Bump ty from 0.0.21 to 0.0.27

[dependabot]

Bumps ty from 0.0.21 to 0.0.27.

Release notes

Sourced from ty's releases.

0.0.27

Release Notes

Released on 2026-03-31.

Bug fixes

• Fix panic on debug builds when attempting to provide autocomplete suggestions for list[int]<CURSOR>() (#24167)
• Fix instance-attribute lookup in methods of protocol classes (#24213)
• Fix nested global and nonlocal lookups through forwarding scopes (#24279)
• Fix panic on list[Annotated[()]] (#24303)
• Fix stack overflow on type A = TypeIs[Callable[[], A]] (#24245)
• Use _cls as the name of the first argument for synthesized collections.namedtuple constructor methods (#24333)

LSP server

• Fix semantic token classification for properties accessed on instances (#24065)
• Grey out unused bindings in the editor (#23305)

Core type checking

• Add bidirectional type context for TypedDict get() defaults (#24231)
• Add bidirectional type context for TypedDict pop() defaults (#24229)
• Add support for functional TypedDict (#24174, #24331, #24295)
• Ban type qualifiers in PEP-695 type aliases (#24242)
• Enforce Final attribute assignment rules for annotated and augmented writes (#23880)
• Improve support for Callable type context (#23888)
• Infer lambda expressions with Callable type context (#22633)
• Don't incorrectly infer the type of a method as being a singleton type when it's accessed off an instance (#24039)
• Propagate type context through await expressions (#24256)
• Resolve union-likes in emitting union attribute errors (#24263)
• Show the user where the variable was declared as Final when emitting a diagnostic about a Final variable being reassigned (#24194)

Contributors

• @​carljm
• @​mvanhorn
• @​oconnor663
• @​ibraheemdev
• @​zanieb
• @​denyszhak
• @​Glyphack
• @​charliermarsh
• @​AlexWaygood

Install ty 0.0.27

Install prebuilt binaries via shell script

</tr></table> 

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.27

Released on 2026-03-31.

Bug fixes

• Fix panic on debug builds when attempting to provide autocomplete suggestions for list[int]<CURSOR>() (#24167)
• Fix instance-attribute lookup in methods of protocol classes (#24213)
• Fix nested global and nonlocal lookups through forwarding scopes (#24279)
• Fix panic on list[Annotated[()]] (#24303)
• Fix stack overflow on type A = TypeIs[Callable[[], A]] (#24245)
• Use _cls as the name of the first argument for synthesized collections.namedtuple constructor methods (#24333)

LSP server

• Fix semantic token classification for properties accessed on instances (#24065)
• Grey out unused bindings in the editor (#23305)

Core type checking

• Add bidirectional type context for TypedDict get() defaults (#24231)
• Add bidirectional type context for TypedDict pop() defaults (#24229)
• Add support for functional TypedDict (#24174, #24331, #24295)
• Ban type qualifiers in PEP-695 type aliases (#24242)
• Enforce Final attribute assignment rules for annotated and augmented writes (#23880)
• Improve support for Callable type context (#23888)
• Infer lambda expressions with Callable type context (#22633)
• Don't incorrectly infer the type of a method as being a singleton type when it's accessed off an instance (#24039)
• Propagate type context through await expressions (#24256)
• Resolve union-likes in emitting union attribute errors (#24263)
• Show the user where the variable was declared as Final when emitting a diagnostic about a Final variable being reassigned (#24194)

Contributors

• @​carljm
• @​mvanhorn
• @​oconnor663
• @​ibraheemdev
• @​zanieb
• @​denyszhak
• @​Glyphack
• @​charliermarsh
• @​AlexWaygood

0.0.26

Released on 2026-03-26.

Bug fixes

... (truncated)

Commits

• 5c9e342 Bump version to 0.0.27 (#3185)
• e6a5731 Update actions/cache action to v5.0.4 (#3172)
• c47b982 Update prek dependencies (#3173)
• 657abcf Update astral-sh/setup-uv action to v8 (#3174)
• 9e582cb Fetch the cargo-dist binary directly instead of using the installer (#3160)
• d5c51ea docs: use content tabs (#3146)
• 9893776 Use the release environment in publish-docs (#3147)
• 9403051 Bump version to 0.0.26 (#3145)
• d60899a Bump version to 0.0.25 (#3125)
• db65b3e Update documentation to reflect type:ignore changes (#3121)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (b82665b) to head (a6a01ef).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main      #111   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            2         2           
  Lines            7         7           
=========================================
  Hits             7         7           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

✅⚠️MegaLinter analysis: Success with warnings

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	3		0	0	0.01s
✅ COPYPASTE	jscpd	yes		no	no	1.41s
✅ MARKDOWN	markdownlint	17		0	0	0.76s
✅ MARKDOWN	markdown-table-formatter	18		0	0	0.91s
✅ REPOSITORY	checkov	yes		no	no	19.94s
✅ REPOSITORY	gitleaks	yes		no	no	0.22s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
✅ REPOSITORY	grype	yes		no	no	37.43s
⚠️ REPOSITORY	kics	yes		1	no	2.05s
✅ REPOSITORY	secretlint	yes		no	no	0.99s
✅ REPOSITORY	syft	yes		no	no	2.32s
✅ REPOSITORY	trivy	yes		no	no	13.8s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.24s
✅ REPOSITORY	trufflehog	yes		no	no	4.55s
✅ YAML	prettier	10		0	0	0.64s
✅ YAML	v8r	10		0	0	7.05s
✅ YAML	yamllint	10		0	0	0.49s

Detailed Issues

⚠️ REPOSITORY / kics - 1 error

MLLLLLM             MLLLLLLLLL   LLLLLLL             KLLLLLLLLLLLLLLLL       LLLLLLLLLLLLLLLLLLLLLLL 
   MMMMMMM           MMMMMMMMMML    MMMMMMMK       LMMMMMMMMMMMMMMMMMMMML   KLMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM         MMMMMMMMML       MMMMMMMK     LMMMMMMMMMMMMMMMMMMMMMML  LMMMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM      MMMMMMMMMML         MMMMMMMK   LMMMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM    LMMMMMMMMML           MMMMMMMK  LMMMMMMMMMLLMLLLLLLLLLLLLLL LMMMMMMMLLLLLLLLLLLLLLLLLLLLM 
   MMMMMMM  MMMMMMMMMLM             MMMMMMMK LMMMMMMMM                    LMMMMMML                      
   MMMMMMMLMMMMMMMML                MMMMMMMK MMMMMMML                     LMMMMMMMMLLLLLLLLLLLLLMLL     
   MMMMMMMMMMMMMMMM                 MMMMMMMK MMMMMML                       LMMMMMMMMMMMMMMMMMMMMMMMMML  
   MMMMMMMMMMMMMMMMMM               MMMMMMMK MMMMMMM                         LMMMMMMMMMMMMMMMMMMMMMMMML 
   MMMMMMM KLMMMMMMMMML             MMMMMMMK LMMMMMMM                                          MMMMMMMML
   MMMMMMM    LMMMMMMMMMM           MMMMMMMK LMMMMMMMMLL                                        MMMMMMML
   MMMMMMM      LMMMMMMMMMLL        MMMMMMMK  LMMMMMMMMMMMMMMMMMMMMMMMMML LLLLLLLLLLLLLLLLLLLLMMMMMMMMMM
   MMMMMMM        MMMMMMMMMMML      MMMMMMMK   MMMMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM          LLMMMMMMMMML    MMMMMMMK     LLMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMML  
   MMMMMMM             MMMMMMMMMML  MMMMMMMK         KLMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMLK    
                                                                                                            
                                                                                                                                                                                                                                                                                                                        


Scanning with Keeping Infrastructure as Code Secure v2.1.19





Unpinned Actions Full Length Commit SHA, Severity: LOW, Results: 1
Description: Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
Platform: CICD
CWE: 829
Risk Score: 4.1
Learn more about this vulnerability: https://docs.kics.io/latest/queries/cicd-queries/555ab8f9-2001-455e-a077-f2d0f41e2fb9

	[1]: .github/workflows/cd.yml:51

		050:       - name: Publish build artifacts to PyPI
		051:         uses: pypa/gh-action-pypi-publish@v1.13.0
		052: 



Results Summary:
CRITICAL: 0
HIGH: 0
MEDIUM: 0
LOW: 1
INFO: 0
TOTAL: 1

A new version 'v2.1.20' of KICS is available, please consider updating

See detailed reports in MegaLinter artifacts

Show us your support by starring ⭐ the repository

[dependabot]

Looks like ty is up-to-date now, so this is no longer needed.