Skip to content

Bump the production-version-updates group with 3 updates#291

Merged
github-actions[bot] merged 1 commit intomainfrom
dependabot/pip/production-version-updates-e0c70e4ee1
Nov 3, 2025
Merged

Bump the production-version-updates group with 3 updates#291
github-actions[bot] merged 1 commit intomainfrom
dependabot/pip/production-version-updates-e0c70e4ee1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Nov 3, 2025

Bumps the production-version-updates group with 3 updates: alembic, fastapi and starlette.

Updates alembic from 1.17.0 to 1.17.1

Release notes

Sourced from alembic's releases.

1.17.1

Released: October 28, 2025

usecase

  • [usecase] [commands] Added command.current.check_heads parameter to command.current() command, available from the command line via the --check-heads option to alembic current. This tests if all head revisions are applied to the database and raises DatabaseNotAtHead (or from the command line, exits with a non-zero exit code) if this is not the case. The parameter operates equvialently to the cookbook recipe cookbook_check_heads. Pull request courtesy Stefan Scherfke.

    References: #1705

bug

  • [bug] [commands] Disallow ':' character in custom revision identifiers. Previously, using a colon in a revision ID (e.g., 'REV:1') would create the revision, however revisions with colons in them are not correctly interpreted by other commands, as it overlaps with the revision range syntax. Pull request courtesy Kim Wooseok with original implementation by Hrushikesh Patil.

    References: #1540

Commits

Updates fastapi from 0.120.0 to 0.121.0

Release notes

Sourced from fastapi's releases.

0.121.0

Features

Internal

0.120.4

Fixes

  • 🐛 Fix security schemes in OpenAPI when added at the top level app. PR #14266 by @​YuriiMotov.

0.120.3

Refactors

  • ♻️ Reduce internal cyclic recursion in dependencies, from 2 functions calling each other to 1 calling itself. PR #14256 by @​tiangolo.
  • ♻️ Refactor internals of dependencies, simplify code and remove get_param_sub_dependant. PR #14255 by @​tiangolo.
  • ♻️ Refactor internals of dependencies, simplify using dataclasses. PR #14254 by @​tiangolo.

Docs

0.120.2

Fixes

  • 🐛 Fix separation of schemas with nested models introduced in 0.119.0. PR #14246 by @​tiangolo.

Internal

0.120.1

Upgrades

Internal

  • 🔧 Add license and license-files to pyproject.toml, remove License from classifiers. PR #14230 by @​YuriiMotov.
Commits
  • 4efae81 🔖 Release version 0.121.0
  • 3690140 📝 Update release notes
  • ad4d8f2 📝 Update release notes
  • ac438b9 ✨ Add support for dependencies with scopes, support scope="request" for dep...
  • 425a4c5 📝 Update release notes
  • 3a223b9 📝 Update release notes
  • 566e0d6 👥 Update FastAPI People - Contributors and Translators (#14273)
  • 940ee0c 📝 Update release notes
  • f8df43d 👥 Update FastAPI People - Sponsors (#14274)
  • dbb7020 👥 Update FastAPI GitHub topic repositories (#14280)
  • Additional commits viewable in compare view

Updates starlette from 0.48.0 to 0.49.3

Release notes

Sourced from starlette's releases.

Version 0.49.3

Fixed

  • Relax strictness on Middleware type #3059.

Full Changelog: Kludex/starlette@0.49.2...0.49.3

Version 0.49.2

Fixed

  • Ignore if-modified-since header if if-none-match is present in StaticFiles #3044.

Full Changelog: Kludex/starlette@0.49.1...0.49.2

Version 0.49.1

This release fixes a security vulnerability in the parsing logic of the Range header in FileResponse.

You can view the full security advisory: GHSA-7f5h-v6xp-fcq8

Fixed

Full Changelog: Kludex/starlette@0.49.0...0.49.1

Version 0.49.0

Added

  • Add encoding parameter to Config class #2996.
  • Support multiple cookie headers in Request.cookies #3029.
  • Use Literal type for WebSocketEndpoint encoding values #3027.

Changed

  • Do not pollute exception context in Middleware when using BaseHTTPMiddleware #2976.

New Contributors

... (truncated)

Changelog

Sourced from starlette's changelog.

0.49.3 (November 1, 2025)

This is the last release that supports Python 3.9, which will be dropped in the next minor release.

Fixed

  • Relax strictness on Middleware type #3059.

0.49.2 (November 1, 2025)

Fixed

  • Ignore if-modified-since header if if-none-match is present in StaticFiles #3044.

0.49.1 (October 28, 2025)

This release fixes a security vulnerability in the parsing logic of the Range header in FileResponse.

You can view the full security advisory: GHSA-7f5h-v6xp-fcq8

Fixed

0.49.0 (October 28, 2025)

Added

  • Add encoding parameter to Config class #2996.
  • Support multiple cookie headers in Request.cookies #3029.
  • Use Literal type for WebSocketEndpoint encoding values #3027.

Changed

  • Do not pollute exception context in Middleware when using BaseHTTPMiddleware #2976.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the production-version-updates group with 3 updates
3e6100c 
Bumps the production-version-updates group with 3 updates: [alembic](https://github.com/sqlalchemy/alembic), [fastapi](https://github.com/fastapi/fastapi) and [starlette](https://github.com/Kludex/starlette).


Updates `alembic` from 1.17.0 to 1.17.1
- [Release notes](https://github.com/sqlalchemy/alembic/releases)
- [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES)
- [Commits](https://github.com/sqlalchemy/alembic/commits)

Updates `fastapi` from 0.120.0 to 0.121.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.120.0...0.121.0)

Updates `starlette` from 0.48.0 to 0.49.3
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@0.48.0...0.49.3)

---
updated-dependencies:
- dependency-name: alembic
  dependency-version: 1.17.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-version-updates
- dependency-name: fastapi
  dependency-version: 0.121.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-version-updates
- dependency-name: starlette
  dependency-version: 0.49.3
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: production-version-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Nov 3, 2025
@github-actions github-actions Bot enabled auto-merge November 3, 2025 11:22
@github-actions github-actions Bot merged commit 2e2efb4 into main Nov 3, 2025
4 checks passed
@github-actions github-actions Bot deleted the dependabot/pip/production-version-updates-e0c70e4ee1 branch November 3, 2025 11:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants