chore(deps): Bump the datalad group across 1 directory with 9 updates

[dependabot]

Bumps the datalad group with 9 updates in the /services/datalad directory:

Package	From	To
bidsschematools	1.1.6	1.2.2
boto3	1.42.41	1.42.75
charset-normalizer	3.4.4	3.4.6
pygithub	2.8.1	2.9.0
pyjwt	2.12.0	2.12.1
coverage	7.13.3	7.13.5
datalad	1.3.1	1.3.4
pytest-cov	7.0.0	7.1.0
ruff	0.15.0	0.15.7

Updates bidsschematools from 1.1.6 to 1.2.2

Release notes

Sourced from bidsschematools's releases.

v1.2.2

Changes

• BEP 18 suggestions #398 (effigies)
• [MISC] Add Sébastien Tourbier to contributors #394 (sebastientourbier)
• [MISC] moved list of extension proposals to the main BIDS website #389 (robertoostenveld)
• [FIX] Typos and clarifications #386 (apjanke)
• ENH: Add watermark to drafts #383 (effigies)
• [MISC] Teon Brooks retiring moderator duties for BEP021 #381 (teonbrooks)
• [FIX] clarify that string is expected for HowToAcknowledge field in dataset_description.json #380 (sappelhoff)
• [MISC] Typo and style #378 (TheChymera)
• [FIX] divide readme into 3 parts #374 (sappelhoff)
• FIX: Refer to BIDS consistently, instead of "\<Modality>-BIDS" #366 (sappelhoff)
• [FIX] Change recommended anonymization date from 1900 to 1925 #363 (alexrockhill)
• [FIX] Minor fixups of inconsistencies while going through a PDF version #362 (yarikoptic)
• specify further the pipeline following #345 #358 (CPernet)
• FIX: clarify that filters should be specified as object of objects #348 (sappelhoff)
• FIX: Clarify channels.tsv is RECOMMENDED consistently across ephys #347 (sappelhoff)
• [FIX] Typo fix (contract -> contrast) in events documentation #346 (snastase)
• RM: rm TOC.md - seems no longer pertinent/used #341 (yarikoptic)
• [MISC] Move the PR template to a separate folder and improve contents #338 (jhlegarreta)
• [INFRA] Find npm requirements file in Circle #336 (franklin-feingold)
• ENH: Clarify the position toward non-compliant derivative datasets and files #334 (effigies)
• [ENH] Clarify phenotypic and assessment data in new section #331 (sappelhoff)
• [MISC] add information about continuous integration checks to PR template #330 (sappelhoff)
• [FIX] Fix Common principles Key/value files section level #328 (jhlegarreta)
• [INFRA] Set the maximum heading length lint check to false #325 (jhlegarreta)
• [FIX] Number explicitly all cases in MRI field map section headers #323 (jhlegarreta)
• [FIX] Add SoftwareFilters to EEG sidecar example #322 (Remi-Gau)
• [MISC] Fixing Travis errors with Remark #320 (franklin-feingold)
• [INFRA] Link to doc builds in CI checks #315 (jasmainak)
• [MISC] Add BEP027 - BIDS Execution to BEP list #314 (effigies)
• [FIX] Add CBV and phase to Entity table #312 (tsalo)
• [FIX] Separate out imaging-specific "common derivatives" #310 (effigies)
• [FIX] Revise template-generated coordinate systems #307 (oesteban)
• [FIX] Normalization of template-generated standard spaces #306 (oesteban)
• [ENH] Release protocol notes #304 (franklin-feingold)
• [INFRA] Adding contributor appendix sentence to PR template #299 (franklin-feingold)
• [ENH] Added discontinuous datatype for EEG and iEEG #286 (wouterpotters)
• [FIX] Clarify paragraph about custom data types #264 (effigies)

v1.2.1

• FIX: repair link in anatomical MRI table #297 (sappelhoff)
• [ENH] Clarify requirements in Release Protocol #294 (franklin-feingold)
• [INFRA+FIX] Use linkchecker (from a dedicated docker image) to check all URLs #293 (yarikoptic)
• [ENH] Adding Contributors and updating contributions #284 (franklin-feingold)
• [MISC] update Code of Conduct contact #281 (franklin-feingold)
• [ENH] Update contributing guide and README to make discussion forums easy to find #279 (emdupre)
• [ENH] Starter Kit dropdown menu #278 (franklin-feingold)
• [ENH] BEP Update #277 (franklin-feingold)

