Skip to content

Bump the all group across 1 directory with 8 updates#57

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/all-c397370c82
Closed

Bump the all group across 1 directory with 8 updates#57
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/all-c397370c82

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps the all group with 8 updates in the / directory:

Package From To
fastapi 0.135.3 0.136.3
rio-tiler 9.0.4 9.1.1
pytest 9.0.2 9.0.3
pytest-asyncio 1.3.0 1.4.0
requests 2.33.1 2.34.2
vsifile 0.5.1 0.6.0
pre-commit 4.5.1 4.6.0
hatch 1.16.5 1.17.0

Updates fastapi from 0.135.3 to 0.136.3

Release notes

Sourced from fastapi's releases.

0.136.3

Refactors

  • ♻️ Do not accept underscore headers when using convert_underscores=True (the default). PR #15589 by @​tiangolo.

0.136.2

Refactors

  • ♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR #15588 by @​tiangolo.

Docs

Translations

Internal

... (truncated)

Commits
  • 8206485 🔖 Release version 0.136.3
  • c910e01 📝 Update release notes
  • 063b5bf ♻️ Do not accept underscore headers when using convert_underscores=True (th...
  • 22b02e2 🔖 Release version 0.136.2
  • 3b252a2 📝 Update release notes
  • c7fb785 ♻️ Validate Server Sent Event fields to avoid applications from sending broke...
  • cb83b83 📝 Update release notes
  • 00f805c ✅ Update tests, don't double dispose the engine (#15587)
  • 3675137 📝 Update release notes
  • 7b57e42 📝 Document --entrypoint CLI option (#15464)
  • Additional commits viewable in compare view

Updates rio-tiler from 9.0.4 to 9.1.1

Release notes

Sourced from rio-tiler's releases.

9.1.1

What's Changed

Full Changelog: cogeotiff/rio-tiler@9.1.0...9.1.1

9.1.0

What's Changed

Full Changelog: cogeotiff/rio-tiler@9.0.6...9.1.0

9.0.6

What's Changed

Full Changelog: cogeotiff/rio-tiler@9.0.5...9.0.6

9.0.5

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from rio-tiler's changelog.

9.1.1 (2026-06-03)

  • fix: reduce memory usage in ImageData.get_coverage_array method

9.1.0 (2026-06-01)

  • change: rio_tiler.experimental.zarr.ZarrReader -> rio_tiler.experimental._zarr.ZarrReader
  • change: rio_tiler.experimental._async -> rio_tiler.experimental.geotiff
  • change: rio_tiler.experimental._async.AsyncBaseReader -> rio_tiler.io.base.AsyncBaseReader
  • change: rio_tiler.experimental._async.warp -> rio_tiler._warp.warp
  • change: rio_tiler.io.xarray.MAX_ARRAY_SIZE -> rio_tiler.constant.MAX_ARRAY_SIZE
  • change: async -> geotiff optional-dependencies
  • change: rio_tiler.io.stac.STAC_ALTERNATE_KEY -> rio_tiler.constant.STAC_ALTERNATE_KEY
  • change: move from httpx to httpx2
  • add: rio_tiler.experimental.zarr.Reader (async zarr-python reader)
  • add: rio_tiler.experimental.zarr.GeoZarrReader (async zarr-python reader for GeoZAR/EOPF product)
  • add: rio_tiler.io.base.AsyncMultiBaseReader abc class
  • add: rio_tiler.experimental.async_stac.AsyncSTACReader
  • add: rio_tiler.mosaic.reader.async_mosaic_reader
  • add: rio_tiler.mosaic.backend.AsyncBaseBackend
  • add: SumMethod to rio_tiler.mosaic.methods.defaults
  • add: rio_tiler.experimental.xarray.GeoArrayReader reader for geospatial xarray DataArray with Zarr conventions
  • fix: better expression validation

9.0.6 (2026-04-08)

  • fix: typing-extensions dependency for python <3.15

9.0.5 (2026-04-02)

  • fix: incorect default band descriptions expression
Commits

Updates pytest from 9.0.2 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

  • #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

  • #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

    Previously this resulted in an internal assertion failure during plugin loading.

    Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

  • #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

  • #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

  • #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

  • #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
  • #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
  • #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
  • #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

  • #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

    -- by aleguy02

Commits

Updates pytest-asyncio from 1.3.0 to 1.4.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio v1.4.0

1.4.0 - 2026-05-26

Deprecated

  • Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

  • Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

    The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged.

    Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

  • Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
  • Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)
  • Updated minimum supported pytest version to v8.4.0. (#1397)

Fixed

  • Fixed a ResourceWarning: unclosed event loop warning that could occur when a synchronous test called asyncio.run() or otherwise unset the current event loop after pytest-asyncio had run an async test or fixture. (#724)

Notes for Downstream Packagers

  • Added dependency on sphinx-tabs >= 3.5 to organize documentation examples into tabs. (#1395)

pytest-asyncio v1.4.0a2

1.4.0a2 - 2026-05-02

Deprecated

  • Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

  • Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

    The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged on pytest 8.4+.

    Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

  • Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
  • Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)

... (truncated)

Commits
  • 6e14cd2 chore: Prepare release of v1.4.0.
  • 4b900fb Build(deps): Bump codecov/codecov-action from 6.0.0 to 6.0.1
  • ab9f632 Build(deps): Bump zipp from 3.23.1 to 4.1.0
  • a56fc77 Build(deps): Bump hypothesis from 6.152.6 to 6.152.8
  • e8bae9b Build(deps): Bump requests from 2.34.0 to 2.34.2
  • fc43340 Build(deps): Bump idna from 3.14 to 3.15
  • 762eaf5 Build(deps): Bump jaraco-functools from 4.4.0 to 4.5.0
  • b62e222 Build(deps): Bump click from 8.3.3 to 8.4.0
  • 9190447 Build(deps): Bump pydantic from 2.13.3 to 2.13.4
  • 82a393c ci: Remove unnecessary debug output.
  • Additional commits viewable in compare view

Updates requests from 2.33.1 to 2.34.2

Release notes

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

v2.34.1

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

New Contributors

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13

v2.34.0

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The

... (truncated)

Changelog

Sourced from requests's changelog.

2.34.2 (2026-05-14)

  • Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

2.34.1 (2026-05-13)

Bugfixes

  • Widened json input type from dict and list to Mapping and Sequence. (#7436)
  • Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
  • Response.reason moved from str | None to str to improve handling for users. (#7437)
  • Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

2.34.0 (2026-05-11)

Announcements

  • Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

    Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

  • Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
  • Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
  • Requests added support for Python 3.14t. (#7419)

Bugfixes

  • Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
  • Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
  • Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)
Commits

Updates vsifile from 0.5.1 to 0.6.0

Release notes

Sourced from vsifile's releases.

0.6.0

What's Changed

Full Changelog: vincentsarago/vsifile@0.5.1...0.6.0

Changelog

Sourced from vsifile's changelog.

0.6.0 (2026-05-28)

  • switch to httpx2
  • update Obstore requirements to >=0.6,<0.9
Commits

Updates pre-commit from 4.5.1 to 4.6.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.6.0

Features

  • pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.

Fixes

Changelog

Sourced from pre-commit's changelog.

4.6.0 - 2026-04-21

Features

  • pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.

Fixes

Commits
  • f35134b v4.6.0
  • 2a51ffc Merge pull request #3662 from pre-commit/hook-impl-optional-hook-dir
  • d7dee32 make --hook-dir optional for hook-impl
  • 965aeb1 Merge pull request #3661 from pre-commit/hook-impl-required
  • 2eacc06 --hook-type is required for hook-impl
  • f5678bf Merge pull request #3657 from pre-commit/pre-commit-ci-update-config
  • 054cc5b [pre-commit.ci] pre-commit autoupdate
  • 5c0f302 Merge pull request #3652 from pre-commit/pre-commit-ci-update-config
  • a5d9114 [pre-commit.ci] pre-commit autoupdate
  • 129a1f5 Merge pull request #3641 from pre-commit/mxr-patch-1
  • Additional commits viewable in compare view

Updates hatch from 1.16.5 to 1.17.0

Release notes

Sourced from hatch's releases.

Hatchling v1.17.0

Added:

  • The app build target now embeds the project version in the name of binaries

Hatch v1.17.0

Changed:

  • The hatch fmt command is now deprecated in favor of the new hatch check command group
  • Migrate HTTP client from httpx to httpx2

Added:

  • Add hatch check command group with subcommands for check code (linting), check fmt (formatting), and check types (type checking)
  • Add hatch check types command for type checking using Pyrefly, with --summarize and --cover flags
  • Add hatch env lock command to generate PEP 751 compliant lockfiles (pylock.toml) for environments
  • Add hatch dep lock and hatch lock commands as shortcuts for locking the active environment
  • Add hatch dep sync command for syncing dependencies from a lockfile
  • Add pluggable dependency locker interface with built-in UV and pip implementations
  • Add --cover-xml and --cover-xml-output flags to the hatch test command for generating XML coverage reports
  • Add linehaul telemetry data to User-Agent header for PyPI download statistics
  • Auto-create environment when locking if it doesn't exist

Fixed:

  • Fix help output formatting for the run command
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the all group across 1 directory with 8 updates
be02af9 
Bumps the all group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [fastapi](https://github.com/fastapi/fastapi) | `0.135.3` | `0.136.3` |
| [rio-tiler](https://github.com/cogeotiff/rio-tiler) | `9.0.4` | `9.1.1` |
| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |
| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `1.3.0` | `1.4.0` |
| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |
| [vsifile](https://github.com/vincentsarago/vsifile) | `0.5.1` | `0.6.0` |
| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.5.1` | `4.6.0` |
| [hatch](https://github.com/pypa/hatch) | `1.16.5` | `1.17.0` |



Updates `fastapi` from 0.135.3 to 0.136.3
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.135.3...0.136.3)

Updates `rio-tiler` from 9.0.4 to 9.1.1
- [Release notes](https://github.com/cogeotiff/rio-tiler/releases)
- [Changelog](https://github.com/cogeotiff/rio-tiler/blob/main/CHANGES.md)
- [Commits](cogeotiff/rio-tiler@9.0.4...9.1.1)

Updates `pytest` from 9.0.2 to 9.0.3
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.0.2...9.0.3)

Updates `pytest-asyncio` from 1.3.0 to 1.4.0
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](pytest-dev/pytest-asyncio@v1.3.0...v1.4.0)

Updates `requests` from 2.33.1 to 2.34.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.33.1...v2.34.2)

Updates `vsifile` from 0.5.1 to 0.6.0
- [Release notes](https://github.com/vincentsarago/vsifile/releases)
- [Changelog](https://github.com/vincentsarago/vsifile/blob/main/CHANGES.md)
- [Commits](vincentsarago/vsifile@0.5.1...0.6.0)

Updates `pre-commit` from 4.5.1 to 4.6.0
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md)
- [Commits](pre-commit/pre-commit@v4.5.1...v4.6.0)

Updates `hatch` from 1.16.5 to 1.17.0
- [Release notes](https://github.com/pypa/hatch/releases)
- [Commits](pypa/hatch@hatch-v1.16.5...hatch-v1.17.0)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.136.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: rio-tiler
  dependency-version: 9.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: pytest
  dependency-version: 9.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pytest-asyncio
  dependency-version: 1.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: requests
  dependency-version: 2.34.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: vsifile
  dependency-version: 0.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: pre-commit
  dependency-version: 4.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: hatch
  dependency-version: 1.17.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 15, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/uv/all-c397370c82 branch June 16, 2026 09:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vincentsarago