chore(deps)(deps): Bump the python-minor-patch group across 1 directory with 9 updates

[dependabot]

Bumps the python-minor-patch group with 9 updates in the / directory:

Package	From	To
urllib3	2.6.3	2.7.0
pydantic	2.13.3	2.13.4
tox	4.53.1	4.54.0
ruff	0.15.12	0.15.13
openapi-python-client	0.28.3	0.28.4
datamodel-code-generator	0.56.1	0.57.0
poethepoet	0.45.0	0.46.0
ty	0.0.34	0.0.37
fastmcp	3.2.4	3.3.1

Updates urllib3 from 2.6.3 to 2.7.0

Release notes

Sourced from urllib3's releases.

2.7.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Security

Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.

• Decompression-bomb safeguards of the streaming API were bypassed:

  1. When HTTPResponse.drain_conn() was called after the response had been read and decompressed partially. (Reported by @​Cycloctane)
  2. During the second HTTPResponse.read(amt=N) or HTTPResponse.stream(amt=N) call when the response was decompressed using the official Brotli library. (Reported by @​kimkou2024)

  See GHSA-mf9v-mfxr-j63j for details.

• HTTP pools created using ProxyManager.connection_from_url did not strip sensitive headers specified in Retry.remove_headers_on_redirect when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by @​christos-spearbit)

Deprecations and Removals

• Used FutureWarning instead of DeprecationWarning for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (urllib3/urllib3#3763)
• Removed support for end-of-life Python 3.9. (urllib3/urllib3#3720)
• Removed support for end-of-life PyPy3.10. (urllib3/urllib3#4979)
• Bumped the minimum supported pyOpenSSL version to 19.0.0. (urllib3/urllib3#3777)

Bugfixes

• Fixed a bug where HTTPResponse.read(amt=None) was ignoring decompressed data buffered from previous partial reads. (urllib3/urllib3#3636)
• Fixed a bug where HTTPResponse.read() could cache only part of the response after a partial read when cache_content=True. (urllib3/urllib3#4967)
• Fixed HTTPResponse.stream() and HTTPResponse.read_chunked() to handle amt=0. (urllib3/urllib3#3793)
• Updated _TYPE_BODY type alias to include missing Iterable[str], matching the documented and runtime behavior of chunked request bodies. (urllib3/urllib3#3798)
• Fixed LocationParseError when paths resembling schemeless URIs were passed to HTTPConnectionPool.urlopen(). (urllib3/urllib3#3352)
• Fixed BaseHTTPResponse.readinto() type annotation to accept memoryview in addition to bytearray, matching the io.RawIOBase.readinto contract and enabling use with io.BufferedReader without type errors. (urllib3/urllib3#3764)

Changelog

Sourced from urllib3's changelog.

2.7.0 (2026-05-07)

Security

Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.

• Decompression-bomb safeguards of the streaming API were bypassed:

  1. When HTTPResponse.drain_conn() was called after the response had been read and decompressed partially.
  2. During the second HTTPResponse.read(amt=N) or HTTPResponse.stream(amt=N) call when the response was decompressed using the official Brotli <https://pypi.org/project/brotli/>__ library.

  See GHSA-mf9v-mfxr-j63j <https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j>__ for details.

• HTTP pools created using ProxyManager.connection_from_url did not strip sensitive headers specified in Retry.remove_headers_on_redirect when redirecting to a different host. (GHSA-qccp-gfcp-xxvc <https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc>__)

Deprecations and Removals

• Used FutureWarning instead of DeprecationWarning for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. ([#3763](https://github.com/urllib3/urllib3/issues/3763) <https://github.com/urllib3/urllib3/issues/3763>__)
• Removed support for end-of-life Python 3.9. ([#3720](https://github.com/urllib3/urllib3/issues/3720) <https://github.com/urllib3/urllib3/issues/3720>__)
• Removed support for end-of-life PyPy3.10. ([#4979](https://github.com/urllib3/urllib3/issues/4979) <https://github.com/urllib3/urllib3/issues/4979>__)
• Bumped the minimum supported pyOpenSSL version to 19.0.0. ([#3777](https://github.com/urllib3/urllib3/issues/3777) <https://github.com/urllib3/urllib3/issues/3777>__)

Bugfixes

• Fixed a bug where HTTPResponse.read(amt=None) was ignoring decompressed data buffered from previous partial reads. ([#3636](https://github.com/urllib3/urllib3/issues/3636) <https://github.com/urllib3/urllib3/issues/3636>__)
• Fixed a bug where HTTPResponse.read() could cache only part of the response after a partial read when cache_content=True.

... (truncated)

Commits

• 9a950b9 Release 2.7.0
• 5ec0de4 Merge commit from fork
• 2bdcc44 Merge commit from fork
• f45b0df Fix a misleading example for ProxyManager (#4970)
• 577193c Switch to nightly PyPy3.11 in CI for now (#4984)
• e90af45 Avoid infinite loop in HTTPResponse.read_chunked when amt=0 (#4974)
• 67ed74f Bump dev dependencies (#4972)
• 3abd481 Upgrade mypy to version 1.20.2 (#4978)
• 2b8725d Drop support for EOL PyPy3.10 (#4979)
• 2944b2a Upgrade setup-chrome and setup-firefox to fix warnings (#4973)
• Additional commits viewable in compare view

Updates pydantic from 2.13.3 to 2.13.4

Release notes

Sourced from pydantic's releases.

v2.13.4 2026-05-06

v2.13.4 (2026-05-06)

What's Changed

Packaging

• Bump libc from 0.2.155 to 0.2.185 by @​Viicos in #13109
• Adapt pydantic-core linker flags on macOS by @​washingtoneg and @​Viicos in #13147

Fixes

• Preserve RootModel core metadata by @​Viicos in #13129

Full Changelog: pydantic/pydantic@v2.13.3...v2.13.4

Changelog

Sourced from pydantic's changelog.

v2.13.4 (2026-05-06)

GitHub release

What's Changed

Packaging

• Bump libc from 0.2.155 to 0.2.185 by @​Viicos in #13109
• Adapt pydantic-core linker flags on macOS by @​washingtoneg and @​Viicos in #13147

Fixes

• Preserve RootModel core metadata by @​Viicos in #13129

Commits

• cf67d4b Fix linting
• f0d8a21 Prepare release v2.13.4
• 5e3fe1d Check for pydantic tag pattern in CI
• 7f9edcc Document tagging conventions
• b46a0c9 Adapt pydantic-core linker flags on macOS
• 50629c8 Update to PyPy 7.3.22
• 8522ebb Preserve RootModel core metadata
• a37f3af Adapt MISSING sentinel test to work with unreleased typing_extensions ver...
• 909259a Remove Logfire example in documentation
• 2c4174c Bump libc from 0.2.155 to 0.2.185
• See full diff in compare view

Updates tox from 4.53.1 to 4.54.0

Release notes

Sourced from tox's releases.

v4.54.0

What's Changed

• 🧪 test(conftest): strip broken nspkg.pth files under py3.15 by @​gaborbernat in tox-dev/tox#3937
• ✨ feat(packaging): declare tox.pytest deps via a testing extra by @​gaborbernat in tox-dev/tox#3940
• 🐛 fix(schema): cover every replace form in the TOML schema by @​gaborbernat in tox-dev/tox#3941

Full Changelog: tox-dev/tox@4.53.1...4.54.0

Changelog

Sourced from tox's changelog.

Features - 4.54.0

• Declare the runtime dependencies of the tox.pytest plugin (pytest, devpi-process and pytest-mock) under a new testing extra, so plugin authors can pull them in via tox[testing] - by :user:gaborbernat. (:issue:3938, :issue:3940)

Bug fixes - 4.54.0

• Extend the generated TOML schema to cover every replace table form (env, ref, posargs, glob, if), including conditional replacements used inside commands. A guard test asserts the schema stays in sync with the loader implementation so future replace types cannot be added without a corresponding schema entry. (:issue:3939)

---

v4.53.1 (2026-05-02)

---

Commits

• 1f1fcc7 release 4.54.0
• b35c8ee 🐛 fix(schema): cover every replace form in the TOML schema (#3941)
• 6eb5c4f ✨ feat(packaging): declare tox.pytest deps via a testing extra (#3940)
• 1ad47dd 🧪 test(conftest): strip broken nspkg.pth files under py3.15 (#3937)
• dfba966 [pre-commit.ci] pre-commit autoupdate (#3936)
• 21069af [pre-commit.ci] pre-commit autoupdate (#3933)
• See full diff in compare view

Updates ruff from 0.15.12 to 0.15.13

Release notes

Sourced from ruff's releases.

0.15.13

Release Notes

Released on 2026-05-14.

Preview features

• Add a rule to flag lazy imports that are eagerly evaluated (#25016)
• [pylint] Standardize diagnostic message (PLR0914, PLR0917) (#24996)

Bug fixes

• Fix F811 false positive for class methods (#24933)
• Fix setting selection for multi-folder workspace (#24819)
• [eradicate] Fix false positive for lines with leading whitespace (ERA001) (#25122)
• [flake8-pyi] Fix false positive for f-string debug specifier (PYI016) (#24098)

Rule changes

• Always include panic payload in panic diagnostic message (#24873)
• Restrict PYI034 for in-place operations to enclosing class (#24511)
• Improve error message for parameters that are declared global (#24902)
• Update known stdlib (#25103)

Performance

• [isort] Avoid constructing glob::Patterns for literal known modules (#25123)

CLI

• Add TOML examples to --config help text (#25013)
• Colorize ruff check 'All checks passed' (#25085)

Configuration

• Increase max allowed value of line-length setting (#24962)

Documentation

• Add D203 to rules that conflict with the formatter (#25044)
• Clarify COM819 and formatter interaction (#25045)
• Clarify that NotImplemented is a value, not an exception (F901) (#25054)
• Update number of lint rules supported (#24942)

Other changes

• Simplify the playground's markdown template (#24924)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.13

Released on 2026-05-14.

Preview features

• Add a rule to flag lazy imports that are eagerly evaluated (#25016)
• [pylint] Standardize diagnostic message (PLR0914, PLR0917) (#24996)

Bug fixes

• Fix F811 false positive for class methods (#24933)
• Fix setting selection for multi-folder workspace (#24819)
• [eradicate] Fix false positive for lines with leading whitespace (ERA001) (#25122)
• [flake8-pyi] Fix false positive for f-string debug specifier (PYI016) (#24098)

Rule changes

• Always include panic payload in panic diagnostic message (#24873)
• Restrict PYI034 for in-place operations to enclosing class (#24511)
• Improve error message for parameters that are declared global (#24902)
• Update known stdlib (#25103)

Performance

• [isort] Avoid constructing glob::Patterns for literal known modules (#25123)

CLI

• Add TOML examples to --config help text (#25013)
• Colorize ruff check 'All checks passed' (#25085)

Configuration

• Increase max allowed value of line-length setting (#24962)

Documentation

• Add D203 to rules that conflict with the formatter (#25044)
• Clarify COM819 and formatter interaction (#25045)
• Clarify that NotImplemented is a value, not an exception (F901) (#25054)
• Update number of lint rules supported (#24942)

Other changes

• Simplify the playground's markdown template (#24924)

Contributors

• @​MichaReiser

... (truncated)

Commits

• 2afb467 Bump 0.15.13 (#25157)
• 3008796 [ty] classify TypeVar semantic tokens as type parameters (#24891)
• 79470e3 [isort] Avoid constructing glob::Patterns for literal known modules (#25123)
• 2522549 Remove shellcheck from prek (#25154)
• 7db7170 [ty] Support TypedDict key completions in incomplete, anonymous contexts (#25...
• bb3dd53 [ty] Run full iteration analysis on narrowed typevars (#25143)
• 828cdb7 [ty] Isolate file-watching test environment (#25151)
• 89e1d86 [ty] Preserve TypedDict keys through dict unpacking (#24523)
• 86f3064 [ty] Avoid accessing args[0] for static_assert (#25149)
• ed819f9 [ty] Treat custom enum __new__ values as dynamic (#25136)
• Additional commits viewable in compare view

Updates openapi-python-client from 0.28.3 to 0.28.4

Release notes

Sourced from openapi-python-client's releases.

0.28.4 (2026-05-11)

Features

• Update uv_build to 0.11 when using --meta=uv (#1434)

Add support for x-enum-varnames to string enums

#1358 by @​mbbush

You can now customize the variable names of the generated string enumerations using the x-enum-varnames openapi extension. Previously, this was only possible for integer enumerations.

Changelog

Sourced from openapi-python-client's changelog.

0.28.4 (2026-05-11)

Features

• Update uv_build to 0.11 when using --meta=uv (#1434)

Add support for x-enum-varnames to string enums

##1358 by @​mbbush

You can now customize the variable names of the generated string enumerations using the x-enum-varnames openapi extension. Previously, this was only possible for integer enumerations.

Commits

• 284576f Release 0.28.4 (#1408)
• 7be999c chore(deps): lock file maintenance (#1415)
• 7eeb915 chore(deps): update pypa/gh-action-pypi-publish action to v1.14.0 (#1419)
• 894d9f4 chore(deps): update actions/upload-artifact action to v7.0.1 (#1422)
• 5b25891 chore(deps): update dependency typer to >0.16,<0.26 (#1430)
• dd2f095 feat: Update uv_build to 0.11 when using --meta=uv (#1434)
• 5fcaf72 chore(deps): update actions/download-artifact action to v8.0.1 (#1414)
• 75cb057 chore(deps): lock file maintenance (#1402)
• 0534d3b chore(deps): update github artifact actions (major) (#1406)
• 72a37ec Add support for x-enum-varnames to string enums (#1358)
• See full diff in compare view

Updates datamodel-code-generator from 0.56.1 to 0.57.0

Release notes

Sourced from datamodel-code-generator's releases.

0.57.0

Breaking Changes

Code Generation Changes

• --use-default no longer makes required fields nullable - Previously, --use-default turned required fields into optional nullable fields (e.g., status: str | None = 'active'). Now required fields keep their original non-nullable type and just get the default value rendered (e.g., status: str = 'active'). Users whose downstream code depends on these fields being Optional/nullable will need to update. (#3054)
• Required model-ref fields no longer render defaults without --use-default - Previously, required fields referencing models (e.g., shipping_address: Address) inconsistently rendered defaults with validate_default=True while scalar required fields did not. Now all required fields consistently omit defaults unless --use-default is passed. Users who relied on the previous behavior where model-ref required fields had defaults rendered will see those defaults removed. (#3054)

Custom Template Update Required

• Built-in Jinja2 templates now use field.use_default_with_required - The built-in templates for BaseModel, dataclass, pydantic_v2/dataclass, and msgspec were updated to check field.use_default_with_required alongside field.required when deciding whether to render defaults. Custom templates that replicate the old default-rendering logic (e.g., {%- if not field.required %}) will still work but won't support the new --use-default behavior for required fields. To get the updated behavior, custom templates should change conditions like not field.required to (not field.required or field.use_default_with_required). (#3054)

What's Changed

• Harden workflow credentials by @​koxudaxi in koxudaxi/datamodel-code-generator#3095
• Fix release automation workflows by @​koxudaxi in koxudaxi/datamodel-code-generator#3110
• Enforce shared assertions in e2e tests by @​koxudaxi in koxudaxi/datamodel-code-generator#3108
• Fix docs preview required check by @​koxudaxi in koxudaxi/datamodel-code-generator#3112
• Fix required field default rendering and --use-default nullable types by @​butvinm in koxudaxi/datamodel-code-generator#3054
• Remove unused CLI doc schema version lookup by @​koxudaxi in koxudaxi/datamodel-code-generator#3113
• Fix byte to binary type mapping by @​koxudaxi in koxudaxi/datamodel-code-generator#3114
• Create generated docs sync PRs by @​koxudaxi in koxudaxi/datamodel-code-generator#3117
• Support local HTTP ref paths by @​koxudaxi in koxudaxi/datamodel-code-generator#3116
• Fix reuse discriminator literals by @​koxudaxi in koxudaxi/datamodel-code-generator#3115
• docstrings that can be single line to be formatted on a single line by @​kevin-paulson-mindbridge-ai in koxudaxi/datamodel-code-generator#3107
• Fix indefinite hang on OpenAPI schemas with cyclic model dependencies by @​kevin-paulson-mindbridge-ai in koxudaxi/datamodel-code-generator#3078
• Add OpenAPI enum literal alias regression test by @​koxudaxi in koxudaxi/datamodel-code-generator#3124
• Fix pydantic model extra warnings by @​koxudaxi in koxudaxi/datamodel-code-generator#3127
• Fix snake case array discriminator by @​koxudaxi in koxudaxi/datamodel-code-generator#3125
• Fix serialization alias choices by @​koxudaxi in koxudaxi/datamodel-code-generator#3126
• Fix generated docs sync prompt snapshots by @​koxudaxi in koxudaxi/datamodel-code-generator#3129
• Add manual generated docs sync trigger by @​koxudaxi in koxudaxi/datamodel-code-generator#3130
• Use source tree for generated prompt snapshots by @​koxudaxi in koxudaxi/datamodel-code-generator#3132
• Propagate enum member descriptions for anyOf const pattern by @​mvanhorn in koxudaxi/datamodel-code-generator#3133

... (truncated)

Changelog

Sourced from datamodel-code-generator's changelog.

0.57.0 - 2026-05-07

Breaking Changes

Code Generation Changes

• --use-default no longer makes required fields nullable - Previously, --use-default turned required fields into optional nullable fields (e.g., status: str | None = 'active'). Now required fields keep their original non-nullable type and just get the default value rendered (e.g., status: str = 'active'). Users whose downstream code depends on these fields being Optional/nullable will need to update. (#3054)
• Required model-ref fields no longer render defaults without --use-default - Previously, required fields referencing models (e.g., shipping_address: Address) inconsistently rendered defaults with validate_default=True while scalar required fields did not. Now all required fields consistently omit defaults unless --use-default is passed. Users who relied on the previous behavior where model-ref required fields had defaults rendered will see those defaults removed. (#3054)

Custom Template Update Required

• Built-in Jinja2 templates now use field.use_default_with_required - The built-in templates for BaseModel, dataclass, pydantic_v2/dataclass, and msgspec were updated to check field.use_default_with_required alongside field.required when deciding whether to render defaults. Custom templates that replicate the old default-rendering logic (e.g., {%- if not field.required %}) will still work but won't support the new --use-default behavior for required fields. To get the updated behavior, custom templates should change conditions like not field.required to (not field.required or field.use_default_with_required). (#3054)

What's Changed

• Harden workflow credentials by @​koxudaxi in koxudaxi/datamodel-code-generator#3095
• Fix release automation workflows by @​koxudaxi in koxudaxi/datamodel-code-generator#3110
• Enforce shared assertions in e2e tests by @​koxudaxi in koxudaxi/datamodel-code-generator#3108
• Fix docs preview required check by @​koxudaxi in koxudaxi/datamodel-code-generator#3112
• Fix required field default rendering and --use-default nullable types by @​butvinm in koxudaxi/datamodel-code-generator#3054
• Remove unused CLI doc schema version lookup by @​koxudaxi in koxudaxi/datamodel-code-generator#3113
• Fix byte to binary type mapping by @​koxudaxi in koxudaxi/datamodel-code-generator#3114
• Create generated docs sync PRs by @​koxudaxi in koxudaxi/datamodel-code-generator#3117
• Support local HTTP ref paths by @​koxudaxi in koxudaxi/datamodel-code-generator#3116
• Fix reuse discriminator literals by @​koxudaxi in koxudaxi/datamodel-code-generator#3115
• docstrings that can be single line to be formatted on a single line by @​kevin-paulson-mindbridge-ai in koxudaxi/datamodel-code-generator#3107
• Fix indefinite hang on OpenAPI schemas with cyclic model dependencies by @​kevin-paulson-mindbridge-ai in koxudaxi/datamodel-code-generator#3078
• Add OpenAPI enum literal alias regression test by @​koxudaxi in koxudaxi/datamodel-code-generator#3124
• Fix pydantic model extra warnings by @​koxudaxi in koxudaxi/datamodel-code-generator#3127
• Fix snake case array discriminator by @​koxudaxi in koxudaxi/datamodel-code-generator#3125
• Fix serialization alias choices by @​koxudaxi in koxudaxi/datamodel-code-generator#3126
• Fix generated docs sync prompt snapshots by @​koxudaxi in koxudaxi/datamodel-code-generator#3129
• Add manual generated docs sync trigger by @​koxudaxi in koxudaxi/datamodel-code-generator#3130
• Use source tree for generated prompt snapshots by @​koxudaxi in koxudaxi/datamodel-code-generator#3132
• Propagate enum member descriptions for anyOf const pattern by @​mvanhorn in koxudaxi/datamodel-code-generator#3133
• Allow generated prompt snapshot updates by @​koxudaxi in koxudaxi/datamodel-code-generator#3134
• Write generated prompt snapshots directly by @​koxudaxi in koxudaxi/datamodel-code-generator#3135
• Preserve tox python preference for generated docs by @​koxudaxi in koxudaxi/datamodel-code-generator#3136
• Sync generated docs by @​dcg-generated-docs[bot] in koxudaxi/datamodel-code-generator#3137

New Contributors

• @​mvanhorn made their first contribution in koxudaxi/datamodel-code-generator#3133
• @​dcg-generated-docs[bot] made their first contribution in koxudaxi/datamodel-code-generator#3137

Full Changelog: koxudaxi/datamodel-code-generator@0.56.1...0.57.0

---

Commits

• d0aa6ab docs: sync generated docs (#3137)
• 7bd643f Preserve tox python preference for generated docs (#3136)
• 64f218a Write generated prompt snapshots directly (#3135)
• a7d1e9c Allow generated prompt snapshot updates (#3134)
• 9210c19 Propagate enum member descriptions for anyOf const pattern (#3133)
• 928ba55 Use source tree for generated prompt snapshots (#3132)
• b599714 Add manual generated docs sync trigger (#3130)
• 93f2bce Fix generated docs sync prompt snapshots (#3129)
• 919f191 Fix serialization alias choices (#3126)
• 90b0729 Fix snake case array discriminator (#3125)
• Additional commits viewable in compare view

Updates poethepoet from 0.45.0 to 0.46.0

Release notes

Sourced from poethepoet's releases.

0.46.0

Enhancements

• Experimental Claude Code skill and bump-version task by @​nat-n in nat-n/poethepoet#387
• Use AST parser for all templating to support :- and :+ param expansion operators everywhere by @​nat-n in nat-n/poethepoet#386

Fixes

• Make uv and poetry executors check for bat files to handle shutdown quirks on windows by @​nat-n in nat-n/poethepoet#385
• Strip underscore prefix in documentation for private positional args by @​nat-n in nat-n/poethepoet#383
• Use AST for $POE_EXTRA_ARGS detection and cache parsed content by @​nat-n in nat-n/poethepoet#388

Experimental agent skill

This release ships an experimental agent skill that gives AI coding agents contextual knowledge of poe's task API when working in projects that use it. It works with any agent that supports the skills convention and aims to improve agent abilities when it comes to leveraging and authoring poe tasks.

Please try it out and provide feedback!

Two install methods:

1. Via a built in poe task (similar to how shell completions are installed):

poe _install_skill                          # auto-detects .claude/.codex/.pi/.agents and prompts
poe _install_skill ~/.claude/skills         # explicit path (substitute your agent's dir)
poe _install_skill <skills-dir> --upgrade   # non-interactive upgrade (skips if same/newer)

2. From github via npx skills

npx skills add https://github.com/nat-n/poethepoet/tree/v0.46.0/poethepoet/skills/poethepoet

Full Changelog: nat-n/poethepoet@v0.45.0...v0.46.0

Commits

• 23a4c1a feat: experimental Claude Code skill and bump-version task (#387)
• a04a215 refactor: use AST for $POE_EXTRA_ARGS detection and cache parsed content (#388)
• 61d2e34 refactor: use AST parser for all templating (#386)
• 1bfad47 fix: make uv and poetry executors check for bat files (#385)
• 35e4a1b fix: Strip underscore prefix in documentation for private positional args (#383)
• See full diff in compare view

Updates ty from 0.0.34 to 0.0.37

Release notes

Sourced from ty's releases.

0.0.37

Release Notes

Released on 2026-05-16.

Bug fixes

• Avoid unsound not in narrowing (#25161)
• Fix async iteration over narrowed typevars (#25155)
• Fix panic in double-inference for single starred positional TypedDict (#25176)
• Fix panic in disjoint base check (#25187)
• Fix panic in recursive binary inference (#25189)
• Fix panic in cyclic __new__ (#25185)
• Fix panic in reveal_protocol, reveal_mro, etc. with keyword arguments (#25179)
• Fix panic in imported overload definition (#25168)

LSP server

• Don't show argument inlay for case-insensitive matches or prefix/suffixes (#25174)
• Reduce CPU usage of the LSP when switching between large changesets (#25142)

Core type checking

• Avoid enforcing __new__ with custom metaclasses (#25180)
• Make overload public type reachability-aware (#25171)
• Only specialized types of generic class instances should influence variance (#25124)
• Preserve ParamSpec argument context through wrapper calls (#24934)
• Support partially specialized type context for collection literals (#24506)

Contributors

• @​RasmusNygren
• @​MichaReiser
• @​charliermarsh
• @​ibraheemdev

Install ty 0.0.37

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.37/ty-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ty/releases/download/0.0.37/ty-installer.ps1 | iex"

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.37

Released on 2026-05-16.

Bug fixes

• Avoid unsound not in narrowing (#25161)
• Fix async iteration over narrowed typevars (#25155)
• Fix panic in double-inference for single starred positional TypedDict (#25176)
• Fix panic in disjoint base check (#25187)
• Fix panic in recursive binary inference (#25189)
• Fix panic in cyclic __new__ (#25185)
• Fix panic in reveal_protocol, reveal_mro, etc. with keyword arguments (#25179)
• Fix panic in imported overload definition (#25168)

LSP server

• Don't show argument inlay for case-insensitive matches or prefix/suffixes (#25174)
• Reduce CPU usage of the LSP when switching between large changesets (#25142)

Core type checking

• Avoid enforcing __new__ with custom metaclasses (#25180)
• Make overload public type reachability-aware (#25171)
• Only specialized types of generic class instances should influence variance (#25124)
• Preserve ParamSpec argument context through wrapper calls (#24934)
• Support partially specialized type context for collection literals (#24506)

Contributors

• @​RasmusNygren
• @​MichaReiser
• @​charliermarsh
• @​ibraheemdev

0.0.36

Released on 2026-05-14.

Bug fixes

• Fix Go To-Definition for self-imported submodules (#25106)
• Fix ClassVar[Self] assignment checks for class objects (#24657)
• Fix attribute access on Callable-bounded TypeVars (#24793)
• Fix panic from TypedDict schema cycle with Self fields (#25094)
• Fix panic from accessing args[0] for static_assert (#25149)
• Fix panic from non-name walrus target access (#25121)
• Fix singleton classification for runtime typing objects (#25099)
• Guard self-referential TypeOf recursion in generic callables (#24668)
• Preserve lexical ParamSpec scope for returned Callable annotations (#24909)

.....

Description has been truncated

[dependabot]

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.