deps(deps): bump the uv-minor-patch group across 1 directory with 18 updates by dependabot[bot] · Pull Request #366 · clac-ca/automatic-data-extractor

dependabot · 2026-04-04T11:27:17Z

Bumps the uv-minor-patch group with 18 updates in the /backend directory:

Package	From	To
fastapi	`0.128.7`	`0.135.3`
uvicorn[standard]	`0.40.0`	`0.43.0`
sqlalchemy	`2.0.46`	`2.0.49`
azure-core	`1.38.1`	`1.39.0`
azure-identity	`1.25.2`	`1.25.3`
psycopg[binary]	`3.3.2`	`3.3.3`
pydantic-settings	`2.12.0`	`2.13.1`
orjson	`3.11.7`	`3.11.8`
python-dotenv	`1.2.1`	`1.2.2`
greenlet	`3.3.1`	`3.3.2`
authlib	`1.6.7`	`1.6.9`
sse-starlette	`3.2.0`	`3.3.4`
typer	`0.21.2`	`0.24.1`
uv	`0.10.2`	`0.11.3`
pytest-cov	`7.0.0`	`7.1.0`
mypy	`1.19.1`	`1.20.0`
ruff	`0.14.14`	`0.15.9`
openapi-spec-validator	`0.7.2`	`0.8.4`

Updates fastapi from 0.128.7 to 0.135.3

Release notes

Sourced from fastapi's releases.

0.135.3

Features

✨ Add support for @app.vibe(). PR #15280 by @tiangolo.

New docs: Vibe Coding.

Docs

✏️ Fix typo for client_secret in OAuth2 form docstrings. PR #14946 by @bysiber.

Internal

👥 Update FastAPI People - Experts. PR #15279 by @tiangolo.

⬆ Bump orjson from 3.11.7 to 3.11.8. PR #15276 by @dependabot[bot].

⬆ Bump ruff from 0.15.0 to 0.15.8. PR #15277 by @dependabot[bot].

👥 Update FastAPI GitHub topic repositories. PR #15274 by @tiangolo.

⬆ Bump fastmcp from 2.14.5 to 3.2.0. PR #15267 by @dependabot[bot].

👥 Update FastAPI People - Contributors and Translators. PR #15270 by @tiangolo.

⬆ Bump requests from 2.32.5 to 2.33.0. PR #15228 by @dependabot[bot].

👷 Add ty check to lint.sh. PR #15136 by @svlandeg.

0.135.2

Upgrades

⬆️ Increase lower bound to pydantic >=2.9.0. and fix the test suite. PR #15139 by @svlandeg.

Docs

📝 Add missing last release notes dates. PR #15202 by @tiangolo.

📝 Update docs for contributors and team members regarding translation PRs. PR #15200 by @YuriiMotov.

💄 Fix code blocks in reference docs overflowing table width. PR #15094 by @YuriiMotov.

📝 Fix duplicated words in docstrings. PR #15116 by @AhsanSheraz.

📝 Add docs for pyproject.toml with entrypoint. PR #15075 by @tiangolo.

📝 Update links in docs to no longer use the classes external-link and internal-link. PR #15061 by @tiangolo.

🔨 Add JS and CSS handling for automatic target=_blank for links in docs. PR #15063 by @tiangolo.

💄 Update styles for internal and external links in new tab. PR #15058 by @tiangolo.

📝 Add documentation for the FastAPI VS Code extension. PR #15008 by @savannahostrowski.

📝 Fix doctrings for max_digits and decimal_places. PR #14944 by @YuriiMotov.

📝 Add dates to release notes. PR #15001 by @YuriiMotov.

Translations

🌐 Update translations for zh (update-outdated). PR #15177 by @tiangolo.

🌐 Update translations for zh-hant (update-outdated). PR #15178 by @tiangolo.

🌐 Update translations for zh-hant (add-missing). PR #15176 by @tiangolo.

🌐 Update translations for zh (add-missing). PR #15175 by @tiangolo.

🌐 Update translations for ja (update-outdated). PR #15171 by @tiangolo.

🌐 Update translations for ko (update-outdated). PR #15170 by @tiangolo.

🌐 Update translations for tr (update-outdated). PR #15172 by @tiangolo.

🌐 Update translations for ko (add-missing). PR #15168 by @tiangolo.

... (truncated)

Commits

1f442c4 🔖 Release version 0.135.3
8f5d157 📝 Update release notes
428452a 📝 Update release notes
70580da ✨ Add support for @app.vibe() (#15280)
6ee8747 📝 Update release notes
3e72c09 👥 Update FastAPI People - Experts (#15279)
96df35f 📝 Update release notes
6c81125 ⬆ Bump orjson from 3.11.7 to 3.11.8 (#15276)
428f82c 📝 Update release notes
5599c59 ⬆ Bump ruff from 0.15.0 to 0.15.8 (#15277)
Additional commits viewable in compare view

Updates uvicorn[standard] from 0.40.0 to 0.43.0

Release notes

Sourced from uvicorn[standard]'s releases.

Version 0.43.0

Changed

Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)

Use native context parameter for create_task on Python 3.11+ (#2859)

Drop cast in ASGI types (#2875)

Full Changelog: Kludex/uvicorn@0.42.0...0.43.0

Version 0.42.0

Changed

Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

Escape brackets and backslash in httptools HEADER_RE regex (#2824)

Fix multiple issues in websockets sans-io implementation (#2825)

New Contributors

@bysiber made their first contribution in Kludex/uvicorn#2825

Full Changelog: Kludex/uvicorn@0.41.0...0.42.0

Version 0.41.0

Added

Add --limit-max-requests-jitter to stagger worker restarts (#2707)

Add socket path to scope["server"] (#2561)

Changed

Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

Ignore permission denied errors in watchfiles reloader (#2817)

Ensure lifespan shutdown runs when should_exit is set during startup (#2812)

Reduce the log level of 'request limit exceeded' messages (#2788)

New Contributors

@t-kawasumi made their first contribution in Kludex/uvicorn#2776

... (truncated)

Changelog

Sourced from uvicorn[standard]'s changelog.

0.43.0 (April 3, 2026)

You can quit Uvicorn now. We heard you, @pamelafox - all 47 of your Ctrl+C's (thanks for flagging it, and thanks to @tiangolo for the fix 🙏). See the tweet.

Changed

Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)

Use native context parameter for create_task on Python 3.11+ (#2859)

Drop cast in ASGI types (#2875)

0.42.0 (March 16, 2026)

Changed

Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

Escape brackets and backslash in httptools HEADER_RE regex (#2824)

Fix multiple issues in websockets sans-io implementation (#2825)

0.41.0 (February 16, 2026)

Added

Add --limit-max-requests-jitter to stagger worker restarts (#2707)

Add socket path to scope["server"] (#2561)

Changed

Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

Ignore permission denied errors in watchfiles reloader (#2817)

Ensure lifespan shutdown runs when should_exit is set during startup (#2812)

Reduce the log level of 'request limit exceeded' messages (#2788)

Commits

8d397c7 Version 0.43.0 (#2885)
587042d 🐛 Emit http.disconnect ASGI receive() event on server shutting down for s...
c9a75fb chore(deps): bump the github-actions group with 3 updates (#2878)
84fd578 chore(deps): bump pygments from 2.19.2 to 2.20.0 (#2877)
cd52d34 Use native context parameter for create_task on Python 3.11+ (#2859)
5211880 Drop cast in ASGI types (#2875)
1cb8e74 Add websocket 500 fallback header test (#2874)
28efbb2 chore(deps-dev): bump cryptography from 46.0.5 to 46.0.6 (#2873)
042ffeb ci: add zizmor (#2872)
c61f9d4 chore(deps): bump requests from 2.32.5 to 2.33.0 (#2871)
Additional commits viewable in compare view

Updates sqlalchemy from 2.0.46 to 2.0.49

Release notes

Sourced from sqlalchemy's releases.

2.0.49

Released: April 3, 2026

orm

[orm] [bug] Fixed issue where _orm.Session.get() would bypass the identity map and emit unnecessary SQL when with_for_update=False was passed, rather than treating it equivalently to the default of None. Pull request courtesy of Joshua Swanson.

References: #13176

[orm] [bug] Fixed issue where chained _orm.joinedload() options would not be applied correctly when the final relationship in the chain is declared on a base mapper and accessed through a subclass mapper in a _orm.with_polymorphic() query. The path registry now correctly computes the natural path when a property declared on a base class is accessed through a path containing a subclass mapper, ensuring the loader option can be located during query compilation.

References: #13193

[orm] [bug] [inheritance] Fixed issue where using _orm.Load.options() to apply a chained loader option such as _orm.joinedload() or _orm.selectinload() with _orm.PropComparator.of_type() for a polymorphic relationship would not generate the necessary clauses for the polymorphic subclasses. The polymorphic loading strategy is now correctly propagated when using a call such as joinedload(A.b).options(joinedload(B.c.of_type(poly))) to match the behavior of direct chaining e.g. joinedload(A.b).joinedload(B.c.of_type(poly)).

References: #13202

[orm] [bug] [inheritance] Fixed issue where using chained loader options such as _orm.selectinload() after _orm.joinedload() with _orm.PropComparator.of_type() for a polymorphic relationship would not properly apply the chained loader option. The loader option is now correctly applied when using a call such as joinedload(A.b.of_type(poly)).selectinload(poly.SubClass.c) to eagerly load related objects.

References: #13209

typing

[typing] [bug] Fixed a typing issue where the typed members of :data:.func would return the appropriate class of the same name, however this creates an issue for

... (truncated)

Commits

See full diff in compare view

Updates azure-core from 1.38.1 to 1.39.0

Release notes

Sourced from azure-core's releases.

azure-core_1.39.0

1.39.0 (2026-03-18)

Breaking Changes

Changed the previously undocumented azure_cloud setting environment variable from AZURE_CLOUD to AZURE_SDK_CLOUD_CONF.

azure-core_1.38.3

1.38.3 (2026-03-12)

Bugs Fixed

Fixed PipelineClient.format_url to preserve trailing slash in the base URL when the URL template is query-string-only (e.g., ?key=value). #45365

Fixed SensitiveHeaderCleanupPolicy to persist the insecure_domain_change flag across retries after a cross-domain redirect. #45518

Other Changes

Added jitter to token refresh timing in BearerTokenCredentialPolicy and AsyncBearerTokenCredentialPolicy to prevent simultaneous token refresh attempts across multiple processes. This helps mitigate the thundering herd problem during token refresh operations. #43720

Commits

dee80a8 Changed the azure_cloud setting environment variable (#45763)
a2d1170 Increment package version after release of azure-core (#45671)
c6e48b5 [Core] Prepare release (#45656)
079e76b Port data-plane packages in sdk/core/ to pyproject.toml (#45556)
2117dfb [Core] Persist cross domain redirect flag (#45518)
2d0a9aa [Core] Update pytest fixture scope (#45563)
4c4c869 [Core] Add jitter to token refresh intervals (#43720)
41391f1 [azure-core] Fix format_url dropping trailing slash when URL template is qu...
9fdb4f1 [Corehttp] Changelog update (#45113)
f40b764 Increment package version after release of azure-core (#45246)
Additional commits viewable in compare view

Updates azure-identity from 1.25.2 to 1.25.3

Release notes

Sourced from azure-identity's releases.

azure-identity_1.25.3

1.25.3 (2026-03-12)

Bugs Fixed

Fixed an issue where an expired token could skip refresh when a recent token request was made, due to the retry delay taking precedence over expiration. (#45496)

Other Changes

Bumped minimum dependency on msal to >=1.35.1.

Commits

a989ea4 [Identity] Prep patch release
7972883 [Identity] Adjust refresh logic (#45496)
04764a9 add psscript to convert apiview json files to md (#45589)
50e0165 Sync eng/common directory with azure-sdk-tools for PR 14461 (#45646)
5333117 Add Bo to /sdk/ai/azure-ai-projects owner list (#45664)
775d694 Doc and automation updates for .github sync directory changes (#45630)
c6e48b5 [Core] Prepare release (#45656)
ae769c4 Fix custom Memory Stores LRO poller operation (#45662)
6074492 Add asset id none check in dt (#45618)
e1a986a Bump tar from 7.5.10 to 7.5.11 in /eng/common/tsp-client (#45640)
Additional commits viewable in compare view

Updates psycopg[binary] from 3.3.2 to 3.3.3

Changelog

Sourced from psycopg[binary]'s changelog.

.. currentmodule:: psycopg

.. index:: single: Release notes single: News

psycopg release notes

Future releases

Psycopg 3.3.4 (unreleased) ^^^^^^^^^^^^^^^^^^^^^^^^^^

Fix possible spurious connection timeout in systems with very long uptimes in C extension (:ticket:[#1280](https://github.com/psycopg/psycopg/issues/1280)).

Current release

Psycopg 3.3.3 ^^^^^^^^^^^^^

Retain Error.pgconn when raising a single exception for multiple connection attempt errors (:ticket:[#1246](https://github.com/psycopg/psycopg/issues/1246)).

Return a proper error when server sends ErrorResponse for a Sync after a Parse (:ticket:[#1260](https://github.com/psycopg/psycopg/issues/1260)).

Psycopg 3.3.2 ^^^^^^^^^^^^^

Fix race condition in adapters at startup (:ticket:[#1230](https://github.com/psycopg/psycopg/issues/1230)).

Psycopg 3.3.1 ^^^^^^^^^^^^^

Fix iteration on server-side cursors (:ticket:[#1226](https://github.com/psycopg/psycopg/issues/1226)).

Psycopg 3.3.0

.. rubric:: New top-level features

Add :ref:template strings queries \<template-strings> (:ticket:[#1054](https://github.com/psycopg/psycopg/issues/1054)).

More flexible :ref:composite adaptation<adapt-composite>: it is now possible

... (truncated)

Commits

1a8f65a chore: bump psycopg package version to 3.3.3
db3c435 Merge pull request #1260 from ggevay/sync-error-fix
0237586 Fix ValueError when server sends ErrorResponse during Sync after Parse
cb97ef7 docs: fix typos
09c8918 Merge pull request #1256 from veeceey/fix/tstrings-error-msg-and-docs-improve...
9e74d96 fix: fix error message incorrectly generated by Claude AI
0db9d8b fix: correct typo in tstrings error message and fix sql.rst docs
86a0e1b chore(deps): bump pypa/cibuildwheel in the actions group
f5d90fa Merge pull request #1233 from lysnikolaou/pgconn-critical-section
d7dc6c7 Merge critical section and nogil blocks into one context manager
Additional commits viewable in compare view

Updates pydantic-settings from 2.12.0 to 2.13.1

Release notes

Sourced from pydantic-settings's releases.

v2.13.0

What's Changed

fix: Deterministic alias selection when using validate_by_name by @chbndrhnns in pydantic/pydantic-settings#707

add deep merge functionality to config file sources by @pmeier in pydantic/pydantic-settings#698

Add support for AWS Secrets Manager VersionId parameter by @jcyamacho in pydantic/pydantic-settings#708

bugfix: Return None for inaccessible GCP Secret Manager secrets by @zaphod72 in pydantic/pydantic-settings#712

Bugfix for cli_kebab_case="all" and CliImplicitFlag[bool] by @Digity101 in pydantic/pydantic-settings#702

Unpack type alisases when looking for NoDecode by @tselepakis in pydantic/pydantic-settings#695

CliToggleFlag and CliDualFlag by @kschwab in pydantic/pydantic-settings#717

Fix for CLI duplicate enum field values. by @kschwab in pydantic/pydantic-settings#722

fixed load nested config from env by @Sube-py in pydantic/pydantic-settings#723

Add non-Path files support (for example Traversable) and open files using Path.open method by @mahenzon in pydantic/pydantic-settings#724

add one more traversable test by @mahenzon in pydantic/pydantic-settings#725

CLI fix fox external list args. by @kschwab in pydantic/pydantic-settings#727

fix: handle case-insensitive retrieval in GoogleSecretManagerSettingsSource by @ezwiefel in pydantic/pydantic-settings#730

CLI test fixes for help text formatting. by @kschwab in pydantic/pydantic-settings#735

Avoid conflicts with the NAME environment variable in WSL by @kzrnm in pydantic/pydantic-settings#747

fix: When restoring init kwargs, use deterministic order by @chbndrhnns in pydantic/pydantic-settings#746

Add env_prefix_target by @kzrnm in pydantic/pydantic-settings#749

Remove (default: …) in the help message for CliToggleFlag by @kzrnm in pydantic/pydantic-settings#740

Add support for CLI serialize styles. by @kschwab in pydantic/pydantic-settings#755

Add support for overriding default help on CLI internal parser. by @kschwab in pydantic/pydantic-settings#758

CLI format_help method support by @kschwab in pydantic/pydantic-settings#759

feat(gcp): support SecretVersion annotation for per-field secret versioning by @ezwiefel in pydantic/pydantic-settings#763

Allow snake_case_conversion with env_prefix for Azure Key Vault source by @cstarkers in pydantic/pydantic-settings#762

fix: Only override preferred_key when no value was found by @chbndrhnns in pydantic/pydantic-settings#767

Update deps by @hramezani in pydantic/pydantic-settings#768

CLI coerce numeric types. by @kschwab in pydantic/pydantic-settings#769

CLI Union Discriminator Choices in Help by @kschwab in pydantic/pydantic-settings#764

Add nested path support for yaml_config_section (fixes #772) by @hugo-romero-mm in pydantic/pydantic-settings#773

Prepare release 2.13.0 by @hramezani in pydantic/pydantic-settings#777

New Contributors

@pmeier made their first contribution in pydantic/pydantic-settings#698

@jcyamacho made their first contribution in pydantic/pydantic-settings#708

@zaphod72 made their first contribution in pydantic/pydantic-settings#712

@Digity101 made their first contribution in pydantic/pydantic-settings#702

@Sube-py made their first contribution in pydantic/pydantic-settings#723

@mahenzon made their first contribution in pydantic/pydantic-settings#724

@kzrnm made their first contribution in pydantic/pydantic-settings#747

@cstarkers made their first contribution in pydantic/pydantic-settings#762

@hugo-romero-mm made their first contribution in pydantic/pydantic-settings#773

Full Changelog: pydantic/pydantic-settings@v2.12.0...v2.13.0

Commits

e87d12d v2.13.1 (#790)
acf8c14 Fix JSON decoding for parameterized PEP 695 type aliases (#780)
58b236a Fix AttributeError with nested env vars for dict fields (#785) (#786)
4933f06 Fix CLI parsing error for set field types since 2.13.0 (#787) (#788)
bd0ebe6 Fix RecursionError with self-referential models in CliApp (#783)
eb7840e Fix regression for bool fields since 2.13.0 (#784)
198e71c Prepare release 2.13.0 (#777)
de71e84 Add nested path support for yaml_config_section (fixes #772) (#773)
0f8f951 CLI Union Discriminator Choices in Help (#764)
ce9804c CLI coerce numeric types. (#769)
Additional commits viewable in compare view

Updates orjson from 3.11.7 to 3.11.8

Release notes

Sourced from orjson's releases.

3.11.8

Changed

Build and compatibility improvements.

Changelog

Sourced from orjson's changelog.

3.11.8 - 2026-03-31

Changed

Build and compatibility improvements.

Commits

5cbb3d0 3.11.8
4195d7f writer::half
d00641b writer::uuid
c84d9b4 build and compatibility misc
4547234 ffi::numpy
0d4a5ad datetime PyRef idiom
e93a13d Cross-compile avoids maturin v1.12 build-details.json error
See full diff in compare view

Updates python-dotenv from 1.2.1 to 1.2.2

Release notes

Sourced from python-dotenv's releases.

v1.2.2

Added

Support for Python 3.14, including the free-threaded (3.14t) build. (#)

Changed

The dotenv run command now forwards flags directly to the specified command by @bbc2 in theskumar/python-dotenv#607

Improved documentation clarity regarding override behavior and the reference page.

Updated PyPy support to version 3.11.

Documentation for FIFO file support.

Support for Python 3.9.

Fixed

Improved set_key and unset_key behavior when interacting with symlinks by @bbc2 in #790c5

Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by @JYOuyang in theskumar/python-dotenv#590

Breaking Changes

dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Misc

skip 000 permission tests for root user by @burnout-projects in theskumar/python-dotenv#561

Bump actions/checkout from 5 to 6 in the github-actions group by @dependabot[bot] in theskumar/python-dotenv#593

Add Windows testing to CI by @bbc2 in theskumar/python-dotenv#604

Improve workflow efficiency with best practices by @theskumar in theskumar/python-dotenv#609

Remove the use of sh in tests by @bbc2 in theskumar/python-dotenv#612

New Contributors

@JYOuyang made their first contribution in theskumar/python-dotenv#590

@burnout-projects made their first contribution in theskumar/python-dotenv#561

@cpackham-atlnz made their first contribution in theskumar/python-dotenv#597

Full Changelog: theskumar/python-dotenv@v1.2.1...v1.2.2

Changelog

Sourced from python-dotenv's changelog.

[1.2.2] - 2026-03-01

Added

Support for Python 3.14, including the free-threaded (3.14t) build. (#588)

Changed

The dotenv run command now forwards flags directly to the specified command by [@bbc2] in #607

Improved documentation clarity regarding override behavior and the reference page.

Updated PyPy support to version 3.11.

Documentation for FIFO file support.

Dropped Support for Python 3.9.

Fixed

Improved set_key and unset_key behavior when interacting with symlinks by [@bbc2] in [790c5c0]

Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@JYOuyang] in #590

Breaking Changes

dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Commits

36004e0 Bump version: 1.2.1 → 1.2.2
eb20252 docs: update changelog for v1.2.2
790c5c0 Merge commit from fork
43340da Remove the use of sh in tests (#612)
09d7cee docs: clarify override behavior and document FIFO support (#610)
c8de288 ci: improve workflow efficiency with best practices (#609)
7bd9e3d Add Windows testing to CI (#604)
1baaf04 Drop Python 3.9 support and update to PyPy 3.11 (#608)
4a22cf8 ci: enable testing on Python 3.14t (free-threaded) (#588)
e2e8e77 Fix license specifier (#597)
Additional commits viewable in compare view

Updates greenlet from 3.3.1 to 3.3.2

Changelog

Sourced from greenlet's changelog.

3.3.2 (2026-02-20)

Fix a crash on Python 3.10 if there are active greenlets during interpreter shutdown. See PR 495 <https://github.com/python-greenlet/greenlet/pull/495>_ by Nicolas Bouvrette.

Commits

a62f331 Preparing release 3.3.2
c73a2c6 Pull in change note for 3.2.5
4eb47c8 test_untracked_memory_doesnt_increase_unfinished_thread_dealloc_in_main: A ch...
53ac405 Add change note for #495
d5b8515 Merge pull request #495 from nbouvrette/fix/safe-finalization-py310
e0625d7 Merge pull request #494 from daniel7an/fix/issue-492-spdx-license
292e126 Fix SIGSEGV/SIGABRT during interpreter shutdown on Python < 3.11
77e65f0 Fix SPDX license identifier: Python-2.0 → PSF-2.0
d4606ef leak tests: do a better job skipping if uss isn't available. Fixes #485
74a11b8 Back to development: 3.3.2
See full diff in compare view

Updates authlib from 1.6.7 to 1.6.9

Release notes

Sourced from authlib's releases.

v1.6.9

Full Changelog: authlib/authlib@v1.6.8...v1.6.9

Changes in jose module

Not using header's jwk automatically

Add ES256K into default jwt algorithms

Remove deprecated algorithm from default registry

Generate random cek when cek length doesn't match

v1.6.8

Full Changelog: authlib/authlib@v1.6.7...v1.6.8

Add EdDSA to default jwt instance.

Commits

9266eaa chore: release 1.6.9
b9bb2b2 fix(oidc): fail close at validating c_hash and at_hash
1b0a1d9 fix(jose): generate random cek when cek length doesn't match
5be3c51 fix(jose): add ES256K into default jwt algorithms
48b345f fix(jose): remove deprecated algorithm from default registry
a5d4b2d fix(jose): do not use header's jwk automatically
a769f34 chore: release 1.6.8
84f3fa2 fix: add EdDSA to default jwt algorithms
See full diff in compare view

Updates sse-starlette from 3.2.0 to 3.3.4

Release notes

Sourced from sse-starlette's releases.

v3.3.4

What's Changed

chore(deps): bump cbor2 from 5.8.0 to 5.9.0 by @dependabot[bot] in sysid/sse-starlette#177

chore(deps): bump ujson from 5.11.0 to 5.12.0 by @dependabot[bot] in sysid/sse-starlette#176

chore(deps): bump requests from 2.32.5 to 2.33.0 by @dependabot[bot] in sysid/sse-starlette#178

chore(deps): bump cryptography from 46.0.5 to 46.0.6 by @dependabot[bot] in sysid/sse-starlette#179

Full Changelog: sysid/sse-starlette@v3.3.3...v3.3.4

v3.3.3

What's Changed

chore(deps): bump astral-sh/setup-uv from 6 to 7 by @dependabot[bot] in sysid/sse-starlette#172

chore(deps): bump pyopenssl from 25.3.0 to 26.0.0 by @dependabot[bot] in sysid/sse-starlette#174

chore(deps): bump pyasn1 from 0.6.2 to 0.6.3 by @dependabot[bot] i...
Description has been truncated

…updates Bumps the uv-minor-patch group with 18 updates in the /backend directory: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.7` | `0.135.3` | | [uvicorn[standard]](https://github.com/Kludex/uvicorn) | `0.40.0` | `0.43.0` | | [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.46` | `2.0.49` | | [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.38.1` | `1.39.0` | | [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.2` | `1.25.3` | | [psycopg[binary]](https://github.com/psycopg/psycopg) | `3.3.2` | `3.3.3` | | [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.12.0` | `2.13.1` | | [orjson](https://github.com/ijl/orjson) | `3.11.7` | `3.11.8` | | [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` | | [greenlet](https://github.com/python-greenlet/greenlet) | `3.3.1` | `3.3.2` | | [authlib](https://github.com/authlib/authlib) | `1.6.7` | `1.6.9` | | [sse-starlette](https://github.com/sysid/sse-starlette) | `3.2.0` | `3.3.4` | | [typer](https://github.com/fastapi/typer) | `0.21.2` | `0.24.1` | | [uv](https://github.com/astral-sh/uv) | `0.10.2` | `0.11.3` | | [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `7.0.0` | `7.1.0` | | [mypy](https://github.com/python/mypy) | `1.19.1` | `1.20.0` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.9` | | [openapi-spec-validator](https://github.com/python-openapi/openapi-spec-validator) | `0.7.2` | `0.8.4` | Updates `fastapi` from 0.128.7 to 0.135.3 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.7...0.135.3) Updates `uvicorn[standard]` from 0.40.0 to 0.43.0 - [Release notes](https://github.com/Kludex/uvicorn/releases) - [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md) - [Commits](Kludex/uvicorn@0.40.0...0.43.0) Updates `sqlalchemy` from 2.0.46 to 2.0.49 - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) Updates `azure-core` from 1.38.1 to 1.39.0 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-core_1.38.1...azure-core_1.39.0) Updates `azure-identity` from 1.25.2 to 1.25.3 - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.2...azure-identity_1.25.3) Updates `psycopg[binary]` from 3.3.2 to 3.3.3 - [Changelog](https://github.com/psycopg/psycopg/blob/master/docs/news.rst) - [Commits](psycopg/psycopg@3.3.2...3.3.3) Updates `pydantic-settings` from 2.12.0 to 2.13.1 - [Release notes](https://github.com/pydantic/pydantic-settings/releases) - [Commits](pydantic/pydantic-settings@v2.12.0...v2.13.1) Updates `orjson` from 3.11.7 to 3.11.8 - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.7...3.11.8) Updates `python-dotenv` from 1.2.1 to 1.2.2 - [Release notes](https://github.com/theskumar/python-dotenv/releases) - [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md) - [Commits](theskumar/python-dotenv@v1.2.1...v1.2.2) Updates `greenlet` from 3.3.1 to 3.3.2 - [Changelog](https://github.com/python-greenlet/greenlet/blob/master/CHANGES.rst) - [Commits](python-greenlet/greenlet@3.3.1...3.3.2) Updates `authlib` from 1.6.7 to 1.6.9 - [Release notes](https://github.com/authlib/authlib/releases) - [Commits](authlib/authlib@v1.6.7...v1.6.9) Updates `sse-starlette` from 3.2.0 to 3.3.4 - [Release notes](https://github.com/sysid/sse-starlette/releases) - [Commits](sysid/sse-starlette@v3.2.0...v3.3.4) Updates `typer` from 0.21.2 to 0.24.1 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.21.2...0.24.1) Updates `uv` from 0.10.2 to 0.11.3 - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.10.2...0.11.3) Updates `pytest-cov` from 7.0.0 to 7.1.0 - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](pytest-dev/pytest-cov@v7.0.0...v7.1.0) Updates `mypy` from 1.19.1 to 1.20.0 - [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) - [Commits](python/mypy@v1.19.1...v1.20.0) Updates `ruff` from 0.14.14 to 0.15.9 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.14.14...0.15.9) Updates `openapi-spec-validator` from 0.7.2 to 0.8.4 - [Release notes](https://github.com/python-openapi/openapi-spec-validator/releases) - [Commits](python-openapi/openapi-spec-validator@0.7.2...0.8.4) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.135.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uvicorn[standard] dependency-version: 0.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: sqlalchemy dependency-version: 2.0.49 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: azure-core dependency-version: 1.39.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: azure-identity dependency-version: 1.25.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: psycopg[binary] dependency-version: 3.3.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: pydantic-settings dependency-version: 2.13.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: orjson dependency-version: 3.11.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: python-dotenv dependency-version: 1.2.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: greenlet dependency-version: 3.3.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: authlib dependency-version: 1.6.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: uv-minor-patch - dependency-name: sse-starlette dependency-version: 3.3.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: typer dependency-version: 0.24.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: uv dependency-version: 0.11.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: pytest-cov dependency-version: 7.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: mypy dependency-version: 1.20.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: ruff dependency-version: 0.15.9 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch - dependency-name: openapi-spec-validator dependency-version: 0.8.4 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: uv-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-04-11T11:25:20Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 4, 2026

github-actions bot approved these changes Apr 4, 2026

View reviewed changes

dependabot bot closed this Apr 11, 2026

dependabot bot deleted the dependabot/uv/backend/development/uv-minor-patch-aa9fc16d27 branch April 11, 2026 11:25

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps(deps): bump the uv-minor-patch group across 1 directory with 18 updates#366

deps(deps): bump the uv-minor-patch group across 1 directory with 18 updates#366
dependabot[bot] wants to merge 1 commit intodevelopmentfrom
dependabot/uv/backend/development/uv-minor-patch-aa9fc16d27

dependabot bot commented on behalf of github Apr 4, 2026 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Apr 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Apr 4, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

0.135.3

Features

Docs

Internal

0.135.2

Upgrades

Docs

Translations

Version 0.43.0

Changed

Version 0.42.0

Changed

Fixed

New Contributors

Version 0.41.0

Added

Changed

Fixed

New Contributors

0.43.0 (April 3, 2026)

Changed

0.42.0 (March 16, 2026)

Changed

Fixed

0.41.0 (February 16, 2026)

Added

Changed

Fixed

2.0.49

orm

typing

azure-core_1.39.0

1.39.0 (2026-03-18)

Breaking Changes

azure-core_1.38.3

1.38.3 (2026-03-12)

Bugs Fixed

Other Changes

azure-identity_1.25.3

1.25.3 (2026-03-12)

Bugs Fixed

Other Changes

psycopg release notes

Future releases

Current release

Psycopg 3.3.0

v2.13.0

What's Changed

New Contributors

3.11.8

Changed

3.11.8 - 2026-03-31

Changed

v1.2.2

Added

Changed

Fixed

Breaking Changes

Misc

New Contributors

[1.2.2] - 2026-03-01

Added

Changed

Fixed

Breaking Changes

3.3.2 (2026-02-20)

v1.6.9

Changes in jose module

v1.6.8

v3.3.4

What's Changed

v3.3.3

What's Changed

Uh oh!

dependabot bot commented on behalf of github Apr 11, 2026

Uh oh!

Reviewers

dependabot bot commented on behalf of github Apr 4, 2026 •

edited

Loading

`psycopg` release notes

Changes in `jose` module