chore(deps): bump uvicorn from 0.42.0 to 0.43.0

[dependabot]

Bumps uvicorn from 0.42.0 to 0.43.0.

Release notes

Sourced from uvicorn's releases.

Version 0.43.0

Changed

• Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)
• Use native context parameter for create_task on Python 3.11+ (#2859)
• Drop cast in ASGI types (#2875)

---

Full Changelog: Kludex/uvicorn@0.42.0...0.43.0

Changelog

Sourced from uvicorn's changelog.

0.43.0 (April 3, 2026)

You can quit Uvicorn now. We heard you, @​pamelafox - all 47 of your Ctrl+C's (thanks for flagging it, and thanks to @​tiangolo for the fix 🙏). See the tweet.

Changed

• Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)
• Use native context parameter for create_task on Python 3.11+ (#2859)
• Drop cast in ASGI types (#2875)

Commits

• 8d397c7 Version 0.43.0 (#2885)
• 587042d 🐛 Emit http.disconnect ASGI receive() event on server shutting down for s...
• c9a75fb chore(deps): bump the github-actions group with 3 updates (#2878)
• 84fd578 chore(deps): bump pygments from 2.19.2 to 2.20.0 (#2877)
• cd52d34 Use native context parameter for create_task on Python 3.11+ (#2859)
• 5211880 Drop cast in ASGI types (#2875)
• 1cb8e74 Add websocket 500 fallback header test (#2874)
• 28efbb2 chore(deps-dev): bump cryptography from 46.0.5 to 46.0.6 (#2873)
• 042ffeb ci: add zizmor (#2872)
• c61f9d4 chore(deps): bump requests from 2.32.5 to 2.33.0 (#2871)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[overcut-ai]

Completed Working on "Code Review"

✅ Code review complete. No issues found - all changes look good! ✅

✅ Workflow completed successfully.

---

👉 View complete log

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 732073b.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

uv.lock

Package	Version	License	Issue Type
uvicorn	0.44.0	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
pip/uvicorn	0.44.0	Unknown	Unknown

Scanned Files

• uv.lock

[dependabot]

Superseded by #536.