.config/nextest.toml

@@ -7,6 +7,10 @@ serial = { max-threads = 1 }
 filter = 'binary(file_watching)'
 test-group = 'serial'
 
+[[profile.default.overrides]]
+filter = 'binary(e2e)'
+test-group = 'serial'
+
 [profile.ci]
 # Print out output for failing tests as soon as they fail, and also at the end
 # of the run (for easy scrollability).

.github/renovate.json5

@@ -2,11 +2,12 @@
   $schema: "https://docs.renovatebot.com/renovate-schema.json",
   dependencyDashboard: true,
   suppressNotifications: ["prEditedNotification"],
-  extends: ["github>astral-sh/renovate-config"],
+  extends: ["config:recommended"],
   labels: ["internal"],
   schedule: ["before 4am on Monday"],
   semanticCommits: "disabled",
   separateMajorMinor: false,
+  prHourlyLimit: 10,
   enabledManagers: ["github-actions", "pre-commit", "cargo", "pep621", "pip_requirements", "npm"],
   cargo: {
     // See https://docs.renovatebot.com/configuration-options/#rangestrategy
@@ -15,7 +16,7 @@
   pep621: {
     // The default for this package manager is to only search for `pyproject.toml` files
     // found at the repository root: https://docs.renovatebot.com/modules/manager/pep621/#file-matching
-    managerFilePatterns: ["^(python|scripts)/.*pyproject\\.toml$"],
+    fileMatch: ["^(python|scripts)/.*pyproject\\.toml$"],
   },
   pip_requirements: {
     // The default for this package manager is to run on all requirements.txt files:
@@ -33,7 +34,7 @@
   npm: {
     // The default for this package manager is to only search for `package.json` files
     // found at the repository root: https://docs.renovatebot.com/modules/manager/npm/#file-matching
-    managerFilePatterns: ["^playground/.*package\\.json$"],
+    fileMatch: ["^playground/.*package\\.json$"],
   },
   "pre-commit": {
     enabled: true,
@@ -75,6 +76,14 @@
       matchManagers: ["cargo"],
       enabled: false,
     },
+    {
+      // `mkdocs-material` requires a manual update to keep the version in sync
+      // with `mkdocs-material-insider`.
+      // See: https://squidfunk.github.io/mkdocs-material/insiders/upgrade/
+      matchManagers: ["pip_requirements"],
+      matchPackageNames: ["mkdocs-material"],
+      enabled: false,
+    },
     {
       groupName: "pre-commit dependencies",
       matchManagers: ["pre-commit"],

.github/workflows/build-binaries.yml

@@ -43,7 +43,7 @@ jobs:
         with:
           submodules: recursive
           persist-credentials: false
-      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
       - name: "Prep README.md"
@@ -72,7 +72,7 @@ jobs:
         with:
           submodules: recursive
           persist-credentials: false
-      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
           architecture: x64
@@ -114,7 +114,7 @@ jobs:
         with:
           submodules: recursive
           persist-credentials: false
-      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
           architecture: arm64
@@ -170,7 +170,7 @@ jobs:
         with:
           submodules: recursive
           persist-credentials: false
-      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
           architecture: ${{ matrix.platform.arch }}
@@ -223,7 +223,7 @@ jobs:
         with:
           submodules: recursive
           persist-credentials: false
-      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
           architecture: x64
@@ -300,7 +300,7 @@ jobs:
         with:
           submodules: recursive
           persist-credentials: false
-      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
       - name: "Prep README.md"
@@ -365,7 +365,7 @@ jobs:
         with:
           submodules: recursive
           persist-credentials: false
-      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
           architecture: x64
@@ -431,7 +431,7 @@ jobs:
         with:
           submodules: recursive
           persist-credentials: false
-      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
       - name: "Prep README.md"

.github/workflows/ci.yaml

@@ -24,8 +24,6 @@ env:
   PACKAGE_NAME: ruff
   PYTHON_VERSION: "3.14"
   NEXTEST_PROFILE: ci
-  # Enable mdtests that require external dependencies
-  MDTEST_EXTERNAL: "1"
 
 jobs:
   determine_changes:
@@ -232,7 +230,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - name: "Install Rust toolchain"
@@ -254,7 +252,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           shared-key: ruff-linux-debug
           save-if: ${{ github.ref == 'refs/heads/main' }}
@@ -263,15 +261,15 @@ jobs:
       - name: "Install mold"
         uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
       - name: "Install cargo nextest"
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
+        uses: taiki-e/install-action@537c30d2b45cc3aa3fb35e2bbcfb61ef93fd6f02 # v2.62.52
         with:
           tool: cargo-nextest
       - name: "Install cargo insta"
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
+        uses: taiki-e/install-action@537c30d2b45cc3aa3fb35e2bbcfb61ef93fd6f02 # v2.62.52
         with:
           tool: cargo-insta
       - name: "Install uv"
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
         with:
           enable-cache: "true"
       - name: ty mdtests (GitHub annotations)
@@ -286,10 +284,6 @@ jobs:
         run: cargo insta test --all-features --unreferenced reject --test-runner nextest
       - name: Dogfood ty on py-fuzzer
         run: uv run --project=./python/py-fuzzer cargo run -p ty check --project=./python/py-fuzzer
-      - name: Dogfood ty on the scripts directory
-        run: uv run --project=./scripts cargo run -p ty check --project=./scripts
-      - name: Dogfood ty on ty_benchmark
-        run: uv run --project=./scripts/ty_benchmark cargo run -p ty check --project=./scripts/ty_benchmark
       # Check for broken links in the documentation.
       - run: cargo doc --all --no-deps
         env:
@@ -298,7 +292,7 @@ jobs:
       # sync, not just public items. Eventually we should do this for all
       # crates; for now add crates here as they are warning-clean to prevent
       # regression.
-      - run: cargo doc --no-deps -p ty_python_semantic -p ty -p ty_test -p ruff_db -p ruff_python_formatter --document-private-items
+      - run: cargo doc --no-deps -p ty_python_semantic -p ty -p ty_test -p ruff_db --document-private-items
         env:
           # Setting RUSTDOCFLAGS because `cargo doc --check` isn't yet implemented (https://github.com/rust-lang/cargo/issues/10025).
           RUSTDOCFLAGS: "-D warnings"
@@ -317,7 +311,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - name: "Install Rust toolchain"
@@ -325,11 +319,11 @@ jobs:
       - name: "Install mold"
         uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
       - name: "Install cargo nextest"
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
+        uses: taiki-e/install-action@537c30d2b45cc3aa3fb35e2bbcfb61ef93fd6f02 # v2.62.52
         with:
           tool: cargo-nextest
       - name: "Install uv"
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
         with:
           enable-cache: "true"
       - name: "Run tests"
@@ -352,17 +346,17 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - name: "Install Rust toolchain"
         run: rustup show
       - name: "Install cargo nextest"
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
+        uses: taiki-e/install-action@537c30d2b45cc3aa3fb35e2bbcfb61ef93fd6f02 # v2.62.52
         with:
           tool: cargo-nextest
       - name: "Install uv"
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
         with:
           enable-cache: "true"
       - name: "Run tests"
@@ -380,7 +374,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - name: "Install Rust toolchain"
@@ -417,7 +411,7 @@ jobs:
         with:
           file: "Cargo.toml"
           field: "workspace.package.rust-version"
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - name: "Install Rust toolchain"
@@ -441,7 +435,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           workspaces: "fuzz -> target"
           save-if: ${{ github.ref == 'refs/heads/main' }}
@@ -450,7 +444,7 @@ jobs:
       - name: "Install mold"
         uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
       - name: "Install cargo-binstall"
-        uses: cargo-bins/cargo-binstall@3fc81674af4165a753833a94cae9f91d8849049f # v1.16.2
+        uses: cargo-bins/cargo-binstall@ae04fb5e853ae6cd3ad7de4a1d554a8b646d12aa # v1.15.11
       - name: "Install cargo-fuzz"
         # Download the latest version from quick install and not the github releases because github releases only has MUSL targets.
         run: cargo binstall cargo-fuzz --force  --disable-strategies crate-meta-data --no-confirm
@@ -468,8 +462,8 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           shared-key: ruff-linux-debug
           save-if: false
@@ -500,10 +494,10 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
       - name: "Install Rust toolchain"
         run: rustup component add rustfmt
       # Run all code generation scripts, and verify that the current output is
@@ -538,7 +532,7 @@ jobs:
           ref: ${{ github.event.pull_request.base.ref }}
           persist-credentials: false
 
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
         with:
           python-version: ${{ env.PYTHON_VERSION }}
           activate-environment: true
@@ -549,7 +543,7 @@ jobs:
       - name: "Install mold"
         uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
 
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           shared-key: ruff-linux-debug
           save-if: false
@@ -644,8 +638,8 @@ jobs:
         with:
           fetch-depth: 0
           persist-credentials: false
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - name: "Install Rust toolchain"
@@ -690,7 +684,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: cargo-bins/cargo-binstall@3fc81674af4165a753833a94cae9f91d8849049f # v1.16.2
+      - uses: cargo-bins/cargo-binstall@ae04fb5e853ae6cd3ad7de4a1d554a8b646d12aa # v1.15.11
       - run: cargo binstall --no-confirm cargo-shear
       - run: cargo shear
 
@@ -703,8 +697,8 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - name: "Install Rust toolchain"
@@ -725,11 +719,11 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
           architecture: x64
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - name: "Prep README.md"
@@ -754,8 +748,8 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
@@ -781,21 +775,32 @@ jobs:
     name: "mkdocs"
     runs-on: ubuntu-latest
     timeout-minutes: 10
+    env:
+      MKDOCS_INSIDERS_SSH_KEY_EXISTS: ${{ secrets.MKDOCS_INSIDERS_SSH_KEY != '' }}
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
+      - name: "Add SSH key"
+        if: ${{ env.MKDOCS_INSIDERS_SSH_KEY_EXISTS == 'true' }}
+        uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1
+        with:
+          ssh-private-key: ${{ secrets.MKDOCS_INSIDERS_SSH_KEY }}
       - name: "Install Rust toolchain"
         run: rustup show
       - name: Install uv
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
         with:
           python-version: 3.13
           activate-environment: true
+      - name: "Install Insiders dependencies"
+        if: ${{ env.MKDOCS_INSIDERS_SSH_KEY_EXISTS == 'true' }}
+        run: uv pip install -r docs/requirements-insiders.txt
       - name: "Install dependencies"
+        if: ${{ env.MKDOCS_INSIDERS_SSH_KEY_EXISTS != 'true' }}
         run: uv pip install -r docs/requirements.txt
       - name: "Update README File"
         run: python scripts/transform_readme.py --target mkdocs
@@ -803,8 +808,12 @@ jobs:
         run: python scripts/generate_mkdocs.py
       - name: "Check docs formatting"
         run: python scripts/check_docs_formatted.py
+      - name: "Build Insiders docs"
+        if: ${{ env.MKDOCS_INSIDERS_SSH_KEY_EXISTS == 'true' }}
+        run: mkdocs build --strict -f mkdocs.insiders.yml
       - name: "Build docs"
-        run: mkdocs build --strict -f mkdocs.yml
+        if: ${{ env.MKDOCS_INSIDERS_SSH_KEY_EXISTS != 'true' }}
+        run: mkdocs build --strict -f mkdocs.public.yml
 
   check-formatter-instability-and-black-similarity:
     name: "formatter instabilities and black similarity"
@@ -816,7 +825,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - name: "Install Rust toolchain"
@@ -844,7 +853,7 @@ jobs:
         with:
           persist-credentials: false
 
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           shared-key: ruff-linux-debug
           save-if: false
@@ -862,7 +871,7 @@ jobs:
           repository: "astral-sh/ruff-lsp"
           path: ruff-lsp
 
-      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           # installation fails on 3.13 and newer
           python-version: "3.12"
@@ -895,7 +904,7 @@ jobs:
           persist-credentials: false
       - name: "Install Rust toolchain"
         run: rustup target add wasm32-unknown-unknown
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
@@ -905,7 +914,7 @@ jobs:
           cache-dependency-path: playground/package-lock.json
       - uses: jetli/wasm-bindgen-action@20b33e20595891ab1a0ed73145d8a21fc96e7c29 # v0.2.0
       - name: "Install Node dependencies"
-        run: npm ci --ignore-scripts
+        run: npm ci
         working-directory: playground
       - name: "Build playgrounds"
         run: npm run dev:wasm
@@ -929,25 +938,22 @@ jobs:
         needs.determine_changes.outputs.linter == 'true'
       )
     timeout-minutes: 20
-    permissions:
-      contents: read # required for actions/checkout
-      id-token: write # required for OIDC authentication with CodSpeed
     steps:
       - name: "Checkout Branch"
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
 
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
 
       - name: "Install Rust toolchain"
         run: rustup show
 
       - name: "Install codspeed"
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
+        uses: taiki-e/install-action@537c30d2b45cc3aa3fb35e2bbcfb61ef93fd6f02 # v2.62.52
         with:
           tool: cargo-codspeed
 
@@ -955,10 +961,11 @@ jobs:
         run: cargo codspeed build --features "codspeed,instrumented" --profile profiling --no-default-features -p ruff_benchmark --bench formatter --bench lexer --bench linter --bench parser
 
       - name: "Run benchmarks"
-        uses: CodSpeedHQ/action@346a2d8a8d9d38909abd0bc3d23f773110f076ad # v4.4.1
+        uses: CodSpeedHQ/action@6a8e2b874c338bf81cc5e8be715ada75908d3871 # v4.3.4
         with:
-          mode: simulation
+          mode: instrumentation
           run: cargo codspeed run
+          token: ${{ secrets.CODSPEED_TOKEN }}
 
   benchmarks-instrumented-ty:
     name: "benchmarks instrumented (ty)"
@@ -971,25 +978,22 @@ jobs:
         needs.determine_changes.outputs.ty == 'true'
       )
     timeout-minutes: 20
-    permissions:
-      contents: read # required for actions/checkout
-      id-token: write # required for OIDC authentication with CodSpeed
     steps:
       - name: "Checkout Branch"
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
 
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
 
       - name: "Install Rust toolchain"
         run: rustup show
 
       - name: "Install codspeed"
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
+        uses: taiki-e/install-action@537c30d2b45cc3aa3fb35e2bbcfb61ef93fd6f02 # v2.62.52
         with:
           tool: cargo-codspeed
 
@@ -997,10 +1001,11 @@ jobs:
         run: cargo codspeed build --features "codspeed,instrumented" --profile profiling --no-default-features -p ruff_benchmark --bench ty
 
       - name: "Run benchmarks"
-        uses: CodSpeedHQ/action@346a2d8a8d9d38909abd0bc3d23f773110f076ad # v4.4.1
+        uses: CodSpeedHQ/action@6a8e2b874c338bf81cc5e8be715ada75908d3871 # v4.3.4
         with:
-          mode: simulation
+          mode: instrumentation
           run: cargo codspeed run
+          token: ${{ secrets.CODSPEED_TOKEN }}
 
   benchmarks-walltime:
     name: "benchmarks walltime (${{ matrix.benchmarks }})"
@@ -1008,9 +1013,6 @@ jobs:
     needs: determine_changes
     if: ${{ github.repository == 'astral-sh/ruff' && !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.ty == 'true' || github.ref == 'refs/heads/main') }}
     timeout-minutes: 20
-    permissions:
-      contents: read # required for actions/checkout
-      id-token: write # required for OIDC authentication with CodSpeed
     strategy:
       matrix:
         benchmarks:
@@ -1022,16 +1024,16 @@ jobs:
         with:
           persist-credentials: false
 
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
 
       - name: "Install Rust toolchain"
         run: rustup show
 
       - name: "Install codspeed"
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
+        uses: taiki-e/install-action@537c30d2b45cc3aa3fb35e2bbcfb61ef93fd6f02 # v2.62.52
         with:
           tool: cargo-codspeed
 
@@ -1039,7 +1041,7 @@ jobs:
         run: cargo codspeed build --features "codspeed,walltime" --profile profiling --no-default-features -p ruff_benchmark
 
       - name: "Run benchmarks"
-        uses: CodSpeedHQ/action@346a2d8a8d9d38909abd0bc3d23f773110f076ad # v4.4.1
+        uses: CodSpeedHQ/action@6a8e2b874c338bf81cc5e8be715ada75908d3871 # v4.3.4
         env:
           # enabling walltime flamegraphs adds ~6 minutes to the CI time, and they don't
           # appear to provide much useful insight for our walltime benchmarks right now
@@ -1048,3 +1050,4 @@ jobs:
         with:
           mode: walltime
           run: cargo codspeed run --bench ty_walltime "${{ matrix.benchmarks }}"
+          token: ${{ secrets.CODSPEED_TOKEN }}

.github/workflows/daily_fuzz.yaml

@@ -34,12 +34,12 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
       - name: "Install Rust toolchain"
         run: rustup show
       - name: "Install mold"
         uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
       - name: Build ruff
         # A debug build means the script runs slower once it gets started,
         # but this is outweighed by the fact that a release build takes *much* longer to compile in CI

.github/workflows/mypy_primer.yaml

@@ -43,11 +43,10 @@ jobs:
           persist-credentials: false
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
 
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
-          shared-key: "mypy-primer"
           workspaces: "ruff"
 
       - name: Install Rust toolchain
@@ -82,12 +81,11 @@ jobs:
           persist-credentials: false
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
 
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           workspaces: "ruff"
-          shared-key: "mypy-primer"
 
       - name: Install Rust toolchain
         run: rustup show
@@ -107,54 +105,3 @@ jobs:
         with:
           name: mypy_primer_memory_diff
           path: mypy_primer_memory.diff
-
-  # Runs mypy twice against the same ty version to catch any non-deterministic behavior (ideally).
-  # The job is disabled for now because there are some non-deterministic diagnostics.
-  mypy_primer_same_revision:
-    name: Run mypy_primer on same revision
-    runs-on: ${{ github.repository == 'astral-sh/ruff' && 'depot-ubuntu-22.04-32' || 'ubuntu-latest' }}
-    timeout-minutes: 20
-    # TODO: Enable once we fixed the non-deterministic diagnostics
-    if: false
-    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          path: ruff
-          fetch-depth: 0
-          persist-credentials: false
-
-      - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
-
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
-        with:
-          workspaces: "ruff"
-          shared-key: "mypy-primer"
-
-      - name: Install Rust toolchain
-        run: rustup show
-
-      - name: Run determinism check
-        env:
-          BASE_REVISION: ${{ github.event.pull_request.head.sha }}
-          PRIMER_SELECTOR: crates/ty_python_semantic/resources/primer/good.txt
-          CLICOLOR_FORCE: "1"
-          DIFF_FILE: mypy_primer_determinism.diff
-        run: |
-          cd ruff
-          scripts/mypy_primer.sh
-
-      - name: Check for non-determinism
-        run: |
-          # Remove ANSI color codes for checking
-          sed -e 's/\x1b\[[0-9;]*m//g' mypy_primer_determinism.diff > mypy_primer_determinism_clean.diff
-
-          # Check if there are any differences (non-determinism)
-          if [ -s mypy_primer_determinism_clean.diff ]; then
-            echo "ERROR: Non-deterministic output detected!"
-            echo "The following differences were found when running ty twice on the same commit:"
-            cat mypy_primer_determinism_clean.diff
-            exit 1
-          else
-            echo "✓ Output is deterministic"
-          fi

.github/workflows/publish-docs.yml

@@ -20,13 +20,15 @@ on:
 jobs:
   mkdocs:
     runs-on: ubuntu-latest
+    env:
+      MKDOCS_INSIDERS_SSH_KEY_EXISTS: ${{ secrets.MKDOCS_INSIDERS_SSH_KEY != '' }}
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           ref: ${{ inputs.ref }}
           persist-credentials: true
 
-      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           python-version: 3.12
 
@@ -57,12 +59,23 @@ jobs:
           echo "branch_name=update-docs-$branch_display_name-$timestamp" >> "$GITHUB_ENV"
           echo "timestamp=$timestamp" >> "$GITHUB_ENV"
 
+      - name: "Add SSH key"
+        if: ${{ env.MKDOCS_INSIDERS_SSH_KEY_EXISTS == 'true' }}
+        uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1
+        with:
+          ssh-private-key: ${{ secrets.MKDOCS_INSIDERS_SSH_KEY }}
+
       - name: "Install Rust toolchain"
         run: rustup show
 
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+
+      - name: "Install Insiders dependencies"
+        if: ${{ env.MKDOCS_INSIDERS_SSH_KEY_EXISTS == 'true' }}
+        run: pip install -r docs/requirements-insiders.txt
 
       - name: "Install dependencies"
+        if: ${{ env.MKDOCS_INSIDERS_SSH_KEY_EXISTS != 'true' }}
         run: pip install -r docs/requirements.txt
 
       - name: "Copy README File"
@@ -70,8 +83,13 @@ jobs:
           python scripts/transform_readme.py --target mkdocs
           python scripts/generate_mkdocs.py
 
+      - name: "Build Insiders docs"
+        if: ${{ env.MKDOCS_INSIDERS_SSH_KEY_EXISTS == 'true' }}
+        run: mkdocs build --strict -f mkdocs.insiders.yml
+
       - name: "Build docs"
-        run: mkdocs build --strict -f mkdocs.yml
+        if: ${{ env.MKDOCS_INSIDERS_SSH_KEY_EXISTS != 'true' }}
+        run: mkdocs build --strict -f mkdocs.public.yml
 
       - name: "Clone docs repo"
         run: git clone https://${{ secrets.ASTRAL_DOCS_PAT }}@github.com/astral-sh/docs.git astral-docs

.github/workflows/publish-playground.yml

@@ -37,7 +37,7 @@ jobs:
           package-manager-cache: false
       - uses: jetli/wasm-bindgen-action@20b33e20595891ab1a0ed73145d8a21fc96e7c29 # v0.2.0
       - name: "Install Node dependencies"
-        run: npm ci --ignore-scripts
+        run: npm ci
         working-directory: playground
       - name: "Run TypeScript checks"
         run: npm run check

.github/workflows/publish-pypi.yml

@@ -22,7 +22,7 @@ jobs:
       id-token: write
     steps:
       - name: "Install uv"
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
       - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
         with:
           pattern: wheels-*

.github/workflows/publish-ty-playground.yml

@@ -41,7 +41,7 @@ jobs:
           package-manager-cache: false
       - uses: jetli/wasm-bindgen-action@20b33e20595891ab1a0ed73145d8a21fc96e7c29 # v0.2.0
       - name: "Install Node dependencies"
-        run: npm ci --ignore-scripts
+        run: npm ci
         working-directory: playground
       - name: "Run TypeScript checks"
         run: npm run check

.github/workflows/release.yml

@@ -60,7 +60,7 @@ jobs:
     env:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+      - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493
         with:
           persist-credentials: false
           submodules: recursive
@@ -123,7 +123,7 @@ jobs:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       BUILD_MANIFEST_NAME: target/distrib/global-dist-manifest.json
     steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+      - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493
         with:
           persist-credentials: false
           submodules: recursive
@@ -174,7 +174,7 @@ jobs:
     outputs:
       val: ${{ steps.host.outputs.manifest }}
     steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+      - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493
         with:
           persist-credentials: false
           submodules: recursive
@@ -250,7 +250,7 @@ jobs:
     env:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+      - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493
         with:
           persist-credentials: false
           submodules: recursive

.github/workflows/sync_typeshed.yaml

@@ -77,7 +77,7 @@ jobs:
         run: |
           git config --global user.name typeshedbot
           git config --global user.email '<>'
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
       - name: Sync typeshed stubs
         run: |
           rm -rf "ruff/${VENDORED_TYPESHED}"
@@ -131,7 +131,7 @@ jobs:
         with:
           persist-credentials: true
           ref: ${{ env.UPSTREAM_BRANCH}}
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
       - name: Setup git
         run: |
           git config --global user.name typeshedbot
@@ -170,7 +170,7 @@ jobs:
         with:
           persist-credentials: true
           ref: ${{ env.UPSTREAM_BRANCH}}
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
       - name: Setup git
         run: |
           git config --global user.name typeshedbot
@@ -198,7 +198,7 @@ jobs:
         run: |
           rm "${VENDORED_TYPESHED}/pyproject.toml"
           git commit -am "Remove pyproject.toml file"
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
       - name: "Install Rust toolchain"
         if: ${{ success() }}
         run: rustup show
@@ -207,12 +207,12 @@ jobs:
         uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
       - name: "Install cargo nextest"
         if: ${{ success() }}
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
+        uses: taiki-e/install-action@537c30d2b45cc3aa3fb35e2bbcfb61ef93fd6f02 # v2.62.52
         with:
           tool: cargo-nextest
       - name: "Install cargo insta"
         if: ${{ success() }}
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
+        uses: taiki-e/install-action@537c30d2b45cc3aa3fb35e2bbcfb61ef93fd6f02 # v2.62.52
         with:
           tool: cargo-insta
       - name: Update snapshots

.github/workflows/ty-ecosystem-analyzer.yaml

@@ -33,11 +33,11 @@ jobs:
           persist-credentials: false
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
         with:
           enable-cache: true # zizmor: ignore[cache-poisoning] acceptable risk for CloudFlare pages artifact
 
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           workspaces: "ruff"
           lookup-only: false # zizmor: ignore[cache-poisoning] acceptable risk for CloudFlare pages artifact
@@ -67,7 +67,7 @@ jobs:
 
           cd ..
 
-          uv tool install "git+https://github.com/astral-sh/ecosystem-analyzer@2e1816eac09c90140b1ba51d19afc5f59da460f5"
+          uv tool install "git+https://github.com/astral-sh/ecosystem-analyzer@e26ebfb78d372b8b091e1cb1d6fc522e135474c1"
 
           ecosystem-analyzer \
             --repository ruff \

.github/workflows/ty-ecosystem-report.yaml

@@ -29,11 +29,11 @@ jobs:
           persist-credentials: false
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
         with:
           enable-cache: true # zizmor: ignore[cache-poisoning] acceptable risk for CloudFlare pages artifact
 
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           workspaces: "ruff"
           lookup-only: false # zizmor: ignore[cache-poisoning] acceptable risk for CloudFlare pages artifact
@@ -52,7 +52,7 @@ jobs:
 
           cd ..
 
-          uv tool install "git+https://github.com/astral-sh/ecosystem-analyzer@2e1816eac09c90140b1ba51d19afc5f59da460f5"
+          uv tool install "git+https://github.com/astral-sh/ecosystem-analyzer@e26ebfb78d372b8b091e1cb1d6fc522e135474c1"
 
           ecosystem-analyzer \
             --verbose \

.github/workflows/typing_conformance.yaml

@@ -45,7 +45,7 @@ jobs:
           path: typing
           persist-credentials: false
 
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
         with:
           workspaces: "ruff"
 

.vscode/settings.json

@@ -5,6 +5,5 @@
     "rust-analyzer.check.command": "clippy",
     "search.exclude": {
         "**/*.snap": true
-    },
-    "ty.diagnosticMode": "openFilesOnly"
+    }
 }

CHANGELOG.md

@@ -1,111 +1,5 @@
 # Changelog
 
-## 0.14.9
-
-Released on 2025-12-11.
-
-### Preview features
-
-- \[`ruff`\] New `RUF100` diagnostics for unused range suppressions ([#21783](https://github.com/astral-sh/ruff/pull/21783))
-- \[`pylint`\] Detect subclasses of builtin exceptions (`PLW0133`) ([#21382](https://github.com/astral-sh/ruff/pull/21382))
-
-### Bug fixes
-
-- Fix comment placement in lambda parameters ([#21868](https://github.com/astral-sh/ruff/pull/21868))
-- Skip over trivia tokens after re-lexing ([#21895](https://github.com/astral-sh/ruff/pull/21895))
-- \[`flake8-bandit`\] Fix false positive when using non-standard `CSafeLoader` path (S506). ([#21830](https://github.com/astral-sh/ruff/pull/21830))
-- \[`flake8-bugbear`\] Accept immutable slice default arguments (`B008`) ([#21823](https://github.com/astral-sh/ruff/pull/21823))
-
-### Rule changes
-
-- \[`pydocstyle`\] Suppress `D417` for parameters with `Unpack` annotations ([#21816](https://github.com/astral-sh/ruff/pull/21816))
-
-### Performance
-
-- Use `memchr` for computing line indexes ([#21838](https://github.com/astral-sh/ruff/pull/21838))
-
-### Documentation
-
-- Document `*.pyw` is included by default in preview ([#21885](https://github.com/astral-sh/ruff/pull/21885))
-- Document range suppressions, reorganize suppression docs ([#21884](https://github.com/astral-sh/ruff/pull/21884))
-- Update mkdocs-material to 9.7.0 (Insiders now free) ([#21797](https://github.com/astral-sh/ruff/pull/21797))
-
-### Contributors
-
-- [@Avasam](https://github.com/Avasam)
-- [@MichaReiser](https://github.com/MichaReiser)
-- [@charliermarsh](https://github.com/charliermarsh)
-- [@amyreese](https://github.com/amyreese)
-- [@phongddo](https://github.com/phongddo)
-- [@prakhar1144](https://github.com/prakhar1144)
-- [@mahiro72](https://github.com/mahiro72)
-- [@ntBre](https://github.com/ntBre)
-- [@LoicRiegel](https://github.com/LoicRiegel)
-
-## 0.14.8
-
-Released on 2025-12-04.
-
-### Preview features
-
-- \[`flake8-bugbear`\] Catch `yield` expressions within other statements (`B901`) ([#21200](https://github.com/astral-sh/ruff/pull/21200))
-- \[`flake8-use-pathlib`\] Mark fixes unsafe for return type changes (`PTH104`, `PTH105`, `PTH109`, `PTH115`) ([#21440](https://github.com/astral-sh/ruff/pull/21440))
-
-### Bug fixes
-
-- Fix syntax error false positives for `await` outside functions ([#21763](https://github.com/astral-sh/ruff/pull/21763))
-- \[`flake8-simplify`\] Fix truthiness assumption for non-iterable arguments in tuple/list/set calls (`SIM222`, `SIM223`) ([#21479](https://github.com/astral-sh/ruff/pull/21479))
-
-### Documentation
-
-- Suggest using `--output-file` option in GitLab integration ([#21706](https://github.com/astral-sh/ruff/pull/21706))
-
-### Other changes
-
-- [syntax-error] Default type parameter followed by non-default type parameter ([#21657](https://github.com/astral-sh/ruff/pull/21657))
-
-### Contributors
-
-- [@kieran-ryan](https://github.com/kieran-ryan)
-- [@11happy](https://github.com/11happy)
-- [@danparizher](https://github.com/danparizher)
-- [@ntBre](https://github.com/ntBre)
-
-## 0.14.7
-
-Released on 2025-11-28.
-
-### Preview features
-
-- \[`flake8-bandit`\] Handle string literal bindings in suspicious-url-open-usage (`S310`) ([#21469](https://github.com/astral-sh/ruff/pull/21469))
-- \[`pylint`\] Fix `PLR1708` false positives on nested functions ([#21177](https://github.com/astral-sh/ruff/pull/21177))
-- \[`pylint`\] Fix suppression for empty dict without tuple key annotation (`PLE1141`) ([#21290](https://github.com/astral-sh/ruff/pull/21290))
-- \[`ruff`\] Add rule `RUF066` to detect unnecessary class properties ([#21535](https://github.com/astral-sh/ruff/pull/21535))
-- \[`ruff`\] Catch more dummy variable uses (`RUF052`) ([#19799](https://github.com/astral-sh/ruff/pull/19799))
-
-### Bug fixes
-
-- [server] Set severity for non-rule diagnostics ([#21559](https://github.com/astral-sh/ruff/pull/21559))
-- \[`flake8-implicit-str-concat`\] Avoid invalid fix in (`ISC003`) ([#21517](https://github.com/astral-sh/ruff/pull/21517))
-- \[`parser`\] Fix panic when parsing IPython escape command expressions ([#21480](https://github.com/astral-sh/ruff/pull/21480))
-
-### CLI
-
-- Show partial fixability indicator in statistics output ([#21513](https://github.com/astral-sh/ruff/pull/21513))
-
-### Contributors
-
-- [@mikeleppane](https://github.com/mikeleppane)
-- [@senekor](https://github.com/senekor)
-- [@ShaharNaveh](https://github.com/ShaharNaveh)
-- [@JumboBear](https://github.com/JumboBear)
-- [@prakhar1144](https://github.com/prakhar1144)
-- [@tsvikas](https://github.com/tsvikas)
-- [@danparizher](https://github.com/danparizher)
-- [@chirizxc](https://github.com/chirizxc)
-- [@AlexWaygood](https://github.com/AlexWaygood)
-- [@MichaReiser](https://github.com/MichaReiser)
-
 ## 0.14.6
 
 Released on 2025-11-21.

CONTRIBUTING.md

@@ -331,6 +331,13 @@ you addressed them.
 
 ## MkDocs
 
+> [!NOTE]
+>
+> The documentation uses Material for MkDocs Insiders, which is closed-source software.
+> This means only members of the Astral organization can preview the documentation exactly as it
+> will appear in production.
+> Outside contributors can still preview the documentation, but there will be some differences. Consult [the Material for MkDocs documentation](https://squidfunk.github.io/mkdocs-material/insiders/benefits/#features) for which features are exclusively available in the insiders version.
+
 To preview any changes to the documentation locally:
 
 1. Install the [Rust toolchain](https://www.rust-lang.org/tools/install).
@@ -344,7 +351,11 @@ To preview any changes to the documentation locally:
 1. Run the development server with:
 
     ```shell
-    uvx --with-requirements docs/requirements.txt -- mkdocs serve -f mkdocs.yml
+    # For contributors.
+    uvx --with-requirements docs/requirements.txt -- mkdocs serve -f mkdocs.public.yml
+
+    # For members of the Astral org, which has access to MkDocs Insiders via sponsorship.
+    uvx --with-requirements docs/requirements-insiders.txt -- mkdocs serve -f mkdocs.insiders.yml
     ```
 
 The documentation should then be available locally at

Cargo.lock

@@ -254,21 +254,6 @@ dependencies = [
  "syn",
 ]
 
-[[package]]
-name = "bit-set"
-version = "0.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "08807e080ed7f9d5433fa9b275196cfc35414f66a0c79d864dc51a0d825231a3"
-dependencies = [
- "bit-vec",
-]
-
-[[package]]
-name = "bit-vec"
-version = "0.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5e764a1d40d510daf35e07be9eb06e75770908c27d411ee6c92109c9840eaaf7"
-
 [[package]]
 name = "bitflags"
 version = "1.3.2"
@@ -457,9 +442,9 @@ dependencies = [
 
 [[package]]
 name = "clap"
-version = "4.5.53"
+version = "4.5.51"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9e340e012a1bf4935f5282ed1436d1489548e8f72308207ea5df0e23d2d03f8"
+checksum = "4c26d721170e0295f191a69bd9a1f93efcdb0aff38684b61ab5750468972e5f5"
 dependencies = [
  "clap_builder",
  "clap_derive",
@@ -467,9 +452,9 @@ dependencies = [
 
 [[package]]
 name = "clap_builder"
-version = "4.5.53"
+version = "4.5.51"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d76b5d13eaa18c901fd2f7fca939fefe3a0727a953561fefdf3b2922b8569d00"
+checksum = "75835f0c7bf681bfd05abe44e965760fea999a5286c6eb2d59883634fd02011a"
 dependencies = [
  "anstream",
  "anstyle",
@@ -959,18 +944,6 @@ dependencies = [
  "parking_lot_core",
 ]
 
-[[package]]
-name = "datatest-stable"
-version = "0.3.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a867d7322eb69cf3a68a5426387a25b45cb3b9c5ee41023ee6cea92e2afadd82"
-dependencies = [
- "camino",
- "fancy-regex",
- "libtest-mimic 0.8.1",
- "walkdir",
-]
-
 [[package]]
 name = "derive-where"
 version = "1.6.0"
@@ -1165,17 +1138,6 @@ dependencies = [
  "windows-sys 0.61.0",
 ]
 
-[[package]]
-name = "fancy-regex"
-version = "0.14.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6e24cb5a94bcae1e5408b0effca5cd7172ea3c5755049c5f3af4cd283a165298"
-dependencies = [
- "bit-set",
- "regex-automata",
- "regex-syntax",
-]
-
 [[package]]
 name = "fastrand"
 version = "2.3.0"
@@ -1276,9 +1238,9 @@ dependencies = [
 
 [[package]]
 name = "get-size-derive2"
-version = "0.7.3"
+version = "0.7.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ab21d7bd2c625f2064f04ce54bcb88bc57c45724cde45cba326d784e22d3f71a"
+checksum = "ff47daa61505c85af126e9dd64af6a342a33dc0cccfe1be74ceadc7d352e6efd"
 dependencies = [
  "attribute-derive",
  "quote",
@@ -1287,15 +1249,14 @@ dependencies = [
 
 [[package]]
 name = "get-size2"
-version = "0.7.3"
+version = "0.7.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "879272b0de109e2b67b39fcfe3d25fdbba96ac07e44a254f5a0b4d7ff55340cb"
+checksum = "ac7bb8710e1f09672102be7ddf39f764d8440ae74a9f4e30aaa4820dcdffa4af"
 dependencies = [
  "compact_str",
  "get-size-derive2",
- "hashbrown 0.16.1",
+ "hashbrown 0.16.0",
  "indexmap",
- "ordermap",
  "smallvec",
 ]
 
@@ -1392,9 +1353,9 @@ dependencies = [
 
 [[package]]
 name = "hashbrown"
-version = "0.16.1"
+version = "0.16.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100"
+checksum = "5419bdc4f6a9207fbeba6d11b604d481addf78ecd10c11ad51e76c2f6482748d"
 dependencies = [
  "equivalent",
 ]
@@ -1603,12 +1564,12 @@ dependencies = [
 
 [[package]]
 name = "indexmap"
-version = "2.12.1"
+version = "2.12.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0ad4bb2b565bca0645f4d68c5c9af97fba094e9791da685bf83cb5f3ce74acf2"
+checksum = "6717a8d2a5a929a1a2eb43a12812498ed141a0bcfb7e8f7844fbdbe4303bba9f"
 dependencies = [
  "equivalent",
- "hashbrown 0.16.1",
+ "hashbrown 0.16.0",
  "serde",
  "serde_core",
 ]
@@ -1663,6 +1624,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "46fdb647ebde000f43b5b53f773c30cf9b0cb4300453208713fa38b2c70935a0"
 dependencies = [
  "console 0.15.11",
+ "globset",
  "once_cell",
  "pest",
  "pest_derive",
@@ -1670,6 +1632,7 @@ dependencies = [
  "ron",
  "serde",
  "similar",
+ "walkdir",
 ]
 
 [[package]]
@@ -1955,18 +1918,6 @@ dependencies = [
  "threadpool",
 ]
 
-[[package]]
-name = "libtest-mimic"
-version = "0.8.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5297962ef19edda4ce33aaa484386e0a5b3d7f2f4e037cbeee00503ef6b29d33"
-dependencies = [
- "anstream",
- "anstyle",
- "clap",
- "escape8259",
-]
-
 [[package]]
 name = "linux-raw-sys"
 version = "0.11.0"
@@ -2282,9 +2233,9 @@ checksum = "04744f49eae99ab78e0d5c0b603ab218f515ea8cfe5a456d7629ad883a3b6e7d"
 
 [[package]]
 name = "ordermap"
-version = "1.0.0"
+version = "0.5.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ed637741ced8fb240855d22a2b4f208dab7a06bcce73380162e5253000c16758"
+checksum = "b100f7dd605611822d30e182214d3c02fdefce2d801d23993f6b6ba6ca1392af"
 dependencies = [
  "indexmap",
  "serde",
@@ -2908,7 +2859,7 @@ dependencies = [
 
 [[package]]
 name = "ruff"
-version = "0.14.9"
+version = "0.14.6"
 dependencies = [
  "anyhow",
  "argfile",
@@ -3166,18 +3117,17 @@ dependencies = [
 
 [[package]]
 name = "ruff_linter"
-version = "0.14.9"
+version = "0.14.6"
 dependencies = [
  "aho-corasick",
  "anyhow",
  "bitflags 2.10.0",
  "clap",
  "colored 3.0.0",
- "compact_str",
  "fern",
  "glob",
  "globset",
- "hashbrown 0.16.1",
+ "hashbrown 0.16.0",
  "imperative",
  "insta",
  "is-macro",
@@ -3326,7 +3276,6 @@ dependencies = [
  "anyhow",
  "clap",
  "countme",
- "datatest-stable",
  "insta",
  "itertools 0.14.0",
  "memchr",
@@ -3396,10 +3345,8 @@ dependencies = [
  "bitflags 2.10.0",
  "bstr",
  "compact_str",
- "datatest-stable",
  "get-size2",
  "insta",
- "itertools 0.14.0",
  "memchr",
  "ruff_annotate_snippets",
  "ruff_python_ast",
@@ -3525,7 +3472,7 @@ dependencies = [
 
 [[package]]
 name = "ruff_wasm"
-version = "0.14.9"
+version = "0.14.6"
 dependencies = [
  "console_error_panic_hook",
  "console_log",
@@ -3641,7 +3588,7 @@ checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f"
 [[package]]
 name = "salsa"
 version = "0.24.0"
-source = "git+https://github.com/salsa-rs/salsa.git?rev=55e5e7d32fa3fc189276f35bb04c9438f9aedbd1#55e5e7d32fa3fc189276f35bb04c9438f9aedbd1"
+source = "git+https://github.com/salsa-rs/salsa.git?rev=a885bb4c4c192741b8a17418fef81a71e33d111e#a885bb4c4c192741b8a17418fef81a71e33d111e"
 dependencies = [
  "boxcar",
  "compact_str",
@@ -3652,7 +3599,6 @@ dependencies = [
  "indexmap",
  "intrusive-collections",
  "inventory",
- "ordermap",
  "parking_lot",
  "portable-atomic",
  "rustc-hash",
@@ -3666,12 +3612,12 @@ dependencies = [
 [[package]]
 name = "salsa-macro-rules"
 version = "0.24.0"
-source = "git+https://github.com/salsa-rs/salsa.git?rev=55e5e7d32fa3fc189276f35bb04c9438f9aedbd1#55e5e7d32fa3fc189276f35bb04c9438f9aedbd1"
+source = "git+https://github.com/salsa-rs/salsa.git?rev=a885bb4c4c192741b8a17418fef81a71e33d111e#a885bb4c4c192741b8a17418fef81a71e33d111e"
 
 [[package]]
 name = "salsa-macros"
 version = "0.24.0"
-source = "git+https://github.com/salsa-rs/salsa.git?rev=55e5e7d32fa3fc189276f35bb04c9438f9aedbd1#55e5e7d32fa3fc189276f35bb04c9438f9aedbd1"
+source = "git+https://github.com/salsa-rs/salsa.git?rev=a885bb4c4c192741b8a17418fef81a71e33d111e#a885bb4c4c192741b8a17418fef81a71e33d111e"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -3989,9 +3935,9 @@ checksum = "804f44ed3c63152de6a9f90acbea1a110441de43006ea51bcce8f436196a288b"
 
 [[package]]
 name = "syn"
-version = "2.0.111"
+version = "2.0.110"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "390cc9a294ab71bdb1aa2e99d13be9c753cd2d7bd6560c77118597410c4d2e87"
+checksum = "a99801b5bd34ede4cf3fc688c5919368fea4e4814a4664359503e6015b280aea"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -4270,9 +4216,9 @@ checksum = "df8b2b54733674ad286d16267dcfc7a71ed5c776e4ac7aa3c3e2561f7c637bf2"
 
 [[package]]
 name = "tracing"
-version = "0.1.43"
+version = "0.1.41"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2d15d90a0b5c19378952d479dc858407149d7bb45a14de0142f6c534b16fc647"
+checksum = "784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0"
 dependencies = [
  "log",
  "pin-project-lite",
@@ -4282,9 +4228,9 @@ dependencies = [
 
 [[package]]
 name = "tracing-attributes"
-version = "0.1.31"
+version = "0.1.30"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da"
+checksum = "81383ab64e72a7a8b8e13130c49e3dab29def6d0c7d76a03087b3cf71c5c6903"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -4293,9 +4239,9 @@ dependencies = [
 
 [[package]]
 name = "tracing-core"
-version = "0.1.35"
+version = "0.1.34"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7a04e24fab5c89c6a36eb8558c9656f30d81de51dfa4d3b45f26b21d61fa0a6c"
+checksum = "b9d12581f227e93f094d3af2ae690a574abb8a2b9b7a96e7cfe9647b2b617678"
 dependencies = [
  "once_cell",
  "valuable",
@@ -4337,9 +4283,9 @@ dependencies = [
 
 [[package]]
 name = "tracing-subscriber"
-version = "0.3.22"
+version = "0.3.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2f30143827ddab0d256fd843b7a66d164e9f271cfa0dde49142c5ca0ca291f1e"
+checksum = "2054a14f5307d601f88daf0553e1cbf472acc4f2c51afab632431cdcd72124d5"
 dependencies = [
  "chrono",
  "matchers",
@@ -4361,7 +4307,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5fe242ee9e646acec9ab73a5c540e8543ed1b107f0ce42be831e0775d423c396"
 dependencies = [
  "ignore",
- "libtest-mimic 0.7.3",
+ "libtest-mimic",
  "snapbox",
 ]
 
@@ -4390,7 +4336,6 @@ dependencies = [
  "ruff_python_trivia",
  "salsa",
  "tempfile",
- "tikv-jemallocator",
  "toml",
  "tracing",
  "tracing-flame",
@@ -4517,7 +4462,7 @@ dependencies = [
  "drop_bomb",
  "get-size2",
  "glob",
- "hashbrown 0.16.1",
+ "hashbrown 0.16.0",
  "indexmap",
  "indoc",
  "insta",
@@ -4529,7 +4474,6 @@ dependencies = [
  "quickcheck_macros",
  "ruff_annotate_snippets",
  "ruff_db",
- "ruff_diagnostics",
  "ruff_index",
  "ruff_macros",
  "ruff_memory_usage",
@@ -4575,7 +4519,6 @@ dependencies = [
  "lsp-types",
  "regex",
  "ruff_db",
- "ruff_diagnostics",
  "ruff_macros",
  "ruff_notebook",
  "ruff_python_ast",
@@ -4611,13 +4554,11 @@ dependencies = [
  "anyhow",
  "camino",
  "colored 3.0.0",
- "dunce",
  "insta",
  "memchr",
  "path-slash",
  "regex",
  "ruff_db",
- "ruff_diagnostics",
  "ruff_index",
  "ruff_notebook",
  "ruff_python_ast",
@@ -4659,7 +4600,6 @@ dependencies = [
  "js-sys",
  "log",
  "ruff_db",
- "ruff_diagnostics",
  "ruff_notebook",
  "ruff_python_formatter",
  "ruff_source_file",

Cargo.toml

@@ -5,7 +5,7 @@ resolver = "2"
 [workspace.package]
 # Please update rustfmt.toml when bumping the Rust edition
 edition = "2024"
-rust-version = "1.90"
+rust-version = "1.89"
 homepage = "https://docs.astral.sh/ruff"
 documentation = "https://docs.astral.sh/ruff"
 repository = "https://github.com/astral-sh/ruff"
@@ -81,7 +81,6 @@ compact_str = "0.9.0"
 criterion = { version = "0.7.0", default-features = false }
 crossbeam = { version = "0.8.4" }
 dashmap = { version = "6.0.1" }
-datatest-stable = { version = "0.3.3" }
 dir-test = { version = "0.4.0" }
 dunce = { version = "1.0.5" }
 drop_bomb = { version = "0.1.5" }
@@ -89,7 +88,7 @@ etcetera = { version = "0.11.0" }
 fern = { version = "0.7.0" }
 filetime = { version = "0.2.23" }
 getrandom = { version = "0.3.1" }
-get-size2 = { version = "0.7.3", features = [
+get-size2 = { version = "0.7.0", features = [
     "derive",
     "smallvec",
     "hashbrown",
@@ -130,7 +129,7 @@ memchr = { version = "2.7.1" }
 mimalloc = { version = "0.1.39" }
 natord = { version = "1.0.9" }
 notify = { version = "8.0.0" }
-ordermap = { version = "1.0.0" }
+ordermap = { version = "0.5.0" }
 path-absolutize = { version = "3.1.1" }
 path-slash = { version = "0.2.1" }
 pathdiff = { version = "0.2.1" }
@@ -147,7 +146,7 @@ regex-automata = { version = "0.4.9" }
 rustc-hash = { version = "2.0.0" }
 rustc-stable-hash = { version = "0.1.2" }
 # When updating salsa, make sure to also update the revision in `fuzz/Cargo.toml`
-salsa = { git = "https://github.com/salsa-rs/salsa.git", rev = "55e5e7d32fa3fc189276f35bb04c9438f9aedbd1", default-features = false, features = [
+salsa = { git = "https://github.com/salsa-rs/salsa.git", rev = "a885bb4c4c192741b8a17418fef81a71e33d111e", default-features = false, features = [
     "compact_str",
     "macros",
     "salsa_unstable",
@@ -273,12 +272,6 @@ large_stack_arrays = "allow"
 lto = "fat"
 codegen-units = 16
 
-# Profile to build a minimally sized binary for ruff/ty
-[profile.minimal-size]
-inherits = "release"
-opt-level = "z"
-codegen-units = 1
-
 # Some crates don't change as much but benefit more from
 # more expensive optimization passes, so we selectively
 # decrease codegen-units in some cases.

README.md

@@ -57,11 +57,8 @@ Ruff is extremely actively developed and used in major open-source projects like
 
 ...and [many more](#whos-using-ruff).
 
-Ruff is backed by [Astral](https://astral.sh), the creators of
-[uv](https://github.com/astral-sh/uv) and [ty](https://github.com/astral-sh/ty).
-
-Read the [launch post](https://astral.sh/blog/announcing-astral-the-company-behind-ruff), or the
-original [project announcement](https://notes.crmarsh.com/python-tooling-could-be-much-much-faster).
+Ruff is backed by [Astral](https://astral.sh). Read the [launch post](https://astral.sh/blog/announcing-astral-the-company-behind-ruff),
+or the original [project announcement](https://notes.crmarsh.com/python-tooling-could-be-much-much-faster).
 
 ## Testimonials
 
@@ -150,8 +147,8 @@ curl -LsSf https://astral.sh/ruff/install.sh | sh
 powershell -c "irm https://astral.sh/ruff/install.ps1 | iex"
 
 # For a specific version.
-curl -LsSf https://astral.sh/ruff/0.14.9/install.sh | sh
-powershell -c "irm https://astral.sh/ruff/0.14.9/install.ps1 | iex"
+curl -LsSf https://astral.sh/ruff/0.14.6/install.sh | sh
+powershell -c "irm https://astral.sh/ruff/0.14.6/install.ps1 | iex"
 ```
 
 You can also install Ruff via [Homebrew](https://formulae.brew.sh/formula/ruff), [Conda](https://anaconda.org/conda-forge/ruff),
@@ -184,7 +181,7 @@ Ruff can also be used as a [pre-commit](https://pre-commit.com/) hook via [`ruff
 ```yaml
 - repo: https://github.com/astral-sh/ruff-pre-commit
   # Ruff version.
-  rev: v0.14.9
+  rev: v0.14.6
   hooks:
     # Run the linter.
     - id: ruff-check

crates/ruff/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "ruff"
-version = "0.14.9"
+version = "0.14.6"
 publish = true
 authors = { workspace = true }
 edition = { workspace = true }

crates/ruff/src/args.rs

@@ -10,7 +10,7 @@ use anyhow::bail;
 use clap::builder::Styles;
 use clap::builder::styling::{AnsiColor, Effects};
 use clap::builder::{TypedValueParser, ValueParserFactory};
-use clap::{Parser, Subcommand};
+use clap::{Parser, Subcommand, command};
 use colored::Colorize;
 use itertools::Itertools;
 use path_absolutize::path_dedot;

crates/ruff/src/lib.rs

@@ -9,7 +9,7 @@ use std::sync::mpsc::channel;
 use anyhow::Result;
 use clap::CommandFactory;
 use colored::Colorize;
-use log::error;
+use log::{error, warn};
 use notify::{RecursiveMode, Watcher, recommended_watcher};
 
 use args::{GlobalConfigArgs, ServerCommand};

crates/ruff/src/printer.rs

@@ -34,21 +34,9 @@ struct ExpandedStatistics<'a> {
     code: Option<&'a SecondaryCode>,
     name: &'static str,
     count: usize,
-    #[serde(rename = "fixable")]
-    all_fixable: bool,
-    fixable_count: usize,
+    fixable: bool,
 }
 
-impl ExpandedStatistics<'_> {
-    fn any_fixable(&self) -> bool {
-        self.fixable_count > 0
-    }
-}
-
-/// Accumulator type for grouping diagnostics by code.
-/// Format: (`code`, `representative_diagnostic`, `total_count`, `fixable_count`)
-type DiagnosticGroup<'a> = (Option<&'a SecondaryCode>, &'a Diagnostic, usize, usize);
-
 pub(crate) struct Printer {
     format: OutputFormat,
     log_level: LogLevel,
@@ -145,7 +133,7 @@ impl Printer {
                         if fixables.applicable > 0 {
                             writeln!(
                                 writer,
-                                "{fix_prefix} {} fixable with the `--fix` option.",
+                                "{fix_prefix} {} fixable with the --fix option.",
                                 fixables.applicable
                             )?;
                         }
@@ -268,41 +256,35 @@ impl Printer {
         diagnostics: &Diagnostics,
         writer: &mut dyn Write,
     ) -> Result<()> {
-        let required_applicability = self.unsafe_fixes.required_applicability();
         let statistics: Vec<ExpandedStatistics> = diagnostics
             .inner
             .iter()
-            .sorted_by_key(|diagnostic| diagnostic.secondary_code())
-            .fold(vec![], |mut acc: Vec<DiagnosticGroup>, diagnostic| {
-                let is_fixable = diagnostic
-                    .fix()
-                    .is_some_and(|fix| fix.applies(required_applicability));
-                let code = diagnostic.secondary_code();
-
-                if let Some((prev_code, _prev_message, count, fixable_count)) = acc.last_mut() {
+            .map(|message| (message.secondary_code(), message))
+            .sorted_by_key(|(code, message)| (*code, message.fixable()))
+            .fold(
+                vec![],
+                |mut acc: Vec<((Option<&SecondaryCode>, &Diagnostic), usize)>, (code, message)| {
+                    if let Some(((prev_code, _prev_message), count)) = acc.last_mut() {
                         if *prev_code == code {
                             *count += 1;
-                        if is_fixable {
-                            *fixable_count += 1;
-                        }
                             return acc;
                         }
                     }
-                acc.push((code, diagnostic, 1, usize::from(is_fixable)));
+                    acc.push(((code, message), 1));
                     acc
-            })
+                },
+            )
             .iter()
-            .map(
-                |&(code, message, count, fixable_count)| ExpandedStatistics {
+            .map(|&((code, message), count)| ExpandedStatistics {
                 code,
                 name: message.name(),
                 count,
-                    // Backward compatibility: `fixable` is true only when all violations are fixable.
-                    // See: https://github.com/astral-sh/ruff/pull/21513
-                    all_fixable: fixable_count == count,
-                    fixable_count,
+                fixable: if let Some(fix) = message.fix() {
+                    fix.applies(self.unsafe_fixes.required_applicability())
+                } else {
+                    false
                 },
-            )
+            })
             .sorted_by_key(|statistic| Reverse(statistic.count))
             .collect();
 
@@ -326,14 +308,13 @@ impl Printer {
                     .map(|statistic| statistic.code.map_or(0, |s| s.len()))
                     .max()
                     .unwrap();
-                let any_fixable = statistics.iter().any(ExpandedStatistics::any_fixable);
+                let any_fixable = statistics.iter().any(|statistic| statistic.fixable);
 
-                let all_fixable = format!("[{}] ", "*".cyan());
-                let partially_fixable = format!("[{}] ", "-".cyan());
+                let fixable = format!("[{}] ", "*".cyan());
                 let unfixable = "[ ] ";
 
                 // By default, we mimic Flake8's `--statistics` format.
-                for statistic in &statistics {
+                for statistic in statistics {
                     writeln!(
                         writer,
                         "{:>count_width$}\t{:<code_width$}\t{}{}",
@@ -345,10 +326,8 @@ impl Printer {
                             .red()
                             .bold(),
                         if any_fixable {
-                            if statistic.all_fixable {
-                                &all_fixable
-                            } else if statistic.any_fixable() {
-                                &partially_fixable
+                            if statistic.fixable {
+                                &fixable
                             } else {
                                 unfixable
                             }

crates/ruff/tests/cli/lint.rs

@@ -1440,78 +1440,6 @@ def function():
     Ok(())
 }
 
-#[test]
-fn ignore_noqa() -> Result<()> {
-    let fixture = CliTest::new()?;
-    fixture.write_file(
-        "ruff.toml",
-        r#"
-[lint]
-select = ["F401"]
-"#,
-    )?;
-
-    fixture.write_file(
-        "noqa.py",
-        r#"
-import os  # noqa: F401
-
-# ruff: disable[F401]
-import sys
-"#,
-    )?;
-
-    // without --ignore-noqa
-    assert_cmd_snapshot!(fixture
-        .check_command()
-        .args(["--config", "ruff.toml"])
-        .arg("noqa.py"),
-        @r"
-    success: false
-    exit_code: 1
-    ----- stdout -----
-    noqa.py:5:8: F401 [*] `sys` imported but unused
-    Found 1 error.
-    [*] 1 fixable with the `--fix` option.
-
-    ----- stderr -----
-    ");
-
-    assert_cmd_snapshot!(fixture
-        .check_command()
-        .args(["--config", "ruff.toml"])
-        .arg("noqa.py")
-        .args(["--preview"]),
-        @r"
-    success: true
-    exit_code: 0
-    ----- stdout -----
-    All checks passed!
-
-    ----- stderr -----
-    ");
-
-    // with --ignore-noqa --preview
-    assert_cmd_snapshot!(fixture
-        .check_command()
-        .args(["--config", "ruff.toml"])
-        .arg("noqa.py")
-        .args(["--ignore-noqa", "--preview"]),
-        @r"
-    success: false
-    exit_code: 1
-    ----- stdout -----
-    noqa.py:2:8: F401 [*] `os` imported but unused
-    noqa.py:5:8: F401 [*] `sys` imported but unused
-    Found 2 errors.
-    [*] 2 fixable with the `--fix` option.
-
-    ----- stderr -----
-    ");
-
-    Ok(())
-}
-
 #[test]
 fn add_noqa() -> Result<()> {
     let fixture = CliTest::new()?;
@@ -1704,100 +1632,6 @@ def unused(x):  # noqa: ANN001, ARG001, D103
     Ok(())
 }
 
-#[test]
-fn add_noqa_existing_file_level_noqa() -> Result<()> {
-    let fixture = CliTest::new()?;
-    fixture.write_file(
-        "ruff.toml",
-        r#"
-[lint]
-select = ["F401"]
-"#,
-    )?;
-
-    fixture.write_file(
-        "noqa.py",
-        r#"
-# ruff: noqa F401
-import os
-"#,
-    )?;
-
-    assert_cmd_snapshot!(fixture
-        .check_command()
-        .args(["--config", "ruff.toml"])
-        .arg("noqa.py")
-        .arg("--preview")
-        .args(["--add-noqa"])
-        .arg("-")
-        .pass_stdin(r#"
-
-"#), @r"
-    success: true
-    exit_code: 0
-    ----- stdout -----
-
-    ----- stderr -----
-    ");
-
-    let test_code =
-        fs::read_to_string(fixture.root().join("noqa.py")).expect("should read test file");
-
-    insta::assert_snapshot!(test_code, @r"
-    # ruff: noqa F401
-    import os
-    ");
-
-    Ok(())
-}
-
-#[test]
-fn add_noqa_existing_range_suppression() -> Result<()> {
-    let fixture = CliTest::new()?;
-    fixture.write_file(
-        "ruff.toml",
-        r#"
-[lint]
-select = ["F401"]
-"#,
-    )?;
-
-    fixture.write_file(
-        "noqa.py",
-        r#"
-# ruff: disable[F401]
-import os
-"#,
-    )?;
-
-    assert_cmd_snapshot!(fixture
-        .check_command()
-        .args(["--config", "ruff.toml"])
-        .arg("noqa.py")
-        .arg("--preview")
-        .args(["--add-noqa"])
-        .arg("-")
-        .pass_stdin(r#"
-
-"#), @r"
-    success: true
-    exit_code: 0
-    ----- stdout -----
-
-    ----- stderr -----
-    ");
-
-    let test_code =
-        fs::read_to_string(fixture.root().join("noqa.py")).expect("should read test file");
-
-    insta::assert_snapshot!(test_code, @r"
-    # ruff: disable[F401]
-    import os
-    ");
-
-    Ok(())
-}
-
 #[test]
 fn add_noqa_multiline_comment() -> Result<()> {
     let fixture = CliTest::new()?;

crates/ruff/tests/integration_test.rs

@@ -1043,7 +1043,7 @@ def mvce(keys, values):
     ----- stdout -----
     1	C416	[*] unnecessary-comprehension
     Found 1 error.
-    [*] 1 fixable with the `--fix` option.
+    [*] 1 fixable with the --fix option.
 
     ----- stderr -----
     ");
@@ -1073,8 +1073,7 @@ def mvce(keys, values):
         "code": "C416",
         "name": "unnecessary-comprehension",
         "count": 1,
-        "fixable": false,
-        "fixable_count": 0
+        "fixable": false
       }
     ]
 
@@ -1107,8 +1106,7 @@ def mvce(keys, values):
         "code": "C416",
         "name": "unnecessary-comprehension",
         "count": 1,
-        "fixable": true,
-        "fixable_count": 1
+        "fixable": true
       }
     ]
 
@@ -1116,54 +1114,6 @@ def mvce(keys, values):
     "#);
 }
 
-#[test]
-fn show_statistics_json_partial_fix() {
-    let mut cmd = RuffCheck::default()
-        .args([
-            "--select",
-            "UP035",
-            "--statistics",
-            "--output-format",
-            "json",
-        ])
-        .build();
-    assert_cmd_snapshot!(cmd
-        .pass_stdin("from typing import List, AsyncGenerator"), @r#"
-    success: false
-    exit_code: 1
-    ----- stdout -----
-    [
-      {
-        "code": "UP035",
-        "name": "deprecated-import",
-        "count": 2,
-        "fixable": false,
-        "fixable_count": 1
-      }
-    ]
-
-    ----- stderr -----
-    "#);
-}
-
-#[test]
-fn show_statistics_partial_fix() {
-    let mut cmd = RuffCheck::default()
-        .args(["--select", "UP035", "--statistics"])
-        .build();
-    assert_cmd_snapshot!(cmd
-        .pass_stdin("from typing import List, AsyncGenerator"), @r"
-    success: false
-    exit_code: 1
-    ----- stdout -----
-    2	UP035	[-] deprecated-import
-    Found 2 errors.
-    [*] 1 fixable with the `--fix` option.
-
-    ----- stderr -----
-    ");
-}
-
 #[test]
 fn show_statistics_syntax_errors() {
     let mut cmd = RuffCheck::default()
@@ -1860,7 +1810,7 @@ fn check_no_hint_for_hidden_unsafe_fixes_when_disabled() {
     --> -:1:1
 
     Found 2 errors.
-    [*] 1 fixable with the `--fix` option.
+    [*] 1 fixable with the --fix option.
 
     ----- stderr -----
     ");
@@ -1903,7 +1853,7 @@ fn check_shows_unsafe_fixes_with_opt_in() {
     --> -:1:1
 
     Found 2 errors.
-    [*] 2 fixable with the `--fix` option.
+    [*] 2 fixable with the --fix option.
 
     ----- stderr -----
     ");

crates/ruff_benchmark/Cargo.toml

@@ -59,6 +59,8 @@ divan = { workspace = true, optional = true }
 anyhow = { workspace = true }
 codspeed-criterion-compat = { workspace = true, default-features = false, optional = true }
 criterion = { workspace = true, default-features = false, optional = true }
+rayon = { workspace = true }
+rustc-hash = { workspace = true }
 serde = { workspace = true }
 serde_json = { workspace = true }
 tracing = { workspace = true }
@@ -86,7 +88,3 @@ mimalloc = { workspace = true }
 
 [target.'cfg(all(not(target_os = "windows"), not(target_os = "openbsd"), any(target_arch = "x86_64", target_arch = "aarch64", target_arch = "powerpc64", target_arch = "riscv64")))'.dev-dependencies]
 tikv-jemallocator = { workspace = true }
-
-[dev-dependencies]
-rustc-hash = { workspace = true }
-rayon = { workspace = true }

crates/ruff_benchmark/benches/lexer.rs

@@ -6,8 +6,7 @@ use criterion::{
 use ruff_benchmark::{
     LARGE_DATASET, NUMPY_CTYPESLIB, NUMPY_GLOBALS, PYDANTIC_TYPES, TestCase, UNICODE_PYPINYIN,
 };
-use ruff_python_ast::token::TokenKind;
-use ruff_python_parser::{Mode, lexer};
+use ruff_python_parser::{Mode, TokenKind, lexer};
 
 #[cfg(target_os = "windows")]
 #[global_allocator]

crates/ruff_benchmark/benches/ty_walltime.rs

@@ -120,7 +120,7 @@ static COLOUR_SCIENCE: Benchmark = Benchmark::new(
         max_dep_date: "2025-06-17",
         python_version: PythonVersion::PY310,
     },
-    1070,
+    600,
 );
 
 static FREQTRADE: Benchmark = Benchmark::new(
@@ -194,7 +194,7 @@ static SYMPY: Benchmark = Benchmark::new(
         max_dep_date: "2025-06-17",
         python_version: PythonVersion::PY312,
     },
-    13100,
+    13000,
 );
 
 static TANJUN: Benchmark = Benchmark::new(
@@ -223,7 +223,7 @@ static STATIC_FRAME: Benchmark = Benchmark::new(
         max_dep_date: "2025-08-09",
         python_version: PythonVersion::PY311,
     },
-    1100,
+    900,
 );
 
 #[track_caller]

crates/ruff_db/src/diagnostic/mod.rs

@@ -166,8 +166,28 @@ impl Diagnostic {
     /// Returns the primary message for this diagnostic.
     ///
     /// A diagnostic always has a message, but it may be empty.
+    ///
+    /// NOTE: At present, this routine will return the first primary
+    /// annotation's message as the primary message when the main diagnostic
+    /// message is empty. This is meant to facilitate an incremental migration
+    /// in ty over to the new diagnostic data model. (The old data model
+    /// didn't distinguish between messages on the entire diagnostic and
+    /// messages attached to a particular span.)
     pub fn primary_message(&self) -> &str {
-        self.inner.message.as_str()
+        if !self.inner.message.as_str().is_empty() {
+            return self.inner.message.as_str();
+        }
+        // FIXME: As a special case, while we're migrating ty
+        // to the new diagnostic data model, we'll look for a primary
+        // message from the primary annotation. This is because most
+        // ty diagnostics are created with an empty diagnostic
+        // message and instead attach the message to the annotation.
+        // Fixing this will require touching basically every diagnostic
+        // in ty, so we do it this way for now to match the old
+        // semantics. ---AG
+        self.primary_annotation()
+            .and_then(|ann| ann.get_message())
+            .unwrap_or_default()
     }
 
     /// Introspects this diagnostic and returns what kind of "primary" message
@@ -179,6 +199,18 @@ impl Diagnostic {
     /// contains *essential* information or context for understanding the
     /// diagnostic.
     ///
+    /// The reason why we don't just always return both the main diagnostic
+    /// message and the primary annotation message is because this was written
+    /// in the midst of an incremental migration of ty over to the new
+    /// diagnostic data model. At time of writing, diagnostics were still
+    /// constructed in the old model where the main diagnostic message and the
+    /// primary annotation message were not distinguished from each other. So
+    /// for now, we carefully return what kind of messages this diagnostic
+    /// contains. In effect, if this diagnostic has a non-empty main message
+    /// *and* a non-empty primary annotation message, then the diagnostic is
+    /// 100% using the new diagnostic data model and we can format things
+    /// appropriately.
+    ///
     /// The type returned implements the `std::fmt::Display` trait. In most
     /// cases, just converting it to a string (or printing it) will do what
     /// you want.
@@ -192,10 +224,11 @@ impl Diagnostic {
             .primary_annotation()
             .and_then(|ann| ann.get_message())
             .unwrap_or_default();
-        if annotation.is_empty() {
-            ConciseMessage::MainDiagnostic(main)
-        } else {
-            ConciseMessage::Both { main, annotation }
+        match (main.is_empty(), annotation.is_empty()) {
+            (false, true) => ConciseMessage::MainDiagnostic(main),
+            (true, false) => ConciseMessage::PrimaryAnnotation(annotation),
+            (false, false) => ConciseMessage::Both { main, annotation },
+            (true, true) => ConciseMessage::Empty,
         }
     }
 
@@ -321,13 +354,6 @@ impl Diagnostic {
         Arc::make_mut(&mut self.inner).fix = Some(fix);
     }
 
-    /// If `fix` is `Some`, set the fix for this diagnostic.
-    pub fn set_optional_fix(&mut self, fix: Option<Fix>) {
-        if let Some(fix) = fix {
-            self.set_fix(fix);
-        }
-    }
-
     /// Remove the fix for this diagnostic.
     pub fn remove_fix(&mut self) {
         Arc::make_mut(&mut self.inner).fix = None;
@@ -660,6 +686,18 @@ impl SubDiagnostic {
     /// contains *essential* information or context for understanding the
     /// diagnostic.
     ///
+    /// The reason why we don't just always return both the main diagnostic
+    /// message and the primary annotation message is because this was written
+    /// in the midst of an incremental migration of ty over to the new
+    /// diagnostic data model. At time of writing, diagnostics were still
+    /// constructed in the old model where the main diagnostic message and the
+    /// primary annotation message were not distinguished from each other. So
+    /// for now, we carefully return what kind of messages this diagnostic
+    /// contains. In effect, if this diagnostic has a non-empty main message
+    /// *and* a non-empty primary annotation message, then the diagnostic is
+    /// 100% using the new diagnostic data model and we can format things
+    /// appropriately.
+    ///
     /// The type returned implements the `std::fmt::Display` trait. In most
     /// cases, just converting it to a string (or printing it) will do what
     /// you want.
@@ -669,10 +707,11 @@ impl SubDiagnostic {
             .primary_annotation()
             .and_then(|ann| ann.get_message())
             .unwrap_or_default();
-        if annotation.is_empty() {
-            ConciseMessage::MainDiagnostic(main)
-        } else {
-            ConciseMessage::Both { main, annotation }
+        match (main.is_empty(), annotation.is_empty()) {
+            (false, true) => ConciseMessage::MainDiagnostic(main),
+            (true, false) => ConciseMessage::PrimaryAnnotation(annotation),
+            (false, false) => ConciseMessage::Both { main, annotation },
+            (true, true) => ConciseMessage::Empty,
         }
     }
 }
@@ -842,10 +881,6 @@ impl Annotation {
     pub fn hide_snippet(&mut self, yes: bool) {
         self.hide_snippet = yes;
     }
-
-    pub fn is_primary(&self) -> bool {
-        self.is_primary
-    }
 }
 
 /// Tags that can be associated with an annotation.
@@ -1466,10 +1501,28 @@ pub enum DiagnosticFormat {
 pub enum ConciseMessage<'a> {
     /// A diagnostic contains a non-empty main message and an empty
     /// primary annotation message.
+    ///
+    /// This strongly suggests that the diagnostic is using the
+    /// "new" data model.
     MainDiagnostic(&'a str),
+    /// A diagnostic contains an empty main message and a non-empty
+    /// primary annotation message.
+    ///
+    /// This strongly suggests that the diagnostic is using the
+    /// "old" data model.
+    PrimaryAnnotation(&'a str),
     /// A diagnostic contains a non-empty main message and a non-empty
     /// primary annotation message.
+    ///
+    /// This strongly suggests that the diagnostic is using the
+    /// "new" data model.
     Both { main: &'a str, annotation: &'a str },
+    /// A diagnostic contains an empty main message and an empty
+    /// primary annotation message.
+    ///
+    /// This indicates that the diagnostic is probably using the old
+    /// model.
+    Empty,
     /// A custom concise message has been provided.
     Custom(&'a str),
 }
@@ -1480,9 +1533,13 @@ impl std::fmt::Display for ConciseMessage<'_> {
             ConciseMessage::MainDiagnostic(main) => {
                 write!(f, "{main}")
             }
+            ConciseMessage::PrimaryAnnotation(annotation) => {
+                write!(f, "{annotation}")
+            }
             ConciseMessage::Both { main, annotation } => {
                 write!(f, "{main}: {annotation}")
             }
+            ConciseMessage::Empty => Ok(()),
             ConciseMessage::Custom(message) => {
                 write!(f, "{message}")
             }

crates/ruff_db/src/parsed.rs

@@ -21,11 +21,7 @@ use crate::source::source_text;
 /// reflected in the changed AST offsets.
 /// The other reason is that Ruff's AST doesn't implement `Eq` which Salsa requires
 /// for determining if a query result is unchanged.
-///
-/// The LRU capacity of 200 was picked without any empirical evidence that it's optimal,
-/// instead it's a wild guess that it should be unlikely that incremental changes involve
-/// more than 200 modules. Parsed ASTs within the same revision are never evicted by Salsa.
-#[salsa::tracked(returns(ref), no_eq, heap_size=ruff_memory_usage::heap_size, lru=200)]
+#[salsa::tracked(returns(ref), no_eq, heap_size=ruff_memory_usage::heap_size)]
 pub fn parsed_module(db: &dyn Db, file: File) -> ParsedModule {
     let _span = tracing::trace_span!("parsed_module", ?file).entered();
 
@@ -96,9 +92,14 @@ impl ParsedModule {
         self.inner.store(None);
     }
 
-    /// Returns the file to which this module belongs.
-    pub fn file(&self) -> File {
-        self.file
+    /// Returns the pointer address of this [`ParsedModule`].
+    ///
+    /// The pointer uniquely identifies the module within the current Salsa revision,
+    /// regardless of whether particular [`ParsedModuleRef`] instances are garbage collected.
+    pub fn addr(&self) -> usize {
+        // Note that the outer `Arc` in `inner` is stable across garbage collection, while the inner
+        // `Arc` within the `ArcSwap` may change.
+        Arc::as_ptr(&self.inner).addr()
     }
 }
 

crates/ruff_db/src/system/path.rs

@@ -667,13 +667,6 @@ impl Deref for SystemPathBuf {
     }
 }
 
-impl AsRef<Path> for SystemPathBuf {
-    #[inline]
-    fn as_ref(&self) -> &Path {
-        self.0.as_std_path()
-    }
-}
-
 impl<P: AsRef<SystemPath>> FromIterator<P> for SystemPathBuf {
     fn from_iter<I: IntoIterator<Item = P>>(iter: I) -> Self {
         let mut buf = SystemPathBuf::new();

crates/ruff_dev/src/generate_ty_options.rs

@@ -144,8 +144,8 @@ fn emit_field(output: &mut String, name: &str, field: &OptionField, parents: &[S
     output.push('\n');
 
     if let Some(deprecated) = &field.deprecated {
-        output.push_str("!!! warning \"Deprecated\"\n");
-        output.push_str("    This option has been deprecated");
+        output.push_str("> [!WARN] \"Deprecated\"\n");
+        output.push_str("> This option has been deprecated");
 
         if let Some(since) = deprecated.since {
             write!(output, " in {since}").unwrap();
@@ -166,9 +166,8 @@ fn emit_field(output: &mut String, name: &str, field: &OptionField, parents: &[S
     output.push('\n');
     let _ = writeln!(output, "**Type**: `{}`", field.value_type);
     output.push('\n');
-    output.push_str("**Example usage**:\n\n");
+    output.push_str("**Example usage** (`pyproject.toml`):\n\n");
     output.push_str(&format_example(
-        "pyproject.toml",
         &format_header(
             field.scope,
             field.example,
@@ -180,11 +179,11 @@ fn emit_field(output: &mut String, name: &str, field: &OptionField, parents: &[S
     output.push('\n');
 }
 
-fn format_example(title: &str, header: &str, content: &str) -> String {
+fn format_example(header: &str, content: &str) -> String {
     if header.is_empty() {
-        format!("```toml title=\"{title}\"\n{content}\n```\n",)
+        format!("```toml\n{content}\n```\n",)
     } else {
-        format!("```toml title=\"{title}\"\n{header}\n{content}\n```\n",)
+        format!("```toml\n{header}\n{content}\n```\n",)
     }
 }
 

crates/ruff_diagnostics/src/edit.rs

@@ -39,7 +39,7 @@ impl Edit {
 
     /// Creates an edit that replaces the content in `range` with `content`.
     pub fn range_replacement(content: String, range: TextRange) -> Self {
-        debug_assert!(!content.is_empty(), "Prefer `Edit::deletion`");
+        debug_assert!(!content.is_empty(), "Prefer `Fix::deletion`");
 
         Self {
             content: Some(Box::from(content)),

crates/ruff_diagnostics/src/fix.rs

@@ -149,10 +149,6 @@ impl Fix {
         &self.edits
     }
 
-    pub fn into_edits(self) -> Vec<Edit> {
-        self.edits
-    }
-
     /// Return the [`Applicability`] of the [`Fix`].
     pub fn applicability(&self) -> Applicability {
         self.applicability

crates/ruff_formatter/src/macros.rs

@@ -337,7 +337,7 @@ macro_rules! best_fitting {
 #[cfg(test)]
 mod tests {
     use crate::prelude::*;
-    use crate::{FormatState, SimpleFormatOptions, VecBuffer};
+    use crate::{FormatState, SimpleFormatOptions, VecBuffer, write};
 
     struct TestFormat;
 
@@ -385,8 +385,8 @@ mod tests {
 
     #[test]
     fn best_fitting_variants_print_as_lists() {
-        use crate::Formatted;
         use crate::prelude::*;
+        use crate::{Formatted, format, format_args};
 
         // The second variant below should be selected when printing at a width of 30
         let formatted_best_fitting = format!(

crates/ruff_graph/src/lib.rs

@@ -49,7 +49,7 @@ impl ModuleImports {
         // Resolve the imports.
         let mut resolved_imports = ModuleImports::default();
         for import in imports {
-            for resolved in Resolver::new(db, path).resolve(import) {
+            for resolved in Resolver::new(db).resolve(import) {
                 if let Some(path) = resolved.as_system_path() {
                     resolved_imports.insert(path.to_path_buf());
                 }

crates/ruff_graph/src/resolver.rs

@@ -1,9 +1,5 @@
-use ruff_db::files::{File, FilePath, system_path_to_file};
-use ruff_db::system::SystemPath;
-use ty_python_semantic::{
-    ModuleName, resolve_module, resolve_module_confident, resolve_real_module,
-    resolve_real_module_confident,
-};
+use ruff_db::files::FilePath;
+use ty_python_semantic::{ModuleName, resolve_module, resolve_real_module};
 
 use crate::ModuleDb;
 use crate::collector::CollectedImport;
@@ -11,15 +7,12 @@ use crate::collector::CollectedImport;
 /// Collect all imports for a given Python file.
 pub(crate) struct Resolver<'a> {
     db: &'a ModuleDb,
-    file: Option<File>,
 }
 
 impl<'a> Resolver<'a> {
     /// Initialize a [`Resolver`] with a given [`ModuleDb`].
-    pub(crate) fn new(db: &'a ModuleDb, path: &SystemPath) -> Self {
-        // If we know the importing file we can potentially resolve more imports
-        let file = system_path_to_file(db, path).ok();
-        Self { db, file }
+    pub(crate) fn new(db: &'a ModuleDb) -> Self {
+        Self { db }
     }
 
     /// Resolve the [`CollectedImport`] into a [`FilePath`].
@@ -77,21 +70,13 @@ impl<'a> Resolver<'a> {
 
     /// Resolves a module name to a module.
     pub(crate) fn resolve_module(&self, module_name: &ModuleName) -> Option<&'a FilePath> {
-        let module = if let Some(file) = self.file {
-            resolve_module(self.db, file, module_name)?
-        } else {
-            resolve_module_confident(self.db, module_name)?
-        };
+        let module = resolve_module(self.db, module_name)?;
         Some(module.file(self.db)?.path(self.db))
     }
 
     /// Resolves a module name to a module (stubs not allowed).
     fn resolve_real_module(&self, module_name: &ModuleName) -> Option<&'a FilePath> {
-        let module = if let Some(file) = self.file {
-            resolve_real_module(self.db, file, module_name)?
-        } else {
-            resolve_real_module_confident(self.db, module_name)?
-        };
+        let module = resolve_real_module(self.db, module_name)?;
         Some(module.file(self.db)?.path(self.db))
     }
 }

crates/ruff_linter/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "ruff_linter"
-version = "0.14.9"
+version = "0.14.6"
 publish = false
 authors = { workspace = true }
 edition = { workspace = true }
@@ -35,7 +35,6 @@ anyhow = { workspace = true }
 bitflags = { workspace = true }
 clap = { workspace = true, features = ["derive", "string"], optional = true }
 colored = { workspace = true }
-compact_str = { workspace = true }
 fern = { workspace = true }
 glob = { workspace = true }
 globset = { workspace = true }

crates/ruff_linter/resources/test/fixtures/flake8_bandit/S310.py

@@ -45,22 +45,3 @@ urllib.request.urlopen(urllib.request.Request(url))
 # https://github.com/astral-sh/ruff/issues/15522
 map(urllib.request.urlopen, [])
 foo = urllib.request.urlopen
-
-# https://github.com/astral-sh/ruff/issues/21462
-path = "https://example.com/data.csv"
-urllib.request.urlretrieve(path, "data.csv")
-url = "https://example.com/api"
-urllib.request.Request(url)
-
-# Test resolved f-strings and concatenated string literals
-fstring_url = f"https://example.com/data.csv"
-urllib.request.urlopen(fstring_url)
-urllib.request.Request(fstring_url)
-
-concatenated_url = "https://" + "example.com/data.csv"
-urllib.request.urlopen(concatenated_url)
-urllib.request.Request(concatenated_url)
-
-nested_concatenated = "http://" + "example.com" + "/data.csv"
-urllib.request.urlopen(nested_concatenated)
-urllib.request.Request(nested_concatenated)

crates/ruff_linter/resources/test/fixtures/flake8_bandit/S506.py

@@ -28,11 +28,9 @@ yaml.load("{}", SafeLoader)
 yaml.load("{}", yaml.SafeLoader)
 yaml.load("{}", CSafeLoader)
 yaml.load("{}", yaml.CSafeLoader)
-yaml.load("{}", yaml.cyaml.CSafeLoader)
 yaml.load("{}", NewSafeLoader)
 yaml.load("{}", Loader=SafeLoader)
 yaml.load("{}", Loader=yaml.SafeLoader)
 yaml.load("{}", Loader=CSafeLoader)
 yaml.load("{}", Loader=yaml.CSafeLoader)
-yaml.load("{}", Loader=yaml.cyaml.CSafeLoader)
 yaml.load("{}", Loader=NewSafeLoader)

crates/ruff_linter/resources/test/fixtures/flake8_bugbear/B006_B008.py

@@ -199,9 +199,6 @@ def bytes_okay(value=bytes(1)):
 def int_okay(value=int("12")):
     pass
 
-# Allow immutable slice()
-def slice_okay(value=slice(1,2)):
-    pass
 
 # Allow immutable complex() value
 def complex_okay(value=complex(1,2)):

crates/ruff_linter/resources/test/fixtures/flake8_bugbear/B901.py

@@ -52,16 +52,16 @@ def not_broken5():
     yield inner()
 
 
-def broken3():
+def not_broken6():
     return (yield from [])
 
 
-def broken4():
+def not_broken7():
     x = yield from []
     return x
 
 
-def broken5():
+def not_broken8():
     x = None
 
     def inner(ex):
@@ -76,13 +76,3 @@ class NotBroken9(object):
     def __await__(self):
         yield from function()
         return 42
-
-
-async def broken6():
-    yield 1
-    return foo()
-
-
-async def broken7():
-    yield 1
-    return [1, 2, 3]

crates/ruff_linter/resources/test/fixtures/flake8_implicit_str_concat/ISC.py

@@ -208,17 +208,3 @@ _ = t"b {f"c" f"d {t"e" t"f"} g"} h"
 _ = f"b {t"abc" \
     t"def"} g"
 
-
-# Explicit concatenation with either operand being
-# a string literal that wraps across multiple lines (in parentheses)
-# reports diagnostic - no autofix.
-# See https://github.com/astral-sh/ruff/issues/19757
-_ = "abc" + (
-    "def"
-    "ghi"
-)
-
-_ = (
-    "abc"
-    "def"
-) + "ghi"

crates/ruff_linter/resources/test/fixtures/flake8_simplify/SIM222.py

@@ -216,15 +216,3 @@ def get_items_list():
 
 def get_items_set():
     return tuple({item for item in items}) or None  # OK
-
-
-# https://github.com/astral-sh/ruff/issues/21473
-tuple("") or True  # SIM222
-tuple(t"") or True  # OK
-tuple(0) or True  # OK
-tuple(1) or True  # OK
-tuple(False) or True  # OK
-tuple(None) or True  # OK
-tuple(...) or True  # OK
-tuple(lambda x: x) or True  # OK
-tuple(x for x in range(0)) or True  # OK

crates/ruff_linter/resources/test/fixtures/flake8_simplify/SIM223.py

@@ -157,15 +157,3 @@ print(f"{1}{''}" and "bar")
 
 # https://github.com/astral-sh/ruff/issues/7127
 def f(a: "'' and 'b'"): ...
-
-
-# https://github.com/astral-sh/ruff/issues/21473
-tuple("") and False  # SIM223
-tuple(t"") and False  # OK
-tuple(0) and False  # OK
-tuple(1) and False  # OK
-tuple(False) and False  # OK
-tuple(None) and False  # OK
-tuple(...) and False  # OK
-tuple(lambda x: x) and False  # OK
-tuple(x for x in range(0)) and False  # OK

crates/ruff_linter/resources/test/fixtures/pydocstyle/D417.py

@@ -218,26 +218,3 @@ def should_not_fail(payload, Args):
         Args:
             The other arguments.
     """
-
-
-# Test cases for Unpack[TypedDict] kwargs
-from typing import TypedDict
-from typing_extensions import Unpack
-
-class User(TypedDict):
-    id: int
-    name: str
-
-def function_with_unpack_args_should_not_fail(query: str, **kwargs: Unpack[User]):
-    """Function with Unpack kwargs.
-
-    Args:
-        query: some arg
-    """
-
-def function_with_unpack_and_missing_arg_doc_should_fail(query: str, **kwargs: Unpack[User]):
-    """Function with Unpack kwargs but missing query arg documentation.
-
-    Args:
-        **kwargs: keyword arguments
-    """

crates/ruff_linter/resources/test/fixtures/pyflakes/F704.py

@@ -17,24 +17,3 @@ def _():
 
     # Valid yield scope
     yield 3
-
-
-# await is valid in any generator, sync or async
-(await cor async for cor in f())  # ok
-(await cor for cor in f())  # ok
-
-# but not in comprehensions
-[await cor async for cor in f()]  # F704
-{await cor async for cor in f()}  # F704
-{await cor: 1 async for cor in f()}  # F704
-[await cor for cor in f()]  # F704
-{await cor for cor in f()}  # F704
-{await cor: 1 for cor in f()}  # F704
-
-# or in the iterator of an async generator, which is evaluated in the parent
-# scope
-(cor async for cor in await f())  # F704
-(await cor async for cor in [await c for c in f()])  # F704
-
-# this is also okay because the comprehension is within the generator scope
-([await c for c in cor] async for cor in f())  # ok

crates/ruff_linter/resources/test/fixtures/pylint/dict_iter_missing_items.py

@@ -30,23 +30,3 @@ for a, b in d_tuple:
     pass
 for a, b in d_tuple_annotated: 
     pass
-
-# Empty dict cases
-empty_dict = {}
-empty_dict["x"] = 1
-for k, v in empty_dict:
-    pass
-
-empty_dict_annotated_tuple_keys: dict[tuple[int, str], bool] = {}
-for k, v in empty_dict_annotated_tuple_keys:
-    pass
-
-empty_dict_unannotated = {}
-empty_dict_unannotated[("x", "y")] = True
-for k, v in empty_dict_unannotated:
-    pass
-
-empty_dict_annotated_str_keys: dict[str, int] = {}
-empty_dict_annotated_str_keys["x"] = 1
-for k, v in empty_dict_annotated_str_keys:
-    pass

crates/ruff_linter/resources/test/fixtures/pylint/stop_iteration_return.py

@@ -129,26 +129,3 @@ def generator_with_lambda():
     yield 1
     func = lambda x: x  # Just a regular lambda
     yield 2
-
-# See: https://github.com/astral-sh/ruff/issues/21162
-def foo():
-    def g():
-        yield 1
-    raise StopIteration  # Should not trigger
-
-
-def foo():
-    def g():
-        raise StopIteration  # Should not trigger
-    yield 1
-
-# https://github.com/astral-sh/ruff/pull/21177#pullrequestreview-3430209718
-def foo():
-    yield 1
-    class C:
-        raise StopIteration  # Should trigger
-    yield C
-
-# https://github.com/astral-sh/ruff/pull/21177#discussion_r2539702728
-def foo():
-    raise StopIteration((yield 1))  # Should trigger

crates/ruff_linter/resources/test/fixtures/pylint/useless_exception_statement.py

@@ -2,40 +2,15 @@ from abc import ABC, abstractmethod
 from contextlib import suppress
 
 
-class MyError(Exception):
-    ...
-
-
-class MySubError(MyError):
-    ...
-
-
-class MyValueError(ValueError):
-    ...
-
-
-class MyUserWarning(UserWarning):
-    ...
-
-
-# Violation test cases with builtin errors: PLW0133
-
-
 # Test case 1: Useless exception statement
 def func():
     AssertionError("This is an assertion error")  # PLW0133
-    MyError("This is a custom error")  # PLW0133
-    MySubError("This is a custom error")  # PLW0133
-    MyValueError("This is a custom value error")  # PLW0133
 
 
 # Test case 2: Useless exception statement in try-except block
 def func():
     try:
         Exception("This is an exception")  # PLW0133
-        MyError("This is an exception")  # PLW0133
-        MySubError("This is an exception")  # PLW0133
-        MyValueError("This is an exception")  # PLW0133
     except Exception as err:
         pass
 
@@ -44,9 +19,6 @@ def func():
 def func():
     if True:
         RuntimeError("This is an exception")  # PLW0133
-        MyError("This is an exception")  # PLW0133
-        MySubError("This is an exception")  # PLW0133
-        MyValueError("This is an exception")  # PLW0133
 
 
 # Test case 4: Useless exception statement in class
@@ -54,18 +26,12 @@ def func():
     class Class:
         def __init__(self):
             TypeError("This is an exception")  # PLW0133
-            MyError("This is an exception")  # PLW0133
-            MySubError("This is an exception")  # PLW0133
-            MyValueError("This is an exception")  # PLW0133
 
 
 # Test case 5: Useless exception statement in function
 def func():
     def inner():
         IndexError("This is an exception")  # PLW0133
-        MyError("This is an exception")  # PLW0133
-        MySubError("This is an exception")  # PLW0133
-        MyValueError("This is an exception")  # PLW0133
 
     inner()
 
@@ -74,9 +40,6 @@ def func():
 def func():
     while True:
         KeyError("This is an exception")  # PLW0133
-        MyError("This is an exception")  # PLW0133
-        MySubError("This is an exception")  # PLW0133
-        MyValueError("This is an exception")  # PLW0133
 
 
 # Test case 7: Useless exception statement in abstract class
@@ -85,58 +48,27 @@ def func():
         @abstractmethod
         def method(self):
             NotImplementedError("This is an exception")  # PLW0133
-            MyError("This is an exception")  # PLW0133
-            MySubError("This is an exception")  # PLW0133
-            MyValueError("This is an exception")  # PLW0133
 
 
 # Test case 8: Useless exception statement inside context manager
 def func():
-    with suppress(Exception):
+    with suppress(AttributeError):
         AttributeError("This is an exception")  # PLW0133
-        MyError("This is an exception")  # PLW0133
-        MySubError("This is an exception")  # PLW0133
-        MyValueError("This is an exception")  # PLW0133
 
 
 # Test case 9: Useless exception statement in parentheses
 def func():
     (RuntimeError("This is an exception"))  # PLW0133
-    (MyError("This is an exception"))  # PLW0133
-    (MySubError("This is an exception"))  # PLW0133
-    (MyValueError("This is an exception"))  # PLW0133
 
 
 # Test case 10: Useless exception statement in continuation
 def func():
     x = 1; (RuntimeError("This is an exception")); y = 2  # PLW0133
-    x = 1; (MyError("This is an exception")); y = 2  # PLW0133
-    x = 1; (MySubError("This is an exception")); y = 2  # PLW0133
-    x = 1; (MyValueError("This is an exception")); y = 2  # PLW0133
 
 
 # Test case 11: Useless warning statement
 def func():
-    UserWarning("This is a user warning")  # PLW0133
-    MyUserWarning("This is a custom user warning")  # PLW0133
-
-
-# Test case 12: Useless exception statement at module level
-import builtins
-
-builtins.TypeError("still an exception even though it's an Attribute")  # PLW0133
-
-PythonFinalizationError("Added in Python 3.13")  # PLW0133
-
-MyError("This is an exception")  # PLW0133
-
-MySubError("This is an exception")  # PLW0133
-
-MyValueError("This is an exception")  # PLW0133
-
-UserWarning("This is a user warning")  # PLW0133
-
-MyUserWarning("This is a custom user warning")  # PLW0133
+    UserWarning("This is an assertion error")  # PLW0133
 
 
 # Non-violation test cases: PLW0133
@@ -187,3 +119,10 @@ def func():
 def func():
     with suppress(AttributeError):
         raise AttributeError("This is an exception")  # OK
+
+
+import builtins
+
+builtins.TypeError("still an exception even though it's an Attribute")
+
+PythonFinalizationError("Added in Python 3.13")

crates/ruff_linter/resources/test/fixtures/pyupgrade/UP032_0.py

@@ -132,6 +132,7 @@ async def c():
 # Non-errors
 ###
 
+# False-negative: RustPython doesn't parse the `\N{snowman}`.
 "\N{snowman} {}".format(a)
 
 "{".format(a)
@@ -275,6 +276,3 @@ if __name__ == "__main__":
     number = 0
     string = "{}".format(number := number + 1)
     print(string)
-
-# Unicode escape
-"\N{angle}AOB = {angle}°".format(angle=180)

crates/ruff_linter/resources/test/fixtures/refurb/FURB101.py

@@ -138,6 +138,5 @@ with open("file.txt", encoding="utf-8") as f:
 with open("file.txt", encoding="utf-8") as f:
     contents = process_contents(f.read())
 
-with open("file1.txt", encoding="utf-8") as f:
+with open("file.txt", encoding="utf-8") as f:
     contents: str = process_contents(f.read())
-

crates/ruff_linter/resources/test/fixtures/refurb/FURB101_1.py

@@ -1,8 +0,0 @@
-
-from pathlib import Path
-
-with Path("file.txt").open() as f:
-    contents = f.read()
-
-with Path("file.txt").open("r") as f:
-    contents = f.read()

crates/ruff_linter/resources/test/fixtures/refurb/FURB103_1.py

@@ -1,26 +0,0 @@
-from pathlib import Path
-
-with Path("file.txt").open("w") as f:
-    f.write("test")
-
-with Path("file.txt").open("wb") as f:
-    f.write(b"test")
-
-with Path("file.txt").open(mode="w") as f:
-    f.write("test")
-
-with Path("file.txt").open("w", encoding="utf8") as f:
-    f.write("test")
-
-with Path("file.txt").open("w", errors="ignore") as f:
-    f.write("test")
-
-with Path(foo()).open("w") as f:
-    f.write("test")
-
-p = Path("file.txt")
-with p.open("w") as f:
-    f.write("test")
-
-with Path("foo", "bar", "baz").open("w") as f:
-    f.write("test")

crates/ruff_linter/resources/test/fixtures/ruff/RUF052_1.py

@@ -1,109 +0,0 @@
-# Correct usage in loop and comprehension
-def process_data():
-    return 42
-def test_correct_dummy_usage():
-    my_list = [{"foo": 1}, {"foo": 2}]
-
-    # Should NOT detect - dummy variable is not used
-    [process_data() for _ in my_list]  # OK: `_` is ignored by rule
-
-    # Should NOT detect - dummy variable is not used
-    [item["foo"] for item in my_list]  # OK: not a dummy variable name
-
-    # Should NOT detect - dummy variable is not used
-    [42 for _unused in my_list]  # OK: `_unused` is not accessed
-
-# Regular For Loops
-def test_for_loops():
-    my_list = [{"foo": 1}, {"foo": 2}]
-
-    # Should detect used dummy variable
-    for _item in my_list:
-        print(_item["foo"])  # RUF052: Local dummy variable `_item` is accessed
-
-    # Should detect used dummy variable
-    for _index, _value in enumerate(my_list):
-        result = _index + _value["foo"]  # RUF052: Both `_index` and `_value` are accessed
-
-# List Comprehensions
-def test_list_comprehensions():
-    my_list = [{"foo": 1}, {"foo": 2}]
-
-    # Should detect used dummy variable
-    result = [_item["foo"] for _item in my_list]  # RUF052: Local dummy variable `_item` is accessed
-
-    # Should detect used dummy variable in nested comprehension
-    nested = [[_item["foo"] for _item in _sublist] for _sublist in [my_list, my_list]]
-    # RUF052: Both `_item` and `_sublist` are accessed
-
-    # Should detect with conditions
-    filtered = [_item["foo"] for _item in my_list if _item["foo"] > 0]
-    # RUF052: Local dummy variable `_item` is accessed
-
-# Dict Comprehensions
-def test_dict_comprehensions():
-    my_list = [{"key": "a", "value": 1}, {"key": "b", "value": 2}]
-
-    # Should detect used dummy variable
-    result = {_item["key"]: _item["value"] for _item in my_list}
-    # RUF052: Local dummy variable `_item` is accessed
-
-    # Should detect with enumerate
-    indexed = {_index: _item["value"] for _index, _item in enumerate(my_list)}
-    # RUF052: Both `_index` and `_item` are accessed
-
-    # Should detect in nested dict comprehension
-    nested = {_outer: {_inner["key"]: _inner["value"] for _inner in sublist}
-              for _outer, sublist in enumerate([my_list])}
-    # RUF052: `_outer`, `_inner` are accessed
-
-# Set Comprehensions
-def test_set_comprehensions():
-    my_list = [{"foo": 1}, {"foo": 2}, {"foo": 1}]  # Note: duplicate values
-
-    # Should detect used dummy variable
-    unique_values = {_item["foo"] for _item in my_list}
-    # RUF052: Local dummy variable `_item` is accessed
-
-    # Should detect with conditions
-    filtered_set = {_item["foo"] for _item in my_list if _item["foo"] > 0}
-    # RUF052: Local dummy variable `_item` is accessed
-
-    # Should detect with complex expression
-    processed = {_item["foo"] * 2 for _item in my_list}
-    # RUF052: Local dummy variable `_item` is accessed
-
-# Generator Expressions
-def test_generator_expressions():
-    my_list = [{"foo": 1}, {"foo": 2}]
-
-    # Should detect used dummy variable
-    gen = (_item["foo"] for _item in my_list)
-    # RUF052: Local dummy variable `_item` is accessed
-
-    # Should detect when passed to function
-    total = sum(_item["foo"] for _item in my_list)
-    # RUF052: Local dummy variable `_item` is accessed
-
-    # Should detect with multiple generators
-    pairs = ((_x, _y) for _x in range(3) for _y in range(3) if _x != _y)
-    # RUF052: Both `_x` and `_y` are accessed
-
-    # Should detect in nested generator
-    nested_gen = (sum(_inner["foo"] for _inner in sublist) for _sublist in [my_list] for sublist in _sublist)
-    # RUF052: `_inner` and `_sublist` are accessed
-
-# Complex Examples with Multiple Comprehension Types
-def test_mixed_comprehensions():
-    data = [{"items": [1, 2, 3]}, {"items": [4, 5, 6]}]
-
-    # Should detect in mixed comprehensions
-    result = [
-        {_key: [_val * 2 for _val in _record["items"]] for _key in ["doubled"]}
-        for _record in data
-    ]
-    # RUF052: `_key`, `_val`, and `_record` are all accessed
-
-    # Should detect in generator passed to list constructor
-    gen_list = list(_item["items"][0] for _item in data)
-    # RUF052: Local dummy variable `_item` is accessed

crates/ruff_linter/resources/test/fixtures/ruff/RUF066.py

@@ -1,70 +0,0 @@
-import abc
-import typing
-
-
-class User:  # Test normal class properties
-    @property
-    def name(self):  # ERROR: No return
-        f"{self.first_name} {self.last_name}"
-
-    @property
-    def age(self):  # OK: Returning something
-        return 100
-
-    def method(self):  # OK: Not a property
-        x = 1
-
-    @property
-    def nested(self):  # ERROR: Property itself doesn't return
-        def inner():
-            return 0
-
-    @property
-    def stub(self): ...  # OK: A stub; doesn't return anything
-
-
-class UserMeta(metaclass=abc.ABCMeta):  # Test properies inside of an ABC class
-    @property
-    @abc.abstractmethod
-    def abstr_prop1(self): ...  # OK: Abstract methods doesn't need to return anything
-
-    @property
-    @abc.abstractmethod
-    def abstr_prop2(self):  # OK: Abstract methods doesn't need to return anything
-        """
-        A cool docstring
-        """
-
-    @property
-    def prop1(self):  # OK: Returning a value
-        return 1
-
-    @property
-    def prop2(self):  # ERROR: Not returning something (even when we are inside an ABC)
-        50
-
-    def method(self):  # OK: Not a property
-        x = 1
-
-
-def func():  # OK: Not a property
-    x = 1
-
-
-class Proto(typing.Protocol):  # Tests for a Protocol class
-    @property
-    def prop1(self) -> int: ...  # OK: A stub property
-
-
-class File:  # Extra tests for things like yield/yield from/raise
-    @property
-    def stream1(self):  # OK: Yields something
-        yield
-
-    @property
-    def stream2(self):  # OK: Yields from something
-        yield from self.stream1
-
-    @property
-    def children(self):  # OK: Raises
-        raise ValueError("File does not have children")

crates/ruff_linter/resources/test/fixtures/ruff/suppressions.py

@@ -1,88 +0,0 @@
-def f():
-    # These should both be ignored by the range suppression.
-    # ruff: disable[E741, F841]
-    I = 1
-    # ruff: enable[E741, F841]
-
-
-def f():
-    # These should both be ignored by the implicit range suppression.
-    # Should also generate an "unmatched suppression" warning.
-    # ruff:disable[E741,F841]
-    I = 1
-
-
-def f():
-    # Neither warning is ignored, and an "unmatched suppression"
-    # should be generated.
-    I = 1
-    # ruff: enable[E741, F841]
-
-
-def f():
-    # One should be ignored by the range suppression, and
-    # the other logged to the user.
-    # ruff: disable[E741]
-    I = 1
-    # ruff: enable[E741]
-
-
-def f():
-    # Test interleaved range suppressions. The first and last
-    # lines should each log a different warning, while the
-    # middle line should be completely silenced.
-    # ruff: disable[E741]
-    l = 0
-    # ruff: disable[F841]
-    O = 1
-    # ruff: enable[E741]
-    I = 2
-    # ruff: enable[F841]
-
-
-def f():
-    # Neither of these are ignored and warnings are
-    # logged to user
-    # ruff: disable[E501]
-    I = 1
-    # ruff: enable[E501]
-
-
-def f():
-    # These should both be ignored by the range suppression,
-    # and an unusued noqa diagnostic should be logged.
-    # ruff:disable[E741,F841]
-    I = 1  # noqa: E741,F841
-    # ruff:enable[E741,F841]
-
-
-def f():
-    # TODO: Duplicate codes should be counted as duplicate, not unused
-    # ruff: disable[F841, F841]
-    foo = 0
-
-
-def f():
-    # Overlapping range suppressions, one should be marked as used,
-    # and the other should trigger an unused suppression diagnostic
-    # ruff: disable[F841]
-    # ruff: disable[F841]
-    foo = 0
-
-
-def f():
-    # Multiple codes but only one is used
-    # ruff: disable[E741, F401, F841]
-    foo = 0
-
-
-def f():
-    # Multiple codes but only two are used
-    # ruff: disable[E741, F401, F841]
-    I = 0
-
-
-def f():
-    # Multiple codes but none are used
-    # ruff: disable[E741, F401, F841]
-    print("hello")

crates/ruff_linter/resources/test/fixtures/semantic_errors/annotated_global.py

@@ -1,38 +0,0 @@
-a: int = 1
-def f1():
-    global a
-    a: str = "foo"  # error
-
-b: int = 1
-def outer():
-    def inner():
-        global b
-        b: str = "nested"  # error
-
-c: int = 1
-def f2():
-    global c
-    c: list[str] = []  # error
-
-d: int = 1
-def f3():
-    global d
-    d: str  # error
-
-e: int = 1
-def f4():
-    e: str = "happy"  # okay
-
-global f
-f: int = 1  # okay
-
-g: int = 1
-global g  # error
-
-class C:
-    x: str
-    global x  # error
-
-class D:
-    global x  # error
-    x: str

crates/ruff_linter/resources/test/fixtures/syntax_errors/await_outside_async_function.py

@@ -3,5 +3,3 @@ def func():
 
 # Top-level await
 await 1
-
-([await c for c in cor] async for cor in func())  # ok

crates/ruff_linter/resources/test/fixtures/syntax_errors/return_in_generator.py

@@ -1,24 +0,0 @@
-async def gen():
-    yield 1
-    return 42
-
-def gen(): # B901 but not a syntax error - not an async generator
-    yield 1
-    return 42
-
-async def gen(): # ok - no value in return
-    yield 1
-    return
-
-async def gen():
-    yield 1
-    return foo()
-
-async def gen():
-    yield 1
-    return [1, 2, 3]
-
-async def gen():
-    if True:
-        yield 1
-    return 10

crates/ruff_linter/resources/test/project/README.md

@@ -17,7 +17,7 @@ crates/ruff_linter/resources/test/project/examples/docs/docs/file.py:8:5: F841 [
 crates/ruff_linter/resources/test/project/project/file.py:1:8: F401 [*] `os` imported but unused
 crates/ruff_linter/resources/test/project/project/import_file.py:1:1: I001 [*] Import block is un-sorted or un-formatted
 Found 7 errors.
-[*] 7 potentially fixable with the `--fix` option.
+[*] 7 potentially fixable with the --fix option.
 ```
 
 Running from the project directory itself should exhibit the same behavior:
@@ -32,7 +32,7 @@ examples/docs/docs/file.py:8:5: F841 [*] Local variable `x` is assigned to but n
 project/file.py:1:8: F401 [*] `os` imported but unused
 project/import_file.py:1:1: I001 [*] Import block is un-sorted or un-formatted
 Found 7 errors.
-[*] 7 potentially fixable with the `--fix` option.
+[*] 7 potentially fixable with the --fix option.
 ```
 
 Running from the sub-package directory should exhibit the same behavior, but omit the top-level
@@ -43,7 +43,7 @@ files:
 docs/file.py:1:1: I001 [*] Import block is un-sorted or un-formatted
 docs/file.py:8:5: F841 [*] Local variable `x` is assigned to but never used
 Found 2 errors.
-[*] 2 potentially fixable with the `--fix` option.
+[*] 2 potentially fixable with the --fix option.
 ```
 
 `--config` should force Ruff to use the specified `pyproject.toml` for all files, and resolve
@@ -61,7 +61,7 @@ crates/ruff_linter/resources/test/project/examples/docs/docs/file.py:4:27: F401
 crates/ruff_linter/resources/test/project/examples/excluded/script.py:1:8: F401 [*] `os` imported but unused
 crates/ruff_linter/resources/test/project/project/file.py:1:8: F401 [*] `os` imported but unused
 Found 9 errors.
-[*] 9 potentially fixable with the `--fix` option.
+[*] 9 potentially fixable with the --fix option.
 ```
 
 Running from a parent directory should "ignore" the `exclude` (hence, `concepts/file.py` gets
@@ -74,7 +74,7 @@ docs/docs/file.py:1:1: I001 [*] Import block is un-sorted or un-formatted
 docs/docs/file.py:8:5: F841 [*] Local variable `x` is assigned to but never used
 excluded/script.py:5:5: F841 [*] Local variable `x` is assigned to but never used
 Found 4 errors.
-[*] 4 potentially fixable with the `--fix` option.
+[*] 4 potentially fixable with the --fix option.
 ```
 
 Passing an excluded directory directly should report errors in the contained files:
@@ -83,7 +83,7 @@ Passing an excluded directory directly should report errors in the contained fil
 ∴ cargo run -p ruff -- check crates/ruff_linter/resources/test/project/examples/excluded/
 crates/ruff_linter/resources/test/project/examples/excluded/script.py:1:8: F401 [*] `os` imported but unused
 Found 1 error.
-[*] 1 potentially fixable with the `--fix` option.
+[*] 1 potentially fixable with the --fix option.
 ```
 
 Unless we `--force-exclude`:

crates/ruff_linter/src/checkers/ast/analyze/statement.rs

@@ -131,9 +131,6 @@ pub(crate) fn statement(stmt: &Stmt, checker: &mut Checker) {
             if checker.is_rule_enabled(Rule::GeneratorReturnFromIterMethod) {
                 flake8_pyi::rules::bad_generator_return_type(function_def, checker);
             }
-            if checker.is_rule_enabled(Rule::StopIterationReturn) {
-                pylint::rules::stop_iteration_return(checker, function_def);
-            }
             if checker.source_type.is_stub() {
                 if checker.is_rule_enabled(Rule::StrOrReprDefinedInStub) {
                     flake8_pyi::rules::str_or_repr_defined_in_stub(checker, stmt);
@@ -347,9 +344,6 @@ pub(crate) fn statement(stmt: &Stmt, checker: &mut Checker) {
             if checker.is_rule_enabled(Rule::InvalidArgumentName) {
                 pep8_naming::rules::invalid_argument_name_function(checker, function_def);
             }
-            if checker.is_rule_enabled(Rule::PropertyWithoutReturn) {
-                ruff::rules::property_without_return(checker, function_def);
-            }
         }
         Stmt::Return(_) => {
             if checker.is_rule_enabled(Rule::ReturnInInit) {
@@ -956,6 +950,9 @@ pub(crate) fn statement(stmt: &Stmt, checker: &mut Checker) {
             if checker.is_rule_enabled(Rule::MisplacedBareRaise) {
                 pylint::rules::misplaced_bare_raise(checker, raise);
             }
+            if checker.is_rule_enabled(Rule::StopIterationReturn) {
+                pylint::rules::stop_iteration_return(checker, raise);
+            }
         }
         Stmt::AugAssign(aug_assign @ ast::StmtAugAssign { target, .. }) => {
             if checker.is_rule_enabled(Rule::GlobalStatement) {

crates/ruff_linter/src/checkers/ast/mod.rs

@@ -35,7 +35,6 @@ use ruff_python_ast::helpers::{collect_import_from_member, is_docstring_stmt, to
 use ruff_python_ast::identifier::Identifier;
 use ruff_python_ast::name::QualifiedName;
 use ruff_python_ast::str::Quote;
-use ruff_python_ast::token::Tokens;
 use ruff_python_ast::visitor::{Visitor, walk_except_handler, walk_pattern};
 use ruff_python_ast::{
     self as ast, AnyParameterRef, ArgOrKeyword, Comprehension, ElifElseClause, ExceptHandler, Expr,
@@ -49,7 +48,7 @@ use ruff_python_parser::semantic_errors::{
     SemanticSyntaxChecker, SemanticSyntaxContext, SemanticSyntaxError, SemanticSyntaxErrorKind,
 };
 use ruff_python_parser::typing::{AnnotationKind, ParsedAnnotation, parse_type_annotation};
-use ruff_python_parser::{ParseError, Parsed};
+use ruff_python_parser::{ParseError, Parsed, Tokens};
 use ruff_python_semantic::all::{DunderAllDefinition, DunderAllFlags};
 use ruff_python_semantic::analyze::{imports, typing};
 use ruff_python_semantic::{
@@ -69,7 +68,6 @@ use crate::noqa::NoqaMapping;
 use crate::package::PackageRoot;
 use crate::preview::is_undefined_export_in_dunder_init_enabled;
 use crate::registry::Rule;
-use crate::rules::flake8_bugbear::rules::ReturnInGenerator;
 use crate::rules::pyflakes::rules::{
     LateFutureImport, MultipleStarredExpressions, ReturnOutsideFunction,
     UndefinedLocalWithNestedImportStarUsage, YieldOutsideFunction,
@@ -437,15 +435,6 @@ impl<'a> Checker<'a> {
         }
     }
 
-    /// Returns the [`Tokens`] for the parsed source file.
-    ///
-    ///
-    /// Unlike [`Self::tokens`], this method always returns
-    /// the tokens for the current file, even when within a parsed type annotation.
-    pub(crate) fn source_tokens(&self) -> &'a Tokens {
-        self.parsed.tokens()
-    }
-
     /// The [`Locator`] for the current file, which enables extraction of source code from byte
     /// offsets.
     pub(crate) const fn locator(&self) -> &'a Locator<'a> {
@@ -739,12 +728,6 @@ impl SemanticSyntaxContext for Checker<'_> {
                     self.report_diagnostic(NonlocalWithoutBinding { name }, error.range);
                 }
             }
-            SemanticSyntaxErrorKind::ReturnInGenerator => {
-                // B901
-                if self.is_rule_enabled(Rule::ReturnInGenerator) {
-                    self.report_diagnostic(ReturnInGenerator, error.range);
-                }
-            }
             SemanticSyntaxErrorKind::ReboundComprehensionVariable
             | SemanticSyntaxErrorKind::DuplicateTypeParameter
             | SemanticSyntaxErrorKind::MultipleCaseAssignment(_)
@@ -763,7 +746,6 @@ impl SemanticSyntaxContext for Checker<'_> {
             | SemanticSyntaxErrorKind::LoadBeforeNonlocalDeclaration { .. }
             | SemanticSyntaxErrorKind::NonlocalAndGlobal(_)
             | SemanticSyntaxErrorKind::AnnotatedGlobal(_)
-            | SemanticSyntaxErrorKind::TypeParameterDefaultOrder(_)
             | SemanticSyntaxErrorKind::AnnotatedNonlocal(_) => {
                 self.semantic_errors.borrow_mut().push(error);
             }
@@ -797,10 +779,6 @@ impl SemanticSyntaxContext for Checker<'_> {
             match scope.kind {
                 ScopeKind::Class(_) => return false,
                 ScopeKind::Function(_) | ScopeKind::Lambda(_) => return true,
-                ScopeKind::Generator {
-                    kind: GeneratorKind::Generator,
-                    ..
-                } => return true,
                 ScopeKind::Generator { .. }
                 | ScopeKind::Module
                 | ScopeKind::Type
@@ -850,19 +828,14 @@ impl SemanticSyntaxContext for Checker<'_> {
         self.source_type.is_ipynb()
     }
 
-    fn in_generator_context(&self) -> bool {
-        for scope in self.semantic.current_scopes() {
-            if matches!(
-                scope.kind,
+    fn in_generator_scope(&self) -> bool {
+        matches!(
+            &self.semantic.current_scope().kind,
             ScopeKind::Generator {
                 kind: GeneratorKind::Generator,
                 ..
             }
-            ) {
-                return true;
-            }
-        }
-        false
+        )
     }
 
     fn in_loop_context(&self) -> bool {

crates/ruff_linter/src/checkers/logical_lines.rs

@@ -1,6 +1,6 @@
-use ruff_python_ast::token::{TokenKind, Tokens};
 use ruff_python_codegen::Stylist;
 use ruff_python_index::Indexer;
+use ruff_python_parser::{TokenKind, Tokens};
 use ruff_source_file::LineRanges;
 use ruff_text_size::{Ranged, TextRange};
 

crates/ruff_linter/src/checkers/noqa.rs

@@ -12,20 +12,17 @@ use crate::fix::edits::delete_comment;
 use crate::noqa::{
     Code, Directive, FileExemption, FileNoqaDirectives, NoqaDirectives, NoqaMapping,
 };
-use crate::preview::is_range_suppressions_enabled;
 use crate::registry::Rule;
 use crate::rule_redirects::get_redirect_target;
 use crate::rules::pygrep_hooks;
 use crate::rules::ruff;
 use crate::rules::ruff::rules::{UnusedCodes, UnusedNOQA};
 use crate::settings::LinterSettings;
-use crate::suppression::Suppressions;
 use crate::{Edit, Fix, Locator};
 
 use super::ast::LintContext;
 
 /// RUF100
-#[expect(clippy::too_many_arguments)]
 pub(crate) fn check_noqa(
     context: &mut LintContext,
     path: &Path,
@@ -34,7 +31,6 @@ pub(crate) fn check_noqa(
     noqa_line_for: &NoqaMapping,
     analyze_directives: bool,
     settings: &LinterSettings,
-    suppressions: &Suppressions,
 ) -> Vec<usize> {
     // Identify any codes that are globally exempted (within the current file).
     let file_noqa_directives =
@@ -44,7 +40,7 @@ pub(crate) fn check_noqa(
     let mut noqa_directives =
         NoqaDirectives::from_commented_ranges(comment_ranges, &settings.external, path, locator);
 
-    if file_noqa_directives.is_empty() && noqa_directives.is_empty() && suppressions.is_empty() {
+    if file_noqa_directives.is_empty() && noqa_directives.is_empty() {
         return Vec::new();
     }
 
@@ -64,19 +60,11 @@ pub(crate) fn check_noqa(
             continue;
         }
 
-        // Apply file-level suppressions first
         if exemption.contains_secondary_code(code) {
             ignored_diagnostics.push(index);
             continue;
         }
 
-        // Apply ranged suppressions next
-        if is_range_suppressions_enabled(settings) && suppressions.check_diagnostic(diagnostic) {
-            ignored_diagnostics.push(index);
-            continue;
-        }
-
-        // Apply end-of-line noqa suppressions last
         let noqa_offsets = diagnostic
             .parent()
             .into_iter()
@@ -119,9 +107,6 @@ pub(crate) fn check_noqa(
         }
     }
 
-    // Diagnostics for unused/invalid range suppressions
-    suppressions.check_suppressions(context, locator);
-
     // Enforce that the noqa directive was actually used (RUF100), unless RUF100 was itself
     // suppressed.
     if context.is_rule_enabled(Rule::UnusedNOQA)
@@ -143,13 +128,8 @@ pub(crate) fn check_noqa(
                 Directive::All(directive) => {
                     if matches.is_empty() {
                         let edit = delete_comment(directive.range(), locator);
-                        let mut diagnostic = context.report_diagnostic(
-                            UnusedNOQA {
-                                codes: None,
-                                kind: ruff::rules::UnusedNOQAKind::Noqa,
-                            },
-                            directive.range(),
-                        );
+                        let mut diagnostic = context
+                            .report_diagnostic(UnusedNOQA { codes: None }, directive.range());
                         diagnostic.add_primary_tag(ruff_db::diagnostic::DiagnosticTag::Unnecessary);
                         diagnostic.set_fix(Fix::safe_edit(edit));
                     }
@@ -244,7 +224,6 @@ pub(crate) fn check_noqa(
                                         .map(|code| (*code).to_string())
                                         .collect(),
                                 }),
-                                kind: ruff::rules::UnusedNOQAKind::Noqa,
                             },
                             directive.range(),
                         );

crates/ruff_linter/src/checkers/tokens.rs

@@ -4,9 +4,9 @@ use std::path::Path;
 
 use ruff_notebook::CellOffsets;
 use ruff_python_ast::PySourceType;
-use ruff_python_ast::token::Tokens;
 use ruff_python_codegen::Stylist;
 use ruff_python_index::Indexer;
+use ruff_python_parser::Tokens;
 
 use crate::Locator;
 use crate::directives::TodoComment;

crates/ruff_linter/src/codes.rs

@@ -1058,7 +1058,6 @@ pub fn code_to_rule(linter: Linter, code: &str) -> Option<(RuleGroup, Rule)> {
         (Ruff, "063") => rules::ruff::rules::AccessAnnotationsFromClassDict,
         (Ruff, "064") => rules::ruff::rules::NonOctalPermissions,
         (Ruff, "065") => rules::ruff::rules::LoggingEagerConversion,
-        (Ruff, "066") => rules::ruff::rules::PropertyWithoutReturn,
 
         (Ruff, "100") => rules::ruff::rules::UnusedNOQA,
         (Ruff, "101") => rules::ruff::rules::RedirectedNOQA,

crates/ruff_linter/src/directives.rs

@@ -5,8 +5,8 @@ use std::str::FromStr;
 
 use bitflags::bitflags;
 
-use ruff_python_ast::token::{TokenKind, Tokens};
 use ruff_python_index::Indexer;
+use ruff_python_parser::{TokenKind, Tokens};
 use ruff_python_trivia::CommentRanges;
 use ruff_source_file::LineRanges;
 use ruff_text_size::{Ranged, TextLen, TextRange, TextSize};

crates/ruff_linter/src/doc_lines.rs

@@ -5,8 +5,8 @@ use std::iter::FusedIterator;
 use std::slice::Iter;
 
 use ruff_python_ast::statement_visitor::{StatementVisitor, walk_stmt};
-use ruff_python_ast::token::{Token, TokenKind, Tokens};
 use ruff_python_ast::{self as ast, Stmt, Suite};
+use ruff_python_parser::{Token, TokenKind, Tokens};
 use ruff_source_file::UniversalNewlineIterator;
 use ruff_text_size::{Ranged, TextSize};
 

crates/ruff_linter/src/fix/edits.rs

@@ -3,13 +3,14 @@
 use anyhow::{Context, Result};
 
 use ruff_python_ast::AnyNodeRef;
-use ruff_python_ast::token::{self, Tokens, parenthesized_range};
+use ruff_python_ast::parenthesize::parenthesized_range;
 use ruff_python_ast::{self as ast, Arguments, ExceptHandler, Expr, ExprList, Parameters, Stmt};
 use ruff_python_codegen::Stylist;
 use ruff_python_index::Indexer;
 use ruff_python_trivia::textwrap::dedent_to;
 use ruff_python_trivia::{
-    PythonWhitespace, SimpleTokenKind, SimpleTokenizer, has_leading_content, is_python_whitespace,
+    CommentRanges, PythonWhitespace, SimpleTokenKind, SimpleTokenizer, has_leading_content,
+    is_python_whitespace,
 };
 use ruff_source_file::{LineRanges, NewlineWithTrailingNewline, UniversalNewlines};
 use ruff_text_size::{Ranged, TextLen, TextRange, TextSize};
@@ -208,7 +209,7 @@ pub(crate) fn remove_argument<T: Ranged>(
     arguments: &Arguments,
     parentheses: Parentheses,
     source: &str,
-    tokens: &Tokens,
+    comment_ranges: &CommentRanges,
 ) -> Result<Edit> {
     // Partition into arguments before and after the argument to remove.
     let (before, after): (Vec<_>, Vec<_>) = arguments
@@ -223,7 +224,7 @@ pub(crate) fn remove_argument<T: Ranged>(
         .context("Unable to find argument")?;
 
     let parenthesized_range =
-        token::parenthesized_range(arg.value().into(), arguments.into(), tokens)
+        parenthesized_range(arg.value().into(), arguments.into(), comment_ranges, source)
             .unwrap_or(arg.range());
 
     if !after.is_empty() {
@@ -269,13 +270,24 @@ pub(crate) fn remove_argument<T: Ranged>(
 ///
 /// The new argument will be inserted before the first existing keyword argument in `arguments`, if
 /// there are any present. Otherwise, the new argument is added to the end of the argument list.
-pub(crate) fn add_argument(argument: &str, arguments: &Arguments, tokens: &Tokens) -> Edit {
+pub(crate) fn add_argument(
+    argument: &str,
+    arguments: &Arguments,
+    comment_ranges: &CommentRanges,
+    source: &str,
+) -> Edit {
     if let Some(ast::Keyword { range, value, .. }) = arguments.keywords.first() {
-        let keyword = parenthesized_range(value.into(), arguments.into(), tokens).unwrap_or(*range);
+        let keyword = parenthesized_range(value.into(), arguments.into(), comment_ranges, source)
+            .unwrap_or(*range);
         Edit::insertion(format!("{argument}, "), keyword.start())
     } else if let Some(last) = arguments.arguments_source_order().last() {
         // Case 1: existing arguments, so append after the last argument.
-        let last = parenthesized_range(last.value().into(), arguments.into(), tokens)
+        let last = parenthesized_range(
+            last.value().into(),
+            arguments.into(),
+            comment_ranges,
+            source,
+        )
         .unwrap_or(last.range());
         Edit::insertion(format!(", {argument}"), last.end())
     } else {
@@ -286,7 +298,12 @@ pub(crate) fn add_argument(argument: &str, arguments: &Arguments, tokens: &Token
 
 /// Generic function to add a (regular) parameter to a function definition.
 pub(crate) fn add_parameter(parameter: &str, parameters: &Parameters, source: &str) -> Edit {
-    if let Some(last) = parameters.args.iter().rfind(|arg| arg.default.is_none()) {
+    if let Some(last) = parameters
+        .args
+        .iter()
+        .filter(|arg| arg.default.is_none())
+        .next_back()
+    {
         // Case 1: at least one regular parameter, so append after the last one.
         Edit::insertion(format!(", {parameter}"), last.end())
     } else if !parameters.args.is_empty() {

crates/ruff_linter/src/importer/mod.rs

@@ -9,11 +9,10 @@ use anyhow::Result;
 use libcst_native as cst;
 
 use ruff_diagnostics::Edit;
-use ruff_python_ast::token::Tokens;
 use ruff_python_ast::{self as ast, Expr, ModModule, Stmt};
 use ruff_python_codegen::Stylist;
 use ruff_python_importer::Insertion;
-use ruff_python_parser::Parsed;
+use ruff_python_parser::{Parsed, Tokens};
 use ruff_python_semantic::{
     ImportedName, MemberNameImport, ModuleNameImport, NameImport, SemanticModel,
 };

crates/ruff_linter/src/lib.rs

@@ -46,7 +46,6 @@ pub mod rule_selector;
 pub mod rules;
 pub mod settings;
 pub mod source_kind;
-pub mod suppression;
 mod text_helpers;
 pub mod upstream_categories;
 mod violation;

crates/ruff_linter/src/linter.rs

@@ -32,7 +32,6 @@ use crate::rules::ruff::rules::test_rules::{self, TEST_RULES, TestRule};
 use crate::settings::types::UnsafeFixes;
 use crate::settings::{LinterSettings, TargetVersion, flags};
 use crate::source_kind::SourceKind;
-use crate::suppression::Suppressions;
 use crate::{Locator, directives, fs};
 
 pub(crate) mod float;
@@ -129,7 +128,6 @@ pub fn check_path(
     source_type: PySourceType,
     parsed: &Parsed<ModModule>,
     target_version: TargetVersion,
-    suppressions: &Suppressions,
 ) -> Vec<Diagnostic> {
     // Aggregate all diagnostics.
     let mut context = LintContext::new(path, locator.contents(), settings);
@@ -341,7 +339,6 @@ pub fn check_path(
             &directives.noqa_line_for,
             parsed.has_valid_syntax(),
             settings,
-            suppressions,
         );
         if noqa.is_enabled() {
             for index in ignored.iter().rev() {
@@ -403,9 +400,6 @@ pub fn add_noqa_to_path(
         &indexer,
     );
 
-    // Parse range suppression comments
-    let suppressions = Suppressions::from_tokens(settings, locator.contents(), parsed.tokens());
-
     // Generate diagnostics, ignoring any existing `noqa` directives.
     let diagnostics = check_path(
         path,
@@ -420,7 +414,6 @@ pub fn add_noqa_to_path(
         source_type,
         &parsed,
         target_version,
-        &suppressions,
     );
 
     // Add any missing `# noqa` pragmas.
@@ -434,7 +427,6 @@ pub fn add_noqa_to_path(
         &directives.noqa_line_for,
         stylist.line_ending(),
         reason,
-        &suppressions,
     )
 }
 
@@ -469,9 +461,6 @@ pub fn lint_only(
         &indexer,
     );
 
-    // Parse range suppression comments
-    let suppressions = Suppressions::from_tokens(settings, locator.contents(), parsed.tokens());
-
     // Generate diagnostics.
     let diagnostics = check_path(
         path,
@@ -486,7 +475,6 @@ pub fn lint_only(
         source_type,
         &parsed,
         target_version,
-        &suppressions,
     );
 
     LinterResult {
@@ -578,9 +566,6 @@ pub fn lint_fix<'a>(
             &indexer,
         );
 
-        // Parse range suppression comments
-        let suppressions = Suppressions::from_tokens(settings, locator.contents(), parsed.tokens());
-
         // Generate diagnostics.
         let diagnostics = check_path(
             path,
@@ -595,7 +580,6 @@ pub fn lint_fix<'a>(
             source_type,
             &parsed,
             target_version,
-            &suppressions,
         );
 
         if iterations == 0 {
@@ -785,7 +769,6 @@ mod tests {
     use crate::registry::Rule;
     use crate::settings::LinterSettings;
     use crate::source_kind::SourceKind;
-    use crate::suppression::Suppressions;
     use crate::test::{TestedNotebook, assert_notebook_path, test_contents, test_snippet};
     use crate::{Locator, assert_diagnostics, directives, settings};
 
@@ -961,7 +944,6 @@ mod tests {
             &locator,
             &indexer,
         );
-        let suppressions = Suppressions::from_tokens(settings, locator.contents(), parsed.tokens());
         let mut diagnostics = check_path(
             path,
             None,
@@ -975,7 +957,6 @@ mod tests {
             source_type,
             &parsed,
             target_version,
-            &suppressions,
         );
         diagnostics.sort_by(Diagnostic::ruff_start_ordering);
         diagnostics
@@ -1001,7 +982,6 @@ mod tests {
     #[test_case(Path::new("write_to_debug.py"), PythonVersion::PY310)]
     #[test_case(Path::new("invalid_expression.py"), PythonVersion::PY312)]
     #[test_case(Path::new("global_parameter.py"), PythonVersion::PY310)]
-    #[test_case(Path::new("annotated_global.py"), PythonVersion::PY314)]
     fn test_semantic_errors(path: &Path, python_version: PythonVersion) -> Result<()> {
         let snapshot = format!(
             "semantic_syntax_error_{}_{}",
@@ -1063,7 +1043,6 @@ mod tests {
         Rule::YieldFromInAsyncFunction,
         Path::new("yield_from_in_async_function.py")
     )]
-    #[test_case(Rule::ReturnInGenerator, Path::new("return_in_generator.py"))]
     fn test_syntax_errors(rule: Rule, path: &Path) -> Result<()> {
         let snapshot = path.to_string_lossy().to_string();
         let path = Path::new("resources/test/fixtures/syntax_errors").join(path);

crates/ruff_linter/src/noqa.rs

@@ -20,14 +20,12 @@ use crate::Locator;
 use crate::fs::relativize_path;
 use crate::registry::Rule;
 use crate::rule_redirects::get_redirect_target;
-use crate::suppression::Suppressions;
 
 /// Generates an array of edits that matches the length of `messages`.
 /// Each potential edit in the array is paired, in order, with the associated diagnostic.
 /// Each edit will add a `noqa` comment to the appropriate line in the source to hide
 /// the diagnostic. These edits may conflict with each other and should not be applied
 /// simultaneously.
-#[expect(clippy::too_many_arguments)]
 pub fn generate_noqa_edits(
     path: &Path,
     diagnostics: &[Diagnostic],
@@ -36,19 +34,11 @@ pub fn generate_noqa_edits(
     external: &[String],
     noqa_line_for: &NoqaMapping,
     line_ending: LineEnding,
-    suppressions: &Suppressions,
 ) -> Vec<Option<Edit>> {
     let file_directives = FileNoqaDirectives::extract(locator, comment_ranges, external, path);
     let exemption = FileExemption::from(&file_directives);
     let directives = NoqaDirectives::from_commented_ranges(comment_ranges, external, path, locator);
-    let comments = find_noqa_comments(
-        diagnostics,
-        locator,
-        &exemption,
-        &directives,
-        noqa_line_for,
-        suppressions,
-    );
+    let comments = find_noqa_comments(diagnostics, locator, &exemption, &directives, noqa_line_for);
     build_noqa_edits_by_diagnostic(comments, locator, line_ending, None)
 }
 
@@ -735,7 +725,6 @@ pub(crate) fn add_noqa(
     noqa_line_for: &NoqaMapping,
     line_ending: LineEnding,
     reason: Option<&str>,
-    suppressions: &Suppressions,
 ) -> Result<usize> {
     let (count, output) = add_noqa_inner(
         path,
@@ -746,7 +735,6 @@ pub(crate) fn add_noqa(
         noqa_line_for,
         line_ending,
         reason,
-        suppressions,
     );
 
     fs::write(path, output)?;
@@ -763,7 +751,6 @@ fn add_noqa_inner(
     noqa_line_for: &NoqaMapping,
     line_ending: LineEnding,
     reason: Option<&str>,
-    suppressions: &Suppressions,
 ) -> (usize, String) {
     let mut count = 0;
 
@@ -773,14 +760,7 @@ fn add_noqa_inner(
 
     let directives = NoqaDirectives::from_commented_ranges(comment_ranges, external, path, locator);
 
-    let comments = find_noqa_comments(
-        diagnostics,
-        locator,
-        &exemption,
-        &directives,
-        noqa_line_for,
-        suppressions,
-    );
+    let comments = find_noqa_comments(diagnostics, locator, &exemption, &directives, noqa_line_for);
 
     let edits = build_noqa_edits_by_line(comments, locator, line_ending, reason);
 
@@ -879,7 +859,6 @@ fn find_noqa_comments<'a>(
     exemption: &'a FileExemption,
     directives: &'a NoqaDirectives,
     noqa_line_for: &NoqaMapping,
-    suppressions: &'a Suppressions,
 ) -> Vec<Option<NoqaComment<'a>>> {
     // List of noqa comments, ordered to match up with `messages`
     let mut comments_by_line: Vec<Option<NoqaComment<'a>>> = vec![];
@@ -896,12 +875,6 @@ fn find_noqa_comments<'a>(
             continue;
         }
 
-        // Apply ranged suppressions next
-        if suppressions.check_diagnostic(message) {
-            comments_by_line.push(None);
-            continue;
-        }
-
         // Is the violation ignored by a `noqa` directive on the parent line?
         if let Some(parent) = message.parent() {
             if let Some(directive_line) =
@@ -1280,7 +1253,6 @@ mod tests {
     use crate::rules::pycodestyle::rules::{AmbiguousVariableName, UselessSemicolon};
     use crate::rules::pyflakes::rules::UnusedVariable;
     use crate::rules::pyupgrade::rules::PrintfStringFormatting;
-    use crate::suppression::Suppressions;
     use crate::{Edit, Violation};
     use crate::{Locator, generate_noqa_edits};
 
@@ -2876,7 +2848,6 @@ mod tests {
             &noqa_line_for,
             LineEnding::Lf,
             None,
-            &Suppressions::default(),
         );
         assert_eq!(count, 0);
         assert_eq!(output, format!("{contents}"));
@@ -2901,7 +2872,6 @@ mod tests {
             &noqa_line_for,
             LineEnding::Lf,
             None,
-            &Suppressions::default(),
         );
         assert_eq!(count, 1);
         assert_eq!(output, "x = 1  # noqa: F841\n");
@@ -2933,7 +2903,6 @@ mod tests {
             &noqa_line_for,
             LineEnding::Lf,
             None,
-            &Suppressions::default(),
         );
         assert_eq!(count, 1);
         assert_eq!(output, "x = 1  # noqa: E741, F841\n");
@@ -2965,7 +2934,6 @@ mod tests {
             &noqa_line_for,
             LineEnding::Lf,
             None,
-            &Suppressions::default(),
         );
         assert_eq!(count, 0);
         assert_eq!(output, "x = 1  # noqa");
@@ -2988,7 +2956,6 @@ print(
         let messages = [PrintfStringFormatting
             .into_diagnostic(TextRange::new(12.into(), 79.into()), &source_file)];
         let comment_ranges = CommentRanges::default();
-        let suppressions = Suppressions::default();
         let edits = generate_noqa_edits(
             path,
             &messages,
@@ -2997,7 +2964,6 @@ print(
             &[],
             &noqa_line_for,
             LineEnding::Lf,
-            &suppressions,
         );
         assert_eq!(
             edits,
@@ -3021,7 +2987,6 @@ bar =
             [UselessSemicolon.into_diagnostic(TextRange::new(4.into(), 5.into()), &source_file)];
         let noqa_line_for = NoqaMapping::default();
         let comment_ranges = CommentRanges::default();
-        let suppressions = Suppressions::default();
         let edits = generate_noqa_edits(
             path,
             &messages,
@@ -3030,7 +2995,6 @@ bar =
             &[],
             &noqa_line_for,
             LineEnding::Lf,
-            &suppressions,
         );
         assert_eq!(
             edits,

crates/ruff_linter/src/preview.rs

@@ -9,11 +9,6 @@ use crate::settings::LinterSettings;
 
 // Rule-specific behavior
 
-// https://github.com/astral-sh/ruff/pull/21382
-pub(crate) const fn is_custom_exception_checking_enabled(settings: &LinterSettings) -> bool {
-    settings.preview.is_enabled()
-}
-
 // https://github.com/astral-sh/ruff/pull/15541
 pub(crate) const fn is_suspicious_function_reference_enabled(settings: &LinterSettings) -> bool {
     settings.preview.is_enabled()
@@ -284,15 +279,3 @@ pub(crate) const fn is_extended_snmp_api_path_detection_enabled(settings: &Linte
 pub(crate) const fn is_enumerate_for_loop_int_index_enabled(settings: &LinterSettings) -> bool {
     settings.preview.is_enabled()
 }
-
-// https://github.com/astral-sh/ruff/pull/21469
-pub(crate) const fn is_s310_resolve_string_literal_bindings_enabled(
-    settings: &LinterSettings,
-) -> bool {
-    settings.preview.is_enabled()
-}
-
-// https://github.com/astral-sh/ruff/pull/21623
-pub(crate) const fn is_range_suppressions_enabled(settings: &LinterSettings) -> bool {
-    settings.preview.is_enabled()
-}

crates/ruff_linter/src/rules/fastapi/rules/fastapi_redundant_response_model.rs

@@ -91,8 +91,8 @@ pub(crate) fn fastapi_redundant_response_model(checker: &Checker, function_def:
                 response_model_arg,
                 &call.arguments,
                 Parentheses::Preserve,
-                checker.source(),
-                checker.tokens(),
+                checker.locator().contents(),
+                checker.comment_ranges(),
             )
             .map(Fix::unsafe_edit)
         });

crates/ruff_linter/src/rules/flake8_async/rules/blocking_open_call.rs

@@ -70,7 +70,7 @@ fn is_open_call(func: &Expr, semantic: &SemanticModel) -> bool {
 }
 
 /// Returns `true` if an expression resolves to a call to `pathlib.Path.open`.
-pub(crate) fn is_open_call_from_pathlib(func: &Expr, semantic: &SemanticModel) -> bool {
+fn is_open_call_from_pathlib(func: &Expr, semantic: &SemanticModel) -> bool {
     let Expr::Attribute(ast::ExprAttribute { attr, value, .. }) = func else {
         return false;
     };

crates/ruff_linter/src/rules/flake8_async/rules/mod.rs

@@ -18,7 +18,7 @@ mod async_zero_sleep;
 mod blocking_http_call;
 mod blocking_http_call_httpx;
 mod blocking_input;
-pub(crate) mod blocking_open_call;
+mod blocking_open_call;
 mod blocking_path_methods;
 mod blocking_process_invocation;
 mod blocking_sleep;

crates/ruff_linter/src/rules/flake8_bandit/mod.rs

@@ -10,11 +10,11 @@ mod tests {
     use anyhow::Result;
     use test_case::test_case;
 
+    use crate::assert_diagnostics;
     use crate::registry::Rule;
     use crate::settings::LinterSettings;
     use crate::settings::types::PreviewMode;
     use crate::test::test_path;
-    use crate::{assert_diagnostics, assert_diagnostics_diff};
 
     #[test_case(Rule::Assert, Path::new("S101.py"))]
     #[test_case(Rule::BadFilePermissions, Path::new("S103.py"))]
@@ -112,19 +112,14 @@ mod tests {
             rule_code.noqa_code(),
             path.to_string_lossy()
         );
-
-        assert_diagnostics_diff!(
-            snapshot,
+        let diagnostics = test_path(
             Path::new("flake8_bandit").join(path).as_path(),
-            &LinterSettings {
-                preview: PreviewMode::Disabled,
-                ..LinterSettings::for_rule(rule_code)
-            },
             &LinterSettings {
                 preview: PreviewMode::Enabled,
                 ..LinterSettings::for_rule(rule_code)
-            }
-        );
+            },
+        )?;
+        assert_diagnostics!(snapshot, diagnostics);
         Ok(())
     }
 

crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_function_call.rs

@@ -4,16 +4,11 @@
 use itertools::Either;
 use ruff_macros::{ViolationMetadata, derive_message_formats};
 use ruff_python_ast::{self as ast, Arguments, Decorator, Expr, ExprCall, Operator};
-use ruff_python_semantic::SemanticModel;
-use ruff_python_semantic::analyze::typing::find_binding_value;
 use ruff_text_size::{Ranged, TextRange};
 
 use crate::Violation;
 use crate::checkers::ast::Checker;
-use crate::preview::{
-    is_s310_resolve_string_literal_bindings_enabled, is_suspicious_function_reference_enabled,
-};
-use crate::settings::LinterSettings;
+use crate::preview::is_suspicious_function_reference_enabled;
 
 /// ## What it does
 /// Checks for calls to `pickle` functions or modules that wrap them.
@@ -1021,25 +1016,6 @@ fn suspicious_function(
             || has_prefix(chars.skip_while(|c| c.is_whitespace()), "https://")
     }
 
-    /// Resolves `expr` to its binding and checks if the resolved expression starts with an HTTP or HTTPS prefix.
-    fn expression_starts_with_http_prefix(
-        expr: &Expr,
-        semantic: &SemanticModel,
-        settings: &LinterSettings,
-    ) -> bool {
-        let resolved_expression = if is_s310_resolve_string_literal_bindings_enabled(settings)
-            && let Some(name_expr) = expr.as_name_expr()
-            && let Some(binding_id) = semantic.only_binding(name_expr)
-            && let Some(value) = find_binding_value(semantic.binding(binding_id), semantic)
-        {
-            value
-        } else {
-            expr
-        };
-
-        leading_chars(resolved_expression).is_some_and(has_http_prefix)
-    }
-
     /// Return the leading characters for an expression, if it's a string literal, f-string, or
     /// string concatenation.
     fn leading_chars(expr: &Expr) -> Option<impl Iterator<Item = char> + Clone + '_> {
@@ -1163,19 +1139,17 @@ fn suspicious_function(
         // URLOpen (`Request`)
         ["urllib", "request", "Request"] | ["six", "moves", "urllib", "request", "Request"] => {
             if let Some(arguments) = arguments {
-                // If the `url` argument is a string literal (including resolved bindings), allow `http` and `https` schemes.
+                // If the `url` argument is a string literal or an f-string, allow `http` and `https` schemes.
                 if arguments.args.iter().all(|arg| !arg.is_starred_expr())
                     && arguments
                         .keywords
                         .iter()
                         .all(|keyword| keyword.arg.is_some())
                 {
-                    if let Some(url_expr) = arguments.find_argument_value("url", 0)
-                        && expression_starts_with_http_prefix(
-                            url_expr,
-                            checker.semantic(),
-                            checker.settings(),
-                        )
+                    if arguments
+                        .find_argument_value("url", 0)
+                        .and_then(leading_chars)
+                        .is_some_and(has_http_prefix)
                     {
                         return;
                     }
@@ -1212,25 +1186,19 @@ fn suspicious_function(
                                     name.segments() == ["urllib", "request", "Request"]
                                 })
                             {
-                                if let Some(url_expr) = arguments.find_argument_value("url", 0)
-                                    && expression_starts_with_http_prefix(
-                                        url_expr,
-                                        checker.semantic(),
-                                        checker.settings(),
-                                    )
+                                if arguments
+                                    .find_argument_value("url", 0)
+                                    .and_then(leading_chars)
+                                    .is_some_and(has_http_prefix)
                                 {
                                     return;
                                 }
                             }
                         }
 
-                        // If the `url` argument is a string literal (including resolved bindings), allow `http` and `https` schemes.
+                        // If the `url` argument is a string literal, allow `http` and `https` schemes.
                         Some(expr) => {
-                            if expression_starts_with_http_prefix(
-                                expr,
-                                checker.semantic(),
-                                checker.settings(),
-                            ) {
+                            if leading_chars(expr).is_some_and(has_http_prefix) {
                                 return;
                             }
                         }

crates/ruff_linter/src/rules/flake8_bandit/rules/unsafe_yaml_load.rs

@@ -75,7 +75,6 @@ pub(crate) fn unsafe_yaml_load(checker: &Checker, call: &ast::ExprCall) {
                         qualified_name.segments(),
                         ["yaml", "SafeLoader" | "CSafeLoader"]
                             | ["yaml", "loader", "SafeLoader" | "CSafeLoader"]
-                            | ["yaml", "cyaml", "CSafeLoader"]
                     )
                 })
             {

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S310_S310.py.snap

@@ -254,84 +254,3 @@ S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom sch
 42 | urllib.request.urlopen(urllib.request.Request(url))
    |                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:51:1
-   |
-49 | # https://github.com/astral-sh/ruff/issues/21462
-50 | path = "https://example.com/data.csv"
-51 | urllib.request.urlretrieve(path, "data.csv")
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-52 | url = "https://example.com/api"
-53 | urllib.request.Request(url)
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:53:1
-   |
-51 | urllib.request.urlretrieve(path, "data.csv")
-52 | url = "https://example.com/api"
-53 | urllib.request.Request(url)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^
-54 |
-55 | # Test resolved f-strings and concatenated string literals
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:57:1
-   |
-55 | # Test resolved f-strings and concatenated string literals
-56 | fstring_url = f"https://example.com/data.csv"
-57 | urllib.request.urlopen(fstring_url)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-58 | urllib.request.Request(fstring_url)
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:58:1
-   |
-56 | fstring_url = f"https://example.com/data.csv"
-57 | urllib.request.urlopen(fstring_url)
-58 | urllib.request.Request(fstring_url)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-59 |
-60 | concatenated_url = "https://" + "example.com/data.csv"
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:61:1
-   |
-60 | concatenated_url = "https://" + "example.com/data.csv"
-61 | urllib.request.urlopen(concatenated_url)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-62 | urllib.request.Request(concatenated_url)
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:62:1
-   |
-60 | concatenated_url = "https://" + "example.com/data.csv"
-61 | urllib.request.urlopen(concatenated_url)
-62 | urllib.request.Request(concatenated_url)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-63 |
-64 | nested_concatenated = "http://" + "example.com" + "/data.csv"
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:65:1
-   |
-64 | nested_concatenated = "http://" + "example.com" + "/data.csv"
-65 | urllib.request.urlopen(nested_concatenated)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-66 | urllib.request.Request(nested_concatenated)
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:66:1
-   |
-64 | nested_concatenated = "http://" + "example.com" + "/data.csv"
-65 | urllib.request.urlopen(nested_concatenated)
-66 | urllib.request.Request(nested_concatenated)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-   |

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S301_S301.py.snap

@@ -1,15 +1,15 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
---- Linter settings ---
--linter.preview = disabled
-+linter.preview = enabled
+S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
+ --> S301.py:3:1
+  |
+1 | import pickle
+2 |
+3 | pickle.loads()
+  | ^^^^^^^^^^^^^^
+  |
 
---- Summary ---
-Removed: 0
-Added: 2
-
---- Added ---
 S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
  --> S301.py:7:5
   |
@@ -19,7 +19,6 @@ S301 `pickle` and modules that wrap it can be unsafe when used to deserialize un
 8 | foo = pickle.load
   |
 
-
 S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
  --> S301.py:8:7
   |

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S307_S307.py.snap

@@ -1,15 +1,24 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
---- Linter settings ---
--linter.preview = disabled
-+linter.preview = enabled
+S307 Use of possibly insecure function; consider using `ast.literal_eval`
+ --> S307.py:3:7
+  |
+1 | import os
+2 |
+3 | print(eval("1+1"))  # S307
+  |       ^^^^^^^^^^^
+4 | print(eval("os.getcwd()"))  # S307
+  |
 
---- Summary ---
-Removed: 0
-Added: 2
+S307 Use of possibly insecure function; consider using `ast.literal_eval`
+ --> S307.py:4:7
+  |
+3 | print(eval("1+1"))  # S307
+4 | print(eval("os.getcwd()"))  # S307
+  |       ^^^^^^^^^^^^^^^^^^^
+  |
 
---- Added ---
 S307 Use of possibly insecure function; consider using `ast.literal_eval`
   --> S307.py:16:5
    |
@@ -19,7 +28,6 @@ S307 Use of possibly insecure function; consider using `ast.literal_eval`
 17 | foo = eval
    |
 
-
 S307 Use of possibly insecure function; consider using `ast.literal_eval`
   --> S307.py:17:7
    |

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S308_S308.py.snap

@@ -1,37 +1,60 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
---- Linter settings ---
--linter.preview = disabled
-+linter.preview = enabled
-
---- Summary ---
-Removed: 2
-Added: 4
-
---- Removed ---
 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:16:1
+ --> S308.py:6:5
   |
-16 | @mark_safe
-   | ^^^^^^^^^^
-17 | def some_func():
-18 |     return '<script>alert("evil!")</script>'
+4 | def bad_func():
+5 |     inject = "harmful_input"
+6 |     mark_safe(inject)
+  |     ^^^^^^^^^^^^^^^^^
+7 |     mark_safe("I will add" + inject + "to my string")
+8 |     mark_safe("I will add %s to my string" % inject)
   |
 
-
 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:36:1
+ --> S308.py:7:5
   |
-36 | @mark_safe
-   | ^^^^^^^^^^
-37 | def some_func():
-38 |     return '<script>alert("evil!")</script>'
+5 |     inject = "harmful_input"
+6 |     mark_safe(inject)
+7 |     mark_safe("I will add" + inject + "to my string")
+  |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+8 |     mark_safe("I will add %s to my string" % inject)
+9 |     mark_safe("I will add {} to my string".format(inject))
   |
 
+S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
+  --> S308.py:8:5
+   |
+ 6 |     mark_safe(inject)
+ 7 |     mark_safe("I will add" + inject + "to my string")
+ 8 |     mark_safe("I will add %s to my string" % inject)
+   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+ 9 |     mark_safe("I will add {} to my string".format(inject))
+10 |     mark_safe(f"I will add {inject} to my string")
+   |
 
+S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
+  --> S308.py:9:5
+   |
+ 7 |     mark_safe("I will add" + inject + "to my string")
+ 8 |     mark_safe("I will add %s to my string" % inject)
+ 9 |     mark_safe("I will add {} to my string".format(inject))
+   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+10 |     mark_safe(f"I will add {inject} to my string")
+   |
+
+S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
+  --> S308.py:10:5
+   |
+ 8 |     mark_safe("I will add %s to my string" % inject)
+ 9 |     mark_safe("I will add {} to my string".format(inject))
+10 |     mark_safe(f"I will add {inject} to my string")
+   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+11 |
+12 | def good_func():
+   |
 
---- Added ---
 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
   --> S308.py:16:2
    |
@@ -41,6 +64,59 @@ S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
 18 |     return '<script>alert("evil!")</script>'
    |
 
+S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
+  --> S308.py:26:5
+   |
+24 | def bad_func():
+25 |     inject = "harmful_input"
+26 |     mark_safe(inject)
+   |     ^^^^^^^^^^^^^^^^^
+27 |     mark_safe("I will add" + inject + "to my string")
+28 |     mark_safe("I will add %s to my string" % inject)
+   |
+
+S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
+  --> S308.py:27:5
+   |
+25 |     inject = "harmful_input"
+26 |     mark_safe(inject)
+27 |     mark_safe("I will add" + inject + "to my string")
+   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+28 |     mark_safe("I will add %s to my string" % inject)
+29 |     mark_safe("I will add {} to my string".format(inject))
+   |
+
+S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
+  --> S308.py:28:5
+   |
+26 |     mark_safe(inject)
+27 |     mark_safe("I will add" + inject + "to my string")
+28 |     mark_safe("I will add %s to my string" % inject)
+   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+29 |     mark_safe("I will add {} to my string".format(inject))
+30 |     mark_safe(f"I will add {inject} to my string")
+   |
+
+S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
+  --> S308.py:29:5
+   |
+27 |     mark_safe("I will add" + inject + "to my string")
+28 |     mark_safe("I will add %s to my string" % inject)
+29 |     mark_safe("I will add {} to my string".format(inject))
+   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+30 |     mark_safe(f"I will add {inject} to my string")
+   |
+
+S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
+  --> S308.py:30:5
+   |
+28 |     mark_safe("I will add %s to my string" % inject)
+29 |     mark_safe("I will add {} to my string".format(inject))
+30 |     mark_safe(f"I will add {inject} to my string")
+   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+31 |
+32 | def good_func():
+   |
 
 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
   --> S308.py:36:2
@@ -51,7 +127,6 @@ S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
 38 |     return '<script>alert("evil!")</script>'
    |
 
-
 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
   --> S308.py:42:5
    |
@@ -61,7 +136,6 @@ S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
 43 | foo = mark_safe
    |
 
-
 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
   --> S308.py:43:7
    |

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S310_S310.py.snap

@@ -1,106 +1,260 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
---- Linter settings ---
--linter.preview = disabled
-+linter.preview = enabled
-
---- Summary ---
-Removed: 8
-Added: 2
-
---- Removed ---
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:51:1
+ --> S310.py:6:1
   |
-49 | # https://github.com/astral-sh/ruff/issues/21462
-50 | path = "https://example.com/data.csv"
-51 | urllib.request.urlretrieve(path, "data.csv")
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-52 | url = "https://example.com/api"
-53 | urllib.request.Request(url)
+4 | urllib.request.urlopen(url=f'http://www.google.com')
+5 | urllib.request.urlopen(url='http://' + 'www' + '.google.com')
+6 | urllib.request.urlopen(url='http://www.google.com', **kwargs)
+  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+7 | urllib.request.urlopen(url=f'http://www.google.com', **kwargs)
+8 | urllib.request.urlopen('http://www.google.com')
   |
 
-
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:53:1
+ --> S310.py:7:1
   |
-51 | urllib.request.urlretrieve(path, "data.csv")
-52 | url = "https://example.com/api"
-53 | urllib.request.Request(url)
+5 | urllib.request.urlopen(url='http://' + 'www' + '.google.com')
+6 | urllib.request.urlopen(url='http://www.google.com', **kwargs)
+7 | urllib.request.urlopen(url=f'http://www.google.com', **kwargs)
+  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+8 | urllib.request.urlopen('http://www.google.com')
+9 | urllib.request.urlopen(f'http://www.google.com')
+  |
+
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:10:1
+   |
+ 8 | urllib.request.urlopen('http://www.google.com')
+ 9 | urllib.request.urlopen(f'http://www.google.com')
+10 | urllib.request.urlopen('file:///foo/bar/baz')
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+11 | urllib.request.urlopen(url)
+   |
+
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:11:1
+   |
+ 9 | urllib.request.urlopen(f'http://www.google.com')
+10 | urllib.request.urlopen('file:///foo/bar/baz')
+11 | urllib.request.urlopen(url)
    | ^^^^^^^^^^^^^^^^^^^^^^^^^^^
-54 |
-55 | # Test resolved f-strings and concatenated string literals
+12 |
+13 | urllib.request.Request(url='http://www.google.com')
    |
 
-
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:57:1
+  --> S310.py:16:1
    |
-55 | # Test resolved f-strings and concatenated string literals
-56 | fstring_url = f"https://example.com/data.csv"
-57 | urllib.request.urlopen(fstring_url)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-58 | urllib.request.Request(fstring_url)
+14 | urllib.request.Request(url=f'http://www.google.com')
+15 | urllib.request.Request(url='http://' + 'www' + '.google.com')
+16 | urllib.request.Request(url='http://www.google.com', **kwargs)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+17 | urllib.request.Request(url=f'http://www.google.com', **kwargs)
+18 | urllib.request.Request('http://www.google.com')
    |
 
-
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:58:1
+  --> S310.py:17:1
    |
-56 | fstring_url = f"https://example.com/data.csv"
-57 | urllib.request.urlopen(fstring_url)
-58 | urllib.request.Request(fstring_url)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-59 |
-60 | concatenated_url = "https://" + "example.com/data.csv"
+15 | urllib.request.Request(url='http://' + 'www' + '.google.com')
+16 | urllib.request.Request(url='http://www.google.com', **kwargs)
+17 | urllib.request.Request(url=f'http://www.google.com', **kwargs)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+18 | urllib.request.Request('http://www.google.com')
+19 | urllib.request.Request(f'http://www.google.com')
    |
 
-
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:61:1
+  --> S310.py:20:1
    |
-60 | concatenated_url = "https://" + "example.com/data.csv"
-61 | urllib.request.urlopen(concatenated_url)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-62 | urllib.request.Request(concatenated_url)
+18 | urllib.request.Request('http://www.google.com')
+19 | urllib.request.Request(f'http://www.google.com')
+20 | urllib.request.Request('file:///foo/bar/baz')
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+21 | urllib.request.Request(url)
    |
 
-
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:62:1
+  --> S310.py:21:1
    |
-60 | concatenated_url = "https://" + "example.com/data.csv"
-61 | urllib.request.urlopen(concatenated_url)
-62 | urllib.request.Request(concatenated_url)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-63 |
-64 | nested_concatenated = "http://" + "example.com" + "/data.csv"
+19 | urllib.request.Request(f'http://www.google.com')
+20 | urllib.request.Request('file:///foo/bar/baz')
+21 | urllib.request.Request(url)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^
+22 |
+23 | urllib.request.URLopener().open(fullurl='http://www.google.com')
    |
 
-
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:65:1
+  --> S310.py:23:1
    |
-64 | nested_concatenated = "http://" + "example.com" + "/data.csv"
-65 | urllib.request.urlopen(nested_concatenated)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-66 | urllib.request.Request(nested_concatenated)
+21 | urllib.request.Request(url)
+22 |
+23 | urllib.request.URLopener().open(fullurl='http://www.google.com')
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
+24 | urllib.request.URLopener().open(fullurl=f'http://www.google.com')
+25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
    |
 
-
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:66:1
+  --> S310.py:24:1
    |
-64 | nested_concatenated = "http://" + "example.com" + "/data.csv"
-65 | urllib.request.urlopen(nested_concatenated)
-66 | urllib.request.Request(nested_concatenated)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+23 | urllib.request.URLopener().open(fullurl='http://www.google.com')
+24 | urllib.request.URLopener().open(fullurl=f'http://www.google.com')
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
+25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
+26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
    |
 
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:25:1
+   |
+23 | urllib.request.URLopener().open(fullurl='http://www.google.com')
+24 | urllib.request.URLopener().open(fullurl=f'http://www.google.com')
+25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
+26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
+27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
+   |
 
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:26:1
+   |
+24 | urllib.request.URLopener().open(fullurl=f'http://www.google.com')
+25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
+26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
+27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
+28 | urllib.request.URLopener().open('http://www.google.com')
+   |
+
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:27:1
+   |
+25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
+26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
+27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
+28 | urllib.request.URLopener().open('http://www.google.com')
+29 | urllib.request.URLopener().open(f'http://www.google.com')
+   |
+
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:28:1
+   |
+26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
+27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
+28 | urllib.request.URLopener().open('http://www.google.com')
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
+29 | urllib.request.URLopener().open(f'http://www.google.com')
+30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
+   |
+
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:29:1
+   |
+27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
+28 | urllib.request.URLopener().open('http://www.google.com')
+29 | urllib.request.URLopener().open(f'http://www.google.com')
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
+30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
+31 | urllib.request.URLopener().open('file:///foo/bar/baz')
+   |
+
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:30:1
+   |
+28 | urllib.request.URLopener().open('http://www.google.com')
+29 | urllib.request.URLopener().open(f'http://www.google.com')
+30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
+31 | urllib.request.URLopener().open('file:///foo/bar/baz')
+32 | urllib.request.URLopener().open(url)
+   |
+
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:31:1
+   |
+29 | urllib.request.URLopener().open(f'http://www.google.com')
+30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
+31 | urllib.request.URLopener().open('file:///foo/bar/baz')
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
+32 | urllib.request.URLopener().open(url)
+   |
+
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:32:1
+   |
+30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
+31 | urllib.request.URLopener().open('file:///foo/bar/baz')
+32 | urllib.request.URLopener().open(url)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
+33 |
+34 | urllib.request.urlopen(url=urllib.request.Request('http://www.google.com'))
+   |
+
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:37:1
+   |
+35 | urllib.request.urlopen(url=urllib.request.Request(f'http://www.google.com'))
+36 | urllib.request.urlopen(url=urllib.request.Request('http://' + 'www' + '.google.com'))
+37 | urllib.request.urlopen(url=urllib.request.Request('http://www.google.com'), **kwargs)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+38 | urllib.request.urlopen(url=urllib.request.Request(f'http://www.google.com'), **kwargs)
+39 | urllib.request.urlopen(urllib.request.Request('http://www.google.com'))
+   |
+
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:38:1
+   |
+36 | urllib.request.urlopen(url=urllib.request.Request('http://' + 'www' + '.google.com'))
+37 | urllib.request.urlopen(url=urllib.request.Request('http://www.google.com'), **kwargs)
+38 | urllib.request.urlopen(url=urllib.request.Request(f'http://www.google.com'), **kwargs)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+39 | urllib.request.urlopen(urllib.request.Request('http://www.google.com'))
+40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
+   |
+
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:41:1
+   |
+39 | urllib.request.urlopen(urllib.request.Request('http://www.google.com'))
+40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
+41 | urllib.request.urlopen(urllib.request.Request('file:///foo/bar/baz'))
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+42 | urllib.request.urlopen(urllib.request.Request(url))
+   |
+
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:41:24
+   |
+39 | urllib.request.urlopen(urllib.request.Request('http://www.google.com'))
+40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
+41 | urllib.request.urlopen(urllib.request.Request('file:///foo/bar/baz'))
+   |                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+42 | urllib.request.urlopen(urllib.request.Request(url))
+   |
+
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:42:1
+   |
+40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
+41 | urllib.request.urlopen(urllib.request.Request('file:///foo/bar/baz'))
+42 | urllib.request.urlopen(urllib.request.Request(url))
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+   |
+
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:42:24
+   |
+40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
+41 | urllib.request.urlopen(urllib.request.Request('file:///foo/bar/baz'))
+42 | urllib.request.urlopen(urllib.request.Request(url))
+   |                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^
+   |
 
---- Added ---
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
   --> S310.py:46:5
    |
@@ -110,7 +264,6 @@ S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom sch
 47 | foo = urllib.request.urlopen
    |
 
-
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
   --> S310.py:47:7
    |
@@ -118,6 +271,4 @@ S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom sch
 46 | map(urllib.request.urlopen, [])
 47 | foo = urllib.request.urlopen
    |       ^^^^^^^^^^^^^^^^^^^^^^
-48 |
-49 | # https://github.com/astral-sh/ruff/issues/21462
    |

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S311_S311.py.snap

@@ -1,15 +1,103 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
---- Linter settings ---
--linter.preview = disabled
-+linter.preview = enabled
+S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+  --> S311.py:10:1
+   |
+ 9 | # Errors
+10 | random.Random()
+   | ^^^^^^^^^^^^^^^
+11 | random.random()
+12 | random.randrange()
+   |
 
---- Summary ---
-Removed: 0
-Added: 2
+S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+  --> S311.py:11:1
+   |
+ 9 | # Errors
+10 | random.Random()
+11 | random.random()
+   | ^^^^^^^^^^^^^^^
+12 | random.randrange()
+13 | random.randint()
+   |
+
+S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+  --> S311.py:12:1
+   |
+10 | random.Random()
+11 | random.random()
+12 | random.randrange()
+   | ^^^^^^^^^^^^^^^^^^
+13 | random.randint()
+14 | random.choice()
+   |
+
+S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+  --> S311.py:13:1
+   |
+11 | random.random()
+12 | random.randrange()
+13 | random.randint()
+   | ^^^^^^^^^^^^^^^^
+14 | random.choice()
+15 | random.choices()
+   |
+
+S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+  --> S311.py:14:1
+   |
+12 | random.randrange()
+13 | random.randint()
+14 | random.choice()
+   | ^^^^^^^^^^^^^^^
+15 | random.choices()
+16 | random.uniform()
+   |
+
+S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+  --> S311.py:15:1
+   |
+13 | random.randint()
+14 | random.choice()
+15 | random.choices()
+   | ^^^^^^^^^^^^^^^^
+16 | random.uniform()
+17 | random.triangular()
+   |
+
+S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+  --> S311.py:16:1
+   |
+14 | random.choice()
+15 | random.choices()
+16 | random.uniform()
+   | ^^^^^^^^^^^^^^^^
+17 | random.triangular()
+18 | random.randbytes()
+   |
+
+S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+  --> S311.py:17:1
+   |
+15 | random.choices()
+16 | random.uniform()
+17 | random.triangular()
+   | ^^^^^^^^^^^^^^^^^^^
+18 | random.randbytes()
+   |
+
+S311 Standard pseudo-random generators are not suitable for cryptographic purposes
+  --> S311.py:18:1
+   |
+16 | random.uniform()
+17 | random.triangular()
+18 | random.randbytes()
+   | ^^^^^^^^^^^^^^^^^^
+19 |
+20 | # Unrelated
+   |
 
---- Added ---
 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
   --> S311.py:26:5
    |
@@ -19,7 +107,6 @@ S311 Standard pseudo-random generators are not suitable for cryptographic purpos
 27 | foo = random.randrange
    |
 
-
 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
   --> S311.py:27:7
    |

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S312_S312.py.snap

@@ -1,15 +1,15 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
---- Linter settings ---
--linter.preview = disabled
-+linter.preview = enabled
+S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
+ --> S312.py:3:1
+  |
+1 | from telnetlib import Telnet
+2 |
+3 | Telnet("localhost", 23)
+  | ^^^^^^^^^^^^^^^^^^^^^^^
+  |
 
---- Summary ---
-Removed: 0
-Added: 3
-
---- Added ---
 S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
  --> S312.py:7:5
   |
@@ -19,7 +19,6 @@ S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
 8 | foo = Telnet
   |
 
-
 S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
   --> S312.py:8:7
    |
@@ -31,7 +30,6 @@ S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
 10 | import telnetlib
    |
 
-
 S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
   --> S312.py:11:5
    |
@@ -41,3 +39,13 @@ S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
 12 |
 13 | from typing import Annotated
    |
+
+S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
+  --> S312.py:14:24
+   |
+13 | from typing import Annotated
+14 | foo: Annotated[Telnet, telnetlib.Telnet()]
+   |                        ^^^^^^^^^^^^^^^^^^
+15 |
+16 | def _() -> Telnet: ...
+   |

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S508_S508.py.snap

@@ -1,15 +1,26 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
---- Linter settings ---
--linter.preview = disabled
-+linter.preview = enabled
+S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
+ --> S508.py:3:25
+  |
+1 | from pysnmp.hlapi import CommunityData
+2 |
+3 | CommunityData("public", mpModel=0)  # S508
+  |                         ^^^^^^^^^
+4 | CommunityData("public", mpModel=1)  # S508
+  |
 
---- Summary ---
-Removed: 0
-Added: 8
+S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
+ --> S508.py:4:25
+  |
+3 | CommunityData("public", mpModel=0)  # S508
+4 | CommunityData("public", mpModel=1)  # S508
+  |                         ^^^^^^^^^
+5 |
+6 | CommunityData("public", mpModel=2)  # OK
+  |
 
---- Added ---
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:18:46
    |
@@ -21,7 +32,6 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 20 | pysnmp.hlapi.v1arch.asyncio.CommunityData("public", mpModel=0)  # S508
    |
 
-
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:19:58
    |
@@ -32,7 +42,6 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 21 | pysnmp.hlapi.v1arch.CommunityData("public", mpModel=0)  # S508
    |
 
-
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:20:53
    |
@@ -44,7 +53,6 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 22 | pysnmp.hlapi.v3arch.asyncio.auth.CommunityData("public", mpModel=0)  # S508
    |
 
-
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:21:45
    |
@@ -56,7 +64,6 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 23 | pysnmp.hlapi.v3arch.asyncio.CommunityData("public", mpModel=0)  # S508
    |
 
-
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:22:58
    |
@@ -68,7 +75,6 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 24 | pysnmp.hlapi.v3arch.CommunityData("public", mpModel=0)  # S508
    |
 
-
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:23:53
    |
@@ -80,7 +86,6 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 25 | pysnmp.hlapi.auth.CommunityData("public", mpModel=0)  # S508
    |
 
-
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:24:45
    |
@@ -91,7 +96,6 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 25 | pysnmp.hlapi.auth.CommunityData("public", mpModel=0)  # S508
    |
 
-
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:25:43
    |

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S509_S509.py.snap

@@ -1,15 +1,24 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
---- Linter settings ---
--linter.preview = disabled
-+linter.preview = enabled
+S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
+ --> S509.py:4:12
+  |
+4 | insecure = UsmUserData("securityName")  # S509
+  |            ^^^^^^^^^^^
+5 | auth_no_priv = UsmUserData("securityName", "authName")  # S509
+  |
 
---- Summary ---
-Removed: 0
-Added: 4
+S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
+ --> S509.py:5:16
+  |
+4 | insecure = UsmUserData("securityName")  # S509
+5 | auth_no_priv = UsmUserData("securityName", "authName")  # S509
+  |                ^^^^^^^^^^^
+6 |
+7 | less_insecure = UsmUserData("securityName", "authName", "privName")  # OK
+  |
 
---- Added ---
 S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
   --> S509.py:15:1
    |
@@ -21,7 +30,6 @@ S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv`
 17 | pysnmp.hlapi.v3arch.asyncio.auth.UsmUserData("user")  # S509
    |
 
-
 S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
   --> S509.py:16:1
    |
@@ -32,7 +40,6 @@ S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv`
 18 | pysnmp.hlapi.auth.UsmUserData("user")  # S509
    |
 
-
 S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
   --> S509.py:17:1
    |
@@ -43,7 +50,6 @@ S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv`
 18 | pysnmp.hlapi.auth.UsmUserData("user")  # S509
    |
 
-
 S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
   --> S509.py:18:1
    |

crates/ruff_linter/src/rules/flake8_boolean_trap/rules/boolean_default_value_positional_argument.rs

@@ -25,11 +25,6 @@ use crate::rules::flake8_boolean_trap::helpers::is_allowed_func_def;
 /// keyword-only argument, to force callers to be explicit when providing
 /// the argument.
 ///
-/// This rule exempts methods decorated with [`@typing.override`][override],
-/// since changing the signature of a subclass method that overrides a
-/// superclass method may cause type checkers to complain about a violation of
-/// the Liskov Substitution Principle.
-///
 /// ## Example
 /// ```python
 /// from math import ceil, floor
@@ -94,8 +89,6 @@ use crate::rules::flake8_boolean_trap::helpers::is_allowed_func_def;
 /// ## References
 /// - [Python documentation: Calls](https://docs.python.org/3/reference/expressions.html#calls)
 /// - [_How to Avoid “The Boolean Trap”_ by Adam Johnson](https://adamj.eu/tech/2021/07/10/python-type-hints-how-to-avoid-the-boolean-trap/)
-///
-/// [override]: https://docs.python.org/3/library/typing.html#typing.override
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.127")]
 pub(crate) struct BooleanDefaultValuePositionalArgument;

crates/ruff_linter/src/rules/flake8_boolean_trap/rules/boolean_type_hint_positional_argument.rs

@@ -28,7 +28,7 @@ use crate::rules::flake8_boolean_trap::helpers::is_allowed_func_def;
 /// the argument.
 ///
 /// Dunder methods that define operators are exempt from this rule, as are
-/// setters and [`@override`][override] definitions.
+/// setters and `@override` definitions.
 ///
 /// ## Example
 ///
@@ -93,8 +93,6 @@ use crate::rules::flake8_boolean_trap::helpers::is_allowed_func_def;
 /// ## References
 /// - [Python documentation: Calls](https://docs.python.org/3/reference/expressions.html#calls)
 /// - [_How to Avoid “The Boolean Trap”_ by Adam Johnson](https://adamj.eu/tech/2021/07/10/python-type-hints-how-to-avoid-the-boolean-trap/)
-///
-/// [override]: https://docs.python.org/3/library/typing.html#typing.override
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.127")]
 pub(crate) struct BooleanTypeHintPositionalArgument;

crates/ruff_linter/src/rules/flake8_bugbear/rules/map_without_explicit_strict.rs

@@ -74,7 +74,12 @@ pub(crate) fn map_without_explicit_strict(checker: &Checker, call: &ast::ExprCal
         checker
             .report_diagnostic(MapWithoutExplicitStrict, call.range())
             .set_fix(Fix::applicable_edit(
-                add_argument("strict=False", &call.arguments, checker.tokens()),
+                add_argument(
+                    "strict=False",
+                    &call.arguments,
+                    checker.comment_ranges(),
+                    checker.locator().contents(),
+                ),
                 Applicability::Unsafe,
             ));
     }

crates/ruff_linter/src/rules/flake8_bugbear/rules/mutable_argument_default.rs

@@ -3,7 +3,7 @@ use std::fmt::Write;
 use ruff_macros::{ViolationMetadata, derive_message_formats};
 use ruff_python_ast::helpers::is_docstring_stmt;
 use ruff_python_ast::name::QualifiedName;
-use ruff_python_ast::token::parenthesized_range;
+use ruff_python_ast::parenthesize::parenthesized_range;
 use ruff_python_ast::{self as ast, Expr, ParameterWithDefault};
 use ruff_python_semantic::SemanticModel;
 use ruff_python_semantic::analyze::function_type::is_stub;
@@ -166,7 +166,12 @@ fn move_initialization(
         return None;
     }
 
-    let range = match parenthesized_range(default.into(), parameter.into(), checker.tokens()) {
+    let range = match parenthesized_range(
+        default.into(),
+        parameter.into(),
+        checker.comment_ranges(),
+        checker.source(),
+    ) {
         Some(range) => range,
         None => default.range(),
     };
@@ -189,7 +194,12 @@ fn move_initialization(
             "{} = {}",
             parameter.parameter.name(),
             locator.slice(
-                parenthesized_range(default.into(), parameter.into(), checker.tokens())
+                parenthesized_range(
+                    default.into(),
+                    parameter.into(),
+                    checker.comment_ranges(),
+                    checker.source()
+                )
                 .unwrap_or(default.range())
             )
         );

crates/ruff_linter/src/rules/flake8_bugbear/rules/no_explicit_stacklevel.rs

@@ -92,7 +92,12 @@ pub(crate) fn no_explicit_stacklevel(checker: &Checker, call: &ast::ExprCall) {
     }
     let mut diagnostic = checker.report_diagnostic(NoExplicitStacklevel, call.func.range());
 
-    let edit = add_argument("stacklevel=2", &call.arguments, checker.tokens());
+    let edit = add_argument(
+        "stacklevel=2",
+        &call.arguments,
+        checker.comment_ranges(),
+        checker.locator().contents(),
+    );
 
     diagnostic.set_fix(Fix::unsafe_edit(edit));
 }

crates/ruff_linter/src/rules/flake8_bugbear/rules/return_in_generator.rs

@@ -1,5 +1,6 @@
 use ruff_macros::{ViolationMetadata, derive_message_formats};
-use ruff_python_ast::visitor::{Visitor, walk_expr, walk_stmt};
+use ruff_python_ast::statement_visitor;
+use ruff_python_ast::statement_visitor::StatementVisitor;
 use ruff_python_ast::{self as ast, Expr, Stmt, StmtFunctionDef};
 use ruff_text_size::TextRange;
 
@@ -95,11 +96,6 @@ pub(crate) fn return_in_generator(checker: &Checker, function_def: &StmtFunction
         return;
     }
 
-    // Async functions are flagged by the `ReturnInGenerator` semantic syntax error.
-    if function_def.is_async {
-        return;
-    }
-
     let mut visitor = ReturnInGeneratorVisitor::default();
     visitor.visit_body(&function_def.body);
 
@@ -116,9 +112,15 @@ struct ReturnInGeneratorVisitor {
     has_yield: bool,
 }
 
-impl Visitor<'_> for ReturnInGeneratorVisitor {
+impl StatementVisitor<'_> for ReturnInGeneratorVisitor {
     fn visit_stmt(&mut self, stmt: &Stmt) {
         match stmt {
+            Stmt::Expr(ast::StmtExpr { value, .. }) => match **value {
+                Expr::Yield(_) | Expr::YieldFrom(_) => {
+                    self.has_yield = true;
+                }
+                _ => {}
+            },
             Stmt::FunctionDef(_) => {
                 // Do not recurse into nested functions; they're evaluated separately.
             }
@@ -128,19 +130,8 @@ impl Visitor<'_> for ReturnInGeneratorVisitor {
                 node_index: _,
             }) => {
                 self.return_ = Some(*range);
-                walk_stmt(self, stmt);
             }
-            _ => walk_stmt(self, stmt),
-        }
-    }
-
-    fn visit_expr(&mut self, expr: &Expr) {
-        match expr {
-            Expr::Lambda(_) => {}
-            Expr::Yield(_) | Expr::YieldFrom(_) => {
-                self.has_yield = true;
-            }
-            _ => walk_expr(self, expr),
+            _ => statement_visitor::walk_stmt(self, stmt),
         }
     }
 }