Merge branch 'main' into alex/eager-scopes

* main: (991 commits)
  [red-knot] Resolve `Options` to `Settings` (#16000)
  Bump version to 0.9.6 (#16074)
  Revert tailwindcss v4 update (#16075)
  Improve migration document (#16072)
  Fix reference definition labels for backtick-quoted shortcut links (#16035)
  RUF009 should behave similar to B008 and ignore attributes with immutable types (#16048)
  [`pylint`] Also report when the object isn't a literal (`PLE1310`) (#15985)
  Update Rust crate rustc-hash to v2.1.1 (#16060)
  Root exclusions in the server to project root (#16043)
  Directly include `Settings` struct for the server (#16042)
  Update Rust crate clap to v4.5.28 (#16059)
  Update Rust crate strum_macros to 0.27.0 (#16065)
  Update NPM Development dependencies (#16067)
  Update Rust crate uuid to v1.13.1 (#16066)
  Update Rust crate strum to 0.27.0 (#16064)
  Update pre-commit dependencies (#16063)
  Update dependency ruff to v0.9.5 (#16062)
  Update Rust crate toml to v0.8.20 (#16061)
  [`flake8-builtins`] Make strict module name comparison optional (`A005`) (#15951)
  [`ruff`] Indented form feeds (`RUF054`) (#16049)
  ...

.cargo/config.toml

@@ -8,3 +8,7 @@ benchmark = "bench -p ruff_benchmark --bench linter --bench formatter --"
 # See: https://github.com/astral-sh/ruff/issues/11503
 [target.'cfg(all(target_env="msvc", target_os = "windows"))']
 rustflags = ["-C", "target-feature=+crt-static"]
+
+[target.'wasm32-unknown-unknown']
+# See https://docs.rs/getrandom/latest/getrandom/#webassembly-support
+rustflags = ["--cfg", 'getrandom_backend="wasm_js"']

.config/nextest.toml

@@ -6,3 +6,10 @@ failure-output = "immediate-final"
 fail-fast = false
 
 status-level = "skip"
+
+# Mark tests that take longer than 1s as slow.
+# Terminate after 60s as a stop-gap measure to terminate on deadlock.
+slow-timeout =  { period = "1s", terminate-after = 60 }
+
+# Show slow jobs in the final summary
+final-status-level = "slow"

.gitattributes

@@ -14,5 +14,7 @@ crates/ruff_python_parser/resources/invalid/re_lex_logical_token_mac_eol.py text
 
 crates/ruff_python_parser/resources/inline linguist-generated=true
 
-ruff.schema.json linguist-generated=true text=auto eol=lf
+ruff.schema.json -diff linguist-generated=true text=auto eol=lf
+crates/ruff_python_ast/src/generated.rs -diff linguist-generated=true text=auto eol=lf
+crates/ruff_python_formatter/src/generated.rs -diff linguist-generated=true text=auto eol=lf
 *.md.snap linguist-language=Markdown

.github/CODEOWNERS

@@ -9,13 +9,15 @@
 /crates/ruff_formatter/ @MichaReiser
 /crates/ruff_python_formatter/ @MichaReiser
 /crates/ruff_python_parser/ @MichaReiser @dhruvmanila
+/crates/ruff_annotate_snippets/ @BurntSushi
 
 # flake8-pyi
 /crates/ruff_linter/src/rules/flake8_pyi/ @AlexWaygood
 
-# Script for fuzzing the parser
-/scripts/fuzz-parser/ @AlexWaygood
+# Script for fuzzing the parser/red-knot etc.
+/python/py-fuzzer/ @AlexWaygood
 
 # red-knot
 /crates/red_knot* @carljm @MichaReiser @AlexWaygood @sharkdp
 /crates/ruff_db/ @carljm @MichaReiser @AlexWaygood @sharkdp
+/scripts/knot_benchmark/ @carljm @MichaReiser @AlexWaygood @sharkdp

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,2 @@
+# This file cannot use the extension `.yaml`.
+blank_issues_enabled: false

.github/ISSUE_TEMPLATE/issue.yaml

@@ -0,0 +1,22 @@
+name: New issue
+description: A generic issue
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for taking the time to report an issue! We're glad to have you involved with Ruff.
+
+        If you're filing a bug report, please consider including the following information:
+
+        * List of keywords you searched for before creating this issue. Write them down here so that others can find this issue more easily and help provide feedback.
+        e.g. "RUF001", "unused variable", "Jupyter notebook"
+        * A minimal code snippet that reproduces the bug.
+        * The command you invoked (e.g., `ruff /path/to/file.py --fix`), ideally including the `--isolated` flag.
+        * The current Ruff settings (any relevant sections from your `pyproject.toml`).
+        * The current Ruff version (`ruff --version`).
+
+  - type: textarea
+    attributes:
+      label: Description
+      description: A description of the issue

.github/actionlint.yaml

@@ -0,0 +1,10 @@
+# Configuration for the actionlint tool, which we run via pre-commit
+# to verify the correctness of the syntax in our GitHub Actions workflows.
+
+self-hosted-runner:
+  # Various runners we use that aren't recognized out-of-the-box by actionlint:
+  labels:
+    - depot-ubuntu-latest-8
+    - depot-ubuntu-22.04-16
+    - github-windows-2025-x86_64-8
+    - github-windows-2025-x86_64-16

.github/renovate.json5

@@ -45,7 +45,7 @@
       groupName: "Artifact GitHub Actions dependencies",
       matchManagers: ["github-actions"],
       matchDatasources: ["gitea-tags", "github-tags"],
-      matchPackagePatterns: ["actions/.*-artifact"],
+      matchPackageNames: ["actions/.*-artifact"],
       description: "Weekly update of artifact-related GitHub Actions dependencies",
     },
     {
@@ -58,10 +58,16 @@
       description: "Disable PRs updating GitHub runners (e.g. 'runs-on: macos-14')",
       enabled: false,
     },
+    {
+      // TODO: Remove this once the codebase is upgrade to v4 (https://github.com/astral-sh/ruff/pull/16069)
+      matchPackageNames: ["tailwindcss"],
+      matchManagers: ["npm"],
+      enabled: false,
+    },
     {
       // Disable updates of `zip-rs`; intentionally pinned for now due to ownership change
       // See: https://github.com/astral-sh/uv/issues/3642
-      matchPackagePatterns: ["zip"],
+      matchPackageNames: ["zip"],
       matchManagers: ["cargo"],
       enabled: false,
     },
@@ -70,7 +76,7 @@
       // with `mkdocs-material-insider`.
       // See: https://squidfunk.github.io/mkdocs-material/insiders/upgrade/
       matchManagers: ["pip_requirements"],
-      matchPackagePatterns: ["mkdocs-material"],
+      matchPackageNames: ["mkdocs-material"],
       enabled: false,
     },
     {
@@ -87,13 +93,13 @@
     {
       groupName: "Monaco",
       matchManagers: ["npm"],
-      matchPackagePatterns: ["monaco"],
+      matchPackageNames: ["monaco"],
       description: "Weekly update of the Monaco editor",
     },
     {
       groupName: "strum",
       matchManagers: ["cargo"],
-      matchPackagePatterns: ["strum"],
+      matchPackageNames: ["strum"],
       description: "Weekly update of strum dependencies",
     },
     {

.github/workflows/build-binaries.yml

@@ -23,6 +23,8 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions: {}
+
 env:
   PACKAGE_NAME: ruff
   MODULE_NAME: ruff
@@ -40,6 +42,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           submodules: recursive
+          persist-credentials: false
       - uses: actions/setup-python@v5
         with:
           python-version: ${{ env.PYTHON_VERSION }}
@@ -52,9 +55,9 @@ jobs:
           args: --out dist
       - name: "Test sdist"
         run: |
-          pip install dist/${{ env.PACKAGE_NAME }}-*.tar.gz --force-reinstall
-          ${{ env.MODULE_NAME }} --help
-          python -m ${{ env.MODULE_NAME }} --help
+          pip install dist/"${PACKAGE_NAME}"-*.tar.gz --force-reinstall
+          "${MODULE_NAME}" --help
+          python -m "${MODULE_NAME}" --help
       - name: "Upload sdist"
         uses: actions/upload-artifact@v4
         with:
@@ -68,6 +71,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           submodules: recursive
+          persist-credentials: false
       - uses: actions/setup-python@v5
         with:
           python-version: ${{ env.PYTHON_VERSION }}
@@ -109,6 +113,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           submodules: recursive
+          persist-credentials: false
       - uses: actions/setup-python@v5
         with:
           python-version: ${{ env.PYTHON_VERSION }}
@@ -122,7 +127,7 @@ jobs:
           args: --release --locked --out dist
       - name: "Test wheel - aarch64"
         run: |
-          pip install dist/${{ env.PACKAGE_NAME }}-*.whl --force-reinstall
+          pip install dist/"${PACKAGE_NAME}"-*.whl --force-reinstall
           ruff --help
           python -m ruff --help
       - name: "Upload wheels"
@@ -164,6 +169,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           submodules: recursive
+          persist-credentials: false
       - uses: actions/setup-python@v5
         with:
           python-version: ${{ env.PYTHON_VERSION }}
@@ -182,9 +188,9 @@ jobs:
         if: ${{ !startsWith(matrix.platform.target, 'aarch64') }}
         shell: bash
         run: |
-          python -m pip install dist/${{ env.PACKAGE_NAME }}-*.whl --force-reinstall
-          ${{ env.MODULE_NAME }} --help
-          python -m ${{ env.MODULE_NAME }} --help
+          python -m pip install dist/"${PACKAGE_NAME}"-*.whl --force-reinstall
+          "${MODULE_NAME}" --help
+          python -m "${MODULE_NAME}" --help
       - name: "Upload wheels"
         uses: actions/upload-artifact@v4
         with:
@@ -216,6 +222,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           submodules: recursive
+          persist-credentials: false
       - uses: actions/setup-python@v5
         with:
           python-version: ${{ env.PYTHON_VERSION }}
@@ -231,9 +238,9 @@ jobs:
       - name: "Test wheel"
         if: ${{ startsWith(matrix.target, 'x86_64') }}
         run: |
-          pip install dist/${{ env.PACKAGE_NAME }}-*.whl --force-reinstall
-          ${{ env.MODULE_NAME }} --help
-          python -m ${{ env.MODULE_NAME }} --help
+          pip install dist/"${PACKAGE_NAME}"-*.whl --force-reinstall
+          "${MODULE_NAME}" --help
+          python -m "${MODULE_NAME}" --help
       - name: "Upload wheels"
         uses: actions/upload-artifact@v4
         with:
@@ -290,6 +297,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           submodules: recursive
+          persist-credentials: false
       - uses: actions/setup-python@v5
         with:
           python-version: ${{ env.PYTHON_VERSION }}
@@ -354,6 +362,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           submodules: recursive
+          persist-credentials: false
       - uses: actions/setup-python@v5
         with:
           python-version: ${{ env.PYTHON_VERSION }}
@@ -419,6 +428,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           submodules: recursive
+          persist-credentials: false
       - uses: actions/setup-python@v5
         with:
           python-version: ${{ env.PYTHON_VERSION }}

.github/workflows/build-docker.yml

@@ -36,6 +36,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           submodules: recursive
+          persist-credentials: false
 
       - uses: docker/setup-buildx-action@v3
 
@@ -47,11 +48,13 @@ jobs:
 
       - name: Check tag consistency
         if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
+        env:
+          TAG: ${{ inputs.plan != '' && fromJson(inputs.plan).announcement_tag || 'dry-run' }}
         run: |
-          version=$(grep "version = " pyproject.toml | sed -e 's/version = "\(.*\)"/\1/g')
-          if [ "${{ fromJson(inputs.plan).announcement_tag }}" != "${version}" ]; then
+          version=$(grep -m 1 "^version = " pyproject.toml | sed -e 's/version = "\(.*\)"/\1/g')
+          if [ "${TAG}" != "${version}" ]; then
             echo "The input tag does not match the version from pyproject.toml:" >&2
-            echo "${{ fromJson(inputs.plan).announcement_tag }}" >&2
+            echo "${TAG}" >&2
             echo "${version}" >&2
             exit 1
           else
@@ -71,7 +74,7 @@ jobs:
       - name: Normalize Platform Pair (replace / with -)
         run: |
           platform=${{ matrix.platform }}
-          echo "PLATFORM_TUPLE=${platform//\//-}" >> $GITHUB_ENV
+          echo "PLATFORM_TUPLE=${platform//\//-}" >> "$GITHUB_ENV"
 
       # Adapted from https://docs.docker.com/build/ci/github-actions/multi-platform/
       - name: Build and push by digest
@@ -86,9 +89,10 @@ jobs:
           outputs: type=image,name=${{ env.RUFF_BASE_IMG }},push-by-digest=true,name-canonical=true,push=${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
 
       - name: Export digests
+        env:
+          digest: ${{ steps.build.outputs.digest }}
         run: |
           mkdir -p /tmp/digests
-          digest="${{ steps.build.outputs.digest }}"
           touch "/tmp/digests/${digest#sha256:}"
 
       - name: Upload digests
@@ -140,9 +144,10 @@ jobs:
         # The printf will expand the base image with the `<RUFF_BASE_IMG>@sha256:<sha256> ...` for each sha256 in the directory
         # The final command becomes `docker buildx imagetools create -t tag1 -t tag2 ... <RUFF_BASE_IMG>@sha256:<sha256_1> <RUFF_BASE_IMG>@sha256:<sha256_2> ...`
         run: |
+          # shellcheck disable=SC2046
           docker buildx imagetools create \
             $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf '${{ env.RUFF_BASE_IMG }}@sha256:%s ' *)
+            $(printf "${RUFF_BASE_IMG}@sha256:%s " *)
 
   docker-publish-extra:
     name: Publish additional Docker image based on ${{ matrix.image-mapping }}
@@ -172,6 +177,8 @@ jobs:
 
       - name: Generate Dynamic Dockerfile Tags
         shell: bash
+        env:
+          TAG_VALUE: ${{ fromJson(inputs.plan).announcement_tag }}
         run: |
           set -euo pipefail
 
@@ -181,7 +188,7 @@ jobs:
           # Generate Dockerfile content
           cat <<EOF > Dockerfile
           FROM ${BASE_IMAGE}
-          COPY --from=${{ env.RUFF_BASE_IMG }}:latest /ruff /usr/local/bin/ruff
+          COPY --from=${RUFF_BASE_IMG}:latest /ruff /usr/local/bin/ruff
           ENTRYPOINT []
           CMD ["/usr/local/bin/ruff"]
           EOF
@@ -192,23 +199,23 @@ jobs:
           # Loop through all base tags and append its docker metadata pattern to the list
           # Order is on purpose such that the label org.opencontainers.image.version has the first pattern with the full version
           IFS=','; for TAG in ${BASE_TAGS}; do
-            TAG_PATTERNS="${TAG_PATTERNS}type=pep440,pattern={{ version }},suffix=-${TAG},value=${{ fromJson(inputs.plan).announcement_tag }}\n"
-            TAG_PATTERNS="${TAG_PATTERNS}type=pep440,pattern={{ major }}.{{ minor }},suffix=-${TAG},value=${{ fromJson(inputs.plan).announcement_tag }}\n"
+            TAG_PATTERNS="${TAG_PATTERNS}type=pep440,pattern={{ version }},suffix=-${TAG},value=${TAG_VALUE}\n"
+            TAG_PATTERNS="${TAG_PATTERNS}type=pep440,pattern={{ major }}.{{ minor }},suffix=-${TAG},value=${TAG_VALUE}\n"
             TAG_PATTERNS="${TAG_PATTERNS}type=raw,value=${TAG}\n"
           done
 
           # Remove the trailing newline from the pattern list
           TAG_PATTERNS="${TAG_PATTERNS%\\n}"
 
           # Export image cache name
-          echo "IMAGE_REF=${BASE_IMAGE//:/-}" >> $GITHUB_ENV
+          echo "IMAGE_REF=${BASE_IMAGE//:/-}" >> "$GITHUB_ENV"
 
           # Export tag patterns using the multiline env var syntax
           {
             echo "TAG_PATTERNS<<EOF"
             echo -e "${TAG_PATTERNS}"
             echo EOF
-          } >> $GITHUB_ENV
+          } >> "$GITHUB_ENV"
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
@@ -284,7 +291,9 @@ jobs:
         # The final command becomes `docker buildx imagetools create -t tag1 -t tag2 ... <RUFF_BASE_IMG>@sha256:<sha256_1> <RUFF_BASE_IMG>@sha256:<sha256_2> ...`
         run: |
           readarray -t lines <<< "$DOCKER_METADATA_OUTPUT_ANNOTATIONS"; annotations=(); for line in "${lines[@]}"; do annotations+=(--annotation "$line"); done
+
+          # shellcheck disable=SC2046
           docker buildx imagetools create \
             "${annotations[@]}" \
             $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf '${{ env.RUFF_BASE_IMG }}@sha256:%s ' *)
+            $(printf "${RUFF_BASE_IMG}@sha256:%s " *)