⬆️ Bump the all group with 3 updates

[dependabot]

Bumps the all group with 3 updates: prek, types-pyyaml and pytest.

Updates prek from 0.3.8 to 0.3.9

Release notes

Sourced from prek's releases.

0.3.9

Release Notes

Released on 2026-04-13.

Highlight

prek auto-update is now stricter about pinned revisions and more useful in CI. It now keeps rev and # frozen: comments in sync, can detect impostor commits when validating pinned SHAs, and lets you use prek auto-update --check to fail on both available updates and frozen-ref mismatches without rewriting the config.

Examples:

$ prek auto-update
# updates revs and repairs stale `# frozen:` comments
$ prek auto-update --freeze
writes frozen SHAs with matching # frozen: <tag> comments
$ prek auto-update --check
exits non-zero when updates are available, a # frozen: comment is stale,
or a pinned SHA does not belong to the fetched upstream refs

Enhancements

• Check and sync frozen comments during auto-update (#1896)
• Handle impostor commits in auto-update (#1919)
• Add experimental language: dotnet support (#1871)
• Honor repo and worktree core.hooksPath (#1892)
• Add prek run --no-fail-fast to override config file (#1859)
• Add forbid-new-submodules as builtin hook (#1853)
• Clean stale patch files in cache gc (#1877)
• Display auto-update results by config entry (#1922)
• Restrict patch directory permissions (#1876)
• Show tag names in auto-update --freeze output (#1916)
• Use a bitset for hook stages (#1860)

Bug fixes

• Canonicalize CWD and GIT_ROOT paths (#1878)
• Ensure quotes are added for non-string revisions in auto-update (#1936)

Documentation

• Update docs for case of hooks modifying files with a non-zero exit code (#1879)

... (truncated)

Changelog

Sourced from prek's changelog.

0.3.9

Released on 2026-04-13.

Highlight

prek auto-update is now stricter about pinned revisions and more useful in CI. It now keeps rev and # frozen: comments in sync, can detect impostor commits when validating pinned SHAs, and lets you use prek auto-update --check to fail on both available updates and frozen-ref mismatches without rewriting the config.

Examples:

$ prek auto-update
# updates revs and repairs stale `# frozen:` comments
$ prek auto-update --freeze
writes frozen SHAs with matching # frozen: <tag> comments
$ prek auto-update --check
exits non-zero when updates are available, a # frozen: comment is stale,
or a pinned SHA does not belong to the fetched upstream refs

Enhancements

• Check and sync frozen comments during auto-update (#1896)
• Handle impostor commits in auto-update (#1919)
• Add experimental language: dotnet support (#1871)
• Honor repo and worktree core.hooksPath (#1892)
• Add prek run --no-fail-fast to override config file (#1859)
• Add forbid-new-submodules as builtin hook (#1853)
• Clean stale patch files in cache gc (#1877)
• Display auto-update results by config entry (#1922)
• Restrict patch directory permissions (#1876)
• Show tag names in auto-update --freeze output (#1916)
• Use a bitset for hook stages (#1860)

Bug fixes

• Canonicalize CWD and GIT_ROOT paths (#1878)
• Ensure quotes are added for non-string revisions in auto-update (#1936)

Documentation

• Update docs for case of hooks modifying files with a non-zero exit code (#1879)

Contributors

... (truncated)

Commits

• 3a9b9fe Ensure quotes are added for non-string revisions in auto-update (#1936)
• 501d1db Bump version to 0.3.9 (#1934)
• dc98c47 Honor repo and worktree core.hooksPath (#1892)
• 08c1f70 Remove bracket from auto-update project header (#1933)
• 4292fe2 Update pre-commit hook crate-ci/typos to v1.45.0 (#1930)
• adafad0 Update GitHub Actions (#1929)
• f0bf283 Update dependency uv to v0.11.3 (#1928)
• 059f272 Display auto-update results by config entry (#1922)
• 7899b90 Handle --no-lazy-fetch not available
• ff0769a Handle impostor commits in auto-update
• Additional commits viewable in compare view

Updates types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408

Commits

• See full diff in compare view

Updates pytest from 9.0.2 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

• #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

• #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

  Previously this resulted in an internal assertion failure during plugin loading.

  Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

• #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

• #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

• #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

• #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
• #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
• #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
• #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

• #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

  -- by aleguy02

Commits

• a7d58d7 Prepare release version 9.0.3
• 089d981 Merge pull request #14366 from bluetech/revert-14193-backport
• 8127eaf Revert "Fix: assertrepr_compare respects dict insertion order (#14050) (#14193)"
• 99a7e60 Merge pull request #14363 from pytest-dev/patchback/backports/9.0.x/95d8423bd...
• ddee02a Merge pull request #14343 from bluetech/cve-2025-71176-simple
• 74eac69 doc: Update training info (#14298) (#14301)
• f92dee7 Merge pull request #14267 from pytest-dev/patchback/backports/9.0.x/d6fa26c62...
• 7ee58ac Merge pull request #12378 from Pierre-Sassoulas/fix-implicit-str-concat-and-d...
• 37da870 Merge pull request #14259 from mitre88/patch-4 (#14268)
• c34bfa3 Add explanation for string context diffs (#14257) (#14266)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (56df3fe) to head (1ab0aab).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main      #372   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            3         3           
  Lines          149       149           
=========================================
  Hits           149       149           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.