Skip to content

chore(deps): update osv-lib#5563

Open
renovate-bot wants to merge 1 commit into
google:masterfrom
renovate-bot:renovate/osv-lib
Open

chore(deps): update osv-lib#5563
renovate-bot wants to merge 1 commit into
google:masterfrom
renovate-bot:renovate/osv-lib

Conversation

@renovate-bot

@renovate-bot renovate-bot commented Jun 23, 2026

Copy link
Copy Markdown
Collaborator

This PR contains the following updates:

Package Change Age Confidence
google-cloud-storage (source) 3.11.03.12.0 age confidence
grpcio-tools 1.81.01.81.1 age confidence
hypothesis (changelog) 6.155.26.155.7 age confidence
pygit2 (changelog) 1.19.21.19.3 age confidence
pylint (changelog) 4.0.54.0.6 age confidence

Release Notes

googleapis/google-cloud-python (google-cloud-storage)

v3.12.0: google-cloud-storage: v3.12.0

Compare Source

Features
  • full object checksum: implement rolling checksum and verification in reads resumption strategy (#​17262) (2361ba6e)

  • Enable full object checksum PR 1/3 : parse finalize_time and server crc32c in async object stream (#​17261) (72c7a272)

  • full object checksum: integrate full-object checksum in AsyncMultiRangeDownloader (#​17263) (b6a85e49)

HypothesisWorks/hypothesis (hypothesis)

v6.155.7: Hypothesis version 6.155.7

Compare Source

This patch fixes a thread-safety bug where concurrent use of the same
strategy instance could error in rare cases. (issue #​4475).

The canonical version of these notes (with links) is on readthedocs.

v6.155.6: Hypothesis version 6.155.6

Compare Source

This patch replaces some internal "%"-style string formatting with
f-strings. There is no user-visible change.

The canonical version of these notes (with links) is on readthedocs.

v6.155.5: Hypothesis version 6.155.5

Compare Source

"dates()" now raises "InvalidArgument" if a "datetime" is passed as
"min_value" or "max_value". Because "datetime" is a subclass of
"date", such bounds were previously accepted and then failed with a
confusing "TypeError" while generating examples.

The canonical version of these notes (with links) is on readthedocs.

v6.155.4: Hypothesis version 6.155.4

Compare Source

This patch removes a stray "print()" which fired whenever a "dates()"
filter was rewritten.

The canonical version of these notes (with links) is on readthedocs.

v6.155.3: Hypothesis version 6.155.3

Compare Source

When using an alternative backend (such as hypothesis-crosshair),
Hypothesis no longer emits a "test_case" observation for an iteration
that the backend aborts via "BackendCannotProceed" before the test
body runs
. Previously such an iteration -- for example when the
crosshair backend has exhausted its search paths -- could surface as a
spurious, draw-less "passed" observation with an empty representation,
even though the engine already discards the iteration entirely.

The canonical version of these notes (with links) is on readthedocs.

libgit2/pygit2 (pygit2)

v1.19.3

Compare Source

pylint-dev/pylint (pylint)

v4.0.6

Compare Source

What's new in Pylint 4.0.6?

Release date: 2026-06-14

False Positives Fixed

  • implicit-str-concat is no longer emitted for an implicit concatenation of
    a raw string with a non-raw one (e.g. r"\d" "\n"). Such literals cannot be
    merged into a single string, so the concatenation is intentional rather than a
    forgotten comma.

    Closes #​6663

  • Fix a false positive for invalid-name (C0103) where the default
    typevar-rgx rejected TypeVar names containing digits, such as
    Ec2T.

    Closes #​8499

  • Fix a false positive for too-many-arguments in (non-static) methods and classmethods.

    Closes #​8675

  • Fix a false positive for no-member when a value is inferred to several
    possible types and at least one of them defines a dynamic __getattr__.

    Closes #​9833

  • Fix a false positive for function-redefined (E0102) when reusing names that
    match dummy-variables-rgx (such as _), which is common for
    pytest-bdd step definitions. This restores the behavior from before pylint
    4.0.0; as a consequence the false negative fixed in #​9894 is reintroduced for
    functions whose name matches dummy-variables-rgx.

    Closes #​10665

  • Fix undefined-variable false positive when a name used as a metaclass
    argument in a nested class is referenced again later in the module.

    Closes #​10823

  • Fix a false positive for unused-variable where global variables matching
    dummy-variables-rgx were still reported as unused when
    allow-global-unused-variables was disabled.

    Closes #​10890

  • Fix a false positive for bad-dunder-name when there is a user-defined __suppress_context__ attribute on exception subclasses.

    Closes #​10960

  • Fix used-before-assignment false positive for names bound by from X import * in every branch of an if/elif/else chain.

    Refs #​10980

  • Check for metaclass call signature when evaluating arguments of a class call.

    Closes #​11032

  • Fix false positive method-hidden when cached_property is imported directly with from functools import cached_property.

    Refs #​11037

Other Bug Fixes

  • Fix the suggestion of unnecessary-comprehension for a dict comprehension
    that iterates a dict directly, e.g. {a: b for a, b in d}. Iterating a dict
    yields its keys, so the suggestion is now dict(d.keys()) instead of the
    incorrect dict(d), which would simply copy d.

    Closes #​8256

  • Fix a crash in consider-using-enumerate when the for loop target is an attribute (e.g. for self.idx in range(len(x))) rather than a simple variable name.

    Closes #​10099

  • Fix crash when checking attribute-defined-outside-init on classes that inherit from a base class pylint cannot fully analyze.

    Closes #​10892

  • Fix add_message silently overwriting an explicit col_offset=0 (or any other zero-valued line/end_lineno/end_col_offset) with the AST node's value. The internal _add_one_message helper used a falsey check (if not col_offset:) to detect an omitted argument, which incorrectly treated a legitimate 0 the same as None. It now uses an identity check against None.

    Refs #​11020

  • Fix a crash in the name checker when a non-constant value is passed as the covariant or contravariant argument of a TypeVar.

    Closes #​11022

  • Fix a crash in the variable checker when a name resolves to a dataclass-synthesized __init__, which has no line number.

    Closes #​11023

  • Fix a crash in the variables checker when NotImplemented is used as the test of an if statement, which raised a TypeError in a boolean context on Python 3.14.

    Closes #​11025

  • Avoided a crash from the implicit booleaness checker for len() calls without arguments.

    Closes #​11028

  • Fix a crash in the variables checker when a class declares a metaclass whose
    attribute-access chain does not bottom out at a name (e.g.
    class C(metaclass=None._)).
    Originally reported as pylint-dev/astroid#3066.

    Refs #​11031

  • Fix a crash in the name checker when a chained assignment of a TypeAlias
    value has a non-name target such as a Subscript (for example
    a[0] = b = TypeAlias).

    Closes #​11056

  • Fix a crash in the deprecated checker when __import__ is called with a
    non-string constant argument (for example __import__(1)).

    Closes #​11059

  • Avoid crashing when enum member inference fails while checking enum subclasses.

    Closes #​11069

  • Prevent a crash in unexpected-keyword-arg analysis when
    infer_call_result() raises InferenceError while inspecting
    decorator return signatures.

    Closes #​11070

  • Fix a crash in the typecheck checker when a class uses a non-class object
    (for example a function) as its metaclass= argument.

    Closes #​11071

  • Allow digits in ParamSpec and TypeVarTuple names for invalid-name check.

    The default paramspec-rgx and typevartuple-rgx patterns rejected names
    containing digits (e.g. Ec2P, S3Ts), emitting a false invalid-name
    (C0103). Allow digits in the lowercase segments, consistent with the
    typevar and typealias patterns.

    Closes #​11090

Performance Improvements

  • The duplicate-code checker no longer runs when its message (R0801) is disabled, even if reports=yes is set. Previously, the checker's report (RP0801) would cause the expensive similarity computation to run regardless.

    Closes #​3443


Configuration

📅 Schedule: (in timezone Australia/Sydney)

  • Branch creation
    • "before 6am on wednesday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@forking-renovate forking-renovate Bot added the dependencies Pull requests that update a dependency file label Jun 23, 2026
@renovate-bot renovate-bot force-pushed the renovate/osv-lib branch 3 times, most recently from 1546eac to fac3eff Compare June 26, 2026 16:57
@renovate-bot renovate-bot force-pushed the renovate/osv-lib branch 2 times, most recently from 1c82867 to fc672e6 Compare July 3, 2026 21:04
@forking-renovate

Copy link
Copy Markdown

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pyproject.toml
Artifact update for hypothesis resolved to version 6.156.1, which is a pending version that has not yet passed the Minimum Release Age threshold.
Renovate was attempting to update to 6.155.7
This is (likely) not a bug in Renovate, but due to the way your project pins dependencies, _and_ how Renovate calls your package manager to update them.
Until Renovate supports specifying an exact update to your package manager (https://github.com/renovatebot/renovate/issues/41624), it is recommended to directly pin your dependencies (with `rangeStrategy=pin` for apps, or `rangeStrategy=widen` for libraries)
See also: https://docs.renovatebot.com/dependency-pinning/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant