Merge pull request #147 from neutrons/pre-commit-ci-update-config

KedoKudo · web-flow · commit 27db4b7a7a9d · 2026-03-02T17:16:14.000-05:00
[pre-commit.ci] pre-commit autoupdate
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -17,7 +17,7 @@ repos:
       - id: trailing-whitespace
         exclude: "tests/cis_tests/.*"
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.15.2
+    rev: v0.15.4
     hooks:
       - id: ruff-check
         args: [--fix, --exit-non-zero-on-fix]
diff --git a/pixi.lock b/pixi.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -108,13 +108,13 @@ qt = "*"
 qtpy = "*"
 pyqt = "*"
 # pip-audit
-h2 = ">=4.3.0"            # Known vulnerability in <4.3.0
+h2 = ">=4.3.0"               # Known vulnerability in <4.3.0
 brotli = ">=1.2.0"
-urllib3 = ">=2.6.3"       # Known vulnerability in <2.6.3
-filelock = ">=3.20.3"     # Known vulnerability in <3.20.3
-virtualenv = ">=20.36.1"  # Known vulnerability in <20.36.1
-cryptography = ">=46.0.5" # CVE-2026-26007
-pillow = ">=12.1.1"       # CVE-2026-25990
+urllib3 = ">=2.6.3"          # Known vulnerability in <2.6.3
+filelock = ">=3.20.3"        # Known vulnerability in <3.20.3
+virtualenv = ">=20.36.1,<21" # Known vulnerability in <20.36.1; capped due to https://github.com/pypa/hatch/issues/2193
+cryptography = ">=46.0.5"    # CVE-2026-26007
+pillow = ">=12.1.1"          # CVE-2026-25990
 
 [tool.pixi.pypi-dependencies]
 # PyPI dependencies, including this package to allow local editable installs
