[ty] Infer subscript types through aliases

[ty] Apply class decorators via try_call() (#22375 )
## Summary Decorators are now called with the class as an argument, and the return type becomes the class's type. This mirrors how function decorators already work. Closes https://github.com/astral-sh/ty/issues/2313.
2026-01-05 09:37:40 -05:00 · 2026-01-04 17:11:00 -05:00 · 2026-01-04 15:00:31 -05:00 · 2026-01-04 19:54:03 +00:00 · 2026-01-04 18:58:30 +00:00 · 2026-01-04 17:58:20 +00:00
471 changed files with 17750 additions and 6825 deletions
--- a/.github/actionlint.yaml
+++ b/.github/actionlint.yaml
@@ -4,10 +4,17 @@
 self-hosted-runner:
  # Various runners we use that aren't recognized out-of-the-box by actionlint:
  labels:
+    - depot-ubuntu-24.04-4
    - depot-ubuntu-latest-8
    - depot-ubuntu-22.04-16
    - depot-ubuntu-22.04-32
    - depot-windows-2022-16
+    - depot-ubuntu-22.04-arm-4
    - github-windows-2025-x86_64-8
    - github-windows-2025-x86_64-16
    - codspeed-macro
+
+paths:
+  ".github/workflows/mypy_primer.yaml":
+    ignore:
+      - 'condition "false" is always evaluated to false. remove the if: section'
--- a/.github/workflows/build-binaries.yml
+++ b/.github/workflows/build-binaries.yml
@@ -39,7 +39,7 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }}
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          submodules: recursive
          persist-credentials: false
@@ -59,7 +59,7 @@ jobs:
          "${MODULE_NAME}" --help
          python -m "${MODULE_NAME}" --help
      - name: "Upload sdist"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: wheels-sdist
          path: dist
@@ -68,7 +68,7 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }}
    runs-on: macos-14
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          submodules: recursive
          persist-credentials: false
@@ -84,7 +84,7 @@ jobs:
          target: x86_64
          args: --release --locked --out dist
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: wheels-macos-x86_64
          path: dist
@@ -99,7 +99,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: artifacts-macos-x86_64
          path: |
@@ -110,7 +110,7 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }}
    runs-on: macos-14
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          submodules: recursive
          persist-credentials: false
@@ -131,7 +131,7 @@ jobs:
          ruff --help
          python -m ruff --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: wheels-aarch64-apple-darwin
          path: dist
@@ -146,7 +146,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: artifacts-aarch64-apple-darwin
          path: |
@@ -166,7 +166,7 @@ jobs:
          - target: aarch64-pc-windows-msvc
            arch: x64
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          submodules: recursive
          persist-credentials: false
@@ -192,7 +192,7 @@ jobs:
          "${MODULE_NAME}" --help
          python -m "${MODULE_NAME}" --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: wheels-${{ matrix.platform.target }}
          path: dist
@@ -203,7 +203,7 @@ jobs:
          7z a $ARCHIVE_FILE ./target/${{ matrix.platform.target }}/release/ruff.exe
          sha256sum $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: artifacts-${{ matrix.platform.target }}
          path: |
@@ -219,7 +219,7 @@ jobs:
          - x86_64-unknown-linux-gnu
          - i686-unknown-linux-gnu
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          submodules: recursive
          persist-credentials: false
@@ -242,7 +242,7 @@ jobs:
          "${MODULE_NAME}" --help
          python -m "${MODULE_NAME}" --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: wheels-${{ matrix.target }}
          path: dist
@@ -260,7 +260,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: artifacts-${{ matrix.target }}
          path: |
@@ -296,7 +296,7 @@ jobs:
            arch: riscv64

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          submodules: recursive
          persist-credentials: false
@@ -327,7 +327,7 @@ jobs:
            pip3 install ${{ env.PACKAGE_NAME }} --no-index --find-links dist/ --force-reinstall
            ruff --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: wheels-${{ matrix.platform.target }}
          path: dist
@@ -345,7 +345,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: artifacts-${{ matrix.platform.target }}
          path: |
@@ -361,7 +361,7 @@ jobs:
          - x86_64-unknown-linux-musl
          - i686-unknown-linux-musl
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          submodules: recursive
          persist-credentials: false
@@ -389,7 +389,7 @@ jobs:
            .venv/bin/pip3 install ${{ env.PACKAGE_NAME }} --no-index --find-links dist/ --force-reinstall
            .venv/bin/${{ env.MODULE_NAME }} --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: wheels-${{ matrix.target }}
          path: dist
@@ -407,7 +407,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: artifacts-${{ matrix.target }}
          path: |
@@ -427,7 +427,7 @@ jobs:
            arch: armv7

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          submodules: recursive
          persist-credentials: false
@@ -456,7 +456,7 @@ jobs:
            .venv/bin/pip3 install ${{ env.PACKAGE_NAME }} --no-index --find-links dist/ --force-reinstall
            .venv/bin/${{ env.MODULE_NAME }} --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: wheels-${{ matrix.platform.target }}
          path: dist
@@ -474,7 +474,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: artifacts-${{ matrix.platform.target }}
          path: |
--- a/.github/workflows/build-docker.yml
+++ b/.github/workflows/build-docker.yml
@@ -20,6 +20,12 @@ on:
 env:
  RUFF_BASE_IMG: ghcr.io/${{ github.repository_owner }}/ruff

+permissions:
+  contents: read
+  # TODO(zanieb): Ideally, this would be `read` on dry-run but that will require
+  # significant changes to the workflow.
+  packages: write # zizmor: ignore[excessive-permissions]
+
 jobs:
  docker-build:
    name: Build Docker image (ghcr.io/astral-sh/ruff) for ${{ matrix.platform }}
@@ -33,12 +39,12 @@ jobs:
          - linux/amd64
          - linux/arm64
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          submodules: recursive
          persist-credentials: false

-      - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+      - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

      - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        with:
@@ -63,7 +69,7 @@ jobs:

      - name: Extract metadata (tags, labels) for Docker
        id: meta
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
        with:
          images: ${{ env.RUFF_BASE_IMG }}
          # Defining this makes sure the org.opencontainers.image.version OCI label becomes the actual release version and not the branch name
@@ -96,7 +102,7 @@ jobs:
          touch "/tmp/digests/${digest#sha256:}"

      - name: Upload digests
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: digests-${{ env.PLATFORM_TUPLE }}
          path: /tmp/digests/*
@@ -113,17 +119,17 @@ jobs:
    if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
    steps:
      - name: Download digests
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
        with:
          path: /tmp/digests
          pattern: digests-*
          merge-multiple: true

-      - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+      - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

      - name: Extract metadata (tags, labels) for Docker
        id: meta
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
        with:
          images: ${{ env.RUFF_BASE_IMG }}
          # Order is on purpose such that the label org.opencontainers.image.version has the first pattern with the full version
@@ -167,7 +173,7 @@ jobs:
          - debian:bookworm-slim,bookworm-slim,debian-slim
          - buildpack-deps:bookworm,bookworm,debian
    steps:
-      - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+      - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

      - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        with:
@@ -219,7 +225,7 @@ jobs:

      - name: Extract metadata (tags, labels) for Docker
        id: meta
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
        # ghcr.io prefers index level annotations
        env:
          DOCKER_METADATA_ANNOTATIONS_LEVELS: index
@@ -256,17 +262,17 @@ jobs:
    if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
    steps:
      - name: Download digests
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
        with:
          path: /tmp/digests
          pattern: digests-*
          merge-multiple: true

-      - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+      - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

      - name: Extract metadata (tags, labels) for Docker
        id: meta
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
        env:
          DOCKER_METADATA_ANNOTATIONS_LEVELS: index
        with:
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -49,8 +49,10 @@ jobs:
      py-fuzzer: ${{ steps.check_py_fuzzer.outputs.changed }}
      # Flag that is set to "true" when code related to the playground changes.
      playground: ${{ steps.check_playground.outputs.changed }}
+      # Flag that is set to "true" when code related to the benchmarks changes.
+      benchmarks: ${{ steps.check_benchmarks.outputs.changed }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          fetch-depth: 0
          persist-credentials: false
@@ -95,6 +97,7 @@ jobs:
            ':!crates/ruff_python_formatter/**' \
            ':!crates/ruff_formatter/**' \
            ':!crates/ruff_dev/**' \
+            ':!crates/ruff_benchmark/**' \
            ':scripts/*' \
            ':python/**' \
            ':.github/workflows/ci.yaml' \
@@ -202,6 +205,21 @@ jobs:
            ':crates/ruff_python_trivia/**' \
            ':crates/ruff_source_file/**' \
            ':crates/ruff_text_size/**' \
+            ':.github/workflows/ci.yaml' \
+          ; then
+              echo "changed=false" >> "$GITHUB_OUTPUT"
+          else
+              echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Check if the benchmark code changed
+        id: check_benchmarks
+        env:
+          MERGE_BASE: ${{ steps.merge_base.outputs.sha }}
+        run: |
+          if git diff --quiet "${MERGE_BASE}...HEAD" -- \
+            ':Cargo.toml' \
+            ':Cargo.lock' \
            ':crates/ruff_benchmark/**' \
            ':.github/workflows/ci.yaml' \
          ; then
@@ -215,7 +233,7 @@ jobs:
    runs-on: ubuntu-latest
    timeout-minutes: 10
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - name: "Install Rust toolchain"
@@ -229,7 +247,7 @@ jobs:
    if: ${{ needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main' }}
    timeout-minutes: 20
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
@@ -251,7 +269,7 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main') }}
    timeout-minutes: 20
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
@@ -263,15 +281,15 @@ jobs:
      - name: "Install mold"
        uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
      - name: "Install cargo nextest"
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
+        uses: taiki-e/install-action@b9c5db3aef04caffaf95a1d03931de10fb2a140f # v2.65.1
        with:
          tool: cargo-nextest
      - name: "Install cargo insta"
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
+        uses: taiki-e/install-action@b9c5db3aef04caffaf95a1d03931de10fb2a140f # v2.65.1
        with:
          tool: cargo-insta
      - name: "Install uv"
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
        with:
          enable-cache: "true"
      - name: ty mdtests (GitHub annotations)
@@ -314,7 +332,7 @@ jobs:
      (needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main')
    timeout-minutes: 20
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
@@ -325,11 +343,11 @@ jobs:
      - name: "Install mold"
        uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
      - name: "Install cargo nextest"
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
+        uses: taiki-e/install-action@b9c5db3aef04caffaf95a1d03931de10fb2a140f # v2.65.1
        with:
          tool: cargo-nextest
      - name: "Install uv"
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
        with:
          enable-cache: "true"
      - name: "Run tests"
@@ -349,7 +367,7 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main') }}
    timeout-minutes: 20
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
@@ -358,11 +376,11 @@ jobs:
      - name: "Install Rust toolchain"
        run: rustup show
      - name: "Install cargo nextest"
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
+        uses: taiki-e/install-action@b9c5db3aef04caffaf95a1d03931de10fb2a140f # v2.65.1
        with:
          tool: cargo-nextest
      - name: "Install uv"
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
        with:
          enable-cache: "true"
      - name: "Run tests"
@@ -377,7 +395,7 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main') }}
    timeout-minutes: 10
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
@@ -385,9 +403,9 @@ jobs:
          save-if: ${{ github.ref == 'refs/heads/main' }}
      - name: "Install Rust toolchain"
        run: rustup target add wasm32-unknown-unknown
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
        with:
-          node-version: 22
+          node-version: 24
          cache: "npm"
          cache-dependency-path: playground/package-lock.json
      - uses: jetli/wasm-pack-action@0d096b08b4e5a7de8c28de67e11e945404e9eefa # v0.4.0
@@ -409,7 +427,7 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main') }}
    timeout-minutes: 20
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - uses: SebRollen/toml-action@b1b3628f55fc3a28208d4203ada8b737e9687876 # v1.2.0
@@ -438,7 +456,7 @@ jobs:
    if: ${{ github.ref == 'refs/heads/main' || needs.determine_changes.outputs.fuzz == 'true' || needs.determine_changes.outputs.code == 'true' }}
    timeout-minutes: 10
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
@@ -450,7 +468,7 @@ jobs:
      - name: "Install mold"
        uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
      - name: "Install cargo-binstall"
-        uses: cargo-bins/cargo-binstall@3fc81674af4165a753833a94cae9f91d8849049f # v1.16.2
+        uses: cargo-bins/cargo-binstall@4a9028576ed64318f7b24193a62695e96dcbe015 # v1.16.5
      - name: "Install cargo-fuzz"
        # Download the latest version from quick install and not the github releases because github releases only has MUSL targets.
        run: cargo binstall cargo-fuzz --force  --disable-strategies crate-meta-data --no-confirm
@@ -465,10 +483,10 @@ jobs:
    env:
      FORCE_COLOR: 1
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
          shared-key: ruff-linux-debug
@@ -497,13 +515,13 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main') }}
    timeout-minutes: 5
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
          save-if: ${{ github.ref == 'refs/heads/main' }}
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
      - name: "Install Rust toolchain"
        run: rustup component add rustfmt
      # Run all code generation scripts, and verify that the current output is
@@ -530,15 +548,20 @@ jobs:
    needs: determine_changes
    # Only runs on pull requests, since that is the only we way we can find the base version for comparison.
    # Ecosystem check needs linter and/or formatter changes.
-    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && github.event_name == 'pull_request' && needs.determine_changes.outputs.code == 'true' }}
+    if: |
+      !contains(github.event.pull_request.labels.*.name, 'no-test') && github.event_name == 'pull_request' &&
+      (
+        needs.determine_changes.outputs.linter == 'true' ||
+        needs.determine_changes.outputs.formatter == 'true'
+      )
    timeout-minutes: 20
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          ref: ${{ github.event.pull_request.base.ref }}
          persist-credentials: false

-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          activate-environment: true
@@ -559,7 +582,7 @@ jobs:
          cargo build --bin ruff
          mv target/debug/ruff target/debug/ruff-baseline

-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
          clean: false
@@ -625,7 +648,7 @@ jobs:

      # NOTE: astral-sh-bot uses this artifact to post comments on PRs.
      # Make sure to update the bot if you rename the artifact.
-      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        name: Upload Results
        with:
          name: ecosystem-result
@@ -640,11 +663,11 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && github.event_name == 'pull_request' && (needs.determine_changes.outputs.ty == 'true' || needs.determine_changes.outputs.py-fuzzer == 'true') }}
    timeout-minutes: ${{ github.repository == 'astral-sh/ruff' && 10 || 20 }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          fetch-depth: 0
          persist-credentials: false
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
          save-if: ${{ github.ref == 'refs/heads/main' }}
@@ -687,10 +710,10 @@ jobs:
    needs: determine_changes
    if: ${{ needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main' }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
-      - uses: cargo-bins/cargo-binstall@3fc81674af4165a753833a94cae9f91d8849049f # v1.16.2
+      - uses: cargo-bins/cargo-binstall@4a9028576ed64318f7b24193a62695e96dcbe015 # v1.16.5
      - run: cargo binstall --no-confirm cargo-shear
      - run: cargo shear

@@ -700,10 +723,10 @@ jobs:
    needs: determine_changes
    if: ${{ needs.determine_changes.outputs.ty == 'true' || github.ref == 'refs/heads/main' }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
          save-if: ${{ github.ref == 'refs/heads/main' }}
@@ -722,7 +745,7 @@ jobs:
    timeout-minutes: 20
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
@@ -751,18 +774,18 @@ jobs:
    runs-on: ${{ github.repository == 'astral-sh/ruff' && 'depot-ubuntu-22.04-16' || 'ubuntu-latest' }}
    timeout-minutes: 10
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
          save-if: ${{ github.ref == 'refs/heads/main' }}
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
        with:
-          node-version: 22
+          node-version: 24
      - name: "Cache pre-commit"
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
        with:
          path: ~/.cache/pre-commit
          key: pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
@@ -771,7 +794,7 @@ jobs:
          echo '```console' > "$GITHUB_STEP_SUMMARY"
          # Enable color output for pre-commit and remove it for the summary
          # Use --hook-stage=manual to enable slower pre-commit hooks that are skipped by default
-          SKIP=cargo-fmt,clippy,dev-generate-all uvx --python="${PYTHON_VERSION}" pre-commit run --all-files --show-diff-on-failure --color=always --hook-stage=manual | \
+          SKIP=cargo-fmt uvx --python="${PYTHON_VERSION}" pre-commit run --all-files --show-diff-on-failure --color=always --hook-stage=manual | \
            tee >(sed -E 's/\x1B\[([0-9]{1,2}(;[0-9]{1,2})*)?[mGK]//g' >> "$GITHUB_STEP_SUMMARY") >&1
          exit_code="${PIPESTATUS[0]}"
          echo '```' >> "$GITHUB_STEP_SUMMARY"
@@ -782,7 +805,7 @@ jobs:
    runs-on: ubuntu-latest
    timeout-minutes: 10
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
@@ -791,7 +814,7 @@ jobs:
      - name: "Install Rust toolchain"
        run: rustup show
      - name: Install uv
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
        with:
          python-version: 3.13
          activate-environment: true
@@ -813,7 +836,7 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.formatter == 'true' || github.ref == 'refs/heads/main') }}
    timeout-minutes: 10
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
@@ -839,7 +862,7 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        name: "Checkout ruff source"
        with:
          persist-credentials: false
@@ -855,7 +878,7 @@ jobs:
      - name: Build Ruff binary
        run: cargo build -p ruff --bin ruff

-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        name: "Checkout ruff-lsp source"
        with:
          persist-credentials: false
@@ -890,7 +913,7 @@ jobs:
      - determine_changes
    if: ${{ (needs.determine_changes.outputs.playground == 'true') }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - name: "Install Rust toolchain"
@@ -898,9 +921,9 @@ jobs:
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
          save-if: ${{ github.ref == 'refs/heads/main' }}
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
        with:
-          node-version: 22
+          node-version: 24
          cache: "npm"
          cache-dependency-path: playground/package-lock.json
      - uses: jetli/wasm-bindgen-action@20b33e20595891ab1a0ed73145d8a21fc96e7c29 # v0.2.0
@@ -926,7 +949,9 @@ jobs:
      (
        github.ref == 'refs/heads/main' ||
        needs.determine_changes.outputs.formatter == 'true' ||
-        needs.determine_changes.outputs.linter == 'true'
+        needs.determine_changes.outputs.linter == 'true' ||
+        needs.determine_changes.outputs.parser == 'true' ||
+        needs.determine_changes.outputs.benchmarks == 'true'
      )
    timeout-minutes: 20
    permissions:
@@ -934,25 +959,25 @@ jobs:
      id-token: write # required for OIDC authentication with CodSpeed
    steps:
      - name: "Checkout Branch"
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false

      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
          save-if: ${{ github.ref == 'refs/heads/main' }}
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6

      - name: "Install Rust toolchain"
        run: rustup show

      - name: "Install codspeed"
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
+        uses: taiki-e/install-action@b9c5db3aef04caffaf95a1d03931de10fb2a140f # v2.65.1
        with:
          tool: cargo-codspeed

      - name: "Build benchmarks"
-        run: cargo codspeed build --features "codspeed,instrumented" --profile profiling --no-default-features -p ruff_benchmark --bench formatter --bench lexer --bench linter --bench parser
+        run: cargo codspeed build --features "codspeed,ruff_instrumented" --profile profiling --no-default-features -p ruff_benchmark --bench formatter --bench lexer --bench linter --bench parser

      - name: "Run benchmarks"
        uses: CodSpeedHQ/action@346a2d8a8d9d38909abd0bc3d23f773110f076ad # v4.4.1
@@ -960,83 +985,169 @@ jobs:
          mode: simulation
          run: cargo codspeed run

-  benchmarks-instrumented-ty:
-    name: "benchmarks instrumented (ty)"
-    runs-on: ubuntu-24.04
+  benchmarks-instrumented-ty-build:
+    name: "benchmarks instrumented ty (build)"
+    runs-on: depot-ubuntu-24.04-4
    needs: determine_changes
    if: |
      github.repository == 'astral-sh/ruff' &&
      (
        github.ref == 'refs/heads/main' ||
-        needs.determine_changes.outputs.ty == 'true'
+        needs.determine_changes.outputs.ty == 'true' ||
+        needs.determine_changes.outputs.benchmarks == 'true'
      )
    timeout-minutes: 20
-    permissions:
-      contents: read # required for actions/checkout
-      id-token: write # required for OIDC authentication with CodSpeed
    steps:
      - name: "Checkout Branch"
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false

      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
          save-if: ${{ github.ref == 'refs/heads/main' }}
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4

      - name: "Install Rust toolchain"
        run: rustup show

      - name: "Install codspeed"
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
+        uses: taiki-e/install-action@b9c5db3aef04caffaf95a1d03931de10fb2a140f # v2.65.1
        with:
          tool: cargo-codspeed

