Skip to content

chore(deps)(deps): bump the web-framework group across 1 directory with 4 updates#110

Open
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/pip/web-framework-835a705822
Open

chore(deps)(deps): bump the web-framework group across 1 directory with 4 updates#110
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/pip/web-framework-835a705822

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 26, 2026

Copy link
Copy Markdown
Contributor

Bumps the web-framework group with 4 updates in the / directory: fastapi, uvicorn, pydantic and pydantic-settings.

Updates fastapi from 0.135.2 to 0.136.1

Release notes

Sourced from fastapi's releases.

0.136.1

Upgrades

Internal

0.136.0

Upgrades

0.135.4

Refactors

Internal

0.135.3

... (truncated)

Commits

Updates uvicorn from 0.42.0 to 0.46.0

Release notes

Sourced from uvicorn's releases.

Version 0.46.0

What's Changed

Full Changelog: Kludex/uvicorn@0.45.0...0.46.0

Version 0.45.0

What's Changed

New Contributors

Full Changelog: Kludex/uvicorn@0.44.0...0.45.0

Version 0.44.0

What's Changed

Full Changelog: Kludex/uvicorn@0.43.0...0.44.0

Version 0.43.0

Changed

  • Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)
  • Use native context parameter for create_task on Python 3.11+ (#2859)
  • Drop cast in ASGI types (#2875)

Full Changelog: Kludex/uvicorn@0.42.0...0.43.0

Changelog

Sourced from uvicorn's changelog.

0.46.0 (April 23, 2026)

Added

  • Support ws_max_size in wsproto implementation (#2915)
  • Support ws_ping_interval and ws_ping_timeout in wsproto implementation (#2916)

Changed

  • Use bytearray for incoming WebSocket message buffer in websockets-sansio (#2917)

0.45.0 (April 21, 2026)

Added

  • Add --reset-contextvars flag to isolate ASGI request context (#2912)
  • Accept os.PathLike for log_config (#2905)
  • Accept log_level strings case-insensitively (#2907)

Changed

  • Revert "Emit http.disconnect on server shutdown for streaming responses" (#2913)
  • Revert "Explicitly start ASGI run with empty context" (#2911)

Fixed

  • Preserve forwarded client ports in proxy headers middleware (#2903)
  • Raise helpful ImportError when PyYAML is missing for YAML log config (#2906)

0.44.0 (April 6, 2026)

Added

  • Implement websocket keepalive pings for websockets-sansio (#2888)

0.43.0 (April 3, 2026)

You can quit Uvicorn now. We heard you, @​pamelafox - all 47 of your Ctrl+C's (thanks for flagging it, and thanks to @​tiangolo for the fix 🙏). See the tweet.

Changed

  • Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)
  • Use native context parameter for create_task on Python 3.11+ (#2859)
  • Drop cast in ASGI types (#2875)
Commits
  • b224045 Version 0.46.0 (#2918)
  • 7375b5b Use bytearray for incoming WebSocket message buffer in websockets-sansio (#...
  • d438fb1 Support ws_ping_interval and ws_ping_timeout in wsproto implementation ...
  • 3e6b964 Support ws_max_size in wsproto implementation (#2915)
  • 2c423bd Version 0.45.0 (#2914)
  • 7f027f8 Revert "Emit http.disconnect on server shutdown for streaming responses" (#...
  • 73a80c3 Add --reset-contextvars flag to isolate ASGI request context (#2912)
  • 45c0b56 Revert empty context for ASGI runs (#2911)
  • 850d926 Raise helpful ImportError when PyYAML is missing for YAML log config (#2906)
  • fdcacb4 Accept log_level strings case-insensitively (#2907)
  • Additional commits viewable in compare view

Updates pydantic from 2.12.5 to 2.13.3

Release notes

Sourced from pydantic's releases.

v2.13.3 2026-04-20

v2.13.3 (2026-04-20)

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.13.2...v2.13.3

v2.13.2 2026-04-17

v2.13.2 (2026-04-17)

What's Changed

Fixes

  • Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

Full Changelog: pydantic/pydantic@v2.13.1...v2.13.2

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.13.0...v2.13.1

v2.13.0 2026-04-13

v2.13.0 (2026-04-13)

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

Packaging

  • Add zizmor for GitHub Actions workflow linting by @​Viicos in #13039
  • Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by @​Viicos in #13064

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.13.3 (2026-04-20)

GitHub release

What's Changed

Fixes

v2.13.2 (2026-04-17)

GitHub release

What's Changed

Fixes

  • Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

v2.13.1 (2026-04-15)

GitHub release

What's Changed

Fixes

v2.13.0 (2026-04-13)

GitHub release

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

New Features

  • Allow default factories of private attributes to take validated model data by @​Viicos in #13013

Changes

... (truncated)

Commits
  • 9e9a111 Fix backported test
  • 1ec8c6a Prepare release v2.13.3
  • fb4f204 Handle AttributeError subclasses with from_attributes
  • ca3ddd1 Prepare release v2.13.2
  • 000e823 Fix ValidationInfo.field_name missing with model_validate_json()
  • d45d8be Prepare release 2.13.1
  • 54aca60 Fix ValidationInfo.data missing with model_validate_json()
  • 46bf4fa Fix Pydantic release workflow (#13067)
  • 1b359ed Prepare release v2.13.0 (#13065)
  • b1bf194 Fix model equality when using runtime extra configuration (#13062)
  • Additional commits viewable in compare view

Updates pydantic-settings from 2.13.1 to 2.14.0

Release notes

Sourced from pydantic-settings's releases.

v2.14.0

What's Changed

New Contributors

Full Changelog: pydantic/pydantic-settings@v2.13.1...v2.14.0

Commits
  • 8916bee Prepare release 2.14.0 (#848)
  • 39e551c Fix CLI descriptions lost under python -OO by falling back to `json_schema_...
  • 9ed7f48 Bump the python-packages group with 4 updates (#847)
  • 617c690 Fix cli_ignore_unknown_args=True not working on subcommands (#844)
  • 577c05f Add note about Mypy plugin for BaseSettings.__init__() (#842)
  • 2355bc5 Fix CliPositionalArg[list[CustomType]] crash for custom types (#839)
  • 16bd6fd Introduce zizmor (#838)
  • df8b239 Bump boto3 from 1.42.82 to 1.42.83 in the python-packages group (#837)
  • c5401a2 Introduce yamlfmt (#836)
  • 953e28e Bump the python-packages group with 3 updates (#833)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Summary by CodeRabbit

  • Chores
    • Updated dependency version constraints for fastapi and uvicorn to ensure stability and compatibility across specific version ranges.

…th 4 updates

Bumps the web-framework group with 4 updates in the / directory: [fastapi](https://github.com/fastapi/fastapi), [uvicorn](https://github.com/Kludex/uvicorn), [pydantic](https://github.com/pydantic/pydantic) and [pydantic-settings](https://github.com/pydantic/pydantic-settings).


Updates `fastapi` from 0.135.2 to 0.136.1
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.135.2...0.136.1)

Updates `uvicorn` from 0.42.0 to 0.46.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.42.0...0.46.0)

Updates `pydantic` from 2.12.5 to 2.13.3
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v2.12.5...v2.13.3)

Updates `pydantic-settings` from 2.13.1 to 2.14.0
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@v2.13.1...v2.14.0)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.136.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: web-framework
- dependency-name: uvicorn
  dependency-version: 0.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: web-framework
- dependency-name: pydantic
  dependency-version: 2.13.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: web-framework
- dependency-name: pydantic-settings
  dependency-version: 2.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: web-framework
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Apr 26, 2026

Copy link
Copy Markdown
Contributor Author

Assignees

The following users could not be added as assignees: YOUR_GITHUB_USERNAME. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: automerge-candidate, dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@coderabbitai

coderabbitai Bot commented Apr 26, 2026

Copy link
Copy Markdown
📝 Walkthrough

Walkthrough

Updated Poetry dependency version constraints in pyproject.toml. Replaced caret-based version pins for fastapi and uvicorn with explicit semver ranges that enforce minimum versions while capping maximum allowed versions. Uvicorn extras remain unchanged.

Changes

Cohort / File(s) Summary
Dependency Version Constraints
pyproject.toml
Updated fastapi from ^0.135.2 to explicit range capping below 0.137.0, and uvicorn from ^0.42.0 to explicit range capping below 0.47. Uvicorn ["standard"] extras preserved.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 Hoppity-hop, dependencies align,
Caret pins traded for ranges so fine,
FastAPI and Uvicorn, now tightly bound,
No runaway versions to come popping around!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name Status Explanation Resolution
Title check ❓ Inconclusive The title mentions bumping dependencies in the web-framework group, but the actual changes show version constraint modifications (caret pins replaced with explicit semver ranges), which is distinct from a standard version bump. Clarify whether this is a dependency version update or a constraint modification, or provide a more specific title that accurately describes the constraint changes being made.
✅ Passed checks (4 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/pip/web-framework-835a705822

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions

github-actions Bot commented Apr 26, 2026

Copy link
Copy Markdown

PR size is within recommended limits

@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant