Skip to content

chore(deps): update all dependencies#424

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all
Open

chore(deps): update all dependencies#424
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Apr 1, 2026
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Type Update Change Pending Age Confidence
actions/upload-artifact (changelog) action digest bbbca2d043fb46
ansible-core dependency-groups minor 2.20.52.21.0 age confidence
ansible/actions repository patch v1.1.0v1.1.2 age confidence
ansible/actions (changelog) action digest 9048781136dbb4
ansible/actions (changelog) action digest 96828a1b2b0657
ansible/team-devtools (changelog) action digest a7f2500e14a430
astral-sh/setup-uv action major v7v8.1.0 age confidence
astral-sh/uv-pre-commit repository patch 0.11.20.11.17 age confidence
biomejs/pre-commit repository patch v2.4.9v2.4.16 age confidence
codecov/codecov-action (changelog) action digest 57e3a13e79a696
coverage dependency-groups minor 7.13.57.14.1 age confidence
gitpython project.dependencies patch 3.1.473.1.50 age confidence
mypy (changelog) dependency-groups major 1.20.22.1.0 age confidence
pip (changelog) dependency-groups patch 26.126.1.1 26.1.2 age confidence
pip (changelog) project.dependencies patch 26.126.1.1 26.1.2 age confidence
pipdeptree (changelog) dependency-groups patch 2.35.12.35.3 age confidence
pipx (changelog) dependency-groups minor 1.11.11.13.0 age confidence
prek (source, changelog) dependency-groups minor 0.3.100.4.3 age confidence
release-drafter/release-drafter (changelog) action digest 139054a693d20e
ruff (source, changelog) dependency-groups patch 0.15.120.15.15 age confidence
softprops/action-gh-release action major v2v3 age confidence
tombi dependency-groups major 0.9.241.1.1 age confidence
tox (changelog) dependency-groups minor 4.53.04.55.0 age confidence
typer (changelog) project.dependencies minor 0.25.00.26.3 0.26.4 age confidence
uv (source, changelog) project.dependencies patch 0.11.70.11.17 age confidence
zensical (changelog) dependency-groups patch 0.0.360.0.43 age confidence

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

Release Notes

ansible/actions (ansible/actions)

v1.1.2

Compare Source

Fixes

Maintenance

v1.1.1

Compare Source

Fixes

Maintenance

astral-sh/setup-uv (astral-sh/setup-uv)

v8.1.0: 🌈 New input no-project

Compare Source

Changes

This add the a new boolean input no-project.
It only makes sense to use in combination with activate-environment: true and will append --no project to the uv venv call. This is for example useful if you have a pyproject.toml file with parts unparseable by uv

🚀 Enhancements

🧰 Maintenance

📚 Documentation

⬆️ Dependency updates

v8.0.0: 🌈 Immutable releases and secure tags

Compare Source

This is the first immutable release of setup-uv 🥳

All future releases are also immutable, if you want to know more about what this means checkout the docs.

This release also has two breaking changes

New format for manifest-file

The previously deprecated way of defining a custom version manifest to control which uv versions are available and where to download them from got removed. The functionality is still there but you have to use the new format.

No more major and minor tags

To increase security even more we will stop publishing minor tags. You won't be able to use @v8 or @v8.0 any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to tj-actions.

[!TIP]
Use the immutable tag as a version astral-sh/[email protected]
Or even better the githash astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57

🚨 Breaking changes
🧰 Maintenance
astral-sh/uv-pre-commit (astral-sh/uv-pre-commit)

v0.11.17

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.17

v0.11.16

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.16

v0.11.15

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.15

v0.11.14

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.14

v0.11.13

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.13

v0.11.12

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.12

v0.11.11

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.11

v0.11.10

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.10

v0.11.9

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.9

v0.11.8

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.8

v0.11.7

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.7

v0.11.6

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.6

v0.11.5

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.5

v0.11.4

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.4

v0.11.3

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.3

biomejs/pre-commit (biomejs/pre-commit)

v2.4.16

Compare Source

v2.4.15

Compare Source

v2.4.14

Compare Source

v2.4.13

Compare Source

v2.4.12

Compare Source

v2.4.11

Compare Source

v2.4.10

Compare Source

coveragepy/coveragepy (coverage)

v7.14.1

Compare Source

  • Fix: the HTML report used typographic niceties to make file paths more
    readable by adding a small amount of space around slashes. Those spaces
    interfered with searching the page for file paths of interest. Now the report
    uses CSS to accomplish the same visual tweak so that searches with slashes
    work correctly. Closes issue 2170_.

  • Add a 3.16 PyPI classifier <hugo-316_>_ since we test on the 3.16 main
    branch.

.. _issue 2170: #​2170
.. _hugo-316: https://mastodon.social/@​hugovk/116588523571204490

.. _changes_7-14-0:

v7.14.0

Compare Source

  • Feature: now when running one of the reporting commands, if there are
    parallel data files that need combining, they will be implicitly combined
    before creating the report. There is no option to avoid the combination; let
    us know if you have a use case that requires it. Thanks, Tim Hatch <pull 2162_>. Closes issue 1781.

  • Fix: the output from combine was too verbose, listing each file
    considered. Now it shows a single line with the counts of files combined,
    files skipped, and files with errors. The -q flag suppresses this line.
    The old detailed lines are available with the new --debug=combine option.

  • Fix: running a Python file through a symlink now sets the sys.path correctly,
    matching regular Python behavior. Fixes issue 2157_.

  • Fix: Collector.flush_data could fail with "RuntimeError: Set changed
    size during iteration" when a tracer in another thread added a line to the
    per-file set that add_lines (or add_arcs) was iterating. The values
    passed to CoverageData are now snapshotted via dict.copy() and
    set.copy(), which are atomic under the GIL. Thanks, Alex Vandiver <pull 2165_>_.

  • Fix: the soft keyword lazy is now bolded in HTML reports.

  • We are no longer testing eventlet support. Eventlet started issuing stern
    deprecation warnings that break our tests. Our support code is still there.

.. _issue 1781: #​1781
.. _issue 2157: #​2157
.. _pull 2162: #​2162
.. _pull 2165: #​2165

.. _changes_7-13-5:

gitpython-developers/GitPython (gitpython)

v3.1.50

Compare Source

What's Changed

New Contributors

Full Changelog: gitpython-developers/GitPython@3.1.49...3.1.50

v3.1.49: - Security

Compare Source

What's Changed

Full Changelog: gitpython-developers/GitPython@3.1.48...3.1.49

v3.1.48: - Security

Compare Source

Accidentally deleted the previous GH release, it did mention the advisory this fixes.

What's Changed

Full Changelog: gitpython-developers/GitPython@3.1.47...3.1.48

python/mypy (mypy)

v2.1.0

Compare Source

v2.0.0

Compare Source

pypa/pip (pip)

v26.1.1

Compare Source

tox-dev/pipdeptree (pipdeptree)

v2.35.3

Compare Source

What's Changed

Full Changelog: tox-dev/pipdeptree@2.35.2...2.35.3

v2.35.2

Compare Source

What's Changed

Full Changelog: tox-dev/pipdeptree@2.35.1...2.35.2

pypa/pipx (pipx)

v1.13.0

Compare Source

What's Changed

New Contributors

Full Changelog: pypa/pipx@1.12.0...1.13.0

v1.12.0

Compare Source

What's Changed

Full Changelog: pypa/pipx@1.11.2...1.12.0

v1.11.2

Compare Source

What's Changed

New Contributors

Full Changelog: pypa/pipx@1.11.1...1.11.2

j178/prek (prek)

v0.4.3

Compare Source

Released on 2026-05-27.

Bug fixes
  • Ignore stat-only hook rewrites (#​2131)
Sponsorship

If prek saves time for you or your team, please consider sponsoring the
project on GitHub Sponsors. It helps keep
new features, performance work, and maintenance moving.

Contributors

v0.4.2

Compare Source

Released on 2026-05-26.

Highlights

0.4.2 is mainly about making prek run faster in large repos.

prek now does less git diff work. After hooks run, prek uses diff checks
to detect files changed by hooks. If a hook modifies files, prek marks that hook
as failed. That is important, but full diff snapshots can be slow in big repos,
especially when they happen after every hook group.

We skip the expensive diff path in two common cases: built-in hooks that prek
knows are read-only, and clean worktrees where a cheap dirty check is enough
unless a hook actually changes files. In the right large-repo workload,
skipping that work can make runs up to 10x faster.

Workspace mode is faster too. Hooks have historically been too serial.
Priority-based concurrency helped, but it required users to choose good
priority values. Now sibling projects at the same workspace depth run in
parallel automatically. Their files do not overlap, so this is safe and needs
no extra config. For multi-project workspaces, this can dramatically reduce
total hook time.

Sponsorship

If prek saves time for you or your team, please consider sponsoring the
project on GitHub Sponsors. It helps keep
new features, performance work, and maintenance moving.

Enhancements
  • Run same-depth projects concurrently (#​2110)
  • Make rustup install profile configurable (#​2111)
  • Simplify hook progress folding (#​2125)
Performance
  • Optimize diff checks for clean worktrees (#​2109)
  • Skip diff checks for read-only hooks (#​2108)
Contributors

v0.4.1

Compare Source

Released on 2026-05-20.

Enhancements
  • Fix pre-push range after rebase (#​2089)
  • Prefer extensions over loose filename tags (#​2092)
  • Skip installs for hooks that will not run (#​2103)
Performance
  • Optimize meta hook file scans (#​2106)
  • Reduce run filtering allocations (#​2090)
Contributors

v0.4.0

Compare Source

Released on 2026-05-14.

Breaking changes

These are narrow cleanup breaks in behavior that was either temporary or never worked correctly. Most users should not need to change anything.

  • Generated hook scripts no longer preserve -q, -v, or --no-progress passed to prek install. This only affects users who expected those global flags to be baked into installed hooks. (#​1966)
  • language_version no longer accepts direct executable paths. Use language_version: system for a system toolchain, or use a supported version request instead. This path form did not work reliably before, so existing working configs should be unaffected. (#​1831)
Enhancements
  • Expand tilde in --config, --cd, --log-file and --git-dir (#​2063)
  • Prevent auto-update cooldown downgrades (#​2055)
  • Use managed npm cache for node hooks (#​2075)
Bug fixes
  • Fix npm config env overrides for node hooks (#​2074)
Documentation
  • Add cookbook page for enabling Git 2.54 config-based global hooks (#​2061)
Contributors

v0.3.13

Compare Source

Released on 2026-05-06.

Bug fixes
  • Respect hook filters for message files (#​2049)
Documentation
  • Add Godot Engine to users in README (#​2047)
Contributors

v0.3.12

Compare Source

Released on 2026-05-05.

Highlights

auto_update.cooldown_days is now available in both the user-level global
config (~/.config/prek/prek.toml on Linux and macOS, or
$XDG_CONFIG_HOME/prek/prek.toml when set; %APPDATA%\prek\prek.toml on
Windows) and project config. Set a user default for prek auto-update, then
override it per project when a repository needs a different update cadence.

[auto_update]
cooldown_days = 7
Enhancements
  • Add global auto-update cooldown config (#​2041)
  • Add project auto-update cooldown config (#​2044)
  • Support language: dart (#​1146)
Bug fixes
  • Pass commit message file to workspace hooks (#​2043)
  • Preserve non-UTF8 filenames from git (#​2023)
  • ruby: put resolved Ruby's bin dir on $PATH for gem invocations (#​2021)
Documentation
  • Update docs with the new logo and icon (#​2025)
  • Point schema docs to SchemaStore (#​2039)
Contributors

v0.3.11

Compare Source

Released on 2026-04-27.

Highlights

Hook entries now have an explicit shell option for shell snippets. Set
shell: sh, bash, pwsh, powershell, or cmd when an entry should be
evaluated by that shell; leaving it unset keeps prek's direct argv execution.

prek auto-update can now filter tag candidates before choosing an update.
Both options take glob patterns: use --include-tag to only consider matching
tag names, and --exclude-tag to skip matching tags such as moving tags or
prereleases.

Enhancements
  • Add auto-update --exclude-repo <repo> to skip repos (#​1983)
  • Add auto-update --exit-code to exit with non-zero on updates (#​2002)
  • Add auto-update --include-tag <pattern>/--exclude-tag <pattern> to filter tags (#​1984)
  • Adds an explicit shell hook option for entries that should run as shell source (#​2004)
  • Make --hook-dir optional for hook-impl (#​1989)
  • Skip shim warning when --script-version is missing (#​1990)
Bug fixes
  • Install Ruby executable in gem bin (#​2017)
  • Use dedicated Android npm package (#​1982)
  • Use stable repo keys without breaking cached clones (#​1995)
Documentation
  • Explain prek name (#​1980)
  • Clarify pass_filenames concurrency docs (#​1999)
  • Reorganize documentation references (#​2005)
  • Clarify hook author manifest env docs (#​1991)
  • docs: add Sentry to users list (#​1981)
Contributors
astral-sh/ruff (ruff)

v0.15.15

Compare Source

Released on 2026-05-28.

Preview features
  • Fix Markdown closing fence handling (#​25310)
  • [pyflakes] Report duplicate imports in typing.TYPE_CHECKING block (F811) (#​22560)
Bug fixes
  • [pyflakes] Treat function-scope bare annotations as locals per PEP 526 (F821) (#​21540)
Performance
  • Avoid redundant TokenValue drops in the lexer (#​25300)
  • Reduce memory usage by dropping token-excess capacity and improve performance by approximating the initial tokens Vec size (#​25354)
  • Use ThinVec in AST to shrink Stmt (#​25361)
Documentation
  • Fix line-length example for --config option (#​25389)
  • [flake8-comprehensions] Document RecursionError edge case in __len__ (C416) (#​25286)
  • [mccabe] Improve example (C901) (#​25287)
  • [pyupgrade] Clarify fix safety docs (UP007, UP045) (#​25288)
  • [refurb] Document FURB192 exception change for empty sequences (#​25317)
  • [ruff] Document false negative for user-defined types (RUF013) (#​25289)
Formatter
  • Fix formatting of lambdas nested within f-strings (#​25398)
Server
  • Return code action for codeAction/resolve requests that contain no or no valid URL (#​25365)
Other changes
  • Expand semantic syntax errors for invalid walruses (#​25415)
Contributors

v0.15.14

Compare Source

Released on 2026-05-21.

Preview features
  • [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#​25152)
  • [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#​25086)
  • [pylint] Implement too-many-try-statements (W0717) (#​23970)
  • [ruff] Add incorrect-decorator-order (RUF074) (#​23461)
  • [ruff] Add fallible-context-manager (RUF075) (#​22844)
Bug fixes
  • Fix lambda formatting in interpolated string expressions (#​25144)
  • Treat generic frozenset annotations as immutable (#​25251)
  • [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#​25035)
  • [pylint] Avoid false positives in else clause (PLR1733) (#​25177)
Rule changes
  • [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#​25272)
  • [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#​25061)
Performance
  • Avoid unnecessary parser lookahead for operators (#​25290)
Documentation
  • Update code example setting Neovim LSP log level (#​25284)
Other changes
Contributors

v0.15.13

Compare Source

Released on 2026-05-14.

Preview features
  • Add a rule to flag lazy imports that are eagerly evaluated (#​25016)
  • [pylint] Standardize diagnostic message (PLR0914, PLR0917) (#​24996)
Bug fixes
  • Fix F811 false positive for class methods (#​24933)
  • Fix setting selection for multi-folder workspace (#​24819)
  • [eradicate] Fix false positive for lines with leading whitespace (ERA001) (#​25122)
  • [flake8-pyi] Fix false positive for f-string debug specifier (PYI016) (#​24098)
Rule changes
  • Always include panic payload in panic diagnostic message (#​24873)
  • Restrict PYI034 for in-place operations to enclosing class (#​24511)
  • Improve error message for parameters that are declared global (#​24902)
  • Update known stdlib (#​25103)
Performance
  • [isort] Avoid constructing glob::Patterns for literal known modules (#​25123)
CLI
  • Add TOML examples to --config help text (#​25013)
  • Colorize ruff check 'All checks passed' (#​25085)
Configuration
  • Increase max allowed value of line-length setting (#​24962)
Documentation
  • Add D203 to rules that conflict with the formatter (#​25044)
  • Clarify COM819 and formatter interaction (#​25045)
  • Clarify that NotImplemented is a value, not an exception (F901) (#​25054)
  • Update number of lint rules supported (#​24942)
Other changes
  • Simplify the playground's markdown template (#​24924)
Contributors
s

Note

PR body was truncated to here.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added chore dependencies Pull requests that update a dependency file labels Apr 1, 2026
@renovate renovate Bot requested a review from ssbarnea as a code owner April 1, 2026 13:58
github-actions[bot]
github-actions Bot approved these changes Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto approved automated PR

@renovate renovate Bot force-pushed the renovate/all branch 14 times, most recently from d82a832 to 5a24a90 Compare April 8, 2026 18:15
@renovate renovate Bot force-pushed the renovate/all branch 11 times, most recently from bcade1b to 158c7ba Compare April 12, 2026 04:44
@renovate renovate Bot force-pushed the renovate/all branch 11 times, most recently from ec16545 to 62910ee Compare April 24, 2026 19:46
@renovate renovate Bot force-pushed the renovate/all branch 6 times, most recently from f04be62 to c396e5d Compare April 29, 2026 16:04
@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented Apr 29, 2026
edited
Loading

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: packages/mk-pre/pyproject.toml
Artifact update for typer resolved to version 0.26.4, which is a pending version that has not yet passed the Minimum Release Age threshold.
Renovate was attempting to update to 0.26.3
This is (likely) not a bug in Renovate, but due to the way your project pins dependencies, _and_ how Renovate calls your package manager to update them.
Until Renovate supports specifying an exact update to your package manager (https://github.com/renovatebot/renovate/issues/41624), it is recommended to directly pin your dependencies (with `rangeStrategy=pin` for apps, or `rangeStrategy=widen` for libraries)
See also: https://docs.renovatebot.com/dependency-pinning/
File name: pyproject.toml
Artifact update for pip resolved to version 26.1.2, which is a pending version that has not yet passed the Minimum Release Age threshold.
Renovate was attempting to update to 26.1.1
This is (likely) not a bug in Renovate, but due to the way your project pins dependencies, _and_ how Renovate calls your package manager to update them.
Until Renovate supports specifying an exact update to your package manager (https://github.com/renovatebot/renovate/issues/41624), it is recommended to directly pin your dependencies (with `rangeStrategy=pin` for apps, or `rangeStrategy=widen` for libraries)
See also: https://docs.renovatebot.com/dependency-pinning/
File name: pyproject.toml
Artifact update for typer resolved to version 0.26.4, which is a pending version that has not yet passed the Minimum Release Age threshold.
Renovate was attempting to update to 0.26.3
This is (likely) not a bug in Renovate, but due to the way your project pins dependencies, _and_ how Renovate calls your package manager to update them.
Until Renovate supports specifying an exact update to your package manager (https://github.com/renovatebot/renovate/issues/41624), it is recommended to directly pin your dependencies (with `rangeStrategy=pin` for apps, or `rangeStrategy=widen` for libraries)
See also: https://docs.renovatebot.com/dependency-pinning/
File name: pyproject.toml
Artifact update for pip resolved to version 26.1.2, which is a pending version that has not yet passed the Minimum Release Age threshold.
Renovate was attempting to update to 26.1.1
This is (likely) not a bug in Renovate, but due to the way your project pins dependencies, _and_ how Renovate calls your package manager to update them.
Until Renovate supports specifying an exact update to your package manager (https://github.com/renovatebot/renovate/issues/41624), it is recommended to directly pin your dependencies (with `rangeStrategy=pin` for apps, or `rangeStrategy=widen` for libraries)
See also: https://docs.renovatebot.com/dependency-pinning/

@renovate renovate Bot force-pushed the renovate/all branch 11 times, most recently from 66c520d to fa6b3f8 Compare May 6, 2026 12:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

@ssbarnea ssbarnea Awaiting requested review from ssbarnea ssbarnea is a code owner

Assignees

No one assigned

Labels

chore dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants