Skip to content

build(deps): bump the all-dependencies group with 16 updates#1845

Merged
YoshihitoAso merged 4 commits into
dev-26.9from
dependabot/uv/all-dependencies-bd833f81ae
Jul 6, 2026
Merged

build(deps): bump the all-dependencies group with 16 updates#1845
YoshihitoAso merged 4 commits into
dev-26.9from
dependabot/uv/all-dependencies-bd833f81ae

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on boto3, fastapi, psycopg[c], sqlalchemy[asyncio], uvicorn[standard], tzdata, asyncpg, pyroscope-io, pytest, pytest-cov, pytest-order, locustio, ruff, pytest-asyncio, boto3-stubs[all] and typer to permit the latest version.
Updates boto3 from 1.42.97 to 1.43.34

Commits

Updates fastapi from 0.136.3 to 0.138.0

Release notes

Sourced from fastapi's releases.

0.138.0

Features

  • ✨ Add support for app.frontend("/", directory="dist") and router.frontend("/", directory="dist"). PR #15800 by @​tiangolo.

Docs

Translations

Internal

0.137.2

Features

  • ✨ Add iter_route_contexts() for advanced use cases that used to use router.routes (e.g. Jupyverse). PR #15785 by @​tiangolo.

Translations

Internal

... (truncated)

Commits

Updates psycopg[c] to 3.3.4

Changelog

Sourced from psycopg[c]'s changelog.

.. currentmodule:: psycopg

.. index:: single: Release notes single: News

psycopg release notes

Future releases

Psycopg 3.3.5 (unreleased) ^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Discard prepared statements upon :sql:ALTER * or DISCARD * (:ticket:[#1307](https://github.com/psycopg/psycopg/issues/1307)).
  • Fix !ProgrammingError when dumping non-!None values with no !NoneType dumper registered in python implementation (:ticket:[#1325](https://github.com/psycopg/psycopg/issues/1325)).
  • Fix !wait_selector wait function to not raise !KeyError (:ticket:[#1327](https://github.com/psycopg/psycopg/issues/1327)).

Current release

Psycopg 3.3.4 ^^^^^^^^^^^^^

  • Fix possible spurious connection timeout in systems with very long uptimes in C extension (:ticket:[#1280](https://github.com/psycopg/psycopg/issues/1280)).
  • Fix client-side adaptation of enums whose name require quotes (:ticket:[#1298](https://github.com/psycopg/psycopg/issues/1298)).
  • Consistently populate ~Cursor.statusmessage after ~Cursor.executemany() (:ticket:[#1302](https://github.com/psycopg/psycopg/issues/1302)).

Psycopg 3.3.3 ^^^^^^^^^^^^^

  • Retain Error.pgconn when raising a single exception for multiple connection attempt errors (:ticket:[#1246](https://github.com/psycopg/psycopg/issues/1246)).
  • Return a proper error when server sends ErrorResponse for a Sync after a Parse (:ticket:[#1260](https://github.com/psycopg/psycopg/issues/1260)).

Psycopg 3.3.2 ^^^^^^^^^^^^^

Fix race condition in adapters at startup (:ticket:[#1230](https://github.com/psycopg/psycopg/issues/1230)).

... (truncated)

Commits
  • 83f1103 chore: bump psycopg_pool package version to 3.3.1
  • 1828770 chore: bump psycopg package version to 3.3.4
  • 8be14bb Merge pull request #1301 from oliverhaas/fix/sync-pool-open-race
  • aee0bf2 fix(pool): fix race in the construction of the sync ConnectionPool lock
  • bc4d303 chore(deps): bump the actions group across 1 directory with 4 updates
  • 785379f fix: retain statusmessage after executemany with returning=False
  • 8882a73 perf: do less if X in Y: return Y[X] for cache-like patterns
  • 2f78539 Merge pull request #1299 from dvarrazzo/fix-camel-enum
  • 37ef1dc test: skip test on crdb depending on precise regtype behaviour
  • 7f2f1d1 fix: fix client-side representation of enums requiring quotes
  • Additional commits viewable in compare view

Updates sqlalchemy[asyncio] to 2.0.51

Release notes

Sourced from sqlalchemy[asyncio]'s releases.

2.0.51

Released: June 15, 2026

orm

  • [orm] [bug] Fixed issue where _orm.subqueryload() combined with PropComparator.of_type() and PropComparator.and_() would silently drop the additional filter criteria, causing all related objects to be loaded instead of only those matching the filter. The LoaderCriteriaOption was being constructed against the base entity rather than the effective entity indicated by PropComparator.of_type(). Pull request courtesy Arya Rizky.

    References: #13207

  • [orm] [bug] Fixed bug where a failure during tpc_prepare() within _orm.Session.commit() for a two-phase session would raise IllegalStateChangeError instead of the original database exception. The internal _prepare_impl() method's error handler was unable to invoke _orm.SessionTransaction.rollback() due to a state-change guard, preventing proper cleanup and masking the underlying error.

    References: #13356

engine

  • [engine] [bug] Fixed issue where Result.freeze() would lose track of ambiguous column names present in the original CursorResult, causing key-based access on the thawed result to silently return a value instead of raising InvalidRequestError. The SimpleResultMetaData now accepts and propagates ambiguous key information so that frozen, thawed, and pickled results raise consistently for duplicate column names. Pull request courtesy Saurabh Kohli.

    References: #9427

sql

  • [sql] [bug] Fixed issue where _sql.StatementLambdaElement would proxy attribute access through the cached "expected" expression rather than the resolved expression, causing stale closure-bound parameter values to be used when a lambda statement was extended with non-lambda criteria such as an additional .where() clause. Courtesy cjc0013.

    References: #10827

... (truncated)

Commits

Updates uvicorn[standard] to 0.49.0

Release notes

Sourced from uvicorn[standard]'s releases.

Version 0.49.0

What's Changed

Full Changelog: Kludex/uvicorn@0.48.0...0.49.0

Changelog

Sourced from uvicorn[standard]'s changelog.

0.49.0 (June 3, 2026)

Changed

  • Bump httptools minimum version to 0.8.0 (#2962)
  • Consume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) (#2971)

0.48.0 (May 24, 2026)

Changed

  • Default ssl_ciphers to None and use OpenSSL defaults (#2940)

Fixed

  • Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)

0.47.0 (May 14, 2026)

Added

  • Add ssl_context_factory for custom SSLContext configuration (#2920)

Changed

  • Eagerly import the ASGI app in the parent process (#2919)

Fixed

  • Treat fd=0 as a valid file descriptor with reload/workers (#2927)

0.46.0 (April 23, 2026)

Added

  • Support ws_max_size in wsproto implementation (#2915)
  • Support ws_ping_interval and ws_ping_timeout in wsproto implementation (#2916)

Changed

  • Use bytearray for incoming WebSocket message buffer in websockets-sansio (#2917)

0.45.0 (April 21, 2026)

Added

  • Add --reset-contextvars flag to isolate ASGI request context (#2912)
  • Accept os.PathLike for log_config (#2905)
  • Accept log_level strings case-insensitively (#2907)

... (truncated)

Commits
  • 3ef2e3e Version 0.49.0 (#2973)
  • eeb64b1 Consume duplicate forwarding headers in ProxyHeadersMiddleware (#2971)
  • 630f4ac Make the watchfiles reload tests deterministic (#2972)
  • 9154922 chore(deps): bump the github-actions group across 1 directory with 6 updates ...
  • 739727a Migrate docs deploy from Cloudflare Pages to Workers (#2967)
  • be4a240 Gate docs preview deploy on Cloudflare token presence (#2966)
  • c489d7e Bump httptools minimum version to 0.8.0 (#2962)
  • 9f547bd Skip docs preview deploy for Dependabot PRs (#2961)
  • 44446b8 Migrate documentation from MkDocs Material to Zensical (#2959)
  • cfd659c Bump pymdown-extensions to 10.21.3 (#2958)
  • Additional commits viewable in compare view

Updates tzdata from 2025.3 to 2026.2

Release notes

Sourced from tzdata's releases.

2026.2: Release of upstream tzdata 2026b

Version 2026.2

Upstream version 2026b released 2026-04-23T06:06:43+00:00

Briefly:

British Columbia moved to permanent -07 on 2026-03-09. Some more overflow bugs have been fixed in zic.

Changes to future timestamps

British Columbia’s 2026-03-08 spring forward was its last foreseeable clock change, as it moved to permanent -07 thereafter. (Thanks to Arthur David Olson.) Although the change to permanent -07 legally took place on 2026-03-09, temporarily model the change to occur on 2026-11-01 at 02:00 instead. This works around a limitation in CLDR v48.2 (2026-03-17). This temporary hack is planned to be removed after CLDR is fixed.

2026.1: Release of upstream tzdata 2026a

Version 2026.1

Upstream version 2026a released 2026-03-02T06:59:49+00:00

Briefly:

Moldova has used EU transition times since 2022. The "right" TZif files are no longer installed by default. -DTZ_RUNTIME_LEAPS=0 disables runtime support for leap seconds. TZif files are no longer limited to 50 bytes of abbreviations. zic is no longer limited to 50 leap seconds. Several integer overflow bugs have been fixed.

Changes to past and future timestamps

Since 2022 Moldova has observed EU transition times, that is, it has sprung forward at 03:00, not 02:00, and has fallen back at 04:00, not 03:00. (Thanks to Heitor David Pinto.)

Changes to data

Remove Europe/Chisinau from zonenow.tab, as it now agrees with Europe/Athens for future timestamps.

Changelog

Sourced from tzdata's changelog.

Version 2026.2

Upstream version 2026b released 2026-04-23T06:06:43+00:00

Briefly:

British Columbia moved to permanent -07 on 2026-03-09. Some more overflow bugs have been fixed in zic.

Changes to future timestamps

British Columbia’s 2026-03-08 spring forward was its last foreseeable clock change, as it moved to permanent -07 thereafter. (Thanks to Arthur David Olson.) Although the change to permanent -07 legally took place on 2026-03-09, temporarily model the change to occur on 2026-11-01 at 02:00 instead. This works around a limitation in CLDR v48.2 (2026-03-17). This temporary hack is planned to be removed after CLDR is fixed.


Version 2026.1

Upstream version 2026a released 2026-03-02T06:59:49+00:00

Briefly:

Moldova has used EU transition times since 2022. The "right" TZif files are no longer installed by default. -DTZ_RUNTIME_LEAPS=0 disables runtime support for leap seconds. TZif files are no longer limited to 50 bytes of abbreviations. zic is no longer limited to 50 leap seconds. Several integer overflow bugs have been fixed.

Changes to past and future timestamps

Since 2022 Moldova has observed EU transition times, that is, it has sprung forward at 03:00, not 02:00, and has fallen back at 04:00, not 03:00. (Thanks to Heitor David Pinto.)

Changes to data

Remove Europe/Chisinau from zonenow.tab, as it now agrees with Europe/Athens for future timestamps.


Commits
  • 1ed8943 Update tzdata to version '2026b' (#135)
  • e3b2209 Add 14-day cooldown to Dependabot
  • 7e5b595 Hash pin GitHub Actions
  • 4997cab Update tzdata to version '2026a' (#123)
  • 4d6c41f Update development status to 'Production/Stable' (#127)
  • 7c1ce85 Remove 'v' from tags in auto-tag.yml
  • 77a9c09 Update docs links to tzdata.python.org (#125)
  • 11148f6 Remove quotes from update branch names
  • 98fa430 Bump actions/checkout from 5 to 6 in the actions group (#122)
  • 7ef7c61 Add auto-tag workflow (#110)
  • Additional commits viewable in compare view

Updates asyncpg from 0.30.0 to 0.31.0

Release notes

Sourced from asyncpg's releases.

v0.31.0

Enable Python 3.14 with experimental subinterpreter/freethreading support.

Improvements

  • Add Python 3.14 support, experimental subinterpreter/freethreading support (#1279) (by @​elprans in 9e42642b)

  • Avoid performing type introspection on known types (#1243) (by @​elprans in 5c9986c4)

  • Make prepare() not use named statements by default when cache is disabled (#1245) (by @​elprans in 5b14653e)

  • Implement connection service file functionality (#1223) (by @​AndrewJackson2020 in 1d63bb15)

Fixes

Other

Commits

Updates pyroscope-io from 1.0.11 to 1.0.12

Updates pytest from 9.0.3 to 9.1.1

Release notes

Sourced from pytest's releases.

9.1.1

pytest 9.1.1 (2026-06-19)

Bug fixes

  • #14220: Fixed a logic bug in pytest.RaisesGroup which would might cause it to display incorrect "It matches FooError() which was paired with BarError" messages.
  • #14591: Fixed a regression in pytest 9.1.0 which caused overriding a parametrized fixture with an indirect @​pytest.mark.parametrize to fail with "duplicate parametrization of '<fixture name>'".
  • #14606: Fixed list-item typing errors from mypy in @pytest.mark.parametrize <pytest.mark.parametrize ref> argvalues parameter.
  • #14608: Fixed a regression in pytest 9.1.0 where conftest.py files located in <invocation dir>/test* were no longer loaded as initial conftests when invoked without arguments. This could cause certain hooks (like pytest_addoption) in these files to not fire.

9.1.0

pytest 9.1.0 (2026-06-13)

Removals and backward incompatible breaking changes

  • #14533: When using --doctest-modules, autouse fixtures with module, package or session scope that are defined inline in Python test modules (not plugins or conftests) will now possibly execute twice.

    If this is undesirable, move the fixture definition to a conftest.py file if possible.

    Technical explanation for those interested: When using --doctest-modules, pytest possibly collects Python modules twice, once as pytest.Module and once as a DoctestModule (depending on the configuration). Due to improvements in pytest's fixture implementation, if e.g. the DoctestModule collects a fixture, it is now visible to it only, and not to the Module. This means that both need to register the fixtures independently.

Deprecations (removal in next major release)

  • #10819: Added a deprecation warning for class-scoped fixtures defined as instance methods (without @classmethod). Such fixtures set attributes on a different instance than the test methods use, leading to unexpected behavior. Use @classmethod decorator instead -- by yastcher.

    See 10819 and 14011.

  • #12882: Calling request.getfixturevalue() <pytest.FixtureRequest.getfixturevalue> during teardown to request a fixture that was not already requested is now deprecated and will become an error in pytest 10.

    See dynamic-fixture-request-during-teardown for details.

  • #13409: Using non-~collections.abc.Collection iterables (such as generators, iterators, or custom iterable objects) for the argvalues parameter in @pytest.mark.parametrize <pytest.mark.parametrize ref> and metafunc.parametrize <pytest.Metafunc.parametrize> is now deprecated.

    These iterables get exhausted after the first iteration, leading to tests getting unexpectedly skipped in cases such as running pytest.main() multiple times, using class-level parametrize decorators, or collecting tests multiple times.

    See parametrize-iterators for details and suggestions.

  • #13946: The private config.inicfg attribute is now deprecated. Use config.getini() <pytest.Config.getini> to access configuration values instead.

    See config-inicfg for more details.

  • #14004: Passing baseid to ~pytest.FixtureDef or nodeid strings to fixture registration APIs is now deprecated. These are internal pytest APIs that are used by some plugins.

... (truncated)

Commits
  • cf470ec Prepare release version 9.1.1
  • e0c8ce6 Merge pull request #14625 from pytest-dev/patchback/backports/9.1.x/a07c31a97...
  • 1b82d16 Merge pull request #14624 from pytest-dev/patchback/backports/9.1.x/b375b79ec...
  • 501c4bc Merge pull request #14596 from bluetech/doc-classmethod
  • b61f588 Merge pull request #14622 from chrisburr/fix-14608-initial-conftest-test-subdir
  • 9a567e0 [automated] Update plugin list (#14617) (#14618)
  • ef8b299 Merge pull request #14620 from pytest-dev/patchback/backports/9.1.x/680f9f3ed...
  • 66abd07 Merge pull request #14220 from bysiber/fix-stale-iexp-raisesgroup
  • 79fbf93 Merge pull request #14612 from pytest-dev/patchback/backports/9.1.x/974ed48b6...
  • 0d312eb Merge pull request #14611 from bluetech/parametrize-argvalues-typing
  • Additional commits viewable in compare view

Updates pytest-cov from 5.0.0 to 7.1.0

Changelog

Sourced from pytest-cov's changelog.

7.1.0 (2026-03-21)

  • Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See [#641](https://github.com/pytest-dev/pytest-cov/issues/641) <https://github.com/pytest-dev/pytest-cov/issues/641>_.

  • Improve handling of ResourceWarning from sqlite3.

    The plugin adds warning filter for sqlite3 ResourceWarning unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.

    With this fix one can suppress ResourceWarning from sqlite3 from command line::

    pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...

  • Various improvements to documentation. Contributed by Art Pelling in [#718](https://github.com/pytest-dev/pytest-cov/issues/718) <https://github.com/pytest-dev/pytest-cov/pull/718>_ and "vivodi" in [#738](https://github.com/pytest-dev/pytest-cov/issues/738) <https://github.com/pytest-dev/pytest-cov/pull/738>. Also closed [#736](https://github.com/pytest-dev/pytest-cov/issues/736) <https://github.com/pytest-dev/pytest-cov/issues/736>.

  • Fixed some assertions in tests. Contributed by in Markéta Machová in [#722](https://github.com/pytest-dev/pytest-cov/issues/722) <https://github.com/pytest-dev/pytest-cov/pull/722>_.

  • Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).

7.0.0 (2025-09-09)

  • Dropped support for subprocesses measurement.

    It was a feature added long time ago when coverage lacked a nice way to measure subprocesses created in tests. It relied on a .pth file, there was no way to opt-out and it created bad interations with coverage's new patch system <https://coverage.readthedocs.io/en/latest/config.html#run-patch>_ added in 7.10 <https://coverage.readthedocs.io/en/7.10.6/changes.html#version-7-10-0-2025-07-24>_.

    To migrate to this release you might need to enable the suprocess patch, example for .coveragerc:

    .. code-block:: ini

    [run] patch = subprocess

    This release also requires at least coverage 7.10.6.

  • Switched packaging to have metadata completely in pyproject.toml and use hatchling <https://pypi.org/project/hatchling/>_ for building. Contributed by Ofek Lev in [#551](https://github.com/pytest-dev/pytest-cov/issues/551) <https://github.com/pytest-dev/pytest-cov/pull/551>_ with some extras in [#716](https://github.com/pytest-dev/pytest-cov/issues/716) <https://github.com/pytest-dev/pytest-cov/pull/716>_.

  • Removed some not really necessary testing deps like six.

... (truncated)

Commits
  • 66c8a52 Bump version: 7.0.0 → 7.1.0
  • f707662 Make the examples use pypy 3.11.
  • 6049a78 Make context test use the old ctracer (seems the new sysmon tracer behaves di...
  • 8ebf20b Update changelog.
  • 861d30e Remove the backup context manager - shouldn't be needed since coverage 5.0, ...
  • fd4c956 Pass the precision on the nulled total (seems that there's some caching goion...
  • 78c9c4e Only run the 3.9 on older deps.
  • 4849a92 Punctuation.
  • 197c35e Update changelog and hopefully I don't forget to publish release again :))
  • 14dc1c9 Update examples to use 3.11 and make the adhoc layout example look a bit more...
  • Additional commits viewable in compare view

Updates pytest-order from 1.4.0 to 1.5.0

Release notes

Sourced from pytest-order's releases.

pytest-order 1.5.0

Adds option --fail-all-on-failed-ordering to abort tests after a failed ordering (see Release Notes).

Changelog

Sourced from pytest-order's changelog.

Version 1.5.0 (2026-06-13)

Adds option to abort tests after a failed ordering.

New features

  • added option --fail-all-on-failed-ordering to abort the whole test run without executing any tests if some tests could not be ordered

Fixes

  • transitive relative chains are resolved as a single globally consistent order
Commits
  • 725547f Release 1.5.0
  • 43e0769 Implement --fail-all-on-failed-ordering (#246)
  • c411fc8 Fix relative ordering in complex transitive cases (#242)
  • 5a67269 Bump codecov/codecov-action from 6 to 7
  • ce06e5d [pre-commit.ci] pre-commit autoupdate
  • 1448804 [pre-commit.ci] pre-commit autoupdate
  • e8c9af0 [pre-commit.ci] pre-commit autoupdate
  • 4b028bc [pre-commit.ci] pre-commit autoupdate
  • 5d57cd7 [pre-commit.ci] pre-commit autoupdate
  • 3ec2e30 [pre-commit.ci] pre-commit autoupdate
  • Additional commits viewable in compare view

Updates locustio from 0.9.0 to 0.999

Changelog

Sourced from locustio's changelog.

#################### Changelog Highlights ####################

For full details of changes, please see https://github.com/locustio/locust/releases or https://github.com/locustio/locust/blob/master/CHANGELOG.md

2.44.2 and onwards

  • This file will no longer be updated for each release. Check the github releases page instead!

2.44.1

2.44.0

2.43.4

2.43.3

  • Update dependencies and some documentation, no functional changes

2.43.2

2.43.1

  • Upgrade various Web UI dependencies, no other changes

2.43.0

... (truncated)

Commits

Updates ruff from 0.15.17 to 0.15.18

Release notes

Sourced from ruff's releases.

0.15.18

Release Notes

Released on 2026-06-18.

Preview features

  • Handle nested ruff:ignore comments (#25791)
  • Stop displaying severity in output (#26050)
  • Use human-readable names in CLI output (#25937)
  • Use human-readable names in LSP and playground diagnostics (#26058)
  • [pydocstyle] Prevent property docstrings starting with verbs (D421) (#23775)
  • [flake8-pyi] Extend PYI033 to Python files (#26129)

Bug fixes

  • Detect equivalent numeric mapping keys (#26009)
  • Detect mapping keys equivalent to booleans (#25982)
  • Detect repeated signed and complex dictionary keys (#26007)

Rule changes

  • [flake8-pyi] Rename PYI033 to legacy-type-comment (#26131)

Performance

  • Use ThinVec for call keywords (#25999)
  • Inline parser recovery context checks (#26038)
  • Match parser keywords as bytes (#26037)
  • Move value parsing out of lexing (#25360)

Server

  • Render subdiagnostics and secondary annotations as related information (#26011)

Documentation

  • Update fix availability for always-fixable rules (#26091)
  • [flake8-tidy-imports] Add fix safety section (TID252) (#17491)

Parser

  • Reject __debug__ lambda parameters (#26022)
  • Reject _ as a match-pattern target (#25977)
  • Reject multiple starred names in sequence patterns (#25976)
  • Reject parenthesized star imports (#26021)
  • Reject starred comprehension targets (#26023)
  • Reject unparenthesized generator expressions in class bases (#25978)
  • Reject yield expressions after commas (#26024)
  • Validate function type parameter default order (#25981)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.18

Released on 2026-06-18.

Preview features

  • Handle nested ruff:ignore comments (#25791)
  • Stop displaying severity in output (#26050)
  • Use human-readable names in CLI output (#25937)
  • Use human-readable names in LSP and playground diagnostics (#26058)
  • [pydocstyle] Prevent property docstrings starting with verbs (D421) (#23775)
  • [flake8-pyi] Extend PYI033 to Python files (#26129)

Bug fixes

  • Detect equivalent numeric mapping keys (#26009)
  • Detect mapping keys equivalent to booleans (#25982)
  • Detect repeated signed and complex dictionary keys (#26007)

Rule changes

  • [flake8-pyi] Rename PYI033 to legacy-type-comment (#26131)

Performance

  • Use ThinVec for call keywords (#25999)
  • Inline parser recovery context checks (#26038)
  • Match parser keywords as bytes (#26037)
  • Move value parsing out of lexing (#25360)

Server

  • Render subdiagnostics and secondary annotations as related information (#26011)

Documentation

  • Update fix availability for always-fixable rules (#26091)
  • [flake8-tidy-imports] Add fix safety section (TID252) (#17491)

Parser

  • Reject __debug__ lambda parameters (#26022)
  • Reject _ as a match-pattern target (#25977)
  • Reject multiple starred names in sequence patterns (#25976)
  • Reject parenthesized star imports (#26021)
  • Reject starred comprehension targets (#26023)
  • Reject unparenthesized generator expressions in class bases (#25978)
  • Reject yield expressions after commas (#26024)
  • Validate function type parameter default order (#25981)

... (truncated)

Commits

Updates the requirements on [boto3](https://github.com/boto/boto3), [fastapi](https://github.com/fastapi/fastapi), [psycopg[c]](https://github.com/psycopg/psycopg), [sqlalchemy[asyncio]](https://github.com/sqlalchemy/sqlalchemy), [uvicorn[standard]](https://github.com/Kludex/uvicorn), [tzdata](https://github.com/python/tzdata), [asyncpg](https://github.com/MagicStack/asyncpg), pyroscope-io, [pytest](https://github.com/pytest-dev/pytest), [pytest-cov](https://github.com/pytest-dev/pytest-cov), [pytest-order](https://github.com/pytest-dev/pytest-order), [locustio](https://github.com/locustio/locust), [ruff](https://github.com/astral-sh/ruff), [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio), [boto3-stubs[all]](https://github.com/youtype/mypy_boto3_builder) and [typer](https://github.com/fastapi/typer) to permit the latest version.

Updates `boto3` from 1.42.97 to 1.43.34
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.42.97...1.43.34)

Updates `fastapi` from 0.136.3 to 0.138.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.136.3...0.138.0)

Updates `psycopg[c]` to 3.3.4
- [Changelog](https://github.com/psycopg/psycopg/blob/master/docs/news.rst)
- [Commits](psycopg/psycopg@3.2.0...3.3.4)

Updates `sqlalchemy[asyncio]` to 2.0.51
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

Updates `uvicorn[standard]` to 0.49.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.44.0...0.49.0)

Updates `tzdata` from 2025.3 to 2026.2
- [Release notes](https://github.com/python/tzdata/releases)
- [Changelog](https://github.com/python/tzdata/blob/master/NEWS.md)
- [Commits](python/tzdata@2025.3...2026.2)

Updates `asyncpg` from 0.30.0 to 0.31.0
- [Release notes](https://github.com/MagicStack/asyncpg/releases)
- [Commits](MagicStack/asyncpg@v0.30.0...v0.31.0)

Updates `pyroscope-io` from 1.0.11 to 1.0.12

Updates `pytest` from 9.0.3 to 9.1.1
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.0.3...9.1.1)

Updates `pytest-cov` from 5.0.0 to 7.1.0
- [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst)
- [Commits](pytest-dev/pytest-cov@v5.0.0...v7.1.0)

Updates `pytest-order` from 1.4.0 to 1.5.0
- [Release notes](https://github.com/pytest-dev/pytest-order/releases)
- [Changelog](https://github.com/pytest-dev/pytest-order/blob/main/CHANGELOG.md)
- [Commits](pytest-dev/pytest-order@v1.4.0...v1.5.0)

Updates `locustio` from 0.9.0 to 0.999
- [Release notes](https://github.com/locustio/locust/releases)
- [Changelog](https://github.com/locustio/locust/blob/master/docs/changelog.rst)
- [Commits](https://github.com/locustio/locust/commits)

Updates `ruff` from 0.15.17 to 0.15.18
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.17...0.15.18)

Updates `pytest-asyncio` from 1.3.0 to 1.4.0
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](pytest-dev/pytest-asyncio@v1.3.0...v1.4.0)

Updates `boto3-stubs[all]` to 1.43.34
- [Release notes](https://github.com/youtype/mypy_boto3_builder/releases)
- [Commits](https://github.com/youtype/mypy_boto3_builder/commits)

Updates `typer` from 0.12.5 to 0.26.7
- [Release notes](https://github.com/fastapi/typer/releases)
- [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md)
- [Commits](fastapi/typer@0.12.5...0.26.7)

---
updated-dependencies:
- dependency-name: boto3
  dependency-version: 1.43.34
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: fastapi
  dependency-version: 0.138.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: psycopg[c]
  dependency-version: 3.3.4
  dependency-type: direct:production
  dependency-group: all-dependencies
- dependency-name: sqlalchemy[asyncio]
  dependency-version: 2.0.51
  dependency-type: direct:production
  dependency-group: all-dependencies
- dependency-name: uvicorn[standard]
  dependency-version: 0.49.0
  dependency-type: direct:production
  dependency-group: all-dependencies
- dependency-name: tzdata
  dependency-version: '2026.2'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: asyncpg
  dependency-version: 0.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: pyroscope-io
  dependency-version: 1.0.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: pytest
  dependency-version: 9.1.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: pytest-cov
  dependency-version: 7.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: pytest-order
  dependency-version: 1.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: locustio
  dependency-version: '0.999'
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: ruff
  dependency-version: 0.15.18
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: pytest-asyncio
  dependency-version: 1.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: boto3-stubs[all]
  dependency-version: 1.43.34
  dependency-type: direct:development
  dependency-group: all-dependencies
- dependency-name: typer
  dependency-version: 0.26.7
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Update a dependency file python:uv Pull requests that update python:uv code labels Jul 6, 2026
Update the dev dependency in `pyproject.toml` from `locustio==0.999` to `locustio==0.9.0` and refresh `uv.lock` accordingly. The lockfile now reflects the older locustio release and its resolved transitive dependencies.
Drop the old Locust-based load testing artifacts by removing the load test README/script, Locust type stubs, and related BASIC_AUTH config entries. Also remove `locustio` from dev dependencies now that this test path is no longer supported.
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown

Coverage

Coverage Report •
FileStmtsMissBranchBrPartCoverMissing
app
   config.py10026298%58, 152
TOTAL374551470352464796% 

Tests Skipped Failures Errors Time
1281 0 💤 0 ❌ 0 🔥 11m 9s ⏱️

@YoshihitoAso YoshihitoAso merged commit 00fcaa6 into dev-26.9 Jul 6, 2026
12 checks passed
@dependabot dependabot Bot deleted the dependabot/uv/all-dependencies-bd833f81ae branch July 6, 2026 01:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants