Skip to content
This repository was archived by the owner on Jul 5, 2026. It is now read-only.

chore(deps): bump the python-dependencies group across 1 directory with 11 updates#148

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-dependencies-fd5266c73a
Closed

chore(deps): bump the python-dependencies group across 1 directory with 11 updates#148
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-dependencies-fd5266c73a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 14, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on cryptography, fastapi, fastapi-swagger, icalendar, prometheus-fastapi-instrumentator, python-multipart, ruff, sqlalchemy, uvicorn, prek and joserfc to permit the latest version.
Updates cryptography to 49.0.0

Changelog

Sourced from cryptography's changelog.

49.0.0 - 2026-06-12


* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.
  We now only publish ``arm64`` wheels for macOS.
* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.
  Users should move to a 64-bit Python installation.
* **BACKWARDS INCOMPATIBLE:** Removed the deprecated
  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,
  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,
  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use
  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,
  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``
  instead. These were deprecated in version 40.0.
* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`
  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block
  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.
  Attempting to encrypt or decrypt more data than the counter allows before it
  would overflow now raises a :class:`ValueError` rather than silently diverging
  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows
  encrypting up to 256 GiB with a given nonce.
* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA
  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises
  a :class:`ValueError`. Such certificates are invalid, but older versions of
  Java emitted them; previously they loaded with a deprecation warning.
* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``
  is set. The build now derives the Python include directory from
  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which
  previously caused the build to fail during cross-compilations for embedded
  systems, on hosts which have same-version Python development headers
  installed as the target Python.
* Added support for signing and verifying X.509 certificates, certificate
  signing requests, and certificate revocation lists with
  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading
  certificates that contain ML-DSA public keys.
* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to
  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the
  encapsulated key from the ciphertext returned by
  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.
* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,
  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and
  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`
  now accept any extension type. Previously only a fixed set of extension
  types was supported, which made it impossible to account for otherwise
  unrecognized critical extensions during path validation.
* Added support for using :class:`~cryptography.x509.Certificate`,
  :class:`~cryptography.x509.CertificateSigningRequest`, and
  :class:`~cryptography.x509.CertificateRevocationList` as field types in
  :doc:`/hazmat/asn1/index` structures.
* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that
</tr></table> 

... (truncated)

Commits
  • e300bbe bump version and changelog for 49.0.0 (#15030)
  • fa74cd8 Add external mu (message representative) support for ML-DSA (#14979)
  • f594db3 chore(deps): bump openssl from 0.10.80 to 0.10.81 (#15029)
  • 608e011 chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (#15028)
  • a322bc4 chore(deps): bump cc from 1.2.63 to 1.2.64 (#15027)
  • 33181a7 Reject critical nameConstraints extensions containing directoryName constrain...
  • 6080dc7 Bump dependencies that dependabot isn't (#15026)
  • 121faa3 chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (#15023)
  • 829520b Add more robust processing for DH parameters. (#15016)
  • 0f05001 Bump downstream dependencies in CI (#15025)
  • Additional commits viewable in compare view

Updates fastapi to 0.136.3

Release notes

Sourced from fastapi's releases.

0.136.3

Refactors

  • ♻️ Do not accept underscore headers when using convert_underscores=True (the default). PR #15589 by @​tiangolo.
Commits
  • 8206485 🔖 Release version 0.136.3
  • c910e01 📝 Update release notes
  • 063b5bf ♻️ Do not accept underscore headers when using convert_underscores=True (th...
  • 22b02e2 🔖 Release version 0.136.2
  • 3b252a2 📝 Update release notes
  • c7fb785 ♻️ Validate Server Sent Event fields to avoid applications from sending broke...
  • cb83b83 📝 Update release notes
  • 00f805c ✅ Update tests, don't double dispose the engine (#15587)
  • 3675137 📝 Update release notes
  • 7b57e42 📝 Document --entrypoint CLI option (#15464)
  • Additional commits viewable in compare view

Updates fastapi-swagger to 0.4.50

Release notes

Sourced from fastapi-swagger's releases.

v0.4.50

Package version: v0.4.50 🚀 Swagger UI version: v5.32.6

Commits

Updates icalendar to 7.1.2

Release notes

Sourced from icalendar's releases.

v7.1.2

To view the changes, please see the Changelog. This release can be installed from PyPI.

Changelog

Sourced from icalendar's changelog.

7.1.2 (2026-05-22)

Bug fixes


- Replaced the recursive :meth:`Component.__repr__ <icalendar.cal.component.Component.__repr__>` implementation with an iterative stack-based walk so that deeply nested calendars no longer raise :exc:`RecursionError` when formatted via ``repr()``, ``str()``, or f-strings. The output format is unchanged for normally-shaped calendars. @gistrec (`Issue [#1370](https://github.com/collective/icalendar/issues/1370) <https://github.com/collective/icalendar/issues/1370>`_)

Documentation

  • Update maintenance documentation. Fix the version switcher on "stable" on Read the Docs. @​stevepiercy (Issue [#1352](https://github.com/collective/icalendar/issues/1352) <https://github.com/collective/icalendar/issues/1352>_)

7.1.1 (2026-05-18)

New features


- Created an :attr:`~icalendar.prop.dt.period.vPeriod.ical_value` property for the :class:`~icalendar.prop.dt.period.vPeriod` component. @ZairKSM (`Issue [#876](https://github.com/collective/icalendar/issues/876) <https://github.com/collective/icalendar/issues/876>`_)
- Created a :meth:`~icalendar.prop.recur.weekday.vWeekday.ical_value` property for the :class:`~icalendar.prop.recur.weekday.vWeekday` component, mirroring the existing pattern on :class:`~icalendar.prop.boolean.vBoolean`. @mvanhorn (`Issue [#1360](https://github.com/collective/icalendar/issues/1360) <https://github.com/collective/icalendar/issues/1360>`_)

Bug fixes


- Strictly validate BINARY property values in :attr:`vBinary.from_ical() &lt;icalendar.prop.binary.vBinary.from_ical&gt;` and reject malformed Base64 input instead of silently accepting invalid characters. @uwezkhan (`Issue [#1349](https://github.com/collective/icalendar/issues/1349) &lt;https://github.com/collective/icalendar/issues/1349&gt;`_)

Documentation
</code></pre>
<ul>
<li>Replace the RFC quotations in the docstrings for :attr:<code>Alarm.REPEAT &lt;icalendar.cal.alarm.Alarm.REPEAT&gt;</code> and :attr:<code>Alarm.DURATION &lt;icalendar.cal.alarm.Alarm.DURATION&gt;</code> with Pythonic descriptions, including parameter notes, conformance references, and worked examples. <a href="https://github.com/tmchow&quot;&gt;&lt;code&gt;@​tmchow&lt;/code&gt;&lt;/a> (<code>Issue #1244 &lt;collective/icalendar#1244>
<li>Edited contributor documentation for how to add a change log entry, and maintenance documentation for how to process news fragments. <a href="https://github.com/stevepiercy&quot;&gt;&lt;code&gt;@​stevepiercy&lt;/code&gt;&lt;/a> (<code>Issue #1256 &lt;collective/icalendar#1256>
<li>Updated release process documentation. <a href="https://github.com/niccokunzmann&quot;&gt;&lt;code&gt;@​niccokunzmann&lt;/code&gt;&lt;/a> <a href="https://github.com/stevepiercy&quot;&gt;&lt;code&gt;@​stevepiercy&lt;/code&gt;&lt;/a> <a href="https://github.com/SashankBhamidi&quot;&gt;&lt;code&gt;@​SashankBhamidi&lt;/code&gt;&lt;/a> (<code>Issue #1293 &lt;collective/icalendar#1293>
</ul>
<p>Dependency changes</p>
<pre><code>

  • Added towncrier &amp;lt;https://pypi.org/project/towncrier/&amp;gt;_ to development dependencies. @stevepiercy (Issue [#1256](https://github.com/collective/icalendar/issues/1256) &amp;lt;https://github.com/collective/icalendar/issues/1256&amp;gt;_)

Internal changes

  • Switched from manual change log management to towncrier &lt;https://pypi.org/project/towncrier/&gt;_ to automate the process. @​stevepiercy (Issue [#1256](https://github.com/collective/icalendar/issues/1256) &lt;https://github.com/collective/icalendar/issues/1256&gt;_)
  • Bump PyPy from 3.10 to 3.11 for testing. @​stevepiercy (Issue [#1383](https://github.com/collective/icalendar/issues/1383) &lt;https://github.com/collective/icalendar/issues/1383&gt;_) </tr></table>

... (truncated)

Commits
  • f5494e3 Merge branch 'main' into 7.x
  • 6ddbd95 version 7.1.2
  • 6efe639 Update maintenance docs and fix version switcher for "stable" (#1393)
  • 67d6ab9 Fix RecursionError in Component.repr on deeply nested calendars (Closes #...
  • 8705729 Restore version warning banner for 'latest' on Read the Docs
  • 8fccb3a Update version switcher for 7.1.1
  • 79ddc3e Merge branch 'main' into 7.x
  • 465936b version 7.1.1
  • 39b8db8 Update release process (#1350)
  • c343662 Switch to towncrier to automatically manage the change log (#1389)
  • Additional commits viewable in compare view

Updates prometheus-fastapi-instrumentator to 8.0.0

Release notes

Sourced from prometheus-fastapi-instrumentator's releases.

8.0.0 / 2026-05-29

  • BREAKING: Ported project to Starlette v1. This includes new required minimum versions of Python, Starlette, and FastAPI. Bumped starlette dependency from >=0.30.0,<1.0.0 to >=1.0.0,<2.0.0. Bumped requires-python from >=3.8 to >=3.10 (starlette dropped support). Bumped fastapi dev dependency to ^0.133.0 (first version supporting starlette v1). Adjusted middleware app parameter type from Starlette to ASGIApp. Thanks to @​bgermann in #357 for implementing it.
Changelog

Sourced from prometheus-fastapi-instrumentator's changelog.

8.0.0 / 2026-05-29

Changed

  • BREAKING: Ported project to Starlette v1. This includes new required minimum versions of Python, Starlette, and FastAPI. Bumped starlette dependency from >=0.30.0,<1.0.0 to >=1.0.0,<2.0.0. Bumped requires-python from >=3.8 to >=3.10 (starlette dropped support). Bumped fastapi dev dependency to ^0.133.0 (first version supporting starlette v1). Adjusted middleware app parameter type from Starlette to ASGIApp. Thanks to @​bgermann in #357 for implementing it.

Fixed

  • Corrected documentation for setting custom labels. Thanks to @​rickie95 in #342 for implementing it.

7.1.0 / 2025-03-19

Added

  • Included metrics closure creators have new optional parameter custom_labels to set additional custom static labels. Parameter has not been added to the Instrumentator() constructor. Thanks to @​iocentos for requesting this in #279 and @​martian711 in #287 as well as @​Budlee in #326 for implementing it.

7.0.2 / 2025-01-14

Fixed

  • Replaced incorrect license identifier in pyproject.toml. Problem introduced with the migration to Poetry 2.0 in the last patch release.

7.0.1 / 2025-01-14

Changed

  • Migrated pyproject.toml to support PEP 621. This comes with a migration to Poetry 2.0. Thanks to @​alexted bringing this up in

... (truncated)

Commits
  • 2f84152 chore: Prepare release v8.0.0
  • 5950ed2 build(deps): bump actions/checkout from 4 to 6
  • 3a212cc build(deps): bump pre-commit-ci/lite-action from 1.0.1 to 1.1.0
  • 631c86d Remove codecov
  • 1f7b5e8 fix(test): Adjust mp for httpx2
  • d7ea56d Revert "ci: Bump lower Python version to 3.12"
  • 7668645 ci: Bump lower Python version to 3.12
  • 7f47420 chore: Bump dev dependencies
  • 1a9c52a ci: Adjust Python and Poetry versions
  • 91a5a66 chore: Apply pre-commit fixes
  • Additional commits viewable in compare view

Updates python-multipart to 0.0.32

Release notes

Sourced from python-multipart's releases.

Version 0.0.32

What's Changed

Full Changelog: Kludex/python-multipart@0.0.31...0.0.32

Changelog

Sourced from python-multipart's changelog.

0.0.32 (2026-06-04)

  • Speed up partial-boundary scanning for CR/LF-dense part data #300.

0.0.31 (2026-06-04)

  • Speed up multipart header parsing and callback dispatch #295.
  • Bound header field name size before validating #296.
  • Validate Content-Length is non-negative in parse_form #297.

0.0.30 (2026-05-31)

  • Parse application/x-www-form-urlencoded bodies per the WHATWG URL standard, treating only & as a field separator #290.
  • Ignore RFC 2231/5987 extended parameters (name*, filename*) in parse_options_header, keeping the plain parameter authoritative per RFC 7578 §4.2 #291.

0.0.29 (2026-05-17)

  • Handle malformed RFC 2231 continuations in parse_options_header #270.

0.0.28 (2026-05-10)

  • Speed up partial-boundary tail scan via bytes.find #281.
  • Cap multipart boundary length at 256 bytes #282.

0.0.27 (2026-04-27)

  • Add multipart header limits #267.
  • Pass parse offsets via constructors #268.

0.0.26 (2026-04-10)

  • Skip preamble before the first multipart boundary more efficiently #262.
  • Silently discard epilogue data after the closing multipart boundary #259.

0.0.25 (2026-04-10)

  • Add MIME content type info to File #143.
  • Handle CTE values case-insensitively #258.
  • Remove custom FormParser classes #257.
  • Add UPLOAD_DELETE_TMP to FormParser config #254.
  • Emit field_end for trailing bare field names on finalize #230.
  • Handle multipart headers case-insensitively #252.
  • Apply Apache-2.0 properly #247.

0.0.24 (2026-04-05)

  • Validate chunk_size in parse_form() #244.

0.0.23 (2026-04-05)

... (truncated)

Commits
  • 238ead6 Version 0.0.32 (#302)
  • 8672979 Replace per-byte partial-boundary scan with rfind lookbehind (#300)
  • 8190779 Bump the python-packages group with 7 updates (#301)
  • 0d3c086 Use uv package ecosystem for Dependabot (#299)
  • 4cffc68 Version 0.0.31 (#298)
  • c814948 Reject negative Content-Length in parse_form (#297)
  • 6b837d4 Bound header field name size before validating (#296)
  • e0c4f9d Bump the github-actions group with 3 updates (#294)
  • b8a01bb Bump the python-packages group with 3 updates (#293)
  • 6732164 Speed up multipart header parsing and callback dispatch (#295)
  • Additional commits viewable in compare view

Updates ruff to 0.15.17

Release notes

Sourced from ruff's releases.

0.15.17

Release Notes

Released on 2026-06-11.

Preview features

  • Allow human-readable names in suppression comments (#25614)
  • Fix handling of ignore comments within a disable/enable pair (#25845)
  • Prioritize human-readable names in CLI output (#25869)
  • Respect diagnostic start and parent ranges and trailing comments in ruff:ignore suppressions (#25673)
  • [flake8-async] Add trio.as_safe_channel to safe decorators (ASYNC119) (#25775)
  • [flake8-pytest-style] Also check pytest_asyncio fixtures (#25375)
  • [ruff] Ban pytest autouse fixtures (RUF076) (#25477)
  • [pyupgrade] Add from __future__ import annotations automatically (UP007, UP045) (#23259)

Bug fixes

  • Fix diagnostic when ruff:enable or ruff:disable appears where ruff:ignore is expected (#25700)
  • [pyupgrade] Preserve leading empty literals to avoid syntax errors (UP032) (#25491)

Rule changes

  • [flake8-pytest-style] Clarify diagnostic message for single parameters (PT007) (#25592)
  • [numpy] Drop autofix for np.in1d (NPY201) (#25612)
  • [pylint] Exempt Python version comparisons (PLR2004) (#25743)

Performance

  • Reserve AST Vecs with correct capacity for common cases (#25451)

Formatter

  • Preserve whitespace for Quarto cell option comments (#25641)

CLI

  • Allow rule names in ruff rule (#25640)

Other changes

  • Fix playground diagnostics scrollbars (#25642)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.17

Released on 2026-06-11.

Preview features

  • Allow human-readable names in suppression comments (#25614)
  • Fix handling of ignore comments within a disable/enable pair (#25845)
  • Prioritize human-readable names in CLI output (#25869)
  • Respect diagnostic start and parent ranges and trailing comments in ruff:ignore suppressions (#25673)
  • [flake8-async] Add trio.as_safe_channel to safe decorators (ASYNC119) (#25775)
  • [flake8-pytest-style] Also check pytest_asyncio fixtures (#25375)
  • [ruff] Ban pytest autouse fixtures (RUF076) (#25477)
  • [pyupgrade] Add from __future__ import annotations automatically (UP007, UP045) (#23259)

Bug fixes

  • Fix diagnostic when ruff:enable or ruff:disable appears where ruff:ignore is expected (#25700)
  • [pyupgrade] Preserve leading empty literals to avoid syntax errors (UP032) (#25491)

Rule changes

  • [flake8-pytest-style] Clarify diagnostic message for single parameters (PT007) (#25592)
  • [numpy] Drop autofix for np.in1d (NPY201) (#25612)
  • [pylint] Exempt Python version comparisons (PLR2004) (#25743)

Performance

  • Reserve AST Vecs with correct capacity for common cases (#25451)

Formatter

  • Preserve whitespace for Quarto cell option comments (#25641)

CLI

  • Allow rule names in ruff rule (#25640)

Other changes

  • Fix playground diagnostics scrollbars (#25642)

Contributors

... (truncated)

Commits
  • 7c645a9 Bump 0.15.17 (#25872)
  • f381eb1 Prioritize human-readable names in CLI output (#25869)
  • b9b4546 Minor workflow simplification (#25870)
  • 1e77ba0 [ty] Move PreformattedBlockScanner to format-agnostic location. (#25856)
  • 6f2b772 [ty] Preserve nominal type of enum.property instances (#25849)
  • be4777c [ty] Fix site-package error when multiple versions of pythons are installed i...
  • 53f6ff7 Allow human-readable names in suppression comments (#25614)
  • 6740325 [ty] Restrict uncached raw signature access (#25866)
  • 970b1bf Auto-update snapshots when syncing typeshed (#25841)
  • 0785793 Fix handling of ignore comments within a disable/enable pair (#25845)
  • Additional commits viewable in compare view

Updates sqlalchemy to 2.0.50

Release notes

Sourced from sqlalchemy's releases.

2.0.50

Released: May 24, 2026

orm

  • [orm] [bug] Fixed issue where using _orm.joinedload() with PropComparator.of_type() targeting a joined-table subclass combined with PropComparator.and_() referencing a column on that subclass would generate invalid SQL, where the subclass column was not adapted to the subquery alias. Pull request courtesy Joaquin Hui Gomez.

    References: #13203

  • [orm] [bug] Fixed issue where the presence of a SessionEvents.do_orm_execute() event hook would cause internal execution options such as yield_per and loader-specific state from the first orm_pre_session_exec pass to leak into the second pass, leading to errors when using relationship loaders such as selectinload() and immediateload(). The execution options passed to the second compilation pass are now based on the original options plus only the explicit updates made via ORMExecuteState.update_execution_options() within the event hook.

    References: #13301

  • [orm] [bug] Fixed issue where using _orm.with_polymorphic() on a leaf class (a subclass with no further descendants) or a non-inherited class would fail with an AttributeError when used in an ORM statement, due to _orm.configure_mappers() not being triggered implicitly. The fix ensures that AliasedInsp participates in the _post_inspect hook, triggering mapper configuration during ORM statement compilation.

    References: #13319

sql

  • [sql] [bug] Fixed issue where floor division (//) between a Float or Numeric numerator and an Integer denominator would omit the FLOOR() SQL wrapper on dialects where Dialect.div_is_floordiv is True (the default, including PostgreSQL and SQLite). FLOOR() is now applied if either the denominator or the numerator is a non-integer, so that expressions such as float_col // int_col render as FLOOR(float_col / int_col) instead of the incorrect float_col / int_col. Pull request courtesy r266-tech.

    References: #10528

postgresql

... (truncated)

Commits

Updates uvicorn to 0.49.0

Release notes

Sourced from uvicorn's releases.

Version 0.49.0

What's Changed

Full Changelog: Kludex/uvicorn@0.48.0...0.49.0

Changelog

Sourced from uvicorn's changelog.

0.49.0 (June 3, 2026)

Changed

  • Bump httptools minimum version to 0.8.0 (#2962)
  • Consume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) (#2971)

0.48.0 (May 24, 2026)

Changed

  • Default ssl_ciphers to None and use OpenSSL defaults (#2940)

Fixed

  • Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)

0.47.0 (May 14, 2026)

Added

  • Add ssl_context_factory for custom SSLContext configuration (#2920)

Changed

  • Eagerly import the ASGI app in the parent process (#2919)

Fixed

  • Treat fd=0 as a valid file descriptor with reload/workers (#2927)

0.46.0 (April 23, 2026)

Added

  • Support ws_max_size in wsproto implementation (#2915)
  • Support ws_ping_interval and ws_ping_timeout in wsproto implementation (#2916)

Changed

  • Use bytearray for incoming WebSocket message buffer in websockets-sansio (#2917)

0.45.0 (April 21, 2026)

Added

  • Add --reset-contextvars flag to isolate ASGI request context (#2912)
  • Accept os.PathLike for log_config (#2905)
  • Accept log_level strings case-insensitively (#2907)

... (truncated)

Commits
  • 3ef2e3e Version 0.49.0 (#2973)
  • eeb64b1 Consume duplicate forwarding headers in ProxyHeadersMiddleware (#2971)
  • 630f4ac Make the watchfiles reload tests deterministic (#2972)
  • 9154922 chore(deps): bump the github-actions group across 1 directory with 6 updates ...
  • 739727a Migrate docs deploy from Cloudflare Pages to Workers (#2967)
  • be4a240 Gate docs preview deploy on Cloudflare token presence (#2966)
  • c489d7e Bump httptools minimum version to 0.8.0 (#2962)
  • 9f547bd Skip docs preview deploy for Dependabot PRs (#2961)
  • 44446b8 Migrate documentation from MkDocs Material to Zensical (#2959)
  • cfd659c Bump pymdown-extensions to 10.21.3 (#2958)
  • Additional commits viewable in compare view

Updates prek to 0.4.4

Release notes

Sourced from prek's releases.

0.4.4

Release Notes

Released on 2026-06-04.

✨ Highlights

0.4.4 makes prek run easier to watch and easier to slice.

Hook stream output now shows a small live preview under the running hook in the progress UI. Long-running hooks no longer look stuck while they are producing logs, and failed hooks are easier to diagnose because recent output is already visible before the final result.

The new group selector lets a single config support different workflows. Tag hooks with groups, then select or exclude those groups at run time:

repos:
  - repo: local
    hooks:
      - id: format
        name: Format Python
        language: system
        entry: ruff format
        groups: [format, ci]
  - id: lint
    name: Lint Python
    language: system
    entry: ruff check
    groups: [lint, ci]

prek run --all-files --group ci
prek run --all-files --no-group format

This is useful when local development, CI, slow validation, or project-specific checks need different hook sets without splitting the config.

💚 Sponsorship

If prek saves time for you or your team, please consider sponsoring the project on GitHub Sponsors. It helps keep new features, performance work, and maintenance moving.

Enhancements

... (truncated)

Changelog

Sourced from prek's changelog.

0.4.4

Released on 2026-06-04.

Highlights

0.4.4 makes prek run easier to watch and easier to slice.

Hook stream output now shows a small live preview under the running hook in the progress UI. Long-running hooks no longer look stuck while they are producing logs, and failed hooks are easier to diagnose because recent output is already visible before the final result.

The new group selector lets a single config support different workflows. Tag hooks with groups, then select or exclude those groups at run time:

repos:
  - repo: local
    hooks:
      - id: format
        name: Format Python
        language: system
        entry: ruff format
        groups: [format, ci]
  - id: lint
    name: Lint Python
    language: system
    entry: ruff check
    groups: [lint, ci]

prek run --all-files --group ci
prek run --all-files --no-group format

This is useful when local development, CI, slow validation, or project-specific checks need different hook sets without splitting the config.

Enhancements

  • Add hook group filters to prek run (#2141)
  • Delay hook output preview rendering (#2140)
  • Stream hook output in progress UI (#2136)

Bug fixes

  • Fix intent-to-add stash restore (#2143)

... (truncated)

Commits

Updates joserfc to 1.7.1

Release notes

Sourced from joserfc's releases.

1.7.1

   🐞 Bug Fixes

    View changes on GitHub
Changelog

Sourced from joserfc's changelog.

1.7.1

Released on June 8, 2026

  • JWE: use the original aad value for decrypting.

1.7.0

Released on June 2, 2026

  • Drop Python 3.9 support.
  • Update type hints.
  • JWK: export public key by default in .as_dict, .as_pem, .as_der methods.

1.6.9

Released on June 8, 2026

  • JWE: use the original aad value for decrypting.

1.6.8

Released on May 27, 2026

  • Reject empty OctKey.

1.6.7

Released on May 23, 2026

  • Update for type hints.

1.6.6

Released on May 18, 2026

  • JWS: validate payload size when b64=false.

1.6.5

Released on May 3, 2026

  • JWS: increase registry's payload max size.

... (truncated)

Commits
  • 51aef50 chore: release 1.7.1
  • d6a3d15 fix(jwe): when decrypt, use the original aad base64 value
  • 3c9efed chore: release 1.7.0
  • da5dba1 Merge pull request #100 from authlib/export-public
  • 382b39d fix(jwk): as_dict, as_pem, as_der export public key by default
  • 955aaa0 Merge commit from fork
  • c133016 fix(typing): use Iterator for _filter_keys_by_parameters return value
  • dbb26fc Reject empty oct key material and empty HMAC keys at sign/verify entry
  • 1ddca8f fix(typing): update type hints for dropping python 3.9
  • fe1d746 chore: drop python 3.9
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…th 11 updates

Updates the requirements on [cryptography](https://github.com/pyca/cryptography), [fastapi](https://github.com/fastapi/fastapi), [fastapi-swagger](https://github.com/dantetemplar/fastapi-swagger), [icalendar](https://github.com/collective/icalendar), [prometheus-fastapi-instrumentator](https://github.com/trallnag/prometheus-fastapi-instrumentator), [python-multipart](https://github.com/Kludex/python-multipart), [ruff](https://github.com/astral-sh/ruff), [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy), [uvicorn](https://github.com/Kludex/uvicorn), [prek](https://github.com/j178/prek) and [joserfc](https://github.com/authlib/joserfc) to permit the latest version.

Updates `cryptography` to 49.0.0
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@48.0.0...49.0.0)

Updates `fastapi` to 0.136.3
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.136.1...0.136.3)

Updates `fastapi-swagger` to 0.4.50
- [Release notes](https://github.com/dantetemplar/fastapi-swagger/releases)
- [Commits](dantetemplar/fastapi-swagger@v0.4.49...v0.4.50)

Updates `icalendar` to 7.1.2
- [Release notes](https://github.com/collective/icalendar/releases)
- [Changelog](https://github.com/collective/icalendar/blob/main/CHANGES.rst)
- [Commits](collective/icalendar@v7.1.0...v7.1.2)

Updates `prometheus-fastapi-instrumentator` to 8.0.0
- [Release notes](https://github.com/trallnag/prometheus-fastapi-instrumentator/releases)
- [Changelog](https://github.com/trallnag/prometheus-fastapi-instrumentator/blob/master/CHANGELOG.md)
- [Commits](trallnag/prometheus-fastapi-instrumentator@v7.1.0...v8.0.0)

Updates `python-multipart` to 0.0.32
- [Release notes](https://github.com/Kludex/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md)
- [Commits](Kludex/python-multipart@0.0.27...0.0.32)

Updates `ruff` to 0.15.17
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.12...0.15.17)

Updates `sqlalchemy` to 2.0.50
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

Updates `uvicorn` to 0.49.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.46.0...0.49.0)

Updates `prek` to 0.4.4
- [Release notes](https://github.com/j178/prek/releases)
- [Changelog](https://github.com/j178/prek/blob/master/CHANGELOG.md)
- [Commits](j178/prek@v0.3.13...v0.4.4)

Updates `joserfc` to 1.7.1
- [Release notes](https://github.com/authlib/joserfc/releases)
- [Changelog](https://github.com/authlib/joserfc/blob/main/docs/changelog.rst)
- [Commits](authlib/joserfc@1.6.5...1.7.1)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 49.0.0
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: fastapi
  dependency-version: 0.136.3
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: fastapi-swagger
  dependency-version: 0.4.50
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: icalendar
  dependency-version: 7.1.2
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: prometheus-fastapi-instrumentator
  dependency-version: 8.0.0
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: python-multipart
  dependency-version: 0.0.32
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: ruff
  dependency-version: 0.15.17
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: sqlalchemy
  dependency-version: 2.0.50
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: uvicorn
  dependency-version: 0.49.0
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: prek
  dependency-version: 0.4.4
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: joserfc
  dependency-version: 1.7.1
  dependency-type: direct:production
  dependency-group: python-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 14, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 28, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 28, 2026
@dependabot
dependabot Bot deleted the dependabot/pip/python-dependencies-fd5266c73a branch June 28, 2026 08:22
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants