Update Python dependencies (16/edge)

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
boto3	^1.43.10 → ^1.43.14
ruff (source, changelog)	^0.15.13 → ^0.15.14
ty (changelog)	^0.0.37 → ^0.0.39

---

Release Notes

boto/boto3 (boto3)

v1.43.14

Compare Source

=======

• api-change:datazone: [botocore] Add support for VPC connection
• api-change:ec2: [botocore] The ModifyInstanceAttribute API now supports modification of EnclaveOptions for the instance as a typed parameter.
• api-change:gameliftstreams: [botocore] Added new Gen6 stream classes based on the EC2 G6e instance family. These classes are designed for streaming high-fidelity, graphically demanding games and applications that benefit from additional GPU memory and performance.
• api-change:invoicing: [botocore] Adds support for idempotency with a new ClientToken field for the CreateInvoiceUnit, DeleteInvoiceUnit, UpdateInvoiceUnit, DeleteProcurementPortalPreference, PutProcurementPortalPreference, and UpdateProcurementPortalPreferenceStatus APIs.
• api-change:pi: [botocore] Added ListPerformanceAnalysisReportRecommendations API to retrieve recommendations for a performance analysis report. Added analysis configuration support to CreatePerformanceAnalysisReport for enhanced analysis types such as vacuum analysis.
• api-change:qconnect: [botocore] Added guardrail assessment results to inference spans in the ListSpans API. You can now see which AI Guardrail policies were evaluated, whether content was blocked or masked, and per-policy details for each Bedrock Converse call
• api-change:securityagent: [botocore] Adds support for verification scripts on penetration test findings. Customers can now download executable scripts to independently reproduce confirmed vulnerabilities, with instructions and required environment variables provided for each finding.
• enhancement:s3: [botocore] Improve caching of S3 endpoints, which should improve performance when working with multiple keys in the same bucket

v1.43.13

Compare Source

=======

• api-change:batch: [botocore] Clarified CreateComputeEnvironment parameter requirements - serviceRole is required for UNMANAGED compute environments, allocationStrategy is required for EKS compute environments, and compute environments must be created in the ENABLED state.
• api-change:bedrock-agentcore-control: [botocore] Adds dataset management APIs for creating, versioning, and managing evaluation datasets.
• api-change:cleanrooms: [botocore] Collaboration creators can update payment configurations without recreating the collaboration. When multiple payer candidates are configured for a cost type, analysis runners can specify the actual payer at submission time, providing granular control over billing.
• api-change:cleanroomsml: [botocore] Collaboration creators can update payment configurations without recreating the collaboration. When multiple payer candidates are configured for a cost type, analysis runners can specify the actual payer at submission time, providing granular control over billing.
• api-change:evs: [botocore] A new GetDepotUrl API has been added to retrieve a URL for accessing Amazon EVS custom addon packages. Customers can use this URL to configure vSphere Lifecycle Manager (vLCM) as an online depot source, enabling upgrades of addon components across ESXi hosts.
• api-change:mediaconnect: [botocore] Adds support for controlling the timecode source of NDI flow outputs.
• api-change:sagemaker: [botocore] Add support for disabling home EFS file system creation on SageMaker domains.
• api-change:verifiedpermissions: [botocore] Support hard deleting policy store aliases. Users can now delete an alias and immediately reassign it to a different policy store without waiting for the soft-delete retention period.

v1.43.12

Compare Source

=======

• api-change:bedrock-runtime: [botocore] Supporting Request Metadata for Invoke Model and Invoke Model with Response Stream
• api-change:customer-profiles: [botocore] Amazon Connect Customer Profiles adds support for item catalog columns in RecommenderSchema, ExcludedColumns in Create and Update Recommender to specify columns to exclude from training, and the ability to disable automatic retraining by setting TrainingFrequency to 0.
• api-change:kms: [botocore] AWS KMS now supports creating grants for AWS service principals using new GranteeServicePrincipal and RetiringServicePrincipal parameters. This release adds SourceArn grant constraint and three condition keys for controlling CreateGrant access. For more information, see Grants in AWS KMS.
• api-change:mwaa: [botocore] Updated API documentation to describe the PublicAndPrivate webserver access mode.
• api-change:payment-cryptography-data: [botocore] GenerateAuthRequestCryptogram API launch.

v1.43.11

Compare Source

=======

• api-change:bedrock-agentcore: [botocore] Add RetryableConflictException (HTTP 409) to InvokeAgentRuntime and StopRuntimeSession to prevent orphaned VMs during concurrent session access. The SDK automatically retries this exception with backoff. Enforcement is not yet active and will be enabled in a future service update.
• api-change:devops-agent: [botocore] Added a new serviceType mcpserversigv4 service and association. This provides feature to register MCP sigv4 authorization based MCPs
• api-change:grafana: [botocore] Introduce degraded workspace status as a possible Amazon Managed Grafana workspace status, and a new field named degraded workspace reason which informs customers why the workspace is degraded in the DescribeWorkspace API response.
• api-change:guardduty: [botocore] Adding support for exposure and vulnerability context from AWS Security Hub in GuardDuty Extended Threat Detection attack sequence findings.
• api-change:rtbfabric: [botocore] This release is to deprecate 'inboundLinksCount' field in GetResponderGateway response and introduce the new field 'linksRequestedCount' to replace it.
• api-change:sagemaker: [botocore] Add support for ml.p5.4xlarge and ml.p5en.48xlarge instances on SageMaker Notebook Instances Platform.

astral-sh/ruff (ruff)

v0.15.14

Compare Source

Released on 2026-05-21.

Preview features

• [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#​25152)
• [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#​25086)
• [pylint] Implement too-many-try-statements (W0717) (#​23970)
• [ruff] Add incorrect-decorator-order (RUF074) (#​23461)
• [ruff] Add fallible-context-manager (RUF075) (#​22844)

Bug fixes

• Fix lambda formatting in interpolated string expressions (#​25144)
• Treat generic frozenset annotations as immutable (#​25251)
• [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#​25035)
• [pylint] Avoid false positives in else clause (PLR1733) (#​25177)

Rule changes

• [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#​25272)
• [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#​25061)

Performance

• Avoid unnecessary parser lookahead for operators (#​25290)

Documentation

• Update code example setting Neovim LSP log level (#​25284)

Other changes

• Add full PEP 798 support (#​25104)
• Add a parser recursion limit (#​24810)
• Update various ruff_python_stdlib APIs (#​25273)

Contributors

• @​ocaballeror
• @​lerebear
• @​samuelcolvin
• @​baltasarblanco
• @​aconal-com
• @​anishgirianish
• @​JelleZijlstra
• @​AlexWaygood
• @​ntBre
• @​adityasingh2400
• @​charliermarsh
• @​Dev-iL
• @​neutrinoceros
• @​shivamtiwari3
• @​Dev-X25874

astral-sh/ty (ty)

v0.0.39

Compare Source

Released on 2026-05-22.

This release removes the Python 3.9 branches from our vendored standard library stubs. ty now only has "full" support for
Python 3.10 and later, but will still report version-specific syntax errors and other diagnostics when --python-version 3.9
is provided via the CLI.

Bug fixes

• Avoid panicking on __new__ assignments to classes (#​25282)
• Preserve declaration order when synthesizing class fields (#​25249)
• Respect dict-compatible fallbacks in TypedDict unions (#​25242)
• Retain recursively-defined state in binary expressions (#​25277)

LSP server

• Add Quick Fix to remove redundant cast (#​25211)
• Classify property declaration semantic tokens (#​25322)
• Escape HTML syntax in docstring rendering (#​25247)
• Prefer symbols from standard library over those of the same name from third party libraries for import completions. (#​25108)
• Support type aliases in document symbols (#​25302)

Diagnostics

• Add error context for extra callable parameters (#​25269)

Performance

• Avoid exponential blow-up in fall-through narrowing (#​25278)
• Speed up include filtering for projects with many literal include patterns (#​25266)

Core type checking

• Allow enum member accesses on self (#​25077)
• Emit a diagnostic for subclassing with order=True (#​21704)
• Full-scope bidirectional inference for unconstrained container literals (#​25279)
• Infer dict(TypedDict) as dict[str, object] (#​24852)
• Refine Callable class-decorator fallback for unknown results (#​25250)
• Reject incompatible explicit variance in generic base classes (#​25327)
• Support multi-inference through type aliases (#​25245)
• Sync vendored typeshed stubs (#​25271, #​25172)

Contributors

• @​ibraheemdev
• @​MatthewMckee4
• @​sqqueak
• @​lerebear
• @​sharkdp
• @​dhimasardinata
• @​MichaReiser
• @​charliermarsh

v0.0.38

Compare Source

Released on 2026-05-19.

Bug fixes

• Fix panic in enum literal during cycle recovery (#​25237)
• Fix panic from lazy NewType base expansion during cycle recovery (#​25234)
• Fix class-body global lookup before class binding (#​25224)
• Handle aliased dict fallbacks in TypedDict unions (#​25241)
• Ignore _generate_next_value_ with custom construction hooks (#​25210)

LSP server

• Fix find references for except handlers (#​25231)
• Preserve delimiters when folding expressions (#​24999)
• Use incremental file walk on .gitignore changes (#​25183)

Core type checking

• Add first-class support for enum complements (#​24961)
• Allow known non-field writes on frozen dataclass subclasses (#​25087)
• Ignore generic specialization in layout compatibility checks (#​25178)
• Preserve short-circuit bindings in all condition consumers (#​25160)
• Support class decorators (#​25091)
• Support custom _generate_next_value_ methods in enums (#​25196)

Contributors

• @​MatthewMckee4
• @​MichaReiser
• @​charliermarsh
• @​lerebear
• @​thejchap

---

Configuration

📅 Schedule: (in timezone Etc/UTC)

• Branch creation
  • Between 01:00 AM and 07:59 AM, only on Tuesday (* 1-7 * * 2)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.