Update Python dependencies (16/edge)

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
boto3	^1.42.55 → ^1.42.59
charmlibs-interfaces-tls-certificates	^1.7.0 → ^1.8.1
ops (changelog)	3.5.2 → 3.6.0
ops (changelog)	^3.5.2 → ^3.6.0
postgresql-charms-single-kernel	16.1.7 → 16.1.8
ruff (source, changelog)	^0.15.2 → ^0.15.4
ty (changelog)	^0.0.18 → ^0.0.20

---

Release Notes

boto/boto3 (boto3)

v1.42.59

Compare Source

=======

• api-change:arc-region-switch: [botocore] Post-Recovery Workflows enable customers to maintain comprehensive disaster recovery automation. This allows customer SREs and leadership to have complete recovery orchestration from failover through post-recovery preparation, ensuring Regions remain ready for subsequent recovery events.
• api-change:batch: [botocore] This feature allows customers to specify the minimum time (in minutes) that AWS Batch keeps instances running in a compute environment after all jobs on the instance complete
• api-change:bedrock: [botocore] Added four new model lifecycle date fields, startOfLifeTime, endOfLifeTime, legacyTime, and publicExtendedAccessTime. Adds support for using the Converse API with Bedrock Batch inference jobs.
• api-change:cognito-idp: [botocore] Cognito is introducing a two-secret rotation model for app clients, enabling seamless credential rotation without downtime. Dedicated APIs support passing in a custom secret. Custom secrets need to be at least 24 characters. This eliminates reconfiguration needs and reduces security risks.
• api-change:connect: [botocore] Deprecate EvaluationReviewMetadata's CreatedBy and CreatedTime, add EvaluationReviewMetadata's RequestedBy and RequestedTime
• api-change:customer-profiles: [botocore] This release introduces an optional SourcePriority parameter to the ProfileObjectType APIs, allowing you to control the precedence of object types when ingesting data from multiple sources. Additionally, WebAnalytics and Device have been added as new StandardIdentifier values.
• api-change:health: [botocore] Updates the regex for validating availabilityZone strings used in the describe events filters.
• api-change:keyspacesstreams: [botocore] Added support for Change Data Capture (CDC) streams with Duration DataType.
• api-change:odb: [botocore] ODB Networking Route Management is a feature improvement which allows for implicit creation and deletion of EC2 Routes in the Peer Network Route Table designated by the customer via new optional input. This feature release is combined with Multiple App-VPC functionality for ODB Network Peering(s).
• api-change:ram: [botocore] Resource owners can now specify ResourceShareConfiguration request parameter for CreateResourceShare API including RetainSharingOnAccountLeaveOrganization boolean parameter

v1.42.58

Compare Source

=======

• api-change:backup-gateway: [botocore] This release updates GetGateway API to include deprecationDate and softwareVersion in the response, enabling customers to track gateway software versions and upcoming deprecation dates.
• api-change:ec2: [botocore] Add c8id, m8id and hpc8a instance types.
• api-change:ecs: [botocore] Adding support for Capacity Reservations for ECS Managed Instances by introducing a new "capacityOptionType" value of "RESERVED" and new field "capacityReservations" for CreateCapacityProvider and UpdateCapacityProvider APIs.
• api-change:marketplace-entitlement: [botocore] Added License Arn as a new optional filter for GetEntitlements and LicenseArn field in each entitlement in the response.
• api-change:meteringmarketplace: [botocore] Added LicenseArn to ResolveCustomer response and BatchMeterUsage usage records. BatchMeterUsage now accepts LicenseArn in each UsageRecord to report usage at the license level. Added InvalidLicenseException error response for invalid license parameters.
• api-change:securityhub: [botocore] Security Hub added EXTENDED PLAN integration type to DescribeProductsV2 and added metadata.product.vendor name GroupBy support to GetFindingStatisticsV2

v1.42.57

Compare Source

=======

• api-change:batch: [botocore] AWS Batch documentation update for service job capacity units.
• api-change:ec2: [botocore] Add support for EC2 Capacity Blocks in Local Zones.
• api-change:ecr: [botocore] Update repository name regex to comply with OCI Distribution Specification
• api-change:neptune: [botocore] Neptune global clusters now supports tags
• api-change:wafv2: [botocore] AWS WAF now supports GetTopPathStatisticsByTraffic that provides aggregated statistics on the top URI paths accessed by bot traffic. Use this operation to see which paths receive the most bot traffic, identify the specific bots accessing them, and filter by category, organization, or bot name.

v1.42.56

Compare Source

=======

• api-change:cloudwatch: [botocore] This release adds the APIs (PutAlarmMuteRule, ListAlarmMuteRules, GetAlarmMuteRule and DeleteAlarmMuteRule) to manage a new Cloudwatch resource, AlarmMuteRules. AlarmMuteRules allow customers to temporarily mute alarm notifications during expected downtime periods.
• api-change:ec2: [botocore] Adds httpTokensEnforced property to ModifyInstanceMetadataDefaults API. Set per account or manage organization-wide using declarative policies to prevent IMDSv1-enabled instance launch and block attempts to enable IMDSv1 on existing IMDSv2-only instances.
• api-change:elementalinference: [botocore] Initial GA launch for AWS Elemental Inference including capabilities of Smart Crop and Live Event Clipping
• api-change:endpoint-rules: [botocore] Update endpoint-rules client to latest version
• api-change:es: [botocore] Fixed HTTP binding for DescribeDomainAutoTunes API to correctly pass request parameters as query parameters in the HTTP request.
• api-change:medialive: [botocore] AWS Elemental MediaLive - Added support for Elemental Inference for Smart Cropping and Clipping features for MediaLive.
• api-change:observabilityadmin: [botocore] Adding a new field in the CreateCentralizationRuleForOrganization, UpdateCentralizationRuleForOrganization API and updating the GetCentralizationRuleForOrganization API response to include the new field
• api-change:opensearch: [botocore] Fixed HTTP binding for DescribeDomainAutoTunes API to correctly pass request parameters as query parameters in the HTTP request.
• api-change:partnercentral-selling: [botocore] Added support for filtering opportunities by target close date in the ListOpportunities API. You can now filter results to return opportunities with a target close date before or after a specified date, enabling more precise opportunity searches based on expected closure timelines.

canonical/operator (ops)

v3.6.0

Compare Source

Features

• Bump default Juju version in ops.testing.Context to 3.6.14 (#​2316)

Fixes

• Correct the Model.get_binding() return type (#​2329)
• Only show executable in ExecError.__str__, not full command line (#​2336)
• Support Pydantic MISSING sentinel in ops.Relation.save (#​2306)

Documentation

• Add how-to subcategory for managing containers (#​2309)
• Remove 2.19 version in docs, tweak ops.testing title (#​2332)
• Use "true" and "false" consistently in the reference documentation (#​2330)
• Add CLI args as another place to not put sensitive data (#​2334)
• Fix remote unit kwarg in testing example (#​2342)
• Clarify that secret labels are not names (#​2337)

Tests

• Set SCENARIO_BARE_CHARM_ERRORS=true in Ops tests that care (#​2314)

CI

• Fix releasing on branches with no versions.md doc (#​2323)

astral-sh/ruff (ruff)

v0.15.4

Compare Source

Released on 2026-02-26.

This is a follow-up release to 0.15.3 that resolves a panic when the new rule PLR1712 was enabled with any rule that analyzes definitions, such as many of the ANN or D rules.

Bug fixes

• Fix panic on access to definitions after analyzing definitions (#​23588)
• [pyflakes] Suppress false positive in F821 for names used before del in stub files (#​23550)

Documentation

• Clarify first-party import detection in Ruff (#​23591)
• Fix incorrect import-heading example (#​23568)

Contributors

• @​stakeswky
• @​ntBre
• @​thejcannon
• @​GeObts

v0.15.3

Compare Source

Released on 2026-02-26.

Preview features

• Drop explicit support for .qmd file extension (#​23572)

  This can now be enabled instead by setting the extension option:

  # ruff.toml
  extension = { qmd = "markdown" }
  
  # pyproject.toml
  [tool.ruff]
  extension = { qmd = "markdown" }

• Include configured extensions in file discovery (#​23400)

• [flake8-bandit] Allow suspicious imports in TYPE_CHECKING blocks (S401-S415) (#​23441)

• [flake8-bugbear] Allow B901 in pytest hook wrappers (#​21931)

• [flake8-import-conventions] Add missing conventions from upstream (ICN001, ICN002) (#​21373)

• [pydocstyle] Add rule to enforce docstring section ordering (D420) (#​23537)

• [pylint] Implement swap-with-temporary-variable (PLR1712) (#​22205)

• [ruff] Add unnecessary-assign-before-yield (RUF070) (#​23300)

• [ruff] Support file-level noqa in RUF102 (#​23535)

• [ruff] Suppress diagnostic for invalid f-strings before Python 3.12 (RUF027) (#​23480)

• [flake8-bandit] Don't flag BaseLoader/CBaseLoader as unsafe (S506) (#​23510)

Bug fixes

• Avoid infinite loop between I002 and PYI025 (#​23352)
• [pyflakes] Fix false positive for @overload from lint.typing-modules (F811) (#​23357)
• [pyupgrade] Fix false positive for TypeVar default before Python 3.12 (UP046) (#​23540)
• [pyupgrade] Fix handling of \N in raw strings (UP032) (#​22149)

Rule changes

• Render sub-diagnostics in the GitHub output format (#​23455)

• [flake8-bugbear] Tag certain B007 diagnostics as unnecessary (#​23453)

• [ruff] Ignore unknown rule codes in RUF100 (#​23531)

  These are now flagged by RUF102 instead.

Documentation

• Fix missing settings links for several linters (#​23519)
• Update isort action comments heading (#​23515)
• [pydocstyle] Fix double comma in description of D404 (#​23440)

Other changes

• Update the Python module (notably find_ruff_bin) for parity with uv (#​23406)

Contributors

• @​zanieb
• @​o1x3
• @​assadyousuf
• @​kar-ganap
• @​denyszhak
• @​amyreese
• @​carljm
• @​anishgirianish
• @​Bnyro
• @​danparizher
• @​ntBre
• @​gcomneno
• @​jaap3
• @​stakeswky

astral-sh/ty (ty)

v0.0.20

Compare Source

Released on 2026-03-02.

Bug fixes

• Disallow negative narrowing for isinstance() or issubclass() checks involving type[] types (#​23598)
• Fix binary operations between an instance of a NewType of float and an instance of Any/Unknown (#​23620)
• Fix bug where ty would think that a Callable with a variadic positional parameter could be a subtype of a Callable with a positional-or-keyword parameter (#​23610)
• Fix inference of t.__mro__ if t is an instance of type[Any] (#​23632)
• Fix overloaded callable assignability for unary Callable targets (#​23277)
• Limit recursion depth when displaying self-referential function types (#​23647)
• Ensure that python -m ty works even when ty was installed into an ephemeral virtual environment (#​2852)

LSP server

• Add support for the LSP protocol's "type hierarchy" feature (#​23566)

Type checking

• Add more ParamSpec validation for P.args and P.kwargs (#​23640)
• Ban nested Required/NotRequired, and ban them both outside of TypedDict fields (#​23627)
• Detect inconsistent generic base class specializations that appear in the same MRO (#​23615)
• Detect invalid uses of @final on non-methods (#​23604)
• Add partial support and validation for Unpack when used with tuple types (#​23651)
• Recurse into tuples and nested tuples when applying special-cased validation of arguments passed to isinstance() and issubclass() (#​23607)
• Reject ellipsis literals in odd places in type/annotation expressions (#​23611)
• Reject functions with PEP-695 type parameters that shadow type parameters from enclosing scopes (#​23619)
• Reject generic metaclasses parameterized by type variables (#​23628)
• Treat dataclass_transform dataclasses as neither frozen nor non-frozen (#​23366)
• Validate that type variable defaults don't reference later type parameters or type parameters out of scope (#​23623)

Typeshed

• Sync vendored typeshed stubs (#​23642). Typeshed diff

Contributors

• @​Hugo-Polloli
• @​zanieb
• @​sharkdp
• @​mtshiba
• @​carljm
• @​charliermarsh
• @​sinon
• @​BurntSushi
• @​oconnor663
• @​AlexWaygood
• @​zsol

v0.0.19

Compare Source

Released on 2026-02-26.

Bug fixes

• Fix panic in diagnostic rendering when attempting to render a code frame pointing to leading whitespace (#​23458)
• Fix panics and incorrect inference stemming from incorrectly considering overloads in another file as being associated with a function in the file being checked (#​21977)
• Fix panic when attempting to narrow the type of a dictionary key that was assigned using a multi-target assignment, e.g. x = y = {"a": 1} (#​23523)
• Fix infinite hang on mutually recursive TypeAliasType definitions (#​23397)

LSP server

• Fix inlay hints for starred unpacking targets (#​23454)

Core type checking

• Fix assignability, subtyping and equivalence checks relating to typing.Generator prior to Python 3.13 (#​23386)
• Understand that a scope's control flow terminates after await foo() if foo returns typing.Awaitable[typing.Never] or similar (#​23479)
• Implement stricter handling of calls to instances of type[T] types (#​23472)
• Support basic type narrowing for case {...}: patterns in match statements (#​23462)
• Fix bugs that could manifest in incorrect overload evaluation, false-positive complaints regarding assert_type calls or false-positive redundant-cast diagnostics by reimplementing the equivalence type relation as mutual subtyping of top and bottom materializations (#​23428)
• Fix equality and __contains__ narrowing with PEP-695 type aliases (#​23545)
• Support _value_ annotations on enum classes (#​22228)

Improvements to diagnostics

• Improve diagnostics when attempting to specialize non-generic types (#​23516)
• Render subdiagnostics when --output-format=github is specified (#​23455)

Performance

• Add a cached method for calculating the intersection of two types (#​23547)
• Add a cached method for calculating the union of two types (#​23565)
• Reduce the threshold above which Literal types in unions are upcasted to nominal-instance types in situations where the union type is recursively defined (#​23521)
• Control flow: isolate the calculation of "loop header reachability" in a dedicated, cached function (#​23520)

Contributors

• @​AlexWaygood
• @​silamon
• @​ibraheemdev
• @​Hugo-Polloli
• @​charliermarsh
• @​knutwannheden
• @​oconnor663
• @​carljm
• @​mtshiba

---

Configuration

📅 Schedule: Branch creation - Between 01:00 AM and 05:59 AM, only on Tuesday ( * 1-5 * * 2 ) in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.34%. Comparing base (eae9c87) to head (7ef5dce).
⚠️ Report is 4 commits behind head on 16/edge.

Additional details and impacted files

@@           Coverage Diff            @@
##           16/edge    #1497   +/-   ##
========================================
  Coverage    70.34%   70.34%           
========================================
  Files           15       15           
  Lines         4276     4276           
  Branches       694      694           
========================================
  Hits          3008     3008           
  Misses        1058     1058           
  Partials       210      210           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.