build(deps): bump the backend-dependencies group across 1 directory with 24 updates by dependabot[bot] · Pull Request #59 · numberly/reviewate

dependabot · 2026-04-20T07:38:12Z

Updates the requirements on fastapi, uvicorn[standard], pydantic, sse-starlette, sqlalchemy, faststream[redis], redis, authlib, pyjwt[crypto], maturin, prometheus-client, sentry-sdk, rich, pygithub, python-gitlab, kafka-python, pytest, pytest-cov, ruff, mypy, types-pyyaml, ipython, faker and setuptools to permit the latest version.
Updates fastapi from 0.135.1 to 0.136.0

Release notes

Sourced from fastapi's releases.

0.136.0

Upgrades

⬆️ Support free-threaded Python 3.14t. PR #15149 by @svlandeg.

0.135.4

Refactors

🔥 Remove April Fool's @app.vibe() 🤪. PR #15363 by @tiangolo.

Internal

⬆ Bump cryptography from 46.0.5 to 46.0.7. PR #15314 by @dependabot[bot].

⬆ Bump strawberry-graphql from 0.307.1 to 0.312.3. PR #15309 by @dependabot[bot].

🔨 Add pre-commit hook to ensure latest release header has date. PR #15293 by @YuriiMotov.

0.135.3

Features

✨ Add support for @app.vibe(). PR #15280 by @tiangolo.

New docs: Vibe Coding.

Docs

✏️ Fix typo for client_secret in OAuth2 form docstrings. PR #14946 by @bysiber.

Internal

👥 Update FastAPI People - Experts. PR #15279 by @tiangolo.

⬆ Bump orjson from 3.11.7 to 3.11.8. PR #15276 by @dependabot[bot].

⬆ Bump ruff from 0.15.0 to 0.15.8. PR #15277 by @dependabot[bot].

👥 Update FastAPI GitHub topic repositories. PR #15274 by @tiangolo.

⬆ Bump fastmcp from 2.14.5 to 3.2.0. PR #15267 by @dependabot[bot].

👥 Update FastAPI People - Contributors and Translators. PR #15270 by @tiangolo.

⬆ Bump requests from 2.32.5 to 2.33.0. PR #15228 by @dependabot[bot].

👷 Add ty check to lint.sh. PR #15136 by @svlandeg.

0.135.2

Upgrades

⬆️ Increase lower bound to pydantic >=2.9.0. and fix the test suite. PR #15139 by @svlandeg.

Docs

📝 Add missing last release notes dates. PR #15202 by @tiangolo.

📝 Update docs for contributors and team members regarding translation PRs. PR #15200 by @YuriiMotov.

💄 Fix code blocks in reference docs overflowing table width. PR #15094 by @YuriiMotov.

📝 Fix duplicated words in docstrings. PR #15116 by @AhsanSheraz.

📝 Add docs for pyproject.toml with entrypoint. PR #15075 by @tiangolo.

📝 Update links in docs to no longer use the classes external-link and internal-link. PR #15061 by @tiangolo.

... (truncated)

Commits

708606c 🔖 Release version 0.136.0
13be6a3 📝 Update release notes
4b26487 ⬆️ Support free-threaded Python 3.14t (#15149)
f796c34 🔖 Release version 0.135.4
09d1d1c 📝 Update release notes
ae4e45c 🔥 Remove April Fool's @app.vibe() 🤪 (#15363)
9653034 📝 Update release notes
6f9a102 ⬆ Bump cryptography from 46.0.5 to 46.0.7 (#15314)
eba8942 📝 Update release notes
77d080c ⬆ Bump strawberry-graphql from 0.307.1 to 0.312.3 (#15309)
Additional commits viewable in compare view

Updates uvicorn[standard] to 0.44.0

Release notes

Sourced from uvicorn[standard]'s releases.

Version 0.44.0

What's Changed

Implement websocket keepalive pings for websockets-sansio by @Kludex in Kludex/uvicorn#2888

Full Changelog: Kludex/uvicorn@0.43.0...0.44.0

Changelog

Sourced from uvicorn[standard]'s changelog.

0.44.0 (April 6, 2026)

Added

Implement websocket keepalive pings for websockets-sansio (#2888)

0.43.0 (April 3, 2026)

You can quit Uvicorn now. We heard you, @pamelafox - all 47 of your Ctrl+C's (thanks for flagging it, and thanks to @tiangolo for the fix 🙏). See the tweet.

Changed

Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)

Use native context parameter for create_task on Python 3.11+ (#2859)

Drop cast in ASGI types (#2875)

0.42.0 (March 16, 2026)

Changed

Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

Escape brackets and backslash in httptools HEADER_RE regex (#2824)

Fix multiple issues in websockets sans-io implementation (#2825)

0.41.0 (February 16, 2026)

Added

Add --limit-max-requests-jitter to stagger worker restarts (#2707)

Add socket path to scope["server"] (#2561)

Changed

Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

Ignore permission denied errors in watchfiles reloader (#2817)

Ensure lifespan shutdown runs when should_exit is set during startup (#2812)

Reduce the log level of 'request limit exceeded' messages (#2788)

0.40.0 (December 21, 2025)

Remove

Drop support for Python 3.9 (#2772)

... (truncated)

Commits

edb54c4 Version 0.44.0 (#2890)
029be08 Implement websocket keepalive pings for websockets-sansio (#2888)
8d397c7 Version 0.43.0 (#2885)
587042d 🐛 Emit http.disconnect ASGI receive() event on server shutting down for s...
c9a75fb chore(deps): bump the github-actions group with 3 updates (#2878)
84fd578 chore(deps): bump pygments from 2.19.2 to 2.20.0 (#2877)
cd52d34 Use native context parameter for create_task on Python 3.11+ (#2859)
5211880 Drop cast in ASGI types (#2875)
1cb8e74 Add websocket 500 fallback header test (#2874)
28efbb2 chore(deps-dev): bump cryptography from 46.0.5 to 46.0.6 (#2873)
Additional commits viewable in compare view

Updates pydantic from 2.12.5 to 2.13.2

Release notes

Sourced from pydantic's releases.

v2.13.2 2026-04-17

v2.13.2 (2026-04-17)

What's Changed

Fixes

Fix ValidationInfo.field_name missing with model_validate_json() by @Viicos in #13084

Full Changelog: pydantic/pydantic@v2.13.1...v2.13.2

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

Fix ValidationInfo.data missing with model_validate_json() by @davidhewitt in #13079

Full Changelog: pydantic/pydantic@v2.13.0...v2.13.1

v2.13.0 2026-04-13

v2.13.0 (2026-04-13)

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

Packaging

Add zizmor for GitHub Actions workflow linting by @Viicos in #13039

Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by @Viicos in #13064

New Features

Allow default factories of private attributes to take validated model data by @Viicos in #13013

Changes

Warn when serializing fixed length tuples with too few items by @arvindsaripalli in #13016

Fixes

Change type of Any when synthesizing _build_sources for BaseSettings.__init__() signature in the mypy plugin by @Viicos in #13049

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.13.2 (2026-04-17)

GitHub release

What's Changed

Fixes

Fix ValidationInfo.field_name missing with model_validate_json() by @Viicos in #13084

v2.13.1 (2026-04-15)

GitHub release

What's Changed

Fixes

Fix ValidationInfo.data missing with model_validate_json() by @davidhewitt in #13079

v2.13.0 (2026-04-13)

GitHub release

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

New Features

Allow default factories of private attributes to take validated model data by @Viicos in #13013

Changes

Warn when serializing fixed length tuples with too few items by @arvindsaripalli in #13016

Fixes

Change type of Any when synthesizing _build_sources for BaseSettings.__init__() signature in the mypy plugin by @Viicos in #13049

Fix model equality when using runtime extra configuration by @Viicos in #13062

Packaging

Add zizmor for GitHub Actions workflow linting by @Viicos in #13039

... (truncated)

Commits

ca3ddd1 Prepare release v2.13.2
000e823 Fix ValidationInfo.field_name missing with model_validate_json()
d45d8be Prepare release 2.13.1
54aca60 Fix ValidationInfo.data missing with model_validate_json()
46bf4fa Fix Pydantic release workflow (#13067)
1b359ed Prepare release v2.13.0 (#13065)
b1bf194 Fix model equality when using runtime extra configuration (#13062)
17a35e3 Update jiter to v0.14.0 (#13064)
feea402 Use simulation mode in Codspeed CI (#13063)
671c9b0 Add basic benchmarks for model equality (#13061)
Additional commits viewable in compare view

Updates sse-starlette from 3.3.2 to 3.3.4

Release notes

Sourced from sse-starlette's releases.

v3.3.4

What's Changed

chore(deps): bump cbor2 from 5.8.0 to 5.9.0 by @dependabot[bot] in sysid/sse-starlette#177

chore(deps): bump ujson from 5.11.0 to 5.12.0 by @dependabot[bot] in sysid/sse-starlette#176

chore(deps): bump requests from 2.32.5 to 2.33.0 by @dependabot[bot] in sysid/sse-starlette#178

chore(deps): bump cryptography from 46.0.5 to 46.0.6 by @dependabot[bot] in sysid/sse-starlette#179

Full Changelog: sysid/sse-starlette@v3.3.3...v3.3.4

v3.3.3

What's Changed

chore(deps): bump astral-sh/setup-uv from 6 to 7 by @dependabot[bot] in sysid/sse-starlette#172

chore(deps): bump pyopenssl from 25.3.0 to 26.0.0 by @dependabot[bot] in sysid/sse-starlette#174

chore(deps): bump pyasn1 from 0.6.2 to 0.6.3 by @dependabot[bot] in sysid/sse-starlette#175

Full Changelog: sysid/sse-starlette@v0.0.0...v3.3.3

Commits

c938db3 Bump version to 3.3.4
eefd6dc Merge pull request #179 from sysid/dependabot/uv/cryptography-46.0.6
d9e9b82 chore(deps): bump cryptography from 46.0.5 to 46.0.6
28cd775 Merge pull request #178 from sysid/dependabot/uv/requests-2.33.0
2e52732 Merge pull request #176 from sysid/dependabot/uv/ujson-5.12.0
bac335e Merge pull request #177 from sysid/dependabot/uv/cbor2-5.9.0
d465468 chore(deps): bump requests from 2.32.5 to 2.33.0
7434cd3 chore(deps): bump cbor2 from 5.8.0 to 5.9.0
fc2455a chore(deps): bump ujson from 5.11.0 to 5.12.0
5f84539 Bump version to 3.3.3
Additional commits viewable in compare view

Updates sqlalchemy from 2.0.48 to 2.0.49

Release notes

Sourced from sqlalchemy's releases.

2.0.49

Released: April 3, 2026

orm

[orm] [bug] Fixed issue where _orm.Session.get() would bypass the identity map and emit unnecessary SQL when with_for_update=False was passed, rather than treating it equivalently to the default of None. Pull request courtesy of Joshua Swanson.

References: #13176

[orm] [bug] Fixed issue where chained _orm.joinedload() options would not be applied correctly when the final relationship in the chain is declared on a base mapper and accessed through a subclass mapper in a _orm.with_polymorphic() query. The path registry now correctly computes the natural path when a property declared on a base class is accessed through a path containing a subclass mapper, ensuring the loader option can be located during query compilation.

References: #13193

[orm] [bug] [inheritance] Fixed issue where using _orm.Load.options() to apply a chained loader option such as _orm.joinedload() or _orm.selectinload() with _orm.PropComparator.of_type() for a polymorphic relationship would not generate the necessary clauses for the polymorphic subclasses. The polymorphic loading strategy is now correctly propagated when using a call such as joinedload(A.b).options(joinedload(B.c.of_type(poly))) to match the behavior of direct chaining e.g. joinedload(A.b).joinedload(B.c.of_type(poly)).

References: #13202

[orm] [bug] [inheritance] Fixed issue where using chained loader options such as _orm.selectinload() after _orm.joinedload() with _orm.PropComparator.of_type() for a polymorphic relationship would not properly apply the chained loader option. The loader option is now correctly applied when using a call such as joinedload(A.b.of_type(poly)).selectinload(poly.SubClass.c) to eagerly load related objects.

References: #13209

typing

[typing] [bug] Fixed a typing issue where the typed members of :data:.func would return the appropriate class of the same name, however this creates an issue for

... (truncated)

Commits

See full diff in compare view

Updates faststream[redis] to 0.6.7

Release notes

Sourced from faststream[redis]'s releases.

v0.6.7

What's Changed

The main feature of this release is the Try It Out feature for your Async API documentation!

Now you can test your developing application directly from the web, just like Swagger for HTTP. It supports in-memory publication to test a subscriber and real broker publication to verify behavior in real scenarios.

feat: Add Try It Out feature for AsyncAPI documentation by @vvlrff in ag2ai/faststream#2777

Full updates:

feat: Static membership for aiokafka broker (group_instance_id) by @tmlnv in ag2ai/faststream#2783

feat: add on_assign, on_revoke, on_lost callbacks for Confluent subscriber by @Br1an67 in ag2ai/faststream#2789

feat: use MRO-based exception handler resolution by @Br1an67 in ag2ai/faststream#2788

fix: Bug: AsyncAPI documentation fails when Confluent uses oauth bearer authentication by @yann-combarnous in ag2ai/faststream#2775

fix: preserve exception chains in AsgiFastStream startup by @zoni in ag2ai/faststream#2781

fix: use sentinel in StreamMessage.decode() to cache None results by @benedikt-bartscher in ag2ai/faststream#2784

fix: propagate expiration property in rabbit test broker by @marcm-ml in ag2ai/faststream#2787

docs: Add schedule parameter for NATS publishing by @Majajashka in ag2ai/faststream#2763

docs: fix publish_scope by @kurrbanov in ag2ai/faststream#2768

New Contributors

@kurrbanov made their first contribution in ag2ai/faststream#2768

@yann-combarnous made their first contribution in ag2ai/faststream#2775

@zoni made their first contribution in ag2ai/faststream#2781

@tmlnv made their first contribution in ag2ai/faststream#2783

@benedikt-bartscher made their first contribution in ag2ai/faststream#2784

@marcm-ml made their first contribution in ag2ai/faststream#2787

@Br1an67 made their first contribution in ag2ai/faststream#2789

Full Changelog: ag2ai/faststream@0.6.6...0.6.7

Commits

8abc91a feat: use MRO-based exception handler resolution (#2788)
31fcbc1 feat: add on_assign, on_revoke, on_lost callbacks for Confluent subscriber (#...
446b58c feat: Add Try It Out feature for AsyncAPI documentation (#2777)
1b95019 fix: propagate expiration property in rabbit test broker (#2787)
0876b55 fix: use sentinel in StreamMessage.decode() to cache None results (#2784)
8148f2d feat: Static membership for aiokafka broker (group_instance_id) (#2783)
8cd1e6d fix: Preserve exception chains in AsgiFastStream startup (#2781)
b8b823a chore(deps): bump reagento/relator in the github-actions group (#2778)
ebc4739 fix: Bug: AsyncAPI documentation fails when Confluent uses oauth bearer authe...
fc32dcf chore(deps): bump astral-sh/setup-uv in the github-actions group (#2771)
Additional commits viewable in compare view

Updates redis from 7.3.0 to 7.4.0

Release notes

Sourced from redis's releases.

7.4.0

Changes

🐛 Bug Fixes

Fix AttributeError in cluster metrics recording when connection is None or ClusterNode object instance is used to extract the connection info (#3999)

Fixing security concern in repr methods for ConnectionPools - passwords might leak in plain text logs (#3998)

Refactored connection count and SCH metric collection (#4001)

🧪 Experimental Features

-Refactored health check logic for MultiDBClient (#3994)

🧰 Maintenance

Expose basic Otel classes and functions to be importable through redis.observability to match the examples in the readthedocs (#3996)

We'd like to thank all the contributors who worked on this release! @vladvildanov @petyaslavova

Commits

b72f24a Updating lib version to 7.4.0
0a4e0af Refactored health check logic for MultiDBClient (#3994)
15492c9 Refactored connection count and SCH metric collection (#4001)
cd964ac Expose basic Otel classes and funtions to be importable through redis.observa...
46ab74d Fixing security concern in repr methods for ConnectionPools - passwords m...
26482db Fix AttributeError in cluster metrics recording when connection is None or Cl...
See full diff in compare view

Updates authlib from 1.6.9 to 1.7.0

Release notes

Sourced from authlib's releases.

v1.7.0

What's Changed

Authorization and token endpoints request empty scope parameter management by @azmeuk in authlib/authlib#847

Support from Python 3.10 to 3.14 by @azmeuk in authlib/authlib#850

Allow composition of AuthorizationServerMetadata by @azmeuk in authlib/authlib#853

Make require_oauth parenthesis optional by @azmeuk in authlib/authlib#855

Fix expires_at behavior when its value is 0 by @azmeuk in authlib/authlib#854

Migration to joserfc by @lepture in authlib/authlib#852

RP-initiated logout by @frohrlich in authlib/authlib#849

Fix get_jwt_config by @lepture in authlib/authlib#858

chore(ci): Update PyPy version from 3.10 to 3.11 by @cclauss in authlib/authlib#863

fix: remove "none" from default authlib.jose.jwt algorithms by @lepture in authlib/authlib#860

fix: normalize resolve_client_public_key method by @lepture in authlib/authlib#861

Implement rfc9700 PKCE downgrade countermeasure by @azmeuk in authlib/authlib#864

Use correct syntax for tox.requires in tox.ini by @alex-ball in authlib/authlib#868

Set client session User-Agent when fetching server metadata and JWKs by @alex-ball in authlib/authlib#867

fix: use the real application object for Flask by @nblock in authlib/authlib#869

Accept the issuer URL as a valid audience by @azmeuk in authlib/authlib#865

Don't nest InvalidTokenError extra attribute by @azmeuk in authlib/authlib#872

Documentation overhaul by @azmeuk in authlib/authlib#875

Update README.md docs.authlib.org/en/latest => docs.authlib.org/en/stable by @guillett in authlib/authlib#876

Merge release/1.6 branch by @lepture in authlib/authlib#877

New Contributors

@frohrlich made their first contribution in authlib/authlib#849

@cclauss made their first contribution in authlib/authlib#863

@alex-ball made their first contribution in authlib/authlib#868

@nblock made their first contribution in authlib/authlib#869

@guillett made their first contribution in authlib/authlib#876

Full Changelog: authlib/authlib@v1.6.10...v1.7.0

v1.6.11

Full Changelog: authlib/authlib@v1.6.10...v1.6.11

Fix CSRF issue with starlette client

v1.6.10

Full Changelog: authlib/authlib@v1.6.9...v1.6.10

Fix redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError.

Commits

5d2e603 chore: release 1.7.0
767f08b fix: CSRF issue with starlette client
e9aaef3 Merge pull request #877 from authlib/merge/1.6
3c8ec9a Merge branch 'main' into merge/1.6
ef09aeb chore: release 1.6.10
3be0846 fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError
4cf6f97 Merge pull request #876 from guillett/patch-1
23f67b4 Update README.md docs.authlib.org/en/latest => docs.authlib.org/en/stable
1040163 chore: prek autoupdate
491209f Merge pull request #875 from azmeuk/doc
Additional commits viewable in compare view

Updates pyjwt[crypto] to 2.12.1

Release notes

Sourced from pyjwt[crypto]'s releases.

2.12.1

What's Changed

Add typing_extensions dependency for Python < 3.11 by @jpadilla in jpadilla/pyjwt#1151

Full Changelog: jpadilla/pyjwt@2.12.0...2.12.1

Changelog

Sourced from pyjwt[crypto]'s changelog.

v2.12.1 <https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1>__

Fixed
- Add missing ``typing_extensions`` dependency for Python < 3.11 in `[#1150](https://github.com/jpadilla/pyjwt/issues/1150) <https://github.com/jpadilla/pyjwt/issues/1150>`__
v2.12.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0&gt;__
Fixed
Annotate PyJWKSet.keys for pyright by @tamird in [#1134](https://github.com/jpadilla/pyjwt/issues/1134) <https://github.com/jpadilla/pyjwt/pull/1134>__

Close HTTPError response to prevent ResourceWarning on Python 3.14 by @veeceey in [#1133](https://github.com/jpadilla/pyjwt/issues/1133) <https://github.com/jpadilla/pyjwt/pull/1133>__

Do not keep algorithms dict in PyJWK instances by @akx in [#1143](https://github.com/jpadilla/pyjwt/issues/1143) <https://github.com/jpadilla/pyjwt/pull/1143>__

Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by @dmbs335 in GHSA-752w-5fwx-jx9f <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f>__

Use PyJWK algorithm when encoding without explicit algorithm in [#1148](https://github.com/jpadilla/pyjwt/issues/1148) <https://github.com/jpadilla/pyjwt/pull/1148>__

Added
- Docs: Add ``PyJWKClient`` API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache).
v2.11.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0&gt;__
Fixed
Enforce ECDSA curve validation per RFC 7518 Section 3.4.

Fix build system warnings by @kurtmckee in [#1105](https://github.com/jpadilla/pyjwt/issues/1105) <https://github.com/jpadilla/pyjwt/pull/1105>__

Validate key against allowed types for Algorithm family in [#964](https://github.com/jpadilla/pyjwt/issues/964) <https://github.com/jpadilla/pyjwt/pull/964>__

Add iterator for JWKSet in [#1041](https://github.com/jpadilla/pyjwt/issues/1041) <https://github.com/jpadilla/pyjwt/pull/1041>__

Validate iss claim is a string during encoding and decoding by @pachewise in [#1040](https://github.com/jpadilla/pyjwt/issues/1040) <https://github.com/jpadilla/pyjwt/pull/1040>__

Improve typing/logic for options in decode, decode_complete by @pachewise in [#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045>__

Declare float supported type for lifespan and timeout by @nikitagashkov in [#1068](https://github.com/jpadilla/pyjwt/issues/1068) <https://github.com/jpadilla/pyjwt/pull/1068>__

Fix SyntaxWarning\s/DeprecationWarning\s caused by invalid escape sequences by @kurtmckee in [#1103](https://github.com/jpadilla/pyjwt/issues/1103) <https://github.com/jpadilla/pyjwt/pull/1103>__

Development: Build a shared wheel once to speed up test suite setup times by @kurtmckee in [#1114](https://github.com/jpadilla/pyjwt/issues/1114) <https://github.com/jpadilla/pyjwt/pull/1114>__

Development: Test type annotations across all supported Python versions, increase the strictness of the type checking, and remove the mypy pre-commit hook by @kurtmckee in [#1112](https://github.com/jpadilla/pyjwt/issues/1112) <https://github.com/jpadilla/pyjwt/pull/1112>__

Added
- Support Python 3.14, and test against PyPy 3.10 and 3.11 by @kurtmckee in `[#1104](https://github.com/jpadilla/pyjwt/issues/1104) <https://github.com/jpadilla/pyjwt/pull/1104>`__
- Development: Migrate to ``build`` to test package building in CI by @kurtmckee in `[#1108](https://github.com/jpadilla/pyjwt/issues/1108) <https://github.com/jpadilla/pyjwt/pull/1108>`__
- Development: Improve coverage config and eliminate unused test suite code by @kurtmckee in `[#1115](https://github.com/jpadilla/pyjwt/issues/1115) <https://github.com/jpadilla/pyjwt/pull/1115>`__
</tr></table> 

... (truncated)

Commits

a4e1a3d Add typing_extensions dependency for Python < 3.11 (#1151)
bd9700c Use PyJWK algorithm when encoding without explicit algorithm (#1148)
051ea34 Merge commit from fork
1451d70 fix: do not store reference to algorithms dict on PyJWK (#1143)
f3ba74c [pre-commit.ci] pre-commit autoupdate (#1145)
0318ffa [pre-commit.ci] pre-commit autoupdate (#1141)
a52753d Bump actions/download-artifact from 7 to 8 (#1142)
b85050f chore(tests): enable mypy (#1138)
1272b26 [pre-commit.ci] pre-commit autoupdate (#1135)
99a8728 chore: remove superfluous constants (#1136)
Additional commits viewable in compare view

Updates maturin from 1.12.6 to 1.13.1

Release notes

Sourced from maturin's releases.

v1.13.1

What's Changed

fix: fall back to placeholder for abi3 when found interpreters are too old by @messense in PyO3/maturin#3126

See also v1.13.0 release highlight: https://github.com/PyO3/maturin/releases/tag/v1.13.0

Full Changelog: PyO3/maturin@v1.13.0...v1.13.1

v1.13.0

maturin 1.13.0 is a feature-rich release focused on better wheel generation, improved packaging workflows, and smoother cross-platform builds. This release adds new capabilities for stub generation and PGO builds, significantly improves wheel repair support on macOS and Windows, and includes a broad set of fixes for ABI tagging, source distributions, and platform-specific build behavior.

Highlights

Added support for Profile-Guided Optimization (PGO).

Added PyO3 stub generation support, including a new generate-stubs command and --generate-stubs build option.

Re-implemented macOS wheel repair (delocate) and Windows wheel repair (delvewheel) in maturin, currently warn only when external shared libraries dependencies are required.

Added support for large zip files.

Added support for [tool.maturin.generate-ci.github] configuration.

Improved PEP 517 compatibility by respecting metadata_directory in build_wheel.

This release also includes substantial internal refactoring across build orchestration, interpreter resolution, and command structure, plus dependency and CI updates that improve maintainability and reliability.

No major intentional breaking changes are expected, but users with custom CI or packaging setups may want to validate their workflows after upgrading.

What's Changed

refactor: unified interpreter resolution pipeline by @messense in PyO3/maturin#3032

Sync legacy_py.rs with upstream PyPI warehouse legacy.py by @messense in PyO3/maturin#3053

refactor: decompose large modules into focused submodules by @messense in PyO3/maturin#3052

Keep cargo build artifact at original path after staging by @messense in PyO3/maturin#3054

Fix --strip conflicting with --include-debuginfo in develop by @messense in PyO3/maturin#3057

Fix abi3 wheel producing version-specific tags for CPython below minimum by @messense in PyO3/maturin#3061

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in PyO3/maturin#3060

generate-ci: use uv pip for pytest steps to fix local wheel preference by @messense in PyO3/maturin#3063

Add [tool.maturin.generate-ci.github] config support by @messense in PyO3/maturin#3066

fix(sdist): handle parent workspaces and refactor sdist generation by @messense in PyO3/maturin#3055

test: refactor integration suite and switch mixed fixtures to cffi by @messense in PyO3/maturin#3068

Fix data symlink permission handling by @messense in PyO3/maturin#3069

fix: correct bugs in audit.rs typo and module_writer by @messense in PyO3/maturin#3070

perf: use lazy-initialized regexes instead of per-call compilation by @messense in PyO3/maturin#3071

refactor: extract duplicated helpers and reduce code repetition by @messense in PyO3/maturin#3072

refactor: split monster functions into focused methods by @messense in PyO3/maturin#3073

refactor: improve type safety and API clarity by @messense in PyO3/maturin#3074

refactor: cleanup anti-patterns by @messense in PyO3/maturin#3075

refactor: decompose Description has been truncated

…ith 24 updates Updates the requirements on [fastapi](https://github.com/fastapi/fastapi), [uvicorn[standard]](https://github.com/Kludex/uvicorn), [pydantic](https://github.com/pydantic/pydantic), [sse-starlette](https://github.com/sysid/sse-starlette), [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy), [faststream[redis]](https://github.com/ag2ai/FastStream), [redis](https://github.com/redis/redis-py), [authlib](https://github.com/authlib/authlib), [pyjwt[crypto]](https://github.com/jpadilla/pyjwt), [maturin](https://github.com/pyo3/maturin), [prometheus-client](https://github.com/prometheus/client_python), [sentry-sdk](https://github.com/getsentry/sentry-python), [rich](https://github.com/Textualize/rich), [pygithub](https://github.com/pygithub/pygithub), [python-gitlab](https://github.com/python-gitlab/python-gitlab), [kafka-python](https://github.com/dpkp/kafka-python), [pytest](https://github.com/pytest-dev/pytest), [pytest-cov](https://github.com/pytest-dev/pytest-cov), [ruff](https://github.com/astral-sh/ruff), [mypy](https://github.com/python/mypy), [types-pyyaml](https://github.com/python/typeshed), [ipython](https://github.com/ipython/ipython), [faker](https://github.com/joke2k/faker) and [setuptools](https://github.com/pypa/setuptools) to permit the latest version. Updates `fastapi` from 0.135.1 to 0.136.0 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.135.1...0.136.0) Updates `uvicorn[standard]` to 0.44.0 - [Release notes](https://github.com/Kludex/uvicorn/releases) - [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md) - [Commits](Kludex/uvicorn@0.32.0...0.44.0) Updates `pydantic` from 2.12.5 to 2.13.2 - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/v2.13.2/HISTORY.md) - [Commits](pydantic/pydantic@v2.12.5...v2.13.2) Updates `sse-starlette` from 3.3.2 to 3.3.4 - [Release notes](https://github.com/sysid/sse-starlette/releases) - [Commits](sysid/sse-starlette@v3.3.2...v3.3.4) Updates `sqlalchemy` from 2.0.48 to 2.0.49 - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) Updates `faststream[redis]` to 0.6.7 - [Release notes](https://github.com/ag2ai/FastStream/releases) - [Commits](ag2ai/faststream@0.5.0...0.6.7) Updates `redis` from 7.3.0 to 7.4.0 - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](redis/redis-py@v7.3.0...v7.4.0) Updates `authlib` from 1.6.9 to 1.7.0 - [Release notes](https://github.com/authlib/authlib/releases) - [Commits](authlib/authlib@v1.6.9...v1.7.0) Updates `pyjwt[crypto]` to 2.12.1 - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](jpadilla/pyjwt@2.8.0...2.12.1) Updates `maturin` from 1.12.6 to 1.13.1 - [Release notes](https://github.com/pyo3/maturin/releases) - [Changelog](https://github.com/PyO3/maturin/blob/main/Changelog.md) - [Commits](PyO3/maturin@v1.12.6...v1.13.1) Updates `prometheus-client` from 0.24.1 to 0.25.0 - [Release notes](https://github.com/prometheus/client_python/releases) - [Commits](prometheus/client_python@v0.24.1...v0.25.0) Updates `sentry-sdk` from 2.54.0 to 2.58.0 - [Release notes](https://github.com/getsentry/sentry-python/releases) - [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md) - [Commits](getsentry/sentry-python@2.54.0...2.58.0) Updates `rich` from 14.3.3 to 15.0.0 - [Release notes](https://github.com/Textualize/rich/releases) - [Changelog](https://github.com/Textualize/rich/blob/master/CHANGELOG.md) - [Commits](Textualize/rich@v14.3.3...v15.0.0) Updates `pygithub` from 2.8.1 to 2.9.1 - [Release notes](https://github.com/pygithub/pygithub/releases) - [Changelog](https://github.com/PyGithub/PyGithub/blob/main/doc/changes.rst) - [Commits](PyGithub/PyGithub@v2.8.1...v2.9.1) Updates `python-gitlab` from 8.1.0 to 8.2.0 - [Release notes](https://github.com/python-gitlab/python-gitlab/releases) - [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md) - [Commits](python-gitlab/python-gitlab@v8.1.0...v8.2.0) Updates `kafka-python` from 2.3.0 to 2.3.1 - [Release notes](https://github.com/dpkp/kafka-python/releases) - [Changelog](https://github.com/dpkp/kafka-python/blob/master/docs/changelog.rst) - [Commits](dpkp/kafka-python@2.3.0...2.3.1) Updates `pytest` from 9.0.2 to 9.0.3 - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@9.0.2...9.0.3) Updates `pytest-cov` from 7.0.0 to 7.1.0 - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](pytest-dev/pytest-cov@v7.0.0...v7.1.0) Updates `ruff` from 0.15.6 to 0.15.11 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.15.6...0.15.11) Updates `mypy` from 1.19.1 to 1.20.1 - [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) - [Commits](python/mypy@v1.19.1...v1.20.1) Updates `types-pyyaml` from 6.0.12.20250915 to 6.0.12.20260408 - [Commits](https://github.com/python/typeshed/commits) Updates `ipython` from 9.11.0 to 9.12.0 - [Release notes](https://github.com/ipython/ipython/releases) - [Commits](ipython/ipython@9.11.0...9.12.0) Updates `faker` from 40.11.0 to 40.15.0 - [Release notes](https://github.com/joke2k/faker/releases) - [Changelog](https://github.com/joke2k/faker/blob/master/CHANGELOG.md) - [Commits](joke2k/faker@v40.11.0...v40.15.0) Updates `setuptools` to 82.0.1 - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](pypa/setuptools@v75.0.0...v82.0.1) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.136.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: backend-dependencies - dependency-name: uvicorn[standard] dependency-version: 0.44.0 dependency-type: direct:production dependency-group: backend-dependencies - dependency-name: pydantic dependency-version: 2.13.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: backend-dependencies - dependency-name: sse-starlette dependency-version: 3.3.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-dependencies - dependency-name: sqlalchemy dependency-version: 2.0.49 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-dependencies - dependency-name: faststream[redis] dependency-version: 0.6.7 dependency-type: direct:production dependency-group: backend-dependencies - dependency-name: redis dependency-version: 7.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: backend-dependencies - dependency-name: authlib dependency-version: 1.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: backend-dependencies - dependency-name: pyjwt[crypto] dependency-version: 2.12.1 dependency-type: direct:production dependency-group: backend-dependencies - dependency-name: maturin dependency-version: 1.13.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: backend-dependencies - dependency-name: prometheus-client dependency-version: 0.25.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: backend-dependencies - dependency-name: sentry-sdk dependency-version: 2.58.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: backend-dependencies - dependency-name: rich dependency-version: 15.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: backend-dependencies - dependency-name: pygithub dependency-version: 2.9.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: backend-dependencies - dependency-name: python-gitlab dependency-version: 8.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: backend-dependencies - dependency-name: kafka-python dependency-version: 2.3.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-dependencies - dependency-name: pytest dependency-version: 9.0.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: backend-dependencies - dependency-name: pytest-cov dependency-version: 7.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: backend-dependencies - dependency-name: ruff dependency-version: 0.15.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-dependencies - dependency-name: mypy dependency-version: 1.20.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: backend-dependencies - dependency-name: types-pyyaml dependency-version: 6.0.12.20260408 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-dependencies - dependency-name: ipython dependency-version: 9.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: backend-dependencies - dependency-name: faker dependency-version: 40.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: backend-dependencies - dependency-name: setuptools dependency-version: 82.0.1 dependency-type: direct:development dependency-group: backend-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 20, 2026

dependabot Bot requested a review from adamsaimi as a code owner April 20, 2026 07:38

dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 20, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the backend-dependencies group across 1 directory with 24 updates#59

build(deps): bump the backend-dependencies group across 1 directory with 24 updates#59
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/backend/backend-dependencies-693d4e12cf

dependabot Bot commented on behalf of github Apr 20, 2026

`v2.12.0 <https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0>`__

`v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0>`__

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 20, 2026

0.136.0

Upgrades

0.135.4

Refactors

Internal

0.135.3

Features

Docs

Internal

0.135.2

Upgrades

Docs

Version 0.44.0

What's Changed

0.44.0 (April 6, 2026)

Added

0.43.0 (April 3, 2026)

Changed

0.42.0 (March 16, 2026)

Changed

Fixed

0.41.0 (February 16, 2026)

Added

Changed

Fixed

0.40.0 (December 21, 2025)

Remove

v2.13.2 2026-04-17

v2.13.2 (2026-04-17)

What's Changed

Fixes

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

v2.13.0 2026-04-13

v2.13.0 (2026-04-13)

What's Changed

Packaging

New Features

Changes

Fixes

v2.13.2 (2026-04-17)

What's Changed

Fixes

v2.13.1 (2026-04-15)

What's Changed

Fixes

v2.13.0 (2026-04-13)

What's Changed

New Features

Changes

Fixes

Packaging

v3.3.4

What's Changed

v3.3.3

What's Changed

2.0.49

orm

typing

v0.6.7

What's Changed

New Contributors

7.4.0

Changes

🐛 Bug Fixes

🧪 Experimental Features

🧰 Maintenance

v1.7.0

What's Changed

New Contributors

v1.6.11

v1.6.10

2.12.1

What's Changed

v2.12.1 <https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1>__

v2.12.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0&gt;__

`v2.12.1 <https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1>`__

`v2.12.0 <https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0>`__

`v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0>`__