[pip](deps-dev): Bump the dev-deps group across 1 directory with 4 updates

[dependabot]

Updates the requirements on lefthook, pyright, ruff and tox to permit the latest version.
Updates lefthook to 2.1.6

Release notes

Sourced from lefthook's releases.

v2.1.6

Changelog

• bf73ea2f1ea5468c9af7a6f06b5ef8cd43e66040 fix(packaging): do not pipe stdout and stderr (#1382)
• 04da00697cd8a6241023c1962feb720eeaa62698 fix(windows): normalize lefthook path for sh script (#1383)
• de9597a1bf456d2cf0fbcb8816858b6e5cf6b609 fix: log full scoped name for skipped jobs (#1291)
• eb3e70dbbd2442200ec8ff2140a3ee9daa7d9e70 fix: normalize root to always include trailing slash before path replacement (#1381)
• f90f3f570ef9227ddf345a79cec687dac41a5d31 fix: skip pty allocation when stdout is not a terminal (#1393)

Changelog

Sourced from lefthook's changelog.

2.1.6 (2026-04-16)

• fix: normalize lefthook path for sh script (#1383) by @​AndrewKahr
• fix: normalize root to always include trailing slash before path replacement (#1381) by @​Copilot
• fix: skip pty allocation when stdout is not a terminal (#1393) by @​technicalpickles
• docs: upgrade docmd (#1391) by @​mrexox
• fix: log full scoped name for skipped jobs (#1291) by @​scop
• fix: do not pipe stdout and stderr (#1382) by @​mrexox

2.1.5 (2026-04-06)

• deps: April 2026 (#1375) by @​mrexox
• docs: update documentation and docs for claude (#1373) by @​mrexox
• fix: git repository merge issue (#1372) by @​mrexox
• fix: use pre-push stdin for push file detection (#1368) by @​supitsdu
• chore: small cleanup (#1370) by @​mrexox
• fix: prevent lefthook run from overwriting global hooks (#1371) by @​ivy
• chore: upgrade to 2.11.4 (#1362) by @​scop
• chore: fix golangci-lint version lookup by @​mrexox
• chore: move golangci-lint version to .tool-versions (#1349) by @​scop

2.1.4 (2026-03-12)

• pkg: fix scripts (#1348) by @​mrexox
• fix: bring back {lefthook_job_name} template (#1347) by @​mrexox
• pkg: refactor packaging (2) (#1346) by @​mrexox
• fix: separate more commands' non-option args with -- (#1339) by @​scop
• docs: change logo to point to landing page instead of itself (#1343) by @​igas
• pkg: make it easier to read (#1340) by @​mrexox
• pkg: refactor packaging scripts (#1308) by @​mrexox

2.1.3 (2026-03-07)

• chore: switch artifact attestations gen to actions/attest v4 (#1338) by @​scop
• chore: describe ENV variables usage in CLI help output (#1337) by @​mrexox
• fix: support git debug versions (#1334) by @​mrexox
• deps: March 2026 (#1330) by @​mrexox
• feat: update minimum go version (#1331) by @​mrexox

2.1.2 (2026-03-01)

• feat: introduce setup hook option (#1326) by @​mrexox
• refactor: recovering logic for changesets (#1324) by @​mrexox
• fix: rollback auto-staged changes if unwanted changes detected (#1251) by @​tuchfarber
• docs: improve docs ui (#1323) by @​mrexox
• docs: additional skip example and note about reinstallation (#1319) by @​iloveitaly
• docs: fix incorrect --verbose usage (#1318) by @​iloveitaly
• pkg: fix python packages publishing by @​mrexox

2.1.1 (2026-02-12)

... (truncated)

Commits

• 679ce27 2.1.6: fixes for Windows and AI tools execution
• 04da006 fix(windows): normalize lefthook path for sh script (#1383)
• eb3e70d fix: normalize root to always include trailing slash before path replacemen...
• f90f3f5 fix: skip pty allocation when stdout is not a terminal (#1393)
• 1481e9d docs: upgrade docmd (#1391)
• de9597a fix: log full scoped name for skipped jobs (#1291)
• bf73ea2 fix(packaging): do not pipe stdout and stderr (#1382)
• 4cec579 2.1.5: prevent overwriting global hooks and fix pre-push for sha256 repos
• 5ddf220 deps: April 2026 (#1375)
• 0c16199 docs: update documentation and docs for claude (#1373)
• Additional commits viewable in compare view

Updates pyright to 1.1.409

Commits

• d7508e5 [pyright updated to 1.1.409] Update Version (#359)
• 81b795a Pyright NPM Package update to 1.1.408 (#357)
• 53e8efb Pyright NPM Package update to 1.1.407 (#356)
• 1d515b7 Pyright NPM Package update to 1.1.406 (#355)
• e211ec8 Pyright NPM Package update to 1.1.405 (#353)
• d393df1 Pyright NPM Package update to 1.1.404 (#352)
• 047488f Pyright NPM Package update to 1.1.403 (#350)
• 708a9d4 Pyright NPM Package update to 1.1.402 (#349)
• 8df87d1 Pyright NPM Package update to 1.1.401 (#347)
• 7e1526d Pyright NPM Package update to 1.1.400 (#346)
• Additional commits viewable in compare view

Updates ruff to 0.15.12

Changelog

Sourced from ruff's changelog.

0.15.12

Released on 2026-04-24.

Preview features

• Implement #ruff:file-ignore file-level suppressions (#23599)
• Implement #ruff:ignore logical-line suppressions (#23404)
• Revert preview changes to displayed diagnostic severity in LSP (#24789)
• [airflow] Implement task-branch-as-short-circuit (AIR004) (#23579)
• [flake8-bugbear] Fix break/continue handling in loop-iterator-mutation (B909) (#24440)
• [pylint] Fix PLC2701 for type parameter scopes (#24576)

Rule changes

• [pandas-vet] Suggest .array as well in PD011 (#24805)

CLI

• Respect default Unix permissions for cache files (#24794)

Documentation

• [pylint] Fix PLR0124 description not to claim self-comparison always returns the same value (#24749)
• [pyupgrade] Expand docs on reusable TypeVars and scoping (UP046) (#24153)
• Improve rules table accessibility (#24711)

Contributors

• @​dylwil3
• @​AlexWaygood
• @​woodruffw
• @​avasis-ai
• @​Dev-iL
• @​denyszhak
• @​ShipItAndPray
• @​anishgirianish
• @​augustelalande
• @​amyreese
• @​majiayu000

0.15.11

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

... (truncated)

Commits

• 66f93cf Bump 0.15.12 (#24815)
• 476a4d0 [ty] Complete support for more detailed diagnostics on possibly unbound error...
• ed669ea Implement #ruff:file-ignore file-level suppressions (#23599)
• e73d952 [ty] Include inferred type in invalid-key concise diagnostic for union/inte...
• 80feb29 [ty] report only dead annotation-only locals as unused (#24811)
• 0fbf2bc Drop deprecated license classifier (#24808)
• 43b174c [ty] Infer lambda parameter types with Callable type context (#24317)
• 4f449ae [ty] Add error context for intersection types (#24772)
• 5b4e753 [ty] Add support for goto in literal enum member inlay hint (#24792)
• e7cc762 [ty] Add error context for TypedDict assignments (#24790)
• Additional commits viewable in compare view

Updates tox to 4.53.0

Changelog

Sourced from tox's changelog.

Features - 4.53.0

• TOML env_list now accepts bare range dicts ({ prefix = "3.", start = 12, stop = 14 }) and bare labeled dicts ({ ecosystem = ["oci", "python"] }) as top-level items, removing the { product = [...] } wrapper when there is only a single factor group - by :user:gaborbernat. (:issue:3923)

Bug fixes - 4.53.0

• Nesting a range or labeled dict inside a product factor-group list now raises a clear error pointing at the un-nesting fix, instead of silently producing a malformed environment name - by :user:gaborbernat. (:issue:3923)

---

v4.52.1 (2026-04-09)

---

Bug fixes - 4.52.1

• Changing a resolution-affecting environment variable via set_env (e.g. PIP_INDEX_URL) now invalidates the install cache and triggers a reinstall, rather than incorrectly reusing the cached environment - by :user:gaborbernat. (:issue:3917)
• Use normalize_isa from python-discovery for architecture factor matching, supporting aliases like i686 → x86 and aarch64 → arm64 - by :user:rahuldevikar. (:issue:3919)

---

v4.52.0 (2026-03-30)

---

Features - 4.52.0

• Add virtualenv-pep-723 runner that reads dependencies and Python version from :PEP:723 inline script metadata — no need to duplicate them in tox config - by :user:gaborbernat. (:issue:3897)
• Support escaped dots (\.) in -x/--override keys, allowing overrides to target environments with dots in their names such as py3.14 - by :user:gaborbernat. (:issue:3910)

Bug fixes - 4.52.0

• Auto-generate the manpage from the CLI argparse parser at wheel build time, fixing broken section headers and documenting all commands and options - by :user:gaborbernat. (:issue:3878)

Miscellaneous internal changes - 4.52.0

• Remove unsupported --remote flag from gh repo fork in the update-schemastore workflow, as recent versions of gh no longer accept it - by :user:rahuldevikar. (:issue:3908)

... (truncated)

Commits

• 4c584f2 release 4.53.0
• ddd7280 ✨ feat(toml): allow bare range/labeled dicts in env_list (#3923)
• 3e7f9df [pre-commit.ci] pre-commit autoupdate (#3922)
• 71ef9bf release 4.52.1
• d15c8fa 🐛 fix(pip): invalidate install cache on resolution env var changes (#3921)
• c1add25 build(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (#3920)
• 1866b9d use normalize_isa for architecture factor matching (#3919)
• ec77d9f [pre-commit.ci] pre-commit autoupdate (#3918)
• e7052a6 build(deps): bump astral-sh/setup-uv from 7.6.0 to 8.0.0 (#3915)
• d83d577 release 4.52.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud