build(deps): bump ruff from 0.15.0 to 0.15.8#20776
build(deps): bump ruff from 0.15.0 to 0.15.8#20776dependabot[bot] wants to merge 3 commits intomainfrom
Conversation
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.15.0 to 0.15.8. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.15.0...0.15.8) --- updated-dependencies: - dependency-name: ruff dependency-version: 0.15.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
Changed
dependabot
bot
added
dependencies
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
🤖 Cursor Dependency AnalysisSupply-Chain Malware ReviewVerifying the lockfile and dependency declaration for consistency. Verdict: benign Evidence
Actionable note: Treat scanner Unicode/confusable hits on upstream ruff source as noise for this bump unless you see similar patterns in first-party files outside known upstream paths. No supply-chain red flags warrant blocking this update on malware grounds. Compatibility AnalysisSearching the repository for ruff usage and reviewing dependency configuration. 1) Where
|
| Location | Role |
|---|---|
pyproject.toml |
Optional dev dependency: ruff = { version = ">=0.8.1", optional = true } in the dev extra |
poetry.lock |
Locked version for installs with --extras dev / dev envs |
ruff.toml |
Project config: line-length = 120, [lint] preview = true, select = ["ALL"], large ignore list |
.pre-commit-config.yaml |
Local hooks: ./activated.py ruff format and ./activated.py ruff check --fix |
.github/workflows/upload-pypi-source.yml |
CI: ruff format --check --diff . |
There is no application/runtime use: no import ruff under chia/ (only vendored .upstream-dependency fixtures).
2) Overlap with upstream changes (0.15.0 → 0.15.8)
- Python API: Not applicable; chia does not call the
ruffpackage as a library. - CLI / config: You only rely on
ruff check,ruff format, andruff.toml/ discovery. Upstream changes (e.g.analyze graph, ruff server Markdown warning, IPython parsing) are outside your normal pre-commit andruff format --checkpaths. - Rules called out in the release notes: Items like S603, S607, FURB142 are already broadly ignored in
ruff.toml(S603/S607explicitly;FURBas a whole). E501/W505 pragma behavior is a small formatter/lint interaction fix, not a breaking API change. - New preview rules (e.g. RUF050, RUF072, RUF073): With
preview = trueandselect = ["ALL"], new RUF rules are the main place a bump could surface new diagnostics. That is a lint surface change, not a runtime one; the PR description already notes lint-driven edits, which is the expected response.
3) Risks / unknowns
- Low:
ruffis dev-only; it is not installed for normal end-user installs unless dev extras are used. - Residual: Any missed new rule hit under
ALL+ preview could still failruff checkin pre-commit/CI until fixed or ignored — worth confirming green CI on the PR branch. - Unrelated:
.upstream-dependencyis a vendored ruff source tree for review tooling, not how chia runsruffday to day.
4) Recommendation
Merge (or merge-with-caveats only if CI has not run yet: caveat = confirm ruff check / ruff format --check are green on the PR).
This is a patch bump within 0.15.x, tooling-only for this repo, and the release notes align with bugfixes + optional new lint coverage, which you already mitigate with a large ignore list and targeted PR fixes.
Malware Scan Summary
- Status: warn
- Warn only mode:
true - Changed upstream files scanned:
1222 - Resolution strategy:
tag_range - Changed node/vendor paths:
0 - Changed lockfiles:
3 - Resolved upstream range:
ce5f7b6127a5d684e96fd0f8e387f73c41c7a1b0..c2a8815842f9dc5d24ec19385eae0f1a7188b0d9 - Resolved refs: from=
ce5f7b6127a5d684e96fd0f8e387f73c41c7a1b0to=c2a8815842f9dc5d24ec19385eae0f1a7188b0d9 - Unicode findings (post-allowlist):
14 - Confusable findings (post-allowlist):
7 - IOC findings (post-allowlist):
0 - Heuristic findings (post-allowlist):
270
Top findings
scripts/ty_benchmark/src/benchmark/snapshot.py:142unicode ::print("\n⚠️ Some snapshots don't match. Run with --accept to update them.")scripts/memory_report.py:116unicode ::return "⬇️"scripts/conformance.py:776unicode ::status = "❌ Newly Failing ☹️"scripts/conformance.py:787unicode ::status = "➡️ Neutral"crates/ty_python_semantic/src/types/set_theoretic/builder.rs:320unicode ::/// If the value is defined recursively, widening is performed from fewer literal elements,crates/ty_python_semantic/src/types/set_theoretic/builder.rs:323unicode ::/// If the value is defined non-recursively, the fixed-point iteration will converge in one go,crates/ty_python_semantic/resources/mdtest/narrow/complex_target.md:146unicode ::# but different values may be reassigned to x and y in another place.crates/ty_python_semantic/resources/mdtest/typed_dict.md:284unicode ::Also, the value types declared in a TypedDict affect generic call inference:README.md:28unicode ::- ⚡️ 10-100x faster than existing linters (like Flake8) and formatters (like Black)README.md:30unicode ::- 🛠️ pyproject.toml supportREADME.md:32unicode ::- ⚖️ Drop-in parity with [Flake8](https://docs.astral.sh/ruff/faq/#how-does-ruffs-linter-compare-to-flake8), isort, and [Black](https://docs.astral.sh/ruff/faq/#how-does-ruffs-formatter-compare-to-black)README.md:37unicode ::- ⌨️ First-party [editor integrations](https://docs.astral.sh/ruff/editors) for [VS Code](https://github.com/astral-sh/ruff-vscode) and [more](https://docs.astral.sh/ruff/editors/setup)crates/ruff_dev/src/generate_rules_table.rs:17unicode ::const FIX_SYMBOL: &str = "🛠️";crates/ruff_dev/src/generate_rules_table.rs:20unicode ::const WARNING_SYMBOL: &str = "⚠️";crates/ruff_linter/src/rules/ruff/mod.rs:417confusable ::allowed_confusables: FxHashSet::from_iter(['−', 'ρ', '∗']),crates/ruff_linter/src/rules/ruff/mod.rs:435confusable ::allowed_confusables: FxHashSet::from_iter(['−', 'ρ', '∗']),crates/ruff_linter/src/rules/ruff/mod.rs:444confusable ::allowed_confusables: FxHashSet::from_iter(['−', 'ρ', '∗']),crates/ruff_linter/src/rules/ruff/mod.rs:461confusable ::allowed_confusables: FxHashSet::from_iter(['−', 'ρ', '∗']),crates/ruff_workspace/src/options.rs:660confusable ::allowed-confusables = ["−", "ρ", "∗"]crates/ruff_annotate_snippets/tests/formatter.rs:103confusable ::Snippet::source("こんにちは、新しいWorld!")
emlowe
removed
the
Changed
Coverage Report for CI Build 24139766252Warning Build has drifted: This PR's base is out of sync with its target branch, so coverage data may include unrelated changes. Coverage increased (+0.009%) to 91.172%Details
Uncovered ChangesNo uncovered changes found. Coverage Regressions27 previously-covered lines in 8 files lost coverage.
Coverage Stats
💛 - Coveralls |
1 participant
Bumps ruff from 0.15.0 to 0.15.8.
Release notes
Sourced from ruff's releases.
... (truncated)
Changelog
Sourced from ruff's changelog.
... (truncated)
Commits
c2a8815Release 0.15.8 (#24217)d444d52[ty] Infer lambda expressions withCallabletype context (#22633)9622285[ty] Autocomplete arguments if in arguments node (#24167)d812662Use thereleaseenvironment inpublish-docs(#24214)eda2355[ty] ShowFinalsource in final assignment diagnostic (#24194)929eb52[ty] Enforce Final attribute assignment rules for annotated and augmented wri...34998be[ty] Fix typo in comment (#24211)560aca0[ty] Minor simplifications to some benchmark code (#24209)683bae5[ty] Track non-terminal-call constraints in global scope (#23245)4704c2a[ty] Remove unnecessary intermediate collection in `StaticClassLiteral::field...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Note
Low Risk
Low risk dependency bump plus minor refactors to test fixtures/context managers and a float comparison tweak; no production logic changes beyond a comment/cleanup.
Overview
Bumps the dev linter/formatter dependency
rufffrom0.15.0to0.15.8(lockfile update).Applies small ruff-driven cleanups: simplify several fixtures/context managers to
yieldconstructed objects directly (avoiding temporary locals), relax a mempool fee estimator test to usepytest.approx(0.0)for a float assertion, and adjust a long comment inplotting/cache.pyto avoid anE501suppression.Reviewed by Cursor Bugbot for commit 91df003. Bugbot is set up for automated code reviews on this repo. Configure here.