Bump the python group across 1 directory with 10 updates

[dependabot]

Bumps the python group with 10 updates in the / directory:

Package	From	To
whitenoise	6.11.0	6.12.0
redis	7.1.1	7.2.1
django-celery-beat	2.8.1	2.9.0
django-environ	0.12.1	0.13.0
django-crispy-forms	2.5	2.6
crispy-bootstrap5	2025.6	2026.3
dj-rest-auth	7.1.0	7.1.1
psycopg[c]	3.3.2	3.3.3
werkzeug[watchdog]	3.1.5	3.1.6
ruff	0.15.1	0.15.4

Updates whitenoise from 6.11.0 to 6.12.0

Changelog

Sourced from whitenoise's changelog.

6.12.0 (2026-02-27)

• Drop Python 3.9 support.
• Fix potential unauthorised file access vulnerability in "autorefesh" mode. See PR [#684](https://github.com/evansd/whitenoise/issues/684) <https://github.com/evansd/whitenoise/pull/684>__ for details, and a reminder that autorefresh mode has always been documented as unsuitable for production use. Thanks Seth Larson for reporting.

Commits

• 1e3a30b Version 6.12.0
• bc4c738 Merge pull request #684 from evansd/use-commonpath
• 505ed8d Use os.path.commonpath() to identify child paths
• b6d8ed4 Upgrade dependencies (#683)
• edc79de [pre-commit.ci] pre-commit autoupdate (#682)
• 79fb2f1 Bump the github-actions group with 2 updates (#680)
• 2b245df [pre-commit.ci] pre-commit autoupdate (#681)
• dcb50f3 Upgrade dependencies (#678)
• 1c4a746 [pre-commit.ci] pre-commit autoupdate (#677)
• e7f970a Bump actions/checkout from 5 to 6 in the github-actions group (#676)
• Additional commits viewable in compare view

Updates redis from 7.1.1 to 7.2.1

Release notes

Sourced from redis's releases.

7.2.1

Changes

🐛 Bug Fixes

• Handle connection attributes conditionally for metrics and set connection data on exceptions in cluster error handling (#3964)

⚠️ Deprecations

• Removed batch_size and consumer_name attributes from OTel metrics (#3978)

🧰 Maintenance

• Fixing error handling of connection buffer purging of closed connections. Enabling troubleshooting logging for maintenance notifications e2e tests. (#3971)
• Fix protocol validation: replace finally with else and store parsed int (#3965)
• Return copies from _get_free/in_use_connections and fix async _mock (#3967)
• Add missing shard channel message types to async PubSub (#3966)
• Fix issues with ClusterPipeline connection management (#3804)
• fix(pubsub): avoid UnicodeDecodeError on reconnect with binary channel names (#3944)
• Hold references to ClusterNode disconnect task (#3826)
• remove remaining imports of typing_extensions (#3873)

We'd like to thank all the contributors who worked on this release! @​dotlambda @​rhoboro @​skylarkoo7 @​praboud @​bysiber @​vladvildanov @​petyaslavova

7.2.0

Changes

Redis 8.6 Support Added support for Redis 8.6, including new commands and features for streams idempotent production and HOTKEYS.

Smart Client Handoff (Maintenance Notifications) for Cluster note: Pending a Redis Enterprise version release

This release introduces comprehensive support for Redis Enterprise Cluster maintenance notifications via SMIGRATING/SMIGRATED push notifications. The client now automatically handles slot migrations by:

Relaxing timeouts during migration (SMIGRATING) to prevent false failures Triggering cluster state reloads upon completion (SMIGRATED) Enabling seamless operations during Redis Enterprise maintenance windows

OpenTelemetry Native Metrics Support Added comprehensive OpenTelemetry metrics support following the OpenTelemetry Database Client Semantic Conventions. Metric groups include:

• Command metrics: Operation duration with retry tracking
• Connection basic: Connection count and creation time
• Resiliency: Errors, handoffs, timeout relaxation
• Connection advanced: Wait time and use time
• Pubsub metrics: Published and received messages
• Stream metrics: Processing duration and maintenance notifications

🚀 New Features

• Added OTel instrumentation and metrics export for sync client (#3954)
• Add maintenance notifications support for OSS API cluster clients (#3946)

... (truncated)

Commits

• 56859cf Updating lib version to 7.2.1
• c671fd9 remove remaining imports of typing_extensions (#3873)
• e203796 Hold references to ClusterNode disconnect task (#3826)
• a21f768 Removed batch_size and consumer_name attributes from OTel metrics (#3978)
• 2098114 fix(pubsub): avoid UnicodeDecodeError on reconnect with binary channel names ...
• f02c66b Fix issues with ClusterPipeline connection management (#3804)
• 1958065 Add missing shard channel message types to async PubSub (#3966)
• abc519d Return copies from _get_free/in_use_connections and fix async _mock (#3967)
• bb2b6f3 Fix protocol validation: replace finally with else and store parsed int (#3965)
• 631c053 Fixing error handling of connection buffer purging of closed connecton. Enabl...
• Additional commits viewable in compare view

Updates django-celery-beat from 2.8.1 to 2.9.0

Release notes

Sourced from django-celery-beat's releases.

v2.9.0

What's Changed

• Added DeepWiki to README by @​Nusnus in celery/django-celery-beat#893
• refactor: use in operator instead of regex operator in crontab query to fix mssql regression by @​alirafiei75 in celery/django-celery-beat#900
• refactor: tzaware crontab is due method by @​alirafiei75 in celery/django-celery-beat#899
• feat: enable translation to PeriodicTaskInline verbose name by @​thalesbarbosab in celery/django-celery-beat#915
• Remove Python2 'next' assignment in scheduler by @​cclauss in celery/django-celery-beat#932
• Avoid the breaking change in dependency cron_descriptor v2 by @​rh0dium in celery/django-celery-beat#935
• GitHub Actions: Test on Python 3.14 release candidate 2 by @​cclauss in celery/django-celery-beat#945
• Remove upper bound on Django version by @​realsuayip in celery/django-celery-beat#971
• Add Django 6.0 support by @​cavanierc in celery/django-celery-beat#978

---

• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in celery/django-celery-beat#930
• Bump actions/download-artifact from 4 to 5 by @​dependabot[bot] in celery/django-celery-beat#928
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in celery/django-celery-beat#960
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in celery/django-celery-beat#972
• Bump actions/upload-artifact from 4 to 6 by @​dependabot[bot] in celery/django-celery-beat#983
• Bump actions/download-artifact from 5 to 7 by @​dependabot[bot] in celery/django-celery-beat#982
• Bump actions/upload-artifact from 6 to 7 by @​dependabot[bot] in celery/django-celery-beat#1002
• Bump actions/download-artifact from 7 to 8 by @​dependabot[bot] in celery/django-celery-beat#1003

---

• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#901
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#905
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#907
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#908
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#910
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#929
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#933
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#941
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#944
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#946
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#948
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#953
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#959
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#962
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#963
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#967
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#969
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#970
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#973
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#975
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#979
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#984
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#985
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#990
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#992
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#993
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#995
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in celery/django-celery-beat#998

... (truncated)

Changelog

Sourced from django-celery-beat's changelog.

2.9.0

:release-date: 2026-02-24 :release-by: Asif Saif Uddin (@​auvipy)

• Added DeepWiki to README
• refactor: use in operator instead of regex operator in crontab query to fix mssql regression
• refactor: tzaware crontab is due method
• feat: enable translation to PeriodicTaskInline verbose name
• Remove Python2 'next' assignment in scheduler
• Avoid the breaking change in dependency cron_descriptor v2
• GitHub Actions: Test on Python 3.14 release candidate 2
• Remove upper bound on Django version
• Add Django 6.0 support

.. _version-2.8.1:

Commits

• fc539b1 DRAFT: django_celery_beat v2.9.0 (#999)
• 19ae830 Bump actions/download-artifact from 7 to 8 (#1003)
• 81fc4a5 Bump actions/upload-artifact from 6 to 7 (#1002)
• 91ed4cd Bump actions/download-artifact from 5 to 7 (#982)
• d49bb8c Bump actions/upload-artifact from 4 to 6 (#983)
• b2ff0f4 Bump actions/checkout from 5 to 6 (#972)
• ffa0405 [pre-commit.ci] pre-commit autoupdate (#1001)
• 5cec89f [pre-commit.ci] pre-commit autoupdate (#998)
• 5ca807e [pre-commit.ci] pre-commit autoupdate (#995)
• f9c1c4c Bump github/codeql-action from 3 to 4 (#960)
• Additional commits viewable in compare view

Updates django-environ from 0.12.1 to 0.13.0

Release notes

Sourced from django-environ's releases.

v0.13.0

v0.13.0_ - 18-February-2026

Added +++++

• Added optional warnings when defaults are used [#582](https://github.com/joke2k/django-environ/issues/582) <https://github.com/joke2k/django-environ/pull/582>_.
• Added choices argument support for value validation in Env.str(...) [#555](https://github.com/joke2k/django-environ/issues/555) <https://github.com/joke2k/django-environ/pull/555>_.
• Added Valkey support via valkey:// and valkeys:// cache URL schemes [#554](https://github.com/joke2k/django-environ/issues/554) <https://github.com/joke2k/django-environ/pull/554>_.
• Added support for rediss:// scheme in channels URL parsing [#573](https://github.com/joke2k/django-environ/issues/573) <https://github.com/joke2k/django-environ/pull/573>_.
• Added django-prometheus database backend aliases to DB URL parsing schemes [#559](https://github.com/joke2k/django-environ/issues/559) <https://github.com/joke2k/django-environ/pull/559>_.

Changed +++++++

• Declared support for Python 3.14 [#580](https://github.com/joke2k/django-environ/issues/580) <https://github.com/joke2k/django-environ/pull/580>_.
• Declared support for Django 5.2 and Django 6.0 [#578](https://github.com/joke2k/django-environ/issues/578) <https://github.com/joke2k/django-environ/pull/578>_.

Fixed +++++

• Improved type hint coverage and related lint issues [#546](https://github.com/joke2k/django-environ/issues/546) <https://github.com/joke2k/django-environ/pull/546>_.
• Fixed typos in the FAQ page [#445](https://github.com/joke2k/django-environ/issues/445) <https://github.com/joke2k/django-environ/pull/445>_.

Changelog

Sourced from django-environ's changelog.

v0.13.0_ - 18-February-2026

Added +++++

• Added optional warnings when defaults are used [#582](https://github.com/joke2k/django-environ/issues/582) <https://github.com/joke2k/django-environ/pull/582>_.
• Added choices argument support for value validation in Env.str(...) [#555](https://github.com/joke2k/django-environ/issues/555) <https://github.com/joke2k/django-environ/pull/555>_.
• Added Valkey support via valkey:// and valkeys:// cache URL schemes [#554](https://github.com/joke2k/django-environ/issues/554) <https://github.com/joke2k/django-environ/pull/554>_.
• Added support for rediss:// scheme in channels URL parsing [#573](https://github.com/joke2k/django-environ/issues/573) <https://github.com/joke2k/django-environ/pull/573>_.
• Added django-prometheus database backend aliases to DB URL parsing schemes [#559](https://github.com/joke2k/django-environ/issues/559) <https://github.com/joke2k/django-environ/pull/559>_.

Changed +++++++

• Declared support for Python 3.14 [#580](https://github.com/joke2k/django-environ/issues/580) <https://github.com/joke2k/django-environ/pull/581>_.
• Declared support for Django 5.2 and Django 6.0 [#578](https://github.com/joke2k/django-environ/issues/578) <https://github.com/joke2k/django-environ/pull/578>_.

Fixed +++++

• Improved type hint coverage and related lint issues [#546](https://github.com/joke2k/django-environ/issues/546) <https://github.com/joke2k/django-environ/pull/546>_.
• Fixed typos in the FAQ page [#445](https://github.com/joke2k/django-environ/issues/445) <https://github.com/joke2k/django-environ/pull/445>_.

Commits

• 00746d0 docs: add Django 5.2 and 6.0 support to README
• d1f1159 Release 0.13.0
• d82e361 Add optional warnings when defaults are used (#582)
• a78f7c8 Fixed some typos in the FAQ page (#445)
• 24b299e Feature/add choice parameter and raise an exception if fetched value is not w...
• c441413 Add django-prometheus database backends to DB_SCHEMES (#559)
• 98a0aad Fix lint issues in environ type hints
• f4e77e4 feat(cache): add valkey and valkeys as allowed schemes (#554)
• dd4d308 Add type hints (#546)
• 3137c4f Support lower case options for Django Redis cache backend (#550)
• Additional commits viewable in compare view

Updates django-crispy-forms from 2.5 to 2.6

Release notes

Sourced from django-crispy-forms's releases.

2.6 (2026-03-01)

• Dropped support for Django 4.2, 5.0 and 5.1.

Changelog

Sourced from django-crispy-forms's changelog.

2.6 (2026-03-01)

• Dropped support for Django 4.2, 5.0 and 5.1.

Commits

• dc8007e Release 2.6. (#1432)
• 792c671 Updated versions in pyproject.toml. (#1431)
• af31d24 Fix incorrect reverse in crispy tag docs (#1410)
• fb7acdc Don't crash when using the crispy template tag and missing variables (#1418)
• d30a0ab Dropped unsupported Django versions. (#1430)
• 3f5b88d Improved |as_crispy_field error message. (#1427)
• 6a97c68 Fix typos in some files (#1425)
• See full diff in compare view

Updates crispy-bootstrap5 from 2025.6 to 2026.3

Release notes

Sourced from crispy-bootstrap5's releases.

2026.3 (2026-03-01)

• Confirmed support for Django 6.0.
• Dropped support for Django 4.2, 5.0 and 5.1.
• Added support for Python 3.14.
• Dropped support for Python 3.8 and 3.9.

Changelog

Sourced from crispy-bootstrap5's changelog.

2026.3 (2026-03-01)

• Confirmed support for Django 6.0.
• Dropped support for Django 4.2, 5.0 and 5.1.
• Added support for Python 3.14.
• Dropped support for Python 3.8 and 3.9.

Commits

• a109daa Release 2026.3 (#222)
• 80dda25 field_errors_block.html: insert missing space between attributes (#221)
• e03c9b1 Dropped support for Django versions prior to 5.2. (#217)
• 7a95d7f Updated tests for Django 6.0.1. (#220)
• 7fd9389 PEP 639 licenses (#214)
• 271cfdb Fix TemplateDoesNotExist when using MultiField (#75) (#191)
• 1aed40a Updated supported versions. (#213)
• ef2ec5d Used PEP 735 Dependency Groups. (#211)
• See full diff in compare view

Updates dj-rest-auth from 7.1.0 to 7.1.1

Release notes

Sourced from dj-rest-auth's releases.

7.1.1 - Test compatibility fixes and documentation improvements

What's Changed

• Migrate documentation from Sphinx to MkDocs Material by @​iMerica in iMerica/dj-rest-auth#729
• Updates README by @​iMerica in iMerica/dj-rest-auth#730
• Fix test compatibility across allauth, simplejwt, and Django versions by @​iMerica in iMerica/dj-rest-auth#731

Full Changelog: iMerica/dj-rest-auth@7.1.0...7.1.1

Commits

• fd27fb8 Bumps to patch version
• cbcd310 Fix test compatibility across allauth, simplejwt, and Django versions (#731)
• 5c3b89e Updates README (#730)
• 75fd668 Ports Docs to MkDocs (#729)
• See full diff in compare view

Updates psycopg[c] from 3.3.2 to 3.3.3

Changelog

Sourced from psycopg[c]'s changelog.

.. currentmodule:: psycopg

.. index:: single: Release notes single: News

psycopg release notes

Current release

Psycopg 3.3.3 ^^^^^^^^^^^^^

• Retain Error.pgconn when raising a single exception for multiple connection attempt errors (:ticket:[#1246](https://github.com/psycopg/psycopg/issues/1246)).
• Return a proper error when server sends ErrorResponse for a Sync after a Parse (:ticket:[#1260](https://github.com/psycopg/psycopg/issues/1260)).

Psycopg 3.3.2 ^^^^^^^^^^^^^

Fix race condition in adapters at startup (:ticket:[#1230](https://github.com/psycopg/psycopg/issues/1230)).

Psycopg 3.3.1 ^^^^^^^^^^^^^

Fix iteration on server-side cursors (:ticket:[#1226](https://github.com/psycopg/psycopg/issues/1226)).

Psycopg 3.3.0

.. rubric:: New top-level features

• Add :ref:template strings queries \<template-strings> (:ticket:[#1054](https://github.com/psycopg/psycopg/issues/1054)).
• More flexible :ref:composite adaptation<adapt-composite>: it is now possible to adapt Python objects to PostgreSQL composites and back even if they are not sequences or if they take keyword arguments (:ticket:[#932](https://github.com/psycopg/psycopg/issues/932), 🎫[#1202](https://github.com/psycopg/psycopg/issues/1202)).
• Cursors are now iterators_, not just iterables_. This means you can call next\ (cur) or anext\ (cur), which is useful as a :ref:type-safe expression <typing-fetchone> (:ticket:[#1064](https://github.com/psycopg/psycopg/issues/1064)).
• Add Cursor.set_result() and Cursor.results() to move across the result sets of queries executed though ~Cursor.executemany() or ~Cursor.execute() with multiple statements (:tickets:[#1080](https://github.com/psycopg/psycopg/issues/1080), [#1170](https://github.com/psycopg/psycopg/issues/1170)).
• Add :ref:transaction-status to report the status during and after a ~Connection.transaction() block (:ticket:[#969](https://github.com/psycopg/psycopg/issues/969)).

... (truncated)

Commits

• 1a8f65a chore: bump psycopg package version to 3.3.3
• db3c435 Merge pull request #1260 from ggevay/sync-error-fix
• 0237586 Fix ValueError when server sends ErrorResponse during Sync after Parse
• cb97ef7 docs: fix typos
• 09c8918 Merge pull request #1256 from veeceey/fix/tstrings-error-msg-and-docs-improve...
• 9e74d96 fix: fix error message incorrectly generated by Claude AI
• 0db9d8b fix: correct typo in tstrings error message and fix sql.rst docs
• 86a0e1b chore(deps): bump pypa/cibuildwheel in the actions group
• f5d90fa Merge pull request #1233 from lysnikolaou/pgconn-critical-section
• d7dc6c7 Merge critical section and nogil blocks into one context manager
• Additional commits viewable in compare view

Updates werkzeug[watchdog] from 3.1.5 to 3.1.6

Release notes

Sourced from werkzeug[watchdog]'s releases.

3.1.6

This is the Werkzeug 3.1.6 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.6/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6

• safe_join on Windows does not allow special devices names in multi-segment paths. GHSA-29vq-49wr-vm6x

Changelog

Sourced from werkzeug[watchdog]'s changelog.

Version 3.1.6

Released 2026-02-19

• safe_join on Windows does not allow special devices names in multi-segment paths. :ghsa:29vq-49wr-vm6x

Commits

• 04da1b5 release version 3.1.6
• f407712 Merge commit from fork
• f54fe98 safe_join prevents Windows special device names in multi-segment paths
• d005985 start version 3.1.6
• 8565c2c document rule priority (#3102)
• 3febc7e document rule priority
• 2525b82 remove state machine docs
• 4abfbd5 rewrite build docstring (#3097)
• 161c18b rewrite build docstring
• 86e11c2 release version 3.1.5 (#3085)
• See full diff in compare view

Updates ruff from 0.15.1 to 0.15.4

Release notes

Sourced from ruff's releases.

0.15.4

Release Notes

Released on 2026-02-26.

This is a follow-up release to 0.15.3 that resolves a panic when the new rule PLR1712 was enabled with any rule that analyzes definitions, such as many of the ANN or D rules.

Bug fixes

• Fix panic on access to definitions after analyzing definitions (#23588)
• [pyflakes] Suppress false positive in F821 for names used before del in stub files (#23550)

Documentation

• Clarify first-party import detection in Ruff (#23591)
• Fix incorrect import-heading example (#23568)

Contributors

• @​stakeswky
• @​ntBre
• @​thejcannon
• @​GeObts

Install ruff 0.15.4

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.ps1 | iex"

Download ruff 0.15.4

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ruff-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
ruff-i686-pc-windows-msvc.zip	x86 Windows	checksum
ruff-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
ruff-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
ruff-i686-unknown-linux-gnu.tar.gz	x86 Linux	checksum
ruff-powerpc64-unknown-linux-gnu.tar.gz	PPC64 Linux	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.4

Released on 2026-02-26.

This is a follow-up release to 0.15.3 that resolves a panic when the new rule PLR1712 was enabled with any rule that analyzes definitions, such as many of the ANN or D rules.

Bug fixes

• Fix panic on access to definitions after analyzing definitions (#23588)
• [pyflakes] Suppress false positive in F821 for names used before del in stub files (#23550)

Documentation

• Clarify first-party import detection in Ruff (#23591)
• Fix incorrect import-heading example (#23568)

Contributors

• @​stakeswky
• @​ntBre
• @​thejcannon
• @​GeObts

0.15.3

Released on 2026-02-26.

Preview features

• Drop explicit support for .qmd file extension (#23572)

  This can now be enabled instead by setting the extension option:

  # ruff.toml
  extension = { qmd = "markdown" }
  pyproject.toml
  [tool.ruff]
  extension = { qmd = "markdown" }

• Include configured extensions in file discovery (#23400)

• [flake8-bandit] Allow suspicious imports in TYPE_CHECKING blocks (S401-S415) (#23441)

• [flake8-bugbear] Allow B901 in pytest hook wrappers (#21931)

• [flake8-import-conventions] Add missing conventions from upstream (ICN001, ICN002) (#21373)

... (truncated)

Commits

• f14edd8 Bump 0.15.4 (#23595)
• fd09d37 Fix panic on access to definitions after analyzing definitions (#23588)
• 81d655f [pyflakes] suppress false positive in F821 for names used before del in...
• 625b4f5 [ruff] docs: Clarify first-party import detection in Ruff (#23591)
• 60facfa one word typo fix in a while_loop.md test case (#23589)
• fbb9fa7 docs: fix incorrect import-heading example (#23568)
• 5bc49a9 Increase the ruleset size to 16 bits (#23586)
• a62ba8c [ty] Fix overloaded callable assignability for unary Callable targets (#23277)
• e5f2f36 Bump 0.15.3 (#23585)
• 0e19fc9 [ty] defer calculating conjunctions in narrowing constraints (#23552)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (79b3f40) to head (e425249).
⚠️ Report is 7 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff            @@
##            master      #306   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           49        49           
  Lines         2010      2010           
=========================================
  Hits          2010      2010           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.