Skip to content

chore(deps): bump the all group across 1 directory with 8 updates#76

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/all-402a4d0679
Open

chore(deps): bump the all group across 1 directory with 8 updates#76
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/all-402a4d0679

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 1, 2026

Updates the requirements on joserfc, fastapi, fastapi-swagger, ruff, uvicorn, beanie, pytest-asyncio and prek to permit the latest version.
Updates joserfc to 1.6.8

Release notes

Sourced from joserfc's releases.

1.6.8

  • Reject empty OctKey.

Full Changelog: authlib/joserfc@1.6.7...1.6.8

Changelog

Sourced from joserfc's changelog.

1.6.8

Released on May 27, 2026

  • Reject empty OctKey.

1.6.7

Released on May 23, 2026

  • Update for type hints.

1.6.6

Released on May 18, 2026

  • JWS: validate payload size when b64=false.

1.6.5

Released on May 3, 2026

  • JWS: increase registry's payload max size.

1.6.4

Released on April 13, 2026

  • JWE: remove InvalidCEKLengthError.
  • JWK: fix ECKey serialization.

1.6.3

Released on February 25, 2026

  • JWE: Set a max value for p2c header.

1.6.2

Released on February 16, 2026

  • JWE: Auto add kid to recipient.
  • JWE: Use DeflateZipModel.MAX_SIZE to determine size limit.

... (truncated)

Commits
  • ea1d9e3 chore: release 1.6.8
  • 86d0091 Reject empty oct key material and empty HMAC keys at sign/verify entry
  • 1e5b94d chore: release 1.6.7
  • 75d9f95 fix(typing): use cast for type hints
  • 6d24037 Merge pull request #98 from jonathangreen/algorithms-accept-collection
  • 102a7a7 fix(typing): accept any Collection for algorithms, not just list
  • 8b869e8 chore: release 1.6.6
  • 00d599b chore: update actions
  • 9186561 Merge pull request #97 from authlib/fix-b64
  • 4d4ea2e fix(jws): validate payload size for b64=false
  • Additional commits viewable in compare view

Updates fastapi to 0.136.3

Release notes

Sourced from fastapi's releases.

0.136.3

Refactors

  • ♻️ Do not accept underscore headers when using convert_underscores=True (the default). PR #15589 by @​tiangolo.
Commits
  • 8206485 🔖 Release version 0.136.3
  • c910e01 📝 Update release notes
  • 063b5bf ♻️ Do not accept underscore headers when using convert_underscores=True (th...
  • 22b02e2 🔖 Release version 0.136.2
  • 3b252a2 📝 Update release notes
  • c7fb785 ♻️ Validate Server Sent Event fields to avoid applications from sending broke...
  • cb83b83 📝 Update release notes
  • 00f805c ✅ Update tests, don't double dispose the engine (#15587)
  • 3675137 📝 Update release notes
  • 7b57e42 📝 Document --entrypoint CLI option (#15464)
  • Additional commits viewable in compare view

Updates fastapi-swagger to 0.4.50

Release notes

Sourced from fastapi-swagger's releases.

v0.4.50

Package version: v0.4.50 🚀 Swagger UI version: v5.32.6

Commits

Updates ruff to 0.15.15

Release notes

Sourced from ruff's releases.

0.15.15

Release Notes

Released on 2026-05-28.

Preview features

  • Fix Markdown closing fence handling (#25310)
  • [pyflakes] Report duplicate imports in typing.TYPE_CHECKING block (F811) (#22560)

Bug fixes

  • [pyflakes] Treat function-scope bare annotations as locals per PEP 526 (F821) (#21540)

Performance

  • Avoid redundant TokenValue drops in the lexer (#25300)
  • Reduce memory usage by dropping token-excess capacity and improve performance by approximating the initial tokens Vec size (#25354)
  • Use ThinVec in AST to shrink Stmt (#25361)

Documentation

  • Fix line-length example for --config option (#25389)
  • [flake8-comprehensions] Document RecursionError edge case in __len__ (C416) (#25286)
  • [mccabe] Improve example (C901) (#25287)
  • [pyupgrade] Clarify fix safety docs (UP007, UP045) (#25288)
  • [refurb] Document FURB192 exception change for empty sequences (#25317)
  • [ruff] Document false negative for user-defined types (RUF013) (#25289)

Formatter

  • Fix formatting of lambdas nested within f-strings (#25398)

Server

  • Return code action for codeAction/resolve requests that contain no or no valid URL (#25365)

Other changes

  • Expand semantic syntax errors for invalid walruses (#25415)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.15

Released on 2026-05-28.

Preview features

  • Fix Markdown closing fence handling (#25310)
  • [pyflakes] Report duplicate imports in typing.TYPE_CHECKING block (F811) (#22560)

Bug fixes

  • [pyflakes] Treat function-scope bare annotations as locals per PEP 526 (F821) (#21540)

Performance

  • Avoid redundant TokenValue drops in the lexer (#25300)
  • Reduce memory usage by dropping token-excess capacity and improve performance by approximating the initial tokens Vec size (#25354)
  • Use ThinVec in AST to shrink Stmt (#25361)

Documentation

  • Fix line-length example for --config option (#25389)
  • [flake8-comprehensions] Document RecursionError edge case in __len__ (C416) (#25286)
  • [mccabe] Improve example (C901) (#25287)
  • [pyupgrade] Clarify fix safety docs (UP007, UP045) (#25288)
  • [refurb] Document FURB192 exception change for empty sequences (#25317)
  • [ruff] Document false negative for user-defined types (RUF013) (#25289)

Formatter

  • Fix formatting of lambdas nested within f-strings (#25398)

Server

  • Return code action for codeAction/resolve requests that contain no or no valid URL (#25365)

Other changes

  • Expand semantic syntax errors for invalid walruses (#25415)

Contributors

... (truncated)

Commits
  • db5aa0a Bump 0.15.15 (#25431)
  • 366fe21 [ty] Improve diagnostics for syntax errors in forward annotations (#25158)
  • e2e1e64 [ty] Remove excess capacity from more Salsa cached collections (#25411)
  • 1bd77e1 [ty] Use diagnostic message as tie breaker when sorting (#25424)
  • 7e1bc1e Add agent skills for working on ty (#25422)
  • 574e107 Expand semantic syntax errors for invalid walruses (#25415)
  • 4a7ca06 [ty] Display docs for matching parameter when hovering over the name of an ar...
  • 5432709 Refine a few agents instructions (#25423)
  • 3cb09eb [ty] Support typing.TypeForm (#25334)
  • c8cd59f [ty] Infer class attributes assigned by metaclass initialization (#25342)
  • Additional commits viewable in compare view

Updates uvicorn to 0.48.0

Release notes

Sourced from uvicorn's releases.

Version 0.48.0

What's Changed

Full Changelog: Kludex/uvicorn@0.47.0...0.48.0

Changelog

Sourced from uvicorn's changelog.

0.48.0 (May 24, 2026)

Changed

  • Default ssl_ciphers to None and use OpenSSL defaults (#2940)

Fixed

  • Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)

0.47.0 (May 14, 2026)

Added

  • Add ssl_context_factory for custom SSLContext configuration (#2920)

Changed

  • Eagerly import the ASGI app in the parent process (#2919)

Fixed

  • Treat fd=0 as a valid file descriptor with reload/workers (#2927)

0.46.0 (April 23, 2026)

Added

  • Support ws_max_size in wsproto implementation (#2915)
  • Support ws_ping_interval and ws_ping_timeout in wsproto implementation (#2916)

Changed

  • Use bytearray for incoming WebSocket message buffer in websockets-sansio (#2917)

0.45.0 (April 21, 2026)

Added

  • Add --reset-contextvars flag to isolate ASGI request context (#2912)
  • Accept os.PathLike for log_config (#2905)
  • Accept log_level strings case-insensitively (#2907)

Changed

  • Revert "Emit http.disconnect on server shutdown for streaming responses" (#2913)
  • Revert "Explicitly start ASGI run with empty context" (#2911)

Fixed

... (truncated)

Commits
  • 73e84e5 Version 0.48.0 (#2951)
  • 45ea116 Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)
  • dd4394c chore(deps): bump idna from 3.11 to 3.15 (#2941)
  • abe0781 Default ssl_ciphers to None and use OpenSSL defaults (#2940)
  • 479a2c0 Version 0.47.0 (#2937)
  • 89347fd Add 7-day cooldown for dependency resolution via uv exclude-newer (#2936)
  • 767315b Drop unused contents/actions permissions from zizmor workflow (#2935)
  • f25ee43 chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (#2933)
  • 8782666 Fix typo in docs/deployment/index.md. (#2932)
  • ad5ff87 Treat fd=0 as a valid file descriptor with reload/workers (#2927)
  • Additional commits viewable in compare view

Updates beanie to 2.1.0

Release notes

Sourced from beanie's releases.

2.1.0

What's Changed

New Contributors

Full Changelog: BeanieODM/beanie@2.0.1...2.1.0

Changelog

Sourced from beanie's changelog.

2.1.0 - 2026-03-20

Drop EOL Python 3.9, MongoDB 4.4/5.0/6.0, Pydantic v1

Speed up init by avoiding duplicate db commands

Improve class filter and is/is not for enum comparison

Fix OperationFailure when saving with keep_nulls=False and no None values

Fix FindQuery.count() ignoring pymongo_kwargs

Add Beanie version to handshake metadata

Docs: clarify state management description

Add docstring to DocumentWithSoftDelete

Fix: support frozen fields on save() and replace()

Fix: handle RootModel with custom iter in save()

Fix: handle BackLink types in fetch_link and fetch_all_links

Fix: persist before_event changes to DB on save/update/replace

Fix: resolve Pydantic field aliases in nested expression field queries

Do not ignore deprecation warnings in tests

[2.0.1] - 2025-11-17

Fix: exclude pymongo 4.15.0 due to a known issue

... (truncated)

Commits
  • 8a1dba4 fix: switch publish workflows to OIDC trusted publisher and update actions (#...
  • 160ae55 release: 2.1.0
  • e416daf add support with_children on delete_all (#1310)
  • dc10fe0 release: bump version to 2.1.0
  • ce69851 test: do not ignore deprecation warnings in tests (#1123)
  • e79aba9 fix: resolve Pydantic field aliases in nested expression field queries (#1278)
  • 78ff7dc fix: persist before_event changes to DB on save/update/replace (#1279)
  • 82bbebe fix: handle BackLink types in fetch_link and fetch_all_links (#1286)
  • 5e48925 fix: handle RootModel with custom iter in save() (#1284)
  • db2f441 fix: support frozen fields on save() and replace() (#1282)
  • Additional commits viewable in compare view

Updates pytest-asyncio to 1.4.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio v1.4.0

1.4.0 - 2026-05-26

Deprecated

  • Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

  • Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

    The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged.

    Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

  • Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
  • Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)
  • Updated minimum supported pytest version to v8.4.0. (#1397)

Fixed

  • Fixed a ResourceWarning: unclosed event loop warning that could occur when a synchronous test called asyncio.run() or otherwise unset the current event loop after pytest-asyncio had run an async test or fixture. (#724)

Notes for Downstream Packagers

  • Added dependency on sphinx-tabs >= 3.5 to organize documentation examples into tabs. (#1395)
Commits
  • 6e14cd2 chore: Prepare release of v1.4.0.
  • 4b900fb Build(deps): Bump codecov/codecov-action from 6.0.0 to 6.0.1
  • ab9f632 Build(deps): Bump zipp from 3.23.1 to 4.1.0
  • a56fc77 Build(deps): Bump hypothesis from 6.152.6 to 6.152.8
  • e8bae9b Build(deps): Bump requests from 2.34.0 to 2.34.2
  • fc43340 Build(deps): Bump idna from 3.14 to 3.15
  • 762eaf5 Build(deps): Bump jaraco-functools from 4.4.0 to 4.5.0
  • b62e222 Build(deps): Bump click from 8.3.3 to 8.4.0
  • 9190447 Build(deps): Bump pydantic from 2.13.3 to 2.13.4
  • 82a393c ci: Remove unnecessary debug output.
  • Additional commits viewable in compare view

Updates prek to 0.4.3

Release notes

Sourced from prek's releases.

0.4.3

Release Notes

Released on 2026-05-27.

Bug fixes

  • Ignore stat-only hook rewrites (#2131)

Sponsorship

If prek saves time for you or your team, please consider sponsoring the project on GitHub Sponsors. It helps keep new features, performance work, and maintenance moving.

Contributors

Install prek 0.4.3

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/j178/prek/releases/download/v0.4.3/prek-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/j178/prek/releases/download/v0.4.3/prek-installer.ps1 | iex"

Install prebuilt binaries via Homebrew

brew install prek

Download prek 0.4.3

File Platform Checksum
prek-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
prek-x86_64-apple-darwin.tar.gz Intel macOS checksum
prek-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
prek-i686-pc-windows-msvc.zip x86 Windows checksum
prek-x86_64-pc-windows-msvc.zip x64 Windows checksum
prek-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
prek-i686-unknown-linux-gnu.tar.gz x86 Linux checksum

... (truncated)

Changelog

Sourced from prek's changelog.

0.4.3

Released on 2026-05-27.

Bug fixes

  • Ignore stat-only hook rewrites (#2131)

Sponsorship

If prek saves time for you or your team, please consider sponsoring the project on GitHub Sponsors. It helps keep new features, performance work, and maintenance moving.

Contributors

0.4.2

Released on 2026-05-26.

Highlights

0.4.2 is mainly about making prek run faster in large repos.

prek now does less git diff work. After hooks run, prek uses diff checks to detect files changed by hooks. If a hook modifies files, prek marks that hook as failed. That is important, but full diff snapshots can be slow in big repos, especially when they happen after every hook group.

We skip the expensive diff path in two common cases: built-in hooks that prek knows are read-only, and clean worktrees where a cheap dirty check is enough unless a hook actually changes files. In the right large-repo workload, skipping that work can make runs up to 10x faster.

Workspace mode is faster too. Hooks have historically been too serial. Priority-based concurrency helped, but it required users to choose good priority values. Now sibling projects at the same workspace depth run in parallel automatically. Their files do not overlap, so this is safe and needs no extra config. For multi-project workspaces, this can dramatically reduce total hook time.

Sponsorship

If prek saves time for you or your team, please consider sponsoring the project on GitHub Sponsors. It helps keep new features, performance work, and maintenance moving.

Enhancements

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the all group across 1 directory with 8 updates
161586c 
Updates the requirements on [joserfc](https://github.com/authlib/joserfc), [fastapi](https://github.com/fastapi/fastapi), [fastapi-swagger](https://github.com/dantetemplar/fastapi-swagger), [ruff](https://github.com/astral-sh/ruff), [uvicorn](https://github.com/Kludex/uvicorn), [beanie](https://github.com/BeanieODM/beanie), [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) and [prek](https://github.com/j178/prek) to permit the latest version.

Updates `joserfc` to 1.6.8
- [Release notes](https://github.com/authlib/joserfc/releases)
- [Changelog](https://github.com/authlib/joserfc/blob/1.6.8/docs/changelog.rst)
- [Commits](authlib/joserfc@1.6.5...1.6.8)

Updates `fastapi` to 0.136.3
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.136.1...0.136.3)

Updates `fastapi-swagger` to 0.4.50
- [Release notes](https://github.com/dantetemplar/fastapi-swagger/releases)
- [Commits](dantetemplar/fastapi-swagger@v0.4.49...v0.4.50)

Updates `ruff` to 0.15.15
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.12...0.15.15)

Updates `uvicorn` to 0.48.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.46.0...0.48.0)

Updates `beanie` to 2.1.0
- [Release notes](https://github.com/BeanieODM/beanie/releases)
- [Changelog](https://github.com/BeanieODM/beanie/blob/main/docs/changelog.md)
- [Commits](BeanieODM/beanie@1.30.0...2.1.0)

Updates `pytest-asyncio` to 1.4.0
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](pytest-dev/pytest-asyncio@v1.3.0...v1.4.0)

Updates `prek` to 0.4.3
- [Release notes](https://github.com/j178/prek/releases)
- [Changelog](https://github.com/j178/prek/blob/master/CHANGELOG.md)
- [Commits](j178/prek@v0.3.13...v0.4.3)

---
updated-dependencies:
- dependency-name: joserfc
  dependency-version: 1.6.8
  dependency-type: direct:production
  dependency-group: all
- dependency-name: fastapi
  dependency-version: 0.136.3
  dependency-type: direct:production
  dependency-group: all
- dependency-name: fastapi-swagger
  dependency-version: 0.4.50
  dependency-type: direct:production
  dependency-group: all
- dependency-name: ruff
  dependency-version: 0.15.15
  dependency-type: direct:production
  dependency-group: all
- dependency-name: uvicorn
  dependency-version: 0.48.0
  dependency-type: direct:production
  dependency-group: all
- dependency-name: beanie
  dependency-version: 2.1.0
  dependency-type: direct:production
  dependency-group: all
- dependency-name: pytest-asyncio
  dependency-version: 1.4.0
  dependency-type: direct:development
  dependency-group: all
- dependency-name: prek
  dependency-version: 0.4.3
  dependency-type: direct:development
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants