Bump the dev-dependencies group across 1 directory with 3 updates

[dependabot]

Updates the requirements on nox, pre-commit and zipp to permit the latest version.
Updates nox to 2026.4.10

Changelog

Sourced from nox's changelog.

Changelog

2026.04.10

This release drops Python 3.8 and adds a --usage command for full docstrings. Our .nox dir is now ignored by default, virtualenvs are recreated if symlinks are broken (such as after a Python upgrade), and -t now selects from all available sessions.

We'd like to thank the following folks who contributed to this release:

• @​henryiii
• @​agriyakhetarpal
• @​scop

Features:

• Drop Python 3.8 (reapply #1004) by @​henryiii in wntrblm/nox#1062
• Add a nox --usage <session> command to print full docstrings for provided sessions by @​agriyakhetarpal in wntrblm/nox#1064
• Write out .gitignore/CACHEDIR.TAG to .nox dir by @​henryiii in wntrblm/nox#1072

Fixes:

• Recreate venv if broken symlinks are present by @​henryiii in wntrblm/nox#1078
• Ignore default selection for tags and keywords by @​henryiii in wntrblm/nox#1057
• More uv variables set by @​henryiii in wntrblm/nox#1056
• Ignore forcecolor falsy by @​henryiii in wntrblm/nox#1073
• Fully pin actions in composite action by @​henryiii in wntrblm/nox#1080

Internal changes:

• Pin CI to working conda version by @​henryiii in wntrblm/nox#1079
• Use prek by @​agriyakhetarpal in wntrblm/nox#1065
• Switch artifact attestations to actions/attest by @​scop in wntrblm/nox#1070
• Use zizmor by @​henryiii in wntrblm/nox#1082

2026.02.09

This small release supports uv 0.10's new requirement that --clear be passed to clear an environment. Python 3.8 support was temporarily re-added since uv 0.10 still supports 3.8, so nox on 3.8 was affected.

We'd like to thank the following folks who contributed to this release:

• @​henryiii
• @​kai687 (first contribution)
• @​wu-zhao-min (first contribution)

... (truncated)

Commits

• 97e345e docs: add thanks section (#1083)
• 8d5c759 chore: prepare for 2026.04.10 (#1081)
• 2577f31 ci: add zizmor (#1082)
• b6a6156 fix: fully pin actions in composite action (#1080)
• 4c7a215 fix: write out .gitignore/CACHEDIR.TAG to our dir (#1072)
• 47cb9c3 fix: ignore default selection for tags and keywords (#1057)
• 63dcab9 fix: more uv variables set (#1056)
• e0f64e6 fix: recreate if broken symlinks are present (#1078)
• bf90952 tests: pin to working conda version (#1079)
• 4ff681f fix: ignore forcecolor falsy (#1073)
• Additional commits viewable in compare view

Updates pre-commit to 4.6.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.6.0

Features

• pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.
  • #3662 PR by @​asottile.

Fixes

• pre-commit hook-impl: --hook-type is required.
  • #3661 PR by @​asottile.

Changelog

Sourced from pre-commit's changelog.

4.6.0 - 2026-04-21

Features

• pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.
  • #3662 PR by @​asottile.

Fixes

• pre-commit hook-impl: --hook-type is required.
  • #3661 PR by @​asottile.

4.5.1 - 2025-12-16

Fixes

• Fix language: python with repo: local without additional_dependencies.
  • #3597 PR by @​asottile.

4.5.0 - 2025-11-22

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

4.4.0 - 2025-11-08

Features

• Add --fail-fast option to pre-commit run.
  • #3528 PR by @​JulianMaurin.
• Upgrade ruby-build / rbenv.
  • #3566 PR by @​asottile.
  • #3565 issue by @​MRigal.
• Add language: unsupported / language: unsupported_script as aliases for language: system / language: script (which will eventually be deprecated).
  • #3577 PR by @​asottile.
• Add support docker-in-docker detection for cgroups v2.
  • #3535 PR by @​br-rhrbacek.
  • #3360 issue by @​JasonAlt.

Fixes

• Handle when docker gives SecurityOptions: null.
  • #3537 PR by @​asottile.
  • #3514 issue by @​jenstroeger.
• Fix error context for invalid stages in .pre-commit-config.yaml.
  • #3576 PR by @​asottile.

... (truncated)

Commits

• f35134b v4.6.0
• 2a51ffc Merge pull request #3662 from pre-commit/hook-impl-optional-hook-dir
• d7dee32 make --hook-dir optional for hook-impl
• 965aeb1 Merge pull request #3661 from pre-commit/hook-impl-required
• 2eacc06 --hook-type is required for hook-impl
• f5678bf Merge pull request #3657 from pre-commit/pre-commit-ci-update-config
• 054cc5b [pre-commit.ci] pre-commit autoupdate
• 5c0f302 Merge pull request #3652 from pre-commit/pre-commit-ci-update-config
• a5d9114 [pre-commit.ci] pre-commit autoupdate
• 129a1f5 Merge pull request #3641 from pre-commit/mxr-patch-1
• Additional commits viewable in compare view

Updates zipp to 3.23.1

Changelog

Sourced from zipp's changelog.

v3.23.1

Bugfixes

• str(Path(...)) now renders ":zipfile" for the filename when a zipfile has no filename instead of failing with a TypeError. (#134)

v3.23.0

Features

• Add a compatibility shim for Python 3.13 and earlier. (#145)

v3.22.0

Features

• Backported simplified tests from python/cpython#123424. (#142)

Bugfixes

• Fixed .name, .stem, and other basename-based properties on Windows when working with a zipfile on disk. (#133)

v3.21.0

Features

• Improve performances of :meth:zipfile.Path.open for non-reading modes. (1a1928d)
• Rely on cached_property to cache values on the instance.
• Rely on save_method_args to save method args.

v3.20.2

Bugfixes

... (truncated)

Commits

• 157860e Finalize
• 0c7638a Merge pull request #135 from barneygale/fix-134
• 6d1e280 Update news fragment.
• 0b07235 Merge branch 'main' into fix-134
• c5f40d3 Moved none_as to _functools.
• f7bdf7c Use :zipfile: to designate an unnamed zipfile.
• e7956b7 Mark 3.21 as Python 3.15.
• ccb4111 Finalize
• 5b5725d Merge pull request #146 from jaraco/debt/backport-gh-133337
• c1dca82 Remove unused dependency.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud