Bump the python-packages group across 1 directory with 12 updates #305

dependabot · 2026-01-30T20:44:34Z

Bumps the python-packages group with 12 updates in the /plotting-service directory:

Package	From	To
fastapi[all]	`0.116.1`	`0.128.0`
pydantic	`2.11.7`	`2.12.5`
uvicorn	`0.35.0`	`0.40.0`
pyjwt	`2.10.1`	`2.11.0`
requests	`2.32.4`	`2.32.5`
pillow	`11.0.0`	`12.1.0`
ruff	`0.12.3`	`0.14.14`
mypy	`1.17.0`	`1.19.1`
types-requests	`2.32.4.20250611`	`2.32.4.20260107`
pytest	`8.4.1`	`9.0.2`
pytest-cov	`6.2.1`	`7.0.0`
pytest-asyncio	`1.1.0`	`1.3.0`

Updates fastapi[all] from 0.116.1 to 0.128.0

Release notes

Sourced from fastapi[all]'s releases.

0.128.0

Breaking Changes

➖ Drop support for pydantic.v1. PR #14609 by @tiangolo.

Internal

✅ Run performance tests only on Pydantic v2. PR #14608 by @tiangolo.

0.127.1

Refactors

🔊 Add a custom FastAPIDeprecationWarning. PR #14605 by @tiangolo.

Docs

📝 Add documentary to website. PR #14600 by @tiangolo.

Translations

🌐 Update translations for de (update-outdated). PR #14602 by @nilslindemann.

🌐 Update translations for de (update-outdated). PR #14581 by @nilslindemann.

Internal

🔧 Update pre-commit to use local Ruff instead of hook. PR #14604 by @tiangolo.

✅ Add missing tests for code examples. PR #14569 by @YuriiMotov.

👷 Remove lint job from test CI workflow. PR #14593 by @YuriiMotov.

👷 Update secrets check. PR #14592 by @tiangolo.

👷 Run CodSpeed tests in parallel to other tests to speed up CI. PR #14586 by @tiangolo.

🔨 Update scripts and pre-commit to autofix files. PR #14585 by @tiangolo.

0.127.0

Breaking Changes

🔊 Add deprecation warnings when using pydantic.v1. PR #14583 by @tiangolo.

Translations

🔧 Add LLM prompt file for Korean, generated from the existing translations. PR #14546 by @tiangolo.

🔧 Add LLM prompt file for Japanese, generated from the existing translations. PR #14545 by @tiangolo.

Internal

⬆️ Upgrade OpenAI model for translations to gpt-5.2. PR #14579 by @tiangolo.

0.126.0

Upgrades

➖ Drop support for Pydantic v1, keeping short temporary support for Pydantic v2's pydantic.v1. PR #14575 by @tiangolo.

... (truncated)

Commits

8322a44 🔖 Release version 0.128.0
4b2cfcf 📝 Update release notes
e300630 ➖ Drop support for pydantic.v1 (#14609)
1b3bea8 📝 Update release notes
34e8841 ✅ Run performance tests only on Pydantic v2 (#14608)
cd90c78 🔖 Release version 0.127.1
93f4dfd 📝 Update release notes
535b5da 🔊 Add a custom FastAPIDeprecationWarning (#14605)
6b53786 📝 Update release notes
d98f4eb 🔧 Update pre-commit to use local Ruff instead of hook (#14604)
Additional commits viewable in compare view

Updates pydantic from 2.11.7 to 2.12.5

Release notes

Sourced from pydantic's releases.

v2.12.5 2025-11-26

v2.12.5 (2025-11-26)

This is the fifth 2.12 patch release, addressing an issue with the MISSING sentinel and providing several documentation improvements.

The next 2.13 minor release will be published in a couple weeks, and will include a new polymorphic serialization feature addressing the remaining unexpected changes to the serialize as any behavior.

Fix pickle error when using model_construct() on a model with MISSING as a default value by @ornariece in #12522.

Several updates to the documentation by @Viicos.

Full Changelog: pydantic/pydantic@v2.12.4...v2.12.5

v2.12.4 2025-11-05

v2.12.4 (2025-11-05)

This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.

This patch release also fixes an issue with the serialization of IP address types, when serialize_as_any is used. The next patch release will try to address the remaining issues with serialize as any behavior by introducing a new polymorphic serialization feature, that should be used in most cases in place of serialize as any.

Fix issue with forward references in parent TypedDict classes by @Viicos in #12427.

This issue is only relevant on Python 3.14 and greater.

Exclude fields with exclude_if from JSON Schema required fields by @Viicos in #12430

Revert URL percent-encoding of credentials in the build() method of the AnyUrl and Dsn types by @davidhewitt in pydantic-core#1833.

This was initially considered as a bugfix, but caused regressions and as such was fully reverted. The next release will include an opt-in option to percent-encode components of the URL.

Add type inference for IP address types by @davidhewitt in pydantic-core#1868.

The 2.12 changes to the serialize_as_any behavior made it so that IP address types could not properly serialize to JSON.

Avoid getting default values from defaultdict by @davidhewitt in pydantic-core#1853.

This fixes a subtle regression in the validation behavior of the collections.defaultdict type.

Fix issue with field serializers on nested typed dictionaries by @davidhewitt in pydantic-core#1879.

Add more pydantic-core builds for the three-threaded version of Python 3.14 by @davidhewitt in pydantic-core#1864.

Full Changelog: pydantic/pydantic@v2.12.3...v2.12.4

v2.12.3 2025-10-17

v2.12.3 (2025-10-17)

What's Changed

This is the third 2.13 patch release, fixing issues related to the FieldInfo class, and reverting a change to the supported after model validator function signatures.

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.12.5 (2025-11-26)

GitHub release

This is the fifth 2.12 patch release, addressing an issue with the MISSING sentinel and providing several documentation improvements.

The next 2.13 minor release will be published in a couple weeks, and will include a new polymorphic serialization feature addressing the remaining unexpected changes to the serialize as any behavior.

Fix pickle error when using model_construct() on a model with MISSING as a default value by @ornariece in #12522.

Several updates to the documentation by @Viicos.

v2.12.4 (2025-11-05)

GitHub release

This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.

This patch release also fixes an issue with the serialization of IP address types, when serialize_as_any is used. The next patch release will try to address the remaining issues with serialize as any behavior by introducing a new polymorphic serialization feature, that should be used in most cases in place of serialize as any.

Fix issue with forward references in parent TypedDict classes by @Viicos in #12427.

This issue is only relevant on Python 3.14 and greater.

Exclude fields with exclude_if from JSON Schema required fields by @Viicos in #12430

Revert URL percent-encoding of credentials in the build() method of the AnyUrl and Dsn types by @davidhewitt in pydantic-core#1833.

This was initially considered as a bugfix, but caused regressions and as such was fully reverted. The next release will include an opt-in option to percent-encode components of the URL.

Add type inference for IP address types by @davidhewitt in pydantic-core#1868.

The 2.12 changes to the serialize_as_any behavior made it so that IP address types could not properly serialize to JSON.

Avoid getting default values from defaultdict by @davidhewitt in pydantic-core#1853.

This fixes a subtle regression in the validation behavior of the collections.defaultdict type.

Fix issue with field serializers on nested typed dictionaries by @davidhewitt in pydantic-core#1879.

Add more pydantic-core builds for the three-threaded version of Python 3.14 by @davidhewitt in pydantic-core#1864.

v2.12.3 (2025-10-17)

GitHub release

... (truncated)

Commits

bd2d0dd Prepare release v2.12.5
7d0302e Document security implications when using create_model()
e9ef980 Fix typo in Standard Library Types documentation
f2c20c0 Add pydantic-docs dev dependency, make use of versioning blocks
a76c1aa Update documentation about JSON Schema
8cbc72c Add documentation about custom __init__()
99eba59 Add additional test for FieldInfo.get_default()
c710769 Special case MISSING sentinel in smart_deepcopy()
20a9d77 Do not delete mock validator/serializer in rebuild_dataclass()
c86515a Update parts of the model and revalidate_instances documentation
Additional commits viewable in compare view

Updates uvicorn from 0.35.0 to 0.40.0

Release notes

Sourced from uvicorn's releases.

Version 0.40.0

What's Changed

Drop Python 3.9 by @Kludex in Kludex/uvicorn#2772

Full Changelog: Kludex/uvicorn@0.39.0...0.40.0

Version 0.39.0

What's Changed

explicitly start ASGI run with empty context by @pmeier in Kludex/uvicorn#2742

fix(websockets): Send close frame on ASGI return by @Kludex in Kludex/uvicorn#2769

New Contributors

@pmeier made their first contribution in Kludex/uvicorn#2742

Full Changelog: Kludex/uvicorn@0.38.0...0.39.0

Version 0.38.0

What's Changed

Support Python 3.14 by @Kludex in Kludex/uvicorn#2723

New Contributors

@NGANAMODEIJunior made their first contribution in Kludex/uvicorn#2713

Full Changelog: Kludex/uvicorn@0.37.0...0.38.0

Version 0.37.0

What's Changed

Add --timeout-worker-healthcheck setting by @Kludex in Kludex/uvicorn#2711

Add os.PathLike[str] type to ssl_ca_certs by @rnv812 in Kludex/uvicorn#2676

New Contributors

@LincolnPuzey made their first contribution in Kludex/uvicorn#2669

@rnv812 made their first contribution in Kludex/uvicorn#2676

Full Changelog: Kludex/uvicorn@0.36.1...0.37.0

Version 0.36.1

What's Changed

Raise an exception when calling removed Config.setup_event_loop() by @Kludex in Kludex/uvicorn#2709

Full Changelog: Kludex/uvicorn@0.36.0...0.36.1

Version 0.36.0

Added

Support custom IOLOOPs by @gnir-work in Kludex/uvicorn#2435

... (truncated)

Changelog

Sourced from uvicorn's changelog.

0.40.0 (December 21, 2025)

Remove

Drop support for Python 3.9 (#2772)

0.39.0 (December 21, 2025)

Fixed

Send close frame on ASGI return for WebSockets (#2769)

Explicitly start ASGI run with empty context (#2742)

0.38.0 (October 18, 2025)

Added

Support Python 3.14 (#2723)

0.37.0 (September 23, 2025)

Added

Add --timeout-worker-healthcheck option (#2711)

Add os.PathLike[str] type to ssl_ca_certs (#2676)

0.36.1 (September 23, 2025)

Fixed

Raise an exception when calling removed Config.setup_event_loop() (#2709)

0.36.0 (September 20, 2025)

Added

Support custom IOLOOPs (#2435)

Allow to provide importable string in --http, --ws and --loop (#2658)

Commits

9ff6004 Version 0.40.0 (#2773)
19df042 Drop Python 3.9 (#2772)
865ce7c Run strict mypy on test suite (#2771)
4f40b84 Version 0.39.0 (#2770)
5692dfc fix(websockets): Send close frame on ASGI return (#2769)
4194764 chore(deps): bump the github-actions group with 2 updates (#2763)
d94bf28 explicitly start ASGI run with empty context (#2742)
8ae0bcb chore(deps): bump the github-actions group with 2 updates (#2748)
4744ff9 Add groups configuration for GitHub Actions (#2747)
0391372 chore(deps): bump astral-sh/setup-uv from 6.8.0 to 7.1.2 (#2746)
Additional commits viewable in compare view

Updates pyjwt from 2.10.1 to 2.11.0

Release notes

Sourced from pyjwt's releases.

2.11.0

What's Changed

Fixed type error in comment by @shuhaib-aot in jpadilla/pyjwt#1026

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1018

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1033

Make note of use of leeway with nbf by @djw8605 in jpadilla/pyjwt#1034

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1035

Fixes #964: Validate key against allowed types for Algorithm family by @pachewise in jpadilla/pyjwt#985

Feat #1024: Add iterator for PyJWKSet by @pachewise in jpadilla/pyjwt#1041

Fixes #1039: Add iss, issuer type checks by @pachewise in jpadilla/pyjwt#1040

Fixes #660: Improve typing/logic for options in decode, decode_complete; Improve docs by @pachewise in jpadilla/pyjwt#1045

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1042

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1052

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1053

Fix #1022: Map algorithm=None to "none" by @qqii in jpadilla/pyjwt#1056

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1055

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1058

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1060

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1061

Fixes #1047: Correct PyJWKClient.get_signing_key_from_jwt annotation by @khvn26 in jpadilla/pyjwt#1048

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1062

Fixed doc string typo in _validate_jti() function #1063 by @kuldeepkhatke in jpadilla/pyjwt#1064

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1065

Update SECURITY.md by @auvipy in jpadilla/pyjwt#1057

Typing fix: use float instead of int for lifespan and timeout by @nikitagashkov in jpadilla/pyjwt#1068

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1067

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1071

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1076

Fix TYP header documentation by @fobiasmog in jpadilla/pyjwt#1046

doc: Document claims sub and jti by @cleder in jpadilla/pyjwt#1088

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1077

Bump actions/setup-python from 5 to 6 by @dependabot[bot] in jpadilla/pyjwt#1089

Bump actions/stale from 8 to 10 by @dependabot[bot] in jpadilla/pyjwt#1090

Bump actions/checkout from 4 to 5 by @dependabot[bot] in jpadilla/pyjwt#1083

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1091

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1093

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1096

Resolve package build warnings by @kurtmckee in jpadilla/pyjwt#1105

Support Python 3.14, and test against PyPy 3.10+ by @kurtmckee in jpadilla/pyjwt#1104

Fix a SyntaxWarning caused by invalid escape sequences by @kurtmckee in jpadilla/pyjwt#1103

Standardize CHANGELOG links to PRs by @kurtmckee in jpadilla/pyjwt#1110

Migrate from pep517, which is deprecated, to build by @kurtmckee in jpadilla/pyjwt#1108

Fix incorrectly-named test suite function by @kurtmckee in jpadilla/pyjwt#1116

Fix Read the Docs builds by @kurtmckee in jpadilla/pyjwt#1111

Bump actions/download-artifact from 4 to 6 by @dependabot[bot] in jpadilla/pyjwt#1118

Escalate test suite warnings to errors by @kurtmckee in jpadilla/pyjwt#1107

Add pyupgrade as a pre-commit hook by @kurtmckee in jpadilla/pyjwt#1109

Simplify the test suite decorators by @kurtmckee in jpadilla/pyjwt#1113

Improve coverage config and eliminate unused test suite code by @kurtmckee in jpadilla/pyjwt#1115

Build a shared wheel once in the test suite by @kurtmckee in jpadilla/pyjwt#1114

... (truncated)

Changelog

Sourced from pyjwt's changelog.

v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0>__

Fixed
- Enforce ECDSA curve validation per RFC 7518 Section 3.4.
- Fix build system warnings by @kurtmckee in `[#1105](https://github.com/jpadilla/pyjwt/issues/1105) <https://github.com/jpadilla/pyjwt/pull/1105>`__
- Validate key against allowed types for Algorithm family in `[#964](https://github.com/jpadilla/pyjwt/issues/964) <https://github.com/jpadilla/pyjwt/pull/964>`__
- Add iterator for JWKSet in `[#1041](https://github.com/jpadilla/pyjwt/issues/1041) <https://github.com/jpadilla/pyjwt/pull/1041>`__
- Validate `iss` claim is a string during encoding and decoding by @pachewise in `[#1040](https://github.com/jpadilla/pyjwt/issues/1040) <https://github.com/jpadilla/pyjwt/pull/1040>`__
- Improve typing/logic for `options` in decode, decode_complete by @pachewise in `[#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045>`__
- Declare float supported type for lifespan and timeout by @nikitagashkov in `[#1068](https://github.com/jpadilla/pyjwt/issues/1068) <https://github.com/jpadilla/pyjwt/pull/1068>`__
- Fix ``SyntaxWarning``\s/``DeprecationWarning``\s caused by invalid escape sequences by @kurtmckee in `[#1103](https://github.com/jpadilla/pyjwt/issues/1103) <https://github.com/jpadilla/pyjwt/pull/1103>`__
- Development: Build a shared wheel once to speed up test suite setup times by @kurtmckee in `[#1114](https://github.com/jpadilla/pyjwt/issues/1114) <https://github.com/jpadilla/pyjwt/pull/1114>`__
- Development: Test type annotations across all supported Python versions,
  increase the strictness of the type checking, and remove the mypy pre-commit hook
  by @kurtmckee in `[#1112](https://github.com/jpadilla/pyjwt/issues/1112) <https://github.com/jpadilla/pyjwt/pull/1112>`__
Added
Support Python 3.14, and test against PyPy 3.10 and 3.11 by @kurtmckee in [#1104](https://github.com/jpadilla/pyjwt/issues/1104) <https://github.com/jpadilla/pyjwt/pull/1104>__

Development: Migrate to build to test package building in CI by @kurtmckee in [#1108](https://github.com/jpadilla/pyjwt/issues/1108) <https://github.com/jpadilla/pyjwt/pull/1108>__

Development: Improve coverage config and eliminate unused test suite code by @kurtmckee in [#1115](https://github.com/jpadilla/pyjwt/issues/1115) <https://github.com/jpadilla/pyjwt/pull/1115>__

Docs: Standardize CHANGELOG links to PRs by @kurtmckee in [#1110](https://github.com/jpadilla/pyjwt/issues/1110) <https://github.com/jpadilla/pyjwt/pull/1110>__

Docs: Fix Read the Docs builds by @kurtmckee in [#1111](https://github.com/jpadilla/pyjwt/issues/1111) <https://github.com/jpadilla/pyjwt/pull/1111>__

Docs: Add example of using leeway with nbf by @djw8605 in [#1034](https://github.com/jpadilla/pyjwt/issues/1034) <https://github.com/jpadilla/pyjwt/pull/1034>__

Docs: Refactored docs with autodoc; added PyJWS and jwt.algorithms docs by @pachewise in [#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045>__

Docs: Documentation improvements for "sub" and "jti" claims by @cleder in [#1088](https://github.com/jpadilla/pyjwt/issues/1088) <https://github.com/jpadilla/pyjwt/pull/1088>__

Development: Add pyupgrade as a pre-commit hook by @kurtmckee in [#1109](https://github.com/jpadilla/pyjwt/issues/1109) <https://github.com/jpadilla/pyjwt/pull/1109>__

Add minimum key length validation for HMAC and RSA keys (CWE-326). Warns by default via InsecureKeyLengthWarning when keys are below minimum recommended lengths per RFC 7518 Section 3.2 (HMAC) and NIST SP 800-131A (RSA). Pass enforce_minimum_key_length=True in options to PyJWT or PyJWS to raise InvalidKeyError instead.

Refactor PyJWT to own an internal PyJWS instance instead of calling global api_jws functions.

Commits

697344d bump up version
e4d0aec fix: pre-commit
df9a6a0 fix: failing test
2b2e53c fix: docs
635c8d8 fix: failing mypy
96ae356 feat: add minimum key length validation for HMAC and RSA
5b86227 fix: enforce ECDSA curve validation per RFC 7518 Section 3.4
04947d7 Bump actions/download-artifact from 6 to 7 (#1125)
dd44834 Fix leeway value in usage documentation (#1124)
407f0bd Thoroughly test type annotations, and resolve errors (#1112)
Additional commits viewable in compare view

Updates requests from 2.32.4 to 2.32.5

Release notes

Sourced from requests's releases.

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

Changelog

Sourced from requests's changelog.

2.32.5 (2025-08-18)

Bugfixes

The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

Added support for Python 3.14.

Dropped support for Python 3.8 following its end of support.

Commits

b25c87d v2.32.5
131e506 Merge pull request #7010 from psf/dependabot/github_actions/actions/checkout-...
b336cb2 Bump actions/checkout from 4.2.0 to 5.0.0
46e939b Update publish workflow to use artifact-id instead of name
4b9c546 Merge pull request #6999 from psf/dependabot/github_actions/step-security/har...
7618dbe Bump step-security/harden-runner from 2.12.0 to 2.13.0
2edca11 Add support for Python 3.14 and drop support for Python 3.8 (#6993)
fec96cd Update Makefile rules (#6996)
d58d8aa docs: clarify timeout parameter uses seconds in Session.request (#6994)
91a3eab Bump github/codeql-action from 3.28.5 to 3.29.0
Additional commits viewable in compare view

Updates pillow from 11.0.0 to 12.1.0

Release notes

Sourced from pillow's releases.

12.1.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html

Deprecations

Deprecate getdata(), in favour of new get_flattened_data() #9292 [@radarhere]

Documentation

Specify APNG duration type when opening #9368 [@radarhere]

Added release notes for #9350 #9366 [@radarhere]

Update ImageMorph documentation #9349 [@radarhere]

Docs: update major bump cadence #9334 [@hugovk]

Add release notes for #9070 #9320 [@radarhere]

Updated Ubuntu version #9306 [@radarhere]

Update macOS tested Pillow versions #9265 [@radarhere]

Dependencies

Update harfbuzz to 12.3.0 #9355 [@radarhere]

Update xz to 5.8.2 #9343 [@radarhere]

Updated libjpeg-turbo to 3.1.3 #9333 [@radarhere]

Updated zlib-ng to 2.3.2 #9324 [@radarhere]

Updated libpng to 1.6.53 #9325 [@radarhere]

Update actions/checkout action to v6 #9323 [@renovate[bot]]

Update dependency mypy to v1.19.0 #9322 [@renovate[bot]]

Updated libpng to 1.6.51 #9305 [@radarhere]

Updated brotli to 1.2.0 #9284 [@radarhere]

Update libimagequant to 4.4.1 #9301 [@radarhere]

Update zlib-ng to 2.3.1, except on manylinux2014 aarch64 #9312 [@radarhere]

Updated harfbuzz to 12.2.0 #9289 [@radarhere]

Update github-actions #9277 [@renovate[bot]]

Testing

Replace pre-commit with prek #9360 [@hugovk]

Test PyQt6 on Python 3.14 on Windows #9353 [@radarhere]

Test 32-bit Windows on Windows Server 2022 #9345 [@radarhere]

Correct variable type #9335 [@radarhere]

Fix ResourceWarnings in selftest.py #9332 [@hugovk]

Fix testing good P mode BMP images #9319 [@radarhere]

Test Python 3.15 pre-release #9331 [@hugovk]

Test ImageFont.ImageFont, in case freetype2 is not supported #9287 [@radarhere]

Add Fedora 43 #9290 [@radarhere]

Remove Fedora 41 #9260 [@radarhere]

Type hints

Add ImageFile context manager #9367 [@radarhere]

Assert fp is not None #8617 [@radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

Changelog (Pillow)

11.1.0 and newer

See GitHub Releases:

https://github.com/python-pillow/Pillow/releases

Commits

46f45f6 12.1.0 version bump
c9ac097 Simplify band splitting (#9291)
3baedf2 Deprecate getdata(), in favour of new get_flattened_data() (#9292)
b51a036 Specify APNG duration type when opening (#9368)
8d08e31 Add release notes for #9348 (#9369)
432707e Added release notes for #9348
2d58910 Specify APNG duration type when opening
8dee8dd Add ImageFile context manager (#9367)
b2d9bc3 Support saving APNG float durations (#9365)
f130c10 Allow 1 mode images in MorphOp (#9348)
Additional commits viewable in compare view

Updates ruff from 0.12.3 to 0.14.14

Release notes

Sourced from ruff's releases.

0.14.14

Release Notes

Released on 2026-01-22.

Preview features

Preserve required parentheses in lambda bodies (#22747)

Combine range suppression code diagnostics (#22613)

[airflow] Second positional argument to Asset/Dataset should not be a dictionary (AIR303) (#22453)

[ruff] Detect duplicate entries in __all__ (RUF068) (#22114)

Bug fixes

[pyupgrade] Allow shadowing non-builtin bindings (UP029) (#22749)

[pyupgrade] Apply UP045 to string arguments of typing.cast (#22320)

[flake8-pie] Detect duplicated declared class fields in PIE794 (#22717)

Rule changes

[flake8-pyi] Fix inconsistent handling of forward references for __new__, __enter__, __aenter__ in PYI034 (#22798)

[flake8-pytest-style] Support check parameter in PT011 (#22725)

[ruff] Add exception for ctypes.Structure._fields_ (RUF012) (#22559)

Many fixes are now marked unsafe if they would remove comments:

[flake8-bugbear] B009, B010, B013, B014, B033

[flake8-simplify] SIM910, SIM911

[pyupgrade] UP007, UP039, UP041, UP045

[refurb] FURB105, FURB116, FURB136, FURB140, FURB145, FURB154, FURB157, FURB164,FURB181, FURB188

[ruff] RUF019, RUF020

Documentation

Add --exit-non-zero-on-format to formatter exit codes section (#22761)

Update contributing guide for adding a new rule (#22779)

[FastAPI] Document fix safety for FAST001 (#22655)

[flake8-async] Tweak explanation to focus on latency/efficiency tradeoff (ASYNC110) (#22715)

[pandas-vet] Make example error out-of-the-box (PD002) (#22561)

[refurb] Make the example work out of box (FURB101) (#22770)

[refurb] Make the example work out of box (FURB103) (

Bumps the python-packages group with 12 updates in the /plotting-service directory: | Package | From | To | | --- | --- | --- | | [fastapi[all]](https://github.com/fastapi/fastapi) | `0.116.1` | `0.128.0` | | [pydantic](https://github.com/pydantic/pydantic) | `2.11.7` | `2.12.5` | | [uvicorn](https://github.com/Kludex/uvicorn) | `0.35.0` | `0.40.0` | | [pyjwt](https://github.com/jpadilla/pyjwt) | `2.10.1` | `2.11.0` | | [requests](https://github.com/psf/requests) | `2.32.4` | `2.32.5` | | [pillow](https://github.com/python-pillow/Pillow) | `11.0.0` | `12.1.0` | | [ruff](https://github.com/astral-sh/ruff) | `0.12.3` | `0.14.14` | | [mypy](https://github.com/python/mypy) | `1.17.0` | `1.19.1` | | [types-requests](https://github.com/typeshed-internal/stub_uploader) | `2.32.4.20250611` | `2.32.4.20260107` | | [pytest](https://github.com/pytest-dev/pytest) | `8.4.1` | `9.0.2` | | [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `6.2.1` | `7.0.0` | | [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `1.1.0` | `1.3.0` | Updates `fastapi[all]` from 0.116.1 to 0.128.0 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.116.1...0.128.0) Updates `pydantic` from 2.11.7 to 2.12.5 - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](pydantic/pydantic@v2.11.7...v2.12.5) Updates `uvicorn` from 0.35.0 to 0.40.0 - [Release notes](https://github.com/Kludex/uvicorn/releases) - [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md) - [Commits](Kludex/uvicorn@0.35.0...0.40.0) Updates `pyjwt` from 2.10.1 to 2.11.0 - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](jpadilla/pyjwt@2.10.1...2.11.0) Updates `requests` from 2.32.4 to 2.32.5 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.4...v2.32.5) Updates `pillow` from 11.0.0 to 12.1.0 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@11.0.0...12.1.0) Updates `ruff` from 0.12.3 to 0.14.14 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.12.3...0.14.14) Updates `mypy` from 1.17.0 to 1.19.1 - [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) - [Commits](python/mypy@v1.17.0...v1.19.1) Updates `types-requests` from 2.32.4.20250611 to 2.32.4.20260107 - [Commits](https://github.com/typeshed-internal/stub_uploader/commits) Updates `pytest` from 8.4.1 to 9.0.2 - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@8.4.1...9.0.2) Updates `pytest-cov` from 6.2.1 to 7.0.0 - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](pytest-dev/pytest-cov@v6.2.1...v7.0.0) Updates `pytest-asyncio` from 1.1.0 to 1.3.0 - [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases) - [Commits](pytest-dev/pytest-asyncio@v1.1.0...v1.3.0) --- updated-dependencies: - dependency-name: fastapi[all] dependency-version: 0.128.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-packages - dependency-name: pydantic dependency-version: 2.12.5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-packages - dependency-name: uvicorn dependency-version: 0.40.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-packages - dependency-name: pyjwt dependency-version: 2.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-packages - dependency-name: requests dependency-version: 2.32.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-packages - dependency-name: pillow dependency-version: 12.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: python-packages - dependency-name: ruff dependency-version: 0.14.14 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-packages - dependency-name: mypy dependency-version: 1.19.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-packages - dependency-name: types-requests dependency-version: 2.32.4.20260107 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-packages - dependency-name: pytest dependency-version: 9.0.2 dependency-type: direct:development update-type: version-update:semver-major dependency-group: python-packages - dependency-name: pytest-cov dependency-version: 7.0.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: python-packages - dependency-name: pytest-asyncio dependency-version: 1.3.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-packages ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jan 30, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the python-packages group across 1 directory with 12 updates #305

Bump the python-packages group across 1 directory with 12 updates #305

dependabot bot commented on behalf of github Jan 30, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Bump the python-packages group across 1 directory with 12 updates #305

Are you sure you want to change the base?

Bump the python-packages group across 1 directory with 12 updates #305

Conversation

dependabot bot commented on behalf of github Jan 30, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

0.128.0

Breaking Changes

Internal

0.127.1

Refactors

Docs

Translations

Internal

0.127.0

Breaking Changes

Translations

Internal

0.126.0

Upgrades

v2.12.5 2025-11-26

v2.12.5 (2025-11-26)

v2.12.4 2025-11-05

v2.12.4 (2025-11-05)

v2.12.3 2025-10-17

v2.12.3 (2025-10-17)

What's Changed

v2.12.5 (2025-11-26)

v2.12.4 (2025-11-05)

v2.12.3 (2025-10-17)

Version 0.40.0

What's Changed

Version 0.39.0

What's Changed

New Contributors

Version 0.38.0

What's Changed

New Contributors

Version 0.37.0

What's Changed

New Contributors

Version 0.36.1

What's Changed

Version 0.36.0

Added

0.40.0 (December 21, 2025)

Remove

0.39.0 (December 21, 2025)

Fixed

0.38.0 (October 18, 2025)

Added

0.37.0 (September 23, 2025)

Added

0.36.1 (September 23, 2025)

Fixed

0.36.0 (September 20, 2025)

Added

2.11.0

What's Changed

v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0>__

v2.32.5

2.32.5 (2025-08-18)

2.32.5 (2025-08-18)

12.1.0

Deprecations

Documentation

Dependencies

Testing

Type hints

Changelog (Pillow)

11.1.0 and newer

0.14.14

Release Notes

Preview features

Bug fixes

Rule changes

Documentation

Uh oh!

Reviewers

Assignees

dependabot bot commented on behalf of github Jan 30, 2026 •

edited

Loading

`v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0>`__