Skip to content

deps(deps): bump the production group with 5 updates#54

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/pip/production-d6d5e20fd2
Open

deps(deps): bump the production group with 5 updates#54
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/pip/production-d6d5e20fd2

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Sep 24, 2025
edited
Loading

Bumps the production group with 5 updates:

Package From To
fastapi 0.115.12 0.117.1
pydantic 2.11.3 2.11.9
pydantic-core 2.33.1 2.39.0
sqlalchemy 2.0.40 2.0.43
uvicorn 0.34.1 0.37.0

Updates fastapi from 0.115.12 to 0.117.1

Release notes

Sourced from fastapi's releases.

0.117.1

Fixes

0.117.0

Features

Fixes

  • ⚡️ Fix default_factory for response model field with Pydantic V1. PR #9704 by @​vvanglro.
  • 🐛 Fix inconsistent processing of model docstring formfeed char with Pydantic V1. PR #6039 by @​MaxwellPayne.
  • 🐛 Fix jsonable_encoder alters json_encoders of Pydantic v1 objects. PR #4972 by @​aboubacs.
  • 🐛 Reenable allow_arbitrary_types when only 1 argument is used on the API endpoint. PR #13694 by @​rmawatson.
  • 🐛 Fix inspect.getcoroutinefunction() can break testing with unittest.mock.patch(). PR #14022 by @​secrett2633.

Refactors

  • ♻️ Create dependency-cache dict in solve_dependencies only if None (don't re-create if empty). PR #13689 by @​bokshitsky.
  • ✅ Enable test case for duplicated headers in test_tutorial/test_header_params/test_tutorial003.py. PR #13864 by @​Amogha-ark.
  • 📌 Pin httpx to >=0.23.0,<1.0.0. PR #14086 by @​YuriiMotov.

Docs

  • 📝 Add note about Cookies and JavaScript on tutorial/cookie-params.md. PR #13510 by @​Kludex.
  • 📝 Remove outdated formatting from path-params-numeric-validations.md for languages en, es and uk.. PR #14059 by @​svlandeg.
  • 📝 Fix and Improve English Documentation. PR #14048 by @​nilslindemann.

Translations

Internal

0.116.2

Upgrades

... (truncated)

Commits
  • 784f06c 🔖 Release version 0.117.1
  • b5c0589 📝 Update release notes
  • 44fc676 🐛 Fix validation error when File is declared after Form parameter (#11194)
  • a840010 📝 Update release notes
  • 382d083 🔖 Release version 0.117.0
  • a7f2dbe 📝 Update release notes
  • f1e6f97 ⚡️ Fix default_factory for response model field with Pydantic V1 (#9704)
  • b01d5c9 📝 Update release notes
  • b51ec36 ✨ Allow None as return type for bodiless responses (#9425)
  • 0bdc3ca 📝 Update release notes
  • Additional commits viewable in compare view

Updates pydantic from 2.11.3 to 2.11.9

Release notes

Sourced from pydantic's releases.

v2.11.9 2025-09-13

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.11.8...v2.11.9

v2.11.8 2025-09-13

v2.11.8 (2025-09-13)

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.11.7...v2.11.8

v2.11.7 2025-06-14

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.11.6...v2.11.7

v2.11.6 2025-06-13

v2.11.6 (2025-06-13)

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.11.5...v2.11.6

v2.11.5 2025-05-22

What's Changed

Fixes

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.11.9 (2025-09-13)

GitHub release

What's Changed

Fixes

v2.11.8 (2025-09-13)

GitHub release

What's Changed

Fixes

v2.11.7 (2025-06-14)

GitHub release

What's Changed

Fixes

  • Copy FieldInfo instance if necessary during FieldInfo build by @​Viicos in #11898

v2.11.6 (2025-06-13)

GitHub release

What's Changed

Fixes

v2.11.5 (2025-05-22)

GitHub release

What's Changed

Fixes

  • Check if FieldInfo is complete after applying type variable map by @​Viicos in #11855

... (truncated)

Commits
  • 9231095 Prepare release v2.11.9
  • f003a89 Backport v1.10.23 changes
  • 96b81dd Prepare release v2.11.8
  • 966f377 Fix mypy v2 plugin for upcoming 1.18 mypy release
  • 5f033e4 Prepare release v2.11.7
  • c3368b8 Copy FieldInfo instance if necessary during FieldInfo build (#11980)
  • 3987b23 Prepare release v2.11.6
  • dc7a9d2 Always store the original field assignment on FieldInfo
  • c284c27 Rebuild dataclass fields before schema generation
  • 5e6d1dc Prepare release v2.11.5
  • Additional commits viewable in compare view

Updates pydantic-core from 2.33.1 to 2.39.0

Release notes

Sourced from pydantic-core's releases.

v2.39.0 2025-08-11

What's Changed

Full Changelog: pydantic/pydantic-core@v2.38.0...v2.39.0

v2.38.0 2025-08-04

What's Changed

New Contributors

Full Changelog: pydantic/pydantic-core@v2.37.2...v2.38.0

v2.37.2 2025-07-26

What's Changed

Full Changelog: pydantic/pydantic-core@v2.37.1...v2.37.2

v2.37.1 2025-07-25

What's Changed

Identical to v2.37.0.

v2.37.0 2025-07-25

What's Changed

Full Changelog: pydantic/pydantic-core@v2.36.0...v2.37.0

v2.36.0 2025-07-23

What's Changed

... (truncated)

Commits

Updates sqlalchemy from 2.0.40 to 2.0.43

Release notes

Sourced from sqlalchemy's releases.

2.0.43

Released: August 11, 2025

orm

  • [orm] [bug] Fixed issue where using the post_update feature would apply incorrect "pre-fetched" values to the ORM objects after a multi-row UPDATE process completed. These "pre-fetched" values would come from any column that had an Column.onupdate callable or a version id generator used by orm.Mapper.version_id_generator; for a version id generator that delivered random identifiers like timestamps or UUIDs, this incorrect data would lead to a DELETE statement against those same rows to fail in the next step.

    References: #12748

  • [orm] [bug] Fixed issue where _orm.mapped_column.use_existing_column parameter in _orm.mapped_column() would not work when the _orm.mapped_column() is used inside of an Annotated type alias in polymorphic inheritance scenarios. The parameter is now properly recognized and processed during declarative mapping configuration.

    References: #12787

  • [orm] [bug] Improved the implementation of the _orm.selectin_polymorphic() inheritance loader strategy to properly render the IN expressions using chunks of 500 records each, in the same manner as that of the _orm.selectinload() relationship loader strategy. Previously, the IN expression would be arbitrarily large, leading to failures on databases that have limits on the size of IN expressions including Oracle Database.

    References: #12790

engine

  • [engine] [usecase] Added new parameter create_engine.skip_autocommit_rollback which provides for a per-dialect feature of preventing the DBAPI .rollback() from being called under any circumstances, if the connection is detected as being in "autocommit" mode. This improves upon a critical performance issue identified in MySQL dialects where the network overhead of the .rollback() call remains prohibitive even if autocommit mode is set.

    References: #12784

postgresql

... (truncated)

Commits

Updates uvicorn from 0.34.1 to 0.37.0

Release notes

Sourced from uvicorn's releases.

Version 0.37.0

What's Changed

New Contributors

Full Changelog: Kludex/uvicorn@0.36.1...0.37.0

Version 0.36.1

What's Changed

Full Changelog: Kludex/uvicorn@0.36.0...0.36.1

Version 0.36.0

Added

New Contributors

Full Changelog: Kludex/uvicorn@0.35.0...0.36.0

Version 0.35.0

Added

Changed

New Contributors

Full Changelog: Kludex/uvicorn@0.34.3...0.35.0

Version 0.34.3

What's Changed

... (truncated)

Changelog

Sourced from uvicorn's changelog.

0.37.0 (September 23, 2025)

Added

  • Add --timeout-worker-healthcheck option (#2711)
  • Add os.PathLike[str] type to ssl_ca_certs (#2676)

0.36.1 (September 23, 2025)

Fixed

  • Raise an exception when calling removed Config.setup_event_loop() (#2709)

0.36.0 (September 20, 2025)

Added

  • Support custom IOLOOPs (#2435)
  • Allow to provide importable string in --http, --ws and --loop (#2658)

0.35.0 (June 28, 2025)

Added

  • Add WebSocketsSansIOProtocol (#2540)

Changed

  • Refine help message for option --proxy-headers (#2653)

0.34.3 (June 1, 2025)

Fixed

  • Don't include cwd() when non-empty --reload-dirs is passed (#2598)
  • Apply get_client_addr formatting to WebSocket logging (#2636)

0.34.2 (April 19, 2025)

Fixed

  • Flush stdout buffer on Windows to trigger reload (#2604)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps(deps): bump the production group with 5 updates
052830d 
Bumps the production group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [fastapi](https://github.com/fastapi/fastapi) | `0.115.12` | `0.117.1` |
| [pydantic](https://github.com/pydantic/pydantic) | `2.11.3` | `2.11.9` |
| [pydantic-core](https://github.com/pydantic/pydantic-core) | `2.33.1` | `2.39.0` |
| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.40` | `2.0.43` |
| [uvicorn](https://github.com/Kludex/uvicorn) | `0.34.1` | `0.37.0` |


Updates `fastapi` from 0.115.12 to 0.117.1
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.115.12...0.117.1)

Updates `pydantic` from 2.11.3 to 2.11.9
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/v2.11.9/HISTORY.md)
- [Commits](pydantic/pydantic@v2.11.3...v2.11.9)

Updates `pydantic-core` from 2.33.1 to 2.39.0
- [Release notes](https://github.com/pydantic/pydantic-core/releases)
- [Commits](pydantic/pydantic-core@v2.33.1...v2.39.0)

Updates `sqlalchemy` from 2.0.40 to 2.0.43
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

Updates `uvicorn` from 0.34.1 to 0.37.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.34.1...0.37.0)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.117.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: pydantic
  dependency-version: 2.11.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: pydantic-core
  dependency-version: 2.39.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
- dependency-name: sqlalchemy
  dependency-version: 2.0.43
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production
- dependency-name: uvicorn
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Sep 24, 2025

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Nov 17, 2025

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Baptiste-Ferrand Baptiste-Ferrand

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Baptiste-Ferrand