Skip to content

Bump the "dependencies" group with 1 update across multiple ecosystems#72

Merged
kattni merged 1 commit intomainfrom
dependabot/dependencies-92e256ad3d
May 3, 2026
Merged

Bump the "dependencies" group with 1 update across multiple ecosystems#72
kattni merged 1 commit intomainfrom
dependabot/dependencies-92e256ad3d

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 3, 2026

Bumps the dependencies group with 3 updates: pre-commit, tox-uv and wlc.

Updates pre-commit from 4.5.1 to 4.6.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.6.0

Features

  • pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.

Fixes

Changelog

Sourced from pre-commit's changelog.

4.6.0 - 2026-04-21

Features

  • pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.

Fixes

Commits
  • f35134b v4.6.0
  • 2a51ffc Merge pull request #3662 from pre-commit/hook-impl-optional-hook-dir
  • d7dee32 make --hook-dir optional for hook-impl
  • 965aeb1 Merge pull request #3661 from pre-commit/hook-impl-required
  • 2eacc06 --hook-type is required for hook-impl
  • f5678bf Merge pull request #3657 from pre-commit/pre-commit-ci-update-config
  • 054cc5b [pre-commit.ci] pre-commit autoupdate
  • 5c0f302 Merge pull request #3652 from pre-commit/pre-commit-ci-update-config
  • a5d9114 [pre-commit.ci] pre-commit autoupdate
  • 129a1f5 Merge pull request #3641 from pre-commit/mxr-patch-1
  • Additional commits viewable in compare view

Updates tox-uv from 1.34.0 to 1.35.1

Release notes

Sourced from tox-uv's releases.

1.35.1

What's Changed

New Contributors

Full Changelog: tox-dev/tox-uv@1.35.0...1.35.1

1.35.0

What's Changed

New Contributors

Full Changelog: tox-dev/tox-uv@1.34.0...1.35.0

Commits
  • 8b0497e fix(lock-runner): respect UV_FROZEN env var and --frozen in uv_sync_flags (#327)
  • ad30d57 build(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (#324)
  • 9fc7741 🐛 fix(installer): invalidate install cache on UV_* env var changes (#325)
  • 928cd46 [pre-commit.ci] pre-commit autoupdate (#323)
  • 84997a5 build(deps): bump astral-sh/setup-uv from 7.6.0 to 8.0.0 (#322)
  • 8072144 Add machine and architecture handling to version spec (#321)
  • See full diff in compare view

Updates wlc from 1.17.2 to 2.0.0

Release notes

Sourced from wlc's releases.

2.0.0

What's Changed

Possibly breaking changes

  • Renamed the retry configuration option from method_whitelist to allowed_methods.
  • Tightened configuration loading: explicit --config is authoritative, missing explicit config files fail, and project discovery uses the nearest config file.
  • Tightened URL, download, and output safety: invalid or cross-origin URLs are rejected, binary downloads to terminals are refused, and text, CSV, and HTML output is escaped.

Changes and improvements

  • Added WLC_URL and WLC_KEY environment variable support.
  • Added unit-level CLI commands.
  • Updated models and statistics for the current Weblate API while preserving older statistics responses.
  • Fixed retry configuration and request adapter wiring.
  • Escaped generated HTML output (GHSA-gx2m-mcc2-r4p3), hardened CSV and terminal output, and redacted authorization headers from debug logs.
  • Improved nested category handling, unit editing, help texts, and error messages.
  • Split implementation modules, moved tests out of the installed package, and updated packaging, dependencies, Docker images, and CI.

New Contributors

Full Changelog: WeblateOrg/wlc@1.17.2...2.0.0

Changelog

Sourced from wlc's changelog.

2.0.0

  • Released on 21st April 2026.

  • Possibly breaking changes:

    • Renamed the retry configuration option from method_whitelist to allowed_methods.
    • Tightened configuration loading: explicit --config is authoritative, missing explicit config files fail, and project discovery uses the nearest config file.
    • Tightened URL, download, and output safety: invalid or cross-origin URLs are rejected, binary downloads to terminals are refused, and text, CSV, and HTML output is escaped.

  • Added WLC_URL and WLC_KEY environment variable support.

  • Added unit-level CLI commands.

  • Updated models and statistics for the current Weblate API while preserving older statistics responses.

  • Fixed retry configuration and request adapter wiring.

  • Escaped generated HTML output (GHSA-gx2m-mcc2-r4p3 <https://github.com/WeblateOrg/wlc/security/advisories/GHSA-gx2m-mcc2-r4p3>__), hardened CSV and terminal output, and redacted authorization headers from debug logs.

  • Improved nested category handling, unit editing, help texts, and error messages.

  • Split implementation modules, moved tests out of the installed package, and updated packaging, dependencies, Docker images, and CI.

Commits
  • 362798d chore: release 2.0.0
  • 2d7d4fd fix(stats): make the stats backward compatible
  • 161a602 chore(deps): update pre-commit hook rvben/rumdl-pre-commit to v0.1.77
  • f0365b5 fix: update statistics endpoints to support current stats
  • bb7bd27 chore(deps): update pre-commit hook mongodb/kingfisher to v1.96.0 (#1357)
  • f5eda95 chore(deps): update dependency ty to v0.0.32 (#1356)
  • e416176 chore: add type annotations
  • 3ea3623 chore: lint and split tests
  • 40b074c fix: improve help texts and error messages (#1353)
  • 9569c7d fix: preseve existing value in unit edit
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the dependencies group with 3 updates
d458863 
Bumps the dependencies group with 3 updates: [pre-commit](https://github.com/pre-commit/pre-commit), [tox-uv](https://github.com/tox-dev/tox-uv) and [wlc](https://github.com/WeblateOrg/wlc).


Updates `pre-commit` from 4.5.1 to 4.6.0
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md)
- [Commits](pre-commit/pre-commit@v4.5.1...v4.6.0)

Updates `tox-uv` from 1.34.0 to 1.35.1
- [Release notes](https://github.com/tox-dev/tox-uv/releases)
- [Commits](tox-dev/tox-uv@1.34.0...1.35.1)

Updates `wlc` from 1.17.2 to 2.0.0
- [Release notes](https://github.com/WeblateOrg/wlc/releases)
- [Changelog](https://github.com/WeblateOrg/wlc/blob/main/CHANGES.rst)
- [Commits](WeblateOrg/wlc@1.17.2...2.0.0)

---
updated-dependencies:
- dependency-name: pre-commit
  dependency-version: 4.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: tox-uv
  dependency-version: 1.35.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: wlc
  dependency-version: 2.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 3, 2026
@kattni kattni merged commit 88dec49 into main May 3, 2026
3 checks passed
@kattni kattni deleted the dependabot/dependencies-92e256ad3d branch May 3, 2026 23:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kattni kattni kattni approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kattni