[ty] Try eliminating ~AlwaysFalsy and ~AlwaysTruthy from intersections

[ty] Add documentation for ty_extensions.Top and ty_extensions.Bottom (#22245 )
Co-authored-by: Carl Meyer <carl@astral.sh>
2025-12-29 18:04:04 -05:00 · 2025-12-29 19:43:17 +00:00 · 2025-12-29 13:25:08 -05:00 · 2025-12-29 18:22:07 +00:00 · 2025-12-29 17:33:53 +00:00 · 2025-12-29 18:24:54 +01:00
448 changed files with 18954 additions and 6870 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -22,6 +22,7 @@ crates/ruff_linter/resources/test/fixtures/pyupgrade/UP018_CR.py text eol=cr
 crates/ruff_linter/resources/test/fixtures/pyupgrade/UP018_LF.py text eol=lf

 crates/ruff_python_parser/resources/inline linguist-generated=true
+crates/ty_python_semantic/resources/mdtest/external/*.lock linguist-generated=true

 ruff.schema.json -diff linguist-generated=true text=auto eol=lf
 ty.schema.json -diff linguist-generated=true text=auto eol=lf
--- a/.github/actionlint.yaml
+++ b/.github/actionlint.yaml
@@ -4,10 +4,17 @@
 self-hosted-runner:
  # Various runners we use that aren't recognized out-of-the-box by actionlint:
  labels:
+    - depot-ubuntu-24.04-4
    - depot-ubuntu-latest-8
    - depot-ubuntu-22.04-16
    - depot-ubuntu-22.04-32
    - depot-windows-2022-16
+    - depot-ubuntu-22.04-arm-4
    - github-windows-2025-x86_64-8
    - github-windows-2025-x86_64-16
    - codspeed-macro
+
+paths:
+  ".github/workflows/mypy_primer.yaml":
+    ignore:
+      - 'condition "false" is always evaluated to false. remove the if: section'
--- a/.github/mypy-primer-ty.toml
+++ b/.github/mypy-primer-ty.toml
@@ -4,5 +4,6 @@
 # Enable off-by-default rules.
 [rules]
 possibly-unresolved-reference = "warn"
+possibly-missing-import = "warn"
 unused-ignore-comment = "warn"
 division-by-zero = "warn"
--- a/.github/workflows/build-binaries.yml
+++ b/.github/workflows/build-binaries.yml
@@ -39,7 +39,7 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }}
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          submodules: recursive
          persist-credentials: false
@@ -59,7 +59,7 @@ jobs:
          "${MODULE_NAME}" --help
          python -m "${MODULE_NAME}" --help
      - name: "Upload sdist"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: wheels-sdist
          path: dist
@@ -68,7 +68,7 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }}
    runs-on: macos-14
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          submodules: recursive
          persist-credentials: false
@@ -84,7 +84,7 @@ jobs:
          target: x86_64
          args: --release --locked --out dist
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: wheels-macos-x86_64
          path: dist
@@ -99,7 +99,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: artifacts-macos-x86_64
          path: |
@@ -110,7 +110,7 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-build') }}
    runs-on: macos-14
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          submodules: recursive
          persist-credentials: false
@@ -131,7 +131,7 @@ jobs:
          ruff --help
          python -m ruff --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: wheels-aarch64-apple-darwin
          path: dist
@@ -146,7 +146,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: artifacts-aarch64-apple-darwin
          path: |
@@ -166,7 +166,7 @@ jobs:
          - target: aarch64-pc-windows-msvc
            arch: x64
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          submodules: recursive
          persist-credentials: false
@@ -192,7 +192,7 @@ jobs:
          "${MODULE_NAME}" --help
          python -m "${MODULE_NAME}" --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: wheels-${{ matrix.platform.target }}
          path: dist
@@ -203,7 +203,7 @@ jobs:
          7z a $ARCHIVE_FILE ./target/${{ matrix.platform.target }}/release/ruff.exe
          sha256sum $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: artifacts-${{ matrix.platform.target }}
          path: |
@@ -219,7 +219,7 @@ jobs:
          - x86_64-unknown-linux-gnu
          - i686-unknown-linux-gnu
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          submodules: recursive
          persist-credentials: false
@@ -242,7 +242,7 @@ jobs:
          "${MODULE_NAME}" --help
          python -m "${MODULE_NAME}" --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: wheels-${{ matrix.target }}
          path: dist
@@ -260,7 +260,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: artifacts-${{ matrix.target }}
          path: |
@@ -296,7 +296,7 @@ jobs:
            arch: riscv64

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          submodules: recursive
          persist-credentials: false
@@ -327,7 +327,7 @@ jobs:
            pip3 install ${{ env.PACKAGE_NAME }} --no-index --find-links dist/ --force-reinstall
            ruff --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: wheels-${{ matrix.platform.target }}
          path: dist
@@ -345,7 +345,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: artifacts-${{ matrix.platform.target }}
          path: |
@@ -361,7 +361,7 @@ jobs:
          - x86_64-unknown-linux-musl
          - i686-unknown-linux-musl
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          submodules: recursive
          persist-credentials: false
@@ -389,7 +389,7 @@ jobs:
            .venv/bin/pip3 install ${{ env.PACKAGE_NAME }} --no-index --find-links dist/ --force-reinstall
            .venv/bin/${{ env.MODULE_NAME }} --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: wheels-${{ matrix.target }}
          path: dist
@@ -407,7 +407,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: artifacts-${{ matrix.target }}
          path: |
@@ -427,7 +427,7 @@ jobs:
            arch: armv7

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          submodules: recursive
          persist-credentials: false
@@ -456,7 +456,7 @@ jobs:
            .venv/bin/pip3 install ${{ env.PACKAGE_NAME }} --no-index --find-links dist/ --force-reinstall
            .venv/bin/${{ env.MODULE_NAME }} --help
      - name: "Upload wheels"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: wheels-${{ matrix.platform.target }}
          path: dist
@@ -474,7 +474,7 @@ jobs:
          tar czvf $ARCHIVE_FILE $ARCHIVE_NAME
          shasum -a 256 $ARCHIVE_FILE > $ARCHIVE_FILE.sha256
      - name: "Upload binary"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: artifacts-${{ matrix.platform.target }}
          path: |
--- a/.github/workflows/build-docker.yml
+++ b/.github/workflows/build-docker.yml
@@ -20,6 +20,12 @@ on:
 env:
  RUFF_BASE_IMG: ghcr.io/${{ github.repository_owner }}/ruff

+permissions:
+  contents: read
+  # TODO(zanieb): Ideally, this would be `read` on dry-run but that will require
+  # significant changes to the workflow.
+  packages: write # zizmor: ignore[excessive-permissions]
+
 jobs:
  docker-build:
    name: Build Docker image (ghcr.io/astral-sh/ruff) for ${{ matrix.platform }}
@@ -33,12 +39,12 @@ jobs:
          - linux/amd64
          - linux/arm64
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          submodules: recursive
          persist-credentials: false

-      - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+      - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

      - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        with:
@@ -63,7 +69,7 @@ jobs:

      - name: Extract metadata (tags, labels) for Docker
        id: meta
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
        with:
          images: ${{ env.RUFF_BASE_IMG }}
          # Defining this makes sure the org.opencontainers.image.version OCI label becomes the actual release version and not the branch name
@@ -96,7 +102,7 @@ jobs:
          touch "/tmp/digests/${digest#sha256:}"

      - name: Upload digests
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: digests-${{ env.PLATFORM_TUPLE }}
          path: /tmp/digests/*
@@ -113,17 +119,17 @@ jobs:
    if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
    steps:
      - name: Download digests
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
        with:
          path: /tmp/digests
          pattern: digests-*
          merge-multiple: true

-      - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+      - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

      - name: Extract metadata (tags, labels) for Docker
        id: meta
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
        with:
          images: ${{ env.RUFF_BASE_IMG }}
          # Order is on purpose such that the label org.opencontainers.image.version has the first pattern with the full version
@@ -167,7 +173,7 @@ jobs:
          - debian:bookworm-slim,bookworm-slim,debian-slim
          - buildpack-deps:bookworm,bookworm,debian
    steps:
-      - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+      - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

      - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        with:
@@ -219,7 +225,7 @@ jobs:

      - name: Extract metadata (tags, labels) for Docker
        id: meta
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
        # ghcr.io prefers index level annotations
        env:
          DOCKER_METADATA_ANNOTATIONS_LEVELS: index
@@ -256,17 +262,17 @@ jobs:
    if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }}
    steps:
      - name: Download digests
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
        with:
          path: /tmp/digests
          pattern: digests-*
          merge-multiple: true

-      - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+      - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

      - name: Extract metadata (tags, labels) for Docker
        id: meta
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
        env:
          DOCKER_METADATA_ANNOTATIONS_LEVELS: index
        with:
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -49,8 +49,10 @@ jobs:
      py-fuzzer: ${{ steps.check_py_fuzzer.outputs.changed }}
      # Flag that is set to "true" when code related to the playground changes.
      playground: ${{ steps.check_playground.outputs.changed }}
+      # Flag that is set to "true" when code related to the benchmarks changes.
+      benchmarks: ${{ steps.check_benchmarks.outputs.changed }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          fetch-depth: 0
          persist-credentials: false
@@ -95,6 +97,7 @@ jobs:
            ':!crates/ruff_python_formatter/**' \
            ':!crates/ruff_formatter/**' \
            ':!crates/ruff_dev/**' \
+            ':!crates/ruff_benchmark/**' \
            ':scripts/*' \
            ':python/**' \
            ':.github/workflows/ci.yaml' \
@@ -202,6 +205,21 @@ jobs:
            ':crates/ruff_python_trivia/**' \
            ':crates/ruff_source_file/**' \
            ':crates/ruff_text_size/**' \
+            ':.github/workflows/ci.yaml' \
+          ; then
+              echo "changed=false" >> "$GITHUB_OUTPUT"
+          else
+              echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Check if the benchmark code changed
+        id: check_benchmarks
+        env:
+          MERGE_BASE: ${{ steps.merge_base.outputs.sha }}
+        run: |
+          if git diff --quiet "${MERGE_BASE}...HEAD" -- \
+            ':Cargo.toml' \
+            ':Cargo.lock' \
            ':crates/ruff_benchmark/**' \
            ':.github/workflows/ci.yaml' \
          ; then
@@ -215,7 +233,7 @@ jobs:
    runs-on: ubuntu-latest
    timeout-minutes: 10
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - name: "Install Rust toolchain"
@@ -229,7 +247,7 @@ jobs:
    if: ${{ needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main' }}
    timeout-minutes: 20
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
@@ -251,7 +269,7 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main') }}
    timeout-minutes: 20
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
@@ -263,15 +281,15 @@ jobs:
      - name: "Install mold"
        uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
      - name: "Install cargo nextest"
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
+        uses: taiki-e/install-action@b9c5db3aef04caffaf95a1d03931de10fb2a140f # v2.65.1
        with:
          tool: cargo-nextest
      - name: "Install cargo insta"
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
+        uses: taiki-e/install-action@b9c5db3aef04caffaf95a1d03931de10fb2a140f # v2.65.1
        with:
          tool: cargo-insta
      - name: "Install uv"
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
        with:
          enable-cache: "true"
      - name: ty mdtests (GitHub annotations)
@@ -314,7 +332,7 @@ jobs:
      (needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main')
    timeout-minutes: 20
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
@@ -325,11 +343,11 @@ jobs:
      - name: "Install mold"
        uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
      - name: "Install cargo nextest"
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
+        uses: taiki-e/install-action@b9c5db3aef04caffaf95a1d03931de10fb2a140f # v2.65.1
        with:
          tool: cargo-nextest
      - name: "Install uv"
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
        with:
          enable-cache: "true"
      - name: "Run tests"
@@ -349,7 +367,7 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main') }}
    timeout-minutes: 20
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
@@ -358,11 +376,11 @@ jobs:
      - name: "Install Rust toolchain"
        run: rustup show
      - name: "Install cargo nextest"
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
+        uses: taiki-e/install-action@b9c5db3aef04caffaf95a1d03931de10fb2a140f # v2.65.1
        with:
          tool: cargo-nextest
      - name: "Install uv"
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
        with:
          enable-cache: "true"
      - name: "Run tests"
@@ -377,7 +395,7 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main') }}
    timeout-minutes: 10
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
@@ -385,9 +403,9 @@ jobs:
          save-if: ${{ github.ref == 'refs/heads/main' }}
      - name: "Install Rust toolchain"
        run: rustup target add wasm32-unknown-unknown
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
        with:
-          node-version: 22
+          node-version: 24
          cache: "npm"
          cache-dependency-path: playground/package-lock.json
      - uses: jetli/wasm-pack-action@0d096b08b4e5a7de8c28de67e11e945404e9eefa # v0.4.0
@@ -409,7 +427,7 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main') }}
    timeout-minutes: 20
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - uses: SebRollen/toml-action@b1b3628f55fc3a28208d4203ada8b737e9687876 # v1.2.0
@@ -438,7 +456,7 @@ jobs:
    if: ${{ github.ref == 'refs/heads/main' || needs.determine_changes.outputs.fuzz == 'true' || needs.determine_changes.outputs.code == 'true' }}
    timeout-minutes: 10
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
@@ -450,7 +468,7 @@ jobs:
      - name: "Install mold"
        uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
      - name: "Install cargo-binstall"
-        uses: cargo-bins/cargo-binstall@3fc81674af4165a753833a94cae9f91d8849049f # v1.16.2
+        uses: cargo-bins/cargo-binstall@4a9028576ed64318f7b24193a62695e96dcbe015 # v1.16.5
      - name: "Install cargo-fuzz"
        # Download the latest version from quick install and not the github releases because github releases only has MUSL targets.
        run: cargo binstall cargo-fuzz --force  --disable-strategies crate-meta-data --no-confirm
@@ -465,10 +483,10 @@ jobs:
    env:
      FORCE_COLOR: 1
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
          shared-key: ruff-linux-debug
@@ -497,13 +515,13 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main') }}
    timeout-minutes: 5
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
          save-if: ${{ github.ref == 'refs/heads/main' }}
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
      - name: "Install Rust toolchain"
        run: rustup component add rustfmt
      # Run all code generation scripts, and verify that the current output is
@@ -530,15 +548,20 @@ jobs:
    needs: determine_changes
    # Only runs on pull requests, since that is the only we way we can find the base version for comparison.
    # Ecosystem check needs linter and/or formatter changes.
-    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && github.event_name == 'pull_request' && needs.determine_changes.outputs.code == 'true' }}
+    if: |
+      !contains(github.event.pull_request.labels.*.name, 'no-test') && github.event_name == 'pull_request' &&
+      (
+        needs.determine_changes.outputs.linter == 'true' ||
+        needs.determine_changes.outputs.formatter == 'true'
+      )
    timeout-minutes: 20
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          ref: ${{ github.event.pull_request.base.ref }}
          persist-credentials: false

-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          activate-environment: true
@@ -559,7 +582,7 @@ jobs:
          cargo build --bin ruff
          mv target/debug/ruff target/debug/ruff-baseline

-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
          clean: false
@@ -625,7 +648,7 @@ jobs:

      # NOTE: astral-sh-bot uses this artifact to post comments on PRs.
      # Make sure to update the bot if you rename the artifact.
-      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        name: Upload Results
        with:
          name: ecosystem-result
@@ -640,11 +663,11 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && github.event_name == 'pull_request' && (needs.determine_changes.outputs.ty == 'true' || needs.determine_changes.outputs.py-fuzzer == 'true') }}
    timeout-minutes: ${{ github.repository == 'astral-sh/ruff' && 10 || 20 }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          fetch-depth: 0
          persist-credentials: false
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
          save-if: ${{ github.ref == 'refs/heads/main' }}
@@ -687,10 +710,10 @@ jobs:
    needs: determine_changes
    if: ${{ needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main' }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
-      - uses: cargo-bins/cargo-binstall@3fc81674af4165a753833a94cae9f91d8849049f # v1.16.2
+      - uses: cargo-bins/cargo-binstall@4a9028576ed64318f7b24193a62695e96dcbe015 # v1.16.5
      - run: cargo binstall --no-confirm cargo-shear
      - run: cargo shear

@@ -700,10 +723,10 @@ jobs:
    needs: determine_changes
    if: ${{ needs.determine_changes.outputs.ty == 'true' || github.ref == 'refs/heads/main' }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
          save-if: ${{ github.ref == 'refs/heads/main' }}
@@ -722,7 +745,7 @@ jobs:
    timeout-minutes: 20
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
@@ -751,18 +774,18 @@ jobs:
    runs-on: ${{ github.repository == 'astral-sh/ruff' && 'depot-ubuntu-22.04-16' || 'ubuntu-latest' }}
    timeout-minutes: 10
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
          save-if: ${{ github.ref == 'refs/heads/main' }}
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
        with:
-          node-version: 22
+          node-version: 24
      - name: "Cache pre-commit"
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
        with:
          path: ~/.cache/pre-commit
          key: pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
@@ -782,7 +805,7 @@ jobs:
    runs-on: ubuntu-latest
    timeout-minutes: 10
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
@@ -791,7 +814,7 @@ jobs:
      - name: "Install Rust toolchain"
        run: rustup show
      - name: Install uv
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
        with:
          python-version: 3.13
          activate-environment: true
@@ -813,7 +836,7 @@ jobs:
    if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.formatter == 'true' || github.ref == 'refs/heads/main') }}
    timeout-minutes: 10
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
@@ -839,7 +862,7 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        name: "Checkout ruff source"
        with:
          persist-credentials: false
@@ -855,7 +878,7 @@ jobs:
      - name: Build Ruff binary
        run: cargo build -p ruff --bin ruff

-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        name: "Checkout ruff-lsp source"
        with:
          persist-credentials: false
@@ -890,7 +913,7 @@ jobs:
      - determine_changes
    if: ${{ (needs.determine_changes.outputs.playground == 'true') }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - name: "Install Rust toolchain"
@@ -898,9 +921,9 @@ jobs:
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
          save-if: ${{ github.ref == 'refs/heads/main' }}
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
        with:
-          node-version: 22
+          node-version: 24
          cache: "npm"
          cache-dependency-path: playground/package-lock.json
      - uses: jetli/wasm-bindgen-action@20b33e20595891ab1a0ed73145d8a21fc96e7c29 # v0.2.0
@@ -926,7 +949,9 @@ jobs:
      (
        github.ref == 'refs/heads/main' ||
        needs.determine_changes.outputs.formatter == 'true' ||
-        needs.determine_changes.outputs.linter == 'true'
+        needs.determine_changes.outputs.linter == 'true' ||
+        needs.determine_changes.outputs.parser == 'true' ||
+        needs.determine_changes.outputs.benchmarks == 'true'
      )
    timeout-minutes: 20
    permissions:
@@ -934,25 +959,25 @@ jobs:
      id-token: write # required for OIDC authentication with CodSpeed
    steps:
      - name: "Checkout Branch"
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false

      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
          save-if: ${{ github.ref == 'refs/heads/main' }}
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6

      - name: "Install Rust toolchain"
        run: rustup show

      - name: "Install codspeed"
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
+        uses: taiki-e/install-action@b9c5db3aef04caffaf95a1d03931de10fb2a140f # v2.65.1
        with:
          tool: cargo-codspeed

      - name: "Build benchmarks"
-        run: cargo codspeed build --features "codspeed,instrumented" --profile profiling --no-default-features -p ruff_benchmark --bench formatter --bench lexer --bench linter --bench parser
+        run: cargo codspeed build --features "codspeed,ruff_instrumented" --profile profiling --no-default-features -p ruff_benchmark --bench formatter --bench lexer --bench linter --bench parser

      - name: "Run benchmarks"
        uses: CodSpeedHQ/action@346a2d8a8d9d38909abd0bc3d23f773110f076ad # v4.4.1
@@ -960,83 +985,169 @@ jobs:
          mode: simulation
          run: cargo codspeed run

-  benchmarks-instrumented-ty:
-    name: "benchmarks instrumented (ty)"
-    runs-on: ubuntu-24.04
+  benchmarks-instrumented-ty-build:
+    name: "benchmarks instrumented ty (build)"
+    runs-on: depot-ubuntu-24.04-4
    needs: determine_changes
    if: |
      github.repository == 'astral-sh/ruff' &&
      (
        github.ref == 'refs/heads/main' ||
-        needs.determine_changes.outputs.ty == 'true'
+        needs.determine_changes.outputs.ty == 'true' ||
+        needs.determine_changes.outputs.benchmarks == 'true'
      )
    timeout-minutes: 20
-    permissions:
-      contents: read # required for actions/checkout
-      id-token: write # required for OIDC authentication with CodSpeed
    steps:
      - name: "Checkout Branch"
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false

      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
          save-if: ${{ github.ref == 'refs/heads/main' }}
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4

      - name: "Install Rust toolchain"
        run: rustup show

      - name: "Install codspeed"
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
+        uses: taiki-e/install-action@b9c5db3aef04caffaf95a1d03931de10fb2a140f # v2.65.1
        with:
          tool: cargo-codspeed

      - name: "Build benchmarks"
-        run: cargo codspeed build --features "codspeed,instrumented" --profile profiling --no-default-features -p ruff_benchmark --bench ty
+        run: cargo codspeed build -m instrumentation --features "codspeed,ty_instrumented" --profile profiling --no-default-features -p ruff_benchmark --bench ty
+
+      - name: "Upload benchmark binary"
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        with:
+          name: benchmarks-instrumented-ty-binary
+          path: target/codspeed/simulation/ruff_benchmark
+          retention-days: 1
+
+  benchmarks-instrumented-ty-run:
+    name: "benchmarks instrumented ty (${{ matrix.benchmark }})"
+    runs-on: ubuntu-24.04
+    needs: benchmarks-instrumented-ty-build
+    timeout-minutes: 20
+    permissions:
+      contents: read # required for actions/checkout
+      id-token: write # required for OIDC authentication with CodSpeed
+    strategy:
+      fail-fast: false
+      matrix:
+        benchmark:
+          - "check_file|micro|anyio"
+          - "attrs|hydra|datetype"
+    steps:
+      - name: "Checkout Branch"
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
+
+      - name: "Install codspeed"
+        uses: taiki-e/install-action@b9c5db3aef04caffaf95a1d03931de10fb2a140f # v2.65.1
+        with:
+          tool: cargo-codspeed
+
+      - name: "Download benchmark binary"
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
+        with:
+          name: benchmarks-instrumented-ty-binary
+          path: target/codspeed/simulation/ruff_benchmark
+
+      - name: "Restore binary permissions"
+        run: chmod +x target/codspeed/simulation/ruff_benchmark/ty

      - name: "Run benchmarks"
        uses: CodSpeedHQ/action@346a2d8a8d9d38909abd0bc3d23f773110f076ad # v4.4.1
        with:
          mode: simulation
-          run: cargo codspeed run
+          run: cargo codspeed run --bench ty "${{ matrix.benchmark }}"

-  benchmarks-walltime:
-    name: "benchmarks walltime (${{ matrix.benchmarks }})"
-    runs-on: codspeed-macro
+  benchmarks-walltime-build:
+    name: "benchmarks walltime (build)"
+    # We only run this job if `github.repository == 'astral-sh/ruff'`,
+    # so hardcoding depot here is fine
+    runs-on: depot-ubuntu-22.04-arm-4
    needs: determine_changes
-    if: ${{ github.repository == 'astral-sh/ruff' && !contains(github.event.pull_request.labels.*.name, 'no-test') && (needs.determine_changes.outputs.ty == 'true' || github.ref == 'refs/heads/main') }}
+    if: |
+      github.repository == 'astral-sh/ruff' &&
+      (
+        !contains(github.event.pull_request.labels.*.name, 'no-test') &&
+        (
+          needs.determine_changes.outputs.ty == 'true' ||
+          needs.determine_changes.outputs.benchmarks == 'true' ||
+          github.ref == 'refs/heads/main'
+        )
+      )
+    timeout-minutes: 20
+    steps:
+      - name: "Checkout Branch"
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
+
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+        with:
+          save-if: ${{ github.ref == 'refs/heads/main' }}
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
+
+      - name: "Install Rust toolchain"
+        run: rustup show
+
+      - name: "Install codspeed"
+        uses: taiki-e/install-action@b9c5db3aef04caffaf95a1d03931de10fb2a140f # v2.65.1
+        with:
+          tool: cargo-codspeed
+
+      - name: "Build benchmarks"
+        run: cargo codspeed build -m walltime --features "codspeed,ty_walltime" --profile profiling --no-default-features -p ruff_benchmark
+
+      - name: "Upload benchmark binary"
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        with:
+          name: benchmarks-walltime-binary
+          path: target/codspeed/walltime/ruff_benchmark
+          retention-days: 1
+
+  benchmarks-walltime-run:
+    name: "benchmarks walltime (${{ matrix.benchmark }})"
+    runs-on: codspeed-macro
+    needs: benchmarks-walltime-build
    timeout-minutes: 20
    permissions:
      contents: read # required for actions/checkout
      id-token: write # required for OIDC authentication with CodSpeed
    strategy:
      matrix:
-        benchmarks:
-          - "medium|multithreaded"
-          - "small|large"
+        benchmark:
+          - colour_science
+          - "pandas|tanjun|altair"
+          - "static_frame|sympy"
+          - "pydantic|multithreaded|freqtrade"
    steps:
      - name: "Checkout Branch"
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false

-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
-        with:
-          save-if: ${{ github.ref == 'refs/heads/main' }}
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
-
-      - name: "Install Rust toolchain"
-        run: rustup show
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6

      - name: "Install codspeed"
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
+        uses: taiki-e/install-action@b9c5db3aef04caffaf95a1d03931de10fb2a140f # v2.65.1
        with:
          tool: cargo-codspeed

-      - name: "Build benchmarks"
-        run: cargo codspeed build --features "codspeed,walltime" --profile profiling --no-default-features -p ruff_benchmark
+      - name: "Download benchmark binary"
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
+        with:
+          name: benchmarks-walltime-binary
+          path: target/codspeed/walltime/ruff_benchmark
+
+      - name: "Restore binary permissions"
+        run: chmod +x target/codspeed/walltime/ruff_benchmark/ty_walltime

      - name: "Run benchmarks"
        uses: CodSpeedHQ/action@346a2d8a8d9d38909abd0bc3d23f773110f076ad # v4.4.1
@@ -1047,4 +1158,4 @@ jobs:
          CODSPEED_PERF_ENABLED: false
        with:
          mode: walltime
-          run: cargo codspeed run --bench ty_walltime "${{ matrix.benchmarks }}"
+          run: cargo codspeed run --bench ty_walltime -m walltime "${{ matrix.benchmark }}"
--- a/.github/workflows/daily_fuzz.yaml
+++ b/.github/workflows/daily_fuzz.yaml
@@ -31,10 +31,10 @@ jobs:
    # Don't run the cron job on forks:
    if: ${{ github.repository == 'astral-sh/ruff' || github.event_name != 'schedule' }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
      - name: "Install Rust toolchain"
        run: rustup show
      - name: "Install mold"
@@ -62,7 +62,7 @@ jobs:
    name: Create an issue if the daily fuzz surfaced any bugs
    runs-on: ubuntu-latest
    needs: fuzz
-    if: ${{ github.repository == 'astral-sh/ruff' && always() && github.event_name == 'schedule' && needs.fuzz.result == 'failure' }}
+    if: ${{ github.repository == 'astral-sh/ruff' && always() && github.event_name == 'schedule' && needs.fuzz.result != 'success' }}
    permissions:
      issues: write
    steps:
--- a/.github/workflows/mypy_primer.yaml
+++ b/.github/workflows/mypy_primer.yaml
@@ -6,6 +6,11 @@ on:
  pull_request:
    paths:
      - "crates/ty*/**"
+      - "!crates/ty_ide/**"
+      - "!crates/ty_server/**"
+      - "!crates/ty_test/**"
+      - "!crates/ty_completion_eval/**"
+      - "!crates/ty_wasm/**"
      - "crates/ruff_db"
      - "crates/ruff_python_ast"
      - "crates/ruff_python_parser"
@@ -36,14 +41,14 @@ jobs:
    runs-on: ${{ github.repository == 'astral-sh/ruff' && 'depot-ubuntu-22.04-32' || 'ubuntu-latest' }}
    timeout-minutes: 20
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          path: ruff
          fetch-depth: 0
          persist-credentials: false

      - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6

      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
@@ -65,7 +70,7 @@ jobs:
      # NOTE: astral-sh-bot uses this artifact to post comments on PRs.
      # Make sure to update the bot if you rename the artifact.
      - name: Upload diff
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: mypy_primer_diff
          path: mypy_primer.diff
@@ -75,14 +80,14 @@ jobs:
    runs-on: ${{ github.repository == 'astral-sh/ruff' && 'depot-ubuntu-22.04-32' || 'ubuntu-latest' }}
    timeout-minutes: 20
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          path: ruff
          fetch-depth: 0
          persist-credentials: false

      - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6

      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
@@ -103,7 +108,7 @@ jobs:
          scripts/mypy_primer.sh

      - name: Upload diff
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: mypy_primer_memory_diff
          path: mypy_primer_memory.diff
@@ -117,14 +122,14 @@ jobs:
    # TODO: Enable once we fixed the non-deterministic diagnostics
    if: false
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          path: ruff
          fetch-depth: 0
          persist-credentials: false

      - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6

      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
--- a/.github/workflows/publish-docs.yml
+++ b/.github/workflows/publish-docs.yml
@@ -17,11 +17,14 @@ on:
        required: true
        type: string

+permissions:
+  contents: read
+
 jobs:
  mkdocs:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          ref: ${{ inputs.ref }}
          persist-credentials: true
--- a/.github/workflows/publish-playground.yml
+++ b/.github/workflows/publish-playground.yml
@@ -26,14 +26,14 @@ jobs:
    env:
      CF_API_TOKEN_EXISTS: ${{ secrets.CF_API_TOKEN != '' }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - name: "Install Rust toolchain"
        run: rustup target add wasm32-unknown-unknown
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
        with:
-          node-version: 22
+          node-version: 24
          package-manager-cache: false
      - uses: jetli/wasm-bindgen-action@20b33e20595891ab1a0ed73145d8a21fc96e7c29 # v0.2.0
      - name: "Install Node dependencies"
--- a/.github/workflows/publish-pypi.yml
+++ b/.github/workflows/publish-pypi.yml
@@ -22,8 +22,8 @@ jobs:
      id-token: write
    steps:
      - name: "Install uv"
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
-      - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
+      - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
        with:
          pattern: wheels-*
          path: wheels
--- a/.github/workflows/publish-ty-playground.yml
+++ b/.github/workflows/publish-ty-playground.yml
@@ -30,14 +30,14 @@ jobs:
    env:
      CF_API_TOKEN_EXISTS: ${{ secrets.CF_API_TOKEN != '' }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - name: "Install Rust toolchain"
        run: rustup target add wasm32-unknown-unknown
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
        with:
-          node-version: 22
+          node-version: 24
          package-manager-cache: false
      - uses: jetli/wasm-bindgen-action@20b33e20595891ab1a0ed73145d8a21fc96e7c29 # v0.2.0
      - name: "Install Node dependencies"
--- a/.github/workflows/publish-wasm.yml
+++ b/.github/workflows/publish-wasm.yml
@@ -29,7 +29,7 @@ jobs:
        target: [web, bundler, nodejs]
      fail-fast: false
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          persist-credentials: false
      - name: "Install Rust toolchain"
@@ -45,9 +45,9 @@ jobs:
          jq '.name="@astral-sh/ruff-wasm-${{ matrix.target }}"' crates/ruff_wasm/pkg/package.json > /tmp/package.json
          mv /tmp/package.json crates/ruff_wasm/pkg
      - run: cp LICENSE crates/ruff_wasm/pkg # wasm-pack does not put the LICENSE file in the pkg
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
        with:
-          node-version: 22
+          node-version: 24
          registry-url: "https://registry.npmjs.org"
      - name: "Publish (dry-run)"
        if: ${{ inputs.plan == '' || fromJson(inputs.plan).announcement_tag_is_implicit }}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -128,14 +128,14 @@ jobs:
          persist-credentials: false
          submodules: recursive
      - name: Install cached dist
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
        with:
          name: cargo-dist-cache
          path: ~/.cargo/bin/
      - run: chmod +x ~/.cargo/bin/dist
      # Get all the local artifacts for the global tasks to use (for e.g. checksums)
      - name: Fetch local artifacts
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
        with:
          pattern: artifacts-*
          path: target/distrib/
@@ -179,14 +179,14 @@ jobs:
          persist-credentials: false
          submodules: recursive
      - name: Install cached dist
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
        with:
          name: cargo-dist-cache
          path: ~/.cargo/bin/
      - run: chmod +x ~/.cargo/bin/dist
      # Fetch artifacts from scratch-storage
      - name: Fetch artifacts
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
        with:
          pattern: artifacts-*
          path: target/distrib/
@@ -256,7 +256,7 @@ jobs:
          submodules: recursive
      # Create a GitHub Release while uploading all files to it
      - name: "Download GitHub Artifacts"
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
        with:
          pattern: artifacts-*
          path: artifacts
--- a/.github/workflows/sync_typeshed.yaml
+++ b/.github/workflows/sync_typeshed.yaml
@@ -16,8 +16,7 @@ name: Sync typeshed
 # 3. Once the Windows worker is done, a MacOS worker:
 #    a. Checks out the branch created by the Linux worker
 #    b. Syncs all docstrings available on MacOS that are not available on Linux or Windows
-#    c. Attempts to update any snapshots that might have changed
-#       (this sub-step is allowed to fail)
+#    c. Formats the code again
 #    d. Commits the changes and pushes them to the same upstream branch
 #    e. Creates a PR against the `main` branch using the branch all three workers have pushed to
 # 4. If any of steps 1-3 failed, an issue is created in the `astral-sh/ruff` repository
@@ -62,12 +61,12 @@ jobs:
    permissions:
      contents: write
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        name: Checkout Ruff
        with:
          path: ruff
          persist-credentials: true
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        name: Checkout typeshed
        with:
          repository: python/typeshed
@@ -77,7 +76,7 @@ jobs:
        run: |
          git config --global user.name typeshedbot
          git config --global user.email '<>'
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
      - name: Sync typeshed stubs
        run: |
          rm -rf "ruff/${VENDORED_TYPESHED}"
@@ -126,12 +125,12 @@ jobs:
    permissions:
      contents: write
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        name: Checkout Ruff
        with:
          persist-credentials: true
          ref: ${{ env.UPSTREAM_BRANCH}}
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
      - name: Setup git
        run: |
          git config --global user.name typeshedbot
@@ -165,12 +164,12 @@ jobs:
      contents: write
      pull-requests: write
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        name: Checkout Ruff
        with:
          persist-credentials: true
          ref: ${{ env.UPSTREAM_BRANCH}}
-      - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+      - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
      - name: Setup git
        run: |
          git config --global user.name typeshedbot
@@ -198,42 +197,6 @@ jobs:
        run: |
          rm "${VENDORED_TYPESHED}/pyproject.toml"
          git commit -am "Remove pyproject.toml file"
-      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
-      - name: "Install Rust toolchain"
-        if: ${{ success() }}
-        run: rustup show
-      - name: "Install mold"
-        if: ${{ success() }}
-        uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
-      - name: "Install cargo nextest"
-        if: ${{ success() }}
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
-        with:
-          tool: cargo-nextest
-      - name: "Install cargo insta"
-        if: ${{ success() }}
-        uses: taiki-e/install-action@3575e532701a5fc614b0c842e4119af4cc5fd16d # v2.62.60
-        with:
-          tool: cargo-insta
-      - name: Update snapshots
-        if: ${{ success() }}
-        run: |
-          cargo r \
-          --profile=profiling \
-          -p ty_completion_eval \
-          -- all --tasks ./crates/ty_completion_eval/completion-evaluation-tasks.csv
-
-          # The `cargo insta` docs indicate that `--unreferenced=delete` might be a good option,
-          # but from local testing it appears to just revert all changes made by `cargo insta test --accept`.
-          #
-          # If there were only snapshot-related failures, `cargo insta test --accept` will have exit code 0,
-          # but if there were also other mdtest failures (for example), it will return a nonzero exit code.
-          # We don't care about other tests failing here, we just want snapshots updated where possible,
-          # so we use `|| true` here to ignore the exit code.
-          cargo insta test --accept --color=always --all-features --test-runner=nextest || true
-      - name: Commit snapshot changes
-        if: ${{ success() }}
-        run: git commit -am "Update snapshots" || echo "No snapshot changes to commit"
      - name: Push changes upstream and create a PR
        if: ${{ success() }}
        run: |
@@ -245,7 +208,7 @@ jobs:
    name: Create an issue if the typeshed sync failed
    runs-on: ubuntu-latest
    needs: [sync, docstrings-windows, docstrings-macos-and-pr]
-    if: ${{ github.repository == 'astral-sh/ruff' && always() && github.event_name == 'schedule' && (needs.sync.result == 'failure' || needs.docstrings-windows.result == 'failure' || needs.docstrings-macos-and-pr.result == 'failure') }}
+    if: ${{ github.repository == 'astral-sh/ruff' && always() && github.event_name == 'schedule' && (needs.sync.result != 'success' || needs.docstrings-windows.result != 'success' || needs.docstrings-macos-and-pr.result != 'success') }}
    permissions:
      issues: write
    steps:
--- a/.github/workflows/ty-ecosystem-analyzer.yaml
+++ b/.github/workflows/ty-ecosystem-analyzer.yaml
@@ -4,7 +4,13 @@ permissions: {}

 on:
  pull_request:
-    types: [labeled]
+    # The default for `pull_request` is to trigger on `synchronize`, `opened` and `reopened`.
+    # We also add `labeled` here so that the workflow triggers when a label is initially added.
+    types:
+      - labeled
+      - synchronize
+      - opened
+      - reopened

 concurrency:
  group: ${{ github.workflow }}-${{ github.ref_name }}-${{ github.event.pull_request.number || github.sha }}
@@ -17,23 +23,22 @@ env:
  RUSTUP_MAX_RETRIES: 10
  RUST_BACKTRACE: 1
  REF_NAME: ${{ github.ref_name }}
-  CF_API_TOKEN_EXISTS: ${{ secrets.CF_API_TOKEN != '' }}

 jobs:
  ty-ecosystem-analyzer:
    name: Compute diagnostic diff
    runs-on: ${{ github.repository == 'astral-sh/ruff' && 'depot-ubuntu-22.04-32' || 'ubuntu-latest' }}
    timeout-minutes: 20
-    if: contains(github.event.label.name, 'ecosystem-analyzer')
+    if: contains( github.event.pull_request.labels.*.name, 'ecosystem-analyzer')
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          path: ruff
          fetch-depth: 0
          persist-credentials: false

      - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
        with:
          enable-cache: true # zizmor: ignore[cache-poisoning] acceptable risk for CloudFlare pages artifact

@@ -67,7 +72,7 @@ jobs:

          cd ..

-          uv tool install "git+https://github.com/astral-sh/ecosystem-analyzer@55df3c868f3fa9ab34cff0498dd6106722aac205"
+          uv tool install "git+https://github.com/astral-sh/ecosystem-analyzer@2e1816eac09c90140b1ba51d19afc5f59da460f5"

          ecosystem-analyzer \
            --repository ruff \
@@ -112,39 +117,30 @@ jobs:

          cat diff-statistics.md >> "$GITHUB_STEP_SUMMARY"

-      - name: "Deploy to Cloudflare Pages"
-        if: ${{ env.CF_API_TOKEN_EXISTS == 'true' }}
-        id: deploy
-        uses: cloudflare/wrangler-action@da0e0dfe58b7a431659754fdf3f186c529afbe65 # v3.14.1
+      # NOTE: astral-sh-bot uses this artifact to post comments on PRs.
+      # Make sure to update the bot if you rename the artifact.
+      - name: "Upload full report"
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
-          apiToken: ${{ secrets.CF_API_TOKEN }}
-          accountId: ${{ secrets.CF_ACCOUNT_ID }}
-          command: pages deploy dist --project-name=ty-ecosystem --branch ${{ github.head_ref }} --commit-hash ${GITHUB_SHA}
-
-      - name: "Append deployment URL"
-        if: ${{ env.CF_API_TOKEN_EXISTS == 'true' }}
-        env:
-          DEPLOYMENT_URL: ${{ steps.deploy.outputs.pages-deployment-alias-url }}
-        run: |
-          echo >> comment.md
-          echo "**[Full report with detailed diff]($DEPLOYMENT_URL/diff)** ([timing results]($DEPLOYMENT_URL/timing))" >> comment.md
+          name: full-report
+          path: dist/

      # NOTE: astral-sh-bot uses this artifact to post comments on PRs.
      # Make sure to update the bot if you rename the artifact.
      - name: Upload comment
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: comment.md
          path: comment.md

      - name: Upload diagnostics diff
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: diff.html
          path: dist/diff.html

      - name: Upload timing diff
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: timing.html
          path: dist/timing.html
--- a/.github/workflows/ty-ecosystem-report.yaml
+++ b/.github/workflows/ty-ecosystem-report.yaml
@@ -1,3 +1,7 @@
+# This workflow is a cron job that generates a report describing
+# all diagnostics ty emits across the whole ecosystem. The report
+# is uploaded to https://ty-ecosystem-ext.pages.dev/ on a weekly basis.
+
 name: ty ecosystem-report

 permissions: {}
@@ -14,7 +18,6 @@ env:
  CARGO_TERM_COLOR: always
  RUSTUP_MAX_RETRIES: 10
  RUST_BACKTRACE: 1
-  CF_API_TOKEN_EXISTS: ${{ secrets.CF_API_TOKEN != '' }}

 jobs:
  ty-ecosystem-report:
@@ -22,21 +25,21 @@ jobs:
    runs-on: ${{ github.repository == 'astral-sh/ruff' && 'depot-ubuntu-22.04-32' || 'ubuntu-latest' }}
    timeout-minutes: 20
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          path: ruff
          fetch-depth: 0
          persist-credentials: false

      - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4
+        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
        with:
-          enable-cache: true # zizmor: ignore[cache-poisoning] acceptable risk for CloudFlare pages artifact
+          enable-cache: true

      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
        with:
          workspaces: "ruff"
-          lookup-only: false # zizmor: ignore[cache-poisoning] acceptable risk for CloudFlare pages artifact
+          lookup-only: false

      - name: Install Rust toolchain
        run: rustup show
@@ -52,7 +55,7 @@ jobs:

          cd ..

-          uv tool install "git+https://github.com/astral-sh/ecosystem-analyzer@55df3c868f3fa9ab34cff0498dd6106722aac205"
+          uv tool install "git+https://github.com/astral-sh/ecosystem-analyzer@2e1816eac09c90140b1ba51d19afc5f59da460f5"

          ecosystem-analyzer \
            --verbose \
@@ -70,11 +73,10 @@ jobs:
            ecosystem-diagnostics.json \
            --output dist/index.html

-      - name: "Deploy to Cloudflare Pages"
-        if: ${{ env.CF_API_TOKEN_EXISTS == 'true' }}
-        id: deploy
-        uses: cloudflare/wrangler-action@da0e0dfe58b7a431659754fdf3f186c529afbe65 # v3.14.1
+      # NOTE: astral-sh-bot uses this artifact to publish the ecosystem report.
+      # Make sure to update the bot if you rename the artifact.
+      - name: "Upload ecosystem report"
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
-          apiToken: ${{ secrets.CF_API_TOKEN }}
-          accountId: ${{ secrets.CF_ACCOUNT_ID }}
-          command: pages deploy dist --project-name=ty-ecosystem --branch main --commit-hash ${GITHUB_SHA}
+          name: full-report
+          path: dist/
--- a/.github/workflows/typing_conformance.yaml
+++ b/.github/workflows/typing_conformance.yaml
@@ -6,6 +6,11 @@ on:
  pull_request:
    paths:
      - "crates/ty*/**"
+      - "!crates/ty_ide/**"
+      - "!crates/ty_server/**"
+      - "!crates/ty_test/**"
+      - "!crates/ty_completion_eval/**"
+      - "!crates/ty_wasm/**"
      - "crates/ruff_db"
      - "crates/ruff_python_ast"
      - "crates/ruff_python_parser"
@@ -32,13 +37,13 @@ jobs:
    runs-on: ${{ github.repository == 'astral-sh/ruff' && 'depot-ubuntu-22.04-32' || 'ubuntu-latest' }}
    timeout-minutes: 10
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          path: ruff
          fetch-depth: 0
          persist-credentials: false

-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          repository: python/typing
          ref: ${{ env.CONFORMANCE_SUITE_COMMIT }}
@@ -99,7 +104,7 @@ jobs:
      # NOTE: astral-sh-bot uses this artifact to post comments on PRs.
      # Make sure to update the bot if you rename the artifact.
      - name: Upload diff
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: typing_conformance_diagnostics_diff
          path: typing_conformance_diagnostics.diff
@@ -107,7 +112,7 @@ jobs:
      # NOTE: astral-sh-bot uses this artifact to post comments on PRs.
      # Make sure to update the bot if you rename the artifact.
      - name: Upload conformance suite commit
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: conformance-suite-commit
          path: conformance-suite-commit
--- a/.github/zizmor.yml
+++ b/.github/zizmor.yml
@@ -1,23 +0,0 @@
-# Configuration for the zizmor static analysis tool, run via pre-commit in CI
-# https://docs.zizmor.sh/configuration/
-#
-# TODO: can we remove the ignores here so that our workflows are more secure?
-rules:
-  cache-poisoning:
-    ignore:
-      - build-docker.yml
-  excessive-permissions:
-    # it's hard to test what the impact of removing these ignores would be
-    # without actually running the release workflow...
-    ignore:
-      - build-docker.yml
-      - publish-docs.yml
-  secrets-inherit:
-    # `cargo dist` makes extensive use of `secrets: inherit`,
-    # and we can't easily fix that until an upstream release changes that.
-    disable: true
-  template-injection:
-    ignore:
-      # like with `secrets-inherit`, `cargo dist` introduces some
-      # template injections. We've manually audited these usages for safety.
-      - release.yml
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -22,7 +22,7 @@ exclude: |

 repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v5.0.0
+    rev: v6.0.0
    hooks:
      - id: check-merge-conflict

@@ -46,7 +46,7 @@ repos:
          )$

  - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.45.0
+    rev: v0.47.0
    hooks:
      - id: markdownlint-fix
        exclude: |
@@ -56,7 +56,7 @@ repos:
          )$

  - repo: https://github.com/adamchainz/blacken-docs
-    rev: 1.19.1
+    rev: 1.20.0
    hooks:
      - id: blacken-docs
        language: python # means renovate will also update `additional_dependencies`
@@ -67,10 +67,10 @@ repos:
            .*?invalid(_.+)*_syntax\.md
          )$
        additional_dependencies:
-          - black==25.1.0
+          - black==25.12.0

  - repo: https://github.com/crate-ci/typos
-    rev: v1.34.0
+    rev: v1.40.0
    hooks:
      - id: typos

@@ -84,7 +84,7 @@ repos:
        pass_filenames: false # This makes it a lot faster

  - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.12.7
+    rev: v0.14.10
    hooks:
      - id: ruff-format
      - id: ruff-check
@@ -94,7 +94,7 @@ repos:

  # Prettier
  - repo: https://github.com/rbubley/mirrors-prettier
-    rev: v3.6.2
+    rev: v3.7.4
    hooks:
      - id: prettier
        types: [yaml]
@@ -102,19 +102,19 @@ repos:
  # zizmor detects security vulnerabilities in GitHub Actions workflows.
  # Additional configuration for the tool is found in `.github/zizmor.yml`
  - repo: https://github.com/zizmorcore/zizmor-pre-commit
-    rev: v1.16.0
+    rev: v1.19.0
    hooks:
      - id: zizmor

  - repo: https://github.com/python-jsonschema/check-jsonschema
-    rev: 0.33.2
+    rev: 0.36.0
    hooks:
      - id: check-github-workflows

  # `actionlint` hook, for verifying correct syntax in GitHub Actions workflows.
  # Some additional configuration for `actionlint` can be found in `.github/actionlint.yaml`.
  - repo: https://github.com/rhysd/actionlint
-    rev: v1.7.7
+    rev: v1.7.9
    hooks:
      - id: actionlint
        stages:
@@ -129,10 +129,10 @@ repos:
          # actionlint has a shellcheck integration which extracts shell scripts in `run:` steps from GitHub Actions
          # and checks these with shellcheck. This is arguably its most useful feature,
          # but the integration only works if shellcheck is installed
-          - "github.com/wasilibs/go-shellcheck/cmd/shellcheck@v0.10.0"
+          - "github.com/wasilibs/go-shellcheck/cmd/shellcheck@v0.11.1"

  - repo: https://github.com/shellcheck-py/shellcheck-py
-    rev: v0.10.0.1
+    rev: v0.11.0.1
    hooks:
      - id: shellcheck

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,54 @@
 # Changelog

+## 0.14.10
+
+Released on 2025-12-18.
+
+### Preview features
+
+- [formatter] Fluent formatting of method chains ([#21369](https://github.com/astral-sh/ruff/pull/21369))
+- [formatter] Keep lambda parameters on one line and parenthesize the body if it expands ([#21385](https://github.com/astral-sh/ruff/pull/21385))
+- \[`flake8-implicit-str-concat`\] New rule to prevent implicit string concatenation in collections (`ISC004`) ([#21972](https://github.com/astral-sh/ruff/pull/21972))
+- \[`flake8-use-pathlib`\] Make fixes unsafe when types change in compound statements (`PTH104`, `PTH105`, `PTH109`, `PTH115`) ([#22009](https://github.com/astral-sh/ruff/pull/22009))
+- \[`refurb`\] Extend support for `Path.open` (`FURB101`, `FURB103`) ([#21080](https://github.com/astral-sh/ruff/pull/21080))
+
+### Bug fixes
+
+- \[`pyupgrade`\] Fix parsing named Unicode escape sequences (`UP032`) ([#21901](https://github.com/astral-sh/ruff/pull/21901))
+
+### Rule changes
+
+- \[`eradicate`\] Ignore `ruff:disable` and `ruff:enable` comments in `ERA001` ([#22038](https://github.com/astral-sh/ruff/pull/22038))
+- \[`flake8-pytest-style`\] Allow `match` and `check` keyword arguments without an expected exception type (`PT010`) ([#21964](https://github.com/astral-sh/ruff/pull/21964))
+- [syntax-errors] Annotated name cannot be global ([#20868](https://github.com/astral-sh/ruff/pull/20868))
+
+### Documentation
+
+- Add `uv` and `ty` to the Ruff README ([#21996](https://github.com/astral-sh/ruff/pull/21996))
+- Document known lambda formatting deviations from Black ([#21954](https://github.com/astral-sh/ruff/pull/21954))
+- Update `setup.md` ([#22024](https://github.com/astral-sh/ruff/pull/22024))
+- \[`flake8-bandit`\] Fix broken link (`S704`) ([#22039](https://github.com/astral-sh/ruff/pull/22039))
+
+### Other changes
+
+- Fix playground Share button showing "Copied!" before clipboard copy completes ([#21942](https://github.com/astral-sh/ruff/pull/21942))
+
+### Contributors
+
+- [@dylwil3](https://github.com/dylwil3)
+- [@charliecloudberry](https://github.com/charliecloudberry)
+- [@charliermarsh](https://github.com/charliermarsh)
+- [@chirizxc](https://github.com/chirizxc)
+- [@ntBre](https://github.com/ntBre)
+- [@zanieb](https://github.com/zanieb)
+- [@amyreese](https://github.com/amyreese)
+- [@hauntsaninja](https://github.com/hauntsaninja)
+- [@11happy](https://github.com/11happy)
+- [@mahiro72](https://github.com/mahiro72)
+- [@MichaReiser](https://github.com/MichaReiser)
+- [@phongddo](https://github.com/phongddo)
+- [@PeterJCLaw](https://github.com/PeterJCLaw)
+
 ## 0.14.9

 Released on 2025-12-11.
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -17,6 +17,15 @@ dependencies = [
 "memchr",
 ]

+[[package]]
+name = "alloca"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e5a7d05ea6aea7e9e64d25b9156ba2fee3fdd659e34e41063cd2fc7cd020d7f4"
+dependencies = [
+ "cc",
+]
+
 [[package]]
 name = "allocator-api2"
 version = "0.2.21"
@@ -208,12 +217,6 @@ version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8"

-[[package]]
-name = "base64"
-version = "0.13.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8"
-
 [[package]]
 name = "bincode"
 version = "2.0.1"
@@ -280,6 +283,9 @@ name = "bitflags"
 version = "2.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "812e12b5285cc515a9c72a5c1d3b6d46a19dac5acfef5265968c166106e31dd3"
+dependencies = [
+ "serde_core",
+]

 [[package]]
 name = "bitvec"
@@ -351,9 +357,9 @@ dependencies = [

 [[package]]
 name = "camino"
-version = "1.2.1"
+version = "1.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "276a59bf2b2c967788139340c9f0c5b12d7fd6630315c15c217e559de85d2609"
+checksum = "e629a66d692cb9ff1a1c664e41771b3dcaf961985a9774c0eb0bd1b51cf60a48"
 dependencies = [
 "serde_core",
 ]
@@ -657,7 +663,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "117725a109d387c937a1533ce01b450cbde6b88abceea8473c4d7a85853cda3c"
 dependencies = [
 "lazy_static",
- "windows-sys 0.59.0",
+ "windows-sys 0.52.0",
 ]

 [[package]]
@@ -666,7 +672,7 @@ version = "3.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fde0e0ec90c9dfb3b4b1a0891a7dcd0e2bffde2f7efed5fe7c9bb00e5bfb915e"
 dependencies = [
- "windows-sys 0.59.0",
+ "windows-sys 0.52.0",
 ]

 [[package]]
@@ -767,18 +773,20 @@ dependencies = [

 [[package]]
 name = "criterion"
-version = "0.7.0"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e1c047a62b0cc3e145fa84415a3191f628e980b194c2755aa12300a4e6cbd928"
+checksum = "4d883447757bb0ee46f233e9dc22eb84d93a9508c9b868687b274fc431d886bf"
 dependencies = [
+ "alloca",
 "anes",
 "cast",
 "ciborium",
 "clap",
- "criterion-plot 0.6.0",
+ "criterion-plot 0.8.1",
 "itertools 0.13.0",
 "num-traits",
 "oorandom",
+ "page_size",
 "regex",
 "serde",
 "serde_json",
@@ -798,9 +806,9 @@ dependencies = [

 [[package]]
 name = "criterion-plot"
-version = "0.6.0"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9b1bcc0dc7dfae599d84ad0b1a55f80cde8af3725da8313b528da95ef783e338"
+checksum = "ed943f81ea2faa8dcecbbfa50164acf95d555afec96a27871663b300e387b2e4"
 dependencies = [
 "cast",
 "itertools 0.13.0",
@@ -1004,27 +1012,6 @@ dependencies = [
 "crypto-common",
 ]

-[[package]]
-name = "dir-test"
-version = "0.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "62c013fe825864f3e4593f36426c1fa7a74f5603f13ca8d1af7a990c1cd94a79"
-dependencies = [
- "dir-test-macros",
-]
-
-[[package]]
-name = "dir-test-macros"
-version = "0.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d42f54d7b4a6bc2400fe5b338e35d1a335787585375322f49c5d5fe7b243da7e"
-dependencies = [
- "glob",
- "proc-macro2",
- "quote",
- "syn",
-]
-
 [[package]]
 name = "dirs"
 version = "6.0.0"
@@ -1043,7 +1030,7 @@ dependencies = [
 "libc",
 "option-ext",
 "redox_users",
- "windows-sys 0.61.0",
+ "windows-sys 0.59.0",
 ]

 [[package]]
@@ -1135,7 +1122,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
 dependencies = [
 "libc",
- "windows-sys 0.61.0",
+ "windows-sys 0.59.0",
 ]

 [[package]]
@@ -1658,9 +1645,9 @@ dependencies = [

 [[package]]
 name = "insta"
-version = "1.43.2"
+version = "1.45.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "46fdb647ebde000f43b5b53f773c30cf9b0cb4300453208713fa38b2c70935a0"
+checksum = "b76866be74d68b1595eb8060cb9191dca9c021db2316558e52ddc5d55d41b66c"
 dependencies = [
 "console 0.15.11",
 "once_cell",
@@ -1670,6 +1657,7 @@ dependencies = [
 "ron",
 "serde",
 "similar",
+ "tempfile",
 ]

 [[package]]
@@ -1736,7 +1724,7 @@ checksum = "e04d7f318608d35d4b61ddd75cbdaee86b023ebe2bd5a66ee0915f0bf93095a9"
 dependencies = [
 "hermit-abi",
 "libc",
- "windows-sys 0.59.0",
+ "windows-sys 0.52.0",
 ]

 [[package]]
@@ -1800,7 +1788,7 @@ dependencies = [
 "portable-atomic",
 "portable-atomic-util",
 "serde_core",
- "windows-sys 0.61.0",
+ "windows-sys 0.59.0",
 ]

 [[package]]
@@ -1883,9 +1871,9 @@ checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"

 [[package]]
 name = "libc"
-version = "0.2.177"
+version = "0.2.178"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2874a2af47a2325c2001a6e6fad9b16a53b802102b528163885171cf92b15976"
+checksum = "37c93d8daa9d8a012fd8ab92f088405fb202ea0b6ab73ee2482ae66af4f42091"

 [[package]]
 name = "libcst"
@@ -1991,9 +1979,9 @@ dependencies = [

 [[package]]
 name = "log"
-version = "0.4.28"
+version = "0.4.29"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "34080505efa8e45a4b816c349525ebe327ceaa8559756f0356cba97ef3bf7432"
+checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897"

 [[package]]
 name = "lsp-server"
@@ -2310,6 +2298,16 @@ dependencies = [
 "memchr",
 ]

+[[package]]
+name = "page_size"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "30d5b2194ed13191c1999ae0704b7839fb18384fa22e49b57eeaa97d79ce40da"
+dependencies = [
+ "libc",
+ "winapi",
+]
+
 [[package]]
 name = "parking_lot"
 version = "0.12.4"
@@ -2897,18 +2895,21 @@ checksum = "caf4aa5b0f434c91fe5c7f1ecb6a5ece2130b02ad2a590589dda5146df959001"

 [[package]]
 name = "ron"
-version = "0.7.1"
+version = "0.12.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "88073939a61e5b7680558e6be56b419e208420c2adb92be54921fa6b72283f1a"
+checksum = "fd490c5b18261893f14449cbd28cb9c0b637aebf161cd77900bfdedaff21ec32"
 dependencies = [
- "base64",
- "bitflags 1.3.2",
+ "bitflags 2.10.0",
+ "once_cell",
 "serde",
+ "serde_derive",
+ "typeid",
+ "unicode-ident",
 ]

 [[package]]
 name = "ruff"
-version = "0.14.9"
+version = "0.14.10"
 dependencies = [
 "anyhow",
 "argfile",
@@ -3150,6 +3151,7 @@ dependencies = [
 "salsa",
 "schemars",
 "serde",
+ "ty_module_resolver",
 "ty_python_semantic",
 "zip",
 ]
@@ -3166,7 +3168,7 @@ dependencies = [

 [[package]]
 name = "ruff_linter"
-version = "0.14.9"
+version = "0.14.10"
 dependencies = [
 "aho-corasick",
 "anyhow",
@@ -3525,7 +3527,7 @@ dependencies = [

 [[package]]
 name = "ruff_wasm"
-version = "0.14.9"
+version = "0.14.10"
 dependencies = [
 "console_error_panic_hook",
 "console_log",
@@ -3623,7 +3625,7 @@ dependencies = [
 "errno",
 "libc",
 "linux-raw-sys",
- "windows-sys 0.61.0",
+ "windows-sys 0.59.0",
 ]

 [[package]]
@@ -3640,8 +3642,8 @@ checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f"

 [[package]]
 name = "salsa"
-version = "0.24.0"
-source = "git+https://github.com/salsa-rs/salsa.git?rev=55e5e7d32fa3fc189276f35bb04c9438f9aedbd1#55e5e7d32fa3fc189276f35bb04c9438f9aedbd1"
+version = "0.25.2"
+source = "git+https://github.com/salsa-rs/salsa.git?rev=309c249088fdeef0129606fa34ec2eefc74736ff#309c249088fdeef0129606fa34ec2eefc74736ff"
 dependencies = [
 "boxcar",
 "compact_str",
@@ -3665,13 +3667,13 @@ dependencies = [

 [[package]]
 name = "salsa-macro-rules"
-version = "0.24.0"
-source = "git+https://github.com/salsa-rs/salsa.git?rev=55e5e7d32fa3fc189276f35bb04c9438f9aedbd1#55e5e7d32fa3fc189276f35bb04c9438f9aedbd1"
+version = "0.25.2"
+source = "git+https://github.com/salsa-rs/salsa.git?rev=309c249088fdeef0129606fa34ec2eefc74736ff#309c249088fdeef0129606fa34ec2eefc74736ff"

 [[package]]
 name = "salsa-macros"
-version = "0.24.0"
-source = "git+https://github.com/salsa-rs/salsa.git?rev=55e5e7d32fa3fc189276f35bb04c9438f9aedbd1#55e5e7d32fa3fc189276f35bb04c9438f9aedbd1"
+version = "0.25.2"
+source = "git+https://github.com/salsa-rs/salsa.git?rev=309c249088fdeef0129606fa34ec2eefc74736ff#309c249088fdeef0129606fa34ec2eefc74736ff"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -3690,9 +3692,9 @@ dependencies = [

 [[package]]
 name = "schemars"
-version = "1.0.5"
+version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1317c3bf3e7df961da95b0a56a172a02abead31276215a0497241a7624b487ce"
+checksum = "9558e172d4e8533736ba97870c4b2cd63f84b382a3d6eb063da41b91cce17289"
 dependencies = [
 "dyn-clone",
 "ref-cast",
@@ -3703,9 +3705,9 @@ dependencies = [

 [[package]]
 name = "schemars_derive"
-version = "1.0.5"
+version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f760a6150d45dd66ec044983c124595ae76912e77ed0b44124cb3e415cce5d9"
+checksum = "301858a4023d78debd2353c7426dc486001bddc91ae31a76fb1f55132f7e2633"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -3779,9 +3781,9 @@ dependencies = [

 [[package]]
 name = "serde_json"
-version = "1.0.145"
+version = "1.0.146"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "402a6f66d8c709116cf22f558eab210f5a50187f702eb4d7e5ef38d9a7f1c79c"
+checksum = "217ca874ae0207aac254aa02c957ded05585a90892cc8d87f9e5fa49669dadd8"
 dependencies = [
 "itoa",
 "memchr",
@@ -3803,9 +3805,9 @@ dependencies = [

 [[package]]
 name = "serde_spanned"
-version = "1.0.3"
+version = "1.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e24345aa0fe688594e73770a5f6d1b216508b4f93484c0026d521acd30134392"
+checksum = "f8bbf91e5a4d6315eee45e704372590b30e260ee83af6639d64557f51b067776"
 dependencies = [
 "serde_core",
 ]
@@ -3821,9 +3823,9 @@ dependencies = [

 [[package]]
 name = "serde_with"
-version = "3.15.1"
+version = "3.16.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aa66c845eee442168b2c8134fec70ac50dc20e760769c8ba0ad1319ca1959b04"
+checksum = "4fa237f2807440d238e0364a218270b98f767a00d3dada77b1c53ae88940e2e7"
 dependencies = [
 "serde_core",
 "serde_with_macros",
@@ -3831,9 +3833,9 @@ dependencies = [

 [[package]]
 name = "serde_with_macros"
-version = "3.15.1"
+version = "3.16.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b91a903660542fced4e99881aa481bdbaec1634568ee02e0b8bd57c64cb38955"
+checksum = "52a8e3ca0ca629121f70ab50f95249e5a6f925cc0f6ffe8256c45b728875706c"
 dependencies = [
 "darling",
 "proc-macro2",
@@ -3983,9 +3985,9 @@ dependencies = [

 [[package]]
 name = "supports-hyperlinks"
-version = "3.1.0"
+version = "3.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "804f44ed3c63152de6a9f90acbea1a110441de43006ea51bcce8f436196a288b"
+checksum = "e396b6523b11ccb83120b115a0b7366de372751aa6edf19844dfb13a6af97e91"

 [[package]]
 name = "syn"
@@ -4025,7 +4027,7 @@ dependencies = [
 "getrandom 0.3.4",
 "once_cell",
 "rustix",
- "windows-sys 0.61.0",
+ "windows-sys 0.59.0",
 ]

 [[package]]
@@ -4219,9 +4221,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"

 [[package]]
 name = "toml"
-version = "0.9.8"
+version = "0.9.10+spec-1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f0dc8b1fb61449e27716ec0e1bdf0f6b8f3e8f6b05391e8497b8b6d7804ea6d8"
+checksum = "0825052159284a1a8b4d6c0c86cbc801f2da5afd2b225fa548c72f2e74002f48"
 dependencies = [
 "indexmap",
 "serde_core",
@@ -4234,9 +4236,9 @@ dependencies = [

 [[package]]
 name = "toml_datetime"
-version = "0.7.3"
+version = "0.7.5+spec-1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f2cdb639ebbc97961c51720f858597f7f24c4fc295327923af55b74c3c724533"
+checksum = "92e1cfed4a3038bc5a127e35a2d360f145e1f4b971b551a2ba5fd7aedf7e1347"
 dependencies = [
 "serde_core",
 ]
@@ -4255,24 +4257,24 @@ dependencies = [

 [[package]]
 name = "toml_parser"
-version = "1.0.4"
+version = "1.0.6+spec-1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c0cbe268d35bdb4bb5a56a2de88d0ad0eb70af5384a99d648cd4b3d04039800e"
+checksum = "a3198b4b0a8e11f09dd03e133c0280504d0801269e9afa46362ffde1cbeebf44"
 dependencies = [
 "winnow",
 ]

 [[package]]
 name = "toml_writer"
-version = "1.0.4"
+version = "1.0.6+spec-1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "df8b2b54733674ad286d16267dcfc7a71ed5c776e4ac7aa3c3e2561f7c637bf2"
+checksum = "ab16f14aed21ee8bfd8ec22513f7287cd4a91aa92e44edfe2c17ddd004e92607"

 [[package]]
 name = "tracing"
-version = "0.1.43"
+version = "0.1.44"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2d15d90a0b5c19378952d479dc858407149d7bb45a14de0142f6c534b16fc647"
+checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100"
 dependencies = [
 "log",
 "pin-project-lite",
@@ -4293,9 +4295,9 @@ dependencies = [

 [[package]]
 name = "tracing-core"
-version = "0.1.35"
+version = "0.1.36"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7a04e24fab5c89c6a36eb8558c9656f30d81de51dfa4d3b45f26b21d61fa0a6c"
+checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a"
 dependencies = [
 "once_cell",
 "valuable",
@@ -4314,9 +4316,9 @@ dependencies = [

 [[package]]
 name = "tracing-indicatif"
-version = "0.3.13"
+version = "0.3.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "04d4e11e0e27acef25a47f27e9435355fecdc488867fa2bc90e75b0700d2823d"
+checksum = "e1ef6990e0438749f0080573248e96631171a0b5ddfddde119aa5ba8c3a9c47e"
 dependencies = [
 "indicatif",
 "tracing",
@@ -4396,6 +4398,7 @@ dependencies = [
 "tracing-flame",
 "tracing-subscriber",
 "ty_combine",
+ "ty_module_resolver",
 "ty_project",
 "ty_python_semantic",
 "ty_server",
@@ -4410,7 +4413,6 @@ dependencies = [
 "ordermap",
 "ruff_db",
 "ruff_python_ast",
- "ty_python_semantic",
 ]

 [[package]]
@@ -4428,8 +4430,8 @@ dependencies = [
 "tempfile",
 "toml",
 "ty_ide",
+ "ty_module_resolver",
 "ty_project",
- "ty_python_semantic",
 "walkdir",
 ]

@@ -4459,11 +4461,35 @@ dependencies = [
 "salsa",
 "smallvec",
 "tracing",
+ "ty_module_resolver",
 "ty_project",
 "ty_python_semantic",
 "ty_vendored",
 ]

+[[package]]
+name = "ty_module_resolver"
+version = "0.0.0"
+dependencies = [
+ "anyhow",
+ "camino",
+ "compact_str",
+ "get-size2",
+ "insta",
+ "ruff_db",
+ "ruff_memory_usage",
+ "ruff_python_ast",
+ "ruff_python_stdlib",
+ "rustc-hash",
+ "salsa",
+ "strum",
+ "strum_macros",
+ "tempfile",
+ "thiserror 2.0.17",
+ "tracing",
+ "ty_vendored",
+]
+
 [[package]]
 name = "ty_project"
 version = "0.0.0"
@@ -4498,6 +4524,7 @@ dependencies = [
 "toml",
 "tracing",
 "ty_combine",
+ "ty_module_resolver",
 "ty_python_semantic",
 "ty_static",
 "ty_vendored",
@@ -4513,7 +4540,7 @@ dependencies = [
 "camino",
 "colored 3.0.0",
 "compact_str",
- "dir-test",
+ "datatest-stable",
 "drop_bomb",
 "get-size2",
 "glob",
@@ -4550,11 +4577,11 @@ dependencies = [
 "strsim",
 "strum",
 "strum_macros",
- "tempfile",
 "test-case",
 "thiserror 2.0.17",
 "tracing",
- "ty_python_semantic",
+ "ty_combine",
+ "ty_module_resolver",
 "ty_static",
 "ty_test",
 "ty_vendored",
@@ -4593,6 +4620,7 @@ dependencies = [
 "tracing-subscriber",
 "ty_combine",
 "ty_ide",
+ "ty_module_resolver",
 "ty_project",
 "ty_python_semantic",
 ]
@@ -4633,6 +4661,7 @@ dependencies = [
 "thiserror 2.0.17",
 "toml",
 "tracing",
+ "ty_module_resolver",
 "ty_python_semantic",
 "ty_static",
 "ty_vendored",
@@ -4680,6 +4709,12 @@ version = "2.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6af6ae20167a9ece4bcb41af5b80f8a1f1df981f6391189ce00fd257af04126a"

+[[package]]
+name = "typeid"
+version = "1.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bc7d623258602320d5c55d1bc22793b57daff0ec7efc270ea7d55ce1d5f5471c"
+
 [[package]]
 name = "typenum"
 version = "1.18.0"
@@ -4839,9 +4874,9 @@ checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"

 [[package]]
 name = "uuid"
-version = "1.18.1"
+version = "1.19.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2f87b8aa10b915a06587d0dec516c282ff295b475d94abf425d62b57710070a2"
+checksum = "e2e054861b4bd027cd373e18e8d8d8e6548085000e41290d95ce0c373a654b4a"
 dependencies = [
 "getrandom 0.3.4",
 "js-sys",
@@ -4852,9 +4887,9 @@ dependencies = [

 [[package]]
 name = "uuid-macro-internal"
-version = "1.18.1"
+version = "1.19.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d9384a660318abfbd7f8932c34d67e4d1ec511095f95972ddc01e19d7ba8413f"
+checksum = "39d11901c36b3650df7acb0f9ebe624f35b5ac4e1922ecd3c57f444648429594"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -5074,15 +5109,37 @@ dependencies = [
 "glob",
 ]

+[[package]]
+name = "winapi"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
+dependencies = [
+ "winapi-i686-pc-windows-gnu",
+ "winapi-x86_64-pc-windows-gnu",
+]
+
+[[package]]
+name = "winapi-i686-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
+
 [[package]]
 name = "winapi-util"
 version = "0.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22"
 dependencies = [
- "windows-sys 0.61.0",
+ "windows-sys 0.59.0",
 ]

+[[package]]
+name = "winapi-x86_64-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
+
 [[package]]
 name = "windows-core"
 version = "0.62.0"
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -45,6 +45,7 @@ ty = { path = "crates/ty" }
 ty_combine = { path = "crates/ty_combine" }
 ty_completion_eval = { path = "crates/ty_completion_eval" }
 ty_ide = { path = "crates/ty_ide" }
+ty_module_resolver = { path = "crates/ty_module_resolver" }
 ty_project = { path = "crates/ty_project", default-features = false }
 ty_python_semantic = { path = "crates/ty_python_semantic" }
 ty_server = { path = "crates/ty_server" }
@@ -78,11 +79,10 @@ console_error_panic_hook = { version = "0.1.7" }
 console_log = { version = "1.0.0" }
 countme = { version = "3.0.1" }
 compact_str = "0.9.0"
-criterion = { version = "0.7.0", default-features = false }
+criterion = { version = "0.8.0", default-features = false }
 crossbeam = { version = "0.8.4" }
 dashmap = { version = "6.0.1" }
 datatest-stable = { version = "0.3.3" }
-dir-test = { version = "0.4.0" }
 dunce = { version = "1.0.5" }
 drop_bomb = { version = "0.1.5" }
 etcetera = { version = "0.11.0" }
@@ -138,6 +138,8 @@ pep440_rs = { version = "0.7.1" }
 pretty_assertions = "1.3.0"
 proc-macro2 = { version = "1.0.79" }
 pyproject-toml = { version = "0.13.4" }
+quickcheck = { version = "1.0.3", default-features = false}
+quickcheck_macros = { version = "1.0.0" }
 quick-junit = { version = "0.5.0" }
 quote = { version = "1.0.23" }
 rand = { version = "0.9.0" }
@@ -147,7 +149,7 @@ regex-automata = { version = "0.4.9" }
 rustc-hash = { version = "2.0.0" }
 rustc-stable-hash = { version = "0.1.2" }
 # When updating salsa, make sure to also update the revision in `fuzz/Cargo.toml`
-salsa = { git = "https://github.com/salsa-rs/salsa.git", rev = "55e5e7d32fa3fc189276f35bb04c9438f9aedbd1", default-features = false, features = [
+salsa = { git = "https://github.com/salsa-rs/salsa.git", rev = "309c249088fdeef0129606fa34ec2eefc74736ff", default-features = false, features = [
    "compact_str",
    "macros",
    "salsa_unstable",
--- a/README.md
+++ b/README.md
@@ -150,8 +150,8 @@ curl -LsSf https://astral.sh/ruff/install.sh | sh
 powershell -c "irm https://astral.sh/ruff/install.ps1 | iex"

 # For a specific version.
-curl -LsSf https://astral.sh/ruff/0.14.9/install.sh | sh
-powershell -c "irm https://astral.sh/ruff/0.14.9/install.ps1 | iex"
+curl -LsSf https://astral.sh/ruff/0.14.10/install.sh | sh
+powershell -c "irm https://astral.sh/ruff/0.14.10/install.ps1 | iex"
 ```

 You can also install Ruff via [Homebrew](https://formulae.brew.sh/formula/ruff), [Conda](https://anaconda.org/conda-forge/ruff),
@@ -184,7 +184,7 @@ Ruff can also be used as a [pre-commit](https://pre-commit.com/) hook via [`ruff
 ```yaml
 - repo: https://github.com/astral-sh/ruff-pre-commit
  # Ruff version.
-  rev: v0.14.9
+  rev: v0.14.10
  hooks:
    # Run the linter.
    - id: ruff-check
--- a/_typos.toml
+++ b/_typos.toml
@@ -4,6 +4,7 @@ extend-exclude = [
    "crates/ty_vendored/vendor/**/*",
    "**/resources/**/*",
    "**/snapshots/**/*",
+    "crates/ruff_linter/src/rules/flake8_implicit_str_concat/rules/collection_literal.rs",
    # Completion tests tend to have a lot of incomplete
    # words naturally. It's annoying to have to make all
    # of them actually words. So just ignore typos here.
--- a/crates/ruff/Cargo.toml
+++ b/crates/ruff/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "ruff"
-version = "0.14.9"
+version = "0.14.10"
 publish = true
 authors = { workspace = true }
 edition = { workspace = true }
--- a/crates/ruff/tests/cli/snapshots/cliformatoutput_format_github.snap
+++ b/crates/ruff/tests/cli/snapshots/cliformatoutput_format_github.snap
@@ -14,6 +14,6 @@ info:
 success: false
 exit_code: 1
 ----- stdout -----
-::error title=Ruff (unformatted),file=[TMP]/input.py,line=1,col=1,endLine=2,endColumn=1::input.py:1:1: unformatted: File would be reformatted
+::error title=Ruff (unformatted),file=[TMP]/input.py,line=1,endLine=2::input.py:1:1: unformatted: File would be reformatted

 ----- stderr -----
--- a/crates/ruff_benchmark/Cargo.toml
+++ b/crates/ruff_benchmark/Cargo.toml
@@ -19,32 +19,32 @@ doctest = false
 [[bench]]
 name = "linter"
 harness = false
-required-features = ["instrumented"]
+required-features = ["ruff_instrumented"]

 [[bench]]
 name = "lexer"
 harness = false
-required-features = ["instrumented"]
+required-features = ["ruff_instrumented"]

 [[bench]]
 name = "parser"
 harness = false
-required-features = ["instrumented"]
+required-features = ["ruff_instrumented"]

 [[bench]]
 name = "formatter"
 harness = false
-required-features = ["instrumented"]
+required-features = ["ruff_instrumented"]

 [[bench]]
 name = "ty"
 harness = false
-required-features = ["instrumented"]
+required-features = ["ty_instrumented"]

 [[bench]]
 name = "ty_walltime"
 harness = false
-required-features = ["walltime"]
+required-features = ["ty_walltime"]

 [dependencies]
 ruff_db = { workspace = true, features = ["testing"] }
@@ -67,25 +67,32 @@ tracing = { workspace = true }
 workspace = true

 [features]
-default = ["instrumented", "walltime"]
-# Enables the benchmark that should only run with codspeed's instrumented runner
-instrumented = [
+default = ["ty_instrumented", "ty_walltime", "ruff_instrumented"]
+# Enables the ruff instrumented benchmarks
+ruff_instrumented = [
    "criterion",
    "ruff_linter",
    "ruff_python_formatter",
    "ruff_python_parser",
    "ruff_python_trivia",
+    "mimalloc",
+    "tikv-jemallocator",
+]
+# Enables the ty instrumented benchmarks
+ty_instrumented = [
+    "criterion",
    "ty_project",
+    "ruff_python_trivia",
 ]
 codspeed = ["codspeed-criterion-compat"]
-# Enables benchmark that should only run with codspeed's walltime runner.
-walltime = ["ruff_db/os", "ty_project", "divan"]
+# Enables the ty_walltime benchmarks
+ty_walltime = ["ruff_db/os", "ty_project", "divan"]

-[target.'cfg(target_os = "windows")'.dev-dependencies]
-mimalloc = { workspace = true }
+[target.'cfg(target_os = "windows")'.dependencies]
+mimalloc = { workspace = true, optional = true }

-[target.'cfg(all(not(target_os = "windows"), not(target_os = "openbsd"), any(target_arch = "x86_64", target_arch = "aarch64", target_arch = "powerpc64", target_arch = "riscv64")))'.dev-dependencies]
-tikv-jemallocator = { workspace = true }
+[target.'cfg(all(not(target_os = "windows"), not(target_os = "openbsd"), any(target_arch = "x86_64", target_arch = "aarch64", target_arch = "powerpc64", target_arch = "riscv64")))'.dependencies]
+tikv-jemallocator = { workspace = true, optional = true }

 [dev-dependencies]
 rustc-hash = { workspace = true }
--- a/crates/ruff_benchmark/benches/ty_walltime.rs
+++ b/crates/ruff_benchmark/benches/ty_walltime.rs
@@ -194,7 +194,7 @@ static SYMPY: Benchmark = Benchmark::new(
        max_dep_date: "2025-06-17",
        python_version: PythonVersion::PY312,
    },
-    13100,
+    13109,
 );

 static TANJUN: Benchmark = Benchmark::new(
@@ -235,30 +235,55 @@ fn run_single_threaded(bencher: Bencher, benchmark: &Benchmark) {
        });
 }

-#[bench(args=[&ALTAIR, &FREQTRADE, &TANJUN], sample_size=2, sample_count=3)]
-fn small(bencher: Bencher, benchmark: &Benchmark) {
-    run_single_threaded(bencher, benchmark);
+#[bench(sample_size = 2, sample_count = 3)]
+fn altair(bencher: Bencher) {
+    run_single_threaded(bencher, &ALTAIR);
 }

-#[bench(args=[&COLOUR_SCIENCE, &PANDAS, &STATIC_FRAME], sample_size=1, sample_count=3)]
-fn medium(bencher: Bencher, benchmark: &Benchmark) {
-    run_single_threaded(bencher, benchmark);
+#[bench(sample_size = 2, sample_count = 3)]
+fn freqtrade(bencher: Bencher) {
+    run_single_threaded(bencher, &FREQTRADE);
 }

-#[bench(args=[&SYMPY, &PYDANTIC], sample_size=1, sample_count=2)]
-fn large(bencher: Bencher, benchmark: &Benchmark) {
-    run_single_threaded(bencher, benchmark);
+#[bench(sample_size = 2, sample_count = 3)]
+fn tanjun(bencher: Bencher) {
+    run_single_threaded(bencher, &TANJUN);
 }

-#[bench(args=[&ALTAIR], sample_size=3, sample_count=8)]
-fn multithreaded(bencher: Bencher, benchmark: &Benchmark) {
+#[bench(sample_size = 2, sample_count = 3)]
+fn pydantic(bencher: Bencher) {
+    run_single_threaded(bencher, &PYDANTIC);
+}
+
+#[bench(sample_size = 1, sample_count = 3)]
+fn static_frame(bencher: Bencher) {
+    run_single_threaded(bencher, &STATIC_FRAME);
+}
+
+#[bench(sample_size = 1, sample_count = 2)]
+fn colour_science(bencher: Bencher) {
+    run_single_threaded(bencher, &COLOUR_SCIENCE);
+}
+
+#[bench(sample_size = 1, sample_count = 2)]
+fn pandas(bencher: Bencher) {
+    run_single_threaded(bencher, &PANDAS);
+}
+
+#[bench(sample_size = 1, sample_count = 2)]
+fn sympy(bencher: Bencher) {
+    run_single_threaded(bencher, &SYMPY);
+}
+
+#[bench(sample_size = 3, sample_count = 8)]
+fn multithreaded(bencher: Bencher) {
    let thread_pool = ThreadPoolBuilder::new().build().unwrap();

    bencher
-        .with_inputs(|| benchmark.setup_iteration())
+        .with_inputs(|| ALTAIR.setup_iteration())
        .bench_local_values(|db| {
            thread_pool.install(|| {
-                check_project(&db, benchmark.project.name, benchmark.max_diagnostics);
+                check_project(&db, ALTAIR.project.name, ALTAIR.max_diagnostics);
                db
            })
        });
--- a/crates/ruff_benchmark/src/lib.rs
+++ b/crates/ruff_benchmark/src/lib.rs
@@ -1,6 +1,6 @@
 use std::path::PathBuf;

-#[cfg(feature = "instrumented")]
+#[cfg(any(feature = "ty_instrumented", feature = "ruff_instrumented"))]
 pub mod criterion;
 pub mod real_world_projects;

--- a/crates/ruff_db/src/cancellation.rs
+++ b/crates/ruff_db/src/cancellation.rs
@@ -0,0 +1,51 @@
+use std::sync::Arc;
+use std::sync::atomic::AtomicBool;
+
+/// Signals a [`CancellationToken`] that it should be canceled.
+#[derive(Debug, Clone)]
+pub struct CancellationTokenSource {
+    cancelled: Arc<AtomicBool>,
+}
+
+impl Default for CancellationTokenSource {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+impl CancellationTokenSource {
+    pub fn new() -> Self {
+        Self {
+            cancelled: Arc::new(AtomicBool::new(false)),
+        }
+    }
+
+    pub fn is_cancellation_requested(&self) -> bool {
+        self.cancelled.load(std::sync::atomic::Ordering::Relaxed)
+    }
+
+    /// Creates a new token that uses this source.
+    pub fn token(&self) -> CancellationToken {
+        CancellationToken {
+            cancelled: self.cancelled.clone(),
+        }
+    }
+
+    /// Requests cancellation for operations using this token.
+    pub fn cancel(&self) {
+        self.cancelled
+            .store(true, std::sync::atomic::Ordering::Relaxed);
+    }
+}
+
+/// Token signals whether an operation should be canceled.
+#[derive(Debug, Clone)]
+pub struct CancellationToken {
+    cancelled: Arc<AtomicBool>,
+}
+
+impl CancellationToken {
+    pub fn is_cancelled(&self) -> bool {
+        self.cancelled.load(std::sync::atomic::Ordering::Relaxed)
+    }
+}
--- a/crates/ruff_db/src/diagnostic/mod.rs
+++ b/crates/ruff_db/src/diagnostic/mod.rs
@@ -1,4 +1,4 @@
-use std::{fmt::Formatter, path::Path, sync::Arc};
+use std::{borrow::Cow, fmt::Formatter, path::Path, sync::Arc};

 use ruff_diagnostics::{Applicability, Fix};
 use ruff_source_file::{LineColumn, SourceCode, SourceFile};
@@ -11,6 +11,7 @@ pub use self::render::{
    ceil_char_boundary,
    github::{DisplayGithubDiagnostics, GithubRenderer},
 };
+use crate::cancellation::CancellationToken;
 use crate::{Db, files::File};

 mod render;
@@ -410,11 +411,6 @@ impl Diagnostic {
        self.id().is_invalid_syntax()
    }

-    /// Returns the message body to display to the user.
-    pub fn body(&self) -> &str {
-        self.primary_message()
-    }
-
    /// Returns the message of the first sub-diagnostic with a `Help` severity.
    ///
    /// Note that this is used as the fix title/suggestion for some of Ruff's output formats, but in
@@ -1312,6 +1308,8 @@ pub struct DisplayDiagnosticConfig {
    show_fix_diff: bool,
    /// The lowest applicability that should be shown when reporting diagnostics.
    fix_applicability: Applicability,
+
+    cancellation_token: Option<CancellationToken>,
 }

 impl DisplayDiagnosticConfig {
@@ -1385,6 +1383,20 @@ impl DisplayDiagnosticConfig {
    pub fn fix_applicability(&self) -> Applicability {
        self.fix_applicability
    }
+
+    pub fn with_cancellation_token(
+        mut self,
+        token: Option<CancellationToken>,
+    ) -> DisplayDiagnosticConfig {
+        self.cancellation_token = token;
+        self
+    }
+
+    pub fn is_canceled(&self) -> bool {
+        self.cancellation_token
+            .as_ref()
+            .is_some_and(|token| token.is_cancelled())
+    }
 }

 impl Default for DisplayDiagnosticConfig {
@@ -1398,6 +1410,7 @@ impl Default for DisplayDiagnosticConfig {
            show_fix_status: false,
            show_fix_diff: false,
            fix_applicability: Applicability::Safe,
+            cancellation_token: None,
        }
    }
 }
@@ -1474,6 +1487,15 @@ pub enum ConciseMessage<'a> {
    Custom(&'a str),
 }

+impl<'a> ConciseMessage<'a> {
+    pub fn to_str(&self) -> Cow<'a, str> {
+        match self {
+            ConciseMessage::MainDiagnostic(s) | ConciseMessage::Custom(s) => Cow::Borrowed(s),
+            ConciseMessage::Both { .. } => Cow::Owned(self.to_string()),
+        }
+    }
+}
+
 impl std::fmt::Display for ConciseMessage<'_> {
    fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
        match *self {
@@ -1490,6 +1512,16 @@ impl std::fmt::Display for ConciseMessage<'_> {
    }
 }

+#[cfg(feature = "serde")]
+impl serde::Serialize for ConciseMessage<'_> {
+    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+    where
+        S: serde::Serializer,
+    {
+        serializer.collect_str(self)
+    }
+}
+
 /// A diagnostic message string.
 ///
 /// This is, for all intents and purposes, equivalent to a `Box<str>`.
--- a/crates/ruff_db/src/diagnostic/render/azure.rs
+++ b/crates/ruff_db/src/diagnostic/render/azure.rs
@@ -52,7 +52,7 @@ impl AzureRenderer<'_> {
                f,
                "code={code};]{body}",
                code = diag.secondary_code_or_id(),
-                body = diag.body(),
+                body = diag.concise_message(),
            )?;
        }

--- a/crates/ruff_db/src/diagnostic/render/concise.rs
+++ b/crates/ruff_db/src/diagnostic/render/concise.rs
@@ -28,6 +28,10 @@ impl<'a> ConciseRenderer<'a> {

        let sep = fmt_styled(":", stylesheet.separator);
        for diag in diagnostics {
+            if self.config.is_canceled() {
+                return Ok(());
+            }
+
            if let Some(span) = diag.primary_span() {
                write!(
                    f,
--- a/crates/ruff_db/src/diagnostic/render/full.rs
+++ b/crates/ruff_db/src/diagnostic/render/full.rs
@@ -53,6 +53,10 @@ impl<'a> FullRenderer<'a> {
            .hyperlink(stylesheet.hyperlink);

        for diag in diagnostics {
+            if self.config.is_canceled() {
+                return Ok(());
+            }
+
            let resolved = Resolved::new(self.resolver, diag, self.config);
            let renderable = resolved.to_renderable(self.config.context);
            for diag in renderable.diagnostics.iter() {
--- a/crates/ruff_db/src/diagnostic/render/github.rs
+++ b/crates/ruff_db/src/diagnostic/render/github.rs
@@ -49,14 +49,26 @@ impl<'a> GithubRenderer<'a> {
                }
                .unwrap_or_default();

-                write!(
-                    f,
-                    ",line={row},col={column},endLine={end_row},endColumn={end_column}::",
-                    row = start_location.line,
-                    column = start_location.column,
-                    end_row = end_location.line,
-                    end_column = end_location.column,
-                )?;
+                // GitHub Actions workflow commands have constraints on error annotations:
+                // - `col` and `endColumn` cannot be set if `line` and `endLine` are different
+                // See: https://github.com/astral-sh/ruff/issues/22074
+                if start_location.line == end_location.line {
+                    write!(
+                        f,
+                        ",line={row},col={column},endLine={end_row},endColumn={end_column}::",
+                        row = start_location.line,
+                        column = start_location.column,
+                        end_row = end_location.line,
+                        end_column = end_location.column,
+                    )?;
+                } else {
+                    write!(
+                        f,
+                        ",line={row},endLine={end_row}::",
+                        row = start_location.line,
+                        end_row = end_location.line,
+                    )?;
+                }

                write!(
                    f,
@@ -75,7 +87,7 @@ impl<'a> GithubRenderer<'a> {
                write!(f, "{id}:", id = diagnostic.id())?;
            }

-            writeln!(f, " {}", diagnostic.body())?;
+            writeln!(f, " {}", diagnostic.concise_message())?;
        }

        Ok(())
--- a/crates/ruff_db/src/diagnostic/render/gitlab.rs
+++ b/crates/ruff_db/src/diagnostic/render/gitlab.rs
@@ -98,7 +98,7 @@ impl Serialize for SerializedMessages<'_> {
            }
            fingerprints.insert(message_fingerprint);

-            let description = diagnostic.body();
+            let description = diagnostic.concise_message();
            let check_name = diagnostic.secondary_code_or_id();
            let severity = match diagnostic.severity() {
                Severity::Info => "info",
--- a/crates/ruff_db/src/diagnostic/render/json.rs
+++ b/crates/ruff_db/src/diagnostic/render/json.rs
@@ -6,7 +6,7 @@ use ruff_notebook::NotebookIndex;
 use ruff_source_file::{LineColumn, OneIndexed};
 use ruff_text_size::Ranged;

-use crate::diagnostic::{Diagnostic, DiagnosticSource, DisplayDiagnosticConfig};
+use crate::diagnostic::{ConciseMessage, Diagnostic, DiagnosticSource, DisplayDiagnosticConfig};

 use super::FileResolver;

@@ -101,7 +101,7 @@ pub(super) fn diagnostic_to_json<'a>(
        JsonDiagnostic {
            code: diagnostic.secondary_code_or_id(),
            url: diagnostic.documentation_url(),
-            message: diagnostic.body(),
+            message: diagnostic.concise_message(),
            fix,
            cell: notebook_cell_index,
            location: start_location.map(JsonLocation::from),
@@ -113,7 +113,7 @@ pub(super) fn diagnostic_to_json<'a>(
        JsonDiagnostic {
            code: diagnostic.secondary_code_or_id(),
            url: diagnostic.documentation_url(),
-            message: diagnostic.body(),
+            message: diagnostic.concise_message(),
            fix,
            cell: notebook_cell_index,
            location: Some(start_location.unwrap_or_default().into()),
@@ -226,7 +226,7 @@ pub(crate) struct JsonDiagnostic<'a> {
    filename: Option<&'a str>,
    fix: Option<JsonFix<'a>>,
    location: Option<JsonLocation>,
-    message: &'a str,
+    message: ConciseMessage<'a>,
    noqa_row: Option<OneIndexed>,
    url: Option<&'a str>,
 }
--- a/crates/ruff_db/src/diagnostic/render/junit.rs
+++ b/crates/ruff_db/src/diagnostic/render/junit.rs
@@ -56,17 +56,17 @@ impl<'a> JunitRenderer<'a> {
                        start_location: location,
                    } = diagnostic;
                    let mut status = TestCaseStatus::non_success(NonSuccessKind::Failure);
-                    status.set_message(diagnostic.body());
+                    status.set_message(diagnostic.concise_message().to_str());

                    if let Some(location) = location {
                        status.set_description(format!(
                            "line {row}, col {col}, {body}",
                            row = location.line,
                            col = location.column,
-                            body = diagnostic.body()
+                            body = diagnostic.concise_message()
                        ));
                    } else {
-                        status.set_description(diagnostic.body());
+                        status.set_description(diagnostic.concise_message().to_str());
                    }

                    let code = diagnostic
--- a/crates/ruff_db/src/diagnostic/render/pylint.rs
+++ b/crates/ruff_db/src/diagnostic/render/pylint.rs
@@ -55,7 +55,7 @@ impl PylintRenderer<'_> {
                f,
                "{path}:{row}: [{code}] {body}",
                path = filename,
-                body = diagnostic.body()
+                body = diagnostic.concise_message()
            )?;
        }

--- a/crates/ruff_db/src/diagnostic/render/rdjson.rs
+++ b/crates/ruff_db/src/diagnostic/render/rdjson.rs
@@ -5,7 +5,7 @@ use ruff_diagnostics::{Edit, Fix};
 use ruff_source_file::{LineColumn, SourceCode};
 use ruff_text_size::Ranged;

-use crate::diagnostic::Diagnostic;
+use crate::diagnostic::{ConciseMessage, Diagnostic};

 use super::FileResolver;

@@ -76,7 +76,7 @@ fn diagnostic_to_rdjson<'a>(
    let edits = diagnostic.fix().map(Fix::edits).unwrap_or_default();

    RdjsonDiagnostic {
-        message: diagnostic.body(),
+        message: diagnostic.concise_message(),
        location,
        code: RdjsonCode {
            value: diagnostic
@@ -155,7 +155,7 @@ struct RdjsonDiagnostic<'a> {
    code: RdjsonCode<'a>,
    #[serde(skip_serializing_if = "Option::is_none")]
    location: Option<RdjsonLocation<'a>>,
-    message: &'a str,
+    message: ConciseMessage<'a>,
    #[serde(skip_serializing_if = "Vec::is_empty")]
    suggestions: Vec<RdjsonSuggestion<'a>>,
 }
--- a/crates/ruff_db/src/diagnostic/render/snapshots/ruff_dbdiagnosticrendergithubtests__syntax_errors.snap
+++ b/crates/ruff_db/src/diagnostic/render/snapshots/ruff_dbdiagnosticrendergithubtests__syntax_errors.snap
@@ -2,5 +2,5 @@
 source: crates/ruff_db/src/diagnostic/render/github.rs
 expression: env.render_diagnostics(&diagnostics)
 ---
-::error title=ty (invalid-syntax),file=/syntax_errors.py,line=1,col=15,endLine=2,endColumn=1::syntax_errors.py:1:15: invalid-syntax: Expected one or more symbol names after import
-::error title=ty (invalid-syntax),file=/syntax_errors.py,line=3,col=12,endLine=4,endColumn=1::syntax_errors.py:3:12: invalid-syntax: Expected ')', found newline
+::error title=ty (invalid-syntax),file=/syntax_errors.py,line=1,endLine=2::syntax_errors.py:1:15: invalid-syntax: Expected one or more symbol names after import
+::error title=ty (invalid-syntax),file=/syntax_errors.py,line=3,endLine=4::syntax_errors.py:3:12: invalid-syntax: Expected ')', found newline
--- a/crates/ruff_db/src/lib.rs
+++ b/crates/ruff_db/src/lib.rs
@@ -12,6 +12,7 @@ use std::hash::BuildHasherDefault;
 use std::num::NonZeroUsize;
 use ty_static::EnvVars;

+pub mod cancellation;
 pub mod diagnostic;
 pub mod display;
 pub mod file_revision;
--- a/crates/ruff_db/src/system/os.rs
+++ b/crates/ruff_db/src/system/os.rs
@@ -275,16 +275,16 @@ impl OsSystem {
    /// instead of at least one system call for each component between `path` and `prefix`.
    ///
    /// However, using `canonicalize` to resolve the path's casing doesn't work in two cases:
-    /// * if `path` is a symlink because `canonicalize` then returns the symlink's target and not the symlink's source path.
-    /// * on Windows: If `path` is a mapped network drive because `canonicalize` then returns the UNC path
-    ///   (e.g. `Z:\` is mapped to `\\server\share` and `canonicalize` then returns `\\?\UNC\server\share`).
+    /// * if `path` is a symlink, `canonicalize` returns the symlink's target and not the symlink's source path.
+    /// * on Windows: If `path` is a mapped network drive, `canonicalize` returns the UNC path
+    ///   (e.g. `Z:\` is mapped to `\\server\share` and `canonicalize` returns `\\?\UNC\server\share`).
    ///
    /// Symlinks and mapped network drives should be rare enough that this fast path is worth trying first,
    /// even if it comes at a cost for those rare use cases.
    fn path_exists_case_sensitive_fast(&self, path: &SystemPath) -> Option<bool> {
        // This is a more forgiving version of `dunce::simplified` that removes all `\\?\` prefixes on Windows.
        // We use this more forgiving version because we don't intend on using either path for anything other than comparison
-        // and the prefix is only relevant when passing the path to other programs and its longer than 200 something
+        // and the prefix is only relevant when passing the path to other programs and it's longer than 200 something
        // characters.
        fn simplify_ignore_verbatim(path: &SystemPath) -> &SystemPath {
            if cfg!(windows) {
@@ -298,9 +298,7 @@ impl OsSystem {
            }
        }

-        let simplified = simplify_ignore_verbatim(path);
-
-        let Ok(canonicalized) = simplified.as_std_path().canonicalize() else {
+        let Ok(canonicalized) = path.as_std_path().canonicalize() else {
            // The path doesn't exist or can't be accessed. The path doesn't exist.
            return Some(false);
        };
@@ -309,12 +307,13 @@ impl OsSystem {
            // The original path is valid UTF8 but the canonicalized path isn't. This definitely suggests
            // that a symlink is involved. Fall back to the slow path.
            tracing::debug!(
-                "Falling back to the slow case-sensitive path existence check because the canonicalized path of `{simplified}` is not valid UTF-8"
+                "Falling back to the slow case-sensitive path existence check because the canonicalized path of `{path}` is not valid UTF-8"
            );
            return None;
        };

        let simplified_canonicalized = simplify_ignore_verbatim(&canonicalized);
+        let simplified = simplify_ignore_verbatim(path);

        // Test if the paths differ by anything other than casing. If so, that suggests that
        // `path` pointed to a symlink (or some other none reversible path normalization happened).
--- a/crates/ruff_db/src/system/test.rs
+++ b/crates/ruff_db/src/system/test.rs
@@ -1,5 +1,6 @@
 use glob::PatternError;
 use ruff_notebook::{Notebook, NotebookError};
+use rustc_hash::FxHashMap;
 use std::panic::RefUnwindSafe;
 use std::sync::{Arc, Mutex};

@@ -20,18 +21,44 @@ use super::walk_directory::WalkDirectoryBuilder;
 ///
 /// ## Warning
 /// Don't use this system for production code. It's intended for testing only.
-#[derive(Debug, Clone)]
+#[derive(Debug)]
 pub struct TestSystem {
    inner: Arc<dyn WritableSystem + RefUnwindSafe + Send + Sync>,
+    /// Environment variable overrides. If a key is present here, it takes precedence
+    /// over the inner system's environment variables.
+    env_overrides: Arc<Mutex<FxHashMap<String, Option<String>>>>,
+}
+
+impl Clone for TestSystem {
+    fn clone(&self) -> Self {
+        Self {
+            inner: self.inner.clone(),
+            env_overrides: self.env_overrides.clone(),
+        }
+    }
 }

 impl TestSystem {
    pub fn new(inner: impl WritableSystem + RefUnwindSafe + Send + Sync + 'static) -> Self {
        Self {
            inner: Arc::new(inner),
+            env_overrides: Arc::new(Mutex::new(FxHashMap::default())),
        }
    }

+    /// Sets an environment variable override. This takes precedence over the inner system.
+    pub fn set_env_var(&self, name: impl Into<String>, value: impl Into<String>) {
+        self.env_overrides
+            .lock()
+            .unwrap()
+            .insert(name.into(), Some(value.into()));
+    }
+
+    /// Removes an environment variable override, making it appear as not set.
+    pub fn remove_env_var(&self, name: impl Into<String>) {
+        self.env_overrides.lock().unwrap().insert(name.into(), None);
+    }
+
    /// Returns the [`InMemorySystem`].
    ///
    /// ## Panics
@@ -147,6 +174,18 @@ impl System for TestSystem {
        self.system().case_sensitivity()
    }

+    fn env_var(&self, name: &str) -> std::result::Result<String, std::env::VarError> {
+        // Check overrides first
+        if let Some(override_value) = self.env_overrides.lock().unwrap().get(name) {
+            return match override_value {
+                Some(value) => Ok(value.clone()),
+                None => Err(std::env::VarError::NotPresent),
+            };
+        }
+        // Fall back to inner system
+        self.system().env_var(name)
+    }
+
    fn dyn_clone(&self) -> Box<dyn System> {
        Box::new(self.clone())
    }
@@ -156,6 +195,7 @@ impl Default for TestSystem {
    fn default() -> Self {
        Self {
            inner: Arc::new(InMemorySystem::default()),
+            env_overrides: Arc::new(Mutex::new(FxHashMap::default())),
        }
    }
 }
--- a/crates/ruff_dev/src/generate_ty_options.rs
+++ b/crates/ruff_dev/src/generate_ty_options.rs
@@ -1,11 +1,13 @@
 //! Generate a Markdown-compatible listing of configuration options for `pyproject.toml`.

+use std::borrow::Cow;
+use std::{fmt::Write, path::PathBuf};
+
 use anyhow::bail;
 use itertools::Itertools;
 use pretty_assertions::StrComparison;
-use std::{fmt::Write, path::PathBuf};
-
 use ruff_options_metadata::{OptionField, OptionSet, OptionsMetadata, Visit};
+use ruff_python_trivia::textwrap;
 use ty_project::metadata::Options;

 use crate::{
@@ -165,62 +167,69 @@ fn emit_field(output: &mut String, name: &str, field: &OptionField, parents: &[S
    let _ = writeln!(output, "**Default value**: `{}`", field.default);
    output.push('\n');
    let _ = writeln!(output, "**Type**: `{}`", field.value_type);
+
    output.push('\n');
    output.push_str("**Example usage**:\n\n");
-    output.push_str(&format_example(
-        "pyproject.toml",
-        &format_header(
-            field.scope,
-            field.example,
-            parents,
-            ConfigurationFile::PyprojectToml,
-        ),
-        field.example,
-    ));
-    output.push('\n');
-}

-fn format_example(title: &str, header: &str, content: &str) -> String {
-    if header.is_empty() {
-        format!("```toml title=\"{title}\"\n{content}\n```\n",)
-    } else {
-        format!("```toml title=\"{title}\"\n{header}\n{content}\n```\n",)
+    for configuration_file in [ConfigurationFile::PyprojectToml, ConfigurationFile::TyToml] {
+        let (header, example) =
+            format_snippet(field.scope, field.example, parents, configuration_file);
+        output.push_str(&format_tab(configuration_file.name(), &header, &example));
+
+        output.push('\n');
    }
 }

+fn format_tab(tab_name: &str, header: &str, content: &str) -> String {
+    let header = if header.is_empty() {
+        String::new()
+    } else {
+        format!("\n    {header}")
+    };
+    format!(
+        "=== \"{}\"\n\n    ```toml{}\n{}\n    ```\n",
+        tab_name,
+        header,
+        textwrap::indent(content, "    ")
+    )
+}
 /// Format the TOML header for the example usage for a given option.
 ///
-/// For example: `[tool.ruff.format]` or `[tool.ruff.lint.isort]`.
-fn format_header(
+/// For example: `[tool.ty.rules]`.
+fn format_snippet<'a>(
    scope: Option<&str>,
-    example: &str,
+    example: &'a str,
    parents: &[Set],
    configuration: ConfigurationFile,
-) -> String {
-    let tool_parent = match configuration {
-        ConfigurationFile::PyprojectToml => Some("tool.ty"),
-        ConfigurationFile::TyToml => None,
-    };
+) -> (String, Cow<'a, str>) {
+    let mut example = Cow::Borrowed(example);

-    let header = tool_parent
+    let header = configuration
+        .parent_table()
        .into_iter()
        .chain(parents.iter().filter_map(|parent| parent.name()))
        .chain(scope)
        .join(".");

+    // Rewrite examples starting with `[tool.ty]` or `[[tool.ty]]` to their `ty.toml` equivalent.
+    if matches!(configuration, ConfigurationFile::TyToml) {
+        example = example.replace("[tool.ty.", "[").into();
+    }
+
    // Ex) `[[tool.ty.xx]]`
    if example.starts_with(&format!("[[{header}")) {
-        return String::new();
+        return (String::new(), example);
    }
+
    // Ex) `[tool.ty.rules]`
    if example.starts_with(&format!("[{header}")) {
-        return String::new();
+        return (String::new(), example);
    }

    if header.is_empty() {
-        String::new()
+        (String::new(), example)
    } else {
-        format!("[{header}]")
+        (format!("[{header}]"), example)
    }
 }

@@ -243,10 +252,25 @@ impl Visit for CollectOptionsVisitor {
 #[derive(Debug, Copy, Clone)]
 enum ConfigurationFile {
    PyprojectToml,
-    #[expect(dead_code)]
    TyToml,
 }

+impl ConfigurationFile {
+    const fn name(self) -> &'static str {
+        match self {
+            Self::PyprojectToml => "pyproject.toml",
+            Self::TyToml => "ty.toml",
+        }
+    }
+
+    const fn parent_table(self) -> Option<&'static str> {
+        match self {
+            Self::PyprojectToml => Some("tool.ty"),
+            Self::TyToml => None,
+        }
+    }
+}
+
 #[cfg(test)]
 mod tests {
    use anyhow::Result;
--- a/crates/ruff_dev/src/generate_ty_rules.rs
+++ b/crates/ruff_dev/src/generate_ty_rules.rs
@@ -63,12 +63,7 @@ fn generate_markdown() -> String {
    let _ = writeln!(&mut output, "# Rules\n");

    let mut lints: Vec<_> = registry.lints().iter().collect();
-    lints.sort_by(|a, b| {
-        a.default_level()
-            .cmp(&b.default_level())
-            .reverse()
-            .then_with(|| a.name().cmp(&b.name()))
-    });
+    lints.sort_by_key(|a| a.name());

    for lint in lints {
        let _ = writeln!(&mut output, "## `{rule_name}`\n", rule_name = lint.name());
@@ -119,7 +114,7 @@ fn generate_markdown() -> String {
        let _ = writeln!(
            &mut output,
            r#"<small>
-Default level: <a href="../rules.md#rule-levels" title="This lint has a default level of '{level}'."><code>{level}</code></a> ·
+Default level: <a href="../../rules#rule-levels" title="This lint has a default level of '{level}'."><code>{level}</code></a> ·
 {status_text} ·
 <a href="https://github.com/astral-sh/ty/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20{encoded_name}" target="_blank">Related issues</a> ·
 <a href="https://github.com/astral-sh/ruff/blob/main/{file}#L{line}" target="_blank">View source</a>
--- a/crates/ruff_graph/Cargo.toml
+++ b/crates/ruff_graph/Cargo.toml
@@ -16,6 +16,7 @@ ruff_linter = { workspace = true }
 ruff_macros = { workspace = true }
 ruff_python_ast = { workspace = true }
 ruff_python_parser = { workspace = true }
+ty_module_resolver = { workspace = true }
 ty_python_semantic = { workspace = true }

 anyhow = { workspace = true }
--- a/crates/ruff_graph/src/collector.rs
+++ b/crates/ruff_graph/src/collector.rs
@@ -3,7 +3,7 @@ use ruff_python_ast::visitor::source_order::{
    SourceOrderVisitor, walk_expr, walk_module, walk_stmt,
 };
 use ruff_python_ast::{self as ast, Expr, Mod, Stmt};
-use ty_python_semantic::ModuleName;
+use ty_module_resolver::ModuleName;

 /// Collect all imports for a given Python file.
 #[derive(Default, Debug)]
--- a/crates/ruff_graph/src/db.rs
+++ b/crates/ruff_graph/src/db.rs
@@ -7,10 +7,11 @@ use ruff_db::files::{File, Files};
 use ruff_db::system::{OsSystem, System, SystemPathBuf};
 use ruff_db::vendored::{VendoredFileSystem, VendoredFileSystemBuilder};
 use ruff_python_ast::PythonVersion;
+use ty_module_resolver::{SearchPathSettings, SearchPaths};
 use ty_python_semantic::lint::{LintRegistry, RuleSelection};
 use ty_python_semantic::{
-    Db, Program, ProgramSettings, PythonEnvironment, PythonPlatform, PythonVersionSource,
-    PythonVersionWithSource, SearchPathSettings, SysPrefixPathOrigin, default_lint_registry,
+    AnalysisSettings, Db, Program, ProgramSettings, PythonEnvironment, PythonPlatform,
+    PythonVersionSource, PythonVersionWithSource, SysPrefixPathOrigin, default_lint_registry,
 };

 static EMPTY_VENDORED: std::sync::LazyLock<VendoredFileSystem> = std::sync::LazyLock::new(|| {
@@ -26,6 +27,7 @@ pub struct ModuleDb {
    files: Files,
    system: OsSystem,
    rule_selection: Arc<RuleSelection>,
+    analysis_settings: Arc<AnalysisSettings>,
 }

 impl ModuleDb {
@@ -85,6 +87,13 @@ impl SourceDb for ModuleDb {
    }
 }

+#[salsa::db]
+impl ty_module_resolver::Db for ModuleDb {
+    fn search_paths(&self) -> &SearchPaths {
+        Program::get(self).search_paths(self)
+    }
+}
+
 #[salsa::db]
 impl Db for ModuleDb {
    fn should_check_file(&self, file: File) -> bool {
@@ -102,6 +111,10 @@ impl Db for ModuleDb {
    fn verbose(&self) -> bool {
        false
    }
+
+    fn analysis_settings(&self) -> &AnalysisSettings {
+        &self.analysis_settings
+    }
 }

 #[salsa::db]
--- a/crates/ruff_graph/src/resolver.rs
+++ b/crates/ruff_graph/src/resolver.rs
@@ -1,6 +1,6 @@
 use ruff_db::files::{File, FilePath, system_path_to_file};
 use ruff_db::system::SystemPath;
-use ty_python_semantic::{
+use ty_module_resolver::{
    ModuleName, resolve_module, resolve_module_confident, resolve_real_module,
    resolve_real_module_confident,
 };
--- a/crates/ruff_linter/Cargo.toml
+++ b/crates/ruff_linter/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "ruff_linter"
-version = "0.14.9"
+version = "0.14.10"
 publish = false
 authors = { workspace = true }
 edition = { workspace = true }
--- a/crates/ruff_linter/resources/test/fixtures/flake8_implicit_str_concat/ISC004.py
+++ b/crates/ruff_linter/resources/test/fixtures/flake8_implicit_str_concat/ISC004.py
@@ -0,0 +1,66 @@
+facts = (
+    "Lobsters have blue blood.",
+    "The liver is the only human organ that can fully regenerate itself.",
+    "Clarinets are made almost entirely out of wood from the mpingo tree."
+    "In 1971, astronaut Alan Shepard played golf on the moon.",
+)
+
+facts = [
+    "Lobsters have blue blood.",
+    "The liver is the only human organ that can fully regenerate itself.",
+    "Clarinets are made almost entirely out of wood from the mpingo tree."
+    "In 1971, astronaut Alan Shepard played golf on the moon.",
+]
+
+facts = {
+    "Lobsters have blue blood.",
+    "The liver is the only human organ that can fully regenerate itself.",
+    "Clarinets are made almost entirely out of wood from the mpingo tree."
+    "In 1971, astronaut Alan Shepard played golf on the moon.",
+}
+
+facts = {
+    (
+        "Clarinets are made almost entirely out of wood from the mpingo tree."
+        "In 1971, astronaut Alan Shepard played golf on the moon."
+    ),
+}
+
+facts = (
+    "Octopuses have three hearts."
+    # Missing comma here.
+    "Honey never spoils.",
+)
+
+facts = [
+    "Octopuses have three hearts."
+    # Missing comma here.
+    "Honey never spoils.",
+]
+
+facts = {
+    "Octopuses have three hearts."
+    # Missing comma here.
+    "Honey never spoils.",
+}
+
+facts = (
+    (
+        "Clarinets are made almost entirely out of wood from the mpingo tree."
+        "In 1971, astronaut Alan Shepard played golf on the moon."
+    ),
+)
+
+facts = [
+    (
+        "Clarinets are made almost entirely out of wood from the mpingo tree."
+        "In 1971, astronaut Alan Shepard played golf on the moon."
+    ),
+]
+
+facts = (
+    "Lobsters have blue blood.\n"
+    "The liver is the only human organ that can fully regenerate itself.\n"
+    "Clarinets are made almost entirely out of wood from the mpingo tree.\n"
+    "In 1971, astronaut Alan Shepard played golf on the moon.\n"
+)
--- a/crates/ruff_linter/resources/test/fixtures/flake8_pytest_style/PT010.py
+++ b/crates/ruff_linter/resources/test/fixtures/flake8_pytest_style/PT010.py
@@ -9,3 +9,15 @@ def test_ok():
 def test_error():
    with pytest.raises(UnicodeError):
        pass
+
+def test_match_only():
+    with pytest.raises(match="some error message"):
+        pass
+
+def test_check_only():
+    with pytest.raises(check=lambda e: True):
+        pass
+
+def test_match_and_check():
+    with pytest.raises(match="some error message", check=lambda e: True):
+        pass
--- a/crates/ruff_linter/resources/test/fixtures/flake8_use_pathlib/full_name.py
+++ b/crates/ruff_linter/resources/test/fixtures/flake8_use_pathlib/full_name.py
@@ -136,4 +136,38 @@ os.chmod("pth1_file", 0o700, None, True, 1, *[1], **{"x": 1}, foo=1)
 os.rename("pth1_file", "pth1_file1", None, None, 1, *[1], **{"x": 1}, foo=1)
 os.replace("pth1_file1", "pth1_file", None, None, 1, *[1], **{"x": 1}, foo=1)

-os.path.samefile("pth1_file", "pth1_link", 1, *[1], **{"x": 1}, foo=1)
+os.path.samefile("pth1_file", "pth1_link", 1, *[1], **{"x": 1}, foo=1)
+
+# See: https://github.com/astral-sh/ruff/issues/21794
+import sys
+
+if os.rename("pth1.py", "pth1.py.bak"):
+    print("rename: truthy")
+else:
+    print("rename: falsey")
+
+if os.replace("pth1.py.bak", "pth1.py"):
+    print("replace: truthy")
+else:
+    print("replace: falsey")
+
+try:
+    for _ in os.getcwd():
+        print("getcwd: iterable")
+        break
+except TypeError as e:
+    print("getcwd: not iterable")
+
+try:
+    for _ in os.getcwdb():
+        print("getcwdb: iterable")
+        break
+except TypeError as e:
+    print("getcwdb: not iterable")
+
+try:
+    for _ in os.readlink(sys.executable):
+        print("readlink: iterable")
+        break
+except TypeError as e:
+    print("readlink: not iterable")
--- a/crates/ruff_linter/resources/test/fixtures/refurb/FURB101_0.py
+++ b/crates/ruff_linter/resources/test/fixtures/refurb/FURB101_0.py
@@ -138,5 +138,6 @@ with open("file.txt", encoding="utf-8") as f:
 with open("file.txt", encoding="utf-8") as f:
    contents = process_contents(f.read())

-with open("file.txt", encoding="utf-8") as f:
+with open("file1.txt", encoding="utf-8") as f:
    contents: str = process_contents(f.read())
+
--- a/crates/ruff_linter/resources/test/fixtures/refurb/FURB101_1.py
+++ b/crates/ruff_linter/resources/test/fixtures/refurb/FURB101_1.py
@@ -0,0 +1,8 @@
+
+from pathlib import Path
+
+with Path("file.txt").open() as f:
+    contents = f.read()
+
+with Path("file.txt").open("r") as f:
+    contents = f.read()
--- a/crates/ruff_linter/resources/test/fixtures/refurb/FURB103_0.py
+++ b/crates/ruff_linter/resources/test/fixtures/refurb/FURB103_0.py
--- a/crates/ruff_linter/resources/test/fixtures/refurb/FURB103_1.py
+++ b/crates/ruff_linter/resources/test/fixtures/refurb/FURB103_1.py
@@ -0,0 +1,26 @@
+from pathlib import Path
+
+with Path("file.txt").open("w") as f:
+    f.write("test")
+
+with Path("file.txt").open("wb") as f:
+    f.write(b"test")
+
+with Path("file.txt").open(mode="w") as f:
+    f.write("test")
+
+with Path("file.txt").open("w", encoding="utf8") as f:
+    f.write("test")
+
+with Path("file.txt").open("w", errors="ignore") as f:
+    f.write("test")
+
+with Path(foo()).open("w") as f:
+    f.write("test")
+
+p = Path("file.txt")
+with p.open("w") as f:
+    f.write("test")
+
+with Path("foo", "bar", "baz").open("w") as f:
+    f.write("test")
--- a/crates/ruff_linter/resources/test/fixtures/ruff/suppressions.py
+++ b/crates/ruff_linter/resources/test/fixtures/ruff/suppressions.py
@@ -86,3 +86,26 @@ def f():
    # Multiple codes but none are used
    # ruff: disable[E741, F401, F841]
    print("hello")
+
+
+def f():
+    # Unknown rule codes
+    # ruff: disable[YF829]
+    # ruff: disable[F841, RQW320]
+    value = 0
+    # ruff: enable[F841, RQW320]
+    # ruff: enable[YF829]
+
+
+def f():
+    # External rule codes should be ignored
+    # ruff: disable[TK421]
+    print("hello")
+    # ruff: enable[TK421]
+
+
+def f():
+    # Empty or missing rule codes
+    # ruff: disable
+    # ruff: disable[]
+    print("hello")
--- a/crates/ruff_linter/src/checkers/ast/analyze/expression.rs
+++ b/crates/ruff_linter/src/checkers/ast/analyze/expression.rs
@@ -214,6 +214,13 @@ pub(crate) fn expression(expr: &Expr, checker: &Checker) {
            range: _,
            node_index: _,
        }) => {
+            if checker.is_rule_enabled(Rule::ImplicitStringConcatenationInCollectionLiteral) {
+                flake8_implicit_str_concat::rules::implicit_string_concatenation_in_collection_literal(
+                    checker,
+                    expr,
+                    elts,
+                );
+            }
            if ctx.is_store() {
                let check_too_many_expressions =
                    checker.is_rule_enabled(Rule::ExpressionsInStarAssignment);
@@ -1329,6 +1336,13 @@ pub(crate) fn expression(expr: &Expr, checker: &Checker) {
            }
        }
        Expr::Set(set) => {
+            if checker.is_rule_enabled(Rule::ImplicitStringConcatenationInCollectionLiteral) {
+                flake8_implicit_str_concat::rules::implicit_string_concatenation_in_collection_literal(
+                    checker,
+                    expr,
+                    &set.elts,
+                );
+            }
            if checker.is_rule_enabled(Rule::DuplicateValue) {
                flake8_bugbear::rules::duplicate_value(checker, set);
            }
--- a/crates/ruff_linter/src/codes.rs
+++ b/crates/ruff_linter/src/codes.rs
@@ -454,6 +454,7 @@ pub fn code_to_rule(linter: Linter, code: &str) -> Option<(RuleGroup, Rule)> {
        (Flake8ImplicitStrConcat, "001") => rules::flake8_implicit_str_concat::rules::SingleLineImplicitStringConcatenation,
        (Flake8ImplicitStrConcat, "002") => rules::flake8_implicit_str_concat::rules::MultiLineImplicitStringConcatenation,
        (Flake8ImplicitStrConcat, "003") => rules::flake8_implicit_str_concat::rules::ExplicitStringConcatenation,
+        (Flake8ImplicitStrConcat, "004") => rules::flake8_implicit_str_concat::rules::ImplicitStringConcatenationInCollectionLiteral,

        // flake8-print
        (Flake8Print, "1") => rules::flake8_print::rules::Print,
@@ -1063,6 +1064,8 @@ pub fn code_to_rule(linter: Linter, code: &str) -> Option<(RuleGroup, Rule)> {
        (Ruff, "100") => rules::ruff::rules::UnusedNOQA,
        (Ruff, "101") => rules::ruff::rules::RedirectedNOQA,
        (Ruff, "102") => rules::ruff::rules::InvalidRuleCode,
+        (Ruff, "103") => rules::ruff::rules::InvalidSuppressionComment,
+        (Ruff, "104") => rules::ruff::rules::UnmatchedSuppressionComment,

        (Ruff, "200") => rules::ruff::rules::InvalidPyprojectToml,
        #[cfg(any(feature = "test-rules", test))]
--- a/crates/ruff_linter/src/message/grouped.rs
+++ b/crates/ruff_linter/src/message/grouped.rs
@@ -197,7 +197,7 @@ impl Display for RuleCodeAndBody<'_> {
                        f,
                        "{fix}{body}",
                        fix = format_args!("[{}] ", "*".cyan()),
-                        body = self.message.body(),
+                        body = self.message.concise_message(),
                    );
                }
            }
@@ -208,14 +208,14 @@ impl Display for RuleCodeAndBody<'_> {
                f,
                "{code} {body}",
                code = code.red().bold(),
-                body = self.message.body(),
+                body = self.message.concise_message(),
            )
        } else {
            write!(
                f,
                "{code}: {body}",
                code = self.message.id().as_str().red().bold(),
-                body = self.message.body(),
+                body = self.message.concise_message(),
            )
        }
    }
--- a/crates/ruff_linter/src/message/sarif.rs
+++ b/crates/ruff_linter/src/message/sarif.rs
@@ -18,7 +18,7 @@ use crate::registry::{Linter, RuleNamespace};
 /// An emitter for producing SARIF 2.1.0-compliant JSON output.
 ///
 /// Static Analysis Results Interchange Format (SARIF) is a standard format
-/// for static analysis results. For full specfification, see:
+/// for static analysis results. For full specification, see:
 /// [SARIF 2.1.0](https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html)
 pub struct SarifEmitter;

@@ -334,7 +334,7 @@ impl<'a> SarifResult<'a> {
            rule_id: RuleCode::from(diagnostic),
            level: "error".to_string(),
            message: SarifMessage {
-                text: diagnostic.body().to_string(),
+                text: diagnostic.concise_message().to_string(),
            },
            fixes: Self::fix(diagnostic, &uri).into_iter().collect(),
            locations: vec![SarifLocation {
--- a/crates/ruff_linter/src/rules/airflow/helpers.rs
+++ b/crates/ruff_linter/src/rules/airflow/helpers.rs
@@ -188,7 +188,7 @@ pub(crate) fn match_head(value: &Expr) -> Option<&ExprName> {

 /// Return the [`Fix`] that imports the new name and updates where the import is referenced.
 /// This is used for cases that member name has changed.
-/// (e.g., `airflow.datasts.Dataset` to `airflow.sdk.Asset`)
+/// (e.g., `airflow.datasets.Dataset` to `airflow.sdk.Asset`)
 pub(crate) fn generate_import_edit(
    expr: &Expr,
    checker: &Checker,
--- a/crates/ruff_linter/src/rules/eradicate/detection.rs
+++ b/crates/ruff_linter/src/rules/eradicate/detection.rs
@@ -22,6 +22,7 @@ static ALLOWLIST_REGEX: LazyLock<Regex> = LazyLock::new(|| {
            # Case-sensitive
            pyright
        |   pyrefly
+        |   ruff\s*:\s*(disable|enable)
        |   mypy:
        |   type:\s*ignore
        |   SPDX-License-Identifier:
@@ -148,6 +149,8 @@ mod tests {
        assert!(!comment_contains_code("# 123", &[]));
        assert!(!comment_contains_code("# 123.1", &[]));
        assert!(!comment_contains_code("# 1, 2, 3", &[]));
+        assert!(!comment_contains_code("# ruff: disable[E501]", &[]));
+        assert!(!comment_contains_code("#ruff:enable[E501, F84]", &[]));
        assert!(!comment_contains_code(
            "# pylint: disable=redefined-outer-name",
            &[]
--- a/crates/ruff_linter/src/rules/flake8_annotations/rules/definition.rs
+++ b/crates/ruff_linter/src/rules/flake8_annotations/rules/definition.rs
@@ -351,6 +351,10 @@ impl Violation for MissingReturnTypePrivateFunction {
 ///     def __init__(self, x: int) -> None:
 ///         self.x = x
 /// ```
+///
+/// ## Options
+///
+/// - `lint.flake8-annotations.mypy-init-return`
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.105")]
 pub(crate) struct MissingReturnTypeSpecialMethod {
@@ -399,6 +403,10 @@ impl Violation for MissingReturnTypeSpecialMethod {
 ///     def bar() -> int:
 ///         return 1
 /// ```
+///
+/// ## Options
+///
+/// - `lint.flake8-annotations.suppress-none-returning`
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.105")]
 pub(crate) struct MissingReturnTypeStaticMethod {
@@ -447,6 +455,10 @@ impl Violation for MissingReturnTypeStaticMethod {
 ///     def bar(cls) -> int:
 ///         return 1
 /// ```
+///
+/// ## Options
+///
+/// - `lint.flake8-annotations.suppress-none-returning`
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.105")]
 pub(crate) struct MissingReturnTypeClassMethod {
--- a/crates/ruff_linter/src/rules/flake8_async/rules/blocking_open_call.rs
+++ b/crates/ruff_linter/src/rules/flake8_async/rules/blocking_open_call.rs
@@ -70,7 +70,7 @@ fn is_open_call(func: &Expr, semantic: &SemanticModel) -> bool {
 }

 /// Returns `true` if an expression resolves to a call to `pathlib.Path.open`.
-fn is_open_call_from_pathlib(func: &Expr, semantic: &SemanticModel) -> bool {
+pub(crate) fn is_open_call_from_pathlib(func: &Expr, semantic: &SemanticModel) -> bool {
    let Expr::Attribute(ast::ExprAttribute { attr, value, .. }) = func else {
        return false;
    };
--- a/crates/ruff_linter/src/rules/flake8_async/rules/mod.rs
+++ b/crates/ruff_linter/src/rules/flake8_async/rules/mod.rs
@@ -18,7 +18,7 @@ mod async_zero_sleep;
 mod blocking_http_call;
 mod blocking_http_call_httpx;
 mod blocking_input;
-mod blocking_open_call;
+pub(crate) mod blocking_open_call;
 mod blocking_path_methods;
 mod blocking_process_invocation;
 mod blocking_sleep;
--- a/crates/ruff_linter/src/rules/flake8_bandit/rules/unsafe_markup_use.rs
+++ b/crates/ruff_linter/src/rules/flake8_bandit/rules/unsafe_markup_use.rs
@@ -12,7 +12,7 @@ use crate::{checkers::ast::Checker, settings::LinterSettings};
 /// Checks for non-literal strings being passed to [`markupsafe.Markup`][markupsafe-markup].
 ///
 /// ## Why is this bad?
-/// [`markupsafe.Markup`] does not perform any escaping, so passing dynamic
+/// [`markupsafe.Markup`][markupsafe-markup] does not perform any escaping, so passing dynamic
 /// content, like f-strings, variables or interpolated strings will potentially
 /// lead to XSS vulnerabilities.
 ///
--- a/crates/ruff_linter/src/rules/flake8_blind_except/rules/blind_except.rs
+++ b/crates/ruff_linter/src/rules/flake8_blind_except/rules/blind_except.rs
@@ -58,6 +58,10 @@ use crate::checkers::ast::Checker;
 ///     logging.exception("Something went wrong")
 /// ```
 ///
+/// ## Options
+///
+/// - `lint.logger-objects`
+///
 /// ## References
 /// - [Python documentation: The `try` statement](https://docs.python.org/3/reference/compound_stmts.html#the-try-statement)
 /// - [Python documentation: Exception hierarchy](https://docs.python.org/3/library/exceptions.html#exception-hierarchy)
--- a/crates/ruff_linter/src/rules/flake8_bugbear/rules/cached_instance_method.rs
+++ b/crates/ruff_linter/src/rules/flake8_bugbear/rules/cached_instance_method.rs
@@ -58,6 +58,14 @@ use crate::checkers::ast::Checker;
 ///         return square(self.value)
 /// ```
 ///
+/// ## Options
+///
+/// This rule only applies to regular methods, not static or class methods. You can customize how
+/// Ruff categorizes methods with the following options:
+///
+/// - `lint.pep8-naming.classmethod-decorators`
+/// - `lint.pep8-naming.staticmethod-decorators`
+///
 /// ## References
 /// - [Python documentation: `functools.lru_cache`](https://docs.python.org/3/library/functools.html#functools.lru_cache)
 /// - [Python documentation: `functools.cache`](https://docs.python.org/3/library/functools.html#functools.cache)
--- a/crates/ruff_linter/src/rules/flake8_bugbear/rules/unused_loop_control_variable.rs
+++ b/crates/ruff_linter/src/rules/flake8_bugbear/rules/unused_loop_control_variable.rs
@@ -32,6 +32,10 @@ use crate::{Edit, Fix, FixAvailability, Violation};
 ///     bar(i)
 /// ```
 ///
+/// ## Options
+///
+/// - `lint.dummy-variable-rgx`
+///
 /// ## References
 /// - [PEP 8: Naming Conventions](https://peps.python.org/pep-0008/#naming-conventions)
 #[derive(ViolationMetadata)]
--- a/crates/ruff_linter/src/rules/flake8_errmsg/rules/string_in_exception.rs
+++ b/crates/ruff_linter/src/rules/flake8_errmsg/rules/string_in_exception.rs
@@ -47,6 +47,10 @@ use crate::{Edit, Fix, FixAvailability, Violation};
 ///     raise RuntimeError(msg)
 /// RuntimeError: 'Some value' is incorrect
 /// ```
+///
+/// ## Options
+///
+/// - `lint.flake8-errmsg.max-string-length`
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.183")]
 pub(crate) struct RawStringInException;
--- a/crates/ruff_linter/src/rules/flake8_implicit_str_concat/mod.rs
+++ b/crates/ruff_linter/src/rules/flake8_implicit_str_concat/mod.rs
@@ -32,6 +32,10 @@ mod tests {
        Path::new("ISC_syntax_error_2.py")
    )]
    #[test_case(Rule::ExplicitStringConcatenation, Path::new("ISC.py"))]
+    #[test_case(
+        Rule::ImplicitStringConcatenationInCollectionLiteral,
+        Path::new("ISC004.py")
+    )]
    fn rules(rule_code: Rule, path: &Path) -> Result<()> {
        let snapshot = format!("{}_{}", rule_code.noqa_code(), path.to_string_lossy());
        let diagnostics = test_path(
--- a/crates/ruff_linter/src/rules/flake8_implicit_str_concat/rules/collection_literal.rs
+++ b/crates/ruff_linter/src/rules/flake8_implicit_str_concat/rules/collection_literal.rs
@@ -0,0 +1,103 @@
+use ruff_macros::{ViolationMetadata, derive_message_formats};
+use ruff_python_ast::token::parenthesized_range;
+use ruff_python_ast::{Expr, StringLike};
+use ruff_text_size::Ranged;
+
+use crate::checkers::ast::Checker;
+use crate::{Edit, Fix, FixAvailability, Violation};
+
+/// ## What it does
+/// Checks for implicitly concatenated strings inside list, tuple, and set literals.
+///
+/// ## Why is this bad?
+/// In collection literals, implicit string concatenation is often the result of
+/// a missing comma between elements, which can silently merge items together.
+///
+/// ## Example
+/// ```python
+/// facts = (
+///     "Lobsters have blue blood.",
+///     "The liver is the only human organ that can fully regenerate itself.",
+///     "Clarinets are made almost entirely out of wood from the mpingo tree."
+///     "In 1971, astronaut Alan Shepard played golf on the moon.",
+/// )
+/// ```
+///
+/// Instead, you likely intended:
+/// ```python
+/// facts = (
+///     "Lobsters have blue blood.",
+///     "The liver is the only human organ that can fully regenerate itself.",
+///     "Clarinets are made almost entirely out of wood from the mpingo tree.",
+///     "In 1971, astronaut Alan Shepard played golf on the moon.",
+/// )
+/// ```
+///
+/// If the concatenation is intentional, wrap it in parentheses to make it
+/// explicit:
+/// ```python
+/// facts = (
+///     "Lobsters have blue blood.",
+///     "The liver is the only human organ that can fully regenerate itself.",
+///     (
+///         "Clarinets are made almost entirely out of wood from the mpingo tree."
+///         "In 1971, astronaut Alan Shepard played golf on the moon."
+///     ),
+/// )
+/// ```
+///
+/// ## Fix safety
+/// The fix is safe in that it does not change the semantics of your code.
+/// However, the issue is that you may often want to change semantics
+/// by adding a missing comma.
+#[derive(ViolationMetadata)]
+#[violation_metadata(preview_since = "0.14.10")]
+pub(crate) struct ImplicitStringConcatenationInCollectionLiteral;
+
+impl Violation for ImplicitStringConcatenationInCollectionLiteral {
+    const FIX_AVAILABILITY: FixAvailability = FixAvailability::Always;
+
+    #[derive_message_formats]
+    fn message(&self) -> String {
+        "Unparenthesized implicit string concatenation in collection".to_string()
+    }
+
+    fn fix_title(&self) -> Option<String> {
+        Some("Wrap implicitly concatenated strings in parentheses".to_string())
+    }
+}
+
+/// ISC004
+pub(crate) fn implicit_string_concatenation_in_collection_literal(
+    checker: &Checker,
+    expr: &Expr,
+    elements: &[Expr],
+) {
+    for element in elements {
+        let Ok(string_like) = StringLike::try_from(element) else {
+            continue;
+        };
+        if !string_like.is_implicit_concatenated() {
+            continue;
+        }
+        if parenthesized_range(
+            string_like.as_expression_ref(),
+            expr.into(),
+            checker.tokens(),
+        )
+        .is_some()
+        {
+            continue;
+        }
+
+        let mut diagnostic = checker.report_diagnostic(
+            ImplicitStringConcatenationInCollectionLiteral,
+            string_like.range(),
+        );
+        diagnostic.help("Did you forget a comma?");
+        diagnostic.set_fix(Fix::unsafe_edits(
+            Edit::insertion("(".to_string(), string_like.range().start()),
+            [Edit::insertion(")".to_string(), string_like.range().end())],
+        ));
+    }
+}
--- a/crates/ruff_linter/src/rules/flake8_implicit_str_concat/rules/mod.rs
+++ b/crates/ruff_linter/src/rules/flake8_implicit_str_concat/rules/mod.rs
@@ -1,5 +1,7 @@
+pub(crate) use collection_literal::*;
 pub(crate) use explicit::*;
 pub(crate) use implicit::*;

+mod collection_literal;
 mod explicit;
 mod implicit;
--- a/crates/ruff_linter/src/rules/flake8_implicit_str_concat/snapshots/ruff_linterrulesflake8_implicit_str_concattestsISC004_ISC004.py.snap
+++ b/crates/ruff_linter/src/rules/flake8_implicit_str_concat/snapshots/ruff_linterrulesflake8_implicit_str_concattestsISC004_ISC004.py.snap
@@ -0,0 +1,149 @@
+---
+source: crates/ruff_linter/src/rules/flake8_implicit_str_concat/mod.rs
+---
+ISC004 [*] Unparenthesized implicit string concatenation in collection
+ --> ISC004.py:4:5
+  |
+2 |       "Lobsters have blue blood.",
+3 |       "The liver is the only human organ that can fully regenerate itself.",
+4 | /     "Clarinets are made almost entirely out of wood from the mpingo tree."
+5 | |     "In 1971, astronaut Alan Shepard played golf on the moon.",
+  | |______________________________________________________________^
+6 |   )
+  |
+help: Wrap implicitly concatenated strings in parentheses
+help: Did you forget a comma?
+1 | facts = (
+2 |     "Lobsters have blue blood.",
+3 |     "The liver is the only human organ that can fully regenerate itself.",
+  -     "Clarinets are made almost entirely out of wood from the mpingo tree."
+  -     "In 1971, astronaut Alan Shepard played golf on the moon.",
+4 +     ("Clarinets are made almost entirely out of wood from the mpingo tree."
+5 +     "In 1971, astronaut Alan Shepard played golf on the moon."),
+6 | )
+7 | 
+8 | facts = [
+note: This is an unsafe fix and may change runtime behavior
+
+ISC004 [*] Unparenthesized implicit string concatenation in collection
+  --> ISC004.py:11:5
+   |
+ 9 |       "Lobsters have blue blood.",
+10 |       "The liver is the only human organ that can fully regenerate itself.",
+11 | /     "Clarinets are made almost entirely out of wood from the mpingo tree."
+12 | |     "In 1971, astronaut Alan Shepard played golf on the moon.",
+   | |______________________________________________________________^
+13 |   ]
+   |
+help: Wrap implicitly concatenated strings in parentheses
+help: Did you forget a comma?
+8  | facts = [
+9  |     "Lobsters have blue blood.",
+10 |     "The liver is the only human organ that can fully regenerate itself.",
+   -     "Clarinets are made almost entirely out of wood from the mpingo tree."
+   -     "In 1971, astronaut Alan Shepard played golf on the moon.",
+11 +     ("Clarinets are made almost entirely out of wood from the mpingo tree."
+12 +     "In 1971, astronaut Alan Shepard played golf on the moon."),
+13 | ]
+14 | 
+15 | facts = {
+note: This is an unsafe fix and may change runtime behavior
+
+ISC004 [*] Unparenthesized implicit string concatenation in collection
+  --> ISC004.py:18:5
+   |
+16 |       "Lobsters have blue blood.",
+17 |       "The liver is the only human organ that can fully regenerate itself.",
+18 | /     "Clarinets are made almost entirely out of wood from the mpingo tree."
+19 | |     "In 1971, astronaut Alan Shepard played golf on the moon.",
+   | |______________________________________________________________^
+20 |   }
+   |
+help: Wrap implicitly concatenated strings in parentheses
+help: Did you forget a comma?
+15 | facts = {
+16 |     "Lobsters have blue blood.",
+17 |     "The liver is the only human organ that can fully regenerate itself.",
+   -     "Clarinets are made almost entirely out of wood from the mpingo tree."
+   -     "In 1971, astronaut Alan Shepard played golf on the moon.",
+18 +     ("Clarinets are made almost entirely out of wood from the mpingo tree."
+19 +     "In 1971, astronaut Alan Shepard played golf on the moon."),
+20 | }
+21 | 
+22 | facts = {
+note: This is an unsafe fix and may change runtime behavior
+
+ISC004 [*] Unparenthesized implicit string concatenation in collection
+  --> ISC004.py:30:5
+   |
+29 |   facts = (
+30 | /     "Octopuses have three hearts."
+31 | |     # Missing comma here.
+32 | |     "Honey never spoils.",
+   | |_________________________^
+33 |   )
+   |
+help: Wrap implicitly concatenated strings in parentheses
+help: Did you forget a comma?
+27 | }
+28 | 
+29 | facts = (
+   -     "Octopuses have three hearts."
+30 +     ("Octopuses have three hearts."
+31 |     # Missing comma here.
+   -     "Honey never spoils.",
+32 +     "Honey never spoils."),
+33 | )
+34 | 
+35 | facts = [
+note: This is an unsafe fix and may change runtime behavior
+
+ISC004 [*] Unparenthesized implicit string concatenation in collection
+  --> ISC004.py:36:5
+   |
+35 |   facts = [
+36 | /     "Octopuses have three hearts."
+37 | |     # Missing comma here.
+38 | |     "Honey never spoils.",
+   | |_________________________^
+39 |   ]
+   |
+help: Wrap implicitly concatenated strings in parentheses
+help: Did you forget a comma?
+33 | )
+34 | 
+35 | facts = [
+   -     "Octopuses have three hearts."
+36 +     ("Octopuses have three hearts."
+37 |     # Missing comma here.
+   -     "Honey never spoils.",
+38 +     "Honey never spoils."),
+39 | ]
+40 | 
+41 | facts = {
+note: This is an unsafe fix and may change runtime behavior
+
+ISC004 [*] Unparenthesized implicit string concatenation in collection
+  --> ISC004.py:42:5
+   |
+41 |   facts = {
+42 | /     "Octopuses have three hearts."
+43 | |     # Missing comma here.
+44 | |     "Honey never spoils.",
+   | |_________________________^
+45 |   }
+   |
+help: Wrap implicitly concatenated strings in parentheses
+help: Did you forget a comma?
+39 | ]
+40 | 
+41 | facts = {
+   -     "Octopuses have three hearts."
+42 +     ("Octopuses have three hearts."
+43 |     # Missing comma here.
+   -     "Honey never spoils.",
+44 +     "Honey never spoils."),
+45 | }
+46 | 
+47 | facts = (
+note: This is an unsafe fix and may change runtime behavior
--- a/crates/ruff_linter/src/rules/flake8_logging/rules/exc_info_outside_except_handler.rs
+++ b/crates/ruff_linter/src/rules/flake8_logging/rules/exc_info_outside_except_handler.rs
@@ -43,6 +43,10 @@ use crate::{Fix, FixAvailability, Violation};
 ///
 /// ## Fix safety
 /// The fix is always marked as unsafe, as it changes runtime behavior.
+///
+/// ## Options
+///
+/// - `lint.logger-objects`
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "0.12.0")]
 pub(crate) struct ExcInfoOutsideExceptHandler;
--- a/crates/ruff_linter/src/rules/flake8_logging/rules/exception_without_exc_info.rs
+++ b/crates/ruff_linter/src/rules/flake8_logging/rules/exception_without_exc_info.rs
@@ -30,6 +30,10 @@ use crate::checkers::ast::Checker;
 /// ```python
 /// logging.error("...")
 /// ```
+///
+/// ## Options
+///
+/// - `lint.logger-objects`
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.2.0")]
 pub(crate) struct ExceptionWithoutExcInfo;
--- a/crates/ruff_linter/src/rules/flake8_logging/rules/log_exception_outside_except_handler.rs
+++ b/crates/ruff_linter/src/rules/flake8_logging/rules/log_exception_outside_except_handler.rs
@@ -42,6 +42,10 @@ use crate::{Edit, Fix, FixAvailability, Violation};
 /// ## Fix safety
 /// The fix, if available, will always be marked as unsafe, as it changes runtime behavior.
 ///
+/// ## Options
+///
+/// - `lint.logger-objects`
+///
 /// [The documentation]: https://docs.python.org/3/library/logging.html#logging.exception
 #[derive(ViolationMetadata)]
 #[violation_metadata(preview_since = "0.9.5")]
--- a/crates/ruff_linter/src/rules/flake8_print/rules/print_call.rs
+++ b/crates/ruff_linter/src/rules/flake8_print/rules/print_call.rs
@@ -37,10 +37,11 @@ use crate::{Fix, FixAvailability, Violation};
 /// import logging
 ///
 /// logging.basicConfig(level=logging.INFO)
+/// logger = logging.getLogger(__name__)
 ///
 ///
 /// def sum_less_than_four(a, b):
-///     logging.debug("Calling sum_less_than_four")
+///     logger.debug("Calling sum_less_than_four")
 ///     return a + b < 4
 /// ```
 ///
--- a/crates/ruff_linter/src/rules/flake8_pytest_style/rules/raises.rs
+++ b/crates/ruff_linter/src/rules/flake8_pytest_style/rules/raises.rs
@@ -125,6 +125,9 @@ impl Violation for PytestRaisesTooBroad {
 /// ## Why is this bad?
 /// `pytest.raises` expects to receive an expected exception as its first
 /// argument. If omitted, the `pytest.raises` call will fail at runtime.
+/// The rule will also accept calls without an expected exception but with
+/// `match` and/or `check` keyword arguments, which are also valid after
+/// pytest version 8.4.0.
 ///
 /// ## Example
 /// ```python
@@ -181,6 +184,8 @@ pub(crate) fn raises_call(checker: &Checker, call: &ast::ExprCall) {
                .arguments
                .find_argument("expected_exception", 0)
                .is_none()
+                && call.arguments.find_keyword("match").is_none()
+                && call.arguments.find_keyword("check").is_none()
            {
                checker.report_diagnostic(PytestRaisesWithoutException, call.func.range());
            }
--- a/crates/ruff_linter/src/rules/flake8_quotes/rules/avoidable_escaped_quote.rs
+++ b/crates/ruff_linter/src/rules/flake8_quotes/rules/avoidable_escaped_quote.rs
@@ -32,6 +32,10 @@ use crate::{AlwaysFixableViolation, Edit, Fix};
 /// formatter automatically removes unnecessary escapes, making the rule
 /// redundant.
 ///
+/// ## Options
+///
+/// - `lint.flake8-quotes.inline-quotes`
+///
 /// [formatter]: https://docs.astral.sh/ruff/formatter
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.88")]
--- a/crates/ruff_linter/src/rules/flake8_return/rules/function.rs
+++ b/crates/ruff_linter/src/rules/flake8_return/rules/function.rs
@@ -55,6 +55,12 @@ use crate::rules::flake8_return::visitor::{ReturnVisitor, Stack};
 /// ## Fix safety
 /// This rule's fix is marked as unsafe for cases in which comments would be
 /// dropped from the `return` statement.
+///
+/// ## Options
+///
+/// This rule ignores functions marked as properties.
+///
+/// - `lint.pydocstyle.property-decorators`
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.154")]
 pub(crate) struct UnnecessaryReturnNone;
--- a/crates/ruff_linter/src/rules/flake8_simplify/rules/ast_with.rs
+++ b/crates/ruff_linter/src/rules/flake8_simplify/rules/ast_with.rs
@@ -44,6 +44,15 @@ use crate::{FixAvailability, Violation};
 ///     pass
 /// ```
 ///
+/// ## Options
+///
+/// The rule will consult these two settings when deciding if a fix can be provided:
+///
+/// - `lint.pycodestyle.max-line-length`
+/// - `indent-width`
+///
+/// Lines that would exceed the configured line length will not be fixed automatically.
+///
 /// ## References
 /// - [Python documentation: The `with` statement](https://docs.python.org/3/reference/compound_stmts.html#the-with-statement)
 #[derive(ViolationMetadata)]
--- a/crates/ruff_linter/src/rules/flake8_simplify/rules/collapsible_if.rs
+++ b/crates/ruff_linter/src/rules/flake8_simplify/rules/collapsible_if.rs
@@ -42,6 +42,15 @@ use crate::{Edit, Fix, FixAvailability, Violation};
 ///     ...
 /// ```
 ///
+/// ## Options
+///
+/// The rule will consult these two settings when deciding if a fix can be provided:
+///
+/// - `lint.pycodestyle.max-line-length`
+/// - `indent-width`
+///
+/// Lines that would exceed the configured line length will not be fixed automatically.
+///
 /// ## References
 /// - [Python documentation: The `if` statement](https://docs.python.org/3/reference/compound_stmts.html#the-if-statement)
 /// - [Python documentation: Boolean operations](https://docs.python.org/3/reference/expressions.html#boolean-operations)
--- a/crates/ruff_linter/src/rules/flake8_simplify/rules/if_else_block_instead_of_dict_get.rs
+++ b/crates/ruff_linter/src/rules/flake8_simplify/rules/if_else_block_instead_of_dict_get.rs
@@ -50,6 +50,14 @@ use crate::{Edit, Fix, FixAvailability, Violation};
 /// value = foo.get("bar", 0)
 /// ```
 ///
+/// ## Options
+///
+/// The rule will avoid flagging cases where using the resulting `dict.get` call would exceed the
+/// configured line length, as determined by these options:
+///
+/// - `lint.pycodestyle.max-line-length`
+/// - `indent-width`
+///
 /// ## References
 /// - [Python documentation: Mapping Types](https://docs.python.org/3/library/stdtypes.html#mapping-types-dict)
 #[derive(ViolationMetadata)]
--- a/crates/ruff_linter/src/rules/flake8_simplify/rules/if_else_block_instead_of_if_exp.rs
+++ b/crates/ruff_linter/src/rules/flake8_simplify/rules/if_else_block_instead_of_if_exp.rs
@@ -55,6 +55,11 @@ use crate::{Edit, Fix, FixAvailability, Violation};
 /// Ternary operators can also make it harder to measure [code coverage]
 /// with tools that use line profiling.
 ///
+/// ## Options
+///
+/// - `lint.pycodestyle.max-line-length`
+/// - `indent-width`
+///
 /// ## References
 /// - [Python documentation: Conditional expressions](https://docs.python.org/3/reference/expressions.html#conditional-expressions)
 ///
--- a/crates/ruff_linter/src/rules/flake8_simplify/rules/reimplemented_builtin.rs
+++ b/crates/ruff_linter/src/rules/flake8_simplify/rules/reimplemented_builtin.rs
@@ -40,6 +40,14 @@ use crate::{Edit, Fix, FixAvailability, Violation};
 ///
 /// This fix is always marked as unsafe because it might remove comments.
 ///
+/// ## Options
+///
+/// The rule will avoid flagging cases where using the builtin function would exceed the configured
+/// line length, as determined by these options:
+///
+/// - `lint.pycodestyle.max-line-length`
+/// - `indent-width`
+///
 /// ## References
 /// - [Python documentation: `any`](https://docs.python.org/3/library/functions.html#any)
 /// - [Python documentation: `all`](https://docs.python.org/3/library/functions.html#all)
--- a/crates/ruff_linter/src/rules/flake8_use_pathlib/helpers.rs
+++ b/crates/ruff_linter/src/rules/flake8_use_pathlib/helpers.rs
@@ -210,6 +210,7 @@ pub(crate) fn is_argument_non_default(arguments: &Arguments, name: &str, positio

 /// Returns `true` if the given call is a top-level expression in its statement.
 /// This means the call's return value is not used, so return type changes don't matter.
-pub(crate) fn is_top_level_expression_call(checker: &Checker) -> bool {
+pub(crate) fn is_top_level_expression_in_statement(checker: &Checker) -> bool {
    checker.semantic().current_expression_parent().is_none()
+        && checker.semantic().current_statement().is_expr_stmt()
 }
--- a/crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_getcwd.rs
+++ b/crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_getcwd.rs
@@ -6,7 +6,7 @@ use ruff_text_size::Ranged;
 use crate::checkers::ast::Checker;
 use crate::importer::ImportRequest;
 use crate::preview::is_fix_os_getcwd_enabled;
-use crate::rules::flake8_use_pathlib::helpers::is_top_level_expression_call;
+use crate::rules::flake8_use_pathlib::helpers::is_top_level_expression_in_statement;
 use crate::{FixAvailability, Violation};

 /// ## What it does
@@ -89,7 +89,7 @@ pub(crate) fn os_getcwd(checker: &Checker, call: &ExprCall, segments: &[&str]) {

            // Unsafe when the fix would delete comments or change a used return value
            let applicability = if checker.comment_ranges().intersects(range)
-                || !is_top_level_expression_call(checker)
+                || !is_top_level_expression_in_statement(checker)
            {
                Applicability::Unsafe
            } else {
--- a/crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_readlink.rs
+++ b/crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_readlink.rs
@@ -6,7 +6,7 @@ use crate::checkers::ast::Checker;
 use crate::preview::is_fix_os_readlink_enabled;
 use crate::rules::flake8_use_pathlib::helpers::{
    check_os_pathlib_single_arg_calls, is_keyword_only_argument_non_default,
-    is_top_level_expression_call,
+    is_top_level_expression_in_statement,
 };
 use crate::{FixAvailability, Violation};

@@ -86,7 +86,7 @@ pub(crate) fn os_readlink(checker: &Checker, call: &ExprCall, segments: &[&str])
        return;
    }

-    let applicability = if !is_top_level_expression_call(checker) {
+    let applicability = if !is_top_level_expression_in_statement(checker) {
        // Unsafe because the return type changes (str/bytes -> Path)
        Applicability::Unsafe
    } else {
--- a/crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_rename.rs
+++ b/crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_rename.rs
@@ -6,7 +6,7 @@ use crate::checkers::ast::Checker;
 use crate::preview::is_fix_os_rename_enabled;
 use crate::rules::flake8_use_pathlib::helpers::{
    check_os_pathlib_two_arg_calls, has_unknown_keywords_or_starred_expr,
-    is_keyword_only_argument_non_default, is_top_level_expression_call,
+    is_keyword_only_argument_non_default, is_top_level_expression_in_statement,
 };
 use crate::{FixAvailability, Violation};

@@ -92,7 +92,7 @@ pub(crate) fn os_rename(checker: &Checker, call: &ExprCall, segments: &[&str]) {
        );

    // Unsafe when the fix would delete comments or change a used return value
-    let applicability = if !is_top_level_expression_call(checker) {
+    let applicability = if !is_top_level_expression_in_statement(checker) {
        // Unsafe because the return type changes (None -> Path)
        Applicability::Unsafe
    } else {
--- a/crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_replace.rs
+++ b/crates/ruff_linter/src/rules/flake8_use_pathlib/rules/os_replace.rs
@@ -6,7 +6,7 @@ use crate::checkers::ast::Checker;
 use crate::preview::is_fix_os_replace_enabled;
 use crate::rules::flake8_use_pathlib::helpers::{
    check_os_pathlib_two_arg_calls, has_unknown_keywords_or_starred_expr,
-    is_keyword_only_argument_non_default, is_top_level_expression_call,
+    is_keyword_only_argument_non_default, is_top_level_expression_in_statement,
 };
 use crate::{FixAvailability, Violation};

@@ -95,7 +95,7 @@ pub(crate) fn os_replace(checker: &Checker, call: &ExprCall, segments: &[&str])
        );

    // Unsafe when the fix would delete comments or change a used return value
-    let applicability = if !is_top_level_expression_call(checker) {
+    let applicability = if !is_top_level_expression_in_statement(checker) {
        // Unsafe because the return type changes (None -> Path)
        Applicability::Unsafe
    } else {
--- a/crates/ruff_linter/src/rules/flake8_use_pathlib/snapshots/ruff_linterrulesflake8_use_pathlibtestsfull_name.py.snap
+++ b/crates/ruff_linter/src/rules/flake8_use_pathlib/snapshots/ruff_linterrulesflake8_use_pathlibtestsfull_name.py.snap
@@ -567,5 +567,64 @@ PTH121 `os.path.samefile()` should be replaced by `Path.samefile()`
 138 |
 139 | os.path.samefile("pth1_file", "pth1_link", 1, *[1], **{"x": 1}, foo=1)
    | ^^^^^^^^^^^^^^^^
+140 |
+141 | # See: https://github.com/astral-sh/ruff/issues/21794
    |
 help: Replace with `Path(...).samefile()`
+
+PTH104 `os.rename()` should be replaced by `Path.rename()`
+   --> full_name.py:144:4
+    |
+142 | import sys
+143 |
+144 | if os.rename("pth1.py", "pth1.py.bak"):
+    |    ^^^^^^^^^
+145 |     print("rename: truthy")
+146 | else:
+    |
+help: Replace with `Path(...).rename(...)`
+
+PTH105 `os.replace()` should be replaced by `Path.replace()`
+   --> full_name.py:149:4
+    |
+147 |     print("rename: falsey")
+148 |
+149 | if os.replace("pth1.py.bak", "pth1.py"):
+    |    ^^^^^^^^^^
+150 |     print("replace: truthy")
+151 | else:
+    |
+help: Replace with `Path(...).replace(...)`
+
+PTH109 `os.getcwd()` should be replaced by `Path.cwd()`
+   --> full_name.py:155:14
+    |
+154 | try:
+155 |     for _ in os.getcwd():
+    |              ^^^^^^^^^
+156 |         print("getcwd: iterable")
+157 |         break
+    |
+help: Replace with `Path.cwd()`
+
+PTH109 `os.getcwd()` should be replaced by `Path.cwd()`
+   --> full_name.py:162:14
+    |
+161 | try:
+162 |     for _ in os.getcwdb():
+    |              ^^^^^^^^^^
+163 |         print("getcwdb: iterable")
+164 |         break
+    |
+help: Replace with `Path.cwd()`
+
+PTH115 `os.readlink()` should be replaced by `Path.readlink()`
+   --> full_name.py:169:14
+    |
+168 | try:
+169 |     for _ in os.readlink(sys.executable):
+    |              ^^^^^^^^^^^
+170 |         print("readlink: iterable")
+171 |         break
+    |
+help: Replace with `Path(...).readlink()`
--- a/crates/ruff_linter/src/rules/flake8_use_pathlib/snapshots/ruff_linterrulesflake8_use_pathlibtestspreview_full_name.py.snap
+++ b/crates/ruff_linter/src/rules/flake8_use_pathlib/snapshots/ruff_linterrulesflake8_use_pathlibtestspreview_full_name.py.snap
@@ -1037,5 +1037,142 @@ PTH121 `os.path.samefile()` should be replaced by `Path.samefile()`
 138 |
 139 | os.path.samefile("pth1_file", "pth1_link", 1, *[1], **{"x": 1}, foo=1)
    | ^^^^^^^^^^^^^^^^
+140 |
+141 | # See: https://github.com/astral-sh/ruff/issues/21794
    |
 help: Replace with `Path(...).samefile()`
+
+PTH104 [*] `os.rename()` should be replaced by `Path.rename()`
+   --> full_name.py:144:4
+    |
+142 | import sys
+143 |
+144 | if os.rename("pth1.py", "pth1.py.bak"):
+    |    ^^^^^^^^^
+145 |     print("rename: truthy")
+146 | else:
+    |
+help: Replace with `Path(...).rename(...)`
+140 | 
+141 | # See: https://github.com/astral-sh/ruff/issues/21794
+142 | import sys
+143 + import pathlib
+144 | 
+    - if os.rename("pth1.py", "pth1.py.bak"):
+145 + if pathlib.Path("pth1.py").rename("pth1.py.bak"):
+146 |     print("rename: truthy")
+147 | else:
+148 |     print("rename: falsey")
+note: This is an unsafe fix and may change runtime behavior
+
+PTH105 [*] `os.replace()` should be replaced by `Path.replace()`
+   --> full_name.py:149:4
+    |
+147 |     print("rename: falsey")
+148 |
+149 | if os.replace("pth1.py.bak", "pth1.py"):
+    |    ^^^^^^^^^^
+150 |     print("replace: truthy")
+151 | else:
+    |
+help: Replace with `Path(...).replace(...)`
+140 | 
+141 | # See: https://github.com/astral-sh/ruff/issues/21794
+142 | import sys
+143 + import pathlib
+144 | 
+145 | if os.rename("pth1.py", "pth1.py.bak"):
+146 |     print("rename: truthy")
+147 | else:
+148 |     print("rename: falsey")
+149 | 
+    - if os.replace("pth1.py.bak", "pth1.py"):
+150 + if pathlib.Path("pth1.py.bak").replace("pth1.py"):
+151 |     print("replace: truthy")
+152 | else:
+153 |     print("replace: falsey")
+note: This is an unsafe fix and may change runtime behavior
+
+PTH109 [*] `os.getcwd()` should be replaced by `Path.cwd()`
+   --> full_name.py:155:14
+    |
+154 | try:
+155 |     for _ in os.getcwd():
+    |              ^^^^^^^^^
+156 |         print("getcwd: iterable")
+157 |         break
+    |
+help: Replace with `Path.cwd()`
+140 | 
+141 | # See: https://github.com/astral-sh/ruff/issues/21794
+142 | import sys
+143 + import pathlib
+144 | 
+145 | if os.rename("pth1.py", "pth1.py.bak"):
+146 |     print("rename: truthy")
+--------------------------------------------------------------------------------
+153 |     print("replace: falsey")
+154 | 
+155 | try:
+    -     for _ in os.getcwd():
+156 +     for _ in pathlib.Path.cwd():
+157 |         print("getcwd: iterable")
+158 |         break
+159 | except TypeError as e:
+note: This is an unsafe fix and may change runtime behavior
+
+PTH109 [*] `os.getcwd()` should be replaced by `Path.cwd()`
+   --> full_name.py:162:14
+    |
+161 | try:
+162 |     for _ in os.getcwdb():
+    |              ^^^^^^^^^^
+163 |         print("getcwdb: iterable")
+164 |         break
+    |
+help: Replace with `Path.cwd()`
+140 | 
+141 | # See: https://github.com/astral-sh/ruff/issues/21794
+142 | import sys
+143 + import pathlib
+144 | 
+145 | if os.rename("pth1.py", "pth1.py.bak"):
+146 |     print("rename: truthy")
+--------------------------------------------------------------------------------
+160 |     print("getcwd: not iterable")
+161 | 
+162 | try:
+    -     for _ in os.getcwdb():
+163 +     for _ in pathlib.Path.cwd():
+164 |         print("getcwdb: iterable")
+165 |         break
+166 | except TypeError as e:
+note: This is an unsafe fix and may change runtime behavior
+
+PTH115 [*] `os.readlink()` should be replaced by `Path.readlink()`
+   --> full_name.py:169:14
+    |
+168 | try:
+169 |     for _ in os.readlink(sys.executable):
+    |              ^^^^^^^^^^^
+170 |         print("readlink: iterable")
+171 |         break
+    |
+help: Replace with `Path(...).readlink()`
+140 | 
+141 | # See: https://github.com/astral-sh/ruff/issues/21794
+142 | import sys
+143 + import pathlib
+144 | 
+145 | if os.rename("pth1.py", "pth1.py.bak"):
+146 |     print("rename: truthy")
+--------------------------------------------------------------------------------
+167 |     print("getcwdb: not iterable")
+168 | 
+169 | try:
+    -     for _ in os.readlink(sys.executable):
+170 +     for _ in pathlib.Path(sys.executable).readlink():
+171 |         print("readlink: iterable")
+172 |         break
+173 | except TypeError as e:
+note: This is an unsafe fix and may change runtime behavior
--- a/crates/ruff_linter/src/rules/mccabe/rules/function_is_too_complex.rs
+++ b/crates/ruff_linter/src/rules/mccabe/rules/function_is_too_complex.rs
@@ -503,7 +503,7 @@ def f():
    }

    #[test]
-    fn match_case_catch_all_with_seuqnece() -> Result<()> {
+    fn match_case_catch_all_with_sequence() -> Result<()> {
        let source = r"
 def f():
    match subject:
--- a/crates/ruff_linter/src/rules/pyflakes/rules/redefined_while_unused.rs
+++ b/crates/ruff_linter/src/rules/pyflakes/rules/redefined_while_unused.rs
@@ -30,6 +30,12 @@ use rustc_hash::FxHashMap;
 /// import foo
 /// import bar
 /// ```
+///
+/// ## Options
+///
+/// This rule ignores dummy variables, as determined by:
+///
+/// - `lint.dummy-variable-rgx`
 #[derive(ViolationMetadata)]
 #[violation_metadata(stable_since = "v0.0.171")]
 pub(crate) struct RedefinedWhileUnused {
--- a/crates/ruff_linter/src/rules/pyflakes/rules/unused_annotation.rs
+++ b/crates/ruff_linter/src/rules/pyflakes/rules/unused_annotation.rs
@@ -18,6 +18,12 @@ use crate::checkers::ast::Checker;
 ///     bar: int
 /// ```
 ///
+/// ## Options
+///
+/// This rule ignores dummy variables, as determined by:
+///
+/// - `lint.dummy-variable-rgx`
+///
 /// ## References
 /// - [PEP 484 – Type Hints](https://peps.python.org/pep-0484/)
 #[derive(ViolationMetadata)]
--- a/Show More
+++ b/Show More