chore(deps): uv: bump the all-python group across 1 directory with 3 updates

[dependabot]

Bumps the all-python group with 3 updates in the /agent directory: cedarpy, ruff and ty.

Updates cedarpy from 4.8.0 to 4.8.3

Release notes

Sourced from cedarpy's releases.

cedarpy v4.8.3

Patch release fixing a behavior regression introduced in 4.8.2. Cedar Policy engine version is unchanged at v4.8.2.

If you upgraded to 4.8.2 and noticed that AuthzResult.diagnostics.reasons started reporting your @id("...") annotation value instead of the parser-generated policyN id — and you depended on the parser id (policyN) for downstream lookups — 4.8.3 restores reasons to the original behavior while keeping the labeling ergonomics in a parallel map.

Changed

• Behavior change (partial revert of 4.8.2). AuthzResult.diagnostics.reasons and ValidationError.policy_id once again surface the parser-generated PolicyId (e.g., policy0), restoring the 4.8.1 contract that was relied on for multi-tenant disambiguation. The @id("...") annotation value is now exposed in a parallel map keyed by the parser id: Diagnostics.id_annotations_by_reason and ValidationResult.id_annotations_by_policy_id. Entries are present whenever the policy declares an @id annotation, with the literal annotation value as the map value. So @id("foo") contributes "foo", and @id("") / bare @id (which the Cedar docs define as equivalent to @id("")) contributes "". Policies with no @id annotation are omitted from the map. This keeps the 4.8.2 ergonomics gain (recover the @id label without rebuilding the policy set) while preventing identity collapse/collision when two policies share the same @id (#77, #78)

Lookup pattern

result = is_authorized(request, policies, entities)
for pid in result.diagnostics.reasons:                       # ["policy0", "policy1", ...]
    label = result.diagnostics.id_annotations_by_reason.get(pid)
    if label:
        print(f"  matched: {pid} ({label})")
    else:
        print(f"  matched: {pid}")

The same pattern applies to ValidationResult.errors[*].policy_id and ValidationResult.id_annotations_by_policy_id.

Thanks

Thanks to @​aashitk for the high-quality bug report in #77, and to @​Iamrodos for joining the design discussion.

---

Full Changelog: k9securityio/cedar-py@v4.8.2...v4.8.3

cedarpy v4.8.2

v4.8.2 ships three improvements:

• Correctness: invalid schemas now surface as Decision.NoDecision (or validation_passed=False) with a diagnostic, instead of being silently discarded while is_authorized returned a real Allow/Deny based on no schema (#65 - thanks @​rupivbluegreen!).
• Ergonomics: @id("...") annotations on a policy now surface as the human-readable id in AuthzResult.diagnostics.reasons and ValidationError.policy_id, making diagnostics easier to read in logs and tooling (#74, #75 - thanks @​rupivbluegreen for the original feature proposal and work in #66 that started us down this path!).
• Release process robustness:
  • make release now actually builds and tests the release-mode wheel that would ship — the target previously produced an unoptimized dev-profile wheel and ran tests against whatever was installed in the venv, neither of which exercised the artifact. PyPI artifacts were unaffected; this only fixed locally-built wheels.
  • Benchmarks now run in release mode against a synthesized median-of-5 v4.8.0 baseline (make benchmark-compare), and a committed cross-state history (make benchmark-history → tests/benchmark/results/HISTORY.md) records performance across cedar-py development states. Together these make performance regressions easier to detect than the previous debug-mode single-run captures (#69, #71, #72).

Cedar Policy engine version is unchanged (still v4.8.2).

Added

• Behavior change. @id("...") annotations on a policy now surface as the human-readable id in AuthzResult.diagnostics.reasons and ValidationError.policy_id, instead of the auto-generated policy0/policy1/... id. Annotations are inert in Cedar evaluation per the Cedar docs; this is a labeling step on the response surface, not a rename of the underlying PolicyId. An @id with an empty value — either @id("") or value-less @id (which per the Cedar docs is equivalent to @id("")) — falls back to the parser-generated id, since an empty display id is unhelpful for logs and lookups (#29, #74, #75 — thanks @​rupivbluegreen for the original feature proposal and prototype in #66).

