chore(deps): bump the python-deps group with 2 updates

[dependabot]

Updates the requirements on streamlit and ruff to permit the latest version.
Updates streamlit to 1.58.0

Release notes

Sourced from streamlit's releases.

1.58.0

What's Changed

Breaking Changes 🛠

• [chore] Remove deprecated add_rows feature by @​lukasmasuch in streamlit/streamlit#15034
• [chore] Remove langchain callback handler integration by @​lukasmasuch in streamlit/streamlit#15051

New Features 🎉

• [feature] Add custom script error handling via st.App by @​lukasmasuch in streamlit/streamlit#14972
• [feature] Add st.pagination widget by @​lukasmasuch in streamlit/streamlit#14975
• [feat] Add type parameter to st.expander and st.status for compact style by @​lukasmasuch in streamlit/streamlit#14054
• [feature][ParallelFragments] Add parallel=True dispatch to @​st.fragment by @​sfc-gh-lwilby-1 in streamlit/streamlit#15214
• [feature] Add API restrictions for parallel fragments by @​sfc-gh-lwilby-1 in streamlit/streamlit#15251
• [feature] Add streamlit skills CLI command by @​lukasmasuch in streamlit/streamlit#15116

Bug Fixes 🐛

• [fix] Selectbox first item hidden when 7 options selected by @​kmcgrady in streamlit/streamlit#14997
• [fix] Defer sys.modules eviction to script-run boundary (#14593) by @​sfc-gh-lwilby in streamlit/streamlit#14826
• [fix] OAuth MismatchingStateError regression in 1.57.0 by @​lukasmasuch in streamlit/streamlit#15048
• [fix] Programmatically closed popovers/expanders reopening on interaction with another by @​kmcgrady in streamlit/streamlit#14945
• [fix] Support symlinks in Starlette static file serving by @​lukasmasuch in streamlit/streamlit#15112
• [feature] Sync URL when session_state updates query-param-bound widgets by @​sfc-gh-lwilby in streamlit/streamlit#14744
• fix: add usedforsecurity=False to blake2b for FIPS compatibility by @​andriykislitsyn in streamlit/streamlit#15149
• fix(fragment): prevent stale auto-reruns from crashing apps by @​sfc-gh-bnisco in streamlit/streamlit#15130
• [fix] Block javascript: and vbscript: URLs in markdown links by @​lukasmasuch in streamlit/streamlit#15161
• Set Max-Age on st.login() cookies to restore 30-day persistence by @​GiovanniPaoloGibilisco in streamlit/streamlit#15194
• [fix] Fix Vega-Lite chart tooltips in dialogs by @​marawanokasha in streamlit/streamlit#15191
• [fix] Help icon for unsafe_allow_html=True in st.markdown by @​sfc-gh-bnisco in streamlit/streamlit#15232
• [fix] Discover script-level .streamlit/config.toml when st.App runs under uvicorn by @​sfc-gh-bnisco in streamlit/streamlit#15218
• [fix] Warn when st.button shortcut is browser-reserved by @​sfc-gh-bnisco in streamlit/streamlit#15217
• fix(auth): migrate provider tokens to joserfc by @​sfc-gh-bnisco in streamlit/streamlit#15178
• Fix browser Back/Forward navigation for pages with Unicode URL paths by @​lukasmasuch in streamlit/streamlit#15281
• [fix] Restore Starlette OAuth PKCE behavior by @​lukasmasuch in streamlit/streamlit#15282
• [fix] Disable Select all in multiselect for >=1000 options by @​lukasmasuch in streamlit/streamlit#15301
• Fix accidental overscrolling in table, dataframe, and data_editor by @​kantuni in streamlit/streamlit#15309

Other Changes

• [chore] Update emojis/material icons by @​github-actions[bot] in streamlit/streamlit#14948
• [chore] Release v1.57.0 by @​github-actions[bot] in streamlit/streamlit#14962
• [fix] Reduce external IP fetch timeout to avoid startup freeze by @​lukasmasuch in streamlit/streamlit#14984
• Adjust widget/icon sizing - Part 1 by @​mayagbarnes in streamlit/streamlit#15056
• [chore] Update emojis/material icons by @​github-actions[bot] in streamlit/streamlit#15134
• Adjust widget/icon sizing - Part 2 by @​mayagbarnes in streamlit/streamlit#15098
• [chore] Update emojis/material icons by @​github-actions[bot] in streamlit/streamlit#15236

New Contributors

• @​simjega made their first contribution in streamlit/streamlit#14927
• @​andriykislitsyn made their first contribution in streamlit/streamlit#15149
• @​GiovanniPaoloGibilisco made their first contribution in streamlit/streamlit#15194
• @​marawanokasha made their first contribution in streamlit/streamlit#15191

Full Changelog: streamlit/streamlit@1.57.0...1.58.0

Commits

• 209ad55 Up version to 1.58.0
• f60c315 [feature] Add streamlit skills CLI command (#15116)
• 8f1a3b5 Fix accidental overscrolling in table, dataframe, and data_editor (#15309)
• 1d00f55 [fix] Disable Select all in multiselect for >=1000 options (#15301)
• 5459f5f [feature] Add API restrictions for parallel fragments (#15251)
• 8f36596 fix(build): fix make all-dev and make protobuf on non-Debian Linux (#15298)
• 163001d [feature][ParallelFragments] Add parallel=True dispatch to @​st.fragment (#15214)
• 08868a8 [fix] Restore Starlette OAuth PKCE behavior (#15282)
• 7165804 Fix browser Back/Forward navigation for pages with Unicode URL paths (#15281)
• 40c3400 [chore] Remove obsolete @​protobufjs/inquire patch (#15296)
• Additional commits viewable in compare view

Updates ruff to 0.15.15

Release notes

Sourced from ruff's releases.

0.15.15

Release Notes

Released on 2026-05-28.

Preview features

• Fix Markdown closing fence handling (#25310)
• [pyflakes] Report duplicate imports in typing.TYPE_CHECKING block (F811) (#22560)

Bug fixes

• [pyflakes] Treat function-scope bare annotations as locals per PEP 526 (F821) (#21540)

Performance

• Avoid redundant TokenValue drops in the lexer (#25300)
• Reduce memory usage by dropping token-excess capacity and improve performance by approximating the initial tokens Vec size (#25354)
• Use ThinVec in AST to shrink Stmt (#25361)

Documentation

• Fix line-length example for --config option (#25389)
• [flake8-comprehensions] Document RecursionError edge case in __len__ (C416) (#25286)
• [mccabe] Improve example (C901) (#25287)
• [pyupgrade] Clarify fix safety docs (UP007, UP045) (#25288)
• [refurb] Document FURB192 exception change for empty sequences (#25317)
• [ruff] Document false negative for user-defined types (RUF013) (#25289)

Formatter

• Fix formatting of lambdas nested within f-strings (#25398)

Server

• Return code action for codeAction/resolve requests that contain no or no valid URL (#25365)

Other changes

• Expand semantic syntax errors for invalid walruses (#25415)

Contributors

• @​chirizxc
• @​ntBre
• @​adityasingh2400
• @​charliermarsh
• @​fallintoplace
• @​martin-schlossarek
• @​MichaReiser

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.15

Released on 2026-05-28.

Preview features

• Fix Markdown closing fence handling (#25310)
• [pyflakes] Report duplicate imports in typing.TYPE_CHECKING block (F811) (#22560)

Bug fixes

• [pyflakes] Treat function-scope bare annotations as locals per PEP 526 (F821) (#21540)

Performance

• Avoid redundant TokenValue drops in the lexer (#25300)
• Reduce memory usage by dropping token-excess capacity and improve performance by approximating the initial tokens Vec size (#25354)
• Use ThinVec in AST to shrink Stmt (#25361)

Documentation

• Fix line-length example for --config option (#25389)
• [flake8-comprehensions] Document RecursionError edge case in __len__ (C416) (#25286)
• [mccabe] Improve example (C901) (#25287)
• [pyupgrade] Clarify fix safety docs (UP007, UP045) (#25288)
• [refurb] Document FURB192 exception change for empty sequences (#25317)
• [ruff] Document false negative for user-defined types (RUF013) (#25289)

Formatter

• Fix formatting of lambdas nested within f-strings (#25398)

Server

• Return code action for codeAction/resolve requests that contain no or no valid URL (#25365)

Other changes

• Expand semantic syntax errors for invalid walruses (#25415)

Contributors

• @​chirizxc
• @​ntBre
• @​adityasingh2400
• @​charliermarsh
• @​fallintoplace
• @​martin-schlossarek
• @​MichaReiser
• @​Ruchir28

... (truncated)

Commits

• db5aa0a Bump 0.15.15 (#25431)
• 366fe21 [ty] Improve diagnostics for syntax errors in forward annotations (#25158)
• e2e1e64 [ty] Remove excess capacity from more Salsa cached collections (#25411)
• 1bd77e1 [ty] Use diagnostic message as tie breaker when sorting (#25424)
• 7e1bc1e Add agent skills for working on ty (#25422)
• 574e107 Expand semantic syntax errors for invalid walruses (#25415)
• 4a7ca06 [ty] Display docs for matching parameter when hovering over the name of an ar...
• 5432709 Refine a few agents instructions (#25423)
• 3cb09eb [ty] Support typing.TypeForm (#25334)
• c8cd59f [ty] Infer class attributes assigned by metaclass initialization (#25342)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions