build(deps): bump the minor-updates group across 1 directory with 14 updates

[dependabot]

Bumps the minor-updates group with 14 updates in the / directory:

Package	From	To
asgiref	3.9.1	3.11.0
certifi	2025.8.3	2025.11.12
charset-normalizer	3.4.3	3.4.4
idna	3.10	3.11
psycopg2-binary	2.9.10	2.9.11
sqlparse	0.5.3	0.5.4
typing-extensions	4.14.1	4.15.0
urllib3	2.5.0	2.6.0
whitenoise	6.9.0	6.11.0
ruff	0.12.9	0.14.8
pre-commit	4.3.0	4.5.0
bandit	1.8.6	1.9.2
mypy	1.17.1	1.19.0
django-stubs[compatible-mypy]	5.2.2	5.2.8

Updates asgiref from 3.9.1 to 3.11.0

Changelog

Sourced from asgiref's changelog.

3.11.0 (2025-11-19)

• sync_to_async gains a context parameter, similar to those for asyncio.create_task, TaskGroup &co, that can be used on Python 3.11+ to control the context used by the underlying task.

  The parent context is already propagated by default but the additional control is useful if multiple sync_to_async calls need to share the same context, e.g. when used with asyncio.gather().

3.10.0 (2025-10-05)

• Added AsyncSingleThreadContext context manager to ensure multiple AsyncToSync invocations use the same thread. (#511)

3.9.2 (2025-09-23)

• Adds support for Python 3.14.

• Fixes wsgi.errors file descriptor in WsgiToAsgi adapter.

Commits

• b7b15b2 Releasing 3.11.0.
• 901ee4f Added a custom context parameter for the sync_to_async (#536)
• 2138f03 Fixed typo in test file comment.
• f587b12 Releasing 3.10.0.
• b08087c Added AsyncSingleThreadContext (#511)
• 3471a0c Releasing 3.9.2
• 4f892bd Remove Python 3.8 from tox
• 83cd6f3 Run CI against Python 3.14
• 796b9f1 Fix incorrect Trailer header (#531)
• 29b108b Fixed #529: wsgi.errors should be a StringIO (#530)
• See full diff in compare view

Updates certifi from 2025.8.3 to 2025.11.12

Commits

• 37ea150 2025.11.12 (#375)
• 2fa50bb Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#374)
• 6cadb53 Bump actions/download-artifact from 5.0.0 to 6.0.0 (#373)
• fb14ac4 2025.10.05 (#371)
• 2c7c7ee Add Python 3.14 classifier in setup.py
• 1a5cb7b Bump actions/setup-python from 5.6.0 to 6.0.0 (#367)
• dea5960 Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 (#366)
• 83566b7 Bump actions/checkout from 4.2.2 to 5.0.0
• ca2e121 Bump actions/download-artifact from 4.3.0 to 5.0.0
• See full diff in compare view

Updates charset-normalizer from 3.4.3 to 3.4.4

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.4

3.4.4 (2025-10-13)

Changed

• Bound setuptools to a specific constraint setuptools>=68,<=81.
• Raised upper bound of mypyc for the optional pre-built extension to v1.18.2

Removed

• setuptools-scm as a build dependency.

Misc

• Enforced hashes in dev-requirements.txt and created ci-requirements.txt for security purposes.
• Additional pre-built wheels for riscv64, s390x, and armv7l architectures.
• Restore multiple.intoto.jsonl in GitHub releases in addition to individual attestation file per wheel.

Changelog

Sourced from charset-normalizer's changelog.

3.4.4 (2025-10-13)

Changed

• Bound setuptools to a specific constraint setuptools>=68,<=81.
• Raised upper bound of mypyc for the optional pre-built extension to v1.18.2

Removed

• setuptools-scm as a build dependency.

Misc

• Enforced hashes in dev-requirements.txt and created ci-requirements.txt for security purposes.
• Additional pre-built wheels for riscv64, s390x, and armv7l architectures.
• Restore multiple.intoto.jsonl in GitHub releases in addition to individual attestation file per wheel.

Commits

• b30ffdc 🔧 fix checksum step in cd.yml
• d3fbfcf 🔧 fix cd.yml
• dafbb95 Release 3.4.4 (#658)
• 1f18ffa ⬆️ raise mypy upper bound to 1.18.2
• ef4ac69 Merge branch 'release-3.4.4' of github.com:jawah/charset_normalizer into rele...
• 4b35dda 📝 write changelog for 3.4.4
• 0ec6452 🔧 update cd.yml workflow (add riscv64, s390x and armv7l)
• f341ede ⬆️ upgrade dependencies (dev, ci)
• a308841 📝 write changelog for 3.4.4
• 9c906da 🔧 update cd.yml workflow (add riscv64, s390x and armv7l)
• Additional commits viewable in compare view

Updates idna from 3.10 to 3.11

Changelog

Sourced from idna's changelog.

3.11 (2025-10-12)

• Update to Unicode 16.0.0, including significant changes to UTS46 processing. As a result of Unicode ending support for it, transitional processing no longer has an effect and returns the same result.
• Add support for Python 3.14, lowest supported version is Python 3.8.
• Various updates to packaging, including PEP 740 support.

Commits

• ad949ee Release v3.11
• cae4ba7 Second release candidate for 3.11
• 8adb305 Add space in RST link
• 74cb2b6 Release candidate for 3.11
• 05dab09 Format idna-data with ruff
• 90eac78 Apply ruff formatting
• a31ce7e Remove errant test vectors
• 81f0333 Omit vectors known to be broken in test suite
• a0f3257 Merge branch 'master' into unicode-16-uts46-changes
• 38d9886 Remove extra UTS46 test vector
• Additional commits viewable in compare view

Updates psycopg2-binary from 2.9.10 to 2.9.11

Changelog

Sourced from psycopg2-binary's changelog.

Current release

What's new in psycopg 2.9.11 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.14.
• Avoid a segfault passing more arguments than placeholders if Python is built with assertions enabled (:ticket:[#1791](https://github.com/psycopg/psycopg2/issues/1791)).
• Add riscv64 platform binary packages (:ticket:[#1813](https://github.com/psycopg/psycopg2/issues/1813)).
• ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 18.
• Drop support for Python 3.8.

What's new in psycopg 2.9.10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.13.
• Receive notifications on commit (:ticket:[#1728](https://github.com/psycopg/psycopg2/issues/1728)).
• ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 17.
• Drop support for Python 3.7.

What's new in psycopg 2.9.9 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.12.
• Drop support for Python 3.6.

What's new in psycopg 2.9.8 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Wheel package bundled with PostgreSQL 16 libpq in order to add support for recent features, such as sslcertmode.

What's new in psycopg 2.9.7 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Fix propagation of exceptions raised during module initialization (:ticket:[#1598](https://github.com/psycopg/psycopg2/issues/1598)).
• Fix building when pg_config returns an empty string (:ticket:[#1599](https://github.com/psycopg/psycopg2/issues/1599)).
• Wheel package bundled with OpenSSL 1.1.1v.

What's new in psycopg 2.9.6 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

... (truncated)

Commits

• fd9ae8c chore: bump to version 2.9.11
• d923840 chore: update docs requirements
• d42dc71 Merge branch 'fix-1791'
• 4fde656 fix: avoid failed assert passing more arguments than placeholders
• 8308c19 fix: drop warning about the use of deprecated PyWeakref_GetObject function
• 1a1eabf build(deps): bump actions/github-script from 7 to 8
• 897af8b build(deps): bump peter-evans/repository-dispatch from 3 to 4
• ceefd30 build(deps): bump actions/checkout from 4 to 5
• 4dc5854 build(deps): bump actions/setup-python from 5 to 6
• 1945788 Merge pull request #1802 from edgarrmondragon/cp314-wheels
• Additional commits viewable in compare view

Updates sqlparse from 0.5.3 to 0.5.4

Changelog

Sourced from sqlparse's changelog.

Release 0.5.4 (Nov 28, 2025)

Enhancements

• Add support for Python 3.14.
• Add type annotations to top-level API functions and include py.typed marker for PEP 561 compliance, enabling type checking with mypy and other tools (issue756).
• Add pre-commit hook support. sqlparse can now be used as a pre-commit hook to automatically format SQL files. The CLI now supports multiple files and an --in-place flag for in-place editing (issue537).
• Add ATTACH and DETACH to PostgreSQL keywords (pr808).
• Add INTERSECT to close keywords in WHERE clause (pr820).
• Support REGEXP BINARY comparison operator (pr817).

Bug Fixes

• Add additional protection against denial of service attacks when parsing very large lists of tuples. This enhances the existing recursion protections with configurable limits for token processing to prevent DoS through algorithmic complexity attacks. The new limits (MAX_GROUPING_DEPTH=100, MAX_GROUPING_TOKENS=10000) can be adjusted or disabled (by setting to None) if needed for legitimate large SQL statements.
• Remove shebang from cli.py and remove executable flag (pr818).
• Fix strip_comments not removing all comments when input contains only comments (issue801, pr803 by stropysh).
• Fix splitting statements with IF EXISTS/IF NOT EXISTS inside BEGIN...END blocks (issue812).
• Fix splitting on semicolons inside BEGIN...END blocks (issue809).

Commits

• 14e300b Bump version.
• 96a67e2 Code cleanup.
• 1a3bfbd Fix handling of semicolons inside BEGIN...END blocks (fixes #809).
• e92a032 Fix handling of IF EXISTS statements in BEGIN...END blocks (fixes #812).
• 149bebf Update Changelog.
• 561a67e Update AUTHORS.
• 73c8ba3 bugfix ISSUE_801; Remove all comments when only comments
• 1b32387 Update action to run on all prs.
• 31903e0 Add pre-commit hook support (fixes #537)
• 1357726 docs: add AGENTS.md for project guidance and development commands
• Additional commits viewable in compare view

Updates typing-extensions from 4.14.1 to 4.15.0

Release notes

Sourced from typing-extensions's releases.

4.15.0

No user-facing changes since 4.15.0rc1.

New features since 4.14.1:

• Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
• Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
• Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.

4.15.0rc1

• Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
• Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
• Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.

Changelog

Sourced from typing-extensions's changelog.

Release 4.15.0 (August 25, 2025)

No user-facing changes since 4.15.0rc1.

Release 4.15.0rc1 (August 18, 2025)

• Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
• Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
• Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.

Commits

• 9d1637e Prepare release 4.15.0 (#658)
• 4bd67c5 Coverage: exclude some noise (#656)
• e589a26 Coverage: add detailed report to job summary (#655)
• 67d37fe Coverage: Implement fail_under (#654)
• e9ae26f Don't delete previous coverage comment (#653)
• ac80bb7 Add Coverage workflow (#623)
• abaaafd Prepare release 4.15.0rc1 (#650)
• 9810405 Add @disjoint_base (PEP 800) (#634)
• 7ee9e05 Backport type_params fix from CPython (#646)
• 1e8eb9c Do not refer to PEP 705 as being experimental (#648)
• Additional commits viewable in compare view

Updates urllib3 from 2.5.0 to 2.6.0

Release notes

Sourced from urllib3's releases.

2.6.0

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Security

• Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by @​Cycloctane, 8.9 High, GHSA-2xpw-w6gg-jr37)
• Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the Content-Encoding header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by @​illia-v, 8.9 High, GHSA-gm62-xv2j-4w53)

[!IMPORTANT]

• If urllib3 is not installed with the optional urllib3[brotli] extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using urllib3[brotli] to install a compatible Brotli package automatically.
• If you use custom decompressors, please make sure to update them to respect the changed API of urllib3.response.ContentDecoder.

Features

• Enabled retrieval, deletion, and membership testing in HTTPHeaderDict using bytes keys. (#3653)
• Added host and port information to string representations of HTTPConnection. (#3666)
• Added support for Python 3.14 free-threading builds explicitly. (#3696)

Removals

• Removed the HTTPResponse.getheaders() method in favor of HTTPResponse.headers. Removed the HTTPResponse.getheader(name, default) method in favor of HTTPResponse.headers.get(name, default). (#3622)

Bugfixes

• Fixed redirect handling in urllib3.PoolManager when an integer is passed for the retries parameter. (#3649)
• Fixed HTTPConnectionPool when used in Emscripten with no explicit port. (#3664)
• Fixed handling of SSLKEYLOGFILE with expandable variables. (#3700)

Misc

• Changed the zstd extra to install backports.zstd instead of zstandard on Python 3.13 and before. (#3693)
• Improved the performance of content decoding by optimizing BytesQueueBuffer class. (#3710)
• Allowed building the urllib3 package with newer setuptools-scm v9.x. (#3652)
• Ensured successful urllib3 builds by setting Hatchling requirement to ≥ 1.27.0. (#3638)

Changelog

Sourced from urllib3's changelog.

2.6.0 (2025-12-05)

Security

• Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37>__)
• Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the Content-Encoding header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53>__)

.. caution::

• If urllib3 is not installed with the optional urllib3[brotli] extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to benefit from the security fixes and avoid warnings. Prefer using urllib3[brotli] to install a compatible Brotli package automatically.

• If you use custom decompressors, please make sure to update them to respect the changed API of urllib3.response.ContentDecoder.

Features

• Enabled retrieval, deletion, and membership testing in HTTPHeaderDict using bytes keys. ([#3653](https://github.com/urllib3/urllib3/issues/3653) <https://github.com/urllib3/urllib3/issues/3653>__)
• Added host and port information to string representations of HTTPConnection. ([#3666](https://github.com/urllib3/urllib3/issues/3666) <https://github.com/urllib3/urllib3/issues/3666>__)
• Added support for Python 3.14 free-threading builds explicitly. ([#3696](https://github.com/urllib3/urllib3/issues/3696) <https://github.com/urllib3/urllib3/issues/3696>__)

Removals

• Removed the HTTPResponse.getheaders() method in favor of HTTPResponse.headers. Removed the HTTPResponse.getheader(name, default) method in favor of HTTPResponse.headers.get(name, default). ([#3622](https://github.com/urllib3/urllib3/issues/3622) <https://github.com/urllib3/urllib3/issues/3622>__)

Bugfixes

• Fixed redirect handling in urllib3.PoolManager when an integer is passed for the retries parameter. ([#3649](https://github.com/urllib3/urllib3/issues/3649) <https://github.com/urllib3/urllib3/issues/3649>__)
• Fixed HTTPConnectionPool when used in Emscripten with no explicit port. ([#3664](https://github.com/urllib3/urllib3/issues/3664) <https://github.com/urllib3/urllib3/issues/3664>__)
• Fixed handling of SSLKEYLOGFILE with expandable variables. ([#3700](https://github.com/urllib3/urllib3/issues/3700) <https://github.com/urllib3/urllib3/issues/3700>__)

... (truncated)

Commits

• 720f484 Release 2.6.0
• 24d7b67 Merge commit from fork
• c19571d Merge commit from fork
• 816fcf0 Bump actions/setup-python from 6.0.0 to 6.1.0 (#3725)
• 18af0a1 Improve speed of BytesQueueBuffer.get() by using memoryview (#3711)
• 1f6abac Bump versions of pre-commit hooks (#3716)
• 1c8fbf7 Bump actions/checkout from 5.0.0 to 6.0.0 (#3722)
• 7784b9e Add Python 3.15 to CI (#3717)
• 0241c9e Updated docs to reflect change in optional zstd dependency from zstandard t...
• 7afcabb Expand environment variable of SSLKEYLOGFILE (#3705)
• Additional commits viewable in compare view

Updates whitenoise from 6.9.0 to 6.11.0

Changelog

Sourced from whitenoise's changelog.

6.11.0 (2025-09-18)

• Support Django 6.0.

6.10.0 (2025-09-09)

• Support Python 3.14.

Commits

• c9c06e9 Version 6.11.0
• 051c4e9 Support Django 6.0 (#665)
• c903cc1 Version 6.10.0
• a81bcb0 docs(django): use the stable version in URLs (#626)
• 67b4f32 Support Python 3.14 (#664)
• da8d333 [pre-commit.ci] pre-commit autoupdate (#663)
• 8000724 Bump the github-actions group with 2 updates (#662)
• 8fb339f Upgrade dependencies (#661)
• adf64dd Use uvx to run tox on GitHub Actions (#660)
• ad6eb20 [pre-commit.ci] pre-commit autoupdate (#659)
• Additional commits viewable in compare view

Updates ruff from 0.12.9 to 0.14.8

Release notes

Sourced from ruff's releases.

0.14.8

Release Notes

Released on 2025-12-04.

Preview features

• [flake8-bugbear] Catch yield expressions within other statements (B901) (#21200)
• [flake8-use-pathlib] Mark fixes unsafe for return type changes (PTH104, PTH105, PTH109, PTH115) (#21440)

Bug fixes

• Fix syntax error false positives for await outside functions (#21763)
• [flake8-simplify] Fix truthiness assumption for non-iterable arguments in tuple/list/set calls (SIM222, SIM223) (#21479)

Documentation

• Suggest using --output-file option in GitLab integration (#21706)

Other changes

• [syntax-error] Default type parameter followed by non-default type parameter (#21657)

Contributors

• @​kieran-ryan
• @​11happy
• @​danparizher
• @​ntBre

Install ruff 0.14.8

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.14.8/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/ruff/releases/download/0.14.8/ruff-installer.ps1 | iex"

Download ruff 0.14.8

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.8

Released on 2025-12-04.

Preview features

• [flake8-bugbear] Catch yield expressions within other statements (B901) (#21200)
• [flake8-use-pathlib] Mark fixes unsafe for return type changes (PTH104, PTH105, PTH109, PTH115) (#21440)

Bug fixes

• Fix syntax error false positives for await outside functions (#21763)
• [flake8-simplify] Fix truthiness assumption for non-iterable arguments in tuple/list/set calls (SIM222, SIM223) (#21479)

Documentation

• Suggest using --output-file option in GitLab integration (#21706)

Other changes

• [syntax-error] Default type parameter followed by non-default type parameter (#21657)

Contributors

• @​kieran-ryan
• @​11happy
• @​danparizher
• @​ntBre

0.14.7

Released on 2025-11-28.

Preview features

• [flake8-bandit] Handle string literal bindings in suspicious-url-open-usage (S310) (#21469)
• [pylint] Fix PLR1708 false positives on nested functions (#21177)
• [pylint] Fix suppression for empty dict without tuple key annotation (PLE1141) (#21290)
• [ruff] Add rule RUF066 to detect unnecessary class properties (#21535)
• [ruff] Catch more dummy variable uses (RUF052) (#19799)

Bug fixes

• [server] Set severity for non-rule diagnostics (#21559)
• [flake8-implicit-str-concat] Avoid invalid fix in (ISC003) (#21517)
• [parser] Fix panic when parsing IPython escape command expressions (#21480)

CLI

• Show partial fixability indicator in statistics output (#21513)

... (truncated)

Commits

• 9d4f1c6 Bump 0.14.8 (#21791)
• 326025d [ty] Always register rename provider if client doesn't support dynamic regist...
• 3aefe85 [ty] Ensure rename CursorTest calls can_rename before renaming (#21790)
• b8ecc83 Fix clippy errors on main (#21788)
• 6491932 [ty] Fix crash when hovering an unknown string annotation (#21782)
• a9f2bb4 [ty] Don't send publish diagnostics for clients supporting pull diagnostics (...
• e2b72fb [ty] cleanup test path (#21781)
• 14fce0d [ty] Improve the display of various special-form types (#21775)
• 8ebecb2 [ty] Add subdiagnostic hint if the user wrote X = Any rather than X: Any ...
• 45ac30a [ty] Teach ty the meaning of desperation (try ancestor pyproject.tomls as...
• Additional commits viewable in compare view

Updates pre-commit from 4.3.0 to 4.5.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.5.0

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

pre-commit v4.4.0

Features

• Add --fail-fast option to pre-commit run.
  • #3528 PR by @​JulianMaurin.
• Upgrade ruby-build / rbenv.
  • #3566 PR by @​asottile.
  • #3565 issue by @​MRigal.
• Add language: unsupported / language: unsupported_script as aliases for language: system / language: script (which will eventually be deprecated).
  • #3577 PR by @​asottile.
• Add support docker-in-docker detection for cgroups v2.
  • #3535 PR by @​br-rhrbacek.
  • #3360 issue by @​JasonAlt.

Fixes

• Handle when docker gives SecurityOptions: null.
  • #3537 PR by @​asottile.
  • #3514 issue by @​jenstroeger.
• Fix error context for invalid stages in .pre-commit-config.yaml.
  • #3576 PR by @​asottile.

Changelog

Sourced from pre-commit's changelog.

4.5.0 - 2025-11-22

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

4.4.0 - 2025-11-08

Features

• Add --fail-fast option to pre-commit run.
  • #3528 PR by @​JulianMaurin.
• Upgrade ruby-build / rbenv.
  • #3566 PR by @​asottile.
  • #3565 issue by @​MRigal.
• Add language: unsupported / language: unsupported_script as aliases for language: system / language: script (which will eventually be deprecated).
  • #3577 PR by @​asottile.
• Add support docker-in-docker detection for cgroups v2.
  • #3535 PR by @​br-rhrbacek.
  • #3360 issue by @​JasonAlt.

Fixes

• Handle when docker gives SecurityOptions: null.
  • #3537 PR by @​asottile.
  • #3514 issue by @​jenstroeger.
• Fix error context for invalid stages in .pre-commit-config.yaml.
  • #3576 PR by @​asottile.

Commits

• 1af6c8f v4.5.0
• 3358a3b Merge pull request #3585 from pre-commit/hazmat
• bdf6879 add pre-commit hazmat
• e436690 Merge pull request #3584 from pre-commit/exitstack
• 8d34f95 use ExitStack instead of start + stop
• 9c7ea88 Merge pull request #3583 from pre-commit/forward-compat-map-manifest
• 844dacc add forward-compat error message
• 6a1d543 Merge pull request #3582 from pre-commit/move-gc-back
• 66278a9 move logic for gc back to commands.gc
• 1b32c50 Merge pull request #3579 from pre-commit/pre-commit-ci-update-config
• Additional commits viewable in compare view

Updates bandit from 1.8.6 to 1.9.2

Release notes

Sourced from bandit's releases.

1.9.2

What's Changed

• Argparse Python 3.14 enhancements by @​ericwb in PyCQA/bandit#1331
• Check whether Constant value is str by @​ericwb in PyCQA/bandit#1333

Full Changelog: PyCQA/bandit@1.9.1...1.9.2

1.9.1

What's Changed

• More Python version related fixes by @​ericwb in PyCQA/bandit#1327

Full Changelog: PyCQA/bandit@1.9.0...1.9.1

1.9.0

What's Changed

• Add instructions for Maintainers to create/publish a release by @​ericwb in PyCQA/bandit#1275
• Bump sigstore/cosign-installer from 3.9.1 to 3.9.2 by @​dependabot[bot] in PyCQA/bandit#1289
• Bump docker/login-action from 3.4.0 to 3.5.0 by @​dependabot[bot] in PyCQA/bandit#1290
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1291
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in PyCQA/bandit#1292
• Replace deprecated datetime.datetime.utcnow() by @​purplezimmermann in PyCQA/bandit#1295
• Bump actions/setup-python from 5 to 6 by @​dependabot[bot] in PyCQA/bandit#1296
• Bump sigstore/cosign-installer from 3.9.2 to 3.10.0 by @​dependabot[bot] in PyCQA/bandit#1298
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1303
• Fix typos by @​Shortfinga in PyCQA/bandit#1305
• Bump docker/login-action from 3.5.0 to 3.6.0 by @​dependabot[bot] in PyCQA/bandit#1306
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1315
• Bump sigstore/cosign-installer from 3.10.0 to 4.0.0 by @​dependabot[bot] in PyCQA/bandit#1317
• Support of Python 3.14 by @​ericwb in PyCQA/bandit#1323
• Drop support of end-of-life Python 3.9 by @​ericwb in PyCQA/bandit#1325
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1324

New Contributors

• @​purplezimmermann made their first contribution in PyCQA/bandit#1295
• @​Shortfinga made their first contribution in PyCQA/bandit#1305

Full Changelog: PyCQA/bandit@1.8.6...1.9.0

Commits

• ea0d187 Check whether Constant value is str (#1333)
• 8bf7594 Argparse Python 3.14 enhancements (#1331)
• a255dfa More Python version related fixes (#1327)
• 3f07bb0 [pre-commit.ci] pre-commit autoupdate (#1324)
• c8c3fb8 Drop support of end-of-life Python 3.9 (#1325)
• 5c30350 Support of Python 3.14 (#1323)
• e1ffdf6 Bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#1317)
• 176d4ca [pre-commit.ci] pre-commit autoupdate (#1315)
• 2fc3e9c Bump docker/login-action from 3.5.0 to 3.6.0 (#1306)
• 6a68546 Fix typos (#1305)
• Additional commits viewable in compare view

Updates mypy from 1.17.1 to 1.19.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Description has been truncated