Skip to content

chore(deps)(deps): bump the python-minor group across 1 directory with 11 updates#28

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/back-end/python-minor-21919842cb
Open

chore(deps)(deps): bump the python-minor group across 1 directory with 11 updates#28
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/back-end/python-minor-21919842cb

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Feb 2, 2026
edited
Loading

Bumps the python-minor group with 11 updates in the /back-end directory:

Package From To
fastapi 0.115.6 0.128.0
uvicorn[standard] 0.34.0 0.40.0
sqlalchemy 2.0.36 2.0.46
alembic 1.14.0 1.18.3
pymysql 1.1.1 1.1.2
pydantic 2.10.4 2.12.5
pydantic-settings 2.7.1 2.12.0
email-validator 2.2.0 2.3.0
pyjwt[crypto] 2.10.1 2.11.0
python-multipart 0.0.20 0.0.22
python-dotenv 1.0.1 1.2.1

Updates fastapi from 0.115.6 to 0.128.0

Release notes

Sourced from fastapi's releases.

0.128.0

Breaking Changes

Internal

0.127.1

Refactors

Docs

Translations

Internal

0.127.0

Breaking Changes

Translations

  • 🔧 Add LLM prompt file for Korean, generated from the existing translations. PR #14546 by @​tiangolo.
  • 🔧 Add LLM prompt file for Japanese, generated from the existing translations. PR #14545 by @​tiangolo.

Internal

0.126.0

Upgrades

  • ➖ Drop support for Pydantic v1, keeping short temporary support for Pydantic v2's pydantic.v1. PR #14575 by @​tiangolo.

... (truncated)

Commits

Updates uvicorn[standard] from 0.34.0 to 0.40.0

Release notes

Sourced from uvicorn[standard]'s releases.

Version 0.40.0

What's Changed

Full Changelog: Kludex/uvicorn@0.39.0...0.40.0

Version 0.39.0

What's Changed

New Contributors

Full Changelog: Kludex/uvicorn@0.38.0...0.39.0

Version 0.38.0

What's Changed

New Contributors

Full Changelog: Kludex/uvicorn@0.37.0...0.38.0

Version 0.37.0

What's Changed

New Contributors

Full Changelog: Kludex/uvicorn@0.36.1...0.37.0

Version 0.36.1

What's Changed

Full Changelog: Kludex/uvicorn@0.36.0...0.36.1

Version 0.36.0

Added

... (truncated)

Changelog

Sourced from uvicorn[standard]'s changelog.

0.40.0 (December 21, 2025)

Remove

  • Drop support for Python 3.9 (#2772)

0.39.0 (December 21, 2025)

Fixed

  • Send close frame on ASGI return for WebSockets (#2769)
  • Explicitly start ASGI run with empty context (#2742)

0.38.0 (October 18, 2025)

Added

  • Support Python 3.14 (#2723)

0.37.0 (September 23, 2025)

Added

  • Add --timeout-worker-healthcheck option (#2711)
  • Add os.PathLike[str] type to ssl_ca_certs (#2676)

0.36.1 (September 23, 2025)

Fixed

  • Raise an exception when calling removed Config.setup_event_loop() (#2709)

0.36.0 (September 20, 2025)

Added

  • Support custom IOLOOPs (#2435)
  • Allow to provide importable string in --http, --ws and --loop (#2658)

0.35.0 (June 28, 2025)

Added

  • Add WebSocketsSansIOProtocol (#2540)

Changed

  • Refine help message for option --proxy-headers (#2653)

0.34.3 (June 1, 2025)

... (truncated)

Commits

Updates sqlalchemy from 2.0.36 to 2.0.46

Release notes

Sourced from sqlalchemy's releases.

2.0.46

Released: January 21, 2026

typing

  • [typing] [bug] Fixed typing issues where ORM mapped classes and aliased entities could not be used as keys in result row mappings or as join targets in select statements. Patterns such as row._mapping[User], row._mapping[aliased(User)], row._mapping[with_polymorphic(...)] (rejected by both mypy and Pylance), and .join(aliased(User)) (rejected by Pylance) are documented and fully supported at runtime but were previously rejected by type checkers. The type definitions for _KeyType and _FromClauseArgument have been updated to accept these ORM entity types.

