Bump the python-packages group with 5 updates

[dependabot]

Bumps the python-packages group with 5 updates:

Package	From	To
pydantic	2.12.4	2.12.5
fastapi	0.121.3	0.123.0
asyncpg	0.30.0	0.31.0
mypy	1.18.2	1.19.0
sphinx	8.2.3	9.0.1

Updates pydantic from 2.12.4 to 2.12.5

Release notes

Sourced from pydantic's releases.

v2.12.5 2025-11-26

v2.12.5 (2025-11-26)

This is the fifth 2.12 patch release, addressing an issue with the MISSING sentinel and providing several documentation improvements.

The next 2.13 minor release will be published in a couple weeks, and will include a new polymorphic serialization feature addressing the remaining unexpected changes to the serialize as any behavior.

• Fix pickle error when using model_construct() on a model with MISSING as a default value by @​ornariece in #12522.
• Several updates to the documentation by @​Viicos.

Full Changelog: pydantic/pydantic@v2.12.4...v2.12.5

Changelog

Sourced from pydantic's changelog.

v2.12.5 (2025-11-26)

GitHub release

This is the fifth 2.12 patch release, addressing an issue with the MISSING sentinel and providing several documentation improvements.

The next 2.13 minor release will be published in a couple weeks, and will include a new polymorphic serialization feature addressing the remaining unexpected changes to the serialize as any behavior.

• Fix pickle error when using model_construct() on a model with MISSING as a default value by @​ornariece in #12522.
• Several updates to the documentation by @​Viicos.

Commits

• bd2d0dd Prepare release v2.12.5
• 7d0302e Document security implications when using create_model()
• e9ef980 Fix typo in Standard Library Types documentation
• f2c20c0 Add pydantic-docs dev dependency, make use of versioning blocks
• a76c1aa Update documentation about JSON Schema
• 8cbc72c Add documentation about custom __init__()
• 99eba59 Add additional test for FieldInfo.get_default()
• c710769 Special case MISSING sentinel in smart_deepcopy()
• 20a9d77 Do not delete mock validator/serializer in rebuild_dataclass()
• c86515a Update parts of the model and revalidate_instances documentation
• See full diff in compare view

Updates fastapi from 0.121.3 to 0.123.0

Release notes

Sourced from fastapi's releases.

0.123.0

Fixes

• 🐛 Cache dependencies that don't use scopes and don't have sub-dependencies with scopes. PR #14419 by @​tiangolo.

0.122.1

Fixes

• 🐛 Fix hierarchical security scope propagation. PR #5624 by @​kristjanvalur.

Docs

• 💅 Update CSS to explicitly use emoji font. PR #14415 by @​tiangolo.

Internal

• ⬆ Bump markdown-include-variants from 0.0.5 to 0.0.6. PR #14418 by @​YuriiMotov.

0.122.0

Fixes

• 🐛 Use 401 status code in security classes when credentials are missing. PR #13786 by @​YuriiMotov.
  • If your code depended on these classes raising the old (less correct) 403 status code, check the new docs about how to override the classes, to use the same old behavior: Use Old 403 Authentication Error Status Codes.

Internal

• 🔧 Configure labeler to exclude files that start from underscore for lang-all label. PR #14213 by @​YuriiMotov.
• 👷 Add pre-commit config with local script for permalinks. PR #14398 by @​tiangolo.
• 💄 Use font Fira Code to fix display of Rich panels in docs in Windows. PR #14387 by @​tiangolo.
• 👷 Add custom pre-commit CI. PR #14397 by @​tiangolo.
• ⬆ Bump actions/checkout from 5 to 6. PR #14381 by @​dependabot[bot].
• 👷 Upgrade latest-changes GitHub Action and pin actions/checkout@v5. PR #14403 by @​svlandeg.
• 🛠️ Add add-permalinks and add-permalinks-page to scripts/docs.py. PR #14033 by @​YuriiMotov.
• 🔧 Upgrade Material for MkDocs and remove insiders. PR #14375 by @​tiangolo.

Commits

• f2bab95 🔖 Release version 0.123.0
• c38e3e0 📝 Update release notes
• 7fbd304 🐛 Cache dependencies that don't use scopes and don't have sub-dependencies wi...
• 63d7a2b 🔖 Release version 0.122.1
• 7681f29 📝 Update release notes
• 378ad68 🐛 Fix hierarchical security scope propagation (#5624)
• c6487ed 📝 Update release notes
• 62a6974 ⬆ Bump markdown-include-variants from 0.0.5 to 0.0.6 (#14418)
• 9982882 📝 Update release notes
• 8ab7167 💅 Update CSS to explicitly use emoji font (#14415)
• Additional commits viewable in compare view

Updates asyncpg from 0.30.0 to 0.31.0

Release notes

Sourced from asyncpg's releases.

v0.31.0

Enable Python 3.14 with experimental subinterpreter/freethreading support.

Improvements

• Add Python 3.14 support, experimental subinterpreter/freethreading support (#1279) (by @​elprans in 9e42642b)

• Avoid performing type introspection on known types (#1243) (by @​elprans in 5c9986c4)

• Make prepare() not use named statements by default when cache is disabled (#1245) (by @​elprans in 5b14653e)

• Implement connection service file functionality (#1223) (by @​AndrewJackson2020 in 1d63bb15)

Fixes

• Fix multi port connection string issue (#1222) (by @​AndrewJackson2020 in 01c0db7b)

• Avoid leaking connections if _can_use_connection fails (#1269) (by @​yuliy-openai in e94302d2)

Other

• Drop support for EOL Python 3.8 (#1281) (by @​elprans in 6c2c4904)

Commits

• 71775a6 asyncpg v0.31.0
• 508cae6 Test on PostgreSQL 18 (#1290)
• e534e5f Bump cibuildwheel
• 07fe512 Bump pgproto
• 648b35f Bump Cython to 3.2.1 (#1288)
• 9e42642 Add Python 3.14 support, experimental subinterpreter/freethreading support (#...
• 6fe1c49 Move development deps away from extras and into dependency groups (#1280)
• 7a54816 Fix a couple of missed Python version guards
• 6c2c490 Drop support for EOL Python 3.8 (#1281)
• 4c60ae8 Bump version to 0.31.0.dev0
• Additional commits viewable in compare view

Updates mypy from 1.18.2 to 1.19.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Drop Support for Python 3.9

Mypy no longer supports running with Python 3.9, which has reached end-of-life. When running mypy with Python 3.10+, it is still possible to type check code that needs to support Python 3.9 with the --python-version 3.9 argument. Support for this will be dropped in the first half of 2026!

Contributed by Marc Mueller (PR 20156).

Mypy 1.19

We’ve just uploaded mypy 1.19.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Python 3.9 Support Ending Soon

This is the last mypy feature release that supports Python 3.9, which reached end of life in October 2025.

Performance Improvements

• Switch to a more dynamic SCC processing logic (Ivan Levkivskyi, PR 20053)
• Speed up type aliases (Ivan Levkivskyi, PR 19810)

Fixed‑Format Cache Improvements

Mypy uses a cache by default to speed up incremental runs by reusing partial results from earlier runs. Mypy 1.18 added a new binary fixed-format cache representation as an experimental feature. The feature is no longer experimental, and we are planning to enable it by default in a future mypy release (possibly 1.20), since it's faster and uses less space than the original, JSON-based cache format. Use --fixed-format-cache to enable the fixed-format cache.

Mypy now has an extra dependency on the librt PyPI package, as it's needed for cache serialization and deserialization.

Mypy ships with a tool to convert fixed-format cache files to the old JSON format. Example of how to use this:

$ python -m mypy.exportjson .mypy_cache/.../my_module.data.ff

... (truncated)

Commits

• 0f068c9 Remove +dev
• 6d5cf52 Various updates to 1.19 changelog (#20304)
• 3c81308 Add draft version of 1.19 release notes (#20296)
• 1999a20 [mypyc] librt base64: use existing SIMD CPU dispatch by customizing build fla...
• 1b94fbb [mypyc] Fix vtable pointer with inherited dunder new (#20302)
• 13369cb [mypyc] Fix crash on super in generator (#20291)
• a087a58 Update import map when new modules added (#20271)
• 35e843c [mypyc] Add efficient librt.base64.b64decode (#20263)
• 094f66d [mypyc] Add repr to AssignmentTarget subclasses (#20258)
• 0738db3 Do not push partial types to the binder (#20202)
• Additional commits viewable in compare view

Updates sphinx from 8.2.3 to 9.0.1

Release notes

Sourced from sphinx's releases.

Sphinx 9.0.1

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Bugs fixed

• #13942: autodoc: Restore the mapping interface for options objects. Patch by Adam Turner.
• #13942: autodoc: Deprecate the mapping interface for options objects. Patch by Adam Turner.
• #13387: Update translations.

Sphinx 9.0.0

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Dependencies

• #13786: Support Docutils 0.22. Patch by Adam Turner.

Incompatible changes

• #13639: SphinxComponentRegistry.create_source_parser no longer has an app parameter, instead taking config and env. Patch by Adam Turner.
• #13679: Non-decodable characters in source files now raise an error. Such bytes have been replaced with '?' along with logging a warning since Sphinx 2.0. Patch by Adam Turner.
• #13751, #14089: sphinx.ext.autodoc has been substantially rewritten, and there may be some incompatible changes in edge cases, especially when extensions interact with autodoc internals. The autodoc_use_legacy_class_based option has been added to use the legacy (pre-9.0) implementation of autodoc. Patches by Adam Turner.
• #13355: Don't include escaped title content in the search index. Patch by Will Lachance.

Deprecated

• 13627: Deprecate remaining public app attributes, including builder.app, env.app, events.app, and SphinxTransform.app. Patch by Adam Turner.
• #13637: Deprecate the set_application method of Parser objects. Patch by Adam Turner.

... (truncated)

Changelog

Sourced from sphinx's changelog.

Release 9.0.1 (released Dec 01, 2025)

Bugs fixed

• #13942: autodoc: Restore the mapping interface for options objects. Patch by Adam Turner.
• #13942: autodoc: Deprecate the mapping interface for options objects. Patch by Adam Turner.
• #13387: Update translations.

Release 9.0.0 (released Nov 30, 2025)

Dependencies

• #13786: Support Docutils 0.22_. Patch by Adam Turner.

  .. _Docutils 0.22: https://docutils.sourceforge.io/RELEASE-NOTES.html#release-0-22-2026-07-29

Incompatible changes

• #13639: :py:meth:!SphinxComponentRegistry.create_source_parser no longer has an app parameter, instead taking config and env. Patch by Adam Turner.
• #13679: Non-decodable characters in source files now raise an error. Such bytes have been replaced with '?' along with logging a warning since Sphinx 2.0. Patch by Adam Turner.
• #13751, #14089: :mod:sphinx.ext.autodoc has been substantially rewritten, and there may be some incompatible changes in edge cases, especially when extensions interact with autodoc internals. The :confval:autodoc_use_legacy_class_based option has been added to use the legacy (pre-9.0) implementation of autodoc. Patches by Adam Turner.
• #13355: Don't include escaped title content in the search index. Patch by Will Lachance.

Deprecated

• 13627: Deprecate remaining public :py:attr:!.app attributes, including builder.app, env.app, events.app, and SphinxTransform.app. Patch by Adam Turner.
• #13637: Deprecate the :py:meth:!set_application method of :py:class:~sphinx.parsers.Parser objects.

... (truncated)

Commits

• a837378 Bump to 9.0.1 final
• 48840e6 Note updated message catalogues in CHANGES
• 5931339 [bot]: Update message catalogues (#13387)
• baffcf0 autodoc: Deprecate mapping interface for options (#14140)
• 61f9b70 Bump mypy to 1.19.0 (#14135)
• ded587e Shrink mypy whitelist for tests.test_directives.test_directive_patch (#14...
• a03556f Shrink mypy whitelist for tests.test_builders.test_build_latex (#14138)
• 0204145 linkcheck: Reduce test duration on Windows (#14133)
• 4e902a4 Bump Ruff to 0.14.7 (#14134)
• 9a11033 Bump version
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Coverage Report •

File	Stmts	Miss	Cover	Missing
TOTAL	7081	401	94%

report-only-changed-files is enabled. No files were changed during this commit :)