Skip to content

pip-deps: bump the all group with 9 updates#46

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/all-00bdb04e4a
Closed

pip-deps: bump the all group with 9 updates#46
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/all-00bdb04e4a

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 13, 2026
edited
Loading

Updates the requirements on alembic, fastapi, pydantic, rich, sqlalchemy, psycopg2-binary, strawberry-graphql, typer and uvicorn to permit the latest version.
Updates alembic to 1.18.4

Release notes

Sourced from alembic's releases.

1.18.4

Released: February 10, 2026

bug

  • [bug] [operations] Reverted the behavior of Operations.add_column() that would automatically render the "PRIMARY KEY" keyword inline when a Column with primary_key=True is added. The automatic behavior, added in version 1.18.2, is now opt-in via the new Operations.add_column.inline_primary_key parameter. This change restores the ability to render a PostgreSQL SERIAL column, which is required to be primary_key=True, while not impacting the ability to render a separate primary key constraint. This also provides consistency with the Operations.add_column.inline_references parameter and gives users explicit control over SQL generation.

    To render PRIMARY KEY inline, use the Operations.add_column.inline_primary_key parameter set to True:

    op.add_column( "my_table", Column("id", Integer, primary_key=True), inline_primary_key=True )References: #1232

Commits

Updates fastapi to 0.135.3

Release notes

Sourced from fastapi's releases.

0.135.3

Features

Docs

  • ✏️ Fix typo for client_secret in OAuth2 form docstrings. PR #14946 by @​bysiber.

Internal

Commits

Updates pydantic to 2.12.5

Release notes

Sourced from pydantic's releases.

v2.12.5 2025-11-26

v2.12.5 (2025-11-26)

This is the fifth 2.12 patch release, addressing an issue with the MISSING sentinel and providing several documentation improvements.

The next 2.13 minor release will be published in a couple weeks, and will include a new polymorphic serialization feature addressing the remaining unexpected changes to the serialize as any behavior.

  • Fix pickle error when using model_construct() on a model with MISSING as a default value by @​ornariece in #12522.
  • Several updates to the documentation by @​Viicos.

Full Changelog: pydantic/pydantic@v2.12.4...v2.12.5

Changelog

Sourced from pydantic's changelog.

v2.12.5 (2025-11-26)

GitHub release

This is the fifth 2.12 patch release, addressing an issue with the MISSING sentinel and providing several documentation improvements.

The next 2.13 minor release will be published in a couple weeks, and will include a new polymorphic serialization feature addressing the remaining unexpected changes to the serialize as any behavior.

  • Fix pickle error when using model_construct() on a model with MISSING as a default value by @​ornariece in #12522.
  • Several updates to the documentation by @​Viicos.

v2.12.4 (2025-11-05)

GitHub release

This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.

This patch release also fixes an issue with the serialization of IP address types, when serialize_as_any is used. The next patch release will try to address the remaining issues with serialize as any behavior by introducing a new polymorphic serialization feature, that should be used in most cases in place of serialize as any.

v2.12.3 (2025-10-17)

GitHub release

... (truncated)

Commits
  • bd2d0dd Prepare release v2.12.5
  • 7d0302e Document security implications when using create_model()
  • e9ef980 Fix typo in Standard Library Types documentation
  • f2c20c0 Add pydantic-docs dev dependency, make use of versioning blocks
  • a76c1aa Update documentation about JSON Schema
  • 8cbc72c Add documentation about custom __init__()
  • 99eba59 Add additional test for FieldInfo.get_default()
  • c710769 Special case MISSING sentinel in smart_deepcopy()
  • 20a9d77 Do not delete mock validator/serializer in rebuild_dataclass()
  • c86515a Update parts of the model and revalidate_instances documentation
  • Additional commits viewable in compare view

Updates rich to 15.0.0

Release notes

Sourced from rich's releases.

The So Long 3.8 Release

A few fixes. The major version bump is to honor the passing of 3.8 support which reached its EOL in October 7, 2024

[15.0.0] - 2026-04-12

Changed

  • Breaking change: Dropped support for Python3.8

Fixed

Changelog

Sourced from rich's changelog.

[15.0.0] - 2026-04-12

Changed

  • Breaking change: Dropped support for Python3.8

Fixed

[14.3.4] - 2026-04-11

Changed

[14.3.3] - 2026-02-19

Fixed

[14.3.2] - 2026-02-01

Fixed

[14.3.1] - 2026-01-24

Fixed

[14.3.0] - 2026-01-24

Fixed

Added

... (truncated)

Commits

Updates sqlalchemy to 2.0.49

Release notes

Sourced from sqlalchemy's releases.

2.0.49

Released: April 3, 2026

orm

  • [orm] [bug] Fixed issue where _orm.Session.get() would bypass the identity map and emit unnecessary SQL when with_for_update=False was passed, rather than treating it equivalently to the default of None. Pull request courtesy of Joshua Swanson.

    References: #13176

  • [orm] [bug] Fixed issue where chained _orm.joinedload() options would not be applied correctly when the final relationship in the chain is declared on a base mapper and accessed through a subclass mapper in a _orm.with_polymorphic() query. The path registry now correctly computes the natural path when a property declared on a base class is accessed through a path containing a subclass mapper, ensuring the loader option can be located during query compilation.

    References: #13193

  • [orm] [bug] [inheritance] Fixed issue where using _orm.Load.options() to apply a chained loader option such as _orm.joinedload() or _orm.selectinload() with _orm.PropComparator.of_type() for a polymorphic relationship would not generate the necessary clauses for the polymorphic subclasses. The polymorphic loading strategy is now correctly propagated when using a call such as joinedload(A.b).options(joinedload(B.c.of_type(poly))) to match the behavior of direct chaining e.g. joinedload(A.b).joinedload(B.c.of_type(poly)).

    References: #13202

  • [orm] [bug] [inheritance] Fixed issue where using chained loader options such as _orm.selectinload() after _orm.joinedload() with _orm.PropComparator.of_type() for a polymorphic relationship would not properly apply the chained loader option. The loader option is now correctly applied when using a call such as joinedload(A.b.of_type(poly)).selectinload(poly.SubClass.c) to eagerly load related objects.

    References: #13209

typing

  • [typing] [bug] Fixed a typing issue where the typed members of :data:.func would return the appropriate class of the same name, however this creates an issue for

... (truncated)

Commits

Updates psycopg2-binary to 2.9.11

Changelog

Sourced from psycopg2-binary's changelog.

Current release

What's new in psycopg 2.9.11 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Add support for Python 3.14.
  • Avoid a segfault passing more arguments than placeholders if Python is built with assertions enabled (:ticket:[#1791](https://github.com/psycopg/psycopg2/issues/1791)).
  • Add riscv64 platform binary packages (:ticket:[#1813](https://github.com/psycopg/psycopg2/issues/1813)).
  • ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 18.
  • Drop support for Python 3.8.

What's new in psycopg 2.9.10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Add support for Python 3.13.
  • Receive notifications on commit (:ticket:[#1728](https://github.com/psycopg/psycopg2/issues/1728)).
  • ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 17.
  • Drop support for Python 3.7.

What's new in psycopg 2.9.9 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Add support for Python 3.12.
  • Drop support for Python 3.6.

What's new in psycopg 2.9.8 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Wheel package bundled with PostgreSQL 16 libpq in order to add support for recent features, such as sslcertmode.

What's new in psycopg 2.9.7 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Fix propagation of exceptions raised during module initialization (:ticket:[#1598](https://github.com/psycopg/psycopg2/issues/1598)).
  • Fix building when pg_config returns an empty string (:ticket:[#1599](https://github.com/psycopg/psycopg2/issues/1599)).
  • Wheel package bundled with OpenSSL 1.1.1v.

What's new in psycopg 2.9.6 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

... (truncated)

Commits
  • fd9ae8c chore: bump to version 2.9.11
  • d923840 chore: update docs requirements
  • d42dc71 Merge branch 'fix-1791'
  • 4fde656 fix: avoid failed assert passing more arguments than placeholders
  • 8308c19 fix: drop warning about the use of deprecated PyWeakref_GetObject function
  • 1a1eabf build(deps): bump actions/github-script from 7 to 8
  • 897af8b build(deps): bump peter-evans/repository-dispatch from 3 to 4
  • ceefd30 build(deps): bump actions/checkout from 4 to 5
  • 4dc5854 build(deps): bump actions/setup-python from 5 to 6
  • 1945788 Merge pull request #1802 from edgarrmondragon/cp314-wheels
  • Additional commits viewable in compare view

Updates strawberry-graphql to 0.314.3

Commits

Updates typer to 0.24.1

Release notes

Sourced from typer's releases.

0.24.1

Internal

Changelog

Sourced from typer's changelog.

0.24.1 (2026-02-21)

Internal

0.24.0 (2026-02-16)

Breaking Changes

0.23.2 (2026-02-16)

Features

  • ✅ Monkeypatch console width to allow running pytest directly. PR #1542 by @​SwaatiR.

Internal

0.23.1 (2026-02-13)

Fixes

  • 🐛 Fix TYPER_USE_RICH parsing to allow disabling Rich completely. PR #1539 by @​bckohan.

Docs

  • 📝 Remove documentation pages that reference using Click directly. PR #1538 by @​svlandeg.

Internal

0.23.0 (2026-02-11)

... (truncated)

Commits
  • eaec8fa 🔖 Release version 0.24.1
  • c73cc2b 📝 Update release notes
  • 6c6259c 👷 Fix CI, do not attempt to build typer-slim, nor typer-cli (#1569)
  • bc65ad8 📝 Update release notes
  • 3aedc0a ➖ Drop support for typer-slim and typer-cli, no more versions will be rel...
  • 4b13020 📝 Update release notes
  • 19aaf0b ⬆ Bump rich from 14.3.2 to 14.3.3 (#1565)
  • 0ece295 📝 Update release notes
  • 833c005 📝 Update release notes
  • 64c0dcb ⬆ Bump pydantic-settings from 2.13.0 to 2.13.1 (#1566)
  • Additional commits viewable in compare view

Updates uvicorn to 0.44.0

Release notes

Sourced from uvicorn's releases.

Version 0.44.0

What's Changed

Full Changelog: Kludex/uvicorn@0.43.0...0.44.0

Changelog

Sourced from uvicorn's changelog.

0.44.0 (April 6, 2026)

Added

  • Implement websocket keepalive pings for websockets-sansio (#2888)

0.43.0 (April 3, 2026)

You can quit Uvicorn now. We heard you, @​pamelafox - all 47 of your Ctrl+C's (thanks for flagging it, and thanks to @​tiangolo for the fix 🙏). See the tweet.

Changed

  • Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)
  • Use native context parameter for create_task on Python 3.11+ (#2859)
  • Drop cast in ASGI types (#2875)

0.42.0 (March 16, 2026)

Changed

  • Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

  • Escape brackets and backslash in httptools HEADER_RE regex (#2824)
  • Fix multiple issues in websockets sans-io implementation (#2825)

0.41.0 (February 16, 2026)

Added

  • Add --limit-max-requests-jitter to stagger worker restarts (#2707)
  • Add socket path to scope["server"] (#2561)

Changed

  • Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

  • Ignore permission denied errors in watchfiles reloader (#2817)
  • Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
  • Reduce the log level of 'request limit exceeded' messages (#2788)

0.40.0 (December 21, 2025)

Remove

  • Drop support for Python 3.9 (#2772)

... (truncated)

Commits
  • edb54c4 Version 0.44.0 (#2890)
  • 029be08 Implement websocket keepalive pings for websockets-sansio (#2888)
  • 8d397c7 Version 0.43.0 (#2885)
  • 587042d 🐛 Emit http.disconnect ASGI receive() event on server shutting down for s...
  • c9a75fb chore(deps): bump the github-actions group with 3 updates (#2878)
  • 84fd578 chore(deps): bump pygments from 2.19.2 to 2.20.0 (#2877)
  • cd52d34 Use native context parameter for create_task on Python 3.11+ (#2859)
  • 5211880 Drop cast in ASGI types (#2875)
  • 1cb8e74 Add websocket 500 fallback header test (#2874)
  • 28efbb2 chore(deps-dev): bump cryptography from 46.0.5 to 46.0.6 (#2873)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
pip-deps: bump the all group with 9 updates
64b6cca 
Updates the requirements on [alembic](https://github.com/sqlalchemy/alembic), [fastapi](https://github.com/fastapi/fastapi), [pydantic](https://github.com/pydantic/pydantic), [rich](https://github.com/Textualize/rich), [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy), [psycopg2-binary](https://github.com/psycopg/psycopg2), [strawberry-graphql](https://github.com/sponsors/strawberry-graphql), [typer](https://github.com/fastapi/typer) and [uvicorn](https://github.com/Kludex/uvicorn) to permit the latest version.

Updates `alembic` to 1.18.4
- [Release notes](https://github.com/sqlalchemy/alembic/releases)
- [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES)
- [Commits](https://github.com/sqlalchemy/alembic/commits)

Updates `fastapi` to 0.135.3
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.111.0...0.135.3)

Updates `pydantic` to 2.12.5
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v2.0...v2.12.5)

Updates `rich` to 15.0.0
- [Release notes](https://github.com/Textualize/rich/releases)
- [Changelog](https://github.com/Textualize/rich/blob/master/CHANGELOG.md)
- [Commits](Textualize/rich@v13.0.0...v15.0.0)

Updates `sqlalchemy` to 2.0.49
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

Updates `psycopg2-binary` to 2.9.11
- [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS)
- [Commits](psycopg/psycopg2@2.9.6...2.9.11)

Updates `strawberry-graphql` to 0.314.3
- [Commits](https://github.com/sponsors/strawberry-graphql/commits)

Updates `typer` to 0.24.1
- [Release notes](https://github.com/fastapi/typer/releases)
- [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md)
- [Commits](fastapi/typer@0.12.0...0.24.1)

Updates `uvicorn` to 0.44.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.30.0...0.44.0)

---
updated-dependencies:
- dependency-name: alembic
  dependency-version: 1.18.4
  dependency-type: direct:production
  dependency-group: all
- dependency-name: fastapi
  dependency-version: 0.135.3
  dependency-type: direct:production
  dependency-group: all
- dependency-name: pydantic
  dependency-version: 2.12.5
  dependency-type: direct:production
  dependency-group: all
- dependency-name: rich
  dependency-version: 15.0.0
  dependency-type: direct:production
  dependency-group: all
- dependency-name: sqlalchemy
  dependency-version: 2.0.49
  dependency-type: direct:production
  dependency-group: all
- dependency-name: psycopg2-binary
  dependency-version: 2.9.11
  dependency-type: direct:production
  dependency-group: all
- dependency-name: strawberry-graphql
  dependency-version: 0.314.3
  dependency-type: direct:production
  dependency-group: all
- dependency-name: typer
  dependency-version: 0.24.1
  dependency-type: direct:production
  dependency-group: all
- dependency-name: uvicorn
  dependency-version: 0.44.0
  dependency-type: direct:production
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Apr 13, 2026
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Apr 13, 2026

Labels

The following labels could not be found: python. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Apr 20, 2026

Looks like these dependencies are no longer updatable, so this is no longer needed.

@dependabot dependabot Bot closed this Apr 20, 2026
@dependabot dependabot Bot deleted the dependabot/pip/all-00bdb04e4a branch April 20, 2026 03:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants