Bump: Update fastapi requirement from >=0.115 to >=0.136.3#26
Closed
dependabot[bot] wants to merge 84 commits into
Closed
Bump: Update fastapi requirement from >=0.115 to >=0.136.3#26dependabot[bot] wants to merge 84 commits into
dependabot[bot] wants to merge 84 commits into
Conversation
Deps: qrcode[pil]>=8.0 and python-barcode>=0.15 added to pyproject.toml — first new runtime deps since initial skeleton; required by the template renderer (Phase 3) for QR and barcode element generation. Schema: CREATE TABLE IF NOT EXISTS templates (id, name unique, display_name, label_media, canvas_json, field_schema, created_at, updated_at, deleted_at). Idempotent migration adds field_values TEXT and batch_id TEXT to print_jobs via PRAGMA table_info check + ALTER TABLE, since SQLite has no ADD COLUMN IF NOT EXISTS. Models: FieldSpec, Template, TemplateCreate, TemplateUpdate, PrintRequest, BatchPrintRequest, BatchJobResult, BatchPrintResponse added to labelforge.models. Store: labelforge.templates.store — list_templates, get_template, create_template, update_template, soft_delete, duplicate. Name validation enforces ^[a-z0-9][a-z0-9-]*$ slug; duplicate names raise ValueError (→ 409 in routes); missing templates return None (→ 404).
… output QR: use box_size=1 to generate the smallest natural image (1px/module), then scale by the largest integer multiple that fits the target box with NEAREST resampling. Every module is guaranteed N×N pure black/white pixels — no grey edges that the print threshold can crush. Barcode: binarize to pure 0/255 before scaling, then NEAREST instead of LANCZOS. LANCZOS was introducing anti-aliased grey at bar edges; those grey values survived the 1-bit threshold and merged adjacent bars. Preview: introduce PRINT_THRESHOLD (70, matching convert()'s default) and to_print_bitmap() in printer/client.py. Both preview endpoints now apply the same invert+threshold step as convert(), returning a pure B/W PNG that is the exact bitmap the printer rasterizes. print_image() passes the constant explicitly to convert() so the single definition governs both paths.
… job per template
Compose job: iterate over docker-compose.yml / docker-compose.dev.yml (correct filenames) with a hardened loop that skips absent files instead of failing under bash -e. CLAUDE.md convention note updated to match. Ruff: import order (I001) in main.py and routes/print.py; datetime.UTC (UP017) in templates/store.py; E741 ambiguous name in printer/client.py; E501 long-line wraps in printer/client.py, render/template.py, routes/print.py, and routes/template_print.py. Applied ruff format across 12 files.
Add mypy (>=1.11) and types-PyYAML to the dev extra; configure [tool.mypy] with the pydantic plugin and per-module ignore_missing_imports overrides for unstubbed third-party libs (brother_ql, qrcode, barcode). Fix the 11 backend type errors surfaced by enabling the check: - render/template.py: Image.BICUBIC/NEAREST → Image.Resampling.* (Pillow 9.1+ deprecation) - printer/client.py: hoist width_mm/length_mm declarations to avoid no-redef; guard both in _media_id_from_dims call - history.py: assert cursor.lastrowid is not None after INSERT - render/text.py: int() cast on textbbox pixel delta - routes/printer.py: widen return annotation to dict | JSONResponse
- .claude/commands/release-prep.md + release-cut.md added (slash commands) - build-and-push.yml: release:published replaces tags:v*.*.* trigger (ADR 2026-06-05) - .gitignore: un-ignore .claude/commands/ so slash commands are tracked - CLAUDE.md: Release process (operational rules) section pasted verbatim; Build Status block added - standards.md: release-prep-and-cut @ 1.0.0 registered - README.md: version line + What's New section added; status blurb updated - docs/decisions.md: ADR for publish trigger reconciliation - CHANGELOG.md: adoption entry added; stale [version] template header removed
… on loaded-roll mismatch
- pyproject.toml bumped to 0.1.0 - CHANGELOG: rolled [Unreleased] → [0.1.0] — 2026-06-06 - README: version badge + What's New entry, Status updated - CLAUDE.md: Build Status block updated (Last shipped v0.1.0)
Add a scrub() helper and apply it to the user-influenced values that reach log calls flagged by CodeQL py/log-injection: the history job_id path param and the requested label media on media-mismatch warnings.
…cept) Add explanatory comments to the shutdown-task cancellation and malformed-payload handlers, and log the best-effort printer-socket close at debug instead of pass.
…tack-trace-exposure) Log the StatusUnavailable exception server-side and return a generic message instead of str(exc) in the GET /api/printer/status error body.
Updates the requirements on [fastapi](https://github.com/fastapi/fastapi) to permit the latest version. - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.115.0...0.136.3) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.136.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
Owner
|
Superseded by commit 6973cef on |
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updates the requirements on fastapi to permit the latest version.
Release notes
Sourced from fastapi's releases.
Commits
8206485🔖 Release version 0.136.3c910e01📝 Update release notes063b5bf♻️ Do not accept underscore headers when usingconvert_underscores=True(th...22b02e2🔖 Release version 0.136.23b252a2📝 Update release notesc7fb785♻️ Validate Server Sent Event fields to avoid applications from sending broke...cb83b83📝 Update release notes00f805c✅ Update tests, don't double dispose the engine (#15587)3675137📝 Update release notes7b57e42📝 Document--entrypointCLI option (#15464)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)