Bump ruff from 0.9.2 to 0.9.4

[dependabot]

Bumps ruff from 0.9.2 to 0.9.4.

Release notes

Sourced from ruff's releases.

0.9.4

Release Notes

Preview features

• [airflow] Extend airflow context parameter check for BaseOperator.execute (AIR302) (#15713)
• [airflow] Update AIR302 to check for deprecated context keys (#15144)
• [flake8-bandit] Permit suspicious imports within stub files (S4) (#15822)
• [pylint] Do not trigger PLR6201 on empty collections (#15732)
• [refurb] Do not emit diagnostic when loop variables are used outside loop body (FURB122) (#15757)
• [ruff] Add support for more re patterns (RUF055) (#15764)
• [ruff] Check for shadowed map before suggesting fix (RUF058) (#15790)
• [ruff] Do not emit diagnostic when all arguments to zip() are variadic (RUF058) (#15744)
• [ruff] Parenthesize fix when argument spans multiple lines for unnecessary-round (RUF057) (#15703)

Rule changes

• Preserve quote style in generated code (#15726, #15778, #15794)
• [flake8-bugbear] Exempt NewType calls where the original type is immutable (B008) (#15765)
• [pylint] Honor banned top-level imports by TID253 in PLC0415. (#15628)
• [pyupgrade] Ignore is_typeddict and TypedDict for deprecated-import (UP035) (#15800)

CLI

• Fix formatter warning message for flake8-quotes option (#15788)
• Implement tab autocomplete for ruff config (#15603)

Bug fixes

• [flake8-comprehensions] Do not emit unnecessary-map diagnostic when lambda has different arity (C417) (#15802)
• [flake8-comprehensions] Parenthesize sorted when needed for unnecessary-call-around-sorted (C413) (#15825)
• [pyupgrade] Handle end-of-line comments for quoted-annotation (UP037) (#15824)

Documentation

• Add missing config docstrings (#15803)
• Add references to trio.run_process and anyio.run_process (#15761)
• Use uv init --lib in tutorial (#15718)

Contributors

• @​AlexWaygood
• @​Garrett-R
• @​InSyncWithFoo
• @​JelleZijlstra
• @​Lee-W
• @​MichaReiser
• @​charliermarsh
• @​dcreager
• @​dhruvmanila
• @​dylwil3

... (truncated)

Changelog

Sourced from ruff's changelog.

0.9.4

Preview features

• [airflow] Extend airflow context parameter check for BaseOperator.execute (AIR302) (#15713)
• [airflow] Update AIR302 to check for deprecated context keys (#15144)
• [flake8-bandit] Permit suspicious imports within stub files (S4) (#15822)
• [pylint] Do not trigger PLR6201 on empty collections (#15732)
• [refurb] Do not emit diagnostic when loop variables are used outside loop body (FURB122) (#15757)
• [ruff] Add support for more re patterns (RUF055) (#15764)
• [ruff] Check for shadowed map before suggesting fix (RUF058) (#15790)
• [ruff] Do not emit diagnostic when all arguments to zip() are variadic (RUF058) (#15744)
• [ruff] Parenthesize fix when argument spans multiple lines for unnecessary-round (RUF057) (#15703)

Rule changes

• Preserve quote style in generated code (#15726, #15778, #15794)
• [flake8-bugbear] Exempt NewType calls where the original type is immutable (B008) (#15765)
• [pylint] Honor banned top-level imports by TID253 in PLC0415. (#15628)
• [pyupgrade] Ignore is_typeddict and TypedDict for deprecated-import (UP035) (#15800)

CLI

• Fix formatter warning message for flake8-quotes option (#15788)
• Implement tab autocomplete for ruff config (#15603)

Bug fixes

• [flake8-comprehensions] Do not emit unnecessary-map diagnostic when lambda has different arity (C417) (#15802)
• [flake8-comprehensions] Parenthesize sorted when needed for unnecessary-call-around-sorted (C413) (#15825)
• [pyupgrade] Handle end-of-line comments for quoted-annotation (UP037) (#15824)

Documentation

• Add missing config docstrings (#15803)
• Add references to trio.run_process and anyio.run_process (#15761)
• Use uv init --lib in tutorial (#15718)

0.9.3

Preview features

• [airflow] Argument fail_stop in DAG has been renamed as fail_fast (AIR302) (#15633)
• [airflow] Extend AIR303 with more symbols (#15611)
• [flake8-bandit] Report all references to suspicious functions (S3) (#15541)
• [flake8-pytest-style] Do not emit diagnostics for empty for loops (PT012, PT031) (#15542)
• [flake8-simplify] Avoid double negations (SIM103) (#15562)
• [pyflakes] Fix infinite loop with unused local import in __init__.py (F401) (#15517)
• [pylint] Do not report methods with only one EM101-compatible raise (PLR6301) (#15507)
• [pylint] Implement redefined-slots-in-subclass (W0244) (#9640)

... (truncated)

Commits

• 854ab03 Bump version to 0.9.4 (#15831)
• b0b8b06 Remove semicolon after TypeScript interface definition (#15827)
• 451f251 [red-knot] Clarify behavior when redeclaring base class attributes (#15826)
• 13cf3e6 [flake8-comprehensions] Parenthesize sorted when needed for `unnecessary-...
• 56f956a [pyupgrade] Handle end-of-line comments for quoted-annotation (UP037) (...
• 7a10a40 [flake8-bandit] Permit suspicious imports within stub files (S4) (#15822)
• 3125332 [red-knot] Format mdtest snippets with the latest version of black (#15819)
• 15d886a [red-knot] Consider all definitions after terminal statements unreachable (#1...
• e1c9d10 [flake8-comprehensions] Do not emit unnecessary-map diagnostic when lambd...
• 23c9884 Preserve quotes in generated f-strings (#15794)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity]

DryRun Security Summary

The code change updates the ruff package from version 0.9.2 to 0.9.4 in the requirements-lint.txt file, representing a minor version update that appears to pose minimal security risks.

Expand for full summary

Summary:

The provided code change is a simple version update for the ruff package in the requirements-lint.txt file, from version 0.9.2 to 0.9.4. This is a minor version update, which typically includes bug fixes and minor improvements rather than significant changes or new features.

From an application security perspective, this change does not appear to introduce any significant security risks. Version updates for dependencies are generally considered low-risk, as long as the changes are well-tested and the new version does not contain known vulnerabilities. However, it is important to ensure that the new version of ruff does not have any security vulnerabilities that could be exploited, and to review the release notes or change log for the new version to verify that no security-related issues have been addressed. Additionally, running automated security scanning tools on the codebase is recommended to identify any potential security vulnerabilities that may have been introduced.

Files Changed:

• requirements-lint.txt: This file has been updated to use version 0.9.4 of the ruff package, which is a minor version update from the previous 0.9.2 version.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

[mtesauro]

Approved

[Maffooch]

@kiblik These PRs usually have failing tests. Would you mind double checking this one and making sure it does not break anything, or create more work for you in the ruff space?

[kiblik]

@Maffooch, Not anymore. Since #11451. Thanks to @manuel-sommer

[Maffooch]

Sweet! Thank you both for you diligence here 😄