      - name: "Build benchmarks"
-        run: cargo codspeed build --features "codspeed,instrumented" --profile profiling --no-default-features -p ruff_benchmark --bench ty
+        run: cargo codspeed build -m instrumentation --features "codspeed,ty_instrumented" --profile profiling --no-default-features -p ruff_benchmark --bench ty
+
+      - name: "Upload benchmark binary"
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        with:
+          name: benchmarks-instrumented-ty-binary
+          path: target/codspeed/simulation/ruff_benchmark
+          retention-days: 1
+
+  benchmarks-instrumented-ty-run:
+    name: "benchmarks instrumented ty (${{ matrix.benchmark }})"
+    runs-on: ubuntu-24.04
+    needs: benchmarks-instrumented-ty-build
+    timeout-minutes: 20
+    permissions:
+      contents: read # required for actions/checkout
+      id-token: write # required for OIDC authentication with CodSpeed
+    strategy:
+      fail-fast: false
+      matrix:
+        benchmark:
+          - "check_file|micro|anyio"
+          - "attrs|hydra|datetype"
+    steps:
+      - name: "Checkout Branch"
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
+
+      - name: "Install codspeed"
+        uses: taiki-e/install-action@b9c5db3aef04caffaf95a1d03931de10fb2a140f # v2.65.1
+        with:
+          tool: cargo-codspeed
+
+      - name: "Download benchmark binary"
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
+        with:
+          name: benchmarks-instrumented-ty-binary
+          path: target/codspeed/simulation/ruff_benchmark
+
+      - name: "Restore binary permissions"
+        run: chmod +x target/codspeed/simulation/ruff_benchmark/ty

      - name: "Run benchmarks"
        uses: CodSpeedHQ/action@346a2d8a8d9d38909abd0bc3d23f773110f076ad # v4.4.1
        with:
          mode: simulation
-          run: cargo codspeed run
+          run: cargo codspeed run --bench ty "${{ matrix.benchmark }}"

-  benchmarks-walltime:
-    name: "benchmarks walltime (${{ matrix.benchmarks }})"
-    runs-on: codspeed-macro
+  benchmarks-walltime-build:
+    name: "benchmarks walltime (build)"
+    # We only run this job if `github.repository == 'astral-sh/ruff'`,
+    # so hardcoding depot here is fine
+    runs-on: depot-ubuntu-22.04-arm-4
    needs: determine_changes
-    if: ${{ github.repository == 'astral-sh/ruff' && !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.ty == 'true' || github.ref == 'refs/heads/main') }}
+    if: |
+      github.repository == 'astral-sh/ruff' &&
+      (
+        !contains(github.event.pull_request.labels.*.name, 'no-test') &&
+        (
+          needs.determine_changes.outputs.ty == 'true' ||
+          needs.determine_changes.outputs.benchmarks == 'true' ||
+          github.ref == 'refs/heads/main'
+        )
+      )
+    timeout-minutes: 20
+    steps:
+      - name: "Checkout Branch"
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
+
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+        with:
+          save-if: ${{ github.ref == 'refs/heads/main' }}
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
+
+      - name: "Install Rust toolchain"
+        run: rustup show
+
+      - name: "Install codspeed"
+        uses: taiki-e/install-action@b9c5db3aef04caffaf95a1d03931de10fb2a140f # v2.65.1
+        with:
+          tool: cargo-codspeed
+
+      - name: "Build benchmarks"
+        run: cargo codspeed build -m walltime --features "codspeed,ty_walltime" --profile profiling --no-default-features -p ruff_benchmark
+
+      - name: "Upload benchmark binary"
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        with:
+          name: benchmarks-walltime-binary
+          path: target/codspeed/walltime/ruff_benchmark
+          retention-days: 1
+
+  benchmarks-walltime-run:
+    name: "benchmarks walltime (${{ matrix.benchmark }})"
+    runs-on: codspeed-macro
+    needs: benchmarks-walltime-build
    timeout-minutes: 20
    permissions:
      contents: read # required for actions/checkout
      id-token: write # required for OIDC authentication with CodSpeed
    strategy:
      matrix:
-        benchmarks:
-          - "medium|multithreaded"
-          - "small|large"
+        benchmark:
+          - colour_science
+          - "pandas|tanjun|altair"
+          - "static_frame|sympy"
+          - "pydantic|multithreaded|freqtrade"
    steps:
      - name: "Checkout Branch"
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false

-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
-        with:
-          save-if: ${{ github.ref == 'refs/heads/main' }}
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
-
-      - name: "Install Rust toolchain"
-        run: rustup show
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6

      - name: "Install codspeed"
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
+        uses: taiki-e/install-action@b9c5db3aef04caffaf95a1d03931de10fb2a140f # v2.65.1
        with:
          tool: cargo-codspeed

-      - name: "Build benchmarks"
-        run: cargo codspeed build --features "codspeed,walltime" --profile profiling --no-default-features -p ruff_benchmark
+      - name: "Download benchmark binary"
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
+        with:
+          name: benchmarks-walltime-binary
+          path: target/codspeed/walltime/ruff_benchmark
+
+      - name: "Restore binary permissions"
+        run: chmod +x target/codspeed/walltime/ruff_benchmark/ty_walltime

      - name: "Run benchmarks"
        uses: CodSpeedHQ/action@346a2d8a8d9d38909abd0bc3d23f773110f076ad # v4.4.1
@@ -1047,4 +1158,4 @@ jobs:
          CODSPEED_PERF_ENABLED: false
        with:
          mode: walltime
-          run: cargo codspeed run --bench ty_walltime "${{ matrix.benchmarks }}"
+          run: cargo codspeed run --bench ty_walltime -m walltime "${{ matrix.benchmark }}"
--- a/.github/workflows/daily_fuzz.yaml
+++ b/.github/workflows/daily_fuzz.yaml
@@ -31,10 +31,10 @@ jobs:
    # Don't run the cron job on forks:
    if: ${{ github.repository == 'astral-sh/ruff' || github.event_name != 'schedule' }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
      - name: "Install Rust toolchain"
        run: rustup show
      - name: "Install mold"
--- a/.github/workflows/mypy_primer.yaml
+++ b/.github/workflows/mypy_primer.yaml
@@ -41,14 +41,14 @@ jobs:
    runs-on: ${{ github.repository == 'astral-sh/ruff' && 'depot-ubuntu-22.04-32' || 'ubuntu-latest' }}
    timeout-minutes: 20
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          path: ruff
          fetch-depth: 0
          persist-credentials: false

      - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6

      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
@@ -70,7 +70,7 @@ jobs:
      # NOTE: astral-sh-bot uses this artifact to post comments on PRs.
      # Make sure to update the bot if you rename the artifact.
      - name: Upload diff
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: mypy_primer_diff
          path: mypy_primer.diff
@@ -80,14 +80,14 @@ jobs:
    runs-on: ${{ github.repository == 'astral-sh/ruff' && 'depot-ubuntu-22.04-32' || 'ubuntu-latest' }}
    timeout-minutes: 20
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          path: ruff
          fetch-depth: 0
          persist-credentials: false

      - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6

      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
@@ -108,7 +108,7 @@ jobs:
          scripts/mypy_primer.sh

      - name: Upload diff
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: mypy_primer_memory_diff
          path: mypy_primer_memory.diff
@@ -122,14 +122,14 @@ jobs:
    # TODO: Enable once we fixed the non-deterministic diagnostics
    if: false
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          path: ruff
          fetch-depth: 0
          persist-credentials: false

      - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6

      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
--- a/.github/workflows/publish-docs.yml
+++ b/.github/workflows/publish-docs.yml
@@ -17,11 +17,14 @@ on:
        required: true
        type: string

+permissions:
+  contents: read
+
 jobs:
  mkdocs:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          ref: ${{ inputs.ref }}
          persist-credentials: true
--- a/.github/workflows/publish-playground.yml
+++ b/.github/workflows/publish-playground.yml
@@ -26,14 +26,14 @@ jobs:
    env:
      CF_API_TOKEN_EXISTS: ${{ secrets.CF_API_TOKEN != '' }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - name: "Install Rust toolchain"
        run: rustup target add wasm32-unknown-unknown
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
        with:
-          node-version: 22
+          node-version: 24
          package-manager-cache: false
      - uses: jetli/wasm-bindgen-action@20b33e20595891ab1a0ed73145d8a21fc96e7c29 # v0.2.0
      - name: "Install Node dependencies"
--- a/.github/workflows/publish-pypi.yml
+++ b/.github/workflows/publish-pypi.yml
@@ -22,8 +22,8 @@ jobs:
      id-token: write
    steps:
      - name: "Install uv"
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
-      - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
+      - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
        with:
          pattern: wheels-*
          path: wheels
--- a/.github/workflows/publish-ty-playground.yml
+++ b/.github/workflows/publish-ty-playground.yml
@@ -30,14 +30,14 @@ jobs:
    env:
      CF_API_TOKEN_EXISTS: ${{ secrets.CF_API_TOKEN != '' }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - name: "Install Rust toolchain"
        run: rustup target add wasm32-unknown-unknown
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
        with:
-          node-version: 22
+          node-version: 24
          package-manager-cache: false
      - uses: jetli/wasm-bindgen-action@20b33e20595891ab1a0ed73145d8a21fc96e7c29 # v0.2.0
      - name: "Install Node dependencies"
--- a/.github/workflows/publish-wasm.yml
+++ b/.github/workflows/publish-wasm.yml
@@ -29,7 +29,7 @@ jobs:
        target: [web, bundler, nodejs]
      fail-fast: false
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - name: "Install Rust toolchain"
@@ -45,9 +45,9 @@ jobs:
          jq '.name="@astral-sh/ruff-wasm-${{ matrix.target }}"' crates/ruff_wasm/pkg/package.json > /tmp/package.json
          mv /tmp/package.json crates/ruff_wasm/pkg
      - run: cp LICENSE crates/ruff_wasm/pkg # wasm-pack does not put the LICENSE file in the pkg
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
        with:
-          node-version: 22
+          node-version: 24
          registry-url: "https://registry.npmjs.org"
      - name: "Publish (dry-run)"
        if: ${{ inputs.plan == '' || fromJson(inputs.plan).announcement_tag_is_implicit }}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -70,7 +70,7 @@ jobs:
        shell: bash
        run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.30.2/cargo-dist-installer.sh | sh"
      - name: Cache dist
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
        with:
          name: cargo-dist-cache
          path: ~/.cargo/bin/dist
@@ -86,7 +86,7 @@ jobs:
          cat plan-dist-manifest.json
          echo "manifest=$(jq -c "." plan-dist-manifest.json)" >> "$GITHUB_OUTPUT"
      - name: "Upload dist-manifest.json"
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
        with:
          name: artifacts-plan-dist-manifest
          path: plan-dist-manifest.json
@@ -128,14 +128,14 @@ jobs:
          persist-credentials: false
          submodules: recursive
      - name: Install cached dist
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
        with:
          name: cargo-dist-cache
          path: ~/.cargo/bin/
      - run: chmod +x ~/.cargo/bin/dist
      # Get all the local artifacts for the global tasks to use (for e.g. checksums)
      - name: Fetch local artifacts
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
        with:
          pattern: artifacts-*
          path: target/distrib/
@@ -153,7 +153,7 @@ jobs:

          cp dist-manifest.json "$BUILD_MANIFEST_NAME"
      - name: "Upload artifacts"
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
        with:
          name: artifacts-build-global
          path: |
@@ -179,14 +179,14 @@ jobs:
          persist-credentials: false
          submodules: recursive
      - name: Install cached dist
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
        with:
          name: cargo-dist-cache
          path: ~/.cargo/bin/
      - run: chmod +x ~/.cargo/bin/dist
      # Fetch artifacts from scratch-storage
      - name: Fetch artifacts
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
        with:
          pattern: artifacts-*
          path: target/distrib/
@@ -200,7 +200,7 @@ jobs:
          cat dist-manifest.json
          echo "manifest=$(jq -c "." dist-manifest.json)" >> "$GITHUB_OUTPUT"
      - name: "Upload dist-manifest.json"
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
        with:
          # Overwrite the previous copy
          name: artifacts-dist-manifest
@@ -256,7 +256,7 @@ jobs:
          submodules: recursive
      # Create a GitHub Release while uploading all files to it
      - name: "Download GitHub Artifacts"
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
        with:
          pattern: artifacts-*
          path: artifacts
--- a/.github/workflows/sync_typeshed.yaml
+++ b/.github/workflows/sync_typeshed.yaml
@@ -61,12 +61,12 @@ jobs:
    permissions:
      contents: write
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        name: Checkout Ruff
        with:
          path: ruff
          persist-credentials: true
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        name: Checkout typeshed
        with:
          repository: python/typeshed
@@ -76,7 +76,7 @@ jobs:
        run: |
          git config --global user.name typeshedbot
          git config --global user.email '<>'
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
      - name: Sync typeshed stubs
        run: |
          rm -rf "ruff/${VENDORED_TYPESHED}"
@@ -125,12 +125,12 @@ jobs:
    permissions:
      contents: write
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        name: Checkout Ruff
        with:
          persist-credentials: true
          ref: ${{ env.UPSTREAM_BRANCH}}
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
      - name: Setup git
        run: |
          git config --global user.name typeshedbot
@@ -164,12 +164,12 @@ jobs:
      contents: write
      pull-requests: write
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        name: Checkout Ruff
        with:
          persist-credentials: true
          ref: ${{ env.UPSTREAM_BRANCH}}
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
      - name: Setup git
        run: |
          git config --global user.name typeshedbot
--- a/.github/workflows/ty-ecosystem-analyzer.yaml
+++ b/.github/workflows/ty-ecosystem-analyzer.yaml
@@ -4,7 +4,13 @@ permissions: {}

 on:
  pull_request:
-    types: [labeled]
+    # The default for `pull_request` is to trigger on `synchronize`, `opened` and `reopened`.
+    # We also add `labeled` here so that the workflow triggers when a label is initially added.
+    types:
+      - labeled
+      - synchronize
+      - opened
+      - reopened

 concurrency:
  group: ${{ github.workflow }}-${{ github.ref_name }}-${{ github.event.pull_request.number || github.sha }}
@@ -23,16 +29,16 @@ jobs:
    name: Compute diagnostic diff
    runs-on: ${{ github.repository == 'astral-sh/ruff' && 'depot-ubuntu-22.04-32' || 'ubuntu-latest' }}
    timeout-minutes: 20
-    if: contains(github.event.label.name, 'ecosystem-analyzer')
+    if: contains( github.event.pull_request.labels.*.name, 'ecosystem-analyzer')
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          path: ruff
          fetch-depth: 0
          persist-credentials: false

      - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
        with:
          enable-cache: true # zizmor: ignore[cache-poisoning] acceptable risk for CloudFlare pages artifact

@@ -114,7 +120,7 @@ jobs:
      # NOTE: astral-sh-bot uses this artifact to post comments on PRs.
      # Make sure to update the bot if you rename the artifact.
      - name: "Upload full report"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: full-report
          path: dist/
@@ -122,19 +128,19 @@ jobs:
      # NOTE: astral-sh-bot uses this artifact to post comments on PRs.
      # Make sure to update the bot if you rename the artifact.
      - name: Upload comment
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: comment.md
          path: comment.md

      - name: Upload diagnostics diff
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: diff.html
          path: dist/diff.html

      - name: Upload timing diff
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: timing.html
          path: dist/timing.html
--- a/.github/workflows/ty-ecosystem-report.yaml
+++ b/.github/workflows/ty-ecosystem-report.yaml
@@ -1,3 +1,7 @@
+# This workflow is a cron job that generates a report describing
+# all diagnostics ty emits across the whole ecosystem. The report
+# is uploaded to https://ty-ecosystem-ext.pages.dev/ on a weekly basis.
+
 name: ty ecosystem-report

 permissions: {}
@@ -14,7 +18,6 @@ env:
  CARGO_TERM_COLOR: always
  RUSTUP_MAX_RETRIES: 10
  RUST_BACKTRACE: 1
-  CF_API_TOKEN_EXISTS: ${{ secrets.CF_API_TOKEN != '' }}

 jobs:
  ty-ecosystem-report:
@@ -22,21 +25,21 @@ jobs:
    runs-on: ${{ github.repository == 'astral-sh/ruff' && 'depot-ubuntu-22.04-32' || 'ubuntu-latest' }}
    timeout-minutes: 20
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          path: ruff
          fetch-depth: 0
          persist-credentials: false

      - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
        with:
-          enable-cache: true # zizmor: ignore[cache-poisoning] acceptable risk for CloudFlare pages artifact
+          enable-cache: true

      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
          workspaces: "ruff"
-          lookup-only: false # zizmor: ignore[cache-poisoning] acceptable risk for CloudFlare pages artifact
+          lookup-only: false

      - name: Install Rust toolchain
        run: rustup show
@@ -70,11 +73,10 @@ jobs:
            ecosystem-diagnostics.json \
            --output dist/index.html

-      - name: "Deploy to Cloudflare Pages"
-        if: ${{ env.CF_API_TOKEN_EXISTS == 'true' }}
-        id: deploy
-        uses: cloudflare/wrangler-action@da0e0dfe58b7a431659754fdf3f186c529afbe65 # v3.14.1
+      # NOTE: astral-sh-bot uses this artifact to publish the ecosystem report.
+      # Make sure to update the bot if you rename the artifact.
+      - name: "Upload ecosystem report"
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
-          apiToken: ${{ secrets.CF_API_TOKEN }}
-          accountId: ${{ secrets.CF_ACCOUNT_ID }}
-          command: pages deploy dist --project-name=ty-ecosystem --branch main --commit-hash ${GITHUB_SHA}
+          name: full-report
+          path: dist/
--- a/.github/workflows/typing_conformance.yaml
+++ b/.github/workflows/typing_conformance.yaml
@@ -37,13 +37,13 @@ jobs:
    runs-on: ${{ github.repository == 'astral-sh/ruff' && 'depot-ubuntu-22.04-32' || 'ubuntu-latest' }}
    timeout-minutes: 10
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          path: ruff
          fetch-depth: 0
          persist-credentials: false

-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          repository: python/typing
          ref: ${{ env.CONFORMANCE_SUITE_COMMIT }}
@@ -59,9 +59,6 @@ jobs:

      - name: Compute diagnostic diff
        shell: bash
-        env:
-          # TODO: Remove this once we fixed the remaining panics in the conformance suite.
-          TY_MAX_PARALLELISM: 1
        run: |
          RUFF_DIR="$GITHUB_WORKSPACE/ruff"

@@ -104,7 +101,7 @@ jobs:
      # NOTE: astral-sh-bot uses this artifact to post comments on PRs.
      # Make sure to update the bot if you rename the artifact.
      - name: Upload diff
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: typing_conformance_diagnostics_diff
          path: typing_conformance_diagnostics.diff
@@ -112,7 +109,7 @@ jobs:
      # NOTE: astral-sh-bot uses this artifact to post comments on PRs.
      # Make sure to update the bot if you rename the artifact.
      - name: Upload conformance suite commit
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: conformance-suite-commit
          path: conformance-suite-commit
--- a/.github/zizmor.yml
+++ b/.github/zizmor.yml
@@ -1,23 +0,0 @@
-# Configuration for the zizmor static analysis tool, run via pre-commit in CI
-# https://docs.zizmor.sh/configuration/
-#
-# TODO: can we remove the ignores here so that our workflows are more secure?
-rules:
-  cache-poisoning:
-    ignore:
-      - build-docker.yml
-  excessive-permissions:
-    # it's hard to test what the impact of removing these ignores would be
-    # without actually running the release workflow...
-    ignore:
-      - build-docker.yml
-      - publish-docs.yml
-  secrets-inherit:
-    # `cargo dist` makes extensive use of `secrets: inherit`,
-    # and we can't easily fix that until an upstream release changes that.
-    disable: true
-  template-injection:
-    ignore:
-      # like with `secrets-inherit`, `cargo dist` introduces some
-      # template injections. We've manually audited these usages for safety.
-      - release.yml
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -22,7 +22,7 @@ exclude: |

 repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v5.0.0
+    rev: v6.0.0
    hooks:
      - id: check-merge-conflict

@@ -46,7 +46,7 @@ repos:
          )$

  - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.45.0
+    rev: v0.47.0
    hooks:
      - id: markdownlint-fix
        exclude: |
@@ -56,7 +56,7 @@ repos:
          )$

  - repo: https://github.com/adamchainz/blacken-docs
-    rev: 1.19.1
+    rev: 1.20.0
    hooks:
      - id: blacken-docs
        language: python # means renovate will also update `additional_dependencies`
@@ -67,10 +67,10 @@ repos:
            .*?invalid(_.+)*_syntax\.md
          )$
        additional_dependencies:
-          - black==25.1.0
+          - black==25.12.0

  - repo: https://github.com/crate-ci/typos
-    rev: v1.34.0
+    rev: v1.40.0
    hooks:
      - id: typos

@@ -84,7 +84,7 @@ repos:
        pass_filenames: false # This makes it a lot faster

  - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.12.7
+    rev: v0.14.10
    hooks:
      - id: ruff-format
      - id: ruff-check
@@ -94,7 +94,7 @@ repos:

  # Prettier
  - repo: https://github.com/rbubley/mirrors-prettier
-    rev: v3.6.2
+    rev: v3.7.4
    hooks:
      - id: prettier
        types: [yaml]
@@ -102,19 +102,19 @@ repos:
  # zizmor detects security vulnerabilities in GitHub Actions workflows.
  # Additional configuration for the tool is found in `.github/zizmor.yml`
  - repo: https://github.com/zizmorcore/zizmor-pre-commit
-    rev: v1.16.0
+    rev: v1.19.0
    hooks:
      - id: zizmor

  - repo: https://github.com/python-jsonschema/check-jsonschema
-    rev: 0.33.2
+    rev: 0.36.0
    hooks:
      - id: check-github-workflows

  # `actionlint` hook, for verifying correct syntax in GitHub Actions workflows.
  # Some additional configuration for `actionlint` can be found in `.github/actionlint.yaml`.
  - repo: https://github.com/rhysd/actionlint
-    rev: v1.7.7
+    rev: v1.7.9
    hooks:
      - id: actionlint
        stages:
@@ -129,12 +129,9 @@ repos:
          # actionlint has a shellcheck integration which extracts shell scripts in `run:` steps from GitHub Actions
          # and checks these with shellcheck. This is arguably its most useful feature,
          # but the integration only works if shellcheck is installed
-          - "github.com/wasilibs/go-shellcheck/cmd/shellcheck@v0.10.0"
+          - "github.com/wasilibs/go-shellcheck/cmd/shellcheck@v0.11.1"

  - repo: https://github.com/shellcheck-py/shellcheck-py
-    rev: v0.10.0.1
+    rev: v0.11.0.1
    hooks:
      - id: shellcheck
-
-ci:
-  skip: [cargo-fmt, dev-generate-all]
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -0,0 +1,64 @@
+# Ruff Repository
+
+This repository contains both Ruff (a Python linter and formatter) and ty (a Python type checker). The crates follow a naming convention: `ruff_*` for Ruff-specific code and `ty_*` for ty-specific code. ty reuses several Ruff crates, including the Python parser (`ruff_python_parser`) and AST definitions (`ruff_python_ast`).
+
+## Running Tests
+
+Run all tests (using `nextest` for faster execution):
+
+```sh
+cargo nextest run
+```
+
+Run tests for a specific crate:
+
+```sh
+cargo nextest run -p ty_python_semantic
+```
+
+Run a specific mdtest (use a substring of the test name):
+
+```sh
+MDTEST_TEST_FILTER="<filter>" cargo nextest run -p ty_python_semantic mdtest
+```
+
+Update snapshots after running tests:
+
+```sh
+cargo insta accept
+```
+
+## Running Clippy
+
+```sh
+cargo clippy --workspace --all-targets --all-features -- -D warnings
+```
+
+## Running Debug Builds
+
+Use debug builds (not `--release`) when developing, as release builds lack debug assertions and have slower compile times.
+
+Run Ruff:
+
+```sh
+cargo run --bin ruff -- check path/to/file.py
+```
+
+Run ty:
+
+```sh
+cargo run --bin ty -- check path/to/file.py
+```
+
+## Pull Requests
+
+When working on ty, PR titles should start with `[ty]` and be tagged with the `ty` GitHub label.
+
+## Development Guidelines
+
+- All changes must be tested. If you're not testing your changes, you're not done.
+- Get your tests to pass. If you didn't run the tests, your code does not work.
+- Follow existing code style. Check neighboring files for patterns.
+- Always run `uvx pre-commit run -a` at the end of a task.
+- Avoid writing significant amounts of new code. This is often a sign that we're missing an existing method or mechanism that could help solve the problem. Look for existing utilities first.
+- Avoid falling back to patterns that require `panic!`, `unreachable!`, or `.unwrap()`. Instead, try to encode those constraints in the type system.
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -17,6 +17,15 @@ dependencies = [
 "memchr",
 ]

+[[package]]
+name = "alloca"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e5a7d05ea6aea7e9e64d25b9156ba2fee3fdd659e34e41063cd2fc7cd020d7f4"
+dependencies = [
+ "cc",
+]
+
 [[package]]
 name = "allocator-api2"
 version = "0.2.21"
@@ -208,12 +217,6 @@ version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8"

-[[package]]
-name = "base64"
-version = "0.13.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8"
-
 [[package]]
 name = "bincode"
 version = "2.0.1"
@@ -280,6 +283,9 @@ name = "bitflags"
 version = "2.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "812e12b5285cc515a9c72a5c1d3b6d46a19dac5acfef5265968c166106e31dd3"
+dependencies = [
+ "serde_core",
+]

 [[package]]
 name = "bitvec"
@@ -351,9 +357,9 @@ dependencies = [

 [[package]]
 name = "camino"
-version = "1.2.1"
+version = "1.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "276a59bf2b2c967788139340c9f0c5b12d7fd6630315c15c217e559de85d2609"
+checksum = "e629a66d692cb9ff1a1c664e41771b3dcaf961985a9774c0eb0bd1b51cf60a48"
 dependencies = [
 "serde_core",
 ]
@@ -657,7 +663,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "117725a109d387c937a1533ce01b450cbde6b88abceea8473c4d7a85853cda3c"
 dependencies = [
 "lazy_static",
- "windows-sys 0.59.0",
+ "windows-sys 0.52.0",
 ]

 [[package]]
@@ -666,7 +672,7 @@ version = "3.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fde0e0ec90c9dfb3b4b1a0891a7dcd0e2bffde2f7efed5fe7c9bb00e5bfb915e"
 dependencies = [
- "windows-sys 0.59.0",
+ "windows-sys 0.52.0",
 ]

 [[package]]
@@ -767,18 +773,20 @@ dependencies = [

 [[package]]
 name = "criterion"
-version = "0.7.0"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e1c047a62b0cc3e145fa84415a3191f628e980b194c2755aa12300a4e6cbd928"
+checksum = "4d883447757bb0ee46f233e9dc22eb84d93a9508c9b868687b274fc431d886bf"
 dependencies = [
+ "alloca",
 "anes",
 "cast",
 "ciborium",
 "clap",
- "criterion-plot 0.6.0",
+ "criterion-plot 0.8.1",
 "itertools 0.13.0",
 "num-traits",
 "oorandom",
+ "page_size",
 "regex",
 "serde",
 "serde_json",
@@ -798,9 +806,9 @@ dependencies = [

 [[package]]
 name = "criterion-plot"
-version = "0.6.0"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9b1bcc0dc7dfae599d84ad0b1a55f80cde8af3725da8313b528da95ef783e338"
+checksum = "ed943f81ea2faa8dcecbbfa50164acf95d555afec96a27871663b300e387b2e4"
 dependencies = [
 "cast",
 "itertools 0.13.0",
@@ -1022,7 +1030,7 @@ dependencies = [
 "libc",
 "option-ext",
 "redox_users",
- "windows-sys 0.61.0",
+ "windows-sys 0.59.0",
 ]

 [[package]]
@@ -1114,7 +1122,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
 dependencies = [
 "libc",
- "windows-sys 0.61.0",
+ "windows-sys 0.59.0",
 ]

 [[package]]
@@ -1637,9 +1645,9 @@ dependencies = [

 [[package]]
 name = "insta"
-version = "1.43.2"
+version = "1.45.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "46fdb647ebde000f43b5b53f773c30cf9b0cb4300453208713fa38b2c70935a0"
+checksum = "b76866be74d68b1595eb8060cb9191dca9c021db2316558e52ddc5d55d41b66c"
 dependencies = [
 "console 0.15.11",
 "once_cell",
@@ -1649,6 +1657,7 @@ dependencies = [
 "ron",
 "serde",
 "similar",
+ "tempfile",
 ]

 [[package]]
@@ -1715,7 +1724,7 @@ checksum = "e04d7f318608d35d4b61ddd75cbdaee86b023ebe2bd5a66ee0915f0bf93095a9"
 dependencies = [
 "hermit-abi",
 "libc",
- "windows-sys 0.59.0",
+ "windows-sys 0.52.0",
 ]

 [[package]]
@@ -1779,7 +1788,7 @@ dependencies = [
 "portable-atomic",
 "portable-atomic-util",
 "serde_core",
- "windows-sys 0.61.0",
+ "windows-sys 0.59.0",
 ]

 [[package]]
@@ -1862,9 +1871,9 @@ checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"

 [[package]]
 name = "libc"
-version = "0.2.177"
+version = "0.2.178"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2874a2af47a2325c2001a6e6fad9b16a53b802102b528163885171cf92b15976"
+checksum = "37c93d8daa9d8a012fd8ab92f088405fb202ea0b6ab73ee2482ae66af4f42091"

 [[package]]
 name = "libcst"
@@ -1970,9 +1979,9 @@ dependencies = [

 [[package]]
 name = "log"
-version = "0.4.28"
+version = "0.4.29"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "34080505efa8e45a4b816c349525ebe327ceaa8559756f0356cba97ef3bf7432"
+checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897"

 [[package]]
 name = "lsp-server"
@@ -2289,6 +2298,16 @@ dependencies = [
 "memchr",
 ]

+[[package]]
+name = "page_size"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "30d5b2194ed13191c1999ae0704b7839fb18384fa22e49b57eeaa97d79ce40da"
+dependencies = [
+ "libc",
+ "winapi",
+]
+
 [[package]]
 name = "parking_lot"
 version = "0.12.4"
@@ -2876,13 +2895,16 @@ checksum = "caf4aa5b0f434c91fe5c7f1ecb6a5ece2130b02ad2a590589dda5146df959001"

 [[package]]
 name = "ron"
-version = "0.7.1"
+version = "0.12.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "88073939a61e5b7680558e6be56b419e208420c2adb92be54921fa6b72283f1a"
+checksum = "fd490c5b18261893f14449cbd28cb9c0b637aebf161cd77900bfdedaff21ec32"
 dependencies = [
- "base64",
- "bitflags 1.3.2",
+ "bitflags 2.10.0",
+ "once_cell",
 "serde",
+ "serde_derive",
+ "typeid",
+ "unicode-ident",
 ]

 [[package]]
@@ -3129,6 +3151,7 @@ dependencies = [
 "salsa",
 "schemars",
 "serde",
+ "ty_module_resolver",
 "ty_python_semantic",
 "zip",
 ]
@@ -3223,7 +3246,6 @@ name = "ruff_memory_usage"
 version = "0.0.0"
 dependencies = [
 "get-size2",
- "ordermap",
 ]

 [[package]]
@@ -3602,7 +3624,7 @@ dependencies = [
 "errno",
 "libc",
 "linux-raw-sys",
- "windows-sys 0.61.0",
+ "windows-sys 0.59.0",
 ]

 [[package]]
@@ -3619,8 +3641,8 @@ checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f"

 [[package]]
 name = "salsa"
-version = "0.24.0"
-source = "git+https://github.com/salsa-rs/salsa.git?rev=55e5e7d32fa3fc189276f35bb04c9438f9aedbd1#55e5e7d32fa3fc189276f35bb04c9438f9aedbd1"
+version = "0.25.2"
+source = "git+https://github.com/salsa-rs/salsa.git?rev=309c249088fdeef0129606fa34ec2eefc74736ff#309c249088fdeef0129606fa34ec2eefc74736ff"
 dependencies = [
 "boxcar",
 "compact_str",
@@ -3644,13 +3666,13 @@ dependencies = [

 [[package]]
 name = "salsa-macro-rules"
-version = "0.24.0"
-source = "git+https://github.com/salsa-rs/salsa.git?rev=55e5e7d32fa3fc189276f35bb04c9438f9aedbd1#55e5e7d32fa3fc189276f35bb04c9438f9aedbd1"
+version = "0.25.2"
+source = "git+https://github.com/salsa-rs/salsa.git?rev=309c249088fdeef0129606fa34ec2eefc74736ff#309c249088fdeef0129606fa34ec2eefc74736ff"

 [[package]]
 name = "salsa-macros"
-version = "0.24.0"
-source = "git+https://github.com/salsa-rs/salsa.git?rev=55e5e7d32fa3fc189276f35bb04c9438f9aedbd1#55e5e7d32fa3fc189276f35bb04c9438f9aedbd1"
+version = "0.25.2"
+source = "git+https://github.com/salsa-rs/salsa.git?rev=309c249088fdeef0129606fa34ec2eefc74736ff#309c249088fdeef0129606fa34ec2eefc74736ff"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -3669,9 +3691,9 @@ dependencies = [

 [[package]]
 name = "schemars"
-version = "1.0.5"
+version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1317c3bf3e7df961da95b0a56a172a02abead31276215a0497241a7624b487ce"
+checksum = "9558e172d4e8533736ba97870c4b2cd63f84b382a3d6eb063da41b91cce17289"
 dependencies = [
 "dyn-clone",
 "ref-cast",
@@ -3682,9 +3704,9 @@ dependencies = [

 [[package]]
 name = "schemars_derive"
-version = "1.0.5"
+version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f760a6150d45dd66ec044983c124595ae76912e77ed0b44124cb3e415cce5d9"
+checksum = "301858a4023d78debd2353c7426dc486001bddc91ae31a76fb1f55132f7e2633"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -3758,9 +3780,9 @@ dependencies = [

 [[package]]
 name = "serde_json"
-version = "1.0.145"
+version = "1.0.146"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "402a6f66d8c709116cf22f558eab210f5a50187f702eb4d7e5ef38d9a7f1c79c"
+checksum = "217ca874ae0207aac254aa02c957ded05585a90892cc8d87f9e5fa49669dadd8"
 dependencies = [
 "itoa",
 "memchr",
@@ -3782,9 +3804,9 @@ dependencies = [

 [[package]]
 name = "serde_spanned"
-version = "1.0.3"
+version = "1.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e24345aa0fe688594e73770a5f6d1b216508b4f93484c0026d521acd30134392"
+checksum = "f8bbf91e5a4d6315eee45e704372590b30e260ee83af6639d64557f51b067776"
 dependencies = [
 "serde_core",
 ]
@@ -3800,9 +3822,9 @@ dependencies = [

 [[package]]
 name = "serde_with"
-version = "3.15.1"
+version = "3.16.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aa66c845eee442168b2c8134fec70ac50dc20e760769c8ba0ad1319ca1959b04"
+checksum = "4fa237f2807440d238e0364a218270b98f767a00d3dada77b1c53ae88940e2e7"
 dependencies = [
 "serde_core",
 "serde_with_macros",
@@ -3810,9 +3832,9 @@ dependencies = [

 [[package]]
 name = "serde_with_macros"
-version = "3.15.1"
+version = "3.16.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b91a903660542fced4e99881aa481bdbaec1634568ee02e0b8bd57c64cb38955"
+checksum = "52a8e3ca0ca629121f70ab50f95249e5a6f925cc0f6ffe8256c45b728875706c"
 dependencies = [
 "darling",
 "proc-macro2",
@@ -3962,9 +3984,9 @@ dependencies = [

 [[package]]
 name = "supports-hyperlinks"
-version = "3.1.0"
+version = "3.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "804f44ed3c63152de6a9f90acbea1a110441de43006ea51bcce8f436196a288b"
+checksum = "e396b6523b11ccb83120b115a0b7366de372751aa6edf19844dfb13a6af97e91"

 [[package]]
 name = "syn"
@@ -4004,7 +4026,7 @@ dependencies = [
 "getrandom 0.3.4",
 "once_cell",
 "rustix",
- "windows-sys 0.61.0",
+ "windows-sys 0.59.0",
 ]

 [[package]]
@@ -4198,9 +4220,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"

 [[package]]
 name = "toml"
-version = "0.9.8"
+version = "0.9.10+spec-1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f0dc8b1fb61449e27716ec0e1bdf0f6b8f3e8f6b05391e8497b8b6d7804ea6d8"
+checksum = "0825052159284a1a8b4d6c0c86cbc801f2da5afd2b225fa548c72f2e74002f48"
 dependencies = [
 "indexmap",
 "serde_core",
@@ -4213,9 +4235,9 @@ dependencies = [

 [[package]]
 name = "toml_datetime"
-version = "0.7.3"
+version = "0.7.5+spec-1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f2cdb639ebbc97961c51720f858597f7f24c4fc295327923af55b74c3c724533"
+checksum = "92e1cfed4a3038bc5a127e35a2d360f145e1f4b971b551a2ba5fd7aedf7e1347"
 dependencies = [
 "serde_core",
 ]
@@ -4234,24 +4256,24 @@ dependencies = [

 [[package]]
 name = "toml_parser"
-version = "1.0.4"
+version = "1.0.6+spec-1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c0cbe268d35bdb4bb5a56a2de88d0ad0eb70af5384a99d648cd4b3d04039800e"
+checksum = "a3198b4b0a8e11f09dd03e133c0280504d0801269e9afa46362ffde1cbeebf44"
 dependencies = [
 "winnow",
 ]

 [[package]]
 name = "toml_writer"
-version = "1.0.4"
+version = "1.0.6+spec-1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "df8b2b54733674ad286d16267dcfc7a71ed5c776e4ac7aa3c3e2561f7c637bf2"
+checksum = "ab16f14aed21ee8bfd8ec22513f7287cd4a91aa92e44edfe2c17ddd004e92607"

 [[package]]
 name = "tracing"
-version = "0.1.43"
+version = "0.1.44"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2d15d90a0b5c19378952d479dc858407149d7bb45a14de0142f6c534b16fc647"
+checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100"
 dependencies = [
 "log",
 "pin-project-lite",
@@ -4272,9 +4294,9 @@ dependencies = [

 [[package]]
 name = "tracing-core"
-version = "0.1.35"
+version = "0.1.36"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7a04e24fab5c89c6a36eb8558c9656f30d81de51dfa4d3b45f26b21d61fa0a6c"
+checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a"
 dependencies = [
 "once_cell",
 "valuable",
@@ -4293,9 +4315,9 @@ dependencies = [

 [[package]]
 name = "tracing-indicatif"
-version = "0.3.13"
+version = "0.3.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "04d4e11e0e27acef25a47f27e9435355fecdc488867fa2bc90e75b0700d2823d"
+checksum = "e1ef6990e0438749f0080573248e96631171a0b5ddfddde119aa5ba8c3a9c47e"
 dependencies = [
 "indicatif",
 "tracing",
@@ -4375,6 +4397,7 @@ dependencies = [
 "tracing-flame",
 "tracing-subscriber",
 "ty_combine",
+ "ty_module_resolver",
 "ty_project",
 "ty_python_semantic",
 "ty_server",
@@ -4389,7 +4412,6 @@ dependencies = [
 "ordermap",
 "ruff_db",
 "ruff_python_ast",
- "ty_python_semantic",
 ]

 [[package]]
@@ -4407,8 +4429,8 @@ dependencies = [
 "tempfile",
 "toml",
 "ty_ide",
+ "ty_module_resolver",
 "ty_project",
- "ty_python_semantic",
 "walkdir",
 ]

@@ -4438,11 +4460,35 @@ dependencies = [
 "salsa",
 "smallvec",
 "tracing",
+ "ty_module_resolver",
 "ty_project",
 "ty_python_semantic",
 "ty_vendored",
 ]

+[[package]]
+name = "ty_module_resolver"
+version = "0.0.0"
+dependencies = [
+ "anyhow",
+ "camino",
+ "compact_str",
+ "get-size2",
+ "insta",
+ "ruff_db",
+ "ruff_memory_usage",
+ "ruff_python_ast",
+ "ruff_python_stdlib",
+ "rustc-hash",
+ "salsa",
+ "strum",
+ "strum_macros",
+ "tempfile",
+ "thiserror 2.0.17",
+ "tracing",
+ "ty_vendored",
+]
+
 [[package]]
 name = "ty_project"
 version = "0.0.0"
@@ -4477,6 +4523,7 @@ dependencies = [
 "toml",
 "tracing",
 "ty_combine",
+ "ty_module_resolver",
 "ty_python_semantic",
 "ty_static",
 "ty_vendored",
@@ -4529,11 +4576,11 @@ dependencies = [
 "strsim",
 "strum",
 "strum_macros",
- "tempfile",
 "test-case",
 "thiserror 2.0.17",
 "tracing",
- "ty_python_semantic",
+ "ty_combine",
+ "ty_module_resolver",
 "ty_static",
 "ty_test",
 "ty_vendored",
@@ -4572,6 +4619,7 @@ dependencies = [
 "tracing-subscriber",
 "ty_combine",
 "ty_ide",
+ "ty_module_resolver",
 "ty_project",
 "ty_python_semantic",
 ]
@@ -4612,6 +4660,7 @@ dependencies = [
 "thiserror 2.0.17",
 "toml",
 "tracing",
+ "ty_module_resolver",
 "ty_python_semantic",
 "ty_static",
 "ty_vendored",
@@ -4659,6 +4708,12 @@ version = "2.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6af6ae20167a9ece4bcb41af5b80f8a1f1df981f6391189ce00fd257af04126a"

+[[package]]
+name = "typeid"
+version = "1.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bc7d623258602320d5c55d1bc22793b57daff0ec7efc270ea7d55ce1d5f5471c"
+
 [[package]]
 name = "typenum"
 version = "1.18.0"
@@ -4818,9 +4873,9 @@ checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"

 [[package]]
 name = "uuid"
-version = "1.18.1"
+version = "1.19.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2f87b8aa10b915a06587d0dec516c282ff295b475d94abf425d62b57710070a2"
+checksum = "e2e054861b4bd027cd373e18e8d8d8e6548085000e41290d95ce0c373a654b4a"
 dependencies = [
 "getrandom 0.3.4",
 "js-sys",
@@ -4831,9 +4886,9 @@ dependencies = [

 [[package]]
 name = "uuid-macro-internal"
-version = "1.18.1"
+version = "1.19.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d9384a660318abfbd7f8932c34d67e4d1ec511095f95972ddc01e19d7ba8413f"
+checksum = "39d11901c36b3650df7acb0f9ebe624f35b5ac4e1922ecd3c57f444648429594"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -5053,15 +5108,37 @@ dependencies = [
 "glob",
 ]

+[[package]]
+name = "winapi"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
+dependencies = [
+ "winapi-i686-pc-windows-gnu",
+ "winapi-x86_64-pc-windows-gnu",
+]
+
+[[package]]
+name = "winapi-i686-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
+
 [[package]]
 name = "winapi-util"
 version = "0.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22"
 dependencies = [
- "windows-sys 0.61.0",
+ "windows-sys 0.59.0",
 ]

+[[package]]
+name = "winapi-x86_64-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
+
 [[package]]
 name = "windows-core"
 version = "0.62.0"
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -45,6 +45,7 @@ ty = { path = "crates/ty" }
 ty_combine = { path = "crates/ty_combine" }
 ty_completion_eval = { path = "crates/ty_completion_eval" }
 ty_ide = { path = "crates/ty_ide" }
+ty_module_resolver = { path = "crates/ty_module_resolver" }
 ty_project = { path = "crates/ty_project", default-features = false }
 ty_python_semantic = { path = "crates/ty_python_semantic" }
 ty_server = { path = "crates/ty_server" }
@@ -57,8 +58,8 @@ anstream = { version = "0.6.18" }
 anstyle = { version = "1.0.10" }
 anyhow = { version = "1.0.80" }
 arc-swap = { version = "1.7.1" }
-assert_fs = { version = "1.1.0" }
 argfile = { version = "0.2.0" }
+assert_fs = { version = "1.1.0" }
 bincode = { version = "2.0.0" }
 bitflags = { version = "2.5.0" }
 bitvec = { version = "1.0.1", default-features = false, features = [
@@ -70,30 +71,31 @@ camino = { version = "1.1.7" }
 clap = { version = "4.5.3", features = ["derive"] }
 clap_complete_command = { version = "0.6.0" }
 clearscreen = { version = "4.0.0" }
-csv = { version = "1.3.1" }
-divan = { package = "codspeed-divan-compat", version = "4.0.4" }
 codspeed-criterion-compat = { version = "4.0.4", default-features = false }
 colored = { version = "3.0.0" }
+compact_str = "0.9.0"
 console_error_panic_hook = { version = "0.1.7" }
 console_log = { version = "1.0.0" }
 countme = { version = "3.0.1" }
-compact_str = "0.9.0"
-criterion = { version = "0.7.0", default-features = false }
+criterion = { version = "0.8.0", default-features = false }
 crossbeam = { version = "0.8.4" }
+csv = { version = "1.3.1" }
 dashmap = { version = "6.0.1" }
 datatest-stable = { version = "0.3.3" }
-dunce = { version = "1.0.5" }
+divan = { package = "codspeed-divan-compat", version = "4.0.4" }
 drop_bomb = { version = "0.1.5" }
+dunce = { version = "1.0.5" }
 etcetera = { version = "0.11.0" }
 fern = { version = "0.7.0" }
 filetime = { version = "0.2.23" }
-getrandom = { version = "0.3.1" }
 get-size2 = { version = "0.7.3", features = [
    "derive",
    "smallvec",
    "hashbrown",
    "compact-str",
+    "ordermap"
 ] }
+getrandom = { version = "0.3.1" }
 glob = { version = "0.3.1" }
 globset = { version = "0.4.14" }
 globwalk = { version = "0.9.1" }
@@ -115,8 +117,8 @@ is-macro = { version = "0.3.5" }
 is-wsl = { version = "0.4.0" }
 itertools = { version = "0.14.0" }
 jiff = { version = "0.2.0" }
-js-sys = { version = "0.3.69" }
 jod-thread = { version = "1.0.0" }
+js-sys = { version = "0.3.69" }
 libc = { version = "0.2.153" }
 libcst = { version = "1.8.4", default-features = false }
 log = { version = "0.4.17" }
@@ -138,6 +140,8 @@ pretty_assertions = "1.3.0"
 proc-macro2 = { version = "1.0.79" }
 pyproject-toml = { version = "0.13.4" }
 quick-junit = { version = "0.5.0" }
+quickcheck = { version = "1.0.3", default-features = false }
+quickcheck_macros = { version = "1.0.0" }
 quote = { version = "1.0.23" }
 rand = { version = "0.9.0" }
 rayon = { version = "1.10.0" }
@@ -146,7 +150,7 @@ regex-automata = { version = "0.4.9" }
 rustc-hash = { version = "2.0.0" }
 rustc-stable-hash = { version = "0.1.2" }
 # When updating salsa, make sure to also update the revision in `fuzz/Cargo.toml`
-salsa = { git = "https://github.com/salsa-rs/salsa.git", rev = "55e5e7d32fa3fc189276f35bb04c9438f9aedbd1", default-features = false, features = [
+salsa = { git = "https://github.com/salsa-rs/salsa.git", rev = "309c249088fdeef0129606fa34ec2eefc74736ff", default-features = false, features = [
    "compact_str",
    "macros",
    "salsa_unstable",
@@ -194,9 +198,9 @@ tryfn = { version = "0.2.1" }
 typed-arena = { version = "2.0.2" }
 unic-ucd-category = { version = "0.9" }
 unicode-ident = { version = "1.0.12" }
+unicode-normalization = { version = "0.1.23" }
 unicode-width = { version = "0.2.0" }
 unicode_names2 = { version = "1.2.2" }
-unicode-normalization = { version = "0.1.23" }
 url = { version = "2.5.0" }
 uuid = { version = "1.6.1", features = ["v4", "fast-rng", "macro-diagnostics"] }
 walkdir = { version = "2.3.2" }
@@ -206,8 +210,13 @@ wild = { version = "2" }
 zip = { version = "0.6.6", default-features = false }

 [workspace.metadata.cargo-shear]
-ignored = ["getrandom", "ruff_options_metadata", "uuid", "get-size2", "ty_completion_eval"]
-
+ignored = [
+    "getrandom",
+    "ruff_options_metadata",
+    "uuid",
+    "get-size2",
+    "ty_completion_eval",
+]

 [workspace.lints.rust]
 unsafe_code = "warn"
@@ -267,17 +276,10 @@ if_not_else = "allow"
 # Diagnostics are not actionable: Enable once https://github.com/rust-lang/rust-clippy/issues/13774 is resolved.
 large_stack_arrays = "allow"

-
 [profile.release]
 lto = "fat"
 codegen-units = 16

-# Profile to build a minimally sized binary for ruff/ty
-[profile.minimal-size]
-inherits = "release"
-opt-level = "z"
-codegen-units = 1
-
 # Some crates don't change as much but benefit more from
 # more expensive optimization passes, so we selectively
 # decrease codegen-units in some cases.
@@ -288,6 +290,12 @@ codegen-units = 1
 [profile.release.package.salsa]
 codegen-units = 1

+# Profile to build a minimally sized binary for ruff/ty
+[profile.minimal-size]
+inherits = "release"
+opt-level = "z"
+codegen-units = 1
+
 [profile.dev.package.insta]
 opt-level = 3

--- a/crates/ruff/Cargo.toml
+++ b/crates/ruff/Cargo.toml
@@ -12,6 +12,13 @@ license = { workspace = true }
 readme = "../../README.md"
 default-run = "ruff"

+[package.metadata.cargo-shear]
+# Used via macro expansion.
+ignored = ["jiff"]
+
+[package.metadata.dist]
+dist = true
+
 [dependencies]
 ruff_cache = { workspace = true }
 ruff_db = { workspace = true, default-features = false, features = ["os"] }
@@ -61,6 +68,12 @@ tracing = { workspace = true, features = ["log"] }
 walkdir = { workspace = true }
 wild = { workspace = true }

+[target.'cfg(all(not(target_os = "windows"), not(target_os = "openbsd"), not(target_os = "aix"), not(target_os = "android"), any(target_arch = "x86_64", target_arch = "aarch64", target_arch = "powerpc64", target_arch = "riscv64")))'.dependencies]
+tikv-jemallocator = { workspace = true }
+
+[target.'cfg(target_os = "windows")'.dependencies]
+mimalloc = { workspace = true }
+
 [dev-dependencies]
 # Enable test rules during development
 ruff_linter = { workspace = true, features = ["clap", "test-rules"] }
@@ -76,18 +89,5 @@ ruff_python_trivia = { workspace = true }
 tempfile = { workspace = true }
 test-case = { workspace = true }

-[package.metadata.cargo-shear]
-# Used via macro expansion.
-ignored = ["jiff"]
-
-[package.metadata.dist]
-dist = true
-
-[target.'cfg(target_os = "windows")'.dependencies]
-mimalloc = { workspace = true }
-
-[target.'cfg(all(not(target_os = "windows"), not(target_os = "openbsd"), not(target_os = "aix"), not(target_os = "android"), any(target_arch = "x86_64", target_arch = "aarch64", target_arch = "powerpc64", target_arch = "riscv64")))'.dependencies]
-tikv-jemallocator = { workspace = true }
-
 [lints]
 workspace = true
--- a/crates/ruff/tests/cli/snapshots/cliformatoutput_format_github.snap
+++ b/crates/ruff/tests/cli/snapshots/cliformatoutput_format_github.snap
@@ -14,6 +14,6 @@ info:
 success: false
 exit_code: 1
 ----- stdout -----
-::error title=Ruff (unformatted),file=[TMP]/input.py,line=1,col=1,endLine=2,endColumn=1::input.py:1:1: unformatted: File would be reformatted
+::error title=Ruff (unformatted),file=[TMP]/input.py,line=1,endLine=2::input.py:1:1: unformatted: File would be reformatted

 ----- stderr -----
--- a/crates/ruff/tests/cli/snapshots/clilintrequires_python_extend_from_shared_config.snap
+++ b/crates/ruff/tests/cli/snapshots/clilintrequires_python_extend_from_shared_config.snap
@@ -125,7 +125,7 @@ linter.flake8_copyright.notice_rgx = (?i)Copyright\s+((?:\(C\)|©)\s+)?\d{4}((-|
 linter.flake8_copyright.author = none
 linter.flake8_copyright.min_file_size = 0
 linter.flake8_errmsg.max_string_length = 0
-linter.flake8_gettext.functions_names = [
+linter.flake8_gettext.function_names = [
 	_,
 	gettext,
 	ngettext,
@@ -261,6 +261,7 @@ linter.pylint.max_locals = 15
 linter.pylint.max_nested_blocks = 5
 linter.pyupgrade.keep_runtime_typing = false
 linter.ruff.parenthesize_tuple_in_subscript = false
+linter.ruff.strictly_empty_init_modules = false

 # Formatter Settings
 formatter.exclude = []
--- a/crates/ruff/tests/cli/snapshots/clilintrequires_python_no_tool.snap
+++ b/crates/ruff/tests/cli/snapshots/clilintrequires_python_no_tool.snap
@@ -127,7 +127,7 @@ linter.flake8_copyright.notice_rgx = (?i)Copyright\s+((?:\(C\)|©)\s+)?\d{4}((-|
 linter.flake8_copyright.author = none
 linter.flake8_copyright.min_file_size = 0
 linter.flake8_errmsg.max_string_length = 0
-linter.flake8_gettext.functions_names = [
+linter.flake8_gettext.function_names = [
 	_,
 	gettext,
 	ngettext,
@@ -263,6 +263,7 @@ linter.pylint.max_locals = 15
 linter.pylint.max_nested_blocks = 5
 linter.pyupgrade.keep_runtime_typing = false
 linter.ruff.parenthesize_tuple_in_subscript = false
+linter.ruff.strictly_empty_init_modules = false

 # Formatter Settings
 formatter.exclude = []
--- a/crates/ruff/tests/cli/snapshots/clilintrequires_python_no_tool_preview_enabled.snap
+++ b/crates/ruff/tests/cli/snapshots/clilintrequires_python_no_tool_preview_enabled.snap
@@ -129,7 +129,7 @@ linter.flake8_copyright.notice_rgx = (?i)Copyright\s+((?:\(C\)|©)\s+)?\d{4}((-|
 linter.flake8_copyright.author = none
 linter.flake8_copyright.min_file_size = 0
 linter.flake8_errmsg.max_string_length = 0
-linter.flake8_gettext.functions_names = [
+linter.flake8_gettext.function_names = [
 	_,
 	gettext,
 	ngettext,
@@ -265,6 +265,7 @@ linter.pylint.max_locals = 15
 linter.pylint.max_nested_blocks = 5
 linter.pyupgrade.keep_runtime_typing = false
 linter.ruff.parenthesize_tuple_in_subscript = false
+linter.ruff.strictly_empty_init_modules = false

 # Formatter Settings
 formatter.exclude = []
--- a/crates/ruff/tests/cli/snapshots/clilintrequires_python_no_tool_target_version_override.snap
+++ b/crates/ruff/tests/cli/snapshots/clilintrequires_python_no_tool_target_version_override.snap
@@ -129,7 +129,7 @@ linter.flake8_copyright.notice_rgx = (?i)Copyright\s+((?:\(C\)|©)\s+)?\d{4}((-|
 linter.flake8_copyright.author = none
 linter.flake8_copyright.min_file_size = 0
 linter.flake8_errmsg.max_string_length = 0
-linter.flake8_gettext.functions_names = [
+linter.flake8_gettext.function_names = [
 	_,
 	gettext,
 	ngettext,
@@ -265,6 +265,7 @@ linter.pylint.max_locals = 15
 linter.pylint.max_nested_blocks = 5
 linter.pyupgrade.keep_runtime_typing = false
 linter.ruff.parenthesize_tuple_in_subscript = false
+linter.ruff.strictly_empty_init_modules = false

 # Formatter Settings
 formatter.exclude = []
--- a/crates/ruff/tests/cli/snapshots/clilintrequires_python_pyproject_toml_above.snap
+++ b/crates/ruff/tests/cli/snapshots/clilintrequires_python_pyproject_toml_above.snap
@@ -126,7 +126,7 @@ linter.flake8_copyright.notice_rgx = (?i)Copyright\s+((?:\(C\)|©)\s+)?\d{4}((-|
 linter.flake8_copyright.author = none
 linter.flake8_copyright.min_file_size = 0
 linter.flake8_errmsg.max_string_length = 0
-linter.flake8_gettext.functions_names = [
+linter.flake8_gettext.function_names = [
 	_,
 	gettext,
 	ngettext,
@@ -262,6 +262,7 @@ linter.pylint.max_locals = 15
 linter.pylint.max_nested_blocks = 5
 linter.pyupgrade.keep_runtime_typing = false
 linter.ruff.parenthesize_tuple_in_subscript = false
+linter.ruff.strictly_empty_init_modules = false

 # Formatter Settings
 formatter.exclude = []
--- a/crates/ruff/tests/cli/snapshots/clilintrequires_python_pyproject_toml_above_with_tool.snap
+++ b/crates/ruff/tests/cli/snapshots/clilintrequires_python_pyproject_toml_above_with_tool.snap
@@ -126,7 +126,7 @@ linter.flake8_copyright.notice_rgx = (?i)Copyright\s+((?:\(C\)|©)\s+)?\d{4}((-|
 linter.flake8_copyright.author = none
 linter.flake8_copyright.min_file_size = 0
 linter.flake8_errmsg.max_string_length = 0
-linter.flake8_gettext.functions_names = [
+linter.flake8_gettext.function_names = [
 	_,
 	gettext,
 	ngettext,
@@ -262,6 +262,7 @@ linter.pylint.max_locals = 15
 linter.pylint.max_nested_blocks = 5
 linter.pyupgrade.keep_runtime_typing = false
 linter.ruff.parenthesize_tuple_in_subscript = false
+linter.ruff.strictly_empty_init_modules = false

 # Formatter Settings
 formatter.exclude = []
--- a/crates/ruff/tests/cli/snapshots/clilintrequires_python_ruff_toml_above-2.snap
+++ b/crates/ruff/tests/cli/snapshots/clilintrequires_python_ruff_toml_above-2.snap
@@ -125,7 +125,7 @@ linter.flake8_copyright.notice_rgx = (?i)Copyright\s+((?:\(C\)|©)\s+)?\d{4}((-|
 linter.flake8_copyright.author = none
 linter.flake8_copyright.min_file_size = 0
 linter.flake8_errmsg.max_string_length = 0
-linter.flake8_gettext.functions_names = [
+linter.flake8_gettext.function_names = [
 	_,
 	gettext,
 	ngettext,
@@ -261,6 +261,7 @@ linter.pylint.max_locals = 15
 linter.pylint.max_nested_blocks = 5
 linter.pyupgrade.keep_runtime_typing = false
 linter.ruff.parenthesize_tuple_in_subscript = false
+linter.ruff.strictly_empty_init_modules = false

 # Formatter Settings
 formatter.exclude = []
--- a/crates/ruff/tests/cli/snapshots/clilintrequires_python_ruff_toml_above.snap
+++ b/crates/ruff/tests/cli/snapshots/clilintrequires_python_ruff_toml_above.snap
@@ -125,7 +125,7 @@ linter.flake8_copyright.notice_rgx = (?i)Copyright\s+((?:\(C\)|©)\s+)?\d{4}((-|
 linter.flake8_copyright.author = none
 linter.flake8_copyright.min_file_size = 0
 linter.flake8_errmsg.max_string_length = 0
-linter.flake8_gettext.functions_names = [
+linter.flake8_gettext.function_names = [
 	_,
 	gettext,
 	ngettext,
@@ -261,6 +261,7 @@ linter.pylint.max_locals = 15
 linter.pylint.max_nested_blocks = 5
 linter.pyupgrade.keep_runtime_typing = false
 linter.ruff.parenthesize_tuple_in_subscript = false
+linter.ruff.strictly_empty_init_modules = false

 # Formatter Settings
 formatter.exclude = []
--- a/crates/ruff/tests/cli/snapshots/clilintrequires_python_ruff_toml_no_target_fallback.snap
+++ b/crates/ruff/tests/cli/snapshots/clilintrequires_python_ruff_toml_no_target_fallback.snap
@@ -125,7 +125,7 @@ linter.flake8_copyright.notice_rgx = (?i)Copyright\s+((?:\(C\)|©)\s+)?\d{4}((-|
 linter.flake8_copyright.author = none
 linter.flake8_copyright.min_file_size = 0
 linter.flake8_errmsg.max_string_length = 0
-linter.flake8_gettext.functions_names = [
+linter.flake8_gettext.function_names = [
 	_,
 	gettext,
 	ngettext,
@@ -261,6 +261,7 @@ linter.pylint.max_locals = 15
 linter.pylint.max_nested_blocks = 5
 linter.pyupgrade.keep_runtime_typing = false
 linter.ruff.parenthesize_tuple_in_subscript = false
+linter.ruff.strictly_empty_init_modules = false

 # Formatter Settings
 formatter.exclude = []
--- a/crates/ruff/tests/snapshots/show_settings__display_default_settings.snap
+++ b/crates/ruff/tests/snapshots/show_settings__display_default_settings.snap
@@ -238,7 +238,7 @@ linter.flake8_copyright.notice_rgx = (?i)Copyright\s+((?:\(C\)|©)\s+)?\d{4}((-|
 linter.flake8_copyright.author = none
 linter.flake8_copyright.min_file_size = 0
 linter.flake8_errmsg.max_string_length = 0
-linter.flake8_gettext.functions_names = [
+linter.flake8_gettext.function_names = [
 	_,
 	gettext,
 	ngettext,
@@ -374,6 +374,7 @@ linter.pylint.max_locals = 15
 linter.pylint.max_nested_blocks = 5
 linter.pyupgrade.keep_runtime_typing = false
 linter.ruff.parenthesize_tuple_in_subscript = false
+linter.ruff.strictly_empty_init_modules = false

 # Formatter Settings
 formatter.exclude = []
--- a/crates/ruff_annotate_snippets/Cargo.toml
+++ b/crates/ruff_annotate_snippets/Cargo.toml
@@ -12,10 +12,6 @@ license = "MIT OR Apache-2.0"

 [lib]

-[features]
-default = []
-testing-colors = []
-
 [dependencies]
 anstyle = { workspace = true }
 memchr = { workspace = true }
@@ -23,12 +19,17 @@ unicode-width = { workspace = true }

 [dev-dependencies]
 ruff_annotate_snippets = { workspace = true, features = ["testing-colors"] }
+
 anstream = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 snapbox = { workspace = true, features = ["diff", "term-svg", "cmd", "examples"] }
 toml = { workspace = true }
 tryfn = { workspace = true }

+[features]
+default = []
+testing-colors = []
+
 [[test]]
 name = "fixtures"
 harness = false
--- a/crates/ruff_benchmark/Cargo.toml
+++ b/crates/ruff_benchmark/Cargo.toml
@@ -16,77 +16,80 @@ bench = false
 test = false
 doctest = false

-[[bench]]
-name = "linter"
-harness = false
-required-features = ["instrumented"]
-
-[[bench]]
-name = "lexer"
-harness = false
-required-features = ["instrumented"]
-
-[[bench]]
-name = "parser"
-harness = false
-required-features = ["instrumented"]
-
-[[bench]]
-name = "formatter"
-harness = false
-required-features = ["instrumented"]
-
-[[bench]]
-name = "ty"
-harness = false
-required-features = ["instrumented"]
-
-[[bench]]
-name = "ty_walltime"
-harness = false
-required-features = ["walltime"]
-
 [dependencies]
 ruff_db = { workspace = true, features = ["testing"] }
-ruff_python_ast = { workspace = true }
 ruff_linter = { workspace = true, optional = true }
+ruff_python_ast = { workspace = true }
 ruff_python_formatter = { workspace = true, optional = true }
 ruff_python_parser = { workspace = true, optional = true }
 ruff_python_trivia = { workspace = true, optional = true }
 ty_project = { workspace = true, optional = true }

-divan = { workspace = true, optional = true }
 anyhow = { workspace = true }
 codspeed-criterion-compat = { workspace = true, default-features = false, optional = true }
 criterion = { workspace = true, default-features = false, optional = true }
+divan = { workspace = true, optional = true }
 serde = { workspace = true }
 serde_json = { workspace = true }
 tracing = { workspace = true }

-[lints]
-workspace = true
+[target.'cfg(all(not(target_os = "windows"), not(target_os = "openbsd"), any(target_arch = "x86_64", target_arch = "aarch64", target_arch = "powerpc64", target_arch = "riscv64")))'.dependencies]
+tikv-jemallocator = { workspace = true, optional = true }
+
+[target.'cfg(target_os = "windows")'.dependencies]
+mimalloc = { workspace = true, optional = true }
+
+[dev-dependencies]
+rayon = { workspace = true }
+rustc-hash = { workspace = true }

 [features]
-default = ["instrumented", "walltime"]
-# Enables the benchmark that should only run with codspeed's instrumented runner
-instrumented = [
+default = ["ty_instrumented", "ty_walltime", "ruff_instrumented"]
+# Enables the ruff instrumented benchmarks
+ruff_instrumented = [
    "criterion",
    "ruff_linter",
    "ruff_python_formatter",
    "ruff_python_parser",
    "ruff_python_trivia",
-    "ty_project",
+    "mimalloc",
+    "tikv-jemallocator",
 ]
+# Enables the ty instrumented benchmarks
+ty_instrumented = ["criterion", "ty_project", "ruff_python_trivia"]
 codspeed = ["codspeed-criterion-compat"]
-# Enables benchmark that should only run with codspeed's walltime runner.
-walltime = ["ruff_db/os", "ty_project", "divan"]
+# Enables the ty_walltime benchmarks
+ty_walltime = ["ruff_db/os", "ty_project", "divan"]

-[target.'cfg(target_os = "windows")'.dev-dependencies]
-mimalloc = { workspace = true }
+[[bench]]
+name = "linter"
+harness = false
+required-features = ["ruff_instrumented"]

-[target.'cfg(all(not(target_os = "windows"), not(target_os = "openbsd"), any(target_arch = "x86_64", target_arch = "aarch64", target_arch = "powerpc64", target_arch = "riscv64")))'.dev-dependencies]
-tikv-jemallocator = { workspace = true }
+[[bench]]
+name = "lexer"
+harness = false
+required-features = ["ruff_instrumented"]

-[dev-dependencies]
-rustc-hash = { workspace = true }
-rayon = { workspace = true }
+[[bench]]
+name = "parser"
+harness = false
+required-features = ["ruff_instrumented"]
+
+[[bench]]
+name = "formatter"
+harness = false
+required-features = ["ruff_instrumented"]
+
+[[bench]]
+name = "ty"
+harness = false
+required-features = ["ty_instrumented"]
+
+[[bench]]
+name = "ty_walltime"
+harness = false
+required-features = ["ty_walltime"]
+
+[lints]
+workspace = true
--- a/crates/ruff_benchmark/benches/ty.rs
+++ b/crates/ruff_benchmark/benches/ty.rs
@@ -557,6 +557,60 @@ fn benchmark_many_enum_members(criterion: &mut Criterion) {
    });
 }

+fn benchmark_many_enum_members_2(criterion: &mut Criterion) {
+    const NUM_ENUM_MEMBERS: usize = 48;
+
+    setup_rayon();
+
+    let mut code = "\
+from enum import Enum
+from typing_extensions import assert_never
+
+class E(Enum):
+"
+    .to_string();
+
+    for i in 0..NUM_ENUM_MEMBERS {
+        writeln!(&mut code, "    m{i} = {i}").ok();
+    }
+
+    code.push_str(
+        "
+    def method(self):
+        match self:",
+    );
+
+    for i in 0..NUM_ENUM_MEMBERS {
+        write!(
+            &mut code,
+            "
+            case E.m{i}:
+                pass"
+        )
+        .ok();
+    }
+
+    write!(
+        &mut code,
+        "
+            case _:
+                assert_never(self)"
+    )
+    .ok();
+
+    criterion.bench_function("ty_micro[many_enum_members_2]", |b| {
+        b.iter_batched_ref(
+            || setup_micro_case(&code),
+            |case| {
+                let Case { db, .. } = case;
+                let result = db.check();
+                assert_eq!(result.len(), 0);
+            },
+            BatchSize::SmallInput,
+        );
+    });
+}
+
 struct ProjectBenchmark<'a> {
    project: InstalledProject<'a>,
    fs: MemoryFileSystem,
@@ -717,6 +771,7 @@ criterion_group!(
    benchmark_complex_constrained_attributes_2,
    benchmark_complex_constrained_attributes_3,
    benchmark_many_enum_members,
+    benchmark_many_enum_members_2,
 );
 criterion_group!(project, anyio, attrs, hydra, datetype);
 criterion_main!(check_file, micro, project);
--- a/crates/ruff_benchmark/benches/ty_walltime.rs
+++ b/crates/ruff_benchmark/benches/ty_walltime.rs
@@ -194,7 +194,7 @@ static SYMPY: Benchmark = Benchmark::new(
        max_dep_date: "2025-06-17",
        python_version: PythonVersion::PY312,
    },
-    13100,
+    13116,
 );

 static TANJUN: Benchmark = Benchmark::new(
@@ -235,30 +235,55 @@ fn run_single_threaded(bencher: Bencher, benchmark: &Benchmark) {
        });
 }

-#[bench(args=[&ALTAIR, &FREQTRADE, &TANJUN], sample_size=2, sample_count=3)]
-fn small(bencher: Bencher, benchmark: &Benchmark) {
-    run_single_threaded(bencher, benchmark);
+#[bench(sample_size = 2, sample_count = 3)]
+fn altair(bencher: Bencher) {
+    run_single_threaded(bencher, &ALTAIR);
 }

-#[bench(args=[&COLOUR_SCIENCE, &PANDAS, &STATIC_FRAME], sample_size=1, sample_count=3)]
-fn medium(bencher: Bencher, benchmark: &Benchmark) {
-    run_single_threaded(bencher, benchmark);
+#[bench(sample_size = 2, sample_count = 3)]
+fn freqtrade(bencher: Bencher) {
+    run_single_threaded(bencher, &FREQTRADE);
 }

-#[bench(args=[&SYMPY, &PYDANTIC], sample_size=1, sample_count=2)]
-fn large(bencher: Bencher, benchmark: &Benchmark) {
-    run_single_threaded(bencher, benchmark);
+#[bench(sample_size = 2, sample_count = 3)]
+fn tanjun(bencher: Bencher) {
+    run_single_threaded(bencher, &TANJUN);
 }

-#[bench(args=[&ALTAIR], sample_size=3, sample_count=8)]
-fn multithreaded(bencher: Bencher, benchmark: &Benchmark) {
+#[bench(sample_size = 2, sample_count = 3)]
+fn pydantic(bencher: Bencher) {
+    run_single_threaded(bencher, &PYDANTIC);
+}
+
+#[bench(sample_size = 1, sample_count = 3)]
+fn static_frame(bencher: Bencher) {
+    run_single_threaded(bencher, &STATIC_FRAME);
+}
+
+#[bench(sample_size = 1, sample_count = 2)]
+fn colour_science(bencher: Bencher) {
+    run_single_threaded(bencher, &COLOUR_SCIENCE);
+}
+
+#[bench(sample_size = 1, sample_count = 2)]
+fn pandas(bencher: Bencher) {
+    run_single_threaded(bencher, &PANDAS);
+}
+
+#[bench(sample_size = 1, sample_count = 2)]
+fn sympy(bencher: Bencher) {
+    run_single_threaded(bencher, &SYMPY);
+}
+
+#[bench(sample_size = 3, sample_count = 8)]
+fn multithreaded(bencher: Bencher) {
    let thread_pool = ThreadPoolBuilder::new().build().unwrap();

    bencher
-        .with_inputs(|| benchmark.setup_iteration())
+        .with_inputs(|| ALTAIR.setup_iteration())
        .bench_local_values(|db| {
            thread_pool.install(|| {
-                check_project(&db, benchmark.project.name, benchmark.max_diagnostics);
+                check_project(&db, ALTAIR.project.name, ALTAIR.max_diagnostics);
                db
            })
        });
--- a/crates/ruff_benchmark/src/lib.rs
+++ b/crates/ruff_benchmark/src/lib.rs
@@ -1,6 +1,6 @@
 use std::path::PathBuf;

-#[cfg(feature = "instrumented")]
+#[cfg(any(feature = "ty_instrumented", feature = "ruff_instrumented"))]
 pub mod criterion;
 pub mod real_world_projects;

--- a/crates/ruff_cache/Cargo.toml
+++ b/crates/ruff_cache/Cargo.toml
@@ -11,11 +11,11 @@ repository = { workspace = true }
 license = { workspace = true }

 [dependencies]
+filetime = { workspace = true }
 glob = { workspace = true }
 globset = { workspace = true }
 itertools = { workspace = true }
 regex = { workspace = true }
-filetime = { workspace = true }
 seahash = { workspace = true }

 [dev-dependencies]
--- a/crates/ruff_db/Cargo.toml
+++ b/crates/ruff_db/Cargo.toml
@@ -48,12 +48,12 @@ tracing = { workspace = true }
 tracing-subscriber = { workspace = true, optional = true }
 zip = { workspace = true }

-[target.'cfg(target_arch="wasm32")'.dependencies]
-web-time = { version = "1.1.0" }
-
 [target.'cfg(not(target_arch="wasm32"))'.dependencies]
 etcetera = { workspace = true, optional = true }

+[target.'cfg(target_arch="wasm32")'.dependencies]
+web-time = { version = "1.1.0" }
+
 [dev-dependencies]
 insta = { workspace = true, features = ["filters"] }
 tempfile = { workspace = true }
--- a/crates/ruff_db/src/cancellation.rs
+++ b/crates/ruff_db/src/cancellation.rs
@@ -0,0 +1,51 @@
+use std::sync::Arc;
+use std::sync::atomic::AtomicBool;
+
+/// Signals a [`CancellationToken`] that it should be canceled.
+#[derive(Debug, Clone)]
+pub struct CancellationTokenSource {
+    cancelled: Arc<AtomicBool>,
+}
+
+impl Default for CancellationTokenSource {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+impl CancellationTokenSource {
+    pub fn new() -> Self {
+        Self {
+            cancelled: Arc::new(AtomicBool::new(false)),
+        }
+    }
+
+    pub fn is_cancellation_requested(&self) -> bool {
+        self.cancelled.load(std::sync::atomic::Ordering::Relaxed)
+    }
+
+    /// Creates a new token that uses this source.
+    pub fn token(&self) -> CancellationToken {
+        CancellationToken {
+            cancelled: self.cancelled.clone(),
+        }
+    }
+
+    /// Requests cancellation for operations using this token.
+    pub fn cancel(&self) {
+        self.cancelled
+            .store(true, std::sync::atomic::Ordering::Relaxed);
+    }
+}
+
+/// Token signals whether an operation should be canceled.
+#[derive(Debug, Clone)]
+pub struct CancellationToken {
+    cancelled: Arc<AtomicBool>,
+}
+
+impl CancellationToken {
+    pub fn is_cancelled(&self) -> bool {
+        self.cancelled.load(std::sync::atomic::Ordering::Relaxed)
+    }
+}
--- a/crates/ruff_db/src/diagnostic/mod.rs
+++ b/crates/ruff_db/src/diagnostic/mod.rs
@@ -1,4 +1,4 @@
-use std::{fmt::Formatter, path::Path, sync::Arc};
+use std::{borrow::Cow, fmt::Formatter, path::Path, sync::Arc};

 use ruff_diagnostics::{Applicability, Fix};
 use ruff_source_file::{LineColumn, SourceCode, SourceFile};
@@ -11,6 +11,7 @@ pub use self::render::{
    ceil_char_boundary,
    github::{DisplayGithubDiagnostics, GithubRenderer},
 };
+use crate::cancellation::CancellationToken;
 use crate::{Db, files::File};

 mod render;
@@ -410,11 +411,6 @@ impl Diagnostic {
        self.id().is_invalid_syntax()
    }

-    /// Returns the message body to display to the user.
-    pub fn body(&self) -> &str {
-        self.primary_message()
-    }
-
    /// Returns the message of the first sub-diagnostic with a `Help` severity.
    ///
    /// Note that this is used as the fix title/suggestion for some of Ruff's output formats, but in
@@ -1312,6 +1308,8 @@ pub struct DisplayDiagnosticConfig {
    show_fix_diff: bool,
    /// The lowest applicability that should be shown when reporting diagnostics.
    fix_applicability: Applicability,
+
+    cancellation_token: Option<CancellationToken>,
 }

 impl DisplayDiagnosticConfig {
@@ -1385,6 +1383,20 @@ impl DisplayDiagnosticConfig {
    pub fn fix_applicability(&self) -> Applicability {
        self.fix_applicability
    }
+
+    pub fn with_cancellation_token(
+        mut self,
+        token: Option<CancellationToken>,
+    ) -> DisplayDiagnosticConfig {
+        self.cancellation_token = token;
+        self
+    }
+
+    pub fn is_canceled(&self) -> bool {
+        self.cancellation_token
+            .as_ref()
+            .is_some_and(|token| token.is_cancelled())
+    }
 }

 impl Default for DisplayDiagnosticConfig {
@@ -1398,6 +1410,7 @@ impl Default for DisplayDiagnosticConfig {
            show_fix_status: false,
            show_fix_diff: false,
            fix_applicability: Applicability::Safe,
+            cancellation_token: None,
        }
    }
 }
@@ -1474,6 +1487,15 @@ pub enum ConciseMessage<'a> {
    Custom(&'a str),
 }

+impl<'a> ConciseMessage<'a> {
+    pub fn to_str(&self) -> Cow<'a, str> {
+        match self {
+            ConciseMessage::MainDiagnostic(s) | ConciseMessage::Custom(s) => Cow::Borrowed(s),
+            ConciseMessage::Both { .. } => Cow::Owned(self.to_string()),
+        }
+    }
+}
+
 impl std::fmt::Display for ConciseMessage<'_> {
    fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
        match *self {
@@ -1490,6 +1512,16 @@ impl std::fmt::Display for ConciseMessage<'_> {
    }
 }

+#[cfg(feature = "serde")]
+impl serde::Serialize for ConciseMessage<'_> {
+    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+    where
+        S: serde::Serializer,
+    {
+        serializer.collect_str(self)
+    }
+}
+
 /// A diagnostic message string.
 ///
 /// This is, for all intents and purposes, equivalent to a `Box<str>`.
--- a/crates/ruff_db/src/diagnostic/render/azure.rs
+++ b/crates/ruff_db/src/diagnostic/render/azure.rs
@@ -52,7 +52,7 @@ impl AzureRenderer<'_> {
                f,
                "code={code};]{body}",
                code = diag.secondary_code_or_id(),
-                body = diag.body(),
+                body = diag.concise_message(),
            )?;
        }

--- a/crates/ruff_db/src/diagnostic/render/concise.rs
+++ b/crates/ruff_db/src/diagnostic/render/concise.rs
@@ -28,6 +28,10 @@ impl<'a> ConciseRenderer<'a> {

        let sep = fmt_styled(":", stylesheet.separator);
        for diag in diagnostics {
+            if self.config.is_canceled() {
+                return Ok(());
+            }
+
            if let Some(span) = diag.primary_span() {
                write!(
                    f,
--- a/crates/ruff_db/src/diagnostic/render/full.rs
+++ b/crates/ruff_db/src/diagnostic/render/full.rs
@@ -53,6 +53,10 @@ impl<'a> FullRenderer<'a> {
            .hyperlink(stylesheet.hyperlink);

        for diag in diagnostics {
+            if self.config.is_canceled() {
+                return Ok(());
+            }
+
            let resolved = Resolved::new(self.resolver, diag, self.config);
            let renderable = resolved.to_renderable(self.config.context);
            for diag in renderable.diagnostics.iter() {
--- a/crates/ruff_db/src/diagnostic/render/github.rs
+++ b/crates/ruff_db/src/diagnostic/render/github.rs
@@ -49,14 +49,26 @@ impl<'a> GithubRenderer<'a> {
                }
                .unwrap_or_default();

-                write!(
-                    f,
-                    ",line={row},col={column},endLine={end_row},endColumn={end_column}::",
-                    row = start_location.line,
-                    column = start_location.column,
-                    end_row = end_location.line,
-                    end_column = end_location.column,
-                )?;
+                // GitHub Actions workflow commands have constraints on error annotations:
+                // - `col` and `endColumn` cannot be set if `line` and `endLine` are different
+                // See: https://github.com/astral-sh/ruff/issues/22074
+                if start_location.line == end_location.line {
+                    write!(
+                        f,
+                        ",line={row},col={column},endLine={end_row},endColumn={end_column}::",
+                        row = start_location.line,
+                        column = start_location.column,
+                        end_row = end_location.line,
+                        end_column = end_location.column,
+                    )?;
+                } else {
+                    write!(
+                        f,
+                        ",line={row},endLine={end_row}::",
+                        row = start_location.line,
+                        end_row = end_location.line,
+                    )?;
+                }

                write!(
                    f,
@@ -75,7 +87,7 @@ impl<'a> GithubRenderer<'a> {
                write!(f, "{id}:", id = diagnostic.id())?;
            }

-            writeln!(f, " {}", diagnostic.body())?;
+            writeln!(f, " {}", diagnostic.concise_message())?;
        }

        Ok(())
--- a/crates/ruff_db/src/diagnostic/render/gitlab.rs
+++ b/crates/ruff_db/src/diagnostic/render/gitlab.rs
@@ -98,7 +98,7 @@ impl Serialize for SerializedMessages<'_> {
            }
            fingerprints.insert(message_fingerprint);

-            let description = diagnostic.body();
+            let description = diagnostic.concise_message();
            let check_name = diagnostic.secondary_code_or_id();
            let severity = match diagnostic.severity() {
                Severity::Info => "info",
--- a/crates/ruff_db/src/diagnostic/render/json.rs
+++ b/crates/ruff_db/src/diagnostic/render/json.rs
@@ -6,7 +6,7 @@ use ruff_notebook::NotebookIndex;
 use ruff_source_file::{LineColumn, OneIndexed};
 use ruff_text_size::Ranged;

-use crate::diagnostic::{Diagnostic, DiagnosticSource, DisplayDiagnosticConfig};
+use crate::diagnostic::{ConciseMessage, Diagnostic, DiagnosticSource, DisplayDiagnosticConfig};

 use super::FileResolver;

@@ -101,7 +101,7 @@ pub(super) fn diagnostic_to_json<'a>(
        JsonDiagnostic {
            code: diagnostic.secondary_code_or_id(),
            url: diagnostic.documentation_url(),
-            message: diagnostic.body(),
+            message: diagnostic.concise_message(),
            fix,
            cell: notebook_cell_index,
            location: start_location.map(JsonLocation::from),
@@ -113,7 +113,7 @@ pub(super) fn diagnostic_to_json<'a>(
        JsonDiagnostic {
            code: diagnostic.secondary_code_or_id(),
            url: diagnostic.documentation_url(),
-            message: diagnostic.body(),
+            message: diagnostic.concise_message(),
            fix,
            cell: notebook_cell_index,
            location: Some(start_location.unwrap_or_default().into()),
@@ -226,7 +226,7 @@ pub(crate) struct JsonDiagnostic<'a> {
    filename: Option<&'a str>,
    fix: Option<JsonFix<'a>>,
    location: Option<JsonLocation>,
-    message: &'a str,
+    message: ConciseMessage<'a>,
    noqa_row: Option<OneIndexed>,
    url: Option<&'a str>,
 }
--- a/crates/ruff_db/src/diagnostic/render/junit.rs
+++ b/crates/ruff_db/src/diagnostic/render/junit.rs
@@ -56,17 +56,17 @@ impl<'a> JunitRenderer<'a> {
                        start_location: location,
                    } = diagnostic;
                    let mut status = TestCaseStatus::non_success(NonSuccessKind::Failure);
-                    status.set_message(diagnostic.body());
+                    status.set_message(diagnostic.concise_message().to_str());

                    if let Some(location) = location {
                        status.set_description(format!(
                            "line {row}, col {col}, {body}",
                            row = location.line,
                            col = location.column,
-                            body = diagnostic.body()
+                            body = diagnostic.concise_message()
                        ));
                    } else {
-                        status.set_description(diagnostic.body());
+                        status.set_description(diagnostic.concise_message().to_str());
                    }

                    let code = diagnostic
--- a/crates/ruff_db/src/diagnostic/render/pylint.rs
+++ b/crates/ruff_db/src/diagnostic/render/pylint.rs
@@ -55,7 +55,7 @@ impl PylintRenderer<'_> {
                f,
                "{path}:{row}: [{code}] {body}",
                path = filename,
-                body = diagnostic.body()
+                body = diagnostic.concise_message()
            )?;
        }

--- a/crates/ruff_db/src/diagnostic/render/rdjson.rs
+++ b/crates/ruff_db/src/diagnostic/render/rdjson.rs
@@ -5,7 +5,7 @@ use ruff_diagnostics::{Edit, Fix};
 use ruff_source_file::{LineColumn, SourceCode};
 use ruff_text_size::Ranged;

-use crate::diagnostic::Diagnostic;
+use crate::diagnostic::{ConciseMessage, Diagnostic};

 use super::FileResolver;

@@ -76,7 +76,7 @@ fn diagnostic_to_rdjson<'a>(
    let edits = diagnostic.fix().map(Fix::edits).unwrap_or_default();

    RdjsonDiagnostic {
-        message: diagnostic.body(),
+        message: diagnostic.concise_message(),
        location,
        code: RdjsonCode {
            value: diagnostic
@@ -155,7 +155,7 @@ struct RdjsonDiagnostic<'a> {
    code: RdjsonCode<'a>,
    #[serde(skip_serializing_if = "Option::is_none")]
    location: Option<RdjsonLocation<'a>>,
-    message: &'a str,
+    message: ConciseMessage<'a>,
    #[serde(skip_serializing_if = "Vec::is_empty")]
    suggestions: Vec<RdjsonSuggestion<'a>>,
 }
--- a/crates/ruff_db/src/diagnostic/render/snapshots/ruff_dbdiagnosticrendergithubtests__syntax_errors.snap
+++ b/crates/ruff_db/src/diagnostic/render/snapshots/ruff_dbdiagnosticrendergithubtests__syntax_errors.snap
@@ -2,5 +2,5 @@
 source: crates/ruff_db/src/diagnostic/render/github.rs
 expression: env.render_diagnostics(&diagnostics)
 ---
-::error title=ty (invalid-syntax),file=/syntax_errors.py,line=1,col=15,endLine=2,endColumn=1::syntax_errors.py:1:15: invalid-syntax: Expected one or more symbol names after import
-::error title=ty (invalid-syntax),file=/syntax_errors.py,line=3,col=12,endLine=4,endColumn=1::syntax_errors.py:3:12: invalid-syntax: Expected ')', found newline
+::error title=ty (invalid-syntax),file=/syntax_errors.py,line=1,endLine=2::syntax_errors.py:1:15: invalid-syntax: Expected one or more symbol names after import
+::error title=ty (invalid-syntax),file=/syntax_errors.py,line=3,endLine=4::syntax_errors.py:3:12: invalid-syntax: Expected ')', found newline
--- a/crates/ruff_db/src/lib.rs
+++ b/crates/ruff_db/src/lib.rs
@@ -12,6 +12,7 @@ use std::hash::BuildHasherDefault;
 use std::num::NonZeroUsize;
 use ty_static::EnvVars;

+pub mod cancellation;
 pub mod diagnostic;
 pub mod display;
 pub mod file_revision;
--- a/crates/ruff_db/src/system/os.rs
+++ b/crates/ruff_db/src/system/os.rs
@@ -275,16 +275,16 @@ impl OsSystem {
    /// instead of at least one system call for each component between `path` and `prefix`.
    ///
    /// However, using `canonicalize` to resolve the path's casing doesn't work in two cases:
-    /// * if `path` is a symlink because `canonicalize` then returns the symlink's target and not the symlink's source path.
-    /// * on Windows: If `path` is a mapped network drive because `canonicalize` then returns the UNC path
-    ///   (e.g. `Z:\` is mapped to `\\server\share` and `canonicalize` then returns `\\?\UNC\server\share`).
+    /// * if `path` is a symlink, `canonicalize` returns the symlink's target and not the symlink's source path.
+    /// * on Windows: If `path` is a mapped network drive, `canonicalize` returns the UNC path
+    ///   (e.g. `Z:\` is mapped to `\\server\share` and `canonicalize` returns `\\?\UNC\server\share`).
    ///
    /// Symlinks and mapped network drives should be rare enough that this fast path is worth trying first,
    /// even if it comes at a cost for those rare use cases.
    fn path_exists_case_sensitive_fast(&self, path: &SystemPath) -> Option<bool> {
        // This is a more forgiving version of `dunce::simplified` that removes all `\\?\` prefixes on Windows.
        // We use this more forgiving version because we don't intend on using either path for anything other than comparison
-        // and the prefix is only relevant when passing the path to other programs and its longer than 200 something
+        // and the prefix is only relevant when passing the path to other programs and it's longer than 200 something
        // characters.
        fn simplify_ignore_verbatim(path: &SystemPath) -> &SystemPath {
            if cfg!(windows) {
@@ -298,9 +298,7 @@ impl OsSystem {
            }
        }

-        let simplified = simplify_ignore_verbatim(path);
-
-        let Ok(canonicalized) = simplified.as_std_path().canonicalize() else {
+        let Ok(canonicalized) = path.as_std_path().canonicalize() else {
            // The path doesn't exist or can't be accessed. The path doesn't exist.
            return Some(false);
        };
@@ -309,12 +307,13 @@ impl OsSystem {
            // The original path is valid UTF8 but the canonicalized path isn't. This definitely suggests
            // that a symlink is involved. Fall back to the slow path.
            tracing::debug!(
-                "Falling back to the slow case-sensitive path existence check because the canonicalized path of `{simplified}` is not valid UTF-8"
+                "Falling back to the slow case-sensitive path existence check because the canonicalized path of `{path}` is not valid UTF-8"
            );
            return None;
        };

        let simplified_canonicalized = simplify_ignore_verbatim(&canonicalized);
+        let simplified = simplify_ignore_verbatim(path);

        // Test if the paths differ by anything other than casing. If so, that suggests that
        // `path` pointed to a symlink (or some other none reversible path normalization happened).
--- a/crates/ruff_dev/Cargo.toml
+++ b/crates/ruff_dev/Cargo.toml
@@ -11,10 +11,6 @@ repository = { workspace = true }
 license = { workspace = true }

 [dependencies]
-ty = { workspace = true }
-ty_project = { workspace = true, features = ["schemars"] }
-ty_python_semantic = { workspace = true }
-ty_static = { workspace = true }
 ruff = { workspace = true }
 ruff_formatter = { workspace = true }
 ruff_linter = { workspace = true, features = ["schemars"] }
@@ -26,6 +22,10 @@ ruff_python_formatter = { workspace = true }
 ruff_python_parser = { workspace = true }
 ruff_python_trivia = { workspace = true }
 ruff_workspace = { workspace = true, features = ["schemars"] }
+ty = { workspace = true }
+ty_project = { workspace = true, features = ["schemars"] }
+ty_python_semantic = { workspace = true }
+ty_static = { workspace = true }

 anyhow = { workspace = true }
 clap = { workspace = true, features = ["wrap_help"] }
--- a/crates/ruff_dev/src/generate_ty_options.rs
+++ b/crates/ruff_dev/src/generate_ty_options.rs
@@ -1,11 +1,13 @@
 //! Generate a Markdown-compatible listing of configuration options for `pyproject.toml`.

+use std::borrow::Cow;
+use std::{fmt::Write, path::PathBuf};
+
 use anyhow::bail;
 use itertools::Itertools;
 use pretty_assertions::StrComparison;
-use std::{fmt::Write, path::PathBuf};
-
 use ruff_options_metadata::{OptionField, OptionSet, OptionsMetadata, Visit};
+use ruff_python_trivia::textwrap;
 use ty_project::metadata::Options;

 use crate::{
@@ -165,62 +167,69 @@ fn emit_field(output: &mut String, name: &str, field: &OptionField, parents: &[S
    let _ = writeln!(output, "**Default value**: `{}`", field.default);
    output.push('\n');
    let _ = writeln!(output, "**Type**: `{}`", field.value_type);
+
    output.push('\n');
    output.push_str("**Example usage**:\n\n");
-    output.push_str(&format_example(
-        "pyproject.toml",
-        &format_header(
-            field.scope,
-            field.example,
-            parents,
-            ConfigurationFile::PyprojectToml,
-        ),
-        field.example,
-    ));
-    output.push('\n');
-}

-fn format_example(title: &str, header: &str, content: &str) -> String {
-    if header.is_empty() {
-        format!("```toml title=\"{title}\"\n{content}\n```\n",)
-    } else {
-        format!("```toml title=\"{title}\"\n{header}\n{content}\n```\n",)
+    for configuration_file in [ConfigurationFile::PyprojectToml, ConfigurationFile::TyToml] {
+        let (header, example) =
+            format_snippet(field.scope, field.example, parents, configuration_file);
+        output.push_str(&format_tab(configuration_file.name(), &header, &example));
+
+        output.push('\n');
    }
 }

+fn format_tab(tab_name: &str, header: &str, content: &str) -> String {
+    let header = if header.is_empty() {
+        String::new()
+    } else {
+        format!("\n    {header}")
+    };
+    format!(
+        "=== \"{}\"\n\n    ```toml{}\n{}\n    ```\n",
+        tab_name,
+        header,
+        textwrap::indent(content, "    ")
+    )
+}
 /// Format the TOML header for the example usage for a given option.
 ///
-/// For example: `[tool.ruff.format]` or `[tool.ruff.lint.isort]`.
-fn format_header(
+/// For example: `[tool.ty.rules]`.
+fn format_snippet<'a>(
    scope: Option<&str>,
-    example: &str,
+    example: &'a str,
    parents: &[Set],
    configuration: ConfigurationFile,
-) -> String {
-    let tool_parent = match configuration {
-        ConfigurationFile::PyprojectToml => Some("tool.ty"),
-        ConfigurationFile::TyToml => None,
-    };
+) -> (String, Cow<'a, str>) {
+    let mut example = Cow::Borrowed(example);

-    let header = tool_parent
+    let header = configuration
+        .parent_table()
        .into_iter()
        .chain(parents.iter().filter_map(|parent| parent.name()))
        .chain(scope)
        .join(".");

+    // Rewrite examples starting with `[tool.ty]` or `[[tool.ty]]` to their `ty.toml` equivalent.
+    if matches!(configuration, ConfigurationFile::TyToml) {
+        example = example.replace("[tool.ty.", "[").into();
+    }
+
    // Ex) `[[tool.ty.xx]]`
    if example.starts_with(&format!("[[{header}")) {
-        return String::new();
+        return (String::new(), example);
    }
+
    // Ex) `[tool.ty.rules]`
    if example.starts_with(&format!("[{header}")) {
-        return String::new();
+        return (String::new(), example);
    }

    if header.is_empty() {
-        String::new()
+        (String::new(), example)
    } else {
-        format!("[{header}]")
+        (format!("[{header}]"), example)
    }
 }

@@ -243,10 +252,25 @@ impl Visit for CollectOptionsVisitor {
 #[derive(Debug, Copy, Clone)]
 enum ConfigurationFile {
    PyprojectToml,
-    #[expect(dead_code)]
    TyToml,
 }

+impl ConfigurationFile {
+    const fn name(self) -> &'static str {
+        match self {
+            Self::PyprojectToml => "pyproject.toml",
+            Self::TyToml => "ty.toml",
+        }
+    }
+
+    const fn parent_table(self) -> Option<&'static str> {
+        match self {
+            Self::PyprojectToml => Some("tool.ty"),
+            Self::TyToml => None,
+        }
+    }
+}
+
 #[cfg(test)]
 mod tests {
    use anyhow::Result;
--- a/crates/ruff_formatter/Cargo.toml
+++ b/crates/ruff_formatter/Cargo.toml
@@ -10,6 +10,10 @@ documentation = { workspace = true }
 repository = { workspace = true }
 license = { workspace = true }

+[package.metadata.cargo-shear]
+# Used via `CacheKey` macro expansion.
+ignored = ["ruff_cache"]
+
 [dependencies]
 ruff_cache = { workspace = true }
 ruff_macros = { workspace = true }
@@ -25,10 +29,6 @@ unicode-width = { workspace = true }

 [dev-dependencies]

-[package.metadata.cargo-shear]
-# Used via `CacheKey` macro expansion.
-ignored = ["ruff_cache"]
-
 [features]
 serde = ["dep:serde", "ruff_text_size/serde"]
 schemars = ["dep:schemars", "ruff_text_size/schemars"]
--- a/crates/ruff_graph/Cargo.toml
+++ b/crates/ruff_graph/Cargo.toml
@@ -9,6 +9,10 @@ repository.workspace = true
 authors.workspace = true
 license.workspace = true

+[package.metadata.cargo-shear]
+# Used via `CacheKey` macro expansion.
+ignored = ["ruff_cache"]
+
 [dependencies]
 ruff_cache = { workspace = true }
 ruff_db = { workspace = true, features = ["os", "serde"] }
@@ -16,6 +20,7 @@ ruff_linter = { workspace = true }
 ruff_macros = { workspace = true }
 ruff_python_ast = { workspace = true }
 ruff_python_parser = { workspace = true }
+ty_module_resolver = { workspace = true }
 ty_python_semantic = { workspace = true }

 anyhow = { workspace = true }
@@ -28,7 +33,3 @@ zip = { workspace = true, features = [] }

 [lints]
 workspace = true
-
-[package.metadata.cargo-shear]
-# Used via `CacheKey` macro expansion.
-ignored = ["ruff_cache"]
--- a/crates/ruff_graph/src/collector.rs
+++ b/crates/ruff_graph/src/collector.rs
@@ -3,7 +3,7 @@ use ruff_python_ast::visitor::source_order::{
    SourceOrderVisitor, walk_expr, walk_module, walk_stmt,
 };
 use ruff_python_ast::{self as ast, Expr, Mod, Stmt};
-use ty_python_semantic::ModuleName;
+use ty_module_resolver::ModuleName;

 /// Collect all imports for a given Python file.
 #[derive(Default, Debug)]
--- a/crates/ruff_graph/src/db.rs
+++ b/crates/ruff_graph/src/db.rs
@@ -7,10 +7,11 @@ use ruff_db::files::{File, Files};
 use ruff_db::system::{OsSystem, System, SystemPathBuf};
 use ruff_db::vendored::{VendoredFileSystem, VendoredFileSystemBuilder};
 use ruff_python_ast::PythonVersion;
+use ty_module_resolver::{SearchPathSettings, SearchPaths};
 use ty_python_semantic::lint::{LintRegistry, RuleSelection};
 use ty_python_semantic::{
-    Db, Program, ProgramSettings, PythonEnvironment, PythonPlatform, PythonVersionSource,
-    PythonVersionWithSource, SearchPathSettings, SysPrefixPathOrigin, default_lint_registry,
+    AnalysisSettings, Db, Program, ProgramSettings, PythonEnvironment, PythonPlatform,
+    PythonVersionSource, PythonVersionWithSource, SysPrefixPathOrigin, default_lint_registry,
 };

 static EMPTY_VENDORED: std::sync::LazyLock<VendoredFileSystem> = std::sync::LazyLock::new(|| {
@@ -26,6 +27,7 @@ pub struct ModuleDb {
    files: Files,
    system: OsSystem,
    rule_selection: Arc<RuleSelection>,
+    analysis_settings: Arc<AnalysisSettings>,
 }

 impl ModuleDb {
@@ -85,6 +87,13 @@ impl SourceDb for ModuleDb {
    }
 }

+#[salsa::db]
+impl ty_module_resolver::Db for ModuleDb {
+    fn search_paths(&self) -> &SearchPaths {
+        Program::get(self).search_paths(self)
+    }
+}
+
 #[salsa::db]
 impl Db for ModuleDb {
    fn should_check_file(&self, file: File) -> bool {
@@ -102,6 +111,10 @@ impl Db for ModuleDb {
    fn verbose(&self) -> bool {
        false
    }
+
+    fn analysis_settings(&self) -> &AnalysisSettings {
+        &self.analysis_settings
+    }
 }

 #[salsa::db]
--- a/crates/ruff_graph/src/resolver.rs
+++ b/crates/ruff_graph/src/resolver.rs
@@ -1,6 +1,6 @@
 use ruff_db::files::{File, FilePath, system_path_to_file};
 use ruff_db::system::SystemPath;
-use ty_python_semantic::{
+use ty_module_resolver::{
    ModuleName, resolve_module, resolve_module_confident, resolve_real_module,
    resolve_real_module_confident,
 };
--- a/crates/ruff_linter/Cargo.toml
+++ b/crates/ruff_linter/Cargo.toml
@@ -16,17 +16,17 @@ license = { workspace = true }
 ruff_cache = { workspace = true }
 ruff_db = { workspace = true, features = ["junit", "serde"] }
 ruff_diagnostics = { workspace = true, features = ["serde"] }
-ruff_notebook = { workspace = true }
 ruff_macros = { workspace = true }
+ruff_notebook = { workspace = true }
 ruff_python_ast = { workspace = true, features = ["serde", "cache"] }
 ruff_python_codegen = { workspace = true }
 ruff_python_importer = { workspace = true }
 ruff_python_index = { workspace = true }
 ruff_python_literal = { workspace = true }
+ruff_python_parser = { workspace = true }
 ruff_python_semantic = { workspace = true }
 ruff_python_stdlib = { workspace = true }
 ruff_python_trivia = { workspace = true }
-ruff_python_parser = { workspace = true }
 ruff_source_file = { workspace = true, features = ["serde"] }
 ruff_text_size = { workspace = true }

@@ -44,8 +44,8 @@ imperative = { workspace = true }
 is-macro = { workspace = true }
 is-wsl = { workspace = true }
 itertools = { workspace = true }
-libcst = { workspace = true }
 jiff = { workspace = true }
+libcst = { workspace = true }
 log = { workspace = true }
 memchr = { workspace = true }
 natord = { workspace = true }
@@ -67,17 +67,17 @@ strum_macros = { workspace = true }
 thiserror = { workspace = true }
 toml = { workspace = true }
 typed-arena = { workspace = true }
+unicode-normalization = { workspace = true }
 unicode-width = { workspace = true }
 unicode_names2 = { workspace = true }
-unicode-normalization = { workspace = true }
 url = { workspace = true }

 [dev-dependencies]
-insta = { workspace = true, features = ["filters", "json", "redactions"] }
-test-case = { workspace = true }
 # Disable colored output in tests
 colored = { workspace = true, features = ["no-color"] }
+insta = { workspace = true, features = ["filters", "json", "redactions"] }
 tempfile = { workspace = true }
+test-case = { workspace = true }

 [features]
 default = []
--- a/crates/ruff_linter/resources/test/fixtures/airflow/AIR303.py
+++ b/crates/ruff_linter/resources/test/fixtures/airflow/AIR303.py
@@ -0,0 +1,31 @@
+from __future__ import annotations
+
+from airflow.lineage.hook import HookLineageCollector
+
+# airflow.lineage.hook
+hlc = HookLineageCollector()
+hlc.create_asset("there")
+hlc.create_asset("should", "be", "no", "posarg")
+hlc.create_asset(name="but", uri="kwargs are ok")
+hlc.create_asset()
+
+HookLineageCollector().create_asset(name="but", uri="kwargs are ok")
+HookLineageCollector().create_asset("there")
+HookLineageCollector().create_asset("should", "be", "no", "posarg")
+
+args = ["uri_value"]
+hlc.create_asset(*args)
+HookLineageCollector().create_asset(*args)
+
+# Literal unpacking
+hlc.create_asset(*["literal_uri"])
+HookLineageCollector().create_asset(*["literal_uri"])
+
+# starred args with keyword args
+hlc.create_asset(*args, extra="value")
+HookLineageCollector().create_asset(*args, extra="value")
+
+# Double-starred keyword arguments
+kwargs = {"uri": "value", "name": "test"}
+hlc.create_asset(**kwargs)
+HookLineageCollector().create_asset(**kwargs)
--- a/crates/ruff_linter/resources/test/fixtures/flake8_unused_arguments/ARG.py
+++ b/crates/ruff_linter/resources/test/fixtures/flake8_unused_arguments/ARG.py
@@ -1,5 +1,5 @@
 from abc import abstractmethod
-from typing import overload, cast
+from typing import overload, cast, TypeVar
 from typing_extensions import override


@@ -256,3 +256,15 @@ class C:
        """Docstring."""
        msg = t"{x}..."
        raise NotImplementedError(msg)
+    
+
+###
+# Unused arguments with `**kwargs`.
+###
+
+def f(
+    default: object = None,  # noqa: ARG001
+    **kwargs: object,
+) -> None:
+    TypeVar(**kwargs)
+
--- a/crates/ruff_linter/resources/test/fixtures/pylint/dict_index_missing_items.py
+++ b/crates/ruff_linter/resources/test/fixtures/pylint/dict_index_missing_items.py
@@ -53,3 +53,25 @@ for i in items:
 items = [1, 2, 3, 4]
 for i in items:
    items[i]
+
+
+# A case with multiple uses of the value to show off the secondary annotations
+for instrument in ORCHESTRA:
+    data = json.dumps(
+        {
+            "instrument": instrument,
+            "section": ORCHESTRA[instrument],
+        }
+    )
+
+    print(f"saving data for {instrument} in {ORCHESTRA[instrument]}")
+
+    with open(f"{instrument}/{ORCHESTRA[instrument]}.txt", "w") as f:
+        f.write(data)
+
+
+# This should still suppress the error
+for (  # noqa: PLC0206
+    instrument
+) in ORCHESTRA:
+    print(f"{instrument}: {ORCHESTRA[instrument]}")
--- a/crates/ruff_linter/resources/test/fixtures/pylint/repeated_equality_comparison.py
+++ b/crates/ruff_linter/resources/test/fixtures/pylint/repeated_equality_comparison.py
@@ -73,3 +73,7 @@ foo == 1 or foo == 1.0 # Different types, same hashed value
 foo == False or foo == 0 # Different types, same hashed value

 foo == 0.0 or foo == 0j # Different types, same hashed value
+
+foo == "bar" or foo == "bar" # All members identical
+
+foo == "bar" or foo == "bar" or foo == "buzz" # All but one members identical
--- a/crates/ruff_linter/resources/test/fixtures/ruff/RUF067/modules/init.py
+++ b/crates/ruff_linter/resources/test/fixtures/ruff/RUF067/modules/init.py
@@ -0,0 +1,51 @@
+"""This is the module docstring."""
+
+# convenience imports:
+import os
+from pathlib import Path
+
+__all__ = ["MY_CONSTANT"]
+__all__ += ["foo"]
+__all__: list[str] = __all__
+__all__ = __all__ = __all__
+
+MY_CONSTANT = 5
+"""This is an important constant."""
+
+os.environ["FOO"] = 1
+
+
+def foo():
+    return Path("foo.py")
+
+def __getattr__(name):  # ok
+    return name
+
+__path__ = __import__('pkgutil').extend_path(__path__, __name__)  # ok
+
+if os.environ["FOO"] != "1":  # RUF067
+    MY_CONSTANT = 4  # ok, don't flag nested statements
+
+if TYPE_CHECKING:  # ok
+    MY_CONSTANT = 3
+
+import typing
+
+if typing.TYPE_CHECKING: # ok
+    MY_CONSTANT = 2
+
+__version__ = "1.2.3"  # ok
+
+def __dir__():  # ok
+    return ["foo"]
+
+import pkgutil
+
+__path__ = pkgutil.extend_path(__path__, __name__)  # ok
+__path__ = unknown.extend_path(__path__, __name__)  # also ok
+
+# non-`extend_path` assignments are not allowed
+__path__ = 5  # RUF067
+
+# also allow `__author__`
+__author__ = "The Author"  # ok
--- a/crates/ruff_linter/resources/test/fixtures/ruff/RUF067/modules/okay.py
+++ b/crates/ruff_linter/resources/test/fixtures/ruff/RUF067/modules/okay.py
@@ -0,0 +1,54 @@
+"""
+The code here is not in an `__init__.py` file and should not trigger the
+lint.
+"""
+
+# convenience imports:
+import os
+from pathlib import Path
+
+__all__ = ["MY_CONSTANT"]
+__all__ += ["foo"]
+__all__: list[str] = __all__
+__all__ = __all__ = __all__
+
+MY_CONSTANT = 5
+"""This is an important constant."""
+
+os.environ["FOO"] = 1
+
+
+def foo():
+    return Path("foo.py")
+
+def __getattr__(name):  # ok
+    return name
+
+__path__ = __import__('pkgutil').extend_path(__path__, __name__)  # ok
+
+if os.environ["FOO"] != "1":  # RUF067
+    MY_CONSTANT = 4  # ok, don't flag nested statements
+
+if TYPE_CHECKING:  # ok
+    MY_CONSTANT = 3
+
+import typing
+
+if typing.TYPE_CHECKING: # ok
+    MY_CONSTANT = 2
+
+__version__ = "1.2.3"  # ok
+
+def __dir__():  # ok
+    return ["foo"]
+
+import pkgutil
+
+__path__ = pkgutil.extend_path(__path__, __name__)  # ok
+__path__ = unknown.extend_path(__path__, __name__)  # also ok
+
+# non-`extend_path` assignments are not allowed
+__path__ = 5  # RUF067
+
+# also allow `__author__`
+__author__ = "The Author"  # ok
--- a/crates/ruff_linter/src/checkers/ast/analyze/expression.rs
+++ b/crates/ruff_linter/src/checkers/ast/analyze/expression.rs
@@ -1043,7 +1043,7 @@ pub(crate) fn expression(expr: &Expr, checker: &Checker) {
            ]) && flake8_gettext::is_gettext_func_call(
                checker,
                func,
-                &checker.settings().flake8_gettext.functions_names,
+                &checker.settings().flake8_gettext.function_names,
            ) {
                if checker.is_rule_enabled(Rule::FStringInGetTextFuncCall) {
                    flake8_gettext::rules::f_string_in_gettext_func_call(checker, args);
@@ -1278,6 +1278,9 @@ pub(crate) fn expression(expr: &Expr, checker: &Checker) {
            if checker.is_rule_enabled(Rule::Airflow3SuggestedUpdate) {
                airflow::rules::airflow_3_0_suggested_update_expr(checker, expr);
            }
+            if checker.is_rule_enabled(Rule::Airflow3IncompatibleFunctionSignature) {
+                airflow::rules::airflow_3_incompatible_function_signature(checker, expr);
+            }
            if checker.is_rule_enabled(Rule::UnnecessaryCastToInt) {
                ruff::rules::unnecessary_cast_to_int(checker, call);
            }
--- a/crates/ruff_linter/src/checkers/ast/analyze/statement.rs
+++ b/crates/ruff_linter/src/checkers/ast/analyze/statement.rs
@@ -1630,4 +1630,7 @@ pub(crate) fn statement(stmt: &Stmt, checker: &mut Checker) {
        }
        _ => {}
    }
+    if checker.is_rule_enabled(Rule::NonEmptyInitModule) {
+        ruff::rules::non_empty_init_module(checker, stmt);
+    }
 }
--- a/crates/ruff_linter/src/checkers/ast/analyze/unresolved_references.rs
+++ b/crates/ruff_linter/src/checkers/ast/analyze/unresolved_references.rs
@@ -33,7 +33,7 @@ pub(crate) fn unresolved_references(checker: &Checker) {
                }

                // Allow __path__.
-                if checker.path.ends_with("__init__.py") {
+                if checker.in_init_module() {
                    if reference.name(checker.source()) == "__path__" {
                        continue;
                    }
--- a/crates/ruff_linter/src/checkers/ast/mod.rs
+++ b/crates/ruff_linter/src/checkers/ast/mod.rs
@@ -21,7 +21,7 @@
 //! represents the lint-rule analysis phase. In the future, these steps may be separated into
 //! distinct passes over the AST.

-use std::cell::RefCell;
+use std::cell::{OnceCell, RefCell};
 use std::path::Path;

 use itertools::Itertools;
@@ -198,6 +198,8 @@ pub(crate) struct Checker<'a> {
    parsed_type_annotation: Option<&'a ParsedAnnotation>,
    /// The [`Path`] to the file under analysis.
    path: &'a Path,
+    /// Whether `path` points to an `__init__.py` file.
+    in_init_module: OnceCell<bool>,
    /// The [`Path`] to the package containing the current file.
    package: Option<PackageRoot<'a>>,
    /// The module representation of the current file (e.g., `foo.bar`).
@@ -274,6 +276,7 @@ impl<'a> Checker<'a> {
            noqa_line_for,
            noqa,
            path,
+            in_init_module: OnceCell::new(),
            package,
            module,
            source_type,
@@ -482,9 +485,11 @@ impl<'a> Checker<'a> {
        self.context.settings
    }

-    /// The [`Path`] to the file under analysis.
-    pub(crate) const fn path(&self) -> &'a Path {
-        self.path
+    /// Returns whether the file under analysis is an `__init__.py` file.
+    pub(crate) fn in_init_module(&self) -> bool {
+        *self
+            .in_init_module
+            .get_or_init(|| self.path.ends_with("__init__.py"))
    }

    /// The [`Path`] to the package containing the current file.
@@ -1873,6 +1878,9 @@ impl<'a> Visitor<'a> for Checker<'a> {
                                } else {
                                    self.visit_non_type_definition(value);
                                }
+                            } else {
+                                // Ex: typing.TypeVar(**kwargs)
+                                self.visit_non_type_definition(value);
                            }
                        }
                    }
@@ -3171,7 +3179,7 @@ impl<'a> Checker<'a> {
                        // F822
                        if self.is_rule_enabled(Rule::UndefinedExport) {
                            if is_undefined_export_in_dunder_init_enabled(self.settings())
-                                || !self.path.ends_with("__init__.py")
+                                || !self.in_init_module()
                            {
                                self.report_diagnostic(
                                    pyflakes::rules::UndefinedExport {
--- a/crates/ruff_linter/src/codes.rs
+++ b/crates/ruff_linter/src/codes.rs
@@ -1060,6 +1060,7 @@ pub fn code_to_rule(linter: Linter, code: &str) -> Option<(RuleGroup, Rule)> {
        (Ruff, "064") => rules::ruff::rules::NonOctalPermissions,
        (Ruff, "065") => rules::ruff::rules::LoggingEagerConversion,
        (Ruff, "066") => rules::ruff::rules::PropertyWithoutReturn,
+        (Ruff, "067") => rules::ruff::rules::NonEmptyInitModule,

        (Ruff, "100") => rules::ruff::rules::UnusedNOQA,
        (Ruff, "101") => rules::ruff::rules::RedirectedNOQA,
@@ -1123,6 +1124,7 @@ pub fn code_to_rule(linter: Linter, code: &str) -> Option<(RuleGroup, Rule)> {
        (Airflow, "002") => rules::airflow::rules::AirflowDagNoScheduleArgument,
        (Airflow, "301") => rules::airflow::rules::Airflow3Removal,
        (Airflow, "302") => rules::airflow::rules::Airflow3MovedToProvider,
+        (Airflow, "303") => rules::airflow::rules::Airflow3IncompatibleFunctionSignature,
        (Airflow, "311") => rules::airflow::rules::Airflow3SuggestedUpdate,
        (Airflow, "312") => rules::airflow::rules::Airflow3SuggestedToMoveToProvider,

--- a/crates/ruff_linter/src/message/grouped.rs
+++ b/crates/ruff_linter/src/message/grouped.rs
@@ -197,7 +197,7 @@ impl Display for RuleCodeAndBody<'_> {
                        f,
                        "{fix}{body}",
                        fix = format_args!("[{}] ", "*".cyan()),
-                        body = self.message.body(),
+                        body = self.message.concise_message(),
                    );
                }
            }
@@ -208,14 +208,14 @@ impl Display for RuleCodeAndBody<'_> {
                f,
                "{code} {body}",
                code = code.red().bold(),
-                body = self.message.body(),
+                body = self.message.concise_message(),
            )
        } else {
            write!(
                f,
                "{code}: {body}",
                code = self.message.id().as_str().red().bold(),
-                body = self.message.body(),
+                body = self.message.concise_message(),
            )
        }
    }
--- a/crates/ruff_linter/src/message/sarif.rs
+++ b/crates/ruff_linter/src/message/sarif.rs
@@ -18,7 +18,7 @@ use crate::registry::{Linter, RuleNamespace};
 /// An emitter for producing SARIF 2.1.0-compliant JSON output.
 ///
 /// Static Analysis Results Interchange Format (SARIF) is a standard format
-/// for static analysis results. For full specfification, see:
+/// for static analysis results. For full specification, see:
 /// [SARIF 2.1.0](https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html)
 pub struct SarifEmitter;

@@ -334,7 +334,7 @@ impl<'a> SarifResult<'a> {
            rule_id: RuleCode::from(diagnostic),
            level: "error".to_string(),
            message: SarifMessage {
-                text: diagnostic.body().to_string(),
+                text: diagnostic.concise_message().to_string(),
            },
            fixes: Self::fix(diagnostic, &uri).into_iter().collect(),
            locations: vec![SarifLocation {
--- a/crates/ruff_linter/src/rules/airflow/helpers.rs
+++ b/crates/ruff_linter/src/rules/airflow/helpers.rs
@@ -188,7 +188,7 @@ pub(crate) fn match_head(value: &Expr) -> Option<&ExprName> {

 /// Return the [`Fix`] that imports the new name and updates where the import is referenced.
 /// This is used for cases that member name has changed.
-/// (e.g., `airflow.datasts.Dataset` to `airflow.sdk.Asset`)
+/// (e.g., `airflow.datasets.Dataset` to `airflow.sdk.Asset`)
 pub(crate) fn generate_import_edit(
    expr: &Expr,
    checker: &Checker,
--- a/crates/ruff_linter/src/rules/airflow/mod.rs
+++ b/crates/ruff_linter/src/rules/airflow/mod.rs
@@ -47,6 +47,7 @@ mod tests {
    #[test_case(Rule::Airflow3MovedToProvider, Path::new("AIR302_zendesk.py"))]
    #[test_case(Rule::Airflow3MovedToProvider, Path::new("AIR302_standard.py"))]
    #[test_case(Rule::Airflow3MovedToProvider, Path::new("AIR302_try.py"))]
+    #[test_case(Rule::Airflow3IncompatibleFunctionSignature, Path::new("AIR303.py"))]
    #[test_case(Rule::Airflow3SuggestedUpdate, Path::new("AIR311_args.py"))]
    #[test_case(Rule::Airflow3SuggestedUpdate, Path::new("AIR311_names.py"))]
    #[test_case(Rule::Airflow3SuggestedUpdate, Path::new("AIR311_try.py"))]
--- a/crates/ruff_linter/src/rules/airflow/rules/function_signature_change_in_3.rs
+++ b/crates/ruff_linter/src/rules/airflow/rules/function_signature_change_in_3.rs
@@ -0,0 +1,128 @@
+use crate::checkers::ast::Checker;
+use crate::{FixAvailability, Violation};
+use ruff_macros::{ViolationMetadata, derive_message_formats};
+use ruff_python_ast::name::QualifiedName;
+use ruff_python_ast::{Arguments, Expr, ExprAttribute, ExprCall, Identifier};
+use ruff_python_semantic::Modules;
+use ruff_python_semantic::analyze::typing;
+use ruff_text_size::Ranged;
+
+/// ## What it does
+/// Checks for Airflow function calls that will raise a runtime error in Airflow 3.0
+/// due to function signature changes, such as functions that changed to accept only
+/// keyword arguments, parameter reordering, or parameter type changes.
+///
+/// ## Why is this bad?
+/// Airflow 3.0 introduces changes to function signatures. Code that
+/// worked in Airflow 2.x will raise a runtime error if not updated in Airflow
+/// 3.0.
+///
+/// ## Example
+/// ```python
+/// from airflow.lineage.hook import HookLineageCollector
+///
+/// collector = HookLineageCollector()
+/// # Passing positional arguments will raise a runtime error in Airflow 3.0
+/// collector.create_asset("s3://bucket/key")
+/// ```
+///
+/// Use instead:
+/// ```python
+/// from airflow.lineage.hook import HookLineageCollector
+///
+/// collector = HookLineageCollector()
+/// # Passing arguments as keyword arguments instead of positional arguments
+/// collector.create_asset(uri="s3://bucket/key")
+/// ```
+#[derive(ViolationMetadata)]
+#[violation_metadata(preview_since = "0.14.11")]
+pub(crate) struct Airflow3IncompatibleFunctionSignature {
+    function_name: String,
+    change_type: FunctionSignatureChangeType,
+}
+
+impl Violation for Airflow3IncompatibleFunctionSignature {
+    const FIX_AVAILABILITY: FixAvailability = FixAvailability::None;
+
+    #[derive_message_formats]
+    fn message(&self) -> String {
+        let Airflow3IncompatibleFunctionSignature {
+            function_name,
+            change_type,
+        } = self;
+        match change_type {
+            FunctionSignatureChangeType::KeywordOnly { .. } => {
+                format!("`{function_name}` signature is changed in Airflow 3.0")
+            }
+        }
+    }
+
+    fn fix_title(&self) -> Option<String> {
+        let Airflow3IncompatibleFunctionSignature { change_type, .. } = self;
+        match change_type {
+            FunctionSignatureChangeType::KeywordOnly { message } => Some(message.to_string()),
+        }
+    }
+}
+
+/// AIR303
+pub(crate) fn airflow_3_incompatible_function_signature(checker: &Checker, expr: &Expr) {
+    if !checker.semantic().seen_module(Modules::AIRFLOW) {
+        return;
+    }
+
+    let Expr::Call(ExprCall {
+        func, arguments, ..
+    }) = expr
+    else {
+        return;
+    };
+
+    let Expr::Attribute(ExprAttribute { attr, value, .. }) = func.as_ref() else {
+        return;
+    };
+
+    // Resolve the qualified name: try variable assignments first, then fall back to direct
+    // constructor calls.
+    let qualified_name = typing::resolve_assignment(value, checker.semantic()).or_else(|| {
+        value
+            .as_call_expr()
+            .and_then(|call| checker.semantic().resolve_qualified_name(&call.func))
+    });
+
+    let Some(qualified_name) = qualified_name else {
+        return;
+    };
+
+    check_keyword_only_method(checker, &qualified_name, attr, arguments);
+}
+
+fn check_keyword_only_method(
+    checker: &Checker,
+    qualified_name: &QualifiedName,
+    attr: &Identifier,
+    arguments: &Arguments,
+) {
+    let has_positional_args =
+        arguments.find_positional(0).is_some() || arguments.args.iter().any(Expr::is_starred_expr);
+
+    if let ["airflow", "lineage", "hook", "HookLineageCollector"] = qualified_name.segments() {
+        if attr.as_str() == "create_asset" && has_positional_args {
+            checker.report_diagnostic(
+                Airflow3IncompatibleFunctionSignature {
+                    function_name: attr.to_string(),
+                    change_type: FunctionSignatureChangeType::KeywordOnly {
+                        message: "Pass positional arguments as keyword arguments (e.g., `create_asset(uri=...)`)",
+                    },
+                },
+                attr.range(),
+            );
+        }
+    }
+}
+
+#[derive(Clone, Debug, Eq, PartialEq)]
+pub(crate) enum FunctionSignatureChangeType {
+    /// Function signature changed to only accept keyword arguments.
+    KeywordOnly { message: &'static str },
+}
--- a/crates/ruff_linter/src/rules/airflow/rules/mod.rs
+++ b/crates/ruff_linter/src/rules/airflow/rules/mod.rs
@@ -1,4 +1,5 @@
 pub(crate) use dag_schedule_argument::*;
+pub(crate) use function_signature_change_in_3::*;
 pub(crate) use moved_to_provider_in_3::*;
 pub(crate) use removal_in_3::*;
 pub(crate) use suggested_to_move_to_provider_in_3::*;
@@ -6,6 +7,7 @@ pub(crate) use suggested_to_update_3_0::*;
 pub(crate) use task_variable_name::*;

 mod dag_schedule_argument;
+mod function_signature_change_in_3;
 mod moved_to_provider_in_3;
 mod removal_in_3;
 mod suggested_to_move_to_provider_in_3;
--- a/crates/ruff_linter/src/rules/airflow/snapshots/ruff_linterrulesairflowtestsAIR303_AIR303.py.snap
+++ b/crates/ruff_linter/src/rules/airflow/snapshots/ruff_linterrulesairflowtestsAIR303_AIR303.py.snap
@@ -0,0 +1,114 @@
+---
+source: crates/ruff_linter/src/rules/airflow/mod.rs
+---
+AIR303 `create_asset` signature is changed in Airflow 3.0
+ --> AIR303.py:7:5
+  |
+5 | # airflow.lineage.hook
+6 | hlc = HookLineageCollector()
+7 | hlc.create_asset("there")
+  |     ^^^^^^^^^^^^
+8 | hlc.create_asset("should", "be", "no", "posarg")
+9 | hlc.create_asset(name="but", uri="kwargs are ok")
+  |
+help: Pass positional arguments as keyword arguments (e.g., `create_asset(uri=...)`)
+
+AIR303 `create_asset` signature is changed in Airflow 3.0
+  --> AIR303.py:8:5
+   |
+ 6 | hlc = HookLineageCollector()
+ 7 | hlc.create_asset("there")
+ 8 | hlc.create_asset("should", "be", "no", "posarg")
+   |     ^^^^^^^^^^^^
+ 9 | hlc.create_asset(name="but", uri="kwargs are ok")
+10 | hlc.create_asset()
+   |
+help: Pass positional arguments as keyword arguments (e.g., `create_asset(uri=...)`)
+
+AIR303 `create_asset` signature is changed in Airflow 3.0
+  --> AIR303.py:13:24
+   |
+12 | HookLineageCollector().create_asset(name="but", uri="kwargs are ok")
+13 | HookLineageCollector().create_asset("there")
+   |                        ^^^^^^^^^^^^
+14 | HookLineageCollector().create_asset("should", "be", "no", "posarg")
+   |
+help: Pass positional arguments as keyword arguments (e.g., `create_asset(uri=...)`)
+
+AIR303 `create_asset` signature is changed in Airflow 3.0
+  --> AIR303.py:14:24
+   |
+12 | HookLineageCollector().create_asset(name="but", uri="kwargs are ok")
+13 | HookLineageCollector().create_asset("there")
+14 | HookLineageCollector().create_asset("should", "be", "no", "posarg")
+   |                        ^^^^^^^^^^^^
+15 |
+16 | args = ["uri_value"]
+   |
+help: Pass positional arguments as keyword arguments (e.g., `create_asset(uri=...)`)
+
+AIR303 `create_asset` signature is changed in Airflow 3.0
+  --> AIR303.py:17:5
+   |
+16 | args = ["uri_value"]
+17 | hlc.create_asset(*args)
+   |     ^^^^^^^^^^^^
+18 | HookLineageCollector().create_asset(*args)
+   |
+help: Pass positional arguments as keyword arguments (e.g., `create_asset(uri=...)`)
+
+AIR303 `create_asset` signature is changed in Airflow 3.0
+  --> AIR303.py:18:24
+   |
+16 | args = ["uri_value"]
+17 | hlc.create_asset(*args)
+18 | HookLineageCollector().create_asset(*args)
+   |                        ^^^^^^^^^^^^
+19 |
+20 | # Literal unpacking
+   |
+help: Pass positional arguments as keyword arguments (e.g., `create_asset(uri=...)`)
+
+AIR303 `create_asset` signature is changed in Airflow 3.0
+  --> AIR303.py:21:5
+   |
+20 | # Literal unpacking
+21 | hlc.create_asset(*["literal_uri"])
+   |     ^^^^^^^^^^^^
+22 | HookLineageCollector().create_asset(*["literal_uri"])
+   |
+help: Pass positional arguments as keyword arguments (e.g., `create_asset(uri=...)`)
+
+AIR303 `create_asset` signature is changed in Airflow 3.0
+  --> AIR303.py:22:24
+   |
+20 | # Literal unpacking
+21 | hlc.create_asset(*["literal_uri"])
+22 | HookLineageCollector().create_asset(*["literal_uri"])
+   |                        ^^^^^^^^^^^^
+23 |
+24 | # starred args with keyword args
+   |
+help: Pass positional arguments as keyword arguments (e.g., `create_asset(uri=...)`)
+
+AIR303 `create_asset` signature is changed in Airflow 3.0
+  --> AIR303.py:25:5
+   |
+24 | # starred args with keyword args
+25 | hlc.create_asset(*args, extra="value")
+   |     ^^^^^^^^^^^^
+26 | HookLineageCollector().create_asset(*args, extra="value")
+   |
+help: Pass positional arguments as keyword arguments (e.g., `create_asset(uri=...)`)
+
+AIR303 `create_asset` signature is changed in Airflow 3.0
+  --> AIR303.py:26:24
+   |
+24 | # starred args with keyword args
+25 | hlc.create_asset(*args, extra="value")
+26 | HookLineageCollector().create_asset(*args, extra="value")
+   |                        ^^^^^^^^^^^^
+27 |
+28 | # Double-starred keyword arguments
+   |
+help: Pass positional arguments as keyword arguments (e.g., `create_asset(uri=...)`)
--- a/crates/ruff_linter/src/rules/flake8_annotations/rules/definition.rs
+++ b/crates/ruff_linter/src/rules/flake8_annotations/rules/definition.rs
@@ -351,6 +351,10 @@ impl Violation for MissingReturnTypePrivateFunction {
 ///     def __init__(self, x: int) -> None:
 ///         self.x = x
 /// ```
+///
+/// ## Options
+///
+/// - `lint.flake8-annotations.mypy-init-return`
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.105")]
 pub(crate) struct MissingReturnTypeSpecialMethod {
@@ -399,6 +403,10 @@ impl Violation for MissingReturnTypeSpecialMethod {
 ///     def bar() -> int:
 ///         return 1
 /// ```
+///
+/// ## Options
+///
+/// - `lint.flake8-annotations.suppress-none-returning`
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.105")]
 pub(crate) struct MissingReturnTypeStaticMethod {
@@ -447,6 +455,10 @@ impl Violation for MissingReturnTypeStaticMethod {
 ///     def bar(cls) -> int:
 ///         return 1
 /// ```
+///
+/// ## Options
+///
+/// - `lint.flake8-annotations.suppress-none-returning`
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.105")]
 pub(crate) struct MissingReturnTypeClassMethod {
--- a/crates/ruff_linter/src/rules/flake8_blind_except/rules/blind_except.rs
+++ b/crates/ruff_linter/src/rules/flake8_blind_except/rules/blind_except.rs
@@ -58,6 +58,10 @@ use crate::checkers::ast::Checker;
 ///     logging.exception("Something went wrong")
 /// ```
 ///
+/// ## Options
+///
+/// - `lint.logger-objects`
+///
 /// ## References
 /// - [Python documentation: The `try` statement](https://docs.python.org/3/reference/compound_stmts.html#the-try-statement)
 /// - [Python documentation: Exception hierarchy](https://docs.python.org/3/library/exceptions.html#exception-hierarchy)
--- a/crates/ruff_linter/src/rules/flake8_boolean_trap/helpers.rs
+++ b/crates/ruff_linter/src/rules/flake8_boolean_trap/helpers.rs
@@ -1,6 +1,8 @@
+use ruff_db::diagnostic::Diagnostic;
 use ruff_python_ast::name::QualifiedName;
 use ruff_python_ast::{self as ast, Expr};
 use ruff_python_semantic::SemanticModel;
+use ruff_python_semantic::analyze::function_type::is_subject_to_liskov_substitution_principle;

 use crate::checkers::ast::Checker;
 use crate::settings::LinterSettings;
@@ -191,3 +193,27 @@ pub(super) fn allow_boolean_trap(call: &ast::ExprCall, checker: &Checker) -> boo

    false
 }
+
+pub(super) fn add_liskov_substitution_principle_help(
+    diagnostic: &mut Diagnostic,
+    function_name: &str,
+    decorator_list: &[ast::Decorator],
+    checker: &Checker,
+) {
+    let semantic = checker.semantic();
+    let parent_scope = semantic.current_scope();
+    let pep8_settings = &checker.settings().pep8_naming;
+    if is_subject_to_liskov_substitution_principle(
+        function_name,
+        decorator_list,
+        parent_scope,
+        semantic,
+        &pep8_settings.classmethod_decorators,
+        &pep8_settings.staticmethod_decorators,
+    ) {
+        diagnostic.help(
+            "Consider adding `@typing.override` if changing the function signature \
+                would violate the Liskov Substitution Principle",
+        );
+    }
+}
--- a/crates/ruff_linter/src/rules/flake8_boolean_trap/rules/boolean_default_value_positional_argument.rs
+++ b/crates/ruff_linter/src/rules/flake8_boolean_trap/rules/boolean_default_value_positional_argument.rs
@@ -6,7 +6,9 @@ use ruff_python_semantic::analyze::visibility;

 use crate::Violation;
 use crate::checkers::ast::Checker;
-use crate::rules::flake8_boolean_trap::helpers::is_allowed_func_def;
+use crate::rules::flake8_boolean_trap::helpers::{
+    add_liskov_substitution_principle_help, is_allowed_func_def,
+};

 /// ## What it does
 /// Checks for the use of boolean positional arguments in function definitions,
@@ -139,7 +141,9 @@ pub(crate) fn boolean_default_value_positional_argument(
                return;
            }

-            checker.report_diagnostic(BooleanDefaultValuePositionalArgument, param.identifier());
+            let mut diagnostic = checker
+                .report_diagnostic(BooleanDefaultValuePositionalArgument, param.identifier());
+            add_liskov_substitution_principle_help(&mut diagnostic, name, decorator_list, checker);
        }
    }
 }
--- a/crates/ruff_linter/src/rules/flake8_boolean_trap/rules/boolean_type_hint_positional_argument.rs
+++ b/crates/ruff_linter/src/rules/flake8_boolean_trap/rules/boolean_type_hint_positional_argument.rs
@@ -7,7 +7,9 @@ use ruff_python_semantic::analyze::visibility;

 use crate::Violation;
 use crate::checkers::ast::Checker;
-use crate::rules::flake8_boolean_trap::helpers::is_allowed_func_def;
+use crate::rules::flake8_boolean_trap::helpers::{
+    add_liskov_substitution_principle_help, is_allowed_func_def,
+};

 /// ## What it does
 /// Checks for the use of boolean positional arguments in function definitions,
@@ -149,7 +151,10 @@ pub(crate) fn boolean_type_hint_positional_argument(
            return;
        }

-        checker.report_diagnostic(BooleanTypeHintPositionalArgument, parameter.identifier());
+        let mut diagnostic =
+            checker.report_diagnostic(BooleanTypeHintPositionalArgument, parameter.identifier());
+
+        add_liskov_substitution_principle_help(&mut diagnostic, name, decorator_list, checker);
    }
 }

--- a/crates/ruff_linter/src/rules/flake8_boolean_trap/snapshots/ruff_linterrulesflake8_boolean_traptestsFBT001_FBT.py.snap
+++ b/crates/ruff_linter/src/rules/flake8_boolean_trap/snapshots/ruff_linterrulesflake8_boolean_traptestsFBT001_FBT.py.snap
@@ -97,6 +97,7 @@ FBT001 Boolean-typed positional argument in function definition
   |                   ^^^^^
 91 |         pass
   |
+help: Consider adding `@typing.override` if changing the function signature would violate the Liskov Substitution Principle

 FBT001 Boolean-typed positional argument in function definition
   --> FBT.py:100:10
--- a/crates/ruff_linter/src/rules/flake8_bugbear/rules/cached_instance_method.rs
+++ b/crates/ruff_linter/src/rules/flake8_bugbear/rules/cached_instance_method.rs
@@ -58,6 +58,14 @@ use crate::checkers::ast::Checker;
 ///         return square(self.value)
 /// ```
 ///
+/// ## Options
+///
+/// This rule only applies to regular methods, not static or class methods. You can customize how
+/// Ruff categorizes methods with the following options:
+///
+/// - `lint.pep8-naming.classmethod-decorators`
+/// - `lint.pep8-naming.staticmethod-decorators`
+///
 /// ## References
 /// - [Python documentation: `functools.lru_cache`](https://docs.python.org/3/library/functools.html#functools.lru_cache)
 /// - [Python documentation: `functools.cache`](https://docs.python.org/3/library/functools.html#functools.cache)
--- a/crates/ruff_linter/src/rules/flake8_bugbear/rules/unused_loop_control_variable.rs
+++ b/crates/ruff_linter/src/rules/flake8_bugbear/rules/unused_loop_control_variable.rs
@@ -32,6 +32,10 @@ use crate::{Edit, Fix, FixAvailability, Violation};
 ///     bar(i)
 /// ```
 ///
+/// ## Options
+///
+/// - `lint.dummy-variable-rgx`
+///
 /// ## References
 /// - [PEP 8: Naming Conventions](https://peps.python.org/pep-0008/#naming-conventions)
 #[derive(ViolationMetadata)]
--- a/crates/ruff_linter/src/rules/flake8_errmsg/rules/string_in_exception.rs
+++ b/crates/ruff_linter/src/rules/flake8_errmsg/rules/string_in_exception.rs
@@ -47,6 +47,10 @@ use crate::{Edit, Fix, FixAvailability, Violation};
 ///     raise RuntimeError(msg)
 /// RuntimeError: 'Some value' is incorrect
 /// ```
+///
+/// ## Options
+///
+/// - `lint.flake8-errmsg.max-string-length`
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.183")]
 pub(crate) struct RawStringInException;
--- a/crates/ruff_linter/src/rules/flake8_gettext/rules/f_string_in_gettext_func_call.rs
+++ b/crates/ruff_linter/src/rules/flake8_gettext/rules/f_string_in_gettext_func_call.rs
@@ -38,6 +38,10 @@ use crate::checkers::ast::Checker;
 /// _("Hello, %s!") % name  # Looks for "Hello, %s!".
 /// ```
 ///
+/// ## Options
+///
+/// - `lint.flake8-gettext.function-names`
+///
 /// ## References
 /// - [Python documentation: `gettext` — Multilingual internationalization services](https://docs.python.org/3/library/gettext.html)
 #[derive(ViolationMetadata)]
--- a/crates/ruff_linter/src/rules/flake8_gettext/rules/format_in_gettext_func_call.rs
+++ b/crates/ruff_linter/src/rules/flake8_gettext/rules/format_in_gettext_func_call.rs
@@ -38,6 +38,10 @@ use crate::checkers::ast::Checker;
 /// _("Hello, %s!") % name  # Looks for "Hello, %s!".
 /// ```
 ///
+/// ## Options
+///
+/// - `lint.flake8-gettext.function-names`
+///
 /// ## References
 /// - [Python documentation: `gettext` — Multilingual internationalization services](https://docs.python.org/3/library/gettext.html)
 #[derive(ViolationMetadata)]
--- a/crates/ruff_linter/src/rules/flake8_gettext/rules/printf_in_gettext_func_call.rs
+++ b/crates/ruff_linter/src/rules/flake8_gettext/rules/printf_in_gettext_func_call.rs
@@ -37,6 +37,10 @@ use crate::checkers::ast::Checker;
 /// _("Hello, %s!") % name  # Looks for "Hello, %s!".
 /// ```
 ///
+/// ## Options
+///
+/// - `lint.flake8-gettext.function-names`
+///
 /// ## References
 /// - [Python documentation: `gettext` — Multilingual internationalization services](https://docs.python.org/3/library/gettext.html)
 #[derive(ViolationMetadata)]
--- a/crates/ruff_linter/src/rules/flake8_gettext/settings.rs
+++ b/crates/ruff_linter/src/rules/flake8_gettext/settings.rs
@@ -5,7 +5,7 @@ use std::fmt::{Display, Formatter};

 #[derive(Debug, Clone, CacheKey)]
 pub struct Settings {
-    pub functions_names: Vec<Name>,
+    pub function_names: Vec<Name>,
 }

 pub fn default_func_names() -> Vec<Name> {
@@ -19,7 +19,7 @@ pub fn default_func_names() -> Vec<Name> {
 impl Default for Settings {
    fn default() -> Self {
        Self {
-            functions_names: default_func_names(),
+            function_names: default_func_names(),
        }
    }
 }
@@ -30,7 +30,7 @@ impl Display for Settings {
            formatter = f,
            namespace = "linter.flake8_gettext",
            fields = [
-                self.functions_names | array
+                self.function_names | array
            ]
        }
        Ok(())
--- a/crates/ruff_linter/src/rules/flake8_implicit_str_concat/rules/explicit.rs
+++ b/crates/ruff_linter/src/rules/flake8_implicit_str_concat/rules/explicit.rs
@@ -32,6 +32,13 @@ use crate::{Edit, Fix, FixAvailability, Violation};
 ///     "dog"
 /// )
 /// ```
+///
+/// ## Options
+///
+/// Setting `lint.flake8-implicit-str-concat.allow-multiline = false` will disable this rule because
+/// it would leave no allowed way to write a multi-line string.
+///
+/// - `lint.flake8-implicit-str-concat.allow-multiline`
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.201")]
 pub(crate) struct ExplicitStringConcatenation;
--- a/crates/ruff_linter/src/rules/flake8_logging/rules/exc_info_outside_except_handler.rs
+++ b/crates/ruff_linter/src/rules/flake8_logging/rules/exc_info_outside_except_handler.rs
@@ -43,6 +43,10 @@ use crate::{Fix, FixAvailability, Violation};
 ///
 /// ## Fix safety
 /// The fix is always marked as unsafe, as it changes runtime behavior.
+///
+/// ## Options
+///
+/// - `lint.logger-objects`
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "0.12.0")]
 pub(crate) struct ExcInfoOutsideExceptHandler;
--- a/crates/ruff_linter/src/rules/flake8_logging/rules/exception_without_exc_info.rs
+++ b/crates/ruff_linter/src/rules/flake8_logging/rules/exception_without_exc_info.rs
@@ -30,6 +30,10 @@ use crate::checkers::ast::Checker;
 /// ```python
 /// logging.error("...")
 /// ```
+///
+/// ## Options
+///
+/// - `lint.logger-objects`
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.2.0")]
 pub(crate) struct ExceptionWithoutExcInfo;
--- a/crates/ruff_linter/src/rules/flake8_logging/rules/log_exception_outside_except_handler.rs
+++ b/crates/ruff_linter/src/rules/flake8_logging/rules/log_exception_outside_except_handler.rs
@@ -42,6 +42,10 @@ use crate::{Edit, Fix, FixAvailability, Violation};
 /// ## Fix safety
 /// The fix, if available, will always be marked as unsafe, as it changes runtime behavior.
 ///
+/// ## Options
+///
+/// - `lint.logger-objects`
+///
 /// [The documentation]: https://docs.python.org/3/library/logging.html#logging.exception
 #[derive(ViolationMetadata)]
 #[violation_metadata(preview_since = "0.9.5")]
--- a/crates/ruff_linter/src/rules/flake8_pyi/rules/bytestring_usage.rs
+++ b/crates/ruff_linter/src/rules/flake8_pyi/rules/bytestring_usage.rs
@@ -11,7 +11,7 @@ use crate::{FixAvailability, Violation};
 ///
 /// ## Why is this bad?
 /// `ByteString` has been deprecated since Python 3.9 and will be removed in
-/// Python 3.14. The Python documentation recommends using either
+/// Python 3.17. The Python documentation recommends using either
 /// `collections.abc.Buffer` (or the `typing_extensions` backport
 /// on Python <3.12) or a union like `bytes | bytearray | memoryview` instead.
 ///
--- a/crates/ruff_linter/src/rules/flake8_quotes/rules/avoidable_escaped_quote.rs
+++ b/crates/ruff_linter/src/rules/flake8_quotes/rules/avoidable_escaped_quote.rs
@@ -32,6 +32,10 @@ use crate::{AlwaysFixableViolation, Edit, Fix};
 /// formatter automatically removes unnecessary escapes, making the rule
 /// redundant.
 ///
+/// ## Options
+///
+/// - `lint.flake8-quotes.inline-quotes`
+///
 /// [formatter]: https://docs.astral.sh/ruff/formatter
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.88")]
--- a/crates/ruff_linter/src/rules/flake8_return/rules/function.rs
+++ b/crates/ruff_linter/src/rules/flake8_return/rules/function.rs
@@ -55,6 +55,12 @@ use crate::rules::flake8_return::visitor::{ReturnVisitor, Stack};
 /// ## Fix safety
 /// This rule's fix is marked as unsafe for cases in which comments would be
 /// dropped from the `return` statement.
+///
+/// ## Options
+///
+/// This rule ignores functions marked as properties.
+///
+/// - `lint.pydocstyle.property-decorators`
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.154")]
 pub(crate) struct UnnecessaryReturnNone;
--- a/Show More
+++ b/Show More