Skip to content

Bump the python-packages group with 11 updates #340

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MTSOnGithub merged 1 commit into from
Nov 10, 2025
Merged

Bump the python-packages group with 11 updates #340

MTSOnGithub merged 1 commit into from
Nov 10, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 10, 2025

Bumps the python-packages group with 11 updates:

Package From To
pydantic 2.12.3 2.12.4
pydantic-settings 2.11.0 2.12.0
fastapi 0.119.1 0.121.1
starlette 0.48.0 0.50.0
uvicorn 0.37.0 0.38.0
pytest 8.4.2 9.0.0
pytest-asyncio 1.2.0 1.3.0
pytest-deadfixtures 2.2.1 3.0.0
coverage 7.11.0 7.11.3
pre-commit 4.3.0 4.4.0
types-python-dateutil 2.9.0.20251008 2.9.0.20251108

Updates pydantic from 2.12.3 to 2.12.4

Release notes

Sourced from pydantic's releases.

v2.12.4 2025-11-05

v2.12.4 (2025-11-05)

This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.

This patch release also fixes an issue with the serialization of IP address types, when serialize_as_any is used. The next patch release will try to address the remaining issues with serialize as any behavior by introducing a new polymorphic serialization feature, that should be used in most cases in place of serialize as any.

Full Changelog: pydantic/pydantic@v2.12.3...v2.12.4

Changelog

Sourced from pydantic's changelog.

v2.12.4 (2025-11-05)

GitHub release

This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.

This patch release also fixes an issue with the serialization of IP address types, when serialize_as_any is used. The next patch release will try to address the remaining issues with serialize as any behavior by introducing a new polymorphic serialization feature, that should be used in most cases in place of serialize as any.

Commits
  • 5c842df Prepare release v2.12.4
  • c678a71 Bump pydantic-core to v2.41.5
  • a7cd292 Bump cloudpickle to v3.1.2
  • 21f6278 Bump actions/setup-node from 5 to 6
  • 8d6be8f Bump astral-sh/setup-uv from 6 to 7
  • 17865ea Bump actions/upload-artifact from 4 to 5
  • 90ad0af Bump actions/download-artifact from 5 to 6
  • 18e6672 Drop testing under PyPy 3.9
  • 650215b Document workaround for MongoDsn default port
  • e326790 Fix example of for bytes_invalid_encoding validation error
  • Additional commits viewable in compare view

Updates pydantic-settings from 2.11.0 to 2.12.0

Release notes

Sourced from pydantic-settings's releases.

v2.12.0

What's Changed

New Contributors

Full Changelog: pydantic/pydantic-settings@v2.11.0...v2.12.0

Commits

Updates fastapi from 0.119.1 to 0.121.1

Release notes

Sourced from fastapi's releases.

0.121.1

Fixes

  • 🐛 Fix Depends(func, scope='function') for top level (parameterless) dependencies. PR #14301 by @​luzzodev.

Docs

  • 📝 Upate docs for advanced dependencies with yield, noting the changes in 0.121.0, adding scope. PR #14287 by @​tiangolo.

Internal

0.121.0

Features

Internal

0.120.4

Fixes

  • 🐛 Fix security schemes in OpenAPI when added at the top level app. PR #14266 by @​YuriiMotov.

0.120.3

Refactors

  • ♻️ Reduce internal cyclic recursion in dependencies, from 2 functions calling each other to 1 calling itself. PR #14256 by @​tiangolo.
  • ♻️ Refactor internals of dependencies, simplify code and remove get_param_sub_dependant. PR #14255 by @​tiangolo.
  • ♻️ Refactor internals of dependencies, simplify using dataclasses. PR #14254 by @​tiangolo.

Docs

0.120.2

Fixes

  • 🐛 Fix separation of schemas with nested models introduced in 0.119.0. PR #14246 by @​tiangolo.

Internal

... (truncated)

Commits
  • 1c7e254 🔖 Release version 0.121.1
  • 9e54399 📝 Update release notes
  • 282f372 🐛 Fix Depends(func, scope='function') for top level (parameterless) depende...
  • 972a967 📝 Update release notes
  • 4170f62 📝 Update release notes
  • 67c8dfa ⬆ Bump ruff from 0.13.2 to 0.14.3 (#14276)
  • 34db1e2 ⬆ [pre-commit.ci] pre-commit autoupdate (#14289)
  • b787103 📝 Update release notes
  • 289b4aa 📝 Upate docs for advanced dependencies with yield, noting the changes in 0....
  • 4efae81 🔖 Release version 0.121.0
  • Additional commits viewable in compare view

Updates starlette from 0.48.0 to 0.50.0

Release notes

Sourced from starlette's releases.

Version 0.50.0

Removed

  • Drop Python 3.9 support #3061.

Full Changelog: Kludex/starlette@0.49.3...0.50.0

Version 0.49.3

Fixed

  • Relax strictness on Middleware type #3059.

Full Changelog: Kludex/starlette@0.49.2...0.49.3

Version 0.49.2

Fixed

  • Ignore if-modified-since header if if-none-match is present in StaticFiles #3044.

Full Changelog: Kludex/starlette@0.49.1...0.49.2

Version 0.49.1

This release fixes a security vulnerability in the parsing logic of the Range header in FileResponse.

You can view the full security advisory: GHSA-7f5h-v6xp-fcq8

Fixed

Full Changelog: Kludex/starlette@0.49.0...0.49.1

Version 0.49.0

Added

  • Add encoding parameter to Config class #2996.
  • Support multiple cookie headers in Request.cookies #3029.
  • Use Literal type for WebSocketEndpoint encoding values #3027.

Changed

  • Do not pollute exception context in Middleware when using BaseHTTPMiddleware #2976.

... (truncated)

Changelog

Sourced from starlette's changelog.

0.50.0 (November 1, 2025)

  • Drop Python 3.9 support #3061.

0.49.3 (November 1, 2025)

This is the last release that supports Python 3.9, which will be dropped in the next minor release.

Fixed

  • Relax strictness on Middleware type #3059.

0.49.2 (November 1, 2025)

Fixed

  • Ignore if-modified-since header if if-none-match is present in StaticFiles #3044.

0.49.1 (October 28, 2025)

This release fixes a security vulnerability in the parsing logic of the Range header in FileResponse.

You can view the full security advisory: GHSA-7f5h-v6xp-fcq8

Fixed

0.49.0 (October 28, 2025)

Added

  • Add encoding parameter to Config class #2996.
  • Support multiple cookie headers in Request.cookies #3029.
  • Use Literal type for WebSocketEndpoint encoding values #3027.

Changed

  • Do not pollute exception context in Middleware when using BaseHTTPMiddleware #2976.
Commits

Updates uvicorn from 0.37.0 to 0.38.0

Release notes

Sourced from uvicorn's releases.

Version 0.38.0

What's Changed

New Contributors

Full Changelog: Kludex/uvicorn@0.37.0...0.38.0

Changelog

Sourced from uvicorn's changelog.

0.38.0 (October 18, 2025)

Added

  • Support Python 3.14 (#2723)
Commits

Updates pytest from 8.4.2 to 9.0.0

Release notes

Sourced from pytest's releases.

9.0.0

pytest 9.0.0 (2025-11-05)

New features

  • #1367: Support for subtests has been added.

    subtests <subtests> are an alternative to parametrization, useful in situations where the parametrization values are not all known at collection time.

    Example:

    def contains_docstring(p: Path) -> bool:
    """Return True if the given Python file contains a top-level docstring."""
    ...
def test_py_files_contain_docstring(subtests: pytest.Subtests) -> None:
for path in Path.cwd().glob("*.py"):
with subtests.test(path=str(path)):
assert contains_docstring(path)

    Each assert failure or error is caught by the context manager and reported individually, giving a clear picture of all files that are missing a docstring.

    In addition, unittest.TestCase.subTest is now also supported.

    This feature was originally implemented as a separate plugin in pytest-subtests, but since then has been merged into the core.

    [!NOTE] This feature is experimental and will likely evolve in future releases. By that we mean that we might change how subtests are reported on failure, but the functionality and how to use it are stable.

  • #13743: Added support for native TOML configuration files.

    While pytest, since version 6, supports configuration in pyproject.toml files under [tool.pytest.ini_options], it does so in an "INI compatibility mode", where all configuration values are treated as strings or list of strings. Now, pytest supports the native TOML data model.

    In pyproject.toml, the native TOML configuration is under the [tool.pytest] table.

    # pyproject.toml
[tool.pytest]
minversion = "9.0"
addopts = ["-ra", "-q"]
testpaths = [
    "tests",
    "integration",
]

... (truncated)

Commits
  • f4b0fd2 Prepare release version 9.0.0
  • 52d8e68 Merge pull request #13889 from bluetech/regendoc-restore
  • d6d3e4a doc: fixes for regendoc
  • 7cb3974 doc: restore missing "# content of pytest.toml" regendoc commands
  • 5ae9e47 build(deps): Bump django in /testing/plugins_integration (#13881)
  • adb3658 Merge pull request #13864 from bluetech/config-cleanups-2
  • a28c08e Merge pull request #13875 from bluetech/ci-tweaks
  • a250954 ci: split publish-to-pypi and push-tag jobs
  • ebc152f ci: update setup python's from 3.11 or 3.* to 3.13
  • dfd796f ci: move running update-plugin-list script to tox
  • Additional commits viewable in compare view

Updates pytest-asyncio from 1.2.0 to 1.3.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio 1.3.0

1.3.0 - 2025-11-10

Removed

  • Support for Python 3.9 (#1278)

Added

  • Support for pytest 9 (#1279)

Notes for Downstream Packagers

  • Tested Python versions include free threaded Python 3.14t (#1274)
  • Tests are run in the same pytest process, instead of spawning a subprocess with pytest.Pytester.runpytest_subprocess. This prevents the test suite from accidentally using a system installation of pytest-asyncio, which could result in test errors. (#1275)
Commits
  • 2e9695f docs: Compile changelog for v1.3.0
  • dd0e9ba docs: Reference correct issue in news fragment.
  • 4c31abe Build(deps): Bump nh3 from 0.3.1 to 0.3.2
  • 13e9477 Link to migration guides from changelog
  • 4d2cf3c tests: handle Python 3.14 DefaultEventLoopPolicy deprecation warnings
  • ee3549b test: Remove obsolete test for the event_loop fixture.
  • 7a67c82 tests: Fix failing test by preventing warning conversion to error.
  • a17b689 test: add pytest config to isolated test directories
  • 18afc9d fix(tests): replace runpytest_subprocess with runpytest
  • cdc6bd1 Add support for pytest 9 and drop Python 3.9 support
  • Additional commits viewable in compare view

Updates pytest-deadfixtures from 2.2.1 to 3.0.0

Release notes

Sourced from pytest-deadfixtures's releases.

3.0.0

What's Changed

New Contributors

Full Changelog: jllorencetti/pytest-deadfixtures@2.2.1...3.0.0

Changelog

Sourced from pytest-deadfixtures's changelog.

3.0.0


* Drop support for Python 3.5
* Add support for Python 3.8 and 3.9
Commits
  • 7eae1ae Fixes code format
  • e6dbe8e add unused fixtures count
  • 28605dc Run tests on supported Python versions
  • bdae857 Bump actions/checkout from 4 to 5
  • f5e6c4a Bump actions/setup-python from 5 to 6
  • 5abe1f1 add support 3.12 and 3.13 python, min python set 3.8
  • ff9bf35 add support 3.12 and 3.13 python, min python set 3.8
  • 6c2d683 Bump codecov/codecov-action from 4 to 5
  • dfb1119 Bump actions/setup-python from 4 to 5
  • 1fa67dd Bump codecov/codecov-action from 3 to 4
  • Additional commits viewable in compare view

Updates coverage from 7.11.0 to 7.11.3

Changelog

Sourced from coverage's changelog.

Version 7.11.3 — 2025-11-09

  • Fix: the 7.11.1 changes meant that conflicts between a requested measurement core and other settings would raise an error. This was a breaking change from previous behavior, as reported in issue 2076_ and issue 2078_.

    The previous behavior has been restored: when the requested core conflicts with other settings, another core is used instead, and a warning is issued.

  • For contributors: the repo has moved from Ned's nedbat GitHub account_ to the coveragepy GitHub organization_. The default branch has changed from master to main.

.. _issue 2076: coveragepy/coveragepy#2076 .. _issue 2078: coveragepy/coveragepy#2078 .. _nedbat GitHub account: https://github.com/nedbat .. _coveragepy GitHub organization: https://github.com/coveragepy

.. _changes_7-11-2:

Version 7.11.2 — 2025-11-08

  • Fix: using the "sysmon" measurement core in 7.11.1, if Python code was claimed to come from a non-Python file, a NotPython exception could be raised. This could happen for example with Jinja templates compiled to Python, as reported in issue 2077_. This is now fixed.

  • Doc: corrected the first entry in the 7.11.1 changelog.

.. _issue 2077: coveragepy/coveragepy#2077

.. _changes_7-11-1:

Version 7.11.1 — 2025-11-07

  • Fix: some chanages to details of how the measurement core is chosen, and how conflicting settings are handled. The "sysmon" core cannot be used with some conurrency settings, with dynamic context, and in Python 3.12/3.13, with branch measurement.

    • If the core is not specified and defaults to "sysmon" (Python 3.14+), but other settings conflict with sysmon, then the "ctrace" core will be used instead with no warning. For concurrency conflicts, this used to produce an error, as described in issue 2064_.

... (truncated)

Commits
  • 8bb1230 docs: remove duplicate entry in the changelog
  • 06c493c docs: sample HTML for 7.11.3
  • 0823a70 docs: prep for 7.11.3
  • 8434792 fix: sysmon conflicts no longer cause errors
  • 1f21184 chore: bump docker/setup-qemu-action in the action-dependencies group (#2080)
  • bd61620 docs: django_coverage_plugin moved
  • 1bd73f1 build: nedbat/coverage-reports moved to coveragepy/metacov-reports
  • b54131f docs: moved to coveragepy, master->main
  • f2d740f build: change more github urls to the coveragepy org
  • 776f313 docs: issue and pr references moved to coveragepy org
  • Additional commits viewable in compare view

Updates pre-commit from 4.3.0 to 4.4.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.4.0

Features

Fixes

Changelog

Sourced from pre-commit's changelog.

4.4.0 - 2025-11-08

Features

Fixes

Commits
  • 17cf886 v4.4.0
  • cb63a5c Merge pull request #3535 from br-rhrbacek/fix-cgroups
  • f80801d Fix docker-in-docker detection for cgroups v2
  • 9143fc3 Merge pull request #3577 from pre-commit/language-unsupported
  • 725acc9 rename system and script languages to unsupported / unsupported_script
  • 3815e2e Merge pull request #3576 from pre-commit/fix-stages-config-error
  • aa2961c fix missing context in error for stages
  • 46297f7 Merge pull request #3575 from pre-commit/rm-python3-hooks-repo
  • 95eec75 rm python3_hooks_repo
  • 5e4b354 Merge pull request #3574 from pre-commit/rm-hook-with-spaces-test
  • Additional commits viewable in compare view

Updates types-python-dateutil from 2.9.0.20251008 to 2.9.0.20251108

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the python-packages group with 11 updates
253a682 
Bumps the python-packages group with 11 updates:

| Package | From | To |
| --- | --- | --- |
| [pydantic](https://github.com/pydantic/pydantic) | `2.12.3` | `2.12.4` |
| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.11.0` | `2.12.0` |
| [fastapi](https://github.com/fastapi/fastapi) | `0.119.1` | `0.121.1` |
| [starlette](https://github.com/Kludex/starlette) | `0.48.0` | `0.50.0` |
| [uvicorn](https://github.com/Kludex/uvicorn) | `0.37.0` | `0.38.0` |
| [pytest](https://github.com/pytest-dev/pytest) | `8.4.2` | `9.0.0` |
| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `1.2.0` | `1.3.0` |
| [pytest-deadfixtures](https://github.com/jllorencetti/pytest-deadfixtures) | `2.2.1` | `3.0.0` |
| [coverage](https://github.com/coveragepy/coveragepy) | `7.11.0` | `7.11.3` |
| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.3.0` | `4.4.0` |
| [types-python-dateutil](https://github.com/typeshed-internal/stub_uploader) | `2.9.0.20251008` | `2.9.0.20251108` |


Updates `pydantic` from 2.12.3 to 2.12.4
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/v2.12.4/HISTORY.md)
- [Commits](pydantic/pydantic@v2.12.3...v2.12.4)

Updates `pydantic-settings` from 2.11.0 to 2.12.0
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@v2.11.0...v2.12.0)

Updates `fastapi` from 0.119.1 to 0.121.1
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.119.1...0.121.1)

Updates `starlette` from 0.48.0 to 0.50.0
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@0.48.0...0.50.0)

Updates `uvicorn` from 0.37.0 to 0.38.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.37.0...0.38.0)

Updates `pytest` from 8.4.2 to 9.0.0
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@8.4.2...9.0.0)

Updates `pytest-asyncio` from 1.2.0 to 1.3.0
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](pytest-dev/pytest-asyncio@v1.2.0...v1.3.0)

Updates `pytest-deadfixtures` from 2.2.1 to 3.0.0
- [Release notes](https://github.com/jllorencetti/pytest-deadfixtures/releases)
- [Changelog](https://github.com/jllorencetti/pytest-deadfixtures/blob/main/CHANGES.rst)
- [Commits](jllorencetti/pytest-deadfixtures@2.2.1...3.0.0)

Updates `coverage` from 7.11.0 to 7.11.3
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.11.0...7.11.3)

Updates `pre-commit` from 4.3.0 to 4.4.0
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md)
- [Commits](pre-commit/pre-commit@v4.3.0...v4.4.0)

Updates `types-python-dateutil` from 2.9.0.20251008 to 2.9.0.20251108
- [Commits](https://github.com/typeshed-internal/stub_uploader/commits)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-version: 2.12.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: pydantic-settings
  dependency-version: 2.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: fastapi
  dependency-version: 0.121.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: starlette
  dependency-version: 0.50.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: uvicorn
  dependency-version: 0.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: pytest
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-packages
- dependency-name: pytest-asyncio
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: pytest-deadfixtures
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-packages
- dependency-name: coverage
  dependency-version: 7.11.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: pre-commit
  dependency-version: 4.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: types-python-dateutil
  dependency-version: 2.9.0.20251108
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the type:dependency Dependency-related changes label Nov 10, 2025
@MTSOnGithub MTSOnGithub enabled auto-merge (rebase) November 10, 2025 19:33
@github-actions
Copy link

github-actions bot commented Nov 10, 2025

Coverage

Coverage Report •
FileStmtsMissCoverMissing
TOTAL705039794% 
report-only-changed-files is enabled. No files were changed during this commit :)

@MTSOnGithub MTSOnGithub merged commit ee39623 into develop Nov 10, 2025
11 checks passed
@MTSOnGithub MTSOnGithub deleted the dependabot/uv/python-packages-7ee39ea0ed branch November 10, 2025 19:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MTSOnGithub MTSOnGithub MTSOnGithub approved these changes

Assignees

No one assigned

Labels

type:dependency Dependency-related changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MTSOnGithub