Skip to content

chore(deps): bump the uv-version-updates group across 1 directory with 6 updates#18

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/uv-version-updates-64f2e2b71c
Closed

chore(deps): bump the uv-version-updates group across 1 directory with 6 updates#18
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/uv-version-updates-64f2e2b71c

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 16, 2026
edited
Loading

Bumps the uv-version-updates group with 6 updates in the / directory:

Package From To
fastapi 0.129.0 0.135.1
python-dotenv 1.2.1 1.2.2
uvicorn 0.41.0 0.42.0
ruff 0.15.1 0.15.6
fawltydeps 0.19.0 0.20.0
ty 0.0.17 0.0.23

Updates fastapi from 0.129.0 to 0.135.1

Release notes

Sourced from fastapi's releases.

0.135.1

Fixes

  • 🐛 Fix, avoid yield from a TaskGroup, only as an async context manager, closed in the request async exit stack. PR #15038 by @​tiangolo.

Docs

Internal

0.135.0

Features

0.134.0

Features

  • ✨ Add support for streaming JSON Lines and binary data with yield. PR #15022 by @​tiangolo.
    • This also upgrades Starlette from >=0.40.0 to >=0.46.0, as it's needed to properly unrwap and re-raise exceptions from exception groups.
    • New docs: Stream JSON Lines.
    • And new docs: Stream Data.

Docs

  • 📝 Update Library Agent Skill with streaming responses. PR #15024 by @​tiangolo.
  • 📝 Update docs for responses and new stream with yield. PR #15023 by @​tiangolo.
  • 📝 Add await in StreamingResponse code example to allow cancellation. PR #14681 by @​casperdcl.
  • 📝 Rename docs_src/websockets to docs_src/websockets_ to avoid import errors. PR #14979 by @​YuriiMotov.

Internal

0.133.1

Features

Internal

... (truncated)

Commits
  • ca5f60e 🔖 Release version 0.135.1
  • 87f75aa 📝 Update release notes
  • 8a9258b 🐛 Fix, avoid yield from a TaskGroup, only as an async context manager, closed...
  • 6038507 📝 Update release notes
  • c796ba4 👥 Update FastAPI People - Experts (#15037)
  • b24aa03 📝 Update release notes
  • 2c61047 ✏️ Fix typo in docs/en/docs/_llm-test.md (#15007)
  • e3bbeef 📝 Update release notes
  • d726c8c 📝 Update release notes
  • cf514e6 👥 Update FastAPI People - Contributors and Translators (#15029)
  • Additional commits viewable in compare view

Updates python-dotenv from 1.2.1 to 1.2.2

Release notes

Sourced from python-dotenv's releases.

v1.2.2

Added

  • Support for Python 3.14, including the free-threaded (3.14t) build. (#)

Changed

  • The dotenv run command now forwards flags directly to the specified command by @​bbc2 in theskumar/python-dotenv#607
  • Improved documentation clarity regarding override behavior and the reference page.
  • Updated PyPy support to version 3.11.
  • Documentation for FIFO file support.
  • Support for Python 3.9.

Fixed

Breaking Changes

  • dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

  • In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

  • dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Misc

New Contributors

Full Changelog: theskumar/python-dotenv@v1.2.1...v1.2.2

Changelog

Sourced from python-dotenv's changelog.

[1.2.2] - 2026-03-01

Added

  • Support for Python 3.14, including the free-threaded (3.14t) build. (#588)

Changed

  • The dotenv run command now forwards flags directly to the specified command by [@​bbc2] in #607
  • Improved documentation clarity regarding override behavior and the reference page.
  • Updated PyPy support to version 3.11.
  • Documentation for FIFO file support.
  • Dropped Support for Python 3.9.

Fixed

  • Improved set_key and unset_key behavior when interacting with symlinks by [@​bbc2] in [790c5c0]
  • Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@​JYOuyang] in #590

Breaking Changes

  • dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

  • In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

  • dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Commits

Updates uvicorn from 0.41.0 to 0.42.0

Release notes

Sourced from uvicorn's releases.

Version 0.42.0

Changed

  • Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

  • Escape brackets and backslash in httptools HEADER_RE regex (#2824)
  • Fix multiple issues in websockets sans-io implementation (#2825)

New Contributors

Full Changelog: Kludex/uvicorn@0.41.0...0.42.0

Changelog

Sourced from uvicorn's changelog.

0.42.0 (March 16, 2026)

Changed

  • Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

  • Escape brackets and backslash in httptools HEADER_RE regex (#2824)
  • Fix multiple issues in websockets sans-io implementation (#2825)
Commits
  • 02bed6f Version 0.42.0 (#2852)
  • d8f2501 chore: pre-create Config objects in benchmarks to measure protocol hot paths ...
  • 9dbb783 Add WebSocket protocol benchmarks for wsproto and websockets-sansio (#2849)
  • b3c69da Use bytearray for request body accumulation (#2845)
  • 3f3ebee Disable pytest-xdist for CodSpeed benchmark runs (#2847)
  • d072de7 Add fragmented body benchmark for chunked body accumulation (#2846)
  • e300c2c Add CodSpeed benchmark suite for HTTP protocol hot paths (#2844)
  • 1fa6976 Escape brackets and backslash in httptools HEADER_RE regex (#2824)
  • 59ec1de Fix multiple issues in websockets sansio implementation (#2825)
  • 2fc0efc Clarify Windows asyncio event loop selection in docs (#2843)
  • Additional commits viewable in compare view

Updates ruff from 0.15.1 to 0.15.6

Release notes

Sourced from ruff's releases.

0.15.6

Release Notes

Released on 2026-03-12.

Preview features

  • Add support for lazy import parsing (#23755)
  • Add support for star-unpacking of comprehensions (PEP 798) (#23788)
  • Reject semantic syntax errors for lazy imports (#23757)
  • Drop a few rules from the preview default set (#23879)
  • [airflow] Flag Variable.get() calls outside of task execution context (AIR003) (#23584)
  • [airflow] Flag runtime-varying values in DAG/task constructor arguments (AIR304) (#23631)
  • [flake8-bugbear] Implement delattr-with-constant (B043) (#23737)
  • [flake8-tidy-imports] Add TID254 to enforce lazy imports (#23777)
  • [flake8-tidy-imports] Allow users to ban lazy imports with TID254 (#23847)
  • [isort] Retain lazy keyword when sorting imports (#23762)
  • [pyupgrade] Add from __future__ import annotations automatically (UP006) (#23260)
  • [refurb] Support newline parameter in FURB101 for Python 3.13+ (#23754)
  • [ruff] Add os-path-commonprefix (RUF071) (#23814)
  • [ruff] Add unsafe fix for os-path-commonprefix (RUF071) (#23852)
  • [ruff] Limit RUF036 to typing contexts; make it unsafe for non-typing-only (#23765)
  • [ruff] Use starred unpacking for RUF017 in Python 3.15+ (#23789)

Bug fixes

  • Fix --add-noqa creating unwanted leading whitespace (#23773)
  • Fix --add-noqa breaking shebangs (#23577)
  • [formatter] Fix lambda body formatting for multiline calls and subscripts (#23866)
  • [formatter] Preserve required annotation parentheses in annotated assignments (#23865)
  • [formatter] Preserve type-expression parentheses in the formatter (#23867)
  • [flake8-annotations] Fix stack overflow in ANN401 on quoted annotations with escape sequences (#23912)
  • [pep8-naming] Check naming conventions in match pattern bindings (N806, N815, N816) (#23899)
  • [perflint] Fix comment duplication in fixes (PERF401, PERF403) (#23729)
  • [pyupgrade] Properly trigger super change in nested class (UP008) (#22677)
  • [ruff] Avoid syntax errors in RUF036 fixes (#23764)

Rule changes

  • [flake8-bandit] Flag S501 with requests.request (#23873)
  • [flake8-executable] Fix WSL detection in non-Docker containers (#22879)
  • [flake8-print] Ignore pprint calls with stream= (#23787)

Documentation

  • Update docs for Markdown code block formatting (#23871)
  • [flake8-bugbear] Fix misleading description for B904 (#23731)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.6

Released on 2026-03-12.

Preview features

  • Add support for lazy import parsing (#23755)
  • Add support for star-unpacking of comprehensions (PEP 798) (#23788)
  • Reject semantic syntax errors for lazy imports (#23757)
  • Drop a few rules from the preview default set (#23879)
  • [airflow] Flag Variable.get() calls outside of task execution context (AIR003) (#23584)
  • [airflow] Flag runtime-varying values in DAG/task constructor arguments (AIR304) (#23631)
  • [flake8-bugbear] Implement delattr-with-constant (B043) (#23737)
  • [flake8-tidy-imports] Add TID254 to enforce lazy imports (#23777)
  • [flake8-tidy-imports] Allow users to ban lazy imports with TID254 (#23847)
  • [isort] Retain lazy keyword when sorting imports (#23762)
  • [pyupgrade] Add from __future__ import annotations automatically (UP006) (#23260)
  • [refurb] Support newline parameter in FURB101 for Python 3.13+ (#23754)
  • [ruff] Add os-path-commonprefix (RUF071) (#23814)
  • [ruff] Add unsafe fix for os-path-commonprefix (RUF071) (#23852)
  • [ruff] Limit RUF036 to typing contexts; make it unsafe for non-typing-only (#23765)
  • [ruff] Use starred unpacking for RUF017 in Python 3.15+ (#23789)

Bug fixes

  • Fix --add-noqa creating unwanted leading whitespace (#23773)
  • Fix --add-noqa breaking shebangs (#23577)
  • [formatter] Fix lambda body formatting for multiline calls and subscripts (#23866)
  • [formatter] Preserve required annotation parentheses in annotated assignments (#23865)
  • [formatter] Preserve type-expression parentheses in the formatter (#23867)
  • [flake8-annotations] Fix stack overflow in ANN401 on quoted annotations with escape sequences (#23912)
  • [pep8-naming] Check naming conventions in match pattern bindings (N806, N815, N816) (#23899)
  • [perflint] Fix comment duplication in fixes (PERF401, PERF403) (#23729)
  • [pyupgrade] Properly trigger super change in nested class (UP008) (#22677)
  • [ruff] Avoid syntax errors in RUF036 fixes (#23764)

Rule changes

  • [flake8-bandit] Flag S501 with requests.request (#23873)
  • [flake8-executable] Fix WSL detection in non-Docker containers (#22879)
  • [flake8-print] Ignore pprint calls with stream= (#23787)

Documentation

  • Update docs for Markdown code block formatting (#23871)
  • [flake8-bugbear] Fix misleading description for B904 (#23731)

Contributors

... (truncated)

Commits
  • e4c7f35 Bump 0.15.6 (#23919)
  • edfe6c1 [ty] Narrow type context during collection literal inference (#23844)
  • dd16d68 Exclude broken symlink in ecosystem check (#23921)
  • 3f94c6a Fix stack overflow in ANN401 on quoted annotations with escape sequences (#23...
  • 91fc7bd [ty] Fix false-positive diagnostics for PEP-604 union annotations on attribut...
  • 04229cf [ty] Initial test suite for PEP-728 TypedDict features (#23832)
  • 728b9d6 [pep8-naming] Check naming conventions in match pattern bindings (N806,...
  • 88d1eec [ty] Ensure a type[] type T is always considered assignable to a union th...
  • 37cdd61 Fix lambda body formatting for multiline calls and subscripts (#23866)
  • a25a4df [ty] Disambiguate duplicate-looking overloaded callables in union display (#2...
  • Additional commits viewable in compare view

Updates fawltydeps from 0.19.0 to 0.20.0

Release notes

Sourced from fawltydeps's releases.

v0.20.0

As we're nearing the release of v1.0, here is an update with various quality-of-life improvements.

Suggesting package names for undeclared dependencies

When FawltyDeps finds a 3rd-party import that is not declared, it will output that import name as an undeclared dependency. But as we've talked about before, import names in Python are not necessarily synonymous with the package names that you would have to declare in order to make those import names available.

For example, if you import sklearn in your code, it might not be obvious that the corresponding dependency declaration should be scikit-learn, and not sklearn.

Starting with this version, if you run FawltyDeps with the --detailed option, and if there happens to be one or more (undeclared) packages in your Python environment that provide the relevant import name, then FawltyDeps will suggest these packages as potential solutions to your undeclared dependency.

For the sklearn/scikit-learn example:

These imports appear to be undeclared dependencies:
- 'sklearn'
    imported at:
      some/file.py:123
    may be provided by these packages:
      'scikit-learn'

New option to control where FawltyDeps looks for 1st-party imports

By default (and before this release) FawltyDeps looks at the paths on the command-line to deduce where 1st-party imports (i.e. your project's own modules) can be found. In some corner cases this deduction fails, and the result is typically that a 1st-party import is flagged by FawltyDeps as an undeclared dependency.

The new --base-dir allows you to control where FawltyDeps looks for 1st-party imports, and it can help fix those cases where the default deduction fails, for example in cases where you are passing individual file names (instead of directory names) on the FawltyDeps command line.

We have a new section in our FAQ to more precisely describe how the new option works, and when it's needed.

Thanks to our new co-maintainer @​layus for suggesting and contributing both of the above improvements!

Otherwise

This release also includes various quality-of-life improvements for us maintainers, not necessarily user visible:

  • We now have CodeQL and actionlint checks running in our CI pipeline, thanks to @​smelc 🎉
  • Improved documentation
  • Various internal cleanups and modernizations

What's Changed

... (truncated)

Commits
  • c0ed1a1 Bump version to v0.20.0
  • b0c9d77 test_sample_projects: Fix incorrect type annotation, found by new Mypy
  • 437361e Bump minimum Python version to allow update of transitive dependency
  • 3e8636a Update lock file, re-pin dependencies
  • b7208c7 extract_imports.parse_source: Improve interaction with dirs_between()
  • d7be28c extract_imports.parse_source(): Fix case when base_dir is not a parent
  • 7b581f8 test_extract_imports_simple: Add failing test case for issue #490
  • de7c126 test_extract_imports_simple: Reformat test vectors with dataclass
  • 4ea2c22 CI: call the CodeQL workflow from the main workflow file
  • ce4b485 Rename codeql.yml to use the yaml extension
  • Additional commits viewable in compare view

Updates ty from 0.0.17 to 0.0.23

Release notes

Sourced from ty's releases.

0.0.23

Release Notes

Released on 2026-03-13.

Bug fixes

  • Fix false-positive diagnostics for PEP-604 union annotations on attribute targets on Python 3.9 when from __future__ import annotations is active (#23915)
  • dataclass_transform: Respect kw_only overwrites in dataclasses (#23930)
  • Fix too-many-cycle panics when inferring loop variables with Literal types (#23875)

Server

Core type checking

  • Split errors for possibly missing submodules into a new possibly-missing-submodule error code (enabled by default), and make possibly-missing-attribute ignored by default (#23918)
  • Improve handling of bidirectional inference when (#23844)
  • Fix inference of conditionally defined properties (#23925)

Improvements to diagnostics

  • Clarify in diagnostics that from __future__ import annotations only stringifies type annotations (#23928)

Performance improvements

  • Avoid duplicated work during multi-inference (#23923)

Contributors

Install ty 0.0.23

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.23/ty-installer.sh | sh

Install prebuilt binaries via powershell script

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.23

Released on 2026-03-13.

Bug fixes

  • Fix false-positive diagnostics for PEP-604 union annotations on attribute targets on Python 3.9 when from __future__ import annotations is active (#23915)
  • dataclass_transform: Respect kw_only overwrites in dataclasses (#23930)
  • Fix too-many-cycle panics when inferring loop variables with Literal types (#23875)

Server

Core type checking

  • Split errors for possibly missing submodules into a new possibly-missing-submodule error code (enabled by default), and make possibly-missing-attribute ignored by default (#23918)
  • Improve handling of bidirectional inference when (#23844)
  • Fix inference of conditionally defined properties (#23925)

Improvements to diagnostics

  • Clarify in diagnostics that from __future__ import annotations only stringifies type annotations (#23928)

Performance improvements

  • Avoid duplicated work during multi-inference (#23923)

Contributors

0.0.22

Released on 2026-03-12.

Bug fixes

  • Fix issue where variables could be inferred as Divergent if they were assigned using tuple unpacking in loops (#23812)
  • Allow error = "all" in a root pyproject.toml file to be overridden using tool.ty.overrides in a subdirectory's pyproject.toml file (#23712)
  • Only unsoundly upcast type[] types to their constructor Callable type during assignability checks, not during redundancy/subtyping checks (#23834, #23901)
  • Fix stack overflow that could occur with certain recursive protocols (#23870)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the uv-version-updates group across 1 directory wit…
99e2e48 
…h 6 updates

Bumps the uv-version-updates group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [fastapi](https://github.com/fastapi/fastapi) | `0.129.0` | `0.135.1` |
| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |
| [uvicorn](https://github.com/Kludex/uvicorn) | `0.41.0` | `0.42.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.1` | `0.15.6` |
| [fawltydeps](https://github.com/tweag/FawltyDeps) | `0.19.0` | `0.20.0` |
| [ty](https://github.com/astral-sh/ty) | `0.0.17` | `0.0.23` |



Updates `fastapi` from 0.129.0 to 0.135.1
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.129.0...0.135.1)

Updates `python-dotenv` from 1.2.1 to 1.2.2
- [Release notes](https://github.com/theskumar/python-dotenv/releases)
- [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md)
- [Commits](theskumar/python-dotenv@v1.2.1...v1.2.2)

Updates `uvicorn` from 0.41.0 to 0.42.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.41.0...0.42.0)

Updates `ruff` from 0.15.1 to 0.15.6
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.1...0.15.6)

Updates `fawltydeps` from 0.19.0 to 0.20.0
- [Release notes](https://github.com/tweag/FawltyDeps/releases)
- [Commits](tweag/FawltyDeps@v0.19.0...v0.20.0)

Updates `ty` from 0.0.17 to 0.0.23
- [Release notes](https://github.com/astral-sh/ty/releases)
- [Changelog](https://github.com/astral-sh/ty/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ty@0.0.17...0.0.23)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.135.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-version-updates
- dependency-name: python-dotenv
  dependency-version: 1.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: uv-version-updates
- dependency-name: uvicorn
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: uv-version-updates
- dependency-name: ruff
  dependency-version: 0.15.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: uv-version-updates
- dependency-name: fawltydeps
  dependency-version: 0.20.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: uv-version-updates
- dependency-name: ty
  dependency-version: 0.0.23
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: uv-version-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 16, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 25, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Mar 25, 2026
@dependabot dependabot bot deleted the dependabot/uv/uv-version-updates-64f2e2b71c branch March 25, 2026 13:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants