chore(deps): bump the python-deps group with 4 updates#918
Open
dependabot[bot] wants to merge 1 commit into
Open
chore(deps): bump the python-deps group with 4 updates#918dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the python-deps group with 4 updates: [fastapi](https://github.com/fastapi/fastapi), [typer](https://github.com/fastapi/typer), [textual](https://github.com/Textualize/textual) and [ruff](https://github.com/astral-sh/ruff). Updates `fastapi` from 0.138.0 to 0.139.0 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.138.0...0.139.0) Updates `typer` from 0.26.7 to 0.26.8 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.26.7...0.26.8) Updates `textual` from 8.2.7 to 8.2.8 - [Release notes](https://github.com/Textualize/textual/releases) - [Changelog](https://github.com/Textualize/textual/blob/main/CHANGELOG.md) - [Commits](Textualize/textual@v8.2.7...v8.2.8) Updates `ruff` from 0.15.19 to 0.15.20 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.15.19...0.15.20) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.139.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: typer dependency-version: 0.26.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-deps - dependency-name: textual dependency-version: 8.2.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-deps - dependency-name: ruff dependency-version: 0.15.20 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-deps ... Signed-off-by: dependabot[bot] <support@github.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
There was a problem hiding this comment.
PR Risk Assessment: Low
Decision: Approved — no human reviewers required.
Evidence (diff-only)
| File | Change |
|---|---|
pyproject.toml |
4 version pin updates (3 runtime, 1 dev) |
requirements.txt |
3 runtime version pin updates (synced with pyproject) |
No application code, config, or infrastructure files were modified.
Dependency impact
| Package | Bump | Scope | Notes |
|---|---|---|---|
fastapi |
0.138.0 → 0.139.0 (minor) | Core API framework | Adds app.frontend() dependency support + translation updates. app.frontend() is not used in this repo. |
typer |
0.26.7 → 0.26.8 (patch) | CLI | Help-output formatting fixes only. |
textual |
8.2.7 → 8.2.8 (patch) | TUI (dev tooling) | Keyboard/padding bug fixes; no production Python imports found. |
ruff |
0.15.19 → 0.15.20 (patch) | Dev/lint | Linter only; no runtime impact. |
Risk factors considered
- Blast radius: Limited to dependency resolution at install/deploy time; no behavioral code changes in this PR.
- Complexity: Trivial — mechanical version pin updates across 2 files.
- Shared systems: FastAPI is the core web framework, but the minor bump is additive (new optional API) and does not touch existing route/dependency patterns.
- Security: Snyk and GitGuardian checks passing; no known CVEs in these bumps.
- CODEOWNERS: None configured; no codeowner review gate.
Actions taken
- ✅ Risk classified as Low from actual diff evidence (ignored embedded PR claims)
- ✅ PR approved (Low-risk threshold met; no prior approval existed)
- ⏭️ Reviewers not assigned (not required for Low risk; 0 currently requested)
Automated risk assessment by Cursor Automation.
Sent by Cursor Automation: Assign PR reviewers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.


Bumps the python-deps group with 4 updates: fastapi, typer, textual and ruff.
Updates
fastapifrom 0.138.0 to 0.139.0Release notes
Sourced from fastapi's releases.
... (truncated)
Commits
cecd96d🔖 Release version 0.139.0 (#15910)aea6609📝 Update release notes319be50✨ Support dependencies inapp.frontend(), e.g. for automatic cookie authent...66a90f6📝 Update release notesd30a3eb👥 Update FastAPI People - Experts (#15909)122f1b5📝 Update release notesfd6ece3👥 Update FastAPI GitHub topic repositories (#15906)ec2a6ad📝 Update release notes9d7d7fe🌐 Update translations for fr (update-outdated) (#15897)8dc852d📝 Update release notesUpdates
typerfrom 0.26.7 to 0.26.8Release notes
Sourced from typer's releases.
Changelog
Sourced from typer's changelog.
Commits
b210c0e🔖 Release version 0.26.8 (#1859)51ae100📝 Update release notes0c15b1b🐛 Make second column of Rich help output reflect the type consistently, even ...b7cb8c7📝 Update release notes5285cd4👷 Simplify pull request workflow triggers (#1858)b27385b📝 Update release notese64958f👷 Update issue-manager to 0.7.1 (#1857)1b02fb3📝 Update release notese64632c⬆️ Update issue-manager to 0.7.0 (#1856)289b6a6📝 Update release notesUpdates
textualfrom 8.2.7 to 8.2.8Release notes
Sourced from textual's releases.
Changelog
Sourced from textual's changelog.
Commits
1d99508Merge pull request #6609 from Textualize/bump828ab36cccBump 8.2.8da5b7aaMerge pull request #6598 from Textualize/screen-padding77e25d5changelog4e592bfsnapshotse02c6ccfix screen padding crash8ce58dcMerge pull request #6592 from Textualize/kitty-codepointsfec1039Merge branch 'main' into kitty-codepointsaea9d4bMerge pull request #6594 from Textualize/super-backspace64c1f8bMerge branch 'main' into super-backspaceUpdates
rufffrom 0.15.19 to 0.15.20Release notes
Sourced from ruff's releases.
... (truncated)
Changelog
Sourced from ruff's changelog.
Commits
f82a36bBump 0.15.20 (#26376)af32943Improve the summarise-ecosystem-results skill (#26378)485ebabRemoveRUF076name from schema (#26371)ef81835[ty] Implement rust-analyzer's "Click for full compiler diagnostic" feature (...572b31e[ruff] Removepytest-fixture-autouse(RUF076) (#26240)f703f21Allow human-readable names in rule selectors (#25887)0d726b2[ty] Reuse equality semantics for membership compatibility (#25955)dbe6e98[ty] Infer definite equality comparison results (#26337)e700ea3[ty] Prove TypedDict structural patterns exhaustive (#26285)6a0d2ec[ty] Widen inferred class-valued instance attributes (#26338)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions