build(deps): bump the pip group across 1 directory with 8 updates

[dependabot]

Bumps the pip group with 8 updates in the / directory:

Package	From	To
jobify	0.10.1	0.13.0
mypy	1.20.2	2.1.0
ruff	0.15.12	0.15.16
semgrep	1.161.0	1.165.0
zizmor	1.24.1	1.25.2
pytest-asyncio	1.3.0	1.4.0
prek	0.3.11	0.4.4
hatchling	1.29.0	1.30.1

Updates jobify from 0.10.1 to 0.13.0

Release notes

Sourced from jobify's releases.

v0.13.0 (2026-06-07)

This release is published under the MIT License.

1. app in Context – Jobify instance now available in OuterContext and JobContext (via INJECT).
2. Idempotent push() – push() supports job_id, replace, and force for deduplication and immediate rescheduling.
3. Shutdown Fix – Storage shutdown now happens before job cancellation, preventing deadlock.
4. fast Extra – fast no longer includes uuid-utils; install separately if needed (see updated fast_setup.py).

Bug Fixes

• shutdown: Reorder sequence to prevent future race in storage (e21d3c3)

Build System

• deps: Bump github-actions group with 4 updates (4ffdc1c)

• deps: Bump the pip group with 13 updates (2162370)

Documentation

• Add idempotency example for push() with replace/force (8f980fb)

• Add Job type hints to examples, minor code cleanups (81688ce)

Features

• Inject Jobify app instance into contexts, configuration, and tasks (3e70f26)

• Make push() idempotent with replace/force flags (e943578)

---

Detailed Changes: v0.12.1...v0.13.0

v0.12.1 (2026-05-13)

This release is published under the MIT License.

Bug Fixes

• Trigger worflow pypi (909412d)

---

Detailed Changes: v0.12.0...v0.12.1

v0.12.0 (2026-05-13)

... (truncated)

Changelog

Sourced from jobify's changelog.

v0.13.0 (2026-06-07)

Bug Fixes

• shutdown: Reorder sequence to prevent future race in storage (e21d3c3)

Build System

• deps: Bump github-actions group with 4 updates (4ffdc1c)

• deps: Bump the pip group with 13 updates (2162370)

Documentation

• Add idempotency example for push() with replace/force (8f980fb)

• Add Job type hints to examples, minor code cleanups (81688ce)

Features

• Inject Jobify app instance into contexts, configuration, and tasks (3e70f26)

• Make push() idempotent with replace/force flags (e943578)

v0.12.1 (2026-05-13)

Bug Fixes

• Trigger worflow pypi (909412d)

v0.12.0 (2026-05-13)

Build System

• Add adaptix to test group (8c01776)

• Reorganize dependencies, refactor benchmarks, fix test filename and update font (052808f)

... (truncated)

Commits

• e22a723 chore(release): release v0.13.0 [skip ci]
• 8f980fb docs: add idempotency example for push() with replace/force
• 81688ce docs: add Job type hints to examples, minor code cleanups
• e361b9b chore(release): release v0.12.1 [skip ci]
• a963935 chore(release): release v0.12.0 [skip ci]
• 7735e4b feat: add adaptix support and expand API documentation
• 3a71d08 refactor: enhance serialization core and update CI/CD pipelines
• 1418e24 docs: update index.md
• e35487d chore(deps): update dependencies and configuration
• 144f004 docs: re-design documentation with Zensical modern patterns
• Additional commits viewable in compare view

Updates mypy from 1.20.2 to 2.1.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 2.1

We’ve just uploaded mypy 2.1.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

librt.vecs: Fast Growable Array Type for Mypyc

The new librt.vecs module provides an efficient growable array type vec that is optimized for mypyc use. It provides fast, packed arrays with integer and floating point value types, which can be several times faster than list, and tens of times faster than array.array in code compiled using mypyc. It also supports nested vec objects and non-value-type items, such as vec[vec[str]].

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo.

librt.random: Fast Pseudo-Random Number Generation

The new librt.random module provides fast pseudo-random number generation that is optimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib random module in compiled code.

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo (PR 21433).

Mypyc Improvements

• Enable incremental self-compilation (Vaggelis Danias, PR 21369)
• Make compilation order with multiple files consistent (Piotr Sawicki, PR 21419)
• Fix crash on accessing StopAsyncIteration (Piotr Sawicki, PR 21406)
• Fix incremental compilation with separate flag (Vaggelis Danias, PR 21299)

Fixes to Crashes

• Fix crash on partial type with --allow-redefinition and global declaration (Jukka Lehtosalo, PR 21428)
• Fix broken awaitable generator patching (Ivan Levkivskyi, PR 21435)

... (truncated)

Commits

• c1c336d Remove +dev from version
• 74df14b Add changelog for mypy 2.1 (#21464)
• 022d9bc Revert "TypeForm: Enable by default (#21262)"
• 8826288 [mypyc] Document librt.random (#21463)
• 3f4067b Bump librt version to 0.11.0 (#21458)
• 2b1eb58 [mypyc] Enable incremental self-compilation (#21369)
• 8152f4a Respect file config comments for stale modules (#21444)
• 116d60b Fix nondeterminism from nonassociativity of overload joins (#21455)
• 6c4af8e Fix function call message change for small number of args (#21432)
• 4b8fdca [mypyc] Add librt.random module (#21433)
• Additional commits viewable in compare view

Updates ruff from 0.15.12 to 0.15.16

Release notes

Sourced from ruff's releases.

0.15.16

Release Notes

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.16

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

0.15.15

... (truncated)

Commits

• 6c498ab Bump 0.15.16 (#25635)
• e51e132 [flake8-async] Implement yield-in-context-manager-in-async-generator (`AS...
• 7c6dcd9 [ty] Add caching for pattern match narrowing (#25613)
• 27058fc [ty] Compact retained definition and expression identities (#25606)
• bf80d05 Fix CODEOWNERS syntax (#25622)
• 10ccd51 Shrink additional parser AST collections (#25465)
• 0d7135f [ty] Upgrade Salsa (#25545)
• 49493a3 [ty] Show type alias value on hover (#25381)
• 85207d3 [ty] sys.implementation.version is not sys.version_info (#25608)
• a8a0614 [ty] Avoid retaining duplicate function signatures (#25609)
• Additional commits viewable in compare view

Updates semgrep from 1.161.0 to 1.165.0

Release notes

Sourced from semgrep's releases.

Release v1.165.0

1.165.0 - 2026-06-03

### Added

• Added --max-match-context-size option to limit the number of characters of source code included as context for each match in the output. This prevents matches in minified files (e.g., minified JavaScript where the entire file is a single line) from producing enormous output Set to 0 for unlimited, which is the default value. (ENGINE-2117)

### Changed

• Replaced --x-no-python-schema-validation with a value-taking --x-rule-validation=full|core-only|none flag. The default (full) preserves existing Python rule validation behavior; core-only matches the old flag's semantics (disables Python rule validation and uses semgrep-core RPC validation only); none skips both pre-validation passes, surfacing rule errors at scan-time. --x-no-python-schema-validation is still accepted as a no-op with a deprecation warning, and will be removed in a future release. (x-rule-validation)
• Python: Updated Python grammar (LANG-201)

### Fixed

• Added bit shift operations to metavar comparison in addition to already present standard arithmetic operators and logical bit ops. (ENGINE-2448)
• Reduce intermittent validation_error results on HTTP secret validators (Facebook, Slack, Stripe, Google, Cloudflare, etc.) by retrying transient network failures, mirroring the retry behavior already present for AWS validators. (SCRT-965)

Release v1.164.0

1.164.0 - 2026-05-26

### Added

• Dart: typed metavariables ($X as T) and metavariable-type, metavariable binding inside string interpolations, and function-definition patterns that match Dart function definitions. (gh-11678)

### Changed

• The default memory limit for Pro interfile scans on Linux now adapts to the container's cgroup memory limit (90% of it) instead of the previous fixed 5 GiB, with an 8 GiB fallback when no cgroup limit is detected. (ENGINE-2568)
• Lower the glibc contraint from >=2.35 to >=2.34, allowing users on distros that ship glibc 2.34 (e.g RHEL 9 & AL2023) to install the semgrep wheel. (gh-11622)

### Fixed

• Baseline diff scans (semgrep ci and --baseline-commit) no longer treat every finding on a file as newly introduced when rule(s) failed during the baseline run.

  Per-rule failures (for example a timeout for a single rule) on baseline analysis now hide only that rule's matches on that file from the "new vs baseline" comparison. Other rules on the same file are still taken in comparison for the "new vs baseline" comparison.

  Per-file, rule-independent failures now hide all findings on that file from the "new vs baseline" comparison. (LANG-515)

• Fixed a yarn.lock parse error on Yarn Berry entries written in YAML explicit-key form. Affected lockfiles previously failed to parse. (SC-3479)

• The (beta) SBT resolver with --allow-local-builds now correctly identifies dependencies as part of the Maven ecosystem. (SC-3522)

• Fix --sarif-output and --sarif causing nosemgrep-suppressed findings to be reported in CLI scan output and to block scans. Suppressed findings are now correctly excluded from terminal text output, the scan-summary count, and the CLI's exit code. (engine-1824)

• Fixed a bug that could cause unreliable target filtering in parallel scans. (gh-6313)

• Dart: improved parser fidelity for Dart 3 grammar features and routed pattern parsing for statements beginning with await, rethrow, and other statement keywords. Eliminates a large class of PartialParsing errors on real-world pub.dev packages. (gh-11678)

... (truncated)

Changelog

Sourced from semgrep's changelog.

1.165.0 - 2026-06-03

### Added

• Added --max-match-context-size option to limit the number of characters of source code included as context for each match in the output. This prevents matches in minified files (e.g., minified JavaScript where the entire file is a single line) from producing enormous output Set to 0 for unlimited, which is the default value. (ENGINE-2117)

### Changed

• Replaced --x-no-python-schema-validation with a value-taking --x-rule-validation=full|core-only|none flag. The default (full) preserves existing Python rule validation behavior; core-only matches the old flag's semantics (disables Python rule validation and uses semgrep-core RPC validation only); none skips both pre-validation passes, surfacing rule errors at scan-time. --x-no-python-schema-validation is still accepted as a no-op with a deprecation warning, and will be removed in a future release. (x-rule-validation)
• Python: Updated Python grammar (LANG-201)

### Fixed

• Added bit shift operations to metavar comparison in addition to already present standard arithmetic operators and logical bit ops. (ENGINE-2448)
• Reduce intermittent validation_error results on HTTP secret validators (Facebook, Slack, Stripe, Google, Cloudflare, etc.) by retrying transient network failures, mirroring the retry behavior already present for AWS validators. (SCRT-965)

1.164.0 - 2026-05-26

### Added

• Dart: typed metavariables ($X as T) and metavariable-type, metavariable binding inside string interpolations, and function-definition patterns that match Dart function definitions. (gh-11678)

### Changed

• The default memory limit for Pro interfile scans on Linux now adapts to the container's cgroup memory limit (90% of it) instead of the previous fixed 5 GiB, with an 8 GiB fallback when no cgroup limit is detected. (ENGINE-2568)
• Lower the glibc contraint from >=2.35 to >=2.34, allowing users on distros that ship glibc 2.34 (e.g RHEL 9 & AL2023) to install the semgrep wheel. (gh-11622)

### Fixed

• Baseline diff scans (semgrep ci and --baseline-commit) no longer treat every finding on a file as newly introduced when rule(s) failed during the baseline run.

  Per-rule failures (for example a timeout for a single rule) on baseline analysis now hide only that rule's matches on that file from the "new vs baseline" comparison. Other rules on the same file are still taken in comparison for the "new vs baseline" comparison.

  Per-file, rule-independent failures now hide all findings on that file from the "new vs baseline" comparison. (LANG-515)

• Fixed a yarn.lock parse error on Yarn Berry entries written in YAML explicit-key form. Affected lockfiles previously failed to parse. (SC-3479)

• The (beta) SBT resolver with --allow-local-builds now correctly identifies dependencies as part of the Maven ecosystem. (SC-3522)

• Fix --sarif-output and --sarif causing nosemgrep-suppressed findings to be reported in CLI scan output and to block scans. Suppressed findings are now correctly excluded from terminal text output, the scan-summary count, and the CLI's exit code. (engine-1824)

• Fixed a bug that could cause unreliable target filtering in parallel scans. (gh-6313)

• Dart: improved parser fidelity for Dart 3 grammar features and routed pattern parsing for statements beginning with await, rethrow, and other statement keywords. Eliminates a large class of PartialParsing errors on real-world pub.dev packages. (gh-11678)

### Infra/Release Changes

... (truncated)

Commits

• 4cc850asemgrep/semgrep-proprietary#6463
• 9132c87 feat: pin ocaml/opamsemgrep/semgrep-proprietary#6461
• 61f12bb fix(secrets): retry HTTP validators on transient network errors (SCRT-965) (s...
• 203c505semgrep/semgrep-proprietary#6437
• b156e46semgrep/semgrep-proprietary#6439
• 5b60fcd chore(python): bump semgrep-python tree-sitter parser (semgrep/semgrep-propri...
• 83198ce feat: added --max-match-context-size option to limit size of context … (semgr...
• 2ea25c9semgrep/semgrep-proprietary#6448
• 15f510esemgrep/semgrep-proprietary#6417
• 9fb576c feat(cli): auto-install semgrep-pro if not found or outdated (semgrep/semgrep...
• Additional commits viewable in compare view

Updates zizmor from 1.24.1 to 1.25.2

Release notes

Sourced from zizmor's releases.

v1.25.2

Bug Fixes 🐛🔗

• Fixed a bug where the unpinned-tools audit would incorrectly flag the aquasecurity/trivy-action action as installing an unpinned tool version, rather than aquasecurity/setup-trivy (#2018)

v1.25.1

Bug Fixes 🐛🔗

• Fixed a bug where the cache-poisoning audit would fail to consider release events as exempt from cache usage findings when filtered by a tag condition (#2004)

• Fixed a typo when suggesting --fix flags for findings (#2010)

  Many thanks to @​0xdea for implementing this fix!

• Fixed a typo in unpinned-tools annotations (#2008)

  Many thanks to @​martincostello for implementing this fix!

• Fixed a bug where the github-app audit would incorrectly flag some safe uses of actions/create-github-app-token as unsafe (#2011)

v1.25.0

New Features 🌈🔗

• zizmor's finding severities can now be remapped on a per-audit basis. See the configuration for details (#1913)

  Many thanks to @​Proximyst for proposing and implementing this improvement!

• New audit: github-app detects dangerous usages of GitHub App installation tokens (#1926)

• New audit: [unpinned-tools] detects actions that install tools without pinning to a specific version (#1820)

• zizmor now accepts the --no-ignores flag to disable all ignore comments and configurations when reporting findings (#1935)

• zizmor's LSP now honors the --persona flag on the CLI (#1943)

• zizmor is now aware of Docker-based action definitions, in addition to the pre-existing support for "composite" actions (#1965)

Enhancements🔗

• Recommend gh issue edit --add-label / gh pr edit --add-label as a replacement for actions-ecosystem/action-add-labels in superfluous-actions

• Recommend gh issue edit --remove-label / gh pr edit --remove-label as a replacement for actions-ecosystem/action-remove-labels in superfluous-actions

• Recommend jq as a replacement for sergeysova/jq-action in superfluous-actions

• Recommend git add, git commit, and git push as a replacement for stefanzweifel/git-auto-commit-action in superfluous-actions

• Recommend git add, git commit, and git push as a replacement for EndBug/add-and-commit in superfluous-actions

• tibdex/github-app-token is now recognized as an archived action by archived-uses (#1910)

... (truncated)

Changelog

Sourced from zizmor's changelog.

1.25.2

Bug Fixes 🐛

• Fixed a bug where the [unpinned-tools] audit would incorrectly flag the @​aquasecurity/trivy-action action as installing an unpinned tool version, rather than @​aquasecurity/setup-trivy (#2018)

1.25.1

Bug Fixes 🐛

• Fixed a bug where the [cache-poisoning] audit would fail to consider release events as exempt from cache usage findings when filtered by a tag condition (#2004)

• Fixed a typo when suggesting --fix flags for findings (#2010)

  Many thanks to @​0xdea for implementing this fix!

• Fixed a typo in [unpinned-tools] annotations (#2008)

  Many thanks to @​martincostello for implementing this fix!

• Fixed a bug where the [github-app] audit would incorrectly flag some safe uses of @​actions/create-github-app-token as unsafe (#2011)

1.25.0

New Features 🌈

• zizmor's finding severities can now be remapped on a per-audit basis. See the configuration for details (#1913)

  Many thanks to @​Proximyst for proposing and implementing this improvement!

• New audit: [github-app] detects dangerous usages of GitHub App installation tokens (#1926)

• New audit: [unpinned-tools] detects actions that install tools without pinning to a specific version (#1820)

• zizmor now accepts the --no-ignores flag to disable all ignore comments and configurations when reporting findings (#1935)

• zizmor's LSP now honors the --persona flag on the CLI (#1943)

• zizmor is now aware of Docker-based action definitions, in addition to the pre-existing support for "composite" actions (#1965)

... (truncated)

Commits

• b50d8f6 zizmor 1.25.2 (#2022)
• e8c9648 Bump rustls-webpki to 0.103.13 (#2021)
• 9e19bde Bump aws-lc crates (#2020)
• 49cb189 Bump rand to 0.9.4 (#2019)
• bfdb649 unpinned-tools: fix trivy action being detected (#2018)
• 9300d3b ww/release (#2016)
• 331917a chore: drop serde_yaml rename (#2015)
• 506f085 github-app: test repositories, not repository (#2011)
• 53dea37 unpinned-tools, docs: fix typos (#2008)
• 8068e11 fix: replace --fix=unsafe with --fix=unsafe-only in suggestion (#2010)
• Additional commits viewable in compare view

Updates pytest-asyncio from 1.3.0 to 1.4.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio v1.4.0

1.4.0 - 2026-05-26

Deprecated

• Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

• Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

  The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged.

  Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

• Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
• Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)
• Updated minimum supported pytest version to v8.4.0. (#1397)

Fixed

• Fixed a ResourceWarning: unclosed event loop warning that could occur when a synchronous test called asyncio.run() or otherwise unset the current event loop after pytest-asyncio had run an async test or fixture. (#724)

Notes for Downstream Packagers

• Added dependency on sphinx-tabs >= 3.5 to organize documentation examples into tabs. (#1395)

pytest-asyncio v1.4.0a2

1.4.0a2 - 2026-05-02

Deprecated

• Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

• Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

  The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged on pytest 8.4+.

  Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

• Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
• Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)

... (truncated)

Commits

• 6e14cd2 chore: Prepare release of v1.4.0.
• 4b900fb Build(deps): Bump codecov/codecov-action from 6.0.0 to 6.0.1
• ab9f632 Build(deps): Bump zipp from 3.23.1 to 4.1.0
• a56fc77 Build(deps): Bump hypothesis from 6.152.6 to 6.152.8
• e8bae9b Build(deps): Bump requests from 2.34.0 to 2.34.2
• fc43340 Build(deps): Bump idna from 3.14 to 3.15
• 762eaf5 Build(deps): Bump jaraco-functools from 4.4.0 to 4.5.0
• b62e222 Build(deps): Bump click from 8.3.3 to 8.4.0
• 9190447 Build(deps): Bump pydantic from 2.13.3 to 2.13.4
• 82a393c ci: Remove unnecessary debug output.
• Additional commits viewable in compare view

Updates prek from 0.3.11 to 0.4.4

Release notes

Sourced from prek's releases.

0.4.4

Release Notes

Released on 2026-06-04.

✨ Highlights

0.4.4 makes prek run easier to watch and easier to slice.

Hook stream output now shows a small live preview under the running hook in the progress UI. Long-running hooks no longer look stuck while they are producing logs, and failed hooks are easier to diagnose because recent output is already visible before the final result.

The new group selector lets a single config support different workflows. Tag hooks with groups, then select or exclude those groups at run time:

repos:
  - repo: local
    hooks:
      - id: format
        name: Format Python
        language: system
        entry: ruff format
        groups: [format, ci]
  - id: lint
    name: Lint Python
    language: system
    entry: ruff check
    groups: [lint, ci]

prek run --all-files --group ci
prek run --all-files --no-group format

This is useful when local development, CI, slow validation, or project-specific checks need different hook sets without splitting the config.

💚 Sponsorship

If prek saves time for you or your team, please consider sponsoring the project on GitHub Sponsors. It helps keep new features, performance work, and maintenance moving.

Enhancements

... (truncated)

Changelog

Sourced from prek's changelog.

0.4.4

Released on 2026-06-04.

Highlights

0.4.4 makes prek run easier to watch and easier to slice.

Hook stream output now shows a small live preview under the running hook in the progress UI. Long-running hooks no longer look stuck while they are producing logs, and failed hooks are easier to diagnose because recent output is already visible before the final result.

The new group selector lets a single config support different workflows. Tag hooks with groups, then select or exclude those groups at run time:

repos:
  - repo: local
    hooks:
      - id: format
        name: Format Python
        language: system
        entry: ruff format
        groups: [format, ci]
  - id: lint
    name: Lint Python
    language: system
    entry: ruff check
    groups: [lint, ci]

prek run --all-files --group ci
prek run --all-files --no-group format

This is useful when local development, CI, slow validation, or project-specific checks need different hook sets without splitting the config.

Enhancements

• Add hook group filters to prek run (#2141)
• Delay hook output preview rendering (#2140)
• Stream hook output in progress UI (#2136)

Bug fixes

• Fix intent-to-add stash restore (#2143)

... (truncated)

Commits

• f44270e Bump version 0.4.4 (#2148)
• da457c5 Document hook stage file input (#2147)
• 0fa2929 Add hook group filters to prek run (#2141)
• 9b0047f Fix intent-to-add stash restore (#2143)
• 00b2520 Delay hook output preview rendering (#2140)
• a54fdf0 Simplify hook output preview rendering (#2139)
• ab7165d Stream hook output in progress UI (#2136)
• f609584 Remove unpinned dotnet test (#2137)
• ce0d8b3 Update Rust to 1.96 (#2134)
• 1815fc5 Update PyPI Downloads badge to dynamic JSON
• Additional commits viewable in compare view

Updates hatchling from 1.29.0 to 1.30.1

Release notes

Sourced from hatchling's releases.

Hatchling v1.30.1

Fixed

• Default core metadata version kept at 2.4 until more tools support 2.5

Commits

• 37b00c3 release Hatchling v1.30.1 (#2298)
• 0446d99 Update history for new patch release of hatchling after fixing default metada...
• 4f5cdf0 Make 2.4 metadata default until other tools support it. (#2296)
• 0497be0 Fix draft release uploads. (#2293)
• 3aae0fa Fix hatchling to use Metadata 2.4 (#2291)
• 5ee4189 release Hatch v1.17.0 (#2290)
• 6109ee7 release Hatchling v1.30.0 (#2289)
• 246e22b Block duplicate files in wheel archives (closes #2066) (#2269)
• d2afcb6 Update docs as pre-release for 1.17.0 (#2287)
• 818d284 Feat hatch check command with new sub command for types (#2278)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions