Skip to content

Bump the all-dependencies group with 5 updates#368

Merged
chrisguidry merged 2 commits intomainfrom
dependabot/uv/all-dependencies-d1099b3a63
Mar 20, 2026
Merged

Bump the all-dependencies group with 5 updates#368
chrisguidry merged 2 commits intomainfrom
dependabot/uv/all-dependencies-d1099b3a63

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 18, 2026

Bumps the all-dependencies group with 5 updates:

Package From To
loq 0.1.0a7 0.1.0
prek 0.3.5 0.3.6
ruff 0.15.5 0.15.6
zensical 0.0.25 0.0.27
uvicorn 0.41.0 0.42.0

Updates loq from 0.1.0a7 to 0.1.0

Release notes

Sourced from loq's releases.

v0.1.0

loq 0.1.0

Features

  • Git-aware check filters — scope loq check to files changed in a git context

Fixes

  • Respect -- when normalizing stdin dash in CLI
  • Parse check flags after positional paths
  • Ignore temporary config during baseline violation scan
  • Handle escaped exact paths in baseline/relax
  • Harden git-scoped check input handling and path normalization (including Windows)

Other

  • Simplify check input resolution and git-scoped path handling
  • Remove unreachable branch in glob unescape
  • Improve test coverage for git-aware check filters

What's Changed

Full Changelog: jakekaplan/loq@v0.1.0-alpha.7...v0.1.0

Commits
  • f03ac54 Merge pull request #53 from jakekaplan/prep-0.1.0
  • de486eb prep-0.1.0
  • c21667f Merge pull request #52 from jakekaplan/feat/git-aware-check
  • 2072355 test: normalize windows config path assertion
  • 7f6e7a5 fix: align git-aware check config root
  • d03c45b refactor: simplify git-aware check tests
  • 70c593c fix: harden git-aware check scope
  • ace47cf fix
  • c29f856 refactor: simplify check input resolution and test helpers
  • 0d5ad86 refactor: remove duplicate git-scope CLI tests
  • Additional commits viewable in compare view

Updates prek from 0.3.5 to 0.3.6

Release notes

Sourced from prek's releases.

0.3.6

Release Notes

Released on 2026-03-16.

Call for testing

If you run prek in GitHub CI, please try j178/prek-action@v2.0.0-beta.4. The 2.0 beta series rewrites the action in TypeScript, adds semver range support for prek-version, and verifies downloaded prek archives with published SHA-256 checksums. We'd appreciate any bug reports.

Enhancements

  • Allow selectors for hook ids containing colons (#1782)
  • Rename prek install-hooks to prek prepare-hooks and prek install --install-hooks to prek install --prepare-hooks (#1766)
  • Retry auth-failed repo clones with terminal prompts enabled (#1761)

Performance

  • Optimize detect_private_key by chunked reading and using aho-corasick (#1791)
  • Optimize fix_byte_order_marker by shifting file contents in place (#1790)

Bug fixes

  • Align stage defaulting behavior with pre-commit (#1788)
  • Make sure child output is drained in the PTY subprocess (#1768)
  • fix(golang): use GOTOOLCHAIN=local when probing system go (#1797)

Documentation

  • Disambiguate “hook” terminology by renaming "Git hooks" to "Git shims" (#1776)
  • Document compatibility with pre-commit (#1767)
  • Update configuration.md with TOML 1.1 notes (#1764)

Other changes

  • Sync latest identify tags (#1798)

Contributors

Install prek 0.3.6

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/j178/prek/releases/download/v0.3.6/prek-installer.sh | sh
</tr></table>

... (truncated)

Changelog

Sourced from prek's changelog.

0.3.6

Released on 2026-03-16.

Enhancements

  • Allow selectors for hook ids containing colons (#1782)
  • Rename prek install-hooks to prek prepare-hooks and prek install --install-hooks to prek install --prepare-hooks (#1766)
  • Retry auth-failed repo clones with terminal prompts enabled (#1761)

Performance

  • Optimize detect_private_key by chunked reading and using aho-corasick (#1791)
  • Optimize fix_byte_order_marker by shifting file contents in place (#1790)

Bug fixes

  • Align stage defaulting behavior with pre-commit (#1788)
  • Make sure child output is drained in the PTY subprocess (#1768)
  • fix(golang): use GOTOOLCHAIN=local when probing system go (#1797)

Documentation

  • Disambiguate “hook” terminology by renaming "Git hooks" to "Git shims" (#1776)
  • Document compatibility with pre-commit (#1767)
  • Update configuration.md with TOML 1.1 notes (#1764)

Other changes

  • Sync latest identify tags (#1798)

Contributors

Commits

Updates ruff from 0.15.5 to 0.15.6

Release notes

Sourced from ruff's releases.

0.15.6

Release Notes

Released on 2026-03-12.

Preview features

  • Add support for lazy import parsing (#23755)
  • Add support for star-unpacking of comprehensions (PEP 798) (#23788)
  • Reject semantic syntax errors for lazy imports (#23757)
  • Drop a few rules from the preview default set (#23879)
  • [airflow] Flag Variable.get() calls outside of task execution context (AIR003) (#23584)
  • [airflow] Flag runtime-varying values in DAG/task constructor arguments (AIR304) (#23631)
  • [flake8-bugbear] Implement delattr-with-constant (B043) (#23737)
  • [flake8-tidy-imports] Add TID254 to enforce lazy imports (#23777)
  • [flake8-tidy-imports] Allow users to ban lazy imports with TID254 (#23847)
  • [isort] Retain lazy keyword when sorting imports (#23762)
  • [pyupgrade] Add from __future__ import annotations automatically (UP006) (#23260)
  • [refurb] Support newline parameter in FURB101 for Python 3.13+ (#23754)
  • [ruff] Add os-path-commonprefix (RUF071) (#23814)
  • [ruff] Add unsafe fix for os-path-commonprefix (RUF071) (#23852)
  • [ruff] Limit RUF036 to typing contexts; make it unsafe for non-typing-only (#23765)
  • [ruff] Use starred unpacking for RUF017 in Python 3.15+ (#23789)

Bug fixes

  • Fix --add-noqa creating unwanted leading whitespace (#23773)
  • Fix --add-noqa breaking shebangs (#23577)
  • [formatter] Fix lambda body formatting for multiline calls and subscripts (#23866)
  • [formatter] Preserve required annotation parentheses in annotated assignments (#23865)
  • [formatter] Preserve type-expression parentheses in the formatter (#23867)
  • [flake8-annotations] Fix stack overflow in ANN401 on quoted annotations with escape sequences (#23912)
  • [pep8-naming] Check naming conventions in match pattern bindings (N806, N815, N816) (#23899)
  • [perflint] Fix comment duplication in fixes (PERF401, PERF403) (#23729)
  • [pyupgrade] Properly trigger super change in nested class (UP008) (#22677)
  • [ruff] Avoid syntax errors in RUF036 fixes (#23764)

Rule changes

  • [flake8-bandit] Flag S501 with requests.request (#23873)
  • [flake8-executable] Fix WSL detection in non-Docker containers (#22879)
  • [flake8-print] Ignore pprint calls with stream= (#23787)

Documentation

  • Update docs for Markdown code block formatting (#23871)
  • [flake8-bugbear] Fix misleading description for B904 (#23731)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.6

Released on 2026-03-12.

Preview features

  • Add support for lazy import parsing (#23755)
  • Add support for star-unpacking of comprehensions (PEP 798) (#23788)
  • Reject semantic syntax errors for lazy imports (#23757)
  • Drop a few rules from the preview default set (#23879)
  • [airflow] Flag Variable.get() calls outside of task execution context (AIR003) (#23584)
  • [airflow] Flag runtime-varying values in DAG/task constructor arguments (AIR304) (#23631)
  • [flake8-bugbear] Implement delattr-with-constant (B043) (#23737)
  • [flake8-tidy-imports] Add TID254 to enforce lazy imports (#23777)
  • [flake8-tidy-imports] Allow users to ban lazy imports with TID254 (#23847)
  • [isort] Retain lazy keyword when sorting imports (#23762)
  • [pyupgrade] Add from __future__ import annotations automatically (UP006) (#23260)
  • [refurb] Support newline parameter in FURB101 for Python 3.13+ (#23754)
  • [ruff] Add os-path-commonprefix (RUF071) (#23814)
  • [ruff] Add unsafe fix for os-path-commonprefix (RUF071) (#23852)
  • [ruff] Limit RUF036 to typing contexts; make it unsafe for non-typing-only (#23765)
  • [ruff] Use starred unpacking for RUF017 in Python 3.15+ (#23789)

Bug fixes

  • Fix --add-noqa creating unwanted leading whitespace (#23773)
  • Fix --add-noqa breaking shebangs (#23577)
  • [formatter] Fix lambda body formatting for multiline calls and subscripts (#23866)
  • [formatter] Preserve required annotation parentheses in annotated assignments (#23865)
  • [formatter] Preserve type-expression parentheses in the formatter (#23867)
  • [flake8-annotations] Fix stack overflow in ANN401 on quoted annotations with escape sequences (#23912)
  • [pep8-naming] Check naming conventions in match pattern bindings (N806, N815, N816) (#23899)
  • [perflint] Fix comment duplication in fixes (PERF401, PERF403) (#23729)
  • [pyupgrade] Properly trigger super change in nested class (UP008) (#22677)
  • [ruff] Avoid syntax errors in RUF036 fixes (#23764)

Rule changes

  • [flake8-bandit] Flag S501 with requests.request (#23873)
  • [flake8-executable] Fix WSL detection in non-Docker containers (#22879)
  • [flake8-print] Ignore pprint calls with stream= (#23787)

Documentation

  • Update docs for Markdown code block formatting (#23871)
  • [flake8-bugbear] Fix misleading description for B904 (#23731)

Contributors

... (truncated)

Commits
  • e4c7f35 Bump 0.15.6 (#23919)
  • edfe6c1 [ty] Narrow type context during collection literal inference (#23844)
  • dd16d68 Exclude broken symlink in ecosystem check (#23921)
  • 3f94c6a Fix stack overflow in ANN401 on quoted annotations with escape sequences (#23...
  • 91fc7bd [ty] Fix false-positive diagnostics for PEP-604 union annotations on attribut...
  • 04229cf [ty] Initial test suite for PEP-728 TypedDict features (#23832)
  • 728b9d6 [pep8-naming] Check naming conventions in match pattern bindings (N806,...
  • 88d1eec [ty] Ensure a type[] type T is always considered assignable to a union th...
  • 37cdd61 Fix lambda body formatting for multiline calls and subscripts (#23866)
  • a25a4df [ty] Disambiguate duplicate-looking overloaded callables in union display (#2...
  • Additional commits viewable in compare view

Updates zensical from 0.0.25 to 0.0.27

Release notes

Sourced from zensical's releases.

0.0.27

Summary

This version fixes a reload loop for when auto-appended snippets are located inside of the docs directory, and auto-reload for pages with Chinese path segments.

Changelog

Bug fixes

  • 062a972 zensical – printed URLs of built pages shouldn't be percent-encoded
  • e326ae3 zensical – auto-reload not working for URLs with Chinese path segments (#436)
  • 9654132 zensical-watch – skip queuing redundant watch paths (#434)

0.0.26

Summary

This version fixes a regression introduced in 0.0.25 where the wheels built for manylinux x86 would be based on Python 3.8 instead of Python 3.10, making Zensical unusable on those architectures. This is related to a recent bug in our upstream dependency maturin, which was introduced in version 1.12.5. Additionally, it fixes a deprecation warning on Python 3.14 when using the emoji extension.

Changelog

Bug fixes

  • 66ca0e7 – missing wheels for CPython 3.10 manylinux x86 (#425)
  • 7514e32 compat – replace codecs.open, deprecated in Python 3.14 (#429)
Commits
  • 83cd642 chore: release v0.0.27
  • 062a972 fix: printed URLs of built pages shouldn't be percent-encoded
  • e326ae3 fix: auto-reload not working for URLs with Chinese path segments (#436)
  • 9654132 fix: skip queuing redundant watch paths (#434)
  • 824410c chore: release v0.0.26
  • 66ca0e7 fix: missing wheels for CPython 3.10 manylinux x86 (#425)
  • 7514e32 fix: replace codecs.open, deprecated in Python 3.14 (#429)
  • See full diff in compare view

Updates uvicorn from 0.41.0 to 0.42.0

Release notes

Sourced from uvicorn's releases.

Version 0.42.0

Changed

  • Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

  • Escape brackets and backslash in httptools HEADER_RE regex (#2824)
  • Fix multiple issues in websockets sans-io implementation (#2825)

New Contributors

Full Changelog: Kludex/uvicorn@0.41.0...0.42.0

Changelog

Sourced from uvicorn's changelog.

0.42.0 (March 16, 2026)

Changed

  • Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

  • Escape brackets and backslash in httptools HEADER_RE regex (#2824)
  • Fix multiple issues in websockets sans-io implementation (#2825)
Commits
  • 02bed6f Version 0.42.0 (#2852)
  • d8f2501 chore: pre-create Config objects in benchmarks to measure protocol hot paths ...
  • 9dbb783 Add WebSocket protocol benchmarks for wsproto and websockets-sansio (#2849)
  • b3c69da Use bytearray for request body accumulation (#2845)
  • 3f3ebee Disable pytest-xdist for CodSpeed benchmark runs (#2847)
  • d072de7 Add fragmented body benchmark for chunked body accumulation (#2846)
  • e300c2c Add CodSpeed benchmark suite for HTTP protocol hot paths (#2844)
  • 1fa6976 Escape brackets and backslash in httptools HEADER_RE regex (#2824)
  • 59ec1de Fix multiple issues in websockets sansio implementation (#2825)
  • 2fc0efc Clarify Windows asyncio event loop selection in docs (#2843)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the all-dependencies group with 5 updates
63c32f0 
Bumps the all-dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [loq](https://github.com/jakekaplan/loq) | `0.1.0a7` | `0.1.0` |
| [prek](https://github.com/j178/prek) | `0.3.5` | `0.3.6` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.5` | `0.15.6` |
| [zensical](https://github.com/zensical/zensical) | `0.0.25` | `0.0.27` |
| [uvicorn](https://github.com/Kludex/uvicorn) | `0.41.0` | `0.42.0` |


Updates `loq` from 0.1.0a7 to 0.1.0
- [Release notes](https://github.com/jakekaplan/loq/releases)
- [Commits](jakekaplan/loq@v0.1.0-alpha.7...v0.1.0)

Updates `prek` from 0.3.5 to 0.3.6
- [Release notes](https://github.com/j178/prek/releases)
- [Changelog](https://github.com/j178/prek/blob/master/CHANGELOG.md)
- [Commits](j178/prek@v0.3.5...v0.3.6)

Updates `ruff` from 0.15.5 to 0.15.6
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.5...0.15.6)

Updates `zensical` from 0.0.25 to 0.0.27
- [Release notes](https://github.com/zensical/zensical/releases)
- [Commits](zensical/zensical@v0.0.25...v0.0.27)

Updates `uvicorn` from 0.41.0 to 0.42.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.41.0...0.42.0)

---
updated-dependencies:
- dependency-name: loq
  dependency-version: 0.1.0
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: prek
  dependency-version: 0.3.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: ruff
  dependency-version: 0.15.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: zensical
  dependency-version: 0.0.27
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: uvicorn
  dependency-version: 0.42.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 18, 2026
@chrisguidry chrisguidry merged commit 08c5f06 into main Mar 20, 2026
50 checks passed
@chrisguidry chrisguidry deleted the dependabot/uv/all-dependencies-d1099b3a63 branch March 20, 2026 12:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chrisguidry