MESH-2092 Bump the dependencies group across 1 directory with 4 updates

[dependabot]

Bumps the dependencies group with 4 updates in the / directory: fastapi, gunicorn, petname and ruff.

Updates fastapi from 0.128.8 to 0.129.0

Release notes

Sourced from fastapi's releases.

0.129.0

Breaking Changes

• ➖ Drop support for Python 3.9. PR #14897 by @​tiangolo.

Refactors

• 🎨 Update internal types for Python 3.10. PR #14898 by @​tiangolo.

Docs

• 📝 Update highlights in webhooks docs. PR #14905 by @​tiangolo.
• 📝 Update source examples and docs from Python 3.9 to 3.10. PR #14900 by @​tiangolo.

Internal

• 🔨 Update docs.py scripts to migrate Python 3.9 to Python 3.10. PR #14906 by @​tiangolo.

Commits

• a2e5136 🔖 Release version 0.129.0
• b7ce02a 📝 Update release notes
• 31d9750 🔨 Update docs.py scripts to migrate Python 3.9 to Python 3.10 (#14906)
• 109cc8a 📝 Update release notes
• c82a3d8 📝 Update highlights in webhooks docs (#14905)
• 0e46065 📝 Update release notes
• c9e2277 📝 Update source examples and docs from Python 3.9 to 3.10 (#14900)
• d06ab3f 📝 Update release notes
• 3da206c 🎨 Update internal types for Python 3.10 (#14898)
• cc903bd 📝 Update release notes
• Additional commits viewable in compare view

Updates gunicorn from 25.0.3 to 25.1.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 25.1.0

New Features

• Control Interface (gunicornc): Add interactive control interface for managing running Gunicorn instances, similar to birdc for BIRD routing daemon ([PR #3505](benoitc/gunicorn#3505))

  • Unix socket-based communication with JSON protocol
  • Interactive mode with readline support and command history
  • Commands: show all/workers/dirty/config/stats/listeners
  • Worker management: worker add/remove/kill, dirty add/remove
  • Server control: reload, reopen, shutdown
  • New settings: --control-socket, --control-socket-mode, --no-control-socket
  • New CLI tool: gunicornc for connecting to control socket
  • See Control Interface Guide for details

• Dirty Stash: Add global shared state between workers via dirty.stash ([PR #3503](benoitc/gunicorn#3503))

  • In-memory key-value store accessible by all workers
  • Supports get, set, delete, clear, keys, and has operations
  • Useful for sharing state like feature flags, rate limits, or cached data

• Dirty Binary Protocol: Implement efficient binary protocol for dirty arbiter IPC using TLV (Type-Length-Value) encoding ([PR #3500](benoitc/gunicorn#3500))

  • More efficient than JSON for binary data
  • Supports all Python types: str, bytes, int, float, bool, None, list, dict
  • Better performance for large payloads

• Dirty TTIN/TTOU Signals: Add dynamic worker scaling for dirty arbiters ([PR #3504](benoitc/gunicorn#3504))

  • Send SIGTTIN to increase dirty workers
  • Send SIGTTOU to decrease dirty workers
  • Respects minimum worker constraints from app configurations

Changes

• ASGI Worker: Promoted from beta to stable
• Dirty Arbiters: Now marked as beta feature

Documentation

• Fix Markdown formatting in /configure documentation

Commits

• 2d43101 docs: merge gunicornc into 25.1.0 release
• bf4ad8d docs: update 25.1.0 release date to 2026-02-13
• 730350e Merge pull request #3505 from benoitc/feature/gunicornc-control-interface
• 63df19b fix(tests): use process groups for reliable signal handling in PyPy
• cd77bcc fix(tests): increase wait time for all server tests
• 02ea985 fix(tests): improve server test reliability on FreeBSD
• 6d81c9e fix: resolve pylint warnings
• 7486baa fix: remove unused imports
• 3e60d29 docs: add gunicornc control interface guide
• e05e40d feat(ctl): add message-based dirty worker management
• Additional commits viewable in compare view

Updates petname from 2.6 to 2.9

Release notes

Sourced from petname's releases.

python-petname 2.9 - CRITICAL SECURITY RELEASE

🚨 CRITICAL SECURITY RELEASE - python-petname 2.9

ALL USERS SHOULD UPGRADE IMMEDIATELY due to critical DoS vulnerabilities.

---

🔒 Security Fixes

CRITICAL: Infinite Loop DoS Vulnerability (CVE Candidate)

Issue: Word selection functions could hang indefinitely when the letters parameter was smaller than the shortest word in the list, causing 100% CPU usage and denial of service.

Affected Functions:

• petname.adverb(letters) - hung when letters < 4
• petname.adjective(letters) - hung when letters < 2
• petname.name(letters) - hung when letters < 2

Fix: Added minimum length validation to prevent infinite loops:

# Before: Could hang forever
petname.adverb(1)  # ❌ HUNG INDEFINITELY
After: Returns immediately
petname.adverb(1)  # ✅ Returns 'duly' in <0.001s

Impact:

• Prevents CPU-based DoS attacks
• Eliminates process hangs
• Protects services using petname library

---

HIGH: CLI Input Validation

Issue: CLI crashed with unhandled exceptions on invalid input.

Fix: Added proper error handling with user-friendly messages:

# Before: Cryptic traceback
$ python -m petname --letters abc
ValueError: invalid literal for int()...
After: Clear error message
$ python -m petname --letters abc
Error: --words and --letters must be valid integers

---

... (truncated)

Commits

• See full diff in compare view

Updates ruff from 0.15.0 to 0.15.1

Release notes

Sourced from ruff's releases.

0.15.1

Release Notes

Released on 2026-02-12.

Preview features

• [airflow] Add ruff rules to catch deprecated Airflow imports for Airflow 3.1 (AIR321) (#22376)
• [airflow] Third positional parameter not named ti_key should be flagged for BaseOperatorLink.get_link (AIR303) (#22828)
• [flake8-gettext] Fix false negatives for plural argument of ngettext (INT001, INT002, INT003) (#21078)
• [pyflakes] Fix infinite loop in preview fix for unused-import (F401) (#23038)
• [pygrep-hooks] Detect non-existent mock methods in standalone expressions (PGH005) (#22830)
• [pylint] Allow dunder submodules and improve diagnostic range (PLC2701) (#22804)
• [pyupgrade] Improve diagnostic range for tuples (UP024) (#23013)
• [refurb] Check subscripts in tuple do not use lambda parameters in reimplemented-operator (FURB118) (#23079)
• [ruff] Detect mutable defaults in field calls (RUF008) (#23046)
• [ruff] Ignore std cmath.inf (RUF069) (#23120)
• [ruff] New rule float-equality-comparison (RUF069) (#20585)
• Don't format unlabeled Markdown code blocks (#23106)
• Markdown formatting support in LSP (#23063)
• Support Quarto Markdown language markers (#22947)
• Support formatting pycon Markdown code blocks (#23112)
• Use extension mapping to select Markdown code block language (#22934)

Bug fixes

• Avoid false positive for undefined variables in FAST001 (#23224)
• Avoid introducing syntax errors for FAST003 autofix (#23227)
• Avoid suggesting InitVar for __post_init__ that references PEP 695 type parameters (#23226)
• Deduplicate type variables in generic functions (#23225)
• Fix exception handler parenthesis removal for Python 3.14+ (#23126)
• Fix f-string middle panic when parsing t-strings (#23232)
• Wrap RUF020 target for multiline fixes (#23210)
• Wrap UP007 target for multiline fixes (#23208)
• Fix missing diagnostics for last range suppression in file (#23242)
• [pyupgrade] Fix syntax error on string with newline escape and comment (UP037) (#22968)

Rule changes

• Use ruff instead of Ruff as the program name in GitHub output format (#23240)
• [PT006] Fix syntax error when unpacking nested tuples in parametrize fixes (#22441) (#22464)
• [airflow] Catch deprecated attribute access from context key for Airflow 3.0 (AIR301) (#22850)
• [airflow] Capture deprecated arguments and a decorator (AIR301) (#23170)
• [flake8-boolean-trap] Add multiprocessing.Value to excluded functions for FBT003 (#23010)
• [flake8-bugbear] Add a secondary annotation showing the previous occurrence (B033) (#22634)
• [flake8-type-checking] Add sub-diagnostic showing the runtime use of an annotation (TC004) (#23091)
• [isort] Support configurable import section heading comments (#23151)
• [ruff] Improve the diagnostic for RUF012 (#23202)

Formatter

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.1

Released on 2026-02-12.

Preview features

• [airflow] Add ruff rules to catch deprecated Airflow imports for Airflow 3.1 (AIR321) (#22376)
• [airflow] Third positional parameter not named ti_key should be flagged for BaseOperatorLink.get_link (AIR303) (#22828)
• [flake8-gettext] Fix false negatives for plural argument of ngettext (INT001, INT002, INT003) (#21078)
• [pyflakes] Fix infinite loop in preview fix for unused-import (F401) (#23038)
• [pygrep-hooks] Detect non-existent mock methods in standalone expressions (PGH005) (#22830)
• [pylint] Allow dunder submodules and improve diagnostic range (PLC2701) (#22804)
• [pyupgrade] Improve diagnostic range for tuples (UP024) (#23013)
• [refurb] Check subscripts in tuple do not use lambda parameters in reimplemented-operator (FURB118) (#23079)
• [ruff] Detect mutable defaults in field calls (RUF008) (#23046)
• [ruff] Ignore std cmath.inf (RUF069) (#23120)
• [ruff] New rule float-equality-comparison (RUF069) (#20585)
• Don't format unlabeled Markdown code blocks (#23106)
• Markdown formatting support in LSP (#23063)
• Support Quarto Markdown language markers (#22947)
• Support formatting pycon Markdown code blocks (#23112)
• Use extension mapping to select Markdown code block language (#22934)

Bug fixes

• Avoid false positive for undefined variables in FAST001 (#23224)
• Avoid introducing syntax errors for FAST003 autofix (#23227)
• Avoid suggesting InitVar for __post_init__ that references PEP 695 type parameters (#23226)
• Deduplicate type variables in generic functions (#23225)
• Fix exception handler parenthesis removal for Python 3.14+ (#23126)
• Fix f-string middle panic when parsing t-strings (#23232)
• Wrap RUF020 target for multiline fixes (#23210)
• Wrap UP007 target for multiline fixes (#23208)
• Fix missing diagnostics for last range suppression in file (#23242)
• [pyupgrade] Fix syntax error on string with newline escape and comment (UP037) (#22968)

Rule changes

• Use ruff instead of Ruff as the program name in GitHub output format (#23240)
• [PT006] Fix syntax error when unpacking nested tuples in parametrize fixes (#22441) (#22464)
• [airflow] Catch deprecated attribute access from context key for Airflow 3.0 (AIR301) (#22850)
• [airflow] Capture deprecated arguments and a decorator (AIR301) (#23170)
• [flake8-boolean-trap] Add multiprocessing.Value to excluded functions for FBT003 (#23010)
• [flake8-bugbear] Add a secondary annotation showing the previous occurrence (B033) (#22634)
• [flake8-type-checking] Add sub-diagnostic showing the runtime use of an annotation (TC004) (#23091)
• [isort] Support configurable import section heading comments (#23151)
• [ruff] Improve the diagnostic for RUF012 (#23202)

Formatter

... (truncated)

Commits

• a2f11d2 Prepare for 0.15.1 (#23253)
• d29628e Remove docker-run-action (#23254)
• 8a04266 [ty] Allow discovering dependencies in system Python environments (#22994)
• 55d06c8 Ensure pending suppression diagnostics are reported (#23242)
• d056a9f [isort] support for configurable import section heading comments (#23151)
• e22fa4f [ty] Fix method calls on subclasses of Any (#23248)
• fa56c15 [ty] Fix bound method access on None (#23246)
• 4fd07d0 Make range suppression test snapshot actually useful (#23251)
• 8c63bce [ty] Include conditional symbols (like datetime.UTC) in auto-import in more...
• 46be943 Exclude WASM artifacts from GitHub releases (#23221)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

☂️ Python Coverage

current status: ✅

Overall Coverage

Lines	Covered	Coverage	Threshold	Status
2931	2719	93%	85%	🟢

New Files

No new covered files...

Modified Files

No covered modified files...

updated for commit: 05d2f8e by action🐍

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud