deps: bump the python-dependencies group with 2 updates

[dependabot]

Updates the requirements on ruff and uv-build to permit the latest version.
Updates ruff to 0.15.20

Release notes

Sourced from ruff's releases.

0.15.20

Release Notes

Released on 2026-06-25.

Preview features

• Allow human-readable names in rule selectors (#25887)
• Emit a warning instead of an error for unknown rule selectors (#26113)
• Match noqa shebang handling in ruff:ignore comments (#26286)
• [ruff] Remove pytest-fixture-autouse (RUF076) (#26240, #26371)

Documentation

• Add versioning sections to custom crate READMEs (#26317)
• Update ruff_python_parser README for crates.io (#26315)
• [perflint] Clarify that PERF402 applies to any iterable (#26242)

Contributors

• @​dhruvmanila
• @​MichaReiser
• @​ntBre
• @​trilamsr

Install ruff 0.15.20

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.ps1 | iex"

Download ruff 0.15.20

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ruff-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
ruff-i686-pc-windows-msvc.zip	x86 Windows	checksum
ruff-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
ruff-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
ruff-i686-unknown-linux-gnu.tar.gz	x86 Linux	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.20

Released on 2026-06-25.

Preview features

• Allow human-readable names in rule selectors (#25887)
• Emit a warning instead of an error for unknown rule selectors (#26113)
• Match noqa shebang handling in ruff:ignore comments (#26286)
• [ruff] Remove pytest-fixture-autouse (RUF076) (#26240, #26371)

Documentation

• Add versioning sections to custom crate READMEs (#26317)
• Update ruff_python_parser README for crates.io (#26315)
• [perflint] Clarify that PERF402 applies to any iterable (#26242)

Contributors

• @​dhruvmanila
• @​MichaReiser
• @​ntBre
• @​trilamsr

0.15.19

Released on 2026-06-23.

Preview features

• Support human-readable names when hovering suppression comments and in code actions (#26114)

Bug fixes

• Fall back to default settings when editor-only settings are invalid (#26244)
• Fix panic when inserting text at a notebook cell boundary (#26111)

Rule changes

• [pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#26239)

Performance

• Avoid allocating when parsing single string literals (#26200)
• Avoid reallocating singleton call arguments (#26223)
• Lazily create source files for lint diagnostics (#26226)
• Optimize formatter text width and indentation (#26236)
• Reserve capacity for builtin bindings (#26229)
• Skip repeated-key checks for singleton dictionaries (#26228)
• Use ArrayVec for qualified name segments (#26224)

... (truncated)

Commits

• f82a36b Bump 0.15.20 (#26376)
• af32943 Improve the summarise-ecosystem-results skill (#26378)
• 485ebab Remove RUF076 name from schema (#26371)
• ef81835 [ty] Implement rust-analyzer's "Click for full compiler diagnostic" feature (...
• 572b31e [ruff] Remove pytest-fixture-autouse (RUF076) (#26240)
• f703f21 Allow human-readable names in rule selectors (#25887)
• 0d726b2 [ty] Reuse equality semantics for membership compatibility (#25955)
• dbe6e98 [ty] Infer definite equality comparison results (#26337)
• e700ea3 [ty] Prove TypedDict structural patterns exhaustive (#26285)
• 6a0d2ec [ty] Widen inferred class-valued instance attributes (#26338)
• Additional commits viewable in compare view

Updates uv-build to 0.11.25

Release notes

Sourced from uv-build's releases.

0.11.25

Release Notes

Released on 2026-06-26.

Security

This release updates our tar library, astral-tokio-tar, to v0.6.3, which includes over 20 changes that harden our tar handling against parser differentials. uv may reject source distributions with malformed or ambiguous content that were previously accepted.

See the upstream commits for a full list of changes.

Enhancements

• Add a full "lockfile" to tool receipts (#18937)
• Allow scoped overrides to add dependencies (#19974)
• Avoid writing redundant lockfile markers with tool.uv.environments (#19933)
• Factor supported environments out of lockfile markers (#19969)
• Recommend our own build backend in the build frontend (#19994)
• Reject wheels with multiple .dist-info directories (#19986)
• Simplify dependency markers under parent reachability (#19971)
• Support scoped dependency exclusions (#19977)
• Support scoped dependency overrides (#19970)
• Explain why files are skipped in registry index parsing (#19983)

Preview features

• Add uv workspace list --scripts (#20009)
• Support centralised environments in uv venv (#19912)
• Use locked ty versions in uv check (#19884)
• Add centralized storage of project environments (#18214)
• Verify lockfile hashes before reusing a cached ty in uv check (#19995)
• Use locked dependency selection for uv check --script (#19989)

Bug fixes

• Preserve standalone markers in workspace metadata (#20011)
• Reject uv build if the cache dir is enclosed (#19991)

Install uv 0.11.25

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.25/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.25/uv-installer.ps1 | iex"
</tr></table> 

... (truncated)

Changelog

Sourced from uv-build's changelog.

0.11.25

Released on 2026-06-26.

Security

This release updates our tar library, astral-tokio-tar, to v0.6.3, which includes over 20 changes that harden our tar handling against parser differentials. uv may reject source distributions with malformed or ambiguous content that were previously accepted.

See the upstream commits for a full list of changes.

Enhancements

• Add a full "lockfile" to tool receipts (#18937)
• Allow scoped overrides to add dependencies (#19974)
• Avoid writing redundant lockfile markers with tool.uv.environments (#19933)
• Factor supported environments out of lockfile markers (#19969)
• Recommend our own build backend in the build frontend (#19994)
• Reject wheels with multiple .dist-info directories (#19986)
• Simplify dependency markers under parent reachability (#19971)
• Support scoped dependency exclusions (#19977)
• Support scoped dependency overrides (#19970)
• Explain why files are skipped in registry index parsing (#19983)

Preview features

• Add uv workspace list --scripts (#20009)
• Support centralised environments in uv venv (#19912)
• Use locked ty versions in uv check (#19884)
• Add centralized storage of project environments (#18214)
• Verify lockfile hashes before reusing a cached ty in uv check (#19995)
• Use locked dependency selection for uv check --script (#19989)

Bug fixes

• Preserve standalone markers in workspace metadata (#20011)
• Reject uv build if the cache dir is enclosed (#19991)

0.11.24

Released on 2026-06-23.

Python

• Add CPython 3.15.0b3 (#19964)

Preview features

• Make project environments relocatable under preview (#19965)

Performance

... (truncated)

Commits

• 1fc7de7 Bump version to 0.11.25 (#20017)
• e0de46e Test tool lock invalidation and upgrades (#20016)
• 7df6bbd Add uv workspace list --scripts (#20009)
• f23ef25 Add a full "lockfile" to tool receipts (#18937)
• 29eb5d2 Preserve standalone markers in workspace metadata (#20011)
• ebf0376 Simplify dependency markers under parent reachability (#19971)
• d8c98e9 Document project environment link return value (#20010)
• cb73f0b Support centralised environments in uv venv (#19912)
• 5fccfe7 Build frontend: simplify is_path_within (#20008)
• 62d8b4e Verify lockfile hashes before reusing a cached ty in uv check (#19995)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions