Update pre-commit

.github/workflows/lint.yml

@@ -2,19 +2,20 @@ name: Lint
 
 on: [push, pull_request, workflow_dispatch]
 
+permissions: {}
+
 env:
   FORCE_COLOR: 1
   PIP_DISABLE_PIP_VERSION_CHECK: 1
 
-permissions:
-  contents: read
-
 jobs:
   lint:
     runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - uses: actions/setup-python@v5
         with:
           python-version: "3.x"

.github/workflows/test.yml

@@ -2,8 +2,7 @@ name: Test
 
 on: [push, pull_request, workflow_dispatch]
 
-permissions:
-  contents: read
+permissions: {}
 
 env:
   FORCE_COLOR: 1
@@ -19,6 +18,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: Set up Python ${{ matrix.python-version }}
         uses: actions/setup-python@v5

.pre-commit-config.yaml

@@ -14,37 +14,42 @@ repos:
       - id: trailing-whitespace
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.7.1
+    rev: v0.9.6
     hooks:
       - id: ruff-format
 
   - repo: https://github.com/python-jsonschema/check-jsonschema
-    rev: 0.29.4
+    rev: 0.31.1
     hooks:
       - id: check-github-workflows
 
   - repo: https://github.com/rhysd/actionlint
-    rev: v1.7.3
+    rev: v1.7.7
     hooks:
       - id: actionlint
 
+  - repo: https://github.com/woodruffw/zizmor-pre-commit
+    rev: v1.3.1
+    hooks:
+      - id: zizmor
+
   - repo: https://github.com/tox-dev/pyproject-fmt
     rev: v2.5.0
     hooks:
       - id: pyproject-fmt
 
   - repo: https://github.com/abravalheri/validate-pyproject
-    rev: v0.22
+    rev: v0.23
     hooks:
       - id: validate-pyproject
 
   - repo: https://github.com/tox-dev/tox-ini-fmt
-    rev: 1.4.1
+    rev: 1.5.0
     hooks:
       - id: tox-ini-fmt
 
   - repo: https://github.com/rbubley/mirrors-prettier
-    rev: v3.3.3
+    rev: v3.5.1
     hooks:
       - id: prettier
         files: templates/switchers.js

build_docs.py

@@ -86,7 +86,7 @@ def __init__(self, name, *, status, branch_or_tag=None):
         if status not in self.STATUSES:
             raise ValueError(
                 "Version status expected to be one of: "
-                f"{', '.join(self.STATUSES|set(self.SYNONYMS.keys()))}, got {status!r}."
+                f"{', '.join(self.STATUSES | set(self.SYNONYMS.keys()))}, got {status!r}."
             )
         self.name = name
         self.branch_or_tag = branch_or_tag
@@ -732,8 +732,7 @@ def build(self):
                 shell=True,
             )
             subprocess.check_output(
-                "sed -i s/\N{REPLACEMENT CHARACTER}/?/g "
-                f"{self.checkout}/Doc/**/*.rst",
+                f"sed -i s/\N{REPLACEMENT CHARACTER}/?/g {self.checkout}/Doc/**/*.rst",
                 shell=True,
             )
 

check_times.py

@@ -50,7 +50,7 @@ def calc_time(lines: list[str]) -> None:
             fmt_duration = format_seconds(state_data["last_build_duration"])
             reason = state_data["triggered_by"]
             print(
-                f"{start:%Y-%m-%d %H:%M UTC} | {version: <7} | {language: <8} | {fmt_duration :<14} | {reason}"
+                f"{start:%Y-%m-%d %H:%M UTC} | {version: <7} | {language: <8} | {fmt_duration:<14} | {reason}"
             )
 
         if line.endswith("Build start."):
@@ -64,7 +64,7 @@ def calc_time(lines: list[str]) -> None:
             timestamp = f"{line[:16]} UTC"
             _, fmt_duration = line.removesuffix(").").split("(")
             print(
-                f"{timestamp: <20} | --FULL- | -BUILD-- | {fmt_duration :<14} | -----------"
+                f"{timestamp: <20} | --FULL- | -BUILD-- | {fmt_duration:<14} | -----------"
             )
 
     if in_progress: