Skip to content

chore(deps): bump the python-dependencies group across 1 directory with 18 updates#137

Merged
dantetemplar merged 1 commit intomainfrom
dependabot/pip/python-dependencies-2a3f54f844
May 6, 2026
Merged

chore(deps): bump the python-dependencies group across 1 directory with 18 updates#137
dantetemplar merged 1 commit intomainfrom
dependabot/pip/python-dependencies-2a3f54f844

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 6, 2026
edited
Loading

Updates the requirements on alembic, asyncpg, authlib, colorlog, cryptography, fastapi, fastapi-swagger, gunicorn, icalendar, prometheus-fastapi-instrumentator, pydantic, python-multipart, pytz, pyyaml, ruff, sqlalchemy, uvicorn and prek to permit the latest version.
Updates alembic to 1.18.4

Release notes

Sourced from alembic's releases.

1.18.4

Released: February 10, 2026

bug

  • [bug] [operations] Reverted the behavior of Operations.add_column() that would automatically render the "PRIMARY KEY" keyword inline when a Column with primary_key=True is added. The automatic behavior, added in version 1.18.2, is now opt-in via the new Operations.add_column.inline_primary_key parameter. This change restores the ability to render a PostgreSQL SERIAL column, which is required to be primary_key=True, while not impacting the ability to render a separate primary key constraint. This also provides consistency with the Operations.add_column.inline_references parameter and gives users explicit control over SQL generation.

    To render PRIMARY KEY inline, use the Operations.add_column.inline_primary_key parameter set to True:

    op.add_column( "my_table", Column("id", Integer, primary_key=True), inline_primary_key=True )References: #1232

Commits

Updates asyncpg to 0.31.0

Release notes

Sourced from asyncpg's releases.

v0.31.0

Enable Python 3.14 with experimental subinterpreter/freethreading support.

Improvements

  • Add Python 3.14 support, experimental subinterpreter/freethreading support (#1279) (by @​elprans in 9e42642b)

  • Avoid performing type introspection on known types (#1243) (by @​elprans in 5c9986c4)

  • Make prepare() not use named statements by default when cache is disabled (#1245) (by @​elprans in 5b14653e)

  • Implement connection service file functionality (#1223) (by @​AndrewJackson2020 in 1d63bb15)

Fixes

Other

Commits

Updates authlib to 1.7.2

Release notes

Sourced from authlib's releases.

v1.7.2

What's Changed

Full Changelog: authlib/authlib@v1.7.1...v1.7.2

Commits
  • a0b76fa chore: bump to 1.7.2
  • c85c7f2 Merge pull request #884 from azmeuk/852-rfc7523-key-import
  • a3b2add Merge pull request #873 from azmeuk/bcp47
  • f2578ea fix: Import RSAKey in auth.py for additional key support
  • b57182c fix: fallback support RSAKey when client_secret is text
  • 4e75902 Merge branch 'main' into 852-rfc7523-key-import
  • 5eb4a86 Merge pull request #887 from azmeuk/883-alg
  • 5633f37 fix: allow non-recommended algorithms in ClientSecretJWT and PrivateKeyJWT
  • 4c8e7b3 Merge pull request #886 from azmeuk/885-readme
  • 23b333e docs: fix the readme links
  • Additional commits viewable in compare view

Updates colorlog to 6.10.1

Release notes

Sourced from colorlog's releases.

v6.10.1

What's Changed

Full Changelog: borntyping/python-colorlog@v6.9.0...v6.10.1

Commits

Updates cryptography to 48.0.0

Changelog

Sourced from cryptography's changelog.

48.0.0 - 2026-05-04


* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.
  ``cryptography`` now requires Python 3.9 or later.
* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner
  ``TBSCertList.signature`` algorithm does not match the outer
  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs
  were parsed successfully and only rejected during signature validation.
* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and
  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or
  later, in addition to the existing AWS-LC and BoringSSL support. This means
  post-quantum algorithms are now available to users of our wheels.

    

  • Note: Going forward, we do not guarantee that all functionality
    
in cryptography will be available when building against
    
OpenSSL. See :doc:/statements/state-of-openssl for more information.
    • 



.. _v47-0-0:


47.0.0 - 2026-04-24

  • Support for Python 3.8 is deprecated and will be removed in the next cryptography release.
  • BACKWARDS INCOMPATIBLE: Support for binary elliptic curves (SECT* classes) has been removed. These curves are rarely used and have additional security considerations that make them undesirable.
  • BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.1.x has been removed. OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC continue to be supported.
  • BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 4.1.
  • BACKWARDS INCOMPATIBLE: Loading keys with unsupported algorithms or keys with unsupported explicit curve encodings now raises :class:~cryptography.exceptions.UnsupportedAlgorithm instead of ValueError. This change affects :func:~cryptography.hazmat.primitives.serialization.load_pem_private_key, :func:~cryptography.hazmat.primitives.serialization.load_der_private_key, :func:~cryptography.hazmat.primitives.serialization.load_pem_public_key, :func:~cryptography.hazmat.primitives.serialization.load_der_public_key, and :meth:~cryptography.x509.Certificate.public_key when called on certificates with unsupported public key algorithms.
  • BACKWARDS INCOMPATIBLE: When parsing elliptic curve private keys, we now reject keys that incorrectly encode a private key of the wrong length because such keys are impossible to process in a constant-time manner. We do not believe keys with this problem are in wide use, however we may revert this change based on the feedback we receive.
  • Deprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to :class:~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES. In a

... (truncated)

Commits

Updates fastapi to 0.136.1

Release notes

Sourced from fastapi's releases.

0.136.1

Upgrades

Internal

Commits

Updates fastapi-swagger to 0.4.49

Release notes

Sourced from fastapi-swagger's releases.

v0.4.49

Package version: v0.4.49 🚀 Swagger UI version: v5.32.5

Commits
  • a6bbdbf chore: bump version to 0.4.49
  • a27ebfe chore: update Swagger UI to v5.32.5
  • 3d22833 chore: bump version to 0.4.48
  • 95eefc5 chore: update Swagger UI to v5.32.4
  • b0eba77 chore: bump version to 0.4.47
  • 0021b49 chore: update Swagger UI to v5.32.3
  • See full diff in compare view

Updates gunicorn from 23.0.0 to 26.0.0

Release notes

Sourced from gunicorn's releases.

26.0.0

Breaking Changes

  • Eventlet worker removed: The eventlet worker class has been dropped. Migrate to gevent, gthread, or tornado.

New Features

  • ASGI Framework Compatibility Suite: New end-to-end compatibility test harness covering Starlette, FastAPI, Litestar, Quart, Sanic, and BlackSheep. Current grid passes 438/444 tests (98%).
  • ASGI Test Suite Expansion: 134 additional ASGI unit tests covering protocol semantics, lifespan, websockets, and chunked framing.

Security

  • HTTP/1.1 Request-Target Validation (RFC 9112 sections 3.2.3, 3.2.4):
    • Reject authority-form request-target outside CONNECT
    • Reject asterisk-form request-target outside OPTIONS
    • Reject relative-reference request-targets
  • Header Field Hardening (RFC 9110):
    • Reject control characters in header field-value (section 5.5)
    • Reject forbidden trailer field-names (section 6.5.1)
    • Reject Content-Length list form (RFC 9112 section 6.3)
  • Request Smuggling Hardening:
    • Tighten keepalive gate and scope finish_body byte cap
    • Keep _body_receiver alive across the keepalive smuggling gate so pipelined requests cannot re-enter a closed body
    • Address parser/protocol findings from a six-point WSGI/ASGI audit
  • PROXY Protocol (ASGI): Enforce proxy_allow_ips and tighten v1/v2 parsing in the ASGI callback parser.
  • Connection Draining: Drain the connection on close per RFC 9112 section 9.6 to prevent reset-on-close truncation.

Bug Fixes

  • Body Framing on HEAD/204/304:
    • Keep Content-Length on HEAD and 304 responses (#3621)
    • Drop body framing on HEAD/204/304 even when the framework set it
    • Warn once when an ASGI app emits a body for a no-body response
  • HTTP/2 ASGI:
    • Fix _handle_stream_ended to set _body_complete in the async HTTP/2 handler so request bodies finalize correctly on stream end
    • Add InvalidChunkExtension mapping and fast-parser support in ASGI tests (#3565)
  • HTTP/1.1 100-Continue: Stop adding Transfer-Encoding: chunked to 100-Continue interim responses.
  • WebSocket Close Handshake (RFC 6455):
    • Comply with the close handshake state machine
    • Close the transport after the close handshake completes
    • Fix binary send when the text key is None
  • Early Hints: Validate headers in the early_hints callback to match process_headers; pass only the header name to InvalidHeader (#3588).
  • ASGI Framework Fixes:
    • Fix ASGI disconnect handling for Django-style apps
    • Fix Litestar request handling (use raw ASGI receive for body/headers)
    • Fix Litestar HTTP endpoints for compatibility tests
    • Fix Quart headers endpoint to normalize keys to lowercase
    • Fix Quart WebSocket close test app (missing accept())
    • Fix duplicate Transfer-Encoding header for BlackSheep streaming

... (truncated)

Commits
  • 5d819cf release: 26.0.0
  • b45c70d Merge pull request #3611 from zc-mattcen/docs-typo
  • 99c8d48 Merge pull request #3623 from benoitc/chore/drop-eventlet-add-h2-uvloop-test-...
  • 5a655af Merge pull request #3622 from benoitc/test/docker-port-and-ipv4-fixes
  • 201df19 chore: remove eventlet worker; add h2 and uvloop to test deps
  • f4ac8e1 test: pass action name to dirty client and stabilize after TTOU spam
  • 54d38af test: unblock docker fixtures on macOS hosts
  • 68843c8 Merge pull request #3621 from benoitc/fix/asgi-preserve-content-length-on-hea...
  • 31f2618 Merge pull request #3620 from benoitc/fix/asgi-proxy-protocol-trust-and-parsing
  • 41ec752 fix: keep Content-Length on HEAD and 304 responses
  • Additional commits viewable in compare view

Updates icalendar to 7.1.0

Release notes

Sourced from icalendar's releases.

v7.1.0

To view the changes, please see the Changelog. This release can be installed from PyPI.

Changelog

Sourced from icalendar's changelog.

7.1.0 (2026-04-30)

Minor changes


- Deprecate ``icalendar.parser.escape_string`` and ``icalendar.parser.unescape_string`` for icalendar version 8. Use ``_escape_string`` and ``_unescape_string`` internally. :issue:`1011`
- Added behavioral tests for :class:`~icalendar.cal.lazy.LazyCalendar` covering serialization round-trips, ``.todos``, ``.journals``, forward timezone references, and ``with_uid()`` substring false-positives. :issue:`1050`
- Added edge case tests for :class:`~icalendar.prop.conference.Conference` parameter normalization covering string passthrough, empty list filtering, and ``None`` omission. :issue:`925`
- Make icalendar an explicit editable install for clarity. :pr:`1268`
- Do not run some tests until a pull request is approved. :pr:`1246`
- Mark skipped CI tasks as skipped instead of running them. :issue:`1286`
- Created an :meth:`~icalendar.prop.boolean.vBoolean.ical_value` property for the :class:`~icalendar.prop.boolean.vBoolean` component. :issue:`876`
- Created an :meth:`~icalendar.prop.float.vFloat.ical_value` property for the :class:`~icalendar.prop.float.vFloat` component. :issue:`876`
- Created an :meth:`~icalendar.prop.integer.vInt.ical_value` property for the :class:`~icalendar.prop.integer.vInt` component. :issue:`876`
- Created an :meth:`~icalendar.prop.binary.vBinary.ical_value` property for the :class:`~icalendar.prop.binary.vBinary` component. :issue:`876`
- Put the link check as the last documentation CI task, allowing the documentation build and Vale to run first and fail faster. :pr:`1295`
- Extended :func:`~icalendar.timezone.tzp.TZP.localize` to support localizing both :class:`datetime.datetime` and :class:`datetime.time` objects, returning timezone-aware :class:`datetime.time` objects for the latter. :issue:`1142`
- Add type hints to tests directory functions. :issue:`938`
- Update to Contributor Covenant 3.0 Code of Conduct, hosted at https://pycal.org/code-of-conduct/.

New features



- Added :class:`~icalendar.cal.lazy.LazyCalendar` for lazy parsing of subcomponents. :issue:`158`, :issue:`1050`
- Updated :func:`icalendar.prop.dt.time.vTime.from_ical` to support parsing time values with TZID parameters, returning timezone-aware :class:`datetime.time` objects. :issue:`1142`
- Added ``subcomponents`` parameter to :meth:`Component.new &lt;icalendar.cal.component.Component.new&gt;`, :meth:`Event.new &lt;icalendar.cal.event.Event.new&gt;`, :meth:`Todo.new &lt;icalendar.cal.todo.Todo.new&gt;`, and :meth:`Availability.new &lt;icalendar.cal.availability.Availability.new&gt;`. :issue:`1065`
- Switch to uv for development. :issue:`1102`

Bug fixes



- Allow lenient parsing of content lines with optional whitespace around property and parameter delimiters (for example, ``REFRESH - INTERVAL; VALUE = DURATION:PT48H``) when parsing calendars with ``strict=False``. :issue:`351`
- X-properties with a ``VALUE`` parameter are now parsed using the correct type instead of falling back to :class:`~icalendar.prop.unkown.vUnknown`. :issue:`1238`
- Test that the ``DURATION`` property catches :class:`datetime.timedelta` objects without vProperty wrappers. :issue:`884`
- Fixed :func:`~icalendar.attr.get_end_property` to avoid allowing the creating of VEVENT components with negative durations. Only VTODO components are allowed to have negative durations. :issue:`999`
- GitHub Actions: conditional tests now show as &amp;quot;skipped&amp;quot; instead of &amp;quot;pending&amp;quot;. :issue:`1264`
- Fixed :meth:`Component.__eq__ &amp;lt;icalendar.cal.component.Component.__eq__&amp;gt;` method not being commutative when comparing subcomponents. :issue:`1224`
- Verified that the ``VALUE`` parameter of jCal components is used for the type of the component property. :issue:`1237`
- Fix :func:`~icalendar.parser.string.escape_char` handling of ``bytes`` input by converting with :func:`icalendar.parser_tools.to_unicode` before escaping. :issue:`1226`
- Fixed ``RecursionError`` in ``walk()``, ``property_items()``, and ``to_ical()`` by using iterative implementations for component traversal and property extraction. :pr:`1348`

Documentation
&lt;/code&gt;&lt;/pre&gt;
&lt;ul&gt;
&lt;li&gt;Convert docstring of :func:&lt;code&gt;~icalendar.param.string_parameter&lt;/code&gt; to Google style. :issue:&lt;code&gt;1072&lt;/code&gt;, :pr:&lt;code&gt;1316&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;Run &lt;code&gt;sphinx-build&lt;/code&gt; with &lt;code&gt;-W&lt;/code&gt; to turn warnings into errors. :issue:&lt;code&gt;1306&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;Added &lt;code&gt;sphinx-llms-txt &amp;lt;https://sphinx-llms-txt.readthedocs.io/en/stable/&amp;gt;&lt;/code&gt;_ extension to generate :file:&lt;code&gt;llms.txt&lt;/code&gt; and :file:&lt;code&gt;llms-full.txt&lt;/code&gt; files for AI/LLM documentation consumption. :issue:&lt;code&gt;1302&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;Fixed CI Vale check reporting and resolved Vale errors. :issue:&lt;code&gt;1277&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;Include :file:&lt;code&gt;Makefile&lt;/code&gt; in documentation workflow path filters so documentation CI runs when Makefile logic changes, and keep Vale failures visible in CI output. :issue:&lt;code&gt;1277&lt;/code&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;!-- raw HTML omitted --&gt;
&lt;/blockquote&gt;
&lt;p&gt;... (truncated)&lt;/p&gt;
&lt;/details&gt;
&lt;details&gt;
&lt;summary&gt;Commits&lt;/summary&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/collective/icalendar/commit/1300b76fb3fe40d987cc3715735c026b3c1a2191&quot;&gt;&lt;code&gt;1300b76&lt;/code&gt;&lt;/a&gt; Merge branch 'main' into 7.x&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/collective/icalendar/commit/255e6b841331e2d5cf2901402e08ab788899d465&quot;&gt;&lt;code&gt;255e6b8&lt;/code&gt;&lt;/a&gt; add 7.x to run the tests&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/collective/icalendar/commit/fc8a4f5674eaa05bf3546b296f166583f670561a&quot;&gt;&lt;code&gt;fc8a4f5&lt;/code&gt;&lt;/a&gt; disable the version switcher on the 7.x branch&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/collective/icalendar/commit/f5aa35d2ff6d106f5a7b286970b65b5f9d9211b4&quot;&gt;&lt;code&gt;f5aa35d&lt;/code&gt;&lt;/a&gt; version 7.1.0&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/collective/icalendar/commit/b4ffb8345deea76e4cca72689907ed2f8488e7de&quot;&gt;&lt;code&gt;b4ffb83&lt;/code&gt;&lt;/a&gt; Merge pull request &lt;a href=&quot;https://redirect.github.com/collective/icalendar/issues/1348&quot;&gt;#1348&lt;/a&gt; from uwezkhan/fix/property-items-recursion&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/collective/icalendar/commit/1d6d18d357335367d72f4628b7158dd4800caf39&quot;&gt;&lt;code&gt;1d6d18d&lt;/code&gt;&lt;/a&gt; Merge branch 'main' into fix/property-items-recursion&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/collective/icalendar/commit/05a34d48d3223b2780c9afffd0cdbab9d5c50ffd&quot;&gt;&lt;code&gt;05a34d4&lt;/code&gt;&lt;/a&gt; Merge pull request &lt;a href=&quot;https://redirect.github.com/collective/icalendar/issues/1346&quot;&gt;#1346&lt;/a&gt; from uwezkhan/fix/deep-component-walk-dos&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/collective/icalendar/commit/a4829d4d43b29e430b97ab66313f6357edd3742d&quot;&gt;&lt;code&gt;a4829d4&lt;/code&gt;&lt;/a&gt; Merge branch 'main' into fix/property-items-recursion&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/collective/icalendar/commit/66579fbf8fb4aeb6bf1ded0cfa353ba3d500e35a&quot;&gt;&lt;code&gt;66579fb&lt;/code&gt;&lt;/a&gt; fix formatting&lt;/li&gt;
&lt;li&gt;&lt;a href=&quot;https://github.com/collective/icalendar/commit/1f55c2035315e53b8d9a6eeacf1aee046d794fd3&quot;&gt;&lt;code&gt;1f55c20&lt;/code&gt;&lt;/a&gt; Merge branch 'main' into fix/deep-component-walk-dos&lt;/li&gt;
&lt;li&gt;Additional commits viewable in &lt;a href=&quot;https://github.com/collective/icalendar/compare/v6.0.1...v7.1.0&quot;&gt;compare view&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/details&gt;

&lt;br /&gt;</code></pre>

Updates `prometheus-fastapi-instrumentator` to 7.1.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/releases">prometheus-fastapi-instrumentator's releases</a>.</em></p>
<blockquote>
<h2>v7.1.0</h2>
<h2>Added</h2>
<ul>
<li>Included metrics closure creators have new optional parameter <code>custom_labels</code> to set additional custom static labels. Parameter has not been added to the <code>Instrumentator()</code> constructor. Thanks to <a href="https://github.com/iocentos"><code>@​iocentos</code></a> for requesting this in <a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/issues/279">#279</a> and <a href="https://github.com/martian711"><code>@​martian711</code></a> in <a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/pull/287">#287</a> as well as <a href="https://github.com/Budlee"><code>@​Budlee</code></a> in <a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/pull/326">#326</a> for implementing it.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/blob/master/CHANGELOG.md">prometheus-fastapi-instrumentator's changelog</a>.</em></p>
<blockquote>
<h2><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/compare/v7.0.2...v7.1.0">7.1.0</a> / 2025-03-19</h2>
<h3>Added</h3>
<ul>
<li>Included metrics closure creators have new optional parameter <code>custom_labels</code>
to set additional custom static labels. Parameter has not been added to the
<code>Instrumentator()</code> constructor. Thanks to
<a href="https://github.com/iocentos"><code>@​iocentos</code></a> for requesting this in
<a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/issues/279">#279</a>
and <a href="https://github.com/martian711"><code>@​martian711</code></a> in
<a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/pull/287">#287</a>
as well as <a href="https://github.com/Budlee"><code>@​Budlee</code></a> in
<a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/pull/326">#326</a>
for implementing it.</li>
</ul>
<h2><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/compare/v7.0.1...v7.0.2">7.0.2</a> / 2025-01-14</h2>
<h3>Fixed</h3>
<ul>
<li><strong>Replaced incorrect license identifier in <code>pyproject.toml</code>.</strong> Problem
introduced with the migration to Poetry 2.0 in the last patch release.</li>
</ul>
<h2><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/compare/v7.0.0...v7.0.1">7.0.1</a> / 2025-01-14</h2>
<h3>Changed</h3>
<ul>
<li><strong>Migrated <code>pyproject.toml</code> to support PEP 621.</strong> This comes with a migration
to Poetry 2.0. Thanks to <a href="https://github.com/alexted"><code>@​alexted</code></a> bringing this
up in
<a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/pull/323">#323</a>.</li>
</ul>
<h2><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/compare/v6.1.0...v7.0.0">7.0.0</a> / 2023-07-15</h2>
<p>Major release with a single breaking change: Python 3.7 is not supported
anymore. Beyond that, three improvements based on various pull requests.</p>
<h3>Added</h3>
<ul>
<li>
<p><strong>Instrumentator now works without FastAPI</strong>. This is possible because every
FastAPI app is also a Starlette app (but not the other way around). Or to be
more specific: FastAPI uses Starlette for things like routing and middleware
this package relies on. The change is backwards compatible, even type checkers
like mypy should continue working. Thanks to
<a href="https://github.com/mvanderlee"><code>@​mvanderlee</code></a> for proposing this in
<a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/issues/280">#280</a>
and implementing it in
<a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/pull/288">#288</a>.</p>
</li>
<li>
<p><strong>Middleware also records duration without streaming</strong> in addition to the
already existing total latency (i.e. the time consumed for streaming is not</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/commit/63b05e52b6687e7371551d57a525f090e65ec73a"><code>63b05e5</code></a> chore: Prepare release v7.1.0</li>
<li><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/commit/9dc048be8a0805bc1c0212ef6c5cdab351484d53"><code>9dc048b</code></a> feat: Add opt custom labels to included metrics <a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/issues/279">#279</a> (<a href="https://redirect.github.com/trallnag/prometheus-fastapi-instrumentator/issues/326">#326</a>)</li>
<li><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/commit/2e1568e19bf75efedf5e4f92d186529a686b0eeb"><code>2e1568e</code></a> docs: Fix link in changelog</li>
<li><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/commit/c6979092b842d1e1c5235edc443953995952f9b3"><code>c697909</code></a> chore: Prepare release v7.0.2</li>
<li><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/commit/2743a4c0205472e1d734f6ec474f9203e0b03c6f"><code>2743a4c</code></a> chore: Fix incorrect license identifier in pyproject.toml</li>
<li><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/commit/d010c8d17f6441d473280cd33d25998a4a6c1519"><code>d010c8d</code></a> ci: Bump lower Python to 3.9</li>
<li><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/commit/6154e85ee03de09196b4afbb0b96fab8707a7a43"><code>6154e85</code></a> ci: Bump Poetry to 2.0.1</li>
<li><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/commit/fc3d5164055607bc163f89bb5182647064630cd0"><code>fc3d516</code></a> chore: Fix invalid attributes in pyproject.toml</li>
<li><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/commit/406990a8bf1b6b08a0da040fa8922a75b425bbca"><code>406990a</code></a> chore: Prepare release v7.0.1</li>
<li><a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/commit/71cb11825435a3dbd2d851b0126b9f5eef741330"><code>71cb118</code></a> chore: Add note to changelog</li>
<li>Additional commits viewable in <a href="https://github.com/trallnag/prometheus-fastapi-instrumentator/compare/v7.0.0...v7.1.0">compare view</a></li>
</ul>
</details>
<br />

Updates `pydantic` to 2.13.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/pydantic/pydantic/releases">pydantic's releases</a>.</em></p>
<blockquote>
<h2>v2.13.4 2026-05-06</h2>
<h2>v2.13.4 (2026-05-06)</h2>
<h3>What's Changed</h3>
<h4>Packaging</h4>
<ul>
<li>Bump libc from 0.2.155 to 0.2.185 by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13109">#13109</a></li>
<li>Adapt <code>pydantic-core</code> linker flags on macOS by <a href="https://github.com/washingtoneg"><code>@​washingtoneg</code></a> and <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13147">#13147</a></li>
</ul>
<h4>Fixes</h4>
<ul>
<li>Preserve <code>RootModel</code> core metadata by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13129">#13129</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4">https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pydantic/pydantic/blob/v2.13.4/HISTORY.md">pydantic's changelog</a>.</em></p>
<blockquote>
<h2>v2.13.4 (2026-05-06)</h2>
<p><a href="https://github.com/pydantic/pydantic/releases/tag/v2.13.4">GitHub release</a></p>
<h3>What's Changed</h3>
<h4>Packaging</h4>
<ul>
<li>Bump libc from 0.2.155 to 0.2.185 by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13109">#13109</a></li>
<li>Adapt <code>pydantic-core</code> linker flags on macOS by <a href="https://github.com/washingtoneg"><code>@​washingtoneg</code></a> and <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13147">#13147</a></li>
</ul>
<h4>Fixes</h4>
<ul>
<li>Preserve <code>RootModel</code> core metadata by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13129">#13129</a></li>
</ul>
<h2>v2.13.3 (2026-04-20)</h2>
<p><a href="https://github.com/pydantic/pydantic/releases/tag/v2.13.3">GitHub release</a></p>
<h3>What's Changed</h3>
<h4>Fixes</h4>
<ul>
<li>Handle <code>AttributeError</code> subclasses with <code>from_attributes</code> by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13096">#13096</a></li>
</ul>
<h2>v2.13.2 (2026-04-17)</h2>
<p><a href="https://github.com/pydantic/pydantic/releases/tag/v2.13.2">GitHub release</a></p>
<h3>What's Changed</h3>
<h4>Fixes</h4>
<ul>
<li>Fix <code>ValidationInfo.field_name</code> missing with <code>model_validate_json()</code> by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13084">#13084</a></li>
</ul>
<h2>v2.13.1 (2026-04-15)</h2>
<p><a href="https://github.com/pydantic/pydantic/releases/tag/v2.13.1">GitHub release</a></p>
<h3>What's Changed</h3>
<h4>Fixes</h4>
<ul>
<li>Fix <code>ValidationInfo.data</code> missing with <code>model_validate_json()</code> by <a href="https://github.com/davidhewitt"><code>@​davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13079">#13079</a></li>
</ul>
<h2>v2.13.0 (2026-04-13)</h2>
<p><a href="https://github.com/pydantic/pydantic/releases/tag/v2.13.0">GitHub release</a></p>
<p>The highlights of the v2.13 release are available in the <a href="https://pydantic.dev/articles/pydantic-v2-13-release">blog post</a>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382"><code>cf67d4b</code></a> Fix linting</li>
<li><a href="https://github.com/pydantic/pydantic/commit/f0d8a214a5803036db46a56b1f62f1e56b81d662"><code>f0d8a21</code></a> Prepare release v2.13.4</li>
<li><a href="https://github.com/pydantic/pydantic/commit/5e3fe1d41a00f441204241c66078003ae0391f9a"><code>5e3fe1d</code></a> Check for pydantic tag pattern in CI</li>
<li><a href="https://github.com/pydantic/pydantic/commit/7f9edcc2a191d2eaa9751220eb910914e716a686"><code>7f9edcc</code></a> Document tagging conventions</li>
<li><a href="https://github.com/pydantic/pydantic/commit/b46a0c9b8a4dd967fda8ec1a92f6437076bf262c"><code>b46a0c9</code></a> Adapt <code>pydantic-core</code> linker flags on macOS</li>
<li><a href="https://github.com/pydantic/pydantic/commit/50629c851e61d887d5420452c311ec6203f1f400"><code>50629c8</code></a> Update to PyPy 7.3.22</li>
<li><a href="https://github.com/pydantic/pydantic/commit/8522ebb71e5e9a6f7188af5f009f01785b8cf725"><code>8522ebb</code></a> Preserve <code>RootModel</code> core metadata</li>
<li><a href="https://github.com/pydantic/pydantic/commit/a37f3aff090ca342dc5f48304889963530b993f8"><code>a37f3af</code></a> Adapt <code>MISSING</code> sentinel test to work with unreleased <code>typing_extensions</code> ver...</li>
<li><a href="https://github.com/pydantic/pydantic/commit/909259a9df660518033aa686b689f045a6eaf9d2"><code>909259a</code></a> Remove Logfire example in documentation</li>
<li><a href="https://github.com/pydantic/pydantic/commit/2c4174c366606fc2dc46cb806833a080aefa77df"><code>2c4174c</code></a> Bump libc from 0.2.155 to 0.2.185</li>
<li>Additional commits viewable in <a href="https://github.com/pydantic/pydantic/compare/v2.12.2...v2.13.4">compare view</a></li>
</ul>
</details>
<br />

Updates `python-multipart` to 0.0.27
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/Kludex/python-multipart/releases">python-multipart's releases</a>.</em></p>
<blockquote>
<h2>0.0.27</h2>
<h2>What's Changed</h2>
<ul>
<li>Pass parse offsets via constructors by <a href="https://github.com/Kludex"><code>@​Kludex</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/268">Kludex/python-multipart#268</a></li>
<li>Add multipart header limits by <a href="https://github.com/Kludex"><code>@​Kludex</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/267">Kludex/python-multipart#267</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27">https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md">python-multipart's changelog</a>.</em></p>
<blockquote>
<h2>0.0.27 (2026-04-27)</h2>
<ul>
<li>Add multipart header limits <a href="https://redirect.github.com/Kludex/python-multipart/pull/267">#267</a>.</li>
<li>Pass parse offsets via constructors <a href="https://redirect.github.com/Kludex/python-multipart/pull/268">#268</a>.</li>
</ul>
<h2>0.0.26 (2026-04-10)</h2>
<ul>
<li>Skip preamble before the first multipart boundary more efficiently <a href="https://redirect.github.com/Kludex/python-multipart/pull/262">#262</a>.</li>
<li>Silently discard epilogue data after the closing multipart boundary <a href="https://redirect.github.com/Kludex/python-multipart/pull/259">#259</a>.</li>
</ul>
<h2>0.0.25 (2026-04-10)</h2>
<ul>
<li>Add MIME content type info to <code>File</code> <a href="https://redirect.github.com/Kludex/python-multipart/pull/143">#143</a>.</li>
<li>Handle CTE values case-insensitively <a href="https://redirect.github.com/Kludex/python-multipart/pull/258">#258</a>.</li>
<li>Remove custom <code>FormParser</code> classes <a href="https://redirect.github.com/Kludex/python-multipart/pull/257">#257</a>.</li>
<li>Add <code>UPLOAD_DELETE_TMP</code> to <code>FormParser</code> config <a href="https://redirect.github.com/Kludex/python-multipart/pull/254">#254</a>.</li>
<li>Emit <code>field_end</code> for trailing bare field names on finalize <a href="https://redirect.github.com/Kludex/python-multipart/pull/230">#230</a>.</li>
<li>Handle multipart headers case-insensitively <a href="https://redirect.github.com/Kludex/python-multipart/pull/252">#252</a>.</li>
<li>Apply Apache-2.0 properly <a href="https://redirect.github.com/Kludex/python-multipart/pull/247">#247</a>.</li>
</ul>
<h2>0.0.24 (2026-04-05)</h2>
<ul>
<li>Validate <code>chunk_size</code> in <code>parse_form()</code> <a href="https://redirect.github.com/Kludex/python-multipart/pull/244">#244</a>.</li>
</ul>
<h2>0.0.23 (2026-04-05)</h2>
<ul>
<li>Remove unused <code>trust_x_headers</code> parameter and <code>X-File-Name</code> fallback <a href="https://redirect.github.com/Kludex/python-multipart/pull/196">#196</a>.</li>
<li>Return processed length from <code>QuerystringParser._internal_write</code> <a href="https://redirect.github.com/Kludex/python-multipart/pull/229">#229</a>.</li>
<li>Cleanup metadata dunders from <code>__init__.py</code> <a href="https://redirect.github.com/Kludex/python-multipart/pull/227">#227</a>.</li>
</ul>
<h2>0.0.22 (2026-01-25)</h2>
<ul>
<li>Drop directory path from filename in <code>File</code> <a href="https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4">9433f4b</a>.</li>
</ul>
<h2>0.0.21 (2025-12-17)</h2>
<ul>
<li>Add support for Python 3.14 and drop EOL 3.8 and 3.9 <a href="https://redirect.github.com/Kludex/python-multipart/pull/216">#216</a>.</li>
</ul>
<h2>0.0.20 (2024-12-16)</h2>
<ul>
<li>Handle messages containing only end boundary <a href="https://redirect.github.com/Kludex/python-multipart/pull/142">#142</a>.</li>
</ul>
<h2>0.0.19 (2024-11-30)</h2>
<ul>
<li>Don't warn when CRLF is found after last boundary on <code>MultipartParser</code> <a href="https://redirect.github.com/Kludex/python-multipart/pull/193">#193</a>.</li>
</ul>
<h2>0.0.18 (2024-11-28)</h2>
<ul>
<li>Hard break if found data after last boundary on <code>MultipartParser</code> <a href="https://redirect.github.com/Kludex/python-multipart/pull/189">#189</a>.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250"><code>6d1d689</code></a> Version 0.0.27 (<a href="https://redirect.github.com/Kludex/python-multipart/issues/272">#272</a>)</li>
<li><a href="https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f"><code>0b10220</code></a> Run CI on main branch pull requests (<a href="https://redirect.github.com/Kludex/python-multipart/issues/271">#271</a>)</li>
<li><a href="https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911"><code>3e64f5f</code></a> Add multipart header limits (<a href="https://redirect.github.com/Kludex/python-multipart/issues/267">#267</a>)</li>
<li><a href="https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14"><code>eb109cc</code></a> Pass parse offsets via constructors (<a href="https://redirect.github.com/Kludex/python-multipart/issues/268">#268</a>)</li>
<li><a href="https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d"><code>78e29ab</code></a> Bump pytest from 9.0.2 to 9.0.3 (<a href="https://redirect.github.com/Kludex/python-multipart/issues/266">#266</a>)</li>
<li><a href="https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c"><code>b2ddd09</code></a> fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (<a href="https://redirect.github.com/Kludex/python-multipart/issues/264">#264</a>)</li>
<li><a href="https://github.com/Kludex/python-multipart/commit/28f47859b4a40c2e11e02dc514b2e9743ceedd2e"><code>28f4785</code></a> Version 0.0.26 (<a href="https://redirect.github.com/Kludex/python-multipart/issues/263">#263</a>)</li>
<li><a href="https://github.com/Kludex/python-multipart/commit/d4452a78bbde94995dd3c0d1b4aff3610a5c472f"><code>d4452a7</code></a> Silently discard epilogue data after the closing boundary (<a href="https://redirect.github.com/Kludex/python-multipart/issues/259">#259</a>)</li>
<li><a href="https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37"><code>6a7b76d</code></a> Skip preamble before first multipart boundary (<a href="https://redirect.github.com/Kludex/python-multipart/issues/262">#262</a>)</li>
<li><a href="https://github.com/Kludex/python-multipart/commit/4addb60350fc843f77a1502f14247db91930b3bf"><code>4addb60</code></a> Version 0.0.25 (<a href="https://redirect.github.com/Kludex/python-multipart/issues/261">#261</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/Kludex/python-multipart/compare/0.0.19...0.0.27">compare view</a></li>
</ul>
</details>
<br />

Updates `pytz` to 2026.2
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/stub42/pytz/commit/45957c55be9dbf013b636aeb7d22dc7bec81a9f4"><code>45957c5</code></a> Bump github actions/checkout to <a href="https://github.com/v6"><code>@​v6</code></a></li>
<li><a href="https://github.com/stub42/pytz/commit/8e927c67c98ccde3624642f2f32cd6c5208a5161"><code>8e927c6</code></a> Bump version numbers to 2026.2 (IANA 2026b)</li>
<li><a href="https://github.com/stub42/pytz/commit/6f08adec7bcb382e78afedb660f94f38a093fddf"><code>6f08ade</code></a> IANA 2026b</li>
<li><a href="https://github.com/stub42/pytz/commit/edbfbdf8f708657ce5b9fee32e2f8eaa8647359a"><code>edbfbdf</code></a> Squashed 'tz/' changes from dd6be6d155..8be0d5483d</li>
<li><a href="https://github.com/stub42/pytz/commit/a148b0390a42ea9a95ef7f6d8c346307405708d5"><code>a148b03</code></a> Fix typo in README</li>
<li><a href="https://github.com/stub42/pytz/commit/b841195f5df79455ee3aa9ec3d8749af835dab48"><code>b841195</code></a> fix typo</li>
<li><a href="https://github.com/stub42/pytz/commit/02509d04e32b438351ada260bb0cc6d24d461ae9"><code>02509d0</code></a> Update test runners for new Pythons and github actions</li>
<li><a href="https://github.com/stub42/pytz/commit/43c1cb28d7a243392f767d2459677e2775fc884b"><code>43c1cb2</code></a> Bump version number to 2026.1.post1</li>
<li><a href="https://github.com/stub42/pytz/commit/6ee7e564acbd729972951880f2fbf9b93f95aacb"><code>6ee7e56</code></a> Try to access resource using <code>importlib.resources</code></li>
<li><a href="https://github.com/stub42/pytz/commit/95fe75d8f15cfc3d5b70e1e71258ddebf0776436"><code>95fe75d</code></a> Bump version number to 2026.1 (2026a)</li>
<li>Additional commits viewable in <a href="https://github.com/stub42/pytz/compare/release_2024.2...release_2026.2">compare view</a></li>
</ul>
</details>
<br />

Updates `pyyaml` to 6.0.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/yaml/pyyaml/releases">pyyaml's releases</a>.</em></p>
<blockquote>
<h2>6.0.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Support for Python 3.14 and free-threading (experimental).</li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/yaml/pyyaml/compare/6.0.2...6.0.3">https://github.com/yaml/pyyaml/compare/6.0.2...6.0.3</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/yaml/pyyaml/blob/6.0.3/CHANGES">pyyaml's changelog</a>.</em></p>
<blockquote>
<p>6.0.3 (2025-09-25)</p>
<ul>
<li><a href="https://redirect.github.com/yaml/pyyaml/pull/864">yaml/pyyaml#864</a> -- Support for Python 3.14 and free-threading (experimental)</li>
...

_Description has been truncated_

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 6, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/python-dependencies-2a3f54f844 branch from 9af1975 to db0df59 Compare May 6, 2026 17:28
@dantetemplar
Copy link
Copy Markdown
Member

dantetemplar commented May 6, 2026

@dependabot rebase

@dependabot
chore(deps): bump the python-dependencies group across 1 directory wi…
c7fbc0c 
…th 18 updates

Updates the requirements on [alembic](https://github.com/sqlalchemy/alembic), [asyncpg](https://github.com/MagicStack/asyncpg), [authlib](https://github.com/authlib/authlib), [colorlog](https://github.com/borntyping/python-colorlog), [cryptography](https://github.com/pyca/cryptography), [fastapi](https://github.com/fastapi/fastapi), [fastapi-swagger](https://github.com/dantetemplar/fastapi-swagger), [gunicorn](https://github.com/benoitc/gunicorn), [icalendar](https://github.com/collective/icalendar), [prometheus-fastapi-instrumentator](https://github.com/trallnag/prometheus-fastapi-instrumentator), [pydantic](https://github.com/pydantic/pydantic), [python-multipart](https://github.com/Kludex/python-multipart), [pytz](https://github.com/stub42/pytz), [pyyaml](https://github.com/yaml/pyyaml), [ruff](https://github.com/astral-sh/ruff), [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy), [uvicorn](https://github.com/Kludex/uvicorn) and [prek](https://github.com/j178/prek) to permit the latest version.

Updates `alembic` to 1.18.4
- [Release notes](https://github.com/sqlalchemy/alembic/releases)
- [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES)
- [Commits](https://github.com/sqlalchemy/alembic/commits)

Updates `asyncpg` to 0.31.0
- [Release notes](https://github.com/MagicStack/asyncpg/releases)
- [Commits](MagicStack/asyncpg@v0.30.0...v0.31.0)

Updates `authlib` to 1.7.2
- [Release notes](https://github.com/authlib/authlib/releases)
- [Commits](authlib/authlib@v1.6.5...v1.7.2)

Updates `colorlog` to 6.10.1
- [Release notes](https://github.com/borntyping/python-colorlog/releases)
- [Commits](borntyping/python-colorlog@v6.8.2...v6.10.1)

Updates `cryptography` to 48.0.0
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.2...48.0.0)

Updates `fastapi` to 0.136.1
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.115.0...0.136.1)

Updates `fastapi-swagger` to 0.4.49
- [Release notes](https://github.com/dantetemplar/fastapi-swagger/releases)
- [Commits](dantetemplar/fastapi-swagger@v0.4.46...v0.4.49)

Updates `gunicorn` from 23.0.0 to 26.0.0
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](benoitc/gunicorn@23.0.0...26.0.0)

Updates `icalendar` to 7.1.0
- [Release notes](https://github.com/collective/icalendar/releases)
- [Changelog](https://github.com/collective/icalendar/blob/main/CHANGES.rst)
- [Commits](collective/icalendar@v6.0.1...v7.1.0)

Updates `prometheus-fastapi-instrumentator` to 7.1.0
- [Release notes](https://github.com/trallnag/prometheus-fastapi-instrumentator/releases)
- [Changelog](https://github.com/trallnag/prometheus-fastapi-instrumentator/blob/master/CHANGELOG.md)
- [Commits](trallnag/prometheus-fastapi-instrumentator@v7.0.0...v7.1.0)

Updates `pydantic` to 2.13.4
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/v2.13.4/HISTORY.md)
- [Commits](pydantic/pydantic@v2.12.2...v2.13.4)

Updates `python-multipart` to 0.0.27
- [Release notes](https://github.com/Kludex/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md)
- [Commits](Kludex/python-multipart@0.0.19...0.0.27)

Updates `pytz` to 2026.2
- [Release notes](https://github.com/stub42/pytz/releases)
- [Commits](stub42/pytz@release_2024.2...release_2026.2)

Updates `pyyaml` to 6.0.3
- [Release notes](https://github.com/yaml/pyyaml/releases)
- [Changelog](https://github.com/yaml/pyyaml/blob/6.0.3/CHANGES)
- [Commits](yaml/pyyaml@6.0.1...6.0.3)

Updates `ruff` to 0.15.12
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.7.4...0.15.12)

Updates `sqlalchemy` to 2.0.49
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

Updates `uvicorn` to 0.46.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.32.0...0.46.0)

Updates `prek` to 0.3.13
- [Release notes](https://github.com/j178/prek/releases)
- [Changelog](https://github.com/j178/prek/blob/master/CHANGELOG.md)
- [Commits](j178/prek@v0.3.8...v0.3.13)

---
updated-dependencies:
- dependency-name: alembic
  dependency-version: 1.18.4
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: asyncpg
  dependency-version: 0.31.0
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: authlib
  dependency-version: 1.7.2
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: colorlog
  dependency-version: 6.10.1
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: cryptography
  dependency-version: 48.0.0
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: fastapi
  dependency-version: 0.136.1
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: fastapi-swagger
  dependency-version: 0.4.49
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: gunicorn
  dependency-version: 26.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-dependencies
- dependency-name: icalendar
  dependency-version: 7.1.0
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: prek
  dependency-version: 0.3.13
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: prometheus-fastapi-instrumentator
  dependency-version: 7.1.0
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: pydantic
  dependency-version: 2.13.4
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: python-multipart
  dependency-version: 0.0.27
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: pytz
  dependency-version: '2026.2'
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: pyyaml
  dependency-version: 6.0.3
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: ruff
  dependency-version: 0.15.12
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: sqlalchemy
  dependency-version: 2.0.49
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: uvicorn
  dependency-version: 0.46.0
  dependency-type: direct:production
  dependency-group: python-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/python-dependencies-2a3f54f844 branch from db0df59 to c7fbc0c Compare May 6, 2026 17:49
@dantetemplar dantetemplar merged commit 46f17a3 into main May 6, 2026
11 checks passed
@dantetemplar dantetemplar deleted the dependabot/pip/python-dependencies-2a3f54f844 branch May 6, 2026 17:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dantetemplar