Move docs

Respect SELinux with podman for docker mount
Tested on Fedora 40 with Podman 5.1.1 and ruff "0.5.0" and "latest". source: https://unix.stackexchange.com/q/651198
2024-07-05 15:37:56 -05:00 · 2024-06-29 14:47:57 +02:00 · 2024-06-28 20:51:35 +05:30 · 2024-06-28 09:38:17 -04:00 · 2024-06-28 18:10:00 +05:30 · 2024-06-28 11:41:45 +00:00
988 changed files with 21506 additions and 8043 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -8,6 +8,10 @@ crates/ruff_linter/resources/test/fixtures/pycodestyle/W391_3.py text eol=crlf
 crates/ruff_python_formatter/resources/test/fixtures/ruff/docstring_code_examples_crlf.py text eol=crlf
 crates/ruff_python_formatter/tests/snapshots/format@docstring_code_examples_crlf.py.snap text eol=crlf

+crates/ruff_python_parser/resources/invalid/re_lexing/line_continuation_windows_eol.py text eol=crlf
+crates/ruff_python_parser/resources/invalid/re_lex_logical_token_windows_eol.py text eol=crlf
+crates/ruff_python_parser/resources/invalid/re_lex_logical_token_mac_eol.py text eol=cr
+
 crates/ruff_python_parser/resources/inline linguist-generated=true

 ruff.schema.json linguist-generated=true text=auto eol=lf
--- a/.github/workflows/build-binaries.yml
+++ b/.github/workflows/build-binaries.yml
@@ -1,21 +1,23 @@
-name: "[ruff] Release"
+# Build ruff on all platforms.
+#
+# Generates both wheels (for PyPI) and archived binaries (for GitHub releases).
+#
+# Assumed to run as a subworkflow of .github/workflows/release.yml; specifically, as a local
+# artifacts job within `cargo-dist`.
+name: "Build binaries"

 on:
-  workflow_dispatch:
+  workflow_call:
    inputs:
-      tag:
-        description: "The version to tag, without the leading 'v'. If omitted, will initiate a dry run (no uploads)."
-        type: string
-      sha:
-        description: "The full sha of the commit to be released. If omitted, the latest commit on the default branch will be used."
-        default: ""
+      plan:
+        required: true
        type: string
  pull_request:
    paths:
-      # When we change pyproject.toml, we want to ensure that the maturin builds still work
+      # When we change pyproject.toml, we want to ensure that the maturin builds still work.
      - pyproject.toml
      # And when we change this workflow itself...
-      - .github/workflows/release.yaml
+      - .github/workflows/build-binaries.yml

 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
@@ -23,6 +25,7 @@ concurrency:

 env:
  PACKAGE_NAME: ruff
+  MODULE_NAME: ruff
  PYTHON_VERSION: "3.11"
  CARGO_INCREMENTAL: 0
  CARGO_NET_RETRY: 10
@@ -31,11 +34,12 @@ env:

 jobs:
  sdist:
+    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }}
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
-          ref: ${{ inputs.sha }}
+          submodules: recursive
      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
@@ -49,8 +53,8 @@ jobs:
      - name: "Test sdist"
        run: |
          pip install dist/${{ env.PACKAGE_NAME }}-*.tar.gz --force-reinstall
-          ruff --help
-          python -m ruff --help
+          ${{ env.MODULE_NAME }} --help
+          python -m ${{ env.MODULE_NAME }} --help
      - name: "Upload sdist"
        uses: actions/upload-artifact@v4
        with:
@@ -58,11 +62,12 @@ jobs:
          path: dist

  macos-x86_64:
+    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }}
    runs-on: macos-12
    steps:
      - uses: actions/checkout@v4
        with:
-          ref: ${{ inputs.sha }}
+          submodules: recursive
      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
@@ -74,11 +79,6 @@ jobs:
        with:
          target: x86_64
          args: --release --locked --out dist
-      - name: "Test wheel - x86_64"
-        run: |
-          pip install dist/${{ env.PACKAGE_NAME }}-*.whl --force-reinstall
-          ruff --help
-          python -m ruff --help
      - name: "Upload wheels"
        uses: actions/upload-artifact@v4
        with:
@@ -86,23 +86,29 @@ jobs:
          path: dist
      - name: "Archive binary"
        run: |
-          ARCHIVE_FILE=ruff-${{ inputs.tag }}-x86_64-apple-darwin.tar.gz
-          tar czvf $ARCHIVE_FILE -C target/x86_64-apple-darwin/release ruff
+          TARGET=x86_64-apple-darwin
+          ARCHIVE_NAME=ruff-$TARGET
+          ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz
+
+          mkdir -p $ARCHIVE_NAME
+          cp target/$TARGET/release/ruff $ARCHIVE_NAME/ruff
+          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
        uses: actions/upload-artifact@v4
        with:
-          name: binaries-macos-x86_64
+          name: artifacts-macos-x86_64
          path: |
            *.tar.gz
            *.sha256

  macos-aarch64:
+    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }}
    runs-on: macos-14
    steps:
      - uses: actions/checkout@v4
        with:
-          ref: ${{ inputs.sha }}
+          submodules: recursive
      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
@@ -126,18 +132,24 @@ jobs:
          path: dist
      - name: "Archive binary"
        run: |
-          ARCHIVE_FILE=ruff-${{ inputs.tag }}-aarch64-apple-darwin.tar.gz
-          tar czvf $ARCHIVE_FILE -C target/aarch64-apple-darwin/release ruff
+          TARGET=aarch64-apple-darwin
+          ARCHIVE_NAME=ruff-$TARGET
+          ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz
+
+          mkdir -p $ARCHIVE_NAME
+          cp target/$TARGET/release/ruff $ARCHIVE_NAME/ruff
+          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
        uses: actions/upload-artifact@v4
        with:
-          name: binaries-aarch64-apple-darwin
+          name: artifacts-aarch64-apple-darwin
          path: |
            *.tar.gz
            *.sha256

  windows:
+    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }}
    runs-on: windows-latest
    strategy:
      matrix:
@@ -151,7 +163,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
        with:
-          ref: ${{ inputs.sha }}
+          submodules: recursive
      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
@@ -163,13 +175,16 @@ jobs:
        with:
          target: ${{ matrix.platform.target }}
          args: --release --locked --out dist
+        env:
+          # aarch64 build fails, see https://github.com/PyO3/maturin/issues/2110
+          XWIN_VERSION: 16
      - name: "Test wheel"
        if: ${{ !startsWith(matrix.platform.target, 'aarch64') }}
        shell: bash
        run: |
          python -m pip install dist/${{ env.PACKAGE_NAME }}-*.whl --force-reinstall
-          ruff --help
-          python -m ruff --help
+          ${{ env.MODULE_NAME }} --help
+          python -m ${{ env.MODULE_NAME }} --help
      - name: "Upload wheels"
        uses: actions/upload-artifact@v4
        with:
@@ -178,18 +193,19 @@ jobs:
      - name: "Archive binary"
        shell: bash
        run: |
-          ARCHIVE_FILE=ruff-${{ inputs.tag }}-${{ matrix.platform.target }}.zip
+          ARCHIVE_FILE=ruff-${{ matrix.platform.target }}.zip
          7z a $ARCHIVE_FILE ./target/${{ matrix.platform.target }}/release/ruff.exe
          sha256sum $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
        uses: actions/upload-artifact@v4
        with:
-          name: binaries-${{ matrix.platform.target }}
+          name: artifacts-${{ matrix.platform.target }}
          path: |
            *.zip
            *.sha256

  linux:
+    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }}
    runs-on: ubuntu-latest
    strategy:
      matrix:
@@ -199,7 +215,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
        with:
-          ref: ${{ inputs.sha }}
+          submodules: recursive
      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
@@ -216,27 +232,36 @@ jobs:
        if: ${{ startsWith(matrix.target, 'x86_64') }}
        run: |
          pip install dist/${{ env.PACKAGE_NAME }}-*.whl --force-reinstall
-          ruff --help
-          python -m ruff --help
+          ${{ env.MODULE_NAME }} --help
+          python -m ${{ env.MODULE_NAME }} --help
      - name: "Upload wheels"
        uses: actions/upload-artifact@v4
        with:
          name: wheels-${{ matrix.target }}
          path: dist
      - name: "Archive binary"
+        shell: bash
        run: |
-          ARCHIVE_FILE=ruff-${{ inputs.tag }}-${{ matrix.target }}.tar.gz
-          tar czvf $ARCHIVE_FILE -C target/${{ matrix.target }}/release ruff
+          set -euo pipefail
+
+          TARGET=${{ matrix.target }}
+          ARCHIVE_NAME=ruff-$TARGET
+          ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz
+
+          mkdir -p $ARCHIVE_NAME
+          cp target/$TARGET/release/ruff $ARCHIVE_NAME/ruff
+          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
        uses: actions/upload-artifact@v4
        with:
-          name: binaries-${{ matrix.target }}
+          name: artifacts-${{ matrix.target }}
          path: |
            *.tar.gz
            *.sha256

  linux-cross:
+    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }}
    runs-on: ubuntu-latest
    strategy:
      matrix:
@@ -258,11 +283,13 @@ jobs:
            arch: ppc64
            # see https://github.com/astral-sh/ruff/issues/10073
            maturin_docker_options: -e JEMALLOC_SYS_WITH_LG_PAGE=16
+          - target: arm-unknown-linux-musleabihf
+            arch: arm

    steps:
      - uses: actions/checkout@v4
        with:
-          ref: ${{ inputs.sha }}
+          submodules: recursive
      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
@@ -279,8 +306,8 @@ jobs:
        if: matrix.platform.arch != 'ppc64'
        name: Test wheel
        with:
-          arch: ${{ matrix.platform.arch }}
-          distro: ubuntu20.04
+          arch: ${{ matrix.platform.arch == 'arm' && 'armv6' || matrix.platform.arch }}
+          distro: ${{ matrix.platform.arch == 'arm' && 'bullseye' || 'ubuntu20.04' }}
          githubToken: ${{ github.token }}
          install: |
            apt-get update
@@ -295,19 +322,28 @@ jobs:
          name: wheels-${{ matrix.platform.target }}
          path: dist
      - name: "Archive binary"
+        shell: bash
        run: |
-          ARCHIVE_FILE=ruff-${{ inputs.tag }}-${{ matrix.platform.target }}.tar.gz
-          tar czvf $ARCHIVE_FILE -C target/${{ matrix.platform.target }}/release ruff
+          set -euo pipefail
+
+          TARGET=${{ matrix.platform.target }}
+          ARCHIVE_NAME=ruff-$TARGET
+          ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz
+
+          mkdir -p $ARCHIVE_NAME
+          cp target/$TARGET/release/ruff $ARCHIVE_NAME/ruff
+          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
        uses: actions/upload-artifact@v4
        with:
-          name: binaries-${{ matrix.platform.target }}
+          name: artifacts-${{ matrix.platform.target }}
          path: |
            *.tar.gz
            *.sha256

  musllinux:
+    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }}
    runs-on: ubuntu-latest
    strategy:
      matrix:
@@ -317,7 +353,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
        with:
-          ref: ${{ inputs.sha }}
+          submodules: recursive
      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
@@ -340,26 +376,35 @@ jobs:
            apk add python3
            python -m venv .venv
            .venv/bin/pip3 install ${{ env.PACKAGE_NAME }} --no-index --find-links dist/ --force-reinstall
-            .venv/bin/ruff check --help
+            .venv/bin/${{ env.MODULE_NAME }} --help
      - name: "Upload wheels"
        uses: actions/upload-artifact@v4
        with:
          name: wheels-${{ matrix.target }}
          path: dist
      - name: "Archive binary"
+        shell: bash
        run: |
-          ARCHIVE_FILE=ruff-${{ inputs.tag }}-${{ matrix.target }}.tar.gz
-          tar czvf $ARCHIVE_FILE -C target/${{ matrix.target }}/release ruff
+          set -euo pipefail
+
+          TARGET=${{ matrix.target }}
+          ARCHIVE_NAME=ruff-$TARGET
+          ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz
+
+          mkdir -p $ARCHIVE_NAME
+          cp target/$TARGET/release/ruff $ARCHIVE_NAME/ruff
+          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
        uses: actions/upload-artifact@v4
        with:
-          name: binaries-${{ matrix.target }}
+          name: artifacts-${{ matrix.target }}
          path: |
            *.tar.gz
            *.sha256

  musllinux-cross:
+    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }}
    runs-on: ubuntu-latest
    strategy:
      matrix:
@@ -373,7 +418,7 @@ jobs:
    steps:
      - uses: actions/checkout@v4
        with:
-          ref: ${{ inputs.sha }}
+          submodules: recursive
      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
@@ -397,204 +442,29 @@ jobs:
          run: |
            python -m venv .venv
            .venv/bin/pip3 install ${{ env.PACKAGE_NAME }} --no-index --find-links dist/ --force-reinstall
-            .venv/bin/ruff check --help
+            .venv/bin/${{ env.MODULE_NAME }} --help
      - name: "Upload wheels"
        uses: actions/upload-artifact@v4
        with:
          name: wheels-${{ matrix.platform.target }}
          path: dist
      - name: "Archive binary"
+        shell: bash
        run: |
-          ARCHIVE_FILE=ruff-${{ inputs.tag }}-${{ matrix.platform.target }}.tar.gz
-          tar czvf $ARCHIVE_FILE -C target/${{ matrix.platform.target }}/release ruff
+          set -euo pipefail
+
+          TARGET=${{ matrix.platform.target }}
+          ARCHIVE_NAME=ruff-$TARGET
+          ARCHIVE_FILE=$ARCHIVE_NAME.tar.gz
+
+          mkdir -p $ARCHIVE_NAME
+          cp target/$TARGET/release/ruff $ARCHIVE_NAME/ruff
+          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
        uses: actions/upload-artifact@v4
        with:
-          name: binaries-${{ matrix.platform.target }}
+          name: artifacts-${{ matrix.platform.target }}
          path: |
            *.tar.gz
            *.sha256
-
-  validate-tag:
-    name: Validate tag
-    runs-on: ubuntu-latest
-    # If you don't set an input tag, it's a dry run (no uploads).
-    if: ${{ inputs.tag }}
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: main # We checkout the main branch to check for the commit
-      - name: Check main branch
-        if: ${{ inputs.sha }}
-        run: |
-          # Fetch the main branch since a shallow checkout is used by default
-          git fetch origin main --unshallow
-          if ! git branch --contains ${{ inputs.sha }} | grep -E '(^|\s)main$'; then
-            echo "The specified sha is not on the main branch" >&2
-            exit 1
-          fi
-      - name: Check tag consistency
-        run: |
-          # Switch to the commit we want to release
-          git checkout ${{ inputs.sha }}
-          version=$(grep "version = " pyproject.toml | sed -e 's/version = "\(.*\)"/\1/g')
-          if [ "${{ inputs.tag }}" != "${version}" ]; then
-            echo "The input tag does not match the version from pyproject.toml:" >&2
-            echo "${{ inputs.tag }}" >&2
-            echo "${version}" >&2
-            exit 1
-          else
-            echo "Releasing ${version}"
-          fi
-
-  upload-release:
-    name: Upload to PyPI
-    runs-on: ubuntu-latest
-    needs:
-      - macos-aarch64
-      - macos-x86_64
-      - windows
-      - linux
-      - linux-cross
-      - musllinux
-      - musllinux-cross
-      - validate-tag
-    # If you don't set an input tag, it's a dry run (no uploads).
-    if: ${{ inputs.tag }}
-    environment:
-      name: release
-    permissions:
-      # For pypi trusted publishing
-      id-token: write
-    steps:
-      - uses: actions/download-artifact@v4
-        with:
-          pattern: wheels-*
-          path: wheels
-          merge-multiple: true
-      - name: Publish to PyPi
-        uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          skip-existing: true
-          packages-dir: wheels
-          verbose: true
-
-  tag-release:
-    name: Tag release
-    runs-on: ubuntu-latest
-    needs: upload-release
-    # If you don't set an input tag, it's a dry run (no uploads).
-    if: ${{ inputs.tag }}
-    permissions:
-      # For git tag
-      contents: write
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ inputs.sha }}
-      - name: git tag
-        run: |
-          git config user.email "hey@astral.sh"
-          git config user.name "Ruff Release CI"
-          git tag -m "v${{ inputs.tag }}" "v${{ inputs.tag }}"
-          # If there is duplicate tag, this will fail. The publish to pypi action will have been a noop (due to skip
-          # existing), so we make a non-destructive exit here
-          git push --tags
-
-  publish-release:
-    name: Publish to GitHub
-    runs-on: ubuntu-latest
-    needs: tag-release
-    # If you don't set an input tag, it's a dry run (no uploads).
-    if: ${{ inputs.tag }}
-    permissions:
-      # For GitHub release publishing
-      contents: write
-    steps:
-      - uses: actions/download-artifact@v4
-        with:
-          pattern: binaries-*
-          path: binaries
-          merge-multiple: true
-      - name: "Publish to GitHub"
-        uses: softprops/action-gh-release@v2
-        with:
-          draft: true
-          files: binaries/*
-          tag_name: v${{ inputs.tag }}
-
-  docker-publish:
-    # This action doesn't need to wait on any other task, it's easy to re-tag if something failed and we're validating
-    # the tag here also
-    name: Push Docker image ghcr.io/astral-sh/ruff
-    runs-on: ubuntu-latest
-    environment:
-      name: release
-    permissions:
-      # For the docker push
-      packages: write
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ inputs.sha }}
-
-      - uses: docker/setup-buildx-action@v3
-
-      - uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ghcr.io/astral-sh/ruff
-
-      - name: Check tag consistency
-        # Unlike validate-tag we don't check if the commit is on the main branch, but it seems good enough since we can
-        # change docker tags
-        if: ${{ inputs.tag }}
-        run: |
-          version=$(grep "version = " pyproject.toml | sed -e 's/version = "\(.*\)"/\1/g')
-          if [ "${{ inputs.tag }}" != "${version}" ]; then
-            echo "The input tag does not match the version from pyproject.toml:" >&2
-            echo "${{ inputs.tag }}" >&2
-            echo "${version}" >&2
-            exit 1
-          else
-            echo "Releasing ${version}"
-          fi
-
-      - name: "Build and push Docker image"
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          # Reuse the builder
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          push: ${{ inputs.tag != '' }}
-          tags: ghcr.io/astral-sh/ruff:latest,ghcr.io/astral-sh/ruff:${{ inputs.tag || 'dry-run' }}
-          labels: ${{ steps.meta.outputs.labels }}
-
-  # After the release has been published, we update downstream repositories
-  # This is separate because if this fails the release is still fine, we just need to do some manual workflow triggers
-  update-dependents:
-    name: Update dependents
-    runs-on: ubuntu-latest
-    needs: publish-release
-    steps:
-      - name: "Update pre-commit mirror"
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{ secrets.RUFF_PRE_COMMIT_PAT }}
-          script: |
-            github.rest.actions.createWorkflowDispatch({
-              owner: 'astral-sh',
-              repo: 'ruff-pre-commit',
-              workflow_id: 'main.yml',
-              ref: 'main',
-            })
--- a/.github/workflows/build-docker.yml
+++ b/.github/workflows/build-docker.yml
@@ -0,0 +1,68 @@
+# Build and publish a Docker image.
+#
+# Assumed to run as a subworkflow of .github/workflows/release.yml; specifically, as a local
+# artifacts job within `cargo-dist`.
+#
+# TODO(charlie): Ideally, the publish step would happen as a publish job within `cargo-dist`, but
+# sharing the built image as an artifact between jobs is challenging.
+name: "[ruff] Build Docker image"
+
+on:
+  workflow_call:
+    inputs:
+      plan:
+        required: true
+        type: string
+  pull_request:
+    paths:
+      - .github/workflows/build-docker.yml
+
+jobs:
+  docker-publish:
+    name: Build Docker image (ghcr.io/astral-sh/ruff)
+    runs-on: ubuntu-latest
+    environment:
+      name: release
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - uses: docker/setup-buildx-action@v3
+
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/astral-sh/ruff
+
+      - name: Check tag consistency
+        if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
+        run: |
+          version=$(grep "version = " pyproject.toml | sed -e 's/version = "\(.*\)"/\1/g')
+          if [ "${{ fromJson(inputs.plan).announcement_tag }}" != "${version}" ]; then
+            echo "The input tag does not match the version from pyproject.toml:" >&2
+            echo "${{ fromJson(inputs.plan).announcement_tag }}" >&2
+            echo "${version}" >&2
+            exit 1
+          else
+            echo "Releasing ${version}"
+          fi
+
+      - name: "Build and push Docker image"
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          # Reuse the builder
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          push: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
+          tags: ghcr.io/astral-sh/ruff:latest,ghcr.io/astral-sh/ruff:${{ (inputs.plan != '' && fromJson(inputs.plan).announcement_tag) || 'dry-run' }}
+          labels: ${{ steps.meta.outputs.labels }}
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -257,10 +257,13 @@ jobs:
      - uses: Swatinem/rust-cache@v2
        with:
          workspaces: "fuzz -> target"
-      - name: "Install cargo-fuzz"
-        uses: taiki-e/install-action@v2
+      - name: "Install cargo-binstall"
+        uses: cargo-bins/cargo-binstall@main
        with:
          tool: cargo-fuzz@0.11.2
+      - name: "Install cargo-fuzz"
+        # Download the latest version from quick install and not the github releases because github releases only has MUSL targets.
+        run: cargo binstall cargo-fuzz --force  --disable-strategies crate-meta-data --no-confirm
      - run: cargo fuzz build -s none

  fuzz-parser:
@@ -338,7 +341,7 @@ jobs:
          name: ruff
          path: target/debug

-      - uses: dawidd6/action-download-artifact@v5
+      - uses: dawidd6/action-download-artifact@v6
        name: Download baseline Ruff binary
        with:
          name: ruff
--- a/.github/workflows/notify-dependents.yml
+++ b/.github/workflows/notify-dependents.yml
@@ -0,0 +1,29 @@
+# Notify downstream repositories of a new release.
+#
+# Assumed to run as a subworkflow of .github/workflows/release.yml; specifically, as a post-announce
+# job within `cargo-dist`.
+name: "[ruff] Notify dependents"
+
+on:
+  workflow_call:
+    inputs:
+      plan:
+        required: true
+        type: string
+
+jobs:
+  update-dependents:
+    name: Notify dependents
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Update pre-commit mirror"
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.RUFF_PRE_COMMIT_PAT }}
+          script: |
+            github.rest.actions.createWorkflowDispatch({
+              owner: 'astral-sh',
+              repo: 'ruff-pre-commit',
+              workflow_id: 'main.yml',
+              ref: 'main',
+            })
--- a/.github/workflows/pr-comment.yaml
+++ b/.github/workflows/pr-comment.yaml
@@ -17,7 +17,7 @@ jobs:
  comment:
    runs-on: ubuntu-latest
    steps:
-      - uses: dawidd6/action-download-artifact@v5
+      - uses: dawidd6/action-download-artifact@v6
        name: Download pull request number
        with:
          name: pr-number
@@ -32,7 +32,7 @@ jobs:
            echo "pr-number=$(<pr-number)" >> $GITHUB_OUTPUT
          fi

-      - uses: dawidd6/action-download-artifact@v5
+      - uses: dawidd6/action-download-artifact@v6
        name: "Download ecosystem results"
        id: download-ecosystem-result
        if: steps.pr-number.outputs.pr-number
@@ -48,6 +48,14 @@ jobs:
        id: generate-comment
        if: steps.download-ecosystem-result.outputs.found_artifact == 'true'
        run: |
+          # Guard against malicious ecosystem results that symlink to a secret
+          # file on this runner
+          if [[ -L pr/ecosystem/ecosystem-result ]]
+          then
+              echo "Error: ecosystem-result cannot be a symlink"
+              exit 1
+          fi
+
          # Note this identifier is used to find the comment to update on
          # subsequent runs
          echo '<!-- generated-comment ecosystem -->' >> comment.txt
--- a/.github/workflows/publish-docs.yaml
+++ b/.github/workflows/publish-docs.yaml
@@ -1,3 +1,7 @@
+# Publish the Ruff documentation.
+#
+# Assumed to run as a subworkflow of .github/workflows/release.yml; specifically, as a post-announce
+# job within `cargo-dist`.
 name: mkdocs

 on:
@@ -7,8 +11,11 @@ on:
        description: "The commit SHA, tag, or branch to publish. Uses the default branch if not specified."
        default: ""
        type: string
-  release:
-    types: [published]
+  workflow_call:
+    inputs:
+      plan:
+        required: true
+        type: string

 jobs:
  mkdocs:
--- a/.github/workflows/publish-playground.yaml
+++ b/.github/workflows/publish-playground.yaml
@@ -1,9 +1,16 @@
+# Publish the Ruff playground.
+#
+# Assumed to run as a subworkflow of .github/workflows/release.yml; specifically, as a post-announce
+# job within `cargo-dist`.
 name: "[Playground] Release"

 on:
  workflow_dispatch:
-  release:
-    types: [published]
+  workflow_call:
+    inputs:
+      plan:
+        required: true
+        type: string

 env:
  CARGO_INCREMENTAL: 0
--- a/.github/workflows/publish-pypi.yml
+++ b/.github/workflows/publish-pypi.yml
@@ -0,0 +1,34 @@
+# Publish a release to PyPI.
+#
+# Assumed to run as a subworkflow of .github/workflows/release.yml; specifically, as a publish job
+# within `cargo-dist`.
+name: "[ruff] Publish to PyPI"
+
+on:
+  workflow_call:
+    inputs:
+      plan:
+        required: true
+        type: string
+
+jobs:
+  pypi-publish:
+    name: Upload to PyPI
+    runs-on: ubuntu-latest
+    environment:
+      name: release
+    permissions:
+      # For PyPI's trusted publishing.
+      id-token: write
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          pattern: wheels-*
+          path: wheels
+          merge-multiple: true
+      - name: Publish to PyPi
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          skip-existing: true
+          packages-dir: wheels
+          verbose: true
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -0,0 +1,267 @@
+# Copyright 2022-2024, axodotdev
+# SPDX-License-Identifier: MIT or Apache-2.0
+#
+# CI that:
+#
+# * checks for a Git Tag that looks like a release
+# * builds artifacts with cargo-dist (archives, installers, hashes)
+# * uploads those artifacts to temporary workflow zip
+# * on success, uploads the artifacts to a GitHub Release
+#
+# Note that the GitHub Release will be created with a generated
+# title/body based on your changelogs.
+
+name: Release
+
+permissions:
+  contents: write
+
+# This task will run whenever you workflow_dispatch with a tag that looks like a version
+# like "1.0.0", "v0.1.0-prerelease.1", "my-app/0.1.0", "releases/v1.0.0", etc.
+# Various formats will be parsed into a VERSION and an optional PACKAGE_NAME, where
+# PACKAGE_NAME must be the name of a Cargo package in your workspace, and VERSION
+# must be a Cargo-style SemVer Version (must have at least major.minor.patch).
+#
+# If PACKAGE_NAME is specified, then the announcement will be for that
+# package (erroring out if it doesn't have the given version or isn't cargo-dist-able).
+#
+# If PACKAGE_NAME isn't specified, then the announcement will be for all
+# (cargo-dist-able) packages in the workspace with that version (this mode is
+# intended for workspaces with only one dist-able package, or with all dist-able
+# packages versioned/released in lockstep).
+#
+# If you push multiple tags at once, separate instances of this workflow will
+# spin up, creating an independent announcement for each one. However, GitHub
+# will hard limit this to 3 tags per commit, as it will assume more tags is a
+# mistake.
+#
+# If there's a prerelease-style suffix to the version, then the release(s)
+# will be marked as a prerelease.
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: Release Tag
+        required: true
+        default: dry-run
+        type: string
+
+jobs:
+  # Run 'cargo dist plan' (or host) to determine what tasks we need to do
+  plan:
+    runs-on: ubuntu-latest
+    outputs:
+      val: ${{ steps.plan.outputs.manifest }}
+      tag: ${{ (inputs.tag != 'dry-run' && inputs.tag) || '' }}
+      tag-flag: ${{ inputs.tag && inputs.tag != 'dry-run' && format('--tag={0}', inputs.tag) || '' }}
+      publishing: ${{ inputs.tag && inputs.tag != 'dry-run' }}
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - name: Install cargo-dist
+        # we specify bash to get pipefail; it guards against the `curl` command
+        # failing. otherwise `sh` won't catch that `curl` returned non-0
+        shell: bash
+        run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.14.0/cargo-dist-installer.sh | sh"
+      # sure would be cool if github gave us proper conditionals...
+      # so here's a doubly-nested ternary-via-truthiness to try to provide the best possible
+      # functionality based on whether this is a pull_request, and whether it's from a fork.
+      # (PRs run on the *source* but secrets are usually on the *target* -- that's *good*
+      # but also really annoying to build CI around when it needs secrets to work right.)
+      - id: plan
+        run: |
+          cargo dist ${{ (inputs.tag && inputs.tag != 'dry-run' && format('host --steps=create --tag={0}', inputs.tag)) || 'plan' }} --output-format=json > plan-dist-manifest.json
+          echo "cargo dist ran successfully"
+          cat plan-dist-manifest.json
+          echo "manifest=$(jq -c "." plan-dist-manifest.json)" >> "$GITHUB_OUTPUT"
+      - name: "Upload dist-manifest.json"
+        uses: actions/upload-artifact@v4
+        with:
+          name: artifacts-plan-dist-manifest
+          path: plan-dist-manifest.json
+
+  custom-build-binaries:
+    needs:
+      - plan
+    if: ${{ needs.plan.outputs.publishing == 'true' || fromJson(needs.plan.outputs.val).ci.github.pr_run_mode == 'upload' || inputs.tag == 'dry-run' }}
+    uses: ./.github/workflows/build-binaries.yml
+    with:
+      plan: ${{ needs.plan.outputs.val }}
+    secrets: inherit
+
+  custom-build-docker:
+    needs:
+      - plan
+    if: ${{ needs.plan.outputs.publishing == 'true' || fromJson(needs.plan.outputs.val).ci.github.pr_run_mode == 'upload' || inputs.tag == 'dry-run' }}
+    uses: ./.github/workflows/build-docker.yml
+    with:
+      plan: ${{ needs.plan.outputs.val }}
+    secrets: inherit
+    permissions:
+      packages: write
+      contents: read
+
+  # Build and package all the platform-agnostic(ish) things
+  build-global-artifacts:
+    needs:
+      - plan
+      - custom-build-binaries
+      - custom-build-docker
+    runs-on: "ubuntu-20.04"
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      BUILD_MANIFEST_NAME: target/distrib/global-dist-manifest.json
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - name: Install cargo-dist
+        shell: bash
+        run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.14.0/cargo-dist-installer.sh | sh"
+      # Get all the local artifacts for the global tasks to use (for e.g. checksums)
+      - name: Fetch local artifacts
+        uses: actions/download-artifact@v4
+        with:
+          pattern: artifacts-*
+          path: target/distrib/
+          merge-multiple: true
+      - id: cargo-dist
+        shell: bash
+        run: |
+          cargo dist build ${{ needs.plan.outputs.tag-flag }} --output-format=json "--artifacts=global" > dist-manifest.json
+          echo "cargo dist ran successfully"
+
+          # Parse out what we just built and upload it to scratch storage
+          echo "paths<<EOF" >> "$GITHUB_OUTPUT"
+          jq --raw-output ".upload_files[]" dist-manifest.json >> "$GITHUB_OUTPUT"
+          echo "EOF" >> "$GITHUB_OUTPUT"
+
+          cp dist-manifest.json "$BUILD_MANIFEST_NAME"
+      - name: "Upload artifacts"
+        uses: actions/upload-artifact@v4
+        with:
+          name: artifacts-build-global
+          path: |
+            ${{ steps.cargo-dist.outputs.paths }}
+            ${{ env.BUILD_MANIFEST_NAME }}
+  # Determines if we should publish/announce
+  host:
+    needs:
+      - plan
+      - custom-build-binaries
+      - custom-build-docker
+      - build-global-artifacts
+    # Only run if we're "publishing", and only if local and global didn't fail (skipped is fine)
+    if: ${{ always() && needs.plan.outputs.publishing == 'true' && (needs.build-global-artifacts.result == 'skipped' || needs.build-global-artifacts.result == 'success') && (needs.custom-build-binaries.result == 'skipped' || needs.custom-build-binaries.result == 'success') && (needs.custom-build-docker.result == 'skipped' || needs.custom-build-docker.result == 'success') }}
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    runs-on: "ubuntu-20.04"
+    outputs:
+      val: ${{ steps.host.outputs.manifest }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - name: Install cargo-dist
+        run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.14.0/cargo-dist-installer.sh | sh"
+      # Fetch artifacts from scratch-storage
+      - name: Fetch artifacts
+        uses: actions/download-artifact@v4
+        with:
+          pattern: artifacts-*
+          path: target/distrib/
+          merge-multiple: true
+      # This is a harmless no-op for GitHub Releases, hosting for that happens in "announce"
+      - id: host
+        shell: bash
+        run: |
+          cargo dist host ${{ needs.plan.outputs.tag-flag }} --steps=upload --steps=release --output-format=json > dist-manifest.json
+          echo "artifacts uploaded and released successfully"
+          cat dist-manifest.json
+          echo "manifest=$(jq -c "." dist-manifest.json)" >> "$GITHUB_OUTPUT"
+      - name: "Upload dist-manifest.json"
+        uses: actions/upload-artifact@v4
+        with:
+          # Overwrite the previous copy
+          name: artifacts-dist-manifest
+          path: dist-manifest.json
+
+  custom-publish-pypi:
+    needs:
+      - plan
+      - host
+    if: ${{ !fromJson(needs.plan.outputs.val).announcement_is_prerelease || fromJson(needs.plan.outputs.val).publish_prereleases }}
+    uses: ./.github/workflows/publish-pypi.yml
+    with:
+      plan: ${{ needs.plan.outputs.val }}
+    secrets: inherit
+    # publish jobs get escalated permissions
+    permissions:
+      id-token: write
+      packages: write
+
+  # Create a GitHub Release while uploading all files to it
+  announce:
+    needs:
+      - plan
+      - host
+      - custom-publish-pypi
+    # use "always() && ..." to allow us to wait for all publish jobs while
+    # still allowing individual publish jobs to skip themselves (for prereleases).
+    # "host" however must run to completion, no skipping allowed!
+    if: ${{ always() && needs.host.result == 'success' && (needs.custom-publish-pypi.result == 'skipped' || needs.custom-publish-pypi.result == 'success') }}
+    runs-on: "ubuntu-20.04"
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - name: "Download GitHub Artifacts"
+        uses: actions/download-artifact@v4
+        with:
+          pattern: artifacts-*
+          path: artifacts
+          merge-multiple: true
+      - name: Cleanup
+        run: |
+          # Remove the granular manifests
+          rm -f artifacts/*-dist-manifest.json
+      - name: Create GitHub Release
+        uses: ncipollo/release-action@v1
+        with:
+          tag: ${{ needs.plan.outputs.tag }}
+          name: ${{ fromJson(needs.host.outputs.val).announcement_title }}
+          body: ${{ fromJson(needs.host.outputs.val).announcement_github_body }}
+          prerelease: ${{ fromJson(needs.host.outputs.val).announcement_is_prerelease }}
+          artifacts: "artifacts/*"
+
+  custom-notify-dependents:
+    needs:
+      - plan
+      - announce
+    uses: ./.github/workflows/notify-dependents.yml
+    with:
+      plan: ${{ needs.plan.outputs.val }}
+    secrets: inherit
+
+  custom-publish-docs:
+    needs:
+      - plan
+      - announce
+    uses: ./.github/workflows/publish-docs.yml
+    with:
+      plan: ${{ needs.plan.outputs.val }}
+    secrets: inherit
+
+  custom-publish-playground:
+    needs:
+      - plan
+      - announce
+    uses: ./.github/workflows/publish-playground.yml
+    with:
+      plan: ${{ needs.plan.outputs.val }}
+    secrets: inherit
--- a/.github/workflows/sync_typeshed.yaml
+++ b/.github/workflows/sync_typeshed.yaml
@@ -37,13 +37,13 @@ jobs:
      - name: Sync typeshed
        id: sync
        run: |
-          rm -rf ruff/crates/red_knot/vendor/typeshed
-          mkdir ruff/crates/red_knot/vendor/typeshed
-          cp typeshed/README.md ruff/crates/red_knot/vendor/typeshed
-          cp typeshed/LICENSE ruff/crates/red_knot/vendor/typeshed
-          cp -r typeshed/stdlib ruff/crates/red_knot/vendor/typeshed/stdlib
-          rm -rf ruff/crates/red_knot/vendor/typeshed/stdlib/@tests
-          git -C typeshed rev-parse HEAD > ruff/crates/red_knot/vendor/typeshed/source_commit.txt
+          rm -rf ruff/crates/red_knot_module_resolver/vendor/typeshed
+          mkdir ruff/crates/red_knot_module_resolver/vendor/typeshed
+          cp typeshed/README.md ruff/crates/red_knot_module_resolver/vendor/typeshed
+          cp typeshed/LICENSE ruff/crates/red_knot_module_resolver/vendor/typeshed
+          cp -r typeshed/stdlib ruff/crates/red_knot_module_resolver/vendor/typeshed/stdlib
+          rm -rf ruff/crates/red_knot_module_resolver/vendor/typeshed/stdlib/@tests
+          git -C typeshed rev-parse HEAD > ruff/crates/red_knot_module_resolver/vendor/typeshed/source_commit.txt
      - name: Commit the changes
        id: commit
        if: ${{ steps.sync.outcome == 'success' }}
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -2,7 +2,7 @@ fail_fast: true

 exclude: |
  (?x)^(
-    crates/red_knot/vendor/.*|
+    crates/red_knot_module_resolver/vendor/.*|
    crates/ruff_linter/resources/.*|
    crates/ruff_linter/src/rules/.*/snapshots/.*|
    crates/ruff/resources/.*|
@@ -42,7 +42,7 @@ repos:
          )$

  - repo: https://github.com/crate-ci/typos
-    rev: v1.22.3
+    rev: v1.22.9
    hooks:
      - id: typos

@@ -56,7 +56,7 @@ repos:
        pass_filenames: false # This makes it a lot faster

  - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.4.8
+    rev: v0.4.10
    hooks:
      - id: ruff-format
      - id: ruff
--- a/.prettierignore
+++ b/.prettierignore
@@ -0,0 +1,2 @@
+# Auto-generated by `cargo-dist`.
+.github/workflows/release.yml
--- a/BREAKING_CHANGES.md
+++ b/BREAKING_CHANGES.md
@@ -1,5 +1,12 @@
 # Breaking Changes

+## 0.5.0
+
+- Follow the XDG specification to discover user-level configurations on macOS (same as on other Unix platforms)
+- Selecting `ALL` now excludes deprecated rules
+- The released archives now include an extra level of nesting, which can be removed with `--strip-components=1` when untarring.
+- The release artifact's file name no longer includes the version tag. This enables users to install via `/latest` URLs on GitHub.
+
 ## 0.3.0

 ### Ruff 2024.2 style
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,196 @@
 # Changelog

+## 0.5.0
+
+Check out the [blog post](https://astral.sh/blog/ruff-v0.5.0) for a migration guide and overview of the changes!
+
+### Breaking changes
+
+See also, the "Remapped rules" section which may result in disabled rules.
+
+- Follow the XDG specification to discover user-level configurations on macOS (same as on other Unix platforms)
+- Selecting `ALL` now excludes deprecated rules
+- The released archives now include an extra level of nesting, which can be removed with `--strip-components=1` when untarring.
+- The release artifact's file name no longer includes the version tag. This enables users to install via `/latest` URLs on GitHub.
+- The diagnostic ranges for some `flake8-bandit` rules were modified ([#10667](https://github.com/astral-sh/ruff/pull/10667)).
+
+### Deprecations
+
+The following rules are now deprecated:
+
+- [`syntax-error`](https://docs.astral.sh/ruff/rules/syntax-error/) (`E999`): Syntax errors are now always shown
+
+### Remapped rules
+
+The following rules have been remapped to new rule codes:
+
+- [`blocking-http-call-in-async-function`](https://docs.astral.sh/ruff/rules/blocking-http-call-in-async-function/): `ASYNC100` to `ASYNC210`
+- [`open-sleep-or-subprocess-in-async-function`](https://docs.astral.sh/ruff/rules/open-sleep-or-subprocess-in-async-function/): `ASYNC101` split into `ASYNC220`, `ASYNC221`, `ASYNC230`, and `ASYNC251`
+- [`blocking-os-call-in-async-function`](https://docs.astral.sh/ruff/rules/blocking-os-call-in-async-function/): `ASYNC102` has been merged into `ASYNC220` and `ASYNC221`
+- [`trio-timeout-without-await`](https://docs.astral.sh/ruff/rules/trio-timeout-without-await/): `TRIO100` to `ASYNC100`
+- [`trio-sync-call`](https://docs.astral.sh/ruff/rules/trio-sync-call/): `TRIO105` to `ASYNC105`
+- [`trio-async-function-with-timeout`](https://docs.astral.sh/ruff/rules/trio-async-function-with-timeout/): `TRIO109` to `ASYNC109`
+- [`trio-unneeded-sleep`](https://docs.astral.sh/ruff/rules/trio-unneeded-sleep/): `TRIO110` to `ASYNC110`
+- [`trio-zero-sleep-call`](https://docs.astral.sh/ruff/rules/trio-zero-sleep-call/): `TRIO115` to `ASYNC115`
+- [`repeated-isinstance-calls`](https://docs.astral.sh/ruff/rules/repeated-isinstance-calls/): `PLR1701` to `SIM101`
+
+### Stabilization
+
+The following rules have been stabilized and are no longer in preview:
+
+- [`mutable-fromkeys-value`](https://docs.astral.sh/ruff/rules/mutable-fromkeys-value/) (`RUF024`)
+- [`default-factory-kwarg`](https://docs.astral.sh/ruff/rules/default-factory-kwarg/) (`RUF026`)
+- [`django-extra`](https://docs.astral.sh/ruff/rules/django-extra/) (`S610`)
+- [`manual-dict-comprehension`](https://docs.astral.sh/ruff/rules/manual-dict-comprehension/) (`PERF403`)
+- [`print-empty-string`](https://docs.astral.sh/ruff/rules/print-empty-string/) (`FURB105`)
+- [`readlines-in-for`](https://docs.astral.sh/ruff/rules/readlines-in-for/) (`FURB129`)
+- [`if-expr-min-max`](https://docs.astral.sh/ruff/rules/if-expr-min-max/) (`FURB136`)
+- [`bit-count`](https://docs.astral.sh/ruff/rules/bit-count/) (`FURB161`)
+- [`redundant-log-base`](https://docs.astral.sh/ruff/rules/redundant-log-base/) (`FURB163`)
+- [`regex-flag-alias`](https://docs.astral.sh/ruff/rules/regex-flag-alias/) (`FURB167`)
+- [`isinstance-type-none`](https://docs.astral.sh/ruff/rules/isinstance-type-none/) (`FURB168`)
+- [`type-none-comparison`](https://docs.astral.sh/ruff/rules/type-none-comparison/) (`FURB169`)
+- [`implicit-cwd`](https://docs.astral.sh/ruff/rules/implicit-cwd/) (`FURB177`)
+- [`hashlib-digest-hex`](https://docs.astral.sh/ruff/rules/hashlib-digest-hex/) (`FURB181`)
+- [`list-reverse-copy`](https://docs.astral.sh/ruff/rules/list-reverse-copy/) (`FURB187`)
+- [`bad-open-mode`](https://docs.astral.sh/ruff/rules/bad-open-mode/) (`PLW1501`)
+- [`empty-comment`](https://docs.astral.sh/ruff/rules/empty-comment/) (`PLR2044`)
+- [`global-at-module-level`](https://docs.astral.sh/ruff/rules/global-at-module-level/) (`PLW0604`)
+- [`misplaced-bare-raise`](https://docs.astral.sh/ruff/rules/misplaced-bare-raise%60/) (`PLE0744`)
+- [`non-ascii-import-name`](https://docs.astral.sh/ruff/rules/non-ascii-import-name/) (`PLC2403`)
+- [`non-ascii-name`](https://docs.astral.sh/ruff/rules/non-ascii-name/) (`PLC2401`)
+- [`nonlocal-and-global`](https://docs.astral.sh/ruff/rules/nonlocal-and-global/) (`PLE0115`)
+- [`potential-index-error`](https://docs.astral.sh/ruff/rules/potential-index-error/) (`PLE0643`)
+- [`redeclared-assigned-name`](https://docs.astral.sh/ruff/rules/redeclared-assigned-name/) (`PLW0128`)
+- [`redefined-argument-from-local`](https://docs.astral.sh/ruff/rules/redefined-argument-from-local/) (`PLR1704`)
+- [`repeated-keyword-argument`](https://docs.astral.sh/ruff/rules/repeated-keyword-argument/) (`PLE1132`)
+- [`super-without-brackets`](https://docs.astral.sh/ruff/rules/super-without-brackets/) (`PLW0245`)
+- [`unnecessary-list-index-lookup`](https://docs.astral.sh/ruff/rules/unnecessary-list-index-lookup/) (`PLR1736`)
+- [`useless-exception-statement`](https://docs.astral.sh/ruff/rules/useless-exception-statement/) (`PLW0133`)
+- [`useless-with-lock`](https://docs.astral.sh/ruff/rules/useless-with-lock/) (`PLW2101`)
+
+The following behaviors have been stabilized:
+
+- [`is-literal`](https://docs.astral.sh/ruff/rules/is-literal/) (`F632`) now warns for identity checks against list, set or dictionary literals
+- [`needless-bool`](https://docs.astral.sh/ruff/rules/needless-bool/) (`SIM103`) now detects `if` expressions with implicit `else` branches
+- [`module-import-not-at-top-of-file`](https://docs.astral.sh/ruff/rules/module-import-not-at-top-of-file/) (`E402`) now allows `os.environ` modifications between import statements
+- [`type-comparison`](https://docs.astral.sh/ruff/rules/type-comparison/) (`E721`) now allows idioms such as `type(x) is int`
+- [`yoda-condition`](https://docs.astral.sh/ruff/rules/yoda-conditions/) (`SIM300`) now flags a wider range of expressions
+
+### Removals
+
+The following deprecated settings have been removed:
+
+- `output-format=text`; use `output-format=concise` or `output-format=full`
+- `tab-size`; use `indent-width`
+
+The following deprecated CLI options have been removed:
+
+- `--show-source`; use `--output-format=full`
+- `--no-show-source`; use `--output-format=concise`
+
+The following deprecated CLI commands have been removed:
+
+- `ruff <path>`; use `ruff check <path>`
+- `ruff --clean`; use `ruff clean`
+- `ruff --generate-shell-completion`; use `ruff generate-shell-completion`
+
+### Preview features
+
+- \[`ruff`\] Add `assert-with-print-message` rule ([#11981](https://github.com/astral-sh/ruff/pull/11981))
+
+### CLI
+
+- Use rule name rather than message in `--statistics` ([#11697](https://github.com/astral-sh/ruff/pull/11697))
+- Use the output format `full` by default ([#12010](https://github.com/astral-sh/ruff/pull/12010))
+- Don't log syntax errors to the console ([#11902](https://github.com/astral-sh/ruff/pull/11902))
+
+### Rule changes
+
+- \[`ruff`\] Fix false positives if `gettext` is imported using an alias (`RUF027`) ([#12025](https://github.com/astral-sh/ruff/pull/12025))
+- \[`numpy`\] Update `trapz` and `in1d` deprecation (`NPY201`) ([#11948](https://github.com/astral-sh/ruff/pull/11948))
+- \[`flake8-bandit`\] Modify diagnostic ranges for shell-related rules ([#10667](https://github.com/astral-sh/ruff/pull/10667))
+
+### Server
+
+- Closing an untitled, unsaved notebook document no longer throws an error ([#11942](https://github.com/astral-sh/ruff/pull/11942))
+- Support the usage of tildes and environment variables in `logFile` ([#11945](https://github.com/astral-sh/ruff/pull/11945))
+- Add option to configure whether to show syntax errors ([#12059](https://github.com/astral-sh/ruff/pull/12059))
+
+### Bug fixes
+
+- \[`pycodestyle`\] Avoid `E203` for f-string debug expression ([#12024](https://github.com/astral-sh/ruff/pull/12024))
+- \[`pep8-naming`\] Match import-name ignores against both name and alias (`N812`, `N817`) ([#12033](https://github.com/astral-sh/ruff/pull/12033))
+- \[`pyflakes`\] Detect assignments that shadow definitions (`F811`) ([#11961](https://github.com/astral-sh/ruff/pull/11961))
+
+### Parser
+
+- Emit a syntax error for an empty type parameter list ([#12030](https://github.com/astral-sh/ruff/pull/12030))
+- Avoid consuming the newline for unterminated strings ([#12067](https://github.com/astral-sh/ruff/pull/12067))
+- Do not include the newline in the unterminated string range ([#12017](https://github.com/astral-sh/ruff/pull/12017))
+- Use the correct range to highlight line continuation errors ([#12016](https://github.com/astral-sh/ruff/pull/12016))
+- Consider 2-character EOL before line continuations ([#12035](https://github.com/astral-sh/ruff/pull/12035))
+- Consider line continuation character for re-lexing ([#12008](https://github.com/astral-sh/ruff/pull/12008))
+
+### Other changes
+
+- Upgrade the Unicode table used for measuring the line-length ([#11194](https://github.com/astral-sh/ruff/pull/11194))
+- Remove the deprecation error message for the nursery selector ([#10172](https://github.com/astral-sh/ruff/pull/10172))
+
+## 0.4.10
+
+### Parser
+
+- Implement re-lexing logic for better error recovery ([#11845](https://github.com/astral-sh/ruff/pull/11845))
+
+### Rule changes
+
+- \[`flake8-copyright`\] Update `CPY001` to check the first 4096 bytes instead of 1024 ([#11927](https://github.com/astral-sh/ruff/pull/11927))
+- \[`pycodestyle`\] Update `E999` to show all syntax errors instead of just the first one ([#11900](https://github.com/astral-sh/ruff/pull/11900))
+
+### Server
+
+- Add tracing setup guide to Helix documentation ([#11883](https://github.com/astral-sh/ruff/pull/11883))
+- Add tracing setup guide to Neovim documentation ([#11884](https://github.com/astral-sh/ruff/pull/11884))
+- Defer notebook cell deletion to avoid an error message ([#11864](https://github.com/astral-sh/ruff/pull/11864))
+
+### Security
+
+- Guard against malicious ecosystem comment artifacts ([#11879](https://github.com/astral-sh/ruff/pull/11879))
+
+## 0.4.9
+
+### Preview features
+
+- \[`pylint`\] Implement `consider-dict-items` (`C0206`) ([#11688](https://github.com/astral-sh/ruff/pull/11688))
+- \[`refurb`\] Implement `repeated-global` (`FURB154`) ([#11187](https://github.com/astral-sh/ruff/pull/11187))
+
+### Rule changes
+
+- \[`pycodestyle`\] Adapt fix for `E203` to work identical to `ruff format` ([#10999](https://github.com/astral-sh/ruff/pull/10999))
+
+### Formatter
+
+- Fix formatter instability for lines only consisting of zero-width characters ([#11748](https://github.com/astral-sh/ruff/pull/11748))
+
+### Server
+
+- Add supported commands in server capabilities ([#11850](https://github.com/astral-sh/ruff/pull/11850))
+- Use real file path when available in `ruff server` ([#11800](https://github.com/astral-sh/ruff/pull/11800))
+- Improve error message when a command is run on an unavailable document ([#11823](https://github.com/astral-sh/ruff/pull/11823))
+- Introduce the `ruff.printDebugInformation` command ([#11831](https://github.com/astral-sh/ruff/pull/11831))
+- Tracing system now respects log level and trace level, with options to log to a file ([#11747](https://github.com/astral-sh/ruff/pull/11747))
+
+### CLI
+
+- Handle non-printable characters in diff view ([#11687](https://github.com/astral-sh/ruff/pull/11687))
+
+### Bug fixes
+
+- \[`refurb`\] Avoid suggesting starmap when arguments are used outside call (`FURB140`) ([#11830](https://github.com/astral-sh/ruff/pull/11830))
+- \[`flake8-bugbear`\] Avoid panic in `B909` when checking large loop blocks ([#11772](https://github.com/astral-sh/ruff/pull/11772))
+- \[`refurb`\] Fix misbehavior of `operator.itemgetter` when getter param is a tuple (`FURB118`) ([#11774](https://github.com/astral-sh/ruff/pull/11774))
+
 ## 0.4.8

 ### Performance
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -346,22 +346,21 @@ even patch releases may contain [non-backwards-compatible changes](https://semve
 1. Run `cargo check`. This should update the lock file with new versions.
 1. Create a pull request with the changelog and version updates
 1. Merge the PR
-1. Run the [release workflow](https://github.com/astral-sh/ruff/actions/workflows/release.yaml) with:
+1. Run the [release workflow](https://github.com/astral-sh/ruff/actions/workflows/release.yml) with:
    - The new version number (without starting `v`)
-    - The commit hash of the merged release pull request on `main`
 1. The release workflow will do the following:
    1. Build all the assets. If this fails (even though we tested in step 4), we haven't tagged or
-        uploaded anything, you can restart after pushing a fix.
+        uploaded anything, you can restart after pushing a fix. If you just need to rerun the build,
+        make sure you're [re-running all the failed
+        jobs](https://docs.github.com/en/actions/managing-workflow-runs/re-running-workflows-and-jobs#re-running-failed-jobs-in-a-workflow) and not just a single failed job.
    1. Upload to PyPI.
    1. Create and push the Git tag (as extracted from `pyproject.toml`). We create the Git tag only
        after building the wheels and uploading to PyPI, since we can't delete or modify the tag ([#4468](https://github.com/astral-sh/ruff/issues/4468)).
    1. Attach artifacts to draft GitHub release
    1. Trigger downstream repositories. This can fail non-catastrophically, as we can run any
        downstream jobs manually if needed.
-1. Publish the GitHub release
-    1. Open the draft release in the GitHub release section
-    1. Copy the changelog for the release into the GitHub release
-        - See previous releases for formatting of section headers
+1. Verify the GitHub release:
+    1. The Changelog should match the content of `CHANGELOG.md`
    1. Append the contributors from the `bump.sh` script
 1. If needed, [update the schemastore](https://github.com/astral-sh/ruff/blob/main/scripts/update_schemastore.py).
    1. One can determine if an update is needed when
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -305,9 +305,9 @@ dependencies = [

 [[package]]
 name = "clap"
-version = "4.5.6"
+version = "4.5.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a9689a29b593160de5bc4aacab7b5d54fb52231de70122626c178e6a368994c7"
+checksum = "5db83dced34638ad474f39f250d7fea9598bdd239eaced1bdf45d597da0f433f"
 dependencies = [
 "clap_builder",
 "clap_derive",
@@ -315,9 +315,9 @@ dependencies = [

 [[package]]
 name = "clap_builder"
-version = "4.5.6"
+version = "4.5.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2e5387378c84f6faa26890ebf9f0a92989f8873d4d380467bcd0d8d8620424df"
+checksum = "f7e204572485eb3fbf28f871612191521df159bc3e15a9f5064c66dba3a8c05f"
 dependencies = [
 "anstream",
 "anstyle",
@@ -376,7 +376,7 @@ dependencies = [
 "heck 0.5.0",
 "proc-macro2",
 "quote",
- "syn 2.0.66",
+ "syn",
 ]

 [[package]]
@@ -617,7 +617,7 @@ dependencies = [
 "proc-macro2",
 "quote",
 "strsim 0.10.0",
- "syn 2.0.66",
+ "syn",
 ]

 [[package]]
@@ -628,7 +628,7 @@ checksum = "a668eda54683121533a393014d8692171709ff57a7d61f187b6e782719f8933f"
 dependencies = [
 "darling_core",
 "quote",
- "syn 2.0.66",
+ "syn",
 ]

 [[package]]
@@ -754,6 +754,17 @@ dependencies = [
 "windows-sys 0.52.0",
 ]

+[[package]]
+name = "etcetera"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "136d1b5283a1ab77bd9257427ffd09d8667ced0570b6f938942bc7568ed5b943"
+dependencies = [
+ "cfg-if",
+ "home",
+ "windows-sys 0.48.0",
+]
+
 [[package]]
 name = "eyre"
 version = "0.6.12"
@@ -1129,7 +1140,7 @@ dependencies = [
 "Inflector",
 "proc-macro2",
 "quote",
- "syn 2.0.66",
+ "syn",
 ]

 [[package]]
@@ -1255,14 +1266,14 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a2ae40017ac09cd2c6a53504cb3c871c7f2b41466eac5bc66ba63f39073b467b"
 dependencies = [
 "quote",
- "syn 2.0.66",
+ "syn",
 ]

 [[package]]
 name = "libmimalloc-sys"
-version = "0.1.38"
+version = "0.1.39"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0e7bb23d733dfcc8af652a78b7bf232f0e967710d044732185e561e47c0336b6"
+checksum = "23aa6811d3bd4deb8a84dde645f943476d13b248d818edcf8ce0b2f37f036b44"
 dependencies = [
 "cc",
 "libc",
@@ -1353,15 +1364,15 @@ checksum = "540f1c43aed89909c0cc0cc604e3bb2f7e7a341a3728a9e6cfe760e733cd11ed"

 [[package]]
 name = "memchr"
-version = "2.7.2"
+version = "2.7.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d"
+checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3"

 [[package]]
 name = "mimalloc"
-version = "0.1.42"
+version = "0.1.43"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e9186d86b79b52f4a77af65604b51225e8db1d6ee7e3f41aec1e40829c71a176"
+checksum = "68914350ae34959d83f732418d51e2427a794055d0b9529f48259ac07af65633"
 dependencies = [
 "libmimalloc-sys",
 ]
@@ -1722,9 +1733,9 @@ dependencies = [

 [[package]]
 name = "proc-macro2"
-version = "1.0.85"
+version = "1.0.86"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22244ce15aa966053a896d1accb3a6e68469b97c7f33f284b99f0d576879fc23"
+checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77"
 dependencies = [
 "unicode-ident",
 ]
@@ -1836,27 +1847,63 @@ dependencies = [
 "dashmap",
 "hashbrown 0.14.5",
 "indexmap",
- "insta",
 "is-macro",
 "notify",
 "parking_lot",
 "rayon",
+ "red_knot_module_resolver",
 "ruff_index",
 "ruff_notebook",
 "ruff_python_ast",
 "ruff_python_parser",
- "ruff_python_stdlib",
 "ruff_text_size",
- "rustc-hash",
+ "rustc-hash 2.0.0",
 "smol_str",
 "tempfile",
 "tracing",
 "tracing-subscriber",
 "tracing-tree",
+]
+
+[[package]]
+name = "red_knot_module_resolver"
+version = "0.0.0"
+dependencies = [
+ "anyhow",
+ "insta",
+ "path-slash",
+ "ruff_db",
+ "ruff_python_stdlib",
+ "rustc-hash 2.0.0",
+ "salsa",
+ "smol_str",
+ "tempfile",
+ "tracing",
 "walkdir",
 "zip",
 ]

+[[package]]
+name = "red_knot_python_semantic"
+version = "0.0.0"
+dependencies = [
+ "anyhow",
+ "bitflags 2.5.0",
+ "hashbrown 0.14.5",
+ "indexmap",
+ "red_knot_module_resolver",
+ "ruff_db",
+ "ruff_index",
+ "ruff_python_ast",
+ "ruff_python_parser",
+ "ruff_text_size",
+ "rustc-hash 2.0.0",
+ "salsa",
+ "smallvec",
+ "smol_str",
+ "tracing",
+]
+
 [[package]]
 name = "redox_syscall"
 version = "0.4.1"
@@ -1938,7 +1985,7 @@ dependencies = [

 [[package]]
 name = "ruff"
-version = "0.4.8"
+version = "0.5.0"
 dependencies = [
 "anyhow",
 "argfile",
@@ -1973,7 +2020,7 @@ dependencies = [
 "ruff_source_file",
 "ruff_text_size",
 "ruff_workspace",
- "rustc-hash",
+ "rustc-hash 2.0.0",
 "serde",
 "serde_json",
 "shellexpand",
@@ -2029,13 +2076,16 @@ dependencies = [
 "countme",
 "dashmap",
 "filetime",
+ "insta",
+ "once_cell",
 "ruff_python_ast",
 "ruff_python_parser",
 "ruff_source_file",
 "ruff_text_size",
- "rustc-hash",
- "salsa-2022",
+ "rustc-hash 2.0.0",
+ "salsa",
 "tracing",
+ "zip",
 ]

 [[package]]
@@ -2064,7 +2114,6 @@ dependencies = [
 "ruff_python_parser",
 "ruff_python_stdlib",
 "ruff_python_trivia",
- "ruff_text_size",
 "ruff_workspace",
 "schemars",
 "serde",
@@ -2097,7 +2146,7 @@ dependencies = [
 "ruff_cache",
 "ruff_macros",
 "ruff_text_size",
- "rustc-hash",
+ "rustc-hash 2.0.0",
 "schemars",
 "serde",
 "static_assertions",
@@ -2115,7 +2164,7 @@ dependencies = [

 [[package]]
 name = "ruff_linter"
-version = "0.4.8"
+version = "0.5.0"
 dependencies = [
 "aho-corasick",
 "annotate-snippets 0.9.2",
@@ -2157,7 +2206,7 @@ dependencies = [
 "ruff_python_trivia",
 "ruff_source_file",
 "ruff_text_size",
- "rustc-hash",
+ "rustc-hash 2.0.0",
 "schemars",
 "serde",
 "serde_json",
@@ -2182,7 +2231,7 @@ dependencies = [
 "proc-macro2",
 "quote",
 "ruff_python_trivia",
- "syn 2.0.66",
+ "syn",
 ]

 [[package]]
@@ -2216,7 +2265,7 @@ dependencies = [
 "ruff_python_trivia",
 "ruff_source_file",
 "ruff_text_size",
- "rustc-hash",
+ "rustc-hash 2.0.0",
 "serde",
 ]

@@ -2263,7 +2312,7 @@ dependencies = [
 "ruff_python_trivia",
 "ruff_source_file",
 "ruff_text_size",
- "rustc-hash",
+ "rustc-hash 2.0.0",
 "schemars",
 "serde",
 "serde_json",
@@ -2309,7 +2358,7 @@ dependencies = [
 "ruff_python_trivia",
 "ruff_source_file",
 "ruff_text_size",
- "rustc-hash",
+ "rustc-hash 2.0.0",
 "static_assertions",
 "unicode-ident",
 "unicode-normalization",
@@ -2333,16 +2382,13 @@ version = "0.0.0"
 dependencies = [
 "bitflags 2.5.0",
 "is-macro",
- "ruff_db",
 "ruff_index",
 "ruff_python_ast",
 "ruff_python_parser",
 "ruff_python_stdlib",
 "ruff_source_file",
 "ruff_text_size",
- "rustc-hash",
- "salsa-2022",
- "tracing",
+ "rustc-hash 2.0.0",
 ]

 [[package]]
@@ -2398,7 +2444,7 @@ dependencies = [
 "ruff_source_file",
 "ruff_text_size",
 "ruff_workspace",
- "rustc-hash",
+ "rustc-hash 2.0.0",
 "serde",
 "serde_json",
 "shellexpand",
@@ -2458,7 +2504,7 @@ version = "0.0.0"
 dependencies = [
 "anyhow",
 "colored",
- "dirs 5.0.1",
+ "etcetera",
 "glob",
 "globset",
 "ignore",
@@ -2477,7 +2523,7 @@ dependencies = [
 "ruff_python_ast",
 "ruff_python_formatter",
 "ruff_source_file",
- "rustc-hash",
+ "rustc-hash 2.0.0",
 "schemars",
 "serde",
 "shellexpand",
@@ -2502,6 +2548,12 @@ version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"

+[[package]]
+name = "rustc-hash"
+version = "2.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "583034fd73374156e66797ed8e5b0d5690409c9226b22d87cb7f19821c05d152"
+
 [[package]]
 name = "rustix"
 version = "0.38.34"
@@ -2559,9 +2611,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e86697c916019a8588c99b5fac3cead74ec0b4b819707a682fd4d23fa0ce1ba1"

 [[package]]
-name = "salsa-2022"
-version = "0.1.0"
-source = "git+https://github.com/salsa-rs/salsa.git?rev=05b4e3ebdcdc47730cdd359e7e97fb2470527279#05b4e3ebdcdc47730cdd359e7e97fb2470527279"
+name = "salsa"
+version = "0.18.0"
+source = "git+https://github.com/salsa-rs/salsa.git?rev=f706aa2d32d473ee633a77c1af01d180c85da308#f706aa2d32d473ee633a77c1af01d180c85da308"
 dependencies = [
 "arc-swap",
 "crossbeam",
@@ -2571,21 +2623,22 @@ dependencies = [
 "indexmap",
 "log",
 "parking_lot",
- "rustc-hash",
- "salsa-2022-macros",
+ "rustc-hash 1.1.0",
+ "salsa-macros",
 "smallvec",
 ]

 [[package]]
-name = "salsa-2022-macros"
-version = "0.1.0"
-source = "git+https://github.com/salsa-rs/salsa.git?rev=05b4e3ebdcdc47730cdd359e7e97fb2470527279#05b4e3ebdcdc47730cdd359e7e97fb2470527279"
+name = "salsa-macros"
+version = "0.18.0"
+source = "git+https://github.com/salsa-rs/salsa.git?rev=f706aa2d32d473ee633a77c1af01d180c85da308#f706aa2d32d473ee633a77c1af01d180c85da308"
 dependencies = [
 "eyre",
 "heck 0.4.1",
 "proc-macro2",
 "quote",
- "syn 1.0.109",
+ "syn",
+ "synstructure",
 ]

 [[package]]
@@ -2618,7 +2671,7 @@ dependencies = [
 "proc-macro2",
 "quote",
 "serde_derive_internals",
- "syn 2.0.66",
+ "syn",
 ]

 [[package]]
@@ -2667,7 +2720,7 @@ checksum = "500cbc0ebeb6f46627f50f3f5811ccf6bf00643be300b4c3eabc0ef55dc5b5ba"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.66",
+ "syn",
 ]

 [[package]]
@@ -2678,7 +2731,7 @@ checksum = "330f01ce65a3a5fe59a60c82f3c9a024b573b8a6e875bd233fe5f934e71d54e3"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.66",
+ "syn",
 ]

 [[package]]
@@ -2700,7 +2753,7 @@ checksum = "6c64451ba24fc7a6a2d60fc75dd9c83c90903b19028d4eff35e88fc1e86564e9"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.66",
+ "syn",
 ]

 [[package]]
@@ -2741,7 +2794,7 @@ dependencies = [
 "darling",
 "proc-macro2",
 "quote",
- "syn 2.0.66",
+ "syn",
 ]

 [[package]]
@@ -2824,9 +2877,9 @@ checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f"

 [[package]]
 name = "strum"
-version = "0.26.2"
+version = "0.26.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5d8cec3501a5194c432b2b7976db6b7d10ec95c253208b45f83f7136aa985e29"
+checksum = "8fec0f0aef304996cf250b31b5a10dee7980c85da9d759361292b8bca5a18f06"
 dependencies = [
 "strum_macros",
 ]
@@ -2841,7 +2894,7 @@ dependencies = [
 "proc-macro2",
 "quote",
 "rustversion",
- "syn 2.0.66",
+ "syn",
 ]

 [[package]]
@@ -2852,9 +2905,9 @@ checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc"

 [[package]]
 name = "syn"
-version = "1.0.109"
+version = "2.0.68"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
+checksum = "901fa70d88b9d6c98022e23b4136f9f3e54e4662c3bc1bd1d84a42a9a0f0c1e9"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -2862,14 +2915,14 @@ dependencies = [
 ]

 [[package]]
-name = "syn"
-version = "2.0.66"
+name = "synstructure"
+version = "0.13.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c42f3f41a2de00b01c0aaad383c5a45241efc8b2d1eda5661812fda5f3cdcff5"
+checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971"
 dependencies = [
 "proc-macro2",
 "quote",
- "unicode-ident",
+ "syn",
 ]

 [[package]]
@@ -2925,7 +2978,7 @@ dependencies = [
 "cfg-if",
 "proc-macro2",
 "quote",
- "syn 2.0.66",
+ "syn",
 ]

 [[package]]
@@ -2936,7 +2989,7 @@ checksum = "5c89e72a01ed4c579669add59014b9a524d609c0c88c6a585ce37485879f6ffb"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.66",
+ "syn",
 "test-case-core",
 ]

@@ -2957,7 +3010,7 @@ checksum = "46c3384250002a6d5af4d114f2845d37b57521033f30d5c3f46c4d70e1197533"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.66",
+ "syn",
 ]

 [[package]]
@@ -3069,7 +3122,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.66",
+ "syn",
 ]

 [[package]]
@@ -3206,9 +3259,9 @@ dependencies = [

 [[package]]
 name = "unicode-width"
-version = "0.1.11"
+version = "0.1.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e51733f11c9c4f72aa0c160008246859e340b00807569a0da0e7a1079b27ba85"
+checksum = "0336d538f7abc86d282a4189614dfaa90810dfc2c6f6427eaf88e16311dd225d"

 [[package]]
 name = "unicode_names2"
@@ -3263,9 +3316,9 @@ dependencies = [

 [[package]]
 name = "url"
-version = "2.5.0"
+version = "2.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "31e6302e3bb753d46e83516cae55ae196fc0c309407cf11ab35cc51a4c2a4633"
+checksum = "22784dbdf76fdde8af1aeda5622b546b422b6fc585325248a2bf9f5e41e94d6c"
 dependencies = [
 "form_urlencoded",
 "idna",
@@ -3299,7 +3352,7 @@ checksum = "9881bea7cbe687e36c9ab3b778c36cd0487402e270304e8b1296d5085303c1a2"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.66",
+ "syn",
 ]

 [[package]]
@@ -3384,7 +3437,7 @@ dependencies = [
 "once_cell",
 "proc-macro2",
 "quote",
- "syn 2.0.66",
+ "syn",
 "wasm-bindgen-shared",
 ]

@@ -3418,7 +3471,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.66",
+ "syn",
 "wasm-bindgen-backend",
 "wasm-bindgen-shared",
 ]
@@ -3451,7 +3504,7 @@ checksum = "b7f89739351a2e03cb94beb799d47fb2cac01759b40ec441f7de39b00cbf7ef0"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.66",
+ "syn",
 ]

 [[package]]
@@ -3720,7 +3773,7 @@ checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.66",
+ "syn",
 ]

 [[package]]
@@ -3762,9 +3815,9 @@ dependencies = [

 [[package]]
 name = "zstd-sys"
-version = "2.0.10+zstd.1.5.6"
+version = "2.0.11+zstd.1.5.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c253a4914af5bafc8fa8c86ee400827e83cf6ec01195ec1f1ed8441bf00d65aa"
+checksum = "75652c55c0b6f3e6f12eb786fe1bc960396bf05a1eb3bf1f3691c3610ac2e6d4"
 dependencies = [
 "cc",
 "pkg-config",
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -35,6 +35,8 @@ ruff_source_file = { path = "crates/ruff_source_file" }
 ruff_text_size = { path = "crates/ruff_text_size" }
 ruff_workspace = { path = "crates/ruff_workspace" }

+red_knot_module_resolver = { path = "crates/red_knot_module_resolver" }
+
 aho-corasick = { version = "1.1.3" }
 annotate-snippets = { version = "0.9.2", features = ["color"] }
 anyhow = { version = "1.0.80" }
@@ -56,9 +58,9 @@ countme = { version = "3.0.1" }
 criterion = { version = "0.5.1", default-features = false }
 crossbeam = { version = "0.8.4" }
 dashmap = { version = "5.5.3" }
-dirs = { version = "5.0.0" }
 drop_bomb = { version = "0.1.5" }
 env_logger = { version = "0.11.0" }
+etcetera = { version = "0.8.0" }
 fern = { version = "0.6.1" }
 filetime = { version = "0.2.23" }
 glob = { version = "0.3.1" }
@@ -70,7 +72,7 @@ imperative = { version = "1.0.4" }
 indexmap = { version = "2.2.6" }
 indicatif = { version = "0.17.8" }
 indoc = { version = "2.0.4" }
-insta = { version = "1.35.1", feature = ["filters", "glob"] }
+insta = { version = "1.35.1" }
 insta-cmd = { version = "0.6.0" }
 is-macro = { version = "0.3.5" }
 is-wsl = { version = "0.4.0" }
@@ -103,8 +105,8 @@ quote = { version = "1.0.23" }
 rand = { version = "0.8.5" }
 rayon = { version = "1.10.0" }
 regex = { version = "1.10.2" }
-rustc-hash = { version = "1.1.0" }
-salsa = { git = "https://github.com/salsa-rs/salsa.git", package = "salsa-2022", rev = "05b4e3ebdcdc47730cdd359e7e97fb2470527279" }
+rustc-hash = { version = "2.0.0" }
+salsa = { git = "https://github.com/salsa-rs/salsa.git", rev = "f706aa2d32d473ee633a77c1af01d180c85da308" }
 schemars = { version = "0.8.16" }
 seahash = { version = "4.1.0" }
 serde = { version = "1.0.197", features = ["derive"] }
@@ -117,6 +119,7 @@ serde_with = { version = "3.6.0", default-features = false, features = [
 shellexpand = { version = "3.0.0" }
 similar = { version = "2.4.0", features = ["inline"] }
 smallvec = { version = "1.13.2" }
+smol_str = { version = "0.2.2" }
 static_assertions = "1.1.0"
 strum = { version = "0.26.0", features = ["strum_macros"] }
 strum_macros = { version = "0.26.0" }
@@ -216,3 +219,60 @@ opt-level = 1
 [profile.profiling]
 inherits = "release"
 debug = 1
+
+# The profile that 'cargo dist' will build with.
+[profile.dist]
+inherits = "release"
+
+# Config for 'cargo dist'
+[workspace.metadata.dist]
+# The preferred cargo-dist version to use in CI (Cargo.toml SemVer syntax)
+cargo-dist-version = "0.14.0"
+# CI backends to support
+ci = ["github"]
+# The installers to generate for each app
+installers = ["shell", "powershell"]
+# The archive format to use for windows builds (defaults .zip)
+windows-archive = ".zip"
+# The archive format to use for non-windows builds (defaults .tar.xz)
+unix-archive = ".tar.gz"
+# Target platforms to build apps for (Rust target-triple syntax)
+targets = [
+  "aarch64-apple-darwin",
+  "aarch64-pc-windows-msvc",
+  "aarch64-unknown-linux-gnu",
+  "aarch64-unknown-linux-musl",
+  "arm-unknown-linux-musleabihf",
+  "armv7-unknown-linux-gnueabihf",
+  "armv7-unknown-linux-musleabihf",
+  "i686-pc-windows-msvc",
+  "i686-unknown-linux-gnu",
+  "i686-unknown-linux-musl",
+  "powerpc64-unknown-linux-gnu",
+  "powerpc64le-unknown-linux-gnu",
+  "s390x-unknown-linux-gnu",
+  "x86_64-apple-darwin",
+  "x86_64-pc-windows-msvc",
+  "x86_64-unknown-linux-gnu",
+  "x86_64-unknown-linux-musl",
+]
+# Whether to auto-include files like READMEs, LICENSEs, and CHANGELOGs (default true)
+auto-includes = false
+# Whether cargo-dist should create a Github Release or use an existing draft
+create-release = true
+# Publish jobs to run in CI
+pr-run-mode = "skip"
+# Whether CI should trigger releases with dispatches instead of tag pushes
+dispatch-releases = true
+# Whether CI should include auto-generated code to build local artifacts
+build-local-artifacts = false
+# Local artifacts jobs to run in CI
+local-artifacts-jobs = ["./build-binaries", "./build-docker"]
+# Publish jobs to run in CI
+publish-jobs = ["./publish-pypi"]
+# Announcement jobs to run in CI
+post-announce-jobs = ["./notify-dependents", "./publish-docs", "./publish-playground"]
+# Skip checking whether the specified configuration files are up to date
+allow-dirty = ["ci"]
+# Whether to install an updater program
+install-updater = false
--- a/README.md
+++ b/README.md
@@ -152,7 +152,7 @@ Ruff can also be used as a [pre-commit](https://pre-commit.com/) hook via [`ruff
 ```yaml
 - repo: https://github.com/astral-sh/ruff-pre-commit
  # Ruff version.
-  rev: v0.4.8
+  rev: v0.5.0
  hooks:
    # Run the linter.
    - id: ruff
@@ -334,7 +334,6 @@ quality tools, including:
 - [flake8-super](https://pypi.org/project/flake8-super/)
 - [flake8-tidy-imports](https://pypi.org/project/flake8-tidy-imports/)
 - [flake8-todos](https://pypi.org/project/flake8-todos/)
- [flake8-trio](https://pypi.org/project/flake8-trio/)
 - [flake8-type-checking](https://pypi.org/project/flake8-type-checking/)
 - [flake8-use-pathlib](https://pypi.org/project/flake8-use-pathlib/)
 - [flynt](https://pypi.org/project/flynt/) ([#2102](https://github.com/astral-sh/ruff/issues/2102))
@@ -442,6 +441,7 @@ Ruff is used by a number of major open-source projects and companies, including:
 - [NumPyro](https://github.com/pyro-ppl/numpyro)
 - [ONNX](https://github.com/onnx/onnx)
 - [OpenBB](https://github.com/OpenBB-finance/OpenBBTerminal)
+- [Open Wine Components](https://github.com/Open-Wine-Components/umu-launcher)
 - [PDM](https://github.com/pdm-project/pdm)
 - [PaddlePaddle](https://github.com/PaddlePaddle/Paddle)
 - [Pandas](https://github.com/pandas-dev/pandas)
--- a/_typos.toml
+++ b/_typos.toml
@@ -1,6 +1,6 @@
 [files]
 # https://github.com/crate-ci/typos/issues/868
-extend-exclude = ["crates/red_knot/vendor/**/*", "**/resources/**/*", "**/snapshots/**/*"]
+extend-exclude = ["crates/red_knot_module_resolver/vendor/**/*", "**/resources/**/*", "**/snapshots/**/*"]

 [default.extend-words]
 "arange" = "arange"  # e.g. `numpy.arange`
@@ -16,5 +16,6 @@ jod = "jod" # e.g., `jod-thread`
 [default]
 extend-ignore-re = [
  # Line ignore with trailing "spellchecker:disable-line"
-  "(?Rm)^.*#\\s*spellchecker:disable-line$"
+  "(?Rm)^.*#\\s*spellchecker:disable-line$",
+  "LICENSEs",
 ]
--- a/crates/red_knot/Cargo.toml
+++ b/crates/red_knot/Cargo.toml
@@ -12,9 +12,10 @@ license.workspace = true
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

 [dependencies]
+red_knot_module_resolver = { workspace = true }
+
 ruff_python_parser = { workspace = true }
 ruff_python_ast = { workspace = true }
-ruff_python_stdlib = { workspace = true }
 ruff_text_size = { workspace = true }
 ruff_index = { workspace = true }
 ruff_notebook = { workspace = true }
@@ -35,14 +36,8 @@ smol_str = { version = "0.2.1" }
 tracing = { workspace = true }
 tracing-subscriber = { workspace = true }
 tracing-tree = { workspace = true }
-zip = { workspace = true }
-
-[build-dependencies]
-zip = { workspace = true }
-walkdir = { workspace = true }

 [dev-dependencies]
-insta = { workspace = true }
 tempfile = { workspace = true }

 [lints]
--- a/crates/red_knot/README.md
+++ b/crates/red_knot/README.md
@@ -1,9 +0,0 @@
-# Red Knot
-
-The Red Knot crate contains code working towards multifile analysis, type inference and, ultimately, type-checking. It's very much a work in progress for now.
-
-## Vendored types for the stdlib
-
-Red Knot vendors [typeshed](https://github.com/python/typeshed)'s stubs for the standard library. The vendored stubs can be found in `crates/red_knot/vendor/typeshed`. The file `crates/red_knot/vendor/typeshed/source_commit.txt` tells you the typeshed commit that our vendored stdlib stubs currently correspond to.
-
-The typeshed stubs are updated every two weeks via an automated PR using the `sync_typeshed.yaml` workflow in the `.github/workflows` directory. This workflow can also be triggered at any time via [workflow dispatch](https://docs.github.com/en/actions/using-workflows/manually-running-a-workflow#running-a-workflow).
--- a/crates/red_knot/src/lib.rs
+++ b/crates/red_knot/src/lib.rs
@@ -19,7 +19,6 @@ mod parse;
 pub mod program;
 mod semantic;
 pub mod source;
-pub mod typeshed_versions;
 pub mod watch;

 pub(crate) type FxDashMap<K, V> = dashmap::DashMap<K, V, BuildHasherDefault<FxHasher>>;
--- a/crates/red_knot/src/module.rs
+++ b/crates/red_knot/src/module.rs
@@ -7,6 +7,8 @@ use std::sync::Arc;
 use dashmap::mapref::entry::Entry;
 use smol_str::SmolStr;

+use red_knot_module_resolver::ModuleKind;
+
 use crate::db::{QueryResult, SemanticDb, SemanticJar};
 use crate::files::FileId;
 use crate::semantic::Dependency;
@@ -177,15 +179,6 @@ impl std::fmt::Display for ModuleName {
    }
 }

-#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)]
-pub enum ModuleKind {
-    /// A single-file module (e.g. `foo.py` or `foo.pyi`)
-    Module,
-
-    /// A python package (`foo/__init__.py` or `foo/__init__.pyi`)
-    Package,
-}
-
 /// A search path in which to search modules.
 /// Corresponds to a path in [`sys.path`](https://docs.python.org/3/library/sys_path_init.html) at runtime.
 ///
@@ -770,11 +763,8 @@ impl PackageKind {

 #[cfg(test)]
 mod tests {
-    use std::io::{Cursor, Read};
    use std::num::NonZeroU32;
-    use std::path::{Path, PathBuf};
-
-    use zip::ZipArchive;
+    use std::path::PathBuf;

    use crate::db::tests::TestDb;
    use crate::db::SourceDb;
@@ -926,28 +916,6 @@ mod tests {
        Ok(())
    }

-    #[test]
-    fn typeshed_zip_created_at_build_time() -> anyhow::Result<()> {
-        // The file path here is hardcoded in this crate's `build.rs` script.
-        // Luckily this crate will fail to build if this file isn't available at build time.
-        const TYPESHED_ZIP_BYTES: &[u8] =
-            include_bytes!(concat!(env!("OUT_DIR"), "/zipped_typeshed.zip"));
-        assert!(!TYPESHED_ZIP_BYTES.is_empty());
-        let mut typeshed_zip_archive = ZipArchive::new(Cursor::new(TYPESHED_ZIP_BYTES))?;
-
-        let path_to_functools = Path::new("stdlib").join("functools.pyi");
-        let mut functools_module_stub = typeshed_zip_archive
-            .by_name(path_to_functools.to_str().unwrap())
-            .unwrap();
-        assert!(functools_module_stub.is_file());
-
-        let mut functools_module_stub_source = String::new();
-        functools_module_stub.read_to_string(&mut functools_module_stub_source)?;
-
-        assert!(functools_module_stub_source.contains("def update_wrapper("));
-        Ok(())
-    }
-
    #[test]
    fn resolve_package() -> anyhow::Result<()> {
        let TestCase {
--- a/crates/red_knot/src/semantic.rs
+++ b/crates/red_knot/src/semantic.rs
@@ -271,17 +271,16 @@ impl SourceOrderVisitor<'_> for SemanticIndexer {
        let node_key = NodeKey::from_node(expr.into());
        let expression_id = self.expressions_by_id.push(node_key);

-        debug_assert_eq!(
-            expression_id,
-            self.flow_graph_builder
-                .record_expr(self.current_flow_node())
-        );
+        let flow_expression_id = self
+            .flow_graph_builder
+            .record_expr(self.current_flow_node());
+        debug_assert_eq!(expression_id, flow_expression_id);

-        debug_assert_eq!(
-            expression_id,
-            self.symbol_table_builder
-                .record_expression(self.cur_scope())
-        );
+        let symbol_expression_id = self
+            .symbol_table_builder
+            .record_expression(self.cur_scope());
+
+        debug_assert_eq!(expression_id, symbol_expression_id);

        self.expressions.insert(node_key, expression_id);

--- a/crates/red_knot/vendor/typeshed/source_commit.txt
+++ b/crates/red_knot/vendor/typeshed/source_commit.txt
@@ -1 +0,0 @@
-4b6558c12ac43cd40716cd6452fe98a632ae65d7
--- a/crates/red_knot_module_resolver/Cargo.toml
+++ b/crates/red_knot_module_resolver/Cargo.toml
@@ -0,0 +1,35 @@
+[package]
+name = "red_knot_module_resolver"
+version = "0.0.0"
+publish = false
+authors = { workspace = true }
+edition = { workspace = true }
+rust-version = { workspace = true }
+homepage = { workspace = true }
+documentation = { workspace = true }
+repository = { workspace = true }
+license = { workspace = true }
+
+[dependencies]
+ruff_db = { workspace = true }
+ruff_python_stdlib = { workspace = true }
+
+rustc-hash = { workspace = true }
+salsa = { workspace = true }
+smol_str = { workspace = true }
+tracing = { workspace = true }
+zip = { workspace = true }
+
+[build-dependencies]
+path-slash = { workspace = true }
+walkdir = { workspace = true }
+zip = { workspace = true }
+
+[dev-dependencies]
+anyhow = { workspace = true }
+insta = { workspace = true }
+tempfile = { workspace = true }
+walkdir = { workspace = true }
+
+[lints]
+workspace = true
--- a/crates/red_knot_module_resolver/README.md
+++ b/crates/red_knot_module_resolver/README.md
@@ -0,0 +1,9 @@
+# Red Knot
+
+A work-in-progress multifile module resolver for Ruff.
+
+## Vendored types for the stdlib
+
+This crate vendors [typeshed](https://github.com/python/typeshed)'s stubs for the standard library. The vendored stubs can be found in `crates/red_knot_module_resolver/vendor/typeshed`. The file `crates/red_knot_module_resolver/vendor/typeshed/source_commit.txt` tells you the typeshed commit that our vendored stdlib stubs currently correspond to.
+
+The typeshed stubs are updated every two weeks via an automated PR using the `sync_typeshed.yaml` workflow in the `.github/workflows` directory. This workflow can also be triggered at any time via [workflow dispatch](https://docs.github.com/en/actions/using-workflows/manually-running-a-workflow#running-a-workflow).
--- a/crates/red_knot_module_resolver/build.rs
+++ b/crates/red_knot_module_resolver/build.rs
@@ -3,11 +3,12 @@
 //!
 //! This script should be automatically run at build time
 //! whenever the script itself changes, or whenever any files
-//! in `crates/red_knot/vendor/typeshed` change.
+//! in `crates/red_knot_module_resolver/vendor/typeshed` change.

 use std::fs::File;
 use std::path::Path;

+use path_slash::PathExt;
 use zip::result::ZipResult;
 use zip::write::{FileOptions, ZipWriter};
 use zip::CompressionMethod;
@@ -28,25 +29,25 @@ fn zip_dir(directory_path: &str, writer: File) -> ZipResult<File> {

    for entry in walkdir::WalkDir::new(directory_path) {
        let dir_entry = entry.unwrap();
-        let relative_path = dir_entry.path();
-        let name = relative_path
+        let absolute_path = dir_entry.path();
+        let normalized_relative_path = absolute_path
            .strip_prefix(Path::new(directory_path))
            .unwrap()
-            .to_str()
+            .to_slash()
            .expect("Unexpected non-utf8 typeshed path!");

        // Write file or directory explicitly
        // Some unzip tools unzip files with directory paths correctly, some do not!
-        if relative_path.is_file() {
-            println!("adding file {relative_path:?} as {name:?} ...");
-            zip.start_file(name, options)?;
-            let mut f = File::open(relative_path)?;
+        if absolute_path.is_file() {
+            println!("adding file {absolute_path:?} as {normalized_relative_path:?} ...");
+            zip.start_file(normalized_relative_path, options)?;
+            let mut f = File::open(absolute_path)?;
            std::io::copy(&mut f, &mut zip).unwrap();
-        } else if !name.is_empty() {
+        } else if !normalized_relative_path.is_empty() {
            // Only if not root! Avoids path spec / warning
            // and mapname conversion failed error on unzip
-            println!("adding dir {relative_path:?} as {name:?} ...");
-            zip.add_directory(name, options)?;
+            println!("adding dir {absolute_path:?} as {normalized_relative_path:?} ...");
+            zip.add_directory(normalized_relative_path, options)?;
        }
    }
    zip.finish()
--- a/crates/red_knot_module_resolver/src/db.rs
+++ b/crates/red_knot_module_resolver/src/db.rs
@@ -0,0 +1,156 @@
+use ruff_db::Upcast;
+
+use crate::resolver::{
+    file_to_module,
+    internal::{ModuleNameIngredient, ModuleResolverSearchPaths},
+    resolve_module_query,
+};
+
+#[salsa::jar(db=Db)]
+pub struct Jar(
+    ModuleNameIngredient<'_>,
+    ModuleResolverSearchPaths,
+    resolve_module_query,
+    file_to_module,
+);
+
+pub trait Db: salsa::DbWithJar<Jar> + ruff_db::Db + Upcast<dyn ruff_db::Db> {}
+
+pub(crate) mod tests {
+    use std::sync;
+
+    use salsa::DebugWithDb;
+
+    use ruff_db::file_system::{FileSystem, MemoryFileSystem, OsFileSystem};
+    use ruff_db::vfs::Vfs;
+
+    use super::*;
+
+    #[salsa::db(Jar, ruff_db::Jar)]
+    pub(crate) struct TestDb {
+        storage: salsa::Storage<Self>,
+        file_system: TestFileSystem,
+        events: sync::Arc<sync::Mutex<Vec<salsa::Event>>>,
+        vfs: Vfs,
+    }
+
+    impl TestDb {
+        #[allow(unused)]
+        pub(crate) fn new() -> Self {
+            Self {
+                storage: salsa::Storage::default(),
+                file_system: TestFileSystem::Memory(MemoryFileSystem::default()),
+                events: sync::Arc::default(),
+                vfs: Vfs::with_stubbed_vendored(),
+            }
+        }
+
+        /// Returns the memory file system.
+        ///
+        /// ## Panics
+        /// If this test db isn't using a memory file system.
+        #[allow(unused)]
+        pub(crate) fn memory_file_system(&self) -> &MemoryFileSystem {
+            if let TestFileSystem::Memory(fs) = &self.file_system {
+                fs
+            } else {
+                panic!("The test db is not using a memory file system");
+            }
+        }
+
+        /// Uses the real file system instead of the memory file system.
+        ///
+        /// This useful for testing advanced file system features like permissions, symlinks, etc.
+        ///
+        /// Note that any files written to the memory file system won't be copied over.
+        #[allow(unused)]
+        pub(crate) fn with_os_file_system(&mut self) {
+            self.file_system = TestFileSystem::Os(OsFileSystem);
+        }
+
+        #[allow(unused)]
+        pub(crate) fn vfs_mut(&mut self) -> &mut Vfs {
+            &mut self.vfs
+        }
+
+        /// Takes the salsa events.
+        ///
+        /// ## Panics
+        /// If there are any pending salsa snapshots.
+        #[allow(unused)]
+        pub(crate) fn take_salsa_events(&mut self) -> Vec<salsa::Event> {
+            let inner = sync::Arc::get_mut(&mut self.events).expect("no pending salsa snapshots");
+
+            let events = inner.get_mut().unwrap();
+            std::mem::take(&mut *events)
+        }
+
+        /// Clears the salsa events.
+        ///
+        /// ## Panics
+        /// If there are any pending salsa snapshots.
+        #[allow(unused)]
+        pub(crate) fn clear_salsa_events(&mut self) {
+            self.take_salsa_events();
+        }
+    }
+
+    impl Upcast<dyn ruff_db::Db> for TestDb {
+        fn upcast(&self) -> &(dyn ruff_db::Db + 'static) {
+            self
+        }
+    }
+
+    impl ruff_db::Db for TestDb {
+        fn file_system(&self) -> &dyn ruff_db::file_system::FileSystem {
+            self.file_system.inner()
+        }
+
+        fn vfs(&self) -> &ruff_db::vfs::Vfs {
+            &self.vfs
+        }
+    }
+
+    impl Db for TestDb {}
+
+    impl salsa::Database for TestDb {
+        fn salsa_event(&self, event: salsa::Event) {
+            tracing::trace!("event: {:?}", event.debug(self));
+            let mut events = self.events.lock().unwrap();
+            events.push(event);
+        }
+    }
+
+    impl salsa::ParallelDatabase for TestDb {
+        fn snapshot(&self) -> salsa::Snapshot<Self> {
+            salsa::Snapshot::new(Self {
+                storage: self.storage.snapshot(),
+                file_system: self.file_system.snapshot(),
+                events: self.events.clone(),
+                vfs: self.vfs.snapshot(),
+            })
+        }
+    }
+
+    enum TestFileSystem {
+        Memory(MemoryFileSystem),
+        #[allow(unused)]
+        Os(OsFileSystem),
+    }
+
+    impl TestFileSystem {
+        fn inner(&self) -> &dyn FileSystem {
+            match self {
+                Self::Memory(inner) => inner,
+                Self::Os(inner) => inner,
+            }
+        }
+
+        fn snapshot(&self) -> Self {
+            match self {
+                Self::Memory(inner) => Self::Memory(inner.snapshot()),
+                Self::Os(inner) => Self::Os(inner.snapshot()),
+            }
+        }
+    }
+}
--- a/crates/red_knot_module_resolver/src/lib.rs
+++ b/crates/red_knot_module_resolver/src/lib.rs
@@ -0,0 +1,9 @@
+mod db;
+mod module;
+mod resolver;
+mod typeshed;
+
+pub use db::{Db, Jar};
+pub use module::{ModuleKind, ModuleName};
+pub use resolver::{resolve_module, set_module_resolution_settings, ModuleResolutionSettings};
+pub use typeshed::versions::TypeshedVersions;
--- a/crates/red_knot_module_resolver/src/module.rs
+++ b/crates/red_knot_module_resolver/src/module.rs
@@ -0,0 +1,346 @@
+use std::fmt::Formatter;
+use std::ops::Deref;
+use std::sync::Arc;
+
+use ruff_db::file_system::FileSystemPath;
+use ruff_db::vfs::{VfsFile, VfsPath};
+use ruff_python_stdlib::identifiers::is_identifier;
+
+use crate::Db;
+
+/// A module name, e.g. `foo.bar`.
+///
+/// Always normalized to the absolute form (never a relative module name, i.e., never `.foo`).
+#[derive(Clone, Debug, Eq, PartialEq, Hash, PartialOrd, Ord)]
+pub struct ModuleName(smol_str::SmolStr);
+
+impl ModuleName {
+    /// Creates a new module name for `name`. Returns `Some` if `name` is a valid, absolute
+    /// module name and `None` otherwise.
+    ///
+    /// The module name is invalid if:
+    ///
+    /// * The name is empty
+    /// * The name is relative
+    /// * The name ends with a `.`
+    /// * The name contains a sequence of multiple dots
+    /// * A component of a name (the part between two dots) isn't a valid python identifier.
+    #[inline]
+    pub fn new(name: &str) -> Option<Self> {
+        Self::new_from_smol(smol_str::SmolStr::new(name))
+    }
+
+    /// Creates a new module name for `name` where `name` is a static string.
+    /// Returns `Some` if `name` is a valid, absolute module name and `None` otherwise.
+    ///
+    /// The module name is invalid if:
+    ///
+    /// * The name is empty
+    /// * The name is relative
+    /// * The name ends with a `.`
+    /// * The name contains a sequence of multiple dots
+    /// * A component of a name (the part between two dots) isn't a valid python identifier.
+    ///
+    /// ## Examples
+    ///
+    /// ```
+    /// use red_knot_module_resolver::ModuleName;
+    ///
+    /// assert_eq!(ModuleName::new_static("foo.bar").as_deref(), Some("foo.bar"));
+    /// assert_eq!(ModuleName::new_static(""), None);
+    /// assert_eq!(ModuleName::new_static("..foo"), None);
+    /// assert_eq!(ModuleName::new_static(".foo"), None);
+    /// assert_eq!(ModuleName::new_static("foo."), None);
+    /// assert_eq!(ModuleName::new_static("foo..bar"), None);
+    /// assert_eq!(ModuleName::new_static("2000"), None);
+    /// ```
+    #[inline]
+    pub fn new_static(name: &'static str) -> Option<Self> {
+        Self::new_from_smol(smol_str::SmolStr::new_static(name))
+    }
+
+    fn new_from_smol(name: smol_str::SmolStr) -> Option<Self> {
+        if name.is_empty() {
+            return None;
+        }
+
+        if name.split('.').all(is_identifier) {
+            Some(Self(name))
+        } else {
+            None
+        }
+    }
+
+    /// An iterator over the components of the module name:
+    ///
+    /// # Examples
+    ///
+    /// ```
+    /// use red_knot_module_resolver::ModuleName;
+    ///
+    /// assert_eq!(ModuleName::new_static("foo.bar.baz").unwrap().components().collect::<Vec<_>>(), vec!["foo", "bar", "baz"]);
+    /// ```
+    pub fn components(&self) -> impl DoubleEndedIterator<Item = &str> {
+        self.0.split('.')
+    }
+
+    /// The name of this module's immediate parent, if it has a parent.
+    ///
+    /// # Examples
+    ///
+    /// ```
+    /// use red_knot_module_resolver::ModuleName;
+    ///
+    /// assert_eq!(ModuleName::new_static("foo.bar").unwrap().parent(), Some(ModuleName::new_static("foo").unwrap()));
+    /// assert_eq!(ModuleName::new_static("foo.bar.baz").unwrap().parent(), Some(ModuleName::new_static("foo.bar").unwrap()));
+    /// assert_eq!(ModuleName::new_static("root").unwrap().parent(), None);
+    /// ```
+    pub fn parent(&self) -> Option<ModuleName> {
+        let (parent, _) = self.0.rsplit_once('.')?;
+
+        Some(Self(smol_str::SmolStr::new(parent)))
+    }
+
+    /// Returns `true` if the name starts with `other`.
+    ///
+    /// This is equivalent to checking if `self` is a sub-module of `other`.
+    ///
+    /// # Examples
+    ///
+    /// ```
+    /// use red_knot_module_resolver::ModuleName;
+    ///
+    /// assert!(ModuleName::new_static("foo.bar").unwrap().starts_with(&ModuleName::new_static("foo").unwrap()));
+    ///
+    /// assert!(!ModuleName::new_static("foo.bar").unwrap().starts_with(&ModuleName::new_static("bar").unwrap()));
+    /// assert!(!ModuleName::new_static("foo_bar").unwrap().starts_with(&ModuleName::new_static("foo").unwrap()));
+    /// ```
+    pub fn starts_with(&self, other: &ModuleName) -> bool {
+        let mut self_components = self.components();
+        let other_components = other.components();
+
+        for other_component in other_components {
+            if self_components.next() != Some(other_component) {
+                return false;
+            }
+        }
+
+        true
+    }
+
+    #[inline]
+    pub fn as_str(&self) -> &str {
+        &self.0
+    }
+
+    pub(crate) fn from_relative_path(path: &FileSystemPath) -> Option<Self> {
+        let path = if path.ends_with("__init__.py") || path.ends_with("__init__.pyi") {
+            path.parent()?
+        } else {
+            path
+        };
+
+        let name = if let Some(parent) = path.parent() {
+            let mut name = String::with_capacity(path.as_str().len());
+
+            for component in parent.components() {
+                name.push_str(component.as_os_str().to_str()?);
+                name.push('.');
+            }
+
+            // SAFETY: Unwrap is safe here or `parent` would have returned `None`.
+            name.push_str(path.file_stem().unwrap());
+
+            smol_str::SmolStr::from(name)
+        } else {
+            smol_str::SmolStr::new(path.file_stem()?)
+        };
+
+        Some(Self(name))
+    }
+}
+
+impl Deref for ModuleName {
+    type Target = str;
+
+    #[inline]
+    fn deref(&self) -> &Self::Target {
+        self.as_str()
+    }
+}
+
+impl PartialEq<str> for ModuleName {
+    fn eq(&self, other: &str) -> bool {
+        self.as_str() == other
+    }
+}
+
+impl PartialEq<ModuleName> for str {
+    fn eq(&self, other: &ModuleName) -> bool {
+        self == other.as_str()
+    }
+}
+
+impl std::fmt::Display for ModuleName {
+    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
+        f.write_str(&self.0)
+    }
+}
+
+/// Representation of a Python module.
+#[derive(Clone, PartialEq, Eq)]
+pub struct Module {
+    inner: Arc<ModuleInner>,
+}
+
+impl Module {
+    pub(crate) fn new(
+        name: ModuleName,
+        kind: ModuleKind,
+        search_path: ModuleSearchPath,
+        file: VfsFile,
+    ) -> Self {
+        Self {
+            inner: Arc::new(ModuleInner {
+                name,
+                kind,
+                search_path,
+                file,
+            }),
+        }
+    }
+
+    /// The absolute name of the module (e.g. `foo.bar`)
+    pub fn name(&self) -> &ModuleName {
+        &self.inner.name
+    }
+
+    /// The file to the source code that defines this module
+    pub fn file(&self) -> VfsFile {
+        self.inner.file
+    }
+
+    /// The search path from which the module was resolved.
+    pub fn search_path(&self) -> &ModuleSearchPath {
+        &self.inner.search_path
+    }
+
+    /// Determine whether this module is a single-file module or a package
+    pub fn kind(&self) -> ModuleKind {
+        self.inner.kind
+    }
+}
+
+impl std::fmt::Debug for Module {
+    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
+        f.debug_struct("Module")
+            .field("name", &self.name())
+            .field("kind", &self.kind())
+            .field("file", &self.file())
+            .field("search_path", &self.search_path())
+            .finish()
+    }
+}
+
+impl salsa::DebugWithDb<dyn Db> for Module {
+    fn fmt(&self, f: &mut Formatter<'_>, db: &dyn Db) -> std::fmt::Result {
+        f.debug_struct("Module")
+            .field("name", &self.name())
+            .field("kind", &self.kind())
+            .field("file", &self.file().debug(db.upcast()))
+            .field("search_path", &self.search_path())
+            .finish()
+    }
+}
+
+#[derive(PartialEq, Eq)]
+struct ModuleInner {
+    name: ModuleName,
+    kind: ModuleKind,
+    search_path: ModuleSearchPath,
+    file: VfsFile,
+}
+
+#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)]
+pub enum ModuleKind {
+    /// A single-file module (e.g. `foo.py` or `foo.pyi`)
+    Module,
+
+    /// A python package (`foo/__init__.py` or `foo/__init__.pyi`)
+    Package,
+}
+
+/// A search path in which to search modules.
+/// Corresponds to a path in [`sys.path`](https://docs.python.org/3/library/sys_path_init.html) at runtime.
+///
+/// Cloning a search path is cheap because it's an `Arc`.
+#[derive(Clone, PartialEq, Eq)]
+pub struct ModuleSearchPath {
+    inner: Arc<ModuleSearchPathInner>,
+}
+
+impl ModuleSearchPath {
+    pub fn new<P>(path: P, kind: ModuleSearchPathKind) -> Self
+    where
+        P: Into<VfsPath>,
+    {
+        Self {
+            inner: Arc::new(ModuleSearchPathInner {
+                path: path.into(),
+                kind,
+            }),
+        }
+    }
+
+    /// Determine whether this is a first-party, third-party or standard-library search path
+    pub fn kind(&self) -> ModuleSearchPathKind {
+        self.inner.kind
+    }
+
+    /// Return the location of the search path on the file system
+    pub fn path(&self) -> &VfsPath {
+        &self.inner.path
+    }
+}
+
+impl std::fmt::Debug for ModuleSearchPath {
+    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
+        f.debug_struct("ModuleSearchPath")
+            .field("path", &self.inner.path)
+            .field("kind", &self.kind())
+            .finish()
+    }
+}
+
+#[derive(Eq, PartialEq)]
+struct ModuleSearchPathInner {
+    path: VfsPath,
+    kind: ModuleSearchPathKind,
+}
+
+/// Enumeration of the different kinds of search paths type checkers are expected to support.
+///
+/// N.B. Although we don't implement `Ord` for this enum, they are ordered in terms of the
+/// priority that we want to give these modules when resolving them.
+/// This is roughly [the order given in the typing spec], but typeshed's stubs
+/// for the standard library are moved higher up to match Python's semantics at runtime.
+///
+/// [the order given in the typing spec]: https://typing.readthedocs.io/en/latest/spec/distributing.html#import-resolution-ordering
+#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)]
+pub enum ModuleSearchPathKind {
+    /// "Extra" paths provided by the user in a config file, env var or CLI flag.
+    /// E.g. mypy's `MYPYPATH` env var, or pyright's `stubPath` configuration setting
+    Extra,
+
+    /// Files in the project we're directly being invoked on
+    FirstParty,
+
+    /// The `stdlib` directory of typeshed (either vendored or custom)
+    StandardLibrary,
+
+    /// Stubs or runtime modules installed in site-packages
+    SitePackagesThirdParty,
+
+    /// Vendored third-party stubs from typeshed
+    VendoredThirdParty,
+}
--- a/crates/red_knot_module_resolver/src/resolver.rs
+++ b/crates/red_knot_module_resolver/src/resolver.rs
@@ -0,0 +1,938 @@
+use salsa::DebugWithDb;
+use std::ops::Deref;
+
+use ruff_db::file_system::{FileSystem, FileSystemPath, FileSystemPathBuf};
+use ruff_db::vfs::{system_path_to_file, vfs_path_to_file, VfsFile, VfsPath};
+
+use crate::module::{Module, ModuleKind, ModuleName, ModuleSearchPath, ModuleSearchPathKind};
+use crate::resolver::internal::ModuleResolverSearchPaths;
+use crate::Db;
+
+const TYPESHED_STDLIB_DIRECTORY: &str = "stdlib";
+
+/// Configures the module search paths for the module resolver.
+///
+/// Must be called before calling any other module resolution functions.
+pub fn set_module_resolution_settings(db: &mut dyn Db, config: ModuleResolutionSettings) {
+    // There's no concurrency issue here because we hold a `&mut dyn Db` reference. No other
+    // thread can mutate the `Db` while we're in this call, so using `try_get` to test if
+    // the settings have already been set is safe.
+    if let Some(existing) = ModuleResolverSearchPaths::try_get(db) {
+        existing
+            .set_search_paths(db)
+            .to(config.into_ordered_search_paths());
+    } else {
+        ModuleResolverSearchPaths::new(db, config.into_ordered_search_paths());
+    }
+}
+
+/// Resolves a module name to a module.
+pub fn resolve_module(db: &dyn Db, module_name: ModuleName) -> Option<Module> {
+    let interned_name = internal::ModuleNameIngredient::new(db, module_name);
+
+    resolve_module_query(db, interned_name)
+}
+
+/// Salsa query that resolves an interned [`ModuleNameIngredient`] to a module.
+///
+/// This query should not be called directly. Instead, use [`resolve_module`]. It only exists
+/// because Salsa requires the module name to be an ingredient.
+#[salsa::tracked]
+pub(crate) fn resolve_module_query<'db>(
+    db: &'db dyn Db,
+    module_name: internal::ModuleNameIngredient<'db>,
+) -> Option<Module> {
+    let _ = tracing::trace_span!("resolve_module", module_name = ?module_name.debug(db)).enter();
+
+    let name = module_name.name(db);
+
+    let (search_path, module_file, kind) = resolve_name(db, name)?;
+
+    let module = Module::new(name.clone(), kind, search_path, module_file);
+
+    Some(module)
+}
+
+/// Resolves the module for the given path.
+///
+/// Returns `None` if the path is not a module locatable via `sys.path`.
+#[tracing::instrument(level = "debug", skip(db))]
+pub fn path_to_module(db: &dyn Db, path: &VfsPath) -> Option<Module> {
+    // It's not entirely clear on first sight why this method calls `file_to_module` instead of
+    // it being the other way round, considering that the first thing that `file_to_module` does
+    // is to retrieve the file's path.
+    //
+    // The reason is that `file_to_module` is a tracked Salsa query and salsa queries require that
+    // all arguments are Salsa ingredients (something stored in Salsa). `Path`s aren't salsa ingredients but
+    // `VfsFile` is. So what we do here is to retrieve the `path`'s `VfsFile` so that we can make
+    // use of Salsa's caching and invalidation.
+    let file = vfs_path_to_file(db.upcast(), path)?;
+    file_to_module(db, file)
+}
+
+/// Resolves the module for the file with the given id.
+///
+/// Returns `None` if the file is not a module locatable via `sys.path`.
+#[salsa::tracked]
+#[allow(unused)]
+pub(crate) fn file_to_module(db: &dyn Db, file: VfsFile) -> Option<Module> {
+    let _ = tracing::trace_span!("file_to_module", file = ?file.debug(db.upcast())).enter();
+
+    let path = file.path(db.upcast());
+
+    let search_paths = module_search_paths(db);
+
+    let relative_path = search_paths
+        .iter()
+        .find_map(|root| match (root.path(), path) {
+            (VfsPath::FileSystem(root_path), VfsPath::FileSystem(path)) => {
+                let relative_path = path.strip_prefix(root_path).ok()?;
+                Some(relative_path)
+            }
+            (VfsPath::Vendored(_), VfsPath::Vendored(_)) => {
+                todo!("Add support for vendored modules")
+            }
+            (VfsPath::Vendored(_), VfsPath::FileSystem(_))
+            | (VfsPath::FileSystem(_), VfsPath::Vendored(_)) => None,
+        })?;
+
+    let module_name = ModuleName::from_relative_path(relative_path)?;
+
+    // Resolve the module name to see if Python would resolve the name to the same path.
+    // If it doesn't, then that means that multiple modules have the same name in different
+    // root paths, but that the module corresponding to `path` is in a lower priority search path,
+    // in which case we ignore it.
+    let module = resolve_module(db, module_name)?;
+
+    if file == module.file() {
+        Some(module)
+    } else {
+        // This path is for a module with the same name but with a different precedence. For example:
+        // ```
+        // src/foo.py
+        // src/foo/__init__.py
+        // ```
+        // The module name of `src/foo.py` is `foo`, but the module loaded by Python is `src/foo/__init__.py`.
+        // That means we need to ignore `src/foo.py` even though it resolves to the same module name.
+        None
+    }
+}
+
+/// Configures the search paths that are used to resolve modules.
+#[derive(Eq, PartialEq, Debug)]
+pub struct ModuleResolutionSettings {
+    /// List of user-provided paths that should take first priority in the module resolution.
+    /// Examples in other type checkers are mypy's MYPYPATH environment variable,
+    /// or pyright's stubPath configuration setting.
+    pub extra_paths: Vec<FileSystemPathBuf>,
+
+    /// The root of the workspace, used for finding first-party modules.
+    pub workspace_root: FileSystemPathBuf,
+
+    /// The path to the user's `site-packages` directory, where third-party packages from ``PyPI`` are installed.
+    pub site_packages: Option<FileSystemPathBuf>,
+
+    /// Optional path to standard-library typeshed stubs.
+    /// Currently this has to be a directory that exists on disk.
+    ///
+    /// (TODO: fall back to vendored stubs if no custom directory is provided.)
+    pub custom_typeshed: Option<FileSystemPathBuf>,
+}
+
+impl ModuleResolutionSettings {
+    /// Implementation of PEP 561's module resolution order
+    /// (with some small, deliberate, differences)
+    fn into_ordered_search_paths(self) -> OrderedSearchPaths {
+        let ModuleResolutionSettings {
+            extra_paths,
+            workspace_root,
+            site_packages,
+            custom_typeshed,
+        } = self;
+
+        let mut paths: Vec<_> = extra_paths
+            .into_iter()
+            .map(|path| ModuleSearchPath::new(path, ModuleSearchPathKind::Extra))
+            .collect();
+
+        paths.push(ModuleSearchPath::new(
+            workspace_root,
+            ModuleSearchPathKind::FirstParty,
+        ));
+
+        // TODO fallback to vendored typeshed stubs if no custom typeshed directory is provided by the user
+        if let Some(custom_typeshed) = custom_typeshed {
+            paths.push(ModuleSearchPath::new(
+                custom_typeshed.join(TYPESHED_STDLIB_DIRECTORY),
+                ModuleSearchPathKind::StandardLibrary,
+            ));
+        }
+
+        // TODO vendor typeshed's third-party stubs as well as the stdlib and fallback to them as a final step
+        if let Some(site_packages) = site_packages {
+            paths.push(ModuleSearchPath::new(
+                site_packages,
+                ModuleSearchPathKind::SitePackagesThirdParty,
+            ));
+        }
+
+        OrderedSearchPaths(paths)
+    }
+}
+
+/// A resolved module resolution order, implementing PEP 561
+/// (with some small, deliberate differences)
+#[derive(Clone, Debug, Default, Eq, PartialEq)]
+pub(crate) struct OrderedSearchPaths(Vec<ModuleSearchPath>);
+
+impl Deref for OrderedSearchPaths {
+    type Target = [ModuleSearchPath];
+
+    fn deref(&self) -> &Self::Target {
+        &self.0
+    }
+}
+
+// The singleton methods generated by salsa are all `pub` instead of `pub(crate)` which triggers
+// `unreachable_pub`. Work around this by creating a module and allow `unreachable_pub` for it.
+// Salsa also generates uses to `_db` variables for `interned` which triggers `clippy::used_underscore_binding`. Suppress that too
+// TODO(micha): Contribute a fix for this upstream where the singleton methods have the same visibility as the struct.
+#[allow(unreachable_pub, clippy::used_underscore_binding)]
+pub(crate) mod internal {
+    use crate::module::ModuleName;
+    use crate::resolver::OrderedSearchPaths;
+
+    #[salsa::input(singleton)]
+    pub(crate) struct ModuleResolverSearchPaths {
+        #[return_ref]
+        pub(super) search_paths: OrderedSearchPaths,
+    }
+
+    /// A thin wrapper around `ModuleName` to make it a Salsa ingredient.
+    ///
+    /// This is needed because Salsa requires that all query arguments are salsa ingredients.
+    #[salsa::interned]
+    pub(crate) struct ModuleNameIngredient<'db> {
+        #[return_ref]
+        pub(super) name: ModuleName,
+    }
+}
+
+fn module_search_paths(db: &dyn Db) -> &[ModuleSearchPath] {
+    ModuleResolverSearchPaths::get(db).search_paths(db)
+}
+
+/// Given a module name and a list of search paths in which to lookup modules,
+/// attempt to resolve the module name
+fn resolve_name(db: &dyn Db, name: &ModuleName) -> Option<(ModuleSearchPath, VfsFile, ModuleKind)> {
+    let search_paths = module_search_paths(db);
+
+    for search_path in search_paths {
+        let mut components = name.components();
+        let module_name = components.next_back()?;
+
+        let VfsPath::FileSystem(fs_search_path) = search_path.path() else {
+            todo!("Vendored search paths are not yet supported");
+        };
+
+        match resolve_package(db.file_system(), fs_search_path, components) {
+            Ok(resolved_package) => {
+                let mut package_path = resolved_package.path;
+
+                package_path.push(module_name);
+
+                // Must be a `__init__.pyi` or `__init__.py` or it isn't a package.
+                let kind = if db.file_system().is_directory(&package_path) {
+                    package_path.push("__init__");
+                    ModuleKind::Package
+                } else {
+                    ModuleKind::Module
+                };
+
+                // TODO Implement full https://peps.python.org/pep-0561/#type-checker-module-resolution-order resolution
+                let stub = package_path.with_extension("pyi");
+
+                if let Some(stub) = system_path_to_file(db.upcast(), &stub) {
+                    return Some((search_path.clone(), stub, kind));
+                }
+
+                let module = package_path.with_extension("py");
+
+                if let Some(module) = system_path_to_file(db.upcast(), &module) {
+                    return Some((search_path.clone(), module, kind));
+                }
+
+                // For regular packages, don't search the next search path. All files of that
+                // package must be in the same location
+                if resolved_package.kind.is_regular_package() {
+                    return None;
+                }
+            }
+            Err(parent_kind) => {
+                if parent_kind.is_regular_package() {
+                    // For regular packages, don't search the next search path.
+                    return None;
+                }
+            }
+        }
+    }
+
+    None
+}
+
+fn resolve_package<'a, I>(
+    fs: &dyn FileSystem,
+    module_search_path: &FileSystemPath,
+    components: I,
+) -> Result<ResolvedPackage, PackageKind>
+where
+    I: Iterator<Item = &'a str>,
+{
+    let mut package_path = module_search_path.to_path_buf();
+
+    // `true` if inside a folder that is a namespace package (has no `__init__.py`).
+    // Namespace packages are special because they can be spread across multiple search paths.
+    // https://peps.python.org/pep-0420/
+    let mut in_namespace_package = false;
+
+    // `true` if resolving a sub-package. For example, `true` when resolving `bar` of `foo.bar`.
+    let mut in_sub_package = false;
+
+    // For `foo.bar.baz`, test that `foo` and `baz` both contain a `__init__.py`.
+    for folder in components {
+        package_path.push(folder);
+
+        let has_init_py = fs.is_file(&package_path.join("__init__.py"))
+            || fs.is_file(&package_path.join("__init__.pyi"));
+
+        if has_init_py {
+            in_namespace_package = false;
+        } else if fs.is_directory(&package_path) {
+            // A directory without an `__init__.py` is a namespace package, continue with the next folder.
+            in_namespace_package = true;
+        } else if in_namespace_package {
+            // Package not found but it is part of a namespace package.
+            return Err(PackageKind::Namespace);
+        } else if in_sub_package {
+            // A regular sub package wasn't found.
+            return Err(PackageKind::Regular);
+        } else {
+            // We couldn't find `foo` for `foo.bar.baz`, search the next search path.
+            return Err(PackageKind::Root);
+        }
+
+        in_sub_package = true;
+    }
+
+    let kind = if in_namespace_package {
+        PackageKind::Namespace
+    } else if in_sub_package {
+        PackageKind::Regular
+    } else {
+        PackageKind::Root
+    };
+
+    Ok(ResolvedPackage {
+        kind,
+        path: package_path,
+    })
+}
+
+#[derive(Debug)]
+struct ResolvedPackage {
+    path: FileSystemPathBuf,
+    kind: PackageKind,
+}
+
+#[derive(Copy, Clone, Eq, PartialEq, Debug)]
+enum PackageKind {
+    /// A root package or module. E.g. `foo` in `foo.bar.baz` or just `foo`.
+    Root,
+
+    /// A regular sub-package where the parent contains an `__init__.py`.
+    ///
+    /// For example, `bar` in `foo.bar` when the `foo` directory contains an `__init__.py`.
+    Regular,
+
+    /// A sub-package in a namespace package. A namespace package is a package without an `__init__.py`.
+    ///
+    /// For example, `bar` in `foo.bar` if the `foo` directory contains no `__init__.py`.
+    Namespace,
+}
+
+impl PackageKind {
+    const fn is_regular_package(self) -> bool {
+        matches!(self, PackageKind::Regular)
+    }
+}
+
+#[cfg(test)]
+mod tests {
+
+    use ruff_db::file_system::{FileSystemPath, FileSystemPathBuf};
+    use ruff_db::vfs::{system_path_to_file, VfsFile, VfsPath};
+
+    use crate::db::tests::TestDb;
+    use crate::module::{ModuleKind, ModuleName};
+
+    use super::{
+        path_to_module, resolve_module, set_module_resolution_settings, ModuleResolutionSettings,
+        TYPESHED_STDLIB_DIRECTORY,
+    };
+
+    struct TestCase {
+        db: TestDb,
+
+        src: FileSystemPathBuf,
+        custom_typeshed: FileSystemPathBuf,
+        site_packages: FileSystemPathBuf,
+    }
+
+    fn create_resolver() -> std::io::Result<TestCase> {
+        let mut db = TestDb::new();
+
+        let src = FileSystemPath::new("src").to_path_buf();
+        let site_packages = FileSystemPath::new("site_packages").to_path_buf();
+        let custom_typeshed = FileSystemPath::new("typeshed").to_path_buf();
+
+        let fs = db.memory_file_system();
+
+        fs.create_directory_all(&src)?;
+        fs.create_directory_all(&site_packages)?;
+        fs.create_directory_all(&custom_typeshed)?;
+
+        let settings = ModuleResolutionSettings {
+            extra_paths: vec![],
+            workspace_root: src.clone(),
+            site_packages: Some(site_packages.clone()),
+            custom_typeshed: Some(custom_typeshed.clone()),
+        };
+
+        set_module_resolution_settings(&mut db, settings);
+
+        Ok(TestCase {
+            db,
+            src,
+            custom_typeshed,
+            site_packages,
+        })
+    }
+
+    #[test]
+    fn first_party_module() -> anyhow::Result<()> {
+        let TestCase { db, src, .. } = create_resolver()?;
+
+        let foo_module_name = ModuleName::new_static("foo").unwrap();
+        let foo_path = src.join("foo.py");
+        db.memory_file_system()
+            .write_file(&foo_path, "print('Hello, world!')")?;
+
+        let foo_module = resolve_module(&db, foo_module_name.clone()).unwrap();
+
+        assert_eq!(
+            Some(&foo_module),
+            resolve_module(&db, foo_module_name.clone()).as_ref()
+        );
+
+        assert_eq!("foo", foo_module.name());
+        assert_eq!(&src, foo_module.search_path().path());
+        assert_eq!(ModuleKind::Module, foo_module.kind());
+        assert_eq!(&foo_path, foo_module.file().path(&db));
+
+        assert_eq!(
+            Some(foo_module),
+            path_to_module(&db, &VfsPath::FileSystem(foo_path))
+        );
+
+        Ok(())
+    }
+
+    #[test]
+    fn stdlib() -> anyhow::Result<()> {
+        let TestCase {
+            db,
+            custom_typeshed,
+            ..
+        } = create_resolver()?;
+
+        let stdlib_dir = custom_typeshed.join(TYPESHED_STDLIB_DIRECTORY);
+        let functools_path = stdlib_dir.join("functools.py");
+        db.memory_file_system()
+            .write_file(&functools_path, "def update_wrapper(): ...")?;
+
+        let functools_module_name = ModuleName::new_static("functools").unwrap();
+        let functools_module = resolve_module(&db, functools_module_name.clone()).unwrap();
+
+        assert_eq!(
+            Some(&functools_module),
+            resolve_module(&db, functools_module_name).as_ref()
+        );
+
+        assert_eq!(&stdlib_dir, functools_module.search_path().path());
+        assert_eq!(ModuleKind::Module, functools_module.kind());
+        assert_eq!(&functools_path.clone(), functools_module.file().path(&db));
+
+        assert_eq!(
+            Some(functools_module),
+            path_to_module(&db, &VfsPath::FileSystem(functools_path))
+        );
+
+        Ok(())
+    }
+
+    #[test]
+    fn first_party_precedence_over_stdlib() -> anyhow::Result<()> {
+        let TestCase {
+            db,
+            src,
+            custom_typeshed,
+            ..
+        } = create_resolver()?;
+
+        let stdlib_dir = custom_typeshed.join(TYPESHED_STDLIB_DIRECTORY);
+        let stdlib_functools_path = stdlib_dir.join("functools.py");
+        let first_party_functools_path = src.join("functools.py");
+
+        db.memory_file_system().write_files([
+            (&stdlib_functools_path, "def update_wrapper(): ..."),
+            (&first_party_functools_path, "def update_wrapper(): ..."),
+        ])?;
+
+        let functools_module_name = ModuleName::new_static("functools").unwrap();
+        let functools_module = resolve_module(&db, functools_module_name.clone()).unwrap();
+
+        assert_eq!(
+            Some(&functools_module),
+            resolve_module(&db, functools_module_name).as_ref()
+        );
+        assert_eq!(&src, functools_module.search_path().path());
+        assert_eq!(ModuleKind::Module, functools_module.kind());
+        assert_eq!(
+            &first_party_functools_path.clone(),
+            functools_module.file().path(&db)
+        );
+
+        assert_eq!(
+            Some(functools_module),
+            path_to_module(&db, &VfsPath::FileSystem(first_party_functools_path))
+        );
+
+        Ok(())
+    }
+
+    // TODO: Port typeshed test case. Porting isn't possible at the moment because the vendored zip
+    //   is part of the red knot crate
+    // #[test]
+    // fn typeshed_zip_created_at_build_time() -> anyhow::Result<()> {
+    //     // The file path here is hardcoded in this crate's `build.rs` script.
+    //     // Luckily this crate will fail to build if this file isn't available at build time.
+    //     const TYPESHED_ZIP_BYTES: &[u8] =
+    //         include_bytes!(concat!(env!("OUT_DIR"), "/zipped_typeshed.zip"));
+    //     assert!(!TYPESHED_ZIP_BYTES.is_empty());
+    //     let mut typeshed_zip_archive = ZipArchive::new(Cursor::new(TYPESHED_ZIP_BYTES))?;
+    //
+    //     let path_to_functools = Path::new("stdlib").join("functools.pyi");
+    //     let mut functools_module_stub = typeshed_zip_archive
+    //         .by_name(path_to_functools.to_str().unwrap())
+    //         .unwrap();
+    //     assert!(functools_module_stub.is_file());
+    //
+    //     let mut functools_module_stub_source = String::new();
+    //     functools_module_stub.read_to_string(&mut functools_module_stub_source)?;
+    //
+    //     assert!(functools_module_stub_source.contains("def update_wrapper("));
+    //     Ok(())
+    // }
+
+    #[test]
+    fn resolve_package() -> anyhow::Result<()> {
+        let TestCase { src, db, .. } = create_resolver()?;
+
+        let foo_dir = src.join("foo");
+        let foo_path = foo_dir.join("__init__.py");
+
+        db.memory_file_system()
+            .write_file(&foo_path, "print('Hello, world!')")?;
+
+        let foo_module = resolve_module(&db, ModuleName::new_static("foo").unwrap()).unwrap();
+
+        assert_eq!("foo", foo_module.name());
+        assert_eq!(&src, foo_module.search_path().path());
+        assert_eq!(&foo_path, foo_module.file().path(&db));
+
+        assert_eq!(
+            Some(&foo_module),
+            path_to_module(&db, &VfsPath::FileSystem(foo_path)).as_ref()
+        );
+
+        // Resolving by directory doesn't resolve to the init file.
+        assert_eq!(None, path_to_module(&db, &VfsPath::FileSystem(foo_dir)));
+
+        Ok(())
+    }
+
+    #[test]
+    fn package_priority_over_module() -> anyhow::Result<()> {
+        let TestCase { db, src, .. } = create_resolver()?;
+
+        let foo_dir = src.join("foo");
+        let foo_init = foo_dir.join("__init__.py");
+
+        db.memory_file_system()
+            .write_file(&foo_init, "print('Hello, world!')")?;
+
+        let foo_py = src.join("foo.py");
+        db.memory_file_system()
+            .write_file(&foo_py, "print('Hello, world!')")?;
+
+        let foo_module = resolve_module(&db, ModuleName::new_static("foo").unwrap()).unwrap();
+
+        assert_eq!(&src, foo_module.search_path().path());
+        assert_eq!(&foo_init, foo_module.file().path(&db));
+        assert_eq!(ModuleKind::Package, foo_module.kind());
+
+        assert_eq!(
+            Some(foo_module),
+            path_to_module(&db, &VfsPath::FileSystem(foo_init))
+        );
+        assert_eq!(None, path_to_module(&db, &VfsPath::FileSystem(foo_py)));
+
+        Ok(())
+    }
+
+    #[test]
+    fn typing_stub_over_module() -> anyhow::Result<()> {
+        let TestCase { db, src, .. } = create_resolver()?;
+
+        let foo_stub = src.join("foo.pyi");
+        let foo_py = src.join("foo.py");
+        db.memory_file_system()
+            .write_files([(&foo_stub, "x: int"), (&foo_py, "print('Hello, world!')")])?;
+
+        let foo = resolve_module(&db, ModuleName::new_static("foo").unwrap()).unwrap();
+
+        assert_eq!(&src, foo.search_path().path());
+        assert_eq!(&foo_stub, foo.file().path(&db));
+
+        assert_eq!(
+            Some(foo),
+            path_to_module(&db, &VfsPath::FileSystem(foo_stub))
+        );
+        assert_eq!(None, path_to_module(&db, &VfsPath::FileSystem(foo_py)));
+
+        Ok(())
+    }
+
+    #[test]
+    fn sub_packages() -> anyhow::Result<()> {
+        let TestCase { db, src, .. } = create_resolver()?;
+
+        let foo = src.join("foo");
+        let bar = foo.join("bar");
+        let baz = bar.join("baz.py");
+
+        db.memory_file_system().write_files([
+            (&foo.join("__init__.py"), ""),
+            (&bar.join("__init__.py"), ""),
+            (&baz, "print('Hello, world!')"),
+        ])?;
+
+        let baz_module =
+            resolve_module(&db, ModuleName::new_static("foo.bar.baz").unwrap()).unwrap();
+
+        assert_eq!(&src, baz_module.search_path().path());
+        assert_eq!(&baz, baz_module.file().path(&db));
+
+        assert_eq!(
+            Some(baz_module),
+            path_to_module(&db, &VfsPath::FileSystem(baz))
+        );
+
+        Ok(())
+    }
+
+    #[test]
+    fn namespace_package() -> anyhow::Result<()> {
+        let TestCase {
+            db,
+            src,
+            site_packages,
+            ..
+        } = create_resolver()?;
+
+        // From [PEP420](https://peps.python.org/pep-0420/#nested-namespace-packages).
+        // But uses `src` for `project1` and `site_packages2` for `project2`.
+        // ```
+        // src
+        //   parent
+        //     child
+        //       one.py
+        // site_packages
+        //   parent
+        //     child
+        //       two.py
+        // ```
+
+        let parent1 = src.join("parent");
+        let child1 = parent1.join("child");
+        let one = child1.join("one.py");
+
+        let parent2 = site_packages.join("parent");
+        let child2 = parent2.join("child");
+        let two = child2.join("two.py");
+
+        db.memory_file_system().write_files([
+            (&one, "print('Hello, world!')"),
+            (&two, "print('Hello, world!')"),
+        ])?;
+
+        let one_module =
+            resolve_module(&db, ModuleName::new_static("parent.child.one").unwrap()).unwrap();
+
+        assert_eq!(
+            Some(one_module),
+            path_to_module(&db, &VfsPath::FileSystem(one))
+        );
+
+        let two_module =
+            resolve_module(&db, ModuleName::new_static("parent.child.two").unwrap()).unwrap();
+        assert_eq!(
+            Some(two_module),
+            path_to_module(&db, &VfsPath::FileSystem(two))
+        );
+
+        Ok(())
+    }
+
+    #[test]
+    fn regular_package_in_namespace_package() -> anyhow::Result<()> {
+        let TestCase {
+            db,
+            src,
+            site_packages,
+            ..
+        } = create_resolver()?;
+
+        // Adopted test case from the [PEP420 examples](https://peps.python.org/pep-0420/#nested-namespace-packages).
+        // The `src/parent/child` package is a regular package. Therefore, `site_packages/parent/child/two.py` should not be resolved.
+        // ```
+        // src
+        //   parent
+        //     child
+        //       one.py
+        // site_packages
+        //   parent
+        //     child
+        //       two.py
+        // ```
+
+        let parent1 = src.join("parent");
+        let child1 = parent1.join("child");
+        let one = child1.join("one.py");
+
+        let parent2 = site_packages.join("parent");
+        let child2 = parent2.join("child");
+        let two = child2.join("two.py");
+
+        db.memory_file_system().write_files([
+            (&child1.join("__init__.py"), "print('Hello, world!')"),
+            (&one, "print('Hello, world!')"),
+            (&two, "print('Hello, world!')"),
+        ])?;
+
+        let one_module =
+            resolve_module(&db, ModuleName::new_static("parent.child.one").unwrap()).unwrap();
+
+        assert_eq!(
+            Some(one_module),
+            path_to_module(&db, &VfsPath::FileSystem(one))
+        );
+
+        assert_eq!(
+            None,
+            resolve_module(&db, ModuleName::new_static("parent.child.two").unwrap())
+        );
+        Ok(())
+    }
+
+    #[test]
+    fn module_search_path_priority() -> anyhow::Result<()> {
+        let TestCase {
+            db,
+            src,
+            site_packages,
+            ..
+        } = create_resolver()?;
+
+        let foo_src = src.join("foo.py");
+        let foo_site_packages = site_packages.join("foo.py");
+
+        db.memory_file_system()
+            .write_files([(&foo_src, ""), (&foo_site_packages, "")])?;
+
+        let foo_module = resolve_module(&db, ModuleName::new_static("foo").unwrap()).unwrap();
+
+        assert_eq!(&src, foo_module.search_path().path());
+        assert_eq!(&foo_src, foo_module.file().path(&db));
+
+        assert_eq!(
+            Some(foo_module),
+            path_to_module(&db, &VfsPath::FileSystem(foo_src))
+        );
+        assert_eq!(
+            None,
+            path_to_module(&db, &VfsPath::FileSystem(foo_site_packages))
+        );
+
+        Ok(())
+    }
+
+    #[test]
+    #[cfg(target_family = "unix")]
+    fn symlink() -> anyhow::Result<()> {
+        let TestCase {
+            mut db,
+            src,
+            site_packages,
+            custom_typeshed,
+        } = create_resolver()?;
+
+        db.with_os_file_system();
+
+        let temp_dir = tempfile::tempdir()?;
+        let root = FileSystemPath::from_std_path(temp_dir.path()).unwrap();
+
+        let src = root.join(src);
+        let site_packages = root.join(site_packages);
+        let custom_typeshed = root.join(custom_typeshed);
+
+        let foo = src.join("foo.py");
+        let bar = src.join("bar.py");
+
+        std::fs::create_dir_all(src.as_std_path())?;
+        std::fs::create_dir_all(site_packages.as_std_path())?;
+        std::fs::create_dir_all(custom_typeshed.as_std_path())?;
+
+        std::fs::write(foo.as_std_path(), "")?;
+        std::os::unix::fs::symlink(foo.as_std_path(), bar.as_std_path())?;
+
+        let settings = ModuleResolutionSettings {
+            extra_paths: vec![],
+            workspace_root: src.clone(),
+            site_packages: Some(site_packages),
+            custom_typeshed: Some(custom_typeshed),
+        };
+
+        set_module_resolution_settings(&mut db, settings);
+
+        let foo_module = resolve_module(&db, ModuleName::new_static("foo").unwrap()).unwrap();
+        let bar_module = resolve_module(&db, ModuleName::new_static("bar").unwrap()).unwrap();
+
+        assert_ne!(foo_module, bar_module);
+
+        assert_eq!(&src, foo_module.search_path().path());
+        assert_eq!(&foo, foo_module.file().path(&db));
+
+        // `foo` and `bar` shouldn't resolve to the same file
+
+        assert_eq!(&src, bar_module.search_path().path());
+        assert_eq!(&bar, bar_module.file().path(&db));
+        assert_eq!(&foo, foo_module.file().path(&db));
+
+        assert_ne!(&foo_module, &bar_module);
+
+        assert_eq!(
+            Some(foo_module),
+            path_to_module(&db, &VfsPath::FileSystem(foo))
+        );
+        assert_eq!(
+            Some(bar_module),
+            path_to_module(&db, &VfsPath::FileSystem(bar))
+        );
+
+        Ok(())
+    }
+
+    #[test]
+    fn deleting_an_unrealted_file_doesnt_change_module_resolution() -> anyhow::Result<()> {
+        let TestCase { mut db, src, .. } = create_resolver()?;
+
+        let foo_path = src.join("foo.py");
+        let bar_path = src.join("bar.py");
+
+        db.memory_file_system()
+            .write_files([(&foo_path, "x = 1"), (&bar_path, "y = 2")])?;
+
+        let foo_module_name = ModuleName::new_static("foo").unwrap();
+        let foo_module = resolve_module(&db, foo_module_name.clone()).unwrap();
+
+        let bar = system_path_to_file(&db, &bar_path).expect("bar.py to exist");
+
+        db.clear_salsa_events();
+
+        // Delete `bar.py`
+        db.memory_file_system().remove_file(&bar_path)?;
+        bar.touch(&mut db);
+
+        // Re-query the foo module. The foo module should still be cached because `bar.py` isn't relevant
+        // for resolving `foo`.
+
+        let foo_module2 = resolve_module(&db, foo_module_name);
+
+        assert!(!db
+            .take_salsa_events()
+            .iter()
+            .any(|event| { matches!(event.kind, salsa::EventKind::WillExecute { .. }) }));
+
+        assert_eq!(Some(foo_module), foo_module2);
+
+        Ok(())
+    }
+
+    #[test]
+    fn adding_a_file_on_which_the_module_resolution_depends_on_invalidates_the_query(
+    ) -> anyhow::Result<()> {
+        let TestCase { mut db, src, .. } = create_resolver()?;
+        let foo_path = src.join("foo.py");
+
+        let foo_module_name = ModuleName::new_static("foo").unwrap();
+        assert_eq!(resolve_module(&db, foo_module_name.clone()), None);
+
+        // Now write the foo file
+        db.memory_file_system().write_file(&foo_path, "x = 1")?;
+        VfsFile::touch_path(&mut db, &VfsPath::FileSystem(foo_path.clone()));
+        let foo_file = system_path_to_file(&db, &foo_path).expect("foo.py to exist");
+
+        let foo_module = resolve_module(&db, foo_module_name).expect("Foo module to resolve");
+        assert_eq!(foo_file, foo_module.file());
+
+        Ok(())
+    }
+
+    #[test]
+    fn removing_a_file_that_the_module_resolution_depends_on_invalidates_the_query(
+    ) -> anyhow::Result<()> {
+        let TestCase { mut db, src, .. } = create_resolver()?;
+        let foo_path = src.join("foo.py");
+        let foo_init_path = src.join("foo/__init__.py");
+
+        db.memory_file_system()
+            .write_files([(&foo_path, "x = 1"), (&foo_init_path, "x = 2")])?;
+
+        let foo_module_name = ModuleName::new_static("foo").unwrap();
+        let foo_module = resolve_module(&db, foo_module_name.clone()).expect("foo module to exist");
+
+        assert_eq!(&foo_init_path, foo_module.file().path(&db));
+
+        // Delete `foo/__init__.py` and the `foo` folder. `foo` should now resolve to `foo.py`
+        db.memory_file_system().remove_file(&foo_init_path)?;
+        db.memory_file_system()
+            .remove_directory(foo_init_path.parent().unwrap())?;
+        VfsFile::touch_path(&mut db, &VfsPath::FileSystem(foo_init_path.clone()));
+
+        let foo_module = resolve_module(&db, foo_module_name).expect("Foo module to resolve");
+        assert_eq!(&foo_path, foo_module.file().path(&db));
+
+        Ok(())
+    }
+}
--- a/crates/red_knot_module_resolver/src/typeshed.rs
+++ b/crates/red_knot_module_resolver/src/typeshed.rs
@@ -0,0 +1,91 @@
+pub(crate) mod versions;
+
+#[cfg(test)]
+mod tests {
+    use std::io::{self, Read};
+    use std::path::Path;
+
+    use ruff_db::vendored::VendoredFileSystem;
+    use ruff_db::vfs::VendoredPath;
+
+    // The file path here is hardcoded in this crate's `build.rs` script.
+    // Luckily this crate will fail to build if this file isn't available at build time.
+    const TYPESHED_ZIP_BYTES: &[u8] =
+        include_bytes!(concat!(env!("OUT_DIR"), "/zipped_typeshed.zip"));
+
+    #[test]
+    fn typeshed_zip_created_at_build_time() {
+        let mut typeshed_zip_archive =
+            zip::ZipArchive::new(io::Cursor::new(TYPESHED_ZIP_BYTES)).unwrap();
+
+        let mut functools_module_stub = typeshed_zip_archive
+            .by_name("stdlib/functools.pyi")
+            .unwrap();
+        assert!(functools_module_stub.is_file());
+
+        let mut functools_module_stub_source = String::new();
+        functools_module_stub
+            .read_to_string(&mut functools_module_stub_source)
+            .unwrap();
+
+        assert!(functools_module_stub_source.contains("def update_wrapper("));
+    }
+
+    #[test]
+    fn typeshed_vfs_consistent_with_vendored_stubs() {
+        let vendored_typeshed_dir = Path::new("vendor/typeshed").canonicalize().unwrap();
+        let vendored_typeshed_stubs = VendoredFileSystem::new(TYPESHED_ZIP_BYTES).unwrap();
+
+        let mut empty_iterator = true;
+        for entry in walkdir::WalkDir::new(&vendored_typeshed_dir).min_depth(1) {
+            empty_iterator = false;
+            let entry = entry.unwrap();
+            let absolute_path = entry.path();
+            let file_type = entry.file_type();
+
+            let relative_path = absolute_path
+                .strip_prefix(&vendored_typeshed_dir)
+                .unwrap_or_else(|_| {
+                    panic!("Expected {absolute_path:?} to be a child of {vendored_typeshed_dir:?}")
+                });
+
+            let vendored_path = <&VendoredPath>::try_from(relative_path)
+                .unwrap_or_else(|_| panic!("Expected {relative_path:?} to be valid UTF-8"));
+
+            assert!(
+                vendored_typeshed_stubs.exists(vendored_path),
+                "Expected {vendored_path:?} to exist in the `VendoredFileSystem`!
+
+                Vendored file system:
+
+                {vendored_typeshed_stubs:#?}
+                "
+            );
+
+            let vendored_path_kind = vendored_typeshed_stubs
+                .metadata(vendored_path)
+                .unwrap_or_else(|| {
+                    panic!(
+                        "Expected metadata for {vendored_path:?} to be retrievable from the `VendoredFileSystem!
+
+                        Vendored file system:
+
+                        {vendored_typeshed_stubs:#?}
+                        "
+                    )
+                })
+                .kind();
+
+            assert_eq!(
+                vendored_path_kind.is_directory(),
+                file_type.is_dir(),
+                "{vendored_path:?} had type {vendored_path_kind:?}, inconsistent with fs path {relative_path:?}: {file_type:?}"
+            );
+        }
+
+        assert!(
+            !empty_iterator,
+            "Expected there to be at least one file or directory in the vendored typeshed stubs!"
+        );
+    }
+}
--- a/crates/red_knot_module_resolver/src/typeshed/versions.rs
+++ b/crates/red_knot_module_resolver/src/typeshed/versions.rs
@@ -5,9 +5,8 @@ use std::ops::{RangeFrom, RangeInclusive};
 use std::str::FromStr;

 use rustc_hash::FxHashMap;
-use smol_str::SmolStr;

-use ruff_python_stdlib::identifiers::is_identifier;
+use crate::module::ModuleName;

 #[derive(Debug, PartialEq, Eq)]
 pub struct TypeshedVersionsParseError {
@@ -82,7 +81,7 @@ impl fmt::Display for TypeshedVersionsParseErrorKind {
 }

 #[derive(Debug, PartialEq, Eq)]
-pub struct TypeshedVersions(FxHashMap<SmolStr, PyVersionRange>);
+pub struct TypeshedVersions(FxHashMap<ModuleName, PyVersionRange>);

 impl TypeshedVersions {
    pub fn len(&self) -> usize {
@@ -93,24 +92,22 @@ impl TypeshedVersions {
        self.0.is_empty()
    }

-    pub fn contains_module(&self, module_name: impl Into<SmolStr>) -> bool {
-        self.0.contains_key(&module_name.into())
+    pub fn contains_module(&self, module_name: &ModuleName) -> bool {
+        self.0.contains_key(module_name)
    }

    pub fn module_exists_on_version(
        &self,
-        module: impl Into<SmolStr>,
+        module: ModuleName,
        version: impl Into<PyVersion>,
    ) -> bool {
        let version = version.into();
-        let mut module: Option<SmolStr> = Some(module.into());
+        let mut module: Option<ModuleName> = Some(module);
        while let Some(module_to_try) = module {
            if let Some(range) = self.0.get(&module_to_try) {
                return range.contains(version);
            }
-            module = module_to_try
-                .rsplit_once('.')
-                .map(|(parent, _)| SmolStr::new(parent));
+            module = module_to_try.parent();
        }
        false
    }
@@ -149,15 +146,14 @@ impl FromStr for TypeshedVersions {
                });
            };

-            let module_name = SmolStr::new(module_name);
-            if !module_name.split('.').all(is_identifier) {
+            let Some(module_name) = ModuleName::new(module_name) else {
                return Err(TypeshedVersionsParseError {
                    line_number,
                    reason: TypeshedVersionsParseErrorKind::InvalidModuleName(
                        module_name.to_string(),
                    ),
                });
-            }
+            };

            match PyVersionRange::from_str(rest) {
                Ok(version) => map.insert(module_name, version),
@@ -176,7 +172,7 @@ impl FromStr for TypeshedVersions {

 impl fmt::Display for TypeshedVersions {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        let sorted_items: BTreeMap<&SmolStr, &PyVersionRange> = self.0.iter().collect();
+        let sorted_items: BTreeMap<&ModuleName, &PyVersionRange> = self.0.iter().collect();
        for (module_name, range) in sorted_items {
            writeln!(f, "{module_name}: {range}")?;
        }
@@ -312,11 +308,14 @@ impl From<SupportedPyVersion> for PyVersion {
 #[cfg(test)]
 mod tests {
    use std::num::{IntErrorKind, NonZeroU16};
+    use std::path::Path;

    use super::*;

    use insta::assert_snapshot;

+    const TYPESHED_STDLIB_DIR: &str = "stdlib";
+
    #[allow(unsafe_code)]
    const ONE: NonZeroU16 = unsafe { NonZeroU16::new_unchecked(1) };

@@ -331,16 +330,76 @@ mod tests {
        assert!(versions.len() > 100);
        assert!(versions.len() < 1000);

-        assert!(versions.contains_module("asyncio"));
-        assert!(versions.module_exists_on_version("asyncio", SupportedPyVersion::Py310));
+        let asyncio = ModuleName::new_static("asyncio").unwrap();
+        let asyncio_staggered = ModuleName::new_static("asyncio.staggered").unwrap();
+        let audioop = ModuleName::new_static("audioop").unwrap();

-        assert!(versions.contains_module("asyncio.staggered"));
-        assert!(versions.module_exists_on_version("asyncio.staggered", SupportedPyVersion::Py38));
-        assert!(!versions.module_exists_on_version("asyncio.staggered", SupportedPyVersion::Py37));
+        assert!(versions.contains_module(&asyncio));
+        assert!(versions.module_exists_on_version(asyncio, SupportedPyVersion::Py310));

-        assert!(versions.contains_module("audioop"));
-        assert!(versions.module_exists_on_version("audioop", SupportedPyVersion::Py312));
-        assert!(!versions.module_exists_on_version("audioop", SupportedPyVersion::Py313));
+        assert!(versions.contains_module(&asyncio_staggered));
+        assert!(
+            versions.module_exists_on_version(asyncio_staggered.clone(), SupportedPyVersion::Py38)
+        );
+        assert!(!versions.module_exists_on_version(asyncio_staggered, SupportedPyVersion::Py37));
+
+        assert!(versions.contains_module(&audioop));
+        assert!(versions.module_exists_on_version(audioop.clone(), SupportedPyVersion::Py312));
+        assert!(!versions.module_exists_on_version(audioop, SupportedPyVersion::Py313));
+    }
+
+    #[test]
+    fn typeshed_versions_consistent_with_vendored_stubs() {
+        const VERSIONS_DATA: &str = include_str!("../../vendor/typeshed/stdlib/VERSIONS");
+        let vendored_typeshed_dir = Path::new("vendor/typeshed").canonicalize().unwrap();
+        let vendored_typeshed_versions = TypeshedVersions::from_str(VERSIONS_DATA).unwrap();
+
+        let mut empty_iterator = true;
+
+        let stdlib_stubs_path = vendored_typeshed_dir.join(TYPESHED_STDLIB_DIR);
+
+        for entry in std::fs::read_dir(&stdlib_stubs_path).unwrap() {
+            empty_iterator = false;
+            let entry = entry.unwrap();
+            let absolute_path = entry.path();
+
+            let relative_path = absolute_path
+                .strip_prefix(&stdlib_stubs_path)
+                .unwrap_or_else(|_| panic!("Expected path to be a child of {stdlib_stubs_path:?} but found {absolute_path:?}"));
+
+            let relative_path_str = relative_path.as_os_str().to_str().unwrap_or_else(|| {
+                panic!("Expected all typeshed paths to be valid UTF-8; got {relative_path:?}")
+            });
+            if relative_path_str == "VERSIONS" {
+                continue;
+            }
+
+            let top_level_module = if let Some(extension) = relative_path.extension() {
+                // It was a file; strip off the file extension to get the module name:
+                let extension = extension
+                    .to_str()
+                    .unwrap_or_else(||panic!("Expected all file extensions to be UTF-8; was not true for {relative_path:?}"));
+
+                relative_path_str
+                    .strip_suffix(extension)
+                    .and_then(|string| string.strip_suffix('.')).unwrap_or_else(|| {
+                        panic!("Expected path {relative_path_str:?} to end with computed extension {extension:?}")
+                })
+            } else {
+                // It was a directory; no need to do anything to get the module name
+                relative_path_str
+            };
+
+            let top_level_module = ModuleName::new(top_level_module)
+                .unwrap_or_else(|| panic!("{top_level_module:?} was not a valid module name!"));
+
+            assert!(vendored_typeshed_versions.contains_module(&top_level_module));
+        }
+
+        assert!(
+            !empty_iterator,
+            "Expected there to be at least one file or directory in the vendored typeshed stubs"
+        );
    }

    #[test]
@@ -368,24 +427,29 @@ foo: 3.8-   # trailing comment
        "###
        );

-        assert!(parsed_versions.contains_module("foo"));
-        assert!(!parsed_versions.module_exists_on_version("foo", SupportedPyVersion::Py37));
-        assert!(parsed_versions.module_exists_on_version("foo", SupportedPyVersion::Py38));
-        assert!(parsed_versions.module_exists_on_version("foo", SupportedPyVersion::Py311));
+        let foo = ModuleName::new_static("foo").unwrap();
+        let bar = ModuleName::new_static("bar").unwrap();
+        let bar_baz = ModuleName::new_static("bar.baz").unwrap();
+        let spam = ModuleName::new_static("spam").unwrap();

-        assert!(parsed_versions.contains_module("bar"));
-        assert!(parsed_versions.module_exists_on_version("bar", SupportedPyVersion::Py37));
-        assert!(parsed_versions.module_exists_on_version("bar", SupportedPyVersion::Py310));
-        assert!(!parsed_versions.module_exists_on_version("bar", SupportedPyVersion::Py311));
+        assert!(parsed_versions.contains_module(&foo));
+        assert!(!parsed_versions.module_exists_on_version(foo.clone(), SupportedPyVersion::Py37));
+        assert!(parsed_versions.module_exists_on_version(foo.clone(), SupportedPyVersion::Py38));
+        assert!(parsed_versions.module_exists_on_version(foo, SupportedPyVersion::Py311));

-        assert!(parsed_versions.contains_module("bar.baz"));
-        assert!(parsed_versions.module_exists_on_version("bar.baz", SupportedPyVersion::Py37));
-        assert!(parsed_versions.module_exists_on_version("bar.baz", SupportedPyVersion::Py39));
-        assert!(!parsed_versions.module_exists_on_version("bar.baz", SupportedPyVersion::Py310));
+        assert!(parsed_versions.contains_module(&bar));
+        assert!(parsed_versions.module_exists_on_version(bar.clone(), SupportedPyVersion::Py37));
+        assert!(parsed_versions.module_exists_on_version(bar.clone(), SupportedPyVersion::Py310));
+        assert!(!parsed_versions.module_exists_on_version(bar, SupportedPyVersion::Py311));

-        assert!(!parsed_versions.contains_module("spam"));
-        assert!(!parsed_versions.module_exists_on_version("spam", SupportedPyVersion::Py37));
-        assert!(!parsed_versions.module_exists_on_version("spam", SupportedPyVersion::Py313));
+        assert!(parsed_versions.contains_module(&bar_baz));
+        assert!(parsed_versions.module_exists_on_version(bar_baz.clone(), SupportedPyVersion::Py37));
+        assert!(parsed_versions.module_exists_on_version(bar_baz.clone(), SupportedPyVersion::Py39));
+        assert!(!parsed_versions.module_exists_on_version(bar_baz, SupportedPyVersion::Py310));
+
+        assert!(!parsed_versions.contains_module(&spam));
+        assert!(!parsed_versions.module_exists_on_version(spam.clone(), SupportedPyVersion::Py37));
+        assert!(!parsed_versions.module_exists_on_version(spam, SupportedPyVersion::Py313));
    }

    #[test]
--- a/crates/red_knot_module_resolver/vendor/typeshed/LICENSE
+++ b/crates/red_knot_module_resolver/vendor/typeshed/LICENSE
--- a/crates/red_knot_module_resolver/vendor/typeshed/README.md
+++ b/crates/red_knot_module_resolver/vendor/typeshed/README.md
--- a/crates/red_knot_module_resolver/vendor/typeshed/source_commit.txt
+++ b/crates/red_knot_module_resolver/vendor/typeshed/source_commit.txt
@@ -0,0 +1 @@
+114409d49b43ba62a179ebb856fa70a5161f751e
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/VERSIONS
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/VERSIONS
@@ -65,9 +65,9 @@ array: 3.0-
 ast: 3.0-
 asynchat: 3.0-3.11
 asyncio: 3.4-
-asyncio.mixins: 3.10-
 asyncio.exceptions: 3.8-
 asyncio.format_helpers: 3.7-
+asyncio.mixins: 3.10-
 asyncio.runners: 3.7-
 asyncio.staggered: 3.8-
 asyncio.taskgroups: 3.11-
@@ -270,6 +270,7 @@ threading: 3.0-
 time: 3.0-
 timeit: 3.0-
 tkinter: 3.0-
+tkinter.tix: 3.0-3.12
 token: 3.0-
 tokenize: 3.0-
 tomllib: 3.11-
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/future.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/future.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/main.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/main.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_ast.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_ast.pyi
@@ -7,8 +7,11 @@ PyCF_ONLY_AST: Literal[1024]
 PyCF_TYPE_COMMENTS: Literal[4096]
 PyCF_ALLOW_TOP_LEVEL_AWAIT: Literal[8192]

+if sys.version_info >= (3, 13):
+    PyCF_OPTIMIZED_AST: Literal[33792]
+
 # Used for node end positions in constructor keyword arguments
-_EndPositionT = typing_extensions.TypeVar("_EndPositionT", int, int | None, default=int | None)  # noqa: Y023
+_EndPositionT = typing_extensions.TypeVar("_EndPositionT", int, int | None, default=int | None)

 # Alias used for fields that must always be valid identifiers
 # A string `x` counts as a valid identifier if both the following are True
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_bisect.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_bisect.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_bootlocale.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_bootlocale.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_codecs.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_codecs.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_collections_abc.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_collections_abc.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_compat_pickle.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_compat_pickle.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_compression.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_compression.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_csv.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_csv.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_ctypes.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_ctypes.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_curses.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_curses.pyi
@@ -63,8 +63,7 @@ A_COLOR: int
 A_DIM: int
 A_HORIZONTAL: int
 A_INVIS: int
-if sys.platform != "darwin":
-    A_ITALIC: int
+A_ITALIC: int
 A_LEFT: int
 A_LOW: int
 A_NORMAL: int
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_decimal.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_decimal.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_dummy_thread.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_dummy_thread.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_dummy_threading.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_dummy_threading.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_heapq.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_heapq.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_imp.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_imp.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_json.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_json.pyi
@@ -45,5 +45,5 @@ class make_scanner:
    def __init__(self, context: make_scanner) -> None: ...
    def __call__(self, string: str, index: int) -> tuple[Any, int]: ...

-def encode_basestring_ascii(s: str) -> str: ...
+def encode_basestring_ascii(s: str, /) -> str: ...
 def scanstring(string: str, end: int, strict: bool = ...) -> tuple[str, int]: ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_locale.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_locale.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_lsprof.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_lsprof.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_markupbase.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_markupbase.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_msi.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_msi.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_operator.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_operator.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_osx_support.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_osx_support.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_posixsubprocess.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_posixsubprocess.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_py_abc.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_py_abc.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_pydecimal.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_pydecimal.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_random.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_random.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_sitebuiltins.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_sitebuiltins.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_socket.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_socket.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_stat.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_stat.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_thread.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_thread.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_threading_local.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_threading_local.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_tkinter.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_tkinter.pyi
@@ -1,5 +1,7 @@
 import sys
+from collections.abc import Callable
 from typing import Any, ClassVar, Literal, final
+from typing_extensions import TypeAlias

 # _tkinter is meant to be only used internally by tkinter, but some tkinter
 # functions e.g. return _tkinter.Tcl_Obj objects. Tcl_Obj represents a Tcl
@@ -30,6 +32,8 @@ class Tcl_Obj:

 class TclError(Exception): ...

+_TkinterTraceFunc: TypeAlias = Callable[[tuple[str, ...]], object]
+
 # This class allows running Tcl code. Tkinter uses it internally a lot, and
 # it's often handy to drop a piece of Tcl code into a tkinter program. Example:
 #
@@ -86,6 +90,9 @@ class TkappType:
    def unsetvar(self, *args, **kwargs): ...
    def wantobjects(self, *args, **kwargs): ...
    def willdispatch(self): ...
+    if sys.version_info >= (3, 12):
+        def gettrace(self, /) -> _TkinterTraceFunc | None: ...
+        def settrace(self, func: _TkinterTraceFunc | None, /) -> None: ...

 # These should be kept in sync with tkinter.tix constants, except ALL_EVENTS which doesn't match TCL_ALL_EVENTS
 ALL_EVENTS: Literal[-3]
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_tracemalloc.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_tracemalloc.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_typeshed/README.md
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_typeshed/README.md
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_typeshed/init.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_typeshed/init.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_typeshed/dbapi.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_typeshed/dbapi.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_typeshed/importlib.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_typeshed/importlib.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_typeshed/wsgi.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_typeshed/wsgi.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_typeshed/xml.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_typeshed/xml.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_warnings.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_warnings.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_weakref.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_weakref.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_weakrefset.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_weakrefset.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_winapi.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/_winapi.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/abc.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/abc.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/aifc.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/aifc.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/antigravity.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/antigravity.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/argparse.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/argparse.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/array.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/array.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/ast.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/ast.pyi
@@ -365,3 +365,6 @@ def walk(node: AST) -> Iterator[AST]: ...

 if sys.version_info >= (3, 9):
    def main() -> None: ...
+
+if sys.version_info >= (3, 14):
+    def compare(left: AST, right: AST, /, *, compare_attributes: bool = False) -> bool: ...
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/asynchat.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/asynchat.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/asyncio/init.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/asyncio/init.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/asyncio/base_events.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/asyncio/base_events.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/asyncio/base_futures.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/asyncio/base_futures.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/asyncio/base_subprocess.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/asyncio/base_subprocess.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/asyncio/base_tasks.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/asyncio/base_tasks.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/asyncio/constants.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/asyncio/constants.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/asyncio/coroutines.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/asyncio/coroutines.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/asyncio/events.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/asyncio/events.pyi
--- a/crates/red_knot_module_resolver/vendor/typeshed/stdlib/asyncio/exceptions.pyi
+++ b/crates/red_knot_module_resolver/vendor/typeshed/stdlib/asyncio/exceptions.pyi
--- a/Show More
+++ b/Show More