Update Python dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
buf-bin (changelog)	==1.70.0 → ==1.71.0
mkdocstrings-python (changelog)	==2.0.4 → ==2.0.5
pytest (changelog)	==9.1.0 → ==9.1.1
pyvoy (changelog)	==0.3.0 → ==0.4.0
ruff (source, changelog)	==0.15.17 → ==0.15.18
tombi	==1.1.3 → ==1.1.4
ty (changelog)	==0.0.49 → ==0.0.51
zensical (changelog)	==0.0.45 → ==0.0.46

---

Release Notes

bufbuild/buf (buf-bin)

v1.71.0

Compare Source

• Port new formatter and fix bugs for in-line block comment spacing.
• Fix handling for an empty rpc input/output.

mkdocstrings/python (mkdocstrings-python)

v2.0.5

Compare Source

Compare with 2.0.4

Bug Fixes

• Allow relative cross-references to work in summaries (abe2888 by Timothée Mazzucotelli). Issue-331
• Always display attribute values as they're written in the source (0334131 by Timothée Mazzucotelli). Issue-311

pytest-dev/pytest (pytest)

v9.1.1

Compare Source

pytest 9.1.1 (2026-06-19)

Bug fixes

• #​14220: Fixed a logic bug in pytest.RaisesGroup which would might cause it to display incorrect "It matches FooError() which was paired with BarError" messages.
• #​14591: Fixed a regression in pytest 9.1.0 which caused overriding a parametrized fixture with an indirect @​pytest.mark.parametrize to fail with "duplicate parametrization of '<fixture name>'".
• #​14606: Fixed list-item typing errors from mypy in @pytest.mark.parametrize <pytest.mark.parametrize ref> argvalues parameter.
• #​14608: Fixed a regression in pytest 9.1.0 where conftest.py files located in <invocation dir>/test* were no longer loaded as initial conftests when invoked without arguments.
  This could cause certain hooks (like pytest_addoption) in these files to not fire.

curioswitch/pyvoy (pyvoy)

v0.4.0

Compare Source

This is a very large release, continuing pyvoy's vision of using Envoy as a standard library for networking operations. Aside from updating Envoy to 1.38, there are two big features in this release.

Websockets

pyvoy now supports ASGI websockets - they have been implemented as a Envoy network filter. Envoy does not have support for websockets, so unlike with normal HTTP servers, we get less features from it, but can still take advantage of it's robust TCP stack and network level controls. The websockets implementation itself is tungstenite, a popular Rust library for websockets. We have patched in support for per-message-deflate so compression is supported. The implementation passes the full autobahn testsuite.

HTTP client

pyvoy now also includes a custom transport for use with pyqwest. The transport uses Envoy itself for outbound HTTP calls. While pyqwest's Rust stack is already quite robust, this is still useful for keeping all I/O on one stack, and Envoy still has some great features like circuit breakers, etc built in. Notably, the clients will do client-side load balancing via DNS, possibly the first such client in Python. This is particularly useful when using HTTP/2.

One hard limitation on the HTTP client is because it is driven by callbacks in the Envoy request handler, any client call is tied to the request handler's lifecycle, meaning fire-and-forget type of invocations are not supported. The response must complete before the application request handler does. For fire-and-forget invocations, use a normal Pyqwest transport - nothing stops from having multiple clients as needed.

The HTTP client currently only supports ASGI - WSGI will come soon.

New Contributors

• @​stefanvanburen made their first contribution in #​198

Full Changelog: curioswitch/pyvoy@v0.3.0...v0.4.0

astral-sh/ruff (ruff)

v0.15.18

Compare Source

Released on 2026-06-18.

Preview features

• Handle nested ruff:ignore comments (#​25791)
• Stop displaying severity in output (#​26050)
• Use human-readable names in CLI output (#​25937)
• Use human-readable names in LSP and playground diagnostics (#​26058)
• [pydocstyle] Prevent property docstrings starting with verbs (D421) (#​23775)
• [flake8-pyi] Extend PYI033 to Python files (#​26129)

Bug fixes

• Detect equivalent numeric mapping keys (#​26009)
• Detect mapping keys equivalent to booleans (#​25982)
• Detect repeated signed and complex dictionary keys (#​26007)

Rule changes

• [flake8-pyi] Rename PYI033 to legacy-type-comment (#​26131)

Performance

• Use ThinVec for call keywords (#​25999)
• Inline parser recovery context checks (#​26038)
• Match parser keywords as bytes (#​26037)
• Move value parsing out of lexing (#​25360)

Server

• Render subdiagnostics and secondary annotations as related information (#​26011)

Documentation

• Update fix availability for always-fixable rules (#​26091)
• [flake8-tidy-imports] Add fix safety section (TID252) (#​17491)

Parser

• Reject __debug__ lambda parameters (#​26022)
• Reject _ as a match-pattern target (#​25977)
• Reject multiple starred names in sequence patterns (#​25976)
• Reject parenthesized star imports (#​26021)
• Reject starred comprehension targets (#​26023)
• Reject unparenthesized generator expressions in class bases (#​25978)
• Reject yield expressions after commas (#​26024)
• Validate function type parameter default order (#​25981)

Playground

• Make diagnostic links clickable (#​26104)
• Use diagnostic tags (#​26105)

Contributors

• @​AlexWaygood
• @​ntBre
• @​gtkacz
• @​MichaReiser
• @​charliermarsh
• @​Kalmaegi

tombi-toml/tombi (tombi)

v1.1.4

Compare Source

What's Changed

🐛 Bug Fixes

• fix(lsp): avoid stale diagnostics after changes by @​ya7010 in #​1954

👒 Dependencies

• build(deps-dev): bump esbuild from 0.28.0 to 0.28.1 in the npm_and_yarn group across 1 directory by @​dependabot[bot] in #​1945
• build(deps-dev): bump the npm_and_yarn group across 2 directories with 1 update by @​dependabot[bot] in #​1952

🛠️ Other Changes

• fix(ci): include LICENSE in python sdist by @​ya7010 in #​1942
• docs: explain selective auto-sort re-enable by @​ya7010 in #​1943
• Use GitHub App token for dependent release dispatches by @​ya7010 in #​1951

Full Changelog: tombi-toml/tombi@v1.1.3...v1.1.4

astral-sh/ty (ty)

v0.0.51

Compare Source

Released on 2026-06-18.

Bug fixes

• Fix bound TypeVar default cycle recovery (#​26124)
• Support Annotated[Any, ...] as a class base (#​26133)

LSP server

• Suggest keyword-only arguments between variadic parameters (#​26134)

Core type checking

• Avoid assuming classes with Any or Unknown bases are descriptors (#​26120)
• Infer simpler types in complex lambda cycles (#​26137)
• Preserve exact class objects during identity narrowing (#​26117)

Diagnostics

• Preserve unpacking diagnostics for nested assignment targets (#​26121)

Performance

• Compact indexed AST node storage (#​25998)
• Discard dead DNF branches in intersection building (#​26144)

Documentation

• Remove broken gradual guarantee link (#​3806)

Contributors

• @​charliermarsh
• @​ibraheemdev
• @​carljm
• @​MichaReiser
• @​sharkdp

v0.0.50

Compare Source

Released on 2026-06-17.

Bug fixes

• Avoid cross-TypeVar leakage in generic inference (#​26099)
• Fix panic from oscillating collection-use constraints (#​26031)
• Preserve type variables in fixed tuple aliases (#​26041)
• Respect ParamSpec binding contexts (#​25993)
• Show bare Final as a special form on hover (#​26029)
• Support options in functional dataclass calls (#​25989)

LSP server

• Add context-sensitive keyword completions (#​26036)
• Fix wildcard import symbol range (#​25740)
• Highlight decorated methods consistently (#​26003)
• Preserve narrowing after qualified TYPE_CHECKING (#​26051)
• Respect client's content format preference (#​25957)
• Retain all diagnostic annotations in the server (#​26006)
• Track unused-binding captures across nested scopes (#​25536)

Diagnostics

• Fix override diagnostics for decorated methods (#​25671)
• Improve duplicate-base diagnostics (#​26107)
• Reject invalid dataclass flag combinations (#​25985)
• Reject legacy TypeVars in PEP 695 class bases (#​25975)
• Reject legacy TypeVars in PEP 695 functions (#​25979)
• Respect @no_type_check in function validation (#​25994)

Performance

• Avoid rebuilding unchanged specializations (#​25826)
• Avoid redundant equality intersections (#​26057)
• Avoid retaining empty use-def tables (#​26018)
• Compact retained definition inference extras (#​25838)
• Deduplicate retained scope inference types (#​25846)
• Disable LRU tracking for one-shot checks (#​26106)
• Fast path collection literals with exact type contexts (#​25878)
• Flatten retained declaration states (#​25912)
• Improve flow snapshot performance (#​26012)
• Skip stub package checks in stub-free search paths (#​25963)
• Speed up large-union narrowing (#​26048)
• Speed up module resolution for projects with many search paths (#​25962)
• Store cumulative binding end offsets (#​25913)
• Use compact frozen representation for narrowing constraints (#​25990)

Core type checking

• Annotate intersection and negation types using & and ~ (#​26035)
• Diagnose zero-step slices on lists (#​25966)
• Full-scope bidirectional inference for non-empty collection literals (#​25280)
• Improve equality-based narrowing for ==, !=, and match (#​25788)
• Infer precise values for standard-library enums (#​26103)
• Make equality evaluation cycle-aware (#​26055)
• Narrow equality across IntEnum classes (#​26079)
• Narrow tuple expression match subjects (#​25874)
• Preserve literal types for loop variables over literal collections (#​25083)
• Preserve negative narrowing for starred sequence patterns (#​25927)
• Preserve non-final types in Hashable unions (#​26039)
• Support enum literals as tagged-union discriminants (#​25855)
• Sync vendored typeshed stubs (#​25952). Typeshed diff
• Sync vendored typeshed stubs (#​25997). Typeshed diff
• Synthesize NamedTuple __match_args__ (#​25934)
• Treat assigned enum hooks conservatively (#​25958)
• Validate deprecated warning categories (#​26025)

Contributors

• @​AlexWaygood
• @​MichaReiser
• @​ankddev
• @​sqqueak
• @​lerebear
• @​sharkdp
• @​denyszhak
• @​ibraheemdev
• @​charliermarsh

zensical/zensical (zensical)

v0.0.46: 0.0.46

Compare Source

Summary

This version improves search result quality and includes several bug fixes and refactorings.

Search excerpts

Search results now include excerpts, making it easier to understand why a result matches. Search remains fully client-side and as fast as before, even for projects with thousands of pages. We still consider search an active area of iteration and expect to further improve it and expose more configuration options over time.

Try it in our documentation!

User interface

The user interface is updated to v0.0.19, which includes several navigation and interaction fixes. Search highlighting now ignores single-character tokens, which avoids noisy matches like highlighting every e for queries such as e-mail. Instant previews now include a hover bridge so moving the cursor from a link to the tooltip no longer drops the popup across the visual gap.

Dependencies were also updated, including TypeScript 6 and SVGO 4 compatibility adjustments. 83 new icons were added, 2 icons were removed, and 19 icons were modified. The Lucide icon set was updated to version v1.21.0.

Validation defaults

The validation options unresolved_references, unresolved_footnotes, unused_definitions, unused_footnotes, shadowed_definitions, and shadowed_footnotes are now disabled by default. These checks remain available when explicitly enabled, but they have proven too unstable in edge cases with the current reference parser. They will eventually be superseded by the higher-fidelity parser that is already used by Zensical Studio and is planned for Open Source release and later integration into Zensical.

Changelog

Bug fixes

• aeb31ad ui – update ui to v0.0.19
• 61b6d05 compat – preserve small tags in generated search index
• edb0878 zensical – search path segment is empty when title is sourced from section index page
• 909f973 compat – don't crash on invalid URLs in HTML (#​755)
• e6b55fe compat – strip images from toc labels (#​749)
• 0f11c7f – update pyo3 to 0.29.0 to mitigate 2 vulnerabilities

Refactorings

• e4a370f zensical, compat – change several validation defaults to false (#​758)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.