Bump the python-dependencies group with 6 updates

[dependabot]

Bumps the python-dependencies group with 6 updates:

Package	From	To
prek	0.3.10	0.4.3
ruff	0.15.12	0.15.14
mypy	1.20.2	2.1.0
ty	0.0.32	0.0.39
coverage	7.13.5	7.14.1
pytest-codspeed	4.4.0	5.0.3

Updates prek from 0.3.10 to 0.4.3

Release notes

Sourced from prek's releases.

0.4.3

Release Notes

Released on 2026-05-27.

Bug fixes

• Ignore stat-only hook rewrites (#2131)

Sponsorship

If prek saves time for you or your team, please consider sponsoring the project on GitHub Sponsors. It helps keep new features, performance work, and maintenance moving.

Contributors

• @​stevbev

Install prek 0.4.3

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/j178/prek/releases/download/v0.4.3/prek-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/j178/prek/releases/download/v0.4.3/prek-installer.ps1 | iex"

Install prebuilt binaries via Homebrew

brew install prek

Download prek 0.4.3

File	Platform	Checksum
prek-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
prek-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
prek-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
prek-i686-pc-windows-msvc.zip	x86 Windows	checksum
prek-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
prek-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
prek-i686-unknown-linux-gnu.tar.gz	x86 Linux	checksum

... (truncated)

Changelog

Sourced from prek's changelog.

0.4.3

Released on 2026-05-27.

Bug fixes

• Ignore stat-only hook rewrites (#2131)

Sponsorship

If prek saves time for you or your team, please consider sponsoring the project on GitHub Sponsors. It helps keep new features, performance work, and maintenance moving.

Contributors

• @​stevbev

0.4.2

Released on 2026-05-26.

Highlights

0.4.2 is mainly about making prek run faster in large repos.

prek now does less git diff work. After hooks run, prek uses diff checks to detect files changed by hooks. If a hook modifies files, prek marks that hook as failed. That is important, but full diff snapshots can be slow in big repos, especially when they happen after every hook group.

We skip the expensive diff path in two common cases: built-in hooks that prek knows are read-only, and clean worktrees where a cheap dirty check is enough unless a hook actually changes files. In the right large-repo workload, skipping that work can make runs up to 10x faster.

Workspace mode is faster too. Hooks have historically been too serial. Priority-based concurrency helped, but it required users to choose good priority values. Now sibling projects at the same workspace depth run in parallel automatically. Their files do not overlap, so this is safe and needs no extra config. For multi-project workspaces, this can dramatically reduce total hook time.

Sponsorship

If prek saves time for you or your team, please consider sponsoring the project on GitHub Sponsors. It helps keep new features, performance work, and maintenance moving.

Enhancements

... (truncated)

Commits

• 02bb73f Bump version to 0.4.3 (#2132)
• 0f64ff9 Ignore stat-only hook rewrites (#2131)
• de77cc9 Bump version to 0.4.2 (#2126)
• c54be46 Simplify hook progress folding (#2125)
• e908f82 Add link to comprehensive list of open-source projects using prek (#938)
• 7cd6ba4 Run same-depth projects concurrently (#2110)
• bbb3810 Lock file maintenance (#2123)
• 7d5282c Update Rust crate quick-xml to 0.40 (#2121)
• 97130ea Update dependency uv to v0.11.14 (#2118)
• 480f4bf Update pre-commit hook crate-ci/typos to v1.46.2 (#2120)
• Additional commits viewable in compare view

Updates ruff from 0.15.12 to 0.15.14

Release notes

Sourced from ruff's releases.

0.15.14

Release Notes

Released on 2026-05-21.

Preview features

• [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
• [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
• [pylint] Implement too-many-try-statements (W0717) (#23970)
• [ruff] Add incorrect-decorator-order (RUF074) (#23461)
• [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

• Fix lambda formatting in interpolated string expressions (#25144)
• Treat generic frozenset annotations as immutable (#25251)
• [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
• [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

• [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
• [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

• Avoid unnecessary parser lookahead for operators (#25290)

Documentation

• Update code example setting Neovim LSP log level (#25284)

Other changes

• Add full PEP 798 support (#25104)
• Add a parser recursion limit (#24810)
• Update various ruff_python_stdlib APIs (#25273)

Contributors

• @​ocaballeror
• @​lerebear
• @​samuelcolvin
• @​baltasarblanco
• @​aconal-com
• @​anishgirianish
• @​JelleZijlstra
• @​AlexWaygood
• @​ntBre

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.14

Released on 2026-05-21.

Preview features

• [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
• [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
• [pylint] Implement too-many-try-statements (W0717) (#23970)
• [ruff] Add incorrect-decorator-order (RUF074) (#23461)
• [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

• Fix lambda formatting in interpolated string expressions (#25144)
• Treat generic frozenset annotations as immutable (#25251)
• [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
• [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

• [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
• [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

• Avoid unnecessary parser lookahead for operators (#25290)

Documentation

• Update code example setting Neovim LSP log level (#25284)

Other changes

• Add full PEP 798 support (#25104)
• Add a parser recursion limit (#24810)
• Update various ruff_python_stdlib APIs (#25273)

Contributors

• @​ocaballeror
• @​lerebear
• @​samuelcolvin
• @​baltasarblanco
• @​aconal-com
• @​anishgirianish
• @​JelleZijlstra
• @​AlexWaygood
• @​ntBre
• @​adityasingh2400

... (truncated)

Commits

• 9ad2da3 Bump 0.15.14 (#25295)
• c714e84 [ty] Modernize setup of union types in mdtests (#25291)
• 8a8e35e [flake8-comprehensions] Skip C417 for lambdas with positional-only parame...
• aea5ed4 Avoid unnecessary parser lookahead for operators (#25290)
• e9d72bb [ty] Allow enum member accesses on self (#25077)
• 6cbd59b Set exclude-newer = "7 days" in our PEP-723 scripts (#25285)
• 9999a39 Update code example on how to update Neovim LSP log level (#25284)
• 67d8c54 [ty] Retain recursively-defined state in binary expressions (#25277)
• 25a3191 [ty] Refine Callable class-decorator fallback for unknown results (#25250)
• c423054 Add a recursion limit to the parser (#24810)
• Additional commits viewable in compare view

Updates mypy from 1.20.2 to 2.1.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 2.1

We’ve just uploaded mypy 2.1.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

librt.vecs: Fast Growable Array Type for Mypyc

The new librt.vecs module provides an efficient growable array type vec that is optimized for mypyc use. It provides fast, packed arrays with integer and floating point value types, which can be several times faster than list, and tens of times faster than array.array in code compiled using mypyc. It also supports nested vec objects and non-value-type items, such as vec[vec[str]].

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo.

librt.random: Fast Pseudo-Random Number Generation

The new librt.random module provides fast pseudo-random number generation that is optimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib random module in compiled code.

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo (PR 21433).

Mypyc Improvements

• Enable incremental self-compilation (Vaggelis Danias, PR 21369)
• Make compilation order with multiple files consistent (Piotr Sawicki, PR 21419)
• Fix crash on accessing StopAsyncIteration (Piotr Sawicki, PR 21406)
• Fix incremental compilation with separate flag (Vaggelis Danias, PR 21299)

Fixes to Crashes

• Fix crash on partial type with --allow-redefinition and global declaration (Jukka Lehtosalo, PR 21428)
• Fix broken awaitable generator patching (Ivan Levkivskyi, PR 21435)

... (truncated)

Commits

• c1c336d Remove +dev from version
• 74df14b Add changelog for mypy 2.1 (#21464)
• 022d9bc Revert "TypeForm: Enable by default (#21262)"
• 8826288 [mypyc] Document librt.random (#21463)
• 3f4067b Bump librt version to 0.11.0 (#21458)
• 2b1eb58 [mypyc] Enable incremental self-compilation (#21369)
• 8152f4a Respect file config comments for stale modules (#21444)
• 116d60b Fix nondeterminism from nonassociativity of overload joins (#21455)
• 6c4af8e Fix function call message change for small number of args (#21432)
• 4b8fdca [mypyc] Add librt.random module (#21433)
• Additional commits viewable in compare view

Updates ty from 0.0.32 to 0.0.39

Release notes

Sourced from ty's releases.

0.0.39

Release Notes

Released on 2026-05-22.

This release removes the Python 3.9 branches from our vendored standard library stubs. ty now only has "full" support for Python 3.10 and later, but will still report version-specific syntax errors and other diagnostics when --python-version 3.9 is provided via the CLI.

Bug fixes

• Avoid panicking on __new__ assignments to classes (#25282)
• Preserve declaration order when synthesizing class fields (#25249)
• Respect dict-compatible fallbacks in TypedDict unions (#25242)
• Retain recursively-defined state in binary expressions (#25277)

LSP server

• Add Quick Fix to remove redundant cast (#25211)
• Classify property declaration semantic tokens (#25322)
• Escape HTML syntax in docstring rendering (#25247)
• Prefer symbols from standard library over those of the same name from third party libraries for import completions. (#25108)
• Support type aliases in document symbols (#25302)

Diagnostics

• Add error context for extra callable parameters (#25269)

Performance

• Avoid exponential blow-up in fall-through narrowing (#25278)
• Speed up include filtering for projects with many literal include patterns (#25266)

Core type checking

• Allow enum member accesses on self (#25077)
• Emit a diagnostic for subclassing with order=True (#21704)
• Full-scope bidirectional inference for unconstrained container literals (#25279)
• Infer dict(TypedDict) as dict[str, object] (#24852)
• Refine Callable class-decorator fallback for unknown results (#25250)
• Reject incompatible explicit variance in generic base classes (#25327)
• Support multi-inference through type aliases (#25245)
• Sync vendored typeshed stubs (#25271, #25172)

Contributors

• @​ibraheemdev
• @​MatthewMckee4
• @​sqqueak
• @​lerebear

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.39

Released on 2026-05-22.

This release removes the Python 3.9 branches from our vendored standard library stubs. ty now only has "full" support for Python 3.10 and later, but will still report version-specific syntax errors and other diagnostics when --python-version 3.9 is provided via the CLI.

Bug fixes

• Avoid panicking on __new__ assignments to classes (#25282)
• Preserve declaration order when synthesizing class fields (#25249)
• Respect dict-compatible fallbacks in TypedDict unions (#25242)
• Retain recursively-defined state in binary expressions (#25277)

LSP server

• Add Quick Fix to remove redundant cast (#25211)
• Classify property declaration semantic tokens (#25322)
• Escape HTML syntax in docstring rendering (#25247)
• Prefer symbols from standard library over those of the same name from third party libraries for import completions. (#25108)
• Support type aliases in document symbols (#25302)

Diagnostics

• Add error context for extra callable parameters (#25269)

Performance

• Avoid exponential blow-up in fall-through narrowing (#25278)
• Speed up include filtering for projects with many literal include patterns (#25266)

Core type checking

• Allow enum member accesses on self (#25077)
• Emit a diagnostic for subclassing with order=True (#21704)
• Full-scope bidirectional inference for unconstrained container literals (#25279)
• Infer dict(TypedDict) as dict[str, object] (#24852)
• Refine Callable class-decorator fallback for unknown results (#25250)
• Reject incompatible explicit variance in generic base classes (#25327)
• Support multi-inference through type aliases (#25245)
• Sync vendored typeshed stubs (#25271, #25172)

Contributors

• @​ibraheemdev
• @​MatthewMckee4
• @​sqqueak
• @​lerebear
• @​sharkdp

... (truncated)

Commits

• 0205125 Bump version to 0.0.39 (#3516)
• ae8058d Update maturin to v1.13.3 (#3494)
• 33b60f8 Update prek dependencies (#3495)
• 1d3efc1 Bump version to 0.0.38 (#3492)
• f5100cc scripts/update_schemastore: use -C to allow re-running schema update on exist...
• f18aed6 Bump version to 0.0.37 (#3473)
• a63e559 Bump version to 0.0.36 (#3463)
• 94370d5 Update prek dependencies (#3449)
• bc12d1c Bump version to 0.0.35 (#3436)
• fb34d89 Build riscv64 manylinux binary (#3402)
• Additional commits viewable in compare view

Updates coverage from 7.13.5 to 7.14.1

Changelog

Sourced from coverage's changelog.

Version 7.14.1 — 2026-05-26

• Fix: the HTML report used typographic niceties to make file paths more readable by adding a small amount of space around slashes. Those spaces interfered with searching the page for file paths of interest. Now the report uses CSS to accomplish the same visual tweak so that searches with slashes work correctly. Closes issue 2170_.

• Add a 3.16 PyPI classifier <hugo-316_>_ since we test on the 3.16 main branch.

.. _issue 2170: coveragepy/coveragepy#2170 .. _hugo-316: https://mastodon.social/@​hugovk/116588523571204490

.. _changes_7-14-0:

Version 7.14.0 — 2026-05-10

• Feature: now when running one of the reporting commands, if there are parallel data files that need combining, they will be implicitly combined before creating the report. There is no option to avoid the combination; let us know if you have a use case that requires it. Thanks, Tim Hatch <pull 2162_>. Closes issue 1781.

• Fix: the output from combine was too verbose, listing each file considered. Now it shows a single line with the counts of files combined, files skipped, and files with errors. The -q flag suppresses this line. The old detailed lines are available with the new --debug=combine option.

• Fix: running a Python file through a symlink now sets the sys.path correctly, matching regular Python behavior. Fixes issue 2157_.

• Fix: Collector.flush_data could fail with "RuntimeError: Set changed size during iteration" when a tracer in another thread added a line to the per-file set that add_lines (or add_arcs) was iterating. The values passed to CoverageData are now snapshotted via dict.copy() and set.copy(), which are atomic under the GIL. Thanks, Alex Vandiver <pull 2165_>_.

• Fix: the soft keyword lazy is now bolded in HTML reports.

• We are no longer testing eventlet support. Eventlet started issuing stern deprecation warnings that break our tests. Our support code is still there.

.. _issue 1781: coveragepy/coveragepy#1781 .. _issue 2157: coveragepy/coveragepy#2157 .. _pull 2162: coveragepy/coveragepy#2162

... (truncated)

Commits

• 64d9b66 docs: correct the date for 7.14.1
• 6fa7dd4 chore: bump actions/dependency-review-action (#2181)
• 078afae docs: sample HTML for 7.14.1
• cb4f028 docs: prep for 7.14.1
• ae2d09f Merge branch 'nedbat/classifire-316-kits'
• 2c3568b build: declare 3.16 compatibility
• faa68f8 chore: bump github/codeql-action in the action-dependencies group (#2173)
• eb55fee test: we don't need PyPy < 7.3.22 anymore
• ac168fe test: the text summary should show missing
• fed4bd2 chore: upgrade virtualenv
• Additional commits viewable in compare view

Updates pytest-codspeed from 4.4.0 to 5.0.3

Release notes

Sourced from pytest-codspeed's releases.

v5.0.3

What's Changed

• chore: move callgrind skip obj API to instrument-hooks by @​not-matthias in CodSpeedHQ/pytest-codspeed#123

Full Changelog: CodSpeedHQ/pytest-codspeed@v5.0.2...v5.0.3

v5.0.2

What's Changed

• feat: skip Python runtime objects in callgrind by @​not-matthias in CodSpeedHQ/pytest-codspeed#122

Full Changelog: CodSpeedHQ/pytest-codspeed@v5.0.1...v5.0.2

v5.0.1

What's Changed

• build: enable free-threaded wheels in cibuildwheel by @​art049 in CodSpeedHQ/pytest-codspeed#121

Full Changelog: CodSpeedHQ/pytest-codspeed@v5.0.0...v5.0.1

v5.0.0

Highlights

MacOS walltime profiling is now available with the codspeed cli v4.16.1 and above.

pytest-codspeed can now be used in free threaded mode. This has been tested with 3.14t and 3.15t. For this, we have dropped usage of cffi in favor of the native extension support.

What's Changed

• chore: bump instrument-hooks by @​not-matthias in CodSpeedHQ/pytest-codspeed#119
• Remove CFFI in favor of native extension to support free-threaded mode by @​adriencaccia in CodSpeedHQ/pytest-codspeed#96
• feat(hooks): declare native extension free-thread safe by @​art049 in CodSpeedHQ/pytest-codspeed#120
• feat: use instrument-hook markers in walltime by @​GuillaumeLagrange in CodSpeedHQ/pytest-codspeed#118

Full Changelog: CodSpeedHQ/pytest-codspeed@v4.5.0...v5.0.0

v4.5.0

What's Changed

This release adds first support for macOS walltime.

Please note that profiling and other instruments are not yet available on macOS and will come in a later update.

• Support macos walltime without profiling in pytest-codspeed by @​GuillaumeLagrange in CodSpeedHQ/pytest-codspeed#117

Full Changelog: CodSpeedHQ/pytest-codspeed@v4.4.0...v4.5.0

Changelog

Sourced from pytest-codspeed's changelog.

[5.0.3] - 2026-05-22

🏗️ Refactor

• Use instrument_hooks_callgrind_add_obj_skip from C API by @​not-matthias in #123

[5.0.2] - 2026-05-14

🚀 Features

• Skip Python runtime objects in callgrind by @​not-matthias in #122

[5.0.1] - 2026-05-13

💼 Other

• Enable free-threaded wheels in cibuildwheel (#121) by @​art049 in #121

[5.0.0] - 2026-05-13

🚀 Features

• Use instrument_hooks markers in walltime by @​GuillaumeLagrange
• Declare native extension free-thread safe (#120) by @​art049 in #120
• Remove cffi in favor of native extension by @​adriencaccia

⚡ Performance

• Bind callgrind start/stop directly to avoid extra frame by @​art049 in #96

⚙️ Internals

• Ignore common compilation warnings for instrument-hooks by @​GuillaumeLagrange in #118
• Use unsigned bash in the macos test by @​GuillaumeLagrange
• Bump pinned uv version to 0.11.14 by @​art049
• Add python 3.15 and 3.15t to test matrix by @​art049
• Add 3.14.t in test suite by @​adriencaccia
• Bump instrument-hooks (#119) by @​not-matthias in #119

[4.5.0] - 2026-04-28

⚙️ Internals

• Pre-build macos binary by @​GuillaumeLagrange in #117
• Bump instrument-hooks submodule to use int32_t as pid by @​GuillaumeLagrange
• Add macos integration test by @​GuillaumeLagrange

Commits

• b2d12d8 Release v5.0.3 🚀
• 31447b7 refactor: use instrument_hooks_callgrind_add_obj_skip from C API
• fc33d20 Release v5.0.2 🚀
• 3bbabe4 feat: skip Python runtime objects in callgrind
• d4d9dc6 Release v5.0.1 🚀
• ad709a5 build: enable free-threaded wheels in cibuildwheel (#121)
• 080d620 Release v5.0.0 🚀
• befdebf chore: ignore common compilation warnings for instrument-hooks
• ee98055 chore: use unsigned bash in the macos test
• 5a205c8 feat: use instrument_hooks markers in walltime
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codspeed-hq]

Merging this PR will improve performance by 16.82%

⚠️ Different runtime environments detected

Some benchmarks with significant performance changes were compared across different runtime environments,
which may affect the accuracy of the results.

Open the report in CodSpeed to investigate

#### 🎉 Hooray! `pytest-codspeed` just leveled up to 5.0.3!

A heads-up, this is a breaking change and it might affect your current performance baseline a bit. But here's the exciting part - it's packed with new, cool features and promises improved result stability 🥳!
Curious about what's new? Visit our releases page to delve into all the awesome details about this new version.

⚡ 1 improved benchmark
✅ 1 untouched benchmark

Performance Changes

	Benchmark	BASE	HEAD	Efficiency
⚡	test_stutter[1.0-I love dogs-I l-love d-dogs]	132.1 µs	113 µs	+16.82%

Tip

Curious why this is faster? Comment @codspeedbot explain why this is faster on this PR, or directly use the CodSpeed MCP with your agent.

---

_{Comparing dependabot/uv/python-dependencies-e492149226 (b7a0dd3) with main (869a809)}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 88.29%. Comparing base (869a809) to head (b7a0dd3).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #157   +/-   ##
=======================================
  Coverage   88.29%   88.29%           
=======================================
  Files           3        3           
  Lines          94       94           
=======================================
  Hits           83       83           
  Misses         11       11           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.