disable mean assertions that hate string annotations

Here are a bunch of (variously failing and passing) mdtests that reflect
the kinds of issues people encounter when running ty over an entire
workspace without sufficient hand-holding (especially because in the IDE
it is unclear *how* to provide that hand-holding).

.config/nextest.toml

@@ -7,10 +7,6 @@ serial = { max-threads = 1 }
 filter = 'binary(file_watching)'
 test-group = 'serial'
 
-[[profile.default.overrides]]
-filter = 'binary(e2e)'
-test-group = 'serial'
-
 [profile.ci]
 # Print out output for failing tests as soon as they fail, and also at the end
 # of the run (for easy scrollability).

.github/workflows/build-binaries.yml

@@ -43,7 +43,7 @@ jobs:
         with:
           submodules: recursive
           persist-credentials: false
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
       - name: "Prep README.md"
@@ -72,7 +72,7 @@ jobs:
         with:
           submodules: recursive
           persist-credentials: false
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
           architecture: x64
@@ -114,7 +114,7 @@ jobs:
         with:
           submodules: recursive
           persist-credentials: false
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
           architecture: arm64
@@ -170,7 +170,7 @@ jobs:
         with:
           submodules: recursive
           persist-credentials: false
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
           architecture: ${{ matrix.platform.arch }}
@@ -223,7 +223,7 @@ jobs:
         with:
           submodules: recursive
           persist-credentials: false
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
           architecture: x64
@@ -300,7 +300,7 @@ jobs:
         with:
           submodules: recursive
           persist-credentials: false
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
       - name: "Prep README.md"
@@ -365,7 +365,7 @@ jobs:
         with:
           submodules: recursive
           persist-credentials: false
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
           architecture: x64
@@ -431,7 +431,7 @@ jobs:
         with:
           submodules: recursive
           persist-credentials: false
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
       - name: "Prep README.md"

.github/workflows/ci.yaml

@@ -230,7 +230,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - name: "Install Rust toolchain"
@@ -252,7 +252,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           shared-key: ruff-linux-debug
           save-if: ${{ github.ref == 'refs/heads/main' }}
@@ -261,15 +261,15 @@ jobs:
       - name: "Install mold"
         uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
       - name: "Install cargo nextest"
-        uses: taiki-e/install-action@537c30d2b45cc3aa3fb35e2bbcfb61ef93fd6f02 # v2.62.52
+        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
         with:
           tool: cargo-nextest
       - name: "Install cargo insta"
-        uses: taiki-e/install-action@537c30d2b45cc3aa3fb35e2bbcfb61ef93fd6f02 # v2.62.52
+        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
         with:
           tool: cargo-insta
       - name: "Install uv"
-        uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
+        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
         with:
           enable-cache: "true"
       - name: ty mdtests (GitHub annotations)
@@ -284,6 +284,10 @@ jobs:
         run: cargo insta test --all-features --unreferenced reject --test-runner nextest
       - name: Dogfood ty on py-fuzzer
         run: uv run --project=./python/py-fuzzer cargo run -p ty check --project=./python/py-fuzzer
+      - name: Dogfood ty on the scripts directory
+        run: uv run --project=./scripts cargo run -p ty check --project=./scripts
+      - name: Dogfood ty on ty_benchmark
+        run: uv run --project=./scripts/ty_benchmark cargo run -p ty check --project=./scripts/ty_benchmark
       # Check for broken links in the documentation.
       - run: cargo doc --all --no-deps
         env:
@@ -311,7 +315,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - name: "Install Rust toolchain"
@@ -319,11 +323,11 @@ jobs:
       - name: "Install mold"
         uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
       - name: "Install cargo nextest"
-        uses: taiki-e/install-action@537c30d2b45cc3aa3fb35e2bbcfb61ef93fd6f02 # v2.62.52
+        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
         with:
           tool: cargo-nextest
       - name: "Install uv"
-        uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
+        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
         with:
           enable-cache: "true"
       - name: "Run tests"
@@ -346,17 +350,17 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - name: "Install Rust toolchain"
         run: rustup show
       - name: "Install cargo nextest"
-        uses: taiki-e/install-action@537c30d2b45cc3aa3fb35e2bbcfb61ef93fd6f02 # v2.62.52
+        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
         with:
           tool: cargo-nextest
       - name: "Install uv"
-        uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
+        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
         with:
           enable-cache: "true"
       - name: "Run tests"
@@ -374,7 +378,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - name: "Install Rust toolchain"
@@ -411,7 +415,7 @@ jobs:
         with:
           file: "Cargo.toml"
           field: "workspace.package.rust-version"
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - name: "Install Rust toolchain"
@@ -435,7 +439,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           workspaces: "fuzz -> target"
           save-if: ${{ github.ref == 'refs/heads/main' }}
@@ -444,7 +448,7 @@ jobs:
       - name: "Install mold"
         uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
       - name: "Install cargo-binstall"
-        uses: cargo-bins/cargo-binstall@ae04fb5e853ae6cd3ad7de4a1d554a8b646d12aa # v1.15.11
+        uses: cargo-bins/cargo-binstall@3fc81674af4165a753833a94cae9f91d8849049f # v1.16.2
       - name: "Install cargo-fuzz"
         # Download the latest version from quick install and not the github releases because github releases only has MUSL targets.
         run: cargo binstall cargo-fuzz --force  --disable-strategies crate-meta-data --no-confirm
@@ -462,8 +466,8 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           shared-key: ruff-linux-debug
           save-if: false
@@ -494,10 +498,10 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
-      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
+      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
       - name: "Install Rust toolchain"
         run: rustup component add rustfmt
       # Run all code generation scripts, and verify that the current output is
@@ -532,7 +536,7 @@ jobs:
           ref: ${{ github.event.pull_request.base.ref }}
           persist-credentials: false
 
-      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
+      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
         with:
           python-version: ${{ env.PYTHON_VERSION }}
           activate-environment: true
@@ -543,7 +547,7 @@ jobs:
       - name: "Install mold"
         uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
 
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           shared-key: ruff-linux-debug
           save-if: false
@@ -638,8 +642,8 @@ jobs:
         with:
           fetch-depth: 0
           persist-credentials: false
-      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - name: "Install Rust toolchain"
@@ -684,7 +688,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: cargo-bins/cargo-binstall@ae04fb5e853ae6cd3ad7de4a1d554a8b646d12aa # v1.15.11
+      - uses: cargo-bins/cargo-binstall@3fc81674af4165a753833a94cae9f91d8849049f # v1.16.2
       - run: cargo binstall --no-confirm cargo-shear
       - run: cargo shear
 
@@ -697,8 +701,8 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - name: "Install Rust toolchain"
@@ -719,11 +723,11 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
         with:
           python-version: ${{ env.PYTHON_VERSION }}
           architecture: x64
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - name: "Prep README.md"
@@ -748,8 +752,8 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
@@ -781,7 +785,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - name: "Add SSH key"
@@ -792,7 +796,7 @@ jobs:
       - name: "Install Rust toolchain"
         run: rustup show
       - name: Install uv
-        uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
+        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
         with:
           python-version: 3.13
           activate-environment: true
@@ -825,7 +829,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - name: "Install Rust toolchain"
@@ -853,7 +857,7 @@ jobs:
         with:
           persist-credentials: false
 
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           shared-key: ruff-linux-debug
           save-if: false
@@ -871,7 +875,7 @@ jobs:
           repository: "astral-sh/ruff-lsp"
           path: ruff-lsp
 
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
         with:
           # installation fails on 3.13 and newer
           python-version: "3.12"
@@ -904,7 +908,7 @@ jobs:
           persist-credentials: false
       - name: "Install Rust toolchain"
         run: rustup target add wasm32-unknown-unknown
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
@@ -914,7 +918,7 @@ jobs:
           cache-dependency-path: playground/package-lock.json
       - uses: jetli/wasm-bindgen-action@20b33e20595891ab1a0ed73145d8a21fc96e7c29 # v0.2.0
       - name: "Install Node dependencies"
-        run: npm ci
+        run: npm ci --ignore-scripts
         working-directory: playground
       - name: "Build playgrounds"
         run: npm run dev:wasm
@@ -938,22 +942,25 @@ jobs:
         needs.determine_changes.outputs.linter == 'true'
       )
     timeout-minutes: 20
+    permissions:
+      contents: read # required for actions/checkout
+      id-token: write # required for OIDC authentication with CodSpeed
     steps:
       - name: "Checkout Branch"
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
 
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
-      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
+      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
 
       - name: "Install Rust toolchain"
         run: rustup show
 
       - name: "Install codspeed"
-        uses: taiki-e/install-action@537c30d2b45cc3aa3fb35e2bbcfb61ef93fd6f02 # v2.62.52
+        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
         with:
           tool: cargo-codspeed
 
@@ -961,11 +968,10 @@ jobs:
         run: cargo codspeed build --features "codspeed,instrumented" --profile profiling --no-default-features -p ruff_benchmark --bench formatter --bench lexer --bench linter --bench parser
 
       - name: "Run benchmarks"
-        uses: CodSpeedHQ/action@6a8e2b874c338bf81cc5e8be715ada75908d3871 # v4.3.4
+        uses: CodSpeedHQ/action@346a2d8a8d9d38909abd0bc3d23f773110f076ad # v4.4.1
         with:
-          mode: instrumentation
+          mode: simulation
           run: cargo codspeed run
-          token: ${{ secrets.CODSPEED_TOKEN }}
 
   benchmarks-instrumented-ty:
     name: "benchmarks instrumented (ty)"
@@ -978,22 +984,25 @@ jobs:
         needs.determine_changes.outputs.ty == 'true'
       )
     timeout-minutes: 20
+    permissions:
+      contents: read # required for actions/checkout
+      id-token: write # required for OIDC authentication with CodSpeed
     steps:
       - name: "Checkout Branch"
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
 
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
-      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
+      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
 
       - name: "Install Rust toolchain"
         run: rustup show
 
       - name: "Install codspeed"
-        uses: taiki-e/install-action@537c30d2b45cc3aa3fb35e2bbcfb61ef93fd6f02 # v2.62.52
+        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
         with:
           tool: cargo-codspeed
 
@@ -1001,11 +1010,10 @@ jobs:
         run: cargo codspeed build --features "codspeed,instrumented" --profile profiling --no-default-features -p ruff_benchmark --bench ty
 
       - name: "Run benchmarks"
-        uses: CodSpeedHQ/action@6a8e2b874c338bf81cc5e8be715ada75908d3871 # v4.3.4
+        uses: CodSpeedHQ/action@346a2d8a8d9d38909abd0bc3d23f773110f076ad # v4.4.1
         with:
-          mode: instrumentation
+          mode: simulation
           run: cargo codspeed run
-          token: ${{ secrets.CODSPEED_TOKEN }}
 
   benchmarks-walltime:
     name: "benchmarks walltime (${{ matrix.benchmarks }})"
@@ -1013,6 +1021,9 @@ jobs:
     needs: determine_changes
     if: ${{ github.repository == 'astral-sh/ruff' && !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.ty == 'true' || github.ref == 'refs/heads/main') }}
     timeout-minutes: 20
+    permissions:
+      contents: read # required for actions/checkout
+      id-token: write # required for OIDC authentication with CodSpeed
     strategy:
       matrix:
         benchmarks:
@@ -1024,16 +1035,16 @@ jobs:
         with:
           persist-credentials: false
 
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           save-if: ${{ github.ref == 'refs/heads/main' }}
-      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
+      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
 
       - name: "Install Rust toolchain"
         run: rustup show
 
       - name: "Install codspeed"
-        uses: taiki-e/install-action@537c30d2b45cc3aa3fb35e2bbcfb61ef93fd6f02 # v2.62.52
+        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
         with:
           tool: cargo-codspeed
 
@@ -1041,7 +1052,7 @@ jobs:
         run: cargo codspeed build --features "codspeed,walltime" --profile profiling --no-default-features -p ruff_benchmark
 
       - name: "Run benchmarks"
-        uses: CodSpeedHQ/action@6a8e2b874c338bf81cc5e8be715ada75908d3871 # v4.3.4
+        uses: CodSpeedHQ/action@346a2d8a8d9d38909abd0bc3d23f773110f076ad # v4.4.1
         env:
           # enabling walltime flamegraphs adds ~6 minutes to the CI time, and they don't
           # appear to provide much useful insight for our walltime benchmarks right now
@@ -1050,4 +1061,3 @@ jobs:
         with:
           mode: walltime
           run: cargo codspeed run --bench ty_walltime "${{ matrix.benchmarks }}"
-          token: ${{ secrets.CODSPEED_TOKEN }}

.github/workflows/daily_fuzz.yaml

@@ -34,12 +34,12 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
+      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
       - name: "Install Rust toolchain"
         run: rustup show
       - name: "Install mold"
         uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
       - name: Build ruff
         # A debug build means the script runs slower once it gets started,
         # but this is outweighed by the fact that a release build takes *much* longer to compile in CI

.github/workflows/mypy_primer.yaml

@@ -43,9 +43,9 @@ jobs:
           persist-credentials: false
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
+        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
 
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           workspaces: "ruff"
 
@@ -81,9 +81,9 @@ jobs:
           persist-credentials: false
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
+        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
 
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           workspaces: "ruff"
 

.github/workflows/publish-docs.yml

@@ -28,7 +28,7 @@ jobs:
           ref: ${{ inputs.ref }}
           persist-credentials: true
 
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
         with:
           python-version: 3.12
 
@@ -68,7 +68,7 @@ jobs:
       - name: "Install Rust toolchain"
         run: rustup show
 
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
 
       - name: "Install Insiders dependencies"
         if: ${{ env.MKDOCS_INSIDERS_SSH_KEY_EXISTS == 'true' }}

.github/workflows/publish-playground.yml

@@ -37,7 +37,7 @@ jobs:
           package-manager-cache: false
       - uses: jetli/wasm-bindgen-action@20b33e20595891ab1a0ed73145d8a21fc96e7c29 # v0.2.0
       - name: "Install Node dependencies"
-        run: npm ci
+        run: npm ci --ignore-scripts
         working-directory: playground
       - name: "Run TypeScript checks"
         run: npm run check

.github/workflows/publish-pypi.yml

@@ -18,15 +18,17 @@ jobs:
     environment:
       name: release
     permissions:
-      # For PyPI's trusted publishing.
-      id-token: write
+      id-token: write # For PyPI's trusted publishing + PEP 740 attestations
     steps:
       - name: "Install uv"
-        uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
+        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
       - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
         with:
           pattern: wheels-*
           path: wheels
           merge-multiple: true
+      - uses: astral-sh/attest-action@2c727738cea36d6c97dd85eb133ea0e0e8fe754b # v0.0.4
+        with:
+          paths: wheels/*
       - name: Publish to PyPi
         run: uv publish -v wheels/*

.github/workflows/publish-ty-playground.yml

@@ -41,7 +41,7 @@ jobs:
           package-manager-cache: false
       - uses: jetli/wasm-bindgen-action@20b33e20595891ab1a0ed73145d8a21fc96e7c29 # v0.2.0
       - name: "Install Node dependencies"
-        run: npm ci
+        run: npm ci --ignore-scripts
         working-directory: playground
       - name: "Run TypeScript checks"
         run: npm run check

.github/workflows/release.yml

@@ -60,7 +60,7 @@ jobs:
     env:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
-      - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
         with:
           persist-credentials: false
           submodules: recursive
@@ -123,7 +123,7 @@ jobs:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       BUILD_MANIFEST_NAME: target/distrib/global-dist-manifest.json
     steps:
-      - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
         with:
           persist-credentials: false
           submodules: recursive
@@ -174,7 +174,7 @@ jobs:
     outputs:
       val: ${{ steps.host.outputs.manifest }}
     steps:
-      - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
         with:
           persist-credentials: false
           submodules: recursive
@@ -250,7 +250,7 @@ jobs:
     env:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
-      - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
         with:
           persist-credentials: false
           submodules: recursive

.github/workflows/sync_typeshed.yaml

@@ -77,7 +77,7 @@ jobs:
         run: |
           git config --global user.name typeshedbot
           git config --global user.email '<>'
-      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
+      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
       - name: Sync typeshed stubs
         run: |
           rm -rf "ruff/${VENDORED_TYPESHED}"
@@ -131,7 +131,7 @@ jobs:
         with:
           persist-credentials: true
           ref: ${{ env.UPSTREAM_BRANCH}}
-      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
+      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
       - name: Setup git
         run: |
           git config --global user.name typeshedbot
@@ -170,7 +170,7 @@ jobs:
         with:
           persist-credentials: true
           ref: ${{ env.UPSTREAM_BRANCH}}
-      - uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
+      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
       - name: Setup git
         run: |
           git config --global user.name typeshedbot
@@ -198,7 +198,7 @@ jobs:
         run: |
           rm "${VENDORED_TYPESHED}/pyproject.toml"
           git commit -am "Remove pyproject.toml file"
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
       - name: "Install Rust toolchain"
         if: ${{ success() }}
         run: rustup show
@@ -207,12 +207,12 @@ jobs:
         uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
       - name: "Install cargo nextest"
         if: ${{ success() }}
-        uses: taiki-e/install-action@537c30d2b45cc3aa3fb35e2bbcfb61ef93fd6f02 # v2.62.52
+        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
         with:
           tool: cargo-nextest
       - name: "Install cargo insta"
         if: ${{ success() }}
-        uses: taiki-e/install-action@537c30d2b45cc3aa3fb35e2bbcfb61ef93fd6f02 # v2.62.52
+        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
         with:
           tool: cargo-insta
       - name: Update snapshots

.github/workflows/ty-ecosystem-analyzer.yaml

@@ -33,11 +33,11 @@ jobs:
           persist-credentials: false
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
+        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
         with:
           enable-cache: true # zizmor: ignore[cache-poisoning] acceptable risk for CloudFlare pages artifact
 
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           workspaces: "ruff"
           lookup-only: false # zizmor: ignore[cache-poisoning] acceptable risk for CloudFlare pages artifact
@@ -67,7 +67,7 @@ jobs:
 
           cd ..
 
-          uv tool install "git+https://github.com/astral-sh/ecosystem-analyzer@e26ebfb78d372b8b091e1cb1d6fc522e135474c1"
+          uv tool install "git+https://github.com/astral-sh/ecosystem-analyzer@55df3c868f3fa9ab34cff0498dd6106722aac205"
 
           ecosystem-analyzer \
             --repository ruff \

.github/workflows/ty-ecosystem-report.yaml

@@ -29,11 +29,11 @@ jobs:
           persist-credentials: false
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@5a7eac68fb9809dea845d802897dc5c723910fa3 # v7.1.3
+        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
         with:
           enable-cache: true # zizmor: ignore[cache-poisoning] acceptable risk for CloudFlare pages artifact
 
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           workspaces: "ruff"
           lookup-only: false # zizmor: ignore[cache-poisoning] acceptable risk for CloudFlare pages artifact
@@ -52,7 +52,7 @@ jobs:
 
           cd ..
 
-          uv tool install "git+https://github.com/astral-sh/ecosystem-analyzer@e26ebfb78d372b8b091e1cb1d6fc522e135474c1"
+          uv tool install "git+https://github.com/astral-sh/ecosystem-analyzer@55df3c868f3fa9ab34cff0498dd6106722aac205"
 
           ecosystem-analyzer \
             --verbose \

.github/workflows/typing_conformance.yaml

@@ -45,7 +45,7 @@ jobs:
           path: typing
           persist-credentials: false
 
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
         with:
           workspaces: "ruff"
 

.vscode/settings.json

@@ -5,5 +5,6 @@
     "rust-analyzer.check.command": "clippy",
     "search.exclude": {
         "**/*.snap": true
-    }
+    },
+    "ty.diagnosticMode": "openFilesOnly"
 }

CHANGELOG.md

@@ -1,5 +1,40 @@
 # Changelog
 
+## 0.14.7
+
+Released on 2025-11-28.
+
+### Preview features
+
+- \[`flake8-bandit`\] Handle string literal bindings in suspicious-url-open-usage (`S310`) ([#21469](https://github.com/astral-sh/ruff/pull/21469))
+- \[`pylint`\] Fix `PLR1708` false positives on nested functions ([#21177](https://github.com/astral-sh/ruff/pull/21177))
+- \[`pylint`\] Fix suppression for empty dict without tuple key annotation (`PLE1141`) ([#21290](https://github.com/astral-sh/ruff/pull/21290))
+- \[`ruff`\] Add rule `RUF066` to detect unnecessary class properties ([#21535](https://github.com/astral-sh/ruff/pull/21535))
+- \[`ruff`\] Catch more dummy variable uses (`RUF052`) ([#19799](https://github.com/astral-sh/ruff/pull/19799))
+
+### Bug fixes
+
+- [server] Set severity for non-rule diagnostics ([#21559](https://github.com/astral-sh/ruff/pull/21559))
+- \[`flake8-implicit-str-concat`\] Avoid invalid fix in (`ISC003`) ([#21517](https://github.com/astral-sh/ruff/pull/21517))
+- \[`parser`\] Fix panic when parsing IPython escape command expressions ([#21480](https://github.com/astral-sh/ruff/pull/21480))
+
+### CLI
+
+- Show partial fixability indicator in statistics output ([#21513](https://github.com/astral-sh/ruff/pull/21513))
+
+### Contributors
+
+- [@mikeleppane](https://github.com/mikeleppane)
+- [@senekor](https://github.com/senekor)
+- [@ShaharNaveh](https://github.com/ShaharNaveh)
+- [@JumboBear](https://github.com/JumboBear)
+- [@prakhar1144](https://github.com/prakhar1144)
+- [@tsvikas](https://github.com/tsvikas)
+- [@danparizher](https://github.com/danparizher)
+- [@chirizxc](https://github.com/chirizxc)
+- [@AlexWaygood](https://github.com/AlexWaygood)
+- [@MichaReiser](https://github.com/MichaReiser)
+
 ## 0.14.6
 
 Released on 2025-11-21.

Cargo.lock

@@ -442,9 +442,9 @@ dependencies = [
 
 [[package]]
 name = "clap"
-version = "4.5.51"
+version = "4.5.53"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4c26d721170e0295f191a69bd9a1f93efcdb0aff38684b61ab5750468972e5f5"
+checksum = "c9e340e012a1bf4935f5282ed1436d1489548e8f72308207ea5df0e23d2d03f8"
 dependencies = [
  "clap_builder",
  "clap_derive",
@@ -452,9 +452,9 @@ dependencies = [
 
 [[package]]
 name = "clap_builder"
-version = "4.5.51"
+version = "4.5.53"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "75835f0c7bf681bfd05abe44e965760fea999a5286c6eb2d59883634fd02011a"
+checksum = "d76b5d13eaa18c901fd2f7fca939fefe3a0727a953561fefdf3b2922b8569d00"
 dependencies = [
  "anstream",
  "anstyle",
@@ -1016,7 +1016,7 @@ dependencies = [
  "libc",
  "option-ext",
  "redox_users",
- "windows-sys 0.61.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -1108,7 +1108,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
 dependencies = [
  "libc",
- "windows-sys 0.61.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -1255,7 +1255,7 @@ checksum = "ac7bb8710e1f09672102be7ddf39f764d8440ae74a9f4e30aaa4820dcdffa4af"
 dependencies = [
  "compact_str",
  "get-size-derive2",
- "hashbrown 0.16.0",
+ "hashbrown 0.16.1",
  "indexmap",
  "smallvec",
 ]
@@ -1353,9 +1353,9 @@ dependencies = [
 
 [[package]]
 name = "hashbrown"
-version = "0.16.0"
+version = "0.16.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5419bdc4f6a9207fbeba6d11b604d481addf78ecd10c11ad51e76c2f6482748d"
+checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100"
 dependencies = [
  "equivalent",
 ]
@@ -1564,12 +1564,12 @@ dependencies = [
 
 [[package]]
 name = "indexmap"
-version = "2.12.0"
+version = "2.12.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6717a8d2a5a929a1a2eb43a12812498ed141a0bcfb7e8f7844fbdbe4303bba9f"
+checksum = "0ad4bb2b565bca0645f4d68c5c9af97fba094e9791da685bf83cb5f3ce74acf2"
 dependencies = [
  "equivalent",
- "hashbrown 0.16.0",
+ "hashbrown 0.16.1",
  "serde",
  "serde_core",
 ]
@@ -1763,7 +1763,7 @@ dependencies = [
  "portable-atomic",
  "portable-atomic-util",
  "serde_core",
- "windows-sys 0.61.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -2859,7 +2859,7 @@ dependencies = [
 
 [[package]]
 name = "ruff"
-version = "0.14.6"
+version = "0.14.7"
 dependencies = [
  "anyhow",
  "argfile",
@@ -3117,7 +3117,7 @@ dependencies = [
 
 [[package]]
 name = "ruff_linter"
-version = "0.14.6"
+version = "0.14.7"
 dependencies = [
  "aho-corasick",
  "anyhow",
@@ -3127,7 +3127,7 @@ dependencies = [
  "fern",
  "glob",
  "globset",
- "hashbrown 0.16.0",
+ "hashbrown 0.16.1",
  "imperative",
  "insta",
  "is-macro",
@@ -3472,7 +3472,7 @@ dependencies = [
 
 [[package]]
 name = "ruff_wasm"
-version = "0.14.6"
+version = "0.14.7"
 dependencies = [
  "console_error_panic_hook",
  "console_log",
@@ -3570,7 +3570,7 @@ dependencies = [
  "errno",
  "libc",
  "linux-raw-sys",
- "windows-sys 0.61.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -3588,7 +3588,7 @@ checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f"
 [[package]]
 name = "salsa"
 version = "0.24.0"
-source = "git+https://github.com/salsa-rs/salsa.git?rev=17bc55d699565e5a1cb1bd42363b905af2f9f3e7#17bc55d699565e5a1cb1bd42363b905af2f9f3e7"
+source = "git+https://github.com/salsa-rs/salsa.git?rev=59aa1075e837f5deb0d6ffb24b68fedc0f4bc5e0#59aa1075e837f5deb0d6ffb24b68fedc0f4bc5e0"
 dependencies = [
  "boxcar",
  "compact_str",
@@ -3612,12 +3612,12 @@ dependencies = [
 [[package]]
 name = "salsa-macro-rules"
 version = "0.24.0"
-source = "git+https://github.com/salsa-rs/salsa.git?rev=17bc55d699565e5a1cb1bd42363b905af2f9f3e7#17bc55d699565e5a1cb1bd42363b905af2f9f3e7"
+source = "git+https://github.com/salsa-rs/salsa.git?rev=59aa1075e837f5deb0d6ffb24b68fedc0f4bc5e0#59aa1075e837f5deb0d6ffb24b68fedc0f4bc5e0"
 
 [[package]]
 name = "salsa-macros"
 version = "0.24.0"
-source = "git+https://github.com/salsa-rs/salsa.git?rev=17bc55d699565e5a1cb1bd42363b905af2f9f3e7#17bc55d699565e5a1cb1bd42363b905af2f9f3e7"
+source = "git+https://github.com/salsa-rs/salsa.git?rev=59aa1075e837f5deb0d6ffb24b68fedc0f4bc5e0#59aa1075e837f5deb0d6ffb24b68fedc0f4bc5e0"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -3935,9 +3935,9 @@ checksum = "804f44ed3c63152de6a9f90acbea1a110441de43006ea51bcce8f436196a288b"
 
 [[package]]
 name = "syn"
-version = "2.0.110"
+version = "2.0.111"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a99801b5bd34ede4cf3fc688c5919368fea4e4814a4664359503e6015b280aea"
+checksum = "390cc9a294ab71bdb1aa2e99d13be9c753cd2d7bd6560c77118597410c4d2e87"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -3971,7 +3971,7 @@ dependencies = [
  "getrandom 0.3.4",
  "once_cell",
  "rustix",
- "windows-sys 0.61.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -4216,9 +4216,9 @@ checksum = "df8b2b54733674ad286d16267dcfc7a71ed5c776e4ac7aa3c3e2561f7c637bf2"
 
 [[package]]
 name = "tracing"
-version = "0.1.41"
+version = "0.1.43"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0"
+checksum = "2d15d90a0b5c19378952d479dc858407149d7bb45a14de0142f6c534b16fc647"
 dependencies = [
  "log",
  "pin-project-lite",
@@ -4228,9 +4228,9 @@ dependencies = [
 
 [[package]]
 name = "tracing-attributes"
-version = "0.1.30"
+version = "0.1.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "81383ab64e72a7a8b8e13130c49e3dab29def6d0c7d76a03087b3cf71c5c6903"
+checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -4239,9 +4239,9 @@ dependencies = [
 
 [[package]]
 name = "tracing-core"
-version = "0.1.34"
+version = "0.1.35"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b9d12581f227e93f094d3af2ae690a574abb8a2b9b7a96e7cfe9647b2b617678"
+checksum = "7a04e24fab5c89c6a36eb8558c9656f30d81de51dfa4d3b45f26b21d61fa0a6c"
 dependencies = [
  "once_cell",
  "valuable",
@@ -4283,9 +4283,9 @@ dependencies = [
 
 [[package]]
 name = "tracing-subscriber"
-version = "0.3.20"
+version = "0.3.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2054a14f5307d601f88daf0553e1cbf472acc4f2c51afab632431cdcd72124d5"
+checksum = "2f30143827ddab0d256fd843b7a66d164e9f271cfa0dde49142c5ca0ca291f1e"
 dependencies = [
  "chrono",
  "matchers",
@@ -4462,7 +4462,7 @@ dependencies = [
  "drop_bomb",
  "get-size2",
  "glob",
- "hashbrown 0.16.0",
+ "hashbrown 0.16.1",
  "indexmap",
  "indoc",
  "insta",
@@ -4474,6 +4474,7 @@ dependencies = [
  "quickcheck_macros",
  "ruff_annotate_snippets",
  "ruff_db",
+ "ruff_diagnostics",
  "ruff_index",
  "ruff_macros",
  "ruff_memory_usage",
@@ -4519,6 +4520,7 @@ dependencies = [
  "lsp-types",
  "regex",
  "ruff_db",
+ "ruff_diagnostics",
  "ruff_macros",
  "ruff_notebook",
  "ruff_python_ast",
@@ -4559,6 +4561,7 @@ dependencies = [
  "path-slash",
  "regex",
  "ruff_db",
+ "ruff_diagnostics",
  "ruff_index",
  "ruff_notebook",
  "ruff_python_ast",
@@ -4600,6 +4603,7 @@ dependencies = [
  "js-sys",
  "log",
  "ruff_db",
+ "ruff_diagnostics",
  "ruff_notebook",
  "ruff_python_formatter",
  "ruff_source_file",
@@ -5020,7 +5024,7 @@ version = "0.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22"
 dependencies = [
- "windows-sys 0.61.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]

Cargo.toml

@@ -146,7 +146,7 @@ regex-automata = { version = "0.4.9" }
 rustc-hash = { version = "2.0.0" }
 rustc-stable-hash = { version = "0.1.2" }
 # When updating salsa, make sure to also update the revision in `fuzz/Cargo.toml`
-salsa = { git = "https://github.com/salsa-rs/salsa.git", rev = "17bc55d699565e5a1cb1bd42363b905af2f9f3e7", default-features = false, features = [
+salsa = { git = "https://github.com/salsa-rs/salsa.git", rev = "59aa1075e837f5deb0d6ffb24b68fedc0f4bc5e0", default-features = false, features = [
     "compact_str",
     "macros",
     "salsa_unstable",

README.md

@@ -147,8 +147,8 @@ curl -LsSf https://astral.sh/ruff/install.sh | sh
 powershell -c "irm https://astral.sh/ruff/install.ps1 | iex"
 
 # For a specific version.
-curl -LsSf https://astral.sh/ruff/0.14.6/install.sh | sh
-powershell -c "irm https://astral.sh/ruff/0.14.6/install.ps1 | iex"
+curl -LsSf https://astral.sh/ruff/0.14.7/install.sh | sh
+powershell -c "irm https://astral.sh/ruff/0.14.7/install.ps1 | iex"
 ```
 
 You can also install Ruff via [Homebrew](https://formulae.brew.sh/formula/ruff), [Conda](https://anaconda.org/conda-forge/ruff),
@@ -181,7 +181,7 @@ Ruff can also be used as a [pre-commit](https://pre-commit.com/) hook via [`ruff
 ```yaml
 - repo: https://github.com/astral-sh/ruff-pre-commit
   # Ruff version.
-  rev: v0.14.6
+  rev: v0.14.7
   hooks:
     # Run the linter.
     - id: ruff-check

crates/ruff/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "ruff"
-version = "0.14.6"
+version = "0.14.7"
 publish = true
 authors = { workspace = true }
 edition = { workspace = true }

crates/ruff/src/printer.rs

@@ -34,9 +34,21 @@ struct ExpandedStatistics<'a> {
     code: Option<&'a SecondaryCode>,
     name: &'static str,
     count: usize,
-    fixable: bool,
+    #[serde(rename = "fixable")]
+    all_fixable: bool,
+    fixable_count: usize,
 }
 
+impl ExpandedStatistics<'_> {
+    fn any_fixable(&self) -> bool {
+        self.fixable_count > 0
+    }
+}
+
+/// Accumulator type for grouping diagnostics by code.
+/// Format: (`code`, `representative_diagnostic`, `total_count`, `fixable_count`)
+type DiagnosticGroup<'a> = (Option<&'a SecondaryCode>, &'a Diagnostic, usize, usize);
+
 pub(crate) struct Printer {
     format: OutputFormat,
     log_level: LogLevel,
@@ -133,7 +145,7 @@ impl Printer {
                         if fixables.applicable > 0 {
                             writeln!(
                                 writer,
-                                "{fix_prefix} {} fixable with the --fix option.",
+                                "{fix_prefix} {} fixable with the `--fix` option.",
                                 fixables.applicable
                             )?;
                         }
@@ -256,35 +268,41 @@ impl Printer {
         diagnostics: &Diagnostics,
         writer: &mut dyn Write,
     ) -> Result<()> {
+        let required_applicability = self.unsafe_fixes.required_applicability();
         let statistics: Vec<ExpandedStatistics> = diagnostics
             .inner
             .iter()
-            .map(|message| (message.secondary_code(), message))
-            .sorted_by_key(|(code, message)| (*code, message.fixable()))
-            .fold(
-                vec![],
-                |mut acc: Vec<((Option<&SecondaryCode>, &Diagnostic), usize)>, (code, message)| {
-                    if let Some(((prev_code, _prev_message), count)) = acc.last_mut() {
-                        if *prev_code == code {
-                            *count += 1;
-                            return acc;
+            .sorted_by_key(|diagnostic| diagnostic.secondary_code())
+            .fold(vec![], |mut acc: Vec<DiagnosticGroup>, diagnostic| {
+                let is_fixable = diagnostic
+                    .fix()
+                    .is_some_and(|fix| fix.applies(required_applicability));
+                let code = diagnostic.secondary_code();
+
+                if let Some((prev_code, _prev_message, count, fixable_count)) = acc.last_mut() {
+                    if *prev_code == code {
+                        *count += 1;
+                        if is_fixable {
+                            *fixable_count += 1;
                         }
+                        return acc;
                     }
-                    acc.push(((code, message), 1));
-                    acc
+                }
+                acc.push((code, diagnostic, 1, usize::from(is_fixable)));
+                acc
+            })
+            .iter()
+            .map(
+                |&(code, message, count, fixable_count)| ExpandedStatistics {
+                    code,
+                    name: message.name(),
+                    count,
+                    // Backward compatibility: `fixable` is true only when all violations are fixable.
+                    // See: https://github.com/astral-sh/ruff/pull/21513
+                    all_fixable: fixable_count == count,
+                    fixable_count,
                 },
             )
-            .iter()
-            .map(|&((code, message), count)| ExpandedStatistics {
-                code,
-                name: message.name(),
-                count,
-                fixable: if let Some(fix) = message.fix() {
-                    fix.applies(self.unsafe_fixes.required_applicability())
-                } else {
-                    false
-                },
-            })
             .sorted_by_key(|statistic| Reverse(statistic.count))
             .collect();
 
@@ -308,13 +326,14 @@ impl Printer {
                     .map(|statistic| statistic.code.map_or(0, |s| s.len()))
                     .max()
                     .unwrap();
-                let any_fixable = statistics.iter().any(|statistic| statistic.fixable);
+                let any_fixable = statistics.iter().any(ExpandedStatistics::any_fixable);
 
-                let fixable = format!("[{}] ", "*".cyan());
+                let all_fixable = format!("[{}] ", "*".cyan());
+                let partially_fixable = format!("[{}] ", "-".cyan());
                 let unfixable = "[ ] ";
 
                 // By default, we mimic Flake8's `--statistics` format.
-                for statistic in statistics {
+                for statistic in &statistics {
                     writeln!(
                         writer,
                         "{:>count_width$}\t{:<code_width$}\t{}{}",
@@ -326,8 +345,10 @@ impl Printer {
                             .red()
                             .bold(),
                         if any_fixable {
-                            if statistic.fixable {
-                                &fixable
+                            if statistic.all_fixable {
+                                &all_fixable
+                            } else if statistic.any_fixable() {
+                                &partially_fixable
                             } else {
                                 unfixable
                             }

crates/ruff/tests/integration_test.rs

@@ -1043,7 +1043,7 @@ def mvce(keys, values):
     ----- stdout -----
     1	C416	[*] unnecessary-comprehension
     Found 1 error.
-    [*] 1 fixable with the --fix option.
+    [*] 1 fixable with the `--fix` option.
 
     ----- stderr -----
     ");
@@ -1073,7 +1073,8 @@ def mvce(keys, values):
         "code": "C416",
         "name": "unnecessary-comprehension",
         "count": 1,
-        "fixable": false
+        "fixable": false,
+        "fixable_count": 0
       }
     ]
 
@@ -1106,7 +1107,8 @@ def mvce(keys, values):
         "code": "C416",
         "name": "unnecessary-comprehension",
         "count": 1,
-        "fixable": true
+        "fixable": true,
+        "fixable_count": 1
       }
     ]
 
@@ -1114,6 +1116,54 @@ def mvce(keys, values):
     "#);
 }
 
+#[test]
+fn show_statistics_json_partial_fix() {
+    let mut cmd = RuffCheck::default()
+        .args([
+            "--select",
+            "UP035",
+            "--statistics",
+            "--output-format",
+            "json",
+        ])
+        .build();
+    assert_cmd_snapshot!(cmd
+        .pass_stdin("from typing import List, AsyncGenerator"), @r#"
+    success: false
+    exit_code: 1
+    ----- stdout -----
+    [
+      {
+        "code": "UP035",
+        "name": "deprecated-import",
+        "count": 2,
+        "fixable": false,
+        "fixable_count": 1
+      }
+    ]
+
+    ----- stderr -----
+    "#);
+}
+
+#[test]
+fn show_statistics_partial_fix() {
+    let mut cmd = RuffCheck::default()
+        .args(["--select", "UP035", "--statistics"])
+        .build();
+    assert_cmd_snapshot!(cmd
+        .pass_stdin("from typing import List, AsyncGenerator"), @r"
+    success: false
+    exit_code: 1
+    ----- stdout -----
+    2	UP035	[-] deprecated-import
+    Found 2 errors.
+    [*] 1 fixable with the `--fix` option.
+
+    ----- stderr -----
+    ");
+}
+
 #[test]
 fn show_statistics_syntax_errors() {
     let mut cmd = RuffCheck::default()
@@ -1810,7 +1860,7 @@ fn check_no_hint_for_hidden_unsafe_fixes_when_disabled() {
     --> -:1:1
 
     Found 2 errors.
-    [*] 1 fixable with the --fix option.
+    [*] 1 fixable with the `--fix` option.
 
     ----- stderr -----
     ");
@@ -1853,7 +1903,7 @@ fn check_shows_unsafe_fixes_with_opt_in() {
     --> -:1:1
 
     Found 2 errors.
-    [*] 2 fixable with the --fix option.
+    [*] 2 fixable with the `--fix` option.
 
     ----- stderr -----
     ");

crates/ruff_benchmark/Cargo.toml

@@ -59,8 +59,6 @@ divan = { workspace = true, optional = true }
 anyhow = { workspace = true }
 codspeed-criterion-compat = { workspace = true, default-features = false, optional = true }
 criterion = { workspace = true, default-features = false, optional = true }
-rayon = { workspace = true }
-rustc-hash = { workspace = true }
 serde = { workspace = true }
 serde_json = { workspace = true }
 tracing = { workspace = true }
@@ -88,3 +86,7 @@ mimalloc = { workspace = true }
 
 [target.'cfg(all(not(target_os = "windows"), not(target_os = "openbsd"), any(target_arch = "x86_64", target_arch = "aarch64", target_arch = "powerpc64", target_arch = "riscv64")))'.dev-dependencies]
 tikv-jemallocator = { workspace = true }
+
+[dev-dependencies]
+rustc-hash = { workspace = true }
+rayon = { workspace = true }

crates/ruff_benchmark/benches/ty_walltime.rs

@@ -120,7 +120,7 @@ static COLOUR_SCIENCE: Benchmark = Benchmark::new(
         max_dep_date: "2025-06-17",
         python_version: PythonVersion::PY310,
     },
-    600,
+    1070,
 );
 
 static FREQTRADE: Benchmark = Benchmark::new(
@@ -223,7 +223,7 @@ static STATIC_FRAME: Benchmark = Benchmark::new(
         max_dep_date: "2025-08-09",
         python_version: PythonVersion::PY311,
     },
-    900,
+    950,
 );
 
 #[track_caller]

crates/ruff_db/src/diagnostic/mod.rs

@@ -354,6 +354,13 @@ impl Diagnostic {
         Arc::make_mut(&mut self.inner).fix = Some(fix);
     }
 
+    /// If `fix` is `Some`, set the fix for this diagnostic.
+    pub fn set_optional_fix(&mut self, fix: Option<Fix>) {
+        if let Some(fix) = fix {
+            self.set_fix(fix);
+        }
+    }
+
     /// Remove the fix for this diagnostic.
     pub fn remove_fix(&mut self) {
         Arc::make_mut(&mut self.inner).fix = None;

crates/ruff_db/src/parsed.rs

@@ -3,8 +3,10 @@ use std::sync::Arc;
 
 use arc_swap::ArcSwapOption;
 use get_size2::GetSize;
-use ruff_python_ast::{AnyRootNodeRef, ModModule, NodeIndex};
-use ruff_python_parser::{ParseOptions, Parsed, parse_unchecked};
+use ruff_python_ast::{AnyRootNodeRef, ModExpression, ModModule, NodeIndex, StringLiteral};
+use ruff_python_parser::{
+    ParseError, ParseOptions, Parsed, parse_string_annotation, parse_unchecked,
+};
 
 use crate::Db;
 use crate::files::File;
@@ -41,6 +43,18 @@ pub fn parsed_module_impl(db: &dyn Db, file: File) -> Parsed<ModModule> {
         .expect("PySourceType always parses into a module")
 }
 
+pub fn parsed_string_annotation(
+    source: &str,
+    string: &StringLiteral,
+) -> Result<Parsed<ModExpression>, ParseError> {
+    let expr = parse_string_annotation(source, string)?;
+
+    // We need the sub-ast of the string annotation to be indexed
+    indexed::ensure_indexed(&expr);
+
+    Ok(expr)
+}
+
 /// A wrapper around a parsed module.
 ///
 /// This type manages instances of the module AST. A particular instance of the AST
@@ -170,12 +184,21 @@ mod indexed {
         pub parsed: Parsed<ModModule>,
     }
 
+    pub fn ensure_indexed(parsed: &Parsed<ModExpression>) {
+        let mut visitor = Visitor {
+            nodes: Some(Vec::new()),
+            index: 0,
+        };
+
+        AnyNodeRef::from(parsed.syntax()).visit_source_order(&mut visitor);
+    }
+
     impl IndexedModule {
         /// Create a new [`IndexedModule`] from the given AST.
         #[allow(clippy::unnecessary_cast)]
         pub fn new(parsed: Parsed<ModModule>) -> Arc<Self> {
             let mut visitor = Visitor {
-                nodes: Vec::new(),
+                nodes: Some(Vec::new()),
                 index: 0,
             };
 
@@ -186,7 +209,7 @@ mod indexed {
 
             AnyNodeRef::from(inner.parsed.syntax()).visit_source_order(&mut visitor);
 
-            let index: Box<[AnyRootNodeRef<'_>]> = visitor.nodes.into_boxed_slice();
+            let index: Box<[AnyRootNodeRef<'_>]> = visitor.nodes.unwrap().into_boxed_slice();
 
             // SAFETY: We cast from `Box<[AnyRootNodeRef<'_>]>` to `Box<[AnyRootNodeRef<'static>]>`,
             // faking the 'static lifetime to create the self-referential struct. The node references
@@ -215,7 +238,7 @@ mod indexed {
     /// A visitor that collects nodes in source order.
     pub struct Visitor<'a> {
         pub index: u32,
-        pub nodes: Vec<AnyRootNodeRef<'a>>,
+        pub nodes: Option<Vec<AnyRootNodeRef<'a>>>,
     }
 
     impl<'a> Visitor<'a> {
@@ -225,7 +248,9 @@ mod indexed {
             AnyRootNodeRef<'a>: From<&'a T>,
         {
             node.node_index().set(NodeIndex::from(self.index));
-            self.nodes.push(AnyRootNodeRef::from(node));
+            if let Some(nodes) = &mut self.nodes {
+                nodes.push(AnyRootNodeRef::from(node));
+            }
             self.index += 1;
         }
     }

crates/ruff_diagnostics/src/fix.rs

@@ -149,6 +149,10 @@ impl Fix {
         &self.edits
     }
 
+    pub fn into_edits(self) -> Vec<Edit> {
+        self.edits
+    }
+
     /// Return the [`Applicability`] of the [`Fix`].
     pub fn applicability(&self) -> Applicability {
         self.applicability

crates/ruff_linter/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "ruff_linter"
-version = "0.14.6"
+version = "0.14.7"
 publish = false
 authors = { workspace = true }
 edition = { workspace = true }

crates/ruff_linter/resources/test/fixtures/flake8_bandit/S310.py

@@ -45,3 +45,22 @@ urllib.request.urlopen(urllib.request.Request(url))
 # https://github.com/astral-sh/ruff/issues/15522
 map(urllib.request.urlopen, [])
 foo = urllib.request.urlopen
+
+# https://github.com/astral-sh/ruff/issues/21462
+path = "https://example.com/data.csv"
+urllib.request.urlretrieve(path, "data.csv")
+url = "https://example.com/api"
+urllib.request.Request(url)
+
+# Test resolved f-strings and concatenated string literals
+fstring_url = f"https://example.com/data.csv"
+urllib.request.urlopen(fstring_url)
+urllib.request.Request(fstring_url)
+
+concatenated_url = "https://" + "example.com/data.csv"
+urllib.request.urlopen(concatenated_url)
+urllib.request.Request(concatenated_url)
+
+nested_concatenated = "http://" + "example.com" + "/data.csv"
+urllib.request.urlopen(nested_concatenated)
+urllib.request.Request(nested_concatenated)

crates/ruff_linter/resources/test/fixtures/flake8_simplify/SIM222.py

@@ -216,3 +216,15 @@ def get_items_list():
 
 def get_items_set():
     return tuple({item for item in items}) or None  # OK
+
+
+# https://github.com/astral-sh/ruff/issues/21473
+tuple("") or True  # SIM222
+tuple(t"") or True  # OK
+tuple(0) or True  # OK
+tuple(1) or True  # OK
+tuple(False) or True  # OK
+tuple(None) or True  # OK
+tuple(...) or True  # OK
+tuple(lambda x: x) or True  # OK
+tuple(x for x in range(0)) or True  # OK

crates/ruff_linter/resources/test/fixtures/flake8_simplify/SIM223.py

@@ -157,3 +157,15 @@ print(f"{1}{''}" and "bar")
 
 # https://github.com/astral-sh/ruff/issues/7127
 def f(a: "'' and 'b'"): ...
+
+
+# https://github.com/astral-sh/ruff/issues/21473
+tuple("") and False  # SIM223
+tuple(t"") and False  # OK
+tuple(0) and False  # OK
+tuple(1) and False  # OK
+tuple(False) and False  # OK
+tuple(None) and False  # OK
+tuple(...) and False  # OK
+tuple(lambda x: x) and False  # OK
+tuple(x for x in range(0)) and False  # OK

crates/ruff_linter/resources/test/fixtures/ruff/RUF066.py

@@ -0,0 +1,70 @@
+import abc
+import typing
+
+
+class User:  # Test normal class properties
+    @property
+    def name(self):  # ERROR: No return
+        f"{self.first_name} {self.last_name}"
+
+    @property
+    def age(self):  # OK: Returning something
+        return 100
+
+    def method(self):  # OK: Not a property
+        x = 1
+
+    @property
+    def nested(self):  # ERROR: Property itself doesn't return
+        def inner():
+            return 0
+
+    @property
+    def stub(self): ...  # OK: A stub; doesn't return anything
+
+
+class UserMeta(metaclass=abc.ABCMeta):  # Test properies inside of an ABC class
+    @property
+    @abc.abstractmethod
+    def abstr_prop1(self): ...  # OK: Abstract methods doesn't need to return anything
+
+    @property
+    @abc.abstractmethod
+    def abstr_prop2(self):  # OK: Abstract methods doesn't need to return anything
+        """
+        A cool docstring
+        """
+
+    @property
+    def prop1(self):  # OK: Returning a value
+        return 1
+
+    @property
+    def prop2(self):  # ERROR: Not returning something (even when we are inside an ABC)
+        50
+
+    def method(self):  # OK: Not a property
+        x = 1
+
+
+def func():  # OK: Not a property
+    x = 1
+
+
+class Proto(typing.Protocol):  # Tests for a Protocol class
+    @property
+    def prop1(self) -> int: ...  # OK: A stub property
+
+
+class File:  # Extra tests for things like yield/yield from/raise
+    @property
+    def stream1(self):  # OK: Yields something
+        yield
+
+    @property
+    def stream2(self):  # OK: Yields from something
+        yield from self.stream1
+
+    @property
+    def children(self):  # OK: Raises
+        raise ValueError("File does not have children")

crates/ruff_linter/resources/test/project/README.md

@@ -17,7 +17,7 @@ crates/ruff_linter/resources/test/project/examples/docs/docs/file.py:8:5: F841 [
 crates/ruff_linter/resources/test/project/project/file.py:1:8: F401 [*] `os` imported but unused
 crates/ruff_linter/resources/test/project/project/import_file.py:1:1: I001 [*] Import block is un-sorted or un-formatted
 Found 7 errors.
-[*] 7 potentially fixable with the --fix option.
+[*] 7 potentially fixable with the `--fix` option.
 ```
 
 Running from the project directory itself should exhibit the same behavior:
@@ -32,7 +32,7 @@ examples/docs/docs/file.py:8:5: F841 [*] Local variable `x` is assigned to but n
 project/file.py:1:8: F401 [*] `os` imported but unused
 project/import_file.py:1:1: I001 [*] Import block is un-sorted or un-formatted
 Found 7 errors.
-[*] 7 potentially fixable with the --fix option.
+[*] 7 potentially fixable with the `--fix` option.
 ```
 
 Running from the sub-package directory should exhibit the same behavior, but omit the top-level
@@ -43,7 +43,7 @@ files:
 docs/file.py:1:1: I001 [*] Import block is un-sorted or un-formatted
 docs/file.py:8:5: F841 [*] Local variable `x` is assigned to but never used
 Found 2 errors.
-[*] 2 potentially fixable with the --fix option.
+[*] 2 potentially fixable with the `--fix` option.
 ```
 
 `--config` should force Ruff to use the specified `pyproject.toml` for all files, and resolve
@@ -61,7 +61,7 @@ crates/ruff_linter/resources/test/project/examples/docs/docs/file.py:4:27: F401
 crates/ruff_linter/resources/test/project/examples/excluded/script.py:1:8: F401 [*] `os` imported but unused
 crates/ruff_linter/resources/test/project/project/file.py:1:8: F401 [*] `os` imported but unused
 Found 9 errors.
-[*] 9 potentially fixable with the --fix option.
+[*] 9 potentially fixable with the `--fix` option.
 ```
 
 Running from a parent directory should "ignore" the `exclude` (hence, `concepts/file.py` gets
@@ -74,7 +74,7 @@ docs/docs/file.py:1:1: I001 [*] Import block is un-sorted or un-formatted
 docs/docs/file.py:8:5: F841 [*] Local variable `x` is assigned to but never used
 excluded/script.py:5:5: F841 [*] Local variable `x` is assigned to but never used
 Found 4 errors.
-[*] 4 potentially fixable with the --fix option.
+[*] 4 potentially fixable with the `--fix` option.
 ```
 
 Passing an excluded directory directly should report errors in the contained files:
@@ -83,7 +83,7 @@ Passing an excluded directory directly should report errors in the contained fil
 ∴ cargo run -p ruff -- check crates/ruff_linter/resources/test/project/examples/excluded/
 crates/ruff_linter/resources/test/project/examples/excluded/script.py:1:8: F401 [*] `os` imported but unused
 Found 1 error.
-[*] 1 potentially fixable with the --fix option.
+[*] 1 potentially fixable with the `--fix` option.
 ```
 
 Unless we `--force-exclude`:

crates/ruff_linter/src/checkers/ast/analyze/statement.rs

@@ -347,6 +347,9 @@ pub(crate) fn statement(stmt: &Stmt, checker: &mut Checker) {
             if checker.is_rule_enabled(Rule::InvalidArgumentName) {
                 pep8_naming::rules::invalid_argument_name_function(checker, function_def);
             }
+            if checker.is_rule_enabled(Rule::PropertyWithoutReturn) {
+                ruff::rules::property_without_return(checker, function_def);
+            }
         }
         Stmt::Return(_) => {
             if checker.is_rule_enabled(Rule::ReturnInInit) {

crates/ruff_linter/src/codes.rs

@@ -1058,6 +1058,7 @@ pub fn code_to_rule(linter: Linter, code: &str) -> Option<(RuleGroup, Rule)> {
         (Ruff, "063") => rules::ruff::rules::AccessAnnotationsFromClassDict,
         (Ruff, "064") => rules::ruff::rules::NonOctalPermissions,
         (Ruff, "065") => rules::ruff::rules::LoggingEagerConversion,
+        (Ruff, "066") => rules::ruff::rules::PropertyWithoutReturn,
 
         (Ruff, "100") => rules::ruff::rules::UnusedNOQA,
         (Ruff, "101") => rules::ruff::rules::RedirectedNOQA,

crates/ruff_linter/src/preview.rs

@@ -279,3 +279,10 @@ pub(crate) const fn is_extended_snmp_api_path_detection_enabled(settings: &Linte
 pub(crate) const fn is_enumerate_for_loop_int_index_enabled(settings: &LinterSettings) -> bool {
     settings.preview.is_enabled()
 }
+
+// https://github.com/astral-sh/ruff/pull/21469
+pub(crate) const fn is_s310_resolve_string_literal_bindings_enabled(
+    settings: &LinterSettings,
+) -> bool {
+    settings.preview.is_enabled()
+}

crates/ruff_linter/src/rules/flake8_bandit/mod.rs

@@ -10,11 +10,11 @@ mod tests {
     use anyhow::Result;
     use test_case::test_case;
 
-    use crate::assert_diagnostics;
     use crate::registry::Rule;
     use crate::settings::LinterSettings;
     use crate::settings::types::PreviewMode;
     use crate::test::test_path;
+    use crate::{assert_diagnostics, assert_diagnostics_diff};
 
     #[test_case(Rule::Assert, Path::new("S101.py"))]
     #[test_case(Rule::BadFilePermissions, Path::new("S103.py"))]
@@ -112,14 +112,19 @@ mod tests {
             rule_code.noqa_code(),
             path.to_string_lossy()
         );
-        let diagnostics = test_path(
+
+        assert_diagnostics_diff!(
+            snapshot,
             Path::new("flake8_bandit").join(path).as_path(),
+            &LinterSettings {
+                preview: PreviewMode::Disabled,
+                ..LinterSettings::for_rule(rule_code)
+            },
             &LinterSettings {
                 preview: PreviewMode::Enabled,
                 ..LinterSettings::for_rule(rule_code)
-            },
-        )?;
-        assert_diagnostics!(snapshot, diagnostics);
+            }
+        );
         Ok(())
     }
 

crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_function_call.rs

@@ -4,11 +4,16 @@
 use itertools::Either;
 use ruff_macros::{ViolationMetadata, derive_message_formats};
 use ruff_python_ast::{self as ast, Arguments, Decorator, Expr, ExprCall, Operator};
+use ruff_python_semantic::SemanticModel;
+use ruff_python_semantic::analyze::typing::find_binding_value;
 use ruff_text_size::{Ranged, TextRange};
 
 use crate::Violation;
 use crate::checkers::ast::Checker;
-use crate::preview::is_suspicious_function_reference_enabled;
+use crate::preview::{
+    is_s310_resolve_string_literal_bindings_enabled, is_suspicious_function_reference_enabled,
+};
+use crate::settings::LinterSettings;
 
 /// ## What it does
 /// Checks for calls to `pickle` functions or modules that wrap them.
@@ -1016,6 +1021,25 @@ fn suspicious_function(
             || has_prefix(chars.skip_while(|c| c.is_whitespace()), "https://")
     }
 
+    /// Resolves `expr` to its binding and checks if the resolved expression starts with an HTTP or HTTPS prefix.
+    fn expression_starts_with_http_prefix(
+        expr: &Expr,
+        semantic: &SemanticModel,
+        settings: &LinterSettings,
+    ) -> bool {
+        let resolved_expression = if is_s310_resolve_string_literal_bindings_enabled(settings)
+            && let Some(name_expr) = expr.as_name_expr()
+            && let Some(binding_id) = semantic.only_binding(name_expr)
+            && let Some(value) = find_binding_value(semantic.binding(binding_id), semantic)
+        {
+            value
+        } else {
+            expr
+        };
+
+        leading_chars(resolved_expression).is_some_and(has_http_prefix)
+    }
+
     /// Return the leading characters for an expression, if it's a string literal, f-string, or
     /// string concatenation.
     fn leading_chars(expr: &Expr) -> Option<impl Iterator<Item = char> + Clone + '_> {
@@ -1139,17 +1163,19 @@ fn suspicious_function(
         // URLOpen (`Request`)
         ["urllib", "request", "Request"] | ["six", "moves", "urllib", "request", "Request"] => {
             if let Some(arguments) = arguments {
-                // If the `url` argument is a string literal or an f-string, allow `http` and `https` schemes.
+                // If the `url` argument is a string literal (including resolved bindings), allow `http` and `https` schemes.
                 if arguments.args.iter().all(|arg| !arg.is_starred_expr())
                     && arguments
                         .keywords
                         .iter()
                         .all(|keyword| keyword.arg.is_some())
                 {
-                    if arguments
-                        .find_argument_value("url", 0)
-                        .and_then(leading_chars)
-                        .is_some_and(has_http_prefix)
+                    if let Some(url_expr) = arguments.find_argument_value("url", 0)
+                        && expression_starts_with_http_prefix(
+                            url_expr,
+                            checker.semantic(),
+                            checker.settings(),
+                        )
                     {
                         return;
                     }
@@ -1186,19 +1212,25 @@ fn suspicious_function(
                                     name.segments() == ["urllib", "request", "Request"]
                                 })
                             {
-                                if arguments
-                                    .find_argument_value("url", 0)
-                                    .and_then(leading_chars)
-                                    .is_some_and(has_http_prefix)
+                                if let Some(url_expr) = arguments.find_argument_value("url", 0)
+                                    && expression_starts_with_http_prefix(
+                                        url_expr,
+                                        checker.semantic(),
+                                        checker.settings(),
+                                    )
                                 {
                                     return;
                                 }
                             }
                         }
 
-                        // If the `url` argument is a string literal, allow `http` and `https` schemes.
+                        // If the `url` argument is a string literal (including resolved bindings), allow `http` and `https` schemes.
                         Some(expr) => {
-                            if leading_chars(expr).is_some_and(has_http_prefix) {
+                            if expression_starts_with_http_prefix(
+                                expr,
+                                checker.semantic(),
+                                checker.settings(),
+                            ) {
                                 return;
                             }
                         }

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S310_S310.py.snap

@@ -254,3 +254,84 @@ S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom sch
 42 | urllib.request.urlopen(urllib.request.Request(url))
    |                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
+
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:51:1
+   |
+49 | # https://github.com/astral-sh/ruff/issues/21462
+50 | path = "https://example.com/data.csv"
+51 | urllib.request.urlretrieve(path, "data.csv")
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+52 | url = "https://example.com/api"
+53 | urllib.request.Request(url)
+   |
+
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:53:1
+   |
+51 | urllib.request.urlretrieve(path, "data.csv")
+52 | url = "https://example.com/api"
+53 | urllib.request.Request(url)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^
+54 |
+55 | # Test resolved f-strings and concatenated string literals
+   |
+
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:57:1
+   |
+55 | # Test resolved f-strings and concatenated string literals
+56 | fstring_url = f"https://example.com/data.csv"
+57 | urllib.request.urlopen(fstring_url)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+58 | urllib.request.Request(fstring_url)
+   |
+
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:58:1
+   |
+56 | fstring_url = f"https://example.com/data.csv"
+57 | urllib.request.urlopen(fstring_url)
+58 | urllib.request.Request(fstring_url)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+59 |
+60 | concatenated_url = "https://" + "example.com/data.csv"
+   |
+
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:61:1
+   |
+60 | concatenated_url = "https://" + "example.com/data.csv"
+61 | urllib.request.urlopen(concatenated_url)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+62 | urllib.request.Request(concatenated_url)
+   |
+
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:62:1
+   |
+60 | concatenated_url = "https://" + "example.com/data.csv"
+61 | urllib.request.urlopen(concatenated_url)
+62 | urllib.request.Request(concatenated_url)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+63 |
+64 | nested_concatenated = "http://" + "example.com" + "/data.csv"
+   |
+
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:65:1
+   |
+64 | nested_concatenated = "http://" + "example.com" + "/data.csv"
+65 | urllib.request.urlopen(nested_concatenated)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+66 | urllib.request.Request(nested_concatenated)
+   |
+
+S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
+  --> S310.py:66:1
+   |
+64 | nested_concatenated = "http://" + "example.com" + "/data.csv"
+65 | urllib.request.urlopen(nested_concatenated)
+66 | urllib.request.Request(nested_concatenated)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+   |

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S301_S301.py.snap

@@ -1,15 +1,15 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
- --> S301.py:3:1
-  |
-1 | import pickle
-2 |
-3 | pickle.loads()
-  | ^^^^^^^^^^^^^^
-  |
+--- Linter settings ---
+-linter.preview = disabled
++linter.preview = enabled
 
+--- Summary ---
+Removed: 0
+Added: 2
+
+--- Added ---
 S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
  --> S301.py:7:5
   |
@@ -19,6 +19,7 @@ S301 `pickle` and modules that wrap it can be unsafe when used to deserialize un
 8 | foo = pickle.load
   |
 
+
 S301 `pickle` and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue
  --> S301.py:8:7
   |

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S307_S307.py.snap

@@ -1,24 +1,15 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S307 Use of possibly insecure function; consider using `ast.literal_eval`
- --> S307.py:3:7
-  |
-1 | import os
-2 |
-3 | print(eval("1+1"))  # S307
-  |       ^^^^^^^^^^^
-4 | print(eval("os.getcwd()"))  # S307
-  |
+--- Linter settings ---
+-linter.preview = disabled
++linter.preview = enabled
 
-S307 Use of possibly insecure function; consider using `ast.literal_eval`
- --> S307.py:4:7
-  |
-3 | print(eval("1+1"))  # S307
-4 | print(eval("os.getcwd()"))  # S307
-  |       ^^^^^^^^^^^^^^^^^^^
-  |
+--- Summary ---
+Removed: 0
+Added: 2
 
+--- Added ---
 S307 Use of possibly insecure function; consider using `ast.literal_eval`
   --> S307.py:16:5
    |
@@ -28,6 +19,7 @@ S307 Use of possibly insecure function; consider using `ast.literal_eval`
 17 | foo = eval
    |
 
+
 S307 Use of possibly insecure function; consider using `ast.literal_eval`
   --> S307.py:17:7
    |

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S308_S308.py.snap

@@ -1,60 +1,37 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
- --> S308.py:6:5
-  |
-4 | def bad_func():
-5 |     inject = "harmful_input"
-6 |     mark_safe(inject)
-  |     ^^^^^^^^^^^^^^^^^
-7 |     mark_safe("I will add" + inject + "to my string")
-8 |     mark_safe("I will add %s to my string" % inject)
-  |
+--- Linter settings ---
+-linter.preview = disabled
++linter.preview = enabled
 
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
- --> S308.py:7:5
-  |
-5 |     inject = "harmful_input"
-6 |     mark_safe(inject)
-7 |     mark_safe("I will add" + inject + "to my string")
-  |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-8 |     mark_safe("I will add %s to my string" % inject)
-9 |     mark_safe("I will add {} to my string".format(inject))
-  |
+--- Summary ---
+Removed: 2
+Added: 4
 
+--- Removed ---
 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:8:5
+  --> S308.py:16:1
    |
- 6 |     mark_safe(inject)
- 7 |     mark_safe("I will add" + inject + "to my string")
- 8 |     mark_safe("I will add %s to my string" % inject)
-   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- 9 |     mark_safe("I will add {} to my string".format(inject))
-10 |     mark_safe(f"I will add {inject} to my string")
+16 | @mark_safe
+   | ^^^^^^^^^^
+17 | def some_func():
+18 |     return '<script>alert("evil!")</script>'
    |
 
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:9:5
-   |
- 7 |     mark_safe("I will add" + inject + "to my string")
- 8 |     mark_safe("I will add %s to my string" % inject)
- 9 |     mark_safe("I will add {} to my string".format(inject))
-   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-10 |     mark_safe(f"I will add {inject} to my string")
-   |
 
 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:10:5
+  --> S308.py:36:1
    |
- 8 |     mark_safe("I will add %s to my string" % inject)
- 9 |     mark_safe("I will add {} to my string".format(inject))
-10 |     mark_safe(f"I will add {inject} to my string")
-   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-11 |
-12 | def good_func():
+36 | @mark_safe
+   | ^^^^^^^^^^
+37 | def some_func():
+38 |     return '<script>alert("evil!")</script>'
    |
 
+
+
+--- Added ---
 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
   --> S308.py:16:2
    |
@@ -64,59 +41,6 @@ S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
 18 |     return '<script>alert("evil!")</script>'
    |
 
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:26:5
-   |
-24 | def bad_func():
-25 |     inject = "harmful_input"
-26 |     mark_safe(inject)
-   |     ^^^^^^^^^^^^^^^^^
-27 |     mark_safe("I will add" + inject + "to my string")
-28 |     mark_safe("I will add %s to my string" % inject)
-   |
-
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:27:5
-   |
-25 |     inject = "harmful_input"
-26 |     mark_safe(inject)
-27 |     mark_safe("I will add" + inject + "to my string")
-   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-28 |     mark_safe("I will add %s to my string" % inject)
-29 |     mark_safe("I will add {} to my string".format(inject))
-   |
-
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:28:5
-   |
-26 |     mark_safe(inject)
-27 |     mark_safe("I will add" + inject + "to my string")
-28 |     mark_safe("I will add %s to my string" % inject)
-   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-29 |     mark_safe("I will add {} to my string".format(inject))
-30 |     mark_safe(f"I will add {inject} to my string")
-   |
-
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:29:5
-   |
-27 |     mark_safe("I will add" + inject + "to my string")
-28 |     mark_safe("I will add %s to my string" % inject)
-29 |     mark_safe("I will add {} to my string".format(inject))
-   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-30 |     mark_safe(f"I will add {inject} to my string")
-   |
-
-S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
-  --> S308.py:30:5
-   |
-28 |     mark_safe("I will add %s to my string" % inject)
-29 |     mark_safe("I will add {} to my string".format(inject))
-30 |     mark_safe(f"I will add {inject} to my string")
-   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-31 |
-32 | def good_func():
-   |
 
 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
   --> S308.py:36:2
@@ -127,6 +51,7 @@ S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
 38 |     return '<script>alert("evil!")</script>'
    |
 
+
 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
   --> S308.py:42:5
    |
@@ -136,6 +61,7 @@ S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
 43 | foo = mark_safe
    |
 
+
 S308 Use of `mark_safe` may expose cross-site scripting vulnerabilities
   --> S308.py:43:7
    |

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S310_S310.py.snap

@@ -1,260 +1,106 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:6:1
-  |
-4 | urllib.request.urlopen(url=f'http://www.google.com')
-5 | urllib.request.urlopen(url='http://' + 'www' + '.google.com')
-6 | urllib.request.urlopen(url='http://www.google.com', **kwargs)
-  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-7 | urllib.request.urlopen(url=f'http://www.google.com', **kwargs)
-8 | urllib.request.urlopen('http://www.google.com')
-  |
+--- Linter settings ---
+-linter.preview = disabled
++linter.preview = enabled
 
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
- --> S310.py:7:1
-  |
-5 | urllib.request.urlopen(url='http://' + 'www' + '.google.com')
-6 | urllib.request.urlopen(url='http://www.google.com', **kwargs)
-7 | urllib.request.urlopen(url=f'http://www.google.com', **kwargs)
-  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-8 | urllib.request.urlopen('http://www.google.com')
-9 | urllib.request.urlopen(f'http://www.google.com')
-  |
+--- Summary ---
+Removed: 8
+Added: 2
 
+--- Removed ---
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:10:1
+  --> S310.py:51:1
    |
- 8 | urllib.request.urlopen('http://www.google.com')
- 9 | urllib.request.urlopen(f'http://www.google.com')
-10 | urllib.request.urlopen('file:///foo/bar/baz')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-11 | urllib.request.urlopen(url)
+49 | # https://github.com/astral-sh/ruff/issues/21462
+50 | path = "https://example.com/data.csv"
+51 | urllib.request.urlretrieve(path, "data.csv")
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+52 | url = "https://example.com/api"
+53 | urllib.request.Request(url)
    |
 
+
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:11:1
+  --> S310.py:53:1
    |
- 9 | urllib.request.urlopen(f'http://www.google.com')
-10 | urllib.request.urlopen('file:///foo/bar/baz')
-11 | urllib.request.urlopen(url)
+51 | urllib.request.urlretrieve(path, "data.csv")
+52 | url = "https://example.com/api"
+53 | urllib.request.Request(url)
    | ^^^^^^^^^^^^^^^^^^^^^^^^^^^
-12 |
-13 | urllib.request.Request(url='http://www.google.com')
+54 |
+55 | # Test resolved f-strings and concatenated string literals
    |
 
+
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:16:1
+  --> S310.py:57:1
    |
-14 | urllib.request.Request(url=f'http://www.google.com')
-15 | urllib.request.Request(url='http://' + 'www' + '.google.com')
-16 | urllib.request.Request(url='http://www.google.com', **kwargs)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-17 | urllib.request.Request(url=f'http://www.google.com', **kwargs)
-18 | urllib.request.Request('http://www.google.com')
+55 | # Test resolved f-strings and concatenated string literals
+56 | fstring_url = f"https://example.com/data.csv"
+57 | urllib.request.urlopen(fstring_url)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+58 | urllib.request.Request(fstring_url)
    |
 
+
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:17:1
+  --> S310.py:58:1
    |
-15 | urllib.request.Request(url='http://' + 'www' + '.google.com')
-16 | urllib.request.Request(url='http://www.google.com', **kwargs)
-17 | urllib.request.Request(url=f'http://www.google.com', **kwargs)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-18 | urllib.request.Request('http://www.google.com')
-19 | urllib.request.Request(f'http://www.google.com')
+56 | fstring_url = f"https://example.com/data.csv"
+57 | urllib.request.urlopen(fstring_url)
+58 | urllib.request.Request(fstring_url)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+59 |
+60 | concatenated_url = "https://" + "example.com/data.csv"
    |
 
+
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:20:1
+  --> S310.py:61:1
    |
-18 | urllib.request.Request('http://www.google.com')
-19 | urllib.request.Request(f'http://www.google.com')
-20 | urllib.request.Request('file:///foo/bar/baz')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-21 | urllib.request.Request(url)
+60 | concatenated_url = "https://" + "example.com/data.csv"
+61 | urllib.request.urlopen(concatenated_url)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+62 | urllib.request.Request(concatenated_url)
    |
 
+
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:21:1
+  --> S310.py:62:1
    |
-19 | urllib.request.Request(f'http://www.google.com')
-20 | urllib.request.Request('file:///foo/bar/baz')
-21 | urllib.request.Request(url)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^
-22 |
-23 | urllib.request.URLopener().open(fullurl='http://www.google.com')
+60 | concatenated_url = "https://" + "example.com/data.csv"
+61 | urllib.request.urlopen(concatenated_url)
+62 | urllib.request.Request(concatenated_url)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+63 |
+64 | nested_concatenated = "http://" + "example.com" + "/data.csv"
    |
 
+
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:23:1
+  --> S310.py:65:1
    |
-21 | urllib.request.Request(url)
-22 |
-23 | urllib.request.URLopener().open(fullurl='http://www.google.com')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-24 | urllib.request.URLopener().open(fullurl=f'http://www.google.com')
-25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
+64 | nested_concatenated = "http://" + "example.com" + "/data.csv"
+65 | urllib.request.urlopen(nested_concatenated)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+66 | urllib.request.Request(nested_concatenated)
    |
 
+
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:24:1
+  --> S310.py:66:1
    |
-23 | urllib.request.URLopener().open(fullurl='http://www.google.com')
-24 | urllib.request.URLopener().open(fullurl=f'http://www.google.com')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
-26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
+64 | nested_concatenated = "http://" + "example.com" + "/data.csv"
+65 | urllib.request.urlopen(nested_concatenated)
+66 | urllib.request.Request(nested_concatenated)
+   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
 
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:25:1
-   |
-23 | urllib.request.URLopener().open(fullurl='http://www.google.com')
-24 | urllib.request.URLopener().open(fullurl=f'http://www.google.com')
-25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
-27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
-   |
 
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:26:1
-   |
-24 | urllib.request.URLopener().open(fullurl=f'http://www.google.com')
-25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
-26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
-28 | urllib.request.URLopener().open('http://www.google.com')
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:27:1
-   |
-25 | urllib.request.URLopener().open(fullurl='http://' + 'www' + '.google.com')
-26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
-27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-28 | urllib.request.URLopener().open('http://www.google.com')
-29 | urllib.request.URLopener().open(f'http://www.google.com')
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:28:1
-   |
-26 | urllib.request.URLopener().open(fullurl='http://www.google.com', **kwargs)
-27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
-28 | urllib.request.URLopener().open('http://www.google.com')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-29 | urllib.request.URLopener().open(f'http://www.google.com')
-30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:29:1
-   |
-27 | urllib.request.URLopener().open(fullurl=f'http://www.google.com', **kwargs)
-28 | urllib.request.URLopener().open('http://www.google.com')
-29 | urllib.request.URLopener().open(f'http://www.google.com')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
-31 | urllib.request.URLopener().open('file:///foo/bar/baz')
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:30:1
-   |
-28 | urllib.request.URLopener().open('http://www.google.com')
-29 | urllib.request.URLopener().open(f'http://www.google.com')
-30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-31 | urllib.request.URLopener().open('file:///foo/bar/baz')
-32 | urllib.request.URLopener().open(url)
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:31:1
-   |
-29 | urllib.request.URLopener().open(f'http://www.google.com')
-30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
-31 | urllib.request.URLopener().open('file:///foo/bar/baz')
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-32 | urllib.request.URLopener().open(url)
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:32:1
-   |
-30 | urllib.request.URLopener().open('http://' + 'www' + '.google.com')
-31 | urllib.request.URLopener().open('file:///foo/bar/baz')
-32 | urllib.request.URLopener().open(url)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^
-33 |
-34 | urllib.request.urlopen(url=urllib.request.Request('http://www.google.com'))
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:37:1
-   |
-35 | urllib.request.urlopen(url=urllib.request.Request(f'http://www.google.com'))
-36 | urllib.request.urlopen(url=urllib.request.Request('http://' + 'www' + '.google.com'))
-37 | urllib.request.urlopen(url=urllib.request.Request('http://www.google.com'), **kwargs)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-38 | urllib.request.urlopen(url=urllib.request.Request(f'http://www.google.com'), **kwargs)
-39 | urllib.request.urlopen(urllib.request.Request('http://www.google.com'))
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:38:1
-   |
-36 | urllib.request.urlopen(url=urllib.request.Request('http://' + 'www' + '.google.com'))
-37 | urllib.request.urlopen(url=urllib.request.Request('http://www.google.com'), **kwargs)
-38 | urllib.request.urlopen(url=urllib.request.Request(f'http://www.google.com'), **kwargs)
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-39 | urllib.request.urlopen(urllib.request.Request('http://www.google.com'))
-40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:41:1
-   |
-39 | urllib.request.urlopen(urllib.request.Request('http://www.google.com'))
-40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
-41 | urllib.request.urlopen(urllib.request.Request('file:///foo/bar/baz'))
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-42 | urllib.request.urlopen(urllib.request.Request(url))
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:41:24
-   |
-39 | urllib.request.urlopen(urllib.request.Request('http://www.google.com'))
-40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
-41 | urllib.request.urlopen(urllib.request.Request('file:///foo/bar/baz'))
-   |                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-42 | urllib.request.urlopen(urllib.request.Request(url))
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:42:1
-   |
-40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
-41 | urllib.request.urlopen(urllib.request.Request('file:///foo/bar/baz'))
-42 | urllib.request.urlopen(urllib.request.Request(url))
-   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-   |
-
-S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
-  --> S310.py:42:24
-   |
-40 | urllib.request.urlopen(urllib.request.Request(f'http://www.google.com'))
-41 | urllib.request.urlopen(urllib.request.Request('file:///foo/bar/baz'))
-42 | urllib.request.urlopen(urllib.request.Request(url))
-   |                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^
-   |
 
+--- Added ---
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
   --> S310.py:46:5
    |
@@ -264,6 +110,7 @@ S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom sch
 47 | foo = urllib.request.urlopen
    |
 
+
 S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom schemes is often unexpected.
   --> S310.py:47:7
    |
@@ -271,4 +118,6 @@ S310 Audit URL open for permitted schemes. Allowing use of `file:` or custom sch
 46 | map(urllib.request.urlopen, [])
 47 | foo = urllib.request.urlopen
    |       ^^^^^^^^^^^^^^^^^^^^^^
+48 |
+49 | # https://github.com/astral-sh/ruff/issues/21462
    |

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S311_S311.py.snap

@@ -1,103 +1,15 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:10:1
-   |
- 9 | # Errors
-10 | random.Random()
-   | ^^^^^^^^^^^^^^^
-11 | random.random()
-12 | random.randrange()
-   |
+--- Linter settings ---
+-linter.preview = disabled
++linter.preview = enabled
 
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:11:1
-   |
- 9 | # Errors
-10 | random.Random()
-11 | random.random()
-   | ^^^^^^^^^^^^^^^
-12 | random.randrange()
-13 | random.randint()
-   |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:12:1
-   |
-10 | random.Random()
-11 | random.random()
-12 | random.randrange()
-   | ^^^^^^^^^^^^^^^^^^
-13 | random.randint()
-14 | random.choice()
-   |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:13:1
-   |
-11 | random.random()
-12 | random.randrange()
-13 | random.randint()
-   | ^^^^^^^^^^^^^^^^
-14 | random.choice()
-15 | random.choices()
-   |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:14:1
-   |
-12 | random.randrange()
-13 | random.randint()
-14 | random.choice()
-   | ^^^^^^^^^^^^^^^
-15 | random.choices()
-16 | random.uniform()
-   |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:15:1
-   |
-13 | random.randint()
-14 | random.choice()
-15 | random.choices()
-   | ^^^^^^^^^^^^^^^^
-16 | random.uniform()
-17 | random.triangular()
-   |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:16:1
-   |
-14 | random.choice()
-15 | random.choices()
-16 | random.uniform()
-   | ^^^^^^^^^^^^^^^^
-17 | random.triangular()
-18 | random.randbytes()
-   |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:17:1
-   |
-15 | random.choices()
-16 | random.uniform()
-17 | random.triangular()
-   | ^^^^^^^^^^^^^^^^^^^
-18 | random.randbytes()
-   |
-
-S311 Standard pseudo-random generators are not suitable for cryptographic purposes
-  --> S311.py:18:1
-   |
-16 | random.uniform()
-17 | random.triangular()
-18 | random.randbytes()
-   | ^^^^^^^^^^^^^^^^^^
-19 |
-20 | # Unrelated
-   |
+--- Summary ---
+Removed: 0
+Added: 2
 
+--- Added ---
 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
   --> S311.py:26:5
    |
@@ -107,6 +19,7 @@ S311 Standard pseudo-random generators are not suitable for cryptographic purpos
 27 | foo = random.randrange
    |
 
+
 S311 Standard pseudo-random generators are not suitable for cryptographic purposes
   --> S311.py:27:7
    |

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S312_S312.py.snap

@@ -1,15 +1,15 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
- --> S312.py:3:1
-  |
-1 | from telnetlib import Telnet
-2 |
-3 | Telnet("localhost", 23)
-  | ^^^^^^^^^^^^^^^^^^^^^^^
-  |
+--- Linter settings ---
+-linter.preview = disabled
++linter.preview = enabled
 
+--- Summary ---
+Removed: 0
+Added: 3
+
+--- Added ---
 S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
  --> S312.py:7:5
   |
@@ -19,6 +19,7 @@ S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
 8 | foo = Telnet
   |
 
+
 S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
   --> S312.py:8:7
    |
@@ -30,6 +31,7 @@ S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
 10 | import telnetlib
    |
 
+
 S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
   --> S312.py:11:5
    |
@@ -39,13 +41,3 @@ S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
 12 |
 13 | from typing import Annotated
    |
-
-S312 Telnet is considered insecure. Use SSH or some other encrypted protocol.
-  --> S312.py:14:24
-   |
-13 | from typing import Annotated
-14 | foo: Annotated[Telnet, telnetlib.Telnet()]
-   |                        ^^^^^^^^^^^^^^^^^^
-15 |
-16 | def _() -> Telnet: ...
-   |

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S508_S508.py.snap

@@ -1,26 +1,15 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
- --> S508.py:3:25
-  |
-1 | from pysnmp.hlapi import CommunityData
-2 |
-3 | CommunityData("public", mpModel=0)  # S508
-  |                         ^^^^^^^^^
-4 | CommunityData("public", mpModel=1)  # S508
-  |
+--- Linter settings ---
+-linter.preview = disabled
++linter.preview = enabled
 
-S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
- --> S508.py:4:25
-  |
-3 | CommunityData("public", mpModel=0)  # S508
-4 | CommunityData("public", mpModel=1)  # S508
-  |                         ^^^^^^^^^
-5 |
-6 | CommunityData("public", mpModel=2)  # OK
-  |
+--- Summary ---
+Removed: 0
+Added: 8
 
+--- Added ---
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:18:46
    |
@@ -32,6 +21,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 20 | pysnmp.hlapi.v1arch.asyncio.CommunityData("public", mpModel=0)  # S508
    |
 
+
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:19:58
    |
@@ -42,6 +32,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 21 | pysnmp.hlapi.v1arch.CommunityData("public", mpModel=0)  # S508
    |
 
+
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:20:53
    |
@@ -53,6 +44,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 22 | pysnmp.hlapi.v3arch.asyncio.auth.CommunityData("public", mpModel=0)  # S508
    |
 
+
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:21:45
    |
@@ -64,6 +56,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 23 | pysnmp.hlapi.v3arch.asyncio.CommunityData("public", mpModel=0)  # S508
    |
 
+
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:22:58
    |
@@ -75,6 +68,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 24 | pysnmp.hlapi.v3arch.CommunityData("public", mpModel=0)  # S508
    |
 
+
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:23:53
    |
@@ -86,6 +80,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 25 | pysnmp.hlapi.auth.CommunityData("public", mpModel=0)  # S508
    |
 
+
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:24:45
    |
@@ -96,6 +91,7 @@ S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
 25 | pysnmp.hlapi.auth.CommunityData("public", mpModel=0)  # S508
    |
 
+
 S508 The use of SNMPv1 and SNMPv2 is insecure. Use SNMPv3 if able.
   --> S508.py:25:43
    |

crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__preview__S509_S509.py.snap

@@ -1,24 +1,15 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
 ---
-S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
- --> S509.py:4:12
-  |
-4 | insecure = UsmUserData("securityName")  # S509
-  |            ^^^^^^^^^^^
-5 | auth_no_priv = UsmUserData("securityName", "authName")  # S509
-  |
+--- Linter settings ---
+-linter.preview = disabled
++linter.preview = enabled
 
-S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
- --> S509.py:5:16
-  |
-4 | insecure = UsmUserData("securityName")  # S509
-5 | auth_no_priv = UsmUserData("securityName", "authName")  # S509
-  |                ^^^^^^^^^^^
-6 |
-7 | less_insecure = UsmUserData("securityName", "authName", "privName")  # OK
-  |
+--- Summary ---
+Removed: 0
+Added: 4
 
+--- Added ---
 S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
   --> S509.py:15:1
    |
@@ -30,6 +21,7 @@ S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv`
 17 | pysnmp.hlapi.v3arch.asyncio.auth.UsmUserData("user")  # S509
    |
 
+
 S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
   --> S509.py:16:1
    |
@@ -40,6 +32,7 @@ S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv`
 18 | pysnmp.hlapi.auth.UsmUserData("user")  # S509
    |
 
+
 S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
   --> S509.py:17:1
    |
@@ -50,6 +43,7 @@ S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv`
 18 | pysnmp.hlapi.auth.UsmUserData("user")  # S509
    |
 
+
 S509 You should not use SNMPv3 without encryption. `noAuthNoPriv` & `authNoPriv` is insecure.
   --> S509.py:18:1
    |

crates/ruff_linter/src/rules/flake8_boolean_trap/rules/boolean_default_value_positional_argument.rs

@@ -25,6 +25,11 @@ use crate::rules::flake8_boolean_trap::helpers::is_allowed_func_def;
 /// keyword-only argument, to force callers to be explicit when providing
 /// the argument.
 ///
+/// This rule exempts methods decorated with [`@typing.override`][override],
+/// since changing the signature of a subclass method that overrides a
+/// superclass method may cause type checkers to complain about a violation of
+/// the Liskov Substitution Principle.
+///
 /// ## Example
 /// ```python
 /// from math import ceil, floor
@@ -89,6 +94,8 @@ use crate::rules::flake8_boolean_trap::helpers::is_allowed_func_def;
 /// ## References
 /// - [Python documentation: Calls](https://docs.python.org/3/reference/expressions.html#calls)
 /// - [_How to Avoid “The Boolean Trap”_ by Adam Johnson](https://adamj.eu/tech/2021/07/10/python-type-hints-how-to-avoid-the-boolean-trap/)
+///
+/// [override]: https://docs.python.org/3/library/typing.html#typing.override
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.127")]
 pub(crate) struct BooleanDefaultValuePositionalArgument;

crates/ruff_linter/src/rules/flake8_boolean_trap/rules/boolean_type_hint_positional_argument.rs

@@ -28,7 +28,7 @@ use crate::rules::flake8_boolean_trap::helpers::is_allowed_func_def;
 /// the argument.
 ///
 /// Dunder methods that define operators are exempt from this rule, as are
-/// setters and `@override` definitions.
+/// setters and [`@override`][override] definitions.
 ///
 /// ## Example
 ///
@@ -93,6 +93,8 @@ use crate::rules::flake8_boolean_trap::helpers::is_allowed_func_def;
 /// ## References
 /// - [Python documentation: Calls](https://docs.python.org/3/reference/expressions.html#calls)
 /// - [_How to Avoid “The Boolean Trap”_ by Adam Johnson](https://adamj.eu/tech/2021/07/10/python-type-hints-how-to-avoid-the-boolean-trap/)
+///
+/// [override]: https://docs.python.org/3/library/typing.html#typing.override
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.127")]
 pub(crate) struct BooleanTypeHintPositionalArgument;

crates/ruff_linter/src/rules/flake8_builtins/rules/builtin_argument_shadowing.rs

@@ -17,6 +17,8 @@ use crate::rules::flake8_builtins::helpers::shadows_builtin;
 /// non-obvious errors, as readers may mistake the argument for the
 /// builtin and vice versa.
 ///
+/// Function definitions decorated with [`@override`][override] or
+/// [`@overload`][overload] are exempt from this rule by default.
 /// Builtins can be marked as exceptions to this rule via the
 /// [`lint.flake8-builtins.ignorelist`] configuration option.
 ///
@@ -48,6 +50,9 @@ use crate::rules::flake8_builtins::helpers::shadows_builtin;
 /// ## References
 /// - [_Is it bad practice to use a built-in function name as an attribute or method identifier?_](https://stackoverflow.com/questions/9109333/is-it-bad-practice-to-use-a-built-in-function-name-as-an-attribute-or-method-ide)
 /// - [_Why is it a bad idea to name a variable `id` in Python?_](https://stackoverflow.com/questions/77552/id-is-a-bad-variable-name-in-python)
+///
+/// [override]: https://docs.python.org/3/library/typing.html#typing.override
+/// [overload]: https://docs.python.org/3/library/typing.html#typing.overload
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.48")]
 pub(crate) struct BuiltinArgumentShadowing {

crates/ruff_linter/src/rules/flake8_pie/rules/unnecessary_placeholder.rs

@@ -1,8 +1,6 @@
 use ruff_macros::{ViolationMetadata, derive_message_formats};
-use ruff_python_ast::helpers::map_subscript;
 use ruff_python_ast::whitespace::trailing_comment_start_offset;
 use ruff_python_ast::{Expr, ExprStringLiteral, Stmt, StmtExpr};
-use ruff_python_semantic::{ScopeKind, SemanticModel};
 use ruff_text_size::Ranged;
 
 use crate::checkers::ast::Checker;
@@ -101,7 +99,7 @@ pub(crate) fn unnecessary_placeholder(checker: &Checker, body: &[Stmt]) {
                 // Ellipses are significant in protocol methods and abstract methods.
                 // Specifically, Pyright uses the presence of an ellipsis to indicate that
                 // a method is a stub, rather than a default implementation.
-                if in_protocol_or_abstract_method(checker.semantic()) {
+                if checker.semantic().in_protocol_or_abstract_method() {
                     return;
                 }
                 Placeholder::Ellipsis
@@ -163,21 +161,3 @@ impl std::fmt::Display for Placeholder {
         }
     }
 }
-
-/// Return `true` if the [`SemanticModel`] is in a `typing.Protocol` subclass or an abstract
-/// method.
-fn in_protocol_or_abstract_method(semantic: &SemanticModel) -> bool {
-    semantic.current_scopes().any(|scope| match scope.kind {
-        ScopeKind::Class(class_def) => class_def
-            .bases()
-            .iter()
-            .any(|base| semantic.match_typing_expr(map_subscript(base), "Protocol")),
-        ScopeKind::Function(function_def) => {
-            ruff_python_semantic::analyze::visibility::is_abstract(
-                &function_def.decorator_list,
-                semantic,
-            )
-        }
-        _ => false,
-    })
-}

crates/ruff_linter/src/rules/flake8_simplify/snapshots/ruff_linter__rules__flake8_simplify__tests__SIM222_SIM222.py.snap

@@ -1144,3 +1144,23 @@ help: Replace with `(i for i in range(1))`
 208 | # https://github.com/astral-sh/ruff/issues/21136
 209 | def get_items():
 note: This is an unsafe fix and may change runtime behavior
+
+SIM222 [*] Use `True` instead of `... or True`
+   --> SIM222.py:222:1
+    |
+221 | # https://github.com/astral-sh/ruff/issues/21473
+222 | tuple("") or True  # SIM222
+    | ^^^^^^^^^^^^^^^^^
+223 | tuple(t"") or True  # OK
+224 | tuple(0) or True  # OK
+    |
+help: Replace with `True`
+219 | 
+220 | 
+221 | # https://github.com/astral-sh/ruff/issues/21473
+    - tuple("") or True  # SIM222
+222 + True  # SIM222
+223 | tuple(t"") or True  # OK
+224 | tuple(0) or True  # OK
+225 | tuple(1) or True  # OK
+note: This is an unsafe fix and may change runtime behavior

crates/ruff_linter/src/rules/flake8_simplify/snapshots/ruff_linter__rules__flake8_simplify__tests__SIM223_SIM223.py.snap

@@ -1025,3 +1025,23 @@ help: Replace with `f"{''}{''}"`
 156 | 
 157 | 
 note: This is an unsafe fix and may change runtime behavior
+
+SIM223 [*] Use `tuple("")` instead of `tuple("") and ...`
+   --> SIM223.py:163:1
+    |
+162 | # https://github.com/astral-sh/ruff/issues/21473
+163 | tuple("") and False  # SIM223
+    | ^^^^^^^^^^^^^^^^^^^
+164 | tuple(t"") and False  # OK
+165 | tuple(0) and False  # OK
+    |
+help: Replace with `tuple("")`
+160 | 
+161 | 
+162 | # https://github.com/astral-sh/ruff/issues/21473
+    - tuple("") and False  # SIM223
+163 + tuple("")  # SIM223
+164 | tuple(t"") and False  # OK
+165 | tuple(0) and False  # OK
+166 | tuple(1) and False  # OK
+note: This is an unsafe fix and may change runtime behavior

crates/ruff_linter/src/rules/flake8_unused_arguments/rules/unused_arguments.rs

@@ -60,6 +60,16 @@ impl Violation for UnusedFunctionArgument {
 /// prefixed with an underscore, or some other value that adheres to the
 /// [`lint.dummy-variable-rgx`] pattern.
 ///
+/// This rule exempts methods decorated with [`@typing.override`][override].
+/// Removing a parameter from a subclass method (or changing a parameter's
+/// name) may cause type checkers to complain about a violation of the Liskov
+/// Substitution Principle if it means that the method now incompatibly
+/// overrides a method defined on a superclass. Explicitly decorating an
+/// overriding method with `@override` signals to Ruff that the method is
+/// intended to override a superclass method and that a type checker will
+/// enforce that it does so; Ruff therefore knows that it should not enforce
+/// rules about unused arguments on such methods.
+///
 /// ## Example
 /// ```python
 /// class Class:
@@ -76,6 +86,8 @@ impl Violation for UnusedFunctionArgument {
 ///
 /// ## Options
 /// - `lint.dummy-variable-rgx`
+///
+/// [override]: https://docs.python.org/3/library/typing.html#typing.override
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.168")]
 pub(crate) struct UnusedMethodArgument {
@@ -101,6 +113,16 @@ impl Violation for UnusedMethodArgument {
 /// prefixed with an underscore, or some other value that adheres to the
 /// [`lint.dummy-variable-rgx`] pattern.
 ///
+/// This rule exempts methods decorated with [`@typing.override`][override].
+/// Removing a parameter from a subclass method (or changing a parameter's
+/// name) may cause type checkers to complain about a violation of the Liskov
+/// Substitution Principle if it means that the method now incompatibly
+/// overrides a method defined on a superclass. Explicitly decorating an
+/// overriding method with `@override` signals to Ruff that the method is
+/// intended to override a superclass method and that a type checker will
+/// enforce that it does so; Ruff therefore knows that it should not enforce
+/// rules about unused arguments on such methods.
+///
 /// ## Example
 /// ```python
 /// class Class:
@@ -119,6 +141,8 @@ impl Violation for UnusedMethodArgument {
 ///
 /// ## Options
 /// - `lint.dummy-variable-rgx`
+///
+/// [override]: https://docs.python.org/3/library/typing.html#typing.override
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.168")]
 pub(crate) struct UnusedClassMethodArgument {
@@ -144,6 +168,16 @@ impl Violation for UnusedClassMethodArgument {
 /// prefixed with an underscore, or some other value that adheres to the
 /// [`lint.dummy-variable-rgx`] pattern.
 ///
+/// This rule exempts methods decorated with [`@typing.override`][override].
+/// Removing a parameter from a subclass method (or changing a parameter's
+/// name) may cause type checkers to complain about a violation of the Liskov
+/// Substitution Principle if it means that the method now incompatibly
+/// overrides a method defined on a superclass. Explicitly decorating an
+/// overriding method with `@override` signals to Ruff that the method is
+/// intended to override a superclass method, and that a type checker will
+/// enforce that it does so; Ruff therefore knows that it should not enforce
+/// rules about unused arguments on such methods.
+///
 /// ## Example
 /// ```python
 /// class Class:
@@ -162,6 +196,8 @@ impl Violation for UnusedClassMethodArgument {
 ///
 /// ## Options
 /// - `lint.dummy-variable-rgx`
+///
+/// [override]: https://docs.python.org/3/library/typing.html#typing.override
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.168")]
 pub(crate) struct UnusedStaticMethodArgument {

crates/ruff_linter/src/rules/flake8_use_pathlib/helpers.rs

@@ -57,7 +57,7 @@ pub(crate) fn check_os_pathlib_single_arg_calls(
     fn_argument: &str,
     fix_enabled: bool,
     violation: impl Violation,
-    applicability: Option<Applicability>,
+    applicability: Applicability,
 ) {
     if call.arguments.len() != 1 {
         return;
@@ -91,18 +91,14 @@ pub(crate) fn check_os_pathlib_single_arg_calls(
 
         let edit = Edit::range_replacement(replacement, range);
 
-        let fix = match applicability {
-            Some(Applicability::Unsafe) => Fix::unsafe_edits(edit, [import_edit]),
-            _ => {
-                let applicability = if checker.comment_ranges().intersects(range) {
-                    Applicability::Unsafe
-                } else {
-                    Applicability::Safe
-                };
-                Fix::applicable_edits(edit, [import_edit], applicability)
-            }
+        let applicability = match applicability {
+            Applicability::DisplayOnly => Applicability::DisplayOnly,
+            _ if checker.comment_ranges().intersects(range) => Applicability::Unsafe,
+            _ => applicability,
         };
 
+        let fix = Fix::applicable_edits(edit, [import_edit], applicability);
+
         Ok(fix)
     });
 }
@@ -138,6 +134,7 @@ pub(crate) fn is_file_descriptor(expr: &Expr, semantic: &SemanticModel) -> bool
     typing::is_int(binding, semantic)
 }
 
+#[expect(clippy::too_many_arguments)]
 pub(crate) fn check_os_pathlib_two_arg_calls(
     checker: &Checker,
     call: &ExprCall,
@@ -146,6 +143,7 @@ pub(crate) fn check_os_pathlib_two_arg_calls(
     second_arg: &str,
     fix_enabled: bool,
     violation: impl Violation,
+    applicability: Applicability,
 ) {
     let range = call.range();
     let mut diagnostic = checker.report_diagnostic(violation, call.func.range());
@@ -174,10 +172,10 @@ pub(crate) fn check_os_pathlib_two_arg_calls(
                 format!("{binding}({path_code}).{attr}({second_code})")
             };
 
-            let applicability = if checker.comment_ranges().intersects(range) {
-                Applicability::Unsafe
-            } else {
-                Applicability::Safe
+            let applicability = match applicability {
+                Applicability::DisplayOnly => Applicability::DisplayOnly,
+                _ if checker.comment_ranges().intersects(range) => Applicability::Unsafe,
+                _ => applicability,
             };
 
             Ok(Fix::applicable_edits(
@@ -209,3 +207,9 @@ pub(crate) fn is_argument_non_default(arguments: &Arguments, name: &str, positio
         .find_argument_value(name, position)
         .is_some_and(|expr| !expr.is_none_literal_expr())
 }
+
+/// Returns `true` if the given call is a top-level expression in its statement.
+/// This means the call's return value is not used, so return type changes don't matter.
+pub(crate) fn is_top_level_expression_call(checker: &Checker) -> bool {
+    checker.semantic().current_expression_parent().is_none()
+}

crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_getcwd.rs

@@ -1,12 +1,14 @@
-use crate::checkers::ast::Checker;
-use crate::importer::ImportRequest;
-use crate::preview::is_fix_os_getcwd_enabled;
-use crate::{FixAvailability, Violation};
 use ruff_diagnostics::{Applicability, Edit, Fix};
 use ruff_macros::{ViolationMetadata, derive_message_formats};
 use ruff_python_ast::ExprCall;
 use ruff_text_size::Ranged;
 
+use crate::checkers::ast::Checker;
+use crate::importer::ImportRequest;
+use crate::preview::is_fix_os_getcwd_enabled;
+use crate::rules::flake8_use_pathlib::helpers::is_top_level_expression_call;
+use crate::{FixAvailability, Violation};
+
 /// ## What it does
 /// Checks for uses of `os.getcwd` and `os.getcwdb`.
 ///
@@ -37,6 +39,8 @@ use ruff_text_size::Ranged;
 ///
 /// ## Fix Safety
 /// This rule's fix is marked as unsafe if the replacement would remove comments attached to the original expression.
+/// Additionally, the fix is marked as unsafe when the return value is used because the type changes
+/// from `str` or `bytes` to a `Path` object.
 ///
 /// ## References
 /// - [Python documentation: `Path.cwd`](https://docs.python.org/3/library/pathlib.html#pathlib.Path.cwd)
@@ -83,7 +87,10 @@ pub(crate) fn os_getcwd(checker: &Checker, call: &ExprCall, segments: &[&str]) {
                 checker.semantic(),
             )?;
 
-            let applicability = if checker.comment_ranges().intersects(range) {
+            // Unsafe when the fix would delete comments or change a used return value
+            let applicability = if checker.comment_ranges().intersects(range)
+                || !is_top_level_expression_call(checker)
+            {
                 Applicability::Unsafe
             } else {
                 Applicability::Safe

crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_path_abspath.rs

@@ -45,6 +45,10 @@ use crate::{FixAvailability, Violation};
 /// behaviors is required, there's no existing `pathlib` alternative. See CPython issue
 /// [#69200](https://github.com/python/cpython/issues/69200).
 ///
+/// Additionally, the fix is marked as unsafe because `os.path.abspath()` returns `str` or `bytes` (`AnyStr`),
+/// while `Path.resolve()` returns a `Path` object. This change in return type can break code that uses
+/// the return value.
+///
 /// ## References
 /// - [Python documentation: `Path.resolve`](https://docs.python.org/3/library/pathlib.html#pathlib.Path.resolve)
 /// - [Python documentation: `os.path.abspath`](https://docs.python.org/3/library/os.path.html#os.path.abspath)
@@ -85,6 +89,6 @@ pub(crate) fn os_path_abspath(checker: &Checker, call: &ExprCall, segments: &[&s
         "path",
         is_fix_os_path_abspath_enabled(checker.settings()),
         OsPathAbspath,
-        Some(Applicability::Unsafe),
+        Applicability::Unsafe,
     );
 }

crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_path_basename.rs

@@ -82,6 +82,6 @@ pub(crate) fn os_path_basename(checker: &Checker, call: &ExprCall, segments: &[&
         "p",
         is_fix_os_path_basename_enabled(checker.settings()),
         OsPathBasename,
-        Some(Applicability::Unsafe),
+        Applicability::Unsafe,
     );
 }

crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_path_dirname.rs

@@ -42,6 +42,10 @@ use crate::{FixAvailability, Violation};
 /// As a result, code relying on the exact string returned by `os.path.dirname`
 /// may behave differently after the fix.
 ///
+/// Additionally, the fix is marked as unsafe because `os.path.dirname()` returns `str` or `bytes` (`AnyStr`),
+/// while `Path.parent` returns a `Path` object. This change in return type can break code that uses
+/// the return value.
+///
 /// ## Known issues
 /// While using `pathlib` can improve the readability and type safety of your code,
 /// it can be less performant than the lower-level alternatives that work directly with strings,
@@ -82,6 +86,6 @@ pub(crate) fn os_path_dirname(checker: &Checker, call: &ExprCall, segments: &[&s
         "p",
         is_fix_os_path_dirname_enabled(checker.settings()),
         OsPathDirname,
-        Some(Applicability::Unsafe),
+        Applicability::Unsafe,
     );
 }

crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_path_exists.rs

@@ -1,3 +1,4 @@
+use ruff_diagnostics::Applicability;
 use ruff_macros::{ViolationMetadata, derive_message_formats};
 use ruff_python_ast::ExprCall;
 
@@ -72,6 +73,6 @@ pub(crate) fn os_path_exists(checker: &Checker, call: &ExprCall, segments: &[&st
         "path",
         is_fix_os_path_exists_enabled(checker.settings()),
         OsPathExists,
-        None,
+        Applicability::Safe,
     );
 }

crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_path_expanduser.rs

@@ -41,6 +41,10 @@ use crate::{FixAvailability, Violation};
 /// directory can't be resolved: `os.path.expanduser` returns the
 /// input unchanged, while `Path.expanduser` raises `RuntimeError`.
 ///
+/// Additionally, the fix is marked as unsafe because `os.path.expanduser()` returns `str` or `bytes` (`AnyStr`),
+/// while `Path.expanduser()` returns a `Path` object. This change in return type can break code that uses
+/// the return value.
+///
 /// ## References
 /// - [Python documentation: `Path.expanduser`](https://docs.python.org/3/library/pathlib.html#pathlib.Path.expanduser)
 /// - [Python documentation: `os.path.expanduser`](https://docs.python.org/3/library/os.path.html#os.path.expanduser)
@@ -76,6 +80,6 @@ pub(crate) fn os_path_expanduser(checker: &Checker, call: &ExprCall, segments: &
         "path",
         is_fix_os_path_expanduser_enabled(checker.settings()),
         OsPathExpanduser,
-        Some(Applicability::Unsafe),
+        Applicability::Unsafe,
     );
 }

crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_path_getatime.rs

@@ -1,3 +1,4 @@
+use ruff_diagnostics::Applicability;
 use ruff_macros::{ViolationMetadata, derive_message_formats};
 use ruff_python_ast::ExprCall;
 
@@ -75,6 +76,6 @@ pub(crate) fn os_path_getatime(checker: &Checker, call: &ExprCall, segments: &[&
         "filename",
         is_fix_os_path_getatime_enabled(checker.settings()),
         OsPathGetatime,
-        None,
+        Applicability::Safe,
     );
 }

crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_path_getctime.rs

@@ -1,3 +1,4 @@
+use ruff_diagnostics::Applicability;
 use ruff_macros::{ViolationMetadata, derive_message_formats};
 use ruff_python_ast::ExprCall;
 
@@ -76,6 +77,6 @@ pub(crate) fn os_path_getctime(checker: &Checker, call: &ExprCall, segments: &[&
         "filename",
         is_fix_os_path_getctime_enabled(checker.settings()),
         OsPathGetctime,
-        None,
+        Applicability::Safe,
     );
 }

crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_path_getmtime.rs

@@ -1,3 +1,4 @@
+use ruff_diagnostics::Applicability;
 use ruff_macros::{ViolationMetadata, derive_message_formats};
 use ruff_python_ast::ExprCall;
 
@@ -76,6 +77,6 @@ pub(crate) fn os_path_getmtime(checker: &Checker, call: &ExprCall, segments: &[&
         "filename",
         is_fix_os_path_getmtime_enabled(checker.settings()),
         OsPathGetmtime,
-        None,
+        Applicability::Safe,
     );
 }

crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_path_getsize.rs

@@ -1,3 +1,4 @@
+use ruff_diagnostics::Applicability;
 use ruff_macros::{ViolationMetadata, derive_message_formats};
 use ruff_python_ast::ExprCall;
 
@@ -76,6 +77,6 @@ pub(crate) fn os_path_getsize(checker: &Checker, call: &ExprCall, segments: &[&s
         "filename",
         is_fix_os_path_getsize_enabled(checker.settings()),
         OsPathGetsize,
-        None,
+        Applicability::Safe,
     );
 }

crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_path_isabs.rs

@@ -1,3 +1,4 @@
+use ruff_diagnostics::Applicability;
 use ruff_macros::{ViolationMetadata, derive_message_formats};
 use ruff_python_ast::ExprCall;
 
@@ -71,6 +72,6 @@ pub(crate) fn os_path_isabs(checker: &Checker, call: &ExprCall, segments: &[&str
         "s",
         is_fix_os_path_isabs_enabled(checker.settings()),
         OsPathIsabs,
-        None,
+        Applicability::Safe,
     );
 }

crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_path_isdir.rs

@@ -1,3 +1,4 @@
+use ruff_diagnostics::Applicability;
 use ruff_macros::{ViolationMetadata, derive_message_formats};
 use ruff_python_ast::ExprCall;
 
@@ -73,6 +74,6 @@ pub(crate) fn os_path_isdir(checker: &Checker, call: &ExprCall, segments: &[&str
         "s",
         is_fix_os_path_isdir_enabled(checker.settings()),
         OsPathIsdir,
-        None,
+        Applicability::Safe,
     );
 }

crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_path_isfile.rs

@@ -1,3 +1,4 @@
+use ruff_diagnostics::Applicability;
 use ruff_macros::{ViolationMetadata, derive_message_formats};
 use ruff_python_ast::ExprCall;
 
@@ -73,6 +74,6 @@ pub(crate) fn os_path_isfile(checker: &Checker, call: &ExprCall, segments: &[&st
         "path",
         is_fix_os_path_isfile_enabled(checker.settings()),
         OsPathIsfile,
-        None,
+        Applicability::Safe,
     );
 }

crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_path_islink.rs

@@ -1,3 +1,4 @@
+use ruff_diagnostics::Applicability;
 use ruff_macros::{ViolationMetadata, derive_message_formats};
 use ruff_python_ast::ExprCall;
 
@@ -73,6 +74,6 @@ pub(crate) fn os_path_islink(checker: &Checker, call: &ExprCall, segments: &[&st
         "path",
         is_fix_os_path_islink_enabled(checker.settings()),
         OsPathIslink,
-        None,
+        Applicability::Safe,
     );
 }

crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_path_samefile.rs

@@ -1,11 +1,13 @@
+use ruff_diagnostics::Applicability;
+use ruff_macros::{ViolationMetadata, derive_message_formats};
+use ruff_python_ast::ExprCall;
+
 use crate::checkers::ast::Checker;
 use crate::preview::is_fix_os_path_samefile_enabled;
 use crate::rules::flake8_use_pathlib::helpers::{
     check_os_pathlib_two_arg_calls, has_unknown_keywords_or_starred_expr,
 };
 use crate::{FixAvailability, Violation};
-use ruff_macros::{ViolationMetadata, derive_message_formats};
-use ruff_python_ast::ExprCall;
 
 /// ## What it does
 /// Checks for uses of `os.path.samefile`.
@@ -79,5 +81,6 @@ pub(crate) fn os_path_samefile(checker: &Checker, call: &ExprCall, segments: &[&
         "f2",
         fix_enabled,
         OsPathSamefile,
+        Applicability::Safe,
     );
 }

crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_readlink.rs

@@ -1,3 +1,4 @@
+use ruff_diagnostics::Applicability;
 use ruff_macros::{ViolationMetadata, derive_message_formats};
 use ruff_python_ast::{ExprCall, PythonVersion};
 
@@ -5,6 +6,7 @@ use crate::checkers::ast::Checker;
 use crate::preview::is_fix_os_readlink_enabled;
 use crate::rules::flake8_use_pathlib::helpers::{
     check_os_pathlib_single_arg_calls, is_keyword_only_argument_non_default,
+    is_top_level_expression_call,
 };
 use crate::{FixAvailability, Violation};
 
@@ -38,6 +40,8 @@ use crate::{FixAvailability, Violation};
 ///
 /// ## Fix Safety
 /// This rule's fix is marked as unsafe if the replacement would remove comments attached to the original expression.
+/// Additionally, the fix is marked as unsafe when the return value is used because the type changes
+/// from `str` or `bytes` (`AnyStr`) to a `Path` object.
 ///
 /// ## References
 /// - [Python documentation: `Path.readlink`](https://docs.python.org/3/library/pathlib.html#pathlib.Path.readline)
@@ -82,6 +86,13 @@ pub(crate) fn os_readlink(checker: &Checker, call: &ExprCall, segments: &[&str])
         return;
     }
 
+    let applicability = if !is_top_level_expression_call(checker) {
+        // Unsafe because the return type changes (str/bytes -> Path)
+        Applicability::Unsafe
+    } else {
+        Applicability::Safe
+    };
+
     check_os_pathlib_single_arg_calls(
         checker,
         call,
@@ -89,6 +100,6 @@ pub(crate) fn os_readlink(checker: &Checker, call: &ExprCall, segments: &[&str])
         "path",
         is_fix_os_readlink_enabled(checker.settings()),
         OsReadlink,
-        None,
+        applicability,
     );
 }

crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_remove.rs

@@ -1,3 +1,4 @@
+use ruff_diagnostics::Applicability;
 use ruff_macros::{ViolationMetadata, derive_message_formats};
 use ruff_python_ast::ExprCall;
 
@@ -84,6 +85,6 @@ pub(crate) fn os_remove(checker: &Checker, call: &ExprCall, segments: &[&str]) {
         "path",
         is_fix_os_remove_enabled(checker.settings()),
         OsRemove,
-        None,
+        Applicability::Safe,
     );
 }

crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_rename.rs

@@ -1,12 +1,14 @@
+use ruff_diagnostics::Applicability;
+use ruff_macros::{ViolationMetadata, derive_message_formats};
+use ruff_python_ast::ExprCall;
+
 use crate::checkers::ast::Checker;
 use crate::preview::is_fix_os_rename_enabled;
 use crate::rules::flake8_use_pathlib::helpers::{
     check_os_pathlib_two_arg_calls, has_unknown_keywords_or_starred_expr,
-    is_keyword_only_argument_non_default,
+    is_keyword_only_argument_non_default, is_top_level_expression_call,
 };
 use crate::{FixAvailability, Violation};
-use ruff_macros::{ViolationMetadata, derive_message_formats};
-use ruff_python_ast::ExprCall;
 
 /// ## What it does
 /// Checks for uses of `os.rename`.
@@ -38,6 +40,8 @@ use ruff_python_ast::ExprCall;
 ///
 /// ## Fix Safety
 /// This rule's fix is marked as unsafe if the replacement would remove comments attached to the original expression.
+/// Additionally, the fix is marked as unsafe when the return value is used because the type changes
+/// from `None` to a `Path` object.
 ///
 /// ## References
 /// - [Python documentation: `Path.rename`](https://docs.python.org/3/library/pathlib.html#pathlib.Path.rename)
@@ -87,5 +91,22 @@ pub(crate) fn os_rename(checker: &Checker, call: &ExprCall, segments: &[&str]) {
             &["src", "dst", "src_dir_fd", "dst_dir_fd"],
         );
 
-    check_os_pathlib_two_arg_calls(checker, call, "rename", "src", "dst", fix_enabled, OsRename);
+    // Unsafe when the fix would delete comments or change a used return value
+    let applicability = if !is_top_level_expression_call(checker) {
+        // Unsafe because the return type changes (None -> Path)
+        Applicability::Unsafe
+    } else {
+        Applicability::Safe
+    };
+
+    check_os_pathlib_two_arg_calls(
+        checker,
+        call,
+        "rename",
+        "src",
+        "dst",
+        fix_enabled,
+        OsRename,
+        applicability,
+    );
 }

crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_replace.rs

@@ -1,12 +1,14 @@
+use ruff_diagnostics::Applicability;
+use ruff_macros::{ViolationMetadata, derive_message_formats};
+use ruff_python_ast::ExprCall;
+
 use crate::checkers::ast::Checker;
 use crate::preview::is_fix_os_replace_enabled;
 use crate::rules::flake8_use_pathlib::helpers::{
     check_os_pathlib_two_arg_calls, has_unknown_keywords_or_starred_expr,
-    is_keyword_only_argument_non_default,
+    is_keyword_only_argument_non_default, is_top_level_expression_call,
 };
 use crate::{FixAvailability, Violation};
-use ruff_macros::{ViolationMetadata, derive_message_formats};
-use ruff_python_ast::ExprCall;
 
 /// ## What it does
 /// Checks for uses of `os.replace`.
@@ -41,6 +43,8 @@ use ruff_python_ast::ExprCall;
 ///
 /// ## Fix Safety
 /// This rule's fix is marked as unsafe if the replacement would remove comments attached to the original expression.
+/// Additionally, the fix is marked as unsafe when the return value is used because the type changes
+/// from `None` to a `Path` object.
 ///
 /// ## References
 /// - [Python documentation: `Path.replace`](https://docs.python.org/3/library/pathlib.html#pathlib.Path.replace)
@@ -90,6 +94,14 @@ pub(crate) fn os_replace(checker: &Checker, call: &ExprCall, segments: &[&str])
             &["src", "dst", "src_dir_fd", "dst_dir_fd"],
         );
 
+    // Unsafe when the fix would delete comments or change a used return value
+    let applicability = if !is_top_level_expression_call(checker) {
+        // Unsafe because the return type changes (None -> Path)
+        Applicability::Unsafe
+    } else {
+        Applicability::Safe
+    };
+
     check_os_pathlib_two_arg_calls(
         checker,
         call,
@@ -98,5 +110,6 @@ pub(crate) fn os_replace(checker: &Checker, call: &ExprCall, segments: &[&str])
         "dst",
         fix_enabled,
         OsReplace,
+        applicability,
     );
 }

crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_rmdir.rs

@@ -1,3 +1,4 @@
+use ruff_diagnostics::Applicability;
 use ruff_macros::{ViolationMetadata, derive_message_formats};
 use ruff_python_ast::ExprCall;
 
@@ -84,6 +85,6 @@ pub(crate) fn os_rmdir(checker: &Checker, call: &ExprCall, segments: &[&str]) {
         "path",
         is_fix_os_rmdir_enabled(checker.settings()),
         OsRmdir,
-        None,
+        Applicability::Safe,
     );
 }

crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_unlink.rs

@@ -1,3 +1,4 @@
+use ruff_diagnostics::Applicability;
 use ruff_macros::{ViolationMetadata, derive_message_formats};
 use ruff_python_ast::ExprCall;
 
@@ -84,6 +85,6 @@ pub(crate) fn os_unlink(checker: &Checker, call: &ExprCall, segments: &[&str]) {
         "path",
         is_fix_os_unlink_enabled(checker.settings()),
         OsUnlink,
-        None,
+        Applicability::Safe,
     );
 }

crates/ruff_linter/src/rules/pep8_naming/rules/invalid_argument_name.rs

@@ -23,7 +23,7 @@ use crate::checkers::ast::Checker;
 /// > mixedCase is allowed only in contexts where that’s already the
 /// > prevailing style (e.g. threading.py), to retain backwards compatibility.
 ///
-/// Methods decorated with `@typing.override` are ignored.
+/// Methods decorated with [`@typing.override`][override] are ignored.
 ///
 /// ## Example
 /// ```python
@@ -43,6 +43,8 @@ use crate::checkers::ast::Checker;
 ///
 /// [PEP 8]: https://peps.python.org/pep-0008/#function-and-method-arguments
 /// [preview]: https://docs.astral.sh/ruff/preview/
+///
+/// [override]: https://docs.python.org/3/library/typing.html#typing.override
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.77")]
 pub(crate) struct InvalidArgumentName {

crates/ruff_linter/src/rules/pep8_naming/rules/invalid_function_name.rs

@@ -24,6 +24,11 @@ use crate::rules::pep8_naming::settings::IgnoreNames;
 /// to ignore all functions starting with `test_` from this rule, set the
 /// [`lint.pep8-naming.extend-ignore-names`] option to `["test_*"]`.
 ///
+/// This rule exempts methods decorated with [`@typing.override`][override].
+/// Explicitly decorating a method with `@override` signals to Ruff that the method is intended
+/// to override a superclass method, and that a type checker will enforce that it does so. Ruff
+/// therefore knows that it should not enforce naming conventions on such methods.
+///
 /// ## Example
 /// ```python
 /// def myFunction():
@@ -41,6 +46,7 @@ use crate::rules::pep8_naming::settings::IgnoreNames;
 /// - `lint.pep8-naming.extend-ignore-names`
 ///
 /// [PEP 8]: https://peps.python.org/pep-0008/#function-and-variable-names
+/// [override]: https://docs.python.org/3/library/typing.html#typing.override
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.77")]
 pub(crate) struct InvalidFunctionName {

crates/ruff_linter/src/rules/pydocstyle/rules/not_missing.rs

@@ -169,7 +169,12 @@ impl Violation for UndocumentedPublicClass {
 /// If the codebase adheres to a standard format for method docstrings, follow
 /// that format for consistency.
 ///
+/// This rule exempts methods decorated with [`@typing.override`][override],
+/// since it is a common practice to document a method on a superclass but not
+/// on an overriding method in a subclass.
+///
 /// ## Example
+///
 /// ```python
 /// class Cat(Animal):
 ///     def greet(self, happy: bool = True):
@@ -180,6 +185,7 @@ impl Violation for UndocumentedPublicClass {
 /// ```
 ///
 /// Use instead (in the NumPy docstring format):
+///
 /// ```python
 /// class Cat(Animal):
 ///     def greet(self, happy: bool = True):
@@ -202,6 +208,7 @@ impl Violation for UndocumentedPublicClass {
 /// ```
 ///
 /// Or (in the Google docstring format):
+///
 /// ```python
 /// class Cat(Animal):
 ///     def greet(self, happy: bool = True):
@@ -227,6 +234,8 @@ impl Violation for UndocumentedPublicClass {
 /// - [PEP 287 – reStructuredText Docstring Format](https://peps.python.org/pep-0287/)
 /// - [NumPy Style Guide](https://numpydoc.readthedocs.io/en/latest/format.html)
 /// - [Google Python Style Guide - Docstrings](https://google.github.io/styleguide/pyguide.html#38-comments-and-docstrings)
+///
+/// [override]: https://docs.python.org/3/library/typing.html#typing.override
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.70")]
 pub(crate) struct UndocumentedPublicMethod;

crates/ruff_linter/src/rules/pylint/rules/bad_dunder_method_name.rs

@@ -21,7 +21,7 @@ use crate::rules::pylint::helpers::is_known_dunder_method;
 ///
 /// This rule will detect all methods starting and ending with at least
 /// one underscore (e.g., `_str_`), but ignores known dunder methods (like
-/// `__init__`), as well as methods that are marked with `@override`.
+/// `__init__`), as well as methods that are marked with [`@override`][override].
 ///
 /// Additional dunder methods names can be allowed via the
 /// [`lint.pylint.allow-dunder-method-names`] setting.
@@ -42,6 +42,8 @@ use crate::rules::pylint::helpers::is_known_dunder_method;
 ///
 /// ## Options
 /// - `lint.pylint.allow-dunder-method-names`
+///
+/// [override]: https://docs.python.org/3/library/typing.html#typing.override
 #[derive(ViolationMetadata)]
 #[violation_metadata(preview_since = "v0.0.285")]
 pub(crate) struct BadDunderMethodName {

crates/ruff_linter/src/rules/pylint/rules/no_self_use.rs

@@ -17,6 +17,16 @@ use crate::rules::flake8_unused_arguments::rules::is_not_implemented_stub_with_v
 /// Unused `self` parameters are usually a sign of a method that could be
 /// replaced by a function, class method, or static method.
 ///
+/// This rule exempts methods decorated with [`@typing.override`][override].
+/// Converting an instance method into a static method or class method may
+/// cause type checkers to complain about a violation of the Liskov
+/// Substitution Principle if it means that the method now incompatibly
+/// overrides a method defined on a superclass. Explicitly decorating an
+/// overriding method with `@override` signals to Ruff that the method is
+/// intended to override a superclass method and that a type checker will
+/// enforce that it does so; Ruff therefore knows that it should not enforce
+/// rules about unused `self` parameters on such methods.
+///
 /// ## Example
 /// ```python
 /// class Person:
@@ -38,6 +48,8 @@ use crate::rules::flake8_unused_arguments::rules::is_not_implemented_stub_with_v
 ///     def greeting():
 ///         print("Greetings friend!")
 /// ```
+///
+/// [override]: https://docs.python.org/3/library/typing.html#typing.override
 #[derive(ViolationMetadata)]
 #[violation_metadata(preview_since = "v0.0.286")]
 pub(crate) struct NoSelfUse {

crates/ruff_linter/src/rules/pylint/rules/too_many_arguments.rs

@@ -12,6 +12,16 @@ use crate::checkers::ast::Checker;
 /// By default, this rule allows up to five arguments, as configured by the
 /// [`lint.pylint.max-args`] option.
 ///
+/// This rule exempts methods decorated with [`@typing.override`][override].
+/// Changing the signature of a subclass method may cause type checkers to
+/// complain about a violation of the Liskov Substitution Principle if it
+/// means that the method now incompatibly overrides a method defined on a
+/// superclass. Explicitly decorating an overriding method with `@override`
+/// signals to Ruff that the method is intended to override a superclass
+/// method and that a type checker will enforce that it does so; Ruff
+/// therefore knows that it should not enforce rules about methods having
+/// too many arguments.
+///
 /// ## Why is this bad?
 /// Functions with many arguments are harder to understand, maintain, and call.
 /// Consider refactoring functions with many arguments into smaller functions
@@ -43,6 +53,8 @@ use crate::checkers::ast::Checker;
 ///
 /// ## Options
 /// - `lint.pylint.max-args`
+///
+/// [override]: https://docs.python.org/3/library/typing.html#typing.override
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.238")]
 pub(crate) struct TooManyArguments {

crates/ruff_linter/src/rules/pylint/rules/too_many_positional_arguments.rs

@@ -21,6 +21,16 @@ use crate::checkers::ast::Checker;
 /// with fewer arguments, using objects to group related arguments, or migrating to
 /// [keyword-only arguments](https://docs.python.org/3/tutorial/controlflow.html#special-parameters).
 ///
+/// This rule exempts methods decorated with [`@typing.override`][override].
+/// Changing the signature of a subclass method may cause type checkers to
+/// complain about a violation of the Liskov Substitution Principle if it
+/// means that the method now incompatibly overrides a method defined on a
+/// superclass. Explicitly decorating an overriding method with `@override`
+/// signals to Ruff that the method is intended to override a superclass
+/// method and that a type checker will enforce that it does so; Ruff
+/// therefore knows that it should not enforce rules about methods having
+/// too many arguments.
+///
 /// ## Example
 ///
 /// ```python
@@ -41,6 +51,8 @@ use crate::checkers::ast::Checker;
 ///
 /// ## Options
 /// - `lint.pylint.max-positional-args`
+///
+/// [override]: https://docs.python.org/3/library/typing.html#typing.override
 #[derive(ViolationMetadata)]
 #[violation_metadata(preview_since = "v0.1.7")]
 pub(crate) struct TooManyPositionalArguments {

crates/ruff_linter/src/rules/ruff/mod.rs

@@ -115,6 +115,7 @@ mod tests {
     #[test_case(Rule::NonOctalPermissions, Path::new("RUF064.py"))]
     #[test_case(Rule::LoggingEagerConversion, Path::new("RUF065_0.py"))]
     #[test_case(Rule::LoggingEagerConversion, Path::new("RUF065_1.py"))]
+    #[test_case(Rule::PropertyWithoutReturn, Path::new("RUF066.py"))]
     #[test_case(Rule::RedirectedNOQA, Path::new("RUF101_0.py"))]
     #[test_case(Rule::RedirectedNOQA, Path::new("RUF101_1.py"))]
     #[test_case(Rule::InvalidRuleCode, Path::new("RUF102.py"))]

crates/ruff_linter/src/rules/ruff/rules/mod.rs

@@ -35,6 +35,7 @@ pub(crate) use non_octal_permissions::*;
 pub(crate) use none_not_at_end_of_union::*;
 pub(crate) use parenthesize_chained_operators::*;
 pub(crate) use post_init_default::*;
+pub(crate) use property_without_return::*;
 pub(crate) use pytest_raises_ambiguous_pattern::*;
 pub(crate) use quadratic_list_summation::*;
 pub(crate) use redirected_noqa::*;
@@ -99,6 +100,7 @@ mod non_octal_permissions;
 mod none_not_at_end_of_union;
 mod parenthesize_chained_operators;
 mod post_init_default;
+mod property_without_return;
 mod pytest_raises_ambiguous_pattern;
 mod quadratic_list_summation;
 mod redirected_noqa;

crates/ruff_linter/src/rules/ruff/rules/property_without_return.rs

@@ -0,0 +1,119 @@
+use ruff_macros::{ViolationMetadata, derive_message_formats};
+use ruff_python_ast::identifier::Identifier;
+use ruff_python_ast::visitor::{Visitor, walk_expr, walk_stmt};
+use ruff_python_ast::{Expr, Stmt, StmtFunctionDef};
+use ruff_python_semantic::analyze::{function_type, visibility};
+
+use crate::checkers::ast::Checker;
+use crate::{FixAvailability, Violation};
+
+/// ## What it does
+/// Detects class `@property` methods that does not have a `return` statement.
+///
+/// ## Why is this bad?
+/// Property methods are expected to return a computed value, a missing return in a property usually indicates an implementation mistake.
+///
+/// ## Example
+/// ```python
+/// class User:
+///     @property
+///     def full_name(self):
+///         f"{self.first_name} {self.last_name}"
+/// ```
+///
+/// Use instead:
+/// ```python
+/// class User:
+///     @property
+///     def full_name(self):
+///         return f"{self.first_name} {self.last_name}"
+/// ```
+///
+/// ## References
+/// - [Python documentation: The property class](https://docs.python.org/3/library/functions.html#property)
+#[derive(ViolationMetadata)]
+#[violation_metadata(preview_since = "0.14.7")]
+pub(crate) struct PropertyWithoutReturn {
+    name: String,
+}
+
+impl Violation for PropertyWithoutReturn {
+    const FIX_AVAILABILITY: FixAvailability = FixAvailability::None;
+
+    #[derive_message_formats]
+    fn message(&self) -> String {
+        let Self { name } = self;
+        format!("`{name}` is a property without a `return` statement")
+    }
+}
+
+/// RUF066
+pub(crate) fn property_without_return(checker: &Checker, function_def: &StmtFunctionDef) {
+    let semantic = checker.semantic();
+
+    if checker.source_type.is_stub() || semantic.in_protocol_or_abstract_method() {
+        return;
+    }
+
+    let StmtFunctionDef {
+        decorator_list,
+        body,
+        name,
+        ..
+    } = function_def;
+
+    if !visibility::is_property(decorator_list, [], semantic)
+        || visibility::is_overload(decorator_list, semantic)
+        || function_type::is_stub(function_def, semantic)
+    {
+        return;
+    }
+
+    let mut visitor = PropertyVisitor::default();
+    visitor.visit_body(body);
+    if visitor.found {
+        return;
+    }
+
+    checker.report_diagnostic(
+        PropertyWithoutReturn {
+            name: name.to_string(),
+        },
+        function_def.identifier(),
+    );
+}
+
+#[derive(Default)]
+struct PropertyVisitor {
+    found: bool,
+}
+
+// NOTE: We are actually searching for the presence of
+// `yield`/`yield from`/`raise`/`return` statement/expression,
+// as having one of those indicates that there's likely no implementation mistake
+impl Visitor<'_> for PropertyVisitor {
+    fn visit_expr(&mut self, expr: &Expr) {
+        if self.found {
+            return;
+        }
+
+        match expr {
+            Expr::Yield(_) | Expr::YieldFrom(_) => self.found = true,
+            _ => walk_expr(self, expr),
+        }
+    }
+
+    fn visit_stmt(&mut self, stmt: &Stmt) {
+        if self.found {
+            return;
+        }
+
+        match stmt {
+            Stmt::Return(_) | Stmt::Raise(_) => self.found = true,
+            Stmt::FunctionDef(_) => {
+                // Do not recurse into nested functions; they're evaluated separately.
+            }
+            _ => walk_stmt(self, stmt),
+        }
+    }
+}

crates/ruff_linter/src/rules/ruff/snapshots/ruff_linter__rules__ruff__tests__RUF066_RUF066.py.snap

@@ -0,0 +1,31 @@
+---
+source: crates/ruff_linter/src/rules/ruff/mod.rs
+---
+RUF066 `name` is a property without a `return` statement
+ --> RUF066.py:7:9
+  |
+5 | class User:  # Test normal class properties
+6 |     @property
+7 |     def name(self):  # ERROR: No return
+  |         ^^^^
+8 |         f"{self.first_name} {self.last_name}"
+  |
+
+RUF066 `nested` is a property without a `return` statement
+  --> RUF066.py:18:9
+   |
+17 |     @property
+18 |     def nested(self):  # ERROR: Property itself doesn't return
+   |         ^^^^^^
+19 |         def inner():
+20 |             return 0
+   |
+
+RUF066 `prop2` is a property without a `return` statement
+  --> RUF066.py:43:9
+   |
+42 |     @property
+43 |     def prop2(self):  # ERROR: Not returning something (even when we are inside an ABC)
+   |         ^^^^^
+44 |         50
+   |

crates/ruff_python_ast/src/helpers.rs

@@ -1322,14 +1322,22 @@ impl Truthiness {
                             && arguments.keywords.is_empty()
                         {
                             // Ex) `list([1, 2, 3])`
-                            // For tuple(generator), we can't determine statically if the result will
-                            // be empty or not, so return Unknown. The generator itself is truthy, but
-                            // tuple(empty_generator) is falsy. ListComp and SetComp are handled by
-                            // recursing into Self::from_expr below, which returns Unknown for them.
-                            if argument.is_generator_expr() {
-                                Self::Unknown
-                            } else {
-                                Self::from_expr(argument, is_builtin)
+                            match argument {
+                                // Return Unknown for types with definite truthiness that might
+                                // result in empty iterables (t-strings and generators) or will
+                                // raise a type error (non-iterable types like numbers, booleans,
+                                // None, etc.).
+                                Expr::NumberLiteral(_)
+                                | Expr::BooleanLiteral(_)
+                                | Expr::NoneLiteral(_)
+                                | Expr::EllipsisLiteral(_)
+                                | Expr::TString(_)
+                                | Expr::Lambda(_)
+                                | Expr::Generator(_) => Self::Unknown,
+                                // Recurse for all other types - collections, comprehensions, variables, etc.
+                                // StringLiteral, FString, and BytesLiteral recurse because Self::from_expr
+                                // correctly handles their truthiness (checking if empty or not).
+                                _ => Self::from_expr(argument, is_builtin),
                             }
                         } else {
                             Self::Unknown

crates/ruff_python_ast/src/nodes.rs

@@ -773,10 +773,14 @@ pub trait StringFlags: Copy {
     }
 
     /// The total length of the string's closer.
-    /// This is always equal to `self.quote_len()`,
-    /// but is provided here for symmetry with the `opener_len()` method.
+    /// This is always equal to `self.quote_len()`, except when the string is unclosed,
+    /// in which case the length is zero.
     fn closer_len(self) -> TextSize {
-        self.quote_len()
+        if self.is_unclosed() {
+            TextSize::default()
+        } else {
+            self.quote_len()
+        }
     }
 
     fn as_any_string_flags(self) -> AnyStringFlags {

crates/ruff_python_formatter/CONTRIBUTING.md

@@ -74,7 +74,7 @@ def f():  # a
 The other option is to use the playground (also check the playground README):
 
 ```shell
-cd playground && npm install && npm run dev:wasm && npm run dev
+cd playground && npm ci --ignore-scripts && npm run dev:wasm && npm run dev
 ```
 
 Run`npm run dev:wasm` and reload the page in the browser to refresh.

crates/ruff_python_parser/resources/inline/err/ipython_help_escape_command_error_recovery_1.py

@@ -0,0 +1,3 @@
+# parse_options: {"mode": "ipython"}
+with (a, ?b)
+?

crates/ruff_python_parser/resources/inline/err/ipython_help_escape_command_error_recovery_2.py

@@ -0,0 +1,3 @@
+# parse_options: {"mode": "ipython"}
+with (a, ?b
+?

crates/ruff_python_parser/resources/inline/err/ipython_help_escape_command_error_recovery_3.py

@@ -0,0 +1,4 @@
+# parse_options: {"mode": "ipython"}
+with a, ?b
+?
+x = 1

crates/ruff_python_parser/src/parser/mod.rs

@@ -1115,7 +1115,27 @@ impl RecoveryContextKind {
                     TokenKind::Colon => Some(ListTerminatorKind::ErrorRecovery),
                     _ => None,
                 },
-                WithItemKind::Unparenthesized | WithItemKind::ParenthesizedExpression => p
+                // test_err ipython_help_escape_command_error_recovery_1
+                // # parse_options: {"mode": "ipython"}
+                // with (a, ?b)
+                // ?
+
+                // test_err ipython_help_escape_command_error_recovery_2
+                // # parse_options: {"mode": "ipython"}
+                // with (a, ?b
+                // ?
+
+                // test_err ipython_help_escape_command_error_recovery_3
+                // # parse_options: {"mode": "ipython"}
+                // with a, ?b
+                // ?
+                // x = 1
+                WithItemKind::Unparenthesized => matches!(
+                    p.current_token_kind(),
+                    TokenKind::Colon | TokenKind::Newline
+                )
+                .then_some(ListTerminatorKind::Regular),
+                WithItemKind::ParenthesizedExpression => p
                     .at(TokenKind::Colon)
                     .then_some(ListTerminatorKind::Regular),
             },

crates/ruff_python_parser/tests/snapshots/invalid_syntax@ipython_help_escape_command_error_recovery_1.py.snap

@@ -0,0 +1,84 @@
+---
+source: crates/ruff_python_parser/tests/fixtures.rs
+input_file: crates/ruff_python_parser/resources/inline/err/ipython_help_escape_command_error_recovery_1.py
+---
+## AST
+
+```
+Module(
+    ModModule {
+        node_index: NodeIndex(None),
+        range: 0..52,
+        body: [
+            With(
+                StmtWith {
+                    node_index: NodeIndex(None),
+                    range: 37..49,
+                    is_async: false,
+                    items: [
+                        WithItem {
+                            range: 43..44,
+                            node_index: NodeIndex(None),
+                            context_expr: Name(
+                                ExprName {
+                                    node_index: NodeIndex(None),
+                                    range: 43..44,
+                                    id: Name("a"),
+                                    ctx: Load,
+                                },
+                            ),
+                            optional_vars: None,
+                        },
+                        WithItem {
+                            range: 47..48,
+                            node_index: NodeIndex(None),
+                            context_expr: Name(
+                                ExprName {
+                                    node_index: NodeIndex(None),
+                                    range: 47..48,
+                                    id: Name("b"),
+                                    ctx: Load,
+                                },
+                            ),
+                            optional_vars: None,
+                        },
+                    ],
+                    body: [],
+                },
+            ),
+            IpyEscapeCommand(
+                StmtIpyEscapeCommand {
+                    node_index: NodeIndex(None),
+                    range: 50..51,
+                    kind: Help,
+                    value: "",
+                },
+            ),
+        ],
+    },
+)
+```
+## Errors
+
+  |
+1 | # parse_options: {"mode": "ipython"}
+2 | with (a, ?b)
+  |          ^ Syntax Error: Expected `,`, found `?`
+3 | ?
+  |
+
+
+  |
+1 | # parse_options: {"mode": "ipython"}
+2 | with (a, ?b)
+  |             ^ Syntax Error: Expected `:`, found newline
+3 | ?
+  |
+
+
+  |
+1 | # parse_options: {"mode": "ipython"}
+2 | with (a, ?b)
+3 | ?
+  | ^ Syntax Error: Expected an indented block after `with` statement
+  |

crates/ruff_python_parser/tests/snapshots/invalid_syntax@ipython_help_escape_command_error_recovery_2.py.snap

@@ -0,0 +1,80 @@
+---
+source: crates/ruff_python_parser/tests/fixtures.rs
+input_file: crates/ruff_python_parser/resources/inline/err/ipython_help_escape_command_error_recovery_2.py
+---
+## AST
+
+```
+Module(
+    ModModule {
+        node_index: NodeIndex(None),
+        range: 0..51,
+        body: [
+            With(
+                StmtWith {
+                    node_index: NodeIndex(None),
+                    range: 37..51,
+                    is_async: false,
+                    items: [
+                        WithItem {
+                            range: 42..51,
+                            node_index: NodeIndex(None),
+                            context_expr: Tuple(
+                                ExprTuple {
+                                    node_index: NodeIndex(None),
+                                    range: 42..51,
+                                    elts: [
+                                        Name(
+                                            ExprName {
+                                                node_index: NodeIndex(None),
+                                                range: 43..44,
+                                                id: Name("a"),
+                                                ctx: Load,
+                                            },
+                                        ),
+                                        Name(
+                                            ExprName {
+                                                node_index: NodeIndex(None),
+                                                range: 47..48,
+                                                id: Name("b"),
+                                                ctx: Load,
+                                            },
+                                        ),
+                                    ],
+                                    ctx: Load,
+                                    parenthesized: true,
+                                },
+                            ),
+                            optional_vars: None,
+                        },
+                    ],
+                    body: [],
+                },
+            ),
+        ],
+    },
+)
+```
+## Errors
+
+  |
+1 | # parse_options: {"mode": "ipython"}
+2 | with (a, ?b
+  |          ^ Syntax Error: Expected an expression or a ')'
+3 | ?
+  |
+
+
+  |
+1 | # parse_options: {"mode": "ipython"}
+2 | with (a, ?b
+3 | ?
+  | ^ Syntax Error: Expected `,`, found `?`
+  |
+
+
+  |
+2 | with (a, ?b
+3 | ?
+  |  ^ Syntax Error: unexpected EOF while parsing
+  |

crates/ruff_python_parser/tests/snapshots/invalid_syntax@ipython_help_escape_command_error_recovery_3.py.snap

@@ -0,0 +1,112 @@
+---
+source: crates/ruff_python_parser/tests/fixtures.rs
+input_file: crates/ruff_python_parser/resources/inline/err/ipython_help_escape_command_error_recovery_3.py
+---
+## AST
+
+```
+Module(
+    ModModule {
+        node_index: NodeIndex(None),
+        range: 0..56,
+        body: [
+            With(
+                StmtWith {
+                    node_index: NodeIndex(None),
+                    range: 37..47,
+                    is_async: false,
+                    items: [
+                        WithItem {
+                            range: 42..43,
+                            node_index: NodeIndex(None),
+                            context_expr: Name(
+                                ExprName {
+                                    node_index: NodeIndex(None),
+                                    range: 42..43,
+                                    id: Name("a"),
+                                    ctx: Load,
+                                },
+                            ),
+                            optional_vars: None,
+                        },
+                        WithItem {
+                            range: 46..47,
+                            node_index: NodeIndex(None),
+                            context_expr: Name(
+                                ExprName {
+                                    node_index: NodeIndex(None),
+                                    range: 46..47,
+                                    id: Name("b"),
+                                    ctx: Load,
+                                },
+                            ),
+                            optional_vars: None,
+                        },
+                    ],
+                    body: [],
+                },
+            ),
+            IpyEscapeCommand(
+                StmtIpyEscapeCommand {
+                    node_index: NodeIndex(None),
+                    range: 48..49,
+                    kind: Help,
+                    value: "",
+                },
+            ),
+            Assign(
+                StmtAssign {
+                    node_index: NodeIndex(None),
+                    range: 50..55,
+                    targets: [
+                        Name(
+                            ExprName {
+                                node_index: NodeIndex(None),
+                                range: 50..51,
+                                id: Name("x"),
+                                ctx: Store,
+                            },
+                        ),
+                    ],
+                    value: NumberLiteral(
+                        ExprNumberLiteral {
+                            node_index: NodeIndex(None),
+                            range: 54..55,
+                            value: Int(
+                                1,
+                            ),
+                        },
+                    ),
+                },
+            ),
+        ],
+    },
+)
+```
+## Errors
+
+  |
+1 | # parse_options: {"mode": "ipython"}
+2 | with a, ?b
+  |         ^ Syntax Error: Expected `,`, found `?`
+3 | ?
+4 | x = 1
+  |
+
+
+  |
+1 | # parse_options: {"mode": "ipython"}
+2 | with a, ?b
+  |           ^ Syntax Error: Expected `:`, found newline
+3 | ?
+4 | x = 1
+  |
+
+
+  |
+1 | # parse_options: {"mode": "ipython"}
+2 | with a, ?b
+3 | ?
+  | ^ Syntax Error: Expected an indented block after `with` statement
+4 | x = 1
+  |

crates/ruff_python_semantic/src/model.rs

@@ -3,12 +3,13 @@ use std::path::Path;
 use bitflags::bitflags;
 use rustc_hash::FxHashMap;
 
-use ruff_python_ast::helpers::from_relative_import;
+use ruff_python_ast::helpers::{from_relative_import, map_subscript};
 use ruff_python_ast::name::{QualifiedName, UnqualifiedName};
 use ruff_python_ast::{self as ast, Expr, ExprContext, PySourceType, Stmt};
 use ruff_text_size::{Ranged, TextRange, TextSize};
 
 use crate::Imported;
+use crate::analyze::visibility;
 use crate::binding::{
     Binding, BindingFlags, BindingId, BindingKind, Bindings, Exceptions, FromImport, Import,
     SubmoduleImport,
@@ -2153,6 +2154,21 @@ impl<'a> SemanticModel<'a> {
             function.range() == function_def.range()
         })
     }
+
+    /// Return `true` if the model is in a `typing.Protocol` subclass or an abstract
+    /// method.
+    pub fn in_protocol_or_abstract_method(&self) -> bool {
+        self.current_scopes().any(|scope| match scope.kind {
+            ScopeKind::Class(class_def) => class_def
+                .bases()
+                .iter()
+                .any(|base| self.match_typing_expr(map_subscript(base), "Protocol")),
+            ScopeKind::Function(function_def) => {
+                visibility::is_abstract(&function_def.decorator_list, self)
+            }
+            _ => false,
+        })
+    }
 }
 
 pub struct ShadowedBinding {

crates/ruff_wasm/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "ruff_wasm"
-version = "0.14.6"
+version = "0.14.7"
 publish = false
 authors = { workspace = true }
 edition = { workspace = true }

crates/ty/docs/rules.md

@@ -8,7 +8,7 @@
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20byte-string-type-annotation" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fstring_annotation.rs#L36" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fstring_annotation.rs#L37" target="_blank">View source</a>
 </small>
 
 
@@ -39,7 +39,7 @@ def test(): -> "int":
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20call-non-callable" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L121" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L135" target="_blank">View source</a>
 </small>
 
 
@@ -63,7 +63,7 @@ Calling a non-callable object will raise a `TypeError` at runtime.
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20conflicting-argument-forms" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L165" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L179" target="_blank">View source</a>
 </small>
 
 
@@ -95,7 +95,7 @@ f(int)  # error
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20conflicting-declarations" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L191" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L205" target="_blank">View source</a>
 </small>
 
 
@@ -126,7 +126,7 @@ a = 1
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20conflicting-metaclass" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L216" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L230" target="_blank">View source</a>
 </small>
 
 
@@ -158,7 +158,7 @@ class C(A, B): ...
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20cyclic-class-definition" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L242" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L256" target="_blank">View source</a>
 </small>
 
 
@@ -184,13 +184,41 @@ class B(A): ...
 
 [method resolution order]: https://docs.python.org/3/glossary.html#term-method-resolution-order
 
+## `cyclic-type-alias-definition`
+
+<small>
+Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
+Preview (since <a href="https://github.com/astral-sh/ty/releases/tag/1.0.0">1.0.0</a>) ·
+<a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20cyclic-type-alias-definition" target="_blank">Related issues</a> ·
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L282" target="_blank">View source</a>
+</small>
+
+
+**What it does**
+
+Checks for type alias definitions that (directly or mutually) refer to themselves.
+
+**Why is it bad?**
+
+Although it is permitted to define a recursive type alias, it is not meaningful
+to have a type alias whose expansion can only result in itself, and is therefore not allowed.
+
+**Examples**
+
+```python
+type Itself = Itself
+
+type A = B
+type B = A
+```
+
 ## `duplicate-base`
 
 <small>
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20duplicate-base" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L307" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L343" target="_blank">View source</a>
 </small>
 
 
@@ -217,7 +245,7 @@ class B(A, A): ...
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.12">0.0.1-alpha.12</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20duplicate-kw-only" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L328" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L364" target="_blank">View source</a>
 </small>
 
 
@@ -255,7 +283,7 @@ class A:  # Crash at runtime
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20escape-character-in-forward-annotation" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fstring_annotation.rs#L120" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fstring_annotation.rs#L121" target="_blank">View source</a>
 </small>
 
 
@@ -267,7 +295,7 @@ TODO #14889
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20fstring-type-annotation" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fstring_annotation.rs#L11" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fstring_annotation.rs#L12" target="_blank">View source</a>
 </small>
 
 
@@ -298,7 +326,7 @@ def test(): -> "int":
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20implicit-concatenated-string-type-annotation" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fstring_annotation.rs#L86" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fstring_annotation.rs#L87" target="_blank">View source</a>
 </small>
 
 
@@ -329,7 +357,7 @@ def test(): -> "Literal[5]":
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20inconsistent-mro" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L532" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L590" target="_blank">View source</a>
 </small>
 
 
@@ -359,7 +387,7 @@ class C(A, B): ...
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20index-out-of-bounds" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L556" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L614" target="_blank">View source</a>
 </small>
 
 
@@ -385,7 +413,7 @@ t[3]  # IndexError: tuple index out of range
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.12">0.0.1-alpha.12</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20instance-layout-conflict" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L360" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L396" target="_blank">View source</a>
 </small>
 
 
@@ -474,7 +502,7 @@ an atypical memory layout.
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-argument-type" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L610" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L668" target="_blank">View source</a>
 </small>
 
 
@@ -501,7 +529,7 @@ func("foo")  # error: [invalid-argument-type]
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-assignment" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L650" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L708" target="_blank">View source</a>
 </small>
 
 
@@ -529,7 +557,7 @@ a: int = ''
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-attribute-access" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1809" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1998" target="_blank">View source</a>
 </small>
 
 
@@ -563,7 +591,7 @@ C.instance_var = 3  # error: Cannot assign to instance variable
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.19">0.0.1-alpha.19</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-await" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L672" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L730" target="_blank">View source</a>
 </small>
 
 
@@ -599,7 +627,7 @@ asyncio.run(main())
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-base" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L702" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L760" target="_blank">View source</a>
 </small>
 
 
@@ -623,7 +651,7 @@ class A(42): ...  # error: [invalid-base]
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-context-manager" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L753" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L811" target="_blank">View source</a>
 </small>
 
 
@@ -650,7 +678,7 @@ with 1:
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-declaration" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L774" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L832" target="_blank">View source</a>
 </small>
 
 
@@ -679,7 +707,7 @@ a: str
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-exception-caught" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L797" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L855" target="_blank">View source</a>
 </small>
 
 
@@ -717,13 +745,55 @@ except ZeroDivisionError:
 
  This rule corresponds to Ruff's [`except-with-non-exception-classes` (`B030`)](https://docs.astral.sh/ruff/rules/except-with-non-exception-classes)
 
+## `invalid-explicit-override`
+
+<small>
+Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
+Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.28">0.0.1-alpha.28</a> ·
+<a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-explicit-override" target="_blank">Related issues</a> ·
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1668" target="_blank">View source</a>
+</small>
+
+
+**What it does**
+
+Checks for methods that are decorated with `@override` but do not override any method in a superclass.
+
+**Why is this bad?**
+
+Decorating a method with `@override` declares to the type checker that the intention is that it should
+override a method from a superclass.
+
+**Example**
+
+
+```python
+from typing import override
+
+class A:
+    @override
+    def foo(self): ...  # Error raised here
+
+class B(A):
+    @override
+    def ffooo(self): ...  # Error raised here
+
+class C:
+    @override
+    def __repr__(self): ...  # fine: overrides `object.__repr__`
+
+class D(A):
+    @override
+    def foo(self): ...  # fine: overrides `A.foo`
+```
+
 ## `invalid-generic-class`
 
 <small>
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-generic-class" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L833" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L891" target="_blank">View source</a>
 </small>
 
 
@@ -756,7 +826,7 @@ class C[U](Generic[T]): ...
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.17">0.0.1-alpha.17</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-key" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L577" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L635" target="_blank">View source</a>
 </small>
 
 
@@ -795,7 +865,7 @@ carol = Person(name="Carol", age=25)  # typo!
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-legacy-type-variable" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L859" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L917" target="_blank">View source</a>
 </small>
 
 
@@ -830,7 +900,7 @@ def f(t: TypeVar("U")): ...
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-metaclass" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L956" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1014" target="_blank">View source</a>
 </small>
 
 
@@ -858,13 +928,120 @@ class B(metaclass=f): ...
 
 - [Python documentation: Metaclasses](https://docs.python.org/3/reference/datamodel.html#metaclasses)
 
+## `invalid-method-override`
+
+<small>
+Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
+Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.20">0.0.1-alpha.20</a> ·
+<a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-method-override" target="_blank">Related issues</a> ·
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L2126" target="_blank">View source</a>
+</small>
+
+
+**What it does**
+
+Detects method overrides that violate the [Liskov Substitution Principle] ("LSP").
+
+The LSP states that an instance of a subtype should be substitutable for an instance of its supertype.
+Applied to Python, this means:
+1. All argument combinations a superclass method accepts
+   must also be accepted by an overriding subclass method.
+2. The return type of an overriding subclass method must be a subtype
+   of the return type of the superclass method.
+
+**Why is this bad?**
+
+Violating the Liskov Substitution Principle will lead to many of ty's assumptions and
+inferences being incorrect, which will mean that it will fail to catch many possible
+type errors in your code.
+
+**Example**
+
+```python
+class Super:
+    def method(self, x) -> int:
+        return 42
+
+class Sub(Super):
+    # Liskov violation: `str` is not a subtype of `int`,
+    # but the supertype method promises to return an `int`.
+    def method(self, x) -> str:  # error: [invalid-override]
+        return "foo"
+
+def accepts_super(s: Super) -> int:
+    return s.method(x=42)
+
+accepts_super(Sub())  # The result of this call is a string, but ty will infer
+                      # it to be an `int` due to the violation of the Liskov Substitution Principle.
+
+class Sub2(Super):
+    # Liskov violation: the superclass method can be called with a `x=`
+    # keyword argument, but the subclass method does not accept it.
+    def method(self, y) -> int:  # error: [invalid-override]
+       return 42
+
+accepts_super(Sub2())  # TypeError at runtime: method() got an unexpected keyword argument 'x'
+                       # ty cannot catch this error due to the violation of the Liskov Substitution Principle.
+```
+
+**Common issues**
+
+
+**Why does ty complain about my `__eq__` method?**
+
+
+`__eq__` and `__ne__` methods in Python are generally expected to accept arbitrary
+objects as their second argument, for example:
+
+```python
+class A:
+    x: int
+
+    def __eq__(self, other: object) -> bool:
+        # gracefully handle an object of an unexpected type
+        # without raising an exception
+        if not isinstance(other, A):
+            return False
+        return self.x == other.x
+```
+
+If `A.__eq__` here were annotated as only accepting `A` instances for its second argument,
+it would imply that you wouldn't be able to use `==` between instances of `A` and
+instances of unrelated classes without an exception possibly being raised. While some
+classes in Python do indeed behave this way, the strongly held convention is that it should
+be avoided wherever possible. As part of this check, therefore, ty enforces that `__eq__`
+and `__ne__` methods accept `object` as their second argument.
+
+**Why does ty disagree with Ruff about how to write my method?**
+
+
+Ruff has several rules that will encourage you to rename a parameter, or change its type
+signature, if it thinks you're falling into a certain anti-pattern. For example, Ruff's
+[ARG002](https://docs.astral.sh/ruff/rules/unused-method-argument/) rule recommends that an
+unused parameter should either be removed or renamed to start with `_`. Applying either of
+these suggestions can cause ty to start reporting an `invalid-method-override` error if
+the function in question is a method on a subclass that overrides a method on a superclass,
+and the change would cause the subclass method to no longer accept all argument combinations
+that the superclass method accepts.
+
+This can usually be resolved by adding [`@typing.override`][override] to your method
+definition. Ruff knows that a method decorated with `@typing.override` is intended to
+override a method by the same name on a superclass, and avoids reporting rules like ARG002
+for such methods; it knows that the changes recommended by ARG002 would violate the Liskov
+Substitution Principle.
+
+Correct use of `@override` is enforced by ty's `invalid-explicit-override` rule.
+
+[Liskov Substitution Principle]: https://en.wikipedia.org/wiki/Liskov_substitution_principle
+[override]: https://docs.python.org/3/library/typing.html#typing.override
+
 ## `invalid-named-tuple`
 
 <small>
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.19">0.0.1-alpha.19</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-named-tuple" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L506" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L542" target="_blank">View source</a>
 </small>
 
 
@@ -875,7 +1052,8 @@ Checks for invalidly defined `NamedTuple` classes.
 **Why is this bad?**
 
 An invalidly defined `NamedTuple` class may lead to the type checker
-drawing incorrect conclusions. It may also lead to `TypeError`s at runtime.
+drawing incorrect conclusions. It may also lead to `TypeError`s or
+`AttributeError`s at runtime.
 
 **Examples**
 
@@ -890,13 +1068,34 @@ in a class's bases list.
 TypeError: can only inherit from a NamedTuple type and Generic
 ```
 
+Further, `NamedTuple` field names cannot start with an underscore:
+
+```pycon
+>>> from typing import NamedTuple
+>>> class Foo(NamedTuple):
+...     _bar: int
+ValueError: Field names cannot start with an underscore: '_bar'
+```
+
+`NamedTuple` classes also have certain synthesized attributes (like `_asdict`, `_make`,
+`_replace`, etc.) that cannot be overwritten. Attempting to assign to these attributes
+without a type annotation will raise an `AttributeError` at runtime.
+
+```pycon
+>>> from typing import NamedTuple
+>>> class Foo(NamedTuple):
+...     x: int
+...     _asdict = 42
+AttributeError: Cannot overwrite NamedTuple attribute _asdict
+```
+
 ## `invalid-newtype`
 
 <small>
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Preview (since <a href="https://github.com/astral-sh/ty/releases/tag/1.0.0">1.0.0</a>) ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-newtype" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L932" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L990" target="_blank">View source</a>
 </small>
 
 
@@ -926,7 +1125,7 @@ Baz = NewType("Baz", int | str)  # error: invalid base for `typing.NewType`
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-overload" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L983" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1041" target="_blank">View source</a>
 </small>
 
 
@@ -976,7 +1175,7 @@ def foo(x: int) -> int: ...
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-parameter-default" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1082" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1140" target="_blank">View source</a>
 </small>
 
 
@@ -1002,7 +1201,7 @@ def f(a: int = ''): ...
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-paramspec" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L887" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L945" target="_blank">View source</a>
 </small>
 
 
@@ -1033,7 +1232,7 @@ P2 = ParamSpec("S2")  # error: ParamSpec name must match the variable it's assig
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-protocol" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L442" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L478" target="_blank">View source</a>
 </small>
 
 
@@ -1067,7 +1266,7 @@ TypeError: Protocols can only inherit from other protocols, got <class 'int'>
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-raise" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1102" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1160" target="_blank">View source</a>
 </small>
 
 
@@ -1116,7 +1315,7 @@ def g():
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-return-type" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L631" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L689" target="_blank">View source</a>
 </small>
 
 
@@ -1141,7 +1340,7 @@ def func() -> int:
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-super-argument" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1145" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1203" target="_blank">View source</a>
 </small>
 
 
@@ -1187,7 +1386,7 @@ super(B, A)  # error: `A` does not satisfy `issubclass(A, B)`
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-syntax-in-forward-annotation" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fstring_annotation.rs#L111" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fstring_annotation.rs#L112" target="_blank">View source</a>
 </small>
 
 
@@ -1199,7 +1398,7 @@ TODO #14889
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.6">0.0.1-alpha.6</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-type-alias-type" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L911" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L969" target="_blank">View source</a>
 </small>
 
 
@@ -1220,13 +1419,60 @@ IntOrStr = TypeAliasType("IntOrStr", int | str)  # okay
 NewAlias = TypeAliasType(get_name(), int)        # error: TypeAliasType name must be a string literal
 ```
 
+## `invalid-type-arguments`
+
+<small>
+Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
+Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.29">0.0.1-alpha.29</a> ·
+<a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-type-arguments" target="_blank">Related issues</a> ·
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1435" target="_blank">View source</a>
+</small>
+
+
+**What it does**
+
+Checks for invalid type arguments in explicit type specialization.
+
+**Why is this bad?**
+
+Providing the wrong number of type arguments or type arguments that don't
+satisfy the type variable's bounds or constraints will lead to incorrect
+type inference and may indicate a misunderstanding of the generic type's
+interface.
+
+**Examples**
+
+
+Using legacy type variables:
+```python
+from typing import Generic, TypeVar
+
+T1 = TypeVar('T1', int, str)
+T2 = TypeVar('T2', bound=int)
+
+class Foo1(Generic[T1]): ...
+class Foo2(Generic[T2]): ...
+
+Foo1[bytes]  # error: bytes does not satisfy T1's constraints
+Foo2[str]  # error: str does not satisfy T2's bound
+```
+
+Using PEP 695 type variables:
+```python
+class Foo[T]: ...
+class Bar[T, U]: ...
+
+Foo[int, str]  # error: too many arguments
+Bar[int]  # error: too few arguments
+```
+
 ## `invalid-type-checking-constant`
 
 <small>
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-type-checking-constant" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1184" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1242" target="_blank">View source</a>
 </small>
 
 
@@ -1256,7 +1502,7 @@ TYPE_CHECKING = ''
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-type-form" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1208" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1266" target="_blank">View source</a>
 </small>
 
 
@@ -1286,7 +1532,7 @@ b: Annotated[int]  # `Annotated` expects at least two arguments
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.11">0.0.1-alpha.11</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-type-guard-call" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1260" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1318" target="_blank">View source</a>
 </small>
 
 
@@ -1320,7 +1566,7 @@ f(10)  # Error
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.11">0.0.1-alpha.11</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-type-guard-definition" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1232" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1290" target="_blank">View source</a>
 </small>
 
 
@@ -1354,7 +1600,7 @@ class C:
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-type-variable-constraints" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1288" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1346" target="_blank">View source</a>
 </small>
 
 
@@ -1389,7 +1635,7 @@ T = TypeVar('T', bound=str)  # valid bound TypeVar
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20missing-argument" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1317" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1375" target="_blank">View source</a>
 </small>
 
 
@@ -1414,7 +1660,7 @@ func()  # TypeError: func() missing 1 required positional argument: 'x'
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.20">0.0.1-alpha.20</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20missing-typed-dict-key" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1910" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L2099" target="_blank">View source</a>
 </small>
 
 
@@ -1447,7 +1693,7 @@ alice["age"]  # KeyError
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20no-matching-overload" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1336" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1394" target="_blank">View source</a>
 </small>
 
 
@@ -1476,7 +1722,7 @@ func("string")  # error: [no-matching-overload]
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20non-subscriptable" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1359" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1417" target="_blank">View source</a>
 </small>
 
 
@@ -1500,7 +1746,7 @@ Subscripting an object that does not support it will raise a `TypeError` at runt
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20not-iterable" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1377" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1476" target="_blank">View source</a>
 </small>
 
 
@@ -1520,13 +1766,46 @@ for i in 34:  # TypeError: 'int' object is not iterable
     pass
 ```
 
+## `override-of-final-method`
+
+<small>
+Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
+Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.29">0.0.1-alpha.29</a> ·
+<a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20override-of-final-method" target="_blank">Related issues</a> ·
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1641" target="_blank">View source</a>
+</small>
+
+
+**What it does**
+
+Checks for methods on subclasses that override superclass methods decorated with `@final`.
+
+**Why is this bad?**
+
+Decorating a method with `@final` declares to the type checker that it should not be
+overridden on any subclass.
+
+**Example**
+
+
+```python
+from typing import final
+
+class A:
+    @final
+    def foo(self): ...
+
+class B(A):
+    def foo(self): ...  # Error raised here
+```
+
 ## `parameter-already-assigned`
 
 <small>
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20parameter-already-assigned" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1428" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1527" target="_blank">View source</a>
 </small>
 
 
@@ -1553,7 +1832,7 @@ f(1, x=2)  # Error raised here
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.22">0.0.1-alpha.22</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20positional-only-parameter-as-kwarg" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1663" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1852" target="_blank">View source</a>
 </small>
 
 
@@ -1580,7 +1859,7 @@ f(x=1)  # Error raised here
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20raw-string-type-annotation" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fstring_annotation.rs#L61" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fstring_annotation.rs#L62" target="_blank">View source</a>
 </small>
 
 
@@ -1611,7 +1890,7 @@ def test(): -> "int":
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20static-assert-error" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1785" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1974" target="_blank">View source</a>
 </small>
 
 
@@ -1641,7 +1920,7 @@ static_assert(int(2.0 * 3.0) == 6)  # error: does not have a statically known tr
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20subclass-of-final-class" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1519" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1618" target="_blank">View source</a>
 </small>
 
 
@@ -1664,13 +1943,47 @@ class A: ...
 class B(A): ...  # Error raised here
 ```
 
+## `super-call-in-named-tuple-method`
+
+<small>
+Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
+Preview (since <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.30">0.0.1-alpha.30</a>) ·
+<a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20super-call-in-named-tuple-method" target="_blank">Related issues</a> ·
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1786" target="_blank">View source</a>
+</small>
+
+
+**What it does**
+
+Checks for calls to `super()` inside methods of `NamedTuple` classes.
+
+**Why is this bad?**
+
+Using `super()` in a method of a `NamedTuple` class will raise an exception at runtime.
+
+**Examples**
+
+```python
+from typing import NamedTuple
+
+class F(NamedTuple):
+    x: int
+
+    def method(self):
+        super()  # error: super() is not supported in methods of NamedTuple classes
+```
+
+**References**
+
+- [Python documentation: super()](https://docs.python.org/3/library/functions.html#super)
+
 ## `too-many-positional-arguments`
 
 <small>
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20too-many-positional-arguments" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1564" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1726" target="_blank">View source</a>
 </small>
 
 
@@ -1697,7 +2010,7 @@ f("foo")  # Error raised here
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20type-assertion-failure" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1542" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1704" target="_blank">View source</a>
 </small>
 
 
@@ -1725,7 +2038,7 @@ def _(x: int):
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20unavailable-implicit-super-arguments" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1585" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1747" target="_blank">View source</a>
 </small>
 
 
@@ -1771,7 +2084,7 @@ class A:
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20unknown-argument" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1642" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1831" target="_blank">View source</a>
 </small>
 
 
@@ -1798,7 +2111,7 @@ f(x=1, y=2)  # Error raised here
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20unresolved-attribute" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1684" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1873" target="_blank">View source</a>
 </small>
 
 
@@ -1826,7 +2139,7 @@ A().foo  # AttributeError: 'A' object has no attribute 'foo'
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20unresolved-import" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1706" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1895" target="_blank">View source</a>
 </small>
 
 
@@ -1851,7 +2164,7 @@ import foo  # ModuleNotFoundError: No module named 'foo'
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20unresolved-reference" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1725" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1914" target="_blank">View source</a>
 </small>
 
 
@@ -1876,7 +2189,7 @@ print(x)  # NameError: name 'x' is not defined
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20unsupported-bool-conversion" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1397" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1496" target="_blank">View source</a>
 </small>
 
 
@@ -1913,7 +2226,7 @@ b1 < b2 < b1  # exception raised here
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20unsupported-operator" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1744" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1933" target="_blank">View source</a>
 </small>
 
 
@@ -1941,7 +2254,7 @@ A() + A()  # TypeError: unsupported operand type(s) for +: 'A' and 'A'
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'error'."><code>error</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20zero-stepsize-in-slice" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1766" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1955" target="_blank">View source</a>
 </small>
 
 
@@ -1966,7 +2279,7 @@ l[1:10:0]  # ValueError: slice step cannot be zero
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'warn'."><code>warn</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.20">0.0.1-alpha.20</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20ambiguous-protocol-member" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L471" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L507" target="_blank">View source</a>
 </small>
 
 
@@ -2007,7 +2320,7 @@ class SubProto(BaseProto, Protocol):
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'warn'."><code>warn</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.16">0.0.1-alpha.16</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20deprecated" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L286" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L322" target="_blank">View source</a>
 </small>
 
 
@@ -2034,7 +2347,7 @@ old_func()  # emits [deprecated] diagnostic
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'warn'."><code>warn</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20ignore-comment-unknown-rule" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Fsuppression.rs#L40" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Fsuppression.rs#L47" target="_blank">View source</a>
 </small>
 
 
@@ -2065,7 +2378,7 @@ a = 20 / 0  # ty: ignore[division-by-zero]
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'warn'."><code>warn</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20invalid-ignore-comment" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Fsuppression.rs#L65" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Fsuppression.rs#L72" target="_blank">View source</a>
 </small>
 
 
@@ -2095,7 +2408,7 @@ a = 20 / 0  # type: ignore
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'warn'."><code>warn</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.22">0.0.1-alpha.22</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20possibly-missing-attribute" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1449" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1548" target="_blank">View source</a>
 </small>
 
 
@@ -2123,7 +2436,7 @@ A.c  # AttributeError: type object 'A' has no attribute 'c'
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'warn'."><code>warn</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.22">0.0.1-alpha.22</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20possibly-missing-implicit-call" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L139" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L153" target="_blank">View source</a>
 </small>
 
 
@@ -2155,7 +2468,7 @@ A()[0]  # TypeError: 'A' object is not subscriptable
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'warn'."><code>warn</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.22">0.0.1-alpha.22</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20possibly-missing-import" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1471" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1570" target="_blank">View source</a>
 </small>
 
 
@@ -2187,7 +2500,7 @@ from module import a  # ImportError: cannot import name 'a' from 'module'
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'warn'."><code>warn</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20redundant-cast" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1837" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L2026" target="_blank">View source</a>
 </small>
 
 
@@ -2214,7 +2527,7 @@ cast(int, f())  # Redundant
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'warn'."><code>warn</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20undefined-reveal" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1624" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1813" target="_blank">View source</a>
 </small>
 
 
@@ -2238,7 +2551,7 @@ reveal_type(1)  # NameError: name 'reveal_type' is not defined
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'warn'."><code>warn</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.15">0.0.1-alpha.15</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20unresolved-global" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1858" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L2047" target="_blank">View source</a>
 </small>
 
 
@@ -2296,7 +2609,7 @@ def g():
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'warn'."><code>warn</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.7">0.0.1-alpha.7</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20unsupported-base" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L720" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L778" target="_blank">View source</a>
 </small>
 
 
@@ -2335,7 +2648,7 @@ class D(C): ...  # error: [unsupported-base]
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'warn'."><code>warn</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.22">0.0.1-alpha.22</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20useless-overload-body" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1026" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1084" target="_blank">View source</a>
 </small>
 
 
@@ -2398,7 +2711,7 @@ def foo(x: int | str) -> int | str:
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'ignore'."><code>ignore</code></a> ·
 Preview (since <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a>) ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20division-by-zero" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L268" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L304" target="_blank">View source</a>
 </small>
 
 
@@ -2422,7 +2735,7 @@ Dividing by zero raises a `ZeroDivisionError` at runtime.
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'ignore'."><code>ignore</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20possibly-unresolved-reference" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1497" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Ftypes%2Fdiagnostic.rs#L1596" target="_blank">View source</a>
 </small>
 
 
@@ -2450,7 +2763,7 @@ print(x)  # NameError: name 'x' is not defined
 Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of 'ignore'."><code>ignore</code></a> ·
 Added in <a href="https://github.com/astral-sh/ty/releases/tag/0.0.1-alpha.1">0.0.1-alpha.1</a> ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20unused-ignore-comment" target="_blank">Related issues</a> ·
-<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Fsuppression.rs#L15" target="_blank">View source</a>
+<a href="https://github.com/astral-sh/ruff/blob/main/crates%2Fty_python_semantic%2Fsrc%2Fsuppression.rs#L22" target="_blank">View source</a>
 </small>