    References: #13075

postgresql

  • [postgresql] [bug] Fixed issue where PostgreSQL JSONB operators _postgresql.JSONB.Comparator.path_match() and _postgresql.JSONB.Comparator.path_exists() were applying incorrect VARCHAR casts to the right-hand side operand when used with newer PostgreSQL drivers such as psycopg. The operators now indicate the right-hand type as JSONPATH, which currently results in no casting taking place, but is also compatible with explicit casts if the implementation were require it at a later point.

    References: #13059

  • [postgresql] [bug] Fixed regression in PostgreSQL dialect where JSONB subscription syntax would generate incorrect SQL for cast() expressions returning JSONB, causing syntax errors. The dialect now properly wraps cast expressions in parentheses when using the [] subscription syntax, generating (CAST(...))[index] instead of CAST(...)[index] to comply with PostgreSQL syntax requirements. This extends the fix from #12778 which addressed the same issue for function calls.

    References: #13067

  • [postgresql] [bug] Improved the foreign key reflection regular expression pattern used by the PostgreSQL dialect to be more permissive in matching identifier characters, allowing it to correctly handle unicode characters in table and column names. This change improves compatibility with PostgreSQL variants such as CockroachDB that may use different quoting patterns in combination with unicode characters in their identifiers. Pull request courtesy Gord Thompson.

... (truncated)

Commits

Updates alembic from 1.14.0 to 1.18.3

Release notes

Sourced from alembic's releases.

1.18.3

Released: January 29, 2026

bug

  • [bug] [autogenerate] Fixed regression in version 1.18.0 due to #1771 where autogenerate would raise NoReferencedTableError when a foreign key constraint referenced a table that was not part of the initial table load, including tables filtered out by the EnvironmentContext.configure.include_name callable or tables in remote schemas that were not included in the initial reflection run.

    The change in #1771 was a performance optimization that eliminated additional reflection queries for tables that were only referenced by foreign keys but not explicitly included in the main reflection run. However, this optimization inadvertently removed the creation of Table objects for these referenced tables, causing autogenerate to fail when processing foreign key constraints that pointed to them.

    The fix creates placeholder Table objects for foreign key targets that are not reflected, allowing the autogenerate comparison to proceed without error while maintaining the performance improvement from #1771. When multiple foreign keys reference different columns in the same filtered table, the placeholder table accumulates all necessary columns. These placeholder tables may be visible when using the EnvironmentContext.configure.include_object callable to inspect ForeignKeyConstraint objects; they will have the name, schema and basic column information for the relevant columns present.

    References: #1787

  • [bug] [general] Fixed regression caused by #1669 which requires SQLAlchemy objects to support generic type subscripting; for the older SQLAlchemy 1.4 series, this requires version 1.4.23. Changed the minimum requirements to require version 1.4.23 rather than 1.4.0.

    References: #1788

1.18.2

Released: January 28, 2026

usecase

  • [usecase] [operations] The primary_key parameter on Column is now honored when Operations.add_column() is used, and will emit the "PRIMARY KEY" keyword inline within the ADD COLUMN directive. This is strictly a syntax

... (truncated)

Commits

Updates pymysql from 1.1.1 to 1.1.2

Release notes

Sourced from pymysql's releases.

v1.1.2

What's Changed

New Contributors

Full Changelog: PyMySQL/PyMySQL@v1.1.1...v1.1.2

Changelog

Sourced from pymysql's changelog.

v1.1.2

Release date: 2025-08-24

Commits

Updates pydantic from 2.10.4 to 2.12.5

Release notes

Sourced from pydantic's releases.

v2.12.5 2025-11-26

v2.12.5 (2025-11-26)

This is the fifth 2.12 patch release, addressing an issue with the MISSING sentinel and providing several documentation improvements.

The next 2.13 minor release will be published in a couple weeks, and will include a new polymorphic serialization feature addressing the remaining unexpected changes to the serialize as any behavior.

  • Fix pickle error when using model_construct() on a model with MISSING as a default value by @​ornariece in #12522.
  • Several updates to the documentation by @​Viicos.

Full Changelog: pydantic/pydantic@v2.12.4...v2.12.5

v2.12.4 2025-11-05

v2.12.4 (2025-11-05)

This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.

This patch release also fixes an issue with the serialization of IP address types, when serialize_as_any is used. The next patch release will try to address the remaining issues with serialize as any behavior by introducing a new polymorphic serialization feature, that should be used in most cases in place of serialize as any.

Full Changelog: pydantic/pydantic@v2.12.3...v2.12.4

v2.12.3 2025-10-17

v2.12.3 (2025-10-17)

What's Changed

This is the third 2.13 patch release, fixing issues related to the FieldInfo class, and reverting a change to the supported after model validator function signatures.

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.12.5 (2025-11-26)

GitHub release

This is the fifth 2.12 patch release, addressing an issue with the MISSING sentinel and providing several documentation improvements.

The next 2.13 minor release will be published in a couple weeks, and will include a new polymorphic serialization feature addressing the remaining unexpected changes to the serialize as any behavior.

  • Fix pickle error when using model_construct() on a model with MISSING as a default value by @​ornariece in #12522.
  • Several updates to the documentation by @​Viicos.

v2.12.4 (2025-11-05)

GitHub release

This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.

This patch release also fixes an issue with the serialization of IP address types, when serialize_as_any is used. The next patch release will try to address the remaining issues with serialize as any behavior by introducing a new polymorphic serialization feature, that should be used in most cases in place of serialize as any.

v2.12.3 (2025-10-17)

GitHub release

... (truncated)

Commits
  • bd2d0dd Prepare release v2.12.5
  • 7d0302e Document security implications when using create_model()
  • e9ef980 Fix typo in Standard Library Types documentation
  • f2c20c0 Add pydantic-docs dev dependency, make use of versioning blocks
  • a76c1aa Update documentation about JSON Schema
  • 8cbc72c Add documentation about custom __init__()
  • 99eba59 Add additional test for FieldInfo.get_default()
  • c710769 Special case MISSING sentinel in smart_deepcopy()
  • 20a9d77 Do not delete mock validator/serializer in rebuild_dataclass()
  • c86515a Update parts of the model and revalidate_instances documentation
  • Additional commits viewable in compare view

Updates pydantic-settings from 2.7.1 to 2.12.0

Release notes

Sourced from pydantic-settings's releases.

v2.12.0

What's Changed

New Contributors

Full Changelog: pydantic/pydantic-settings@v2.11.0...v2.12.0

v2.11.0

What's Changed

New Contributors

Full Changelog: pydantic/pydantic-settings@2.10.1...v2.11.0

v2.10.1

What's Changed

... (truncated)

Commits

Updates email-validator from 2.2.0 to 2.3.0

Release notes

Sourced from email-validator's releases.

v2.3.0

  • The package name is changed from using an underscore (email_validator) to a dash (email-validator) to match PyPi's normalized package name.
  • The library no longer checks that the local part is at most 64 characters because a more careful reading of RFC 5321 indicates the limit is optional and such email addresses have been found in the wild. However the check can be restored using a new strict=True parameter, and the overall 254 character email address length limit is still in place.
  • New EmailSyntaxError messages are used for some exiting syntax errors related to @-sign homoglyphs and invalid characters in internationalized domains.
  • When using allow_display_name=True, display names are now returned with Unicode NFC normalization.
  • TypeError is now raised if something other than str (or bytes) is passed as the email address.
Changelog

Sourced from email-validator's changelog.

2.3.0 (August 26, 2025)

  • The package name is changed from using an underscore (email_validator) to a dash (email-validator) to match PyPi's normalized package name.
  • The library no longer checks that the local part is at most 64 characters because a more careful reading of RFC 5321 indicates the limit is optional and such email addresses have been found in the wild. However the check can be restored using a new strict=True parameter, and the overall 254 character email address length limit is still in place.
  • New EmailSyntaxError messages are used for some exiting syntax errors related to @-sign homoglyphs and invalid characters in internationalized domains.
  • When using allow_display_name=True, display names are now returned with Unicode NFC normalization.
  • TypeError is now raised if something other than str (or bytes) is passed as the email address.
Commits
  • 030a63a Version 2.3.0
  • e943a0f Raise TypeError when an invalid argument is passed for email, closes #155
  • f90d256 Remove local part length check unless new strict flag is given, fixes #158
  • 98800ba Add explicit checks for internationalized domain name characters invalid unde...
  • 936aead Fix final syntax checks on normalized internationalized domains checking the ...
  • 8043de4 NFC-normalize display names per UTS #39
  • bc08faa Add one-off error messages for full-width-at and small-commercial-at which ar...
  • a1c90ab Split exceptions_types.py into exceptions.py and types.py
  • dbcf07c Change package name from using underscore to dash to match PyPi normalized pa...
  • 7c22208 Support ALLOW_DISPLAY_NAME and ALLOW_EMPTY_LOCAL in the CLI (#145)
  • Additional commits viewable in compare view

Updates pyjwt[crypto] from 2.10.1 to 2.11.0

Release notes

Sourced from pyjwt[crypto]'s releases.

2.11.0

What's Changed

@dependabot
chore(deps)(deps): bump the python-minor group across 1 directory wit…
ae43629 
…h 11 updates

Bumps the python-minor group with 11 updates in the /back-end directory:

| Package | From | To |
| --- | --- | --- |
| [fastapi](https://github.com/fastapi/fastapi) | `0.115.6` | `0.128.0` |
| [uvicorn[standard]](https://github.com/Kludex/uvicorn) | `0.34.0` | `0.40.0` |
| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.36` | `2.0.46` |
| [alembic](https://github.com/sqlalchemy/alembic) | `1.14.0` | `1.18.3` |
| [pymysql](https://github.com/PyMySQL/PyMySQL) | `1.1.1` | `1.1.2` |
| [pydantic](https://github.com/pydantic/pydantic) | `2.10.4` | `2.12.5` |
| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.7.1` | `2.12.0` |
| [email-validator](https://github.com/JoshData/python-email-validator) | `2.2.0` | `2.3.0` |
| [pyjwt[crypto]](https://github.com/jpadilla/pyjwt) | `2.10.1` | `2.11.0` |
| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.22` |
| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.1` |



Updates `fastapi` from 0.115.6 to 0.128.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.115.6...0.128.0)

Updates `uvicorn[standard]` from 0.34.0 to 0.40.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.34.0...0.40.0)

Updates `sqlalchemy` from 2.0.36 to 2.0.46
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

Updates `alembic` from 1.14.0 to 1.18.3
- [Release notes](https://github.com/sqlalchemy/alembic/releases)
- [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES)
- [Commits](https://github.com/sqlalchemy/alembic/commits)

Updates `pymysql` from 1.1.1 to 1.1.2
- [Release notes](https://github.com/PyMySQL/PyMySQL/releases)
- [Changelog](https://github.com/PyMySQL/PyMySQL/blob/main/CHANGELOG.md)
- [Commits](PyMySQL/PyMySQL@v1.1.1...v1.1.2)

Updates `pydantic` from 2.10.4 to 2.12.5
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v2.10.4...v2.12.5)

Updates `pydantic-settings` from 2.7.1 to 2.12.0
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@v2.7.1...v2.12.0)

Updates `email-validator` from 2.2.0 to 2.3.0
- [Release notes](https://github.com/JoshData/python-email-validator/releases)
- [Changelog](https://github.com/JoshData/python-email-validator/blob/main/CHANGELOG.md)
- [Commits](JoshData/python-email-validator@v2.2.0...v2.3.0)

Updates `pyjwt[crypto]` from 2.10.1 to 2.11.0
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](jpadilla/pyjwt@2.10.1...2.11.0)

Updates `python-multipart` from 0.0.20 to 0.0.22
- [Release notes](https://github.com/Kludex/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md)
- [Commits](Kludex/python-multipart@0.0.20...0.0.22)

Updates `python-dotenv` from 1.0.1 to 1.2.1
- [Release notes](https://github.com/theskumar/python-dotenv/releases)
- [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md)
- [Commits](theskumar/python-dotenv@v1.0.1...v1.2.1)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.128.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: uvicorn[standard]
  dependency-version: 0.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: sqlalchemy
  dependency-version: 2.0.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: alembic
  dependency-version: 1.18.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: pymysql
  dependency-version: 1.1.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: pydantic
  dependency-version: 2.12.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: pydantic-settings
  dependency-version: 2.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: email-validator
  dependency-version: 2.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: pyjwt[crypto]
  dependency-version: 2.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: python-multipart
  dependency-version: 0.0.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: python-dotenv
  dependency-version: 1.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Feb 2, 2026

Labels

The following labels could not be found: dependencias, python, seguridad. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages Bot commented Feb 2, 2026
edited
Loading

Deploying elvis with  Cloudflare Pages  Cloudflare Pages

Latest commit: ae43629
Status: ✅  Deploy successful!
Preview URL: https://0261ad96.elvis-8g8.pages.dev
Branch Preview URL: https://dependabot-pip-back-end-pyth.elvis-8g8.pages.dev

View logs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants