deps(deps): bump the python-minor group across 1 directory with 9 updates

[dependabot]

Bumps the python-minor group with 9 updates in the / directory:

Package	From	To
fastapi	0.127.0	0.131.0
uvicorn[standard]	0.40.0	0.41.0
pydantic-settings	2.12.0	2.13.1
sqlalchemy	2.0.45	2.0.46
alembic	1.17.2	1.18.4
aiosqlite	0.22.0	0.22.1
tenacity	9.1.2	9.1.4
prometheus-client	0.23.1	0.24.1
ruff	0.14.10	0.15.2

Updates fastapi from 0.127.0 to 0.131.0

Release notes

Sourced from fastapi's releases.

0.131.0

Breaking Changes

• 🗑️ Deprecate ORJSONResponse and UJSONResponse. PR #14964 by @​tiangolo.

0.130.0

Features

• ✨ Serialize JSON response with Pydantic (in Rust), when there's a Pydantic return type or response model. PR #14962 by @​tiangolo.
  • This results in 2x (or more) performance increase for JSON responses.
  • New docs: Custom Response - JSON Performance.

0.129.2

Internal

• ⬆️ Upgrade pytest. PR #14959 by @​tiangolo.
• 👷 Fix CI, do not attempt to publish fastapi-slim. PR #14958 by @​tiangolo.
• ➖ Drop support for fastapi-slim, no more versions will be released, use only "fastapi[standard]" or fastapi. PR #14957 by @​tiangolo.
• 🔧 Update pyproject.toml, remove unneeded lines. PR #14956 by @​tiangolo.

0.129.1

Fixes

• ♻️ Fix JSON Schema for bytes, use "contentMediaType": "application/octet-stream" instead of "format": "binary". PR #14953 by @​tiangolo.

Docs

• 🔨 Add Kapa.ai widget (AI chatbot). PR #14938 by @​tiangolo.
• 🔥 Remove Python 3.9 specific files, no longer needed after updating translations. PR #14931 by @​tiangolo.
• 📝 Update docs for JWT to prevent timing attacks. PR #14908 by @​tiangolo.

Translations

• ✏️ Fix several typos in ru translations. PR #14934 by @​argoarsiks.
• 🌐 Update translations for ko (update-all and add-missing). PR #14923 by @​YuriiMotov.
• 🌐 Update translations for uk (add-missing). PR #14922 by @​YuriiMotov.
• 🌐 Update translations for zh-hant (update-all and add-missing). PR #14921 by @​YuriiMotov.
• 🌐 Update translations for fr (update-all and add-missing). PR #14920 by @​YuriiMotov.
• 🌐 Update translations for de (update-all) . PR #14910 by @​YuriiMotov.
• 🌐 Update translations for ja (update-all). PR #14916 by @​YuriiMotov.
• 🌐 Update translations for pt (update-all). PR #14912 by @​YuriiMotov.
• 🌐 Update translations for es (update-all and add-missing). PR #14911 by @​YuriiMotov.
• 🌐 Update translations for zh (update-all). PR #14917 by @​YuriiMotov.
• 🌐 Update translations for uk (update-all). PR #14914 by @​YuriiMotov.
• 🌐 Update translations for tr (update-all). PR #14913 by @​YuriiMotov.
• 🌐 Update translations for ru (update-outdated). PR #14909 by @​YuriiMotov.

Internal

• 👷 Always run tests on push to master branch and when run by scheduler. PR #14940 by @​YuriiMotov.

... (truncated)

Commits

• b423b73 🔖 Release version 0.131.0
• 70e8558 📝 Update release notes
• 48e9835 🗑️ Deprecate ORJSONResponse and UJSONResponse (#14964)
• 2e62fb1 📝 Update release notes
• eb544e7 🔖 Release version 0.130.0
• bc06e42 📝 Update release notes
• 590a5e5 ✨ Serialize JSON response with Pydantic (in Rust), when there's a Pydantic re...
• 1e78a36 🔖 Release version 0.129.2
• f921de6 📝 Update release notes
• 4ab8138 ⬆️ Upgrade pytest (#14959)
• Additional commits viewable in compare view

Updates uvicorn[standard] from 0.40.0 to 0.41.0

Release notes

Sourced from uvicorn[standard]'s releases.

Version 0.41.0

Added

• Add --limit-max-requests-jitter to stagger worker restarts (#2707)
• Add socket path to scope["server"] (#2561)

Changed

• Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

• Ignore permission denied errors in watchfiles reloader (#2817)
• Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
• Reduce the log level of 'request limit exceeded' messages (#2788)

---

New Contributors

• @​t-kawasumi made their first contribution in Kludex/uvicorn#2776
• @​fardyn made their first contribution in Kludex/uvicorn#2800
• @​ewie made their first contribution in Kludex/uvicorn#2807
• @​shevron made their first contribution in Kludex/uvicorn#2788
• @​jonashaag made their first contribution in Kludex/uvicorn#2707

---

Full Changelog: Kludex/uvicorn@0.40.0...0.41.0

Changelog

Sourced from uvicorn[standard]'s changelog.

0.41.0 (February 16, 2026)

Added

• Add --limit-max-requests-jitter to stagger worker restarts (#2707)
• Add socket path to scope["server"] (#2561)

Changed

• Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

• Ignore permission denied errors in watchfiles reloader (#2817)
• Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
• Reduce the log level of 'request limit exceeded' messages (#2788)

Commits

• 9283c0f Version 0.41.0 (#2821)
• a01a33e Add --limit-max-requests-jitter to stagger worker restarts (#2707)
• 2ce65bd Ignore permission denied errors in watchfiles reloader (#2817)
• 654f2ed Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
• a03d9f6 Reduce the log level of 'request limit exceeded' messages (#2788)
• e377de4 Add socket path to scope["server"] (#2561)
• 0779f7f Poll for readiness in test_multiprocess_health_check and run_server (#2816)
• 7e9ce2c Poll for PID changes in test_multiprocess_sighup instead of fixed sleep (#2...
• 99f0d87 Fix grep warning in scripts/sync-version (#2807)
• 7ae2e63 chore(deps): bump the python-packages group with 18 updates (#2801)
• Additional commits viewable in compare view

Updates pydantic-settings from 2.12.0 to 2.13.1

Release notes

Sourced from pydantic-settings's releases.

v2.13.0

What's Changed

• fix: Deterministic alias selection when using validate_by_name by @​chbndrhnns in pydantic/pydantic-settings#707
• add deep merge functionality to config file sources by @​pmeier in pydantic/pydantic-settings#698
• Add support for AWS Secrets Manager VersionId parameter by @​jcyamacho in pydantic/pydantic-settings#708
• bugfix: Return None for inaccessible GCP Secret Manager secrets by @​zaphod72 in pydantic/pydantic-settings#712
• Bugfix for cli_kebab_case="all" and CliImplicitFlag[bool] by @​Digity101 in pydantic/pydantic-settings#702
• Unpack type alisases when looking for NoDecode by @​tselepakis in pydantic/pydantic-settings#695
• CliToggleFlag and CliDualFlag by @​kschwab in pydantic/pydantic-settings#717
• Fix for CLI duplicate enum field values. by @​kschwab in pydantic/pydantic-settings#722
• fixed load nested config from env by @​Sube-py in pydantic/pydantic-settings#723
• Add non-Path files support (for example Traversable) and open files using Path.open method by @​mahenzon in pydantic/pydantic-settings#724
• add one more traversable test by @​mahenzon in pydantic/pydantic-settings#725
• CLI fix fox external list args. by @​kschwab in pydantic/pydantic-settings#727
• fix: handle case-insensitive retrieval in GoogleSecretManagerSettingsSource by @​ezwiefel in pydantic/pydantic-settings#730
• CLI test fixes for help text formatting. by @​kschwab in pydantic/pydantic-settings#735
• Avoid conflicts with the NAME environment variable in WSL by @​kzrnm in pydantic/pydantic-settings#747
• fix: When restoring init kwargs, use deterministic order by @​chbndrhnns in pydantic/pydantic-settings#746
• Add env_prefix_target by @​kzrnm in pydantic/pydantic-settings#749
• Remove (default: …) in the help message for CliToggleFlag by @​kzrnm in pydantic/pydantic-settings#740
• Add support for CLI serialize styles. by @​kschwab in pydantic/pydantic-settings#755
• Add support for overriding default help on CLI internal parser. by @​kschwab in pydantic/pydantic-settings#758
• CLI format_help method support by @​kschwab in pydantic/pydantic-settings#759
• feat(gcp): support SecretVersion annotation for per-field secret versioning by @​ezwiefel in pydantic/pydantic-settings#763
• Allow snake_case_conversion with env_prefix for Azure Key Vault source by @​cstarkers in pydantic/pydantic-settings#762
• fix: Only override preferred_key when no value was found by @​chbndrhnns in pydantic/pydantic-settings#767
• Update deps by @​hramezani in pydantic/pydantic-settings#768
• CLI coerce numeric types. by @​kschwab in pydantic/pydantic-settings#769
• CLI Union Discriminator Choices in Help by @​kschwab in pydantic/pydantic-settings#764
• Add nested path support for yaml_config_section (fixes #772) by @​hugo-romero-mm in pydantic/pydantic-settings#773
• Prepare release 2.13.0 by @​hramezani in pydantic/pydantic-settings#777

New Contributors

• @​pmeier made their first contribution in pydantic/pydantic-settings#698
• @​jcyamacho made their first contribution in pydantic/pydantic-settings#708
• @​zaphod72 made their first contribution in pydantic/pydantic-settings#712
• @​Digity101 made their first contribution in pydantic/pydantic-settings#702
• @​Sube-py made their first contribution in pydantic/pydantic-settings#723
• @​mahenzon made their first contribution in pydantic/pydantic-settings#724
• @​kzrnm made their first contribution in pydantic/pydantic-settings#747
• @​cstarkers made their first contribution in pydantic/pydantic-settings#762
• @​hugo-romero-mm made their first contribution in pydantic/pydantic-settings#773

Full Changelog: pydantic/pydantic-settings@v2.12.0...v2.13.0

Commits

• e87d12d v2.13.1 (#790)
• acf8c14 Fix JSON decoding for parameterized PEP 695 type aliases (#780)
• 58b236a Fix AttributeError with nested env vars for dict fields (#785) (#786)
• 4933f06 Fix CLI parsing error for set field types since 2.13.0 (#787) (#788)
• bd0ebe6 Fix RecursionError with self-referential models in CliApp (#783)
• eb7840e Fix regression for bool fields since 2.13.0 (#784)
• 198e71c Prepare release 2.13.0 (#777)
• de71e84 Add nested path support for yaml_config_section (fixes #772) (#773)
• 0f8f951 CLI Union Discriminator Choices in Help (#764)
• ce9804c CLI coerce numeric types. (#769)
• Additional commits viewable in compare view

Updates sqlalchemy from 2.0.45 to 2.0.46

Release notes

Sourced from sqlalchemy's releases.

2.0.46

Released: January 21, 2026

typing

• [typing] [bug] Fixed typing issues where ORM mapped classes and aliased entities could not be used as keys in result row mappings or as join targets in select statements. Patterns such as row._mapping[User], row._mapping[aliased(User)], row._mapping[with_polymorphic(...)] (rejected by both mypy and Pylance), and .join(aliased(User)) (rejected by Pylance) are documented and fully supported at runtime but were previously rejected by type checkers. The type definitions for _KeyType and _FromClauseArgument have been updated to accept these ORM entity types.

  References: #13075

postgresql

• [postgresql] [bug] Fixed issue where PostgreSQL JSONB operators _postgresql.JSONB.Comparator.path_match() and _postgresql.JSONB.Comparator.path_exists() were applying incorrect VARCHAR casts to the right-hand side operand when used with newer PostgreSQL drivers such as psycopg. The operators now indicate the right-hand type as JSONPATH, which currently results in no casting taking place, but is also compatible with explicit casts if the implementation were require it at a later point.

  References: #13059

• [postgresql] [bug] Fixed regression in PostgreSQL dialect where JSONB subscription syntax would generate incorrect SQL for cast() expressions returning JSONB, causing syntax errors. The dialect now properly wraps cast expressions in parentheses when using the [] subscription syntax, generating (CAST(...))[index] instead of CAST(...)[index] to comply with PostgreSQL syntax requirements. This extends the fix from #12778 which addressed the same issue for function calls.

  References: #13067

• [postgresql] [bug] Improved the foreign key reflection regular expression pattern used by the PostgreSQL dialect to be more permissive in matching identifier characters, allowing it to correctly handle unicode characters in table and column names. This change improves compatibility with PostgreSQL variants such as CockroachDB that may use different quoting patterns in combination with unicode characters in their identifiers. Pull request courtesy Gord Thompson.

... (truncated)

Commits

• See full diff in compare view

Updates alembic from 1.17.2 to 1.18.4

Release notes

Sourced from alembic's releases.

1.18.4

Released: February 10, 2026

bug

• [bug] [operations] Reverted the behavior of Operations.add_column() that would automatically render the "PRIMARY KEY" keyword inline when a Column with primary_key=True is added. The automatic behavior, added in version 1.18.2, is now opt-in via the new Operations.add_column.inline_primary_key parameter. This change restores the ability to render a PostgreSQL SERIAL column, which is required to be primary_key=True, while not impacting the ability to render a separate primary key constraint. This also provides consistency with the Operations.add_column.inline_references parameter and gives users explicit control over SQL generation.

  To render PRIMARY KEY inline, use the Operations.add_column.inline_primary_key parameter set to True:

  op.add_column( "my_table", Column("id", Integer, primary_key=True), inline_primary_key=True )References: #1232

1.18.3

Released: January 29, 2026

bug

• [bug] [autogenerate] Fixed regression in version 1.18.0 due to #1771 where autogenerate would raise NoReferencedTableError when a foreign key constraint referenced a table that was not part of the initial table load, including tables filtered out by the EnvironmentContext.configure.include_name callable or tables in remote schemas that were not included in the initial reflection run.

  The change in #1771 was a performance optimization that eliminated additional reflection queries for tables that were only referenced by foreign keys but not explicitly included in the main reflection run. However, this optimization inadvertently removed the creation of Table objects for these referenced tables, causing autogenerate to fail when processing foreign key constraints that pointed to them.

  The fix creates placeholder Table objects for foreign key targets

... (truncated)

Commits

• See full diff in compare view

Updates aiosqlite from 0.22.0 to 0.22.1

Changelog

Sourced from aiosqlite's changelog.

v0.22.1

Bug fix release

NOTE: Starting with v0.22.0, the aiosqlite.Connection object no longer inherits from threading.Thread. If not using aiosqlite as a context manager, clients must await connection.close() or call connection.stop() to ensure the helper thread is completed and terminated correctly. A ResourceWarning will be emitted for any connection that is garbage collected without being closed or stopped.

• Added synchronous stop() method to aiosqlite.Connection to enable safe cleanup and termination of the background thread without dependence on having an active event loop (#370)

$ git shortlog -s v0.22.0...v0.22.1
     2	Amethyst Reese

Commits

• 9b127ce Version bump v0.22.1
• 5c3f61c Improve stop semantics for connections (#370)
• See full diff in compare view

Updates tenacity from 9.1.2 to 9.1.4

Release notes

Sourced from tenacity's releases.

9.1.4

What's Changed

• Fix retry() annotations with async sleep= function by @​Zac-HD in jd/tenacity#555

Full Changelog: jd/tenacity@9.1.3...9.1.4

9.1.3

What's Changed

• Apply formatting to num seconds in before_sleep_log by @​aguinane in jd/tenacity#489
• Support Python 3.14 by @​sandrobonazzola in jd/tenacity#528
• Typing: Accept non-standard logger in helpers logging something by @​k4nar in jd/tenacity#540
• feat(wait): add wait_exception strategy by @​capitan-davide in jd/tenacity#541
• docs: fix syntax error in wait_chain docstring example by @​VedantMadane in jd/tenacity#548
• chore: drop Python 3.9 support (EOL) by @​Zac-HD in jd/tenacity#552
• Support async sleep for sync fn-to-retry by @​Zac-HD in jd/tenacity#551

New Contributors

• @​aguinane made their first contribution in jd/tenacity#489
• @​sandrobonazzola made their first contribution in jd/tenacity#528
• @​k4nar made their first contribution in jd/tenacity#540
• @​capitan-davide made their first contribution in jd/tenacity#541
• @​VedantMadane made their first contribution in jd/tenacity#548
• @​Zac-HD made their first contribution in jd/tenacity#552

Full Changelog: jd/tenacity@9.1.2...9.1.3

Commits

• d4e868d Fix retry() annotations with async sleep= function (#555)
• 24415eb support async sleep for sync fn (#551)
• 3bf33b4 chore: drop Python 3.9 support (EOL) (#552)
• 7027da3 chore(deps): bump the github-actions group with 2 updates (#550)
• 21ae7d0 docs: fix syntax error in wait_chain docstring example (#548)
• ef12c9e chore(deps): bump actions/checkout in the github-actions group (#547)
• c35a4b3 chore(deps): bump the github-actions group with 2 updates (#545)
• e792bba ci: fix mypy (#546)
• 0f55245 ci: remove reno requirements (#542)
• 815c34f feat(wait): add wait_exception strategy (#541)
• Additional commits viewable in compare view

Updates prometheus-client from 0.23.1 to 0.24.1

Release notes

Sourced from prometheus-client's releases.

v0.24.1

• [Django] Pass correct registry to MultiProcessCollector by @​jelly in prometheus/client_python#1152

v0.24.0

What's Changed

• Add an AIOHTTP exporter by @​Lexicality in prometheus/client_python#1139
• Add remove_matching() method for metric label deletion by @​hazel-shen in prometheus/client_python#1121
• fix(multiprocess): avoid double-building child metric names (#1035) by @​hazel-shen in prometheus/client_python#1146
• Don't interleave histogram metrics in multi-process collector by @​cjwatson in prometheus/client_python#1148
• Relax registry type annotations for exposition by @​cjwatson in prometheus/client_python#1149
• Added compression support in pushgateway by @​ritesh-avesha in prometheus/client_python#1144
• Add Django exporter (#1088) by @​Chadys in prometheus/client_python#1143

Full Changelog: prometheus/client_python@v0.23.1...v0.24.0

Commits

• f417f6e Release 0.24.1
• 6f0e967 Pass correct registry to MultiProcessCollector (#1152)
• c5024d3 Release 0.24.0
• e1cdc20 Add Django exporter (#1088) (#1143)
• 7b99592 Added compression support in pushgateway (#1144)
• 13df124 Relax registry type annotations for exposition (#1149)
• a264ec0 Don't interleave histogram metrics in multi-process collector (#1148)
• e8f8bae fix(multiprocess): avoid double-building child metric names (#1035) (#1146)
• 1783ca8 Add support for Python 3.14 (#1142)
• 378510b Add remove_matching() method for metric label deletion (#1121)
• Additional commits viewable in compare view

Updates ruff from 0.14.10 to 0.15.2

Release notes

Sourced from ruff's releases.

0.15.2

Release Notes

Released on 2026-02-19.

Preview features

• Expand the default rule set (#23385)

  In preview, Ruff now enables a significantly expanded default rule set of 412 rules, up from the stable default set of 59 rules. The new rules are mostly a superset of the stable defaults, with the exception of these rules, which are removed from the preview defaults:

  • multiple-imports-on-one-line (E401)
  • module-import-not-at-top-of-file (E402)
  • module-import-not-at-top-of-file (E701)
  • multiple-statements-on-one-line-semicolon (E702)
  • useless-semicolon (E703)
  • none-comparison (E711)
  • true-false-comparison (E712)
  • not-in-test (E713)
  • not-is-test (E714)
  • type-comparison (E721)
  • lambda-assignment (E731)
  • ambiguous-variable-name (E741)
  • ambiguous-class-name (E742)
  • ambiguous-function-name (E743)
  • undefined-local-with-import-star (F403)
  • undefined-local-with-import-star-usage (F405)
  • undefined-local-with-nested-import-star-usage (F406)
  • forward-annotation-syntax-error (F722)

  If you use preview and prefer the old defaults, you can restore them with configuration like:

  # ruff.toml
  [lint]
  select = ["E4", "E7", "E9", "F"]
  pyproject.toml
  [tool.ruff.lint]
  select = ["E4", "E7", "E9", "F"]

  If you do give them a try, feel free to share your feedback in the GitHub discussion!

• [flake8-pyi] Also check string annotations (PYI041) (#19023)

Bug fixes

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.2

Released on 2026-02-19.

Preview features

• Expand the default rule set (#23385)

  In preview, Ruff now enables a significantly expanded default rule set of 412 rules, up from the stable default set of 59 rules. The new rules are mostly a superset of the stable defaults, with the exception of these rules, which are removed from the preview defaults:

  • multiple-imports-on-one-line (E401)
  • module-import-not-at-top-of-file (E402)
  • module-import-not-at-top-of-file (E701)
  • multiple-statements-on-one-line-semicolon (E702)
  • useless-semicolon (E703)
  • none-comparison (E711)
  • true-false-comparison (E712)
  • not-in-test (E713)
  • not-is-test (E714)
  • type-comparison (E721)
  • lambda-assignment (E731)
  • ambiguous-variable-name (E741)
  • ambiguous-class-name (E742)
  • ambiguous-function-name (E743)
  • undefined-local-with-import-star (F403)
  • undefined-local-with-import-star-usage (F405)
  • undefined-local-with-nested-import-star-usage (F406)
  • forward-annotation-syntax-error (F722)

  If you use preview and prefer the old defaults, you can restore them with configuration like:

  # ruff.toml
  [lint]
  select = ["E4", "E7", "E9", "F"]
  pyproject.toml
  [tool.ruff.lint]
  select = ["E4", "E7", "E9", "F"]

  If you do give them a try, feel free to share your feedback in the GitHub discussion!

... (truncated)

Commits

• 9d18ee9 Hard code workflow name and cancel-in-progress only for PRs (#23431)
• 7cc15f0 Bump 0.15.2 (#23430)
• d1b5443 Add extension mapping to configuration file options (#23384)
• 222574a Expand the default rule set (#23385)
• 1465b5d [flake8-async] Fix in_async_context logic (#23426)
• 410902f [pyupgrade] Fix handling of typing.{io,re} (UP035) (#23131)
• 729610a [ty] Fall back to ambiguous for large control flow graphs (#23399)
• 1425c18 [ty] Add code folding support
• 97acaae [ty] Fix stack overflow for self-referential TypeOf in annotations (#23407)
• 1f380c8 [ty] Update tests reveal_type and Never (#23418)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.