Skip to content

deps(uv): bump the patch-and-minor group with 4 updates#7

Merged
hu553in merged 1 commit into
mainfrom
dependabot/uv/patch-and-minor-cea746e842
Jun 14, 2026
Merged

deps(uv): bump the patch-and-minor group with 4 updates#7
hu553in merged 1 commit into
mainfrom
dependabot/uv/patch-and-minor-cea746e842

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 10, 2026

Copy link
Copy Markdown
Contributor

Bumps the patch-and-minor group with 4 updates: prek, pysentry-rs, ruff and ty.

Updates prek from 0.4.3 to 0.4.4

Release notes

Sourced from prek's releases.

0.4.4

Release Notes

Released on 2026-06-04.

✨ Highlights

0.4.4 makes prek run easier to watch and easier to slice.

Hook stream output now shows a small live preview under the running hook in the progress UI. Long-running hooks no longer look stuck while they are producing logs, and failed hooks are easier to diagnose because recent output is already visible before the final result.

The new group selector lets a single config support different workflows. Tag hooks with groups, then select or exclude those groups at run time:

repos:
  - repo: local
    hooks:
      - id: format
        name: Format Python
        language: system
        entry: ruff format
        groups: [format, ci]
  - id: lint
    name: Lint Python
    language: system
    entry: ruff check
    groups: [lint, ci]

prek run --all-files --group ci
prek run --all-files --no-group format

This is useful when local development, CI, slow validation, or project-specific checks need different hook sets without splitting the config.

💚 Sponsorship

If prek saves time for you or your team, please consider sponsoring the project on GitHub Sponsors. It helps keep new features, performance work, and maintenance moving.

Enhancements

... (truncated)

Changelog

Sourced from prek's changelog.

0.4.4

Released on 2026-06-04.

Highlights

0.4.4 makes prek run easier to watch and easier to slice.

Hook stream output now shows a small live preview under the running hook in the progress UI. Long-running hooks no longer look stuck while they are producing logs, and failed hooks are easier to diagnose because recent output is already visible before the final result.

The new group selector lets a single config support different workflows. Tag hooks with groups, then select or exclude those groups at run time:

repos:
  - repo: local
    hooks:
      - id: format
        name: Format Python
        language: system
        entry: ruff format
        groups: [format, ci]
  - id: lint
    name: Lint Python
    language: system
    entry: ruff check
    groups: [lint, ci]

prek run --all-files --group ci
prek run --all-files --no-group format

This is useful when local development, CI, slow validation, or project-specific checks need different hook sets without splitting the config.

Enhancements

  • Add hook group filters to prek run (#2141)
  • Delay hook output preview rendering (#2140)
  • Stream hook output in progress UI (#2136)

Bug fixes

  • Fix intent-to-add stash restore (#2143)

... (truncated)

Commits

Updates pysentry-rs from 0.4.5 to 0.4.6

Release notes

Sourced from pysentry-rs's releases.

v0.4.6

✨ New Features

Audit a Single Dependency Group (--group)

The new --group flag scopes an audit to specific dependency groups instead of the whole dependency tree. It is supported for uv (uv.lock), Poetry (poetry.lock), and PEP 751 (pylock.toml) projects. PySentry audits your main dependencies ([project].dependencies / [tool.poetry.dependencies]) plus the selected group(s) and their transitive closure, leaving the rest out:

# Audit main dependencies + the "dev" group only
pysentry-rs --group dev
Multiple groups (repeatable or comma-separated)
pysentry-rs --group dev --group docs
pysentry-rs --group dev,docs

Group names are read from any of the standard locations:

  • PEP 735 [dependency-groups] (with include-group recursion)
  • PEP 621 [project.optional-dependencies]
  • Poetry [tool.poetry.group.*]

Names are matched using PEP 735 normalization, so --group typing-test matches a declared typing_test. An unknown name fails with the list of available groups.

--group requires a lock file. Group filtering relies on a group-aware lock file — uv.lock, poetry.lock, or pylock.toml (including named pylock.<name>.toml variants) — alongside your pyproject.toml. On a project without one, PySentry fails fast with a clear error instead of silently auditing the full dependency set. (Pipfile.lock is not supported — Pipfile has no dependency-group concept.)

--group cannot be combined with --exclude-extra (or config scope = "main"), --requirements-files, or --no-resolver. It can also be set in config:

# .pysentry.toml
[defaults]
groups = ["dev", "docs"]

Resolves #151.

🐛 Bug Fixes

fail_on Silently Hid Vulnerabilities Below Its Threshold

fail_on (CLI --fail-on, config defaults.fail_on) is meant to control only the exit code — the severity at which an audit is considered a failure. A regression in v0.4.5 instead wired it into the matcher as a minimum-severity filter, so any vulnerability below the fail_on level was dropped from the report entirely rather than just being excluded from the pass/fail decision.

The effect scaled with the threshold. With the default fail_on = "medium", low-severity findings disappeared from the report. With fail_on = "critical", a project could contain many real high- and medium-severity vulnerabilities and still print ✓ No vulnerabilities found! with a clean exit. On one real uv.lock project (90 packages), v0.4.5 reported 0 vulnerabilities under fail_on = "critical" while the project actually had 31, several of them high severity.

PySentry now reports every matched vulnerability regardless of fail_on, and uses fail_on strictly to decide the exit code.

:::warning If you run PySentry with fail_on set above low (via --fail-on or config), affected vulnerabilities were missing from your reports while the audit may have exited successfully. Re-run your audit on this release. :::

... (truncated)

Commits
  • a61cbfc Merge pull request #159 from nyudenkov/dev
  • d22bc87 refactor: dedupe pyproject dependency parsing
  • d107e06 v0.4.6
  • 6f31945 readme: trying to make logo look okay
  • 82a299c fix: bump rustls-webpki to 0.103.13 to clear RUSTSEC-2026-0098/0099/0104
  • 89ba462 fix: version PyPA cache key to prevent cross-version EOCD crash
  • 17f20b1 fix: stop fail_on from filtering reported vulnerabilities
  • 48e800a ai: linked CLAUDE.md to AGENTS.md
  • e8de12b docs: document dependency group auditing
  • 418f3d4 feat: add dependency group audit scope
  • Additional commits viewable in compare view

Updates ruff from 0.15.15 to 0.15.16

Release notes

Sourced from ruff's releases.

0.15.16

Release Notes

Released on 2026-06-04.

Preview features

  • [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
  • [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
  • [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

  • [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
  • [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
  • [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
  • [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
  • [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

  • [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

  • Drop excess capacity from statement suites during parsing (#25368)

Documentation

  • [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
  • [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
  • Fix typo bin/activebin/activate in tutorial (#25473)

Other changes

  • Shrink additional parser AST collections (#25465)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.16

Released on 2026-06-04.

Preview features

  • [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
  • [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
  • [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

  • [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
  • [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
  • [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
  • [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
  • [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

  • [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

  • Drop excess capacity from statement suites during parsing (#25368)

Documentation

  • [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
  • [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
  • Fix typo bin/activebin/activate in tutorial (#25473)

Other changes

  • Shrink additional parser AST collections (#25465)

Contributors

Commits

Updates ty from 0.0.43 to 0.0.46

Release notes

Sourced from ty's releases.

0.0.46

Release Notes

Released on 2026-06-08.

Bug fixes

  • Avoid crash when hovering over Callable (#25759)

Core type checking

  • Support Callable() in match statement class patterns (#25541)
  • Improve support for enum.property (#25681)

Contributors

Install ty 0.0.46

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.46/ty-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ty/releases/download/0.0.46/ty-installer.ps1 | iex"

Download ty 0.0.46

File Platform Checksum
ty-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
ty-x86_64-apple-darwin.tar.gz Intel macOS checksum
ty-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
ty-i686-pc-windows-msvc.zip x86 Windows checksum
ty-x86_64-pc-windows-msvc.zip x64 Windows checksum
ty-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
ty-i686-unknown-linux-gnu.tar.gz x86 Linux checksum
ty-powerpc64-unknown-linux-gnu.tar.gz PPC64 Linux checksum
ty-powerpc64le-unknown-linux-gnu.tar.gz PPC64LE Linux checksum
ty-riscv64gc-unknown-linux-gnu.tar.gz RISCV Linux checksum
ty-s390x-unknown-linux-gnu.tar.gz S390x Linux checksum
ty-x86_64-unknown-linux-gnu.tar.gz x64 Linux checksum

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.46

Released on 2026-06-08.

Bug fixes

  • Avoid crash when hovering over Callable (#25759)

Core type checking

  • Support Callable() in match statement class patterns (#25541)
  • Improve support for enum.property (#25681)

Contributors

0.0.45

Released on 2026-06-08.

Bug fixes

  • Avoid treating dynamic class attributes as instance attributes (#25678)
  • Fix divergence in recursive inference due to ambiguous overload (#25548)
  • Preserve literal promotion for mixed bounds (#25648)

Diagnostics

  • Add missing-type-argument lint rule (#25617)

Core type checking

  • Add support for narrowing on tuple match cases (#25493)
  • Check implicit open TypedDict extra items (#25628)
  • Create fresh copies of generic callable typevars (#24949)
  • Preserve deprecation on replacement functions (#25688)
  • Preserve intersection receivers during attribute lookup (#25626)
  • Preserve transparent callable decorators (#25030)

Performance

  • Avoid AST load for callable description names (#25728)
  • Avoid caching absent class decorators and type parameters (#25689)
  • Avoid caching atomic type specializations (#25663)
  • Avoid caching constant constraint relations (#25656)
  • Avoid caching missing implicit attributes (#25649)
  • Avoid caching trivial class-header queries (#25692)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the patch-and-minor group with 4 updates: [prek](https://github.com/j178/prek), [pysentry-rs](https://github.com/nyudenkov/pysentry), [ruff](https://github.com/astral-sh/ruff) and [ty](https://github.com/astral-sh/ty).


Updates `prek` from 0.4.3 to 0.4.4
- [Release notes](https://github.com/j178/prek/releases)
- [Changelog](https://github.com/j178/prek/blob/master/CHANGELOG.md)
- [Commits](j178/prek@v0.4.3...v0.4.4)

Updates `pysentry-rs` from 0.4.5 to 0.4.6
- [Release notes](https://github.com/nyudenkov/pysentry/releases)
- [Commits](nyudenkov/pysentry@v0.4.5...v0.4.6)

Updates `ruff` from 0.15.15 to 0.15.16
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.15...0.15.16)

Updates `ty` from 0.0.43 to 0.0.46
- [Release notes](https://github.com/astral-sh/ty/releases)
- [Changelog](https://github.com/astral-sh/ty/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ty@0.0.43...0.0.46)

---
updated-dependencies:
- dependency-name: prek
  dependency-version: 0.4.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: patch-and-minor
- dependency-name: pysentry-rs
  dependency-version: 0.4.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: patch-and-minor
- dependency-name: ruff
  dependency-version: 0.15.16
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: patch-and-minor
- dependency-name: ty
  dependency-version: 0.0.46
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: patch-and-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 10, 2026
@hu553in hu553in merged commit 7bc8032 into main Jun 14, 2026
4 checks passed
@hu553in hu553in deleted the dependabot/uv/patch-and-minor-cea746e842 branch June 14, 2026 03:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant