chore(deps)(deps): bump the python-packages group across 1 directory with 11 updates

[dependabot]

Updates the requirements on starlette, opentelemetry-sdk, opentelemetry-exporter-otlp, cryptography, fastmcp, requests, pytest-asyncio, respx, pytest-cov, zensical and mkdocstrings-python to permit the latest version.
Updates starlette to 1.0.0

Release notes

Sourced from starlette's releases.

Version 1.0.0

Starlette 1.0 is here! 🎉

After nearly eight years since its creation, Starlette has reached its first stable release.

A special thank you to @​lovelydinosaur, the creator of Starlette, Uvicorn, HTTPX and MkDocs, whose work helped to lay the foundation for the modern async Python ecosystem. 🙏

Thank you to @​adriangb, @​graingert, @​agronholm, @​florimondmanca, @​aminalaee, @​tiangolo, @​alex-oleshkevich, @​abersheeran, and @​uSpike for helping make Starlette what it is today. And to all my sponsors - especially @​tiangolo, @​huggingface, and @​elevenlabs - thank you for your support!

Thank you to all 290+ contributors who have shaped Starlette over the years! ❤️

Read more on the blog post.

Check out the full release notes at https://www.starlette.io/release-notes/#100-march-22-2026

---

Full Changelog: Kludex/starlette@1.0.0rc1...1.0.0

Changelog

Sourced from starlette's changelog.

1.0.0 (March 22, 2026)

Starlette 1.0 is here!

After nearly eight years since its creation, Starlette has reached its first stable release. Thank you to everyone who tested the release candidate and reported issues.

You can read more on the blog post.

Added

• Track session access and modification in SessionMiddleware #3166.

Fixed

• Handle websocket denial responses in StreamingResponse and FileResponse #3189.
• Use bytearray for field accumulation in FormParser #3179.
• Move parser.finalize() inside try/except in MultiPartParser.parse() #3153.

1.0.0rc1 (February 23, 2026)

We're ready! I'm thrilled to announce the first release candidate for Starlette 1.0.

Starlette was created in June 2018 by Tom Christie, and has been on ZeroVer for years. Today, it's downloaded almost 10 million times a day, serves as the foundation for FastAPI, and has inspired many other frameworks. In the age of AI, Starlette continues to play an important role as a dependency of the Python MCP SDK.

This release focuses on removing deprecated features that were marked for removal in 1.0.0, along with some last minute bug fixes. It's a release candidate, so we can gather feedback from the community before the final 1.0.0 release soon.

A huge thank you to all the contributors who have helped make Starlette what it is today. In particular, I'd like to recognize:

• Kim Christie - The original creator of Starlette, Uvicorn, and MkDocs, and the current maintainer of HTTPX. Kim's work helped lay the foundation for the modern async Python ecosystem.
• Adrian Garcia Badaracco - One of the smartest people I know, whom I have the pleasure of working with at Pydantic.
• Thomas Grainger - My async teacher, always ready to help with questions.
• Alex Grönholm - Another async mentor, always prompt to help with questions.
• Florimond Manca - Always present in the early days of both Starlette and Uvicorn, and helped a lot in the ecosystem.
• Amin Alaee - Contributed a lot with file-related PRs.
• Sebastián Ramírez - Maintains FastAPI upstream, and always in contact to help with upstream issues.
• Alex Oleshkevich - Helped a lot on templates and many discussions.
• abersheeran - My go-to person when I need help on many subjects.

I'd also like to thank my sponsors for their support. A special thanks to @​tiangolo, @​huggingface, and @​elevenlabs for their generous sponsorship, and to all my other sponsors:

... (truncated)

Commits

• 0e88e92 Version 1.0.0 (#3178)
• 9ee9519 Handle websocket denial responses in streaming and file responses (#3189)
• a0bcc26 chore(deps-dev): bump black from 26.1.0 to 26.3.1 (#3183)
• 79b3f26 chore(deps-dev): bump the python-packages group with 7 updates (#3168)
• 789b926 Use bytearray for field accumulation in FormParser (#3179)
• a1fd9d8 docs: fix typo in routing.md (#3176)
• c14d0f7 Document session cookie security flags (#3169)
• c2e2878 Move parser.finalize() inside try/except in MultiPartParser.parse() (#3153)
• 89630a8 chore(deps): bump the github-actions group with 3 updates (#3167)
• 4647e53 Track session access and modification in SessionMiddleware (#3166)
• Additional commits viewable in compare view

Updates opentelemetry-sdk to 1.41.1

Changelog

Sourced from opentelemetry-sdk's changelog.

Version 1.41.1/0.62b1 (2026-04-24)

Version 1.41.0/0.62b0 (2026-04-09)

• opentelemetry-sdk: Add host resource detector support to declarative file configuration via detection_development.detectors[].host (#5002)
• opentelemetry-sdk: Add container resource detector support to declarative file configuration via detection_development.detectors[].container, using entry point loading of the opentelemetry-resource-detector-containerid contrib package (#5004)
• opentelemetry-sdk: Add create_tracer_provider/configure_tracer_provider to declarative file configuration, enabling TracerProvider instantiation from config files without reading env vars (#4985)
• Enabled the flake8-tidy-import plugins rules for the ruff linter. These rules throw warnings for relative imports in the modules. (#5019)
• opentelemetry-sdk: Fix AttributeError in ExplicitBucketHistogramAggregation when applied to non-Histogram instruments without explicit boundaries (#5034)
• Fix BatchLogRecordProcessor default schedule_delay_millis from 5000ms to 1000ms to comply with the OTel specification. Note: logs may be exported 5x more frequently by default (e.g. for users who don't explicitly set the OTEL_BLRP_SCHEDULE_DELAY env var). (#4998)
• opentelemetry-sdk: Add process resource detector support to declarative file configuration via detection_development.detectors[].process (#5001)
• opentelemetry-sdk: Add shared _parse_headers helper for declarative config OTLP exporters (#5021)
• opentelemetry-api: Replace a broad exception in attribute cleaning tests to satisfy pylint in the lint-opentelemetry-api CI job
• opentelemetry-sdk: Add create_meter_provider/configure_meter_provider to declarative file configuration, enabling MeterProvider instantiation from config files without reading env vars (#4987)
• opentelemetry-sdk: Add create_resource and create_propagator/configure_propagator to declarative file configuration, enabling Resource and propagator instantiation from config files without reading env vars (#4979)
• opentelemetry-sdk: Map Python CRITICAL log level to OTel FATAL severity text per the specification (#4984)
• opentelemetry-sdk: Add file configuration support with YAML/JSON loading, environment variable substitution, and schema validation against the vendored OTel config JSON schema (#4898)
• Fix intermittent CI failures in getting-started and tracecontext jobs caused by GitHub git CDN SHA propagation lag by installing contrib packages from the already-checked-out local copy instead of a second git clone (#4958)
• opentelemetry-sdk: fix type annotations on MetricReader and related types (#4938)
• opentelemetry-sdk: implement log creation metric (#4935)
• opentelemetry-sdk: implement metric reader metrics (#4970)
• opentelemetry-sdk: implement processor metrics (#5012)
• opentelemetry-sdk: upgrade vendored OTel configuration schema from v1.0.0-rc.3 to v1.0.0 (#4965)
• improve check-links ci job (#4978)
• Resolve some Pyright type errors in Span/ReadableSpan and utility stubs (#4973)
• opentelemetry-exporter-prometheus: Fix metric name prefix (#4895)
• opentelemetry-api, opentelemetry-sdk: Add deepcopy support for BoundedAttributes and BoundedList (#4934)
• opentelemetry-proto-json, opentelemetry-codegen-json: Implement custom protoc plugin to generate OTLP JSON class definitions

... (truncated)

Commits

• 760e024 Prepare release 1.41.1/0.62b1 (#5138)
• 90e06bc Unreleased changelog for 1.41.1 (#5137)
• 1a178fc [release/v1.41.x-0.62bx] Prepare release 1.41.0/0.62b0 (#5064)
• 37dea4b feat: add experimental logger configurator (#4980)
• 7c860ca misc: update version for codegen-json and proto-json packages (#5061)
• b3d98b3 [chore]: update readme (#5060)
• dbbd1bc feat(config): Add MeterProvider support for declarative config (#4987)
• 6faa58c feat(config): add host resource detector support for declarative config (#5002)
• c0cbfbd feat(config): wire container resource detector via entry point loading (#5004)
• f764e45 feat(config): Add TracerProvider support for declarative config (#4985)
• Additional commits viewable in compare view

Updates opentelemetry-exporter-otlp to 1.41.1

Changelog

Sourced from opentelemetry-exporter-otlp's changelog.

Version 1.41.1/0.62b1 (2026-04-24)

Version 1.41.0/0.62b0 (2026-04-09)

• opentelemetry-sdk: Add host resource detector support to declarative file configuration via detection_development.detectors[].host (#5002)
• opentelemetry-sdk: Add container resource detector support to declarative file configuration via detection_development.detectors[].container, using entry point loading of the opentelemetry-resource-detector-containerid contrib package (#5004)
• opentelemetry-sdk: Add create_tracer_provider/configure_tracer_provider to declarative file configuration, enabling TracerProvider instantiation from config files without reading env vars (#4985)
• Enabled the flake8-tidy-import plugins rules for the ruff linter. These rules throw warnings for relative imports in the modules. (#5019)
• opentelemetry-sdk: Fix AttributeError in ExplicitBucketHistogramAggregation when applied to non-Histogram instruments without explicit boundaries (#5034)
• Fix BatchLogRecordProcessor default schedule_delay_millis from 5000ms to 1000ms to comply with the OTel specification. Note: logs may be exported 5x more frequently by default (e.g. for users who don't explicitly set the OTEL_BLRP_SCHEDULE_DELAY env var). (#4998)
• opentelemetry-sdk: Add process resource detector support to declarative file configuration via detection_development.detectors[].process (#5001)
• opentelemetry-sdk: Add shared _parse_headers helper for declarative config OTLP exporters (#5021)
• opentelemetry-api: Replace a broad exception in attribute cleaning tests to satisfy pylint in the lint-opentelemetry-api CI job
• opentelemetry-sdk: Add create_meter_provider/configure_meter_provider to declarative file configuration, enabling MeterProvider instantiation from config files without reading env vars (#4987)
• opentelemetry-sdk: Add create_resource and create_propagator/configure_propagator to declarative file configuration, enabling Resource and propagator instantiation from config files without reading env vars (#4979)
• opentelemetry-sdk: Map Python CRITICAL log level to OTel FATAL severity text per the specification (#4984)
• opentelemetry-sdk: Add file configuration support with YAML/JSON loading, environment variable substitution, and schema validation against the vendored OTel config JSON schema (#4898)
• Fix intermittent CI failures in getting-started and tracecontext jobs caused by GitHub git CDN SHA propagation lag by installing contrib packages from the already-checked-out local copy instead of a second git clone (#4958)
• opentelemetry-sdk: fix type annotations on MetricReader and related types (#4938)
• opentelemetry-sdk: implement log creation metric (#4935)
• opentelemetry-sdk: implement metric reader metrics (#4970)
• opentelemetry-sdk: implement processor metrics (#5012)
• opentelemetry-sdk: upgrade vendored OTel configuration schema from v1.0.0-rc.3 to v1.0.0 (#4965)
• improve check-links ci job (#4978)
• Resolve some Pyright type errors in Span/ReadableSpan and utility stubs (#4973)
• opentelemetry-exporter-prometheus: Fix metric name prefix (#4895)
• opentelemetry-api, opentelemetry-sdk: Add deepcopy support for BoundedAttributes and BoundedList (#4934)
• opentelemetry-proto-json, opentelemetry-codegen-json: Implement custom protoc plugin to generate OTLP JSON class definitions

... (truncated)

Commits

• 760e024 Prepare release 1.41.1/0.62b1 (#5138)
• 90e06bc Unreleased changelog for 1.41.1 (#5137)
• 1a178fc [release/v1.41.x-0.62bx] Prepare release 1.41.0/0.62b0 (#5064)
• 37dea4b feat: add experimental logger configurator (#4980)
• 7c860ca misc: update version for codegen-json and proto-json packages (#5061)
• b3d98b3 [chore]: update readme (#5060)
• dbbd1bc feat(config): Add MeterProvider support for declarative config (#4987)
• 6faa58c feat(config): add host resource detector support for declarative config (#5002)
• c0cbfbd feat(config): wire container resource detector via entry point loading (#5004)
• f764e45 feat(config): Add TracerProvider support for declarative config (#4985)
• Additional commits viewable in compare view

Updates cryptography to 47.0.0

Changelog

Sourced from cryptography's changelog.

47.0.0 - 2026-04-24

* Support for Python 3.8 is deprecated and will be removed in the next
  ``cryptography`` release.
* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves
  (``SECT*`` classes) has been removed. These curves are rarely used and
  have additional security considerations that make them undesirable.
* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been removed.
  OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC
  continue to be supported.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 4.1.
* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms or
  keys with unsupported explicit curve encodings now raises
  :class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of
  ``ValueError``. This change affects
  :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,
  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,
  :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,
  :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,
  and :meth:`~cryptography.x509.Certificate.public_key` when called on
  certificates with unsupported public key algorithms.
* **BACKWARDS INCOMPATIBLE:** When parsing elliptic curve private keys, we now
  reject keys that incorrectly encode a private key of the wrong length because
  such keys are impossible to process in a constant-time manner. We do not
  believe keys with this problem are in wide use, however we may revert this
  change based on the feedback we receive.
* Deprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to
  :class:`~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES`. In a
  future release, only 192-bit (24-byte) keys will be accepted. Users should
  expand shorter keys themselves (e.g., for single DES: ``key + key + key``,
  for two-key: ``key + key[:8]``).
* Updated the minimum supported Rust version (MSRV) to 1.83.0, from 1.74.0.
* Support for ``x86_64`` macOS (including publishing wheels) is deprecated
  and will be removed in the next release. We will switch to publishing an
  ``arm64`` only wheel for macOS.
* Support for 32-bit Windows (including publishing wheels) is deprecated
  and will be removed in the next release. Users should move to a 64-bit
  Python installation.
* ``public_bytes`` and ``private_bytes`` methods on keys now raise
  ``TypeError`` (instead of ``ValueError``) if an invalid encoding is provided
  for the given ``format``.
* Moved :class:`~cryptography.hazmat.decrepit.ciphers.modes.CFB`,
  :class:`~cryptography.hazmat.decrepit.ciphers.modes.OFB`, and
  :class:`~cryptography.hazmat.decrepit.ciphers.modes.CFB8` into
  :doc:`/hazmat/decrepit/index` and deprecated them in the ``modes`` module.
  They will be removed from the ``modes`` module in 49.0.0.
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorithms.Camellia`
  into  :doc:`/hazmat/decrepit/index` and deprecated it in the ``cipher`` module.
  It will be removed from the ``cipher`` module in 49.0.0.
</tr></table> 

... (truncated)

Commits

• 59c5f5e bump for 47.0.0 release (#14730)
• 9025578 Add MLKEM1024-P384 hybrid KEM support in HPKE (#14722)
• ef66de4 Recommend Argon2id over PBKDF2HMAC as KDF (#14724)
• d996a37 Add ubuntu-resolute to CI workflow (#14729)
• e86da41 chore(deps): bump libc from 0.2.185 to 0.2.186 (#14725)
• 1c33c9a Bump downstream dependencies in CI (#14728)
• 67fb6be Bump x509-limbo and/or wycheproof in CI (#14727)
• 6cb20b3 Bump BoringSSL, OpenSSL, AWS-LC in CI (#14726)
• d6f372d Update supported OpenSSL versions in installation docs (#14721)
• ebd2619 openssl 3.3 is out of upstream support (#14720)
• Additional commits viewable in compare view

Updates fastmcp from 3.1.1 to 3.2.4

Release notes

Sourced from fastmcp's releases.

v3.2.4: Patch Me If You Can

A grab bag of fixes, hardening, and polish.

The headline behavior change: background tasks are now scoped to the authorization context rather than the MCP session, so a task kicked off by an authenticated user survives session churn and stays tied to who started it. This is a breaking change for anyone relying on the old session-scoped semantics.

Security got three meaningful upgrades. FileUpload now validates actual decoded base64 size instead of trusting the client-reported number, so an attacker can't claim "10 bytes" and deliver 10MB. The proxy client stops forwarding inbound HTTP headers to unrelated remote servers — previously a header meant for server A could leak to server B. And AuthKit now auto-binds token audience to the resource URL per RFC 8707, closing a token-reuse gap across MCP resources.

Schema handling had a rough-edges pass. json_schema_to_type no longer crashes on Python keywords, boolean schemas, empty enums, or name collisions, and we added a 232K-schema crash test from APIs.guru to keep it honest. Gemini 2.5 Flash compatibility is fixed by stripping title fields the model rejects. Parameter descriptions are now extracted from docstrings automatically, so your tool signatures document themselves.

Plus a Keycloak OAuth provider for enterprise auth, improvements to ctx.elicit() (new response_title/response_description, deprecation warning when called without response_type), and dozens of smaller fixes across transforms, retry middleware, resource templates, and client disconnect handling.

What's Changed

Breaking Changes ⚠️

• Scope tasks to authorization context, not session by @​chrisguidry in PrefectHQ/fastmcp#3800

Enhancements ✨

• Bump pydocket>=0.19.0, drop fakeredis pin by @​chrisguidry in PrefectHQ/fastmcp#3822
• Add real-world schema crash test (232K schemas from APIs.guru) by @​strawgate in PrefectHQ/fastmcp#3826
• Enable 7 zero-violation ruff rules by @​strawgate in PrefectHQ/fastmcp#3841
• Promote 7 ty rules from ignore to warn by @​strawgate in PrefectHQ/fastmcp#3852
• Replace ___ with hash-based backend tool routing and per-tool prefab resources by @​jlowin in PrefectHQ/fastmcp#3824
• Enable 4 ruff rules (DTZ, ERA, ISC, INP) and fix 9 violations by @​strawgate in PrefectHQ/fastmcp#3842
• Extract parameter descriptions from docstrings by @​jlowin in PrefectHQ/fastmcp#3872
• ci: speed up schema crash test (CSafeLoader + xdist-safe aggregation) by @​jlowin in PrefectHQ/fastmcp#3873
• test: bump OpenAPI init perf threshold to 200ms for Windows CI by @​jlowin in PrefectHQ/fastmcp#3879
• refactor: unify object-schema conversion through _object_schema_to_type by @​jlowin in PrefectHQ/fastmcp#3884
• Add Keycloak OAuth Provider for Enterprise Authentication and local dev by @​stephaneberle9 in PrefectHQ/fastmcp#1937
• Allow auth providers to override protected resource base URLs by @​aaazzam in PrefectHQ/fastmcp#3900
• Enable PERF and T20 ruff rules by @​strawgate in PrefectHQ/fastmcp#3845
• Add response_title and response_description to ctx.elicit() by @​jlowin in PrefectHQ/fastmcp#3912
• Deprecate ctx.elicit() without response_type by @​jlowin in PrefectHQ/fastmcp#3916

Security 🔒

• Validate actual base64 data size in FileUpload, not client-reported size by @​strawgate in PrefectHQ/fastmcp#3816
• Stop forwarding inbound HTTP headers to unrelated remote servers by @​jlowin in PrefectHQ/fastmcp#3837
• AuthKit: auto-bind token audience to resource URL (RFC 8707) by @​jlowin in PrefectHQ/fastmcp#3905

Fixes 🐞

• Version-check is_docket_available() to avoid transitive pydocket crash by @​jlowin in PrefectHQ/fastmcp#3807
• fix: materialize generators before result conversion, handle bytes gracefully by @​strawgate in PrefectHQ/fastmcp#3830
• Fix json_schema_to_type crashes on keywords, boolean schemas, empty enums, and name collisions by @​strawgate in PrefectHQ/fastmcp#3818
• fix: replace or with is not None checks for config/override merging by @​strawgate in PrefectHQ/fastmcp#3833
• fix: TransformedTool sync fn crash and schema mutation by @​strawgate in PrefectHQ/fastmcp#3823
• fix: cross-provider duplicate detection, error visibility, mask propagation by @​strawgate in PrefectHQ/fastmcp#3827
• fix: don't pass HTTP kwargs when transport is unspecified by @​strawgate in PrefectHQ/fastmcp#3838
• fix: strip title fields from tool schemas for Gemini 2.5 Flash compatibility by @​strawgate in PrefectHQ/fastmcp#3861
• fix: retry when LLM returns text instead of calling final_response by @​strawgate in PrefectHQ/fastmcp#3850
• Raise on unhandled content types in sampling handler dispatch chains by @​strawgate in PrefectHQ/fastmcp#3857
• Fix broken code examples in docs by @​strawgate in PrefectHQ/fastmcp#3869
• fix: GoogleGenaiSamplingHandler leaks thought parts and gives unhelpful errors on empty responses by @​strawgate in PrefectHQ/fastmcp#3849

... (truncated)

Commits

• 7d76074 Stop pydantic 2.13 from leaking _WrappedResult docstring into tool output sch...
• b732a4a Overhaul apps docs (#3915)
• 5c2ff1b chore: Update SDK documentation (#3914)
• f4f2ec0 Deprecate ctx.elicit() without response_type (#3916)
• 338b80c chore(deps): bump the uv group across 2 directories with 1 update (#3913)
• 110cd3a Add response_title and response_description to ctx.elicit() (#3912)
• 3117846 chore: Update SDK documentation (#3909)
• 031c7e0 Fix RetryMiddleware not retrying tool errors (#3858)
• 200d79e Enable PERF and T20 ruff rules (#3845)
• 82f310f AuthKit: auto-bind token audience to resource URL (RFC 8707) (#3905)
• Additional commits viewable in compare view

Updates requests to 2.33.1

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

New Contributors

• @​ferdnyc made their first contribution in psf/requests#7277

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.

... (truncated)

Commits

• 111d2b7 v2.33.1
• f0198e6 Fix malformed value parsing for Content-Type (#7309)
• bc7dd0f Fix cosmetic header validity parsing regex (#7308)
• 4443b1a Fix unintended test extra (#7306)
• 389eea5 Cleanup extracted file after extract_zipped_path test (#7305)
• 7407309 Packaging: DRY out extras definition (#7277)
• See full diff in compare view

Updates pytest-asyncio to 1.3.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio 1.3.0

1.3.0 - 2025-11-10

Removed

• Support for Python 3.9 (#1278)

Added

• Support for pytest 9 (#1279)

Notes for Downstream Packagers

• Tested Python versions include free threaded Python 3.14t (#1274)
• Tests are run in the same pytest process, instead of spawning a subprocess with pytest.Pytester.runpytest_subprocess. This prevents the test suite from accidentally using a system installation of pytest-asyncio, which could result in test errors. (#1275)

Commits

• 2e9695f docs: Compile changelog for v1.3.0
• dd0e9ba docs: Reference correct issue in news fragment.
• 4c31abe Build(deps): Bump nh3 from 0.3.1 to 0.3.2
• 13e9477 Link to migration guides from changelog
• 4d2cf3c tests: handle Python 3.14 DefaultEventLoopPolicy deprecation warnings
• ee3549b test: Remove obsolete test for the event_loop fixture.
• 7a67c82 tests: Fix failing test by preventing warning conversion to error.
• a17b689 test: add pytest config to isolated test directories
• 18afc9d fix(tests): replace runpytest_subprocess with runpytest
• cdc6bd1 Add support for pytest 9 and drop Python 3.9 support
• Additional commits viewable in compare view

Updates respx to 0.23.1

Release notes

Sourced from respx's releases.

Version 0.23.1

0.23.1 (8th April 2026)

Fixed

• Fix regression causing params pattern to stop working under some conditions, by doing a strict detection of ANY in multi items patterns (#313)

CI

• Update workflows actions (#310)

Changelog

Sourced from respx's changelog.

[0.23.1] - 2026-04-08

Fixed

• Fix regression causing params pattern to stop working under some conditions, by doing a strict detection of ANY in multi items patterns (#313)

CI

• Update workflows actions (#310)

[0.23.0] - 2026-04-07

Fixed

• Fix data pattern with list value (#264)
• Fix and enhance incorrect documentations about iterable side effects (#287)
• Fix documentation typo, thanks @​markhobson (#298)
• Fix support for multiple slashes // in URL path by not using urljoin when prepending path, thanks @​lewiscollard and @​Skeen (#302)
• Type Route.respond json as Any to align with HTTPX, thanks @​JacobHayes (#284)
• Properly handle ANY in MuitiItems patterns (#289)

CI

• Fix test warnings (#267)
• Add Python 3.14 to test matrix, thanks @​carlosdorneles-mb (#300)
• Update nix flake, mypy target and workflows (#306, #282)

[0.22.0] - 2024-12-19

Fixed

• Support HTTPX 0.28.0, thanks @​ndhansen (#278)

Removed

• Drop support for Python 3.7, to align with HTTPX 0.25.0 (#280)

CI

• Update CI test to not fail fast and cancel workflows, thanks @​flaeppe (#269)
• Add dependabot to check GitHub actions packages, thanks @​flaeppe (#268)
• Add Python 3.13 to test suite, thanks @​jairhenrique (#283)

[0.21.1] - 2024-03-27

Fixed

• Fix files pattern not handling str and BytesIO, thanks @​pierremonico for input

... (truncated)

Commits

• fc8b43b Release 0.23.1
• 1da5d2f Strict detection of ANY in multi items patterns (#313)
• 6f1bf70 Bump checkout and python actions (#310)
• 62aaeab Release 0.23.0
• d8edf3d Adjust badges
• b3a193d Add downloads badge to docs
• 9961e9b Handle multiple routes using MuitiItems pattern with ANY (#289)
• e51c2a6 Update Route.respond json type hint to Any to match HTTPX (#284)
• a499260 Bump less-action/reusables from 8 to 10 (#282)
• 7b44b51 Update nix flake and mypy target (#306)
• Additional commits viewable in compare view

Updates pytest-cov to 7.1.0

Changelog

Sourced from pytest-cov's changelog.

7.1.0 (2026-03-21)

• Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See [#641](https://github.com/pytest-dev/pytest-cov/issues/641) <https://github.com/pytest-dev/pytest-cov/issues/641>_.

• Improve handling of ResourceWarning from sqlite3.

  The plugin adds warning filter for sqlite3 ResourceWarning unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.

  With this fix one can suppress ResourceWarning from sqlite3 from command line::

  pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...

• Various improvements to documentation. Contributed by Art Pelling in [#718](https://github.com/pytest-dev/pytest-cov/issues/718) <https://github.com/pytest-dev/pytest-cov/pull/718>_ and "vivodi" in [#738](https://github.com/pytest-dev/pytest-cov/issues/738) <https://github.com/pytest-dev/pytest-cov/pull/738>. Also closed [#736](https://github.com/pytest-dev/pytest-cov/issues/736) <https://github.com/pytest-dev/pytest-cov/issues/736>.

• Fixed some assertions in tests. Contributed by in Markéta Machová in [#722](https://github.com/pytest-dev/pytest-cov/issues/722) <https://github.com/pytest-dev/pytest-cov/pull/722>_.

• Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).

7.0.0 (2025-09-09)

• Dropped support for subprocesses measurement.

  It was a feature added long time ago when coverage lacked a nice way to measure subprocesses created in tests. It relied on a .pth file, there was no way to opt-out and it created bad interations with coverage's new patch system <https://coverage.readthedocs.io/en/latest/config.html#run-patch>_ added in 7.10 <https://coverage.readthedocs.io/en/7.10.6/changes.html#version-7-10-0-2025-07-24>_.

  To migrate to this release you might need to enable the suprocess patch, example for .coveragerc:

  .. code-block:: in...

  Description has been truncated