chore(deps): bump the python-dependencies group across 1 directory with 9 updates

[dependabot]

Bumps the python-dependencies group with 8 updates in the / directory:

Package	From	To
alembic	1.17.1	1.17.2
pydantic	2.8.2	2.12.4
pydantic-settings	2.11.0	2.12.0
newrelic	11.0.1	11.1.0
click	8.3.0	8.3.1
ruff	0.14.3	0.14.6
bandit	1.8.6	1.9.2
pre-commit	4.3.0	4.5.0

Updates alembic from 1.17.1 to 1.17.2

Release notes

Sourced from alembic's releases.

1.17.2

Released: November 14, 2025

feature

• [feature] [operations] Added Operations.implementation_for.replace parameter to Operations.implementation_for(), allowing replacement of existing operation implementations. This allows for existing operations such as CreateTableOp to be extended directly. Pull request courtesy justanothercatgirl.

  References: #1750

bug

• [bug] [mssql] Fixed issue in SQL Server dialect where the DROP that's automatically emitted for existing default constraints during an ALTER COLUMN needs to take place before not just the modification of the column's default, but also before the column's type is changed.

  References: #1744

Commits

• See full diff in compare view

Updates pydantic from 2.8.2 to 2.12.4

Release notes

Sourced from pydantic's releases.

v2.12.4 2025-11-05

v2.12.4 (2025-11-05)

This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.

This patch release also fixes an issue with the serialization of IP address types, when serialize_as_any is used. The next patch release will try to address the remaining issues with serialize as any behavior by introducing a new polymorphic serialization feature, that should be used in most cases in place of serialize as any.

• Fix issue with forward references in parent TypedDict classes by @​Viicos in #12427.

  This issue is only relevant on Python 3.14 and greater.

• Exclude fields with exclude_if from JSON Schema required fields by @​Viicos in #12430

• Revert URL percent-encoding of credentials in the build() method of the AnyUrl and Dsn types by @​davidhewitt in pydantic-core#1833.

  This was initially considered as a bugfix, but caused regressions and as such was fully reverted. The next release will include an opt-in option to percent-encode components of the URL.

• Add type inference for IP address types by @​davidhewitt in pydantic-core#1868.

  The 2.12 changes to the serialize_as_any behavior made it so that IP address types could not properly serialize to JSON.

• Avoid getting default values from defaultdict by @​davidhewitt in pydantic-core#1853.

  This fixes a subtle regression in the validation behavior of the collections.defaultdict type.

• Fix issue with field serializers on nested typed dictionaries by @​davidhewitt in pydantic-core#1879.

• Add more pydantic-core builds for the three-threaded version of Python 3.14 by @​davidhewitt in pydantic-core#1864.

Full Changelog: pydantic/pydantic@v2.12.3...v2.12.4

v2.12.3 2025-10-17

v2.12.3 (2025-10-17)

What's Changed

This is the third 2.13 patch release, fixing issues related to the FieldInfo class, and reverting a change to the supported after model validator function signatures.

• Raise a warning when an invalid after model validator function signature is raised by @​Viicos in #12414. Starting in 2.12.0, using class methods for after model validators raised an error, but the error wasn't raised concistently. We decided to emit a deprecation warning instead.
• Add FieldInfo.asdict() method, improve documentation around FieldInfo by @​Viicos in #12411. This also adds back support for mutations on FieldInfo classes, that are reused as Annotated metadata. However, note that this is still not a supported pattern. Instead, please refer to the added example in the documentation.

The blog post section on changes was also updated to document the changes related to serialize_as_any.

Full Changelog: pydantic/pydantic@v2.12.2...v2.12.3

v2.12.2 2025-10-14

v2.12.2 (2025-10-14)

What's Changed

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.12.4 (2025-11-05)

GitHub release

This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.

This patch release also fixes an issue with the serialization of IP address types, when serialize_as_any is used. The next patch release will try to address the remaining issues with serialize as any behavior by introducing a new polymorphic serialization feature, that should be used in most cases in place of serialize as any.

• Fix issue with forward references in parent TypedDict classes by @​Viicos in #12427.

  This issue is only relevant on Python 3.14 and greater.

• Exclude fields with exclude_if from JSON Schema required fields by @​Viicos in #12430

• Revert URL percent-encoding of credentials in the build() method of the AnyUrl and Dsn types by @​davidhewitt in pydantic-core#1833.

  This was initially considered as a bugfix, but caused regressions and as such was fully reverted. The next release will include an opt-in option to percent-encode components of the URL.

• Add type inference for IP address types by @​davidhewitt in pydantic-core#1868.

  The 2.12 changes to the serialize_as_any behavior made it so that IP address types could not properly serialize to JSON.

• Avoid getting default values from defaultdict by @​davidhewitt in pydantic-core#1853.

  This fixes a subtle regression in the validation behavior of the collections.defaultdict type.

• Fix issue with field serializers on nested typed dictionaries by @​davidhewitt in pydantic-core#1879.

• Add more pydantic-core builds for the three-threaded version of Python 3.14 by @​davidhewitt in pydantic-core#1864.

v2.12.3 (2025-10-17)

GitHub release

What's Changed

This is the third 2.12 patch release, fixing issues related to the FieldInfo class, and reverting a change to the supported after model validator function signatures.

• Raise a warning when an invalid after model validator function signature is raised by @​Viicos in #12414. Starting in 2.12.0, using class methods for after model validators raised an error, but the error wasn't raised concistently. We decided to emit a deprecation warning instead.
• Add FieldInfo.asdict() method, improve documentation around FieldInfo by @​Viicos in #12411. This also add back support for mutations on FieldInfo classes, that are reused as Annotated metadata. However, note that this is still not a supported pattern. Instead, please refer to the added example in the documentation.

... (truncated)

Commits

• 5c842df Prepare release v2.12.4
• c678a71 Bump pydantic-core to v2.41.5
• a7cd292 Bump cloudpickle to v3.1.2
• 21f6278 Bump actions/setup-node from 5 to 6
• 8d6be8f Bump astral-sh/setup-uv from 6 to 7
• 17865ea Bump actions/upload-artifact from 4 to 5
• 90ad0af Bump actions/download-artifact from 5 to 6
• 18e6672 Drop testing under PyPy 3.9
• 650215b Document workaround for MongoDsn default port
• e326790 Fix example of for bytes_invalid_encoding validation error
• Additional commits viewable in compare view

Updates pydantic-settings from 2.11.0 to 2.12.0

Release notes

Sourced from pydantic-settings's releases.

v2.12.0

What's Changed

• Support for enum kebab case. by @​kschwab in pydantic/pydantic-settings#686
• Apply source order: init > env > dotenv > secrets > defaults and pres… by @​chbndrhnns in pydantic/pydantic-settings#688
• Add NestedSecretsSettings source by @​makukha in pydantic/pydantic-settings#690
• Strip non-explicit default values. by @​kschwab in pydantic/pydantic-settings#692
• Coerce env vars if strict is True. by @​kschwab in pydantic/pydantic-settings#693
• Restore init kwarg names before returning final state dictionary. by @​kschwab in pydantic/pydantic-settings#700
• Drop Python3.9 support by @​hramezani in pydantic/pydantic-settings#699
• Adapt test_protected_namespace_defaults for dev. Pydantic by @​musicinmybrain in pydantic/pydantic-settings#637
• Add Python 3.14 by @​hramezani in pydantic/pydantic-settings#704
• Prepare release 2.12 by @​hramezani in pydantic/pydantic-settings#705

New Contributors

• @​chbndrhnns made their first contribution in pydantic/pydantic-settings#688

Full Changelog: pydantic/pydantic-settings@v2.11.0...v2.12.0

Commits

• 584983d Prepare release 2.12 (#705)
• 6b4d87e Add Python 3.14 (#704)
• 02de5b6 Adapt test_protected_namespace_defaults for dev. Pydantic (#637)
• 4239ea4 Drop Python3.9 support (#699)
• 5008c69 Restore init kwarg names before returning final state dictionary. (#700)
• 4433101 Coerce env vars if strict is True. (#693)
• 4d2ebfd Strip non-explicit default values. (#692)
• 4a6ffca Add NestedSecretsSettings source (#690)
• 7a6e96e Apply source order: init > env > dotenv > secrets > defaults and pres… (#688)
• 68563ed Support for enum kebab case. (#686)
• See full diff in compare view

Updates newrelic from 11.0.1 to 11.1.0

Release notes

Sourced from newrelic's releases.

v11.1.0

Notes

This release of the Python agent adds Python 3.14 support, new environment variables for attribute filter settings, support for async generators in transaction decorators, additional models in AWS Bedrock, and new methods in AWS Kinesis. This release also fixes a bug in aiomysql which caused RecursionError when using ConnectionPool where it was wrapped multiple times, a bug where properties were not properly passed in kombu's producer, and an error when shutdown_agent is called from within the harvest thread.

Install the agent using easy_install/pip/distribute via the Python Package Index, using conda via the Conda-Forge Package Index, or download it directly from the New Relic download site.

Features

• Add support for Python 3.14

  • Add support for Python 3.14.

• Add environment variables for attribute filters settings

  • The following settings now have the option to be set through environment variables:

    Configuration Setting	Environment variable
    attributes.enabled	NEW_RELIC_ATTRIBUTES_ENABLED
    attributes.exclude	NEW_RELIC_ATTRIBUTES_EXCLUDE
    attributes.include	NEW_RELIC_ATTRIBUTES_INCLUDE
    browser_monitoring.attributes.enabled	NEW_RELIC_BROWSER_MONITORING_ATTRIBUTES_ENABLED
    browser_monitoring.attributes.exclude	NEW_RELIC_BROWSER_MONITORING_ATTRIBUTES_EXCLUDE
    browser_monitoring.attributes.include	NEW_RELIC_BROWSER_MONITORING_ATTRIBUTES_INCLUDE
    error_collector.attributes.enabled	NEW_RELIC_ERROR_COLLECTOR_ATTRIBUTES_ENABLED
    error_collector.attributes.exclude	NEW_RELIC_ERROR_COLLECTOR_ATTRIBUTES_EXCLUDE
    error_collector.attributes.include	NEW_RELIC_ERROR_COLLECTOR_ATTRIBUTES_INCLUDE
    span_events.attributes.enabled	NEW_RELIC_SPAN_EVENTS_ATTRIBUTES_ENABLED
    span_events.attributes.exclude	NEW_RELIC_SPAN_EVENTS_ATTRIBUTES_EXCLUDE
    span_events.attributes.include	NEW_RELIC_SPAN_EVENTS_ATTRIBUTES_INCLUDE
    transaction_events.attributes.enabled	NEW_RELIC_TRANSACTION_EVENTS_ATTRIBUTES_ENABLED
    transaction_events.attributes.exclude	NEW_RELIC_TRANSACTION_EVENTS_ATTRIBUTES_EXCLUDE
    transaction_events.attributes.include	NEW_RELIC_TRANSACTION_EVENTS_ATTRIBUTES_INCLUDE
    transaction_segments.attributes.enabled	NEW_RELIC_TRANSACTION_SEGMENTS_ATTRIBUTES_ENABLED
    transaction_segments.attributes.exclude	NEW_RELIC_TRANSACTION_SEGMENTS_ATTRIBUTES_EXCLUDE
    transaction_segments.attributes.include	NEW_RELIC_TRANSACTION_SEGMENTS_ATTRIBUTES_INCLUDE
    transaction_tracer.attributes.enabled	NEW_RELIC_TRANSACTION_TRACER_ATTRIBUTES_ENABLED
    transaction_tracer.attributes.exclude	NEW_RELIC_TRANSACTION_TRACER_ATTRIBUTES_EXCLUDE
    transaction_tracer.attributes.include	NEW_RELIC_TRANSACTION_TRACER_ATTRIBUTES_INCLUDE

• Add support for async generators in transaction decorators

  • Previously, transaction decorators did not support being wrapped around async generators. This support has been added, and async generator transactions will now automatically measure event loop wait time and other statistics.

• Add support for additional models in AWS Bedrock instrumentation

  • Updates AWS Bedrock instrumentation through botocore and aiobotocore to support the following additional models

    • Claude Sonnet 3+ models

... (truncated)

Commits

• 68252f0 Update version of cibuildwheel to latest (#1570)
• 8c91a74 Enable environment variables for attribute filters (#1558)
• 8577eb7 Add additional trace points for AWS Kinesis (#1569)
• 4cb31b1 Revert "Fix notice_error logic for non-iterable exceptions. (#1564)" (#1568)
• b9d9d3b Fix notice_error logic for non-iterable exceptions. (#1564)
• 2dd463d Region aware/ Claude 3+ bedrock support (#1561)
• 3ed4a12 Bump github/codeql-action in the github_actions group (#1566)
• 953f379 Add free-threaded Python to CI (#1562)
• d1e7b60 Add instrumentation for new kinesis method (#1557)
• f9ab47b Bump the github_actions group with 4 updates (#1555)
• Additional commits viewable in compare view

Updates click from 8.3.0 to 8.3.1

Release notes

Sourced from click's releases.

8.3.1

This is the Click 8.3.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.3.1/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-1 Milestone: https://github.com/pallets/click/milestone/28

• Don't discard pager arguments by correctly using subprocess.Popen. #3039 #3055
• Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. #3066 #3065 #3068
• Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. #3071 #3079
• Fix rendering when prompt and confirm parameter prompt_suffix is empty. #3019 #3021
• When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. #3069 #3090
• Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. #3136 #3137

Changelog

Sourced from click's changelog.

Version 8.3.1

Released 2025-11-15

• Don't discard pager arguments by correctly using subprocess.Popen. :issue:3039 :pr:3055
• Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. :issue:3066 :issue:3065 :pr:3068
• Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. :issue:3071 :pr:3079
• Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. :issue:3136 :pr:3137
• Fix rendering when prompt and confirm parameter prompt_suffix is empty. :issue:3019 :pr:3021
• When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. :issue:3069 :pr:3090

Commits

• 1d038f2 release version 8.3.1
• 03f3889 Fix Ruff UP038 warning (#3141)
• 3867781 Fix Ruff UP038 warning
• b91bb95 Provide altered context to callbacks to hide UNSET values as None (#3137)
• 437e1e3 Temporarily provide a fake context to the callback to hide UNSET values as ...
• ea70da4 Don't test using a file in docs/ (#3102)
• e27b307 Make uv run --all-extras pyright --verifytypes click pass (#3072)
• a92c573 Fix test_edit to work with BSD sed (#3129)
• bd131e1 Fix test_edit to work with BSD sed
• 0b5c6b7 Add Best practices section (#3127)
• Additional commits viewable in compare view

Updates ruff from 0.14.3 to 0.14.6

Release notes

Sourced from ruff's releases.

0.14.6

Release Notes

Released on 2025-11-21.

Preview features

• [flake8-bandit] Support new PySNMP API paths (S508, S509) (#21374)

Bug fixes

• Adjust own-line comment placement between branches (#21185)
• Avoid syntax error when formatting attribute expressions with outer parentheses, parenthesized value, and trailing comment on value (#20418)
• Fix panic when formatting comments in unary expressions (#21501)
• Respect fmt: skip for compound statements on a single line (#20633)
• [refurb] Fix FURB103 autofix (#21454)
• [ruff] Fix false positive for complex conversion specifiers in logging-eager-conversion (RUF065) (#21464)

Rule changes

• [ruff] Avoid false positive on ClassVar reassignment (RUF012) (#21478)

CLI

• Render hyperlinks for lint errors (#21514)
• Add a ruff analyze option to skip over imports in TYPE_CHECKING blocks (#21472)

Documentation

• Limit eglot-format hook to eglot-managed Python buffers (#21459)
• Mention force-exclude in "Configuration > Python file discovery" (#21500)

Contributors

• @​ntBre
• @​dylwil3
• @​gauthsvenkat
• @​MichaReiser
• @​thamer
• @​Ruchir28
• @​thejcannon
• @​danparizher
• @​chirizxc

Install ruff 0.14.6

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.14.6/ruff-installer.sh | sh
</tr></table> 

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.6

Released on 2025-11-21.

Preview features

• [flake8-bandit] Support new PySNMP API paths (S508, S509) (#21374)

Bug fixes

• Adjust own-line comment placement between branches (#21185)
• Avoid syntax error when formatting attribute expressions with outer parentheses, parenthesized value, and trailing comment on value (#20418)
• Fix panic when formatting comments in unary expressions (#21501)
• Respect fmt: skip for compound statements on a single line (#20633)
• [refurb] Fix FURB103 autofix (#21454)
• [ruff] Fix false positive for complex conversion specifiers in logging-eager-conversion (RUF065) (#21464)

Rule changes

• [ruff] Avoid false positive on ClassVar reassignment (RUF012) (#21478)

CLI

• Render hyperlinks for lint errors (#21514)
• Add a ruff analyze option to skip over imports in TYPE_CHECKING blocks (#21472)

Documentation

• Limit eglot-format hook to eglot-managed Python buffers (#21459)
• Mention force-exclude in "Configuration > Python file discovery" (#21500)

Contributors

• @​ntBre
• @​dylwil3
• @​gauthsvenkat
• @​MichaReiser
• @​thamer
• @​Ruchir28
• @​thejcannon
• @​danparizher
• @​chirizxc

0.14.5

Released on 2025-11-13.

Preview features

• [flake8-simplify] Apply SIM113 when index variable is of type int (#21395)

... (truncated)

Commits

• 59c6cb5 Bump 0.14.6 (#21558)
• 54dba15 [ty] Improve debug messages when imports fail (#21555)
• 1af3185 [ty] Add support for relative import completions
• 553e568 [ty] Refactor detection of import statements for completions
• cdef3f5 [ty] Use dedicated collector for completions
• 6178822 [ty] Attach subdiagnostics to unresolved-import errors for relative imports...
• 6b7adb0 [ty] support PEP 613 type aliases (#21394)
• 06941c1 [ty] More low-hanging fruit for inlay hint goto-definition (#21548)
• eb7c098 [ty] implement TypedDict structural assignment (#21467)
• 1b28fc1 [ty] Add more random TypeDetails and tests (#21546)
• Additional commits viewable in compare view

Updates bandit from 1.8.6 to 1.9.2

Release notes

Sourced from bandit's releases.

1.9.2

What's Changed

• Argparse Python 3.14 enhancements by @​ericwb in PyCQA/bandit#1331
• Check whether Constant value is str by @​ericwb in PyCQA/bandit#1333

Full Changelog: PyCQA/bandit@1.9.1...1.9.2

1.9.1

What's Changed

• More Python version related fixes by @​ericwb in PyCQA/bandit#1327

Full Changelog: PyCQA/bandit@1.9.0...1.9.1

1.9.0

What's Changed

• Add instructions for Maintainers to create/publish a release by @​ericwb in PyCQA/bandit#1275
• Bump sigstore/cosign-installer from 3.9.1 to 3.9.2 by @​dependabot[bot] in PyCQA/bandit#1289
• Bump docker/login-action from 3.4.0 to 3.5.0 by @​dependabot[bot] in PyCQA/bandit#1290
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1291
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in PyCQA/bandit#1292
• Replace deprecated datetime.datetime.utcnow() by @​purplezimmermann in PyCQA/bandit#1295
• Bump actions/setup-python from 5 to 6 by @​dependabot[bot] in PyCQA/bandit#1296
• Bump sigstore/cosign-installer from 3.9.2 to 3.10.0 by @​dependabot[bot] in PyCQA/bandit#1298
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1303
• Fix typos by @​Shortfinga in PyCQA/bandit#1305
• Bump docker/login-action from 3.5.0 to 3.6.0 by @​dependabot[bot] in PyCQA/bandit#1306
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1315
• Bump sigstore/cosign-installer from 3.10.0 to 4.0.0 by @​dependabot[bot] in PyCQA/bandit#1317
• Support of Python 3.14 by @​ericwb in PyCQA/bandit#1323
• Drop support of end-of-life Python 3.9 by @​ericwb in PyCQA/bandit#1325
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1324

New Contributors

• @​purplezimmermann made their first contribution in PyCQA/bandit#1295
• @​Shortfinga made their first contribution in PyCQA/bandit#1305

Full Changelog: PyCQA/bandit@1.8.6...1.9.0

Commits

• ea0d187 Check whether Constant value is str (#1333)
• 8bf7594 Argparse Python 3.14 enhancements (#1331)
• a255dfa More Python version related fixes (#1327)
• 3f07bb0 [pre-commit.ci] pre-commit autoupdate (#1324)
• c8c3fb8 Drop support of end-of-life Python 3.9 (#1325)
• 5c30350 Support of Python 3.14 (#1323)
• e1ffdf6 Bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#1317)
• 176d4ca [pre-commit.ci] pre-commit autoupdate (#1315)
• 2fc3e9c Bump docker/login-action from 3.5.0 to 3.6.0 (#1306)
• 6a68546 Fix typos (#1305)
• Additional commits viewable in compare view

Updates semgrep from 1.86.0 to 1.85.0

Changelog

Sourced from semgrep's changelog.

1.86.0 - 2024-09-04

Added

• The taint analysis can now track method invocations on variables of an interface type, when there is a single implementation. For example, the tainted input vulnerability can now be detected in the following code:

  public interface MovieService {
    String vulnerableInjection(String input);
  }
  @​Service
  public class MovieServiceImpl implements MovieService {
  @​Override
  public String vulnerableInjection(String input) {
  return sink(input);
  }
  }
  @​RestController("/")
  public class SpringController {
  @​Autowired
  private MovieService movieService;
  @​GetMapping("/pwn")
  public String pwnTest(@​RequestParam("input") String taintedInput) {
  return movieService.vulnerableInjection(taintedInput);
  }
  }

  When there are multiple implementations, the taint analysis will not follow any of them. We will add handling of cases with multiple implementations in upcoming updates. (code-7434)

• Uses of values imported via ECMAScript default imports (e.g., import example from 'mod';) can now be matched by qualified name patterns (e.g., mod.default). (code-7463)

• Pro: taint-mode: Allow (experimental) control taint to propagate through returns.

  Now this taint rule:

  pattern-sources:
  - control: true
    pattern: taint()
  pattern-sinks:
  

... (truncated)

Commits

• 2490e33 chore: Bump version to 1.85.0
• cf04235 Read event name from env var in managed scanning (semgrep/semgrep-proprietary...
• 1ad70b2 Do not profile rules anymore when using --debug (semgrep/semgrep-proprietary#...
• 98de3d1 fix(julia): [... for ... in ...] comprehension metavariable bindings (semgr...
• 6d0885esemgrep/semgrep-proprietary#2008
• 1bc14ffsemgrep/semgrep-proprietary#2012
• caf2b87 feat: add the number of bytes of a file to traces (semgrep/semgrep-proprietar...
• 26a3540 feat(interfaces): process files w/extension .tfvars as terraform files (sem...
• b013879semgrep/semgrep-proprietary#2009
• 0e8fd31semgrep/semgrep-proprietary#2005
• Additional commits viewable in compare view

Updates pre-commit from 4.3.0 to 4.5.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.5.0

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

pre-commit v4.4.0

Features

• Add --fail-fast option to pre-commit run.
  • #3528 PR by @​JulianMaurin.
• Upgrade ruby-build / rbenv.
  • #3566 PR by @​asottile.
  • #3565 issue by @​MRigal.
• Add language: unsupported / language: unsupported_script as aliases for language: system / language: script (which will eventually be deprecated).
  • #3577 PR by @​asottile.
• Add support docker-in-docker detection for cgroups v2.
  • #3535 PR by @​br-rhrbacek.
  • #3360 issue by @​JasonAlt.

Fixes

• Handle when docker gives SecurityOptions: null.
  • #3537 PR by @​asottile.
  • #3514 issue by @​jenstroeger.
• Fix error context for invalid stages in .pre-commit-config.yaml.
  • #3576 PR by @​asottile.

Changelog

Sourced from pre-commit's changelog.

4.5.0 - 2025-11-22

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

4.4.0 - 2025-11-08

Features

• Add --fail-fast option to pre-commit run.
  • #3528 PR by @​JulianMaurin.
• Upgrade ruby-build / rbenv.
  • #3566 PR by @​asottile.
  • #3565 issue by @​MRigal.
• Add language: unsupported / language: unsupported_script as aliases for language: system / language: script (which will eventually be deprecated).
  • #3577 PR by @​asottile.
• Add support docker-in-docker detection for cgroups v2.
  • #3535 PR by @​br-rhrbacek.
  • #3360 issue by @​JasonAlt.

Fixes

• Handle when docker gives SecurityOptions: null.
  • #3537 PR by @​asottile.
  • #3514 issue by @​jenstroeger.
• Fix error context for invalid stages in .pre-commit-config.yaml.
  • #3576 PR by @​asottile.

Commits

• 1af6c8f v4.5.0
• 3358a3b Merge pull request #3585 from pre-commit/hazmat
• bdf6879 add pre-commit hazmat
• e436690 Merge pull request #3584 from pre-commit/exitstack
• 8d34f95 use ExitStack instead of start + stop
• 9c7ea88 Merge pull request #3583 from pre-commit/forward-compat-map-manifest
• 844dacc add forward-compat error message
• 6a1d543 Merge pull request #3582 from pre-commit/move-gc-back
• 66278a9 move logic for gc back to commands.gc
• 1b32c50 Merge pull request #3579 from pre-commit/pre-commit-ci-update-config
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore condi...

Description has been truncated