Update most test/lint dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
aiohttp	==3.10.9 -> ==3.10.10						patch
astral-sh/ruff-pre-commit	v0.6.9 -> v0.7.1					repository	minor
mypy (source, changelog)	==1.12.0 -> ==1.13.0						minor
pre-commit/pre-commit-hooks	v4.6.0 -> v5.0.0					repository	major
psf/black-pre-commit-mirror	24.8.0 -> 24.10.0					repository	minor
ruff (source, changelog)	==0.6.9 -> ==0.7.1						minor
uv (source, changelog)	==0.4.18 -> ==0.4.26						patch

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

aio-libs/aiohttp (aiohttp)

v3.10.10

Compare Source

====================

Bug fixes

• Fixed error messages from :py:class:~aiohttp.resolver.AsyncResolver being swallowed -- by :user:bdraco.

  Related issues and pull requests on GitHub:
  :issue:9451, :issue:9455.

Features

• Added :exc:aiohttp.ClientConnectorDNSError for differentiating DNS resolution errors from other connector errors -- by :user:mstojcevich.

  Related issues and pull requests on GitHub:
  :issue:8455.

Miscellaneous internal changes

• Simplified DNS resolution throttling code to reduce chance of race conditions -- by :user:bdraco.

  Related issues and pull requests on GitHub:
  :issue:9454.

---

astral-sh/ruff-pre-commit (astral-sh/ruff-pre-commit)

v0.7.1

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.7.1

v0.7.0

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.7.0

python/mypy (mypy)

v1.13.0

Compare Source

v1.12.1

Compare Source

• Fix crash when showing partially analyzed type in error message (Ivan Levkivskyi, PR 17961)
• Fix iteration over union (when self type is involved) (Shantanu, PR 17976)
• Fix type object with type var default in union context (Jukka Lehtosalo, PR 17991)
• Revert change to os.path stubs affecting use of os.PathLike[Any] (Shantanu, PR 17995)

pre-commit/pre-commit-hooks (pre-commit/pre-commit-hooks)

v5.0.0: pre-commit-hooks v5.0.0

Compare Source

Features

• requirements-txt-fixer: also remove pkg_resources==....
  • #​850 PR by @​ericfrederich.
  • #​1030 issue by @​ericfrederich.
• check-illegal-windows-names: new hook!
  • #​1044 PR by @​ericfrederich.
  • #​589 issue by @​ericfrederich.
  • #​1049 PR by @​Jeffrey-Lim.
• pretty-format-json: continue processing even if a file has a json error.
  • #​1039 PR by @​amarvin.
  • #​1038 issue by @​amarvin.

Fixes

• destroyed-symlinks: set stages to [pre-commit, pre-push, manual]
  • PR #​1085 by @​AdrianDC.

Migrating

• pre-commit-hooks now requires pre-commit>=3.2.0.
• use non-deprecated names for stages.
  • #​1093 PR by @​asottile.

psf/black-pre-commit-mirror (psf/black-pre-commit-mirror)

v24.10.0

Compare Source

astral-sh/ruff (ruff)

v0.7.1

Compare Source

Preview features

• Fix E221 and E222 to flag missing or extra whitespace around == operator (#​13890)
• Formatter: Alternate quotes for strings inside f-strings in preview (#​13860)
• Formatter: Join implicit concatenated strings when they fit on a line (#​13663)
• [pylint] Restrict iteration-over-set to only work on sets of literals (PLC0208) (#​13731)

Rule changes

• [flake8-type-checking] Support auto-quoting when annotations contain quotes (#​11811)

Server

• Avoid indexing the workspace for single-file mode (#​13770)

Bug fixes

• Make ARG002 compatible with EM101 when raising NotImplementedError (#​13714)

Other changes

• Introduce more Docker tags for Ruff (similar to uv) (#​13274)

v0.7.0

Compare Source

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

• The pytest rules PT001 and PT023 now default to omitting the decorator parentheses when there are no arguments
  (#​12838, #​13292).
  This was a change that we attempted to make in Ruff v0.6.0, but only partially made due to an error on our part.
  See the blog post for more details.
• The useless-try-except rule (in our tryceratops category) has been recoded from TRY302 to
  TRY203 (#​13502). This ensures Ruff's code is consistent with
  the same rule in the tryceratops linter.
• The lint.allow-unused-imports setting has been removed (#​13677). Use
  lint.pyflakes.allow-unused-imports
  instead.

Formatter preview style

• Normalize implicit concatenated f-string quotes per part (#​13539)

Preview linter features

• [refurb] implement hardcoded-string-charset (FURB156) (#​13530)
• [refurb] Count codepoints not bytes for slice-to-remove-prefix-or-suffix (FURB188) (#​13631)

Rule changes

• [pylint] Mark PLE1141 fix as unsafe (#​13629)
• [flake8-async] Consider async generators to be "checkpoints" for cancel-scope-no-checkpoint (ASYNC100) (#​13639)
• [flake8-bugbear] Do not suggest setting parameter strict= to False in B905 diagnostic message (#​13656)
• [flake8-todos] Only flag the word "TODO", not words starting with "todo" (TD006) (#​13640)
• [pycodestyle] Fix whitespace-related false positives and false negatives inside type-parameter lists (E231, E251) (#​13704)
• [flake8-simplify] Stabilize preview behavior for SIM115 so that the rule can detect files
  being opened from a wider range of standard-library functions (#​12959).

CLI

• Add explanation of fixable in --statistics command (#​13774)

Bug fixes

• [pyflakes] Allow ipytest cell magic (F401) (#​13745)
• [flake8-use-pathlib] Fix PTH123 false positive when open is passed a file descriptor (#​13616)
• [flake8-bandit] Detect patterns from multi line SQL statements (S608) (#​13574)
• [flake8-pyi] - Fix dropped expressions in PYI030 autofix (#​13727)

astral-sh/uv (uv)

v0.4.26

Compare Source

Enhancements

• Allow static dependency metadata entries for direct URL requirements (#​7846)
• Use reinstall report formatting for uv python install --reinstall (#​8487)
• Add support for system-level uv.toml configuration (#​7851)

Bug fixes

• Apply requires-python narrowing with upper bounds (#​8403)
• Avoid rewriting [[tool.uv.index]] entries when credentials are provided (#​8502)
• Fix uv add comment handling for empty arrays (#​8504)
• Replace dashes with underscores in index credential variables (#​8452)
• Respect --allow-insecure-host in uv publish (#​8440)
• Allow arbitrary --package includes in uv tree (#​8507)
• Remove existing Python install after successful download in uv python install (#​8485)

Documentation

• Add docs example for URLs with [tool.uv.dependency-metadata] (#​8484)
• Add help page for build failures (#​8286)
• Fix cache-keys typo in tags = true (#​8422)
• Add documentation examples for manual branch, rev, and tag Git dependencies (#​8497)

Error messages

• Improve error message for cache info serialization (#​8500)
• Suggest --from command when executable is available for uvx (#​8473)
• Support --with-editable in uv tool install (#​8472)

v0.4.25

Compare Source

Enhancements

• Add support for uv pip show --files (#​8369)
• Don't prefetch unreachable packages (#​8246)
• Remove tool.uv.sources table if it is empty (#​8365)
• Modify cache versioning to support backwards compatibility (#​8386)

Configuration

• Add support for UV_FROZEN and UV_LOCKED (#​8340)

Bug fixes

• Allow dashes and underscores in custom index names (#​8339)
• Avoid panic when Git dependencies are included in fork markers (#​8388)
• Check existing source by normalized name before uv add and uv remove (#​8359)
• Fix bug where username from authentication cache could be ignored (#​8345)
• Fix to respect comments positioning in pyproject.toml on change (#​8384)
• Redact index sources in uv.lock (#​8333)
• Use correct indentation when project table contains open bracket comment (#​8387)
• Only remove a source from [tool.uv.sources] if it is no long being referenced (#​8366)
• Modify uv pip list and uv tree to print to stdout regardless of --quiet flag (#​8392)

Error messages

• Improve help message for missing self update invocations (#​8337)
• Log .netrc parsing errors (#​8364)
• Remove trailing newlines in error messages (#​8322)
• Use a dedicated message for incompatible Python versions in wheel ABI tags (#​8363)
• Remove commands available in the top-level from the suggested subcommand error (#​8316)

Release

• Run release builds for macos-x86_64 on macos-14 runners (#​8327)

v0.4.24

Compare Source

Bug fixes

• Fix Python executable name in Windows free-threaded Python distributions (#​8310)
• Redact index credentials from lockfile sources (#​8307)
• Respect UV_INDEX_ rather than UV_HTTP_BASIC_ as documented (#​8306)
• Improve sources deserialization errors (#​8308)

Documentation

• Correct pytorch-to-torch reference in docs (#​8291)

v0.4.23

Compare Source

This release introduces a revamped system for defining package indexes, as an alternative to the existing pip-style
--index-url and --extra-index-url configuration options.

You can now define named indexes in your pyproject.toml file using the [[tool.uv.index]] table:

[[tool.uv.index]]
name = "pytorch"
url = "https://download.pytorch.org/whl/cpu"

Packages can be pinned to a specific index via tool.uv.sources, to ensure that a given package is installed from the
correct index. For example, to ensure that torch is always installed from the pytorch index:

[tool.uv.sources]
torch = { index = "pytorch" }

[[tool.uv.index]]
name = "pytorch"
url = "https://download.pytorch.org/whl/cpu"

Indexes can also be marked as explicit = true to prevent packages from being installed from that index
unless explicitly pinned. For example, to ensure that torch is installed from the pytorch index, but all other
packages are installed from the default index:

[tool.uv.sources]
torch = { index = "pytorch" }

[[tool.uv.index]]
name = "pytorch"
url = "https://download.pytorch.org/whl/cpu"
explicit = true

To define an additional index outside a pyproject.toml file, use the --index command-line argument
(or the UV_INDEX environment variable); to replace the default index (PyPI), use the --default-index command-line
argument (or UV_DEFAULT_INDEX).

These changes are entirely backwards-compatible with the deprecated --index-url and --extra-index-url options,
which continue to work as before.

See the Index documentation for more.

Enhancements

• Add index URLs when provided via uv add --index or --default-index (#​7746)
• Add support for named and explicit indexes (#​7481)
• Add templates for popular build backends (#​7857)
• Allow multiple pinned indexes in tool.uv.sources (#​7769)
• Allow users to incorporate Git tags into dynamic cache keys (#​8259)
• Pin named indexes in uv add (#​7747)
• Respect named --index and --default-index values in tool.uv.sources (#​7910)
• Update to latest PubGrub version (#​8245)
• Enable environment variable authentication for named indexes (#​7741)
• Avoid showing lower-bound warning outside of explicit lock and sync (#​8234)
• Improve logging during lock errors (#​8258)
• Improve styling of requires-python warnings (#​8240)
• Show hint in resolution failure on Forbidden (403) or Unauthorized (401) (#​8264)
• Update to latest cargo-dist version (includes new installer features) (#​8270)
• Warn when patch version in requires-python is implicitly 0 (#​7959)
• Add more context on client errors during range requests (#​8285)

Bug fixes

• Avoid writing duplicate index URLs with --emit-index-url (#​8226)
• Fix error leading to out-of-bound panic in uv-pep508 (#​8282)
• Fix managed distributions of free-threaded Python on Windows (#​8268)
• Fix selection of free-threaded interpreters during default Python discovery (#​8239)
• Ignore sources in build requirements for non-source trees (#​8235)
• Invalid cache when adding lower bound to lockfile (#​8230)
• Respect index priority when storing credentials (#​8256)
• Respect relative paths in uv build sources (#​8237)
• Narrow what the pip3. logic drops from entry points. (#​8273)

Documentation

• Add some additional notes to --index-url docs (#​8267)
• Add upgrade note to README (#​7937)
• Remove note that "only a single source may be defined for each dependency" (#​8243)

v0.4.22

Compare Source

Enhancements

• Respect [tool.uv.sources] in build requirements (#​7172)

Preview features

• Add a dedicated uv publish error message for missing usernames (#​8045)
• Support interactive input in uv publish (#​8158)
• Use raw filenames in uv publish (#​8204)

Performance

• Reuse the result of which git (#​8224)

Bug fixes

• Avoid environment check optimization for uv pip install --exact (#​8219)
• Do not use free-threaded interpreters without a free-threaded request (#​8191)
• Don't recommend --prerelease=allow during build requirement resolution errors (#​8192)
• Prefer optimized builds for free-threaded Python downloads (#​8196)
• Retain old python-build-standalone releases (#​8216)
• Run uv build builds in the source distribution bucket (#​8220)

v0.4.21

Compare Source

Enhancements

• Add support for managed installations of free-threaded Python (#​8100)
• Add note about uvx to uv tool run short help (#​7695)
• Enable HTTP/2 requests (#​8049)
• Support uv tree --no-dev (#​8109)
• Support PEP 723 metadata with uv run - (#​8111)
• Support pip install --exact (#​8044)
• Support uv export --no-header (#​8096)
• Add Python 3.13 images to Docker publish (#​8105)
• Support remote (https://) scripts in uv run (#​6375)
• Allow comma value-delimited arguments in uv run --with (#​7909)

Configuration

• Support wildcards in UV_INSECURE_HOST (#​8052)

Performance

• Use shared index when fetching metadata in lock satisfaction routine (#​8147)

Bug fixes

• Add prerelease compatibility check to uv python CLI (#​8020)
• Avoid deleting a project environment directory if we cannot tell if a pyvenv.cfg file exists (#​8012)
• Avoid excluding valid wheels for exact requires-python bounds (#​8140)
• Bump netrc crate to latest commit (#​8021)
• Fix uv python pin 3.13t failure when parsing version for project requires check (#​8056)
• Fix handling of != intersections in requires-python (#​7897)
• Remove the newly created tool environment if sync failed (#​8038)
• Respect dynamic extras in uv lock and uv sync (#​8091)
• Treat resolver failures as fatal in lockfile validation (#​8083)
• Use git config --get for author information for improved backwards compatibility (#​8101)
• Use comma-separated values for UV_FIND_LINKS (#​8061)
• Use shared resolver state between add and lock to avoid double Git update (#​8146)
• Make --relocatable entrypoints robust to symlinking (#​8079)
• Improve compatibility with VSCode PS1 prompt (#​8006)
• Fix "Stream did not contain valid UTF-8" failures in Windows (#​8120)
• Use --with-requirements in uvx error hint (#​8112)

Documentation

• Include uvx installation in Docker examples (#​8179)
• Make the instructions for the Windows standalone installer consistent across README and documentation (#​8125)
• Update pip compatibility guide to note transitive URL dependency support (#​8081)
• Document --reinstall with --exclude-newer to ensure downgrades (#​6721)

v0.4.20

Compare Source

Enhancements

• Add managed downloads for CPython 3.13.0 (final) (#​8010)
• Python 3.13 is the default version for uv python install (#​8010)
• Hint at wrong endpoint in uv publish failures (#​7872)
• List available scripts when a command is not specified for uv run (#​7687)
• Fill in authors field during uv init (#​7756)

Documentation

• Add snapshot testing to contribution guide (#​7882)
• Fix and improve GitLab integration docs (#​8000)

v0.4.19

Compare Source

Enhancements

• Add managed downloads for CPython 3.13.0rc3 and 3.12.7 (#​7880)
• Display the target virtual environment path if non-default (#​7850)
• Preserve case-insensitive sorts in uv add (#​7864)
• Respect project upper bounds when filtering wheels on requires-python (#​7904)
• Add --script to uv run to treat an input as PEP 723 regardless of extension (#​7739)
• Improve legibility of build failure errors (#​7854)
• Show interpreter source during Python discovery query errors (#​7928)

Configuration

• Add UV_FIND_LINKS environment variable for --find-links (#​7912)
• Ignore empty string values for UV_PYTHON environment variable (#​7878)

Bug fixes

• Allow py3x-none tags in newer than Python 3.x (#​7867)
• Allow self-dependencies in the dev section (#​7943)
• Always ignore cp2 wheels in resolution (#​7902)
• Clear the publish progress bar on retry (#​7921)
• Fix parsing of gnueabi libc variants in Python version requests (#​7975)
• Simplify supported environments when comparing to lockfile (#​7894)
• Trim commits when reading from Git refs (#​7922)
• Use a higher HTTP read timeout when publishing packages (#​7923)
• Remove the first empty line for uv tree --package foo (#​7885)

Documentation

• Add 3.13 support to the platform reference (#​7971)
• Clarify project environment creation (#​7941)
• Fix code block title in Gitlab integration docs (#​7861)
• Fix project guide section on adding a Git dependency (#​7916)
• Fix uninstallation command for Windows (#​7944)
• Clearly specify the minimum supported Windows Server version (#​7946)

Rust API

• Remove unused Sha256Reader (#​7929)
• Remove unnecessary Deserialize derives on settings (#​7856)

---

Configuration

📅 Schedule: Branch creation - "every 3 months on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[AlexWaygood]

I manually triggered an update PR:

• Good to get the latest version of mypy in our CI
• I keep hitting Regression in 0.4.23: data did not match any variant of untagged enum CacheInfoWire astral-sh/uv#8367 locally due to having a different version of uv installed globally than we have pinned in our requirements file; upgrading our uv pin should fix that.