... (truncated)

Commits

• 3d55770 Merge pull request #405 from bids-standard/rel/1.2.2
• 7548bee change date of release
• 297ba71 add Cyril emoji
• 8383d82 Update 01-contributors.md
• f61990b cleaned up rel from changelog
• 3ae1563 Update CHANGES.md
• ad7a16c [DOC] Auto-generate changelog entry for PR #394
• 22df6c4 Merge pull request #394 from sebastientourbier/patch-1
• 7faa189 REL: v1.2.2
• eed82fc Update 01-contributors.md
• Additional commits viewable in compare view

Updates boto3 from 1.42.41 to 1.42.75

Commits

• aaab8ce Merge branch 'release-1.42.75'
• a0efc54 Bumping version to 1.42.75
• 644038a Add changelog entries from botocore
• 70f04ae Update presigned URL docs to use sigv4 (#4740)
• 69695bb Bump github/codeql-action from 4.33.0 to 4.34.1 (#4742)
• efb76df Merge branch 'release-1.42.74'
• 3f1d8ef Merge branch 'release-1.42.74' into develop
• 8d8ff13 Bumping version to 1.42.74
• 56e7669 Add changelog entries from botocore
• 3a06d63 Merge branch 'release-1.42.73'
• Additional commits viewable in compare view

Updates charset-normalizer from 3.4.4 to 3.4.6

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.6

3.4.6 (2026-03-15)

Changed

• Flattened the logic in charset_normalizer.md for higher performance. Removed eligible(..) and feed(...) in favor of feed_info(...).
• Raised upper bound for mypy[c] to 1.20, for our optimized version.
• Updated UNICODE_RANGES_COMBINED using Unicode blocks v17.

Fixed

• Edge case where noise difference between two candidates can be almost insignificant. (#672)
• CLI --normalize writing to wrong path when passing multiple files in. (#702)

Misc

• Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (#616)

Version 3.4.5

3.4.5 (2026-03-06)

Changed

• Update setuptools constraint to setuptools>=68,<=82.
• Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

• Add explicit link to lib math in our optimized build. (#692)
• Logger level not restored correctly for empty byte sequences. (#701)
• TypeError when passing bytearray to from_bytes. (#703)

Misc

• Applied safe micro-optimizations in both our noise detector and language detector.
• Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
• Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.

[!WARNING]
mypyc changed the usual binary output for the optimized wheel. Beware, especially if using PyInstaller or alike. See jawah/charset_normalizer#714

Changelog

Sourced from charset-normalizer's changelog.

3.4.6 (2026-03-15)

Changed

• Flattened the logic in charset_normalizer.md for higher performance. Removed eligible(..) and feed(...) in favor of feed_info(...).
• Raised upper bound for mypy[c] to 1.20, for our optimized version.
• Updated UNICODE_RANGES_COMBINED using Unicode blocks v17.

Fixed

• Edge case where noise difference between two candidates can be almost insignificant. (#672)
• CLI --normalize writing to wrong path when passing multiple files in. (#702)

Misc

• Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (#616)

3.4.5 (2026-03-06)

Changed

• Update setuptools constraint to setuptools>=68,<=82.
• Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

• Add explicit link to lib math in our optimized build. (#692)
• Logger level not restored correctly for empty byte sequences. (#701)
• TypeError when passing bytearray to from_bytes. (#703)

Misc

• Applied safe micro-optimizations in both our noise detector and language detector.
• Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
• Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.

Commits

• 5478b84 Merge pull request #715 from jawah/release-3.4.6
• 5c0a09e ✔️ add confidence for threading usage, mostly due to lru_cach...
• ef826b2 📝 update changelog
• 5564f1a 📝 update docs accordingly
• 0f2cf7d 📝 update changelog
• 54a1894 🐛 fix --normalize writing to wrong path with multiple files
• 2177e28 📝 update changelog
• b2497a5 🐛 edge case where noise difference between two candidates can be almost i...
• 13a5d0b 🔧 upgrade ci requirements
• b9ffbd4 🔧 enable 3.14t nox mypyc session
• Additional commits viewable in compare view

Updates pygithub from 2.8.1 to 2.9.0

Release notes

Sourced from pygithub's releases.

v2.9.0

Notable changes

Lazy PyGithub objects

The notion of lazy objects has been added to some PyGithub classes in version 2.6.0. This release now makes all CompletableGithubObjects optionally lazy (if useful). See PyGithub/PyGithub#3403 for a complete list.

In lazy mode, getting a PyGithub object does not send a request to the GitHub API. Only accessing methods and properties sends the necessary requests to the GitHub API:

# Use lazy mode
g = Github(auth=auth, lazy=True)
these method calls do not send requests to the GitHub API
user = g.get_user("PyGithub")    # get the user
repo = user.get_repo("PyGithub") # get the user's repo
pull = repo.get_pull(3403)       # get a known pull request
issue = pull.as_issue()          # turn the pull request into an issue
these method and property calls send requests to Github API
issue.create_reaction("rocket")  # create a reaction
created = repo.created_at        # get property of lazy object repo
once a lazy object has been fetched, all properties are available (no more requests)
licence = repo.license

All PyGithub classes that implement CompletableGithubObject support lazy mode (if useful). This is only useful for classes that have methods creating, changing, or getting objects.

By default, PyGithub objects are not lazy.

PyGithub objects with a paginated property

The GitHub API has the "feature" of paginated properties. Some objects returned by the API have a property that allows for pagination. Fetching subsequent pages of that property means fetching the entire object (with all other properties) and the specified page of the paginated property. Iterating over the paginated property means fetching all other properties multiple times. Fortunately, the allowed size of each page (per_page is usually 300, in contrast to the "usual" per_page maximum of 100).

Objects with paginated properties:

• Commit.files
• Comparison.commits
• EnterpriseConsumedLicenses.users

This PR makes iterating those paginated properties use the configured per_page setting.

It further allows to specify an individual per_page when either retrieving such objects, or fetching paginated properties.

See Classes with paginated properties for details.

Drop Python 3.8 support due to End-of-Life

Python 3.8 reached its end-of-life September 6, 2024. Support has been removed with this release.

... (truncated)

Changelog

Sourced from pygithub's changelog.

Version 2.9.0 (March 22, 2026)

Notable changes ^^^^^^^^^^^^^^^

Lazy PyGithub objects """""""""""""""""""""

The notion of lazy objects has been added to some PyGithub classes in version 2.6.0. This release now makes all CompletableGithubObject\s optionally lazy (if useful). See [#3403](https://github.com/pygithub/pygithub/issues/3403) <https://github.com/PyGithub/PyGithub/pull/3403>_ for a complete list.

In lazy mode, getting a PyGithub object does not send a request to the GitHub API. Only accessing methods and properties sends the necessary requests to the GitHub API:

.. code-block:: python

# Use lazy mode
g = Github(auth=auth, lazy=True)
these method calls do not send requests to the GitHub API
user = g.get_user("PyGithub")    # get the user
repo = user.get_repo("PyGithub") # get the user's repo
pull = repo.get_pull(3403)       # get a known pull request
issue = pull.as_issue()          # turn the pull request into an issue
these method and property calls send requests to Github API
issue.create_reaction("rocket")  # create a reaction
created = repo.created_at        # get property of lazy object repo
once a lazy object has been fetched, all properties are available (no more requests)
licence = repo.license

All PyGithub classes that implement CompletableGithubObject support lazy mode (if useful). This is only useful for classes that have methods creating, changing, or getting objects.

By default, PyGithub objects are not lazy.

PyGithub objects with a paginated property """"""""""""""""""""""""""""""""""""""""""

The GitHub API has the "feature" of paginated properties. Some objects returned by the API have a property that allows for pagination. Fetching subsequent pages of that property means fetching the entire object (with all other properties) and the specified page of the paginated property. Iterating over the paginated property means fetching all other properties multiple times. Fortunately, the allowed size of each page (per_page is usually 300, in contrast to the "usual" per_page maximum of 100).

Objects with paginated properties:

... (truncated)

Commits

• 3a17ecf Release 2.9.0 (#3465)
• b1a9b7e Consider per-page settings when iterating paginated properties (#3377)
• 24305f6 Update test key pair (#3453)
• f2540db Deprecate Reaction.delete (#3435)
• 19e1c50 Add throw option to Workflow.create_dispatch to raise exceptions (#2966)
• 6461909 Add Secret Scanning Alerts and Improve Code Scan Alerts (#3307)
• 95648db Add Python 3.14 to CI and tox (#3429)
• 3716bab Use GET url or _links.self as object url (#3421)
• 61dcf49 Allow for enterprise base url prefixed with api. (#3419)
• ae23d60 Restrict PyPi release workflow permissions (#3418)
• Additional commits viewable in compare view

Updates pyjwt from 2.12.0 to 2.12.1

Release notes

Sourced from pyjwt's releases.

2.12.1

What's Changed

• Add typing_extensions dependency for Python < 3.11 by @​jpadilla in jpadilla/pyjwt#1151

Full Changelog: jpadilla/pyjwt@2.12.0...2.12.1

Changelog

Sourced from pyjwt's changelog.

v2.12.1 <https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1>__

Fixed

- Add missing ``typing_extensions`` dependency for Python < 3.11 in `[#1150](https://github.com/jpadilla/pyjwt/issues/1150) <https://github.com/jpadilla/pyjwt/issues/1150>`__

Commits

• a4e1a3d Add typing_extensions dependency for Python < 3.11 (#1151)
• See full diff in compare view

Updates coverage from 7.13.3 to 7.13.5

Changelog

Sourced from coverage's changelog.

Version 7.13.5 — 2026-03-17

• Fix: issue 2138_ describes a memory leak that happened when repeatedly using the Coverage API with in-memory data. This is now fixed.

• Fix: the markdown-formatted coverage report didn't fully escape special characters in file paths (issue 2141). This would be very unlikely to cause a problem, but now it's done properly, thanks to Ellie Ayla <pull 2142_>.

• Fix: the C extension wouldn't build on VS2019, but now it does (issue 2145_).

.. _issue 2138: coveragepy/coveragepy#2138 .. _issue 2141: coveragepy/coveragepy#2141 .. _pull 2142: coveragepy/coveragepy#2142 .. _issue 2145: coveragepy/coveragepy#2145

.. _changes_7-13-4:

Version 7.13.4 — 2026-02-09

• Fix: the third-party code fix in 7.13.3 required examining the parent directories where coverage was run. In the unusual situation that one of the parent directories is unreadable, a PermissionError would occur, as described in issue 2129_. This is now fixed.

• Fix: in test suites that change sys.path, coverage.py could fail with "RuntimeError: Set changed size during iteration" as described and fixed in pull 2130_. Thanks, Noah Fatsi.

• We now publish ppc64le wheels, thanks to Pankhudi Jain <pull 2121_>_.

.. _pull 2121: coveragepy/coveragepy#2121 .. _issue 2129: coveragepy/coveragepy#2129 .. _pull 2130: coveragepy/coveragepy#2130

.. _changes_7-13-3:

Commits

• c88da14 docs: sample HTML for 7.13.5
• e2ac3e1 build: sample HTML shouldn't include the status.json file
• 910f8f3 docs: prep for 7.13.5
• 3a4819c style: make workflows more uniform
• 2a53705 chore: bump the action-dependencies group across 1 directory with 4 updates (...
• e7c878d chore: make upgrade
• ab4db40 build: use --generate-hashes when pinning
• a438753 chore: make upgrade
• 7b33457 refactor: some leftover pyupgrade 3.10 bits
• 2ff968d refactor: this type wasn't used anywhere
• Additional commits viewable in compare view

Updates datalad from 1.3.1 to 1.3.4

Release notes

Sourced from datalad's releases.

1.3.4

🐛 Bug Fixes

• Fix run --explicit --output failing to commit file deletions. When a command deleted files specified in --output, the deletions were left unstaged because post-command globbing only matched files still present on disk. Fixes #7822 via [PR #7823](datalad/datalad#7823) (by @​yarikoptic)

• Suppress RequestsDependencyWarning emitted by requests 2.32.x when chardet>=6 is installed. The warning was purely cosmetic (HTTP functionality is unaffected) but appeared on stderr for every datalad command. Fixes #7825 (by @​yarikoptic)

• BF: Reload config after enableremote in create-sibling-ria. Fixes #7827 via [PR #7828](datalad/datalad#7828) (by @​just-meng)

1.3.3

🐛 Bug Fixes

• Avoid use of return in a finally block, which raises a SyntaxWarning as of Python 3.14. Fixes #7817 via [PR #7818](datalad/datalad#7818) (by @​effigies)

• BF: Improve datalad operations on adjusted branches (crippled filesystems) through annex merge/adjust/etc. Fixes #7768, #7769 via [PR #7770](datalad/datalad#7770) (by @​yarikoptic)

1.3.2

🐛 Bug Fixes

• ENH: push --since=^ should not push when there are no changes. [PR #7766](datalad/datalad#7766) (by @​yarikoptic)

• Adjust tests for chardet 6 which rewrote single-byte charset detection and misidentifies very short KOI8-R byte sequences as Thai. [PR #7807](datalad/datalad#7807) (by @​yarikoptic)

📝 Documentation

• DOC: modernize CONTRIBUTING.md and add CLAUDE.md. [PR #7813](datalad/datalad#7813) (by @​yarikoptic)

🧪 Tests

• BF: Harden test_gitea against transient demo.gitea.com failures. [PR #7812](datalad/datalad#7812) (by @​yarikoptic)

• BF: Fix tox test failures from PWD mismatch and non-UTF-8 encoding. [PR #7814](datalad/datalad#7814) (by @​yarikoptic)

Changelog

Sourced from datalad's changelog.

1.3.4 (2026-03-17)

🐛 Bug Fixes

• Fix run --explicit --output failing to commit file deletions. When a command deleted files specified in --output, the deletions were left unstaged because post-command globbing only matched files still present on disk. Fixes #7822 via [PR #7823](datalad/datalad#7823) (by @​yarikoptic)

• Suppress RequestsDependencyWarning emitted by requests 2.32.x when chardet>=6 is installed. The warning was purely cosmetic (HTTP functionality is unaffected) but appeared on stderr for every datalad command. Fixes #7825 (by @​yarikoptic)

• BF: Reload config after enableremote in create-sibling-ria. Fixes #7827 via [PR #7828](datalad/datalad#7828) (by @​just-meng)

1.3.3 (2026-03-12)

🐛 Bug Fixes

• Avoid use of return in a finally block, which raises a SyntaxWarning as of Python 3.14. Fixes #7817 via [PR #7818](datalad/datalad#7818) (by @​effigies)

• BF: Improve datalad operations on adjusted branches (crippled filesystems) through annex merge/adjust/etc. Fixes #7768, #7769 via [PR #7770](datalad/datalad#7770) (by @​yarikoptic)

1.3.2 (2026-03-05)

🐛 Bug Fixes

• ENH: push --since=^ should not push when there are no changes. [PR #7766](datalad/datalad#7766) (by @​yarikoptic)

• Adjust tests for chardet 6 which rewrote single-byte charset detection and misidentifies very short KOI8-R byte sequences as Thai. [PR #7807](datalad/datalad#7807) (by @​yarikoptic)

📝 Documentation

• DOC: modernize CONTRIBUTING.md and add CLAUDE.md. [PR #7813](datalad/datalad#7813) (by @​yarikoptic)

🧪 Tests

• BF: Harden test_gitea against transient demo.gitea.com failures. [PR #7812](datalad/datalad#7812) (by @​yarikoptic)

... (truncated)

Commits

• 8eab3b1 [skip ci] Update docs/source/changelog.rst and CITATION.cff
• 152e8fe [skip ci] Update CHANGELOG
• b56de22 Merge pull request #7828 from just-meng/bf-create-sibling-ria-reconfigure-uuid
• 82c64ba [release-action] Autogenerate changelog snippet for PR 7828
• d7a2df1 TST: Verify ORA remote UUID after reconfigure with removed siblings (gh-7827)
• 782158f BF: Reload config after enableremote in create-sibling-ria (Closes #7827)
• 2e37108 Merge pull request #7826 from datalad/bf-requests-warning
• 83a75b5 BF: Suppress RequestsDependencyWarning from requests (Closes #7825)
• 6bc8b57 Merge pull request #7823 from yarikoptic/bf-7822-explicit
• 9d92408 [skip ci] Update docs/source/changelog.rst and CITATION.cff
• Additional commits viewable in compare view

Updates pytest-cov from 7.0.0 to 7.1.0

Changelog

Sourced from pytest-cov's changelog.

7.1.0 (2026-03-21)

• Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See [#641](https://github.com/pytest-dev/pytest-cov/issues/641) <https://github.com/pytest-dev/pytest-cov/issues/641>_.

• Improve handling of ResourceWarning from sqlite3.

  The plugin adds warning filter for sqlite3 ResourceWarning unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.

  With this fix one can suppress ResourceWarning from sqlite3 from command line::

  pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...

• Various improvements to documentation. Contributed by Art Pelling in [#718](https://github.com/pytest-dev/pytest-cov/issues/718) <https://github.com/pytest-dev/pytest-cov/pull/718>_ and "vivodi" in [#738](https://github.com/pytest-dev/pytest-cov/issues/738) <https://github.com/pytest-dev/pytest-cov/pull/738>. Also closed [#736](https://github.com/pytest-dev/pytest-cov/issues/736) <https://github.com/pytest-dev/pytest-cov/issues/736>.

• Fixed some assertions in tests. Contributed by in Markéta Machová in [#722](https://github.com/pytest-dev/pytest-cov/issues/722) <https://github.com/pytest-dev/pytest-cov/pull/722>_.

• Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).

Commits

• 66c8a52 Bump version: 7.0.0 → 7.1.0
• f707662 Make the examples use pypy 3.11.
• 6049a78 Make context test use the old ctracer (seems the new sysmon tracer behaves di...
• 8ebf20b Update changelog.
• 861d30e Remove the backup context manager - shouldn't be needed since coverage 5.0, ...
• fd4c956 Pass the precision on the nulled total (seems that there's some caching goion...
• 78c9c4e Only run the 3.9 on older deps.
• 4849a92 Punctuation.
• 197c35e Update changelog and hopefully I don't forget to publish release again :))
• 14dc1c9 Update examples to use 3.11 and make the adhoc layout example look a bit more...
• Additional commits viewable in compare view

Updates ruff from 0.15.0 to 0.15.7

Release notes

Sourced from ruff's releases.

0.15.7

Release Notes

Released on 2026-03-19.

Preview features

• Display output severity in preview (#23845)
• Don't show noqa hover for non-Python documents (#24040)

Rule changes

• [pycodestyle] Recognize pyrefly: as a pragma comment (E501) (#24019)

Server

• Don't return code actions for non-Python documents (#23905)

Documentation

• Add company AI policy to contributing guide (#24021)
• Document editor features for Markdown code formatting (#23924)
• [pylint] Improve phrasing (PLC0208) (#24033)

Other changes

• Use PEP 639 license information (#19661)

Contributors

• @​tmimmanuel
• @​DimitriPapadopoulos
• @​amyreese
• @​statxc
• @​dylwil3
• @​hunterhogan
• @​renovate

Install ruff 0.15.7

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.7/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.7/ruff-installer.ps1 | iex"
</tr></table> 

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.7

Released on 2026-03-19.

Preview features

• Display output severity in preview (#23845)
• Don't show noqa hover for non-Python documents (#24040)

Rule changes

• [pycodestyle] Recognize pyrefly: as a pragma comment (E501) (#24019)

Server

• Don't return code actions for non-Python documents (#23905)

Documentation

• Add company AI policy to contributing guide (#24021)
• Document editor features for Markdown code formatting (#23924)
• [pylint] Improve phrasing (PLC0208) (#24033)

Other changes

• Use PEP 639 license information (#19661)

Contributors

• @​tmimmanuel
• @​DimitriPapadopoulos
• @​amyreese
• @​statxc
• @​dylwil3
• @​hunterhogan
• @​renovate

0.15.6

Released on 2026-03-12.

Preview features

• Add support for lazy import parsing (#23755)
• Add support for star-unpacking of comprehensions (PEP 798) (#23788)
• Reject semantic syntax errors for lazy imports (#23757)
• Drop a few rules from the preview default set (#23879)
• [airflow] Flag Variable.get() calls outside of task execution context (AIR003) (#23584)
• [airflow] Flag runtime-varying values in DAG/task constructor arguments (AIR304) (#23631)
• [flake8-bugbear] Implement delattr-with-constant (B043) (#23737)

... (truncated)

Commits

• 0ef39de Bump 0.15.7 (#24049)
• beb543b [ty] ecosystem-analyzer: Fail on newly panicking projects (#24043)
• 378fe73 Don't show noqa hover for non-Python documents (#24040)
• b5665bd [pylint] Improve phrasing (PLC0208) (#24033)
• 6e20f22 test: migrate show_settings and version tests to use CliTest (#23702)
• f99b284 Drain file watcher events during test setup (#24030)
• 744c996 [ty] Filter out unsatisfiable inference attempts during generic call narrowin...
• 1616095 [ty] Avoid inferring intersection types for call arguments (#23933)
• 7f275f4 [ty] Pin mypy_primer in setup_primer_project.py (#24020)
• 7255e36 [pycodestyle] Recognize pyrefly: as a pragma comment (E501) (#24019)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 45.64%. Comparing base (8361653) to head (8ab4c2f).
⚠️ Report is 88 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3853      +/-   ##
==========================================
+ Coverage   45.49%   45.64%   +0.15%     
==========================================
  Files         650      652       +2     
  Lines       35012    35450     +438     
  Branches     1729     1796      +67     
==========================================
+ Hits        15927    16181     +254     
- Misses      18903    19087     +184     
  Partials      182      182              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[codecov]

Bundle Report

Changes will decrease total bundle size by 5.85kB (-0.04%) ⬇️. This is within the configured threshold ✅

Detailed changes

Bundle name	Size	Change
@openneuro/app-esm	16.14MB	-5.85kB (-0.04%) ⬇️

Affected Assets, Files, and Routes:

view changes for bundle: @openneuro/app-esm

Assets Changed:

Asset Name	Size Change	Total Size	Change (%)
assets/schema-*.js	-795 bytes	10.05MB	-0.01%
assets/index-*.js	-3.19kB	974.24kB	-0.33%
assets/dataset-*.js	124 bytes	388.74kB	0.03%
assets/validationUtils-*.js	-435 bytes	354.52kB	-0.12%
assets/index-*.css	-289 bytes	105.83kB	-0.27%
assets/data-*.js	-833 bytes	85.03kB	-0.97%
assets/front-*.js	-241 bytes	41.79kB	-0.57%
assets/search-*.css	-44 bytes	24.62kB	-0.18%
assets/front-*.css	-22 bytes	13.38kB	-0.16%
assets/contributors-*.js	-121 bytes	10.57kB	-1.13%
assets/Tooltip-*.css	-2 bytes	7.56kB	-0.03%