Skip to content

chore(deps): Bump the python-minor group in /backend with 10 updates#266

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/backend/python-minor-ec212a1894
Closed

chore(deps): Bump the python-minor group in /backend with 10 updates#266
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/backend/python-minor-ec212a1894

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Feb 9, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-minor group in /backend with 10 updates:

Package From To
fastapi 0.128.0 0.128.5
starlette 0.50.0 0.52.1
sqlalchemy 2.0.45 2.0.46
alembic 1.17.2 1.18.3
pymongo 4.15.5 4.16.0
pyjwt 2.10.1 2.11.0
cryptography 46.0.3 46.0.4
prometheus-client 0.23.1 0.24.1
psutil 7.2.1 7.2.2
aiosmtplib 5.0.0 5.1.0

Updates fastapi from 0.128.0 to 0.128.5

Release notes

Sourced from fastapi's releases.

0.128.5

Refactors

  • ♻️ Refactor and simplify Pydantic v2 (and v1) compatibility internal utils. PR #14862 by @​tiangolo.

Internal

  • ✅ Add inline snapshot tests for OpenAPI before changes from Pydantic v2. PR #14864 by @​tiangolo.

0.128.4

Refactors

  • ♻️ Refactor internals, simplify Pydantic v2/v1 utils, create_model_field, better types for lenient_issubclass. PR #14860 by @​tiangolo.
  • ♻️ Simplify internals, remove Pydantic v1 only logic, no longer needed. PR #14857 by @​tiangolo.
  • ♻️ Refactor internals, cleanup unneeded Pydantic v1 specific logic. PR #14856 by @​tiangolo.

Translations

Internal

0.128.3

Refactors

  • ♻️ Re-implement on_event in FastAPI for compatibility with the next Starlette, while keeping backwards compatibility. PR #14851 by @​tiangolo.

Upgrades

  • ⬆️ Upgrade Starlette supported version range to starlette>=0.40.0,<1.0.0. PR #14853 by @​tiangolo.

Translations

Internal

  • 👷 Run tests with Starlette from git. PR #14849 by @​tiangolo.
  • 👷 Run tests with lower bound uv sync, upgrade fastapi[all] minimum dependencies: ujson >=5.8.0, orjson >=3.9.3. PR #14846 by @​tiangolo.

0.128.2

Features

Fixes

... (truncated)

Commits
  • dedf140 🔖 Release version 0.128.5
  • 79d4dfb 📝 Update release notes
  • 9f4ecf5 ✅ Add inline snapshot tests for OpenAPI before changes from Pydantic v2 (#14864)
  • c48539f 📝 Update release notes
  • 2e7d375 ♻️ Refactor and simplify Pydantic v2 (and v1) compatibility internal utils (#...
  • 8eac94b 🔖 Release version 0.128.4
  • 58cdfc7 📝 Update release notes
  • d59fbc3 ♻️ Refactor internals, simplify Pydantic v2/v1 utils, create_model_field, b...
  • cc6ced6 📝 Update release notes
  • cf55bad ♻️ Simplify internals, remove Pydantic v1 only logic, no longer needed (#14857)
  • Additional commits viewable in compare view

Updates starlette from 0.50.0 to 0.52.1

Release notes

Sourced from starlette's releases.

Version 0.52.1

What's Changed


Full Changelog: Kludex/starlette@0.52.0...0.52.1

Version 0.52.0

In this release, State can be accessed using dictionary-style syntax for improved type safety (#3036).

from collections.abc import AsyncIterator
from contextlib import asynccontextmanager
from typing import TypedDict
import httpx
from starlette.applications import Starlette
from starlette.requests import Request
class State(TypedDict):
http_client: httpx.AsyncClient
@​asynccontextmanager
async def lifespan(app: Starlette) -> AsyncIterator[State]:
async with httpx.AsyncClient() as client:
yield {"http_client": client}
async def homepage(request: Request[State]):
client = request.state["http_client"]
# If you run the below line with mypy or pyright, it will reveal the correct type.
reveal_type(client)  # Revealed type is 'httpx.AsyncClient'

See Accessing State for more details.


Full Changelog: Kludex/starlette@0.51.0...0.52.0

Version 0.51.0

Added

  • Add allow_private_network in CORSMiddleware #3065.

Changed

... (truncated)

Changelog

Sourced from starlette's changelog.

0.52.1 (January 18, 2026)

Fixed

  • Only use typing_extensions in older Python versions #3109.

0.52.0 (January 18, 2026)

In this release, State can be accessed using dictionary-style syntax for improved type safety (#3036).

from collections.abc import AsyncIterator
from contextlib import asynccontextmanager
from typing import TypedDict
import httpx
from starlette.applications import Starlette
from starlette.requests import Request
class State(TypedDict):
http_client: httpx.AsyncClient
@​asynccontextmanager
async def lifespan(app: Starlette) -> AsyncIterator[State]:
async with httpx.AsyncClient() as client:
yield {"http_client": client}
async def homepage(request: Request[State]):
client = request.state["http_client"]
# If you run the below line with mypy or pyright, it will reveal the correct type.
reveal_type(client)  # Revealed type is 'httpx.AsyncClient'

See Accessing State for more details.

0.51.0 (January 10, 2026)

Added

  • Add allow_private_network in CORSMiddleware #3065.

Changed

  • Increase warning stacklevel on DeprecationWarning for wsgi module #3082.
Commits

Updates sqlalchemy from 2.0.45 to 2.0.46

Release notes

Sourced from sqlalchemy's releases.

2.0.46

Released: January 21, 2026

typing

  • [typing] [bug] Fixed typing issues where ORM mapped classes and aliased entities could not be used as keys in result row mappings or as join targets in select statements. Patterns such as row._mapping[User], row._mapping[aliased(User)], row._mapping[with_polymorphic(...)] (rejected by both mypy and Pylance), and .join(aliased(User)) (rejected by Pylance) are documented and fully supported at runtime but were previously rejected by type checkers. The type definitions for _KeyType and _FromClauseArgument have been updated to accept these ORM entity types.

    References: #13075

postgresql

  • [postgresql] [bug] Fixed issue where PostgreSQL JSONB operators _postgresql.JSONB.Comparator.path_match() and _postgresql.JSONB.Comparator.path_exists() were applying incorrect VARCHAR casts to the right-hand side operand when used with newer PostgreSQL drivers such as psycopg. The operators now indicate the right-hand type as JSONPATH, which currently results in no casting taking place, but is also compatible with explicit casts if the implementation were require it at a later point.

    References: #13059

  • [postgresql] [bug] Fixed regression in PostgreSQL dialect where JSONB subscription syntax would generate incorrect SQL for cast() expressions returning JSONB, causing syntax errors. The dialect now properly wraps cast expressions in parentheses when using the [] subscription syntax, generating (CAST(...))[index] instead of CAST(...)[index] to comply with PostgreSQL syntax requirements. This extends the fix from #12778 which addressed the same issue for function calls.

    References: #13067

  • [postgresql] [bug] Improved the foreign key reflection regular expression pattern used by the PostgreSQL dialect to be more permissive in matching identifier characters, allowing it to correctly handle unicode characters in table and column names. This change improves compatibility with PostgreSQL variants such as CockroachDB that may use different quoting patterns in combination with unicode characters in their identifiers. Pull request courtesy Gord Thompson.

... (truncated)

Commits

Updates alembic from 1.17.2 to 1.18.3

Release notes

Sourced from alembic's releases.

1.18.3

Released: January 29, 2026

bug

  • [bug] [autogenerate] Fixed regression in version 1.18.0 due to #1771 where autogenerate would raise NoReferencedTableError when a foreign key constraint referenced a table that was not part of the initial table load, including tables filtered out by the EnvironmentContext.configure.include_name callable or tables in remote schemas that were not included in the initial reflection run.

    The change in #1771 was a performance optimization that eliminated additional reflection queries for tables that were only referenced by foreign keys but not explicitly included in the main reflection run. However, this optimization inadvertently removed the creation of Table objects for these referenced tables, causing autogenerate to fail when processing foreign key constraints that pointed to them.

    The fix creates placeholder Table objects for foreign key targets that are not reflected, allowing the autogenerate comparison to proceed without error while maintaining the performance improvement from #1771. When multiple foreign keys reference different columns in the same filtered table, the placeholder table accumulates all necessary columns. These placeholder tables may be visible when using the EnvironmentContext.configure.include_object callable to inspect ForeignKeyConstraint objects; they will have the name, schema and basic column information for the relevant columns present.

    References: #1787

  • [bug] [general] Fixed regression caused by #1669 which requires SQLAlchemy objects to support generic type subscripting; for the older SQLAlchemy 1.4 series, this requires version 1.4.23. Changed the minimum requirements to require version 1.4.23 rather than 1.4.0.

    References: #1788

1.18.2

Released: January 28, 2026

usecase

  • [usecase] [operations] The primary_key parameter on Column is now honored when Operations.add_column() is used, and will emit the "PRIMARY KEY" keyword inline within the ADD COLUMN directive. This is strictly a syntax

... (truncated)

Commits

Updates pymongo from 4.15.5 to 4.16.0

Release notes

Sourced from pymongo's releases.

PyMongo 4.16.0

Community notes:

Changelog

Sourced from pymongo's changelog.

Changes in Version 4.16.0 (2026/01/07)

PyMongo 4.16 brings a number of changes including:

  • Removed invalid documents from :class:bson.errors.InvalidDocument error messages as doing so may leak sensitive user data. Instead, invalid documents are stored in :attr:bson.errors.InvalidDocument.document.
  • PyMongo now requires dnspython>=2.6.1, since dnspython 1.0 is no longer maintained. The minimum version is 2.6.1 to account for CVE-2023-29483 <https://www.cve.org/CVERecord?id=CVE-2023-29483>_.
  • Removed support for Eventlet. Eventlet is actively being sunset by its maintainers and has compatibility issues with PyMongo's dnspython dependency.
  • Use Zstandard support from the standard library for Python 3.14+, and use backports.zstd for older versions.
  • Fixed return type annotation for find_one_and_* methods on :class:~pymongo.asynchronous.collection.AsyncCollection and :class:~pymongo.synchronous.collection.Collection to include None.
  • Added support for NumPy 1D-arrays in :class:bson.binary.BinaryVector.
  • Prevented :class:~pymongo.encryption.ClientEncryption from loading the crypt shared library to fix "MongoCryptError: An existing crypt_shared library is loaded by the application" unless the linked library search path is set.
Commits
  • 3290101 Prepare 4.16.0 release (#2672)
  • 1be94d2 PYTHON-5685 Fix unified spec sync metadata for csot and sessions tests (#2669)
  • 6585d9c PYTHON-2442: Refactor: use _asdict() in _options_dict() (#2670)
  • fdb1f7e PYTHON-5677 Prevent ClientEncryption from loading crypt shared library (#2659)
  • 0cd9763 Bump zizmorcore/zizmor-action from cb3d8e846e148d1111d90b03375b9c03deceda37 t...
  • 2f263d4 PYTHON-5680 Fix handling of expectedDocuments in Unified Test Runner (#2665)
  • e9658b2 Add 4.15.5 release date to changelog (#2666)
  • 10dd204 Update coverage[toml] requirement from <=7.10.6,>=5 to >=5,<=7.10.7 (#2662)
  • 1300677 [Spec Resync] 12-22-2025 (#2663)
  • 18c1f14 PYTHON-5529 Introduce optin setting to await for MinPoolSize population (#2664)
  • Additional commits viewable in compare view

Updates pyjwt from 2.10.1 to 2.11.0

Release notes

Sourced from pyjwt's releases.

2.11.0

What's Changed

... (truncated)

Changelog

Sourced from pyjwt's changelog.

v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0>__

Fixed


- Enforce ECDSA curve validation per RFC 7518 Section 3.4.
- Fix build system warnings by @kurtmckee in `[#1105](https://github.com/jpadilla/pyjwt/issues/1105) <https://github.com/jpadilla/pyjwt/pull/1105>`__
- Validate key against allowed types for Algorithm family in `[#964](https://github.com/jpadilla/pyjwt/issues/964) <https://github.com/jpadilla/pyjwt/pull/964>`__
- Add iterator for JWKSet in `[#1041](https://github.com/jpadilla/pyjwt/issues/1041) <https://github.com/jpadilla/pyjwt/pull/1041>`__
- Validate `iss` claim is a string during encoding and decoding by @pachewise in `[#1040](https://github.com/jpadilla/pyjwt/issues/1040) <https://github.com/jpadilla/pyjwt/pull/1040>`__
- Improve typing/logic for `options` in decode, decode_complete by @pachewise in `[#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045>`__
- Declare float supported type for lifespan and timeout by @nikitagashkov in `[#1068](https://github.com/jpadilla/pyjwt/issues/1068) <https://github.com/jpadilla/pyjwt/pull/1068>`__
- Fix ``SyntaxWarning``\s/``DeprecationWarning``\s caused by invalid escape sequences by @kurtmckee in `[#1103](https://github.com/jpadilla/pyjwt/issues/1103) <https://github.com/jpadilla/pyjwt/pull/1103>`__
- Development: Build a shared wheel once to speed up test suite setup times by @kurtmckee in `[#1114](https://github.com/jpadilla/pyjwt/issues/1114) <https://github.com/jpadilla/pyjwt/pull/1114>`__
- Development: Test type annotations across all supported Python versions,
  increase the strictness of the type checking, and remove the mypy pre-commit hook
  by @kurtmckee in `[#1112](https://github.com/jpadilla/pyjwt/issues/1112) <https://github.com/jpadilla/pyjwt/pull/1112>`__

Added

  • Support Python 3.14, and test against PyPy 3.10 and 3.11 by @​kurtmckee in [#1104](https://github.com/jpadilla/pyjwt/issues/1104) <https://github.com/jpadilla/pyjwt/pull/1104>__
  • Development: Migrate to build to test package building in CI by @​kurtmckee in [#1108](https://github.com/jpadilla/pyjwt/issues/1108) <https://github.com/jpadilla/pyjwt/pull/1108>__
  • Development: Improve coverage config and eliminate unused test suite code by @​kurtmckee in [#1115](https://github.com/jpadilla/pyjwt/issues/1115) <https://github.com/jpadilla/pyjwt/pull/1115>__
  • Docs: Standardize CHANGELOG links to PRs by @​kurtmckee in [#1110](https://github.com/jpadilla/pyjwt/issues/1110) <https://github.com/jpadilla/pyjwt/pull/1110>__
  • Docs: Fix Read the Docs builds by @​kurtmckee in [#1111](https://github.com/jpadilla/pyjwt/issues/1111) <https://github.com/jpadilla/pyjwt/pull/1111>__
  • Docs: Add example of using leeway with nbf by @​djw8605 in [#1034](https://github.com/jpadilla/pyjwt/issues/1034) <https://github.com/jpadilla/pyjwt/pull/1034>__
  • Docs: Refactored docs with autodoc; added PyJWS and jwt.algorithms docs by @​pachewise in [#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045>__
  • Docs: Documentation improvements for "sub" and "jti" claims by @​cleder in [#1088](https://github.com/jpadilla/pyjwt/issues/1088) <https://github.com/jpadilla/pyjwt/pull/1088>__
  • Development: Add pyupgrade as a pre-commit hook by @​kurtmckee in [#1109](https://github.com/jpadilla/pyjwt/issues/1109) <https://github.com/jpadilla/pyjwt/pull/1109>__
  • Add minimum key length validation for HMAC and RSA keys (CWE-326). Warns by default via InsecureKeyLengthWarning when keys are below minimum recommended lengths per RFC 7518 Section 3.2 (HMAC) and NIST SP 800-131A (RSA). Pass enforce_minimum_key_length=True in options to PyJWT or PyJWS to raise InvalidKeyError instead.
  • Refactor PyJWT to own an internal PyJWS instance instead of calling global api_jws functions.
Commits

Updates cryptography from 46.0.3 to 46.0.4

Changelog

Sourced from cryptography's changelog.

46.0.4 - 2026-01-27


* `Dropped support for win_arm64 wheels`_.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.

.. _v46-0-3:

Commits

Updates prometheus-client from 0.23.1 to 0.24.1

Release notes

Sourced from prometheus-client's releases.

v0.24.1

v0.24.0

What's Changed

Full Changelog: prometheus/client_python@v0.23.1...v0.24.0

Commits

Updates psutil from 7.2.1 to 7.2.2

Changelog

Sourced from psutil's changelog.

7.2.2

2026-01-28

Enhancements

  • 2705_: [Linux]: Process.wait()_ now uses pidfd_open() + poll() for waiting, resulting in no busy loop and faster response times. Requires Linux >= 5.3 and Python >= 3.9. Falls back to traditional polling if unavailable.
  • 2705_: [macOS], [BSD]: Process.wait()_ now uses kqueue() for waiting, resulting in no busy loop and faster response times.

Bug fixes

  • 2701_, [macOS]: fix compilation error on macOS < 10.7. (patch by Sergey Fedorov)
  • 2707_, [macOS]: fix potential memory leaks in error paths of Process.memory_full_info() and Process.threads().
  • 2708_, [macOS]: Process.cmdline()_ and Process.environ()_ may fail with ``OSError: [Errno 0] Undefined error`` (from ``sysctl(KERN_PROCARGS2)``). They now raise AccessDenied`_ instead.
Commits
  • 9eea97d Pre-release
  • 938ac64 Rm sphinxcontrib.googleanalytics; override layout.html
  • 9dcbb7e Add sphinxcontrib-googleanalytics to requirements.txt
  • 76eaf9a Try to add google analytics to doc
  • de1cafa Update doc mentioning Process.wait() internal details
  • bb30943 Refact can_use_pidfd_open() and can_use_kqueue()
  • a571717 #2708, macos / cmdline / environ; raise AD instead of OSError(0) (#2709)
  • 8b98c3e Pre-release
  • 700b7e6 [macOS] fix potential leaks in error paths (#2707)
  • 7cc7923 Windows / cmdline(): be more defensive in free()ing in case of error
  • Additional commits viewable in compare view

Updates aiosmtplib from 5.0.0 to 5.1.0

Release notes

Sourced from aiosmtplib's releases.

v5.1.0

What's Changed

  • Feature: Add XOAUTH2 authentication support

Full Changelog: cole/aiosmtplib@v5.0.0...v5.1.0

Changelog

Sourced from aiosmtplib's changelog.

5.1.0

  • Feature: Add XOAUTH2 authentication support
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Feb 9, 2026
@github-actions

github-actions Bot commented Feb 9, 2026

Copy link
Copy Markdown
Contributor

Dependency Update Analysis

Update Type: minor
Security Update: false
Risk Level: medium
Auto-merge Eligible: false

Analysis Details

  • PR Title: chore(deps): Bump the python-minor group in /backend with 10 updates
  • Updated by: dependabot[bot]
  • Branch: dependabot/pip/backend/python-minor-ec212a1894

Security Audit Results

Frontend (npm audit)

INFO - Unable to parse npm audit results

Backend (safety check)

INFO - Unable to parse safety check results

@github-actions

github-actions Bot commented Feb 9, 2026

Copy link
Copy Markdown
Contributor

Manual Review Required

This dependency update requires manual review:

Reason:

  • Update Type: minor
  • Risk Level: medium
  • Auto-merge Eligible: false

Review Checklist:

  • Review changelog for breaking changes
  • Test critical application paths
  • Verify security implications
  • Check for API compatibility
  • Validate configuration changes

Next Steps:

  1. Review the changes thoroughly
  2. Test locally if needed
  3. Approve and merge when ready

cc: @maintainers

Bumps the python-minor group in /backend with 10 updates:

| Package | From | To |
| --- | --- | --- |
| [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.5` |
| [starlette](https://github.com/Kludex/starlette) | `0.50.0` | `0.52.1` |
| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.45` | `2.0.46` |
| [alembic](https://github.com/sqlalchemy/alembic) | `1.17.2` | `1.18.3` |
| [pymongo](https://github.com/mongodb/mongo-python-driver) | `4.15.5` | `4.16.0` |
| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.10.1` | `2.11.0` |
| [cryptography](https://github.com/pyca/cryptography) | `46.0.3` | `46.0.4` |
| [prometheus-client](https://github.com/prometheus/client_python) | `0.23.1` | `0.24.1` |
| [psutil](https://github.com/giampaolo/psutil) | `7.2.1` | `7.2.2` |
| [aiosmtplib](https://github.com/cole/aiosmtplib) | `5.0.0` | `5.1.0` |


Updates `fastapi` from 0.128.0 to 0.128.5
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.128.0...0.128.5)

Updates `starlette` from 0.50.0 to 0.52.1
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@0.50.0...0.52.1)

Updates `sqlalchemy` from 2.0.45 to 2.0.46
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

Updates `alembic` from 1.17.2 to 1.18.3
- [Release notes](https://github.com/sqlalchemy/alembic/releases)
- [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES)
- [Commits](https://github.com/sqlalchemy/alembic/commits)

Updates `pymongo` from 4.15.5 to 4.16.0
- [Release notes](https://github.com/mongodb/mongo-python-driver/releases)
- [Changelog](https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst)
- [Commits](mongodb/mongo-python-driver@4.15.5...4.16.0)

Updates `pyjwt` from 2.10.1 to 2.11.0
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](jpadilla/pyjwt@2.10.1...2.11.0)

Updates `cryptography` from 46.0.3 to 46.0.4
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.3...46.0.4)

Updates `prometheus-client` from 0.23.1 to 0.24.1
- [Release notes](https://github.com/prometheus/client_python/releases)
- [Commits](prometheus/client_python@v0.23.1...v0.24.1)

Updates `psutil` from 7.2.1 to 7.2.2
- [Changelog](https://github.com/giampaolo/psutil/blob/master/HISTORY.rst)
- [Commits](giampaolo/psutil@release-7.2.1...release-7.2.2)

Updates `aiosmtplib` from 5.0.0 to 5.1.0
- [Release notes](https://github.com/cole/aiosmtplib/releases)
- [Changelog](https://github.com/cole/aiosmtplib/blob/main/CHANGELOG.rst)
- [Commits](cole/aiosmtplib@v5.0.0...v5.1.0)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.128.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: starlette
  dependency-version: 0.52.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: sqlalchemy
  dependency-version: 2.0.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: alembic
  dependency-version: 1.18.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: pymongo
  dependency-version: 4.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: pyjwt
  dependency-version: 2.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: cryptography
  dependency-version: 46.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: prometheus-client
  dependency-version: 0.24.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
- dependency-name: psutil
  dependency-version: 7.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor
- dependency-name: aiosmtplib
  dependency-version: 5.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/backend/python-minor-ec212a1894 branch from a4d4fb9 to 00e0f69 Compare February 9, 2026 18:01
@github-actions

github-actions Bot commented Feb 9, 2026

Copy link
Copy Markdown
Contributor

Dependency Update Analysis

Update Type: minor
Security Update: false
Risk Level: medium
Auto-merge Eligible: false

Analysis Details

  • PR Title: chore(deps): Bump the python-minor group in /backend with 10 updates
  • Updated by: dependabot[bot]
  • Branch: dependabot/pip/backend/python-minor-ec212a1894

Security Audit Results

Frontend (npm audit)

INFO - Unable to parse npm audit results

Backend (safety check)

INFO - Unable to parse safety check results

@github-actions

github-actions Bot commented Feb 9, 2026

Copy link
Copy Markdown
Contributor

Manual Review Required

This dependency update requires manual review:

Reason:

  • Update Type: minor
  • Risk Level: medium
  • Auto-merge Eligible: false

Review Checklist:

  • Review changelog for breaking changes
  • Test critical application paths
  • Verify security implications
  • Check for API compatibility
  • Validate configuration changes

Next Steps:

  1. Review the changes thoroughly
  2. Test locally if needed
  3. Approve and merge when ready

cc: @maintainers

@dependabot @github

dependabot Bot commented on behalf of github Feb 11, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Feb 11, 2026
@dependabot dependabot Bot deleted the dependabot/pip/backend/python-minor-ec212a1894 branch February 11, 2026 12:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file manual-review-required python Pull requests that update python code risk-medium update-minor

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants