Update Python dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
poethepoet (changelog)	==0.45.0 → ==0.46.0
ruff (source, changelog)	==0.15.12 → ==0.15.13
tombi	==0.11.1 → ==0.11.5
ty (changelog)	==0.0.35 → ==0.0.37
types-grpcio (changelog)	==1.0.0.20260508 → ==1.0.0.20260518
types-protobuf (changelog)	==7.34.1.20260508 → ==7.34.1.20260518
uvicorn (changelog)	==0.46.0 → ==0.47.0
zensical (changelog)	==0.0.41 → ==0.0.42

---

Release Notes

nat-n/poethepoet (poethepoet)

v0.46.0: 0.46.0

Compare Source

Enhancements

• Experimental Claude Code skill and bump-version task by @​nat-n in #​387
• Use AST parser for all templating by @​nat-n in #​386

Fixes

• Make uv and poetry executors check for bat files to handle shutdown quirks on windows by @​nat-n in #​385
• Strip underscore prefix in documentation for private positional args by @​nat-n in #​383
• Use AST for $POE_EXTRA_ARGS detection and cache parsed content by @​nat-n in #​388

Experimental agent skill

This release ships an experimental agent skill that gives AI coding agents contextual knowledge of poe's task API when working in projects that use it. It works with any agent that supports the skills convention and aims to improve agent abilities when it comes to leveraging and authoring poe tasks.

Please try it out and provide feedback!

Two install methods:

1. Via a built in poe task (similar to how shell completions are installed):

poe _install_skill                          # auto-detects .claude/.codex/.pi/.agents and prompts
poe _install_skill ~/.claude/skills         # explicit path (substitute your agent's dir)
poe _install_skill <skills-dir> --upgrade   # non-interactive upgrade (skips if same/newer)

2. From github via npx skills

npx skills add https://github.com/nat-n/poethepoet/tree/v0.46.0/poethepoet/skills/poethepoet

Full Changelog: nat-n/poethepoet@v0.45.0...v0.46.0

astral-sh/ruff (ruff)

v0.15.13

Compare Source

Released on 2026-05-14.

Preview features

• Add a rule to flag lazy imports that are eagerly evaluated (#​25016)
• [pylint] Standardize diagnostic message (PLR0914, PLR0917) (#​24996)

Bug fixes

• Fix F811 false positive for class methods (#​24933)
• Fix setting selection for multi-folder workspace (#​24819)
• [eradicate] Fix false positive for lines with leading whitespace (ERA001) (#​25122)
• [flake8-pyi] Fix false positive for f-string debug specifier (PYI016) (#​24098)

Rule changes

• Always include panic payload in panic diagnostic message (#​24873)
• Restrict PYI034 for in-place operations to enclosing class (#​24511)
• Improve error message for parameters that are declared global (#​24902)
• Update known stdlib (#​25103)

Performance

• [isort] Avoid constructing glob::Patterns for literal known modules (#​25123)

CLI

• Add TOML examples to --config help text (#​25013)
• Colorize ruff check 'All checks passed' (#​25085)

Configuration

• Increase max allowed value of line-length setting (#​24962)

Documentation

• Add D203 to rules that conflict with the formatter (#​25044)
• Clarify COM819 and formatter interaction (#​25045)
• Clarify that NotImplemented is a value, not an exception (F901) (#​25054)
• Update number of lint rules supported (#​24942)

Other changes

• Simplify the playground's markdown template (#​24924)

Contributors

• @​MichaReiser
• @​brian-c11
• @​Andrej730
• @​denyszhak
• @​darestack
• @​sharkdp
• @​charliermarsh
• @​EkriirkE
• @​eyupcanakman
• @​Hrk84ya
• @​thernstig
• @​ntBre

tombi-toml/tombi (tombi)

v0.11.5

Compare Source

What's Changed

🐛 Bug Fixes

• Fix hover panic for schema defaults containing null by @​ya7010 in #​1891

🛠️ Other Changes

• Revert "zed-v0.2.5" by @​ya7010 in #​1887

Full Changelog: tombi-toml/tombi@v0.11.4...v0.11.5

v0.11.4

Compare Source

What's Changed

🛠️ Other Changes

• [codex] Update pyproject schema tool definitions by @​ya7010 in #​1886

Full Changelog: tombi-toml/tombi@v0.11.3...v0.11.4

v0.11.3

Compare Source

What's Changed

🛠️ Other Changes

• chore: remove unused command by @​ya7010 in #​1884
• clippy: fix ptr_cast_constness lint by @​xtqqczze in #​1875

Full Changelog: tombi-toml/tombi@v0.11.2...v0.11.3

v0.11.2

Compare Source

What's Changed

🛠️ Other Changes

• chore: update tooltip to include source of Tombi binary by @​ya7010 in #​1877
• feat(vscode): add status bar action picker by @​ya7010 in #​1880
• update: vscode by @​ya7010 in #​1881
• chore: vscode select list. by @​ya7010 in #​1882
• chore: add icon. by @​ya7010 in #​1883

Full Changelog: tombi-toml/tombi@v0.11.1...v0.11.2

astral-sh/ty (ty)

v0.0.37

Compare Source

Released on 2026-05-16.

Bug fixes

• Avoid unsound not in narrowing (#​25161)
• Fix async iteration over narrowed typevars (#​25155)
• Fix panic in double-inference for single starred positional TypedDict (#​25176)
• Fix panic in disjoint base check (#​25187)
• Fix panic in recursive binary inference (#​25189)
• Fix panic in cyclic __new__ (#​25185)
• Fix panic in reveal_protocol, reveal_mro, etc. with keyword arguments (#​25179)
• Fix panic in imported overload definition (#​25168)

LSP server

• Don't show argument inlay for case-insensitive matches or prefix/suffixes (#​25174)
• Reduce CPU usage of the LSP when switching between large changesets (#​25142)

Core type checking

• Avoid enforcing __new__ with custom metaclasses (#​25180)
• Make overload public type reachability-aware (#​25171)
• Only specialized types of generic class instances should influence variance (#​25124)
• Preserve ParamSpec argument context through wrapper calls (#​24934)
• Support partially specialized type context for collection literals (#​24506)

Contributors

• @​RasmusNygren
• @​MichaReiser
• @​charliermarsh
• @​ibraheemdev

v0.0.36

Compare Source

Released on 2026-05-14.

Bug fixes

• Fix Go To-Definition for self-imported submodules (#​25106)
• Fix ClassVar[Self] assignment checks for class objects (#​24657)
• Fix attribute access on Callable-bounded TypeVars (#​24793)
• Fix panic from TypedDict schema cycle with Self fields (#​25094)
• Fix panic from accessing args[0] for static_assert (#​25149)
• Fix panic from non-name walrus target access (#​25121)
• Fix singleton classification for runtime typing objects (#​25099)
• Guard self-referential TypeOf recursion in generic callables (#​24668)
• Preserve lexical ParamSpec scope for returned Callable annotations (#​24909)
• Preserve walrus bindings through negated short-circuit conditions (#​25163)
• Run full iteration analysis on narrowed typevars (#​25143)

LSP server

• Classify TypeVar semantic tokens as type parameters (#​24891)
• Emit folding ranges for an entire block (#​25113)
• Respect the includeDeclaration request parameter (#​24960)
• Support TypedDict key completions in incomplete, anonymous contexts (#​25147)

Performance

• Bound loop-header analysis for large loops (#​24972)
• Convert inference hash maps to boxed slices on finish (#​25102)

Core type checking

• Add support for sentinel values (PEP 661) (#​25082)
• Hoist path assignment implication checks (#​25107)
• Preserve TypedDict keys through dict unpacking (#​24523)
• Treat custom enum __new__ values as dynamic (#​25136)

Contributors

• @​RasmusNygren
• @​charliermarsh
• @​JelleZijlstra
• @​Minibrams
• @​lerebear
• @​denyszhak
• @​MichaReiser

Kludex/uvicorn (uvicorn)

v0.47.0: Version 0.47.0

Compare Source

What's Changed

• Eagerly import the ASGI app in the parent process by @​Kludex in #​2919
• Add ssl_context_factory for custom SSLContext configuration by @​Kludex in #​2920
• Treat fd=0 as a valid file descriptor with reload/workers by @​eltoder in #​2927

Full Changelog: Kludex/uvicorn@0.46.0...0.47.0

zensical/zensical (zensical)

v0.0.42: 0.0.42

Compare Source

Summary

This version includes a number of bug fixes and refactorings to improve the stability and accuracy of link validation, and fixes a reload loop when the custom_dir, which is auto-watched, is explicitly added to watch. Moreover, GLightbox is now only downloaded when needed, which fixes an issue when using Zensical in air-gapped environments.

Changelog

Bug fixes

• 6b54e14 ui – update ui to v0.0.18
• cdee1e8 zensical – disabling link validation doesn't disable link and reference collection (#​659)
• 4355dad compat – harden link validation for files with CRLF line endings
• a418c6b compat – link validation doesn't ignore fenced code blocks when \r is present
• b31dd14 compat – $ at end of line breaks link validation (#​659)
• 17c67a2 compat – remove abbreviations from table of contents (#​669)
• 6eb2f4d compat – reserve theme name zensical
• a5a8641 zensical – only wait for config update after a first successful build (#​670)
• 8207554 compat – don't consider [] and [][] link references (#​663)
• c338b27 compat – two backticks with no closing run trip up link parser (#​663, #​665)
• d707aa9 compat – prevent reload loop by de-duplicating watched theme files (#​655)

Refactorings

• 53f593f compat – avoid mutating configurations list
• a77087a compat – reorganize config module

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.