chore(deps): update all dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
ansible-creator (changelog)	26.3.0 → 26.4.3			dependency-groups	minor
ansible/actions	v1.1.0 → v1.1.2			repository	patch
ansible/team-devtools	v26.2.1 → v26.4.0			repository	minor
astral-sh/setup-uv	v7 → v8.1.0			action	major
astral-sh/uv-pre-commit	0.10.9 → 0.11.8			repository	minor
attrs (changelog)	==25.4.0 → ==26.1.0				major
biomejs/pre-commit	v2.4.6 → v2.4.13			repository	patch	v2.4.14
build (changelog)	1.4.0 → 1.5.0			dependency-groups	minor
check-jsonschema	0.37.0 → 0.37.1			dependency-groups	patch
click (changelog)	==8.3.1 → ==8.3.3				patch
coverage	7.13.4 → 7.13.5			dependency-groups	patch
filelock	==3.25.2 → ==3.29.0				minor
filelock	3.25.2 → 3.29.0			project.dependencies	minor
ipython	9.11.0 → 9.13.0			dependency-groups	minor
jendrikseipp/vulture	v2.14 → v2.16			repository	minor
mkdocs-ansible (changelog)	25.6.2 → 26.4.0			dependency-groups	major
mypy (changelog)	1.19.1 → 1.20.2			dependency-groups	minor
pathspec (changelog)	==1.0.4 → ==1.1.1				minor
pathspec (changelog)	>=1.0.3,<1.1.0 → >=1.1.1,<1.2.0			project.dependencies	minor
pipx (changelog)	1.8.0 → 1.11.1			dependency-groups	minor
platformdirs (changelog)	==4.9.4 → ==4.9.6				patch
prek (source, changelog)	0.3.5 → 0.3.11			dependency-groups	patch
prettier (source)	3.8.1 → 3.8.3			devDependencies	patch
pyright	1.1.408 → 1.1.409			dependency-groups	patch
ruff (source, changelog)	0.15.6 → 0.15.12			dependency-groups	patch
setuptools-scm	9.2.2 → 10.0.5			dependency-groups	major
setuptools_scm	9.2.2 → 10.0.5			build-system.requires	major
tombi	0.9.6 → 0.10.1			dependency-groups	minor	0.10.2
tomli (changelog)	2.4.0 → 2.4.1			dependency-groups	patch
tox (changelog)	4.49.1 → 4.53.0			dependency-groups	minor	4.53.1
tox-uv (changelog)	1.33.4 → 1.35.1			dependency-groups	minor
types-jsonschema (changelog)	4.26.0.20260202 → 4.26.0.20260408			dependency-groups	patch
types-pyyaml (changelog)	6.0.12.20250915 → 6.0.12.20260408			dependency-groups	patch

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

ansible/ansible-creator (ansible-creator)

v26.4.3

Compare Source

Fixes

• fix(security): update dependencies [SECURITY] (#​580) @​renovate[bot]
• fix: add missing build stages and fix ordering in EE template (#​586) @​NilashishC

Maintenance

• fix(security): update dependencies [SECURITY] (#​580) @​renovate[bot]

v26.4.2

Compare Source

Features

• feat: Add build_arg_defaults support for execution environment projects (#​584) @​KB-perByte
• Scaffold EE spec files for Gitlab (#​575) @​KB-perByte
• feat: Add option to disable validate_certs (#​576) @​KB-perByte

v26.4.1

Compare Source

Fixes

• fix: use GitHub Actions variable for REGISTRY_USERNAME instead of secret (#​574) @​NilashishC

Maintenance

• chore(ci): use explicit _extends path for Release Drafter v7 (#​577) @​anusshukla
• chore(deps): update all dependencies pep621 (#​573) @​renovate[bot]
• chore(deps): update all dependencies (#​572) @​renovate[bot]

Contributors

@​NilashishC, @​anusshukla

v26.4.0

Compare Source

Fixes

• fix: allow ansible-galaxy collection list to fail gracefully in EE test step (#​571) @​NilashishC

Maintenance

• chore(deps): update all dependencies pep621 (#​567) @​renovate[bot]
• chore(deps): bump cryptography from 46.0.5 to 46.0.6 (#​565) @​dependabot[bot]
• chore(deps): bump requests from 2.32.5 to 2.33.0 (#​563) @​dependabot[bot]
• chore(deps): update all dependencies (#​566) @​renovate[bot]
• chore(deps): bump pygments from 2.19.2 to 2.20.0 (#​569) @​dependabot[bot]

v26.3.3

Compare Source

Features

• feat: add image_build_tag workflow input for custom build tags (#​568) @​NilashishC
• feat: add --registry-tls-verify CLI option for container registry TLS control (#​564) @​NilashishC
• feat: add SCM servers support for private Git collection repositories (#​559) @​cidrblock
• feat: make EE workflow configurable at runtime with dispatch inputs (#​558) @​NilashishC
• feat: replace hardcoded hub URLs with generic galaxy_servers list (#​556) @​cidrblock
• feat: wire ee_file_name through CLI so scaffolded EE projects use the custom filename (#​557) @​NilashishC
• feat: add registry and image_name to EE configuration (#​555) @​cidrblock
• feat: add ee_file_name to EEConfig for custom EE definition file names (#​548) @​cidrblock

Fixes

• fix: enforce GITHUB_TOKEN for ghcr.io registry login (#​570) @​NilashishC
• fix: update python interpreter to 3.12 for AAP 2.5 and unversioned official EE images (#​562) @​NilashishC
• fix: add workflow_dispatch input defaults in ee-build template (#​561) @​NilashishC
• ci(ee): verify buildah >= 1.24 before building with --build-arg (#​552) @​cidrblock
• fix: omit empty additional_build_steps and simplify workflow inputs (#​560) @​NilashishC
• fix(ee): remove broken curl-based Automation Hub token validation (#​554) @​cidrblock
• fix: rename EEConfig JSON key from "name" to "ee_name" for CLI consistency (#​553) @​cidrblock
• docs: fix EE project tree in installing.md (ci.yml -> ee-build.yml) (#​547) @​cidrblock
• fix: redesign ansible.cfg build flow — volume mount, ARG tokens, nothing in layers (#​546) @​cidrblock
• fix: harden EE workflow — warn-only base image check, tighten token conditions (#​545) @​cidrblock
• fix: Update ansible.cfg structure for official EE images (#​544) @​anusshukla

Maintenance

• chore(deps): update all dependencies pep621 (#​550) @​renovate[bot]
• chore(deps): update dependencies (#​551) @​renovate[bot]
• chore(deps): update all dependencies (#​549) @​renovate[bot]

v26.3.2

Compare Source

Features

• feat: introduce EEConfig dataclass for structured EE configuration (#​541) @​cidrblock
• feat: Add improved GitHub Actions workflow for EE build and publish (#​532) @​anusshukla

Fixes

• fix: Exclude ansible_core and ansible_runner for official EE base images (#​539) @​anusshukla
• fix(devfile): align with OCP 4.20+ / Dev Spaces 3.25+ container-in-container (#​540) @​cidrblock

v26.3.1

Compare Source

Fixes

• fix: handle AppendAction in API argv builder and schema extractor (#​533) @​cidrblock
  -fix: Support Git URL format for collection names in EE scaffolding (#​538 @​anusshukla

Maintenance

• chore(deps): update all dependencies pep621 (#​537) @​renovate[bot]
• chore(deps): update all dependencies (#​536) @​renovate[bot]
• chore(deps): bump cairosvg from 2.7.1 to 2.9.0 (#​535) @​dependabot[bot]
• chore(deps): bump black from 26.1.0 to 26.3.1 (#​534) @​dependabot[bot]
• chore(deps): update all dependencies (#​531) @​renovate[bot]

ansible/actions (ansible/actions)

v1.1.2

Compare Source

Fixes

• fix: make renovate and md hook use version from action (#​112) @​ssbarnea
• fix: force use of newer node (#​121) @​ssbarnea

Maintenance

• chore(deps): update all dependencies pep621 (#​120) @​renovate[bot]
• chore(deps): update all dependencies (#​119) @​renovate[bot]

v1.1.1

Compare Source

Fixes

• fix: address issue with shellcheck calling (#​118) @​ssbarnea

Maintenance

• chore(deps): update all dependencies pep621 (#​117) @​renovate[bot]
• chore(deps): update all dependencies (#​116) @​renovate[bot]
• chore(deps): update dependencies (#​115) @​renovate[bot]
• chore(deps): update all dependencies pep621 (#​114) @​renovate[bot]
• chore(deps): update all dependencies (#​113) @​renovate[bot]

ansible/team-devtools (ansible/team-devtools)

v26.4.0

Compare Source

Fixes

• fix: stop if unsigned commits are detected (#​438) @​ssbarnea

Maintenance

• chore(deps): update pep621 (#​432) @​renovate[bot]

v26.2.2

Compare Source

Maintenance

• chore: dump event info for test pipeline (#​427) @​ssbarnea
• chore(deps): update all dependencies (#​426) @​renovate[bot]

astral-sh/setup-uv (astral-sh/setup-uv)

v8.1.0: 🌈 New input no-project

Compare Source

Changes

This add the a new boolean input no-project.
It only makes sense to use in combination with activate-environment: true and will append --no project to the uv venv call. This is for example useful if you have a pyproject.toml file with parts unparseable by uv

🚀 Enhancements

• Add input no-project in combination with activate-environment @​eifinger (#​856)

🧰 Maintenance

• fix: grant contents:write to validate-release job @​eifinger (#​860)
• Add a release-gate step to the release workflow @​zanieb (#​859)
• Draft commitish releases @​eifinger (#​858)
• Add action-types.yml to instructions @​eifinger (#​857)
• chore: update known checksums for 0.11.7 @​github-actions[bot] (#​853)
• Refactor version resolving @​eifinger (#​852)
• chore: update known checksums for 0.11.6 @​github-actions[bot] (#​850)
• chore: update known checksums for 0.11.5 @​github-actions[bot] (#​845)
• chore: update known checksums for 0.11.4 @​github-actions[bot] (#​843)
• Add a release workflow @​zanieb (#​839)
• chore: update known checksums for 0.11.3 @​github-actions[bot] (#​836)

📚 Documentation

• Update ignore-nothing-to-cache documentation @​eifinger (#​833)
• Pin setup-uv docs to v8 @​eifinger (#​829)

⬆️ Dependency updates

• chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 @​dependabot[bot] (#​855)

v8.0.0: 🌈 Immutable releases and secure tags

Compare Source

This is the first immutable release of setup-uv 🥳

All future releases are also immutable, if you want to know more about what this means checkout the docs.

This release also has two breaking changes

New format for manifest-file

The previously deprecated way of defining a custom version manifest to control which uv versions are available and where to download them from got removed. The functionality is still there but you have to use the new format.

No more major and minor tags

To increase security even more we will stop publishing minor tags. You won't be able to use @v8 or @v8.0 any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to tj-actions.

[!TIP]
Use the immutable tag as a version astral-sh/setup-uv@v8.0.0
Or even better the githash astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57

🚨 Breaking changes

• Remove update-major-minor-tags workflow @​eifinger (#​826)
• Remove deprecrated custom manifest @​eifinger (#​813)

🧰 Maintenance

• Shortcircuit latest version from manifest @​eifinger (#​828)
• Simplify inputs.ts @​eifinger (#​827)
• Bump release-drafter to v7.1.1 @​eifinger (#​825)
• Refactor inputs @​eifinger (#​823)
• Replace inline compile args with tsconfig @​eifinger (#​824)
• chore: update known checksums for 0.11.2 @​github-actions[bot] (#​821)
• chore: update known checksums for 0.11.1 @​github-actions[bot] (#​817)
• chore: update known checksums for 0.11.0 @​github-actions[bot] (#​815)
• Fix latest-version workflow check @​eifinger (#​812)
• chore: update known checksums for 0.10.11/0.10.12 @​github-actions[bot] (#​811)

astral-sh/uv-pre-commit (astral-sh/uv-pre-commit)

v0.11.8

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.8

v0.11.7

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.7

v0.11.6

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.6

v0.11.5

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.5

v0.11.4

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.4

v0.11.3

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.3

v0.11.2

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.2

v0.11.1

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.1

v0.11.0

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.11.0

v0.10.12

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.10.12

v0.10.11

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.10.11

v0.10.10

Compare Source

See: https://github.com/astral-sh/uv/releases/tag/0.10.10

python-attrs/attrs (attrs)

v26.1.0

Compare Source

Backwards-incompatible Changes

• Field aliases are now resolved before calling field_transformer, so transformers receive fully populated Attribute objects with usable alias values instead of None.
  The new Attribute.alias_is_default flag indicates whether the alias was auto-generated (True) or explicitly set by the user (False).
  #​1509

Changes

• Fix type annotations for attrs.validators.optional(), so it no longer rejects tuples with more than one validator.
  #​1496
• The attrs.validators.disabled() contextmanager can now be nested.
  #​1513
• Frozen classes can set on_setattr=attrs.setters.NO_OP in addition to None.
  #​1515
• It's now possible to pass attrs instances in addition to attrs classes to attrs.fields().
  #​1529

biomejs/pre-commit (biomejs/pre-commit)

v2.4.13

Compare Source

v2.4.12

Compare Source

v2.4.11

Compare Source

v2.4.10

Compare Source

v2.4.9

Compare Source

v2.4.8

Compare Source

v2.4.7

Compare Source

pypa/build (build)

v1.5.0

Compare Source

What's Changed

• ci: try to improve release docs by @​henryiii in #​1051
• feat: drop 3.9, require 3.10+ by @​henryiii in #​1036
• chore: tox toml by @​henryiii in #​1033
• fix: api should not ignore installed, only CLI by @​henryiii in #​1056

Full Changelog: pypa/build@1.4.4...1.5.0

v1.4.4

Compare Source

What's Changed

• 🐛 fix(release): generate consistent CHANGELOG heading levels by @​gaborbernat in #​1032
• docs: move source links by @​henryiii in #​1034
• revert: drop PEP 660 change by @​henryiii in #​1039
• fix: ignore installed when running pip by @​henryiii in #​1040
• fix: revert part of #​973 by @​henryiii in #​1044
• chore: report coverage failure lines by @​henryiii in #​1046
• tests: fix issue with uv run by @​henryiii in #​1048
• docs: reorganize testing docs for copy/paste by @​abitrolly in #​1043
• tests: keep environment from leaking in Python 3.15 by @​henryiii in #​1049
• docs: fix issue with changelog generation by @​henryiii in #​1050

Full Changelog: pypa/build@1.4.3...1.4.4

v1.4.3

Compare Source

What's Changed

• 🐛 fix(api): resolve thread-safety races in build API by @​gaborbernat in #​1015
• 🐛 fix(builder): validate backend-path entries exist on disk by @​gaborbernat in #​1016
• test: cover config settings build paths by @​terminalchai in #​992
• Add kind=(step, ) for root messages with * by @​abitrolly in #​973
• fix: correct changelog category ordering by @​gaborbernat in #​1017
• 🐛 fix(cli): show full dependency chain in missing deps error by @​gaborbernat in #​1019
• tests: fully annotate by @​henryiii in #​1020
• chore: lazy imports by @​henryiii in #​1021
• chore: adding more ruff codes by @​henryiii in #​1022
• tests: improve annotations by @​henryiii in #​1023
• 🧪 test(coverage): achieve 100% test coverage by @​gaborbernat in #​1018
• chore: add ruff PT by @​henryiii in #​1025
• chore: add ruff PYI by @​henryiii in #​1026
• chore: add ruff SIM/RET by @​henryiii in #​1028
• 🐛 fix(env): strip PYTHONPATH from isolated builds by @​gaborbernat in #​1024
• chore: use ruff ALL by @​henryiii in #​1029
• 🐛 fix(env): prevent pip credential hang with private indexes by @​gaborbernat in #​1030
• 🐛 fix(check_dependency): verify URL reqs via PEP 610 by @​gaborbernat in #​1027

New Contributors

• @​terminalchai made their first contribution in #​992

Full Changelog: pypa/build@1.4.2...1.4.3

v1.4.2

Compare Source

What's Changed

• fix(uv): always pass the python to use by @​henryiii in #​996
• 🐛 fix(release): detect pre-commit environment inconsistencies by @​gaborbernat in #​1001
• 🔧 fix(towncrier): match docstrfmt RST formatting expectations by @​gaborbernat in #​1002
• Fix _has_valid_outer_pip when pip is missing by @​notatallshaw in #​1003
• fix: release changelog issue by @​henryiii in #​1006

New Contributors

• @​notatallshaw made their first contribution in #​1003

Full Changelog: pypa/build@1.4.1...1.4.2

v1.4.1

Compare Source

What's Changed

• Fix documentation grammar and typos by @​DimitriPapadopoulos in #​979
• Allow setting build constraints by @​layday in #​963
• fix: pip hack workaround by @​henryiii in #​980
• 📚 docs: reorganize using Diataxis framework by @​gaborbernat in #​988
• ✨ feat(ci): automate releases and harden workflows by @​gaborbernat in #​991
• chore: avoid template injection zizmor issue by @​henryiii in #​994
• chore: fix PR template by @​henryiii in #​995
• chore: fix fix job by @​henryiii in #​997
• 🐛 fix(ci): resolve pre-release auth failure and change detection by @​gaborbernat in #​999
• 🐛 fix(deps): add pre-commit to release dependency group by @​gaborbernat in #​1000

Full Changelog: pypa/build@1.4.0...1.4.1

python-jsonschema/check-jsonschema (check-jsonschema)

v0.37.1

Compare Source

• Update vendored schemas: buildkite, circle-ci, dependabot, github-workflows,
  gitlab-ci, mergify, readthedocs, renovate, woodpecker-ci (2026-03-25)
• Add Changie.dev schema and pre-commit hook. Thanks :user:edgarrmondragon! (:pr:662)

pallets/click (click)

v8.3.3

Compare Source

v8.3.2

Compare Source

Released 2026-04-02

• Fix handling of flag_value when is_flag=False to allow such options to be
  used without an explicit value. :issue:3084 :pr:3152
• Hide Sentinel.UNSET values as None when using lookup_default().
  :issue:3136 :pr:3199 :pr:3202 :pr:3209 :pr:3212 :pr:3224
• Prevent _NamedTextIOWrapper from closing streams owned by StreamMixer.
  :issue:824 :issue:2991 :issue:2993 :issue:3110 :pr:3139 :pr:3140
• Add comprehensive tests for CliRunner stream lifecycle, covering
  logging interaction, multi-threaded safety, and sequential invocation
  isolation. Add high-iteration stress tests behind a stress marker
  with a dedicated CI job. :pr:3139
• Fix callable flag_value being instantiated when used as a default via
  default=True. :issue:3121 :pr:3201 :pr:3213 :pr:3225

coveragepy/coveragepy (coverage)

v7.13.5

Compare Source

• Fix: issue 2138_ describes a memory leak that happened when repeatedly
  using the Coverage API with in-memory data. This is now fixed.

• Fix: the markdown-formatted coverage report didn't fully escape special
  characters in file paths (issue 2141). This would be very unlikely to
  cause a problem, but now it's done properly, thanks to Ellie Ayla <pull 2142_>.

• Fix: the C extension wouldn't build on VS2019, but now it does (issue 2145_).

.. _issue 2138: #​2138
.. _issue 2141: #​2141
.. _pull 2142: #​2142
.. _issue 2145: #​2145

.. _changes_7-13-4:

tox-dev/py-filelock (filelock)

v3.29.0

Compare Source

What's Changed

• 🐛 fix(async): use single-thread executor for lock consistency by @​gaborbernat in tox-dev/filelock#533
• ✨ feat(soft): enable stale lock detection on Windows by @​gaborbernat in tox-dev/filelock#534

Full Changelog: tox-dev/filelock@3.28.0...3.29.0

v3.28.0

Compare Source

What's Changed

• 🐛 fix(ci): unbreak release workflow, publish to PyPI again by @​gaborbernat in tox-dev/filelock#529

Full Changelog: tox-dev/filelock@3.27.0...3.28.0

ipython/ipython (ipython)

v9.13.0

Compare Source

v9.12.0

Compare Source

jendrikseipp/vulture (jendrikseipp/vulture)

v2.16

Compare Source

2.16 (2026-03-25)

• Fix false positives for dead code after while loops (#​412, #​413, Jendrik Seipp).
• Use ty instead of pytype for testing type annotations (Jendrik Seipp).

v2.15

Compare Source

2.15 (2026-03-04)

• Handle while True loops without break statements (kreathon).
• Add whitelist for ssl.SSLContext (tunnelsociety, #​392).
• Add more ruff rules (even-even).
• Drop support for Python 3.8 (Jendrik Seipp, #​398).
• Add support for Python 3.14 (even-even).

ansible/mkdocs-ansible (mkdocs-ansible)

[v26.4.0](https://redirect.github.com/ansib

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (in timezone UTC)

• Branch creation
  • "before 4am on monday"
• Automerge
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pyproject.toml

Artifact update for tombi resolved to version 0.10.2, which is a pending version that has not yet passed the Minimum Release Age threshold.
Renovate was attempting to update to 0.10.1
This is (likely) not a bug in Renovate, but due to the way your project pins dependencies, _and_ how Renovate calls your package manager to update them.
Until Renovate supports specifying an exact update to your package manager (https://github.com/renovatebot/renovate/issues/41624), it is recommended to directly pin your dependencies (with `rangeStrategy=pin` for apps, or `rangeStrategy=widen` for libraries)
See also: https://docs.renovatebot.com/dependency-pinning/

File name: pyproject.toml

Artifact update for tox resolved to version 4.53.1, which is a pending version that has not yet passed the Minimum Release Age threshold.
Renovate was attempting to update to 4.53.0
This is (likely) not a bug in Renovate, but due to the way your project pins dependencies, _and_ how Renovate calls your package manager to update them.
Until Renovate supports specifying an exact update to your package manager (https://github.com/renovatebot/renovate/issues/41624), it is recommended to directly pin your dependencies (with `rangeStrategy=pin` for apps, or `rangeStrategy=widen` for libraries)
See also: https://docs.renovatebot.com/dependency-pinning/