Bump the python group across 1 directory with 6 updates

[dependabot]

Bumps the python group with 6 updates in the / directory:

Package	From	To
pydantic	2.13.3	2.13.4
typer	0.25.0	0.25.1
prek	0.3.11	0.3.13
ty	0.0.32	0.0.34
tox	4.53.0	4.53.1
tox-uv	1.35.1	1.35.2

Updates pydantic from 2.13.3 to 2.13.4

Release notes

Sourced from pydantic's releases.

v2.13.4 2026-05-06

v2.13.4 (2026-05-06)

What's Changed

Packaging

• Bump libc from 0.2.155 to 0.2.185 by @​Viicos in #13109
• Adapt pydantic-core linker flags on macOS by @​washingtoneg and @​Viicos in #13147

Fixes

• Preserve RootModel core metadata by @​Viicos in #13129

Full Changelog: pydantic/pydantic@v2.13.3...v2.13.4

Changelog

Sourced from pydantic's changelog.

v2.13.4 (2026-05-06)

GitHub release

What's Changed

Packaging

• Bump libc from 0.2.155 to 0.2.185 by @​Viicos in #13109
• Adapt pydantic-core linker flags on macOS by @​washingtoneg and @​Viicos in #13147

Fixes

• Preserve RootModel core metadata by @​Viicos in #13129

Commits

• cf67d4b Fix linting
• f0d8a21 Prepare release v2.13.4
• 5e3fe1d Check for pydantic tag pattern in CI
• 7f9edcc Document tagging conventions
• b46a0c9 Adapt pydantic-core linker flags on macOS
• 50629c8 Update to PyPy 7.3.22
• 8522ebb Preserve RootModel core metadata
• a37f3af Adapt MISSING sentinel test to work with unreleased typing_extensions ver...
• 909259a Remove Logfire example in documentation
• 2c4174c Bump libc from 0.2.155 to 0.2.185
• See full diff in compare view

Updates typer from 0.25.0 to 0.25.1

Release notes

Sourced from typer's releases.

0.25.1

Features

• 🔧 Add Typer Library Skill for Agents. PR #1620 by @​svlandeg.

Internal

• ⬆ Bump ruff from 0.15.11 to 0.15.12. PR #1722 by @​dependabot[bot].
• ⬆ Bump prek from 0.3.10 to 0.3.11. PR #1723 by @​dependabot[bot].

Changelog

Sourced from typer's changelog.

0.25.1 (2026-04-30)

Features

• 🔧 Add Typer Library Skill for Agents. PR #1620 by @​svlandeg.

Internal

• ⬆ Bump ruff from 0.15.11 to 0.15.12. PR #1722 by @​dependabot[bot].
• ⬆ Bump prek from 0.3.10 to 0.3.11. PR #1723 by @​dependabot[bot].

Commits

• cfcc2ef 🔖 Release version 0.25.1
• 13846cc 📝 Update release notes
• a437469 🔧 Add Typer Library Skill for Agents (#1620)
• ba6cc2c 📝 Update release notes
• 0f3ead0 ⬆ Bump ruff from 0.15.11 to 0.15.12 (#1722)
• db4ade6 📝 Update release notes
• 5a5206c ⬆ Bump prek from 0.3.10 to 0.3.11 (#1723)
• See full diff in compare view

Updates prek from 0.3.11 to 0.3.13

Release notes

Sourced from prek's releases.

0.3.13

Release Notes

Released on 2026-05-06.

Bug fixes

• Respect hook filters for message files (#2049)

Documentation

• Add Godot Engine to users in README (#2047)

Contributors

• @​j178
• @​Calinou

Install prek 0.3.13

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/j178/prek/releases/download/v0.3.13/prek-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/j178/prek/releases/download/v0.3.13/prek-installer.ps1 | iex"

Install prebuilt binaries via Homebrew

brew install prek

Download prek 0.3.13

File	Platform	Checksum
prek-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
prek-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
prek-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
prek-i686-pc-windows-msvc.zip	x86 Windows	checksum
prek-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
prek-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
prek-i686-unknown-linux-gnu.tar.gz	x86 Linux	checksum
prek-riscv64gc-unknown-linux-gnu.tar.gz	RISCV Linux	checksum

... (truncated)

Changelog

Sourced from prek's changelog.

0.3.13

Released on 2026-05-06.

Bug fixes

• Respect hook filters for message files (#2049)

Documentation

• Add Godot Engine to users in README (#2047)

Contributors

• @​j178
• @​Calinou

0.3.12

Released on 2026-05-05.

Highlights

auto_update.cooldown_days is now available in both the user-level global config (~/.config/prek/prek.toml on Linux and macOS, or $XDG_CONFIG_HOME/prek/prek.toml when set; %APPDATA%\prek\prek.toml on Windows) and project config. Set a user default for prek auto-update, then override it per project when a repository needs a different update cadence.

[auto_update]
cooldown_days = 7

Enhancements

• Add global auto-update cooldown config (#2041)
• Add project auto-update cooldown config (#2044)
• Support language: dart (#1146)

Bug fixes

• Pass commit message file to workspace hooks (#2043)
• Preserve non-UTF8 filenames from git (#2023)
• ruby: put resolved Ruby's bin dir on $PATH for gem invocations (#2021)

Documentation

• Update docs with the new logo and icon (#2025)
• Point schema docs to SchemaStore (#2039)

... (truncated)

Commits

• 81b290e Bump version to 0.3.13 (#2050)
• 3f5e5c6 Respect hook filters for message files (#2049)
• 1fab887 Add Godot Engine to users in README (#2047)
• 93a71e0 Remove deleted dist/post/index.cjs from publish prek version workflow (#2046)
• 56d6d0c Bump version to 0.3.12 (#2045)
• 5f94f6f Add project auto-update cooldown config (#2044)
• c52833e Add global auto-update cooldown
• 8af3054 Pass commit message file to workspace hooks (#2043)
• 1bf54f5 Update Rust crate serde-saphyr to 0.0.25 (#2036)
• 8c9761a Bump rand to 0.9.4 (#2040)
• Additional commits viewable in compare view

Updates ty from 0.0.32 to 0.0.34

Release notes

Sourced from ty's releases.

0.0.34

Release Notes

Released on 2026-05-01.

Bug fixes

• Avoid panic in recursive protocol signature comparisons (#24665)
• Avoid panics for syntax error targets in invalid unpacking assignments (#24663)
• Fix unbounded type growth in nested-typevar substitutions (#24803)
• Prevent string annotation tokens from leaking across notebook cells (#24919)
• Support reference finding in stringified annotations (#24956)

LSP server

• Add hover support for PEP 695 type aliases (#24926)
• Offer string literal completion suggestions based on expected type (#24555)
• Support Go-to Definition, Go-To Declaration, and Find References for TypedDict and NamedTuple initializers (#24897)
• Support Annotated metadata in semantic tokens (#24890)

Core type checking

• Add support for functools.partial (#24582)
• Fix ParamSpec defaults and alias variance (#24479)
• Fix TypeIs assignability with gradual types (#24928)
• Infer dict(**TypedDict) in TypedDict context (#24709)
• Support infer_variance for legacy TypeVar (#24930)
• Support variance keywords in ParamSpec (#24927)
• Sync vendored typeshed stubs (#24952). Typeshed diff
• Unpack Union of TypedDict in various sites (#24958)

Diagnostics

• Add missing error context node for protocol to protocol assignability (#24905)
• Show a diagnostic for unsupported inferred Python version (#24581)

Performance

• Lazily build TypeVar accumulations (#24782)

Contributors

• @​sharkdp
• @​MichaReiser
• @​lerebear
• @​MatthewMckee4
• @​charliermarsh
• @​mtshiba
• @​Minibrams
• @​denyszhak

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.34

Released on 2026-05-01.

Bug fixes

• Avoid panic in recursive protocol signature comparisons (#24665)
• Avoid panics for syntax error targets in invalid unpacking assignments (#24663)
• Fix unbounded type growth in nested-typevar substitutions (#24803)
• Prevent string annotation tokens from leaking across notebook cells (#24919)
• Support reference finding in stringified annotations (#24956)

LSP server

• Add hover support for PEP 695 type aliases (#24926)
• Offer string literal completion suggestions based on expected type (#24555)
• Support Go-to Definition, Go-To Declaration, and Find References for TypedDict and NamedTuple initializers (#24897)
• Support Annotated metadata in semantic tokens (#24890)

Core type checking

• Add support for functools.partial (#24582)
• Fix ParamSpec defaults and alias variance (#24479)
• Fix TypeIs assignability with gradual types (#24928)
• Infer dict(**TypedDict) in TypedDict context (#24709)
• Support infer_variance for legacy TypeVar (#24930)
• Support variance keywords in ParamSpec (#24927)
• Sync vendored typeshed stubs (#24952). Typeshed diff
• Unpack Union of TypedDict in various sites (#24958)

Diagnostics

• Add missing error context node for protocol to protocol assignability (#24905)
• Show a diagnostic for unsupported inferred Python version (#24581)

Performance

• Lazily build TypeVar accumulations (#24782)

Contributors

• @​sharkdp
• @​MichaReiser
• @​lerebear
• @​MatthewMckee4
• @​charliermarsh
• @​mtshiba
• @​Minibrams
• @​denyszhak

... (truncated)

Commits

• d00448e Bump version to 0.0.34 (#3392)
• e9e4c90 docs: Reference correct issue in FAQ regarding strict mode (#3385)
• 1b70eae Release: move 'diagnostics' section further down (#3373)
• d439e37 CHANGELOG: Rename to 'Notable changes' (#3372)
• c512d84 Bump version to 0.0.33 (#3368)
• 4cd7b33 Upgrade Depot runners from macOS 14 to 15 (#3363)
• c78b832 Update rui314/setup-mold digest to 9c9c13b (#3342)
• dea3381 Update actions/cache action to v5.0.5 (#3343)
• d451af4 update typing-features and faqs (#3335)
• 052d70b Update prek dependencies (#3344)
• Additional commits viewable in compare view

Updates tox from 4.53.0 to 4.53.1

Release notes

Sourced from tox's releases.

v4.53.1

What's Changed

• 🐛 fix(security): harden user-facing logs and untrusted inputs by @​gaborbernat in tox-dev/tox#3924
• 🐛 fix(type): correct argparse override signatures for ty 0.0.33 by @​gaborbernat in tox-dev/tox#3932
• fix: allow deps arrays in TOML schema by @​cyphercodes in tox-dev/tox#3931

New Contributors

• @​cyphercodes made their first contribution in tox-dev/tox#3931

Full Changelog: tox-dev/tox@4.53.0...4.53.1

Changelog

Sourced from tox's changelog.

Bug fixes - 4.53.1

• Hardening pass on user-facing logging and config parsing:

  • Mask secret-looking --key=value flag values in command logs (terminal warnings, .tox/<env>/log/*.log, and Outcome __repr__) using the same keyword regex previously applied to environment variable values.
  • Resolve PEP 723 script paths and reject any that escape tox_root; cap the script read at 5 MiB so a symlink to /dev/zero cannot exhaust memory.
  • Replace eval() of a constructed Literal[...] string in the CLI parser with a direct Literal[tuple(action.choices)] subscript.
  • Pass timeout=30 to urlopen when fetching a remote requirements file so a slow or unresponsive mirror cannot hang tox indefinitely. (:issue:3924)

• Allow the generated TOML schema to validate array values for deps. (:issue:3929)

• Correct type annotations for ArgumentParser.parse_args and parse_known_args overrides following typeshed PR [#15613](https://github.com/tox-dev/tox/issues/15613) <https://github.com/python/typeshed/pull/15613>_, which widened the args parameter from Sequence[str] to Iterable[str]. The narrower type in tox's overrides violated the Liskov substitution principle and caused invalid-method-override errors with ty 0.0.33. Also correct the option_spec annotation in docs/tox_conf.py to ClassVar[dict[str, Callable[[str], Any]]] matching the docutils stubs type. (:issue:3932)

---

v4.53.0 (2026-04-14)

---

Commits

• 2b17791 release 4.53.1
• 86234dd fix: allow deps arrays in TOML schema (#3931)
• dd305fe 🐛 fix(type): correct argparse override signatures for ty 0.0.33 (#3932)
• 3aa3cd5 [pre-commit.ci] pre-commit autoupdate
• 59b6cd2 build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 (#3928)
• 3765fcd [pre-commit.ci] pre-commit autoupdate (#3927)
• b76c383 build(deps): bump actions/cache from 5.0.4 to 5.0.5 (#3926)
• 7b0ad94 build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#3925)
• 4dcde44 🐛 fix(security): harden user-facing logs and untrusted inputs (#3924)
• See full diff in compare view

Updates tox-uv from 1.35.1 to 1.35.2

Release notes

Sourced from tox-uv's releases.

1.35.2

What's Changed

• Honor constraints opt for all packages by @​stephenfin in tox-dev/tox-uv#332
• 🐛 fix(lock): honor --recreate in uv-venv-lock-runner by @​gaborbernat in tox-dev/tox-uv#338

New Contributors

• @​stephenfin made their first contribution in tox-dev/tox-uv#332

Full Changelog: tox-dev/tox-uv@1.35.1...1.35.2

Commits

• 595721d 🐛 fix(lock): honor --recreate in uv-venv-lock-runner (#338)
• 1026808 [pre-commit.ci] pre-commit autoupdate (#337)
• 3f7ea4d [pre-commit.ci] pre-commit autoupdate (#334)
• f976fc1 build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 (#333)
• c0fabe3 Honor constraints opt for all packages (#332)
• d4aa96d [pre-commit.ci] pre-commit autoupdate (#331)
• ac78519 build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#329)
• 8bab9b8 [pre-commit.ci] pre-commit autoupdate (#328)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions