Bump the minors-patches group with 2 updates

[dependabot]

Bumps the minors-patches group with 2 updates: ruff and jsonpath-ng.

Updates ruff from 0.14.14 to 0.15.4

Release notes

Sourced from ruff's releases.

0.15.4

Release Notes

Released on 2026-02-26.

This is a follow-up release to 0.15.3 that resolves a panic when the new rule PLR1712 was enabled with any rule that analyzes definitions, such as many of the ANN or D rules.

Bug fixes

• Fix panic on access to definitions after analyzing definitions (#23588)
• [pyflakes] Suppress false positive in F821 for names used before del in stub files (#23550)

Documentation

• Clarify first-party import detection in Ruff (#23591)
• Fix incorrect import-heading example (#23568)

Contributors

• @​stakeswky
• @​ntBre
• @​thejcannon
• @​GeObts

Install ruff 0.15.4

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.ps1 | iex"

Download ruff 0.15.4

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ruff-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
ruff-i686-pc-windows-msvc.zip	x86 Windows	checksum
ruff-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
ruff-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
ruff-i686-unknown-linux-gnu.tar.gz	x86 Linux	checksum
ruff-powerpc64-unknown-linux-gnu.tar.gz	PPC64 Linux	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.4

Released on 2026-02-26.

This is a follow-up release to 0.15.3 that resolves a panic when the new rule PLR1712 was enabled with any rule that analyzes definitions, such as many of the ANN or D rules.

Bug fixes

• Fix panic on access to definitions after analyzing definitions (#23588)
• [pyflakes] Suppress false positive in F821 for names used before del in stub files (#23550)

Documentation

• Clarify first-party import detection in Ruff (#23591)
• Fix incorrect import-heading example (#23568)

Contributors

• @​stakeswky
• @​ntBre
• @​thejcannon
• @​GeObts

0.15.3

Released on 2026-02-26.

Preview features

• Drop explicit support for .qmd file extension (#23572)

  This can now be enabled instead by setting the extension option:

  # ruff.toml
  extension = { qmd = "markdown" }
  pyproject.toml
  [tool.ruff]
  extension = { qmd = "markdown" }

• Include configured extensions in file discovery (#23400)

• [flake8-bandit] Allow suspicious imports in TYPE_CHECKING blocks (S401-S415) (#23441)

• [flake8-bugbear] Allow B901 in pytest hook wrappers (#21931)

• [flake8-import-conventions] Add missing conventions from upstream (ICN001, ICN002) (#21373)

... (truncated)

Commits

• f14edd8 Bump 0.15.4 (#23595)
• fd09d37 Fix panic on access to definitions after analyzing definitions (#23588)
• 81d655f [pyflakes] suppress false positive in F821 for names used before del in...
• 625b4f5 [ruff] docs: Clarify first-party import detection in Ruff (#23591)
• 60facfa one word typo fix in a while_loop.md test case (#23589)
• fbb9fa7 docs: fix incorrect import-heading example (#23568)
• 5bc49a9 Increase the ruleset size to 16 bits (#23586)
• a62ba8c [ty] Fix overloaded callable assignability for unary Callable targets (#23277)
• e5f2f36 Bump 0.15.3 (#23585)
• 0e19fc9 [ty] defer calculating conjunctions in narrowing constraints (#23552)
• Additional commits viewable in compare view

Updates jsonpath-ng from 1.7.0 to 1.8.0

Changelog

Sourced from jsonpath-ng's changelog.

1.8.0 - 2026-02-24

Added

• Support Python 3.13 and 3.14
• Typing for IDE autocomplete
• Support for EMOJI and CJK Unicode
• Support for DatumInContext in-place updating
• Support equality checking of Operation instances
• Support string serialization of Union and Intersect instances
• Support comma-separated indices
• Add typings for IDE autocomplete

Changed

• Rename ExtentedJsonPathParser
• Remove ply dependency

Fixed

• Fix False and None values
• Fix single constant case
• Update field filter to resolve wildcard path issue
• Vendor copy of ply and remove pickle support from the vendored copy to resolve CVE-2025-56005
• Fix string serialization throughout the library to enforce roundtrip parsing consistency.
  • Fields are more conservatively enclosed in quotion marks This fixes serialization and re-parsing of "00", '%', '0@' and "&'".
  • Operation instances can now be serialized. This fixes serialization of 0-@ and A -A.
  • SortedThis instances can now be serialized and re-parsed. This fixes serialization of 0[/0].
  • Child precedence is now preserved using parentheses during serialization. This ensures that serialized strings like a..b[c] serialize and re-parse identically.
• Fix parsing and string serialization of numeric-only identifiers. This fixes parsing of 10, which was parsed as two separate fields.
• Fix equality checks for SortedThis instances.
• Fix bool filter type to handle None values

Removed

• Python 3.8 and 3.9 no longer supported

Commits

• e59ead3 Release v1.8.0
• ee53af8 Update setup.py
• 485ffb3 Update requirements.txt
• e00121b Fix a number of bugs uncovered by roundtrip testing
• eeed776 Remove pickle support in ply modules
• 314401c Vendor ply as it is no longer maintained
• a44b275 Bump github/codeql-action from 3 to 4
• 9878070 Bump actions/checkout from 5 to 6
• 0ff6edd Test with Python 3.14
• 3fb3558 Remove official support for Python 3.8 and 3.9
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[elliotgunton]

Requires a manual change to a jsonpath expr test case due to parentheses being added in h2non/jsonpath-ng@e00121b#diff-fe79bcab0bb36458d8f0cbef7842cfe628c6d0e18e54c2c1b1344a7be0e13316R324

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.4%. Comparing base (8a63e55) to head (9434976).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@          Coverage Diff          @@
##            main   #1561   +/-   ##
=====================================
  Coverage   80.4%   80.4%           
=====================================
  Files         62      62           
  Lines       5103    5103           
  Branches     777     777           
=====================================
  Hits        4103    4103           
  Misses       864     864           
  Partials     136     136           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.