Skip to content

Bump the python-dependencies group with 7 updates#11

Merged
rbaxim merged 2 commits intomainfrom
dependabot/uv/python-dependencies-37aa2ea2a7
Feb 6, 2026
Merged

Bump the python-dependencies group with 7 updates#11
rbaxim merged 2 commits intomainfrom
dependabot/uv/python-dependencies-37aa2ea2a7

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 6, 2026

Bumps the python-dependencies group with 7 updates:

Package From To
fastapi 0.128.0 0.128.3
starlette 0.50.0 0.52.1
ruff 0.14.14 0.15.0
types-aiofiles 24.1.0.20250822 25.1.0.20251011
limits 5.6.0 5.8.0
rich 14.3.1 14.3.2
wrapt 2.1.0 2.1.1

Updates fastapi from 0.128.0 to 0.128.3

Release notes

Sourced from fastapi's releases.

0.128.3

Refactors

  • ♻️ Re-implement on_event in FastAPI for compatibility with the next Starlette, while keeping backwards compatibility. PR #14851 by @​tiangolo.

Upgrades

  • ⬆️ Upgrade Starlette supported version range to starlette>=0.40.0,<1.0.0. PR #14853 by @​tiangolo.

Translations

Internal

  • 👷 Run tests with Starlette from git. PR #14849 by @​tiangolo.
  • 👷 Run tests with lower bound uv sync, upgrade fastapi[all] minimum dependencies: ujson >=5.8.0, orjson >=3.9.3. PR #14846 by @​tiangolo.

0.128.2

Features

Fixes

Docs

Translations

Internal

... (truncated)

Commits
  • 36985f5 🔖 Release version 0.128.3
  • 661cdfb 📝 Update release notes
  • f6cc650 ⬆️ Upgrade Starlette supported version range to starlette>=0.40.0,<1.0.0 (#...
  • 201feed 📝 Update release notes
  • 19f13ea 👷 Run tests with Starlette from git (#14849)
  • 01e85c0 📝 Update release notes
  • 08233d7 🌐 Update translations for ru (update-outdated) (#14834)
  • fe8c33e 📝 Update release notes
  • f9f7992 ♻️ Re-implement on_event in FastAPI for compatibility with the next Starlet...
  • 8e50c55 📝 Update release notes
  • Additional commits viewable in compare view

Updates starlette from 0.50.0 to 0.52.1

Release notes

Sourced from starlette's releases.

Version 0.52.1

What's Changed

Full Changelog: Kludex/starlette@0.52.0...0.52.1

Version 0.52.0

In this release, State can be accessed using dictionary-style syntax for improved type safety (#3036).

from collections.abc import AsyncIterator
from contextlib import asynccontextmanager
from typing import TypedDict
import httpx
from starlette.applications import Starlette
from starlette.requests import Request
class State(TypedDict):
http_client: httpx.AsyncClient
@​asynccontextmanager
async def lifespan(app: Starlette) -> AsyncIterator[State]:
async with httpx.AsyncClient() as client:
yield {"http_client": client}
async def homepage(request: Request[State]):
client = request.state["http_client"]
# If you run the below line with mypy or pyright, it will reveal the correct type.
reveal_type(client)  # Revealed type is 'httpx.AsyncClient'

See Accessing State for more details.

Full Changelog: Kludex/starlette@0.51.0...0.52.0

Version 0.51.0

Added

  • Add allow_private_network in CORSMiddleware #3065.

Changed

... (truncated)

Changelog

Sourced from starlette's changelog.

0.52.1 (January 18, 2026)

Fixed

  • Only use typing_extensions in older Python versions #3109.

0.52.0 (January 18, 2026)

In this release, State can be accessed using dictionary-style syntax for improved type safety (#3036).

from collections.abc import AsyncIterator
from contextlib import asynccontextmanager
from typing import TypedDict
import httpx
from starlette.applications import Starlette
from starlette.requests import Request
class State(TypedDict):
http_client: httpx.AsyncClient
@​asynccontextmanager
async def lifespan(app: Starlette) -> AsyncIterator[State]:
async with httpx.AsyncClient() as client:
yield {"http_client": client}
async def homepage(request: Request[State]):
client = request.state["http_client"]
# If you run the below line with mypy or pyright, it will reveal the correct type.
reveal_type(client)  # Revealed type is 'httpx.AsyncClient'

See Accessing State for more details.

0.51.0 (January 10, 2026)

Added

  • Add allow_private_network in CORSMiddleware #3065.

Changed

  • Increase warning stacklevel on DeprecationWarning for wsgi module #3082.
Commits

Updates ruff from 0.14.14 to 0.15.0

Release notes

Sourced from ruff's releases.

0.15.0

Release Notes

Released on 2026-02-03.

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

  • Ruff now formats your code according to the 2026 style guide. See the formatter section below or in the blog post for a detailed list of changes.

  • The linter now supports block suppression comments. For example, to suppress N803 for all parameters in this function:

    # ruff: disable[N803]
def foo(
    legacyArg1,
    legacyArg2,
    legacyArg3,
    legacyArg4,
): ...
# ruff: enable[N803]

    See the documentation for more details.

  • The ruff:alpine Docker image is now based on Alpine 3.23 (up from 3.21).

  • The ruff:debian and ruff:debian-slim Docker images are now based on Debian 13 "Trixie" instead of Debian 12 "Bookworm."

  • Binaries for the ppc64 (64-bit big-endian PowerPC) architecture are no longer included in our releases. It should still be possible to build Ruff manually for this platform, if needed.

  • Ruff now resolves all extended configuration files before falling back on a default Python version.

Stabilization

The following rules have been stabilized and are no longer in preview:

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.0

Released on 2026-02-03.

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

  • Ruff now formats your code according to the 2026 style guide. See the formatter section below or in the blog post for a detailed list of changes.

  • The linter now supports block suppression comments. For example, to suppress N803 for all parameters in this function:

    # ruff: disable[N803]
def foo(
    legacyArg1,
    legacyArg2,
    legacyArg3,
    legacyArg4,
): ...
# ruff: enable[N803]

    See the documentation for more details.

  • The ruff:alpine Docker image is now based on Alpine 3.23 (up from 3.21).

  • The ruff:debian and ruff:debian-slim Docker images are now based on Debian 13 "Trixie" instead of Debian 12 "Bookworm."

  • Binaries for the ppc64 (64-bit big-endian PowerPC) architecture are no longer included in our releases. It should still be possible to build Ruff manually for this platform, if needed.

  • Ruff now resolves all extended configuration files before falling back on a default Python version.

Stabilization

The following rules have been stabilized and are no longer in preview:

... (truncated)

Commits

Updates types-aiofiles from 24.1.0.20250822 to 25.1.0.20251011

Commits

Updates limits from 5.6.0 to 5.8.0

Release notes

Sourced from limits's releases.

5.8.0

Bug Fix

  • Allow explicit keyword arguments for storage options for username & password for storages that support it.
  • Allow explicitly specifying startup_nodes through keyword arguments for all redis cluster storages.
  • Support IPv6 addresses in cluster locators in storage uri

5.7.0

Compatibility

  • Relax extras constraints for redis (<8)
Changelog

Sourced from limits's changelog.

v5.8.0

Release Date: 2026-02-04

  • Bug Fix

    • Allow explicit keyword arguments for storage options for username & password for storages that support it.
    • Allow explicitly specifying startup_nodes through keyword arguments for all redis cluster storages.
    • Support IPv6 addresses in cluster locators in storage uri

v5.7.0

Release Date: 2026-02-03

  • Compatibility

    • Relax extras constraints for redis (<8)
Commits
  • cc5eafc Update changelog for 5.8.0
  • d309f43 Add concurrency controls to CI to cancel previous runs
  • 2b88260 Upgrade pytest
  • 917ecf1 Raise url parse error from underlying ValueError
  • a9a257a Update all documentation dependencies
  • 6fe4d83 Support ipv6 in storage schema uri
  • 183403a Centralize storage URI parsing and scheme registry
  • 6fd9909 Update changelog for 5.7.0
  • dd76b8c update tagging script
  • 227c7f0 Update release notes script
  • Additional commits viewable in compare view

Updates rich from 14.3.1 to 14.3.2

Release notes

Sourced from rich's releases.

The ZWJy release

A fix for cell_len edge cases

[14.3.2] - 2026-02-01

Fixed

Changelog

Sourced from rich's changelog.

[14.3.2] - 2026-02-01

Fixed

Commits

Updates wrapt from 2.1.0 to 2.1.1

Release notes

Sourced from wrapt's releases.

wrapt-2.1.1

See the project page on the Python Package Index at https://pypi.org/project/wrapt/2.1.1/ for more information.

Changelog

Sourced from wrapt's changelog.

Version 2.1.1

Bugs Fixed

  • Search field for documentation hosted on Read the Docs wasn't working correctly due to JavaScript error.

  • Missing tox.ini from source distribution package has been added.

Commits
  • 1332d2d Merge branch 'release/2.1.1'
  • 3041f58 Update version for release.
  • c93d86a Ensure tox.ini is included in source distribution.
  • be8e24a Add change note for search field fix.
  • e1d537c Update warning in docs about wrapping a classmethod.
  • de82b89 Include jQuery in docs output so search works.
  • 7618d5f Also update version in docs config.
  • 0d607cf Increment version for new development.
  • 3af8de3 Merge tag '2.1.0' into develop
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the python-dependencies group with 7 updates
5cd1762 
Bumps the python-dependencies group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.3` |
| [starlette](https://github.com/Kludex/starlette) | `0.50.0` | `0.52.1` |
| [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.0` |
| [types-aiofiles](https://github.com/typeshed-internal/stub_uploader) | `24.1.0.20250822` | `25.1.0.20251011` |
| [limits](https://github.com/alisaifee/limits) | `5.6.0` | `5.8.0` |
| [rich](https://github.com/Textualize/rich) | `14.3.1` | `14.3.2` |
| [wrapt](https://github.com/GrahamDumpleton/wrapt) | `2.1.0` | `2.1.1` |


Updates `fastapi` from 0.128.0 to 0.128.3
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.128.0...0.128.3)

Updates `starlette` from 0.50.0 to 0.52.1
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@0.50.0...0.52.1)

Updates `ruff` from 0.14.14 to 0.15.0
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.14.14...0.15.0)

Updates `types-aiofiles` from 24.1.0.20250822 to 25.1.0.20251011
- [Commits](https://github.com/typeshed-internal/stub_uploader/commits)

Updates `limits` from 5.6.0 to 5.8.0
- [Release notes](https://github.com/alisaifee/limits/releases)
- [Changelog](https://github.com/alisaifee/limits/blob/master/HISTORY.rst)
- [Commits](alisaifee/limits@5.6.0...5.8.0)

Updates `rich` from 14.3.1 to 14.3.2
- [Release notes](https://github.com/Textualize/rich/releases)
- [Changelog](https://github.com/Textualize/rich/blob/master/CHANGELOG.md)
- [Commits](Textualize/rich@v14.3.1...v14.3.2)

Updates `wrapt` from 2.1.0 to 2.1.1
- [Release notes](https://github.com/GrahamDumpleton/wrapt/releases)
- [Changelog](https://github.com/GrahamDumpleton/wrapt/blob/develop/docs/changes.rst)
- [Commits](GrahamDumpleton/wrapt@2.1.0...2.1.1)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.128.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: starlette
  dependency-version: 0.52.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: ruff
  dependency-version: 0.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: types-aiofiles
  dependency-version: 25.1.0.20251011
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-dependencies
- dependency-name: limits
  dependency-version: 5.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: rich
  dependency-version: 14.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: wrapt
  dependency-version: 2.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Feb 6, 2026
@rbaxim rbaxim merged commit f6c0f78 into main Feb 6, 2026
4 checks passed
@rbaxim rbaxim deleted the dependabot/uv/python-dependencies-37aa2ea2a7 branch February 6, 2026 21:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rbaxim