Skip to content

Deps: Bump the python-packages group with 6 updates#95

Merged
greenbonebot merged 1 commit into
mainfrom
dependabot/pip/python-packages-1aa558316c
Sep 29, 2025
Merged

Deps: Bump the python-packages group with 6 updates#95
greenbonebot merged 1 commit into
mainfrom
dependabot/pip/python-packages-1aa558316c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Sep 29, 2025

Copy link
Copy Markdown
Contributor

Bumps the python-packages group with 6 updates:

Package From To
fastapi 0.117.1 0.118.0
uvicorn 0.36.0 0.37.0
anyio 4.10.0 4.11.0
pydantic 1.10.23 2.11.9
pyyaml 6.0.2 6.0.3
ruff 0.13.1 0.13.2

Updates fastapi from 0.117.1 to 0.118.0

Release notes

Sourced from fastapi's releases.

0.118.0

Fixes

  • 🐛 Fix support for StreamingResponses with dependencies with yield or UploadFiles, close after the response is done. PR #14099 by @​tiangolo.

Before FastAPI 0.118.0, if you used a dependency with yield, it would run the exit code after the path operation function returned but right before sending the response.

This change also meant that if you returned a StreamingResponse, the exit code of the dependency with yield would have been already run.

For example, if you had a database session in a dependency with yield, the StreamingResponse would not be able to use that session while streaming data because the session would have already been closed in the exit code after yield.

This behavior was reverted in 0.118.0, to make the exit code after yield be executed after the response is sent.

You can read more about it in the docs for Advanced Dependencies - Dependencies with yield, HTTPException, except and Background Tasks. Including what you could do if you wanted to close a database session earlier, before returning the response to the client.

Docs

  • 📝 Update tutorial/security/oauth2-jwt/ to use pwdlib with Argon2 instead of passlib. PR #13917 by @​Neizvestnyj.
  • ✏️ Fix typos in OAuth2 password request forms. PR #14112 by @​alv2017.
  • 📝 Update contributing guidelines for installing requirements. PR #14095 by @​alejsdev.

Translations

Internal

Commits
  • 333f1ba 🔖 Release version 0.118.0
  • 1d5168a 📝 Update release notes
  • bfa54b4 📝 Update release notes
  • e329d78 🐛 Fix support for StreamingResponses with dependencies with yield or `Upl...
  • 861b22c 📝 Update release notes
  • efdafa4 📝 Update tutorial/security/oauth2-jwt/ to use pwdlib with Argon2 instead ...
  • 450a334 📝 Update release notes
  • 3eb2ee7 ✏️ Fix typos in OAuth2 password request forms (#14112)
  • 287eb31 📝 Update release notes
  • cca3341 🌐 Sync German docs (#14098)
  • Additional commits viewable in compare view

Updates uvicorn from 0.36.0 to 0.37.0

Release notes

Sourced from uvicorn's releases.

Version 0.37.0

What's Changed

New Contributors

Full Changelog: Kludex/uvicorn@0.36.1...0.37.0

Version 0.36.1

What's Changed

Full Changelog: Kludex/uvicorn@0.36.0...0.36.1

Changelog

Sourced from uvicorn's changelog.

0.37.0 (September 23, 2025)

Added

  • Add --timeout-worker-healthcheck option (#2711)
  • Add os.PathLike[str] type to ssl_ca_certs (#2676)

0.36.1 (September 23, 2025)

Fixed

  • Raise an exception when calling removed Config.setup_event_loop() (#2709)
Commits

Updates anyio from 4.10.0 to 4.11.0

Release notes

Sourced from anyio's releases.

4.11.0

  • Added support for cancellation reasons (the reason parameter to CancelScope.cancel()) (#975)
  • Bumped the minimum version of Trio to v0.31.0
  • Added the ability to enter the event loop from foreign (non-worker) threads by passing the return value of anyio.lowlevel.current_token() to anyio.from_thread.run() and anyio.from_thread.run_sync() as the token keyword argument (#256)
  • Added pytest option (anyio_mode = "auto") to make the pytest plugin automatically handle all async tests (#971)
  • Added the anyio.Condition.wait_for() method for feature parity with asyncio (#974)
  • Changed the default type argument of anyio.abc.TaskStatus from Any to None (#964)
  • Fixed TCP listener behavior to guarantee the same ephemeral port is used for all socket listeners when local_port=0 (#857; PR by @​11kkw and @​agronholm)
  • Fixed inconsistency between Trio and asyncio where a TCP stream that previously raised a BrokenResourceError on send() would still raise BrokenResourceError after the stream was closed on asyncio, but ClosedResourceError on Trio. They now both raise a ClosedResourceError in this scenario. (#671)
Changelog

Sourced from anyio's changelog.

Version history

This library adheres to Semantic Versioning 2.0 <http://semver.org/>_.

4.11.0

  • Added support for cancellation reasons (the reason parameter to CancelScope.cancel()) ([#975](https://github.com/agronholm/anyio/issues/975) <https://github.com/agronholm/anyio/pull/975>_)
  • Bumped the minimum version of Trio to v0.31.0
  • Added the ability to enter the event loop from foreign (non-worker) threads by passing the return value of anyio.lowlevel.current_token() to anyio.from_thread.run() and anyio.from_thread.run_sync() as the token keyword argument ([#256](https://github.com/agronholm/anyio/issues/256) <https://github.com/agronholm/anyio/issues/256>_)
  • Added pytest option (anyio_mode = "auto") to make the pytest plugin automatically handle all async tests ([#971](https://github.com/agronholm/anyio/issues/971) <https://github.com/agronholm/anyio/pull/971>_)
  • Added the anyio.Condition.wait_for() method for feature parity with asyncio ([#974](https://github.com/agronholm/anyio/issues/974) <https://github.com/agronholm/anyio/pull/974>_)
  • Changed the default type argument of anyio.abc.TaskStatus from Any to None ([#964](https://github.com/agronholm/anyio/issues/964) <https://github.com/agronholm/anyio/pull/964>_)
  • Fixed TCP listener behavior to guarantee the same ephemeral port is used for all socket listeners when local_port=0 ([#857](https://github.com/agronholm/anyio/issues/857) <https://github.com/agronholm/anyio/issues/857>_; PR by @​11kkw and @​agronholm)
  • Fixed inconsistency between Trio and asyncio where a TCP stream that previously raised a BrokenResourceError on send() would still raise BrokenResourceError after the stream was closed on asyncio, but ClosedResourceError on Trio. They now both raise a ClosedResourceError in this scenario. ([#671](https://github.com/agronholm/anyio/issues/671) <https://github.com/agronholm/anyio/issues/671>_)

4.10.0

  • Added the feed_data() method to the BufferedByteReceiveStream class, allowing users to inject data directly into the buffer

  • Added various class methods to wrap existing sockets as listeners or socket streams:

    • SocketListener.from_socket()
    • SocketStream.from_socket()
    • UNIXSocketStream.from_socket()
    • UDPSocket.from_socket()
    • ConnectedUDPSocket.from_socket()
    • UNIXDatagramSocket.from_socket()
    • ConnectedUNIXDatagramSocket.from_socket()
  • Added a hierarchy of connectable stream classes for transparently connecting to various remote or local endpoints for exchanging bytes or objects

  • Added context manager mix-in classes (anyio.ContextManagerMixin and anyio.AsyncContextManagerMixin) to help write classes that embed other context managers, particularly cancel scopes or task groups ([#905](https://github.com/agronholm/anyio/issues/905) <https://github.com/agronholm/anyio/pull/905>_; PR by @​agronholm and

... (truncated)

Commits
  • 08737af Bumped up the version
  • 8bb9fe0 Fixed the inconsistent exception on sending to a closed TCP stream (#980)
  • 9637093 [pre-commit.ci] pre-commit autoupdate (#981)
  • f1bc6ee Fixed changelog entry formatting
  • 0b58964 Mentioned the sub-interpreter support in the README
  • 1ed112c Ensure same port is used for IPv4/IPv6 when creating TCP listener with local_...
  • aceeee0 Re-enabled coverage reporting on macOS
  • 6b890dc Reworded a changelog entry and added PR links to others
  • 944257d Updated pre-commit modules
  • 087975f Fixed a documentation style (#976)
  • Additional commits viewable in compare view

Updates pydantic from 1.10.23 to 2.11.9

Release notes

Sourced from pydantic's releases.

v2.11.9 2025-09-13

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.11.8...v2.11.9

v2.11.8 2025-09-13

v2.11.8 (2025-09-13)

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.11.7...v2.11.8

v2.11.7 2025-06-14

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.11.6...v2.11.7

v2.11.6 2025-06-13

v2.11.6 (2025-06-13)

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.11.5...v2.11.6

v2.11.5 2025-05-22

What's Changed

Fixes

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.11.9 (2025-09-13)

GitHub release

What's Changed

Fixes

v2.11.8 (2025-09-13)

GitHub release

What's Changed

Fixes

v2.11.7 (2025-06-14)

GitHub release

What's Changed

Fixes

  • Copy FieldInfo instance if necessary during FieldInfo build by @​Viicos in #11898

v2.11.6 (2025-06-13)

GitHub release

What's Changed

Fixes

v2.11.5 (2025-05-22)

GitHub release

What's Changed

Fixes

  • Check if FieldInfo is complete after applying type variable map by @​Viicos in #11855

... (truncated)

Commits
  • 9231095 Prepare release v2.11.9
  • f003a89 Backport v1.10.23 changes
  • 96b81dd Prepare release v2.11.8
  • 966f377 Fix mypy v2 plugin for upcoming 1.18 mypy release
  • 5f033e4 Prepare release v2.11.7
  • c3368b8 Copy FieldInfo instance if necessary during FieldInfo build (#11980)
  • 3987b23 Prepare release v2.11.6
  • dc7a9d2 Always store the original field assignment on FieldInfo
  • c284c27 Rebuild dataclass fields before schema generation
  • 5e6d1dc Prepare release v2.11.5
  • Additional commits viewable in compare view

Updates pyyaml from 6.0.2 to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

  • Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

  • yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)
Commits

Updates ruff from 0.13.1 to 0.13.2

Release notes

Sourced from ruff's releases.

0.13.2

Release Notes

Released on 2025-09-25.

Preview features

  • [flake8-async] Implement blocking-path-method (ASYNC240) (#20264)
  • [flake8-bugbear] Implement map-without-explicit-strict (B912) (#20429)
  • [flake8-bultins] Detect class-scope builtin shadowing in decorators, default args, and attribute initializers (A003) (#20178)
  • [ruff] Implement logging-eager-conversion (RUF065) (#19942)
  • Include .pyw files by default when linting and formatting (#20458)

Bug fixes

  • Deduplicate input paths (#20105)
  • [flake8-comprehensions] Preserve trailing commas for single-element lists (C409) (#19571)
  • [flake8-pyi] Avoid syntax error from conflict with PIE790 (PYI021) (#20010)
  • [flake8-simplify] Correct fix for positive maxsplit without separator (SIM905) (#20056)
  • [pyupgrade] Fix UP008 not to apply when __class__ is a local variable (#20497)
  • [ruff] Fix B004 to skip invalid hasattr/getattr calls (#20486)
  • [ruff] Replace -nan with nan when using the value to construct a Decimal (FURB164 ) (#20391)

Documentation

  • Add 'Finding ways to help' to CONTRIBUTING.md (#20567)
  • Update import path to ruff-wasm-web (#20539)
  • [flake8-bandit] Clarify the supported hashing functions (S324) (#20534)

Other changes

  • [playground] Allow hover quick fixes to appear for overlapping diagnostics (#20527)
  • [playground] Fix non‑BMP code point handling in quick fixes and markers (#20526)

Contributors

Install ruff 0.13.2

... (truncated)

Changelog

Sourced from ruff's changelog.

0.13.2

Released on 2025-09-25.

Preview features

  • [flake8-async] Implement blocking-path-method (ASYNC240) (#20264)
  • [flake8-bugbear] Implement map-without-explicit-strict (B912) (#20429)
  • [flake8-bultins] Detect class-scope builtin shadowing in decorators, default args, and attribute initializers (A003) (#20178)
  • [ruff] Implement logging-eager-conversion (RUF065) (#19942)
  • Include .pyw files by default when linting and formatting (#20458)

Bug fixes

  • Deduplicate input paths (#20105)
  • [flake8-comprehensions] Preserve trailing commas for single-element lists (C409) (#19571)
  • [flake8-pyi] Avoid syntax error from conflict with PIE790 (PYI021) (#20010)
  • [flake8-simplify] Correct fix for positive maxsplit without separator (SIM905) (#20056)
  • [pyupgrade] Fix UP008 not to apply when __class__ is a local variable (#20497)
  • [ruff] Fix B004 to skip invalid hasattr/getattr calls (#20486)
  • [ruff] Replace -nan with nan when using the value to construct a Decimal (FURB164 ) (#20391)

Documentation

  • Add 'Finding ways to help' to CONTRIBUTING.md (#20567)
  • Update import path to ruff-wasm-web (#20539)
  • [flake8-bandit] Clarify the supported hashing functions (S324) (#20534)

Other changes

  • [playground] Allow hover quick fixes to appear for overlapping diagnostics (#20527)
  • [playground] Fix non‑BMP code point handling in quick fixes and markers (#20526)

Contributors

Commits
  • b0bdf03 Bump 0.13.2 (#20576)
  • 7331d39 Update rooster to 0.1.0 (#20575)
  • 529e5fa [ty] Ecosystem analyzer: timing report (#20571)
  • efbb80f [ty] Remove hack in protocol satisfiability check (#20568)
  • 9f3cffc Add 'Finding ways to help' to CONTRIBUTING.md (#20567)
  • 21be94a [ty] Explicitly test assignability/subtyping between unions of nominal types ...
  • b7d5dc9 [ty] Add tests for interactions of @classmethod, @staticmethod, and proto...
  • e1bb74b [ty] Match variadic argument to variadic parameter (#20511)
  • edeb458 [ty] fallback to resolve_real_module in file_to_module (#20461)
  • bea92c8 [ty] More precise type inference for dictionary literals (#20523)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the python-packages group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [fastapi](https://github.com/fastapi/fastapi) | `0.117.1` | `0.118.0` |
| [uvicorn](https://github.com/Kludex/uvicorn) | `0.36.0` | `0.37.0` |
| [anyio](https://github.com/agronholm/anyio) | `4.10.0` | `4.11.0` |
| [pydantic](https://github.com/pydantic/pydantic) | `1.10.23` | `2.11.9` |
| [pyyaml](https://github.com/yaml/pyyaml) | `6.0.2` | `6.0.3` |
| [ruff](https://github.com/astral-sh/ruff) | `0.13.1` | `0.13.2` |


Updates `fastapi` from 0.117.1 to 0.118.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.117.1...0.118.0)

Updates `uvicorn` from 0.36.0 to 0.37.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.36.0...0.37.0)

Updates `anyio` from 4.10.0 to 4.11.0
- [Release notes](https://github.com/agronholm/anyio/releases)
- [Changelog](https://github.com/agronholm/anyio/blob/master/docs/versionhistory.rst)
- [Commits](agronholm/anyio@4.10.0...4.11.0)

Updates `pydantic` from 1.10.23 to 2.11.9
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/v2.11.9/HISTORY.md)
- [Commits](pydantic/pydantic@v1.10.23...v2.11.9)

Updates `pyyaml` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/yaml/pyyaml/releases)
- [Changelog](https://github.com/yaml/pyyaml/blob/6.0.3/CHANGES)
- [Commits](yaml/pyyaml@6.0.2...6.0.3)

Updates `ruff` from 0.13.1 to 0.13.2
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.13.1...0.13.2)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.118.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: uvicorn
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: anyio
  dependency-version: 4.11.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: pydantic
  dependency-version: 2.11.9
  dependency-type: indirect
  update-type: version-update:semver-major
  dependency-group: python-packages
- dependency-name: pyyaml
  dependency-version: 6.0.3
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: ruff
  dependency-version: 0.13.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Sep 29, 2025
@dependabot dependabot Bot requested review from a team as code owners September 29, 2025 04:27
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Sep 29, 2025
@greenbonebot greenbonebot enabled auto-merge (rebase) September 29, 2025 04:27
@greenbonebot greenbonebot merged commit c9e91b9 into main Sep 29, 2025
8 of 11 checks passed
@greenbonebot greenbonebot deleted the dependabot/pip/python-packages-1aa558316c branch September 29, 2025 05:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants