chore(deps): update python dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
fastapi (changelog)	==0.135.2 → ==0.135.3
sqlalchemy (changelog)	==2.0.48 → ==2.0.49
uvicorn (changelog)	==0.42.0 → ==0.44.0

---

Release Notes

fastapi/fastapi (fastapi)

v0.135.3

Compare Source

Features

• ✨ Add support for @app.vibe(). PR #​15280 by @​tiangolo.
  • New docs: Vibe Coding.

Docs

• ✏️ Fix typo for client_secret in OAuth2 form docstrings. PR #​14946 by @​bysiber.

Internal

• 👥 Update FastAPI People - Experts. PR #​15279 by @​tiangolo.
• ⬆ Bump orjson from 3.11.7 to 3.11.8. PR #​15276 by @​dependabot[bot].
• ⬆ Bump ruff from 0.15.0 to 0.15.8. PR #​15277 by @​dependabot[bot].
• 👥 Update FastAPI GitHub topic repositories. PR #​15274 by @​tiangolo.
• ⬆ Bump fastmcp from 2.14.5 to 3.2.0. PR #​15267 by @​dependabot[bot].
• 👥 Update FastAPI People - Contributors and Translators. PR #​15270 by @​tiangolo.
• ⬆ Bump requests from 2.32.5 to 2.33.0. PR #​15228 by @​dependabot[bot].
• 👷 Add ty check to lint.sh. PR #​15136 by @​svlandeg.

Kludex/uvicorn (uvicorn)

v0.44.0: Version 0.44.0

Compare Source

What's Changed

• Implement websocket keepalive pings for websockets-sansio by @​Kludex in #​2888

Full Changelog: Kludex/uvicorn@0.43.0...0.44.0

v0.43.0: Version 0.43.0

Compare Source

Changed

• Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#​2829)
• Use native context parameter for create_task on Python 3.11+ (#​2859)
• Drop cast in ASGI types (#​2875)

---

Full Changelog: Kludex/uvicorn@0.42.0...0.43.0

---

Configuration

📅 Schedule: Branch creation - "every weekend" in timezone UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 3 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA dec2230.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

backend/requirements.txt

Package	Version	License	Issue Type
fastapi	0.135.3	Null	Unknown License
sqlalchemy	2.0.49	Null	Unknown License
uvicorn	0.44.0	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
pip/fastapi	0.135.3	Unknown	Unknown
pip/sqlalchemy	2.0.49	Unknown	Unknown
pip/uvicorn	0.44.0	Unknown	Unknown

Scanned Files

• backend/requirements.txt

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.82%. Comparing base (a93a84f) to head (dec2230).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #255   +/-   ##
=======================================
  Coverage   71.82%   71.82%           
=======================================
  Files          11       11           
  Lines         802      802           
  Branches      124      124           
=======================================
  Hits          576      576           
  Misses        163      163           
  Partials       63       63           

Flag	Coverage Δ
backend	71.82% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.