Update dependency ruff from 0.4.10 to v0.5.0 (requirements-lint.txt)

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
ruff (source, changelog)	==0.4.10 -> ==0.5.0

---

Release Notes

astral-sh/ruff (ruff)

v0.5.0

Compare Source

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

See also, the "Remapped rules" section which may result in disabled rules.

• Follow the XDG specification to discover user-level configurations on macOS (same as on other Unix platforms)
• Selecting ALL now excludes deprecated rules
• The released archives now include an extra level of nesting, which can be removed with --strip-components=1 when untarring.
• The release artifact's file name no longer includes the version tag. This enables users to install via /latest URLs on GitHub.

Deprecations

The following rules are now deprecated:

• syntax-error (E999): Syntax errors are now always shown

Remapped rules

The following rules have been remapped to new rule codes:

• blocking-http-call-in-async-function: ASYNC100 to ASYNC210
• open-sleep-or-subprocess-in-async-function: ASYNC101 split into ASYNC220, ASYNC221, ASYNC230, and ASYNC251
• blocking-os-call-in-async-function: ASYNC102 has been merged into ASYNC220 and ASYNC221
• trio-timeout-without-await: TRIO100 to ASYNC100
• trio-sync-call: TRIO105 to ASYNC105
• trio-async-function-with-timeout: TRIO109 to ASYNC109
• trio-unneeded-sleep: TRIO110 to ASYNC110
• trio-zero-sleep-call: TRIO115 to ASYNC115
• repeated-isinstance-calls: PLR1701 to SIM101

Stabilization

The following rules have been stabilized and are no longer in preview:

• mutable-fromkeys-value (RUF024)
• default-factory-kwarg (RUF026)
• django-extra (S610)
• manual-dict-comprehension (PERF403)
• print-empty-string (FURB105)
• readlines-in-for (FURB129)
• if-expr-min-max (FURB136)
• bit-count (FURB161)
• redundant-log-base (FURB163)
• regex-flag-alias (FURB167)
• isinstance-type-none (FURB168)
• type-none-comparison (FURB169)
• implicit-cwd (FURB177)
• hashlib-digest-hex (FURB181)
• list-reverse-copy (FURB187)
• bad-open-mode (PLW1501)
• empty-comment (PLR2044)
• global-at-module-level (PLW0604)
• misplaced-bare-raise (PLE0744)
• non-ascii-import-name (PLC2403)
• non-ascii-name (PLC2401)
• nonlocal-and-global (PLE0115)
• potential-index-error (PLE0643)
• redeclared-assigned-name (PLW0128)
• redefined-argument-from-local (PLR1704)
• repeated-keyword-argument (PLE1132)
• super-without-brackets (PLW0245)
• unnecessary-list-index-lookup (PLR1736)
• useless-exception-statement (PLW0133)
• useless-with-lock (PLW2101)

The following behaviors have been stabilized:

• is-literal (F632) now warns for identity checks against list, set or dictionary literals
• needless-bool (SIM103) now detects if expressions with implicit else branches
• module-import-not-at-top-of-file (E402) now allows os.environ modifications between import statements
• type-comparison (E721) now allows idioms such as type(x) is int
• yoda-condition (SIM300) now flags a wider range of expressions

Removals

The following deprecated settings have been removed:

• output-format=text; use output-format=concise or output-format=full
• tab-size; use indent-width

The following deprecated CLI options have been removed:

• --show-source; use --output-format=full
• --no-show-source; use --output-format=concise

The following deprecated CLI commands have been removed:

• ruff <path>; use ruff check <path>
• ruff --clean; use ruff clean
• ruff --generate-shell-completion; use ruff generate-shell-completion

Preview features

• [ruff] Add assert-with-print-message rule (#​11981)

CLI

• Use rule name rather than message in --statistics (#​11697)
• Use the output format full by default (#​12010)
• Don't log syntax errors to the console (#​11902)

Rule changes

• [ruff] Fix false positives if gettext is imported using an alias (RUF027) (#​12025)
• [npy] Update trapz and in1d deprecation (NPY201) (#​11948)
• [flake8-bandit] Modify diagnostic ranges for shell-related rules (#​10667)

Server

• Closing an untitled, unsaved notebook document no longer throws an error (#​11942)
• Support the usage of tildes and environment variables in logFile (#​11945)
• Add option to configure whether to show syntax errors (#​12059)

Bug fixes

• [pycodestyle] Avoid E203 for f-string debug expression (#​12024)
• [pep8-naming] Match import-name ignores against both name and alias (N812, N817) (#​12033)
• [pyflakes] Detect assignments that shadow definitions (F811) (#​11961)

Parser

• Emit a syntax error for an empty type parameter list (#​12030)
• Avoid consuming the newline for unterminated strings (#​12067)
• Do not include the newline in the unterminated string range (#​12017)
• Use the correct range to highlight line continuation errors (#​12016)
• Consider 2-character EOL before line continuations (#​12035)
• Consider line continuation character for re-lexing (#​12008)

Other changes

• Upgrade the Unicode table used for measuring the line-length (#​11194)
• Remove the deprecation error message for the nursery selector (#​10172)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The proposed changes in this pull request update the Ruff linting tool version from 0.4.10 to 0.5.0 in the requirements-lint.txt file. This is a minor version update, which typically includes bug fixes, improvements, and potentially new features. From an application security perspective, this change does not appear to introduce any immediate security concerns, as linting tools are not directly part of the application's core functionality.

However, it is important to review the release notes or change log for the new Ruff version to ensure that there are no known security vulnerabilities or issues that could impact the application's security. Additionally, it is recommended to thoroughly test the updated linting tool in a non-production environment before merging the changes to the main codebase. Overall, this code change seems straightforward and does not raise any significant application security concerns, but it is essential to maintain vigilance and ensure the ongoing security of the application.

Files Changed:

• requirements-lint.txt: This file is a configuration file for the Ruff linting tool. The changes in this pull request update the Ruff version from 0.4.10 to 0.5.0, which is a minor version update. While this change does not introduce any immediate security concerns, it is important to review the release notes and thoroughly test the updated linting tool to ensure that there are no security-related issues introduced.

Powered by DryRun Security

[cneill]

Looks like we may want to update our ruff.toml to rename TRIO to ASYNC (per their migration blog post)

We may also want to pick either Renovate or Dependabot to manage requirements-lint.txt since they both create PRs for all ruff bumps (e.g. Dependabot's #10471 for this one)

[mtesauro]

Looks like we may want to update our ruff.toml to rename TRIO to ASYNC (per their migration blog post)

We may also want to pick either Renovate or Dependabot to manage requirements-lint.txt since they both create PRs for all ruff bumps (e.g. Dependabot's #10471 for this one)

@Maffooch You good to do ☝️ when you get a chance?

[mtesauro]

Approved