{"id":9841,"name":"zizmor","ecosystem":"pip","repository_url":"https://github.com/zizmorcore/zizmor","issues_count":171,"created_at":"2025-06-06T22:39:48.113Z","updated_at":"2025-06-06T22:39:48.113Z","purl":"pkg:pypi/zizmor","metadata":{"id":11119629,"name":"zizmor","ecosystem":"pypi","description":"Static analysis for GitHub Actions","homepage":"https://docs.zizmor.sh","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/zizmorcore/zizmor","keywords_array":["cli","github-actions","static-analysis","security"],"namespace":null,"versions_count":25,"first_release_published_at":"2024-12-06T23:06:42.000Z","latest_release_published_at":"2025-05-30T21:38:18.000Z","latest_release_number":"1.9.0","last_synced_at":"2025-06-04T16:21:34.785Z","created_at":"2024-12-06T23:15:26.792Z","updated_at":"2025-06-04T16:23:39.942Z","registry_url":"https://pypi.org/project/zizmor/","install_command":"pip install zizmor --index-url https://pypi.org/simple","documentation_url":"https://zizmor.readthedocs.io/","metadata":{"funding":null,"documentation":null,"classifiers":[],"normalized_name":"zizmor"},"repo_metadata":{"id":259762955,"uuid":"844670429","full_name":"zizmorcore/zizmor","owner":"zizmorcore","description":"Static analysis for GitHub Actions","archived":false,"fork":false,"pushed_at":"2025-06-04T03:13:50.000Z","size":1814,"stargazers_count":2661,"open_issues_count":63,"forks_count":78,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-06-04T10:05:59.802Z","etag":null,"topics":["github-actions","security","security-tools","static-analysis"],"latest_commit_sha":null,"homepage":"http://docs.zizmor.sh/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zizmorcore.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":"support/archive-release.sh","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"woodruffw","thanks_dev":"u/gh/woodruffw","ko_fi":"woodruffw"}},"created_at":"2024-08-19T18:26:28.000Z","updated_at":"2025-06-04T04:43:10.000Z","dependencies_parsed_at":"2024-10-27T22:31:19.349Z","dependency_job_id":"a14b5e65-9b35-4413-82d6-73d448acc350","html_url":"https://github.com/zizmorcore/zizmor","commit_stats":{"total_commits":305,"total_committers":22,"mean_commits":"13.863636363636363","dds":"0.22295081967213115","last_synced_commit":"bb463f779ff5ab7dcc6e71df33d639241fa8fca8"},"previous_names":["woodruffw/zizmor","zizmorcore/zizmor"],"tags_count":53,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zizmorcore","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":257993950,"owners_count":22633517,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"zizmorcore","name":"zizmor","uuid":"210636713","kind":"organization","description":"The official home of zizmor and associated projects. Now you can have beautiful clean workflows!","email":null,"website":null,"location":"United States of America","twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/210636713?v=4","repositories_count":1,"last_synced_at":"2025-05-09T13:56:26.135Z","metadata":{"has_sponsors_listing":false,"funding":{"github":"woodruffw","thanks_dev":"u/gh/woodruffw","ko_fi":"woodruffw"}},"html_url":"https://github.com/zizmorcore","funding_links":["https://github.com/sponsors/woodruffw","https://thanks.dev/u/gh/woodruffw","https://ko-fi.com/woodruffw"],"total_stars":11,"followers":4,"following":0,"created_at":"2025-05-09T13:56:26.157Z","updated_at":"2025-05-09T13:56:26.157Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zizmorcore","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zizmorcore/repositories"},"tags":[{"name":"yamlpath/v0.20.0","sha":"db772fe97d1252dd24f343ebf0fd6720d7f6f497","kind":"commit","published_at":"2025-06-03T16:54:19.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/yamlpath/v0.20.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/yamlpath/v0.20.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/yamlpath%2Fv0.20.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/yamlpath%2Fv0.20.0/manifests"},{"name":"github-actions-expressions/v0.0.5","sha":"db772fe97d1252dd24f343ebf0fd6720d7f6f497","kind":"commit","published_at":"2025-06-03T16:54:19.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/github-actions-expressions/v0.0.5","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/github-actions-expressions/v0.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/github-actions-expressions%2Fv0.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/github-actions-expressions%2Fv0.0.5/manifests"},{"name":"github-actions-models/v0.30.0","sha":"a4a657f9bec0aced315811dc9983f703ee0d4e1b","kind":"commit","published_at":"2025-06-02T18:34:06.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/github-actions-models/v0.30.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/github-actions-models/v0.30.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/github-actions-models%2Fv0.30.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/github-actions-models%2Fv0.30.0/manifests"},{"name":"v1.9.0","sha":"5fbfaebd18a0c93de39eb5888e02607cb7205c9b","kind":"commit","published_at":"2025-05-30T21:28:21.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v1.9.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v1.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.9.0/manifests"},{"name":"github-actions-expressions/v0.0.4","sha":"4dcaad54e89d54045a653c434481d807fbaf0a7e","kind":"commit","published_at":"2025-05-30T21:12:44.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/github-actions-expressions/v0.0.4","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/github-actions-expressions/v0.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/github-actions-expressions%2Fv0.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/github-actions-expressions%2Fv0.0.4/manifests"},{"name":"yamlpath/v0.19.0","sha":"2cfef360934e17ba94b6268b500145ee69dbdd7c","kind":"commit","published_at":"2025-05-28T14:17:13.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/yamlpath/v0.19.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/yamlpath/v0.19.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/yamlpath%2Fv0.19.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/yamlpath%2Fv0.19.0/manifests"},{"name":"github-actions-models/v0.29.0","sha":"cb91ab95c83c994c73b9e6c52dc55a8f58dbf185","kind":"commit","published_at":"2025-05-21T23:24:57.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/github-actions-models/v0.29.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/github-actions-models/v0.29.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/github-actions-models%2Fv0.29.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/github-actions-models%2Fv0.29.0/manifests"},{"name":"v1.8.0","sha":"4021d88eab42cd7b104ac0cdd2e20461e47b8d4c","kind":"commit","published_at":"2025-05-20T20:00:26.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v1.8.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v1.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.8.0/manifests"},{"name":"v1.8.0-rc3","sha":"abee95815a40713bc2e9c0aa950851e6fb522098","kind":"commit","published_at":"2025-05-20T19:45:20.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v1.8.0-rc3","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v1.8.0-rc3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.8.0-rc3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.8.0-rc3/manifests"},{"name":"v1.8.0-rc1","sha":"61c9880555dbf9ac1679d91965946ea205b11e25","kind":"commit","published_at":"2025-05-20T19:25:26.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v1.8.0-rc1","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v1.8.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.8.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.8.0-rc1/manifests"},{"name":"v1.8.0-rc0","sha":"a62bfa5a2537ef514085dcf26175bbae74334ee4","kind":"commit","published_at":"2025-05-20T19:10:14.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v1.8.0-rc0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v1.8.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.8.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.8.0-rc0/manifests"},{"name":"github-actions-models/v0.28.3","sha":"c1c655b452ac68ce09d10f9cbdd41b2513761327","kind":"commit","published_at":"2025-05-20T18:51:43.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/github-actions-models/v0.28.3","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/github-actions-models/v0.28.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/github-actions-models%2Fv0.28.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/github-actions-models%2Fv0.28.3/manifests"},{"name":"yamlpath/v0.18.0","sha":"fafcebb161442958c2d730bffb661ec98108be23","kind":"commit","published_at":"2025-05-19T20:09:54.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/yamlpath/v0.18.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/yamlpath/v0.18.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/yamlpath%2Fv0.18.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/yamlpath%2Fv0.18.0/manifests"},{"name":"github-actions-expressions/v0.0.3","sha":"cdb53c27c8cd024b4b310b91bd406cc0de3a3b7f","kind":"commit","published_at":"2025-05-17T17:44:13.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/github-actions-expressions/v0.0.3","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/github-actions-expressions/v0.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/github-actions-expressions%2Fv0.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/github-actions-expressions%2Fv0.0.3/manifests"},{"name":"github-actions-expressions/v0.0.2","sha":"c7f70ffa53f9afb5150101c974aec9820681d757","kind":"commit","published_at":"2025-05-16T02:57:22.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/github-actions-expressions/v0.0.2","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/github-actions-expressions/v0.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/github-actions-expressions%2Fv0.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/github-actions-expressions%2Fv0.0.2/manifests"},{"name":"github-actions-expressions/v0.0.1","sha":"d6f71bebf6ac21d96fad73b0b820670b9264e733","kind":"commit","published_at":"2025-05-16T02:06:05.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/github-actions-expressions/v0.0.1","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/github-actions-expressions/v0.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/github-actions-expressions%2Fv0.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/github-actions-expressions%2Fv0.0.1/manifests"},{"name":"v1.7.0","sha":"beba48976c4911c25c0f23e27426fbb8f2bd950f","kind":"commit","published_at":"2025-05-09T02:50:51.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v1.7.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v1.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.7.0/manifests"},{"name":"v1.6.0","sha":"fb8520bdd5d44626bd1e2f671c5916babca3441f","kind":"commit","published_at":"2025-04-20T02:13:28.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v1.6.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v1.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.6.0/manifests"},{"name":"v1.5.2","sha":"0c590a6e147e743fac5f6e66a87c07a2ae113476","kind":"commit","published_at":"2025-03-23T14:52:59.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v1.5.2","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v1.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.5.2/manifests"},{"name":"v1.5.1","sha":"f1e5b96fb5472647a8ddb526f6041c34c380fc71","kind":"commit","published_at":"2025-03-12T15:20:41.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v1.5.1","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v1.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.5.1/manifests"},{"name":"v1.5.0","sha":"9d14c4004e0810986779738d74fad6f41482876f","kind":"commit","published_at":"2025-03-11T00:28:12.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v1.5.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v1.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.5.0/manifests"},{"name":"v1.4.1","sha":"7c7e415df3e31eb2213787537f9cfb68a020b85d","kind":"commit","published_at":"2025-02-25T17:42:20.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v1.4.1","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v1.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.4.1/manifests"},{"name":"v1.4.0","sha":"ff55188bf1720bcc4a6b7e2c4f97dd51db52d88d","kind":"commit","published_at":"2025-02-25T17:18:51.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v1.4.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.4.0/manifests"},{"name":"v1.3.1","sha":"7b16e64aca9526b0cd7f28afa1feee4e4b3a16f1","kind":"commit","published_at":"2025-02-09T15:47:28.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v1.3.1","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v1.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.3.1/manifests"},{"name":"v1.3.0","sha":"e61a9d762ff38c654fb803ab0a57008f92ef2da3","kind":"commit","published_at":"2025-01-29T01:13:44.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v1.3.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v1.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.3.0/manifests"},{"name":"v1.2.2","sha":"a91a02162ae6151fd165f01082dd158f633483db","kind":"commit","published_at":"2025-01-19T04:53:34.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v1.2.2","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v1.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.2.2/manifests"},{"name":"v1.2.1","sha":"78cdaf6a69dfe835ef4373d401ccb0b037eeeb26","kind":"commit","published_at":"2025-01-18T22:15:15.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v1.2.1","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v1.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.2.1/manifests"},{"name":"v1.2.0","sha":"7b75f567e747194b6e058666e332431c0281b33b","kind":"commit","published_at":"2025-01-18T17:36:31.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v1.2.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v1.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.2.0/manifests"},{"name":"v1.1.1","sha":"ec37d0a0e5ab398b9e1c47259ef200a3a4e86104","kind":"commit","published_at":"2025-01-13T16:03:43.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v1.1.1","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v1.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.1.1/manifests"},{"name":"v1.1.0","sha":"b178d52d3530969ba7e4ce0c87e5fc520bdd154e","kind":"commit","published_at":"2025-01-13T05:15:57.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v1.1.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v1.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.1.0/manifests"},{"name":"v1.0.1","sha":"7a8c9f2e829dd4fe0bd19ff0352851840b7c0e0e","kind":"commit","published_at":"2025-01-07T19:14:02.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v1.0.1","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v1.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.0.1/manifests"},{"name":"v1.0.0","sha":"4085b881fb41762a1091d72d7dceffd8cef5ef49","kind":"commit","published_at":"2025-01-02T17:02:25.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v1.0.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v1.0.0/manifests"},{"name":"v0.10.0","sha":"aecc879cbde06fde954081e4c3478e3ccae2c48d","kind":"commit","published_at":"2024-12-19T15:40:37.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v0.10.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v0.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.10.0/manifests"},{"name":"v0.9.2","sha":"0f601759ffb3996a322915410ed28f607bc30367","kind":"commit","published_at":"2024-12-15T15:15:26.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v0.9.2","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v0.9.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.9.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.9.2/manifests"},{"name":"v0.9.1","sha":"f281e0c26af4ac30d5d001d38e4222dcd51eb51c","kind":"commit","published_at":"2024-12-12T20:24:46.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v0.9.1","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v0.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.9.1/manifests"},{"name":"v0.9.0","sha":"2099732c9cad0e65cb8cdddebdc7f2a62684a10c","kind":"commit","published_at":"2024-12-12T15:31:10.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v0.9.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v0.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.9.0/manifests"},{"name":"v0.8.0","sha":"0abccb48be3a81019d5b778247863d32d8a5d165","kind":"commit","published_at":"2024-12-06T22:55:51.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v0.8.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v0.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.8.0/manifests"},{"name":"v0.7.0","sha":"b8cfd38edf288ff5c9a68eb0c0dec273b7c0189d","kind":"commit","published_at":"2024-12-03T22:39:07.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v0.7.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.7.0/manifests"},{"name":"v0.6.0","sha":"b667cf3ec31983fd56f2f792972d8eaec9e234a5","kind":"commit","published_at":"2024-11-26T15:02:43.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v0.6.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.6.0/manifests"},{"name":"v0.5.0","sha":"37a87c888ee949b34abae819cad67dd370319553","kind":"commit","published_at":"2024-11-21T22:16:33.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v0.5.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.5.0/manifests"},{"name":"v0.4.0","sha":"53917b0e74449f08814d1bf757c87bb79309bdb3","kind":"commit","published_at":"2024-11-16T17:54:57.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v0.4.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v0.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.4.0/manifests"},{"name":"v0.3.2","sha":"846bed1a6b2eca5bdea7755064a43d634bd43859","kind":"commit","published_at":"2024-11-16T00:58:17.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v0.3.2","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v0.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.3.2/manifests"},{"name":"v0.3.1","sha":"e656091c296e5f351bcbeef030dac64fd8f8683b","kind":"commit","published_at":"2024-11-14T03:38:23.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v0.3.1","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v0.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.3.1/manifests"},{"name":"v0.3.0","sha":"829db4a2206b508eae475a8970e32c6a41585ed6","kind":"commit","published_at":"2024-11-10T16:07:23.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v0.3.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v0.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.3.0/manifests"},{"name":"v0.2.1","sha":"d0dc117ee22902694487543eb6ebb3a09948c8f9","kind":"commit","published_at":"2024-11-07T04:07:40.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v0.2.1","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v0.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.2.1/manifests"},{"name":"v0.2.0","sha":"1f95e483b20078901794e47ebe24e611a69e62fd","kind":"commit","published_at":"2024-11-05T00:58:55.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v0.2.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v0.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.2.0/manifests"},{"name":"v0.1.6","sha":"d8b7633f469e7503fcf5df326e536b78b18e5a91","kind":"commit","published_at":"2024-11-03T15:42:20.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v0.1.6","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v0.1.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.1.6/manifests"},{"name":"v0.1.5","sha":"e050f08341c44e4e555e96b85ebb99e9addc9cc3","kind":"commit","published_at":"2024-11-01T17:56:42.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v0.1.5","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v0.1.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.1.5/manifests"},{"name":"v0.1.4","sha":"b4539acd6681dbfb07baa96f478c4ae5096740f6","kind":"commit","published_at":"2024-10-31T13:51:35.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v0.1.4","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v0.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.1.4/manifests"},{"name":"v0.1.3","sha":"4c214b0d65959bca8b19416bf796f1a305fb1d1d","kind":"commit","published_at":"2024-10-29T22:53:07.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v0.1.3","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v0.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.1.3/manifests"},{"name":"v0.1.2","sha":"c6f4908564018dc13741d11a3a5be7712477b41e","kind":"commit","published_at":"2024-10-29T20:27:23.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v0.1.2","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v0.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.1.2/manifests"},{"name":"v0.1.1","sha":"32a28f7881754080e7d0405a5e9b2635d57d74e4","kind":"commit","published_at":"2024-10-28T17:55:22.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v0.1.1","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v0.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.1.1/manifests"},{"name":"v0.1.0","sha":"4f4a37833d5ad995c815ba35fce9164843a60462","kind":"commit","published_at":"2024-10-27T19:39:06.000Z","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/v0.1.0","html_url":"https://github.com/zizmorcore/zizmor/releases/tag/v0.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags/v0.1.0/manifests"}]},"repo_metadata_updated_at":"2025-06-04T16:23:39.941Z","dependent_packages_count":0,"downloads":493704,"downloads_period":"last-month","dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":55.83825808566364,"dependent_packages_count":9.919039935842967,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":32.87864901075331},"purl":"pkg:pypi/zizmor","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/pypi/zizmor","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/pypi/zizmor","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/pypi/zizmor/dependencies","status":null,"funding_links":["https://github.com/sponsors/woodruffw","https://thanks.dev/u/gh/woodruffw","https://ko-fi.com/woodruffw"],"critical":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/zizmor/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/zizmor/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/zizmor/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/zizmor/related_packages","maintainers":[{"uuid":"woodruffw","login":"woodruffw","name":null,"email":null,"url":null,"packages_count":26,"html_url":"https://pypi.org/user/woodruffw/","role":"Owner","created_at":"2024-12-07T00:33:34.471Z","updated_at":"2024-12-07T00:33:34.471Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/woodruffw/packages"}],"registry":{"name":"pypi.org","url":"https://pypi.org","ecosystem":"pypi","default":true,"packages_count":690499,"maintainers_count":292846,"namespaces_count":0,"keywords_count":228675,"github":"pypi","metadata":{"funded_packages_count":48967},"icon_url":"https://github.com/pypi.png","created_at":"2022-04-04T15:19:23.364Z","updated_at":"2025-06-07T05:28:50.775Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/namespaces"}},"unique_repositories_count":54,"unique_repositories_count_past_30_days":5,"recent_issues":[{"uuid":"4606461713","node_id":"PR_kwDOSzVvmM7jlNVb","number":9,"state":"open","title":"⬆ Bump zizmor from 1.23.1 to 1.25.2","user":"dependabot[bot]","labels":["internal"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-07T06:51:30.000Z","updated_at":"2026-06-07T06:51:31.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"⬆ Bump","packages":[{"name":"zizmor","old_version":"1.23.1","new_version":"1.25.2","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps [zizmor](https://github.com/zizmorcore/zizmor) from 1.23.1 to 1.25.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.25.2\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-tools\"\u003eunpinned-tools\u003c/a\u003e audit would incorrectly flag the \u003ca href=\"https://github.com/aquasecurity/trivy-action\"\u003eaquasecurity/trivy-action\u003c/a\u003e action as installing an unpinned tool version, rather than \u003ca href=\"https://github.com/aquasecurity/setup-trivy\"\u003eaquasecurity/setup-trivy\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2018\"\u003e#2018\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.25.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#cache-poisoning\"\u003ecache-poisoning\u003c/a\u003e audit would fail to consider release events as exempt from cache usage findings when filtered by a tag condition (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2004\"\u003e#2004\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo when suggesting --fix flags for findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2010\"\u003e#2010\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/0xdea\"\u003e\u003ccode\u003e@​0xdea\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo in \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-tools\"\u003eunpinned-tools\u003c/a\u003e annotations (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2008\"\u003e#2008\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#github-app\"\u003egithub-app\u003c/a\u003e audit would incorrectly flag some safe uses of \u003ca href=\"https://github.com/actions/create-github-app-token\"\u003eactions/create-github-app-token\u003c/a\u003e as unsafe (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2011\"\u003e#2011\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.25.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's finding severities can now be remapped on a per-audit basis. See \u003ca href=\"https://docs.zizmor.sh/configuration/#rules-id-remap\"\u003ethe configuration\u003c/a\u003e for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1913\"\u003e#1913\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/Proximyst\"\u003e\u003ccode\u003e@​Proximyst\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#github-app\"\u003egithub-app\u003c/a\u003e detects dangerous usages of GitHub App installation tokens (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: [unpinned-tools] detects actions that install tools without pinning to a specific version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now accepts the --no-ignores flag to disable all ignore comments and configurations when reporting findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's LSP now honors the --persona flag on the CLI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1943\"\u003e#1943\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor is now aware of Docker-based action definitions, in addition to the pre-existing support for \u0026quot;composite\u0026quot; actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue edit --add-label / gh pr edit --add-label as a replacement for \u003ca href=\"https://github.com/actions-ecosystem/action-add-labels\"\u003eactions-ecosystem/action-add-labels\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue edit --remove-label / gh pr edit --remove-label as a replacement for \u003ca href=\"https://github.com/actions-ecosystem/action-remove-labels\"\u003eactions-ecosystem/action-remove-labels\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend jq as a replacement for \u003ca href=\"https://github.com/sergeysova/jq-action\"\u003esergeysova/jq-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend git add, git commit, and git push as a replacement for \u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action\"\u003estefanzweifel/git-auto-commit-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend git add, git commit, and git push as a replacement for \u003ca href=\"https://github.com/EndBug/add-and-commit\"\u003eEndBug/add-and-commit\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/tibdex/github-app-token\"\u003etibdex/github-app-token\u003c/a\u003e is now recognized as an archived action by \u003ca href=\"https://docs.zizmor.sh/audits/#archived-uses\"\u003earchived-uses\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1910\"\u003e#1910\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.25.2\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the [unpinned-tools] audit would incorrectly flag the\n\u003ccode\u003e@​aquasecurity/trivy-action\u003c/code\u003e action as installing an unpinned tool version,\nrather than \u003ccode\u003e@​aquasecurity/setup-trivy\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2018\"\u003e#2018\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.25.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the [cache-poisoning] audit would fail to consider\n\u003ccode\u003erelease\u003c/code\u003e events as exempt from cache usage findings when filtered by a\ntag condition (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2004\"\u003e#2004\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo when suggesting \u003ccode\u003e--fix\u003c/code\u003e flags for findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2010\"\u003e#2010\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/0xdea\"\u003e\u003ccode\u003e@​0xdea\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo in [unpinned-tools] annotations (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2008\"\u003e#2008\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the [github-app] audit would incorrectly flag some safe\nuses of \u003ccode\u003e@​actions/create-github-app-token\u003c/code\u003e as unsafe (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2011\"\u003e#2011\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.25.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's finding severities can now be remapped on a per-audit basis.\nSee \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/configuration.md#rules-id-remap\"\u003ethe configuration\u003c/a\u003e for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1913\"\u003e#1913\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/Proximyst\"\u003e\u003ccode\u003e@​Proximyst\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [github-app] detects dangerous usages of GitHub App installation tokens\n(\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [unpinned-tools] detects actions that install tools without pinning\nto a specific version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now accepts the \u003ccode\u003e--no-ignores\u003c/code\u003e flag to disable all ignore comments and\nconfigurations when reporting findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e's LSP now honors the \u003ccode\u003e--persona\u003c/code\u003e flag on the CLI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1943\"\u003e#1943\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e is now aware of Docker-based action definitions, in addition to the\npre-existing support for \u0026quot;composite\u0026quot; actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/b50d8f60e27e0084aa3a5f5dff46054a8253ac2a\"\u003e\u003ccode\u003eb50d8f6\u003c/code\u003e\u003c/a\u003e zizmor 1.25.2 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/e8c96481b76ee03dc3e72cc744ad77cfc62cc238\"\u003e\u003ccode\u003ee8c9648\u003c/code\u003e\u003c/a\u003e Bump rustls-webpki to 0.103.13 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2021\"\u003e#2021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/9e19bdedaa4af986b47d7f3ffdadcdd7b226c8a6\"\u003e\u003ccode\u003e9e19bde\u003c/code\u003e\u003c/a\u003e Bump aws-lc crates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2020\"\u003e#2020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/49cb189191c75a18d73a92ae47985424cc0acd3e\"\u003e\u003ccode\u003e49cb189\u003c/code\u003e\u003c/a\u003e Bump rand to 0.9.4 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2019\"\u003e#2019\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/bfdb64993cecb911e385622b989a44431fc2d13f\"\u003e\u003ccode\u003ebfdb649\u003c/code\u003e\u003c/a\u003e unpinned-tools: fix trivy action being detected (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2018\"\u003e#2018\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/9300d3b5a7f06a3d77f092d01434dab99399f3e5\"\u003e\u003ccode\u003e9300d3b\u003c/code\u003e\u003c/a\u003e ww/release (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/331917af1e4f7c6aed23ddd41477c2042d8a857d\"\u003e\u003ccode\u003e331917a\u003c/code\u003e\u003c/a\u003e chore: drop \u003ccode\u003eserde_yaml\u003c/code\u003e rename (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2015\"\u003e#2015\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/506f0856dec8a5c863a4dce695a83491187c543d\"\u003e\u003ccode\u003e506f085\u003c/code\u003e\u003c/a\u003e github-app: test \u003ccode\u003erepositories\u003c/code\u003e, not \u003ccode\u003erepository\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2011\"\u003e#2011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/53dea374e8a01f8df00f9d1acd7dbdfb1838acd8\"\u003e\u003ccode\u003e53dea37\u003c/code\u003e\u003c/a\u003e unpinned-tools, docs: fix typos (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2008\"\u003e#2008\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/8068e115f99b6b84611a8865a8cad0858bd5e07c\"\u003e\u003ccode\u003e8068e11\u003c/code\u003e\u003c/a\u003e fix: replace \u003ccode\u003e--fix=unsafe\u003c/code\u003e with \u003ccode\u003e--fix=unsafe-only\u003c/code\u003e in suggestion (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2010\"\u003e#2010\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.23.1...v1.25.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmor\u0026package-manager=uv\u0026previous-version=1.23.1\u0026new-version=1.25.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/NMJoshi/mcwp/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NMJoshi%2Fmcwp/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"},{"uuid":"4555529108","node_id":"PR_kwDOF8_QEs7g_sBJ","number":1989,"state":"open","title":"⬆ Bump the python-packages group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dependencies","internal","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T19:59:46.000Z","updated_at":"2026-05-31T06:06:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"⬆ Bump","group_name":"python-packages","update_count":9,"packages":[{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"black","old_version":"26.3.1","new_version":"26.5.1","repository_url":"https://github.com/psf/black"},{"name":"zensical","old_version":"0.0.42","new_version":"0.0.43","repository_url":"https://github.com/zensical/zensical"},{"name":"fastapi","old_version":"0.136.1","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"ruff","old_version":"0.15.13","new_version":"0.15.14","repository_url":"https://github.com/astral-sh/ruff"},{"name":"ty","old_version":"0.0.35","new_version":"0.0.39","repository_url":"https://github.com/astral-sh/ty"},{"name":"prek","old_version":"0.3.13","new_version":"0.4.1","repository_url":"https://github.com/j178/prek"},{"name":"zizmor","old_version":"1.24.1","new_version":"1.25.2","repository_url":"https://github.com/zizmorcore/zizmor"},{"name":"pygithub","old_version":"2.9.0","new_version":"2.9.1","repository_url":"https://github.com/pygithub/pygithub"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-packages group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.4` |\n| [black](https://github.com/psf/black) | `26.3.1` | `26.5.1` |\n| [zensical](https://github.com/zensical/zensical) | `0.0.42` | `0.0.43` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.136.1` | `0.136.3` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.13` | `0.15.14` |\n| [ty](https://github.com/astral-sh/ty) | `0.0.35` | `0.0.39` |\n| [prek](https://github.com/j178/prek) | `0.3.13` | `0.4.1` |\n| [zizmor](https://github.com/zizmorcore/zizmor) | `1.24.1` | `1.25.2` |\n| [pygithub](https://github.com/pygithub/pygithub) | `2.9.0` | `2.9.1` |\n\n\nUpdates `pydantic` from 2.12.5 to 2.13.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/releases\"\u003epydantic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 2026-05-06\u003c/h2\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3 2026-04-20\u003c/h2\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.2 2026-04-17\u003c/h2\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.1 2026-04-15\u003c/h2\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.0 2026-04-13\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/blob/main/HISTORY.md\"\u003epydantic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.4\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.3\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.2\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.1\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.0 (2026-04-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.0\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThe highlights of the v2.13 release are available in the \u003ca href=\"https://pydantic.dev/articles/pydantic-v2-13-release\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/f0d8a214a5803036db46a56b1f62f1e56b81d662\"\u003e\u003ccode\u003ef0d8a21\u003c/code\u003e\u003c/a\u003e Prepare release v2.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/5e3fe1d41a00f441204241c66078003ae0391f9a\"\u003e\u003ccode\u003e5e3fe1d\u003c/code\u003e\u003c/a\u003e Check for pydantic tag pattern in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/7f9edcc2a191d2eaa9751220eb910914e716a686\"\u003e\u003ccode\u003e7f9edcc\u003c/code\u003e\u003c/a\u003e Document tagging conventions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/b46a0c9b8a4dd967fda8ec1a92f6437076bf262c\"\u003e\u003ccode\u003eb46a0c9\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/50629c851e61d887d5420452c311ec6203f1f400\"\u003e\u003ccode\u003e50629c8\u003c/code\u003e\u003c/a\u003e Update to PyPy 7.3.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/8522ebb71e5e9a6f7188af5f009f01785b8cf725\"\u003e\u003ccode\u003e8522ebb\u003c/code\u003e\u003c/a\u003e Preserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/a37f3aff090ca342dc5f48304889963530b993f8\"\u003e\u003ccode\u003ea37f3af\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003eMISSING\u003c/code\u003e sentinel test to work with unreleased \u003ccode\u003etyping_extensions\u003c/code\u003e ver...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/909259a9df660518033aa686b689f045a6eaf9d2\"\u003e\u003ccode\u003e909259a\u003c/code\u003e\u003c/a\u003e Remove Logfire example in documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/2c4174c366606fc2dc46cb806833a080aefa77df\"\u003e\u003ccode\u003e2c4174c\u003c/code\u003e\u003c/a\u003e Bump libc from 0.2.155 to 0.2.185\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.12.5...v2.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 26.3.1 to 26.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.5.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix unstable formatting of annotated assignments whose subscript annotation contains\nan inline comment (e.g. \u003ccode\u003ex: list[  # pyright: ignore[...]\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve inline comments (including \u003ccode\u003e# type: ignore\u003c/code\u003e) immediately before a\n\u003ccode\u003e# fmt: skip\u003c/code\u003e line, avoiding AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the version in the published executables (\u003ca href=\"https://redirect.github.com/psf/black/issues/5137\"\u003e#5137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Neovim integration guide covering conform.nvim, ALE, and simple command approaches\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.5.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810),\nboth new syntactic features in Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePython 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so\nperformance may be slower than on existing Python versions. Wheels will be provided\nonce Python 3.15 is later in its release cycle. (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e# fmt: skip\u003c/code\u003e being ignored in nested \u003ccode\u003eif\u003c/code\u003e expressions with parenthesized \u003ccode\u003ein\u003c/code\u003e\nclauses (\u003ca href=\"https://redirect.github.com/psf/black/issues/4903\"\u003e#4903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd syntactic support for Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash when an f-string follows a \u003ccode\u003e# fmt: off\u003c/code\u003e comment inside brackets (\u003ca href=\"https://redirect.github.com/psf/black/issues/5097\"\u003e#5097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve multiline compound statement headers when \u003ccode\u003e# fmt: skip\u003c/code\u003e is placed on the\ncolon line (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove heuristics around whether blank lines should appear before, within and after\ngroups of same-name decorated functions (such as \u003ccode\u003e@overload\u003c/code\u003e groups) in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5021\"\u003e#5021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix blank lines being removed between a function and a decorated class in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5092\"\u003e#5092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent string merger from creating unsplittable long lines when a pragma comment\n(e.g. \u003ccode\u003e# type: ignore\u003c/code\u003e) follows the closing bracket (\u003ca href=\"https://redirect.github.com/psf/black/issues/5096\"\u003e#5096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRun CI on 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.5.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix unstable formatting of annotated assignments whose subscript annotation contains\nan inline comment (e.g. \u003ccode\u003ex: list[  # pyright: ignore[...]\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve inline comments (including \u003ccode\u003e# type: ignore\u003c/code\u003e) immediately before a\n\u003ccode\u003e# fmt: skip\u003c/code\u003e line, avoiding AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the version in the published executables (\u003ca href=\"https://redirect.github.com/psf/black/issues/5137\"\u003e#5137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Neovim integration guide covering conform.nvim, ALE, and simple command approaches\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.5.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810),\nboth new syntactic features in Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePython 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so\nperformance may be slower than on existing Python versions. Wheels will be provided\nonce Python 3.15 is later in its release cycle. (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e# fmt: skip\u003c/code\u003e being ignored in nested \u003ccode\u003eif\u003c/code\u003e expressions with parenthesized \u003ccode\u003ein\u003c/code\u003e\nclauses (\u003ca href=\"https://redirect.github.com/psf/black/issues/4903\"\u003e#4903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd syntactic support for Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash when an f-string follows a \u003ccode\u003e# fmt: off\u003c/code\u003e comment inside brackets (\u003ca href=\"https://redirect.github.com/psf/black/issues/5097\"\u003e#5097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve multiline compound statement headers when \u003ccode\u003e# fmt: skip\u003c/code\u003e is placed on the\ncolon line (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove heuristics around whether blank lines should appear before, within and after\ngroups of same-name decorated functions (such as \u003ccode\u003e@overload\u003c/code\u003e groups) in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5021\"\u003e#5021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix blank lines being removed between a function and a decorated class in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5092\"\u003e#5092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent string merger from creating unsplittable long lines when a pragma comment\n(e.g. \u003ccode\u003e# type: ignore\u003c/code\u003e) follows the closing bracket (\u003ca href=\"https://redirect.github.com/psf/black/issues/5096\"\u003e#5096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRun CI on 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/87928e6d6761a4a6d22250e1fee5601b3998086e\"\u003e\u003ccode\u003e87928e6\u003c/code\u003e\u003c/a\u003e Prepare release 26.5.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5140\"\u003e#5140\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c970a49702488739add6c728122deb3a99900803\"\u003e\u003ccode\u003ec970a49\u003c/code\u003e\u003c/a\u003e Preserve comments before fmt: skip lines (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/5809338fd5f92d50e80c2ad312292ae6d428a480\"\u003e\u003ccode\u003e5809338\u003c/code\u003e\u003c/a\u003e Preserve inline comments inside annotation subscripts (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/61361b71995f6ea44ce01915bacd3ecc50642507\"\u003e\u003ccode\u003e61361b7\u003c/code\u003e\u003c/a\u003e docs: add Neovim integration guide and fix http link (\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/ebe6018e3254629788376e619207719fbe34a849\"\u003e\u003ccode\u003eebe6018\u003c/code\u003e\u003c/a\u003e CI Hotfixes (\u003ca href=\"https://redirect.github.com/psf/black/issues/5136\"\u003e#5136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/9cbd95f80e97c1ab4d690d1d41b81579a13bf75c\"\u003e\u003ccode\u003e9cbd95f\u003c/code\u003e\u003c/a\u003e Fix publish binaries again on Windows (\u003ca href=\"https://redirect.github.com/psf/black/issues/5134\"\u003e#5134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/3dc8e6c41911bdaedb4bac8d633979c34a112b78\"\u003e\u003ccode\u003e3dc8e6c\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5132\"\u003e#5132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/6d0fff0d5a965b9d0d3dbd7c5738d835fd574130\"\u003e\u003ccode\u003e6d0fff0\u003c/code\u003e\u003c/a\u003e Fix publish binaries workflow (\u003ca href=\"https://redirect.github.com/psf/black/issues/5133\"\u003e#5133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/d2490e24dad33b8f68c77602ee29160de0fea24b\"\u003e\u003ccode\u003ed2490e2\u003c/code\u003e\u003c/a\u003e Prepare release 26.5.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5131\"\u003e#5131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2b13ea76fa69d4923381df65deb1a5c896ca27ad\"\u003e\u003ccode\u003e2b13ea7\u003c/code\u003e\u003c/a\u003e Preserve multiline headers with fmt skip (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/26.3.1...26.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zensical` from 0.0.42 to 0.0.43\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zensical/zensical/releases\"\u003ezensical's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.43\u003c/h2\u003e\n\u003ch2\u003eSummary\u003c/h2\u003e\n\u003cp\u003eThis version fixes further edge cases in link validation, and adds support for UTF-8 encoding with byte-order-marks.\u003c/p\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1e873a3 \u003cstrong\u003ecompat\u003c/strong\u003e – ignore links in code after literal dollar during link validation (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/691\"\u003e#691\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e62a0feb \u003cstrong\u003ezensical\u003c/strong\u003e – report \u003ccode\u003epath.md/#anchor\u003c/code\u003e as invalid during link validation (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/690\"\u003e#690\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e7be40c6 \u003cstrong\u003ecompat\u003c/strong\u003e – ignore GitHub-style callouts during link validation (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/688\"\u003e#688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e85c3b1e \u003cstrong\u003ecompat\u003c/strong\u003e – ignore \u003ccode\u003e[TOC]\u003c/code\u003e marker during link validation (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/686\"\u003e#686\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edaafc8b \u003cstrong\u003ezensical\u003c/strong\u003e – filter out icons folder when watching theme directories (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e913fd61 \u003cstrong\u003ezensical\u003c/strong\u003e – strip Byte-Order-Mark (BOM) from Markdown files (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/687\"\u003e#687\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/7d2178a8a9df7c559a746643ccfa34f1531f20a3\"\u003e\u003ccode\u003e7d2178a\u003c/code\u003e\u003c/a\u003e chore: release v0.0.43\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/35a20425ac3a30007ed2ba9e1d54bbdae98399cd\"\u003e\u003ccode\u003e35a2042\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/zensical/zensical/issues/697\"\u003e#697\u003c/a\u003e from zensical/fix/validation-regressions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/1e873a397c314843444adb68dcd5238af62dfe22\"\u003e\u003ccode\u003e1e873a3\u003c/code\u003e\u003c/a\u003e fix: ignore links in code after literal dollar during link validation (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/691\"\u003e#691\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/62a0feb8f45ed10ea3c4c9816501ff1c2245f244\"\u003e\u003ccode\u003e62a0feb\u003c/code\u003e\u003c/a\u003e fix: report \u003ccode\u003epath.md/#anchor\u003c/code\u003e as invalid during link validation (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/690\"\u003e#690\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/7be40c6ceb4407992a1d93cb6e30563b737e4724\"\u003e\u003ccode\u003e7be40c6\u003c/code\u003e\u003c/a\u003e fix: ignore GitHub-style callouts during link validation (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/688\"\u003e#688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/85c3b1e321dc4eaa60fc7bd885a4da509e1e4127\"\u003e\u003ccode\u003e85c3b1e\u003c/code\u003e\u003c/a\u003e fix: ignore \u003ccode\u003e[TOC]\u003c/code\u003e marker during link validation (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/686\"\u003e#686\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/daafc8becba138735046b63dcf839c89c9f8c024\"\u003e\u003ccode\u003edaafc8b\u003c/code\u003e\u003c/a\u003e fix: filter out icons folder when watching theme directories (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/913fd61670ae2d1a01c76388613f6378c9431a3d\"\u003e\u003ccode\u003e913fd61\u003c/code\u003e\u003c/a\u003e fix: strip Byte-Order-Mark (BOM) from Markdown files (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/687\"\u003e#687\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/zensical/zensical/compare/v0.0.42...v0.0.43\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.136.1 to 0.136.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.3\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (the default). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15589\"\u003e#15589\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.2\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15588\"\u003e#15588\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15464\"\u003e#15464\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15583\"\u003e#15583\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs references to central contributing docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15580\"\u003e#15580\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15577\"\u003e#15577\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🍱 Update sponsors: TalorData image. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15562\"\u003e#15562\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs, simplify usage of admonitions, only default ones. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15553\"\u003e#15553\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix image URLs in \u003ccode\u003eindex.md\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15534\"\u003e#15534\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Fix Azkaban spelling typo in \u003ccode\u003evirtual-environments.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15463\"\u003e#15463\u003c/a\u003e by \u003ca href=\"https://github.com/isaacbernat\"\u003e\u003ccode\u003e@​isaacbernat\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Improve layout and styling. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15462\"\u003e#15462\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Refactor opinions section with interactive tabs and new logos. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15458\"\u003e#15458\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add FastAPI Conf '26 announcement to docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15457\"\u003e#15457\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Improve translation consistency in \u003ccode\u003e‎docs/pt/docs/advanced/generate-clients.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15456\"\u003e#15456\u003c/a\u003e by \u003ca href=\"https://github.com/Will-thom\"\u003e\u003ccode\u003e@​Will-thom\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15530\"\u003e#15530\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15529\"\u003e#15529\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15528\"\u003e#15528\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15527\"\u003e#15527\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15526\"\u003e#15526\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15525\"\u003e#15525\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15524\"\u003e#15524\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15522\"\u003e#15522\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15523\"\u003e#15523\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15520\"\u003e#15520\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15521\"\u003e#15521\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Fix typos in Spanish LLM-prompt. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15472\"\u003e#15472\u003c/a\u003e by \u003ca href=\"https://github.com/crr004\"\u003e\u003ccode\u003e@​crr004\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Update tests, don't double dispose the engine. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15587\"\u003e#15587\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/13583\"\u003e#13583\u003c/a\u003e by \u003ca href=\"https://github.com/dikos1337\"\u003e\u003ccode\u003e@​dikos1337\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15585\"\u003e#15585\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15502\"\u003e#15502\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15565\"\u003e#15565\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15571\"\u003e#15571\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Migrate docs from MkDocs to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15563\"\u003e#15563\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15548\"\u003e#15548\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/82064857539e6286522c347b4b11331b48dd2378\"\u003e\u003ccode\u003e8206485\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c910e0139f983d0e04e2d1d235cd71803afeae34\"\u003e\u003ccode\u003ec910e01\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/063b5bf582d31fb155cc6bc6f88cf512329d0fd5\"\u003e\u003ccode\u003e063b5bf\u003c/code\u003e\u003c/a\u003e ♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/22b02e26f9e8c7e32bd8266e2b0ebe8bb3a0db2b\"\u003e\u003ccode\u003e22b02e2\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3b252a2a22ba27a8ab83d6bde7d9cddbc5bf738e\"\u003e\u003ccode\u003e3b252a2\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c7fb7851b3389f24c51701d705458989be53ccbb\"\u003e\u003ccode\u003ec7fb785\u003c/code\u003e\u003c/a\u003e ♻️ Validate Server Sent Event fields to avoid applications from sending broke...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cb83b83dcf78eab4ea17d504db5abcda705fbdc4\"\u003e\u003ccode\u003ecb83b83\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/00f805cec94c0bf48c1f9a563535a3ab2e6f90ab\"\u003e\u003ccode\u003e00f805c\u003c/code\u003e\u003c/a\u003e ✅ Update tests, don't double dispose the engine (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15587\"\u003e#15587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3675137523dc167981aa3a3c44599b4f3079ccd8\"\u003e\u003ccode\u003e3675137\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7b57e42986bb4d40c9eb6580537d13fb8e76097e\"\u003e\u003ccode\u003e7b57e42\u003c/code\u003e\u003c/a\u003e 📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15464\"\u003e#15464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.136.1...0.136.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.13 to 0.15.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.14\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-21.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-task-implicit-multiple-outputs\u003c/code\u003e (\u003ccode\u003eAIR202\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25152\"\u003e#25152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-use-pathlib\u003c/code\u003e] Mark \u003ccode\u003ePTH101\u003c/code\u003e fix as unsafe when first argument is a class attribute annotated as \u003ccode\u003eint\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25086\"\u003e#25086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Implement \u003ccode\u003etoo-many-try-statements\u003c/code\u003e (\u003ccode\u003eW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23970\"\u003e#23970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003eincorrect-decorator-order\u003c/code\u003e (\u003ccode\u003eRUF074\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23461\"\u003e#23461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003efallible-context-manager\u003c/code\u003e (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22844\"\u003e#22844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix lambda formatting in interpolated string expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25144\"\u003e#25144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat generic \u003ccode\u003efrozenset\u003c/code\u003e annotations as immutable (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25251\"\u003e#25251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-type-checking\u003c/code\u003e] Avoid \u003ccode\u003estrict\u003c/code\u003e behavior when \u003ccode\u003efuture-annotations\u003c/code\u003e are enabled (\u003ccode\u003eTC001\u003c/code\u003e, \u003ccode\u003eTC002\u003c/code\u003e, \u003ccode\u003eTC003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25035\"\u003e#25035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Avoid false positives in \u003ccode\u003eelse\u003c/code\u003e clause (\u003ccode\u003ePLR1733\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25177\"\u003e#25177\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25272\"\u003e#25272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e] Preserve f-string source verbatim in \u003ccode\u003eSIM101\u003c/code\u003e fix (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25061\"\u003e#25061\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate code example setting Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd full PEP 798 support (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25104\"\u003e#25104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a parser recursion limit (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate various \u003ccode\u003eruff_python_stdlib\u003c/code\u003e APIs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25273\"\u003e#25273\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ocaballeror\"\u003e\u003ccode\u003e@​ocaballeror\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuelcolvin\"\u003e\u003ccode\u003e@​samuelcolvin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/baltasarblanco\"\u003e\u003ccode\u003e@​baltasarblanco\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aconal-com\"\u003e\u003ccode\u003e@​aconal-com\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JelleZijlstra\"\u003e\u003ccode\u003e@​JelleZijlstra\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.14\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-21.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-task-implicit-multiple-outputs\u003c/code\u003e (\u003ccode\u003eAIR202\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25152\"\u003e#25152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-use-pathlib\u003c/code\u003e] Mark \u003ccode\u003ePTH101\u003c/code\u003e fix as unsafe when first argument is a class attribute annotated as \u003ccode\u003eint\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25086\"\u003e#25086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Implement \u003ccode\u003etoo-many-try-statements\u003c/code\u003e (\u003ccode\u003eW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23970\"\u003e#23970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003eincorrect-decorator-order\u003c/code\u003e (\u003ccode\u003eRUF074\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23461\"\u003e#23461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003efallible-context-manager\u003c/code\u003e (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22844\"\u003e#22844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix lambda formatting in interpolated string expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25144\"\u003e#25144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat generic \u003ccode\u003efrozenset\u003c/code\u003e annotations as immutable (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25251\"\u003e#25251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-type-checking\u003c/code\u003e] Avoid \u003ccode\u003estrict\u003c/code\u003e behavior when \u003ccode\u003efuture-annotations\u003c/code\u003e are enabled (\u003ccode\u003eTC001\u003c/code\u003e, \u003ccode\u003eTC002\u003c/code\u003e, \u003ccode\u003eTC003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25035\"\u003e#25035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Avoid false positives in \u003ccode\u003eelse\u003c/code\u003e clause (\u003ccode\u003ePLR1733\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25177\"\u003e#25177\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25272\"\u003e#25272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e] Preserve f-string source verbatim in \u003ccode\u003eSIM101\u003c/code\u003e fix (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25061\"\u003e#25061\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate code example setting Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd full PEP 798 support (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25104\"\u003e#25104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a parser recursion limit (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate various \u003ccode\u003eruff_python_stdlib\u003c/code\u003e APIs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25273\"\u003e#25273\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ocaballeror\"\u003e\u003ccode\u003e@​ocaballeror\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuelcolvin\"\u003e\u003ccode\u003e@​samuelcolvin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/baltasarblanco\"\u003e\u003ccode\u003e@​baltasarblanco\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aconal-com\"\u003e\u003ccode\u003e@​aconal-com\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JelleZijlstra\"\u003e\u003ccode\u003e@​JelleZijlstra\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adityasingh2400\"\u003e\u003ccode\u003e@​adityasingh2400\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9ad2da3015e5faf73bdc5f1d09df3e47238e3edf\"\u003e\u003ccode\u003e9ad2da3\u003c/code\u003e\u003c/a\u003e Bump 0.15.14 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25295\"\u003e#25295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/c714e84952510696c05ec21b0158a3548898f594\"\u003e\u003ccode\u003ec714e84\u003c/code\u003e\u003c/a\u003e [ty] Modernize setup of union types in mdtests (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25291\"\u003e#25291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/8a8e35ebfe318e2467a0f276e5d1a3a9032a55ad\"\u003e\u003ccode\u003e8a8e35e\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parame...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/aea5ed4d278017057c2e842c6c3a2e92ad71495f\"\u003e\u003ccode\u003eaea5ed4\u003c/code\u003e\u003c/a\u003e Avoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/e9d72bb420f26c23e6660bfce4dfa0028b931bff\"\u003e\u003ccode\u003ee9d72bb\u003c/code\u003e\u003c/a\u003e [ty] Allow enum member accesses on \u003ccode\u003eself\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25077\"\u003e#25077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/6cbd59b511a92d5f408db57bde33367c0d47b672\"\u003e\u003ccode\u003e6cbd59b\u003c/code\u003e\u003c/a\u003e Set \u003ccode\u003eexclude-newer = \u0026quot;7 days\u0026quot;\u003c/code\u003e in our PEP-723 scripts (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25285\"\u003e#25285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9999a3967ae28fe3295131e8883b6947f272a076\"\u003e\u003ccode\u003e9999a39\u003c/code\u003e\u003c/a\u003e Update code example on how to update Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/67d8c544f0d1c526a2fc60d4bb1358fd7956d178\"\u003e\u003ccode\u003e67d8c54\u003c/code\u003e\u003c/a\u003e [ty] Retain recursively-defined state in binary expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25277\"\u003e#25277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/25a3191140dc0467f9d196f35c128fefde269261\"\u003e\u003ccode\u003e25a3191\u003c/code\u003e\u003c/a\u003e [ty] Refine Callable class-decorator fallback for unknown results (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25250\"\u003e#25250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/c423054dc09e5b644c926b6b527b6accfbe693e9\"\u003e\u003ccode\u003ec423054\u003c/code\u003e\u003c/a\u003e Add a recursion limit to the parser (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.13...0.15.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ty` from 0.0.35 to 0.0.39\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ty/releases\"\u003ety's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.39\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-22.\u003c/p\u003e\n\u003cp\u003eThis release removes the Python 3.9 branches from our vendored standard library stubs. ty now only has \u0026quot;full\u0026quot; support for\nPython 3.10 and later, but will still report version-specific syntax errors and other diagnostics when \u003ccode\u003e--python-version 3.9\u003c/code\u003e\nis provided via the CLI.\u003c/p\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid panicking on \u003ccode\u003e__new__\u003c/code\u003e assignments to classes (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25282\"\u003e#25282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve declaration order when synthesizing class fields (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25249\"\u003e#25249\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRespect \u003ccode\u003edict\u003c/code\u003e-compatible fallbacks in TypedDict unions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25242\"\u003e#25242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRetain recursively-defined state in binary expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25277\"\u003e#25277\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eLSP server\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Quick Fix to remove redundant cast (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25211\"\u003e#25211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClassify property declaration semantic tokens (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25322\"\u003e#25322\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEscape HTML syntax in docstring rendering (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25247\"\u003e#25247\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrefer symbols from standard library over those of the same name from third party libraries for import completions. (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25108\"\u003e#25108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport type aliases in document symbols (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25302\"\u003e#25302\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDiagnostics\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd error context for extra callable parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25269\"\u003e#25269\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid exponential blow-up in fall-through narrowing (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25278\"\u003e#25278\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSpeed up include filtering for projects with many literal include patterns (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25266\"\u003e#25266\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCore type checking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow enum member accesses on \u003ccode\u003eself\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25077\"\u003e#25077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEmit a diagnostic for subclassing with \u003ccode\u003eorder=True\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/21704\"\u003e#21704\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFull-scope bidirectional inference for unconstrained container literals (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25279\"\u003e#25279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInfer \u003ccode\u003edict(TypedDict)\u003c/code\u003e as \u003ccode\u003edict[str, object]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24852\"\u003e#24852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefine Callable class-decorator fallback for unknown results (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25250\"\u003e#25250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReject incompatible explicit variance in generic base classes (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25327\"\u003e#25327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport multi-inference through type aliases (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25245\"\u003e#25245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSync vendored typeshed stubs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25271\"\u003e#25271\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25172\"\u003e#25172\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ibraheemdev\"\u003e\u003ccode\u003e@​ibraheemdev\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MatthewMckee4\"\u003e\u003ccode\u003e@​MatthewMckee4\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sqqueak\"\u003e\u003ccode\u003e@​sqqueak\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ty/blob/main/CHANGELOG.md\"\u003ety's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.39\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-22.\u003c/p\u003e\n\u003cp\u003eThis release removes the Python 3.9 branches from our vendored standard library stubs. ty now only has \u0026quot;full\u0026quot; support for\nPython 3.10 and later, but will still report version-specific syntax errors and other diagnostics when \u003ccode\u003e--python-version 3.9\u003c/code\u003e\nis provided via the CLI.\u003c/p\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid panicking on \u003ccode\u003e__new__\u003c/code\u003e assignments to classes (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25282\"\u003e#25282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve declaration order when synthesizing class fields (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25249\"\u003e#25249\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRespect \u003ccode\u003edict\u003c/code\u003e-compatible fallbacks in TypedDict unions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25242\"\u003e#25242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRetain recursively-defined state in binary expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25277\"\u003e#25277\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eLSP server\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Quick Fix to remove redundant cast (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25211\"\u003e#25211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClassify property declaration semantic tokens (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25322\"\u003e#25322\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEscape HTML syntax in docstring rendering (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25247\"\u003e#25247\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrefer symbols from standard library over those of the same name from third party libraries for import completions. (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25108\"\u003e#25108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport type aliases in document symbols (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25302\"\u003e#25302\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDiagnostics\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd error context for extra callable parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25269\"\u003e#25269\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid exponential blow-up in fall-through narrowing (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25278\"\u003e#25278\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSpeed up include filtering for projects with many literal include patterns (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25266\"\u003e#25266\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCore type checking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow enum member accesses on \u003ccode\u003eself\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25077\"\u003e#25077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEmit a diagnostic for subclassing with \u003ccode\u003eorder=True\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/21704\"\u003e#21704\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFull-scope bidirectional inference for unconstrained container literals (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25279\"\u003e#25279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInfer \u003ccode\u003edict(TypedDict)\u003c/code\u003e as \u003ccode\u003edict[str, object]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24852\"\u003e#24852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefine Callable class-decorator fallback for unknown results (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25250\"\u003e#25250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReject incompatible explicit variance in generic base classes (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25327\"\u003e#25327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport multi-inference through type aliases (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25245\"\u003e#25245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSync vendored typeshed stubs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25271\"\u003e#25271\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25172\"\u003e#25172\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ibraheemdev\"\u003e\u003ccode\u003e@​ibraheemdev\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MatthewMckee4\"\u003e\u003ccode\u003e@​MatthewMckee4\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sqqueak\"\u003e\u003ccode\u003e@​sqqueak\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sharkdp\"\u003e\u003ccode\u003e@​sharkdp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/0205125174c135d6fc4014244dee374678b61c72\"\u003e\u003ccode\u003e0205125\u003c/code\u003e\u003c/a\u003e Bump version to 0.0.39 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3516\"\u003e#3516\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/ae8058d40e641b545bbad046c487e964206a2286\"\u003e\u003ccode\u003eae8058d\u003c/code\u003e\u003c/a\u003e Update maturin to v1.13.3 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3494\"\u003e#3494\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/33b60f8ad0f2da648b867831548a4b8c7985647d\"\u003e\u003ccode\u003e33b60f8\u003c/code\u003e\u003c/a\u003e Update prek dependencies (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3495\"\u003e#3495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/1d3efc1d68e36a8f982fa73b1f8c2a5ebc50fcde\"\u003e\u003ccode\u003e1d3efc1\u003c/code\u003e\u003c/a\u003e Bump version to 0.0.38 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3492\"\u003e#3492\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/f5100ccde50ff577fa311add5232ae6074ed68f9\"\u003e\u003ccode\u003ef5100cc\u003c/code\u003e\u003c/a\u003e scripts/update_schemastore: use -C to allow re-running schema update on exist...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/f18aed6430c781ff3bc4fe41d9b5c2a7161657c4\"\u003e\u003ccode\u003ef18aed6\u003c/code\u003e\u003c/a\u003e Bump version to 0.0.37 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3473\"\u003e#3473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/a63e55929645f8eeaa6f28117afda8d2ed39d1a4\"\u003e\u003ccode\u003ea63e559\u003c/code\u003e\u003c/a\u003e Bump version to 0.0.36 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3463\"\u003e#3463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/94370d5b43c48d01720a9e65d8d8d5286b6697b1\"\u003e\u003ccode\u003e94370d5\u003c/code\u003e\u003c/a\u003e Update prek dependencies (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3449\"\u003e#3449\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/astral-sh/ty/compare/0.0.35...0.0.39\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `prek` from 0.3.13 to 0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/j178/prek/releases\"\u003eprek's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.4.1\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-20.\u003c/p\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix pre-push range after rebase (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2089\"\u003e#2089\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrefer extensions over loose filename tags (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip installs for hooks that will not run (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2103\"\u003e#2103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize meta hook file scans (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2106\"\u003e#2106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReduce run filtering allocations (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2090\"\u003e#2090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall prek 0.4.1\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://github.com/j178/prek/releases/download/v0.4.1/prek-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via powershell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003epowershell -ExecutionPolicy Bypass -c \u0026quot;irm https://github.com/j178/prek/releases/download/v0.4.1/prek-installer.ps1 | iex\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via Homebrew\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ebrew install prek\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eDownload prek 0.4.1\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eFile\u003c/th\u003e\n\u003cth\u003ePlatform\u003c/th\u003e\n\u003cth\u003eChecksum\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-aarch64-apple-darwin.tar.gz\"\u003eprek-aarch64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eApple Silicon macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-aarch64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-x86_64-apple-darwin.tar.gz\"\u003eprek-x86_64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eIntel macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-x86_64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-aarch64-pc-windows-msvc.zip\"\u003eprek-aarch64-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-aarch64-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-i686-pc-windows-msvc.zip\"\u003eprek-i686-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex86 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-i686-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-x86_64-pc-windows-msvc.zip\"\u003eprek-x86_64-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex64 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-x86_64-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-aarch64-unknown-linux-gnu.tar.gz\"\u003eprek-aarch64-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-aarch64-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/j178/prek/blob/master/CHANGELOG.md\"\u003eprek's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.4.1\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-20.\u003c/p\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix pre-push range after rebase (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2089\"\u003e#2089\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrefer extensions over loose filename tags (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip installs for hooks that will not run (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2103\"\u003e#2103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize meta hook file scans (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2106\"\u003e#2106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReduce run filtering allocations (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2090\"\u003e#2090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.4.0\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003eBreaking changes\u003c/h3\u003e\n\u003cp\u003eThese are narrow cleanup breaks in behavior that was either temporary or never worked correctly. Most users should not need to change anything.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eGenerated hook scripts no longer preserve \u003ccode\u003e-q\u003c/code\u003e, \u003ccode\u003e-v\u003c/code\u003e, or \u003ccode\u003e--no-progress\u003c/code\u003e passed to \u003ccode\u003eprek install\u003c/code\u003e. This only affects users who expected those global flags to be baked into installed hooks. (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1966\"\u003e#1966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elanguage_version\u003c/code\u003e no longer accepts direct executable paths. Use \u003ccode\u003elanguage_version: system\u003c/code\u003e for a system toolchain, or use a supported version request instead. This path form did not work reliably before, so existing working configs should be unaffected. (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1831\"\u003e#1831\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eExpand tilde in \u003ccode\u003e--config\u003c/code\u003e, \u003ccode\u003e--cd\u003c/code\u003e, \u003ccode\u003e--log-file\u003c/code\u003e and \u003ccode\u003e--git-dir\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2063\"\u003e#2063\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent auto-update cooldown downgrades (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2055\"\u003e#2055\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse managed npm cache for node hooks (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2075\"\u003e#2075\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix npm config env overrides for node hooks (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd cookbook page for enabling Git 2.54 config-based global hooks (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2061\"\u003e#2061\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/871b9edb65b7978c2c53d94f60a433cb9e120132\"\u003e\u003ccode\u003e871b9ed\u003c/code\u003e\u003c/a\u003e Bump version to 0.4.1 (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2107\"\u003e#2107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/3c26faf5be0c9ad0e61309650479e063b8cb0037\"\u003e\u003ccode\u003e3c26faf\u003c/code\u003e\u003c/a\u003e Optimize meta hook file scans (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2106\"\u003e#2106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/7780f1149565ff430b86be1f688dce7f680c6760\"\u003e\u003ccode\u003e7780f11\u003c/code\u003e\u003c/a\u003e Clean up run hook installation flow (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2105\"\u003e#2105\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/c5dc885bcbc3d293d6c20ffb43b7be970b55b60d\"\u003e\u003ccode\u003ec5dc885\u003c/code\u003e\u003c/a\u003e Refine hook install filtering (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2104\"\u003e#2104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/9db879e92760cfa3c6da748672237a1b1d81ce12\"\u003e\u003ccode\u003e9db879e\u003c/code\u003e\u003c/a\u003e Skip installs for hooks that will not run (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2103\"\u003e#2103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/2a0da57faddae03fd6d8985776ab2ec33d0b99e5\"\u003e\u003ccode\u003e2a0da57\u003c/code\u003e\u003c/a\u003e Simplify workspace file handling (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2102\"\u003e#2102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/33ca06054451602a7988b64ac6cf12b1cf5fddad\"\u003e\u003ccode\u003e33ca060\u003c/code\u003e\u003c/a\u003e Lock file maintenance (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/03f11c00b169b9beea59253fc5a0c7efe6dc9fa6\"\u003e\u003ccode\u003e03f11c0\u003c/code\u003e\u003c/a\u003e Update GitHub Actions (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2101\"\u003e#2101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/354f431c3c0420d5be83e6c59f3b644c907793e6\"\u003e\u003ccode\u003e354f431\u003c/code\u003e\u003c/a\u003e Update dependency uv to v0.11.13 (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2094\"\u003e#2094\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/4a41828a33efaccccaba76e96942314ac3309e75\"\u003e\u003ccode\u003e4a41828\u003c/code\u003e\u003c/a\u003e Update Rust crate quick-xml to v0.39.4 (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2098\"\u003e#2098\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/j178/prek/compare/v0.3.13...v0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmor` from 1.24.1 to 1.25.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.25.2\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-tools\"\u003eunpinned-tools\u003c/a\u003e audit would incorrectly flag the \u003ca href=\"https://github.com/aquasecurity/trivy-action\"\u003eaquasecurity/trivy-action\u003c/a\u003e action as installing an unpinned tool version, rather than \u003ca href=\"https://github.com/aquasecurity/setup-trivy\"\u003eaquasecurity/setup-trivy\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2018\"\u003e#2018\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.25.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#cache-poisoning\"\u003ecache-poisoning\u003c/a\u003e audit would fail to consider release events as exempt from cache usage findings when filtered by a tag condition (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2004\"\u003e#2004\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo when suggesting --fix flags for findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2010\"\u003e#2010\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/0xdea\"\u003e\u003ccode\u003e@​0xdea\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo in \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-tools\"\u003eunpinned-tools\u003c/a\u003e annotations (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2008\"\u003e#2008\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#github-app\"\u003egithub-app\u003c/a\u003e audit would incorrectly flag some safe uses of \u003ca href=\"https://github.com/actions/create-github-app-token\"\u003eactions/create-github-app-token\u003c/a\u003e as unsafe (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2011\"\u003e#2011\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.25.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's finding severities can now be remapped on a per-audit basis. See \u003ca href=\"https://docs.zizmor.sh/configuration/#rules-id-remap\"\u003ethe configuration\u003c/a\u003e for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1913\"\u003e#1913\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/Proximyst\"\u003e\u003ccode\u003e@​Proximyst\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#github-app\"\u003egithub-app\u003c/a\u003e detects dangerous usages of GitHub App installation tokens (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: [unpinned-tools] detects actions that install tools without pinning to a specific version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now accepts the --no-ignores flag to disable all ignore comments and configurations when reporting findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's LSP now honors the --persona flag on the CLI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1943\"\u003e#1943\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor is now aware of Docker-based action definitions, in addition to the pre-existing support for \u0026quot;composite\u0026quot; actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue edit --add-label / gh pr edit --add-label as a replacement for \u003ca href=\"https://github.com/actions-ecosystem/action-add-labels\"\u003eactions-ecosystem/action-add-labels\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue edit --remove-label / gh pr edit --remove-label as a replacement for \u003ca href=\"https://github.com/actions-ecosystem/action-remove-labels\"\u003eactions-ecosystem/action-remove-labels\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend jq as a replacement for \u003ca href=\"https://github.com/sergeysova/jq-action\"\u003esergeysova/jq-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend git add, git commit, and git push as a replacement for \u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action\"\u003estefanzweifel/git-auto-commit-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend git add, git commit, and git push as a replacement for \u003ca href=\"https://github.com/EndBug/add-and-commit\"\u003eEndBug/add-and-commit\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/tibdex/github-app-token\"\u003etibdex/github-app-token\u003c/a\u003e is now recognized as an archived action by \u003ca href=...\n\n_Description has been truncated_","html_url":"https://github.com/fastapi/sqlmodel/pull/1989","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/fastapi%2Fsqlmodel/issues/1989","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1989/packages"},{"uuid":"4510407434","node_id":"PR_kwDOSmGB2s7euU4J","number":5,"state":"open","title":"⬆ Bump zizmor from 1.23.1 to 1.25.2","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-24T03:51:38.000Z","updated_at":"2026-05-24T03:51:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"⬆ Bump","packages":[{"name":"zizmor","old_version":"1.23.1","new_version":"1.25.2","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps [zizmor](https://github.com/zizmorcore/zizmor) from 1.23.1 to 1.25.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.25.2\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-tools\"\u003eunpinned-tools\u003c/a\u003e audit would incorrectly flag the \u003ca href=\"https://github.com/aquasecurity/trivy-action\"\u003eaquasecurity/trivy-action\u003c/a\u003e action as installing an unpinned tool version, rather than \u003ca href=\"https://github.com/aquasecurity/setup-trivy\"\u003eaquasecurity/setup-trivy\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2018\"\u003e#2018\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.25.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#cache-poisoning\"\u003ecache-poisoning\u003c/a\u003e audit would fail to consider release events as exempt from cache usage findings when filtered by a tag condition (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2004\"\u003e#2004\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo when suggesting --fix flags for findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2010\"\u003e#2010\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/0xdea\"\u003e\u003ccode\u003e@​0xdea\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo in \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-tools\"\u003eunpinned-tools\u003c/a\u003e annotations (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2008\"\u003e#2008\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#github-app\"\u003egithub-app\u003c/a\u003e audit would incorrectly flag some safe uses of \u003ca href=\"https://github.com/actions/create-github-app-token\"\u003eactions/create-github-app-token\u003c/a\u003e as unsafe (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2011\"\u003e#2011\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.25.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's finding severities can now be remapped on a per-audit basis. See \u003ca href=\"https://docs.zizmor.sh/configuration/#rules-id-remap\"\u003ethe configuration\u003c/a\u003e for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1913\"\u003e#1913\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/Proximyst\"\u003e\u003ccode\u003e@​Proximyst\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#github-app\"\u003egithub-app\u003c/a\u003e detects dangerous usages of GitHub App installation tokens (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: [unpinned-tools] detects actions that install tools without pinning to a specific version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now accepts the --no-ignores flag to disable all ignore comments and configurations when reporting findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's LSP now honors the --persona flag on the CLI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1943\"\u003e#1943\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor is now aware of Docker-based action definitions, in addition to the pre-existing support for \u0026quot;composite\u0026quot; actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue edit --add-label / gh pr edit --add-label as a replacement for \u003ca href=\"https://github.com/actions-ecosystem/action-add-labels\"\u003eactions-ecosystem/action-add-labels\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue edit --remove-label / gh pr edit --remove-label as a replacement for \u003ca href=\"https://github.com/actions-ecosystem/action-remove-labels\"\u003eactions-ecosystem/action-remove-labels\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend jq as a replacement for \u003ca href=\"https://github.com/sergeysova/jq-action\"\u003esergeysova/jq-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend git add, git commit, and git push as a replacement for \u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action\"\u003estefanzweifel/git-auto-commit-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend git add, git commit, and git push as a replacement for \u003ca href=\"https://github.com/EndBug/add-and-commit\"\u003eEndBug/add-and-commit\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/tibdex/github-app-token\"\u003etibdex/github-app-token\u003c/a\u003e is now recognized as an archived action by \u003ca href=\"https://docs.zizmor.sh/audits/#archived-uses\"\u003earchived-uses\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1910\"\u003e#1910\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.25.2\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the [unpinned-tools] audit would incorrectly flag the\n\u003ccode\u003e@​aquasecurity/trivy-action\u003c/code\u003e action as installing an unpinned tool version,\nrather than \u003ccode\u003e@​aquasecurity/setup-trivy\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2018\"\u003e#2018\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.25.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the [cache-poisoning] audit would fail to consider\n\u003ccode\u003erelease\u003c/code\u003e events as exempt from cache usage findings when filtered by a\ntag condition (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2004\"\u003e#2004\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo when suggesting \u003ccode\u003e--fix\u003c/code\u003e flags for findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2010\"\u003e#2010\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/0xdea\"\u003e\u003ccode\u003e@​0xdea\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo in [unpinned-tools] annotations (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2008\"\u003e#2008\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the [github-app] audit would incorrectly flag some safe\nuses of \u003ccode\u003e@​actions/create-github-app-token\u003c/code\u003e as unsafe (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2011\"\u003e#2011\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.25.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's finding severities can now be remapped on a per-audit basis.\nSee \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/configuration.md#rules-id-remap\"\u003ethe configuration\u003c/a\u003e for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1913\"\u003e#1913\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/Proximyst\"\u003e\u003ccode\u003e@​Proximyst\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [github-app] detects dangerous usages of GitHub App installation tokens\n(\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [unpinned-tools] detects actions that install tools without pinning\nto a specific version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now accepts the \u003ccode\u003e--no-ignores\u003c/code\u003e flag to disable all ignore comments and\nconfigurations when reporting findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e's LSP now honors the \u003ccode\u003e--persona\u003c/code\u003e flag on the CLI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1943\"\u003e#1943\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e is now aware of Docker-based action definitions, in addition to the\npre-existing support for \u0026quot;composite\u0026quot; actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/b50d8f60e27e0084aa3a5f5dff46054a8253ac2a\"\u003e\u003ccode\u003eb50d8f6\u003c/code\u003e\u003c/a\u003e zizmor 1.25.2 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/e8c96481b76ee03dc3e72cc744ad77cfc62cc238\"\u003e\u003ccode\u003ee8c9648\u003c/code\u003e\u003c/a\u003e Bump rustls-webpki to 0.103.13 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2021\"\u003e#2021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/9e19bdedaa4af986b47d7f3ffdadcdd7b226c8a6\"\u003e\u003ccode\u003e9e19bde\u003c/code\u003e\u003c/a\u003e Bump aws-lc crates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2020\"\u003e#2020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/49cb189191c75a18d73a92ae47985424cc0acd3e\"\u003e\u003ccode\u003e49cb189\u003c/code\u003e\u003c/a\u003e Bump rand to 0.9.4 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2019\"\u003e#2019\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/bfdb64993cecb911e385622b989a44431fc2d13f\"\u003e\u003ccode\u003ebfdb649\u003c/code\u003e\u003c/a\u003e unpinned-tools: fix trivy action being detected (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2018\"\u003e#2018\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/9300d3b5a7f06a3d77f092d01434dab99399f3e5\"\u003e\u003ccode\u003e9300d3b\u003c/code\u003e\u003c/a\u003e ww/release (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/331917af1e4f7c6aed23ddd41477c2042d8a857d\"\u003e\u003ccode\u003e331917a\u003c/code\u003e\u003c/a\u003e chore: drop \u003ccode\u003eserde_yaml\u003c/code\u003e rename (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2015\"\u003e#2015\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/506f0856dec8a5c863a4dce695a83491187c543d\"\u003e\u003ccode\u003e506f085\u003c/code\u003e\u003c/a\u003e github-app: test \u003ccode\u003erepositories\u003c/code\u003e, not \u003ccode\u003erepository\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2011\"\u003e#2011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/53dea374e8a01f8df00f9d1acd7dbdfb1838acd8\"\u003e\u003ccode\u003e53dea37\u003c/code\u003e\u003c/a\u003e unpinned-tools, docs: fix typos (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2008\"\u003e#2008\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/8068e115f99b6b84611a8865a8cad0858bd5e07c\"\u003e\u003ccode\u003e8068e11\u003c/code\u003e\u003c/a\u003e fix: replace \u003ccode\u003e--fix=unsafe\u003c/code\u003e with \u003ccode\u003e--fix=unsafe-only\u003c/code\u003e in suggestion (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2010\"\u003e#2010\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.23.1...v1.25.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmor\u0026package-manager=uv\u0026previous-version=1.23.1\u0026new-version=1.25.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ikomom/bilibili-user-interface/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ikomom%2Fbilibili-user-interface/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"},{"uuid":"4505849045","node_id":"PR_kwDOF8_QEs7egeQP","number":1980,"state":"closed","title":"⬆ Bump zizmor from 1.24.1 to 1.25.1","user":"dependabot[bot]","labels":["dependencies","internal","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-25T20:13:35.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T22:07:40.000Z","updated_at":"2026-05-25T20:13:37.000Z","time_to_close":252355,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"⬆ Bump","packages":[{"name":"zizmor","old_version":"1.24.1","new_version":"1.25.1","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps [zizmor](https://github.com/zizmorcore/zizmor) from 1.24.1 to 1.25.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.25.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#cache-poisoning\"\u003ecache-poisoning\u003c/a\u003e audit would fail to consider release events as exempt from cache usage findings when filtered by a tag condition (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2004\"\u003e#2004\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo when suggesting --fix flags for findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2010\"\u003e#2010\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/0xdea\"\u003e\u003ccode\u003e@​0xdea\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo in \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-tools\"\u003eunpinned-tools\u003c/a\u003e annotations (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2008\"\u003e#2008\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#github-app\"\u003egithub-app\u003c/a\u003e audit would incorrectly flag some safe uses of \u003ca href=\"https://github.com/actions/create-github-app-token\"\u003eactions/create-github-app-token\u003c/a\u003e as unsafe (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2011\"\u003e#2011\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.25.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's finding severities can now be remapped on a per-audit basis. See \u003ca href=\"https://docs.zizmor.sh/configuration/#rules-id-remap\"\u003ethe configuration\u003c/a\u003e for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1913\"\u003e#1913\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/Proximyst\"\u003e\u003ccode\u003e@​Proximyst\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#github-app\"\u003egithub-app\u003c/a\u003e detects dangerous usages of GitHub App installation tokens (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: [unpinned-tools] detects actions that install tools without pinning to a specific version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now accepts the --no-ignores flag to disable all ignore comments and configurations when reporting findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's LSP now honors the --persona flag on the CLI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1943\"\u003e#1943\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor is now aware of Docker-based action definitions, in addition to the pre-existing support for \u0026quot;composite\u0026quot; actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue edit --add-label / gh pr edit --add-label as a replacement for \u003ca href=\"https://github.com/actions-ecosystem/action-add-labels\"\u003eactions-ecosystem/action-add-labels\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue edit --remove-label / gh pr edit --remove-label as a replacement for \u003ca href=\"https://github.com/actions-ecosystem/action-remove-labels\"\u003eactions-ecosystem/action-remove-labels\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend jq as a replacement for \u003ca href=\"https://github.com/sergeysova/jq-action\"\u003esergeysova/jq-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend git add, git commit, and git push as a replacement for \u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action\"\u003estefanzweifel/git-auto-commit-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend git add, git commit, and git push as a replacement for \u003ca href=\"https://github.com/EndBug/add-and-commit\"\u003eEndBug/add-and-commit\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/tibdex/github-app-token\"\u003etibdex/github-app-token\u003c/a\u003e is now recognized as an archived action by \u003ca href=\"https://docs.zizmor.sh/audits/#archived-uses\"\u003earchived-uses\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1910\"\u003e#1910\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [dangerous-triggers] audit now explicitly exempts workflows that only invoke \u003ca href=\"https://github.com/actions/labeler\"\u003eactions/labeler\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-images\"\u003eunpinned-images\u003c/a\u003e audit now detects unpinned image references in Docker-based action definitions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.25.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the [cache-poisoning] audit would fail to consider\n\u003ccode\u003erelease\u003c/code\u003e events as exempt from cache usage findings when filtered by a\ntag condition (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2004\"\u003e#2004\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo when suggesting \u003ccode\u003e--fix\u003c/code\u003e flags for findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2010\"\u003e#2010\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/0xdea\"\u003e\u003ccode\u003e@​0xdea\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo in [unpinned-tools] annotations (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2008\"\u003e#2008\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the [github-app] audit would incorrectly flag some safe\nuses of \u003ccode\u003e@​actions/create-github-app-token\u003c/code\u003e as unsafe (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2011\"\u003e#2011\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.25.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's finding severities can now be remapped on a per-audit basis.\nSee \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/configuration.md#rules-id-remap\"\u003ethe configuration\u003c/a\u003e for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1913\"\u003e#1913\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/Proximyst\"\u003e\u003ccode\u003e@​Proximyst\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [github-app] detects dangerous usages of GitHub App installation tokens\n(\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [unpinned-tools] detects actions that install tools without pinning\nto a specific version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now accepts the \u003ccode\u003e--no-ignores\u003c/code\u003e flag to disable all ignore comments and\nconfigurations when reporting findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e's LSP now honors the \u003ccode\u003e--persona\u003c/code\u003e flag on the CLI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1943\"\u003e#1943\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e is now aware of Docker-based action definitions, in addition to the\npre-existing support for \u0026quot;composite\u0026quot; actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh issue edit --add-label\u003c/code\u003e / \u003ccode\u003egh pr edit --add-label\u003c/code\u003e as a replacement for\n\u003ccode\u003e@​actions-ecosystem/action-add-labels\u003c/code\u003e in [superfluous-actions]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh issue edit --remove-label\u003c/code\u003e / \u003ccode\u003egh pr edit --remove-label\u003c/code\u003e as a replacement for\n\u003ccode\u003e@​actions-ecosystem/action-remove-labels\u003c/code\u003e in [superfluous-actions]\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/9300d3b5a7f06a3d77f092d01434dab99399f3e5\"\u003e\u003ccode\u003e9300d3b\u003c/code\u003e\u003c/a\u003e ww/release (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/331917af1e4f7c6aed23ddd41477c2042d8a857d\"\u003e\u003ccode\u003e331917a\u003c/code\u003e\u003c/a\u003e chore: drop \u003ccode\u003eserde_yaml\u003c/code\u003e rename (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2015\"\u003e#2015\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/506f0856dec8a5c863a4dce695a83491187c543d\"\u003e\u003ccode\u003e506f085\u003c/code\u003e\u003c/a\u003e github-app: test \u003ccode\u003erepositories\u003c/code\u003e, not \u003ccode\u003erepository\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2011\"\u003e#2011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/53dea374e8a01f8df00f9d1acd7dbdfb1838acd8\"\u003e\u003ccode\u003e53dea37\u003c/code\u003e\u003c/a\u003e unpinned-tools, docs: fix typos (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2008\"\u003e#2008\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/8068e115f99b6b84611a8865a8cad0858bd5e07c\"\u003e\u003ccode\u003e8068e11\u003c/code\u003e\u003c/a\u003e fix: replace \u003ccode\u003e--fix=unsafe\u003c/code\u003e with \u003ccode\u003e--fix=unsafe-only\u003c/code\u003e in suggestion (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2010\"\u003e#2010\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/05e3d99d937ae280a42bbbee32f94c2608583289\"\u003e\u003ccode\u003e05e3d99\u003c/code\u003e\u003c/a\u003e cache-poisoning: relax trigger check in heuristics (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2004\"\u003e#2004\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/9440ced9e1cc01bdd51f6b13389d802d22b97bae\"\u003e\u003ccode\u003e9440ced\u003c/code\u003e\u003c/a\u003e Fix link in release-notes (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2002\"\u003e#2002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/ee075979c40cc6b8278bc0215477d03d65c80980\"\u003e\u003ccode\u003eee07597\u003c/code\u003e\u003c/a\u003e Prep zizmor 1.25.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2001\"\u003e#2001\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/77e92cf559951568311fd0d39a99fd091fb1df09\"\u003e\u003ccode\u003e77e92cf\u003c/code\u003e\u003c/a\u003e Bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1999\"\u003e#1999\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/bf0362df55cb4b4998913bca0b9ff91a07ceebac\"\u003e\u003ccode\u003ebf0362d\u003c/code\u003e\u003c/a\u003e Add some gatekeeping that instructs agents to refer their operator to the AI ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.24.1...v1.25.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmor\u0026package-manager=uv\u0026previous-version=1.24.1\u0026new-version=1.25.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/fastapi/sqlmodel/pull/1980","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/fastapi%2Fsqlmodel/issues/1980","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1980/packages"},{"uuid":"4505245325","node_id":"PR_kwDOSg-MxM7eeitJ","number":7,"state":"open","title":"⬆ Bump zizmor from 1.23.1 to 1.25.0","user":"dependabot[bot]","labels":["dependencies","python:uv","internal"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T19:50:12.000Z","updated_at":"2026-05-22T19:52:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"⬆ Bump","packages":[{"name":"zizmor","old_version":"1.23.1","new_version":"1.25.0","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps [zizmor](https://github.com/zizmorcore/zizmor) from 1.23.1 to 1.25.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.25.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's finding severities can now be remapped on a per-audit basis. See \u003ca href=\"https://docs.zizmor.sh/configuration/#rules-id-remap\"\u003ethe configuration\u003c/a\u003e for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1913\"\u003e#1913\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/Proximyst\"\u003e\u003ccode\u003e@​Proximyst\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#github-app\"\u003egithub-app\u003c/a\u003e detects dangerous usages of GitHub App installation tokens (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: [unpinned-tools] detects actions that install tools without pinning to a specific version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now accepts the --no-ignores flag to disable all ignore comments and configurations when reporting findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's LSP now honors the --persona flag on the CLI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1943\"\u003e#1943\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor is now aware of Docker-based action definitions, in addition to the pre-existing support for \u0026quot;composite\u0026quot; actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue edit --add-label / gh pr edit --add-label as a replacement for \u003ca href=\"https://github.com/actions-ecosystem/action-add-labels\"\u003eactions-ecosystem/action-add-labels\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue edit --remove-label / gh pr edit --remove-label as a replacement for \u003ca href=\"https://github.com/actions-ecosystem/action-remove-labels\"\u003eactions-ecosystem/action-remove-labels\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend jq as a replacement for \u003ca href=\"https://github.com/sergeysova/jq-action\"\u003esergeysova/jq-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend git add, git commit, and git push as a replacement for \u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action\"\u003estefanzweifel/git-auto-commit-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend git add, git commit, and git push as a replacement for \u003ca href=\"https://github.com/EndBug/add-and-commit\"\u003eEndBug/add-and-commit\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/tibdex/github-app-token\"\u003etibdex/github-app-token\u003c/a\u003e is now recognized as an archived action by \u003ca href=\"https://docs.zizmor.sh/audits/#archived-uses\"\u003earchived-uses\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1910\"\u003e#1910\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [dangerous-triggers] audit now explicitly exempts workflows that only invoke \u003ca href=\"https://github.com/actions/labeler\"\u003eactions/labeler\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-images\"\u003eunpinned-images\u003c/a\u003e audit now detects unpinned image references in Docker-based action definitions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's SARIF output now provides slightly more detailed finding messages (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1972\"\u003e#1972\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#archived-uses\"\u003earchived-uses\u003c/a\u003e audit now detects more archived actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1978\"\u003e#1978\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003edeno is now recognized as a package-ecosystem in dependabot.yml (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1991\"\u003e#1991\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePerformance Improvements 🚄\u003ca href=\"https://docs.zizmor.sh/release-notes/#performance-improvements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#impostor-commit\"\u003eimpostor-commit\u003c/a\u003e audit is now significantly faster (in addition to being more correct) when the user has pinned their action to a tag SHA instead of a commit SHA (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1998\"\u003e#1998\u003c/a\u003e)\nBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a crash in the \u003ca href=\"https://docs.zizmor.sh/audits/#template-injection\"\u003etemplate-injection\u003c/a\u003e audit when a workflow uses a parenthesized compound expression in context position (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1904\"\u003e#1904\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where local directory input collection could miss workflows for relative-path invocations from within .github subdirectories (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1909\"\u003e#1909\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.25.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's finding severities can now be remapped on a per-audit basis.\nSee \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/configuration.md#rules-id-remap\"\u003ethe configuration\u003c/a\u003e for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1913\"\u003e#1913\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/Proximyst\"\u003e\u003ccode\u003e@​Proximyst\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [github-app] detects dangerous usages of GitHub App installation tokens\n(\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [unpinned-tools] detects actions that install tools without pinning\nto a specific version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now accepts the \u003ccode\u003e--no-ignores\u003c/code\u003e flag to disable all ignore comments and\nconfigurations when reporting findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e's LSP now honors the \u003ccode\u003e--persona\u003c/code\u003e flag on the CLI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1943\"\u003e#1943\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e is now aware of Docker-based action definitions, in addition to the\npre-existing support for \u0026quot;composite\u0026quot; actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh issue edit --add-label\u003c/code\u003e / \u003ccode\u003egh pr edit --add-label\u003c/code\u003e as a replacement for\n\u003ccode\u003e@​actions-ecosystem/action-add-labels\u003c/code\u003e in [superfluous-actions]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh issue edit --remove-label\u003c/code\u003e / \u003ccode\u003egh pr edit --remove-label\u003c/code\u003e as a replacement for\n\u003ccode\u003e@​actions-ecosystem/action-remove-labels\u003c/code\u003e in [superfluous-actions]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003ejq\u003c/code\u003e as a replacement for \u003ccode\u003e@​sergeysova/jq-action\u003c/code\u003e in [superfluous-actions]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egit add\u003c/code\u003e, \u003ccode\u003egit commit\u003c/code\u003e, and \u003ccode\u003egit push\u003c/code\u003e as a replacement for\n\u003ccode\u003e@​stefanzweifel/git-auto-commit-action\u003c/code\u003e in [superfluous-actions]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egit add\u003c/code\u003e, \u003ccode\u003egit commit\u003c/code\u003e, and \u003ccode\u003egit push\u003c/code\u003e as a replacement for\n\u003ccode\u003e@​EndBug/add-and-commit\u003c/code\u003e in [superfluous-actions]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003e@​tibdex/github-app-token\u003c/code\u003e is now recognized as an archived action by\n[archived-uses] (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1910\"\u003e#1910\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [dangerous-triggers] audit now explicitly exempts workflows that only\ninvoke \u003ccode\u003e@​actions/labeler\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-images] audit now detects unpinned image references in\nDocker-based action definitions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's SARIF output now provides slightly more detailed finding messages\n(\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1972\"\u003e#1972\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/ee075979c40cc6b8278bc0215477d03d65c80980\"\u003e\u003ccode\u003eee07597\u003c/code\u003e\u003c/a\u003e Prep zizmor 1.25.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2001\"\u003e#2001\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/77e92cf559951568311fd0d39a99fd091fb1df09\"\u003e\u003ccode\u003e77e92cf\u003c/code\u003e\u003c/a\u003e Bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1999\"\u003e#1999\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/bf0362df55cb4b4998913bca0b9ff91a07ceebac\"\u003e\u003ccode\u003ebf0362d\u003c/code\u003e\u003c/a\u003e Add some gatekeeping that instructs agents to refer their operator to the AI ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/5594c39b7107488e80d747ec1bbcf65b29a29837\"\u003e\u003ccode\u003e5594c39\u003c/code\u003e\u003c/a\u003e impostor-commit: handle tag SHAs properly (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1998\"\u003e#1998\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/205979aa917353208610cc1550fc71fa8f32257a\"\u003e\u003ccode\u003e205979a\u003c/code\u003e\u003c/a\u003e chore(deps): bump the cargo group with 3 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1987\"\u003e#1987\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/bcafe88a0d2e8b1812cd9e9e248b580e98e67af8\"\u003e\u003ccode\u003ebcafe88\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1988\"\u003e#1988\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/6690c007d6a248e9770a9905bf4c8fed55bd2629\"\u003e\u003ccode\u003e6690c00\u003c/code\u003e\u003c/a\u003e [BOT] update JSON schemas from SchemaStore (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1986\"\u003e#1986\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/3b3b29ac6ffe0b4b139f3b38299f3d0adb206cbf\"\u003e\u003ccode\u003e3b3b29a\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003edeno\u003c/code\u003e as a known Dependabot ecosystem (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1991\"\u003e#1991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/ef54d445066012340fd644b83bf4e0930da93446\"\u003e\u003ccode\u003eef54d44\u003c/code\u003e\u003c/a\u003e Bump sponsors (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1990\"\u003e#1990\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/fd14ab6e046349850b4b037b859fbb7888b57dfe\"\u003e\u003ccode\u003efd14ab6\u003c/code\u003e\u003c/a\u003e Make trophy handling less cumbersome (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1982\"\u003e#1982\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.23.1...v1.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmor\u0026package-manager=uv\u0026previous-version=1.23.1\u0026new-version=1.25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/waqas-duck/typer/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/waqas-duck%2Ftyper/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"},{"uuid":"4413148759","node_id":"PR_kwDOGyUJ387Z4DQT","number":335,"state":"closed","title":":arrow_up: deps(deps): Bump the python-packages group with 13 updates","user":"dependabot[bot]","labels":["🛠️ maintenance"],"assignees":["ryancheley"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-09T22:45:10.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-09T16:48:22.000Z","updated_at":"2026-05-09T22:45:18.000Z","time_to_close":21408,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":":arrow_up: deps(deps): Bump","group_name":"python-packages","update_count":13,"packages":[{"name":"django","old_version":"6.0.3","new_version":"6.0.5","repository_url":"https://github.com/django/django"},{"name":"django-health-check","old_version":"4.2.1","new_version":"4.4.0","repository_url":"https://github.com/codingjoe/django-health-check"},{"name":"gunicorn","old_version":"25.3.0","new_version":"26.0.0","repository_url":"https://github.com/benoitc/gunicorn"},{"name":"requests","old_version":"2.33.0","new_version":"2.33.1","repository_url":"https://github.com/psf/requests"},{"name":"django-coverage-plugin","old_version":"3.2.0","new_version":"3.2.2","repository_url":"https://github.com/coveragepy/django_coverage_plugin"},{"name":"django-debug-toolbar","old_version":"6.2.0","new_version":"6.3.0","repository_url":"https://github.com/django-commons/django-debug-toolbar"},{"name":"prek","old_version":"0.3.8","new_version":"0.3.13","repository_url":"https://github.com/j178/prek"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"pytest-randomly","old_version":"4.0.1","new_version":"4.1.0","repository_url":"https://github.com/pytest-dev/pytest-randomly"},{"name":"ruff","old_version":"0.15.8","new_version":"0.15.12","repository_url":"https://github.com/astral-sh/ruff"},{"name":"uv","old_version":"0.11.2","new_version":"0.11.12","repository_url":"https://github.com/astral-sh/uv"},{"name":"zizmor","old_version":"1.23.1","new_version":"1.24.1","repository_url":"https://github.com/zizmorcore/zizmor"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-packages group with 13 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [django](https://github.com/django/django) | `6.0.3` | `6.0.5` |\n| [django-health-check](https://github.com/codingjoe/django-health-check) | `4.2.1` | `4.4.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `25.3.0` | `26.0.0` |\n| [requests](https://github.com/psf/requests) | `2.33.0` | `2.33.1` |\n| [django-coverage-plugin](https://github.com/coveragepy/django_coverage_plugin) | `3.2.0` | `3.2.2` |\n| [django-debug-toolbar](https://github.com/django-commons/django-debug-toolbar) | `6.2.0` | `6.3.0` |\n| [prek](https://github.com/j178/prek) | `0.3.8` | `0.3.13` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [pytest-randomly](https://github.com/pytest-dev/pytest-randomly) | `4.0.1` | `4.1.0` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.8` | `0.15.12` |\n| [uv](https://github.com/astral-sh/uv) | `0.11.2` | `0.11.12` |\n| [zizmor](https://github.com/zizmorcore/zizmor) | `1.23.1` | `1.24.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n\nUpdates `django` from 6.0.3 to 6.0.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8f8ad09659d728423a00e0a3b5f16da5c3a38e24\"\u003e\u003ccode\u003e8f8ad09\u003c/code\u003e\u003c/a\u003e [6.0.x] Bumped version for 6.0.5 release.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/44ad76efcbe3c4ca0f08bb9dabe916f6374596c9\"\u003e\u003ccode\u003e44ad76e\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-6907 -- Prevented caching of requests when Vary header...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/1b0184aa657bc3f5859aeb0206e7c1e94e48b103\"\u003e\u003ccode\u003e1b0184a\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-35192 -- Ensured Vary header is sent when setting sess...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/ad8f9e19e0897ea45ded7c046ff28daf6f773e92\"\u003e\u003ccode\u003ead8f9e1\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-5766 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE in Memory...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/990ab01e70fd8f55e867b4a234c0ee242fd33fec\"\u003e\u003ccode\u003e990ab01\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed \u003ca href=\"https://redirect.github.com/django/django/issues/37039\"\u003e#37039\u003c/a\u003e -- Removed outdated note from QuerySet.iterator() docs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/f0c269f285ab58bfb4a120141d7dd41ff4f42b45\"\u003e\u003ccode\u003ef0c269f\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed typo in stub release notes for 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8bcd15beeff6542acc381b83f50b061d62284c2b\"\u003e\u003ccode\u003e8bcd15b\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed \u003ca href=\"https://redirect.github.com/django/django/issues/37067\"\u003e#37067\u003c/a\u003e -- Added trailing slash in django_file_prefixes().\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/3cdec6454fb86e8d03a06944c0c68025733ed93f\"\u003e\u003ccode\u003e3cdec64\u003c/code\u003e\u003c/a\u003e [6.0.x] Refs CVE-2026-25674 -- Clarified role of umask in upload permissions.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/5dd5c70cf1056e8e04badb687f773e8f16bba257\"\u003e\u003ccode\u003e5dd5c70\u003c/code\u003e\u003c/a\u003e [6.0.x] Added stub release notes and release date for 6.0.5 and 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8ee73415270a1a54daaec9bb529ad82c6f7a6d4c\"\u003e\u003ccode\u003e8ee7341\u003c/code\u003e\u003c/a\u003e [6.0.x] Refs \u003ca href=\"https://redirect.github.com/django/django/issues/373\"\u003e#373\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/django/django/issues/34122\"\u003e#34122\u003c/a\u003e -- Removed warning that ForeignObject is an interna...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/django/django/compare/6.0.3...6.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-health-check` from 4.2.1 to 4.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codingjoe/django-health-check/releases\"\u003edjango-health-check's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eResolve \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/issues/724\"\u003e#724\u003c/a\u003e -- Add public dataclass field as OpenMetric label by \u003ca href=\"https://github.com/RemiDesgrange\"\u003e\u003ccode\u003e@​RemiDesgrange\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/pull/725\"\u003ecodingjoe/django-health-check#725\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RemiDesgrange\"\u003e\u003ccode\u003e@​RemiDesgrange\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/pull/725\"\u003ecodingjoe/django-health-check#725\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codingjoe/django-health-check/compare/4.3.1...4.4.0\"\u003ehttps://github.com/codingjoe/django-health-check/compare/4.3.1...4.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.3.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eClean up storage probe files when validation fails by \u003ca href=\"https://github.com/M-Hassan-Raza\"\u003e\u003ccode\u003e@​M-Hassan-Raza\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/pull/717\"\u003ecodingjoe/django-health-check#717\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M-Hassan-Raza\"\u003e\u003ccode\u003e@​M-Hassan-Raza\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/pull/717\"\u003ecodingjoe/django-health-check#717\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codingjoe/django-health-check/compare/4.3.0...4.3.1\"\u003ehttps://github.com/codingjoe/django-health-check/compare/4.3.0...4.3.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRef \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/issues/701\"\u003e#701\u003c/a\u003e -- Add support for a custom executor for synchronous checks by \u003ca href=\"https://github.com/codingjoe\"\u003e\u003ccode\u003e@​codingjoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/pull/716\"\u003ecodingjoe/django-health-check#716\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codingjoe/django-health-check/compare/4.2.2...4.3.0\"\u003ehttps://github.com/codingjoe/django-health-check/compare/4.2.2...4.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLink to stable psutil docs by \u003ca href=\"https://github.com/codingjoe\"\u003e\u003ccode\u003e@​codingjoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/pull/695\"\u003ecodingjoe/django-health-check#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRef \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/issues/701\"\u003e#701\u003c/a\u003e -- Close dangling DB connections and reduce memory foodprint by \u003ca href=\"https://github.com/codingjoe\"\u003e\u003ccode\u003e@​codingjoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/pull/702\"\u003ecodingjoe/django-health-check#702\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/issues/699\"\u003e#699\u003c/a\u003e -- Gracefully handle None value from active_queues in Celery by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/pull/700\"\u003ecodingjoe/django-health-check#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/pull/700\"\u003ecodingjoe/django-health-check#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codingjoe/django-health-check/compare/4.2.1...4.2.2\"\u003ehttps://github.com/codingjoe/django-health-check/compare/4.2.1...4.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codingjoe/django-health-check/commit/e480bc06a2c38f2e5c6406ac16cbbf2ed0463b6e\"\u003e\u003ccode\u003ee480bc0\u003c/code\u003e\u003c/a\u003e Resolve \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/issues/724\"\u003e#724\u003c/a\u003e -- Add public dataclass field as OpenMetric label (\u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codingjoe/django-health-check/commit/e56c871d4f47acca7b3f1d0e80825025a685b51b\"\u003e\u003ccode\u003ee56c871\u003c/code\u003e\u003c/a\u003e Clean up storage probe files when validation fails (\u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/issues/717\"\u003e#717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codingjoe/django-health-check/commit/3421a3cabab7f2c7465afb11bc52d38b51c337c1\"\u003e\u003ccode\u003e3421a3c\u003c/code\u003e\u003c/a\u003e Update copilot review instructions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codingjoe/django-health-check/commit/c674d2f6d51784f01c3960a1ef37f2ee601608d5\"\u003e\u003ccode\u003ec674d2f\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Update celery requirement from \u0026gt;=5.0.0 to \u0026gt;=5.6.3\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codingjoe/django-health-check/commit/04a22e527dae62af689a51052d2744e3ede2748e\"\u003e\u003ccode\u003e04a22e5\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Update flit-core requirement from \u0026gt;=3.2 to \u0026gt;=3.12.0\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codingjoe/django-health-check/commit/4d47e8ab3501fadbd49539a2d4f78300717fa78f\"\u003e\u003ccode\u003e4d47e8a\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Update aio-pika requirement from \u0026gt;=9.0.0 to \u0026gt;=9.6.2\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codingjoe/django-health-check/commit/e0d44791516d85cdaf70d888a96c603c4e2d1d5f\"\u003e\u003ccode\u003ee0d4479\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Update django requirement from \u0026gt;=5.2 to \u0026gt;=5.2.13\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codingjoe/django-health-check/commit/8994dcc7bc63df6a713f00b5fe73f3158e86e21a\"\u003e\u003ccode\u003e8994dcc\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Update confluent-kafka requirement from \u0026gt;=2.0.0 to \u0026gt;=2.14.0\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codingjoe/django-health-check/commit/1f31638c0e124dc9057d702c4b6dfa231c723b09\"\u003e\u003ccode\u003e1f31638\u003c/code\u003e\u003c/a\u003e Ref \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/issues/701\"\u003e#701\u003c/a\u003e -- Add support for a custom executor for synchronous checks (\u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codingjoe/django-health-check/commit/b79e9604a0d5ae8e6420fc1c8c1e493b19aa49a1\"\u003e\u003ccode\u003eb79e960\u003c/code\u003e\u003c/a\u003e Bump actions/upload-pages-artifact from 4 to 5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/codingjoe/django-health-check/compare/4.2.1...4.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `gunicorn` from 25.3.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/benoitc/gunicorn/releases\"\u003egunicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEventlet worker removed\u003c/strong\u003e: The \u003ccode\u003eeventlet\u003c/code\u003e worker class has been dropped. Migrate to \u003ccode\u003egevent\u003c/code\u003e, \u003ccode\u003egthread\u003c/code\u003e, or \u003ccode\u003etornado\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Framework Compatibility Suite\u003c/strong\u003e: New end-to-end compatibility test harness covering Starlette, FastAPI, Litestar, Quart, Sanic, and BlackSheep. Current grid passes 438/444 tests (98%).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Test Suite Expansion\u003c/strong\u003e: 134 additional ASGI unit tests covering protocol semantics, lifespan, websockets, and chunked framing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/1.1 Request-Target Validation\u003c/strong\u003e (RFC 9112 sections 3.2.3, 3.2.4):\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003eauthority-form\u003c/code\u003e request-target outside \u003ccode\u003eCONNECT\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003easterisk-form\u003c/code\u003e request-target outside \u003ccode\u003eOPTIONS\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003erelative-reference\u003c/code\u003e request-targets\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Field Hardening\u003c/strong\u003e (RFC 9110):\n\u003cul\u003e\n\u003cli\u003eReject control characters in header field-value (section 5.5)\u003c/li\u003e\n\u003cli\u003eReject forbidden trailer field-names (section 6.5.1)\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003eContent-Length\u003c/code\u003e list form (RFC 9112 section 6.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRequest Smuggling Hardening\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eTighten keepalive gate and scope \u003ccode\u003efinish_body\u003c/code\u003e byte cap\u003c/li\u003e\n\u003cli\u003eKeep \u003ccode\u003e_body_receiver\u003c/code\u003e alive across the keepalive smuggling gate so pipelined requests cannot re-enter a closed body\u003c/li\u003e\n\u003cli\u003eAddress parser/protocol findings from a six-point WSGI/ASGI audit\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePROXY Protocol (ASGI)\u003c/strong\u003e: Enforce \u003ccode\u003eproxy_allow_ips\u003c/code\u003e and tighten v1/v2 parsing in the ASGI callback parser.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eConnection Draining\u003c/strong\u003e: Drain the connection on close per RFC 9112 section 9.6 to prevent reset-on-close truncation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBody Framing on HEAD/204/304\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eKeep \u003ccode\u003eContent-Length\u003c/code\u003e on HEAD and 304 responses (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop body framing on HEAD/204/304 even when the framework set it\u003c/li\u003e\n\u003cli\u003eWarn once when an ASGI app emits a body for a no-body response\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/2 ASGI\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e_handle_stream_ended\u003c/code\u003e to set \u003ccode\u003e_body_complete\u003c/code\u003e in the async HTTP/2 handler so request bodies finalize correctly on stream end\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eInvalidChunkExtension\u003c/code\u003e mapping and fast-parser support in ASGI tests (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3565\"\u003e#3565\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/1.1 100-Continue\u003c/strong\u003e: Stop adding \u003ccode\u003eTransfer-Encoding: chunked\u003c/code\u003e to 100-Continue interim responses.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebSocket Close Handshake\u003c/strong\u003e (RFC 6455):\n\u003cul\u003e\n\u003cli\u003eComply with the close handshake state machine\u003c/li\u003e\n\u003cli\u003eClose the transport after the close handshake completes\u003c/li\u003e\n\u003cli\u003eFix binary send when the \u003ccode\u003etext\u003c/code\u003e key is \u003ccode\u003eNone\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEarly Hints\u003c/strong\u003e: Validate headers in the \u003ccode\u003eearly_hints\u003c/code\u003e callback to match \u003ccode\u003eprocess_headers\u003c/code\u003e; pass only the header name to \u003ccode\u003eInvalidHeader\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3588\"\u003e#3588\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Framework Fixes\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eFix ASGI disconnect handling for Django-style apps\u003c/li\u003e\n\u003cli\u003eFix Litestar request handling (use raw ASGI receive for body/headers)\u003c/li\u003e\n\u003cli\u003eFix Litestar HTTP endpoints for compatibility tests\u003c/li\u003e\n\u003cli\u003eFix Quart headers endpoint to normalize keys to lowercase\u003c/li\u003e\n\u003cli\u003eFix Quart WebSocket close test app (missing \u003ccode\u003eaccept()\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eFix duplicate \u003ccode\u003eTransfer-Encoding\u003c/code\u003e header for BlackSheep streaming\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/5d819cf36040f6cc6175fcc804d703fb899509dd\"\u003e\u003ccode\u003e5d819cf\u003c/code\u003e\u003c/a\u003e release: 26.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/b45c70df105f7d5dcbc5abfb732804d6464edc21\"\u003e\u003ccode\u003eb45c70d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3611\"\u003e#3611\u003c/a\u003e from zc-mattcen/docs-typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/99c8d48acf453deb5c49fe12e195dbc00d888d1e\"\u003e\u003ccode\u003e99c8d48\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3623\"\u003e#3623\u003c/a\u003e from benoitc/chore/drop-eventlet-add-h2-uvloop-test-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/5a655af50f20e005dd9e32e6078dc82fa45f3d4b\"\u003e\u003ccode\u003e5a655af\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3622\"\u003e#3622\u003c/a\u003e from benoitc/test/docker-port-and-ipv4-fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/201df19a8011c0a1d6a0e75ebe22e89d48eb935e\"\u003e\u003ccode\u003e201df19\u003c/code\u003e\u003c/a\u003e chore: remove eventlet worker; add h2 and uvloop to test deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/f4ac8e1f1bf1d365e77f41915da55bec31873f84\"\u003e\u003ccode\u003ef4ac8e1\u003c/code\u003e\u003c/a\u003e test: pass action name to dirty client and stabilize after TTOU spam\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/54d38afddf1f0db0c15b5f4ff63f3c7bfad96961\"\u003e\u003ccode\u003e54d38af\u003c/code\u003e\u003c/a\u003e test: unblock docker fixtures on macOS hosts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/68843c8893dd938456f0a2da62085ab5776f8871\"\u003e\u003ccode\u003e68843c8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3621\"\u003e#3621\u003c/a\u003e from benoitc/fix/asgi-preserve-content-length-on-hea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/31f2618f733cc0c78690df63f4e344aaf3f56b20\"\u003e\u003ccode\u003e31f2618\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3620\"\u003e#3620\u003c/a\u003e from benoitc/fix/asgi-proxy-protocol-trust-and-parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/41ec7527dbd8a9e52728477700707ad40e41d9dc\"\u003e\u003ccode\u003e41ec752\u003c/code\u003e\u003c/a\u003e fix: keep Content-Length on HEAD and 304 responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/benoitc/gunicorn/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.33.0 to 2.33.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.1\u003c/h2\u003e\n\u003ch2\u003e2.33.1 (2026-03-30)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary\nfiles in the tmp directory. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7305\"\u003e#7305\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed Content-Type header parsing for malformed values. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7309\"\u003e#7309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImproved error consistency for malformed header values. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7308\"\u003e#7308\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ferdnyc\"\u003e\u003ccode\u003e@​ferdnyc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7277\"\u003epsf/requests#7277\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.1 (2026-03-30)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary\nfiles in the tmp directory. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7305\"\u003e#7305\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed Content-Type header parsing for malformed values. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7309\"\u003e#7309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImproved error consistency for malformed header values. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7308\"\u003e#7308\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/111d2b77790bf49943c0dfa09b365371c24aec7e\"\u003e\u003ccode\u003e111d2b7\u003c/code\u003e\u003c/a\u003e v2.33.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/f0198e6dfc431a2293dc16e1b1e8fcddc910a7f3\"\u003e\u003ccode\u003ef0198e6\u003c/code\u003e\u003c/a\u003e Fix malformed value parsing for Content-Type (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7309\"\u003e#7309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc7dd0fc4d56e808bcdd85ac2d797b3107c89259\"\u003e\u003ccode\u003ebc7dd0f\u003c/code\u003e\u003c/a\u003e Fix cosmetic header validity parsing regex (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7308\"\u003e#7308\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/4443b1a847b190010c2972a658924b98b5db6360\"\u003e\u003ccode\u003e4443b1a\u003c/code\u003e\u003c/a\u003e Fix unintended test extra (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7306\"\u003e#7306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/389eea58dfb2f2ee096421a812e3af29c0298951\"\u003e\u003ccode\u003e389eea5\u003c/code\u003e\u003c/a\u003e Cleanup extracted file after extract_zipped_path test (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7305\"\u003e#7305\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/7407309c8a8a73aa2f4337184025d440bbedab7a\"\u003e\u003ccode\u003e7407309\u003c/code\u003e\u003c/a\u003e Packaging: DRY out extras definition (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7277\"\u003e#7277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/psf/requests/compare/v2.33.0...v2.33.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-coverage-plugin` from 3.2.0 to 3.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/releases\"\u003edjango-coverage-plugin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.2\u003c/h2\u003e\n\u003cp\u003eFix: \u003ccode\u003e{% endblock %}\u003c/code\u003e lines (and others) were falsely reported as unexecuted when they appeared on their own indented line (\u003ca href=\"https://redirect.github.com/coveragepy/django_coverage_plugin/issues/74\"\u003eissue 74\u003c/a\u003e). Thanks, Marc Gibbons (\u003ca href=\"https://redirect.github.com/coveragepy/django_coverage_plugin/pull/108\"\u003epull 108\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eDropped Django 3.x and 4.x.\u003c/p\u003e\n\u003cp\u003eSwitched to trusted publishing.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/commit/4eb4fc975e915400734104851116e423164a7c5c\"\u003e\u003ccode\u003e4eb4fc9\u003c/code\u003e\u003c/a\u003e build: fix publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/commit/420435edd77b7af9e508446d60a852f61bcaed8c\"\u003e\u003ccode\u003e420435e\u003c/code\u003e\u003c/a\u003e build: v3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/commit/86a9d30fc44628981cd944ff58189f03fa082ca8\"\u003e\u003ccode\u003e86a9d30\u003c/code\u003e\u003c/a\u003e build: trusted publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/commit/9a5dfe53d9a81a8b54585c8b20b7e5ca06855afc\"\u003e\u003ccode\u003e9a5dfe5\u003c/code\u003e\u003c/a\u003e docs: update history\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/commit/bfee7019ec245ef61a3c182c262e54e64a1cabe8\"\u003e\u003ccode\u003ebfee701\u003c/code\u003e\u003c/a\u003e fix: endblock falsely reported as uncovered when on its own indented line \u003ca href=\"https://redirect.github.com/coveragepy/django_coverage_plugin/issues/74\"\u003e#74\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/commit/59954f3fb97938849e8ec882d59a7cf438f12eff\"\u003e\u003ccode\u003e59954f3\u003c/code\u003e\u003c/a\u003e correct two old references to nedbat on github\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/commit/7d145017c244f192c55a17035033667a190c0d6a\"\u003e\u003ccode\u003e7d14501\u003c/code\u003e\u003c/a\u003e docs: thanks, Marc Gibbons for \u003ca href=\"https://redirect.github.com/coveragepy/django_coverage_plugin/issues/109\"\u003e#109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/commit/55cf337e2a4242c30766dc4784bd99ac5d180085\"\u003e\u003ccode\u003e55cf337\u003c/code\u003e\u003c/a\u003e docs: move authors into readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/commit/639d48a188d04da28623a4751ae50e4da301fd9e\"\u003e\u003ccode\u003e639d48a\u003c/code\u003e\u003c/a\u003e Add Django 6, drop 3.2 and 4.2 which are EOL (\u003ca href=\"https://redirect.github.com/coveragepy/django_coverage_plugin/issues/109\"\u003e#109\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/commit/53d114ac6082fb3fcd97c5cf0c4d634d395fe7f0\"\u003e\u003ccode\u003e53d114a\u003c/code\u003e\u003c/a\u003e chore: bump actions/setup-python in the action-dependencies group (\u003ca href=\"https://redirect.github.com/coveragepy/django_coverage_plugin/issues/106\"\u003e#106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/compare/v3.2.0...v3.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-debug-toolbar` from 6.2.0 to 6.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/django-commons/django-debug-toolbar/releases\"\u003edjango-debug-toolbar's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.3.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eremove requirement_dev.txt from project by \u003ca href=\"https://github.com/p-r-a-v-i-n\"\u003e\u003ccode\u003e@​p-r-a-v-i-n\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/pull/2277\"\u003edjango-commons/django-debug-toolbar#2277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgraded ReadTheDocs Python version to 3.13. by \u003ca href=\"https://github.com/tim-schilling\"\u003e\u003ccode\u003e@​tim-schilling\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/pull/2307\"\u003edjango-commons/django-debug-toolbar#2307\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eModernize some panel styles and colors by \u003ca href=\"https://github.com/federicobond\"\u003e\u003ccode\u003e@​federicobond\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/pull/2285\"\u003edjango-commons/django-debug-toolbar#2285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate the translatable strings for the application. by \u003ca href=\"https://github.com/tim-schilling\"\u003e\u003ccode\u003e@​tim-schilling\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/pull/2311\"\u003edjango-commons/django-debug-toolbar#2311\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate translations 2026-02-09 by \u003ca href=\"https://github.com/tim-schilling\"\u003e\u003ccode\u003e@​tim-schilling\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/pull/2312\"\u003edjango-commons/django-debug-toolbar#2312\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a \u003ccode\u003epy.typed\u003c/code\u003e file, to make types available downstream by \u003ca href=\"https://github.com/brianhelba\"\u003e\u003ccode\u003e@​brianhelba\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/pull/2314\"\u003edjango-commons/django-debug-toolbar#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit RedirectsPanel warning on usage rather than set up. by \u003ca href=\"https://github.com/tim-schilling\"\u003e\u003ccode\u003e@​tim-schilling\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/pull/2326\"\u003edjango-commons/django-debug-toolbar#2326\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHighlighted docs on disabling browser caching. by \u003ca href=\"https://github.com/tim-schilling\"\u003e\u003ccode\u003e@​tim-schilling\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/pull/2302\"\u003edjango-commons/django-debug-toolbar#2302\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly patch the cache methods once. by \u003ca href=\"https://github.com/tim-schilling\"\u003e\u003ccode\u003e@​tim-schilling\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/pull/2332\"\u003edjango-commons/django-debug-toolbar#2332\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eCacheStore\u003c/code\u003e, a store that uses Django's cache framework by \u003ca href=\"https://github.com/robhudson\"\u003e\u003ccode\u003e@​robhudson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/pull/2304\"\u003edjango-commons/django-debug-toolbar#2304\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChangelog from \u003ca href=\"https://django-debug-toolbar.readthedocs.io/en/latest/changes.html\"\u003edocs\u003c/a\u003e:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplaced \u003ccode\u003erequirements_dev.txt\u003c/code\u003e file for \u003ccode\u003epyproject.toml\u003c/code\u003e support with dependency groups.\u003c/li\u003e\n\u003cli\u003eUpdated ReadTheDocs Python version to 3.13.\u003c/li\u003e\n\u003cli\u003eModernize some panel styles and colors.\u003c/li\u003e\n\u003cli\u003eStandardize use of time/duration units and labels across panels.\u003c/li\u003e\n\u003cli\u003eAdded translations for Lithuanian, Turkish and Uzbek.\u003c/li\u003e\n\u003cli\u003eUpdate the translations.\u003c/li\u003e\n\u003cli\u003eExpose a \u003ccode\u003epy.typed\u003c/code\u003e marker file.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eRedirectsPanel\u003c/code\u003e to emit the deprecation warning when it’s used rather than on instantiation.\u003c/li\u003e\n\u003cli\u003eHighlighted the documentation about disabling the browser’s caching to ensure the latest static assets are used.\u003c/li\u003e\n\u003cli\u003eFixed bug with \u003ccode\u003eCachePanel\u003c/code\u003e so the cache patching is only applied once.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003edebug_toolbar.store.CacheStore\u003c/code\u003e for storing toolbar data using Django’s cache framework. This provides persistence without requiring database migrations, and works with any cache backend (Memcached, Redis, database, file-based, etc.).\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eCACHE_BACKEND\u003c/code\u003e and \u003ccode\u003eCACHE_KEY_PREFIX\u003c/code\u003e settings to configure the \u003ccode\u003eCacheStore\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brianhelba\"\u003e\u003ccode\u003e@​brianhelba\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/pull/2314\"\u003edjango-commons/django-debug-toolbar#2314\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/django-commons/django-debug-toolbar/compare/6.2.0...6.3.0\"\u003ehttps://github.com/django-commons/django-debug-toolbar/compare/6.2.0...6.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/django-commons/django-debug-toolbar/blob/main/docs/changes.rst\"\u003edjango-debug-toolbar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.3.0 (2026-04-01)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplaced \u003ccode\u003erequirements_dev.txt\u003c/code\u003e file for \u003ccode\u003epyproject.toml\u003c/code\u003e support with\ndependency groups.\u003c/li\u003e\n\u003cli\u003eUpdated ReadTheDocs Python version to 3.13.\u003c/li\u003e\n\u003cli\u003eModernize some panel styles and colors.\u003c/li\u003e\n\u003cli\u003eStandardize use of time/duration units and labels across panels.\u003c/li\u003e\n\u003cli\u003eAdded translations for Lithuanian, Turkish and Uzbek.\u003c/li\u003e\n\u003cli\u003eUpdate the translations.\u003c/li\u003e\n\u003cli\u003eExpose a \u003ccode\u003epy.typed\u003c/code\u003e marker file.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eRedirectsPanel\u003c/code\u003e to emit the deprecation warning when it's used\nrather than on instantiation.\u003c/li\u003e\n\u003cli\u003eHighlighted the documentation about disabling the browser's caching to\nensure the latest static assets are used.\u003c/li\u003e\n\u003cli\u003eFixed bug with \u003ccode\u003eCachePanel\u003c/code\u003e so the cache patching is only applied\nonce.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003edebug_toolbar.store.CacheStore\u003c/code\u003e for storing toolbar data using\nDjango's cache framework. This provides persistence without requiring\ndatabase migrations, and works with any cache backend (Memcached, Redis,\ndatabase, file-based, etc.).\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eCACHE_BACKEND\u003c/code\u003e and \u003ccode\u003eCACHE_KEY_PREFIX\u003c/code\u003e settings to configure the\n\u003ccode\u003eCacheStore\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-commons/django-debug-toolbar/commit/b3f943b5291fd961a0d10225eb89b64e016d8837\"\u003e\u003ccode\u003eb3f943b\u003c/code\u003e\u003c/a\u003e Version 6.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-commons/django-debug-toolbar/commit/013631b2f72bdded37e597c5fef13e82c44e1202\"\u003e\u003ccode\u003e013631b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-commons/django-debug-toolbar/commit/eeff5d17879130a33998a26d8501c804e37a3400\"\u003e\u003ccode\u003eeeff5d1\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 5.0.3 to 5.0.4 in the github-actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-commons/django-debug-toolbar/commit/3a877850a8b4a68bc3f17af596001f13215a8dac\"\u003e\u003ccode\u003e3a87785\u003c/code\u003e\u003c/a\u003e Add store that uses cache framework\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-commons/django-debug-toolbar/commit/05738466e3b3e6654d7e70ca59d5d7553acd1cdf\"\u003e\u003ccode\u003e0573846\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-commons/django-debug-toolbar/commit/7403bed86ac6729b65dc926dd90920f3f1765935\"\u003e\u003ccode\u003e7403bed\u003c/code\u003e\u003c/a\u003e Only patch the cache methods once.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-commons/django-debug-toolbar/commit/0d25b3aaf653ba6241adf3f899cfda1208942ac9\"\u003e\u003ccode\u003e0d25b3a\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact in the github-actions group (\u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/issues/2333\"\u003e#2333\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-commons/django-debug-toolbar/commit/c89c8cf41751649f9000b051a457db3697e0cf6c\"\u003e\u003ccode\u003ec89c8cf\u003c/code\u003e\u003c/a\u003e Bump zizmorcore/zizmor-action in the github-actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-commons/django-debug-toolbar/commit/7ae8fac954844ae641f85c7afbffea8b2c82a214\"\u003e\u003ccode\u003e7ae8fac\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-commons/django-debug-toolbar/commit/695cdb2c0b2bdf11de687986233778a4d5785c22\"\u003e\u003ccode\u003e695cdb2\u003c/code\u003e\u003c/a\u003e Highlighted docs on disabling browser caching. (\u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/issues/2302\"\u003e#2302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/django-commons/django-debug-toolbar/compare/6.2.0...6.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `prek` from 0.3.8 to 0.3.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/j178/prek/releases\"\u003eprek's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.3.13\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-06.\u003c/p\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRespect hook filters for message files (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2049\"\u003e#2049\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Godot Engine to users in README (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2047\"\u003e#2047\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Calinou\"\u003e\u003ccode\u003e@​Calinou\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall prek 0.3.13\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://github.com/j178/prek/releases/download/v0.3.13/prek-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via powershell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003epowershell -ExecutionPolicy Bypass -c \u0026quot;irm https://github.com/j178/prek/releases/download/v0.3.13/prek-installer.ps1 | iex\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via Homebrew\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ebrew install prek\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eDownload prek 0.3.13\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eFile\u003c/th\u003e\n\u003cth\u003ePlatform\u003c/th\u003e\n\u003cth\u003eChecksum\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-aarch64-apple-darwin.tar.gz\"\u003eprek-aarch64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eApple Silicon macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-aarch64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-x86_64-apple-darwin.tar.gz\"\u003eprek-x86_64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eIntel macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-x86_64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-aarch64-pc-windows-msvc.zip\"\u003eprek-aarch64-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-aarch64-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-i686-pc-windows-msvc.zip\"\u003eprek-i686-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex86 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-i686-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-x86_64-pc-windows-msvc.zip\"\u003eprek-x86_64-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex64 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-x86_64-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-aarch64-unknown-linux-gnu.tar.gz\"\u003eprek-aarch64-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-aarch64-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-i686-unknown-linux-gnu.tar.gz\"\u003eprek-i686-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex86 Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-i686-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-riscv64gc-unknown-linux-gnu.tar.gz\"\u003eprek-riscv64gc-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eRISCV Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-riscv64gc-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/j178/prek/blob/master/CHANGELOG.md\"\u003eprek's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.3.13\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-06.\u003c/p\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRespect hook filters for message files (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2049\"\u003e#2049\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Godot Engine to users in README (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2047\"\u003e#2047\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Calinou\"\u003e\u003ccode\u003e@​Calinou\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.3.12\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-05.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eauto_update.cooldown_days\u003c/code\u003e is now available in both the user-level global\nconfig (\u003ccode\u003e~/.config/prek/prek.toml\u003c/code\u003e on Linux and macOS, or\n\u003ccode\u003e$XDG_CONFIG_HOME/prek/prek.toml\u003c/code\u003e when set; \u003ccode\u003e%APPDATA%\\prek\\prek.toml\u003c/code\u003e on\nWindows) and project config. Set a user default for \u003ccode\u003eprek auto-update\u003c/code\u003e, then\noverride it per project when a repository needs a different update cadence.\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e[auto_update]\ncooldown_days = 7\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd global auto-update cooldown config (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2041\"\u003e#2041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd project auto-update cooldown config (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003elanguage: dart\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePass commit message file to workspace hooks (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2043\"\u003e#2043\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve non-UTF8 filenames from git (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2023\"\u003e#2023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eruby: put resolved Ruby's bin dir on \u003ccode\u003e$PATH\u003c/code\u003e for \u003ccode\u003egem\u003c/code\u003e invocations (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2021\"\u003e#2021\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate docs with the new logo and icon (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2025\"\u003e#2025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePoint schema docs to SchemaStore (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2039\"\u003e#2039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/81b290ef0630d1e130dc37ae1916da0e51b8a002\"\u003e\u003ccode\u003e81b290e\u003c/code\u003e\u003c/a\u003e Bump version to 0.3.13 (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/3f5e5c6e54bdd9b1640228cdd69a449e18ddf9f8\"\u003e\u003ccode\u003e3f5e5c6\u003c/code\u003e\u003c/a\u003e Respect hook filters for message files (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2049\"\u003e#2049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/1fab88775affde4fd0c75b2f9102a5df88195efc\"\u003e\u003ccode\u003e1fab887\u003c/code\u003e\u003c/a\u003e Add Godot Engine to users in README (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2047\"\u003e#2047\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/93a71e0b730d30d2fa56f9e47f2a293beb007988\"\u003e\u003ccode\u003e93a71e0\u003c/code\u003e\u003c/a\u003e Remove deleted \u003ccode\u003edist/post/index.cjs\u003c/code\u003e from publish prek version workflow (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2046\"\u003e#2046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/56d6d0c13ef36a4ab6a705621fba41448f2b503d\"\u003e\u003ccode\u003e56d6d0c\u003c/code\u003e\u003c/a\u003e Bump version to 0.3.12 (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2045\"\u003e#2045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/5f94f6f8ea8e5df0fb6604b4b8ec63072e1dc8f3\"\u003e\u003ccode\u003e5f94f6f\u003c/code\u003e\u003c/a\u003e Add project auto-update cooldown config (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/c52833e9991584d03bcd7e2b6fc01fa43e1f0d09\"\u003e\u003ccode\u003ec52833e\u003c/code\u003e\u003c/a\u003e Add global auto-update cooldown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/8af3054dc690fd06fe91b2b0c0ca4fe8e4418051\"\u003e\u003ccode\u003e8af3054\u003c/code\u003e\u003c/a\u003e Pass commit message file to workspace hooks (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2043\"\u003e#2043\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/1bf54f5fa9638ad66a7d0b160170da75de1eec81\"\u003e\u003ccode\u003e1bf54f5\u003c/code\u003e\u003c/a\u003e Update Rust crate serde-saphyr to 0.0.25 (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/8c9761a523bcb180ff35fcfcd8e85184f87eaceb\"\u003e\u003ccode\u003e8c9761a\u003c/code\u003e\u003c/a\u003e Bump rand to 0.9.4 (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2040\"\u003e#2040\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/j178/prek/compare/v0.3.8...v0.3.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 9.0.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest-randomly` from 4.0.1 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest-randomly/blob/main/CHANGELOG.rst\"\u003epytest-randomly's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.1.0 (2026-04-20)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix a crash with Faker installed when explicitly enabling and disabling the plugin (via \u003ccode\u003e-p randomly -p no:randomly\u003c/code\u003e).\u003c/p\u003e\n\u003cp\u003eThanks to mojosan77 for the report in \u003ccode\u003eIssue [#718](https://github.com/pytest-dev/pytest-randomly/issues/718) \u0026lt;https://github.com/pytest-dev/pytest-randomly/issues/718\u0026gt;\u003c/code\u003e__.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop Python 3.9 support.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-randomly/commit/c412c8d6d328224a6a0cb9e4324438c62b46f4f5\"\u003e\u003ccode\u003ec412c8d\u003c/code\u003e\u003c/a\u003e Version 4.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-randomly/commit/657d9c356d1970bbe664b36446d4f8a9461e4988\"\u003e\u003ccode\u003e657d9c3\u003c/code\u003e\u003c/a\u003e Upgrade dependencies (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-randomly/issues/722\"\u003e#722\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-randomly/commit/49c8c1bb487d03ca1bda2ac7567e4205bf82aae6\"\u003e\u003ccode\u003e49c8c1b\u003c/code\u003e\u003c/a\u003e Fix a crash with Faker installed and plugin disabled (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-randomly/issues/721\"\u003e#721\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-randomly/commit/c9181c28607e990123ee480200ae2e684f58e7b6\"\u003e\u003ccode\u003ec9181c2\u003c/code\u003e\u003c/a\u003e Bump django from 5.2.12 to 5.2.13 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-randomly/issues/717\"\u003e#717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-randomly/commit/1292cc060c8892d3cccc2bd67c44b3405a6693d4\"\u003e\u003ccode\u003e1292cc0\u003c/code\u003e\u003c/a\u003e Upgrade pre-commit to Python 3.14 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-randomly/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-randomly/commit/56d13889650fa7f71df504c8ab810967fd3fb44e\"\u003e\u003ccode\u003e56d1388\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-randomly/issues/715\"\u003e#715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-randomly/commit/43702c107ada21dca7e59836a8547ed1e62e77aa\"\u003e\u003ccode\u003e43702c1\u003c/code\u003e\u003c/a\u003e Upgrade dependencies (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-randomly/issues/714\"\u003e#714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-randomly/commit/c3dc97c20e2931b7557ab529703a6bf754df9110\"\u003e\u003ccode\u003ec3dc97c\u003c/code\u003e\u003c/a\u003e Bump pygments from 2.19.2 to 2.20.0 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-randomly/issues/713\"\u003e#713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-randomly/commit/a2dee8a6b620f0ceaf385acfb1d0b778b0fd2892\"\u003e\u003ccode\u003ea2dee8a\u003c/code\u003e\u003c/a\u003e Improve Coverage.py configuration (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-randomly/issues/712\"\u003e#712\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-randomly/commit/fed476639744207a10bc1742d7420fc413b555bf\"\u003e\u003ccode\u003efed4766\u003c/code\u003e\u003c/a\u003e Upgrade dependencies (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-randomly/issues/711\"\u003e#711\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest-randomly/compare/4.0.1...4.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.8 to 0.15.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.12\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-24.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ccode\u003e#ruff:file-ignore\u003c/code\u003e file-level suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23599\"\u003e#23599\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003e#ruff:ignore\u003c/code\u003e logical-line suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23404\"\u003e#23404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRevert preview changes to displayed diagnostic severity in LSP (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24789\"\u003e#24789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003etask-branch-as-short-circuit\u003c/code\u003e (\u003ccode\u003eAIR004\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23579\"\u003e#23579\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-bugbear\u003c/code\u003e] Fix \u003ccode\u003ebreak\u003c/code\u003e/\u003ccode\u003econtinue\u003c/code\u003e handling in \u003ccode\u003eloop-iterator-mutation\u003c/code\u003e (\u003ccode\u003eB909\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24440\"\u003e#24440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Fix \u003ccode\u003ePLC2701\u003c/code\u003e for type parameter scopes (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24576\"\u003e#24576\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003epandas-vet\u003c/code\u003e] Suggest \u003ccode\u003e.array\u003c/code\u003e as well in \u003ccode\u003ePD011\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24805\"\u003e#24805\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRespect default Unix permissions for cache files (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24794\"\u003e#24794\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Fix \u003ccode\u003ePLR0124\u003c/code\u003e description not to claim self-comparison always returns the same value (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24749\"\u003e#24749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Expand docs on reusable \u003ccode\u003eTypeVar\u003c/code\u003es and scoping (\u003ccode\u003eUP046\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24153\"\u003e#24153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove rules table accessibility (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24711\"\u003e#24711\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dylwil3\"\u003e\u003ccode\u003e@​dylwil3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/woodruffw\"\u003e\u003ccode\u003e@​woodruffw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/avasis-ai\"\u003e\u003ccode\u003e@​avasis-ai\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Dev-iL\"\u003e\u003ccode\u003e@​Dev-iL\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/denyszhak\"\u003e\u003ccode\u003e@​denyszhak\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ShipItAndPray\"\u003e\u003ccode\u003e@​ShipItAndPray\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/augustelalande\"\u003e\u003ccode\u003e@​augustelalande\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amyreese\"\u003e\u003ccode\u003e@​amyreese\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/majiayu000\"\u003e\u003ccode\u003e@​majiayu000\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall ruff 0.15.12\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.12/ruff-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.12\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-24.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ccode\u003e#ruff:file-ignore\u003c/code\u003e file-level suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23599\"\u003e#23599\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003e#ruff:ignore\u003c/code\u003e logical-line suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23404\"\u003e#23404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRevert preview changes to displayed diagnostic severity in LSP (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24789\"\u003e#24789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003etask-branch-as-short-circuit\u003c/code\u003e (\u003ccode\u003eAIR004\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23579\"\u003e#23579\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-bugbear\u003c/code\u003e] Fix \u003ccode\u003ebreak\u003c/code\u003e/\u003ccode\u003econtinue\u003c/code\u003e handling in \u003ccode\u003eloop-iterator-mutation\u003c/code\u003e (\u003ccode\u003eB909\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24440\"\u003e#24440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Fix \u003ccode\u003ePLC2701\u003c/code\u003e for type parameter scopes (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24576\"\u003e#24576\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003epandas-vet\u003c/code\u003e] Suggest \u003ccode\u003e.array\u003c/code\u003e as well in \u003ccode\u003ePD011\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24805\"\u003e#24805\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRespect default Unix permissions for cache files (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24794\"\u003e#24794\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Fix \u003ccode\u003ePLR0124\u003c/code\u003e description not to claim self-comparison always returns the same value (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24749\"\u003e#24749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Expand docs on reusable \u003ccode\u003eTypeVar\u003c/code\u003es and scoping (\u003ccode\u003eUP046\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24153\"\u003e#24153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove rules table accessibility (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24711\"\u003e#24711\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dylwil3\"\u003e\u003ccode\u003e@​dylwil3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/woodruffw\"\u003e\u003ccode\u003e@​woodruffw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/avasis-ai\"\u003e\u003ccode\u003e@​avasis-ai\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Dev-iL\"\u003e\u003ccode\u003e@​Dev-iL\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/denyszhak\"\u003e\u003ccode\u003e@​denyszhak\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ShipItAndPray\"\u003e\u003ccode\u003e@​ShipItAndPray\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/augustelalande\"\u003e\u003ccode\u003e@​augustelalande\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amyreese\"\u003e\u003ccode\u003e@​amyreese\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/majiayu000\"\u003e\u003ccode\u003e@​majiayu000\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.15.11\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-16.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Ignore \u003ccode\u003eRUF029\u003c/code\u003e when function is decorated with \u003ccode\u003easynccontextmanager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24642\"\u003e#24642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-xcom-pull-in-template-string\u003c/code\u003e (\u003ccode\u003eAIR201\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23583\"\u003e#23583\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-bandit\u003c/code\u003e] Fix \u003ccode\u003eS103\u003c/code\u003e false positives and negatives in mask analysis (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24424\"\u003e#24424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/66f93cf7ed4d36325f35a452e4afa28268fbcd28\"\u003e\u003ccode\u003e66f93cf\u003c/code\u003e\u003c/a\u003e Bump 0.15.12 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24815\"\u003e#24815\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/476a4d02e8e3b6c157ac39979d8b698a1b6baa91\"\u003e\u003ccode\u003e476a4d0\u003c/code\u003e\u003c/a\u003e [ty] Complete support for more detailed diagnostics on possibly unbound error...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/ed669eab30095d6c51fe6cdef6050fb01276bcb3\"\u003e\u003ccode\u003eed669ea\u003c/code\u003e\u003c/a\u003e Implement \u003ccode\u003e#ruff:file-ignore\u003c/code\u003e file-level suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23599\"\u003e#23599\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/e73d952e43feb51356ee740c5a973fce81396ff6\"\u003e\u003ccode\u003ee73d952\u003c/code\u003e\u003c/a\u003e [ty] Include inferred type in \u003ccode\u003einvalid-key\u003c/code\u003e concise diagnostic for union/inte...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/80feb29b31cd98c093316df2e0407b0c70c01b55\"\u003e\u003ccode\u003e80feb29\u003c/code\u003e\u003c/a\u003e [ty] report only dead annotation-only locals as unused (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24811\"\u003e#24811\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/0fbf2bc27336a3d17d39af52cf89b78dcda8c7c8\"\u003e\u003ccode\u003e0fbf2bc\u003c/code\u003e\u003c/a\u003e Drop deprecated license classifier (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24808\"\u003e#24808\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/43b174cc7f2fcb0080bb1d4843cd4bf6b72bbe27\"\u003e\u003ccode\u003e43b174c\u003c/code\u003e\u003c/a\u003e [ty] Infer lambda parameter types with \u003ccode\u003eCallable\u003c/code\u003e type context (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24317\"\u003e#24317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/4f449ae4a2377569330a5ab94799d389357b5a3f\"\u003e\u003ccode\u003e4f449ae\u003c/code\u003e\u003c/a\u003e [ty] Add error context for intersection types (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24772\"\u003e#24772\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/5b4e753acb46e96ad408e4904c15308e33efe307\"\u003e\u003ccode\u003e5b4e753\u003c/code\u003e\u003c/a\u003e [ty] Add support for goto in literal enum member inlay hint (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24792\"\u003e#24792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/e7cc76275a758ce1c636ea1c2d091fd576aac794\"\u003e\u003ccode\u003ee7cc762\u003c/code\u003e\u003c/a\u003e [ty] Add error context for TypedDict assignments (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24790\"\u003e#24790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.8...0.15.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uv` from 0.11.2 to 0.11.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/uv/releases\"\u003euv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.11.12\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-08.\u003c/p\u003e\n\u003ch3\u003ePython\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd CPython 3.15.0b1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--no-editable\u003c/code\u003e support to \u003ccode\u003euv pip install\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19306\"\u003e#19306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire git refs in URLs to be percent-encoded (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19320\"\u003e#19320\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRespect \u003ccode\u003e--no-dev\u003c/code\u003e over \u003ccode\u003eUV_DEV=1\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19313\"\u003e#19313\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't suggest non-existent \u003ccode\u003e--no-frozen\u003c/code\u003e flag (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19290\"\u003e#19290\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19294\"\u003e#19294\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug from inconsistent workflow name in GHA-PyPI guide example (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19309\"\u003e#19309\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall uv 0.11.12\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via powershell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003epowershell -ExecutionPolicy Bypass -c \u0026quot;irm https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-installer.ps1 | iex\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eDownload uv 0.11.12\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eFile\u003c/th\u003e\n\u003cth\u003ePlatform\u003c/th\u003e\n\u003cth\u003eChecksum\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-aarch64-apple-darwin.tar.gz\"\u003euv-aarch64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eApple Silicon macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-aarch64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-x86_64-apple-darwin.tar.gz\"\u003euv-x86_64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eIntel macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-x86_64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-aarch64-pc-windows-msvc.zip\"\u003euv-aarch64-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-aarch64-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-i686-pc-windows-msvc.zip\"\u003euv-i686-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex86 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-i686-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-x86_64-pc-windows-msvc.zip\"\u003euv-x86_64-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex64 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-x86_64-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-aarch64-unknown-linux-gnu.tar.gz\"\u003euv-aarch64-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-aarch64-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-i686-unknown-linux-gnu.tar.gz\"\u003euv-i686-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex86 Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-i686-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-powerpc64le-unknown-linux-gnu.tar.gz\"\u003euv-powerpc64le-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ePPC64LE Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-powerpc64le-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/uv/blob/main/CHANGELOG.md\"\u003euv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.11.12\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-08.\u003c/p\u003e\n\u003ch3\u003ePython\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd CPython 3.15.0b1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--no-editable\u003c/code\u003e support to \u003ccode\u003euv pip install\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19306\"\u003e#19306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire git refs in URLs to be percent-encoded (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19320\"\u003e#19320\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRespect \u003ccode\u003e--no-dev\u003c/code\u003e over \u003ccode\u003eUV_DEV=1\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19313\"\u003e#19313\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't suggest non-existent \u003ccode\u003e--no-frozen\u003c/code\u003e flag (\u003ca href=\"https://...\n\n_Description has been truncated_","html_url":"https://github.com/ryancheley/acronym-slackbot/pull/335","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryancheley%2Facronym-slackbot/issues/335","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/335/packages"},{"uuid":"4367715667","node_id":"PR_kwDOPkAzw87XlYLM","number":109,"state":"closed","title":"build(deps): bump the pip group with 10 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-10T00:56:49.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-02T03:12:49.000Z","updated_at":"2026-05-10T00:56:51.000Z","time_to_close":683040,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"pip","update_count":10,"packages":[{"name":"tzdata","old_version":"2025.3","new_version":"2026.2","repository_url":"https://github.com/python/tzdata"},{"name":"mypy","old_version":"1.19.1","new_version":"1.20.2","repository_url":"https://github.com/python/mypy"},{"name":"ruff","old_version":"0.15.7","new_version":"0.15.12","repository_url":"https://github.com/astral-sh/ruff"},{"name":"zizmor","old_version":"1.23.1","new_version":"1.24.1","repository_url":"https://github.com/zizmorcore/zizmor"},{"name":"semgrep","old_version":"1.156.0","new_version":"1.161.0","repository_url":"https://github.com/semgrep/semgrep"},{"name":"basedpyright","old_version":"1.38.4","new_version":"1.39.3","repository_url":"https://github.com/detachhead/basedpyright"},{"name":"types-setuptools","old_version":"82.0.0.20260210","new_version":"82.0.0.20260408","repository_url":"https://github.com/python/typeshed"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"adaptix","old_version":"3.0.0b11","new_version":"3.0.0b12","repository_url":"https://github.com/reagento/adaptix"},{"name":"prek","old_version":"0.3.8","new_version":"0.3.10","repository_url":"https://github.com/j178/prek"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 10 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [tzdata](https://github.com/python/tzdata) | `2025.3` | `2026.2` |\n| [mypy](https://github.com/python/mypy) | `1.19.1` | `1.20.2` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.7` | `0.15.12` |\n| [zizmor](https://github.com/zizmorcore/zizmor) | `1.23.1` | `1.24.1` |\n| [semgrep](https://github.com/semgrep/semgrep) | `1.156.0` | `1.161.0` |\n| [basedpyright](https://github.com/detachhead/basedpyright) | `1.38.4` | `1.39.3` |\n| [types-setuptools](https://github.com/python/typeshed) | `82.0.0.20260210` | `82.0.0.20260408` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [adaptix](https://github.com/reagento/adaptix) | `3.0.0b11` | `3.0.0b12` |\n| [prek](https://github.com/j178/prek) | `0.3.8` | `0.3.10` |\n\nUpdates `tzdata` from 2025.3 to 2026.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/tzdata/releases\"\u003etzdata's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2026.2: Release of upstream tzdata 2026b\u003c/h2\u003e\n\u003ch1\u003eVersion 2026.2\u003c/h1\u003e\n\u003cp\u003eUpstream version 2026b released 2026-04-23T06:06:43+00:00\u003c/p\u003e\n\u003ch2\u003eBriefly:\u003c/h2\u003e\n\u003cp\u003eBritish Columbia moved to permanent -07 on 2026-03-09. Some more overflow bugs\nhave been fixed in zic.\u003c/p\u003e\n\u003ch2\u003eChanges to future timestamps\u003c/h2\u003e\n\u003cp\u003eBritish Columbia’s 2026-03-08 spring forward was its last foreseeable clock\nchange, as it moved to permanent -07 thereafter. (Thanks to Arthur David Olson.)\nAlthough the change to permanent -07 legally took place on 2026-03-09,\ntemporarily model the change to occur on 2026-11-01 at 02:00 instead.  This\nworks around a limitation in CLDR v48.2 (2026-03-17).  This temporary hack is\nplanned to be removed after CLDR is fixed.\u003c/p\u003e\n\u003ch2\u003e2026.1: Release of upstream tzdata 2026a\u003c/h2\u003e\n\u003ch1\u003eVersion 2026.1\u003c/h1\u003e\n\u003cp\u003eUpstream version 2026a released 2026-03-02T06:59:49+00:00\u003c/p\u003e\n\u003ch2\u003eBriefly:\u003c/h2\u003e\n\u003cp\u003eMoldova has used EU transition times since 2022. The \u0026quot;right\u0026quot; TZif files are no\nlonger installed by default. -DTZ_RUNTIME_LEAPS=0 disables runtime support for\nleap seconds. TZif files are no longer limited to 50 bytes of abbreviations. zic\nis no longer limited to 50 leap seconds. Several integer overflow bugs have been\nfixed.\u003c/p\u003e\n\u003ch2\u003eChanges to past and future timestamps\u003c/h2\u003e\n\u003cp\u003eSince 2022 Moldova has observed EU transition times, that is, it has sprung\nforward at 03:00, not 02:00, and has fallen back at 04:00, not 03:00.  (Thanks\nto Heitor David Pinto.)\u003c/p\u003e\n\u003ch2\u003eChanges to data\u003c/h2\u003e\n\u003cp\u003eRemove Europe/Chisinau from zonenow.tab, as it now agrees with Europe/Athens for\nfuture timestamps.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/tzdata/blob/master/NEWS.md\"\u003etzdata's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eVersion 2026.2\u003c/h1\u003e\n\u003cp\u003eUpstream version 2026b released 2026-04-23T06:06:43+00:00\u003c/p\u003e\n\u003ch2\u003eBriefly:\u003c/h2\u003e\n\u003cp\u003eBritish Columbia moved to permanent -07 on 2026-03-09. Some more overflow bugs\nhave been fixed in zic.\u003c/p\u003e\n\u003ch2\u003eChanges to future timestamps\u003c/h2\u003e\n\u003cp\u003eBritish Columbia’s 2026-03-08 spring forward was its last foreseeable clock\nchange, as it moved to permanent -07 thereafter. (Thanks to Arthur David Olson.)\nAlthough the change to permanent -07 legally took place on 2026-03-09,\ntemporarily model the change to occur on 2026-11-01 at 02:00 instead.  This\nworks around a limitation in CLDR v48.2 (2026-03-17).  This temporary hack is\nplanned to be removed after CLDR is fixed.\u003c/p\u003e\n\u003chr /\u003e\n\u003ch1\u003eVersion 2026.1\u003c/h1\u003e\n\u003cp\u003eUpstream version 2026a released 2026-03-02T06:59:49+00:00\u003c/p\u003e\n\u003ch2\u003eBriefly:\u003c/h2\u003e\n\u003cp\u003eMoldova has used EU transition times since 2022. The \u0026quot;right\u0026quot; TZif files are no\nlonger installed by default. -DTZ_RUNTIME_LEAPS=0 disables runtime support for\nleap seconds. TZif files are no longer limited to 50 bytes of abbreviations. zic\nis no longer limited to 50 leap seconds. Several integer overflow bugs have been\nfixed.\u003c/p\u003e\n\u003ch2\u003eChanges to past and future timestamps\u003c/h2\u003e\n\u003cp\u003eSince 2022 Moldova has observed EU transition times, that is, it has sprung\nforward at 03:00, not 02:00, and has fallen back at 04:00, not 03:00.  (Thanks\nto Heitor David Pinto.)\u003c/p\u003e\n\u003ch2\u003eChanges to data\u003c/h2\u003e\n\u003cp\u003eRemove Europe/Chisinau from zonenow.tab, as it now agrees with Europe/Athens for\nfuture timestamps.\u003c/p\u003e\n\u003chr /\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/tzdata/commit/1ed894339a0c37a85f8ba2a7c4d7696934d332dd\"\u003e\u003ccode\u003e1ed8943\u003c/code\u003e\u003c/a\u003e Update tzdata to version '2026b' (\u003ca href=\"https://redirect.github.com/python/tzdata/issues/135\"\u003e#135\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/tzdata/commit/e3b22091aee75327395795921d760e63ffe0108f\"\u003e\u003ccode\u003ee3b2209\u003c/code\u003e\u003c/a\u003e Add 14-day cooldown to Dependabot\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/tzdata/commit/7e5b59524958a6fbcec790869b4995e5c317f010\"\u003e\u003ccode\u003e7e5b595\u003c/code\u003e\u003c/a\u003e Hash pin GitHub Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/tzdata/commit/4997cab882668ef36ced53c797a7eecc229d6f66\"\u003e\u003ccode\u003e4997cab\u003c/code\u003e\u003c/a\u003e Update tzdata to version '2026a' (\u003ca href=\"https://redirect.github.com/python/tzdata/issues/123\"\u003e#123\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/tzdata/commit/4d6c41f43dd1ed4d628d56846cf4166cad60f9b8\"\u003e\u003ccode\u003e4d6c41f\u003c/code\u003e\u003c/a\u003e Update development status to 'Production/Stable' (\u003ca href=\"https://redirect.github.com/python/tzdata/issues/127\"\u003e#127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/tzdata/commit/7c1ce8547dc9dee4fd99a11c714bf0d298e3230b\"\u003e\u003ccode\u003e7c1ce85\u003c/code\u003e\u003c/a\u003e Remove 'v' from tags in auto-tag.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/tzdata/commit/77a9c09c77d3da6dee96901693d31085f066a880\"\u003e\u003ccode\u003e77a9c09\u003c/code\u003e\u003c/a\u003e Update docs links to \u003ccode\u003etzdata.python.org\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python/tzdata/issues/125\"\u003e#125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/tzdata/commit/11148f66c434baa91cda04aaa04fdd1d1c6e0a98\"\u003e\u003ccode\u003e11148f6\u003c/code\u003e\u003c/a\u003e Remove quotes from update branch names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/tzdata/commit/98fa430db23193017082f4c53d6769ddde969466\"\u003e\u003ccode\u003e98fa430\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 in the actions group (\u003ca href=\"https://redirect.github.com/python/tzdata/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/tzdata/commit/7ef7c619a258efbd473f250d774e5a014ad0f19b\"\u003e\u003ccode\u003e7ef7c61\u003c/code\u003e\u003c/a\u003e Add auto-tag workflow (\u003ca href=\"https://redirect.github.com/python/tzdata/issues/110\"\u003e#110\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/tzdata/compare/2025.3...2026.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mypy` from 1.19.1 to 1.20.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/mypy/blob/master/CHANGELOG.md\"\u003emypy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003eMypy 1.20.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse WAL with SQLite cache and fix close (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21154\"\u003e21154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdjust SQLite journal mode (Ivan Levkivskyi, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21217\"\u003e21217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrectly aggregate narrowing information on parent expressions (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21206\"\u003e21206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix regression related to generic callables (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21208\"\u003e21208\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix regression by avoiding widening types in some contexts (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21242\"\u003e21242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix slicing in non-strict optional mode (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21282\"\u003e21282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emypyc: Fix match statement semantics for \u0026quot;or\u0026quot; pattern (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21156\"\u003e21156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emypyc: Fix issue with module dunder attributes (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21275\"\u003e21275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInitial support for Python 3.15.0a8 (Marc Mueller, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21255\"\u003e21255\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAcknowledgements\u003c/h3\u003e\n\u003cp\u003eThanks to all mypy contributors who contributed to this release:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eA5rocks\u003c/li\u003e\n\u003cli\u003eAaron Wieczorek\u003c/li\u003e\n\u003cli\u003eAdam Turner\u003c/li\u003e\n\u003cli\u003eAli Hamdan\u003c/li\u003e\n\u003cli\u003easce\u003c/li\u003e\n\u003cli\u003eBobTheBuidler\u003c/li\u003e\n\u003cli\u003eBrent Westbrook\u003c/li\u003e\n\u003cli\u003eBrian Schubert\u003c/li\u003e\n\u003cli\u003ebzoracler\u003c/li\u003e\n\u003cli\u003eChris Burroughs\u003c/li\u003e\n\u003cli\u003eChristoph Tyralla\u003c/li\u003e\n\u003cli\u003eColin Watson\u003c/li\u003e\n\u003cli\u003eDonghoon Nam\u003c/li\u003e\n\u003cli\u003eE. M. Bray\u003c/li\u003e\n\u003cli\u003eEmma Smith\u003c/li\u003e\n\u003cli\u003eEthan Sarp\u003c/li\u003e\n\u003cli\u003eGeorge Ogden\u003c/li\u003e\n\u003cli\u003egetzze\u003c/li\u003e\n\u003cli\u003egrayjk\u003c/li\u003e\n\u003cli\u003eGregor Riepl\u003c/li\u003e\n\u003cli\u003eIvan Levkivskyi\u003c/li\u003e\n\u003cli\u003eJames Hilliard\u003c/li\u003e\n\u003cli\u003eJames Le Cuirot\u003c/li\u003e\n\u003cli\u003eJeremy Nimmer\u003c/li\u003e\n\u003cli\u003eJoren Hammudoglu\u003c/li\u003e\n\u003cli\u003eKai (Kazuya Ito)\u003c/li\u003e\n\u003cli\u003ekaushal trivedi\u003c/li\u003e\n\u003cli\u003eKevin Kannammalil\u003c/li\u003e\n\u003cli\u003eLukas Geiger\u003c/li\u003e\n\u003cli\u003eŁukasz Langa\u003c/li\u003e\n\u003cli\u003eMarc Mueller\u003c/li\u003e\n\u003cli\u003eMichael R. Crusoe\u003c/li\u003e\n\u003cli\u003emichaelm-openai\u003c/li\u003e\n\u003cli\u003eNeil Schemenauer\u003c/li\u003e\n\u003cli\u003ePiotr Sawicki\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/145a062651b5f9996b75ef32b7040bd2e885ed82\"\u003e\u003ccode\u003e145a062\u003c/code\u003e\u003c/a\u003e Bump version to 1.20.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/81cd49215c288eacb987de066f02daff2553b7c7\"\u003e\u003ccode\u003e81cd492\u003c/code\u003e\u003c/a\u003e Fix slicing with nonstrict optional (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21282\"\u003e#21282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/908d3441eecbaa2a6193165317177db834d7ca1a\"\u003e\u003ccode\u003e908d344\u003c/code\u003e\u003c/a\u003e [mypyc] Set dunder attrs when adding module to sys.modules (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21275\"\u003e#21275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/ba28610fac9d2b33be210ca8dcfe4bc47b7af424\"\u003e\u003ccode\u003eba28610\u003c/code\u003e\u003c/a\u003e Initial support for Python 3.15.0a8 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21255\"\u003e#21255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/7b0e09f48dbd3717ed008a273cd17e8e960c2037\"\u003e\u003ccode\u003e7b0e09f\u003c/code\u003e\u003c/a\u003e Fix match statement semantics for \u0026quot;or\u0026quot; pattern (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21156\"\u003e#21156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/92b74f226de62f7505f5ef5cb158e8ec9c58b8b7\"\u003e\u003ccode\u003e92b74f2\u003c/code\u003e\u003c/a\u003e Avoid widening types in conditional_types (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21242\"\u003e#21242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/0dcbfaa40b0e360a16baea9cf851955375d91b54\"\u003e\u003ccode\u003e0dcbfaa\u003c/code\u003e\u003c/a\u003e Fix is_overlapping_types for generic callables (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21208\"\u003e#21208\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/210f518dede35292033ef0d387847406a0ccef8f\"\u003e\u003ccode\u003e210f518\u003c/code\u003e\u003c/a\u003e Correctly aggregate narrowing information on parent expressions (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21206\"\u003e#21206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/c34530e53a10e385d8b0f1af4baa88a596b5ceaa\"\u003e\u003ccode\u003ec34530e\u003c/code\u003e\u003c/a\u003e Only set journal mode in coordinator (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21217\"\u003e#21217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/79a3ec6d01b56a27c00e9b3320c2b1d4d73a77f9\"\u003e\u003ccode\u003e79a3ec6\u003c/code\u003e\u003c/a\u003e Use WAL with SQLite cache, fix close (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21154\"\u003e#21154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/mypy/compare/v1.19.1...v1.20.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.7 to 0.15.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.12\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-24.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ccode\u003e#ruff:file-ignore\u003c/code\u003e file-level suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23599\"\u003e#23599\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003e#ruff:ignore\u003c/code\u003e logical-line suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23404\"\u003e#23404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRevert preview changes to displayed diagnostic severity in LSP (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24789\"\u003e#24789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003etask-branch-as-short-circuit\u003c/code\u003e (\u003ccode\u003eAIR004\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23579\"\u003e#23579\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-bugbear\u003c/code\u003e] Fix \u003ccode\u003ebreak\u003c/code\u003e/\u003ccode\u003econtinue\u003c/code\u003e handling in \u003ccode\u003eloop-iterator-mutation\u003c/code\u003e (\u003ccode\u003eB909\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24440\"\u003e#24440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Fix \u003ccode\u003ePLC2701\u003c/code\u003e for type parameter scopes (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24576\"\u003e#24576\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003epandas-vet\u003c/code\u003e] Suggest \u003ccode\u003e.array\u003c/code\u003e as well in \u003ccode\u003ePD011\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24805\"\u003e#24805\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRespect default Unix permissions for cache files (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24794\"\u003e#24794\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Fix \u003ccode\u003ePLR0124\u003c/code\u003e description not to claim self-comparison always returns the same value (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24749\"\u003e#24749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Expand docs on reusable \u003ccode\u003eTypeVar\u003c/code\u003es and scoping (\u003ccode\u003eUP046\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24153\"\u003e#24153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove rules table accessibility (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24711\"\u003e#24711\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dylwil3\"\u003e\u003ccode\u003e@​dylwil3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/woodruffw\"\u003e\u003ccode\u003e@​woodruffw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/avasis-ai\"\u003e\u003ccode\u003e@​avasis-ai\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Dev-iL\"\u003e\u003ccode\u003e@​Dev-iL\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/denyszhak\"\u003e\u003ccode\u003e@​denyszhak\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ShipItAndPray\"\u003e\u003ccode\u003e@​ShipItAndPray\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/augustelalande\"\u003e\u003ccode\u003e@​augustelalande\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amyreese\"\u003e\u003ccode\u003e@​amyreese\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/majiayu000\"\u003e\u003ccode\u003e@​majiayu000\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall ruff 0.15.12\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.12/ruff-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.12\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-24.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ccode\u003e#ruff:file-ignore\u003c/code\u003e file-level suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23599\"\u003e#23599\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003e#ruff:ignore\u003c/code\u003e logical-line suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23404\"\u003e#23404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRevert preview changes to displayed diagnostic severity in LSP (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24789\"\u003e#24789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003etask-branch-as-short-circuit\u003c/code\u003e (\u003ccode\u003eAIR004\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23579\"\u003e#23579\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-bugbear\u003c/code\u003e] Fix \u003ccode\u003ebreak\u003c/code\u003e/\u003ccode\u003econtinue\u003c/code\u003e handling in \u003ccode\u003eloop-iterator-mutation\u003c/code\u003e (\u003ccode\u003eB909\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24440\"\u003e#24440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Fix \u003ccode\u003ePLC2701\u003c/code\u003e for type parameter scopes (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24576\"\u003e#24576\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003epandas-vet\u003c/code\u003e] Suggest \u003ccode\u003e.array\u003c/code\u003e as well in \u003ccode\u003ePD011\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24805\"\u003e#24805\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRespect default Unix permissions for cache files (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24794\"\u003e#24794\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Fix \u003ccode\u003ePLR0124\u003c/code\u003e description not to claim self-comparison always returns the same value (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24749\"\u003e#24749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Expand docs on reusable \u003ccode\u003eTypeVar\u003c/code\u003es and scoping (\u003ccode\u003eUP046\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24153\"\u003e#24153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove rules table accessibility (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24711\"\u003e#24711\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dylwil3\"\u003e\u003ccode\u003e@​dylwil3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/woodruffw\"\u003e\u003ccode\u003e@​woodruffw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/avasis-ai\"\u003e\u003ccode\u003e@​avasis-ai\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Dev-iL\"\u003e\u003ccode\u003e@​Dev-iL\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/denyszhak\"\u003e\u003ccode\u003e@​denyszhak\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ShipItAndPray\"\u003e\u003ccode\u003e@​ShipItAndPray\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/augustelalande\"\u003e\u003ccode\u003e@​augustelalande\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amyreese\"\u003e\u003ccode\u003e@​amyreese\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/majiayu000\"\u003e\u003ccode\u003e@​majiayu000\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.15.11\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-16.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Ignore \u003ccode\u003eRUF029\u003c/code\u003e when function is decorated with \u003ccode\u003easynccontextmanager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24642\"\u003e#24642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-xcom-pull-in-template-string\u003c/code\u003e (\u003ccode\u003eAIR201\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23583\"\u003e#23583\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-bandit\u003c/code\u003e] Fix \u003ccode\u003eS103\u003c/code\u003e false positives and negatives in mask analysis (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24424\"\u003e#24424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/66f93cf7ed4d36325f35a452e4afa28268fbcd28\"\u003e\u003ccode\u003e66f93cf\u003c/code\u003e\u003c/a\u003e Bump 0.15.12 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24815\"\u003e#24815\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/476a4d02e8e3b6c157ac39979d8b698a1b6baa91\"\u003e\u003ccode\u003e476a4d0\u003c/code\u003e\u003c/a\u003e [ty] Complete support for more detailed diagnostics on possibly unbound error...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/ed669eab30095d6c51fe6cdef6050fb01276bcb3\"\u003e\u003ccode\u003eed669ea\u003c/code\u003e\u003c/a\u003e Implement \u003ccode\u003e#ruff:file-ignore\u003c/code\u003e file-level suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23599\"\u003e#23599\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/e73d952e43feb51356ee740c5a973fce81396ff6\"\u003e\u003ccode\u003ee73d952\u003c/code\u003e\u003c/a\u003e [ty] Include inferred type in \u003ccode\u003einvalid-key\u003c/code\u003e concise diagnostic for union/inte...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/80feb29b31cd98c093316df2e0407b0c70c01b55\"\u003e\u003ccode\u003e80feb29\u003c/code\u003e\u003c/a\u003e [ty] report only dead annotation-only locals as unused (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24811\"\u003e#24811\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/0fbf2bc27336a3d17d39af52cf89b78dcda8c7c8\"\u003e\u003ccode\u003e0fbf2bc\u003c/code\u003e\u003c/a\u003e Drop deprecated license classifier (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24808\"\u003e#24808\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/43b174cc7f2fcb0080bb1d4843cd4bf6b72bbe27\"\u003e\u003ccode\u003e43b174c\u003c/code\u003e\u003c/a\u003e [ty] Infer lambda parameter types with \u003ccode\u003eCallable\u003c/code\u003e type context (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24317\"\u003e#24317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/4f449ae4a2377569330a5ab94799d389357b5a3f\"\u003e\u003ccode\u003e4f449ae\u003c/code\u003e\u003c/a\u003e [ty] Add error context for intersection types (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24772\"\u003e#24772\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/5b4e753acb46e96ad408e4904c15308e33efe307\"\u003e\u003ccode\u003e5b4e753\u003c/code\u003e\u003c/a\u003e [ty] Add support for goto in literal enum member inlay hint (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24792\"\u003e#24792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/e7cc76275a758ce1c636ea1c2d091fd576aac794\"\u003e\u003ccode\u003ee7cc762\u003c/code\u003e\u003c/a\u003e [ty] Add error context for TypedDict assignments (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24790\"\u003e#24790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.7...0.15.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmor` from 1.23.1 to 1.24.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.24.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#ref-version-mismatch\"\u003eref-version-mismatch\u003c/a\u003e audit would incorrectly flag some version comments as not containing an appropriate version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1900\"\u003e#1900\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.24.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ezizmor now allows users to audit from stdin, by passing zizmor - (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1611\"\u003e#1611\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#use-trusted-publishing\"\u003euse-trusted-publishing\u003c/a\u003e audit now detects bun publish and bunx npm publish patterns (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1737\"\u003e#1737\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's CLI help and usage output now uses a custom color scheme for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1747\"\u003e#1747\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#secrets-outside-env\"\u003esecrets-outside-env\u003c/a\u003e audit is now configurable with an allowlist of secret names that should not be flagged, even when referenced outside of an environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1759\"\u003e#1759\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/rmuir\"\u003e\u003ccode\u003e@​rmuir\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#dependabot-cooldown\"\u003edependabot-cooldown\u003c/a\u003e audit now emits a pedantic finding whenever it encounters a cooldown used with a multi-ecosystem-group, as the two do not interact well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh release upload as a replacement for \u003ca href=\"https://github.com/svenstaro/upload-release-action\"\u003esvenstaro/upload-release-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1801\"\u003e#1801\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue create as a replacement for \u003ca href=\"https://github.com/dacbd/create-issue-action\"\u003edacbd/create-issue-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1873\"\u003e#1873\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit now emits a finding for with: ${{ expr }} clauses cannot be analyzed (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1772\"\u003e#1772\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor --help is now rendered with option groups for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1831\"\u003e#1831\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/deckstose\"\u003e\u003ccode\u003e@​deckstose\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's SARIF output now uses codeflows instead of related locations, improving its rendering behavior on GitHub Advanced Security (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#ref-version-mismatch\"\u003eref-version-mismatch\u003c/a\u003e audit now uses a more useful audit description for its findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-images\"\u003eunpinned-images\u003c/a\u003e audit now produces more precise findings for image references that are computed through expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1756\"\u003e#1756\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/miketheman\"\u003e\u003ccode\u003e@​miketheman\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#ref-version-mismatch\"\u003eref-version-mismatch\u003c/a\u003e audit now detects missing version comments as well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1849\"\u003e#1849\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#concurrency-limits\"\u003econcurrency-limits\u003c/a\u003e audit reported findings at the job level instead of the workflow level (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1627\"\u003e#1627\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.24.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the [ref-version-mismatch] audit would incorrectly flag\nsome version comments as not containing an appropriate version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1900\"\u003e#1900\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.24.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ezizmor\u003c/code\u003e now allows users to audit from stdin, by passing \u003ccode\u003ezizmor -\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1611\"\u003e#1611\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [use-trusted-publishing] audit now detects \u003ccode\u003ebun publish\u003c/code\u003e and \u003ccode\u003ebunx npm publish\u003c/code\u003e\npatterns (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1737\"\u003e#1737\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e's CLI help and usage output now uses a custom color scheme for\nimproved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1747\"\u003e#1747\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [secrets-outside-env] audit is now configurable with an allowlist of\nsecret names that should not be flagged, even when referenced outside of\nan environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1759\"\u003e#1759\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/rmuir\"\u003e\u003ccode\u003e@​rmuir\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [dependabot-cooldown] audit now emits a pedantic finding whenever\nit encounters a cooldown used with a multi-ecosystem-group, as the two\ndo not interact well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh release upload\u003c/code\u003e as a replacement for \u003ccode\u003e@​svenstaro/upload-release-action\u003c/code\u003e in\n[superfluous-actions] (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1801\"\u003e#1801\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh issue create\u003c/code\u003e as a replacement for \u003ccode\u003e@​dacbd/create-issue-action\u003c/code\u003e in\n[superfluous-actions] (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1873\"\u003e#1873\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [obfuscation] audit now emits a finding for \u003ccode\u003ewith: ${{ expr }}\u003c/code\u003e\nclauses cannot be analyzed (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1772\"\u003e#1772\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor --help\u003c/code\u003e is now rendered with option groups for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1831\"\u003e#1831\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/deckstose\"\u003e\u003ccode\u003e@​deckstose\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's SARIF output now uses codeflows instead of related locations,\nimproving its rendering behavior on GitHub Advanced Security (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [ref-version-mismatch] audit now uses a more useful audit description\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/2eaf42bcccfed62978cee0905902acbc294d5123\"\u003e\u003ccode\u003e2eaf42b\u003c/code\u003e\u003c/a\u003e ref-version-mismatch: handle version comments without v prefix (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1900\"\u003e#1900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/a3b72b8f26946fd057c016d5ec83b77cc4cfdad2\"\u003e\u003ccode\u003ea3b72b8\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1897\"\u003e#1897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/d5aba605f4267b96e34775de183955ff0a3197ad\"\u003e\u003ccode\u003ed5aba60\u003c/code\u003e\u003c/a\u003e zizmor v1.24.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1890\"\u003e#1890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/1e762ac3c0354d68ddcac0ccc0af6879e8b38aa6\"\u003e\u003ccode\u003e1e762ac\u003c/code\u003e\u003c/a\u003e zizmor v1.24.0-rc3 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1889\"\u003e#1889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/b79c9dc84c096d6c7becabd9581c61c9347bf4f7\"\u003e\u003ccode\u003eb79c9dc\u003c/code\u003e\u003c/a\u003e Fix release CI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1888\"\u003e#1888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/eb113ad5c5f8c25c79dd0b4705d420096a35ba2d\"\u003e\u003ccode\u003eeb113ad\u003c/code\u003e\u003c/a\u003e Unify crate versions and publishing (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1887\"\u003e#1887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/91bcb96244214bea0d62982fba3bc825f9604af9\"\u003e\u003ccode\u003e91bcb96\u003c/code\u003e\u003c/a\u003e Use the GitHub client's host correctly in two more places (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1881\"\u003e#1881\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/3ed8316a1ce22a3f9c887c1021992ca19d31dce4\"\u003e\u003ccode\u003e3ed8316\u003c/code\u003e\u003c/a\u003e chore: use \u003ccode\u003etracing\u003c/code\u003e for printing the welcome message (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1886\"\u003e#1886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/484acedf381a7553f663309b44def3b7953fb4d8\"\u003e\u003ccode\u003e484aced\u003c/code\u003e\u003c/a\u003e feat(ref-version-mismatch): detect missing version comments on SHA-pinned act...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/7ee374f5db0b69b96ef4f7ba89d0c33c8a93a7ba\"\u003e\u003ccode\u003e7ee374f\u003c/code\u003e\u003c/a\u003e KATs for GitHub Actions expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1857\"\u003e#1857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.23.1...v1.24.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `semgrep` from 1.156.0 to 1.161.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/semgrep/semgrep/releases\"\u003esemgrep's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v1.161.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/semgrep/semgrep/releases/tag/v1.161.0\"\u003e1.161.0\u003c/a\u003e - 2026-04-22\u003c/h2\u003e\n\u003ch3\u003e### Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eScala 3.4+ trait parameters are now parsed correctly. (lang-73)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e### Fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSemgrep's HTTP requests no longer log URLs above the debug level; full request\ndetails remain available when running with \u003ccode\u003eSEMGREP_LOG_SRCS=cohttp.client\u003c/code\u003e. (ENGINE-2712)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.160.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/semgrep/semgrep/releases/tag/v1.160.0\"\u003e1.160.0\u003c/a\u003e - 2026-04-16\u003c/h2\u003e\n\u003ch3\u003e### Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eScala: Added tree-sitter parser for improved parsing accuracy with pfff fallback. (LANG-255)\u003c/li\u003e\n\u003cli\u003epro: taint: Improved support for variadic functions (LANG-375)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e### Fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed performance issues during parsing Semgrep rules containing emoji or\nother non-BMP Unicode characters. (\u003ca href=\"https://redirect.github.com/semgrep/semgrep/issues/6070\"\u003egh-6070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEmit a warning when semgrep-core rule validation fails and falls back to JSON\nschema validation, alongside details of the failure. (\u003ca href=\"https://redirect.github.com/semgrep/semgrep/issues/6071\"\u003egh-6071\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.159.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/semgrep/semgrep/releases/tag/v1.159.0\"\u003e1.159.0\u003c/a\u003e - 2026-04-10\u003c/h2\u003e\n\u003ch3\u003e### Fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSemgrep now reports an error instead of silently returning zero findings when target file discovery fails (e.g., due to a git ls-files failure). (ENGINE-2626)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.158.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/semgrep/semgrep/releases/tag/v1.158.0\"\u003e1.158.0\u003c/a\u003e - 2026-04-09\u003c/h2\u003e\n\u003ch3\u003e### Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for a supply chain hook for the Semgrep Plugin (supply-chain-hook)\u003c/li\u003e\n\u003cli\u003eComputing taint configs, ~1/4-1/2 of the semgrep-core time in interfile scans, is now done in parallel according to the number of jobs (ENGINE-2649)\u003c/li\u003e\n\u003cli\u003eSemgrep Pro interfile engine (--pro) taint analysis has been redesigned, significantly improving performance (estimated 20-40% improvement). This improvement introduces a slight change in how findings are generated, that may result in more true positives, or less false positives. To revert to previous behavior, pass \u003ccode\u003e--no-x-run-taint-once\u003c/code\u003e as a flag. (engine-2468)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e### Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esemgrep-core macOS binaries are now dynamically linked to the system's libraries. (macos-binary-build)\u003c/li\u003e\n\u003cli\u003esemgrep-core manylinux binaries are now dynamically linked to the system's glibc on glibc systems. This introduces a minimum glibc version requirement of \u0026gt;=2.35, which is satisfied in Ubuntu \u0026gt;=22.04, Debian \u0026gt;=12, RHEL \u0026gt;=10, and other glibc distributions with at least glibc 2.35. Linux systems running an older glibc will need to upgrade their OS. (manylinux-binary-build)\u003c/li\u003e\n\u003cli\u003eThe manylinux wheel is now tagged as manylinux_2_35_\u003c!-- raw HTML omitted --\u003e, reflecting a minimum\nrequirement of glibc version 2.35. (manylinux-wheel-tag)\u003c/li\u003e\n\u003cli\u003esemgrep-core musllinux binaries are now dynamically linked to the system's musl libc on musl systems. (musllinux-binary-build)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/semgrep/semgrep/blob/develop/CHANGELOG.md\"\u003esemgrep's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/semgrep/semgrep/releases/tag/v1.161.0\"\u003e1.161.0\u003c/a\u003e - 2026-04-22\u003c/h2\u003e\n\u003ch3\u003e### Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eScala 3.4+ trait parameters are now parsed correctly. (lang-73)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e### Fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSemgrep's HTTP requests no longer log URLs above the debug level; full request\ndetails remain available when running with \u003ccode\u003eSEMGREP_LOG_SRCS=cohttp.client\u003c/code\u003e. (ENGINE-2712)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/semgrep/semgrep/releases/tag/v1.160.0\"\u003e1.160.0\u003c/a\u003e - 2026-04-16\u003c/h2\u003e\n\u003ch3\u003e### Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eScala: Added tree-sitter parser for improved parsing accuracy with pfff fallback. (LANG-255)\u003c/li\u003e\n\u003cli\u003epro: taint: Improved support for variadic functions (LANG-375)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e### Fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed performance issues during parsing Semgrep rules containing emoji or\nother non-BMP Unicode characters. (\u003ca href=\"https://redirect.github.com/semgrep/semgrep/issues/6070\"\u003egh-6070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEmit a warning when semgrep-core rule validation fails and falls back to JSON\nschema validation, alongside details of the failure. (\u003ca href=\"https://redirect.github.com/semgrep/semgrep/issues/6071\"\u003egh-6071\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/semgrep/semgrep/releases/tag/v1.159.0\"\u003e1.159.0\u003c/a\u003e - 2026-04-10\u003c/h2\u003e\n\u003ch3\u003e### Fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSemgrep now reports an error instead of silently returning zero findings when target file discovery fails (e.g., due to a git ls-files failure). (ENGINE-2626)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/semgrep/semgrep/releases/tag/v1.158.0\"\u003e1.158.0\u003c/a\u003e - 2026-04-09\u003c/h2\u003e\n\u003ch3\u003e### Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for a supply chain hook for the Semgrep Plugin (supply-chain-hook)\u003c/li\u003e\n\u003cli\u003eComputing taint configs, ~1/4-1/2 of the semgrep-core time in interfile scans, is now done in parallel according to the number of jobs (ENGINE-2649)\u003c/li\u003e\n\u003cli\u003eSemgrep Pro interfile engine (--pro) taint analysis has been redesigned, significantly improving performance (estimated 20-40% improvement). This improvement introduces a slight change in how findings are generated, that may result in more true positives, or less false positives. To revert to previous behavior, pass \u003ccode\u003e--no-x-run-taint-once\u003c/code\u003e as a flag. (engine-2468)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e### Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esemgrep-core macOS binaries are now dynamically linked to the system's libraries. (macos-binary-build)\u003c/li\u003e\n\u003cli\u003esemgrep-core manylinux binaries are now dynamically linked to the system's glibc on glibc systems. This introduces a minimum glibc version requirement of \u0026gt;=2.35, which is satisfied in Ubuntu \u0026gt;=22.04, Debian \u0026gt;=12, RHEL \u0026gt;=10, and other glibc distributions with at least glibc 2.35. Linux systems running an older glibc will need to upgrade their OS. (manylinux-binary-build)\u003c/li\u003e\n\u003cli\u003eThe manylinux wheel is now tagged as manylinux_2_35_\u003c!-- raw HTML omitted --\u003e, reflecting a minimum\nrequirement of glibc version 2.35. (manylinux-wheel-tag)\u003c/li\u003e\n\u003cli\u003esemgrep-core musllinux binaries are now dynamically linked to the system's musl libc on musl systems. (musllinux-binary-build)\u003c/li\u003e\n\u003cli\u003eThe musllinux PyPI wheel is now tagged as musllinux_1_2_\u003c!-- raw HTML omitted --\u003e, reflecting a requirement\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/semgrep/semgrep/commit/34b079df03bd8ed6860552adf3905cc5d146dc4d\"\u003e\u003ccode\u003e34b079d\u003c/code\u003e\u003c/a\u003e chore: release version 1.161.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/semgrep/semgrep/commit/1e6302b4fde5950a805bf5c0abd7d879f11b9f6b\"\u003e\u003ccode\u003e1e6302b\u003c/code\u003e\u003c/a\u003e\u003ccode\u003esemgrep/semgrep-proprietary#6115\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/semgrep/semgrep/commit/9859b4e2e73cff0211d3b4463fe96ab334989c68\"\u003e\u003ccode\u003e9859b4e\u003c/code\u003e\u003c/a\u003e http_helpers: \u003ccode\u003escrub_uri\u003c/code\u003e for safer URI logging (semgrep/semgrep-proprietary#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/semgrep/semgrep/commit/e2916c14861468bc7e2cee1f8b5276a76b91452c\"\u003e\u003ccode\u003ee2916c1\u003c/code\u003e\u003c/a\u003e scrub URLs from http_helpers logs and returned errors (semgrep/semgrep-propri...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/semgrep/semgrep/commit/341da2a7ed8510686d9c43e69e6c396c54bb1dc3\"\u003e\u003ccode\u003e341da2a\u003c/code\u003e\u003c/a\u003e\u003ccode\u003esemgrep/semgrep-proprietary#6099\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/semgrep/semgrep/commit/eae9a00ede6425c3f8c9be3b2f5b78d7b92ec91b\"\u003e\u003ccode\u003eeae9a00\u003c/code\u003e\u003c/a\u003e fix: correct \u003ccode\u003eis_obrace\u003c/code\u003e to \u003ccode\u003eis_cbrace\u003c/code\u003e for closing brace count (semgrep/semg...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/semgrep/semgrep/commit/d668b7179b3b3dbb210f35518595d242c667bea2\"\u003e\u003ccode\u003ed668b71\u003c/code\u003e\u003c/a\u003e chore(backend): deprecate scan endpoint v1 for semgrep ci (semgrep/semgrep-pr...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/semgrep/semgrep/commit/d981dbfdf752e9cf9bc8a1a4f177b3d05a32c944\"\u003e\u003ccode\u003ed981dbf\u003c/code\u003e\u003c/a\u003e\u003ccode\u003esemgrep/semgrep-proprietary#6098\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/semgrep/semgrep/commit/2ee8536b33fad02ab3b63868014a72583ad108a6\"\u003e\u003ccode\u003e2ee8536\u003c/code\u003e\u003c/a\u003e\u003ccode\u003esemgrep/semgrep-proprietary#6102\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/semgrep/semgrep/commit/00fa4efaa465f3a58a18b511a4b12a165620069c\"\u003e\u003ccode\u003e00fa4ef\u003c/code\u003e\u003c/a\u003e\u003ccode\u003esemgrep/semgrep-proprietary#6097\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/semgrep/semgrep/compare/v1.156.0...v1.161.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basedpyright` from 1.38.4 to 1.39.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/5f6672701c5b6a739563894256418845239be2a2\"\u003e\u003ccode\u003e5f66727\u003c/code\u003e\u003c/a\u003e 1.39.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/d8741dfc88be16e11c66cceff78e6e2634ddf49b\"\u003e\u003ccode\u003ed8741df\u003c/code\u003e\u003c/a\u003e hopefully fix docs deployment job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/ceb200c192bb53629b4c62fdc082ec27b108f316\"\u003e\u003ccode\u003eceb200c\u003c/code\u003e\u003c/a\u003e 1.39.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/eb7a92cacd2697acb4e36e2f3147333588c88fa7\"\u003e\u003ccode\u003eeb7a92c\u003c/code\u003e\u003c/a\u003e try to fix browser-basedpyright being published with nothing in it\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/dec5306e9aabbce3f9b1b9ec283981d92dd43d80\"\u003e\u003ccode\u003edec5306\u003c/code\u003e\u003c/a\u003e update package-lock.json\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/6db43de5dda601e3cd83998c669c4ecbbfde26f6\"\u003e\u003ccode\u003e6db43de\u003c/code\u003e\u003c/a\u003e 1.39.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/335e48619fa223fe3be0b6560d746a10934509c8\"\u003e\u003ccode\u003e335e486\u003c/code\u003e\u003c/a\u003e fix failing tests from merge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/bbe71b686e84ebbff7699d35dab3376d411bb99d\"\u003e\u003ccode\u003ebbe71b6\u003c/code\u003e\u003c/a\u003e delete newly added github action from upstream that we don't use\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/8f2261891e8ceb278963e84658ebaf054b88e559\"\u003e\u003ccode\u003e8f22618\u003c/code\u003e\u003c/a\u003e update prettierignore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/ff1f5a4af835b14927545c8890b303f48553acac\"\u003e\u003ccode\u003eff1f5a4\u003c/code\u003e\u003c/a\u003e fix compile errors from merge\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/detachhead/basedpyright/compare/v1.38.4...v1.39.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-setuptools` from 82.0.0.20260210 to 82.0.0.20260408\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 9.0.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `adaptix` from 3.0.0b11 to 3.0.0b12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/reagento/adaptix/releases\"\u003eadaptix's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.0b12 — Improved stability\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImprove formatting types inside generics for error messages\u003c/p\u003e\n\u003cp\u003eOld error:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e adaptix.ProviderNotFoundError: Cannot produce dumper for type \u0026lt;class '__main__.Foo'\u0026gt;\r\n × Cannot create dumper for model. Dumpers for some fields cannot be created\r\n │ Location: ‹Foo›\r\n ╰──▷ Cannot create dumper for model. Dumpers for some fields cannot be created\r\n    │ Location: ‹Foo.limit: __main__.MinMax[__main__.Bar]›\r\n    ├──▷ Cannot create dumper for union. Dumpers for some union cases cannot be created\r\n    │  │ Location: ‹__main__.MinMax[__main__.Bar].min: Optional[__main__.Bar]›\r\n    │  ╰──▷ Cannot find dumper\r\n    │       Location: ‹Bar›\r\n    ╰──▷ Cannot create dumper for union. Dumpers for some union cases cannot be created\r\n       │ Location: ‹__main__.MinMax[__main__.Bar].max: Optional[__main__.Bar]›\r\n       ╰──▷ Cannot find dumper\r\n            Location: ‹Bar›\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eNew error:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e adaptix.ProviderNotFoundError: Cannot produce dumper for type \u0026lt;class '__main__.Foo'\u0026gt;\r\n   × Cannot create dumper for model. Dumpers for some fields cannot be created\r\n   │ Location: ‹Foo›\r\n   ╰──▷ Cannot create dumper for model. Dumpers for some fields cannot be created\r\n      │ Location: ‹Foo.limit: MinMax[Bar]›\r\n      ├──▷ Cannot create dumper for union. Dumpers for some union cases cannot be created\r\n      │  │ Location: ‹MinMax[Bar].min: Optional[Bar]›\r\n      │  ╰──▷ Cannot find dumper\r\n      │       Location: ‹Bar›\r\n      ╰──▷ Cannot create dumper for union. Dumpers for some union cases cannot be created\r\n         │ Location: ‹MinMax[Bar].max: Optional[Bar]›\r\n         ╰──▷ Cannot find dumper\r\n              Location: ‹Bar›\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for CPython 3.14\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for PyPy 3.11\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full list of changes at \u003ca href=\"https://adaptix.readthedocs.io/en/latest/reference/changelog.html#v3-0-0b12\"\u003echangelog\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reagento/adaptix/commit/03ef02f823b0486459306722a65ef0b294333c1d\"\u003e\u003ccode\u003e03ef02f\u003c/code\u003e\u003c/a\u003e Increment library version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reagento/adaptix/commit/580a378cc3f875c2a46734a74b81c81ef6b6331b\"\u003e\u003ccode\u003e580a378\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reagento/adaptix/commit/1548cd770682dea5121d7c19d16693ceed9cbed5\"\u003e\u003ccode\u003e1548cd7\u003c/code\u003e\u003c/a\u003e Remove JSON Schema doc from toctree\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reagento/adaptix/commit/9b2d4ce156c892780b1b5f6220eef28c6fd79402\"\u003e\u003ccode\u003e9b2d4ce\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reagento/adaptix/issues/444\"\u003e#444\u003c/a\u003e from reagento/doc/conversion-name-flattening\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reagento/adaptix/commit/5bdea86206a1a6f9dcd3efbe2a6b981da8356579\"\u003e\u003ccode\u003e5bdea86\u003c/code\u003e\u003c/a\u003e Add link_function_structure_flattening example, some doc fixes, adjust doc style\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reagento/adaptix/commit/192212ed154ed4c467b8de16adbc120418188570\"\u003e\u003ccode\u003e192212e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reagento/adaptix/issues/443\"\u003e#443\u003c/a\u003e from reagento/new-generate_json_schemas_namespace\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reagento/adaptix/commit/3050e9695b11efc238927c7e4b3476cda0d6eb78\"\u003e\u003ccode\u003e3050e96\u003c/code\u003e\u003c/a\u003e Add new generate_json_schemas_namespace signature\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reagento/adaptix/commit/c10f1cf002a4f7608670c5a15dda222668d16931\"\u003e\u003ccode\u003ec10f1cf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reagento/adaptix/issues/442\"\u003e#442\u003c/a\u003e from reagento/pyinstaller\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reagento/adaptix/commit/2dc6f9a33a89fd6f9b4c9a6c3d7953de1fde143a\"\u003e\u003ccode\u003e2dc6f9a\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eknown-issues.rst\u003c/code\u003e with PyInstaller\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reagento/adaptix/commit/9d99175da515dec9d137380c878ee48dd17492ee\"\u003e\u003ccode\u003e9d99175\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reagento/adaptix/issues/437\"\u003e#437\u003c/a\u003e from reagento/pr-408\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/reagento/adaptix/compare/v3.0.0b11...v3.0.0b12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `prek` from 0.3.8 to 0.3.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/j178/prek/releases\"\u003eprek's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.3.10\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-21.\u003c/p\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow rev for non-remote repos in schema (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1964\"\u003e#1964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHide up-to-date output in non-verbose mode (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1942\"\u003e#1942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove merge conflict marker detection (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1937\"\u003e#1937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKeep finished hooks visible (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1967\"\u003e#1967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve frozen comment spacing in auto-update (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1945\"\u003e#1945\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReimplement \u003ccode\u003e@j178/prek\u003c/code\u003e npm package (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1973\"\u003e#1973\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrefer stable Rust toolchains (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1974\"\u003e#1974\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eSKILL.md\u003c/code\u003e for prek (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1950\"\u003e#1950\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003egh skill install j178/prek prek\u003c/code\u003e to install prek skill for agents (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1951\"\u003e#1951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove compatibility and migration docs (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1940\"\u003e#1940\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSync latest identify tags (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1947\"\u003e#1947\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall prek 0.3.10\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://github.com/j178/prek/releases/download/v0.3.10/prek-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via powershell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003epowershell -ExecutionPolicy Bypass -c \u0026quot;irm https://github.com/j178/prek/releases/download/v0.3.10/prek-installer.ps1 | iex\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via Homebrew\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/j178/prek/blob/master/CHANGELOG.md\"\u003eprek's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.3.10\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-21.\u003c/p\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow rev for non-remote repos in schema (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1964\"\u003e#1964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHide up-to-date output in non-verbose mode (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1942\"\u003e#1942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove merge conflict marker detection (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1937\"\u003e#1937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKeep finished hooks visible (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1967\"\u003e#1967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve frozen comment spacing in auto-update (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1945\"\u003e#1945\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReimplement \u003ccode\u003e@j178/prek\u003c/code\u003e npm package (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1973\"\u003e#1973\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrefer stable Rust toolchains (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1974\"\u003e#1974\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eSKILL.md\u003c/code\u003e for prek (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1950\"\u003e#1950\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003egh skill install j178/prek prek\u003c/code\u003e to install prek skill for agents (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1951\"\u003e#1951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove compatibility and migration docs (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1940\"\u003e#1940\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSync latest identify tags (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1947\"\u003e#1947\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.3.9\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-13.\u003c/p\u003e\n\u003ch3\u003eHighlight\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eprek auto-update\u003c/code\u003e is now stricter about pinned revisions and more useful in CI.\nIt now keeps \u003ccode\u003erev\u003c/code\u003e and \u003ccode\u003e# frozen:\u003c/code\u003e comments in sync, can detect\n\u003ca href=\"https://docs.zizmor.sh/audits/#impostor-commit\"\u003eimpostor commits\u003c/a\u003e when validating pinned SHAs,\nand lets you use \u003ccode\u003eprek auto-update --check\u003c/code\u003e to fail on both available updates and frozen-ref\nmismatches without rewriting the config.\u003c/p\u003e\n\u003cp\u003eExamples:\u003c/p\u003e\n\u003cpre lang=\"console\"\u003e\u003ccode\u003e$ prek auto-update\n# updates revs and repairs stale `# frozen:` comments\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/1981c51f599ed9db4a428eae13e4a8baf0cb0427\"\u003e\u003ccode\u003e1981c51\u003c/code\u003e\u003c/a\u003e Bump version to 0.3.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/ba745f6f407d43e70d2155c7929004a7701ca7e8\"\u003e\u003ccode\u003eba745f6\u003c/code\u003e\u003c/a\u003e Prefer stable Rust toolchains (\u003ca href=\"https://redirect.github.com/j178/prek/issues/1974\"\u003e#1974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/b6c591dbbc4d9917e62b4b6c1dd65419cffeb464\"\u003e\u003ccode\u003eb6c591d\u003c/code\u003e\u003c/a\u003e Reimplement \u003ccode\u003e@j178/prek\u003c/code\u003e npm package (\u003ca href=\"https://redirect.github.com/j178/prek/issues/1973\"\u003e#1973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/fba1c85b1f2ce244e4b491ccaa0edffbdee01348\"\u003e\u003ccode\u003efba1c85\u003c/code\u003e\u003c/a\u003e Keep finished hooks visible (\u003ca href=\"https://redirect.github.com/j178/prek/issues/1967\"\u003e#1967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/bce57a3415d688a9b9d893018348570b381023e3\"\u003e\u003ccode\u003ebce57a3\u003c/code\u003e\u003c/a\u003e Disallow rev for non-remote repos in schema (\u003ca href=\"https://redirect.github.com/j178/prek/issues/1964\"\u003e#1964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/afac10cf3ae355f6e2948c62ec25c54536bea40d\"\u003e\u003ccode\u003eafac10c\u003c/code\u003e\u003c/a\u003e Split \u003ccode\u003eauto_update.rs\u003c/code\u003e into modules (\u003ca href=\"https://redirect.github.com/j178/prek/issues/1962\"\u003e#1962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/c3b9f115dabff92fde388c5edb091a10c00fb18f\"\u003e\u003ccode\u003ec3b9f11\u003c/code\u003e\u003c/a\u003e Update GitHub Actions (major) (\u003ca href=\"https://redirect.github.com/j178/prek/issues/1961\"\u003e#1961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/6ca0443ecca17e8bc6df972740f445dd9795b4bd\"\u003e\u003ccode\u003e6ca0443\u003c/code\u003e\u003c/a\u003e Update Rust crate annotate-snippets to v0.12.15 (\u003ca href=\"https://redirect.github.com/j178/prek/issues/1955\"\u003e#1955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/776277e104a751634711821c10f871a95b5bcd70\"\u003e\u003ccode\u003e776277e\u003c/code\u003e\u003c/a\u003e Update Rust crate tokio to v1.51.1 (\u003ca href=\"https://redirect.github.com/j178/prek/issues/1957\"\u003e#1957\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/c2b445a722db49f6b0dfeee763c19944bc77e757\"\u003e\u003ccode\u003ec2b445a\u003c/code\u003e\u003c/a\u003e Update Rust crate toml_edit to v0.25.11 (\u003ca href=\"https://redirect.github.com/j178/prek/issues/1958\"\u003e#1958\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/j178/prek/compare/v0.3.8...v0.3.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/theseriff/jobify/pull/109","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/theseriff%2Fjobify/issues/109","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/109/packages"},{"uuid":"4362366814","node_id":"PR_kwDORf90e87XUVuB","number":78,"state":"open","title":":dependabot: uv(deps): Bump the minor-and-patch group with 5 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-01T01:55:38.000Z","updated_at":"2026-05-01T01:55:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":":dependabot: uv(deps): Bump","group_name":"minor-and-patch","update_count":5,"packages":[{"name":"authlib","old_version":"1.6.9","new_version":"1.6.11","repository_url":"https://github.com/authlib/authlib"},{"name":"pygithub","old_version":"2.9.0","new_version":"2.9.1","repository_url":"https://github.com/pygithub/pygithub"},{"name":"sentry-sdk","old_version":"2.57.0","new_version":"2.58.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"ruff","old_version":"0.15.10","new_version":"0.15.11","repository_url":"https://github.com/astral-sh/ruff"},{"name":"zizmor","old_version":"1.23.1","new_version":"1.24.1","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps the minor-and-patch group with 5 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.6.9` | `1.6.11` |\n| [pygithub](https://github.com/pygithub/pygithub) | `2.9.0` | `2.9.1` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.57.0` | `2.58.0` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.10` | `0.15.11` |\n| [zizmor](https://github.com/zizmorcore/zizmor) | `1.23.1` | `1.24.1` |\n\nUpdates `authlib` from 1.6.9 to 1.6.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/v1.6.11/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 13, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/ef09aebbba4439dedb22bd15777d1b3458b6f0ab\"\u003e\u003ccode\u003eef09aeb\u003c/code\u003e\u003c/a\u003e chore: release 1.6.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/3be08468201a7766a93012ce149ea12822cab096\"\u003e\u003ccode\u003e3be0846\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...v1.6.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pygithub` from 2.9.0 to 2.9.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pygithub/pygithub/releases\"\u003epygithub's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.9.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix getting release by tag in lazy mode by \u003ca href=\"https://github.com/EnricoMi\"\u003e\u003ccode\u003e@​EnricoMi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyGithub/PyGithub/pull/3469\"\u003ePyGithub/PyGithub#3469\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/PyGithub/PyGithub/compare/v2.9.0...v2.9.1\"\u003ehttps://github.com/PyGithub/PyGithub/compare/v2.9.0...v2.9.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PyGithub/PyGithub/blob/main/doc/changes.rst\"\u003epygithub's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 2.9.1 (April 14, 2026)\u003c/h2\u003e\n\u003cp\u003eBug Fixes\n^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix getting release by tag in lazy mode (\u003ccode\u003e[#3469](https://github.com/pygithub/pygithub/issues/3469) \u0026lt;https://github.com/PyGithub/PyGithub/pull/3469\u0026gt;\u003c/code\u003e\u003cem\u003e) (\u003ccode\u003e7d1ba281e \u0026lt;https://github.com/PyGithub/PyGithub/commit/7d1ba281e\u0026gt;\u003c/code\u003e\u003c/em\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyGithub/PyGithub/commit/73742d410da73e44a477b0e3f05dfba1749022af\"\u003e\u003ccode\u003e73742d4\u003c/code\u003e\u003c/a\u003e Release 2.9.1 (\u003ca href=\"https://redirect.github.com/pygithub/pygithub/issues/3478\"\u003e#3478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyGithub/PyGithub/commit/7d1ba281e4bf02cb6d3772f11b17c7d6088052d8\"\u003e\u003ccode\u003e7d1ba28\u003c/code\u003e\u003c/a\u003e Fix getting release by tag in lazy mode (\u003ca href=\"https://redirect.github.com/pygithub/pygithub/issues/3469\"\u003e#3469\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pygithub/pygithub/compare/v2.9.0...v2.9.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sentry-sdk` from 2.57.0 to 2.58.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-python/releases\"\u003esentry-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.58.0\u003c/h2\u003e\n\u003ch3\u003eNew Features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e(ai) Redact base64 data URLs in image_url content blocks by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5953\"\u003e#5953\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(integrations) Instrument pyreqwest tracing by \u003ca href=\"https://github.com/servusdei2018\"\u003e\u003ccode\u003e@​servusdei2018\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5682\"\u003e#5682\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(litellm) Add async callbacks by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5969\"\u003e#5969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003ch4\u003eAnthropic\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCapture exceptions for \u003ccode\u003estream()\u003c/code\u003e calls by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5950\"\u003e#5950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStop setting transaction status when child span fails by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5717\"\u003e#5717\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly finish relevant spans in .create() patches by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5716\"\u003e#5716\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003ePydantic Ai\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdapt import for new library versions by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5984\"\u003e#5984\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse first-class hooks when available by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5947\"\u003e#5947\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(huggingface_hub) Stop setting transaction status when a child span fails by \u003ca href=\"https://github.com/Zenithatic\"\u003e\u003ccode\u003e@​Zenithatic\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5952\"\u003e#5952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(litellm) Avoid double span exits when streaming by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5933\"\u003e#5933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(wsgi) Respect HTTP_X_FORWARDED_PROTO in request.url construction by \u003ca href=\"https://github.com/sl0thentr0py\"\u003e\u003ccode\u003e@​sl0thentr0py\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5963\"\u003e#5963\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal Changes 🔧\u003c/h3\u003e\n\u003ch4\u003eLitellm\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in rate-limit test by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5975\"\u003e#5975\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in embedding tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5970\"\u003e#5970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in nonstreaming \u003ccode\u003ecompletion()\u003c/code\u003e tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5937\"\u003e#5937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove dead attributes by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5985\"\u003e#5985\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(ai) Remove \u003ccode\u003egen_ai.tool.type\u003c/code\u003e span attribute by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5964\"\u003e#5964\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(anthropic) Separate sync and async .create() patches by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5715\"\u003e#5715\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(openai) Split token counting by API for easier deprecation by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5930\"\u003e#5930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(openai-agents) Remove error attributes by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5986\"\u003e#5986\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(opentelemetry) Ignore mypy error by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5927\"\u003e#5927\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🤖 Update test matrix with new releases (04/13) by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5983\"\u003e#5983\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix license metadata in setup.py by \u003ca href=\"https://github.com/sl0thentr0py\"\u003e\u003ccode\u003e@​sl0thentr0py\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5934\"\u003e#5934\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate validate-pr workflow by \u003ca href=\"https://github.com/stephanie-anderson\"\u003e\u003ccode\u003e@​stephanie-anderson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5931\"\u003e#5931\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eNone\u003c/code\u003e span context in the span processor and pin tokenizers version for anthropic tests on Python 3.8 by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5967\"\u003e#5967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md\"\u003esentry-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.58.0\u003c/h2\u003e\n\u003ch3\u003eNew Features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e(ai) Redact base64 data URLs in image_url content blocks by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5953\"\u003e#5953\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(integrations) Instrument pyreqwest tracing by \u003ca href=\"https://github.com/servusdei2018\"\u003e\u003ccode\u003e@​servusdei2018\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5682\"\u003e#5682\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(litellm) Add async callbacks by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5969\"\u003e#5969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003ch4\u003eAnthropic\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCapture exceptions for \u003ccode\u003estream()\u003c/code\u003e calls by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5950\"\u003e#5950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStop setting transaction status when child span fails by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5717\"\u003e#5717\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly finish relevant spans in .create() patches by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5716\"\u003e#5716\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003ePydantic Ai\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdapt import for new library versions by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5984\"\u003e#5984\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse first-class hooks when available by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5947\"\u003e#5947\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(huggingface_hub) Stop setting transaction status when a child span fails by \u003ca href=\"https://github.com/Zenithatic\"\u003e\u003ccode\u003e@​Zenithatic\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5952\"\u003e#5952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(litellm) Avoid double span exits when streaming by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5933\"\u003e#5933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(wsgi) Respect HTTP_X_FORWARDED_PROTO in request.url construction by \u003ca href=\"https://github.com/sl0thentr0py\"\u003e\u003ccode\u003e@​sl0thentr0py\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5963\"\u003e#5963\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal Changes 🔧\u003c/h3\u003e\n\u003ch4\u003eLitellm\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in rate-limit test by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5975\"\u003e#5975\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in embedding tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5970\"\u003e#5970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in nonstreaming \u003ccode\u003ecompletion()\u003c/code\u003e tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5937\"\u003e#5937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove dead attributes by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5985\"\u003e#5985\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(ai) Remove \u003ccode\u003egen_ai.tool.type\u003c/code\u003e span attribute by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5964\"\u003e#5964\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(anthropic) Separate sync and async .create() patches by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5715\"\u003e#5715\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(openai) Split token counting by API for easier deprecation by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5930\"\u003e#5930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(openai-agents) Remove error attributes by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5986\"\u003e#5986\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(opentelemetry) Ignore mypy error by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5927\"\u003e#5927\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🤖 Update test matrix with new releases (04/13) by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5983\"\u003e#5983\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix license metadata in setup.py by \u003ca href=\"https://github.com/sl0thentr0py\"\u003e\u003ccode\u003e@​sl0thentr0py\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5934\"\u003e#5934\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate validate-pr workflow by \u003ca href=\"https://github.com/stephanie-anderson\"\u003e\u003ccode\u003e@​stephanie-anderson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5931\"\u003e#5931\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eNone\u003c/code\u003e span context in the span processor and pin tokenizers version for anthropic tests on Python 3.8 by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5967\"\u003e#5967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/ce445d96977ec083b97495c917aa0c3ce453689d\"\u003e\u003ccode\u003ece445d9\u003c/code\u003e\u003c/a\u003e release: 2.58.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/c0c0e9cfc8536f0d9ba22925e4bea17034138cd0\"\u003e\u003ccode\u003ec0c0e9c\u003c/code\u003e\u003c/a\u003e feat(litellm): Add async callbacks (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5969\"\u003e#5969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/ea74b63881d2cf1d71130a8b6ef4dfff4e4cd337\"\u003e\u003ccode\u003eea74b63\u003c/code\u003e\u003c/a\u003e test(litellm): Replace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in rate-limit test (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5975\"\u003e#5975\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/06ed1bca2f9302055ba43dc058f5afcc731b8d79\"\u003e\u003ccode\u003e06ed1bc\u003c/code\u003e\u003c/a\u003e test(litellm): Replace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in embedding tests (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5970\"\u003e#5970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/66ef2e6976a1ae86e97aca08cbc806f9e579f324\"\u003e\u003ccode\u003e66ef2e6\u003c/code\u003e\u003c/a\u003e test(litellm): Replace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in nonstreaming `completion()...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/96ebbf67d91146ebb30be6e0898a637ea6c2c697\"\u003e\u003ccode\u003e96ebbf6\u003c/code\u003e\u003c/a\u003e fix(litellm): Avoid double span exits when streaming (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5933\"\u003e#5933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/7e22b5dc3447a5bee71574a5c22934e5aa8a7642\"\u003e\u003ccode\u003e7e22b5d\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/github-script from 8.0.0 to 9.0.0 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5979\"\u003e#5979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/35151a90a98affa0d72f7cb8b314a8fb54ac8b51\"\u003e\u003ccode\u003e35151a9\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5980\"\u003e#5980\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/d1c5b53096e76353e2aa3ffdd8a845f38bb04bb6\"\u003e\u003ccode\u003ed1c5b53\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5981\"\u003e#5981\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/e255aafa913955eed43333aa204f1476d9dc1ff2\"\u003e\u003ccode\u003ee255aaf\u003c/code\u003e\u003c/a\u003e build(deps): bump getsentry/testing-ai-sdk-integrations from 6b1f51ec8af03e19...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getsentry/sentry-python/compare/2.57.0...2.58.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.10 to 0.15.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.11\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-16.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Ignore \u003ccode\u003eRUF029\u003c/code\u003e when function is decorated with \u003ccode\u003easynccontextmanager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24642\"\u003e#24642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-xcom-pull-in-template-string\u003c/code\u003e (\u003ccode\u003eAIR201\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23583\"\u003e#23583\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-bandit\u003c/code\u003e] Fix \u003ccode\u003eS103\u003c/code\u003e false positives and negatives in mask analysis (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24424\"\u003e#24424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-async\u003c/code\u003e] Omit overridden methods for \u003ccode\u003eASYNC109\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24648\"\u003e#24648\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-async\u003c/code\u003e] Add override mention to \u003ccode\u003eASYNC109\u003c/code\u003e docs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24666\"\u003e#24666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Neovim config examples to use \u003ccode\u003evim.lsp.config\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24577\"\u003e#24577\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/augustelalande\"\u003e\u003ccode\u003e@​augustelalande\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benberryallwood\"\u003e\u003ccode\u003e@​benberryallwood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charliermarsh\"\u003e\u003ccode\u003e@​charliermarsh\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Dev-iL\"\u003e\u003ccode\u003e@​Dev-iL\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall ruff 0.15.11\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via powershell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003epowershell -ExecutionPolicy Bypass -c \u0026quot;irm https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.ps1 | iex\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eDownload ruff 0.15.11\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eFile\u003c/th\u003e\n\u003cth\u003ePlatform\u003c/th\u003e\n\u003cth\u003eChecksum\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-aarch64-apple-darwin.tar.gz\"\u003eruff-aarch64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eApple Silicon macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-aarch64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-x86_64-apple-darwin.tar.gz\"\u003eruff-x86_64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eIntel macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-x86_64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-aarch64-pc-windows-msvc.zip\"\u003eruff-aarch64-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-aarch64-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-i686-pc-windows-msvc.zip\"\u003eruff-i686-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex86 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-i686-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.11\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-16.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Ignore \u003ccode\u003eRUF029\u003c/code\u003e when function is decorated with \u003ccode\u003easynccontextmanager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24642\"\u003e#24642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-xcom-pull-in-template-string\u003c/code\u003e (\u003ccode\u003eAIR201\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23583\"\u003e#23583\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-bandit\u003c/code\u003e] Fix \u003ccode\u003eS103\u003c/code\u003e false positives and negatives in mask analysis (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24424\"\u003e#24424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-async\u003c/code\u003e] Omit overridden methods for \u003ccode\u003eASYNC109\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24648\"\u003e#24648\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-async\u003c/code\u003e] Add override mention to \u003ccode\u003eASYNC109\u003c/code\u003e docs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24666\"\u003e#24666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Neovim config examples to use \u003ccode\u003evim.lsp.config\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24577\"\u003e#24577\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/augustelalande\"\u003e\u003ccode\u003e@​augustelalande\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benberryallwood\"\u003e\u003ccode\u003e@​benberryallwood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charliermarsh\"\u003e\u003ccode\u003e@​charliermarsh\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Dev-iL\"\u003e\u003ccode\u003e@​Dev-iL\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/53554b1cfe837f2eb992a81794480699478f1116\"\u003e\u003ccode\u003e53554b1\u003c/code\u003e\u003c/a\u003e Bump 0.15.11 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24678\"\u003e#24678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/08c56c83cffbb1025cbf5bdede6c6d8be591cf47\"\u003e\u003ccode\u003e08c56c8\u003c/code\u003e\u003c/a\u003e Factor out the \u003ccode\u003emdtest\u003c/code\u003e crate (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24616\"\u003e#24616\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/725fbb736d2a999971449b61190b914abd26102a\"\u003e\u003ccode\u003e725fbb7\u003c/code\u003e\u003c/a\u003e [ty] Use partially qualified names when reporting diagnostics regarding bad c...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/ddd6a30ff5fa27694dc1c50d0749885a1519d0a7\"\u003e\u003ccode\u003eddd6a30\u003c/code\u003e\u003c/a\u003e [ty] Do not suggest argument completion when at value of keyword argument (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/2\"\u003e#2\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9282e61d482a36da08d66bb8271afeef50b3bc45\"\u003e\u003ccode\u003e9282e61\u003c/code\u003e\u003c/a\u003e Disallow \u003ca href=\"https://github.com/disjoint\"\u003e\u003ccode\u003e@​disjoint\u003c/code\u003e\u003c/a\u003e_base on TypedDicts and Protocols (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24671\"\u003e#24671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/e9986d8e3008eefe2e387312c4dc8b9c60f6f362\"\u003e\u003ccode\u003ee9986d8\u003c/code\u003e\u003c/a\u003e [ty] Reject using properties with \u003ccode\u003eNever\u003c/code\u003e setters or deleters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24510\"\u003e#24510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9cf212ff82f7b66b4a275ad6a9b1564aee1fa4a8\"\u003e\u003ccode\u003e9cf212f\u003c/code\u003e\u003c/a\u003e [ty] Normalize property setter and deleter wrappers (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24509\"\u003e#24509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/12a1589de4d7120cf99441ee4c14871bdc20968d\"\u003e\u003ccode\u003e12a1589\u003c/code\u003e\u003c/a\u003e Add override mention to ASYNC109 docs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24666\"\u003e#24666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/dccb03d010f4442ed60624f8d2ba932706abaabb\"\u003e\u003ccode\u003edccb03d\u003c/code\u003e\u003c/a\u003e [ty] Avoid panicking on overloaded \u003ccode\u003eCallable\u003c/code\u003e type context (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24661\"\u003e#24661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/61f9a0a5763fb068cd2f26c0ee9d63a277fb26c2\"\u003e\u003ccode\u003e61f9a0a\u003c/code\u003e\u003c/a\u003e [ty] Sync vendored typeshed stubs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24646\"\u003e#24646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.10...0.15.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmor` from 1.23.1 to 1.24.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.24.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#ref-version-mismatch\"\u003eref-version-mismatch\u003c/a\u003e audit would incorrectly flag some version comments as not containing an appropriate version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1900\"\u003e#1900\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.24.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ezizmor now allows users to audit from stdin, by passing zizmor - (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1611\"\u003e#1611\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#use-trusted-publishing\"\u003euse-trusted-publishing\u003c/a\u003e audit now detects bun publish and bunx npm publish patterns (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1737\"\u003e#1737\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's CLI help and usage output now uses a custom color scheme for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1747\"\u003e#1747\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#secrets-outside-env\"\u003esecrets-outside-env\u003c/a\u003e audit is now configurable with an allowlist of secret names that should not be flagged, even when referenced outside of an environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1759\"\u003e#1759\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/rmuir\"\u003e\u003ccode\u003e@​rmuir\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#dependabot-cooldown\"\u003edependabot-cooldown\u003c/a\u003e audit now emits a pedantic finding whenever it encounters a cooldown used with a multi-ecosystem-group, as the two do not interact well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh release upload as a replacement for \u003ca href=\"https://github.com/svenstaro/upload-release-action\"\u003esvenstaro/upload-release-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1801\"\u003e#1801\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue create as a replacement for \u003ca href=\"https://github.com/dacbd/create-issue-action\"\u003edacbd/create-issue-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1873\"\u003e#1873\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit now emits a finding for with: ${{ expr }} clauses cannot be analyzed (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1772\"\u003e#1772\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor --help is now rendered with option groups for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1831\"\u003e#1831\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/deckstose\"\u003e\u003ccode\u003e@​deckstose\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's SARIF output now uses codeflows instead of related locations, improving its rendering behavior on GitHub Advanced Security (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#ref-version-mismatch\"\u003eref-version-mismatch\u003c/a\u003e audit now uses a more useful audit description for its findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-images\"\u003eunpinned-images\u003c/a\u003e audit now produces more precise findings for image references that are computed through expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1756\"\u003e#1756\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/miketheman\"\u003e\u003ccode\u003e@​miketheman\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#ref-version-mismatch\"\u003eref-version-mismatch\u003c/a\u003e audit now detects missing version comments as well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1849\"\u003e#1849\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#concurrency-limits\"\u003econcurrency-limits\u003c/a\u003e audit reported findings at the job level instead of the workflow level (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1627\"\u003e#1627\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.24.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the [ref-version-mismatch] audit would incorrectly flag\nsome version comments as not containing an appropriate version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1900\"\u003e#1900\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.24.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ezizmor\u003c/code\u003e now allows users to audit from stdin, by passing \u003ccode\u003ezizmor -\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1611\"\u003e#1611\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [use-trusted-publishing] audit now detects \u003ccode\u003ebun publish\u003c/code\u003e and \u003ccode\u003ebunx npm publish\u003c/code\u003e\npatterns (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1737\"\u003e#1737\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e's CLI help and usage output now uses a custom color scheme for\nimproved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1747\"\u003e#1747\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [secrets-outside-env] audit is now configurable with an allowlist of\nsecret names that should not be flagged, even when referenced outside of\nan environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1759\"\u003e#1759\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/rmuir\"\u003e\u003ccode\u003e@​rmuir\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [dependabot-cooldown] audit now emits a pedantic finding whenever\nit encounters a cooldown used with a multi-ecosystem-group, as the two\ndo not interact well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh release upload\u003c/code\u003e as a replacement for \u003ccode\u003e@​svenstaro/upload-release-action\u003c/code\u003e in\n[superfluous-actions] (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1801\"\u003e#1801\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh issue create\u003c/code\u003e as a replacement for \u003ccode\u003e@​dacbd/create-issue-action\u003c/code\u003e in\n[superfluous-actions] (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1873\"\u003e#1873\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [obfuscation] audit now emits a finding for \u003ccode\u003ewith: ${{ expr }}\u003c/code\u003e\nclauses cannot be analyzed (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1772\"\u003e#1772\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor --help\u003c/code\u003e is now rendered with option groups for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1831\"\u003e#1831\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/deckstose\"\u003e\u003ccode\u003e@​deckstose\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's SARIF output now uses codeflows instead of related locations,\nimproving its rendering behavior on GitHub Advanced Security (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [ref-version-mismatch] audit now uses a more useful audit description\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/2eaf42bcccfed62978cee0905902acbc294d5123\"\u003e\u003ccode\u003e2eaf42b\u003c/code\u003e\u003c/a\u003e ref-version-mismatch: handle version comments without v prefix (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1900\"\u003e#1900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/a3b72b8f26946fd057c016d5ec83b77cc4cfdad2\"\u003e\u003ccode\u003ea3b72b8\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1897\"\u003e#1897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/d5aba605f4267b96e34775de183955ff0a3197ad\"\u003e\u003ccode\u003ed5aba60\u003c/code\u003e\u003c/a\u003e zizmor v1.24.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1890\"\u003e#1890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/1e762ac3c0354d68ddcac0ccc0af6879e8b38aa6\"\u003e\u003ccode\u003e1e762ac\u003c/code\u003e\u003c/a\u003e zizmor v1.24.0-rc3 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1889\"\u003e#1889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/b79c9dc84c096d6c7becabd9581c61c9347bf4f7\"\u003e\u003ccode\u003eb79c9dc\u003c/code\u003e\u003c/a\u003e Fix release CI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1888\"\u003e#1888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/eb113ad5c5f8c25c79dd0b4705d420096a35ba2d\"\u003e\u003ccode\u003eeb113ad\u003c/code\u003e\u003c/a\u003e Unify crate versions and publishing (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1887\"\u003e#1887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/91bcb96244214bea0d62982fba3bc825f9604af9\"\u003e\u003ccode\u003e91bcb96\u003c/code\u003e\u003c/a\u003e Use the GitHub client's host correctly in two more places (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1881\"\u003e#1881\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/3ed8316a1ce22a3f9c887c1021992ca19d31dce4\"\u003e\u003ccode\u003e3ed8316\u003c/code\u003e\u003c/a\u003e chore: use \u003ccode\u003etracing\u003c/code\u003e for printing the welcome message (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1886\"\u003e#1886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/484acedf381a7553f663309b44def3b7953fb4d8\"\u003e\u003ccode\u003e484aced\u003c/code\u003e\u003c/a\u003e feat(ref-version-mismatch): detect missing version comments on SHA-pinned act...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/7ee374f5db0b69b96ef4f7ba89d0c33c8a93a7ba\"\u003e\u003ccode\u003e7ee374f\u003c/code\u003e\u003c/a\u003e KATs for GitHub Actions expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1857\"\u003e#1857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.23.1...v1.24.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/ministryofjustice/modernisation-platform-ui/pull/78","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fmodernisation-platform-ui/issues/78","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/78/packages"},{"uuid":"4339686294","node_id":"PR_kwDONnZYsM7WKAVQ","number":417,"state":"open","title":":dependabot: uv(deps): Bump the minor-and-patch group with 3 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-28T00:27:26.000Z","updated_at":"2026-05-05T02:09:56.067Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":":dependabot: uv(deps): Bump","group_name":"minor-and-patch","update_count":3,"packages":[{"name":"sentry-sdk","old_version":"2.57.0","new_version":"2.58.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"ruff","old_version":"0.15.9","new_version":"0.15.10","repository_url":"https://github.com/astral-sh/ruff"},{"name":"zizmor","old_version":"1.23.1","new_version":"1.24.1","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps the minor-and-patch group with 3 updates: [sentry-sdk](https://github.com/getsentry/sentry-python), [ruff](https://github.com/astral-sh/ruff) and [zizmor](https://github.com/zizmorcore/zizmor).\n\nUpdates `sentry-sdk` from 2.57.0 to 2.58.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-python/releases\"\u003esentry-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.58.0\u003c/h2\u003e\n\u003ch3\u003eNew Features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e(ai) Redact base64 data URLs in image_url content blocks by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5953\"\u003e#5953\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(integrations) Instrument pyreqwest tracing by \u003ca href=\"https://github.com/servusdei2018\"\u003e\u003ccode\u003e@​servusdei2018\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5682\"\u003e#5682\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(litellm) Add async callbacks by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5969\"\u003e#5969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003ch4\u003eAnthropic\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCapture exceptions for \u003ccode\u003estream()\u003c/code\u003e calls by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5950\"\u003e#5950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStop setting transaction status when child span fails by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5717\"\u003e#5717\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly finish relevant spans in .create() patches by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5716\"\u003e#5716\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003ePydantic Ai\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdapt import for new library versions by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5984\"\u003e#5984\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse first-class hooks when available by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5947\"\u003e#5947\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(huggingface_hub) Stop setting transaction status when a child span fails by \u003ca href=\"https://github.com/Zenithatic\"\u003e\u003ccode\u003e@​Zenithatic\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5952\"\u003e#5952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(litellm) Avoid double span exits when streaming by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5933\"\u003e#5933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(wsgi) Respect HTTP_X_FORWARDED_PROTO in request.url construction by \u003ca href=\"https://github.com/sl0thentr0py\"\u003e\u003ccode\u003e@​sl0thentr0py\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5963\"\u003e#5963\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal Changes 🔧\u003c/h3\u003e\n\u003ch4\u003eLitellm\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in rate-limit test by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5975\"\u003e#5975\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in embedding tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5970\"\u003e#5970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in nonstreaming \u003ccode\u003ecompletion()\u003c/code\u003e tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5937\"\u003e#5937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove dead attributes by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5985\"\u003e#5985\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(ai) Remove \u003ccode\u003egen_ai.tool.type\u003c/code\u003e span attribute by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5964\"\u003e#5964\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(anthropic) Separate sync and async .create() patches by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5715\"\u003e#5715\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(openai) Split token counting by API for easier deprecation by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5930\"\u003e#5930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(openai-agents) Remove error attributes by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5986\"\u003e#5986\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(opentelemetry) Ignore mypy error by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5927\"\u003e#5927\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🤖 Update test matrix with new releases (04/13) by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5983\"\u003e#5983\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix license metadata in setup.py by \u003ca href=\"https://github.com/sl0thentr0py\"\u003e\u003ccode\u003e@​sl0thentr0py\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5934\"\u003e#5934\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate validate-pr workflow by \u003ca href=\"https://github.com/stephanie-anderson\"\u003e\u003ccode\u003e@​stephanie-anderson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5931\"\u003e#5931\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eNone\u003c/code\u003e span context in the span processor and pin tokenizers version for anthropic tests on Python 3.8 by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5967\"\u003e#5967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md\"\u003esentry-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.58.0\u003c/h2\u003e\n\u003ch3\u003eNew Features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e(ai) Redact base64 data URLs in image_url content blocks by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5953\"\u003e#5953\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(integrations) Instrument pyreqwest tracing by \u003ca href=\"https://github.com/servusdei2018\"\u003e\u003ccode\u003e@​servusdei2018\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5682\"\u003e#5682\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(litellm) Add async callbacks by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5969\"\u003e#5969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003ch4\u003eAnthropic\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCapture exceptions for \u003ccode\u003estream()\u003c/code\u003e calls by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5950\"\u003e#5950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStop setting transaction status when child span fails by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5717\"\u003e#5717\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly finish relevant spans in .create() patches by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5716\"\u003e#5716\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003ePydantic Ai\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdapt import for new library versions by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5984\"\u003e#5984\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse first-class hooks when available by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5947\"\u003e#5947\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(huggingface_hub) Stop setting transaction status when a child span fails by \u003ca href=\"https://github.com/Zenithatic\"\u003e\u003ccode\u003e@​Zenithatic\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5952\"\u003e#5952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(litellm) Avoid double span exits when streaming by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5933\"\u003e#5933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(wsgi) Respect HTTP_X_FORWARDED_PROTO in request.url construction by \u003ca href=\"https://github.com/sl0thentr0py\"\u003e\u003ccode\u003e@​sl0thentr0py\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5963\"\u003e#5963\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal Changes 🔧\u003c/h3\u003e\n\u003ch4\u003eLitellm\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in rate-limit test by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5975\"\u003e#5975\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in embedding tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5970\"\u003e#5970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in nonstreaming \u003ccode\u003ecompletion()\u003c/code\u003e tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5937\"\u003e#5937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove dead attributes by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5985\"\u003e#5985\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(ai) Remove \u003ccode\u003egen_ai.tool.type\u003c/code\u003e span attribute by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5964\"\u003e#5964\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(anthropic) Separate sync and async .create() patches by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5715\"\u003e#5715\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(openai) Split token counting by API for easier deprecation by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5930\"\u003e#5930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(openai-agents) Remove error attributes by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5986\"\u003e#5986\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(opentelemetry) Ignore mypy error by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5927\"\u003e#5927\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🤖 Update test matrix with new releases (04/13) by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5983\"\u003e#5983\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix license metadata in setup.py by \u003ca href=\"https://github.com/sl0thentr0py\"\u003e\u003ccode\u003e@​sl0thentr0py\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5934\"\u003e#5934\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate validate-pr workflow by \u003ca href=\"https://github.com/stephanie-anderson\"\u003e\u003ccode\u003e@​stephanie-anderson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5931\"\u003e#5931\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eNone\u003c/code\u003e span context in the span processor and pin tokenizers version for anthropic tests on Python 3.8 by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5967\"\u003e#5967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/ce445d96977ec083b97495c917aa0c3ce453689d\"\u003e\u003ccode\u003ece445d9\u003c/code\u003e\u003c/a\u003e release: 2.58.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/c0c0e9cfc8536f0d9ba22925e4bea17034138cd0\"\u003e\u003ccode\u003ec0c0e9c\u003c/code\u003e\u003c/a\u003e feat(litellm): Add async callbacks (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5969\"\u003e#5969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/ea74b63881d2cf1d71130a8b6ef4dfff4e4cd337\"\u003e\u003ccode\u003eea74b63\u003c/code\u003e\u003c/a\u003e test(litellm): Replace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in rate-limit test (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5975\"\u003e#5975\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/06ed1bca2f9302055ba43dc058f5afcc731b8d79\"\u003e\u003ccode\u003e06ed1bc\u003c/code\u003e\u003c/a\u003e test(litellm): Replace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in embedding tests (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5970\"\u003e#5970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/66ef2e6976a1ae86e97aca08cbc806f9e579f324\"\u003e\u003ccode\u003e66ef2e6\u003c/code\u003e\u003c/a\u003e test(litellm): Replace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in nonstreaming `completion()...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/96ebbf67d91146ebb30be6e0898a637ea6c2c697\"\u003e\u003ccode\u003e96ebbf6\u003c/code\u003e\u003c/a\u003e fix(litellm): Avoid double span exits when streaming (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5933\"\u003e#5933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/7e22b5dc3447a5bee71574a5c22934e5aa8a7642\"\u003e\u003ccode\u003e7e22b5d\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/github-script from 8.0.0 to 9.0.0 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5979\"\u003e#5979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/35151a90a98affa0d72f7cb8b314a8fb54ac8b51\"\u003e\u003ccode\u003e35151a9\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5980\"\u003e#5980\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/d1c5b53096e76353e2aa3ffdd8a845f38bb04bb6\"\u003e\u003ccode\u003ed1c5b53\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5981\"\u003e#5981\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/e255aafa913955eed43333aa204f1476d9dc1ff2\"\u003e\u003ccode\u003ee255aaf\u003c/code\u003e\u003c/a\u003e build(deps): bump getsentry/testing-ai-sdk-integrations from 6b1f51ec8af03e19...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getsentry/sentry-python/compare/2.57.0...2.58.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.9 to 0.15.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.10\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-09.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-logging\u003c/code\u003e] Allow closures in except handlers (\u003ccode\u003eLOG004\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24464\"\u003e#24464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-self\u003c/code\u003e] Make \u003ccode\u003eSLF\u003c/code\u003e diagnostics robust to non-self-named variables (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24281\"\u003e#24281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e] Make the fix for \u003ccode\u003ecollapsible-if\u003c/code\u003e safe in \u003ccode\u003epreview\u003c/code\u003e (\u003ccode\u003eSIM102\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24371\"\u003e#24371\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid emitting multi-line f-string elements before Python 3.12 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24377\"\u003e#24377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid syntax error from \u003ccode\u003eE502\u003c/code\u003e fixes in f-strings and t-strings (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24410\"\u003e#24410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eStrip form feeds from indent passed to \u003ccode\u003ededent_to\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24381\"\u003e#24381\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Fix panic caused by handling of octals (\u003ccode\u003eUP012\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24390\"\u003e#24390\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReject multi-line f-string elements before Python 3.12 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24355\"\u003e#24355\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Treat f-string interpolation as potential side effect (\u003ccode\u003eRUF019\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24426\"\u003e#24426\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eServer\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for custom file extensions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24463\"\u003e#24463\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocument adding fixes in CONTRIBUTING.md (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24393\"\u003e#24393\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix JSON typo in settings example (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24517\"\u003e#24517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charliermarsh\"\u003e\u003ccode\u003e@​charliermarsh\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dylwil3\"\u003e\u003ccode\u003e@​dylwil3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/silverstein\"\u003e\u003ccode\u003e@​silverstein\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shizukushq\"\u003e\u003ccode\u003e@​shizukushq\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zanieb\"\u003e\u003ccode\u003e@​zanieb\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall ruff 0.15.10\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.10/ruff-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.10\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-09.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-logging\u003c/code\u003e] Allow closures in except handlers (\u003ccode\u003eLOG004\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24464\"\u003e#24464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-self\u003c/code\u003e] Make \u003ccode\u003eSLF\u003c/code\u003e diagnostics robust to non-self-named variables (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24281\"\u003e#24281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e] Make the fix for \u003ccode\u003ecollapsible-if\u003c/code\u003e safe in \u003ccode\u003epreview\u003c/code\u003e (\u003ccode\u003eSIM102\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24371\"\u003e#24371\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid emitting multi-line f-string elements before Python 3.12 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24377\"\u003e#24377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid syntax error from \u003ccode\u003eE502\u003c/code\u003e fixes in f-strings and t-strings (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24410\"\u003e#24410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eStrip form feeds from indent passed to \u003ccode\u003ededent_to\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24381\"\u003e#24381\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Fix panic caused by handling of octals (\u003ccode\u003eUP012\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24390\"\u003e#24390\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReject multi-line f-string elements before Python 3.12 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24355\"\u003e#24355\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Treat f-string interpolation as potential side effect (\u003ccode\u003eRUF019\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24426\"\u003e#24426\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eServer\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for custom file extensions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24463\"\u003e#24463\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocument adding fixes in CONTRIBUTING.md (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24393\"\u003e#24393\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix JSON typo in settings example (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24517\"\u003e#24517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charliermarsh\"\u003e\u003ccode\u003e@​charliermarsh\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dylwil3\"\u003e\u003ccode\u003e@​dylwil3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/silverstein\"\u003e\u003ccode\u003e@​silverstein\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shizukushq\"\u003e\u003ccode\u003e@​shizukushq\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zanieb\"\u003e\u003ccode\u003e@​zanieb\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/252f76102a618bff6537b6c53c316ca3837f4abf\"\u003e\u003ccode\u003e252f761\u003c/code\u003e\u003c/a\u003e Bump 0.15.10 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24519\"\u003e#24519\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/37a1ec8bb8e30955787b0cdf6e97f7f2254dba7f\"\u003e\u003ccode\u003e37a1ec8\u003c/code\u003e\u003c/a\u003e [ty] Fix assignability of intersections with bounded typevars (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24502\"\u003e#24502\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/f518cc9ca0c830773dd49c3964eb5e49d52c8aed\"\u003e\u003ccode\u003ef518cc9\u003c/code\u003e\u003c/a\u003e [ty] Allow partially stringified \u003ccode\u003etype[…]\u003c/code\u003e annotations (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24518\"\u003e#24518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/16c4090d0a711b9c0523b932014f3daf140f35bc\"\u003e\u003ccode\u003e16c4090\u003c/code\u003e\u003c/a\u003e docs: fix JSON typo in settings example (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24517\"\u003e#24517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/99d97bd72f1934ac2af93e52468c10ef1c7a1a4e\"\u003e\u003ccode\u003e99d97bd\u003c/code\u003e\u003c/a\u003e [ty] Tighten up a few edge cases in \u003ccode\u003eConcatenate\u003c/code\u003e type-expression parsing (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/2\"\u003e#2\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2714e345bdd64a5baae3844c0d25db7b0b9fe330\"\u003e\u003ccode\u003e2714e34\u003c/code\u003e\u003c/a\u003e [ty] Enable \u003ccode\u003epull-diagnostics\u003c/code\u003e by default in E2E tests (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24516\"\u003e#24516\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/d8bc700722ab1b7272a4d724839da7c569b349d4\"\u003e\u003ccode\u003ed8bc700\u003c/code\u003e\u003c/a\u003e LSP: Add support for custom extensions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24463\"\u003e#24463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/a45f96d65dbd4f958b07accd718f8d2af48cb956\"\u003e\u003ccode\u003ea45f96d\u003c/code\u003e\u003c/a\u003e [ty] stop special-casing str constructor (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24514\"\u003e#24514\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/87a0f01cfd016e0297ef05ab638cde006bf8d947\"\u003e\u003ccode\u003e87a0f01\u003c/code\u003e\u003c/a\u003e [ruff] Treat f-string interpolation as potential side effect in RUF019 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24426\"\u003e#24426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/e9ba8489b8d1f1fd5fd66887a74d5f2f58f733d4\"\u003e\u003ccode\u003ee9ba848\u003c/code\u003e\u003c/a\u003e [ty] Fix excess subscript argument inference for non-generic types (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24354\"\u003e#24354\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.9...0.15.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmor` from 1.23.1 to 1.24.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.24.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#ref-version-mismatch\"\u003eref-version-mismatch\u003c/a\u003e audit would incorrectly flag some version comments as not containing an appropriate version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1900\"\u003e#1900\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.24.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ezizmor now allows users to audit from stdin, by passing zizmor - (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1611\"\u003e#1611\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#use-trusted-publishing\"\u003euse-trusted-publishing\u003c/a\u003e audit now detects bun publish and bunx npm publish patterns (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1737\"\u003e#1737\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's CLI help and usage output now uses a custom color scheme for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1747\"\u003e#1747\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#secrets-outside-env\"\u003esecrets-outside-env\u003c/a\u003e audit is now configurable with an allowlist of secret names that should not be flagged, even when referenced outside of an environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1759\"\u003e#1759\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/rmuir\"\u003e\u003ccode\u003e@​rmuir\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#dependabot-cooldown\"\u003edependabot-cooldown\u003c/a\u003e audit now emits a pedantic finding whenever it encounters a cooldown used with a multi-ecosystem-group, as the two do not interact well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh release upload as a replacement for \u003ca href=\"https://github.com/svenstaro/upload-release-action\"\u003esvenstaro/upload-release-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1801\"\u003e#1801\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue create as a replacement for \u003ca href=\"https://github.com/dacbd/create-issue-action\"\u003edacbd/create-issue-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1873\"\u003e#1873\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit now emits a finding for with: ${{ expr }} clauses cannot be analyzed (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1772\"\u003e#1772\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor --help is now rendered with option groups for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1831\"\u003e#1831\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/deckstose\"\u003e\u003ccode\u003e@​deckstose\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's SARIF output now uses codeflows instead of related locations, improving its rendering behavior on GitHub Advanced Security (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#ref-version-mismatch\"\u003eref-version-mismatch\u003c/a\u003e audit now uses a more useful audit description for its findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-images\"\u003eunpinned-images\u003c/a\u003e audit now produces more precise findings for image references that are computed through expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1756\"\u003e#1756\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/miketheman\"\u003e\u003ccode\u003e@​miketheman\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#ref-version-mismatch\"\u003eref-version-mismatch\u003c/a\u003e audit now detects missing version comments as well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1849\"\u003e#1849\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#concurrency-limits\"\u003econcurrency-limits\u003c/a\u003e audit reported findings at the job level instead of the workflow level (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1627\"\u003e#1627\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.24.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the [ref-version-mismatch] audit would incorrectly flag\nsome version comments as not containing an appropriate version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1900\"\u003e#1900\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.24.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ezizmor\u003c/code\u003e now allows users to audit from stdin, by passing \u003ccode\u003ezizmor -\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1611\"\u003e#1611\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [use-trusted-publishing] audit now detects \u003ccode\u003ebun publish\u003c/code\u003e and \u003ccode\u003ebunx npm publish\u003c/code\u003e\npatterns (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1737\"\u003e#1737\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e's CLI help and usage output now uses a custom color scheme for\nimproved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1747\"\u003e#1747\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [secrets-outside-env] audit is now configurable with an allowlist of\nsecret names that should not be flagged, even when referenced outside of\nan environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1759\"\u003e#1759\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/rmuir\"\u003e\u003ccode\u003e@​rmuir\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [dependabot-cooldown] audit now emits a pedantic finding whenever\nit encounters a cooldown used with a multi-ecosystem-group, as the two\ndo not interact well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh release upload\u003c/code\u003e as a replacement for \u003ccode\u003e@​svenstaro/upload-release-action\u003c/code\u003e in\n[superfluous-actions] (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1801\"\u003e#1801\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh issue create\u003c/code\u003e as a replacement for \u003ccode\u003e@​dacbd/create-issue-action\u003c/code\u003e in\n[superfluous-actions] (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1873\"\u003e#1873\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [obfuscation] audit now emits a finding for \u003ccode\u003ewith: ${{ expr }}\u003c/code\u003e\nclauses cannot be analyzed (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1772\"\u003e#1772\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor --help\u003c/code\u003e is now rendered with option groups for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1831\"\u003e#1831\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/deckstose\"\u003e\u003ccode\u003e@​deckstose\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's SARIF output now uses codeflows instead of related locations,\nimproving its rendering behavior on GitHub Advanced Security (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [ref-version-mismatch] audit now uses a more useful audit description\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/2eaf42bcccfed62978cee0905902acbc294d5123\"\u003e\u003ccode\u003e2eaf42b\u003c/code\u003e\u003c/a\u003e ref-version-mismatch: handle version comments without v prefix (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1900\"\u003e#1900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/a3b72b8f26946fd057c016d5ec83b77cc4cfdad2\"\u003e\u003ccode\u003ea3b72b8\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1897\"\u003e#1897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/d5aba605f4267b96e34775de183955ff0a3197ad\"\u003e\u003ccode\u003ed5aba60\u003c/code\u003e\u003c/a\u003e zizmor v1.24.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1890\"\u003e#1890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/1e762ac3c0354d68ddcac0ccc0af6879e8b38aa6\"\u003e\u003ccode\u003e1e762ac\u003c/code\u003e\u003c/a\u003e zizmor v1.24.0-rc3 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1889\"\u003e#1889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/b79c9dc84c096d6c7becabd9581c61c9347bf4f7\"\u003e\u003ccode\u003eb79c9dc\u003c/code\u003e\u003c/a\u003e Fix release CI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1888\"\u003e#1888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/eb113ad5c5f8c25c79dd0b4705d420096a35ba2d\"\u003e\u003ccode\u003eeb113ad\u003c/code\u003e\u003c/a\u003e Unify crate versions and publishing (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1887\"\u003e#1887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/91bcb96244214bea0d62982fba3bc825f9604af9\"\u003e\u003ccode\u003e91bcb96\u003c/code\u003e\u003c/a\u003e Use the GitHub client's host correctly in two more places (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1881\"\u003e#1881\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/3ed8316a1ce22a3f9c887c1021992ca19d31dce4\"\u003e\u003ccode\u003e3ed8316\u003c/code\u003e\u003c/a\u003e chore: use \u003ccode\u003etracing\u003c/code\u003e for printing the welcome message (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1886\"\u003e#1886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/484acedf381a7553f663309b44def3b7953fb4d8\"\u003e\u003ccode\u003e484aced\u003c/code\u003e\u003c/a\u003e feat(ref-version-mismatch): detect missing version comments on SHA-pinned act...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/7ee374f5db0b69b96ef4f7ba89d0c33c8a93a7ba\"\u003e\u003ccode\u003e7ee374f\u003c/code\u003e\u003c/a\u003e KATs for GitHub Actions expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1857\"\u003e#1857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.23.1...v1.24.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/ministryofjustice/github-community/pull/417","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fgithub-community/issues/417","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/417/packages"},{"uuid":"4293963388","node_id":"PR_kwDOFddX-M7T3DdO","number":2214,"state":"open","title":"chore: (deps-dev): update zizmor requirement from \u003c1.24,\u003e=1.9.0 to \u003e=1.9.0,\u003c1.25 in the pip group","user":"dependabot[bot]","labels":["new: pull-request","bot","type: dependencies","skip-changelog"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-20T07:42:27.000Z","updated_at":"2026-04-20T09:34:10.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore: (deps-dev): update","packages":[{"name":"zizmor","old_version":"\u003c1.24,\u003e=1.9.0","new_version":"\u003e=1.9.0,\u003c1.25","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":"the pip group","ecosystem":"pip"},"body":"Updates the requirements on [zizmor](https://github.com/zizmorcore/zizmor) to permit the latest version.\nUpdates `zizmor` to 1.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.24.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ezizmor now allows users to audit from stdin, by passing zizmor - (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1611\"\u003e#1611\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#use-trusted-publishing\"\u003euse-trusted-publishing\u003c/a\u003e audit now detects bun publish and bunx npm publish patterns (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1737\"\u003e#1737\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's CLI help and usage output now uses a custom color scheme for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1747\"\u003e#1747\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#secrets-outside-env\"\u003esecrets-outside-env\u003c/a\u003e audit is now configurable with an allowlist of secret names that should not be flagged, even when referenced outside of an environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1759\"\u003e#1759\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/rmuir\"\u003e\u003ccode\u003e@​rmuir\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#dependabot-cooldown\"\u003edependabot-cooldown\u003c/a\u003e audit now emits a pedantic finding whenever it encounters a cooldown used with a multi-ecosystem-group, as the two do not interact well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh release upload as a replacement for \u003ca href=\"https://github.com/svenstaro/upload-release-action\"\u003esvenstaro/upload-release-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1801\"\u003e#1801\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue create as a replacement for \u003ca href=\"https://github.com/dacbd/create-issue-action\"\u003edacbd/create-issue-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1873\"\u003e#1873\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit now emits a finding for with: ${{ expr }} clauses cannot be analyzed (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1772\"\u003e#1772\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor --help is now rendered with option groups for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1831\"\u003e#1831\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/deckstose\"\u003e\u003ccode\u003e@​deckstose\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's SARIF output now uses codeflows instead of related locations, improving its rendering behavior on GitHub Advanced Security (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#ref-version-mismatch\"\u003eref-version-mismatch\u003c/a\u003e audit now uses a more useful audit description for its findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-images\"\u003eunpinned-images\u003c/a\u003e audit now produces more precise findings for image references that are computed through expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1756\"\u003e#1756\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/miketheman\"\u003e\u003ccode\u003e@​miketheman\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#ref-version-mismatch\"\u003eref-version-mismatch\u003c/a\u003e audit now detects missing version comments as well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1849\"\u003e#1849\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#concurrency-limits\"\u003econcurrency-limits\u003c/a\u003e audit reported findings at the job level instead of the workflow level (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1627\"\u003e#1627\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where with: ${{ expr }} clauses would cause a crash. artipacked audit emits a pedantic finding on such clauses. (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1772\"\u003e#1772\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where auto-fixes for the \u003ca href=\"https://docs.zizmor.sh/audits/#template-injection\"\u003etemplate-injection\u003c/a\u003e audit would fail to preserve an environment variable's casing (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1766\"\u003e#1766\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#secrets-outside-env\"\u003esecrets-outside-env\u003c/a\u003e audit would incorrectly flag reusable workflows (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1777\"\u003e#1777\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.24.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ezizmor\u003c/code\u003e now allows users to audit from stdin, by passing \u003ccode\u003ezizmor -\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1611\"\u003e#1611\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [use-trusted-publishing] audit now detects \u003ccode\u003ebun publish\u003c/code\u003e and \u003ccode\u003ebunx npm publish\u003c/code\u003e\npatterns (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1737\"\u003e#1737\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e's CLI help and usage output now uses a custom color scheme for\nimproved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1747\"\u003e#1747\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [secrets-outside-env] audit is now configurable with an allowlist of\nsecret names that should not be flagged, even when referenced outside of\nan environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1759\"\u003e#1759\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/rmuir\"\u003e\u003ccode\u003e@​rmuir\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [dependabot-cooldown] audit now emits a pedantic finding whenever\nit encounters a cooldown used with a multi-ecosystem-group, as the two\ndo not interact well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh release upload\u003c/code\u003e as a replacement for \u003ccode\u003e@​svenstaro/upload-release-action\u003c/code\u003e in\n[superfluous-actions] (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1801\"\u003e#1801\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh issue create\u003c/code\u003e as a replacement for \u003ccode\u003e@​dacbd/create-issue-action\u003c/code\u003e in\n[superfluous-actions] (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1873\"\u003e#1873\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [obfuscation] audit now emits a finding for \u003ccode\u003ewith: ${{ expr }}\u003c/code\u003e\nclauses cannot be analyzed (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1772\"\u003e#1772\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor --help\u003c/code\u003e is now rendered with option groups for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1831\"\u003e#1831\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/deckstose\"\u003e\u003ccode\u003e@​deckstose\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's SARIF output now uses codeflows instead of related locations,\nimproving its rendering behavior on GitHub Advanced Security (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [ref-version-mismatch] audit now uses a more useful audit description\nfor its findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-images] audit now produces more precise findings for\nimage references that are computed through expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1756\"\u003e#1756\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/miketheman\"\u003e\u003ccode\u003e@​miketheman\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/d5aba605f4267b96e34775de183955ff0a3197ad\"\u003e\u003ccode\u003ed5aba60\u003c/code\u003e\u003c/a\u003e zizmor v1.24.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1890\"\u003e#1890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/1e762ac3c0354d68ddcac0ccc0af6879e8b38aa6\"\u003e\u003ccode\u003e1e762ac\u003c/code\u003e\u003c/a\u003e zizmor v1.24.0-rc3 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1889\"\u003e#1889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/b79c9dc84c096d6c7becabd9581c61c9347bf4f7\"\u003e\u003ccode\u003eb79c9dc\u003c/code\u003e\u003c/a\u003e Fix release CI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1888\"\u003e#1888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/eb113ad5c5f8c25c79dd0b4705d420096a35ba2d\"\u003e\u003ccode\u003eeb113ad\u003c/code\u003e\u003c/a\u003e Unify crate versions and publishing (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1887\"\u003e#1887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/91bcb96244214bea0d62982fba3bc825f9604af9\"\u003e\u003ccode\u003e91bcb96\u003c/code\u003e\u003c/a\u003e Use the GitHub client's host correctly in two more places (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1881\"\u003e#1881\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/3ed8316a1ce22a3f9c887c1021992ca19d31dce4\"\u003e\u003ccode\u003e3ed8316\u003c/code\u003e\u003c/a\u003e chore: use \u003ccode\u003etracing\u003c/code\u003e for printing the welcome message (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1886\"\u003e#1886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/484acedf381a7553f663309b44def3b7953fb4d8\"\u003e\u003ccode\u003e484aced\u003c/code\u003e\u003c/a\u003e feat(ref-version-mismatch): detect missing version comments on SHA-pinned act...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/7ee374f5db0b69b96ef4f7ba89d0c33c8a93a7ba\"\u003e\u003ccode\u003e7ee374f\u003c/code\u003e\u003c/a\u003e KATs for GitHub Actions expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1857\"\u003e#1857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/7f70d0b2bfd123cbc061be4fe97b2a2b429f2e3d\"\u003e\u003ccode\u003e7f70d0b\u003c/code\u003e\u003c/a\u003e Add DNN Platform to trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1876\"\u003e#1876\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/5d62ffff8dbc7464826f24bd0023beaca6a10b8a\"\u003e\u003ccode\u003e5d62fff\u003c/code\u003e\u003c/a\u003e feat(superfluous-actions): Recommend \u003ccode\u003egh issue create\u003c/code\u003e as a replacement for @...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.9.0...v1.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/bjlittle/geovista/pull/2214","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bjlittle%2Fgeovista/issues/2214","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2214/packages"},{"uuid":"4222120993","node_id":"PR_kwDORTS4js7QsbNI","number":9,"state":"closed","title":"Bump the github-requirements-updates group across 1 directory with 3 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-22T04:31:36.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-08T04:30:48.000Z","updated_at":"2026-04-22T04:31:38.000Z","time_to_close":1209648,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"github-requirements-updates","update_count":3,"packages":[{"name":"poetry","old_version":"2.3.2","new_version":"2.3.3","repository_url":"https://github.com/python-poetry/poetry"},{"name":"lastversion","old_version":"3.6.8","new_version":"3.6.10","repository_url":"https://github.com/dvershinin/lastversion"},{"name":"zizmor","old_version":"1.22.0","new_version":"1.23.1","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps the github-requirements-updates group with 3 updates in the /.github directory: [poetry](https://github.com/python-poetry/poetry), [lastversion](https://github.com/dvershinin/lastversion) and [zizmor](https://github.com/zizmorcore/zizmor).\n\nUpdates `poetry` from 2.3.2 to 2.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/poetry/releases\"\u003epoetry's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10792\"\u003e#10792\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003egit\u003c/code\u003e dependencies from annotated tags could not be updated (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10719\"\u003e#10719\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where empty \u003ccode\u003eVIRTUAL_ENV\u003c/code\u003e or \u003ccode\u003eCONDA_PREFIX\u003c/code\u003e environment variables (e.g., after \u003ccode\u003econda deactivate\u003c/code\u003e) would cause Poetry to incorrectly detect an active virtualenv (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10784\"\u003e#10784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where an incomprehensible error message was printed when \u003ccode\u003e.venv\u003c/code\u003e was a file instead of a directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10777\"\u003e#10777\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10748\"\u003e#10748\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry publish --no-interaction --build\u003c/code\u003e requested user interaction (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10769\"\u003e#10769\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry init\u003c/code\u003e and \u003ccode\u003epoetry new\u003c/code\u003e created a deprecated \u003ccode\u003eproject.license\u003c/code\u003e format (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10787\"\u003e#10787\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify the differences between \u003ccode\u003epoetry install\u003c/code\u003e and \u003ccode\u003epoetry update\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10713\"\u003e#10713\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eClarify the section of fields in the \u003ccode\u003epyproject.toml\u003c/code\u003e examples (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10753\"\u003e#10753\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd a note about the different installation location when Python from the Microsoft Store is used (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10759\"\u003e#10759\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the system requirements for Poetry (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10739\"\u003e#10739\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the \u003ccode\u003epoetry cache clear\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10749\"\u003e#10749\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the link to \u003ccode\u003epipx\u003c/code\u003e installation instructions (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10783\"\u003e#10783\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.2\"\u003e\u003ccode\u003e2.3.2\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Debian Trixie (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/930\"\u003e#930\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where using \u003ccode\u003eproject.readme.text\u003c/code\u003e in the \u003ccode\u003epyproject.toml\u003c/code\u003e file resulted in broken metadata (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/914\"\u003e#914\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/919\"\u003e#919\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/922\"\u003e#922\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where PEP 735 \u003ccode\u003einclude-group\u003c/code\u003e entries were lost when \u003ccode\u003e[tool.poetry.group]\u003c/code\u003e also defined \u003ccode\u003einclude-groups\u003c/code\u003e for the same group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/924\"\u003e#924\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where the union of \u003ccode\u003e\u0026lt;value\u0026gt; not in \u0026lt;marker\u0026gt;\u003c/code\u003e constraints was wrongly treated as always satisfied (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/925\"\u003e#925\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a post release with a local version identifier was wrongly allowed by a \u003ccode\u003e\u0026gt;\u003c/code\u003e version constraint (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/921\"\u003e#921\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a version with the local version identifier \u003ccode\u003e0\u003c/code\u003e was treated as equal to the corresponding public version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/920\"\u003e#920\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a \u003ccode\u003e!= \u0026lt;version\u0026gt;\u003c/code\u003e constraint wrongly disallowed pre releases and post releases of the specified version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/929\"\u003e#929\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003enot in\u003c/code\u003e constraints were wrongly not allowed by specific compound constraints (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/927\"\u003e#927\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md\"\u003epoetry's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.3.3] - 2026-03-29\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10792\"\u003e#10792\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003egit\u003c/code\u003e dependencies from annotated tags could not be updated (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10719\"\u003e#10719\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where empty \u003ccode\u003eVIRTUAL_ENV\u003c/code\u003e or \u003ccode\u003eCONDA_PREFIX\u003c/code\u003e environment variables (e.g., after \u003ccode\u003econda deactivate\u003c/code\u003e) would cause Poetry to incorrectly detect an active virtualenv (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10784\"\u003e#10784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where an incomprehensible error message was printed when \u003ccode\u003e.venv\u003c/code\u003e was a file instead of a directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10777\"\u003e#10777\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10748\"\u003e#10748\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry publish --no-interaction --build\u003c/code\u003e requested user interaction (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10769\"\u003e#10769\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry init\u003c/code\u003e and \u003ccode\u003epoetry new\u003c/code\u003e created a deprecated \u003ccode\u003eproject.license\u003c/code\u003e format (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10787\"\u003e#10787\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify the differences between \u003ccode\u003epoetry install\u003c/code\u003e and \u003ccode\u003epoetry update\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10713\"\u003e#10713\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eClarify the section of fields in the \u003ccode\u003epyproject.toml\u003c/code\u003e examples (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10753\"\u003e#10753\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd a note about the different installation location when Python from the Microsoft Store is used (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10759\"\u003e#10759\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the system requirements for Poetry (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10739\"\u003e#10739\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the \u003ccode\u003epoetry cache clear\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10749\"\u003e#10749\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the link to \u003ccode\u003epipx\u003c/code\u003e installation instructions (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10783\"\u003e#10783\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/3d0151ac03b5286e557ed1518b815ad225d52cb0\"\u003e\u003ccode\u003e3d0151a\u003c/code\u003e\u003c/a\u003e release: bump version to 2.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/89f09aad49ed7e6223ea2b8ebdf941e87bb5d5c6\"\u003e\u003ccode\u003e89f09aa\u003c/code\u003e\u003c/a\u003e fix long path issue on Windows (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10794\"\u003e#10794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/e068177d1bfef65de4c55cf71c36de27057f10e7\"\u003e\u003ccode\u003ee068177\u003c/code\u003e\u003c/a\u003e installer: fix path traversal (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10792\"\u003e#10792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/d76a2f67641ef1499065bdc8a0246448cbcf781c\"\u003e\u003ccode\u003ed76a2f6\u003c/code\u003e\u003c/a\u003e chore: require new poetry-core version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10790\"\u003e#10790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/859d4439f2caf147010330beae1ad61274f009d4\"\u003e\u003ccode\u003e859d443\u003c/code\u003e\u003c/a\u003e Update init \u0026amp; new commands for PEP 639 (License) (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10787\"\u003e#10787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/2ff2845af03539c98d2279b46074c908594427c4\"\u003e\u003ccode\u003e2ff2845\u003c/code\u003e\u003c/a\u003e fix: pass auth via Request constructor instead of calling HTTPBasicAuth on un...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/286e43bba52ba60205e1e5c9a401019b45226bbe\"\u003e\u003ccode\u003e286e43b\u003c/code\u003e\u003c/a\u003e env: improve error handling if \u003ccode\u003e.venv\u003c/code\u003e is not a directory but a file (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/d6e72c972a48c4db98e1b8e1381544d33a2b66ef\"\u003e\u003ccode\u003ed6e72c9\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003epublish --build\u003c/code\u003e prompt behavior in non-interactive mode (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10769\"\u003e#10769\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/9fced1a13ded1a7dcec562f295b2362a1a4fa8dc\"\u003e\u003ccode\u003e9fced1a\u003c/code\u003e\u003c/a\u003e fix(env): treat empty VIRTUAL_ENV/CONDA_PREFIX as unset (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10784\"\u003e#10784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/96883826998f964ae12963fac0b4751bedd04b50\"\u003e\u003ccode\u003e9688382\u003c/code\u003e\u003c/a\u003e docs: fix pipx install directions link (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10783\"\u003e#10783\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-poetry/poetry/compare/2.3.2...2.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lastversion` from 3.6.8 to 3.6.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dvershinin/lastversion/releases\"\u003elastversion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.6.10\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace debug \u003ccode\u003eprint()\u003c/code\u003e calls in \u003ccode\u003eupdate_spec\u003c/code\u003e/\u003ccode\u003eupdate_spec_commit\u003c/code\u003e/\u003ccode\u003epypi\u003c/code\u003e with proper logging — these were writing to stdout and breaking automation scripts that parse \u003ccode\u003elastversion\u003c/code\u003e output\u003c/li\u003e\n\u003cli\u003eAdd error logging to 4 bare \u003ccode\u003eexcept Exception\u003c/code\u003e blocks that silently discarded errors in changelog generation, AI changelog, and release notes collection\u003c/li\u003e\n\u003cli\u003eNarrow \u003ccode\u003eai.py\u003c/code\u003e exception handling to specific types (\u003ccode\u003eRequestException\u003c/code\u003e, \u003ccode\u003eValueError\u003c/code\u003e, \u003ccode\u003eKeyError\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eReplace deprecated \u003ccode\u003edatetime.utcnow()\u003c/code\u003e with \u003ccode\u003edatetime.now(timezone.utc)\u003c/code\u003e (fixes DeprecationWarning on Python 3.12+)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImprovements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUnify flake8 max-line-length to 120 across \u003ccode\u003esetup.cfg\u003c/code\u003e, CI, and pre-commit configs\u003c/li\u003e\n\u003cli\u003eAdd Python 3.13 classifier to \u003ccode\u003esetup.py\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd RapidAPI badge and API teaser to README for better API discoverability\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.6.9\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003elastversion wordpress\u003c/code\u003e returning wrong version (6.3.8 instead of latest)\n\u003cul\u003e\n\u003cli\u003eRoute the \u003ccode\u003ewordpress\u003c/code\u003e short name to the WordPress.org core version-check API\u003c/li\u003e\n\u003cli\u003eThe GitHub adapter's Atom feed missed the latest 6.9.x tags due to old-branch security patches flooding earlier pages\u003c/li\u003e\n\u003cli\u003ePlugin lookups via \u003ccode\u003ewordpress.org/plugins/\u003c/code\u003e URLs continue to work as before\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dvershinin/lastversion/blob/master/CHANGELOG.md\"\u003elastversion's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003ch2\u003e[3.6.9] - 2026-03-16\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003elastversion wordpress\u003c/code\u003e returning wrong version (6.3.8 instead of latest)\n\u003cul\u003e\n\u003cli\u003eRoute the \u003ccode\u003ewordpress\u003c/code\u003e short name to the WordPress.org core version-check API\u003c/li\u003e\n\u003cli\u003eThe GitHub adapter's Atom feed missed the latest 6.9.x tags due to old-branch security patches flooding earlier pages\u003c/li\u003e\n\u003cli\u003ePlugin lookups via \u003ccode\u003ewordpress.org/plugins/\u003c/code\u003e URLs continue to work as before\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvershinin/lastversion/commit/bd5773bdb94040e332c354b1d39d9fcfce4920ab\"\u003e\u003ccode\u003ebd5773b\u003c/code\u003e\u003c/a\u003e chore(release): 3.6.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvershinin/lastversion/commit/ae54356d688b4eab7f377915b871b24b0335a03d\"\u003e\u003ccode\u003eae54356\u003c/code\u003e\u003c/a\u003e fix: restore --exit-zero for CI style checks (pre-existing C901 warnings)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvershinin/lastversion/commit/4f69e8ff92dd2a2bd2ae4be205a752099d220623\"\u003e\u003ccode\u003e4f69e8f\u003c/code\u003e\u003c/a\u003e fix: replace debug prints with logging, fix swallowed exceptions, update depr...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvershinin/lastversion/commit/9f096b6aa6daf021ceb077f35fe2c71932c84deb\"\u003e\u003ccode\u003e9f096b6\u003c/code\u003e\u003c/a\u003e fix: route \u003ccode\u003elastversion wordpress\u003c/code\u003e to WordPress.org core API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvershinin/lastversion/commit/63563770bd4243cfed191fb76e0fd1fb71e0ed2f\"\u003e\u003ccode\u003e6356377\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dvershinin/lastversion/issues/223\"\u003e#223\u003c/a\u003e from dvershinin/dependabot/github_actions/docker/buil...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvershinin/lastversion/commit/7311ccf0810dba1fd109f6e2d22112d487ac8f4c\"\u003e\u003ccode\u003e7311ccf\u003c/code\u003e\u003c/a\u003e Bump docker/build-push-action from 2.5.0 to 6.19.2\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dvershinin/lastversion/compare/v3.6.8...v3.6.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmor` from 1.22.0 to 1.23.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.23.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where zizmor would error if given both a GH_TOKEN and a GITHUB_TOKEN (or ZIZMOR_GITHUB_TOKEN) via the environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1724\"\u003e#1724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.23.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#secrets-outside-env\"\u003esecrets-outside-env\u003c/a\u003e detects usage of the secrets context in jobs that don't have a corresponding environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1599\"\u003e#1599\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e detects usage of actions that perform operations already provided by GitHub's own runner images (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1618\"\u003e#1618\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's LSP mode is now configuration-aware, and will load configuration files relative to workspace roots (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1555\"\u003e#1555\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now reads the GITHUB_TOKEN environment variable as an alias/equivalent for GH_TOKEN (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1566\"\u003e#1566\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now supports inputs that contain duplicated anchor names (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now flags missing cooldowns on opentofu ecosystem definitions in Dependabot (again) (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1586\"\u003e#1586\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now reads the ZIZMOR_GITHUB_TOKEN environment variable as an alias/equivalent for GH_TOKEN and GITHUB_TOKEN (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1641\"\u003e#1641\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe SARIF output format now adds zizmor/confidence, zizmor/persona and zizmor/severity to the properties of findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1656\"\u003e#1656\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded \u003ca href=\"https://github.com/awalsh128/cache-apt-pkgs-action\"\u003eawalsh128/cache-apt-pkgs-action\u003c/a\u003e as a cache-aware action to the cache-poisoning audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1708\"\u003e#1708\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSARIF categories have been regraded. zizmor's \u0026quot;medium\u0026quot; is changed from SARIF's \u0026quot;warning\u0026quot; to \u0026quot;low\u0026quot; (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1635\"\u003e#1635\u003c/a\u003e)\nBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where zizmor would crash on uses: clauses containing non-significant whitespace while performing the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1544\"\u003e#1544\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug in yamlpath where sequences containing anchors were splatted instead of being properly nested (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1557\"\u003e#1557\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/DarkaMaul\"\u003e\u003ccode\u003e@​DarkaMaul\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug in yamlpath where anchor prefixes in sequences and mapping were not stripped during path queries (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1562\"\u003e#1562\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where \u0026quot;merge into\u0026quot; autofixes would produce incorrect patches in the presence of multi-byte Unicode characters (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1581\"\u003e#1581\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/ManuelLerchnerQC\"\u003e\u003ccode\u003e@​ManuelLerchnerQC\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#template-injection\"\u003etemplate-injection\u003c/a\u003e audit would produce duplicated pedantic-only findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1589\"\u003e#1589\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit would produce incorrect autofixes for a subset of constant-reducible expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1597\"\u003e#1597\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit would fail to apply fixes to a subset of inputs with leading whitespace (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1597\"\u003e#1597\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.23.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where \u003ccode\u003ezizmor\u003c/code\u003e would error if given both a \u003ccode\u003eGH_TOKEN\u003c/code\u003e and\na \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e (or \u003ccode\u003eZIZMOR_GITHUB_TOKEN\u003c/code\u003e) via the environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1724\"\u003e#1724\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug in [template-injection] where the \u003ccode\u003econtext\u003c/code\u003e input of\n\u003ccode\u003edocker/build-push-action\u003c/code\u003e was incorrectly considered a code injection sink\n(\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1705\"\u003e#1705\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eartipacked\u003c/code\u003e audit emits a pedantic finding if \u003ccode\u003epersist-credentials\u003c/code\u003e\nis an expression (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1735\"\u003e#1735\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.23.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [secrets-outside-env] detects usage of the \u003ccode\u003esecrets\u003c/code\u003e context\nin jobs that don't have a corresponding \u003ccode\u003eenvironment\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1599\"\u003e#1599\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [superfluous-actions] detects usage of actions that perform\noperations already provided by GitHub's own runner images (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1618\"\u003e#1618\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e's LSP mode is now configuration-aware, and will load\nconfiguration files relative to workspace roots (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1555\"\u003e#1555\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now reads the \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e environment variable as an\nalias/equivalent for \u003ccode\u003eGH_TOKEN\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1566\"\u003e#1566\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now supports inputs that contain duplicated anchor names (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now flags missing cooldowns on \u003ccode\u003eopentofu\u003c/code\u003e ecosystem definitions\nin Dependabot (again) (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1586\"\u003e#1586\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now reads the \u003ccode\u003eZIZMOR_GITHUB_TOKEN\u003c/code\u003e environment variable as an\nalias/equivalent for \u003ccode\u003eGH_TOKEN\u003c/code\u003e and \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1641\"\u003e#1641\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe SARIF output format now adds \u003ccode\u003ezizmor/confidence\u003c/code\u003e, \u003ccode\u003ezizmor/persona\u003c/code\u003e and \u003ccode\u003ezizmor/severity\u003c/code\u003e\nto the \u003ccode\u003eproperties\u003c/code\u003e of findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1656\"\u003e#1656\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded \u003ca href=\"https://github.com/awalsh128/cache-apt-pkgs-action\"\u003eawalsh128/cache-apt-pkgs-action\u003c/a\u003e\nas a cache-aware action to the cache-poisoning audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1708\"\u003e#1708\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/0b77258cf93d4e0ae762c843422c333faf2793f6\"\u003e\u003ccode\u003e0b77258\u003c/code\u003e\u003c/a\u003e zizmor v1.23.1 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1725\"\u003e#1725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/d822fa69a847fff1b6d896d75bdf4c0a518f792c\"\u003e\u003ccode\u003ed822fa6\u003c/code\u003e\u003c/a\u003e Remove conflict handling from GH_TOKEN aliases (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1724\"\u003e#1724\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/773439b9834fe7de258d464614a34f92361d4dc9\"\u003e\u003ccode\u003e773439b\u003c/code\u003e\u003c/a\u003e Bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1721\"\u003e#1721\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/f5c05f064bbd0f6b2c58887152c1039ecb94acbb\"\u003e\u003ccode\u003ef5c05f0\u003c/code\u003e\u003c/a\u003e zizmor 1.23.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1719\"\u003e#1719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/93858d8e016cc14654676b62dcd83415579d0463\"\u003e\u003ccode\u003e93858d8\u003c/code\u003e\u003c/a\u003e zizmor 1.23.0-rc7 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1718\"\u003e#1718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/76d3f1eb2ba6450f9fbbdc14b52bbf298cad09d9\"\u003e\u003ccode\u003e76d3f1e\u003c/code\u003e\u003c/a\u003e yamlpatch 0.13.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1717\"\u003e#1717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/7a71262abd81adf9a4c7b26ef4782419df100672\"\u003e\u003ccode\u003e7a71262\u003c/code\u003e\u003c/a\u003e github-actions-expressions 0.0.15 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1716\"\u003e#1716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/2255be674ac561f0fe79a3cb1c812158eb560832\"\u003e\u003ccode\u003e2255be6\u003c/code\u003e\u003c/a\u003e zizmor 1.23.0-rc6 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1715\"\u003e#1715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/a0f9dcbe0736d8af717d94845b548f3d1a759173\"\u003e\u003ccode\u003ea0f9dcb\u003c/code\u003e\u003c/a\u003e Fix http-cache usage (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1689\"\u003e#1689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/adabd2dbd9d01b26b14df81e0eb1e1d883ad919e\"\u003e\u003ccode\u003eadabd2d\u003c/code\u003e\u003c/a\u003e Update pedantic persona example (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1714\"\u003e#1714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.22.0...v1.23.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/piratE-oF-interneT/graph/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/piratE-oF-interneT%2Fgraph/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"},{"uuid":"4123800149","node_id":"PR_kwDONnZYsM7M0GfY","number":366,"state":"open","title":":dependabot: uv(deps-dev): Bump the minor-and-patch group with 2 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-23T21:19:07.000Z","updated_at":"2026-03-23T21:19:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":":dependabot: uv(deps-dev): Bump","group_name":"minor-and-patch","update_count":2,"packages":[{"name":"ruff","old_version":"0.15.4","new_version":"0.15.5","repository_url":"https://github.com/astral-sh/ruff"},{"name":"zizmor","old_version":"1.22.0","new_version":"1.23.1","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps the minor-and-patch group with 2 updates: [ruff](https://github.com/astral-sh/ruff) and [zizmor](https://github.com/zizmorcore/zizmor).\n\nUpdates `ruff` from 0.15.4 to 0.15.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.5\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-03-05.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDiscover Markdown files by default in preview mode (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23434\"\u003e#23434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eperflint\u003c/code\u003e] Extend \u003ccode\u003ePERF102\u003c/code\u003e to comprehensions and generators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23473\"\u003e#23473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003erefurb\u003c/code\u003e] Fix \u003ccode\u003eFURB101\u003c/code\u003e and \u003ccode\u003eFURB103\u003c/code\u003e false positives when I/O variable is used later (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23542\"\u003e#23542\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add fix for \u003ccode\u003enone-not-at-end-of-union\u003c/code\u003e (\u003ccode\u003eRUF036\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22829\"\u003e#22829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Fix false positive for \u003ccode\u003ere.split\u003c/code\u003e with empty string pattern (\u003ccode\u003eRUF055\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23634\"\u003e#23634\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003efastapi\u003c/code\u003e] Handle callable class dependencies with \u003ccode\u003e__call__\u003c/code\u003e method (\u003ccode\u003eFAST003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23553\"\u003e#23553\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epydocstyle\u003c/code\u003e] Fix numpy section ordering (\u003ccode\u003eD420\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23685\"\u003e#23685\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyflakes\u003c/code\u003e] Fix false positive for names shadowing re-exports (\u003ccode\u003eF811\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23356\"\u003e#23356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Avoid inserting redundant \u003ccode\u003eNone\u003c/code\u003e elements in \u003ccode\u003eUP045\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23459\"\u003e#23459\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocument extension mapping for Markdown code formatting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23574\"\u003e#23574\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate default Python version examples (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23605\"\u003e#23605\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePublish releases to Astral mirror (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23616\"\u003e#23616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amyreese\"\u003e\u003ccode\u003e@​amyreese\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stakeswky\"\u003e\u003ccode\u003e@​stakeswky\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chirizxc\"\u003e\u003ccode\u003e@​chirizxc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bxff\"\u003e\u003ccode\u003e@​bxff\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zsol\"\u003e\u003ccode\u003e@​zsol\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charliermarsh\"\u003e\u003ccode\u003e@​charliermarsh\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kar-ganap\"\u003e\u003ccode\u003e@​kar-ganap\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall ruff 0.15.5\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.15.5/ruff-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via powershell script\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.5\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-03-05.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDiscover Markdown files by default in preview mode (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23434\"\u003e#23434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eperflint\u003c/code\u003e] Extend \u003ccode\u003ePERF102\u003c/code\u003e to comprehensions and generators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23473\"\u003e#23473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003erefurb\u003c/code\u003e] Fix \u003ccode\u003eFURB101\u003c/code\u003e and \u003ccode\u003eFURB103\u003c/code\u003e false positives when I/O variable is used later (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23542\"\u003e#23542\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add fix for \u003ccode\u003enone-not-at-end-of-union\u003c/code\u003e (\u003ccode\u003eRUF036\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22829\"\u003e#22829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Fix false positive for \u003ccode\u003ere.split\u003c/code\u003e with empty string pattern (\u003ccode\u003eRUF055\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23634\"\u003e#23634\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003efastapi\u003c/code\u003e] Handle callable class dependencies with \u003ccode\u003e__call__\u003c/code\u003e method (\u003ccode\u003eFAST003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23553\"\u003e#23553\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epydocstyle\u003c/code\u003e] Fix numpy section ordering (\u003ccode\u003eD420\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23685\"\u003e#23685\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyflakes\u003c/code\u003e] Fix false positive for names shadowing re-exports (\u003ccode\u003eF811\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23356\"\u003e#23356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Avoid inserting redundant \u003ccode\u003eNone\u003c/code\u003e elements in \u003ccode\u003eUP045\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23459\"\u003e#23459\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocument extension mapping for Markdown code formatting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23574\"\u003e#23574\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate default Python version examples (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23605\"\u003e#23605\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePublish releases to Astral mirror (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23616\"\u003e#23616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amyreese\"\u003e\u003ccode\u003e@​amyreese\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stakeswky\"\u003e\u003ccode\u003e@​stakeswky\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chirizxc\"\u003e\u003ccode\u003e@​chirizxc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bxff\"\u003e\u003ccode\u003e@​bxff\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zsol\"\u003e\u003ccode\u003e@​zsol\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charliermarsh\"\u003e\u003ccode\u003e@​charliermarsh\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kar-ganap\"\u003e\u003ccode\u003e@​kar-ganap\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/5e4a3d9c3b381df20f6a52caef0f56ed0ebc74be\"\u003e\u003ccode\u003e5e4a3d9\u003c/code\u003e\u003c/a\u003e Bump 0.15.5 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23743\"\u003e#23743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/69c23cc5a3a6cb08d81b01c7d1c2ba0482c3a3b1\"\u003e\u003ccode\u003e69c23cc\u003c/code\u003e\u003c/a\u003e [ty] Render all changed diagnostics in conformance.py (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23613\"\u003e#23613\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/4926bd58204839cb75a8ed1397e824bbc8f644ca\"\u003e\u003ccode\u003e4926bd5\u003c/code\u003e\u003c/a\u003e [ty] Split deferred checks out of \u003ccode\u003etypes/infer/builder.rs\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23740\"\u003e#23740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9a70f5eb2fb0180953418cd6ac037cb3d531e77b\"\u003e\u003ccode\u003e9a70f5e\u003c/code\u003e\u003c/a\u003e Discover markdown files by default in preview mode (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23434\"\u003e#23434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/3dc78b0a84ee231afb1c3329e11bfc912c236366\"\u003e\u003ccode\u003e3dc78b0\u003c/code\u003e\u003c/a\u003e [ty] Use \u003ccode\u003eHasOptionalDefinition\u003c/code\u003e for \u003ccode\u003eexcept\u003c/code\u003e handlers (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23739\"\u003e#23739\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/a6a5e8d10b8a5185049827be0a304db522b91c9a\"\u003e\u003ccode\u003ea6a5e8d\u003c/code\u003e\u003c/a\u003e [ty] Fix precedence of \u003ccode\u003eall\u003c/code\u003e selector in TOML configurations (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23723\"\u003e#23723\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2a5384b0b6e22ab511aec6f8dbb11648befda887\"\u003e\u003ccode\u003e2a5384b\u003c/code\u003e\u003c/a\u003e [ty] Make \u003ccode\u003eall\u003c/code\u003e selector case sensitive (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23713\"\u003e#23713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/db77d7b2ae3da8deed64d8889a5cbcea287b52a6\"\u003e\u003ccode\u003edb77d7b\u003c/code\u003e\u003c/a\u003e [ty] Add a diagnostic if a \u003ccode\u003eTypeVar\u003c/code\u003e is used to specialize a \u003ccode\u003eParamSpec\u003c/code\u003e, or ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/db2849068f7d6a1f42cdafec46a7c2c83d39ece3\"\u003e\u003ccode\u003edb28490\u003c/code\u003e\u003c/a\u003e [ty] Override home directory in ty tests (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23724\"\u003e#23724\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/5f0fd91a230972bb9d1e4545ebaed2b7d09158a2\"\u003e\u003ccode\u003e5f0fd91\u003c/code\u003e\u003c/a\u003e [ty] More type-variable default validation (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23639\"\u003e#23639\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.4...0.15.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmor` from 1.22.0 to 1.23.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.23.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where zizmor would error if given both a GH_TOKEN and a GITHUB_TOKEN (or ZIZMOR_GITHUB_TOKEN) via the environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1724\"\u003e#1724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.23.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#secrets-outside-env\"\u003esecrets-outside-env\u003c/a\u003e detects usage of the secrets context in jobs that don't have a corresponding environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1599\"\u003e#1599\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e detects usage of actions that perform operations already provided by GitHub's own runner images (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1618\"\u003e#1618\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's LSP mode is now configuration-aware, and will load configuration files relative to workspace roots (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1555\"\u003e#1555\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now reads the GITHUB_TOKEN environment variable as an alias/equivalent for GH_TOKEN (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1566\"\u003e#1566\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now supports inputs that contain duplicated anchor names (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now flags missing cooldowns on opentofu ecosystem definitions in Dependabot (again) (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1586\"\u003e#1586\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now reads the ZIZMOR_GITHUB_TOKEN environment variable as an alias/equivalent for GH_TOKEN and GITHUB_TOKEN (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1641\"\u003e#1641\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe SARIF output format now adds zizmor/confidence, zizmor/persona and zizmor/severity to the properties of findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1656\"\u003e#1656\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded \u003ca href=\"https://github.com/awalsh128/cache-apt-pkgs-action\"\u003eawalsh128/cache-apt-pkgs-action\u003c/a\u003e as a cache-aware action to the cache-poisoning audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1708\"\u003e#1708\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSARIF categories have been regraded. zizmor's \u0026quot;medium\u0026quot; is changed from SARIF's \u0026quot;warning\u0026quot; to \u0026quot;low\u0026quot; (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1635\"\u003e#1635\u003c/a\u003e)\nBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where zizmor would crash on uses: clauses containing non-significant whitespace while performing the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1544\"\u003e#1544\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug in yamlpath where sequences containing anchors were splatted instead of being properly nested (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1557\"\u003e#1557\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/DarkaMaul\"\u003e\u003ccode\u003e@​DarkaMaul\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug in yamlpath where anchor prefixes in sequences and mapping were not stripped during path queries (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1562\"\u003e#1562\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where \u0026quot;merge into\u0026quot; autofixes would produce incorrect patches in the presence of multi-byte Unicode characters (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1581\"\u003e#1581\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/ManuelLerchnerQC\"\u003e\u003ccode\u003e@​ManuelLerchnerQC\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#template-injection\"\u003etemplate-injection\u003c/a\u003e audit would produce duplicated pedantic-only findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1589\"\u003e#1589\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit would produce incorrect autofixes for a subset of constant-reducible expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1597\"\u003e#1597\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit would fail to apply fixes to a subset of inputs with leading whitespace (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1597\"\u003e#1597\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.23.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where \u003ccode\u003ezizmor\u003c/code\u003e would error if given both a \u003ccode\u003eGH_TOKEN\u003c/code\u003e and\na \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e (or \u003ccode\u003eZIZMOR_GITHUB_TOKEN\u003c/code\u003e) via the environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1724\"\u003e#1724\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug in [template-injection] where the \u003ccode\u003econtext\u003c/code\u003e input of\n\u003ccode\u003edocker/build-push-action\u003c/code\u003e was incorrectly considered a code injection sink\n(\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1705\"\u003e#1705\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eartipacked\u003c/code\u003e audit emits a pedantic finding if \u003ccode\u003epersist-credentials\u003c/code\u003e\nis an expression (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1735\"\u003e#1735\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.23.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [secrets-outside-env] detects usage of the \u003ccode\u003esecrets\u003c/code\u003e context\nin jobs that don't have a corresponding \u003ccode\u003eenvironment\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1599\"\u003e#1599\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [superfluous-actions] detects usage of actions that perform\noperations already provided by GitHub's own runner images (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1618\"\u003e#1618\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e's LSP mode is now configuration-aware, and will load\nconfiguration files relative to workspace roots (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1555\"\u003e#1555\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now reads the \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e environment variable as an\nalias/equivalent for \u003ccode\u003eGH_TOKEN\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1566\"\u003e#1566\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now supports inputs that contain duplicated anchor names (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now flags missing cooldowns on \u003ccode\u003eopentofu\u003c/code\u003e ecosystem definitions\nin Dependabot (again) (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1586\"\u003e#1586\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now reads the \u003ccode\u003eZIZMOR_GITHUB_TOKEN\u003c/code\u003e environment variable as an\nalias/equivalent for \u003ccode\u003eGH_TOKEN\u003c/code\u003e and \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1641\"\u003e#1641\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe SARIF output format now adds \u003ccode\u003ezizmor/confidence\u003c/code\u003e, \u003ccode\u003ezizmor/persona\u003c/code\u003e and \u003ccode\u003ezizmor/severity\u003c/code\u003e\nto the \u003ccode\u003eproperties\u003c/code\u003e of findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1656\"\u003e#1656\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded \u003ca href=\"https://github.com/awalsh128/cache-apt-pkgs-action\"\u003eawalsh128/cache-apt-pkgs-action\u003c/a\u003e\nas a cache-aware action to the cache-poisoning audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1708\"\u003e#1708\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/0b77258cf93d4e0ae762c843422c333faf2793f6\"\u003e\u003ccode\u003e0b77258\u003c/code\u003e\u003c/a\u003e zizmor v1.23.1 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1725\"\u003e#1725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/d822fa69a847fff1b6d896d75bdf4c0a518f792c\"\u003e\u003ccode\u003ed822fa6\u003c/code\u003e\u003c/a\u003e Remove conflict handling from GH_TOKEN aliases (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1724\"\u003e#1724\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/773439b9834fe7de258d464614a34f92361d4dc9\"\u003e\u003ccode\u003e773439b\u003c/code\u003e\u003c/a\u003e Bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1721\"\u003e#1721\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/f5c05f064bbd0f6b2c58887152c1039ecb94acbb\"\u003e\u003ccode\u003ef5c05f0\u003c/code\u003e\u003c/a\u003e zizmor 1.23.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1719\"\u003e#1719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/93858d8e016cc14654676b62dcd83415579d0463\"\u003e\u003ccode\u003e93858d8\u003c/code\u003e\u003c/a\u003e zizmor 1.23.0-rc7 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1718\"\u003e#1718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/76d3f1eb2ba6450f9fbbdc14b52bbf298cad09d9\"\u003e\u003ccode\u003e76d3f1e\u003c/code\u003e\u003c/a\u003e yamlpatch 0.13.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1717\"\u003e#1717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/7a71262abd81adf9a4c7b26ef4782419df100672\"\u003e\u003ccode\u003e7a71262\u003c/code\u003e\u003c/a\u003e github-actions-expressions 0.0.15 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1716\"\u003e#1716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/2255be674ac561f0fe79a3cb1c812158eb560832\"\u003e\u003ccode\u003e2255be6\u003c/code\u003e\u003c/a\u003e zizmor 1.23.0-rc6 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1715\"\u003e#1715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/a0f9dcbe0736d8af717d94845b548f3d1a759173\"\u003e\u003ccode\u003ea0f9dcb\u003c/code\u003e\u003c/a\u003e Fix http-cache usage (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1689\"\u003e#1689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/adabd2dbd9d01b26b14df81e0eb1e1d883ad919e\"\u003e\u003ccode\u003eadabd2d\u003c/code\u003e\u003c/a\u003e Update pedantic persona example (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1714\"\u003e#1714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.22.0...v1.23.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/ministryofjustice/github-community/pull/366","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fgithub-community/issues/366","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/366/packages"},{"uuid":"4091238058","node_id":"PR_kwDONFX-vc7LWuV-","number":3497,"state":"open","title":":dependabot: pip(deps): Bump zizmor from 1.22.0 to 1.23.1","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-17T21:14:15.000Z","updated_at":"2026-03-17T21:14:33.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":":dependabot: pip(deps): Bump","packages":[{"name":"zizmor","old_version":"1.22.0","new_version":"1.23.1","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps [zizmor](https://github.com/zizmorcore/zizmor) from 1.22.0 to 1.23.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.23.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where zizmor would error if given both a GH_TOKEN and a GITHUB_TOKEN (or ZIZMOR_GITHUB_TOKEN) via the environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1724\"\u003e#1724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.23.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#secrets-outside-env\"\u003esecrets-outside-env\u003c/a\u003e detects usage of the secrets context in jobs that don't have a corresponding environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1599\"\u003e#1599\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e detects usage of actions that perform operations already provided by GitHub's own runner images (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1618\"\u003e#1618\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's LSP mode is now configuration-aware, and will load configuration files relative to workspace roots (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1555\"\u003e#1555\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now reads the GITHUB_TOKEN environment variable as an alias/equivalent for GH_TOKEN (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1566\"\u003e#1566\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now supports inputs that contain duplicated anchor names (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now flags missing cooldowns on opentofu ecosystem definitions in Dependabot (again) (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1586\"\u003e#1586\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now reads the ZIZMOR_GITHUB_TOKEN environment variable as an alias/equivalent for GH_TOKEN and GITHUB_TOKEN (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1641\"\u003e#1641\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe SARIF output format now adds zizmor/confidence, zizmor/persona and zizmor/severity to the properties of findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1656\"\u003e#1656\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded \u003ca href=\"https://github.com/awalsh128/cache-apt-pkgs-action\"\u003eawalsh128/cache-apt-pkgs-action\u003c/a\u003e as a cache-aware action to the cache-poisoning audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1708\"\u003e#1708\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSARIF categories have been regraded. zizmor's \u0026quot;medium\u0026quot; is changed from SARIF's \u0026quot;warning\u0026quot; to \u0026quot;low\u0026quot; (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1635\"\u003e#1635\u003c/a\u003e)\nBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where zizmor would crash on uses: clauses containing non-significant whitespace while performing the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1544\"\u003e#1544\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug in yamlpath where sequences containing anchors were splatted instead of being properly nested (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1557\"\u003e#1557\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/DarkaMaul\"\u003e\u003ccode\u003e@​DarkaMaul\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug in yamlpath where anchor prefixes in sequences and mapping were not stripped during path queries (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1562\"\u003e#1562\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where \u0026quot;merge into\u0026quot; autofixes would produce incorrect patches in the presence of multi-byte Unicode characters (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1581\"\u003e#1581\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/ManuelLerchnerQC\"\u003e\u003ccode\u003e@​ManuelLerchnerQC\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#template-injection\"\u003etemplate-injection\u003c/a\u003e audit would produce duplicated pedantic-only findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1589\"\u003e#1589\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit would produce incorrect autofixes for a subset of constant-reducible expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1597\"\u003e#1597\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit would fail to apply fixes to a subset of inputs with leading whitespace (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1597\"\u003e#1597\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.23.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where \u003ccode\u003ezizmor\u003c/code\u003e would error if given both a \u003ccode\u003eGH_TOKEN\u003c/code\u003e and\na \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e (or \u003ccode\u003eZIZMOR_GITHUB_TOKEN\u003c/code\u003e) via the environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1724\"\u003e#1724\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug in [template-injection] where the \u003ccode\u003econtext\u003c/code\u003e input of\n\u003ccode\u003edocker/build-push-action\u003c/code\u003e was incorrectly considered a code injection sink\n(\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1705\"\u003e#1705\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eartipacked\u003c/code\u003e audit emits a pedantic finding if \u003ccode\u003epersist-credentials\u003c/code\u003e\nis an expression (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1735\"\u003e#1735\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.23.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [secrets-outside-env] detects usage of the \u003ccode\u003esecrets\u003c/code\u003e context\nin jobs that don't have a corresponding \u003ccode\u003eenvironment\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1599\"\u003e#1599\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [superfluous-actions] detects usage of actions that perform\noperations already provided by GitHub's own runner images (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1618\"\u003e#1618\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e's LSP mode is now configuration-aware, and will load\nconfiguration files relative to workspace roots (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1555\"\u003e#1555\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now reads the \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e environment variable as an\nalias/equivalent for \u003ccode\u003eGH_TOKEN\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1566\"\u003e#1566\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now supports inputs that contain duplicated anchor names (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now flags missing cooldowns on \u003ccode\u003eopentofu\u003c/code\u003e ecosystem definitions\nin Dependabot (again) (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1586\"\u003e#1586\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now reads the \u003ccode\u003eZIZMOR_GITHUB_TOKEN\u003c/code\u003e environment variable as an\nalias/equivalent for \u003ccode\u003eGH_TOKEN\u003c/code\u003e and \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1641\"\u003e#1641\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe SARIF output format now adds \u003ccode\u003ezizmor/confidence\u003c/code\u003e, \u003ccode\u003ezizmor/persona\u003c/code\u003e and \u003ccode\u003ezizmor/severity\u003c/code\u003e\nto the \u003ccode\u003eproperties\u003c/code\u003e of findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1656\"\u003e#1656\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded \u003ca href=\"https://github.com/awalsh128/cache-apt-pkgs-action\"\u003eawalsh128/cache-apt-pkgs-action\u003c/a\u003e\nas a cache-aware action to the cache-poisoning audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1708\"\u003e#1708\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/0b77258cf93d4e0ae762c843422c333faf2793f6\"\u003e\u003ccode\u003e0b77258\u003c/code\u003e\u003c/a\u003e zizmor v1.23.1 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1725\"\u003e#1725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/d822fa69a847fff1b6d896d75bdf4c0a518f792c\"\u003e\u003ccode\u003ed822fa6\u003c/code\u003e\u003c/a\u003e Remove conflict handling from GH_TOKEN aliases (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1724\"\u003e#1724\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/773439b9834fe7de258d464614a34f92361d4dc9\"\u003e\u003ccode\u003e773439b\u003c/code\u003e\u003c/a\u003e Bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1721\"\u003e#1721\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/f5c05f064bbd0f6b2c58887152c1039ecb94acbb\"\u003e\u003ccode\u003ef5c05f0\u003c/code\u003e\u003c/a\u003e zizmor 1.23.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1719\"\u003e#1719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/93858d8e016cc14654676b62dcd83415579d0463\"\u003e\u003ccode\u003e93858d8\u003c/code\u003e\u003c/a\u003e zizmor 1.23.0-rc7 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1718\"\u003e#1718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/76d3f1eb2ba6450f9fbbdc14b52bbf298cad09d9\"\u003e\u003ccode\u003e76d3f1e\u003c/code\u003e\u003c/a\u003e yamlpatch 0.13.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1717\"\u003e#1717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/7a71262abd81adf9a4c7b26ef4782419df100672\"\u003e\u003ccode\u003e7a71262\u003c/code\u003e\u003c/a\u003e github-actions-expressions 0.0.15 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1716\"\u003e#1716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/2255be674ac561f0fe79a3cb1c812158eb560832\"\u003e\u003ccode\u003e2255be6\u003c/code\u003e\u003c/a\u003e zizmor 1.23.0-rc6 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1715\"\u003e#1715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/a0f9dcbe0736d8af717d94845b548f3d1a759173\"\u003e\u003ccode\u003ea0f9dcb\u003c/code\u003e\u003c/a\u003e Fix http-cache usage (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1689\"\u003e#1689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/adabd2dbd9d01b26b14df81e0eb1e1d883ad919e\"\u003e\u003ccode\u003eadabd2d\u003c/code\u003e\u003c/a\u003e Update pedantic persona example (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1714\"\u003e#1714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.22.0...v1.23.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmor\u0026package-manager=pip\u0026previous-version=1.22.0\u0026new-version=1.23.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ministryofjustice/analytical-platform-airflow/pull/3497","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fanalytical-platform-airflow/issues/3497","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3497/packages"},{"uuid":"4045587623","node_id":"PR_kwDORf90e87JErNk","number":7,"state":"open","title":":dependabot: uv(deps): Bump the minor-and-patch group with 8 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-09T13:23:59.000Z","updated_at":"2026-03-09T13:24:19.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":":dependabot: uv(deps): Bump","group_name":"minor-and-patch","update_count":8,"packages":[{"name":"authlib","old_version":"1.6.7","new_version":"1.6.8","repository_url":"https://github.com/authlib/authlib"},{"name":"flask-cors","old_version":"6.0.1","new_version":"6.0.2","repository_url":"https://github.com/corydolphin/flask-cors"},{"name":"flask-limiter","old_version":"4.0.0","new_version":"4.1.1","repository_url":"https://github.com/alisaifee/flask-limiter"},{"name":"sentry-sdk","old_version":"2.41.0","new_version":"2.53.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"coverage","old_version":"7.10.7","new_version":"7.13.4","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"pre-commit","old_version":"4.3.0","new_version":"4.5.1","repository_url":"https://github.com/pre-commit/pre-commit"},{"name":"ruff","old_version":"0.14.0","new_version":"0.15.2","repository_url":"https://github.com/astral-sh/ruff"},{"name":"zizmor","old_version":"1.14.2","new_version":"1.22.0","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps the minor-and-patch group with 8 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.6.7` | `1.6.8` |\n| [flask-cors](https://github.com/corydolphin/flask-cors) | `6.0.1` | `6.0.2` |\n| [flask-limiter](https://github.com/alisaifee/flask-limiter) | `4.0.0` | `4.1.1` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.41.0` | `2.53.0` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.10.7` | `7.13.4` |\n| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.3.0` | `4.5.1` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.14.0` | `0.15.2` |\n| [zizmor](https://github.com/zizmorcore/zizmor) | `1.14.2` | `1.22.0` |\n\nUpdates `authlib` from 1.6.7 to 1.6.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a769f343ae8d43236448e3e74445980861812e82\"\u003e\u003ccode\u003ea769f34\u003c/code\u003e\u003c/a\u003e chore: release 1.6.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/84f3fa2965a189c16528329e8cfe41d094008588\"\u003e\u003ccode\u003e84f3fa2\u003c/code\u003e\u003c/a\u003e fix: add EdDSA to default jwt algorithms\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask-cors` from 6.0.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/corydolphin/flask-cors/releases\"\u003eflask-cors's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate license pyproject.toml by \u003ca href=\"https://github.com/wagenrace\"\u003e\u003ccode\u003e@​wagenrace\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/395\"\u003ecorydolphin/flask-cors#395\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/wagenrace\"\u003e\u003ccode\u003e@​wagenrace\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/395\"\u003ecorydolphin/flask-cors#395\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/6.0.1...6.0.2\"\u003ehttps://github.com/corydolphin/flask-cors/compare/6.0.1...6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/fa55dcbec68b3524a39e5057c35c29c221a27d64\"\u003e\u003ccode\u003efa55dcb\u003c/code\u003e\u003c/a\u003e Update license pyproject.toml (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/395\"\u003e#395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/6.0.1...6.0.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask-limiter` from 4.0.0 to 4.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/alisaifee/flask-limiter/releases\"\u003eflask-limiter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.1.1\u003c/h2\u003e\n\u003ch2\u003eBug Fix\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure cli commands fail gracefully when cli dependencies\nare not installed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0\u003c/h2\u003e\n\u003ch2\u003eDeployment\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExtract \u003ccode\u003ecli\u003c/code\u003e specific requirements to an extra\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCompatibility\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd python 3.14 support\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/alisaifee/flask-limiter/blob/master/HISTORY.rst\"\u003eflask-limiter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.1\u003c/h2\u003e\n\u003cp\u003eRelease Date: 2025-12-06\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBug Fix\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure cli commands fail gracefully when cli dependencies\nare not installed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cp\u003eRelease Date: 2025-12-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDeployment\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExtract \u003ccode\u003ecli\u003c/code\u003e specific requirements to an extra\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCompatibility\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd python 3.14 support\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/e9c14643bb0bd7f3c2c12546d8b9d4b407cc7554\"\u003e\u003ccode\u003ee9c1464\u003c/code\u003e\u003c/a\u003e Update changelog for  4.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/008350285f66456f5befe0c372c342fd0ab857ac\"\u003e\u003ccode\u003e0083502\u003c/code\u003e\u003c/a\u003e Update uv.lock\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/c45325cbd55db3bd56a3ec4d3df93a20ef15830a\"\u003e\u003ccode\u003ec45325c\u003c/code\u003e\u003c/a\u003e Add rich to dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/4029925815361899d9b5a7def5f8ee6a2d082c3e\"\u003e\u003ccode\u003e4029925\u003c/code\u003e\u003c/a\u003e Ensure cli extra is installed for docs generation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/114c01b9918628635161dc5a74815aaebb2498a2\"\u003e\u003ccode\u003e114c01b\u003c/code\u003e\u003c/a\u003e Handle missing cli dependencies gracefully\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/4aee644efd4f40ccc9702401cce0b96c7264c33e\"\u003e\u003ccode\u003e4aee644\u003c/code\u003e\u003c/a\u003e Update changelog for  4.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/4eb58a34967c7639f18716b9ab9fa924b09d3df4\"\u003e\u003ccode\u003e4eb58a3\u003c/code\u003e\u003c/a\u003e Extract cli dependencies as an extra\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/e1a162cc878ac08ffba85ef98b87052b481f1943\"\u003e\u003ccode\u003ee1a162c\u003c/code\u003e\u003c/a\u003e Add python 3.14 support\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/alisaifee/flask-limiter/compare/4.0.0...4.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sentry-sdk` from 2.41.0 to 2.53.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-python/releases\"\u003esentry-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.53.0\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003ch4\u003eOpenai Agents\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePatch \u003ccode\u003eexecute_final_output()\u003c/code\u003e functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5453\"\u003e#5453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch \u003ccode\u003eexecute_handoffs()\u003c/code\u003e functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5452\"\u003e#5452\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch \u003ccode\u003erun_single_turn_streamed()\u003c/code\u003e functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5451\"\u003e#5451\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch \u003ccode\u003erun_single_turn()\u003c/code\u003e functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5450\"\u003e#5450\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch models functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5449\"\u003e#5449\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch tool functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5445\"\u003e#5445\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eClose the connection we're reading driver_type from by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5427\"\u003e#5427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation 📚\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocument \u003ccode\u003eopenai-agents\u003c/code\u003e control-flow by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5447\"\u003e#5447\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal Changes 🔧\u003c/h3\u003e\n\u003ch4\u003eOpenai Agents\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eNew tool field and library error log by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5454\"\u003e#5454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid calling SDK-internal functions by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5437\"\u003e#5437\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eImprove Craft config with title stripping and artifact filtering by \u003ca href=\"https://github.com/BYK\"\u003e\u003ccode\u003e@​BYK\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5444\"\u003e#5444\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse fixed clickhouse action, remove aws-sam-cli dependency by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5457\"\u003e#5457\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove references to unsupported attribute types by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5425\"\u003e#5425\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin setuptools for linting and chalice tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5438\"\u003e#5438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.52.0\u003c/h2\u003e\n\u003ch3\u003eNew Features ✨\u003c/h3\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003efeat(integration): add \u003ccode\u003egen_ai.conversation.id\u003c/code\u003e if available by \u003ca href=\"https://github.com/constantinius\"\u003e\u003ccode\u003e@​constantinius\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5307\"\u003e#5307\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003ch4\u003eGoogle Genai\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003efix(google-genai): Token reporting by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5404\"\u003e#5404\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(google-genai): deactivate google genai when langchain is used by \u003ca href=\"https://github.com/shellmayr\"\u003e\u003ccode\u003e@​shellmayr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5389\"\u003e#5389\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eMcp\u003c/h4\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md\"\u003esentry-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.53.0\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003ch4\u003eOpenai Agents\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePatch \u003ccode\u003eexecute_final_output()\u003c/code\u003e functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5453\"\u003e#5453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch \u003ccode\u003eexecute_handoffs()\u003c/code\u003e functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5452\"\u003e#5452\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch \u003ccode\u003erun_single_turn_streamed()\u003c/code\u003e functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5451\"\u003e#5451\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch \u003ccode\u003erun_single_turn()\u003c/code\u003e functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5450\"\u003e#5450\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch models functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5449\"\u003e#5449\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch tool functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5445\"\u003e#5445\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eClose the connection we're reading driver_type from by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5427\"\u003e#5427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation 📚\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocument \u003ccode\u003eopenai-agents\u003c/code\u003e control-flow by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5447\"\u003e#5447\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal Changes 🔧\u003c/h3\u003e\n\u003ch4\u003eOpenai Agents\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eNew tool field and library error log by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5454\"\u003e#5454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid calling SDK-internal functions by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5437\"\u003e#5437\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eImprove Craft config with title stripping and artifact filtering by \u003ca href=\"https://github.com/BYK\"\u003e\u003ccode\u003e@​BYK\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5444\"\u003e#5444\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse fixed clickhouse action, remove aws-sam-cli dependency by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5457\"\u003e#5457\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove references to unsupported attribute types by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5425\"\u003e#5425\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin setuptools for linting and chalice tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5438\"\u003e#5438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.52.0\u003c/h2\u003e\n\u003ch3\u003eNew Features ✨\u003c/h3\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003efeat(integration): add \u003ccode\u003egen_ai.conversation.id\u003c/code\u003e if available by \u003ca href=\"https://github.com/constantinius\"\u003e\u003ccode\u003e@​constantinius\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5307\"\u003e#5307\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003ch4\u003eGoogle Genai\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003efix(google-genai): Token reporting by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5404\"\u003e#5404\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(google-genai): deactivate google genai when langchain is used by \u003ca href=\"https://github.com/shellmayr\"\u003e\u003ccode\u003e@​shellmayr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5389\"\u003e#5389\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/f75a9ac1059b648644c05189deffd3c7ddc0931a\"\u003e\u003ccode\u003ef75a9ac\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/b700fa85d8d722891ad84cefaec73a9aeeaafa16\"\u003e\u003ccode\u003eb700fa8\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/45379e206c992d5f5ab782b1e13dc609cedbdd5f\"\u003e\u003ccode\u003e45379e2\u003c/code\u003e\u003c/a\u003e release: 2.53.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/4d8faf347b109bb2c864b1a52a9080c33541be9e\"\u003e\u003ccode\u003e4d8faf3\u003c/code\u003e\u003c/a\u003e test(openai-agents): New tool field and library error log (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5454\"\u003e#5454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/d3e2c88a9f5236b65ef367fc3ec6dffa6b6970ba\"\u003e\u003ccode\u003ed3e2c88\u003c/code\u003e\u003c/a\u003e fix(openai-agents): Patch \u003ccode\u003eexecute_final_output()\u003c/code\u003e functions following librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/f71a60450afd1ce3cf299cde37731c53e9debf0a\"\u003e\u003ccode\u003ef71a604\u003c/code\u003e\u003c/a\u003e fix(openai-agents): Patch \u003ccode\u003eexecute_handoffs()\u003c/code\u003e functions following library re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/bea608c3aa52295b3336af12f1dc6cfdf9c5cd5d\"\u003e\u003ccode\u003ebea608c\u003c/code\u003e\u003c/a\u003e fix(openai-agents): Patch \u003ccode\u003erun_single_turn_streamed()\u003c/code\u003e functions following li...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/14e3e0a0a0cf3b2320fb88c3568ff1a74d86cc36\"\u003e\u003ccode\u003e14e3e0a\u003c/code\u003e\u003c/a\u003e fix(openai-agents): Patch \u003ccode\u003erun_single_turn()\u003c/code\u003e functions following library ref...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/a5c2906a480d9b108041759b4e04912e296f7f90\"\u003e\u003ccode\u003ea5c2906\u003c/code\u003e\u003c/a\u003e fix(openai-agents): Patch models functions following library refactor (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5449\"\u003e#5449\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/f78df7c01768282a32cdc8d12cf899769f7551bd\"\u003e\u003ccode\u003ef78df7c\u003c/code\u003e\u003c/a\u003e ci: Use fixed clickhouse action, remove aws-sam-cli dependency (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5457\"\u003e#5457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getsentry/sentry-python/compare/2.41.0...2.53.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.10.7 to 7.13.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.13.4 — 2026-02-09\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the third-party code fix in 7.13.3 required examining the parent\ndirectories where coverage was run. In the unusual situation that one of the\nparent directories is unreadable, a PermissionError would occur, as\ndescribed in \u003ccode\u003eissue 2129\u003c/code\u003e_. This is now fixed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: in test suites that change sys.path, coverage.py could fail with\n\u0026quot;RuntimeError: Set changed size during iteration\u0026quot; as described and fixed in\n\u003ccode\u003epull 2130\u003c/code\u003e_. Thanks, Noah Fatsi.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe now publish ppc64le wheels, thanks to \u003ccode\u003ePankhudi Jain \u0026lt;pull 2121_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _pull 2121: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2121\"\u003ecoveragepy/coveragepy#2121\u003c/a\u003e\n.. _issue 2129: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2129\"\u003ecoveragepy/coveragepy#2129\u003c/a\u003e\n.. _pull 2130: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2130\"\u003ecoveragepy/coveragepy#2130\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-13-3:\u003c/p\u003e\n\u003ch2\u003eVersion 7.13.3 — 2026-02-03\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: in some situations, third-party code was measured when it shouldn't have\nbeen, slowing down test execution. This happened with layered virtual\nenvironments such as uv sometimes makes. The problem is fixed, closing \u003ccode\u003eissue 2082\u003c/code\u003e_. Now any directory on sys.path that is inside a virtualenv is\nconsidered third-party code.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 2082: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2082\"\u003ecoveragepy/coveragepy#2082\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-13-2:\u003c/p\u003e\n\u003ch2\u003eVersion 7.13.2 — 2026-01-25\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: when Python is installed via symlinks, for example with Homebrew, the\nstandard library files could be incorrectly included in coverage reports.\nThis is now fixed, closing \u003ccode\u003eissue 2115\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: if a data file is created with no read permissions, the combine step\nwould fail completely. Now a warning is issued and the file is skipped.\nCloses \u003ccode\u003eissue 2117\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 2115: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2115\"\u003ecoveragepy/coveragepy#2115\u003c/a\u003e\n.. _issue 2117: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2117\"\u003ecoveragepy/coveragepy#2117\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/4f78d57f83ff8a4976043e8a8fcea24b91891840\"\u003e\u003ccode\u003e4f78d57\u003c/code\u003e\u003c/a\u003e build: no need to publish status.json\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/f8616ff5e6386648aa40300e36c6cecda79a1faa\"\u003e\u003ccode\u003ef8616ff\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/fcf8c68db986970e6000bf75ec3c3115ede867df\"\u003e\u003ccode\u003efcf8c68\u003c/code\u003e\u003c/a\u003e docs: prep for 7.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/189ecfd000867e5c74e7d74ee3bd75742d5d584d\"\u003e\u003ccode\u003e189ecfd\u003c/code\u003e\u003c/a\u003e docs: thanks Pankhudi Jain for ppc64le wheels \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2121\"\u003e#2121\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/58aade0eb92d9d1e3755c65a5cf7a951e7bd6c6a\"\u003e\u003ccode\u003e58aade0\u003c/code\u003e\u003c/a\u003e build: add support for ppc64le architecture (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2121\"\u003e#2121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/8ea42c874fbfc96535156300225bda22bc93ac68\"\u003e\u003ccode\u003e8ea42c8\u003c/code\u003e\u003c/a\u003e chore: bump actions/attest-build-provenance (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2131\"\u003e#2131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c09595f70758b78156efbd7c8f034799d09322aa\"\u003e\u003ccode\u003ec09595f\u003c/code\u003e\u003c/a\u003e docs: Janine put a lot of effort into debugging issue \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2128\"\u003e#2128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/8ee1760f40b8822aa2b11ff95ab63481be68a8a0\"\u003e\u003ccode\u003e8ee1760\u003c/code\u003e\u003c/a\u003e docs: Greg wrote a great issue: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2129\"\u003e#2129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/76ba0437611fc2787cb0450dc94b02bc2848fdee\"\u003e\u003ccode\u003e76ba043\u003c/code\u003e\u003c/a\u003e docs: thanks, Noah Fatsi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/371fcc5727e9d8fba816061756af94646b4bcfbb\"\u003e\u003ccode\u003e371fcc5\u003c/code\u003e\u003c/a\u003e fix: set fixed paths_list in TreeMatcher init (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2130\"\u003e#2130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.10.7...7.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pre-commit` from 4.3.0 to 4.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pre-commit/pre-commit/releases\"\u003epre-commit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epre-commit v4.5.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003elanguage: python\u003c/code\u003e with \u003ccode\u003erepo: local\u003c/code\u003e without \u003ccode\u003eadditional_dependencies\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3597\"\u003e#3597\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epre-commit v4.5.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003epre-commit hazmat\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3585\"\u003e#3585\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epre-commit v4.4.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--fail-fast\u003c/code\u003e option to \u003ccode\u003epre-commit run\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3528\"\u003e#3528\u003c/a\u003e PR by \u003ca href=\"https://github.com/JulianMaurin\"\u003e\u003ccode\u003e@​JulianMaurin\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003eruby-build\u003c/code\u003e / \u003ccode\u003erbenv\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3566\"\u003e#3566\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3565\"\u003e#3565\u003c/a\u003e issue by \u003ca href=\"https://github.com/MRigal\"\u003e\u003ccode\u003e@​MRigal\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003elanguage: unsupported\u003c/code\u003e / \u003ccode\u003elanguage: unsupported_script\u003c/code\u003e as aliases for \u003ccode\u003elanguage: system\u003c/code\u003e / \u003ccode\u003elanguage: script\u003c/code\u003e (which will eventually be deprecated).\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3577\"\u003e#3577\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd support docker-in-docker detection for cgroups v2.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3535\"\u003e#3535\u003c/a\u003e PR by \u003ca href=\"https://github.com/br-rhrbacek\"\u003e\u003ccode\u003e@​br-rhrbacek\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3360\"\u003e#3360\u003c/a\u003e issue by \u003ca href=\"https://github.com/JasonAlt\"\u003e\u003ccode\u003e@​JasonAlt\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHandle when docker gives \u003ccode\u003eSecurityOptions: null\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3537\"\u003e#3537\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3514\"\u003e#3514\u003c/a\u003e issue by \u003ca href=\"https://github.com/jenstroeger\"\u003e\u003ccode\u003e@​jenstroeger\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix error context for invalid \u003ccode\u003estages\u003c/code\u003e in \u003ccode\u003e.pre-commit-config.yaml\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3576\"\u003e#3576\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md\"\u003epre-commit's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.5.1 - 2025-12-16\u003c/h1\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003elanguage: python\u003c/code\u003e with \u003ccode\u003erepo: local\u003c/code\u003e without \u003ccode\u003eadditional_dependencies\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3597\"\u003e#3597\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.5.0 - 2025-11-22\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003epre-commit hazmat\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3585\"\u003e#3585\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.4.0 - 2025-11-08\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--fail-fast\u003c/code\u003e option to \u003ccode\u003epre-commit run\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3528\"\u003e#3528\u003c/a\u003e PR by \u003ca href=\"https://github.com/JulianMaurin\"\u003e\u003ccode\u003e@​JulianMaurin\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003eruby-build\u003c/code\u003e / \u003ccode\u003erbenv\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3566\"\u003e#3566\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3565\"\u003e#3565\u003c/a\u003e issue by \u003ca href=\"https://github.com/MRigal\"\u003e\u003ccode\u003e@​MRigal\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003elanguage: unsupported\u003c/code\u003e / \u003ccode\u003elanguage: unsupported_script\u003c/code\u003e as aliases\nfor \u003ccode\u003elanguage: system\u003c/code\u003e / \u003ccode\u003elanguage: script\u003c/code\u003e (which will eventually be\ndeprecated).\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3577\"\u003e#3577\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd support docker-in-docker detection for cgroups v2.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3535\"\u003e#3535\u003c/a\u003e PR by \u003ca href=\"https://github.com/br-rhrbacek\"\u003e\u003ccode\u003e@​br-rhrbacek\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3360\"\u003e#3360\u003c/a\u003e issue by \u003ca href=\"https://github.com/JasonAlt\"\u003e\u003ccode\u003e@​JasonAlt\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHandle when docker gives \u003ccode\u003eSecurityOptions: null\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3537\"\u003e#3537\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3514\"\u003e#3514\u003c/a\u003e issue by \u003ca href=\"https://github.com/jenstroeger\"\u003e\u003ccode\u003e@​jenstroeger\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix error context for invalid \u003ccode\u003estages\u003c/code\u003e in \u003ccode\u003e.pre-commit-config.yaml\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3576\"\u003e#3576\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/8a0630ca1aa7f6d5665effe674ebe2022af17919\"\u003e\u003ccode\u003e8a0630c\u003c/code\u003e\u003c/a\u003e v4.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/fcbc745744377ef2c9fe6a7e1a21c67d797933dc\"\u003e\u003ccode\u003efcbc745\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3597\"\u003e#3597\u003c/a\u003e from pre-commit/empty-setup-py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/51592eececd13b99c40ec477ad8f810799147227\"\u003e\u003ccode\u003e51592ee\u003c/code\u003e\u003c/a\u003e fix python local template when artifact dirs are present\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/67e8faf80baffcb4b79c31b89ca9a413a1cd6776\"\u003e\u003ccode\u003e67e8faf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3596\"\u003e#3596\u003c/a\u003e from pre-commit/pre-commit-ci-update-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/c251e6b6d011b3b262339dc8e109de29b0ff8db1\"\u003e\u003ccode\u003ec251e6b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/98ccafa3ce42b846b9a9be9ed73fbbec7415496d\"\u003e\u003ccode\u003e98ccafa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3593\"\u003e#3593\u003c/a\u003e from pre-commit/pre-commit-ci-update-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/48953556d06f8cdb4248002c1a0044e69e0916b3\"\u003e\u003ccode\u003e4895355\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/2cedd58e691f4d3bc6ab266c7d7c28464c3502be\"\u003e\u003ccode\u003e2cedd58\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3588\"\u003e#3588\u003c/a\u003e from pre-commit/pre-commit-ci-update-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/465192d7de58d569776eaaa818c94cb2b962d436\"\u003e\u003ccode\u003e465192d\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/fd42f96874279c4f65363bfea5238714419e54d7\"\u003e\u003ccode\u003efd42f96\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3586\"\u003e#3586\u003c/a\u003e from pre-commit/zipapp-sha256-file-not-needed\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pre-commit/pre-commit/compare/v4.3.0...v4.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.14.0 to 0.15.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.2\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-02-19.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eExpand the default rule set (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23385\"\u003e#23385\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIn preview, Ruff now enables a significantly expanded default rule set of 412 rules, up from the stable default set of 59 rules. The new rules are mostly a superset of the stable defaults, with the exception of these rules, which are removed from the preview defaults:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/multiple-imports-on-one-line\"\u003e\u003ccode\u003emultiple-imports-on-one-line\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE401\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/module-import-not-at-top-of-file\"\u003e\u003ccode\u003emodule-import-not-at-top-of-file\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE402\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/module-import-not-at-top-of-file\"\u003e\u003ccode\u003emodule-import-not-at-top-of-file\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE701\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/multiple-statements-on-one-line-semicolon\"\u003e\u003ccode\u003emultiple-statements-on-one-line-semicolon\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE702\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/useless-semicolon\"\u003e\u003ccode\u003euseless-semicolon\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE703\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/none-comparison\"\u003e\u003ccode\u003enone-comparison\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE711\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/true-false-comparison\"\u003e\u003ccode\u003etrue-false-comparison\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE712\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/not-in-test\"\u003e\u003ccode\u003enot-in-test\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE713\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/not-is-test\"\u003e\u003ccode\u003enot-is-test\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE714\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/type-comparison\"\u003e\u003ccode\u003etype-comparison\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE721\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/lambda-assignment\"\u003e\u003ccode\u003elambda-assignment\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE731\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/ambiguous-variable-name\"\u003e\u003ccode\u003eambiguous-variable-name\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE741\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/ambiguous-class-name\"\u003e\u003ccode\u003eambiguous-class-name\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE742\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/ambiguous-function-name\"\u003e\u003ccode\u003eambiguous-function-name\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE743\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/undefined-local-with-import-star\"\u003e\u003ccode\u003eundefined-local-with-import-star\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eF403\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/undefined-local-with-import-star-usage\"\u003e\u003ccode\u003eundefined-local-with-import-star-usage\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eF405\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/undefined-local-with-nested-import-star-usage\"\u003e\u003ccode\u003eundefined-local-with-nested-import-star-usage\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eF406\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/forward-annotation-syntax-error\"\u003e\u003ccode\u003eforward-annotation-syntax-error\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eF722\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIf you use preview and prefer the old defaults, you can restore them with configuration like:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e\r\n# ruff.toml\r\n\u003cp\u003e[lint]\nselect = [\u0026quot;E4\u0026quot;, \u0026quot;E7\u0026quot;, \u0026quot;E9\u0026quot;, \u0026quot;F\u0026quot;]\u003c/p\u003e\n\u003ch1\u003epyproject.toml\u003c/h1\u003e\n\u003cp\u003e[tool.ruff.lint]\nselect = [\u0026quot;E4\u0026quot;, \u0026quot;E7\u0026quot;, \u0026quot;E9\u0026quot;, \u0026quot;F\u0026quot;]\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eIf you do give them a try, feel free to share your feedback in the \u003ca href=\"https://github.com/astral-sh/ruff/discussions/23203\"\u003eGitHub discussion\u003c/a\u003e!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Also check string annotations (\u003ccode\u003ePYI041\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/19023\"\u003e#19023\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.2\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-02-19.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eExpand the default rule set (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23385\"\u003e#23385\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIn preview, Ruff now enables a significantly expanded default rule set of 412\nrules, up from the stable default set of 59 rules. The new rules are mostly a\nsuperset of the stable defaults, with the exception of these rules, which are\nremoved from the preview defaults:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/multiple-imports-on-one-line\"\u003e\u003ccode\u003emultiple-imports-on-one-line\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE401\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/module-import-not-at-top-of-file\"\u003e\u003ccode\u003emodule-import-not-at-top-of-file\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE402\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/module-import-not-at-top-of-file\"\u003e\u003ccode\u003emodule-import-not-at-top-of-file\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE701\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/multiple-statements-on-one-line-semicolon\"\u003e\u003ccode\u003emultiple-statements-on-one-line-semicolon\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE702\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/useless-semicolon\"\u003e\u003ccode\u003euseless-semicolon\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE703\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/none-comparison\"\u003e\u003ccode\u003enone-comparison\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE711\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/true-false-comparison\"\u003e\u003ccode\u003etrue-false-comparison\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE712\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/not-in-test\"\u003e\u003ccode\u003enot-in-test\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE713\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/not-is-test\"\u003e\u003ccode\u003enot-is-test\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE714\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/type-comparison\"\u003e\u003ccode\u003etype-comparison\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE721\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/lambda-assignment\"\u003e\u003ccode\u003elambda-assignment\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE731\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/ambiguous-variable-name\"\u003e\u003ccode\u003eambiguous-variable-name\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE741\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/ambiguous-class-name\"\u003e\u003ccode\u003eambiguous-class-name\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE742\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/ambiguous-function-name\"\u003e\u003ccode\u003eambiguous-function-name\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE743\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/undefined-local-with-import-star\"\u003e\u003ccode\u003eundefined-local-with-import-star\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eF403\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/undefined-local-with-import-star-usage\"\u003e\u003ccode\u003eundefined-local-with-import-star-usage\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eF405\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/undefined-local-with-nested-import-star-usage\"\u003e\u003ccode\u003eundefined-local-with-nested-import-star-usage\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eF406\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/forward-annotation-syntax-error\"\u003e\u003ccode\u003eforward-annotation-syntax-error\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eF722\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIf you use preview and prefer the old defaults, you can restore them with\nconfiguration like:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e\n# ruff.toml\n\u003cp\u003e[lint]\nselect = [\u0026quot;E4\u0026quot;, \u0026quot;E7\u0026quot;, \u0026quot;E9\u0026quot;, \u0026quot;F\u0026quot;]\u003c/p\u003e\n\u003ch1\u003epyproject.toml\u003c/h1\u003e\n\u003cp\u003e[tool.ruff.lint]\nselect = [\u0026quot;E4\u0026quot;, \u0026quot;E7\u0026quot;, \u0026quot;E9\u0026quot;, \u0026quot;F\u0026quot;]\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eIf you do give them a try, feel free to share your feedback in the \u003ca href=\"https://github.com/astral-sh/ruff/discussions/23203\"\u003eGitHub\ndiscussion\u003c/a\u003e!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9d18ee9115f9cbb4c21478baa7c1fa2b46e0759c\"\u003e\u003ccode\u003e9d18ee9\u003c/code\u003e\u003c/a\u003e Hard code workflow name and \u003ccode\u003ecancel-in-progress\u003c/code\u003e only for PRs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23431\"\u003e#23431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/7cc15f024b931fe56365f40de3fab01219c092c4\"\u003e\u003ccode\u003e7cc15f0\u003c/code\u003e\u003c/a\u003e Bump 0.15.2 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23430\"\u003e#23430\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/d1b544393ae9cddd8e48ebee8dbfd54bda89f375\"\u003e\u003ccode\u003ed1b5443\u003c/code\u003e\u003c/a\u003e Add extension mapping to configuration file options (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23384\"\u003e#23384\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/222574af90c5c0ca8f84c8385cf30c7c10ac2496\"\u003e\u003ccode\u003e222574a\u003c/code\u003e\u003c/a\u003e Expand the default rule set (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23385\"\u003e#23385\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/1465b5de3829549b45397e9587b83ab7ac6d26d0\"\u003e\u003ccode\u003e1465b5d\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eflake8-async\u003c/code\u003e] Fix \u003ccode\u003ein_async_context\u003c/code\u003e logic (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23426\"\u003e#23426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/410902fa401afda969cc000f13be341896e6868e\"\u003e\u003ccode\u003e410902f\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003epyupgrade\u003c/code\u003e] Fix handling of \u003ccode\u003etyping.{io,re}\u003c/code\u003e (\u003ccode\u003eUP035\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23131\"\u003e#23131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/729610acd9e19f57526e8ca40f355626154826bb\"\u003e\u003ccode\u003e729610a\u003c/code\u003e\u003c/a\u003e [ty] Fall back to ambiguous for large control flow graphs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23399\"\u003e#23399\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/1425c185b0a47be87112762f65b5bf7e323fb950\"\u003e\u003ccode\u003e1425c18\u003c/code\u003e\u003c/a\u003e [ty] Add code folding support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/97acaaea5f993f33d3f5bb27c5db760a2f3d1e8a\"\u003e\u003ccode\u003e97acaae\u003c/code\u003e\u003c/a\u003e [ty] Fix stack overflow for self-referential \u003ccode\u003eTypeOf\u003c/code\u003e in annotations (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23407\"\u003e#23407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/1f380c82584a6dab7e8715bc7dd5ae187da1e69a\"\u003e\u003ccode\u003e1f380c8\u003c/code\u003e\u003c/a\u003e [ty] Update tests \u003ccode\u003ereveal_type\u003c/code\u003e and \u003ccode\u003eNever\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23418\"\u003e#23418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.14.0...0.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmor` from 1.14.2 to 1.22.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.22.0\u003c/h2\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e audit now only shows non-\u0026quot;well known\u0026quot; \u003ccode\u003eshell:\u003c/code\u003e findings when running with the \u0026quot;auditor\u0026quot; persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where inputs containing CRLF line endings were not patched correctly by the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.21.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e detects usage of GitHub Actions features that are considered \u0026quot;misfeatures.\u0026quot; (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now uses exit code 3 to signal an audit that has failed because no input files were collected. See the \u003ca href=\"https://docs.zizmor.sh/usage/#exit-codes\"\u003eexit code\u003c/a\u003e documentation for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1515\"\u003e#1515\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit now supports auto-fixes for many findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit no longer flags shell: cmd. That check has been moved to the new \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e audit. Users may need to update their ignore comments and/or configuration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit now flags reusable workflows that are unpinned, in addition to actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1509\"\u003e#1509\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/johnbillion\"\u003e\u003ccode\u003e@​johnbillion\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.20.0\u003c/h2\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#excessive-permissions\"\u003eexcessive-permissions\u003c/a\u003e audit is now aware of the artifact-metadata and models permissions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1461\"\u003e#1461\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#cache-poisoning\"\u003ecache-poisoning\u003c/a\u003e audit is now aware of the \u003ca href=\"https://github.com/ramsey/composer-install\"\u003eramsey/composer-install\u003c/a\u003e action (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1489\"\u003e#1489\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-images\"\u003eunpinned-images\u003c/a\u003e audit is now significantly more precise in the presence of matrix references, e.g. image: ${{ matrix.image }} (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe default policy for the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit has changed from allowing ref-pinning for first-party actions (those under actions/* and similar) to requiring hash-pinning. This makes the default policy more strict, as well as more consistent across the actions ecosystem.\u003c/p\u003e\n\u003cp\u003eUsers who with to retain the old (permissive policy) for first-party actions may configure it explicitly in their zizmor.yml:\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre\u003e\u003ccode\u003ezizmor.yml\r\n\u003cp\u003erules:\nunpinned-uses:\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.22.0\u003c/h2\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe [misfeature] audit now only shows non-\u0026quot;well known\u0026quot; \u003ccode\u003e#!yaml shell:\u003c/code\u003e\nfindings when running with the \u0026quot;auditor\u0026quot; persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where inputs containing CRLF line endings were not patched\ncorrectly by the [unpinned-uses] audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.21.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [misfeature] detects usage of GitHub Actions features that\nare considered \u0026quot;misfeatures.\u0026quot; (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now uses exit code \u003ccode\u003e3\u003c/code\u003e to signal an audit that has failed because\nno input files were collected. See the [exit code] documentation\nfor details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1515\"\u003e#1515\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-uses] audit now supports auto-fixes for many findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe [obfuscation] audit no longer flags \u003ccode\u003e#!yaml shell: cmd\u003c/code\u003e. That check has\nbeen moved to the new [misfeature] audit. Users may need to update their\nignore comments and/or configuration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-uses] audit now flags reusable workflows that are unpinned,\nin addition to actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1509\"\u003e#1509\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/johnbillion\"\u003e\u003ccode\u003e@​johnbillion\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.20.0\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [excessive-permissions] audit is now aware of the \u003ccode\u003eartifact-metadata\u003c/code\u003e\nand \u003ccode\u003emodels\u003c/code\u003e permissions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1461\"\u003e#1461\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [cache-poisoning] audit is now aware of the \u003ccode\u003e@​ramsey/composer-install\u003c/code\u003e\naction (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1489\"\u003e#1489\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/94308f638c114a3f42c4c842abee9cf46f166890\"\u003e\u003ccode\u003e94308f6\u003c/code\u003e\u003c/a\u003e zizmor 1.22.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1539\"\u003e#1539\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/951d2c8c8bb73c0c3be30b7a4b8c8d6973c7a822\"\u003e\u003ccode\u003e951d2c8\u003c/code\u003e\u003c/a\u003e Add 'crater' tests (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1538\"\u003e#1538\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/13c1b65775f6dbc80900580dcb37fcde8c0d6dd3\"\u003e\u003ccode\u003e13c1b65\u003c/code\u003e\u003c/a\u003e Handle CRLF in EmplaceComment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/601bbba7a91da02cc7ec7248ad27cb39c85dd403\"\u003e\u003ccode\u003e601bbba\u003c/code\u003e\u003c/a\u003e Bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1535\"\u003e#1535\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/de617a22ce828c35e5162a81852312d95839b85d\"\u003e\u003ccode\u003ede617a2\u003c/code\u003e\u003c/a\u003e Drop 'custom shell' finding to auditor persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/5175a6c9707e21e9e300e8dd14a2aac5d1099d4a\"\u003e\u003ccode\u003e5175a6c\u003c/code\u003e\u003c/a\u003e zizmor 1.21.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1529\"\u003e#1529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/b3f84f4f168f0c4d1f6c6a64d3ff8572571c95f5\"\u003e\u003ccode\u003eb3f84f4\u003c/code\u003e\u003c/a\u003e yamlpatch 0.10.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1528\"\u003e#1528\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/20b24ff49188722d1a6fe72d0c77548866d4e245\"\u003e\u003ccode\u003e20b24ff\u003c/code\u003e\u003c/a\u003e yamlpath 0.33.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1527\"\u003e#1527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/4815c16d4f0068d620fe56559d238bda344fea46\"\u003e\u003ccode\u003e4815c16\u003c/code\u003e\u003c/a\u003e Support auto-fixes for unpinned-uses (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/e611eae19cfb4b8c7af67166eedf68ae2268f2e1\"\u003e\u003ccode\u003ee611eae\u003c/code\u003e\u003c/a\u003e Document hk integration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1522\"\u003e#1522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.14.2...v1.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/ministryofjustice/modernisation-platform-ui/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fmodernisation-platform-ui/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"},{"uuid":"3881531977","node_id":"PR_kwDOE5ikvs7AsJnP","number":76,"state":"closed","title":"chore(deps): bump zizmor from 1.19.0 to 1.22.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":["vavkamil"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-01T11:28:39.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-01T08:11:18.000Z","updated_at":"2026-02-01T11:28:40.000Z","time_to_close":11841,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"zizmor","old_version":"1.19.0","new_version":"1.22.0","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps [zizmor](https://github.com/zizmorcore/zizmor) from 1.19.0 to 1.22.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.22.0\u003c/h2\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e audit now only shows non-\u0026quot;well known\u0026quot; \u003ccode\u003eshell:\u003c/code\u003e findings when running with the \u0026quot;auditor\u0026quot; persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where inputs containing CRLF line endings were not patched correctly by the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.21.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e detects usage of GitHub Actions features that are considered \u0026quot;misfeatures.\u0026quot; (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now uses exit code 3 to signal an audit that has failed because no input files were collected. See the \u003ca href=\"https://docs.zizmor.sh/usage/#exit-codes\"\u003eexit code\u003c/a\u003e documentation for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1515\"\u003e#1515\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit now supports auto-fixes for many findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit no longer flags shell: cmd. That check has been moved to the new \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e audit. Users may need to update their ignore comments and/or configuration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit now flags reusable workflows that are unpinned, in addition to actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1509\"\u003e#1509\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/johnbillion\"\u003e\u003ccode\u003e@​johnbillion\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.20.0\u003c/h2\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#excessive-permissions\"\u003eexcessive-permissions\u003c/a\u003e audit is now aware of the artifact-metadata and models permissions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1461\"\u003e#1461\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#cache-poisoning\"\u003ecache-poisoning\u003c/a\u003e audit is now aware of the \u003ca href=\"https://github.com/ramsey/composer-install\"\u003eramsey/composer-install\u003c/a\u003e action (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1489\"\u003e#1489\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-images\"\u003eunpinned-images\u003c/a\u003e audit is now significantly more precise in the presence of matrix references, e.g. image: ${{ matrix.image }} (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe default policy for the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit has changed from allowing ref-pinning for first-party actions (those under actions/* and similar) to requiring hash-pinning. This makes the default policy more strict, as well as more consistent across the actions ecosystem.\u003c/p\u003e\n\u003cp\u003eUsers who with to retain the old (permissive policy) for first-party actions may configure it explicitly in their zizmor.yml:\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre\u003e\u003ccode\u003ezizmor.yml\n\u003cp\u003erules:\nunpinned-uses:\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.22.0\u003c/h2\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe [misfeature] audit now only shows non-\u0026quot;well known\u0026quot; \u003ccode\u003e#!yaml shell:\u003c/code\u003e\nfindings when running with the \u0026quot;auditor\u0026quot; persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where inputs containing CRLF line endings were not patched\ncorrectly by the [unpinned-uses] audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.21.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [misfeature] detects usage of GitHub Actions features that\nare considered \u0026quot;misfeatures.\u0026quot; (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now uses exit code \u003ccode\u003e3\u003c/code\u003e to signal an audit that has failed because\nno input files were collected. See the [exit code] documentation\nfor details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1515\"\u003e#1515\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-uses] audit now supports auto-fixes for many findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe [obfuscation] audit no longer flags \u003ccode\u003e#!yaml shell: cmd\u003c/code\u003e. That check has\nbeen moved to the new [misfeature] audit. Users may need to update their\nignore comments and/or configuration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-uses] audit now flags reusable workflows that are unpinned,\nin addition to actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1509\"\u003e#1509\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/johnbillion\"\u003e\u003ccode\u003e@​johnbillion\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.20.0\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [excessive-permissions] audit is now aware of the \u003ccode\u003eartifact-metadata\u003c/code\u003e\nand \u003ccode\u003emodels\u003c/code\u003e permissions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1461\"\u003e#1461\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [cache-poisoning] audit is now aware of the \u003ccode\u003e@​ramsey/composer-install\u003c/code\u003e\naction (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1489\"\u003e#1489\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/94308f638c114a3f42c4c842abee9cf46f166890\"\u003e\u003ccode\u003e94308f6\u003c/code\u003e\u003c/a\u003e zizmor 1.22.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1539\"\u003e#1539\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/951d2c8c8bb73c0c3be30b7a4b8c8d6973c7a822\"\u003e\u003ccode\u003e951d2c8\u003c/code\u003e\u003c/a\u003e Add 'crater' tests (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1538\"\u003e#1538\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/13c1b65775f6dbc80900580dcb37fcde8c0d6dd3\"\u003e\u003ccode\u003e13c1b65\u003c/code\u003e\u003c/a\u003e Handle CRLF in EmplaceComment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/601bbba7a91da02cc7ec7248ad27cb39c85dd403\"\u003e\u003ccode\u003e601bbba\u003c/code\u003e\u003c/a\u003e Bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1535\"\u003e#1535\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/de617a22ce828c35e5162a81852312d95839b85d\"\u003e\u003ccode\u003ede617a2\u003c/code\u003e\u003c/a\u003e Drop 'custom shell' finding to auditor persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/5175a6c9707e21e9e300e8dd14a2aac5d1099d4a\"\u003e\u003ccode\u003e5175a6c\u003c/code\u003e\u003c/a\u003e zizmor 1.21.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1529\"\u003e#1529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/b3f84f4f168f0c4d1f6c6a64d3ff8572571c95f5\"\u003e\u003ccode\u003eb3f84f4\u003c/code\u003e\u003c/a\u003e yamlpatch 0.10.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1528\"\u003e#1528\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/20b24ff49188722d1a6fe72d0c77548866d4e245\"\u003e\u003ccode\u003e20b24ff\u003c/code\u003e\u003c/a\u003e yamlpath 0.33.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1527\"\u003e#1527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/4815c16d4f0068d620fe56559d238bda344fea46\"\u003e\u003ccode\u003e4815c16\u003c/code\u003e\u003c/a\u003e Support auto-fixes for unpinned-uses (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/e611eae19cfb4b8c7af67166eedf68ae2268f2e1\"\u003e\u003ccode\u003ee611eae\u003c/code\u003e\u003c/a\u003e Document hk integration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1522\"\u003e#1522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.19.0...v1.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmor\u0026package-manager=pip\u0026previous-version=1.19.0\u0026new-version=1.22.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/vavkamil/awesome-bugbounty-tools/pull/76","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vavkamil%2Fawesome-bugbounty-tools/issues/76","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/76/packages"},{"uuid":"3857996221","node_id":"PR_kwDONnZYsM6_eIKc","number":317,"state":"closed","title":":dependabot: uv(deps): Bump the minor-and-patch group across 1 directory with 12 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-03-18T09:16:15.000Z","author_association":null,"state_reason":null,"created_at":"2026-01-26T22:44:53.000Z","updated_at":"2026-03-18T09:16:17.000Z","time_to_close":4357882,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":":dependabot: uv(deps): Bump","group_name":"minor-and-patch","update_count":12,"packages":[{"name":"alembic","old_version":"1.17.0","new_version":"1.18.0","repository_url":"https://github.com/sqlalchemy/alembic"},{"name":"authlib","old_version":"1.6.5","new_version":"1.6.6","repository_url":"https://github.com/authlib/authlib"},{"name":"flask-cors","old_version":"6.0.1","new_version":"6.0.2","repository_url":"https://github.com/corydolphin/flask-cors"},{"name":"flask-limiter","old_version":"4.0.0","new_version":"4.1.1","repository_url":"https://github.com/alisaifee/flask-limiter"},{"name":"govuk-frontend-jinja","old_version":"3.8.0","new_version":"3.9.0","repository_url":"https://github.com/LandRegistry/govuk-frontend-jinja"},{"name":"sentry-sdk","old_version":"2.41.0","new_version":"2.49.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"urllib3","old_version":"2.6.1","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"werkzeug","old_version":"3.1.4","new_version":"3.1.5","repository_url":"https://github.com/pallets/werkzeug"},{"name":"coverage","old_version":"7.10.7","new_version":"7.13.1","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"pre-commit","old_version":"4.3.0","new_version":"4.5.1","repository_url":"https://github.com/pre-commit/pre-commit"},{"name":"ruff","old_version":"0.14.0","new_version":"0.14.11","repository_url":"https://github.com/astral-sh/ruff"},{"name":"zizmor","old_version":"1.14.2","new_version":"1.20.0","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps the minor-and-patch group with 12 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [alembic](https://github.com/sqlalchemy/alembic) | `1.17.0` | `1.18.0` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.5` | `1.6.6` |\n| [flask-cors](https://github.com/corydolphin/flask-cors) | `6.0.1` | `6.0.2` |\n| [flask-limiter](https://github.com/alisaifee/flask-limiter) | `4.0.0` | `4.1.1` |\n| [govuk-frontend-jinja](https://github.com/LandRegistry/govuk-frontend-jinja) | `3.8.0` | `3.9.0` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.41.0` | `2.49.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.1` | `2.6.3` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.4` | `3.1.5` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.10.7` | `7.13.1` |\n| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.3.0` | `4.5.1` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.14.0` | `0.14.11` |\n| [zizmor](https://github.com/zizmorcore/zizmor) | `1.14.2` | `1.20.0` |\n\n\nUpdates `alembic` from 1.17.0 to 1.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/alembic/releases\"\u003ealembic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.18.0\u003c/h1\u003e\n\u003cp\u003eReleased: January 9, 2026\u003c/p\u003e\n\u003ch2\u003efeature\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[feature] [operations]\u003c/strong\u003e When alembic is run in \u0026quot;verbose\u0026quot; mode, alembic now logs a message to\nindicate from which file is used to load the configuration.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1737\"\u003e#1737\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[feature] [autogenerate]\u003c/strong\u003e Autogenerate reflection sweeps now use the \u0026quot;bulk\u0026quot; inspector methods\nintroduced in SQLAlchemy 2.0, which for selected dialects including\nPostgreSQL and Oracle use batched queries to reflect whole collections of\ntables using O(1) queries rather than O(N).\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1771\"\u003e#1771\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[feature] [autogenerate]\u003c/strong\u003e Release 1.18.0 introduces a plugin system that allows for automatic\nloading of third-party extensions as well as configurable autogenerate\ncompare functionality on a per-environment basis.\u003c/p\u003e\n\u003cp\u003eThe \u003ccode\u003ePlugin\u003c/code\u003e class provides a common interface for extensions that\nregister handlers among Alembic's existing extension points such as\n\u003ccode\u003eOperations.register_operation()\u003c/code\u003e and\n\u003ccode\u003eOperations.implementation_for()\u003c/code\u003e. A new interface for registering\nautogenerate comparison handlers,\n\u003ccode\u003ePlugin.add_autogenerate_comparator()\u003c/code\u003e, provides for autogenerate\ncompare functionality that may be custom-configured on a per-environment\nbasis using the new\n\u003ccode\u003eEnvironmentContext.configure.autogenerate_plugins\u003c/code\u003e parameter.\u003c/p\u003e\n\u003cp\u003eThe change does not impact well known Alembic add-ons such as\n\u003ccode\u003ealembic-utils\u003c/code\u003e, which continue to work as before; however, such add-ons\nhave the option to provide plugin entrypoints going forward.\u003c/p\u003e\n\u003cp\u003eAs part of this change, Alembic's autogenerate compare functionality is\nreorganized into a series of internal plugins under the\n\u003ccode\u003ealembic.autogenerate\u003c/code\u003e namespace, which may be individually or\ncollectively identified for inclusion and/or exclusion within the\n\u003ccode\u003eEnvironmentContext.configure()\u003c/code\u003e call using a new parameter\n\u003ccode\u003eEnvironmentContext.configure.autogenerate_plugins\u003c/code\u003e. This\nparameter is also where third party comparison plugins may also be\nindicated.\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003ealembic.plugins.toplevel\u003c/code\u003e for complete documentation on\nthe new \u003ccode\u003ePlugin\u003c/code\u003e class as well as autogenerate-specific usage\ninstructions.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/alembic/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.6.5 to 1.6.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ClientAuth): fix incorrect signature when Content-Type is x-www-form-urlencoded by \u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable by \u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter. by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/844\"\u003eauthlib/authlib#844\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/main/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 12, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter, :pr:\u003ccode\u003e844\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFix incorrect signature when \u003ccode\u003eContent-Type\u003c/code\u003e is x-www-form-urlencoded for OAuth 1.0 Client, :pr:\u003ccode\u003e778\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eexpires_in\u003c/code\u003e in \u003ccode\u003eOAuth2Token\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable, :pr:\u003ccode\u003e842\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAlways track \u003ccode\u003estate\u003c/code\u003e in session for OAuth client integrations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/bb7a315befbad333faf9a23ef574d6e3134a6774\"\u003e\u003ccode\u003ebb7a315\u003c/code\u003e\u003c/a\u003e chore: release 1.6.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0a423d4638bed1c0fe4597b2296a85c5bb59fba2\"\u003e\u003ccode\u003e0a423d4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/844\"\u003e#844\u003c/a\u003e from azmeuk/806-get-jwt-config-client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/2808378611dd6fb2532b189a9087877d8f0c0489\"\u003e\u003ccode\u003e2808378\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/714502a4738bc29f26eb245b0c66718d8536cdda\"\u003e\u003ccode\u003e714502a\u003c/code\u003e\u003c/a\u003e feat: get_jwt_config takes a client parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/260d04edee23d8470057ea659c16fb8a2c7b0dc2\"\u003e\u003ccode\u003e260d04e\u003c/code\u003e\u003c/a\u003e Fix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/eb37124bbbec6ccbfba3699d8960f9710d330ad8\"\u003e\u003ccode\u003eeb37124\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/778\"\u003e#778\u003c/a\u003e from shc261392/fix-httpx-oauth1-form-data-incorrect-s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0ba9ec4feeb8e19f572c454e2d1dbbdc1d30ae62\"\u003e\u003ccode\u003e0ba9ec4\u003c/code\u003e\u003c/a\u003e docs: fix guide on requests self signed certificate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a2e9943815bb5161863b1fa144ac0aaa50d97e91\"\u003e\u003ccode\u003ea2e9943\u003c/code\u003e\u003c/a\u003e docs: indicate that \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/743\"\u003e#743\u003c/a\u003e needs a migration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/06015d20652a23eff8350b6ad71b32fe41dae4ba\"\u003e\u003ccode\u003e06015d2\u003c/code\u003e\u003c/a\u003e test: factorize the token fixture\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask-cors` from 6.0.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/corydolphin/flask-cors/releases\"\u003eflask-cors's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate license pyproject.toml by \u003ca href=\"https://github.com/wagenrace\"\u003e\u003ccode\u003e@​wagenrace\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/395\"\u003ecorydolphin/flask-cors#395\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/wagenrace\"\u003e\u003ccode\u003e@​wagenrace\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/395\"\u003ecorydolphin/flask-cors#395\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/6.0.1...6.0.2\"\u003ehttps://github.com/corydolphin/flask-cors/compare/6.0.1...6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/fa55dcbec68b3524a39e5057c35c29c221a27d64\"\u003e\u003ccode\u003efa55dcb\u003c/code\u003e\u003c/a\u003e Update license pyproject.toml (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/395\"\u003e#395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/6.0.1...6.0.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask-limiter` from 4.0.0 to 4.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/alisaifee/flask-limiter/releases\"\u003eflask-limiter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.1.1\u003c/h2\u003e\n\u003ch2\u003eBug Fix\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure cli commands fail gracefully when cli dependencies\nare not installed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0\u003c/h2\u003e\n\u003ch2\u003eDeployment\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExtract \u003ccode\u003ecli\u003c/code\u003e specific requirements to an extra\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCompatibility\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd python 3.14 support\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/alisaifee/flask-limiter/blob/master/HISTORY.rst\"\u003eflask-limiter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.1\u003c/h2\u003e\n\u003cp\u003eRelease Date: 2025-12-06\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBug Fix\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure cli commands fail gracefully when cli dependencies\nare not installed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cp\u003eRelease Date: 2025-12-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDeployment\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExtract \u003ccode\u003ecli\u003c/code\u003e specific requirements to an extra\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCompatibility\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd python 3.14 support\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/e9c14643bb0bd7f3c2c12546d8b9d4b407cc7554\"\u003e\u003ccode\u003ee9c1464\u003c/code\u003e\u003c/a\u003e Update changelog for  4.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/008350285f66456f5befe0c372c342fd0ab857ac\"\u003e\u003ccode\u003e0083502\u003c/code\u003e\u003c/a\u003e Update uv.lock\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/c45325cbd55db3bd56a3ec4d3df93a20ef15830a\"\u003e\u003ccode\u003ec45325c\u003c/code\u003e\u003c/a\u003e Add rich to dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/4029925815361899d9b5a7def5f8ee6a2d082c3e\"\u003e\u003ccode\u003e4029925\u003c/code\u003e\u003c/a\u003e Ensure cli extra is installed for docs generation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/114c01b9918628635161dc5a74815aaebb2498a2\"\u003e\u003ccode\u003e114c01b\u003c/code\u003e\u003c/a\u003e Handle missing cli dependencies gracefully\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/4aee644efd4f40ccc9702401cce0b96c7264c33e\"\u003e\u003ccode\u003e4aee644\u003c/code\u003e\u003c/a\u003e Update changelog for  4.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/4eb58a34967c7639f18716b9ab9fa924b09d3df4\"\u003e\u003ccode\u003e4eb58a3\u003c/code\u003e\u003c/a\u003e Extract cli dependencies as an extra\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/e1a162cc878ac08ffba85ef98b87052b481f1943\"\u003e\u003ccode\u003ee1a162c\u003c/code\u003e\u003c/a\u003e Add python 3.14 support\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/alisaifee/flask-limiter/compare/4.0.0...4.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `govuk-frontend-jinja` from 3.8.0 to 3.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/releases\"\u003egovuk-frontend-jinja's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.9.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for \u003ca href=\"https://github.com/alphagov/govuk-frontend/releases/tag/v5.13.0\"\u003eGOV.UK Frontend v5.13.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython 3.14 support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated from \u003ccode\u003esetup.py\u003c/code\u003e to \u003ccode\u003epyproject.toml\u003c/code\u003e for packaging config\u003c/li\u003e\n\u003cli\u003eMigrated from \u003ccode\u003epip-tools\u003c/code\u003e to \u003ccode\u003epipenv\u003c/code\u003e for dependency management\u003c/li\u003e\n\u003cli\u003eReduced test Docker image size from 1.28GB to 400MB (-69.5%)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/blob/main/CHANGELOG.md\"\u003egovuk-frontend-jinja's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/releases/tag/3.9.0\"\u003e3.9.0\u003c/a\u003e - 13/10/2025\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for \u003ca href=\"https://github.com/alphagov/govuk-frontend/releases/tag/v5.13.0\"\u003eGOV.UK Frontend v5.13.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython 3.14 support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated from \u003ccode\u003esetup.py\u003c/code\u003e to \u003ccode\u003epyproject.toml\u003c/code\u003e for packaging config\u003c/li\u003e\n\u003cli\u003eMigrated from \u003ccode\u003epip-tools\u003c/code\u003e to \u003ccode\u003epipenv\u003c/code\u003e for dependency management\u003c/li\u003e\n\u003cli\u003eReduced test Docker image size from 1.28GB to 400MB (-69.5%)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/commit/2d90481eb4aa7b851e379f41e03beabb84082212\"\u003e\u003ccode\u003e2d90481\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/LandRegistry/govuk-frontend-jinja/issues/102\"\u003e#102\u003c/a\u003e from LandRegistry/govuk-frontend-513\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/commit/5d3faeec69dcf765fb29ef88cd298c0bb196a77b\"\u003e\u003ccode\u003e5d3faee\u003c/code\u003e\u003c/a\u003e recompile with 3.10 dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/commit/7768e437ee4a816e52ea9b1a0e69ab7c5699ed44\"\u003e\u003ccode\u003e7768e43\u003c/code\u003e\u003c/a\u003e allow flake8 to read toml config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/commit/432f7246c017172365d8693b688ff118ebb33a10\"\u003e\u003ccode\u003e432f724\u003c/code\u003e\u003c/a\u003e docker size reduction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/commit/7644ce4a27838e3ec7c76e510ef639d4e975f770\"\u003e\u003ccode\u003e7644ce4\u003c/code\u003e\u003c/a\u003e local docker test env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/commit/e54a69acbaf39a3994c0205c429fa09722c335a9\"\u003e\u003ccode\u003ee54a69a\u003c/code\u003e\u003c/a\u003e formatting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/commit/d0c00713df48934b0f329cdd487afbe9cc5b4b8f\"\u003e\u003ccode\u003ed0c0071\u003c/code\u003e\u003c/a\u003e ignore GHSA-4xh5-x5gv-qwph until fixed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/commit/d600c13d00eeaf38be9aed416cb1f7cb8be81ea7\"\u003e\u003ccode\u003ed600c13\u003c/code\u003e\u003c/a\u003e remove python version requirement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/commit/8e3c6bb5d904a5100f144468f859963cdf28ee07\"\u003e\u003ccode\u003e8e3c6bb\u003c/code\u003e\u003c/a\u003e revert to 3.14 and use python version in pipeline\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/commit/4b24757fb46bf6cd3b072021fcad7b3bb0662395\"\u003e\u003ccode\u003e4b24757\u003c/code\u003e\u003c/a\u003e allow version range for matrix builds\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/compare/3.8.0...3.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sentry-sdk` from 2.41.0 to 2.49.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-python/releases\"\u003esentry-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.49.0\u003c/h2\u003e\n\u003ch3\u003eNew Features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(api): Add \u003ccode\u003eScope.set_attribute\u003c/code\u003e by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5256\"\u003e#5256\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(grpc): Gate third-party imports by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5246\"\u003e#5246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(opentelemetry): Gate third-party imports by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5247\"\u003e#5247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(ray): Keep variadic kwargs last in signatures by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5244\"\u003e#5244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(trytond): Gate third-party imports by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5245\"\u003e#5245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix openai count_tokens by \u003ca href=\"https://github.com/sl0thentr0py\"\u003e\u003ccode\u003e@​sl0thentr0py\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5281\"\u003e#5281\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation 📚\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edocs: Fix typo in comment by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5280\"\u003e#5280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Fix \u003ccode\u003emiddleware_spans\u003c/code\u003e docstring by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5279\"\u003e#5279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal Changes 🔧\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eref(scope): Set global attrs on global scope by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5259\"\u003e#5259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Ignore type migration for scripts/ and tests/ in blame by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5284\"\u003e#5284\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eref: Properly override parent func by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5283\"\u003e#5283\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Allow to use Craft's new auto-versioning by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5218\"\u003e#5218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eref: Deduplicate batchers by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5263\"\u003e#5263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etests: Add dedicated transport format test for metrics, logs by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5264\"\u003e#5264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: 🤖 Update test matrix with new releases (01/05) by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5273\"\u003e#5273\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etests: General logs tests should use Sentry logs API by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5262\"\u003e#5262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etests: Test preserialization of attributes by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5260\"\u003e#5260\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Unpin Pydantic 1.x version in tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5261\"\u003e#5261\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eref: Make logs, metrics go via scope by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5213\"\u003e#5213\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Fix failing arq, fastapi tests on 3.7; update test matrix by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5258\"\u003e#5258\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.48.0\u003c/h2\u003e\n\u003cp\u003eMiddleware spans are now disabled by default in Django, Starlette and FastAPI integrations. Set the \u003ccode\u003emiddleware_spans\u003c/code\u003e integration-level\noption to capture individual spans per middleware layer. To record Django middleware spans, for example, configure as follows\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003e  import sentry_sdk\n  from sentry_sdk.integrations.django import DjangoIntegration\n\u003cp\u003esentry_sdk.init(\u003cbr /\u003e\ndsn=\u0026quot;\u0026lt;your-dsn\u0026gt;\u0026quot;,\u003cbr /\u003e\nintegrations=[\u003cbr /\u003e\nDjangoIntegration(middleware_spans=True),\u003cbr /\u003e\n],\u003cbr /\u003e\n)\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch3\u003eNew Features ✨\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md\"\u003esentry-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.49.0\u003c/h2\u003e\n\u003ch3\u003eNew Features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(api): Add \u003ccode\u003eScope.set_attribute\u003c/code\u003e by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5256\"\u003e#5256\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(grpc): Gate third-party imports by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5246\"\u003e#5246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(opentelemetry): Gate third-party imports by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5247\"\u003e#5247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(ray): Keep variadic kwargs last in signatures by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5244\"\u003e#5244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(trytond): Gate third-party imports by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5245\"\u003e#5245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix openai count_tokens by \u003ca href=\"https://github.com/sl0thentr0py\"\u003e\u003ccode\u003e@​sl0thentr0py\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5281\"\u003e#5281\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation 📚\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edocs: Fix typo in comment by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5280\"\u003e#5280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Fix \u003ccode\u003emiddleware_spans\u003c/code\u003e docstring by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5279\"\u003e#5279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal Changes 🔧\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eref(scope): Set global attrs on global scope by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5259\"\u003e#5259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Ignore type migration for scripts/ and tests/ in blame by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5284\"\u003e#5284\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eref: Properly override parent func by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5283\"\u003e#5283\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Allow to use Craft's new auto-versioning by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5218\"\u003e#5218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eref: Deduplicate batchers by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5263\"\u003e#5263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etests: Add dedicated transport format test for metrics, logs by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5264\"\u003e#5264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: 🤖 Update test matrix with new releases (01/05) by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5273\"\u003e#5273\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etests: General logs tests should use Sentry logs API by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5262\"\u003e#5262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etests: Test preserialization of attributes by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5260\"\u003e#5260\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Unpin Pydantic 1.x version in tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5261\"\u003e#5261\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eref: Make logs, metrics go via scope by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5213\"\u003e#5213\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Fix failing arq, fastapi tests on 3.7; update test matrix by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5258\"\u003e#5258\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.48.0\u003c/h2\u003e\n\u003cp\u003eMiddleware spans are now disabled by default in Django, Starlette and FastAPI integrations. Set the \u003ccode\u003emiddleware_spans\u003c/code\u003e integration-level\noption to capture individual spans per middleware layer. To record Django middleware spans, for example, configure as follows\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003e  import sentry_sdk\n  from sentry_sdk.integrations.django import DjangoIntegration\n\u003cp\u003esentry_sdk.init(\u003cbr /\u003e\ndsn=\u0026quot;\u0026lt;your-dsn\u0026gt;\u0026quot;,\u003cbr /\u003e\nintegrations=[\u003cbr /\u003e\nDjangoIntegration(middleware_spans=True),\u003cbr /\u003e\n],\u003cbr /\u003e\n)\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/2c85e64f997e28444513df6e9df3976feb7aaf1a\"\u003e\u003ccode\u003e2c85e64\u003c/code\u003e\u003c/a\u003e release: 2.49.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/8f273d45eaf980c2096b547c8e63096e4b9ff60e\"\u003e\u003ccode\u003e8f273d4\u003c/code\u003e\u003c/a\u003e chore: Ignore type migration for scripts/ and tests/ in blame (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5284\"\u003e#5284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/dc8a8e5b0d7edccd16a4c2bcb7593eca34a481f5\"\u003e\u003ccode\u003edc8a8e5\u003c/code\u003e\u003c/a\u003e ref: Properly override parent func (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5283\"\u003e#5283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/485aa6ddb3324c5ef04971e7af5aecd951676a3c\"\u003e\u003ccode\u003e485aa6d\u003c/code\u003e\u003c/a\u003e ci: Allow to use Craft's new auto-versioning (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5218\"\u003e#5218\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/c8d8d60befbd1bc7d97e2a9868c481cae28c12e2\"\u003e\u003ccode\u003ec8d8d60\u003c/code\u003e\u003c/a\u003e docs: Fix typo in comment (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5280\"\u003e#5280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/6039305f7ae0b75b816766d86c859e5839ae028f\"\u003e\u003ccode\u003e6039305\u003c/code\u003e\u003c/a\u003e ref: Deduplicate batchers (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5263\"\u003e#5263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/f2317dc4c7bbb3d5294dd92c3e28a1a56349fe24\"\u003e\u003ccode\u003ef2317dc\u003c/code\u003e\u003c/a\u003e ref(scope): Set global attrs on global scope (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5259\"\u003e#5259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/3d83b3912a59406babb15d198e3ad6dd887e4ab9\"\u003e\u003ccode\u003e3d83b39\u003c/code\u003e\u003c/a\u003e fix(ray): Keep variadic kwargs last in signatures (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5244\"\u003e#5244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/f5c51fc4a580d2d7aca30a6e1c33248b5f05ddb4\"\u003e\u003ccode\u003ef5c51fc\u003c/code\u003e\u003c/a\u003e Fix openai count_tokens (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5281\"\u003e#5281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/a979755d26b95792aba55e449368ef31e292144f\"\u003e\u003ccode\u003ea979755\u003c/code\u003e\u003c/a\u003e docs: Fix \u003ccode\u003emiddleware_spans\u003c/code\u003e docstring (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5279\"\u003e#5279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getsentry/sentry-python/compare/2.41.0...2.49.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.1 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.1...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `werkzeug` from 3.1.4 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/releases\"\u003ewerkzeug's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.5/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/43?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/43?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless of extension or surrounding spaces. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7\"\u003eGHSA-87hc-h4r5-73f7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3077\"\u003e#3077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with \u003ccode\u003epin_security=False\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3075\"\u003e#3075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/blob/main/CHANGES.rst\"\u003ewerkzeug's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2026-01-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless\nof extension or surrounding spaces. :ghsa:\u003ccode\u003e87hc-h4r5-73f7\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\nThis fixes the previous attempt, which caused incorrect content lengths.\n:issue:\u003ccode\u003e3065\u003c/code\u003e :issue:\u003ccode\u003e3077\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with\n\u003ccode\u003epin_security=False\u003c/code\u003e. :issue:\u003ccode\u003e3075\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/e3d06f4b1f7ff40a63eba78f81d9cda18f805d6d\"\u003e\u003ccode\u003ee3d06f4\u003c/code\u003e\u003c/a\u003e release version 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/7ae1d254e04a0c33e241ac1cca4783ce6c875ca3\"\u003e\u003ccode\u003e7ae1d25\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/37797aba260022c871718e0908b472727d366d09\"\u003e\u003ccode\u003e37797ab\u003c/code\u003e\u003c/a\u003e \u003ccode\u003esafe_join\u003c/code\u003e prevents windows special device names with compound extensions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/3db44c79caa74c00848ceefb0bd3d608e3d09cea\"\u003e\u003ccode\u003e3db44c7\u003c/code\u003e\u003c/a\u003e fix duplicate reference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/a40f8fa05ff1108ba1096e7cd359d0599f5cd386\"\u003e\u003ccode\u003ea40f8fa\u003c/code\u003e\u003c/a\u003e fix class name typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/0f76c353b10afc2f8129aa3684ccc3262516a0c0\"\u003e\u003ccode\u003e0f76c35\u003c/code\u003e\u003c/a\u003e Correct parsing up to a potential partial boundary (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3081\"\u003e#3081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/1049dd6b2a363e1ef302b4161c340fb8582f627a\"\u003e\u003ccode\u003e1049dd6\u003c/code\u003e\u003c/a\u003e Correct parsing up to a potential partial boundary\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/b48878cf16dfca3c89ac58aca47ab1ecfcb71354\"\u003e\u003ccode\u003eb48878c\u003c/code\u003e\u003c/a\u003e initialize \u003ccode\u003e_pin\u003c/code\u003e in debugger (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3078\"\u003e#3078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/fa0f4f2710b8eaffef7f2b3fbc58fc3ca55247fb\"\u003e\u003ccode\u003efa0f4f2\u003c/code\u003e\u003c/a\u003e initialize _pin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f637275bfa68ebd80bec1da9173211ce2dc4fa33\"\u003e\u003ccode\u003ef637275\u003c/code\u003e\u003c/a\u003e start version 3.1.5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/werkzeug/compare/3.1.4...3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.10.7 to 7.13.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.13.1 — 2025-12-28\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdded: the JSON report now includes a \u003ccode\u003e\u0026quot;start_line\u0026quot;\u003c/code\u003e key for function and\nclass regions, indicating the first line of the region in the source. Closes\n\u003ccode\u003eissue 2110\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded: The \u003ccode\u003edebug data\u003c/code\u003e command now takes file names as arguments on the\ncommand line, so you can inspect specific data files without needing to set\nthe \u003ccode\u003eCOVERAGE_FILE\u003c/code\u003e environment variable.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the JSON report used to report module docstrings as executed lines,\nwhich no other report did, as described in \u003ccode\u003eissue 2105\u003c/code\u003e_. This is now fixed,\nthanks to Jianrong Zhao.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: coverage.py uses a more disciplined approach to detecting where\nthird-party code is installed, and avoids measuring it. This shouldn't change\nany behavior. If you find that it does, please get in touch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance: data files that will be combined now record their hash as part\nof the file name. This lets us skip duplicate data more quickly, speeding the\ncombining step.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocs: added a section explaining more about what is considered a missing\nbranch and how it is reported: :ref:\u003ccode\u003ebranch_explain\u003c/code\u003e, as requested in \u003ccode\u003eissue 1597\u003c/code\u003e\u003cem\u003e. Thanks to \u003ccode\u003eAyisha Mohammed \u0026lt;pull 2092_\u0026gt;\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eTests: the test suite misunderstood what core was being tested if\n\u003ccode\u003eCOVERAGE_CORE\u003c/code\u003e wasn't set on 3.14+. This is now fixed, closing \u003ccode\u003eissue 2109\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1597: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1597\"\u003ecoveragepy/coveragepy#1597\u003c/a\u003e\n.. _pull 2092: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2092\"\u003ecoveragepy/coveragepy#2092\u003c/a\u003e\n.. _issue 2105: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2105\"\u003ecoveragepy/coveragepy#2105\u003c/a\u003e\n.. _issue 2109: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2109\"\u003ecoveragepy/coveragepy#2109\u003c/a\u003e\n.. _issue 2110: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2110\"\u003ecoveragepy/coveragepy#2110\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-13-0:\u003c/p\u003e\n\u003ch2\u003eVersion 7.13.0 — 2025-12-08\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: coverage.py now supports :file:\u003ccode\u003e.coveragerc.toml\u003c/code\u003e configuration\nfiles. These files use TOML syntax and take priority over\n:file:\u003ccode\u003epyproject.toml\u003c/code\u003e but lower priority than :file:\u003ccode\u003e.coveragerc\u003c/code\u003e files.\nCloses \u003ccode\u003eissue 1643\u003c/code\u003e_ thanks to \u003ccode\u003eOlena Yefymenko \u0026lt;pull 1952_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: we now include a permanent .pth file which is installed with the code,\nfixing \u003ccode\u003eissue 2084\u003c/code\u003e_.  In 7.12.1b1 this was done incorrectly: it didn't work\nwhen using the source wheel (\u003ccode\u003epy3-none-any\u003c/code\u003e).  This is now fixed. Thanks,\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/a6afdc36332d797fb4f4262fc9ff2b2da5bb99c8\"\u003e\u003ccode\u003ea6afdc3\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.13.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/a497081b6759957a1c52957fdbb34848e0d46276\"\u003e\u003ccode\u003ea497081\u003c/code\u003e\u003c/a\u003e docs: prep for 7.13.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/e9920336e5118a7a7002b1eb606400cd3be640b2\"\u003e\u003ccode\u003ee992033\u003c/code\u003e\u003c/a\u003e docs: polish up CHANGES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/18bba6e60958d5c825a93882b8997f2cfc6ecfe3\"\u003e\u003ccode\u003e18bba6e\u003c/code\u003e\u003c/a\u003e chore: bump the action-dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2111\"\u003e#2111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/80fb80826f3bd8953018d4a4a134a7fc42643784\"\u003e\u003ccode\u003e80fb808\u003c/code\u003e\u003c/a\u003e refactor: (?x:...) lets us use re.VERBOSE even when combining later\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/cc272bdc050308328e3ee64800b5e298468260c8\"\u003e\u003ccode\u003ecc272bd\u003c/code\u003e\u003c/a\u003e docs: leave a comment so we'll find this when 3.12 is the minimum\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/70d007d160d40b40de1bae89ad2856c2191c1c94\"\u003e\u003ccode\u003e70d007d\u003c/code\u003e\u003c/a\u003e types: be explicit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/a2c1940fd2eae103c2366859d75cb7de195a0439\"\u003e\u003ccode\u003ea2c1940\u003c/code\u003e\u003c/a\u003e types: fully import modules that will be patched\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/57b975d3b8e069364525b2e8d5a88b7fbc0e8b93\"\u003e\u003ccode\u003e57b975d\u003c/code\u003e\u003c/a\u003e types: explicit Protocol inheritance permits changing parameter names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/63ec12d7c87748e7a03ea2eb6240edeaffc7ccde\"\u003e\u003ccode\u003e63ec12d\u003c/code\u003e\u003c/a\u003e types: clarify that morfs arguments can be a single morf\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.10.7...7.13.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pre-commit` from 4.3.0 to 4.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pre-commit/pre-commit/releases\"\u003epre-commit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epre-commit v4.5.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003elanguage: python\u003c/code\u003e with \u003ccode\u003erepo: local\u003c/code\u003e without \u003ccode\u003eadditional_dependencies\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3597\"\u003e#3597\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epre-commit v4.5.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003epre-commit hazmat\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3585\"\u003e#3585\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epre-commit v4.4.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--fail-fast\u003c/code\u003e option to \u003ccode\u003epre-commit run\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3528\"\u003e#3528\u003c/a\u003e PR by \u003ca href=\"https://github.com/JulianMaurin\"\u003e\u003ccode\u003e@​JulianMaurin\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003eruby-build\u003c/code\u003e / \u003ccode\u003erbenv\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3566\"\u003e#3566\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3565\"\u003e#3565\u003c/a\u003e issue by \u003ca href=\"https://github.com/MRigal\"\u003e\u003ccode\u003e@​MRigal\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003elanguage: unsupported\u003c/code\u003e / \u003ccode\u003elanguage: unsupported_script\u003c/code\u003e as aliases for \u003ccode\u003elanguage: system\u003c/code\u003e / \u003ccode\u003elanguage: script\u003c/code\u003e (which will eventually be deprecated).\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3577\"\u003e#3577\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd support docker-in-docker detection for cgroups v2.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3535\"\u003e#3535\u003c/a\u003e PR by \u003ca href=\"https://github.com/br-rhrbacek\"\u003e\u003ccode\u003e@​br-rhrbacek\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3360\"\u003e#3360\u003c/a\u003e issue by \u003ca href=\"https://github.com/JasonAlt\"\u003e\u003ccode\u003e@​JasonAlt\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHandle when docker gives \u003ccode\u003eSecurityOptions: null\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3537\"\u003e#3537\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3514\"\u003e#3514\u003c/a\u003e issue by \u003ca href=\"https://github.com/jenstroeger\"\u003e\u003ccode\u003e@​jenstroeger\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix error context for invalid \u003ccode\u003estages\u003c/code\u003e in \u003ccode\u003e.pre-commit-config.yaml\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3576\"\u003e#3576\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md\"\u003epre-commit's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.5.1 - 2025-12-16\u003c/h1\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003elanguage: python\u003c/code\u003e with \u003ccode\u003erepo: local\u003c/code\u003e without \u003ccode\u003eadditional_dependencies\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3597\"\u003e#3597\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.5.0 - 2025-11-22\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003epre-commit hazmat\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3585\"\u003e#3585\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.4.0 - 2025-11-08\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--fail-fast\u003c/code\u003e option to \u003ccode\u003epre-commit run\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3528\"\u003e#3528\u003c/a\u003e PR by \u003ca href=\"https://github.com/JulianMaurin\"\u003e\u003ccode\u003e@​JulianMaurin\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003eruby-build\u003c/code\u003e / \u003ccode\u003erbenv\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3566\"\u003e#3566\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3565\"\u003e#3565\u003c/a\u003e issue by \u003ca href=\"https://github.com/MRigal\"\u003e\u003ccode\u003e@​MRigal\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003elanguage: unsupported\u003c/code\u003e / \u003ccode\u003elanguage: unsupported_script\u003c/code\u003e as aliases\nfor \u003ccode\u003elanguage: system\u003c/code\u003e / \u003ccode\u003elanguage: script\u003c/code\u003e (which will eventually be\ndeprecated).\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3577\"\u003e#3577\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd support docker-in-docker detection for cgroups v2.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3535\"\u003e#3535\u003c/a\u003e PR by \u003ca href=\"https://github.com/br-rhrbacek\"\u003e\u003ccode\u003e@​br-rhrbacek\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3360\"\u003e#3360\u003c/a\u003e issue by \u003ca href=\"https://github.com/JasonAlt\"\u003e\u003ccode\u003e@​JasonAlt\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHandle when docker gives \u003ccode\u003eSecurityOptions: null\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3537\"\u003e#3537\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3514\"\u003e#3514\u003c/a\u003e issue by \u003ca href=\"https://github.com/jenstroeger\"\u003e\u003ccode\u003e@​jenstroeger\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix error context for invalid \u003ccode\u003estages\u003c/code\u003e in \u003ccode\u003e.pre-commit-config.yaml\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3576\"\u003e#3576\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/8a0630ca1aa7f6d5665effe674ebe2022af17919\"\u003e\u003ccode\u003e8a0630c\u003c/code\u003e\u003c/a\u003e v4.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/fcbc745744377ef2c9fe6a7e1a21c67d797933dc\"\u003e\u003ccode\u003efcbc745\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3597\"\u003e#3597\u003c/a\u003e from pre-commit/empty-setup-py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/51592eececd13b99c40ec477ad8f810799147227\"\u003e\u003ccode\u003e51592ee\u003c/code\u003e\u003c/a\u003e fix python local template when artifact dirs are present\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/67e8faf80baffcb4b79c31b89ca9a413a1cd6776\"\u003e\u003ccode\u003e67e8faf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3596\"\u003e#3596\u003c/a\u003e from pre-commit/pre-commit-ci-update-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/c251e6b6d011b3b262339dc8e109de29b0ff8db1\"\u003e\u003ccode\u003ec251e6b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/98ccafa3ce42b846b9a9be9ed73fbbec7415496d\"\u003e\u003ccode\u003e98ccafa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3593\"\u003e#3593\u003c/a\u003e from pre-commit/pre-commit-ci-update-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/48953556d06f8cdb4248002c1a0044e69e0916b3\"\u003e\u003ccode\u003e4895355\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/2cedd58e691f4d3bc6ab266c7d7c28464c3502be\"\u003e\u003ccode\u003e2cedd58\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3588\"\u003e#3588\u003c/a\u003e from pre-commit/pre-commit-ci-update-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/465192d7de58d569776eaaa818c94cb2b962d436\"\u003e\u003ccode\u003e465192d\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/fd42f96874279c4f65363bfea5238714419e54d7\"\u003e\u003ccode\u003efd42f96\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3586\"\u003e#3586\u003c/a\u003e from pre-commit/zipapp-sha256-file-not-needed\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pre-commit/pre-commit/compare/v4.3.0...v4.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.14.0 to 0.14.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.14.11\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-01-08.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsolidate diagnostics for matched disable/enable suppression comments (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22099\"\u003e#22099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReport diagnostics for invalid/unmatched range suppression comments (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/21908\"\u003e#21908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Passing positional argument into \u003ccode\u003eairflow.lineage.hook.HookLineageCollector.create_asset\u003c/code\u003e is not allowed (\u003ccode\u003eAIR303\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22046\"\u003e#22046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003erefurb\u003c/code\u003e] Mark \u003ccode\u003eFURB192\u003c/code\u003e fix as always unsafe (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22210\"\u003e#22210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003enon-empty-init-module\u003c/code\u003e (\u003ccode\u003eRUF067\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22143\"\u003e#22143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix GitHub format for multi-line diagnostics (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22108\"\u003e#22108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-unused-arguments\u003c/code\u003e] Mark \u003ccode\u003e**kwargs\u003c/code\u003e in \u003ccode\u003eTypeVar\u003c/code\u003e as used (\u003ccode\u003eARG001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22214\"\u003e#22214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ehelp:\u003c/code\u003e subdiagnostics for several Ruff rules that can sometimes appear to disagree with \u003ccode\u003ety\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22331\"\u003e#22331\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Demote \u003ccode\u003ePLW1510\u003c/code\u003e fix to display-only (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22318\"\u003e#22318\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Ignore identical members (\u003ccode\u003ePLR1714\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22220\"\u003e#22220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Improve diagnostic range for \u003ccode\u003ePLC0206\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22312\"\u003e#22312\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Improve fix title for \u003ccode\u003eRUF102\u003c/code\u003e invalid rule code (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22100\"\u003e#22100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e]: Avoid unnecessary builtins import for \u003ccode\u003eSIM105\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22358\"\u003e#22358\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow Python 3.15 as valid \u003ccode\u003etarget-version\u003c/code\u003e value in preview (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22419\"\u003e#22419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCheck \u003ccode\u003erequired-version\u003c/code\u003e before parsing rules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22410\"\u003e#22410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude configured \u003ccode\u003esrc\u003c/code\u003e directories when resolving graphs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22451\"\u003e#22451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003eT201\u003c/code\u003e suggestion to not use root logger to satisfy \u003ccode\u003eLOG015\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22059\"\u003e#22059\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eiter\u003c/code\u003e example in unsafe fixes doc (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22118\"\u003e#22118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8_print\u003c/code\u003e] better suggestion for \u003ccode\u003ebasicConfig\u003c/code\u003e in \u003ccode\u003eT201\u003c/code\u003e docs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22101\"\u003e#22101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Restore the fix safety docs for \u003ccode\u003ePLW0133\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22211\"\u003e#22211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix Jupyter notebook discovery info for editors (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22447\"\u003e#22447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charliermarsh\"\u003e\u003ccode\u003e@​charliermarsh\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cenviity\"\u003e\u003ccode\u003e@​cenviity\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/njhearp\"\u003e\u003ccode\u003e@​njhearp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cbachhuber\"\u003e\u003ccode\u003e@​cbachhuber\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelle-openai\"\u003e\u003ccode\u003e@​jelle-openai\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.14.11\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-01-08.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsolidate diagnostics for matched disable/enable suppression comments (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22099\"\u003e#22099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReport diagnostics for invalid/unmatched range suppression comments (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/21908\"\u003e#21908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Passing positional argument into \u003ccode\u003eairflow.lineage.hook.HookLineageCollector.create_asset\u003c/code\u003e is not allowed (\u003ccode\u003eAIR303\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22046\"\u003e#22046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003erefurb\u003c/code\u003e] Mark \u003ccode\u003eFURB192\u003c/code\u003e fix as always unsafe (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22210\"\u003e#22210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003enon-empty-init-module\u003c/code\u003e (\u003ccode\u003eRUF067\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22143\"\u003e#22143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix GitHub format for multi-line diagnostics (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22108\"\u003e#22108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-unused-arguments\u003c/code\u003e] Mark \u003ccode\u003e**kwargs\u003c/code\u003e in \u003ccode\u003eTypeVar\u003c/code\u003e as used (\u003ccode\u003eARG001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22214\"\u003e#22214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ehelp:\u003c/code\u003e subdiagnostics for several Ruff rules that can sometimes appear to disagree with \u003ccode\u003ety\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22331\"\u003e#22331\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Demote \u003ccode\u003ePLW1510\u003c/code\u003e fix to display-only (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22318\"\u003e#22318\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Ignore identical members (\u003ccode\u003ePLR1714\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22220\"\u003e#22220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Improve diagnostic range for \u003ccode\u003ePLC0206\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22312\"\u003e#22312\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Improve fix title for \u003ccode\u003eRUF102\u003c/code\u003e invalid rule code (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22100\"\u003e#22100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e]: Avoid unnecessary builtins import for \u003ccode\u003eSIM105\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22358\"\u003e#22358\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow Python 3.15 as valid \u003ccode\u003etarget-version\u003c/code\u003e value in preview (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22419\"\u003e#22419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCheck \u003ccode\u003erequired-version\u003c/code\u003e before parsing rules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22410\"\u003e#22410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude configured \u003ccode\u003esrc\u003c/code\u003e directories when resolving graphs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22451\"\u003e#22451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003eT201\u003c/code\u003e suggestion to not use root logger to satisfy \u003ccode\u003eLOG015\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22059\"\u003e#22059\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eiter\u003c/code\u003e example in unsafe fixes doc (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22118\"\u003e#22118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8_print\u003c/code\u003e] better suggestion for \u003ccode\u003ebasicConfig\u003c/code\u003e in \u003ccode\u003eT201\u003c/code\u003e docs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22101\"\u003e#22101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Restore the fix safety docs for \u003ccode\u003ePLW0133\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22211\"\u003e#22211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix Jupyter notebook discovery info for editors (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22447\"\u003e#22447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charliermarsh\"\u003e\u003ccode\u003e@​charliermarsh\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cenviity\"\u003e\u003ccode\u003e@​cenviity\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/njhearp\"\u003e\u003ccode\u003e@​njhearp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cbachhuber\"\u003e\u003ccode\u003e@​cbachhuber\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelle-openai\"\u003e\u003ccode\u003e@​jelle-openai\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ValdonVitija\"\u003e\u003ccode\u003e@​ValdonVitija\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/c920cf8cdb247a9fd8e15a4c9d2efa838f7a78a3\"\u003e\u003ccode\u003ec920cf8\u003c/code\u003e\u003c/a\u003e Bump 0.14.11 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/22462\"\u003e#22462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/bb757b5a79888f28264f629b5667a0514071f7d6\"\u003e\u003ccode\u003ebb757b5\u003c/code\u003e\u003c/a\u003e [ty] Don't show diagnostics for excluded files (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/22455\"\u003e#22455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/1f49e8ef518b75207e155595aba57acd48205078\"\u003e\u003ccode\u003e1f49e8e\u003c/code\u003e\u003c/a\u003e Include configured \u003ccode\u003esrc\u003c/code\u003e directories when resolving graphs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/22451\"\u003e#22451\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/701f5134ab7c1a860145dccc8abb3716a3f89fe7\"\u003e\u003ccode\u003e701f513\u003c/code\u003e\u003c/a\u003e [ty] Only consider fully static pivots when deriving transitive constraints (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/eea9ad83528a7f492662f6427cdbb6fc2f655bb5\"\u003e\u003ccode\u003eeea9ad8\u003c/code\u003e\u003c/a\u003e Pin maturin version (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/22454\"\u003e#22454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/eeac2bd3eed2f4b8f4a71e0c945721481b25efc0\"\u003e\u003ccode\u003eeeac2bd\u003c/code\u003e\u003c/a\u003e [ty] Optimize union building for unions with many enum-literal members (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/22363\"\u003e#22363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/7319c37f4eb063e9590e1f09c8e92d7dabc63403\"\u003e\u003ccode\u003e7319c37\u003c/code\u003e\u003c/a\u003e docs: fix jupyter notebook discovery info for editors (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/22447\"\u003e#22447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/805503c19a6b74c5803e10123077997e29a0da37\"\u003e\u003ccode\u003e805503c\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eruff\u003c/code\u003e] Improve fix title for \u003ccode\u003eRUF102\u003c/code\u003e invalid rule code (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/22100\"\u003e#22100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/68a2f6c57d70052d0805b46b0e3a2538598b856f\"\u003e\u003ccode\u003e68a2f6c\u003c/code\u003e\u003c/a\u003e [ty] Fix \u003ccode\u003esupe...\n\n_Description has been truncated_","html_url":"https://github.com/ministryofjustice/github-community/pull/317","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fgithub-community/issues/317","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/317/packages"},{"uuid":"3831366264","node_id":"PR_kwDONFX-vc6-GBKV","number":2959,"state":"open","title":":dependabot: pip(deps): Bump zizmor from 1.18.0 to 1.22.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-19T22:19:23.000Z","updated_at":"2026-01-19T22:19:41.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":":dependabot: pip(deps): Bump","packages":[{"name":"zizmor","old_version":"1.18.0","new_version":"1.22.0","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps [zizmor](https://github.com/zizmorcore/zizmor) from 1.18.0 to 1.22.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.22.0\u003c/h2\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e audit now only shows non-\u0026quot;well known\u0026quot; \u003ccode\u003eshell:\u003c/code\u003e findings when running with the \u0026quot;auditor\u0026quot; persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where inputs containing CRLF line endings were not patched correctly by the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.21.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e detects usage of GitHub Actions features that are considered \u0026quot;misfeatures.\u0026quot; (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now uses exit code 3 to signal an audit that has failed because no input files were collected. See the \u003ca href=\"https://docs.zizmor.sh/usage/#exit-codes\"\u003eexit code\u003c/a\u003e documentation for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1515\"\u003e#1515\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit now supports auto-fixes for many findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit no longer flags shell: cmd. That check has been moved to the new \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e audit. Users may need to update their ignore comments and/or configuration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit now flags reusable workflows that are unpinned, in addition to actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1509\"\u003e#1509\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/johnbillion\"\u003e\u003ccode\u003e@​johnbillion\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.20.0\u003c/h2\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#excessive-permissions\"\u003eexcessive-permissions\u003c/a\u003e audit is now aware of the artifact-metadata and models permissions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1461\"\u003e#1461\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#cache-poisoning\"\u003ecache-poisoning\u003c/a\u003e audit is now aware of the \u003ca href=\"https://github.com/ramsey/composer-install\"\u003eramsey/composer-install\u003c/a\u003e action (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1489\"\u003e#1489\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-images\"\u003eunpinned-images\u003c/a\u003e audit is now significantly more precise in the presence of matrix references, e.g. image: ${{ matrix.image }} (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe default policy for the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit has changed from allowing ref-pinning for first-party actions (those under actions/* and similar) to requiring hash-pinning. This makes the default policy more strict, as well as more consistent across the actions ecosystem.\u003c/p\u003e\n\u003cp\u003eUsers who with to retain the old (permissive policy) for first-party actions may configure it explicitly in their zizmor.yml:\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre\u003e\u003ccode\u003ezizmor.yml\n\u003cp\u003erules:\nunpinned-uses:\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.22.0\u003c/h2\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe [misfeature] audit now only shows non-\u0026quot;well known\u0026quot; \u003ccode\u003e#!yaml shell:\u003c/code\u003e\nfindings when running with the \u0026quot;auditor\u0026quot; persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where inputs containing CRLF line endings were not patched\ncorrectly by the [unpinned-uses] audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.21.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [misfeature] detects usage of GitHub Actions features that\nare considered \u0026quot;misfeatures.\u0026quot; (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now uses exit code \u003ccode\u003e3\u003c/code\u003e to signal an audit that has failed because\nno input files were collected. See the [exit code] documentation\nfor details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1515\"\u003e#1515\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-uses] audit now supports auto-fixes for many findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe [obfuscation] audit no longer flags \u003ccode\u003e#!yaml shell: cmd\u003c/code\u003e. That check has\nbeen moved to the new [misfeature] audit. Users may need to update their\nignore comments and/or configuration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-uses] audit now flags reusable workflows that are unpinned,\nin addition to actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1509\"\u003e#1509\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/johnbillion\"\u003e\u003ccode\u003e@​johnbillion\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.20.0\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [excessive-permissions] audit is now aware of the \u003ccode\u003eartifact-metadata\u003c/code\u003e\nand \u003ccode\u003emodels\u003c/code\u003e permissions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1461\"\u003e#1461\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [cache-poisoning] audit is now aware of the \u003ccode\u003e@​ramsey/composer-install\u003c/code\u003e\naction (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1489\"\u003e#1489\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/94308f638c114a3f42c4c842abee9cf46f166890\"\u003e\u003ccode\u003e94308f6\u003c/code\u003e\u003c/a\u003e zizmor 1.22.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1539\"\u003e#1539\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/951d2c8c8bb73c0c3be30b7a4b8c8d6973c7a822\"\u003e\u003ccode\u003e951d2c8\u003c/code\u003e\u003c/a\u003e Add 'crater' tests (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1538\"\u003e#1538\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/13c1b65775f6dbc80900580dcb37fcde8c0d6dd3\"\u003e\u003ccode\u003e13c1b65\u003c/code\u003e\u003c/a\u003e Handle CRLF in EmplaceComment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/601bbba7a91da02cc7ec7248ad27cb39c85dd403\"\u003e\u003ccode\u003e601bbba\u003c/code\u003e\u003c/a\u003e Bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1535\"\u003e#1535\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/de617a22ce828c35e5162a81852312d95839b85d\"\u003e\u003ccode\u003ede617a2\u003c/code\u003e\u003c/a\u003e Drop 'custom shell' finding to auditor persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/5175a6c9707e21e9e300e8dd14a2aac5d1099d4a\"\u003e\u003ccode\u003e5175a6c\u003c/code\u003e\u003c/a\u003e zizmor 1.21.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1529\"\u003e#1529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/b3f84f4f168f0c4d1f6c6a64d3ff8572571c95f5\"\u003e\u003ccode\u003eb3f84f4\u003c/code\u003e\u003c/a\u003e yamlpatch 0.10.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1528\"\u003e#1528\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/20b24ff49188722d1a6fe72d0c77548866d4e245\"\u003e\u003ccode\u003e20b24ff\u003c/code\u003e\u003c/a\u003e yamlpath 0.33.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1527\"\u003e#1527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/4815c16d4f0068d620fe56559d238bda344fea46\"\u003e\u003ccode\u003e4815c16\u003c/code\u003e\u003c/a\u003e Support auto-fixes for unpinned-uses (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/e611eae19cfb4b8c7af67166eedf68ae2268f2e1\"\u003e\u003ccode\u003ee611eae\u003c/code\u003e\u003c/a\u003e Document hk integration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1522\"\u003e#1522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.18.0...v1.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmor\u0026package-manager=pip\u0026previous-version=1.18.0\u0026new-version=1.22.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ministryofjustice/analytical-platform-airflow/pull/2959","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fanalytical-platform-airflow/issues/2959","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2959/packages"},{"uuid":"3830218155","node_id":"PR_kwDODOjFv86-CLkI","number":7413,"state":"open","title":"deps(python): bump the pip group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-19T15:31:31.000Z","updated_at":"2026-01-19T16:59:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(python): bump","group_name":"pip","update_count":2,"packages":[{"name":"zizmor","old_version":"1.21.0","new_version":"1.22.0","repository_url":"https://github.com/zizmorcore/zizmor"},{"name":"black","old_version":"25.12.0","new_version":"26.1.0","repository_url":"https://github.com/psf/black"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 2 updates in the /dependencies/python directory: [zizmor](https://github.com/zizmorcore/zizmor) and [black](https://github.com/psf/black).\n\nUpdates `zizmor` from 1.21.0 to 1.22.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.22.0\u003c/h2\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e audit now only shows non-\u0026quot;well known\u0026quot; \u003ccode\u003eshell:\u003c/code\u003e findings when running with the \u0026quot;auditor\u0026quot; persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where inputs containing CRLF line endings were not patched correctly by the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.22.0\u003c/h2\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe [misfeature] audit now only shows non-\u0026quot;well known\u0026quot; \u003ccode\u003e#!yaml shell:\u003c/code\u003e\nfindings when running with the \u0026quot;auditor\u0026quot; persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where inputs containing CRLF line endings were not patched\ncorrectly by the [unpinned-uses] audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/94308f638c114a3f42c4c842abee9cf46f166890\"\u003e\u003ccode\u003e94308f6\u003c/code\u003e\u003c/a\u003e zizmor 1.22.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1539\"\u003e#1539\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/951d2c8c8bb73c0c3be30b7a4b8c8d6973c7a822\"\u003e\u003ccode\u003e951d2c8\u003c/code\u003e\u003c/a\u003e Add 'crater' tests (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1538\"\u003e#1538\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/13c1b65775f6dbc80900580dcb37fcde8c0d6dd3\"\u003e\u003ccode\u003e13c1b65\u003c/code\u003e\u003c/a\u003e Handle CRLF in EmplaceComment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/601bbba7a91da02cc7ec7248ad27cb39c85dd403\"\u003e\u003ccode\u003e601bbba\u003c/code\u003e\u003c/a\u003e Bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1535\"\u003e#1535\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/de617a22ce828c35e5162a81852312d95839b85d\"\u003e\u003ccode\u003ede617a2\u003c/code\u003e\u003c/a\u003e Drop 'custom shell' finding to auditor persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.21.0...v1.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 25.12.0 to 26.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.1.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cp\u003eIntroduces the 2026 stable style (\u003ca href=\"https://redirect.github.com/psf/black/issues/4892\"\u003e#4892\u003c/a\u003e), stabilizing the following changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ealways_one_newline_after_import\u003c/code\u003e: Always force one blank line after import\nstatements, except when the line after the import is a comment or an import statement\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4489\"\u003e#4489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003efix_fmt_skip_in_one_liners\u003c/code\u003e: Fix \u003ccode\u003e# fmt: skip\u003c/code\u003e behavior on one-liner declarations,\nsuch as \u003ccode\u003edef foo(): return \u0026quot;mock\u0026quot; # fmt: skip\u003c/code\u003e, where previously the declaration would\nhave been incorrectly collapsed (\u003ca href=\"https://redirect.github.com/psf/black/issues/4800\"\u003e#4800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003efix_module_docstring_detection\u003c/code\u003e: Fix module docstrings being treated as normal\nstrings if preceded by comments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4764\"\u003e#4764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003efix_type_expansion_split\u003c/code\u003e: Fix type expansions split in generic functions (\u003ca href=\"https://redirect.github.com/psf/black/issues/4777\"\u003e#4777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003emultiline_string_handling\u003c/code\u003e: Make expressions involving multiline strings more compact\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/1879\"\u003e#1879\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003enormalize_cr_newlines\u003c/code\u003e: Add \u003ccode\u003e\\r\u003c/code\u003e style newlines to the potential newlines to\nnormalize file newlines both from and to (\u003ca href=\"https://redirect.github.com/psf/black/issues/4710\"\u003e#4710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eremove_parens_around_except_types\u003c/code\u003e: Remove parentheses around multiple exception\ntypes in \u003ccode\u003eexcept\u003c/code\u003e and \u003ccode\u003eexcept*\u003c/code\u003e without \u003ccode\u003eas\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/psf/black/issues/4720\"\u003e#4720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eremove_parens_from_assignment_lhs\u003c/code\u003e: Remove unnecessary parentheses from the left-hand\nside of assignments while preserving magic trailing commas and intentional multiline\nformatting (\u003ca href=\"https://redirect.github.com/psf/black/issues/4865\"\u003e#4865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003estandardize_type_comments\u003c/code\u003e: Format type comments which have zero or more spaces\nbetween \u003ccode\u003e#\u003c/code\u003e and \u003ccode\u003etype:\u003c/code\u003e or between \u003ccode\u003etype:\u003c/code\u003e and value to \u003ccode\u003e# type: (value)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/psf/black/issues/4645\"\u003e#4645\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe following change was not in any previous stable release:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRegenerated the \u003ccode\u003e_width_table.py\u003c/code\u003e and added tests for the Khmer language (\u003ca href=\"https://redirect.github.com/psf/black/issues/4253\"\u003e#4253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis release alo bumps \u003ccode\u003epathspec\u003c/code\u003e to v1 and fixes inconsistencies with Git's\n\u003ccode\u003e.gitignore\u003c/code\u003e logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4958\"\u003e#4958\u003c/a\u003e). Now, files will be ignored if a pattern matches them, even\nif the parent directory is directly unignored. For example, Black would previously\nformat \u003ccode\u003eexclude/not_this/foo.py\u003c/code\u003e with this \u003ccode\u003e.gitignore\u003c/code\u003e:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eexclude/\n!exclude/not_this/\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eNow, \u003ccode\u003eexclude/not_this/foo.py\u003c/code\u003e will remain ignored. To ensure \u003ccode\u003eexclude/not_this/\u003c/code\u003e and\nall of it's children are included in formatting (and in Git), use this \u003ccode\u003e.gitignore\u003c/code\u003e:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e*/exclude/*\n!*/exclude/not_this/\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis new behavior matches Git. The leading \u003ccode\u003e*/\u003c/code\u003e are only necessary if you wish to ignore\nmatching subdirectories (like the previous behavior did), and not just matching root\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.1.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cp\u003eIntroduces the 2026 stable style (\u003ca href=\"https://redirect.github.com/psf/black/issues/4892\"\u003e#4892\u003c/a\u003e), stabilizing the following changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ealways_one_newline_after_import\u003c/code\u003e: Always force one blank line after import\nstatements, except when the line after the import is a comment or an import statement\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4489\"\u003e#4489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003efix_fmt_skip_in_one_liners\u003c/code\u003e: Fix \u003ccode\u003e# fmt: skip\u003c/code\u003e behavior on one-liner declarations,\nsuch as \u003ccode\u003edef foo(): return \u0026quot;mock\u0026quot; # fmt: skip\u003c/code\u003e, where previously the declaration would\nhave been incorrectly collapsed (\u003ca href=\"https://redirect.github.com/psf/black/issues/4800\"\u003e#4800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003efix_module_docstring_detection\u003c/code\u003e: Fix module docstrings being treated as normal\nstrings if preceded by comments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4764\"\u003e#4764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003efix_type_expansion_split\u003c/code\u003e: Fix type expansions split in generic functions (\u003ca href=\"https://redirect.github.com/psf/black/issues/4777\"\u003e#4777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003emultiline_string_handling\u003c/code\u003e: Make expressions involving multiline strings more compact\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/1879\"\u003e#1879\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003enormalize_cr_newlines\u003c/code\u003e: Add \u003ccode\u003e\\r\u003c/code\u003e style newlines to the potential newlines to\nnormalize file newlines both from and to (\u003ca href=\"https://redirect.github.com/psf/black/issues/4710\"\u003e#4710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eremove_parens_around_except_types\u003c/code\u003e: Remove parentheses around multiple exception\ntypes in \u003ccode\u003eexcept\u003c/code\u003e and \u003ccode\u003eexcept*\u003c/code\u003e without \u003ccode\u003eas\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/psf/black/issues/4720\"\u003e#4720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eremove_parens_from_assignment_lhs\u003c/code\u003e: Remove unnecessary parentheses from the left-hand\nside of assignments while preserving magic trailing commas and intentional multiline\nformatting (\u003ca href=\"https://redirect.github.com/psf/black/issues/4865\"\u003e#4865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003estandardize_type_comments\u003c/code\u003e: Format type comments which have zero or more spaces\nbetween \u003ccode\u003e#\u003c/code\u003e and \u003ccode\u003etype:\u003c/code\u003e or between \u003ccode\u003etype:\u003c/code\u003e and value to \u003ccode\u003e# type: (value)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/psf/black/issues/4645\"\u003e#4645\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe following change was not in any previous stable release:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRegenerated the \u003ccode\u003e_width_table.py\u003c/code\u003e and added tests for the Khmer language (\u003ca href=\"https://redirect.github.com/psf/black/issues/4253\"\u003e#4253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis release alo bumps \u003ccode\u003epathspec\u003c/code\u003e to v1 and fixes inconsistencies with Git's\n\u003ccode\u003e.gitignore\u003c/code\u003e logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4958\"\u003e#4958\u003c/a\u003e). Now, files will be ignored if a pattern matches them, even\nif the parent directory is directly unignored. For example, Black would previously\nformat \u003ccode\u003eexclude/not_this/foo.py\u003c/code\u003e with this \u003ccode\u003e.gitignore\u003c/code\u003e:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eexclude/\n!exclude/not_this/\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eNow, \u003ccode\u003eexclude/not_this/foo.py\u003c/code\u003e will remain ignored. To ensure \u003ccode\u003eexclude/not_this/\u003c/code\u003e and\nall of it's children are included in formatting (and in Git), use this \u003ccode\u003e.gitignore\u003c/code\u003e:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e*/exclude/*\n!*/exclude/not_this/\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis new behavior matches Git. The leading \u003ccode\u003e*/\u003c/code\u003e are only necessary if you wish to ignore\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/6305bf1ae645ab7541be4f5028a86239316178eb\"\u003e\u003ccode\u003e6305bf1\u003c/code\u003e\u003c/a\u003e Prepare 2026.1.0 release (\u003ca href=\"https://redirect.github.com/psf/black/issues/4892\"\u003e#4892\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/e71305bee302f7f9016b228361e5ae69669dca7b\"\u003e\u003ccode\u003ee71305b\u003c/code\u003e\u003c/a\u003e Bump pypa/cibuildwheel from 3.3.0 to 3.3.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/4961\"\u003e#4961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/21a2a8c2b1d0c8d47bc00cc59591470f6a9e2307\"\u003e\u003ccode\u003e21a2a8c\u003c/code\u003e\u003c/a\u003e Fix Shutdown multiprocessing Manager in schedule_formatting (\u003ca href=\"https://redirect.github.com/psf/black/issues/4952\"\u003e#4952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/e3146cea4245fcee29d007cb45d9faaf63271586\"\u003e\u003ccode\u003ee3146ce\u003c/code\u003e\u003c/a\u003e Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/4919\"\u003e#4919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/fe1fbc4fdfa03fa1d460f975b8aca77e4b4f1a4a\"\u003e\u003ccode\u003efe1fbc4\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/4923\"\u003e#4923\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2b4b7fcfe00bb0d99322e07e87fc2f0992f7a4d8\"\u003e\u003ccode\u003e2b4b7fc\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/4922\"\u003e#4922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/d745be69bfa9d85ec2ef6e5f9b7ec7e253b5e8ab\"\u003e\u003ccode\u003ed745be6\u003c/code\u003e\u003c/a\u003e docs: document --force-exclude for pre-commit workflows (\u003ca href=\"https://redirect.github.com/psf/black/issues/4957\"\u003e#4957\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/b41acd6ebbe76e18b49286166924f73f01c3fd02\"\u003e\u003ccode\u003eb41acd6\u003c/code\u003e\u003c/a\u003e Various CI and doc refactors (\u003ca href=\"https://redirect.github.com/psf/black/issues/4928\"\u003e#4928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/6f43612766da4a2f275b575af0802c3e73b6ed83\"\u003e\u003ccode\u003e6f43612\u003c/code\u003e\u003c/a\u003e Handle pathspec v1 changes (\u003ca href=\"https://redirect.github.com/psf/black/issues/4958\"\u003e#4958\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/200c550aff44372f801a6d826a361cb26f45a504\"\u003e\u003ccode\u003e200c550\u003c/code\u003e\u003c/a\u003e Bump furo from 2025.9.25 to 2025.12.19 in /docs (\u003ca href=\"https://redirect.github.com/psf/black/issues/4933\"\u003e#4933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/25.12.0...26.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/super-linter/super-linter/pull/7413","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/super-linter%2Fsuper-linter/issues/7413","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7413/packages"},{"uuid":"3821154741","node_id":"PR_kwDOOwJt4869koQL","number":119,"state":"open","title":":dependabot: uv(deps-dev): Bump zizmor from 1.12.1 to 1.21.0","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-16T09:24:55.000Z","updated_at":"2026-01-16T09:25:15.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":":dependabot: uv(deps-dev): Bump","packages":[{"name":"zizmor","old_version":"1.12.1","new_version":"1.21.0","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps [zizmor](https://github.com/zizmorcore/zizmor) from 1.12.1 to 1.21.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.21.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e detects usage of GitHub Actions features that are considered \u0026quot;misfeatures.\u0026quot; (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now uses exit code 3 to signal an audit that has failed because no input files were collected. See the \u003ca href=\"https://docs.zizmor.sh/usage/#exit-codes\"\u003eexit code\u003c/a\u003e documentation for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1515\"\u003e#1515\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit now supports auto-fixes for many findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit no longer flags shell: cmd. That check has been moved to the new \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e audit. Users may need to update their ignore comments and/or configuration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit now flags reusable workflows that are unpinned, in addition to actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1509\"\u003e#1509\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/johnbillion\"\u003e\u003ccode\u003e@​johnbillion\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.20.0\u003c/h2\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#excessive-permissions\"\u003eexcessive-permissions\u003c/a\u003e audit is now aware of the artifact-metadata and models permissions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1461\"\u003e#1461\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#cache-poisoning\"\u003ecache-poisoning\u003c/a\u003e audit is now aware of the \u003ca href=\"https://github.com/ramsey/composer-install\"\u003eramsey/composer-install\u003c/a\u003e action (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1489\"\u003e#1489\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-images\"\u003eunpinned-images\u003c/a\u003e audit is now significantly more precise in the presence of matrix references, e.g. image: ${{ matrix.image }} (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe default policy for the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit has changed from allowing ref-pinning for first-party actions (those under actions/* and similar) to requiring hash-pinning. This makes the default policy more strict, as well as more consistent across the actions ecosystem.\u003c/p\u003e\n\u003cp\u003eUsers who with to retain the old (permissive policy) for first-party actions may configure it explicitly in their zizmor.yml:\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre\u003e\u003ccode\u003ezizmor.yml\n\u003cp\u003erules:\nunpinned-uses:\nconfig:\npolicies:\nactions/\u003cem\u003e: ref-pin\ngithub/\u003c/em\u003e: ref-pin\ndependabot/*: ref-pin\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.21.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [misfeature] detects usage of GitHub Actions features that\nare considered \u0026quot;misfeatures.\u0026quot; (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now uses exit code \u003ccode\u003e3\u003c/code\u003e to signal an audit that has failed because\nno input files were collected. See the [exit code] documentation\nfor details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1515\"\u003e#1515\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-uses] audit now supports auto-fixes for many findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe [obfuscation] audit no longer flags \u003ccode\u003e#!yaml shell: cmd\u003c/code\u003e. That check has\nbeen moved to the new [misfeature] audit. Users may need to update their\nignore comments and/or configuration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-uses] audit now flags reusable workflows that are unpinned,\nin addition to actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1509\"\u003e#1509\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/johnbillion\"\u003e\u003ccode\u003e@​johnbillion\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.20.0\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [excessive-permissions] audit is now aware of the \u003ccode\u003eartifact-metadata\u003c/code\u003e\nand \u003ccode\u003emodels\u003c/code\u003e permissions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1461\"\u003e#1461\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [cache-poisoning] audit is now aware of the \u003ccode\u003e@​ramsey/composer-install\u003c/code\u003e\naction (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1489\"\u003e#1489\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-images] audit is now significantly more precise in the presence\nof matrix references, e.g. \u003ccode\u003eimage: ${{ matrix.image }}\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe default policy for the [unpinned-uses] audit has changed from allowing\nref-pinning for first-party actions (those under \u003ccode\u003eactions/*\u003c/code\u003e and similar)\nto requiring hash-pinning. This makes the default policy more strict,\nas well as more consistent across the actions ecosystem.\u003c/p\u003e\n\u003cp\u003eUsers who with to retain the old (permissive policy) for first-party\nactions may configure it explicitly in their \u003ccode\u003ezizmor.yml\u003c/code\u003e:\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/5175a6c9707e21e9e300e8dd14a2aac5d1099d4a\"\u003e\u003ccode\u003e5175a6c\u003c/code\u003e\u003c/a\u003e zizmor 1.21.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1529\"\u003e#1529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/b3f84f4f168f0c4d1f6c6a64d3ff8572571c95f5\"\u003e\u003ccode\u003eb3f84f4\u003c/code\u003e\u003c/a\u003e yamlpatch 0.10.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1528\"\u003e#1528\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/20b24ff49188722d1a6fe72d0c77548866d4e245\"\u003e\u003ccode\u003e20b24ff\u003c/code\u003e\u003c/a\u003e yamlpath 0.33.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1527\"\u003e#1527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/4815c16d4f0068d620fe56559d238bda344fea46\"\u003e\u003ccode\u003e4815c16\u003c/code\u003e\u003c/a\u003e Support auto-fixes for unpinned-uses (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/e611eae19cfb4b8c7af67166eedf68ae2268f2e1\"\u003e\u003ccode\u003ee611eae\u003c/code\u003e\u003c/a\u003e Document hk integration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1522\"\u003e#1522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/1c0567080f300dd77a62ecb4b934ef8a9fa05128\"\u003e\u003ccode\u003e1c05670\u003c/code\u003e\u003c/a\u003e Add a 'misfeature' audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/b823d25f692bf84c39d0b4f2b163af4bb996e201\"\u003e\u003ccode\u003eb823d25\u003c/code\u003e\u003c/a\u003e [BOT] update JSON schemas from SchemaStore (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1518\"\u003e#1518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/718288ac3a8af9852214de8c824abe4823e1865d\"\u003e\u003ccode\u003e718288a\u003c/code\u003e\u003c/a\u003e Bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1521\"\u003e#1521\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/a4bff2d9465d43e655a449ec4b806bb30e47ef43\"\u003e\u003ccode\u003ea4bff2d\u003c/code\u003e\u003c/a\u003e chore(deps): bump the cargo group with 7 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1519\"\u003e#1519\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/f4573fd280bf82b7fe2a4f9a1e222131b75992fa\"\u003e\u003ccode\u003ef4573fd\u003c/code\u003e\u003c/a\u003e chore(deps): bump CodSpeedHQ/action in the github-actions group (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1520\"\u003e#1520\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.12.1...v1.21.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmor\u0026package-manager=uv\u0026previous-version=1.12.1\u0026new-version=1.21.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/woffenden/good-repo/pull/119","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/woffenden%2Fgood-repo/issues/119","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/119/packages"},{"uuid":"3815021457","node_id":"PR_kwDOQl0jac69QJIQ","number":70,"state":"open","title":"Bump zizmor from 1.19.0 to 1.20.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-14T21:47:08.000Z","updated_at":"2026-01-17T21:00:25.889Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"zizmor","old_version":"1.19.0","new_version":"1.20.0","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps [zizmor](https://github.com/zizmorcore/zizmor) from 1.19.0 to 1.20.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.20.0\u003c/h2\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#excessive-permissions\"\u003eexcessive-permissions\u003c/a\u003e audit is now aware of the artifact-metadata and models permissions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1461\"\u003e#1461\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#cache-poisoning\"\u003ecache-poisoning\u003c/a\u003e audit is now aware of the \u003ca href=\"https://github.com/ramsey/composer-install\"\u003eramsey/composer-install\u003c/a\u003e action (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1489\"\u003e#1489\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-images\"\u003eunpinned-images\u003c/a\u003e audit is now significantly more precise in the presence of matrix references, e.g. image: ${{ matrix.image }} (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe default policy for the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit has changed from allowing ref-pinning for first-party actions (those under actions/* and similar) to requiring hash-pinning. This makes the default policy more strict, as well as more consistent across the actions ecosystem.\u003c/p\u003e\n\u003cp\u003eUsers who with to retain the old (permissive policy) for first-party actions may configure it explicitly in their zizmor.yml:\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre\u003e\u003ccode\u003ezizmor.yml\n\u003cp\u003erules:\nunpinned-uses:\nconfig:\npolicies:\nactions/\u003cem\u003e: ref-pin\ngithub/\u003c/em\u003e: ref-pin\ndependabot/*: ref-pin\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#dependabot-cooldown\"\u003edependabot-cooldown\u003c/a\u003e audit no longer flags missing cooldowns on ecosystems that don't (yet) support cooldowns, such as opentofu (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1480\"\u003e#1480\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a false positive in the \u003ca href=\"https://docs.zizmor.sh/audits/#cache-poisoning\"\u003ecache-poisoning\u003c/a\u003e audit where zizmor would treat empty strings (e.g. cache: '') as enabling rather than disabling caching (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed two gaps in the \u003ca href=\"https://docs.zizmor.sh/audits/#use-trusted-publishing\"\u003euse-trusted-publishing\u003c/a\u003e audit's detection of common yarn publishing commands (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1495\"\u003e#1495\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eMiscellaneous 🛠\u003ca href=\"https://docs.zizmor.sh/release-notes/#miscellaneous\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's configuration now has an official JSON schema that will be available via \u003ca href=\"https://www.schemastore.org/\"\u003eSchemaStore\u003c/a\u003e soon!\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/kiwamizamurai\"\u003e\u003ccode\u003e@​kiwamizamurai\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.20.0\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [excessive-permissions] audit is now aware of the \u003ccode\u003eartifact-metadata\u003c/code\u003e\nand \u003ccode\u003emodels\u003c/code\u003e permissions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1461\"\u003e#1461\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [cache-poisoning] audit is now aware of the \u003ccode\u003e@​ramsey/composer-install\u003c/code\u003e\naction (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1489\"\u003e#1489\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-images] audit is now significantly more precise in the presence\nof matrix references, e.g. \u003ccode\u003eimage: ${{ matrix.image }}\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe default policy for the [unpinned-uses] audit has changed from allowing\nref-pinning for first-party actions (those under \u003ccode\u003eactions/*\u003c/code\u003e and similar)\nto requiring hash-pinning. This makes the default policy more strict,\nas well as more consistent across the actions ecosystem.\u003c/p\u003e\n\u003cp\u003eUsers who with to retain the old (permissive policy) for first-party\nactions may configure it explicitly in their \u003ccode\u003ezizmor.yml\u003c/code\u003e:\u003c/p\u003e\n\u003cpre data-meta=\"title=\u0026quot;zizmor.yml\u0026quot;\" lang=\"yaml\"\u003e\u003ccode\u003erules:\n  unpinned-uses:\n    config:\n      policies:\n        actions/*: ref-pin\n        github/*: ref-pin\n        dependabot/*: ref-pin\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [dependabot-cooldown] audit no longer flags missing cooldowns on\necosystems that don't (yet) support cooldowns, such as \u003ccode\u003eopentofu\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1480\"\u003e#1480\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a false positive in the [cache-poisoning] audit where \u003ccode\u003ezizmor\u003c/code\u003e would\ntreat empty strings (e.g. \u003ccode\u003ecache: ''\u003c/code\u003e) as enabling rather than disabling\ncaching (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed two gaps in the [use-trusted-publishing] audit's detection of\ncommon \u003ccode\u003eyarn\u003c/code\u003e publishing commands (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1495\"\u003e#1495\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous 🛠\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ezizmor's configuration now has an official JSON schema that is available\nvia \u003ca href=\"https://www.schemastore.org\"\u003eSchemaStore\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/2780ee5207ec9bb3b24e44b82edeb778c511435d\"\u003e\u003ccode\u003e2780ee5\u003c/code\u003e\u003c/a\u003e zizmor 1.20.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1506\"\u003e#1506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/d508548227d9053fef9b8d25bd5f4d2586f9bf42\"\u003e\u003ccode\u003ed508548\u003c/code\u003e\u003c/a\u003e github-actions-models 0.43.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1505\"\u003e#1505\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/6e766ead40e820dcaeb5ef23043d6aff2280ac83\"\u003e\u003ccode\u003e6e766ea\u003c/code\u003e\u003c/a\u003e github-actions-expressions 0.0.12 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1504\"\u003e#1504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/43b1c3a34e702a5f8eb9f7d7dee270911973bebc\"\u003e\u003ccode\u003e43b1c3a\u003c/code\u003e\u003c/a\u003e yamlpatch 0.9.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1503\"\u003e#1503\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/9a270265913b012fac6a757a23fa7bf6569b4396\"\u003e\u003ccode\u003e9a27026\u003c/code\u003e\u003c/a\u003e yamlpath 0.32.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1502\"\u003e#1502\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/2828132b67848decd039c10f2af9096511d179f4\"\u003e\u003ccode\u003e2828132\u003c/code\u003e\u003c/a\u003e [BOT] update JSON schemas from SchemaStore (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1499\"\u003e#1499\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/204783b799b580ece06a8c588c2a5d3f25ee2576\"\u003e\u003ccode\u003e204783b\u003c/code\u003e\u003c/a\u003e chore(deps): bump the cargo group with 3 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1500\"\u003e#1500\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/bead484fd8d9dfe55ceccc3190fbe70f596beffc\"\u003e\u003ccode\u003ebead484\u003c/code\u003e\u003c/a\u003e docs: bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1497\"\u003e#1497\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/7f0ad71a07647311a715318d329155976d11dfee\"\u003e\u003ccode\u003e7f0ad71\u003c/code\u003e\u003c/a\u003e feat: handle matrix expressions in container image clauses (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/2d3fa2f369e3ad289a140521134f31d86cd8be8f\"\u003e\u003ccode\u003e2d3fa2f\u003c/code\u003e\u003c/a\u003e docs: bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1496\"\u003e#1496\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.19.0...v1.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmor\u0026package-manager=pip\u0026previous-version=1.19.0\u0026new-version=1.20.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/vadimpiven/node_reqwest/pull/70","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vadimpiven%2Fnode_reqwest/issues/70","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/70/packages"}],"issue_packages":[{"old_version":"1.23.1","new_version":"1.25.2","update_type":"minor","path":null,"pr_created_at":"2026-06-07T06:51:30.000Z","version_change":"1.23.1 → 1.25.2","issue":{"uuid":"4606461713","node_id":"PR_kwDOSzVvmM7jlNVb","number":9,"state":"open","title":"⬆ Bump zizmor from 1.23.1 to 1.25.2","user":"dependabot[bot]","labels":["internal"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-07T06:51:30.000Z","updated_at":"2026-06-07T06:51:31.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"⬆ Bump","packages":[{"name":"zizmor","old_version":"1.23.1","new_version":"1.25.2","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps [zizmor](https://github.com/zizmorcore/zizmor) from 1.23.1 to 1.25.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.25.2\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-tools\"\u003eunpinned-tools\u003c/a\u003e audit would incorrectly flag the \u003ca href=\"https://github.com/aquasecurity/trivy-action\"\u003eaquasecurity/trivy-action\u003c/a\u003e action as installing an unpinned tool version, rather than \u003ca href=\"https://github.com/aquasecurity/setup-trivy\"\u003eaquasecurity/setup-trivy\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2018\"\u003e#2018\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.25.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#cache-poisoning\"\u003ecache-poisoning\u003c/a\u003e audit would fail to consider release events as exempt from cache usage findings when filtered by a tag condition (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2004\"\u003e#2004\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo when suggesting --fix flags for findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2010\"\u003e#2010\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/0xdea\"\u003e\u003ccode\u003e@​0xdea\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo in \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-tools\"\u003eunpinned-tools\u003c/a\u003e annotations (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2008\"\u003e#2008\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#github-app\"\u003egithub-app\u003c/a\u003e audit would incorrectly flag some safe uses of \u003ca href=\"https://github.com/actions/create-github-app-token\"\u003eactions/create-github-app-token\u003c/a\u003e as unsafe (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2011\"\u003e#2011\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.25.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's finding severities can now be remapped on a per-audit basis. See \u003ca href=\"https://docs.zizmor.sh/configuration/#rules-id-remap\"\u003ethe configuration\u003c/a\u003e for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1913\"\u003e#1913\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/Proximyst\"\u003e\u003ccode\u003e@​Proximyst\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#github-app\"\u003egithub-app\u003c/a\u003e detects dangerous usages of GitHub App installation tokens (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: [unpinned-tools] detects actions that install tools without pinning to a specific version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now accepts the --no-ignores flag to disable all ignore comments and configurations when reporting findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's LSP now honors the --persona flag on the CLI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1943\"\u003e#1943\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor is now aware of Docker-based action definitions, in addition to the pre-existing support for \u0026quot;composite\u0026quot; actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue edit --add-label / gh pr edit --add-label as a replacement for \u003ca href=\"https://github.com/actions-ecosystem/action-add-labels\"\u003eactions-ecosystem/action-add-labels\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue edit --remove-label / gh pr edit --remove-label as a replacement for \u003ca href=\"https://github.com/actions-ecosystem/action-remove-labels\"\u003eactions-ecosystem/action-remove-labels\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend jq as a replacement for \u003ca href=\"https://github.com/sergeysova/jq-action\"\u003esergeysova/jq-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend git add, git commit, and git push as a replacement for \u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action\"\u003estefanzweifel/git-auto-commit-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend git add, git commit, and git push as a replacement for \u003ca href=\"https://github.com/EndBug/add-and-commit\"\u003eEndBug/add-and-commit\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/tibdex/github-app-token\"\u003etibdex/github-app-token\u003c/a\u003e is now recognized as an archived action by \u003ca href=\"https://docs.zizmor.sh/audits/#archived-uses\"\u003earchived-uses\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1910\"\u003e#1910\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.25.2\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the [unpinned-tools] audit would incorrectly flag the\n\u003ccode\u003e@​aquasecurity/trivy-action\u003c/code\u003e action as installing an unpinned tool version,\nrather than \u003ccode\u003e@​aquasecurity/setup-trivy\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2018\"\u003e#2018\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.25.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the [cache-poisoning] audit would fail to consider\n\u003ccode\u003erelease\u003c/code\u003e events as exempt from cache usage findings when filtered by a\ntag condition (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2004\"\u003e#2004\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo when suggesting \u003ccode\u003e--fix\u003c/code\u003e flags for findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2010\"\u003e#2010\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/0xdea\"\u003e\u003ccode\u003e@​0xdea\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo in [unpinned-tools] annotations (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2008\"\u003e#2008\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the [github-app] audit would incorrectly flag some safe\nuses of \u003ccode\u003e@​actions/create-github-app-token\u003c/code\u003e as unsafe (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2011\"\u003e#2011\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.25.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's finding severities can now be remapped on a per-audit basis.\nSee \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/configuration.md#rules-id-remap\"\u003ethe configuration\u003c/a\u003e for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1913\"\u003e#1913\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/Proximyst\"\u003e\u003ccode\u003e@​Proximyst\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [github-app] detects dangerous usages of GitHub App installation tokens\n(\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [unpinned-tools] detects actions that install tools without pinning\nto a specific version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now accepts the \u003ccode\u003e--no-ignores\u003c/code\u003e flag to disable all ignore comments and\nconfigurations when reporting findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e's LSP now honors the \u003ccode\u003e--persona\u003c/code\u003e flag on the CLI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1943\"\u003e#1943\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e is now aware of Docker-based action definitions, in addition to the\npre-existing support for \u0026quot;composite\u0026quot; actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/b50d8f60e27e0084aa3a5f5dff46054a8253ac2a\"\u003e\u003ccode\u003eb50d8f6\u003c/code\u003e\u003c/a\u003e zizmor 1.25.2 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/e8c96481b76ee03dc3e72cc744ad77cfc62cc238\"\u003e\u003ccode\u003ee8c9648\u003c/code\u003e\u003c/a\u003e Bump rustls-webpki to 0.103.13 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2021\"\u003e#2021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/9e19bdedaa4af986b47d7f3ffdadcdd7b226c8a6\"\u003e\u003ccode\u003e9e19bde\u003c/code\u003e\u003c/a\u003e Bump aws-lc crates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2020\"\u003e#2020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/49cb189191c75a18d73a92ae47985424cc0acd3e\"\u003e\u003ccode\u003e49cb189\u003c/code\u003e\u003c/a\u003e Bump rand to 0.9.4 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2019\"\u003e#2019\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/bfdb64993cecb911e385622b989a44431fc2d13f\"\u003e\u003ccode\u003ebfdb649\u003c/code\u003e\u003c/a\u003e unpinned-tools: fix trivy action being detected (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2018\"\u003e#2018\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/9300d3b5a7f06a3d77f092d01434dab99399f3e5\"\u003e\u003ccode\u003e9300d3b\u003c/code\u003e\u003c/a\u003e ww/release (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/331917af1e4f7c6aed23ddd41477c2042d8a857d\"\u003e\u003ccode\u003e331917a\u003c/code\u003e\u003c/a\u003e chore: drop \u003ccode\u003eserde_yaml\u003c/code\u003e rename (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2015\"\u003e#2015\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/506f0856dec8a5c863a4dce695a83491187c543d\"\u003e\u003ccode\u003e506f085\u003c/code\u003e\u003c/a\u003e github-app: test \u003ccode\u003erepositories\u003c/code\u003e, not \u003ccode\u003erepository\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2011\"\u003e#2011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/53dea374e8a01f8df00f9d1acd7dbdfb1838acd8\"\u003e\u003ccode\u003e53dea37\u003c/code\u003e\u003c/a\u003e unpinned-tools, docs: fix typos (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2008\"\u003e#2008\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/8068e115f99b6b84611a8865a8cad0858bd5e07c\"\u003e\u003ccode\u003e8068e11\u003c/code\u003e\u003c/a\u003e fix: replace \u003ccode\u003e--fix=unsafe\u003c/code\u003e with \u003ccode\u003e--fix=unsafe-only\u003c/code\u003e in suggestion (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2010\"\u003e#2010\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.23.1...v1.25.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmor\u0026package-manager=uv\u0026previous-version=1.23.1\u0026new-version=1.25.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/NMJoshi/mcwp/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NMJoshi%2Fmcwp/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"}},{"old_version":"1.24.1","new_version":"1.25.2","update_type":"minor","path":null,"pr_created_at":"2026-05-30T19:59:46.000Z","version_change":"1.24.1 → 1.25.2","issue":{"uuid":"4555529108","node_id":"PR_kwDOF8_QEs7g_sBJ","number":1989,"state":"open","title":"⬆ Bump the python-packages group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dependencies","internal","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T19:59:46.000Z","updated_at":"2026-05-31T06:06:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"⬆ Bump","group_name":"python-packages","update_count":9,"packages":[{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"black","old_version":"26.3.1","new_version":"26.5.1","repository_url":"https://github.com/psf/black"},{"name":"zensical","old_version":"0.0.42","new_version":"0.0.43","repository_url":"https://github.com/zensical/zensical"},{"name":"fastapi","old_version":"0.136.1","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"ruff","old_version":"0.15.13","new_version":"0.15.14","repository_url":"https://github.com/astral-sh/ruff"},{"name":"ty","old_version":"0.0.35","new_version":"0.0.39","repository_url":"https://github.com/astral-sh/ty"},{"name":"prek","old_version":"0.3.13","new_version":"0.4.1","repository_url":"https://github.com/j178/prek"},{"name":"zizmor","old_version":"1.24.1","new_version":"1.25.2","repository_url":"https://github.com/zizmorcore/zizmor"},{"name":"pygithub","old_version":"2.9.0","new_version":"2.9.1","repository_url":"https://github.com/pygithub/pygithub"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-packages group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.4` |\n| [black](https://github.com/psf/black) | `26.3.1` | `26.5.1` |\n| [zensical](https://github.com/zensical/zensical) | `0.0.42` | `0.0.43` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.136.1` | `0.136.3` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.13` | `0.15.14` |\n| [ty](https://github.com/astral-sh/ty) | `0.0.35` | `0.0.39` |\n| [prek](https://github.com/j178/prek) | `0.3.13` | `0.4.1` |\n| [zizmor](https://github.com/zizmorcore/zizmor) | `1.24.1` | `1.25.2` |\n| [pygithub](https://github.com/pygithub/pygithub) | `2.9.0` | `2.9.1` |\n\n\nUpdates `pydantic` from 2.12.5 to 2.13.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/releases\"\u003epydantic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 2026-05-06\u003c/h2\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3 2026-04-20\u003c/h2\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.2 2026-04-17\u003c/h2\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.1 2026-04-15\u003c/h2\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.0 2026-04-13\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/blob/main/HISTORY.md\"\u003epydantic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.4\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.3\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.2\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.1\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.0 (2026-04-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.0\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThe highlights of the v2.13 release are available in the \u003ca href=\"https://pydantic.dev/articles/pydantic-v2-13-release\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/f0d8a214a5803036db46a56b1f62f1e56b81d662\"\u003e\u003ccode\u003ef0d8a21\u003c/code\u003e\u003c/a\u003e Prepare release v2.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/5e3fe1d41a00f441204241c66078003ae0391f9a\"\u003e\u003ccode\u003e5e3fe1d\u003c/code\u003e\u003c/a\u003e Check for pydantic tag pattern in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/7f9edcc2a191d2eaa9751220eb910914e716a686\"\u003e\u003ccode\u003e7f9edcc\u003c/code\u003e\u003c/a\u003e Document tagging conventions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/b46a0c9b8a4dd967fda8ec1a92f6437076bf262c\"\u003e\u003ccode\u003eb46a0c9\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/50629c851e61d887d5420452c311ec6203f1f400\"\u003e\u003ccode\u003e50629c8\u003c/code\u003e\u003c/a\u003e Update to PyPy 7.3.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/8522ebb71e5e9a6f7188af5f009f01785b8cf725\"\u003e\u003ccode\u003e8522ebb\u003c/code\u003e\u003c/a\u003e Preserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/a37f3aff090ca342dc5f48304889963530b993f8\"\u003e\u003ccode\u003ea37f3af\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003eMISSING\u003c/code\u003e sentinel test to work with unreleased \u003ccode\u003etyping_extensions\u003c/code\u003e ver...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/909259a9df660518033aa686b689f045a6eaf9d2\"\u003e\u003ccode\u003e909259a\u003c/code\u003e\u003c/a\u003e Remove Logfire example in documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/2c4174c366606fc2dc46cb806833a080aefa77df\"\u003e\u003ccode\u003e2c4174c\u003c/code\u003e\u003c/a\u003e Bump libc from 0.2.155 to 0.2.185\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.12.5...v2.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 26.3.1 to 26.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.5.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix unstable formatting of annotated assignments whose subscript annotation contains\nan inline comment (e.g. \u003ccode\u003ex: list[  # pyright: ignore[...]\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve inline comments (including \u003ccode\u003e# type: ignore\u003c/code\u003e) immediately before a\n\u003ccode\u003e# fmt: skip\u003c/code\u003e line, avoiding AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the version in the published executables (\u003ca href=\"https://redirect.github.com/psf/black/issues/5137\"\u003e#5137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Neovim integration guide covering conform.nvim, ALE, and simple command approaches\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.5.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810),\nboth new syntactic features in Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePython 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so\nperformance may be slower than on existing Python versions. Wheels will be provided\nonce Python 3.15 is later in its release cycle. (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e# fmt: skip\u003c/code\u003e being ignored in nested \u003ccode\u003eif\u003c/code\u003e expressions with parenthesized \u003ccode\u003ein\u003c/code\u003e\nclauses (\u003ca href=\"https://redirect.github.com/psf/black/issues/4903\"\u003e#4903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd syntactic support for Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash when an f-string follows a \u003ccode\u003e# fmt: off\u003c/code\u003e comment inside brackets (\u003ca href=\"https://redirect.github.com/psf/black/issues/5097\"\u003e#5097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve multiline compound statement headers when \u003ccode\u003e# fmt: skip\u003c/code\u003e is placed on the\ncolon line (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove heuristics around whether blank lines should appear before, within and after\ngroups of same-name decorated functions (such as \u003ccode\u003e@overload\u003c/code\u003e groups) in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5021\"\u003e#5021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix blank lines being removed between a function and a decorated class in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5092\"\u003e#5092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent string merger from creating unsplittable long lines when a pragma comment\n(e.g. \u003ccode\u003e# type: ignore\u003c/code\u003e) follows the closing bracket (\u003ca href=\"https://redirect.github.com/psf/black/issues/5096\"\u003e#5096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRun CI on 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.5.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix unstable formatting of annotated assignments whose subscript annotation contains\nan inline comment (e.g. \u003ccode\u003ex: list[  # pyright: ignore[...]\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve inline comments (including \u003ccode\u003e# type: ignore\u003c/code\u003e) immediately before a\n\u003ccode\u003e# fmt: skip\u003c/code\u003e line, avoiding AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the version in the published executables (\u003ca href=\"https://redirect.github.com/psf/black/issues/5137\"\u003e#5137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Neovim integration guide covering conform.nvim, ALE, and simple command approaches\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.5.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810),\nboth new syntactic features in Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePython 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so\nperformance may be slower than on existing Python versions. Wheels will be provided\nonce Python 3.15 is later in its release cycle. (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e# fmt: skip\u003c/code\u003e being ignored in nested \u003ccode\u003eif\u003c/code\u003e expressions with parenthesized \u003ccode\u003ein\u003c/code\u003e\nclauses (\u003ca href=\"https://redirect.github.com/psf/black/issues/4903\"\u003e#4903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd syntactic support for Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash when an f-string follows a \u003ccode\u003e# fmt: off\u003c/code\u003e comment inside brackets (\u003ca href=\"https://redirect.github.com/psf/black/issues/5097\"\u003e#5097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve multiline compound statement headers when \u003ccode\u003e# fmt: skip\u003c/code\u003e is placed on the\ncolon line (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove heuristics around whether blank lines should appear before, within and after\ngroups of same-name decorated functions (such as \u003ccode\u003e@overload\u003c/code\u003e groups) in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5021\"\u003e#5021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix blank lines being removed between a function and a decorated class in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5092\"\u003e#5092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent string merger from creating unsplittable long lines when a pragma comment\n(e.g. \u003ccode\u003e# type: ignore\u003c/code\u003e) follows the closing bracket (\u003ca href=\"https://redirect.github.com/psf/black/issues/5096\"\u003e#5096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRun CI on 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/87928e6d6761a4a6d22250e1fee5601b3998086e\"\u003e\u003ccode\u003e87928e6\u003c/code\u003e\u003c/a\u003e Prepare release 26.5.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5140\"\u003e#5140\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c970a49702488739add6c728122deb3a99900803\"\u003e\u003ccode\u003ec970a49\u003c/code\u003e\u003c/a\u003e Preserve comments before fmt: skip lines (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/5809338fd5f92d50e80c2ad312292ae6d428a480\"\u003e\u003ccode\u003e5809338\u003c/code\u003e\u003c/a\u003e Preserve inline comments inside annotation subscripts (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/61361b71995f6ea44ce01915bacd3ecc50642507\"\u003e\u003ccode\u003e61361b7\u003c/code\u003e\u003c/a\u003e docs: add Neovim integration guide and fix http link (\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/ebe6018e3254629788376e619207719fbe34a849\"\u003e\u003ccode\u003eebe6018\u003c/code\u003e\u003c/a\u003e CI Hotfixes (\u003ca href=\"https://redirect.github.com/psf/black/issues/5136\"\u003e#5136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/9cbd95f80e97c1ab4d690d1d41b81579a13bf75c\"\u003e\u003ccode\u003e9cbd95f\u003c/code\u003e\u003c/a\u003e Fix publish binaries again on Windows (\u003ca href=\"https://redirect.github.com/psf/black/issues/5134\"\u003e#5134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/3dc8e6c41911bdaedb4bac8d633979c34a112b78\"\u003e\u003ccode\u003e3dc8e6c\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5132\"\u003e#5132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/6d0fff0d5a965b9d0d3dbd7c5738d835fd574130\"\u003e\u003ccode\u003e6d0fff0\u003c/code\u003e\u003c/a\u003e Fix publish binaries workflow (\u003ca href=\"https://redirect.github.com/psf/black/issues/5133\"\u003e#5133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/d2490e24dad33b8f68c77602ee29160de0fea24b\"\u003e\u003ccode\u003ed2490e2\u003c/code\u003e\u003c/a\u003e Prepare release 26.5.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5131\"\u003e#5131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2b13ea76fa69d4923381df65deb1a5c896ca27ad\"\u003e\u003ccode\u003e2b13ea7\u003c/code\u003e\u003c/a\u003e Preserve multiline headers with fmt skip (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/26.3.1...26.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zensical` from 0.0.42 to 0.0.43\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zensical/zensical/releases\"\u003ezensical's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.43\u003c/h2\u003e\n\u003ch2\u003eSummary\u003c/h2\u003e\n\u003cp\u003eThis version fixes further edge cases in link validation, and adds support for UTF-8 encoding with byte-order-marks.\u003c/p\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e1e873a3 \u003cstrong\u003ecompat\u003c/strong\u003e – ignore links in code after literal dollar during link validation (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/691\"\u003e#691\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e62a0feb \u003cstrong\u003ezensical\u003c/strong\u003e – report \u003ccode\u003epath.md/#anchor\u003c/code\u003e as invalid during link validation (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/690\"\u003e#690\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e7be40c6 \u003cstrong\u003ecompat\u003c/strong\u003e – ignore GitHub-style callouts during link validation (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/688\"\u003e#688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e85c3b1e \u003cstrong\u003ecompat\u003c/strong\u003e – ignore \u003ccode\u003e[TOC]\u003c/code\u003e marker during link validation (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/686\"\u003e#686\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edaafc8b \u003cstrong\u003ezensical\u003c/strong\u003e – filter out icons folder when watching theme directories (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e913fd61 \u003cstrong\u003ezensical\u003c/strong\u003e – strip Byte-Order-Mark (BOM) from Markdown files (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/687\"\u003e#687\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/7d2178a8a9df7c559a746643ccfa34f1531f20a3\"\u003e\u003ccode\u003e7d2178a\u003c/code\u003e\u003c/a\u003e chore: release v0.0.43\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/35a20425ac3a30007ed2ba9e1d54bbdae98399cd\"\u003e\u003ccode\u003e35a2042\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/zensical/zensical/issues/697\"\u003e#697\u003c/a\u003e from zensical/fix/validation-regressions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/1e873a397c314843444adb68dcd5238af62dfe22\"\u003e\u003ccode\u003e1e873a3\u003c/code\u003e\u003c/a\u003e fix: ignore links in code after literal dollar during link validation (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/691\"\u003e#691\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/62a0feb8f45ed10ea3c4c9816501ff1c2245f244\"\u003e\u003ccode\u003e62a0feb\u003c/code\u003e\u003c/a\u003e fix: report \u003ccode\u003epath.md/#anchor\u003c/code\u003e as invalid during link validation (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/690\"\u003e#690\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/7be40c6ceb4407992a1d93cb6e30563b737e4724\"\u003e\u003ccode\u003e7be40c6\u003c/code\u003e\u003c/a\u003e fix: ignore GitHub-style callouts during link validation (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/688\"\u003e#688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/85c3b1e321dc4eaa60fc7bd885a4da509e1e4127\"\u003e\u003ccode\u003e85c3b1e\u003c/code\u003e\u003c/a\u003e fix: ignore \u003ccode\u003e[TOC]\u003c/code\u003e marker during link validation (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/686\"\u003e#686\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/daafc8becba138735046b63dcf839c89c9f8c024\"\u003e\u003ccode\u003edaafc8b\u003c/code\u003e\u003c/a\u003e fix: filter out icons folder when watching theme directories (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zensical/zensical/commit/913fd61670ae2d1a01c76388613f6378c9431a3d\"\u003e\u003ccode\u003e913fd61\u003c/code\u003e\u003c/a\u003e fix: strip Byte-Order-Mark (BOM) from Markdown files (\u003ca href=\"https://redirect.github.com/zensical/zensical/issues/687\"\u003e#687\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/zensical/zensical/compare/v0.0.42...v0.0.43\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.136.1 to 0.136.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.3\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (the default). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15589\"\u003e#15589\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.2\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15588\"\u003e#15588\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15464\"\u003e#15464\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15583\"\u003e#15583\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs references to central contributing docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15580\"\u003e#15580\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15577\"\u003e#15577\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🍱 Update sponsors: TalorData image. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15562\"\u003e#15562\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs, simplify usage of admonitions, only default ones. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15553\"\u003e#15553\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix image URLs in \u003ccode\u003eindex.md\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15534\"\u003e#15534\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Fix Azkaban spelling typo in \u003ccode\u003evirtual-environments.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15463\"\u003e#15463\u003c/a\u003e by \u003ca href=\"https://github.com/isaacbernat\"\u003e\u003ccode\u003e@​isaacbernat\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Improve layout and styling. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15462\"\u003e#15462\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Refactor opinions section with interactive tabs and new logos. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15458\"\u003e#15458\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add FastAPI Conf '26 announcement to docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15457\"\u003e#15457\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Improve translation consistency in \u003ccode\u003e‎docs/pt/docs/advanced/generate-clients.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15456\"\u003e#15456\u003c/a\u003e by \u003ca href=\"https://github.com/Will-thom\"\u003e\u003ccode\u003e@​Will-thom\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15530\"\u003e#15530\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15529\"\u003e#15529\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15528\"\u003e#15528\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15527\"\u003e#15527\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15526\"\u003e#15526\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15525\"\u003e#15525\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15524\"\u003e#15524\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15522\"\u003e#15522\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15523\"\u003e#15523\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15520\"\u003e#15520\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15521\"\u003e#15521\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Fix typos in Spanish LLM-prompt. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15472\"\u003e#15472\u003c/a\u003e by \u003ca href=\"https://github.com/crr004\"\u003e\u003ccode\u003e@​crr004\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Update tests, don't double dispose the engine. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15587\"\u003e#15587\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/13583\"\u003e#13583\u003c/a\u003e by \u003ca href=\"https://github.com/dikos1337\"\u003e\u003ccode\u003e@​dikos1337\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15585\"\u003e#15585\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15502\"\u003e#15502\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15565\"\u003e#15565\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15571\"\u003e#15571\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Migrate docs from MkDocs to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15563\"\u003e#15563\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15548\"\u003e#15548\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/82064857539e6286522c347b4b11331b48dd2378\"\u003e\u003ccode\u003e8206485\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c910e0139f983d0e04e2d1d235cd71803afeae34\"\u003e\u003ccode\u003ec910e01\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/063b5bf582d31fb155cc6bc6f88cf512329d0fd5\"\u003e\u003ccode\u003e063b5bf\u003c/code\u003e\u003c/a\u003e ♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/22b02e26f9e8c7e32bd8266e2b0ebe8bb3a0db2b\"\u003e\u003ccode\u003e22b02e2\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3b252a2a22ba27a8ab83d6bde7d9cddbc5bf738e\"\u003e\u003ccode\u003e3b252a2\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c7fb7851b3389f24c51701d705458989be53ccbb\"\u003e\u003ccode\u003ec7fb785\u003c/code\u003e\u003c/a\u003e ♻️ Validate Server Sent Event fields to avoid applications from sending broke...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cb83b83dcf78eab4ea17d504db5abcda705fbdc4\"\u003e\u003ccode\u003ecb83b83\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/00f805cec94c0bf48c1f9a563535a3ab2e6f90ab\"\u003e\u003ccode\u003e00f805c\u003c/code\u003e\u003c/a\u003e ✅ Update tests, don't double dispose the engine (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15587\"\u003e#15587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3675137523dc167981aa3a3c44599b4f3079ccd8\"\u003e\u003ccode\u003e3675137\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7b57e42986bb4d40c9eb6580537d13fb8e76097e\"\u003e\u003ccode\u003e7b57e42\u003c/code\u003e\u003c/a\u003e 📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15464\"\u003e#15464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.136.1...0.136.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.13 to 0.15.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.14\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-21.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-task-implicit-multiple-outputs\u003c/code\u003e (\u003ccode\u003eAIR202\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25152\"\u003e#25152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-use-pathlib\u003c/code\u003e] Mark \u003ccode\u003ePTH101\u003c/code\u003e fix as unsafe when first argument is a class attribute annotated as \u003ccode\u003eint\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25086\"\u003e#25086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Implement \u003ccode\u003etoo-many-try-statements\u003c/code\u003e (\u003ccode\u003eW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23970\"\u003e#23970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003eincorrect-decorator-order\u003c/code\u003e (\u003ccode\u003eRUF074\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23461\"\u003e#23461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003efallible-context-manager\u003c/code\u003e (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22844\"\u003e#22844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix lambda formatting in interpolated string expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25144\"\u003e#25144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat generic \u003ccode\u003efrozenset\u003c/code\u003e annotations as immutable (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25251\"\u003e#25251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-type-checking\u003c/code\u003e] Avoid \u003ccode\u003estrict\u003c/code\u003e behavior when \u003ccode\u003efuture-annotations\u003c/code\u003e are enabled (\u003ccode\u003eTC001\u003c/code\u003e, \u003ccode\u003eTC002\u003c/code\u003e, \u003ccode\u003eTC003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25035\"\u003e#25035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Avoid false positives in \u003ccode\u003eelse\u003c/code\u003e clause (\u003ccode\u003ePLR1733\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25177\"\u003e#25177\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25272\"\u003e#25272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e] Preserve f-string source verbatim in \u003ccode\u003eSIM101\u003c/code\u003e fix (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25061\"\u003e#25061\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate code example setting Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd full PEP 798 support (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25104\"\u003e#25104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a parser recursion limit (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate various \u003ccode\u003eruff_python_stdlib\u003c/code\u003e APIs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25273\"\u003e#25273\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ocaballeror\"\u003e\u003ccode\u003e@​ocaballeror\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuelcolvin\"\u003e\u003ccode\u003e@​samuelcolvin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/baltasarblanco\"\u003e\u003ccode\u003e@​baltasarblanco\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aconal-com\"\u003e\u003ccode\u003e@​aconal-com\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JelleZijlstra\"\u003e\u003ccode\u003e@​JelleZijlstra\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.14\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-21.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-task-implicit-multiple-outputs\u003c/code\u003e (\u003ccode\u003eAIR202\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25152\"\u003e#25152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-use-pathlib\u003c/code\u003e] Mark \u003ccode\u003ePTH101\u003c/code\u003e fix as unsafe when first argument is a class attribute annotated as \u003ccode\u003eint\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25086\"\u003e#25086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Implement \u003ccode\u003etoo-many-try-statements\u003c/code\u003e (\u003ccode\u003eW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23970\"\u003e#23970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003eincorrect-decorator-order\u003c/code\u003e (\u003ccode\u003eRUF074\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23461\"\u003e#23461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003efallible-context-manager\u003c/code\u003e (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22844\"\u003e#22844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix lambda formatting in interpolated string expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25144\"\u003e#25144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat generic \u003ccode\u003efrozenset\u003c/code\u003e annotations as immutable (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25251\"\u003e#25251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-type-checking\u003c/code\u003e] Avoid \u003ccode\u003estrict\u003c/code\u003e behavior when \u003ccode\u003efuture-annotations\u003c/code\u003e are enabled (\u003ccode\u003eTC001\u003c/code\u003e, \u003ccode\u003eTC002\u003c/code\u003e, \u003ccode\u003eTC003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25035\"\u003e#25035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Avoid false positives in \u003ccode\u003eelse\u003c/code\u003e clause (\u003ccode\u003ePLR1733\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25177\"\u003e#25177\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25272\"\u003e#25272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e] Preserve f-string source verbatim in \u003ccode\u003eSIM101\u003c/code\u003e fix (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25061\"\u003e#25061\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate code example setting Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd full PEP 798 support (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25104\"\u003e#25104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a parser recursion limit (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate various \u003ccode\u003eruff_python_stdlib\u003c/code\u003e APIs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25273\"\u003e#25273\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ocaballeror\"\u003e\u003ccode\u003e@​ocaballeror\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuelcolvin\"\u003e\u003ccode\u003e@​samuelcolvin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/baltasarblanco\"\u003e\u003ccode\u003e@​baltasarblanco\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aconal-com\"\u003e\u003ccode\u003e@​aconal-com\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JelleZijlstra\"\u003e\u003ccode\u003e@​JelleZijlstra\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adityasingh2400\"\u003e\u003ccode\u003e@​adityasingh2400\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9ad2da3015e5faf73bdc5f1d09df3e47238e3edf\"\u003e\u003ccode\u003e9ad2da3\u003c/code\u003e\u003c/a\u003e Bump 0.15.14 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25295\"\u003e#25295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/c714e84952510696c05ec21b0158a3548898f594\"\u003e\u003ccode\u003ec714e84\u003c/code\u003e\u003c/a\u003e [ty] Modernize setup of union types in mdtests (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25291\"\u003e#25291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/8a8e35ebfe318e2467a0f276e5d1a3a9032a55ad\"\u003e\u003ccode\u003e8a8e35e\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parame...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/aea5ed4d278017057c2e842c6c3a2e92ad71495f\"\u003e\u003ccode\u003eaea5ed4\u003c/code\u003e\u003c/a\u003e Avoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/e9d72bb420f26c23e6660bfce4dfa0028b931bff\"\u003e\u003ccode\u003ee9d72bb\u003c/code\u003e\u003c/a\u003e [ty] Allow enum member accesses on \u003ccode\u003eself\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25077\"\u003e#25077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/6cbd59b511a92d5f408db57bde33367c0d47b672\"\u003e\u003ccode\u003e6cbd59b\u003c/code\u003e\u003c/a\u003e Set \u003ccode\u003eexclude-newer = \u0026quot;7 days\u0026quot;\u003c/code\u003e in our PEP-723 scripts (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25285\"\u003e#25285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9999a3967ae28fe3295131e8883b6947f272a076\"\u003e\u003ccode\u003e9999a39\u003c/code\u003e\u003c/a\u003e Update code example on how to update Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/67d8c544f0d1c526a2fc60d4bb1358fd7956d178\"\u003e\u003ccode\u003e67d8c54\u003c/code\u003e\u003c/a\u003e [ty] Retain recursively-defined state in binary expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25277\"\u003e#25277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/25a3191140dc0467f9d196f35c128fefde269261\"\u003e\u003ccode\u003e25a3191\u003c/code\u003e\u003c/a\u003e [ty] Refine Callable class-decorator fallback for unknown results (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25250\"\u003e#25250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/c423054dc09e5b644c926b6b527b6accfbe693e9\"\u003e\u003ccode\u003ec423054\u003c/code\u003e\u003c/a\u003e Add a recursion limit to the parser (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.13...0.15.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ty` from 0.0.35 to 0.0.39\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ty/releases\"\u003ety's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.39\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-22.\u003c/p\u003e\n\u003cp\u003eThis release removes the Python 3.9 branches from our vendored standard library stubs. ty now only has \u0026quot;full\u0026quot; support for\nPython 3.10 and later, but will still report version-specific syntax errors and other diagnostics when \u003ccode\u003e--python-version 3.9\u003c/code\u003e\nis provided via the CLI.\u003c/p\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid panicking on \u003ccode\u003e__new__\u003c/code\u003e assignments to classes (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25282\"\u003e#25282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve declaration order when synthesizing class fields (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25249\"\u003e#25249\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRespect \u003ccode\u003edict\u003c/code\u003e-compatible fallbacks in TypedDict unions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25242\"\u003e#25242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRetain recursively-defined state in binary expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25277\"\u003e#25277\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eLSP server\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Quick Fix to remove redundant cast (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25211\"\u003e#25211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClassify property declaration semantic tokens (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25322\"\u003e#25322\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEscape HTML syntax in docstring rendering (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25247\"\u003e#25247\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrefer symbols from standard library over those of the same name from third party libraries for import completions. (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25108\"\u003e#25108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport type aliases in document symbols (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25302\"\u003e#25302\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDiagnostics\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd error context for extra callable parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25269\"\u003e#25269\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid exponential blow-up in fall-through narrowing (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25278\"\u003e#25278\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSpeed up include filtering for projects with many literal include patterns (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25266\"\u003e#25266\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCore type checking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow enum member accesses on \u003ccode\u003eself\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25077\"\u003e#25077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEmit a diagnostic for subclassing with \u003ccode\u003eorder=True\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/21704\"\u003e#21704\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFull-scope bidirectional inference for unconstrained container literals (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25279\"\u003e#25279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInfer \u003ccode\u003edict(TypedDict)\u003c/code\u003e as \u003ccode\u003edict[str, object]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24852\"\u003e#24852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefine Callable class-decorator fallback for unknown results (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25250\"\u003e#25250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReject incompatible explicit variance in generic base classes (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25327\"\u003e#25327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport multi-inference through type aliases (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25245\"\u003e#25245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSync vendored typeshed stubs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25271\"\u003e#25271\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25172\"\u003e#25172\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ibraheemdev\"\u003e\u003ccode\u003e@​ibraheemdev\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MatthewMckee4\"\u003e\u003ccode\u003e@​MatthewMckee4\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sqqueak\"\u003e\u003ccode\u003e@​sqqueak\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ty/blob/main/CHANGELOG.md\"\u003ety's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.39\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-22.\u003c/p\u003e\n\u003cp\u003eThis release removes the Python 3.9 branches from our vendored standard library stubs. ty now only has \u0026quot;full\u0026quot; support for\nPython 3.10 and later, but will still report version-specific syntax errors and other diagnostics when \u003ccode\u003e--python-version 3.9\u003c/code\u003e\nis provided via the CLI.\u003c/p\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid panicking on \u003ccode\u003e__new__\u003c/code\u003e assignments to classes (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25282\"\u003e#25282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve declaration order when synthesizing class fields (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25249\"\u003e#25249\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRespect \u003ccode\u003edict\u003c/code\u003e-compatible fallbacks in TypedDict unions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25242\"\u003e#25242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRetain recursively-defined state in binary expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25277\"\u003e#25277\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eLSP server\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Quick Fix to remove redundant cast (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25211\"\u003e#25211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClassify property declaration semantic tokens (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25322\"\u003e#25322\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEscape HTML syntax in docstring rendering (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25247\"\u003e#25247\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrefer symbols from standard library over those of the same name from third party libraries for import completions. (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25108\"\u003e#25108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport type aliases in document symbols (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25302\"\u003e#25302\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDiagnostics\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd error context for extra callable parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25269\"\u003e#25269\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid exponential blow-up in fall-through narrowing (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25278\"\u003e#25278\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSpeed up include filtering for projects with many literal include patterns (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25266\"\u003e#25266\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCore type checking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow enum member accesses on \u003ccode\u003eself\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25077\"\u003e#25077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEmit a diagnostic for subclassing with \u003ccode\u003eorder=True\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/21704\"\u003e#21704\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFull-scope bidirectional inference for unconstrained container literals (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25279\"\u003e#25279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInfer \u003ccode\u003edict(TypedDict)\u003c/code\u003e as \u003ccode\u003edict[str, object]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24852\"\u003e#24852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefine Callable class-decorator fallback for unknown results (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25250\"\u003e#25250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReject incompatible explicit variance in generic base classes (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25327\"\u003e#25327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport multi-inference through type aliases (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25245\"\u003e#25245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSync vendored typeshed stubs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25271\"\u003e#25271\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25172\"\u003e#25172\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ibraheemdev\"\u003e\u003ccode\u003e@​ibraheemdev\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MatthewMckee4\"\u003e\u003ccode\u003e@​MatthewMckee4\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sqqueak\"\u003e\u003ccode\u003e@​sqqueak\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sharkdp\"\u003e\u003ccode\u003e@​sharkdp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/0205125174c135d6fc4014244dee374678b61c72\"\u003e\u003ccode\u003e0205125\u003c/code\u003e\u003c/a\u003e Bump version to 0.0.39 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3516\"\u003e#3516\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/ae8058d40e641b545bbad046c487e964206a2286\"\u003e\u003ccode\u003eae8058d\u003c/code\u003e\u003c/a\u003e Update maturin to v1.13.3 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3494\"\u003e#3494\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/33b60f8ad0f2da648b867831548a4b8c7985647d\"\u003e\u003ccode\u003e33b60f8\u003c/code\u003e\u003c/a\u003e Update prek dependencies (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3495\"\u003e#3495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/1d3efc1d68e36a8f982fa73b1f8c2a5ebc50fcde\"\u003e\u003ccode\u003e1d3efc1\u003c/code\u003e\u003c/a\u003e Bump version to 0.0.38 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3492\"\u003e#3492\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/f5100ccde50ff577fa311add5232ae6074ed68f9\"\u003e\u003ccode\u003ef5100cc\u003c/code\u003e\u003c/a\u003e scripts/update_schemastore: use -C to allow re-running schema update on exist...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/f18aed6430c781ff3bc4fe41d9b5c2a7161657c4\"\u003e\u003ccode\u003ef18aed6\u003c/code\u003e\u003c/a\u003e Bump version to 0.0.37 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3473\"\u003e#3473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/a63e55929645f8eeaa6f28117afda8d2ed39d1a4\"\u003e\u003ccode\u003ea63e559\u003c/code\u003e\u003c/a\u003e Bump version to 0.0.36 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3463\"\u003e#3463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/94370d5b43c48d01720a9e65d8d8d5286b6697b1\"\u003e\u003ccode\u003e94370d5\u003c/code\u003e\u003c/a\u003e Update prek dependencies (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3449\"\u003e#3449\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/astral-sh/ty/compare/0.0.35...0.0.39\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `prek` from 0.3.13 to 0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/j178/prek/releases\"\u003eprek's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.4.1\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-20.\u003c/p\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix pre-push range after rebase (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2089\"\u003e#2089\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrefer extensions over loose filename tags (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip installs for hooks that will not run (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2103\"\u003e#2103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize meta hook file scans (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2106\"\u003e#2106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReduce run filtering allocations (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2090\"\u003e#2090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall prek 0.4.1\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://github.com/j178/prek/releases/download/v0.4.1/prek-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via powershell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003epowershell -ExecutionPolicy Bypass -c \u0026quot;irm https://github.com/j178/prek/releases/download/v0.4.1/prek-installer.ps1 | iex\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via Homebrew\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ebrew install prek\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eDownload prek 0.4.1\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eFile\u003c/th\u003e\n\u003cth\u003ePlatform\u003c/th\u003e\n\u003cth\u003eChecksum\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-aarch64-apple-darwin.tar.gz\"\u003eprek-aarch64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eApple Silicon macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-aarch64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-x86_64-apple-darwin.tar.gz\"\u003eprek-x86_64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eIntel macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-x86_64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-aarch64-pc-windows-msvc.zip\"\u003eprek-aarch64-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-aarch64-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-i686-pc-windows-msvc.zip\"\u003eprek-i686-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex86 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-i686-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-x86_64-pc-windows-msvc.zip\"\u003eprek-x86_64-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex64 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-x86_64-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-aarch64-unknown-linux-gnu.tar.gz\"\u003eprek-aarch64-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.4.1/prek-aarch64-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/j178/prek/blob/master/CHANGELOG.md\"\u003eprek's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.4.1\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-20.\u003c/p\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix pre-push range after rebase (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2089\"\u003e#2089\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrefer extensions over loose filename tags (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip installs for hooks that will not run (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2103\"\u003e#2103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize meta hook file scans (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2106\"\u003e#2106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReduce run filtering allocations (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2090\"\u003e#2090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.4.0\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003eBreaking changes\u003c/h3\u003e\n\u003cp\u003eThese are narrow cleanup breaks in behavior that was either temporary or never worked correctly. Most users should not need to change anything.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eGenerated hook scripts no longer preserve \u003ccode\u003e-q\u003c/code\u003e, \u003ccode\u003e-v\u003c/code\u003e, or \u003ccode\u003e--no-progress\u003c/code\u003e passed to \u003ccode\u003eprek install\u003c/code\u003e. This only affects users who expected those global flags to be baked into installed hooks. (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1966\"\u003e#1966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elanguage_version\u003c/code\u003e no longer accepts direct executable paths. Use \u003ccode\u003elanguage_version: system\u003c/code\u003e for a system toolchain, or use a supported version request instead. This path form did not work reliably before, so existing working configs should be unaffected. (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1831\"\u003e#1831\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eExpand tilde in \u003ccode\u003e--config\u003c/code\u003e, \u003ccode\u003e--cd\u003c/code\u003e, \u003ccode\u003e--log-file\u003c/code\u003e and \u003ccode\u003e--git-dir\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2063\"\u003e#2063\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent auto-update cooldown downgrades (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2055\"\u003e#2055\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse managed npm cache for node hooks (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2075\"\u003e#2075\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix npm config env overrides for node hooks (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd cookbook page for enabling Git 2.54 config-based global hooks (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2061\"\u003e#2061\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/871b9edb65b7978c2c53d94f60a433cb9e120132\"\u003e\u003ccode\u003e871b9ed\u003c/code\u003e\u003c/a\u003e Bump version to 0.4.1 (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2107\"\u003e#2107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/3c26faf5be0c9ad0e61309650479e063b8cb0037\"\u003e\u003ccode\u003e3c26faf\u003c/code\u003e\u003c/a\u003e Optimize meta hook file scans (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2106\"\u003e#2106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/7780f1149565ff430b86be1f688dce7f680c6760\"\u003e\u003ccode\u003e7780f11\u003c/code\u003e\u003c/a\u003e Clean up run hook installation flow (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2105\"\u003e#2105\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/c5dc885bcbc3d293d6c20ffb43b7be970b55b60d\"\u003e\u003ccode\u003ec5dc885\u003c/code\u003e\u003c/a\u003e Refine hook install filtering (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2104\"\u003e#2104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/9db879e92760cfa3c6da748672237a1b1d81ce12\"\u003e\u003ccode\u003e9db879e\u003c/code\u003e\u003c/a\u003e Skip installs for hooks that will not run (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2103\"\u003e#2103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/2a0da57faddae03fd6d8985776ab2ec33d0b99e5\"\u003e\u003ccode\u003e2a0da57\u003c/code\u003e\u003c/a\u003e Simplify workspace file handling (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2102\"\u003e#2102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/33ca06054451602a7988b64ac6cf12b1cf5fddad\"\u003e\u003ccode\u003e33ca060\u003c/code\u003e\u003c/a\u003e Lock file maintenance (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/03f11c00b169b9beea59253fc5a0c7efe6dc9fa6\"\u003e\u003ccode\u003e03f11c0\u003c/code\u003e\u003c/a\u003e Update GitHub Actions (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2101\"\u003e#2101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/354f431c3c0420d5be83e6c59f3b644c907793e6\"\u003e\u003ccode\u003e354f431\u003c/code\u003e\u003c/a\u003e Update dependency uv to v0.11.13 (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2094\"\u003e#2094\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/4a41828a33efaccccaba76e96942314ac3309e75\"\u003e\u003ccode\u003e4a41828\u003c/code\u003e\u003c/a\u003e Update Rust crate quick-xml to v0.39.4 (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2098\"\u003e#2098\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/j178/prek/compare/v0.3.13...v0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmor` from 1.24.1 to 1.25.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.25.2\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-tools\"\u003eunpinned-tools\u003c/a\u003e audit would incorrectly flag the \u003ca href=\"https://github.com/aquasecurity/trivy-action\"\u003eaquasecurity/trivy-action\u003c/a\u003e action as installing an unpinned tool version, rather than \u003ca href=\"https://github.com/aquasecurity/setup-trivy\"\u003eaquasecurity/setup-trivy\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2018\"\u003e#2018\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.25.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#cache-poisoning\"\u003ecache-poisoning\u003c/a\u003e audit would fail to consider release events as exempt from cache usage findings when filtered by a tag condition (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2004\"\u003e#2004\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo when suggesting --fix flags for findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2010\"\u003e#2010\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/0xdea\"\u003e\u003ccode\u003e@​0xdea\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo in \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-tools\"\u003eunpinned-tools\u003c/a\u003e annotations (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2008\"\u003e#2008\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#github-app\"\u003egithub-app\u003c/a\u003e audit would incorrectly flag some safe uses of \u003ca href=\"https://github.com/actions/create-github-app-token\"\u003eactions/create-github-app-token\u003c/a\u003e as unsafe (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2011\"\u003e#2011\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.25.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's finding severities can now be remapped on a per-audit basis. See \u003ca href=\"https://docs.zizmor.sh/configuration/#rules-id-remap\"\u003ethe configuration\u003c/a\u003e for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1913\"\u003e#1913\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/Proximyst\"\u003e\u003ccode\u003e@​Proximyst\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#github-app\"\u003egithub-app\u003c/a\u003e detects dangerous usages of GitHub App installation tokens (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: [unpinned-tools] detects actions that install tools without pinning to a specific version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now accepts the --no-ignores flag to disable all ignore comments and configurations when reporting findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's LSP now honors the --persona flag on the CLI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1943\"\u003e#1943\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor is now aware of Docker-based action definitions, in addition to the pre-existing support for \u0026quot;composite\u0026quot; actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue edit --add-label / gh pr edit --add-label as a replacement for \u003ca href=\"https://github.com/actions-ecosystem/action-add-labels\"\u003eactions-ecosystem/action-add-labels\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue edit --remove-label / gh pr edit --remove-label as a replacement for \u003ca href=\"https://github.com/actions-ecosystem/action-remove-labels\"\u003eactions-ecosystem/action-remove-labels\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend jq as a replacement for \u003ca href=\"https://github.com/sergeysova/jq-action\"\u003esergeysova/jq-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend git add, git commit, and git push as a replacement for \u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action\"\u003estefanzweifel/git-auto-commit-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend git add, git commit, and git push as a replacement for \u003ca href=\"https://github.com/EndBug/add-and-commit\"\u003eEndBug/add-and-commit\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/tibdex/github-app-token\"\u003etibdex/github-app-token\u003c/a\u003e is now recognized as an archived action by \u003ca href=...\n\n_Description has been truncated_","html_url":"https://github.com/fastapi/sqlmodel/pull/1989","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/fastapi%2Fsqlmodel/issues/1989","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1989/packages"}},{"old_version":"1.23.1","new_version":"1.25.2","update_type":"minor","path":null,"pr_created_at":"2026-05-24T03:51:38.000Z","version_change":"1.23.1 → 1.25.2","issue":{"uuid":"4510407434","node_id":"PR_kwDOSmGB2s7euU4J","number":5,"state":"open","title":"⬆ Bump zizmor from 1.23.1 to 1.25.2","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-24T03:51:38.000Z","updated_at":"2026-05-24T03:51:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"⬆ Bump","packages":[{"name":"zizmor","old_version":"1.23.1","new_version":"1.25.2","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps [zizmor](https://github.com/zizmorcore/zizmor) from 1.23.1 to 1.25.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.25.2\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-tools\"\u003eunpinned-tools\u003c/a\u003e audit would incorrectly flag the \u003ca href=\"https://github.com/aquasecurity/trivy-action\"\u003eaquasecurity/trivy-action\u003c/a\u003e action as installing an unpinned tool version, rather than \u003ca href=\"https://github.com/aquasecurity/setup-trivy\"\u003eaquasecurity/setup-trivy\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2018\"\u003e#2018\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.25.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#cache-poisoning\"\u003ecache-poisoning\u003c/a\u003e audit would fail to consider release events as exempt from cache usage findings when filtered by a tag condition (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2004\"\u003e#2004\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo when suggesting --fix flags for findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2010\"\u003e#2010\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/0xdea\"\u003e\u003ccode\u003e@​0xdea\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo in \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-tools\"\u003eunpinned-tools\u003c/a\u003e annotations (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2008\"\u003e#2008\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#github-app\"\u003egithub-app\u003c/a\u003e audit would incorrectly flag some safe uses of \u003ca href=\"https://github.com/actions/create-github-app-token\"\u003eactions/create-github-app-token\u003c/a\u003e as unsafe (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2011\"\u003e#2011\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.25.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's finding severities can now be remapped on a per-audit basis. See \u003ca href=\"https://docs.zizmor.sh/configuration/#rules-id-remap\"\u003ethe configuration\u003c/a\u003e for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1913\"\u003e#1913\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/Proximyst\"\u003e\u003ccode\u003e@​Proximyst\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#github-app\"\u003egithub-app\u003c/a\u003e detects dangerous usages of GitHub App installation tokens (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: [unpinned-tools] detects actions that install tools without pinning to a specific version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now accepts the --no-ignores flag to disable all ignore comments and configurations when reporting findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's LSP now honors the --persona flag on the CLI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1943\"\u003e#1943\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor is now aware of Docker-based action definitions, in addition to the pre-existing support for \u0026quot;composite\u0026quot; actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue edit --add-label / gh pr edit --add-label as a replacement for \u003ca href=\"https://github.com/actions-ecosystem/action-add-labels\"\u003eactions-ecosystem/action-add-labels\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue edit --remove-label / gh pr edit --remove-label as a replacement for \u003ca href=\"https://github.com/actions-ecosystem/action-remove-labels\"\u003eactions-ecosystem/action-remove-labels\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend jq as a replacement for \u003ca href=\"https://github.com/sergeysova/jq-action\"\u003esergeysova/jq-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend git add, git commit, and git push as a replacement for \u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action\"\u003estefanzweifel/git-auto-commit-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend git add, git commit, and git push as a replacement for \u003ca href=\"https://github.com/EndBug/add-and-commit\"\u003eEndBug/add-and-commit\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/tibdex/github-app-token\"\u003etibdex/github-app-token\u003c/a\u003e is now recognized as an archived action by \u003ca href=\"https://docs.zizmor.sh/audits/#archived-uses\"\u003earchived-uses\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1910\"\u003e#1910\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.25.2\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the [unpinned-tools] audit would incorrectly flag the\n\u003ccode\u003e@​aquasecurity/trivy-action\u003c/code\u003e action as installing an unpinned tool version,\nrather than \u003ccode\u003e@​aquasecurity/setup-trivy\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2018\"\u003e#2018\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.25.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the [cache-poisoning] audit would fail to consider\n\u003ccode\u003erelease\u003c/code\u003e events as exempt from cache usage findings when filtered by a\ntag condition (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2004\"\u003e#2004\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo when suggesting \u003ccode\u003e--fix\u003c/code\u003e flags for findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2010\"\u003e#2010\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/0xdea\"\u003e\u003ccode\u003e@​0xdea\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo in [unpinned-tools] annotations (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2008\"\u003e#2008\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the [github-app] audit would incorrectly flag some safe\nuses of \u003ccode\u003e@​actions/create-github-app-token\u003c/code\u003e as unsafe (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2011\"\u003e#2011\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.25.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's finding severities can now be remapped on a per-audit basis.\nSee \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/configuration.md#rules-id-remap\"\u003ethe configuration\u003c/a\u003e for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1913\"\u003e#1913\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/Proximyst\"\u003e\u003ccode\u003e@​Proximyst\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [github-app] detects dangerous usages of GitHub App installation tokens\n(\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [unpinned-tools] detects actions that install tools without pinning\nto a specific version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now accepts the \u003ccode\u003e--no-ignores\u003c/code\u003e flag to disable all ignore comments and\nconfigurations when reporting findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e's LSP now honors the \u003ccode\u003e--persona\u003c/code\u003e flag on the CLI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1943\"\u003e#1943\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e is now aware of Docker-based action definitions, in addition to the\npre-existing support for \u0026quot;composite\u0026quot; actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/b50d8f60e27e0084aa3a5f5dff46054a8253ac2a\"\u003e\u003ccode\u003eb50d8f6\u003c/code\u003e\u003c/a\u003e zizmor 1.25.2 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/e8c96481b76ee03dc3e72cc744ad77cfc62cc238\"\u003e\u003ccode\u003ee8c9648\u003c/code\u003e\u003c/a\u003e Bump rustls-webpki to 0.103.13 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2021\"\u003e#2021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/9e19bdedaa4af986b47d7f3ffdadcdd7b226c8a6\"\u003e\u003ccode\u003e9e19bde\u003c/code\u003e\u003c/a\u003e Bump aws-lc crates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2020\"\u003e#2020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/49cb189191c75a18d73a92ae47985424cc0acd3e\"\u003e\u003ccode\u003e49cb189\u003c/code\u003e\u003c/a\u003e Bump rand to 0.9.4 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2019\"\u003e#2019\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/bfdb64993cecb911e385622b989a44431fc2d13f\"\u003e\u003ccode\u003ebfdb649\u003c/code\u003e\u003c/a\u003e unpinned-tools: fix trivy action being detected (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2018\"\u003e#2018\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/9300d3b5a7f06a3d77f092d01434dab99399f3e5\"\u003e\u003ccode\u003e9300d3b\u003c/code\u003e\u003c/a\u003e ww/release (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/331917af1e4f7c6aed23ddd41477c2042d8a857d\"\u003e\u003ccode\u003e331917a\u003c/code\u003e\u003c/a\u003e chore: drop \u003ccode\u003eserde_yaml\u003c/code\u003e rename (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2015\"\u003e#2015\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/506f0856dec8a5c863a4dce695a83491187c543d\"\u003e\u003ccode\u003e506f085\u003c/code\u003e\u003c/a\u003e github-app: test \u003ccode\u003erepositories\u003c/code\u003e, not \u003ccode\u003erepository\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2011\"\u003e#2011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/53dea374e8a01f8df00f9d1acd7dbdfb1838acd8\"\u003e\u003ccode\u003e53dea37\u003c/code\u003e\u003c/a\u003e unpinned-tools, docs: fix typos (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2008\"\u003e#2008\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/8068e115f99b6b84611a8865a8cad0858bd5e07c\"\u003e\u003ccode\u003e8068e11\u003c/code\u003e\u003c/a\u003e fix: replace \u003ccode\u003e--fix=unsafe\u003c/code\u003e with \u003ccode\u003e--fix=unsafe-only\u003c/code\u003e in suggestion (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2010\"\u003e#2010\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.23.1...v1.25.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmor\u0026package-manager=uv\u0026previous-version=1.23.1\u0026new-version=1.25.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ikomom/bilibili-user-interface/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ikomom%2Fbilibili-user-interface/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"}},{"old_version":"1.24.1","new_version":"1.25.1","update_type":"minor","path":null,"pr_created_at":"2026-05-22T22:07:40.000Z","version_change":"1.24.1 → 1.25.1","issue":{"uuid":"4505849045","node_id":"PR_kwDOF8_QEs7egeQP","number":1980,"state":"closed","title":"⬆ Bump zizmor from 1.24.1 to 1.25.1","user":"dependabot[bot]","labels":["dependencies","internal","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-25T20:13:35.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T22:07:40.000Z","updated_at":"2026-05-25T20:13:37.000Z","time_to_close":252355,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"⬆ Bump","packages":[{"name":"zizmor","old_version":"1.24.1","new_version":"1.25.1","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps [zizmor](https://github.com/zizmorcore/zizmor) from 1.24.1 to 1.25.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.25.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#cache-poisoning\"\u003ecache-poisoning\u003c/a\u003e audit would fail to consider release events as exempt from cache usage findings when filtered by a tag condition (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2004\"\u003e#2004\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo when suggesting --fix flags for findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2010\"\u003e#2010\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/0xdea\"\u003e\u003ccode\u003e@​0xdea\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo in \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-tools\"\u003eunpinned-tools\u003c/a\u003e annotations (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2008\"\u003e#2008\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#github-app\"\u003egithub-app\u003c/a\u003e audit would incorrectly flag some safe uses of \u003ca href=\"https://github.com/actions/create-github-app-token\"\u003eactions/create-github-app-token\u003c/a\u003e as unsafe (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2011\"\u003e#2011\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.25.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's finding severities can now be remapped on a per-audit basis. See \u003ca href=\"https://docs.zizmor.sh/configuration/#rules-id-remap\"\u003ethe configuration\u003c/a\u003e for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1913\"\u003e#1913\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/Proximyst\"\u003e\u003ccode\u003e@​Proximyst\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#github-app\"\u003egithub-app\u003c/a\u003e detects dangerous usages of GitHub App installation tokens (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: [unpinned-tools] detects actions that install tools without pinning to a specific version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now accepts the --no-ignores flag to disable all ignore comments and configurations when reporting findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's LSP now honors the --persona flag on the CLI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1943\"\u003e#1943\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor is now aware of Docker-based action definitions, in addition to the pre-existing support for \u0026quot;composite\u0026quot; actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue edit --add-label / gh pr edit --add-label as a replacement for \u003ca href=\"https://github.com/actions-ecosystem/action-add-labels\"\u003eactions-ecosystem/action-add-labels\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue edit --remove-label / gh pr edit --remove-label as a replacement for \u003ca href=\"https://github.com/actions-ecosystem/action-remove-labels\"\u003eactions-ecosystem/action-remove-labels\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend jq as a replacement for \u003ca href=\"https://github.com/sergeysova/jq-action\"\u003esergeysova/jq-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend git add, git commit, and git push as a replacement for \u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action\"\u003estefanzweifel/git-auto-commit-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend git add, git commit, and git push as a replacement for \u003ca href=\"https://github.com/EndBug/add-and-commit\"\u003eEndBug/add-and-commit\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/tibdex/github-app-token\"\u003etibdex/github-app-token\u003c/a\u003e is now recognized as an archived action by \u003ca href=\"https://docs.zizmor.sh/audits/#archived-uses\"\u003earchived-uses\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1910\"\u003e#1910\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [dangerous-triggers] audit now explicitly exempts workflows that only invoke \u003ca href=\"https://github.com/actions/labeler\"\u003eactions/labeler\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-images\"\u003eunpinned-images\u003c/a\u003e audit now detects unpinned image references in Docker-based action definitions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.25.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the [cache-poisoning] audit would fail to consider\n\u003ccode\u003erelease\u003c/code\u003e events as exempt from cache usage findings when filtered by a\ntag condition (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2004\"\u003e#2004\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo when suggesting \u003ccode\u003e--fix\u003c/code\u003e flags for findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2010\"\u003e#2010\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/0xdea\"\u003e\u003ccode\u003e@​0xdea\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a typo in [unpinned-tools] annotations (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2008\"\u003e#2008\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the [github-app] audit would incorrectly flag some safe\nuses of \u003ccode\u003e@​actions/create-github-app-token\u003c/code\u003e as unsafe (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2011\"\u003e#2011\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.25.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's finding severities can now be remapped on a per-audit basis.\nSee \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/configuration.md#rules-id-remap\"\u003ethe configuration\u003c/a\u003e for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1913\"\u003e#1913\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/Proximyst\"\u003e\u003ccode\u003e@​Proximyst\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [github-app] detects dangerous usages of GitHub App installation tokens\n(\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [unpinned-tools] detects actions that install tools without pinning\nto a specific version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now accepts the \u003ccode\u003e--no-ignores\u003c/code\u003e flag to disable all ignore comments and\nconfigurations when reporting findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e's LSP now honors the \u003ccode\u003e--persona\u003c/code\u003e flag on the CLI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1943\"\u003e#1943\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e is now aware of Docker-based action definitions, in addition to the\npre-existing support for \u0026quot;composite\u0026quot; actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh issue edit --add-label\u003c/code\u003e / \u003ccode\u003egh pr edit --add-label\u003c/code\u003e as a replacement for\n\u003ccode\u003e@​actions-ecosystem/action-add-labels\u003c/code\u003e in [superfluous-actions]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh issue edit --remove-label\u003c/code\u003e / \u003ccode\u003egh pr edit --remove-label\u003c/code\u003e as a replacement for\n\u003ccode\u003e@​actions-ecosystem/action-remove-labels\u003c/code\u003e in [superfluous-actions]\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/9300d3b5a7f06a3d77f092d01434dab99399f3e5\"\u003e\u003ccode\u003e9300d3b\u003c/code\u003e\u003c/a\u003e ww/release (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2016\"\u003e#2016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/331917af1e4f7c6aed23ddd41477c2042d8a857d\"\u003e\u003ccode\u003e331917a\u003c/code\u003e\u003c/a\u003e chore: drop \u003ccode\u003eserde_yaml\u003c/code\u003e rename (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2015\"\u003e#2015\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/506f0856dec8a5c863a4dce695a83491187c543d\"\u003e\u003ccode\u003e506f085\u003c/code\u003e\u003c/a\u003e github-app: test \u003ccode\u003erepositories\u003c/code\u003e, not \u003ccode\u003erepository\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2011\"\u003e#2011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/53dea374e8a01f8df00f9d1acd7dbdfb1838acd8\"\u003e\u003ccode\u003e53dea37\u003c/code\u003e\u003c/a\u003e unpinned-tools, docs: fix typos (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2008\"\u003e#2008\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/8068e115f99b6b84611a8865a8cad0858bd5e07c\"\u003e\u003ccode\u003e8068e11\u003c/code\u003e\u003c/a\u003e fix: replace \u003ccode\u003e--fix=unsafe\u003c/code\u003e with \u003ccode\u003e--fix=unsafe-only\u003c/code\u003e in suggestion (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2010\"\u003e#2010\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/05e3d99d937ae280a42bbbee32f94c2608583289\"\u003e\u003ccode\u003e05e3d99\u003c/code\u003e\u003c/a\u003e cache-poisoning: relax trigger check in heuristics (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2004\"\u003e#2004\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/9440ced9e1cc01bdd51f6b13389d802d22b97bae\"\u003e\u003ccode\u003e9440ced\u003c/code\u003e\u003c/a\u003e Fix link in release-notes (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2002\"\u003e#2002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/ee075979c40cc6b8278bc0215477d03d65c80980\"\u003e\u003ccode\u003eee07597\u003c/code\u003e\u003c/a\u003e Prep zizmor 1.25.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2001\"\u003e#2001\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/77e92cf559951568311fd0d39a99fd091fb1df09\"\u003e\u003ccode\u003e77e92cf\u003c/code\u003e\u003c/a\u003e Bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1999\"\u003e#1999\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/bf0362df55cb4b4998913bca0b9ff91a07ceebac\"\u003e\u003ccode\u003ebf0362d\u003c/code\u003e\u003c/a\u003e Add some gatekeeping that instructs agents to refer their operator to the AI ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.24.1...v1.25.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmor\u0026package-manager=uv\u0026previous-version=1.24.1\u0026new-version=1.25.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/fastapi/sqlmodel/pull/1980","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/fastapi%2Fsqlmodel/issues/1980","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1980/packages"}},{"old_version":"1.23.1","new_version":"1.25.0","update_type":"minor","path":null,"pr_created_at":"2026-05-22T19:50:12.000Z","version_change":"1.23.1 → 1.25.0","issue":{"uuid":"4505245325","node_id":"PR_kwDOSg-MxM7eeitJ","number":7,"state":"open","title":"⬆ Bump zizmor from 1.23.1 to 1.25.0","user":"dependabot[bot]","labels":["dependencies","python:uv","internal"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T19:50:12.000Z","updated_at":"2026-05-22T19:52:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"⬆ Bump","packages":[{"name":"zizmor","old_version":"1.23.1","new_version":"1.25.0","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps [zizmor](https://github.com/zizmorcore/zizmor) from 1.23.1 to 1.25.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.25.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's finding severities can now be remapped on a per-audit basis. See \u003ca href=\"https://docs.zizmor.sh/configuration/#rules-id-remap\"\u003ethe configuration\u003c/a\u003e for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1913\"\u003e#1913\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/Proximyst\"\u003e\u003ccode\u003e@​Proximyst\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#github-app\"\u003egithub-app\u003c/a\u003e detects dangerous usages of GitHub App installation tokens (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: [unpinned-tools] detects actions that install tools without pinning to a specific version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now accepts the --no-ignores flag to disable all ignore comments and configurations when reporting findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's LSP now honors the --persona flag on the CLI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1943\"\u003e#1943\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor is now aware of Docker-based action definitions, in addition to the pre-existing support for \u0026quot;composite\u0026quot; actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue edit --add-label / gh pr edit --add-label as a replacement for \u003ca href=\"https://github.com/actions-ecosystem/action-add-labels\"\u003eactions-ecosystem/action-add-labels\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue edit --remove-label / gh pr edit --remove-label as a replacement for \u003ca href=\"https://github.com/actions-ecosystem/action-remove-labels\"\u003eactions-ecosystem/action-remove-labels\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend jq as a replacement for \u003ca href=\"https://github.com/sergeysova/jq-action\"\u003esergeysova/jq-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend git add, git commit, and git push as a replacement for \u003ca href=\"https://github.com/stefanzweifel/git-auto-commit-action\"\u003estefanzweifel/git-auto-commit-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend git add, git commit, and git push as a replacement for \u003ca href=\"https://github.com/EndBug/add-and-commit\"\u003eEndBug/add-and-commit\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/tibdex/github-app-token\"\u003etibdex/github-app-token\u003c/a\u003e is now recognized as an archived action by \u003ca href=\"https://docs.zizmor.sh/audits/#archived-uses\"\u003earchived-uses\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1910\"\u003e#1910\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [dangerous-triggers] audit now explicitly exempts workflows that only invoke \u003ca href=\"https://github.com/actions/labeler\"\u003eactions/labeler\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-images\"\u003eunpinned-images\u003c/a\u003e audit now detects unpinned image references in Docker-based action definitions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's SARIF output now provides slightly more detailed finding messages (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1972\"\u003e#1972\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#archived-uses\"\u003earchived-uses\u003c/a\u003e audit now detects more archived actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1978\"\u003e#1978\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003edeno is now recognized as a package-ecosystem in dependabot.yml (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1991\"\u003e#1991\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePerformance Improvements 🚄\u003ca href=\"https://docs.zizmor.sh/release-notes/#performance-improvements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#impostor-commit\"\u003eimpostor-commit\u003c/a\u003e audit is now significantly faster (in addition to being more correct) when the user has pinned their action to a tag SHA instead of a commit SHA (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1998\"\u003e#1998\u003c/a\u003e)\nBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a crash in the \u003ca href=\"https://docs.zizmor.sh/audits/#template-injection\"\u003etemplate-injection\u003c/a\u003e audit when a workflow uses a parenthesized compound expression in context position (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1904\"\u003e#1904\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where local directory input collection could miss workflows for relative-path invocations from within .github subdirectories (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1909\"\u003e#1909\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.25.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's finding severities can now be remapped on a per-audit basis.\nSee \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/configuration.md#rules-id-remap\"\u003ethe configuration\u003c/a\u003e for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1913\"\u003e#1913\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/Proximyst\"\u003e\u003ccode\u003e@​Proximyst\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [github-app] detects dangerous usages of GitHub App installation tokens\n(\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [unpinned-tools] detects actions that install tools without pinning\nto a specific version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now accepts the \u003ccode\u003e--no-ignores\u003c/code\u003e flag to disable all ignore comments and\nconfigurations when reporting findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1935\"\u003e#1935\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e's LSP now honors the \u003ccode\u003e--persona\u003c/code\u003e flag on the CLI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1943\"\u003e#1943\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e is now aware of Docker-based action definitions, in addition to the\npre-existing support for \u0026quot;composite\u0026quot; actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh issue edit --add-label\u003c/code\u003e / \u003ccode\u003egh pr edit --add-label\u003c/code\u003e as a replacement for\n\u003ccode\u003e@​actions-ecosystem/action-add-labels\u003c/code\u003e in [superfluous-actions]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh issue edit --remove-label\u003c/code\u003e / \u003ccode\u003egh pr edit --remove-label\u003c/code\u003e as a replacement for\n\u003ccode\u003e@​actions-ecosystem/action-remove-labels\u003c/code\u003e in [superfluous-actions]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003ejq\u003c/code\u003e as a replacement for \u003ccode\u003e@​sergeysova/jq-action\u003c/code\u003e in [superfluous-actions]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egit add\u003c/code\u003e, \u003ccode\u003egit commit\u003c/code\u003e, and \u003ccode\u003egit push\u003c/code\u003e as a replacement for\n\u003ccode\u003e@​stefanzweifel/git-auto-commit-action\u003c/code\u003e in [superfluous-actions]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egit add\u003c/code\u003e, \u003ccode\u003egit commit\u003c/code\u003e, and \u003ccode\u003egit push\u003c/code\u003e as a replacement for\n\u003ccode\u003e@​EndBug/add-and-commit\u003c/code\u003e in [superfluous-actions]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003e@​tibdex/github-app-token\u003c/code\u003e is now recognized as an archived action by\n[archived-uses] (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1910\"\u003e#1910\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [dangerous-triggers] audit now explicitly exempts workflows that only\ninvoke \u003ccode\u003e@​actions/labeler\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1956\"\u003e#1956\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-images] audit now detects unpinned image references in\nDocker-based action definitions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1965\"\u003e#1965\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's SARIF output now provides slightly more detailed finding messages\n(\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1972\"\u003e#1972\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/ee075979c40cc6b8278bc0215477d03d65c80980\"\u003e\u003ccode\u003eee07597\u003c/code\u003e\u003c/a\u003e Prep zizmor 1.25.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/2001\"\u003e#2001\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/77e92cf559951568311fd0d39a99fd091fb1df09\"\u003e\u003ccode\u003e77e92cf\u003c/code\u003e\u003c/a\u003e Bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1999\"\u003e#1999\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/bf0362df55cb4b4998913bca0b9ff91a07ceebac\"\u003e\u003ccode\u003ebf0362d\u003c/code\u003e\u003c/a\u003e Add some gatekeeping that instructs agents to refer their operator to the AI ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/5594c39b7107488e80d747ec1bbcf65b29a29837\"\u003e\u003ccode\u003e5594c39\u003c/code\u003e\u003c/a\u003e impostor-commit: handle tag SHAs properly (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1998\"\u003e#1998\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/205979aa917353208610cc1550fc71fa8f32257a\"\u003e\u003ccode\u003e205979a\u003c/code\u003e\u003c/a\u003e chore(deps): bump the cargo group with 3 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1987\"\u003e#1987\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/bcafe88a0d2e8b1812cd9e9e248b580e98e67af8\"\u003e\u003ccode\u003ebcafe88\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1988\"\u003e#1988\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/6690c007d6a248e9770a9905bf4c8fed55bd2629\"\u003e\u003ccode\u003e6690c00\u003c/code\u003e\u003c/a\u003e [BOT] update JSON schemas from SchemaStore (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1986\"\u003e#1986\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/3b3b29ac6ffe0b4b139f3b38299f3d0adb206cbf\"\u003e\u003ccode\u003e3b3b29a\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003edeno\u003c/code\u003e as a known Dependabot ecosystem (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1991\"\u003e#1991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/ef54d445066012340fd644b83bf4e0930da93446\"\u003e\u003ccode\u003eef54d44\u003c/code\u003e\u003c/a\u003e Bump sponsors (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1990\"\u003e#1990\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/fd14ab6e046349850b4b037b859fbb7888b57dfe\"\u003e\u003ccode\u003efd14ab6\u003c/code\u003e\u003c/a\u003e Make trophy handling less cumbersome (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1982\"\u003e#1982\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.23.1...v1.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmor\u0026package-manager=uv\u0026previous-version=1.23.1\u0026new-version=1.25.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/waqas-duck/typer/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/waqas-duck%2Ftyper/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"}},{"old_version":"1.23.1","new_version":"1.24.1","update_type":"minor","path":null,"pr_created_at":"2026-05-09T16:48:22.000Z","version_change":"1.23.1 → 1.24.1","issue":{"uuid":"4413148759","node_id":"PR_kwDOGyUJ387Z4DQT","number":335,"state":"closed","title":":arrow_up: deps(deps): Bump the python-packages group with 13 updates","user":"dependabot[bot]","labels":["🛠️ maintenance"],"assignees":["ryancheley"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-09T22:45:10.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-09T16:48:22.000Z","updated_at":"2026-05-09T22:45:18.000Z","time_to_close":21408,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":":arrow_up: deps(deps): Bump","group_name":"python-packages","update_count":13,"packages":[{"name":"django","old_version":"6.0.3","new_version":"6.0.5","repository_url":"https://github.com/django/django"},{"name":"django-health-check","old_version":"4.2.1","new_version":"4.4.0","repository_url":"https://github.com/codingjoe/django-health-check"},{"name":"gunicorn","old_version":"25.3.0","new_version":"26.0.0","repository_url":"https://github.com/benoitc/gunicorn"},{"name":"requests","old_version":"2.33.0","new_version":"2.33.1","repository_url":"https://github.com/psf/requests"},{"name":"django-coverage-plugin","old_version":"3.2.0","new_version":"3.2.2","repository_url":"https://github.com/coveragepy/django_coverage_plugin"},{"name":"django-debug-toolbar","old_version":"6.2.0","new_version":"6.3.0","repository_url":"https://github.com/django-commons/django-debug-toolbar"},{"name":"prek","old_version":"0.3.8","new_version":"0.3.13","repository_url":"https://github.com/j178/prek"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"pytest-randomly","old_version":"4.0.1","new_version":"4.1.0","repository_url":"https://github.com/pytest-dev/pytest-randomly"},{"name":"ruff","old_version":"0.15.8","new_version":"0.15.12","repository_url":"https://github.com/astral-sh/ruff"},{"name":"uv","old_version":"0.11.2","new_version":"0.11.12","repository_url":"https://github.com/astral-sh/uv"},{"name":"zizmor","old_version":"1.23.1","new_version":"1.24.1","repository_url":"https://github.com/zizmorcore/zizmor"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-packages group with 13 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [django](https://github.com/django/django) | `6.0.3` | `6.0.5` |\n| [django-health-check](https://github.com/codingjoe/django-health-check) | `4.2.1` | `4.4.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `25.3.0` | `26.0.0` |\n| [requests](https://github.com/psf/requests) | `2.33.0` | `2.33.1` |\n| [django-coverage-plugin](https://github.com/coveragepy/django_coverage_plugin) | `3.2.0` | `3.2.2` |\n| [django-debug-toolbar](https://github.com/django-commons/django-debug-toolbar) | `6.2.0` | `6.3.0` |\n| [prek](https://github.com/j178/prek) | `0.3.8` | `0.3.13` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [pytest-randomly](https://github.com/pytest-dev/pytest-randomly) | `4.0.1` | `4.1.0` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.8` | `0.15.12` |\n| [uv](https://github.com/astral-sh/uv) | `0.11.2` | `0.11.12` |\n| [zizmor](https://github.com/zizmorcore/zizmor) | `1.23.1` | `1.24.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n\nUpdates `django` from 6.0.3 to 6.0.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8f8ad09659d728423a00e0a3b5f16da5c3a38e24\"\u003e\u003ccode\u003e8f8ad09\u003c/code\u003e\u003c/a\u003e [6.0.x] Bumped version for 6.0.5 release.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/44ad76efcbe3c4ca0f08bb9dabe916f6374596c9\"\u003e\u003ccode\u003e44ad76e\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-6907 -- Prevented caching of requests when Vary header...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/1b0184aa657bc3f5859aeb0206e7c1e94e48b103\"\u003e\u003ccode\u003e1b0184a\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-35192 -- Ensured Vary header is sent when setting sess...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/ad8f9e19e0897ea45ded7c046ff28daf6f773e92\"\u003e\u003ccode\u003ead8f9e1\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-5766 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE in Memory...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/990ab01e70fd8f55e867b4a234c0ee242fd33fec\"\u003e\u003ccode\u003e990ab01\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed \u003ca href=\"https://redirect.github.com/django/django/issues/37039\"\u003e#37039\u003c/a\u003e -- Removed outdated note from QuerySet.iterator() docs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/f0c269f285ab58bfb4a120141d7dd41ff4f42b45\"\u003e\u003ccode\u003ef0c269f\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed typo in stub release notes for 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8bcd15beeff6542acc381b83f50b061d62284c2b\"\u003e\u003ccode\u003e8bcd15b\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed \u003ca href=\"https://redirect.github.com/django/django/issues/37067\"\u003e#37067\u003c/a\u003e -- Added trailing slash in django_file_prefixes().\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/3cdec6454fb86e8d03a06944c0c68025733ed93f\"\u003e\u003ccode\u003e3cdec64\u003c/code\u003e\u003c/a\u003e [6.0.x] Refs CVE-2026-25674 -- Clarified role of umask in upload permissions.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/5dd5c70cf1056e8e04badb687f773e8f16bba257\"\u003e\u003ccode\u003e5dd5c70\u003c/code\u003e\u003c/a\u003e [6.0.x] Added stub release notes and release date for 6.0.5 and 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8ee73415270a1a54daaec9bb529ad82c6f7a6d4c\"\u003e\u003ccode\u003e8ee7341\u003c/code\u003e\u003c/a\u003e [6.0.x] Refs \u003ca href=\"https://redirect.github.com/django/django/issues/373\"\u003e#373\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/django/django/issues/34122\"\u003e#34122\u003c/a\u003e -- Removed warning that ForeignObject is an interna...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/django/django/compare/6.0.3...6.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-health-check` from 4.2.1 to 4.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codingjoe/django-health-check/releases\"\u003edjango-health-check's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eResolve \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/issues/724\"\u003e#724\u003c/a\u003e -- Add public dataclass field as OpenMetric label by \u003ca href=\"https://github.com/RemiDesgrange\"\u003e\u003ccode\u003e@​RemiDesgrange\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/pull/725\"\u003ecodingjoe/django-health-check#725\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RemiDesgrange\"\u003e\u003ccode\u003e@​RemiDesgrange\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/pull/725\"\u003ecodingjoe/django-health-check#725\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codingjoe/django-health-check/compare/4.3.1...4.4.0\"\u003ehttps://github.com/codingjoe/django-health-check/compare/4.3.1...4.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.3.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eClean up storage probe files when validation fails by \u003ca href=\"https://github.com/M-Hassan-Raza\"\u003e\u003ccode\u003e@​M-Hassan-Raza\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/pull/717\"\u003ecodingjoe/django-health-check#717\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M-Hassan-Raza\"\u003e\u003ccode\u003e@​M-Hassan-Raza\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/pull/717\"\u003ecodingjoe/django-health-check#717\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codingjoe/django-health-check/compare/4.3.0...4.3.1\"\u003ehttps://github.com/codingjoe/django-health-check/compare/4.3.0...4.3.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRef \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/issues/701\"\u003e#701\u003c/a\u003e -- Add support for a custom executor for synchronous checks by \u003ca href=\"https://github.com/codingjoe\"\u003e\u003ccode\u003e@​codingjoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/pull/716\"\u003ecodingjoe/django-health-check#716\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codingjoe/django-health-check/compare/4.2.2...4.3.0\"\u003ehttps://github.com/codingjoe/django-health-check/compare/4.2.2...4.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLink to stable psutil docs by \u003ca href=\"https://github.com/codingjoe\"\u003e\u003ccode\u003e@​codingjoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/pull/695\"\u003ecodingjoe/django-health-check#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRef \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/issues/701\"\u003e#701\u003c/a\u003e -- Close dangling DB connections and reduce memory foodprint by \u003ca href=\"https://github.com/codingjoe\"\u003e\u003ccode\u003e@​codingjoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/pull/702\"\u003ecodingjoe/django-health-check#702\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/issues/699\"\u003e#699\u003c/a\u003e -- Gracefully handle None value from active_queues in Celery by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/pull/700\"\u003ecodingjoe/django-health-check#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/pull/700\"\u003ecodingjoe/django-health-check#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codingjoe/django-health-check/compare/4.2.1...4.2.2\"\u003ehttps://github.com/codingjoe/django-health-check/compare/4.2.1...4.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codingjoe/django-health-check/commit/e480bc06a2c38f2e5c6406ac16cbbf2ed0463b6e\"\u003e\u003ccode\u003ee480bc0\u003c/code\u003e\u003c/a\u003e Resolve \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/issues/724\"\u003e#724\u003c/a\u003e -- Add public dataclass field as OpenMetric label (\u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codingjoe/django-health-check/commit/e56c871d4f47acca7b3f1d0e80825025a685b51b\"\u003e\u003ccode\u003ee56c871\u003c/code\u003e\u003c/a\u003e Clean up storage probe files when validation fails (\u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/issues/717\"\u003e#717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codingjoe/django-health-check/commit/3421a3cabab7f2c7465afb11bc52d38b51c337c1\"\u003e\u003ccode\u003e3421a3c\u003c/code\u003e\u003c/a\u003e Update copilot review instructions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codingjoe/django-health-check/commit/c674d2f6d51784f01c3960a1ef37f2ee601608d5\"\u003e\u003ccode\u003ec674d2f\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Update celery requirement from \u0026gt;=5.0.0 to \u0026gt;=5.6.3\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codingjoe/django-health-check/commit/04a22e527dae62af689a51052d2744e3ede2748e\"\u003e\u003ccode\u003e04a22e5\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Update flit-core requirement from \u0026gt;=3.2 to \u0026gt;=3.12.0\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codingjoe/django-health-check/commit/4d47e8ab3501fadbd49539a2d4f78300717fa78f\"\u003e\u003ccode\u003e4d47e8a\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Update aio-pika requirement from \u0026gt;=9.0.0 to \u0026gt;=9.6.2\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codingjoe/django-health-check/commit/e0d44791516d85cdaf70d888a96c603c4e2d1d5f\"\u003e\u003ccode\u003ee0d4479\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Update django requirement from \u0026gt;=5.2 to \u0026gt;=5.2.13\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codingjoe/django-health-check/commit/8994dcc7bc63df6a713f00b5fe73f3158e86e21a\"\u003e\u003ccode\u003e8994dcc\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Update confluent-kafka requirement from \u0026gt;=2.0.0 to \u0026gt;=2.14.0\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codingjoe/django-health-check/commit/1f31638c0e124dc9057d702c4b6dfa231c723b09\"\u003e\u003ccode\u003e1f31638\u003c/code\u003e\u003c/a\u003e Ref \u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/issues/701\"\u003e#701\u003c/a\u003e -- Add support for a custom executor for synchronous checks (\u003ca href=\"https://redirect.github.com/codingjoe/django-health-check/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codingjoe/django-health-check/commit/b79e9604a0d5ae8e6420fc1c8c1e493b19aa49a1\"\u003e\u003ccode\u003eb79e960\u003c/code\u003e\u003c/a\u003e Bump actions/upload-pages-artifact from 4 to 5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/codingjoe/django-health-check/compare/4.2.1...4.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `gunicorn` from 25.3.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/benoitc/gunicorn/releases\"\u003egunicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEventlet worker removed\u003c/strong\u003e: The \u003ccode\u003eeventlet\u003c/code\u003e worker class has been dropped. Migrate to \u003ccode\u003egevent\u003c/code\u003e, \u003ccode\u003egthread\u003c/code\u003e, or \u003ccode\u003etornado\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Framework Compatibility Suite\u003c/strong\u003e: New end-to-end compatibility test harness covering Starlette, FastAPI, Litestar, Quart, Sanic, and BlackSheep. Current grid passes 438/444 tests (98%).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Test Suite Expansion\u003c/strong\u003e: 134 additional ASGI unit tests covering protocol semantics, lifespan, websockets, and chunked framing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/1.1 Request-Target Validation\u003c/strong\u003e (RFC 9112 sections 3.2.3, 3.2.4):\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003eauthority-form\u003c/code\u003e request-target outside \u003ccode\u003eCONNECT\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003easterisk-form\u003c/code\u003e request-target outside \u003ccode\u003eOPTIONS\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003erelative-reference\u003c/code\u003e request-targets\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Field Hardening\u003c/strong\u003e (RFC 9110):\n\u003cul\u003e\n\u003cli\u003eReject control characters in header field-value (section 5.5)\u003c/li\u003e\n\u003cli\u003eReject forbidden trailer field-names (section 6.5.1)\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003eContent-Length\u003c/code\u003e list form (RFC 9112 section 6.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRequest Smuggling Hardening\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eTighten keepalive gate and scope \u003ccode\u003efinish_body\u003c/code\u003e byte cap\u003c/li\u003e\n\u003cli\u003eKeep \u003ccode\u003e_body_receiver\u003c/code\u003e alive across the keepalive smuggling gate so pipelined requests cannot re-enter a closed body\u003c/li\u003e\n\u003cli\u003eAddress parser/protocol findings from a six-point WSGI/ASGI audit\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePROXY Protocol (ASGI)\u003c/strong\u003e: Enforce \u003ccode\u003eproxy_allow_ips\u003c/code\u003e and tighten v1/v2 parsing in the ASGI callback parser.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eConnection Draining\u003c/strong\u003e: Drain the connection on close per RFC 9112 section 9.6 to prevent reset-on-close truncation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBody Framing on HEAD/204/304\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eKeep \u003ccode\u003eContent-Length\u003c/code\u003e on HEAD and 304 responses (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop body framing on HEAD/204/304 even when the framework set it\u003c/li\u003e\n\u003cli\u003eWarn once when an ASGI app emits a body for a no-body response\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/2 ASGI\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e_handle_stream_ended\u003c/code\u003e to set \u003ccode\u003e_body_complete\u003c/code\u003e in the async HTTP/2 handler so request bodies finalize correctly on stream end\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eInvalidChunkExtension\u003c/code\u003e mapping and fast-parser support in ASGI tests (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3565\"\u003e#3565\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/1.1 100-Continue\u003c/strong\u003e: Stop adding \u003ccode\u003eTransfer-Encoding: chunked\u003c/code\u003e to 100-Continue interim responses.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebSocket Close Handshake\u003c/strong\u003e (RFC 6455):\n\u003cul\u003e\n\u003cli\u003eComply with the close handshake state machine\u003c/li\u003e\n\u003cli\u003eClose the transport after the close handshake completes\u003c/li\u003e\n\u003cli\u003eFix binary send when the \u003ccode\u003etext\u003c/code\u003e key is \u003ccode\u003eNone\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEarly Hints\u003c/strong\u003e: Validate headers in the \u003ccode\u003eearly_hints\u003c/code\u003e callback to match \u003ccode\u003eprocess_headers\u003c/code\u003e; pass only the header name to \u003ccode\u003eInvalidHeader\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3588\"\u003e#3588\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Framework Fixes\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eFix ASGI disconnect handling for Django-style apps\u003c/li\u003e\n\u003cli\u003eFix Litestar request handling (use raw ASGI receive for body/headers)\u003c/li\u003e\n\u003cli\u003eFix Litestar HTTP endpoints for compatibility tests\u003c/li\u003e\n\u003cli\u003eFix Quart headers endpoint to normalize keys to lowercase\u003c/li\u003e\n\u003cli\u003eFix Quart WebSocket close test app (missing \u003ccode\u003eaccept()\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eFix duplicate \u003ccode\u003eTransfer-Encoding\u003c/code\u003e header for BlackSheep streaming\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/5d819cf36040f6cc6175fcc804d703fb899509dd\"\u003e\u003ccode\u003e5d819cf\u003c/code\u003e\u003c/a\u003e release: 26.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/b45c70df105f7d5dcbc5abfb732804d6464edc21\"\u003e\u003ccode\u003eb45c70d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3611\"\u003e#3611\u003c/a\u003e from zc-mattcen/docs-typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/99c8d48acf453deb5c49fe12e195dbc00d888d1e\"\u003e\u003ccode\u003e99c8d48\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3623\"\u003e#3623\u003c/a\u003e from benoitc/chore/drop-eventlet-add-h2-uvloop-test-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/5a655af50f20e005dd9e32e6078dc82fa45f3d4b\"\u003e\u003ccode\u003e5a655af\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3622\"\u003e#3622\u003c/a\u003e from benoitc/test/docker-port-and-ipv4-fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/201df19a8011c0a1d6a0e75ebe22e89d48eb935e\"\u003e\u003ccode\u003e201df19\u003c/code\u003e\u003c/a\u003e chore: remove eventlet worker; add h2 and uvloop to test deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/f4ac8e1f1bf1d365e77f41915da55bec31873f84\"\u003e\u003ccode\u003ef4ac8e1\u003c/code\u003e\u003c/a\u003e test: pass action name to dirty client and stabilize after TTOU spam\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/54d38afddf1f0db0c15b5f4ff63f3c7bfad96961\"\u003e\u003ccode\u003e54d38af\u003c/code\u003e\u003c/a\u003e test: unblock docker fixtures on macOS hosts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/68843c8893dd938456f0a2da62085ab5776f8871\"\u003e\u003ccode\u003e68843c8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3621\"\u003e#3621\u003c/a\u003e from benoitc/fix/asgi-preserve-content-length-on-hea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/31f2618f733cc0c78690df63f4e344aaf3f56b20\"\u003e\u003ccode\u003e31f2618\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3620\"\u003e#3620\u003c/a\u003e from benoitc/fix/asgi-proxy-protocol-trust-and-parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/41ec7527dbd8a9e52728477700707ad40e41d9dc\"\u003e\u003ccode\u003e41ec752\u003c/code\u003e\u003c/a\u003e fix: keep Content-Length on HEAD and 304 responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/benoitc/gunicorn/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.33.0 to 2.33.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.1\u003c/h2\u003e\n\u003ch2\u003e2.33.1 (2026-03-30)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary\nfiles in the tmp directory. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7305\"\u003e#7305\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed Content-Type header parsing for malformed values. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7309\"\u003e#7309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImproved error consistency for malformed header values. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7308\"\u003e#7308\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ferdnyc\"\u003e\u003ccode\u003e@​ferdnyc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7277\"\u003epsf/requests#7277\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.1 (2026-03-30)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary\nfiles in the tmp directory. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7305\"\u003e#7305\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed Content-Type header parsing for malformed values. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7309\"\u003e#7309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImproved error consistency for malformed header values. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7308\"\u003e#7308\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/111d2b77790bf49943c0dfa09b365371c24aec7e\"\u003e\u003ccode\u003e111d2b7\u003c/code\u003e\u003c/a\u003e v2.33.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/f0198e6dfc431a2293dc16e1b1e8fcddc910a7f3\"\u003e\u003ccode\u003ef0198e6\u003c/code\u003e\u003c/a\u003e Fix malformed value parsing for Content-Type (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7309\"\u003e#7309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc7dd0fc4d56e808bcdd85ac2d797b3107c89259\"\u003e\u003ccode\u003ebc7dd0f\u003c/code\u003e\u003c/a\u003e Fix cosmetic header validity parsing regex (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7308\"\u003e#7308\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/4443b1a847b190010c2972a658924b98b5db6360\"\u003e\u003ccode\u003e4443b1a\u003c/code\u003e\u003c/a\u003e Fix unintended test extra (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7306\"\u003e#7306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/389eea58dfb2f2ee096421a812e3af29c0298951\"\u003e\u003ccode\u003e389eea5\u003c/code\u003e\u003c/a\u003e Cleanup extracted file after extract_zipped_path test (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7305\"\u003e#7305\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/7407309c8a8a73aa2f4337184025d440bbedab7a\"\u003e\u003ccode\u003e7407309\u003c/code\u003e\u003c/a\u003e Packaging: DRY out extras definition (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7277\"\u003e#7277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/psf/requests/compare/v2.33.0...v2.33.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-coverage-plugin` from 3.2.0 to 3.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/releases\"\u003edjango-coverage-plugin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.2\u003c/h2\u003e\n\u003cp\u003eFix: \u003ccode\u003e{% endblock %}\u003c/code\u003e lines (and others) were falsely reported as unexecuted when they appeared on their own indented line (\u003ca href=\"https://redirect.github.com/coveragepy/django_coverage_plugin/issues/74\"\u003eissue 74\u003c/a\u003e). Thanks, Marc Gibbons (\u003ca href=\"https://redirect.github.com/coveragepy/django_coverage_plugin/pull/108\"\u003epull 108\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eDropped Django 3.x and 4.x.\u003c/p\u003e\n\u003cp\u003eSwitched to trusted publishing.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/commit/4eb4fc975e915400734104851116e423164a7c5c\"\u003e\u003ccode\u003e4eb4fc9\u003c/code\u003e\u003c/a\u003e build: fix publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/commit/420435edd77b7af9e508446d60a852f61bcaed8c\"\u003e\u003ccode\u003e420435e\u003c/code\u003e\u003c/a\u003e build: v3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/commit/86a9d30fc44628981cd944ff58189f03fa082ca8\"\u003e\u003ccode\u003e86a9d30\u003c/code\u003e\u003c/a\u003e build: trusted publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/commit/9a5dfe53d9a81a8b54585c8b20b7e5ca06855afc\"\u003e\u003ccode\u003e9a5dfe5\u003c/code\u003e\u003c/a\u003e docs: update history\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/commit/bfee7019ec245ef61a3c182c262e54e64a1cabe8\"\u003e\u003ccode\u003ebfee701\u003c/code\u003e\u003c/a\u003e fix: endblock falsely reported as uncovered when on its own indented line \u003ca href=\"https://redirect.github.com/coveragepy/django_coverage_plugin/issues/74\"\u003e#74\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/commit/59954f3fb97938849e8ec882d59a7cf438f12eff\"\u003e\u003ccode\u003e59954f3\u003c/code\u003e\u003c/a\u003e correct two old references to nedbat on github\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/commit/7d145017c244f192c55a17035033667a190c0d6a\"\u003e\u003ccode\u003e7d14501\u003c/code\u003e\u003c/a\u003e docs: thanks, Marc Gibbons for \u003ca href=\"https://redirect.github.com/coveragepy/django_coverage_plugin/issues/109\"\u003e#109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/commit/55cf337e2a4242c30766dc4784bd99ac5d180085\"\u003e\u003ccode\u003e55cf337\u003c/code\u003e\u003c/a\u003e docs: move authors into readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/commit/639d48a188d04da28623a4751ae50e4da301fd9e\"\u003e\u003ccode\u003e639d48a\u003c/code\u003e\u003c/a\u003e Add Django 6, drop 3.2 and 4.2 which are EOL (\u003ca href=\"https://redirect.github.com/coveragepy/django_coverage_plugin/issues/109\"\u003e#109\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/commit/53d114ac6082fb3fcd97c5cf0c4d634d395fe7f0\"\u003e\u003ccode\u003e53d114a\u003c/code\u003e\u003c/a\u003e chore: bump actions/setup-python in the action-dependencies group (\u003ca href=\"https://redirect.github.com/coveragepy/django_coverage_plugin/issues/106\"\u003e#106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/django_coverage_plugin/compare/v3.2.0...v3.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-debug-toolbar` from 6.2.0 to 6.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/django-commons/django-debug-toolbar/releases\"\u003edjango-debug-toolbar's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.3.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eremove requirement_dev.txt from project by \u003ca href=\"https://github.com/p-r-a-v-i-n\"\u003e\u003ccode\u003e@​p-r-a-v-i-n\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/pull/2277\"\u003edjango-commons/django-debug-toolbar#2277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgraded ReadTheDocs Python version to 3.13. by \u003ca href=\"https://github.com/tim-schilling\"\u003e\u003ccode\u003e@​tim-schilling\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/pull/2307\"\u003edjango-commons/django-debug-toolbar#2307\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eModernize some panel styles and colors by \u003ca href=\"https://github.com/federicobond\"\u003e\u003ccode\u003e@​federicobond\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/pull/2285\"\u003edjango-commons/django-debug-toolbar#2285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate the translatable strings for the application. by \u003ca href=\"https://github.com/tim-schilling\"\u003e\u003ccode\u003e@​tim-schilling\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/pull/2311\"\u003edjango-commons/django-debug-toolbar#2311\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate translations 2026-02-09 by \u003ca href=\"https://github.com/tim-schilling\"\u003e\u003ccode\u003e@​tim-schilling\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/pull/2312\"\u003edjango-commons/django-debug-toolbar#2312\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a \u003ccode\u003epy.typed\u003c/code\u003e file, to make types available downstream by \u003ca href=\"https://github.com/brianhelba\"\u003e\u003ccode\u003e@​brianhelba\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/pull/2314\"\u003edjango-commons/django-debug-toolbar#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmit RedirectsPanel warning on usage rather than set up. by \u003ca href=\"https://github.com/tim-schilling\"\u003e\u003ccode\u003e@​tim-schilling\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/pull/2326\"\u003edjango-commons/django-debug-toolbar#2326\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHighlighted docs on disabling browser caching. by \u003ca href=\"https://github.com/tim-schilling\"\u003e\u003ccode\u003e@​tim-schilling\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/pull/2302\"\u003edjango-commons/django-debug-toolbar#2302\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly patch the cache methods once. by \u003ca href=\"https://github.com/tim-schilling\"\u003e\u003ccode\u003e@​tim-schilling\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/pull/2332\"\u003edjango-commons/django-debug-toolbar#2332\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eCacheStore\u003c/code\u003e, a store that uses Django's cache framework by \u003ca href=\"https://github.com/robhudson\"\u003e\u003ccode\u003e@​robhudson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/pull/2304\"\u003edjango-commons/django-debug-toolbar#2304\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChangelog from \u003ca href=\"https://django-debug-toolbar.readthedocs.io/en/latest/changes.html\"\u003edocs\u003c/a\u003e:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplaced \u003ccode\u003erequirements_dev.txt\u003c/code\u003e file for \u003ccode\u003epyproject.toml\u003c/code\u003e support with dependency groups.\u003c/li\u003e\n\u003cli\u003eUpdated ReadTheDocs Python version to 3.13.\u003c/li\u003e\n\u003cli\u003eModernize some panel styles and colors.\u003c/li\u003e\n\u003cli\u003eStandardize use of time/duration units and labels across panels.\u003c/li\u003e\n\u003cli\u003eAdded translations for Lithuanian, Turkish and Uzbek.\u003c/li\u003e\n\u003cli\u003eUpdate the translations.\u003c/li\u003e\n\u003cli\u003eExpose a \u003ccode\u003epy.typed\u003c/code\u003e marker file.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eRedirectsPanel\u003c/code\u003e to emit the deprecation warning when it’s used rather than on instantiation.\u003c/li\u003e\n\u003cli\u003eHighlighted the documentation about disabling the browser’s caching to ensure the latest static assets are used.\u003c/li\u003e\n\u003cli\u003eFixed bug with \u003ccode\u003eCachePanel\u003c/code\u003e so the cache patching is only applied once.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003edebug_toolbar.store.CacheStore\u003c/code\u003e for storing toolbar data using Django’s cache framework. This provides persistence without requiring database migrations, and works with any cache backend (Memcached, Redis, database, file-based, etc.).\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eCACHE_BACKEND\u003c/code\u003e and \u003ccode\u003eCACHE_KEY_PREFIX\u003c/code\u003e settings to configure the \u003ccode\u003eCacheStore\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/brianhelba\"\u003e\u003ccode\u003e@​brianhelba\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/pull/2314\"\u003edjango-commons/django-debug-toolbar#2314\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/django-commons/django-debug-toolbar/compare/6.2.0...6.3.0\"\u003ehttps://github.com/django-commons/django-debug-toolbar/compare/6.2.0...6.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/django-commons/django-debug-toolbar/blob/main/docs/changes.rst\"\u003edjango-debug-toolbar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.3.0 (2026-04-01)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplaced \u003ccode\u003erequirements_dev.txt\u003c/code\u003e file for \u003ccode\u003epyproject.toml\u003c/code\u003e support with\ndependency groups.\u003c/li\u003e\n\u003cli\u003eUpdated ReadTheDocs Python version to 3.13.\u003c/li\u003e\n\u003cli\u003eModernize some panel styles and colors.\u003c/li\u003e\n\u003cli\u003eStandardize use of time/duration units and labels across panels.\u003c/li\u003e\n\u003cli\u003eAdded translations for Lithuanian, Turkish and Uzbek.\u003c/li\u003e\n\u003cli\u003eUpdate the translations.\u003c/li\u003e\n\u003cli\u003eExpose a \u003ccode\u003epy.typed\u003c/code\u003e marker file.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eRedirectsPanel\u003c/code\u003e to emit the deprecation warning when it's used\nrather than on instantiation.\u003c/li\u003e\n\u003cli\u003eHighlighted the documentation about disabling the browser's caching to\nensure the latest static assets are used.\u003c/li\u003e\n\u003cli\u003eFixed bug with \u003ccode\u003eCachePanel\u003c/code\u003e so the cache patching is only applied\nonce.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003edebug_toolbar.store.CacheStore\u003c/code\u003e for storing toolbar data using\nDjango's cache framework. This provides persistence without requiring\ndatabase migrations, and works with any cache backend (Memcached, Redis,\ndatabase, file-based, etc.).\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eCACHE_BACKEND\u003c/code\u003e and \u003ccode\u003eCACHE_KEY_PREFIX\u003c/code\u003e settings to configure the\n\u003ccode\u003eCacheStore\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-commons/django-debug-toolbar/commit/b3f943b5291fd961a0d10225eb89b64e016d8837\"\u003e\u003ccode\u003eb3f943b\u003c/code\u003e\u003c/a\u003e Version 6.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-commons/django-debug-toolbar/commit/013631b2f72bdded37e597c5fef13e82c44e1202\"\u003e\u003ccode\u003e013631b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-commons/django-debug-toolbar/commit/eeff5d17879130a33998a26d8501c804e37a3400\"\u003e\u003ccode\u003eeeff5d1\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 5.0.3 to 5.0.4 in the github-actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-commons/django-debug-toolbar/commit/3a877850a8b4a68bc3f17af596001f13215a8dac\"\u003e\u003ccode\u003e3a87785\u003c/code\u003e\u003c/a\u003e Add store that uses cache framework\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-commons/django-debug-toolbar/commit/05738466e3b3e6654d7e70ca59d5d7553acd1cdf\"\u003e\u003ccode\u003e0573846\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-commons/django-debug-toolbar/commit/7403bed86ac6729b65dc926dd90920f3f1765935\"\u003e\u003ccode\u003e7403bed\u003c/code\u003e\u003c/a\u003e Only patch the cache methods once.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-commons/django-debug-toolbar/commit/0d25b3aaf653ba6241adf3f899cfda1208942ac9\"\u003e\u003ccode\u003e0d25b3a\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact in the github-actions group (\u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/issues/2333\"\u003e#2333\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-commons/django-debug-toolbar/commit/c89c8cf41751649f9000b051a457db3697e0cf6c\"\u003e\u003ccode\u003ec89c8cf\u003c/code\u003e\u003c/a\u003e Bump zizmorcore/zizmor-action in the github-actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-commons/django-debug-toolbar/commit/7ae8fac954844ae641f85c7afbffea8b2c82a214\"\u003e\u003ccode\u003e7ae8fac\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-commons/django-debug-toolbar/commit/695cdb2c0b2bdf11de687986233778a4d5785c22\"\u003e\u003ccode\u003e695cdb2\u003c/code\u003e\u003c/a\u003e Highlighted docs on disabling browser caching. (\u003ca href=\"https://redirect.github.com/django-commons/django-debug-toolbar/issues/2302\"\u003e#2302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/django-commons/django-debug-toolbar/compare/6.2.0...6.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `prek` from 0.3.8 to 0.3.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/j178/prek/releases\"\u003eprek's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.3.13\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-06.\u003c/p\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRespect hook filters for message files (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2049\"\u003e#2049\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Godot Engine to users in README (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2047\"\u003e#2047\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Calinou\"\u003e\u003ccode\u003e@​Calinou\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall prek 0.3.13\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://github.com/j178/prek/releases/download/v0.3.13/prek-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via powershell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003epowershell -ExecutionPolicy Bypass -c \u0026quot;irm https://github.com/j178/prek/releases/download/v0.3.13/prek-installer.ps1 | iex\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via Homebrew\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ebrew install prek\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eDownload prek 0.3.13\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eFile\u003c/th\u003e\n\u003cth\u003ePlatform\u003c/th\u003e\n\u003cth\u003eChecksum\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-aarch64-apple-darwin.tar.gz\"\u003eprek-aarch64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eApple Silicon macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-aarch64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-x86_64-apple-darwin.tar.gz\"\u003eprek-x86_64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eIntel macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-x86_64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-aarch64-pc-windows-msvc.zip\"\u003eprek-aarch64-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-aarch64-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-i686-pc-windows-msvc.zip\"\u003eprek-i686-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex86 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-i686-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-x86_64-pc-windows-msvc.zip\"\u003eprek-x86_64-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex64 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-x86_64-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-aarch64-unknown-linux-gnu.tar.gz\"\u003eprek-aarch64-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-aarch64-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-i686-unknown-linux-gnu.tar.gz\"\u003eprek-i686-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex86 Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-i686-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-riscv64gc-unknown-linux-gnu.tar.gz\"\u003eprek-riscv64gc-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eRISCV Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://github.com/j178/prek/releases/download/v0.3.13/prek-riscv64gc-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/j178/prek/blob/master/CHANGELOG.md\"\u003eprek's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.3.13\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-06.\u003c/p\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRespect hook filters for message files (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2049\"\u003e#2049\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Godot Engine to users in README (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2047\"\u003e#2047\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Calinou\"\u003e\u003ccode\u003e@​Calinou\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.3.12\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-05.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eauto_update.cooldown_days\u003c/code\u003e is now available in both the user-level global\nconfig (\u003ccode\u003e~/.config/prek/prek.toml\u003c/code\u003e on Linux and macOS, or\n\u003ccode\u003e$XDG_CONFIG_HOME/prek/prek.toml\u003c/code\u003e when set; \u003ccode\u003e%APPDATA%\\prek\\prek.toml\u003c/code\u003e on\nWindows) and project config. Set a user default for \u003ccode\u003eprek auto-update\u003c/code\u003e, then\noverride it per project when a repository needs a different update cadence.\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e[auto_update]\ncooldown_days = 7\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd global auto-update cooldown config (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2041\"\u003e#2041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd project auto-update cooldown config (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003elanguage: dart\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePass commit message file to workspace hooks (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2043\"\u003e#2043\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve non-UTF8 filenames from git (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2023\"\u003e#2023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eruby: put resolved Ruby's bin dir on \u003ccode\u003e$PATH\u003c/code\u003e for \u003ccode\u003egem\u003c/code\u003e invocations (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2021\"\u003e#2021\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate docs with the new logo and icon (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2025\"\u003e#2025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePoint schema docs to SchemaStore (\u003ca href=\"https://redirect.github.com/j178/prek/pull/2039\"\u003e#2039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/81b290ef0630d1e130dc37ae1916da0e51b8a002\"\u003e\u003ccode\u003e81b290e\u003c/code\u003e\u003c/a\u003e Bump version to 0.3.13 (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/3f5e5c6e54bdd9b1640228cdd69a449e18ddf9f8\"\u003e\u003ccode\u003e3f5e5c6\u003c/code\u003e\u003c/a\u003e Respect hook filters for message files (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2049\"\u003e#2049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/1fab88775affde4fd0c75b2f9102a5df88195efc\"\u003e\u003ccode\u003e1fab887\u003c/code\u003e\u003c/a\u003e Add Godot Engine to users in README (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2047\"\u003e#2047\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/93a71e0b730d30d2fa56f9e47f2a293beb007988\"\u003e\u003ccode\u003e93a71e0\u003c/code\u003e\u003c/a\u003e Remove deleted \u003ccode\u003edist/post/index.cjs\u003c/code\u003e from publish prek version workflow (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2046\"\u003e#2046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/56d6d0c13ef36a4ab6a705621fba41448f2b503d\"\u003e\u003ccode\u003e56d6d0c\u003c/code\u003e\u003c/a\u003e Bump version to 0.3.12 (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2045\"\u003e#2045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/5f94f6f8ea8e5df0fb6604b4b8ec63072e1dc8f3\"\u003e\u003ccode\u003e5f94f6f\u003c/code\u003e\u003c/a\u003e Add project auto-update cooldown config (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2044\"\u003e#2044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/c52833e9991584d03bcd7e2b6fc01fa43e1f0d09\"\u003e\u003ccode\u003ec52833e\u003c/code\u003e\u003c/a\u003e Add global auto-update cooldown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/8af3054dc690fd06fe91b2b0c0ca4fe8e4418051\"\u003e\u003ccode\u003e8af3054\u003c/code\u003e\u003c/a\u003e Pass commit message file to workspace hooks (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2043\"\u003e#2043\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/1bf54f5fa9638ad66a7d0b160170da75de1eec81\"\u003e\u003ccode\u003e1bf54f5\u003c/code\u003e\u003c/a\u003e Update Rust crate serde-saphyr to 0.0.25 (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2036\"\u003e#2036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/8c9761a523bcb180ff35fcfcd8e85184f87eaceb\"\u003e\u003ccode\u003e8c9761a\u003c/code\u003e\u003c/a\u003e Bump rand to 0.9.4 (\u003ca href=\"https://redirect.github.com/j178/prek/issues/2040\"\u003e#2040\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/j178/prek/compare/v0.3.8...v0.3.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 9.0.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest-randomly` from 4.0.1 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest-randomly/blob/main/CHANGELOG.rst\"\u003epytest-randomly's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.1.0 (2026-04-20)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix a crash with Faker installed when explicitly enabling and disabling the plugin (via \u003ccode\u003e-p randomly -p no:randomly\u003c/code\u003e).\u003c/p\u003e\n\u003cp\u003eThanks to mojosan77 for the report in \u003ccode\u003eIssue [#718](https://github.com/pytest-dev/pytest-randomly/issues/718) \u0026lt;https://github.com/pytest-dev/pytest-randomly/issues/718\u0026gt;\u003c/code\u003e__.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop Python 3.9 support.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-randomly/commit/c412c8d6d328224a6a0cb9e4324438c62b46f4f5\"\u003e\u003ccode\u003ec412c8d\u003c/code\u003e\u003c/a\u003e Version 4.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-randomly/commit/657d9c356d1970bbe664b36446d4f8a9461e4988\"\u003e\u003ccode\u003e657d9c3\u003c/code\u003e\u003c/a\u003e Upgrade dependencies (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-randomly/issues/722\"\u003e#722\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-randomly/commit/49c8c1bb487d03ca1bda2ac7567e4205bf82aae6\"\u003e\u003ccode\u003e49c8c1b\u003c/code\u003e\u003c/a\u003e Fix a crash with Faker installed and plugin disabled (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-randomly/issues/721\"\u003e#721\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-randomly/commit/c9181c28607e990123ee480200ae2e684f58e7b6\"\u003e\u003ccode\u003ec9181c2\u003c/code\u003e\u003c/a\u003e Bump django from 5.2.12 to 5.2.13 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-randomly/issues/717\"\u003e#717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-randomly/commit/1292cc060c8892d3cccc2bd67c44b3405a6693d4\"\u003e\u003ccode\u003e1292cc0\u003c/code\u003e\u003c/a\u003e Upgrade pre-commit to Python 3.14 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-randomly/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-randomly/commit/56d13889650fa7f71df504c8ab810967fd3fb44e\"\u003e\u003ccode\u003e56d1388\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-randomly/issues/715\"\u003e#715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-randomly/commit/43702c107ada21dca7e59836a8547ed1e62e77aa\"\u003e\u003ccode\u003e43702c1\u003c/code\u003e\u003c/a\u003e Upgrade dependencies (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-randomly/issues/714\"\u003e#714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-randomly/commit/c3dc97c20e2931b7557ab529703a6bf754df9110\"\u003e\u003ccode\u003ec3dc97c\u003c/code\u003e\u003c/a\u003e Bump pygments from 2.19.2 to 2.20.0 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-randomly/issues/713\"\u003e#713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-randomly/commit/a2dee8a6b620f0ceaf385acfb1d0b778b0fd2892\"\u003e\u003ccode\u003ea2dee8a\u003c/code\u003e\u003c/a\u003e Improve Coverage.py configuration (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-randomly/issues/712\"\u003e#712\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-randomly/commit/fed476639744207a10bc1742d7420fc413b555bf\"\u003e\u003ccode\u003efed4766\u003c/code\u003e\u003c/a\u003e Upgrade dependencies (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-randomly/issues/711\"\u003e#711\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest-randomly/compare/4.0.1...4.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.8 to 0.15.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.12\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-24.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ccode\u003e#ruff:file-ignore\u003c/code\u003e file-level suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23599\"\u003e#23599\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003e#ruff:ignore\u003c/code\u003e logical-line suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23404\"\u003e#23404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRevert preview changes to displayed diagnostic severity in LSP (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24789\"\u003e#24789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003etask-branch-as-short-circuit\u003c/code\u003e (\u003ccode\u003eAIR004\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23579\"\u003e#23579\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-bugbear\u003c/code\u003e] Fix \u003ccode\u003ebreak\u003c/code\u003e/\u003ccode\u003econtinue\u003c/code\u003e handling in \u003ccode\u003eloop-iterator-mutation\u003c/code\u003e (\u003ccode\u003eB909\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24440\"\u003e#24440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Fix \u003ccode\u003ePLC2701\u003c/code\u003e for type parameter scopes (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24576\"\u003e#24576\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003epandas-vet\u003c/code\u003e] Suggest \u003ccode\u003e.array\u003c/code\u003e as well in \u003ccode\u003ePD011\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24805\"\u003e#24805\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRespect default Unix permissions for cache files (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24794\"\u003e#24794\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Fix \u003ccode\u003ePLR0124\u003c/code\u003e description not to claim self-comparison always returns the same value (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24749\"\u003e#24749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Expand docs on reusable \u003ccode\u003eTypeVar\u003c/code\u003es and scoping (\u003ccode\u003eUP046\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24153\"\u003e#24153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove rules table accessibility (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24711\"\u003e#24711\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dylwil3\"\u003e\u003ccode\u003e@​dylwil3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/woodruffw\"\u003e\u003ccode\u003e@​woodruffw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/avasis-ai\"\u003e\u003ccode\u003e@​avasis-ai\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Dev-iL\"\u003e\u003ccode\u003e@​Dev-iL\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/denyszhak\"\u003e\u003ccode\u003e@​denyszhak\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ShipItAndPray\"\u003e\u003ccode\u003e@​ShipItAndPray\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/augustelalande\"\u003e\u003ccode\u003e@​augustelalande\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amyreese\"\u003e\u003ccode\u003e@​amyreese\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/majiayu000\"\u003e\u003ccode\u003e@​majiayu000\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall ruff 0.15.12\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.12/ruff-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.12\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-24.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ccode\u003e#ruff:file-ignore\u003c/code\u003e file-level suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23599\"\u003e#23599\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003e#ruff:ignore\u003c/code\u003e logical-line suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23404\"\u003e#23404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRevert preview changes to displayed diagnostic severity in LSP (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24789\"\u003e#24789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003etask-branch-as-short-circuit\u003c/code\u003e (\u003ccode\u003eAIR004\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23579\"\u003e#23579\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-bugbear\u003c/code\u003e] Fix \u003ccode\u003ebreak\u003c/code\u003e/\u003ccode\u003econtinue\u003c/code\u003e handling in \u003ccode\u003eloop-iterator-mutation\u003c/code\u003e (\u003ccode\u003eB909\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24440\"\u003e#24440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Fix \u003ccode\u003ePLC2701\u003c/code\u003e for type parameter scopes (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24576\"\u003e#24576\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003epandas-vet\u003c/code\u003e] Suggest \u003ccode\u003e.array\u003c/code\u003e as well in \u003ccode\u003ePD011\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24805\"\u003e#24805\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRespect default Unix permissions for cache files (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24794\"\u003e#24794\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Fix \u003ccode\u003ePLR0124\u003c/code\u003e description not to claim self-comparison always returns the same value (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24749\"\u003e#24749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Expand docs on reusable \u003ccode\u003eTypeVar\u003c/code\u003es and scoping (\u003ccode\u003eUP046\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24153\"\u003e#24153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove rules table accessibility (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24711\"\u003e#24711\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dylwil3\"\u003e\u003ccode\u003e@​dylwil3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/woodruffw\"\u003e\u003ccode\u003e@​woodruffw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/avasis-ai\"\u003e\u003ccode\u003e@​avasis-ai\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Dev-iL\"\u003e\u003ccode\u003e@​Dev-iL\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/denyszhak\"\u003e\u003ccode\u003e@​denyszhak\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ShipItAndPray\"\u003e\u003ccode\u003e@​ShipItAndPray\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/augustelalande\"\u003e\u003ccode\u003e@​augustelalande\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amyreese\"\u003e\u003ccode\u003e@​amyreese\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/majiayu000\"\u003e\u003ccode\u003e@​majiayu000\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.15.11\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-16.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Ignore \u003ccode\u003eRUF029\u003c/code\u003e when function is decorated with \u003ccode\u003easynccontextmanager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24642\"\u003e#24642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-xcom-pull-in-template-string\u003c/code\u003e (\u003ccode\u003eAIR201\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23583\"\u003e#23583\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-bandit\u003c/code\u003e] Fix \u003ccode\u003eS103\u003c/code\u003e false positives and negatives in mask analysis (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24424\"\u003e#24424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/66f93cf7ed4d36325f35a452e4afa28268fbcd28\"\u003e\u003ccode\u003e66f93cf\u003c/code\u003e\u003c/a\u003e Bump 0.15.12 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24815\"\u003e#24815\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/476a4d02e8e3b6c157ac39979d8b698a1b6baa91\"\u003e\u003ccode\u003e476a4d0\u003c/code\u003e\u003c/a\u003e [ty] Complete support for more detailed diagnostics on possibly unbound error...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/ed669eab30095d6c51fe6cdef6050fb01276bcb3\"\u003e\u003ccode\u003eed669ea\u003c/code\u003e\u003c/a\u003e Implement \u003ccode\u003e#ruff:file-ignore\u003c/code\u003e file-level suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23599\"\u003e#23599\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/e73d952e43feb51356ee740c5a973fce81396ff6\"\u003e\u003ccode\u003ee73d952\u003c/code\u003e\u003c/a\u003e [ty] Include inferred type in \u003ccode\u003einvalid-key\u003c/code\u003e concise diagnostic for union/inte...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/80feb29b31cd98c093316df2e0407b0c70c01b55\"\u003e\u003ccode\u003e80feb29\u003c/code\u003e\u003c/a\u003e [ty] report only dead annotation-only locals as unused (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24811\"\u003e#24811\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/0fbf2bc27336a3d17d39af52cf89b78dcda8c7c8\"\u003e\u003ccode\u003e0fbf2bc\u003c/code\u003e\u003c/a\u003e Drop deprecated license classifier (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24808\"\u003e#24808\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/43b174cc7f2fcb0080bb1d4843cd4bf6b72bbe27\"\u003e\u003ccode\u003e43b174c\u003c/code\u003e\u003c/a\u003e [ty] Infer lambda parameter types with \u003ccode\u003eCallable\u003c/code\u003e type context (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24317\"\u003e#24317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/4f449ae4a2377569330a5ab94799d389357b5a3f\"\u003e\u003ccode\u003e4f449ae\u003c/code\u003e\u003c/a\u003e [ty] Add error context for intersection types (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24772\"\u003e#24772\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/5b4e753acb46e96ad408e4904c15308e33efe307\"\u003e\u003ccode\u003e5b4e753\u003c/code\u003e\u003c/a\u003e [ty] Add support for goto in literal enum member inlay hint (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24792\"\u003e#24792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/e7cc76275a758ce1c636ea1c2d091fd576aac794\"\u003e\u003ccode\u003ee7cc762\u003c/code\u003e\u003c/a\u003e [ty] Add error context for TypedDict assignments (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24790\"\u003e#24790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.8...0.15.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uv` from 0.11.2 to 0.11.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/uv/releases\"\u003euv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.11.12\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-08.\u003c/p\u003e\n\u003ch3\u003ePython\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd CPython 3.15.0b1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--no-editable\u003c/code\u003e support to \u003ccode\u003euv pip install\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19306\"\u003e#19306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire git refs in URLs to be percent-encoded (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19320\"\u003e#19320\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRespect \u003ccode\u003e--no-dev\u003c/code\u003e over \u003ccode\u003eUV_DEV=1\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19313\"\u003e#19313\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't suggest non-existent \u003ccode\u003e--no-frozen\u003c/code\u003e flag (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19290\"\u003e#19290\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19294\"\u003e#19294\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug from inconsistent workflow name in GHA-PyPI guide example (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19309\"\u003e#19309\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall uv 0.11.12\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via powershell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003epowershell -ExecutionPolicy Bypass -c \u0026quot;irm https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-installer.ps1 | iex\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eDownload uv 0.11.12\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eFile\u003c/th\u003e\n\u003cth\u003ePlatform\u003c/th\u003e\n\u003cth\u003eChecksum\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-aarch64-apple-darwin.tar.gz\"\u003euv-aarch64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eApple Silicon macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-aarch64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-x86_64-apple-darwin.tar.gz\"\u003euv-x86_64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eIntel macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-x86_64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-aarch64-pc-windows-msvc.zip\"\u003euv-aarch64-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-aarch64-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-i686-pc-windows-msvc.zip\"\u003euv-i686-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex86 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-i686-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-x86_64-pc-windows-msvc.zip\"\u003euv-x86_64-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex64 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-x86_64-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-aarch64-unknown-linux-gnu.tar.gz\"\u003euv-aarch64-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-aarch64-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-i686-unknown-linux-gnu.tar.gz\"\u003euv-i686-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex86 Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-i686-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-powerpc64le-unknown-linux-gnu.tar.gz\"\u003euv-powerpc64le-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ePPC64LE Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.12/uv-powerpc64le-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/uv/blob/main/CHANGELOG.md\"\u003euv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.11.12\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-08.\u003c/p\u003e\n\u003ch3\u003ePython\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd CPython 3.15.0b1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--no-editable\u003c/code\u003e support to \u003ccode\u003euv pip install\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19306\"\u003e#19306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire git refs in URLs to be percent-encoded (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19320\"\u003e#19320\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRespect \u003ccode\u003e--no-dev\u003c/code\u003e over \u003ccode\u003eUV_DEV=1\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19313\"\u003e#19313\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't suggest non-existent \u003ccode\u003e--no-frozen\u003c/code\u003e flag (\u003ca href=\"https://...\n\n_Description has been truncated_","html_url":"https://github.com/ryancheley/acronym-slackbot/pull/335","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryancheley%2Facronym-slackbot/issues/335","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/335/packages"}},{"old_version":"1.23.1","new_version":"1.24.1","update_type":"minor","path":null,"pr_created_at":"2026-05-02T03:12:49.000Z","version_change":"1.23.1 → 1.24.1","issue":{"uuid":"4367715667","node_id":"PR_kwDOPkAzw87XlYLM","number":109,"state":"closed","title":"build(deps): bump the pip group with 10 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-10T00:56:49.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-02T03:12:49.000Z","updated_at":"2026-05-10T00:56:51.000Z","time_to_close":683040,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"pip","update_count":10,"packages":[{"name":"tzdata","old_version":"2025.3","new_version":"2026.2","repository_url":"https://github.com/python/tzdata"},{"name":"mypy","old_version":"1.19.1","new_version":"1.20.2","repository_url":"https://github.com/python/mypy"},{"name":"ruff","old_version":"0.15.7","new_version":"0.15.12","repository_url":"https://github.com/astral-sh/ruff"},{"name":"zizmor","old_version":"1.23.1","new_version":"1.24.1","repository_url":"https://github.com/zizmorcore/zizmor"},{"name":"semgrep","old_version":"1.156.0","new_version":"1.161.0","repository_url":"https://github.com/semgrep/semgrep"},{"name":"basedpyright","old_version":"1.38.4","new_version":"1.39.3","repository_url":"https://github.com/detachhead/basedpyright"},{"name":"types-setuptools","old_version":"82.0.0.20260210","new_version":"82.0.0.20260408","repository_url":"https://github.com/python/typeshed"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"adaptix","old_version":"3.0.0b11","new_version":"3.0.0b12","repository_url":"https://github.com/reagento/adaptix"},{"name":"prek","old_version":"0.3.8","new_version":"0.3.10","repository_url":"https://github.com/j178/prek"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 10 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [tzdata](https://github.com/python/tzdata) | `2025.3` | `2026.2` |\n| [mypy](https://github.com/python/mypy) | `1.19.1` | `1.20.2` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.7` | `0.15.12` |\n| [zizmor](https://github.com/zizmorcore/zizmor) | `1.23.1` | `1.24.1` |\n| [semgrep](https://github.com/semgrep/semgrep) | `1.156.0` | `1.161.0` |\n| [basedpyright](https://github.com/detachhead/basedpyright) | `1.38.4` | `1.39.3` |\n| [types-setuptools](https://github.com/python/typeshed) | `82.0.0.20260210` | `82.0.0.20260408` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [adaptix](https://github.com/reagento/adaptix) | `3.0.0b11` | `3.0.0b12` |\n| [prek](https://github.com/j178/prek) | `0.3.8` | `0.3.10` |\n\nUpdates `tzdata` from 2025.3 to 2026.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/tzdata/releases\"\u003etzdata's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2026.2: Release of upstream tzdata 2026b\u003c/h2\u003e\n\u003ch1\u003eVersion 2026.2\u003c/h1\u003e\n\u003cp\u003eUpstream version 2026b released 2026-04-23T06:06:43+00:00\u003c/p\u003e\n\u003ch2\u003eBriefly:\u003c/h2\u003e\n\u003cp\u003eBritish Columbia moved to permanent -07 on 2026-03-09. Some more overflow bugs\nhave been fixed in zic.\u003c/p\u003e\n\u003ch2\u003eChanges to future timestamps\u003c/h2\u003e\n\u003cp\u003eBritish Columbia’s 2026-03-08 spring forward was its last foreseeable clock\nchange, as it moved to permanent -07 thereafter. (Thanks to Arthur David Olson.)\nAlthough the change to permanent -07 legally took place on 2026-03-09,\ntemporarily model the change to occur on 2026-11-01 at 02:00 instead.  This\nworks around a limitation in CLDR v48.2 (2026-03-17).  This temporary hack is\nplanned to be removed after CLDR is fixed.\u003c/p\u003e\n\u003ch2\u003e2026.1: Release of upstream tzdata 2026a\u003c/h2\u003e\n\u003ch1\u003eVersion 2026.1\u003c/h1\u003e\n\u003cp\u003eUpstream version 2026a released 2026-03-02T06:59:49+00:00\u003c/p\u003e\n\u003ch2\u003eBriefly:\u003c/h2\u003e\n\u003cp\u003eMoldova has used EU transition times since 2022. The \u0026quot;right\u0026quot; TZif files are no\nlonger installed by default. -DTZ_RUNTIME_LEAPS=0 disables runtime support for\nleap seconds. TZif files are no longer limited to 50 bytes of abbreviations. zic\nis no longer limited to 50 leap seconds. Several integer overflow bugs have been\nfixed.\u003c/p\u003e\n\u003ch2\u003eChanges to past and future timestamps\u003c/h2\u003e\n\u003cp\u003eSince 2022 Moldova has observed EU transition times, that is, it has sprung\nforward at 03:00, not 02:00, and has fallen back at 04:00, not 03:00.  (Thanks\nto Heitor David Pinto.)\u003c/p\u003e\n\u003ch2\u003eChanges to data\u003c/h2\u003e\n\u003cp\u003eRemove Europe/Chisinau from zonenow.tab, as it now agrees with Europe/Athens for\nfuture timestamps.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/tzdata/blob/master/NEWS.md\"\u003etzdata's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eVersion 2026.2\u003c/h1\u003e\n\u003cp\u003eUpstream version 2026b released 2026-04-23T06:06:43+00:00\u003c/p\u003e\n\u003ch2\u003eBriefly:\u003c/h2\u003e\n\u003cp\u003eBritish Columbia moved to permanent -07 on 2026-03-09. Some more overflow bugs\nhave been fixed in zic.\u003c/p\u003e\n\u003ch2\u003eChanges to future timestamps\u003c/h2\u003e\n\u003cp\u003eBritish Columbia’s 2026-03-08 spring forward was its last foreseeable clock\nchange, as it moved to permanent -07 thereafter. (Thanks to Arthur David Olson.)\nAlthough the change to permanent -07 legally took place on 2026-03-09,\ntemporarily model the change to occur on 2026-11-01 at 02:00 instead.  This\nworks around a limitation in CLDR v48.2 (2026-03-17).  This temporary hack is\nplanned to be removed after CLDR is fixed.\u003c/p\u003e\n\u003chr /\u003e\n\u003ch1\u003eVersion 2026.1\u003c/h1\u003e\n\u003cp\u003eUpstream version 2026a released 2026-03-02T06:59:49+00:00\u003c/p\u003e\n\u003ch2\u003eBriefly:\u003c/h2\u003e\n\u003cp\u003eMoldova has used EU transition times since 2022. The \u0026quot;right\u0026quot; TZif files are no\nlonger installed by default. -DTZ_RUNTIME_LEAPS=0 disables runtime support for\nleap seconds. TZif files are no longer limited to 50 bytes of abbreviations. zic\nis no longer limited to 50 leap seconds. Several integer overflow bugs have been\nfixed.\u003c/p\u003e\n\u003ch2\u003eChanges to past and future timestamps\u003c/h2\u003e\n\u003cp\u003eSince 2022 Moldova has observed EU transition times, that is, it has sprung\nforward at 03:00, not 02:00, and has fallen back at 04:00, not 03:00.  (Thanks\nto Heitor David Pinto.)\u003c/p\u003e\n\u003ch2\u003eChanges to data\u003c/h2\u003e\n\u003cp\u003eRemove Europe/Chisinau from zonenow.tab, as it now agrees with Europe/Athens for\nfuture timestamps.\u003c/p\u003e\n\u003chr /\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/tzdata/commit/1ed894339a0c37a85f8ba2a7c4d7696934d332dd\"\u003e\u003ccode\u003e1ed8943\u003c/code\u003e\u003c/a\u003e Update tzdata to version '2026b' (\u003ca href=\"https://redirect.github.com/python/tzdata/issues/135\"\u003e#135\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/tzdata/commit/e3b22091aee75327395795921d760e63ffe0108f\"\u003e\u003ccode\u003ee3b2209\u003c/code\u003e\u003c/a\u003e Add 14-day cooldown to Dependabot\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/tzdata/commit/7e5b59524958a6fbcec790869b4995e5c317f010\"\u003e\u003ccode\u003e7e5b595\u003c/code\u003e\u003c/a\u003e Hash pin GitHub Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/tzdata/commit/4997cab882668ef36ced53c797a7eecc229d6f66\"\u003e\u003ccode\u003e4997cab\u003c/code\u003e\u003c/a\u003e Update tzdata to version '2026a' (\u003ca href=\"https://redirect.github.com/python/tzdata/issues/123\"\u003e#123\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/tzdata/commit/4d6c41f43dd1ed4d628d56846cf4166cad60f9b8\"\u003e\u003ccode\u003e4d6c41f\u003c/code\u003e\u003c/a\u003e Update development status to 'Production/Stable' (\u003ca href=\"https://redirect.github.com/python/tzdata/issues/127\"\u003e#127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/tzdata/commit/7c1ce8547dc9dee4fd99a11c714bf0d298e3230b\"\u003e\u003ccode\u003e7c1ce85\u003c/code\u003e\u003c/a\u003e Remove 'v' from tags in auto-tag.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/tzdata/commit/77a9c09c77d3da6dee96901693d31085f066a880\"\u003e\u003ccode\u003e77a9c09\u003c/code\u003e\u003c/a\u003e Update docs links to \u003ccode\u003etzdata.python.org\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python/tzdata/issues/125\"\u003e#125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/tzdata/commit/11148f66c434baa91cda04aaa04fdd1d1c6e0a98\"\u003e\u003ccode\u003e11148f6\u003c/code\u003e\u003c/a\u003e Remove quotes from update branch names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/tzdata/commit/98fa430db23193017082f4c53d6769ddde969466\"\u003e\u003ccode\u003e98fa430\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 in the actions group (\u003ca href=\"https://redirect.github.com/python/tzdata/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/tzdata/commit/7ef7c619a258efbd473f250d774e5a014ad0f19b\"\u003e\u003ccode\u003e7ef7c61\u003c/code\u003e\u003c/a\u003e Add auto-tag workflow (\u003ca href=\"https://redirect.github.com/python/tzdata/issues/110\"\u003e#110\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/tzdata/compare/2025.3...2026.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mypy` from 1.19.1 to 1.20.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/mypy/blob/master/CHANGELOG.md\"\u003emypy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003eMypy 1.20.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse WAL with SQLite cache and fix close (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21154\"\u003e21154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdjust SQLite journal mode (Ivan Levkivskyi, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21217\"\u003e21217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrectly aggregate narrowing information on parent expressions (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21206\"\u003e21206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix regression related to generic callables (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21208\"\u003e21208\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix regression by avoiding widening types in some contexts (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21242\"\u003e21242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix slicing in non-strict optional mode (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21282\"\u003e21282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emypyc: Fix match statement semantics for \u0026quot;or\u0026quot; pattern (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21156\"\u003e21156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emypyc: Fix issue with module dunder attributes (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21275\"\u003e21275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInitial support for Python 3.15.0a8 (Marc Mueller, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21255\"\u003e21255\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAcknowledgements\u003c/h3\u003e\n\u003cp\u003eThanks to all mypy contributors who contributed to this release:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eA5rocks\u003c/li\u003e\n\u003cli\u003eAaron Wieczorek\u003c/li\u003e\n\u003cli\u003eAdam Turner\u003c/li\u003e\n\u003cli\u003eAli Hamdan\u003c/li\u003e\n\u003cli\u003easce\u003c/li\u003e\n\u003cli\u003eBobTheBuidler\u003c/li\u003e\n\u003cli\u003eBrent Westbrook\u003c/li\u003e\n\u003cli\u003eBrian Schubert\u003c/li\u003e\n\u003cli\u003ebzoracler\u003c/li\u003e\n\u003cli\u003eChris Burroughs\u003c/li\u003e\n\u003cli\u003eChristoph Tyralla\u003c/li\u003e\n\u003cli\u003eColin Watson\u003c/li\u003e\n\u003cli\u003eDonghoon Nam\u003c/li\u003e\n\u003cli\u003eE. M. Bray\u003c/li\u003e\n\u003cli\u003eEmma Smith\u003c/li\u003e\n\u003cli\u003eEthan Sarp\u003c/li\u003e\n\u003cli\u003eGeorge Ogden\u003c/li\u003e\n\u003cli\u003egetzze\u003c/li\u003e\n\u003cli\u003egrayjk\u003c/li\u003e\n\u003cli\u003eGregor Riepl\u003c/li\u003e\n\u003cli\u003eIvan Levkivskyi\u003c/li\u003e\n\u003cli\u003eJames Hilliard\u003c/li\u003e\n\u003cli\u003eJames Le Cuirot\u003c/li\u003e\n\u003cli\u003eJeremy Nimmer\u003c/li\u003e\n\u003cli\u003eJoren Hammudoglu\u003c/li\u003e\n\u003cli\u003eKai (Kazuya Ito)\u003c/li\u003e\n\u003cli\u003ekaushal trivedi\u003c/li\u003e\n\u003cli\u003eKevin Kannammalil\u003c/li\u003e\n\u003cli\u003eLukas Geiger\u003c/li\u003e\n\u003cli\u003eŁukasz Langa\u003c/li\u003e\n\u003cli\u003eMarc Mueller\u003c/li\u003e\n\u003cli\u003eMichael R. Crusoe\u003c/li\u003e\n\u003cli\u003emichaelm-openai\u003c/li\u003e\n\u003cli\u003eNeil Schemenauer\u003c/li\u003e\n\u003cli\u003ePiotr Sawicki\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/145a062651b5f9996b75ef32b7040bd2e885ed82\"\u003e\u003ccode\u003e145a062\u003c/code\u003e\u003c/a\u003e Bump version to 1.20.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/81cd49215c288eacb987de066f02daff2553b7c7\"\u003e\u003ccode\u003e81cd492\u003c/code\u003e\u003c/a\u003e Fix slicing with nonstrict optional (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21282\"\u003e#21282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/908d3441eecbaa2a6193165317177db834d7ca1a\"\u003e\u003ccode\u003e908d344\u003c/code\u003e\u003c/a\u003e [mypyc] Set dunder attrs when adding module to sys.modules (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21275\"\u003e#21275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/ba28610fac9d2b33be210ca8dcfe4bc47b7af424\"\u003e\u003ccode\u003eba28610\u003c/code\u003e\u003c/a\u003e Initial support for Python 3.15.0a8 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21255\"\u003e#21255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/7b0e09f48dbd3717ed008a273cd17e8e960c2037\"\u003e\u003ccode\u003e7b0e09f\u003c/code\u003e\u003c/a\u003e Fix match statement semantics for \u0026quot;or\u0026quot; pattern (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21156\"\u003e#21156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/92b74f226de62f7505f5ef5cb158e8ec9c58b8b7\"\u003e\u003ccode\u003e92b74f2\u003c/code\u003e\u003c/a\u003e Avoid widening types in conditional_types (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21242\"\u003e#21242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/0dcbfaa40b0e360a16baea9cf851955375d91b54\"\u003e\u003ccode\u003e0dcbfaa\u003c/code\u003e\u003c/a\u003e Fix is_overlapping_types for generic callables (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21208\"\u003e#21208\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/210f518dede35292033ef0d387847406a0ccef8f\"\u003e\u003ccode\u003e210f518\u003c/code\u003e\u003c/a\u003e Correctly aggregate narrowing information on parent expressions (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21206\"\u003e#21206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/c34530e53a10e385d8b0f1af4baa88a596b5ceaa\"\u003e\u003ccode\u003ec34530e\u003c/code\u003e\u003c/a\u003e Only set journal mode in coordinator (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21217\"\u003e#21217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/79a3ec6d01b56a27c00e9b3320c2b1d4d73a77f9\"\u003e\u003ccode\u003e79a3ec6\u003c/code\u003e\u003c/a\u003e Use WAL with SQLite cache, fix close (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21154\"\u003e#21154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/mypy/compare/v1.19.1...v1.20.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.7 to 0.15.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.12\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-24.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ccode\u003e#ruff:file-ignore\u003c/code\u003e file-level suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23599\"\u003e#23599\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003e#ruff:ignore\u003c/code\u003e logical-line suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23404\"\u003e#23404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRevert preview changes to displayed diagnostic severity in LSP (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24789\"\u003e#24789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003etask-branch-as-short-circuit\u003c/code\u003e (\u003ccode\u003eAIR004\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23579\"\u003e#23579\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-bugbear\u003c/code\u003e] Fix \u003ccode\u003ebreak\u003c/code\u003e/\u003ccode\u003econtinue\u003c/code\u003e handling in \u003ccode\u003eloop-iterator-mutation\u003c/code\u003e (\u003ccode\u003eB909\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24440\"\u003e#24440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Fix \u003ccode\u003ePLC2701\u003c/code\u003e for type parameter scopes (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24576\"\u003e#24576\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003epandas-vet\u003c/code\u003e] Suggest \u003ccode\u003e.array\u003c/code\u003e as well in \u003ccode\u003ePD011\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24805\"\u003e#24805\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRespect default Unix permissions for cache files (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24794\"\u003e#24794\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Fix \u003ccode\u003ePLR0124\u003c/code\u003e description not to claim self-comparison always returns the same value (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24749\"\u003e#24749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Expand docs on reusable \u003ccode\u003eTypeVar\u003c/code\u003es and scoping (\u003ccode\u003eUP046\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24153\"\u003e#24153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove rules table accessibility (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24711\"\u003e#24711\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dylwil3\"\u003e\u003ccode\u003e@​dylwil3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/woodruffw\"\u003e\u003ccode\u003e@​woodruffw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/avasis-ai\"\u003e\u003ccode\u003e@​avasis-ai\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Dev-iL\"\u003e\u003ccode\u003e@​Dev-iL\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/denyszhak\"\u003e\u003ccode\u003e@​denyszhak\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ShipItAndPray\"\u003e\u003ccode\u003e@​ShipItAndPray\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/augustelalande\"\u003e\u003ccode\u003e@​augustelalande\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amyreese\"\u003e\u003ccode\u003e@​amyreese\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/majiayu000\"\u003e\u003ccode\u003e@​majiayu000\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall ruff 0.15.12\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.12/ruff-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.12\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-24.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ccode\u003e#ruff:file-ignore\u003c/code\u003e file-level suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23599\"\u003e#23599\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImplement \u003ccode\u003e#ruff:ignore\u003c/code\u003e logical-line suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23404\"\u003e#23404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRevert preview changes to displayed diagnostic severity in LSP (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24789\"\u003e#24789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003etask-branch-as-short-circuit\u003c/code\u003e (\u003ccode\u003eAIR004\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23579\"\u003e#23579\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-bugbear\u003c/code\u003e] Fix \u003ccode\u003ebreak\u003c/code\u003e/\u003ccode\u003econtinue\u003c/code\u003e handling in \u003ccode\u003eloop-iterator-mutation\u003c/code\u003e (\u003ccode\u003eB909\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24440\"\u003e#24440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Fix \u003ccode\u003ePLC2701\u003c/code\u003e for type parameter scopes (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24576\"\u003e#24576\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003epandas-vet\u003c/code\u003e] Suggest \u003ccode\u003e.array\u003c/code\u003e as well in \u003ccode\u003ePD011\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24805\"\u003e#24805\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRespect default Unix permissions for cache files (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24794\"\u003e#24794\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Fix \u003ccode\u003ePLR0124\u003c/code\u003e description not to claim self-comparison always returns the same value (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24749\"\u003e#24749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Expand docs on reusable \u003ccode\u003eTypeVar\u003c/code\u003es and scoping (\u003ccode\u003eUP046\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24153\"\u003e#24153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove rules table accessibility (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24711\"\u003e#24711\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dylwil3\"\u003e\u003ccode\u003e@​dylwil3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/woodruffw\"\u003e\u003ccode\u003e@​woodruffw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/avasis-ai\"\u003e\u003ccode\u003e@​avasis-ai\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Dev-iL\"\u003e\u003ccode\u003e@​Dev-iL\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/denyszhak\"\u003e\u003ccode\u003e@​denyszhak\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ShipItAndPray\"\u003e\u003ccode\u003e@​ShipItAndPray\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/augustelalande\"\u003e\u003ccode\u003e@​augustelalande\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amyreese\"\u003e\u003ccode\u003e@​amyreese\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/majiayu000\"\u003e\u003ccode\u003e@​majiayu000\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.15.11\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-16.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Ignore \u003ccode\u003eRUF029\u003c/code\u003e when function is decorated with \u003ccode\u003easynccontextmanager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24642\"\u003e#24642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-xcom-pull-in-template-string\u003c/code\u003e (\u003ccode\u003eAIR201\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23583\"\u003e#23583\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-bandit\u003c/code\u003e] Fix \u003ccode\u003eS103\u003c/code\u003e false positives and negatives in mask analysis (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24424\"\u003e#24424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/66f93cf7ed4d36325f35a452e4afa28268fbcd28\"\u003e\u003ccode\u003e66f93cf\u003c/code\u003e\u003c/a\u003e Bump 0.15.12 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24815\"\u003e#24815\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/476a4d02e8e3b6c157ac39979d8b698a1b6baa91\"\u003e\u003ccode\u003e476a4d0\u003c/code\u003e\u003c/a\u003e [ty] Complete support for more detailed diagnostics on possibly unbound error...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/ed669eab30095d6c51fe6cdef6050fb01276bcb3\"\u003e\u003ccode\u003eed669ea\u003c/code\u003e\u003c/a\u003e Implement \u003ccode\u003e#ruff:file-ignore\u003c/code\u003e file-level suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23599\"\u003e#23599\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/e73d952e43feb51356ee740c5a973fce81396ff6\"\u003e\u003ccode\u003ee73d952\u003c/code\u003e\u003c/a\u003e [ty] Include inferred type in \u003ccode\u003einvalid-key\u003c/code\u003e concise diagnostic for union/inte...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/80feb29b31cd98c093316df2e0407b0c70c01b55\"\u003e\u003ccode\u003e80feb29\u003c/code\u003e\u003c/a\u003e [ty] report only dead annotation-only locals as unused (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24811\"\u003e#24811\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/0fbf2bc27336a3d17d39af52cf89b78dcda8c7c8\"\u003e\u003ccode\u003e0fbf2bc\u003c/code\u003e\u003c/a\u003e Drop deprecated license classifier (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24808\"\u003e#24808\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/43b174cc7f2fcb0080bb1d4843cd4bf6b72bbe27\"\u003e\u003ccode\u003e43b174c\u003c/code\u003e\u003c/a\u003e [ty] Infer lambda parameter types with \u003ccode\u003eCallable\u003c/code\u003e type context (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24317\"\u003e#24317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/4f449ae4a2377569330a5ab94799d389357b5a3f\"\u003e\u003ccode\u003e4f449ae\u003c/code\u003e\u003c/a\u003e [ty] Add error context for intersection types (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24772\"\u003e#24772\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/5b4e753acb46e96ad408e4904c15308e33efe307\"\u003e\u003ccode\u003e5b4e753\u003c/code\u003e\u003c/a\u003e [ty] Add support for goto in literal enum member inlay hint (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24792\"\u003e#24792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/e7cc76275a758ce1c636ea1c2d091fd576aac794\"\u003e\u003ccode\u003ee7cc762\u003c/code\u003e\u003c/a\u003e [ty] Add error context for TypedDict assignments (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24790\"\u003e#24790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.7...0.15.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmor` from 1.23.1 to 1.24.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.24.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#ref-version-mismatch\"\u003eref-version-mismatch\u003c/a\u003e audit would incorrectly flag some version comments as not containing an appropriate version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1900\"\u003e#1900\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.24.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ezizmor now allows users to audit from stdin, by passing zizmor - (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1611\"\u003e#1611\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#use-trusted-publishing\"\u003euse-trusted-publishing\u003c/a\u003e audit now detects bun publish and bunx npm publish patterns (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1737\"\u003e#1737\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's CLI help and usage output now uses a custom color scheme for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1747\"\u003e#1747\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#secrets-outside-env\"\u003esecrets-outside-env\u003c/a\u003e audit is now configurable with an allowlist of secret names that should not be flagged, even when referenced outside of an environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1759\"\u003e#1759\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/rmuir\"\u003e\u003ccode\u003e@​rmuir\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#dependabot-cooldown\"\u003edependabot-cooldown\u003c/a\u003e audit now emits a pedantic finding whenever it encounters a cooldown used with a multi-ecosystem-group, as the two do not interact well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh release upload as a replacement for \u003ca href=\"https://github.com/svenstaro/upload-release-action\"\u003esvenstaro/upload-release-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1801\"\u003e#1801\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue create as a replacement for \u003ca href=\"https://github.com/dacbd/create-issue-action\"\u003edacbd/create-issue-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1873\"\u003e#1873\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit now emits a finding for with: ${{ expr }} clauses cannot be analyzed (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1772\"\u003e#1772\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor --help is now rendered with option groups for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1831\"\u003e#1831\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/deckstose\"\u003e\u003ccode\u003e@​deckstose\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's SARIF output now uses codeflows instead of related locations, improving its rendering behavior on GitHub Advanced Security (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#ref-version-mismatch\"\u003eref-version-mismatch\u003c/a\u003e audit now uses a more useful audit description for its findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-images\"\u003eunpinned-images\u003c/a\u003e audit now produces more precise findings for image references that are computed through expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1756\"\u003e#1756\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/miketheman\"\u003e\u003ccode\u003e@​miketheman\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#ref-version-mismatch\"\u003eref-version-mismatch\u003c/a\u003e audit now detects missing version comments as well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1849\"\u003e#1849\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#concurrency-limits\"\u003econcurrency-limits\u003c/a\u003e audit reported findings at the job level instead of the workflow level (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1627\"\u003e#1627\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.24.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the [ref-version-mismatch] audit would incorrectly flag\nsome version comments as not containing an appropriate version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1900\"\u003e#1900\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.24.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ezizmor\u003c/code\u003e now allows users to audit from stdin, by passing \u003ccode\u003ezizmor -\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1611\"\u003e#1611\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [use-trusted-publishing] audit now detects \u003ccode\u003ebun publish\u003c/code\u003e and \u003ccode\u003ebunx npm publish\u003c/code\u003e\npatterns (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1737\"\u003e#1737\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e's CLI help and usage output now uses a custom color scheme for\nimproved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1747\"\u003e#1747\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [secrets-outside-env] audit is now configurable with an allowlist of\nsecret names that should not be flagged, even when referenced outside of\nan environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1759\"\u003e#1759\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/rmuir\"\u003e\u003ccode\u003e@​rmuir\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [dependabot-cooldown] audit now emits a pedantic finding whenever\nit encounters a cooldown used with a multi-ecosystem-group, as the two\ndo not interact well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh release upload\u003c/code\u003e as a replacement for \u003ccode\u003e@​svenstaro/upload-release-action\u003c/code\u003e in\n[superfluous-actions] (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1801\"\u003e#1801\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh issue create\u003c/code\u003e as a replacement for \u003ccode\u003e@​dacbd/create-issue-action\u003c/code\u003e in\n[superfluous-actions] (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1873\"\u003e#1873\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [obfuscation] audit now emits a finding for \u003ccode\u003ewith: ${{ expr }}\u003c/code\u003e\nclauses cannot be analyzed (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1772\"\u003e#1772\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor --help\u003c/code\u003e is now rendered with option groups for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1831\"\u003e#1831\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/deckstose\"\u003e\u003ccode\u003e@​deckstose\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's SARIF output now uses codeflows instead of related locations,\nimproving its rendering behavior on GitHub Advanced Security (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [ref-version-mismatch] audit now uses a more useful audit description\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/2eaf42bcccfed62978cee0905902acbc294d5123\"\u003e\u003ccode\u003e2eaf42b\u003c/code\u003e\u003c/a\u003e ref-version-mismatch: handle version comments without v prefix (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1900\"\u003e#1900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/a3b72b8f26946fd057c016d5ec83b77cc4cfdad2\"\u003e\u003ccode\u003ea3b72b8\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1897\"\u003e#1897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/d5aba605f4267b96e34775de183955ff0a3197ad\"\u003e\u003ccode\u003ed5aba60\u003c/code\u003e\u003c/a\u003e zizmor v1.24.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1890\"\u003e#1890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/1e762ac3c0354d68ddcac0ccc0af6879e8b38aa6\"\u003e\u003ccode\u003e1e762ac\u003c/code\u003e\u003c/a\u003e zizmor v1.24.0-rc3 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1889\"\u003e#1889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/b79c9dc84c096d6c7becabd9581c61c9347bf4f7\"\u003e\u003ccode\u003eb79c9dc\u003c/code\u003e\u003c/a\u003e Fix release CI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1888\"\u003e#1888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/eb113ad5c5f8c25c79dd0b4705d420096a35ba2d\"\u003e\u003ccode\u003eeb113ad\u003c/code\u003e\u003c/a\u003e Unify crate versions and publishing (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1887\"\u003e#1887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/91bcb96244214bea0d62982fba3bc825f9604af9\"\u003e\u003ccode\u003e91bcb96\u003c/code\u003e\u003c/a\u003e Use the GitHub client's host correctly in two more places (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1881\"\u003e#1881\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/3ed8316a1ce22a3f9c887c1021992ca19d31dce4\"\u003e\u003ccode\u003e3ed8316\u003c/code\u003e\u003c/a\u003e chore: use \u003ccode\u003etracing\u003c/code\u003e for printing the welcome message (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1886\"\u003e#1886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/484acedf381a7553f663309b44def3b7953fb4d8\"\u003e\u003ccode\u003e484aced\u003c/code\u003e\u003c/a\u003e feat(ref-version-mismatch): detect missing version comments on SHA-pinned act...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/7ee374f5db0b69b96ef4f7ba89d0c33c8a93a7ba\"\u003e\u003ccode\u003e7ee374f\u003c/code\u003e\u003c/a\u003e KATs for GitHub Actions expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1857\"\u003e#1857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.23.1...v1.24.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `semgrep` from 1.156.0 to 1.161.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/semgrep/semgrep/releases\"\u003esemgrep's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v1.161.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/semgrep/semgrep/releases/tag/v1.161.0\"\u003e1.161.0\u003c/a\u003e - 2026-04-22\u003c/h2\u003e\n\u003ch3\u003e### Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eScala 3.4+ trait parameters are now parsed correctly. (lang-73)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e### Fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSemgrep's HTTP requests no longer log URLs above the debug level; full request\ndetails remain available when running with \u003ccode\u003eSEMGREP_LOG_SRCS=cohttp.client\u003c/code\u003e. (ENGINE-2712)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.160.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/semgrep/semgrep/releases/tag/v1.160.0\"\u003e1.160.0\u003c/a\u003e - 2026-04-16\u003c/h2\u003e\n\u003ch3\u003e### Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eScala: Added tree-sitter parser for improved parsing accuracy with pfff fallback. (LANG-255)\u003c/li\u003e\n\u003cli\u003epro: taint: Improved support for variadic functions (LANG-375)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e### Fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed performance issues during parsing Semgrep rules containing emoji or\nother non-BMP Unicode characters. (\u003ca href=\"https://redirect.github.com/semgrep/semgrep/issues/6070\"\u003egh-6070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEmit a warning when semgrep-core rule validation fails and falls back to JSON\nschema validation, alongside details of the failure. (\u003ca href=\"https://redirect.github.com/semgrep/semgrep/issues/6071\"\u003egh-6071\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.159.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/semgrep/semgrep/releases/tag/v1.159.0\"\u003e1.159.0\u003c/a\u003e - 2026-04-10\u003c/h2\u003e\n\u003ch3\u003e### Fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSemgrep now reports an error instead of silently returning zero findings when target file discovery fails (e.g., due to a git ls-files failure). (ENGINE-2626)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.158.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/semgrep/semgrep/releases/tag/v1.158.0\"\u003e1.158.0\u003c/a\u003e - 2026-04-09\u003c/h2\u003e\n\u003ch3\u003e### Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for a supply chain hook for the Semgrep Plugin (supply-chain-hook)\u003c/li\u003e\n\u003cli\u003eComputing taint configs, ~1/4-1/2 of the semgrep-core time in interfile scans, is now done in parallel according to the number of jobs (ENGINE-2649)\u003c/li\u003e\n\u003cli\u003eSemgrep Pro interfile engine (--pro) taint analysis has been redesigned, significantly improving performance (estimated 20-40% improvement). This improvement introduces a slight change in how findings are generated, that may result in more true positives, or less false positives. To revert to previous behavior, pass \u003ccode\u003e--no-x-run-taint-once\u003c/code\u003e as a flag. (engine-2468)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e### Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esemgrep-core macOS binaries are now dynamically linked to the system's libraries. (macos-binary-build)\u003c/li\u003e\n\u003cli\u003esemgrep-core manylinux binaries are now dynamically linked to the system's glibc on glibc systems. This introduces a minimum glibc version requirement of \u0026gt;=2.35, which is satisfied in Ubuntu \u0026gt;=22.04, Debian \u0026gt;=12, RHEL \u0026gt;=10, and other glibc distributions with at least glibc 2.35. Linux systems running an older glibc will need to upgrade their OS. (manylinux-binary-build)\u003c/li\u003e\n\u003cli\u003eThe manylinux wheel is now tagged as manylinux_2_35_\u003c!-- raw HTML omitted --\u003e, reflecting a minimum\nrequirement of glibc version 2.35. (manylinux-wheel-tag)\u003c/li\u003e\n\u003cli\u003esemgrep-core musllinux binaries are now dynamically linked to the system's musl libc on musl systems. (musllinux-binary-build)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/semgrep/semgrep/blob/develop/CHANGELOG.md\"\u003esemgrep's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/semgrep/semgrep/releases/tag/v1.161.0\"\u003e1.161.0\u003c/a\u003e - 2026-04-22\u003c/h2\u003e\n\u003ch3\u003e### Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eScala 3.4+ trait parameters are now parsed correctly. (lang-73)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e### Fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSemgrep's HTTP requests no longer log URLs above the debug level; full request\ndetails remain available when running with \u003ccode\u003eSEMGREP_LOG_SRCS=cohttp.client\u003c/code\u003e. (ENGINE-2712)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/semgrep/semgrep/releases/tag/v1.160.0\"\u003e1.160.0\u003c/a\u003e - 2026-04-16\u003c/h2\u003e\n\u003ch3\u003e### Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eScala: Added tree-sitter parser for improved parsing accuracy with pfff fallback. (LANG-255)\u003c/li\u003e\n\u003cli\u003epro: taint: Improved support for variadic functions (LANG-375)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e### Fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed performance issues during parsing Semgrep rules containing emoji or\nother non-BMP Unicode characters. (\u003ca href=\"https://redirect.github.com/semgrep/semgrep/issues/6070\"\u003egh-6070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEmit a warning when semgrep-core rule validation fails and falls back to JSON\nschema validation, alongside details of the failure. (\u003ca href=\"https://redirect.github.com/semgrep/semgrep/issues/6071\"\u003egh-6071\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/semgrep/semgrep/releases/tag/v1.159.0\"\u003e1.159.0\u003c/a\u003e - 2026-04-10\u003c/h2\u003e\n\u003ch3\u003e### Fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSemgrep now reports an error instead of silently returning zero findings when target file discovery fails (e.g., due to a git ls-files failure). (ENGINE-2626)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/semgrep/semgrep/releases/tag/v1.158.0\"\u003e1.158.0\u003c/a\u003e - 2026-04-09\u003c/h2\u003e\n\u003ch3\u003e### Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for a supply chain hook for the Semgrep Plugin (supply-chain-hook)\u003c/li\u003e\n\u003cli\u003eComputing taint configs, ~1/4-1/2 of the semgrep-core time in interfile scans, is now done in parallel according to the number of jobs (ENGINE-2649)\u003c/li\u003e\n\u003cli\u003eSemgrep Pro interfile engine (--pro) taint analysis has been redesigned, significantly improving performance (estimated 20-40% improvement). This improvement introduces a slight change in how findings are generated, that may result in more true positives, or less false positives. To revert to previous behavior, pass \u003ccode\u003e--no-x-run-taint-once\u003c/code\u003e as a flag. (engine-2468)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e### Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esemgrep-core macOS binaries are now dynamically linked to the system's libraries. (macos-binary-build)\u003c/li\u003e\n\u003cli\u003esemgrep-core manylinux binaries are now dynamically linked to the system's glibc on glibc systems. This introduces a minimum glibc version requirement of \u0026gt;=2.35, which is satisfied in Ubuntu \u0026gt;=22.04, Debian \u0026gt;=12, RHEL \u0026gt;=10, and other glibc distributions with at least glibc 2.35. Linux systems running an older glibc will need to upgrade their OS. (manylinux-binary-build)\u003c/li\u003e\n\u003cli\u003eThe manylinux wheel is now tagged as manylinux_2_35_\u003c!-- raw HTML omitted --\u003e, reflecting a minimum\nrequirement of glibc version 2.35. (manylinux-wheel-tag)\u003c/li\u003e\n\u003cli\u003esemgrep-core musllinux binaries are now dynamically linked to the system's musl libc on musl systems. (musllinux-binary-build)\u003c/li\u003e\n\u003cli\u003eThe musllinux PyPI wheel is now tagged as musllinux_1_2_\u003c!-- raw HTML omitted --\u003e, reflecting a requirement\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/semgrep/semgrep/commit/34b079df03bd8ed6860552adf3905cc5d146dc4d\"\u003e\u003ccode\u003e34b079d\u003c/code\u003e\u003c/a\u003e chore: release version 1.161.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/semgrep/semgrep/commit/1e6302b4fde5950a805bf5c0abd7d879f11b9f6b\"\u003e\u003ccode\u003e1e6302b\u003c/code\u003e\u003c/a\u003e\u003ccode\u003esemgrep/semgrep-proprietary#6115\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/semgrep/semgrep/commit/9859b4e2e73cff0211d3b4463fe96ab334989c68\"\u003e\u003ccode\u003e9859b4e\u003c/code\u003e\u003c/a\u003e http_helpers: \u003ccode\u003escrub_uri\u003c/code\u003e for safer URI logging (semgrep/semgrep-proprietary#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/semgrep/semgrep/commit/e2916c14861468bc7e2cee1f8b5276a76b91452c\"\u003e\u003ccode\u003ee2916c1\u003c/code\u003e\u003c/a\u003e scrub URLs from http_helpers logs and returned errors (semgrep/semgrep-propri...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/semgrep/semgrep/commit/341da2a7ed8510686d9c43e69e6c396c54bb1dc3\"\u003e\u003ccode\u003e341da2a\u003c/code\u003e\u003c/a\u003e\u003ccode\u003esemgrep/semgrep-proprietary#6099\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/semgrep/semgrep/commit/eae9a00ede6425c3f8c9be3b2f5b78d7b92ec91b\"\u003e\u003ccode\u003eeae9a00\u003c/code\u003e\u003c/a\u003e fix: correct \u003ccode\u003eis_obrace\u003c/code\u003e to \u003ccode\u003eis_cbrace\u003c/code\u003e for closing brace count (semgrep/semg...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/semgrep/semgrep/commit/d668b7179b3b3dbb210f35518595d242c667bea2\"\u003e\u003ccode\u003ed668b71\u003c/code\u003e\u003c/a\u003e chore(backend): deprecate scan endpoint v1 for semgrep ci (semgrep/semgrep-pr...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/semgrep/semgrep/commit/d981dbfdf752e9cf9bc8a1a4f177b3d05a32c944\"\u003e\u003ccode\u003ed981dbf\u003c/code\u003e\u003c/a\u003e\u003ccode\u003esemgrep/semgrep-proprietary#6098\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/semgrep/semgrep/commit/2ee8536b33fad02ab3b63868014a72583ad108a6\"\u003e\u003ccode\u003e2ee8536\u003c/code\u003e\u003c/a\u003e\u003ccode\u003esemgrep/semgrep-proprietary#6102\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/semgrep/semgrep/commit/00fa4efaa465f3a58a18b511a4b12a165620069c\"\u003e\u003ccode\u003e00fa4ef\u003c/code\u003e\u003c/a\u003e\u003ccode\u003esemgrep/semgrep-proprietary#6097\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/semgrep/semgrep/compare/v1.156.0...v1.161.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basedpyright` from 1.38.4 to 1.39.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/5f6672701c5b6a739563894256418845239be2a2\"\u003e\u003ccode\u003e5f66727\u003c/code\u003e\u003c/a\u003e 1.39.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/d8741dfc88be16e11c66cceff78e6e2634ddf49b\"\u003e\u003ccode\u003ed8741df\u003c/code\u003e\u003c/a\u003e hopefully fix docs deployment job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/ceb200c192bb53629b4c62fdc082ec27b108f316\"\u003e\u003ccode\u003eceb200c\u003c/code\u003e\u003c/a\u003e 1.39.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/eb7a92cacd2697acb4e36e2f3147333588c88fa7\"\u003e\u003ccode\u003eeb7a92c\u003c/code\u003e\u003c/a\u003e try to fix browser-basedpyright being published with nothing in it\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/dec5306e9aabbce3f9b1b9ec283981d92dd43d80\"\u003e\u003ccode\u003edec5306\u003c/code\u003e\u003c/a\u003e update package-lock.json\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/6db43de5dda601e3cd83998c669c4ecbbfde26f6\"\u003e\u003ccode\u003e6db43de\u003c/code\u003e\u003c/a\u003e 1.39.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/335e48619fa223fe3be0b6560d746a10934509c8\"\u003e\u003ccode\u003e335e486\u003c/code\u003e\u003c/a\u003e fix failing tests from merge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/bbe71b686e84ebbff7699d35dab3376d411bb99d\"\u003e\u003ccode\u003ebbe71b6\u003c/code\u003e\u003c/a\u003e delete newly added github action from upstream that we don't use\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/8f2261891e8ceb278963e84658ebaf054b88e559\"\u003e\u003ccode\u003e8f22618\u003c/code\u003e\u003c/a\u003e update prettierignore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/ff1f5a4af835b14927545c8890b303f48553acac\"\u003e\u003ccode\u003eff1f5a4\u003c/code\u003e\u003c/a\u003e fix compile errors from merge\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/detachhead/basedpyright/compare/v1.38.4...v1.39.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `types-setuptools` from 82.0.0.20260210 to 82.0.0.20260408\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python/typeshed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 9.0.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `adaptix` from 3.0.0b11 to 3.0.0b12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/reagento/adaptix/releases\"\u003eadaptix's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.0b12 — Improved stability\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eImprove formatting types inside generics for error messages\u003c/p\u003e\n\u003cp\u003eOld error:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e adaptix.ProviderNotFoundError: Cannot produce dumper for type \u0026lt;class '__main__.Foo'\u0026gt;\r\n × Cannot create dumper for model. Dumpers for some fields cannot be created\r\n │ Location: ‹Foo›\r\n ╰──▷ Cannot create dumper for model. Dumpers for some fields cannot be created\r\n    │ Location: ‹Foo.limit: __main__.MinMax[__main__.Bar]›\r\n    ├──▷ Cannot create dumper for union. Dumpers for some union cases cannot be created\r\n    │  │ Location: ‹__main__.MinMax[__main__.Bar].min: Optional[__main__.Bar]›\r\n    │  ╰──▷ Cannot find dumper\r\n    │       Location: ‹Bar›\r\n    ╰──▷ Cannot create dumper for union. Dumpers for some union cases cannot be created\r\n       │ Location: ‹__main__.MinMax[__main__.Bar].max: Optional[__main__.Bar]›\r\n       ╰──▷ Cannot find dumper\r\n            Location: ‹Bar›\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eNew error:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e adaptix.ProviderNotFoundError: Cannot produce dumper for type \u0026lt;class '__main__.Foo'\u0026gt;\r\n   × Cannot create dumper for model. Dumpers for some fields cannot be created\r\n   │ Location: ‹Foo›\r\n   ╰──▷ Cannot create dumper for model. Dumpers for some fields cannot be created\r\n      │ Location: ‹Foo.limit: MinMax[Bar]›\r\n      ├──▷ Cannot create dumper for union. Dumpers for some union cases cannot be created\r\n      │  │ Location: ‹MinMax[Bar].min: Optional[Bar]›\r\n      │  ╰──▷ Cannot find dumper\r\n      │       Location: ‹Bar›\r\n      ╰──▷ Cannot create dumper for union. Dumpers for some union cases cannot be created\r\n         │ Location: ‹MinMax[Bar].max: Optional[Bar]›\r\n         ╰──▷ Cannot find dumper\r\n              Location: ‹Bar›\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for CPython 3.14\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for PyPy 3.11\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full list of changes at \u003ca href=\"https://adaptix.readthedocs.io/en/latest/reference/changelog.html#v3-0-0b12\"\u003echangelog\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reagento/adaptix/commit/03ef02f823b0486459306722a65ef0b294333c1d\"\u003e\u003ccode\u003e03ef02f\u003c/code\u003e\u003c/a\u003e Increment library version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reagento/adaptix/commit/580a378cc3f875c2a46734a74b81c81ef6b6331b\"\u003e\u003ccode\u003e580a378\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reagento/adaptix/commit/1548cd770682dea5121d7c19d16693ceed9cbed5\"\u003e\u003ccode\u003e1548cd7\u003c/code\u003e\u003c/a\u003e Remove JSON Schema doc from toctree\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reagento/adaptix/commit/9b2d4ce156c892780b1b5f6220eef28c6fd79402\"\u003e\u003ccode\u003e9b2d4ce\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reagento/adaptix/issues/444\"\u003e#444\u003c/a\u003e from reagento/doc/conversion-name-flattening\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reagento/adaptix/commit/5bdea86206a1a6f9dcd3efbe2a6b981da8356579\"\u003e\u003ccode\u003e5bdea86\u003c/code\u003e\u003c/a\u003e Add link_function_structure_flattening example, some doc fixes, adjust doc style\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reagento/adaptix/commit/192212ed154ed4c467b8de16adbc120418188570\"\u003e\u003ccode\u003e192212e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reagento/adaptix/issues/443\"\u003e#443\u003c/a\u003e from reagento/new-generate_json_schemas_namespace\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reagento/adaptix/commit/3050e9695b11efc238927c7e4b3476cda0d6eb78\"\u003e\u003ccode\u003e3050e96\u003c/code\u003e\u003c/a\u003e Add new generate_json_schemas_namespace signature\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reagento/adaptix/commit/c10f1cf002a4f7608670c5a15dda222668d16931\"\u003e\u003ccode\u003ec10f1cf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reagento/adaptix/issues/442\"\u003e#442\u003c/a\u003e from reagento/pyinstaller\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reagento/adaptix/commit/2dc6f9a33a89fd6f9b4c9a6c3d7953de1fde143a\"\u003e\u003ccode\u003e2dc6f9a\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eknown-issues.rst\u003c/code\u003e with PyInstaller\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reagento/adaptix/commit/9d99175da515dec9d137380c878ee48dd17492ee\"\u003e\u003ccode\u003e9d99175\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reagento/adaptix/issues/437\"\u003e#437\u003c/a\u003e from reagento/pr-408\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/reagento/adaptix/compare/v3.0.0b11...v3.0.0b12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `prek` from 0.3.8 to 0.3.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/j178/prek/releases\"\u003eprek's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.3.10\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-21.\u003c/p\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow rev for non-remote repos in schema (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1964\"\u003e#1964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHide up-to-date output in non-verbose mode (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1942\"\u003e#1942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove merge conflict marker detection (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1937\"\u003e#1937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKeep finished hooks visible (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1967\"\u003e#1967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve frozen comment spacing in auto-update (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1945\"\u003e#1945\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReimplement \u003ccode\u003e@j178/prek\u003c/code\u003e npm package (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1973\"\u003e#1973\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrefer stable Rust toolchains (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1974\"\u003e#1974\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eSKILL.md\u003c/code\u003e for prek (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1950\"\u003e#1950\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003egh skill install j178/prek prek\u003c/code\u003e to install prek skill for agents (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1951\"\u003e#1951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove compatibility and migration docs (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1940\"\u003e#1940\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSync latest identify tags (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1947\"\u003e#1947\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall prek 0.3.10\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://github.com/j178/prek/releases/download/v0.3.10/prek-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via powershell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003epowershell -ExecutionPolicy Bypass -c \u0026quot;irm https://github.com/j178/prek/releases/download/v0.3.10/prek-installer.ps1 | iex\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via Homebrew\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/j178/prek/blob/master/CHANGELOG.md\"\u003eprek's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.3.10\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-21.\u003c/p\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow rev for non-remote repos in schema (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1964\"\u003e#1964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHide up-to-date output in non-verbose mode (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1942\"\u003e#1942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove merge conflict marker detection (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1937\"\u003e#1937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKeep finished hooks visible (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1967\"\u003e#1967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve frozen comment spacing in auto-update (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1945\"\u003e#1945\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReimplement \u003ccode\u003e@j178/prek\u003c/code\u003e npm package (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1973\"\u003e#1973\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrefer stable Rust toolchains (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1974\"\u003e#1974\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eSKILL.md\u003c/code\u003e for prek (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1950\"\u003e#1950\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003egh skill install j178/prek prek\u003c/code\u003e to install prek skill for agents (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1951\"\u003e#1951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove compatibility and migration docs (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1940\"\u003e#1940\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSync latest identify tags (\u003ca href=\"https://redirect.github.com/j178/prek/pull/1947\"\u003e#1947\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178\"\u003e\u003ccode\u003e@​j178\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.3.9\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-13.\u003c/p\u003e\n\u003ch3\u003eHighlight\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eprek auto-update\u003c/code\u003e is now stricter about pinned revisions and more useful in CI.\nIt now keeps \u003ccode\u003erev\u003c/code\u003e and \u003ccode\u003e# frozen:\u003c/code\u003e comments in sync, can detect\n\u003ca href=\"https://docs.zizmor.sh/audits/#impostor-commit\"\u003eimpostor commits\u003c/a\u003e when validating pinned SHAs,\nand lets you use \u003ccode\u003eprek auto-update --check\u003c/code\u003e to fail on both available updates and frozen-ref\nmismatches without rewriting the config.\u003c/p\u003e\n\u003cp\u003eExamples:\u003c/p\u003e\n\u003cpre lang=\"console\"\u003e\u003ccode\u003e$ prek auto-update\n# updates revs and repairs stale `# frozen:` comments\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/1981c51f599ed9db4a428eae13e4a8baf0cb0427\"\u003e\u003ccode\u003e1981c51\u003c/code\u003e\u003c/a\u003e Bump version to 0.3.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/ba745f6f407d43e70d2155c7929004a7701ca7e8\"\u003e\u003ccode\u003eba745f6\u003c/code\u003e\u003c/a\u003e Prefer stable Rust toolchains (\u003ca href=\"https://redirect.github.com/j178/prek/issues/1974\"\u003e#1974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/b6c591dbbc4d9917e62b4b6c1dd65419cffeb464\"\u003e\u003ccode\u003eb6c591d\u003c/code\u003e\u003c/a\u003e Reimplement \u003ccode\u003e@j178/prek\u003c/code\u003e npm package (\u003ca href=\"https://redirect.github.com/j178/prek/issues/1973\"\u003e#1973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/fba1c85b1f2ce244e4b491ccaa0edffbdee01348\"\u003e\u003ccode\u003efba1c85\u003c/code\u003e\u003c/a\u003e Keep finished hooks visible (\u003ca href=\"https://redirect.github.com/j178/prek/issues/1967\"\u003e#1967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/bce57a3415d688a9b9d893018348570b381023e3\"\u003e\u003ccode\u003ebce57a3\u003c/code\u003e\u003c/a\u003e Disallow rev for non-remote repos in schema (\u003ca href=\"https://redirect.github.com/j178/prek/issues/1964\"\u003e#1964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/afac10cf3ae355f6e2948c62ec25c54536bea40d\"\u003e\u003ccode\u003eafac10c\u003c/code\u003e\u003c/a\u003e Split \u003ccode\u003eauto_update.rs\u003c/code\u003e into modules (\u003ca href=\"https://redirect.github.com/j178/prek/issues/1962\"\u003e#1962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/c3b9f115dabff92fde388c5edb091a10c00fb18f\"\u003e\u003ccode\u003ec3b9f11\u003c/code\u003e\u003c/a\u003e Update GitHub Actions (major) (\u003ca href=\"https://redirect.github.com/j178/prek/issues/1961\"\u003e#1961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/6ca0443ecca17e8bc6df972740f445dd9795b4bd\"\u003e\u003ccode\u003e6ca0443\u003c/code\u003e\u003c/a\u003e Update Rust crate annotate-snippets to v0.12.15 (\u003ca href=\"https://redirect.github.com/j178/prek/issues/1955\"\u003e#1955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/776277e104a751634711821c10f871a95b5bcd70\"\u003e\u003ccode\u003e776277e\u003c/code\u003e\u003c/a\u003e Update Rust crate tokio to v1.51.1 (\u003ca href=\"https://redirect.github.com/j178/prek/issues/1957\"\u003e#1957\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/j178/prek/commit/c2b445a722db49f6b0dfeee763c19944bc77e757\"\u003e\u003ccode\u003ec2b445a\u003c/code\u003e\u003c/a\u003e Update Rust crate toml_edit to v0.25.11 (\u003ca href=\"https://redirect.github.com/j178/prek/issues/1958\"\u003e#1958\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/j178/prek/compare/v0.3.8...v0.3.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/theseriff/jobify/pull/109","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/theseriff%2Fjobify/issues/109","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/109/packages"}},{"old_version":"1.23.1","new_version":"1.24.1","update_type":"minor","path":null,"pr_created_at":"2026-05-01T01:55:38.000Z","version_change":"1.23.1 → 1.24.1","issue":{"uuid":"4362366814","node_id":"PR_kwDORf90e87XUVuB","number":78,"state":"open","title":":dependabot: uv(deps): Bump the minor-and-patch group with 5 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-01T01:55:38.000Z","updated_at":"2026-05-01T01:55:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":":dependabot: uv(deps): Bump","group_name":"minor-and-patch","update_count":5,"packages":[{"name":"authlib","old_version":"1.6.9","new_version":"1.6.11","repository_url":"https://github.com/authlib/authlib"},{"name":"pygithub","old_version":"2.9.0","new_version":"2.9.1","repository_url":"https://github.com/pygithub/pygithub"},{"name":"sentry-sdk","old_version":"2.57.0","new_version":"2.58.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"ruff","old_version":"0.15.10","new_version":"0.15.11","repository_url":"https://github.com/astral-sh/ruff"},{"name":"zizmor","old_version":"1.23.1","new_version":"1.24.1","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps the minor-and-patch group with 5 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.6.9` | `1.6.11` |\n| [pygithub](https://github.com/pygithub/pygithub) | `2.9.0` | `2.9.1` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.57.0` | `2.58.0` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.10` | `0.15.11` |\n| [zizmor](https://github.com/zizmorcore/zizmor) | `1.23.1` | `1.24.1` |\n\nUpdates `authlib` from 1.6.9 to 1.6.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/v1.6.11/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 13, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/ef09aebbba4439dedb22bd15777d1b3458b6f0ab\"\u003e\u003ccode\u003eef09aeb\u003c/code\u003e\u003c/a\u003e chore: release 1.6.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/3be08468201a7766a93012ce149ea12822cab096\"\u003e\u003ccode\u003e3be0846\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...v1.6.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pygithub` from 2.9.0 to 2.9.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pygithub/pygithub/releases\"\u003epygithub's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.9.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix getting release by tag in lazy mode by \u003ca href=\"https://github.com/EnricoMi\"\u003e\u003ccode\u003e@​EnricoMi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyGithub/PyGithub/pull/3469\"\u003ePyGithub/PyGithub#3469\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/PyGithub/PyGithub/compare/v2.9.0...v2.9.1\"\u003ehttps://github.com/PyGithub/PyGithub/compare/v2.9.0...v2.9.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PyGithub/PyGithub/blob/main/doc/changes.rst\"\u003epygithub's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 2.9.1 (April 14, 2026)\u003c/h2\u003e\n\u003cp\u003eBug Fixes\n^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix getting release by tag in lazy mode (\u003ccode\u003e[#3469](https://github.com/pygithub/pygithub/issues/3469) \u0026lt;https://github.com/PyGithub/PyGithub/pull/3469\u0026gt;\u003c/code\u003e\u003cem\u003e) (\u003ccode\u003e7d1ba281e \u0026lt;https://github.com/PyGithub/PyGithub/commit/7d1ba281e\u0026gt;\u003c/code\u003e\u003c/em\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyGithub/PyGithub/commit/73742d410da73e44a477b0e3f05dfba1749022af\"\u003e\u003ccode\u003e73742d4\u003c/code\u003e\u003c/a\u003e Release 2.9.1 (\u003ca href=\"https://redirect.github.com/pygithub/pygithub/issues/3478\"\u003e#3478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyGithub/PyGithub/commit/7d1ba281e4bf02cb6d3772f11b17c7d6088052d8\"\u003e\u003ccode\u003e7d1ba28\u003c/code\u003e\u003c/a\u003e Fix getting release by tag in lazy mode (\u003ca href=\"https://redirect.github.com/pygithub/pygithub/issues/3469\"\u003e#3469\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pygithub/pygithub/compare/v2.9.0...v2.9.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sentry-sdk` from 2.57.0 to 2.58.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-python/releases\"\u003esentry-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.58.0\u003c/h2\u003e\n\u003ch3\u003eNew Features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e(ai) Redact base64 data URLs in image_url content blocks by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5953\"\u003e#5953\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(integrations) Instrument pyreqwest tracing by \u003ca href=\"https://github.com/servusdei2018\"\u003e\u003ccode\u003e@​servusdei2018\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5682\"\u003e#5682\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(litellm) Add async callbacks by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5969\"\u003e#5969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003ch4\u003eAnthropic\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCapture exceptions for \u003ccode\u003estream()\u003c/code\u003e calls by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5950\"\u003e#5950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStop setting transaction status when child span fails by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5717\"\u003e#5717\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly finish relevant spans in .create() patches by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5716\"\u003e#5716\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003ePydantic Ai\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdapt import for new library versions by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5984\"\u003e#5984\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse first-class hooks when available by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5947\"\u003e#5947\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(huggingface_hub) Stop setting transaction status when a child span fails by \u003ca href=\"https://github.com/Zenithatic\"\u003e\u003ccode\u003e@​Zenithatic\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5952\"\u003e#5952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(litellm) Avoid double span exits when streaming by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5933\"\u003e#5933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(wsgi) Respect HTTP_X_FORWARDED_PROTO in request.url construction by \u003ca href=\"https://github.com/sl0thentr0py\"\u003e\u003ccode\u003e@​sl0thentr0py\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5963\"\u003e#5963\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal Changes 🔧\u003c/h3\u003e\n\u003ch4\u003eLitellm\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in rate-limit test by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5975\"\u003e#5975\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in embedding tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5970\"\u003e#5970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in nonstreaming \u003ccode\u003ecompletion()\u003c/code\u003e tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5937\"\u003e#5937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove dead attributes by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5985\"\u003e#5985\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(ai) Remove \u003ccode\u003egen_ai.tool.type\u003c/code\u003e span attribute by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5964\"\u003e#5964\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(anthropic) Separate sync and async .create() patches by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5715\"\u003e#5715\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(openai) Split token counting by API for easier deprecation by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5930\"\u003e#5930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(openai-agents) Remove error attributes by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5986\"\u003e#5986\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(opentelemetry) Ignore mypy error by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5927\"\u003e#5927\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🤖 Update test matrix with new releases (04/13) by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5983\"\u003e#5983\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix license metadata in setup.py by \u003ca href=\"https://github.com/sl0thentr0py\"\u003e\u003ccode\u003e@​sl0thentr0py\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5934\"\u003e#5934\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate validate-pr workflow by \u003ca href=\"https://github.com/stephanie-anderson\"\u003e\u003ccode\u003e@​stephanie-anderson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5931\"\u003e#5931\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eNone\u003c/code\u003e span context in the span processor and pin tokenizers version for anthropic tests on Python 3.8 by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5967\"\u003e#5967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md\"\u003esentry-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.58.0\u003c/h2\u003e\n\u003ch3\u003eNew Features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e(ai) Redact base64 data URLs in image_url content blocks by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5953\"\u003e#5953\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(integrations) Instrument pyreqwest tracing by \u003ca href=\"https://github.com/servusdei2018\"\u003e\u003ccode\u003e@​servusdei2018\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5682\"\u003e#5682\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(litellm) Add async callbacks by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5969\"\u003e#5969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003ch4\u003eAnthropic\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCapture exceptions for \u003ccode\u003estream()\u003c/code\u003e calls by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5950\"\u003e#5950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStop setting transaction status when child span fails by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5717\"\u003e#5717\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly finish relevant spans in .create() patches by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5716\"\u003e#5716\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003ePydantic Ai\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdapt import for new library versions by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5984\"\u003e#5984\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse first-class hooks when available by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5947\"\u003e#5947\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(huggingface_hub) Stop setting transaction status when a child span fails by \u003ca href=\"https://github.com/Zenithatic\"\u003e\u003ccode\u003e@​Zenithatic\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5952\"\u003e#5952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(litellm) Avoid double span exits when streaming by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5933\"\u003e#5933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(wsgi) Respect HTTP_X_FORWARDED_PROTO in request.url construction by \u003ca href=\"https://github.com/sl0thentr0py\"\u003e\u003ccode\u003e@​sl0thentr0py\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5963\"\u003e#5963\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal Changes 🔧\u003c/h3\u003e\n\u003ch4\u003eLitellm\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in rate-limit test by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5975\"\u003e#5975\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in embedding tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5970\"\u003e#5970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in nonstreaming \u003ccode\u003ecompletion()\u003c/code\u003e tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5937\"\u003e#5937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove dead attributes by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5985\"\u003e#5985\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(ai) Remove \u003ccode\u003egen_ai.tool.type\u003c/code\u003e span attribute by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5964\"\u003e#5964\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(anthropic) Separate sync and async .create() patches by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5715\"\u003e#5715\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(openai) Split token counting by API for easier deprecation by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5930\"\u003e#5930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(openai-agents) Remove error attributes by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5986\"\u003e#5986\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(opentelemetry) Ignore mypy error by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5927\"\u003e#5927\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🤖 Update test matrix with new releases (04/13) by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5983\"\u003e#5983\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix license metadata in setup.py by \u003ca href=\"https://github.com/sl0thentr0py\"\u003e\u003ccode\u003e@​sl0thentr0py\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5934\"\u003e#5934\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate validate-pr workflow by \u003ca href=\"https://github.com/stephanie-anderson\"\u003e\u003ccode\u003e@​stephanie-anderson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5931\"\u003e#5931\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eNone\u003c/code\u003e span context in the span processor and pin tokenizers version for anthropic tests on Python 3.8 by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5967\"\u003e#5967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/ce445d96977ec083b97495c917aa0c3ce453689d\"\u003e\u003ccode\u003ece445d9\u003c/code\u003e\u003c/a\u003e release: 2.58.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/c0c0e9cfc8536f0d9ba22925e4bea17034138cd0\"\u003e\u003ccode\u003ec0c0e9c\u003c/code\u003e\u003c/a\u003e feat(litellm): Add async callbacks (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5969\"\u003e#5969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/ea74b63881d2cf1d71130a8b6ef4dfff4e4cd337\"\u003e\u003ccode\u003eea74b63\u003c/code\u003e\u003c/a\u003e test(litellm): Replace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in rate-limit test (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5975\"\u003e#5975\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/06ed1bca2f9302055ba43dc058f5afcc731b8d79\"\u003e\u003ccode\u003e06ed1bc\u003c/code\u003e\u003c/a\u003e test(litellm): Replace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in embedding tests (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5970\"\u003e#5970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/66ef2e6976a1ae86e97aca08cbc806f9e579f324\"\u003e\u003ccode\u003e66ef2e6\u003c/code\u003e\u003c/a\u003e test(litellm): Replace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in nonstreaming `completion()...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/96ebbf67d91146ebb30be6e0898a637ea6c2c697\"\u003e\u003ccode\u003e96ebbf6\u003c/code\u003e\u003c/a\u003e fix(litellm): Avoid double span exits when streaming (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5933\"\u003e#5933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/7e22b5dc3447a5bee71574a5c22934e5aa8a7642\"\u003e\u003ccode\u003e7e22b5d\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/github-script from 8.0.0 to 9.0.0 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5979\"\u003e#5979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/35151a90a98affa0d72f7cb8b314a8fb54ac8b51\"\u003e\u003ccode\u003e35151a9\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5980\"\u003e#5980\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/d1c5b53096e76353e2aa3ffdd8a845f38bb04bb6\"\u003e\u003ccode\u003ed1c5b53\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5981\"\u003e#5981\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/e255aafa913955eed43333aa204f1476d9dc1ff2\"\u003e\u003ccode\u003ee255aaf\u003c/code\u003e\u003c/a\u003e build(deps): bump getsentry/testing-ai-sdk-integrations from 6b1f51ec8af03e19...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getsentry/sentry-python/compare/2.57.0...2.58.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.10 to 0.15.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.11\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-16.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Ignore \u003ccode\u003eRUF029\u003c/code\u003e when function is decorated with \u003ccode\u003easynccontextmanager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24642\"\u003e#24642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-xcom-pull-in-template-string\u003c/code\u003e (\u003ccode\u003eAIR201\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23583\"\u003e#23583\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-bandit\u003c/code\u003e] Fix \u003ccode\u003eS103\u003c/code\u003e false positives and negatives in mask analysis (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24424\"\u003e#24424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-async\u003c/code\u003e] Omit overridden methods for \u003ccode\u003eASYNC109\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24648\"\u003e#24648\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-async\u003c/code\u003e] Add override mention to \u003ccode\u003eASYNC109\u003c/code\u003e docs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24666\"\u003e#24666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Neovim config examples to use \u003ccode\u003evim.lsp.config\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24577\"\u003e#24577\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/augustelalande\"\u003e\u003ccode\u003e@​augustelalande\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benberryallwood\"\u003e\u003ccode\u003e@​benberryallwood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charliermarsh\"\u003e\u003ccode\u003e@​charliermarsh\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Dev-iL\"\u003e\u003ccode\u003e@​Dev-iL\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall ruff 0.15.11\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via powershell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003epowershell -ExecutionPolicy Bypass -c \u0026quot;irm https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.ps1 | iex\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eDownload ruff 0.15.11\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eFile\u003c/th\u003e\n\u003cth\u003ePlatform\u003c/th\u003e\n\u003cth\u003eChecksum\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-aarch64-apple-darwin.tar.gz\"\u003eruff-aarch64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eApple Silicon macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-aarch64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-x86_64-apple-darwin.tar.gz\"\u003eruff-x86_64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eIntel macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-x86_64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-aarch64-pc-windows-msvc.zip\"\u003eruff-aarch64-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-aarch64-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-i686-pc-windows-msvc.zip\"\u003eruff-i686-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex86 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-i686-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.11\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-16.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Ignore \u003ccode\u003eRUF029\u003c/code\u003e when function is decorated with \u003ccode\u003easynccontextmanager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24642\"\u003e#24642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-xcom-pull-in-template-string\u003c/code\u003e (\u003ccode\u003eAIR201\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23583\"\u003e#23583\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-bandit\u003c/code\u003e] Fix \u003ccode\u003eS103\u003c/code\u003e false positives and negatives in mask analysis (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24424\"\u003e#24424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-async\u003c/code\u003e] Omit overridden methods for \u003ccode\u003eASYNC109\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24648\"\u003e#24648\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-async\u003c/code\u003e] Add override mention to \u003ccode\u003eASYNC109\u003c/code\u003e docs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24666\"\u003e#24666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate Neovim config examples to use \u003ccode\u003evim.lsp.config\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24577\"\u003e#24577\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/augustelalande\"\u003e\u003ccode\u003e@​augustelalande\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benberryallwood\"\u003e\u003ccode\u003e@​benberryallwood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charliermarsh\"\u003e\u003ccode\u003e@​charliermarsh\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Dev-iL\"\u003e\u003ccode\u003e@​Dev-iL\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/53554b1cfe837f2eb992a81794480699478f1116\"\u003e\u003ccode\u003e53554b1\u003c/code\u003e\u003c/a\u003e Bump 0.15.11 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24678\"\u003e#24678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/08c56c83cffbb1025cbf5bdede6c6d8be591cf47\"\u003e\u003ccode\u003e08c56c8\u003c/code\u003e\u003c/a\u003e Factor out the \u003ccode\u003emdtest\u003c/code\u003e crate (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24616\"\u003e#24616\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/725fbb736d2a999971449b61190b914abd26102a\"\u003e\u003ccode\u003e725fbb7\u003c/code\u003e\u003c/a\u003e [ty] Use partially qualified names when reporting diagnostics regarding bad c...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/ddd6a30ff5fa27694dc1c50d0749885a1519d0a7\"\u003e\u003ccode\u003eddd6a30\u003c/code\u003e\u003c/a\u003e [ty] Do not suggest argument completion when at value of keyword argument (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/2\"\u003e#2\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9282e61d482a36da08d66bb8271afeef50b3bc45\"\u003e\u003ccode\u003e9282e61\u003c/code\u003e\u003c/a\u003e Disallow \u003ca href=\"https://github.com/disjoint\"\u003e\u003ccode\u003e@​disjoint\u003c/code\u003e\u003c/a\u003e_base on TypedDicts and Protocols (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24671\"\u003e#24671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/e9986d8e3008eefe2e387312c4dc8b9c60f6f362\"\u003e\u003ccode\u003ee9986d8\u003c/code\u003e\u003c/a\u003e [ty] Reject using properties with \u003ccode\u003eNever\u003c/code\u003e setters or deleters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24510\"\u003e#24510\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9cf212ff82f7b66b4a275ad6a9b1564aee1fa4a8\"\u003e\u003ccode\u003e9cf212f\u003c/code\u003e\u003c/a\u003e [ty] Normalize property setter and deleter wrappers (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24509\"\u003e#24509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/12a1589de4d7120cf99441ee4c14871bdc20968d\"\u003e\u003ccode\u003e12a1589\u003c/code\u003e\u003c/a\u003e Add override mention to ASYNC109 docs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24666\"\u003e#24666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/dccb03d010f4442ed60624f8d2ba932706abaabb\"\u003e\u003ccode\u003edccb03d\u003c/code\u003e\u003c/a\u003e [ty] Avoid panicking on overloaded \u003ccode\u003eCallable\u003c/code\u003e type context (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24661\"\u003e#24661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/61f9a0a5763fb068cd2f26c0ee9d63a277fb26c2\"\u003e\u003ccode\u003e61f9a0a\u003c/code\u003e\u003c/a\u003e [ty] Sync vendored typeshed stubs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24646\"\u003e#24646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.10...0.15.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmor` from 1.23.1 to 1.24.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.24.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#ref-version-mismatch\"\u003eref-version-mismatch\u003c/a\u003e audit would incorrectly flag some version comments as not containing an appropriate version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1900\"\u003e#1900\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.24.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ezizmor now allows users to audit from stdin, by passing zizmor - (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1611\"\u003e#1611\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#use-trusted-publishing\"\u003euse-trusted-publishing\u003c/a\u003e audit now detects bun publish and bunx npm publish patterns (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1737\"\u003e#1737\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's CLI help and usage output now uses a custom color scheme for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1747\"\u003e#1747\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#secrets-outside-env\"\u003esecrets-outside-env\u003c/a\u003e audit is now configurable with an allowlist of secret names that should not be flagged, even when referenced outside of an environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1759\"\u003e#1759\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/rmuir\"\u003e\u003ccode\u003e@​rmuir\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#dependabot-cooldown\"\u003edependabot-cooldown\u003c/a\u003e audit now emits a pedantic finding whenever it encounters a cooldown used with a multi-ecosystem-group, as the two do not interact well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh release upload as a replacement for \u003ca href=\"https://github.com/svenstaro/upload-release-action\"\u003esvenstaro/upload-release-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1801\"\u003e#1801\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue create as a replacement for \u003ca href=\"https://github.com/dacbd/create-issue-action\"\u003edacbd/create-issue-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1873\"\u003e#1873\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit now emits a finding for with: ${{ expr }} clauses cannot be analyzed (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1772\"\u003e#1772\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor --help is now rendered with option groups for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1831\"\u003e#1831\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/deckstose\"\u003e\u003ccode\u003e@​deckstose\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's SARIF output now uses codeflows instead of related locations, improving its rendering behavior on GitHub Advanced Security (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#ref-version-mismatch\"\u003eref-version-mismatch\u003c/a\u003e audit now uses a more useful audit description for its findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-images\"\u003eunpinned-images\u003c/a\u003e audit now produces more precise findings for image references that are computed through expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1756\"\u003e#1756\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/miketheman\"\u003e\u003ccode\u003e@​miketheman\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#ref-version-mismatch\"\u003eref-version-mismatch\u003c/a\u003e audit now detects missing version comments as well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1849\"\u003e#1849\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#concurrency-limits\"\u003econcurrency-limits\u003c/a\u003e audit reported findings at the job level instead of the workflow level (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1627\"\u003e#1627\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.24.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the [ref-version-mismatch] audit would incorrectly flag\nsome version comments as not containing an appropriate version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1900\"\u003e#1900\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.24.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ezizmor\u003c/code\u003e now allows users to audit from stdin, by passing \u003ccode\u003ezizmor -\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1611\"\u003e#1611\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [use-trusted-publishing] audit now detects \u003ccode\u003ebun publish\u003c/code\u003e and \u003ccode\u003ebunx npm publish\u003c/code\u003e\npatterns (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1737\"\u003e#1737\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e's CLI help and usage output now uses a custom color scheme for\nimproved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1747\"\u003e#1747\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [secrets-outside-env] audit is now configurable with an allowlist of\nsecret names that should not be flagged, even when referenced outside of\nan environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1759\"\u003e#1759\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/rmuir\"\u003e\u003ccode\u003e@​rmuir\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [dependabot-cooldown] audit now emits a pedantic finding whenever\nit encounters a cooldown used with a multi-ecosystem-group, as the two\ndo not interact well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh release upload\u003c/code\u003e as a replacement for \u003ccode\u003e@​svenstaro/upload-release-action\u003c/code\u003e in\n[superfluous-actions] (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1801\"\u003e#1801\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh issue create\u003c/code\u003e as a replacement for \u003ccode\u003e@​dacbd/create-issue-action\u003c/code\u003e in\n[superfluous-actions] (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1873\"\u003e#1873\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [obfuscation] audit now emits a finding for \u003ccode\u003ewith: ${{ expr }}\u003c/code\u003e\nclauses cannot be analyzed (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1772\"\u003e#1772\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor --help\u003c/code\u003e is now rendered with option groups for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1831\"\u003e#1831\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/deckstose\"\u003e\u003ccode\u003e@​deckstose\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's SARIF output now uses codeflows instead of related locations,\nimproving its rendering behavior on GitHub Advanced Security (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [ref-version-mismatch] audit now uses a more useful audit description\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/2eaf42bcccfed62978cee0905902acbc294d5123\"\u003e\u003ccode\u003e2eaf42b\u003c/code\u003e\u003c/a\u003e ref-version-mismatch: handle version comments without v prefix (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1900\"\u003e#1900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/a3b72b8f26946fd057c016d5ec83b77cc4cfdad2\"\u003e\u003ccode\u003ea3b72b8\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1897\"\u003e#1897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/d5aba605f4267b96e34775de183955ff0a3197ad\"\u003e\u003ccode\u003ed5aba60\u003c/code\u003e\u003c/a\u003e zizmor v1.24.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1890\"\u003e#1890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/1e762ac3c0354d68ddcac0ccc0af6879e8b38aa6\"\u003e\u003ccode\u003e1e762ac\u003c/code\u003e\u003c/a\u003e zizmor v1.24.0-rc3 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1889\"\u003e#1889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/b79c9dc84c096d6c7becabd9581c61c9347bf4f7\"\u003e\u003ccode\u003eb79c9dc\u003c/code\u003e\u003c/a\u003e Fix release CI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1888\"\u003e#1888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/eb113ad5c5f8c25c79dd0b4705d420096a35ba2d\"\u003e\u003ccode\u003eeb113ad\u003c/code\u003e\u003c/a\u003e Unify crate versions and publishing (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1887\"\u003e#1887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/91bcb96244214bea0d62982fba3bc825f9604af9\"\u003e\u003ccode\u003e91bcb96\u003c/code\u003e\u003c/a\u003e Use the GitHub client's host correctly in two more places (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1881\"\u003e#1881\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/3ed8316a1ce22a3f9c887c1021992ca19d31dce4\"\u003e\u003ccode\u003e3ed8316\u003c/code\u003e\u003c/a\u003e chore: use \u003ccode\u003etracing\u003c/code\u003e for printing the welcome message (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1886\"\u003e#1886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/484acedf381a7553f663309b44def3b7953fb4d8\"\u003e\u003ccode\u003e484aced\u003c/code\u003e\u003c/a\u003e feat(ref-version-mismatch): detect missing version comments on SHA-pinned act...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/7ee374f5db0b69b96ef4f7ba89d0c33c8a93a7ba\"\u003e\u003ccode\u003e7ee374f\u003c/code\u003e\u003c/a\u003e KATs for GitHub Actions expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1857\"\u003e#1857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.23.1...v1.24.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/ministryofjustice/modernisation-platform-ui/pull/78","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fmodernisation-platform-ui/issues/78","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/78/packages"}},{"old_version":"1.23.1","new_version":"1.24.1","update_type":"minor","path":null,"pr_created_at":"2026-04-28T00:27:26.000Z","version_change":"1.23.1 → 1.24.1","issue":{"uuid":"4339686294","node_id":"PR_kwDONnZYsM7WKAVQ","number":417,"state":"open","title":":dependabot: uv(deps): Bump the minor-and-patch group with 3 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-28T00:27:26.000Z","updated_at":"2026-05-05T02:09:56.067Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":":dependabot: uv(deps): Bump","group_name":"minor-and-patch","update_count":3,"packages":[{"name":"sentry-sdk","old_version":"2.57.0","new_version":"2.58.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"ruff","old_version":"0.15.9","new_version":"0.15.10","repository_url":"https://github.com/astral-sh/ruff"},{"name":"zizmor","old_version":"1.23.1","new_version":"1.24.1","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps the minor-and-patch group with 3 updates: [sentry-sdk](https://github.com/getsentry/sentry-python), [ruff](https://github.com/astral-sh/ruff) and [zizmor](https://github.com/zizmorcore/zizmor).\n\nUpdates `sentry-sdk` from 2.57.0 to 2.58.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-python/releases\"\u003esentry-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.58.0\u003c/h2\u003e\n\u003ch3\u003eNew Features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e(ai) Redact base64 data URLs in image_url content blocks by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5953\"\u003e#5953\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(integrations) Instrument pyreqwest tracing by \u003ca href=\"https://github.com/servusdei2018\"\u003e\u003ccode\u003e@​servusdei2018\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5682\"\u003e#5682\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(litellm) Add async callbacks by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5969\"\u003e#5969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003ch4\u003eAnthropic\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCapture exceptions for \u003ccode\u003estream()\u003c/code\u003e calls by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5950\"\u003e#5950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStop setting transaction status when child span fails by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5717\"\u003e#5717\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly finish relevant spans in .create() patches by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5716\"\u003e#5716\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003ePydantic Ai\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdapt import for new library versions by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5984\"\u003e#5984\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse first-class hooks when available by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5947\"\u003e#5947\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(huggingface_hub) Stop setting transaction status when a child span fails by \u003ca href=\"https://github.com/Zenithatic\"\u003e\u003ccode\u003e@​Zenithatic\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5952\"\u003e#5952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(litellm) Avoid double span exits when streaming by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5933\"\u003e#5933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(wsgi) Respect HTTP_X_FORWARDED_PROTO in request.url construction by \u003ca href=\"https://github.com/sl0thentr0py\"\u003e\u003ccode\u003e@​sl0thentr0py\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5963\"\u003e#5963\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal Changes 🔧\u003c/h3\u003e\n\u003ch4\u003eLitellm\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in rate-limit test by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5975\"\u003e#5975\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in embedding tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5970\"\u003e#5970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in nonstreaming \u003ccode\u003ecompletion()\u003c/code\u003e tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5937\"\u003e#5937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove dead attributes by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5985\"\u003e#5985\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(ai) Remove \u003ccode\u003egen_ai.tool.type\u003c/code\u003e span attribute by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5964\"\u003e#5964\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(anthropic) Separate sync and async .create() patches by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5715\"\u003e#5715\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(openai) Split token counting by API for easier deprecation by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5930\"\u003e#5930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(openai-agents) Remove error attributes by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5986\"\u003e#5986\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(opentelemetry) Ignore mypy error by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5927\"\u003e#5927\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🤖 Update test matrix with new releases (04/13) by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5983\"\u003e#5983\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix license metadata in setup.py by \u003ca href=\"https://github.com/sl0thentr0py\"\u003e\u003ccode\u003e@​sl0thentr0py\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5934\"\u003e#5934\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate validate-pr workflow by \u003ca href=\"https://github.com/stephanie-anderson\"\u003e\u003ccode\u003e@​stephanie-anderson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5931\"\u003e#5931\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eNone\u003c/code\u003e span context in the span processor and pin tokenizers version for anthropic tests on Python 3.8 by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5967\"\u003e#5967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md\"\u003esentry-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.58.0\u003c/h2\u003e\n\u003ch3\u003eNew Features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e(ai) Redact base64 data URLs in image_url content blocks by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5953\"\u003e#5953\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(integrations) Instrument pyreqwest tracing by \u003ca href=\"https://github.com/servusdei2018\"\u003e\u003ccode\u003e@​servusdei2018\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5682\"\u003e#5682\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(litellm) Add async callbacks by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5969\"\u003e#5969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003ch4\u003eAnthropic\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCapture exceptions for \u003ccode\u003estream()\u003c/code\u003e calls by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5950\"\u003e#5950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStop setting transaction status when child span fails by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5717\"\u003e#5717\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly finish relevant spans in .create() patches by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5716\"\u003e#5716\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003ePydantic Ai\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdapt import for new library versions by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5984\"\u003e#5984\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse first-class hooks when available by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5947\"\u003e#5947\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(huggingface_hub) Stop setting transaction status when a child span fails by \u003ca href=\"https://github.com/Zenithatic\"\u003e\u003ccode\u003e@​Zenithatic\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5952\"\u003e#5952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(litellm) Avoid double span exits when streaming by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5933\"\u003e#5933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(wsgi) Respect HTTP_X_FORWARDED_PROTO in request.url construction by \u003ca href=\"https://github.com/sl0thentr0py\"\u003e\u003ccode\u003e@​sl0thentr0py\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5963\"\u003e#5963\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal Changes 🔧\u003c/h3\u003e\n\u003ch4\u003eLitellm\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in rate-limit test by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5975\"\u003e#5975\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in embedding tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5970\"\u003e#5970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in nonstreaming \u003ccode\u003ecompletion()\u003c/code\u003e tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5937\"\u003e#5937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove dead attributes by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5985\"\u003e#5985\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e(ai) Remove \u003ccode\u003egen_ai.tool.type\u003c/code\u003e span attribute by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5964\"\u003e#5964\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(anthropic) Separate sync and async .create() patches by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5715\"\u003e#5715\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(openai) Split token counting by API for easier deprecation by \u003ca href=\"https://github.com/ericapisani\"\u003e\u003ccode\u003e@​ericapisani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5930\"\u003e#5930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(openai-agents) Remove error attributes by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5986\"\u003e#5986\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e(opentelemetry) Ignore mypy error by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5927\"\u003e#5927\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🤖 Update test matrix with new releases (04/13) by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5983\"\u003e#5983\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix license metadata in setup.py by \u003ca href=\"https://github.com/sl0thentr0py\"\u003e\u003ccode\u003e@​sl0thentr0py\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5934\"\u003e#5934\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate validate-pr workflow by \u003ca href=\"https://github.com/stephanie-anderson\"\u003e\u003ccode\u003e@​stephanie-anderson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5931\"\u003e#5931\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eNone\u003c/code\u003e span context in the span processor and pin tokenizers version for anthropic tests on Python 3.8 by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5967\"\u003e#5967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/ce445d96977ec083b97495c917aa0c3ce453689d\"\u003e\u003ccode\u003ece445d9\u003c/code\u003e\u003c/a\u003e release: 2.58.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/c0c0e9cfc8536f0d9ba22925e4bea17034138cd0\"\u003e\u003ccode\u003ec0c0e9c\u003c/code\u003e\u003c/a\u003e feat(litellm): Add async callbacks (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5969\"\u003e#5969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/ea74b63881d2cf1d71130a8b6ef4dfff4e4cd337\"\u003e\u003ccode\u003eea74b63\u003c/code\u003e\u003c/a\u003e test(litellm): Replace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in rate-limit test (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5975\"\u003e#5975\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/06ed1bca2f9302055ba43dc058f5afcc731b8d79\"\u003e\u003ccode\u003e06ed1bc\u003c/code\u003e\u003c/a\u003e test(litellm): Replace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in embedding tests (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5970\"\u003e#5970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/66ef2e6976a1ae86e97aca08cbc806f9e579f324\"\u003e\u003ccode\u003e66ef2e6\u003c/code\u003e\u003c/a\u003e test(litellm): Replace mocks with \u003ccode\u003ehttpx\u003c/code\u003e types in nonstreaming `completion()...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/96ebbf67d91146ebb30be6e0898a637ea6c2c697\"\u003e\u003ccode\u003e96ebbf6\u003c/code\u003e\u003c/a\u003e fix(litellm): Avoid double span exits when streaming (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5933\"\u003e#5933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/7e22b5dc3447a5bee71574a5c22934e5aa8a7642\"\u003e\u003ccode\u003e7e22b5d\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/github-script from 8.0.0 to 9.0.0 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5979\"\u003e#5979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/35151a90a98affa0d72f7cb8b314a8fb54ac8b51\"\u003e\u003ccode\u003e35151a9\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5980\"\u003e#5980\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/d1c5b53096e76353e2aa3ffdd8a845f38bb04bb6\"\u003e\u003ccode\u003ed1c5b53\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5981\"\u003e#5981\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/e255aafa913955eed43333aa204f1476d9dc1ff2\"\u003e\u003ccode\u003ee255aaf\u003c/code\u003e\u003c/a\u003e build(deps): bump getsentry/testing-ai-sdk-integrations from 6b1f51ec8af03e19...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getsentry/sentry-python/compare/2.57.0...2.58.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.9 to 0.15.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.10\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-09.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-logging\u003c/code\u003e] Allow closures in except handlers (\u003ccode\u003eLOG004\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24464\"\u003e#24464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-self\u003c/code\u003e] Make \u003ccode\u003eSLF\u003c/code\u003e diagnostics robust to non-self-named variables (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24281\"\u003e#24281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e] Make the fix for \u003ccode\u003ecollapsible-if\u003c/code\u003e safe in \u003ccode\u003epreview\u003c/code\u003e (\u003ccode\u003eSIM102\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24371\"\u003e#24371\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid emitting multi-line f-string elements before Python 3.12 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24377\"\u003e#24377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid syntax error from \u003ccode\u003eE502\u003c/code\u003e fixes in f-strings and t-strings (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24410\"\u003e#24410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eStrip form feeds from indent passed to \u003ccode\u003ededent_to\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24381\"\u003e#24381\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Fix panic caused by handling of octals (\u003ccode\u003eUP012\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24390\"\u003e#24390\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReject multi-line f-string elements before Python 3.12 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24355\"\u003e#24355\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Treat f-string interpolation as potential side effect (\u003ccode\u003eRUF019\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24426\"\u003e#24426\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eServer\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for custom file extensions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24463\"\u003e#24463\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocument adding fixes in CONTRIBUTING.md (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24393\"\u003e#24393\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix JSON typo in settings example (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24517\"\u003e#24517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charliermarsh\"\u003e\u003ccode\u003e@​charliermarsh\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dylwil3\"\u003e\u003ccode\u003e@​dylwil3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/silverstein\"\u003e\u003ccode\u003e@​silverstein\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shizukushq\"\u003e\u003ccode\u003e@​shizukushq\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zanieb\"\u003e\u003ccode\u003e@​zanieb\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall ruff 0.15.10\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.10/ruff-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.10\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-04-09.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-logging\u003c/code\u003e] Allow closures in except handlers (\u003ccode\u003eLOG004\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24464\"\u003e#24464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-self\u003c/code\u003e] Make \u003ccode\u003eSLF\u003c/code\u003e diagnostics robust to non-self-named variables (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24281\"\u003e#24281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e] Make the fix for \u003ccode\u003ecollapsible-if\u003c/code\u003e safe in \u003ccode\u003epreview\u003c/code\u003e (\u003ccode\u003eSIM102\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24371\"\u003e#24371\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid emitting multi-line f-string elements before Python 3.12 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24377\"\u003e#24377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid syntax error from \u003ccode\u003eE502\u003c/code\u003e fixes in f-strings and t-strings (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24410\"\u003e#24410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eStrip form feeds from indent passed to \u003ccode\u003ededent_to\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24381\"\u003e#24381\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Fix panic caused by handling of octals (\u003ccode\u003eUP012\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24390\"\u003e#24390\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReject multi-line f-string elements before Python 3.12 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24355\"\u003e#24355\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Treat f-string interpolation as potential side effect (\u003ccode\u003eRUF019\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24426\"\u003e#24426\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eServer\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for custom file extensions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24463\"\u003e#24463\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocument adding fixes in CONTRIBUTING.md (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24393\"\u003e#24393\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix JSON typo in settings example (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24517\"\u003e#24517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charliermarsh\"\u003e\u003ccode\u003e@​charliermarsh\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dylwil3\"\u003e\u003ccode\u003e@​dylwil3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/silverstein\"\u003e\u003ccode\u003e@​silverstein\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shizukushq\"\u003e\u003ccode\u003e@​shizukushq\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zanieb\"\u003e\u003ccode\u003e@​zanieb\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/252f76102a618bff6537b6c53c316ca3837f4abf\"\u003e\u003ccode\u003e252f761\u003c/code\u003e\u003c/a\u003e Bump 0.15.10 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24519\"\u003e#24519\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/37a1ec8bb8e30955787b0cdf6e97f7f2254dba7f\"\u003e\u003ccode\u003e37a1ec8\u003c/code\u003e\u003c/a\u003e [ty] Fix assignability of intersections with bounded typevars (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24502\"\u003e#24502\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/f518cc9ca0c830773dd49c3964eb5e49d52c8aed\"\u003e\u003ccode\u003ef518cc9\u003c/code\u003e\u003c/a\u003e [ty] Allow partially stringified \u003ccode\u003etype[…]\u003c/code\u003e annotations (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24518\"\u003e#24518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/16c4090d0a711b9c0523b932014f3daf140f35bc\"\u003e\u003ccode\u003e16c4090\u003c/code\u003e\u003c/a\u003e docs: fix JSON typo in settings example (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24517\"\u003e#24517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/99d97bd72f1934ac2af93e52468c10ef1c7a1a4e\"\u003e\u003ccode\u003e99d97bd\u003c/code\u003e\u003c/a\u003e [ty] Tighten up a few edge cases in \u003ccode\u003eConcatenate\u003c/code\u003e type-expression parsing (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/2\"\u003e#2\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2714e345bdd64a5baae3844c0d25db7b0b9fe330\"\u003e\u003ccode\u003e2714e34\u003c/code\u003e\u003c/a\u003e [ty] Enable \u003ccode\u003epull-diagnostics\u003c/code\u003e by default in E2E tests (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24516\"\u003e#24516\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/d8bc700722ab1b7272a4d724839da7c569b349d4\"\u003e\u003ccode\u003ed8bc700\u003c/code\u003e\u003c/a\u003e LSP: Add support for custom extensions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24463\"\u003e#24463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/a45f96d65dbd4f958b07accd718f8d2af48cb956\"\u003e\u003ccode\u003ea45f96d\u003c/code\u003e\u003c/a\u003e [ty] stop special-casing str constructor (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24514\"\u003e#24514\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/87a0f01cfd016e0297ef05ab638cde006bf8d947\"\u003e\u003ccode\u003e87a0f01\u003c/code\u003e\u003c/a\u003e [ruff] Treat f-string interpolation as potential side effect in RUF019 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24426\"\u003e#24426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/e9ba8489b8d1f1fd5fd66887a74d5f2f58f733d4\"\u003e\u003ccode\u003ee9ba848\u003c/code\u003e\u003c/a\u003e [ty] Fix excess subscript argument inference for non-generic types (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24354\"\u003e#24354\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.9...0.15.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmor` from 1.23.1 to 1.24.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.24.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#ref-version-mismatch\"\u003eref-version-mismatch\u003c/a\u003e audit would incorrectly flag some version comments as not containing an appropriate version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1900\"\u003e#1900\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.24.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ezizmor now allows users to audit from stdin, by passing zizmor - (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1611\"\u003e#1611\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#use-trusted-publishing\"\u003euse-trusted-publishing\u003c/a\u003e audit now detects bun publish and bunx npm publish patterns (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1737\"\u003e#1737\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's CLI help and usage output now uses a custom color scheme for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1747\"\u003e#1747\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#secrets-outside-env\"\u003esecrets-outside-env\u003c/a\u003e audit is now configurable with an allowlist of secret names that should not be flagged, even when referenced outside of an environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1759\"\u003e#1759\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/rmuir\"\u003e\u003ccode\u003e@​rmuir\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#dependabot-cooldown\"\u003edependabot-cooldown\u003c/a\u003e audit now emits a pedantic finding whenever it encounters a cooldown used with a multi-ecosystem-group, as the two do not interact well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh release upload as a replacement for \u003ca href=\"https://github.com/svenstaro/upload-release-action\"\u003esvenstaro/upload-release-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1801\"\u003e#1801\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue create as a replacement for \u003ca href=\"https://github.com/dacbd/create-issue-action\"\u003edacbd/create-issue-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1873\"\u003e#1873\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit now emits a finding for with: ${{ expr }} clauses cannot be analyzed (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1772\"\u003e#1772\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor --help is now rendered with option groups for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1831\"\u003e#1831\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/deckstose\"\u003e\u003ccode\u003e@​deckstose\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's SARIF output now uses codeflows instead of related locations, improving its rendering behavior on GitHub Advanced Security (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#ref-version-mismatch\"\u003eref-version-mismatch\u003c/a\u003e audit now uses a more useful audit description for its findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-images\"\u003eunpinned-images\u003c/a\u003e audit now produces more precise findings for image references that are computed through expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1756\"\u003e#1756\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/miketheman\"\u003e\u003ccode\u003e@​miketheman\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#ref-version-mismatch\"\u003eref-version-mismatch\u003c/a\u003e audit now detects missing version comments as well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1849\"\u003e#1849\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#concurrency-limits\"\u003econcurrency-limits\u003c/a\u003e audit reported findings at the job level instead of the workflow level (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1627\"\u003e#1627\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.24.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where the [ref-version-mismatch] audit would incorrectly flag\nsome version comments as not containing an appropriate version (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1900\"\u003e#1900\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.24.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ezizmor\u003c/code\u003e now allows users to audit from stdin, by passing \u003ccode\u003ezizmor -\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1611\"\u003e#1611\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [use-trusted-publishing] audit now detects \u003ccode\u003ebun publish\u003c/code\u003e and \u003ccode\u003ebunx npm publish\u003c/code\u003e\npatterns (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1737\"\u003e#1737\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e's CLI help and usage output now uses a custom color scheme for\nimproved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1747\"\u003e#1747\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [secrets-outside-env] audit is now configurable with an allowlist of\nsecret names that should not be flagged, even when referenced outside of\nan environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1759\"\u003e#1759\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/rmuir\"\u003e\u003ccode\u003e@​rmuir\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [dependabot-cooldown] audit now emits a pedantic finding whenever\nit encounters a cooldown used with a multi-ecosystem-group, as the two\ndo not interact well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh release upload\u003c/code\u003e as a replacement for \u003ccode\u003e@​svenstaro/upload-release-action\u003c/code\u003e in\n[superfluous-actions] (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1801\"\u003e#1801\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh issue create\u003c/code\u003e as a replacement for \u003ccode\u003e@​dacbd/create-issue-action\u003c/code\u003e in\n[superfluous-actions] (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1873\"\u003e#1873\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [obfuscation] audit now emits a finding for \u003ccode\u003ewith: ${{ expr }}\u003c/code\u003e\nclauses cannot be analyzed (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1772\"\u003e#1772\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor --help\u003c/code\u003e is now rendered with option groups for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1831\"\u003e#1831\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/deckstose\"\u003e\u003ccode\u003e@​deckstose\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's SARIF output now uses codeflows instead of related locations,\nimproving its rendering behavior on GitHub Advanced Security (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [ref-version-mismatch] audit now uses a more useful audit description\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/2eaf42bcccfed62978cee0905902acbc294d5123\"\u003e\u003ccode\u003e2eaf42b\u003c/code\u003e\u003c/a\u003e ref-version-mismatch: handle version comments without v prefix (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1900\"\u003e#1900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/a3b72b8f26946fd057c016d5ec83b77cc4cfdad2\"\u003e\u003ccode\u003ea3b72b8\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1897\"\u003e#1897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/d5aba605f4267b96e34775de183955ff0a3197ad\"\u003e\u003ccode\u003ed5aba60\u003c/code\u003e\u003c/a\u003e zizmor v1.24.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1890\"\u003e#1890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/1e762ac3c0354d68ddcac0ccc0af6879e8b38aa6\"\u003e\u003ccode\u003e1e762ac\u003c/code\u003e\u003c/a\u003e zizmor v1.24.0-rc3 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1889\"\u003e#1889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/b79c9dc84c096d6c7becabd9581c61c9347bf4f7\"\u003e\u003ccode\u003eb79c9dc\u003c/code\u003e\u003c/a\u003e Fix release CI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1888\"\u003e#1888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/eb113ad5c5f8c25c79dd0b4705d420096a35ba2d\"\u003e\u003ccode\u003eeb113ad\u003c/code\u003e\u003c/a\u003e Unify crate versions and publishing (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1887\"\u003e#1887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/91bcb96244214bea0d62982fba3bc825f9604af9\"\u003e\u003ccode\u003e91bcb96\u003c/code\u003e\u003c/a\u003e Use the GitHub client's host correctly in two more places (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1881\"\u003e#1881\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/3ed8316a1ce22a3f9c887c1021992ca19d31dce4\"\u003e\u003ccode\u003e3ed8316\u003c/code\u003e\u003c/a\u003e chore: use \u003ccode\u003etracing\u003c/code\u003e for printing the welcome message (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1886\"\u003e#1886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/484acedf381a7553f663309b44def3b7953fb4d8\"\u003e\u003ccode\u003e484aced\u003c/code\u003e\u003c/a\u003e feat(ref-version-mismatch): detect missing version comments on SHA-pinned act...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/7ee374f5db0b69b96ef4f7ba89d0c33c8a93a7ba\"\u003e\u003ccode\u003e7ee374f\u003c/code\u003e\u003c/a\u003e KATs for GitHub Actions expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1857\"\u003e#1857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.23.1...v1.24.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/ministryofjustice/github-community/pull/417","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fgithub-community/issues/417","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/417/packages"}},{"old_version":"\u003c1.24,\u003e=1.9.0","new_version":"\u003e=1.9.0,\u003c1.25","update_type":null,"path":"the pip group","pr_created_at":"2026-04-20T07:42:27.000Z","version_change":"\u003c1.24,\u003e=1.9.0 → \u003e=1.9.0,\u003c1.25","issue":{"uuid":"4293963388","node_id":"PR_kwDOFddX-M7T3DdO","number":2214,"state":"open","title":"chore: (deps-dev): update zizmor requirement from \u003c1.24,\u003e=1.9.0 to \u003e=1.9.0,\u003c1.25 in the pip group","user":"dependabot[bot]","labels":["new: pull-request","bot","type: dependencies","skip-changelog"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-20T07:42:27.000Z","updated_at":"2026-04-20T09:34:10.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore: (deps-dev): update","packages":[{"name":"zizmor","old_version":"\u003c1.24,\u003e=1.9.0","new_version":"\u003e=1.9.0,\u003c1.25","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":"the pip group","ecosystem":"pip"},"body":"Updates the requirements on [zizmor](https://github.com/zizmorcore/zizmor) to permit the latest version.\nUpdates `zizmor` to 1.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.24.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ezizmor now allows users to audit from stdin, by passing zizmor - (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1611\"\u003e#1611\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#use-trusted-publishing\"\u003euse-trusted-publishing\u003c/a\u003e audit now detects bun publish and bunx npm publish patterns (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1737\"\u003e#1737\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's CLI help and usage output now uses a custom color scheme for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1747\"\u003e#1747\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#secrets-outside-env\"\u003esecrets-outside-env\u003c/a\u003e audit is now configurable with an allowlist of secret names that should not be flagged, even when referenced outside of an environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1759\"\u003e#1759\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/rmuir\"\u003e\u003ccode\u003e@​rmuir\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#dependabot-cooldown\"\u003edependabot-cooldown\u003c/a\u003e audit now emits a pedantic finding whenever it encounters a cooldown used with a multi-ecosystem-group, as the two do not interact well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh release upload as a replacement for \u003ca href=\"https://github.com/svenstaro/upload-release-action\"\u003esvenstaro/upload-release-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1801\"\u003e#1801\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend gh issue create as a replacement for \u003ca href=\"https://github.com/dacbd/create-issue-action\"\u003edacbd/create-issue-action\u003c/a\u003e in \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1873\"\u003e#1873\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit now emits a finding for with: ${{ expr }} clauses cannot be analyzed (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1772\"\u003e#1772\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor --help is now rendered with option groups for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1831\"\u003e#1831\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/deckstose\"\u003e\u003ccode\u003e@​deckstose\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's SARIF output now uses codeflows instead of related locations, improving its rendering behavior on GitHub Advanced Security (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#ref-version-mismatch\"\u003eref-version-mismatch\u003c/a\u003e audit now uses a more useful audit description for its findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-images\"\u003eunpinned-images\u003c/a\u003e audit now produces more precise findings for image references that are computed through expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1756\"\u003e#1756\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/miketheman\"\u003e\u003ccode\u003e@​miketheman\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#ref-version-mismatch\"\u003eref-version-mismatch\u003c/a\u003e audit now detects missing version comments as well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1849\"\u003e#1849\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#concurrency-limits\"\u003econcurrency-limits\u003c/a\u003e audit reported findings at the job level instead of the workflow level (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1627\"\u003e#1627\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where with: ${{ expr }} clauses would cause a crash. artipacked audit emits a pedantic finding on such clauses. (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1772\"\u003e#1772\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where auto-fixes for the \u003ca href=\"https://docs.zizmor.sh/audits/#template-injection\"\u003etemplate-injection\u003c/a\u003e audit would fail to preserve an environment variable's casing (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1766\"\u003e#1766\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#secrets-outside-env\"\u003esecrets-outside-env\u003c/a\u003e audit would incorrectly flag reusable workflows (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1777\"\u003e#1777\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.24.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ezizmor\u003c/code\u003e now allows users to audit from stdin, by passing \u003ccode\u003ezizmor -\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1611\"\u003e#1611\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [use-trusted-publishing] audit now detects \u003ccode\u003ebun publish\u003c/code\u003e and \u003ccode\u003ebunx npm publish\u003c/code\u003e\npatterns (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1737\"\u003e#1737\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e's CLI help and usage output now uses a custom color scheme for\nimproved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1747\"\u003e#1747\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [secrets-outside-env] audit is now configurable with an allowlist of\nsecret names that should not be flagged, even when referenced outside of\nan environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1759\"\u003e#1759\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/rmuir\"\u003e\u003ccode\u003e@​rmuir\u003c/code\u003e\u003c/a\u003e for proposing and implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [dependabot-cooldown] audit now emits a pedantic finding whenever\nit encounters a cooldown used with a multi-ecosystem-group, as the two\ndo not interact well (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh release upload\u003c/code\u003e as a replacement for \u003ccode\u003e@​svenstaro/upload-release-action\u003c/code\u003e in\n[superfluous-actions] (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1801\"\u003e#1801\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRecommend \u003ccode\u003egh issue create\u003c/code\u003e as a replacement for \u003ccode\u003e@​dacbd/create-issue-action\u003c/code\u003e in\n[superfluous-actions] (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1873\"\u003e#1873\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [obfuscation] audit now emits a finding for \u003ccode\u003ewith: ${{ expr }}\u003c/code\u003e\nclauses cannot be analyzed (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1772\"\u003e#1772\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor --help\u003c/code\u003e is now rendered with option groups for improved readability (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1831\"\u003e#1831\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/deckstose\"\u003e\u003ccode\u003e@​deckstose\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's SARIF output now uses codeflows instead of related locations,\nimproving its rendering behavior on GitHub Advanced Security (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [ref-version-mismatch] audit now uses a more useful audit description\nfor its findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1843\"\u003e#1843\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-images] audit now produces more precise findings for\nimage references that are computed through expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1756\"\u003e#1756\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/miketheman\"\u003e\u003ccode\u003e@​miketheman\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/d5aba605f4267b96e34775de183955ff0a3197ad\"\u003e\u003ccode\u003ed5aba60\u003c/code\u003e\u003c/a\u003e zizmor v1.24.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1890\"\u003e#1890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/1e762ac3c0354d68ddcac0ccc0af6879e8b38aa6\"\u003e\u003ccode\u003e1e762ac\u003c/code\u003e\u003c/a\u003e zizmor v1.24.0-rc3 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1889\"\u003e#1889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/b79c9dc84c096d6c7becabd9581c61c9347bf4f7\"\u003e\u003ccode\u003eb79c9dc\u003c/code\u003e\u003c/a\u003e Fix release CI (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1888\"\u003e#1888\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/eb113ad5c5f8c25c79dd0b4705d420096a35ba2d\"\u003e\u003ccode\u003eeb113ad\u003c/code\u003e\u003c/a\u003e Unify crate versions and publishing (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1887\"\u003e#1887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/91bcb96244214bea0d62982fba3bc825f9604af9\"\u003e\u003ccode\u003e91bcb96\u003c/code\u003e\u003c/a\u003e Use the GitHub client's host correctly in two more places (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1881\"\u003e#1881\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/3ed8316a1ce22a3f9c887c1021992ca19d31dce4\"\u003e\u003ccode\u003e3ed8316\u003c/code\u003e\u003c/a\u003e chore: use \u003ccode\u003etracing\u003c/code\u003e for printing the welcome message (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1886\"\u003e#1886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/484acedf381a7553f663309b44def3b7953fb4d8\"\u003e\u003ccode\u003e484aced\u003c/code\u003e\u003c/a\u003e feat(ref-version-mismatch): detect missing version comments on SHA-pinned act...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/7ee374f5db0b69b96ef4f7ba89d0c33c8a93a7ba\"\u003e\u003ccode\u003e7ee374f\u003c/code\u003e\u003c/a\u003e KATs for GitHub Actions expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1857\"\u003e#1857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/7f70d0b2bfd123cbc061be4fe97b2a2b429f2e3d\"\u003e\u003ccode\u003e7f70d0b\u003c/code\u003e\u003c/a\u003e Add DNN Platform to trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1876\"\u003e#1876\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/5d62ffff8dbc7464826f24bd0023beaca6a10b8a\"\u003e\u003ccode\u003e5d62fff\u003c/code\u003e\u003c/a\u003e feat(superfluous-actions): Recommend \u003ccode\u003egh issue create\u003c/code\u003e as a replacement for @...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.9.0...v1.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/bjlittle/geovista/pull/2214","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bjlittle%2Fgeovista/issues/2214","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2214/packages"}},{"old_version":"1.22.0","new_version":"1.23.1","update_type":"minor","path":null,"pr_created_at":"2026-04-08T04:30:48.000Z","version_change":"1.22.0 → 1.23.1","issue":{"uuid":"4222120993","node_id":"PR_kwDORTS4js7QsbNI","number":9,"state":"closed","title":"Bump the github-requirements-updates group across 1 directory with 3 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-22T04:31:36.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-08T04:30:48.000Z","updated_at":"2026-04-22T04:31:38.000Z","time_to_close":1209648,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"github-requirements-updates","update_count":3,"packages":[{"name":"poetry","old_version":"2.3.2","new_version":"2.3.3","repository_url":"https://github.com/python-poetry/poetry"},{"name":"lastversion","old_version":"3.6.8","new_version":"3.6.10","repository_url":"https://github.com/dvershinin/lastversion"},{"name":"zizmor","old_version":"1.22.0","new_version":"1.23.1","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps the github-requirements-updates group with 3 updates in the /.github directory: [poetry](https://github.com/python-poetry/poetry), [lastversion](https://github.com/dvershinin/lastversion) and [zizmor](https://github.com/zizmorcore/zizmor).\n\nUpdates `poetry` from 2.3.2 to 2.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/poetry/releases\"\u003epoetry's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10792\"\u003e#10792\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003egit\u003c/code\u003e dependencies from annotated tags could not be updated (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10719\"\u003e#10719\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where empty \u003ccode\u003eVIRTUAL_ENV\u003c/code\u003e or \u003ccode\u003eCONDA_PREFIX\u003c/code\u003e environment variables (e.g., after \u003ccode\u003econda deactivate\u003c/code\u003e) would cause Poetry to incorrectly detect an active virtualenv (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10784\"\u003e#10784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where an incomprehensible error message was printed when \u003ccode\u003e.venv\u003c/code\u003e was a file instead of a directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10777\"\u003e#10777\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10748\"\u003e#10748\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry publish --no-interaction --build\u003c/code\u003e requested user interaction (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10769\"\u003e#10769\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry init\u003c/code\u003e and \u003ccode\u003epoetry new\u003c/code\u003e created a deprecated \u003ccode\u003eproject.license\u003c/code\u003e format (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10787\"\u003e#10787\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify the differences between \u003ccode\u003epoetry install\u003c/code\u003e and \u003ccode\u003epoetry update\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10713\"\u003e#10713\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eClarify the section of fields in the \u003ccode\u003epyproject.toml\u003c/code\u003e examples (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10753\"\u003e#10753\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd a note about the different installation location when Python from the Microsoft Store is used (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10759\"\u003e#10759\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the system requirements for Poetry (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10739\"\u003e#10739\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the \u003ccode\u003epoetry cache clear\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10749\"\u003e#10749\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the link to \u003ccode\u003epipx\u003c/code\u003e installation instructions (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10783\"\u003e#10783\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.2\"\u003e\u003ccode\u003e2.3.2\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Debian Trixie (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/930\"\u003e#930\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where using \u003ccode\u003eproject.readme.text\u003c/code\u003e in the \u003ccode\u003epyproject.toml\u003c/code\u003e file resulted in broken metadata (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/914\"\u003e#914\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/919\"\u003e#919\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/922\"\u003e#922\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where PEP 735 \u003ccode\u003einclude-group\u003c/code\u003e entries were lost when \u003ccode\u003e[tool.poetry.group]\u003c/code\u003e also defined \u003ccode\u003einclude-groups\u003c/code\u003e for the same group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/924\"\u003e#924\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where the union of \u003ccode\u003e\u0026lt;value\u0026gt; not in \u0026lt;marker\u0026gt;\u003c/code\u003e constraints was wrongly treated as always satisfied (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/925\"\u003e#925\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a post release with a local version identifier was wrongly allowed by a \u003ccode\u003e\u0026gt;\u003c/code\u003e version constraint (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/921\"\u003e#921\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a version with the local version identifier \u003ccode\u003e0\u003c/code\u003e was treated as equal to the corresponding public version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/920\"\u003e#920\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a \u003ccode\u003e!= \u0026lt;version\u0026gt;\u003c/code\u003e constraint wrongly disallowed pre releases and post releases of the specified version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/929\"\u003e#929\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003enot in\u003c/code\u003e constraints were wrongly not allowed by specific compound constraints (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/927\"\u003e#927\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md\"\u003epoetry's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.3.3] - 2026-03-29\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10792\"\u003e#10792\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003egit\u003c/code\u003e dependencies from annotated tags could not be updated (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10719\"\u003e#10719\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where empty \u003ccode\u003eVIRTUAL_ENV\u003c/code\u003e or \u003ccode\u003eCONDA_PREFIX\u003c/code\u003e environment variables (e.g., after \u003ccode\u003econda deactivate\u003c/code\u003e) would cause Poetry to incorrectly detect an active virtualenv (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10784\"\u003e#10784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where an incomprehensible error message was printed when \u003ccode\u003e.venv\u003c/code\u003e was a file instead of a directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10777\"\u003e#10777\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10748\"\u003e#10748\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry publish --no-interaction --build\u003c/code\u003e requested user interaction (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10769\"\u003e#10769\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry init\u003c/code\u003e and \u003ccode\u003epoetry new\u003c/code\u003e created a deprecated \u003ccode\u003eproject.license\u003c/code\u003e format (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10787\"\u003e#10787\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify the differences between \u003ccode\u003epoetry install\u003c/code\u003e and \u003ccode\u003epoetry update\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10713\"\u003e#10713\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eClarify the section of fields in the \u003ccode\u003epyproject.toml\u003c/code\u003e examples (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10753\"\u003e#10753\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd a note about the different installation location when Python from the Microsoft Store is used (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10759\"\u003e#10759\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the system requirements for Poetry (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10739\"\u003e#10739\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the \u003ccode\u003epoetry cache clear\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10749\"\u003e#10749\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the link to \u003ccode\u003epipx\u003c/code\u003e installation instructions (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10783\"\u003e#10783\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/3d0151ac03b5286e557ed1518b815ad225d52cb0\"\u003e\u003ccode\u003e3d0151a\u003c/code\u003e\u003c/a\u003e release: bump version to 2.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/89f09aad49ed7e6223ea2b8ebdf941e87bb5d5c6\"\u003e\u003ccode\u003e89f09aa\u003c/code\u003e\u003c/a\u003e fix long path issue on Windows (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10794\"\u003e#10794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/e068177d1bfef65de4c55cf71c36de27057f10e7\"\u003e\u003ccode\u003ee068177\u003c/code\u003e\u003c/a\u003e installer: fix path traversal (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10792\"\u003e#10792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/d76a2f67641ef1499065bdc8a0246448cbcf781c\"\u003e\u003ccode\u003ed76a2f6\u003c/code\u003e\u003c/a\u003e chore: require new poetry-core version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10790\"\u003e#10790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/859d4439f2caf147010330beae1ad61274f009d4\"\u003e\u003ccode\u003e859d443\u003c/code\u003e\u003c/a\u003e Update init \u0026amp; new commands for PEP 639 (License) (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10787\"\u003e#10787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/2ff2845af03539c98d2279b46074c908594427c4\"\u003e\u003ccode\u003e2ff2845\u003c/code\u003e\u003c/a\u003e fix: pass auth via Request constructor instead of calling HTTPBasicAuth on un...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/286e43bba52ba60205e1e5c9a401019b45226bbe\"\u003e\u003ccode\u003e286e43b\u003c/code\u003e\u003c/a\u003e env: improve error handling if \u003ccode\u003e.venv\u003c/code\u003e is not a directory but a file (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/d6e72c972a48c4db98e1b8e1381544d33a2b66ef\"\u003e\u003ccode\u003ed6e72c9\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003epublish --build\u003c/code\u003e prompt behavior in non-interactive mode (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10769\"\u003e#10769\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/9fced1a13ded1a7dcec562f295b2362a1a4fa8dc\"\u003e\u003ccode\u003e9fced1a\u003c/code\u003e\u003c/a\u003e fix(env): treat empty VIRTUAL_ENV/CONDA_PREFIX as unset (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10784\"\u003e#10784\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/96883826998f964ae12963fac0b4751bedd04b50\"\u003e\u003ccode\u003e9688382\u003c/code\u003e\u003c/a\u003e docs: fix pipx install directions link (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10783\"\u003e#10783\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-poetry/poetry/compare/2.3.2...2.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lastversion` from 3.6.8 to 3.6.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dvershinin/lastversion/releases\"\u003elastversion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.6.10\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace debug \u003ccode\u003eprint()\u003c/code\u003e calls in \u003ccode\u003eupdate_spec\u003c/code\u003e/\u003ccode\u003eupdate_spec_commit\u003c/code\u003e/\u003ccode\u003epypi\u003c/code\u003e with proper logging — these were writing to stdout and breaking automation scripts that parse \u003ccode\u003elastversion\u003c/code\u003e output\u003c/li\u003e\n\u003cli\u003eAdd error logging to 4 bare \u003ccode\u003eexcept Exception\u003c/code\u003e blocks that silently discarded errors in changelog generation, AI changelog, and release notes collection\u003c/li\u003e\n\u003cli\u003eNarrow \u003ccode\u003eai.py\u003c/code\u003e exception handling to specific types (\u003ccode\u003eRequestException\u003c/code\u003e, \u003ccode\u003eValueError\u003c/code\u003e, \u003ccode\u003eKeyError\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eReplace deprecated \u003ccode\u003edatetime.utcnow()\u003c/code\u003e with \u003ccode\u003edatetime.now(timezone.utc)\u003c/code\u003e (fixes DeprecationWarning on Python 3.12+)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImprovements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUnify flake8 max-line-length to 120 across \u003ccode\u003esetup.cfg\u003c/code\u003e, CI, and pre-commit configs\u003c/li\u003e\n\u003cli\u003eAdd Python 3.13 classifier to \u003ccode\u003esetup.py\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd RapidAPI badge and API teaser to README for better API discoverability\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.6.9\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003elastversion wordpress\u003c/code\u003e returning wrong version (6.3.8 instead of latest)\n\u003cul\u003e\n\u003cli\u003eRoute the \u003ccode\u003ewordpress\u003c/code\u003e short name to the WordPress.org core version-check API\u003c/li\u003e\n\u003cli\u003eThe GitHub adapter's Atom feed missed the latest 6.9.x tags due to old-branch security patches flooding earlier pages\u003c/li\u003e\n\u003cli\u003ePlugin lookups via \u003ccode\u003ewordpress.org/plugins/\u003c/code\u003e URLs continue to work as before\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dvershinin/lastversion/blob/master/CHANGELOG.md\"\u003elastversion's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003ch2\u003e[3.6.9] - 2026-03-16\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003elastversion wordpress\u003c/code\u003e returning wrong version (6.3.8 instead of latest)\n\u003cul\u003e\n\u003cli\u003eRoute the \u003ccode\u003ewordpress\u003c/code\u003e short name to the WordPress.org core version-check API\u003c/li\u003e\n\u003cli\u003eThe GitHub adapter's Atom feed missed the latest 6.9.x tags due to old-branch security patches flooding earlier pages\u003c/li\u003e\n\u003cli\u003ePlugin lookups via \u003ccode\u003ewordpress.org/plugins/\u003c/code\u003e URLs continue to work as before\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvershinin/lastversion/commit/bd5773bdb94040e332c354b1d39d9fcfce4920ab\"\u003e\u003ccode\u003ebd5773b\u003c/code\u003e\u003c/a\u003e chore(release): 3.6.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvershinin/lastversion/commit/ae54356d688b4eab7f377915b871b24b0335a03d\"\u003e\u003ccode\u003eae54356\u003c/code\u003e\u003c/a\u003e fix: restore --exit-zero for CI style checks (pre-existing C901 warnings)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvershinin/lastversion/commit/4f69e8ff92dd2a2bd2ae4be205a752099d220623\"\u003e\u003ccode\u003e4f69e8f\u003c/code\u003e\u003c/a\u003e fix: replace debug prints with logging, fix swallowed exceptions, update depr...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvershinin/lastversion/commit/9f096b6aa6daf021ceb077f35fe2c71932c84deb\"\u003e\u003ccode\u003e9f096b6\u003c/code\u003e\u003c/a\u003e fix: route \u003ccode\u003elastversion wordpress\u003c/code\u003e to WordPress.org core API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvershinin/lastversion/commit/63563770bd4243cfed191fb76e0fd1fb71e0ed2f\"\u003e\u003ccode\u003e6356377\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dvershinin/lastversion/issues/223\"\u003e#223\u003c/a\u003e from dvershinin/dependabot/github_actions/docker/buil...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dvershinin/lastversion/commit/7311ccf0810dba1fd109f6e2d22112d487ac8f4c\"\u003e\u003ccode\u003e7311ccf\u003c/code\u003e\u003c/a\u003e Bump docker/build-push-action from 2.5.0 to 6.19.2\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dvershinin/lastversion/compare/v3.6.8...v3.6.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmor` from 1.22.0 to 1.23.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.23.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where zizmor would error if given both a GH_TOKEN and a GITHUB_TOKEN (or ZIZMOR_GITHUB_TOKEN) via the environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1724\"\u003e#1724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.23.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#secrets-outside-env\"\u003esecrets-outside-env\u003c/a\u003e detects usage of the secrets context in jobs that don't have a corresponding environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1599\"\u003e#1599\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e detects usage of actions that perform operations already provided by GitHub's own runner images (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1618\"\u003e#1618\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's LSP mode is now configuration-aware, and will load configuration files relative to workspace roots (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1555\"\u003e#1555\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now reads the GITHUB_TOKEN environment variable as an alias/equivalent for GH_TOKEN (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1566\"\u003e#1566\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now supports inputs that contain duplicated anchor names (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now flags missing cooldowns on opentofu ecosystem definitions in Dependabot (again) (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1586\"\u003e#1586\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now reads the ZIZMOR_GITHUB_TOKEN environment variable as an alias/equivalent for GH_TOKEN and GITHUB_TOKEN (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1641\"\u003e#1641\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe SARIF output format now adds zizmor/confidence, zizmor/persona and zizmor/severity to the properties of findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1656\"\u003e#1656\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded \u003ca href=\"https://github.com/awalsh128/cache-apt-pkgs-action\"\u003eawalsh128/cache-apt-pkgs-action\u003c/a\u003e as a cache-aware action to the cache-poisoning audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1708\"\u003e#1708\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSARIF categories have been regraded. zizmor's \u0026quot;medium\u0026quot; is changed from SARIF's \u0026quot;warning\u0026quot; to \u0026quot;low\u0026quot; (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1635\"\u003e#1635\u003c/a\u003e)\nBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where zizmor would crash on uses: clauses containing non-significant whitespace while performing the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1544\"\u003e#1544\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug in yamlpath where sequences containing anchors were splatted instead of being properly nested (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1557\"\u003e#1557\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/DarkaMaul\"\u003e\u003ccode\u003e@​DarkaMaul\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug in yamlpath where anchor prefixes in sequences and mapping were not stripped during path queries (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1562\"\u003e#1562\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where \u0026quot;merge into\u0026quot; autofixes would produce incorrect patches in the presence of multi-byte Unicode characters (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1581\"\u003e#1581\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/ManuelLerchnerQC\"\u003e\u003ccode\u003e@​ManuelLerchnerQC\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#template-injection\"\u003etemplate-injection\u003c/a\u003e audit would produce duplicated pedantic-only findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1589\"\u003e#1589\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit would produce incorrect autofixes for a subset of constant-reducible expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1597\"\u003e#1597\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit would fail to apply fixes to a subset of inputs with leading whitespace (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1597\"\u003e#1597\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.23.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where \u003ccode\u003ezizmor\u003c/code\u003e would error if given both a \u003ccode\u003eGH_TOKEN\u003c/code\u003e and\na \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e (or \u003ccode\u003eZIZMOR_GITHUB_TOKEN\u003c/code\u003e) via the environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1724\"\u003e#1724\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug in [template-injection] where the \u003ccode\u003econtext\u003c/code\u003e input of\n\u003ccode\u003edocker/build-push-action\u003c/code\u003e was incorrectly considered a code injection sink\n(\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1705\"\u003e#1705\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eartipacked\u003c/code\u003e audit emits a pedantic finding if \u003ccode\u003epersist-credentials\u003c/code\u003e\nis an expression (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1735\"\u003e#1735\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.23.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [secrets-outside-env] detects usage of the \u003ccode\u003esecrets\u003c/code\u003e context\nin jobs that don't have a corresponding \u003ccode\u003eenvironment\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1599\"\u003e#1599\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [superfluous-actions] detects usage of actions that perform\noperations already provided by GitHub's own runner images (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1618\"\u003e#1618\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e's LSP mode is now configuration-aware, and will load\nconfiguration files relative to workspace roots (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1555\"\u003e#1555\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now reads the \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e environment variable as an\nalias/equivalent for \u003ccode\u003eGH_TOKEN\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1566\"\u003e#1566\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now supports inputs that contain duplicated anchor names (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now flags missing cooldowns on \u003ccode\u003eopentofu\u003c/code\u003e ecosystem definitions\nin Dependabot (again) (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1586\"\u003e#1586\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now reads the \u003ccode\u003eZIZMOR_GITHUB_TOKEN\u003c/code\u003e environment variable as an\nalias/equivalent for \u003ccode\u003eGH_TOKEN\u003c/code\u003e and \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1641\"\u003e#1641\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe SARIF output format now adds \u003ccode\u003ezizmor/confidence\u003c/code\u003e, \u003ccode\u003ezizmor/persona\u003c/code\u003e and \u003ccode\u003ezizmor/severity\u003c/code\u003e\nto the \u003ccode\u003eproperties\u003c/code\u003e of findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1656\"\u003e#1656\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded \u003ca href=\"https://github.com/awalsh128/cache-apt-pkgs-action\"\u003eawalsh128/cache-apt-pkgs-action\u003c/a\u003e\nas a cache-aware action to the cache-poisoning audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1708\"\u003e#1708\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/0b77258cf93d4e0ae762c843422c333faf2793f6\"\u003e\u003ccode\u003e0b77258\u003c/code\u003e\u003c/a\u003e zizmor v1.23.1 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1725\"\u003e#1725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/d822fa69a847fff1b6d896d75bdf4c0a518f792c\"\u003e\u003ccode\u003ed822fa6\u003c/code\u003e\u003c/a\u003e Remove conflict handling from GH_TOKEN aliases (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1724\"\u003e#1724\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/773439b9834fe7de258d464614a34f92361d4dc9\"\u003e\u003ccode\u003e773439b\u003c/code\u003e\u003c/a\u003e Bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1721\"\u003e#1721\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/f5c05f064bbd0f6b2c58887152c1039ecb94acbb\"\u003e\u003ccode\u003ef5c05f0\u003c/code\u003e\u003c/a\u003e zizmor 1.23.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1719\"\u003e#1719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/93858d8e016cc14654676b62dcd83415579d0463\"\u003e\u003ccode\u003e93858d8\u003c/code\u003e\u003c/a\u003e zizmor 1.23.0-rc7 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1718\"\u003e#1718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/76d3f1eb2ba6450f9fbbdc14b52bbf298cad09d9\"\u003e\u003ccode\u003e76d3f1e\u003c/code\u003e\u003c/a\u003e yamlpatch 0.13.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1717\"\u003e#1717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/7a71262abd81adf9a4c7b26ef4782419df100672\"\u003e\u003ccode\u003e7a71262\u003c/code\u003e\u003c/a\u003e github-actions-expressions 0.0.15 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1716\"\u003e#1716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/2255be674ac561f0fe79a3cb1c812158eb560832\"\u003e\u003ccode\u003e2255be6\u003c/code\u003e\u003c/a\u003e zizmor 1.23.0-rc6 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1715\"\u003e#1715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/a0f9dcbe0736d8af717d94845b548f3d1a759173\"\u003e\u003ccode\u003ea0f9dcb\u003c/code\u003e\u003c/a\u003e Fix http-cache usage (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1689\"\u003e#1689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/adabd2dbd9d01b26b14df81e0eb1e1d883ad919e\"\u003e\u003ccode\u003eadabd2d\u003c/code\u003e\u003c/a\u003e Update pedantic persona example (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1714\"\u003e#1714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.22.0...v1.23.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/piratE-oF-interneT/graph/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/piratE-oF-interneT%2Fgraph/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"}},{"old_version":"1.22.0","new_version":"1.23.1","update_type":"minor","path":null,"pr_created_at":"2026-03-23T21:19:07.000Z","version_change":"1.22.0 → 1.23.1","issue":{"uuid":"4123800149","node_id":"PR_kwDONnZYsM7M0GfY","number":366,"state":"open","title":":dependabot: uv(deps-dev): Bump the minor-and-patch group with 2 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-23T21:19:07.000Z","updated_at":"2026-03-23T21:19:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":":dependabot: uv(deps-dev): Bump","group_name":"minor-and-patch","update_count":2,"packages":[{"name":"ruff","old_version":"0.15.4","new_version":"0.15.5","repository_url":"https://github.com/astral-sh/ruff"},{"name":"zizmor","old_version":"1.22.0","new_version":"1.23.1","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps the minor-and-patch group with 2 updates: [ruff](https://github.com/astral-sh/ruff) and [zizmor](https://github.com/zizmorcore/zizmor).\n\nUpdates `ruff` from 0.15.4 to 0.15.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.5\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-03-05.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDiscover Markdown files by default in preview mode (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23434\"\u003e#23434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eperflint\u003c/code\u003e] Extend \u003ccode\u003ePERF102\u003c/code\u003e to comprehensions and generators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23473\"\u003e#23473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003erefurb\u003c/code\u003e] Fix \u003ccode\u003eFURB101\u003c/code\u003e and \u003ccode\u003eFURB103\u003c/code\u003e false positives when I/O variable is used later (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23542\"\u003e#23542\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add fix for \u003ccode\u003enone-not-at-end-of-union\u003c/code\u003e (\u003ccode\u003eRUF036\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22829\"\u003e#22829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Fix false positive for \u003ccode\u003ere.split\u003c/code\u003e with empty string pattern (\u003ccode\u003eRUF055\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23634\"\u003e#23634\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003efastapi\u003c/code\u003e] Handle callable class dependencies with \u003ccode\u003e__call__\u003c/code\u003e method (\u003ccode\u003eFAST003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23553\"\u003e#23553\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epydocstyle\u003c/code\u003e] Fix numpy section ordering (\u003ccode\u003eD420\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23685\"\u003e#23685\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyflakes\u003c/code\u003e] Fix false positive for names shadowing re-exports (\u003ccode\u003eF811\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23356\"\u003e#23356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Avoid inserting redundant \u003ccode\u003eNone\u003c/code\u003e elements in \u003ccode\u003eUP045\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23459\"\u003e#23459\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocument extension mapping for Markdown code formatting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23574\"\u003e#23574\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate default Python version examples (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23605\"\u003e#23605\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePublish releases to Astral mirror (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23616\"\u003e#23616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amyreese\"\u003e\u003ccode\u003e@​amyreese\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stakeswky\"\u003e\u003ccode\u003e@​stakeswky\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chirizxc\"\u003e\u003ccode\u003e@​chirizxc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bxff\"\u003e\u003ccode\u003e@​bxff\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zsol\"\u003e\u003ccode\u003e@​zsol\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charliermarsh\"\u003e\u003ccode\u003e@​charliermarsh\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kar-ganap\"\u003e\u003ccode\u003e@​kar-ganap\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall ruff 0.15.5\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.15.5/ruff-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via powershell script\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.5\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-03-05.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDiscover Markdown files by default in preview mode (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23434\"\u003e#23434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eperflint\u003c/code\u003e] Extend \u003ccode\u003ePERF102\u003c/code\u003e to comprehensions and generators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23473\"\u003e#23473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003erefurb\u003c/code\u003e] Fix \u003ccode\u003eFURB101\u003c/code\u003e and \u003ccode\u003eFURB103\u003c/code\u003e false positives when I/O variable is used later (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23542\"\u003e#23542\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add fix for \u003ccode\u003enone-not-at-end-of-union\u003c/code\u003e (\u003ccode\u003eRUF036\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22829\"\u003e#22829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Fix false positive for \u003ccode\u003ere.split\u003c/code\u003e with empty string pattern (\u003ccode\u003eRUF055\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23634\"\u003e#23634\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003efastapi\u003c/code\u003e] Handle callable class dependencies with \u003ccode\u003e__call__\u003c/code\u003e method (\u003ccode\u003eFAST003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23553\"\u003e#23553\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epydocstyle\u003c/code\u003e] Fix numpy section ordering (\u003ccode\u003eD420\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23685\"\u003e#23685\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyflakes\u003c/code\u003e] Fix false positive for names shadowing re-exports (\u003ccode\u003eF811\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23356\"\u003e#23356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Avoid inserting redundant \u003ccode\u003eNone\u003c/code\u003e elements in \u003ccode\u003eUP045\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23459\"\u003e#23459\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocument extension mapping for Markdown code formatting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23574\"\u003e#23574\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate default Python version examples (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23605\"\u003e#23605\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePublish releases to Astral mirror (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23616\"\u003e#23616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amyreese\"\u003e\u003ccode\u003e@​amyreese\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stakeswky\"\u003e\u003ccode\u003e@​stakeswky\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chirizxc\"\u003e\u003ccode\u003e@​chirizxc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bxff\"\u003e\u003ccode\u003e@​bxff\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zsol\"\u003e\u003ccode\u003e@​zsol\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charliermarsh\"\u003e\u003ccode\u003e@​charliermarsh\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kar-ganap\"\u003e\u003ccode\u003e@​kar-ganap\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/5e4a3d9c3b381df20f6a52caef0f56ed0ebc74be\"\u003e\u003ccode\u003e5e4a3d9\u003c/code\u003e\u003c/a\u003e Bump 0.15.5 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23743\"\u003e#23743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/69c23cc5a3a6cb08d81b01c7d1c2ba0482c3a3b1\"\u003e\u003ccode\u003e69c23cc\u003c/code\u003e\u003c/a\u003e [ty] Render all changed diagnostics in conformance.py (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23613\"\u003e#23613\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/4926bd58204839cb75a8ed1397e824bbc8f644ca\"\u003e\u003ccode\u003e4926bd5\u003c/code\u003e\u003c/a\u003e [ty] Split deferred checks out of \u003ccode\u003etypes/infer/builder.rs\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23740\"\u003e#23740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9a70f5eb2fb0180953418cd6ac037cb3d531e77b\"\u003e\u003ccode\u003e9a70f5e\u003c/code\u003e\u003c/a\u003e Discover markdown files by default in preview mode (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23434\"\u003e#23434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/3dc78b0a84ee231afb1c3329e11bfc912c236366\"\u003e\u003ccode\u003e3dc78b0\u003c/code\u003e\u003c/a\u003e [ty] Use \u003ccode\u003eHasOptionalDefinition\u003c/code\u003e for \u003ccode\u003eexcept\u003c/code\u003e handlers (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23739\"\u003e#23739\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/a6a5e8d10b8a5185049827be0a304db522b91c9a\"\u003e\u003ccode\u003ea6a5e8d\u003c/code\u003e\u003c/a\u003e [ty] Fix precedence of \u003ccode\u003eall\u003c/code\u003e selector in TOML configurations (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23723\"\u003e#23723\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2a5384b0b6e22ab511aec6f8dbb11648befda887\"\u003e\u003ccode\u003e2a5384b\u003c/code\u003e\u003c/a\u003e [ty] Make \u003ccode\u003eall\u003c/code\u003e selector case sensitive (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23713\"\u003e#23713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/db77d7b2ae3da8deed64d8889a5cbcea287b52a6\"\u003e\u003ccode\u003edb77d7b\u003c/code\u003e\u003c/a\u003e [ty] Add a diagnostic if a \u003ccode\u003eTypeVar\u003c/code\u003e is used to specialize a \u003ccode\u003eParamSpec\u003c/code\u003e, or ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/db2849068f7d6a1f42cdafec46a7c2c83d39ece3\"\u003e\u003ccode\u003edb28490\u003c/code\u003e\u003c/a\u003e [ty] Override home directory in ty tests (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23724\"\u003e#23724\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/5f0fd91a230972bb9d1e4545ebaed2b7d09158a2\"\u003e\u003ccode\u003e5f0fd91\u003c/code\u003e\u003c/a\u003e [ty] More type-variable default validation (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23639\"\u003e#23639\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.4...0.15.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmor` from 1.22.0 to 1.23.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.23.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where zizmor would error if given both a GH_TOKEN and a GITHUB_TOKEN (or ZIZMOR_GITHUB_TOKEN) via the environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1724\"\u003e#1724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.23.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#secrets-outside-env\"\u003esecrets-outside-env\u003c/a\u003e detects usage of the secrets context in jobs that don't have a corresponding environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1599\"\u003e#1599\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e detects usage of actions that perform operations already provided by GitHub's own runner images (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1618\"\u003e#1618\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's LSP mode is now configuration-aware, and will load configuration files relative to workspace roots (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1555\"\u003e#1555\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now reads the GITHUB_TOKEN environment variable as an alias/equivalent for GH_TOKEN (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1566\"\u003e#1566\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now supports inputs that contain duplicated anchor names (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now flags missing cooldowns on opentofu ecosystem definitions in Dependabot (again) (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1586\"\u003e#1586\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now reads the ZIZMOR_GITHUB_TOKEN environment variable as an alias/equivalent for GH_TOKEN and GITHUB_TOKEN (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1641\"\u003e#1641\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe SARIF output format now adds zizmor/confidence, zizmor/persona and zizmor/severity to the properties of findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1656\"\u003e#1656\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded \u003ca href=\"https://github.com/awalsh128/cache-apt-pkgs-action\"\u003eawalsh128/cache-apt-pkgs-action\u003c/a\u003e as a cache-aware action to the cache-poisoning audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1708\"\u003e#1708\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSARIF categories have been regraded. zizmor's \u0026quot;medium\u0026quot; is changed from SARIF's \u0026quot;warning\u0026quot; to \u0026quot;low\u0026quot; (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1635\"\u003e#1635\u003c/a\u003e)\nBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where zizmor would crash on uses: clauses containing non-significant whitespace while performing the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1544\"\u003e#1544\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug in yamlpath where sequences containing anchors were splatted instead of being properly nested (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1557\"\u003e#1557\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/DarkaMaul\"\u003e\u003ccode\u003e@​DarkaMaul\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug in yamlpath where anchor prefixes in sequences and mapping were not stripped during path queries (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1562\"\u003e#1562\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where \u0026quot;merge into\u0026quot; autofixes would produce incorrect patches in the presence of multi-byte Unicode characters (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1581\"\u003e#1581\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/ManuelLerchnerQC\"\u003e\u003ccode\u003e@​ManuelLerchnerQC\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#template-injection\"\u003etemplate-injection\u003c/a\u003e audit would produce duplicated pedantic-only findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1589\"\u003e#1589\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit would produce incorrect autofixes for a subset of constant-reducible expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1597\"\u003e#1597\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit would fail to apply fixes to a subset of inputs with leading whitespace (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1597\"\u003e#1597\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.23.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where \u003ccode\u003ezizmor\u003c/code\u003e would error if given both a \u003ccode\u003eGH_TOKEN\u003c/code\u003e and\na \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e (or \u003ccode\u003eZIZMOR_GITHUB_TOKEN\u003c/code\u003e) via the environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1724\"\u003e#1724\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug in [template-injection] where the \u003ccode\u003econtext\u003c/code\u003e input of\n\u003ccode\u003edocker/build-push-action\u003c/code\u003e was incorrectly considered a code injection sink\n(\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1705\"\u003e#1705\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eartipacked\u003c/code\u003e audit emits a pedantic finding if \u003ccode\u003epersist-credentials\u003c/code\u003e\nis an expression (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1735\"\u003e#1735\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.23.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [secrets-outside-env] detects usage of the \u003ccode\u003esecrets\u003c/code\u003e context\nin jobs that don't have a corresponding \u003ccode\u003eenvironment\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1599\"\u003e#1599\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [superfluous-actions] detects usage of actions that perform\noperations already provided by GitHub's own runner images (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1618\"\u003e#1618\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e's LSP mode is now configuration-aware, and will load\nconfiguration files relative to workspace roots (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1555\"\u003e#1555\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now reads the \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e environment variable as an\nalias/equivalent for \u003ccode\u003eGH_TOKEN\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1566\"\u003e#1566\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now supports inputs that contain duplicated anchor names (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now flags missing cooldowns on \u003ccode\u003eopentofu\u003c/code\u003e ecosystem definitions\nin Dependabot (again) (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1586\"\u003e#1586\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now reads the \u003ccode\u003eZIZMOR_GITHUB_TOKEN\u003c/code\u003e environment variable as an\nalias/equivalent for \u003ccode\u003eGH_TOKEN\u003c/code\u003e and \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1641\"\u003e#1641\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe SARIF output format now adds \u003ccode\u003ezizmor/confidence\u003c/code\u003e, \u003ccode\u003ezizmor/persona\u003c/code\u003e and \u003ccode\u003ezizmor/severity\u003c/code\u003e\nto the \u003ccode\u003eproperties\u003c/code\u003e of findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1656\"\u003e#1656\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded \u003ca href=\"https://github.com/awalsh128/cache-apt-pkgs-action\"\u003eawalsh128/cache-apt-pkgs-action\u003c/a\u003e\nas a cache-aware action to the cache-poisoning audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1708\"\u003e#1708\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/0b77258cf93d4e0ae762c843422c333faf2793f6\"\u003e\u003ccode\u003e0b77258\u003c/code\u003e\u003c/a\u003e zizmor v1.23.1 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1725\"\u003e#1725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/d822fa69a847fff1b6d896d75bdf4c0a518f792c\"\u003e\u003ccode\u003ed822fa6\u003c/code\u003e\u003c/a\u003e Remove conflict handling from GH_TOKEN aliases (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1724\"\u003e#1724\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/773439b9834fe7de258d464614a34f92361d4dc9\"\u003e\u003ccode\u003e773439b\u003c/code\u003e\u003c/a\u003e Bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1721\"\u003e#1721\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/f5c05f064bbd0f6b2c58887152c1039ecb94acbb\"\u003e\u003ccode\u003ef5c05f0\u003c/code\u003e\u003c/a\u003e zizmor 1.23.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1719\"\u003e#1719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/93858d8e016cc14654676b62dcd83415579d0463\"\u003e\u003ccode\u003e93858d8\u003c/code\u003e\u003c/a\u003e zizmor 1.23.0-rc7 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1718\"\u003e#1718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/76d3f1eb2ba6450f9fbbdc14b52bbf298cad09d9\"\u003e\u003ccode\u003e76d3f1e\u003c/code\u003e\u003c/a\u003e yamlpatch 0.13.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1717\"\u003e#1717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/7a71262abd81adf9a4c7b26ef4782419df100672\"\u003e\u003ccode\u003e7a71262\u003c/code\u003e\u003c/a\u003e github-actions-expressions 0.0.15 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1716\"\u003e#1716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/2255be674ac561f0fe79a3cb1c812158eb560832\"\u003e\u003ccode\u003e2255be6\u003c/code\u003e\u003c/a\u003e zizmor 1.23.0-rc6 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1715\"\u003e#1715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/a0f9dcbe0736d8af717d94845b548f3d1a759173\"\u003e\u003ccode\u003ea0f9dcb\u003c/code\u003e\u003c/a\u003e Fix http-cache usage (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1689\"\u003e#1689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/adabd2dbd9d01b26b14df81e0eb1e1d883ad919e\"\u003e\u003ccode\u003eadabd2d\u003c/code\u003e\u003c/a\u003e Update pedantic persona example (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1714\"\u003e#1714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.22.0...v1.23.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/ministryofjustice/github-community/pull/366","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fgithub-community/issues/366","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/366/packages"}},{"old_version":"1.22.0","new_version":"1.23.1","update_type":"minor","path":null,"pr_created_at":"2026-03-17T21:14:15.000Z","version_change":"1.22.0 → 1.23.1","issue":{"uuid":"4091238058","node_id":"PR_kwDONFX-vc7LWuV-","number":3497,"state":"open","title":":dependabot: pip(deps): Bump zizmor from 1.22.0 to 1.23.1","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-17T21:14:15.000Z","updated_at":"2026-03-17T21:14:33.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":":dependabot: pip(deps): Bump","packages":[{"name":"zizmor","old_version":"1.22.0","new_version":"1.23.1","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps [zizmor](https://github.com/zizmorcore/zizmor) from 1.22.0 to 1.23.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.23.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where zizmor would error if given both a GH_TOKEN and a GITHUB_TOKEN (or ZIZMOR_GITHUB_TOKEN) via the environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1724\"\u003e#1724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.23.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#secrets-outside-env\"\u003esecrets-outside-env\u003c/a\u003e detects usage of the secrets context in jobs that don't have a corresponding environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1599\"\u003e#1599\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#superfluous-actions\"\u003esuperfluous-actions\u003c/a\u003e detects usage of actions that perform operations already provided by GitHub's own runner images (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1618\"\u003e#1618\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's LSP mode is now configuration-aware, and will load configuration files relative to workspace roots (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1555\"\u003e#1555\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now reads the GITHUB_TOKEN environment variable as an alias/equivalent for GH_TOKEN (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1566\"\u003e#1566\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now supports inputs that contain duplicated anchor names (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now flags missing cooldowns on opentofu ecosystem definitions in Dependabot (again) (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1586\"\u003e#1586\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now reads the ZIZMOR_GITHUB_TOKEN environment variable as an alias/equivalent for GH_TOKEN and GITHUB_TOKEN (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1641\"\u003e#1641\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe SARIF output format now adds zizmor/confidence, zizmor/persona and zizmor/severity to the properties of findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1656\"\u003e#1656\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded \u003ca href=\"https://github.com/awalsh128/cache-apt-pkgs-action\"\u003eawalsh128/cache-apt-pkgs-action\u003c/a\u003e as a cache-aware action to the cache-poisoning audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1708\"\u003e#1708\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSARIF categories have been regraded. zizmor's \u0026quot;medium\u0026quot; is changed from SARIF's \u0026quot;warning\u0026quot; to \u0026quot;low\u0026quot; (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1635\"\u003e#1635\u003c/a\u003e)\nBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where zizmor would crash on uses: clauses containing non-significant whitespace while performing the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1544\"\u003e#1544\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug in yamlpath where sequences containing anchors were splatted instead of being properly nested (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1557\"\u003e#1557\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/DarkaMaul\"\u003e\u003ccode\u003e@​DarkaMaul\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug in yamlpath where anchor prefixes in sequences and mapping were not stripped during path queries (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1562\"\u003e#1562\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where \u0026quot;merge into\u0026quot; autofixes would produce incorrect patches in the presence of multi-byte Unicode characters (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1581\"\u003e#1581\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/ManuelLerchnerQC\"\u003e\u003ccode\u003e@​ManuelLerchnerQC\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#template-injection\"\u003etemplate-injection\u003c/a\u003e audit would produce duplicated pedantic-only findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1589\"\u003e#1589\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit would produce incorrect autofixes for a subset of constant-reducible expressions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1597\"\u003e#1597\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where the \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit would fail to apply fixes to a subset of inputs with leading whitespace (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1597\"\u003e#1597\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.23.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug where \u003ccode\u003ezizmor\u003c/code\u003e would error if given both a \u003ccode\u003eGH_TOKEN\u003c/code\u003e and\na \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e (or \u003ccode\u003eZIZMOR_GITHUB_TOKEN\u003c/code\u003e) via the environment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1724\"\u003e#1724\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a bug in [template-injection] where the \u003ccode\u003econtext\u003c/code\u003e input of\n\u003ccode\u003edocker/build-push-action\u003c/code\u003e was incorrectly considered a code injection sink\n(\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1705\"\u003e#1705\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eartipacked\u003c/code\u003e audit emits a pedantic finding if \u003ccode\u003epersist-credentials\u003c/code\u003e\nis an expression (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1735\"\u003e#1735\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.23.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [secrets-outside-env] detects usage of the \u003ccode\u003esecrets\u003c/code\u003e context\nin jobs that don't have a corresponding \u003ccode\u003eenvironment\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1599\"\u003e#1599\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [superfluous-actions] detects usage of actions that perform\noperations already provided by GitHub's own runner images (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1618\"\u003e#1618\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e's LSP mode is now configuration-aware, and will load\nconfiguration files relative to workspace roots (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1555\"\u003e#1555\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now reads the \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e environment variable as an\nalias/equivalent for \u003ccode\u003eGH_TOKEN\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1566\"\u003e#1566\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now supports inputs that contain duplicated anchor names (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now flags missing cooldowns on \u003ccode\u003eopentofu\u003c/code\u003e ecosystem definitions\nin Dependabot (again) (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1586\"\u003e#1586\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003ezizmor\u003c/code\u003e now reads the \u003ccode\u003eZIZMOR_GITHUB_TOKEN\u003c/code\u003e environment variable as an\nalias/equivalent for \u003ccode\u003eGH_TOKEN\u003c/code\u003e and \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1641\"\u003e#1641\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe SARIF output format now adds \u003ccode\u003ezizmor/confidence\u003c/code\u003e, \u003ccode\u003ezizmor/persona\u003c/code\u003e and \u003ccode\u003ezizmor/severity\u003c/code\u003e\nto the \u003ccode\u003eproperties\u003c/code\u003e of findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1656\"\u003e#1656\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded \u003ca href=\"https://github.com/awalsh128/cache-apt-pkgs-action\"\u003eawalsh128/cache-apt-pkgs-action\u003c/a\u003e\nas a cache-aware action to the cache-poisoning audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1708\"\u003e#1708\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/0b77258cf93d4e0ae762c843422c333faf2793f6\"\u003e\u003ccode\u003e0b77258\u003c/code\u003e\u003c/a\u003e zizmor v1.23.1 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1725\"\u003e#1725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/d822fa69a847fff1b6d896d75bdf4c0a518f792c\"\u003e\u003ccode\u003ed822fa6\u003c/code\u003e\u003c/a\u003e Remove conflict handling from GH_TOKEN aliases (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1724\"\u003e#1724\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/773439b9834fe7de258d464614a34f92361d4dc9\"\u003e\u003ccode\u003e773439b\u003c/code\u003e\u003c/a\u003e Bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1721\"\u003e#1721\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/f5c05f064bbd0f6b2c58887152c1039ecb94acbb\"\u003e\u003ccode\u003ef5c05f0\u003c/code\u003e\u003c/a\u003e zizmor 1.23.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1719\"\u003e#1719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/93858d8e016cc14654676b62dcd83415579d0463\"\u003e\u003ccode\u003e93858d8\u003c/code\u003e\u003c/a\u003e zizmor 1.23.0-rc7 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1718\"\u003e#1718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/76d3f1eb2ba6450f9fbbdc14b52bbf298cad09d9\"\u003e\u003ccode\u003e76d3f1e\u003c/code\u003e\u003c/a\u003e yamlpatch 0.13.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1717\"\u003e#1717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/7a71262abd81adf9a4c7b26ef4782419df100672\"\u003e\u003ccode\u003e7a71262\u003c/code\u003e\u003c/a\u003e github-actions-expressions 0.0.15 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1716\"\u003e#1716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/2255be674ac561f0fe79a3cb1c812158eb560832\"\u003e\u003ccode\u003e2255be6\u003c/code\u003e\u003c/a\u003e zizmor 1.23.0-rc6 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1715\"\u003e#1715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/a0f9dcbe0736d8af717d94845b548f3d1a759173\"\u003e\u003ccode\u003ea0f9dcb\u003c/code\u003e\u003c/a\u003e Fix http-cache usage (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1689\"\u003e#1689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/adabd2dbd9d01b26b14df81e0eb1e1d883ad919e\"\u003e\u003ccode\u003eadabd2d\u003c/code\u003e\u003c/a\u003e Update pedantic persona example (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1714\"\u003e#1714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.22.0...v1.23.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmor\u0026package-manager=pip\u0026previous-version=1.22.0\u0026new-version=1.23.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ministryofjustice/analytical-platform-airflow/pull/3497","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fanalytical-platform-airflow/issues/3497","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3497/packages"}},{"old_version":"1.14.2","new_version":"1.22.0","update_type":"minor","path":null,"pr_created_at":"2026-03-09T13:23:59.000Z","version_change":"1.14.2 → 1.22.0","issue":{"uuid":"4045587623","node_id":"PR_kwDORf90e87JErNk","number":7,"state":"open","title":":dependabot: uv(deps): Bump the minor-and-patch group with 8 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-09T13:23:59.000Z","updated_at":"2026-03-09T13:24:19.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":":dependabot: uv(deps): Bump","group_name":"minor-and-patch","update_count":8,"packages":[{"name":"authlib","old_version":"1.6.7","new_version":"1.6.8","repository_url":"https://github.com/authlib/authlib"},{"name":"flask-cors","old_version":"6.0.1","new_version":"6.0.2","repository_url":"https://github.com/corydolphin/flask-cors"},{"name":"flask-limiter","old_version":"4.0.0","new_version":"4.1.1","repository_url":"https://github.com/alisaifee/flask-limiter"},{"name":"sentry-sdk","old_version":"2.41.0","new_version":"2.53.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"coverage","old_version":"7.10.7","new_version":"7.13.4","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"pre-commit","old_version":"4.3.0","new_version":"4.5.1","repository_url":"https://github.com/pre-commit/pre-commit"},{"name":"ruff","old_version":"0.14.0","new_version":"0.15.2","repository_url":"https://github.com/astral-sh/ruff"},{"name":"zizmor","old_version":"1.14.2","new_version":"1.22.0","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps the minor-and-patch group with 8 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.6.7` | `1.6.8` |\n| [flask-cors](https://github.com/corydolphin/flask-cors) | `6.0.1` | `6.0.2` |\n| [flask-limiter](https://github.com/alisaifee/flask-limiter) | `4.0.0` | `4.1.1` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.41.0` | `2.53.0` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.10.7` | `7.13.4` |\n| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.3.0` | `4.5.1` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.14.0` | `0.15.2` |\n| [zizmor](https://github.com/zizmorcore/zizmor) | `1.14.2` | `1.22.0` |\n\nUpdates `authlib` from 1.6.7 to 1.6.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a769f343ae8d43236448e3e74445980861812e82\"\u003e\u003ccode\u003ea769f34\u003c/code\u003e\u003c/a\u003e chore: release 1.6.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/84f3fa2965a189c16528329e8cfe41d094008588\"\u003e\u003ccode\u003e84f3fa2\u003c/code\u003e\u003c/a\u003e fix: add EdDSA to default jwt algorithms\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask-cors` from 6.0.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/corydolphin/flask-cors/releases\"\u003eflask-cors's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate license pyproject.toml by \u003ca href=\"https://github.com/wagenrace\"\u003e\u003ccode\u003e@​wagenrace\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/395\"\u003ecorydolphin/flask-cors#395\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/wagenrace\"\u003e\u003ccode\u003e@​wagenrace\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/395\"\u003ecorydolphin/flask-cors#395\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/6.0.1...6.0.2\"\u003ehttps://github.com/corydolphin/flask-cors/compare/6.0.1...6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/fa55dcbec68b3524a39e5057c35c29c221a27d64\"\u003e\u003ccode\u003efa55dcb\u003c/code\u003e\u003c/a\u003e Update license pyproject.toml (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/395\"\u003e#395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/6.0.1...6.0.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask-limiter` from 4.0.0 to 4.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/alisaifee/flask-limiter/releases\"\u003eflask-limiter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.1.1\u003c/h2\u003e\n\u003ch2\u003eBug Fix\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure cli commands fail gracefully when cli dependencies\nare not installed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0\u003c/h2\u003e\n\u003ch2\u003eDeployment\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExtract \u003ccode\u003ecli\u003c/code\u003e specific requirements to an extra\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCompatibility\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd python 3.14 support\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/alisaifee/flask-limiter/blob/master/HISTORY.rst\"\u003eflask-limiter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.1\u003c/h2\u003e\n\u003cp\u003eRelease Date: 2025-12-06\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBug Fix\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure cli commands fail gracefully when cli dependencies\nare not installed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cp\u003eRelease Date: 2025-12-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDeployment\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExtract \u003ccode\u003ecli\u003c/code\u003e specific requirements to an extra\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCompatibility\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd python 3.14 support\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/e9c14643bb0bd7f3c2c12546d8b9d4b407cc7554\"\u003e\u003ccode\u003ee9c1464\u003c/code\u003e\u003c/a\u003e Update changelog for  4.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/008350285f66456f5befe0c372c342fd0ab857ac\"\u003e\u003ccode\u003e0083502\u003c/code\u003e\u003c/a\u003e Update uv.lock\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/c45325cbd55db3bd56a3ec4d3df93a20ef15830a\"\u003e\u003ccode\u003ec45325c\u003c/code\u003e\u003c/a\u003e Add rich to dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/4029925815361899d9b5a7def5f8ee6a2d082c3e\"\u003e\u003ccode\u003e4029925\u003c/code\u003e\u003c/a\u003e Ensure cli extra is installed for docs generation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/114c01b9918628635161dc5a74815aaebb2498a2\"\u003e\u003ccode\u003e114c01b\u003c/code\u003e\u003c/a\u003e Handle missing cli dependencies gracefully\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/4aee644efd4f40ccc9702401cce0b96c7264c33e\"\u003e\u003ccode\u003e4aee644\u003c/code\u003e\u003c/a\u003e Update changelog for  4.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/4eb58a34967c7639f18716b9ab9fa924b09d3df4\"\u003e\u003ccode\u003e4eb58a3\u003c/code\u003e\u003c/a\u003e Extract cli dependencies as an extra\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/e1a162cc878ac08ffba85ef98b87052b481f1943\"\u003e\u003ccode\u003ee1a162c\u003c/code\u003e\u003c/a\u003e Add python 3.14 support\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/alisaifee/flask-limiter/compare/4.0.0...4.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sentry-sdk` from 2.41.0 to 2.53.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-python/releases\"\u003esentry-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.53.0\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003ch4\u003eOpenai Agents\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePatch \u003ccode\u003eexecute_final_output()\u003c/code\u003e functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5453\"\u003e#5453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch \u003ccode\u003eexecute_handoffs()\u003c/code\u003e functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5452\"\u003e#5452\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch \u003ccode\u003erun_single_turn_streamed()\u003c/code\u003e functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5451\"\u003e#5451\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch \u003ccode\u003erun_single_turn()\u003c/code\u003e functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5450\"\u003e#5450\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch models functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5449\"\u003e#5449\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch tool functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5445\"\u003e#5445\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eClose the connection we're reading driver_type from by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5427\"\u003e#5427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation 📚\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocument \u003ccode\u003eopenai-agents\u003c/code\u003e control-flow by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5447\"\u003e#5447\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal Changes 🔧\u003c/h3\u003e\n\u003ch4\u003eOpenai Agents\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eNew tool field and library error log by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5454\"\u003e#5454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid calling SDK-internal functions by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5437\"\u003e#5437\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eImprove Craft config with title stripping and artifact filtering by \u003ca href=\"https://github.com/BYK\"\u003e\u003ccode\u003e@​BYK\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5444\"\u003e#5444\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse fixed clickhouse action, remove aws-sam-cli dependency by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5457\"\u003e#5457\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove references to unsupported attribute types by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5425\"\u003e#5425\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin setuptools for linting and chalice tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5438\"\u003e#5438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.52.0\u003c/h2\u003e\n\u003ch3\u003eNew Features ✨\u003c/h3\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003efeat(integration): add \u003ccode\u003egen_ai.conversation.id\u003c/code\u003e if available by \u003ca href=\"https://github.com/constantinius\"\u003e\u003ccode\u003e@​constantinius\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5307\"\u003e#5307\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003ch4\u003eGoogle Genai\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003efix(google-genai): Token reporting by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5404\"\u003e#5404\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(google-genai): deactivate google genai when langchain is used by \u003ca href=\"https://github.com/shellmayr\"\u003e\u003ccode\u003e@​shellmayr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5389\"\u003e#5389\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eMcp\u003c/h4\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md\"\u003esentry-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.53.0\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003ch4\u003eOpenai Agents\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePatch \u003ccode\u003eexecute_final_output()\u003c/code\u003e functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5453\"\u003e#5453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch \u003ccode\u003eexecute_handoffs()\u003c/code\u003e functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5452\"\u003e#5452\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch \u003ccode\u003erun_single_turn_streamed()\u003c/code\u003e functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5451\"\u003e#5451\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch \u003ccode\u003erun_single_turn()\u003c/code\u003e functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5450\"\u003e#5450\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch models functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5449\"\u003e#5449\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch tool functions following library refactor by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5445\"\u003e#5445\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eClose the connection we're reading driver_type from by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5427\"\u003e#5427\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation 📚\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDocument \u003ccode\u003eopenai-agents\u003c/code\u003e control-flow by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5447\"\u003e#5447\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal Changes 🔧\u003c/h3\u003e\n\u003ch4\u003eOpenai Agents\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eNew tool field and library error log by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5454\"\u003e#5454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid calling SDK-internal functions by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5437\"\u003e#5437\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eImprove Craft config with title stripping and artifact filtering by \u003ca href=\"https://github.com/BYK\"\u003e\u003ccode\u003e@​BYK\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5444\"\u003e#5444\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse fixed clickhouse action, remove aws-sam-cli dependency by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5457\"\u003e#5457\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove references to unsupported attribute types by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5425\"\u003e#5425\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin setuptools for linting and chalice tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5438\"\u003e#5438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.52.0\u003c/h2\u003e\n\u003ch3\u003eNew Features ✨\u003c/h3\u003e\n\u003ch4\u003eOther\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003efeat(integration): add \u003ccode\u003egen_ai.conversation.id\u003c/code\u003e if available by \u003ca href=\"https://github.com/constantinius\"\u003e\u003ccode\u003e@​constantinius\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5307\"\u003e#5307\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003ch4\u003eGoogle Genai\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003efix(google-genai): Token reporting by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5404\"\u003e#5404\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(google-genai): deactivate google genai when langchain is used by \u003ca href=\"https://github.com/shellmayr\"\u003e\u003ccode\u003e@​shellmayr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5389\"\u003e#5389\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/f75a9ac1059b648644c05189deffd3c7ddc0931a\"\u003e\u003ccode\u003ef75a9ac\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/b700fa85d8d722891ad84cefaec73a9aeeaafa16\"\u003e\u003ccode\u003eb700fa8\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/45379e206c992d5f5ab782b1e13dc609cedbdd5f\"\u003e\u003ccode\u003e45379e2\u003c/code\u003e\u003c/a\u003e release: 2.53.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/4d8faf347b109bb2c864b1a52a9080c33541be9e\"\u003e\u003ccode\u003e4d8faf3\u003c/code\u003e\u003c/a\u003e test(openai-agents): New tool field and library error log (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5454\"\u003e#5454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/d3e2c88a9f5236b65ef367fc3ec6dffa6b6970ba\"\u003e\u003ccode\u003ed3e2c88\u003c/code\u003e\u003c/a\u003e fix(openai-agents): Patch \u003ccode\u003eexecute_final_output()\u003c/code\u003e functions following librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/f71a60450afd1ce3cf299cde37731c53e9debf0a\"\u003e\u003ccode\u003ef71a604\u003c/code\u003e\u003c/a\u003e fix(openai-agents): Patch \u003ccode\u003eexecute_handoffs()\u003c/code\u003e functions following library re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/bea608c3aa52295b3336af12f1dc6cfdf9c5cd5d\"\u003e\u003ccode\u003ebea608c\u003c/code\u003e\u003c/a\u003e fix(openai-agents): Patch \u003ccode\u003erun_single_turn_streamed()\u003c/code\u003e functions following li...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/14e3e0a0a0cf3b2320fb88c3568ff1a74d86cc36\"\u003e\u003ccode\u003e14e3e0a\u003c/code\u003e\u003c/a\u003e fix(openai-agents): Patch \u003ccode\u003erun_single_turn()\u003c/code\u003e functions following library ref...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/a5c2906a480d9b108041759b4e04912e296f7f90\"\u003e\u003ccode\u003ea5c2906\u003c/code\u003e\u003c/a\u003e fix(openai-agents): Patch models functions following library refactor (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5449\"\u003e#5449\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/f78df7c01768282a32cdc8d12cf899769f7551bd\"\u003e\u003ccode\u003ef78df7c\u003c/code\u003e\u003c/a\u003e ci: Use fixed clickhouse action, remove aws-sam-cli dependency (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5457\"\u003e#5457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getsentry/sentry-python/compare/2.41.0...2.53.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.10.7 to 7.13.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.13.4 — 2026-02-09\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the third-party code fix in 7.13.3 required examining the parent\ndirectories where coverage was run. In the unusual situation that one of the\nparent directories is unreadable, a PermissionError would occur, as\ndescribed in \u003ccode\u003eissue 2129\u003c/code\u003e_. This is now fixed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: in test suites that change sys.path, coverage.py could fail with\n\u0026quot;RuntimeError: Set changed size during iteration\u0026quot; as described and fixed in\n\u003ccode\u003epull 2130\u003c/code\u003e_. Thanks, Noah Fatsi.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe now publish ppc64le wheels, thanks to \u003ccode\u003ePankhudi Jain \u0026lt;pull 2121_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _pull 2121: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2121\"\u003ecoveragepy/coveragepy#2121\u003c/a\u003e\n.. _issue 2129: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2129\"\u003ecoveragepy/coveragepy#2129\u003c/a\u003e\n.. _pull 2130: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2130\"\u003ecoveragepy/coveragepy#2130\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-13-3:\u003c/p\u003e\n\u003ch2\u003eVersion 7.13.3 — 2026-02-03\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: in some situations, third-party code was measured when it shouldn't have\nbeen, slowing down test execution. This happened with layered virtual\nenvironments such as uv sometimes makes. The problem is fixed, closing \u003ccode\u003eissue 2082\u003c/code\u003e_. Now any directory on sys.path that is inside a virtualenv is\nconsidered third-party code.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 2082: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2082\"\u003ecoveragepy/coveragepy#2082\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-13-2:\u003c/p\u003e\n\u003ch2\u003eVersion 7.13.2 — 2026-01-25\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: when Python is installed via symlinks, for example with Homebrew, the\nstandard library files could be incorrectly included in coverage reports.\nThis is now fixed, closing \u003ccode\u003eissue 2115\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: if a data file is created with no read permissions, the combine step\nwould fail completely. Now a warning is issued and the file is skipped.\nCloses \u003ccode\u003eissue 2117\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 2115: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2115\"\u003ecoveragepy/coveragepy#2115\u003c/a\u003e\n.. _issue 2117: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2117\"\u003ecoveragepy/coveragepy#2117\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/4f78d57f83ff8a4976043e8a8fcea24b91891840\"\u003e\u003ccode\u003e4f78d57\u003c/code\u003e\u003c/a\u003e build: no need to publish status.json\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/f8616ff5e6386648aa40300e36c6cecda79a1faa\"\u003e\u003ccode\u003ef8616ff\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/fcf8c68db986970e6000bf75ec3c3115ede867df\"\u003e\u003ccode\u003efcf8c68\u003c/code\u003e\u003c/a\u003e docs: prep for 7.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/189ecfd000867e5c74e7d74ee3bd75742d5d584d\"\u003e\u003ccode\u003e189ecfd\u003c/code\u003e\u003c/a\u003e docs: thanks Pankhudi Jain for ppc64le wheels \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2121\"\u003e#2121\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/58aade0eb92d9d1e3755c65a5cf7a951e7bd6c6a\"\u003e\u003ccode\u003e58aade0\u003c/code\u003e\u003c/a\u003e build: add support for ppc64le architecture (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2121\"\u003e#2121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/8ea42c874fbfc96535156300225bda22bc93ac68\"\u003e\u003ccode\u003e8ea42c8\u003c/code\u003e\u003c/a\u003e chore: bump actions/attest-build-provenance (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2131\"\u003e#2131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c09595f70758b78156efbd7c8f034799d09322aa\"\u003e\u003ccode\u003ec09595f\u003c/code\u003e\u003c/a\u003e docs: Janine put a lot of effort into debugging issue \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2128\"\u003e#2128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/8ee1760f40b8822aa2b11ff95ab63481be68a8a0\"\u003e\u003ccode\u003e8ee1760\u003c/code\u003e\u003c/a\u003e docs: Greg wrote a great issue: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2129\"\u003e#2129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/76ba0437611fc2787cb0450dc94b02bc2848fdee\"\u003e\u003ccode\u003e76ba043\u003c/code\u003e\u003c/a\u003e docs: thanks, Noah Fatsi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/371fcc5727e9d8fba816061756af94646b4bcfbb\"\u003e\u003ccode\u003e371fcc5\u003c/code\u003e\u003c/a\u003e fix: set fixed paths_list in TreeMatcher init (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2130\"\u003e#2130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.10.7...7.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pre-commit` from 4.3.0 to 4.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pre-commit/pre-commit/releases\"\u003epre-commit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epre-commit v4.5.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003elanguage: python\u003c/code\u003e with \u003ccode\u003erepo: local\u003c/code\u003e without \u003ccode\u003eadditional_dependencies\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3597\"\u003e#3597\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epre-commit v4.5.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003epre-commit hazmat\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3585\"\u003e#3585\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epre-commit v4.4.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--fail-fast\u003c/code\u003e option to \u003ccode\u003epre-commit run\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3528\"\u003e#3528\u003c/a\u003e PR by \u003ca href=\"https://github.com/JulianMaurin\"\u003e\u003ccode\u003e@​JulianMaurin\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003eruby-build\u003c/code\u003e / \u003ccode\u003erbenv\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3566\"\u003e#3566\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3565\"\u003e#3565\u003c/a\u003e issue by \u003ca href=\"https://github.com/MRigal\"\u003e\u003ccode\u003e@​MRigal\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003elanguage: unsupported\u003c/code\u003e / \u003ccode\u003elanguage: unsupported_script\u003c/code\u003e as aliases for \u003ccode\u003elanguage: system\u003c/code\u003e / \u003ccode\u003elanguage: script\u003c/code\u003e (which will eventually be deprecated).\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3577\"\u003e#3577\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd support docker-in-docker detection for cgroups v2.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3535\"\u003e#3535\u003c/a\u003e PR by \u003ca href=\"https://github.com/br-rhrbacek\"\u003e\u003ccode\u003e@​br-rhrbacek\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3360\"\u003e#3360\u003c/a\u003e issue by \u003ca href=\"https://github.com/JasonAlt\"\u003e\u003ccode\u003e@​JasonAlt\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHandle when docker gives \u003ccode\u003eSecurityOptions: null\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3537\"\u003e#3537\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3514\"\u003e#3514\u003c/a\u003e issue by \u003ca href=\"https://github.com/jenstroeger\"\u003e\u003ccode\u003e@​jenstroeger\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix error context for invalid \u003ccode\u003estages\u003c/code\u003e in \u003ccode\u003e.pre-commit-config.yaml\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3576\"\u003e#3576\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md\"\u003epre-commit's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.5.1 - 2025-12-16\u003c/h1\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003elanguage: python\u003c/code\u003e with \u003ccode\u003erepo: local\u003c/code\u003e without \u003ccode\u003eadditional_dependencies\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3597\"\u003e#3597\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.5.0 - 2025-11-22\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003epre-commit hazmat\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3585\"\u003e#3585\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.4.0 - 2025-11-08\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--fail-fast\u003c/code\u003e option to \u003ccode\u003epre-commit run\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3528\"\u003e#3528\u003c/a\u003e PR by \u003ca href=\"https://github.com/JulianMaurin\"\u003e\u003ccode\u003e@​JulianMaurin\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003eruby-build\u003c/code\u003e / \u003ccode\u003erbenv\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3566\"\u003e#3566\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3565\"\u003e#3565\u003c/a\u003e issue by \u003ca href=\"https://github.com/MRigal\"\u003e\u003ccode\u003e@​MRigal\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003elanguage: unsupported\u003c/code\u003e / \u003ccode\u003elanguage: unsupported_script\u003c/code\u003e as aliases\nfor \u003ccode\u003elanguage: system\u003c/code\u003e / \u003ccode\u003elanguage: script\u003c/code\u003e (which will eventually be\ndeprecated).\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3577\"\u003e#3577\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd support docker-in-docker detection for cgroups v2.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3535\"\u003e#3535\u003c/a\u003e PR by \u003ca href=\"https://github.com/br-rhrbacek\"\u003e\u003ccode\u003e@​br-rhrbacek\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3360\"\u003e#3360\u003c/a\u003e issue by \u003ca href=\"https://github.com/JasonAlt\"\u003e\u003ccode\u003e@​JasonAlt\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHandle when docker gives \u003ccode\u003eSecurityOptions: null\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3537\"\u003e#3537\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3514\"\u003e#3514\u003c/a\u003e issue by \u003ca href=\"https://github.com/jenstroeger\"\u003e\u003ccode\u003e@​jenstroeger\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix error context for invalid \u003ccode\u003estages\u003c/code\u003e in \u003ccode\u003e.pre-commit-config.yaml\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3576\"\u003e#3576\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/8a0630ca1aa7f6d5665effe674ebe2022af17919\"\u003e\u003ccode\u003e8a0630c\u003c/code\u003e\u003c/a\u003e v4.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/fcbc745744377ef2c9fe6a7e1a21c67d797933dc\"\u003e\u003ccode\u003efcbc745\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3597\"\u003e#3597\u003c/a\u003e from pre-commit/empty-setup-py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/51592eececd13b99c40ec477ad8f810799147227\"\u003e\u003ccode\u003e51592ee\u003c/code\u003e\u003c/a\u003e fix python local template when artifact dirs are present\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/67e8faf80baffcb4b79c31b89ca9a413a1cd6776\"\u003e\u003ccode\u003e67e8faf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3596\"\u003e#3596\u003c/a\u003e from pre-commit/pre-commit-ci-update-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/c251e6b6d011b3b262339dc8e109de29b0ff8db1\"\u003e\u003ccode\u003ec251e6b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/98ccafa3ce42b846b9a9be9ed73fbbec7415496d\"\u003e\u003ccode\u003e98ccafa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3593\"\u003e#3593\u003c/a\u003e from pre-commit/pre-commit-ci-update-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/48953556d06f8cdb4248002c1a0044e69e0916b3\"\u003e\u003ccode\u003e4895355\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/2cedd58e691f4d3bc6ab266c7d7c28464c3502be\"\u003e\u003ccode\u003e2cedd58\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3588\"\u003e#3588\u003c/a\u003e from pre-commit/pre-commit-ci-update-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/465192d7de58d569776eaaa818c94cb2b962d436\"\u003e\u003ccode\u003e465192d\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/fd42f96874279c4f65363bfea5238714419e54d7\"\u003e\u003ccode\u003efd42f96\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3586\"\u003e#3586\u003c/a\u003e from pre-commit/zipapp-sha256-file-not-needed\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pre-commit/pre-commit/compare/v4.3.0...v4.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.14.0 to 0.15.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.2\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-02-19.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eExpand the default rule set (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23385\"\u003e#23385\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIn preview, Ruff now enables a significantly expanded default rule set of 412 rules, up from the stable default set of 59 rules. The new rules are mostly a superset of the stable defaults, with the exception of these rules, which are removed from the preview defaults:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/multiple-imports-on-one-line\"\u003e\u003ccode\u003emultiple-imports-on-one-line\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE401\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/module-import-not-at-top-of-file\"\u003e\u003ccode\u003emodule-import-not-at-top-of-file\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE402\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/module-import-not-at-top-of-file\"\u003e\u003ccode\u003emodule-import-not-at-top-of-file\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE701\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/multiple-statements-on-one-line-semicolon\"\u003e\u003ccode\u003emultiple-statements-on-one-line-semicolon\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE702\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/useless-semicolon\"\u003e\u003ccode\u003euseless-semicolon\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE703\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/none-comparison\"\u003e\u003ccode\u003enone-comparison\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE711\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/true-false-comparison\"\u003e\u003ccode\u003etrue-false-comparison\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE712\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/not-in-test\"\u003e\u003ccode\u003enot-in-test\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE713\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/not-is-test\"\u003e\u003ccode\u003enot-is-test\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE714\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/type-comparison\"\u003e\u003ccode\u003etype-comparison\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE721\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/lambda-assignment\"\u003e\u003ccode\u003elambda-assignment\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE731\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/ambiguous-variable-name\"\u003e\u003ccode\u003eambiguous-variable-name\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE741\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/ambiguous-class-name\"\u003e\u003ccode\u003eambiguous-class-name\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE742\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/ambiguous-function-name\"\u003e\u003ccode\u003eambiguous-function-name\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE743\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/undefined-local-with-import-star\"\u003e\u003ccode\u003eundefined-local-with-import-star\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eF403\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/undefined-local-with-import-star-usage\"\u003e\u003ccode\u003eundefined-local-with-import-star-usage\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eF405\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/undefined-local-with-nested-import-star-usage\"\u003e\u003ccode\u003eundefined-local-with-nested-import-star-usage\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eF406\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/forward-annotation-syntax-error\"\u003e\u003ccode\u003eforward-annotation-syntax-error\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eF722\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIf you use preview and prefer the old defaults, you can restore them with configuration like:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e\r\n# ruff.toml\r\n\u003cp\u003e[lint]\nselect = [\u0026quot;E4\u0026quot;, \u0026quot;E7\u0026quot;, \u0026quot;E9\u0026quot;, \u0026quot;F\u0026quot;]\u003c/p\u003e\n\u003ch1\u003epyproject.toml\u003c/h1\u003e\n\u003cp\u003e[tool.ruff.lint]\nselect = [\u0026quot;E4\u0026quot;, \u0026quot;E7\u0026quot;, \u0026quot;E9\u0026quot;, \u0026quot;F\u0026quot;]\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eIf you do give them a try, feel free to share your feedback in the \u003ca href=\"https://github.com/astral-sh/ruff/discussions/23203\"\u003eGitHub discussion\u003c/a\u003e!\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Also check string annotations (\u003ccode\u003ePYI041\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/19023\"\u003e#19023\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.2\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-02-19.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eExpand the default rule set (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23385\"\u003e#23385\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIn preview, Ruff now enables a significantly expanded default rule set of 412\nrules, up from the stable default set of 59 rules. The new rules are mostly a\nsuperset of the stable defaults, with the exception of these rules, which are\nremoved from the preview defaults:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/multiple-imports-on-one-line\"\u003e\u003ccode\u003emultiple-imports-on-one-line\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE401\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/module-import-not-at-top-of-file\"\u003e\u003ccode\u003emodule-import-not-at-top-of-file\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE402\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/module-import-not-at-top-of-file\"\u003e\u003ccode\u003emodule-import-not-at-top-of-file\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE701\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/multiple-statements-on-one-line-semicolon\"\u003e\u003ccode\u003emultiple-statements-on-one-line-semicolon\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE702\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/useless-semicolon\"\u003e\u003ccode\u003euseless-semicolon\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE703\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/none-comparison\"\u003e\u003ccode\u003enone-comparison\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE711\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/true-false-comparison\"\u003e\u003ccode\u003etrue-false-comparison\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE712\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/not-in-test\"\u003e\u003ccode\u003enot-in-test\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE713\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/not-is-test\"\u003e\u003ccode\u003enot-is-test\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE714\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/type-comparison\"\u003e\u003ccode\u003etype-comparison\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE721\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/lambda-assignment\"\u003e\u003ccode\u003elambda-assignment\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE731\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/ambiguous-variable-name\"\u003e\u003ccode\u003eambiguous-variable-name\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE741\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/ambiguous-class-name\"\u003e\u003ccode\u003eambiguous-class-name\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE742\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/ambiguous-function-name\"\u003e\u003ccode\u003eambiguous-function-name\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eE743\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/undefined-local-with-import-star\"\u003e\u003ccode\u003eundefined-local-with-import-star\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eF403\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/undefined-local-with-import-star-usage\"\u003e\u003ccode\u003eundefined-local-with-import-star-usage\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eF405\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/undefined-local-with-nested-import-star-usage\"\u003e\u003ccode\u003eundefined-local-with-nested-import-star-usage\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eF406\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://docs.astral.sh/ruff/rules/forward-annotation-syntax-error\"\u003e\u003ccode\u003eforward-annotation-syntax-error\u003c/code\u003e\u003c/a\u003e (\u003ccode\u003eF722\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIf you use preview and prefer the old defaults, you can restore them with\nconfiguration like:\u003c/p\u003e\n\u003cpre lang=\"toml\"\u003e\u003ccode\u003e\n# ruff.toml\n\u003cp\u003e[lint]\nselect = [\u0026quot;E4\u0026quot;, \u0026quot;E7\u0026quot;, \u0026quot;E9\u0026quot;, \u0026quot;F\u0026quot;]\u003c/p\u003e\n\u003ch1\u003epyproject.toml\u003c/h1\u003e\n\u003cp\u003e[tool.ruff.lint]\nselect = [\u0026quot;E4\u0026quot;, \u0026quot;E7\u0026quot;, \u0026quot;E9\u0026quot;, \u0026quot;F\u0026quot;]\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eIf you do give them a try, feel free to share your feedback in the \u003ca href=\"https://github.com/astral-sh/ruff/discussions/23203\"\u003eGitHub\ndiscussion\u003c/a\u003e!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9d18ee9115f9cbb4c21478baa7c1fa2b46e0759c\"\u003e\u003ccode\u003e9d18ee9\u003c/code\u003e\u003c/a\u003e Hard code workflow name and \u003ccode\u003ecancel-in-progress\u003c/code\u003e only for PRs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23431\"\u003e#23431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/7cc15f024b931fe56365f40de3fab01219c092c4\"\u003e\u003ccode\u003e7cc15f0\u003c/code\u003e\u003c/a\u003e Bump 0.15.2 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23430\"\u003e#23430\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/d1b544393ae9cddd8e48ebee8dbfd54bda89f375\"\u003e\u003ccode\u003ed1b5443\u003c/code\u003e\u003c/a\u003e Add extension mapping to configuration file options (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23384\"\u003e#23384\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/222574af90c5c0ca8f84c8385cf30c7c10ac2496\"\u003e\u003ccode\u003e222574a\u003c/code\u003e\u003c/a\u003e Expand the default rule set (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23385\"\u003e#23385\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/1465b5de3829549b45397e9587b83ab7ac6d26d0\"\u003e\u003ccode\u003e1465b5d\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eflake8-async\u003c/code\u003e] Fix \u003ccode\u003ein_async_context\u003c/code\u003e logic (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23426\"\u003e#23426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/410902fa401afda969cc000f13be341896e6868e\"\u003e\u003ccode\u003e410902f\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003epyupgrade\u003c/code\u003e] Fix handling of \u003ccode\u003etyping.{io,re}\u003c/code\u003e (\u003ccode\u003eUP035\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23131\"\u003e#23131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/729610acd9e19f57526e8ca40f355626154826bb\"\u003e\u003ccode\u003e729610a\u003c/code\u003e\u003c/a\u003e [ty] Fall back to ambiguous for large control flow graphs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23399\"\u003e#23399\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/1425c185b0a47be87112762f65b5bf7e323fb950\"\u003e\u003ccode\u003e1425c18\u003c/code\u003e\u003c/a\u003e [ty] Add code folding support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/97acaaea5f993f33d3f5bb27c5db760a2f3d1e8a\"\u003e\u003ccode\u003e97acaae\u003c/code\u003e\u003c/a\u003e [ty] Fix stack overflow for self-referential \u003ccode\u003eTypeOf\u003c/code\u003e in annotations (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23407\"\u003e#23407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/1f380c82584a6dab7e8715bc7dd5ae187da1e69a\"\u003e\u003ccode\u003e1f380c8\u003c/code\u003e\u003c/a\u003e [ty] Update tests \u003ccode\u003ereveal_type\u003c/code\u003e and \u003ccode\u003eNever\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/23418\"\u003e#23418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.14.0...0.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmor` from 1.14.2 to 1.22.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.22.0\u003c/h2\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e audit now only shows non-\u0026quot;well known\u0026quot; \u003ccode\u003eshell:\u003c/code\u003e findings when running with the \u0026quot;auditor\u0026quot; persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where inputs containing CRLF line endings were not patched correctly by the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.21.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e detects usage of GitHub Actions features that are considered \u0026quot;misfeatures.\u0026quot; (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now uses exit code 3 to signal an audit that has failed because no input files were collected. See the \u003ca href=\"https://docs.zizmor.sh/usage/#exit-codes\"\u003eexit code\u003c/a\u003e documentation for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1515\"\u003e#1515\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit now supports auto-fixes for many findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit no longer flags shell: cmd. That check has been moved to the new \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e audit. Users may need to update their ignore comments and/or configuration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit now flags reusable workflows that are unpinned, in addition to actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1509\"\u003e#1509\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/johnbillion\"\u003e\u003ccode\u003e@​johnbillion\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.20.0\u003c/h2\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#excessive-permissions\"\u003eexcessive-permissions\u003c/a\u003e audit is now aware of the artifact-metadata and models permissions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1461\"\u003e#1461\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#cache-poisoning\"\u003ecache-poisoning\u003c/a\u003e audit is now aware of the \u003ca href=\"https://github.com/ramsey/composer-install\"\u003eramsey/composer-install\u003c/a\u003e action (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1489\"\u003e#1489\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-images\"\u003eunpinned-images\u003c/a\u003e audit is now significantly more precise in the presence of matrix references, e.g. image: ${{ matrix.image }} (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe default policy for the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit has changed from allowing ref-pinning for first-party actions (those under actions/* and similar) to requiring hash-pinning. This makes the default policy more strict, as well as more consistent across the actions ecosystem.\u003c/p\u003e\n\u003cp\u003eUsers who with to retain the old (permissive policy) for first-party actions may configure it explicitly in their zizmor.yml:\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre\u003e\u003ccode\u003ezizmor.yml\r\n\u003cp\u003erules:\nunpinned-uses:\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.22.0\u003c/h2\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe [misfeature] audit now only shows non-\u0026quot;well known\u0026quot; \u003ccode\u003e#!yaml shell:\u003c/code\u003e\nfindings when running with the \u0026quot;auditor\u0026quot; persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where inputs containing CRLF line endings were not patched\ncorrectly by the [unpinned-uses] audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.21.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [misfeature] detects usage of GitHub Actions features that\nare considered \u0026quot;misfeatures.\u0026quot; (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now uses exit code \u003ccode\u003e3\u003c/code\u003e to signal an audit that has failed because\nno input files were collected. See the [exit code] documentation\nfor details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1515\"\u003e#1515\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-uses] audit now supports auto-fixes for many findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe [obfuscation] audit no longer flags \u003ccode\u003e#!yaml shell: cmd\u003c/code\u003e. That check has\nbeen moved to the new [misfeature] audit. Users may need to update their\nignore comments and/or configuration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-uses] audit now flags reusable workflows that are unpinned,\nin addition to actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1509\"\u003e#1509\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/johnbillion\"\u003e\u003ccode\u003e@​johnbillion\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.20.0\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [excessive-permissions] audit is now aware of the \u003ccode\u003eartifact-metadata\u003c/code\u003e\nand \u003ccode\u003emodels\u003c/code\u003e permissions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1461\"\u003e#1461\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [cache-poisoning] audit is now aware of the \u003ccode\u003e@​ramsey/composer-install\u003c/code\u003e\naction (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1489\"\u003e#1489\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/94308f638c114a3f42c4c842abee9cf46f166890\"\u003e\u003ccode\u003e94308f6\u003c/code\u003e\u003c/a\u003e zizmor 1.22.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1539\"\u003e#1539\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/951d2c8c8bb73c0c3be30b7a4b8c8d6973c7a822\"\u003e\u003ccode\u003e951d2c8\u003c/code\u003e\u003c/a\u003e Add 'crater' tests (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1538\"\u003e#1538\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/13c1b65775f6dbc80900580dcb37fcde8c0d6dd3\"\u003e\u003ccode\u003e13c1b65\u003c/code\u003e\u003c/a\u003e Handle CRLF in EmplaceComment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/601bbba7a91da02cc7ec7248ad27cb39c85dd403\"\u003e\u003ccode\u003e601bbba\u003c/code\u003e\u003c/a\u003e Bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1535\"\u003e#1535\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/de617a22ce828c35e5162a81852312d95839b85d\"\u003e\u003ccode\u003ede617a2\u003c/code\u003e\u003c/a\u003e Drop 'custom shell' finding to auditor persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/5175a6c9707e21e9e300e8dd14a2aac5d1099d4a\"\u003e\u003ccode\u003e5175a6c\u003c/code\u003e\u003c/a\u003e zizmor 1.21.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1529\"\u003e#1529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/b3f84f4f168f0c4d1f6c6a64d3ff8572571c95f5\"\u003e\u003ccode\u003eb3f84f4\u003c/code\u003e\u003c/a\u003e yamlpatch 0.10.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1528\"\u003e#1528\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/20b24ff49188722d1a6fe72d0c77548866d4e245\"\u003e\u003ccode\u003e20b24ff\u003c/code\u003e\u003c/a\u003e yamlpath 0.33.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1527\"\u003e#1527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/4815c16d4f0068d620fe56559d238bda344fea46\"\u003e\u003ccode\u003e4815c16\u003c/code\u003e\u003c/a\u003e Support auto-fixes for unpinned-uses (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/e611eae19cfb4b8c7af67166eedf68ae2268f2e1\"\u003e\u003ccode\u003ee611eae\u003c/code\u003e\u003c/a\u003e Document hk integration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1522\"\u003e#1522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.14.2...v1.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/ministryofjustice/modernisation-platform-ui/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fmodernisation-platform-ui/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"}},{"old_version":"1.19.0","new_version":"1.22.0","update_type":"minor","path":null,"pr_created_at":"2026-02-01T08:11:18.000Z","version_change":"1.19.0 → 1.22.0","issue":{"uuid":"3881531977","node_id":"PR_kwDOE5ikvs7AsJnP","number":76,"state":"closed","title":"chore(deps): bump zizmor from 1.19.0 to 1.22.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":["vavkamil"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-01T11:28:39.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-01T08:11:18.000Z","updated_at":"2026-02-01T11:28:40.000Z","time_to_close":11841,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"zizmor","old_version":"1.19.0","new_version":"1.22.0","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps [zizmor](https://github.com/zizmorcore/zizmor) from 1.19.0 to 1.22.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.22.0\u003c/h2\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e audit now only shows non-\u0026quot;well known\u0026quot; \u003ccode\u003eshell:\u003c/code\u003e findings when running with the \u0026quot;auditor\u0026quot; persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where inputs containing CRLF line endings were not patched correctly by the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.21.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e detects usage of GitHub Actions features that are considered \u0026quot;misfeatures.\u0026quot; (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now uses exit code 3 to signal an audit that has failed because no input files were collected. See the \u003ca href=\"https://docs.zizmor.sh/usage/#exit-codes\"\u003eexit code\u003c/a\u003e documentation for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1515\"\u003e#1515\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit now supports auto-fixes for many findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit no longer flags shell: cmd. That check has been moved to the new \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e audit. Users may need to update their ignore comments and/or configuration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit now flags reusable workflows that are unpinned, in addition to actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1509\"\u003e#1509\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/johnbillion\"\u003e\u003ccode\u003e@​johnbillion\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.20.0\u003c/h2\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#excessive-permissions\"\u003eexcessive-permissions\u003c/a\u003e audit is now aware of the artifact-metadata and models permissions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1461\"\u003e#1461\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#cache-poisoning\"\u003ecache-poisoning\u003c/a\u003e audit is now aware of the \u003ca href=\"https://github.com/ramsey/composer-install\"\u003eramsey/composer-install\u003c/a\u003e action (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1489\"\u003e#1489\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-images\"\u003eunpinned-images\u003c/a\u003e audit is now significantly more precise in the presence of matrix references, e.g. image: ${{ matrix.image }} (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe default policy for the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit has changed from allowing ref-pinning for first-party actions (those under actions/* and similar) to requiring hash-pinning. This makes the default policy more strict, as well as more consistent across the actions ecosystem.\u003c/p\u003e\n\u003cp\u003eUsers who with to retain the old (permissive policy) for first-party actions may configure it explicitly in their zizmor.yml:\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre\u003e\u003ccode\u003ezizmor.yml\n\u003cp\u003erules:\nunpinned-uses:\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.22.0\u003c/h2\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe [misfeature] audit now only shows non-\u0026quot;well known\u0026quot; \u003ccode\u003e#!yaml shell:\u003c/code\u003e\nfindings when running with the \u0026quot;auditor\u0026quot; persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where inputs containing CRLF line endings were not patched\ncorrectly by the [unpinned-uses] audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.21.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [misfeature] detects usage of GitHub Actions features that\nare considered \u0026quot;misfeatures.\u0026quot; (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now uses exit code \u003ccode\u003e3\u003c/code\u003e to signal an audit that has failed because\nno input files were collected. See the [exit code] documentation\nfor details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1515\"\u003e#1515\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-uses] audit now supports auto-fixes for many findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe [obfuscation] audit no longer flags \u003ccode\u003e#!yaml shell: cmd\u003c/code\u003e. That check has\nbeen moved to the new [misfeature] audit. Users may need to update their\nignore comments and/or configuration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-uses] audit now flags reusable workflows that are unpinned,\nin addition to actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1509\"\u003e#1509\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/johnbillion\"\u003e\u003ccode\u003e@​johnbillion\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.20.0\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [excessive-permissions] audit is now aware of the \u003ccode\u003eartifact-metadata\u003c/code\u003e\nand \u003ccode\u003emodels\u003c/code\u003e permissions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1461\"\u003e#1461\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [cache-poisoning] audit is now aware of the \u003ccode\u003e@​ramsey/composer-install\u003c/code\u003e\naction (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1489\"\u003e#1489\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/94308f638c114a3f42c4c842abee9cf46f166890\"\u003e\u003ccode\u003e94308f6\u003c/code\u003e\u003c/a\u003e zizmor 1.22.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1539\"\u003e#1539\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/951d2c8c8bb73c0c3be30b7a4b8c8d6973c7a822\"\u003e\u003ccode\u003e951d2c8\u003c/code\u003e\u003c/a\u003e Add 'crater' tests (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1538\"\u003e#1538\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/13c1b65775f6dbc80900580dcb37fcde8c0d6dd3\"\u003e\u003ccode\u003e13c1b65\u003c/code\u003e\u003c/a\u003e Handle CRLF in EmplaceComment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/601bbba7a91da02cc7ec7248ad27cb39c85dd403\"\u003e\u003ccode\u003e601bbba\u003c/code\u003e\u003c/a\u003e Bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1535\"\u003e#1535\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/de617a22ce828c35e5162a81852312d95839b85d\"\u003e\u003ccode\u003ede617a2\u003c/code\u003e\u003c/a\u003e Drop 'custom shell' finding to auditor persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/5175a6c9707e21e9e300e8dd14a2aac5d1099d4a\"\u003e\u003ccode\u003e5175a6c\u003c/code\u003e\u003c/a\u003e zizmor 1.21.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1529\"\u003e#1529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/b3f84f4f168f0c4d1f6c6a64d3ff8572571c95f5\"\u003e\u003ccode\u003eb3f84f4\u003c/code\u003e\u003c/a\u003e yamlpatch 0.10.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1528\"\u003e#1528\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/20b24ff49188722d1a6fe72d0c77548866d4e245\"\u003e\u003ccode\u003e20b24ff\u003c/code\u003e\u003c/a\u003e yamlpath 0.33.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1527\"\u003e#1527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/4815c16d4f0068d620fe56559d238bda344fea46\"\u003e\u003ccode\u003e4815c16\u003c/code\u003e\u003c/a\u003e Support auto-fixes for unpinned-uses (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/e611eae19cfb4b8c7af67166eedf68ae2268f2e1\"\u003e\u003ccode\u003ee611eae\u003c/code\u003e\u003c/a\u003e Document hk integration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1522\"\u003e#1522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.19.0...v1.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmor\u0026package-manager=pip\u0026previous-version=1.19.0\u0026new-version=1.22.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/vavkamil/awesome-bugbounty-tools/pull/76","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vavkamil%2Fawesome-bugbounty-tools/issues/76","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/76/packages"}},{"old_version":"1.14.2","new_version":"1.20.0","update_type":"minor","path":null,"pr_created_at":"2026-01-26T22:44:53.000Z","version_change":"1.14.2 → 1.20.0","issue":{"uuid":"3857996221","node_id":"PR_kwDONnZYsM6_eIKc","number":317,"state":"closed","title":":dependabot: uv(deps): Bump the minor-and-patch group across 1 directory with 12 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-03-18T09:16:15.000Z","author_association":null,"state_reason":null,"created_at":"2026-01-26T22:44:53.000Z","updated_at":"2026-03-18T09:16:17.000Z","time_to_close":4357882,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":":dependabot: uv(deps): Bump","group_name":"minor-and-patch","update_count":12,"packages":[{"name":"alembic","old_version":"1.17.0","new_version":"1.18.0","repository_url":"https://github.com/sqlalchemy/alembic"},{"name":"authlib","old_version":"1.6.5","new_version":"1.6.6","repository_url":"https://github.com/authlib/authlib"},{"name":"flask-cors","old_version":"6.0.1","new_version":"6.0.2","repository_url":"https://github.com/corydolphin/flask-cors"},{"name":"flask-limiter","old_version":"4.0.0","new_version":"4.1.1","repository_url":"https://github.com/alisaifee/flask-limiter"},{"name":"govuk-frontend-jinja","old_version":"3.8.0","new_version":"3.9.0","repository_url":"https://github.com/LandRegistry/govuk-frontend-jinja"},{"name":"sentry-sdk","old_version":"2.41.0","new_version":"2.49.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"urllib3","old_version":"2.6.1","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"},{"name":"werkzeug","old_version":"3.1.4","new_version":"3.1.5","repository_url":"https://github.com/pallets/werkzeug"},{"name":"coverage","old_version":"7.10.7","new_version":"7.13.1","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"pre-commit","old_version":"4.3.0","new_version":"4.5.1","repository_url":"https://github.com/pre-commit/pre-commit"},{"name":"ruff","old_version":"0.14.0","new_version":"0.14.11","repository_url":"https://github.com/astral-sh/ruff"},{"name":"zizmor","old_version":"1.14.2","new_version":"1.20.0","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps the minor-and-patch group with 12 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [alembic](https://github.com/sqlalchemy/alembic) | `1.17.0` | `1.18.0` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.5` | `1.6.6` |\n| [flask-cors](https://github.com/corydolphin/flask-cors) | `6.0.1` | `6.0.2` |\n| [flask-limiter](https://github.com/alisaifee/flask-limiter) | `4.0.0` | `4.1.1` |\n| [govuk-frontend-jinja](https://github.com/LandRegistry/govuk-frontend-jinja) | `3.8.0` | `3.9.0` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.41.0` | `2.49.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.1` | `2.6.3` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.4` | `3.1.5` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.10.7` | `7.13.1` |\n| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.3.0` | `4.5.1` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.14.0` | `0.14.11` |\n| [zizmor](https://github.com/zizmorcore/zizmor) | `1.14.2` | `1.20.0` |\n\n\nUpdates `alembic` from 1.17.0 to 1.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/alembic/releases\"\u003ealembic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.18.0\u003c/h1\u003e\n\u003cp\u003eReleased: January 9, 2026\u003c/p\u003e\n\u003ch2\u003efeature\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[feature] [operations]\u003c/strong\u003e When alembic is run in \u0026quot;verbose\u0026quot; mode, alembic now logs a message to\nindicate from which file is used to load the configuration.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1737\"\u003e#1737\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[feature] [autogenerate]\u003c/strong\u003e Autogenerate reflection sweeps now use the \u0026quot;bulk\u0026quot; inspector methods\nintroduced in SQLAlchemy 2.0, which for selected dialects including\nPostgreSQL and Oracle use batched queries to reflect whole collections of\ntables using O(1) queries rather than O(N).\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://redirect.github.com/sqlalchemy/alembic/issues/1771\"\u003e#1771\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[feature] [autogenerate]\u003c/strong\u003e Release 1.18.0 introduces a plugin system that allows for automatic\nloading of third-party extensions as well as configurable autogenerate\ncompare functionality on a per-environment basis.\u003c/p\u003e\n\u003cp\u003eThe \u003ccode\u003ePlugin\u003c/code\u003e class provides a common interface for extensions that\nregister handlers among Alembic's existing extension points such as\n\u003ccode\u003eOperations.register_operation()\u003c/code\u003e and\n\u003ccode\u003eOperations.implementation_for()\u003c/code\u003e. A new interface for registering\nautogenerate comparison handlers,\n\u003ccode\u003ePlugin.add_autogenerate_comparator()\u003c/code\u003e, provides for autogenerate\ncompare functionality that may be custom-configured on a per-environment\nbasis using the new\n\u003ccode\u003eEnvironmentContext.configure.autogenerate_plugins\u003c/code\u003e parameter.\u003c/p\u003e\n\u003cp\u003eThe change does not impact well known Alembic add-ons such as\n\u003ccode\u003ealembic-utils\u003c/code\u003e, which continue to work as before; however, such add-ons\nhave the option to provide plugin entrypoints going forward.\u003c/p\u003e\n\u003cp\u003eAs part of this change, Alembic's autogenerate compare functionality is\nreorganized into a series of internal plugins under the\n\u003ccode\u003ealembic.autogenerate\u003c/code\u003e namespace, which may be individually or\ncollectively identified for inclusion and/or exclusion within the\n\u003ccode\u003eEnvironmentContext.configure()\u003c/code\u003e call using a new parameter\n\u003ccode\u003eEnvironmentContext.configure.autogenerate_plugins\u003c/code\u003e. This\nparameter is also where third party comparison plugins may also be\nindicated.\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003ealembic.plugins.toplevel\u003c/code\u003e for complete documentation on\nthe new \u003ccode\u003ePlugin\u003c/code\u003e class as well as autogenerate-specific usage\ninstructions.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/alembic/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.6.5 to 1.6.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ClientAuth): fix incorrect signature when Content-Type is x-www-form-urlencoded by \u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable by \u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter. by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/844\"\u003eauthlib/authlib#844\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/main/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 12, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter, :pr:\u003ccode\u003e844\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eFix incorrect signature when \u003ccode\u003eContent-Type\u003c/code\u003e is x-www-form-urlencoded for OAuth 1.0 Client, :pr:\u003ccode\u003e778\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eexpires_in\u003c/code\u003e in \u003ccode\u003eOAuth2Token\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable, :pr:\u003ccode\u003e842\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAlways track \u003ccode\u003estate\u003c/code\u003e in session for OAuth client integrations.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/bb7a315befbad333faf9a23ef574d6e3134a6774\"\u003e\u003ccode\u003ebb7a315\u003c/code\u003e\u003c/a\u003e chore: release 1.6.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0a423d4638bed1c0fe4597b2296a85c5bb59fba2\"\u003e\u003ccode\u003e0a423d4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/844\"\u003e#844\u003c/a\u003e from azmeuk/806-get-jwt-config-client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/2808378611dd6fb2532b189a9087877d8f0c0489\"\u003e\u003ccode\u003e2808378\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/714502a4738bc29f26eb245b0c66718d8536cdda\"\u003e\u003ccode\u003e714502a\u003c/code\u003e\u003c/a\u003e feat: get_jwt_config takes a client parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/260d04edee23d8470057ea659c16fb8a2c7b0dc2\"\u003e\u003ccode\u003e260d04e\u003c/code\u003e\u003c/a\u003e Fix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/eb37124bbbec6ccbfba3699d8960f9710d330ad8\"\u003e\u003ccode\u003eeb37124\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/778\"\u003e#778\u003c/a\u003e from shc261392/fix-httpx-oauth1-form-data-incorrect-s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0ba9ec4feeb8e19f572c454e2d1dbbdc1d30ae62\"\u003e\u003ccode\u003e0ba9ec4\u003c/code\u003e\u003c/a\u003e docs: fix guide on requests self signed certificate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/a2e9943815bb5161863b1fa144ac0aaa50d97e91\"\u003e\u003ccode\u003ea2e9943\u003c/code\u003e\u003c/a\u003e docs: indicate that \u003ca href=\"https://redirect.github.com/authlib/authlib/issues/743\"\u003e#743\u003c/a\u003e needs a migration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/06015d20652a23eff8350b6ad71b32fe41dae4ba\"\u003e\u003ccode\u003e06015d2\u003c/code\u003e\u003c/a\u003e test: factorize the token fixture\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask-cors` from 6.0.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/corydolphin/flask-cors/releases\"\u003eflask-cors's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate license pyproject.toml by \u003ca href=\"https://github.com/wagenrace\"\u003e\u003ccode\u003e@​wagenrace\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/395\"\u003ecorydolphin/flask-cors#395\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/wagenrace\"\u003e\u003ccode\u003e@​wagenrace\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/395\"\u003ecorydolphin/flask-cors#395\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/6.0.1...6.0.2\"\u003ehttps://github.com/corydolphin/flask-cors/compare/6.0.1...6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/fa55dcbec68b3524a39e5057c35c29c221a27d64\"\u003e\u003ccode\u003efa55dcb\u003c/code\u003e\u003c/a\u003e Update license pyproject.toml (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/395\"\u003e#395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/6.0.1...6.0.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask-limiter` from 4.0.0 to 4.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/alisaifee/flask-limiter/releases\"\u003eflask-limiter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.1.1\u003c/h2\u003e\n\u003ch2\u003eBug Fix\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure cli commands fail gracefully when cli dependencies\nare not installed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0\u003c/h2\u003e\n\u003ch2\u003eDeployment\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExtract \u003ccode\u003ecli\u003c/code\u003e specific requirements to an extra\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCompatibility\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd python 3.14 support\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/alisaifee/flask-limiter/blob/master/HISTORY.rst\"\u003eflask-limiter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.1\u003c/h2\u003e\n\u003cp\u003eRelease Date: 2025-12-06\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBug Fix\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure cli commands fail gracefully when cli dependencies\nare not installed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cp\u003eRelease Date: 2025-12-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDeployment\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExtract \u003ccode\u003ecli\u003c/code\u003e specific requirements to an extra\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCompatibility\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd python 3.14 support\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/e9c14643bb0bd7f3c2c12546d8b9d4b407cc7554\"\u003e\u003ccode\u003ee9c1464\u003c/code\u003e\u003c/a\u003e Update changelog for  4.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/008350285f66456f5befe0c372c342fd0ab857ac\"\u003e\u003ccode\u003e0083502\u003c/code\u003e\u003c/a\u003e Update uv.lock\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/c45325cbd55db3bd56a3ec4d3df93a20ef15830a\"\u003e\u003ccode\u003ec45325c\u003c/code\u003e\u003c/a\u003e Add rich to dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/4029925815361899d9b5a7def5f8ee6a2d082c3e\"\u003e\u003ccode\u003e4029925\u003c/code\u003e\u003c/a\u003e Ensure cli extra is installed for docs generation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/114c01b9918628635161dc5a74815aaebb2498a2\"\u003e\u003ccode\u003e114c01b\u003c/code\u003e\u003c/a\u003e Handle missing cli dependencies gracefully\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/4aee644efd4f40ccc9702401cce0b96c7264c33e\"\u003e\u003ccode\u003e4aee644\u003c/code\u003e\u003c/a\u003e Update changelog for  4.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/4eb58a34967c7639f18716b9ab9fa924b09d3df4\"\u003e\u003ccode\u003e4eb58a3\u003c/code\u003e\u003c/a\u003e Extract cli dependencies as an extra\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alisaifee/flask-limiter/commit/e1a162cc878ac08ffba85ef98b87052b481f1943\"\u003e\u003ccode\u003ee1a162c\u003c/code\u003e\u003c/a\u003e Add python 3.14 support\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/alisaifee/flask-limiter/compare/4.0.0...4.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `govuk-frontend-jinja` from 3.8.0 to 3.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/releases\"\u003egovuk-frontend-jinja's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.9.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for \u003ca href=\"https://github.com/alphagov/govuk-frontend/releases/tag/v5.13.0\"\u003eGOV.UK Frontend v5.13.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython 3.14 support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated from \u003ccode\u003esetup.py\u003c/code\u003e to \u003ccode\u003epyproject.toml\u003c/code\u003e for packaging config\u003c/li\u003e\n\u003cli\u003eMigrated from \u003ccode\u003epip-tools\u003c/code\u003e to \u003ccode\u003epipenv\u003c/code\u003e for dependency management\u003c/li\u003e\n\u003cli\u003eReduced test Docker image size from 1.28GB to 400MB (-69.5%)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/blob/main/CHANGELOG.md\"\u003egovuk-frontend-jinja's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/releases/tag/3.9.0\"\u003e3.9.0\u003c/a\u003e - 13/10/2025\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for \u003ca href=\"https://github.com/alphagov/govuk-frontend/releases/tag/v5.13.0\"\u003eGOV.UK Frontend v5.13.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython 3.14 support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated from \u003ccode\u003esetup.py\u003c/code\u003e to \u003ccode\u003epyproject.toml\u003c/code\u003e for packaging config\u003c/li\u003e\n\u003cli\u003eMigrated from \u003ccode\u003epip-tools\u003c/code\u003e to \u003ccode\u003epipenv\u003c/code\u003e for dependency management\u003c/li\u003e\n\u003cli\u003eReduced test Docker image size from 1.28GB to 400MB (-69.5%)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/commit/2d90481eb4aa7b851e379f41e03beabb84082212\"\u003e\u003ccode\u003e2d90481\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/LandRegistry/govuk-frontend-jinja/issues/102\"\u003e#102\u003c/a\u003e from LandRegistry/govuk-frontend-513\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/commit/5d3faeec69dcf765fb29ef88cd298c0bb196a77b\"\u003e\u003ccode\u003e5d3faee\u003c/code\u003e\u003c/a\u003e recompile with 3.10 dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/commit/7768e437ee4a816e52ea9b1a0e69ab7c5699ed44\"\u003e\u003ccode\u003e7768e43\u003c/code\u003e\u003c/a\u003e allow flake8 to read toml config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/commit/432f7246c017172365d8693b688ff118ebb33a10\"\u003e\u003ccode\u003e432f724\u003c/code\u003e\u003c/a\u003e docker size reduction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/commit/7644ce4a27838e3ec7c76e510ef639d4e975f770\"\u003e\u003ccode\u003e7644ce4\u003c/code\u003e\u003c/a\u003e local docker test env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/commit/e54a69acbaf39a3994c0205c429fa09722c335a9\"\u003e\u003ccode\u003ee54a69a\u003c/code\u003e\u003c/a\u003e formatting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/commit/d0c00713df48934b0f329cdd487afbe9cc5b4b8f\"\u003e\u003ccode\u003ed0c0071\u003c/code\u003e\u003c/a\u003e ignore GHSA-4xh5-x5gv-qwph until fixed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/commit/d600c13d00eeaf38be9aed416cb1f7cb8be81ea7\"\u003e\u003ccode\u003ed600c13\u003c/code\u003e\u003c/a\u003e remove python version requirement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/commit/8e3c6bb5d904a5100f144468f859963cdf28ee07\"\u003e\u003ccode\u003e8e3c6bb\u003c/code\u003e\u003c/a\u003e revert to 3.14 and use python version in pipeline\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/commit/4b24757fb46bf6cd3b072021fcad7b3bb0662395\"\u003e\u003ccode\u003e4b24757\u003c/code\u003e\u003c/a\u003e allow version range for matrix builds\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/LandRegistry/govuk-frontend-jinja/compare/3.8.0...3.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sentry-sdk` from 2.41.0 to 2.49.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-python/releases\"\u003esentry-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.49.0\u003c/h2\u003e\n\u003ch3\u003eNew Features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(api): Add \u003ccode\u003eScope.set_attribute\u003c/code\u003e by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5256\"\u003e#5256\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(grpc): Gate third-party imports by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5246\"\u003e#5246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(opentelemetry): Gate third-party imports by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5247\"\u003e#5247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(ray): Keep variadic kwargs last in signatures by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5244\"\u003e#5244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(trytond): Gate third-party imports by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5245\"\u003e#5245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix openai count_tokens by \u003ca href=\"https://github.com/sl0thentr0py\"\u003e\u003ccode\u003e@​sl0thentr0py\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5281\"\u003e#5281\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation 📚\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edocs: Fix typo in comment by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5280\"\u003e#5280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Fix \u003ccode\u003emiddleware_spans\u003c/code\u003e docstring by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5279\"\u003e#5279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal Changes 🔧\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eref(scope): Set global attrs on global scope by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5259\"\u003e#5259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Ignore type migration for scripts/ and tests/ in blame by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5284\"\u003e#5284\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eref: Properly override parent func by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5283\"\u003e#5283\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Allow to use Craft's new auto-versioning by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5218\"\u003e#5218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eref: Deduplicate batchers by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5263\"\u003e#5263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etests: Add dedicated transport format test for metrics, logs by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5264\"\u003e#5264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: 🤖 Update test matrix with new releases (01/05) by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5273\"\u003e#5273\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etests: General logs tests should use Sentry logs API by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5262\"\u003e#5262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etests: Test preserialization of attributes by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5260\"\u003e#5260\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Unpin Pydantic 1.x version in tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5261\"\u003e#5261\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eref: Make logs, metrics go via scope by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5213\"\u003e#5213\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Fix failing arq, fastapi tests on 3.7; update test matrix by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5258\"\u003e#5258\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.48.0\u003c/h2\u003e\n\u003cp\u003eMiddleware spans are now disabled by default in Django, Starlette and FastAPI integrations. Set the \u003ccode\u003emiddleware_spans\u003c/code\u003e integration-level\noption to capture individual spans per middleware layer. To record Django middleware spans, for example, configure as follows\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003e  import sentry_sdk\n  from sentry_sdk.integrations.django import DjangoIntegration\n\u003cp\u003esentry_sdk.init(\u003cbr /\u003e\ndsn=\u0026quot;\u0026lt;your-dsn\u0026gt;\u0026quot;,\u003cbr /\u003e\nintegrations=[\u003cbr /\u003e\nDjangoIntegration(middleware_spans=True),\u003cbr /\u003e\n],\u003cbr /\u003e\n)\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch3\u003eNew Features ✨\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md\"\u003esentry-sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.49.0\u003c/h2\u003e\n\u003ch3\u003eNew Features ✨\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(api): Add \u003ccode\u003eScope.set_attribute\u003c/code\u003e by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5256\"\u003e#5256\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(grpc): Gate third-party imports by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5246\"\u003e#5246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(opentelemetry): Gate third-party imports by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5247\"\u003e#5247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(ray): Keep variadic kwargs last in signatures by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5244\"\u003e#5244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(trytond): Gate third-party imports by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5245\"\u003e#5245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix openai count_tokens by \u003ca href=\"https://github.com/sl0thentr0py\"\u003e\u003ccode\u003e@​sl0thentr0py\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5281\"\u003e#5281\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation 📚\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edocs: Fix typo in comment by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5280\"\u003e#5280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Fix \u003ccode\u003emiddleware_spans\u003c/code\u003e docstring by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5279\"\u003e#5279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal Changes 🔧\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eref(scope): Set global attrs on global scope by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5259\"\u003e#5259\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Ignore type migration for scripts/ and tests/ in blame by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5284\"\u003e#5284\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eref: Properly override parent func by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5283\"\u003e#5283\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Allow to use Craft's new auto-versioning by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5218\"\u003e#5218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eref: Deduplicate batchers by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5263\"\u003e#5263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etests: Add dedicated transport format test for metrics, logs by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5264\"\u003e#5264\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: 🤖 Update test matrix with new releases (01/05) by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5273\"\u003e#5273\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etests: General logs tests should use Sentry logs API by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5262\"\u003e#5262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etests: Test preserialization of attributes by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5260\"\u003e#5260\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Unpin Pydantic 1.x version in tests by \u003ca href=\"https://github.com/alexander-alderman-webb\"\u003e\u003ccode\u003e@​alexander-alderman-webb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5261\"\u003e#5261\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eref: Make logs, metrics go via scope by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5213\"\u003e#5213\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Fix failing arq, fastapi tests on 3.7; update test matrix by \u003ca href=\"https://github.com/sentrivana\"\u003e\u003ccode\u003e@​sentrivana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getsentry/sentry-python/pull/5258\"\u003e#5258\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.48.0\u003c/h2\u003e\n\u003cp\u003eMiddleware spans are now disabled by default in Django, Starlette and FastAPI integrations. Set the \u003ccode\u003emiddleware_spans\u003c/code\u003e integration-level\noption to capture individual spans per middleware layer. To record Django middleware spans, for example, configure as follows\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003e  import sentry_sdk\n  from sentry_sdk.integrations.django import DjangoIntegration\n\u003cp\u003esentry_sdk.init(\u003cbr /\u003e\ndsn=\u0026quot;\u0026lt;your-dsn\u0026gt;\u0026quot;,\u003cbr /\u003e\nintegrations=[\u003cbr /\u003e\nDjangoIntegration(middleware_spans=True),\u003cbr /\u003e\n],\u003cbr /\u003e\n)\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/2c85e64f997e28444513df6e9df3976feb7aaf1a\"\u003e\u003ccode\u003e2c85e64\u003c/code\u003e\u003c/a\u003e release: 2.49.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/8f273d45eaf980c2096b547c8e63096e4b9ff60e\"\u003e\u003ccode\u003e8f273d4\u003c/code\u003e\u003c/a\u003e chore: Ignore type migration for scripts/ and tests/ in blame (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5284\"\u003e#5284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/dc8a8e5b0d7edccd16a4c2bcb7593eca34a481f5\"\u003e\u003ccode\u003edc8a8e5\u003c/code\u003e\u003c/a\u003e ref: Properly override parent func (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5283\"\u003e#5283\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/485aa6ddb3324c5ef04971e7af5aecd951676a3c\"\u003e\u003ccode\u003e485aa6d\u003c/code\u003e\u003c/a\u003e ci: Allow to use Craft's new auto-versioning (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5218\"\u003e#5218\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/c8d8d60befbd1bc7d97e2a9868c481cae28c12e2\"\u003e\u003ccode\u003ec8d8d60\u003c/code\u003e\u003c/a\u003e docs: Fix typo in comment (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5280\"\u003e#5280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/6039305f7ae0b75b816766d86c859e5839ae028f\"\u003e\u003ccode\u003e6039305\u003c/code\u003e\u003c/a\u003e ref: Deduplicate batchers (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5263\"\u003e#5263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/f2317dc4c7bbb3d5294dd92c3e28a1a56349fe24\"\u003e\u003ccode\u003ef2317dc\u003c/code\u003e\u003c/a\u003e ref(scope): Set global attrs on global scope (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5259\"\u003e#5259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/3d83b3912a59406babb15d198e3ad6dd887e4ab9\"\u003e\u003ccode\u003e3d83b39\u003c/code\u003e\u003c/a\u003e fix(ray): Keep variadic kwargs last in signatures (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5244\"\u003e#5244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/f5c51fc4a580d2d7aca30a6e1c33248b5f05ddb4\"\u003e\u003ccode\u003ef5c51fc\u003c/code\u003e\u003c/a\u003e Fix openai count_tokens (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5281\"\u003e#5281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getsentry/sentry-python/commit/a979755d26b95792aba55e449368ef31e292144f\"\u003e\u003ccode\u003ea979755\u003c/code\u003e\u003c/a\u003e docs: Fix \u003ccode\u003emiddleware_spans\u003c/code\u003e docstring (\u003ca href=\"https://redirect.github.com/getsentry/sentry-python/issues/5279\"\u003e#5279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getsentry/sentry-python/compare/2.41.0...2.49.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.1 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.1...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `werkzeug` from 3.1.4 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/releases\"\u003ewerkzeug's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.5/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/43?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/43?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless of extension or surrounding spaces. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7\"\u003eGHSA-87hc-h4r5-73f7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3077\"\u003e#3077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with \u003ccode\u003epin_security=False\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3075\"\u003e#3075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/blob/main/CHANGES.rst\"\u003ewerkzeug's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2026-01-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless\nof extension or surrounding spaces. :ghsa:\u003ccode\u003e87hc-h4r5-73f7\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\nThis fixes the previous attempt, which caused incorrect content lengths.\n:issue:\u003ccode\u003e3065\u003c/code\u003e :issue:\u003ccode\u003e3077\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with\n\u003ccode\u003epin_security=False\u003c/code\u003e. :issue:\u003ccode\u003e3075\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/e3d06f4b1f7ff40a63eba78f81d9cda18f805d6d\"\u003e\u003ccode\u003ee3d06f4\u003c/code\u003e\u003c/a\u003e release version 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/7ae1d254e04a0c33e241ac1cca4783ce6c875ca3\"\u003e\u003ccode\u003e7ae1d25\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/37797aba260022c871718e0908b472727d366d09\"\u003e\u003ccode\u003e37797ab\u003c/code\u003e\u003c/a\u003e \u003ccode\u003esafe_join\u003c/code\u003e prevents windows special device names with compound extensions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/3db44c79caa74c00848ceefb0bd3d608e3d09cea\"\u003e\u003ccode\u003e3db44c7\u003c/code\u003e\u003c/a\u003e fix duplicate reference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/a40f8fa05ff1108ba1096e7cd359d0599f5cd386\"\u003e\u003ccode\u003ea40f8fa\u003c/code\u003e\u003c/a\u003e fix class name typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/0f76c353b10afc2f8129aa3684ccc3262516a0c0\"\u003e\u003ccode\u003e0f76c35\u003c/code\u003e\u003c/a\u003e Correct parsing up to a potential partial boundary (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3081\"\u003e#3081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/1049dd6b2a363e1ef302b4161c340fb8582f627a\"\u003e\u003ccode\u003e1049dd6\u003c/code\u003e\u003c/a\u003e Correct parsing up to a potential partial boundary\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/b48878cf16dfca3c89ac58aca47ab1ecfcb71354\"\u003e\u003ccode\u003eb48878c\u003c/code\u003e\u003c/a\u003e initialize \u003ccode\u003e_pin\u003c/code\u003e in debugger (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3078\"\u003e#3078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/fa0f4f2710b8eaffef7f2b3fbc58fc3ca55247fb\"\u003e\u003ccode\u003efa0f4f2\u003c/code\u003e\u003c/a\u003e initialize _pin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f637275bfa68ebd80bec1da9173211ce2dc4fa33\"\u003e\u003ccode\u003ef637275\u003c/code\u003e\u003c/a\u003e start version 3.1.5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/werkzeug/compare/3.1.4...3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.10.7 to 7.13.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.13.1 — 2025-12-28\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdded: the JSON report now includes a \u003ccode\u003e\u0026quot;start_line\u0026quot;\u003c/code\u003e key for function and\nclass regions, indicating the first line of the region in the source. Closes\n\u003ccode\u003eissue 2110\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded: The \u003ccode\u003edebug data\u003c/code\u003e command now takes file names as arguments on the\ncommand line, so you can inspect specific data files without needing to set\nthe \u003ccode\u003eCOVERAGE_FILE\u003c/code\u003e environment variable.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the JSON report used to report module docstrings as executed lines,\nwhich no other report did, as described in \u003ccode\u003eissue 2105\u003c/code\u003e_. This is now fixed,\nthanks to Jianrong Zhao.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: coverage.py uses a more disciplined approach to detecting where\nthird-party code is installed, and avoids measuring it. This shouldn't change\nany behavior. If you find that it does, please get in touch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePerformance: data files that will be combined now record their hash as part\nof the file name. This lets us skip duplicate data more quickly, speeding the\ncombining step.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocs: added a section explaining more about what is considered a missing\nbranch and how it is reported: :ref:\u003ccode\u003ebranch_explain\u003c/code\u003e, as requested in \u003ccode\u003eissue 1597\u003c/code\u003e\u003cem\u003e. Thanks to \u003ccode\u003eAyisha Mohammed \u0026lt;pull 2092_\u0026gt;\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eTests: the test suite misunderstood what core was being tested if\n\u003ccode\u003eCOVERAGE_CORE\u003c/code\u003e wasn't set on 3.14+. This is now fixed, closing \u003ccode\u003eissue 2109\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1597: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1597\"\u003ecoveragepy/coveragepy#1597\u003c/a\u003e\n.. _pull 2092: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2092\"\u003ecoveragepy/coveragepy#2092\u003c/a\u003e\n.. _issue 2105: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2105\"\u003ecoveragepy/coveragepy#2105\u003c/a\u003e\n.. _issue 2109: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2109\"\u003ecoveragepy/coveragepy#2109\u003c/a\u003e\n.. _issue 2110: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2110\"\u003ecoveragepy/coveragepy#2110\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-13-0:\u003c/p\u003e\n\u003ch2\u003eVersion 7.13.0 — 2025-12-08\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: coverage.py now supports :file:\u003ccode\u003e.coveragerc.toml\u003c/code\u003e configuration\nfiles. These files use TOML syntax and take priority over\n:file:\u003ccode\u003epyproject.toml\u003c/code\u003e but lower priority than :file:\u003ccode\u003e.coveragerc\u003c/code\u003e files.\nCloses \u003ccode\u003eissue 1643\u003c/code\u003e_ thanks to \u003ccode\u003eOlena Yefymenko \u0026lt;pull 1952_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: we now include a permanent .pth file which is installed with the code,\nfixing \u003ccode\u003eissue 2084\u003c/code\u003e_.  In 7.12.1b1 this was done incorrectly: it didn't work\nwhen using the source wheel (\u003ccode\u003epy3-none-any\u003c/code\u003e).  This is now fixed. Thanks,\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/a6afdc36332d797fb4f4262fc9ff2b2da5bb99c8\"\u003e\u003ccode\u003ea6afdc3\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.13.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/a497081b6759957a1c52957fdbb34848e0d46276\"\u003e\u003ccode\u003ea497081\u003c/code\u003e\u003c/a\u003e docs: prep for 7.13.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/e9920336e5118a7a7002b1eb606400cd3be640b2\"\u003e\u003ccode\u003ee992033\u003c/code\u003e\u003c/a\u003e docs: polish up CHANGES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/18bba6e60958d5c825a93882b8997f2cfc6ecfe3\"\u003e\u003ccode\u003e18bba6e\u003c/code\u003e\u003c/a\u003e chore: bump the action-dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2111\"\u003e#2111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/80fb80826f3bd8953018d4a4a134a7fc42643784\"\u003e\u003ccode\u003e80fb808\u003c/code\u003e\u003c/a\u003e refactor: (?x:...) lets us use re.VERBOSE even when combining later\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/cc272bdc050308328e3ee64800b5e298468260c8\"\u003e\u003ccode\u003ecc272bd\u003c/code\u003e\u003c/a\u003e docs: leave a comment so we'll find this when 3.12 is the minimum\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/70d007d160d40b40de1bae89ad2856c2191c1c94\"\u003e\u003ccode\u003e70d007d\u003c/code\u003e\u003c/a\u003e types: be explicit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/a2c1940fd2eae103c2366859d75cb7de195a0439\"\u003e\u003ccode\u003ea2c1940\u003c/code\u003e\u003c/a\u003e types: fully import modules that will be patched\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/57b975d3b8e069364525b2e8d5a88b7fbc0e8b93\"\u003e\u003ccode\u003e57b975d\u003c/code\u003e\u003c/a\u003e types: explicit Protocol inheritance permits changing parameter names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/63ec12d7c87748e7a03ea2eb6240edeaffc7ccde\"\u003e\u003ccode\u003e63ec12d\u003c/code\u003e\u003c/a\u003e types: clarify that morfs arguments can be a single morf\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.10.7...7.13.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pre-commit` from 4.3.0 to 4.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pre-commit/pre-commit/releases\"\u003epre-commit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epre-commit v4.5.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003elanguage: python\u003c/code\u003e with \u003ccode\u003erepo: local\u003c/code\u003e without \u003ccode\u003eadditional_dependencies\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3597\"\u003e#3597\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epre-commit v4.5.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003epre-commit hazmat\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3585\"\u003e#3585\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epre-commit v4.4.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--fail-fast\u003c/code\u003e option to \u003ccode\u003epre-commit run\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3528\"\u003e#3528\u003c/a\u003e PR by \u003ca href=\"https://github.com/JulianMaurin\"\u003e\u003ccode\u003e@​JulianMaurin\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003eruby-build\u003c/code\u003e / \u003ccode\u003erbenv\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3566\"\u003e#3566\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3565\"\u003e#3565\u003c/a\u003e issue by \u003ca href=\"https://github.com/MRigal\"\u003e\u003ccode\u003e@​MRigal\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003elanguage: unsupported\u003c/code\u003e / \u003ccode\u003elanguage: unsupported_script\u003c/code\u003e as aliases for \u003ccode\u003elanguage: system\u003c/code\u003e / \u003ccode\u003elanguage: script\u003c/code\u003e (which will eventually be deprecated).\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3577\"\u003e#3577\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd support docker-in-docker detection for cgroups v2.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3535\"\u003e#3535\u003c/a\u003e PR by \u003ca href=\"https://github.com/br-rhrbacek\"\u003e\u003ccode\u003e@​br-rhrbacek\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3360\"\u003e#3360\u003c/a\u003e issue by \u003ca href=\"https://github.com/JasonAlt\"\u003e\u003ccode\u003e@​JasonAlt\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHandle when docker gives \u003ccode\u003eSecurityOptions: null\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3537\"\u003e#3537\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3514\"\u003e#3514\u003c/a\u003e issue by \u003ca href=\"https://github.com/jenstroeger\"\u003e\u003ccode\u003e@​jenstroeger\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix error context for invalid \u003ccode\u003estages\u003c/code\u003e in \u003ccode\u003e.pre-commit-config.yaml\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3576\"\u003e#3576\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md\"\u003epre-commit's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.5.1 - 2025-12-16\u003c/h1\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003elanguage: python\u003c/code\u003e with \u003ccode\u003erepo: local\u003c/code\u003e without \u003ccode\u003eadditional_dependencies\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3597\"\u003e#3597\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.5.0 - 2025-11-22\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003epre-commit hazmat\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3585\"\u003e#3585\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.4.0 - 2025-11-08\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--fail-fast\u003c/code\u003e option to \u003ccode\u003epre-commit run\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3528\"\u003e#3528\u003c/a\u003e PR by \u003ca href=\"https://github.com/JulianMaurin\"\u003e\u003ccode\u003e@​JulianMaurin\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003eruby-build\u003c/code\u003e / \u003ccode\u003erbenv\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3566\"\u003e#3566\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3565\"\u003e#3565\u003c/a\u003e issue by \u003ca href=\"https://github.com/MRigal\"\u003e\u003ccode\u003e@​MRigal\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003elanguage: unsupported\u003c/code\u003e / \u003ccode\u003elanguage: unsupported_script\u003c/code\u003e as aliases\nfor \u003ccode\u003elanguage: system\u003c/code\u003e / \u003ccode\u003elanguage: script\u003c/code\u003e (which will eventually be\ndeprecated).\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3577\"\u003e#3577\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd support docker-in-docker detection for cgroups v2.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3535\"\u003e#3535\u003c/a\u003e PR by \u003ca href=\"https://github.com/br-rhrbacek\"\u003e\u003ccode\u003e@​br-rhrbacek\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3360\"\u003e#3360\u003c/a\u003e issue by \u003ca href=\"https://github.com/JasonAlt\"\u003e\u003ccode\u003e@​JasonAlt\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eHandle when docker gives \u003ccode\u003eSecurityOptions: null\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3537\"\u003e#3537\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3514\"\u003e#3514\u003c/a\u003e issue by \u003ca href=\"https://github.com/jenstroeger\"\u003e\u003ccode\u003e@​jenstroeger\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix error context for invalid \u003ccode\u003estages\u003c/code\u003e in \u003ccode\u003e.pre-commit-config.yaml\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3576\"\u003e#3576\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/8a0630ca1aa7f6d5665effe674ebe2022af17919\"\u003e\u003ccode\u003e8a0630c\u003c/code\u003e\u003c/a\u003e v4.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/fcbc745744377ef2c9fe6a7e1a21c67d797933dc\"\u003e\u003ccode\u003efcbc745\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3597\"\u003e#3597\u003c/a\u003e from pre-commit/empty-setup-py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/51592eececd13b99c40ec477ad8f810799147227\"\u003e\u003ccode\u003e51592ee\u003c/code\u003e\u003c/a\u003e fix python local template when artifact dirs are present\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/67e8faf80baffcb4b79c31b89ca9a413a1cd6776\"\u003e\u003ccode\u003e67e8faf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3596\"\u003e#3596\u003c/a\u003e from pre-commit/pre-commit-ci-update-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/c251e6b6d011b3b262339dc8e109de29b0ff8db1\"\u003e\u003ccode\u003ec251e6b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/98ccafa3ce42b846b9a9be9ed73fbbec7415496d\"\u003e\u003ccode\u003e98ccafa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3593\"\u003e#3593\u003c/a\u003e from pre-commit/pre-commit-ci-update-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/48953556d06f8cdb4248002c1a0044e69e0916b3\"\u003e\u003ccode\u003e4895355\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/2cedd58e691f4d3bc6ab266c7d7c28464c3502be\"\u003e\u003ccode\u003e2cedd58\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3588\"\u003e#3588\u003c/a\u003e from pre-commit/pre-commit-ci-update-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/465192d7de58d569776eaaa818c94cb2b962d436\"\u003e\u003ccode\u003e465192d\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/fd42f96874279c4f65363bfea5238714419e54d7\"\u003e\u003ccode\u003efd42f96\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3586\"\u003e#3586\u003c/a\u003e from pre-commit/zipapp-sha256-file-not-needed\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pre-commit/pre-commit/compare/v4.3.0...v4.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.14.0 to 0.14.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.14.11\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-01-08.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsolidate diagnostics for matched disable/enable suppression comments (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22099\"\u003e#22099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReport diagnostics for invalid/unmatched range suppression comments (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/21908\"\u003e#21908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Passing positional argument into \u003ccode\u003eairflow.lineage.hook.HookLineageCollector.create_asset\u003c/code\u003e is not allowed (\u003ccode\u003eAIR303\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22046\"\u003e#22046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003erefurb\u003c/code\u003e] Mark \u003ccode\u003eFURB192\u003c/code\u003e fix as always unsafe (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22210\"\u003e#22210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003enon-empty-init-module\u003c/code\u003e (\u003ccode\u003eRUF067\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22143\"\u003e#22143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix GitHub format for multi-line diagnostics (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22108\"\u003e#22108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-unused-arguments\u003c/code\u003e] Mark \u003ccode\u003e**kwargs\u003c/code\u003e in \u003ccode\u003eTypeVar\u003c/code\u003e as used (\u003ccode\u003eARG001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22214\"\u003e#22214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ehelp:\u003c/code\u003e subdiagnostics for several Ruff rules that can sometimes appear to disagree with \u003ccode\u003ety\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22331\"\u003e#22331\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Demote \u003ccode\u003ePLW1510\u003c/code\u003e fix to display-only (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22318\"\u003e#22318\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Ignore identical members (\u003ccode\u003ePLR1714\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22220\"\u003e#22220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Improve diagnostic range for \u003ccode\u003ePLC0206\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22312\"\u003e#22312\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Improve fix title for \u003ccode\u003eRUF102\u003c/code\u003e invalid rule code (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22100\"\u003e#22100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e]: Avoid unnecessary builtins import for \u003ccode\u003eSIM105\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22358\"\u003e#22358\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow Python 3.15 as valid \u003ccode\u003etarget-version\u003c/code\u003e value in preview (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22419\"\u003e#22419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCheck \u003ccode\u003erequired-version\u003c/code\u003e before parsing rules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22410\"\u003e#22410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude configured \u003ccode\u003esrc\u003c/code\u003e directories when resolving graphs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22451\"\u003e#22451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003eT201\u003c/code\u003e suggestion to not use root logger to satisfy \u003ccode\u003eLOG015\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22059\"\u003e#22059\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eiter\u003c/code\u003e example in unsafe fixes doc (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22118\"\u003e#22118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8_print\u003c/code\u003e] better suggestion for \u003ccode\u003ebasicConfig\u003c/code\u003e in \u003ccode\u003eT201\u003c/code\u003e docs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22101\"\u003e#22101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Restore the fix safety docs for \u003ccode\u003ePLW0133\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22211\"\u003e#22211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix Jupyter notebook discovery info for editors (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22447\"\u003e#22447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charliermarsh\"\u003e\u003ccode\u003e@​charliermarsh\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cenviity\"\u003e\u003ccode\u003e@​cenviity\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/njhearp\"\u003e\u003ccode\u003e@​njhearp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cbachhuber\"\u003e\u003ccode\u003e@​cbachhuber\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelle-openai\"\u003e\u003ccode\u003e@​jelle-openai\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.14.11\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-01-08.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsolidate diagnostics for matched disable/enable suppression comments (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22099\"\u003e#22099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReport diagnostics for invalid/unmatched range suppression comments (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/21908\"\u003e#21908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Passing positional argument into \u003ccode\u003eairflow.lineage.hook.HookLineageCollector.create_asset\u003c/code\u003e is not allowed (\u003ccode\u003eAIR303\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22046\"\u003e#22046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003erefurb\u003c/code\u003e] Mark \u003ccode\u003eFURB192\u003c/code\u003e fix as always unsafe (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22210\"\u003e#22210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003enon-empty-init-module\u003c/code\u003e (\u003ccode\u003eRUF067\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22143\"\u003e#22143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix GitHub format for multi-line diagnostics (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22108\"\u003e#22108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-unused-arguments\u003c/code\u003e] Mark \u003ccode\u003e**kwargs\u003c/code\u003e in \u003ccode\u003eTypeVar\u003c/code\u003e as used (\u003ccode\u003eARG001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22214\"\u003e#22214\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ehelp:\u003c/code\u003e subdiagnostics for several Ruff rules that can sometimes appear to disagree with \u003ccode\u003ety\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22331\"\u003e#22331\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Demote \u003ccode\u003ePLW1510\u003c/code\u003e fix to display-only (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22318\"\u003e#22318\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Ignore identical members (\u003ccode\u003ePLR1714\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22220\"\u003e#22220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Improve diagnostic range for \u003ccode\u003ePLC0206\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22312\"\u003e#22312\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Improve fix title for \u003ccode\u003eRUF102\u003c/code\u003e invalid rule code (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22100\"\u003e#22100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e]: Avoid unnecessary builtins import for \u003ccode\u003eSIM105\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22358\"\u003e#22358\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow Python 3.15 as valid \u003ccode\u003etarget-version\u003c/code\u003e value in preview (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22419\"\u003e#22419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCheck \u003ccode\u003erequired-version\u003c/code\u003e before parsing rules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22410\"\u003e#22410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude configured \u003ccode\u003esrc\u003c/code\u003e directories when resolving graphs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22451\"\u003e#22451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003eT201\u003c/code\u003e suggestion to not use root logger to satisfy \u003ccode\u003eLOG015\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22059\"\u003e#22059\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eiter\u003c/code\u003e example in unsafe fixes doc (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22118\"\u003e#22118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8_print\u003c/code\u003e] better suggestion for \u003ccode\u003ebasicConfig\u003c/code\u003e in \u003ccode\u003eT201\u003c/code\u003e docs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22101\"\u003e#22101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Restore the fix safety docs for \u003ccode\u003ePLW0133\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22211\"\u003e#22211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix Jupyter notebook discovery info for editors (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22447\"\u003e#22447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charliermarsh\"\u003e\u003ccode\u003e@​charliermarsh\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cenviity\"\u003e\u003ccode\u003e@​cenviity\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/njhearp\"\u003e\u003ccode\u003e@​njhearp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cbachhuber\"\u003e\u003ccode\u003e@​cbachhuber\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelle-openai\"\u003e\u003ccode\u003e@​jelle-openai\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ValdonVitija\"\u003e\u003ccode\u003e@​ValdonVitija\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/c920cf8cdb247a9fd8e15a4c9d2efa838f7a78a3\"\u003e\u003ccode\u003ec920cf8\u003c/code\u003e\u003c/a\u003e Bump 0.14.11 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/22462\"\u003e#22462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/bb757b5a79888f28264f629b5667a0514071f7d6\"\u003e\u003ccode\u003ebb757b5\u003c/code\u003e\u003c/a\u003e [ty] Don't show diagnostics for excluded files (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/22455\"\u003e#22455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/1f49e8ef518b75207e155595aba57acd48205078\"\u003e\u003ccode\u003e1f49e8e\u003c/code\u003e\u003c/a\u003e Include configured \u003ccode\u003esrc\u003c/code\u003e directories when resolving graphs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/22451\"\u003e#22451\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/701f5134ab7c1a860145dccc8abb3716a3f89fe7\"\u003e\u003ccode\u003e701f513\u003c/code\u003e\u003c/a\u003e [ty] Only consider fully static pivots when deriving transitive constraints (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/eea9ad83528a7f492662f6427cdbb6fc2f655bb5\"\u003e\u003ccode\u003eeea9ad8\u003c/code\u003e\u003c/a\u003e Pin maturin version (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/22454\"\u003e#22454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/eeac2bd3eed2f4b8f4a71e0c945721481b25efc0\"\u003e\u003ccode\u003eeeac2bd\u003c/code\u003e\u003c/a\u003e [ty] Optimize union building for unions with many enum-literal members (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/22363\"\u003e#22363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/7319c37f4eb063e9590e1f09c8e92d7dabc63403\"\u003e\u003ccode\u003e7319c37\u003c/code\u003e\u003c/a\u003e docs: fix jupyter notebook discovery info for editors (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/22447\"\u003e#22447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/805503c19a6b74c5803e10123077997e29a0da37\"\u003e\u003ccode\u003e805503c\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eruff\u003c/code\u003e] Improve fix title for \u003ccode\u003eRUF102\u003c/code\u003e invalid rule code (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/22100\"\u003e#22100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/68a2f6c57d70052d0805b46b0e3a2538598b856f\"\u003e\u003ccode\u003e68a2f6c\u003c/code\u003e\u003c/a\u003e [ty] Fix \u003ccode\u003esupe...\n\n_Description has been truncated_","html_url":"https://github.com/ministryofjustice/github-community/pull/317","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fgithub-community/issues/317","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/317/packages"}},{"old_version":"1.18.0","new_version":"1.22.0","update_type":"minor","path":null,"pr_created_at":"2026-01-19T22:19:23.000Z","version_change":"1.18.0 → 1.22.0","issue":{"uuid":"3831366264","node_id":"PR_kwDONFX-vc6-GBKV","number":2959,"state":"open","title":":dependabot: pip(deps): Bump zizmor from 1.18.0 to 1.22.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-19T22:19:23.000Z","updated_at":"2026-01-19T22:19:41.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":":dependabot: pip(deps): Bump","packages":[{"name":"zizmor","old_version":"1.18.0","new_version":"1.22.0","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps [zizmor](https://github.com/zizmorcore/zizmor) from 1.18.0 to 1.22.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.22.0\u003c/h2\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e audit now only shows non-\u0026quot;well known\u0026quot; \u003ccode\u003eshell:\u003c/code\u003e findings when running with the \u0026quot;auditor\u0026quot; persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where inputs containing CRLF line endings were not patched correctly by the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.21.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e detects usage of GitHub Actions features that are considered \u0026quot;misfeatures.\u0026quot; (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now uses exit code 3 to signal an audit that has failed because no input files were collected. See the \u003ca href=\"https://docs.zizmor.sh/usage/#exit-codes\"\u003eexit code\u003c/a\u003e documentation for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1515\"\u003e#1515\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit now supports auto-fixes for many findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit no longer flags shell: cmd. That check has been moved to the new \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e audit. Users may need to update their ignore comments and/or configuration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit now flags reusable workflows that are unpinned, in addition to actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1509\"\u003e#1509\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/johnbillion\"\u003e\u003ccode\u003e@​johnbillion\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.20.0\u003c/h2\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#excessive-permissions\"\u003eexcessive-permissions\u003c/a\u003e audit is now aware of the artifact-metadata and models permissions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1461\"\u003e#1461\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#cache-poisoning\"\u003ecache-poisoning\u003c/a\u003e audit is now aware of the \u003ca href=\"https://github.com/ramsey/composer-install\"\u003eramsey/composer-install\u003c/a\u003e action (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1489\"\u003e#1489\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-images\"\u003eunpinned-images\u003c/a\u003e audit is now significantly more precise in the presence of matrix references, e.g. image: ${{ matrix.image }} (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe default policy for the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit has changed from allowing ref-pinning for first-party actions (those under actions/* and similar) to requiring hash-pinning. This makes the default policy more strict, as well as more consistent across the actions ecosystem.\u003c/p\u003e\n\u003cp\u003eUsers who with to retain the old (permissive policy) for first-party actions may configure it explicitly in their zizmor.yml:\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre\u003e\u003ccode\u003ezizmor.yml\n\u003cp\u003erules:\nunpinned-uses:\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.22.0\u003c/h2\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe [misfeature] audit now only shows non-\u0026quot;well known\u0026quot; \u003ccode\u003e#!yaml shell:\u003c/code\u003e\nfindings when running with the \u0026quot;auditor\u0026quot; persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where inputs containing CRLF line endings were not patched\ncorrectly by the [unpinned-uses] audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.21.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [misfeature] detects usage of GitHub Actions features that\nare considered \u0026quot;misfeatures.\u0026quot; (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now uses exit code \u003ccode\u003e3\u003c/code\u003e to signal an audit that has failed because\nno input files were collected. See the [exit code] documentation\nfor details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1515\"\u003e#1515\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-uses] audit now supports auto-fixes for many findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe [obfuscation] audit no longer flags \u003ccode\u003e#!yaml shell: cmd\u003c/code\u003e. That check has\nbeen moved to the new [misfeature] audit. Users may need to update their\nignore comments and/or configuration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-uses] audit now flags reusable workflows that are unpinned,\nin addition to actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1509\"\u003e#1509\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/johnbillion\"\u003e\u003ccode\u003e@​johnbillion\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.20.0\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [excessive-permissions] audit is now aware of the \u003ccode\u003eartifact-metadata\u003c/code\u003e\nand \u003ccode\u003emodels\u003c/code\u003e permissions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1461\"\u003e#1461\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [cache-poisoning] audit is now aware of the \u003ccode\u003e@​ramsey/composer-install\u003c/code\u003e\naction (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1489\"\u003e#1489\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/94308f638c114a3f42c4c842abee9cf46f166890\"\u003e\u003ccode\u003e94308f6\u003c/code\u003e\u003c/a\u003e zizmor 1.22.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1539\"\u003e#1539\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/951d2c8c8bb73c0c3be30b7a4b8c8d6973c7a822\"\u003e\u003ccode\u003e951d2c8\u003c/code\u003e\u003c/a\u003e Add 'crater' tests (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1538\"\u003e#1538\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/13c1b65775f6dbc80900580dcb37fcde8c0d6dd3\"\u003e\u003ccode\u003e13c1b65\u003c/code\u003e\u003c/a\u003e Handle CRLF in EmplaceComment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/601bbba7a91da02cc7ec7248ad27cb39c85dd403\"\u003e\u003ccode\u003e601bbba\u003c/code\u003e\u003c/a\u003e Bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1535\"\u003e#1535\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/de617a22ce828c35e5162a81852312d95839b85d\"\u003e\u003ccode\u003ede617a2\u003c/code\u003e\u003c/a\u003e Drop 'custom shell' finding to auditor persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/5175a6c9707e21e9e300e8dd14a2aac5d1099d4a\"\u003e\u003ccode\u003e5175a6c\u003c/code\u003e\u003c/a\u003e zizmor 1.21.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1529\"\u003e#1529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/b3f84f4f168f0c4d1f6c6a64d3ff8572571c95f5\"\u003e\u003ccode\u003eb3f84f4\u003c/code\u003e\u003c/a\u003e yamlpatch 0.10.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1528\"\u003e#1528\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/20b24ff49188722d1a6fe72d0c77548866d4e245\"\u003e\u003ccode\u003e20b24ff\u003c/code\u003e\u003c/a\u003e yamlpath 0.33.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1527\"\u003e#1527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/4815c16d4f0068d620fe56559d238bda344fea46\"\u003e\u003ccode\u003e4815c16\u003c/code\u003e\u003c/a\u003e Support auto-fixes for unpinned-uses (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/e611eae19cfb4b8c7af67166eedf68ae2268f2e1\"\u003e\u003ccode\u003ee611eae\u003c/code\u003e\u003c/a\u003e Document hk integration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1522\"\u003e#1522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.18.0...v1.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmor\u0026package-manager=pip\u0026previous-version=1.18.0\u0026new-version=1.22.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ministryofjustice/analytical-platform-airflow/pull/2959","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fanalytical-platform-airflow/issues/2959","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2959/packages"}},{"old_version":"1.21.0","new_version":"1.22.0","update_type":"minor","path":null,"pr_created_at":"2026-01-19T15:31:31.000Z","version_change":"1.21.0 → 1.22.0","issue":{"uuid":"3830218155","node_id":"PR_kwDODOjFv86-CLkI","number":7413,"state":"open","title":"deps(python): bump the pip group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-19T15:31:31.000Z","updated_at":"2026-01-19T16:59:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(python): bump","group_name":"pip","update_count":2,"packages":[{"name":"zizmor","old_version":"1.21.0","new_version":"1.22.0","repository_url":"https://github.com/zizmorcore/zizmor"},{"name":"black","old_version":"25.12.0","new_version":"26.1.0","repository_url":"https://github.com/psf/black"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 2 updates in the /dependencies/python directory: [zizmor](https://github.com/zizmorcore/zizmor) and [black](https://github.com/psf/black).\n\nUpdates `zizmor` from 1.21.0 to 1.22.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.22.0\u003c/h2\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e audit now only shows non-\u0026quot;well known\u0026quot; \u003ccode\u003eshell:\u003c/code\u003e findings when running with the \u0026quot;auditor\u0026quot; persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where inputs containing CRLF line endings were not patched correctly by the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.22.0\u003c/h2\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe [misfeature] audit now only shows non-\u0026quot;well known\u0026quot; \u003ccode\u003e#!yaml shell:\u003c/code\u003e\nfindings when running with the \u0026quot;auditor\u0026quot; persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where inputs containing CRLF line endings were not patched\ncorrectly by the [unpinned-uses] audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/94308f638c114a3f42c4c842abee9cf46f166890\"\u003e\u003ccode\u003e94308f6\u003c/code\u003e\u003c/a\u003e zizmor 1.22.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1539\"\u003e#1539\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/951d2c8c8bb73c0c3be30b7a4b8c8d6973c7a822\"\u003e\u003ccode\u003e951d2c8\u003c/code\u003e\u003c/a\u003e Add 'crater' tests (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1538\"\u003e#1538\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/13c1b65775f6dbc80900580dcb37fcde8c0d6dd3\"\u003e\u003ccode\u003e13c1b65\u003c/code\u003e\u003c/a\u003e Handle CRLF in EmplaceComment (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1536\"\u003e#1536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/601bbba7a91da02cc7ec7248ad27cb39c85dd403\"\u003e\u003ccode\u003e601bbba\u003c/code\u003e\u003c/a\u003e Bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1535\"\u003e#1535\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/de617a22ce828c35e5162a81852312d95839b85d\"\u003e\u003ccode\u003ede617a2\u003c/code\u003e\u003c/a\u003e Drop 'custom shell' finding to auditor persona (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1532\"\u003e#1532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.21.0...v1.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 25.12.0 to 26.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.1.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cp\u003eIntroduces the 2026 stable style (\u003ca href=\"https://redirect.github.com/psf/black/issues/4892\"\u003e#4892\u003c/a\u003e), stabilizing the following changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ealways_one_newline_after_import\u003c/code\u003e: Always force one blank line after import\nstatements, except when the line after the import is a comment or an import statement\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4489\"\u003e#4489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003efix_fmt_skip_in_one_liners\u003c/code\u003e: Fix \u003ccode\u003e# fmt: skip\u003c/code\u003e behavior on one-liner declarations,\nsuch as \u003ccode\u003edef foo(): return \u0026quot;mock\u0026quot; # fmt: skip\u003c/code\u003e, where previously the declaration would\nhave been incorrectly collapsed (\u003ca href=\"https://redirect.github.com/psf/black/issues/4800\"\u003e#4800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003efix_module_docstring_detection\u003c/code\u003e: Fix module docstrings being treated as normal\nstrings if preceded by comments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4764\"\u003e#4764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003efix_type_expansion_split\u003c/code\u003e: Fix type expansions split in generic functions (\u003ca href=\"https://redirect.github.com/psf/black/issues/4777\"\u003e#4777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003emultiline_string_handling\u003c/code\u003e: Make expressions involving multiline strings more compact\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/1879\"\u003e#1879\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003enormalize_cr_newlines\u003c/code\u003e: Add \u003ccode\u003e\\r\u003c/code\u003e style newlines to the potential newlines to\nnormalize file newlines both from and to (\u003ca href=\"https://redirect.github.com/psf/black/issues/4710\"\u003e#4710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eremove_parens_around_except_types\u003c/code\u003e: Remove parentheses around multiple exception\ntypes in \u003ccode\u003eexcept\u003c/code\u003e and \u003ccode\u003eexcept*\u003c/code\u003e without \u003ccode\u003eas\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/psf/black/issues/4720\"\u003e#4720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eremove_parens_from_assignment_lhs\u003c/code\u003e: Remove unnecessary parentheses from the left-hand\nside of assignments while preserving magic trailing commas and intentional multiline\nformatting (\u003ca href=\"https://redirect.github.com/psf/black/issues/4865\"\u003e#4865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003estandardize_type_comments\u003c/code\u003e: Format type comments which have zero or more spaces\nbetween \u003ccode\u003e#\u003c/code\u003e and \u003ccode\u003etype:\u003c/code\u003e or between \u003ccode\u003etype:\u003c/code\u003e and value to \u003ccode\u003e# type: (value)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/psf/black/issues/4645\"\u003e#4645\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe following change was not in any previous stable release:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRegenerated the \u003ccode\u003e_width_table.py\u003c/code\u003e and added tests for the Khmer language (\u003ca href=\"https://redirect.github.com/psf/black/issues/4253\"\u003e#4253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis release alo bumps \u003ccode\u003epathspec\u003c/code\u003e to v1 and fixes inconsistencies with Git's\n\u003ccode\u003e.gitignore\u003c/code\u003e logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4958\"\u003e#4958\u003c/a\u003e). Now, files will be ignored if a pattern matches them, even\nif the parent directory is directly unignored. For example, Black would previously\nformat \u003ccode\u003eexclude/not_this/foo.py\u003c/code\u003e with this \u003ccode\u003e.gitignore\u003c/code\u003e:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eexclude/\n!exclude/not_this/\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eNow, \u003ccode\u003eexclude/not_this/foo.py\u003c/code\u003e will remain ignored. To ensure \u003ccode\u003eexclude/not_this/\u003c/code\u003e and\nall of it's children are included in formatting (and in Git), use this \u003ccode\u003e.gitignore\u003c/code\u003e:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e*/exclude/*\n!*/exclude/not_this/\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis new behavior matches Git. The leading \u003ccode\u003e*/\u003c/code\u003e are only necessary if you wish to ignore\nmatching subdirectories (like the previous behavior did), and not just matching root\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.1.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cp\u003eIntroduces the 2026 stable style (\u003ca href=\"https://redirect.github.com/psf/black/issues/4892\"\u003e#4892\u003c/a\u003e), stabilizing the following changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ealways_one_newline_after_import\u003c/code\u003e: Always force one blank line after import\nstatements, except when the line after the import is a comment or an import statement\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4489\"\u003e#4489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003efix_fmt_skip_in_one_liners\u003c/code\u003e: Fix \u003ccode\u003e# fmt: skip\u003c/code\u003e behavior on one-liner declarations,\nsuch as \u003ccode\u003edef foo(): return \u0026quot;mock\u0026quot; # fmt: skip\u003c/code\u003e, where previously the declaration would\nhave been incorrectly collapsed (\u003ca href=\"https://redirect.github.com/psf/black/issues/4800\"\u003e#4800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003efix_module_docstring_detection\u003c/code\u003e: Fix module docstrings being treated as normal\nstrings if preceded by comments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4764\"\u003e#4764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003efix_type_expansion_split\u003c/code\u003e: Fix type expansions split in generic functions (\u003ca href=\"https://redirect.github.com/psf/black/issues/4777\"\u003e#4777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003emultiline_string_handling\u003c/code\u003e: Make expressions involving multiline strings more compact\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/1879\"\u003e#1879\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003enormalize_cr_newlines\u003c/code\u003e: Add \u003ccode\u003e\\r\u003c/code\u003e style newlines to the potential newlines to\nnormalize file newlines both from and to (\u003ca href=\"https://redirect.github.com/psf/black/issues/4710\"\u003e#4710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eremove_parens_around_except_types\u003c/code\u003e: Remove parentheses around multiple exception\ntypes in \u003ccode\u003eexcept\u003c/code\u003e and \u003ccode\u003eexcept*\u003c/code\u003e without \u003ccode\u003eas\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/psf/black/issues/4720\"\u003e#4720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eremove_parens_from_assignment_lhs\u003c/code\u003e: Remove unnecessary parentheses from the left-hand\nside of assignments while preserving magic trailing commas and intentional multiline\nformatting (\u003ca href=\"https://redirect.github.com/psf/black/issues/4865\"\u003e#4865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003estandardize_type_comments\u003c/code\u003e: Format type comments which have zero or more spaces\nbetween \u003ccode\u003e#\u003c/code\u003e and \u003ccode\u003etype:\u003c/code\u003e or between \u003ccode\u003etype:\u003c/code\u003e and value to \u003ccode\u003e# type: (value)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/psf/black/issues/4645\"\u003e#4645\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe following change was not in any previous stable release:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRegenerated the \u003ccode\u003e_width_table.py\u003c/code\u003e and added tests for the Khmer language (\u003ca href=\"https://redirect.github.com/psf/black/issues/4253\"\u003e#4253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis release alo bumps \u003ccode\u003epathspec\u003c/code\u003e to v1 and fixes inconsistencies with Git's\n\u003ccode\u003e.gitignore\u003c/code\u003e logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4958\"\u003e#4958\u003c/a\u003e). Now, files will be ignored if a pattern matches them, even\nif the parent directory is directly unignored. For example, Black would previously\nformat \u003ccode\u003eexclude/not_this/foo.py\u003c/code\u003e with this \u003ccode\u003e.gitignore\u003c/code\u003e:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eexclude/\n!exclude/not_this/\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eNow, \u003ccode\u003eexclude/not_this/foo.py\u003c/code\u003e will remain ignored. To ensure \u003ccode\u003eexclude/not_this/\u003c/code\u003e and\nall of it's children are included in formatting (and in Git), use this \u003ccode\u003e.gitignore\u003c/code\u003e:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e*/exclude/*\n!*/exclude/not_this/\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThis new behavior matches Git. The leading \u003ccode\u003e*/\u003c/code\u003e are only necessary if you wish to ignore\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/6305bf1ae645ab7541be4f5028a86239316178eb\"\u003e\u003ccode\u003e6305bf1\u003c/code\u003e\u003c/a\u003e Prepare 2026.1.0 release (\u003ca href=\"https://redirect.github.com/psf/black/issues/4892\"\u003e#4892\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/e71305bee302f7f9016b228361e5ae69669dca7b\"\u003e\u003ccode\u003ee71305b\u003c/code\u003e\u003c/a\u003e Bump pypa/cibuildwheel from 3.3.0 to 3.3.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/4961\"\u003e#4961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/21a2a8c2b1d0c8d47bc00cc59591470f6a9e2307\"\u003e\u003ccode\u003e21a2a8c\u003c/code\u003e\u003c/a\u003e Fix Shutdown multiprocessing Manager in schedule_formatting (\u003ca href=\"https://redirect.github.com/psf/black/issues/4952\"\u003e#4952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/e3146cea4245fcee29d007cb45d9faaf63271586\"\u003e\u003ccode\u003ee3146ce\u003c/code\u003e\u003c/a\u003e Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/4919\"\u003e#4919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/fe1fbc4fdfa03fa1d460f975b8aca77e4b4f1a4a\"\u003e\u003ccode\u003efe1fbc4\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/4923\"\u003e#4923\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2b4b7fcfe00bb0d99322e07e87fc2f0992f7a4d8\"\u003e\u003ccode\u003e2b4b7fc\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/4922\"\u003e#4922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/d745be69bfa9d85ec2ef6e5f9b7ec7e253b5e8ab\"\u003e\u003ccode\u003ed745be6\u003c/code\u003e\u003c/a\u003e docs: document --force-exclude for pre-commit workflows (\u003ca href=\"https://redirect.github.com/psf/black/issues/4957\"\u003e#4957\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/b41acd6ebbe76e18b49286166924f73f01c3fd02\"\u003e\u003ccode\u003eb41acd6\u003c/code\u003e\u003c/a\u003e Various CI and doc refactors (\u003ca href=\"https://redirect.github.com/psf/black/issues/4928\"\u003e#4928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/6f43612766da4a2f275b575af0802c3e73b6ed83\"\u003e\u003ccode\u003e6f43612\u003c/code\u003e\u003c/a\u003e Handle pathspec v1 changes (\u003ca href=\"https://redirect.github.com/psf/black/issues/4958\"\u003e#4958\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/200c550aff44372f801a6d826a361cb26f45a504\"\u003e\u003ccode\u003e200c550\u003c/code\u003e\u003c/a\u003e Bump furo from 2025.9.25 to 2025.12.19 in /docs (\u003ca href=\"https://redirect.github.com/psf/black/issues/4933\"\u003e#4933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/25.12.0...26.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/super-linter/super-linter/pull/7413","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/super-linter%2Fsuper-linter/issues/7413","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7413/packages"}},{"old_version":"1.12.1","new_version":"1.21.0","update_type":"minor","path":null,"pr_created_at":"2026-01-16T09:24:55.000Z","version_change":"1.12.1 → 1.21.0","issue":{"uuid":"3821154741","node_id":"PR_kwDOOwJt4869koQL","number":119,"state":"open","title":":dependabot: uv(deps-dev): Bump zizmor from 1.12.1 to 1.21.0","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-16T09:24:55.000Z","updated_at":"2026-01-16T09:25:15.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":":dependabot: uv(deps-dev): Bump","packages":[{"name":"zizmor","old_version":"1.12.1","new_version":"1.21.0","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps [zizmor](https://github.com/zizmorcore/zizmor) from 1.12.1 to 1.21.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.21.0\u003c/h2\u003e\n\u003ch2\u003eNew Features 🌈\u003ca href=\"https://docs.zizmor.sh/release-notes/#new-features\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew audit: \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e detects usage of GitHub Actions features that are considered \u0026quot;misfeatures.\u0026quot; (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now uses exit code 3 to signal an audit that has failed because no input files were collected. See the \u003ca href=\"https://docs.zizmor.sh/usage/#exit-codes\"\u003eexit code\u003c/a\u003e documentation for details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1515\"\u003e#1515\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit now supports auto-fixes for many findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#obfuscation\"\u003eobfuscation\u003c/a\u003e audit no longer flags shell: cmd. That check has been moved to the new \u003ca href=\"https://docs.zizmor.sh/audits/#misfeature\"\u003emisfeature\u003c/a\u003e audit. Users may need to update their ignore comments and/or configuration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit now flags reusable workflows that are unpinned, in addition to actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1509\"\u003e#1509\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/johnbillion\"\u003e\u003ccode\u003e@​johnbillion\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.20.0\u003c/h2\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#excessive-permissions\"\u003eexcessive-permissions\u003c/a\u003e audit is now aware of the artifact-metadata and models permissions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1461\"\u003e#1461\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#cache-poisoning\"\u003ecache-poisoning\u003c/a\u003e audit is now aware of the \u003ca href=\"https://github.com/ramsey/composer-install\"\u003eramsey/composer-install\u003c/a\u003e action (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1489\"\u003e#1489\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-images\"\u003eunpinned-images\u003c/a\u003e audit is now significantly more precise in the presence of matrix references, e.g. image: ${{ matrix.image }} (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe default policy for the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit has changed from allowing ref-pinning for first-party actions (those under actions/* and similar) to requiring hash-pinning. This makes the default policy more strict, as well as more consistent across the actions ecosystem.\u003c/p\u003e\n\u003cp\u003eUsers who with to retain the old (permissive policy) for first-party actions may configure it explicitly in their zizmor.yml:\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre\u003e\u003ccode\u003ezizmor.yml\n\u003cp\u003erules:\nunpinned-uses:\nconfig:\npolicies:\nactions/\u003cem\u003e: ref-pin\ngithub/\u003c/em\u003e: ref-pin\ndependabot/*: ref-pin\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.21.0\u003c/h2\u003e\n\u003ch3\u003eNew Features 🌈\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNew audit\u003c/strong\u003e: [misfeature] detects usage of GitHub Actions features that\nare considered \u0026quot;misfeatures.\u0026quot; (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor now uses exit code \u003ccode\u003e3\u003c/code\u003e to signal an audit that has failed because\nno input files were collected. See the [exit code] documentation\nfor details (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1515\"\u003e#1515\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-uses] audit now supports auto-fixes for many findings (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe [obfuscation] audit no longer flags \u003ccode\u003e#!yaml shell: cmd\u003c/code\u003e. That check has\nbeen moved to the new [misfeature] audit. Users may need to update their\nignore comments and/or configuration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-uses] audit now flags reusable workflows that are unpinned,\nin addition to actions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1509\"\u003e#1509\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/johnbillion\"\u003e\u003ccode\u003e@​johnbillion\u003c/code\u003e\u003c/a\u003e for implementing this fix!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.20.0\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [excessive-permissions] audit is now aware of the \u003ccode\u003eartifact-metadata\u003c/code\u003e\nand \u003ccode\u003emodels\u003c/code\u003e permissions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1461\"\u003e#1461\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [cache-poisoning] audit is now aware of the \u003ccode\u003e@​ramsey/composer-install\u003c/code\u003e\naction (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1489\"\u003e#1489\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-images] audit is now significantly more precise in the presence\nof matrix references, e.g. \u003ccode\u003eimage: ${{ matrix.image }}\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe default policy for the [unpinned-uses] audit has changed from allowing\nref-pinning for first-party actions (those under \u003ccode\u003eactions/*\u003c/code\u003e and similar)\nto requiring hash-pinning. This makes the default policy more strict,\nas well as more consistent across the actions ecosystem.\u003c/p\u003e\n\u003cp\u003eUsers who with to retain the old (permissive policy) for first-party\nactions may configure it explicitly in their \u003ccode\u003ezizmor.yml\u003c/code\u003e:\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/5175a6c9707e21e9e300e8dd14a2aac5d1099d4a\"\u003e\u003ccode\u003e5175a6c\u003c/code\u003e\u003c/a\u003e zizmor 1.21.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1529\"\u003e#1529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/b3f84f4f168f0c4d1f6c6a64d3ff8572571c95f5\"\u003e\u003ccode\u003eb3f84f4\u003c/code\u003e\u003c/a\u003e yamlpatch 0.10.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1528\"\u003e#1528\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/20b24ff49188722d1a6fe72d0c77548866d4e245\"\u003e\u003ccode\u003e20b24ff\u003c/code\u003e\u003c/a\u003e yamlpath 0.33.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1527\"\u003e#1527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/4815c16d4f0068d620fe56559d238bda344fea46\"\u003e\u003ccode\u003e4815c16\u003c/code\u003e\u003c/a\u003e Support auto-fixes for unpinned-uses (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/e611eae19cfb4b8c7af67166eedf68ae2268f2e1\"\u003e\u003ccode\u003ee611eae\u003c/code\u003e\u003c/a\u003e Document hk integration (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1522\"\u003e#1522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/1c0567080f300dd77a62ecb4b934ef8a9fa05128\"\u003e\u003ccode\u003e1c05670\u003c/code\u003e\u003c/a\u003e Add a 'misfeature' audit (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1517\"\u003e#1517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/b823d25f692bf84c39d0b4f2b163af4bb996e201\"\u003e\u003ccode\u003eb823d25\u003c/code\u003e\u003c/a\u003e [BOT] update JSON schemas from SchemaStore (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1518\"\u003e#1518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/718288ac3a8af9852214de8c824abe4823e1865d\"\u003e\u003ccode\u003e718288a\u003c/code\u003e\u003c/a\u003e Bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1521\"\u003e#1521\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/a4bff2d9465d43e655a449ec4b806bb30e47ef43\"\u003e\u003ccode\u003ea4bff2d\u003c/code\u003e\u003c/a\u003e chore(deps): bump the cargo group with 7 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1519\"\u003e#1519\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/f4573fd280bf82b7fe2a4f9a1e222131b75992fa\"\u003e\u003ccode\u003ef4573fd\u003c/code\u003e\u003c/a\u003e chore(deps): bump CodSpeedHQ/action in the github-actions group (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1520\"\u003e#1520\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.12.1...v1.21.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmor\u0026package-manager=uv\u0026previous-version=1.12.1\u0026new-version=1.21.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/woffenden/good-repo/pull/119","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/woffenden%2Fgood-repo/issues/119","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/119/packages"}},{"old_version":"1.19.0","new_version":"1.20.0","update_type":"minor","path":null,"pr_created_at":"2026-01-14T21:47:08.000Z","version_change":"1.19.0 → 1.20.0","issue":{"uuid":"3815021457","node_id":"PR_kwDOQl0jac69QJIQ","number":70,"state":"open","title":"Bump zizmor from 1.19.0 to 1.20.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-14T21:47:08.000Z","updated_at":"2026-01-17T21:00:25.889Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"zizmor","old_version":"1.19.0","new_version":"1.20.0","repository_url":"https://github.com/zizmorcore/zizmor"}],"path":null,"ecosystem":"pip"},"body":"Bumps [zizmor](https://github.com/zizmorcore/zizmor) from 1.19.0 to 1.20.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/releases\"\u003ezizmor's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.20.0\u003c/h2\u003e\n\u003ch2\u003eEnhancements 🌱\u003ca href=\"https://docs.zizmor.sh/release-notes/#enhancements\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#excessive-permissions\"\u003eexcessive-permissions\u003c/a\u003e audit is now aware of the artifact-metadata and models permissions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1461\"\u003e#1461\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#cache-poisoning\"\u003ecache-poisoning\u003c/a\u003e audit is now aware of the \u003ca href=\"https://github.com/ramsey/composer-install\"\u003eramsey/composer-install\u003c/a\u003e action (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1489\"\u003e#1489\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-images\"\u003eunpinned-images\u003c/a\u003e audit is now significantly more precise in the presence of matrix references, e.g. image: ${{ matrix.image }} (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges ⚠️\u003ca href=\"https://docs.zizmor.sh/release-notes/#changes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe default policy for the \u003ca href=\"https://docs.zizmor.sh/audits/#unpinned-uses\"\u003eunpinned-uses\u003c/a\u003e audit has changed from allowing ref-pinning for first-party actions (those under actions/* and similar) to requiring hash-pinning. This makes the default policy more strict, as well as more consistent across the actions ecosystem.\u003c/p\u003e\n\u003cp\u003eUsers who with to retain the old (permissive policy) for first-party actions may configure it explicitly in their zizmor.yml:\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre\u003e\u003ccode\u003ezizmor.yml\n\u003cp\u003erules:\nunpinned-uses:\nconfig:\npolicies:\nactions/\u003cem\u003e: ref-pin\ngithub/\u003c/em\u003e: ref-pin\ndependabot/*: ref-pin\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch2\u003eBug Fixes 🐛\u003ca href=\"https://docs.zizmor.sh/release-notes/#bug-fixes\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ca href=\"https://docs.zizmor.sh/audits/#dependabot-cooldown\"\u003edependabot-cooldown\u003c/a\u003e audit no longer flags missing cooldowns on ecosystems that don't (yet) support cooldowns, such as opentofu (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1480\"\u003e#1480\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a false positive in the \u003ca href=\"https://docs.zizmor.sh/audits/#cache-poisoning\"\u003ecache-poisoning\u003c/a\u003e audit where zizmor would treat empty strings (e.g. cache: '') as enabling rather than disabling caching (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed two gaps in the \u003ca href=\"https://docs.zizmor.sh/audits/#use-trusted-publishing\"\u003euse-trusted-publishing\u003c/a\u003e audit's detection of common yarn publishing commands (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1495\"\u003e#1495\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eMiscellaneous 🛠\u003ca href=\"https://docs.zizmor.sh/release-notes/#miscellaneous\"\u003e🔗\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ezizmor's configuration now has an official JSON schema that will be available via \u003ca href=\"https://www.schemastore.org/\"\u003eSchemaStore\u003c/a\u003e soon!\u003c/p\u003e\n\u003cp\u003eMany thanks to \u003ca href=\"https://github.com/kiwamizamurai\"\u003e\u003ccode\u003e@​kiwamizamurai\u003c/code\u003e\u003c/a\u003e for implementing this improvement!\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md\"\u003ezizmor's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.20.0\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🌱\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [excessive-permissions] audit is now aware of the \u003ccode\u003eartifact-metadata\u003c/code\u003e\nand \u003ccode\u003emodels\u003c/code\u003e permissions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1461\"\u003e#1461\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [cache-poisoning] audit is now aware of the \u003ccode\u003e@​ramsey/composer-install\u003c/code\u003e\naction (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1489\"\u003e#1489\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe [unpinned-images] audit is now significantly more precise in the presence\nof matrix references, e.g. \u003ccode\u003eimage: ${{ matrix.image }}\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges ⚠️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe default policy for the [unpinned-uses] audit has changed from allowing\nref-pinning for first-party actions (those under \u003ccode\u003eactions/*\u003c/code\u003e and similar)\nto requiring hash-pinning. This makes the default policy more strict,\nas well as more consistent across the actions ecosystem.\u003c/p\u003e\n\u003cp\u003eUsers who with to retain the old (permissive policy) for first-party\nactions may configure it explicitly in their \u003ccode\u003ezizmor.yml\u003c/code\u003e:\u003c/p\u003e\n\u003cpre data-meta=\"title=\u0026quot;zizmor.yml\u0026quot;\" lang=\"yaml\"\u003e\u003ccode\u003erules:\n  unpinned-uses:\n    config:\n      policies:\n        actions/*: ref-pin\n        github/*: ref-pin\n        dependabot/*: ref-pin\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe [dependabot-cooldown] audit no longer flags missing cooldowns on\necosystems that don't (yet) support cooldowns, such as \u003ccode\u003eopentofu\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1480\"\u003e#1480\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a false positive in the [cache-poisoning] audit where \u003ccode\u003ezizmor\u003c/code\u003e would\ntreat empty strings (e.g. \u003ccode\u003ecache: ''\u003c/code\u003e) as enabling rather than disabling\ncaching (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed two gaps in the [use-trusted-publishing] audit's detection of\ncommon \u003ccode\u003eyarn\u003c/code\u003e publishing commands (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1495\"\u003e#1495\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous 🛠\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ezizmor's configuration now has an official JSON schema that is available\nvia \u003ca href=\"https://www.schemastore.org\"\u003eSchemaStore\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/2780ee5207ec9bb3b24e44b82edeb778c511435d\"\u003e\u003ccode\u003e2780ee5\u003c/code\u003e\u003c/a\u003e zizmor 1.20.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1506\"\u003e#1506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/d508548227d9053fef9b8d25bd5f4d2586f9bf42\"\u003e\u003ccode\u003ed508548\u003c/code\u003e\u003c/a\u003e github-actions-models 0.43.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1505\"\u003e#1505\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/6e766ead40e820dcaeb5ef23043d6aff2280ac83\"\u003e\u003ccode\u003e6e766ea\u003c/code\u003e\u003c/a\u003e github-actions-expressions 0.0.12 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1504\"\u003e#1504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/43b1c3a34e702a5f8eb9f7d7dee270911973bebc\"\u003e\u003ccode\u003e43b1c3a\u003c/code\u003e\u003c/a\u003e yamlpatch 0.9.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1503\"\u003e#1503\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/9a270265913b012fac6a757a23fa7bf6569b4396\"\u003e\u003ccode\u003e9a27026\u003c/code\u003e\u003c/a\u003e yamlpath 0.32.0 (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1502\"\u003e#1502\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/2828132b67848decd039c10f2af9096511d179f4\"\u003e\u003ccode\u003e2828132\u003c/code\u003e\u003c/a\u003e [BOT] update JSON schemas from SchemaStore (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1499\"\u003e#1499\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/204783b799b580ece06a8c588c2a5d3f25ee2576\"\u003e\u003ccode\u003e204783b\u003c/code\u003e\u003c/a\u003e chore(deps): bump the cargo group with 3 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1500\"\u003e#1500\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/bead484fd8d9dfe55ceccc3190fbe70f596beffc\"\u003e\u003ccode\u003ebead484\u003c/code\u003e\u003c/a\u003e docs: bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1497\"\u003e#1497\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/7f0ad71a07647311a715318d329155976d11dfee\"\u003e\u003ccode\u003e7f0ad71\u003c/code\u003e\u003c/a\u003e feat: handle matrix expressions in container image clauses (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor/commit/2d3fa2f369e3ad289a140521134f31d86cd8be8f\"\u003e\u003ccode\u003e2d3fa2f\u003c/code\u003e\u003c/a\u003e docs: bump trophies (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor/issues/1496\"\u003e#1496\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor/compare/v1.19.0...v1.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmor\u0026package-manager=pip\u0026previous-version=1.19.0\u0026new-version=1.20.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/vadimpiven/node_reqwest/pull/70","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vadimpiven%2Fnode_reqwest/issues/70","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/70/packages"}}]}