Expose unfixable as an LSP setting

2024-08-04 22:50:35 -04:00
6950 changed files with 87522 additions and 383975 deletions
--- a/.cargo/config.toml
+++ b/.cargo/config.toml
@@ -8,7 +8,3 @@ benchmark = "bench -p ruff_benchmark --bench linter --bench formatter --"
 # See: https://github.com/astral-sh/ruff/issues/11503
 [target.'cfg(all(target_env="msvc", target_os = "windows"))']
 rustflags = ["-C", "target-feature=+crt-static"]
-
-[target.'wasm32-unknown-unknown']
-# See https://docs.rs/getrandom/latest/getrandom/#webassembly-support
-rustflags = ["--cfg", 'getrandom_backend="wasm_js"']
--- a/.config/nextest.toml
+++ b/.config/nextest.toml
@@ -6,10 +6,3 @@ failure-output = "immediate-final"
 fail-fast = false

 status-level = "skip"
-
-# Mark tests that take longer than 1s as slow.
-# Terminate after 60s as a stop-gap measure to terminate on deadlock.
-slow-timeout =  { period = "1s", terminate-after = 60 }
-
-# Show slow jobs in the final summary
-final-status-level = "slow"
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -20,7 +20,7 @@
 			"extensions": [
 				"ms-python.python",
 				"rust-lang.rust-analyzer",
-				"fill-labs.dependi",
+				"serayuzgur.crates",
 				"tamasfe.even-better-toml",
 				"Swellaby.vscode-rust-test-adapter",
 				"charliermarsh.ruff"
--- a/.editorconfig
+++ b/.editorconfig
@@ -17,7 +17,4 @@ indent_size = 4
 trim_trailing_whitespace = false

 [*.md]
-max_line_length = 100
-
-[*.toml]
-indent_size = 4
+max_line_length = 100
--- a/.gitattributes
+++ b/.gitattributes
@@ -12,16 +12,7 @@ crates/ruff_python_parser/resources/invalid/re_lexing/line_continuation_windows_
 crates/ruff_python_parser/resources/invalid/re_lex_logical_token_windows_eol.py text eol=crlf
 crates/ruff_python_parser/resources/invalid/re_lex_logical_token_mac_eol.py text eol=cr

-crates/ruff_linter/resources/test/fixtures/ruff/RUF046_CR.py text eol=cr
-crates/ruff_linter/resources/test/fixtures/ruff/RUF046_LF.py text eol=lf
-
-crates/ruff_linter/resources/test/fixtures/pyupgrade/UP018_CR.py text eol=cr
-crates/ruff_linter/resources/test/fixtures/pyupgrade/UP018_LF.py text eol=lf
-
 crates/ruff_python_parser/resources/inline linguist-generated=true

-ruff.schema.json -diff linguist-generated=true text=auto eol=lf
-ty.schema.json -diff linguist-generated=true text=auto eol=lf
-crates/ruff_python_ast/src/generated.rs -diff linguist-generated=true text=auto eol=lf
-crates/ruff_python_formatter/src/generated.rs -diff linguist-generated=true text=auto eol=lf
+ruff.schema.json linguist-generated=true text=auto eol=lf
 *.md.snap linguist-language=Markdown
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -9,16 +9,13 @@
 /crates/ruff_formatter/ @MichaReiser
 /crates/ruff_python_formatter/ @MichaReiser
 /crates/ruff_python_parser/ @MichaReiser @dhruvmanila
-/crates/ruff_annotate_snippets/ @BurntSushi

 # flake8-pyi
 /crates/ruff_linter/src/rules/flake8_pyi/ @AlexWaygood

-# Script for fuzzing the parser/ty etc.
-/python/py-fuzzer/ @AlexWaygood
+# Script for fuzzing the parser
+/scripts/fuzz-parser/ @AlexWaygood

-# ty
-/crates/ty* @carljm @MichaReiser @AlexWaygood @sharkdp @dcreager
-/crates/ruff_db/ @carljm @MichaReiser @AlexWaygood @sharkdp @dcreager
-/scripts/ty_benchmark/ @carljm @MichaReiser @AlexWaygood @sharkdp @dcreager
-/crates/ty_python_semantic @carljm @AlexWaygood @sharkdp @dcreager
+# red-knot
+/crates/red_knot* @carljm @MichaReiser @AlexWaygood
+/crates/ruff_db/ @carljm @MichaReiser @AlexWaygood
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,12 @@
+<!--
+Thank you for taking the time to report an issue! We're glad to have you involved with Ruff.
+
+If you're filing a bug report, please consider including the following information:
+
+* List of keywords you searched for before creating this issue. Write them down here so that others can find this issue more easily and help provide feedback.
+  e.g. "RUF001", "unused variable", "Jupyter notebook"
+* A minimal code snippet that reproduces the bug.
+* The command you invoked (e.g., `ruff /path/to/file.py --fix`), ideally including the `--isolated` flag.
+* The current Ruff settings (any relevant sections from your `pyproject.toml`).
+* The current Ruff version (`ruff --version`).
+-->
--- a/.github/ISSUE_TEMPLATE/1_bug_report.yaml
+++ b/.github/ISSUE_TEMPLATE/1_bug_report.yaml
@@ -1,31 +0,0 @@
-name: Bug report
-description: Report an error or unexpected behavior
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Thank you for taking the time to report an issue! We're glad to have you involved with Ruff.
-
-        **Before reporting, please make sure to search through [existing issues](https://github.com/astral-sh/ruff/issues?q=is:issue+is:open+label:bug) (including [closed](https://github.com/astral-sh/ruff/issues?q=is:issue%20state:closed%20label:bug)).**
-
-  - type: textarea
-    attributes:
-      label: Summary
-      description: |
-        A clear and concise description of the bug, including a minimal reproducible example.
-
-        Be sure to include the command you invoked (e.g., `ruff check /path/to/file.py --fix`), ideally including the `--isolated` flag and
-        the current Ruff settings (e.g., relevant sections from your `pyproject.toml`).
-
-        If possible, try to include the [playground](https://play.ruff.rs) link that reproduces this issue.
-
-    validations:
-      required: true
-
-  - type: input
-    attributes:
-      label: Version
-      description: What version of ruff are you using? (see `ruff version`)
-      placeholder: e.g., ruff 0.9.3 (90589372d 2025-01-23)
-    validations:
-      required: false
--- a/.github/ISSUE_TEMPLATE/2_rule_request.yaml
+++ b/.github/ISSUE_TEMPLATE/2_rule_request.yaml
@@ -1,10 +0,0 @@
-name: Rule request
-description: Anything related to lint rules (proposing new rules, changes to existing rules, auto-fixes, etc.)
-body:
-  - type: textarea
-    attributes:
-      label: Summary
-      description: |
-        A clear and concise description of the relevant request. If applicable, please describe the current behavior as well.
-    validations:
-      required: true
--- a/.github/ISSUE_TEMPLATE/3_question.yaml
+++ b/.github/ISSUE_TEMPLATE/3_question.yaml
@@ -1,18 +0,0 @@
-name: Question
-description: Ask a question about Ruff
-labels: ["question"]
-body:
-  - type: textarea
-    attributes:
-      label: Question
-      description: Describe your question in detail.
-    validations:
-      required: true
-
-  - type: input
-    attributes:
-      label: Version
-      description: What version of ruff are you using? (see `ruff version`)
-      placeholder: e.g., ruff 0.9.3 (90589372d 2025-01-23)
-    validations:
-      required: false
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,11 +0,0 @@
-blank_issues_enabled: true
-contact_links:
-  - name: Report an issue with ty
-    url: https://github.com/astral-sh/ty/issues/new/choose
-    about: Please report issues for our type checker ty in the ty repository.
-  - name: Documentation
-    url: https://docs.astral.sh/ruff
-    about: Please consult the documentation before creating an issue.
-  - name: Community
-    url: https://discord.com/invite/astral-sh
-    about: Join our Discord community to ask questions and collaborate.
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,9 +1,8 @@
 <!--
-Thank you for contributing to Ruff/ty! To help us out with reviewing, please consider the following:
+Thank you for contributing to Ruff! To help us out with reviewing, please consider the following:

 - Does this pull request include a summary of the change? (See below.)
- Does this pull request include a descriptive title? (Please prefix with `[ty]` for ty pull
-  requests.)
+- Does this pull request include a descriptive title?
 - Does this pull request include references to any relevant issues?
 -->

--- a/.github/actionlint.yaml
+++ b/.github/actionlint.yaml
@@ -1,11 +0,0 @@
-# Configuration for the actionlint tool, which we run via pre-commit
-# to verify the correctness of the syntax in our GitHub Actions workflows.
-
-self-hosted-runner:
-  # Various runners we use that aren't recognized out-of-the-box by actionlint:
-  labels:
-    - depot-ubuntu-latest-8
-    - depot-ubuntu-22.04-16
-    - depot-ubuntu-22.04-32
-    - github-windows-2025-x86_64-8
-    - github-windows-2025-x86_64-16
--- a/.github/mypy-primer-ty.toml
+++ b/.github/mypy-primer-ty.toml
@@ -1,7 +0,0 @@
-#:schema ../ty.schema.json
-# Configuration overrides for the mypy primer run
-
-# Enable off-by-default rules.
-[rules]
-possibly-unresolved-reference = "warn"
-unused-ignore-comment = "warn"
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@@ -8,55 +8,27 @@
  semanticCommits: "disabled",
  separateMajorMinor: false,
  prHourlyLimit: 10,
-  enabledManagers: ["github-actions", "pre-commit", "cargo", "pep621", "pip_requirements", "npm"],
+  enabledManagers: ["github-actions", "pre-commit", "cargo", "pep621", "npm"],
  cargo: {
    // See https://docs.renovatebot.com/configuration-options/#rangestrategy
    rangeStrategy: "update-lockfile",
  },
  pep621: {
-    // The default for this package manager is to only search for `pyproject.toml` files
-    // found at the repository root: https://docs.renovatebot.com/modules/manager/pep621/#file-matching
    fileMatch: ["^(python|scripts)/.*pyproject\\.toml$"],
  },
-  pip_requirements: {
-    // The default for this package manager is to run on all requirements.txt files:
-    // https://docs.renovatebot.com/modules/manager/pip_requirements/#file-matching
-    // `fileMatch` doesn't work for excluding files; to exclude `requirements.txt` files
-    // outside the `doc/` directory, we instead have to use `ignorePaths`. Unlike `fileMatch`,
-    // which takes a regex string, `ignorePaths` takes a glob string, so we have to use
-    // a "negative glob pattern".
-    // See:
-    // - https://docs.renovatebot.com/modules/manager/#ignoring-files-that-match-the-default-filematch
-    // - https://docs.renovatebot.com/configuration-options/#ignorepaths
-    // - https://docs.renovatebot.com/string-pattern-matching/#negative-matching
-    ignorePaths: ["!docs/requirements*.txt"]
-  },
  npm: {
-    // The default for this package manager is to only search for `package.json` files
-    // found at the repository root: https://docs.renovatebot.com/modules/manager/npm/#file-matching
    fileMatch: ["^playground/.*package\\.json$"],
  },
  "pre-commit": {
    enabled: true,
  },
  packageRules: [
-    // Pin GitHub Actions to immutable SHAs.
-    {
-      matchDepTypes: ["action"],
-      pinDigests: true,
-    },
-    // Annotate GitHub Actions SHAs with a SemVer version.
-    {
-      extends: ["helpers:pinGitHubActionDigests"],
-      extractVersion: "^(?<version>v?\\d+\\.\\d+\\.\\d+)$",
-      versioning: "regex:^v?(?<major>\\d+)(\\.(?<minor>\\d+)\\.(?<patch>\\d+))?$",
-    },
    {
      // Group upload/download artifact updates, the versions are dependent
      groupName: "Artifact GitHub Actions dependencies",
      matchManagers: ["github-actions"],
      matchDatasources: ["gitea-tags", "github-tags"],
-      matchPackageNames: ["actions/.*-artifact"],
+      matchPackagePatterns: ["actions/.*-artifact"],
      description: "Weekly update of artifact-related GitHub Actions dependencies",
    },
    {
@@ -72,18 +44,10 @@
    {
      // Disable updates of `zip-rs`; intentionally pinned for now due to ownership change
      // See: https://github.com/astral-sh/uv/issues/3642
-      matchPackageNames: ["zip"],
+      matchPackagePatterns: ["zip"],
      matchManagers: ["cargo"],
      enabled: false,
    },
-    {
-      // `mkdocs-material` requires a manual update to keep the version in sync
-      // with `mkdocs-material-insider`.
-      // See: https://squidfunk.github.io/mkdocs-material/insiders/upgrade/
-      matchManagers: ["pip_requirements"],
-      matchPackageNames: ["mkdocs-material"],
-      enabled: false,
-    },
    {
      groupName: "pre-commit dependencies",
      matchManagers: ["pre-commit"],
@@ -98,15 +62,22 @@
    {
      groupName: "Monaco",
      matchManagers: ["npm"],
-      matchPackageNames: ["monaco"],
+      matchPackagePatterns: ["monaco"],
      description: "Weekly update of the Monaco editor",
    },
    {
      groupName: "strum",
      matchManagers: ["cargo"],
-      matchPackageNames: ["strum"],
+      matchPackagePatterns: ["strum"],
      description: "Weekly update of strum dependencies",
-    }
+    },
+    {
+      groupName: "ESLint",
+      matchManagers: ["npm"],
+      matchPackageNames: ["eslint"],
+      allowedVersions: "<9",
+      description: "Constraint ESLint to version 8 until TypeScript-eslint supports ESLint 9", // https://github.com/typescript-eslint/typescript-eslint/issues/8211
+    },
  ],
  vulnerabilityAlerts: {
    commitMessageSuffix: "",
--- a/.github/workflows/build-binaries.yml
+++ b/.github/workflows/build-binaries.yml
@@ -23,12 +23,10 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-permissions: {}
-
 env:
  PACKAGE_NAME: ruff
  MODULE_NAME: ruff
-  PYTHON_VERSION: "3.13"
+  PYTHON_VERSION: "3.11"
  CARGO_INCREMENTAL: 0
  CARGO_NET_RETRY: 10
  CARGO_TERM_COLOR: always
@@ -39,52 +37,50 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }}
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          submodules: recursive
-          persist-credentials: false
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
      - name: "Prep README.md"
        run: python scripts/transform_readme.py --target pypi
      - name: "Build sdist"
-        uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1.49.1
+        uses: PyO3/maturin-action@v1
        with:
          command: sdist
          args: --out dist
      - name: "Test sdist"
        run: |
-          pip install dist/"${PACKAGE_NAME}"-*.tar.gz --force-reinstall
-          "${MODULE_NAME}" --help
-          python -m "${MODULE_NAME}" --help
+          pip install dist/${{ env.PACKAGE_NAME }}-*.tar.gz --force-reinstall
+          ${{ env.MODULE_NAME }} --help
+          python -m ${{ env.MODULE_NAME }} --help
      - name: "Upload sdist"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: wheels-sdist
          path: dist

  macos-x86_64:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }}
-    runs-on: macos-14
+    runs-on: macos-12
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          submodules: recursive
-          persist-credentials: false
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          architecture: x64
      - name: "Prep README.md"
        run: python scripts/transform_readme.py --target pypi
      - name: "Build wheels - x86_64"
-        uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1.49.1
+        uses: PyO3/maturin-action@v1
        with:
          target: x86_64
          args: --release --locked --out dist
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: wheels-macos-x86_64
          path: dist
@@ -99,7 +95,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: artifacts-macos-x86_64
          path: |
@@ -110,28 +106,27 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }}
    runs-on: macos-14
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          submodules: recursive
-          persist-credentials: false
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          architecture: arm64
      - name: "Prep README.md"
        run: python scripts/transform_readme.py --target pypi
      - name: "Build wheels - aarch64"
-        uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1.49.1
+        uses: PyO3/maturin-action@v1
        with:
          target: aarch64
          args: --release --locked --out dist
      - name: "Test wheel - aarch64"
        run: |
-          pip install dist/"${PACKAGE_NAME}"-*.whl --force-reinstall
+          pip install dist/${{ env.PACKAGE_NAME }}-*.whl --force-reinstall
          ruff --help
          python -m ruff --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: wheels-aarch64-apple-darwin
          path: dist
@@ -146,7 +141,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: artifacts-aarch64-apple-darwin
          path: |
@@ -166,18 +161,17 @@ jobs:
          - target: aarch64-pc-windows-msvc
            arch: x64
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          submodules: recursive
-          persist-credentials: false
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          architecture: ${{ matrix.platform.arch }}
      - name: "Prep README.md"
        run: python scripts/transform_readme.py --target pypi
      - name: "Build wheels"
-        uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1.49.1
+        uses: PyO3/maturin-action@v1
        with:
          target: ${{ matrix.platform.target }}
          args: --release --locked --out dist
@@ -188,11 +182,11 @@ jobs:
        if: ${{ !startsWith(matrix.platform.target, 'aarch64') }}
        shell: bash
        run: |
-          python -m pip install dist/"${PACKAGE_NAME}"-*.whl --force-reinstall
-          "${MODULE_NAME}" --help
-          python -m "${MODULE_NAME}" --help
+          python -m pip install dist/${{ env.PACKAGE_NAME }}-*.whl --force-reinstall
+          ${{ env.MODULE_NAME }} --help
+          python -m ${{ env.MODULE_NAME }} --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: wheels-${{ matrix.platform.target }}
          path: dist
@@ -203,7 +197,7 @@ jobs:
          7z a $ARCHIVE_FILE ./target/${{ matrix.platform.target }}/release/ruff.exe
          sha256sum $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: artifacts-${{ matrix.platform.target }}
          path: |
@@ -219,18 +213,17 @@ jobs:
          - x86_64-unknown-linux-gnu
          - i686-unknown-linux-gnu
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          submodules: recursive
-          persist-credentials: false
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          architecture: x64
      - name: "Prep README.md"
        run: python scripts/transform_readme.py --target pypi
      - name: "Build wheels"
-        uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1.49.1
+        uses: PyO3/maturin-action@v1
        with:
          target: ${{ matrix.target }}
          manylinux: auto
@@ -238,11 +231,11 @@ jobs:
      - name: "Test wheel"
        if: ${{ startsWith(matrix.target, 'x86_64') }}
        run: |
-          pip install dist/"${PACKAGE_NAME}"-*.whl --force-reinstall
-          "${MODULE_NAME}" --help
-          python -m "${MODULE_NAME}" --help
+          pip install dist/${{ env.PACKAGE_NAME }}-*.whl --force-reinstall
+          ${{ env.MODULE_NAME }} --help
+          python -m ${{ env.MODULE_NAME }} --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: wheels-${{ matrix.target }}
          path: dist
@@ -260,7 +253,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: artifacts-${{ matrix.target }}
          path: |
@@ -294,24 +287,23 @@ jobs:
            arch: arm

    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          submodules: recursive
-          persist-credentials: false
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
      - name: "Prep README.md"
        run: python scripts/transform_readme.py --target pypi
      - name: "Build wheels"
-        uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1.49.1
+        uses: PyO3/maturin-action@v1
        with:
          target: ${{ matrix.platform.target }}
          manylinux: auto
          docker-options: ${{ matrix.platform.maturin_docker_options }}
          args: --release --locked --out dist
-      - uses: uraimo/run-on-arch-action@d94c13912ea685de38fccc1109385b83fd79427d # v3.0.1
-        if: ${{ matrix.platform.arch != 'ppc64' && matrix.platform.arch != 'ppc64le'}}
+      - uses: uraimo/run-on-arch-action@v2
+        if: matrix.platform.arch != 'ppc64'
        name: Test wheel
        with:
          arch: ${{ matrix.platform.arch == 'arm' && 'armv6' || matrix.platform.arch }}
@@ -325,7 +317,7 @@ jobs:
            pip3 install ${{ env.PACKAGE_NAME }} --no-index --find-links dist/ --force-reinstall
            ruff --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: wheels-${{ matrix.platform.target }}
          path: dist
@@ -343,7 +335,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: artifacts-${{ matrix.platform.target }}
          path: |
@@ -359,25 +351,24 @@ jobs:
          - x86_64-unknown-linux-musl
          - i686-unknown-linux-musl
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          submodules: recursive
-          persist-credentials: false
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          architecture: x64
      - name: "Prep README.md"
        run: python scripts/transform_readme.py --target pypi
      - name: "Build wheels"
-        uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1.49.1
+        uses: PyO3/maturin-action@v1
        with:
          target: ${{ matrix.target }}
          manylinux: musllinux_1_2
          args: --release --locked --out dist
      - name: "Test wheel"
        if: matrix.target == 'x86_64-unknown-linux-musl'
-        uses: addnab/docker-run-action@4f65fabd2431ebc8d299f8e5a018d79a769ae185 # v3
+        uses: addnab/docker-run-action@v3
        with:
          image: alpine:latest
          options: -v ${{ github.workspace }}:/io -w /io
@@ -387,7 +378,7 @@ jobs:
            .venv/bin/pip3 install ${{ env.PACKAGE_NAME }} --no-index --find-links dist/ --force-reinstall
            .venv/bin/${{ env.MODULE_NAME }} --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: wheels-${{ matrix.target }}
          path: dist
@@ -405,7 +396,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: artifacts-${{ matrix.target }}
          path: |
@@ -425,23 +416,22 @@ jobs:
            arch: armv7

    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          submodules: recursive
-          persist-credentials: false
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
      - name: "Prep README.md"
        run: python scripts/transform_readme.py --target pypi
      - name: "Build wheels"
-        uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1.49.1
+        uses: PyO3/maturin-action@v1
        with:
          target: ${{ matrix.platform.target }}
          manylinux: musllinux_1_2
          args: --release --locked --out dist
          docker-options: ${{ matrix.platform.maturin_docker_options }}
-      - uses: uraimo/run-on-arch-action@d94c13912ea685de38fccc1109385b83fd79427d # v3.0.1
+      - uses: uraimo/run-on-arch-action@v2
        name: Test wheel
        with:
          arch: ${{ matrix.platform.arch }}
@@ -454,7 +444,7 @@ jobs:
            .venv/bin/pip3 install ${{ env.PACKAGE_NAME }} --no-index --find-links dist/ --force-reinstall
            .venv/bin/${{ env.MODULE_NAME }} --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: wheels-${{ matrix.platform.target }}
          path: dist
@@ -472,7 +462,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: artifacts-${{ matrix.platform.target }}
          path: |
--- a/.github/workflows/build-docker.yml
+++ b/.github/workflows/build-docker.yml
@@ -17,283 +17,52 @@ on:
    paths:
      - .github/workflows/build-docker.yml

-env:
-  RUFF_BASE_IMG: ghcr.io/${{ github.repository_owner }}/ruff
-
 jobs:
-  docker-build:
-    name: Build Docker image (ghcr.io/astral-sh/ruff) for ${{ matrix.platform }}
+  docker-publish:
+    name: Build Docker image (ghcr.io/astral-sh/ruff)
    runs-on: ubuntu-latest
    environment:
      name: release
-    strategy:
-      fail-fast: false
-      matrix:
-        platform:
-          - linux/amd64
-          - linux/arm64
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          submodules: recursive
-          persist-credentials: false

-      - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+      - uses: docker/setup-buildx-action@v3

-      - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+      - uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/astral-sh/ruff
+
      - name: Check tag consistency
        if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
-        env:
-          TAG: ${{ inputs.plan != '' && fromJson(inputs.plan).announcement_tag || 'dry-run' }}
        run: |
-          version=$(grep -m 1 "^version = " pyproject.toml | sed -e 's/version = "\(.*\)"/\1/g')
-          if [ "${TAG}" != "${version}" ]; then
+          version=$(grep "version = " pyproject.toml | sed -e 's/version = "\(.*\)"/\1/g')
+          if [ "${{ fromJson(inputs.plan).announcement_tag }}" != "${version}" ]; then
            echo "The input tag does not match the version from pyproject.toml:" >&2
-            echo "${TAG}" >&2
+            echo "${{ fromJson(inputs.plan).announcement_tag }}" >&2
            echo "${version}" >&2
            exit 1
          else
            echo "Releasing ${version}"
          fi

-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
-        with:
-          images: ${{ env.RUFF_BASE_IMG }}
-          # Defining this makes sure the org.opencontainers.image.version OCI label becomes the actual release version and not the branch name
-          tags: |
-            type=raw,value=dry-run,enable=${{ inputs.plan == '' || fromJson(inputs.plan).announcement_tag_is_implicit }}
-            type=pep440,pattern={{ version }},value=${{ inputs.plan != '' && fromJson(inputs.plan).announcement_tag || 'dry-run' }},enable=${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
-
-      - name: Normalize Platform Pair (replace / with -)
-        run: |
-          platform=${{ matrix.platform }}
-          echo "PLATFORM_TUPLE=${platform//\//-}" >> "$GITHUB_ENV"
-
-      # Adapted from https://docs.docker.com/build/ci/github-actions/multi-platform/
-      - name: Build and push by digest
-        id: build
-        uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
-        with:
-          context: .
-          platforms: ${{ matrix.platform }}
-          cache-from: type=gha,scope=ruff-${{ env.PLATFORM_TUPLE }}
-          cache-to: type=gha,mode=min,scope=ruff-${{ env.PLATFORM_TUPLE }}
-          labels: ${{ steps.meta.outputs.labels }}
-          outputs: type=image,name=${{ env.RUFF_BASE_IMG }},push-by-digest=true,name-canonical=true,push=${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
-
-      - name: Export digests
-        env:
-          digest: ${{ steps.build.outputs.digest }}
-        run: |
-          mkdir -p /tmp/digests
-          touch "/tmp/digests/${digest#sha256:}"
-
-      - name: Upload digests
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-        with:
-          name: digests-${{ env.PLATFORM_TUPLE }}
-          path: /tmp/digests/*
-          if-no-files-found: error
-          retention-days: 1
-
-  docker-publish:
-    name: Publish Docker image (ghcr.io/astral-sh/ruff)
-    runs-on: ubuntu-latest
-    environment:
-      name: release
-    needs:
-      - docker-build
-    if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
-    steps:
-      - name: Download digests
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
-        with:
-          path: /tmp/digests
-          pattern: digests-*
-          merge-multiple: true
-
-      - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
-
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
-        with:
-          images: ${{ env.RUFF_BASE_IMG }}
-          # Order is on purpose such that the label org.opencontainers.image.version has the first pattern with the full version
-          tags: |
-            type=pep440,pattern={{ version }},value=${{ fromJson(inputs.plan).announcement_tag }}
-            type=pep440,pattern={{ major }}.{{ minor }},value=${{ fromJson(inputs.plan).announcement_tag }}
-
-      - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      # Adapted from https://docs.docker.com/build/ci/github-actions/multi-platform/
-      - name: Create manifest list and push
-        working-directory: /tmp/digests
-        # The jq command expands the docker/metadata json "tags" array entry to `-t tag1 -t tag2 ...` for each tag in the array
-        # The printf will expand the base image with the `<RUFF_BASE_IMG>@sha256:<sha256> ...` for each sha256 in the directory
-        # The final command becomes `docker buildx imagetools create -t tag1 -t tag2 ... <RUFF_BASE_IMG>@sha256:<sha256_1> <RUFF_BASE_IMG>@sha256:<sha256_2> ...`
-        run: |
-          # shellcheck disable=SC2046
-          docker buildx imagetools create \
-            $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf "${RUFF_BASE_IMG}@sha256:%s " *)
-
-  docker-publish-extra:
-    name: Publish additional Docker image based on ${{ matrix.image-mapping }}
-    runs-on: ubuntu-latest
-    environment:
-      name: release
-    needs:
-      - docker-publish
-    if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
-    strategy:
-      fail-fast: false
-      matrix:
-        # Mapping of base image followed by a comma followed by one or more base tags (comma separated)
-        # Note, org.opencontainers.image.version label will use the first base tag (use the most specific tag first)
-        image-mapping:
-          - alpine:3.21,alpine3.21,alpine
-          - debian:bookworm-slim,bookworm-slim,debian-slim
-          - buildpack-deps:bookworm,bookworm,debian
-    steps:
-      - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
-
-      - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Generate Dynamic Dockerfile Tags
-        shell: bash
-        env:
-          TAG_VALUE: ${{ fromJson(inputs.plan).announcement_tag }}
-        run: |
-          set -euo pipefail
-
-          # Extract the image and tags from the matrix variable
-          IFS=',' read -r BASE_IMAGE BASE_TAGS <<< "${{ matrix.image-mapping }}"
-
-          # Generate Dockerfile content
-          cat <<EOF > Dockerfile
-          FROM ${BASE_IMAGE}
-          COPY --from=${RUFF_BASE_IMG}:latest /ruff /usr/local/bin/ruff
-          ENTRYPOINT []
-          CMD ["/usr/local/bin/ruff"]
-          EOF
-
-          # Initialize a variable to store all tag docker metadata patterns
-          TAG_PATTERNS=""
-
-          # Loop through all base tags and append its docker metadata pattern to the list
-          # Order is on purpose such that the label org.opencontainers.image.version has the first pattern with the full version
-          IFS=','; for TAG in ${BASE_TAGS}; do
-            TAG_PATTERNS="${TAG_PATTERNS}type=pep440,pattern={{ version }},suffix=-${TAG},value=${TAG_VALUE}\n"
-            TAG_PATTERNS="${TAG_PATTERNS}type=pep440,pattern={{ major }}.{{ minor }},suffix=-${TAG},value=${TAG_VALUE}\n"
-            TAG_PATTERNS="${TAG_PATTERNS}type=raw,value=${TAG}\n"
-          done
-
-          # Remove the trailing newline from the pattern list
-          TAG_PATTERNS="${TAG_PATTERNS%\\n}"
-
-          # Export image cache name
-          echo "IMAGE_REF=${BASE_IMAGE//:/-}" >> "$GITHUB_ENV"
-
-          # Export tag patterns using the multiline env var syntax
-          {
-            echo "TAG_PATTERNS<<EOF"
-            echo -e "${TAG_PATTERNS}"
-            echo EOF
-          } >> "$GITHUB_ENV"
-
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
-        # ghcr.io prefers index level annotations
-        env:
-          DOCKER_METADATA_ANNOTATIONS_LEVELS: index
-        with:
-          images: ${{ env.RUFF_BASE_IMG }}
-          flavor: |
-            latest=false
-          tags: |
-            ${{ env.TAG_PATTERNS }}
-
-      - name: Build and push
-        uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
+      - name: "Build and push Docker image"
+        uses: docker/build-push-action@v6
        with:
          context: .
          platforms: linux/amd64,linux/arm64
-          # We do not really need to cache here as the Dockerfile is tiny
-          #cache-from: type=gha,scope=ruff-${{ env.IMAGE_REF }}
-          #cache-to: type=gha,mode=min,scope=ruff-${{ env.IMAGE_REF }}
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
+          # Reuse the builder
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          push: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
+          tags: ghcr.io/astral-sh/ruff:latest,ghcr.io/astral-sh/ruff:${{ (inputs.plan != '' && fromJson(inputs.plan).announcement_tag) || 'dry-run' }}
          labels: ${{ steps.meta.outputs.labels }}
-          annotations: ${{ steps.meta.outputs.annotations }}
-
-  # This is effectively a duplicate of `docker-publish` to make https://github.com/astral-sh/ruff/pkgs/container/ruff
-  # show the ruff base image first since GitHub always shows the last updated image digests
-  # This works by annotating the original digests (previously non-annotated) which triggers an update to ghcr.io
-  docker-republish:
-    name: Annotate Docker image (ghcr.io/astral-sh/ruff)
-    runs-on: ubuntu-latest
-    environment:
-      name: release
-    needs:
-      - docker-publish-extra
-    if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
-    steps:
-      - name: Download digests
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
-        with:
-          path: /tmp/digests
-          pattern: digests-*
-          merge-multiple: true
-
-      - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
-
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
-        env:
-          DOCKER_METADATA_ANNOTATIONS_LEVELS: index
-        with:
-          images: ${{ env.RUFF_BASE_IMG }}
-          # Order is on purpose such that the label org.opencontainers.image.version has the first pattern with the full version
-          tags: |
-            type=pep440,pattern={{ version }},value=${{ fromJson(inputs.plan).announcement_tag }}
-            type=pep440,pattern={{ major }}.{{ minor }},value=${{ fromJson(inputs.plan).announcement_tag }}
-
-      - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      # Adapted from https://docs.docker.com/build/ci/github-actions/multi-platform/
-      - name: Create manifest list and push
-        working-directory: /tmp/digests
-        # The readarray part is used to make sure the quoting and special characters are preserved on expansion (e.g. spaces)
-        # The jq command expands the docker/metadata json "tags" array entry to `-t tag1 -t tag2 ...` for each tag in the array
-        # The printf will expand the base image with the `<RUFF_BASE_IMG>@sha256:<sha256> ...` for each sha256 in the directory
-        # The final command becomes `docker buildx imagetools create -t tag1 -t tag2 ... <RUFF_BASE_IMG>@sha256:<sha256_1> <RUFF_BASE_IMG>@sha256:<sha256_2> ...`
-        run: |
-          readarray -t lines <<< "$DOCKER_METADATA_OUTPUT_ANNOTATIONS"; annotations=(); for line in "${lines[@]}"; do annotations+=(--annotation "$line"); done
-
-          # shellcheck disable=SC2046
-          docker buildx imagetools create \
-            "${annotations[@]}" \
-            $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf "${RUFF_BASE_IMG}@sha256:%s " *)
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
--- a/.github/workflows/daily_fuzz.yaml
+++ b/.github/workflows/daily_fuzz.yaml
@@ -31,31 +31,25 @@ jobs:
    # Don't run the cron job on forks:
    if: ${{ github.repository == 'astral-sh/ruff' || github.event_name != 'schedule' }}
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
        with:
-          persist-credentials: false
-      - uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # v6.0.1
+          python-version: "3.12"
+      - name: Install uv
+        run: curl -LsSf https://astral.sh/uv/install.sh | sh
+      - name: Install Python requirements
+        run: uv pip install -r scripts/fuzz-parser/requirements.txt --system
      - name: "Install Rust toolchain"
        run: rustup show
      - name: "Install mold"
-        uses: rui314/setup-mold@e16410e7f8d9e167b74ad5697a9089a35126eb50 # v1
-      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
+        uses: rui314/setup-mold@v1
+      - uses: Swatinem/rust-cache@v2
      - name: Build ruff
        # A debug build means the script runs slower once it gets started,
        # but this is outweighed by the fact that a release build takes *much* longer to compile in CI
        run: cargo build --locked
      - name: Fuzz
-        run: |
-          # shellcheck disable=SC2046
-          (
-            uvx \
-            --python=3.12 \
-            --from=./python/py-fuzzer \
-            fuzz \
-            --test-executable=target/debug/ruff \
-            --bin=ruff \
-            $(shuf -i 0-9999999999999999999 -n 1000)
-          )
+        run: python scripts/fuzz-parser/fuzz.py $(shuf -i 0-9999999999999999999 -n 1000) --test-executable target/debug/ruff

  create-issue-on-failure:
    name: Create an issue if the daily fuzz surfaced any bugs
@@ -65,7 +59,7 @@ jobs:
    permissions:
      issues: write
    steps:
-      - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+      - uses: actions/github-script@v7
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
@@ -73,6 +67,6 @@ jobs:
              owner: "astral-sh",
              repo: "ruff",
              title: `Daily parser fuzz failed on ${new Date().toDateString()}`,
-              body: "Run listed here: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}",
+              body: "Runs listed here: https://github.com/astral-sh/ruff/actions/workflows/daily_fuzz.yml",
              labels: ["bug", "parser", "fuzzer"],
            })
--- a/.github/workflows/mypy_primer.yaml
+++ b/.github/workflows/mypy_primer.yaml
@@ -1,100 +0,0 @@
-name: Run mypy_primer
-
-permissions: {}
-
-on:
-  pull_request:
-    paths:
-      - "crates/ty*/**"
-      - "crates/ruff_db"
-      - "crates/ruff_python_ast"
-      - "crates/ruff_python_parser"
-      - ".github/workflows/mypy_primer.yaml"
-      - ".github/workflows/mypy_primer_comment.yaml"
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref_name }}-${{ github.event.pull_request.number || github.sha }}
-  cancel-in-progress: true
-
-env:
-  CARGO_INCREMENTAL: 0
-  CARGO_NET_RETRY: 10
-  CARGO_TERM_COLOR: always
-  RUSTUP_MAX_RETRIES: 10
-  RUST_BACKTRACE: 1
-
-jobs:
-  mypy_primer:
-    name: Run mypy_primer
-    runs-on: depot-ubuntu-22.04-32
-    timeout-minutes: 20
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          path: ruff
-          fetch-depth: 0
-          persist-credentials: false
-
-      - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # v6.0.1
-
-      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
-        with:
-          workspaces: "ruff"
-
-      - name: Install Rust toolchain
-        run: rustup show
-
-      - name: Run mypy_primer
-        shell: bash
-        run: |
-          cd ruff
-
-          echo "Enabling mypy primer specific configuration overloads (see .github/mypy-primer-ty.toml)"
-          mkdir -p ~/.config/ty
-          cp .github/mypy-primer-ty.toml ~/.config/ty/ty.toml
-
-          PRIMER_SELECTOR="$(paste -s -d'|' crates/ty_python_semantic/resources/primer/good.txt)"
-
-          echo "new commit"
-          git rev-list --format=%s --max-count=1 "$GITHUB_SHA"
-
-          MERGE_BASE="$(git merge-base "$GITHUB_SHA" "origin/$GITHUB_BASE_REF")"
-          git checkout -b base_commit "$MERGE_BASE"
-          echo "base commit"
-          git rev-list --format=%s --max-count=1 base_commit
-
-          cd ..
-
-          echo "Project selector: $PRIMER_SELECTOR"
-          # Allow the exit code to be 0 or 1, only fail for actual mypy_primer crashes/bugs
-          uvx \
-            --from="git+https://github.com/hauntsaninja/mypy_primer@01a7ca325f674433c58e02416a867178d1571128" \
-            mypy_primer \
-            --repo ruff \
-            --type-checker ty \
-            --old base_commit \
-            --new "$GITHUB_SHA" \
-            --project-selector "/($PRIMER_SELECTOR)\$" \
-            --output concise \
-            --debug > mypy_primer.diff || [ $? -eq 1 ]
-
-          # Output diff with ANSI color codes
-          cat mypy_primer.diff
-
-          # Remove ANSI color codes before uploading
-          sed -ie 's/\x1b\[[0-9;]*m//g' mypy_primer.diff
-
-          echo ${{ github.event.number }} > pr-number
-
-      - name: Upload diff
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-        with:
-          name: mypy_primer_diff
-          path: mypy_primer.diff
-
-      - name: Upload pr-number
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-        with:
-          name: pr-number
-          path: pr-number
--- a/.github/workflows/mypy_primer_comment.yaml
+++ b/.github/workflows/mypy_primer_comment.yaml
@@ -1,97 +0,0 @@
-name: PR comment (mypy_primer)
-
-on: # zizmor: ignore[dangerous-triggers]
-  workflow_run:
-    workflows: [Run mypy_primer]
-    types: [completed]
-  workflow_dispatch:
-    inputs:
-      workflow_run_id:
-        description: The mypy_primer workflow that triggers the workflow run
-        required: true
-
-jobs:
-  comment:
-    runs-on: ubuntu-24.04
-    permissions:
-      pull-requests: write
-    steps:
-      - uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8
-        name: Download PR number
-        with:
-          name: pr-number
-          run_id: ${{ github.event.workflow_run.id ||  github.event.inputs.workflow_run_id }}
-          if_no_artifact_found: ignore
-          allow_forks: true
-
-      - name: Parse pull request number
-        id: pr-number
-        run: |
-          if [[ -f pr-number ]]
-          then
-            echo "pr-number=$(<pr-number)" >> "$GITHUB_OUTPUT"
-          fi
-
-      - uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8
-        name: "Download mypy_primer results"
-        id: download-mypy_primer_diff
-        if: steps.pr-number.outputs.pr-number
-        with:
-          name: mypy_primer_diff
-          workflow: mypy_primer.yaml
-          pr: ${{ steps.pr-number.outputs.pr-number }}
-          path: pr/mypy_primer_diff
-          workflow_conclusion: completed
-          if_no_artifact_found: ignore
-          allow_forks: true
-
-      - name: Generate comment content
-        id: generate-comment
-        if: steps.download-mypy_primer_diff.outputs.found_artifact == 'true'
-        run: |
-          # Guard against malicious mypy_primer results that symlink to a secret
-          # file on this runner
-          if [[ -L pr/mypy_primer_diff/mypy_primer.diff ]]
-          then
-              echo "Error: mypy_primer.diff cannot be a symlink"
-              exit 1
-          fi
-
-          # Note this identifier is used to find the comment to update on
-          # subsequent runs
-          echo '<!-- generated-comment mypy_primer -->' >> comment.txt
-
-          echo '## `mypy_primer` results' >> comment.txt
-          if [ -s "pr/mypy_primer_diff/mypy_primer.diff" ]; then
-            echo '<details>' >> comment.txt
-            echo '<summary>Changes were detected when running on open source projects</summary>' >> comment.txt
-            echo '' >> comment.txt
-            echo '```diff' >> comment.txt
-            cat pr/mypy_primer_diff/mypy_primer.diff >> comment.txt
-            echo '```' >> comment.txt
-            echo '</details>' >> comment.txt
-          else
-            echo 'No ecosystem changes detected ✅' >> comment.txt
-          fi
-
-          echo 'comment<<EOF' >> "$GITHUB_OUTPUT"
-          cat comment.txt >> "$GITHUB_OUTPUT"
-          echo 'EOF' >> "$GITHUB_OUTPUT"
-
-      - name: Find existing comment
-        uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0
-        if: steps.generate-comment.outcome == 'success'
-        id: find-comment
-        with:
-          issue-number: ${{ steps.pr-number.outputs.pr-number }}
-          comment-author: "github-actions[bot]"
-          body-includes: "<!-- generated-comment mypy_primer -->"
-
-      - name: Create or update comment
-        if: steps.find-comment.outcome == 'success'
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4
-        with:
-          comment-id: ${{ steps.find-comment.outputs.comment-id }}
-          issue-number: ${{ steps.pr-number.outputs.pr-number }}
-          body-path: comment.txt
-          edit-mode: replace
--- a/.github/workflows/notify-dependents.yml
+++ b/.github/workflows/notify-dependents.yml
@@ -17,7 +17,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: "Update pre-commit mirror"
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@v7
        with:
          github-token: ${{ secrets.RUFF_PRE_COMMIT_PAT }}
          script: |
--- a/.github/workflows/pr-comment.yaml
+++ b/.github/workflows/pr-comment.yaml
@@ -10,13 +10,14 @@ on:
        description: The ecosystem workflow that triggers the workflow run
        required: true

+permissions:
+  pull-requests: write
+
 jobs:
  comment:
    runs-on: ubuntu-latest
-    permissions:
-      pull-requests: write
    steps:
-      - uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8
+      - uses: dawidd6/action-download-artifact@v6
        name: Download pull request number
        with:
          name: pr-number
@@ -29,10 +30,10 @@ jobs:
        run: |
          if [[ -f pr-number ]]
          then
-            echo "pr-number=$(<pr-number)" >> "$GITHUB_OUTPUT"
+            echo "pr-number=$(<pr-number)" >> $GITHUB_OUTPUT
          fi

-      - uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8
+      - uses: dawidd6/action-download-artifact@v6
        name: "Download ecosystem results"
        id: download-ecosystem-result
        if: steps.pr-number.outputs.pr-number
@@ -65,12 +66,12 @@ jobs:
          cat pr/ecosystem/ecosystem-result >> comment.txt
          echo "" >> comment.txt

-          echo 'comment<<EOF' >> "$GITHUB_OUTPUT"
-          cat comment.txt >> "$GITHUB_OUTPUT"
-          echo 'EOF' >> "$GITHUB_OUTPUT"
+          echo 'comment<<EOF' >> $GITHUB_OUTPUT
+          cat comment.txt >> $GITHUB_OUTPUT
+          echo 'EOF' >> $GITHUB_OUTPUT

      - name: Find existing comment
-        uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0
+        uses: peter-evans/find-comment@v3
        if: steps.generate-comment.outcome == 'success'
        id: find-comment
        with:
@@ -80,7 +81,7 @@ jobs:

      - name: Create or update comment
        if: steps.find-comment.outcome == 'success'
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4
+        uses: peter-evans/create-or-update-comment@v4
        with:
          comment-id: ${{ steps.find-comment.outputs.comment-id }}
          issue-number: ${{ steps.pr-number.outputs.pr-number }}
--- a/.github/workflows/publish-docs.yml
+++ b/.github/workflows/publish-docs.yml
@@ -23,52 +23,52 @@ jobs:
    env:
      MKDOCS_INSIDERS_SSH_KEY_EXISTS: ${{ secrets.MKDOCS_INSIDERS_SSH_KEY != '' }}
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          ref: ${{ inputs.ref }}
-          persist-credentials: true

-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@v5
        with:
          python-version: 3.12

      - name: "Set docs version"
-        env:
-          version: ${{ (inputs.plan != '' && fromJson(inputs.plan).announcement_tag) || inputs.ref }}
        run: |
-          # if version is missing, use 'latest'
-          if [ -z "$version" ]; then
-            echo "Using 'latest' as version"
-            version="latest"
+          version="${{ (inputs.plan != '' && fromJson(inputs.plan).announcement_tag) || inputs.ref }}"
+          # if version is missing, exit with error
+          if [[ -z "$version" ]]; then
+          echo "Can't build docs without a version."
+          exit 1
          fi

          # Use version as display name for now
          display_name="$version"

-          echo "version=$version" >> "$GITHUB_ENV"
-          echo "display_name=$display_name" >> "$GITHUB_ENV"
+          echo "version=$version" >> $GITHUB_ENV
+          echo "display_name=$display_name" >> $GITHUB_ENV

      - name: "Set branch name"
        run: |
+          version="${{ env.version }}"
+          display_name="${{ env.display_name }}"
          timestamp="$(date +%s)"

          # create branch_display_name from display_name by replacing all
          # characters disallowed in git branch names with hyphens
-          branch_display_name="$(echo "${display_name}" | tr -c '[:alnum:]._' '-' | tr -s '-')"
+          branch_display_name="$(echo "$display_name" | tr -c '[:alnum:]._' '-' | tr -s '-')"

-          echo "branch_name=update-docs-$branch_display_name-$timestamp" >> "$GITHUB_ENV"
-          echo "timestamp=$timestamp" >> "$GITHUB_ENV"
+          echo "branch_name=update-docs-$branch_display_name-$timestamp" >> $GITHUB_ENV
+          echo "timestamp=$timestamp" >> $GITHUB_ENV

      - name: "Add SSH key"
        if: ${{ env.MKDOCS_INSIDERS_SSH_KEY_EXISTS == 'true' }}
-        uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1
+        uses: webfactory/ssh-agent@v0.9.0
        with:
          ssh-private-key: ${{ secrets.MKDOCS_INSIDERS_SSH_KEY }}

      - name: "Install Rust toolchain"
        run: rustup show

-      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
+      - uses: Swatinem/rust-cache@v2

      - name: "Install Insiders dependencies"
        if: ${{ env.MKDOCS_INSIDERS_SSH_KEY_EXISTS == 'true' }}
@@ -92,7 +92,9 @@ jobs:
        run: mkdocs build --strict -f mkdocs.public.yml

      - name: "Clone docs repo"
-        run: git clone https://${{ secrets.ASTRAL_DOCS_PAT }}@github.com/astral-sh/docs.git astral-docs
+        run: |
+          version="${{ env.version }}"
+          git clone https://${{ secrets.ASTRAL_DOCS_PAT }}@github.com/astral-sh/docs.git astral-docs

      - name: "Copy docs"
        run: rm -rf astral-docs/site/ruff && mkdir -p astral-docs/site && cp -r site/ruff astral-docs/site/
@@ -100,10 +102,12 @@ jobs:
      - name: "Commit docs"
        working-directory: astral-docs
        run: |
+          branch_name="${{ env.branch_name }}"
+
          git config user.name "astral-docs-bot"
          git config user.email "176161322+astral-docs-bot@users.noreply.github.com"

-          git checkout -b "${branch_name}"
+          git checkout -b $branch_name
          git add site/ruff
          git commit -m "Update ruff documentation for $version"

@@ -112,8 +116,12 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.ASTRAL_DOCS_PAT }}
        run: |
+          version="${{ env.version }}"
+          display_name="${{ env.display_name }}"
+          branch_name="${{ env.branch_name }}"
+
          # set the PR title
-          pull_request_title="Update ruff documentation for ${display_name}"
+          pull_request_title="Update ruff documentation for $display_name"

          # Delete any existing pull requests that are open for this version
          # by checking against pull_request_title because the new PR will
@@ -122,15 +130,13 @@ jobs:
            xargs -I {} gh pr close {}

          # push the branch to GitHub
-          git push origin "${branch_name}"
+          git push origin $branch_name

          # create the PR
-          gh pr create \
-            --base=main \
-            --head="${branch_name}" \
-            --title="${pull_request_title}" \
-            --body="Automated documentation update for ${display_name}" \
-            --label="documentation"
+          gh pr create --base main --head $branch_name \
+            --title "$pull_request_title" \
+            --body "Automated documentation update for $display_name" \
+            --label "documentation"

      - name: "Merge Pull Request"
        if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
@@ -138,7 +144,8 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.ASTRAL_DOCS_PAT }}
        run: |
+          branch_name="${{ env.branch_name }}"
          # auto-merge the PR if the build was triggered by a release. Manual builds should be reviewed by a human.
          # give the PR a few seconds to be created before trying to auto-merge it
          sleep 10
-          gh pr merge --squash "${branch_name}"
+          gh pr merge --squash $branch_name
--- a/.github/workflows/publish-playground.yml
+++ b/.github/workflows/publish-playground.yml
@@ -24,31 +24,32 @@ jobs:
    env:
      CF_API_TOKEN_EXISTS: ${{ secrets.CF_API_TOKEN != '' }}
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
+      - uses: actions/checkout@v4
      - name: "Install Rust toolchain"
        run: rustup target add wasm32-unknown-unknown
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+      - uses: actions/setup-node@v4
        with:
-          node-version: 22
+          node-version: 18
          cache: "npm"
          cache-dependency-path: playground/package-lock.json
-      - uses: jetli/wasm-bindgen-action@20b33e20595891ab1a0ed73145d8a21fc96e7c29 # v0.2.0
+      - uses: jetli/wasm-pack-action@v0.4.0
+      - uses: jetli/wasm-bindgen-action@v0.2.0
+      - name: "Run wasm-pack"
+        run: wasm-pack build --target web --out-dir ../../playground/src/pkg crates/ruff_wasm
      - name: "Install Node dependencies"
        run: npm ci
        working-directory: playground
      - name: "Run TypeScript checks"
        run: npm run check
        working-directory: playground
-      - name: "Build Ruff playground"
-        run: npm run build --workspace ruff-playground
+      - name: "Build JavaScript bundle"
+        run: npm run build
        working-directory: playground
      - name: "Deploy to Cloudflare Pages"
        if: ${{ env.CF_API_TOKEN_EXISTS == 'true' }}
-        uses: cloudflare/wrangler-action@da0e0dfe58b7a431659754fdf3f186c529afbe65 # v3.14.1
+        uses: cloudflare/wrangler-action@v3.7.0
        with:
          apiToken: ${{ secrets.CF_API_TOKEN }}
          accountId: ${{ secrets.CF_ACCOUNT_ID }}
          # `github.head_ref` is only set during pull requests and for manual runs or tags we use `main` to deploy to production
-          command: pages deploy playground/ruff/dist --project-name=ruff-playground --branch ${{ github.head_ref || 'main' }} --commit-hash ${GITHUB_SHA}
+          command: pages deploy playground/dist --project-name=ruff-playground --branch ${{ github.head_ref || 'main' }} --commit-hash ${GITHUB_SHA}
--- a/.github/workflows/publish-pypi.yml
+++ b/.github/workflows/publish-pypi.yml
@@ -21,12 +21,14 @@ jobs:
      # For PyPI's trusted publishing.
      id-token: write
    steps:
-      - name: "Install uv"
-        uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # v6.0.1
-      - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+      - uses: actions/download-artifact@v4
        with:
          pattern: wheels-*
          path: wheels
          merge-multiple: true
      - name: Publish to PyPi
-        run: uv publish -v wheels/*
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          skip-existing: true
+          packages-dir: wheels
+          verbose: true
--- a/.github/workflows/publish-ty-playground.yml
+++ b/.github/workflows/publish-ty-playground.yml
@@ -1,58 +0,0 @@
-# Publish the ty playground.
-name: "[ty Playground] Release"
-
-permissions: {}
-
-on:
-  push:
-    branches: [main]
-    paths:
-      - "crates/ty*/**"
-      - "crates/ruff_db/**"
-      - "crates/ruff_python_ast/**"
-      - "crates/ruff_python_parser/**"
-      - "playground/**"
-      - ".github/workflows/publish-ty-playground.yml"
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref_name }}
-  cancel-in-progress: true
-
-env:
-  CARGO_INCREMENTAL: 0
-  CARGO_NET_RETRY: 10
-  CARGO_TERM_COLOR: always
-  RUSTUP_MAX_RETRIES: 10
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-    env:
-      CF_API_TOKEN_EXISTS: ${{ secrets.CF_API_TOKEN != '' }}
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-      - name: "Install Rust toolchain"
-        run: rustup target add wasm32-unknown-unknown
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
-        with:
-          node-version: 22
-      - uses: jetli/wasm-bindgen-action@20b33e20595891ab1a0ed73145d8a21fc96e7c29 # v0.2.0
-      - name: "Install Node dependencies"
-        run: npm ci
-        working-directory: playground
-      - name: "Run TypeScript checks"
-        run: npm run check
-        working-directory: playground
-      - name: "Build ty playground"
-        run: npm run build --workspace ty-playground
-        working-directory: playground
-      - name: "Deploy to Cloudflare Pages"
-        if: ${{ env.CF_API_TOKEN_EXISTS == 'true' }}
-        uses: cloudflare/wrangler-action@da0e0dfe58b7a431659754fdf3f186c529afbe65 # v3.14.1
-        with:
-          apiToken: ${{ secrets.CF_API_TOKEN }}
-          accountId: ${{ secrets.CF_ACCOUNT_ID }}
-          # `github.head_ref` is only set during pull requests and for manual runs or tags we use `main` to deploy to production
-          command: pages deploy playground/ty/dist --project-name=ty-playground --branch ${{ github.head_ref || 'main' }} --commit-hash ${GITHUB_SHA}
--- a/.github/workflows/publish-wasm.yml
+++ b/.github/workflows/publish-wasm.yml
@@ -29,15 +29,11 @@ jobs:
        target: [web, bundler, nodejs]
      fail-fast: false
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
+      - uses: actions/checkout@v4
      - name: "Install Rust toolchain"
        run: rustup target add wasm32-unknown-unknown
-      - uses: jetli/wasm-pack-action@0d096b08b4e5a7de8c28de67e11e945404e9eefa # v0.4.0
-        with:
-          version: v0.13.1
-      - uses: jetli/wasm-bindgen-action@20b33e20595891ab1a0ed73145d8a21fc96e7c29 # v0.2.0
+      - uses: jetli/wasm-pack-action@v0.4.0
+      - uses: jetli/wasm-bindgen-action@v0.2.0
      - name: "Run wasm-pack build"
        run: wasm-pack build --target ${{ matrix.target }} crates/ruff_wasm
      - name: "Rename generated package"
@@ -45,9 +41,9 @@ jobs:
          jq '.name="@astral-sh/ruff-wasm-${{ matrix.target }}"' crates/ruff_wasm/pkg/package.json > /tmp/package.json
          mv /tmp/package.json crates/ruff_wasm/pkg
      - run: cp LICENSE crates/ruff_wasm/pkg # wasm-pack does not put the LICENSE file in the pkg
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+      - uses: actions/setup-node@v4
        with:
-          node-version: 20
+          node-version: 18
          registry-url: "https://registry.npmjs.org"
      - name: "Publish (dry-run)"
        if: ${{ inputs.plan == '' || fromJson(inputs.plan).announcement_tag_is_implicit }}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,13 +1,10 @@
-# This file was autogenerated by dist: https://github.com/astral-sh/cargo-dist
-#
 # Copyright 2022-2024, axodotdev
-# Copyright 2025 Astral Software Inc.
 # SPDX-License-Identifier: MIT or Apache-2.0
 #
 # CI that:
 #
 # * checks for a Git Tag that looks like a release
-# * builds artifacts with dist (archives, installers, hashes)
+# * builds artifacts with cargo-dist (archives, installers, hashes)
 # * uploads those artifacts to temporary workflow zip
 # * on success, uploads the artifacts to a GitHub Release
 #
@@ -25,10 +22,10 @@ permissions:
 # must be a Cargo-style SemVer Version (must have at least major.minor.patch).
 #
 # If PACKAGE_NAME is specified, then the announcement will be for that
-# package (erroring out if it doesn't have the given version or isn't dist-able).
+# package (erroring out if it doesn't have the given version or isn't cargo-dist-able).
 #
 # If PACKAGE_NAME isn't specified, then the announcement will be for all
-# (dist-able) packages in the workspace with that version (this mode is
+# (cargo-dist-able) packages in the workspace with that version (this mode is
 # intended for workspaces with only one dist-able package, or with all dist-able
 # packages versioned/released in lockstep).
 #
@@ -40,7 +37,6 @@ permissions:
 # If there's a prerelease-style suffix to the version, then the release(s)
 # will be marked as a prerelease.
 on:
-  pull_request:
  workflow_dispatch:
    inputs:
      tag:
@@ -50,9 +46,9 @@ on:
        type: string

 jobs:
-  # Run 'dist plan' (or host) to determine what tasks we need to do
+  # Run 'cargo dist plan' (or host) to determine what tasks we need to do
  plan:
-    runs-on: "depot-ubuntu-latest-4"
+    runs-on: "ubuntu-20.04"
    outputs:
      val: ${{ steps.plan.outputs.manifest }}
      tag: ${{ (inputs.tag != 'dry-run' && inputs.tag) || '' }}
@@ -61,20 +57,19 @@ jobs:
    env:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    steps:
-      - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2
+      - uses: actions/checkout@v4
        with:
-          persist-credentials: false
          submodules: recursive
-      - name: Install dist
+      - name: Install cargo-dist
        # we specify bash to get pipefail; it guards against the `curl` command
        # failing. otherwise `sh` won't catch that `curl` returned non-0
        shell: bash
-        run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/cargo-dist/releases/download/v0.28.5-prerelease.1/cargo-dist-installer.sh | sh"
-      - name: Cache dist
-        uses: actions/upload-artifact@6027e3dd177782cd8ab9af838c04fd81a07f1d47
+        run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.18.0/cargo-dist-installer.sh | sh"
+      - name: Cache cargo-dist
+        uses: actions/upload-artifact@v4
        with:
          name: cargo-dist-cache
-          path: ~/.cargo/bin/dist
+          path: ~/.cargo/bin/cargo-dist
      # sure would be cool if github gave us proper conditionals...
      # so here's a doubly-nested ternary-via-truthiness to try to provide the best possible
      # functionality based on whether this is a pull_request, and whether it's from a fork.
@@ -82,12 +77,12 @@ jobs:
      # but also really annoying to build CI around when it needs secrets to work right.)
      - id: plan
        run: |
-          dist ${{ (inputs.tag && inputs.tag != 'dry-run' && format('host --steps=create --tag={0}', inputs.tag)) || 'plan' }} --output-format=json > plan-dist-manifest.json
-          echo "dist ran successfully"
+          cargo dist ${{ (inputs.tag && inputs.tag != 'dry-run' && format('host --steps=create --tag={0}', inputs.tag)) || 'plan' }} --output-format=json > plan-dist-manifest.json
+          echo "cargo dist ran successfully"
          cat plan-dist-manifest.json
          echo "manifest=$(jq -c "." plan-dist-manifest.json)" >> "$GITHUB_OUTPUT"
      - name: "Upload dist-manifest.json"
-        uses: actions/upload-artifact@6027e3dd177782cd8ab9af838c04fd81a07f1d47
+        uses: actions/upload-artifact@v4
        with:
          name: artifacts-plan-dist-manifest
          path: plan-dist-manifest.json
@@ -119,24 +114,23 @@ jobs:
      - plan
      - custom-build-binaries
      - custom-build-docker
-    runs-on: "depot-ubuntu-latest-4"
+    runs-on: "ubuntu-20.04"
    env:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      BUILD_MANIFEST_NAME: target/distrib/global-dist-manifest.json
    steps:
-      - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2
+      - uses: actions/checkout@v4
        with:
-          persist-credentials: false
          submodules: recursive
-      - name: Install cached dist
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
+      - name: Install cached cargo-dist
+        uses: actions/download-artifact@v4
        with:
          name: cargo-dist-cache
          path: ~/.cargo/bin/
-      - run: chmod +x ~/.cargo/bin/dist
+      - run: chmod +x ~/.cargo/bin/cargo-dist
      # Get all the local artifacts for the global tasks to use (for e.g. checksums)
      - name: Fetch local artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
+        uses: actions/download-artifact@v4
        with:
          pattern: artifacts-*
          path: target/distrib/
@@ -144,8 +138,8 @@ jobs:
      - id: cargo-dist
        shell: bash
        run: |
-          dist build ${{ needs.plan.outputs.tag-flag }} --output-format=json "--artifacts=global" > dist-manifest.json
-          echo "dist ran successfully"
+          cargo dist build ${{ needs.plan.outputs.tag-flag }} --output-format=json "--artifacts=global" > dist-manifest.json
+          echo "cargo dist ran successfully"

          # Parse out what we just built and upload it to scratch storage
          echo "paths<<EOF" >> "$GITHUB_OUTPUT"
@@ -154,7 +148,7 @@ jobs:

          cp dist-manifest.json "$BUILD_MANIFEST_NAME"
      - name: "Upload artifacts"
-        uses: actions/upload-artifact@6027e3dd177782cd8ab9af838c04fd81a07f1d47
+        uses: actions/upload-artifact@v4
        with:
          name: artifacts-build-global
          path: |
@@ -171,23 +165,22 @@ jobs:
    if: ${{ always() && needs.plan.outputs.publishing == 'true' && (needs.build-global-artifacts.result == 'skipped' || needs.build-global-artifacts.result == 'success') && (needs.custom-build-binaries.result == 'skipped' || needs.custom-build-binaries.result == 'success') && (needs.custom-build-docker.result == 'skipped' || needs.custom-build-docker.result == 'success') }}
    env:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    runs-on: "depot-ubuntu-latest-4"
+    runs-on: "ubuntu-20.04"
    outputs:
      val: ${{ steps.host.outputs.manifest }}
    steps:
-      - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2
+      - uses: actions/checkout@v4
        with:
-          persist-credentials: false
          submodules: recursive
-      - name: Install cached dist
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
+      - name: Install cached cargo-dist
+        uses: actions/download-artifact@v4
        with:
          name: cargo-dist-cache
          path: ~/.cargo/bin/
-      - run: chmod +x ~/.cargo/bin/dist
+      - run: chmod +x ~/.cargo/bin/cargo-dist
      # Fetch artifacts from scratch-storage
      - name: Fetch artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
+        uses: actions/download-artifact@v4
        with:
          pattern: artifacts-*
          path: target/distrib/
@@ -196,12 +189,12 @@ jobs:
      - id: host
        shell: bash
        run: |
-          dist host ${{ needs.plan.outputs.tag-flag }} --steps=upload --steps=release --output-format=json > dist-manifest.json
+          cargo dist host ${{ needs.plan.outputs.tag-flag }} --steps=upload --steps=release --output-format=json > dist-manifest.json
          echo "artifacts uploaded and released successfully"
          cat dist-manifest.json
          echo "manifest=$(jq -c "." dist-manifest.json)" >> "$GITHUB_OUTPUT"
      - name: "Upload dist-manifest.json"
-        uses: actions/upload-artifact@6027e3dd177782cd8ab9af838c04fd81a07f1d47
+        uses: actions/upload-artifact@v4
        with:
          # Overwrite the previous copy
          name: artifacts-dist-manifest
@@ -247,17 +240,16 @@ jobs:
    # still allowing individual publish jobs to skip themselves (for prereleases).
    # "host" however must run to completion, no skipping allowed!
    if: ${{ always() && needs.host.result == 'success' && (needs.custom-publish-pypi.result == 'skipped' || needs.custom-publish-pypi.result == 'success') && (needs.custom-publish-wasm.result == 'skipped' || needs.custom-publish-wasm.result == 'success') }}
-    runs-on: "depot-ubuntu-latest-4"
+    runs-on: "ubuntu-20.04"
    env:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    steps:
-      - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2
+      - uses: actions/checkout@v4
        with:
-          persist-credentials: false
          submodules: recursive
      # Create a GitHub Release while uploading all files to it
      - name: "Download GitHub Artifacts"
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
+        uses: actions/download-artifact@v4
        with:
          pattern: artifacts-*
          path: artifacts
--- a/.github/workflows/sync_typeshed.yaml
+++ b/.github/workflows/sync_typeshed.yaml
@@ -21,17 +21,15 @@ jobs:
      contents: write
      pull-requests: write
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        name: Checkout Ruff
        with:
          path: ruff
-          persist-credentials: true
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        name: Checkout typeshed
        with:
          repository: python/typeshed
          path: typeshed
-          persist-credentials: false
      - name: Setup git
        run: |
          git config --global user.name typeshedbot
@@ -39,13 +37,13 @@ jobs:
      - name: Sync typeshed
        id: sync
        run: |
-          rm -rf ruff/crates/ty_vendored/vendor/typeshed
-          mkdir ruff/crates/ty_vendored/vendor/typeshed
-          cp typeshed/README.md ruff/crates/ty_vendored/vendor/typeshed
-          cp typeshed/LICENSE ruff/crates/ty_vendored/vendor/typeshed
-          cp -r typeshed/stdlib ruff/crates/ty_vendored/vendor/typeshed/stdlib
-          rm -rf ruff/crates/ty_vendored/vendor/typeshed/stdlib/@tests
-          git -C typeshed rev-parse HEAD > ruff/crates/ty_vendored/vendor/typeshed/source_commit.txt
+          rm -rf ruff/crates/red_knot_module_resolver/vendor/typeshed
+          mkdir ruff/crates/red_knot_module_resolver/vendor/typeshed
+          cp typeshed/README.md ruff/crates/red_knot_module_resolver/vendor/typeshed
+          cp typeshed/LICENSE ruff/crates/red_knot_module_resolver/vendor/typeshed
+          cp -r typeshed/stdlib ruff/crates/red_knot_module_resolver/vendor/typeshed/stdlib
+          rm -rf ruff/crates/red_knot_module_resolver/vendor/typeshed/stdlib/@tests
+          git -C typeshed rev-parse HEAD > ruff/crates/red_knot_module_resolver/vendor/typeshed/source_commit.txt
      - name: Commit the changes
        id: commit
        if: ${{ steps.sync.outcome == 'success' }}
@@ -59,7 +57,7 @@ jobs:
        run: |
          cd ruff
          git push --force origin typeshedbot/sync-typeshed
-          gh pr list --repo "$GITHUB_REPOSITORY" --head typeshedbot/sync-typeshed --json id --jq length | grep 1 && exit 0 # exit if there is existing pr
+          gh pr list --repo $GITHUB_REPOSITORY --head typeshedbot/sync-typeshed --json id --jq length | grep 1 && exit 0 # exit if there is existing pr
          gh pr create --title "Sync vendored typeshed stubs" --body "Close and reopen this PR to trigger CI" --label "internal"

  create-issue-on-failure:
@@ -70,7 +68,7 @@ jobs:
    permissions:
      issues: write
    steps:
-      - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+      - uses: actions/github-script@v7
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
@@ -78,6 +76,5 @@ jobs:
              owner: "astral-sh",
              repo: "ruff",
              title: `Automated typeshed sync failed on ${new Date().toDateString()}`,
-              body: "Run listed here: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}",
-              labels: ["bug", "ty"],
+              body: "Runs are listed here: https://github.com/astral-sh/ruff/actions/workflows/sync_typeshed.yaml",
            })
--- a/.github/zizmor.yml
+++ b/.github/zizmor.yml
@@ -1,19 +0,0 @@
-# Configuration for the zizmor static analysis tool, run via pre-commit in CI
-# https://woodruffw.github.io/zizmor/configuration/
-#
-# TODO: can we remove the ignores here so that our workflows are more secure?
-rules:
-  dangerous-triggers:
-    ignore:
-      - pr-comment.yaml
-  cache-poisoning:
-    ignore:
-      - build-docker.yml
-      - publish-playground.yml
-  excessive-permissions:
-    # it's hard to test what the impact of removing these ignores would be
-    # without actually running the release workflow...
-    ignore:
-      - build-docker.yml
-      - publish-playground.yml
-      - publish-docs.yml
--- a/.gitignore
+++ b/.gitignore
@@ -21,18 +21,6 @@ flamegraph.svg
 # `CARGO_TARGET_DIR=target-llvm-lines RUSTFLAGS="-Csymbol-mangling-version=v0" cargo llvm-lines -p ruff --lib`
 /target*

-# samply profiles
-profile.json
-
-# tracing-flame traces
-tracing.folded
-tracing-flamechart.svg
-tracing-flamegraph.svg
-
-# insta
-*.rs.pending-snap
-
-
 ###
 # Rust.gitignore
 ###
--- a/.ignore
+++ b/.ignore
@@ -1 +0,0 @@
-!/.github/
--- a/.markdownlint.yaml
+++ b/.markdownlint.yaml
@@ -14,22 +14,7 @@ MD041: false
 # MD013/line-length
 MD013: false

-# MD014/commands-show-output
-MD014: false
-
 # MD024/no-duplicate-heading
 MD024:
  # Allow when nested under different parents e.g. CHANGELOG.md
  siblings_only: true
-
-# MD046/code-block-style
-#
-# Ignore this because it conflicts with the code block style used in content
-# tabs of mkdocs-material which is to add a blank line after the content title.
-#
-# Ref: https://github.com/astral-sh/ruff/pull/15011#issuecomment-2544790854
-MD046: false
-
-# Link text should be descriptive
-# Disallows link text like *here* which is annoying.
-MD059: false
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,41 +1,31 @@
-fail_fast: false
+fail_fast: true

 exclude: |
  (?x)^(
-    .github/workflows/release.yml|
-    crates/ty_vendored/vendor/.*|
-    crates/ty_project/resources/.*|
-    crates/ty/docs/(configuration|rules|cli).md|
-    crates/ruff_benchmark/resources/.*|
+    crates/red_knot_module_resolver/vendor/.*|
    crates/ruff_linter/resources/.*|
    crates/ruff_linter/src/rules/.*/snapshots/.*|
-    crates/ruff_notebook/resources/.*|
-    crates/ruff_server/resources/.*|
    crates/ruff/resources/.*|
    crates/ruff_python_formatter/resources/.*|
    crates/ruff_python_formatter/tests/snapshots/.*|
    crates/ruff_python_resolver/resources/.*|
-    crates/ruff_python_resolver/tests/snapshots/.*
+    crates/ruff_python_resolver/tests/snapshots/.*|
+    crates/red_knot_workspace/resources/.*
  )$

 repos:
-  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v5.0.0
-    hooks:
-      - id: check-merge-conflict
-
  - repo: https://github.com/abravalheri/validate-pyproject
-    rev: v0.24.1
+    rev: v0.18
    hooks:
      - id: validate-pyproject

  - repo: https://github.com/executablebooks/mdformat
-    rev: 0.7.22
+    rev: 0.7.17
    hooks:
      - id: mdformat
        additional_dependencies:
-          - mdformat-mkdocs==4.0.0
-          - mdformat-footnote==0.1.1
+          - mdformat-mkdocs
+          - mdformat-admon
        exclude: |
          (?x)^(
            docs/formatter/black\.md
@@ -43,7 +33,7 @@ repos:
          )$

  - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.45.0
+    rev: v0.41.0
    hooks:
      - id: markdownlint-fix
        exclude: |
@@ -52,21 +42,8 @@ repos:
            | docs/\w+\.md
          )$

-  - repo: https://github.com/adamchainz/blacken-docs
-    rev: 1.19.1
-    hooks:
-      - id: blacken-docs
-        args: ["--pyi", "--line-length", "130"]
-        files: '^crates/.*/resources/mdtest/.*\.md'
-        exclude: |
-          (?x)^(
-            .*?invalid(_.+)*_syntax\.md
-          )$
-        additional_dependencies:
-          - black==25.1.0
-
  - repo: https://github.com/crate-ci/typos
-    rev: v1.32.0
+    rev: v1.23.6
    hooks:
      - id: typos

@@ -80,7 +57,7 @@ repos:
        pass_filenames: false # This makes it a lot faster

  - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.11.10
+    rev: v0.5.6
    hooks:
      - id: ruff-format
      - id: ruff
@@ -89,43 +66,11 @@ repos:
        require_serial: true

  # Prettier
-  - repo: https://github.com/rbubley/mirrors-prettier
-    rev: v3.5.3
+  - repo: https://github.com/pre-commit/mirrors-prettier
+    rev: v3.1.0
    hooks:
      - id: prettier
        types: [yaml]

-  # zizmor detects security vulnerabilities in GitHub Actions workflows.
-  # Additional configuration for the tool is found in `.github/zizmor.yml`
-  - repo: https://github.com/woodruffw/zizmor-pre-commit
-    rev: v1.7.0
-    hooks:
-      - id: zizmor
-
-  - repo: https://github.com/python-jsonschema/check-jsonschema
-    rev: 0.33.0
-    hooks:
-      - id: check-github-workflows
-
-  # `actionlint` hook, for verifying correct syntax in GitHub Actions workflows.
-  # Some additional configuration for `actionlint` can be found in `.github/actionlint.yaml`.
-  - repo: https://github.com/rhysd/actionlint
-    rev: v1.7.7
-    hooks:
-      - id: actionlint
-        stages:
-          # This hook is disabled by default, since it's quite slow.
-          # To run all hooks *including* this hook, use `uvx pre-commit run -a --hook-stage=manual`.
-          # To run *just* this hook, use `uvx pre-commit run -a actionlint --hook-stage=manual`.
-          - manual
-        args:
-          - "-ignore=SC2129" # ignorable stylistic lint from shellcheck
-          - "-ignore=SC2016" # another shellcheck lint: seems to have false positives?
-        additional_dependencies:
-          # actionlint has a shellcheck integration which extracts shell scripts in `run:` steps from GitHub Actions
-          # and checks these with shellcheck. This is arguably its most useful feature,
-          # but the integration only works if shellcheck is installed
-          - "github.com/wasilibs/go-shellcheck/cmd/shellcheck@v0.10.0"
-
 ci:
  skip: [cargo-fmt, dev-generate-all]
--- a/BREAKING_CHANGES.md
+++ b/BREAKING_CHANGES.md
@@ -1,135 +1,5 @@
 # Breaking Changes

-## 0.11.0
-
-This is a follow-up to release 0.10.0. Because of a mistake in the release process, the `requires-python` inference changes were not included in that release. Ruff 0.11.0 now includes this change as well as the stabilization of the preview behavior for `PGH004`.
-
- **Changes to how the Python version is inferred when a `target-version` is not specified** ([#16319](https://github.com/astral-sh/ruff/pull/16319))
-
-    In previous versions of Ruff, you could specify your Python version with:
-
-    - The `target-version` option in a `ruff.toml` file or the `[tool.ruff]` section of a pyproject.toml file.
-    - The `project.requires-python` field in a `pyproject.toml` file with a `[tool.ruff]` section.
-
-    These options worked well in most cases, and are still recommended for fine control of the Python version. However, because of the way Ruff discovers config files, `pyproject.toml` files without a `[tool.ruff]` section would be ignored, including the `requires-python` setting. Ruff would then use the default Python version (3.9 as of this writing) instead, which is surprising when you've attempted to request another version.
-
-    In v0.10, config discovery has been updated to address this issue:
-
-    - If Ruff finds a `ruff.toml` file without a `target-version`, it will check
-        for a `pyproject.toml` file in the same directory and respect its
-        `requires-python` version, even if it does not contain a `[tool.ruff]`
-        section.
-    - If Ruff finds a user-level configuration, the `requires-python` field of the closest `pyproject.toml` in a parent directory will take precedence.
-    - If there is no config file (`ruff.toml`or `pyproject.toml` with a
-        `[tool.ruff]` section) in the directory of the file being checked, Ruff will
-        search for the closest `pyproject.toml` in the parent directories and use its
-        `requires-python` setting.
-
-## 0.10.0
-
- **Changes to how the Python version is inferred when a `target-version` is not specified** ([#16319](https://github.com/astral-sh/ruff/pull/16319))
-
-    Because of a mistake in the release process, the `requires-python` inference changes are not included in this release and instead shipped as part of 0.11.0.
-    You can find a description of this change in the 0.11.0 section.
-
- **Updated `TYPE_CHECKING` behavior** ([#16669](https://github.com/astral-sh/ruff/pull/16669))
-
-    Previously, Ruff only recognized typechecking blocks that tested the `typing.TYPE_CHECKING` symbol. Now, Ruff recognizes any local variable named `TYPE_CHECKING`. This release also removes support for the legacy `if 0:` and `if False:` typechecking checks. Use a local `TYPE_CHECKING` variable instead.
-
- **More robust noqa parsing** ([#16483](https://github.com/astral-sh/ruff/pull/16483))
-
-    The syntax for both file-level and in-line suppression comments has been unified and made more robust to certain errors. In most cases, this will result in more suppression comments being read by Ruff, but there are a few instances where previously read comments will now log an error to the user instead. Please refer to the documentation on [_Error suppression_](https://docs.astral.sh/ruff/linter/#error-suppression) for the full specification.
-
- **Avoid unnecessary parentheses around with statements with a single context manager and a trailing comment** ([#14005](https://github.com/astral-sh/ruff/pull/14005))
-
-    This change fixes a bug in the formatter where it introduced unnecessary parentheses around with statements with a single context manager and a trailing comment. This change may result in a change in formatting for some users.
-
- **Bump alpine default tag to 3.21 for derived Docker images** ([#16456](https://github.com/astral-sh/ruff/pull/16456))
-
-    Alpine 3.21 was released in Dec 2024 and is used in the official Alpine-based Python images. Now the ruff:alpine image will use 3.21 instead of 3.20 and ruff:alpine3.20 will no longer be updated.
-
- **\[`unsafe-markup-use`\]: `RUF035` has been recoded to `S704`** ([#15957](https://github.com/astral-sh/ruff/pull/15957))
-
-## 0.9.0
-
-Ruff now formats your code according to the 2025 style guide. As a result, your code might now get formatted differently. See the [changelog](./CHANGELOG.md#090) for a detailed list of changes.
-
-## 0.8.0
-
- **Default to Python 3.9**
-
-    Ruff now defaults to Python 3.9 instead of 3.8 if no explicit Python version is configured using [`ruff.target-version`](https://docs.astral.sh/ruff/settings/#target-version) or [`project.requires-python`](https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#python-requires) ([#13896](https://github.com/astral-sh/ruff/pull/13896))
-
- **Changed location of `pydoclint` diagnostics**
-
-    [`pydoclint`](https://docs.astral.sh/ruff/rules/#pydoclint-doc) diagnostics now point to the first-line of the problematic docstring. Previously, this was not the case.
-
-    If you've opted into these preview rules but have them suppressed using
-    [`noqa`](https://docs.astral.sh/ruff/linter/#error-suppression) comments in
-    some places, this change may mean that you need to move the `noqa` suppression
-    comments. Most users should be unaffected by this change.
-
- **Use XDG (i.e. `~/.local/bin`) instead of the Cargo home directory in the standalone installer**
-
-    Previously, Ruff's installer used `$CARGO_HOME` or `~/.cargo/bin` for its target install directory. Now, Ruff will be installed into `$XDG_BIN_HOME`, `$XDG_DATA_HOME/../bin`, or `~/.local/bin` (in that order).
-
-    This change is only relevant to users of the standalone Ruff installer (using the shell or PowerShell script). If you installed Ruff using uv or pip, you should be unaffected.
-
- **Changes to the line width calculation**
-
-    Ruff now uses a new version of the [unicode-width](https://github.com/unicode-rs/unicode-width) Rust crate to calculate the line width. In very rare cases, this may lead to lines containing Unicode characters being reformatted, or being considered too long when they were not before ([`E501`](https://docs.astral.sh/ruff/rules/line-too-long/)).
-
-## 0.7.0
-
- The pytest rules `PT001` and `PT023` now default to omitting the decorator parentheses when there are no arguments
-    ([#12838](https://github.com/astral-sh/ruff/pull/12838), [#13292](https://github.com/astral-sh/ruff/pull/13292)).
-    This was a change that we attempted to make in Ruff v0.6.0, but only partially made due to an error on our part.
-    See the [blog post](https://astral.sh/blog/ruff-v0.7.0) for more details.
- The `useless-try-except` rule (in our `tryceratops` category) has been recoded from `TRY302` to
-    `TRY203` ([#13502](https://github.com/astral-sh/ruff/pull/13502)). This ensures Ruff's code is consistent with
-    the same rule in the [`tryceratops`](https://github.com/guilatrova/tryceratops) linter.
- The `lint.allow-unused-imports` setting has been removed ([#13677](https://github.com/astral-sh/ruff/pull/13677)). Use
-    [`lint.pyflakes.allow-unused-imports`](https://docs.astral.sh/ruff/settings/#lint_pyflakes_allowed-unused-imports)
-    instead.
-
-## 0.6.0
-
- Detect imports in `src` layouts by default for `isort` rules ([#12848](https://github.com/astral-sh/ruff/pull/12848))
-
- The pytest rules `PT001` and `PT023` now default to omitting the decorator parentheses when there are no arguments ([#12838](https://github.com/astral-sh/ruff/pull/12838)).
-
- Lint and format Jupyter Notebook by default ([#12878](https://github.com/astral-sh/ruff/pull/12878)).
-
-    You can disable specific rules for notebooks using [`per-file-ignores`](https://docs.astral.sh/ruff/settings/#lint_per-file-ignores):
-
-    ```toml
-    [tool.ruff.lint.per-file-ignores]
-    "*.ipynb" = ["E501"] # disable line-too-long in notebooks
-    ```
-
-    If you'd prefer to either only lint or only format Jupyter Notebook files, you can use the
-    section-specific `exclude` option to do so. For example, the following would only lint Jupyter
-    Notebook files and not format them:
-
-    ```toml
-    [tool.ruff.format]
-    exclude = ["*.ipynb"]
-    ```
-
-    And, conversely, the following would only format Jupyter Notebook files and not lint them:
-
-    ```toml
-    [tool.ruff.lint]
-    exclude = ["*.ipynb"]
-    ```
-
-    You can completely disable Jupyter Notebook support by updating the [`extend-exclude`](https://docs.astral.sh/ruff/settings/#extend-exclude) setting:
-
-    ```toml
-    [tool.ruff]
-    extend-exclude = ["*.ipynb"]
-    ```
-
 ## 0.5.0

 - Follow the XDG specification to discover user-level configurations on macOS (same as on other Unix platforms)
@@ -246,7 +116,7 @@ flag or `unsafe-fixes` configuration option can be used to enable unsafe fixes.

 See the [docs](https://docs.astral.sh/ruff/configuration/#fix-safety) for details.

-### Remove formatter-conflicting rules from the default rule set ([#7900](https://github.com/astral-sh/ruff/pull/7900))
+### Remove formatter-conflicting rules from the default rule set  ([#7900](https://github.com/astral-sh/ruff/pull/7900))

 Previously, Ruff enabled all implemented rules in Pycodestyle (`E`) by default. Ruff now only includes the
 Pycodestyle prefixes `E4`, `E7`, and `E9` to exclude rules that conflict with automatic formatters. Consequently,
@@ -259,8 +129,8 @@ This change only affects those using Ruff under its default rule set. Users that

 ### Remove support for emoji identifiers ([#7212](https://github.com/astral-sh/ruff/pull/7212))

-Previously, Ruff supported non-standards-compliant emoji identifiers such as `📦 = 1`.
-We decided to remove this non-standard language extension. Ruff now reports syntax errors for invalid emoji identifiers in your code, the same as CPython.
+Previously, Ruff supported the non-standard compliant emoji identifiers e.g. `📦 = 1`.
+We decided to remove this non-standard language extension, and Ruff now reports syntax errors for emoji identifiers in your code, the same as CPython.

 ### Improved GitLab fingerprints ([#7203](https://github.com/astral-sh/ruff/pull/7203))

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -71,7 +71,8 @@ representative at an online or offline event.
 ## Enforcement

 Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported to the community leaders responsible for enforcement at <hey@astral.sh>.
+reported to the community leaders responsible for enforcement at
+<charlie.r.marsh@gmail.com>.
 All complaints will be reviewed and investigated promptly and fairly.

 All community leaders are obligated to respect the privacy and security of the
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -2,10 +2,34 @@

 Welcome! We're happy to have you here. Thank you in advance for your contribution to Ruff.

-> [!NOTE]
->
-> This guide is for Ruff. If you're looking to contribute to ty, please see [the ty contributing
-> guide](https://github.com/astral-sh/ruff/blob/main/crates/ty/CONTRIBUTING.md).
+- [The Basics](#the-basics)
+    - [Prerequisites](#prerequisites)
+    - [Development](#development)
+    - [Project Structure](#project-structure)
+    - [Example: Adding a new lint rule](#example-adding-a-new-lint-rule)
+        - [Rule naming convention](#rule-naming-convention)
+        - [Rule testing: fixtures and snapshots](#rule-testing-fixtures-and-snapshots)
+    - [Example: Adding a new configuration option](#example-adding-a-new-configuration-option)
+- [MkDocs](#mkdocs)
+- [Release Process](#release-process)
+    - [Creating a new release](#creating-a-new-release)
+- [Ecosystem CI](#ecosystem-ci)
+- [Benchmarking and Profiling](#benchmarking-and-profiling)
+    - [CPython Benchmark](#cpython-benchmark)
+    - [Microbenchmarks](#microbenchmarks)
+        - [Benchmark-driven Development](#benchmark-driven-development)
+        - [PR Summary](#pr-summary)
+        - [Tips](#tips)
+    - [Profiling Projects](#profiling-projects)
+        - [Linux](#linux)
+        - [Mac](#mac)
+- [`cargo dev`](#cargo-dev)
+- [Subsystems](#subsystems)
+    - [Compilation Pipeline](#compilation-pipeline)
+    - [Import Categorization](#import-categorization)
+        - [Project root](#project-root)
+        - [Package root](#package-root)
+        - [Import categorization](#import-categorization-1)

 ## The Basics

@@ -34,14 +58,16 @@ You'll also need [Insta](https://insta.rs/docs/) to update snapshot tests:
 cargo install cargo-insta
 ```

-You'll need [uv](https://docs.astral.sh/uv/getting-started/installation/) (or `pipx` and `pip`) to
-run Python utility commands.
+And you'll need pre-commit to run some validation checks:
+
+```shell
+pipx install pre-commit  # or `pip install pre-commit` if you have a virtualenv
+```

 You can optionally install pre-commit hooks to automatically run the validation checks
 when making a commit:

 ```shell
-uv tool install pre-commit
 pre-commit install
 ```

@@ -69,7 +95,7 @@ and that it passes both the lint and test validation checks:
 ```shell
 cargo clippy --workspace --all-targets --all-features -- -D warnings  # Rust linting
 RUFF_UPDATE_SCHEMA=1 cargo test  # Rust testing and updating ruff.schema.json
-uvx pre-commit run --all-files --show-diff-on-failure  # Rust and Python formatting, Markdown and Python linting, etc.
+pre-commit run --all-files --show-diff-on-failure  # Rust and Python formatting, Markdown and Python linting, etc.
 ```

 These checks will run on GitHub Actions when you open your pull request, but running them locally
@@ -144,7 +170,7 @@ At a high level, the steps involved in adding a new lint rule are as follows:
 1. Create a file for your rule (e.g., `crates/ruff_linter/src/rules/flake8_bugbear/rules/assert_false.rs`).

 1. In that file, define a violation struct (e.g., `pub struct AssertFalse`). You can grep for
-    `#[derive(ViolationMetadata)]` to see examples.
+    `#[violation]` to see examples.

 1. In that file, define a function that adds the violation to the diagnostic list as appropriate
    (e.g., `pub(crate) fn assert_false`) based on whatever inputs are required for the rule (e.g.,
@@ -270,20 +296,26 @@ To preview any changes to the documentation locally:

 1. Install the [Rust toolchain](https://www.rust-lang.org/tools/install).

+1. Install MkDocs and Material for MkDocs with:
+
+    ```shell
+    pip install -r docs/requirements.txt
+    ```
+
 1. Generate the MkDocs site with:

    ```shell
-    uv run --no-project --isolated --with-requirements docs/requirements.txt scripts/generate_mkdocs.py
+    python scripts/generate_mkdocs.py
    ```

 1. Run the development server with:

    ```shell
    # For contributors.
-    uvx --with-requirements docs/requirements.txt -- mkdocs serve -f mkdocs.public.yml
+    mkdocs serve -f mkdocs.public.yml

    # For members of the Astral org, which has access to MkDocs Insiders via sponsorship.
-    uvx --with-requirements docs/requirements-insiders.txt -- mkdocs serve -f mkdocs.insiders.yml
+    mkdocs serve -f mkdocs.insiders.yml
    ```

 The documentation should then be available locally at
@@ -301,34 +333,22 @@ even patch releases may contain [non-backwards-compatible changes](https://semve
 ### Creating a new release

 1. Install `uv`: `curl -LsSf https://astral.sh/uv/install.sh | sh`
-
 1. Run `./scripts/release.sh`; this command will:
-
    - Generate a temporary virtual environment with `rooster`
    - Generate a changelog entry in `CHANGELOG.md`
    - Update versions in `pyproject.toml` and `Cargo.toml`
    - Update references to versions in the `README.md` and documentation
    - Display contributors for the release
-
 1. The changelog should then be editorialized for consistency
-
    - Often labels will be missing from pull requests they will need to be manually organized into the proper section
    - Changes should be edited to be user-facing descriptions, avoiding internal details
-
 1. Highlight any breaking changes in `BREAKING_CHANGES.md`
-
 1. Run `cargo check`. This should update the lock file with new versions.
-
 1. Create a pull request with the changelog and version updates
-
 1. Merge the PR
-
 1. Run the [release workflow](https://github.com/astral-sh/ruff/actions/workflows/release.yml) with:
-
    - The new version number (without starting `v`)
-
 1. The release workflow will do the following:
-
    1. Build all the assets. If this fails (even though we tested in step 4), we haven't tagged or
        uploaded anything, you can restart after pushing a fix. If you just need to rerun the build,
        make sure you're [re-running all the failed
@@ -339,25 +359,14 @@ even patch releases may contain [non-backwards-compatible changes](https://semve
    1. Attach artifacts to draft GitHub release
    1. Trigger downstream repositories. This can fail non-catastrophically, as we can run any
        downstream jobs manually if needed.
-
 1. Verify the GitHub release:
-
    1. The Changelog should match the content of `CHANGELOG.md`
-    1. Append the contributors from the `scripts/release.sh` script
-
+    1. Append the contributors from the `bump.sh` script
 1. If needed, [update the schemastore](https://github.com/astral-sh/ruff/blob/main/scripts/update_schemastore.py).
-
    1. One can determine if an update is needed when
        `git diff old-version-tag new-version-tag -- ruff.schema.json` returns a non-empty diff.
    1. Once run successfully, you should follow the link in the output to create a PR.
-
-1. If needed, update the [`ruff-lsp`](https://github.com/astral-sh/ruff-lsp) and
-    [`ruff-vscode`](https://github.com/astral-sh/ruff-vscode) repositories and follow
-    the release instructions in those repositories. `ruff-lsp` should always be updated
-    before `ruff-vscode`.
-
-    This step is generally not required for a patch release, but should always be done
-    for a minor release.
+1. If needed, update the `ruff-lsp` and `ruff-vscode` repositories.

 ## Ecosystem CI

@@ -365,21 +374,13 @@ GitHub Actions will run your changes against a number of real-world projects fro
 report on any linter or formatter differences. You can also run those checks locally via:

 ```shell
-uvx --from ./python/ruff-ecosystem ruff-ecosystem check ruff "./target/debug/ruff"
-uvx --from ./python/ruff-ecosystem ruff-ecosystem format ruff "./target/debug/ruff"
+pip install -e ./python/ruff-ecosystem
+ruff-ecosystem check ruff "./target/debug/ruff"
+ruff-ecosystem format ruff "./target/debug/ruff"
 ```

 See the [ruff-ecosystem package](https://github.com/astral-sh/ruff/tree/main/python/ruff-ecosystem) for more details.

-## Upgrading Rust
-
-1. Change the `channel` in `./rust-toolchain.toml` to the new Rust version (`<latest>`)
-1. Change the `rust-version` in the `./Cargo.toml` to `<latest> - 2` (e.g. 1.84 if the latest is 1.86)
-1. Run `cargo clippy --fix --allow-dirty --allow-staged` to fix new clippy warnings
-1. Create and merge the PR
-1. Bump the Rust version in Ruff's conda forge recipe. See [this PR](https://github.com/conda-forge/ruff-feedstock/pull/266) for an example.
-1. Enjoy the new Rust version!
-
 ## Benchmarking and Profiling

 We have several ways of benchmarking and profiling Ruff:
@@ -388,7 +389,7 @@ We have several ways of benchmarking and profiling Ruff:
 - Microbenchmarks which run the linter or the formatter on individual files. These run on pull requests.
 - Profiling the linter on either the microbenchmarks or entire projects

-> **Note**
+> \[!NOTE\]
 > When running benchmarks, ensure that your CPU is otherwise idle (e.g., close any background
 > applications, like web browsers). You may also want to switch your CPU to a "performance"
 > mode, if it exists, especially when benchmarking short-lived processes.
@@ -402,18 +403,12 @@ which makes it a good target for benchmarking.
 git clone --branch 3.10 https://github.com/python/cpython.git crates/ruff_linter/resources/test/cpython
 ```

-Install `hyperfine`:
-
-```shell
-cargo install hyperfine
-```
-
 To benchmark the release build:

 ```shell
-cargo build --release --bin ruff && hyperfine --warmup 10 \
-  "./target/release/ruff check ./crates/ruff_linter/resources/test/cpython/ --no-cache -e" \
-  "./target/release/ruff check ./crates/ruff_linter/resources/test/cpython/ -e"
+cargo build --release && hyperfine --warmup 10 \
+  "./target/release/ruff ./crates/ruff_linter/resources/test/cpython/ --no-cache -e" \
+  "./target/release/ruff ./crates/ruff_linter/resources/test/cpython/ -e"

 Benchmark 1: ./target/release/ruff ./crates/ruff_linter/resources/test/cpython/ --no-cache
  Time (mean ± σ):     293.8 ms ±   3.2 ms    [User: 2384.6 ms, System: 90.3 ms]
@@ -432,7 +427,7 @@ To benchmark against the ecosystem's existing tools:

 ```shell
 hyperfine --ignore-failure --warmup 5 \
-  "./target/release/ruff check ./crates/ruff_linter/resources/test/cpython/ --no-cache" \
+  "./target/release/ruff ./crates/ruff_linter/resources/test/cpython/ --no-cache" \
  "pyflakes crates/ruff_linter/resources/test/cpython" \
  "autoflake --recursive --expand-star-imports --remove-all-unused-imports --remove-unused-variables --remove-duplicate-keys resources/test/cpython" \
  "pycodestyle crates/ruff_linter/resources/test/cpython" \
@@ -478,10 +473,10 @@ To benchmark a subset of rules, e.g. `LineTooLong` and `DocLineTooLong`:

 ```shell
 cargo build --release && hyperfine --warmup 10 \
-  "./target/release/ruff check ./crates/ruff_linter/resources/test/cpython/ --no-cache -e --select W505,E501"
+  "./target/release/ruff ./crates/ruff_linter/resources/test/cpython/ --no-cache -e --select W505,E501"
 ```

-You can run `uv venv --project ./scripts/benchmarks`, activate the venv and then run `uv sync --project ./scripts/benchmarks` to create a working environment for the
+You can run `poetry install` from `./scripts/benchmarks` to create a working environment for the
 above. All reported benchmarks were computed using the versions specified by
 `./scripts/benchmarks/pyproject.toml` on Python 3.11.

@@ -535,12 +530,10 @@ You can run the benchmarks with
 cargo benchmark
 ```

-`cargo benchmark` is an alias for `cargo bench -p ruff_benchmark --bench linter --bench formatter --`
-
 #### Benchmark-driven Development

 Ruff uses [Criterion.rs](https://bheisler.github.io/criterion.rs/book/) for benchmarks. You can use
-`--save-baseline=<name>` to store an initial baseline benchmark (e.g., on `main`) and then use
+`--save-baseline=<name>` to store an initial baseline benchmark (e.g. on `main`) and then use
 `--benchmark=<name>` to compare against that benchmark. Criterion will print a message telling you
 if the benchmark improved/regressed compared to that baseline.

@@ -575,7 +568,7 @@ cargo install critcmp

 #### Tips

- Use `cargo bench -p ruff_benchmark <filter>` to only run specific benchmarks. For example: `cargo bench -p ruff_benchmark lexer`
+- Use `cargo bench -p ruff_benchmark <filter>` to only run specific benchmarks. For example: `cargo benchmark lexer`
    to only run the lexer benchmarks.
 - Use `cargo bench -p ruff_benchmark -- --quiet` for a more cleaned up output (without statistical relevance)
 - Use `cargo bench -p ruff_benchmark -- --quick` to get faster results (more prone to noise)
@@ -610,7 +603,8 @@ Then convert the recorded profile
 perf script -F +pid > /tmp/test.perf
 ```

-You can now view the converted file with [firefox profiler](https://profiler.firefox.com/). To learn more about Firefox profiler, read the [Firefox profiler profiling-guide](https://profiler.firefox.com/docs/#/./guide-perf-profiling).
+You can now view the converted file with [firefox profiler](https://profiler.firefox.com/), with a
+more in-depth guide [here](https://profiler.firefox.com/docs/#/./guide-perf-profiling)

 An alternative is to convert the perf data to `flamegraph.svg` using
 [flamegraph](https://github.com/flamegraph-rs/flamegraph) (`cargo install flamegraph`):
@@ -691,9 +685,9 @@ utils with it:
 23 Newline 24
 ```

- `cargo dev print-cst <file>`: Print the CST of a Python file using
+- `cargo dev print-cst <file>`: Print the CST of a python file using
    [LibCST](https://github.com/Instagram/LibCST), which is used in addition to the RustPython parser
-    in Ruff. For example, for `if True: pass # comment`, everything, including the whitespace, is represented:
+    in Ruff. E.g. for `if True: pass # comment` everything including the whitespace is represented:

 ```text
 Module {
@@ -876,7 +870,7 @@ each configuration file.

 The package root is used to determine a file's "module path". Consider, again, `baz.py`. In that
 case, `./my_project/src/foo` was identified as the package root, so the module path for `baz.py`
-would resolve to `foo.bar.baz` — as computed by taking the relative path from the package root
+would resolve to  `foo.bar.baz` — as computed by taking the relative path from the package root
 (inclusive of the root itself). The module path can be thought of as "the path you would use to
 import the module" (e.g., `import foo.bar.baz`).

@@ -917,5 +911,9 @@ There are three ways in which an import can be categorized as "first-party":
    the `src` setting and, for each directory, check for the existence of a subdirectory `foo` or a
    file `foo.py`.

-By default, `src` is set to the project root, along with `"src"` subdirectory in the project root.
-This ensures that Ruff supports both flat and "src" layouts out of the box.
+By default, `src` is set to the project root. In the above example, we'd want to set
+`src = ["./src"]` to ensure that we locate `./my_project/src/foo` and thus categorize `import foo`
+as first-party in `baz.py`. In practice, for this limited example, setting `src = ["./src"]` is
+unnecessary, as all imports within `./my_project/src/foo` would be categorized as first-party via
+the same-package heuristic; but if your project contains multiple packages, you'll want to set `src`
+explicitly.
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -3,9 +3,8 @@ members = ["crates/*"]
 resolver = "2"

 [workspace.package]
-# Please update rustfmt.toml when bumping the Rust edition
-edition = "2024"
-rust-version = "1.85"
+edition = "2021"
+rust-version = "1.76"
 homepage = "https://docs.astral.sh/ruff"
 documentation = "https://docs.astral.sh/ruff"
 repository = "https://github.com/astral-sh/ruff"
@@ -14,17 +13,14 @@ license = "MIT"

 [workspace.dependencies]
 ruff = { path = "crates/ruff" }
-ruff_annotate_snippets = { path = "crates/ruff_annotate_snippets" }
 ruff_cache = { path = "crates/ruff_cache" }
-ruff_db = { path = "crates/ruff_db", default-features = false }
+ruff_db = { path = "crates/ruff_db" }
 ruff_diagnostics = { path = "crates/ruff_diagnostics" }
 ruff_formatter = { path = "crates/ruff_formatter" }
-ruff_graph = { path = "crates/ruff_graph" }
 ruff_index = { path = "crates/ruff_index" }
 ruff_linter = { path = "crates/ruff_linter" }
 ruff_macros = { path = "crates/ruff_macros" }
 ruff_notebook = { path = "crates/ruff_notebook" }
-ruff_options_metadata = { path = "crates/ruff_options_metadata" }
 ruff_python_ast = { path = "crates/ruff_python_ast" }
 ruff_python_codegen = { path = "crates/ruff_python_codegen" }
 ruff_python_formatter = { path = "crates/ruff_python_formatter" }
@@ -39,97 +35,79 @@ ruff_source_file = { path = "crates/ruff_source_file" }
 ruff_text_size = { path = "crates/ruff_text_size" }
 ruff_workspace = { path = "crates/ruff_workspace" }

-ty = { path = "crates/ty" }
-ty_ide = { path = "crates/ty_ide" }
-ty_project = { path = "crates/ty_project", default-features = false }
-ty_python_semantic = { path = "crates/ty_python_semantic" }
-ty_server = { path = "crates/ty_server" }
-ty_test = { path = "crates/ty_test" }
-ty_vendored = { path = "crates/ty_vendored" }
+red_knot_module_resolver = { path = "crates/red_knot_module_resolver" }
+red_knot_python_semantic = { path = "crates/red_knot_python_semantic" }
+red_knot_workspace = { path = "crates/red_knot_workspace" }

 aho-corasick = { version = "1.1.3" }
-anstream = { version = "0.6.18" }
-anstyle = { version = "1.0.10" }
+annotate-snippets = { version = "0.9.2", features = ["color"] }
 anyhow = { version = "1.0.80" }
-assert_fs = { version = "1.1.0" }
 argfile = { version = "0.2.0" }
-bincode = { version = "2.0.0" }
+bincode = { version = "1.3.3" }
 bitflags = { version = "2.5.0" }
 bstr = { version = "1.9.1" }
 cachedir = { version = "0.3.1" }
 camino = { version = "1.1.7" }
+chrono = { version = "0.4.35", default-features = false, features = ["clock"] }
 clap = { version = "4.5.3", features = ["derive"] }
 clap_complete_command = { version = "0.6.0" }
-clearscreen = { version = "4.0.0" }
+clearscreen = { version = "3.0.0" }
 codspeed-criterion-compat = { version = "2.6.0", default-features = false }
-colored = { version = "3.0.0" }
+colored = { version = "2.1.0" }
 console_error_panic_hook = { version = "0.1.7" }
 console_log = { version = "1.0.0" }
 countme = { version = "3.0.1" }
-compact_str = "0.9.0"
-criterion = { version = "0.6.0", default-features = false }
+compact_str = "0.8.0"
 crossbeam = { version = "0.8.4" }
 dashmap = { version = "6.0.1" }
-dir-test = { version = "0.4.0" }
-dunce = { version = "1.0.5" }
 drop_bomb = { version = "0.1.5" }
 env_logger = { version = "0.11.0" }
-etcetera = { version = "0.10.0" }
-fern = { version = "0.7.0" }
+etcetera = { version = "0.8.0" }
+fern = { version = "0.6.1" }
 filetime = { version = "0.2.23" }
-getrandom = { version = "0.3.1" }
 glob = { version = "0.3.1" }
 globset = { version = "0.4.14" }
-globwalk = { version = "0.9.1" }
-hashbrown = { version = "0.15.0", default-features = false, features = [
-    "raw-entry",
-    "equivalent",
-    "inline-more",
-] }
-heck = "0.5.0"
+hashbrown = "0.14.3"
 ignore = { version = "0.4.22" }
 imara-diff = { version = "0.1.5" }
 imperative = { version = "1.0.4" }
-indexmap = { version = "2.6.0" }
 indicatif = { version = "0.17.8" }
 indoc = { version = "2.0.4" }
 insta = { version = "1.35.1" }
 insta-cmd = { version = "0.6.0" }
 is-macro = { version = "0.3.5" }
 is-wsl = { version = "0.4.0" }
-itertools = { version = "0.14.0" }
-jiff = { version = "0.2.0" }
+itertools = { version = "0.13.0" }
 js-sys = { version = "0.3.69" }
-jod-thread = { version = "1.0.0" }
+jod-thread = { version = "0.1.2" }
 libc = { version = "0.2.153" }
 libcst = { version = "1.1.0", default-features = false }
 log = { version = "0.4.17" }
 lsp-server = { version = "0.7.6" }
 lsp-types = { git = "https://github.com/astral-sh/lsp-types.git", rev = "3512a9f", features = [
-    "proposed",
+  "proposed",
 ] }
 matchit = { version = "0.8.1" }
 memchr = { version = "2.7.1" }
 mimalloc = { version = "0.1.39" }
 natord = { version = "1.0.9" }
-notify = { version = "8.0.0" }
+notify = { version = "6.1.1" }
+once_cell = { version = "1.19.0" }
 ordermap = { version = "0.5.0" }
 path-absolutize = { version = "3.1.1" }
 path-slash = { version = "0.2.1" }
 pathdiff = { version = "0.2.1" }
-pep440_rs = { version = "0.7.1" }
+pep440_rs = { version = "0.6.0", features = ["serde"] }
 pretty_assertions = "1.3.0"
 proc-macro2 = { version = "1.0.79" }
-pyproject-toml = { version = "0.13.4" }
-quick-junit = { version = "0.5.0" }
+pyproject-toml = { version = "0.9.0" }
+quick-junit = { version = "0.4.0" }
 quote = { version = "1.0.23" }
-rand = { version = "0.9.0" }
+rand = { version = "0.8.5" }
 rayon = { version = "1.10.0" }
 regex = { version = "1.10.2" }
 rustc-hash = { version = "2.0.0" }
-rustc-stable-hash = { version = "0.1.2" }
-# When updating salsa, make sure to also update the revision in `fuzz/Cargo.toml`
-salsa = { git = "https://github.com/salsa-rs/salsa.git", rev = "7edce6e248f35c8114b4b021cdb474a3fb2813b3" }
+salsa = { git = "https://github.com/MichaReiser/salsa.git", rev = "635e23943c095077c4a423488ac829b4ae0bfa77" }
 schemars = { version = "0.8.16" }
 seahash = { version = "4.1.0" }
 serde = { version = "1.0.197", features = ["derive"] }
@@ -137,67 +115,48 @@ serde-wasm-bindgen = { version = "0.6.4" }
 serde_json = { version = "1.0.113" }
 serde_test = { version = "1.0.152" }
 serde_with = { version = "3.6.0", default-features = false, features = [
-    "macros",
+  "macros",
 ] }
 shellexpand = { version = "3.0.0" }
 similar = { version = "2.4.0", features = ["inline"] }
 smallvec = { version = "1.13.2" }
-snapbox = { version = "0.6.0", features = [
-    "diff",
-    "term-svg",
-    "cmd",
-    "examples",
-] }
 static_assertions = "1.1.0"
-strum = { version = "0.27.0", features = ["strum_macros"] }
-strum_macros = { version = "0.27.0" }
+strum = { version = "0.26.0", features = ["strum_macros"] }
+strum_macros = { version = "0.26.0" }
 syn = { version = "2.0.55" }
 tempfile = { version = "3.9.0" }
 test-case = { version = "3.3.1" }
-thiserror = { version = "2.0.0" }
+thiserror = { version = "1.0.58" }
 tikv-jemallocator = { version = "0.6.0" }
 toml = { version = "0.8.11" }
 tracing = { version = "0.1.40" }
-tracing-flame = { version = "0.2.0" }
 tracing-indicatif = { version = "0.3.6" }
-tracing-log = { version = "0.2.0" }
-tracing-subscriber = { version = "0.3.18", default-features = false, features = [
-    "env-filter",
-    "fmt",
-    "ansi",
-    "smallvec"
-] }
-tryfn = { version = "0.2.1" }
+tracing-subscriber = { version = "0.3.18", features = ["env-filter"] }
+tracing-tree = { version = "0.4.0" }
 typed-arena = { version = "2.0.2" }
 unic-ucd-category = { version = "0.9" }
 unicode-ident = { version = "1.0.12" }
-unicode-width = { version = "0.2.0" }
+unicode-width = { version = "0.1.11" }
 unicode_names2 = { version = "1.2.2" }
 unicode-normalization = { version = "0.1.23" }
+ureq = { version = "2.9.6" }
 url = { version = "2.5.0" }
 uuid = { version = "1.6.1", features = [
-    "v4",
-    "fast-rng",
-    "macro-diagnostics",
-    "js",
+  "v4",
+  "fast-rng",
+  "macro-diagnostics",
+  "js",
 ] }
 walkdir = { version = "2.3.2" }
 wasm-bindgen = { version = "0.2.92" }
 wasm-bindgen-test = { version = "0.3.42" }
 wild = { version = "2" }
-zip = { version = "0.6.6", default-features = false }
-
-[workspace.metadata.cargo-shear]
-ignored = ["getrandom", "ruff_options_metadata"]
-
+zip = { version = "0.6.6", default-features = false, features = ["zstd"] }

 [workspace.lints.rust]
 unsafe_code = "warn"
 unreachable_pub = "warn"
-unexpected_cfgs = { level = "warn", check-cfg = [
-    "cfg(fuzzing)",
-    "cfg(codspeed)",
-] }
+unexpected_cfgs = { level = "warn", check-cfg = ['cfg(fuzzing)'] }

 [workspace.lints.clippy]
 pedantic = { level = "warn", priority = -2 }
@@ -213,11 +172,8 @@ missing_panics_doc = "allow"
 module_name_repetitions = "allow"
 must_use_candidate = "allow"
 similar_names = "allow"
-single_match_else = "allow"
 too_many_lines = "allow"
-needless_continue = "allow"       # An explicit continue can be more readable, especially if the alternative is an empty block.
-unnecessary_debug_formatting = "allow"  # too many instances, the display also doesn't quote the path which is often desired in logs where we use them the most often.
-# Without the hashes we run into a `rustfmt` bug in some snapshot tests, see #13250
+# To allow `#[allow(clippy::all)]` in `crates/ruff_python_parser/src/python.rs`.
 needless_raw_string_hashes = "allow"
 # Disallowed restriction lints
 print_stdout = "warn"
@@ -230,13 +186,6 @@ get_unwrap = "warn"
 rc_buffer = "warn"
 rc_mutex = "warn"
 rest_pat_in_fully_bound_structs = "warn"
-# nursery rules
-redundant_clone = "warn"
-debug_assert_with_mut_call = "warn"
-unused_peekable = "warn"
-
-# Diagnostics are not actionable: Enable once https://github.com/rust-lang/rust-clippy/issues/13774 is resolved.
-large_stack_arrays = "allow"

 [profile.release]
 # Note that we set these explicitly, and these values
@@ -261,9 +210,6 @@ opt-level = 3
 [profile.dev.package.similar]
 opt-level = 3

-[profile.dev.package.salsa]
-opt-level = 3
-
 # Reduce complexity of a parser function that would trigger a locals limit in a wasm tool.
 # https://github.com/bytecodealliance/wasm-tools/blob/b5c3d98e40590512a3b12470ef358d5c7b983b15/crates/wasmparser/src/limits.rs#L29
 [profile.dev.package.ruff_python_parser]
@@ -278,3 +224,58 @@ debug = 1
 # The profile that 'cargo dist' will build with.
 [profile.dist]
 inherits = "release"
+
+# Config for 'cargo dist'
+[workspace.metadata.dist]
+# The preferred cargo-dist version to use in CI (Cargo.toml SemVer syntax)
+cargo-dist-version = "0.18.0"
+# CI backends to support
+ci = ["github"]
+# The installers to generate for each app
+installers = ["shell", "powershell"]
+# The archive format to use for windows builds (defaults .zip)
+windows-archive = ".zip"
+# The archive format to use for non-windows builds (defaults .tar.xz)
+unix-archive = ".tar.gz"
+# Target platforms to build apps for (Rust target-triple syntax)
+targets = [
+  "aarch64-apple-darwin",
+  "aarch64-pc-windows-msvc",
+  "aarch64-unknown-linux-gnu",
+  "aarch64-unknown-linux-musl",
+  "arm-unknown-linux-musleabihf",
+  "armv7-unknown-linux-gnueabihf",
+  "armv7-unknown-linux-musleabihf",
+  "i686-pc-windows-msvc",
+  "i686-unknown-linux-gnu",
+  "i686-unknown-linux-musl",
+  "powerpc64-unknown-linux-gnu",
+  "powerpc64le-unknown-linux-gnu",
+  "s390x-unknown-linux-gnu",
+  "x86_64-apple-darwin",
+  "x86_64-pc-windows-msvc",
+  "x86_64-unknown-linux-gnu",
+  "x86_64-unknown-linux-musl",
+]
+# Whether to auto-include files like READMEs, LICENSEs, and CHANGELOGs (default true)
+auto-includes = false
+# Whether cargo-dist should create a GitHub Release or use an existing draft
+create-release = true
+# Publish jobs to run in CI
+pr-run-mode = "skip"
+# Whether CI should trigger releases with dispatches instead of tag pushes
+dispatch-releases = true
+# The stage during which the GitHub Release should be created
+github-release = "announce"
+# Whether CI should include auto-generated code to build local artifacts
+build-local-artifacts = false
+# Local artifacts jobs to run in CI
+local-artifacts-jobs = ["./build-binaries", "./build-docker"]
+# Publish jobs to run in CI
+publish-jobs = ["./publish-pypi", "./publish-wasm"]
+# Announcement jobs to run in CI
+post-announce-jobs = ["./notify-dependents", "./publish-docs", "./publish-playground"]
+# Custom permissions for GitHub Jobs
+github-custom-job-permissions = { "build-docker" = { packages = "write", contents = "read" }, "publish-wasm" = { contents = "read", id-token = "write", packages = "write" } }
+# Whether to install an updater program
+install-updater = false
--- a/2
+++ b/2
@@ -1,4 +1,4 @@
-FROM --platform=$BUILDPLATFORM ubuntu AS build
+FROM --platform=$BUILDPLATFORM ubuntu as build
 ENV HOME="/root"
 WORKDIR $HOME

--- a/README.md
+++ b/README.md
@@ -29,14 +29,14 @@ An extremely fast Python linter and code formatter, written in Rust.
 - 🐍 Installable via `pip`
 - 🛠️ `pyproject.toml` support
 - 🤝 Python 3.13 compatibility
- ⚖️ Drop-in parity with [Flake8](https://docs.astral.sh/ruff/faq/#how-does-ruffs-linter-compare-to-flake8), isort, and [Black](https://docs.astral.sh/ruff/faq/#how-does-ruffs-formatter-compare-to-black)
+- ⚖️ Drop-in parity with [Flake8](https://docs.astral.sh/ruff/faq/#how-does-ruff-compare-to-flake8), isort, and Black
 - 📦 Built-in caching, to avoid re-analyzing unchanged files
 - 🔧 Fix support, for automatic error correction (e.g., automatically remove unused imports)
 - 📏 Over [800 built-in rules](https://docs.astral.sh/ruff/rules/), with native re-implementations
    of popular Flake8 plugins, like flake8-bugbear
 - ⌨️ First-party [editor integrations](https://docs.astral.sh/ruff/integrations/) for
    [VS Code](https://github.com/astral-sh/ruff-vscode) and [more](https://docs.astral.sh/ruff/editors/setup)
- 🌎 Monorepo-friendly, with [hierarchical and cascading configuration](https://docs.astral.sh/ruff/configuration/#config-file-discovery)
+- 🌎 Monorepo-friendly, with [hierarchical and cascading configuration](https://docs.astral.sh/ruff/configuration/#pyprojecttoml-discovery)

 Ruff aims to be orders of magnitude faster than alternative tools while integrating more
 functionality behind a single, common interface.
@@ -110,28 +110,15 @@ For more, see the [documentation](https://docs.astral.sh/ruff/).
 1. [Who's Using Ruff?](#whos-using-ruff)
 1. [License](#license)

-## Getting Started<a id="getting-started"></a>
+## Getting Started

 For more, see the [documentation](https://docs.astral.sh/ruff/).

 ### Installation

-Ruff is available as [`ruff`](https://pypi.org/project/ruff/) on PyPI.
-
-Invoke Ruff directly with [`uvx`](https://docs.astral.sh/uv/):
+Ruff is available as [`ruff`](https://pypi.org/project/ruff/) on PyPI:

 ```shell
-uvx ruff check   # Lint all files in the current directory.
-uvx ruff format  # Format all files in the current directory.
-```
-
-Or install Ruff with `uv` (recommended), `pip`, or `pipx`:
-
-```shell
-# With uv.
-uv tool install ruff@latest  # Install Ruff globally.
-uv add --dev ruff            # Or add Ruff to your project.
-
 # With pip.
 pip install ruff

@@ -149,8 +136,8 @@ curl -LsSf https://astral.sh/ruff/install.sh | sh
 powershell -c "irm https://astral.sh/ruff/install.ps1 | iex"

 # For a specific version.
-curl -LsSf https://astral.sh/ruff/0.11.10/install.sh | sh
-powershell -c "irm https://astral.sh/ruff/0.11.10/install.ps1 | iex"
+curl -LsSf https://astral.sh/ruff/0.5.6/install.sh | sh
+powershell -c "irm https://astral.sh/ruff/0.5.6/install.ps1 | iex"
 ```

 You can also install Ruff via [Homebrew](https://formulae.brew.sh/formula/ruff), [Conda](https://anaconda.org/conda-forge/ruff),
@@ -183,7 +170,7 @@ Ruff can also be used as a [pre-commit](https://pre-commit.com/) hook via [`ruff
 ```yaml
 - repo: https://github.com/astral-sh/ruff-pre-commit
  # Ruff version.
-  rev: v0.11.10
+  rev: v0.5.6
  hooks:
    # Run the linter.
    - id: ruff
@@ -195,7 +182,7 @@ Ruff can also be used as a [pre-commit](https://pre-commit.com/) hook via [`ruff
 Ruff can also be used as a [VS Code extension](https://github.com/astral-sh/ruff-vscode) or with [various other editors](https://docs.astral.sh/ruff/editors/setup).

 Ruff can also be used as a [GitHub Action](https://github.com/features/actions) via
-[`ruff-action`](https://github.com/astral-sh/ruff-action):
+[`ruff-action`](https://github.com/chartboost/ruff-action):

 ```yaml
 name: Ruff
@@ -205,10 +192,10 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: astral-sh/ruff-action@v3
+      - uses: chartboost/ruff-action@v1
 ```

-### Configuration<a id="configuration"></a>
+### Configuration

 Ruff can be configured through a `pyproject.toml`, `ruff.toml`, or `.ruff.toml` file (see:
 [_Configuration_](https://docs.astral.sh/ruff/configuration/), or [_Settings_](https://docs.astral.sh/ruff/settings/)
@@ -251,11 +238,11 @@ exclude = [
 line-length = 88
 indent-width = 4

-# Assume Python 3.9
-target-version = "py39"
+# Assume Python 3.8
+target-version = "py38"

 [lint]
-# Enable Pyflakes (`F`) and a subset of the pycodestyle (`E`) codes by default.
+# Enable Pyflakes (`F`) and a subset of the pycodestyle (`E`)  codes by default.
 select = ["E4", "E7", "E9", "F"]
 ignore = []

@@ -304,7 +291,7 @@ features that may change prior to stabilization.
 See `ruff help` for more on Ruff's top-level commands, or `ruff help check` and `ruff help format`
 for more on the linting and formatting commands, respectively.

-## Rules<a id="rules"></a>
+## Rules

 <!-- Begin section: Rules -->

@@ -380,21 +367,21 @@ quality tools, including:

 For a complete enumeration of the supported rules, see [_Rules_](https://docs.astral.sh/ruff/rules/).

-## Contributing<a id="contributing"></a>
+## Contributing

 Contributions are welcome and highly appreciated. To get started, check out the
 [**contributing guidelines**](https://docs.astral.sh/ruff/contributing/).

 You can also join us on [**Discord**](https://discord.com/invite/astral-sh).

-## Support<a id="support"></a>
+## Support

 Having trouble? Check out the existing issues on [**GitHub**](https://github.com/astral-sh/ruff/issues),
 or feel free to [**open a new one**](https://github.com/astral-sh/ruff/issues/new).

 You can also ask for help on [**Discord**](https://discord.com/invite/astral-sh).

-## Acknowledgements<a id="acknowledgements"></a>
+## Acknowledgements

 Ruff's linter draws on both the APIs and implementation details of many other
 tools in the Python ecosystem, especially [Flake8](https://github.com/PyCQA/flake8), [Pyflakes](https://github.com/PyCQA/pyflakes),
@@ -418,7 +405,7 @@ Ruff is the beneficiary of a large number of [contributors](https://github.com/a

 Ruff is released under the MIT license.

-## Who's Using Ruff?<a id="whos-using-ruff"></a>
+## Who's Using Ruff?

 Ruff is used by a number of major open-source projects and companies, including:

@@ -430,7 +417,6 @@ Ruff is used by a number of major open-source projects and companies, including:
 - [Babel](https://github.com/python-babel/babel)
 - Benchling ([Refac](https://github.com/benchling/refac))
 - [Bokeh](https://github.com/bokeh/bokeh)
- CrowdCent ([NumerBlox](https://github.com/crowdcent/numerblox)) <!-- typos: ignore -->
 - [Cryptography (PyCA)](https://github.com/pyca/cryptography)
 - CERN ([Indico](https://getindico.io/))
 - [DVC](https://github.com/iterative/dvc)
@@ -452,7 +438,6 @@ Ruff is used by a number of major open-source projects and companies, including:
 - ING Bank ([popmon](https://github.com/ing-bank/popmon), [probatus](https://github.com/ing-bank/probatus))
 - [Ibis](https://github.com/ibis-project/ibis)
 - [ivy](https://github.com/unifyai/ivy)
- [JAX](https://github.com/jax-ml/jax)
 - [Jupyter](https://github.com/jupyter-server/jupyter_server)
 - [Kraken Tech](https://kraken.tech/)
 - [LangChain](https://github.com/hwchase17/langchain)
@@ -539,7 +524,7 @@ If you're using Ruff, consider adding the Ruff badge to your project's `README.m
 <a href="https://github.com/astral-sh/ruff"><img src="https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json" alt="Ruff" style="max-width:100%;"></a>
 ```

-## License<a id="license"></a>
+## License

 This repository is licensed under the [MIT License](https://github.com/astral-sh/ruff/blob/main/LICENSE)

--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,15 +0,0 @@
-# Security policy
-
-## Reporting a vulnerability
-
-If you have found a possible vulnerability, please email `security at astral dot sh`.
-
-## Bug bounties
-
-While we sincerely appreciate and encourage reports of suspected security problems, please note that
-Astral does not currently run any bug bounty programs.
-
-## Vulnerability disclosures
-
-Critical vulnerabilities will be disclosed via GitHub's
-[security advisory](https://github.com/astral-sh/ruff/security) system.
--- a/_typos.toml
+++ b/_typos.toml
@@ -1,10 +1,6 @@
 [files]
 # https://github.com/crate-ci/typos/issues/868
-extend-exclude = [
-    "crates/ty_vendored/vendor/**/*",
-    "**/resources/**/*",
-    "**/snapshots/**/*",
-]
+extend-exclude = ["crates/red_knot_module_resolver/vendor/**/*", "**/resources/**/*", "**/snapshots/**/*"]

 [default.extend-words]
 "arange" = "arange"  # e.g. `numpy.arange`
@@ -12,22 +8,14 @@ hel = "hel"
 whos = "whos"
 spawnve = "spawnve"
 ned = "ned"
-pn = "pn"  # `import panel as pn` is a thing
+pn = "pn"  # `import panel as pd` is a thing
 poit = "poit"
 BA = "BA" # acronym for "Bad Allowed", used in testing.
 jod = "jod" # e.g., `jod-thread`
-Numer = "Numer" # Library name 'NumerBlox' in "Who's Using Ruff?"

 [default]
 extend-ignore-re = [
-    # Line ignore with trailing "spellchecker:disable-line"
-    "(?Rm)^.*#\\s*spellchecker:disable-line$",
-    "LICENSEs",
-    # Various third party dependencies uses `typ` as struct field names (e.g., lsp_types::LogMessageParams)
-    "typ",
-    # TODO: Remove this once the `TYP` redirects are removed from `rule_redirects.rs`
-    "TYP",
+  # Line ignore with trailing "spellchecker:disable-line"
+  "(?Rm)^.*#\\s*spellchecker:disable-line$",
+  "LICENSEs",
 ]
-
-[default.extend-identifiers]
-"FrIeNdLy" = "FrIeNdLy"
--- a/clippy.toml
+++ b/clippy.toml
@@ -1,25 +1,21 @@
 doc-valid-idents = [
-    "..",
-    "CodeQL",
-    "FastAPI",
-    "IPython",
-    "LangChain",
-    "LibCST",
-    "McCabe",
-    "NumPy",
-    "SCREAMING_SNAKE_CASE",
-    "SQLAlchemy",
-    "StackOverflow",
-    "PyCharm",
-    "SNMPv1",
-    "SNMPv2",
-    "SNMPv3",
-    "PyFlakes"
+  "..",
+  "CodeQL",
+  "FastAPI",
+  "IPython",
+  "LangChain",
+  "LibCST",
+  "McCabe",
+  "NumPy",
+  "SCREAMING_SNAKE_CASE",
+  "SQLAlchemy",
+  "StackOverflow",
+  "PyCharm",
 ]

 ignore-interior-mutability = [
-    # Interned is read-only. The wrapped `Rc` never gets updated.
-    "ruff_formatter::format_element::Interned",
-    # The expression is read-only.
-    "ruff_python_ast::hashable::HashableExpr",
+  # Interned is read-only. The wrapped `Rc` never gets updated.
+  "ruff_formatter::format_element::Interned",
+  # The expression is read-only.
+  "ruff_python_ast::hashable::HashableExpr",
 ]
--- a/crates/red_knot/Cargo.toml
+++ b/crates/red_knot/Cargo.toml
@@ -0,0 +1,37 @@
+[package]
+name = "red_knot"
+version = "0.0.0"
+edition.workspace = true
+rust-version.workspace = true
+homepage.workspace = true
+documentation.workspace = true
+repository.workspace = true
+authors.workspace = true
+license.workspace = true
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+red_knot_module_resolver = { workspace = true }
+red_knot_workspace = { workspace = true }
+
+ruff_db = { workspace = true, features = ["os", "cache"] }
+
+anyhow = { workspace = true }
+clap = { workspace = true, features = ["wrap_help"] }
+countme = { workspace = true, features = ["enable"] }
+crossbeam = { workspace = true }
+ctrlc = { version = "3.4.4" }
+rayon = { workspace = true }
+salsa = { workspace = true }
+tracing = { workspace = true }
+tracing-subscriber = { workspace = true }
+tracing-tree = { workspace = true }
+
+[dev-dependencies]
+filetime = { workspace = true }
+tempfile = { workspace = true }
+
+
+[lints]
+workspace = true
--- a/crates/red_knot/src/cli/mod.rs
+++ b/crates/red_knot/src/cli/mod.rs
@@ -0,0 +1,2 @@
+pub(crate) mod target_version;
+pub(crate) mod verbosity;
--- a/crates/red_knot/src/cli/target_version.rs
+++ b/crates/red_knot/src/cli/target_version.rs
@@ -0,0 +1,34 @@
+/// Enumeration of all supported Python versions
+///
+/// TODO: unify with the `PythonVersion` enum in the linter/formatter crates?
+#[derive(Copy, Clone, Hash, Debug, PartialEq, Eq, PartialOrd, Ord, Default, clap::ValueEnum)]
+pub enum TargetVersion {
+    Py37,
+    #[default]
+    Py38,
+    Py39,
+    Py310,
+    Py311,
+    Py312,
+    Py313,
+}
+
+impl std::fmt::Display for TargetVersion {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        ruff_db::program::TargetVersion::from(*self).fmt(f)
+    }
+}
+
+impl From<TargetVersion> for ruff_db::program::TargetVersion {
+    fn from(value: TargetVersion) -> Self {
+        match value {
+            TargetVersion::Py37 => Self::Py37,
+            TargetVersion::Py38 => Self::Py38,
+            TargetVersion::Py39 => Self::Py39,
+            TargetVersion::Py310 => Self::Py310,
+            TargetVersion::Py311 => Self::Py311,
+            TargetVersion::Py312 => Self::Py312,
+            TargetVersion::Py313 => Self::Py313,
+        }
+    }
+}
--- a/crates/red_knot/src/cli/verbosity.rs
+++ b/crates/red_knot/src/cli/verbosity.rs
@@ -0,0 +1,34 @@
+#[derive(Debug, Copy, Clone, Eq, PartialEq, Ord, PartialOrd)]
+pub(crate) enum VerbosityLevel {
+    Info,
+    Debug,
+    Trace,
+}
+
+/// Logging flags to `#[command(flatten)]` into your CLI
+#[derive(clap::Args, Debug, Clone, Default)]
+#[command(about = None, long_about = None)]
+pub(crate) struct Verbosity {
+    #[arg(
+        long,
+        short = 'v',
+        help = "Use verbose output (or `-vv` and `-vvv` for more verbose output)",
+        action = clap::ArgAction::Count,
+        global = true,
+    )]
+    verbose: u8,
+}
+
+impl Verbosity {
+    /// Returns the verbosity level based on the number of `-v` flags.
+    ///
+    /// Returns `None` if the user did not specify any verbosity flags.
+    pub(crate) fn level(&self) -> Option<VerbosityLevel> {
+        match self.verbose {
+            0 => None,
+            1 => Some(VerbosityLevel::Info),
+            2 => Some(VerbosityLevel::Debug),
+            _ => Some(VerbosityLevel::Trace),
+        }
+    }
+}
--- a/crates/red_knot/src/main.rs
+++ b/crates/red_knot/src/main.rs
@@ -0,0 +1,329 @@
+use std::sync::Mutex;
+
+use clap::Parser;
+use crossbeam::channel as crossbeam_channel;
+use tracing::subscriber::Interest;
+use tracing::{Level, Metadata};
+use tracing_subscriber::filter::LevelFilter;
+use tracing_subscriber::layer::{Context, Filter, SubscriberExt};
+use tracing_subscriber::{Layer, Registry};
+use tracing_tree::time::Uptime;
+
+use red_knot_workspace::db::RootDatabase;
+use red_knot_workspace::watch;
+use red_knot_workspace::watch::WorkspaceWatcher;
+use red_knot_workspace::workspace::WorkspaceMetadata;
+use ruff_db::program::{ProgramSettings, SearchPathSettings};
+use ruff_db::system::{OsSystem, System, SystemPathBuf};
+
+use cli::target_version::TargetVersion;
+use cli::verbosity::{Verbosity, VerbosityLevel};
+
+mod cli;
+
+#[derive(Debug, Parser)]
+#[command(
+    author,
+    name = "red-knot",
+    about = "An experimental multifile analysis backend for Ruff"
+)]
+#[command(version)]
+struct Args {
+    #[arg(
+        long,
+        help = "Changes the current working directory.",
+        long_help = "Changes the current working directory before any specified operations. This affects the workspace and configuration discovery.",
+        value_name = "PATH"
+    )]
+    current_directory: Option<SystemPathBuf>,
+
+    #[arg(
+        long,
+        value_name = "DIRECTORY",
+        help = "Custom directory to use for stdlib typeshed stubs"
+    )]
+    custom_typeshed_dir: Option<SystemPathBuf>,
+
+    #[arg(
+        long,
+        value_name = "PATH",
+        help = "Additional path to use as a module-resolution source (can be passed multiple times)"
+    )]
+    extra_search_path: Vec<SystemPathBuf>,
+
+    #[arg(long, help = "Python version to assume when resolving types", default_value_t = TargetVersion::default(), value_name="VERSION")]
+    target_version: TargetVersion,
+
+    #[clap(flatten)]
+    verbosity: Verbosity,
+
+    #[arg(
+        long,
+        help = "Run in watch mode by re-running whenever files change",
+        short = 'W'
+    )]
+    watch: bool,
+}
+
+#[allow(
+    clippy::print_stdout,
+    clippy::unnecessary_wraps,
+    clippy::print_stderr,
+    clippy::dbg_macro
+)]
+pub fn main() -> anyhow::Result<()> {
+    let Args {
+        current_directory,
+        custom_typeshed_dir,
+        extra_search_path: extra_paths,
+        target_version,
+        verbosity,
+        watch,
+    } = Args::parse_from(std::env::args().collect::<Vec<_>>());
+
+    let verbosity = verbosity.level();
+    countme::enable(verbosity == Some(VerbosityLevel::Trace));
+    setup_tracing(verbosity);
+
+    let cwd = if let Some(cwd) = current_directory {
+        let canonicalized = cwd.as_utf8_path().canonicalize_utf8().unwrap();
+        SystemPathBuf::from_utf8_path_buf(canonicalized)
+    } else {
+        let cwd = std::env::current_dir().unwrap();
+        SystemPathBuf::from_path_buf(cwd).unwrap()
+    };
+
+    let system = OsSystem::new(cwd.clone());
+    let workspace_metadata =
+        WorkspaceMetadata::from_path(system.current_directory(), &system).unwrap();
+
+    // TODO: Respect the settings from the workspace metadata. when resolving the program settings.
+    let program_settings = ProgramSettings {
+        target_version: target_version.into(),
+        search_paths: SearchPathSettings {
+            extra_paths,
+            workspace_root: workspace_metadata.root().to_path_buf(),
+            custom_typeshed: custom_typeshed_dir,
+            site_packages: vec![],
+        },
+    };
+
+    // TODO: Use the `program_settings` to compute the key for the database's persistent
+    //   cache and load the cache if it exists.
+    let db = RootDatabase::new(workspace_metadata, program_settings, system);
+
+    let (main_loop, main_loop_cancellation_token) = MainLoop::new(verbosity);
+
+    // Listen to Ctrl+C and abort the watch mode.
+    let main_loop_cancellation_token = Mutex::new(Some(main_loop_cancellation_token));
+    ctrlc::set_handler(move || {
+        let mut lock = main_loop_cancellation_token.lock().unwrap();
+
+        if let Some(token) = lock.take() {
+            token.stop();
+        }
+    })?;
+
+    let mut db = salsa::Handle::new(db);
+    if watch {
+        main_loop.watch(&mut db)?;
+    } else {
+        main_loop.run(&mut db);
+    };
+
+    std::mem::forget(db);
+
+    Ok(())
+}
+
+struct MainLoop {
+    /// Sender that can be used to send messages to the main loop.
+    sender: crossbeam_channel::Sender<MainLoopMessage>,
+
+    /// Receiver for the messages sent **to** the main loop.
+    receiver: crossbeam_channel::Receiver<MainLoopMessage>,
+
+    /// The file system watcher, if running in watch mode.
+    watcher: Option<WorkspaceWatcher>,
+
+    verbosity: Option<VerbosityLevel>,
+}
+
+impl MainLoop {
+    fn new(verbosity: Option<VerbosityLevel>) -> (Self, MainLoopCancellationToken) {
+        let (sender, receiver) = crossbeam_channel::bounded(10);
+
+        (
+            Self {
+                sender: sender.clone(),
+                receiver,
+                watcher: None,
+                verbosity,
+            },
+            MainLoopCancellationToken { sender },
+        )
+    }
+
+    fn watch(mut self, db: &mut salsa::Handle<RootDatabase>) -> anyhow::Result<()> {
+        let sender = self.sender.clone();
+        let watcher = watch::directory_watcher(move |event| {
+            sender.send(MainLoopMessage::ApplyChanges(event)).unwrap();
+        })?;
+
+        self.watcher = Some(WorkspaceWatcher::new(watcher, db));
+        self.run(db);
+        Ok(())
+    }
+
+    #[allow(clippy::print_stderr)]
+    fn run(mut self, db: &mut salsa::Handle<RootDatabase>) {
+        // Schedule the first check.
+        self.sender.send(MainLoopMessage::CheckWorkspace).unwrap();
+        let mut revision = 0usize;
+
+        while let Ok(message) = self.receiver.recv() {
+            tracing::trace!("Main Loop: Tick");
+
+            match message {
+                MainLoopMessage::CheckWorkspace => {
+                    let db = db.clone();
+                    let sender = self.sender.clone();
+
+                    // Spawn a new task that checks the workspace. This needs to be done in a separate thread
+                    // to prevent blocking the main loop here.
+                    rayon::spawn(move || {
+                        if let Ok(result) = db.check() {
+                            // Send the result back to the main loop for printing.
+                            sender
+                                .send(MainLoopMessage::CheckCompleted { result, revision })
+                                .ok();
+                        }
+                    });
+                }
+
+                MainLoopMessage::CheckCompleted {
+                    result,
+                    revision: check_revision,
+                } => {
+                    if check_revision == revision {
+                        eprintln!("{}", result.join("\n"));
+
+                        if self.verbosity == Some(VerbosityLevel::Trace) {
+                            eprintln!("{}", countme::get_all());
+                        }
+                    }
+
+                    if self.watcher.is_none() {
+                        return self.exit();
+                    }
+                }
+
+                MainLoopMessage::ApplyChanges(changes) => {
+                    revision += 1;
+                    // Automatically cancels any pending queries and waits for them to complete.
+                    db.get_mut().apply_changes(changes);
+                    if let Some(watcher) = self.watcher.as_mut() {
+                        watcher.update(db);
+                    }
+                    self.sender.send(MainLoopMessage::CheckWorkspace).unwrap();
+                }
+                MainLoopMessage::Exit => {
+                    return self.exit();
+                }
+            }
+        }
+
+        self.exit();
+    }
+
+    #[allow(clippy::print_stderr, clippy::unused_self)]
+    fn exit(self) {
+        if self.verbosity == Some(VerbosityLevel::Trace) {
+            eprintln!("Exit");
+            eprintln!("{}", countme::get_all());
+        }
+    }
+}
+
+#[derive(Debug)]
+struct MainLoopCancellationToken {
+    sender: crossbeam_channel::Sender<MainLoopMessage>,
+}
+
+impl MainLoopCancellationToken {
+    fn stop(self) {
+        self.sender.send(MainLoopMessage::Exit).unwrap();
+    }
+}
+
+/// Message sent from the orchestrator to the main loop.
+#[derive(Debug)]
+enum MainLoopMessage {
+    CheckWorkspace,
+    CheckCompleted {
+        result: Vec<String>,
+        revision: usize,
+    },
+    ApplyChanges(Vec<watch::ChangeEvent>),
+    Exit,
+}
+
+fn setup_tracing(verbosity: Option<VerbosityLevel>) {
+    let trace_level = match verbosity {
+        None => Level::WARN,
+        Some(VerbosityLevel::Info) => Level::INFO,
+        Some(VerbosityLevel::Debug) => Level::DEBUG,
+        Some(VerbosityLevel::Trace) => Level::TRACE,
+    };
+
+    let subscriber = Registry::default().with(
+        tracing_tree::HierarchicalLayer::default()
+            .with_indent_lines(true)
+            .with_indent_amount(2)
+            .with_bracketed_fields(true)
+            .with_thread_ids(true)
+            .with_targets(true)
+            .with_writer(|| Box::new(std::io::stderr()))
+            .with_timer(Uptime::default())
+            .with_filter(LoggingFilter { trace_level }),
+    );
+
+    tracing::subscriber::set_global_default(subscriber).unwrap();
+}
+
+struct LoggingFilter {
+    trace_level: Level,
+}
+
+impl LoggingFilter {
+    fn is_enabled(&self, meta: &Metadata<'_>) -> bool {
+        let filter = if meta.target().starts_with("red_knot") || meta.target().starts_with("ruff") {
+            self.trace_level
+        } else if meta.target().starts_with("salsa") && self.trace_level <= Level::INFO {
+            // Salsa emits very verbose query traces with level info. Let's not show these to the user.
+            Level::WARN
+        } else {
+            Level::INFO
+        };
+
+        meta.level() <= &filter
+    }
+}
+
+impl<S> Filter<S> for LoggingFilter {
+    fn enabled(&self, meta: &Metadata<'_>, _cx: &Context<'_, S>) -> bool {
+        self.is_enabled(meta)
+    }
+
+    fn callsite_enabled(&self, meta: &'static Metadata<'static>) -> Interest {
+        if self.is_enabled(meta) {
+            Interest::always()
+        } else {
+            Interest::never()
+        }
+    }
+
+    fn max_level_hint(&self) -> Option<LevelFilter> {
+        Some(LevelFilter::from_level(self.trace_level))
+    }
+}
--- a/crates/red_knot/tests/file_watching.rs
+++ b/crates/red_knot/tests/file_watching.rs
--- a/crates/red_knot_module_resolver/Cargo.toml
+++ b/crates/red_knot_module_resolver/Cargo.toml
@@ -1,5 +1,5 @@
 [package]
-name = "ty_vendored"
+name = "red_knot_module_resolver"
 version = "0.0.0"
 publish = false
 authors = { workspace = true }
@@ -12,20 +12,28 @@ license = { workspace = true }

 [dependencies]
 ruff_db = { workspace = true }
+ruff_python_stdlib = { workspace = true }
+
+compact_str = { workspace = true }
+camino = { workspace = true }
+once_cell = { workspace = true }
+rustc-hash = { workspace = true }
+salsa = { workspace = true }
+tracing = { workspace = true }
 zip = { workspace = true }

 [build-dependencies]
 path-slash = { workspace = true }
 walkdir = { workspace = true }
-zip = { workspace = true, features = ["zstd", "deflate"] }
+zip = { workspace = true }

 [dev-dependencies]
-walkdir = { workspace = true }
+ruff_db = { workspace = true, features = ["os"] }

-[features]
-zstd = ["zip/zstd"]
-deflate = ["zip/deflate"]
+anyhow = { workspace = true }
+insta = { workspace = true }
+tempfile = { workspace = true }
+walkdir = { workspace = true }

 [lints]
 workspace = true
-
--- a/crates/red_knot_module_resolver/README.md
+++ b/crates/red_knot_module_resolver/README.md
@@ -1,5 +1,9 @@
-# Vendored types for the stdlib
+# Red Knot

-This crate vendors [typeshed](https://github.com/python/typeshed)'s stubs for the standard library. The vendored stubs can be found in `crates/ty_vendored/vendor/typeshed`. The file `crates/ty_vendored/vendor/typeshed/source_commit.txt` tells you the typeshed commit that our vendored stdlib stubs currently correspond to.
+A work-in-progress multifile module resolver for Ruff.
+
+## Vendored types for the stdlib
+
+This crate vendors [typeshed](https://github.com/python/typeshed)'s stubs for the standard library. The vendored stubs can be found in `crates/red_knot_module_resolver/vendor/typeshed`. The file `crates/red_knot_module_resolver/vendor/typeshed/source_commit.txt` tells you the typeshed commit that our vendored stdlib stubs currently correspond to.

 The typeshed stubs are updated every two weeks via an automated PR using the `sync_typeshed.yaml` workflow in the `.github/workflows` directory. This workflow can also be triggered at any time via [workflow dispatch](https://docs.github.com/en/actions/using-workflows/manually-running-a-workflow#running-a-workflow).
--- a/crates/red_knot_module_resolver/build.rs
+++ b/crates/red_knot_module_resolver/build.rs
@@ -3,53 +3,35 @@
 //!
 //! This script should be automatically run at build time
 //! whenever the script itself changes, or whenever any files
-//! in `crates/ty_vendored/vendor/typeshed` change.
+//! in `crates/red_knot_module_resolver/vendor/typeshed` change.

 use std::fs::File;
-use std::io::Write;
 use std::path::Path;

 use path_slash::PathExt;
-use zip::CompressionMethod;
 use zip::result::ZipResult;
 use zip::write::{FileOptions, ZipWriter};
+use zip::CompressionMethod;

 const TYPESHED_SOURCE_DIR: &str = "vendor/typeshed";
-const TY_EXTENSIONS_STUBS: &str = "ty_extensions/ty_extensions.pyi";
 const TYPESHED_ZIP_LOCATION: &str = "/zipped_typeshed.zip";

-/// Recursively zip the contents of the entire typeshed directory and patch typeshed
-/// on the fly to include the `ty_extensions` module.
+/// Recursively zip the contents of an entire directory.
 ///
 /// This routine is adapted from a recipe at
 /// <https://github.com/zip-rs/zip-old/blob/5d0f198124946b7be4e5969719a7f29f363118cd/examples/write_dir.rs>
-fn write_zipped_typeshed_to(writer: File) -> ZipResult<File> {
+fn zip_dir(directory_path: &str, writer: File) -> ZipResult<File> {
    let mut zip = ZipWriter::new(writer);

-    // Use deflated compression for WASM builds because compiling `zstd-sys` requires clang
-    // [source](https://github.com/gyscos/zstd-rs/wiki/Compile-for-WASM) which complicates the build
-    // by a lot. Deflated compression is slower but it shouldn't matter much for the WASM use case
-    // (WASM itself is already slower than a native build for a specific platform).
-    // We can't use `#[cfg(...)]` here because the target-arch in a build script is the
-    // architecture of the system running the build script and not the architecture of the build-target.
-    // That's why we use the `TARGET` environment variable here.
-    let method = if cfg!(feature = "zstd") {
-        CompressionMethod::Zstd
-    } else if cfg!(feature = "deflate") {
-        CompressionMethod::Deflated
-    } else {
-        CompressionMethod::Stored
-    };
-
    let options = FileOptions::default()
-        .compression_method(method)
+        .compression_method(CompressionMethod::Zstd)
        .unix_permissions(0o644);

-    for entry in walkdir::WalkDir::new(TYPESHED_SOURCE_DIR) {
+    for entry in walkdir::WalkDir::new(directory_path) {
        let dir_entry = entry.unwrap();
        let absolute_path = dir_entry.path();
        let normalized_relative_path = absolute_path
-            .strip_prefix(Path::new(TYPESHED_SOURCE_DIR))
+            .strip_prefix(Path::new(directory_path))
            .unwrap()
            .to_slash()
            .expect("Unexpected non-utf8 typeshed path!");
@@ -58,14 +40,9 @@ fn write_zipped_typeshed_to(writer: File) -> ZipResult<File> {
        // Some unzip tools unzip files with directory paths correctly, some do not!
        if absolute_path.is_file() {
            println!("adding file {absolute_path:?} as {normalized_relative_path:?} ...");
-            zip.start_file(&*normalized_relative_path, options)?;
+            zip.start_file(normalized_relative_path, options)?;
            let mut f = File::open(absolute_path)?;
            std::io::copy(&mut f, &mut zip).unwrap();
-
-            // Patch the VERSIONS file to make `ty_extensions` available
-            if normalized_relative_path == "stdlib/VERSIONS" {
-                writeln!(&mut zip, "ty_extensions: 3.0-")?;
-            }
        } else if !normalized_relative_path.is_empty() {
            // Only if not root! Avoids path spec / warning
            // and mapname conversion failed error on unzip
@@ -73,17 +50,11 @@ fn write_zipped_typeshed_to(writer: File) -> ZipResult<File> {
            zip.add_directory(normalized_relative_path, options)?;
        }
    }
-
-    // Patch typeshed and add the stubs for the `ty_extensions` module
-    println!("adding file {TY_EXTENSIONS_STUBS} as stdlib/ty_extensions.pyi ...");
-    zip.start_file("stdlib/ty_extensions.pyi", options)?;
-    let mut f = File::open(TY_EXTENSIONS_STUBS)?;
-    std::io::copy(&mut f, &mut zip).unwrap();
-
    zip.finish()
 }

 fn main() {
+    println!("cargo:rerun-if-changed={TYPESHED_SOURCE_DIR}");
    assert!(
        Path::new(TYPESHED_SOURCE_DIR).is_dir(),
        "Where is typeshed?"
@@ -98,6 +69,6 @@ fn main() {
    // which can't be done at compile time.)
    let zipped_typeshed_location = format!("{out_dir}{TYPESHED_ZIP_LOCATION}");

-    let zipped_typeshed_file = File::create(zipped_typeshed_location).unwrap();
-    write_zipped_typeshed_to(zipped_typeshed_file).unwrap();
+    let zipped_typeshed = File::create(zipped_typeshed_location).unwrap();
+    zip_dir(TYPESHED_SOURCE_DIR, zipped_typeshed).unwrap();
 }
--- a/crates/red_knot_module_resolver/src/db.rs
+++ b/crates/red_knot_module_resolver/src/db.rs
@@ -0,0 +1,105 @@
+use ruff_db::Upcast;
+
+#[salsa::db]
+pub trait Db: ruff_db::Db + Upcast<dyn ruff_db::Db> {}
+
+#[cfg(test)]
+pub(crate) mod tests {
+    use std::sync;
+
+    use ruff_db::files::Files;
+    use ruff_db::system::{DbWithTestSystem, TestSystem};
+    use ruff_db::vendored::VendoredFileSystem;
+
+    use crate::vendored_typeshed_stubs;
+
+    use super::*;
+
+    #[salsa::db]
+    pub(crate) struct TestDb {
+        storage: salsa::Storage<Self>,
+        system: TestSystem,
+        vendored: VendoredFileSystem,
+        files: Files,
+        events: sync::Arc<sync::Mutex<Vec<salsa::Event>>>,
+    }
+
+    impl TestDb {
+        pub(crate) fn new() -> Self {
+            Self {
+                storage: salsa::Storage::default(),
+                system: TestSystem::default(),
+                vendored: vendored_typeshed_stubs().clone(),
+                events: sync::Arc::default(),
+                files: Files::default(),
+            }
+        }
+
+        /// Takes the salsa events.
+        ///
+        /// ## Panics
+        /// If there are any pending salsa snapshots.
+        pub(crate) fn take_salsa_events(&mut self) -> Vec<salsa::Event> {
+            let inner = sync::Arc::get_mut(&mut self.events).expect("no pending salsa snapshots");
+
+            let events = inner.get_mut().unwrap();
+            std::mem::take(&mut *events)
+        }
+
+        /// Clears the salsa events.
+        ///
+        /// ## Panics
+        /// If there are any pending salsa snapshots.
+        pub(crate) fn clear_salsa_events(&mut self) {
+            self.take_salsa_events();
+        }
+    }
+
+    impl Upcast<dyn ruff_db::Db> for TestDb {
+        fn upcast(&self) -> &(dyn ruff_db::Db + 'static) {
+            self
+        }
+        fn upcast_mut(&mut self) -> &mut (dyn ruff_db::Db + 'static) {
+            self
+        }
+    }
+
+    #[salsa::db]
+    impl ruff_db::Db for TestDb {
+        fn vendored(&self) -> &VendoredFileSystem {
+            &self.vendored
+        }
+
+        fn system(&self) -> &dyn ruff_db::system::System {
+            &self.system
+        }
+
+        fn files(&self) -> &Files {
+            &self.files
+        }
+    }
+
+    #[salsa::db]
+    impl Db for TestDb {}
+
+    impl DbWithTestSystem for TestDb {
+        fn test_system(&self) -> &TestSystem {
+            &self.system
+        }
+
+        fn test_system_mut(&mut self) -> &mut TestSystem {
+            &mut self.system
+        }
+    }
+
+    #[salsa::db]
+    impl salsa::Database for TestDb {
+        fn salsa_event(&self, event: salsa::Event) {
+            self.attach(|_| {
+                tracing::trace!("event: {event:?}");
+                let mut events = self.events.lock().unwrap();
+                events.push(event);
+            });
+        }
+    }
+}
--- a/crates/ty_python_semantic/src/module_resolver/mod.rs
+++ b/crates/ty_python_semantic/src/module_resolver/mod.rs
@@ -1,17 +1,22 @@
 use std::iter::FusedIterator;

-pub use module::{KnownModule, Module};
+pub use db::Db;
+pub use module::{Module, ModuleKind};
+pub use module_name::ModuleName;
 pub use resolver::resolve_module;
-pub(crate) use resolver::{SearchPaths, file_to_module};
 use ruff_db::system::SystemPath;
+pub use typeshed::{
+    vendored_typeshed_stubs, TypeshedVersionsParseError, TypeshedVersionsParseErrorKind,
+};

-use crate::Db;
-use crate::module_resolver::resolver::search_paths;
-use resolver::SearchPathIterator;
+use crate::resolver::{module_resolution_settings, SearchPathIterator};

+mod db;
 mod module;
+mod module_name;
 mod path;
 mod resolver;
+mod state;
 mod typeshed;

 #[cfg(test)]
@@ -20,7 +25,7 @@ mod testing;
 /// Returns an iterator over all search paths pointing to a system path
 pub fn system_module_search_paths(db: &dyn Db) -> SystemModuleSearchPathsIter {
    SystemModuleSearchPathsIter {
-        inner: search_paths(db),
+        inner: module_resolution_settings(db).search_paths(db),
    }
 }

--- a/crates/red_knot_module_resolver/src/module.rs
+++ b/crates/red_knot_module_resolver/src/module.rs
@@ -0,0 +1,79 @@
+use std::fmt::Formatter;
+use std::sync::Arc;
+
+use ruff_db::files::File;
+
+use crate::module_name::ModuleName;
+use crate::path::SearchPath;
+
+/// Representation of a Python module.
+#[derive(Clone, PartialEq, Eq)]
+pub struct Module {
+    inner: Arc<ModuleInner>,
+}
+
+impl Module {
+    pub(crate) fn new(
+        name: ModuleName,
+        kind: ModuleKind,
+        search_path: SearchPath,
+        file: File,
+    ) -> Self {
+        Self {
+            inner: Arc::new(ModuleInner {
+                name,
+                kind,
+                search_path,
+                file,
+            }),
+        }
+    }
+
+    /// The absolute name of the module (e.g. `foo.bar`)
+    pub fn name(&self) -> &ModuleName {
+        &self.inner.name
+    }
+
+    /// The file to the source code that defines this module
+    pub fn file(&self) -> File {
+        self.inner.file
+    }
+
+    /// The search path from which the module was resolved.
+    pub(crate) fn search_path(&self) -> &SearchPath {
+        &self.inner.search_path
+    }
+
+    /// Determine whether this module is a single-file module or a package
+    pub fn kind(&self) -> ModuleKind {
+        self.inner.kind
+    }
+}
+
+impl std::fmt::Debug for Module {
+    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
+        f.debug_struct("Module")
+            .field("name", &self.name())
+            .field("kind", &self.kind())
+            .field("file", &self.file())
+            .field("search_path", &self.search_path())
+            .finish()
+    }
+}
+
+#[derive(PartialEq, Eq)]
+struct ModuleInner {
+    name: ModuleName,
+    kind: ModuleKind,
+    search_path: SearchPath,
+    file: File,
+}
+
+#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)]
+pub enum ModuleKind {
+    /// A single-file module (e.g. `foo.py` or `foo.pyi`)
+    Module,
+
+    /// A python package (`foo/__init__.py` or `foo/__init__.pyi`)
+    Package,
+}
--- a/crates/red_knot_module_resolver/src/module_name.rs
+++ b/crates/red_knot_module_resolver/src/module_name.rs
@@ -1,15 +1,10 @@
 use std::fmt;
-use std::num::NonZeroU32;
 use std::ops::Deref;

 use compact_str::{CompactString, ToCompactString};

-use ruff_db::files::File;
-use ruff_python_ast as ast;
 use ruff_python_stdlib::identifiers::is_identifier;

-use crate::{db::Db, module_resolver::file_to_module};
-
 /// A module name, e.g. `foo.bar`.
 ///
 /// Always normalized to the absolute form (never a relative module name, i.e., never `.foo`).
@@ -47,7 +42,7 @@ impl ModuleName {
    /// ## Examples
    ///
    /// ```
-    /// use ty_python_semantic::ModuleName;
+    /// use red_knot_module_resolver::ModuleName;
    ///
    /// assert_eq!(ModuleName::new_static("foo.bar").as_deref(), Some("foo.bar"));
    /// assert_eq!(ModuleName::new_static(""), None);
@@ -73,7 +68,7 @@ impl ModuleName {
    /// # Examples
    ///
    /// ```
-    /// use ty_python_semantic::ModuleName;
+    /// use red_knot_module_resolver::ModuleName;
    ///
    /// assert_eq!(ModuleName::new_static("foo.bar.baz").unwrap().components().collect::<Vec<_>>(), vec!["foo", "bar", "baz"]);
    /// ```
@@ -87,7 +82,7 @@ impl ModuleName {
    /// # Examples
    ///
    /// ```
-    /// use ty_python_semantic::ModuleName;
+    /// use red_knot_module_resolver::ModuleName;
    ///
    /// assert_eq!(ModuleName::new_static("foo.bar").unwrap().parent(), Some(ModuleName::new_static("foo").unwrap()));
    /// assert_eq!(ModuleName::new_static("foo.bar.baz").unwrap().parent(), Some(ModuleName::new_static("foo.bar").unwrap()));
@@ -106,7 +101,7 @@ impl ModuleName {
    /// # Examples
    ///
    /// ```
-    /// use ty_python_semantic::ModuleName;
+    /// use red_knot_module_resolver::ModuleName;
    ///
    /// assert!(ModuleName::new_static("foo.bar").unwrap().starts_with(&ModuleName::new_static("foo").unwrap()));
    ///
@@ -138,7 +133,7 @@ impl ModuleName {
    /// # Examples
    ///
    /// ```
-    /// use ty_python_semantic::ModuleName;
+    /// use red_knot_module_resolver::ModuleName;
    ///
    /// assert_eq!(&*ModuleName::from_components(["a"]).unwrap(), "a");
    /// assert_eq!(&*ModuleName::from_components(["a", "b"]).unwrap(), "a.b");
@@ -173,67 +168,6 @@ impl ModuleName {
        };
        Some(Self(name))
    }
-
-    /// Extend `self` with the components of `other`
-    ///
-    /// # Examples
-    ///
-    /// ```
-    /// use ty_python_semantic::ModuleName;
-    ///
-    /// let mut module_name = ModuleName::new_static("foo").unwrap();
-    /// module_name.extend(&ModuleName::new_static("bar").unwrap());
-    /// assert_eq!(&module_name, "foo.bar");
-    /// module_name.extend(&ModuleName::new_static("baz.eggs.ham").unwrap());
-    /// assert_eq!(&module_name, "foo.bar.baz.eggs.ham");
-    /// ```
-    pub fn extend(&mut self, other: &ModuleName) {
-        self.0.push('.');
-        self.0.push_str(other);
-    }
-
-    /// Returns an iterator of this module name and all of its parent modules.
-    ///
-    /// # Examples
-    ///
-    /// ```
-    /// use ty_python_semantic::ModuleName;
-    ///
-    /// assert_eq!(
-    ///     ModuleName::new_static("foo.bar.baz").unwrap().ancestors().collect::<Vec<_>>(),
-    ///     vec![
-    ///         ModuleName::new_static("foo.bar.baz").unwrap(),
-    ///         ModuleName::new_static("foo.bar").unwrap(),
-    ///         ModuleName::new_static("foo").unwrap(),
-    ///     ],
-    /// );
-    /// ```
-    pub fn ancestors(&self) -> impl Iterator<Item = Self> {
-        std::iter::successors(Some(self.clone()), Self::parent)
-    }
-
-    pub(crate) fn from_import_statement<'db>(
-        db: &'db dyn Db,
-        importing_file: File,
-        node: &'db ast::StmtImportFrom,
-    ) -> Result<Self, ModuleNameResolutionError> {
-        let ast::StmtImportFrom {
-            module,
-            level,
-            names: _,
-            range: _,
-        } = node;
-
-        let module = module.as_deref();
-
-        if let Some(level) = NonZeroU32::new(*level) {
-            relative_module_name(db, importing_file, module, level)
-        } else {
-            module
-                .and_then(Self::new)
-                .ok_or(ModuleNameResolutionError::InvalidSyntax)
-        }
-    }
 }

 impl Deref for ModuleName {
@@ -262,58 +196,3 @@ impl std::fmt::Display for ModuleName {
        f.write_str(&self.0)
    }
 }
-
-/// Given a `from .foo import bar` relative import, resolve the relative module
-/// we're importing `bar` from into an absolute [`ModuleName`]
-/// using the name of the module we're currently analyzing.
-///
-/// - `level` is the number of dots at the beginning of the relative module name:
-///   - `from .foo.bar import baz` => `level == 1`
-///   - `from ...foo.bar import baz` => `level == 3`
-/// - `tail` is the relative module name stripped of all leading dots:
-///   - `from .foo import bar` => `tail == "foo"`
-///   - `from ..foo.bar import baz` => `tail == "foo.bar"`
-fn relative_module_name(
-    db: &dyn Db,
-    importing_file: File,
-    tail: Option<&str>,
-    level: NonZeroU32,
-) -> Result<ModuleName, ModuleNameResolutionError> {
-    let module = file_to_module(db, importing_file)
-        .ok_or(ModuleNameResolutionError::UnknownCurrentModule)?;
-    let mut level = level.get();
-
-    if module.kind().is_package() {
-        level = level.saturating_sub(1);
-    }
-
-    let mut module_name = module
-        .name()
-        .ancestors()
-        .nth(level as usize)
-        .ok_or(ModuleNameResolutionError::TooManyDots)?;
-
-    if let Some(tail) = tail {
-        let tail = ModuleName::new(tail).ok_or(ModuleNameResolutionError::InvalidSyntax)?;
-        module_name.extend(&tail);
-    }
-
-    Ok(module_name)
-}
-
-/// Various ways in which resolving a [`ModuleName`]
-/// from an [`ast::StmtImport`] or [`ast::StmtImportFrom`] node might fail
-#[derive(Debug, Copy, Clone, PartialEq, Eq)]
-pub(crate) enum ModuleNameResolutionError {
-    /// The import statement has invalid syntax
-    InvalidSyntax,
-
-    /// We couldn't resolve the file we're currently analyzing back to a module
-    /// (Only necessary for relative import statements)
-    UnknownCurrentModule,
-
-    /// The relative import statement seems to take us outside of the module search path
-    /// (e.g. our current module is `foo.bar`, and the relative import statement in `foo.bar`
-    /// is `from ....baz import spam`)
-    TooManyDots,
-}
--- a/crates/ty_python_semantic/src/module_resolver/path.rs
+++ b/crates/ty_python_semantic/src/module_resolver/path.rs
@@ -4,15 +4,15 @@ use std::fmt;
 use std::sync::Arc;

 use camino::{Utf8Path, Utf8PathBuf};
-use ruff_db::files::{File, FileError, system_path_to_file, vendored_path_to_file};
+
+use ruff_db::files::{system_path_to_file, vendored_path_to_file, File, FileError};
 use ruff_db::system::{System, SystemPath, SystemPathBuf};
 use ruff_db::vendored::{VendoredPath, VendoredPathBuf};

-use super::typeshed::{TypeshedVersionsParseError, TypeshedVersionsQueryResult, typeshed_versions};
 use crate::db::Db;
 use crate::module_name::ModuleName;
-use crate::module_resolver::resolver::ResolverContext;
-use crate::site_packages::SitePackagesDiscoveryError;
+use crate::state::ResolverState;
+use crate::typeshed::{TypeshedVersionsParseError, TypeshedVersionsQueryResult};

 /// A path that points to a Python module.
 ///
@@ -58,16 +58,8 @@ impl ModulePath {
        self.relative_path.push(component);
    }

-    pub(crate) fn pop(&mut self) -> bool {
-        self.relative_path.pop()
-    }
-
-    pub(super) fn search_path(&self) -> &SearchPath {
-        &self.search_path
-    }
-
    #[must_use]
-    pub(super) fn is_directory(&self, resolver: &ResolverContext) -> bool {
+    pub(crate) fn is_directory(&self, resolver: &ResolverState) -> bool {
        let ModulePath {
            search_path,
            relative_path,
@@ -81,7 +73,7 @@ impl ModulePath {
                    == Err(FileError::IsADirectory)
            }
            SearchPathInner::StandardLibraryCustom(stdlib_root) => {
-                match query_stdlib_version(relative_path, resolver) {
+                match query_stdlib_version(Some(stdlib_root), relative_path, resolver) {
                    TypeshedVersionsQueryResult::DoesNotExist => false,
                    TypeshedVersionsQueryResult::Exists
                    | TypeshedVersionsQueryResult::MaybeExists => {
@@ -91,7 +83,7 @@ impl ModulePath {
                }
            }
            SearchPathInner::StandardLibraryVendored(stdlib_root) => {
-                match query_stdlib_version(relative_path, resolver) {
+                match query_stdlib_version(None, relative_path, resolver) {
                    TypeshedVersionsQueryResult::DoesNotExist => false,
                    TypeshedVersionsQueryResult::Exists
                    | TypeshedVersionsQueryResult::MaybeExists => resolver
@@ -103,7 +95,7 @@ impl ModulePath {
    }

    #[must_use]
-    pub(super) fn is_regular_package(&self, resolver: &ResolverContext) -> bool {
+    pub(crate) fn is_regular_package(&self, resolver: &ResolverState) -> bool {
        let ModulePath {
            search_path,
            relative_path,
@@ -115,13 +107,12 @@ impl ModulePath {
            | SearchPathInner::SitePackages(search_path)
            | SearchPathInner::Editable(search_path) => {
                let absolute_path = search_path.join(relative_path);
-
                system_path_to_file(resolver.db.upcast(), absolute_path.join("__init__.py")).is_ok()
-                    || system_path_to_file(resolver.db.upcast(), absolute_path.join("__init__.pyi"))
+                    || system_path_to_file(resolver.db.upcast(), absolute_path.join("__init__.py"))
                        .is_ok()
            }
            SearchPathInner::StandardLibraryCustom(search_path) => {
-                match query_stdlib_version(relative_path, resolver) {
+                match query_stdlib_version(Some(search_path), relative_path, resolver) {
                    TypeshedVersionsQueryResult::DoesNotExist => false,
                    TypeshedVersionsQueryResult::Exists
                    | TypeshedVersionsQueryResult::MaybeExists => system_path_to_file(
@@ -132,7 +123,7 @@ impl ModulePath {
                }
            }
            SearchPathInner::StandardLibraryVendored(search_path) => {
-                match query_stdlib_version(relative_path, resolver) {
+                match query_stdlib_version(None, relative_path, resolver) {
                    TypeshedVersionsQueryResult::DoesNotExist => false,
                    TypeshedVersionsQueryResult::Exists
                    | TypeshedVersionsQueryResult::MaybeExists => resolver
@@ -144,7 +135,7 @@ impl ModulePath {
    }

    #[must_use]
-    pub(super) fn to_file(&self, resolver: &ResolverContext) -> Option<File> {
+    pub(crate) fn to_file(&self, resolver: &ResolverState) -> Option<File> {
        let db = resolver.db.upcast();
        let ModulePath {
            search_path,
@@ -158,7 +149,7 @@ impl ModulePath {
                system_path_to_file(db, search_path.join(relative_path)).ok()
            }
            SearchPathInner::StandardLibraryCustom(stdlib_root) => {
-                match query_stdlib_version(relative_path, resolver) {
+                match query_stdlib_version(Some(stdlib_root), relative_path, resolver) {
                    TypeshedVersionsQueryResult::DoesNotExist => None,
                    TypeshedVersionsQueryResult::Exists
                    | TypeshedVersionsQueryResult::MaybeExists => {
@@ -167,7 +158,7 @@ impl ModulePath {
                }
            }
            SearchPathInner::StandardLibraryVendored(stdlib_root) => {
-                match query_stdlib_version(relative_path, resolver) {
+                match query_stdlib_version(None, relative_path, resolver) {
                    TypeshedVersionsQueryResult::DoesNotExist => None,
                    TypeshedVersionsQueryResult::Exists
                    | TypeshedVersionsQueryResult::MaybeExists => {
@@ -188,18 +179,7 @@ impl ModulePath {
            stdlib_path_to_module_name(relative_path)
        } else {
            let parent = relative_path.parent()?;
-            let parent_components = parent.components().enumerate().map(|(index, component)| {
-                let component = component.as_str();
-
-                // For stub packages, strip the `-stubs` suffix from the first component
-                // because it isn't a valid module name part AND the module name is the name without the `-stubs`.
-                if index == 0 {
-                    component.strip_suffix("-stubs").unwrap_or(component)
-                } else {
-                    component
-                }
-            });
-
+            let parent_components = parent.components().map(|component| component.as_str());
            let skip_final_part =
                relative_path.ends_with("__init__.py") || relative_path.ends_with("__init__.pyi");
            if skip_final_part {
@@ -292,15 +272,19 @@ fn stdlib_path_to_module_name(relative_path: &Utf8Path) -> Option<ModuleName> {

 #[must_use]
 fn query_stdlib_version(
+    custom_stdlib_root: Option<&SystemPath>,
    relative_path: &Utf8Path,
-    context: &ResolverContext,
+    resolver: &ResolverState,
 ) -> TypeshedVersionsQueryResult {
    let Some(module_name) = stdlib_path_to_module_name(relative_path) else {
        return TypeshedVersionsQueryResult::DoesNotExist;
    };
-    let ResolverContext { db, python_version } = context;
-
-    typeshed_versions(*db).query_module(&module_name, *python_version)
+    let ResolverState {
+        db,
+        typeshed_versions,
+        target_version,
+    } = resolver;
+    typeshed_versions.query_module(*db, &module_name, custom_stdlib_root, *target_version)
 }

 /// Enumeration describing the various ways in which validation of a search path might fail.
@@ -308,7 +292,7 @@ fn query_stdlib_version(
 /// If validation fails for a search path derived from the user settings,
 /// a message must be displayed to the user,
 /// as type checking cannot be done reliably in these circumstances.
-#[derive(Debug)]
+#[derive(Debug, PartialEq, Eq)]
 pub(crate) enum SearchPathValidationError {
    /// The path provided by the user was not a directory
    NotADirectory(SystemPathBuf),
@@ -319,20 +303,18 @@ pub(crate) enum SearchPathValidationError {
    NoStdlibSubdirectory(SystemPathBuf),

    /// The typeshed path provided by the user is a directory,
-    /// but `stdlib/VERSIONS` could not be read.
+    /// but no `stdlib/VERSIONS` file exists.
    /// (This is only relevant for stdlib search paths.)
-    FailedToReadVersionsFile {
-        path: SystemPathBuf,
-        error: std::io::Error,
-    },
+    NoVersionsFile(SystemPathBuf),
+
+    /// `stdlib/VERSIONS` is a directory.
+    /// (This is only relevant for stdlib search paths.)
+    VersionsIsADirectory(SystemPathBuf),

    /// The path provided by the user is a directory,
    /// and a `stdlib/VERSIONS` file exists, but it fails to parse.
    /// (This is only relevant for stdlib search paths.)
    VersionsParseError(TypeshedVersionsParseError),
-
-    /// Failed to discover the site-packages for the configured virtual environment.
-    SitePackagesDiscovery(SitePackagesDiscoveryError),
 }

 impl fmt::Display for SearchPathValidationError {
@@ -342,16 +324,9 @@ impl fmt::Display for SearchPathValidationError {
            Self::NoStdlibSubdirectory(path) => {
                write!(f, "The directory at {path} has no `stdlib/` subdirectory")
            }
-            Self::FailedToReadVersionsFile { path, error } => {
-                write!(
-                    f,
-                    "Failed to read the custom typeshed versions file '{path}': {error}"
-                )
-            }
+            Self::NoVersionsFile(path) => write!(f, "Expected a file at {path}/stdlib/VERSIONS"),
+            Self::VersionsIsADirectory(path) => write!(f, "{path}/stdlib/VERSIONS is a directory."),
            Self::VersionsParseError(underlying_error) => underlying_error.fmt(f),
-            SearchPathValidationError::SitePackagesDiscovery(error) => {
-                write!(f, "Failed to discover the site-packages directory: {error}")
-            }
        }
    }
 }
@@ -366,18 +341,6 @@ impl std::error::Error for SearchPathValidationError {
    }
 }

-impl From<TypeshedVersionsParseError> for SearchPathValidationError {
-    fn from(value: TypeshedVersionsParseError) -> Self {
-        Self::VersionsParseError(value)
-    }
-}
-
-impl From<SitePackagesDiscoveryError> for SearchPathValidationError {
-    fn from(value: SitePackagesDiscoveryError) -> Self {
-        Self::SitePackagesDiscovery(value)
-    }
-}
-
 type SearchPathResult<T> = Result<T, SearchPathValidationError>;

 #[derive(Debug, Clone, PartialEq, Eq, Hash)]
@@ -420,10 +383,11 @@ pub(crate) struct SearchPath(Arc<SearchPathInner>);

 impl SearchPath {
    fn directory_path(system: &dyn System, root: SystemPathBuf) -> SearchPathResult<SystemPathBuf> {
-        if system.is_directory(&root) {
-            Ok(root)
+        let canonicalized = system.canonicalize_path(&root).unwrap_or(root);
+        if system.is_directory(&canonicalized) {
+            Ok(canonicalized)
        } else {
-            Err(SearchPathValidationError::NotADirectory(root))
+            Err(SearchPathValidationError::NotADirectory(canonicalized))
        }
    }

@@ -442,22 +406,32 @@ impl SearchPath {
    }

    /// Create a new standard-library search path pointing to a custom directory on disk
-    pub(crate) fn custom_stdlib(db: &dyn Db, typeshed: &SystemPath) -> SearchPathResult<Self> {
+    pub(crate) fn custom_stdlib(db: &dyn Db, typeshed: SystemPathBuf) -> SearchPathResult<Self> {
        let system = db.system();
-        if !system.is_directory(typeshed) {
+        if !system.is_directory(&typeshed) {
            return Err(SearchPathValidationError::NotADirectory(
                typeshed.to_path_buf(),
            ));
        }
-
        let stdlib =
            Self::directory_path(system, typeshed.join("stdlib")).map_err(|err| match err {
-                SearchPathValidationError::NotADirectory(_) => {
-                    SearchPathValidationError::NoStdlibSubdirectory(typeshed.to_path_buf())
+                SearchPathValidationError::NotADirectory(path) => {
+                    SearchPathValidationError::NoStdlibSubdirectory(path)
                }
                err => err,
            })?;
-
+        let typeshed_versions =
+            system_path_to_file(db.upcast(), stdlib.join("VERSIONS")).map_err(|err| match err {
+                FileError::NotFound => SearchPathValidationError::NoVersionsFile(typeshed),
+                FileError::IsADirectory => {
+                    SearchPathValidationError::VersionsIsADirectory(typeshed)
+                }
+            })?;
+        crate::typeshed::parse_typeshed_versions(db, typeshed_versions)
+            .as_ref()
+            .map_err(|validation_error| {
+                SearchPathValidationError::VersionsParseError(validation_error.clone())
+            })?;
        Ok(Self(Arc::new(SearchPathInner::StandardLibraryCustom(
            stdlib,
        ))))
@@ -472,12 +446,6 @@ impl SearchPath {
    }

    /// Create a new search path pointing to the `site-packages` directory on disk
-    ///
-    /// TODO: the validation done here is somewhat redundant given that `site-packages`
-    /// are already validated at a higher level by the time we get here.
-    /// However, removing the validation here breaks some file-watching tests -- and
-    /// ultimately we'll probably want all search paths to be validated before a
-    /// `Program` is instantiated, so it doesn't seem like a huge priority right now.
    pub(crate) fn site_packages(
        system: &dyn System,
        root: SystemPathBuf,
@@ -643,26 +611,13 @@ impl PartialEq<SearchPath> for VendoredPathBuf {
    }
 }

-impl fmt::Display for SearchPath {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        match &*self.0 {
-            SearchPathInner::Extra(system_path_buf)
-            | SearchPathInner::FirstParty(system_path_buf)
-            | SearchPathInner::SitePackages(system_path_buf)
-            | SearchPathInner::Editable(system_path_buf)
-            | SearchPathInner::StandardLibraryCustom(system_path_buf) => system_path_buf.fmt(f),
-            SearchPathInner::StandardLibraryVendored(vendored_path_buf) => vendored_path_buf.fmt(f),
-        }
-    }
-}
-
 #[cfg(test)]
 mod tests {
+    use ruff_db::program::TargetVersion;
    use ruff_db::Db;
-    use ruff_python_ast::PythonVersion;

    use crate::db::tests::TestDb;
-    use crate::module_resolver::testing::{FileSpec, MockedTypeshed, TestCase, TestCaseBuilder};
+    use crate::testing::{FileSpec, MockedTypeshed, TestCase, TestCaseBuilder};

    use super::*;

@@ -676,6 +631,15 @@ mod tests {
    }

    impl SearchPath {
+        #[must_use]
+        pub(crate) fn is_stdlib_search_path(&self) -> bool {
+            matches!(
+                &*self.0,
+                SearchPathInner::StandardLibraryCustom(_)
+                    | SearchPathInner::StandardLibraryVendored(_)
+            )
+        }
+
        fn join(&self, component: &str) -> ModulePath {
            self.to_module_path().join(component)
        }
@@ -686,11 +650,11 @@ mod tests {
        let TestCase {
            db, src, stdlib, ..
        } = TestCaseBuilder::new()
-            .with_mocked_typeshed(MockedTypeshed::default())
+            .with_custom_typeshed(MockedTypeshed::default())
            .build();

        assert_eq!(
-            SearchPath::custom_stdlib(&db, stdlib.parent().unwrap())
+            SearchPath::custom_stdlib(&db, stdlib.parent().unwrap().to_path_buf())
                .unwrap()
                .to_module_path()
                .with_py_extension(),
@@ -698,7 +662,7 @@ mod tests {
        );

        assert_eq!(
-            &SearchPath::custom_stdlib(&db, stdlib.parent().unwrap())
+            &SearchPath::custom_stdlib(&db, stdlib.parent().unwrap().to_path_buf())
                .unwrap()
                .join("foo")
                .with_pyi_extension(),
@@ -807,9 +771,9 @@ mod tests {
    #[should_panic(expected = "Extension must be `pyi`; got `py`")]
    fn stdlib_path_invalid_join_py() {
        let TestCase { db, stdlib, .. } = TestCaseBuilder::new()
-            .with_mocked_typeshed(MockedTypeshed::default())
+            .with_custom_typeshed(MockedTypeshed::default())
            .build();
-        SearchPath::custom_stdlib(&db, stdlib.parent().unwrap())
+        SearchPath::custom_stdlib(&db, stdlib.parent().unwrap().to_path_buf())
            .unwrap()
            .to_module_path()
            .push("bar.py");
@@ -819,9 +783,9 @@ mod tests {
    #[should_panic(expected = "Extension must be `pyi`; got `rs`")]
    fn stdlib_path_invalid_join_rs() {
        let TestCase { db, stdlib, .. } = TestCaseBuilder::new()
-            .with_mocked_typeshed(MockedTypeshed::default())
+            .with_custom_typeshed(MockedTypeshed::default())
            .build();
-        SearchPath::custom_stdlib(&db, stdlib.parent().unwrap())
+        SearchPath::custom_stdlib(&db, stdlib.parent().unwrap().to_path_buf())
            .unwrap()
            .to_module_path()
            .push("bar.rs");
@@ -850,10 +814,10 @@ mod tests {
    #[test]
    fn relativize_stdlib_path_errors() {
        let TestCase { db, stdlib, .. } = TestCaseBuilder::new()
-            .with_mocked_typeshed(MockedTypeshed::default())
+            .with_custom_typeshed(MockedTypeshed::default())
            .build();

-        let root = SearchPath::custom_stdlib(&db, stdlib.parent().unwrap()).unwrap();
+        let root = SearchPath::custom_stdlib(&db, stdlib.parent().unwrap().to_path_buf()).unwrap();

        // Must have a `.pyi` extension or no extension:
        let bad_absolute_path = SystemPath::new("foo/stdlib/x.py");
@@ -895,22 +859,23 @@ mod tests {

    fn typeshed_test_case(
        typeshed: MockedTypeshed,
-        python_version: PythonVersion,
+        target_version: TargetVersion,
    ) -> (TestDb, SearchPath) {
        let TestCase { db, stdlib, .. } = TestCaseBuilder::new()
-            .with_mocked_typeshed(typeshed)
-            .with_python_version(python_version)
+            .with_custom_typeshed(typeshed)
+            .with_target_version(target_version)
            .build();
-        let stdlib = SearchPath::custom_stdlib(&db, stdlib.parent().unwrap()).unwrap();
+        let stdlib =
+            SearchPath::custom_stdlib(&db, stdlib.parent().unwrap().to_path_buf()).unwrap();
        (db, stdlib)
    }

    fn py38_typeshed_test_case(typeshed: MockedTypeshed) -> (TestDb, SearchPath) {
-        typeshed_test_case(typeshed, PythonVersion::PY38)
+        typeshed_test_case(typeshed, TargetVersion::Py38)
    }

    fn py39_typeshed_test_case(typeshed: MockedTypeshed) -> (TestDb, SearchPath) {
-        typeshed_test_case(typeshed, PythonVersion::PY39)
+        typeshed_test_case(typeshed, TargetVersion::Py39)
    }

    #[test]
@@ -926,19 +891,17 @@ mod tests {
        };

        let (db, stdlib_path) = py38_typeshed_test_case(TYPESHED);
-        let resolver = ResolverContext::new(&db, PythonVersion::PY38);
+        let resolver = ResolverState::new(&db, TargetVersion::Py38);

        let asyncio_regular_package = stdlib_path.join("asyncio");
        assert!(asyncio_regular_package.is_directory(&resolver));
        assert!(asyncio_regular_package.is_regular_package(&resolver));
        // Paths to directories don't resolve to VfsFiles
        assert_eq!(asyncio_regular_package.to_file(&resolver), None);
-        assert!(
-            asyncio_regular_package
-                .join("__init__.pyi")
-                .to_file(&resolver)
-                .is_some()
-        );
+        assert!(asyncio_regular_package
+            .join("__init__.pyi")
+            .to_file(&resolver)
+            .is_some());

        // The `asyncio` package exists on Python 3.8, but the `asyncio.tasks` submodule does not,
        // according to the `VERSIONS` file in our typeshed mock:
@@ -956,7 +919,7 @@ mod tests {
        };

        let (db, stdlib_path) = py38_typeshed_test_case(TYPESHED);
-        let resolver = ResolverContext::new(&db, PythonVersion::PY38);
+        let resolver = ResolverState::new(&db, TargetVersion::Py38);

        let xml_namespace_package = stdlib_path.join("xml");
        assert!(xml_namespace_package.is_directory(&resolver));
@@ -978,7 +941,7 @@ mod tests {
        };

        let (db, stdlib_path) = py38_typeshed_test_case(TYPESHED);
-        let resolver = ResolverContext::new(&db, PythonVersion::PY38);
+        let resolver = ResolverState::new(&db, TargetVersion::Py38);

        let functools_module = stdlib_path.join("functools.pyi");
        assert!(functools_module.to_file(&resolver).is_some());
@@ -994,7 +957,7 @@ mod tests {
        };

        let (db, stdlib_path) = py38_typeshed_test_case(TYPESHED);
-        let resolver = ResolverContext::new(&db, PythonVersion::PY38);
+        let resolver = ResolverState::new(&db, TargetVersion::Py38);

        let collections_regular_package = stdlib_path.join("collections");
        assert_eq!(collections_regular_package.to_file(&resolver), None);
@@ -1010,7 +973,7 @@ mod tests {
        };

        let (db, stdlib_path) = py38_typeshed_test_case(TYPESHED);
-        let resolver = ResolverContext::new(&db, PythonVersion::PY38);
+        let resolver = ResolverState::new(&db, TargetVersion::Py38);

        let importlib_namespace_package = stdlib_path.join("importlib");
        assert_eq!(importlib_namespace_package.to_file(&resolver), None);
@@ -1031,7 +994,7 @@ mod tests {
        };

        let (db, stdlib_path) = py38_typeshed_test_case(TYPESHED);
-        let resolver = ResolverContext::new(&db, PythonVersion::PY38);
+        let resolver = ResolverState::new(&db, TargetVersion::Py38);

        let non_existent = stdlib_path.join("doesnt_even_exist");
        assert_eq!(non_existent.to_file(&resolver), None);
@@ -1059,7 +1022,7 @@ mod tests {
        };

        let (db, stdlib_path) = py39_typeshed_test_case(TYPESHED);
-        let resolver = ResolverContext::new(&db, PythonVersion::PY39);
+        let resolver = ResolverState::new(&db, TargetVersion::Py39);

        // Since we've set the target version to Py39,
        // `collections` should now exist as a directory, according to VERSIONS...
@@ -1068,12 +1031,10 @@ mod tests {
        assert!(collections_regular_package.is_regular_package(&resolver));
        // (This is still `None`, as directories don't resolve to `Vfs` files)
        assert_eq!(collections_regular_package.to_file(&resolver), None);
-        assert!(
-            collections_regular_package
-                .join("__init__.pyi")
-                .to_file(&resolver)
-                .is_some()
-        );
+        assert!(collections_regular_package
+            .join("__init__.pyi")
+            .to_file(&resolver)
+            .is_some());

        // ...and so should the `asyncio.tasks` submodule (though it's still not a directory):
        let asyncio_tasks_module = stdlib_path.join("asyncio/tasks.pyi");
@@ -1090,7 +1051,7 @@ mod tests {
        };

        let (db, stdlib_path) = py39_typeshed_test_case(TYPESHED);
-        let resolver = ResolverContext::new(&db, PythonVersion::PY39);
+        let resolver = ResolverState::new(&db, TargetVersion::Py39);

        // The `importlib` directory now also exists
        let importlib_namespace_package = stdlib_path.join("importlib");
@@ -1114,7 +1075,7 @@ mod tests {
        };

        let (db, stdlib_path) = py39_typeshed_test_case(TYPESHED);
-        let resolver = ResolverContext::new(&db, PythonVersion::PY39);
+        let resolver = ResolverState::new(&db, TargetVersion::Py39);

        // The `xml` package no longer exists on py39:
        let xml_namespace_package = stdlib_path.join("xml");
--- a/crates/ty_python_semantic/src/module_resolver/resolver.rs
+++ b/crates/ty_python_semantic/src/module_resolver/resolver.rs
--- a/crates/red_knot_module_resolver/src/state.rs
+++ b/crates/red_knot_module_resolver/src/state.rs
@@ -0,0 +1,25 @@
+use ruff_db::program::TargetVersion;
+use ruff_db::vendored::VendoredFileSystem;
+
+use crate::db::Db;
+use crate::typeshed::LazyTypeshedVersions;
+
+pub(crate) struct ResolverState<'db> {
+    pub(crate) db: &'db dyn Db,
+    pub(crate) typeshed_versions: LazyTypeshedVersions<'db>,
+    pub(crate) target_version: TargetVersion,
+}
+
+impl<'db> ResolverState<'db> {
+    pub(crate) fn new(db: &'db dyn Db, target_version: TargetVersion) -> Self {
+        Self {
+            db,
+            typeshed_versions: LazyTypeshedVersions::new(),
+            target_version,
+        }
+    }
+
+    pub(crate) fn vendored(&self) -> &VendoredFileSystem {
+        self.db.vendored()
+    }
+}
--- a/crates/ty_python_semantic/src/module_resolver/testing.rs
+++ b/crates/ty_python_semantic/src/module_resolver/testing.rs
@@ -1,12 +1,8 @@
-use ruff_db::system::{
-    DbWithTestSystem as _, DbWithWritableSystem as _, SystemPath, SystemPathBuf,
-};
+use ruff_db::program::{Program, SearchPathSettings, TargetVersion};
+use ruff_db::system::{DbWithTestSystem, SystemPath, SystemPathBuf};
 use ruff_db::vendored::VendoredPathBuf;
-use ruff_python_ast::PythonVersion;

 use crate::db::tests::TestDb;
-use crate::program::{Program, SearchPathSettings};
-use crate::{ProgramSettings, PythonPath, PythonPlatform};

 /// A test case for the module resolver.
 ///
@@ -20,7 +16,7 @@ pub(crate) struct TestCase<T> {
    // so this is a single directory instead of a `Vec` of directories,
    // like it is in `ruff_db::Program`.
    pub(crate) site_packages: SystemPathBuf,
-    pub(crate) python_version: PythonVersion,
+    pub(crate) target_version: TargetVersion,
 }

 /// A `(file_name, file_contents)` tuple
@@ -69,13 +65,13 @@ pub(crate) struct UnspecifiedTypeshed;
 /// ```rs
 /// let test_case = TestCaseBuilder::new()
 ///     .with_src_files(...)
-///     .with_python_version(...)
+///     .with_target_version(...)
 ///     .build();
 /// ```
 ///
 /// For tests checking that standard-library module resolution is working
 /// correctly, you should usually create a [`MockedTypeshed`] instance
-/// and pass it to the [`TestCaseBuilder::with_mocked_typeshed`] method.
+/// and pass it to the [`TestCaseBuilder::with_custom_typeshed`] method.
 /// If you need to check something that involves the vendored typeshed stubs
 /// we include as part of the binary, you can instead use the
 /// [`TestCaseBuilder::with_vendored_typeshed`] method.
@@ -87,13 +83,13 @@ pub(crate) struct UnspecifiedTypeshed;
 /// const TYPESHED = MockedTypeshed { ... };
 ///
 /// let test_case = resolver_test_case()
-///     .with_mocked_typeshed(TYPESHED)
-///     .with_python_version(...)
+///     .with_custom_typeshed(TYPESHED)
+///     .with_target_version(...)
 ///     .build();
 ///
 /// let test_case2 = resolver_test_case()
 ///     .with_vendored_typeshed()
-///     .with_python_version(...)
+///     .with_target_version(...)
 ///     .build();
 /// ```
 ///
@@ -102,8 +98,7 @@ pub(crate) struct UnspecifiedTypeshed;
 /// to `()`.
 pub(crate) struct TestCaseBuilder<T> {
    typeshed_option: T,
-    python_version: PythonVersion,
-    python_platform: PythonPlatform,
+    target_version: TargetVersion,
    first_party_files: Vec<FileSpec>,
    site_packages_files: Vec<FileSpec>,
 }
@@ -121,9 +116,9 @@ impl<T> TestCaseBuilder<T> {
        self
    }

-    /// Specify the Python version the module resolver should assume
-    pub(crate) fn with_python_version(mut self, python_version: PythonVersion) -> Self {
-        self.python_version = python_version;
+    /// Specify the target Python version the module resolver should assume
+    pub(crate) fn with_target_version(mut self, target_version: TargetVersion) -> Self {
+        self.target_version = target_version;
        self
    }

@@ -149,8 +144,7 @@ impl TestCaseBuilder<UnspecifiedTypeshed> {
    pub(crate) fn new() -> TestCaseBuilder<UnspecifiedTypeshed> {
        Self {
            typeshed_option: UnspecifiedTypeshed,
-            python_version: PythonVersion::default(),
-            python_platform: PythonPlatform::default(),
+            target_version: TargetVersion::default(),
            first_party_files: vec![],
            site_packages_files: vec![],
        }
@@ -160,37 +154,32 @@ impl TestCaseBuilder<UnspecifiedTypeshed> {
    pub(crate) fn with_vendored_typeshed(self) -> TestCaseBuilder<VendoredTypeshed> {
        let TestCaseBuilder {
            typeshed_option: _,
-            python_version,
-            python_platform,
+            target_version,
            first_party_files,
            site_packages_files,
        } = self;
        TestCaseBuilder {
            typeshed_option: VendoredTypeshed,
-            python_version,
-            python_platform,
+            target_version,
            first_party_files,
            site_packages_files,
        }
    }

    /// Use a mock typeshed directory for this test case
-    pub(crate) fn with_mocked_typeshed(
+    pub(crate) fn with_custom_typeshed(
        self,
        typeshed: MockedTypeshed,
    ) -> TestCaseBuilder<MockedTypeshed> {
        let TestCaseBuilder {
            typeshed_option: _,
-            python_version,
-            python_platform,
+            target_version,
            first_party_files,
            site_packages_files,
        } = self;
-
        TestCaseBuilder {
            typeshed_option: typeshed,
-            python_version,
-            python_platform,
+            target_version,
            first_party_files,
            site_packages_files,
        }
@@ -202,15 +191,14 @@ impl TestCaseBuilder<UnspecifiedTypeshed> {
            src,
            stdlib: _,
            site_packages,
-            python_version,
-        } = self.with_mocked_typeshed(MockedTypeshed::default()).build();
-
+            target_version,
+        } = self.with_custom_typeshed(MockedTypeshed::default()).build();
        TestCase {
            db,
            src,
            stdlib: (),
            site_packages,
-            python_version,
+            target_version,
        }
    }
 }
@@ -219,8 +207,7 @@ impl TestCaseBuilder<MockedTypeshed> {
    pub(crate) fn build(self) -> TestCase<SystemPathBuf> {
        let TestCaseBuilder {
            typeshed_option,
-            python_version,
-            python_platform,
+            target_version,
            first_party_files,
            site_packages_files,
        } = self;
@@ -232,27 +219,23 @@ impl TestCaseBuilder<MockedTypeshed> {
        let src = Self::write_mock_directory(&mut db, "/src", first_party_files);
        let typeshed = Self::build_typeshed_mock(&mut db, &typeshed_option);

-        Program::from_settings(
+        Program::new(
            &db,
-            ProgramSettings {
-                python_version,
-                python_platform,
-                search_paths: SearchPathSettings {
-                    extra_paths: vec![],
-                    src_roots: vec![src.clone()],
-                    custom_typeshed: Some(typeshed.clone()),
-                    python_path: PythonPath::KnownSitePackages(vec![site_packages.clone()]),
-                },
+            target_version,
+            SearchPathSettings {
+                extra_paths: vec![],
+                workspace_root: src.clone(),
+                custom_typeshed: Some(typeshed.clone()),
+                site_packages: vec![site_packages.clone()],
            },
-        )
-        .expect("Valid program settings");
+        );

        TestCase {
            db,
            src,
            stdlib: typeshed.join("stdlib"),
            site_packages,
-            python_version,
+            target_version,
        }
    }

@@ -278,8 +261,7 @@ impl TestCaseBuilder<VendoredTypeshed> {
    pub(crate) fn build(self) -> TestCase<VendoredPathBuf> {
        let TestCaseBuilder {
            typeshed_option: VendoredTypeshed,
-            python_version,
-            python_platform,
+            target_version,
            first_party_files,
            site_packages_files,
        } = self;
@@ -290,25 +272,23 @@ impl TestCaseBuilder<VendoredTypeshed> {
            Self::write_mock_directory(&mut db, "/site-packages", site_packages_files);
        let src = Self::write_mock_directory(&mut db, "/src", first_party_files);

-        Program::from_settings(
+        Program::new(
            &db,
-            ProgramSettings {
-                python_version,
-                python_platform,
-                search_paths: SearchPathSettings {
-                    python_path: PythonPath::KnownSitePackages(vec![site_packages.clone()]),
-                    ..SearchPathSettings::new(vec![src.clone()])
-                },
+            target_version,
+            SearchPathSettings {
+                extra_paths: vec![],
+                workspace_root: src.clone(),
+                custom_typeshed: None,
+                site_packages: vec![site_packages.clone()],
            },
-        )
-        .expect("Valid search path settings");
+        );

        TestCase {
            db,
            src,
            stdlib: VendoredPathBuf::from("stdlib"),
            site_packages,
-            python_version,
+            target_version,
        }
    }
 }
--- a/crates/red_knot_module_resolver/src/typeshed.rs
+++ b/crates/red_knot_module_resolver/src/typeshed.rs
@@ -0,0 +1,8 @@
+pub use self::vendored::vendored_typeshed_stubs;
+pub(crate) use self::versions::{
+    parse_typeshed_versions, LazyTypeshedVersions, TypeshedVersionsQueryResult,
+};
+pub use self::versions::{TypeshedVersionsParseError, TypeshedVersionsParseErrorKind};
+
+mod vendored;
+mod versions;
--- a/crates/red_knot_module_resolver/src/typeshed/vendored.rs
+++ b/crates/red_knot_module_resolver/src/typeshed/vendored.rs
@@ -1,13 +1,14 @@
+use once_cell::sync::Lazy;
+
 use ruff_db::vendored::VendoredFileSystem;
-use std::sync::LazyLock;

 // The file path here is hardcoded in this crate's `build.rs` script.
 // Luckily this crate will fail to build if this file isn't available at build time.
 static TYPESHED_ZIP_BYTES: &[u8] = include_bytes!(concat!(env!("OUT_DIR"), "/zipped_typeshed.zip"));

-pub fn file_system() -> &'static VendoredFileSystem {
-    static VENDORED_TYPESHED_STUBS: LazyLock<VendoredFileSystem> =
-        LazyLock::new(|| VendoredFileSystem::new_static(TYPESHED_ZIP_BYTES).unwrap());
+pub fn vendored_typeshed_stubs() -> &'static VendoredFileSystem {
+    static VENDORED_TYPESHED_STUBS: Lazy<VendoredFileSystem> =
+        Lazy::new(|| VendoredFileSystem::new_static(TYPESHED_ZIP_BYTES).unwrap());
    &VENDORED_TYPESHED_STUBS
 }

@@ -41,7 +42,7 @@ mod tests {
    #[test]
    fn typeshed_vfs_consistent_with_vendored_stubs() {
        let vendored_typeshed_dir = Path::new("vendor/typeshed").canonicalize().unwrap();
-        let vendored_typeshed_stubs = file_system();
+        let vendored_typeshed_stubs = vendored_typeshed_stubs();

        let mut empty_iterator = true;
        for entry in walkdir::WalkDir::new(&vendored_typeshed_dir).min_depth(1) {
--- a/crates/ty_python_semantic/src/module_resolver/typeshed.rs
+++ b/crates/ty_python_semantic/src/module_resolver/typeshed.rs
@@ -1,31 +1,96 @@
+use std::cell::OnceCell;
 use std::collections::BTreeMap;
 use std::fmt;
 use std::num::{NonZeroU16, NonZeroUsize};
 use std::ops::{RangeFrom, RangeInclusive};
 use std::str::FromStr;

-use ruff_python_ast::PythonVersion;
+use once_cell::sync::Lazy;
+use ruff_db::program::TargetVersion;
+use ruff_db::system::SystemPath;
 use rustc_hash::FxHashMap;

-use crate::Program;
+use ruff_db::files::{system_path_to_file, File};
+
 use crate::db::Db;
 use crate::module_name::ModuleName;

-pub(in crate::module_resolver) fn vendored_typeshed_versions(db: &dyn Db) -> TypeshedVersions {
-    TypeshedVersions::from_str(
-        &db.vendored()
-            .read_to_string("stdlib/VERSIONS")
-            .expect("The vendored typeshed stubs should contain a VERSIONS file"),
-    )
-    .expect("The VERSIONS file in the vendored typeshed stubs should be well-formed")
+use super::vendored::vendored_typeshed_stubs;
+
+#[derive(Debug)]
+pub(crate) struct LazyTypeshedVersions<'db>(OnceCell<&'db TypeshedVersions>);
+
+impl<'db> LazyTypeshedVersions<'db> {
+    #[must_use]
+    pub(crate) fn new() -> Self {
+        Self(OnceCell::new())
+    }
+
+    /// Query whether a module exists at runtime in the stdlib on a certain Python version.
+    ///
+    /// Simply probing whether a file exists in typeshed is insufficient for this question,
+    /// as a module in the stdlib may have been added in Python 3.10, but the typeshed stub
+    /// will still be available (either in a custom typeshed dir or in our vendored copy)
+    /// even if the user specified Python 3.8 as the target version.
+    ///
+    /// For top-level modules and packages, the VERSIONS file can always provide an unambiguous answer
+    /// as to whether the module exists on the specified target version. However, VERSIONS does not
+    /// provide comprehensive information on all submodules, meaning that this method sometimes
+    /// returns [`TypeshedVersionsQueryResult::MaybeExists`].
+    /// See [`TypeshedVersionsQueryResult`] for more details.
+    #[must_use]
+    pub(crate) fn query_module(
+        &self,
+        db: &'db dyn Db,
+        module: &ModuleName,
+        stdlib_root: Option<&SystemPath>,
+        target_version: TargetVersion,
+    ) -> TypeshedVersionsQueryResult {
+        let versions = self.0.get_or_init(|| {
+            let versions_path = if let Some(system_path) = stdlib_root {
+                system_path.join("VERSIONS")
+            } else {
+                return &VENDORED_VERSIONS;
+            };
+            let Ok(versions_file) = system_path_to_file(db.upcast(), &versions_path) else {
+                todo!(
+                    "Still need to figure out how to handle VERSIONS files being deleted \
+                    from custom typeshed directories! Expected a file to exist at {versions_path}"
+                )
+            };
+            // TODO(Alex/Micha): If VERSIONS is invalid,
+            // this should invalidate not just the specific module resolution we're currently attempting,
+            // but all type inference that depends on any standard-library types.
+            // Unwrapping here is not correct...
+            parse_typeshed_versions(db, versions_file).as_ref().unwrap()
+        });
+        versions.query_module(module, PyVersion::from(target_version))
+    }
 }

-pub(crate) fn typeshed_versions(db: &dyn Db) -> &TypeshedVersions {
-    Program::get(db).search_paths(db).typeshed_versions()
+#[salsa::tracked(return_ref)]
+pub(crate) fn parse_typeshed_versions(
+    db: &dyn Db,
+    versions_file: File,
+) -> Result<TypeshedVersions, TypeshedVersionsParseError> {
+    // TODO: Handle IO errors
+    let file_content = versions_file
+        .read_to_string(db.upcast())
+        .unwrap_or_default();
+    file_content.parse()
 }

+static VENDORED_VERSIONS: Lazy<TypeshedVersions> = Lazy::new(|| {
+    TypeshedVersions::from_str(
+        &vendored_typeshed_stubs()
+            .read_to_string("stdlib/VERSIONS")
+            .unwrap(),
+    )
+    .unwrap()
+});
+
 #[derive(Debug, PartialEq, Eq, Clone)]
-pub(crate) struct TypeshedVersionsParseError {
+pub struct TypeshedVersionsParseError {
    line_number: Option<NonZeroU16>,
    reason: TypeshedVersionsParseErrorKind,
 }
@@ -58,7 +123,7 @@ impl std::error::Error for TypeshedVersionsParseError {
 }

 #[derive(Debug, PartialEq, Eq, Clone)]
-pub(super) enum TypeshedVersionsParseErrorKind {
+pub enum TypeshedVersionsParseErrorKind {
    TooManyLines(NonZeroUsize),
    UnexpectedNumberOfColons,
    InvalidModuleName(String),
@@ -110,13 +175,13 @@ impl TypeshedVersions {
    }

    #[must_use]
-    pub(in crate::module_resolver) fn query_module(
+    fn query_module(
        &self,
        module: &ModuleName,
-        python_version: PythonVersion,
+        target_version: PyVersion,
    ) -> TypeshedVersionsQueryResult {
        if let Some(range) = self.exact(module) {
-            if range.contains(python_version) {
+            if range.contains(target_version) {
                TypeshedVersionsQueryResult::Exists
            } else {
                TypeshedVersionsQueryResult::DoesNotExist
@@ -126,7 +191,7 @@ impl TypeshedVersions {
            while let Some(module_to_try) = module {
                if let Some(range) = self.exact(&module_to_try) {
                    return {
-                        if range.contains(python_version) {
+                        if range.contains(target_version) {
                            TypeshedVersionsQueryResult::MaybeExists
                        } else {
                            TypeshedVersionsQueryResult::DoesNotExist
@@ -140,7 +205,7 @@ impl TypeshedVersions {
    }
 }

-/// Possible answers [`TypeshedVersions::query_module()`] could give to the question:
+/// Possible answers [`LazyTypeshedVersions::query_module()`] could give to the question:
 /// "Does this module exist in the stdlib at runtime on a certain target version?"
 #[derive(Debug, Copy, PartialEq, Eq, Clone, Hash)]
 pub(crate) enum TypeshedVersionsQueryResult {
@@ -237,7 +302,7 @@ impl FromStr for TypeshedVersions {
                    return Err(TypeshedVersionsParseError {
                        line_number: Some(line_number),
                        reason,
-                    });
+                    })
                }
            };
        }
@@ -258,13 +323,13 @@ impl fmt::Display for TypeshedVersions {

 #[derive(Debug, Clone, Eq, PartialEq, Hash)]
 enum PyVersionRange {
-    AvailableFrom(RangeFrom<PythonVersion>),
-    AvailableWithin(RangeInclusive<PythonVersion>),
+    AvailableFrom(RangeFrom<PyVersion>),
+    AvailableWithin(RangeInclusive<PyVersion>),
 }

 impl PyVersionRange {
    #[must_use]
-    fn contains(&self, version: PythonVersion) -> bool {
+    fn contains(&self, version: PyVersion) -> bool {
        match self {
            Self::AvailableFrom(inner) => inner.contains(&version),
            Self::AvailableWithin(inner) => inner.contains(&version),
@@ -278,14 +343,9 @@ impl FromStr for PyVersionRange {
    fn from_str(s: &str) -> Result<Self, Self::Err> {
        let mut parts = s.split('-').map(str::trim);
        match (parts.next(), parts.next(), parts.next()) {
-            (Some(lower), Some(""), None) => {
-                let lower = python_version_from_versions_file_string(lower)?;
-                Ok(Self::AvailableFrom(lower..))
-            }
+            (Some(lower), Some(""), None) => Ok(Self::AvailableFrom((lower.parse()?)..)),
            (Some(lower), Some(upper), None) => {
-                let lower = python_version_from_versions_file_string(lower)?;
-                let upper = python_version_from_versions_file_string(upper)?;
-                Ok(Self::AvailableWithin(lower..=upper))
+                Ok(Self::AvailableWithin((lower.parse()?)..=(upper.parse()?)))
            }
            _ => Err(TypeshedVersionsParseErrorKind::UnexpectedNumberOfHyphens),
        }
@@ -303,38 +363,91 @@ impl fmt::Display for PyVersionRange {
    }
 }

-fn python_version_from_versions_file_string(
-    s: &str,
-) -> Result<PythonVersion, TypeshedVersionsParseErrorKind> {
-    let mut parts = s.split('.').map(str::trim);
-    let (Some(major), Some(minor), None) = (parts.next(), parts.next(), parts.next()) else {
-        return Err(TypeshedVersionsParseErrorKind::UnexpectedNumberOfPeriods(
-            s.to_string(),
-        ));
-    };
-    PythonVersion::try_from((major, minor)).map_err(|int_parse_error| {
-        TypeshedVersionsParseErrorKind::IntegerParsingFailure {
-            version: s.to_string(),
-            err: int_parse_error,
+#[derive(Debug, Clone, Copy, Eq, PartialEq, Ord, PartialOrd, Hash)]
+struct PyVersion {
+    major: u8,
+    minor: u8,
+}
+
+impl FromStr for PyVersion {
+    type Err = TypeshedVersionsParseErrorKind;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        let mut parts = s.split('.').map(str::trim);
+        let (Some(major), Some(minor), None) = (parts.next(), parts.next(), parts.next()) else {
+            return Err(TypeshedVersionsParseErrorKind::UnexpectedNumberOfPeriods(
+                s.to_string(),
+            ));
+        };
+        let major = match u8::from_str(major) {
+            Ok(major) => major,
+            Err(err) => {
+                return Err(TypeshedVersionsParseErrorKind::IntegerParsingFailure {
+                    version: s.to_string(),
+                    err,
+                })
+            }
+        };
+        let minor = match u8::from_str(minor) {
+            Ok(minor) => minor,
+            Err(err) => {
+                return Err(TypeshedVersionsParseErrorKind::IntegerParsingFailure {
+                    version: s.to_string(),
+                    err,
+                })
+            }
+        };
+        Ok(Self { major, minor })
+    }
+}
+
+impl fmt::Display for PyVersion {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        let PyVersion { major, minor } = self;
+        write!(f, "{major}.{minor}")
+    }
+}
+
+impl From<TargetVersion> for PyVersion {
+    fn from(value: TargetVersion) -> Self {
+        match value {
+            TargetVersion::Py37 => PyVersion { major: 3, minor: 7 },
+            TargetVersion::Py38 => PyVersion { major: 3, minor: 8 },
+            TargetVersion::Py39 => PyVersion { major: 3, minor: 9 },
+            TargetVersion::Py310 => PyVersion {
+                major: 3,
+                minor: 10,
+            },
+            TargetVersion::Py311 => PyVersion {
+                major: 3,
+                minor: 11,
+            },
+            TargetVersion::Py312 => PyVersion {
+                major: 3,
+                minor: 12,
+            },
+            TargetVersion::Py313 => PyVersion {
+                major: 3,
+                minor: 13,
+            },
        }
-    })
+    }
 }

 #[cfg(test)]
 mod tests {
-    use std::fmt::Write as _;
    use std::num::{IntErrorKind, NonZeroU16};
    use std::path::Path;

    use insta::assert_snapshot;
-
-    use crate::db::tests::TestDb;
+    use ruff_db::program::TargetVersion;

    use super::*;

    const TYPESHED_STDLIB_DIR: &str = "stdlib";

-    const ONE: Option<NonZeroU16> = Some(NonZeroU16::new(1).unwrap());
+    #[allow(unsafe_code)]
+    const ONE: Option<NonZeroU16> = Some(unsafe { NonZeroU16::new_unchecked(1) });

    impl TypeshedVersions {
        #[must_use]
@@ -350,9 +463,12 @@ mod tests {

    #[test]
    fn can_parse_vendored_versions_file() {
-        let db = TestDb::new();
+        let versions_data = include_str!(concat!(
+            env!("CARGO_MANIFEST_DIR"),
+            "/vendor/typeshed/stdlib/VERSIONS"
+        ));

-        let versions = vendored_typeshed_versions(&db);
+        let versions = TypeshedVersions::from_str(versions_data).unwrap();
        assert!(versions.len() > 100);
        assert!(versions.len() < 1000);

@@ -362,37 +478,36 @@ mod tests {

        assert!(versions.contains_exact(&asyncio));
        assert_eq!(
-            versions.query_module(&asyncio, PythonVersion::PY310),
+            versions.query_module(&asyncio, TargetVersion::Py310.into()),
            TypeshedVersionsQueryResult::Exists
        );

        assert!(versions.contains_exact(&asyncio_staggered));
        assert_eq!(
-            versions.query_module(&asyncio_staggered, PythonVersion::PY38),
+            versions.query_module(&asyncio_staggered, TargetVersion::Py38.into()),
            TypeshedVersionsQueryResult::Exists
        );
        assert_eq!(
-            versions.query_module(&asyncio_staggered, PythonVersion::PY37),
+            versions.query_module(&asyncio_staggered, TargetVersion::Py37.into()),
            TypeshedVersionsQueryResult::DoesNotExist
        );

        assert!(versions.contains_exact(&audioop));
        assert_eq!(
-            versions.query_module(&audioop, PythonVersion::PY312),
+            versions.query_module(&audioop, TargetVersion::Py312.into()),
            TypeshedVersionsQueryResult::Exists
        );
        assert_eq!(
-            versions.query_module(&audioop, PythonVersion::PY313),
+            versions.query_module(&audioop, TargetVersion::Py313.into()),
            TypeshedVersionsQueryResult::DoesNotExist
        );
    }

    #[test]
    fn typeshed_versions_consistent_with_vendored_stubs() {
-        let db = TestDb::new();
-        let vendored_typeshed_versions = vendored_typeshed_versions(&db);
-        let vendored_typeshed_dir =
-            Path::new(env!("CARGO_MANIFEST_DIR")).join("../ty_vendored/vendor/typeshed");
+        const VERSIONS_DATA: &str = include_str!("../../vendor/typeshed/stdlib/VERSIONS");
+        let vendored_typeshed_dir = Path::new("vendor/typeshed").canonicalize().unwrap();
+        let vendored_typeshed_versions = TypeshedVersions::from_str(VERSIONS_DATA).unwrap();

        let mut empty_iterator = true;

@@ -460,11 +575,11 @@ foo: 3.8-   # trailing comment
 ";
        let parsed_versions = TypeshedVersions::from_str(VERSIONS).unwrap();
        assert_eq!(parsed_versions.len(), 3);
-        assert_snapshot!(parsed_versions.to_string(), @r"
+        assert_snapshot!(parsed_versions.to_string(), @r###"
        bar: 2.7-3.10
        bar.baz: 3.1-3.9
        foo: 3.8-
-        "
+        "###
        );
    }

@@ -475,15 +590,15 @@ foo: 3.8-   # trailing comment

        assert!(parsed_versions.contains_exact(&bar));
        assert_eq!(
-            parsed_versions.query_module(&bar, PythonVersion::PY37),
+            parsed_versions.query_module(&bar, TargetVersion::Py37.into()),
            TypeshedVersionsQueryResult::Exists
        );
        assert_eq!(
-            parsed_versions.query_module(&bar, PythonVersion::PY310),
+            parsed_versions.query_module(&bar, TargetVersion::Py310.into()),
            TypeshedVersionsQueryResult::Exists
        );
        assert_eq!(
-            parsed_versions.query_module(&bar, PythonVersion::PY311),
+            parsed_versions.query_module(&bar, TargetVersion::Py311.into()),
            TypeshedVersionsQueryResult::DoesNotExist
        );
    }
@@ -495,15 +610,15 @@ foo: 3.8-   # trailing comment

        assert!(parsed_versions.contains_exact(&foo));
        assert_eq!(
-            parsed_versions.query_module(&foo, PythonVersion::PY37),
+            parsed_versions.query_module(&foo, TargetVersion::Py37.into()),
            TypeshedVersionsQueryResult::DoesNotExist
        );
        assert_eq!(
-            parsed_versions.query_module(&foo, PythonVersion::PY38),
+            parsed_versions.query_module(&foo, TargetVersion::Py38.into()),
            TypeshedVersionsQueryResult::Exists
        );
        assert_eq!(
-            parsed_versions.query_module(&foo, PythonVersion::PY311),
+            parsed_versions.query_module(&foo, TargetVersion::Py311.into()),
            TypeshedVersionsQueryResult::Exists
        );
    }
@@ -515,15 +630,15 @@ foo: 3.8-   # trailing comment

        assert!(parsed_versions.contains_exact(&bar_baz));
        assert_eq!(
-            parsed_versions.query_module(&bar_baz, PythonVersion::PY37),
+            parsed_versions.query_module(&bar_baz, TargetVersion::Py37.into()),
            TypeshedVersionsQueryResult::Exists
        );
        assert_eq!(
-            parsed_versions.query_module(&bar_baz, PythonVersion::PY39),
+            parsed_versions.query_module(&bar_baz, TargetVersion::Py39.into()),
            TypeshedVersionsQueryResult::Exists
        );
        assert_eq!(
-            parsed_versions.query_module(&bar_baz, PythonVersion::PY310),
+            parsed_versions.query_module(&bar_baz, TargetVersion::Py310.into()),
            TypeshedVersionsQueryResult::DoesNotExist
        );
    }
@@ -535,15 +650,15 @@ foo: 3.8-   # trailing comment

        assert!(!parsed_versions.contains_exact(&bar_eggs));
        assert_eq!(
-            parsed_versions.query_module(&bar_eggs, PythonVersion::PY37),
+            parsed_versions.query_module(&bar_eggs, TargetVersion::Py37.into()),
            TypeshedVersionsQueryResult::MaybeExists
        );
        assert_eq!(
-            parsed_versions.query_module(&bar_eggs, PythonVersion::PY310),
+            parsed_versions.query_module(&bar_eggs, TargetVersion::Py310.into()),
            TypeshedVersionsQueryResult::MaybeExists
        );
        assert_eq!(
-            parsed_versions.query_module(&bar_eggs, PythonVersion::PY311),
+            parsed_versions.query_module(&bar_eggs, TargetVersion::Py311.into()),
            TypeshedVersionsQueryResult::DoesNotExist
        );
    }
@@ -555,11 +670,11 @@ foo: 3.8-   # trailing comment

        assert!(!parsed_versions.contains_exact(&spam));
        assert_eq!(
-            parsed_versions.query_module(&spam, PythonVersion::PY37),
+            parsed_versions.query_module(&spam, TargetVersion::Py37.into()),
            TypeshedVersionsQueryResult::DoesNotExist
        );
        assert_eq!(
-            parsed_versions.query_module(&spam, PythonVersion::PY313),
+            parsed_versions.query_module(&spam, TargetVersion::Py313.into()),
            TypeshedVersionsQueryResult::DoesNotExist
        );
    }
@@ -571,7 +686,7 @@ foo: 3.8-   # trailing comment

        let mut massive_versions_file = String::new();
        for i in 0..too_many {
-            let _ = writeln!(&mut massive_versions_file, "x{i}: 3.8-");
+            massive_versions_file.push_str(&format!("x{i}: 3.8-\n"));
        }

        assert_eq!(
--- a/crates/red_knot_module_resolver/vendor/typeshed/LICENSE
+++ b/crates/red_knot_module_resolver/vendor/typeshed/LICENSE
--- a/crates/red_knot_module_resolver/vendor/typeshed/README.md
+++ b/crates/red_knot_module_resolver/vendor/typeshed/README.md
@@ -21,7 +21,7 @@ the project the stubs are for, but instead report them here to typeshed.**
 Further documentation on stub files, typeshed, and Python's typing system in
 general, can also be found at https://typing.readthedocs.io/en/latest/.

-Typeshed supports Python versions 3.9 to 3.14.
+Typeshed supports Python versions 3.8 and up.

 ## Using

--- a/crates/red_knot_module_resolver/vendor/typeshed/source_commit.txt
+++ b/crates/red_knot_module_resolver/vendor/typeshed/source_commit.txt
@@ -0,0 +1 @@
+4ef2d66663fc080fefa379e6ae5fc45d4f8b54eb
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/VERSIONS
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/VERSIONS
@@ -20,53 +20,37 @@
 __future__: 3.0-
 __main__: 3.0-
 _ast: 3.0-
-_asyncio: 3.0-
 _bisect: 3.0-
-_blake2: 3.6-
 _bootlocale: 3.4-3.9
-_bz2: 3.3-
 _codecs: 3.0-
 _collections_abc: 3.3-
 _compat_pickle: 3.1-
-_compression: 3.5-3.13
-_contextvars: 3.7-
+_compression: 3.5-
 _csv: 3.0-
 _ctypes: 3.0-
 _curses: 3.0-
-_curses_panel: 3.0-
-_dbm: 3.0-
 _decimal: 3.3-
-_frozen_importlib: 3.0-
-_frozen_importlib_external: 3.5-
-_gdbm: 3.0-
-_hashlib: 3.0-
+_dummy_thread: 3.0-3.8
+_dummy_threading: 3.0-3.8
 _heapq: 3.0-
 _imp: 3.0-
 _interpchannels: 3.13-
 _interpqueues: 3.13-
 _interpreters: 3.13-
-_io: 3.0-
 _json: 3.0-
 _locale: 3.0-
 _lsprof: 3.0-
-_lzma: 3.3-
 _markupbase: 3.0-
-_msi: 3.0-3.12
-_multibytecodec: 3.0-
+_msi: 3.0-
 _operator: 3.4-
 _osx_support: 3.0-
-_pickle: 3.0-
 _posixsubprocess: 3.2-
 _py_abc: 3.7-
 _pydecimal: 3.5-
-_queue: 3.7-
 _random: 3.0-
 _sitebuiltins: 3.4-
 _socket: 3.0-  # present in 3.0 at runtime, but not in typeshed
-_sqlite3: 3.0-
-_ssl: 3.0-
 _stat: 3.4-
-_struct: 3.0-
 _thread: 3.0-
 _threading_local: 3.0-
 _tkinter: 3.0-
@@ -78,7 +62,6 @@ _weakrefset: 3.0-
 _winapi: 3.3-
 abc: 3.0-
 aifc: 3.0-3.12
-annotationlib: 3.14-
 antigravity: 3.0-
 argparse: 3.0-
 array: 3.0-
@@ -87,7 +70,6 @@ asynchat: 3.0-3.11
 asyncio: 3.4-
 asyncio.exceptions: 3.8-
 asyncio.format_helpers: 3.7-
-asyncio.graph: 3.14-
 asyncio.mixins: 3.10-
 asyncio.runners: 3.7-
 asyncio.staggered: 3.8-
@@ -119,9 +101,7 @@ collections: 3.0-
 collections.abc: 3.3-
 colorsys: 3.0-
 compileall: 3.0-
-compression: 3.14-
 concurrent: 3.2-
-concurrent.futures.interpreter: 3.14-
 configparser: 3.0-
 contextlib: 3.0-
 contextvars: 3.7-
@@ -142,13 +122,9 @@ distutils: 3.0-3.11
 distutils.command.bdist_msi: 3.0-3.10
 distutils.command.bdist_wininst: 3.0-3.9
 doctest: 3.0-
+dummy_threading: 3.0-3.8
 email: 3.0-
 encodings: 3.0-
-encodings.cp1125: 3.4-
-encodings.cp273: 3.4-
-encodings.cp858: 3.2-
-encodings.koi8_t: 3.5-
-encodings.kz1048: 3.5-
 ensurepip: 3.0-
 enum: 3.4-
 errno: 3.0-
@@ -180,15 +156,11 @@ imghdr: 3.0-3.12
 imp: 3.0-3.11
 importlib: 3.0-
 importlib._abc: 3.10-
-importlib._bootstrap: 3.0-
-importlib._bootstrap_external: 3.5-
 importlib.metadata: 3.8-
 importlib.metadata._meta: 3.10-
 importlib.metadata.diagnose: 3.13-
 importlib.readers: 3.10-
 importlib.resources: 3.7-
-importlib.resources._common: 3.11-
-importlib.resources._functional: 3.13-
 importlib.resources.abc: 3.11-
 importlib.resources.readers: 3.11-
 importlib.resources.simple: 3.11-
@@ -230,7 +202,6 @@ os: 3.0-
 ossaudiodev: 3.0-3.12
 parser: 3.0-3.9
 pathlib: 3.4-
-pathlib.types: 3.14-
 pdb: 3.0-
 pickle: 3.0-
 pickletools: 3.0-
@@ -283,7 +254,6 @@ ssl: 3.0-
 stat: 3.0-
 statistics: 3.4-
 string: 3.0-
-string.templatelib: 3.14-
 stringprep: 3.0-
 struct: 3.0-
 subprocess: 3.0-
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/future.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/future.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/main.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/main.pyi
@@ -0,0 +1,3 @@
+from typing import Any
+
+def __getattr__(name: str) -> Any: ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_ast.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_ast.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_bisect.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_bisect.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_bootlocale.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_bootlocale.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_codecs.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_codecs.pyi
@@ -2,13 +2,10 @@ import codecs
 import sys
 from _typeshed import ReadableBuffer
 from collections.abc import Callable
-from typing import Literal, final, overload, type_check_only
+from typing import Literal, overload
 from typing_extensions import TypeAlias

 # This type is not exposed; it is defined in unicodeobject.c
-# At runtime it calls itself builtins.EncodingMap
-@final
-@type_check_only
 class _EncodingMap:
    def size(self) -> int: ...

@@ -81,12 +78,26 @@ def escape_decode(data: str | ReadableBuffer, errors: str | None = None, /) -> t
 def escape_encode(data: bytes, errors: str | None = None, /) -> tuple[bytes, int]: ...
 def latin_1_decode(data: ReadableBuffer, errors: str | None = None, /) -> tuple[str, int]: ...
 def latin_1_encode(str: str, errors: str | None = None, /) -> tuple[bytes, int]: ...
-def raw_unicode_escape_decode(
-    data: str | ReadableBuffer, errors: str | None = None, final: bool = True, /
-) -> tuple[str, int]: ...
+
+if sys.version_info >= (3, 9):
+    def raw_unicode_escape_decode(
+        data: str | ReadableBuffer, errors: str | None = None, final: bool = True, /
+    ) -> tuple[str, int]: ...
+
+else:
+    def raw_unicode_escape_decode(data: str | ReadableBuffer, errors: str | None = None, /) -> tuple[str, int]: ...
+
 def raw_unicode_escape_encode(str: str, errors: str | None = None, /) -> tuple[bytes, int]: ...
 def readbuffer_encode(data: str | ReadableBuffer, errors: str | None = None, /) -> tuple[bytes, int]: ...
-def unicode_escape_decode(data: str | ReadableBuffer, errors: str | None = None, final: bool = True, /) -> tuple[str, int]: ...
+
+if sys.version_info >= (3, 9):
+    def unicode_escape_decode(
+        data: str | ReadableBuffer, errors: str | None = None, final: bool = True, /
+    ) -> tuple[str, int]: ...
+
+else:
+    def unicode_escape_decode(data: str | ReadableBuffer, errors: str | None = None, /) -> tuple[str, int]: ...
+
 def unicode_escape_encode(str: str, errors: str | None = None, /) -> tuple[bytes, int]: ...
 def utf_16_be_decode(data: ReadableBuffer, errors: str | None = None, final: bool = False, /) -> tuple[str, int]: ...
 def utf_16_be_encode(str: str, errors: str | None = None, /) -> tuple[bytes, int]: ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_collections_abc.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_collections_abc.pyi
@@ -1,14 +1,14 @@
 import sys
 from abc import abstractmethod
 from types import MappingProxyType
-from typing import (  # noqa: Y022,Y038,UP035
+from typing import (  # noqa: Y022,Y038,Y057
    AbstractSet as Set,
    AsyncGenerator as AsyncGenerator,
    AsyncIterable as AsyncIterable,
    AsyncIterator as AsyncIterator,
    Awaitable as Awaitable,
+    ByteString as ByteString,
    Callable as Callable,
-    ClassVar,
    Collection as Collection,
    Container as Container,
    Coroutine as Coroutine,
@@ -59,12 +59,8 @@ __all__ = [
    "ValuesView",
    "Sequence",
    "MutableSequence",
+    "ByteString",
 ]
-if sys.version_info < (3, 14):
-    from typing import ByteString as ByteString  # noqa: Y057,UP035
-
-    __all__ += ["ByteString"]
-
 if sys.version_info >= (3, 12):
    __all__ += ["Buffer"]

@@ -74,8 +70,6 @@ _VT_co = TypeVar("_VT_co", covariant=True)  # Value type covariant containers.
@final
 class dict_keys(KeysView[_KT_co], Generic[_KT_co, _VT_co]):  # undocumented
    def __eq__(self, value: object, /) -> bool: ...
-    def __reversed__(self) -> Iterator[_KT_co]: ...
-    __hash__: ClassVar[None]  # type: ignore[assignment]
    if sys.version_info >= (3, 13):
        def isdisjoint(self, other: Iterable[_KT_co], /) -> bool: ...
    if sys.version_info >= (3, 10):
@@ -84,7 +78,6 @@ class dict_keys(KeysView[_KT_co], Generic[_KT_co, _VT_co]):  # undocumented

@final
 class dict_values(ValuesView[_VT_co], Generic[_KT_co, _VT_co]):  # undocumented
-    def __reversed__(self) -> Iterator[_VT_co]: ...
    if sys.version_info >= (3, 10):
        @property
        def mapping(self) -> MappingProxyType[_KT_co, _VT_co]: ...
@@ -92,8 +85,6 @@ class dict_values(ValuesView[_VT_co], Generic[_KT_co, _VT_co]):  # undocumented
@final
 class dict_items(ItemsView[_KT_co, _VT_co]):  # undocumented
    def __eq__(self, value: object, /) -> bool: ...
-    def __reversed__(self) -> Iterator[tuple[_KT_co, _VT_co]]: ...
-    __hash__: ClassVar[None]  # type: ignore[assignment]
    if sys.version_info >= (3, 13):
        def isdisjoint(self, other: Iterable[tuple[_KT_co, _VT_co]], /) -> bool: ...
    if sys.version_info >= (3, 10):
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_compat_pickle.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_compat_pickle.pyi
--- a/crates/ty_vendored/vendor/typeshed/stdlib/compression/_common/_streams.pyi
+++ b/crates/ty_vendored/vendor/typeshed/stdlib/compression/_common/_streams.pyi
@@ -1,4 +1,4 @@
-from _typeshed import Incomplete, WriteableBuffer
+from _typeshed import WriteableBuffer
 from collections.abc import Callable
 from io import DEFAULT_BUFFER_SIZE, BufferedIOBase, RawIOBase
 from typing import Any, Protocol
@@ -16,9 +16,9 @@ class DecompressReader(RawIOBase):
    def __init__(
        self,
        fp: _Reader,
-        decomp_factory: Callable[..., Incomplete],  # Consider backporting changes to _compression
+        decomp_factory: Callable[..., object],
        trailing_error: type[Exception] | tuple[type[Exception], ...] = (),
-        **decomp_args: Any,  # These are passed to decomp_factory.
+        **decomp_args: Any,
    ) -> None: ...
    def readinto(self, b: WriteableBuffer) -> int: ...
    def read(self, size: int = -1) -> bytes: ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_csv.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_csv.pyi
@@ -0,0 +1,90 @@
+import sys
+from _typeshed import SupportsWrite
+from collections.abc import Iterable, Iterator
+from typing import Any, Final
+from typing_extensions import TypeAlias
+
+__version__: Final[str]
+
+QUOTE_ALL: Final = 1
+QUOTE_MINIMAL: Final = 0
+QUOTE_NONE: Final = 3
+QUOTE_NONNUMERIC: Final = 2
+if sys.version_info >= (3, 12):
+    QUOTE_STRINGS: Final = 4
+    QUOTE_NOTNULL: Final = 5
+
+# Ideally this would be `QUOTE_ALL | QUOTE_MINIMAL | QUOTE_NONE | QUOTE_NONNUMERIC`
+# However, using literals in situations like these can cause false-positives (see #7258)
+_QuotingType: TypeAlias = int
+
+class Error(Exception): ...
+
+class Dialect:
+    delimiter: str
+    quotechar: str | None
+    escapechar: str | None
+    doublequote: bool
+    skipinitialspace: bool
+    lineterminator: str
+    quoting: _QuotingType
+    strict: bool
+    def __init__(self) -> None: ...
+
+_DialectLike: TypeAlias = str | Dialect | type[Dialect]
+
+class _reader(Iterator[list[str]]):
+    @property
+    def dialect(self) -> Dialect: ...
+    line_num: int
+    def __next__(self) -> list[str]: ...
+
+class _writer:
+    @property
+    def dialect(self) -> Dialect: ...
+    def writerow(self, row: Iterable[Any]) -> Any: ...
+    def writerows(self, rows: Iterable[Iterable[Any]]) -> None: ...
+
+def writer(
+    csvfile: SupportsWrite[str],
+    dialect: _DialectLike = "excel",
+    *,
+    delimiter: str = ",",
+    quotechar: str | None = '"',
+    escapechar: str | None = None,
+    doublequote: bool = True,
+    skipinitialspace: bool = False,
+    lineterminator: str = "\r\n",
+    quoting: _QuotingType = 0,
+    strict: bool = False,
+) -> _writer: ...
+def reader(
+    csvfile: Iterable[str],
+    dialect: _DialectLike = "excel",
+    *,
+    delimiter: str = ",",
+    quotechar: str | None = '"',
+    escapechar: str | None = None,
+    doublequote: bool = True,
+    skipinitialspace: bool = False,
+    lineterminator: str = "\r\n",
+    quoting: _QuotingType = 0,
+    strict: bool = False,
+) -> _reader: ...
+def register_dialect(
+    name: str,
+    dialect: type[Dialect] = ...,
+    *,
+    delimiter: str = ",",
+    quotechar: str | None = '"',
+    escapechar: str | None = None,
+    doublequote: bool = True,
+    skipinitialspace: bool = False,
+    lineterminator: str = "\r\n",
+    quoting: _QuotingType = 0,
+    strict: bool = False,
+) -> None: ...
+def unregister_dialect(name: str) -> None: ...
+def get_dialect(name: str) -> Dialect: ...
+def list_dialects() -> list[str]: ...
+def field_size_limit(new_limit: int = ...) -> int: ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_ctypes.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_ctypes.pyi
@@ -0,0 +1,210 @@
+import sys
+from _typeshed import ReadableBuffer, WriteableBuffer
+from abc import abstractmethod
+from collections.abc import Callable, Iterable, Iterator, Mapping, Sequence
+from ctypes import CDLL, ArgumentError as ArgumentError
+from typing import Any, ClassVar, Generic, TypeVar, overload
+from typing_extensions import Self, TypeAlias
+
+if sys.version_info >= (3, 9):
+    from types import GenericAlias
+
+_T = TypeVar("_T")
+_CT = TypeVar("_CT", bound=_CData)
+
+FUNCFLAG_CDECL: int
+FUNCFLAG_PYTHONAPI: int
+FUNCFLAG_USE_ERRNO: int
+FUNCFLAG_USE_LASTERROR: int
+RTLD_GLOBAL: int
+RTLD_LOCAL: int
+
+if sys.version_info >= (3, 11):
+    CTYPES_MAX_ARGCOUNT: int
+
+if sys.version_info >= (3, 12):
+    SIZEOF_TIME_T: int
+
+if sys.platform == "win32":
+    # Description, Source, HelpFile, HelpContext, scode
+    _COMError_Details: TypeAlias = tuple[str | None, str | None, str | None, int | None, int | None]
+
+    class COMError(Exception):
+        hresult: int
+        text: str | None
+        details: _COMError_Details
+
+        def __init__(self, hresult: int, text: str | None, details: _COMError_Details) -> None: ...
+
+    def CopyComPointer(src: _PointerLike, dst: _PointerLike | _CArgObject) -> int: ...
+
+    FUNCFLAG_HRESULT: int
+    FUNCFLAG_STDCALL: int
+
+    def FormatError(code: int = ...) -> str: ...
+    def get_last_error() -> int: ...
+    def set_last_error(value: int) -> int: ...
+    def LoadLibrary(name: str, load_flags: int = 0, /) -> int: ...
+    def FreeLibrary(handle: int, /) -> None: ...
+
+class _CDataMeta(type):
+    # By default mypy complains about the following two methods, because strictly speaking cls
+    # might not be a Type[_CT]. However this can never actually happen, because the only class that
+    # uses _CDataMeta as its metaclass is _CData. So it's safe to ignore the errors here.
+    def __mul__(cls: type[_CT], other: int) -> type[Array[_CT]]: ...  # type: ignore[misc]
+    def __rmul__(cls: type[_CT], other: int) -> type[Array[_CT]]: ...  # type: ignore[misc]
+
+class _CData(metaclass=_CDataMeta):
+    _b_base_: int
+    _b_needsfree_: bool
+    _objects: Mapping[Any, int] | None
+    # At runtime the following classmethods are available only on classes, not
+    # on instances. This can't be reflected properly in the type system:
+    #
+    # Structure.from_buffer(...)  # valid at runtime
+    # Structure(...).from_buffer(...)  # invalid at runtime
+    #
+    @classmethod
+    def from_buffer(cls, source: WriteableBuffer, offset: int = ...) -> Self: ...
+    @classmethod
+    def from_buffer_copy(cls, source: ReadableBuffer, offset: int = ...) -> Self: ...
+    @classmethod
+    def from_address(cls, address: int) -> Self: ...
+    @classmethod
+    def from_param(cls, value: Any, /) -> Self | _CArgObject: ...
+    @classmethod
+    def in_dll(cls, library: CDLL, name: str) -> Self: ...
+    def __buffer__(self, flags: int, /) -> memoryview: ...
+    def __release_buffer__(self, buffer: memoryview, /) -> None: ...
+
+class _SimpleCData(_CData, Generic[_T]):
+    value: _T
+    # The TypeVar can be unsolved here,
+    # but we can't use overloads without creating many, many mypy false-positive errors
+    def __init__(self, value: _T = ...) -> None: ...  # pyright: ignore[reportInvalidTypeVarUse]
+
+class _CanCastTo(_CData): ...
+class _PointerLike(_CanCastTo): ...
+
+class _Pointer(_PointerLike, _CData, Generic[_CT]):
+    _type_: type[_CT]
+    contents: _CT
+    @overload
+    def __init__(self) -> None: ...
+    @overload
+    def __init__(self, arg: _CT) -> None: ...
+    @overload
+    def __getitem__(self, key: int, /) -> Any: ...
+    @overload
+    def __getitem__(self, key: slice, /) -> list[Any]: ...
+    def __setitem__(self, key: int, value: Any, /) -> None: ...
+
+def POINTER(type: type[_CT], /) -> type[_Pointer[_CT]]: ...
+def pointer(obj: _CT, /) -> _Pointer[_CT]: ...
+
+class _CArgObject: ...
+
+def byref(obj: _CData, offset: int = ...) -> _CArgObject: ...
+
+_ECT: TypeAlias = Callable[[_CData | None, CFuncPtr, tuple[_CData, ...]], _CData]
+_PF: TypeAlias = tuple[int] | tuple[int, str | None] | tuple[int, str | None, Any]
+
+class CFuncPtr(_PointerLike, _CData):
+    restype: type[_CData] | Callable[[int], Any] | None
+    argtypes: Sequence[type[_CData]]
+    errcheck: _ECT
+    # Abstract attribute that must be defined on subclasses
+    _flags_: ClassVar[int]
+    @overload
+    def __init__(self) -> None: ...
+    @overload
+    def __init__(self, address: int, /) -> None: ...
+    @overload
+    def __init__(self, callable: Callable[..., Any], /) -> None: ...
+    @overload
+    def __init__(self, func_spec: tuple[str | int, CDLL], paramflags: tuple[_PF, ...] | None = ..., /) -> None: ...
+    if sys.platform == "win32":
+        @overload
+        def __init__(
+            self, vtbl_index: int, name: str, paramflags: tuple[_PF, ...] | None = ..., iid: _CData | None = ..., /
+        ) -> None: ...
+
+    def __call__(self, *args: Any, **kwargs: Any) -> Any: ...
+
+_GetT = TypeVar("_GetT")
+_SetT = TypeVar("_SetT")
+
+class _CField(Generic[_CT, _GetT, _SetT]):
+    offset: int
+    size: int
+    @overload
+    def __get__(self, instance: None, owner: type[Any] | None, /) -> Self: ...
+    @overload
+    def __get__(self, instance: Any, owner: type[Any] | None, /) -> _GetT: ...
+    def __set__(self, instance: Any, value: _SetT, /) -> None: ...
+
+class _StructUnionMeta(_CDataMeta):
+    _fields_: Sequence[tuple[str, type[_CData]] | tuple[str, type[_CData], int]]
+    _pack_: int
+    _anonymous_: Sequence[str]
+    def __getattr__(self, name: str) -> _CField[Any, Any, Any]: ...
+
+class _StructUnionBase(_CData, metaclass=_StructUnionMeta):
+    def __init__(self, *args: Any, **kw: Any) -> None: ...
+    def __getattr__(self, name: str) -> Any: ...
+    def __setattr__(self, name: str, value: Any) -> None: ...
+
+class Union(_StructUnionBase): ...
+class Structure(_StructUnionBase): ...
+
+class Array(_CData, Generic[_CT]):
+    @property
+    @abstractmethod
+    def _length_(self) -> int: ...
+    @_length_.setter
+    def _length_(self, value: int) -> None: ...
+    @property
+    @abstractmethod
+    def _type_(self) -> type[_CT]: ...
+    @_type_.setter
+    def _type_(self, value: type[_CT]) -> None: ...
+    # Note: only available if _CT == c_char
+    @property
+    def raw(self) -> bytes: ...
+    @raw.setter
+    def raw(self, value: ReadableBuffer) -> None: ...
+    value: Any  # Note: bytes if _CT == c_char, str if _CT == c_wchar, unavailable otherwise
+    # TODO These methods cannot be annotated correctly at the moment.
+    # All of these "Any"s stand for the array's element type, but it's not possible to use _CT
+    # here, because of a special feature of ctypes.
+    # By default, when accessing an element of an Array[_CT], the returned object has type _CT.
+    # However, when _CT is a "simple type" like c_int, ctypes automatically "unboxes" the object
+    # and converts it to the corresponding Python primitive. For example, when accessing an element
+    # of an Array[c_int], a Python int object is returned, not a c_int.
+    # This behavior does *not* apply to subclasses of "simple types".
+    # If MyInt is a subclass of c_int, then accessing an element of an Array[MyInt] returns
+    # a MyInt, not an int.
+    # This special behavior is not easy to model in a stub, so for now all places where
+    # the array element type would belong are annotated with Any instead.
+    def __init__(self, *args: Any) -> None: ...
+    @overload
+    def __getitem__(self, key: int, /) -> Any: ...
+    @overload
+    def __getitem__(self, key: slice, /) -> list[Any]: ...
+    @overload
+    def __setitem__(self, key: int, value: Any, /) -> None: ...
+    @overload
+    def __setitem__(self, key: slice, value: Iterable[Any], /) -> None: ...
+    def __iter__(self) -> Iterator[Any]: ...
+    # Can't inherit from Sized because the metaclass conflict between
+    # Sized and _CData prevents using _CDataMeta.
+    def __len__(self) -> int: ...
+    if sys.version_info >= (3, 9):
+        def __class_getitem__(cls, item: Any, /) -> GenericAlias: ...
+
+def addressof(obj: _CData, /) -> int: ...
+def alignment(obj_or_type: _CData | type[_CData], /) -> int: ...
+def get_errno() -> int: ...
+def resize(obj: _CData, size: int, /) -> None: ...
+def set_errno(value: int, /) -> int: ...
+def sizeof(obj_or_type: _CData | type[_CData], /) -> int: ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_curses.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_curses.pyi
@@ -1,7 +1,6 @@
 import sys
-from _typeshed import ReadOnlyBuffer, SupportsRead, SupportsWrite
-from curses import _ncurses_version
-from typing import Any, final, overload
+from _typeshed import ReadOnlyBuffer, SupportsRead
+from typing import IO, Any, NamedTuple, final, overload
 from typing_extensions import TypeAlias

 # NOTE: This module is ordinarily only available on Unix, but the windows-curses
@@ -95,14 +94,13 @@ BUTTON4_DOUBLE_CLICKED: int
 BUTTON4_PRESSED: int
 BUTTON4_RELEASED: int
 BUTTON4_TRIPLE_CLICKED: int
-# Darwin ncurses doesn't provide BUTTON5_* constants prior to 3.12.10 and 3.13.3
-if sys.version_info >= (3, 10):
-    if sys.version_info >= (3, 12) or sys.platform != "darwin":
-        BUTTON5_PRESSED: int
-        BUTTON5_RELEASED: int
-        BUTTON5_CLICKED: int
-        BUTTON5_DOUBLE_CLICKED: int
-        BUTTON5_TRIPLE_CLICKED: int
+# Darwin ncurses doesn't provide BUTTON5_* constants
+if sys.version_info >= (3, 10) and sys.platform != "darwin":
+    BUTTON5_PRESSED: int
+    BUTTON5_RELEASED: int
+    BUTTON5_CLICKED: int
+    BUTTON5_DOUBLE_CLICKED: int
+    BUTTON5_TRIPLE_CLICKED: int
 BUTTON_ALT: int
 BUTTON_CTRL: int
 BUTTON_SHIFT: int
@@ -293,11 +291,14 @@ def erasechar() -> bytes: ...
 def filter() -> None: ...
 def flash() -> None: ...
 def flushinp() -> None: ...
-def get_escdelay() -> int: ...
-def get_tabsize() -> int: ...
+
+if sys.version_info >= (3, 9):
+    def get_escdelay() -> int: ...
+    def get_tabsize() -> int: ...
+
 def getmouse() -> tuple[int, int, int, int, int]: ...
 def getsyx() -> tuple[int, int]: ...
-def getwin(file: SupportsRead[bytes], /) -> window: ...
+def getwin(file: SupportsRead[bytes], /) -> _CursesWindow: ...
 def halfdelay(tenths: int, /) -> None: ...
 def has_colors() -> bool: ...

@@ -309,7 +310,7 @@ def has_il() -> bool: ...
 def has_key(key: int, /) -> bool: ...
 def init_color(color_number: int, r: int, g: int, b: int, /) -> None: ...
 def init_pair(pair_number: int, fg: int, bg: int, /) -> None: ...
-def initscr() -> window: ...
+def initscr() -> _CursesWindow: ...
 def intrflush(flag: bool, /) -> None: ...
 def is_term_resized(nlines: int, ncols: int, /) -> bool: ...
 def isendwin() -> bool: ...
@@ -320,8 +321,8 @@ def meta(yes: bool, /) -> None: ...
 def mouseinterval(interval: int, /) -> None: ...
 def mousemask(newmask: int, /) -> tuple[int, int]: ...
 def napms(ms: int, /) -> int: ...
-def newpad(nlines: int, ncols: int, /) -> window: ...
-def newwin(nlines: int, ncols: int, begin_y: int = ..., begin_x: int = ..., /) -> window: ...
+def newpad(nlines: int, ncols: int, /) -> _CursesWindow: ...
+def newwin(nlines: int, ncols: int, begin_y: int = ..., begin_x: int = ..., /) -> _CursesWindow: ...
 def nl(flag: bool = True, /) -> None: ...
 def nocbreak() -> None: ...
 def noecho() -> None: ...
@@ -339,8 +340,11 @@ def resetty() -> None: ...
 def resize_term(nlines: int, ncols: int, /) -> None: ...
 def resizeterm(nlines: int, ncols: int, /) -> None: ...
 def savetty() -> None: ...
-def set_escdelay(ms: int, /) -> None: ...
-def set_tabsize(size: int, /) -> None: ...
+
+if sys.version_info >= (3, 9):
+    def set_escdelay(ms: int, /) -> None: ...
+    def set_tabsize(size: int, /) -> None: ...
+
 def setsyx(y: int, x: int, /) -> None: ...
 def setupterm(term: str | None = None, fd: int = -1) -> None: ...
 def start_color() -> None: ...
@@ -374,7 +378,7 @@ def use_env(flag: bool, /) -> None: ...
 class error(Exception): ...

@final
-class window:  # undocumented
+class _CursesWindow:
    encoding: str
    @overload
    def addch(self, ch: _ChType, attr: int = ...) -> None: ...
@@ -427,9 +431,9 @@ class window:  # undocumented
    def delch(self, y: int, x: int) -> None: ...
    def deleteln(self) -> None: ...
    @overload
-    def derwin(self, begin_y: int, begin_x: int) -> window: ...
+    def derwin(self, begin_y: int, begin_x: int) -> _CursesWindow: ...
    @overload
-    def derwin(self, nlines: int, ncols: int, begin_y: int, begin_x: int) -> window: ...
+    def derwin(self, nlines: int, ncols: int, begin_y: int, begin_x: int) -> _CursesWindow: ...
    def echochar(self, ch: _ChType, attr: int = ..., /) -> None: ...
    def enclose(self, y: int, x: int, /) -> bool: ...
    def erase(self) -> None: ...
@@ -489,7 +493,7 @@ class window:  # undocumented
    def instr(self, y: int, x: int, n: int = ...) -> bytes: ...
    def is_linetouched(self, line: int, /) -> bool: ...
    def is_wintouched(self) -> bool: ...
-    def keypad(self, yes: bool, /) -> None: ...
+    def keypad(self, yes: bool) -> None: ...
    def leaveok(self, yes: bool) -> None: ...
    def move(self, new_y: int, new_x: int) -> None: ...
    def mvderwin(self, y: int, x: int) -> None: ...
@@ -501,18 +505,18 @@ class window:  # undocumented
    @overload
    def noutrefresh(self, pminrow: int, pmincol: int, sminrow: int, smincol: int, smaxrow: int, smaxcol: int) -> None: ...
    @overload
-    def overlay(self, destwin: window) -> None: ...
+    def overlay(self, destwin: _CursesWindow) -> None: ...
    @overload
    def overlay(
-        self, destwin: window, sminrow: int, smincol: int, dminrow: int, dmincol: int, dmaxrow: int, dmaxcol: int
+        self, destwin: _CursesWindow, sminrow: int, smincol: int, dminrow: int, dmincol: int, dmaxrow: int, dmaxcol: int
    ) -> None: ...
    @overload
-    def overwrite(self, destwin: window) -> None: ...
+    def overwrite(self, destwin: _CursesWindow) -> None: ...
    @overload
    def overwrite(
-        self, destwin: window, sminrow: int, smincol: int, dminrow: int, dmincol: int, dmaxrow: int, dmaxcol: int
+        self, destwin: _CursesWindow, sminrow: int, smincol: int, dminrow: int, dmincol: int, dmaxrow: int, dmaxcol: int
    ) -> None: ...
-    def putwin(self, file: SupportsWrite[bytes], /) -> None: ...
+    def putwin(self, file: IO[Any], /) -> None: ...
    def redrawln(self, beg: int, num: int, /) -> None: ...
    def redrawwin(self) -> None: ...
    @overload
@@ -526,13 +530,13 @@ class window:  # undocumented
    def standend(self) -> None: ...
    def standout(self) -> None: ...
    @overload
-    def subpad(self, begin_y: int, begin_x: int) -> window: ...
+    def subpad(self, begin_y: int, begin_x: int) -> _CursesWindow: ...
    @overload
-    def subpad(self, nlines: int, ncols: int, begin_y: int, begin_x: int) -> window: ...
+    def subpad(self, nlines: int, ncols: int, begin_y: int, begin_x: int) -> _CursesWindow: ...
    @overload
-    def subwin(self, begin_y: int, begin_x: int) -> window: ...
+    def subwin(self, begin_y: int, begin_x: int) -> _CursesWindow: ...
    @overload
-    def subwin(self, nlines: int, ncols: int, begin_y: int, begin_x: int) -> window: ...
+    def subwin(self, nlines: int, ncols: int, begin_y: int, begin_x: int) -> _CursesWindow: ...
    def syncdown(self) -> None: ...
    def syncok(self, flag: bool) -> None: ...
    def syncup(self) -> None: ...
@@ -545,4 +549,10 @@ class window:  # undocumented
    @overload
    def vline(self, y: int, x: int, ch: _ChType, n: int) -> None: ...

+class _ncurses_version(NamedTuple):
+    major: int
+    minor: int
+    patch: int
+
 ncurses_version: _ncurses_version
+window = _CursesWindow  # undocumented
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_decimal.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_decimal.pyi
@@ -1,58 +1,37 @@
 import numbers
 import sys
-from _decimal import (
-    HAVE_CONTEXTVAR as HAVE_CONTEXTVAR,
-    HAVE_THREADS as HAVE_THREADS,
-    MAX_EMAX as MAX_EMAX,
-    MAX_PREC as MAX_PREC,
-    MIN_EMIN as MIN_EMIN,
-    MIN_ETINY as MIN_ETINY,
-    ROUND_05UP as ROUND_05UP,
-    ROUND_CEILING as ROUND_CEILING,
-    ROUND_DOWN as ROUND_DOWN,
-    ROUND_FLOOR as ROUND_FLOOR,
-    ROUND_HALF_DOWN as ROUND_HALF_DOWN,
-    ROUND_HALF_EVEN as ROUND_HALF_EVEN,
-    ROUND_HALF_UP as ROUND_HALF_UP,
-    ROUND_UP as ROUND_UP,
-    BasicContext as BasicContext,
-    DefaultContext as DefaultContext,
-    ExtendedContext as ExtendedContext,
-    __libmpdec_version__ as __libmpdec_version__,
-    __version__ as __version__,
-    getcontext as getcontext,
-    localcontext as localcontext,
-    setcontext as setcontext,
-)
 from collections.abc import Container, Sequence
 from types import TracebackType
-from typing import Any, ClassVar, Literal, NamedTuple, final, overload, type_check_only
+from typing import Any, ClassVar, Final, Literal, NamedTuple, overload
 from typing_extensions import Self, TypeAlias

-if sys.version_info >= (3, 14):
-    from _decimal import IEEE_CONTEXT_MAX_BITS as IEEE_CONTEXT_MAX_BITS, IEEEContext as IEEEContext
-
 _Decimal: TypeAlias = Decimal | int
 _DecimalNew: TypeAlias = Decimal | float | str | tuple[int, Sequence[int], int]
 _ComparableNum: TypeAlias = Decimal | float | numbers.Rational
-_TrapType: TypeAlias = type[DecimalException]

-# At runtime, these classes are implemented in C as part of "_decimal".
-# However, they consider themselves to live in "decimal", so we'll put them here.
-
-# This type isn't exposed at runtime. It calls itself decimal.ContextManager
-@final
-@type_check_only
-class _ContextManager:
-    def __init__(self, new_context: Context) -> None: ...
-    def __enter__(self) -> Context: ...
-    def __exit__(self, t: type[BaseException] | None, v: BaseException | None, tb: TracebackType | None) -> None: ...
+__version__: Final[str]
+__libmpdec_version__: Final[str]

 class DecimalTuple(NamedTuple):
    sign: int
    digits: tuple[int, ...]
    exponent: int | Literal["n", "N", "F"]

+ROUND_DOWN: Final[str]
+ROUND_HALF_UP: Final[str]
+ROUND_HALF_EVEN: Final[str]
+ROUND_CEILING: Final[str]
+ROUND_FLOOR: Final[str]
+ROUND_UP: Final[str]
+ROUND_HALF_DOWN: Final[str]
+ROUND_05UP: Final[str]
+HAVE_CONTEXTVAR: Final[bool]
+HAVE_THREADS: Final[bool]
+MAX_EMAX: Final[int]
+MAX_PREC: Final[int]
+MIN_EMIN: Final[int]
+MIN_ETINY: Final[int]
+
 class DecimalException(ArithmeticError): ...
 class Clamped(DecimalException): ...
 class InvalidOperation(DecimalException): ...
@@ -68,12 +47,28 @@ class Overflow(Inexact, Rounded): ...
 class Underflow(Inexact, Rounded, Subnormal): ...
 class FloatOperation(DecimalException, TypeError): ...

-class Decimal:
-    def __new__(cls, value: _DecimalNew = "0", context: Context | None = None) -> Self: ...
-    if sys.version_info >= (3, 14):
-        @classmethod
-        def from_number(cls, number: Decimal | float, /) -> Self: ...
+def setcontext(context: Context, /) -> None: ...
+def getcontext() -> Context: ...

+if sys.version_info >= (3, 11):
+    def localcontext(
+        ctx: Context | None = None,
+        *,
+        prec: int | None = ...,
+        rounding: str | None = ...,
+        Emin: int | None = ...,
+        Emax: int | None = ...,
+        capitals: int | None = ...,
+        clamp: int | None = ...,
+        traps: dict[_TrapType, bool] | None = ...,
+        flags: dict[_TrapType, bool] | None = ...,
+    ) -> _ContextManager: ...
+
+else:
+    def localcontext(ctx: Context | None = None) -> _ContextManager: ...
+
+class Decimal:
+    def __new__(cls, value: _DecimalNew = ..., context: Context | None = ...) -> Self: ...
    @classmethod
    def from_float(cls, f: float, /) -> Self: ...
    def __bool__(self) -> bool: ...
@@ -171,12 +166,21 @@ class Decimal:
    def __reduce__(self) -> tuple[type[Self], tuple[str]]: ...
    def __copy__(self) -> Self: ...
    def __deepcopy__(self, memo: Any, /) -> Self: ...
-    def __format__(self, specifier: str, context: Context | None = None, /) -> str: ...
+    def __format__(self, specifier: str, context: Context | None = ..., /) -> str: ...
+
+class _ContextManager:
+    new_context: Context
+    saved_context: Context
+    def __init__(self, new_context: Context) -> None: ...
+    def __enter__(self) -> Context: ...
+    def __exit__(self, t: type[BaseException] | None, v: BaseException | None, tb: TracebackType | None) -> None: ...
+
+_TrapType: TypeAlias = type[DecimalException]

 class Context:
    # TODO: Context doesn't allow you to delete *any* attributes from instances of the class at runtime,
    # even settable attributes like `prec` and `rounding`,
-    # but that's inexpressible in the stub.
+    # but that's inexpressable in the stub.
    # Type checkers either ignore it or misinterpret it
    # if you add a `def __delattr__(self, name: str, /) -> NoReturn` method to the stub
    prec: int
@@ -189,14 +193,15 @@ class Context:
    flags: dict[_TrapType, bool]
    def __init__(
        self,
-        prec: int | None = None,
-        rounding: str | None = None,
-        Emin: int | None = None,
-        Emax: int | None = None,
-        capitals: int | None = None,
-        clamp: int | None = None,
-        flags: dict[_TrapType, bool] | Container[_TrapType] | None = None,
-        traps: dict[_TrapType, bool] | Container[_TrapType] | None = None,
+        prec: int | None = ...,
+        rounding: str | None = ...,
+        Emin: int | None = ...,
+        Emax: int | None = ...,
+        capitals: int | None = ...,
+        clamp: int | None = ...,
+        flags: None | dict[_TrapType, bool] | Container[_TrapType] = ...,
+        traps: None | dict[_TrapType, bool] | Container[_TrapType] = ...,
+        _ignored_flags: list[_TrapType] | None = ...,
    ) -> None: ...
    def __reduce__(self) -> tuple[type[Self], tuple[Any, ...]]: ...
    def clear_flags(self) -> None: ...
@@ -270,3 +275,7 @@ class Context:
    def to_integral_exact(self, x: _Decimal, /) -> Decimal: ...
    def to_integral_value(self, x: _Decimal, /) -> Decimal: ...
    def to_integral(self, x: _Decimal, /) -> Decimal: ...
+
+DefaultContext: Context
+BasicContext: Context
+ExtendedContext: Context
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_dummy_thread.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_dummy_thread.pyi
@@ -0,0 +1,33 @@
+from collections.abc import Callable
+from types import TracebackType
+from typing import Any, NoReturn, overload
+from typing_extensions import TypeVarTuple, Unpack
+
+__all__ = ["error", "start_new_thread", "exit", "get_ident", "allocate_lock", "interrupt_main", "LockType", "RLock"]
+
+_Ts = TypeVarTuple("_Ts")
+
+TIMEOUT_MAX: int
+error = RuntimeError
+
+@overload
+def start_new_thread(function: Callable[[Unpack[_Ts]], object], args: tuple[Unpack[_Ts]]) -> None: ...
+@overload
+def start_new_thread(function: Callable[..., object], args: tuple[Any, ...], kwargs: dict[str, Any]) -> None: ...
+def exit() -> NoReturn: ...
+def get_ident() -> int: ...
+def allocate_lock() -> LockType: ...
+def stack_size(size: int | None = None) -> int: ...
+
+class LockType:
+    locked_status: bool
+    def acquire(self, waitflag: bool | None = None, timeout: int = -1) -> bool: ...
+    def __enter__(self, waitflag: bool | None = None, timeout: int = -1) -> bool: ...
+    def __exit__(self, typ: type[BaseException] | None, val: BaseException | None, tb: TracebackType | None) -> None: ...
+    def release(self) -> bool: ...
+    def locked(self) -> bool: ...
+
+class RLock(LockType):
+    def release(self) -> None: ...  # type: ignore[override]
+
+def interrupt_main() -> None: ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_dummy_threading.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_dummy_threading.pyi
@@ -0,0 +1,164 @@
+import sys
+from _thread import _excepthook, _ExceptHookArgs
+from _typeshed import ProfileFunction, TraceFunction
+from collections.abc import Callable, Iterable, Mapping
+from types import TracebackType
+from typing import Any, TypeVar
+
+_T = TypeVar("_T")
+
+__all__ = [
+    "get_ident",
+    "active_count",
+    "Condition",
+    "current_thread",
+    "enumerate",
+    "main_thread",
+    "TIMEOUT_MAX",
+    "Event",
+    "Lock",
+    "RLock",
+    "Semaphore",
+    "BoundedSemaphore",
+    "Thread",
+    "Barrier",
+    "BrokenBarrierError",
+    "Timer",
+    "ThreadError",
+    "setprofile",
+    "settrace",
+    "local",
+    "stack_size",
+    "ExceptHookArgs",
+    "excepthook",
+]
+
+def active_count() -> int: ...
+def current_thread() -> Thread: ...
+def currentThread() -> Thread: ...
+def get_ident() -> int: ...
+def enumerate() -> list[Thread]: ...
+def main_thread() -> Thread: ...
+def settrace(func: TraceFunction) -> None: ...
+def setprofile(func: ProfileFunction | None) -> None: ...
+def stack_size(size: int | None = None) -> int: ...
+
+TIMEOUT_MAX: float
+
+class ThreadError(Exception): ...
+
+class local:
+    def __getattribute__(self, name: str) -> Any: ...
+    def __setattr__(self, name: str, value: Any) -> None: ...
+    def __delattr__(self, name: str) -> None: ...
+
+class Thread:
+    name: str
+    daemon: bool
+    @property
+    def ident(self) -> int | None: ...
+    def __init__(
+        self,
+        group: None = None,
+        target: Callable[..., object] | None = None,
+        name: str | None = None,
+        args: Iterable[Any] = (),
+        kwargs: Mapping[str, Any] | None = None,
+        *,
+        daemon: bool | None = None,
+    ) -> None: ...
+    def start(self) -> None: ...
+    def run(self) -> None: ...
+    def join(self, timeout: float | None = None) -> None: ...
+    def getName(self) -> str: ...
+    def setName(self, name: str) -> None: ...
+    @property
+    def native_id(self) -> int | None: ...  # only available on some platforms
+    def is_alive(self) -> bool: ...
+    if sys.version_info < (3, 9):
+        def isAlive(self) -> bool: ...
+
+    def isDaemon(self) -> bool: ...
+    def setDaemon(self, daemonic: bool) -> None: ...
+
+class _DummyThread(Thread): ...
+
+class Lock:
+    def __enter__(self) -> bool: ...
+    def __exit__(
+        self, exc_type: type[BaseException] | None, exc_val: BaseException | None, exc_tb: TracebackType | None
+    ) -> bool | None: ...
+    def acquire(self, blocking: bool = ..., timeout: float = ...) -> bool: ...
+    def release(self) -> None: ...
+    def locked(self) -> bool: ...
+
+class _RLock:
+    def __enter__(self) -> bool: ...
+    def __exit__(
+        self, exc_type: type[BaseException] | None, exc_val: BaseException | None, exc_tb: TracebackType | None
+    ) -> bool | None: ...
+    def acquire(self, blocking: bool = True, timeout: float = -1) -> bool: ...
+    def release(self) -> None: ...
+
+RLock = _RLock
+
+class Condition:
+    def __init__(self, lock: Lock | _RLock | None = None) -> None: ...
+    def __enter__(self) -> bool: ...
+    def __exit__(
+        self, exc_type: type[BaseException] | None, exc_val: BaseException | None, exc_tb: TracebackType | None
+    ) -> bool | None: ...
+    def acquire(self, blocking: bool = ..., timeout: float = ...) -> bool: ...
+    def release(self) -> None: ...
+    def wait(self, timeout: float | None = None) -> bool: ...
+    def wait_for(self, predicate: Callable[[], _T], timeout: float | None = None) -> _T: ...
+    def notify(self, n: int = 1) -> None: ...
+    def notify_all(self) -> None: ...
+    def notifyAll(self) -> None: ...
+
+class Semaphore:
+    def __init__(self, value: int = 1) -> None: ...
+    def __exit__(
+        self, exc_type: type[BaseException] | None, exc_val: BaseException | None, exc_tb: TracebackType | None
+    ) -> bool | None: ...
+    def acquire(self, blocking: bool = True, timeout: float | None = None) -> bool: ...
+    def __enter__(self, blocking: bool = True, timeout: float | None = None) -> bool: ...
+    if sys.version_info >= (3, 9):
+        def release(self, n: int = ...) -> None: ...
+    else:
+        def release(self) -> None: ...
+
+class BoundedSemaphore(Semaphore): ...
+
+class Event:
+    def is_set(self) -> bool: ...
+    def set(self) -> None: ...
+    def clear(self) -> None: ...
+    def wait(self, timeout: float | None = None) -> bool: ...
+
+excepthook = _excepthook
+ExceptHookArgs = _ExceptHookArgs
+
+class Timer(Thread):
+    def __init__(
+        self,
+        interval: float,
+        function: Callable[..., object],
+        args: Iterable[Any] | None = None,
+        kwargs: Mapping[str, Any] | None = None,
+    ) -> None: ...
+    def cancel(self) -> None: ...
+
+class Barrier:
+    @property
+    def parties(self) -> int: ...
+    @property
+    def n_waiting(self) -> int: ...
+    @property
+    def broken(self) -> bool: ...
+    def __init__(self, parties: int, action: Callable[[], None] | None = None, timeout: float | None = None) -> None: ...
+    def wait(self, timeout: float | None = None) -> int: ...
+    def reset(self) -> None: ...
+    def abort(self) -> None: ...
+
+class BrokenBarrierError(RuntimeError): ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_heapq.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_heapq.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_imp.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_imp.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_interpchannels.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_interpchannels.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_interpqueues.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_interpqueues.pyi
@@ -0,0 +1,16 @@
+from typing import Any, SupportsIndex
+
+class QueueError(RuntimeError): ...
+class QueueNotFoundError(QueueError): ...
+
+def bind(qid: SupportsIndex) -> None: ...
+def create(maxsize: SupportsIndex, fmt: SupportsIndex) -> int: ...
+def destroy(qid: SupportsIndex) -> None: ...
+def get(qid: SupportsIndex) -> tuple[Any, int]: ...
+def get_count(qid: SupportsIndex) -> int: ...
+def get_maxsize(qid: SupportsIndex) -> int: ...
+def get_queue_defaults(qid: SupportsIndex) -> tuple[int]: ...
+def is_full(qid: SupportsIndex) -> bool: ...
+def list_all() -> list[tuple[int, int]]: ...
+def put(qid: SupportsIndex, obj: Any, fmt: SupportsIndex) -> None: ...
+def release(qid: SupportsIndex) -> None: ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_interpreters.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_interpreters.pyi
@@ -7,7 +7,7 @@ _Configs: TypeAlias = Literal["default", "isolated", "legacy", "empty", ""]

 class InterpreterError(Exception): ...
 class InterpreterNotFoundError(InterpreterError): ...
-class NotShareableError(ValueError): ...
+class NotShareableError(Exception): ...

 class CrossInterpreterBufferView:
    def __buffer__(self, flags: int, /) -> memoryview: ...
@@ -21,9 +21,7 @@ def get_main() -> tuple[int, int]: ...
 def is_running(id: SupportsIndex, *, restrict: bool = False) -> bool: ...
 def get_config(id: SupportsIndex, *, restrict: bool = False) -> types.SimpleNamespace: ...
 def whence(id: SupportsIndex) -> int: ...
-def exec(
-    id: SupportsIndex, code: str | types.CodeType | Callable[[], object], shared: bool | None = None, *, restrict: bool = False
-) -> None | types.SimpleNamespace: ...
+def exec(id: SupportsIndex, code: str, shared: bool | None = None, *, restrict: bool = False) -> None: ...
 def call(
    id: SupportsIndex,
    callable: Callable[..., object],
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_json.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_json.pyi
@@ -1,6 +1,5 @@
 from collections.abc import Callable
 from typing import Any, final
-from typing_extensions import Self

@final
 class make_encoder:
@@ -20,8 +19,8 @@ class make_encoder:
    def encoder(self) -> Callable[[str], str]: ...
    @property
    def item_separator(self) -> str: ...
-    def __new__(
-        cls,
+    def __init__(
+        self,
        markers: dict[int, Any] | None,
        default: Callable[[Any], Any],
        encoder: Callable[[str], str],
@@ -31,7 +30,7 @@ class make_encoder:
        sort_keys: bool,
        skipkeys: bool,
        allow_nan: bool,
-    ) -> Self: ...
+    ) -> None: ...
    def __call__(self, obj: object, _current_indent_level: int) -> Any: ...

@final
@@ -43,9 +42,8 @@ class make_scanner:
    parse_float: Any
    strict: bool
    # TODO: 'context' needs the attrs above (ducktype), but not __call__.
-    def __new__(cls, context: make_scanner) -> Self: ...
+    def __init__(self, context: make_scanner) -> None: ...
    def __call__(self, string: str, index: int) -> tuple[Any, int]: ...

-def encode_basestring(s: str, /) -> str: ...
 def encode_basestring_ascii(s: str, /) -> str: ...
 def scanstring(string: str, end: int, strict: bool = ...) -> tuple[str, int]: ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_locale.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_locale.pyi
@@ -0,0 +1,100 @@
+import sys
+from _typeshed import StrPath
+from collections.abc import Mapping
+
+LC_CTYPE: int
+LC_COLLATE: int
+LC_TIME: int
+LC_MONETARY: int
+LC_NUMERIC: int
+LC_ALL: int
+CHAR_MAX: int
+
+def setlocale(category: int, locale: str | None = None, /) -> str: ...
+def localeconv() -> Mapping[str, int | str | list[int]]: ...
+
+if sys.version_info >= (3, 11):
+    def getencoding() -> str: ...
+
+def strcoll(os1: str, os2: str, /) -> int: ...
+def strxfrm(string: str, /) -> str: ...
+
+# native gettext functions
+# https://docs.python.org/3/library/locale.html#access-to-message-catalogs
+# https://github.com/python/cpython/blob/f4c03484da59049eb62a9bf7777b963e2267d187/Modules/_localemodule.c#L626
+if sys.platform != "win32":
+    LC_MESSAGES: int
+
+    ABDAY_1: int
+    ABDAY_2: int
+    ABDAY_3: int
+    ABDAY_4: int
+    ABDAY_5: int
+    ABDAY_6: int
+    ABDAY_7: int
+
+    ABMON_1: int
+    ABMON_2: int
+    ABMON_3: int
+    ABMON_4: int
+    ABMON_5: int
+    ABMON_6: int
+    ABMON_7: int
+    ABMON_8: int
+    ABMON_9: int
+    ABMON_10: int
+    ABMON_11: int
+    ABMON_12: int
+
+    DAY_1: int
+    DAY_2: int
+    DAY_3: int
+    DAY_4: int
+    DAY_5: int
+    DAY_6: int
+    DAY_7: int
+
+    ERA: int
+    ERA_D_T_FMT: int
+    ERA_D_FMT: int
+    ERA_T_FMT: int
+
+    MON_1: int
+    MON_2: int
+    MON_3: int
+    MON_4: int
+    MON_5: int
+    MON_6: int
+    MON_7: int
+    MON_8: int
+    MON_9: int
+    MON_10: int
+    MON_11: int
+    MON_12: int
+
+    CODESET: int
+    D_T_FMT: int
+    D_FMT: int
+    T_FMT: int
+    T_FMT_AMPM: int
+    AM_STR: int
+    PM_STR: int
+
+    RADIXCHAR: int
+    THOUSEP: int
+    YESEXPR: int
+    NOEXPR: int
+    CRNCYSTR: int
+    ALT_DIGITS: int
+
+    def nl_langinfo(key: int, /) -> str: ...
+
+    # This is dependent on `libintl.h` which is a part of `gettext`
+    # system dependency. These functions might be missing.
+    # But, we always say that they are present.
+    def gettext(msg: str, /) -> str: ...
+    def dgettext(domain: str | None, msg: str, /) -> str: ...
+    def dcgettext(domain: str | None, msg: str, category: int, /) -> str: ...
+    def textdomain(domain: str | None, /) -> str: ...
+    def bindtextdomain(domain: str, dir: StrPath | None, /) -> str: ...
+    def bind_textdomain_codeset(domain: str, codeset: str | None, /) -> str | None: ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_lsprof.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_lsprof.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_markupbase.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_markupbase.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_msi.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_msi.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_operator.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_operator.pyi
@@ -1,16 +1,18 @@
 import sys
 from _typeshed import SupportsGetItem
 from collections.abc import Callable, Container, Iterable, MutableMapping, MutableSequence, Sequence
-from operator import attrgetter as attrgetter, itemgetter as itemgetter, methodcaller as methodcaller
-from typing import Any, AnyStr, Protocol, SupportsAbs, SupportsIndex, TypeVar, overload
-from typing_extensions import ParamSpec, TypeAlias, TypeIs
+from typing import Any, AnyStr, Generic, Protocol, SupportsAbs, SupportsIndex, TypeVar, final, overload
+from typing_extensions import ParamSpec, TypeAlias, TypeVarTuple, Unpack

 _R = TypeVar("_R")
 _T = TypeVar("_T")
 _T_co = TypeVar("_T_co", covariant=True)
+_T1 = TypeVar("_T1")
+_T2 = TypeVar("_T2")
 _K = TypeVar("_K")
 _V = TypeVar("_V")
 _P = ParamSpec("_P")
+_Ts = TypeVarTuple("_Ts")

 # The following protocols return "Any" instead of bool, since the comparison
 # operators can be overloaded to return an arbitrary object. For example,
@@ -90,6 +92,40 @@ def setitem(a: MutableSequence[_T], b: slice, c: Sequence[_T], /) -> None: ...
@overload
 def setitem(a: MutableMapping[_K, _V], b: _K, c: _V, /) -> None: ...
 def length_hint(obj: object, default: int = 0, /) -> int: ...
+@final
+class attrgetter(Generic[_T_co]):
+    @overload
+    def __new__(cls, attr: str, /) -> attrgetter[Any]: ...
+    @overload
+    def __new__(cls, attr: str, attr2: str, /) -> attrgetter[tuple[Any, Any]]: ...
+    @overload
+    def __new__(cls, attr: str, attr2: str, attr3: str, /) -> attrgetter[tuple[Any, Any, Any]]: ...
+    @overload
+    def __new__(cls, attr: str, attr2: str, attr3: str, attr4: str, /) -> attrgetter[tuple[Any, Any, Any, Any]]: ...
+    @overload
+    def __new__(cls, attr: str, /, *attrs: str) -> attrgetter[tuple[Any, ...]]: ...
+    def __call__(self, obj: Any, /) -> _T_co: ...
+
+@final
+class itemgetter(Generic[_T_co]):
+    @overload
+    def __new__(cls, item: _T, /) -> itemgetter[_T]: ...
+    @overload
+    def __new__(cls, item1: _T1, item2: _T2, /, *items: Unpack[_Ts]) -> itemgetter[tuple[_T1, _T2, Unpack[_Ts]]]: ...
+    # __key: _KT_contra in SupportsGetItem seems to be causing variance issues, ie:
+    # TypeVar "_KT_contra@SupportsGetItem" is contravariant
+    #   "tuple[int, int]" is incompatible with protocol "SupportsIndex"
+    # preventing [_T_co, ...] instead of [Any, ...]
+    #
+    # A suspected mypy issue prevents using [..., _T] instead of [..., Any] here.
+    # https://github.com/python/mypy/issues/14032
+    def __call__(self, obj: SupportsGetItem[Any, Any]) -> Any: ...
+
+@final
+class methodcaller:
+    def __init__(self, name: str, /, *args: Any, **kwargs: Any) -> None: ...
+    def __call__(self, obj: Any) -> Any: ...
+
 def iadd(a: Any, b: Any, /) -> Any: ...
 def iand(a: Any, b: Any, /) -> Any: ...
 def iconcat(a: Any, b: Any, /) -> Any: ...
@@ -109,7 +145,3 @@ if sys.version_info >= (3, 11):
    def call(obj: Callable[_P, _R], /, *args: _P.args, **kwargs: _P.kwargs) -> _R: ...

 def _compare_digest(a: AnyStr, b: AnyStr, /) -> bool: ...
-
-if sys.version_info >= (3, 14):
-    def is_none(a: object, /) -> TypeIs[None]: ...
-    def is_not_none(a: _T | None, /) -> TypeIs[_T]: ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_osx_support.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_osx_support.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_posixsubprocess.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_posixsubprocess.pyi
@@ -4,6 +4,7 @@ from collections.abc import Callable, Sequence
 from typing import SupportsIndex

 if sys.platform != "win32":
+    def cloexec_pipe() -> tuple[int, int]: ...
    def fork_exec(
        args: Sequence[StrOrBytesPath] | None,
        executable_list: Sequence[bytes],
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_py_abc.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_py_abc.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_pydecimal.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_pydecimal.pyi
@@ -1,6 +1,5 @@
 # This is a slight lie, the implementations aren't exactly identical
 # However, in all likelihood, the differences are inconsequential
-import sys
 from _decimal import *

 __all__ = [
@@ -42,6 +41,3 @@ __all__ = [
    "HAVE_THREADS",
    "HAVE_CONTEXTVAR",
 ]
-
-if sys.version_info >= (3, 14):
-    __all__ += ["IEEEContext", "IEEE_CONTEXT_MAX_BITS"]
--- a/Show More
+++ b/Show More