[red-knot] Explicitly test that no duplicate editable search paths are ever added

2024-07-19 14:30:08 +01:00
7163 changed files with 113759 additions and 423660 deletions
--- a/.cargo/config.toml
+++ b/.cargo/config.toml
@@ -8,7 +8,3 @@ benchmark = "bench -p ruff_benchmark --bench linter --bench formatter --"
 # See: https://github.com/astral-sh/ruff/issues/11503
 [target.'cfg(all(target_env="msvc", target_os = "windows"))']
 rustflags = ["-C", "target-feature=+crt-static"]
-
-[target.'wasm32-unknown-unknown']
-# See https://docs.rs/getrandom/latest/getrandom/#webassembly-support
-rustflags = ["--cfg", 'getrandom_backend="wasm_js"']
--- a/.config/nextest.toml
+++ b/.config/nextest.toml
@@ -6,10 +6,3 @@ failure-output = "immediate-final"
 fail-fast = false

 status-level = "skip"
-
-# Mark tests that take longer than 1s as slow.
-# Terminate after 60s as a stop-gap measure to terminate on deadlock.
-slow-timeout =  { period = "1s", terminate-after = 60 }
-
-# Show slow jobs in the final summary
-final-status-level = "slow"
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -20,7 +20,7 @@
 			"extensions": [
 				"ms-python.python",
 				"rust-lang.rust-analyzer",
-				"fill-labs.dependi",
+				"serayuzgur.crates",
 				"tamasfe.even-better-toml",
 				"Swellaby.vscode-rust-test-adapter",
 				"charliermarsh.ruff"
--- a/.editorconfig
+++ b/.editorconfig
@@ -17,7 +17,4 @@ indent_size = 4
 trim_trailing_whitespace = false

 [*.md]
-max_line_length = 100
-
-[*.toml]
-indent_size = 4
+max_line_length = 100
--- a/.gitattributes
+++ b/.gitattributes
@@ -12,16 +12,7 @@ crates/ruff_python_parser/resources/invalid/re_lexing/line_continuation_windows_
 crates/ruff_python_parser/resources/invalid/re_lex_logical_token_windows_eol.py text eol=crlf
 crates/ruff_python_parser/resources/invalid/re_lex_logical_token_mac_eol.py text eol=cr

-crates/ruff_linter/resources/test/fixtures/ruff/RUF046_CR.py text eol=cr
-crates/ruff_linter/resources/test/fixtures/ruff/RUF046_LF.py text eol=lf
-
-crates/ruff_linter/resources/test/fixtures/pyupgrade/UP018_CR.py text eol=cr
-crates/ruff_linter/resources/test/fixtures/pyupgrade/UP018_LF.py text eol=lf
-
 crates/ruff_python_parser/resources/inline linguist-generated=true

-ruff.schema.json -diff linguist-generated=true text=auto eol=lf
-ty.schema.json -diff linguist-generated=true text=auto eol=lf
-crates/ruff_python_ast/src/generated.rs -diff linguist-generated=true text=auto eol=lf
-crates/ruff_python_formatter/src/generated.rs -diff linguist-generated=true text=auto eol=lf
+ruff.schema.json linguist-generated=true text=auto eol=lf
 *.md.snap linguist-language=Markdown
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -9,16 +9,13 @@
 /crates/ruff_formatter/ @MichaReiser
 /crates/ruff_python_formatter/ @MichaReiser
 /crates/ruff_python_parser/ @MichaReiser @dhruvmanila
-/crates/ruff_annotate_snippets/ @BurntSushi

 # flake8-pyi
 /crates/ruff_linter/src/rules/flake8_pyi/ @AlexWaygood

-# Script for fuzzing the parser/ty etc.
-/python/py-fuzzer/ @AlexWaygood
+# Script for fuzzing the parser
+/scripts/fuzz-parser/ @AlexWaygood

-# ty
-/crates/ty* @carljm @MichaReiser @AlexWaygood @sharkdp @dcreager
-/crates/ruff_db/ @carljm @MichaReiser @AlexWaygood @sharkdp @dcreager
-/scripts/ty_benchmark/ @carljm @MichaReiser @AlexWaygood @sharkdp @dcreager
-/crates/ty_python_semantic @carljm @AlexWaygood @sharkdp @dcreager
+# red-knot
+/crates/red_knot* @carljm @MichaReiser @AlexWaygood
+/crates/ruff_db/ @carljm @MichaReiser @AlexWaygood
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,12 @@
+<!--
+Thank you for taking the time to report an issue! We're glad to have you involved with Ruff.
+
+If you're filing a bug report, please consider including the following information:
+
+* List of keywords you searched for before creating this issue. Write them down here so that others can find this issue more easily and help provide feedback.
+  e.g. "RUF001", "unused variable", "Jupyter notebook"
+* A minimal code snippet that reproduces the bug.
+* The command you invoked (e.g., `ruff /path/to/file.py --fix`), ideally including the `--isolated` flag.
+* The current Ruff settings (any relevant sections from your `pyproject.toml`).
+* The current Ruff version (`ruff --version`).
+-->
--- a/.github/ISSUE_TEMPLATE/1_bug_report.yaml
+++ b/.github/ISSUE_TEMPLATE/1_bug_report.yaml
@@ -1,31 +0,0 @@
-name: Bug report
-description: Report an error or unexpected behavior
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Thank you for taking the time to report an issue! We're glad to have you involved with Ruff.
-
-        **Before reporting, please make sure to search through [existing issues](https://github.com/astral-sh/ruff/issues?q=is:issue+is:open+label:bug) (including [closed](https://github.com/astral-sh/ruff/issues?q=is:issue%20state:closed%20label:bug)).**
-
-  - type: textarea
-    attributes:
-      label: Summary
-      description: |
-        A clear and concise description of the bug, including a minimal reproducible example.
-
-        Be sure to include the command you invoked (e.g., `ruff check /path/to/file.py --fix`), ideally including the `--isolated` flag and
-        the current Ruff settings (e.g., relevant sections from your `pyproject.toml`).
-
-        If possible, try to include the [playground](https://play.ruff.rs) link that reproduces this issue.
-
-    validations:
-      required: true
-
-  - type: input
-    attributes:
-      label: Version
-      description: What version of ruff are you using? (see `ruff version`)
-      placeholder: e.g., ruff 0.9.3 (90589372d 2025-01-23)
-    validations:
-      required: false
--- a/.github/ISSUE_TEMPLATE/2_rule_request.yaml
+++ b/.github/ISSUE_TEMPLATE/2_rule_request.yaml
@@ -1,10 +0,0 @@
-name: Rule request
-description: Anything related to lint rules (proposing new rules, changes to existing rules, auto-fixes, etc.)
-body:
-  - type: textarea
-    attributes:
-      label: Summary
-      description: |
-        A clear and concise description of the relevant request. If applicable, please describe the current behavior as well.
-    validations:
-      required: true
--- a/.github/ISSUE_TEMPLATE/3_question.yaml
+++ b/.github/ISSUE_TEMPLATE/3_question.yaml
@@ -1,18 +0,0 @@
-name: Question
-description: Ask a question about Ruff
-labels: ["question"]
-body:
-  - type: textarea
-    attributes:
-      label: Question
-      description: Describe your question in detail.
-    validations:
-      required: true
-
-  - type: input
-    attributes:
-      label: Version
-      description: What version of ruff are you using? (see `ruff version`)
-      placeholder: e.g., ruff 0.9.3 (90589372d 2025-01-23)
-    validations:
-      required: false
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,11 +0,0 @@
-blank_issues_enabled: true
-contact_links:
-  - name: Report an issue with ty
-    url: https://github.com/astral-sh/ty/issues/new/choose
-    about: Please report issues for our type checker ty in the ty repository.
-  - name: Documentation
-    url: https://docs.astral.sh/ruff
-    about: Please consult the documentation before creating an issue.
-  - name: Community
-    url: https://discord.com/invite/astral-sh
-    about: Join our Discord community to ask questions and collaborate.
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,9 +1,8 @@
 <!--
-Thank you for contributing to Ruff/ty! To help us out with reviewing, please consider the following:
+Thank you for contributing to Ruff! To help us out with reviewing, please consider the following:

 - Does this pull request include a summary of the change? (See below.)
- Does this pull request include a descriptive title? (Please prefix with `[ty]` for ty pull
-  requests.)
+- Does this pull request include a descriptive title?
 - Does this pull request include references to any relevant issues?
 -->

--- a/.github/actionlint.yaml
+++ b/.github/actionlint.yaml
@@ -1,11 +0,0 @@
-# Configuration for the actionlint tool, which we run via pre-commit
-# to verify the correctness of the syntax in our GitHub Actions workflows.
-
-self-hosted-runner:
-  # Various runners we use that aren't recognized out-of-the-box by actionlint:
-  labels:
-    - depot-ubuntu-latest-8
-    - depot-ubuntu-22.04-16
-    - depot-ubuntu-22.04-32
-    - github-windows-2025-x86_64-8
-    - github-windows-2025-x86_64-16
--- a/.github/mypy-primer-ty.toml
+++ b/.github/mypy-primer-ty.toml
@@ -1,7 +0,0 @@
-#:schema ../ty.schema.json
-# Configuration overrides for the mypy primer run
-
-# Enable off-by-default rules.
-[rules]
-possibly-unresolved-reference = "warn"
-unused-ignore-comment = "warn"
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@@ -8,55 +8,27 @@
  semanticCommits: "disabled",
  separateMajorMinor: false,
  prHourlyLimit: 10,
-  enabledManagers: ["github-actions", "pre-commit", "cargo", "pep621", "pip_requirements", "npm"],
+  enabledManagers: ["github-actions", "pre-commit", "cargo", "pep621", "npm"],
  cargo: {
    // See https://docs.renovatebot.com/configuration-options/#rangestrategy
    rangeStrategy: "update-lockfile",
  },
  pep621: {
-    // The default for this package manager is to only search for `pyproject.toml` files
-    // found at the repository root: https://docs.renovatebot.com/modules/manager/pep621/#file-matching
    fileMatch: ["^(python|scripts)/.*pyproject\\.toml$"],
  },
-  pip_requirements: {
-    // The default for this package manager is to run on all requirements.txt files:
-    // https://docs.renovatebot.com/modules/manager/pip_requirements/#file-matching
-    // `fileMatch` doesn't work for excluding files; to exclude `requirements.txt` files
-    // outside the `doc/` directory, we instead have to use `ignorePaths`. Unlike `fileMatch`,
-    // which takes a regex string, `ignorePaths` takes a glob string, so we have to use
-    // a "negative glob pattern".
-    // See:
-    // - https://docs.renovatebot.com/modules/manager/#ignoring-files-that-match-the-default-filematch
-    // - https://docs.renovatebot.com/configuration-options/#ignorepaths
-    // - https://docs.renovatebot.com/string-pattern-matching/#negative-matching
-    ignorePaths: ["!docs/requirements*.txt"]
-  },
  npm: {
-    // The default for this package manager is to only search for `package.json` files
-    // found at the repository root: https://docs.renovatebot.com/modules/manager/npm/#file-matching
    fileMatch: ["^playground/.*package\\.json$"],
  },
  "pre-commit": {
    enabled: true,
  },
  packageRules: [
-    // Pin GitHub Actions to immutable SHAs.
-    {
-      matchDepTypes: ["action"],
-      pinDigests: true,
-    },
-    // Annotate GitHub Actions SHAs with a SemVer version.
-    {
-      extends: ["helpers:pinGitHubActionDigests"],
-      extractVersion: "^(?<version>v?\\d+\\.\\d+\\.\\d+)$",
-      versioning: "regex:^v?(?<major>\\d+)(\\.(?<minor>\\d+)\\.(?<patch>\\d+))?$",
-    },
    {
      // Group upload/download artifact updates, the versions are dependent
      groupName: "Artifact GitHub Actions dependencies",
      matchManagers: ["github-actions"],
      matchDatasources: ["gitea-tags", "github-tags"],
-      matchPackageNames: ["actions/.*-artifact"],
+      matchPackagePatterns: ["actions/.*-artifact"],
      description: "Weekly update of artifact-related GitHub Actions dependencies",
    },
    {
@@ -72,18 +44,10 @@
    {
      // Disable updates of `zip-rs`; intentionally pinned for now due to ownership change
      // See: https://github.com/astral-sh/uv/issues/3642
-      matchPackageNames: ["zip"],
+      matchPackagePatterns: ["zip"],
      matchManagers: ["cargo"],
      enabled: false,
    },
-    {
-      // `mkdocs-material` requires a manual update to keep the version in sync
-      // with `mkdocs-material-insider`.
-      // See: https://squidfunk.github.io/mkdocs-material/insiders/upgrade/
-      matchManagers: ["pip_requirements"],
-      matchPackageNames: ["mkdocs-material"],
-      enabled: false,
-    },
    {
      groupName: "pre-commit dependencies",
      matchManagers: ["pre-commit"],
@@ -98,15 +62,22 @@
    {
      groupName: "Monaco",
      matchManagers: ["npm"],
-      matchPackageNames: ["monaco"],
+      matchPackagePatterns: ["monaco"],
      description: "Weekly update of the Monaco editor",
    },
    {
      groupName: "strum",
      matchManagers: ["cargo"],
-      matchPackageNames: ["strum"],
+      matchPackagePatterns: ["strum"],
      description: "Weekly update of strum dependencies",
-    }
+    },
+    {
+      groupName: "ESLint",
+      matchManagers: ["npm"],
+      matchPackageNames: ["eslint"],
+      allowedVersions: "<9",
+      description: "Constraint ESLint to version 8 until TypeScript-eslint supports ESLint 9", // https://github.com/typescript-eslint/typescript-eslint/issues/8211
+    },
  ],
  vulnerabilityAlerts: {
    commitMessageSuffix: "",
--- a/.github/workflows/build-binaries.yml
+++ b/.github/workflows/build-binaries.yml
@@ -23,12 +23,10 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-permissions: {}
-
 env:
  PACKAGE_NAME: ruff
  MODULE_NAME: ruff
-  PYTHON_VERSION: "3.13"
+  PYTHON_VERSION: "3.11"
  CARGO_INCREMENTAL: 0
  CARGO_NET_RETRY: 10
  CARGO_TERM_COLOR: always
@@ -39,52 +37,50 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }}
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          submodules: recursive
-          persist-credentials: false
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
      - name: "Prep README.md"
        run: python scripts/transform_readme.py --target pypi
      - name: "Build sdist"
-        uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1.49.1
+        uses: PyO3/maturin-action@v1
        with:
          command: sdist
          args: --out dist
      - name: "Test sdist"
        run: |
-          pip install dist/"${PACKAGE_NAME}"-*.tar.gz --force-reinstall
-          "${MODULE_NAME}" --help
-          python -m "${MODULE_NAME}" --help
+          pip install dist/${{ env.PACKAGE_NAME }}-*.tar.gz --force-reinstall
+          ${{ env.MODULE_NAME }} --help
+          python -m ${{ env.MODULE_NAME }} --help
      - name: "Upload sdist"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: wheels-sdist
          path: dist

  macos-x86_64:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }}
-    runs-on: macos-14
+    runs-on: macos-12
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          submodules: recursive
-          persist-credentials: false
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          architecture: x64
      - name: "Prep README.md"
        run: python scripts/transform_readme.py --target pypi
      - name: "Build wheels - x86_64"
-        uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1.49.1
+        uses: PyO3/maturin-action@v1
        with:
          target: x86_64
          args: --release --locked --out dist
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: wheels-macos-x86_64
          path: dist
@@ -99,7 +95,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: artifacts-macos-x86_64
          path: |
@@ -110,28 +106,27 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }}
    runs-on: macos-14
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          submodules: recursive
-          persist-credentials: false
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          architecture: arm64
      - name: "Prep README.md"
        run: python scripts/transform_readme.py --target pypi
      - name: "Build wheels - aarch64"
-        uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1.49.1
+        uses: PyO3/maturin-action@v1
        with:
          target: aarch64
          args: --release --locked --out dist
      - name: "Test wheel - aarch64"
        run: |
-          pip install dist/"${PACKAGE_NAME}"-*.whl --force-reinstall
+          pip install dist/${{ env.PACKAGE_NAME }}-*.whl --force-reinstall
          ruff --help
          python -m ruff --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: wheels-aarch64-apple-darwin
          path: dist
@@ -146,7 +141,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: artifacts-aarch64-apple-darwin
          path: |
@@ -166,18 +161,17 @@ jobs:
          - target: aarch64-pc-windows-msvc
            arch: x64
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          submodules: recursive
-          persist-credentials: false
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          architecture: ${{ matrix.platform.arch }}
      - name: "Prep README.md"
        run: python scripts/transform_readme.py --target pypi
      - name: "Build wheels"
-        uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1.49.1
+        uses: PyO3/maturin-action@v1
        with:
          target: ${{ matrix.platform.target }}
          args: --release --locked --out dist
@@ -188,11 +182,11 @@ jobs:
        if: ${{ !startsWith(matrix.platform.target, 'aarch64') }}
        shell: bash
        run: |
-          python -m pip install dist/"${PACKAGE_NAME}"-*.whl --force-reinstall
-          "${MODULE_NAME}" --help
-          python -m "${MODULE_NAME}" --help
+          python -m pip install dist/${{ env.PACKAGE_NAME }}-*.whl --force-reinstall
+          ${{ env.MODULE_NAME }} --help
+          python -m ${{ env.MODULE_NAME }} --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: wheels-${{ matrix.platform.target }}
          path: dist
@@ -203,7 +197,7 @@ jobs:
          7z a $ARCHIVE_FILE ./target/${{ matrix.platform.target }}/release/ruff.exe
          sha256sum $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: artifacts-${{ matrix.platform.target }}
          path: |
@@ -219,18 +213,17 @@ jobs:
          - x86_64-unknown-linux-gnu
          - i686-unknown-linux-gnu
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          submodules: recursive
-          persist-credentials: false
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          architecture: x64
      - name: "Prep README.md"
        run: python scripts/transform_readme.py --target pypi
      - name: "Build wheels"
-        uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1.49.1
+        uses: PyO3/maturin-action@v1
        with:
          target: ${{ matrix.target }}
          manylinux: auto
@@ -238,11 +231,11 @@ jobs:
      - name: "Test wheel"
        if: ${{ startsWith(matrix.target, 'x86_64') }}
        run: |
-          pip install dist/"${PACKAGE_NAME}"-*.whl --force-reinstall
-          "${MODULE_NAME}" --help
-          python -m "${MODULE_NAME}" --help
+          pip install dist/${{ env.PACKAGE_NAME }}-*.whl --force-reinstall
+          ${{ env.MODULE_NAME }} --help
+          python -m ${{ env.MODULE_NAME }} --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: wheels-${{ matrix.target }}
          path: dist
@@ -260,7 +253,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: artifacts-${{ matrix.target }}
          path: |
@@ -294,24 +287,23 @@ jobs:
            arch: arm

    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          submodules: recursive
-          persist-credentials: false
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
      - name: "Prep README.md"
        run: python scripts/transform_readme.py --target pypi
      - name: "Build wheels"
-        uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1.49.1
+        uses: PyO3/maturin-action@v1
        with:
          target: ${{ matrix.platform.target }}
          manylinux: auto
          docker-options: ${{ matrix.platform.maturin_docker_options }}
          args: --release --locked --out dist
-      - uses: uraimo/run-on-arch-action@d94c13912ea685de38fccc1109385b83fd79427d # v3.0.1
-        if: ${{ matrix.platform.arch != 'ppc64' && matrix.platform.arch != 'ppc64le'}}
+      - uses: uraimo/run-on-arch-action@v2
+        if: matrix.platform.arch != 'ppc64'
        name: Test wheel
        with:
          arch: ${{ matrix.platform.arch == 'arm' && 'armv6' || matrix.platform.arch }}
@@ -325,7 +317,7 @@ jobs:
            pip3 install ${{ env.PACKAGE_NAME }} --no-index --find-links dist/ --force-reinstall
            ruff --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: wheels-${{ matrix.platform.target }}
          path: dist
@@ -343,7 +335,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: artifacts-${{ matrix.platform.target }}
          path: |
@@ -359,25 +351,24 @@ jobs:
          - x86_64-unknown-linux-musl
          - i686-unknown-linux-musl
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          submodules: recursive
-          persist-credentials: false
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          architecture: x64
      - name: "Prep README.md"
        run: python scripts/transform_readme.py --target pypi
      - name: "Build wheels"
-        uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1.49.1
+        uses: PyO3/maturin-action@v1
        with:
          target: ${{ matrix.target }}
          manylinux: musllinux_1_2
          args: --release --locked --out dist
      - name: "Test wheel"
        if: matrix.target == 'x86_64-unknown-linux-musl'
-        uses: addnab/docker-run-action@4f65fabd2431ebc8d299f8e5a018d79a769ae185 # v3
+        uses: addnab/docker-run-action@v3
        with:
          image: alpine:latest
          options: -v ${{ github.workspace }}:/io -w /io
@@ -387,7 +378,7 @@ jobs:
            .venv/bin/pip3 install ${{ env.PACKAGE_NAME }} --no-index --find-links dist/ --force-reinstall
            .venv/bin/${{ env.MODULE_NAME }} --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: wheels-${{ matrix.target }}
          path: dist
@@ -405,7 +396,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: artifacts-${{ matrix.target }}
          path: |
@@ -425,23 +416,22 @@ jobs:
            arch: armv7

    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          submodules: recursive
-          persist-credentials: false
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
      - name: "Prep README.md"
        run: python scripts/transform_readme.py --target pypi
      - name: "Build wheels"
-        uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1.49.1
+        uses: PyO3/maturin-action@v1
        with:
          target: ${{ matrix.platform.target }}
          manylinux: musllinux_1_2
          args: --release --locked --out dist
          docker-options: ${{ matrix.platform.maturin_docker_options }}
-      - uses: uraimo/run-on-arch-action@d94c13912ea685de38fccc1109385b83fd79427d # v3.0.1
+      - uses: uraimo/run-on-arch-action@v2
        name: Test wheel
        with:
          arch: ${{ matrix.platform.arch }}
@@ -454,7 +444,7 @@ jobs:
            .venv/bin/pip3 install ${{ env.PACKAGE_NAME }} --no-index --find-links dist/ --force-reinstall
            .venv/bin/${{ env.MODULE_NAME }} --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: wheels-${{ matrix.platform.target }}
          path: dist
@@ -472,7 +462,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: artifacts-${{ matrix.platform.target }}
          path: |
--- a/.github/workflows/build-docker.yml
+++ b/.github/workflows/build-docker.yml
@@ -17,283 +17,52 @@ on:
    paths:
      - .github/workflows/build-docker.yml

-env:
-  RUFF_BASE_IMG: ghcr.io/${{ github.repository_owner }}/ruff
-
 jobs:
-  docker-build:
-    name: Build Docker image (ghcr.io/astral-sh/ruff) for ${{ matrix.platform }}
+  docker-publish:
+    name: Build Docker image (ghcr.io/astral-sh/ruff)
    runs-on: ubuntu-latest
    environment:
      name: release
-    strategy:
-      fail-fast: false
-      matrix:
-        platform:
-          - linux/amd64
-          - linux/arm64
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          submodules: recursive
-          persist-credentials: false

-      - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+      - uses: docker/setup-buildx-action@v3

-      - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+      - uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/astral-sh/ruff
+
      - name: Check tag consistency
        if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
-        env:
-          TAG: ${{ inputs.plan != '' && fromJson(inputs.plan).announcement_tag || 'dry-run' }}
        run: |
-          version=$(grep -m 1 "^version = " pyproject.toml | sed -e 's/version = "\(.*\)"/\1/g')
-          if [ "${TAG}" != "${version}" ]; then
+          version=$(grep "version = " pyproject.toml | sed -e 's/version = "\(.*\)"/\1/g')
+          if [ "${{ fromJson(inputs.plan).announcement_tag }}" != "${version}" ]; then
            echo "The input tag does not match the version from pyproject.toml:" >&2
-            echo "${TAG}" >&2
+            echo "${{ fromJson(inputs.plan).announcement_tag }}" >&2
            echo "${version}" >&2
            exit 1
          else
            echo "Releasing ${version}"
          fi

-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
-        with:
-          images: ${{ env.RUFF_BASE_IMG }}
-          # Defining this makes sure the org.opencontainers.image.version OCI label becomes the actual release version and not the branch name
-          tags: |
-            type=raw,value=dry-run,enable=${{ inputs.plan == '' || fromJson(inputs.plan).announcement_tag_is_implicit }}
-            type=pep440,pattern={{ version }},value=${{ inputs.plan != '' && fromJson(inputs.plan).announcement_tag || 'dry-run' }},enable=${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
-
-      - name: Normalize Platform Pair (replace / with -)
-        run: |
-          platform=${{ matrix.platform }}
-          echo "PLATFORM_TUPLE=${platform//\//-}" >> "$GITHUB_ENV"
-
-      # Adapted from https://docs.docker.com/build/ci/github-actions/multi-platform/
-      - name: Build and push by digest
-        id: build
-        uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
-        with:
-          context: .
-          platforms: ${{ matrix.platform }}
-          cache-from: type=gha,scope=ruff-${{ env.PLATFORM_TUPLE }}
-          cache-to: type=gha,mode=min,scope=ruff-${{ env.PLATFORM_TUPLE }}
-          labels: ${{ steps.meta.outputs.labels }}
-          outputs: type=image,name=${{ env.RUFF_BASE_IMG }},push-by-digest=true,name-canonical=true,push=${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
-
-      - name: Export digests
-        env:
-          digest: ${{ steps.build.outputs.digest }}
-        run: |
-          mkdir -p /tmp/digests
-          touch "/tmp/digests/${digest#sha256:}"
-
-      - name: Upload digests
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-        with:
-          name: digests-${{ env.PLATFORM_TUPLE }}
-          path: /tmp/digests/*
-          if-no-files-found: error
-          retention-days: 1
-
-  docker-publish:
-    name: Publish Docker image (ghcr.io/astral-sh/ruff)
-    runs-on: ubuntu-latest
-    environment:
-      name: release
-    needs:
-      - docker-build
-    if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
-    steps:
-      - name: Download digests
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
-        with:
-          path: /tmp/digests
-          pattern: digests-*
-          merge-multiple: true
-
-      - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
-
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
-        with:
-          images: ${{ env.RUFF_BASE_IMG }}
-          # Order is on purpose such that the label org.opencontainers.image.version has the first pattern with the full version
-          tags: |
-            type=pep440,pattern={{ version }},value=${{ fromJson(inputs.plan).announcement_tag }}
-            type=pep440,pattern={{ major }}.{{ minor }},value=${{ fromJson(inputs.plan).announcement_tag }}
-
-      - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      # Adapted from https://docs.docker.com/build/ci/github-actions/multi-platform/
-      - name: Create manifest list and push
-        working-directory: /tmp/digests
-        # The jq command expands the docker/metadata json "tags" array entry to `-t tag1 -t tag2 ...` for each tag in the array
-        # The printf will expand the base image with the `<RUFF_BASE_IMG>@sha256:<sha256> ...` for each sha256 in the directory
-        # The final command becomes `docker buildx imagetools create -t tag1 -t tag2 ... <RUFF_BASE_IMG>@sha256:<sha256_1> <RUFF_BASE_IMG>@sha256:<sha256_2> ...`
-        run: |
-          # shellcheck disable=SC2046
-          docker buildx imagetools create \
-            $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf "${RUFF_BASE_IMG}@sha256:%s " *)
-
-  docker-publish-extra:
-    name: Publish additional Docker image based on ${{ matrix.image-mapping }}
-    runs-on: ubuntu-latest
-    environment:
-      name: release
-    needs:
-      - docker-publish
-    if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
-    strategy:
-      fail-fast: false
-      matrix:
-        # Mapping of base image followed by a comma followed by one or more base tags (comma separated)
-        # Note, org.opencontainers.image.version label will use the first base tag (use the most specific tag first)
-        image-mapping:
-          - alpine:3.21,alpine3.21,alpine
-          - debian:bookworm-slim,bookworm-slim,debian-slim
-          - buildpack-deps:bookworm,bookworm,debian
-    steps:
-      - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
-
-      - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Generate Dynamic Dockerfile Tags
-        shell: bash
-        env:
-          TAG_VALUE: ${{ fromJson(inputs.plan).announcement_tag }}
-        run: |
-          set -euo pipefail
-
-          # Extract the image and tags from the matrix variable
-          IFS=',' read -r BASE_IMAGE BASE_TAGS <<< "${{ matrix.image-mapping }}"
-
-          # Generate Dockerfile content
-          cat <<EOF > Dockerfile
-          FROM ${BASE_IMAGE}
-          COPY --from=${RUFF_BASE_IMG}:latest /ruff /usr/local/bin/ruff
-          ENTRYPOINT []
-          CMD ["/usr/local/bin/ruff"]
-          EOF
-
-          # Initialize a variable to store all tag docker metadata patterns
-          TAG_PATTERNS=""
-
-          # Loop through all base tags and append its docker metadata pattern to the list
-          # Order is on purpose such that the label org.opencontainers.image.version has the first pattern with the full version
-          IFS=','; for TAG in ${BASE_TAGS}; do
-            TAG_PATTERNS="${TAG_PATTERNS}type=pep440,pattern={{ version }},suffix=-${TAG},value=${TAG_VALUE}\n"
-            TAG_PATTERNS="${TAG_PATTERNS}type=pep440,pattern={{ major }}.{{ minor }},suffix=-${TAG},value=${TAG_VALUE}\n"
-            TAG_PATTERNS="${TAG_PATTERNS}type=raw,value=${TAG}\n"
-          done
-
-          # Remove the trailing newline from the pattern list
-          TAG_PATTERNS="${TAG_PATTERNS%\\n}"
-
-          # Export image cache name
-          echo "IMAGE_REF=${BASE_IMAGE//:/-}" >> "$GITHUB_ENV"
-
-          # Export tag patterns using the multiline env var syntax
-          {
-            echo "TAG_PATTERNS<<EOF"
-            echo -e "${TAG_PATTERNS}"
-            echo EOF
-          } >> "$GITHUB_ENV"
-
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
-        # ghcr.io prefers index level annotations
-        env:
-          DOCKER_METADATA_ANNOTATIONS_LEVELS: index
-        with:
-          images: ${{ env.RUFF_BASE_IMG }}
-          flavor: |
-            latest=false
-          tags: |
-            ${{ env.TAG_PATTERNS }}
-
-      - name: Build and push
-        uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
+      - name: "Build and push Docker image"
+        uses: docker/build-push-action@v6
        with:
          context: .
          platforms: linux/amd64,linux/arm64
-          # We do not really need to cache here as the Dockerfile is tiny
-          #cache-from: type=gha,scope=ruff-${{ env.IMAGE_REF }}
-          #cache-to: type=gha,mode=min,scope=ruff-${{ env.IMAGE_REF }}
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
+          # Reuse the builder
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          push: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
+          tags: ghcr.io/astral-sh/ruff:latest,ghcr.io/astral-sh/ruff:${{ (inputs.plan != '' && fromJson(inputs.plan).announcement_tag) || 'dry-run' }}
          labels: ${{ steps.meta.outputs.labels }}
-          annotations: ${{ steps.meta.outputs.annotations }}
-
-  # This is effectively a duplicate of `docker-publish` to make https://github.com/astral-sh/ruff/pkgs/container/ruff
-  # show the ruff base image first since GitHub always shows the last updated image digests
-  # This works by annotating the original digests (previously non-annotated) which triggers an update to ghcr.io
-  docker-republish:
-    name: Annotate Docker image (ghcr.io/astral-sh/ruff)
-    runs-on: ubuntu-latest
-    environment:
-      name: release
-    needs:
-      - docker-publish-extra
-    if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
-    steps:
-      - name: Download digests
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
-        with:
-          path: /tmp/digests
-          pattern: digests-*
-          merge-multiple: true
-
-      - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
-
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
-        env:
-          DOCKER_METADATA_ANNOTATIONS_LEVELS: index
-        with:
-          images: ${{ env.RUFF_BASE_IMG }}
-          # Order is on purpose such that the label org.opencontainers.image.version has the first pattern with the full version
-          tags: |
-            type=pep440,pattern={{ version }},value=${{ fromJson(inputs.plan).announcement_tag }}
-            type=pep440,pattern={{ major }}.{{ minor }},value=${{ fromJson(inputs.plan).announcement_tag }}
-
-      - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      # Adapted from https://docs.docker.com/build/ci/github-actions/multi-platform/
-      - name: Create manifest list and push
-        working-directory: /tmp/digests
-        # The readarray part is used to make sure the quoting and special characters are preserved on expansion (e.g. spaces)
-        # The jq command expands the docker/metadata json "tags" array entry to `-t tag1 -t tag2 ...` for each tag in the array
-        # The printf will expand the base image with the `<RUFF_BASE_IMG>@sha256:<sha256> ...` for each sha256 in the directory
-        # The final command becomes `docker buildx imagetools create -t tag1 -t tag2 ... <RUFF_BASE_IMG>@sha256:<sha256_1> <RUFF_BASE_IMG>@sha256:<sha256_2> ...`
-        run: |
-          readarray -t lines <<< "$DOCKER_METADATA_OUTPUT_ANNOTATIONS"; annotations=(); for line in "${lines[@]}"; do annotations+=(--annotation "$line"); done
-
-          # shellcheck disable=SC2046
-          docker buildx imagetools create \
-            "${annotations[@]}" \
-            $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf "${RUFF_BASE_IMG}@sha256:%s " *)
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
--- a/.github/workflows/daily_fuzz.yaml
+++ b/.github/workflows/daily_fuzz.yaml
@@ -31,31 +31,25 @@ jobs:
    # Don't run the cron job on forks:
    if: ${{ github.repository == 'astral-sh/ruff' || github.event_name != 'schedule' }}
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
        with:
-          persist-credentials: false
-      - uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # v6.0.1
+          python-version: "3.12"
+      - name: Install uv
+        run: curl -LsSf https://astral.sh/uv/install.sh | sh
+      - name: Install Python requirements
+        run: uv pip install -r scripts/fuzz-parser/requirements.txt --system
      - name: "Install Rust toolchain"
        run: rustup show
      - name: "Install mold"
-        uses: rui314/setup-mold@e16410e7f8d9e167b74ad5697a9089a35126eb50 # v1
-      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
+        uses: rui314/setup-mold@v1
+      - uses: Swatinem/rust-cache@v2
      - name: Build ruff
        # A debug build means the script runs slower once it gets started,
        # but this is outweighed by the fact that a release build takes *much* longer to compile in CI
        run: cargo build --locked
      - name: Fuzz
-        run: |
-          # shellcheck disable=SC2046
-          (
-            uvx \
-            --python=3.12 \
-            --from=./python/py-fuzzer \
-            fuzz \
-            --test-executable=target/debug/ruff \
-            --bin=ruff \
-            $(shuf -i 0-9999999999999999999 -n 1000)
-          )
+        run: python scripts/fuzz-parser/fuzz.py $(shuf -i 0-9999999999999999999 -n 1000) --test-executable target/debug/ruff

  create-issue-on-failure:
    name: Create an issue if the daily fuzz surfaced any bugs
@@ -65,7 +59,7 @@ jobs:
    permissions:
      issues: write
    steps:
-      - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+      - uses: actions/github-script@v7
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
@@ -73,6 +67,6 @@ jobs:
              owner: "astral-sh",
              repo: "ruff",
              title: `Daily parser fuzz failed on ${new Date().toDateString()}`,
-              body: "Run listed here: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}",
+              body: "Runs listed here: https://github.com/astral-sh/ruff/actions/workflows/daily_fuzz.yml",
              labels: ["bug", "parser", "fuzzer"],
            })
--- a/.github/workflows/mypy_primer.yaml
+++ b/.github/workflows/mypy_primer.yaml
@@ -1,100 +0,0 @@
-name: Run mypy_primer
-
-permissions: {}
-
-on:
-  pull_request:
-    paths:
-      - "crates/ty*/**"
-      - "crates/ruff_db"
-      - "crates/ruff_python_ast"
-      - "crates/ruff_python_parser"
-      - ".github/workflows/mypy_primer.yaml"
-      - ".github/workflows/mypy_primer_comment.yaml"
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref_name }}-${{ github.event.pull_request.number || github.sha }}
-  cancel-in-progress: true
-
-env:
-  CARGO_INCREMENTAL: 0
-  CARGO_NET_RETRY: 10
-  CARGO_TERM_COLOR: always
-  RUSTUP_MAX_RETRIES: 10
-  RUST_BACKTRACE: 1
-
-jobs:
-  mypy_primer:
-    name: Run mypy_primer
-    runs-on: depot-ubuntu-22.04-32
-    timeout-minutes: 20
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          path: ruff
-          fetch-depth: 0
-          persist-credentials: false
-
-      - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # v6.0.1
-
-      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
-        with:
-          workspaces: "ruff"
-
-      - name: Install Rust toolchain
-        run: rustup show
-
-      - name: Run mypy_primer
-        shell: bash
-        run: |
-          cd ruff
-
-          echo "Enabling mypy primer specific configuration overloads (see .github/mypy-primer-ty.toml)"
-          mkdir -p ~/.config/ty
-          cp .github/mypy-primer-ty.toml ~/.config/ty/ty.toml
-
-          PRIMER_SELECTOR="$(paste -s -d'|' crates/ty_python_semantic/resources/primer/good.txt)"
-
-          echo "new commit"
-          git rev-list --format=%s --max-count=1 "$GITHUB_SHA"
-
-          MERGE_BASE="$(git merge-base "$GITHUB_SHA" "origin/$GITHUB_BASE_REF")"
-          git checkout -b base_commit "$MERGE_BASE"
-          echo "base commit"
-          git rev-list --format=%s --max-count=1 base_commit
-
-          cd ..
-
-          echo "Project selector: $PRIMER_SELECTOR"
-          # Allow the exit code to be 0 or 1, only fail for actual mypy_primer crashes/bugs
-          uvx \
-            --from="git+https://github.com/hauntsaninja/mypy_primer@01a7ca325f674433c58e02416a867178d1571128" \
-            mypy_primer \
-            --repo ruff \
-            --type-checker ty \
-            --old base_commit \
-            --new "$GITHUB_SHA" \
-            --project-selector "/($PRIMER_SELECTOR)\$" \
-            --output concise \
-            --debug > mypy_primer.diff || [ $? -eq 1 ]
-
-          # Output diff with ANSI color codes
-          cat mypy_primer.diff
-
-          # Remove ANSI color codes before uploading
-          sed -ie 's/\x1b\[[0-9;]*m//g' mypy_primer.diff
-
-          echo ${{ github.event.number }} > pr-number
-
-      - name: Upload diff
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-        with:
-          name: mypy_primer_diff
-          path: mypy_primer.diff
-
-      - name: Upload pr-number
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-        with:
-          name: pr-number
-          path: pr-number
--- a/.github/workflows/mypy_primer_comment.yaml
+++ b/.github/workflows/mypy_primer_comment.yaml
@@ -1,97 +0,0 @@
-name: PR comment (mypy_primer)
-
-on: # zizmor: ignore[dangerous-triggers]
-  workflow_run:
-    workflows: [Run mypy_primer]
-    types: [completed]
-  workflow_dispatch:
-    inputs:
-      workflow_run_id:
-        description: The mypy_primer workflow that triggers the workflow run
-        required: true
-
-jobs:
-  comment:
-    runs-on: ubuntu-24.04
-    permissions:
-      pull-requests: write
-    steps:
-      - uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8
-        name: Download PR number
-        with:
-          name: pr-number
-          run_id: ${{ github.event.workflow_run.id ||  github.event.inputs.workflow_run_id }}
-          if_no_artifact_found: ignore
-          allow_forks: true
-
-      - name: Parse pull request number
-        id: pr-number
-        run: |
-          if [[ -f pr-number ]]
-          then
-            echo "pr-number=$(<pr-number)" >> "$GITHUB_OUTPUT"
-          fi
-
-      - uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8
-        name: "Download mypy_primer results"
-        id: download-mypy_primer_diff
-        if: steps.pr-number.outputs.pr-number
-        with:
-          name: mypy_primer_diff
-          workflow: mypy_primer.yaml
-          pr: ${{ steps.pr-number.outputs.pr-number }}
-          path: pr/mypy_primer_diff
-          workflow_conclusion: completed
-          if_no_artifact_found: ignore
-          allow_forks: true
-
-      - name: Generate comment content
-        id: generate-comment
-        if: steps.download-mypy_primer_diff.outputs.found_artifact == 'true'
-        run: |
-          # Guard against malicious mypy_primer results that symlink to a secret
-          # file on this runner
-          if [[ -L pr/mypy_primer_diff/mypy_primer.diff ]]
-          then
-              echo "Error: mypy_primer.diff cannot be a symlink"
-              exit 1
-          fi
-
-          # Note this identifier is used to find the comment to update on
-          # subsequent runs
-          echo '<!-- generated-comment mypy_primer -->' >> comment.txt
-
-          echo '## `mypy_primer` results' >> comment.txt
-          if [ -s "pr/mypy_primer_diff/mypy_primer.diff" ]; then
-            echo '<details>' >> comment.txt
-            echo '<summary>Changes were detected when running on open source projects</summary>' >> comment.txt
-            echo '' >> comment.txt
-            echo '```diff' >> comment.txt
-            cat pr/mypy_primer_diff/mypy_primer.diff >> comment.txt
-            echo '```' >> comment.txt
-            echo '</details>' >> comment.txt
-          else
-            echo 'No ecosystem changes detected ✅' >> comment.txt
-          fi
-
-          echo 'comment<<EOF' >> "$GITHUB_OUTPUT"
-          cat comment.txt >> "$GITHUB_OUTPUT"
-          echo 'EOF' >> "$GITHUB_OUTPUT"
-
-      - name: Find existing comment
-        uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0
-        if: steps.generate-comment.outcome == 'success'
-        id: find-comment
-        with:
-          issue-number: ${{ steps.pr-number.outputs.pr-number }}
-          comment-author: "github-actions[bot]"
-          body-includes: "<!-- generated-comment mypy_primer -->"
-
-      - name: Create or update comment
-        if: steps.find-comment.outcome == 'success'
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4
-        with:
-          comment-id: ${{ steps.find-comment.outputs.comment-id }}
-          issue-number: ${{ steps.pr-number.outputs.pr-number }}
-          body-path: comment.txt
-          edit-mode: replace
--- a/.github/workflows/notify-dependents.yml
+++ b/.github/workflows/notify-dependents.yml
@@ -17,7 +17,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: "Update pre-commit mirror"
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@v7
        with:
          github-token: ${{ secrets.RUFF_PRE_COMMIT_PAT }}
          script: |
--- a/.github/workflows/pr-comment.yaml
+++ b/.github/workflows/pr-comment.yaml
@@ -10,29 +10,29 @@ on:
        description: The ecosystem workflow that triggers the workflow run
        required: true

+permissions:
+  pull-requests: write
+
 jobs:
  comment:
    runs-on: ubuntu-latest
-    permissions:
-      pull-requests: write
    steps:
-      - uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8
+      - uses: dawidd6/action-download-artifact@v6
        name: Download pull request number
        with:
          name: pr-number
          run_id: ${{ github.event.workflow_run.id ||  github.event.inputs.workflow_run_id }}
          if_no_artifact_found: ignore
-          allow_forks: true

      - name: Parse pull request number
        id: pr-number
        run: |
          if [[ -f pr-number ]]
          then
-            echo "pr-number=$(<pr-number)" >> "$GITHUB_OUTPUT"
+            echo "pr-number=$(<pr-number)" >> $GITHUB_OUTPUT
          fi

-      - uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8
+      - uses: dawidd6/action-download-artifact@v6
        name: "Download ecosystem results"
        id: download-ecosystem-result
        if: steps.pr-number.outputs.pr-number
@@ -43,7 +43,6 @@ jobs:
          path: pr/ecosystem
          workflow_conclusion: completed
          if_no_artifact_found: ignore
-          allow_forks: true

      - name: Generate comment content
        id: generate-comment
@@ -65,12 +64,12 @@ jobs:
          cat pr/ecosystem/ecosystem-result >> comment.txt
          echo "" >> comment.txt

-          echo 'comment<<EOF' >> "$GITHUB_OUTPUT"
-          cat comment.txt >> "$GITHUB_OUTPUT"
-          echo 'EOF' >> "$GITHUB_OUTPUT"
+          echo 'comment<<EOF' >> $GITHUB_OUTPUT
+          cat comment.txt >> $GITHUB_OUTPUT
+          echo 'EOF' >> $GITHUB_OUTPUT

      - name: Find existing comment
-        uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0
+        uses: peter-evans/find-comment@v3
        if: steps.generate-comment.outcome == 'success'
        id: find-comment
        with:
@@ -80,7 +79,7 @@ jobs:

      - name: Create or update comment
        if: steps.find-comment.outcome == 'success'
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4
+        uses: peter-evans/create-or-update-comment@v4
        with:
          comment-id: ${{ steps.find-comment.outputs.comment-id }}
          issue-number: ${{ steps.pr-number.outputs.pr-number }}
--- a/.github/workflows/publish-docs.yml
+++ b/.github/workflows/publish-docs.yml
@@ -23,52 +23,52 @@ jobs:
    env:
      MKDOCS_INSIDERS_SSH_KEY_EXISTS: ${{ secrets.MKDOCS_INSIDERS_SSH_KEY != '' }}
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          ref: ${{ inputs.ref }}
-          persist-credentials: true

-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@v5
        with:
          python-version: 3.12

      - name: "Set docs version"
-        env:
-          version: ${{ (inputs.plan != '' && fromJson(inputs.plan).announcement_tag) || inputs.ref }}
        run: |
-          # if version is missing, use 'latest'
-          if [ -z "$version" ]; then
-            echo "Using 'latest' as version"
-            version="latest"
+          version="${{ (inputs.plan != '' && fromJson(inputs.plan).announcement_tag) || inputs.ref }}"
+          # if version is missing, exit with error
+          if [[ -z "$version" ]]; then
+          echo "Can't build docs without a version."
+          exit 1
          fi

          # Use version as display name for now
          display_name="$version"

-          echo "version=$version" >> "$GITHUB_ENV"
-          echo "display_name=$display_name" >> "$GITHUB_ENV"
+          echo "version=$version" >> $GITHUB_ENV
+          echo "display_name=$display_name" >> $GITHUB_ENV

      - name: "Set branch name"
        run: |
+          version="${{ env.version }}"
+          display_name="${{ env.display_name }}"
          timestamp="$(date +%s)"

          # create branch_display_name from display_name by replacing all
          # characters disallowed in git branch names with hyphens
-          branch_display_name="$(echo "${display_name}" | tr -c '[:alnum:]._' '-' | tr -s '-')"
+          branch_display_name="$(echo "$display_name" | tr -c '[:alnum:]._' '-' | tr -s '-')"

-          echo "branch_name=update-docs-$branch_display_name-$timestamp" >> "$GITHUB_ENV"
-          echo "timestamp=$timestamp" >> "$GITHUB_ENV"
+          echo "branch_name=update-docs-$branch_display_name-$timestamp" >> $GITHUB_ENV
+          echo "timestamp=$timestamp" >> $GITHUB_ENV

      - name: "Add SSH key"
        if: ${{ env.MKDOCS_INSIDERS_SSH_KEY_EXISTS == 'true' }}
-        uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1
+        uses: webfactory/ssh-agent@v0.9.0
        with:
          ssh-private-key: ${{ secrets.MKDOCS_INSIDERS_SSH_KEY }}

      - name: "Install Rust toolchain"
        run: rustup show

-      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
+      - uses: Swatinem/rust-cache@v2

      - name: "Install Insiders dependencies"
        if: ${{ env.MKDOCS_INSIDERS_SSH_KEY_EXISTS == 'true' }}
@@ -92,7 +92,9 @@ jobs:
        run: mkdocs build --strict -f mkdocs.public.yml

      - name: "Clone docs repo"
-        run: git clone https://${{ secrets.ASTRAL_DOCS_PAT }}@github.com/astral-sh/docs.git astral-docs
+        run: |
+          version="${{ env.version }}"
+          git clone https://${{ secrets.ASTRAL_DOCS_PAT }}@github.com/astral-sh/docs.git astral-docs

      - name: "Copy docs"
        run: rm -rf astral-docs/site/ruff && mkdir -p astral-docs/site && cp -r site/ruff astral-docs/site/
@@ -100,10 +102,12 @@ jobs:
      - name: "Commit docs"
        working-directory: astral-docs
        run: |
-          git config user.name "astral-docs-bot"
-          git config user.email "176161322+astral-docs-bot@users.noreply.github.com"
+          branch_name="${{ env.branch_name }}"

-          git checkout -b "${branch_name}"
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+          git checkout -b $branch_name
          git add site/ruff
          git commit -m "Update ruff documentation for $version"

@@ -112,8 +116,12 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.ASTRAL_DOCS_PAT }}
        run: |
+          version="${{ env.version }}"
+          display_name="${{ env.display_name }}"
+          branch_name="${{ env.branch_name }}"
+
          # set the PR title
-          pull_request_title="Update ruff documentation for ${display_name}"
+          pull_request_title="Update ruff documentation for $display_name"

          # Delete any existing pull requests that are open for this version
          # by checking against pull_request_title because the new PR will
@@ -122,15 +130,13 @@ jobs:
            xargs -I {} gh pr close {}

          # push the branch to GitHub
-          git push origin "${branch_name}"
+          git push origin $branch_name

          # create the PR
-          gh pr create \
-            --base=main \
-            --head="${branch_name}" \
-            --title="${pull_request_title}" \
-            --body="Automated documentation update for ${display_name}" \
-            --label="documentation"
+          gh pr create --base main --head $branch_name \
+            --title "$pull_request_title" \
+            --body "Automated documentation update for $display_name" \
+            --label "documentation"

      - name: "Merge Pull Request"
        if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
@@ -138,7 +144,8 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.ASTRAL_DOCS_PAT }}
        run: |
+          branch_name="${{ env.branch_name }}"
          # auto-merge the PR if the build was triggered by a release. Manual builds should be reviewed by a human.
          # give the PR a few seconds to be created before trying to auto-merge it
          sleep 10
-          gh pr merge --squash "${branch_name}"
+          gh pr merge --squash $branch_name
--- a/.github/workflows/publish-playground.yml
+++ b/.github/workflows/publish-playground.yml
@@ -24,31 +24,32 @@ jobs:
    env:
      CF_API_TOKEN_EXISTS: ${{ secrets.CF_API_TOKEN != '' }}
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
+      - uses: actions/checkout@v4
      - name: "Install Rust toolchain"
        run: rustup target add wasm32-unknown-unknown
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+      - uses: actions/setup-node@v4
        with:
-          node-version: 22
+          node-version: 18
          cache: "npm"
          cache-dependency-path: playground/package-lock.json
-      - uses: jetli/wasm-bindgen-action@20b33e20595891ab1a0ed73145d8a21fc96e7c29 # v0.2.0
+      - uses: jetli/wasm-pack-action@v0.4.0
+      - uses: jetli/wasm-bindgen-action@v0.2.0
+      - name: "Run wasm-pack"
+        run: wasm-pack build --target web --out-dir ../../playground/src/pkg crates/ruff_wasm
      - name: "Install Node dependencies"
        run: npm ci
        working-directory: playground
      - name: "Run TypeScript checks"
        run: npm run check
        working-directory: playground
-      - name: "Build Ruff playground"
-        run: npm run build --workspace ruff-playground
+      - name: "Build JavaScript bundle"
+        run: npm run build
        working-directory: playground
      - name: "Deploy to Cloudflare Pages"
        if: ${{ env.CF_API_TOKEN_EXISTS == 'true' }}
-        uses: cloudflare/wrangler-action@da0e0dfe58b7a431659754fdf3f186c529afbe65 # v3.14.1
+        uses: cloudflare/wrangler-action@v3.7.0
        with:
          apiToken: ${{ secrets.CF_API_TOKEN }}
          accountId: ${{ secrets.CF_ACCOUNT_ID }}
          # `github.head_ref` is only set during pull requests and for manual runs or tags we use `main` to deploy to production
-          command: pages deploy playground/ruff/dist --project-name=ruff-playground --branch ${{ github.head_ref || 'main' }} --commit-hash ${GITHUB_SHA}
+          command: pages deploy playground/dist --project-name=ruff-playground --branch ${{ github.head_ref || 'main' }} --commit-hash ${GITHUB_SHA}
--- a/.github/workflows/publish-pypi.yml
+++ b/.github/workflows/publish-pypi.yml
@@ -21,12 +21,14 @@ jobs:
      # For PyPI's trusted publishing.
      id-token: write
    steps:
-      - name: "Install uv"
-        uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # v6.0.1
-      - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+      - uses: actions/download-artifact@v4
        with:
          pattern: wheels-*
          path: wheels
          merge-multiple: true
      - name: Publish to PyPi
-        run: uv publish -v wheels/*
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          skip-existing: true
+          packages-dir: wheels
+          verbose: true
--- a/.github/workflows/publish-ty-playground.yml
+++ b/.github/workflows/publish-ty-playground.yml
@@ -1,58 +0,0 @@
-# Publish the ty playground.
-name: "[ty Playground] Release"
-
-permissions: {}
-
-on:
-  push:
-    branches: [main]
-    paths:
-      - "crates/ty*/**"
-      - "crates/ruff_db/**"
-      - "crates/ruff_python_ast/**"
-      - "crates/ruff_python_parser/**"
-      - "playground/**"
-      - ".github/workflows/publish-ty-playground.yml"
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref_name }}
-  cancel-in-progress: true
-
-env:
-  CARGO_INCREMENTAL: 0
-  CARGO_NET_RETRY: 10
-  CARGO_TERM_COLOR: always
-  RUSTUP_MAX_RETRIES: 10
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-    env:
-      CF_API_TOKEN_EXISTS: ${{ secrets.CF_API_TOKEN != '' }}
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-      - name: "Install Rust toolchain"
-        run: rustup target add wasm32-unknown-unknown
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
-        with:
-          node-version: 22
-      - uses: jetli/wasm-bindgen-action@20b33e20595891ab1a0ed73145d8a21fc96e7c29 # v0.2.0
-      - name: "Install Node dependencies"
-        run: npm ci
-        working-directory: playground
-      - name: "Run TypeScript checks"
-        run: npm run check
-        working-directory: playground
-      - name: "Build ty playground"
-        run: npm run build --workspace ty-playground
-        working-directory: playground
-      - name: "Deploy to Cloudflare Pages"
-        if: ${{ env.CF_API_TOKEN_EXISTS == 'true' }}
-        uses: cloudflare/wrangler-action@da0e0dfe58b7a431659754fdf3f186c529afbe65 # v3.14.1
-        with:
-          apiToken: ${{ secrets.CF_API_TOKEN }}
-          accountId: ${{ secrets.CF_ACCOUNT_ID }}
-          # `github.head_ref` is only set during pull requests and for manual runs or tags we use `main` to deploy to production
-          command: pages deploy playground/ty/dist --project-name=ty-playground --branch ${{ github.head_ref || 'main' }} --commit-hash ${GITHUB_SHA}
--- a/.github/workflows/publish-wasm.yml
+++ b/.github/workflows/publish-wasm.yml
@@ -29,15 +29,11 @@ jobs:
        target: [web, bundler, nodejs]
      fail-fast: false
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
+      - uses: actions/checkout@v4
      - name: "Install Rust toolchain"
        run: rustup target add wasm32-unknown-unknown
-      - uses: jetli/wasm-pack-action@0d096b08b4e5a7de8c28de67e11e945404e9eefa # v0.4.0
-        with:
-          version: v0.13.1
-      - uses: jetli/wasm-bindgen-action@20b33e20595891ab1a0ed73145d8a21fc96e7c29 # v0.2.0
+      - uses: jetli/wasm-pack-action@v0.4.0
+      - uses: jetli/wasm-bindgen-action@v0.2.0
      - name: "Run wasm-pack build"
        run: wasm-pack build --target ${{ matrix.target }} crates/ruff_wasm
      - name: "Rename generated package"
@@ -45,9 +41,9 @@ jobs:
          jq '.name="@astral-sh/ruff-wasm-${{ matrix.target }}"' crates/ruff_wasm/pkg/package.json > /tmp/package.json
          mv /tmp/package.json crates/ruff_wasm/pkg
      - run: cp LICENSE crates/ruff_wasm/pkg # wasm-pack does not put the LICENSE file in the pkg
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+      - uses: actions/setup-node@v4
        with:
-          node-version: 20
+          node-version: 18
          registry-url: "https://registry.npmjs.org"
      - name: "Publish (dry-run)"
        if: ${{ inputs.plan == '' || fromJson(inputs.plan).announcement_tag_is_implicit }}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,13 +1,10 @@
-# This file was autogenerated by dist: https://github.com/astral-sh/cargo-dist
-#
 # Copyright 2022-2024, axodotdev
-# Copyright 2025 Astral Software Inc.
 # SPDX-License-Identifier: MIT or Apache-2.0
 #
 # CI that:
 #
 # * checks for a Git Tag that looks like a release
-# * builds artifacts with dist (archives, installers, hashes)
+# * builds artifacts with cargo-dist (archives, installers, hashes)
 # * uploads those artifacts to temporary workflow zip
 # * on success, uploads the artifacts to a GitHub Release
 #
@@ -25,10 +22,10 @@ permissions:
 # must be a Cargo-style SemVer Version (must have at least major.minor.patch).
 #
 # If PACKAGE_NAME is specified, then the announcement will be for that
-# package (erroring out if it doesn't have the given version or isn't dist-able).
+# package (erroring out if it doesn't have the given version or isn't cargo-dist-able).
 #
 # If PACKAGE_NAME isn't specified, then the announcement will be for all
-# (dist-able) packages in the workspace with that version (this mode is
+# (cargo-dist-able) packages in the workspace with that version (this mode is
 # intended for workspaces with only one dist-able package, or with all dist-able
 # packages versioned/released in lockstep).
 #
@@ -40,7 +37,6 @@ permissions:
 # If there's a prerelease-style suffix to the version, then the release(s)
 # will be marked as a prerelease.
 on:
-  pull_request:
  workflow_dispatch:
    inputs:
      tag:
@@ -50,9 +46,9 @@ on:
        type: string

 jobs:
-  # Run 'dist plan' (or host) to determine what tasks we need to do
+  # Run 'cargo dist plan' (or host) to determine what tasks we need to do
  plan:
-    runs-on: "depot-ubuntu-latest-4"
+    runs-on: "ubuntu-20.04"
    outputs:
      val: ${{ steps.plan.outputs.manifest }}
      tag: ${{ (inputs.tag != 'dry-run' && inputs.tag) || '' }}
@@ -61,20 +57,19 @@ jobs:
    env:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    steps:
-      - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2
+      - uses: actions/checkout@v4
        with:
-          persist-credentials: false
          submodules: recursive
-      - name: Install dist
+      - name: Install cargo-dist
        # we specify bash to get pipefail; it guards against the `curl` command
        # failing. otherwise `sh` won't catch that `curl` returned non-0
        shell: bash
-        run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/cargo-dist/releases/download/v0.28.5-prerelease.1/cargo-dist-installer.sh | sh"
-      - name: Cache dist
-        uses: actions/upload-artifact@6027e3dd177782cd8ab9af838c04fd81a07f1d47
+        run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.18.0/cargo-dist-installer.sh | sh"
+      - name: Cache cargo-dist
+        uses: actions/upload-artifact@v4
        with:
          name: cargo-dist-cache
-          path: ~/.cargo/bin/dist
+          path: ~/.cargo/bin/cargo-dist
      # sure would be cool if github gave us proper conditionals...
      # so here's a doubly-nested ternary-via-truthiness to try to provide the best possible
      # functionality based on whether this is a pull_request, and whether it's from a fork.
@@ -82,12 +77,12 @@ jobs:
      # but also really annoying to build CI around when it needs secrets to work right.)
      - id: plan
        run: |
-          dist ${{ (inputs.tag && inputs.tag != 'dry-run' && format('host --steps=create --tag={0}', inputs.tag)) || 'plan' }} --output-format=json > plan-dist-manifest.json
-          echo "dist ran successfully"
+          cargo dist ${{ (inputs.tag && inputs.tag != 'dry-run' && format('host --steps=create --tag={0}', inputs.tag)) || 'plan' }} --output-format=json > plan-dist-manifest.json
+          echo "cargo dist ran successfully"
          cat plan-dist-manifest.json
          echo "manifest=$(jq -c "." plan-dist-manifest.json)" >> "$GITHUB_OUTPUT"
      - name: "Upload dist-manifest.json"
-        uses: actions/upload-artifact@6027e3dd177782cd8ab9af838c04fd81a07f1d47
+        uses: actions/upload-artifact@v4
        with:
          name: artifacts-plan-dist-manifest
          path: plan-dist-manifest.json
@@ -119,24 +114,23 @@ jobs:
      - plan
      - custom-build-binaries
      - custom-build-docker
-    runs-on: "depot-ubuntu-latest-4"
+    runs-on: "ubuntu-20.04"
    env:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      BUILD_MANIFEST_NAME: target/distrib/global-dist-manifest.json
    steps:
-      - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2
+      - uses: actions/checkout@v4
        with:
-          persist-credentials: false
          submodules: recursive
-      - name: Install cached dist
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
+      - name: Install cached cargo-dist
+        uses: actions/download-artifact@v4
        with:
          name: cargo-dist-cache
          path: ~/.cargo/bin/
-      - run: chmod +x ~/.cargo/bin/dist
+      - run: chmod +x ~/.cargo/bin/cargo-dist
      # Get all the local artifacts for the global tasks to use (for e.g. checksums)
      - name: Fetch local artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
+        uses: actions/download-artifact@v4
        with:
          pattern: artifacts-*
          path: target/distrib/
@@ -144,8 +138,8 @@ jobs:
      - id: cargo-dist
        shell: bash
        run: |
-          dist build ${{ needs.plan.outputs.tag-flag }} --output-format=json "--artifacts=global" > dist-manifest.json
-          echo "dist ran successfully"
+          cargo dist build ${{ needs.plan.outputs.tag-flag }} --output-format=json "--artifacts=global" > dist-manifest.json
+          echo "cargo dist ran successfully"

          # Parse out what we just built and upload it to scratch storage
          echo "paths<<EOF" >> "$GITHUB_OUTPUT"
@@ -154,7 +148,7 @@ jobs:

          cp dist-manifest.json "$BUILD_MANIFEST_NAME"
      - name: "Upload artifacts"
-        uses: actions/upload-artifact@6027e3dd177782cd8ab9af838c04fd81a07f1d47
+        uses: actions/upload-artifact@v4
        with:
          name: artifacts-build-global
          path: |
@@ -171,23 +165,22 @@ jobs:
    if: ${{ always() && needs.plan.outputs.publishing == 'true' && (needs.build-global-artifacts.result == 'skipped' || needs.build-global-artifacts.result == 'success') && (needs.custom-build-binaries.result == 'skipped' || needs.custom-build-binaries.result == 'success') && (needs.custom-build-docker.result == 'skipped' || needs.custom-build-docker.result == 'success') }}
    env:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    runs-on: "depot-ubuntu-latest-4"
+    runs-on: "ubuntu-20.04"
    outputs:
      val: ${{ steps.host.outputs.manifest }}
    steps:
-      - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2
+      - uses: actions/checkout@v4
        with:
-          persist-credentials: false
          submodules: recursive
-      - name: Install cached dist
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
+      - name: Install cached cargo-dist
+        uses: actions/download-artifact@v4
        with:
          name: cargo-dist-cache
          path: ~/.cargo/bin/
-      - run: chmod +x ~/.cargo/bin/dist
+      - run: chmod +x ~/.cargo/bin/cargo-dist
      # Fetch artifacts from scratch-storage
      - name: Fetch artifacts
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
+        uses: actions/download-artifact@v4
        with:
          pattern: artifacts-*
          path: target/distrib/
@@ -196,12 +189,12 @@ jobs:
      - id: host
        shell: bash
        run: |
-          dist host ${{ needs.plan.outputs.tag-flag }} --steps=upload --steps=release --output-format=json > dist-manifest.json
+          cargo dist host ${{ needs.plan.outputs.tag-flag }} --steps=upload --steps=release --output-format=json > dist-manifest.json
          echo "artifacts uploaded and released successfully"
          cat dist-manifest.json
          echo "manifest=$(jq -c "." dist-manifest.json)" >> "$GITHUB_OUTPUT"
      - name: "Upload dist-manifest.json"
-        uses: actions/upload-artifact@6027e3dd177782cd8ab9af838c04fd81a07f1d47
+        uses: actions/upload-artifact@v4
        with:
          # Overwrite the previous copy
          name: artifacts-dist-manifest
@@ -247,17 +240,16 @@ jobs:
    # still allowing individual publish jobs to skip themselves (for prereleases).
    # "host" however must run to completion, no skipping allowed!
    if: ${{ always() && needs.host.result == 'success' && (needs.custom-publish-pypi.result == 'skipped' || needs.custom-publish-pypi.result == 'success') && (needs.custom-publish-wasm.result == 'skipped' || needs.custom-publish-wasm.result == 'success') }}
-    runs-on: "depot-ubuntu-latest-4"
+    runs-on: "ubuntu-20.04"
    env:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    steps:
-      - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2
+      - uses: actions/checkout@v4
        with:
-          persist-credentials: false
          submodules: recursive
      # Create a GitHub Release while uploading all files to it
      - name: "Download GitHub Artifacts"
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
+        uses: actions/download-artifact@v4
        with:
          pattern: artifacts-*
          path: artifacts
--- a/.github/workflows/sync_typeshed.yaml
+++ b/.github/workflows/sync_typeshed.yaml
@@ -21,17 +21,15 @@ jobs:
      contents: write
      pull-requests: write
    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        name: Checkout Ruff
        with:
          path: ruff
-          persist-credentials: true
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        name: Checkout typeshed
        with:
          repository: python/typeshed
          path: typeshed
-          persist-credentials: false
      - name: Setup git
        run: |
          git config --global user.name typeshedbot
@@ -39,13 +37,13 @@ jobs:
      - name: Sync typeshed
        id: sync
        run: |
-          rm -rf ruff/crates/ty_vendored/vendor/typeshed
-          mkdir ruff/crates/ty_vendored/vendor/typeshed
-          cp typeshed/README.md ruff/crates/ty_vendored/vendor/typeshed
-          cp typeshed/LICENSE ruff/crates/ty_vendored/vendor/typeshed
-          cp -r typeshed/stdlib ruff/crates/ty_vendored/vendor/typeshed/stdlib
-          rm -rf ruff/crates/ty_vendored/vendor/typeshed/stdlib/@tests
-          git -C typeshed rev-parse HEAD > ruff/crates/ty_vendored/vendor/typeshed/source_commit.txt
+          rm -rf ruff/crates/red_knot_module_resolver/vendor/typeshed
+          mkdir ruff/crates/red_knot_module_resolver/vendor/typeshed
+          cp typeshed/README.md ruff/crates/red_knot_module_resolver/vendor/typeshed
+          cp typeshed/LICENSE ruff/crates/red_knot_module_resolver/vendor/typeshed
+          cp -r typeshed/stdlib ruff/crates/red_knot_module_resolver/vendor/typeshed/stdlib
+          rm -rf ruff/crates/red_knot_module_resolver/vendor/typeshed/stdlib/@tests
+          git -C typeshed rev-parse HEAD > ruff/crates/red_knot_module_resolver/vendor/typeshed/source_commit.txt
      - name: Commit the changes
        id: commit
        if: ${{ steps.sync.outcome == 'success' }}
@@ -59,7 +57,7 @@ jobs:
        run: |
          cd ruff
          git push --force origin typeshedbot/sync-typeshed
-          gh pr list --repo "$GITHUB_REPOSITORY" --head typeshedbot/sync-typeshed --json id --jq length | grep 1 && exit 0 # exit if there is existing pr
+          gh pr list --repo $GITHUB_REPOSITORY --head typeshedbot/sync-typeshed --json id --jq length | grep 1 && exit 0 # exit if there is existing pr
          gh pr create --title "Sync vendored typeshed stubs" --body "Close and reopen this PR to trigger CI" --label "internal"

  create-issue-on-failure:
@@ -70,7 +68,7 @@ jobs:
    permissions:
      issues: write
    steps:
-      - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+      - uses: actions/github-script@v7
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
@@ -78,6 +76,5 @@ jobs:
              owner: "astral-sh",
              repo: "ruff",
              title: `Automated typeshed sync failed on ${new Date().toDateString()}`,
-              body: "Run listed here: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}",
-              labels: ["bug", "ty"],
+              body: "Runs are listed here: https://github.com/astral-sh/ruff/actions/workflows/sync_typeshed.yaml",
            })
--- a/.github/zizmor.yml
+++ b/.github/zizmor.yml
@@ -1,19 +0,0 @@
-# Configuration for the zizmor static analysis tool, run via pre-commit in CI
-# https://woodruffw.github.io/zizmor/configuration/
-#
-# TODO: can we remove the ignores here so that our workflows are more secure?
-rules:
-  dangerous-triggers:
-    ignore:
-      - pr-comment.yaml
-  cache-poisoning:
-    ignore:
-      - build-docker.yml
-      - publish-playground.yml
-  excessive-permissions:
-    # it's hard to test what the impact of removing these ignores would be
-    # without actually running the release workflow...
-    ignore:
-      - build-docker.yml
-      - publish-playground.yml
-      - publish-docs.yml
--- a/.gitignore
+++ b/.gitignore
@@ -21,18 +21,6 @@ flamegraph.svg
 # `CARGO_TARGET_DIR=target-llvm-lines RUSTFLAGS="-Csymbol-mangling-version=v0" cargo llvm-lines -p ruff --lib`
 /target*

-# samply profiles
-profile.json
-
-# tracing-flame traces
-tracing.folded
-tracing-flamechart.svg
-tracing-flamegraph.svg
-
-# insta
-*.rs.pending-snap
-
-
 ###
 # Rust.gitignore
 ###
--- a/.ignore
+++ b/.ignore
@@ -1 +0,0 @@
-!/.github/
--- a/.markdownlint.yaml
+++ b/.markdownlint.yaml
@@ -14,22 +14,7 @@ MD041: false
 # MD013/line-length
 MD013: false

-# MD014/commands-show-output
-MD014: false
-
 # MD024/no-duplicate-heading
 MD024:
  # Allow when nested under different parents e.g. CHANGELOG.md
  siblings_only: true
-
-# MD046/code-block-style
-#
-# Ignore this because it conflicts with the code block style used in content
-# tabs of mkdocs-material which is to add a blank line after the content title.
-#
-# Ref: https://github.com/astral-sh/ruff/pull/15011#issuecomment-2544790854
-MD046: false
-
-# Link text should be descriptive
-# Disallows link text like *here* which is annoying.
-MD059: false
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,16 +1,10 @@
-fail_fast: false
+fail_fast: true

 exclude: |
  (?x)^(
-    .github/workflows/release.yml|
-    crates/ty_vendored/vendor/.*|
-    crates/ty_project/resources/.*|
-    crates/ty/docs/(configuration|rules|cli).md|
-    crates/ruff_benchmark/resources/.*|
+    crates/red_knot_module_resolver/vendor/.*|
    crates/ruff_linter/resources/.*|
    crates/ruff_linter/src/rules/.*/snapshots/.*|
-    crates/ruff_notebook/resources/.*|
-    crates/ruff_server/resources/.*|
    crates/ruff/resources/.*|
    crates/ruff_python_formatter/resources/.*|
    crates/ruff_python_formatter/tests/snapshots/.*|
@@ -19,23 +13,18 @@ exclude: |
  )$

 repos:
-  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v5.0.0
-    hooks:
-      - id: check-merge-conflict
-
  - repo: https://github.com/abravalheri/validate-pyproject
-    rev: v0.24.1
+    rev: v0.18
    hooks:
      - id: validate-pyproject

  - repo: https://github.com/executablebooks/mdformat
-    rev: 0.7.22
+    rev: 0.7.17
    hooks:
      - id: mdformat
        additional_dependencies:
-          - mdformat-mkdocs==4.0.0
-          - mdformat-footnote==0.1.1
+          - mdformat-mkdocs
+          - mdformat-admon
        exclude: |
          (?x)^(
            docs/formatter/black\.md
@@ -43,7 +32,7 @@ repos:
          )$

  - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.45.0
+    rev: v0.41.0
    hooks:
      - id: markdownlint-fix
        exclude: |
@@ -52,21 +41,8 @@ repos:
            | docs/\w+\.md
          )$

-  - repo: https://github.com/adamchainz/blacken-docs
-    rev: 1.19.1
-    hooks:
-      - id: blacken-docs
-        args: ["--pyi", "--line-length", "130"]
-        files: '^crates/.*/resources/mdtest/.*\.md'
-        exclude: |
-          (?x)^(
-            .*?invalid(_.+)*_syntax\.md
-          )$
-        additional_dependencies:
-          - black==25.1.0
-
  - repo: https://github.com/crate-ci/typos
-    rev: v1.32.0
+    rev: v1.23.2
    hooks:
      - id: typos

@@ -80,52 +56,25 @@ repos:
        pass_filenames: false # This makes it a lot faster

  - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.11.10
+    rev: v0.5.2
    hooks:
      - id: ruff-format
      - id: ruff
        args: [--fix, --exit-non-zero-on-fix]
        types_or: [python, pyi]
        require_serial: true
+        exclude: |
+          (?x)^(
+            crates/ruff_linter/resources/.*|
+            crates/ruff_python_formatter/resources/.*
+          )$

  # Prettier
-  - repo: https://github.com/rbubley/mirrors-prettier
-    rev: v3.5.3
+  - repo: https://github.com/pre-commit/mirrors-prettier
+    rev: v3.1.0
    hooks:
      - id: prettier
        types: [yaml]

-  # zizmor detects security vulnerabilities in GitHub Actions workflows.
-  # Additional configuration for the tool is found in `.github/zizmor.yml`
-  - repo: https://github.com/woodruffw/zizmor-pre-commit
-    rev: v1.7.0
-    hooks:
-      - id: zizmor
-
-  - repo: https://github.com/python-jsonschema/check-jsonschema
-    rev: 0.33.0
-    hooks:
-      - id: check-github-workflows
-
-  # `actionlint` hook, for verifying correct syntax in GitHub Actions workflows.
-  # Some additional configuration for `actionlint` can be found in `.github/actionlint.yaml`.
-  - repo: https://github.com/rhysd/actionlint
-    rev: v1.7.7
-    hooks:
-      - id: actionlint
-        stages:
-          # This hook is disabled by default, since it's quite slow.
-          # To run all hooks *including* this hook, use `uvx pre-commit run -a --hook-stage=manual`.
-          # To run *just* this hook, use `uvx pre-commit run -a actionlint --hook-stage=manual`.
-          - manual
-        args:
-          - "-ignore=SC2129" # ignorable stylistic lint from shellcheck
-          - "-ignore=SC2016" # another shellcheck lint: seems to have false positives?
-        additional_dependencies:
-          # actionlint has a shellcheck integration which extracts shell scripts in `run:` steps from GitHub Actions
-          # and checks these with shellcheck. This is arguably its most useful feature,
-          # but the integration only works if shellcheck is installed
-          - "github.com/wasilibs/go-shellcheck/cmd/shellcheck@v0.10.0"
-
 ci:
  skip: [cargo-fmt, dev-generate-all]
--- a/BREAKING_CHANGES.md
+++ b/BREAKING_CHANGES.md
@@ -1,135 +1,5 @@
 # Breaking Changes

-## 0.11.0
-
-This is a follow-up to release 0.10.0. Because of a mistake in the release process, the `requires-python` inference changes were not included in that release. Ruff 0.11.0 now includes this change as well as the stabilization of the preview behavior for `PGH004`.
-
- **Changes to how the Python version is inferred when a `target-version` is not specified** ([#16319](https://github.com/astral-sh/ruff/pull/16319))
-
-    In previous versions of Ruff, you could specify your Python version with:
-
-    - The `target-version` option in a `ruff.toml` file or the `[tool.ruff]` section of a pyproject.toml file.
-    - The `project.requires-python` field in a `pyproject.toml` file with a `[tool.ruff]` section.
-
-    These options worked well in most cases, and are still recommended for fine control of the Python version. However, because of the way Ruff discovers config files, `pyproject.toml` files without a `[tool.ruff]` section would be ignored, including the `requires-python` setting. Ruff would then use the default Python version (3.9 as of this writing) instead, which is surprising when you've attempted to request another version.
-
-    In v0.10, config discovery has been updated to address this issue:
-
-    - If Ruff finds a `ruff.toml` file without a `target-version`, it will check
-        for a `pyproject.toml` file in the same directory and respect its
-        `requires-python` version, even if it does not contain a `[tool.ruff]`
-        section.
-    - If Ruff finds a user-level configuration, the `requires-python` field of the closest `pyproject.toml` in a parent directory will take precedence.
-    - If there is no config file (`ruff.toml`or `pyproject.toml` with a
-        `[tool.ruff]` section) in the directory of the file being checked, Ruff will
-        search for the closest `pyproject.toml` in the parent directories and use its
-        `requires-python` setting.
-
-## 0.10.0
-
- **Changes to how the Python version is inferred when a `target-version` is not specified** ([#16319](https://github.com/astral-sh/ruff/pull/16319))
-
-    Because of a mistake in the release process, the `requires-python` inference changes are not included in this release and instead shipped as part of 0.11.0.
-    You can find a description of this change in the 0.11.0 section.
-
- **Updated `TYPE_CHECKING` behavior** ([#16669](https://github.com/astral-sh/ruff/pull/16669))
-
-    Previously, Ruff only recognized typechecking blocks that tested the `typing.TYPE_CHECKING` symbol. Now, Ruff recognizes any local variable named `TYPE_CHECKING`. This release also removes support for the legacy `if 0:` and `if False:` typechecking checks. Use a local `TYPE_CHECKING` variable instead.
-
- **More robust noqa parsing** ([#16483](https://github.com/astral-sh/ruff/pull/16483))
-
-    The syntax for both file-level and in-line suppression comments has been unified and made more robust to certain errors. In most cases, this will result in more suppression comments being read by Ruff, but there are a few instances where previously read comments will now log an error to the user instead. Please refer to the documentation on [_Error suppression_](https://docs.astral.sh/ruff/linter/#error-suppression) for the full specification.
-
- **Avoid unnecessary parentheses around with statements with a single context manager and a trailing comment** ([#14005](https://github.com/astral-sh/ruff/pull/14005))
-
-    This change fixes a bug in the formatter where it introduced unnecessary parentheses around with statements with a single context manager and a trailing comment. This change may result in a change in formatting for some users.
-
- **Bump alpine default tag to 3.21 for derived Docker images** ([#16456](https://github.com/astral-sh/ruff/pull/16456))
-
-    Alpine 3.21 was released in Dec 2024 and is used in the official Alpine-based Python images. Now the ruff:alpine image will use 3.21 instead of 3.20 and ruff:alpine3.20 will no longer be updated.
-
- **\[`unsafe-markup-use`\]: `RUF035` has been recoded to `S704`** ([#15957](https://github.com/astral-sh/ruff/pull/15957))
-
-## 0.9.0
-
-Ruff now formats your code according to the 2025 style guide. As a result, your code might now get formatted differently. See the [changelog](./CHANGELOG.md#090) for a detailed list of changes.
-
-## 0.8.0
-
- **Default to Python 3.9**
-
-    Ruff now defaults to Python 3.9 instead of 3.8 if no explicit Python version is configured using [`ruff.target-version`](https://docs.astral.sh/ruff/settings/#target-version) or [`project.requires-python`](https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#python-requires) ([#13896](https://github.com/astral-sh/ruff/pull/13896))
-
- **Changed location of `pydoclint` diagnostics**
-
-    [`pydoclint`](https://docs.astral.sh/ruff/rules/#pydoclint-doc) diagnostics now point to the first-line of the problematic docstring. Previously, this was not the case.
-
-    If you've opted into these preview rules but have them suppressed using
-    [`noqa`](https://docs.astral.sh/ruff/linter/#error-suppression) comments in
-    some places, this change may mean that you need to move the `noqa` suppression
-    comments. Most users should be unaffected by this change.
-
- **Use XDG (i.e. `~/.local/bin`) instead of the Cargo home directory in the standalone installer**
-
-    Previously, Ruff's installer used `$CARGO_HOME` or `~/.cargo/bin` for its target install directory. Now, Ruff will be installed into `$XDG_BIN_HOME`, `$XDG_DATA_HOME/../bin`, or `~/.local/bin` (in that order).
-
-    This change is only relevant to users of the standalone Ruff installer (using the shell or PowerShell script). If you installed Ruff using uv or pip, you should be unaffected.
-
- **Changes to the line width calculation**
-
-    Ruff now uses a new version of the [unicode-width](https://github.com/unicode-rs/unicode-width) Rust crate to calculate the line width. In very rare cases, this may lead to lines containing Unicode characters being reformatted, or being considered too long when they were not before ([`E501`](https://docs.astral.sh/ruff/rules/line-too-long/)).
-
-## 0.7.0
-
- The pytest rules `PT001` and `PT023` now default to omitting the decorator parentheses when there are no arguments
-    ([#12838](https://github.com/astral-sh/ruff/pull/12838), [#13292](https://github.com/astral-sh/ruff/pull/13292)).
-    This was a change that we attempted to make in Ruff v0.6.0, but only partially made due to an error on our part.
-    See the [blog post](https://astral.sh/blog/ruff-v0.7.0) for more details.
- The `useless-try-except` rule (in our `tryceratops` category) has been recoded from `TRY302` to
-    `TRY203` ([#13502](https://github.com/astral-sh/ruff/pull/13502)). This ensures Ruff's code is consistent with
-    the same rule in the [`tryceratops`](https://github.com/guilatrova/tryceratops) linter.
- The `lint.allow-unused-imports` setting has been removed ([#13677](https://github.com/astral-sh/ruff/pull/13677)). Use
-    [`lint.pyflakes.allow-unused-imports`](https://docs.astral.sh/ruff/settings/#lint_pyflakes_allowed-unused-imports)
-    instead.
-
-## 0.6.0
-
- Detect imports in `src` layouts by default for `isort` rules ([#12848](https://github.com/astral-sh/ruff/pull/12848))
-
- The pytest rules `PT001` and `PT023` now default to omitting the decorator parentheses when there are no arguments ([#12838](https://github.com/astral-sh/ruff/pull/12838)).
-
- Lint and format Jupyter Notebook by default ([#12878](https://github.com/astral-sh/ruff/pull/12878)).
-
-    You can disable specific rules for notebooks using [`per-file-ignores`](https://docs.astral.sh/ruff/settings/#lint_per-file-ignores):
-
-    ```toml
-    [tool.ruff.lint.per-file-ignores]
-    "*.ipynb" = ["E501"] # disable line-too-long in notebooks
-    ```
-
-    If you'd prefer to either only lint or only format Jupyter Notebook files, you can use the
-    section-specific `exclude` option to do so. For example, the following would only lint Jupyter
-    Notebook files and not format them:
-
-    ```toml
-    [tool.ruff.format]
-    exclude = ["*.ipynb"]
-    ```
-
-    And, conversely, the following would only format Jupyter Notebook files and not lint them:
-
-    ```toml
-    [tool.ruff.lint]
-    exclude = ["*.ipynb"]
-    ```
-
-    You can completely disable Jupyter Notebook support by updating the [`extend-exclude`](https://docs.astral.sh/ruff/settings/#extend-exclude) setting:
-
-    ```toml
-    [tool.ruff]
-    extend-exclude = ["*.ipynb"]
-    ```
-
 ## 0.5.0

 - Follow the XDG specification to discover user-level configurations on macOS (same as on other Unix platforms)
@@ -246,7 +116,7 @@ flag or `unsafe-fixes` configuration option can be used to enable unsafe fixes.

 See the [docs](https://docs.astral.sh/ruff/configuration/#fix-safety) for details.

-### Remove formatter-conflicting rules from the default rule set ([#7900](https://github.com/astral-sh/ruff/pull/7900))
+### Remove formatter-conflicting rules from the default rule set  ([#7900](https://github.com/astral-sh/ruff/pull/7900))

 Previously, Ruff enabled all implemented rules in Pycodestyle (`E`) by default. Ruff now only includes the
 Pycodestyle prefixes `E4`, `E7`, and `E9` to exclude rules that conflict with automatic formatters. Consequently,
@@ -259,8 +129,8 @@ This change only affects those using Ruff under its default rule set. Users that

 ### Remove support for emoji identifiers ([#7212](https://github.com/astral-sh/ruff/pull/7212))

-Previously, Ruff supported non-standards-compliant emoji identifiers such as `📦 = 1`.
-We decided to remove this non-standard language extension. Ruff now reports syntax errors for invalid emoji identifiers in your code, the same as CPython.
+Previously, Ruff supported the non-standard compliant emoji identifiers e.g. `📦 = 1`.
+We decided to remove this non-standard language extension, and Ruff now reports syntax errors for emoji identifiers in your code, the same as CPython.

 ### Improved GitLab fingerprints ([#7203](https://github.com/astral-sh/ruff/pull/7203))

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -71,7 +71,8 @@ representative at an online or offline event.
 ## Enforcement

 Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported to the community leaders responsible for enforcement at <hey@astral.sh>.
+reported to the community leaders responsible for enforcement at
+<charlie.r.marsh@gmail.com>.
 All complaints will be reviewed and investigated promptly and fairly.

 All community leaders are obligated to respect the privacy and security of the
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -2,10 +2,34 @@

 Welcome! We're happy to have you here. Thank you in advance for your contribution to Ruff.

-> [!NOTE]
->
-> This guide is for Ruff. If you're looking to contribute to ty, please see [the ty contributing
-> guide](https://github.com/astral-sh/ruff/blob/main/crates/ty/CONTRIBUTING.md).
+- [The Basics](#the-basics)
+    - [Prerequisites](#prerequisites)
+    - [Development](#development)
+    - [Project Structure](#project-structure)
+    - [Example: Adding a new lint rule](#example-adding-a-new-lint-rule)
+        - [Rule naming convention](#rule-naming-convention)
+        - [Rule testing: fixtures and snapshots](#rule-testing-fixtures-and-snapshots)
+    - [Example: Adding a new configuration option](#example-adding-a-new-configuration-option)
+- [MkDocs](#mkdocs)
+- [Release Process](#release-process)
+    - [Creating a new release](#creating-a-new-release)
+- [Ecosystem CI](#ecosystem-ci)
+- [Benchmarking and Profiling](#benchmarking-and-profiling)
+    - [CPython Benchmark](#cpython-benchmark)
+    - [Microbenchmarks](#microbenchmarks)
+        - [Benchmark-driven Development](#benchmark-driven-development)
+        - [PR Summary](#pr-summary)
+        - [Tips](#tips)
+    - [Profiling Projects](#profiling-projects)
+        - [Linux](#linux)
+        - [Mac](#mac)
+- [`cargo dev`](#cargo-dev)
+- [Subsystems](#subsystems)
+    - [Compilation Pipeline](#compilation-pipeline)
+    - [Import Categorization](#import-categorization)
+        - [Project root](#project-root)
+        - [Package root](#package-root)
+        - [Import categorization](#import-categorization-1)

 ## The Basics

@@ -34,14 +58,16 @@ You'll also need [Insta](https://insta.rs/docs/) to update snapshot tests:
 cargo install cargo-insta
 ```

-You'll need [uv](https://docs.astral.sh/uv/getting-started/installation/) (or `pipx` and `pip`) to
-run Python utility commands.
+And you'll need pre-commit to run some validation checks:
+
+```shell
+pipx install pre-commit  # or `pip install pre-commit` if you have a virtualenv
+```

 You can optionally install pre-commit hooks to automatically run the validation checks
 when making a commit:

 ```shell
-uv tool install pre-commit
 pre-commit install
 ```

@@ -69,7 +95,7 @@ and that it passes both the lint and test validation checks:
 ```shell
 cargo clippy --workspace --all-targets --all-features -- -D warnings  # Rust linting
 RUFF_UPDATE_SCHEMA=1 cargo test  # Rust testing and updating ruff.schema.json
-uvx pre-commit run --all-files --show-diff-on-failure  # Rust and Python formatting, Markdown and Python linting, etc.
+pre-commit run --all-files --show-diff-on-failure  # Rust and Python formatting, Markdown and Python linting, etc.
 ```

 These checks will run on GitHub Actions when you open your pull request, but running them locally
@@ -144,7 +170,7 @@ At a high level, the steps involved in adding a new lint rule are as follows:
 1. Create a file for your rule (e.g., `crates/ruff_linter/src/rules/flake8_bugbear/rules/assert_false.rs`).

 1. In that file, define a violation struct (e.g., `pub struct AssertFalse`). You can grep for
-    `#[derive(ViolationMetadata)]` to see examples.
+    `#[violation]` to see examples.

 1. In that file, define a function that adds the violation to the diagnostic list as appropriate
    (e.g., `pub(crate) fn assert_false`) based on whatever inputs are required for the rule (e.g.,
@@ -270,20 +296,26 @@ To preview any changes to the documentation locally:

 1. Install the [Rust toolchain](https://www.rust-lang.org/tools/install).

+1. Install MkDocs and Material for MkDocs with:
+
+    ```shell
+    pip install -r docs/requirements.txt
+    ```
+
 1. Generate the MkDocs site with:

    ```shell
-    uv run --no-project --isolated --with-requirements docs/requirements.txt scripts/generate_mkdocs.py
+    python scripts/generate_mkdocs.py
    ```

 1. Run the development server with:

    ```shell
    # For contributors.
-    uvx --with-requirements docs/requirements.txt -- mkdocs serve -f mkdocs.public.yml
+    mkdocs serve -f mkdocs.public.yml

    # For members of the Astral org, which has access to MkDocs Insiders via sponsorship.
-    uvx --with-requirements docs/requirements-insiders.txt -- mkdocs serve -f mkdocs.insiders.yml
+    mkdocs serve -f mkdocs.insiders.yml
    ```

 The documentation should then be available locally at
@@ -301,34 +333,22 @@ even patch releases may contain [non-backwards-compatible changes](https://semve
 ### Creating a new release

 1. Install `uv`: `curl -LsSf https://astral.sh/uv/install.sh | sh`
-
 1. Run `./scripts/release.sh`; this command will:
-
    - Generate a temporary virtual environment with `rooster`
    - Generate a changelog entry in `CHANGELOG.md`
    - Update versions in `pyproject.toml` and `Cargo.toml`
    - Update references to versions in the `README.md` and documentation
    - Display contributors for the release
-
 1. The changelog should then be editorialized for consistency
-
    - Often labels will be missing from pull requests they will need to be manually organized into the proper section
    - Changes should be edited to be user-facing descriptions, avoiding internal details
-
 1. Highlight any breaking changes in `BREAKING_CHANGES.md`
-
 1. Run `cargo check`. This should update the lock file with new versions.
-
 1. Create a pull request with the changelog and version updates
-
 1. Merge the PR
-
 1. Run the [release workflow](https://github.com/astral-sh/ruff/actions/workflows/release.yml) with:
-
    - The new version number (without starting `v`)
-
 1. The release workflow will do the following:
-
    1. Build all the assets. If this fails (even though we tested in step 4), we haven't tagged or
        uploaded anything, you can restart after pushing a fix. If you just need to rerun the build,
        make sure you're [re-running all the failed
@@ -339,25 +359,14 @@ even patch releases may contain [non-backwards-compatible changes](https://semve
    1. Attach artifacts to draft GitHub release
    1. Trigger downstream repositories. This can fail non-catastrophically, as we can run any
        downstream jobs manually if needed.
-
 1. Verify the GitHub release:
-
    1. The Changelog should match the content of `CHANGELOG.md`
-    1. Append the contributors from the `scripts/release.sh` script
-
+    1. Append the contributors from the `bump.sh` script
 1. If needed, [update the schemastore](https://github.com/astral-sh/ruff/blob/main/scripts/update_schemastore.py).
-
    1. One can determine if an update is needed when
        `git diff old-version-tag new-version-tag -- ruff.schema.json` returns a non-empty diff.
    1. Once run successfully, you should follow the link in the output to create a PR.
-
-1. If needed, update the [`ruff-lsp`](https://github.com/astral-sh/ruff-lsp) and
-    [`ruff-vscode`](https://github.com/astral-sh/ruff-vscode) repositories and follow
-    the release instructions in those repositories. `ruff-lsp` should always be updated
-    before `ruff-vscode`.
-
-    This step is generally not required for a patch release, but should always be done
-    for a minor release.
+1. If needed, update the `ruff-lsp` and `ruff-vscode` repositories.

 ## Ecosystem CI

@@ -365,21 +374,13 @@ GitHub Actions will run your changes against a number of real-world projects fro
 report on any linter or formatter differences. You can also run those checks locally via:

 ```shell
-uvx --from ./python/ruff-ecosystem ruff-ecosystem check ruff "./target/debug/ruff"
-uvx --from ./python/ruff-ecosystem ruff-ecosystem format ruff "./target/debug/ruff"
+pip install -e ./python/ruff-ecosystem
+ruff-ecosystem check ruff "./target/debug/ruff"
+ruff-ecosystem format ruff "./target/debug/ruff"
 ```

 See the [ruff-ecosystem package](https://github.com/astral-sh/ruff/tree/main/python/ruff-ecosystem) for more details.

-## Upgrading Rust
-
-1. Change the `channel` in `./rust-toolchain.toml` to the new Rust version (`<latest>`)
-1. Change the `rust-version` in the `./Cargo.toml` to `<latest> - 2` (e.g. 1.84 if the latest is 1.86)
-1. Run `cargo clippy --fix --allow-dirty --allow-staged` to fix new clippy warnings
-1. Create and merge the PR
-1. Bump the Rust version in Ruff's conda forge recipe. See [this PR](https://github.com/conda-forge/ruff-feedstock/pull/266) for an example.
-1. Enjoy the new Rust version!
-
 ## Benchmarking and Profiling

 We have several ways of benchmarking and profiling Ruff:
@@ -388,7 +389,7 @@ We have several ways of benchmarking and profiling Ruff:
 - Microbenchmarks which run the linter or the formatter on individual files. These run on pull requests.
 - Profiling the linter on either the microbenchmarks or entire projects

-> **Note**
+> \[!NOTE\]
 > When running benchmarks, ensure that your CPU is otherwise idle (e.g., close any background
 > applications, like web browsers). You may also want to switch your CPU to a "performance"
 > mode, if it exists, especially when benchmarking short-lived processes.
@@ -402,18 +403,12 @@ which makes it a good target for benchmarking.
 git clone --branch 3.10 https://github.com/python/cpython.git crates/ruff_linter/resources/test/cpython
 ```

-Install `hyperfine`:
-
-```shell
-cargo install hyperfine
-```
-
 To benchmark the release build:

 ```shell
-cargo build --release --bin ruff && hyperfine --warmup 10 \
-  "./target/release/ruff check ./crates/ruff_linter/resources/test/cpython/ --no-cache -e" \
-  "./target/release/ruff check ./crates/ruff_linter/resources/test/cpython/ -e"
+cargo build --release && hyperfine --warmup 10 \
+  "./target/release/ruff ./crates/ruff_linter/resources/test/cpython/ --no-cache -e" \
+  "./target/release/ruff ./crates/ruff_linter/resources/test/cpython/ -e"

 Benchmark 1: ./target/release/ruff ./crates/ruff_linter/resources/test/cpython/ --no-cache
  Time (mean ± σ):     293.8 ms ±   3.2 ms    [User: 2384.6 ms, System: 90.3 ms]
@@ -432,7 +427,7 @@ To benchmark against the ecosystem's existing tools:

 ```shell
 hyperfine --ignore-failure --warmup 5 \
-  "./target/release/ruff check ./crates/ruff_linter/resources/test/cpython/ --no-cache" \
+  "./target/release/ruff ./crates/ruff_linter/resources/test/cpython/ --no-cache" \
  "pyflakes crates/ruff_linter/resources/test/cpython" \
  "autoflake --recursive --expand-star-imports --remove-all-unused-imports --remove-unused-variables --remove-duplicate-keys resources/test/cpython" \
  "pycodestyle crates/ruff_linter/resources/test/cpython" \
@@ -478,10 +473,10 @@ To benchmark a subset of rules, e.g. `LineTooLong` and `DocLineTooLong`:

 ```shell
 cargo build --release && hyperfine --warmup 10 \
-  "./target/release/ruff check ./crates/ruff_linter/resources/test/cpython/ --no-cache -e --select W505,E501"
+  "./target/release/ruff ./crates/ruff_linter/resources/test/cpython/ --no-cache -e --select W505,E501"
 ```

-You can run `uv venv --project ./scripts/benchmarks`, activate the venv and then run `uv sync --project ./scripts/benchmarks` to create a working environment for the
+You can run `poetry install` from `./scripts/benchmarks` to create a working environment for the
 above. All reported benchmarks were computed using the versions specified by
 `./scripts/benchmarks/pyproject.toml` on Python 3.11.

@@ -535,12 +530,10 @@ You can run the benchmarks with
 cargo benchmark
 ```

-`cargo benchmark` is an alias for `cargo bench -p ruff_benchmark --bench linter --bench formatter --`
-
 #### Benchmark-driven Development

 Ruff uses [Criterion.rs](https://bheisler.github.io/criterion.rs/book/) for benchmarks. You can use
-`--save-baseline=<name>` to store an initial baseline benchmark (e.g., on `main`) and then use
+`--save-baseline=<name>` to store an initial baseline benchmark (e.g. on `main`) and then use
 `--benchmark=<name>` to compare against that benchmark. Criterion will print a message telling you
 if the benchmark improved/regressed compared to that baseline.

@@ -575,7 +568,7 @@ cargo install critcmp

 #### Tips

- Use `cargo bench -p ruff_benchmark <filter>` to only run specific benchmarks. For example: `cargo bench -p ruff_benchmark lexer`
+- Use `cargo bench -p ruff_benchmark <filter>` to only run specific benchmarks. For example: `cargo benchmark lexer`
    to only run the lexer benchmarks.
 - Use `cargo bench -p ruff_benchmark -- --quiet` for a more cleaned up output (without statistical relevance)
 - Use `cargo bench -p ruff_benchmark -- --quick` to get faster results (more prone to noise)
@@ -610,7 +603,8 @@ Then convert the recorded profile
 perf script -F +pid > /tmp/test.perf
 ```

-You can now view the converted file with [firefox profiler](https://profiler.firefox.com/). To learn more about Firefox profiler, read the [Firefox profiler profiling-guide](https://profiler.firefox.com/docs/#/./guide-perf-profiling).
+You can now view the converted file with [firefox profiler](https://profiler.firefox.com/), with a
+more in-depth guide [here](https://profiler.firefox.com/docs/#/./guide-perf-profiling)

 An alternative is to convert the perf data to `flamegraph.svg` using
 [flamegraph](https://github.com/flamegraph-rs/flamegraph) (`cargo install flamegraph`):
@@ -691,9 +685,9 @@ utils with it:
 23 Newline 24
 ```

- `cargo dev print-cst <file>`: Print the CST of a Python file using
+- `cargo dev print-cst <file>`: Print the CST of a python file using
    [LibCST](https://github.com/Instagram/LibCST), which is used in addition to the RustPython parser
-    in Ruff. For example, for `if True: pass # comment`, everything, including the whitespace, is represented:
+    in Ruff. E.g. for `if True: pass # comment` everything including the whitespace is represented:

 ```text
 Module {
@@ -876,7 +870,7 @@ each configuration file.

 The package root is used to determine a file's "module path". Consider, again, `baz.py`. In that
 case, `./my_project/src/foo` was identified as the package root, so the module path for `baz.py`
-would resolve to `foo.bar.baz` — as computed by taking the relative path from the package root
+would resolve to  `foo.bar.baz` — as computed by taking the relative path from the package root
 (inclusive of the root itself). The module path can be thought of as "the path you would use to
 import the module" (e.g., `import foo.bar.baz`).

@@ -911,11 +905,15 @@ There are three ways in which an import can be categorized as "first-party":
    package (e.g., `from foo import bar` or `import foo.bar`), they'll be classified as first-party
    automatically. This check is as simple as comparing the first segment of the current file's
    module path to the first segment of the import.
-1. **Source roots**: Ruff supports a [`src`](https://docs.astral.sh/ruff/settings/#src) setting, which
+1. **Source roots**: Ruff supports a `[src](https://docs.astral.sh/ruff/settings/#src)` setting, which
    sets the directories to scan when identifying first-party imports. The algorithm is
    straightforward: given an import, like `import foo`, iterate over the directories enumerated in
    the `src` setting and, for each directory, check for the existence of a subdirectory `foo` or a
    file `foo.py`.

-By default, `src` is set to the project root, along with `"src"` subdirectory in the project root.
-This ensures that Ruff supports both flat and "src" layouts out of the box.
+By default, `src` is set to the project root. In the above example, we'd want to set
+`src = ["./src"]` to ensure that we locate `./my_project/src/foo` and thus categorize `import foo`
+as first-party in `baz.py`. In practice, for this limited example, setting `src = ["./src"]` is
+unnecessary, as all imports within `./my_project/src/foo` would be categorized as first-party via
+the same-package heuristic; but if your project contains multiple packages, you'll want to set `src`
+explicitly.
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -3,9 +3,8 @@ members = ["crates/*"]
 resolver = "2"

 [workspace.package]
-# Please update rustfmt.toml when bumping the Rust edition
-edition = "2024"
-rust-version = "1.85"
+edition = "2021"
+rust-version = "1.75"
 homepage = "https://docs.astral.sh/ruff"
 documentation = "https://docs.astral.sh/ruff"
 repository = "https://github.com/astral-sh/ruff"
@@ -14,17 +13,14 @@ license = "MIT"

 [workspace.dependencies]
 ruff = { path = "crates/ruff" }
-ruff_annotate_snippets = { path = "crates/ruff_annotate_snippets" }
 ruff_cache = { path = "crates/ruff_cache" }
-ruff_db = { path = "crates/ruff_db", default-features = false }
+ruff_db = { path = "crates/ruff_db" }
 ruff_diagnostics = { path = "crates/ruff_diagnostics" }
 ruff_formatter = { path = "crates/ruff_formatter" }
-ruff_graph = { path = "crates/ruff_graph" }
 ruff_index = { path = "crates/ruff_index" }
 ruff_linter = { path = "crates/ruff_linter" }
 ruff_macros = { path = "crates/ruff_macros" }
 ruff_notebook = { path = "crates/ruff_notebook" }
-ruff_options_metadata = { path = "crates/ruff_options_metadata" }
 ruff_python_ast = { path = "crates/ruff_python_ast" }
 ruff_python_codegen = { path = "crates/ruff_python_codegen" }
 ruff_python_formatter = { path = "crates/ruff_python_formatter" }
@@ -39,97 +35,80 @@ ruff_source_file = { path = "crates/ruff_source_file" }
 ruff_text_size = { path = "crates/ruff_text_size" }
 ruff_workspace = { path = "crates/ruff_workspace" }

-ty = { path = "crates/ty" }
-ty_ide = { path = "crates/ty_ide" }
-ty_project = { path = "crates/ty_project", default-features = false }
-ty_python_semantic = { path = "crates/ty_python_semantic" }
-ty_server = { path = "crates/ty_server" }
-ty_test = { path = "crates/ty_test" }
-ty_vendored = { path = "crates/ty_vendored" }
+red_knot = { path = "crates/red_knot" }
+red_knot_module_resolver = { path = "crates/red_knot_module_resolver" }
+red_knot_python_semantic = { path = "crates/red_knot_python_semantic" }

 aho-corasick = { version = "1.1.3" }
-anstream = { version = "0.6.18" }
-anstyle = { version = "1.0.10" }
+annotate-snippets = { version = "0.9.2", features = ["color"] }
 anyhow = { version = "1.0.80" }
-assert_fs = { version = "1.1.0" }
 argfile = { version = "0.2.0" }
-bincode = { version = "2.0.0" }
+bincode = { version = "1.3.3" }
 bitflags = { version = "2.5.0" }
 bstr = { version = "1.9.1" }
 cachedir = { version = "0.3.1" }
 camino = { version = "1.1.7" }
+chrono = { version = "0.4.35", default-features = false, features = ["clock"] }
 clap = { version = "4.5.3", features = ["derive"] }
 clap_complete_command = { version = "0.6.0" }
-clearscreen = { version = "4.0.0" }
+clearscreen = { version = "3.0.0" }
 codspeed-criterion-compat = { version = "2.6.0", default-features = false }
-colored = { version = "3.0.0" }
+colored = { version = "2.1.0" }
 console_error_panic_hook = { version = "0.1.7" }
 console_log = { version = "1.0.0" }
 countme = { version = "3.0.1" }
-compact_str = "0.9.0"
-criterion = { version = "0.6.0", default-features = false }
+compact_str = "0.8.0"
+criterion = { version = "0.5.1", default-features = false }
 crossbeam = { version = "0.8.4" }
 dashmap = { version = "6.0.1" }
-dir-test = { version = "0.4.0" }
-dunce = { version = "1.0.5" }
 drop_bomb = { version = "0.1.5" }
 env_logger = { version = "0.11.0" }
-etcetera = { version = "0.10.0" }
-fern = { version = "0.7.0" }
+etcetera = { version = "0.8.0" }
+fern = { version = "0.6.1" }
 filetime = { version = "0.2.23" }
-getrandom = { version = "0.3.1" }
 glob = { version = "0.3.1" }
 globset = { version = "0.4.14" }
-globwalk = { version = "0.9.1" }
-hashbrown = { version = "0.15.0", default-features = false, features = [
-    "raw-entry",
-    "equivalent",
-    "inline-more",
-] }
-heck = "0.5.0"
+hashbrown = "0.14.3"
 ignore = { version = "0.4.22" }
 imara-diff = { version = "0.1.5" }
 imperative = { version = "1.0.4" }
-indexmap = { version = "2.6.0" }
 indicatif = { version = "0.17.8" }
 indoc = { version = "2.0.4" }
 insta = { version = "1.35.1" }
 insta-cmd = { version = "0.6.0" }
 is-macro = { version = "0.3.5" }
 is-wsl = { version = "0.4.0" }
-itertools = { version = "0.14.0" }
-jiff = { version = "0.2.0" }
+itertools = { version = "0.13.0" }
 js-sys = { version = "0.3.69" }
-jod-thread = { version = "1.0.0" }
+jod-thread = { version = "0.1.2" }
 libc = { version = "0.2.153" }
 libcst = { version = "1.1.0", default-features = false }
 log = { version = "0.4.17" }
 lsp-server = { version = "0.7.6" }
 lsp-types = { git = "https://github.com/astral-sh/lsp-types.git", rev = "3512a9f", features = [
-    "proposed",
+  "proposed",
 ] }
 matchit = { version = "0.8.1" }
 memchr = { version = "2.7.1" }
 mimalloc = { version = "0.1.39" }
 natord = { version = "1.0.9" }
-notify = { version = "8.0.0" }
+notify = { version = "6.1.1" }
+once_cell = { version = "1.19.0" }
 ordermap = { version = "0.5.0" }
 path-absolutize = { version = "3.1.1" }
 path-slash = { version = "0.2.1" }
 pathdiff = { version = "0.2.1" }
-pep440_rs = { version = "0.7.1" }
+pep440_rs = { version = "0.6.0", features = ["serde"] }
 pretty_assertions = "1.3.0"
 proc-macro2 = { version = "1.0.79" }
-pyproject-toml = { version = "0.13.4" }
-quick-junit = { version = "0.5.0" }
+pyproject-toml = { version = "0.9.0" }
+quick-junit = { version = "0.4.0" }
 quote = { version = "1.0.23" }
-rand = { version = "0.9.0" }
+rand = { version = "0.8.5" }
 rayon = { version = "1.10.0" }
 regex = { version = "1.10.2" }
 rustc-hash = { version = "2.0.0" }
-rustc-stable-hash = { version = "0.1.2" }
-# When updating salsa, make sure to also update the revision in `fuzz/Cargo.toml`
-salsa = { git = "https://github.com/salsa-rs/salsa.git", rev = "7edce6e248f35c8114b4b021cdb474a3fb2813b3" }
+salsa = { git = "https://github.com/salsa-rs/salsa.git", rev = "a1bf3a613f451af7fc0a59411c56abc47fe8e8e1" }
 schemars = { version = "0.8.16" }
 seahash = { version = "4.1.0" }
 serde = { version = "1.0.197", features = ["derive"] }
@@ -137,67 +116,47 @@ serde-wasm-bindgen = { version = "0.6.4" }
 serde_json = { version = "1.0.113" }
 serde_test = { version = "1.0.152" }
 serde_with = { version = "3.6.0", default-features = false, features = [
-    "macros",
+  "macros",
 ] }
 shellexpand = { version = "3.0.0" }
 similar = { version = "2.4.0", features = ["inline"] }
 smallvec = { version = "1.13.2" }
-snapbox = { version = "0.6.0", features = [
-    "diff",
-    "term-svg",
-    "cmd",
-    "examples",
-] }
 static_assertions = "1.1.0"
-strum = { version = "0.27.0", features = ["strum_macros"] }
-strum_macros = { version = "0.27.0" }
+strum = { version = "0.26.0", features = ["strum_macros"] }
+strum_macros = { version = "0.26.0" }
 syn = { version = "2.0.55" }
 tempfile = { version = "3.9.0" }
 test-case = { version = "3.3.1" }
-thiserror = { version = "2.0.0" }
+thiserror = { version = "1.0.58" }
 tikv-jemallocator = { version = "0.6.0" }
 toml = { version = "0.8.11" }
 tracing = { version = "0.1.40" }
-tracing-flame = { version = "0.2.0" }
 tracing-indicatif = { version = "0.3.6" }
-tracing-log = { version = "0.2.0" }
-tracing-subscriber = { version = "0.3.18", default-features = false, features = [
-    "env-filter",
-    "fmt",
-    "ansi",
-    "smallvec"
-] }
-tryfn = { version = "0.2.1" }
+tracing-subscriber = { version = "0.3.18", features = ["env-filter"] }
+tracing-tree = { version = "0.3.0" }
 typed-arena = { version = "2.0.2" }
 unic-ucd-category = { version = "0.9" }
 unicode-ident = { version = "1.0.12" }
-unicode-width = { version = "0.2.0" }
+unicode-width = { version = "0.1.11" }
 unicode_names2 = { version = "1.2.2" }
 unicode-normalization = { version = "0.1.23" }
+ureq = { version = "2.9.6" }
 url = { version = "2.5.0" }
 uuid = { version = "1.6.1", features = [
-    "v4",
-    "fast-rng",
-    "macro-diagnostics",
-    "js",
+  "v4",
+  "fast-rng",
+  "macro-diagnostics",
+  "js",
 ] }
 walkdir = { version = "2.3.2" }
 wasm-bindgen = { version = "0.2.92" }
 wasm-bindgen-test = { version = "0.3.42" }
 wild = { version = "2" }
-zip = { version = "0.6.6", default-features = false }
-
-[workspace.metadata.cargo-shear]
-ignored = ["getrandom", "ruff_options_metadata"]
-
+zip = { version = "0.6.6", default-features = false, features = ["zstd"] }

 [workspace.lints.rust]
 unsafe_code = "warn"
 unreachable_pub = "warn"
-unexpected_cfgs = { level = "warn", check-cfg = [
-    "cfg(fuzzing)",
-    "cfg(codspeed)",
-] }

 [workspace.lints.clippy]
 pedantic = { level = "warn", priority = -2 }
@@ -213,11 +172,8 @@ missing_panics_doc = "allow"
 module_name_repetitions = "allow"
 must_use_candidate = "allow"
 similar_names = "allow"
-single_match_else = "allow"
 too_many_lines = "allow"
-needless_continue = "allow"       # An explicit continue can be more readable, especially if the alternative is an empty block.
-unnecessary_debug_formatting = "allow"  # too many instances, the display also doesn't quote the path which is often desired in logs where we use them the most often.
-# Without the hashes we run into a `rustfmt` bug in some snapshot tests, see #13250
+# To allow `#[allow(clippy::all)]` in `crates/ruff_python_parser/src/python.rs`.
 needless_raw_string_hashes = "allow"
 # Disallowed restriction lints
 print_stdout = "warn"
@@ -230,13 +186,6 @@ get_unwrap = "warn"
 rc_buffer = "warn"
 rc_mutex = "warn"
 rest_pat_in_fully_bound_structs = "warn"
-# nursery rules
-redundant_clone = "warn"
-debug_assert_with_mut_call = "warn"
-unused_peekable = "warn"
-
-# Diagnostics are not actionable: Enable once https://github.com/rust-lang/rust-clippy/issues/13774 is resolved.
-large_stack_arrays = "allow"

 [profile.release]
 # Note that we set these explicitly, and these values
@@ -261,9 +210,6 @@ opt-level = 3
 [profile.dev.package.similar]
 opt-level = 3

-[profile.dev.package.salsa]
-opt-level = 3
-
 # Reduce complexity of a parser function that would trigger a locals limit in a wasm tool.
 # https://github.com/bytecodealliance/wasm-tools/blob/b5c3d98e40590512a3b12470ef358d5c7b983b15/crates/wasmparser/src/limits.rs#L29
 [profile.dev.package.ruff_python_parser]
@@ -278,3 +224,58 @@ debug = 1
 # The profile that 'cargo dist' will build with.
 [profile.dist]
 inherits = "release"
+
+# Config for 'cargo dist'
+[workspace.metadata.dist]
+# The preferred cargo-dist version to use in CI (Cargo.toml SemVer syntax)
+cargo-dist-version = "0.18.0"
+# CI backends to support
+ci = ["github"]
+# The installers to generate for each app
+installers = ["shell", "powershell"]
+# The archive format to use for windows builds (defaults .zip)
+windows-archive = ".zip"
+# The archive format to use for non-windows builds (defaults .tar.xz)
+unix-archive = ".tar.gz"
+# Target platforms to build apps for (Rust target-triple syntax)
+targets = [
+  "aarch64-apple-darwin",
+  "aarch64-pc-windows-msvc",
+  "aarch64-unknown-linux-gnu",
+  "aarch64-unknown-linux-musl",
+  "arm-unknown-linux-musleabihf",
+  "armv7-unknown-linux-gnueabihf",
+  "armv7-unknown-linux-musleabihf",
+  "i686-pc-windows-msvc",
+  "i686-unknown-linux-gnu",
+  "i686-unknown-linux-musl",
+  "powerpc64-unknown-linux-gnu",
+  "powerpc64le-unknown-linux-gnu",
+  "s390x-unknown-linux-gnu",
+  "x86_64-apple-darwin",
+  "x86_64-pc-windows-msvc",
+  "x86_64-unknown-linux-gnu",
+  "x86_64-unknown-linux-musl",
+]
+# Whether to auto-include files like READMEs, LICENSEs, and CHANGELOGs (default true)
+auto-includes = false
+# Whether cargo-dist should create a GitHub Release or use an existing draft
+create-release = true
+# Publish jobs to run in CI
+pr-run-mode = "skip"
+# Whether CI should trigger releases with dispatches instead of tag pushes
+dispatch-releases = true
+# The stage during which the GitHub Release should be created
+github-release = "announce"
+# Whether CI should include auto-generated code to build local artifacts
+build-local-artifacts = false
+# Local artifacts jobs to run in CI
+local-artifacts-jobs = ["./build-binaries", "./build-docker"]
+# Publish jobs to run in CI
+publish-jobs = ["./publish-pypi", "./publish-wasm"]
+# Announcement jobs to run in CI
+post-announce-jobs = ["./notify-dependents", "./publish-docs", "./publish-playground"]
+# Custom permissions for GitHub Jobs
+github-custom-job-permissions = { "build-docker" = { packages = "write", contents = "read" }, "publish-wasm" = { contents = "read", id-token = "write", packages = "write" } }
+# Whether to install an updater program
+install-updater = false
--- a/2
+++ b/2
@@ -1,4 +1,4 @@
-FROM --platform=$BUILDPLATFORM ubuntu AS build
+FROM --platform=$BUILDPLATFORM ubuntu as build
 ENV HOME="/root"
 WORKDIR $HOME

--- a/25
+++ b/25
@@ -1371,28 +1371,3 @@ are:
    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
    SOFTWARE.
  """
-
- pydoclint, licensed as follows:
-  """
-    MIT License
-
-    Copyright (c) 2023 jsh9
-
-    Permission is hereby granted, free of charge, to any person obtaining a copy
-    of this software and associated documentation files (the "Software"), to deal
-    in the Software without restriction, including without limitation the rights
-    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-    copies of the Software, and to permit persons to whom the Software is
-    furnished to do so, subject to the following conditions:
-
-    The above copyright notice and this permission notice shall be included in all
-    copies or substantial portions of the Software.
-
-    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-    SOFTWARE.
-  """
--- a/README.md
+++ b/README.md
@@ -29,14 +29,14 @@ An extremely fast Python linter and code formatter, written in Rust.
 - 🐍 Installable via `pip`
 - 🛠️ `pyproject.toml` support
 - 🤝 Python 3.13 compatibility
- ⚖️ Drop-in parity with [Flake8](https://docs.astral.sh/ruff/faq/#how-does-ruffs-linter-compare-to-flake8), isort, and [Black](https://docs.astral.sh/ruff/faq/#how-does-ruffs-formatter-compare-to-black)
+- ⚖️ Drop-in parity with [Flake8](https://docs.astral.sh/ruff/faq/#how-does-ruff-compare-to-flake8), isort, and Black
 - 📦 Built-in caching, to avoid re-analyzing unchanged files
 - 🔧 Fix support, for automatic error correction (e.g., automatically remove unused imports)
 - 📏 Over [800 built-in rules](https://docs.astral.sh/ruff/rules/), with native re-implementations
    of popular Flake8 plugins, like flake8-bugbear
 - ⌨️ First-party [editor integrations](https://docs.astral.sh/ruff/integrations/) for
-    [VS Code](https://github.com/astral-sh/ruff-vscode) and [more](https://docs.astral.sh/ruff/editors/setup)
- 🌎 Monorepo-friendly, with [hierarchical and cascading configuration](https://docs.astral.sh/ruff/configuration/#config-file-discovery)
+    [VS Code](https://github.com/astral-sh/ruff-vscode) and [more](https://github.com/astral-sh/ruff-lsp)
+- 🌎 Monorepo-friendly, with [hierarchical and cascading configuration](https://docs.astral.sh/ruff/configuration/#pyprojecttoml-discovery)

 Ruff aims to be orders of magnitude faster than alternative tools while integrating more
 functionality behind a single, common interface.
@@ -110,28 +110,15 @@ For more, see the [documentation](https://docs.astral.sh/ruff/).
 1. [Who's Using Ruff?](#whos-using-ruff)
 1. [License](#license)

-## Getting Started<a id="getting-started"></a>
+## Getting Started

 For more, see the [documentation](https://docs.astral.sh/ruff/).

 ### Installation

-Ruff is available as [`ruff`](https://pypi.org/project/ruff/) on PyPI.
-
-Invoke Ruff directly with [`uvx`](https://docs.astral.sh/uv/):
+Ruff is available as [`ruff`](https://pypi.org/project/ruff/) on PyPI:

 ```shell
-uvx ruff check   # Lint all files in the current directory.
-uvx ruff format  # Format all files in the current directory.
-```
-
-Or install Ruff with `uv` (recommended), `pip`, or `pipx`:
-
-```shell
-# With uv.
-uv tool install ruff@latest  # Install Ruff globally.
-uv add --dev ruff            # Or add Ruff to your project.
-
 # With pip.
 pip install ruff

@@ -149,8 +136,8 @@ curl -LsSf https://astral.sh/ruff/install.sh | sh
 powershell -c "irm https://astral.sh/ruff/install.ps1 | iex"

 # For a specific version.
-curl -LsSf https://astral.sh/ruff/0.11.10/install.sh | sh
-powershell -c "irm https://astral.sh/ruff/0.11.10/install.ps1 | iex"
+curl -LsSf https://astral.sh/ruff/0.5.3/install.sh | sh
+powershell -c "irm https://astral.sh/ruff/0.5.3/install.ps1 | iex"
 ```

 You can also install Ruff via [Homebrew](https://formulae.brew.sh/formula/ruff), [Conda](https://anaconda.org/conda-forge/ruff),
@@ -183,7 +170,7 @@ Ruff can also be used as a [pre-commit](https://pre-commit.com/) hook via [`ruff
 ```yaml
 - repo: https://github.com/astral-sh/ruff-pre-commit
  # Ruff version.
-  rev: v0.11.10
+  rev: v0.5.3
  hooks:
    # Run the linter.
    - id: ruff
@@ -192,10 +179,11 @@ Ruff can also be used as a [pre-commit](https://pre-commit.com/) hook via [`ruff
    - id: ruff-format
 ```

-Ruff can also be used as a [VS Code extension](https://github.com/astral-sh/ruff-vscode) or with [various other editors](https://docs.astral.sh/ruff/editors/setup).
+Ruff can also be used as a [VS Code extension](https://github.com/astral-sh/ruff-vscode) or
+alongside any other editor through the [Ruff LSP](https://github.com/astral-sh/ruff-lsp).

 Ruff can also be used as a [GitHub Action](https://github.com/features/actions) via
-[`ruff-action`](https://github.com/astral-sh/ruff-action):
+[`ruff-action`](https://github.com/chartboost/ruff-action):

 ```yaml
 name: Ruff
@@ -205,10 +193,10 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: astral-sh/ruff-action@v3
+      - uses: chartboost/ruff-action@v1
 ```

-### Configuration<a id="configuration"></a>
+### Configuration

 Ruff can be configured through a `pyproject.toml`, `ruff.toml`, or `.ruff.toml` file (see:
 [_Configuration_](https://docs.astral.sh/ruff/configuration/), or [_Settings_](https://docs.astral.sh/ruff/settings/)
@@ -251,11 +239,11 @@ exclude = [
 line-length = 88
 indent-width = 4

-# Assume Python 3.9
-target-version = "py39"
+# Assume Python 3.8
+target-version = "py38"

 [lint]
-# Enable Pyflakes (`F`) and a subset of the pycodestyle (`E`) codes by default.
+# Enable Pyflakes (`F`) and a subset of the pycodestyle (`E`)  codes by default.
 select = ["E4", "E7", "E9", "F"]
 ignore = []

@@ -304,7 +292,7 @@ features that may change prior to stabilization.
 See `ruff help` for more on Ruff's top-level commands, or `ruff help check` and `ruff help format`
 for more on the linting and formatting commands, respectively.

-## Rules<a id="rules"></a>
+## Rules

 <!-- Begin section: Rules -->

@@ -380,21 +368,21 @@ quality tools, including:

 For a complete enumeration of the supported rules, see [_Rules_](https://docs.astral.sh/ruff/rules/).

-## Contributing<a id="contributing"></a>
+## Contributing

 Contributions are welcome and highly appreciated. To get started, check out the
 [**contributing guidelines**](https://docs.astral.sh/ruff/contributing/).

 You can also join us on [**Discord**](https://discord.com/invite/astral-sh).

-## Support<a id="support"></a>
+## Support

 Having trouble? Check out the existing issues on [**GitHub**](https://github.com/astral-sh/ruff/issues),
 or feel free to [**open a new one**](https://github.com/astral-sh/ruff/issues/new).

 You can also ask for help on [**Discord**](https://discord.com/invite/astral-sh).

-## Acknowledgements<a id="acknowledgements"></a>
+## Acknowledgements

 Ruff's linter draws on both the APIs and implementation details of many other
 tools in the Python ecosystem, especially [Flake8](https://github.com/PyCQA/flake8), [Pyflakes](https://github.com/PyCQA/pyflakes),
@@ -418,7 +406,7 @@ Ruff is the beneficiary of a large number of [contributors](https://github.com/a

 Ruff is released under the MIT license.

-## Who's Using Ruff?<a id="whos-using-ruff"></a>
+## Who's Using Ruff?

 Ruff is used by a number of major open-source projects and companies, including:

@@ -430,14 +418,12 @@ Ruff is used by a number of major open-source projects and companies, including:
 - [Babel](https://github.com/python-babel/babel)
 - Benchling ([Refac](https://github.com/benchling/refac))
 - [Bokeh](https://github.com/bokeh/bokeh)
- CrowdCent ([NumerBlox](https://github.com/crowdcent/numerblox)) <!-- typos: ignore -->
 - [Cryptography (PyCA)](https://github.com/pyca/cryptography)
 - CERN ([Indico](https://getindico.io/))
 - [DVC](https://github.com/iterative/dvc)
 - [Dagger](https://github.com/dagger/dagger)
 - [Dagster](https://github.com/dagster-io/dagster)
 - Databricks ([MLflow](https://github.com/mlflow/mlflow))
- [Dify](https://github.com/langgenius/dify)
 - [FastAPI](https://github.com/tiangolo/fastapi)
 - [Godot](https://github.com/godotengine/godot)
 - [Gradio](https://github.com/gradio-app/gradio)
@@ -448,11 +434,9 @@ Ruff is used by a number of major open-source projects and companies, including:
 - Hugging Face ([Transformers](https://github.com/huggingface/transformers),
    [Datasets](https://github.com/huggingface/datasets),
    [Diffusers](https://github.com/huggingface/diffusers))
- IBM ([Qiskit](https://github.com/Qiskit/qiskit))
 - ING Bank ([popmon](https://github.com/ing-bank/popmon), [probatus](https://github.com/ing-bank/probatus))
 - [Ibis](https://github.com/ibis-project/ibis)
 - [ivy](https://github.com/unifyai/ivy)
- [JAX](https://github.com/jax-ml/jax)
 - [Jupyter](https://github.com/jupyter-server/jupyter_server)
 - [Kraken Tech](https://kraken.tech/)
 - [LangChain](https://github.com/hwchase17/langchain)
@@ -539,7 +523,7 @@ If you're using Ruff, consider adding the Ruff badge to your project's `README.m
 <a href="https://github.com/astral-sh/ruff"><img src="https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json" alt="Ruff" style="max-width:100%;"></a>
 ```

-## License<a id="license"></a>
+## License

 This repository is licensed under the [MIT License](https://github.com/astral-sh/ruff/blob/main/LICENSE)

--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,15 +0,0 @@
-# Security policy
-
-## Reporting a vulnerability
-
-If you have found a possible vulnerability, please email `security at astral dot sh`.
-
-## Bug bounties
-
-While we sincerely appreciate and encourage reports of suspected security problems, please note that
-Astral does not currently run any bug bounty programs.
-
-## Vulnerability disclosures
-
-Critical vulnerabilities will be disclosed via GitHub's
-[security advisory](https://github.com/astral-sh/ruff/security) system.
--- a/_typos.toml
+++ b/_typos.toml
@@ -1,10 +1,6 @@
 [files]
 # https://github.com/crate-ci/typos/issues/868
-extend-exclude = [
-    "crates/ty_vendored/vendor/**/*",
-    "**/resources/**/*",
-    "**/snapshots/**/*",
-]
+extend-exclude = ["crates/red_knot_module_resolver/vendor/**/*", "**/resources/**/*", "**/snapshots/**/*"]

 [default.extend-words]
 "arange" = "arange"  # e.g. `numpy.arange`
@@ -12,22 +8,14 @@ hel = "hel"
 whos = "whos"
 spawnve = "spawnve"
 ned = "ned"
-pn = "pn"  # `import panel as pn` is a thing
+pn = "pn"  # `import panel as pd` is a thing
 poit = "poit"
 BA = "BA" # acronym for "Bad Allowed", used in testing.
 jod = "jod" # e.g., `jod-thread`
-Numer = "Numer" # Library name 'NumerBlox' in "Who's Using Ruff?"

 [default]
 extend-ignore-re = [
-    # Line ignore with trailing "spellchecker:disable-line"
-    "(?Rm)^.*#\\s*spellchecker:disable-line$",
-    "LICENSEs",
-    # Various third party dependencies uses `typ` as struct field names (e.g., lsp_types::LogMessageParams)
-    "typ",
-    # TODO: Remove this once the `TYP` redirects are removed from `rule_redirects.rs`
-    "TYP",
+  # Line ignore with trailing "spellchecker:disable-line"
+  "(?Rm)^.*#\\s*spellchecker:disable-line$",
+  "LICENSEs",
 ]
-
-[default.extend-identifiers]
-"FrIeNdLy" = "FrIeNdLy"
--- a/clippy.toml
+++ b/clippy.toml
@@ -1,25 +1,13 @@
 doc-valid-idents = [
-    "..",
-    "CodeQL",
-    "FastAPI",
-    "IPython",
-    "LangChain",
-    "LibCST",
-    "McCabe",
-    "NumPy",
-    "SCREAMING_SNAKE_CASE",
-    "SQLAlchemy",
-    "StackOverflow",
-    "PyCharm",
-    "SNMPv1",
-    "SNMPv2",
-    "SNMPv3",
-    "PyFlakes"
-]
-
-ignore-interior-mutability = [
-    # Interned is read-only. The wrapped `Rc` never gets updated.
-    "ruff_formatter::format_element::Interned",
-    # The expression is read-only.
-    "ruff_python_ast::hashable::HashableExpr",
+  "..",
+  "CodeQL",
+  "FastAPI",
+  "IPython",
+  "LangChain",
+  "LibCST",
+  "McCabe",
+  "NumPy",
+  "SCREAMING_SNAKE_CASE",
+  "SQLAlchemy",
+  "StackOverflow",
 ]
--- a/crates/red_knot/Cargo.toml
+++ b/crates/red_knot/Cargo.toml
@@ -0,0 +1,36 @@
+[package]
+name = "red_knot"
+version = "0.0.0"
+edition.workspace = true
+rust-version.workspace = true
+homepage.workspace = true
+documentation.workspace = true
+repository.workspace = true
+authors.workspace = true
+license.workspace = true
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+red_knot_module_resolver = { workspace = true }
+red_knot_python_semantic = { workspace = true }
+
+ruff_db = { workspace = true, features = ["os", "cache"] }
+ruff_python_ast = { workspace = true }
+
+anyhow = { workspace = true }
+clap = { workspace = true, features = ["wrap_help"] }
+countme = { workspace = true, features = ["enable"] }
+crossbeam = { workspace = true }
+ctrlc = { version = "3.4.4" }
+notify = { workspace = true }
+rayon = { workspace = true }
+rustc-hash = { workspace = true }
+salsa = { workspace = true }
+tracing = { workspace = true }
+tracing-subscriber = { workspace = true }
+tracing-tree = { workspace = true }
+
+
+[lints]
+workspace = true
--- a/crates/red_knot/src/cli/mod.rs
+++ b/crates/red_knot/src/cli/mod.rs
@@ -0,0 +1,2 @@
+pub(crate) mod target_version;
+pub(crate) mod verbosity;
--- a/crates/red_knot/src/cli/target_version.rs
+++ b/crates/red_knot/src/cli/target_version.rs
@@ -0,0 +1,34 @@
+/// Enumeration of all supported Python versions
+///
+/// TODO: unify with the `PythonVersion` enum in the linter/formatter crates?
+#[derive(Copy, Clone, Hash, Debug, PartialEq, Eq, PartialOrd, Ord, Default, clap::ValueEnum)]
+pub enum TargetVersion {
+    Py37,
+    #[default]
+    Py38,
+    Py39,
+    Py310,
+    Py311,
+    Py312,
+    Py313,
+}
+
+impl std::fmt::Display for TargetVersion {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        ruff_db::program::TargetVersion::from(*self).fmt(f)
+    }
+}
+
+impl From<TargetVersion> for ruff_db::program::TargetVersion {
+    fn from(value: TargetVersion) -> Self {
+        match value {
+            TargetVersion::Py37 => Self::Py37,
+            TargetVersion::Py38 => Self::Py38,
+            TargetVersion::Py39 => Self::Py39,
+            TargetVersion::Py310 => Self::Py310,
+            TargetVersion::Py311 => Self::Py311,
+            TargetVersion::Py312 => Self::Py312,
+            TargetVersion::Py313 => Self::Py313,
+        }
+    }
+}
--- a/crates/red_knot/src/cli/verbosity.rs
+++ b/crates/red_knot/src/cli/verbosity.rs
@@ -0,0 +1,34 @@
+#[derive(Debug, Copy, Clone, Eq, PartialEq, Ord, PartialOrd)]
+pub(crate) enum VerbosityLevel {
+    Info,
+    Debug,
+    Trace,
+}
+
+/// Logging flags to `#[command(flatten)]` into your CLI
+#[derive(clap::Args, Debug, Clone, Default)]
+#[command(about = None, long_about = None)]
+pub(crate) struct Verbosity {
+    #[arg(
+        long,
+        short = 'v',
+        help = "Use verbose output (or `-vv` and `-vvv` for more verbose output)",
+        action = clap::ArgAction::Count,
+        global = true,
+    )]
+    verbose: u8,
+}
+
+impl Verbosity {
+    /// Returns the verbosity level based on the number of `-v` flags.
+    ///
+    /// Returns `None` if the user did not specify any verbosity flags.
+    pub(crate) fn level(&self) -> Option<VerbosityLevel> {
+        match self.verbose {
+            0 => None,
+            1 => Some(VerbosityLevel::Info),
+            2 => Some(VerbosityLevel::Debug),
+            _ => Some(VerbosityLevel::Trace),
+        }
+    }
+}
--- a/crates/red_knot/src/db.rs
+++ b/crates/red_knot/src/db.rs
@@ -0,0 +1,200 @@
+use std::panic::{AssertUnwindSafe, RefUnwindSafe};
+use std::sync::Arc;
+
+use salsa::{Cancelled, Database, DbWithJar};
+
+use red_knot_module_resolver::{vendored_typeshed_stubs, Db as ResolverDb, Jar as ResolverJar};
+use red_knot_python_semantic::{Db as SemanticDb, Jar as SemanticJar};
+use ruff_db::files::{system_path_to_file, File, Files};
+use ruff_db::program::{Program, ProgramSettings};
+use ruff_db::system::System;
+use ruff_db::vendored::VendoredFileSystem;
+use ruff_db::{Db as SourceDb, Jar as SourceJar, Upcast};
+
+use crate::lint::{lint_semantic, lint_syntax, unwind_if_cancelled, Diagnostics};
+use crate::watch::{FileChangeKind, FileWatcherChange};
+use crate::workspace::{check_file, Package, Workspace, WorkspaceMetadata};
+
+pub trait Db: DbWithJar<Jar> + SemanticDb + Upcast<dyn SemanticDb> {}
+
+#[salsa::jar(db=Db)]
+pub struct Jar(
+    Workspace,
+    Package,
+    lint_syntax,
+    lint_semantic,
+    unwind_if_cancelled,
+);
+
+#[salsa::db(SourceJar, ResolverJar, SemanticJar, Jar)]
+pub struct RootDatabase {
+    workspace: Option<Workspace>,
+    storage: salsa::Storage<RootDatabase>,
+    files: Files,
+    system: Arc<dyn System + Send + Sync + RefUnwindSafe>,
+}
+
+impl RootDatabase {
+    pub fn new<S>(workspace: WorkspaceMetadata, settings: ProgramSettings, system: S) -> Self
+    where
+        S: System + 'static + Send + Sync + RefUnwindSafe,
+    {
+        let mut db = Self {
+            workspace: None,
+            storage: salsa::Storage::default(),
+            files: Files::default(),
+            system: Arc::new(system),
+        };
+
+        let workspace = Workspace::from_metadata(&db, workspace);
+        // Initialize the `Program` singleton
+        Program::from_settings(&db, settings);
+
+        db.workspace = Some(workspace);
+        db
+    }
+
+    pub fn workspace(&self) -> Workspace {
+        // SAFETY: The workspace is always initialized in `new`.
+        self.workspace.unwrap()
+    }
+
+    #[tracing::instrument(level = "debug", skip(self, changes))]
+    pub fn apply_changes(&mut self, changes: Vec<FileWatcherChange>) {
+        let workspace = self.workspace();
+        let workspace_path = workspace.root(self).to_path_buf();
+
+        // TODO: Optimize change tracking by only reloading a package if a file that is part of the package was changed.
+        let mut structural_change = false;
+        for change in changes {
+            if matches!(
+                change.path.file_name(),
+                Some(".gitignore" | ".ignore" | "ruff.toml" | ".ruff.toml" | "pyproject.toml")
+            ) {
+                // Changes to ignore files or settings can change the workspace structure or add/remove files
+                // from packages.
+                structural_change = true;
+            } else {
+                match change.kind {
+                    FileChangeKind::Created => {
+                        // Reload the package when a new file was added. This is necessary because the file might be excluded
+                        // by a gitignore.
+                        if workspace.package(self, &change.path).is_some() {
+                            structural_change = true;
+                        }
+                    }
+                    FileChangeKind::Modified => {}
+                    FileChangeKind::Deleted => {
+                        if let Some(package) = workspace.package(self, &change.path) {
+                            if let Some(file) = system_path_to_file(self, &change.path) {
+                                package.remove_file(self, file);
+                            }
+                        }
+                    }
+                }
+            }
+
+            File::touch_path(self, &change.path);
+        }
+
+        if structural_change {
+            match WorkspaceMetadata::from_path(&workspace_path, self.system()) {
+                Ok(metadata) => {
+                    tracing::debug!("Reload workspace after structural change.");
+                    // TODO: Handle changes in the program settings.
+                    workspace.reload(self, metadata);
+                }
+                Err(error) => {
+                    tracing::error!("Failed to load workspace, keep old workspace: {error}");
+                }
+            }
+        }
+    }
+
+    /// Checks all open files in the workspace and its dependencies.
+    pub fn check(&self) -> Result<Vec<String>, Cancelled> {
+        self.with_db(|db| db.workspace().check(db))
+    }
+
+    pub fn check_file(&self, file: File) -> Result<Diagnostics, Cancelled> {
+        self.with_db(|db| check_file(db, file))
+    }
+
+    pub(crate) fn with_db<F, T>(&self, f: F) -> Result<T, Cancelled>
+    where
+        F: FnOnce(&RootDatabase) -> T + std::panic::UnwindSafe,
+    {
+        // The `AssertUnwindSafe` here looks scary, but is a consequence of Salsa's design.
+        // Salsa uses panics to implement cancellation and to recover from cycles. However, the Salsa
+        // storage isn't `UnwindSafe` or `RefUnwindSafe` because its dependencies `DashMap` and `parking_lot::*` aren't
+        // unwind safe.
+        //
+        // Having to use `AssertUnwindSafe` isn't as big as a deal as it might seem because
+        // the `UnwindSafe` and `RefUnwindSafe` traits are designed to catch logical bugs.
+        // They don't protect against [UB](https://internals.rust-lang.org/t/pre-rfc-deprecating-unwindsafe/15974).
+        // On top of that, `Cancelled` only catches specific Salsa-panics and propagates all other panics.
+        //
+        // That still leaves us with possible logical bugs in two sources:
+        // * In Salsa itself: This must be considered a bug in Salsa and needs fixing upstream.
+        //   Reviewing Salsa code specifically around unwind safety seems doable.
+        // * Our code: This is the main concern. Luckily, it only involves code that uses internal mutability
+        //     and calls into Salsa queries when mutating the internal state. Using `AssertUnwindSafe`
+        //     certainly makes it harder to catch these issues in our user code.
+        //
+        // For now, this is the only solution at hand unless Salsa decides to change its design.
+        // [Zulip support thread](https://salsa.zulipchat.com/#narrow/stream/145099-general/topic/How.20to.20use.20.60Cancelled.3A.3Acatch.60)
+        let db = &AssertUnwindSafe(self);
+        Cancelled::catch(|| f(db))
+    }
+}
+
+impl Upcast<dyn SemanticDb> for RootDatabase {
+    fn upcast(&self) -> &(dyn SemanticDb + 'static) {
+        self
+    }
+}
+
+impl Upcast<dyn SourceDb> for RootDatabase {
+    fn upcast(&self) -> &(dyn SourceDb + 'static) {
+        self
+    }
+}
+
+impl Upcast<dyn ResolverDb> for RootDatabase {
+    fn upcast(&self) -> &(dyn ResolverDb + 'static) {
+        self
+    }
+}
+
+impl ResolverDb for RootDatabase {}
+
+impl SemanticDb for RootDatabase {}
+
+impl SourceDb for RootDatabase {
+    fn vendored(&self) -> &VendoredFileSystem {
+        vendored_typeshed_stubs()
+    }
+
+    fn system(&self) -> &dyn System {
+        &*self.system
+    }
+
+    fn files(&self) -> &Files {
+        &self.files
+    }
+}
+
+impl Database for RootDatabase {}
+
+impl Db for RootDatabase {}
+
+impl salsa::ParallelDatabase for RootDatabase {
+    fn snapshot(&self) -> salsa::Snapshot<Self> {
+        salsa::Snapshot::new(Self {
+            workspace: self.workspace,
+            storage: self.storage.snapshot(),
+            files: self.files.snapshot(),
+            system: self.system.clone(),
+        })
+    }
+}
--- a/crates/red_knot/src/lib.rs
+++ b/crates/red_knot/src/lib.rs
@@ -0,0 +1,6 @@
+use crate::db::Jar;
+
+pub mod db;
+pub mod lint;
+pub mod watch;
+pub mod workspace;
--- a/crates/red_knot/src/lint.rs
+++ b/crates/red_knot/src/lint.rs
@@ -0,0 +1,274 @@
+use std::cell::RefCell;
+use std::ops::Deref;
+use std::time::Duration;
+
+use tracing::trace_span;
+
+use red_knot_module_resolver::ModuleName;
+use red_knot_python_semantic::types::Type;
+use red_knot_python_semantic::{HasTy, SemanticModel};
+use ruff_db::files::File;
+use ruff_db::parsed::{parsed_module, ParsedModule};
+use ruff_db::source::{source_text, SourceText};
+use ruff_python_ast as ast;
+use ruff_python_ast::visitor::{walk_stmt, Visitor};
+
+use crate::db::Db;
+
+/// Workaround query to test for if the computation should be cancelled.
+/// Ideally, push for Salsa to expose an API for testing if cancellation was requested.
+#[salsa::tracked]
+#[allow(unused_variables)]
+pub(crate) fn unwind_if_cancelled(db: &dyn Db) {}
+
+#[salsa::tracked(return_ref)]
+pub(crate) fn lint_syntax(db: &dyn Db, file_id: File) -> Diagnostics {
+    #[allow(clippy::print_stdout)]
+    if std::env::var("RED_KNOT_SLOW_LINT").is_ok() {
+        for i in 0..10 {
+            unwind_if_cancelled(db);
+
+            println!("RED_KNOT_SLOW_LINT is set, sleeping for {i}/10 seconds");
+            std::thread::sleep(Duration::from_secs(1));
+        }
+    }
+
+    let mut diagnostics = Vec::new();
+
+    let source = source_text(db.upcast(), file_id);
+    lint_lines(&source, &mut diagnostics);
+
+    let parsed = parsed_module(db.upcast(), file_id);
+
+    if parsed.errors().is_empty() {
+        let ast = parsed.syntax();
+
+        let mut visitor = SyntaxLintVisitor {
+            diagnostics,
+            source: &source,
+        };
+        visitor.visit_body(&ast.body);
+        diagnostics = visitor.diagnostics;
+    } else {
+        diagnostics.extend(parsed.errors().iter().map(ToString::to_string));
+    }
+
+    Diagnostics::from(diagnostics)
+}
+
+fn lint_lines(source: &str, diagnostics: &mut Vec<String>) {
+    for (line_number, line) in source.lines().enumerate() {
+        if line.len() < 88 {
+            continue;
+        }
+
+        let char_count = line.chars().count();
+        if char_count > 88 {
+            diagnostics.push(format!(
+                "Line {} is too long ({} characters)",
+                line_number + 1,
+                char_count
+            ));
+        }
+    }
+}
+
+#[salsa::tracked(return_ref)]
+pub(crate) fn lint_semantic(db: &dyn Db, file_id: File) -> Diagnostics {
+    let _span = trace_span!("lint_semantic", ?file_id).entered();
+
+    let source = source_text(db.upcast(), file_id);
+    let parsed = parsed_module(db.upcast(), file_id);
+    let semantic = SemanticModel::new(db.upcast(), file_id);
+
+    if !parsed.is_valid() {
+        return Diagnostics::Empty;
+    }
+
+    let context = SemanticLintContext {
+        source,
+        parsed,
+        semantic,
+        diagnostics: RefCell::new(Vec::new()),
+    };
+
+    SemanticVisitor { context: &context }.visit_body(parsed.suite());
+
+    Diagnostics::from(context.diagnostics.take())
+}
+
+fn lint_unresolved_imports(context: &SemanticLintContext, import: AnyImportRef) {
+    match import {
+        AnyImportRef::Import(import) => {
+            for alias in &import.names {
+                let ty = alias.ty(&context.semantic);
+
+                if ty.is_unbound() {
+                    context.push_diagnostic(format!("Unresolved import '{}'", &alias.name));
+                }
+            }
+        }
+        AnyImportRef::ImportFrom(import) => {
+            for alias in &import.names {
+                let ty = alias.ty(&context.semantic);
+
+                if ty.is_unbound() {
+                    context.push_diagnostic(format!("Unresolved import '{}'", &alias.name));
+                }
+            }
+        }
+    }
+}
+
+fn lint_bad_override(context: &SemanticLintContext, class: &ast::StmtClassDef) {
+    let semantic = &context.semantic;
+
+    // TODO we should have a special marker on the real typing module (from typeshed) so if you
+    //   have your own "typing" module in your project, we don't consider it THE typing module (and
+    //   same for other stdlib modules that our lint rules care about)
+    let Some(typing) = semantic.resolve_module(ModuleName::new("typing").unwrap()) else {
+        return;
+    };
+
+    let override_ty = semantic.global_symbol_ty(&typing, "override");
+
+    let Type::Class(class_ty) = class.ty(semantic) else {
+        return;
+    };
+
+    for function in class
+        .body
+        .iter()
+        .filter_map(|stmt| stmt.as_function_def_stmt())
+    {
+        let Type::Function(ty) = function.ty(semantic) else {
+            return;
+        };
+
+        // TODO this shouldn't make direct use of the Db; see comment on SemanticModel::db
+        let db = semantic.db();
+
+        if ty.has_decorator(db, override_ty) {
+            let method_name = ty.name(db);
+            if class_ty
+                .inherited_class_member(db, &method_name)
+                .is_unbound()
+            {
+                // TODO should have a qualname() method to support nested classes
+                context.push_diagnostic(
+                    format!(
+                        "Method {}.{} is decorated with `typing.override` but does not override any base class method",
+                        class_ty.name(db),
+                        method_name,
+                    ));
+            }
+        }
+    }
+}
+
+pub(crate) struct SemanticLintContext<'a> {
+    source: SourceText,
+    parsed: &'a ParsedModule,
+    semantic: SemanticModel<'a>,
+    diagnostics: RefCell<Vec<String>>,
+}
+
+impl<'db> SemanticLintContext<'db> {
+    #[allow(unused)]
+    pub(crate) fn source_text(&self) -> &str {
+        self.source.as_str()
+    }
+
+    #[allow(unused)]
+    pub(crate) fn ast(&self) -> &'db ast::ModModule {
+        self.parsed.syntax()
+    }
+
+    pub(crate) fn push_diagnostic(&self, diagnostic: String) {
+        self.diagnostics.borrow_mut().push(diagnostic);
+    }
+
+    #[allow(unused)]
+    pub(crate) fn extend_diagnostics(&mut self, diagnostics: impl IntoIterator<Item = String>) {
+        self.diagnostics.get_mut().extend(diagnostics);
+    }
+}
+
+#[derive(Debug)]
+struct SyntaxLintVisitor<'a> {
+    diagnostics: Vec<String>,
+    source: &'a str,
+}
+
+impl Visitor<'_> for SyntaxLintVisitor<'_> {
+    fn visit_string_literal(&mut self, string_literal: &'_ ast::StringLiteral) {
+        // A very naive implementation of use double quotes
+        let text = &self.source[string_literal.range];
+
+        if text.starts_with('\'') {
+            self.diagnostics
+                .push("Use double quotes for strings".to_string());
+        }
+    }
+}
+
+struct SemanticVisitor<'a> {
+    context: &'a SemanticLintContext<'a>,
+}
+
+impl Visitor<'_> for SemanticVisitor<'_> {
+    fn visit_stmt(&mut self, stmt: &ast::Stmt) {
+        match stmt {
+            ast::Stmt::ClassDef(class) => {
+                lint_bad_override(self.context, class);
+            }
+            ast::Stmt::Import(import) => {
+                lint_unresolved_imports(self.context, AnyImportRef::Import(import));
+            }
+            ast::Stmt::ImportFrom(import) => {
+                lint_unresolved_imports(self.context, AnyImportRef::ImportFrom(import));
+            }
+            _ => {}
+        }
+
+        walk_stmt(self, stmt);
+    }
+}
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub enum Diagnostics {
+    Empty,
+    List(Vec<String>),
+}
+
+impl Diagnostics {
+    pub fn as_slice(&self) -> &[String] {
+        match self {
+            Diagnostics::Empty => &[],
+            Diagnostics::List(list) => list.as_slice(),
+        }
+    }
+}
+
+impl Deref for Diagnostics {
+    type Target = [String];
+    fn deref(&self) -> &Self::Target {
+        self.as_slice()
+    }
+}
+
+impl From<Vec<String>> for Diagnostics {
+    fn from(value: Vec<String>) -> Self {
+        if value.is_empty() {
+            Diagnostics::Empty
+        } else {
+            Diagnostics::List(value)
+        }
+    }
+}
+
+#[derive(Copy, Clone, Debug)]
+enum AnyImportRef<'a> {
+    Import(&'a ast::StmtImport),
+    ImportFrom(&'a ast::StmtImportFrom),
+}
--- a/crates/red_knot/src/main.rs
+++ b/crates/red_knot/src/main.rs
@@ -0,0 +1,419 @@
+use std::sync::Mutex;
+
+use clap::Parser;
+use crossbeam::channel as crossbeam_channel;
+use salsa::ParallelDatabase;
+use tracing::subscriber::Interest;
+use tracing::{Level, Metadata};
+use tracing_subscriber::filter::LevelFilter;
+use tracing_subscriber::layer::{Context, Filter, SubscriberExt};
+use tracing_subscriber::{Layer, Registry};
+use tracing_tree::time::Uptime;
+
+use red_knot::db::RootDatabase;
+use red_knot::watch::FileWatcher;
+use red_knot::watch::FileWatcherChange;
+use red_knot::workspace::WorkspaceMetadata;
+use ruff_db::program::{ProgramSettings, SearchPathSettings};
+use ruff_db::system::{OsSystem, System, SystemPathBuf};
+
+use cli::target_version::TargetVersion;
+use cli::verbosity::{Verbosity, VerbosityLevel};
+
+mod cli;
+
+#[derive(Debug, Parser)]
+#[command(
+    author,
+    name = "red-knot",
+    about = "An experimental multifile analysis backend for Ruff"
+)]
+#[command(version)]
+struct Args {
+    #[arg(
+        long,
+        help = "Changes the current working directory.",
+        long_help = "Changes the current working directory before any specified operations. This affects the workspace and configuration discovery.",
+        value_name = "PATH"
+    )]
+    current_directory: Option<SystemPathBuf>,
+
+    #[arg(
+        long,
+        value_name = "DIRECTORY",
+        help = "Custom directory to use for stdlib typeshed stubs"
+    )]
+    custom_typeshed_dir: Option<SystemPathBuf>,
+
+    #[arg(
+        long,
+        value_name = "PATH",
+        help = "Additional path to use as a module-resolution source (can be passed multiple times)"
+    )]
+    extra_search_path: Vec<SystemPathBuf>,
+
+    #[arg(long, help = "Python version to assume when resolving types", default_value_t = TargetVersion::default(), value_name="VERSION")]
+    target_version: TargetVersion,
+
+    #[clap(flatten)]
+    verbosity: Verbosity,
+}
+
+#[allow(
+    clippy::print_stdout,
+    clippy::unnecessary_wraps,
+    clippy::print_stderr,
+    clippy::dbg_macro
+)]
+pub fn main() -> anyhow::Result<()> {
+    let Args {
+        current_directory,
+        custom_typeshed_dir,
+        extra_search_path: extra_paths,
+        target_version,
+        verbosity,
+    } = Args::parse_from(std::env::args().collect::<Vec<_>>());
+
+    let verbosity = verbosity.level();
+    countme::enable(verbosity == Some(VerbosityLevel::Trace));
+    setup_tracing(verbosity);
+
+    let cwd = if let Some(cwd) = current_directory {
+        let canonicalized = cwd.as_utf8_path().canonicalize_utf8().unwrap();
+        SystemPathBuf::from_utf8_path_buf(canonicalized)
+    } else {
+        let cwd = std::env::current_dir().unwrap();
+        SystemPathBuf::from_path_buf(cwd).unwrap()
+    };
+
+    let system = OsSystem::new(cwd.clone());
+    let workspace_metadata =
+        WorkspaceMetadata::from_path(system.current_directory(), &system).unwrap();
+
+    // TODO: Respect the settings from the workspace metadata. when resolving the program settings.
+    let program_settings = ProgramSettings {
+        target_version: target_version.into(),
+        search_paths: SearchPathSettings {
+            extra_paths,
+            workspace_root: workspace_metadata.root().to_path_buf(),
+            custom_typeshed: custom_typeshed_dir,
+            site_packages: None,
+        },
+    };
+
+    // TODO: Use the `program_settings` to compute the key for the database's persistent
+    //   cache and load the cache if it exists.
+    let mut db = RootDatabase::new(workspace_metadata, program_settings, system);
+
+    let (main_loop, main_loop_cancellation_token) = MainLoop::new(verbosity);
+
+    // Listen to Ctrl+C and abort the watch mode.
+    let main_loop_cancellation_token = Mutex::new(Some(main_loop_cancellation_token));
+    ctrlc::set_handler(move || {
+        let mut lock = main_loop_cancellation_token.lock().unwrap();
+
+        if let Some(token) = lock.take() {
+            token.stop();
+        }
+    })?;
+
+    let file_changes_notifier = main_loop.file_changes_notifier();
+
+    // Watch for file changes and re-trigger the analysis.
+    let mut file_watcher = FileWatcher::new(move |changes| {
+        file_changes_notifier.notify(changes);
+    })?;
+
+    file_watcher.watch_folder(db.workspace().root(&db).as_std_path())?;
+
+    main_loop.run(&mut db);
+
+    println!("{}", countme::get_all());
+
+    Ok(())
+}
+
+struct MainLoop {
+    verbosity: Option<VerbosityLevel>,
+    orchestrator: crossbeam_channel::Sender<OrchestratorMessage>,
+    receiver: crossbeam_channel::Receiver<MainLoopMessage>,
+}
+
+impl MainLoop {
+    fn new(verbosity: Option<VerbosityLevel>) -> (Self, MainLoopCancellationToken) {
+        let (orchestrator_sender, orchestrator_receiver) = crossbeam_channel::bounded(1);
+        let (main_loop_sender, main_loop_receiver) = crossbeam_channel::bounded(1);
+
+        let mut orchestrator = Orchestrator {
+            receiver: orchestrator_receiver,
+            main_loop: main_loop_sender.clone(),
+            revision: 0,
+        };
+
+        std::thread::spawn(move || {
+            orchestrator.run();
+        });
+
+        (
+            Self {
+                verbosity,
+                orchestrator: orchestrator_sender,
+                receiver: main_loop_receiver,
+            },
+            MainLoopCancellationToken {
+                sender: main_loop_sender,
+            },
+        )
+    }
+
+    fn file_changes_notifier(&self) -> FileChangesNotifier {
+        FileChangesNotifier {
+            sender: self.orchestrator.clone(),
+        }
+    }
+
+    #[allow(clippy::print_stderr)]
+    fn run(self, db: &mut RootDatabase) {
+        self.orchestrator.send(OrchestratorMessage::Run).unwrap();
+
+        for message in &self.receiver {
+            tracing::trace!("Main Loop: Tick");
+
+            match message {
+                MainLoopMessage::CheckWorkspace { revision } => {
+                    let db = db.snapshot();
+                    let orchestrator = self.orchestrator.clone();
+
+                    // Spawn a new task that checks the workspace. This needs to be done in a separate thread
+                    // to prevent blocking the main loop here.
+                    rayon::spawn(move || {
+                        if let Ok(result) = db.check() {
+                            orchestrator
+                                .send(OrchestratorMessage::CheckCompleted {
+                                    diagnostics: result,
+                                    revision,
+                                })
+                                .unwrap();
+                        }
+                    });
+                }
+                MainLoopMessage::ApplyChanges(changes) => {
+                    // Automatically cancels any pending queries and waits for them to complete.
+                    db.apply_changes(changes);
+                }
+                MainLoopMessage::CheckCompleted(diagnostics) => {
+                    eprintln!("{}", diagnostics.join("\n"));
+                    if self.verbosity == Some(VerbosityLevel::Trace) {
+                        eprintln!("{}", countme::get_all());
+                    }
+                }
+                MainLoopMessage::Exit => {
+                    if self.verbosity == Some(VerbosityLevel::Trace) {
+                        eprintln!("{}", countme::get_all());
+                    }
+                    return;
+                }
+            }
+        }
+    }
+}
+
+impl Drop for MainLoop {
+    fn drop(&mut self) {
+        self.orchestrator
+            .send(OrchestratorMessage::Shutdown)
+            .unwrap();
+    }
+}
+
+#[derive(Debug, Clone)]
+struct FileChangesNotifier {
+    sender: crossbeam_channel::Sender<OrchestratorMessage>,
+}
+
+impl FileChangesNotifier {
+    fn notify(&self, changes: Vec<FileWatcherChange>) {
+        self.sender
+            .send(OrchestratorMessage::FileChanges(changes))
+            .unwrap();
+    }
+}
+
+#[derive(Debug)]
+struct MainLoopCancellationToken {
+    sender: crossbeam_channel::Sender<MainLoopMessage>,
+}
+
+impl MainLoopCancellationToken {
+    fn stop(self) {
+        self.sender.send(MainLoopMessage::Exit).unwrap();
+    }
+}
+
+struct Orchestrator {
+    /// Sends messages to the main loop.
+    main_loop: crossbeam_channel::Sender<MainLoopMessage>,
+    /// Receives messages from the main loop.
+    receiver: crossbeam_channel::Receiver<OrchestratorMessage>,
+    revision: usize,
+}
+
+impl Orchestrator {
+    #[allow(clippy::print_stderr)]
+    fn run(&mut self) {
+        while let Ok(message) = self.receiver.recv() {
+            match message {
+                OrchestratorMessage::Run => {
+                    self.main_loop
+                        .send(MainLoopMessage::CheckWorkspace {
+                            revision: self.revision,
+                        })
+                        .unwrap();
+                }
+
+                OrchestratorMessage::CheckCompleted {
+                    diagnostics,
+                    revision,
+                } => {
+                    // Only take the diagnostics if they are for the latest revision.
+                    if self.revision == revision {
+                        self.main_loop
+                            .send(MainLoopMessage::CheckCompleted(diagnostics))
+                            .unwrap();
+                    } else {
+                        tracing::debug!("Discarding diagnostics for outdated revision {revision} (current: {}).", self.revision);
+                    }
+                }
+
+                OrchestratorMessage::FileChanges(changes) => {
+                    // Request cancellation, but wait until all analysis tasks have completed to
+                    // avoid stale messages in the next main loop.
+
+                    self.revision += 1;
+                    self.debounce_changes(changes);
+                }
+                OrchestratorMessage::Shutdown => {
+                    return self.shutdown();
+                }
+            }
+        }
+    }
+
+    fn debounce_changes(&self, mut changes: Vec<FileWatcherChange>) {
+        loop {
+            // Consume possibly incoming file change messages before running a new analysis, but don't wait for more than 100ms.
+            crossbeam_channel::select! {
+                recv(self.receiver) -> message => {
+                    match message {
+                        Ok(OrchestratorMessage::Shutdown) => {
+                            return self.shutdown();
+                        }
+                        Ok(OrchestratorMessage::FileChanges(file_changes)) => {
+                            changes.extend(file_changes);
+                        }
+
+                        Ok(OrchestratorMessage::CheckCompleted { .. })=> {
+                            // disregard any outdated completion message.
+                        }
+                        Ok(OrchestratorMessage::Run) => unreachable!("The orchestrator is already running."),
+
+                        Err(_) => {
+                            // There are no more senders, no point in waiting for more messages
+                            return;
+                        }
+                    }
+                },
+                default(std::time::Duration::from_millis(10)) => {
+                    // No more file changes after 10 ms, send the changes and schedule a new analysis
+                    self.main_loop.send(MainLoopMessage::ApplyChanges(changes)).unwrap();
+                    self.main_loop.send(MainLoopMessage::CheckWorkspace { revision: self.revision}).unwrap();
+                    return;
+                }
+            }
+        }
+    }
+
+    #[allow(clippy::unused_self)]
+    fn shutdown(&self) {
+        tracing::trace!("Shutting down orchestrator.");
+    }
+}
+
+/// Message sent from the orchestrator to the main loop.
+#[derive(Debug)]
+enum MainLoopMessage {
+    CheckWorkspace { revision: usize },
+    CheckCompleted(Vec<String>),
+    ApplyChanges(Vec<FileWatcherChange>),
+    Exit,
+}
+
+#[derive(Debug)]
+enum OrchestratorMessage {
+    Run,
+    Shutdown,
+
+    CheckCompleted {
+        diagnostics: Vec<String>,
+        revision: usize,
+    },
+
+    FileChanges(Vec<FileWatcherChange>),
+}
+
+fn setup_tracing(verbosity: Option<VerbosityLevel>) {
+    let trace_level = match verbosity {
+        None => Level::WARN,
+        Some(VerbosityLevel::Info) => Level::INFO,
+        Some(VerbosityLevel::Debug) => Level::DEBUG,
+        Some(VerbosityLevel::Trace) => Level::TRACE,
+    };
+
+    let subscriber = Registry::default().with(
+        tracing_tree::HierarchicalLayer::default()
+            .with_indent_lines(true)
+            .with_indent_amount(2)
+            .with_bracketed_fields(true)
+            .with_thread_ids(true)
+            .with_targets(true)
+            .with_writer(|| Box::new(std::io::stderr()))
+            .with_timer(Uptime::default())
+            .with_filter(LoggingFilter { trace_level }),
+    );
+
+    tracing::subscriber::set_global_default(subscriber).unwrap();
+}
+
+struct LoggingFilter {
+    trace_level: Level,
+}
+
+impl LoggingFilter {
+    fn is_enabled(&self, meta: &Metadata<'_>) -> bool {
+        let filter = if meta.target().starts_with("red_knot") || meta.target().starts_with("ruff") {
+            self.trace_level
+        } else {
+            Level::INFO
+        };
+
+        meta.level() <= &filter
+    }
+}
+
+impl<S> Filter<S> for LoggingFilter {
+    fn enabled(&self, meta: &Metadata<'_>, _cx: &Context<'_, S>) -> bool {
+        self.is_enabled(meta)
+    }
+
+    fn callsite_enabled(&self, meta: &'static Metadata<'static>) -> Interest {
+        if self.is_enabled(meta) {
+            Interest::always()
+        } else {
+            Interest::never()
+        }
+    }
+
+    fn max_level_hint(&self) -> Option<LevelFilter> {
+        Some(LevelFilter::from_level(self.trace_level))
+    }
+}
--- a/crates/red_knot/src/watch.rs
+++ b/crates/red_knot/src/watch.rs
@@ -0,0 +1,111 @@
+use std::path::Path;
+
+use anyhow::Context;
+use notify::event::{CreateKind, ModifyKind, RemoveKind};
+use notify::{recommended_watcher, Event, EventKind, RecommendedWatcher, RecursiveMode, Watcher};
+
+use ruff_db::system::{SystemPath, SystemPathBuf};
+
+pub struct FileWatcher {
+    watcher: RecommendedWatcher,
+}
+
+pub trait EventHandler: Send + 'static {
+    fn handle(&self, changes: Vec<FileWatcherChange>);
+}
+
+impl<F> EventHandler for F
+where
+    F: Fn(Vec<FileWatcherChange>) + Send + 'static,
+{
+    fn handle(&self, changes: Vec<FileWatcherChange>) {
+        let f = self;
+        f(changes);
+    }
+}
+
+impl FileWatcher {
+    pub fn new<E>(handler: E) -> anyhow::Result<Self>
+    where
+        E: EventHandler,
+    {
+        Self::from_handler(Box::new(handler))
+    }
+
+    fn from_handler(handler: Box<dyn EventHandler>) -> anyhow::Result<Self> {
+        let watcher = recommended_watcher(move |event: notify::Result<Event>| {
+            match event {
+                Ok(event) => {
+                    // TODO verify that this handles all events correctly
+                    let change_kind = match event.kind {
+                        EventKind::Create(CreateKind::File) => FileChangeKind::Created,
+                        EventKind::Modify(ModifyKind::Name(notify::event::RenameMode::From)) => {
+                            FileChangeKind::Deleted
+                        }
+                        EventKind::Modify(ModifyKind::Name(notify::event::RenameMode::To)) => {
+                            FileChangeKind::Created
+                        }
+                        EventKind::Modify(ModifyKind::Name(notify::event::RenameMode::Any)) => {
+                            // TODO Introduce a better catch all event for cases that we don't understand.
+                            FileChangeKind::Created
+                        }
+                        EventKind::Modify(ModifyKind::Name(notify::event::RenameMode::Both)) => {
+                            todo!("Handle both create and delete event.");
+                        }
+                        EventKind::Modify(_) => FileChangeKind::Modified,
+                        EventKind::Remove(RemoveKind::File) => FileChangeKind::Deleted,
+                        _ => {
+                            return;
+                        }
+                    };
+
+                    let mut changes = Vec::new();
+
+                    for path in event.paths {
+                        if let Some(fs_path) = SystemPath::from_std_path(&path) {
+                            changes
+                                .push(FileWatcherChange::new(fs_path.to_path_buf(), change_kind));
+                        }
+                    }
+
+                    if !changes.is_empty() {
+                        handler.handle(changes);
+                    }
+                }
+                // TODO proper error handling
+                Err(err) => {
+                    panic!("Error: {err}");
+                }
+            }
+        })
+        .context("Failed to create file watcher.")?;
+
+        Ok(Self { watcher })
+    }
+
+    pub fn watch_folder(&mut self, path: &Path) -> anyhow::Result<()> {
+        self.watcher.watch(path, RecursiveMode::Recursive)?;
+
+        Ok(())
+    }
+}
+
+#[derive(Clone, Debug)]
+pub struct FileWatcherChange {
+    pub path: SystemPathBuf,
+    #[allow(unused)]
+    pub kind: FileChangeKind,
+}
+
+impl FileWatcherChange {
+    pub fn new(path: SystemPathBuf, kind: FileChangeKind) -> Self {
+        Self { path, kind }
+    }
+}
+
+#[derive(Copy, Clone, Debug, Eq, PartialEq)]
+pub enum FileChangeKind {
+    Created,
+    Modified,
+    Deleted,
+}
--- a/crates/red_knot/src/workspace.rs
+++ b/crates/red_knot/src/workspace.rs
@@ -0,0 +1,344 @@
+// TODO: Fix clippy warnings created by salsa macros
+#![allow(clippy::used_underscore_binding)]
+
+use std::{collections::BTreeMap, sync::Arc};
+
+use rustc_hash::{FxBuildHasher, FxHashSet};
+
+pub use metadata::{PackageMetadata, WorkspaceMetadata};
+use ruff_db::{
+    files::{system_path_to_file, File},
+    system::{walk_directory::WalkState, SystemPath, SystemPathBuf},
+};
+use ruff_python_ast::{name::Name, PySourceType};
+
+use crate::{
+    db::Db,
+    lint::{lint_semantic, lint_syntax, Diagnostics},
+};
+
+mod metadata;
+
+/// The project workspace as a Salsa ingredient.
+///
+/// A workspace consists of one or multiple packages. Packages can be nested. A file in a workspace
+/// belongs to no or exactly one package (files can't belong to multiple packages).
+///
+/// How workspaces and packages are discovered is TBD. For now, a workspace can be any directory,
+/// and it always contains a single package which has the same root as the workspace.
+///
+/// ## Examples
+///
+/// ```text
+/// app-1/
+///     pyproject.toml
+///     src/
+///         ... python files
+///
+/// app-2/
+///     pyproject.toml
+///     src/
+///         ... python files
+///
+/// shared/
+///     pyproject.toml
+///     src/
+///         ... python files
+///
+/// pyproject.toml
+/// ```
+///
+/// The above project structure has three packages: `app-1`, `app-2`, and `shared`.
+/// Each of the packages can define their own settings in their `pyproject.toml` file, but
+/// they must be compatible. For example, each package can define a different `requires-python` range,
+/// but the ranges must overlap.
+///
+/// ## How is a workspace different from a program?
+/// There are two (related) motivations:
+///
+/// 1. Program is defined in `ruff_db` and it can't reference the settings types for the linter and formatter
+///    without introducing a cyclic dependency. The workspace is defined in a higher level crate
+///    where it can reference these setting types.
+/// 2. Running `ruff check` with different target versions results in different programs (settings) but
+///    it remains the same workspace. That's why program is a narrowed view of the workspace only
+///    holding on to the most fundamental settings required for checking.
+#[salsa::input]
+pub struct Workspace {
+    #[id]
+    #[return_ref]
+    root_buf: SystemPathBuf,
+
+    /// The files that are open in the workspace.
+    ///
+    /// Setting the open files to a non-`None` value changes `check` to only check the
+    /// open files rather than all files in the workspace.
+    #[return_ref]
+    open_file_set: Option<Arc<FxHashSet<File>>>,
+
+    /// The (first-party) packages in this workspace.
+    #[return_ref]
+    package_tree: BTreeMap<SystemPathBuf, Package>,
+}
+
+/// A first-party package in a workspace.
+#[salsa::input]
+pub struct Package {
+    #[return_ref]
+    pub name: Name,
+
+    /// The path to the root directory of the package.
+    #[id]
+    #[return_ref]
+    root_buf: SystemPathBuf,
+
+    /// The files that are part of this package.
+    #[return_ref]
+    file_set: Arc<FxHashSet<File>>,
+    // TODO: Add the loaded settings.
+}
+
+impl Workspace {
+    /// Discovers the closest workspace at `path` and returns its metadata.
+    pub fn from_metadata(db: &dyn Db, metadata: WorkspaceMetadata) -> Self {
+        let mut packages = BTreeMap::new();
+
+        for package in metadata.packages {
+            packages.insert(package.root.clone(), Package::from_metadata(db, package));
+        }
+
+        Workspace::new(db, metadata.root, None, packages)
+    }
+
+    pub fn root(self, db: &dyn Db) -> &SystemPath {
+        self.root_buf(db)
+    }
+
+    pub fn packages(self, db: &dyn Db) -> impl Iterator<Item = Package> + '_ {
+        self.package_tree(db).values().copied()
+    }
+
+    pub fn reload(self, db: &mut dyn Db, metadata: WorkspaceMetadata) {
+        assert_eq!(self.root(db), metadata.root());
+
+        let mut old_packages = self.package_tree(db).clone();
+        let mut new_packages = BTreeMap::new();
+
+        for package_metadata in metadata.packages {
+            let path = package_metadata.root().to_path_buf();
+
+            let package = if let Some(old_package) = old_packages.remove(&path) {
+                old_package.update(db, package_metadata);
+                old_package
+            } else {
+                Package::from_metadata(db, package_metadata)
+            };
+
+            new_packages.insert(path, package);
+        }
+
+        self.set_package_tree(db).to(new_packages);
+    }
+
+    pub fn update_package(self, db: &mut dyn Db, metadata: PackageMetadata) -> anyhow::Result<()> {
+        let path = metadata.root().to_path_buf();
+
+        if let Some(package) = self.package_tree(db).get(&path).copied() {
+            package.update(db, metadata);
+            Ok(())
+        } else {
+            Err(anyhow::anyhow!("Package {path} not found"))
+        }
+    }
+
+    /// Returns the closest package to which the first-party `path` belongs.
+    ///
+    /// Returns `None` if the `path` is outside of any package or if `file` isn't a first-party file
+    /// (e.g. third-party dependencies or `excluded`).
+    pub fn package(self, db: &dyn Db, path: &SystemPath) -> Option<Package> {
+        let packages = self.package_tree(db);
+
+        let (package_path, package) = packages.range(..path.to_path_buf()).next_back()?;
+
+        if path.starts_with(package_path) {
+            Some(*package)
+        } else {
+            None
+        }
+    }
+
+    /// Checks all open files in the workspace and its dependencies.
+    #[tracing::instrument(level = "debug", skip_all)]
+    pub fn check(self, db: &dyn Db) -> Vec<String> {
+        let mut result = Vec::new();
+
+        if let Some(open_files) = self.open_files(db) {
+            for file in open_files {
+                result.extend_from_slice(&check_file(db, *file));
+            }
+        } else {
+            for package in self.packages(db) {
+                result.extend(package.check(db));
+            }
+        }
+
+        result
+    }
+
+    /// Opens a file in the workspace.
+    ///
+    /// This changes the behavior of `check` to only check the open files rather than all files in the workspace.
+    #[tracing::instrument(level = "debug", skip(self, db))]
+    pub fn open_file(self, db: &mut dyn Db, file: File) {
+        let mut open_files = self.take_open_files(db);
+        open_files.insert(file);
+        self.set_open_files(db, open_files);
+    }
+
+    /// Closes a file in the workspace.
+    #[tracing::instrument(level = "debug", skip(self, db))]
+    pub fn close_file(self, db: &mut dyn Db, file: File) -> bool {
+        let mut open_files = self.take_open_files(db);
+        let removed = open_files.remove(&file);
+
+        if removed {
+            self.set_open_files(db, open_files);
+        }
+
+        removed
+    }
+
+    /// Returns the open files in the workspace or `None` if the entire workspace should be checked.
+    pub fn open_files(self, db: &dyn Db) -> Option<&FxHashSet<File>> {
+        self.open_file_set(db).as_deref()
+    }
+
+    /// Sets the open files in the workspace.
+    ///
+    /// This changes the behavior of `check` to only check the open files rather than all files in the workspace.
+    #[tracing::instrument(level = "debug", skip(self, db))]
+    pub fn set_open_files(self, db: &mut dyn Db, open_files: FxHashSet<File>) {
+        self.set_open_file_set(db).to(Some(Arc::new(open_files)));
+    }
+
+    /// This takes the open files from the workspace and returns them.
+    ///
+    /// This changes the behavior of `check` to check all files in the workspace instead of just the open files.
+    pub fn take_open_files(self, db: &mut dyn Db) -> FxHashSet<File> {
+        let open_files = self.open_file_set(db).clone();
+
+        if let Some(open_files) = open_files {
+            // Salsa will cancel any pending queries and remove its own reference to `open_files`
+            // so that the reference counter to `open_files` now drops to 1.
+            self.set_open_file_set(db).to(None);
+
+            Arc::try_unwrap(open_files).unwrap()
+        } else {
+            FxHashSet::default()
+        }
+    }
+}
+
+impl Package {
+    pub fn root(self, db: &dyn Db) -> &SystemPath {
+        self.root_buf(db)
+    }
+
+    /// Returns `true` if `file` is a first-party file part of this package.
+    pub fn contains_file(self, db: &dyn Db, file: File) -> bool {
+        self.files(db).contains(&file)
+    }
+
+    pub fn files(self, db: &dyn Db) -> &FxHashSet<File> {
+        self.file_set(db)
+    }
+
+    pub fn remove_file(self, db: &mut dyn Db, file: File) -> bool {
+        let mut files_arc = self.file_set(db).clone();
+
+        // Set a dummy value. Salsa will cancel any pending queries and remove its own reference to `files`
+        // so that the reference counter to `files` now drops to 1.
+        self.set_file_set(db).to(Arc::new(FxHashSet::default()));
+
+        let files = Arc::get_mut(&mut files_arc).unwrap();
+        let removed = files.remove(&file);
+        self.set_file_set(db).to(files_arc);
+
+        removed
+    }
+
+    pub(crate) fn check(self, db: &dyn Db) -> Vec<String> {
+        let mut result = Vec::new();
+        for file in self.files(db) {
+            let diagnostics = check_file(db, *file);
+            result.extend_from_slice(&diagnostics);
+        }
+
+        result
+    }
+
+    fn from_metadata(db: &dyn Db, metadata: PackageMetadata) -> Self {
+        let files = discover_package_files(db, metadata.root());
+
+        Self::new(db, metadata.name, metadata.root, Arc::new(files))
+    }
+
+    fn update(self, db: &mut dyn Db, metadata: PackageMetadata) {
+        let root = self.root(db);
+        assert_eq!(root, metadata.root());
+
+        let files = discover_package_files(db, root);
+
+        self.set_name(db).to(metadata.name);
+        self.set_file_set(db).to(Arc::new(files));
+    }
+}
+
+pub(super) fn check_file(db: &dyn Db, file: File) -> Diagnostics {
+    let mut diagnostics = Vec::new();
+    diagnostics.extend_from_slice(lint_syntax(db, file));
+    diagnostics.extend_from_slice(lint_semantic(db, file));
+    Diagnostics::from(diagnostics)
+}
+
+fn discover_package_files(db: &dyn Db, path: &SystemPath) -> FxHashSet<File> {
+    let paths = std::sync::Mutex::new(Vec::new());
+
+    db.system().walk_directory(path).run(|| {
+        Box::new(|entry| {
+            match entry {
+                Ok(entry) => {
+                    // Skip over any non python files to avoid creating too many entries in `Files`.
+                    if entry.file_type().is_file()
+                        && entry
+                            .path()
+                            .extension()
+                            .and_then(PySourceType::try_from_extension)
+                            .is_some()
+                    {
+                        let mut paths = paths.lock().unwrap();
+                        paths.push(entry.into_path());
+                    }
+                }
+                Err(error) => {
+                    // TODO Handle error
+                    tracing::error!("Failed to walk path: {error}");
+                }
+            }
+
+            WalkState::Continue
+        })
+    });
+
+    let paths = paths.into_inner().unwrap();
+    let mut files = FxHashSet::with_capacity_and_hasher(paths.len(), FxBuildHasher);
+
+    for path in paths {
+        // If this returns `None`, then the file was deleted between the `walk_directory` call and now.
+        // We can ignore this.
+        if let Some(file) = system_path_to_file(db.upcast(), &path) {
+            files.insert(file);
+        }
+    }
+
+    files
+}
--- a/crates/red_knot/src/workspace/metadata.rs
+++ b/crates/red_knot/src/workspace/metadata.rs
@@ -0,0 +1,68 @@
+use ruff_db::system::{System, SystemPath, SystemPathBuf};
+use ruff_python_ast::name::Name;
+
+#[derive(Debug)]
+pub struct WorkspaceMetadata {
+    pub(super) root: SystemPathBuf,
+
+    /// The (first-party) packages in this workspace.
+    pub(super) packages: Vec<PackageMetadata>,
+}
+
+/// A first-party package in a workspace.
+#[derive(Debug)]
+pub struct PackageMetadata {
+    pub(super) name: Name,
+
+    /// The path to the root directory of the package.
+    pub(super) root: SystemPathBuf,
+    // TODO: Add the loaded package configuration (not the nested ruff settings)
+}
+
+impl WorkspaceMetadata {
+    /// Discovers the closest workspace at `path` and returns its metadata.
+    pub fn from_path(path: &SystemPath, system: &dyn System) -> anyhow::Result<WorkspaceMetadata> {
+        let root = if system.is_file(path) {
+            path.parent().unwrap().to_path_buf()
+        } else {
+            path.to_path_buf()
+        };
+
+        if !system.is_directory(&root) {
+            anyhow::bail!("no workspace found at {:?}", root);
+        }
+
+        // TODO: Discover package name from `pyproject.toml`.
+        let package_name: Name = path.file_name().unwrap_or("<root>").into();
+
+        let package = PackageMetadata {
+            name: package_name,
+            root: root.clone(),
+        };
+
+        let workspace = WorkspaceMetadata {
+            root,
+            packages: vec![package],
+        };
+
+        Ok(workspace)
+    }
+
+    pub fn root(&self) -> &SystemPath {
+        &self.root
+    }
+
+    pub fn packages(&self) -> &[PackageMetadata] {
+        &self.packages
+    }
+}
+
+impl PackageMetadata {
+    pub fn name(&self) -> &Name {
+        &self.name
+    }
+
+    pub fn root(&self) -> &SystemPath {
+        &self.root
+    }
+}
--- a/crates/red_knot_module_resolver/Cargo.toml
+++ b/crates/red_knot_module_resolver/Cargo.toml
@@ -0,0 +1,39 @@
+[package]
+name = "red_knot_module_resolver"
+version = "0.0.0"
+publish = false
+authors = { workspace = true }
+edition = { workspace = true }
+rust-version = { workspace = true }
+homepage = { workspace = true }
+documentation = { workspace = true }
+repository = { workspace = true }
+license = { workspace = true }
+
+[dependencies]
+ruff_db = { workspace = true }
+ruff_python_stdlib = { workspace = true }
+
+compact_str = { workspace = true }
+camino = { workspace = true }
+once_cell = { workspace = true }
+rustc-hash = { workspace = true }
+salsa = { workspace = true }
+tracing = { workspace = true }
+zip = { workspace = true }
+
+[build-dependencies]
+path-slash = { workspace = true }
+walkdir = { workspace = true }
+zip = { workspace = true }
+
+[dev-dependencies]
+ruff_db = { workspace = true, features = ["os"] }
+
+anyhow = { workspace = true }
+insta = { workspace = true }
+tempfile = { workspace = true }
+walkdir = { workspace = true }
+
+[lints]
+workspace = true
--- a/crates/red_knot_module_resolver/README.md
+++ b/crates/red_knot_module_resolver/README.md
@@ -0,0 +1,9 @@
+# Red Knot
+
+A work-in-progress multifile module resolver for Ruff.
+
+## Vendored types for the stdlib
+
+This crate vendors [typeshed](https://github.com/python/typeshed)'s stubs for the standard library. The vendored stubs can be found in `crates/red_knot_module_resolver/vendor/typeshed`. The file `crates/red_knot_module_resolver/vendor/typeshed/source_commit.txt` tells you the typeshed commit that our vendored stdlib stubs currently correspond to.
+
+The typeshed stubs are updated every two weeks via an automated PR using the `sync_typeshed.yaml` workflow in the `.github/workflows` directory. This workflow can also be triggered at any time via [workflow dispatch](https://docs.github.com/en/actions/using-workflows/manually-running-a-workflow#running-a-workflow).
--- a/crates/red_knot_module_resolver/build.rs
+++ b/crates/red_knot_module_resolver/build.rs
@@ -0,0 +1,74 @@
+//! Build script to package our vendored typeshed files
+//! into a zip archive that can be included in the Ruff binary.
+//!
+//! This script should be automatically run at build time
+//! whenever the script itself changes, or whenever any files
+//! in `crates/red_knot_module_resolver/vendor/typeshed` change.
+
+use std::fs::File;
+use std::path::Path;
+
+use path_slash::PathExt;
+use zip::result::ZipResult;
+use zip::write::{FileOptions, ZipWriter};
+use zip::CompressionMethod;
+
+const TYPESHED_SOURCE_DIR: &str = "vendor/typeshed";
+const TYPESHED_ZIP_LOCATION: &str = "/zipped_typeshed.zip";
+
+/// Recursively zip the contents of an entire directory.
+///
+/// This routine is adapted from a recipe at
+/// <https://github.com/zip-rs/zip-old/blob/5d0f198124946b7be4e5969719a7f29f363118cd/examples/write_dir.rs>
+fn zip_dir(directory_path: &str, writer: File) -> ZipResult<File> {
+    let mut zip = ZipWriter::new(writer);
+
+    let options = FileOptions::default()
+        .compression_method(CompressionMethod::Zstd)
+        .unix_permissions(0o644);
+
+    for entry in walkdir::WalkDir::new(directory_path) {
+        let dir_entry = entry.unwrap();
+        let absolute_path = dir_entry.path();
+        let normalized_relative_path = absolute_path
+            .strip_prefix(Path::new(directory_path))
+            .unwrap()
+            .to_slash()
+            .expect("Unexpected non-utf8 typeshed path!");
+
+        // Write file or directory explicitly
+        // Some unzip tools unzip files with directory paths correctly, some do not!
+        if absolute_path.is_file() {
+            println!("adding file {absolute_path:?} as {normalized_relative_path:?} ...");
+            zip.start_file(normalized_relative_path, options)?;
+            let mut f = File::open(absolute_path)?;
+            std::io::copy(&mut f, &mut zip).unwrap();
+        } else if !normalized_relative_path.is_empty() {
+            // Only if not root! Avoids path spec / warning
+            // and mapname conversion failed error on unzip
+            println!("adding dir {absolute_path:?} as {normalized_relative_path:?} ...");
+            zip.add_directory(normalized_relative_path, options)?;
+        }
+    }
+    zip.finish()
+}
+
+fn main() {
+    println!("cargo:rerun-if-changed={TYPESHED_SOURCE_DIR}");
+    assert!(
+        Path::new(TYPESHED_SOURCE_DIR).is_dir(),
+        "Where is typeshed?"
+    );
+    let out_dir = std::env::var("OUT_DIR").unwrap();
+
+    // N.B. Deliberately using `format!()` instead of `Path::join()` here,
+    // so that we use `/` as a path separator on all platforms.
+    // That enables us to load the typeshed zip at compile time in `module.rs`
+    // (otherwise we'd have to dynamically determine the exact path to the typeshed zip
+    // based on the default path separator for the specific platform we're on,
+    // which can't be done at compile time.)
+    let zipped_typeshed_location = format!("{out_dir}{TYPESHED_ZIP_LOCATION}");
+
+    let zipped_typeshed = File::create(zipped_typeshed_location).unwrap();
+    zip_dir(TYPESHED_SOURCE_DIR, zipped_typeshed).unwrap();
+}
--- a/crates/red_knot_module_resolver/src/db.rs
+++ b/crates/red_knot_module_resolver/src/db.rs
@@ -0,0 +1,126 @@
+use ruff_db::Upcast;
+
+use crate::resolver::{
+    editable_install_resolution_paths, file_to_module, internal::ModuleNameIngredient,
+    module_resolution_settings, resolve_module_query,
+};
+use crate::typeshed::parse_typeshed_versions;
+
+#[salsa::jar(db=Db)]
+pub struct Jar(
+    ModuleNameIngredient<'_>,
+    module_resolution_settings,
+    editable_install_resolution_paths,
+    resolve_module_query,
+    file_to_module,
+    parse_typeshed_versions,
+);
+
+pub trait Db: salsa::DbWithJar<Jar> + ruff_db::Db + Upcast<dyn ruff_db::Db> {}
+
+#[cfg(test)]
+pub(crate) mod tests {
+    use std::sync;
+
+    use salsa::DebugWithDb;
+
+    use ruff_db::files::Files;
+    use ruff_db::system::{DbWithTestSystem, TestSystem};
+    use ruff_db::vendored::VendoredFileSystem;
+
+    use crate::vendored_typeshed_stubs;
+
+    use super::*;
+
+    #[salsa::db(Jar, ruff_db::Jar)]
+    pub(crate) struct TestDb {
+        storage: salsa::Storage<Self>,
+        system: TestSystem,
+        vendored: VendoredFileSystem,
+        files: Files,
+        events: sync::Arc<sync::Mutex<Vec<salsa::Event>>>,
+    }
+
+    impl TestDb {
+        pub(crate) fn new() -> Self {
+            Self {
+                storage: salsa::Storage::default(),
+                system: TestSystem::default(),
+                vendored: vendored_typeshed_stubs().snapshot(),
+                events: sync::Arc::default(),
+                files: Files::default(),
+            }
+        }
+
+        /// Takes the salsa events.
+        ///
+        /// ## Panics
+        /// If there are any pending salsa snapshots.
+        pub(crate) fn take_salsa_events(&mut self) -> Vec<salsa::Event> {
+            let inner = sync::Arc::get_mut(&mut self.events).expect("no pending salsa snapshots");
+
+            let events = inner.get_mut().unwrap();
+            std::mem::take(&mut *events)
+        }
+
+        /// Clears the salsa events.
+        ///
+        /// ## Panics
+        /// If there are any pending salsa snapshots.
+        pub(crate) fn clear_salsa_events(&mut self) {
+            self.take_salsa_events();
+        }
+    }
+
+    impl Upcast<dyn ruff_db::Db> for TestDb {
+        fn upcast(&self) -> &(dyn ruff_db::Db + 'static) {
+            self
+        }
+    }
+
+    impl ruff_db::Db for TestDb {
+        fn vendored(&self) -> &VendoredFileSystem {
+            &self.vendored
+        }
+
+        fn system(&self) -> &dyn ruff_db::system::System {
+            &self.system
+        }
+
+        fn files(&self) -> &Files {
+            &self.files
+        }
+    }
+
+    impl Db for TestDb {}
+
+    impl DbWithTestSystem for TestDb {
+        fn test_system(&self) -> &TestSystem {
+            &self.system
+        }
+
+        fn test_system_mut(&mut self) -> &mut TestSystem {
+            &mut self.system
+        }
+    }
+
+    impl salsa::Database for TestDb {
+        fn salsa_event(&self, event: salsa::Event) {
+            tracing::trace!("event: {:?}", event.debug(self));
+            let mut events = self.events.lock().unwrap();
+            events.push(event);
+        }
+    }
+
+    impl salsa::ParallelDatabase for TestDb {
+        fn snapshot(&self) -> salsa::Snapshot<Self> {
+            salsa::Snapshot::new(Self {
+                storage: self.storage.snapshot(),
+                system: self.system.snapshot(),
+                vendored: self.vendored.snapshot(),
+                files: self.files.snapshot(),
+                events: self.events.clone(),
+            })
+        }
+    }
+}
--- a/crates/red_knot_module_resolver/src/lib.rs
+++ b/crates/red_knot_module_resolver/src/lib.rs
@@ -0,0 +1,18 @@
+mod db;
+mod module;
+mod module_name;
+mod path;
+mod resolver;
+mod state;
+mod typeshed;
+
+#[cfg(test)]
+mod testing;
+
+pub use db::{Db, Jar};
+pub use module::{Module, ModuleKind};
+pub use module_name::ModuleName;
+pub use resolver::resolve_module;
+pub use typeshed::{
+    vendored_typeshed_stubs, TypeshedVersionsParseError, TypeshedVersionsParseErrorKind,
+};
--- a/crates/red_knot_module_resolver/src/module.rs
+++ b/crates/red_knot_module_resolver/src/module.rs
@@ -0,0 +1,91 @@
+use std::fmt::Formatter;
+use std::sync::Arc;
+
+use ruff_db::files::File;
+
+use crate::db::Db;
+use crate::module_name::ModuleName;
+use crate::path::{ModuleResolutionPathBuf, ModuleResolutionPathRef};
+
+/// Representation of a Python module.
+#[derive(Clone, PartialEq, Eq)]
+pub struct Module {
+    inner: Arc<ModuleInner>,
+}
+
+impl Module {
+    pub(crate) fn new(
+        name: ModuleName,
+        kind: ModuleKind,
+        search_path: Arc<ModuleResolutionPathBuf>,
+        file: File,
+    ) -> Self {
+        Self {
+            inner: Arc::new(ModuleInner {
+                name,
+                kind,
+                search_path,
+                file,
+            }),
+        }
+    }
+
+    /// The absolute name of the module (e.g. `foo.bar`)
+    pub fn name(&self) -> &ModuleName {
+        &self.inner.name
+    }
+
+    /// The file to the source code that defines this module
+    pub fn file(&self) -> File {
+        self.inner.file
+    }
+
+    /// The search path from which the module was resolved.
+    pub(crate) fn search_path(&self) -> ModuleResolutionPathRef {
+        ModuleResolutionPathRef::from(&*self.inner.search_path)
+    }
+
+    /// Determine whether this module is a single-file module or a package
+    pub fn kind(&self) -> ModuleKind {
+        self.inner.kind
+    }
+}
+
+impl std::fmt::Debug for Module {
+    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
+        f.debug_struct("Module")
+            .field("name", &self.name())
+            .field("kind", &self.kind())
+            .field("file", &self.file())
+            .field("search_path", &self.search_path())
+            .finish()
+    }
+}
+
+impl salsa::DebugWithDb<dyn Db> for Module {
+    fn fmt(&self, f: &mut Formatter<'_>, db: &dyn Db) -> std::fmt::Result {
+        f.debug_struct("Module")
+            .field("name", &self.name())
+            .field("kind", &self.kind())
+            .field("file", &self.file().debug(db.upcast()))
+            .field("search_path", &self.search_path())
+            .finish()
+    }
+}
+
+#[derive(PartialEq, Eq)]
+struct ModuleInner {
+    name: ModuleName,
+    kind: ModuleKind,
+    search_path: Arc<ModuleResolutionPathBuf>,
+    file: File,
+}
+
+#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)]
+pub enum ModuleKind {
+    /// A single-file module (e.g. `foo.py` or `foo.pyi`)
+    Module,
+
+    /// A python package (`foo/__init__.py` or `foo/__init__.pyi`)
+    Package,
+}
--- a/crates/red_knot_module_resolver/src/module_name.rs
+++ b/crates/red_knot_module_resolver/src/module_name.rs
@@ -0,0 +1,198 @@
+use std::fmt;
+use std::ops::Deref;
+
+use compact_str::{CompactString, ToCompactString};
+
+use ruff_python_stdlib::identifiers::is_identifier;
+
+/// A module name, e.g. `foo.bar`.
+///
+/// Always normalized to the absolute form (never a relative module name, i.e., never `.foo`).
+#[derive(Clone, Debug, Eq, PartialEq, Hash, PartialOrd, Ord)]
+pub struct ModuleName(compact_str::CompactString);
+
+impl ModuleName {
+    /// Creates a new module name for `name`. Returns `Some` if `name` is a valid, absolute
+    /// module name and `None` otherwise.
+    ///
+    /// The module name is invalid if:
+    ///
+    /// * The name is empty
+    /// * The name is relative
+    /// * The name ends with a `.`
+    /// * The name contains a sequence of multiple dots
+    /// * A component of a name (the part between two dots) isn't a valid python identifier.
+    #[inline]
+    #[must_use]
+    pub fn new(name: &str) -> Option<Self> {
+        Self::is_valid_name(name).then(|| Self(CompactString::from(name)))
+    }
+
+    /// Creates a new module name for `name` where `name` is a static string.
+    /// Returns `Some` if `name` is a valid, absolute module name and `None` otherwise.
+    ///
+    /// The module name is invalid if:
+    ///
+    /// * The name is empty
+    /// * The name is relative
+    /// * The name ends with a `.`
+    /// * The name contains a sequence of multiple dots
+    /// * A component of a name (the part between two dots) isn't a valid python identifier.
+    ///
+    /// ## Examples
+    ///
+    /// ```
+    /// use red_knot_module_resolver::ModuleName;
+    ///
+    /// assert_eq!(ModuleName::new_static("foo.bar").as_deref(), Some("foo.bar"));
+    /// assert_eq!(ModuleName::new_static(""), None);
+    /// assert_eq!(ModuleName::new_static("..foo"), None);
+    /// assert_eq!(ModuleName::new_static(".foo"), None);
+    /// assert_eq!(ModuleName::new_static("foo."), None);
+    /// assert_eq!(ModuleName::new_static("foo..bar"), None);
+    /// assert_eq!(ModuleName::new_static("2000"), None);
+    /// ```
+    #[inline]
+    #[must_use]
+    pub fn new_static(name: &'static str) -> Option<Self> {
+        Self::is_valid_name(name).then(|| Self(CompactString::const_new(name)))
+    }
+
+    #[must_use]
+    fn is_valid_name(name: &str) -> bool {
+        !name.is_empty() && name.split('.').all(is_identifier)
+    }
+
+    /// An iterator over the components of the module name:
+    ///
+    /// # Examples
+    ///
+    /// ```
+    /// use red_knot_module_resolver::ModuleName;
+    ///
+    /// assert_eq!(ModuleName::new_static("foo.bar.baz").unwrap().components().collect::<Vec<_>>(), vec!["foo", "bar", "baz"]);
+    /// ```
+    #[must_use]
+    pub fn components(&self) -> impl DoubleEndedIterator<Item = &str> {
+        self.0.split('.')
+    }
+
+    /// The name of this module's immediate parent, if it has a parent.
+    ///
+    /// # Examples
+    ///
+    /// ```
+    /// use red_knot_module_resolver::ModuleName;
+    ///
+    /// assert_eq!(ModuleName::new_static("foo.bar").unwrap().parent(), Some(ModuleName::new_static("foo").unwrap()));
+    /// assert_eq!(ModuleName::new_static("foo.bar.baz").unwrap().parent(), Some(ModuleName::new_static("foo.bar").unwrap()));
+    /// assert_eq!(ModuleName::new_static("root").unwrap().parent(), None);
+    /// ```
+    #[must_use]
+    pub fn parent(&self) -> Option<ModuleName> {
+        let (parent, _) = self.0.rsplit_once('.')?;
+        Some(Self(parent.to_compact_string()))
+    }
+
+    /// Returns `true` if the name starts with `other`.
+    ///
+    /// This is equivalent to checking if `self` is a sub-module of `other`.
+    ///
+    /// # Examples
+    ///
+    /// ```
+    /// use red_knot_module_resolver::ModuleName;
+    ///
+    /// assert!(ModuleName::new_static("foo.bar").unwrap().starts_with(&ModuleName::new_static("foo").unwrap()));
+    ///
+    /// assert!(!ModuleName::new_static("foo.bar").unwrap().starts_with(&ModuleName::new_static("bar").unwrap()));
+    /// assert!(!ModuleName::new_static("foo_bar").unwrap().starts_with(&ModuleName::new_static("foo").unwrap()));
+    /// ```
+    #[must_use]
+    pub fn starts_with(&self, other: &ModuleName) -> bool {
+        let mut self_components = self.components();
+        let other_components = other.components();
+
+        for other_component in other_components {
+            if self_components.next() != Some(other_component) {
+                return false;
+            }
+        }
+
+        true
+    }
+
+    #[must_use]
+    #[inline]
+    pub fn as_str(&self) -> &str {
+        &self.0
+    }
+
+    /// Construct a [`ModuleName`] from a sequence of parts.
+    ///
+    /// # Examples
+    ///
+    /// ```
+    /// use red_knot_module_resolver::ModuleName;
+    ///
+    /// assert_eq!(&*ModuleName::from_components(["a"]).unwrap(), "a");
+    /// assert_eq!(&*ModuleName::from_components(["a", "b"]).unwrap(), "a.b");
+    /// assert_eq!(&*ModuleName::from_components(["a", "b", "c"]).unwrap(), "a.b.c");
+    ///
+    /// assert_eq!(ModuleName::from_components(["a-b"]), None);
+    /// assert_eq!(ModuleName::from_components(["a", "a-b"]), None);
+    /// assert_eq!(ModuleName::from_components(["a", "b", "a-b-c"]), None);
+    /// ```
+    #[must_use]
+    pub fn from_components<'a>(components: impl IntoIterator<Item = &'a str>) -> Option<Self> {
+        let mut components = components.into_iter();
+        let first_part = components.next()?;
+        if !is_identifier(first_part) {
+            return None;
+        }
+        let name = if let Some(second_part) = components.next() {
+            if !is_identifier(second_part) {
+                return None;
+            }
+            let mut name = format!("{first_part}.{second_part}");
+            for part in components {
+                if !is_identifier(part) {
+                    return None;
+                }
+                name.push('.');
+                name.push_str(part);
+            }
+            CompactString::from(&name)
+        } else {
+            CompactString::from(first_part)
+        };
+        Some(Self(name))
+    }
+}
+
+impl Deref for ModuleName {
+    type Target = str;
+
+    #[inline]
+    fn deref(&self) -> &Self::Target {
+        self.as_str()
+    }
+}
+
+impl PartialEq<str> for ModuleName {
+    fn eq(&self, other: &str) -> bool {
+        self.as_str() == other
+    }
+}
+
+impl PartialEq<ModuleName> for str {
+    fn eq(&self, other: &ModuleName) -> bool {
+        self == other.as_str()
+    }
+}
+
+impl std::fmt::Display for ModuleName {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> std::fmt::Result {
+        f.write_str(&self.0)
+    }
+}
--- a/crates/red_knot_module_resolver/src/path.rs
+++ b/crates/red_knot_module_resolver/src/path.rs
--- a/crates/red_knot_module_resolver/src/resolver.rs
+++ b/crates/red_knot_module_resolver/src/resolver.rs
--- a/crates/red_knot_module_resolver/src/state.rs
+++ b/crates/red_knot_module_resolver/src/state.rs
@@ -0,0 +1,30 @@
+use ruff_db::program::TargetVersion;
+use ruff_db::system::System;
+use ruff_db::vendored::VendoredFileSystem;
+
+use crate::db::Db;
+use crate::typeshed::LazyTypeshedVersions;
+
+pub(crate) struct ResolverState<'db> {
+    pub(crate) db: &'db dyn Db,
+    pub(crate) typeshed_versions: LazyTypeshedVersions<'db>,
+    pub(crate) target_version: TargetVersion,
+}
+
+impl<'db> ResolverState<'db> {
+    pub(crate) fn new(db: &'db dyn Db, target_version: TargetVersion) -> Self {
+        Self {
+            db,
+            typeshed_versions: LazyTypeshedVersions::new(),
+            target_version,
+        }
+    }
+
+    pub(crate) fn system(&self) -> &dyn System {
+        self.db.system()
+    }
+
+    pub(crate) fn vendored(&self) -> &VendoredFileSystem {
+        self.db.vendored()
+    }
+}
--- a/crates/red_knot_module_resolver/src/testing.rs
+++ b/crates/red_knot_module_resolver/src/testing.rs
@@ -0,0 +1,289 @@
+use ruff_db::program::{Program, SearchPathSettings, TargetVersion};
+use ruff_db::system::{DbWithTestSystem, SystemPath, SystemPathBuf};
+use ruff_db::vendored::VendoredPathBuf;
+
+use crate::db::tests::TestDb;
+
+/// A test case for the module resolver.
+///
+/// You generally shouldn't construct instances of this struct directly;
+/// instead, use the [`TestCaseBuilder`].
+pub(crate) struct TestCase<T> {
+    pub(crate) db: TestDb,
+    pub(crate) src: SystemPathBuf,
+    pub(crate) stdlib: T,
+    pub(crate) site_packages: SystemPathBuf,
+    pub(crate) target_version: TargetVersion,
+}
+
+/// A `(file_name, file_contents)` tuple
+pub(crate) type FileSpec = (&'static str, &'static str);
+
+/// Specification for a typeshed mock to be created as part of a test
+#[derive(Debug, Clone, Copy, Default)]
+pub(crate) struct MockedTypeshed {
+    /// The stdlib files to be created in the typeshed mock
+    pub(crate) stdlib_files: &'static [FileSpec],
+
+    /// The contents of the `stdlib/VERSIONS` file
+    /// to be created in the typeshed mock
+    pub(crate) versions: &'static str,
+}
+
+#[derive(Debug)]
+pub(crate) struct VendoredTypeshed;
+
+#[derive(Debug)]
+pub(crate) struct UnspecifiedTypeshed;
+
+/// A builder for a module-resolver test case.
+///
+/// The builder takes care of creating a [`TestDb`]
+/// instance, applying the module resolver settings,
+/// and creating mock directories for the stdlib, `site-packages`,
+/// first-party code, etc.
+///
+/// For simple tests that do not involve typeshed,
+/// test cases can be created as follows:
+///
+/// ```rs
+/// let test_case = TestCaseBuilder::new()
+///     .with_src_files(...)
+///     .build();
+///
+/// let test_case2 = TestCaseBuilder::new()
+///     .with_site_packages_files(...)
+///     .build();
+/// ```
+///
+/// Any tests can specify the target Python version that should be used
+/// in the module resolver settings:
+///
+/// ```rs
+/// let test_case = TestCaseBuilder::new()
+///     .with_src_files(...)
+///     .with_target_version(...)
+///     .build();
+/// ```
+///
+/// For tests checking that standard-library module resolution is working
+/// correctly, you should usually create a [`MockedTypeshed`] instance
+/// and pass it to the [`TestCaseBuilder::with_custom_typeshed`] method.
+/// If you need to check something that involves the vendored typeshed stubs
+/// we include as part of the binary, you can instead use the
+/// [`TestCaseBuilder::with_vendored_typeshed`] method.
+/// For either of these, you should almost always try to be explicit
+/// about the Python version you want to be specified in the module-resolver
+/// settings for the test:
+///
+/// ```rs
+/// const TYPESHED = MockedTypeshed { ... };
+///
+/// let test_case = resolver_test_case()
+///     .with_custom_typeshed(TYPESHED)
+///     .with_target_version(...)
+///     .build();
+///
+/// let test_case2 = resolver_test_case()
+///     .with_vendored_typeshed()
+///     .with_target_version(...)
+///     .build();
+/// ```
+///
+/// If you have not called one of those options, the `stdlib` field
+/// on the [`TestCase`] instance created from `.build()` will be set
+/// to `()`.
+pub(crate) struct TestCaseBuilder<T> {
+    typeshed_option: T,
+    target_version: TargetVersion,
+    first_party_files: Vec<FileSpec>,
+    site_packages_files: Vec<FileSpec>,
+}
+
+impl<T> TestCaseBuilder<T> {
+    /// Specify files to be created in the `src` mock directory
+    pub(crate) fn with_src_files(mut self, files: &[FileSpec]) -> Self {
+        self.first_party_files.extend(files.iter().copied());
+        self
+    }
+
+    /// Specify files to be created in the `site-packages` mock directory
+    pub(crate) fn with_site_packages_files(mut self, files: &[FileSpec]) -> Self {
+        self.site_packages_files.extend(files.iter().copied());
+        self
+    }
+
+    /// Specify the target Python version the module resolver should assume
+    pub(crate) fn with_target_version(mut self, target_version: TargetVersion) -> Self {
+        self.target_version = target_version;
+        self
+    }
+
+    fn write_mock_directory(
+        db: &mut TestDb,
+        location: impl AsRef<SystemPath>,
+        files: impl IntoIterator<Item = FileSpec>,
+    ) -> SystemPathBuf {
+        let root = location.as_ref().to_path_buf();
+        db.write_files(
+            files
+                .into_iter()
+                .map(|(relative_path, contents)| (root.join(relative_path), contents)),
+        )
+        .unwrap();
+        root
+    }
+}
+
+impl TestCaseBuilder<UnspecifiedTypeshed> {
+    pub(crate) fn new() -> TestCaseBuilder<UnspecifiedTypeshed> {
+        Self {
+            typeshed_option: UnspecifiedTypeshed,
+            target_version: TargetVersion::default(),
+            first_party_files: vec![],
+            site_packages_files: vec![],
+        }
+    }
+
+    /// Use the vendored stdlib stubs included in the Ruff binary for this test case
+    pub(crate) fn with_vendored_typeshed(self) -> TestCaseBuilder<VendoredTypeshed> {
+        let TestCaseBuilder {
+            typeshed_option: _,
+            target_version,
+            first_party_files,
+            site_packages_files,
+        } = self;
+        TestCaseBuilder {
+            typeshed_option: VendoredTypeshed,
+            target_version,
+            first_party_files,
+            site_packages_files,
+        }
+    }
+
+    /// Use a mock typeshed directory for this test case
+    pub(crate) fn with_custom_typeshed(
+        self,
+        typeshed: MockedTypeshed,
+    ) -> TestCaseBuilder<MockedTypeshed> {
+        let TestCaseBuilder {
+            typeshed_option: _,
+            target_version,
+            first_party_files,
+            site_packages_files,
+        } = self;
+        TestCaseBuilder {
+            typeshed_option: typeshed,
+            target_version,
+            first_party_files,
+            site_packages_files,
+        }
+    }
+
+    pub(crate) fn build(self) -> TestCase<()> {
+        let TestCase {
+            db,
+            src,
+            stdlib: _,
+            site_packages,
+            target_version,
+        } = self.with_custom_typeshed(MockedTypeshed::default()).build();
+        TestCase {
+            db,
+            src,
+            stdlib: (),
+            site_packages,
+            target_version,
+        }
+    }
+}
+
+impl TestCaseBuilder<MockedTypeshed> {
+    pub(crate) fn build(self) -> TestCase<SystemPathBuf> {
+        let TestCaseBuilder {
+            typeshed_option,
+            target_version,
+            first_party_files,
+            site_packages_files,
+        } = self;
+
+        let mut db = TestDb::new();
+
+        let site_packages =
+            Self::write_mock_directory(&mut db, "/site-packages", site_packages_files);
+        let src = Self::write_mock_directory(&mut db, "/src", first_party_files);
+        let typeshed = Self::build_typeshed_mock(&mut db, &typeshed_option);
+
+        Program::new(
+            &db,
+            target_version,
+            SearchPathSettings {
+                extra_paths: vec![],
+                workspace_root: src.clone(),
+                custom_typeshed: Some(typeshed.clone()),
+                site_packages: Some(site_packages.clone()),
+            },
+        );
+
+        TestCase {
+            db,
+            src,
+            stdlib: typeshed.join("stdlib"),
+            site_packages,
+            target_version,
+        }
+    }
+
+    fn build_typeshed_mock(db: &mut TestDb, typeshed_to_build: &MockedTypeshed) -> SystemPathBuf {
+        let typeshed = SystemPathBuf::from("/typeshed");
+        let MockedTypeshed {
+            stdlib_files,
+            versions,
+        } = typeshed_to_build;
+        Self::write_mock_directory(
+            db,
+            typeshed.join("stdlib"),
+            stdlib_files
+                .iter()
+                .copied()
+                .chain(std::iter::once(("VERSIONS", *versions))),
+        );
+        typeshed
+    }
+}
+
+impl TestCaseBuilder<VendoredTypeshed> {
+    pub(crate) fn build(self) -> TestCase<VendoredPathBuf> {
+        let TestCaseBuilder {
+            typeshed_option: VendoredTypeshed,
+            target_version,
+            first_party_files,
+            site_packages_files,
+        } = self;
+
+        let mut db = TestDb::new();
+
+        let site_packages =
+            Self::write_mock_directory(&mut db, "/site-packages", site_packages_files);
+        let src = Self::write_mock_directory(&mut db, "/src", first_party_files);
+
+        Program::new(
+            &db,
+            target_version,
+            SearchPathSettings {
+                extra_paths: vec![],
+                workspace_root: src.clone(),
+                custom_typeshed: None,
+                site_packages: Some(site_packages.clone()),
+            },
+        );
+
+        TestCase {
+            db,
+            src,
+            stdlib: VendoredPathBuf::from("stdlib"),
+            site_packages,
+            target_version,
+        }
+    }
+}
--- a/crates/red_knot_module_resolver/src/typeshed.rs
+++ b/crates/red_knot_module_resolver/src/typeshed.rs
@@ -0,0 +1,8 @@
+pub use self::vendored::vendored_typeshed_stubs;
+pub(crate) use self::versions::{
+    parse_typeshed_versions, LazyTypeshedVersions, TypeshedVersionsQueryResult,
+};
+pub use self::versions::{TypeshedVersionsParseError, TypeshedVersionsParseErrorKind};
+
+mod vendored;
+mod versions;
--- a/crates/red_knot_module_resolver/src/typeshed/vendored.rs
+++ b/crates/red_knot_module_resolver/src/typeshed/vendored.rs
@@ -0,0 +1,99 @@
+use once_cell::sync::Lazy;
+
+use ruff_db::vendored::VendoredFileSystem;
+
+// The file path here is hardcoded in this crate's `build.rs` script.
+// Luckily this crate will fail to build if this file isn't available at build time.
+static TYPESHED_ZIP_BYTES: &[u8] = include_bytes!(concat!(env!("OUT_DIR"), "/zipped_typeshed.zip"));
+
+pub fn vendored_typeshed_stubs() -> &'static VendoredFileSystem {
+    static VENDORED_TYPESHED_STUBS: Lazy<VendoredFileSystem> =
+        Lazy::new(|| VendoredFileSystem::new_static(TYPESHED_ZIP_BYTES).unwrap());
+    &VENDORED_TYPESHED_STUBS
+}
+
+#[cfg(test)]
+mod tests {
+    use std::io::{self, Read};
+    use std::path::Path;
+
+    use ruff_db::vendored::VendoredPath;
+
+    use super::*;
+
+    #[test]
+    fn typeshed_zip_created_at_build_time() {
+        let mut typeshed_zip_archive =
+            zip::ZipArchive::new(io::Cursor::new(TYPESHED_ZIP_BYTES)).unwrap();
+
+        let mut functools_module_stub = typeshed_zip_archive
+            .by_name("stdlib/functools.pyi")
+            .unwrap();
+        assert!(functools_module_stub.is_file());
+
+        let mut functools_module_stub_source = String::new();
+        functools_module_stub
+            .read_to_string(&mut functools_module_stub_source)
+            .unwrap();
+
+        assert!(functools_module_stub_source.contains("def update_wrapper("));
+    }
+
+    #[test]
+    fn typeshed_vfs_consistent_with_vendored_stubs() {
+        let vendored_typeshed_dir = Path::new("vendor/typeshed").canonicalize().unwrap();
+        let vendored_typeshed_stubs = vendored_typeshed_stubs();
+
+        let mut empty_iterator = true;
+        for entry in walkdir::WalkDir::new(&vendored_typeshed_dir).min_depth(1) {
+            empty_iterator = false;
+            let entry = entry.unwrap();
+            let absolute_path = entry.path();
+            let file_type = entry.file_type();
+
+            let relative_path = absolute_path
+                .strip_prefix(&vendored_typeshed_dir)
+                .unwrap_or_else(|_| {
+                    panic!("Expected {absolute_path:?} to be a child of {vendored_typeshed_dir:?}")
+                });
+
+            let vendored_path = <&VendoredPath>::try_from(relative_path)
+                .unwrap_or_else(|_| panic!("Expected {relative_path:?} to be valid UTF-8"));
+
+            assert!(
+                vendored_typeshed_stubs.exists(vendored_path),
+                "Expected {vendored_path:?} to exist in the `VendoredFileSystem`!
+
+                Vendored file system:
+
+                {vendored_typeshed_stubs:#?}
+                "
+            );
+
+            let vendored_path_kind = vendored_typeshed_stubs
+                .metadata(vendored_path)
+                .unwrap_or_else(|_| {
+                    panic!(
+                        "Expected metadata for {vendored_path:?} to be retrievable from the `VendoredFileSystem!
+
+                        Vendored file system:
+
+                        {vendored_typeshed_stubs:#?}
+                        "
+                    )
+                })
+                .kind();
+
+            assert_eq!(
+                vendored_path_kind.is_directory(),
+                file_type.is_dir(),
+                "{vendored_path:?} had type {vendored_path_kind:?}, inconsistent with fs path {relative_path:?}: {file_type:?}"
+            );
+        }
+
+        assert!(
+            !empty_iterator,
+            "Expected there to be at least one file or directory in the vendored typeshed stubs!"
+        );
+    }
+}
--- a/crates/red_knot_module_resolver/src/typeshed/versions.rs
+++ b/crates/red_knot_module_resolver/src/typeshed/versions.rs
@@ -0,0 +1,817 @@
+use std::cell::OnceCell;
+use std::collections::BTreeMap;
+use std::fmt;
+use std::num::{NonZeroU16, NonZeroUsize};
+use std::ops::{RangeFrom, RangeInclusive};
+use std::str::FromStr;
+
+use once_cell::sync::Lazy;
+use ruff_db::program::TargetVersion;
+use ruff_db::system::SystemPath;
+use rustc_hash::FxHashMap;
+
+use ruff_db::files::{system_path_to_file, File};
+
+use crate::db::Db;
+use crate::module_name::ModuleName;
+
+use super::vendored::vendored_typeshed_stubs;
+
+#[derive(Debug)]
+pub(crate) struct LazyTypeshedVersions<'db>(OnceCell<&'db TypeshedVersions>);
+
+impl<'db> LazyTypeshedVersions<'db> {
+    #[must_use]
+    pub(crate) fn new() -> Self {
+        Self(OnceCell::new())
+    }
+
+    /// Query whether a module exists at runtime in the stdlib on a certain Python version.
+    ///
+    /// Simply probing whether a file exists in typeshed is insufficient for this question,
+    /// as a module in the stdlib may have been added in Python 3.10, but the typeshed stub
+    /// will still be available (either in a custom typeshed dir or in our vendored copy)
+    /// even if the user specified Python 3.8 as the target version.
+    ///
+    /// For top-level modules and packages, the VERSIONS file can always provide an unambiguous answer
+    /// as to whether the module exists on the specified target version. However, VERSIONS does not
+    /// provide comprehensive information on all submodules, meaning that this method sometimes
+    /// returns [`TypeshedVersionsQueryResult::MaybeExists`].
+    /// See [`TypeshedVersionsQueryResult`] for more details.
+    #[must_use]
+    pub(crate) fn query_module(
+        &self,
+        db: &'db dyn Db,
+        module: &ModuleName,
+        stdlib_root: Option<&SystemPath>,
+        target_version: TargetVersion,
+    ) -> TypeshedVersionsQueryResult {
+        let versions = self.0.get_or_init(|| {
+            let versions_path = if let Some(system_path) = stdlib_root {
+                system_path.join("VERSIONS")
+            } else {
+                return &VENDORED_VERSIONS;
+            };
+            let Some(versions_file) = system_path_to_file(db.upcast(), &versions_path) else {
+                todo!(
+                    "Still need to figure out how to handle VERSIONS files being deleted \
+                    from custom typeshed directories! Expected a file to exist at {versions_path}"
+                )
+            };
+            // TODO(Alex/Micha): If VERSIONS is invalid,
+            // this should invalidate not just the specific module resolution we're currently attempting,
+            // but all type inference that depends on any standard-library types.
+            // Unwrapping here is not correct...
+            parse_typeshed_versions(db, versions_file).as_ref().unwrap()
+        });
+        versions.query_module(module, PyVersion::from(target_version))
+    }
+}
+
+#[salsa::tracked(return_ref)]
+pub(crate) fn parse_typeshed_versions(
+    db: &dyn Db,
+    versions_file: File,
+) -> Result<TypeshedVersions, TypeshedVersionsParseError> {
+    // TODO: Handle IO errors
+    let file_content = versions_file
+        .read_to_string(db.upcast())
+        .unwrap_or_default();
+    file_content.parse()
+}
+
+static VENDORED_VERSIONS: Lazy<TypeshedVersions> = Lazy::new(|| {
+    TypeshedVersions::from_str(
+        &vendored_typeshed_stubs()
+            .read_to_string("stdlib/VERSIONS")
+            .unwrap(),
+    )
+    .unwrap()
+});
+
+#[derive(Debug, PartialEq, Eq, Clone)]
+pub struct TypeshedVersionsParseError {
+    line_number: Option<NonZeroU16>,
+    reason: TypeshedVersionsParseErrorKind,
+}
+
+impl fmt::Display for TypeshedVersionsParseError {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        let TypeshedVersionsParseError {
+            line_number,
+            reason,
+        } = self;
+        if let Some(line_number) = line_number {
+            write!(
+                f,
+                "Error while parsing line {line_number} of typeshed's VERSIONS file: {reason}"
+            )
+        } else {
+            write!(f, "Error while parsing typeshed's VERSIONS file: {reason}")
+        }
+    }
+}
+
+impl std::error::Error for TypeshedVersionsParseError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
+        if let TypeshedVersionsParseErrorKind::IntegerParsingFailure { err, .. } = &self.reason {
+            Some(err)
+        } else {
+            None
+        }
+    }
+}
+
+#[derive(Debug, PartialEq, Eq, Clone)]
+pub enum TypeshedVersionsParseErrorKind {
+    TooManyLines(NonZeroUsize),
+    UnexpectedNumberOfColons,
+    InvalidModuleName(String),
+    UnexpectedNumberOfHyphens,
+    UnexpectedNumberOfPeriods(String),
+    IntegerParsingFailure {
+        version: String,
+        err: std::num::ParseIntError,
+    },
+}
+
+impl fmt::Display for TypeshedVersionsParseErrorKind {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        match self {
+            Self::TooManyLines(num_lines) => write!(
+                f,
+                "File has too many lines ({num_lines}); maximum allowed is {}",
+                NonZeroU16::MAX
+            ),
+            Self::UnexpectedNumberOfColons => {
+                f.write_str("Expected every non-comment line to have exactly one colon")
+            }
+            Self::InvalidModuleName(name) => write!(
+                f,
+                "Expected all components of '{name}' to be valid Python identifiers"
+            ),
+            Self::UnexpectedNumberOfHyphens => {
+                f.write_str("Expected every non-comment line to have exactly one '-' character")
+            }
+            Self::UnexpectedNumberOfPeriods(format) => write!(
+                f,
+                "Expected all versions to be in the form {{MAJOR}}.{{MINOR}}; got '{format}'"
+            ),
+            Self::IntegerParsingFailure { version, err } => write!(
+                f,
+                "Failed to convert '{version}' to a pair of integers due to {err}",
+            ),
+        }
+    }
+}
+
+#[derive(Debug, PartialEq, Eq)]
+pub(crate) struct TypeshedVersions(FxHashMap<ModuleName, PyVersionRange>);
+
+impl TypeshedVersions {
+    #[must_use]
+    fn exact(&self, module_name: &ModuleName) -> Option<&PyVersionRange> {
+        self.0.get(module_name)
+    }
+
+    #[must_use]
+    fn query_module(
+        &self,
+        module: &ModuleName,
+        target_version: PyVersion,
+    ) -> TypeshedVersionsQueryResult {
+        if let Some(range) = self.exact(module) {
+            if range.contains(target_version) {
+                TypeshedVersionsQueryResult::Exists
+            } else {
+                TypeshedVersionsQueryResult::DoesNotExist
+            }
+        } else {
+            let mut module = module.parent();
+            while let Some(module_to_try) = module {
+                if let Some(range) = self.exact(&module_to_try) {
+                    return {
+                        if range.contains(target_version) {
+                            TypeshedVersionsQueryResult::MaybeExists
+                        } else {
+                            TypeshedVersionsQueryResult::DoesNotExist
+                        }
+                    };
+                }
+                module = module_to_try.parent();
+            }
+            TypeshedVersionsQueryResult::DoesNotExist
+        }
+    }
+}
+
+/// Possible answers [`LazyTypeshedVersions::query_module()`] could give to the question:
+/// "Does this module exist in the stdlib at runtime on a certain target version?"
+#[derive(Debug, Copy, PartialEq, Eq, Clone, Hash)]
+pub(crate) enum TypeshedVersionsQueryResult {
+    /// The module definitely exists in the stdlib at runtime on the user-specified target version.
+    ///
+    /// For example:
+    /// - The target version is Python 3.8
+    /// - We're querying whether the `asyncio.tasks` module exists in the stdlib
+    /// - The VERSIONS file contains the line `asyncio.tasks: 3.8-`
+    Exists,
+
+    /// The module definitely does not exist in the stdlib on the user-specified target version.
+    ///
+    /// For example:
+    /// - We're querying whether the `foo` module exists in the stdlib
+    /// - There is no top-level `foo` module in VERSIONS
+    ///
+    /// OR:
+    /// - The target version is Python 3.8
+    /// - We're querying whether the module `importlib.abc` exists in the stdlib
+    /// - The VERSIONS file contains the line `importlib.abc: 3.10-`,
+    ///   indicating that the module was added in 3.10
+    ///
+    /// OR:
+    /// - The target version is Python 3.8
+    /// - We're querying whether the module `collections.abc` exists in the stdlib
+    /// - The VERSIONS file does not contain any information about the `collections.abc` submodule,
+    ///   but *does* contain the line `collections: 3.10-`,
+    ///   indicating that the entire `collections` package was added in Python 3.10.
+    DoesNotExist,
+
+    /// The module potentially exists in the stdlib and, if it does,
+    /// it definitely exists on the user-specified target version.
+    ///
+    /// This variant is only relevant for submodules,
+    /// for which the typeshed VERSIONS file does not provide comprehensive information.
+    /// (The VERSIONS file is guaranteed to provide information about all top-level stdlib modules and packages,
+    /// but not necessarily about all submodules within each top-level package.)
+    ///
+    /// For example:
+    /// - The target version is Python 3.8
+    /// - We're querying whether the `asyncio.staggered` module exists in the stdlib
+    /// - The typeshed VERSIONS file contains the line `asyncio: 3.8`,
+    ///   indicating that the `asyncio` package was added in Python 3.8,
+    ///   but does not contain any explicit information about the `asyncio.staggered` submodule.
+    MaybeExists,
+}
+
+impl FromStr for TypeshedVersions {
+    type Err = TypeshedVersionsParseError;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        let mut map = FxHashMap::default();
+
+        for (line_index, line) in s.lines().enumerate() {
+            // humans expect line numbers to be 1-indexed
+            let line_number = NonZeroUsize::new(line_index.saturating_add(1)).unwrap();
+
+            let Ok(line_number) = NonZeroU16::try_from(line_number) else {
+                return Err(TypeshedVersionsParseError {
+                    line_number: None,
+                    reason: TypeshedVersionsParseErrorKind::TooManyLines(line_number),
+                });
+            };
+
+            let Some(content) = line.split('#').map(str::trim).next() else {
+                continue;
+            };
+            if content.is_empty() {
+                continue;
+            }
+
+            let mut parts = content.split(':').map(str::trim);
+            let (Some(module_name), Some(rest), None) = (parts.next(), parts.next(), parts.next())
+            else {
+                return Err(TypeshedVersionsParseError {
+                    line_number: Some(line_number),
+                    reason: TypeshedVersionsParseErrorKind::UnexpectedNumberOfColons,
+                });
+            };
+
+            let Some(module_name) = ModuleName::new(module_name) else {
+                return Err(TypeshedVersionsParseError {
+                    line_number: Some(line_number),
+                    reason: TypeshedVersionsParseErrorKind::InvalidModuleName(
+                        module_name.to_string(),
+                    ),
+                });
+            };
+
+            match PyVersionRange::from_str(rest) {
+                Ok(version) => map.insert(module_name, version),
+                Err(reason) => {
+                    return Err(TypeshedVersionsParseError {
+                        line_number: Some(line_number),
+                        reason,
+                    })
+                }
+            };
+        }
+
+        Ok(Self(map))
+    }
+}
+
+impl fmt::Display for TypeshedVersions {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        let sorted_items: BTreeMap<&ModuleName, &PyVersionRange> = self.0.iter().collect();
+        for (module_name, range) in sorted_items {
+            writeln!(f, "{module_name}: {range}")?;
+        }
+        Ok(())
+    }
+}
+
+#[derive(Debug, Clone, Eq, PartialEq, Hash)]
+enum PyVersionRange {
+    AvailableFrom(RangeFrom<PyVersion>),
+    AvailableWithin(RangeInclusive<PyVersion>),
+}
+
+impl PyVersionRange {
+    #[must_use]
+    fn contains(&self, version: PyVersion) -> bool {
+        match self {
+            Self::AvailableFrom(inner) => inner.contains(&version),
+            Self::AvailableWithin(inner) => inner.contains(&version),
+        }
+    }
+}
+
+impl FromStr for PyVersionRange {
+    type Err = TypeshedVersionsParseErrorKind;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        let mut parts = s.split('-').map(str::trim);
+        match (parts.next(), parts.next(), parts.next()) {
+            (Some(lower), Some(""), None) => Ok(Self::AvailableFrom((lower.parse()?)..)),
+            (Some(lower), Some(upper), None) => {
+                Ok(Self::AvailableWithin((lower.parse()?)..=(upper.parse()?)))
+            }
+            _ => Err(TypeshedVersionsParseErrorKind::UnexpectedNumberOfHyphens),
+        }
+    }
+}
+
+impl fmt::Display for PyVersionRange {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        match self {
+            Self::AvailableFrom(range_from) => write!(f, "{}-", range_from.start),
+            Self::AvailableWithin(range_inclusive) => {
+                write!(f, "{}-{}", range_inclusive.start(), range_inclusive.end())
+            }
+        }
+    }
+}
+
+#[derive(Debug, Clone, Copy, Eq, PartialEq, Ord, PartialOrd, Hash)]
+struct PyVersion {
+    major: u8,
+    minor: u8,
+}
+
+impl FromStr for PyVersion {
+    type Err = TypeshedVersionsParseErrorKind;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        let mut parts = s.split('.').map(str::trim);
+        let (Some(major), Some(minor), None) = (parts.next(), parts.next(), parts.next()) else {
+            return Err(TypeshedVersionsParseErrorKind::UnexpectedNumberOfPeriods(
+                s.to_string(),
+            ));
+        };
+        let major = match u8::from_str(major) {
+            Ok(major) => major,
+            Err(err) => {
+                return Err(TypeshedVersionsParseErrorKind::IntegerParsingFailure {
+                    version: s.to_string(),
+                    err,
+                })
+            }
+        };
+        let minor = match u8::from_str(minor) {
+            Ok(minor) => minor,
+            Err(err) => {
+                return Err(TypeshedVersionsParseErrorKind::IntegerParsingFailure {
+                    version: s.to_string(),
+                    err,
+                })
+            }
+        };
+        Ok(Self { major, minor })
+    }
+}
+
+impl fmt::Display for PyVersion {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        let PyVersion { major, minor } = self;
+        write!(f, "{major}.{minor}")
+    }
+}
+
+impl From<TargetVersion> for PyVersion {
+    fn from(value: TargetVersion) -> Self {
+        match value {
+            TargetVersion::Py37 => PyVersion { major: 3, minor: 7 },
+            TargetVersion::Py38 => PyVersion { major: 3, minor: 8 },
+            TargetVersion::Py39 => PyVersion { major: 3, minor: 9 },
+            TargetVersion::Py310 => PyVersion {
+                major: 3,
+                minor: 10,
+            },
+            TargetVersion::Py311 => PyVersion {
+                major: 3,
+                minor: 11,
+            },
+            TargetVersion::Py312 => PyVersion {
+                major: 3,
+                minor: 12,
+            },
+            TargetVersion::Py313 => PyVersion {
+                major: 3,
+                minor: 13,
+            },
+        }
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use std::num::{IntErrorKind, NonZeroU16};
+    use std::path::Path;
+
+    use insta::assert_snapshot;
+    use ruff_db::program::TargetVersion;
+
+    use super::*;
+
+    const TYPESHED_STDLIB_DIR: &str = "stdlib";
+
+    #[allow(unsafe_code)]
+    const ONE: Option<NonZeroU16> = Some(unsafe { NonZeroU16::new_unchecked(1) });
+
+    impl TypeshedVersions {
+        #[must_use]
+        fn contains_exact(&self, module: &ModuleName) -> bool {
+            self.exact(module).is_some()
+        }
+
+        #[must_use]
+        fn len(&self) -> usize {
+            self.0.len()
+        }
+    }
+
+    #[test]
+    fn can_parse_vendored_versions_file() {
+        let versions_data = include_str!(concat!(
+            env!("CARGO_MANIFEST_DIR"),
+            "/vendor/typeshed/stdlib/VERSIONS"
+        ));
+
+        let versions = TypeshedVersions::from_str(versions_data).unwrap();
+        assert!(versions.len() > 100);
+        assert!(versions.len() < 1000);
+
+        let asyncio = ModuleName::new_static("asyncio").unwrap();
+        let asyncio_staggered = ModuleName::new_static("asyncio.staggered").unwrap();
+        let audioop = ModuleName::new_static("audioop").unwrap();
+
+        assert!(versions.contains_exact(&asyncio));
+        assert_eq!(
+            versions.query_module(&asyncio, TargetVersion::Py310.into()),
+            TypeshedVersionsQueryResult::Exists
+        );
+
+        assert!(versions.contains_exact(&asyncio_staggered));
+        assert_eq!(
+            versions.query_module(&asyncio_staggered, TargetVersion::Py38.into()),
+            TypeshedVersionsQueryResult::Exists
+        );
+        assert_eq!(
+            versions.query_module(&asyncio_staggered, TargetVersion::Py37.into()),
+            TypeshedVersionsQueryResult::DoesNotExist
+        );
+
+        assert!(versions.contains_exact(&audioop));
+        assert_eq!(
+            versions.query_module(&audioop, TargetVersion::Py312.into()),
+            TypeshedVersionsQueryResult::Exists
+        );
+        assert_eq!(
+            versions.query_module(&audioop, TargetVersion::Py313.into()),
+            TypeshedVersionsQueryResult::DoesNotExist
+        );
+    }
+
+    #[test]
+    fn typeshed_versions_consistent_with_vendored_stubs() {
+        const VERSIONS_DATA: &str = include_str!("../../vendor/typeshed/stdlib/VERSIONS");
+        let vendored_typeshed_dir = Path::new("vendor/typeshed").canonicalize().unwrap();
+        let vendored_typeshed_versions = TypeshedVersions::from_str(VERSIONS_DATA).unwrap();
+
+        let mut empty_iterator = true;
+
+        let stdlib_stubs_path = vendored_typeshed_dir.join(TYPESHED_STDLIB_DIR);
+
+        for entry in std::fs::read_dir(&stdlib_stubs_path).unwrap() {
+            empty_iterator = false;
+            let entry = entry.unwrap();
+            let absolute_path = entry.path();
+
+            let relative_path = absolute_path
+                .strip_prefix(&stdlib_stubs_path)
+                .unwrap_or_else(|_| panic!("Expected path to be a child of {stdlib_stubs_path:?} but found {absolute_path:?}"));
+
+            let relative_path_str = relative_path.as_os_str().to_str().unwrap_or_else(|| {
+                panic!("Expected all typeshed paths to be valid UTF-8; got {relative_path:?}")
+            });
+            if relative_path_str == "VERSIONS" {
+                continue;
+            }
+
+            let top_level_module = if let Some(extension) = relative_path.extension() {
+                // It was a file; strip off the file extension to get the module name:
+                let extension = extension
+                    .to_str()
+                    .unwrap_or_else(||panic!("Expected all file extensions to be UTF-8; was not true for {relative_path:?}"));
+
+                relative_path_str
+                    .strip_suffix(extension)
+                    .and_then(|string| string.strip_suffix('.')).unwrap_or_else(|| {
+                        panic!("Expected path {relative_path_str:?} to end with computed extension {extension:?}")
+                })
+            } else {
+                // It was a directory; no need to do anything to get the module name
+                relative_path_str
+            };
+
+            let top_level_module = ModuleName::new(top_level_module)
+                .unwrap_or_else(|| panic!("{top_level_module:?} was not a valid module name!"));
+
+            assert!(vendored_typeshed_versions.contains_exact(&top_level_module));
+        }
+
+        assert!(
+            !empty_iterator,
+            "Expected there to be at least one file or directory in the vendored typeshed stubs"
+        );
+    }
+
+    #[test]
+    fn can_parse_mock_versions_file() {
+        const VERSIONS: &str = "\
+# a comment
+    # some more comment
+# yet more comment
+
+
+# and some more comment
+
+bar: 2.7-3.10
+
+# more comment
+bar.baz: 3.1-3.9
+foo: 3.8-   # trailing comment
+";
+        let parsed_versions = TypeshedVersions::from_str(VERSIONS).unwrap();
+        assert_eq!(parsed_versions.len(), 3);
+        assert_snapshot!(parsed_versions.to_string(), @r###"
+        bar: 2.7-3.10
+        bar.baz: 3.1-3.9
+        foo: 3.8-
+        "###
+        );
+    }
+
+    #[test]
+    fn version_within_range_parsed_correctly() {
+        let parsed_versions = TypeshedVersions::from_str("bar: 2.7-3.10").unwrap();
+        let bar = ModuleName::new_static("bar").unwrap();
+
+        assert!(parsed_versions.contains_exact(&bar));
+        assert_eq!(
+            parsed_versions.query_module(&bar, TargetVersion::Py37.into()),
+            TypeshedVersionsQueryResult::Exists
+        );
+        assert_eq!(
+            parsed_versions.query_module(&bar, TargetVersion::Py310.into()),
+            TypeshedVersionsQueryResult::Exists
+        );
+        assert_eq!(
+            parsed_versions.query_module(&bar, TargetVersion::Py311.into()),
+            TypeshedVersionsQueryResult::DoesNotExist
+        );
+    }
+
+    #[test]
+    fn version_from_range_parsed_correctly() {
+        let parsed_versions = TypeshedVersions::from_str("foo: 3.8-").unwrap();
+        let foo = ModuleName::new_static("foo").unwrap();
+
+        assert!(parsed_versions.contains_exact(&foo));
+        assert_eq!(
+            parsed_versions.query_module(&foo, TargetVersion::Py37.into()),
+            TypeshedVersionsQueryResult::DoesNotExist
+        );
+        assert_eq!(
+            parsed_versions.query_module(&foo, TargetVersion::Py38.into()),
+            TypeshedVersionsQueryResult::Exists
+        );
+        assert_eq!(
+            parsed_versions.query_module(&foo, TargetVersion::Py311.into()),
+            TypeshedVersionsQueryResult::Exists
+        );
+    }
+
+    #[test]
+    fn explicit_submodule_parsed_correctly() {
+        let parsed_versions = TypeshedVersions::from_str("bar.baz: 3.1-3.9").unwrap();
+        let bar_baz = ModuleName::new_static("bar.baz").unwrap();
+
+        assert!(parsed_versions.contains_exact(&bar_baz));
+        assert_eq!(
+            parsed_versions.query_module(&bar_baz, TargetVersion::Py37.into()),
+            TypeshedVersionsQueryResult::Exists
+        );
+        assert_eq!(
+            parsed_versions.query_module(&bar_baz, TargetVersion::Py39.into()),
+            TypeshedVersionsQueryResult::Exists
+        );
+        assert_eq!(
+            parsed_versions.query_module(&bar_baz, TargetVersion::Py310.into()),
+            TypeshedVersionsQueryResult::DoesNotExist
+        );
+    }
+
+    #[test]
+    fn implicit_submodule_queried_correctly() {
+        let parsed_versions = TypeshedVersions::from_str("bar: 2.7-3.10").unwrap();
+        let bar_eggs = ModuleName::new_static("bar.eggs").unwrap();
+
+        assert!(!parsed_versions.contains_exact(&bar_eggs));
+        assert_eq!(
+            parsed_versions.query_module(&bar_eggs, TargetVersion::Py37.into()),
+            TypeshedVersionsQueryResult::MaybeExists
+        );
+        assert_eq!(
+            parsed_versions.query_module(&bar_eggs, TargetVersion::Py310.into()),
+            TypeshedVersionsQueryResult::MaybeExists
+        );
+        assert_eq!(
+            parsed_versions.query_module(&bar_eggs, TargetVersion::Py311.into()),
+            TypeshedVersionsQueryResult::DoesNotExist
+        );
+    }
+
+    #[test]
+    fn nonexistent_module_queried_correctly() {
+        let parsed_versions = TypeshedVersions::from_str("eggs: 3.8-").unwrap();
+        let spam = ModuleName::new_static("spam").unwrap();
+
+        assert!(!parsed_versions.contains_exact(&spam));
+        assert_eq!(
+            parsed_versions.query_module(&spam, TargetVersion::Py37.into()),
+            TypeshedVersionsQueryResult::DoesNotExist
+        );
+        assert_eq!(
+            parsed_versions.query_module(&spam, TargetVersion::Py313.into()),
+            TypeshedVersionsQueryResult::DoesNotExist
+        );
+    }
+
+    #[test]
+    fn invalid_huge_versions_file() {
+        let offset = 100;
+        let too_many = u16::MAX as usize + offset;
+
+        let mut massive_versions_file = String::new();
+        for i in 0..too_many {
+            massive_versions_file.push_str(&format!("x{i}: 3.8-\n"));
+        }
+
+        assert_eq!(
+            TypeshedVersions::from_str(&massive_versions_file),
+            Err(TypeshedVersionsParseError {
+                line_number: None,
+                reason: TypeshedVersionsParseErrorKind::TooManyLines(
+                    NonZeroUsize::new(too_many + 1 - offset).unwrap()
+                )
+            })
+        );
+    }
+
+    #[test]
+    fn invalid_typeshed_versions_bad_colon_number() {
+        assert_eq!(
+            TypeshedVersions::from_str("foo 3.7"),
+            Err(TypeshedVersionsParseError {
+                line_number: ONE,
+                reason: TypeshedVersionsParseErrorKind::UnexpectedNumberOfColons
+            })
+        );
+        assert_eq!(
+            TypeshedVersions::from_str("foo:: 3.7"),
+            Err(TypeshedVersionsParseError {
+                line_number: ONE,
+                reason: TypeshedVersionsParseErrorKind::UnexpectedNumberOfColons
+            })
+        );
+    }
+
+    #[test]
+    fn invalid_typeshed_versions_non_identifier_modules() {
+        assert_eq!(
+            TypeshedVersions::from_str("not!an!identifier!: 3.7"),
+            Err(TypeshedVersionsParseError {
+                line_number: ONE,
+                reason: TypeshedVersionsParseErrorKind::InvalidModuleName(
+                    "not!an!identifier!".to_string()
+                )
+            })
+        );
+        assert_eq!(
+            TypeshedVersions::from_str("(also_not).(an_identifier): 3.7"),
+            Err(TypeshedVersionsParseError {
+                line_number: ONE,
+                reason: TypeshedVersionsParseErrorKind::InvalidModuleName(
+                    "(also_not).(an_identifier)".to_string()
+                )
+            })
+        );
+    }
+
+    #[test]
+    fn invalid_typeshed_versions_bad_hyphen_number() {
+        assert_eq!(
+            TypeshedVersions::from_str("foo: 3.8"),
+            Err(TypeshedVersionsParseError {
+                line_number: ONE,
+                reason: TypeshedVersionsParseErrorKind::UnexpectedNumberOfHyphens
+            })
+        );
+        assert_eq!(
+            TypeshedVersions::from_str("foo: 3.8--"),
+            Err(TypeshedVersionsParseError {
+                line_number: ONE,
+                reason: TypeshedVersionsParseErrorKind::UnexpectedNumberOfHyphens
+            })
+        );
+        assert_eq!(
+            TypeshedVersions::from_str("foo: 3.8--3.9"),
+            Err(TypeshedVersionsParseError {
+                line_number: ONE,
+                reason: TypeshedVersionsParseErrorKind::UnexpectedNumberOfHyphens
+            })
+        );
+    }
+
+    #[test]
+    fn invalid_typeshed_versions_bad_period_number() {
+        assert_eq!(
+            TypeshedVersions::from_str("foo: 38-"),
+            Err(TypeshedVersionsParseError {
+                line_number: ONE,
+                reason: TypeshedVersionsParseErrorKind::UnexpectedNumberOfPeriods("38".to_string())
+            })
+        );
+        assert_eq!(
+            TypeshedVersions::from_str("foo: 3..8-"),
+            Err(TypeshedVersionsParseError {
+                line_number: ONE,
+                reason: TypeshedVersionsParseErrorKind::UnexpectedNumberOfPeriods(
+                    "3..8".to_string()
+                )
+            })
+        );
+        assert_eq!(
+            TypeshedVersions::from_str("foo: 3.8-3..11"),
+            Err(TypeshedVersionsParseError {
+                line_number: ONE,
+                reason: TypeshedVersionsParseErrorKind::UnexpectedNumberOfPeriods(
+                    "3..11".to_string()
+                )
+            })
+        );
+    }
+
+    #[test]
+    fn invalid_typeshed_versions_non_digits() {
+        let err = TypeshedVersions::from_str("foo: 1.two-").unwrap_err();
+        assert_eq!(err.line_number, ONE);
+        let TypeshedVersionsParseErrorKind::IntegerParsingFailure { version, err } = err.reason
+        else {
+            panic!()
+        };
+        assert_eq!(version, "1.two".to_string());
+        assert_eq!(*err.kind(), IntErrorKind::InvalidDigit);
+
+        let err = TypeshedVersions::from_str("foo: 3.8-four.9").unwrap_err();
+        assert_eq!(err.line_number, ONE);
+        let TypeshedVersionsParseErrorKind::IntegerParsingFailure { version, err } = err.reason
+        else {
+            panic!()
+        };
+        assert_eq!(version, "four.9".to_string());
+        assert_eq!(*err.kind(), IntErrorKind::InvalidDigit);
+    }
+}
--- a/crates/red_knot_module_resolver/vendor/typeshed/LICENSE
+++ b/crates/red_knot_module_resolver/vendor/typeshed/LICENSE
--- a/crates/red_knot_module_resolver/vendor/typeshed/README.md
+++ b/crates/red_knot_module_resolver/vendor/typeshed/README.md
@@ -0,0 +1,124 @@
+# typeshed
+
+[![Tests](https://github.com/python/typeshed/actions/workflows/tests.yml/badge.svg)](https://github.com/python/typeshed/actions/workflows/tests.yml)
+[![Chat at https://gitter.im/python/typing](https://badges.gitter.im/python/typing.svg)](https://gitter.im/python/typing?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+[![Pull Requests Welcome](https://img.shields.io/badge/pull%20requests-welcome-brightgreen.svg)](https://github.com/python/typeshed/blob/main/CONTRIBUTING.md)
+
+## About
+
+Typeshed contains external type annotations for the Python standard library
+and Python builtins, as well as third party packages as contributed by
+people external to those projects.
+
+This data can e.g. be used for static analysis, type checking, type inference,
+and autocompletion.
+
+For information on how to use typeshed, read below.  Information for
+contributors can be found in [CONTRIBUTING.md](CONTRIBUTING.md).  **Please read
+it before submitting pull requests; do not report issues with annotations to
+the project the stubs are for, but instead report them here to typeshed.**
+
+Further documentation on stub files, typeshed, and Python's typing system in
+general, can also be found at https://typing.readthedocs.io/en/latest/.
+
+Typeshed supports Python versions 3.8 and up.
+
+## Using
+
+If you're just using a type checker ([mypy](https://github.com/python/mypy/),
+[pyright](https://github.com/microsoft/pyright),
+[pytype](https://github.com/google/pytype/), PyCharm, ...), as opposed to
+developing it, you don't need to interact with the typeshed repo at
+all: a copy of standard library part of typeshed is bundled with type checkers.
+And type stubs for third party packages and modules you are using can
+be installed from PyPI. For example, if you are using `html5lib` and `requests`,
+you can install the type stubs using
+
+```bash
+$ pip install types-html5lib types-requests
+```
+
+These PyPI packages follow [PEP 561](http://www.python.org/dev/peps/pep-0561/)
+and are automatically released (up to once a day) by
+[typeshed internal machinery](https://github.com/typeshed-internal/stub_uploader).
+
+Type checkers should be able to use these stub packages when installed. For more
+details, see the documentation for your type checker.
+
+### Package versioning for third-party stubs
+
+Version numbers of third-party stub packages consist of at least four parts.
+All parts of the stub version, except for the last part, correspond to the
+version of the runtime package being stubbed. For example, if the `types-foo`
+package has version `1.2.0.20240309`, this guarantees that the `types-foo` package
+contains stubs targeted against `foo==1.2.*` and tested against the latest
+version of `foo` matching that specifier. In this example, the final element
+of the version number (20240309) indicates that the stub package was pushed on
+March 9, 2024.
+
+At typeshed, we try to keep breaking changes to a minimum. However, due to the
+nature of stubs, any version bump can introduce changes that might make your
+code fail to type check.
+
+There are several strategies available for specifying the version of a stubs
+package you're using, each with its own tradeoffs:
+
+1. Use the same bounds that you use for the package being stubbed. For example,
+   if you use `requests>=2.30.0,<2.32`, you can use
+   `types-requests>=2.30.0,<2.32`. This ensures that the stubs are compatible
+   with the package you are using, but it carries a small risk of breaking
+   type checking due to changes in the stubs.
+
+   Another risk of this strategy is that stubs often lag behind
+   the package being stubbed. You might want to force the package being stubbed
+   to a certain minimum version because it fixes a critical bug, but if
+   correspondingly updated stubs have not been released, your type
+   checking results may not be fully accurate.
+2. Pin the stubs to a known good version and update the pin from time to time
+   (either manually, or using a tool such as dependabot or renovate).
+
+   For example, if you use `types-requests==2.31.0.1`, you can have confidence
+   that upgrading dependencies will not break type checking. However, you will
+   miss out on improvements in the stubs that could potentially improve type
+   checking until you update the pin. This strategy also has the risk that the
+   stubs you are using might become incompatible with the package being stubbed.
+3. Don't pin the stubs. This is the option that demands the least work from
+   you when it comes to updating version pins, and has the advantage that you
+   will automatically benefit from improved stubs whenever a new version of the
+   stubs package is released. However, it carries the risk that the stubs
+   become incompatible with the package being stubbed.
+
+   For example, if a new major version of the package is released, there's a
+   chance the stubs might be updated to reflect the new version of the runtime
+   package before you update the package being stubbed.
+
+You can also switch between the different strategies as needed. For example,
+you could default to strategy (1), but fall back to strategy (2) when
+a problem arises that can't easily be fixed.
+
+### The `_typeshed` package
+
+typeshed includes a package `_typeshed` as part of the standard library.
+This package and its submodules contain utility types, but are not
+available at runtime. For more information about how to use this package,
+[see the `stdlib/_typeshed` directory](https://github.com/python/typeshed/tree/main/stdlib/_typeshed).
+
+## Discussion
+
+If you've run into behavior in the type checker that suggests the type
+stubs for a given library are incorrect or incomplete,
+we want to hear from you!
+
+Our main forum for discussion is the project's [GitHub issue
+tracker](https://github.com/python/typeshed/issues).  This is the right
+place to start a discussion of any of the above or most any other
+topic concerning the project.
+
+If you have general questions about typing with Python, or you need
+a review of your type annotations or stubs outside of typeshed, head over to
+[our discussion forum](https://github.com/python/typing/discussions).
+For less formal discussion, try the typing chat room on
+[gitter.im](https://gitter.im/python/typing).  Some typeshed maintainers
+are almost always present; feel free to find us there and we're happy
+to chat.  Substantive technical discussion will be directed to the
+issue tracker.
--- a/crates/red_knot_module_resolver/vendor/typeshed/source_commit.txt
+++ b/crates/red_knot_module_resolver/vendor/typeshed/source_commit.txt
@@ -0,0 +1 @@
+f863db6bc5242348ceaa6a3bca4e59aa9e62faaa
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/VERSIONS
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/VERSIONS
@@ -20,53 +20,37 @@
 __future__: 3.0-
 __main__: 3.0-
 _ast: 3.0-
-_asyncio: 3.0-
 _bisect: 3.0-
-_blake2: 3.6-
 _bootlocale: 3.4-3.9
-_bz2: 3.3-
 _codecs: 3.0-
 _collections_abc: 3.3-
 _compat_pickle: 3.1-
-_compression: 3.5-3.13
-_contextvars: 3.7-
+_compression: 3.5-
 _csv: 3.0-
 _ctypes: 3.0-
 _curses: 3.0-
-_curses_panel: 3.0-
-_dbm: 3.0-
 _decimal: 3.3-
-_frozen_importlib: 3.0-
-_frozen_importlib_external: 3.5-
-_gdbm: 3.0-
-_hashlib: 3.0-
+_dummy_thread: 3.0-3.8
+_dummy_threading: 3.0-3.8
 _heapq: 3.0-
 _imp: 3.0-
 _interpchannels: 3.13-
 _interpqueues: 3.13-
 _interpreters: 3.13-
-_io: 3.0-
 _json: 3.0-
 _locale: 3.0-
 _lsprof: 3.0-
-_lzma: 3.3-
 _markupbase: 3.0-
-_msi: 3.0-3.12
-_multibytecodec: 3.0-
+_msi: 3.0-
 _operator: 3.4-
 _osx_support: 3.0-
-_pickle: 3.0-
 _posixsubprocess: 3.2-
 _py_abc: 3.7-
 _pydecimal: 3.5-
-_queue: 3.7-
 _random: 3.0-
 _sitebuiltins: 3.4-
 _socket: 3.0-  # present in 3.0 at runtime, but not in typeshed
-_sqlite3: 3.0-
-_ssl: 3.0-
 _stat: 3.4-
-_struct: 3.0-
 _thread: 3.0-
 _threading_local: 3.0-
 _tkinter: 3.0-
@@ -78,7 +62,6 @@ _weakrefset: 3.0-
 _winapi: 3.3-
 abc: 3.0-
 aifc: 3.0-3.12
-annotationlib: 3.14-
 antigravity: 3.0-
 argparse: 3.0-
 array: 3.0-
@@ -87,7 +70,6 @@ asynchat: 3.0-3.11
 asyncio: 3.4-
 asyncio.exceptions: 3.8-
 asyncio.format_helpers: 3.7-
-asyncio.graph: 3.14-
 asyncio.mixins: 3.10-
 asyncio.runners: 3.7-
 asyncio.staggered: 3.8-
@@ -119,9 +101,7 @@ collections: 3.0-
 collections.abc: 3.3-
 colorsys: 3.0-
 compileall: 3.0-
-compression: 3.14-
 concurrent: 3.2-
-concurrent.futures.interpreter: 3.14-
 configparser: 3.0-
 contextlib: 3.0-
 contextvars: 3.7-
@@ -142,13 +122,9 @@ distutils: 3.0-3.11
 distutils.command.bdist_msi: 3.0-3.10
 distutils.command.bdist_wininst: 3.0-3.9
 doctest: 3.0-
+dummy_threading: 3.0-3.8
 email: 3.0-
 encodings: 3.0-
-encodings.cp1125: 3.4-
-encodings.cp273: 3.4-
-encodings.cp858: 3.2-
-encodings.koi8_t: 3.5-
-encodings.kz1048: 3.5-
 ensurepip: 3.0-
 enum: 3.4-
 errno: 3.0-
@@ -180,15 +156,11 @@ imghdr: 3.0-3.12
 imp: 3.0-3.11
 importlib: 3.0-
 importlib._abc: 3.10-
-importlib._bootstrap: 3.0-
-importlib._bootstrap_external: 3.5-
 importlib.metadata: 3.8-
 importlib.metadata._meta: 3.10-
 importlib.metadata.diagnose: 3.13-
 importlib.readers: 3.10-
 importlib.resources: 3.7-
-importlib.resources._common: 3.11-
-importlib.resources._functional: 3.13-
 importlib.resources.abc: 3.11-
 importlib.resources.readers: 3.11-
 importlib.resources.simple: 3.11-
@@ -230,7 +202,6 @@ os: 3.0-
 ossaudiodev: 3.0-3.12
 parser: 3.0-3.9
 pathlib: 3.4-
-pathlib.types: 3.14-
 pdb: 3.0-
 pickle: 3.0-
 pickletools: 3.0-
@@ -283,7 +254,6 @@ ssl: 3.0-
 stat: 3.0-
 statistics: 3.4-
 string: 3.0-
-string.templatelib: 3.14-
 stringprep: 3.0-
 struct: 3.0-
 subprocess: 3.0-
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/future.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/future.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/main.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/main.pyi
@@ -0,0 +1,3 @@
+from typing import Any
+
+def __getattr__(name: str) -> Any: ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_ast.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_ast.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_bisect.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_bisect.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_bootlocale.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_bootlocale.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_codecs.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_codecs.pyi
@@ -2,13 +2,10 @@ import codecs
 import sys
 from _typeshed import ReadableBuffer
 from collections.abc import Callable
-from typing import Literal, final, overload, type_check_only
+from typing import Literal, overload
 from typing_extensions import TypeAlias

 # This type is not exposed; it is defined in unicodeobject.c
-# At runtime it calls itself builtins.EncodingMap
-@final
-@type_check_only
 class _EncodingMap:
    def size(self) -> int: ...

@@ -81,12 +78,26 @@ def escape_decode(data: str | ReadableBuffer, errors: str | None = None, /) -> t
 def escape_encode(data: bytes, errors: str | None = None, /) -> tuple[bytes, int]: ...
 def latin_1_decode(data: ReadableBuffer, errors: str | None = None, /) -> tuple[str, int]: ...
 def latin_1_encode(str: str, errors: str | None = None, /) -> tuple[bytes, int]: ...
-def raw_unicode_escape_decode(
-    data: str | ReadableBuffer, errors: str | None = None, final: bool = True, /
-) -> tuple[str, int]: ...
+
+if sys.version_info >= (3, 9):
+    def raw_unicode_escape_decode(
+        data: str | ReadableBuffer, errors: str | None = None, final: bool = True, /
+    ) -> tuple[str, int]: ...
+
+else:
+    def raw_unicode_escape_decode(data: str | ReadableBuffer, errors: str | None = None, /) -> tuple[str, int]: ...
+
 def raw_unicode_escape_encode(str: str, errors: str | None = None, /) -> tuple[bytes, int]: ...
 def readbuffer_encode(data: str | ReadableBuffer, errors: str | None = None, /) -> tuple[bytes, int]: ...
-def unicode_escape_decode(data: str | ReadableBuffer, errors: str | None = None, final: bool = True, /) -> tuple[str, int]: ...
+
+if sys.version_info >= (3, 9):
+    def unicode_escape_decode(
+        data: str | ReadableBuffer, errors: str | None = None, final: bool = True, /
+    ) -> tuple[str, int]: ...
+
+else:
+    def unicode_escape_decode(data: str | ReadableBuffer, errors: str | None = None, /) -> tuple[str, int]: ...
+
 def unicode_escape_encode(str: str, errors: str | None = None, /) -> tuple[bytes, int]: ...
 def utf_16_be_decode(data: ReadableBuffer, errors: str | None = None, final: bool = False, /) -> tuple[str, int]: ...
 def utf_16_be_encode(str: str, errors: str | None = None, /) -> tuple[bytes, int]: ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_collections_abc.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_collections_abc.pyi
@@ -1,14 +1,14 @@
 import sys
 from abc import abstractmethod
 from types import MappingProxyType
-from typing import (  # noqa: Y022,Y038,UP035
+from typing import (  # noqa: Y022,Y038,Y057
    AbstractSet as Set,
    AsyncGenerator as AsyncGenerator,
    AsyncIterable as AsyncIterable,
    AsyncIterator as AsyncIterator,
    Awaitable as Awaitable,
+    ByteString as ByteString,
    Callable as Callable,
-    ClassVar,
    Collection as Collection,
    Container as Container,
    Coroutine as Coroutine,
@@ -59,12 +59,8 @@ __all__ = [
    "ValuesView",
    "Sequence",
    "MutableSequence",
+    "ByteString",
 ]
-if sys.version_info < (3, 14):
-    from typing import ByteString as ByteString  # noqa: Y057,UP035
-
-    __all__ += ["ByteString"]
-
 if sys.version_info >= (3, 12):
    __all__ += ["Buffer"]

@@ -74,8 +70,6 @@ _VT_co = TypeVar("_VT_co", covariant=True)  # Value type covariant containers.
@final
 class dict_keys(KeysView[_KT_co], Generic[_KT_co, _VT_co]):  # undocumented
    def __eq__(self, value: object, /) -> bool: ...
-    def __reversed__(self) -> Iterator[_KT_co]: ...
-    __hash__: ClassVar[None]  # type: ignore[assignment]
    if sys.version_info >= (3, 13):
        def isdisjoint(self, other: Iterable[_KT_co], /) -> bool: ...
    if sys.version_info >= (3, 10):
@@ -84,7 +78,6 @@ class dict_keys(KeysView[_KT_co], Generic[_KT_co, _VT_co]):  # undocumented

@final
 class dict_values(ValuesView[_VT_co], Generic[_KT_co, _VT_co]):  # undocumented
-    def __reversed__(self) -> Iterator[_VT_co]: ...
    if sys.version_info >= (3, 10):
        @property
        def mapping(self) -> MappingProxyType[_KT_co, _VT_co]: ...
@@ -92,8 +85,6 @@ class dict_values(ValuesView[_VT_co], Generic[_KT_co, _VT_co]):  # undocumented
@final
 class dict_items(ItemsView[_KT_co, _VT_co]):  # undocumented
    def __eq__(self, value: object, /) -> bool: ...
-    def __reversed__(self) -> Iterator[tuple[_KT_co, _VT_co]]: ...
-    __hash__: ClassVar[None]  # type: ignore[assignment]
    if sys.version_info >= (3, 13):
        def isdisjoint(self, other: Iterable[tuple[_KT_co, _VT_co]], /) -> bool: ...
    if sys.version_info >= (3, 10):
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_compat_pickle.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_compat_pickle.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_compression.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_compression.pyi
@@ -0,0 +1,25 @@
+from _typeshed import WriteableBuffer
+from collections.abc import Callable
+from io import DEFAULT_BUFFER_SIZE, BufferedIOBase, RawIOBase
+from typing import Any, Protocol
+
+BUFFER_SIZE = DEFAULT_BUFFER_SIZE
+
+class _Reader(Protocol):
+    def read(self, n: int, /) -> bytes: ...
+    def seekable(self) -> bool: ...
+    def seek(self, n: int, /) -> Any: ...
+
+class BaseStream(BufferedIOBase): ...
+
+class DecompressReader(RawIOBase):
+    def __init__(
+        self,
+        fp: _Reader,
+        decomp_factory: Callable[..., object],
+        trailing_error: type[Exception] | tuple[type[Exception], ...] = (),
+        **decomp_args: Any,
+    ) -> None: ...
+    def readinto(self, b: WriteableBuffer) -> int: ...
+    def read(self, size: int = -1) -> bytes: ...
+    def seek(self, offset: int, whence: int = 0) -> int: ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_csv.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_csv.pyi
@@ -0,0 +1,90 @@
+import sys
+from _typeshed import SupportsWrite
+from collections.abc import Iterable, Iterator
+from typing import Any, Final, Literal
+from typing_extensions import TypeAlias
+
+__version__: Final[str]
+
+QUOTE_ALL: Literal[1]
+QUOTE_MINIMAL: Literal[0]
+QUOTE_NONE: Literal[3]
+QUOTE_NONNUMERIC: Literal[2]
+if sys.version_info >= (3, 12):
+    QUOTE_STRINGS: Literal[4]
+    QUOTE_NOTNULL: Literal[5]
+
+# Ideally this would be `QUOTE_ALL | QUOTE_MINIMAL | QUOTE_NONE | QUOTE_NONNUMERIC`
+# However, using literals in situations like these can cause false-positives (see #7258)
+_QuotingType: TypeAlias = int
+
+class Error(Exception): ...
+
+class Dialect:
+    delimiter: str
+    quotechar: str | None
+    escapechar: str | None
+    doublequote: bool
+    skipinitialspace: bool
+    lineterminator: str
+    quoting: _QuotingType
+    strict: bool
+    def __init__(self) -> None: ...
+
+_DialectLike: TypeAlias = str | Dialect | type[Dialect]
+
+class _reader(Iterator[list[str]]):
+    @property
+    def dialect(self) -> Dialect: ...
+    line_num: int
+    def __next__(self) -> list[str]: ...
+
+class _writer:
+    @property
+    def dialect(self) -> Dialect: ...
+    def writerow(self, row: Iterable[Any]) -> Any: ...
+    def writerows(self, rows: Iterable[Iterable[Any]]) -> None: ...
+
+def writer(
+    csvfile: SupportsWrite[str],
+    dialect: _DialectLike = "excel",
+    *,
+    delimiter: str = ",",
+    quotechar: str | None = '"',
+    escapechar: str | None = None,
+    doublequote: bool = True,
+    skipinitialspace: bool = False,
+    lineterminator: str = "\r\n",
+    quoting: _QuotingType = 0,
+    strict: bool = False,
+) -> _writer: ...
+def reader(
+    csvfile: Iterable[str],
+    dialect: _DialectLike = "excel",
+    *,
+    delimiter: str = ",",
+    quotechar: str | None = '"',
+    escapechar: str | None = None,
+    doublequote: bool = True,
+    skipinitialspace: bool = False,
+    lineterminator: str = "\r\n",
+    quoting: _QuotingType = 0,
+    strict: bool = False,
+) -> _reader: ...
+def register_dialect(
+    name: str,
+    dialect: type[Dialect] = ...,
+    *,
+    delimiter: str = ",",
+    quotechar: str | None = '"',
+    escapechar: str | None = None,
+    doublequote: bool = True,
+    skipinitialspace: bool = False,
+    lineterminator: str = "\r\n",
+    quoting: _QuotingType = 0,
+    strict: bool = False,
+) -> None: ...
+def unregister_dialect(name: str) -> None: ...
+def get_dialect(name: str) -> Dialect: ...
+def list_dialects() -> list[str]: ...
+def field_size_limit(new_limit: int = ...) -> int: ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_ctypes.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_ctypes.pyi
@@ -0,0 +1,210 @@
+import sys
+from _typeshed import ReadableBuffer, WriteableBuffer
+from abc import abstractmethod
+from collections.abc import Callable, Iterable, Iterator, Mapping, Sequence
+from ctypes import CDLL, ArgumentError as ArgumentError
+from typing import Any, ClassVar, Generic, TypeVar, overload
+from typing_extensions import Self, TypeAlias
+
+if sys.version_info >= (3, 9):
+    from types import GenericAlias
+
+_T = TypeVar("_T")
+_CT = TypeVar("_CT", bound=_CData)
+
+FUNCFLAG_CDECL: int
+FUNCFLAG_PYTHONAPI: int
+FUNCFLAG_USE_ERRNO: int
+FUNCFLAG_USE_LASTERROR: int
+RTLD_GLOBAL: int
+RTLD_LOCAL: int
+
+if sys.version_info >= (3, 11):
+    CTYPES_MAX_ARGCOUNT: int
+
+if sys.version_info >= (3, 12):
+    SIZEOF_TIME_T: int
+
+if sys.platform == "win32":
+    # Description, Source, HelpFile, HelpContext, scode
+    _COMError_Details: TypeAlias = tuple[str | None, str | None, str | None, int | None, int | None]
+
+    class COMError(Exception):
+        hresult: int
+        text: str | None
+        details: _COMError_Details
+
+        def __init__(self, hresult: int, text: str | None, details: _COMError_Details) -> None: ...
+
+    def CopyComPointer(src: _PointerLike, dst: _PointerLike | _CArgObject) -> int: ...
+
+    FUNCFLAG_HRESULT: int
+    FUNCFLAG_STDCALL: int
+
+    def FormatError(code: int = ...) -> str: ...
+    def get_last_error() -> int: ...
+    def set_last_error(value: int) -> int: ...
+    def LoadLibrary(name: str, load_flags: int = 0, /) -> int: ...
+    def FreeLibrary(handle: int, /) -> None: ...
+
+class _CDataMeta(type):
+    # By default mypy complains about the following two methods, because strictly speaking cls
+    # might not be a Type[_CT]. However this can never actually happen, because the only class that
+    # uses _CDataMeta as its metaclass is _CData. So it's safe to ignore the errors here.
+    def __mul__(cls: type[_CT], other: int) -> type[Array[_CT]]: ...  # type: ignore[misc]
+    def __rmul__(cls: type[_CT], other: int) -> type[Array[_CT]]: ...  # type: ignore[misc]
+
+class _CData(metaclass=_CDataMeta):
+    _b_base_: int
+    _b_needsfree_: bool
+    _objects: Mapping[Any, int] | None
+    # At runtime the following classmethods are available only on classes, not
+    # on instances. This can't be reflected properly in the type system:
+    #
+    # Structure.from_buffer(...)  # valid at runtime
+    # Structure(...).from_buffer(...)  # invalid at runtime
+    #
+    @classmethod
+    def from_buffer(cls, source: WriteableBuffer, offset: int = ...) -> Self: ...
+    @classmethod
+    def from_buffer_copy(cls, source: ReadableBuffer, offset: int = ...) -> Self: ...
+    @classmethod
+    def from_address(cls, address: int) -> Self: ...
+    @classmethod
+    def from_param(cls, obj: Any) -> Self | _CArgObject: ...
+    @classmethod
+    def in_dll(cls, library: CDLL, name: str) -> Self: ...
+    def __buffer__(self, flags: int, /) -> memoryview: ...
+    def __release_buffer__(self, buffer: memoryview, /) -> None: ...
+
+class _SimpleCData(_CData, Generic[_T]):
+    value: _T
+    # The TypeVar can be unsolved here,
+    # but we can't use overloads without creating many, many mypy false-positive errors
+    def __init__(self, value: _T = ...) -> None: ...  # pyright: ignore[reportInvalidTypeVarUse]
+
+class _CanCastTo(_CData): ...
+class _PointerLike(_CanCastTo): ...
+
+class _Pointer(_PointerLike, _CData, Generic[_CT]):
+    _type_: type[_CT]
+    contents: _CT
+    @overload
+    def __init__(self) -> None: ...
+    @overload
+    def __init__(self, arg: _CT) -> None: ...
+    @overload
+    def __getitem__(self, key: int, /) -> Any: ...
+    @overload
+    def __getitem__(self, key: slice, /) -> list[Any]: ...
+    def __setitem__(self, key: int, value: Any, /) -> None: ...
+
+def POINTER(type: type[_CT], /) -> type[_Pointer[_CT]]: ...
+def pointer(obj: _CT, /) -> _Pointer[_CT]: ...
+
+class _CArgObject: ...
+
+def byref(obj: _CData, offset: int = ...) -> _CArgObject: ...
+
+_ECT: TypeAlias = Callable[[_CData | None, CFuncPtr, tuple[_CData, ...]], _CData]
+_PF: TypeAlias = tuple[int] | tuple[int, str | None] | tuple[int, str | None, Any]
+
+class CFuncPtr(_PointerLike, _CData):
+    restype: type[_CData] | Callable[[int], Any] | None
+    argtypes: Sequence[type[_CData]]
+    errcheck: _ECT
+    # Abstract attribute that must be defined on subclasses
+    _flags_: ClassVar[int]
+    @overload
+    def __init__(self) -> None: ...
+    @overload
+    def __init__(self, address: int, /) -> None: ...
+    @overload
+    def __init__(self, callable: Callable[..., Any], /) -> None: ...
+    @overload
+    def __init__(self, func_spec: tuple[str | int, CDLL], paramflags: tuple[_PF, ...] | None = ..., /) -> None: ...
+    if sys.platform == "win32":
+        @overload
+        def __init__(
+            self, vtbl_index: int, name: str, paramflags: tuple[_PF, ...] | None = ..., iid: _CData | None = ..., /
+        ) -> None: ...
+
+    def __call__(self, *args: Any, **kwargs: Any) -> Any: ...
+
+_GetT = TypeVar("_GetT")
+_SetT = TypeVar("_SetT")
+
+class _CField(Generic[_CT, _GetT, _SetT]):
+    offset: int
+    size: int
+    @overload
+    def __get__(self, instance: None, owner: type[Any] | None, /) -> Self: ...
+    @overload
+    def __get__(self, instance: Any, owner: type[Any] | None, /) -> _GetT: ...
+    def __set__(self, instance: Any, value: _SetT, /) -> None: ...
+
+class _StructUnionMeta(_CDataMeta):
+    _fields_: Sequence[tuple[str, type[_CData]] | tuple[str, type[_CData], int]]
+    _pack_: int
+    _anonymous_: Sequence[str]
+    def __getattr__(self, name: str) -> _CField[Any, Any, Any]: ...
+
+class _StructUnionBase(_CData, metaclass=_StructUnionMeta):
+    def __init__(self, *args: Any, **kw: Any) -> None: ...
+    def __getattr__(self, name: str) -> Any: ...
+    def __setattr__(self, name: str, value: Any) -> None: ...
+
+class Union(_StructUnionBase): ...
+class Structure(_StructUnionBase): ...
+
+class Array(_CData, Generic[_CT]):
+    @property
+    @abstractmethod
+    def _length_(self) -> int: ...
+    @_length_.setter
+    def _length_(self, value: int) -> None: ...
+    @property
+    @abstractmethod
+    def _type_(self) -> type[_CT]: ...
+    @_type_.setter
+    def _type_(self, value: type[_CT]) -> None: ...
+    # Note: only available if _CT == c_char
+    @property
+    def raw(self) -> bytes: ...
+    @raw.setter
+    def raw(self, value: ReadableBuffer) -> None: ...
+    value: Any  # Note: bytes if _CT == c_char, str if _CT == c_wchar, unavailable otherwise
+    # TODO These methods cannot be annotated correctly at the moment.
+    # All of these "Any"s stand for the array's element type, but it's not possible to use _CT
+    # here, because of a special feature of ctypes.
+    # By default, when accessing an element of an Array[_CT], the returned object has type _CT.
+    # However, when _CT is a "simple type" like c_int, ctypes automatically "unboxes" the object
+    # and converts it to the corresponding Python primitive. For example, when accessing an element
+    # of an Array[c_int], a Python int object is returned, not a c_int.
+    # This behavior does *not* apply to subclasses of "simple types".
+    # If MyInt is a subclass of c_int, then accessing an element of an Array[MyInt] returns
+    # a MyInt, not an int.
+    # This special behavior is not easy to model in a stub, so for now all places where
+    # the array element type would belong are annotated with Any instead.
+    def __init__(self, *args: Any) -> None: ...
+    @overload
+    def __getitem__(self, key: int, /) -> Any: ...
+    @overload
+    def __getitem__(self, key: slice, /) -> list[Any]: ...
+    @overload
+    def __setitem__(self, key: int, value: Any, /) -> None: ...
+    @overload
+    def __setitem__(self, key: slice, value: Iterable[Any], /) -> None: ...
+    def __iter__(self) -> Iterator[Any]: ...
+    # Can't inherit from Sized because the metaclass conflict between
+    # Sized and _CData prevents using _CDataMeta.
+    def __len__(self) -> int: ...
+    if sys.version_info >= (3, 9):
+        def __class_getitem__(cls, item: Any, /) -> GenericAlias: ...
+
+def addressof(obj: _CData, /) -> int: ...
+def alignment(obj_or_type: _CData | type[_CData], /) -> int: ...
+def get_errno() -> int: ...
+def resize(obj: _CData, size: int, /) -> None: ...
+def set_errno(value: int, /) -> int: ...
+def sizeof(obj_or_type: _CData | type[_CData], /) -> int: ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_curses.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_curses.pyi
@@ -1,7 +1,6 @@
 import sys
-from _typeshed import ReadOnlyBuffer, SupportsRead, SupportsWrite
-from curses import _ncurses_version
-from typing import Any, final, overload
+from _typeshed import ReadOnlyBuffer, SupportsRead
+from typing import IO, Any, NamedTuple, final, overload
 from typing_extensions import TypeAlias

 # NOTE: This module is ordinarily only available on Unix, but the windows-curses
@@ -95,14 +94,13 @@ BUTTON4_DOUBLE_CLICKED: int
 BUTTON4_PRESSED: int
 BUTTON4_RELEASED: int
 BUTTON4_TRIPLE_CLICKED: int
-# Darwin ncurses doesn't provide BUTTON5_* constants prior to 3.12.10 and 3.13.3
-if sys.version_info >= (3, 10):
-    if sys.version_info >= (3, 12) or sys.platform != "darwin":
-        BUTTON5_PRESSED: int
-        BUTTON5_RELEASED: int
-        BUTTON5_CLICKED: int
-        BUTTON5_DOUBLE_CLICKED: int
-        BUTTON5_TRIPLE_CLICKED: int
+# Darwin ncurses doesn't provide BUTTON5_* constants
+if sys.version_info >= (3, 10) and sys.platform != "darwin":
+    BUTTON5_PRESSED: int
+    BUTTON5_RELEASED: int
+    BUTTON5_CLICKED: int
+    BUTTON5_DOUBLE_CLICKED: int
+    BUTTON5_TRIPLE_CLICKED: int
 BUTTON_ALT: int
 BUTTON_CTRL: int
 BUTTON_SHIFT: int
@@ -293,11 +291,14 @@ def erasechar() -> bytes: ...
 def filter() -> None: ...
 def flash() -> None: ...
 def flushinp() -> None: ...
-def get_escdelay() -> int: ...
-def get_tabsize() -> int: ...
+
+if sys.version_info >= (3, 9):
+    def get_escdelay() -> int: ...
+    def get_tabsize() -> int: ...
+
 def getmouse() -> tuple[int, int, int, int, int]: ...
 def getsyx() -> tuple[int, int]: ...
-def getwin(file: SupportsRead[bytes], /) -> window: ...
+def getwin(file: SupportsRead[bytes], /) -> _CursesWindow: ...
 def halfdelay(tenths: int, /) -> None: ...
 def has_colors() -> bool: ...

@@ -309,7 +310,7 @@ def has_il() -> bool: ...
 def has_key(key: int, /) -> bool: ...
 def init_color(color_number: int, r: int, g: int, b: int, /) -> None: ...
 def init_pair(pair_number: int, fg: int, bg: int, /) -> None: ...
-def initscr() -> window: ...
+def initscr() -> _CursesWindow: ...
 def intrflush(flag: bool, /) -> None: ...
 def is_term_resized(nlines: int, ncols: int, /) -> bool: ...
 def isendwin() -> bool: ...
@@ -320,8 +321,8 @@ def meta(yes: bool, /) -> None: ...
 def mouseinterval(interval: int, /) -> None: ...
 def mousemask(newmask: int, /) -> tuple[int, int]: ...
 def napms(ms: int, /) -> int: ...
-def newpad(nlines: int, ncols: int, /) -> window: ...
-def newwin(nlines: int, ncols: int, begin_y: int = ..., begin_x: int = ..., /) -> window: ...
+def newpad(nlines: int, ncols: int, /) -> _CursesWindow: ...
+def newwin(nlines: int, ncols: int, begin_y: int = ..., begin_x: int = ..., /) -> _CursesWindow: ...
 def nl(flag: bool = True, /) -> None: ...
 def nocbreak() -> None: ...
 def noecho() -> None: ...
@@ -339,8 +340,11 @@ def resetty() -> None: ...
 def resize_term(nlines: int, ncols: int, /) -> None: ...
 def resizeterm(nlines: int, ncols: int, /) -> None: ...
 def savetty() -> None: ...
-def set_escdelay(ms: int, /) -> None: ...
-def set_tabsize(size: int, /) -> None: ...
+
+if sys.version_info >= (3, 9):
+    def set_escdelay(ms: int, /) -> None: ...
+    def set_tabsize(size: int, /) -> None: ...
+
 def setsyx(y: int, x: int, /) -> None: ...
 def setupterm(term: str | None = None, fd: int = -1) -> None: ...
 def start_color() -> None: ...
@@ -364,7 +368,11 @@ def tparm(
 ) -> bytes: ...
 def typeahead(fd: int, /) -> None: ...
 def unctrl(ch: _ChType, /) -> bytes: ...
-def unget_wch(ch: int | str, /) -> None: ...
+
+if sys.version_info < (3, 12) or sys.platform != "darwin":
+    # The support for macos was dropped in 3.12
+    def unget_wch(ch: int | str, /) -> None: ...
+
 def ungetch(ch: _ChType, /) -> None: ...
 def ungetmouse(id: int, x: int, y: int, z: int, bstate: int, /) -> None: ...
 def update_lines_cols() -> None: ...
@@ -374,7 +382,7 @@ def use_env(flag: bool, /) -> None: ...
 class error(Exception): ...

@final
-class window:  # undocumented
+class _CursesWindow:
    encoding: str
    @overload
    def addch(self, ch: _ChType, attr: int = ...) -> None: ...
@@ -427,9 +435,9 @@ class window:  # undocumented
    def delch(self, y: int, x: int) -> None: ...
    def deleteln(self) -> None: ...
    @overload
-    def derwin(self, begin_y: int, begin_x: int) -> window: ...
+    def derwin(self, begin_y: int, begin_x: int) -> _CursesWindow: ...
    @overload
-    def derwin(self, nlines: int, ncols: int, begin_y: int, begin_x: int) -> window: ...
+    def derwin(self, nlines: int, ncols: int, begin_y: int, begin_x: int) -> _CursesWindow: ...
    def echochar(self, ch: _ChType, attr: int = ..., /) -> None: ...
    def enclose(self, y: int, x: int, /) -> bool: ...
    def erase(self) -> None: ...
@@ -439,10 +447,13 @@ class window:  # undocumented
    def getch(self) -> int: ...
    @overload
    def getch(self, y: int, x: int) -> int: ...
-    @overload
-    def get_wch(self) -> int | str: ...
-    @overload
-    def get_wch(self, y: int, x: int) -> int | str: ...
+    if sys.version_info < (3, 12) or sys.platform != "darwin":
+        # The support for macos was dropped in 3.12
+        @overload
+        def get_wch(self) -> int | str: ...
+        @overload
+        def get_wch(self, y: int, x: int) -> int | str: ...
+
    @overload
    def getkey(self) -> str: ...
    @overload
@@ -489,7 +500,7 @@ class window:  # undocumented
    def instr(self, y: int, x: int, n: int = ...) -> bytes: ...
    def is_linetouched(self, line: int, /) -> bool: ...
    def is_wintouched(self) -> bool: ...
-    def keypad(self, yes: bool, /) -> None: ...
+    def keypad(self, yes: bool) -> None: ...
    def leaveok(self, yes: bool) -> None: ...
    def move(self, new_y: int, new_x: int) -> None: ...
    def mvderwin(self, y: int, x: int) -> None: ...
@@ -501,18 +512,18 @@ class window:  # undocumented
    @overload
    def noutrefresh(self, pminrow: int, pmincol: int, sminrow: int, smincol: int, smaxrow: int, smaxcol: int) -> None: ...
    @overload
-    def overlay(self, destwin: window) -> None: ...
+    def overlay(self, destwin: _CursesWindow) -> None: ...
    @overload
    def overlay(
-        self, destwin: window, sminrow: int, smincol: int, dminrow: int, dmincol: int, dmaxrow: int, dmaxcol: int
+        self, destwin: _CursesWindow, sminrow: int, smincol: int, dminrow: int, dmincol: int, dmaxrow: int, dmaxcol: int
    ) -> None: ...
    @overload
-    def overwrite(self, destwin: window) -> None: ...
+    def overwrite(self, destwin: _CursesWindow) -> None: ...
    @overload
    def overwrite(
-        self, destwin: window, sminrow: int, smincol: int, dminrow: int, dmincol: int, dmaxrow: int, dmaxcol: int
+        self, destwin: _CursesWindow, sminrow: int, smincol: int, dminrow: int, dmincol: int, dmaxrow: int, dmaxcol: int
    ) -> None: ...
-    def putwin(self, file: SupportsWrite[bytes], /) -> None: ...
+    def putwin(self, file: IO[Any], /) -> None: ...
    def redrawln(self, beg: int, num: int, /) -> None: ...
    def redrawwin(self) -> None: ...
    @overload
@@ -526,13 +537,13 @@ class window:  # undocumented
    def standend(self) -> None: ...
    def standout(self) -> None: ...
    @overload
-    def subpad(self, begin_y: int, begin_x: int) -> window: ...
+    def subpad(self, begin_y: int, begin_x: int) -> _CursesWindow: ...
    @overload
-    def subpad(self, nlines: int, ncols: int, begin_y: int, begin_x: int) -> window: ...
+    def subpad(self, nlines: int, ncols: int, begin_y: int, begin_x: int) -> _CursesWindow: ...
    @overload
-    def subwin(self, begin_y: int, begin_x: int) -> window: ...
+    def subwin(self, begin_y: int, begin_x: int) -> _CursesWindow: ...
    @overload
-    def subwin(self, nlines: int, ncols: int, begin_y: int, begin_x: int) -> window: ...
+    def subwin(self, nlines: int, ncols: int, begin_y: int, begin_x: int) -> _CursesWindow: ...
    def syncdown(self) -> None: ...
    def syncok(self, flag: bool) -> None: ...
    def syncup(self) -> None: ...
@@ -545,4 +556,10 @@ class window:  # undocumented
    @overload
    def vline(self, y: int, x: int, ch: _ChType, n: int) -> None: ...

+class _ncurses_version(NamedTuple):
+    major: int
+    minor: int
+    patch: int
+
 ncurses_version: _ncurses_version
+window = _CursesWindow  # undocumented
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_decimal.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_decimal.pyi
@@ -0,0 +1,281 @@
+import numbers
+import sys
+from collections.abc import Container, Sequence
+from types import TracebackType
+from typing import Any, ClassVar, Final, Literal, NamedTuple, overload
+from typing_extensions import Self, TypeAlias
+
+_Decimal: TypeAlias = Decimal | int
+_DecimalNew: TypeAlias = Decimal | float | str | tuple[int, Sequence[int], int]
+_ComparableNum: TypeAlias = Decimal | float | numbers.Rational
+
+__version__: Final[str]
+__libmpdec_version__: Final[str]
+
+class DecimalTuple(NamedTuple):
+    sign: int
+    digits: tuple[int, ...]
+    exponent: int | Literal["n", "N", "F"]
+
+ROUND_DOWN: str
+ROUND_HALF_UP: str
+ROUND_HALF_EVEN: str
+ROUND_CEILING: str
+ROUND_FLOOR: str
+ROUND_UP: str
+ROUND_HALF_DOWN: str
+ROUND_05UP: str
+HAVE_CONTEXTVAR: bool
+HAVE_THREADS: bool
+MAX_EMAX: int
+MAX_PREC: int
+MIN_EMIN: int
+MIN_ETINY: int
+
+class DecimalException(ArithmeticError): ...
+class Clamped(DecimalException): ...
+class InvalidOperation(DecimalException): ...
+class ConversionSyntax(InvalidOperation): ...
+class DivisionByZero(DecimalException, ZeroDivisionError): ...
+class DivisionImpossible(InvalidOperation): ...
+class DivisionUndefined(InvalidOperation, ZeroDivisionError): ...
+class Inexact(DecimalException): ...
+class InvalidContext(InvalidOperation): ...
+class Rounded(DecimalException): ...
+class Subnormal(DecimalException): ...
+class Overflow(Inexact, Rounded): ...
+class Underflow(Inexact, Rounded, Subnormal): ...
+class FloatOperation(DecimalException, TypeError): ...
+
+def setcontext(context: Context, /) -> None: ...
+def getcontext() -> Context: ...
+
+if sys.version_info >= (3, 11):
+    def localcontext(
+        ctx: Context | None = None,
+        *,
+        prec: int | None = ...,
+        rounding: str | None = ...,
+        Emin: int | None = ...,
+        Emax: int | None = ...,
+        capitals: int | None = ...,
+        clamp: int | None = ...,
+        traps: dict[_TrapType, bool] | None = ...,
+        flags: dict[_TrapType, bool] | None = ...,
+    ) -> _ContextManager: ...
+
+else:
+    def localcontext(ctx: Context | None = None) -> _ContextManager: ...
+
+class Decimal:
+    def __new__(cls, value: _DecimalNew = ..., context: Context | None = ...) -> Self: ...
+    @classmethod
+    def from_float(cls, f: float, /) -> Self: ...
+    def __bool__(self) -> bool: ...
+    def compare(self, other: _Decimal, context: Context | None = None) -> Decimal: ...
+    def __hash__(self) -> int: ...
+    def as_tuple(self) -> DecimalTuple: ...
+    def as_integer_ratio(self) -> tuple[int, int]: ...
+    def to_eng_string(self, context: Context | None = None) -> str: ...
+    def __abs__(self) -> Decimal: ...
+    def __add__(self, value: _Decimal, /) -> Decimal: ...
+    def __divmod__(self, value: _Decimal, /) -> tuple[Decimal, Decimal]: ...
+    def __eq__(self, value: object, /) -> bool: ...
+    def __floordiv__(self, value: _Decimal, /) -> Decimal: ...
+    def __ge__(self, value: _ComparableNum, /) -> bool: ...
+    def __gt__(self, value: _ComparableNum, /) -> bool: ...
+    def __le__(self, value: _ComparableNum, /) -> bool: ...
+    def __lt__(self, value: _ComparableNum, /) -> bool: ...
+    def __mod__(self, value: _Decimal, /) -> Decimal: ...
+    def __mul__(self, value: _Decimal, /) -> Decimal: ...
+    def __neg__(self) -> Decimal: ...
+    def __pos__(self) -> Decimal: ...
+    def __pow__(self, value: _Decimal, mod: _Decimal | None = None, /) -> Decimal: ...
+    def __radd__(self, value: _Decimal, /) -> Decimal: ...
+    def __rdivmod__(self, value: _Decimal, /) -> tuple[Decimal, Decimal]: ...
+    def __rfloordiv__(self, value: _Decimal, /) -> Decimal: ...
+    def __rmod__(self, value: _Decimal, /) -> Decimal: ...
+    def __rmul__(self, value: _Decimal, /) -> Decimal: ...
+    def __rsub__(self, value: _Decimal, /) -> Decimal: ...
+    def __rtruediv__(self, value: _Decimal, /) -> Decimal: ...
+    def __sub__(self, value: _Decimal, /) -> Decimal: ...
+    def __truediv__(self, value: _Decimal, /) -> Decimal: ...
+    def remainder_near(self, other: _Decimal, context: Context | None = None) -> Decimal: ...
+    def __float__(self) -> float: ...
+    def __int__(self) -> int: ...
+    def __trunc__(self) -> int: ...
+    @property
+    def real(self) -> Decimal: ...
+    @property
+    def imag(self) -> Decimal: ...
+    def conjugate(self) -> Decimal: ...
+    def __complex__(self) -> complex: ...
+    @overload
+    def __round__(self) -> int: ...
+    @overload
+    def __round__(self, ndigits: int, /) -> Decimal: ...
+    def __floor__(self) -> int: ...
+    def __ceil__(self) -> int: ...
+    def fma(self, other: _Decimal, third: _Decimal, context: Context | None = None) -> Decimal: ...
+    def __rpow__(self, value: _Decimal, mod: Context | None = None, /) -> Decimal: ...
+    def normalize(self, context: Context | None = None) -> Decimal: ...
+    def quantize(self, exp: _Decimal, rounding: str | None = None, context: Context | None = None) -> Decimal: ...
+    def same_quantum(self, other: _Decimal, context: Context | None = None) -> bool: ...
+    def to_integral_exact(self, rounding: str | None = None, context: Context | None = None) -> Decimal: ...
+    def to_integral_value(self, rounding: str | None = None, context: Context | None = None) -> Decimal: ...
+    def to_integral(self, rounding: str | None = None, context: Context | None = None) -> Decimal: ...
+    def sqrt(self, context: Context | None = None) -> Decimal: ...
+    def max(self, other: _Decimal, context: Context | None = None) -> Decimal: ...
+    def min(self, other: _Decimal, context: Context | None = None) -> Decimal: ...
+    def adjusted(self) -> int: ...
+    def canonical(self) -> Decimal: ...
+    def compare_signal(self, other: _Decimal, context: Context | None = None) -> Decimal: ...
+    def compare_total(self, other: _Decimal, context: Context | None = None) -> Decimal: ...
+    def compare_total_mag(self, other: _Decimal, context: Context | None = None) -> Decimal: ...
+    def copy_abs(self) -> Decimal: ...
+    def copy_negate(self) -> Decimal: ...
+    def copy_sign(self, other: _Decimal, context: Context | None = None) -> Decimal: ...
+    def exp(self, context: Context | None = None) -> Decimal: ...
+    def is_canonical(self) -> bool: ...
+    def is_finite(self) -> bool: ...
+    def is_infinite(self) -> bool: ...
+    def is_nan(self) -> bool: ...
+    def is_normal(self, context: Context | None = None) -> bool: ...
+    def is_qnan(self) -> bool: ...
+    def is_signed(self) -> bool: ...
+    def is_snan(self) -> bool: ...
+    def is_subnormal(self, context: Context | None = None) -> bool: ...
+    def is_zero(self) -> bool: ...
+    def ln(self, context: Context | None = None) -> Decimal: ...
+    def log10(self, context: Context | None = None) -> Decimal: ...
+    def logb(self, context: Context | None = None) -> Decimal: ...
+    def logical_and(self, other: _Decimal, context: Context | None = None) -> Decimal: ...
+    def logical_invert(self, context: Context | None = None) -> Decimal: ...
+    def logical_or(self, other: _Decimal, context: Context | None = None) -> Decimal: ...
+    def logical_xor(self, other: _Decimal, context: Context | None = None) -> Decimal: ...
+    def max_mag(self, other: _Decimal, context: Context | None = None) -> Decimal: ...
+    def min_mag(self, other: _Decimal, context: Context | None = None) -> Decimal: ...
+    def next_minus(self, context: Context | None = None) -> Decimal: ...
+    def next_plus(self, context: Context | None = None) -> Decimal: ...
+    def next_toward(self, other: _Decimal, context: Context | None = None) -> Decimal: ...
+    def number_class(self, context: Context | None = None) -> str: ...
+    def radix(self) -> Decimal: ...
+    def rotate(self, other: _Decimal, context: Context | None = None) -> Decimal: ...
+    def scaleb(self, other: _Decimal, context: Context | None = None) -> Decimal: ...
+    def shift(self, other: _Decimal, context: Context | None = None) -> Decimal: ...
+    def __reduce__(self) -> tuple[type[Self], tuple[str]]: ...
+    def __copy__(self) -> Self: ...
+    def __deepcopy__(self, memo: Any, /) -> Self: ...
+    def __format__(self, specifier: str, context: Context | None = ..., /) -> str: ...
+
+class _ContextManager:
+    new_context: Context
+    saved_context: Context
+    def __init__(self, new_context: Context) -> None: ...
+    def __enter__(self) -> Context: ...
+    def __exit__(self, t: type[BaseException] | None, v: BaseException | None, tb: TracebackType | None) -> None: ...
+
+_TrapType: TypeAlias = type[DecimalException]
+
+class Context:
+    # TODO: Context doesn't allow you to delete *any* attributes from instances of the class at runtime,
+    # even settable attributes like `prec` and `rounding`,
+    # but that's inexpressable in the stub.
+    # Type checkers either ignore it or misinterpret it
+    # if you add a `def __delattr__(self, name: str, /) -> NoReturn` method to the stub
+    prec: int
+    rounding: str
+    Emin: int
+    Emax: int
+    capitals: int
+    clamp: int
+    traps: dict[_TrapType, bool]
+    flags: dict[_TrapType, bool]
+    def __init__(
+        self,
+        prec: int | None = ...,
+        rounding: str | None = ...,
+        Emin: int | None = ...,
+        Emax: int | None = ...,
+        capitals: int | None = ...,
+        clamp: int | None = ...,
+        flags: None | dict[_TrapType, bool] | Container[_TrapType] = ...,
+        traps: None | dict[_TrapType, bool] | Container[_TrapType] = ...,
+        _ignored_flags: list[_TrapType] | None = ...,
+    ) -> None: ...
+    def __reduce__(self) -> tuple[type[Self], tuple[Any, ...]]: ...
+    def clear_flags(self) -> None: ...
+    def clear_traps(self) -> None: ...
+    def copy(self) -> Context: ...
+    def __copy__(self) -> Context: ...
+    # see https://github.com/python/cpython/issues/94107
+    __hash__: ClassVar[None]  # type: ignore[assignment]
+    def Etiny(self) -> int: ...
+    def Etop(self) -> int: ...
+    def create_decimal(self, num: _DecimalNew = "0", /) -> Decimal: ...
+    def create_decimal_from_float(self, f: float, /) -> Decimal: ...
+    def abs(self, x: _Decimal, /) -> Decimal: ...
+    def add(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def canonical(self, x: Decimal, /) -> Decimal: ...
+    def compare(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def compare_signal(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def compare_total(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def compare_total_mag(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def copy_abs(self, x: _Decimal, /) -> Decimal: ...
+    def copy_decimal(self, x: _Decimal, /) -> Decimal: ...
+    def copy_negate(self, x: _Decimal, /) -> Decimal: ...
+    def copy_sign(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def divide(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def divide_int(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def divmod(self, x: _Decimal, y: _Decimal, /) -> tuple[Decimal, Decimal]: ...
+    def exp(self, x: _Decimal, /) -> Decimal: ...
+    def fma(self, x: _Decimal, y: _Decimal, z: _Decimal, /) -> Decimal: ...
+    def is_canonical(self, x: _Decimal, /) -> bool: ...
+    def is_finite(self, x: _Decimal, /) -> bool: ...
+    def is_infinite(self, x: _Decimal, /) -> bool: ...
+    def is_nan(self, x: _Decimal, /) -> bool: ...
+    def is_normal(self, x: _Decimal, /) -> bool: ...
+    def is_qnan(self, x: _Decimal, /) -> bool: ...
+    def is_signed(self, x: _Decimal, /) -> bool: ...
+    def is_snan(self, x: _Decimal, /) -> bool: ...
+    def is_subnormal(self, x: _Decimal, /) -> bool: ...
+    def is_zero(self, x: _Decimal, /) -> bool: ...
+    def ln(self, x: _Decimal, /) -> Decimal: ...
+    def log10(self, x: _Decimal, /) -> Decimal: ...
+    def logb(self, x: _Decimal, /) -> Decimal: ...
+    def logical_and(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def logical_invert(self, x: _Decimal, /) -> Decimal: ...
+    def logical_or(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def logical_xor(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def max(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def max_mag(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def min(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def min_mag(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def minus(self, x: _Decimal, /) -> Decimal: ...
+    def multiply(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def next_minus(self, x: _Decimal, /) -> Decimal: ...
+    def next_plus(self, x: _Decimal, /) -> Decimal: ...
+    def next_toward(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def normalize(self, x: _Decimal, /) -> Decimal: ...
+    def number_class(self, x: _Decimal, /) -> str: ...
+    def plus(self, x: _Decimal, /) -> Decimal: ...
+    def power(self, a: _Decimal, b: _Decimal, modulo: _Decimal | None = None) -> Decimal: ...
+    def quantize(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def radix(self) -> Decimal: ...
+    def remainder(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def remainder_near(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def rotate(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def same_quantum(self, x: _Decimal, y: _Decimal, /) -> bool: ...
+    def scaleb(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def shift(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def sqrt(self, x: _Decimal, /) -> Decimal: ...
+    def subtract(self, x: _Decimal, y: _Decimal, /) -> Decimal: ...
+    def to_eng_string(self, x: _Decimal, /) -> str: ...
+    def to_sci_string(self, x: _Decimal, /) -> str: ...
+    def to_integral_exact(self, x: _Decimal, /) -> Decimal: ...
+    def to_integral_value(self, x: _Decimal, /) -> Decimal: ...
+    def to_integral(self, x: _Decimal, /) -> Decimal: ...
+
+DefaultContext: Context
+BasicContext: Context
+ExtendedContext: Context
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_dummy_thread.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_dummy_thread.pyi
@@ -0,0 +1,33 @@
+from collections.abc import Callable
+from types import TracebackType
+from typing import Any, NoReturn, overload
+from typing_extensions import TypeVarTuple, Unpack
+
+__all__ = ["error", "start_new_thread", "exit", "get_ident", "allocate_lock", "interrupt_main", "LockType", "RLock"]
+
+_Ts = TypeVarTuple("_Ts")
+
+TIMEOUT_MAX: int
+error = RuntimeError
+
+@overload
+def start_new_thread(function: Callable[[Unpack[_Ts]], object], args: tuple[Unpack[_Ts]]) -> None: ...
+@overload
+def start_new_thread(function: Callable[..., object], args: tuple[Any, ...], kwargs: dict[str, Any]) -> None: ...
+def exit() -> NoReturn: ...
+def get_ident() -> int: ...
+def allocate_lock() -> LockType: ...
+def stack_size(size: int | None = None) -> int: ...
+
+class LockType:
+    locked_status: bool
+    def acquire(self, waitflag: bool | None = None, timeout: int = -1) -> bool: ...
+    def __enter__(self, waitflag: bool | None = None, timeout: int = -1) -> bool: ...
+    def __exit__(self, typ: type[BaseException] | None, val: BaseException | None, tb: TracebackType | None) -> None: ...
+    def release(self) -> bool: ...
+    def locked(self) -> bool: ...
+
+class RLock(LockType):
+    def release(self) -> None: ...  # type: ignore[override]
+
+def interrupt_main() -> None: ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_dummy_threading.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_dummy_threading.pyi
@@ -0,0 +1,164 @@
+import sys
+from _thread import _excepthook, _ExceptHookArgs
+from _typeshed import ProfileFunction, TraceFunction
+from collections.abc import Callable, Iterable, Mapping
+from types import TracebackType
+from typing import Any, TypeVar
+
+_T = TypeVar("_T")
+
+__all__ = [
+    "get_ident",
+    "active_count",
+    "Condition",
+    "current_thread",
+    "enumerate",
+    "main_thread",
+    "TIMEOUT_MAX",
+    "Event",
+    "Lock",
+    "RLock",
+    "Semaphore",
+    "BoundedSemaphore",
+    "Thread",
+    "Barrier",
+    "BrokenBarrierError",
+    "Timer",
+    "ThreadError",
+    "setprofile",
+    "settrace",
+    "local",
+    "stack_size",
+    "ExceptHookArgs",
+    "excepthook",
+]
+
+def active_count() -> int: ...
+def current_thread() -> Thread: ...
+def currentThread() -> Thread: ...
+def get_ident() -> int: ...
+def enumerate() -> list[Thread]: ...
+def main_thread() -> Thread: ...
+def settrace(func: TraceFunction) -> None: ...
+def setprofile(func: ProfileFunction | None) -> None: ...
+def stack_size(size: int | None = None) -> int: ...
+
+TIMEOUT_MAX: float
+
+class ThreadError(Exception): ...
+
+class local:
+    def __getattribute__(self, name: str) -> Any: ...
+    def __setattr__(self, name: str, value: Any) -> None: ...
+    def __delattr__(self, name: str) -> None: ...
+
+class Thread:
+    name: str
+    daemon: bool
+    @property
+    def ident(self) -> int | None: ...
+    def __init__(
+        self,
+        group: None = None,
+        target: Callable[..., object] | None = None,
+        name: str | None = None,
+        args: Iterable[Any] = (),
+        kwargs: Mapping[str, Any] | None = None,
+        *,
+        daemon: bool | None = None,
+    ) -> None: ...
+    def start(self) -> None: ...
+    def run(self) -> None: ...
+    def join(self, timeout: float | None = None) -> None: ...
+    def getName(self) -> str: ...
+    def setName(self, name: str) -> None: ...
+    @property
+    def native_id(self) -> int | None: ...  # only available on some platforms
+    def is_alive(self) -> bool: ...
+    if sys.version_info < (3, 9):
+        def isAlive(self) -> bool: ...
+
+    def isDaemon(self) -> bool: ...
+    def setDaemon(self, daemonic: bool) -> None: ...
+
+class _DummyThread(Thread): ...
+
+class Lock:
+    def __enter__(self) -> bool: ...
+    def __exit__(
+        self, exc_type: type[BaseException] | None, exc_val: BaseException | None, exc_tb: TracebackType | None
+    ) -> bool | None: ...
+    def acquire(self, blocking: bool = ..., timeout: float = ...) -> bool: ...
+    def release(self) -> None: ...
+    def locked(self) -> bool: ...
+
+class _RLock:
+    def __enter__(self) -> bool: ...
+    def __exit__(
+        self, exc_type: type[BaseException] | None, exc_val: BaseException | None, exc_tb: TracebackType | None
+    ) -> bool | None: ...
+    def acquire(self, blocking: bool = True, timeout: float = -1) -> bool: ...
+    def release(self) -> None: ...
+
+RLock = _RLock
+
+class Condition:
+    def __init__(self, lock: Lock | _RLock | None = None) -> None: ...
+    def __enter__(self) -> bool: ...
+    def __exit__(
+        self, exc_type: type[BaseException] | None, exc_val: BaseException | None, exc_tb: TracebackType | None
+    ) -> bool | None: ...
+    def acquire(self, blocking: bool = ..., timeout: float = ...) -> bool: ...
+    def release(self) -> None: ...
+    def wait(self, timeout: float | None = None) -> bool: ...
+    def wait_for(self, predicate: Callable[[], _T], timeout: float | None = None) -> _T: ...
+    def notify(self, n: int = 1) -> None: ...
+    def notify_all(self) -> None: ...
+    def notifyAll(self) -> None: ...
+
+class Semaphore:
+    def __init__(self, value: int = 1) -> None: ...
+    def __exit__(
+        self, exc_type: type[BaseException] | None, exc_val: BaseException | None, exc_tb: TracebackType | None
+    ) -> bool | None: ...
+    def acquire(self, blocking: bool = True, timeout: float | None = None) -> bool: ...
+    def __enter__(self, blocking: bool = True, timeout: float | None = None) -> bool: ...
+    if sys.version_info >= (3, 9):
+        def release(self, n: int = ...) -> None: ...
+    else:
+        def release(self) -> None: ...
+
+class BoundedSemaphore(Semaphore): ...
+
+class Event:
+    def is_set(self) -> bool: ...
+    def set(self) -> None: ...
+    def clear(self) -> None: ...
+    def wait(self, timeout: float | None = None) -> bool: ...
+
+excepthook = _excepthook
+ExceptHookArgs = _ExceptHookArgs
+
+class Timer(Thread):
+    def __init__(
+        self,
+        interval: float,
+        function: Callable[..., object],
+        args: Iterable[Any] | None = None,
+        kwargs: Mapping[str, Any] | None = None,
+    ) -> None: ...
+    def cancel(self) -> None: ...
+
+class Barrier:
+    @property
+    def parties(self) -> int: ...
+    @property
+    def n_waiting(self) -> int: ...
+    @property
+    def broken(self) -> bool: ...
+    def __init__(self, parties: int, action: Callable[[], None] | None = None, timeout: float | None = None) -> None: ...
+    def wait(self, timeout: float | None = None) -> int: ...
+    def reset(self) -> None: ...
+    def abort(self) -> None: ...
+
+class BrokenBarrierError(RuntimeError): ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_heapq.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_heapq.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_imp.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_imp.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_interpchannels.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_interpchannels.pyi
@@ -1,5 +1,5 @@
 from _typeshed import structseq
-from typing import Any, Final, Literal, SupportsIndex, final
+from typing import Final, Literal, SupportsIndex, final
 from typing_extensions import Buffer, Self

 class ChannelError(RuntimeError): ...
@@ -72,15 +72,13 @@ class ChannelInfo(structseq[int], tuple[bool, bool, bool, int, int, int, int, in
    @property
    def send_released(self) -> bool: ...

-def create(unboundop: Literal[1, 2, 3]) -> ChannelID: ...
+def create() -> ChannelID: ...
 def destroy(cid: SupportsIndex) -> None: ...
 def list_all() -> list[ChannelID]: ...
 def list_interpreters(cid: SupportsIndex, *, send: bool) -> list[int]: ...
 def send(cid: SupportsIndex, obj: object, *, blocking: bool = True, timeout: float | None = None) -> None: ...
 def send_buffer(cid: SupportsIndex, obj: Buffer, *, blocking: bool = True, timeout: float | None = None) -> None: ...
-def recv(cid: SupportsIndex, default: object = ...) -> tuple[Any, Literal[1, 2, 3]]: ...
+def recv(cid: SupportsIndex, default: object = ...) -> object: ...
 def close(cid: SupportsIndex, *, send: bool = False, recv: bool = False) -> None: ...
-def get_count(cid: SupportsIndex) -> int: ...
 def get_info(cid: SupportsIndex) -> ChannelInfo: ...
-def get_channel_defaults(cid: SupportsIndex) -> Literal[1, 2, 3]: ...
 def release(cid: SupportsIndex, *, send: bool = False, recv: bool = False, force: bool = False) -> None: ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_interpqueues.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_interpqueues.pyi
@@ -0,0 +1,16 @@
+from typing import Any, SupportsIndex
+
+class QueueError(RuntimeError): ...
+class QueueNotFoundError(QueueError): ...
+
+def bind(qid: SupportsIndex) -> None: ...
+def create(maxsize: SupportsIndex, fmt: SupportsIndex) -> int: ...
+def destroy(qid: SupportsIndex) -> None: ...
+def get(qid: SupportsIndex) -> tuple[Any, int]: ...
+def get_count(qid: SupportsIndex) -> int: ...
+def get_maxsize(qid: SupportsIndex) -> int: ...
+def get_queue_defaults(qid: SupportsIndex) -> tuple[int]: ...
+def is_full(qid: SupportsIndex) -> bool: ...
+def list_all() -> list[tuple[int, int]]: ...
+def put(qid: SupportsIndex, obj: Any, fmt: SupportsIndex) -> None: ...
+def release(qid: SupportsIndex) -> None: ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_interpreters.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_interpreters.pyi
@@ -7,7 +7,7 @@ _Configs: TypeAlias = Literal["default", "isolated", "legacy", "empty", ""]

 class InterpreterError(Exception): ...
 class InterpreterNotFoundError(InterpreterError): ...
-class NotShareableError(ValueError): ...
+class NotShareableError(Exception): ...

 class CrossInterpreterBufferView:
    def __buffer__(self, flags: int, /) -> memoryview: ...
@@ -21,9 +21,7 @@ def get_main() -> tuple[int, int]: ...
 def is_running(id: SupportsIndex, *, restrict: bool = False) -> bool: ...
 def get_config(id: SupportsIndex, *, restrict: bool = False) -> types.SimpleNamespace: ...
 def whence(id: SupportsIndex) -> int: ...
-def exec(
-    id: SupportsIndex, code: str | types.CodeType | Callable[[], object], shared: bool | None = None, *, restrict: bool = False
-) -> None | types.SimpleNamespace: ...
+def exec(id: SupportsIndex, code: str, shared: bool | None = None, *, restrict: bool = False) -> None: ...
 def call(
    id: SupportsIndex,
    callable: Callable[..., object],
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_json.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_json.pyi
@@ -1,6 +1,5 @@
 from collections.abc import Callable
 from typing import Any, final
-from typing_extensions import Self

@final
 class make_encoder:
@@ -20,8 +19,8 @@ class make_encoder:
    def encoder(self) -> Callable[[str], str]: ...
    @property
    def item_separator(self) -> str: ...
-    def __new__(
-        cls,
+    def __init__(
+        self,
        markers: dict[int, Any] | None,
        default: Callable[[Any], Any],
        encoder: Callable[[str], str],
@@ -31,7 +30,7 @@ class make_encoder:
        sort_keys: bool,
        skipkeys: bool,
        allow_nan: bool,
-    ) -> Self: ...
+    ) -> None: ...
    def __call__(self, obj: object, _current_indent_level: int) -> Any: ...

@final
@@ -43,9 +42,8 @@ class make_scanner:
    parse_float: Any
    strict: bool
    # TODO: 'context' needs the attrs above (ducktype), but not __call__.
-    def __new__(cls, context: make_scanner) -> Self: ...
+    def __init__(self, context: make_scanner) -> None: ...
    def __call__(self, string: str, index: int) -> tuple[Any, int]: ...

-def encode_basestring(s: str, /) -> str: ...
 def encode_basestring_ascii(s: str, /) -> str: ...
 def scanstring(string: str, end: int, strict: bool = ...) -> tuple[str, int]: ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_locale.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_locale.pyi
@@ -0,0 +1,100 @@
+import sys
+from _typeshed import StrPath
+from collections.abc import Mapping
+
+LC_CTYPE: int
+LC_COLLATE: int
+LC_TIME: int
+LC_MONETARY: int
+LC_NUMERIC: int
+LC_ALL: int
+CHAR_MAX: int
+
+def setlocale(category: int, locale: str | None = None, /) -> str: ...
+def localeconv() -> Mapping[str, int | str | list[int]]: ...
+
+if sys.version_info >= (3, 11):
+    def getencoding() -> str: ...
+
+def strcoll(os1: str, os2: str, /) -> int: ...
+def strxfrm(string: str, /) -> str: ...
+
+# native gettext functions
+# https://docs.python.org/3/library/locale.html#access-to-message-catalogs
+# https://github.com/python/cpython/blob/f4c03484da59049eb62a9bf7777b963e2267d187/Modules/_localemodule.c#L626
+if sys.platform != "win32":
+    LC_MESSAGES: int
+
+    ABDAY_1: int
+    ABDAY_2: int
+    ABDAY_3: int
+    ABDAY_4: int
+    ABDAY_5: int
+    ABDAY_6: int
+    ABDAY_7: int
+
+    ABMON_1: int
+    ABMON_2: int
+    ABMON_3: int
+    ABMON_4: int
+    ABMON_5: int
+    ABMON_6: int
+    ABMON_7: int
+    ABMON_8: int
+    ABMON_9: int
+    ABMON_10: int
+    ABMON_11: int
+    ABMON_12: int
+
+    DAY_1: int
+    DAY_2: int
+    DAY_3: int
+    DAY_4: int
+    DAY_5: int
+    DAY_6: int
+    DAY_7: int
+
+    ERA: int
+    ERA_D_T_FMT: int
+    ERA_D_FMT: int
+    ERA_T_FMT: int
+
+    MON_1: int
+    MON_2: int
+    MON_3: int
+    MON_4: int
+    MON_5: int
+    MON_6: int
+    MON_7: int
+    MON_8: int
+    MON_9: int
+    MON_10: int
+    MON_11: int
+    MON_12: int
+
+    CODESET: int
+    D_T_FMT: int
+    D_FMT: int
+    T_FMT: int
+    T_FMT_AMPM: int
+    AM_STR: int
+    PM_STR: int
+
+    RADIXCHAR: int
+    THOUSEP: int
+    YESEXPR: int
+    NOEXPR: int
+    CRNCYSTR: int
+    ALT_DIGITS: int
+
+    def nl_langinfo(key: int, /) -> str: ...
+
+    # This is dependent on `libintl.h` which is a part of `gettext`
+    # system dependency. These functions might be missing.
+    # But, we always say that they are present.
+    def gettext(msg: str, /) -> str: ...
+    def dgettext(domain: str | None, msg: str, /) -> str: ...
+    def dcgettext(domain: str | None, msg: str, category: int, /) -> str: ...
+    def textdomain(domain: str | None, /) -> str: ...
+    def bindtextdomain(domain: str, dir: StrPath | None, /) -> str: ...
+    def bind_textdomain_codeset(domain: str, codeset: str | None, /) -> str | None: ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_lsprof.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_lsprof.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_markupbase.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_markupbase.pyi
--- a/Show More
+++ b/Show More