Bump the production-version-updates group with 4 updates

[dependabot]

Bumps the production-version-updates group with 4 updates: asyncpg, fastapi, pydantic and anyio.

Updates asyncpg from 0.30.0 to 0.31.0

Release notes

Sourced from asyncpg's releases.

v0.31.0

Enable Python 3.14 with experimental subinterpreter/freethreading support.

Improvements

• Add Python 3.14 support, experimental subinterpreter/freethreading support (#1279) (by @​elprans in 9e42642b)

• Avoid performing type introspection on known types (#1243) (by @​elprans in 5c9986c4)

• Make prepare() not use named statements by default when cache is disabled (#1245) (by @​elprans in 5b14653e)

• Implement connection service file functionality (#1223) (by @​AndrewJackson2020 in 1d63bb15)

Fixes

• Fix multi port connection string issue (#1222) (by @​AndrewJackson2020 in 01c0db7b)

• Avoid leaking connections if _can_use_connection fails (#1269) (by @​yuliy-openai in e94302d2)

Other

• Drop support for EOL Python 3.8 (#1281) (by @​elprans in 6c2c4904)

Commits

• 71775a6 asyncpg v0.31.0
• 508cae6 Test on PostgreSQL 18 (#1290)
• e534e5f Bump cibuildwheel
• 07fe512 Bump pgproto
• 648b35f Bump Cython to 3.2.1 (#1288)
• 9e42642 Add Python 3.14 support, experimental subinterpreter/freethreading support (#...
• 6fe1c49 Move development deps away from extras and into dependency groups (#1280)
• 7a54816 Fix a couple of missed Python version guards
• 6c2c490 Drop support for EOL Python 3.8 (#1281)
• 4c60ae8 Bump version to 0.31.0.dev0
• Additional commits viewable in compare view

Updates fastapi from 0.121.3 to 0.123.0

Release notes

Sourced from fastapi's releases.

0.123.0

Fixes

• 🐛 Cache dependencies that don't use scopes and don't have sub-dependencies with scopes. PR #14419 by @​tiangolo.

0.122.1

Fixes

• 🐛 Fix hierarchical security scope propagation. PR #5624 by @​kristjanvalur.

Docs

• 💅 Update CSS to explicitly use emoji font. PR #14415 by @​tiangolo.

Internal

• ⬆ Bump markdown-include-variants from 0.0.5 to 0.0.6. PR #14418 by @​YuriiMotov.

0.122.0

Fixes

• 🐛 Use 401 status code in security classes when credentials are missing. PR #13786 by @​YuriiMotov.
  • If your code depended on these classes raising the old (less correct) 403 status code, check the new docs about how to override the classes, to use the same old behavior: Use Old 403 Authentication Error Status Codes.

Internal

• 🔧 Configure labeler to exclude files that start from underscore for lang-all label. PR #14213 by @​YuriiMotov.
• 👷 Add pre-commit config with local script for permalinks. PR #14398 by @​tiangolo.
• 💄 Use font Fira Code to fix display of Rich panels in docs in Windows. PR #14387 by @​tiangolo.
• 👷 Add custom pre-commit CI. PR #14397 by @​tiangolo.
• ⬆ Bump actions/checkout from 5 to 6. PR #14381 by @​dependabot[bot].
• 👷 Upgrade latest-changes GitHub Action and pin actions/checkout@v5. PR #14403 by @​svlandeg.
• 🛠️ Add add-permalinks and add-permalinks-page to scripts/docs.py. PR #14033 by @​YuriiMotov.
• 🔧 Upgrade Material for MkDocs and remove insiders. PR #14375 by @​tiangolo.

Commits

• f2bab95 🔖 Release version 0.123.0
• c38e3e0 📝 Update release notes
• 7fbd304 🐛 Cache dependencies that don't use scopes and don't have sub-dependencies wi...
• 63d7a2b 🔖 Release version 0.122.1
• 7681f29 📝 Update release notes
• 378ad68 🐛 Fix hierarchical security scope propagation (#5624)
• c6487ed 📝 Update release notes
• 62a6974 ⬆ Bump markdown-include-variants from 0.0.5 to 0.0.6 (#14418)
• 9982882 📝 Update release notes
• 8ab7167 💅 Update CSS to explicitly use emoji font (#14415)
• Additional commits viewable in compare view

Updates pydantic from 2.12.4 to 2.12.5

Release notes

Sourced from pydantic's releases.

v2.12.5 2025-11-26

v2.12.5 (2025-11-26)

This is the fifth 2.12 patch release, addressing an issue with the MISSING sentinel and providing several documentation improvements.

The next 2.13 minor release will be published in a couple weeks, and will include a new polymorphic serialization feature addressing the remaining unexpected changes to the serialize as any behavior.

• Fix pickle error when using model_construct() on a model with MISSING as a default value by @​ornariece in #12522.
• Several updates to the documentation by @​Viicos.

Full Changelog: pydantic/pydantic@v2.12.4...v2.12.5

Changelog

Sourced from pydantic's changelog.

v2.12.5 (2025-11-26)

GitHub release

This is the fifth 2.12 patch release, addressing an issue with the MISSING sentinel and providing several documentation improvements.

The next 2.13 minor release will be published in a couple weeks, and will include a new polymorphic serialization feature addressing the remaining unexpected changes to the serialize as any behavior.

• Fix pickle error when using model_construct() on a model with MISSING as a default value by @​ornariece in #12522.
• Several updates to the documentation by @​Viicos.

Commits

• bd2d0dd Prepare release v2.12.5
• 7d0302e Document security implications when using create_model()
• e9ef980 Fix typo in Standard Library Types documentation
• f2c20c0 Add pydantic-docs dev dependency, make use of versioning blocks
• a76c1aa Update documentation about JSON Schema
• 8cbc72c Add documentation about custom __init__()
• 99eba59 Add additional test for FieldInfo.get_default()
• c710769 Special case MISSING sentinel in smart_deepcopy()
• 20a9d77 Do not delete mock validator/serializer in rebuild_dataclass()
• c86515a Update parts of the model and revalidate_instances documentation
• See full diff in compare view

Updates anyio from 4.11.0 to 4.12.0

Release notes

Sourced from anyio's releases.

4.12.0

• Added support for asyncio's task call graphs on Python 3.14 and later when using AnyIO's task groups (#1025)
• Added an asynchronous implementation of the functools module (#1001)
• Added support for uvloop=True on Windows via the winloop implementation (#960; PR by @​Vizonex)
• Added support for use as a context manager to anyio.lowlevel.RunVar (#1003)
• Added __all__ declarations to public submodules (anyio.lowlevel etc.) (#1009)
• Added the ability to set the token count of a CapacityLimiter to zero (#1019; requires Python 3.10 or later when using Trio)
• Added parameters case_sensitive and recurse_symlinks along with support for path-like objects to anyio.Path.glob() and anyio.Path.rglob() (#1033; PR by @​northisup)
• Dropped sniffio as a direct dependency and added the get_available_backends() function (#1021)
• Fixed Process.stdin.send() not raising ClosedResourceError and BrokenResourceError on asyncio. Previously, a non-AnyIO exception was raised in such cases (#671; PR by @​gschaffner)
• Fixed Process.stdin.send() not checkpointing before writing data on asyncio (#1002; PR by @​gschaffner)
• Fixed a race condition where cancelling a Future from BlockingPortal.start_task_soon() would sometimes not cancel the async function (#1011; PR by @​gschaffner)
• Fixed the presence of the pytest plugin causing breakage with older versions of pytest (<= 6.1.2) (#1028; PR by @​saper)
• Fixed a rarely occurring RuntimeError: Set changed size during iteration while shutting down the process pool when using the asyncio backend (#985)

Commits

• bc021b6 Fixed the download-artifact settings to retain the expected behavior
• c6000aa Corrected the format of the version in the changelog
• 9d1bfe0 Bumped up the version
• 77f7ce2 Fixed RuntimeError while shutting down the asyncio process pool (#1039)
• aecc666 [pre-commit.ci] pre-commit autoupdate (#1036)
• e5569ad Bump actions/checkout from 5 to 6 in the github-actions group (#1037)
• dde3ab8 Moved a changelog entry to its correct position
• 250d4f1 Restore compatibility with pytest<=6.1.2 (#1030)
• 3708e22 Fixed a typo in the documentation (#1035)
• 9adbe08 Add new params to Path.glob & Path.rglob introduced since 3.12 (#1034)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions