Skip to content

chore(deps): bump the pip-backend-updates group in /backend with 6 updates#961

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/backend/pip-backend-updates-2e3377b46b
Open

chore(deps): bump the pip-backend-updates group in /backend with 6 updates#961
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/backend/pip-backend-updates-2e3377b46b

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 6, 2026

Bumps the pip-backend-updates group in /backend with 6 updates:

Package From To
fastapi 0.135.2 0.135.3
uvicorn 0.42.0 0.43.0
python-multipart 0.0.22 0.0.24
markdown 3.8.1 3.10.2
beautifulsoup4 4.13.3 4.14.3
ruff 0.15.8 0.15.9

Updates fastapi from 0.135.2 to 0.135.3

Release notes

Sourced from fastapi's releases.

0.135.3

Features

Docs

  • ✏️ Fix typo for client_secret in OAuth2 form docstrings. PR #14946 by @​bysiber.

Internal

Commits

Updates uvicorn from 0.42.0 to 0.43.0

Release notes

Sourced from uvicorn's releases.

Version 0.43.0

Changed

  • Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)
  • Use native context parameter for create_task on Python 3.11+ (#2859)
  • Drop cast in ASGI types (#2875)

Full Changelog: Kludex/uvicorn@0.42.0...0.43.0

Changelog

Sourced from uvicorn's changelog.

0.43.0 (April 3, 2026)

You can quit Uvicorn now. We heard you, @​pamelafox - all 47 of your Ctrl+C's (thanks for flagging it, and thanks to @​tiangolo for the fix 🙏). See the tweet.

Changed

  • Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)
  • Use native context parameter for create_task on Python 3.11+ (#2859)
  • Drop cast in ASGI types (#2875)
Commits

Updates python-multipart from 0.0.22 to 0.0.24

Release notes

Sourced from python-multipart's releases.

Version 0.0.24

What's Changed

Full Changelog: Kludex/python-multipart@0.0.23...0.0.24

Version 0.0.23

What's Changed

New Contributors

Full Changelog: Kludex/python-multipart@0.0.22...0.0.23

Changelog

Sourced from python-multipart's changelog.

0.0.24 (2026-04-05)

  • Validate chunk_size in parse_form() #244.

0.0.23 (2026-04-05)

  • Remove unused trust_x_headers parameter and X-File-Name fallback #196.
  • Return processed length from QuerystringParser._internal_write #229.
  • Cleanup metadata dunders from __init__.py #227.
Commits

Updates markdown from 3.8.1 to 3.10.2

Release notes

Sourced from markdown's releases.

Release 3.10.2

Fixed

  • Fix a regression related to comment handling (#1590).
  • More reliable fix for </ (#1593).

Release 3.10.1

Fixed

  • Ensure nested elements inside inline comments are properly unescaped (#1571).
  • Make the docs build successfully with mkdocstrings-python 2.0 (#1575).
  • Fix infinite loop when multiple bogus or unclosed HTML comments appear in input (#1578).
  • Fix another infinite loop when handling bad comments (#1586).

Release 3.10.0

Changed

  • Officially support Python 3.14 and PyPy 3.11 and drop support for Python 3.9 and PyPy 3.9.

Fixed

  • Fix an HTML comment parsing case in some Python versions that can cause an infinite loop (#1554).
  • Revert the default behavior of USE_DEFINITION_ORDER (to True). The new behavior introduced in 3.9.0 is experimental and results are inconsistent. It should not have been made the default behavior (#1561).

Release 3.9.0

Changed

  • Footnotes are now ordered by the occurrence of their references in the document. A new configuration option for the footnotes extension, USE_DEFINITION_ORDER, has been added to support restoring the previous behavior of ordering footnotes by the occurrence of definitions (#1367).

Fixed

  • Ensure inline processing iterates through elements in document order (#1546).
  • Fix handling of incomplete HTML tags in code spans in Python 3.14 (#1547).

Release 3.8.2

Fixed

  • Fix codecs deprecation in Python 3.14.
  • Fix issue with unclosed comment parsing in Python 3.14.
  • Fix issue with unclosed declarations in Python 3.14.
  • Fix issue with unclosed HTML tag <foo and Python 3.14.
Changelog

Sourced from markdown's changelog.

[3.10.2] - 2026-02-09

Fixed

  • Fix a regression related to comment handling (#1590).
  • More reliable fix for </ (#1593).

[3.10.1] - 2026-01-21

Fixed

  • Ensure nested elements inside inline comments are properly unescaped (#1571).
  • Make the docs build successfully with mkdocstrings-python 2.0 (#1575).
  • Fix infinite loop when multiple bogus or unclosed HTML comments appear in input (#1578).
  • Fix another infinite loop when handling bad comments (#1586).

[3.10.0] - 2025-11-03

Changed

  • Officially support Python 3.14 and PyPy 3.11 and drop support for Python 3.9 and PyPy 3.9.

Fixed

  • Fix an HTML comment parsing case in some Python versions that can cause an infinite loop (#1554).
  • Revert the default behavior of USE_DEFINITION_ORDER (to True). The new behavior introduced in 3.9.0 is experimental and results are inconsistent. It should not have been made the default behavior (#1561).

[3.9.0] - 2025-09-04

Changed

  • Footnotes are now ordered by the occurrence of their references in the document. A new configuration option for the footnotes extension, USE_DEFINITION_ORDER, has been added to support restoring the previous behavior of ordering footnotes by the occurrence of definitions (#1367).

Fixed

  • Ensure inline processing iterates through elements in document order (#1546).
  • Fix handling of incomplete HTML tags in code spans in Python 3.14 (#1547).

[3.8.2] - 2025-06-19

Fixed

  • Fix codecs deprecation in Python 3.14 (#1537).

... (truncated)

Commits
  • e7a0efb Bump version to 3.10.2
  • 6301833 Document HTML sanitation policy
  • 7f29f1a More reliable fix for </
  • c438647 Fix regression of special comments
  • e5fa5b8 Bump version to 3.10.1
  • f925349 More HTML fixes
  • 9933a0a Revert "Allow reference links with backticks"
  • 07dfa4e Allow reference links with backticks
  • fb6b27a Fix infinite loop when text contains multiple unclosed comments
  • 89112c2 Make the docs build successfully with mkdocstrings-python 2.0
  • Additional commits viewable in compare view

Updates beautifulsoup4 from 4.13.3 to 4.14.3

Updates ruff from 0.15.8 to 0.15.9

Release notes

Sourced from ruff's releases.

0.15.9

Release Notes

Released on 2026-04-02.

Preview features

  • [pyflakes] Flag annotated variable redeclarations as F811 in preview mode (#24244)
  • [ruff] Allow dunder-named assignments in non-strict mode for RUF067 (#24089)

Bug fixes

  • [flake8-errmsg] Avoid shadowing existing msg in fix for EM101 (#24363)
  • [flake8-simplify] Ignore pre-initialization references in SIM113 (#24235)
  • [pycodestyle] Fix W391 fixes for consecutive empty notebook cells (#24236)
  • [pyupgrade] Fix UP008 nested class matching (#24273)
  • [pyupgrade] Ignore strings with string-only escapes (UP012) (#16058)
  • [ruff] RUF072: skip formfeeds on dedent (#24308)
  • [ruff] Avoid re-using symbol in RUF024 fix (#24316)
  • [ruff] Parenthesize expression in RUF050 fix (#24234)
  • Disallow starred expressions as values of starred expressions (#24280)

Rule changes

  • [flake8-simplify] Suppress SIM105 for except* before Python 3.12 (#23869)
  • [pyflakes] Extend F507 to flag %-format strings with zero placeholders (#24215)
  • [pyupgrade] UP018 should detect more unnecessarily wrapped literals (UP018) (#24093)
  • [pyupgrade] Fix UP008 callable scope handling to support lambdas (#24274)
  • [ruff] RUF010: Mark fix as unsafe when it deletes a comment (#24270)

Formatter

  • Add nested-string-quote-style formatting option (#24312)

Documentation

  • [flake8-bugbear] Clarify RUF071 fix safety for non-path string comparisons (#24149)
  • [flake8-type-checking] Clarify import cycle wording for TC001/TC002/TC003 (#24322)

Other changes

  • Avoid rendering fix lines with trailing whitespace after | (#24343)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.9

Released on 2026-04-02.

Preview features

  • [pyflakes] Flag annotated variable redeclarations as F811 in preview mode (#24244)
  • [ruff] Allow dunder-named assignments in non-strict mode for RUF067 (#24089)

Bug fixes

  • [flake8-errmsg] Avoid shadowing existing msg in fix for EM101 (#24363)
  • [flake8-simplify] Ignore pre-initialization references in SIM113 (#24235)
  • [pycodestyle] Fix W391 fixes for consecutive empty notebook cells (#24236)
  • [pyupgrade] Fix UP008 nested class matching (#24273)
  • [pyupgrade] Ignore strings with string-only escapes (UP012) (#16058)
  • [ruff] RUF072: skip formfeeds on dedent (#24308)
  • [ruff] Avoid re-using symbol in RUF024 fix (#24316)
  • [ruff] Parenthesize expression in RUF050 fix (#24234)
  • Disallow starred expressions as values of starred expressions (#24280)

Rule changes

  • [flake8-simplify] Suppress SIM105 for except* before Python 3.12 (#23869)
  • [pyflakes] Extend F507 to flag %-format strings with zero placeholders (#24215)
  • [pyupgrade] UP018 should detect more unnecessarily wrapped literals (UP018) (#24093)
  • [pyupgrade] Fix UP008 callable scope handling to support lambdas (#24274)
  • [ruff] RUF010: Mark fix as unsafe when it deletes a comment (#24270)

Formatter

  • Add nested-string-quote-style formatting option (#24312)

Documentation

  • [flake8-bugbear] Clarify RUF071 fix safety for non-path string comparisons (#24149)
  • [flake8-type-checking] Clarify import cycle wording for TC001/TC002/TC003 (#24322)

Other changes

  • Avoid rendering fix lines with trailing whitespace after | (#24343)

Contributors

... (truncated)

Commits
  • 724ccc1 Bump 0.15.9 (#24369)
  • 96d9e09 [ty] Move the deferred submodule inside infer/builder (#24368)
  • 130da28 [ty] Infer the extra_items keyword argument to class-based TypedDicts as an...
  • a617c54 [ty] Validate type qualifiers in functional TypedDict fields and the `extra_i...
  • d851708 [ty] Improve robustness of various type-qualifier-related checks (#24251)
  • aecb587 Only run the release-gate on workflow dispatch (#24366)
  • b889571 [ty] Use infer_type_expression for parsing parameter annotations and return...
  • 3286a62 Add a "release-gate" step to the release workflow (#24365)
  • 5f88756 Disallow starred expressions as values of starred expressions (#24280)
  • 5c59f8a [pyupgrade] Ignore strings with string-only escapes (UP012) (#16058)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the pip-backend-updates group
fc46cf4 
Bumps the pip-backend-updates group in /backend with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [fastapi](https://github.com/fastapi/fastapi) | `0.135.2` | `0.135.3` |
| [uvicorn](https://github.com/Kludex/uvicorn) | `0.42.0` | `0.43.0` |
| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.24` |
| [markdown](https://github.com/Python-Markdown/markdown) | `3.8.1` | `3.10.2` |
| [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/) | `4.13.3` | `4.14.3` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.8` | `0.15.9` |


Updates `fastapi` from 0.135.2 to 0.135.3
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.135.2...0.135.3)

Updates `uvicorn` from 0.42.0 to 0.43.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.42.0...0.43.0)

Updates `python-multipart` from 0.0.22 to 0.0.24
- [Release notes](https://github.com/Kludex/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md)
- [Commits](Kludex/python-multipart@0.0.22...0.0.24)

Updates `markdown` from 3.8.1 to 3.10.2
- [Release notes](https://github.com/Python-Markdown/markdown/releases)
- [Changelog](https://github.com/Python-Markdown/markdown/blob/master/docs/changelog.md)
- [Commits](Python-Markdown/markdown@3.8.1...3.10.2)

Updates `beautifulsoup4` from 4.13.3 to 4.14.3

Updates `ruff` from 0.15.8 to 0.15.9
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.8...0.15.9)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.135.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip-backend-updates
- dependency-name: uvicorn
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-backend-updates
- dependency-name: python-multipart
  dependency-version: 0.0.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip-backend-updates
- dependency-name: markdown
  dependency-version: 3.10.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-backend-updates
- dependency-name: beautifulsoup4
  dependency-version: 4.14.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-backend-updates
- dependency-name: ruff
  dependency-version: 0.15.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip-backend-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added backend dependencies python Pull requests that update python code labels Apr 6, 2026
@dependabot dependabot bot requested a review from anchapin as a code owner April 6, 2026 00:14
@dependabot dependabot bot added backend dependencies python Pull requests that update python code labels Apr 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anchapin anchapin Awaiting requested review from anchapin anchapin is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

backend dependencies python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants