Skip to content

Chore: (deps): bump the python-packages group across 1 directory with 6 updates#22

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/docker/python/python-packages-a46f331750
Open

Chore: (deps): bump the python-packages group across 1 directory with 6 updates#22
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/docker/python/python-packages-a46f331750

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github May 12, 2025
edited
Loading

Bumps the python-packages group with 6 updates in the /docker/python directory:

Package From To
fastapi[all] 0.111.0 0.115.12
uvicorn[standard] 0.30.1 0.34.2
concurrent-log-handler 0.9.25 0.9.26
markdown 3.6 3.8
prometheus-fastapi-instrumentator 7.0.0 7.1.0
gunicorn 22.0.0 23.0.0

Updates fastapi[all] from 0.111.0 to 0.115.12

Release notes

Sourced from fastapi[all]'s releases.

0.115.12

Fixes

  • 🐛 Fix convert_underscores=False for header Pydantic models. PR #13515 by @​tiangolo.

Docs

Translations

Internal

0.115.11

Fixes

Translations

  • 🌐 Add Russian translation for docs/ru/docs/tutorial/middleware.md. PR #13412 by @​alv2017.

Internal

0.115.10

Fixes

  • ♻️ Update internal annotation usage for compatibility with Pydantic 2.11. PR #13314 by @​Viicos.

Upgrades

... (truncated)

Commits
  • 628c34e 🔖 Release version 0.115.12
  • 8e76d4e 📝 Update release notes
  • 2537d9d 🐛 Fix convert_underscores=False for header Pydantic models (#13515)
  • c08a3e8 📝 Update release notes
  • 241de23 📝 Update docs/en/docs/tutorial/middleware.md (#13444)
  • 4e40e1e 📝 Update release notes
  • ecf6e7e 🌐 Add Ukrainian translation for docs/uk/docs/tutorial/metadata.md page (#13...
  • 3afd733 📝 Update release notes
  • 8557a88 🌐 Add Ukrainian translation for `docs/uk/docs/tutorial/response-status-code.m...
  • e4c1dd7 📝 Update release notes
  • Additional commits viewable in compare view

Updates uvicorn[standard] from 0.30.1 to 0.34.2

Release notes

Sourced from uvicorn[standard]'s releases.

Version 0.34.2

What's Changed

New Contributors

Full Changelog: Kludex/uvicorn@0.34.1...0.34.2

Version 0.34.1

What's Changed

New Contributors

Full Changelog: Kludex/uvicorn@0.34.0...0.34.1

Version 0.34.0

What's Changed

Full Changelog: Kludex/uvicorn@0.33.0...0.34.0

Version 0.33.0

What's Changed

New Contributors

Full Changelog: Kludex/uvicorn@0.32.1...0.33.0

Version 0.32.1

What's Changed

Full Changelog: Kludex/uvicorn@0.32.0...0.32.1

Version 0.32.0

Added

... (truncated)

Changelog

Sourced from uvicorn[standard]'s changelog.

0.34.2 (April 19, 2025)

Fixed

  • Flush stdout buffer on Windows to trigger reload (#2604)

0.34.1 (April 13, 2025)

Deprecated

  • Deprecate ServerState in the main module (#2581)

0.34.0 (December 15, 2024)

Added

  • Add content-length to 500 response in wsproto implementation (#2542)

Removed

  • Drop support for Python 3.8 (#2543)

0.33.0 (December 14, 2024)

Removed

  • Remove WatchGod support for --reload (#2536)

0.32.1 (November 20, 2024)

Fixed

  • Drop ASGI spec version to 2.3 on HTTP scope (#2513)
  • Enable httptools lenient data on httptools >= 0.6.3 (#2488)

0.32.0 (October 15, 2024)

Added

  • Officially support Python 3.13 (#2482)
  • Warn when max_request_limit is exceeded (#2430)

0.31.1 (October 9, 2024)

Fixed

  • Support WebSockets 0.13.1 (#2471)
  • Restore support for [*] in trusted hosts (#2480)
  • Add PathLike[str] type hint for ssl_keyfile (#2481)

... (truncated)

Commits

Updates concurrent-log-handler from 0.9.25 to 0.9.26

Release notes

Sourced from concurrent-log-handler's releases.

0.9.26

  • 0.9.26:
    • Significant performance improvements, especially on the POSIX side.
    • This is mainly from keeping the file handles open for both the log file and the lock file, reducing system calls and overhead.
    • You can revert to the old behavior by setting keep_file_open=False in the constructor. The default is True.
    • On Windows, the log file must be closed after each write to achieve rollovers, due to the behavior of the Windows filesystem APIs. However, the keep_file_open option still applies to the lock file and can improve performance when True.
    • Fixed some bugs in the Timed handler around file rotation (selecting files to delete). These would likely only arise with artificially low rotation intervals such as in the unit tests.
    • Make the gzip option slightly more robust to errors. In the future, we may offload this to a background process, and introduce additional compression options.
    • Developer items:
      • Updated the GitHub Actions CI test matrix:
        • Added Python 3.13 for testing.
        • GitHub Actions no longer supports runners for automated testing under Python 3.6 and 3.7.
        • Note: The package continues to target Python 3.6+ for runtime compatibility.
      • Ensure required packages like black are installed in "dev mode" (pip install -e .[dev]).
      • Added a lint.sh script to run Black, ruff, and mypy in one go.
      • Added additional unit tests for different scenarios, including the new keep_file_open option.
      • Better configuration of test coverage, which is now approx. 74% of the main file, with most non-covered code consisting of error conditions and fallbacks which aren't crucial to test.

Full Changelog: Preston-Landers/concurrent-log-handler@0.9.25...0.9.26

Changelog

Sourced from concurrent-log-handler's changelog.

  • 0.9.26:
    • Significant performance improvements, especially on the POSIX side.
    • This is mainly from keeping the file handles open for both the log file and the lock file, reducing system calls and overhead.
    • You can revert to the old behavior by setting keep_file_open=False in the constructor. The default is True.
    • On Windows, the log file must be closed after each write to achieve rollovers, due to the behavior of the Windows filesystem APIs. However, the keep_file_open option still applies to the lock file and can improve performance when True.
    • Fixed some bugs in the Timed handler around file rotation (selecting files to delete). These would likely only arise with artificially low rotation intervals such as in the unit tests.
    • Make the gzip option slightly more robust to errors. In the future, we may offload this to a background process, and introduce additional compression options.
    • Developer items:
      • Updated the GitHub Actions CI test matrix:
        • Added Python 3.13 for testing.
        • GitHub Actions no longer supports runners for automated testing under Python 3.6 and 3.7.
        • Note: The package continues to target Python 3.6+ for runtime compatibility.
      • Ensure required packages like black are installed in "dev mode" (pip install -e .[dev]).
      • Added a lint.sh script to run Black, ruff, and mypy in one go.
      • Added additional unit tests for different scenarios, including the new keep_file_open option.
      • Better configuration of test coverage, which is now approx. 74% of the main file, with most non-covered code consisting of error conditions and fallbacks which aren't crucial to test.
Commits
  • dfbcbd8 Correct the build instruction.
  • 577f470 Readme formatting.
  • 468007f Version 0.9.26 and README updates.
  • b0981bb Fix formatting and missing comment
  • 6eb581d Experimental test updates.
  • e6d0729 Fix mainly for new unit tests to be added shortly.
  • 0f52bdc Windows compat for recent performance changes.
  • 8195196 Fix for stale file handles.
  • 186db2d Performance work in progress.
  • 209d560 Make the do_gzip method more robust.
  • Additional commits viewable in compare view

Updates markdown from 3.6 to 3.8

Release notes

Sourced from markdown's releases.

Release 3.8

Changed

  • DRY fix in abbr extension by introducing method create_element (#1483).
  • Clean up test directory by removing some redundant tests and port non-redundant cases to the newer test framework.
  • Improved performance of the raw HTML post-processor (#1510).

Fixed

  • Backslash Unescape IDs set via attr_list on toc (#1493).
  • Ensure md_in_html processes content inside "markdown" blocks as they are parsed outside of "markdown" blocks to keep things more consistent for third-party extensions (#1503).
  • md_in_html handle tags within inline code blocks better (#1075).
  • md_in_html fix handling of one-liner block HTML handling (#1074).
  • Ensure <center> is treated like a block-level element (#1481).
  • Ensure that abbr extension respects AtomicString and does not process perceived abbreviations in these strings (#1512).
  • Ensure smarty extension correctly renders nested closing quotes (#1514).

Release 3.7

Changed

Refactor abbr Extension

A new AbbrTreeprocessor has been introduced, which replaces the now deprecated AbbrInlineProcessor. Abbreviation processing now happens after Attribute Lists, avoiding a conflict between the two extensions (#1460).

The AbbrPreprocessor class has been renamed to AbbrBlockprocessor, which better reflects what it is. AbbrPreprocessor has been deprecated.

A call to Markdown.reset() now clears all previously defined abbreviations.

Abbreviations are now sorted by length before executing AbbrTreeprocessor to ensure that multi-word abbreviations are implemented even if an abbreviation exists for one of those component words. (#1465)

Abbreviations without a definition are now ignored. This avoids applying abbr tags to text without a title value.

Added an optional glossary configuration option to the abbreviations extension. This provides a simple and efficient way to apply a dictionary of abbreviations to every page.

Abbreviations can now be disabled by setting their definition to "" or ''. This can be useful when using the glossary option.

... (truncated)

Changelog

Sourced from markdown's changelog.

title: Changelog toc_depth: 2

Python-Markdown Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning. See the Contributing Guide for details.

[Unreleased]

Fixed

  • Fixed dropped content in md_in_html (#1526).
  • Fixed HTML handling corner case that prevented some content from not being rendered (#1528).

[3.8.0] - 2025-04-09

Changed

  • DRY fix in abbr extension by introducing method create_element (#1483).
  • Clean up test directory by removing some redundant tests and port non-redundant cases to the newer test framework.
  • Improved performance of the raw HTML post-processor (#1510).

Fixed

  • Backslash Unescape IDs set via attr_list on toc (#1493).
  • Ensure md_in_html processes content inside "markdown" blocks as they are parsed outside of "markdown" blocks to keep things more consistent for third-party extensions (#1503).
  • md_in_html handle tags within inline code blocks better (#1075).
  • md_in_html fix handling of one-liner block HTML handling (#1074).
  • Ensure <center> is treated like a block-level element (#1481).
  • Ensure that abbr extension respects AtomicString and does not process perceived abbreviations in these strings (#1512).
  • Ensure smarty extension correctly renders nested closing quotes (#1514).

[3.7.0] - 2024-08-16

Changed

  • Refactor abbr Extension

    A new AbbrTreeprocessor has been introduced, which replaces the now deprecated AbbrInlineProcessor. Abbreviation processing now happens after Attribute Lists, avoiding a conflict between the two extensions (#1460).

... (truncated)

Commits
  • b34e1d0 Bump version to 3.8
  • e6b7163 Update deploy workflow to normalize version
  • bd67d48 Improve changelog validation
  • e912575 Fix incorrect TOC list structure in docs
  • 42d4b43 Fix CI badge in README
  • 1caf028 Optimize raw HTML post-processor (#1510)
  • f6cfc5c Use PEP 639 license expressions in project metadata
  • 9c6e39a Add Python 3.13 and drop Python 3.8
  • 7aae61b Add special case for closing nested quotes
  • 0ad5b0a Abbr should respect AtomicStrings
  • Additional commits viewable in compare view

Updates prometheus-fastapi-instrumentator from 7.0.0 to 7.1.0

Release notes

Sourced from prometheus-fastapi-instrumentator's releases.

v7.1.0

Added

  • Included metrics closure creators have new optional parameter custom_labels to set additional custom static labels. Parameter has not been added to the Instrumentator() constructor. Thanks to @​iocentos for requesting this in #279 and @​martian711 in #287 as well as @​Budlee in #326 for implementing it.

7.0.2 / 2025-01-14

These release notes also cover 7.0.1 which has been yanked due to incorrect license identifier on PyPI.

7.0.2 / 2025-01-14

Fixed

  • Replaced incorrect license identifier in pyproject.toml. Problem introduced with the migration to Poetry 2.0 in the last patch release.

7.0.1 / 2025-01-14

Changed

  • Migrated pyproject.toml to support PEP 621. This comes with a migration to Poetry 2.0. Thanks to @​alexted for bringing this up in #323.
Changelog

Sourced from prometheus-fastapi-instrumentator's changelog.

7.1.0 / 2025-03-19

Added

  • Included metrics closure creators have new optional parameter custom_labels to set additional custom static labels. Parameter has not been added to the Instrumentator() constructor. Thanks to @​iocentos for requesting this in #279 and @​martian711 in #287 as well as @​Budlee in #326 for implementing it.

7.0.2 / 2025-01-14

Fixed

  • Replaced incorrect license identifier in pyproject.toml. Problem introduced with the migration to Poetry 2.0 in the last patch release.

7.0.1 / 2025-01-14

Changed

  • Migrated pyproject.toml to support PEP 621. This comes with a migration to Poetry 2.0. Thanks to @​alexted bringing this up in #323.
Commits
  • 63b05e5 chore: Prepare release v7.1.0
  • 9dc048b feat: Add opt custom labels to included metrics #279 (#326)
  • 2e1568e docs: Fix link in changelog
  • c697909 chore: Prepare release v7.0.2
  • 2743a4c chore: Fix incorrect license identifier in pyproject.toml
  • d010c8d ci: Bump lower Python to 3.9
  • 6154e85 ci: Bump Poetry to 2.0.1
  • fc3d516 chore: Fix invalid attributes in pyproject.toml
  • 406990a chore: Prepare release v7.0.1
  • 71cb118 chore: Add note to changelog
  • Additional commits viewable in compare view

Updates gunicorn from 22.0.0 to 23.0.0

Release notes

Sourced from gunicorn's releases.

23.0.0

Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and which improve safety

You're invited to upgrade asap your own installation.

23.0.0 - 2024-08-10

  • minor docs fixes (:pr:3217, :pr:3089, :pr:3167)
  • worker_class parameter accepts a class (:pr:3079)
  • fix deadlock if request terminated during chunked parsing (:pr:2688)
  • permit receiving Transfer-Encodings: compress, deflate, gzip (:pr:3261)
  • permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:3261)
  • sdist generation now explicitly excludes sphinx build folder (:pr:3257)
  • decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising TypeError (:pr:2336)
  • raise correct Exception when encounting invalid chunked requests (:pr:3258)
  • the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:3192)
  • include IPv6 loopback address [::1] in default for :ref:forwarded-allow-ips and :ref:proxy-allow-ips (:pr:3192)

** NOTE **

  • The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release
  • Review your :ref:forwarded-allow-ips setting if you are still not seeing the SCRIPT_NAME transmitted
  • Review your :ref:forwarder-headers setting if you are missing headers after upgrading from a version prior to 22.0.0

** Breaking changes **

  • refuse requests where the uri field is empty (:pr:3255)
  • refuse requests with invalid CR/LR/NUL in heade field values (:pr:3253)
  • remove temporary --tolerate-dangerous-framing switch from 22.0 (:pr:3260)
  • If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies.

Fix CVE-2024-1135

Commits
  • 411986d fix doc
  • 334392e Merge pull request #2559 from laggardkernel/bugfix/reexec-env
  • e75c353 Merge pull request #3189 from pajod/patch-py36
  • 9357b28 keep document user in access_log_format setting
  • 79fdef0 bump to 23.0.0
  • 3acd9fb Merge pull request #2620 from talkerbox/improve-access-log-format-docs
  • 3f56d76 Merge pull request #3192 from pajod/patch-allowed-script-name
  • 256d474 docs: revert duped directive
  • ffa48b5 test: default change was intentional
  • 52538ca docs: recommend SCRIPT_NAME=/subfolder
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Chore: (deps): bump the python-packages group across 1 directory with…
54a7249 
… 6 updates

Bumps the python-packages group with 6 updates in the /docker/python directory:

| Package | From | To |
| --- | --- | --- |
| [fastapi[all]](https://github.com/fastapi/fastapi) | `0.111.0` | `0.115.12` |
| [uvicorn[standard]](https://github.com/encode/uvicorn) | `0.30.1` | `0.34.2` |
| [concurrent-log-handler](https://github.com/Preston-Landers/concurrent-log-handler) | `0.9.25` | `0.9.26` |
| [markdown](https://github.com/Python-Markdown/markdown) | `3.6` | `3.8` |
| [prometheus-fastapi-instrumentator](https://github.com/trallnag/prometheus-fastapi-instrumentator) | `7.0.0` | `7.1.0` |
| [gunicorn](https://github.com/benoitc/gunicorn) | `22.0.0` | `23.0.0` |



Updates `fastapi[all]` from 0.111.0 to 0.115.12
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.111.0...0.115.12)

Updates `uvicorn[standard]` from 0.30.1 to 0.34.2
- [Release notes](https://github.com/encode/uvicorn/releases)
- [Changelog](https://github.com/encode/uvicorn/blob/master/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.30.1...0.34.2)

Updates `concurrent-log-handler` from 0.9.25 to 0.9.26
- [Release notes](https://github.com/Preston-Landers/concurrent-log-handler/releases)
- [Changelog](https://github.com/Preston-Landers/concurrent-log-handler/blob/master/CHANGELOG.md)
- [Commits](Preston-Landers/concurrent-log-handler@0.9.25...0.9.26)

Updates `markdown` from 3.6 to 3.8
- [Release notes](https://github.com/Python-Markdown/markdown/releases)
- [Changelog](https://github.com/Python-Markdown/markdown/blob/master/docs/changelog.md)
- [Commits](Python-Markdown/markdown@3.6...3.8)

Updates `prometheus-fastapi-instrumentator` from 7.0.0 to 7.1.0
- [Release notes](https://github.com/trallnag/prometheus-fastapi-instrumentator/releases)
- [Changelog](https://github.com/trallnag/prometheus-fastapi-instrumentator/blob/master/CHANGELOG.md)
- [Commits](trallnag/prometheus-fastapi-instrumentator@v7.0.0...v7.1.0)

Updates `gunicorn` from 22.0.0 to 23.0.0
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](benoitc/gunicorn@22.0.0...23.0.0)

---
updated-dependencies:
- dependency-name: fastapi[all]
  dependency-version: 0.115.12
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: uvicorn[standard]
  dependency-version: 0.34.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: concurrent-log-handler
  dependency-version: 0.9.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: markdown
  dependency-version: '3.8'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: prometheus-fastapi-instrumentator
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: gunicorn
  dependency-version: 23.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 12, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants