build(deps): bump the pip group across 1 directory with 7 updates

[dependabot]

Bumps the pip group with 7 updates in the / directory:

Package	From	To
jobify	0.10.1	0.12.1
mypy	1.20.2	2.1.0
ruff	0.15.12	0.15.15
semgrep	1.161.0	1.164.0
zizmor	1.24.1	1.25.2
pytest-asyncio	1.3.0	1.4.0
prek	0.3.11	0.4.3

Updates jobify from 0.10.1 to 0.12.1

Release notes

Sourced from jobify's releases.

v0.12.1 (2026-05-13)

This release is published under the MIT License.

Bug Fixes

• Trigger worflow pypi (909412d)

---

Detailed Changes: v0.12.0...v0.12.1

v0.12.0 (2026-05-13)

This release is published under the MIT License.

Build System

• Add adaptix to test group (8c01776)

• Reorganize dependencies, refactor benchmarks, fix test filename and update font (052808f)

Documentation

• Add Google-style docstrings for public API (c9dfc52)

• Re-design documentation with Zensical modern patterns (144f004)

• Update index.md (1418e24)

• Update README.md (871cfab)

• Update README.md (51a1666)

Features

• Add adaptix support and expand API documentation (7735e4b)

• Add optional support for cbor and orjson serializers (bfbade2)

• Allow custom UUID generator in configuration (8f57868)

• retry: Refactor SmartRetry to align with Airflow behavior (bb337e5)

• serializers: Add cbor support (60edb48)

• serializers: Add msgpack support (82f05fb)

• serializers: Add orjson support (e583032)

... (truncated)

Changelog

Sourced from jobify's changelog.

v0.12.1 (2026-05-13)

Bug Fixes

• Trigger worflow pypi (909412d)

v0.12.0 (2026-05-13)

Build System

• Add adaptix to test group (8c01776)

• Reorganize dependencies, refactor benchmarks, fix test filename and update font (052808f)

Documentation

• Add Google-style docstrings for public API (c9dfc52)

• Re-design documentation with Zensical modern patterns (144f004)

• Update index.md (1418e24)

• Update README.md (871cfab)

• Update README.md (51a1666)

Features

• Add adaptix support and expand API documentation (7735e4b)

• Add optional support for cbor and orjson serializers (bfbade2)

• Allow custom UUID generator in configuration (8f57868)

• retry: Refactor SmartRetry to align with Airflow behavior (bb337e5)

• serializers: Add cbor support

... (truncated)

Commits

• e361b9b chore(release): release v0.12.1 [skip ci]
• a963935 chore(release): release v0.12.0 [skip ci]
• 7735e4b feat: add adaptix support and expand API documentation
• 3a71d08 refactor: enhance serialization core and update CI/CD pipelines
• 1418e24 docs: update index.md
• e35487d chore(deps): update dependencies and configuration
• 144f004 docs: re-design documentation with Zensical modern patterns
• 0d1480c chore(release): release v0.11.0 [skip ci]
• b9d00e3 docs: re-design style
• 3344151 docs: update README.md
• See full diff in compare view

Updates mypy from 1.20.2 to 2.1.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 2.1

We’ve just uploaded mypy 2.1.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

librt.vecs: Fast Growable Array Type for Mypyc

The new librt.vecs module provides an efficient growable array type vec that is optimized for mypyc use. It provides fast, packed arrays with integer and floating point value types, which can be several times faster than list, and tens of times faster than array.array in code compiled using mypyc. It also supports nested vec objects and non-value-type items, such as vec[vec[str]].

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo.

librt.random: Fast Pseudo-Random Number Generation

The new librt.random module provides fast pseudo-random number generation that is optimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib random module in compiled code.

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo (PR 21433).

Mypyc Improvements

• Enable incremental self-compilation (Vaggelis Danias, PR 21369)
• Make compilation order with multiple files consistent (Piotr Sawicki, PR 21419)
• Fix crash on accessing StopAsyncIteration (Piotr Sawicki, PR 21406)
• Fix incremental compilation with separate flag (Vaggelis Danias, PR 21299)

Fixes to Crashes

• Fix crash on partial type with --allow-redefinition and global declaration (Jukka Lehtosalo, PR 21428)
• Fix broken awaitable generator patching (Ivan Levkivskyi, PR 21435)

... (truncated)

Commits

• c1c336d Remove +dev from version
• 74df14b Add changelog for mypy 2.1 (#21464)
• 022d9bc Revert "TypeForm: Enable by default (#21262)"
• 8826288 [mypyc] Document librt.random (#21463)
• 3f4067b Bump librt version to 0.11.0 (#21458)
• 2b1eb58 [mypyc] Enable incremental self-compilation (#21369)
• 8152f4a Respect file config comments for stale modules (#21444)
• 116d60b Fix nondeterminism from nonassociativity of overload joins (#21455)
• 6c4af8e Fix function call message change for small number of args (#21432)
• 4b8fdca [mypyc] Add librt.random module (#21433)
• Additional commits viewable in compare view

Updates ruff from 0.15.12 to 0.15.15

Release notes

Sourced from ruff's releases.

0.15.15

Release Notes

Released on 2026-05-28.

Preview features

• Fix Markdown closing fence handling (#25310)
• [pyflakes] Report duplicate imports in typing.TYPE_CHECKING block (F811) (#22560)

Bug fixes

• [pyflakes] Treat function-scope bare annotations as locals per PEP 526 (F821) (#21540)

Performance

• Avoid redundant TokenValue drops in the lexer (#25300)
• Reduce memory usage by dropping token-excess capacity and improve performance by approximating the initial tokens Vec size (#25354)
• Use ThinVec in AST to shrink Stmt (#25361)

Documentation

• Fix line-length example for --config option (#25389)
• [flake8-comprehensions] Document RecursionError edge case in __len__ (C416) (#25286)
• [mccabe] Improve example (C901) (#25287)
• [pyupgrade] Clarify fix safety docs (UP007, UP045) (#25288)
• [refurb] Document FURB192 exception change for empty sequences (#25317)
• [ruff] Document false negative for user-defined types (RUF013) (#25289)

Formatter

• Fix formatting of lambdas nested within f-strings (#25398)

Server

• Return code action for codeAction/resolve requests that contain no or no valid URL (#25365)

Other changes

• Expand semantic syntax errors for invalid walruses (#25415)

Contributors

• @​chirizxc
• @​ntBre
• @​adityasingh2400
• @​charliermarsh
• @​fallintoplace
• @​martin-schlossarek
• @​MichaReiser

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.15

Released on 2026-05-28.

Preview features

• Fix Markdown closing fence handling (#25310)
• [pyflakes] Report duplicate imports in typing.TYPE_CHECKING block (F811) (#22560)

Bug fixes

• [pyflakes] Treat function-scope bare annotations as locals per PEP 526 (F821) (#21540)

Performance

• Avoid redundant TokenValue drops in the lexer (#25300)
• Reduce memory usage by dropping token-excess capacity and improve performance by approximating the initial tokens Vec size (#25354)
• Use ThinVec in AST to shrink Stmt (#25361)

Documentation

• Fix line-length example for --config option (#25389)
• [flake8-comprehensions] Document RecursionError edge case in __len__ (C416) (#25286)
• [mccabe] Improve example (C901) (#25287)
• [pyupgrade] Clarify fix safety docs (UP007, UP045) (#25288)
• [refurb] Document FURB192 exception change for empty sequences (#25317)
• [ruff] Document false negative for user-defined types (RUF013) (#25289)

Formatter

• Fix formatting of lambdas nested within f-strings (#25398)

Server

• Return code action for codeAction/resolve requests that contain no or no valid URL (#25365)

Other changes

• Expand semantic syntax errors for invalid walruses (#25415)

Contributors

• @​chirizxc
• @​ntBre
• @​adityasingh2400
• @​charliermarsh
• @​fallintoplace
• @​martin-schlossarek
• @​MichaReiser
• @​Ruchir28

... (truncated)

Commits

• db5aa0a Bump 0.15.15 (#25431)
• 366fe21 [ty] Improve diagnostics for syntax errors in forward annotations (#25158)
• e2e1e64 [ty] Remove excess capacity from more Salsa cached collections (#25411)
• 1bd77e1 [ty] Use diagnostic message as tie breaker when sorting (#25424)
• 7e1bc1e Add agent skills for working on ty (#25422)
• 574e107 Expand semantic syntax errors for invalid walruses (#25415)
• 4a7ca06 [ty] Display docs for matching parameter when hovering over the name of an ar...
• 5432709 Refine a few agents instructions (#25423)
• 3cb09eb [ty] Support typing.TypeForm (#25334)
• c8cd59f [ty] Infer class attributes assigned by metaclass initialization (#25342)
• Additional commits viewable in compare view

Updates semgrep from 1.161.0 to 1.164.0

Release notes

Sourced from semgrep's releases.

Release v1.164.0

1.164.0 - 2026-05-26

### Added

• Dart: typed metavariables ($X as T) and metavariable-type, metavariable binding inside string interpolations, and function-definition patterns that match Dart function definitions. (gh-11678)

### Changed

• The default memory limit for Pro interfile scans on Linux now adapts to the container's cgroup memory limit (90% of it) instead of the previous fixed 5 GiB, with an 8 GiB fallback when no cgroup limit is detected. (ENGINE-2568)
• Lower the glibc contraint from >=2.35 to >=2.34, allowing users on distros that ship glibc 2.34 (e.g RHEL 9 & AL2023) to install the semgrep wheel. (gh-11622)

### Fixed

• Baseline diff scans (semgrep ci and --baseline-commit) no longer treat every finding on a file as newly introduced when rule(s) failed during the baseline run.

  Per-rule failures (for example a timeout for a single rule) on baseline analysis now hide only that rule's matches on that file from the "new vs baseline" comparison. Other rules on the same file are still taken in comparison for the "new vs baseline" comparison.

  Per-file, rule-independent failures now hide all findings on that file from the "new vs baseline" comparison. (LANG-515)

• Fixed a yarn.lock parse error on Yarn Berry entries written in YAML explicit-key form. Affected lockfiles previously failed to parse. (SC-3479)

• The (beta) SBT resolver with --allow-local-builds now correctly identifies dependencies as part of the Maven ecosystem. (SC-3522)

• Fix --sarif-output and --sarif causing nosemgrep-suppressed findings to be reported in CLI scan output and to block scans. Suppressed findings are now correctly excluded from terminal text output, the scan-summary count, and the CLI's exit code. (engine-1824)

• Fixed a bug that could cause unreliable target filtering in parallel scans. (gh-6313)

• Dart: improved parser fidelity for Dart 3 grammar features and routed pattern parsing for statements beginning with await, rethrow, and other statement keywords. Eliminates a large class of PartialParsing errors on real-world pub.dev packages. (gh-11678)

### Infra/Release Changes

• pro: macOS: Fixed dynamic library lookup for semgrep-core-proprietary so the binary works when semgrep install-semgrep-pro is invoked, and semgrep is installed via Homebrew. (pro-binary-homebrew)
• Pro: Added optional <case>.named_ast.expect golden files for tests/intrafile/maturity/ fixtures, exercised by Unit_maturity_named_asts. (LANG-287)

Release v1.163.0

1.163.0 - 2026-05-13

### Added

• Updated PHP target parsing to support grammar changes from PHP 8.1-8.5 (LANG-380)

### Changed

• Improved semgrep ci startup time with App-provided rules by avoiding duplicate semgrep-core rule validation during CLI rule loading while preserving config-style failures for invalid rules. (ci-rule-validation-startup)
• Semgrep now validates dependency aware rules only on the core side, improving startup time (validate-skip-dep-aware)
• Rule validation now runs in parallel across cores on large rulesets, reducing scan startup time. (gh-6279)

... (truncated)

Changelog

Sourced from semgrep's changelog.

1.164.0 - 2026-05-26

### Added

• Dart: typed metavariables ($X as T) and metavariable-type, metavariable binding inside string interpolations, and function-definition patterns that match Dart function definitions. (gh-11678)

### Changed

• The default memory limit for Pro interfile scans on Linux now adapts to the container's cgroup memory limit (90% of it) instead of the previous fixed 5 GiB, with an 8 GiB fallback when no cgroup limit is detected. (ENGINE-2568)
• Lower the glibc contraint from >=2.35 to >=2.34, allowing users on distros that ship glibc 2.34 (e.g RHEL 9 & AL2023) to install the semgrep wheel. (gh-11622)

### Fixed

• Baseline diff scans (semgrep ci and --baseline-commit) no longer treat every finding on a file as newly introduced when rule(s) failed during the baseline run.

  Per-rule failures (for example a timeout for a single rule) on baseline analysis now hide only that rule's matches on that file from the "new vs baseline" comparison. Other rules on the same file are still taken in comparison for the "new vs baseline" comparison.

  Per-file, rule-independent failures now hide all findings on that file from the "new vs baseline" comparison. (LANG-515)

• Fixed a yarn.lock parse error on Yarn Berry entries written in YAML explicit-key form. Affected lockfiles previously failed to parse. (SC-3479)

• The (beta) SBT resolver with --allow-local-builds now correctly identifies dependencies as part of the Maven ecosystem. (SC-3522)

• Fix --sarif-output and --sarif causing nosemgrep-suppressed findings to be reported in CLI scan output and to block scans. Suppressed findings are now correctly excluded from terminal text output, the scan-summary count, and the CLI's exit code. (engine-1824)

• Fixed a bug that could cause unreliable target filtering in parallel scans. (gh-6313)

• Dart: improved parser fidelity for Dart 3 grammar features and routed pattern parsing for statements beginning with await, rethrow, and other statement keywords. Eliminates a large class of PartialParsing errors on real-world pub.dev packages. (gh-11678)

### Infra/Release Changes

• pro: macOS: Fixed dynamic library lookup for semgrep-core-proprietary so the binary works when semgrep install-semgrep-pro is invoked, and semgrep is installed via Homebrew. (pro-binary-homebrew)
• Pro: Added optional <case>.named_ast.expect golden files for tests/intrafile/maturity/ fixtures, exercised by Unit_maturity_named_asts. (LANG-287)

1.163.0 - 2026-05-13

### Added

• Updated PHP target parsing to support grammar changes from PHP 8.1-8.5 (LANG-380)

### Changed

• Improved semgrep ci startup time with App-provided rules by avoiding duplicate semgrep-core rule validation during CLI rule loading while preserving config-style failures for invalid rules. (ci-rule-validation-startup)
• Semgrep now validates dependency aware rules only on the core side, improving startup time (validate-skip-dep-aware)
• Rule validation now runs in parallel across cores on large rulesets, reducing scan startup time. (gh-6279)
• Rule parsing now runs in parallel across shards on multi-core machines, reducing scan startup time on large rulesets. (gh-6281)

... (truncated)

Commits

• 887f1f4semgrep/semgrep-proprietary#6402
• 824d43c fix(sca): tag sbt deps ecosystem as Maven, not Pypi (semgrep/semgrep-propriet...
• 38d4c3csemgrep/semgrep-proprietary#6377
• 97e9ad0semgrep/semgrep-proprietary#6395
• 5b8d78asemgrep/semgrep-proprietary#6384
• 528117fsemgrep/semgrep-proprietary#6382
• 9dda7a8semgrep/semgrep-proprietary#6381
• 2d02c08 fix(bump-version): allow .semgrep-version in release branch allowlist (semgre...
• 64b684fsemgrep/semgrep-proprietary#6378
• 447dd74semgrep/semgrep-proprietary#6373
• Additional commits viewable in compare view

Updates zizmor from 1.24.1 to 1.25.2

Release notes

Sourced from zizmor's releases.

v1.25.2

Bug Fixes 🐛🔗

• Fixed a bug where the unpinned-tools audit would incorrectly flag the aquasecurity/trivy-action action as installing an unpinned tool version, rather than aquasecurity/setup-trivy (#2018)

v1.25.1

Bug Fixes 🐛🔗

• Fixed a bug where the cache-poisoning audit would fail to consider release events as exempt from cache usage findings when filtered by a tag condition (#2004)

• Fixed a typo when suggesting --fix flags for findings (#2010)

  Many thanks to @​0xdea for implementing this fix!

• Fixed a typo in unpinned-tools annotations (#2008)

  Many thanks to @​martincostello for implementing this fix!

• Fixed a bug where the github-app audit would incorrectly flag some safe uses of actions/create-github-app-token as unsafe (#2011)

v1.25.0

New Features 🌈🔗

• zizmor's finding severities can now be remapped on a per-audit basis. See the configuration for details (#1913)

  Many thanks to @​Proximyst for proposing and implementing this improvement!

• New audit: github-app detects dangerous usages of GitHub App installation tokens (#1926)

• New audit: [unpinned-tools] detects actions that install tools without pinning to a specific version (#1820)

• zizmor now accepts the --no-ignores flag to disable all ignore comments and configurations when reporting findings (#1935)

• zizmor's LSP now honors the --persona flag on the CLI (#1943)

• zizmor is now aware of Docker-based action definitions, in addition to the pre-existing support for "composite" actions (#1965)

Enhancements🔗

• Recommend gh issue edit --add-label / gh pr edit --add-label as a replacement for actions-ecosystem/action-add-labels in superfluous-actions

• Recommend gh issue edit --remove-label / gh pr edit --remove-label as a replacement for actions-ecosystem/action-remove-labels in superfluous-actions

• Recommend jq as a replacement for sergeysova/jq-action in superfluous-actions

• Recommend git add, git commit, and git push as a replacement for stefanzweifel/git-auto-commit-action in superfluous-actions

• Recommend git add, git commit, and git push as a replacement for EndBug/add-and-commit in superfluous-actions

• tibdex/github-app-token is now recognized as an archived action by archived-uses (#1910)

... (truncated)

Changelog

Sourced from zizmor's changelog.

1.25.2

Bug Fixes 🐛

• Fixed a bug where the [unpinned-tools] audit would incorrectly flag the @​aquasecurity/trivy-action action as installing an unpinned tool version, rather than @​aquasecurity/setup-trivy (#2018)

1.25.1

Bug Fixes 🐛

• Fixed a bug where the [cache-poisoning] audit would fail to consider release events as exempt from cache usage findings when filtered by a tag condition (#2004)

• Fixed a typo when suggesting --fix flags for findings (#2010)

  Many thanks to @​0xdea for implementing this fix!

• Fixed a typo in [unpinned-tools] annotations (#2008)

  Many thanks to @​martincostello for implementing this fix!

• Fixed a bug where the [github-app] audit would incorrectly flag some safe uses of @​actions/create-github-app-token as unsafe (#2011)

1.25.0

New Features 🌈

• zizmor's finding severities can now be remapped on a per-audit basis. See the configuration for details (#1913)

  Many thanks to @​Proximyst for proposing and implementing this improvement!

• New audit: [github-app] detects dangerous usages of GitHub App installation tokens (#1926)

• New audit: [unpinned-tools] detects actions that install tools without pinning to a specific version (#1820)

• zizmor now accepts the --no-ignores flag to disable all ignore comments and configurations when reporting findings (#1935)

• zizmor's LSP now honors the --persona flag on the CLI (#1943)

• zizmor is now aware of Docker-based action definitions, in addition to the pre-existing support for "composite" actions (#1965)

... (truncated)

Commits

• b50d8f6 zizmor 1.25.2 (#2022)
• e8c9648 Bump rustls-webpki to 0.103.13 (#2021)
• 9e19bde Bump aws-lc crates (#2020)
• 49cb189 Bump rand to 0.9.4 (#2019)
• bfdb649 unpinned-tools: fix trivy action being detected (#2018)
• 9300d3b ww/release (#2016)
• 331917a chore: drop serde_yaml rename (#2015)
• 506f085 github-app: test repositories, not repository (#2011)
• 53dea37 unpinned-tools, docs: fix typos (#2008)
• 8068e11 fix: replace --fix=unsafe with --fix=unsafe-only in suggestion (#2010)
• Additional commits viewable in compare view

Updates pytest-asyncio from 1.3.0 to 1.4.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio v1.4.0

1.4.0 - 2026-05-26

Deprecated

• Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

• Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

  The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged.

  Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

• Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
• Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)
• Updated minimum supported pytest version to v8.4.0. (#1397)

Fixed

• Fixed a ResourceWarning: unclosed event loop warning that could occur when a synchronous test called asyncio.run() or otherwise unset the current event loop after pytest-asyncio had run an async test or fixture. (#724)

Notes for Downstream Packagers

• Added dependency on sphinx-tabs >= 3.5 to organize documentation examples into tabs. (#1395)

pytest-asyncio v1.4.0a2

1.4.0a2 - 2026-05-02

Deprecated

• Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

• Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

  The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged on pytest 8.4+.

  Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

• Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
• Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)

... (truncated)

Commits

• 6e14cd2 chore: Prepare release of v1.4.0.
• 4b900fb Build(deps): Bump codecov/codecov-action from 6.0.0 to 6.0.1
• ab9f632 Build(deps): Bump zipp from 3.23.1 to 4.1.0
• a56fc77 Build(deps): Bump hypothesis from 6.152.6 to 6.152.8
• e8bae9b Build(deps): Bump requests from 2.34.0 to 2.34.2
• fc43340 Build(deps): Bump idna from 3.14 to 3.15
• 762eaf5 Build(deps): Bump jaraco-functools from 4.4.0 to 4.5.0
• b62e222 Build(deps): Bump click from 8.3.3 to 8.4.0
• 9190447 Build(deps): Bump pydantic from 2.13.3 to 2.13.4
• 82a393c ci: Remove unnecessary debug output.
• Additional commits viewable in compare view

Updates prek from 0.3.11 to 0.4.3

Release notes

Sourced from prek's releases.

0.4.3

Release Notes

Released on 2026-05-27.

Bug fixes

• Ignore stat-only hook rewrites (#2131)

Sponsorship

If prek saves time for you or your team, please consider sponsoring the project on GitHub Sponsors. It helps keep new features, performance work, and maintenance moving.

Contributors

• @​stevbev

Install prek 0.4.3

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/j178/prek/releases/download/v0.4.3/prek-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/j178/prek/releases/download/v0.4.3/prek-installer.ps1 | iex"

Install prebuilt binaries via Homebrew

brew install prek

Download prek 0.4.3

File	Platform	Checksum
prek-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
prek-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
prek-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
prek-i686-pc-windows-msvc.zip	x86 Windows	checksum
prek-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
prek-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
prek-i686-unknown-linux-gnu.tar.gz	x86 Linux	checksum

... (truncated)

Changelog

Sourced from prek's changelog.

0.4.3

Released on 2026-05-27.

Bug fixes

• Ignore stat-only hook rewrites (#2131)

Sponsorship

If prek saves time for you or your team, please consider sponsoring the project on GitHub Sponsors. It helps keep new features, performance work, and maintenance moving.

Contributors

• @​stevbev

0.4.2

Released on 2026-05-26.

Highlights

0.4.2 is mainly about making prek run faster in large repos.

prek now does less git diff work. After hooks run, prek uses diff checks to detect files changed by hooks. If a hook modifies files, prek marks that hook as failed. That is important, but full diff snapshots can be slow in big repos, especially when they happen after every hook group.

We skip the expensive diff path in two common cases: built-in hooks that prek knows are read-only, and clean worktrees where a cheap dirty check is enough unless a hook actually changes files. In the right large-repo workload, skipping that work can make runs up to 10x faster.

Workspace mode is faster too. Hooks have historically been too serial. Priority-based concurrency helped, but it required users to choose good priority values. Now sibling projects at the same workspace depth run in parallel automatically. Their files do not overlap, so this is safe and needs no extra config. For multi-project workspaces, this can dramatically reduce total hook time.

Sponsorship

If prek saves time for you or your team, please consider sponsoring the project on GitHub Sponsors. It helps keep new features, performance work, and maintenance moving.

Enhancements

... (truncated)

Commits

• 02bb73f Bump version to 0.4.3 (#2132)
• 0f64ff9 Ignore stat-only hook rewrites (#2131)
• de77cc9 Bump version to 0.4.2 (#2126)
• c54be46 Simplify hook progress folding (#2125)
• e908f82 Add link to comprehensive list of open-source projects using prek (#938)
• 7cd6ba4 Run same-depth projects concurrently (#2110)
• bbb3810 Lock file maintenance (#2123)
• 7d5282c Update Rust crate quick-xml to 0.40 (#2121)
• 97130ea Update dependency uv to v0.11.14 (#2118)
• 480f4bf Update pre-commit hook crate-ci/typos to v1.46.2 (#2120)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.