deps(uv): bump the patch-and-minor group with 4 updates

[dependabot]

Bumps the patch-and-minor group with 4 updates: typer, prek, ruff and ty.

Updates typer from 0.25.1 to 0.26.1

Release notes

Sourced from typer's releases.

0.26.1

Fixes

• 🐛 Ensure that an envvar set for typer.Option works as expected. PR #1788 by @​svlandeg.

Internal

• ⬆ Bump python-dotenv from 1.2.1 to 1.2.2. PR #1714 by @​dependabot[bot].

0.26.0

Breaking Changes

• ➖ Vendor Click and streamline Typer's functionality and code base. PR #1774 by @​svlandeg.
  • Typer no longer depends on Click as a third party dependency, it vendors (includes the source code of) Click.
  • This simplifies the work done by both Click and Typer teams.
  • It allows Typer to evolve independently, and enables several new planned features.
  • It will solve several dependency conflict situations for projects that use some packages that depend on Click and some that depend on Typer.
  • This also means that Click-specific functionality is no longer supported, like extracting the Click app and adding Click-specific plug-ins, or customizing the field types with Click-specific types.
  • You can read more about it in the docs for Vendored Click.

Docs

• 📝 Update and simplify docs about help and management. PR #1778 by @​tiangolo.
• 📝 Update contributing docs, reference central docs. PR #1777 by @​tiangolo.
• 📝 Update security policy. PR #1775 by @​tiangolo.
• 📝 Update link syntax to minimal Markdown. PR #1623 by @​tiangolo.
• 📝 Update and simplify usage of admonitions. PR #1755 by @​tiangolo.

Internal

• 📌 Pin max version of Click to >= 8.2.1, < 8.4 temporarily to prevent incompatibilities. PR #1753 by @​tiangolo.
  • Superseded by vendoring Click.
• 👷 Configure Dependabot to group updates and update weekly. PR #1768 by @​YuriiMotov.
• 🔥 Remove config files now in central GitHub repo. PR #1780 by @​tiangolo.
• ⬆ Bump idna from 3.11 to 3.15. PR #1771 by @​dependabot[bot].
• ⬆ Bump pymdown-extensions from 10.21.2 to 10.21.3. PR #1772 by @​dependabot[bot].
• 📝 Fix categorization of PR 1475 in release notes. PR #1769 by @​svlandeg.
• ✅ Add Fish shell completion tests for colon options. PR #1475 by @​Mohamed-Elwasila.
• ✅ Extend completion unit tests for zsh, powershell and pwsh. PR #1767 by @​ADiTyaRaj8969.
• ⬆ Bump actions/github-script from 7.1.0 to 9.0.0. PR #1746 by @​dependabot[bot].
• 🔧 Fix GitHub link in docs. PR #1754 by @​tiangolo.
• ⬆️ Migrate to Zensical. PR #1470 by @​tiangolo.
• ⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR #1741 by @​dependabot[bot].
• 🔧 Remove unnecessary Ruff rule. PR #1752 by @​tiangolo.
• 🔒️ Add zizmor and fix audit findings. PR #1705 by @​YuriiMotov.
• 🔒️ Only allow team members to modify dependencies. PR #1744 by @​svlandeg.
• ⬆ Bump mypy from 2.0.0 to 2.1.0. PR #1742 by @​dependabot[bot].
• ⬆ Bump pydantic-settings from 2.14.0 to 2.14.1. PR #1739 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.34 to 0.0.35. PR #1740 by @​dependabot[bot].
• ⬆ Bump actions/add-to-project from 1.0.2 to 2.0.0. PR #1731 by @​dependabot[bot].

... (truncated)

Changelog

Sourced from typer's changelog.

0.26.1 (2026-05-26)

Fixes

• 🐛 Ensure that an envvar set for typer.Option works as expected. PR #1788 by @​svlandeg.

Internal

• ⬆ Bump python-dotenv from 1.2.1 to 1.2.2. PR #1714 by @​dependabot[bot].

0.26.0 (2026-05-26)

Breaking Changes

• ➖ Vendor Click and streamline Typer's functionality and code base. PR #1774 by @​svlandeg.
  • Typer no longer depends on Click as a third party dependency, it vendors (includes the source code of) Click.
  • This simplifies the work done by both Click and Typer teams.
  • It allows Typer to evolve independently, and enables several new planned features.
  • It will solve several dependency conflict situations for projects that use some packages that depend on Click and some that depend on Typer.
  • This also means that Click-specific functionality is no longer supported, like extracting the Click app and adding Click-specific plug-ins, or customizing the field types with Click-specific types.
  • You can read more about it in the docs for Vendored Click.

Docs

• 📝 Update and simplify docs about help and management. PR #1778 by @​tiangolo.
• 📝 Update contributing docs, reference central docs. PR #1777 by @​tiangolo.
• 📝 Update security policy. PR #1775 by @​tiangolo.
• 📝 Update link syntax to minimal Markdown. PR #1623 by @​tiangolo.
• 📝 Update and simplify usage of admonitions. PR #1755 by @​tiangolo.

Internal

• 📌 Pin max version of Click to >= 8.2.1, < 8.4 temporarily to prevent incompatibilities. PR #1753 by @​tiangolo.
  • Superseded by vendoring Click.
• 👷 Configure Dependabot to group updates and update weekly. PR #1768 by @​YuriiMotov.
• 🔥 Remove config files now in central GitHub repo. PR #1780 by @​tiangolo.
• ⬆ Bump idna from 3.11 to 3.15. PR #1771 by @​dependabot[bot].
• ⬆ Bump pymdown-extensions from 10.21.2 to 10.21.3. PR #1772 by @​dependabot[bot].
• 📝 Fix categorization of PR 1475 in release notes. PR #1769 by @​svlandeg.
• ✅ Add Fish shell completion tests for colon options. PR #1475 by @​Mohamed-Elwasila.
• ✅ Extend completion unit tests for zsh, powershell and pwsh. PR #1767 by @​ADiTyaRaj8969.
• ⬆ Bump actions/github-script from 7.1.0 to 9.0.0. PR #1746 by @​dependabot[bot].
• 🔧 Fix GitHub link in docs. PR #1754 by @​tiangolo.
• ⬆️ Migrate to Zensical. PR #1470 by @​tiangolo.
• ⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR #1741 by @​dependabot[bot].
• 🔧 Remove unnecessary Ruff rule. PR #1752 by @​tiangolo.
• 🔒️ Add zizmor and fix audit findings. PR #1705 by @​YuriiMotov.
• 🔒️ Only allow team members to modify dependencies. PR #1744 by @​svlandeg.
• ⬆ Bump mypy from 2.0.0 to 2.1.0. PR #1742 by @​dependabot[bot].
• ⬆ Bump pydantic-settings from 2.14.0 to 2.14.1. PR #1739 by @​dependabot[bot].

... (truncated)

Commits

• 8c70d49 🔖 Release version 0.26.1
• 75ee927 📝 Update release notes
• 3028854 🐛 Ensure that an envvar set for typer.Option works as expected (#1788)
• 959a356 📝 Update release notes
• a79de20 ⬆ Bump python-dotenv from 1.2.1 to 1.2.2 (#1714)
• 8f44149 📝 Update release notes
• d88415f 📝 Update release notes
• d31a597 🔖 Release version 0.26.0
• 6b13660 📝 Update release notes
• c95e3a4 📝 Update release notes
• Additional commits viewable in compare view

Updates prek from 0.4.0 to 0.4.2

Release notes

Sourced from prek's releases.

0.4.2

Release Notes

Released on 2026-05-26.

Highlights

0.4.2 is mainly about making prek run faster in large repos.

prek now does less git diff work. After hooks run, prek uses diff checks to detect files changed by hooks. If a hook modifies files, prek marks that hook as failed. That is important, but full diff snapshots can be slow in big repos, especially when they happen after every hook group.

We skip the expensive diff path in two common cases: built-in hooks that prek knows are read-only, and clean worktrees where a cheap dirty check is enough unless a hook actually changes files. In the right large-repo workload, skipping that work can make runs up to 10x faster.

Workspace mode is faster too. Hooks have historically been too serial. Priority-based concurrency helped, but it required users to choose good priority values. Now sibling projects at the same workspace depth run in parallel automatically. Their files do not overlap, so this is safe and needs no extra config. For multi-project workspaces, this can dramatically reduce total hook time.

Sponsorship

If prek saves time for you or your team, please consider sponsoring the project on GitHub Sponsors. It helps keep new features, performance work, and maintenance moving.

Enhancements

• Run same-depth projects concurrently (#2110)
• Make rustup install profile configurable (#2111)
• Simplify hook progress folding (#2125)

Performance

• Optimize diff checks for clean worktrees (#2109)
• Skip diff checks for read-only hooks (#2108)

Contributors

• @​j178
• @​Carlomus

Install prek 0.4.2

... (truncated)

Changelog

Sourced from prek's changelog.

0.4.2

Released on 2026-05-26.

Highlights

0.4.2 is mainly about making prek run faster in large repos.

prek now does less git diff work. After hooks run, prek uses diff checks to detect files changed by hooks. If a hook modifies files, prek marks that hook as failed. That is important, but full diff snapshots can be slow in big repos, especially when they happen after every hook group.

We skip the expensive diff path in two common cases: built-in hooks that prek knows are read-only, and clean worktrees where a cheap dirty check is enough unless a hook actually changes files. In the right large-repo workload, skipping that work can make runs up to 10x faster.

Workspace mode is faster too. Hooks have historically been too serial. Priority-based concurrency helped, but it required users to choose good priority values. Now sibling projects at the same workspace depth run in parallel automatically. Their files do not overlap, so this is safe and needs no extra config. For multi-project workspaces, this can dramatically reduce total hook time.

Sponsorship

If prek saves time for you or your team, please consider sponsoring the project on GitHub Sponsors. It helps keep new features, performance work, and maintenance moving.

Enhancements

• Run same-depth projects concurrently (#2110)
• Make rustup install profile configurable (#2111)
• Simplify hook progress folding (#2125)

Performance

• Optimize diff checks for clean worktrees (#2109)
• Skip diff checks for read-only hooks (#2108)

Contributors

• @​j178
• @​Carlomus

0.4.1

Released on 2026-05-20.

... (truncated)

Commits

• de77cc9 Bump version to 0.4.2 (#2126)
• c54be46 Simplify hook progress folding (#2125)
• e908f82 Add link to comprehensive list of open-source projects using prek (#938)
• 7cd6ba4 Run same-depth projects concurrently (#2110)
• bbb3810 Lock file maintenance (#2123)
• 7d5282c Update Rust crate quick-xml to 0.40 (#2121)
• 97130ea Update dependency uv to v0.11.14 (#2118)
• 480f4bf Update pre-commit hook crate-ci/typos to v1.46.2 (#2120)
• 8686776 Update dependency PyO3/maturin to v1.13.3 (#2117)
• c1467f2 Update GitHub Actions (#2119)
• Additional commits viewable in compare view

Updates ruff from 0.15.13 to 0.15.14

Release notes

Sourced from ruff's releases.

0.15.14

Release Notes

Released on 2026-05-21.

Preview features

• [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
• [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
• [pylint] Implement too-many-try-statements (W0717) (#23970)
• [ruff] Add incorrect-decorator-order (RUF074) (#23461)
• [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

• Fix lambda formatting in interpolated string expressions (#25144)
• Treat generic frozenset annotations as immutable (#25251)
• [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
• [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

• [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
• [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

• Avoid unnecessary parser lookahead for operators (#25290)

Documentation

• Update code example setting Neovim LSP log level (#25284)

Other changes

• Add full PEP 798 support (#25104)
• Add a parser recursion limit (#24810)
• Update various ruff_python_stdlib APIs (#25273)

Contributors

• @​ocaballeror
• @​lerebear
• @​samuelcolvin
• @​baltasarblanco
• @​aconal-com
• @​anishgirianish
• @​JelleZijlstra
• @​AlexWaygood
• @​ntBre

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.14

Released on 2026-05-21.

Preview features

• [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
• [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
• [pylint] Implement too-many-try-statements (W0717) (#23970)
• [ruff] Add incorrect-decorator-order (RUF074) (#23461)
• [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

• Fix lambda formatting in interpolated string expressions (#25144)
• Treat generic frozenset annotations as immutable (#25251)
• [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
• [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

• [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
• [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

• Avoid unnecessary parser lookahead for operators (#25290)

Documentation

• Update code example setting Neovim LSP log level (#25284)

Other changes

• Add full PEP 798 support (#25104)
• Add a parser recursion limit (#24810)
• Update various ruff_python_stdlib APIs (#25273)

Contributors

• @​ocaballeror
• @​lerebear
• @​samuelcolvin
• @​baltasarblanco
• @​aconal-com
• @​anishgirianish
• @​JelleZijlstra
• @​AlexWaygood
• @​ntBre
• @​adityasingh2400

... (truncated)

Commits

• 9ad2da3 Bump 0.15.14 (#25295)
• c714e84 [ty] Modernize setup of union types in mdtests (#25291)
• 8a8e35e [flake8-comprehensions] Skip C417 for lambdas with positional-only parame...
• aea5ed4 Avoid unnecessary parser lookahead for operators (#25290)
• e9d72bb [ty] Allow enum member accesses on self (#25077)
• 6cbd59b Set exclude-newer = "7 days" in our PEP-723 scripts (#25285)
• 9999a39 Update code example on how to update Neovim LSP log level (#25284)
• 67d8c54 [ty] Retain recursively-defined state in binary expressions (#25277)
• 25a3191 [ty] Refine Callable class-decorator fallback for unknown results (#25250)
• c423054 Add a recursion limit to the parser (#24810)
• Additional commits viewable in compare view

Updates ty from 0.0.38 to 0.0.39

Release notes

Sourced from ty's releases.

0.0.39

Release Notes

Released on 2026-05-22.

This release removes the Python 3.9 branches from our vendored standard library stubs. ty now only has "full" support for Python 3.10 and later, but will still report version-specific syntax errors and other diagnostics when --python-version 3.9 is provided via the CLI.

Bug fixes

• Avoid panicking on __new__ assignments to classes (#25282)
• Preserve declaration order when synthesizing class fields (#25249)
• Respect dict-compatible fallbacks in TypedDict unions (#25242)
• Retain recursively-defined state in binary expressions (#25277)

LSP server

• Add Quick Fix to remove redundant cast (#25211)
• Classify property declaration semantic tokens (#25322)
• Escape HTML syntax in docstring rendering (#25247)
• Prefer symbols from standard library over those of the same name from third party libraries for import completions. (#25108)
• Support type aliases in document symbols (#25302)

Diagnostics

• Add error context for extra callable parameters (#25269)

Performance

• Avoid exponential blow-up in fall-through narrowing (#25278)
• Speed up include filtering for projects with many literal include patterns (#25266)

Core type checking

• Allow enum member accesses on self (#25077)
• Emit a diagnostic for subclassing with order=True (#21704)
• Full-scope bidirectional inference for unconstrained container literals (#25279)
• Infer dict(TypedDict) as dict[str, object] (#24852)
• Refine Callable class-decorator fallback for unknown results (#25250)
• Reject incompatible explicit variance in generic base classes (#25327)
• Support multi-inference through type aliases (#25245)
• Sync vendored typeshed stubs (#25271, #25172)

Contributors

• @​ibraheemdev
• @​MatthewMckee4
• @​sqqueak
• @​lerebear

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.39

Released on 2026-05-22.

This release removes the Python 3.9 branches from our vendored standard library stubs. ty now only has "full" support for Python 3.10 and later, but will still report version-specific syntax errors and other diagnostics when --python-version 3.9 is provided via the CLI.

Bug fixes

• Avoid panicking on __new__ assignments to classes (#25282)
• Preserve declaration order when synthesizing class fields (#25249)
• Respect dict-compatible fallbacks in TypedDict unions (#25242)
• Retain recursively-defined state in binary expressions (#25277)

LSP server

• Add Quick Fix to remove redundant cast (#25211)
• Classify property declaration semantic tokens (#25322)
• Escape HTML syntax in docstring rendering (#25247)
• Prefer symbols from standard library over those of the same name from third party libraries for import completions. (#25108)
• Support type aliases in document symbols (#25302)

Diagnostics

• Add error context for extra callable parameters (#25269)

Performance

• Avoid exponential blow-up in fall-through narrowing (#25278)
• Speed up include filtering for projects with many literal include patterns (#25266)

Core type checking

• Allow enum member accesses on self (#25077)
• Emit a diagnostic for subclassing with order=True (#21704)
• Full-scope bidirectional inference for unconstrained container literals (#25279)
• Infer dict(TypedDict) as dict[str, object] (#24852)
• Refine Callable class-decorator fallback for unknown results (#25250)
• Reject incompatible explicit variance in generic base classes (#25327)
• Support multi-inference through type aliases (#25245)
• Sync vendored typeshed stubs (#25271, #25172)

Contributors

• @​ibraheemdev
• @​MatthewMckee4
• @​sqqueak
• @​lerebear
• @​sharkdp

... (truncated)

Commits

• 0205125 Bump version to 0.0.39 (#3516)
• ae8058d Update maturin to v1.13.3 (#3494)
• 33b60f8 Update prek dependencies (#3495)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions