Skip to content

deps(server): bump the python-server-minor group in /server with 5 updates#11

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/server/python-server-minor-ce6f002c5f
Closed

deps(server): bump the python-server-minor group in /server with 5 updates#11
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/server/python-server-minor-ce6f002c5f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jan 12, 2026

Copy link
Copy Markdown

Bumps the python-server-minor group in /server with 5 updates:

Package From To
alembic 1.13.2 1.18.0
fastapi 0.115.6 0.128.0
pydantic-settings 2.4.0 2.12.0
sqlalchemy 2.0.32 2.0.45
uvicorn[standard] 0.30.5 0.40.0

Updates alembic from 1.13.2 to 1.18.0

Release notes

Sourced from alembic's releases.

1.18.0

Released: January 9, 2026

feature

  • [feature] [operations] When alembic is run in "verbose" mode, alembic now logs a message to indicate from which file is used to load the configuration.

    References: #1737

  • [feature] [autogenerate] Autogenerate reflection sweeps now use the "bulk" inspector methods introduced in SQLAlchemy 2.0, which for selected dialects including PostgreSQL and Oracle use batched queries to reflect whole collections of tables using O(1) queries rather than O(N).

    References: #1771

  • [feature] [autogenerate] Release 1.18.0 introduces a plugin system that allows for automatic loading of third-party extensions as well as configurable autogenerate compare functionality on a per-environment basis.

    The Plugin class provides a common interface for extensions that register handlers among Alembic's existing extension points such as Operations.register_operation() and Operations.implementation_for(). A new interface for registering autogenerate comparison handlers, Plugin.add_autogenerate_comparator(), provides for autogenerate compare functionality that may be custom-configured on a per-environment basis using the new EnvironmentContext.configure.autogenerate_plugins parameter.

    The change does not impact well known Alembic add-ons such as alembic-utils, which continue to work as before; however, such add-ons have the option to provide plugin entrypoints going forward.

    As part of this change, Alembic's autogenerate compare functionality is reorganized into a series of internal plugins under the alembic.autogenerate namespace, which may be individually or collectively identified for inclusion and/or exclusion within the EnvironmentContext.configure() call using a new parameter EnvironmentContext.configure.autogenerate_plugins. This parameter is also where third party comparison plugins may also be indicated.

    See alembic.plugins.toplevel for complete documentation on the new Plugin class as well as autogenerate-specific usage instructions.

... (truncated)

Commits

Updates fastapi from 0.115.6 to 0.128.0

Release notes

Sourced from fastapi's releases.

0.128.0

Breaking Changes

Internal

0.127.1

Refactors

Docs

Translations

Internal

0.127.0

Breaking Changes

Translations

  • 🔧 Add LLM prompt file for Korean, generated from the existing translations. PR #14546 by @​tiangolo.
  • 🔧 Add LLM prompt file for Japanese, generated from the existing translations. PR #14545 by @​tiangolo.

Internal

0.126.0

Upgrades

  • ➖ Drop support for Pydantic v1, keeping short temporary support for Pydantic v2's pydantic.v1. PR #14575 by @​tiangolo.

... (truncated)

Commits

Updates pydantic-settings from 2.4.0 to 2.12.0

Release notes

Sourced from pydantic-settings's releases.

v2.12.0

What's Changed

New Contributors

Full Changelog: pydantic/pydantic-settings@v2.11.0...v2.12.0

v2.11.0

What's Changed

New Contributors

Full Changelog: pydantic/pydantic-settings@2.10.1...v2.11.0

v2.10.1

What's Changed

... (truncated)

Commits

Updates sqlalchemy from 2.0.32 to 2.0.45

Release notes

Sourced from sqlalchemy's releases.

2.0.45

Released: December 9, 2025

orm

  • [orm] [bug] Fixed issue where calling Mapper.add_property() within mapper event hooks such as MapperEvents.instrument_class(), MapperEvents.after_mapper_constructed(), or MapperEvents.before_mapper_configured() would raise an AttributeError because the mapper's internal property collections were not yet initialized. The Mapper.add_property() method now handles early-stage property additions correctly, allowing properties including column properties, deferred columns, and relationships to be added during mapper initialization events. Pull request courtesy G Allajmi.

    References: #12858

  • [orm] [bug] Fixed issue in Python 3.14 where dataclass transformation would fail when a mapped class using MappedAsDataclass included a relationship() referencing a class that was not available at runtime (e.g., within a TYPE_CHECKING block). This occurred when using Python 3.14's PEP 649 deferred annotations feature, which is the default behavior without a from __future__ import annotations directive.

    References: #12952

examples

  • [examples] [bug] Fixed the "short_selects" performance example where the cache was being used in all the examples, making it impossible to compare performance with and without the cache. Less important comparisons like "lambdas" and "baked queries" have been removed.

sql

  • [sql] [bug] Some improvements to the _sql.ClauseElement.params() method to replace bound parameters in a query were made, however the ultimate issue in #12915 involving ORM _orm.aliased() cannot be fixed fully until 2.1, where the method is being rewritten to work without relying on Core cloned traversal.

    References: #12915

  • [sql] [bug] Fixed issue where using the ColumnOperators.in_() operator with a nested CompoundSelect statement (e.g. an INTERSECT of UNION queries) would raise a NotImplementedError when the

... (truncated)

Commits

Updates uvicorn[standard] from 0.30.5 to 0.40.0

Release notes

Sourced from uvicorn[standard]'s releases.

Version 0.40.0

What's Changed

Full Changelog: Kludex/uvicorn@0.39.0...0.40.0

Version 0.39.0

What's Changed

New Contributors

Full Changelog: Kludex/uvicorn@0.38.0...0.39.0

Version 0.38.0

What's Changed


New Contributors

Full Changelog: Kludex/uvicorn@0.37.0...0.38.0

Version 0.37.0

What's Changed

New Contributors

Full Changelog: Kludex/uvicorn@0.36.1...0.37.0

Version 0.36.1

What's Changed

Full Changelog: Kludex/uvicorn@0.36.0...0.36.1

Version 0.36.0

Added

... (truncated)

Changelog

Sourced from uvicorn[standard]'s changelog.

0.40.0 (December 21, 2025)

Remove

  • Drop support for Python 3.9 (#2772)

0.39.0 (December 21, 2025)

Fixed

  • Send close frame on ASGI return for WebSockets (#2769)
  • Explicitly start ASGI run with empty context (#2742)

0.38.0 (October 18, 2025)

Added

  • Support Python 3.14 (#2723)

0.37.0 (September 23, 2025)

Added

  • Add --timeout-worker-healthcheck option (#2711)
  • Add os.PathLike[str] type to ssl_ca_certs (#2676)

0.36.1 (September 23, 2025)

Fixed

  • Raise an exception when calling removed Config.setup_event_loop() (#2709)

0.36.0 (September 20, 2025)

Added

  • Support custom IOLOOPs (#2435)
  • Allow to provide importable string in --http, --ws and --loop (#2658)

0.35.0 (June 28, 2025)

Added

  • Add WebSocketsSansIOProtocol (#2540)

Changed

  • Refine help message for option --proxy-headers (#2653)

0.34.3 (June 1, 2025)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot @github

dependabot Bot commented on behalf of github Jan 12, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: dependencies, python, server. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@coderabbitai

coderabbitai Bot commented Jan 12, 2026

Copy link
Copy Markdown

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.


Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions

github-actions Bot commented Jan 12, 2026

Copy link
Copy Markdown

Test Results (ubuntu-latest/Python 3.11)

0 tests  ±0   0 ✅ ±0   0s ⏱️ ±0s
0 suites ±0   0 💤 ±0 
0 files   ±0   0 ❌ ±0 

Results for commit 199b4ce. ± Comparison against base commit 8d433a7.

♻️ This comment has been updated with latest results.

@github-actions

github-actions Bot commented Jan 12, 2026

Copy link
Copy Markdown

Test Results (ubuntu-latest/Python 3.12)

0 tests  ±0   0 ✅ ±0   0s ⏱️ ±0s
0 suites ±0   0 💤 ±0 
0 files   ±0   0 ❌ ±0 

Results for commit 199b4ce. ± Comparison against base commit 8d433a7.

♻️ This comment has been updated with latest results.

@dependabot dependabot Bot force-pushed the dependabot/pip/server/python-server-minor-ce6f002c5f branch from 263d6ef to 7f92122 Compare January 13, 2026 23:30
Bumps the python-server-minor group in /server with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [alembic](https://github.com/sqlalchemy/alembic) | `1.13.2` | `1.18.0` |
| [fastapi](https://github.com/fastapi/fastapi) | `0.115.6` | `0.128.0` |
| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.4.0` | `2.12.0` |
| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.32` | `2.0.45` |
| [uvicorn[standard]](https://github.com/Kludex/uvicorn) | `0.30.5` | `0.40.0` |


Updates `alembic` from 1.13.2 to 1.18.0
- [Release notes](https://github.com/sqlalchemy/alembic/releases)
- [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES)
- [Commits](https://github.com/sqlalchemy/alembic/commits)

Updates `fastapi` from 0.115.6 to 0.128.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.115.6...0.128.0)

Updates `pydantic-settings` from 2.4.0 to 2.12.0
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@v2.4.0...v2.12.0)

Updates `sqlalchemy` from 2.0.32 to 2.0.45
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

Updates `uvicorn[standard]` from 0.30.5 to 0.40.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.30.5...0.40.0)

---
updated-dependencies:
- dependency-name: alembic
  dependency-version: 1.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-server-minor
- dependency-name: fastapi
  dependency-version: 0.128.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-server-minor
- dependency-name: pydantic-settings
  dependency-version: 2.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-server-minor
- dependency-name: sqlalchemy
  dependency-version: 2.0.45
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-server-minor
- dependency-name: uvicorn[standard]
  dependency-version: 0.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-server-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/server/python-server-minor-ce6f002c5f branch from 7f92122 to 199b4ce Compare January 14, 2026 02:30
@TechNavii TechNavii closed this Jan 14, 2026
@TechNavii TechNavii deleted the dependabot/pip/server/python-server-minor-ce6f002c5f branch January 14, 2026 04:45
@dependabot @github

dependabot Bot commented on behalf of github Jan 14, 2026

Copy link
Copy Markdown
Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant