Skip to content

chore(deps): bump the python-dependencies group across 1 directory with 12 updates#149

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-dependencies-9dcd7271ef
Open

chore(deps): bump the python-dependencies group across 1 directory with 12 updates#149
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-dependencies-9dcd7271ef

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 28, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on alembic, cryptography, fastapi, fastapi-swagger, icalendar, prometheus-fastapi-instrumentator, python-multipart, ruff, sqlalchemy, uvicorn, prek and joserfc to permit the latest version.
Updates alembic to 1.18.5

Release notes

Sourced from alembic's releases.

1.18.5

Released: June 25, 2026

usecase

  • [usecase] [commands] Added --splice support to the merge() command. Previously, the merge command would suggest using --splice when attempting to merge non-head revisions, but the flag was not actually accepted by the command. The splice parameter is now available in both the command-line interface and the command.merge() function, matching the existing support in command.revision(). Pull request courtesy Kadir Can Ozden.

    References: #1712

  • [usecase] [environment] Added ScriptDirectory.get_heads.consider_depends_on parameter to ScriptDirectory.get_heads(). When set to True, head revisions that are also a dependency of another revision via depends_on are excluded from the result, matching the effective heads that would be present in the alembic_version table after running all upgrades.

    References: #1806

bug

  • [bug] [autogenerate] Fixed rendering of dialect keyword arguments containing ~sqlalchemy.schema.Column objects within sequences, such as postgresql_include. These were previously rendered using repr(), producing invalid Python in the generated migration scripts. Column objects within list or tuple values are now correctly rendered as their string column names. Pull request courtesy Ajay Singh.

    References: #1258

  • [bug] [mysql] Implemented type comparison for ENUM datatypes on MySQL, which checks that the individual enum values are equivalent. If additional entries are on either side, this generates a diff. Changes of order do not generate a diff. Pull request courtesy Furkan Köykıran.

    References: #1745, #779

  • [bug] [operations] Fixed bug where the inline_references parameter of Operations.add_column() did not include foreign key referential actions such as ON DELETE, ON UPDATE, DEFERRABLE, INITIALLY, and MATCH when rendering the inline REFERENCES clause.

... (truncated)

Commits

Updates cryptography to 49.0.0

Changelog

Sourced from cryptography's changelog.

49.0.0 - 2026-06-12


* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.
  We now only publish ``arm64`` wheels for macOS.
* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.
  Users should move to a 64-bit Python installation.
* **BACKWARDS INCOMPATIBLE:** Removed the deprecated
  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,
  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,
  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use
  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,
  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``
  instead. These were deprecated in version 40.0.
* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`
  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block
  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.
  Attempting to encrypt or decrypt more data than the counter allows before it
  would overflow now raises a :class:`ValueError` rather than silently diverging
  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows
  encrypting up to 256 GiB with a given nonce.
* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA
  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises
  a :class:`ValueError`. Such certificates are invalid, but older versions of
  Java emitted them; previously they loaded with a deprecation warning.
* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``
  is set. The build now derives the Python include directory from
  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which
  previously caused the build to fail during cross-compilations for embedded
  systems, on hosts which have same-version Python development headers
  installed as the target Python.
* Added support for signing and verifying X.509 certificates, certificate
  signing requests, and certificate revocation lists with
  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading
  certificates that contain ML-DSA public keys.
* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to
  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the
  encapsulated key from the ciphertext returned by
  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.
* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,
  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and
  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`
  now accept any extension type. Previously only a fixed set of extension
  types was supported, which made it impossible to account for otherwise
  unrecognized critical extensions during path validation.
* Added support for using :class:`~cryptography.x509.Certificate`,
  :class:`~cryptography.x509.CertificateSigningRequest`, and
  :class:`~cryptography.x509.CertificateRevocationList` as field types in
  :doc:`/hazmat/asn1/index` structures.
* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that
</tr></table> 

... (truncated)

Commits
  • e300bbe bump version and changelog for 49.0.0 (#15030)
  • fa74cd8 Add external mu (message representative) support for ML-DSA (#14979)
  • f594db3 chore(deps): bump openssl from 0.10.80 to 0.10.81 (#15029)
  • 608e011 chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (#15028)
  • a322bc4 chore(deps): bump cc from 1.2.63 to 1.2.64 (#15027)
  • 33181a7 Reject critical nameConstraints extensions containing directoryName constrain...
  • 6080dc7 Bump dependencies that dependabot isn't (#15026)
  • 121faa3 chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (#15023)
  • 829520b Add more robust processing for DH parameters. (#15016)
  • 0f05001 Bump downstream dependencies in CI (#15025)
  • Additional commits viewable in compare view

Updates fastapi to 0.138.1

Release notes

Sourced from fastapi's releases.

0.138.1

Refactors

  • ♻️ Refactor Library Skills, make info easier to find for agents. PR #15841 by @​tiangolo.

Internal

Commits

Updates fastapi-swagger to 0.4.52

Release notes

Sourced from fastapi-swagger's releases.

v0.4.52

Package version: v0.4.52 🚀 Swagger UI version: v5.32.8

Commits
  • 8579ea9 chore: bump version to 0.4.52
  • b347ee2 chore: update Swagger UI to v5.32.8
  • 252f1ec chore: bump version to 0.4.51
  • 3f4046f chore: update Swagger UI to v5.32.7
  • ff2971c security: bump urllib3 to >=2.7.0 (#4)
  • 9103d25 chore: bump version to 0.4.50
  • a89f9dc chore: update Swagger UI to v5.32.6
  • See full diff in compare view

Updates icalendar to 7.2.0

Release notes

Sourced from icalendar's releases.

v7.2.0

To view the changes, please see the Changelog. This release can be installed from PyPI.

Changelog

Sourced from icalendar's changelog.

7.2.0 (2026-06-23)

Removals and deprecations


- Deprecated :func:`icalendar.parser.string.foldline` as a private function for icalendar version 8. @IoannaGiag (`Issue [#1011](https://github.com/collective/icalendar/issues/1011) <https://github.com/collective/icalendar/issues/1011>`_)
- Deprecated :func:`icalendar.parser.string.escape_char`, :func:`icalendar.parser.string.unescape_char`, :func:`icalendar.parser.string.escape_string`, and :func:`icalendar.parser.string.unescape_string` using the standard ``deprecate_for_version_8`` wrapper as per issue [#1405](https://github.com/collective/icalendar/issues/1405). (`Issue [#1405](https://github.com/collective/icalendar/issues/1405) <https://github.com/collective/icalendar/issues/1405>`_)

New features


- Created an :attr:`~icalendar.prop.recur.frequency.vFrequency.ical_value` property for the :class:`~icalendar.prop.recur.frequency.vFrequency` component, mirroring the existing pattern on :class:`~icalendar.prop.recur.weekday.vWeekday`. @mvanhorn (`Issue [#876](https://github.com/collective/icalendar/issues/876) &lt;https://github.com/collective/icalendar/issues/876&gt;`_)
- Created an :attr:`~icalendar.prop.geo.vGeo.ical_value` property for the :class:`~icalendar.prop.geo.vGeo` component. @IoannaGiag (`Issue [#876](https://github.com/collective/icalendar/issues/876) &lt;https://github.com/collective/icalendar/issues/876&gt;`_)
- Added type hints to component methods. @Priyanshu-pulak (`Issue [#938](https://github.com/collective/icalendar/issues/938) &lt;https://github.com/collective/icalendar/issues/938&gt;`_)
- Added test coverage for :func:`icalendar.compatibility.deprecate_for_version_8`. AI disclosure: I used GPT-5 Codex to help draft and refine the test and pull request text. I reviewed the output and validated the change locally. @iccccccccccccc (`Issue [#1407](https://github.com/collective/icalendar/issues/1407) &lt;https://github.com/collective/icalendar/issues/1407&gt;`_)
- The :attr:`Alarm.uid &lt;icalendar.cal.alarm.Alarm.uid&gt;` accessor now falls back to vendor-specific UID properties (the existing ``X-ALARMUID`` and the newly added ``X-EVOLUTION-ALARM-UID``) when no canonical ``UID`` is present, so alarms exported by Evolution/GNOME Calendar expose a usable identifier. ``single_string_property`` now accepts an ordered list of fallback keys so further vendor aliases can be added later. AI disclosure: I used GPT-5 Codex (via the Codex CLI) to draft and refine this change and its tests; I reviewed and validated the output locally. @mvanhorn (`Issue [#1421](https://github.com/collective/icalendar/issues/1421) &lt;https://github.com/collective/icalendar/issues/1421&gt;`_)
- The ``rdates`` and ``exdates`` properties are now writable: assigning a list replaces the ``RDATE``/``EXDATE`` values, ``del`` (or assigning an empty list or ``None``) clears them, and assigning the value the getter returns round-trips. Prepared with the assistance of an AI coding agent (Anthropic's Claude). @gaoflow (`Issue [#1442](https://github.com/collective/icalendar/issues/1442) &lt;https://github.com/collective/icalendar/issues/1442&gt;`_)

Bug fixes


- Strictly validate :class:`~icalendar.prop.dt.datetime.vDatetime` values in :meth:`~icalendar.prop.dt.datetime.vDatetime.from_ical` and reject malformed input. This also improves handling of values with a ``TZID`` prefix, per :rfc:`5545#section-3.3.5`, Form [#3](https://github.com/collective/icalendar/issues/3). @uwezkhan (`Issue [#1361](https://github.com/collective/icalendar/issues/1361) &amp;lt;https://github.com/collective/icalendar/issues/1361&amp;gt;`_)
- Preserve an explicit ``VALUE`` parameter (for example ``RDATE;VALUE=PERIOD`` or ``TRIGGER;VALUE=DATE-TIME``) when converting from jCal. Previously :meth:`Component.from_jcal &amp;lt;icalendar.cal.component.Component.from_jcal&amp;gt;` dropped the value type, which is encoded in the jCal type field rather than as a parameter. Prepared with the assistance of an AI coding agent (Anthropic's Claude Opus 4). @gaoflow @lcampanella98 (`Issue [#1426](https://github.com/collective/icalendar/issues/1426) &amp;lt;https://github.com/collective/icalendar/issues/1426&amp;gt;`_)
- For a newline-free string that the operating system can't use as a file path—for example, one containing an embedded null byte or one that is too long—treat it as calendar data, instead of propagating an :exc:`OSError` from :meth:`Component.from_ical &amp;lt;icalendar.cal.component.Component.from_ical&amp;gt;`. Such input now raises a consistent :exc:`ValueError` across platforms. The string-versus-path boundary is now covered by tests. @uwezkhan (`Issue [#1436](https://github.com/collective/icalendar/issues/1436) &amp;lt;https://github.com/collective/icalendar/issues/1436&amp;gt;`_)
- Accept the ``(dt, None)`` form that ``rdates``/``exdates`` return for a single date when adding ``RDATE`` or ``EXDATE``, so ``event.add(&amp;quot;RDATE&amp;quot;, (dt, None))`` no longer raises :exc:`TypeError` and the value round-trips. Prepared with the assistance of an AI coding agent (Anthropic's Claude Opus 4). @gaoflow @texttheater (`Issue [#1439](https://github.com/collective/icalendar/issues/1439) &amp;lt;https://github.com/collective/icalendar/issues/1439&amp;gt;`_)
- Anchored the value validation regular expressions with ``\Z`` instead of ``$`` in :class:`~icalendar.prop.recur.weekday.vWeekday`, :meth:`vDuration.from_ical &amp;lt;icalendar.prop.dt.duration.vDuration.from_ical&amp;gt;`, :class:`~icalendar.prop.dt.time.vTime` and :class:`~icalendar.prop.dt.utc_offset.vUTCOffset`. ``$`` matches just before a final ``\n``, so a value with a trailing line break was accepted; for ``vWeekday`` the newline survived in the ``str`` value and was re-emitted into RECUR output. @alhudz
- For iCalendar files that have thousands of bare line breaks, reduce the content line parse time by a quadratic order of magnitude when reading a component with :meth:`Component.from_ical &amp;lt;icalendar.cal.component.Component.from_ical&amp;gt;`. @alhudz
- Parse a ``CATEGORIES`` value that contains an unescaped colon correctly. ``TEXT`` values do not escape ``:``, so a category such as ``CATEGORIES:CONFIDENTIAL,http://example.com/tag`` was truncated to a single ``//example.com/tag`` because the value boundary was found with the last colon on the line instead of the first one outside the parameters. @alhudz
- Parse and serialize jCal iteratively so that deeply nested components no longer raise an uncaught :exc:`RecursionError`. :meth:`Component.from_jcal &amp;lt;icalendar.cal.component.Component.from_jcal&amp;gt;` and :meth:`Component.to_jcal &amp;lt;icalendar.cal.component.Component.to_jcal&amp;gt;` now handle arbitrary nesting depth, matching the iterative iCal parser and serializer. @arshsmith
- Preserve literal percent escapes in parameter values. The parameter parser used ``%2C``/``%3A``/``%3B``/``%5C`` as internal markers for backslash-escaped delimiters, so a value that already contained those sequences (e.g. ``ALTREP=&amp;quot;http://x/a%2Cb&amp;quot;``) was silently decoded to ``http://x/a,b``. The internal transport encoding now escapes ``%`` itself, leaving real percent-encoded values untouched. @alhudz
- Raise :class:`~icalendar.error.InvalidCalendar` instead of leaking :exc:`OverflowError` when a ``DURATION`` value is too large for :class:`datetime.timedelta`, for example, ``P999999999999999999W``. Parsing a whole calendar now records such a value as an error, like any other invalid property, rather than aborting the parse. @arshsmith
- Reject non-ASCII digits in :class:`~icalendar.prop.recur.month.vMonth` (``BYMONTH``). ``str.isdigit`` is ``True`` for digits like the Arabic-Indic ``١٢``, which was silently accepted and normalized to month ``12``, while characters such as ``²`` cleared the same guard and then leaked a raw ``int()`` error. :meth:`vMonth.from_ical &amp;lt;icalendar.prop.recur.month.vMonth.from_ical&amp;gt;` now rejects both. @alhudz
- Reject non-finite FLOAT values in :meth:`vFloat.from_ical() &amp;lt;icalendar.prop.float.vFloat.from_ical&amp;gt;` and :meth:`vGeo.from_ical() &amp;lt;icalendar.prop.geo.vGeo.from_ical&amp;gt;`. Inputs such as ``nan``, ``inf`` or an overflowing magnitude like ``1e999`` were silently accepted, producing ``NaN``/``Infinity`` tokens in :meth:`Component.to_json &amp;lt;icalendar.cal.component.Component.to_json&amp;gt;` output that are not valid JSON. @alhudz
- Strictly validate :class:`~icalendar.prop.dt.date.vDate` and :class:`~icalendar.prop.dt.time.vTime` values in their ``from_ical`` methods and reject malformed input, matching the strictness added to :class:`~icalendar.prop.dt.datetime.vDatetime`. Trailing data and ``int()`` quirks (underscores, whitespace, signs) are no longer silently accepted, per :rfc:`5545#section-3.3.4` and :rfc:`5545#section-3.3.12`. This change was prepared with AI assistance (Anthropic Claude, Opus model, via Claude Code) used to research the relevant RFC grammar and draft the validation and tests, all reviewed and verified locally. @alhudz


Documentation
</code></pre>
<ul>
<li>Switch :file:<code>docs/how-to/usage.rst</code> from the deprecated <code>.. code:: pycon</code> directive to <code>.. code-block:: pycon</code> for consistency with the rest of the documentation. <a href="https://github.com/mvanhorn"><code>@​mvanhorn</code></a> (<code>Issue [#626](https://github.com/collective/icalendar/issues/626) &amp;lt;https://github.com/collective/icalendar/issues/626&amp;gt;</code>_)</li>
<li>Added type hint for <code>encoding</code> parameter in :func:<code>~icalendar.parser_tools.data_encode</code>. <a href="https://github.com/cybs-joe"><code>@​cybs-joe</code></a> (<code>Issue [#938](https://github.com/collective/icalendar/issues/938) &amp;lt;https://github.com/collective/icalendar/issues/938&amp;gt;</code>_)</li>
<li>Converted docstring of :meth:<code>~icalendar.cal.component.Component.add</code> to Google style. <a href="https://github.com/mvanhorn"><code>@​mvanhorn</code></a> (<code>Issue [#1072](https://github.com/collective/icalendar/issues/1072) &amp;lt;https://github.com/collective/icalendar/issues/1072&amp;gt;</code>_)</li>
<li>Fixed broken links and removed <code>:py</code> prefix in :class:<code>icalendar.cal.calendar.Calendar</code> documentation. <a href="https://github.com/lcampanella98"><code>@​lcampanella98</code></a> (<code>Issue [#1158](https://github.com/collective/icalendar/issues/1158) &amp;lt;https://github.com/collective/icalendar/issues/1158&amp;gt;</code>_)</li>
<li>Fixed broken link and removed <code>:py</code> prefix in the :func:<code>~icalendar.parser.unescape_backslash</code> docstring. <a href="https://github.com/vincere-mori"><code>@​vincere-mori</code></a> (<code>Issue [#1158](https://github.com/collective/icalendar/issues/1158) &amp;lt;https://github.com/collective/icalendar/issues/1158&amp;gt;</code>_)</li>
<li>Fixed broken documentation links in :mod:<code>icalendar.alarms</code> and :mod:<code>icalendar.cal.alarm</code>. <a href="https://github.com/lcampanella98"><code>@​lcampanella98</code></a> (<code>Issue [#1158](https://github.com/collective/icalendar/issues/1158) &amp;lt;https://github.com/collective/icalendar/issues/1158&amp;gt;</code>_)</li>
<li>Fix unqualified cross-references in :attr:<code>Event.start &amp;lt;icalendar.cal.event.Event.start&amp;gt;</code> and :attr:<code>Event.start &amp;lt;icalendar.cal.event.Event.end&amp;gt;</code> docstrings. <a href="https://github.com/Esneider1107"><code>@​Esneider1107</code></a> (<code>Issue [#1158](https://github.com/collective/icalendar/issues/1158) &amp;lt;https://github.com/collective/icalendar/issues/1158&amp;gt;</code>_)</li>
<li>Fixed broken links in :mod:<code>icalendar.cal.free_busy</code> documentation by using fully qualified :class:<code>icalendar.cal.component.Component</code> attribute targets. <a href="https://github.com/tsai135"><code>@​tsai135</code></a> (<code>Issue [#1158](https://github.com/collective/icalendar/issues/1158) &amp;lt;https://github.com/collective/icalendar/issues/1158&amp;gt;</code>_)
&lt;/tr&gt;&lt;/table&gt;
</code></pre></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/collective/icalendar/commit/df9f30ab0f7cc4a39c5f7d12fabab462697642f7"><code>df9f30a</code></a> Merge branch 'main' into 7.x</li>
<li><a href="https://github.com/collective/icalendar/commit/fd6d5b1aadf13d88f8356c1f58d5ceff85f08a51"><code>fd6d5b1</code></a> Fix 7.2.0 changelog: restore content for 938.chore entry</li>
<li><a href="https://github.com/collective/icalendar/commit/e99b5159ec0febc3cceebe075e7f91c5cab27c7f"><code>e99b515</code></a> Fix 7.2.0 changelog: restore full release notes</li>
<li><a href="https://github.com/collective/icalendar/commit/a2ceb5538b665f24247e0cb707322a89fe0d58db"><code>a2ceb55</code></a> version 7.2.0</li>
<li><a href="https://github.com/collective/icalendar/commit/87d7ce2fb96ca5d4c539664701f32c0fc9686ba9"><code>87d7ce2</code></a> Merge pull request <a href="https://redirect.github.com/collective/icalendar/issues/1495">#1495</a> from collective/dependabot/github_actions/github-act...</li>
<li><a href="https://github.com/collective/icalendar/commit/6f7743d5bb728bb613c3a6b8dc7fff44ea0be483"><code>6f7743d</code></a> Bump actions/checkout in the github-actions group across 1 directory</li>
<li><a href="https://github.com/collective/icalendar/commit/ceae0e3d2d8bc72006554382e04a0ddc178c75b9"><code>ceae0e3</code></a> Remove <code>rtd-pr-preview.yml</code> from the workflows (<a href="https://redirect.github.com/collective/icalendar/issues/1496">#1496</a>)</li>
<li><a href="https://github.com/collective/icalendar/commit/a760432ded122e86a8be3913062d60279c5f6eee"><code>a760432</code></a> Merge pull request <a href="https://redirect.github.com/collective/icalendar/issues/1454">#1454</a> from arshsmith/fix/jcal-iterative-parsing</li>
<li><a href="https://github.com/collective/icalendar/commit/4cc90aebb2461be154df54c4367d878e09249bf1"><code>4cc90ae</code></a> Merge branch 'main' into fix/jcal-iterative-parsing</li>
<li><a href="https://github.com/collective/icalendar/commit/96ee28f8552df69b5fb82839dbf9e2b95c6e5b05"><code>96ee28f</code></a> Merge pull request <a href="https://redirect.github.com/collective/icalendar/issues/1446">#1446</a> from alhudz/strict-date-time-from-ical</li>
<li>Additional commits viewable in <a href="https://github.com/collective/icalendar/compare/v7.1.0...v7.2.0">compare view</a></li>
</ul>
</details>
<br />

Updates `prometheus-fastapi-instrumentator` to 8.0.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/releases">prometheus-fastapi-instrumentator's releases</a>.</em></p>
<blockquote>
<h2>8.0.2 / 2026-06-23</h2>
<h3>Fixed</h3>
<ul>
<li>Replaced deprecated <code>asyncio.iscoroutinefunction()</code> with <code>inspect.iscoroutinefunction()</code> in <code>Instrumentator.add()</code> to avoid warnings on Python 3.12+ in <a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/pull/378">#378</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/blob/master/CHANGELOG.md">prometheus-fastapi-instrumentator's changelog</a>.</em></p>
<blockquote>
<h2><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/compare/v8.0.1...v8.0.2">8.0.2</a> / 2026-06-23</h2>
<h3>Fixed</h3>
<ul>
<li>Replaced deprecated <code>asyncio.iscoroutinefunction()</code> with
<code>inspect.iscoroutinefunction()</code> in <code>Instrumentator.add()</code> to avoid warnings on
Python 3.12+ in
<a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/pull/378">#378</a>.</li>
</ul>
<h2><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/compare/v8.0.0...v8.0.1">8.0.1</a> / 2026-06-22</h2>
<h3>Fixed</h3>
<ul>
<li>Fixed resolving route names for routers registered via <code>include_router()</code> on
FastAPI 0.116+ leading to <code>AttributeError</code> getting raised on every request.
The internal route name resolution now also handles <code>_IncludedRouter</code> and
recurses into the included router's own routes so the Prometheus label
reflects the leaf endpoint. Thanks to
<a href="https://github.com/adeebmirza"><code>@​adeebmirza</code></a> in
<a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/issues/371">#371</a>
for fixing it.</li>
<li>Fixed hitting mounts with slash redirection collecting wrong handler name.
Thanks to <a href="https://github.com/lbonn"><code>@​lbonn</code></a> for raising and fixing this issue
in
<a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/pull/369">#369</a>.</li>
</ul>
<h2><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/compare/v7.1.0...v8.0.0">8.0.0</a> / 2026-05-29</h2>
<h3>Changed</h3>
<ul>
<li><strong>BREAKING: Ported project to Starlette v1. This includes new required minimum
versions of Python, Starlette, and FastAPI.</strong> Bumped <code>starlette</code> dependency
from <code>&gt;=0.30.0,&lt;1.0.0</code> to <code>&gt;=1.0.0,&lt;2.0.0</code>. Bumped <code>requires-python</code> from
<code>&gt;=3.8</code> to <code>&gt;=3.10</code> (<code>starlette</code> dropped support). Bumped <code>fastapi</code> dev
dependency to <code>^0.133.0</code> (first version supporting <code>starlette</code> v1). Adjusted
middleware app parameter type from <code>Starlette</code> to <code>ASGIApp</code>. Thanks to
<a href="https://github.com/bgermann"><code>@​bgermann</code></a> in
<a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/pull/357">#357</a>
for implementing it.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Corrected documentation for setting custom labels. Thanks to
<a href="https://github.com/rickie95"><code>@​rickie95</code></a> in
<a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/pull/342">#342</a>
for implementing it.</li>
</ul>
<h2><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/compare/v7.0.2...v7.1.0">7.1.0</a> / 2025-03-19</h2>
<h3>Added</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/commit/c1c1fb645ce3b28d538413a9ac18cc7559c0c385"><code>c1c1fb6</code></a> chore: Prepare release v8.0.2</li>
<li><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/commit/652991e26b5f0b78711bd67ecca21c4d07800571"><code>652991e</code></a> docs: Add link to pr in changelog</li>
<li><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/commit/4cca8aac70bee7b2f8cee0830eeda39a8887b883"><code>4cca8aa</code></a> build(deps): bump pre-commit/action from 3.0.0 to 3.0.1 (<a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/issues/301">#301</a>)</li>
<li><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/commit/dd185b0d9dcfb1bfd2530c761330dc47112a2b74"><code>dd185b0</code></a> build(deps): bump softprops/action-gh-release from 2 to 3 (<a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/issues/363">#363</a>)</li>
<li><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/commit/8e8f8c51861bf182094b24aa54a487c332718bfd"><code>8e8f8c5</code></a> build(deps): bump amannn/action-semantic-pull-request from 5 to 6 (<a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/issues/364">#364</a>)</li>
<li><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/commit/778526bb99bcac0eb087f35fd32b1821384ef0c3"><code>778526b</code></a> build(deps): bump actions/cache from 4 to 5 (<a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/issues/365">#365</a>)</li>
<li><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/commit/c212ede9a3f44326ac9b691fc9cb25eeb31faf09"><code>c212ede</code></a> build(deps): bump github/codeql-action from 2 to 4 (<a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/issues/366">#366</a>)</li>
<li><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/commit/f31451c829af64872000699aaada7217603e4d35"><code>f31451c</code></a> chore: Replace deprecated coroutine detection (<a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/issues/378">#378</a>)</li>
<li><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/commit/c43336855fd0b6f978a01fd793da02e383f71abb"><code>c433368</code></a> test(routing): add 405/Mount/WebSocket coverage for _IncludedRouter (<a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/issues/377">#377</a>)</li>
<li><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/commit/e7b326620a92df05b18880b2cc8ba06ebe9cf389"><code>e7b3266</code></a> Remove incorrect build badge from readme</li>
<li>Additional commits viewable in <a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/compare/v7.1.0...v8.0.2">compare view</a></li>
</ul>
</details>
<br />

Updates `python-multipart` to 0.0.32
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/Kludex/python-multipart/releases">python-multipart's releases</a>.</em></p>
<blockquote>
<h2>Version 0.0.32</h2>
<h2>What's Changed</h2>
<ul>
<li>Replace per-byte partial-boundary scan with rfind lookbehind by <a href="https://github.com/Kludex"><code>@​Kludex</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/300">Kludex/python-multipart#300</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/python-multipart/compare/0.0.31...0.0.32">https://github.com/Kludex/python-multipart/compare/0.0.31...0.0.32</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md">python-multipart's changelog</a>.</em></p>
<blockquote>
<h2>0.0.32 (2026-06-04)</h2>
<ul>
<li>Speed up partial-boundary scanning for CR/LF-dense part data <a href="https://redirect.github.com/Kludex/python-multipart/pull/300">#300</a>.</li>
</ul>
<h2>0.0.31 (2026-06-04)</h2>
<ul>
<li>Speed up multipart header parsing and callback dispatch <a href="https://redirect.github.com/Kludex/python-multipart/pull/295">#295</a>.</li>
<li>Bound header field name size before validating <a href="https://redirect.github.com/Kludex/python-multipart/pull/296">#296</a>.</li>
<li>Validate <code>Content-Length</code> is non-negative in <code>parse_form</code> <a href="https://redirect.github.com/Kludex/python-multipart/pull/297">#297</a>.</li>
</ul>
<h2>0.0.30 (2026-05-31)</h2>
<ul>
<li>Parse <code>application/x-www-form-urlencoded</code> bodies per the WHATWG URL standard, treating only <code>&amp;</code> as a field separator <a href="https://redirect.github.com/Kludex/python-multipart/pull/290">#290</a>.</li>
<li>Ignore RFC 2231/5987 extended parameters (<code>name*</code>, <code>filename*</code>) in <code>parse_options_header</code>, keeping the plain parameter authoritative per <a href="https://datatracker.ietf.org/doc/html/rfc7578#section-4.2">RFC 7578 §4.2</a> <a href="https://redirect.github.com/Kludex/python-multipart/pull/291">#291</a>.</li>
</ul>
<h2>0.0.29 (2026-05-17)</h2>
<ul>
<li>Handle malformed RFC 2231 continuations in <code>parse_options_header</code> <a href="https://redirect.github.com/Kludex/python-multipart/pull/270">#270</a>.</li>
</ul>
<h2>0.0.28 (2026-05-10)</h2>
<ul>
<li>Speed up partial-boundary tail scan via <code>bytes.find</code> <a href="https://redirect.github.com/Kludex/python-multipart/pull/281">#281</a>.</li>
<li>Cap multipart boundary length at 256 bytes <a href="https://redirect.github.com/Kludex/python-multipart/pull/282">#282</a>.</li>
</ul>
<h2>0.0.27 (2026-04-27)</h2>
<ul>
<li>Add multipart header limits <a href="https://redirect.github.com/Kludex/python-multipart/pull/267">#267</a>.</li>
<li>Pass parse offsets via constructors <a href="https://redirect.github.com/Kludex/python-multipart/pull/268">#268</a>.</li>
</ul>
<h2>0.0.26 (2026-04-10)</h2>
<ul>
<li>Skip preamble before the first multipart boundary more efficiently <a href="https://redirect.github.com/Kludex/python-multipart/pull/262">#262</a>.</li>
<li>Silently discard epilogue data after the closing multipart boundary <a href="https://redirect.github.com/Kludex/python-multipart/pull/259">#259</a>.</li>
</ul>
<h2>0.0.25 (2026-04-10)</h2>
<ul>
<li>Add MIME content type info to <code>File</code> <a href="https://redirect.github.com/Kludex/python-multipart/pull/143">#143</a>.</li>
<li>Handle CTE values case-insensitively <a href="https://redirect.github.com/Kludex/python-multipart/pull/258">#258</a>.</li>
<li>Remove custom <code>FormParser</code> classes <a href="https://redirect.github.com/Kludex/python-multipart/pull/257">#257</a>.</li>
<li>Add <code>UPLOAD_DELETE_TMP</code> to <code>FormParser</code> config <a href="https://redirect.github.com/Kludex/python-multipart/pull/254">#254</a>.</li>
<li>Emit <code>field_end</code> for trailing bare field names on finalize <a href="https://redirect.github.com/Kludex/python-multipart/pull/230">#230</a>.</li>
<li>Handle multipart headers case-insensitively <a href="https://redirect.github.com/Kludex/python-multipart/pull/252">#252</a>.</li>
<li>Apply Apache-2.0 properly <a href="https://redirect.github.com/Kludex/python-multipart/pull/247">#247</a>.</li>
</ul>
<h2>0.0.24 (2026-04-05)</h2>
<ul>
<li>Validate <code>chunk_size</code> in <code>parse_form()</code> <a href="https://redirect.github.com/Kludex/python-multipart/pull/244">#244</a>.</li>
</ul>
<h2>0.0.23 (2026-04-05)</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/Kludex/python-multipart/commit/238ead62a0bb6f6cdfe122708faa13812f59f9a6"><code>238ead6</code></a> Version 0.0.32 (<a href="https://redirect.github.com/Kludex/python-multipart/issues/302">#302</a>)</li>
<li><a href="https://github.com/Kludex/python-multipart/commit/86729796093b04f7cf414ea6c2c4499e2a5750af"><code>8672979</code></a> Replace per-byte partial-boundary scan with rfind lookbehind (<a href="https://redirect.github.com/Kludex/python-multipart/issues/300">#300</a>)</li>
<li><a href="https://github.com/Kludex/python-multipart/commit/8190779d8234c8bf8cbed7891c11d4bfb79e84df"><code>8190779</code></a> Bump the python-packages group with 7 updates (<a href="https://redirect.github.com/Kludex/python-multipart/issues/301">#301</a>)</li>
<li><a href="https://github.com/Kludex/python-multipart/commit/0d3c086d237f6fd20fefe8853e95979276a07c44"><code>0d3c086</code></a> Use uv package ecosystem for Dependabot (<a href="https://redirect.github.com/Kludex/python-multipart/issues/299">#299</a>)</li>
<li><a href="https://github.com/Kludex/python-multipart/commit/4cffc68a165f7a6f6b7756ce006fabf07a05b7a4"><code>4cffc68</code></a> Version 0.0.31 (<a href="https://redirect.github.com/Kludex/python-multipart/issues/298">#298</a>)</li>
<li><a href="https://github.com/Kludex/python-multipart/commit/c814948acf509cef7881fa75c969969b19239bbf"><code>c814948</code></a> Reject negative <code>Content-Length</code> in <code>parse_form</code> (<a href="https://redirect.github.com/Kludex/python-multipart/issues/297">#297</a>)</li>
<li><a href="https://github.com/Kludex/python-multipart/commit/6b837d47bc68826ed5cbbcb50c6c6a6093444494"><code>6b837d4</code></a> Bound header field name size before validating (<a href="https://redirect.github.com/Kludex/python-multipart/issues/296">#296</a>)</li>
<li><a href="https://github.com/Kludex/python-multipart/commit/e0c4f9df2e737d1663fbbdd6563f80613a2089f9"><code>e0c4f9d</code></a> Bump the github-actions group with 3 updates (<a href="https://redirect.github.com/Kludex/python-multipart/issues/294">#294</a>)</li>
<li><a href="https://github.com/Kludex/python-multipart/commit/b8a01bb683e8e8675fdb5d831b206a478c8215aa"><code>b8a01bb</code></a> Bump the python-packages group with 3 updates (<a href="https://redirect.github.com/Kludex/python-multipart/issues/293">#293</a>)</li>
<li><a href="https://github.com/Kludex/python-multipart/commit/6732164f30c58e28589a1e22213d2f6b8c6bad9f"><code>6732164</code></a> Speed up multipart header parsing and callback dispatch (<a href="https://redirect.github.com/Kludex/python-multipart/issues/295">#295</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/Kludex/python-multipart/compare/0.0.27...0.0.32">compare view</a></li>
</ul>
</details>
<br />

Updates `ruff` to 0.15.20
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/astral-sh/ruff/releases">ruff's releases</a>.</em></p>
<blockquote>
<h2>0.15.20</h2>
<h2>Release Notes</h2>
<p>Released on 2026-06-25.</p>
<h3>Preview features</h3>
<ul>
<li>Allow human-readable names in rule selectors (<a href="https://redirect.github.com/astral-sh/ruff/pull/25887">#25887</a>)</li>
<li>Emit a warning instead of an error for unknown rule selectors (<a href="https://redirect.github.com/astral-sh/ruff/pull/26113">#26113</a>)</li>
<li>Match <code>noqa</code> shebang handling in <code>ruff:ignore</code> comments (<a href="https://redirect.github.com/astral-sh/ruff/pull/26286">#26286</a>)</li>
<li>[<code>ruff</code>] Remove <code>pytest-fixture-autouse</code> (<code>RUF076</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/26240">#26240</a>, <a href="https://redirect.github.com/astral-sh/ruff/pull/26371">#26371</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Add versioning sections to custom crate READMEs (<a href="https://redirect.github.com/astral-sh/ruff/pull/26317">#26317</a>)</li>
<li>Update <code>ruff_python_parser</code> README for crates.io (<a href="https://redirect.github.com/astral-sh/ruff/pull/26315">#26315</a>)</li>
<li>[<code>perflint</code>] Clarify that <code>PERF402</code> applies to any iterable (<a href="https://redirect.github.com/astral-sh/ruff/pull/26242">#26242</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a href="https://github.com/dhruvmanila"><code>@​dhruvmanila</code></a></li>
<li><a href="https://github.com/MichaReiser"><code>@​MichaReiser</code></a></li>
<li><a href="https://github.com/ntBre"><code>@​ntBre</code></a></li>
<li><a href="https://github.com/trilamsr"><code>@​trilamsr</code></a></li>
</ul>
<h2>Install ruff 0.15.20</h2>
<h3>Install prebuilt binaries via shell script</h3>
<pre lang="sh"><code>curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.sh | sh
</code></pre>
<h3>Install prebuilt binaries via powershell script</h3>
<pre lang="sh"><code>powershell -ExecutionPolicy Bypass -c &quot;irm https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.ps1 | iex&quot;
</code></pre>
<h2>Download ruff 0.15.20</h2>
<table>
<thead>
<tr>
<th>File</th>
<th>Platform</th>
<th>Checksum</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-aarch64-apple-darwin.tar.gz">ruff-aarch64-apple-darwin.tar.gz</a></td>
<td>Apple Silicon macOS</td>
<td><a href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-aarch64-apple-darwin.tar.gz.sha256">checksum</a></td>
</tr>
<tr>
<td><a href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-x86_64-apple-darwin.tar.gz">ruff-x86_64-apple-darwin.tar.gz</a></td>
<td>Intel macOS</td>
<td><a href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-x86_64-apple-darwin.tar.gz.sha256">checksum</a></td>
</tr>
<tr>
<td><a href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-aarch64-pc-windows-msvc.zip">ruff-aarch64-pc-windows-msvc.zip</a></td>
<td>ARM64 Windows</td>
<td><a href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-aarch64-pc-windows-msvc.zip.sha256">checksum</a></td>
</tr>
<tr>
<td><a href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-i686-pc-windows-msvc.zip">ruff-i686-pc-windows-msvc.zip</a></td>
<td>x86 Windows</td>
<td><a href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-i686-pc-windows-msvc.zip.sha256">checksum</a></td>
</tr>
<tr>
<td><a href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-x86_64-pc-windows-msvc.zip">ruff-x86_64-pc-windows-msvc.zip</a></td>
<td>x64 Windows</td>
<td><a href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-x86_64-pc-windows-msvc.zip.sha256">checksum</a></td>
</tr>
<tr>
<td><a href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-aarch64-unknown-linux-gnu.tar.gz">ruff-aarch64-unknown-linux-gnu.tar.gz</a></td>
<td>ARM64 Linux</td>
<td><a href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-aarch64-unknown-linux-gnu.tar.gz.sha256">checksum</a></td>
</tr>
<tr>
<td><a href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-i686-unknown-linux-gnu.tar.gz">ruff-i686-unknown-linux-gnu.tar.gz</a></td>
<td>x86 Linux</td>
<td><a href="https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-i686-unknown-linux-gnu.tar.gz.sha256">checksum</a></td>
</tr>
</tbody>
</table>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md">ruff's changelog</a>.</em></p>
<blockquote>
<h2>0.15.20</h2>
<p>Released on 2026-06-25.</p>
<h3>Preview features</h3>
<ul>
<li>Allow human-readable names in rule selectors (<a href="https://redirect.github.com/astral-sh/ruff/pull/25887">#25887</a>)</li>
<li>Emit a warning instead of an error for unknown rule selectors (<a href="https://redirect.github.com/astral-sh/ruff/pull/26113">#26113</a>)</li>
<li>Match <code>noqa</code> shebang handling in <code>ruff:ignore</code> comments (<a href="https://redirect.github.com/astral-sh/ruff/pull/26286">#26286</a>)</li>
<li>[<code>ruff</code>] Remove <code>pytest-fixture-autouse</code> (<code>RUF076</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/26240">#26240</a>, <a href="https://redirect.github.com/astral-sh/ruff/pull/26371">#26371</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Add versioning sections to custom crate READMEs (<a href="https://redirect.github.com/astral-sh/ruff/pull/26317">#26317</a>)</li>
<li>Update <code>ruff_python_parser</code> README for crates.io (<a href="https://redirect.github.com/astral-sh/ruff/pull/26315">#26315</a>)</li>
<li>[<code>perflint</code>] Clarify that <code>PERF402</code> applies to any iterable (<a href="https://redirect.github.com/astral-sh/ruff/pull/26242">#26242</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a href="https://github.com/dhruvmanila"><code>@​dhruvmanila</code></a></li>
<li><a href="https://github.com/MichaReiser"><code>@​MichaReiser</code></a></li>
<li><a href="https://github.com/ntBre"><code>@​ntBre</code></a></li>
<li><a href="https://github.com/trilamsr"><code>@​trilamsr</code></a></li>
</ul>
<h2>0.15.19</h2>
<p>Released on 2026-06-23.</p>
<h3>Preview features</h3>
<ul>
<li>Support human-readable names when hovering suppression comments and in code actions (<a href="https://redirect.github.com/astral-sh/ruff/pull/26114">#26114</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>Fall back to default settings when editor-only settings are invalid (<a href="https://redirect.github.com/astral-sh/ruff/pull/26244">#26244</a>)</li>
<li>Fix panic when inserting text at a notebook cell boundary (<a href="https://redirect.github.com/astral-sh/ruff/pull/26111">#26111</a>)</li>
</ul>
<h3>Rule changes</h3>
<ul>
<li>[<code>pylint</code>] Update fix suggestions for <code>__floor__</code>, <code>__trunc__</code>, <code>__length_hint__</code>, and <code>__matmul__</code> variants (<code>PLC2801</code>) (<a href="https://redirect.github.com/astral-sh/ruff/pull/26239">#26239</a>)</li>
</ul>
<h3>Performance</h3>
<ul>
<li>Avoid allocating when parsing single string literals (<a href="https://redirect.github.com/astral-sh/ruff/pull/26200">#26200</a>)</li>
<li>Avoid reallocating singleton call arguments (<a href="https://redirect.github.com/astral-sh/ruff/pull/26223">#26223</a>)</li>
<li>Lazily create source files for lint diagnostics (<a href="https://redirect.github.com/astral-sh/ruff/pull/26226">#26226</a>)</li>
<li>Optimize formatter text width and indentation (<a href="https://redirect.github.com/astral-sh/ruff/pull/26236">#26236</a>)</li>
<li>Reserve capacity for builtin bindings (<a href="https://redirect.github.com/astral-sh/ruff/pull/26229">#26229</a>)</li>
<li>Skip repeated-key checks for singleton dictionaries (<a href="https://redirect.github.com/astral-sh/ruff/pull/26228">#26228</a>)</li>
<li>Use ArrayVec for qualified name segments (<a href="https://redirect.github.com/astral-sh/ruff/pull/26224">#26224</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/astral-sh/ruff/commit/f82a36b6baf8c0547a17bbde6c0d927ccd45d938"><code>f82a36b</code></a> Bump 0.15.20 (<a href="https://redirect.github.com/astral-sh/ruff/issues/26376">#26376</a>)</li>
<li><a href="https://github.com/astral-sh/ruff/commit/af329438b55d5aa8ca28725f17abbae63b5c815d"><code>af32943</code></a> Improve the summarise-ecosystem-results skill (<a href="https://redirect.github.com/astral-sh/ruff/issues/26378">#26378</a>)</li>
<li><a href="https://github.com/astral-sh/ruff/commit/485ebab5de692aad34720898cd80245b6092ba86"><code>485ebab</code></a> Remove <code>RUF076</code> name from schema (<a href="https://redirect.github.com/astral-sh/ruff/issues/26371">#26371</a>)</li>
<li><a href="https://github.com/astral-sh/ruff/commit/ef81835ce3da615346584dc446de0fe26bfc154b"><code>ef81835</code></a> [ty] Implement rust-analyzer's &quot;Click for full compiler diagnostic&quot; feature (...</li>
<li><a href="https://github.com/astral-sh/ruff/commit/572b31e2377a701a7365f069f6ef87002962cb2b"><code>572b31e</code></a> [<code>ruff</code>] Remove <code>pytest-fixture-autouse</code> (<code>RUF076</code>) (<a href="https://redirect.github.com/astral-sh/ruff/issues/26240">#26240</a>)</li>
<li><a href="https://github.com/astral-sh/ruff/commit/f703f219d7fddd1a4abba9fa81e34773c185a4b9"><code>f703f21</code></a> Allow human-readable names in rule selectors (<a href="https://redirect.github.com/astral-sh/ruff/issues/25887">#25887</a>)</li>
<li><a href="https://github.com/astral-sh/ruff/commit/0d726b28ee35413926145ffef4ac1143cae9ea1e"><code>0d726b2</code></a> [ty] Reuse equality semantics for membership compatibility (<a href="https://redirect.github.com/astral-sh/ruff/issues/25955">#25955</a>)</li>
<li><a href="https://github.com/astral-sh/ruff/commit/dbe6e9848c3f78fdaf543cfc000939ebc73b5f00"><code>dbe6e98</code></a> [ty] Infer definite equality comparison results (<a href="https://redirect.github.com/astral-sh/ruff/issues/26337">#26337</a>)</li>
<li><a href="https://github.com/astral-sh/ruff/commit/e700ea357a2196d76b58eb89b2031ddb5ca896e0"><code>e700ea3</code></a> [ty] Prove TypedDict structural patterns exhaustive (<a href="https://redirect.github.com/astral-sh/ruff/issues/26285">#26285</a>)</li>
<li><a href="https://github.com/astral-sh/ruff/commit/6a0d2ec93959d966430b8c39d4de5c3e8a88e911"><code>6a0d2ec</code></a> [ty] Widen inferred class-valued instance attributes (<a href="https://redirect.github.com/astral-sh/ruff/issues/26338">#26338</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/astral-sh/ruff/compare/0.15.12...0.15.20">compare view</a></li>
</ul>
</details>
<br />

Updates `sqlalchemy` to 2.0.51
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/sqlalchemy/sqlalchemy/releases">sqlalchemy's releases</a>.</em></p>
<blockquote>
<h1>2.0.51</h1>
<p>Released: June 15, 2026</p>
<h2>orm</h2>
<ul>
<li>
<p><strong>[orm] [bug]</strong> Fixed issue where <code>_orm.subqueryload()</code> combined with
<code>PropComparator.of_type()</code> and <code>PropComparator.and_()</code> would
silently drop the additional filter criteria, causing all related objects
to be loaded instead of only those matching the filter.  The
<code>LoaderCriteriaOption</code> was being constructed against the base
entity rather than the effective entity indicated by
<code>PropComparator.of_type()</code>.  Pull request courtesy Arya Rizky.</p>
<p>References: <a href="https://www.sqlalchemy.org/trac/ticket/13207">#13207</a></p>
</li>
<li>
<p><strong>[orm] [bug]</strong> Fixed bug where a failure during <code>tpc_prepare()</code> within
<code>_orm.Session.commit()</code> for a two-phase session would raise
<code>IllegalStateChangeError</code> instead of the original database
exception.  The internal <code>_prepare_impl()</code> method's error handler
was unable to invoke <code>_orm.SessionTransaction.rollback()</code> due
to a state-change guard, preventing proper cleanup and masking the
underlying error.</p>
<p>References: <a href="https://www.sqlalchemy.org/trac/ticket/13356">#13356</a></p>
</li>
</ul>
<h2>engine</h2>
<ul>
<li>
<p><strong>[engine] [bug]</strong> Fixed issue where <code>Result.freeze()</code> would lose track of ambiguous
column names present in the original <code>CursorResult</code>, causing
key-based access on the thawed result to silently return a value instead of
raising <code>InvalidRequestError</code>.  The
<code>SimpleResultMetaData</code> now accepts and propagates ambiguous key
information so that frozen, thawed, and pickled results raise consistently
for duplicate column names.  Pull request courtesy Saurabh Kohli.</p>
<p>References: <a href="https://www.sqlalchemy.org/trac/ticket/9427">#9427</a></p>
</li>
</ul>
<h2>sql</h2>
<ul>
<li>
<p><strong>[sql] [bug]</strong> Fixed issue where <code>_sql.StatementLambdaElement</code> would proxy
attribute access through the cached &quot;expected&quot; expression rather than the
resolved expression, causing stale closure-bound parameter values to be
used when a lambda statement was extended with non-lambda criteria such as
an additional <code>.where()</code> clause.  Courtesy cjc0013.</p>
<p>References: <a href="https://www.sqlalchemy.org/trac/ticket/10827">#10827</a></p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/sqlalchemy/sqlalchemy/commits">compare view</a></li>
</ul>
</details>
<br />

Updates `uvicorn` to 0.49.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/Kludex/uvicorn/releases">uvicorn's releases</a>.</em></p>
<blockquote>
<h2>Version 0.49.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump httptools minimum version to 0.8.0 by <a href="https://github.com/Kludex"><code>@​Kludex</code></a> in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2962">Kludex/uvicorn#2962</a></li>
<li>Consume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) by <a href="https://github.com/Kludex"><code>@​Kludex</code></a> in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2971">Kludex/uvicorn#2971</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0">https://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md">uvicorn's changelog</a>.</em></p>
<blockquote>
<h2>0.49.0 (June 3, 2026)</h2>
<h3>Changed</h3>
<ul>
<li>Bump <code>httptools</code> minimum version to 0.8.0 (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2962">#2962</a>)</li>
<li>Consume duplicate forwarding headers in <code>ProxyHeadersMiddleware</code> (reverses the 0.48.0 behavior of ignoring them) (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2971">#2971</a>)</li>
</ul>
<h2>0.48.0 (May 24, 2026)</h2>
<h3>Changed</h3>
<ul>
<li>Default <code>ssl_ciphers</code> to <code>None</code> and use OpenSSL defaults (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2940">#2940</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Ignore duplicate forwarding headers in <code>ProxyHeadersMiddleware</code> (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2944">#2944</a>)</li>
</ul>
<h2>0.47.0 (May 14, 2026)</h2>
<h3>Added</h3>
<ul>
<li>Add <code>ssl_context_factory</code> for custom <code>SSLContext</code> configuration (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2920">#2920</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Eagerly import the ASGI app in the parent process (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2919">#2919</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Treat <code>fd=0</code> as a valid file descriptor with reload/workers (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2927">#2927</a>)</li>
</ul>
<h2>0.46.0 (April 23, 2026)</h2>
<h3>Added</h3>
<ul>
<li>Support <code>ws_max_size</code> in <code>wsproto</code> implementation (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2915">#2915</a>)</li>
<li>Support <code>ws_ping_interval</code> and <code>ws_ping_timeout</code> in <code>wsproto</code> implementation (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2916">#2916</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Use <code>bytearray</code> for incoming WebSocket message buffer in <code>websockets-sansio</code> (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2917">#2917</a>)</li>
</ul>
<h2>0.45.0 (April 21, 2026)</h2>
<h3>Added</h3>
<ul>
<li>Add <code>--reset-contextvars</code> flag to isolate ASGI request context (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2912">#2912</a>)</li>
<li>Accept <code>os.PathLike</code> for <code>log_config</code> (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2905">#2905</a>)</li>
<li>Accept <code>log_level</code> strings case-insensitively (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2907">#2907</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/Kludex/uvicorn/commit/3ef2e3e08e3d9ad9572800f8bc54f3eaed9eab0a"><code>3ef2e3e</code></a> Version 0.49.0 (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2973">#2973</a>)</li>
<li><a href="https://github.com/Kludex/uvicorn/commit/eeb64b1d1c95a14096ed3313377c74b485f558fc"><code>eeb64b1</code></a> Consume duplicate forwarding headers in ProxyHeadersMiddleware (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2971">#2971</a>)</li>
<li><a href="https://github.com/Kludex/uvicorn/commit/630f4aca14e79183617c71be714030842a1041c5"><code>630f4ac</code></a> Make the watchfiles reload tests deterministic (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2972">#2972</a>)</li>
<li><a href="https://github.com/Kludex/uvicorn/commit/9154922e3730f7aba68ecc3ecbf536680ee8fd1c"><code>9154922</code></a> chore(deps): bump the github-actions group across 1 directory with 6 updates ...</li>
<li><a href="https://github.com/Kludex/uvicorn/commit/739727a1d80e468d1e47e98bbd824ee9e3c9554b"><code>739727a</code></a> Migrate docs deploy from Cloudflare Pages to Workers (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2967">#2967</a>)</li>
<li><a href="https://github.com/Kludex/uvicorn/commit/be4a240488d3fb678a11b8e8f83505266f5f1de7"><code>be4a240</code></a> Gate docs preview deploy on Cloudflare token presence (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2966">#2966</a>)</li>
<li><a href="https://github.com/Kludex/uvicorn/commit/c489d7e10dfe653a2bba914feedf2a632a026e6f"><code>c489d7e</code></a> Bump httptools minimum version to 0.8.0 (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2962">#2962</a>)</li>
<li><a href="https://github.com/Kludex/uvicorn/commit/9f547bd82ef52bcba206e04170b359bd6daa25b3"><code>9f547bd</code></a> Skip docs preview deploy for Dependabot PRs (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2961">#2961</a>)</li>
<li><a href="https://github.com/Kludex/uvicorn/commit/44446b894e37ca76830d6aa83df4349795400ed4"><code>44446b8</code></a> Migrate documentation from MkDocs Material to Zensical (<a href="https://redirect.github.com/Kludex/uvicorn/issues/29...

_Description has been truncated_

…th 12 updates

Updates the requirements on [alembic](https://github.com/sqlalchemy/alembic), [cryptography](https://github.com/pyca/cryptography), [fastapi](https://github.com/fastapi/fastapi), [fastapi-swagger](https://github.com/dantetemplar/fastapi-swagger), [icalendar](https://github.com/collective/icalendar), [prometheus-fastapi-instrumentator](https://github.com/trallnag/prometheus-fastapi-instrumentator), [python-multipart](https://github.com/Kludex/python-multipart), [ruff](https://github.com/astral-sh/ruff), [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy), [uvicorn](https://github.com/Kludex/uvicorn), [prek](https://github.com/j178/prek) and [joserfc](https://github.com/authlib/joserfc) to permit the latest version.

Updates `alembic` to 1.18.5
- [Release notes](https://github.com/sqlalchemy/alembic/releases)
- [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES)
- [Commits](https://github.com/sqlalchemy/alembic/commits)

Updates `cryptography` to 49.0.0
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@48.0.0...49.0.0)

Updates `fastapi` to 0.138.1
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.136.1...0.138.1)

Updates `fastapi-swagger` to 0.4.52
- [Release notes](https://github.com/dantetemplar/fastapi-swagger/releases)
- [Commits](dantetemplar/fastapi-swagger@v0.4.49...v0.4.52)

Updates `icalendar` to 7.2.0
- [Release notes](https://github.com/collective/icalendar/releases)
- [Changelog](https://github.com/collective/icalendar/blob/main/CHANGES.rst)
- [Commits](collective/icalendar@v7.1.0...v7.2.0)

Updates `prometheus-fastapi-instrumentator` to 8.0.2
- [Release notes](https://github.com/trallnag/prometheus-fastapi-instrumentator/releases)
- [Changelog](https://github.com/trallnag/prometheus-fastapi-instrumentator/blob/master/CHANGELOG.md)
- [Commits](trallnag/prometheus-fastapi-instrumentator@v7.1.0...v8.0.2)

Updates `python-multipart` to 0.0.32
- [Release notes](https://github.com/Kludex/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md)
- [Commits](Kludex/python-multipart@0.0.27...0.0.32)

Updates `ruff` to 0.15.20
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.12...0.15.20)

Updates `sqlalchemy` to 2.0.51
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

Updates `uvicorn` to 0.49.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.46.0...0.49.0)

Updates `prek` to 0.4.5
- [Release notes](https://github.com/j178/prek/releases)
- [Changelog](https://github.com/j178/prek/blob/master/CHANGELOG.md)
- [Commits](j178/prek@v0.3.13...v0.4.5)

Updates `joserfc` to 1.7.1
- [Release notes](https://github.com/authlib/joserfc/releases)
- [Changelog](https://github.com/authlib/joserfc/blob/main/docs/changelog.rst)
- [Commits](authlib/joserfc@1.6.5...1.7.1)

---
updated-dependencies:
- dependency-name: alembic
  dependency-version: 1.18.5
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: cryptography
  dependency-version: 49.0.0
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: fastapi
  dependency-version: 0.138.1
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: fastapi-swagger
  dependency-version: 0.4.52
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: icalendar
  dependency-version: 7.2.0
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: prometheus-fastapi-instrumentator
  dependency-version: 8.0.2
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: python-multipart
  dependency-version: 0.0.32
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: ruff
  dependency-version: 0.15.20
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: sqlalchemy
  dependency-version: 2.0.51
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: uvicorn
  dependency-version: 0.49.0
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: prek
  dependency-version: 0.4.5
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: joserfc
  dependency-version: 1.7.1
  dependency-type: direct:production
  dependency-group: python-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants