Bump filelock from 3.29.3 to 3.29.4

[dependabot]

Bumps filelock from 3.29.3 to 3.29.4.

Release notes

Sourced from filelock's releases.

3.29.4

What's Changed

• verify inode in break_lock_file before unlinking a stale lock by @​dxbjavid in tox-dev/filelock#561
• keep the read/write heartbeat alive on a transient touch error by @​dxbjavid in tox-dev/filelock#562

Full Changelog: tox-dev/filelock@3.29.3...3.29.4

Changelog

Sourced from filelock's changelog.

########### Changelog ###########

---

3.29.4 (2026-06-13)

---

• keep the read/write heartbeat alive on a transient touch error :pr:562 - by :user:dxbjavid
• verify inode in break_lock_file before unlinking a stale lock :pr:561 - by :user:dxbjavid

---

3.29.3 (2026-06-10)

---

• 🐛 fix(ci): restore release environment on tag job :pr:559
• validate pid range in _parse_lock_holder :pr:556 - by :user:dxbjavid
• 🔧 ci(release): publish to PyPI on tag push :pr:557
• build(deps): bump astral-sh/setup-uv from 8.1.0 to 8.2.0 :pr:558 - by :user:dependabot[bot]

---

3.29.2 (2026-06-10)

---

• build(deps): bump actions/checkout from 6.0.2 to 6.0.3 :pr:555 - by :user:dependabot[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:554 - by :user:pre-commit-ci[bot]
• check hostname in is_lock_held_by_us :pr:553 - by :user:dxbjavid
• 🔒 fix(soft): harden stale-lock breaking and self-heal malformed locks :pr:551
• open marker reads non-blocking to refuse attacker-placed fifo :pr:549 - by :user:dxbjavid

---

3.29.1 (2026-06-03)

---

• 🐛 fix(soft): refuse to follow symlinks when reading the lock file :pr:548 - by :user:dxbjavid
• [pre-commit.ci] pre-commit autoupdate :pr:547 - by :user:pre-commit-ci[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:546 - by :user:pre-commit-ci[bot]
• chore: improve filelock maintenance path :pr:545 - by :user:lphuc2250gma
• chore: improve filelock maintenance path :pr:544 - by :user:lphuc2250gma
• chore: improve filelock maintenance path :pr:542 - by :user:lphuc2250gma
• docs: clarify per-thread scope of FileLock configuration :pr:543 - by :user:Gares95
• [pre-commit.ci] pre-commit autoupdate :pr:541 - by :user:pre-commit-ci[bot]
• docs: fix API docs of release() :pr:540 - by :user:MrAnno
• [pre-commit.ci] pre-commit autoupdate :pr:539 - by :user:pre-commit-ci[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:538 - by :user:pre-commit-ci[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:537 - by :user:pre-commit-ci[bot]
• build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 :pr:536 - by :user:dependabot[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:535 - by :user:pre-commit-ci[bot]

---

... (truncated)

Commits

• f3c11c0 Release 3.29.4
• 5d663ee keep the read/write heartbeat alive on a transient touch error (#562)
• 406d0a2 verify inode in break_lock_file before unlinking a stale lock (#561)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

✅MegaLinter analysis: Success

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ COPYPASTE	jscpd	yes		no	no	68.94s
✅ JSON	prettier	7	0	0	0	1.07s
✅ JSON	v8r	7		0	0	6.54s
✅ MARKDOWN	markdownlint	68	0	0	0	1.68s
✅ MARKDOWN	markdown-table-formatter	68	0	0	0	0.76s
✅ PYTHON	black	871	1	0	0	52.9s
✅ PYTHON	isort	871	2	0	0	4.16s
✅ REPOSITORY	checkov	yes		no	no	52.75s
✅ REPOSITORY	gitleaks	yes		no	no	9.97s
✅ REPOSITORY	git_diff	yes		no	no	0.07s
✅ REPOSITORY	secretlint	yes		no	no	24.3s
✅ REPOSITORY	syft	yes		no	no	3.28s
✅ REPOSITORY	trivy-sbom	yes		no	no	6.09s
✅ REPOSITORY	trufflehog	yes		no	no	25.06s
✅ YAML	prettier	11	0	0	0	0.75s
✅ YAML	v8r	11		0	0	12.22s
✅ YAML	yamllint	11		0	0	0.59s

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.5.0 --custom-flavor-setup --custom-flavor-linters PYTHON_BLACK,PYTHON_ISORT,COPYPASTE_JSCPD,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

Show us your support by starring ⭐ the repository