Bump the "dependencies" group with 2 updates across multiple ecosystems

[dependabot]

Bumps the dependencies group with 5 updates:

Package	From	To
build	1.4.0	1.4.2
prek	0.3.4	0.3.8
coverage	7.13.4	7.13.5
tox-uv	1.33.0	1.34.0
setuptools	82.0.0	82.0.1

Updates build from 1.4.0 to 1.4.2

Release notes

Sourced from build's releases.

1.4.2

What's Changed

• fix(uv): always pass the python to use by @​henryiii in pypa/build#996
• 🐛 fix(release): detect pre-commit environment inconsistencies by @​gaborbernat in pypa/build#1001
• 🔧 fix(towncrier): match docstrfmt RST formatting expectations by @​gaborbernat in pypa/build#1002
• Fix _has_valid_outer_pip when pip is missing by @​notatallshaw in pypa/build#1003
• fix: release changelog issue by @​henryiii in pypa/build#1006

New Contributors

• @​notatallshaw made their first contribution in pypa/build#1003

Full Changelog: pypa/build@1.4.1...1.4.2

1.4.1

What's Changed

• Fix documentation grammar and typos by @​DimitriPapadopoulos in pypa/build#979
• Allow setting build constraints by @​layday in pypa/build#963
• fix: pip hack workaround by @​henryiii in pypa/build#980
• 📚 docs: reorganize using Diataxis framework by @​gaborbernat in pypa/build#988
• ✨ feat(ci): automate releases and harden workflows by @​gaborbernat in pypa/build#991
• chore: avoid template injection zizmor issue by @​henryiii in pypa/build#994
• chore: fix PR template by @​henryiii in pypa/build#995
• chore: fix fix job by @​henryiii in pypa/build#997
• 🐛 fix(ci): resolve pre-release auth failure and change detection by @​gaborbernat in pypa/build#999
• 🐛 fix(deps): add pre-commit to release dependency group by @​gaborbernat in pypa/build#1000

Full Changelog: pypa/build@1.4.0...1.4.1

Changelog

Sourced from build's changelog.

#################### 1.4.2 (2026-03-25) ####################

---

Bugfixes

---

• Ensure the uv installer uses the current version of Python, avoiding an issue if UV_PYTHON is set, for example. (:issue:977)
• Fix _has_valid_outer_pip returning True when pip is missing, causing build to try using a non-existent pip instead of falling back to virtualenv. (:issue:1003)

#################### 1.4.1 (2026-03-24) ####################

---

Features

---

• Allow setting build constraints - by :user:gaborbernat (:issue:963)
• Automate releases with pre-release workflow and trusted publishing - by :user:gaborbernat (:issue:991)

---

Documentation

---

• Fix documentation grammar and typos (:issue:979)
• Reorganize documentation using Diataxis framework - by :user:gaborbernat (:issue:988)
• Document release process and workflow security practices in contributing guide (:issue:991)

---

Miscellaneous

---

• :issue:991

---

Bugfixes

---

• Fix pip hack workaround - by :user:gaborbernat (:issue:980)

#################### 1.4.0 (2026-01-08) ####################

• Add --quiet flag (:pr:947)
• Add option to dump PEP 517 metadata with --metadata (:pr:940, :pr:943)

... (truncated)

Commits

• 7b7ae07 chore: prepare for 1.4.2
• 17f3b57 fix: release changelog issue (#1006)
• b945752 fix: _has_valid_outer_pip when pip is missing (#1003)
• 74ae997 🔧 fix(towncrier): match docstrfmt RST formatting expectations (#1002)
• 3786929 🐛 fix(release): detect pre-commit environment inconsistencies (#1001)
• 737bdb7 fix(uv): always pass the python to use (#996)
• bd88956 chore: prepare for 1.4.1
• 062e7e2 🐛 fix(deps): add pre-commit to release dependency group (#1000)
• 3d8e260 🐛 fix(ci): resolve pre-release auth failure and change detection (#999)
• f2a2610 chore: fix fix job (#997)
• Additional commits viewable in compare view

Updates prek from 0.3.4 to 0.3.8

Release notes

Sourced from prek's releases.

0.3.8

Release Notes

Released on 2026-03-23.

Enhancements

• Add experimental language: deno support (#1516)
• Add pretty-format-json as builtin hook (#915)
• Add check-vcs-permalinks as builtin hook (#1842)
• Add check-illegal-windows-names as builtin hook (#1841)
• Add check-shebang-scripts-are-executable builtin hook (#1847)
• Add destroyed-symlinks builtin hook (#1851)
• Add file-contents-sorter as builtin hook (#1846)
• Add --all flag to prek uninstall (#1817)
• Improve file pattern parse errors (#1829)
• Validate uv binary after download (#1825)

Bug fixes

• Fix workspace-relative added file paths (#1852)
• Relax alias-anchor ratio check for check-yaml (#1839)

Contributors

• @​j178
• @​shaanmajid
• @​mvanhorn
• @​feliblo
• @​Tiryoh

Install prek 0.3.8

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/j178/prek/releases/download/v0.3.8/prek-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/j178/prek/releases/download/v0.3.8/prek-installer.ps1 | iex"

Install prebuilt binaries via Homebrew

brew install prek

... (truncated)

Changelog

Sourced from prek's changelog.

0.3.8

Released on 2026-03-23.

Enhancements

• Add experimental language: deno support (#1516)
• Add pretty-format-json as builtin hook (#915)
• Add check-vcs-permalinks as builtin hook (#1842)
• Add check-illegal-windows-names as builtin hook (#1841)
• Add check-shebang-scripts-are-executable builtin hook (#1847)
• Add destroyed-symlinks builtin hook (#1851)
• Add file-contents-sorter as builtin hook (#1846)
• Add --all flag to prek uninstall (#1817)
• Improve file pattern parse errors (#1829)
• Validate uv binary after download (#1825)

Bug fixes

• Fix workspace-relative added file paths (#1852)
• Relax alias-anchor ratio check for check-yaml (#1839)

Contributors

• @​j178
• @​shaanmajid
• @​mvanhorn
• @​feliblo
• @​Tiryoh

0.3.7

Due to a release process failure, this version was republished as 0.3.8.

0.3.6

Released on 2026-03-16.

Enhancements

• Allow selectors for hook ids containing colons (#1782)
• Rename prek install-hooks to prek prepare-hooks and prek install --install-hooks to prek install --prepare-hooks (#1766)
• Retry auth-failed repo clones with terminal prompts enabled (#1761)

Performance

• Optimize detect_private_key by chunked reading and using aho-corasick (#1791)
• Optimize fix_byte_order_marker by shifting file contents in place (#1790)

Bug fixes

... (truncated)

Commits

• bb412c0 Bump version to 0.3.8 (#1858)
• 21de0b9 Fix permission for publish-npm
• 00e7be7 Clarify why check-illegal-windows-names stays builtin-only (#1857)
• 1dbec0c Bump version to 0.3.7 (#1856)
• ba62c04 Add pretty_format_json as builtin hook (#915)
• dbca904 Fix workspace-relative added file paths (#1852)
• 24f2d62 Add destroyed-symlinks builtin hook (#1851)
• fc529df Add check-shebang-scripts-are-executable builtin hook (#1847)
• addddb8 Add file-contents-sorter as builtin hook (#1846)
• cb3f71c Add check-vcs-permalinks as builtin hook (#1842)
• Additional commits viewable in compare view

Updates coverage from 7.13.4 to 7.13.5

Changelog

Sourced from coverage's changelog.

Version 7.13.5 — 2026-03-17

• Fix: issue 2138_ describes a memory leak that happened when repeatedly using the Coverage API with in-memory data. This is now fixed.

• Fix: the markdown-formatted coverage report didn't fully escape special characters in file paths (issue 2141). This would be very unlikely to cause a problem, but now it's done properly, thanks to Ellie Ayla <pull 2142_>.

• Fix: the C extension wouldn't build on VS2019, but now it does (issue 2145_).

.. _issue 2138: coveragepy/coveragepy#2138 .. _issue 2141: coveragepy/coveragepy#2141 .. _pull 2142: coveragepy/coveragepy#2142 .. _issue 2145: coveragepy/coveragepy#2145

.. _changes_7-13-4:

Commits

• c88da14 docs: sample HTML for 7.13.5
• e2ac3e1 build: sample HTML shouldn't include the status.json file
• 910f8f3 docs: prep for 7.13.5
• 3a4819c style: make workflows more uniform
• 2a53705 chore: bump the action-dependencies group across 1 directory with 4 updates (...
• e7c878d chore: make upgrade
• ab4db40 build: use --generate-hashes when pinning
• a438753 chore: make upgrade
• 7b33457 refactor: some leftover pyupgrade 3.10 bits
• 2ff968d refactor: this type wasn't used anywhere
• Additional commits viewable in compare view

Updates tox-uv from 1.33.0 to 1.34.0

Release notes

Sourced from tox-uv's releases.

1.34.0

What's Changed

• 🔒 ci(workflows): add zizmor security auditing by @​gaborbernat in tox-dev/tox-uv#317
• ✨ feat(runner): add PEP 723 inline script metadata support by @​gaborbernat in tox-dev/tox-uv#319

Full Changelog: tox-dev/tox-uv@1.33.4...1.34.0

1.33.4

What's Changed

• 🐛 fix(meta): remove tox_uv namespace conflict by @​gaborbernat in tox-dev/tox-uv#314

Full Changelog: tox-dev/tox-uv@1.33.3...1.33.4

1.33.3

What's Changed

• 🐛 fix(venv): reject non-Python env names as interpreter specs by @​gaborbernat in tox-dev/tox-uv#312
• 🐛 fix(venv): resolve env names with trailing digits correctly by @​gaborbernat in tox-dev/tox-uv#313

Full Changelog: tox-dev/tox-uv@1.33.2...1.33.3

1.33.2

What's Changed

• 🐛 fix(venv): resolve Python spec from env name when tox passes fallback path by @​gaborbernat in tox-dev/tox-uv#308

Full Changelog: tox-dev/tox-uv@1.33.1...1.33.2

1.33.1

What's Changed

• Move SECURITY.md to .github/SECURITY.md by @​gaborbernat in tox-dev/tox-uv#302
• 🐛 fix(venv): use virtualenv PythonInfo from new location by @​gaborbernat in tox-dev/tox-uv#303
• Add permissions to workflows by @​gaborbernat in tox-dev/tox-uv#299
• Add missing .github config files by @​gaborbernat in tox-dev/tox-uv#304
• Standardize .github files to .yaml suffix by @​gaborbernat in tox-dev/tox-uv#305

Full Changelog: tox-dev/tox-uv@1.33.0...1.33.1

Commits

• d9b72cf ✨ feat(runner): add PEP 723 inline script metadata support (#319)
• 0215281 [pre-commit.ci] pre-commit autoupdate (#318)
• 4deee33 🔒 ci(workflows): add zizmor security auditing (#317)
• 60d1fd6 [pre-commit.ci] pre-commit autoupdate (#316)
• 93eecc2 [pre-commit.ci] pre-commit autoupdate (#315)
• e0b9d0f 🐛 fix(meta): remove tox_uv namespace conflict (#314)
• 8cee50b 🐛 fix(venv): resolve env names with trailing digits correctly (#313)
• ff811cb 🐛 fix(venv): reject non-Python env names as interpreter specs (#312)
• ef8450c [pre-commit.ci] pre-commit autoupdate (#307)
• 906a243 🐛 fix(venv): resolve Python spec from env name when tox passes fallback path ...
• Additional commits viewable in compare view

Updates setuptools from 82.0.0 to 82.0.1

Changelog

Sourced from setuptools's changelog.

v82.0.1

Bugfixes

• Fix the loading of launcher manifest.xml file. (#5047)
• Replaced deprecated json.__version__ with fixture in tests. (#5186)

Improved Documentation

• Add advice about how to improve predictability when installing sdists. (#5168)

Misc

• #4941, #5157, #5169, #5175

Commits

• 5a13876 Bump version: 82.0.0 → 82.0.1
• 51ab8f1 Avoid using (deprecated) 'json.version' in tests (#5194)
• f9c37b2 Docs/CI: Fix intersphinx references (#5195)
• 8173db2 Docs: Fix intersphinx references
• 09bafbc Fix past tense on newsfragment
• 461ea56 Add news fragment
• c4ffe53 Avoid using (deprecated) 'json.version' in tests
• 749258b Cleanup pkg_resources dependencies and configuration (#5175)
• 2019c16 Parse ext-module.define-macros from pyproject.toml as list of tuples (#5169)
• b809c86 Sync setuptools schema with validate-pyproject (#5157)
• Additional commits viewable in compare view

Bumps the dependencies group with 1 update: j178/prek-action.

Updates j178/prek-action from 1.1.1 to 2.0.1

Release notes

Sourced from j178/prek-action's releases.

v2.0.1

What's Changed

• Remove redundant show-verbose-logs empty-string guard by @​shaanmajid in j178/prek-action#112
• Rename action.yaml to action.yml by @​shaanmajid in j178/prek-action#113
• Update known versions for prek 0.3.8 by @​j178 in j178/prek-action#114
• Remove update-known-versions job by @​j178 in j178/prek-action#115

Full Changelog: j178/prek-action@v2...v2.0.1

v2.0.0

What's Changed

• Completely rewritten in TypeScript for a more maintainable and modern implementation (#76)
• prek-version now supports semver ranges such as 0.3.x, with faster and more reliable version resolution (#81, #80, #92, #94, #100)
• Downloaded prek archives are now validated against known checksums before install (#83)
• Added show-verbose-logs to control whether verbose prek logs are printed after the run (#78)
• Improved caching behavior with an explicit cache input, a new cache-hit output, corrected cache path resolution, and fixes for redundant cache saves (#91, #102, #110, #111)
• Improved Windows install performance by optimizing ZIP extraction (#96)

Full Changelog: j178/prek-action@v1...v2.0.0

v2.0.0-beta.6

What's Changed

• Migrate formatting to Biome by @​j178 in j178/prek-action#103
• Modernize ESM build and test workflow by @​j178 in j178/prek-action#107
• Migrate tests to Vitest by @​j178 in j178/prek-action#109
• Update dependency esbuild to ^0.27.0 by @​renovate[bot] in j178/prek-action#108

Full Changelog: j178/prek-action@v2.0.0-beta.5...v2.0.0-beta.6

v2.0.0-beta.5

What's Changed

• Add version manifest file by @​j178 in j178/prek-action#101
• Move version manifest out of bundle by @​j178 in j178/prek-action#100
• Fix cache path resolution to match prek's own behavior by @​shaanmajid in j178/prek-action#102

Full Changelog: j178/prek-action@v2.0.0-beta.4...v2.0.0-beta.5

v2.0.0-beta.4

What's Changed

• Improve version resolution fast paths by @​j178 in j178/prek-action#94
• Optimize Windows zip extraction by @​j178 in j178/prek-action#96
• Improve manifest update PR details by @​j178 in j178/prek-action#97
• Update prek version manifest for prek 0.3.6 by @​github-actions[bot] in j178/prek-action#98

New Contributors

• @​github-actions[bot] made their first contribution in j178/prek-action#98

... (truncated)

Commits

• 53276d8 Remove update-known-versions job (#115)
• 3056648 Update known versions for prek 0.3.8 (#114)
• 1925043 Rename action.yaml to action.yml (#113)
• dc795aa Remove redundant show-verbose-logs empty-string guard (#112)
• 79f7655 Use prek-action@v2 in README (#99)
• b42be1f Add explicit cache input to enable/disable caching (#111)
• 7774ba8 Action interface cleanup: deprecate inputs, add cache-hit output, fix extra-a...
• ae5fe13 Update dependency esbuild to ^0.27.0 (#108)
• 69c8a2b Migrate tests to Vitest (#109)
• d75b145 Modernize ESM build and test workflow (#107)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions