Skip to content

Deps: Bump the python-packages group across 1 directory with 16 updates#138

Merged
greenbonebot merged 2 commits into
mainfrom
dependabot/pip/python-packages-9a4193b23d
Jun 16, 2026
Merged

Deps: Bump the python-packages group across 1 directory with 16 updates#138
greenbonebot merged 2 commits into
mainfrom
dependabot/pip/python-packages-9a4193b23d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-packages group with 15 updates in the / directory:

Package From To
fastapi 0.136.1 0.137.0
uvicorn 0.47.0 0.49.0
pontos 26.4.3 26.5.0
coverage 7.14.0 7.14.1
black 26.5.0 26.5.1
certifi 2026.4.22 2026.5.20
click 8.4.0 8.4.1
greenlet 3.5.0 3.5.1
idna 3.15 3.18
lxml 6.1.0 6.1.1
platformdirs 4.9.6 4.10.0
pydantic-core 2.46.4 2.47.0
ruff 0.15.13 0.15.17
sqlalchemy 2.0.49 2.0.50
starlette 1.0.1 1.3.1

Updates fastapi from 0.136.1 to 0.137.0

Release notes

Sourced from fastapi's releases.

0.137.0

Breaking Changes

  • ♻️ Refactor internals to preserve APIRouter and APIRoute instances. PR #15745 by @​tiangolo.

Unblocks ✨ SO MANY THINGS ✨

Before this, router.include_router(other_router) would take each path operation from other_router and "clone" it, or recreate it from scratch.

This would mean that in the end there was only one top level router, part of the app.

The way it is structured here is that there are a few additional classes to handle intermediate metadata for router and route inclusion. That way the information of "router X includes Y and Y includes Z" is stored somewhere, without affecting (recreating / clonning) the final route.

Non Objectives

Dependencies for 404: previously I intended to support dependencies that would be executed even for 404, but that would conflict with the fact that a router could not find a match, but the next router did find a match. Executing dependencies in the router that did not find a match would not make sense, they could consume the request, body, etc. This original idea was discarded.

Specific Breaking Changes

Now router.routes is no longer a plain list of APIRoute objects, it can contain these intermediate objects that can contain additional routers, forming a tree.

Any logic that depended on iterating on the router.routes directly would be affected, that logic cannot expect to be able to extract data from a plain list of routes, as it's no longer a plain list but a tree.

Additionally, any logic that iterated on router.routes to modify them would now also see these new objects, and would not see all the routes in the app.

router.routes should be considered an internal implementation detail, only passed around to the FastAPI functions that need it.

Features

  • Adding routes (path operations) after a router is included now works, they are reflected as they are not copied.
  • Including subrouter in mainrouter can be done before adding routes (path operations) to subrouter, because now the the entire object is stored instead of copying the routes.
  • As routes are not copied, in some cases that might save some memory.

Alpha Features

This is not documented yet, so it's not officially supported yet and could change in the future.

But, as APIRoute and APIRouter instances are now preserved, they could be customized.

APIRouter has two new methods, .matches() and .handle(), counterpart to the existing ones in APIRoute. With this a router could customize how it matches and handles requests. For example, it could match only requests that include some specific header, for example for handling versions in headers.

Still, for now, consider this very experimental and potentially changing and breaking in the future.

Future Features Enabled

  • Custom APIRoute subclasses (undocumented, but alraedy works as desccribed above)
  • Custom APIRouter subclasses (undocumented, but already works as described above)
  • Dependencies per router
  • Exception handlers per router
  • Middleware per router

... (truncated)

Commits

Updates uvicorn from 0.47.0 to 0.49.0

Release notes

Sourced from uvicorn's releases.

Version 0.49.0

What's Changed

Full Changelog: Kludex/uvicorn@0.48.0...0.49.0

Version 0.48.0

What's Changed

Full Changelog: Kludex/uvicorn@0.47.0...0.48.0

Changelog

Sourced from uvicorn's changelog.

0.49.0 (June 3, 2026)

Changed

  • Bump httptools minimum version to 0.8.0 (#2962)
  • Consume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) (#2971)

0.48.0 (May 24, 2026)

Changed

  • Default ssl_ciphers to None and use OpenSSL defaults (#2940)

Fixed

  • Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)
Commits
  • 3ef2e3e Version 0.49.0 (#2973)
  • eeb64b1 Consume duplicate forwarding headers in ProxyHeadersMiddleware (#2971)
  • 630f4ac Make the watchfiles reload tests deterministic (#2972)
  • 9154922 chore(deps): bump the github-actions group across 1 directory with 6 updates ...
  • 739727a Migrate docs deploy from Cloudflare Pages to Workers (#2967)
  • be4a240 Gate docs preview deploy on Cloudflare token presence (#2966)
  • c489d7e Bump httptools minimum version to 0.8.0 (#2962)
  • 9f547bd Skip docs preview deploy for Dependabot PRs (#2961)
  • 44446b8 Migrate documentation from MkDocs Material to Zensical (#2959)
  • cfd659c Bump pymdown-extensions to 10.21.3 (#2958)
  • Additional commits viewable in compare view

Updates pontos from 26.4.3 to 26.5.0

Release notes

Sourced from pontos's releases.

pontos 26.5.0

26.5.0 - 2026-05-19

👷 Changed

🚢 Dependencies

Commits
  • a380de6 Automatic release to 26.5.0
  • 12b9dd2 Change: Rename "Status Change" to "CVE Status Change"
  • fd0a178 Deps: Bump urllib3 from 2.6.3 to 2.7.0
  • 00adf54 Update: Greenbone license header
  • a793376 Automatic adjustments after release [skip ci]
  • See full diff in compare view

Updates coverage from 7.14.0 to 7.14.1

Changelog

Sourced from coverage's changelog.

Version 7.14.1 — 2026-05-26

  • Fix: the HTML report used typographic niceties to make file paths more readable by adding a small amount of space around slashes. Those spaces interfered with searching the page for file paths of interest. Now the report uses CSS to accomplish the same visual tweak so that searches with slashes work correctly. Closes issue 2170_.

  • Add a 3.16 PyPI classifier <hugo-316_>_ since we test on the 3.16 main branch.

.. _issue 2170: coveragepy/coveragepy#2170 .. _hugo-316: https://mastodon.social/@​hugovk/116588523571204490

.. _changes_7-14-0:

Commits
  • 64d9b66 docs: correct the date for 7.14.1
  • 6fa7dd4 chore: bump actions/dependency-review-action (#2181)
  • 078afae docs: sample HTML for 7.14.1
  • cb4f028 docs: prep for 7.14.1
  • ae2d09f Merge branch 'nedbat/classifire-316-kits'
  • 2c3568b build: declare 3.16 compatibility
  • faa68f8 chore: bump github/codeql-action in the action-dependencies group (#2173)
  • eb55fee test: we don't need PyPy < 7.3.22 anymore
  • ac168fe test: the text summary should show missing
  • fed4bd2 chore: upgrade virtualenv
  • Additional commits viewable in compare view

Updates black from 26.5.0 to 26.5.1

Release notes

Sourced from black's releases.

26.5.1

Stable style

  • Fix unstable formatting of annotated assignments whose subscript annotation contains an inline comment (e.g. x: list[ # pyright: ignore[...]) (#5130)
  • Preserve inline comments (including # type: ignore) immediately before a # fmt: skip line, avoiding AST equivalence failures (#5139)

Packaging

  • Correct the version in the published executables (#5137)

Documentation

  • Add Neovim integration guide covering conform.nvim, ALE, and simple command approaches (#5124)
Changelog

Sourced from black's changelog.

Version 26.5.1

Stable style

  • Fix unstable formatting of annotated assignments whose subscript annotation contains an inline comment (e.g. x: list[ # pyright: ignore[...]) (#5130)
  • Preserve inline comments (including # type: ignore) immediately before a # fmt: skip line, avoiding AST equivalence failures (#5139)

Packaging

  • Correct the version in the published executables (#5137)

Documentation

  • Add Neovim integration guide covering conform.nvim, ALE, and simple command approaches (#5124)
Commits

Updates certifi from 2026.4.22 to 2026.5.20

Commits

Updates click from 8.4.0 to 8.4.1

Release notes

Sourced from click's releases.

8.4.1

This is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.4.1/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-1 Milestone: https://github.com/pallets/click/milestone/32?closed=1

  • get_parameter_source() is available during eager callbacks and type conversion again. #3458 #3484
  • Zsh completion scripts parse correctly on Windows. #3277 # 3466
  • Shell completion of Choice Enum values produces a valid completion result. #3015
  • Fix empty byte-string handling in echo. #3487
  • Fix closed file error with echo_via_pager. #3449
Changelog

Sourced from click's changelog.

Version 8.4.1

Released 2026-05-21

  • get_parameter_source() is available during eager callbacks and type conversion again. {issue}3458 {pr}3484
  • Zsh completion scripts parse correctly on Windows. {issue}3277 {pr}3466
  • Shell completion of Enum values used as Choice options produces a valid completion result. {issue}3015 {pr}3471
  • Fix empty byte-string handling in echo. {issue}3487 {pr}3493
  • Fix closed file error with echo_via_pager. {issue}3449 {pr}3482
  • Fix open_url on Windows when the file path contains spaces. {issue}2994 {pr}3478
Commits
  • 6eeb50e release version 8.4.1
  • 67921d5 change log and doc fixes (#3495)
  • 9c41f46 Fix changelog and version admonitions
  • 6cb3477 fix skip condition
  • 5ee8e31 fix I/O operation on closed file error with CliRunner and echo_via_pager (#3482)
  • becbde5 pager doesn't close std streams
  • a5f5aa6 Handle empty bytes in echo (#3493)
  • 4d3db84 handle empty bytes in echo
  • d42f15b Fix get_parameter_source() during type conversion and eager callbacks (#3484)
  • 0baa8db Document ctx.params bypass with test and doc
  • Additional commits viewable in compare view

Updates greenlet from 3.5.0 to 3.5.1

Changelog

Sourced from greenlet's changelog.

3.5.1 (2026-05-20)

  • Add preliminary support for Python 3.15b1. This has not been reviewed by CPython core developers, but all tests pass. Binary wheels of this version won't work on earlier Python 3.15 builds and may not work on later 3.15 builds.
  • Fix the discrepancy in the way the two getcurrent APIs behave during greenlet teardown. One API (the C API used by, e.g., gevent) raised a RuntimeError; the other (the Python greenlet.getcurrent API) returned None. This second way is incompatible with greenlet's type annotations, so greenlet.getcurrent now raises a RuntimeError as well.
Commits
  • b5e5fc4 Preparing release 3.5.1
  • c8e1774 Tweak wording in CHANGES about greenlet.getcurrent.
  • 7fb10c5 Merge pull request #510 from python-greenlet/315
  • 9718ce5 Add Py 3.15; make both API versions of getcurrent() consistent in raising Run...
  • 276e08a Merge pull request #509 from python-greenlet/dependabot/github_actions/github...
  • 32b0ad6 Bump pypa/gh-action-pypi-publish in the github-actions group
  • 173b692 Back to development: 3.5.1
  • See full diff in compare view

Updates httptools from 0.7.1 to 0.8.0

Release notes

Sourced from httptools's releases.

v0.8.0

Changes

Commits

Updates idna from 3.15 to 3.18

Changelog

Sourced from idna's changelog.

3.18 (2026-06-02)

  • When decoding a domain, add a display argument that will pass through invalid labels rather than raising an exception.

3.17 (2026-05-28)

  • Substantial 75% reduction in memory usage through new data structures and some optimization in processing speed.
  • Added a general 1024-character input length cap to the public validation, conversion, and codec entry points. This is well above any legitimate domain or label and guards against pathological inputs.

3.16 (2026-05-22)

  • Add a command-line interface (python -m idna, also available as the idna script). Encodes or decodes one or more domains supplied as arguments or on standard input, with options to select A-label or U-label output and control error handling.
  • Raise the minimum supported Python version to 3.9
  • Various code quality improvements
Commits
  • f39ea90 Release 3.18
  • 40f4e40 Pre-release 3.18rc0
  • 1a5bf80 Merge pull request #253 from kjd/lenient-decode
  • 5bbb26f Merge branch 'master' into lenient-decode
  • c532bae Rename decode() lenient= option to display= (issue #248)
  • 0b1758b Merge pull request #252 from kjd/release-3.17
  • f48619c Release 3.17
  • 7421ba8 Pre-release 3.17rc0
  • 22ebb73 Merge pull request #251 from kjd/structure-optimizations
  • 2a7ac0a Drop redundant parallel-arrays comment from uts46data
  • Additional commits viewable in compare view

Updates lxml from 6.1.0 to 6.1.1

Changelog

Sourced from lxml's changelog.

6.1.1 (2026-05-18)

Bugs fixed

Commits
  • b4a4c59 Build: Fix build in Py3.8.
  • a116dcb Fix typo: type annotions -> type annotations in PEP 560 comments (GH-504)
  • 7287a75 Prepare release of 6.1.1.
  • 5927a6d Add missing "xlink:href" to the known HTML link attributes.
  • 23efeb4 Build: Fix build in Py3.8.
  • 2c0563b Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...
  • 8a35fcc Fix doctest in PyPy3.9.
  • See full diff in compare view

Updates platformdirs from 4.9.6 to 4.10.0

Release notes

Sourced from platformdirs's releases.

4.10.0

What's Changed

New Contributors

Full Changelog: tox-dev/platformdirs@4.9.6...4.10.0

Changelog

Sourced from platformdirs's changelog.

########### Changelog ###########


4.10.0 (2026-05-28)


  • ✨ feat: add user_publicshare_dir, user_templates_dir, user_fonts_dir, user_preference_dir :pr:491
  • ✨ feat: add user_projects_dir for $XDG_PROJECTS_DIR :pr:490
  • chore: improve platformdirs maintenance path :pr:488 - by :user:lphuc2250gma

4.9.6 (2026-04-09)


  • 🐛 fix(release): use double quotes for tag variable expansion :pr:477

4.9.5 (2026-04-06)


  • 📝 docs(appauthor): clarify None vs False on Windows :pr:476
  • Separates implementations of macOS dirs that share a default :pr:473 - by :user:Goddesen
  • Remove persist-credentials: false from release job :pr:472
  • fix: do not duplicate site dirs in Unix.iter_{config,site}_dirs() when use_site_for_root is active :pr:469 - by :user:viccie30
  • 🔧 fix(type): resolve ty 0.0.25 type errors :pr:468
  • 🔒 ci(workflows): add zizmor security auditing :pr:467
  • 🐛 fix(release): generate docstrfmt-compatible changelog entries :pr:463

4.9.4 (2026-03-05)


  • [pre-commit.ci] pre-commit autoupdate :pr:461 - by :user:pre-commit-ci[bot]
  • Update README.md
  • 📝 docs: add project logo to documentation :pr:459
  • Standardize .github files to .yaml suffix
  • build(deps): bump the all group with 2 updates :pr:457 - by :user:dependabot[bot]
  • Move SECURITY.md to .github/SECURITY.md
  • Add permissions to workflows :pr:455
  • Add security policy
  • [pre-commit.ci] pre-commit autoupdate :pr:454 - by :user:pre-commit-ci[bot]

4.9.2 (2026-02-16)


  • 📝 docs: restructure following Diataxis framework :pr:448

... (truncated)

Commits
  • 04cb136 Release 4.10.0
  • 078bc61 ✨ feat: add user_publicshare_dir, user_templates_dir, user_fonts_dir, user_pr...
  • d279747 ✨ feat: add user_projects_dir for $XDG_PROJECTS_DIR (#490)
  • 4116391 [pre-commit.ci] pre-commit autoupdate (#489)
  • dbc63f5 chore: improve platformdirs maintenance path (#488)
  • 9265108 [pre-commit.ci] pre-commit autoupdate (#487)
  • 9f857ec [pre-commit.ci] pre-commit autoupdate (#486)
  • a76e777 [pre-commit.ci] pre-commit autoupdate (#484)
  • 903fd9f [pre-commit.ci] pre-commit autoupdate (#483)
  • a5da35d build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 in the all group (#482)
  • Additional commits viewable in compare view

Updates pydantic-core from 2.46.4 to 2.47.0

Commits

Updates ruff from 0.15.13 to 0.15.17

Release notes

Sourced from ruff's releases.

0.15.17

Release Notes

Released on 2026-06-11.

Preview features

  • Allow human-readable names in suppression comments (#25614)
  • Fix handling of ignore comments within a disable/enable pair (#25845)
  • Prioritize human-readable names in CLI output (#25869)
  • Respect diagnostic start and parent ranges and trailing comments in ruff:ignore suppressions (#25673)
  • [flake8-async] Add trio.as_safe_channel to safe decorators (ASYNC119) (#25775)
  • [flake8-pytest-style] Also check pytest_asyncio fixtures (#25375)
  • [ruff] Ban pytest autouse fixtures (RUF076) (#25477)
  • [pyupgrade] Add from __future__ import annotations automatically (UP007, UP045) (#23259)

Bug fixes

  • Fix diagnostic when ruff:enable or ruff:disable appears where ruff:ignore is expected (#25700)
  • [pyupgrade] Preserve leading empty literals to avoid syntax errors (UP032) (#25491)

Rule changes

  • [flake8-pytest-style] Clarify diagnostic message for single parameters (PT007) (#25592)
  • [numpy] Drop autofix for np.in1d (NPY201) (#25612)
  • [pylint] Exempt Python version comparisons (PLR2004) (#25743)

Performance

  • Reserve AST Vecs with correct capacity for common cases (#25451)

Formatter

  • Preserve whitespace for Quarto cell option comments (#25641)

CLI

  • Allow rule names in ruff rule (#25640)

Other changes

  • Fix playground diagnostics scrollbars (#25642)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.17

Released on 2026-06-11.

Preview features

  • Allow human-readable names in suppression comments (#25614)
  • Fix handling of ignore comments within a disable/enable pair (#25845)
  • Prioritize human-readable names in CLI output (#25869)
  • Respect diagnostic start and parent ranges and trailing comments in ruff:ignore suppressions (#25673)
  • [flake8-async] Add trio.as_safe_channel to safe decorators (ASYNC119) (#25775)
  • [flake8-pytest-style] Also check pytest_asyncio fixtures (#25375)
  • [ruff] Ban pytest autouse fixtures (RUF076) (#25477)
  • [pyupgrade] Add from __future__ import annotations automatically (UP007, UP045) (#23259)

Bug fixes

  • Fix diagnostic when ruff:enable or ruff:disable appears where ruff:ignore is expected (#25700)
  • [pyupgrade] Preserve leading empty literals to avoid syntax errors (UP032) (#25491)

Rule changes

  • [flake8-pytest-style] Clarify diagnostic message for single parameters (PT007) (#25592)
  • [numpy] Drop autofix for np.in1d (NPY201) (#25612)
  • [pylint] Exempt Python version comparisons (PLR2004) (#25743)

Performance

  • Reserve AST Vecs with correct capacity for common cases (#25451)

Formatter

  • Preserve whitespace for Quarto cell option comments (#25641)

CLI

  • Allow rule names in ruff rule (#25640)

Other changes

  • Fix playground diagnostics scrollbars (#25642)

Contributors

... (truncated)

Commits
  • 7c645a9 Bump 0.15.17 (#25872)
  • f381eb1 Prioritize human-readable names in CLI output (#25869)
  • b9b4546 Minor workflow simplification (#25870)
  • 1e77ba0 [ty] Move PreformattedBlockScanner to format-agnostic location. (#25856)
  • 6f2b772 [ty] Preserve nominal type of enum.property instances (#25849)
  • be4777c [ty] Fix site-package error when multiple versions of pythons are installed i...
  • 53f6ff7 Allow human-readable names in suppression comments (#25614)
  • 6740325 [ty] Restrict uncached raw signature access (#25866)
  • 970b1bf Auto-update snapshots when syncing typeshed (#25841)
  • 0785793 Fix handling of ignore comments within a disable/enable pair (#25845)
  • Additional commits viewable in compare view

Updates sqlalchemy from 2.0.49 to 2.0.50

Release notes

Sourced from sqlalchemy's releases.

2.0.50

Released: May 24, 2026

orm

  • [orm] [bug] Fixed issue where using _orm.joinedload() with PropComparator.of_type() targeting a joined-table subclass combined with PropComparator.and_() referencing a column on that subclass would generate invalid SQL, where the subclass column was not adapted to the subquery alias. Pull request courtesy Joaquin Hui Gomez.

    References: #13203

  • [orm] [bug] Fixed issue where the presence of a SessionEvents.do_orm_execute() event hook would cause internal execution options such as yield_per and loader-specific state from the first orm_pre_session_exec pass to leak into the second pass, leading to errors when using relationship loaders such as selectinload() and immediateload(). The execution options passed to the second compilation pass are now based on the original options plus only the explicit updates made via ORMExecuteState.update_execution_options() within the event hook.

    References: #13301

  • [orm] [bug] Fixed issue where using _orm.with_polymorphic() on a leaf class (a subclass with no further descendants) or a non-inherited class would fail with an AttributeError when used in an ORM statement, due to _orm.configure_mappers() not being triggered implicitly. The fix ensures that AliasedInsp participates in the _post_inspect hook, triggering mapper configuration during ORM statement compilation.

    References: #13319

sql

  • [sql] [bug] Fixed issue where floor division (//) between a Float or Numeric numerator and an Integer denominator would omit the FLOOR() SQL wrapper on dialects where Dialect.div_is_floordiv is True (the default, including PostgreSQL and SQLite). FLOOR() is now applied if either the denominator or the numerator is a non-integer, so that expressions such as float_col // int_col render as FLOOR(float_col / int_col) instead of the incorrect float_col / int_col. Pull request courtesy r266-tech.

    References: #10528

postgresql

... (truncated)

Commits

Updates starlette from 1.0.1 to 1.3.1

Release notes

Sourced from starlette's releases.

Version 1.3.1

What's Changed

Full Changelog: Kludex/starlette@1.3.0...1.3.1

Version 1.3.0

What's Changed

New Contributors

Full Changelog: Kludex/starlette@1.2.1...1.3.0

Version 1.2.1

What's Changed

New Contributors

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 1, 2026
@dependabot dependabot Bot requested review from a team as code owners June 1, 2026 07:47
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 1, 2026
@greenbonebot greenbonebot enabled auto-merge (rebase) June 1, 2026 07:47
Bumps the python-packages group with 15 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [fastapi](https://github.com/fastapi/fastapi) | `0.136.1` | `0.137.0` |
| [uvicorn](https://github.com/Kludex/uvicorn) | `0.47.0` | `0.49.0` |
| [pontos](https://github.com/greenbone/pontos) | `26.4.3` | `26.5.0` |
| [coverage](https://github.com/coveragepy/coveragepy) | `7.14.0` | `7.14.1` |
| [black](https://github.com/psf/black) | `26.5.0` | `26.5.1` |
| [certifi](https://github.com/certifi/python-certifi) | `2026.4.22` | `2026.5.20` |
| [click](https://github.com/pallets/click) | `8.4.0` | `8.4.1` |
| [greenlet](https://github.com/python-greenlet/greenlet) | `3.5.0` | `3.5.1` |
| [idna](https://github.com/kjd/idna) | `3.15` | `3.18` |
| [lxml](https://github.com/lxml/lxml) | `6.1.0` | `6.1.1` |
| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.6` | `4.10.0` |
| [pydantic-core](https://github.com/pydantic/pydantic) | `2.46.4` | `2.47.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.13` | `0.15.17` |
| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.49` | `2.0.50` |
| [starlette](https://github.com/Kludex/starlette) | `1.0.1` | `1.3.1` |



Updates `fastapi` from 0.136.1 to 0.137.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.136.1...0.137.0)

Updates `uvicorn` from 0.47.0 to 0.49.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.47.0...0.49.0)

Updates `pontos` from 26.4.3 to 26.5.0
- [Release notes](https://github.com/greenbone/pontos/releases)
- [Commits](greenbone/pontos@v26.4.3...v26.5.0)

Updates `coverage` from 7.14.0 to 7.14.1
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.14.0...7.14.1)

Updates `black` from 26.5.0 to 26.5.1
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@26.5.0...26.5.1)

Updates `certifi` from 2026.4.22 to 2026.5.20
- [Commits](certifi/python-certifi@2026.04.22...2026.05.20)

Updates `click` from 8.4.0 to 8.4.1
- [Release notes](https://github.com/pallets/click/releases)
- [Changelog](https://github.com/pallets/click/blob/main/CHANGES.md)
- [Commits](pallets/click@8.4.0...8.4.1)

Updates `greenlet` from 3.5.0 to 3.5.1
- [Changelog](https://github.com/python-greenlet/greenlet/blob/master/CHANGES.rst)
- [Commits](python-greenlet/greenlet@3.5.0...3.5.1)

Updates `httptools` from 0.7.1 to 0.8.0
- [Release notes](https://github.com/MagicStack/httptools/releases)
- [Commits](MagicStack/httptools@v0.7.1...v0.8.0)

Updates `idna` from 3.15 to 3.18
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md)
- [Commits](kjd/idna@v3.15...v3.18)

Updates `lxml` from 6.1.0 to 6.1.1
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](lxml/lxml@lxml-6.1.0...lxml-6.1.1)

Updates `platformdirs` from 4.9.6 to 4.10.0
- [Release notes](https://github.com/tox-dev/platformdirs/releases)
- [Changelog](https://github.com/tox-dev/platformdirs/blob/main/docs/changelog.rst)
- [Commits](tox-dev/platformdirs@4.9.6...4.10.0)

Updates `pydantic-core` from 2.46.4 to 2.47.0
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/commits)

Updates `ruff` from 0.15.13 to 0.15.17
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.13...0.15.17)

Updates `sqlalchemy` from 2.0.49 to 2.0.50
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

Updates `starlette` from 1.0.1 to 1.3.1
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@1.0.1...1.3.1)

---
updated-dependencies:
- dependency-name: black
  dependency-version: 26.5.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: certifi
  dependency-version: 2026.5.20
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: click
  dependency-version: 8.4.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: coverage
  dependency-version: 7.14.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: fastapi
  dependency-version: 0.136.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: greenlet
  dependency-version: 3.5.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: httptools
  dependency-version: 0.8.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: idna
  dependency-version: '3.17'
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: lxml
  dependency-version: 6.1.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: platformdirs
  dependency-version: 4.10.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: pontos
  dependency-version: 26.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: pydantic-core
  dependency-version: 2.47.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: ruff
  dependency-version: 0.15.15
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: sqlalchemy
  dependency-version: 2.0.50
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: starlette
  dependency-version: 1.2.1
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: uvicorn
  dependency-version: 0.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/python-packages-9a4193b23d branch from ebb689c to f0bb84b Compare June 15, 2026 10:40
@github-actions

Copy link
Copy Markdown

Conventional Commits Report

Type Number
Dependencies 1

🚀 Conventional commits found.

@greenbonebot greenbonebot merged commit 7862496 into main Jun 16, 2026
12 checks passed
@greenbonebot greenbonebot deleted the dependabot/pip/python-packages-9a4193b23d branch June 16, 2026 12:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants