Bump the python group with 4 updates

[dependabot]

Bumps the python group with 4 updates: pydantic, rich, prek and tox-uv.

Updates pydantic from 2.12.5 to 2.13.0

Release notes

Sourced from pydantic's releases.

v2.13.0 2026-04-13

v2.13.0 (2026-04-13)

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

Packaging

• Add zizmor for GitHub Actions workflow linting by @​Viicos in #13039
• Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by @​Viicos in #13064

New Features

• Allow default factories of private attributes to take validated model data by @​Viicos in #13013

Changes

• Warn when serializing fixed length tuples with too few items by @​arvindsaripalli in #13016

Fixes

• Change type of Any when synthesizing _build_sources for BaseSettings.__init__() signature in the mypy plugin by @​Viicos in #13049
• Fix model equality when using runtime extra configuration by @​Viicos in #13062

New Contributors

• @​arvindsaripalli made their first contribution in #13016

Full Changelog: pydantic/pydantic@v2.12.0...v2.13.0

v2.13.0b3 2026-03-31

What's Changed

Packaging

• Add riscv64 build target for manylinux by @​boosterl in #12723

New Features

• Add ascii_only option to StringConstraints by @​ai-man-codes in #12907
• Support exclude_if in computed fields by @​andresliszt in #12748
• Push down constraints in unions involving MISSING sentinel by @​Viicos in #12908

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.13.0 (2026-04-13)

GitHub release

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

New Features

• Allow default factories of private attributes to take validated model data by @​Viicos in #13013

Changes

• Warn when serializing fixed length tuples with too few items by @​arvindsaripalli in #13016

Fixes

• Change type of Any when synthesizing _build_sources for BaseSettings.__init__() signature in the mypy plugin by @​Viicos in #13049
• Fix model equality when using runtime extra configuration by @​Viicos in #13062

Packaging

• Add zizmor for GitHub Actions workflow linting by @​Viicos in #13039
• Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by @​Viicos in #13064

New Contributors

• @​arvindsaripalli made their first contribution in #13016

v2.13.0b3 (2026-03-31)

GitHub release

What's Changed

New Features

• Add ascii_only option to StringConstraints by @​ai-man-codes in #12907
• Support exclude_if in computed fields by @​andresliszt in #12748
• Push down constraints in unions involving MISSING sentinel by @​Viicos in #12908

Changes

... (truncated)

Commits

• 46bf4fa Fix Pydantic release workflow (#13067)
• 1b359ed Prepare release v2.13.0 (#13065)
• b1bf194 Fix model equality when using runtime extra configuration (#13062)
• 17a35e3 Update jiter to v0.14.0 (#13064)
• feea402 Use simulation mode in Codspeed CI (#13063)
• 671c9b0 Add basic benchmarks for model equality (#13061)
• d17d71e Bump cryptography from 46.0.6 to 46.0.7 (#13056)
• 919d61a 👥 Update Pydantic People (#13059)
• e7cf5dc Fix people workflow (#13047)
• 2a806ad Add regression test for MISSING sentinel serialization with subclasses (#13...
• Additional commits viewable in compare view

Updates rich from 14.3.3 to 15.0.0

Release notes

Sourced from rich's releases.

The So Long 3.8 Release

A few fixes. The major version bump is to honor the passing of 3.8 support which reached its EOL in October 7, 2024

[15.0.0] - 2026-04-12

Changed

• Breaking change: Dropped support for Python3.8

Fixed

• Fixed empty print ignoring the end parameter Textualize/rich#4075
• Fixed Text.from_ansi removing newlines Textualize/rich#4076
• Fixed FileProxy.isatty not proxying Textualize/rich#4077
• Fixed inline code in Markdown tables cells Textualize/rich#4079

The Faster Startup Release

No new features in this release, but there should be improved startup time for Rich apps, and potentially improved runtime if you have a lot of links.

[14.3.4] - 2026-04-11

Changed

• Improved import time with lazy loading Textualize/rich#4070
• Changed link id generation to avoid random number generation at runtime Textualize/rich#3845

Changelog

Sourced from rich's changelog.

[15.0.0] - 2026-04-12

Changed

• Breaking change: Dropped support for Python3.8

Fixed

• Fixed empty print ignoring the end parameter Textualize/rich#4075
• Fixed Text.from_ansi removing newlines Textualize/rich#4076
• Fixed FileProxy.isatty not proxying Textualize/rich#4077
• Fixed inline code in Markdown tables cells Textualize/rich#4079

[14.3.4] - 2026-04-11

Changed

• Improved import time with lazy loading Textualize/rich#4070
• Changed link id generation to avoid random number generation at runtime Textualize/rich#3845

Commits

• 6ac483c correction
• 458a910 Merge pull request #4080 from Textualize/bump1500
• 82e06e0 changelog
• d6556bc bump to 15.0.0
• ffe2edc Merge pull request #4079 from Textualize/inline-table-code
• cf3b5a1 changelog
• 77f0edb remove comments
• 7ef2d05 fix inline code in table cells
• 19c67b9 Merge pull request #4077 from Textualize/isattry
• 494b795 changelog
• Additional commits viewable in compare view

Updates prek from 0.3.8 to 0.3.9

Release notes

Sourced from prek's releases.

0.3.9

Release Notes

Released on 2026-04-13.

Highlight

prek auto-update is now stricter about pinned revisions and more useful in CI. It now keeps rev and # frozen: comments in sync, can detect impostor commits when validating pinned SHAs, and lets you use prek auto-update --check to fail on both available updates and frozen-ref mismatches without rewriting the config.

Examples:

$ prek auto-update
# updates revs and repairs stale `# frozen:` comments
$ prek auto-update --freeze
writes frozen SHAs with matching # frozen: <tag> comments
$ prek auto-update --check
exits non-zero when updates are available, a # frozen: comment is stale,
or a pinned SHA does not belong to the fetched upstream refs

Enhancements

• Check and sync frozen comments during auto-update (#1896)
• Handle impostor commits in auto-update (#1919)
• Add experimental language: dotnet support (#1871)
• Honor repo and worktree core.hooksPath (#1892)
• Add prek run --no-fail-fast to override config file (#1859)
• Add forbid-new-submodules as builtin hook (#1853)
• Clean stale patch files in cache gc (#1877)
• Display auto-update results by config entry (#1922)
• Restrict patch directory permissions (#1876)
• Show tag names in auto-update --freeze output (#1916)
• Use a bitset for hook stages (#1860)

Bug fixes

• Canonicalize CWD and GIT_ROOT paths (#1878)
• Ensure quotes are added for non-string revisions in auto-update (#1936)

Documentation

• Update docs for case of hooks modifying files with a non-zero exit code (#1879)

... (truncated)

Changelog

Sourced from prek's changelog.

0.3.9

Released on 2026-04-13.

Highlight

prek auto-update is now stricter about pinned revisions and more useful in CI. It now keeps rev and # frozen: comments in sync, can detect impostor commits when validating pinned SHAs, and lets you use prek auto-update --check to fail on both available updates and frozen-ref mismatches without rewriting the config.

Examples:

$ prek auto-update
# updates revs and repairs stale `# frozen:` comments
$ prek auto-update --freeze
writes frozen SHAs with matching # frozen: <tag> comments
$ prek auto-update --check
exits non-zero when updates are available, a # frozen: comment is stale,
or a pinned SHA does not belong to the fetched upstream refs

Enhancements

• Check and sync frozen comments during auto-update (#1896)
• Handle impostor commits in auto-update (#1919)
• Add experimental language: dotnet support (#1871)
• Honor repo and worktree core.hooksPath (#1892)
• Add prek run --no-fail-fast to override config file (#1859)
• Add forbid-new-submodules as builtin hook (#1853)
• Clean stale patch files in cache gc (#1877)
• Display auto-update results by config entry (#1922)
• Restrict patch directory permissions (#1876)
• Show tag names in auto-update --freeze output (#1916)
• Use a bitset for hook stages (#1860)

Bug fixes

• Canonicalize CWD and GIT_ROOT paths (#1878)
• Ensure quotes are added for non-string revisions in auto-update (#1936)

Documentation

• Update docs for case of hooks modifying files with a non-zero exit code (#1879)

Contributors

... (truncated)

Commits

• 3a9b9fe Ensure quotes are added for non-string revisions in auto-update (#1936)
• 501d1db Bump version to 0.3.9 (#1934)
• dc98c47 Honor repo and worktree core.hooksPath (#1892)
• 08c1f70 Remove bracket from auto-update project header (#1933)
• 4292fe2 Update pre-commit hook crate-ci/typos to v1.45.0 (#1930)
• adafad0 Update GitHub Actions (#1929)
• f0bf283 Update dependency uv to v0.11.3 (#1928)
• 059f272 Display auto-update results by config entry (#1922)
• 7899b90 Handle --no-lazy-fetch not available
• ff0769a Handle impostor commits in auto-update
• Additional commits viewable in compare view

Updates tox-uv from 1.35.0 to 1.35.1

Release notes

Sourced from tox-uv's releases.

1.35.1

What's Changed

• fix(lock-runner): respect UV_FROZEN env var and --frozen in uv_sync_flags by @​alexholtz in tox-dev/tox-uv#327

New Contributors

• @​alexholtz made their first contribution in tox-dev/tox-uv#327

Full Changelog: tox-dev/tox-uv@1.35.0...1.35.1

Commits

• 8b0497e fix(lock-runner): respect UV_FROZEN env var and --frozen in uv_sync_flags (#327)
• ad30d57 build(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (#324)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions