Bump the python-packages group with 6 updates

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the python-packages group with 6 updates:

Package	From	To
fastapi	0.121.1	0.121.3
alembic	1.17.1	1.17.2
faker	37.12.0	38.2.0
coverage	7.11.3	7.12.0
dirty-equals	0.10.0	0.11
pre-commit	4.4.0	4.5.0

Updates fastapi from 0.121.1 to 0.121.3

Release notes

Sourced from fastapi's releases.

0.121.3

Refactors

• ♻️ Make the result of Depends() and Security() hashable, as a workaround for other tools interacting with these internal parts. PR #14372 by @​tiangolo.

Upgrades

• ⬆️ Bump Starlette to <0.51.0. PR #14282 by @​musicinmybrain.

Docs

• 📝 Add missing hash part. PR #14369 by @​nilslindemann.
• 📝 Fix typos in code comments. PR #14364 by @​Edge-Seven.
• 📝 Add docs for using FastAPI Cloud. PR #14359 by @​tiangolo.

0.121.2

Fixes

• 🐛 Fix handling of JSON Schema attributes named "$ref". PR #14349 by @​tiangolo.

Docs

• 📝 Add EuroPython talk & podcast episode with Sebastián Ramírez. PR #14260 by @​clytaemnestra.
• ✏️ Fix links and add missing permalink in docs. PR #14217 by @​YuriiMotov.

Translations

• 🌐 Update Portuguese translations with LLM prompt. PR #14228 by @​ceb10n.
• 🔨 Add Portuguese translations LLM prompt. PR #14208 by @​ceb10n.
• 🌐 Sync Russian docs. PR #14331 by @​YuriiMotov.
• 🌐 Sync German docs. PR #14317 by @​nilslindemann.

Commits

• 325fd16 🔖 Release version 0.121.3
• 7659b70 📝 Update release notes
• 8570163 ♻️ Make the result of Depends() and Security() hashable, as a workaround ...
• 566e315 📝 Update release notes
• 569226e ⬆️ Bump Starlette to <0.51.0 (#14282)
• 33a75f4 📝 Update release notes
• 89baa70 📝 Add missing hash part (#14369)
• 827ed1e 📝 Update release notes
• df83eb7 📝 Fix typos in code comments (#14364)
• 4e84f31 📝 Update release notes
• Additional commits viewable in compare view

Updates alembic from 1.17.1 to 1.17.2

Release notes

Sourced from alembic's releases.

1.17.2

Released: November 14, 2025

feature

• [feature] [operations] Added Operations.implementation_for.replace parameter to Operations.implementation_for(), allowing replacement of existing operation implementations. This allows for existing operations such as CreateTableOp to be extended directly. Pull request courtesy justanothercatgirl.

  References: #1750

bug

• [bug] [mssql] Fixed issue in SQL Server dialect where the DROP that's automatically emitted for existing default constraints during an ALTER COLUMN needs to take place before not just the modification of the column's default, but also before the column's type is changed.

  References: #1744

Commits

• See full diff in compare view

Updates faker from 37.12.0 to 38.2.0

Release notes

Sourced from faker's releases.

Release v38.2.0

See CHANGELOG.md.

Release v38.1.0

See CHANGELOG.md.

Release v38.0.0

See CHANGELOG.md.

Changelog

Sourced from faker's changelog.

v38.2.0 - 2025-11-19

• Add localized UniqueProxy. Thanks @​azmeuk

v38.1.0 - 2025-11-19

• Add person provider for ar_DZ locale. Thanks @​othmane099.
• Add person, phone_number, date_time for fr_DZ locale. Thanks @​othmane099.

v38.0.0 - 2025-11-11

• Drop support for Python 3.9
• Add support for Python 3.14

Commits

• 337f8fa Bump version: 38.1.0 → 38.2.0
• d8fb7f2 📝 Update CHANGELOG.md
• 243e317 lint docs
• e398287 📝 Update docs
• 3cc7f77 feat: localized UniqueProxy (#2279)
• 8ba30da Bump version: 38.0.0 → 38.1.0
• 921bde1 📝 Update CHANGELOG.md
• 702e23b fix newline
• d5051a9 add_faker_pk_pypi_link (#2281)
• 050de37 Add person provider for ar_DZ locale (#2271)
• Additional commits viewable in compare view

Updates coverage from 7.11.3 to 7.12.0

Changelog

Sourced from coverage's changelog.

Version 7.12.0 — 2025-11-18

• The HTML report now shows separate coverage totals for statements and branches, as well as the usual combined coverage percentage. Thanks to Ryuta Otsuka for the discussion <issue 2081_>_ and the implementation <pull 2085_>_.

• The JSON report now includes separate coverage totals for statements and branches, thanks to Ryuta Otsuka <pull 2090_>_.

• Fix: except* clauses were not handled properly under the "sysmon" measurement core, causing KeyError exceptions as described in issue 2086_. This is now fixed.

• Fix: we now defend against aggressive mocking of open() that could cause errors inside coverage.py. An example of a failure is in issue 2083_.

• Fix: in unusual cases where a test suite intentionally exhausts the system's file descriptors to test handling errors in open(), coverage.py would fail when trying to open source files, as described in issue 2091_. This is now fixed.

• A small tweak to the HTML report: file paths now use thin spaces around slashes to make them easier to read.

.. _issue 2081: coveragepy/coveragepy#2081 .. _issue 2083: coveragepy/coveragepy#2083 .. _pull 2085: coveragepy/coveragepy#2085 .. _issue 2086: coveragepy/coveragepy#2086 .. _pull 2090: coveragepy/coveragepy#2090 .. _issue 2091: coveragepy/coveragepy#2091

.. _changes_7-11-3:

Commits

• 63db2b1 docs: sample HTML for 7.12.0
• 598bbc3 docs: prep for 7.12.0
• 557dd15 feat: add statement and branch coverage percentages to JSON report (#2090)
• e18359c fix: don't crash if open() genuinely fails. #2091
• fff5e59 docs: thanks, Ryuta Otsuka #2085
• 97bf625 docs: support files for the sample html
• 8320b74 style(html): tweak the styling for the new stmt/branch stats #2085
• 7e08183 feat(templite): {% else %}
• 4abe253 feat: add statement and branch coverage columns to index.html report (#2085)
• ddbafa9 build: no longer need to work around a pytest/iTerm2 bug
• Additional commits viewable in compare view

Updates dirty-equals from 0.10.0 to 0.11

Release notes

Sourced from dirty-equals's releases.

v0.11.0 2025-11-16

What's Changed

• 🐛 Fix nested dataclass comparison by @​connorbrinton in samuelcolvin/dirty-equals#120
• uprev in preparation for release by @​samuelcolvin in samuelcolvin/dirty-equals#122
• Add tests for 3.14 by @​samuelcolvin in samuelcolvin/dirty-equals#123

New Contributors

• @​connorbrinton made their first contribution in samuelcolvin/dirty-equals#120

Full Changelog: samuelcolvin/dirty-equals@v0.10.0...v0.11.0

Commits

• e8cd329 uprev to 0.11
• 56e8409 Add tests for 3.14 (#123)
• 5203cc9 uprev in preparation for release (#122)
• f15a6de 🐛 Fix nested dataclass comparison (#120)
• See full diff in compare view

Updates pre-commit from 4.4.0 to 4.5.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.5.0

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

Changelog

Sourced from pre-commit's changelog.

4.5.0 - 2025-11-22

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

Commits

• 1af6c8f v4.5.0
• 3358a3b Merge pull request #3585 from pre-commit/hazmat
• bdf6879 add pre-commit hazmat
• e436690 Merge pull request #3584 from pre-commit/exitstack
• 8d34f95 use ExitStack instead of start + stop
• 9c7ea88 Merge pull request #3583 from pre-commit/forward-compat-map-manifest
• 844dacc add forward-compat error message
• 6a1d543 Merge pull request #3582 from pre-commit/move-gc-back
• 66278a9 move logic for gc back to commands.gc
• 1b32c50 Merge pull request #3579 from pre-commit/pre-commit-ci-update-config
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml