Skip to content

chore(deps): bump the all group across 1 directory with 7 updates#75

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/all-d619c61cb1
Open

chore(deps): bump the all group across 1 directory with 7 updates#75
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/all-d619c61cb1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 25, 2026

Updates the requirements on joserfc, fastapi, fastapi-swagger, ruff, uvicorn, beanie and prek to permit the latest version.
Updates joserfc to 1.6.7

Release notes

Sourced from joserfc's releases.

1.6.7

   🐞 Bug Fixes

    View changes on GitHub
Changelog

Sourced from joserfc's changelog.

1.6.7

Released on May 23, 2026

  • Update for type hints.

1.6.6

Released on May 18, 2026

  • JWS: validate payload size when b64=false.

1.6.5

Released on May 3, 2026

  • JWS: increase registry's payload max size.

1.6.4

Released on April 13, 2026

  • JWE: remove InvalidCEKLengthError.
  • JWK: fix ECKey serialization.

1.6.3

Released on February 25, 2026

  • JWE: Set a max value for p2c header.

1.6.2

Released on February 16, 2026

  • JWE: Auto add kid to recipient.
  • JWE: Use DeflateZipModel.MAX_SIZE to determine size limit.

1.6.1

Released on December 30, 2025

  • Deprecate InvalidTokenError, please use InvalidClaimError instead.

... (truncated)

Commits
  • 1e5b94d chore: release 1.6.7
  • 75d9f95 fix(typing): use cast for type hints
  • 6d24037 Merge pull request #98 from jonathangreen/algorithms-accept-collection
  • 102a7a7 fix(typing): accept any Collection for algorithms, not just list
  • 8b869e8 chore: release 1.6.6
  • 00d599b chore: update actions
  • 9186561 Merge pull request #97 from authlib/fix-b64
  • 4d4ea2e fix(jws): validate payload size for b64=false
  • b6554cc Merge pull request #96 from sebasxsala/fix-p512-fixture
  • b89eadf test: normalize P-521 private key fixture
  • See full diff in compare view

Updates fastapi to 0.136.3

Release notes

Sourced from fastapi's releases.

0.136.3

Refactors

  • ♻️ Do not accept underscore headers when using convert_underscores=True (the default). PR #15589 by @​tiangolo.
Commits
  • 8206485 🔖 Release version 0.136.3
  • c910e01 📝 Update release notes
  • 063b5bf ♻️ Do not accept underscore headers when using convert_underscores=True (th...
  • 22b02e2 🔖 Release version 0.136.2
  • 3b252a2 📝 Update release notes
  • c7fb785 ♻️ Validate Server Sent Event fields to avoid applications from sending broke...
  • cb83b83 📝 Update release notes
  • 00f805c ✅ Update tests, don't double dispose the engine (#15587)
  • 3675137 📝 Update release notes
  • 7b57e42 📝 Document --entrypoint CLI option (#15464)
  • Additional commits viewable in compare view

Updates fastapi-swagger to 0.4.50

Release notes

Sourced from fastapi-swagger's releases.

v0.4.50

Package version: v0.4.50 🚀 Swagger UI version: v5.32.6

Commits

Updates ruff to 0.15.14

Release notes

Sourced from ruff's releases.

0.15.14

Release Notes

Released on 2026-05-21.

Preview features

  • [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
  • [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
  • [pylint] Implement too-many-try-statements (W0717) (#23970)
  • [ruff] Add incorrect-decorator-order (RUF074) (#23461)
  • [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

  • Fix lambda formatting in interpolated string expressions (#25144)
  • Treat generic frozenset annotations as immutable (#25251)
  • [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
  • [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

  • [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
  • [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

  • Avoid unnecessary parser lookahead for operators (#25290)

Documentation

  • Update code example setting Neovim LSP log level (#25284)

Other changes

  • Add full PEP 798 support (#25104)
  • Add a parser recursion limit (#24810)
  • Update various ruff_python_stdlib APIs (#25273)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.14

Released on 2026-05-21.

Preview features

  • [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
  • [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
  • [pylint] Implement too-many-try-statements (W0717) (#23970)
  • [ruff] Add incorrect-decorator-order (RUF074) (#23461)
  • [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

  • Fix lambda formatting in interpolated string expressions (#25144)
  • Treat generic frozenset annotations as immutable (#25251)
  • [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
  • [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

  • [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
  • [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

  • Avoid unnecessary parser lookahead for operators (#25290)

Documentation

  • Update code example setting Neovim LSP log level (#25284)

Other changes

  • Add full PEP 798 support (#25104)
  • Add a parser recursion limit (#24810)
  • Update various ruff_python_stdlib APIs (#25273)

Contributors

... (truncated)

Commits
  • 9ad2da3 Bump 0.15.14 (#25295)
  • c714e84 [ty] Modernize setup of union types in mdtests (#25291)
  • 8a8e35e [flake8-comprehensions] Skip C417 for lambdas with positional-only parame...
  • aea5ed4 Avoid unnecessary parser lookahead for operators (#25290)
  • e9d72bb [ty] Allow enum member accesses on self (#25077)
  • 6cbd59b Set exclude-newer = "7 days" in our PEP-723 scripts (#25285)
  • 9999a39 Update code example on how to update Neovim LSP log level (#25284)
  • 67d8c54 [ty] Retain recursively-defined state in binary expressions (#25277)
  • 25a3191 [ty] Refine Callable class-decorator fallback for unknown results (#25250)
  • c423054 Add a recursion limit to the parser (#24810)
  • Additional commits viewable in compare view

Updates uvicorn to 0.48.0

Release notes

Sourced from uvicorn's releases.

Version 0.48.0

What's Changed

Full Changelog: Kludex/uvicorn@0.47.0...0.48.0

Changelog

Sourced from uvicorn's changelog.

0.48.0 (May 24, 2026)

Changed

  • Default ssl_ciphers to None and use OpenSSL defaults (#2940)

Fixed

  • Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)

0.47.0 (May 14, 2026)

Added

  • Add ssl_context_factory for custom SSLContext configuration (#2920)

Changed

  • Eagerly import the ASGI app in the parent process (#2919)

Fixed

  • Treat fd=0 as a valid file descriptor with reload/workers (#2927)

0.46.0 (April 23, 2026)

Added

  • Support ws_max_size in wsproto implementation (#2915)
  • Support ws_ping_interval and ws_ping_timeout in wsproto implementation (#2916)

Changed

  • Use bytearray for incoming WebSocket message buffer in websockets-sansio (#2917)

0.45.0 (April 21, 2026)

Added

  • Add --reset-contextvars flag to isolate ASGI request context (#2912)
  • Accept os.PathLike for log_config (#2905)
  • Accept log_level strings case-insensitively (#2907)

Changed

  • Revert "Emit http.disconnect on server shutdown for streaming responses" (#2913)
  • Revert "Explicitly start ASGI run with empty context" (#2911)

Fixed

... (truncated)

Commits
  • 73e84e5 Version 0.48.0 (#2951)
  • 45ea116 Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)
  • dd4394c chore(deps): bump idna from 3.11 to 3.15 (#2941)
  • abe0781 Default ssl_ciphers to None and use OpenSSL defaults (#2940)
  • 479a2c0 Version 0.47.0 (#2937)
  • 89347fd Add 7-day cooldown for dependency resolution via uv exclude-newer (#2936)
  • 767315b Drop unused contents/actions permissions from zizmor workflow (#2935)
  • f25ee43 chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (#2933)
  • 8782666 Fix typo in docs/deployment/index.md. (#2932)
  • ad5ff87 Treat fd=0 as a valid file descriptor with reload/workers (#2927)
  • Additional commits viewable in compare view

Updates beanie to 2.1.0

Release notes

Sourced from beanie's releases.

2.1.0

What's Changed

New Contributors

Full Changelog: BeanieODM/beanie@2.0.1...2.1.0

Changelog

Sourced from beanie's changelog.

2.1.0 - 2026-03-20

Drop EOL Python 3.9, MongoDB 4.4/5.0/6.0, Pydantic v1

Speed up init by avoiding duplicate db commands

Improve class filter and is/is not for enum comparison

Fix OperationFailure when saving with keep_nulls=False and no None values

Fix FindQuery.count() ignoring pymongo_kwargs

Add Beanie version to handshake metadata

Docs: clarify state management description

Add docstring to DocumentWithSoftDelete

Fix: support frozen fields on save() and replace()

Fix: handle RootModel with custom iter in save()

Fix: handle BackLink types in fetch_link and fetch_all_links

Fix: persist before_event changes to DB on save/update/replace

Fix: resolve Pydantic field aliases in nested expression field queries

Do not ignore deprecation warnings in tests

[2.0.1] - 2025-11-17

Fix: exclude pymongo 4.15.0 due to a known issue

... (truncated)

Commits
  • 8a1dba4 fix: switch publish workflows to OIDC trusted publisher and update actions (#...
  • 160ae55 release: 2.1.0
  • e416daf add support with_children on delete_all (#1310)
  • dc10fe0 release: bump version to 2.1.0
  • ce69851 test: do not ignore deprecation warnings in tests (#1123)
  • e79aba9 fix: resolve Pydantic field aliases in nested expression field queries (#1278)
  • 78ff7dc fix: persist before_event changes to DB on save/update/replace (#1279)
  • 82bbebe fix: handle BackLink types in fetch_link and fetch_all_links (#1286)
  • 5e48925 fix: handle RootModel with custom iter in save() (#1284)
  • db2f441 fix: support frozen fields on save() and replace() (#1282)
  • Additional commits viewable in compare view

Updates prek to 0.4.1

Release notes

Sourced from prek's releases.

0.4.1

Release Notes

Released on 2026-05-20.

Enhancements

  • Fix pre-push range after rebase (#2089)
  • Prefer extensions over loose filename tags (#2092)
  • Skip installs for hooks that will not run (#2103)

Performance

  • Optimize meta hook file scans (#2106)
  • Reduce run filtering allocations (#2090)

Contributors

Install prek 0.4.1

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/j178/prek/releases/download/v0.4.1/prek-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/j178/prek/releases/download/v0.4.1/prek-installer.ps1 | iex"

Install prebuilt binaries via Homebrew

brew install prek

Download prek 0.4.1

File Platform Checksum
prek-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
prek-x86_64-apple-darwin.tar.gz Intel macOS checksum
prek-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
prek-i686-pc-windows-msvc.zip x86 Windows checksum
prek-x86_64-pc-windows-msvc.zip x64 Windows checksum
prek-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum

... (truncated)

Changelog

Sourced from prek's changelog.

0.4.1

Released on 2026-05-20.

Enhancements

  • Fix pre-push range after rebase (#2089)
  • Prefer extensions over loose filename tags (#2092)
  • Skip installs for hooks that will not run (#2103)

Performance

  • Optimize meta hook file scans (#2106)
  • Reduce run filtering allocations (#2090)

Contributors

0.4.0

Released on 2026-05-14.

Breaking changes

These are narrow cleanup breaks in behavior that was either temporary or never worked correctly. Most users should not need to change anything.

  • Generated hook scripts no longer preserve -q, -v, or --no-progress passed to prek install. This only affects users who expected those global flags to be baked into installed hooks. (#1966)
  • language_version no longer accepts direct executable paths. Use language_version: system for a system toolchain, or use a supported version request instead. This path form did not work reliably before, so existing working configs should be unaffected. (#1831)

Enhancements

  • Expand tilde in --config, --cd, --log-file and --git-dir (#2063)
  • Prevent auto-update cooldown downgrades (#2055)
  • Use managed npm cache for node hooks (#2075)

Bug fixes

  • Fix npm config env overrides for node hooks (#2074)

Documentation

  • Add cookbook page for enabling Git 2.54 config-based global hooks (#2061)

Contributors

0.3.13

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the all group across 1 directory with 7 updates
9e60a28 
Updates the requirements on [joserfc](https://github.com/authlib/joserfc), [fastapi](https://github.com/fastapi/fastapi), [fastapi-swagger](https://github.com/dantetemplar/fastapi-swagger), [ruff](https://github.com/astral-sh/ruff), [uvicorn](https://github.com/Kludex/uvicorn), [beanie](https://github.com/BeanieODM/beanie) and [prek](https://github.com/j178/prek) to permit the latest version.

Updates `joserfc` to 1.6.7
- [Release notes](https://github.com/authlib/joserfc/releases)
- [Changelog](https://github.com/authlib/joserfc/blob/main/docs/changelog.rst)
- [Commits](authlib/joserfc@1.6.5...1.6.7)

Updates `fastapi` to 0.136.3
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.136.1...0.136.3)

Updates `fastapi-swagger` to 0.4.50
- [Release notes](https://github.com/dantetemplar/fastapi-swagger/releases)
- [Commits](dantetemplar/fastapi-swagger@v0.4.49...v0.4.50)

Updates `ruff` to 0.15.14
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.12...0.15.14)

Updates `uvicorn` to 0.48.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.46.0...0.48.0)

Updates `beanie` to 2.1.0
- [Release notes](https://github.com/BeanieODM/beanie/releases)
- [Changelog](https://github.com/BeanieODM/beanie/blob/main/docs/changelog.md)
- [Commits](BeanieODM/beanie@1.30.0...2.1.0)

Updates `prek` to 0.4.1
- [Release notes](https://github.com/j178/prek/releases)
- [Changelog](https://github.com/j178/prek/blob/master/CHANGELOG.md)
- [Commits](j178/prek@v0.3.13...v0.4.1)

---
updated-dependencies:
- dependency-name: joserfc
  dependency-version: 1.6.7
  dependency-type: direct:production
  dependency-group: all
- dependency-name: fastapi
  dependency-version: 0.136.3
  dependency-type: direct:production
  dependency-group: all
- dependency-name: fastapi-swagger
  dependency-version: 0.4.50
  dependency-type: direct:production
  dependency-group: all
- dependency-name: ruff
  dependency-version: 0.15.14
  dependency-type: direct:production
  dependency-group: all
- dependency-name: uvicorn
  dependency-version: 0.48.0
  dependency-type: direct:production
  dependency-group: all
- dependency-name: beanie
  dependency-version: 2.1.0
  dependency-type: direct:production
  dependency-group: all
- dependency-name: prek
  dependency-version: 0.4.1
  dependency-type: direct:development
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants