Skip to content

deps(python)(deps): bump the python-minor-patch group with 6 updates#6

Merged
UnlimitedEdition merged 1 commit into
masterfrom
dependabot/pip/python-minor-patch-567f4e2977
Jun 2, 2026
Merged

deps(python)(deps): bump the python-minor-patch group with 6 updates#6
UnlimitedEdition merged 1 commit into
masterfrom
dependabot/pip/python-minor-patch-567f4e2977

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 1, 2026

Bumps the python-minor-patch group with 6 updates:

Package From To
fastapi 0.136.0 0.136.3
uvicorn 0.44.0 0.48.0
requests 2.33.1 2.34.2
pydantic 2.13.2 2.13.4
supabase 2.28.3 2.30.1
psycopg 3.3.3 3.3.4

Updates fastapi from 0.136.0 to 0.136.3

Release notes

Sourced from fastapi's releases.

0.136.3

Refactors

  • ♻️ Do not accept underscore headers when using convert_underscores=True (the default). PR #15589 by @​tiangolo.

0.136.2

Refactors

  • ♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR #15588 by @​tiangolo.

Docs

Translations

Internal

... (truncated)

Commits
  • 8206485 🔖 Release version 0.136.3
  • c910e01 📝 Update release notes
  • 063b5bf ♻️ Do not accept underscore headers when using convert_underscores=True (th...
  • 22b02e2 🔖 Release version 0.136.2
  • 3b252a2 📝 Update release notes
  • c7fb785 ♻️ Validate Server Sent Event fields to avoid applications from sending broke...
  • cb83b83 📝 Update release notes
  • 00f805c ✅ Update tests, don't double dispose the engine (#15587)
  • 3675137 📝 Update release notes
  • 7b57e42 📝 Document --entrypoint CLI option (#15464)
  • Additional commits viewable in compare view

Updates uvicorn from 0.44.0 to 0.48.0

Release notes

Sourced from uvicorn's releases.

Version 0.48.0

What's Changed

Full Changelog: Kludex/uvicorn@0.47.0...0.48.0

Version 0.47.0

What's Changed

Full Changelog: Kludex/uvicorn@0.46.0...0.47.0

Version 0.46.0

What's Changed

Full Changelog: Kludex/uvicorn@0.45.0...0.46.0

Version 0.45.0

What's Changed

New Contributors

Full Changelog: Kludex/uvicorn@0.44.0...0.45.0

Changelog

Sourced from uvicorn's changelog.

0.48.0 (May 24, 2026)

Changed

  • Default ssl_ciphers to None and use OpenSSL defaults (#2940)

Fixed

  • Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)

0.47.0 (May 14, 2026)

Added

  • Add ssl_context_factory for custom SSLContext configuration (#2920)

Changed

  • Eagerly import the ASGI app in the parent process (#2919)

Fixed

  • Treat fd=0 as a valid file descriptor with reload/workers (#2927)

0.46.0 (April 23, 2026)

Added

  • Support ws_max_size in wsproto implementation (#2915)
  • Support ws_ping_interval and ws_ping_timeout in wsproto implementation (#2916)

Changed

  • Use bytearray for incoming WebSocket message buffer in websockets-sansio (#2917)

0.45.0 (April 21, 2026)

Added

  • Add --reset-contextvars flag to isolate ASGI request context (#2912)
  • Accept os.PathLike for log_config (#2905)
  • Accept log_level strings case-insensitively (#2907)

Changed

  • Revert "Emit http.disconnect on server shutdown for streaming responses" (#2913)
  • Revert "Explicitly start ASGI run with empty context" (#2911)

Fixed

... (truncated)

Commits
  • 73e84e5 Version 0.48.0 (#2951)
  • 45ea116 Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)
  • dd4394c chore(deps): bump idna from 3.11 to 3.15 (#2941)
  • abe0781 Default ssl_ciphers to None and use OpenSSL defaults (#2940)
  • 479a2c0 Version 0.47.0 (#2937)
  • 89347fd Add 7-day cooldown for dependency resolution via uv exclude-newer (#2936)
  • 767315b Drop unused contents/actions permissions from zizmor workflow (#2935)
  • f25ee43 chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (#2933)
  • 8782666 Fix typo in docs/deployment/index.md. (#2932)
  • ad5ff87 Treat fd=0 as a valid file descriptor with reload/workers (#2927)
  • Additional commits viewable in compare view

Updates requests from 2.33.1 to 2.34.2

Release notes

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

v2.34.1

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13

v2.34.0

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The

... (truncated)

Changelog

Sourced from requests's changelog.

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
  • Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)
Commits

Updates pydantic from 2.13.2 to 2.13.4

Release notes

Sourced from pydantic's releases.

v2.13.4 2026-05-06

v2.13.4 (2026-05-06)

What's Changed

Packaging

Fixes

Full Changelog: pydantic/pydantic@v2.13.3...v2.13.4

v2.13.3 2026-04-20

v2.13.3 (2026-04-20)

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.13.2...v2.13.3

Changelog

Sourced from pydantic's changelog.

v2.13.4 (2026-05-06)

GitHub release

What's Changed

Packaging

Fixes

v2.13.3 (2026-04-20)

GitHub release

What's Changed

Fixes

Commits
  • cf67d4b Fix linting
  • f0d8a21 Prepare release v2.13.4
  • 5e3fe1d Check for pydantic tag pattern in CI
  • 7f9edcc Document tagging conventions
  • b46a0c9 Adapt pydantic-core linker flags on macOS
  • 50629c8 Update to PyPy 7.3.22
  • 8522ebb Preserve RootModel core metadata
  • a37f3af Adapt MISSING sentinel test to work with unreleased typing_extensions ver...
  • 909259a Remove Logfire example in documentation
  • 2c4174c Bump libc from 0.2.155 to 0.2.185
  • Additional commits viewable in compare view

Updates supabase from 2.28.3 to 2.30.1

Release notes

Sourced from supabase's releases.

v2.30.1

2.30.1 (2026-05-27)

Documentation

v2.30.0

2.30.0 (2026-05-06)

Features

  • auth: add current_password to UserAttributes (#1475) (13df40b)
  • postgrest: allow select() chaining on write builders (#1383) (3ed928c)
  • postgrest: use model_construct to avoid validating twice (#1484) (107bf4e)

v2.29.0

2.29.0 (2026-04-22)

Features

  • postgrest: add retry logic on cloudflare errors (#1449) (a282549)

Bug Fixes

  • storage: make signedURL an optional string (#1461) (611cdbb)
Changelog

Sourced from supabase's changelog.

2.30.1 (2026-05-27)

Documentation

2.30.0 (2026-05-06)

Features

  • auth: add current_password to UserAttributes (#1475) (13df40b)
  • postgrest: allow select() chaining on write builders (#1383) (3ed928c)
  • postgrest: use model_construct to avoid validating twice (#1484) (107bf4e)

2.29.0 (2026-04-22)

Features

  • postgrest: add retry logic on cloudflare errors (#1449) (a282549)

Bug Fixes

  • storage: make signedURL an optional string (#1461) (611cdbb)
Commits
  • 0431da6 chore(main): release 2.30.1 (#1501)
  • 4e7218a chore(deps): bump idna from 3.11 to 3.15 in the uv group across 1 directory (...
  • 25cf674 chore(deps): bump actions/stale from 10.2.0 to 10.3.0 (#1497)
  • 110d0d3 chore(deps): bump supabase/setup-cli from 2.0.0 to 2.1.1 (#1498)
  • 01377f7 docs: fix GitHub Issues link in CONTRIBUTING (#1493)
  • 7da964f chore(auth): update version of pyjwt (#1496)
  • 602765f chore(deps): bump actions/create-github-app-token from 3.1.1 to 3.2.0 (#1488)
  • f633b7e chore(main): release 2.30.0 (#1477)
  • 107bf4e feat(postgrest): use model_construct to avoid validating twice (#1484)
  • 3ed928c feat(postgrest): allow select() chaining on write builders (#1383)
  • Additional commits viewable in compare view

Updates psycopg from 3.3.3 to 3.3.4

Changelog

Sourced from psycopg's changelog.

.. currentmodule:: psycopg

.. index:: single: Release notes single: News

psycopg release notes

Future releases

Psycopg 3.3.5 (unreleased) ^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Discard prepared statements upon :sql:ALTER * or DISCARD * (:ticket:[#1307](https://github.com/psycopg/psycopg/issues/1307)).

Current release

Psycopg 3.3.4 ^^^^^^^^^^^^^

  • Fix possible spurious connection timeout in systems with very long uptimes in C extension (:ticket:[#1280](https://github.com/psycopg/psycopg/issues/1280)).
  • Fix client-side adaptation of enums whose name require quotes (:ticket:[#1298](https://github.com/psycopg/psycopg/issues/1298)).
  • Consistently populate ~Cursor.statusmessage after ~Cursor.executemany() (:ticket:[#1302](https://github.com/psycopg/psycopg/issues/1302)).

Psycopg 3.3.3 ^^^^^^^^^^^^^

  • Retain Error.pgconn when raising a single exception for multiple connection attempt errors (:ticket:[#1246](https://github.com/psycopg/psycopg/issues/1246)).
  • Return a proper error when server sends ErrorResponse for a Sync after a Parse (:ticket:[#1260](https://github.com/psycopg/psycopg/issues/1260)).

Psycopg 3.3.2 ^^^^^^^^^^^^^

Fix race condition in adapters at startup (:ticket:[#1230](https://github.com/psycopg/psycopg/issues/1230)).

Psycopg 3.3.1 ^^^^^^^^^^^^^

... (truncated)

Commits
  • 83f1103 chore: bump psycopg_pool package version to 3.3.1
  • 1828770 chore: bump psycopg package version to 3.3.4
  • 8be14bb Merge pull request #1301 from oliverhaas/fix/sync-pool-open-race
  • aee0bf2 fix(pool): fix race in the construction of the sync ConnectionPool lock
  • bc4d303 chore(deps): bump the actions group across 1 directory with 4 updates
  • 785379f fix: retain statusmessage after executemany with returning=False
  • 8882a73 perf: do less if X in Y: return Y[X] for cache-like patterns
  • 2f78539 Merge pull request #1299 from dvarrazzo/fix-camel-enum
  • 37ef1dc test: skip test on crdb depending on precise regtype behaviour
  • 7f2f1d1 fix: fix client-side representation of enums requiring quotes
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps(python)(deps): bump the python-minor-patch group with 6 updates
4ad85c6 
Bumps the python-minor-patch group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [fastapi](https://github.com/fastapi/fastapi) | `0.136.0` | `0.136.3` |
| [uvicorn](https://github.com/Kludex/uvicorn) | `0.44.0` | `0.48.0` |
| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |
| [pydantic](https://github.com/pydantic/pydantic) | `2.13.2` | `2.13.4` |
| [supabase](https://github.com/supabase/supabase-py) | `2.28.3` | `2.30.1` |
| [psycopg](https://github.com/psycopg/psycopg) | `3.3.3` | `3.3.4` |


Updates `fastapi` from 0.136.0 to 0.136.3
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.136.0...0.136.3)

Updates `uvicorn` from 0.44.0 to 0.48.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.44.0...0.48.0)

Updates `requests` from 2.33.1 to 2.34.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.33.1...v2.34.2)

Updates `pydantic` from 2.13.2 to 2.13.4
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v2.13.2...v2.13.4)

Updates `supabase` from 2.28.3 to 2.30.1
- [Release notes](https://github.com/supabase/supabase-py/releases)
- [Changelog](https://github.com/supabase/supabase-py/blob/main/CHANGELOG.md)
- [Commits](supabase/supabase-py@v2.28.3...v2.30.1)

Updates `psycopg` from 3.3.3 to 3.3.4
- [Changelog](https://github.com/psycopg/psycopg/blob/master/docs/news.rst)
- [Commits](psycopg/psycopg@3.3.3...3.3.4)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.136.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: uvicorn
  dependency-version: 0.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor-patch
- dependency-name: requests
  dependency-version: 2.34.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor-patch
- dependency-name: pydantic
  dependency-version: 2.13.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: supabase
  dependency-version: 2.30.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor-patch
- dependency-name: psycopg
  dependency-version: 3.3.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Jun 1, 2026

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@UnlimitedEdition UnlimitedEdition merged commit 4ea7bd4 into master Jun 2, 2026
2 of 5 checks passed
@UnlimitedEdition UnlimitedEdition deleted the dependabot/pip/python-minor-patch-567f4e2977 branch June 2, 2026 05:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@UnlimitedEdition UnlimitedEdition UnlimitedEdition approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@UnlimitedEdition