Bump the dev group with 3 updates

[dependabot]

Bumps the dev group with 3 updates: prek, ruff and ty.

Updates prek from 0.3.8 to 0.3.9

Release notes

Sourced from prek's releases.

0.3.9

Release Notes

Released on 2026-04-13.

Highlight

prek auto-update is now stricter about pinned revisions and more useful in CI. It now keeps rev and # frozen: comments in sync, can detect impostor commits when validating pinned SHAs, and lets you use prek auto-update --check to fail on both available updates and frozen-ref mismatches without rewriting the config.

Examples:

$ prek auto-update
# updates revs and repairs stale `# frozen:` comments
$ prek auto-update --freeze
writes frozen SHAs with matching # frozen: <tag> comments
$ prek auto-update --check
exits non-zero when updates are available, a # frozen: comment is stale,
or a pinned SHA does not belong to the fetched upstream refs

Enhancements

• Check and sync frozen comments during auto-update (#1896)
• Handle impostor commits in auto-update (#1919)
• Add experimental language: dotnet support (#1871)
• Honor repo and worktree core.hooksPath (#1892)
• Add prek run --no-fail-fast to override config file (#1859)
• Add forbid-new-submodules as builtin hook (#1853)
• Clean stale patch files in cache gc (#1877)
• Display auto-update results by config entry (#1922)
• Restrict patch directory permissions (#1876)
• Show tag names in auto-update --freeze output (#1916)
• Use a bitset for hook stages (#1860)

Bug fixes

• Canonicalize CWD and GIT_ROOT paths (#1878)
• Ensure quotes are added for non-string revisions in auto-update (#1936)

Documentation

• Update docs for case of hooks modifying files with a non-zero exit code (#1879)

... (truncated)

Changelog

Sourced from prek's changelog.

0.3.9

Released on 2026-04-13.

Highlight

prek auto-update is now stricter about pinned revisions and more useful in CI. It now keeps rev and # frozen: comments in sync, can detect impostor commits when validating pinned SHAs, and lets you use prek auto-update --check to fail on both available updates and frozen-ref mismatches without rewriting the config.

Examples:

$ prek auto-update
# updates revs and repairs stale `# frozen:` comments
$ prek auto-update --freeze
writes frozen SHAs with matching # frozen: <tag> comments
$ prek auto-update --check
exits non-zero when updates are available, a # frozen: comment is stale,
or a pinned SHA does not belong to the fetched upstream refs

Enhancements

• Check and sync frozen comments during auto-update (#1896)
• Handle impostor commits in auto-update (#1919)
• Add experimental language: dotnet support (#1871)
• Honor repo and worktree core.hooksPath (#1892)
• Add prek run --no-fail-fast to override config file (#1859)
• Add forbid-new-submodules as builtin hook (#1853)
• Clean stale patch files in cache gc (#1877)
• Display auto-update results by config entry (#1922)
• Restrict patch directory permissions (#1876)
• Show tag names in auto-update --freeze output (#1916)
• Use a bitset for hook stages (#1860)

Bug fixes

• Canonicalize CWD and GIT_ROOT paths (#1878)
• Ensure quotes are added for non-string revisions in auto-update (#1936)

Documentation

• Update docs for case of hooks modifying files with a non-zero exit code (#1879)

Contributors

... (truncated)

Commits

• 3a9b9fe Ensure quotes are added for non-string revisions in auto-update (#1936)
• 501d1db Bump version to 0.3.9 (#1934)
• dc98c47 Honor repo and worktree core.hooksPath (#1892)
• 08c1f70 Remove bracket from auto-update project header (#1933)
• 4292fe2 Update pre-commit hook crate-ci/typos to v1.45.0 (#1930)
• adafad0 Update GitHub Actions (#1929)
• f0bf283 Update dependency uv to v0.11.3 (#1928)
• 059f272 Display auto-update results by config entry (#1922)
• 7899b90 Handle --no-lazy-fetch not available
• ff0769a Handle impostor commits in auto-update
• Additional commits viewable in compare view

Updates ruff from 0.15.10 to 0.15.11

Release notes

Sourced from ruff's releases.

0.15.11

Release Notes

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

• [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

• [flake8-async] Add override mention to ASYNC109 docs (#24666)
• Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

• @​augustelalande
• @​anishgirianish
• @​benberryallwood
• @​charliermarsh
• @​Dev-iL

Install ruff 0.15.11

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.ps1 | iex"

Download ruff 0.15.11

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ruff-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
ruff-i686-pc-windows-msvc.zip	x86 Windows	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.11

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

• [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

• [flake8-async] Add override mention to ASYNC109 docs (#24666)
• Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

• @​augustelalande
• @​anishgirianish
• @​benberryallwood
• @​charliermarsh
• @​Dev-iL

Commits

• 53554b1 Bump 0.15.11 (#24678)
• 08c56c8 Factor out the mdtest crate (#24616)
• 725fbb7 [ty] Use partially qualified names when reporting diagnostics regarding bad c...
• ddd6a30 [ty] Do not suggest argument completion when at value of keyword argument (#2...
• 9282e61 Disallow @​disjoint_base on TypedDicts and Protocols (#24671)
• e9986d8 [ty] Reject using properties with Never setters or deleters (#24510)
• 9cf212f [ty] Normalize property setter and deleter wrappers (#24509)
• 12a1589 Add override mention to ASYNC109 docs (#24666)
• dccb03d [ty] Avoid panicking on overloaded Callable type context (#24661)
• 61f9a0a [ty] Sync vendored typeshed stubs (#24646)
• Additional commits viewable in compare view

Updates ty from 0.0.29 to 0.0.31

Release notes

Sourced from ty's releases.

0.0.31

Release Notes

Released on 2026-04-15.

Bug fixes

• Avoid panic from double inference for namedtuple(typename=T, field_names=x, **{}) (#24641)
• Avoid panic from double inference with missing functional Enum(...) names (#24638)
• Avoid panic from double inference with functional Enum(value=...) (#24639)
• Fix cases where invalid-key fix doesn't converge, and override-of-final-method produces invalid syntax (#24649)
• Fix unnecessary ty:ignore comments inserted by --add-ignore for diagnostics starting on the same line (#24651)

CLI

• Add --fix mode to enable auto-fix for diagnostics (#24097)

Performance

• Avoid excessive memory usage for dataclasses with many fields (#24620)

Core type checking

• Check inherited NamedTuple field conflicts (#24542)
• Error when duplicate keywords are provided to TypedDict constructors (#24449)
• Respect mixed positional and keyword arguments in TypedDict constructor (#24448)
• Respect subclass shadowing for inherited NamedTuple fields (#24640)
• Skip EnumMeta.__call__ for enum constructor signatures (#24513)

Contributors

• @​sharkdp
• @​Glyphack
• @​MichaReiser
• @​charliermarsh

Install ty 0.0.31

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.31/ty-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ty/releases/download/0.0.31/ty-installer.ps1 | iex"

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.31

Released on 2026-04-15.

Bug fixes

• Avoid panic from double inference for namedtuple(typename=T, field_names=x, **{}) (#24641)
• Avoid panic from double inference with missing functional Enum(...) names (#24638)
• Avoid panic from double inference with functional Enum(value=...) (#24639)
• Fix cases where invalid-key fix doesn't converge, and override-of-final-method produces invalid syntax (#24649)
• Fix unnecessary ty:ignore comments inserted by --add-ignore for diagnostics starting on the same line (#24651)

CLI

• Add --fix mode to enable auto-fix for diagnostics (#24097)

Performance

• Avoid excessive memory usage for dataclasses with many fields (#24620)

Core type checking

• Check inherited NamedTuple field conflicts (#24542)
• Error when duplicate keywords are provided to TypedDict constructors (#24449)
• Respect mixed positional and keyword arguments in TypedDict constructor (#24448)
• Respect subclass shadowing for inherited NamedTuple fields (#24640)
• Skip EnumMeta.__call__ for enum constructor signatures (#24513)

Contributors

• @​sharkdp
• @​Glyphack
• @​MichaReiser
• @​charliermarsh

0.0.30

Released on 2026-04-13.

As of v0.0.30, ty no longer unions Unknown into most inferred types of unannotated attributes. For example:

class Foo:
    def __init__(self) -> None:
        self.value = 1
reveal_type(Foo().value)  # revealed: int
Foo().value = "x"  # error: [invalid-assignment]

... (truncated)

Commits

• daaa404 Bump version to 0.0.31 (#3280)
• 12e86b5 Bump version to 0.0.30 (#3270)
• 67077ad Reorder sections in FAQ (#3267)
• 01144db Update docker/login-action action to v4.1.0 (#3262)
• 48b3fe3 Update prek dependencies (#3261)
• 7c81338 Create a "deployment" for the release-gate job (#3239)
• a447e03 Add a "release-gate" step to the release workflow (#3205)
• 5131a0e Update prek dependencies (#3221)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions