Skip to content

Bump the all-dependencies group with 8 updates#133

Merged
rafsaf merged 1 commit intomainfrom
dependabot/uv/all-dependencies-6f170ef06c
Apr 12, 2026
Merged

Bump the all-dependencies group with 8 updates#133
rafsaf merged 1 commit intomainfrom
dependabot/uv/all-dependencies-6f170ef06c

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2026

Bumps the all-dependencies group with 8 updates:

Package From To
fastapi 0.135.1 0.135.3
pyjwt 2.11.0 2.12.1
coverage 7.13.4 7.13.5
mypy 1.19.1 1.20.0
pytest-cov 7.0.0 7.1.0
ruff 0.15.4 0.15.8
librt 0.7.8 0.8.1
pathspec 0.12.1 1.0.4

Updates fastapi from 0.135.1 to 0.135.3

Release notes

Sourced from fastapi's releases.

0.135.3

Features

Docs

  • ✏️ Fix typo for client_secret in OAuth2 form docstrings. PR #14946 by @​bysiber.

Internal

0.135.2

Upgrades

  • ⬆️ Increase lower bound to pydantic >=2.9.0. and fix the test suite. PR #15139 by @​svlandeg.

Docs

Translations

... (truncated)

Commits

Updates pyjwt from 2.11.0 to 2.12.1

Release notes

Sourced from pyjwt's releases.

2.12.1

What's Changed

Full Changelog: jpadilla/pyjwt@2.12.0...2.12.1

2.12.0

Security

What's Changed

New Contributors

Full Changelog: jpadilla/pyjwt@2.11.0...2.12.0

Changelog

Sourced from pyjwt's changelog.

v2.12.1 <https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1>__

Fixed


- Add missing ``typing_extensions`` dependency for Python < 3.11 in `[#1150](https://github.com/jpadilla/pyjwt/issues/1150) <https://github.com/jpadilla/pyjwt/issues/1150>`__

v2.12.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0&gt;__


Fixed

  • Annotate PyJWKSet.keys for pyright by @​tamird in [#1134](https://github.com/jpadilla/pyjwt/issues/1134) <https://github.com/jpadilla/pyjwt/pull/1134>__
  • Close HTTPError response to prevent ResourceWarning on Python 3.14 by @​veeceey in [#1133](https://github.com/jpadilla/pyjwt/issues/1133) <https://github.com/jpadilla/pyjwt/pull/1133>__
  • Do not keep algorithms dict in PyJWK instances by @​akx in [#1143](https://github.com/jpadilla/pyjwt/issues/1143) <https://github.com/jpadilla/pyjwt/pull/1143>__
  • Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by @​dmbs335 in GHSA-752w-5fwx-jx9f <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f>__
  • Use PyJWK algorithm when encoding without explicit algorithm in [#1148](https://github.com/jpadilla/pyjwt/issues/1148) <https://github.com/jpadilla/pyjwt/pull/1148>__

Added


- Docs: Add ``PyJWKClient`` API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache).
Commits

Updates coverage from 7.13.4 to 7.13.5

Changelog

Sourced from coverage's changelog.

Version 7.13.5 — 2026-03-17

  • Fix: issue 2138_ describes a memory leak that happened when repeatedly using the Coverage API with in-memory data. This is now fixed.

  • Fix: the markdown-formatted coverage report didn't fully escape special characters in file paths (issue 2141). This would be very unlikely to cause a problem, but now it's done properly, thanks to Ellie Ayla <pull 2142_>.

  • Fix: the C extension wouldn't build on VS2019, but now it does (issue 2145_).

.. _issue 2138: coveragepy/coveragepy#2138 .. _issue 2141: coveragepy/coveragepy#2141 .. _pull 2142: coveragepy/coveragepy#2142 .. _issue 2145: coveragepy/coveragepy#2145

.. _changes_7-13-4:

Commits
  • c88da14 docs: sample HTML for 7.13.5
  • e2ac3e1 build: sample HTML shouldn't include the status.json file
  • 910f8f3 docs: prep for 7.13.5
  • 3a4819c style: make workflows more uniform
  • 2a53705 chore: bump the action-dependencies group across 1 directory with 4 updates (...
  • e7c878d chore: make upgrade
  • ab4db40 build: use --generate-hashes when pinning
  • a438753 chore: make upgrade
  • 7b33457 refactor: some leftover pyupgrade 3.10 bits
  • 2ff968d refactor: this type wasn't used anywhere
  • Additional commits viewable in compare view

Updates mypy from 1.19.1 to 1.20.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 1.20

We’ve just uploaded mypy 1.20.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Planned Changes to Defaults and Flags in Mypy 2.0

As a reminder, we are planning to enable --local-partial-types by default in mypy 2.0, which will likely be the next feature release. This will often require at least minor code changes. This option is implicitly enabled by mypy daemon, so this makes the behavior of daemon and non-daemon modes consistent.

Note that this release improves the compatibility of --local-partial-types significantly to make the switch easier (see below for more).

This can also be configured in a mypy configuration file (use False to disable):

local_partial_types = True

For more information, refer to the documentation.

We will also enable --strict-bytes by default in mypy 2.0. This usually requires at most minor code changes to adopt. For more information, refer to the documentation.

Finally, --allow-redefinition-new will be renamed to --allow-redefinition. If you want to continue using the older --allow-redefinition semantics which are less flexible (e.g. limited support for conditional redefinitions), you can switch to --allow-redefinition-old, which is currently supported as an alias to the legacy --allow-redefinition behavior. To use --allow-redefinition in the upcoming mypy 2.0, you can't use --no-local-partial-types. For more information, refer to the documentation.

Better Type Narrowing

Mypy's implementation of narrowing has been substantially reworked. Mypy will now narrow more aggressively, more consistently, and more correctly. In particular, you are likely to notice new narrowing behavior in equality expressions (==), containment expressions (in),

... (truncated)

Commits
  • 770d3ca Remove +dev from version
  • 4738ffa Changelog updates for 1.20 (#21109)
  • b4f07a7 Use 'native-parser' instead of 'native-parse' for optional dependency (#21115)
  • 7bec7b7 [mypyc] Document librt and librt.base64 (#21114)
  • c482596 --allow-redefinition-new is no longer experimental (#21110)
  • c916ca3 sdist: include misc/{diff-cache,apply-cache-diff}.py for `mypy/test/test_di...
  • b137e4e [mypyc] Speed up native-to-native imports within the same group (#21101)
  • 978b711 [mypyc] Fix range loop variable off-by-one after loop exit (#21098)
  • 67ada30 [stubtest] Check runtime availability of private types not marked `@type_chec...
  • bdef6ef librt cache tests: build respecting MYPY_TEST_PREFIX (#21097)
  • Additional commits viewable in compare view

Updates pytest-cov from 7.0.0 to 7.1.0

Changelog

Sourced from pytest-cov's changelog.

7.1.0 (2026-03-21)

  • Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See [#641](https://github.com/pytest-dev/pytest-cov/issues/641) <https://github.com/pytest-dev/pytest-cov/issues/641>_.

  • Improve handling of ResourceWarning from sqlite3.

    The plugin adds warning filter for sqlite3 ResourceWarning unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.

    With this fix one can suppress ResourceWarning from sqlite3 from command line::

    pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...

  • Various improvements to documentation. Contributed by Art Pelling in [#718](https://github.com/pytest-dev/pytest-cov/issues/718) <https://github.com/pytest-dev/pytest-cov/pull/718>_ and "vivodi" in [#738](https://github.com/pytest-dev/pytest-cov/issues/738) <https://github.com/pytest-dev/pytest-cov/pull/738>. Also closed [#736](https://github.com/pytest-dev/pytest-cov/issues/736) <https://github.com/pytest-dev/pytest-cov/issues/736>.

  • Fixed some assertions in tests. Contributed by in Markéta Machová in [#722](https://github.com/pytest-dev/pytest-cov/issues/722) <https://github.com/pytest-dev/pytest-cov/pull/722>_.

  • Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).

Commits
  • 66c8a52 Bump version: 7.0.0 → 7.1.0
  • f707662 Make the examples use pypy 3.11.
  • 6049a78 Make context test use the old ctracer (seems the new sysmon tracer behaves di...
  • 8ebf20b Update changelog.
  • 861d30e Remove the backup context manager - shouldn't be needed since coverage 5.0, ...
  • fd4c956 Pass the precision on the nulled total (seems that there's some caching goion...
  • 78c9c4e Only run the 3.9 on older deps.
  • 4849a92 Punctuation.
  • 197c35e Update changelog and hopefully I don't forget to publish release again :))
  • 14dc1c9 Update examples to use 3.11 and make the adhoc layout example look a bit more...
  • Additional commits viewable in compare view

Updates ruff from 0.15.4 to 0.15.8

Release notes

Sourced from ruff's releases.

0.15.8

Release Notes

Released on 2026-03-26.

Preview features

  • [ruff] New rule unnecessary-if (RUF050) (#24114)
  • [ruff] New rule useless-finally (RUF072) (#24165)
  • [ruff] New rule f-string-percent-format (RUF073): warn when using % operator on an f-string (#24162)
  • [pyflakes] Recognize frozendict as a builtin for Python 3.15+ (#24100)

Bug fixes

  • [flake8-async] Use fully-qualified anyio.lowlevel import in autofix (ASYNC115) (#24166)
  • [flake8-bandit] Check tuple arguments for partial paths in S607 (#24080)
  • [pyflakes] Skip undefined-name (F821) for conditionally deleted variables (#24088)
  • E501/W505/formatter: Exclude nested pragma comments from line width calculation (#24071)
  • Fix %foo? parsing in IPython assignment expressions (#24152)
  • analyze graph: resolve string imports that reference attributes, not just modules (#24058)

Rule changes

  • [eradicate] ignore ty: ignore comments in ERA001 (#24192)
  • [flake8-bandit] Treat sys.executable as trusted input in S603 (#24106)
  • [flake8-self] Recognize Self annotation and self assignment in SLF001 (#24144)
  • [pyflakes] F507: Fix false negative for non-tuple RHS in %-formatting (#24142)
  • [refurb] Parenthesize generator arguments in FURB142 fixer (#24200)

Performance

  • Speed up diagnostic rendering (#24146)

Server

  • Warn when Markdown files are skipped due to preview being disabled (#24150)

Documentation

  • Clarify extend-ignore and extend-select settings documentation (#24064)
  • Mention AI policy in PR template (#24198)

Other changes

  • Use trusted publishing for NPM packages (#24171)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.8

Released on 2026-03-26.

Preview features

  • [ruff] New rule unnecessary-if (RUF050) (#24114)
  • [ruff] New rule useless-finally (RUF072) (#24165)
  • [ruff] New rule f-string-percent-format (RUF073): warn when using % operator on an f-string (#24162)
  • [pyflakes] Recognize frozendict as a builtin for Python 3.15+ (#24100)

Bug fixes

  • [flake8-async] Use fully-qualified anyio.lowlevel import in autofix (ASYNC115) (#24166)
  • [flake8-bandit] Check tuple arguments for partial paths in S607 (#24080)
  • [pyflakes] Skip undefined-name (F821) for conditionally deleted variables (#24088)
  • E501/W505/formatter: Exclude nested pragma comments from line width calculation (#24071)
  • Fix %foo? parsing in IPython assignment expressions (#24152)
  • analyze graph: resolve string imports that reference attributes, not just modules (#24058)

Rule changes

  • [eradicate] ignore ty: ignore comments in ERA001 (#24192)
  • [flake8-bandit] Treat sys.executable as trusted input in S603 (#24106)
  • [flake8-self] Recognize Self annotation and self assignment in SLF001 (#24144)
  • [pyflakes] F507: Fix false negative for non-tuple RHS in %-formatting (#24142)
  • [refurb] Parenthesize generator arguments in FURB142 fixer (#24200)

Performance

  • Speed up diagnostic rendering (#24146)

Server

  • Warn when Markdown files are skipped due to preview being disabled (#24150)

Documentation

  • Clarify extend-ignore and extend-select settings documentation (#24064)
  • Mention AI policy in PR template (#24198)

Other changes

  • Use trusted publishing for NPM packages (#24171)

Contributors

... (truncated)

Commits
  • c2a8815 Release 0.15.8 (#24217)
  • d444d52 [ty] Infer lambda expressions with Callable type context (#22633)
  • 9622285 [ty] Autocomplete arguments if in arguments node (#24167)
  • d812662 Use the release environment in publish-docs (#24214)
  • eda2355 [ty] Show Final source in final assignment diagnostic (#24194)
  • 929eb52 [ty] Enforce Final attribute assignment rules for annotated and augmented wri...
  • 34998be [ty] Fix typo in comment (#24211)
  • 560aca0 [ty] Minor simplifications to some benchmark code (#24209)
  • 683bae5 [ty] Track non-terminal-call constraints in global scope (#23245)
  • 4704c2a [ty] Remove unnecessary intermediate collection in `StaticClassLiteral::field...
  • Additional commits viewable in compare view

Updates librt from 0.7.8 to 0.8.1

Commits

Updates pathspec from 0.12.1 to 1.0.4

Release notes

Sourced from pathspec's releases.

v1.0.4

Release v1.0.4. See CHANGES.rst.

v1.0.3

Release v1.0.3. See CHANGES.rst.

v1.0.2

Release v1.0.2. See CHANGES.rst.

v1.0.1

Release v1.0.1. See CHANGES.rst.

v1.0.0

Release v1.0.0. See CHANGES.rst.

Changelog

Sourced from pathspec's changelog.

1.0.4 (2026-01-26)

  • Issue [#103](https://github.com/cpburnz/python-pathspec/issues/103)_: Using re2 fails if pyre2 is also installed.

.. _Issue [#103](https://github.com/cpburnz/python-pathspec/issues/103): cpburnz/python-pathspec#103

1.0.3 (2026-01-09)

Bug fixes:

  • Issue [#101](https://github.com/cpburnz/python-pathspec/issues/101)_: pyright strict errors with pathspec >= 1.0.0.
  • Issue [#102](https://github.com/cpburnz/python-pathspec/issues/102)_: No module named 'tomllib'.

.. _Issue [#101](https://github.com/cpburnz/python-pathspec/issues/101): cpburnz/python-pathspec#101 .. _Issue [#102](https://github.com/cpburnz/python-pathspec/issues/102): cpburnz/python-pathspec#102

1.0.2 (2026-01-07)

Bug fixes:

  • Type hint collections.abc.Callable does not properly replace typing.Callable until Python 3.9.2.

1.0.1 (2026-01-06)

Bug fixes:

  • Issue [#100](https://github.com/cpburnz/python-pathspec/issues/100)_: ValueError(f"{patterns=!r} cannot be empty.") when using black.

.. _Issue [#100](https://github.com/cpburnz/python-pathspec/issues/100): cpburnz/python-pathspec#100

1.0.0 (2026-01-05)

Major changes:

  • Issue [#91](https://github.com/cpburnz/python-pathspec/issues/91)_: Dropped support of EoL Python 3.8.
  • Added concept of backends to allow for faster regular expression matching. The backend can be controlled using the backend argument to PathSpec(), PathSpec.from_lines(), GitIgnoreSpec(), and GitIgnoreSpec.from_lines().
  • Renamed "gitwildmatch" pattern back to "gitignore". The "gitignore" pattern behaves slightly differently when used with PathSpec (gitignore as documented) than with GitIgnoreSpec (replicates Git's edge cases).

API changes:

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the all-dependencies group with 8 updates
39b831c 
Bumps the all-dependencies group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [fastapi](https://github.com/fastapi/fastapi) | `0.135.1` | `0.135.3` |
| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.11.0` | `2.12.1` |
| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.4` | `7.13.5` |
| [mypy](https://github.com/python/mypy) | `1.19.1` | `1.20.0` |
| [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `7.0.0` | `7.1.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.4` | `0.15.8` |
| [librt](https://github.com/mypyc/librt) | `0.7.8` | `0.8.1` |
| [pathspec](https://github.com/cpburnz/python-pathspec) | `0.12.1` | `1.0.4` |


Updates `fastapi` from 0.135.1 to 0.135.3
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.135.1...0.135.3)

Updates `pyjwt` from 2.11.0 to 2.12.1
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](jpadilla/pyjwt@2.11.0...2.12.1)

Updates `coverage` from 7.13.4 to 7.13.5
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.13.4...7.13.5)

Updates `mypy` from 1.19.1 to 1.20.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v1.19.1...v1.20.0)

Updates `pytest-cov` from 7.0.0 to 7.1.0
- [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst)
- [Commits](pytest-dev/pytest-cov@v7.0.0...v7.1.0)

Updates `ruff` from 0.15.4 to 0.15.8
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.4...0.15.8)

Updates `librt` from 0.7.8 to 0.8.1
- [Commits](mypyc/librt@v0.7.8...v0.8.1)

Updates `pathspec` from 0.12.1 to 1.0.4
- [Release notes](https://github.com/cpburnz/python-pathspec/releases)
- [Changelog](https://github.com/cpburnz/python-pathspec/blob/master/CHANGES.rst)
- [Commits](cpburnz/python-pathspec@v0.12.1...v1.0.4)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.135.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: pyjwt
  dependency-version: 2.12.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: coverage
  dependency-version: 7.13.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: mypy
  dependency-version: 1.20.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: pytest-cov
  dependency-version: 7.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: ruff
  dependency-version: 0.15.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: librt
  dependency-version: 0.8.1
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: pathspec
  dependency-version: 1.0.4
  dependency-type: indirect
  update-type: version-update:semver-major
  dependency-group: all-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 1, 2026
@rafsaf rafsaf merged commit a9b3d85 into main Apr 12, 2026
4 checks passed
@rafsaf rafsaf deleted the dependabot/uv/all-dependencies-6f170ef06c branch April 12, 2026 12:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rafsaf