chore(deps): bump the python-minor-patch group across 1 directory with 8 updates

[dependabot]

Bumps the python-minor-patch group with 8 updates in the / directory:

Package	From	To
prometheus-client	0.24.1	0.25.0
pydantic	2.12.5	2.13.3
fastapi	0.135.3	0.136.1
ruff	0.15.9	0.15.12
mypy	1.20.0	1.20.2
pre-commit	4.5.1	4.6.0
uv-secure	0.17.1	0.17.2
mike	2.1.4	2.2.0

Updates prometheus-client from 0.24.1 to 0.25.0

Release notes

Sourced from prometheus-client's releases.

v0.25.0

What's Changed

• Fix spaces in grouping key values for push_to_gateway by @​veeceey in prometheus/client_python#1156
• Support MultiProcessCollector in RestrictedRegistry by @​mathias-kende in prometheus/client_python#1150

Full Changelog: prometheus/client_python@v0.24.1...v0.25.0

Commits

• 2cd1738 Release 0.25.0
• daa1626 docs: add API reference for all metric types (#1159)
• 8673912 Support MultiProcessCollector in RestrictedRegistry. (#1150)
• 671f75c Fix spaces in grouping key values for push_to_gateway (#1156)
• 1cf53fe Fix server shutdown documentation (#1155)
• a854135 Migrate to Github Actions (#1153)
• See full diff in compare view

Updates pydantic from 2.12.5 to 2.13.3

Release notes

Sourced from pydantic's releases.

v2.13.3 2026-04-20

v2.13.3 (2026-04-20)

What's Changed

Fixes

• Handle AttributeError subclasses with from_attributes by @​Viicos in #13096

Full Changelog: pydantic/pydantic@v2.13.2...v2.13.3

v2.13.2 2026-04-17

v2.13.2 (2026-04-17)

What's Changed

Fixes

• Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

Full Changelog: pydantic/pydantic@v2.13.1...v2.13.2

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

• Fix ValidationInfo.data missing with model_validate_json() by @​davidhewitt in #13079

Full Changelog: pydantic/pydantic@v2.13.0...v2.13.1

v2.13.0 2026-04-13

v2.13.0 (2026-04-13)

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

Packaging

• Add zizmor for GitHub Actions workflow linting by @​Viicos in #13039
• Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by @​Viicos in #13064

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.13.3 (2026-04-20)

GitHub release

What's Changed

Fixes

• Handle AttributeError subclasses with from_attributes by @​Viicos in #13096

v2.13.2 (2026-04-17)

GitHub release

What's Changed

Fixes

• Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

v2.13.1 (2026-04-15)

GitHub release

What's Changed

Fixes

• Fix ValidationInfo.data missing with model_validate_json() by @​davidhewitt in #13079

v2.13.0 (2026-04-13)

GitHub release

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

New Features

• Allow default factories of private attributes to take validated model data by @​Viicos in #13013

Changes

... (truncated)

Commits

• 9e9a111 Fix backported test
• 1ec8c6a Prepare release v2.13.3
• fb4f204 Handle AttributeError subclasses with from_attributes
• ca3ddd1 Prepare release v2.13.2
• 000e823 Fix ValidationInfo.field_name missing with model_validate_json()
• d45d8be Prepare release 2.13.1
• 54aca60 Fix ValidationInfo.data missing with model_validate_json()
• 46bf4fa Fix Pydantic release workflow (#13067)
• 1b359ed Prepare release v2.13.0 (#13065)
• b1bf194 Fix model equality when using runtime extra configuration (#13062)
• Additional commits viewable in compare view

Updates fastapi from 0.135.3 to 0.136.1

Release notes

Sourced from fastapi's releases.

0.136.1

Upgrades

• ⬆️ Update Pydantic v2 code to address deprecations. PR #15101 by @​svlandeg.

Internal

• 🔨 Tweak translation script. PR #15174 by @​YuriiMotov.
• ⬆ Bump mkdocs-material from 9.7.1 to 9.7.6. PR #15408 by @​dependabot[bot].
• ⬆ Bump inline-snapshot from 0.31.1 to 0.32.6. PR #15409 by @​dependabot[bot].
• ⬆ Bump pytest-codspeed from 4.3.0 to 4.4.0. PR #15407 by @​dependabot[bot].
• ⬆ Bump pytest-cov from 7.0.0 to 7.1.0. PR #15406 by @​dependabot[bot].
• ⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR #15405 by @​dependabot[bot].
• ⬆ Bump mypy from 1.19.1 to 1.20.1. PR #15410 by @​dependabot[bot].
• ⬆ Bump python-dotenv from 1.2.1 to 1.2.2. PR #15400 by @​dependabot[bot].
• ⬆ Bump starlette from 0.52.1 to 1.0.0. PR #15397 by @​dependabot[bot].
• ⬆ Bump pygithub from 2.8.1 to 2.9.1. PR #15396 by @​dependabot[bot].
• ⬆ Bump pyjwt from 2.12.0 to 2.12.1. PR #15393 by @​dependabot[bot].
• ⬆ Bump zizmor from 1.23.1 to 1.24.1. PR #15394 by @​dependabot[bot].
• ⬆ Bump strawberry-graphql from 0.312.3 to 0.314.3. PR #15395 by @​dependabot[bot].
• ⬆ Bump python-multipart from 0.0.22 to 0.0.26. PR #15360 by @​dependabot[bot].
• ⬆ Bump authlib from 1.6.9 to 1.6.11. PR #15373 by @​dependabot[bot].
• ⬆ Bump aiohttp from 3.13.3 to 3.13.4. PR #15282 by @​dependabot[bot].
• ⬆ Bump pygments from 2.19.2 to 2.20.0. PR #15263 by @​dependabot[bot].
• ⬆ Bump pymdown-extensions from 10.20.1 to 10.21.2. PR #15391 by @​YuriiMotov.
• ⬆ Bump pillow from 12.1.1 to 12.2.0. PR #15333 by @​dependabot[bot].
• ⬆ Bump pytest from 9.0.2 to 9.0.3. PR #15334 by @​dependabot[bot].
• ⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR #15374 by @​dependabot[bot].
• ⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR #15385 by @​dependabot[bot].
• 🔧 Update sponsors: remove Zuplo. PR #15369 by @​tiangolo.
• 🔧 Update sponsors: remove Speakeasy. PR #15368 by @​tiangolo.
• 🔒️ Add zizmor and fix audit findings. PR #15316 by @​YuriiMotov.

0.136.0

Upgrades

• ⬆️ Support free-threaded Python 3.14t. PR #15149 by @​svlandeg.

0.135.4

Refactors

• 🔥 Remove April Fool's @app.vibe() 🤪. PR #15363 by @​tiangolo.

Internal

• ⬆ Bump cryptography from 46.0.5 to 46.0.7. PR #15314 by @​dependabot[bot].
• ⬆ Bump strawberry-graphql from 0.307.1 to 0.312.3. PR #15309 by @​dependabot[bot].
• 🔨 Add pre-commit hook to ensure latest release header has date. PR #15293 by @​YuriiMotov.

Commits

• e54e5a8 🔖 Release version 0.136.1
• 9a8a5fd 📝 Update release notes
• 7815a32 ⬆️ Update Pydantic v2 code to address deprecations (#15101)
• ef1c927 📝 Update release notes
• 38039e1 🔨 Tweak translation script (#15174)
• 4fa826c 📝 Update release notes
• c394156 ⬆ Bump mkdocs-material from 9.7.1 to 9.7.6 (#15408)
• ae230ad 📝 Update release notes
• d9eb39d ⬆ Bump inline-snapshot from 0.31.1 to 0.32.6 (#15409)
• 4f8b5d1 📝 Update release notes
• Additional commits viewable in compare view

Updates ruff from 0.15.9 to 0.15.12

Release notes

Sourced from ruff's releases.

0.15.12

Release Notes

Released on 2026-04-24.

Preview features

• Implement #ruff:file-ignore file-level suppressions (#23599)
• Implement #ruff:ignore logical-line suppressions (#23404)
• Revert preview changes to displayed diagnostic severity in LSP (#24789)
• [airflow] Implement task-branch-as-short-circuit (AIR004) (#23579)
• [flake8-bugbear] Fix break/continue handling in loop-iterator-mutation (B909) (#24440)
• [pylint] Fix PLC2701 for type parameter scopes (#24576)

Rule changes

• [pandas-vet] Suggest .array as well in PD011 (#24805)

CLI

• Respect default Unix permissions for cache files (#24794)

Documentation

• [pylint] Fix PLR0124 description not to claim self-comparison always returns the same value (#24749)
• [pyupgrade] Expand docs on reusable TypeVars and scoping (UP046) (#24153)
• Improve rules table accessibility (#24711)

Contributors

• @​dylwil3
• @​AlexWaygood
• @​woodruffw
• @​avasis-ai
• @​Dev-iL
• @​denyszhak
• @​ShipItAndPray
• @​anishgirianish
• @​augustelalande
• @​amyreese
• @​majiayu000

Install ruff 0.15.12

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.12/ruff-installer.sh | sh

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.12

Released on 2026-04-24.

Preview features

• Implement #ruff:file-ignore file-level suppressions (#23599)
• Implement #ruff:ignore logical-line suppressions (#23404)
• Revert preview changes to displayed diagnostic severity in LSP (#24789)
• [airflow] Implement task-branch-as-short-circuit (AIR004) (#23579)
• [flake8-bugbear] Fix break/continue handling in loop-iterator-mutation (B909) (#24440)
• [pylint] Fix PLC2701 for type parameter scopes (#24576)

Rule changes

• [pandas-vet] Suggest .array as well in PD011 (#24805)

CLI

• Respect default Unix permissions for cache files (#24794)

Documentation

• [pylint] Fix PLR0124 description not to claim self-comparison always returns the same value (#24749)
• [pyupgrade] Expand docs on reusable TypeVars and scoping (UP046) (#24153)
• Improve rules table accessibility (#24711)

Contributors

• @​dylwil3
• @​AlexWaygood
• @​woodruffw
• @​avasis-ai
• @​Dev-iL
• @​denyszhak
• @​ShipItAndPray
• @​anishgirianish
• @​augustelalande
• @​amyreese
• @​majiayu000

0.15.11

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

... (truncated)

Commits

• 66f93cf Bump 0.15.12 (#24815)
• 476a4d0 [ty] Complete support for more detailed diagnostics on possibly unbound error...
• ed669ea Implement #ruff:file-ignore file-level suppressions (#23599)
• e73d952 [ty] Include inferred type in invalid-key concise diagnostic for union/inte...
• 80feb29 [ty] report only dead annotation-only locals as unused (#24811)
• 0fbf2bc Drop deprecated license classifier (#24808)
• 43b174c [ty] Infer lambda parameter types with Callable type context (#24317)
• 4f449ae [ty] Add error context for intersection types (#24772)
• 5b4e753 [ty] Add support for goto in literal enum member inlay hint (#24792)
• e7cc762 [ty] Add error context for TypedDict assignments (#24790)
• Additional commits viewable in compare view

Updates mypy from 1.20.0 to 1.20.2

Changelog

Sourced from mypy's changelog.

Mypy 1.20.2

• Use WAL with SQLite cache and fix close (Shantanu, PR 21154)
• Adjust SQLite journal mode (Ivan Levkivskyi, PR 21217)
• Correctly aggregate narrowing information on parent expressions (Shantanu, PR 21206)
• Fix regression related to generic callables (Shantanu, PR 21208)
• Fix regression by avoiding widening types in some contexts (Shantanu, PR 21242)
• Fix slicing in non-strict optional mode (Shantanu, PR 21282)
• mypyc: Fix match statement semantics for "or" pattern (Shantanu, PR 21156)
• mypyc: Fix issue with module dunder attributes (Piotr Sawicki, PR 21275)
• Initial support for Python 3.15.0a8 (Marc Mueller, PR 21255)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

• A5rocks
• Aaron Wieczorek
• Adam Turner
• Ali Hamdan
• asce
• BobTheBuidler
• Brent Westbrook
• Brian Schubert
• bzoracler
• Chris Burroughs
• Christoph Tyralla
• Colin Watson
• Donghoon Nam
• E. M. Bray
• Emma Smith
• Ethan Sarp
• George Ogden
• getzze
• grayjk
• Gregor Riepl
• Ivan Levkivskyi
• James Hilliard
• James Le Cuirot
• Jeremy Nimmer
• Joren Hammudoglu
• Kai (Kazuya Ito)
• kaushal trivedi
• Kevin Kannammalil
• Lukas Geiger
• Łukasz Langa
• Marc Mueller
• Michael R. Crusoe
• michaelm-openai
• Neil Schemenauer
• Piotr Sawicki

... (truncated)

Commits

• 145a062 Bump version to 1.20.2
• 81cd492 Fix slicing with nonstrict optional (#21282)
• 908d344 [mypyc] Set dunder attrs when adding module to sys.modules (#21275)
• ba28610 Initial support for Python 3.15.0a8 (#21255)
• 7b0e09f Fix match statement semantics for "or" pattern (#21156)
• 92b74f2 Avoid widening types in conditional_types (#21242)
• 0dcbfaa Fix is_overlapping_types for generic callables (#21208)
• 210f518 Correctly aggregate narrowing information on parent expressions (#21206)
• c34530e Only set journal mode in coordinator (#21217)
• 79a3ec6 Use WAL with SQLite cache, fix close (#21154)
• Additional commits viewable in compare view

Updates pre-commit from 4.5.1 to 4.6.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.6.0

Features

• pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.
  • #3662 PR by @​asottile.

Fixes

• pre-commit hook-impl: --hook-type is required.
  • #3661 PR by @​asottile.

Changelog

Sourced from pre-commit's changelog.

4.6.0 - 2026-04-21

Features

• pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.
  • #3662 PR by @​asottile.

Fixes

• pre-commit hook-impl: --hook-type is required.
  • #3661 PR by @​asottile.

Commits

• f35134b v4.6.0
• 2a51ffc Merge pull request #3662 from pre-commit/hook-impl-optional-hook-dir
• d7dee32 make --hook-dir optional for hook-impl
• 965aeb1 Merge pull request #3661 from pre-commit/hook-impl-required
• 2eacc06 --hook-type is required for hook-impl
• f5678bf Merge pull request #3657 from pre-commit/pre-commit-ci-update-config
• 054cc5b [pre-commit.ci] pre-commit autoupdate
• 5c0f302 Merge pull request #3652 from pre-commit/pre-commit-ci-update-config
• a5d9114 [pre-commit.ci] pre-commit autoupdate
• 129a1f5 Merge pull request #3641 from pre-commit/mxr-patch-1
• Additional commits viewable in compare view

Updates uv-secure from 0.17.1 to 0.17.2

Release notes

Sourced from uv-secure's releases.

v0.17.2

Deprecation Notice

I created uv-secure to resolve some pain points I had with getting pip-audit to work with uv.lock files. Since uv audit was announced though I now use that for my repos and am deprecating uv-secure in favour of the uv audit command.

If uv audit does not work for your workflow, consider pysentry-rs or pip-audit instead.

Thank you to everyone that took the time to raise issues and give me feedback on uv-secure!

What's Changed

• chore(deps): bump astral-sh/setup-uv from 7.6.0 to 8.0.0 in the actions-dependencies group by @​dependabot[bot] in owenlamont/uv-secure#225
• chore: refresh dependencies and linters by @​create-pr-workflow-auth[bot] in owenlamont/uv-secure#226
• Migrate linter configs to TOML and enable ryl fixes by @​owenlamont in owenlamont/uv-secure#227
• fix: use pinact CLI in update workflow by @​owenlamont in owenlamont/uv-secure#228
• chore: refresh dependencies and linters by @​create-pr-workflow-auth[bot] in owenlamont/uv-secure#233
• chore(deps): bump the actions-dependencies group with 2 updates by @​dependabot[bot] in owenlamont/uv-secure#231
• 215 deprecate uv-secure by @​owenlamont in owenlamont/uv-secure#234

Full Changelog: owenlamont/uv-secure@0.17.1...v0.17.2

Commits

• 2985610 215 deprecate uv-secure (#234)
• 7df19be chore(deps): bump the actions-dependencies group with 2 updates (#231)
• 46c58df chore: refresh dependencies and linters (#233)
• e127da0 fix: use pinact CLI in update workflow (#228)
• 4a5f403 Migrate linter configs to TOML and enable ryl fixes (#227)
• c37bd6b chore: refresh dependencies and linters (#226)
• 6364510 chore(deps): bump astral-sh/setup-uv in the actions-dependencies group (#225)
• See full diff in compare view

Updates mike from 2.1.4 to 2.2.0

Release notes

Sourced from mike's releases.

v2.2.0

New features

• Add support for ProperDocs

Bug fixes

• Use DST timestamps for new commits when DST is in effect
• Support ISO8601 and RFC 2822 values for GIT_COMMITTER_DATE

Changelog

Sourced from mike's changelog.

v2.2.0 (2026-04-13)

New features

• Add support for ProperDocs

Bug fixes

• Use DST timestamps for new commits when DST is in effect
• Support ISO8601 and RFC 2822 values for GIT_COMMITTER_DATE

---

Commits

• b01e030 Update version to 2.2.0
• ca60b84 Fix deprecation warning about split
• 5b5ed31 Add ProperDocs support; resolves #259
• 2adb1f1 Improve make_when implementation; resolves #260
• 7363ce5 Update version to 2.2.0.dev0
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions