Bump prek from 0.3.11 to 0.4.1

[dependabot]

Warning

Dependabot will stop supporting python v3.9!

Please upgrade to one of the following versions: v3.9, v3.10, v3.11, v3.12, v3.13, or v3.14.

Bumps prek from 0.3.11 to 0.4.1.

Release notes

Sourced from prek's releases.

0.4.1

Release Notes

Released on 2026-05-20.

Enhancements

• Fix pre-push range after rebase (#2089)
• Prefer extensions over loose filename tags (#2092)
• Skip installs for hooks that will not run (#2103)

Performance

• Optimize meta hook file scans (#2106)
• Reduce run filtering allocations (#2090)

Contributors

• @​j178

Install prek 0.4.1

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/j178/prek/releases/download/v0.4.1/prek-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/j178/prek/releases/download/v0.4.1/prek-installer.ps1 | iex"

Install prebuilt binaries via Homebrew

brew install prek

Download prek 0.4.1

File	Platform	Checksum
prek-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
prek-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
prek-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
prek-i686-pc-windows-msvc.zip	x86 Windows	checksum
prek-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
prek-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum

... (truncated)

Changelog

Sourced from prek's changelog.

0.4.1

Released on 2026-05-20.

Enhancements

• Fix pre-push range after rebase (#2089)
• Prefer extensions over loose filename tags (#2092)
• Skip installs for hooks that will not run (#2103)

Performance

• Optimize meta hook file scans (#2106)
• Reduce run filtering allocations (#2090)

Contributors

• @​j178

0.4.0

Released on 2026-05-14.

Breaking changes

These are narrow cleanup breaks in behavior that was either temporary or never worked correctly. Most users should not need to change anything.

• Generated hook scripts no longer preserve -q, -v, or --no-progress passed to prek install. This only affects users who expected those global flags to be baked into installed hooks. (#1966)
• language_version no longer accepts direct executable paths. Use language_version: system for a system toolchain, or use a supported version request instead. This path form did not work reliably before, so existing working configs should be unaffected. (#1831)

Enhancements

• Expand tilde in --config, --cd, --log-file and --git-dir (#2063)
• Prevent auto-update cooldown downgrades (#2055)
• Use managed npm cache for node hooks (#2075)

Bug fixes

• Fix npm config env overrides for node hooks (#2074)

Documentation

• Add cookbook page for enabling Git 2.54 config-based global hooks (#2061)

Contributors

• @​j178

0.3.13

... (truncated)

Commits

• 871b9ed Bump version to 0.4.1 (#2107)
• 3c26faf Optimize meta hook file scans (#2106)
• 7780f11 Clean up run hook installation flow (#2105)
• c5dc885 Refine hook install filtering (#2104)
• 9db879e Skip installs for hooks that will not run (#2103)
• 2a0da57 Simplify workspace file handling (#2102)
• 33ca060 Lock file maintenance (#2072)
• 03f11c0 Update GitHub Actions (#2101)
• 354f431 Update dependency uv to v0.11.13 (#2094)
• 4a41828 Update Rust crate quick-xml to v0.39.4 (#2098)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[rtibblesbot]

Dependency Update Review

Package: prek 0.3.11 → 0.4.1
Semver risk: Minor (pre-1.0: 0.3→0.4 is effectively a minor bump)
Dependency type: Dev only ([dependency-groups] dev in pyproject.toml — not shipped in production builds)
CI status: Passing (12/12 runs succeeded)

Changelog Analysis

Sources consulted:

• PR body (release notes and changelog from dependabot)
• pyproject.toml (to confirm dependency type and usage)
• uv.lock diff

Breaking changes (introduced in 0.4.0):

• Generated hook scripts no longer preserve -q, -v, or --no-progress flags passed to prek install. Only affects users who expected those flags to be baked into installed hooks — does not affect this project.
• language_version no longer accepts direct executable paths; must use language_version: system or a supported version string. This form did not work reliably before, and this project does not appear to use it.

Security fixes: None noted

Other notable changes (0.4.0–0.4.1):

• Fix pre-push range after rebase
• Skip installs for hooks that will not run (performance)
• Optimize meta hook file scans (performance)
• Reduce run filtering allocations (performance)
• Managed npm cache for node hooks
• Tilde expansion in --config, --cd, --log-file, --git-dir

Note: PyPI shows 0.4.3 is the latest available version; this PR targets 0.4.1. This is fine — dependabot will follow up with further bumps.

Compatibility Assessment

• Only lockfile changed: no code migration needed
• The two 0.4.0 breaking changes do not apply to this project's configuration
• prek is a dev-only tool (git hooks); no impact on production builds or end users
• CI: passing

Recommendation

APPROVE — routine dev-tooling bump, CI passing, no breaking changes affect this project.

---

@rtibblesbot's comments are generated by an LLM, and should be evaluated accordingly

How was this generated?

Reviewed the pull request diff checking for:

• Correctness: bugs, edge cases, undocumented behavior, resource leaks, hardcoded values
• Design: unnecessary complexity, naming, readability, comment accuracy, redundant state
• Architecture: duplicated concerns, minimal interfaces, composition over inheritance
• Testing: behavior-based assertions, mocks only at hard boundaries, accurate coverage
• Completeness: missing dependencies, unupdated usages, i18n, accessibility, security
• Principles: DRY (same reason to change), SRP, Rule of Three (no premature abstraction)
• Checked CI status and linked issue acceptance criteria
• For UI changes: inspected screenshots for layout, visual completeness, and consistency