[pre-commit.ci] pre-commit autoupdate

[pre-commit-ci]

updates:

• github.com/astral-sh/ruff-pre-commit: v0.11.5 → v0.11.10
• github.com/woodruffw/zizmor-pre-commit: v1.5.2 → v1.7.0

[nicoddemus]

zizmor is failing with:

error[unpinned-uses]: unpinned action reference
  --> .github/workflows/deploy.yml:34:7
   |
34 |       uses: hynek/build-and-inspect-python-package@v2.12.0
   |       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ action is not pinned to a hash (required by blanket policy)
   |
   = note: audit confidence → High

It wants us to update to hashes... however how does that affect dependabot updates?

[Pierre-Sassoulas]

I think it still works and start using a hash instead (you don't have to change to a hash each time). I don't remember on what repo I saw that though. Doing this even if dependabot doesn't work anymore would make sense considering that an action owner can delete and recreate tags and completely change the pipelines behavior without any reviews, which is a lot of trust to give to anyone.

[Pierre-Sassoulas]

Used the latest tag for softprops/action-gh-release@v2 and codecov/codecov-action@v5 which were implicitely the latest tag. We can expect to be spammed a lot more by dependabot, might be time to change the settings so it update less often.

[nicoddemus]

Thanks @Pierre-Sassoulas for tackling this!

[patchback]

Backport to 8.3.x: 💔 cherry-picking failed — conflicts found

❌ Failed to cleanly apply 85a76b8 on top of patchback/backports/8.3.x/85a76b84296263eb6b13b59dd0641ff2f920dae2/pr-13387

Backporting merged PR #13387 into main

1. Ensure you have a local repo clone of your fork. Unless you cloned it
   from the upstream, this would be your origin remote.
2. Make sure you have an upstream repo added as a remote too. In these
   instructions you'll refer to it by the name upstream. If you don't
   have it, here's how you can add it:

   $ git remote add upstream https://github.com/pytest-dev/pytest.git

3. Ensure you have the latest copy of upstream and prepare a branch
   that will hold the backported code:

   $ git fetch upstream
   $ git checkout -b patchback/backports/8.3.x/85a76b84296263eb6b13b59dd0641ff2f920dae2/pr-13387 upstream/8.3.x

4. Now, cherry-pick PR [pre-commit.ci] pre-commit autoupdate #13387 contents into that branch:

   $ git cherry-pick -x 85a76b84296263eb6b13b59dd0641ff2f920dae2

   If it'll yell at you with something like fatal: Commit 85a76b84296263eb6b13b59dd0641ff2f920dae2 is a merge but no -m option was given., add -m 1 as follows instead:

   $ git cherry-pick -m1 -x 85a76b84296263eb6b13b59dd0641ff2f920dae2

5. At this point, you'll probably encounter some merge conflicts. You must
   resolve them in to preserve the patch from PR [pre-commit.ci] pre-commit autoupdate #13387 as close to the
   original as possible.
6. Push this branch to your fork on GitHub:

   $ git push origin patchback/backports/8.3.x/85a76b84296263eb6b13b59dd0641ff2f920dae2/pr-13387

7. Create a PR, ensure that the CI is green. If it's not — update it so that
   the tests and any other checks pass. This is it!
   Now relax and wait for the maintainers to process your pull request
   when they have some cycles to do reviews. Don't worry — they'll tell you if
   any improvements are necessary when the time comes!

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.