Update all dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
actions/github-script	action	major	v8 → v9
codecov/codecov-action	action	major	v5 → v6
fastapi (changelog)	dependencies	patch	0.136.1 → 0.136.3
pytest-cov (changelog)	dev	minor	7.0.0 → 7.1.0
redis	final	digest	1c054d5 → aa049e6
registry.access.redhat.com/ubi9/python-39	final	digest	f54df76 → fca62bd
requests (changelog)	dependencies	minor	2.33.1 → 2.34.2
testfixtures (changelog)	test	major	11.0.0 → 12.0.0

---

Release Notes

actions/github-script (actions/github-script)

v9.0.0

Compare Source

New features:

• getOctokit factory function — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See Creating additional clients with getOctokit for details and examples.
• Orchestration ID in user-agent — The ACTIONS_ORCHESTRATION_ID environment variable is automatically appended to the user-agent string for request tracing.

Breaking changes:

• require('@​actions/github') no longer works in scripts. The upgrade to @actions/github v9 (ESM-only) means require('@​actions/github') will fail at runtime. If you previously used patterns like const { getOctokit } = require('@​actions/github') to create secondary clients, use the new injected getOctokit function instead — it's available directly in the script context with no imports needed.
• getOctokit is now an injected function parameter. Scripts that declare const getOctokit = ... or let getOctokit = ... will get a SyntaxError because JavaScript does not allow const/let redeclaration of function parameters. Use the injected getOctokit directly, or use var getOctokit = ... if you need to redeclare it.
• If your script accesses other @actions/github internals beyond the standard github/octokit client, you may need to update those references for v9 compatibility.

What's Changed

• Add ACTIONS_ORCHESTRATION_ID to user-agent string by @​Copilot in #​695
• ci: use deployment: false for integration test environments by @​salmanmkc in #​712
• feat!: add getOctokit to script context, upgrade @​actions/github v9, @​octokit/core v7, and related packages by @​salmanmkc in #​700

New Contributors

• @​Copilot made their first contribution in #​695

Full Changelog: actions/github-script@v8.0.0...v9.0.0

v9

Compare Source

codecov/codecov-action (codecov/codecov-action)

v6.0.1

Compare Source

What's Changed

• fix: prevent template injection in run: steps (VULN-1652) by @​thomasrockhu-codecov in #​1947
• chore(release): 6.0.1 by @​thomasrockhu-codecov in #​1949

Full Changelog: codecov/codecov-action@v6.0.0...v6.0.1

v6.0.0

Compare Source

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

• Revert "Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0"" by @​thomasrockhu-codecov in #​1929
• Th/6.0.0 by @​thomasrockhu-codecov in #​1928

Full Changelog: codecov/codecov-action@v5.5.4...v6.0.0

v6

Compare Source

v5.5.4

Compare Source

This is a mirror of v5.5.2. v6 will be released which requires node24

What's Changed

• Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0" by @​thomasrockhu-codecov in #​1926
• chore(release): 5.5.4 by @​thomasrockhu-codecov in #​1927

Full Changelog: codecov/codecov-action@v5.5.3...v5.5.4

v5.5.3

Compare Source

What's Changed

• build(deps): bump actions/github-script from 7.0.1 to 8.0.0 by @​dependabot[bot] in #​1874
• chore(release): bump to 5.5.3 by @​thomasrockhu-codecov in #​1922

Full Changelog: codecov/codecov-action@v5.5.2...v5.5.3

v5.5.2

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

Compare Source

What's Changed

• fix: overwrite pr number on fork by @​thomasrockhu-codecov in #​1871
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​app/dependabot in #​1868
• build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @​app/dependabot in #​1867
• fix: update to use local app/ dir by @​thomasrockhu-codecov in #​1872
• docs: fix typo in README by @​datalater in #​1866
• Document a codecov-cli version reference example by @​webknjaz in #​1774
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @​app/dependabot in #​1861
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​app/dependabot in #​1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

Compare Source

What's Changed

• feat: upgrade wrapper to 0.2.4 by @​jviall in #​1864
• Pin actions/github-script by Git SHA by @​martincostello in #​1859
• fix: check reqs exist by @​joseph-sentry in #​1835
• fix: Typo in README by @​spalmurray in #​1838
• docs: Refine OIDC docs by @​spalmurray in #​1837
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @​app/dependabot in #​1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

Compare Source

What's Changed

• build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @​app/dependabot in #​1822
• fix: OIDC on forks by @​joseph-sentry in #​1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.1..v5.4.2

v5.4.1

Compare Source

What's Changed

• fix: use the github core methods by @​thomasrockhu-codecov in #​1807
• build(deps): bump github/codeql-action from 3.28.12 to 3.28.13 by @​app/dependabot in #​1803
• build(deps): bump github/codeql-action from 3.28.11 to 3.28.12 by @​app/dependabot in #​1797
• build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 by @​app/dependabot in #​1798
• chore(release): wrapper -0.2.1 by @​app/codecov-releaser-app in #​1788
• build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 by @​app/dependabot in #​1786

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.0..v5.4.1

v5.4.0

Compare Source

What's Changed

• update wrapper submodule to 0.2.0, add recurse_submodules arg by @​matt-codecov in #​1780
• build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 by @​app/dependabot in #​1775
• build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @​app/dependabot in #​1776
• build(deps): bump github/codeql-action from 3.28.9 to 3.28.10 by @​app/dependabot in #​1777
• Clarify in README that use_pypi bypasses integrity checks too by @​webknjaz in #​1773
• Fix use of safe.directory inside containers by @​Flamefire in #​1768
• Fix description for report_type input by @​craigscott-crascit in #​1770
• build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 by @​app/dependabot in #​1765
• Fix a typo in the example by @​miranska in #​1758
• build(deps): bump github/codeql-action from 3.28.5 to 3.28.8 by @​app/dependabot in #​1757
• build(deps): bump github/codeql-action from 3.28.1 to 3.28.5 by @​app/dependabot in #​1753

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.3.1..v5.4.0

v5.3.1

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.3.0..v5.3.1

v5.3.0

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.2.0..v5.3.0

v5.2.0

Compare Source

What's Changed

• Fix typo in README by @​tserg in #​1747
• Th/add commands by @​thomasrockhu-codecov in #​1745
• use correct audience when requesting oidc token by @​juho9000 in #​1744
• build(deps): bump github/codeql-action from 3.27.9 to 3.28.1 by @​app/dependabot in #​1742
• build(deps): bump actions/upload-artifact from 4.4.3 to 4.6.0 by @​app/dependabot in #​1743
• chore(deps): bump wrapper to 0.0.32 by @​thomasrockhu-codecov in #​1740
• feat: add disable-telem feature by @​thomasrockhu-codecov in #​1739
• fix: remove erroneous linebreak in readme by @​Vampire in #​1734

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.1.2..v5.2.0

v5.1.2

Compare Source

What's Changed

• fix: update statment by @​thomasrockhu-codecov in #​1726
• fix: update action script by @​thomasrockhu-codecov in #​1725
• fix: prevent oidc on tokenless due to permissioning by @​thomasrockhu-codecov in #​1724
• chore(release): wrapper-0.0.31 by @​app/codecov-releaser-app in #​1723
• Put quotes around ${{ inputs.token }} in action.yml by @​jwodder in #​1721
• build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 by @​app/dependabot in #​1722
• Remove mistake from options table by @​Acconut in #​1718
• build(deps): bump github/codeql-action from 3.27.5 to 3.27.6 by @​app/dependabot in #​1717

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.1.1..v5.1.2

v5.1.1

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.1.0..v5.1.1

v5.1.0

Compare Source

What's Changed

• fix: hide unnecessary error on shasum by @​thomasrockhu-codecov in #​1692
• build(deps): bump github/codeql-action from 3.27.4 to 3.27.5 by @​app/dependabot in #​1701
• chore(release): wrapper-0.0.29 by @​app/codecov-releaser-app in #​1713

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.7..v5.1.0

v5.0.7

Compare Source

What's Changed

• fix: use HEAD_REPO by @​thomasrockhu-codecov in #​1690

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.6..v5.0.7

v5.0.6

Compare Source

What's Changed

• fix: update CODECOV_TOKEN and fix tokenless by @​thomasrockhu-codecov in #​1688

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.5..v5.0.6

v5.0.5

Compare Source

What's Changed

• chore(release): wrapper-0.0.27 by @​app/codecov-releaser-app in #​1685

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.4..v5.0.5

v5.0.4

Compare Source

What's Changed

• chore(deps): bump wrapper to 0.0.26 by @​thomasrockhu-codecov in #​1681
• fix: strip out a trailing /n from input tokens by @​thomasrockhu-codecov in #​1679
• fix: add action version by @​thomasrockhu-codecov in #​1678

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.3..v5.0.4

v5.0.3

Compare Source

What's Changed

• fix: update OIDC audience by @​thomasrockhu-codecov in #​1675
• fix: use double-quotes for OIDC by @​thomasrockhu-codecov in #​1669
• fix: prevent always setting tokenless to be true by @​thomasrockhu-codecov in #​1673
• fix: update CHANGELOG and automate by @​thomasrockhu-codecov in #​1674
• fix: bump to v5 and update README by @​thomasrockhu-codecov in #​1655
• build(deps): bump github/codeql-action from 3.27.0 to 3.27.4 by @​app/dependabot in #​1665
• fix: typo in inputs.disable_safe_directory by @​mkroening in #​1666

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.2..v5.0.3

v5.0.2

Compare Source

What's Changed

• fix: override commit and pr values for PR cases by @​thomasrockhu-codecov in #​1657

Full Changelog: codecov/codecov-action@v5.0.1...v5.0.2

v5.0.1

Compare Source

What's Changed

• fix: use marketplace v5 badge by @​thomasrockhu-codecov in #​1646
• fix: update tokenless branch logic by @​thomasrockhu-codecov in #​1650
• chore(release): 5.0.1 by @​thomasrockhu-codecov in #​1656

Full Changelog: codecov/codecov-action@v5.0.0...v5.0.1

fastapi/fastapi (fastapi)

v0.136.3

Compare Source

Refactors

• ♻️ Do not accept underscore headers when using convert_underscores=True (the default). PR #​15589 by @​tiangolo.

pytest-dev/pytest-cov (pytest-cov)

v7.1.0

Compare Source

• Fixed total coverage computation to always be consistent, regardless of reporting settings.
  Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on
  reporting options.
  See #&#8203;641 <https://github.com/pytest-dev/pytest-cov/issues/641>_.

• Improve handling of ResourceWarning from sqlite3.

  The plugin adds warning filter for sqlite3 ResourceWarning unclosed database (since 6.2.0).
  It checks if there is already existing plugin for this message by comparing filter regular expression.
  When filter is specified on command line the message is escaped and does not match an expected message.
  A check for an escaped regular expression is added to handle this case.

  With this fix one can suppress ResourceWarning from sqlite3 from command line::

  pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...

• Various improvements to documentation.
  Contributed by Art Pelling in #&#8203;718 <https://github.com/pytest-dev/pytest-cov/pull/718>_ and
  "vivodi" in #&#8203;738 <https://github.com/pytest-dev/pytest-cov/pull/738>.
  Also closed #&#8203;736 <https://github.com/pytest-dev/pytest-cov/issues/736>.

• Fixed some assertions in tests.
  Contributed by in Markéta Machová in #&#8203;722 <https://github.com/pytest-dev/pytest-cov/pull/722>_.

• Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).

psf/requests (requests)

v2.34.2

Compare Source

• Moved headers input type back to Mapping to avoid invariance issues
  with MutableMapping and inferred dict types. Users calling
  Request.headers.update() may need to narrow typing in their code. (#​7441)

v2.34.1

Compare Source

Bugfixes

• Widened json input type from dict and list to Mapping
  and Sequence. (#​7436)
• Changed headers input type to MutableMapping and removed None from
  Request.headers typing to improve handling for users. (#​7431)
• Response.reason moved from str | None to str to improve handling
  for users. (#​7437)
• Fixed a bug where some bodies with custom __getattr__ implementations
  weren't being properly detected as Iterables. (#​7433)

v2.34.0

Compare Source

Announcements

• Requests 2.34.0 introduces inline types, replacing those provided by
  typeshed. Public API types should be fully compatible with mypy, pyright,
  and ty. We believe types are comprehensive but if you find issues, please
  report them to the pinned tracking issue.

  Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for
  helping review and test the types ahead of the release. (#​7272)

Improvements

• Digest Auth hashing algorithms have added usedforsecurity=False to clarify
  security considerations. (#​7310)
• Requests added support for Python 3.15 based on beta1. Downstream projects
  should be able to start testing prior to its release in October. (#​7422)
• Requests added support for Python 3.14t. (#​7419)

Bugfixes

• Response.history no longer contains a reference to itself, preventing
  accidental looping when traversing the history list. (#​7328)
• Requests no longer performs greedy matching on no_proxy domains. The
  proxy_bypass implementation has been updated with CPython's fix from
  bpo-39057. (#​7427)
• Requests no longer incorrectly strips duplicate leading slashes in
  URI paths. This should address user issues with specific presigned
  URLs. Note the full fix requires urllib3 2.7.0+. (#​7315)

Simplistix/testfixtures (testfixtures)

v12.0.0

Compare Source

.. warning:: Breaking changes:

• Comparers have moved from :mod:!testfixtures.comparison to :mod:testfixtures.comparers.

• :func:!django_compare has been removed, :func:compare now works with Django models.

• Refactoring of :class:LogCapture to introduce support for :doc:loguru <loguru>,
  :doc:structlog <structlog> and similar support for :doc:twisted <twisted> by way of the new
  :class:~testfixtures.logcapture.CaptureSource architecture.

• :func:compare now supports per-type ignore_eq.

• :func:compare now supports both :doc:polars <polars> and :doc:pandas <pandas> dataframes.

• :func:compare now provides better feedback when objects being compared raised exceptipns in
  their :any:str or :any:repr.

• Added raises parameter to :meth:OutputCapture.compare, :meth:LogCapture.check and
  :meth:LogCapture.check_present to they can be more easily used in compositions.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "every weekend"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Warning: The mypy type checker has found some errors. See the mypy job for details

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (b5ad55e) to head (5b63ea9).

Additional details and impacted files

@@            Coverage Diff            @@
##            master      #328   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           21        21           
  Lines         1319      1319           
=========================================
  Hits          1319      1319           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

Warning: The mypy type checker has found some errors. See the mypy job for details

[github-actions]

Warning: The mypy type checker has found some errors. See the mypy job for details

[github-actions]

Warning: The mypy type checker has found some errors. See the mypy job for details

[github-actions]

Warning: The mypy type checker has found some errors. See the mypy job for details

[github-actions]

Warning: The mypy type checker has found some errors. See the mypy job for details

[github-actions]

Warning: The mypy type checker has found some errors. See the mypy job for details

[github-actions]

Warning: The mypy type checker has found some errors. See the mypy job for details

[github-actions]

Warning: The mypy type checker has found some errors. See the mypy job for details

[github-actions]

Warning: The mypy type checker has found some errors. See the mypy job for details

[github-actions]

Warning: The mypy type checker has found some errors. See the mypy job for details

[github-actions]

Warning: The mypy type checker has found some errors. See the mypy job for details

[github-actions]

Warning: The mypy type checker has found some errors. See the mypy job for details

[github-actions]

Warning: The mypy type checker has found some errors. See the mypy job for details

[github-actions]

Warning: The mypy type checker has found some errors. See the mypy job for details

[github-actions]

Warning: The mypy type checker has found some errors. See the mypy job for details

[github-actions]

Warning: The mypy type checker has found some errors. See the mypy job for details

[github-actions]

Warning: The mypy type checker has found some errors. See the mypy job for details

[github-actions]

Warning: The mypy type checker has found some errors. See the mypy job for details

[github-actions]

Warning: The mypy type checker has found some errors. See the mypy job for details