Bump the uv group with 3 updates

[dependabot]

Bumps the uv group with 3 updates: impacket, ruff and ty.

Updates impacket from 0.13.0 to 0.13.1

Release notes

Sourced from impacket's releases.

Impacket 0.13.1

Project's main page at https://www.coresecurity.com/core-labs/open-source-tools/impacket Release blogpost at https://www.coresecurity.com/blog/whats-new-impacket-0131

ChangeLog for v0.13.1:

1. Library improvements

   • SMB: Improved server and relay behavior with SMB server signing support, optional read-only shares, Kerberos/NTLM authentication controls, graceful SMB relay packet handling, SMBv1 relay fixes, SMB 3.1.1 negotiation fixes, and clearer errors for truncated SMB responses. (Fixes #2099, #2085, #2111, #2114, #2129)
   • Kerberos: Fixed S4U2Self service ticket parsing, non-ASCII authentication encoding, LSA Kerberos key decryption, GSSAPI BER length parsing, ccache/kirbi conversion edge cases, and PAC preservation/signing helpers used by ticket tooling. (#2087, #2068, #2088, #2130, #2159, #2164)
   • MSSQL/TDS: Added TDS 8.0 support for Force Strict Encryption targets, EPA channel binding handling, TDS_SSVARIANT parsing, stricter TLS-backed packet handling, workstation/application name support, and more reliable SQL reply error tracking. (#2074, #2075, #2082, #2098, #2122)
   • DCE/RPC and WMI: Added WMI PutClass/DeleteClass support, Remote Event Log subscription calls, Remote Desktop Services process parsing fixes, SCMR failure action marshaling fixes, and safer TCP transport handling on empty receives. (#1803, #2061, #2046, #2152, #2155)
   • Directory and data parsing: Added LDAP CRUD helpers, improved LDAP attribute handling, fixed large-page ESE tag parsing for Windows Server 2025 NTDS.dit files, improved NTFS sparse and INDEX_ROOT reads, fixed DPAPI_BLOB parsing with oversized input, and corrected high-codepoint unicode structure sizing. (#1764, #1995, #2097, #2106, #2112, #2158)
   • Added a reusable ACL helper module and expanded regression coverage for ACLs, NTFS, TDS, Kerberos, ESE, SCMR, WMI, SMB, and packet parsing. (#1240)

2. Examples improvements

   • ntlmrelayx.py:
     • Added MSSQL and RDP relay servers, strict MSSQL relay support, TLS-backed TDS frame reassembly, NTLM sign/seal removal paths for CVE-2025-33073-related relay workflows, and --remove-mic handling. (#2083, #2101, #2122, #2133)
     • Improved WinRM relay error handling and NTLMv2 detection, fixed WinRM NTLM relay behavior, made SMB relay negotiation more conservative by avoiding unsupported NEGOEX advertisement, and added multibyte AD CS template name support. (#2089, #2111, #2127, #2163)
     • Added shadow credentials commands to the interactive LDAP shell and updated KeyCreds handling for the January 2026 Windows changes. (#1402, #2109)
   • secretsdump.py:
     • Added SAM history parsing, improved offline machine account and Kerberos key recovery, fixed negative timestamps on Windows, added SAM password timestamp output, and filtered offline NTDS rows by local domain SID. (#2059, #2069, #2135, #2142, #2178)
   • regsecrets.py:
     • Added SAM history parsing. (#2059)
   • ticketer.py:
     • Improved ccache handling and preserved KDC-issued lifetimes for diamond tickets. (#2159, #2181)
   • ticketConverter.py:
     • Improved kirbi/ccache conversion, preserved ticket flags, converted all TGS entries, and added base64 output support. (#2104, #2159)
   • describeTicket.py:
     • Fixed credential indexing after skipped decrypts and improved Kerberoast debug output. (#2117)
   • raiseChild.py:
     • Preserved PAC buffers, added AES support for modern Windows environments, and improved ticket retry behavior. (#2164)
   • smbclient.py:
     • Added ACL management support, recursive rget, and richer share listing output with type and comments. (#1240, #2110, #2156)
   • mssqlclient.py:
     • Added workstation/application name options, linked-server RPC enable/disable commands, custom CBT support, and better MSSQL shell behavior. (#2074, #2098, #2134)
   • ntfs-read.py:
     • Improved INDEX_ROOT file listing, sparse file support, error handling, and read correctness. (#2106)
   • tstool.py:
     • Added Remote Desktop Shadowing support. (#2064)
   • badsuccessor.py:
     • Fixed ACE filtering and ObjectType GUID parsing that could cause false negatives when searching OUs. (#2170)
   • GetUserSPNs.py:
     • Added an option to avoid forcing RC4-HMAC when requesting a TGT. (#2141)
   • owneredit.py:
     • Improved distinguished name lookup behavior. (#2162)
   • exchanger.py:
     • Added Basic Authentication support. (#2077)
   • reg.py:
     • Added support for persistent registry key creation. (#2113)

... (truncated)

Changelog

Sourced from impacket's changelog.

Impacket v0.13.1 (May 2026):

1. Library improvements

   • SMB: Improved server and relay behavior with SMB server signing support, optional read-only shares, Kerberos/NTLM authentication controls, graceful SMB relay packet handling, SMBv1 relay fixes, SMB 3.1.1 negotiation fixes, and clearer errors for truncated SMB responses. (Fixes #2099, #2085, #2111, #2114, #2129)
   • Kerberos: Fixed S4U2Self service ticket parsing, non-ASCII authentication encoding, LSA Kerberos key decryption, GSSAPI BER length parsing, ccache/kirbi conversion edge cases, and PAC preservation/signing helpers used by ticket tooling. (#2087, #2068, #2088, #2130, #2159, #2164)
   • MSSQL/TDS: Added TDS 8.0 support for Force Strict Encryption targets, EPA channel binding handling, TDS_SSVARIANT parsing, stricter TLS-backed packet handling, workstation/application name support, and more reliable SQL reply error tracking. (#2074, #2075, #2082, #2098, #2122)
   • DCE/RPC and WMI: Added WMI PutClass/DeleteClass support, Remote Event Log subscription calls, Remote Desktop Services process parsing fixes, SCMR failure action marshaling fixes, and safer TCP transport handling on empty receives. (#1803, #2061, #2046, #2152, #2155)
   • Directory and data parsing: Added LDAP CRUD helpers, improved LDAP attribute handling, fixed large-page ESE tag parsing for Windows Server 2025 NTDS.dit files, improved NTFS sparse and INDEX_ROOT reads, fixed DPAPI_BLOB parsing with oversized input, and corrected high-codepoint unicode structure sizing. (#1764, #1995, #2097, #2106, #2112, #2158)
   • Added a reusable ACL helper module and expanded regression coverage for ACLs, NTFS, TDS, Kerberos, ESE, SCMR, WMI, SMB, and packet parsing. (#1240)

2. Examples improvements

   • ntlmrelayx.py:
     • Added MSSQL and RDP relay servers, strict MSSQL relay support, TLS-backed TDS frame reassembly, NTLM sign/seal removal paths for CVE-2025-33073-related relay workflows, and --remove-mic handling. (#2083, #2101, #2122, #2133)
     • Improved WinRM relay error handling and NTLMv2 detection, fixed WinRM NTLM relay behavior, made SMB relay negotiation more conservative by avoiding unsupported NEGOEX advertisement, and added multibyte AD CS template name support. (#2089, #2111, #2127, #2163)
     • Added shadow credentials commands to the interactive LDAP shell and updated KeyCreds handling for the January 2026 Windows changes. (#1402, #2109)
   • secretsdump.py:
     • Added SAM history parsing, improved offline machine account and Kerberos key recovery, fixed negative timestamps on Windows, added SAM password timestamp output, and filtered offline NTDS rows by local domain SID. (#2059, #2069, #2135, #2142, #2178)
   • regsecrets.py:
     • Added SAM history parsing. (#2059)
   • ticketer.py:
     • Improved ccache handling and preserved KDC-issued lifetimes for diamond tickets. (#2159, #2181)
   • ticketConverter.py:
     • Improved kirbi/ccache conversion, preserved ticket flags, converted all TGS entries, and added base64 output support. (#2104, #2159)
   • describeTicket.py:
     • Fixed credential indexing after skipped decrypts and improved Kerberoast debug output. (#2117)
   • raiseChild.py:
     • Preserved PAC buffers, added AES support for modern Windows environments, and improved ticket retry behavior. (#2164)
   • smbclient.py:
     • Added ACL management support, recursive rget, and richer share listing output with type and comments. (#1240, #2110, #2156)
   • mssqlclient.py:
     • Added workstation/application name options, linked-server RPC enable/disable commands, custom CBT support, and better MSSQL shell behavior. (#2074, #2098, #2134)
   • ntfs-read.py:
     • Improved INDEX_ROOT file listing, sparse file support, error handling, and read correctness. (#2106)
   • tstool.py:
     • Added Remote Desktop Shadowing support. (#2064)
   • badsuccessor.py:
     • Fixed ACE filtering and ObjectType GUID parsing that could cause false negatives when searching OUs. (#2170)
   • GetUserSPNs.py:
     • Added an option to avoid forcing RC4-HMAC when requesting a TGT. (#2141)
   • owneredit.py:
     • Improved distinguished name lookup behavior. (#2162)
   • exchanger.py:
     • Added Basic Authentication support. (#2077)
   • reg.py:
     • Added support for persistent registry key creation. (#2113)

3. New examples

... (truncated)

Commits

• See full diff in compare view

Updates ruff from 0.15.13 to 0.15.14

Release notes

Sourced from ruff's releases.

0.15.14

Release Notes

Released on 2026-05-21.

Preview features

• [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
• [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
• [pylint] Implement too-many-try-statements (W0717) (#23970)
• [ruff] Add incorrect-decorator-order (RUF074) (#23461)
• [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

• Fix lambda formatting in interpolated string expressions (#25144)
• Treat generic frozenset annotations as immutable (#25251)
• [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
• [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

• [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
• [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

• Avoid unnecessary parser lookahead for operators (#25290)

Documentation

• Update code example setting Neovim LSP log level (#25284)

Other changes

• Add full PEP 798 support (#25104)
• Add a parser recursion limit (#24810)
• Update various ruff_python_stdlib APIs (#25273)

Contributors

• @​ocaballeror
• @​lerebear
• @​samuelcolvin
• @​baltasarblanco
• @​aconal-com
• @​anishgirianish
• @​JelleZijlstra
• @​AlexWaygood
• @​ntBre

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.14

Released on 2026-05-21.

Preview features

• [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
• [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
• [pylint] Implement too-many-try-statements (W0717) (#23970)
• [ruff] Add incorrect-decorator-order (RUF074) (#23461)
• [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

• Fix lambda formatting in interpolated string expressions (#25144)
• Treat generic frozenset annotations as immutable (#25251)
• [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
• [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

• [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
• [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

• Avoid unnecessary parser lookahead for operators (#25290)

Documentation

• Update code example setting Neovim LSP log level (#25284)

Other changes

• Add full PEP 798 support (#25104)
• Add a parser recursion limit (#24810)
• Update various ruff_python_stdlib APIs (#25273)

Contributors

• @​ocaballeror
• @​lerebear
• @​samuelcolvin
• @​baltasarblanco
• @​aconal-com
• @​anishgirianish
• @​JelleZijlstra
• @​AlexWaygood
• @​ntBre
• @​adityasingh2400

... (truncated)

Commits

• 9ad2da3 Bump 0.15.14 (#25295)
• c714e84 [ty] Modernize setup of union types in mdtests (#25291)
• 8a8e35e [flake8-comprehensions] Skip C417 for lambdas with positional-only parame...
• aea5ed4 Avoid unnecessary parser lookahead for operators (#25290)
• e9d72bb [ty] Allow enum member accesses on self (#25077)
• 6cbd59b Set exclude-newer = "7 days" in our PEP-723 scripts (#25285)
• 9999a39 Update code example on how to update Neovim LSP log level (#25284)
• 67d8c54 [ty] Retain recursively-defined state in binary expressions (#25277)
• 25a3191 [ty] Refine Callable class-decorator fallback for unknown results (#25250)
• c423054 Add a recursion limit to the parser (#24810)
• Additional commits viewable in compare view

Updates ty from 0.0.35 to 0.0.38

Release notes

Sourced from ty's releases.

0.0.38

Release Notes

Released on 2026-05-19.

Bug fixes

• Fix panic in enum literal during cycle recovery (#25237)
• Fix panic from lazy NewType base expansion during cycle recovery (#25234)
• Fix class-body global lookup before class binding (#25224)
• Handle aliased dict fallbacks in TypedDict unions (#25241)
• Ignore _generate_next_value_ with custom construction hooks (#25210)

LSP server

• Fix find references for except handlers (#25231)
• Preserve delimiters when folding expressions (#24999)
• Use incremental file walk on .gitignore changes (#25183)

Core type checking

• Add first-class support for enum complements (#24961)
• Allow known non-field writes on frozen dataclass subclasses (#25087)
• Ignore generic specialization in layout compatibility checks (#25178)
• Preserve short-circuit bindings in all condition consumers (#25160)
• Support class decorators (#25091)
• Support custom _generate_next_value_ methods in enums (#25196)

Contributors

• @​MatthewMckee4
• @​MichaReiser
• @​charliermarsh
• @​lerebear
• @​thejchap

Install ty 0.0.38

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.38/ty-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ty/releases/download/0.0.38/ty-installer.ps1 | iex"

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.38

Released on 2026-05-19.

Bug fixes

• Fix panic in enum literal during cycle recovery (#25237)
• Fix panic from lazy NewType base expansion during cycle recovery (#25234)
• Fix class-body global lookup before class binding (#25224)
• Handle aliased dict fallbacks in TypedDict unions (#25241)
• Ignore _generate_next_value_ with custom construction hooks (#25210)

LSP server

• Fix find references for except handlers (#25231)
• Preserve delimiters when folding expressions (#24999)
• Use incremental file walk on .gitignore changes (#25183)

Core type checking

• Add first-class support for enum complements (#24961)
• Allow known non-field writes on frozen dataclass subclasses (#25087)
• Ignore generic specialization in layout compatibility checks (#25178)
• Preserve short-circuit bindings in all condition consumers (#25160)
• Support class decorators (#25091)
• Support custom _generate_next_value_ methods in enums (#25196)

Contributors

• @​MatthewMckee4
• @​MichaReiser
• @​charliermarsh
• @​lerebear
• @​thejchap

0.0.37

Released on 2026-05-16.

Bug fixes

• Avoid unsound not in narrowing (#25161)
• Fix async iteration over narrowed typevars (#25155)
• Fix panic in double-inference for single starred positional TypedDict (#25176)
• Fix panic in disjoint base check (#25187)
• Fix panic in recursive binary inference (#25189)
• Fix panic in cyclic __new__ (#25185)
• Fix panic in reveal_protocol, reveal_mro, etc. with keyword arguments (#25179)
• Fix panic in imported overload definition (#25168)

... (truncated)

Commits

• 1d3efc1 Bump version to 0.0.38 (#3492)
• f5100cc scripts/update_schemastore: use -C to allow re-running schema update on exist...
• f18aed6 Bump version to 0.0.37 (#3473)
• a63e559 Bump version to 0.0.36 (#3463)
• 94370d5 Update prek dependencies (#3449)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions