for inline typed dictionaries (<a href="https://peps.python.org/pep-0764/">PEP 764</a>). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> <li>Add <code>typing_extensions.Reader</code> and <code>typing_extensions.Writer</code>. Patch by Sebastian Rittau.</li> <li>Add support for sentinels (<a href="https://peps.python.org/pep-0661/">PEP 661</a>). Patch by</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python/typing_extensions/blob/main/CHANGELOG.md">typing-extensions's changelog</a>.</em></p> <blockquote> <h1>Release 4.14.0 (June 2, 2025)</h1> <p>Changes since 4.14.0rc1:</p> <ul> <li>Remove <code>__or__</code> and <code>__ror__</code> methods from <code>typing_extensions.Sentinel</code> on Python versions <3.10. PEP 604 was introduced in Python 3.10, and <code>typing_extensions</code> does not generally attempt to backport PEP-604 methods to prior versions.</li> <li>Further update <code>typing_extensions.evaluate_forward_ref</code> with changes in Python 3.14.</li> </ul> <h1>Release 4.14.0rc1 (May 24, 2025)</h1> <ul> <li>Drop support for Python 3.8 (including PyPy-3.8). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> <li>Do not attempt to re-export names that have been removed from <code>typing</code>, anticipating the removal of <code>typing.no_type_check_decorator</code> in Python 3.15. Patch by Jelle Zijlstra.</li> <li>Update <code>typing_extensions.Format</code>, <code>typing_extensions.evaluate_forward_ref</code>, and <code>typing_extensions.TypedDict</code> to align with changes in Python 3.14. Patches by Jelle Zijlstra.</li> <li>Fix tests for Python 3.14 and 3.15. Patches by Jelle Zijlstra.</li> </ul> <p>New features:</p> <ul> <li>Add support for inline typed dictionaries (<a href="https://peps.python.org/pep-0764/">PEP 764</a>). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> <li>Add <code>typing_extensions.Reader</code> and <code>typing_extensions.Writer</code>. Patch by Sebastian Rittau.</li> <li>Add support for sentinels (<a href="https://peps.python.org/pep-0661/">PEP 661</a>). Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> </ul> <h1>Release 4.13.2 (April 10, 2025)</h1> <ul> <li>Fix <code>TypeError</code> when taking the union of <code>typing_extensions.TypeAliasType</code> and a <code>typing.TypeAliasType</code> on Python 3.12 and 3.13. Patch by <a href="https://github.com/jorenham">Joren Hammudoglu</a>.</li> <li>Backport from CPython PR <a href="https://redirect.github.com/python/cpython/pull/132160">#132160</a> to avoid having user arguments shadowed in generated <code>__new__</code> by <code>@typing_extensions.deprecated</code>. Patch by <a href="https://github.com/Viicos">Victorien Plot</a>.</li> </ul> <h1>Release 4.13.1 (April 3, 2025)</h1> <p>Bugfixes:</p> <ul> <li>Fix regression in 4.13.0 on Python 3.10.2 causing a <code>TypeError</code> when using <code>Concatenate</code>. Patch by <a href="https://github.com/Daraan">Daraan</a>.</li> <li>Fix <code>TypeError</code> when using <code>evaluate_forward_ref</code> on Python 3.10.1-2 and 3.9.8-10. Patch by <a href="https://github.com/Daraan">Daraan</a>.</li> </ul> <h1>Release 4.13.0 (March 25, 2025)</h1>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python/typing_extensions/commit/b07d24525615ba9377e47aaf5a26650a2517b2c4"><code>b07d245</code></a> Prepare release 4.14.0 (<a href="https://redirect.github.com/python/typing_extensions/issues/612">#612</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/fcf5265b3040337db1cfd6b786648a8ed0aeb0bf"><code>fcf5265</code></a> Backport evaluate_forward_ref() changes (<a href="https://redirect.github.com/python/typing_extensions/issues/611">#611</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/fadc1edbcfd942074007875007870c1df6acd4d0"><code>fadc1ed</code></a> Remove PEP-604 methods from <code>Sentinel</code> on Python <3.10 (<a href="https://redirect.github.com/python/typing_extensions/issues/605">#605</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/44de568f73a93f29e52c2fc2d5f149305a4a3bae"><code>44de568</code></a> Add 3.14 to project classifiers and tox.ini (<a href="https://redirect.github.com/python/typing_extensions/issues/604">#604</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/36cc47605804318bf40ee26d765de2070741c25c"><code>36cc476</code></a> Prepare release 4.14.0rc1 (<a href="https://redirect.github.com/python/typing_extensions/issues/603">#603</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/ec1876c65000ac86faade29552245178918a7a69"><code>ec1876c</code></a> More fixes for 3.14 and 3.15 (<a href="https://redirect.github.com/python/typing_extensions/issues/602">#602</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/e89d789104978ba0f3abdb52b1592aa28fedd00f"><code>e89d789</code></a> Update <code>_caller()</code> implementation (<a href="https://redirect.github.com/python/typing_extensions/issues/598">#598</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/34bfd8423a22797619b14aa622ac0be82f6bf50d"><code>34bfd84</code></a> third party: fix typeguard (<a href="https://redirect.github.com/python/typing_extensions/issues/600">#600</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/479dae13d084c070301aa91265d1af278b181457"><code>479dae1</code></a> Add support for sentinels (PEP 661) (<a href="https://redirect.github.com/python/typing_extensions/issues/594">#594</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/f74a56a725e8d60727fccbeebe0dd71037bdf4bb"><code>f74a56a</code></a> Update PEP 649/749 implementation (<a href="https://redirect.github.com/python/typing_extensions/issues/596">#596</a>)</li> <li>Additional commits viewable in <a href="https://github.com/python/typing_extensions/compare/4.12.2...4.14.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=typing-extensions&package-manager=pip&previous-version=4.12.2&new-version=4.14.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [setuptools-rust](https://github.com/PyO3/setuptools-rust) from 1.10.2 to 1.11.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/PyO3/setuptools-rust/releases">setuptools-rust's releases</a>.</em></p> <blockquote> <h2>v1.11.1</h2> <h3>Fixed</h3> <ul> <li>Fix finding cargo artifacts when filenames are empty. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/521">#521</a></li> </ul> <h2>v1.11.0</h2> <h3>Packaging</h3> <ul> <li>Drop support for Python 3.8. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/479">#479</a></li> <li>Support free-threaded Python. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/502">#502</a></li> <li>Support adding custom env vars. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/504">#504</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/PyO3/setuptools-rust/blob/main/CHANGELOG.md">setuptools-rust's changelog</a>.</em></p> <blockquote> <h2>1.11.1 (2025-04-04)</h2> <h3>Fixed</h3> <ul> <li>Fix finding cargo artifacts when filenames are empty. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/521">#521</a></li> </ul> <h2>1.11.0 (2025-03-14)</h2> <h3>Packaging</h3> <ul> <li>Drop support for Python 3.8. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/479">#479</a></li> <li>Support free-threaded Python. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/502">#502</a></li> <li>Support adding custom env vars. <a href="https://redirect.github.com/PyO3/setuptools-rust/pull/504">#504</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PyO3/setuptools-rust/commit/cc5c23399393f04197d6e6ec92648c1f504d8deb"><code>cc5c233</code></a> release: 1.11.1 (<a href="https://redirect.github.com/PyO3/setuptools-rust/issues/529">#529</a>)</li> <li><a href="https://github.com/PyO3/setuptools-rust/commit/faa610deef49fb5c563f1624544908c0160aee6f"><code>faa610d</code></a> Fix finding cargo artifacts when <code>filenames</code> are empty (<a href="https://redirect.github.com/PyO3/setuptools-rust/issues/521">#521</a>)</li> <li><a href="https://github.com/PyO3/setuptools-rust/commit/a766bd503f8f0466d7bb4f034ed5dafab501d254"><code>a766bd5</code></a> use <code>SETUPTOOLS_RUST_CARGO_PROFILE=dev</code> for main matrix, document it (<a href="https://redirect.github.com/PyO3/setuptools-rust/issues/527">#527</a>)</li> <li><a href="https://github.com/PyO3/setuptools-rust/commit/229c49298456ed5ef7a105c452f6098bc1ca0159"><code>229c492</code></a> build(deps): bump the deps group across 5 directories with 1 update (<a href="https://redirect.github.com/PyO3/setuptools-rust/issues/522">#522</a>)</li> <li><a href="https://github.com/PyO3/setuptools-rust/commit/4141b0b4c81e5f762ad77d345f6f8fd63983674c"><code>4141b0b</code></a> build(deps): bump pypa/cibuildwheel from 2.22.0 to 2.23.2 (<a href="https://redirect.github.com/PyO3/setuptools-rust/issues/523">#523</a>)</li> <li><a href="https://github.com/PyO3/setuptools-rust/commit/fc4d72c6b925c86d627242be56532556525c123d"><code>fc4d72c</code></a> build(deps): bump pyo3 in /examples/hello-world-setuppy (<a href="https://redirect.github.com/PyO3/setuptools-rust/issues/524">#524</a>)</li> <li><a href="https://github.com/PyO3/setuptools-rust/commit/f20ba9c69c7652a4591fb8d55b7e715bf13eac7f"><code>f20ba9c</code></a> replace quansight-labs/setup-python with actions/setup-python (<a href="https://redirect.github.com/PyO3/setuptools-rust/issues/520">#520</a>)</li> <li><a href="https://github.com/PyO3/setuptools-rust/commit/1054e1c64518822c496ebd76ab0323e2d24936ff"><code>1054e1c</code></a> release: 1.11.0 (<a href="https://redirect.github.com/PyO3/setuptools-rust/issues/518">#518</a>)</li> <li><a href="https://github.com/PyO3/setuptools-rust/commit/d6817d765e9fc04305604d0c32901138fb2f106d"><code>d6817d7</code></a> Support adding custom env vars (<a href="https://redirect.github.com/PyO3/setuptools-rust/issues/504">#504</a>)</li> <li><a href="https://github.com/PyO3/setuptools-rust/commit/17980efa987f3a37526ece92b4b7d02494ed21e2"><code>17980ef</code></a> build(deps): bump the deps group across 3 directories with 1 update (<a href="https://redirect.github.com/PyO3/setuptools-rust/issues/516">#516</a>)</li> <li>Additional commits viewable in <a href="https://github.com/PyO3/setuptools-rust/compare/v1.10.2...v1.11.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=setuptools-rust&package-manager=pip&previous-version=1.10.2&new-version=1.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [ruff](https://github.com/astral-sh/ruff) from 0.12.1 to 0.12.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/releases">ruff's releases</a>.</em></p> <blockquote> <h2>0.12.2</h2> <h2>Release Notes</h2> <h3>Preview features</h3> <ul> <li>[<code>flake8-pyi</code>] Expand <code>Optional[A]</code> to <code>A | None</code> (<code>PYI016</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18572">#18572</a>)</li> <li>[<code>pyupgrade</code>] Mark <code>UP008</code> fix safe if no comments are in range (<a href="https://redirect.github.com/astral-sh/ruff/pull/18683">#18683</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>[<code>flake8-comprehensions</code>] Fix <code>C420</code> to prepend whitespace when needed (<a href="https://redirect.github.com/astral-sh/ruff/pull/18616">#18616</a>)</li> <li>[<code>perflint</code>] Fix <code>PERF403</code> panic on attribute or subscription loop variable (<a href="https://redirect.github.com/astral-sh/ruff/pull/19042">#19042</a>)</li> <li>[<code>pydocstyle</code>] Fix <code>D413</code> infinite loop for parenthesized docstring (<a href="https://redirect.github.com/astral-sh/ruff/pull/18930">#18930</a>)</li> <li>[<code>pylint</code>] Fix <code>PLW0108</code> autofix introducing a syntax error when the lambda's body contains an assignment expression (<a href="https://redirect.github.com/astral-sh/ruff/pull/18678">#18678</a>)</li> <li>[<code>refurb</code>] Fix false positive on empty tuples (<code>FURB168</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19058">#19058</a>)</li> <li>[<code>ruff</code>] Allow more <code>field</code> calls from <code>attrs</code> (<code>RUF009</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19021">#19021</a>)</li> <li>[<code>ruff</code>] Fix syntax error introduced for an empty string followed by a u-prefixed string (<code>UP025</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18899">#18899</a>)</li> </ul> <h3>Rule changes</h3> <ul> <li>[<code>flake8-executable</code>] Allow <code>uvx</code> in shebang line (<code>EXE003</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18967">#18967</a>)</li> <li>[<code>pandas</code>] Avoid flagging <code>PD002</code> if <code>pandas</code> is not imported (<a href="https://redirect.github.com/astral-sh/ruff/pull/18963">#18963</a>)</li> <li>[<code>pyupgrade</code>] Avoid PEP-604 unions with <code>typing.NamedTuple</code> (<code>UP007</code>, <code>UP045</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18682">#18682</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>Document link between <code>import-outside-top-level (PLC0415)</code> and <code>lint.flake8-tidy-imports.banned-module-level-imports</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18733">#18733</a>)</li> <li>Fix description of the <code>format.skip-magic-trailing-comma</code> example (<a href="https://redirect.github.com/astral-sh/ruff/pull/19095">#19095</a>)</li> <li>[<code>airflow</code>] Make <code>AIR302</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18988">#18988</a>)</li> <li>[<code>airflow</code>] Make <code>AIR312</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18989">#18989</a>)</li> <li>[<code>flake8-annotations</code>] Make <code>ANN401</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18974">#18974</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC100</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18993">#18993</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC105</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19002">#19002</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC110</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18975">#18975</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC210</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18977">#18977</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC220</code>, <code>ASYNC221</code>, and <code>ASYNC222</code> examples error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18978">#18978</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC251</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18990">#18990</a>)</li> <li>[<code>flake8-bandit</code>] Make <code>S201</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19017">#19017</a>)</li> <li>[<code>flake8-bandit</code>] Make <code>S604</code> and <code>S609</code> examples error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19049">#19049</a>)</li> <li>[<code>flake8-bugbear</code>] Make <code>B028</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19054">#19054</a>)</li> <li>[<code>flake8-bugbear</code>] Make <code>B911</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19051">#19051</a>)</li> <li>[<code>flake8-datetimez</code>] Make <code>DTZ011</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19055">#19055</a>)</li> <li>[<code>flake8-datetimez</code>] Make <code>DTZ901</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19056">#19056</a>)</li> <li>[<code>flake8-pyi</code>] Make <code>PYI032</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19061">#19061</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI014</code>, <code>PYI015</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19097">#19097</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI042</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19101">#19101</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI059</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19080">#19080</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI062</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19079">#19079</a>)</li> <li>[<code>flake8-pytest-style</code>] Make example error out-of-the-box (<code>PT023</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19104">#19104</a>)</li> <li>[<code>flake8-pytest-style</code>] Make example error out-of-the-box (<code>PT030</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19105">#19105</a>)</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's changelog</a>.</em></p> <blockquote> <h2>0.12.2</h2> <h3>Preview features</h3> <ul> <li>[<code>flake8-pyi</code>] Expand <code>Optional[A]</code> to <code>A | None</code> (<code>PYI016</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18572">#18572</a>)</li> <li>[<code>pyupgrade</code>] Mark <code>UP008</code> fix safe if no comments are in range (<a href="https://redirect.github.com/astral-sh/ruff/pull/18683">#18683</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>[<code>flake8-comprehensions</code>] Fix <code>C420</code> to prepend whitespace when needed (<a href="https://redirect.github.com/astral-sh/ruff/pull/18616">#18616</a>)</li> <li>[<code>perflint</code>] Fix <code>PERF403</code> panic on attribute or subscription loop variable (<a href="https://redirect.github.com/astral-sh/ruff/pull/19042">#19042</a>)</li> <li>[<code>pydocstyle</code>] Fix <code>D413</code> infinite loop for parenthesized docstring (<a href="https://redirect.github.com/astral-sh/ruff/pull/18930">#18930</a>)</li> <li>[<code>pylint</code>] Fix <code>PLW0108</code> autofix introducing a syntax error when the lambda's body contains an assignment expression (<a href="https://redirect.github.com/astral-sh/ruff/pull/18678">#18678</a>)</li> <li>[<code>refurb</code>] Fix false positive on empty tuples (<code>FURB168</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19058">#19058</a>)</li> <li>[<code>ruff</code>] Allow more <code>field</code> calls from <code>attrs</code> (<code>RUF009</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19021">#19021</a>)</li> <li>[<code>ruff</code>] Fix syntax error introduced for an empty string followed by a u-prefixed string (<code>UP025</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18899">#18899</a>)</li> </ul> <h3>Rule changes</h3> <ul> <li>[<code>flake8-executable</code>] Allow <code>uvx</code> in shebang line (<code>EXE003</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18967">#18967</a>)</li> <li>[<code>pandas</code>] Avoid flagging <code>PD002</code> if <code>pandas</code> is not imported (<a href="https://redirect.github.com/astral-sh/ruff/pull/18963">#18963</a>)</li> <li>[<code>pyupgrade</code>] Avoid PEP-604 unions with <code>typing.NamedTuple</code> (<code>UP007</code>, <code>UP045</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/18682">#18682</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>Document link between <code>import-outside-top-level (PLC0415)</code> and <code>lint.flake8-tidy-imports.banned-module-level-imports</code> (<a href="https://redirect.github.com/astral-sh/ruff/pull/18733">#18733</a>)</li> <li>Fix description of the <code>format.skip-magic-trailing-comma</code> example (<a href="https://redirect.github.com/astral-sh/ruff/pull/19095">#19095</a>)</li> <li>[<code>airflow</code>] Make <code>AIR302</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18988">#18988</a>)</li> <li>[<code>airflow</code>] Make <code>AIR312</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18989">#18989</a>)</li> <li>[<code>flake8-annotations</code>] Make <code>ANN401</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18974">#18974</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC100</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18993">#18993</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC105</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19002">#19002</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC110</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18975">#18975</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC210</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18977">#18977</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC220</code>, <code>ASYNC221</code>, and <code>ASYNC222</code> examples error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18978">#18978</a>)</li> <li>[<code>flake8-async</code>] Make <code>ASYNC251</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/18990">#18990</a>)</li> <li>[<code>flake8-bandit</code>] Make <code>S201</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19017">#19017</a>)</li> <li>[<code>flake8-bandit</code>] Make <code>S604</code> and <code>S609</code> examples error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19049">#19049</a>)</li> <li>[<code>flake8-bugbear</code>] Make <code>B028</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19054">#19054</a>)</li> <li>[<code>flake8-bugbear</code>] Make <code>B911</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19051">#19051</a>)</li> <li>[<code>flake8-datetimez</code>] Make <code>DTZ011</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19055">#19055</a>)</li> <li>[<code>flake8-datetimez</code>] Make <code>DTZ901</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19056">#19056</a>)</li> <li>[<code>flake8-pyi</code>] Make <code>PYI032</code> example error out-of-the-box (<a href="https://redirect.github.com/astral-sh/ruff/pull/19061">#19061</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI014</code>, <code>PYI015</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19097">#19097</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI042</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19101">#19101</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI059</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19080">#19080</a>)</li> <li>[<code>flake8-pyi</code>] Make example error out-of-the-box (<code>PYI062</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19079">#19079</a>)</li> <li>[<code>flake8-pytest-style</code>] Make example error out-of-the-box (<code>PT023</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19104">#19104</a>)</li> <li>[<code>flake8-pytest-style</code>] Make example error out-of-the-box (<code>PT030</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19105">#19105</a>)</li> <li>[<code>flake8-quotes</code>] Make example error out-of-the-box (<code>Q003</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/19106">#19106</a>)</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/astral-sh/ruff/commit/9bee8376a17401f9736b45fdefffb62edc2f1668"><code>9bee837</code></a> Bump 0.12.2 (<a href="https://redirect.github.com/astral-sh/ruff/issues/19126">#19126</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/1c6717b149ddfbcd4aa0aee2e160320474392da9"><code>1c6717b</code></a> Filter private symbols from stubs if they are internal types (<a href="https://redirect.github.com/astral-sh/ruff/issues/19121">#19121</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/1b813cd5f1933ab05ba7b96ace798199429c0bd6"><code>1b813cd</code></a> Fix description of the <code>format.skip-magic-trailing-comma</code> example (<a href="https://redirect.github.com/astral-sh/ruff/issues/19095">#19095</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/b00f68a23cedbd3a38fc25bac63638f0f11fc3f0"><code>b00f68a</code></a> [<code>ruff</code>] Allow more <code>field</code> calls from <code>attrs</code> (<code>RUF009</code>) (<a href="https://redirect.github.com/astral-sh/ruff/issues/19021">#19021</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/710c60f7135879b05f6c05a34085cd7af5c19e7f"><code>710c60f</code></a> [<code>flake8-pytest-style</code>] Make example error out-of-the-box (<code>PT023</code>) (<a href="https://redirect.github.com/astral-sh/ruff/issues/19104">#19104</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/811e25d16e22ca4ce124d9514232211c9a0b27a1"><code>811e25d</code></a> [<code>flake8-pytest-style</code>] Make example error out-of-the-box (<code>PT030</code>) (<a href="https://redirect.github.com/astral-sh/ruff/issues/19105">#19105</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/b78af2db4822dc55acbfb1024b30e69fe0262311"><code>b78af2d</code></a> [<code>flake8-quotes</code>] Make example error out-of-the-box (<code>Q003</code>) (<a href="https://redirect.github.com/astral-sh/ruff/issues/19106">#19106</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/4f36f0677f09b0ed1ba20f583b6f017c4f7d26c8"><code>4f36f06</code></a> Document link between <code>import-outside-top-level (PLC0415)</code> and `lint.flake8-t...</li> <li><a href="https://github.com/astral-sh/ruff/commit/2589a2938ee58a1ff1b54a9558807ecb000ccca3"><code>2589a29</code></a> [<code>flake8-simplify</code>] Make example error out-of-the-box (<code>SIM113</code>) (<a href="https://redirect.github.com/astral-sh/ruff/issues/19109">#19109</a>)</li> <li><a href="https://github.com/astral-sh/ruff/commit/26bb8f7b7189558520bb386867579768b5a17347"><code>26bb8f7</code></a> [<code>flake8-simplify</code>] Make example error out-of-the-box (<code>SIM401</code>) (<a href="https://redirect.github.com/astral-sh/ruff/issues/19110">#19110</a>)</li> <li>Additional commits viewable in <a href="https://github.com/astral-sh/ruff/compare/0.12.1...0.12.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ruff&package-manager=pip&previous-version=0.12.1&new-version=0.12.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [types-psycopg2](https://github.com/typeshed-internal/stub_uploader) from 2.9.21.20250318 to 2.9.21.20250516. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/typeshed-internal/stub_uploader/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=types-psycopg2&package-manager=pip&previous-version=2.9.21.20250318&new-version=2.9.21.20250516)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.46.0 to 1.46.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/tokio/releases">tokio's releases</a>.</em></p> <blockquote> <h2>Tokio v1.46.1</h2> <h1>1.46.1 (July 4th, 2025)</h1> <p>This release fixes incorrect spawn locations in runtime task hooks for tasks spawned using <code>tokio::spawn</code> rather than <code>Runtime::spawn</code>. This issue only effected the spawn location in <code>TaskMeta::spawned_at</code>, and did not effect task locations in Tracing events.</p> <h2>Unstable</h2> <ul> <li>runtime: add <code>TaskMeta::spawn_location</code> tracking where a task was spawned (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7440">#7440</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/tokio/issues/7440">#7440</a>: <a href="https://redirect.github.com/tokio-rs/tokio/pull/7440">tokio-rs/tokio#7440</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tokio-rs/tokio/commit/ab3ff69cf2258a8c696b2dca89a2cef4ff114c1c"><code>ab3ff69</code></a> chore: prepare to release v1.46.1 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7444">#7444</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/a0d5b8ab308bbeaa8090d411550d6c887d699096"><code>a0d5b8a</code></a> runtime(unstable): fix task hook spawn locations for <code>tokio::spawn</code> (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7440">#7440</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/a1ee3ef218894f2441b5719812ab218ae0539c8d"><code>a1ee3ef</code></a> chore: fix some minor typos in the comments (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7442">#7442</a>)</li> <li><a href="https://github.com/tokio-rs/tokio/commit/171cd148a37da40dcbb8b06bf2c67634b2ba1f87"><code>171cd14</code></a> changelog: fix typo in <code>pipe::OpenOptions</code> for 1.46.0 (<a href="https://redirect.github.com/tokio-rs/tokio/issues/7439">#7439</a>)</li> <li>See full diff in <a href="https://github.com/tokio-rs/tokio/compare/tokio-1.46.0...tokio-1.46.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tokio&package-manager=cargo&previous-version=1.46.0&new-version=1.46.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [typing-extensions](https://github.com/python/typing_extensions) from 4.14.0 to 4.14.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python/typing_extensions/releases">typing-extensions's releases</a>.</em></p> <blockquote> <h2>4.14.1</h2> <h1>Release 4.14.1 (July 4, 2025)</h1> <ul> <li>Fix usage of <code>typing_extensions.TypedDict</code> nested inside other types (e.g., <code>typing.Type[typing_extensions.TypedDict]</code>). This is not allowed by the type system but worked on older versions, so we maintain support.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python/typing_extensions/blob/main/CHANGELOG.md">typing-extensions's changelog</a>.</em></p> <blockquote> <h1>Release 4.14.1 (July 4, 2025)</h1> <ul> <li>Fix usage of <code>typing_extensions.TypedDict</code> nested inside other types (e.g., <code>typing.Type[typing_extensions.TypedDict]</code>). This is not allowed by the type system but worked on older versions, so we maintain support.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python/typing_extensions/commit/42027aba3558c9d9133a90bca17f6fecaecc48d8"><code>42027ab</code></a> Prepare release 4.14.1 (<a href="https://redirect.github.com/python/typing_extensions/issues/620">#620</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/59d2c20858ac527516ebad5a89c05af514dac94a"><code>59d2c20</code></a> Fix off by one in pickle protocol tests (<a href="https://redirect.github.com/python/typing_extensions/issues/618">#618</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/40e22ebb2ca5747eaa9405b152c43a294ac3af37"><code>40e22eb</code></a> Do not use slots for <code>_TypedDictSpecialForm</code> (<a href="https://redirect.github.com/python/typing_extensions/issues/616">#616</a>)</li> <li><a href="https://github.com/python/typing_extensions/commit/d17c456d367e88adee4a4e3bef48f81f7e2df473"><code>d17c456</code></a> allow TypedDict as a type argument (<a href="https://redirect.github.com/python/typing_extensions/issues/614">#614</a>)</li> <li>See full diff in <a href="https://github.com/python/typing_extensions/compare/4.14.0...4.14.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=typing-extensions&package-manager=pip&previous-version=4.14.0&new-version=4.14.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

This splits the building of docker images in 2 jobs, one for each platform, using the native ARM runners for arm64. The tricky part here is to get back a nice multi-arch manifest. Previously, you'd do that by pushing each platform image in two distinct tags, then referencing them in a multi-arch manifest. Nowadays, it's possible to push images by their digest only, then creating the manifest for those pushed digests separately This is inspired by the Docker docs on how to distribute multi-platform image builds: https://docs.docker.com/build/ci/github-actions/multi-platform/#distribute-build-across-multiple-runners `ghcr.io/element-hq/synapse:sha-c733dd6` is an example image that got built by this workflow (there is a temporary sha-* tag on workflow_dispatch runs to help trying out the workflow) I also had to make sure we sign the manifests correctly: ``` $ cosign verify --certificate-oidc-issuer https://token.actions.githubusercontent.com --certificate-identity-regexp 'https://github.com/element-hq/synapse/.github/workflows/docker.yml@.*' ghcr.io/element-hq/synapse:sha-c733dd6 Verification for ghcr.io/element-hq/synapse:sha-c733dd6 -- The following checks were performed on each of these signatures: - The cosign claims were validated - Existence of the claims in the transparency log was verified offline - The code-signing certificate was verified using trusted certificate authority certificates ``` And the numbers aaaaare 🥁 - [before](https://github.com/element-hq/synapse/actions/runs/16118229296/job/45477093703): 30 minutes - [after](https://github.com/element-hq/synapse/actions/runs/16021743575): 4 minutes --------- Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>

This takes down the CI time to build wheels from 50 minutes to <10 minutes. **It also fixes macOS ARM builds, and includes more ARM builds in general** (we were ignoring pypy and musl before). This doesn't cost much for us to do this, reasons for not doing this is 1. space on PyPI and 2. keeping them 'officially' supported? This is the list of wheels this built (`+` are the ones added): ```diff matrix_synapse-1.133.0-cp39-abi3-macosx_10_9_x86_64.whl + matrix_synapse-1.133.0-cp39-abi3-macosx_11_0_arm64.whl matrix_synapse-1.133.0-cp39-abi3-manylinux_2_28_aarch64.whl matrix_synapse-1.133.0-cp39-abi3-manylinux_2_28_x86_64.whl + matrix_synapse-1.133.0-cp39-abi3-musllinux_1_2_aarch64.whl matrix_synapse-1.133.0-cp39-abi3-musllinux_1_2_x86_64.whl matrix_synapse-1.133.0-pp310-pypy310_pp73-macosx_10_15_x86_64.whl + matrix_synapse-1.133.0-pp310-pypy310_pp73-macosx_11_0_arm64.whl + matrix_synapse-1.133.0-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl matrix_synapse-1.133.0-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl matrix_synapse-1.133.0-pp311-pypy311_pp73-macosx_10_15_x86_64.whl + matrix_synapse-1.133.0-pp311-pypy311_pp73-macosx_11_0_arm64.whl + matrix_synapse-1.133.0-pp311-pypy311_pp73-manylinux_2_28_aarch64.whl matrix_synapse-1.133.0-pp311-pypy311_pp73-manylinux_2_28_x86_64.whl ``` And the numbers aaaaare 🥁 - [before](https://github.com/element-hq/synapse/actions/runs/16072488018): 54 minutes - [after](https://github.com/element-hq/synapse/actions/runs/16004034949?pr=18618): 10 minutes **Revert [e43b0f9](element-hq/synapse@e43b0f9) before merging**

This was causing some kind of massive test failures that appeared to branch from the auth handler

jason-famedly · 2025-07-21T16:36:00Z

After many test runs with failing unit tests(which seemed to center around 'auth' related mechanisms), reducing the Twisted trial runners from nproc * 3 to * 2 seemed to reduce the load on the Github runners and allowed the tests to finish.

2 original runs: https://github.com/famedly/synapse/actions/runs/16417924839
First run that did not fail the trials: https://github.com/famedly/synapse/actions/runs/16420188979
Second run that did not fail the trials: https://github.com/famedly/synapse/actions/runs/16421808097

The Complement failure on all of them appears to be because of a new feature being tested that will not appear in Synapse until v1.135.0, element-hq/synapse#18195

The sytest failure appears to be the same or at least related to the redis failures that are known flakes. This time they appeared on:

server-1/pusher.log
server-1/background_worker.log
server-1/appservice.log
server-1/user_dir.log
server-1/federation_sender.log

But without the "Timed out waiting for repl stream" part. As these are not stream writers, they will probably not show this same error message. I will re-run the test to make certain it does not happen repetitively

EDIT: Alright, this one is better: https://github.com/famedly/synapse/actions/runs/16421808097 with just the known complement failures spoken about above.

dependabot Bot and others added 30 commits June 24, 2025 17:30

Bump types-opentracing from 2.4.10.6 to 2.4.10.20250622 (#18586)

6fabf82

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump reqwest from 0.12.15 to 0.12.20 (#18590)

62b5b0b

Bump docker/setup-buildx-action from 3.10.0 to 3.11.1 (#18587)

ec13ed4

Bump sigstore/cosign-installer from 3.8.2 to 3.9.0 (#18588)

99474e7

Bump urllib3 from 2.2.2 to 2.5.0 (#18572)

3807fd4

Bump pyasn1-modules from 0.4.1 to 0.4.2 (#18495)

2f21b27

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump docker/build-push-action from 6.17.0 to 6.18.0 (#18497)

b088194

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bump base64 from 0.21.7 to 0.22.1 (#18589)

b139647

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Add federated_user_may_invite spam checker callback (#18241)

434e389

Co-authored-by: Sebastian Spaeth <Sebastian@SSpaeth.de> Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>

Fix backwards compat for DirectServeJsonResource (#18600)

de29c13

As that appears in the module API. Broke in #18595.

Add forget_forced_upon_leave capability as per MSC4267 (#18196)

db710cf

This adds the capability from matrix-org/matrix-spec-proposals#4267 under an experimental feature. Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>

Improve docstring on simple_upsert_many. (#18573)

8afea3d

It came up that this was somewhat confusing and an example might help. So here's an example :) --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>

Skip processing policy server events through policy server (#18605)

b35c648

Co-authored-by: Andrew Morgan <andrew@amorgan.xyz>

Speed up device deletion (#18602)

3878699

This is to handle the case of deleting lots of "bot" devices at once. Reviewable commit-by-commit --------- Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>

Stop sending or processing the origin field in PDUs (#18418)

2918800

Co-authored-by: Quentin Gliech <quenting@element.io> Co-authored-by: Eric Eastwood <erice@element.io>

Merge branch 'master' into develop

24bcdb3

Fix documentation of the Delete Room Admin API's status field. (#18519)

c17fd94

Fixes: #18502 --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>

Log the room ID we're purging state for (#18625)

cc8da2c

So we can see what we're deleting.

anoadragon453 and others added 20 commits July 3, 2025 11:12

Replace PyICU with Rust icu_segmenter crate (#18553)

be4c95b

Co-authored-by: anoa's Codex Agent <codex@amorgan.xyz> Co-authored-by: Quentin Gliech <quenting@element.io>

Update Cargo.lock (#18646)

a06d5ce

Add .zed/ to .gitignore (#18623)

b8ad9bf

1.134.0rc1

5c2765b

1.134.0

60be549

jason-famedly changed the title ~~Famedly release/v1.134~~ Famedly release v1.134.0_1 Jul 21, 2025

jason-famedly added 2 commits July 21, 2025 10:53

Famedly v1.134

03b9815

Reduce trial test runners to *2 from *3 of nproc

d5e5e3b

This was causing some kind of massive test failures that appeared to branch from the auth handler

jason-famedly force-pushed the famedly-release/v1.134 branch from 67406f3 to d5e5e3b Compare July 21, 2025 15:53

jason-famedly marked this pull request as ready for review July 21, 2025 17:06

jason-famedly requested a review from a team as a code owner July 21, 2025 17:06

itsoyou approved these changes Jul 22, 2025

View reviewed changes

jason-famedly merged commit d5e5e3b into master Jul 22, 2025
68 of 86 checks passed

jason-famedly deleted the famedly-release/v1.134 branch July 22, 2025 10:25

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Famedly release v1.134.0_1#70

Famedly release v1.134.0_1#70
jason-famedly merged 66 commits into
masterfrom
famedly-release/v1.134

jason-famedly commented Jul 21, 2025 •

edited

Loading

Uh oh!

jason-famedly commented Jul 21, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

14 participants

Conversation

jason-famedly commented Jul 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

New version of Synapse

v1.133.0_1 -> v1.134.0_1

Notes:

Famedly additions since last release:

Uh oh!

jason-famedly commented Jul 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

14 participants

jason-famedly commented Jul 21, 2025 •

edited

Loading

`v1.133.0_1` -> `v1.134.0_1`

jason-famedly commented Jul 21, 2025 •

edited

Loading