build(deps): bump the quality group across 1 directory with 5 updates

[dependabot]

Bumps the quality group with 5 updates in the / directory:

Package	From	To
ruff	0.15.13	0.15.14
ty	0.0.36	0.0.38
prek	0.4.0	0.4.1
types-requests	2.33.0.20260513	2.33.0.20260518
types-python-dateutil	2.9.0.20260508	2.9.0.20260518

Updates ruff from 0.15.13 to 0.15.14

Release notes

Sourced from ruff's releases.

0.15.14

Release Notes

Released on 2026-05-21.

Preview features

• [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
• [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
• [pylint] Implement too-many-try-statements (W0717) (#23970)
• [ruff] Add incorrect-decorator-order (RUF074) (#23461)
• [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

• Fix lambda formatting in interpolated string expressions (#25144)
• Treat generic frozenset annotations as immutable (#25251)
• [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
• [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

• [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
• [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

• Avoid unnecessary parser lookahead for operators (#25290)

Documentation

• Update code example setting Neovim LSP log level (#25284)

Other changes

• Add full PEP 798 support (#25104)
• Add a parser recursion limit (#24810)
• Update various ruff_python_stdlib APIs (#25273)

Contributors

• @​ocaballeror
• @​lerebear
• @​samuelcolvin
• @​baltasarblanco
• @​aconal-com
• @​anishgirianish
• @​JelleZijlstra
• @​AlexWaygood
• @​ntBre

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.14

Released on 2026-05-21.

Preview features

• [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
• [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
• [pylint] Implement too-many-try-statements (W0717) (#23970)
• [ruff] Add incorrect-decorator-order (RUF074) (#23461)
• [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

• Fix lambda formatting in interpolated string expressions (#25144)
• Treat generic frozenset annotations as immutable (#25251)
• [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
• [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

• [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
• [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

• Avoid unnecessary parser lookahead for operators (#25290)

Documentation

• Update code example setting Neovim LSP log level (#25284)

Other changes

• Add full PEP 798 support (#25104)
• Add a parser recursion limit (#24810)
• Update various ruff_python_stdlib APIs (#25273)

Contributors

• @​ocaballeror
• @​lerebear
• @​samuelcolvin
• @​baltasarblanco
• @​aconal-com
• @​anishgirianish
• @​JelleZijlstra
• @​AlexWaygood
• @​ntBre
• @​adityasingh2400

... (truncated)

Commits

• 9ad2da3 Bump 0.15.14 (#25295)
• c714e84 [ty] Modernize setup of union types in mdtests (#25291)
• 8a8e35e [flake8-comprehensions] Skip C417 for lambdas with positional-only parame...
• aea5ed4 Avoid unnecessary parser lookahead for operators (#25290)
• e9d72bb [ty] Allow enum member accesses on self (#25077)
• 6cbd59b Set exclude-newer = "7 days" in our PEP-723 scripts (#25285)
• 9999a39 Update code example on how to update Neovim LSP log level (#25284)
• 67d8c54 [ty] Retain recursively-defined state in binary expressions (#25277)
• 25a3191 [ty] Refine Callable class-decorator fallback for unknown results (#25250)
• c423054 Add a recursion limit to the parser (#24810)
• Additional commits viewable in compare view

Updates ty from 0.0.36 to 0.0.38

Release notes

Sourced from ty's releases.

0.0.38

Release Notes

Released on 2026-05-19.

Bug fixes

• Fix panic in enum literal during cycle recovery (#25237)
• Fix panic from lazy NewType base expansion during cycle recovery (#25234)
• Fix class-body global lookup before class binding (#25224)
• Handle aliased dict fallbacks in TypedDict unions (#25241)
• Ignore _generate_next_value_ with custom construction hooks (#25210)

LSP server

• Fix find references for except handlers (#25231)
• Preserve delimiters when folding expressions (#24999)
• Use incremental file walk on .gitignore changes (#25183)

Core type checking

• Add first-class support for enum complements (#24961)
• Allow known non-field writes on frozen dataclass subclasses (#25087)
• Ignore generic specialization in layout compatibility checks (#25178)
• Preserve short-circuit bindings in all condition consumers (#25160)
• Support class decorators (#25091)
• Support custom _generate_next_value_ methods in enums (#25196)

Contributors

• @​MatthewMckee4
• @​MichaReiser
• @​charliermarsh
• @​lerebear
• @​thejchap

Install ty 0.0.38

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.38/ty-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ty/releases/download/0.0.38/ty-installer.ps1 | iex"

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.38

Released on 2026-05-19.

Bug fixes

• Fix panic in enum literal during cycle recovery (#25237)
• Fix panic from lazy NewType base expansion during cycle recovery (#25234)
• Fix class-body global lookup before class binding (#25224)
• Handle aliased dict fallbacks in TypedDict unions (#25241)
• Ignore _generate_next_value_ with custom construction hooks (#25210)

LSP server

• Fix find references for except handlers (#25231)
• Preserve delimiters when folding expressions (#24999)
• Use incremental file walk on .gitignore changes (#25183)

Core type checking

• Add first-class support for enum complements (#24961)
• Allow known non-field writes on frozen dataclass subclasses (#25087)
• Ignore generic specialization in layout compatibility checks (#25178)
• Preserve short-circuit bindings in all condition consumers (#25160)
• Support class decorators (#25091)
• Support custom _generate_next_value_ methods in enums (#25196)

Contributors

• @​MatthewMckee4
• @​MichaReiser
• @​charliermarsh
• @​lerebear
• @​thejchap

0.0.37

Released on 2026-05-16.

Bug fixes

• Avoid unsound not in narrowing (#25161)
• Fix async iteration over narrowed typevars (#25155)
• Fix panic in double-inference for single starred positional TypedDict (#25176)
• Fix panic in disjoint base check (#25187)
• Fix panic in recursive binary inference (#25189)
• Fix panic in cyclic __new__ (#25185)
• Fix panic in reveal_protocol, reveal_mro, etc. with keyword arguments (#25179)
• Fix panic in imported overload definition (#25168)

... (truncated)

Commits

• 1d3efc1 Bump version to 0.0.38 (#3492)
• f5100cc scripts/update_schemastore: use -C to allow re-running schema update on exist...
• f18aed6 Bump version to 0.0.37 (#3473)
• See full diff in compare view

Updates prek from 0.4.0 to 0.4.1

Release notes

Sourced from prek's releases.

0.4.1

Release Notes

Released on 2026-05-20.

Enhancements

• Fix pre-push range after rebase (#2089)
• Prefer extensions over loose filename tags (#2092)
• Skip installs for hooks that will not run (#2103)

Performance

• Optimize meta hook file scans (#2106)
• Reduce run filtering allocations (#2090)

Contributors

• @​j178

Install prek 0.4.1

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/j178/prek/releases/download/v0.4.1/prek-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/j178/prek/releases/download/v0.4.1/prek-installer.ps1 | iex"

Install prebuilt binaries via Homebrew

brew install prek

Download prek 0.4.1

File	Platform	Checksum
prek-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
prek-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
prek-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
prek-i686-pc-windows-msvc.zip	x86 Windows	checksum
prek-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
prek-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum

... (truncated)

Changelog

Sourced from prek's changelog.

0.4.1

Released on 2026-05-20.

Enhancements

• Fix pre-push range after rebase (#2089)
• Prefer extensions over loose filename tags (#2092)
• Skip installs for hooks that will not run (#2103)

Performance

• Optimize meta hook file scans (#2106)
• Reduce run filtering allocations (#2090)

Contributors

• @​j178

Commits

• 871b9ed Bump version to 0.4.1 (#2107)
• 3c26faf Optimize meta hook file scans (#2106)
• 7780f11 Clean up run hook installation flow (#2105)
• c5dc885 Refine hook install filtering (#2104)
• 9db879e Skip installs for hooks that will not run (#2103)
• 2a0da57 Simplify workspace file handling (#2102)
• 33ca060 Lock file maintenance (#2072)
• 03f11c0 Update GitHub Actions (#2101)
• 354f431 Update dependency uv to v0.11.13 (#2094)
• 4a41828 Update Rust crate quick-xml to v0.39.4 (#2098)
• Additional commits viewable in compare view

Updates types-requests from 2.33.0.20260513 to 2.33.0.20260518

Commits

• See full diff in compare view

Updates types-python-dateutil from 2.9.0.20260508 to 2.9.0.20260518

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	prek@​0.4.0 ⏵ 0.4.1
	ty@​0.0.36 ⏵ 0.0.38
	ruff@​0.15.13 ⏵ 0.15.14
	types-requests@​2.33.0.20260513 ⏵ 2.33.0.20260518
	types-python-dateutil@​2.9.0.20260508 ⏵ 2.9.0.20260518

View full report

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.12%. Comparing base (5e4ffe1) to head (7d4e684).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #608   +/-   ##
=======================================
  Coverage   90.12%   90.12%           
=======================================
  Files          55       55           
  Lines        2512     2512           
=======================================
  Hits         2264     2264           
  Misses        248      248           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.