Changed

• Behavior change. is_authorized / is_authorized_batch now return Decision.NoDecision with a diagnostic when given an invalid schema, instead of silently discarding the schema and returning a real Allow / Deny. The same path applies in validate_policies (#65 — thanks @​rupivbluegreen).

... (truncated)

Changelog

Sourced from cedarpy's changelog.

[4.8.3] - 2026-05-13

Changed

• Behavior change (partial revert of 4.8.2). AuthzResult.diagnostics.reasons and ValidationError.policy_id once again surface the parser-generated PolicyId (e.g., policy0), restoring the 4.8.1 contract that was relied on for multi-tenant disambiguation. The @id("...") annotation value is now exposed in a parallel map keyed by the parser id: Diagnostics.id_annotations_by_reason and ValidationResult.id_annotations_by_policy_id. Entries are present whenever the policy declares an @id annotation, with the literal annotation value as the map value — so @id("foo") contributes "foo", and @id("") / bare @id (which the Cedar docs define as equivalent to @id("")) contributes "". Policies with no @id annotation are omitted from the map. This keeps the 4.8.2 ergonomics gain (recover the @id label without rebuilding the policy set) while preventing identity collapse when two policies share the same @id (#77)

[4.8.2] - 2026-05-12

Added

• Behavior change. @id("...") annotations on a policy now surface as the human-readable id in AuthzResult.diagnostics.reasons and ValidationError.policy_id, instead of the auto-generated policy0/policy1/... id. Annotations are inert in Cedar evaluation per the Cedar docs; this is a labeling step on the response surface, not a rename of the underlying PolicyId. An @id with an empty value — either @id("") or value-less @id (which per the Cedar docs is equivalent to @id("")) — falls back to the parser-generated id, since an empty display id is unhelpful for logs and lookups (#29, #74, #75)

Changed

• Behavior change. is_authorized / is_authorized_batch now return Decision.NoDecision with a diagnostic when given an invalid schema, instead of silently discarding the schema and returning a real Allow / Deny. The same path applies in validate_policies (#65)

Fixed

• make release now builds and tests a release-mode wheel. The target previously ran maturin build (which defaults to the dev/debug profile) and then ran pytest against whatever cedarpy was currently installed in the venv — neither half tested the wheel that would ship. PyPI artifacts were unaffected (CI already passed --release); this fixes locally-built wheels.

[4.8.1] - 2026-04-22

Dependency update release. No functional or API changes — Cedar Policy engine version is unchanged (still v4.8.2).

Security

• Bump pytest 7.4.0 → 9.0.3 — CVE-2025-71176 (#41)
• Bump wheel 0.40.0 → 0.47.0 — CVE-2026-24049 (#41)
• Bump time 0.3.37 → 0.3.47 — CVE-2026-25727 (#42)
• Bump keccak 0.1.5 → 0.1.6 — GHSA-3288-p39f-rqpv (#42)

Changed

• Removed the stale rustix = "~0.37.25" pin; rustix is now governed by the transitive dep graph (#43)

Build & supply chain

• Switched PyPI publishing from a long-lived API token to PyPI Trusted Publishing (OIDC), with a protected pypi-release deployment environment requiring maintainer approval. All wheels and the sdist for this release ship with SLSA build-provenance attestations (#59)
• Added a Dependabot cooldown policy (7 days for minor/patch bumps, 14 for majors) to reduce exposure to newly-published compromised releases (#44, #45)
• Disabled Dependabot version-update PRs; security-update PRs remain active (#60)

Commits

• b76a0cc Merge pull request #79 from k9securityio/release/4.8.3
• 7d6f31c release: bump version to 4.8.3
• ff5a38d Merge pull request #78 from k9securityio/fix/issue-77-policy-ids-to-annotations
• e1ed9a4 refactor: name id_annotations map by its key + add lookup-pattern demo
• ad603bd refactor: report literal @​id annotation value in id_annotations map
• 8a36d10 fix: surface parser policy ids in diagnostics + add id_annotations map
• 3713638 chore(benchmark): declare v4.8.2 release state in history
• 2353045 Merge pull request #76 from k9securityio/release/4.8.2
• 0bbed30 release: bump version to 4.8.2
• bb48fc5 chore(benchmark): record PR #75 Path B state data
• Additional commits viewable in compare view

Updates ruff from 0.15.12 to 0.15.13

Release notes

Sourced from ruff's releases.

0.15.13

Release Notes

Released on 2026-05-14.

Preview features

• Add a rule to flag lazy imports that are eagerly evaluated (#25016)
• [pylint] Standardize diagnostic message (PLR0914, PLR0917) (#24996)

Bug fixes

• Fix F811 false positive for class methods (#24933)
• Fix setting selection for multi-folder workspace (#24819)
• [eradicate] Fix false positive for lines with leading whitespace (ERA001) (#25122)
• [flake8-pyi] Fix false positive for f-string debug specifier (PYI016) (#24098)

Rule changes

• Always include panic payload in panic diagnostic message (#24873)
• Restrict PYI034 for in-place operations to enclosing class (#24511)
• Improve error message for parameters that are declared global (#24902)
• Update known stdlib (#25103)

Performance

• [isort] Avoid constructing glob::Patterns for literal known modules (#25123)

CLI

• Add TOML examples to --config help text (#25013)
• Colorize ruff check 'All checks passed' (#25085)

Configuration

• Increase max allowed value of line-length setting (#24962)

Documentation

• Add D203 to rules that conflict with the formatter (#25044)
• Clarify COM819 and formatter interaction (#25045)
• Clarify that NotImplemented is a value, not an exception (F901) (#25054)
• Update number of lint rules supported (#24942)

Other changes

• Simplify the playground's markdown template (#24924)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.13

Released on 2026-05-14.

Preview features

• Add a rule to flag lazy imports that are eagerly evaluated (#25016)
• [pylint] Standardize diagnostic message (PLR0914, PLR0917) (#24996)

Bug fixes

• Fix F811 false positive for class methods (#24933)
• Fix setting selection for multi-folder workspace (#24819)
• [eradicate] Fix false positive for lines with leading whitespace (ERA001) (#25122)
• [flake8-pyi] Fix false positive for f-string debug specifier (PYI016) (#24098)

Rule changes

• Always include panic payload in panic diagnostic message (#24873)
• Restrict PYI034 for in-place operations to enclosing class (#24511)
• Improve error message for parameters that are declared global (#24902)
• Update known stdlib (#25103)

Performance

• [isort] Avoid constructing glob::Patterns for literal known modules (#25123)

CLI

• Add TOML examples to --config help text (#25013)
• Colorize ruff check 'All checks passed' (#25085)

Configuration

• Increase max allowed value of line-length setting (#24962)

Documentation

• Add D203 to rules that conflict with the formatter (#25044)
• Clarify COM819 and formatter interaction (#25045)
• Clarify that NotImplemented is a value, not an exception (F901) (#25054)
• Update number of lint rules supported (#24942)

Other changes

• Simplify the playground's markdown template (#24924)

Contributors

• @​MichaReiser

... (truncated)

Commits

• 2afb467 Bump 0.15.13 (#25157)
• 3008796 [ty] classify TypeVar semantic tokens as type parameters (#24891)
• 79470e3 [isort] Avoid constructing glob::Patterns for literal known modules (#25123)
• 2522549 Remove shellcheck from prek (#25154)
• 7db7170 [ty] Support TypedDict key completions in incomplete, anonymous contexts (#25...
• bb3dd53 [ty] Run full iteration analysis on narrowed typevars (#25143)
• 828cdb7 [ty] Isolate file-watching test environment (#25151)
• 89e1d86 [ty] Preserve TypedDict keys through dict unpacking (#24523)
• 86f3064 [ty] Avoid accessing args[0] for static_assert (#25149)
• ed819f9 [ty] Treat custom enum __new__ values as dynamic (#25136)
• Additional commits viewable in compare view

Updates ty from 0.0.35 to 0.0.37

Release notes

Sourced from ty's releases.

0.0.37

Release Notes

Released on 2026-05-16.

Bug fixes

• Avoid unsound not in narrowing (#25161)
• Fix async iteration over narrowed typevars (#25155)
• Fix panic in double-inference for single starred positional TypedDict (#25176)
• Fix panic in disjoint base check (#25187)
• Fix panic in recursive binary inference (#25189)
• Fix panic in cyclic __new__ (#25185)
• Fix panic in reveal_protocol, reveal_mro, etc. with keyword arguments (#25179)
• Fix panic in imported overload definition (#25168)

LSP server

• Don't show argument inlay for case-insensitive matches or prefix/suffixes (#25174)
• Reduce CPU usage of the LSP when switching between large changesets (#25142)

Core type checking

• Avoid enforcing __new__ with custom metaclasses (#25180)
• Make overload public type reachability-aware (#25171)
• Only specialized types of generic class instances should influence variance (#25124)
• Preserve ParamSpec argument context through wrapper calls (#24934)
• Support partially specialized type context for collection literals (#24506)

Contributors

• @​RasmusNygren
• @​MichaReiser
• @​charliermarsh
• @​ibraheemdev

Install ty 0.0.37

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.37/ty-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ty/releases/download/0.0.37/ty-installer.ps1 | iex"

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.37

Released on 2026-05-16.

Bug fixes

• Avoid unsound not in narrowing (#25161)
• Fix async iteration over narrowed typevars (#25155)
• Fix panic in double-inference for single starred positional TypedDict (#25176)
• Fix panic in disjoint base check (#25187)
• Fix panic in recursive binary inference (#25189)
• Fix panic in cyclic __new__ (#25185)
• Fix panic in reveal_protocol, reveal_mro, etc. with keyword arguments (#25179)
• Fix panic in imported overload definition (#25168)

LSP server

• Don't show argument inlay for case-insensitive matches or prefix/suffixes (#25174)
• Reduce CPU usage of the LSP when switching between large changesets (#25142)

Core type checking

• Avoid enforcing __new__ with custom metaclasses (#25180)
• Make overload public type reachability-aware (#25171)
• Only specialized types of generic class instances should influence variance (#25124)
• Preserve ParamSpec argument context through wrapper calls (#24934)
• Support partially specialized type context for collection literals (#24506)

Contributors

• @​RasmusNygren
• @​MichaReiser
• @​charliermarsh
• @​ibraheemdev

0.0.36

Released on 2026-05-14.

Bug fixes

• Fix Go To-Definition for self-imported submodules (#25106)
• Fix ClassVar[Self] assignment checks for class objects (#24657)
• Fix attribute access on Callable-bounded TypeVars (#24793)
• Fix panic from TypedDict schema cycle with Self fields (#25094)
• Fix panic from accessing args[0] for static_assert (#25149)
• Fix panic from non-name walrus target access (#25121)
• Fix singleton classification for runtime typing objects (#25099)
• Guard self-referential TypeOf recursion in generic callables (#24668)
• Preserve lexical ParamSpec scope for returned Callable annotations (#24909)

... (truncated)

Commits

• f18aed6 Bump version to 0.0.37 (#3473)
• a63e559 Bump version to 0.0.36 (#3463)
• 94370d5 Update prek dependencies (#3449)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[scottschreckengaust]

Remediation in another PR due to coordinated synchronization for Cedar

[scottschreckengaust]

@dependabot rebase

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.