deps(dev): bump the python-dev-minor group with 15 updates

[dependabot]

Bumps the python-dev-minor group with 15 updates:

Package	From	To
bandit	1.8.0	1.9.2
hypothesis	6.135.0	6.150.1
mypy	1.13.0	1.19.1
openapi-spec-validator	0.7.1	0.7.2
pip-licenses	5.0.0	5.5.0
pre-commit	4.0.1	4.5.1
pytest-benchmark	5.1.0	5.2.3
requests	2.32.3	2.32.5
ruff	0.8.4	0.14.11
types-requests	2.32.0.20241016	2.32.4.20260107
alembic	1.13.2	1.18.0
fastapi	0.115.6	0.128.0
pydantic-settings	2.4.0	2.12.0
sqlalchemy	2.0.32	2.0.45
uvicorn[standard]	0.30.5	0.40.0

Updates bandit from 1.8.0 to 1.9.2

Release notes

Sourced from bandit's releases.

1.9.2

What's Changed

• Argparse Python 3.14 enhancements by @​ericwb in PyCQA/bandit#1331
• Check whether Constant value is str by @​ericwb in PyCQA/bandit#1333

Full Changelog: PyCQA/bandit@1.9.1...1.9.2

1.9.1

What's Changed

• More Python version related fixes by @​ericwb in PyCQA/bandit#1327

Full Changelog: PyCQA/bandit@1.9.0...1.9.1

1.9.0

What's Changed

• Add instructions for Maintainers to create/publish a release by @​ericwb in PyCQA/bandit#1275
• Bump sigstore/cosign-installer from 3.9.1 to 3.9.2 by @​dependabot[bot] in PyCQA/bandit#1289
• Bump docker/login-action from 3.4.0 to 3.5.0 by @​dependabot[bot] in PyCQA/bandit#1290
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1291
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in PyCQA/bandit#1292
• Replace deprecated datetime.datetime.utcnow() by @​purplezimmermann in PyCQA/bandit#1295
• Bump actions/setup-python from 5 to 6 by @​dependabot[bot] in PyCQA/bandit#1296
• Bump sigstore/cosign-installer from 3.9.2 to 3.10.0 by @​dependabot[bot] in PyCQA/bandit#1298
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1303
• Fix typos by @​Shortfinga in PyCQA/bandit#1305
• Bump docker/login-action from 3.5.0 to 3.6.0 by @​dependabot[bot] in PyCQA/bandit#1306
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1315
• Bump sigstore/cosign-installer from 3.10.0 to 4.0.0 by @​dependabot[bot] in PyCQA/bandit#1317
• Support of Python 3.14 by @​ericwb in PyCQA/bandit#1323
• Drop support of end-of-life Python 3.9 by @​ericwb in PyCQA/bandit#1325
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1324

New Contributors

• @​purplezimmermann made their first contribution in PyCQA/bandit#1295
• @​Shortfinga made their first contribution in PyCQA/bandit#1305

Full Changelog: PyCQA/bandit@1.8.6...1.9.0

1.8.6

What's Changed

• Bump sigstore/cosign-installer from 3.8.2 to 3.9.0 by @​dependabot in PyCQA/bandit#1279
• Bump docker/setup-buildx-action from 3.10.0 to 3.11.1 by @​dependabot in PyCQA/bandit#1278
• added hint to FreeBSD package in doc/source/integrations.rst by @​daniel-mohr in PyCQA/bandit#1282
• Bump sigstore/cosign-installer from 3.9.0 to 3.9.1 by @​dependabot in PyCQA/bandit#1284
• Huggingface revision pinning by @​lukehinds in PyCQA/bandit#1281

New Contributors

• @​daniel-mohr made their first contribution in PyCQA/bandit#1282

... (truncated)

Commits

• ea0d187 Check whether Constant value is str (#1333)
• 8bf7594 Argparse Python 3.14 enhancements (#1331)
• a255dfa More Python version related fixes (#1327)
• 3f07bb0 [pre-commit.ci] pre-commit autoupdate (#1324)
• c8c3fb8 Drop support of end-of-life Python 3.9 (#1325)
• 5c30350 Support of Python 3.14 (#1323)
• e1ffdf6 Bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#1317)
• 176d4ca [pre-commit.ci] pre-commit autoupdate (#1315)
• 2fc3e9c Bump docker/login-action from 3.5.0 to 3.6.0 (#1306)
• 6a68546 Fix typos (#1305)
• Additional commits viewable in compare view

Updates hypothesis from 6.135.0 to 6.150.1

Release notes

Sourced from hypothesis's releases.

Hypothesis for Python - version 6.150.1

This patch fixes a bug where "recursive()" would fail in cases where the "extend=" function does not reference it's argument - which was assumed by the recent "min_leaves=" feature, because the strategy can't actually recurse otherwise. (issue #4638)

Now, the historical behavior is working-but-deprecated, or an error if you explicitly pass "min_leaves=".

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.150.0

This release adds a "min_leaves" argument to "recursive()", which ensures that generated recursive structures have at least the specified number of leaf nodes (issue #4205).

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.149.1

Add type hints to an internal class.

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.149.0

This release extends the explain-phase "# or any other generated value" comments to sub-arguments within "builds()", "tuples()", and "fixed_dictionaries()".

Previously, these comments only appeared on top-level test arguments. Now, when the explain phase determines that a sub-argument can vary freely without affecting the test failure, you'll see comments like:

Falsifying example: test_foo( obj=MyClass( x=0, # or any other generated value y=True, ), data=( '', # or any other generated value 42, ), )

This makes it easier to understand which parts of complex inputs actually matter for reproducing a failure.

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.148.13

Clean up an internal helper.

... (truncated)

Commits

• 174c1f1 Bump hypothesis-python version to 6.150.1 and update changelog
• 8cc1f38 Merge pull request #4639 from Zac-HD/fix-recursive-strategy
• 6541d3c Merge branch 'master' into fix-recursive-strategy
• 4a322b4 Merge pull request #4641 from Liam-DeVoe/test-updates
• a0082e8 spacing
• b1bc5c2 update changelog
• cf5af6a various test updates and fixes
• 178e31e Merge pull request #4640 from HypothesisWorks/create-pull-request/patch
• 2b6c06f fix recursion
• c50f187 Update pinned dependencies
• Additional commits viewable in compare view

Updates mypy from 1.13.0 to 1.19.1

Changelog

Sourced from mypy's changelog.

Mypy 1.19.1

• Fix noncommutative joins with bounded TypeVars (Shantanu, PR 20345)
• Respect output format for cached runs by serializing raw errors in cache metas (Ivan Levkivskyi, PR 20372)
• Allow types.NoneType in match cases (A5rocks, PR 20383)
• Fix mypyc generator regression with empty tuple (BobTheBuidler, PR 20371)
• Fix crash involving Unpack-ed TypeVarTuple (Shantanu, PR 20323)
• Fix crash on star import of redefinition (Ivan Levkivskyi, PR 20333)
• Fix crash on typevar with forward ref used in other module (Ivan Levkivskyi, PR 20334)
• Fail with an explicit error on PyPy (Ivan Levkivskyi, PR 20389)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

• A5rocks
• BobTheBuidler
• bzoracler
• Chainfire
• Christoph Tyralla
• David Foster
• Frank Dana
• Guo Ci
• iap
• Ivan Levkivskyi
• James Hilton-Balfe
• jhance
• Joren Hammudoglu
• Jukka Lehtosalo
• KarelKenens
• Kevin Kannammalil
• Marc Mueller
• Michael Carlstrom
• Michael J. Sullivan
• Piotr Sawicki
• Randolf Scholz
• Shantanu
• Sigve Sebastian Farstad
• sobolevn
• Stanislav Terliakov
• Stephen Morton
• Theodore Ando
• Thiago J. Barbalho
• wyattscarpenter

I’d also like to thank my employer, Dropbox, for supporting mypy development.

Mypy 1.18

We’ve just uploaded mypy 1.18.1 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance

... (truncated)

Commits

• 412c19a Bump version to 1.19.1
• 20aea0a Update changelog for 1.19.1 (#20414)
• 2b23b50 Serialize raw errors in cache metas (#20372)
• f60f90f Fail on PyPy in main instead of setup.py (#20389)
• 58d485b Fail with an explicit error on PyPy (#20384)
• a4b31a2 Allow types.NoneType in match cases (#20383)
• 8a6eff4 [mypyc] fix generator regression with empty tuple (#20371)
• 70eceea Fix noncommutative joins with bounded TypeVars (#20345)
• 3890fc4 Fix crash involving Unpack-ed TypeVarTuple (#20323)
• c93d917 Fix crash on star import of redefinition (#20333)
• Additional commits viewable in compare view

Updates openapi-spec-validator from 0.7.1 to 0.7.2

Release notes

Sourced from openapi-spec-validator's releases.

0.7.2

Fixes

• Allow undefined required properties #312
• Extract extra options recursively #391

Commits

• 42dad2f Version 0.7.2
• cbf99da Merge pull request #391 from tembleking/fix-recursive-extra-options
• ae91d80 Added _collect_properties function missing type annotation
• 8f069ee fix: extract extra options recursively
• 4970181 Merge pull request #384 from python-openapi/fix/artifact-actions-fix
• db82563 Artifact actions fix
• 762b0c8 Merge pull request #377 from python-openapi/dependabot/docker/python-3.12.6-a...
• dbd0d48 Merge pull request #364 from python-openapi/dependabot/pip/certifi-2024.7.4
• b92647c Merge pull request #365 from python-openapi/dependabot/pip/sphinx-immaterial-...
• 7df88d9 Merge pull request #367 from python-openapi/dependabot/pip/zipp-3.19.1
• Additional commits viewable in compare view

Updates pip-licenses from 5.0.0 to 5.5.0

Release notes

Sourced from pip-licenses's releases.

v-5.5.0

Patch Notes for v-5.5.0

• Minor Security updates
• Initial Implementation of PEP-639 support
• Initial support for builtin tomllib for Python 3.11+ (reducing external dependencies by 1)
• Fixes an edge case where packages are named with version info.
• Declares support for Python 3.13 & 3.14

Impacted GHI:

• Closes #225
• Closes #232

• Contributed to #236

Included and Superseded PRs

• includes and supersedes #210
• includes and supersedes #213
• includes and supersedes #214
• includes and supersedes #215
• includes and supersedes #218
• includes and supersedes #219
• includes and supersedes #222
• includes and supersedes #230

---

Changelog

Sourced from pip-licenses's changelog.

5.5.0

• Replace dependency on tomli with builtin tomllib for Python 3.11
• Added support for License-Expression metadata field, see PEP 639
• Added --from=expression option
• Breaking change: The --from=all output now includes the License-Expression value
• Fixed KeyError with --partial and --allow-only if a license matches multiple allowed licenses.
• Declare support for Python 3.13 and 3.14
• Added RST/Sphinx workflow example for --with-license-file option in documentation

Commits

• 67e539e [FEATURE] Release Attestation
• 72342f7 Minor refactor for duplicate ids
• 363b272 Minor fix for continuous deployment setup logic
• 2818ae4 [YANK] minor fixes to v-5.5.0rc1 -- bump to rc2
• 5456cf7 [UPDATE] Improved CI/CD (and version 5.5 bump)
• 99100d0 [MERGE] pull request #218 from cdce8p/python-313
• 8980be4 Declare support for Python 3.13 and 3.14
• 1bec845 [MERGE] pull request #238 from raimon49/patch-partial-matching-refactor-231
• 379fce6 Add additional test case.
• 863ccf2 [MERGE] pull request #219 from cdce8p/update-build-system
• Additional commits viewable in compare view

Updates pre-commit from 4.0.1 to 4.5.1

Release notes

Sourced from pre-commit's releases.

pre-commit v4.5.1

Fixes

• Fix language: python with repo: local without additional_dependencies.
  • #3597 PR by @​asottile.

pre-commit v4.5.0

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

pre-commit v4.4.0

Features

• Add --fail-fast option to pre-commit run.
  • #3528 PR by @​JulianMaurin.
• Upgrade ruby-build / rbenv.
  • #3566 PR by @​asottile.
  • #3565 issue by @​MRigal.
• Add language: unsupported / language: unsupported_script as aliases for language: system / language: script (which will eventually be deprecated).
  • #3577 PR by @​asottile.
• Add support docker-in-docker detection for cgroups v2.
  • #3535 PR by @​br-rhrbacek.
  • #3360 issue by @​JasonAlt.

Fixes

• Handle when docker gives SecurityOptions: null.
  • #3537 PR by @​asottile.
  • #3514 issue by @​jenstroeger.
• Fix error context for invalid stages in .pre-commit-config.yaml.
  • #3576 PR by @​asottile.

pre-commit v4.3.0

Features

• language: docker / language: docker_image: detect rootless docker.
  • #3446 PR by @​matthewhughes934.
  • #1243 issue by @​dkolepp.
• language: julia: avoid startup.jl when executing hooks.
  • #3496 PR by @​ericphanson.
• language: dart: support latest dart versions which require a higher sdk lower bound.
  • #3507 PR by @​bc-lee.

pre-commit v4.2.0

Features

• For language: python first attempt a versioned python executable for the default language version before consulting a potentially unversioned sys.executable.
  • #3430 PR by @​asottile.

Fixes

• Handle error during conflict detection when a file is named "HEAD"
  • #3425 PR by @​tusharsadhwani.

... (truncated)

Changelog

Sourced from pre-commit's changelog.

4.5.1 - 2025-12-16

Fixes

• Fix language: python with repo: local without additional_dependencies.
  • #3597 PR by @​asottile.

4.5.0 - 2025-11-22

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

4.4.0 - 2025-11-08

Features

• Add --fail-fast option to pre-commit run.
  • #3528 PR by @​JulianMaurin.
• Upgrade ruby-build / rbenv.
  • #3566 PR by @​asottile.
  • #3565 issue by @​MRigal.
• Add language: unsupported / language: unsupported_script as aliases for language: system / language: script (which will eventually be deprecated).
  • #3577 PR by @​asottile.
• Add support docker-in-docker detection for cgroups v2.
  • #3535 PR by @​br-rhrbacek.
  • #3360 issue by @​JasonAlt.

Fixes

• Handle when docker gives SecurityOptions: null.
  • #3537 PR by @​asottile.
  • #3514 issue by @​jenstroeger.
• Fix error context for invalid stages in .pre-commit-config.yaml.
  • #3576 PR by @​asottile.

4.3.0 - 2025-08-09

Features

• language: docker / language: docker_image: detect rootless docker.
  • #3446 PR by @​matthewhughes934.
  • #1243 issue by @​dkolepp.
• language: julia: avoid startup.jl when executing hooks.
  • #3496 PR by @​ericphanson.
• language: dart: support latest dart versions which require a higher sdk lower bound.
  • #3507 PR by @​bc-lee.

... (truncated)

Commits

• 8a0630c v4.5.1
• fcbc745 Merge pull request #3597 from pre-commit/empty-setup-py
• 51592ee fix python local template when artifact dirs are present
• 67e8faf Merge pull request #3596 from pre-commit/pre-commit-ci-update-config
• c251e6b [pre-commit.ci] pre-commit autoupdate
• 98ccafa Merge pull request #3593 from pre-commit/pre-commit-ci-update-config
• 4895355 [pre-commit.ci] pre-commit autoupdate
• 2cedd58 Merge pull request #3588 from pre-commit/pre-commit-ci-update-config
• 465192d [pre-commit.ci] pre-commit autoupdate
• fd42f96 Merge pull request #3586 from pre-commit/zipapp-sha256-file-not-needed
• Additional commits viewable in compare view

Updates pytest-benchmark from 5.1.0 to 5.2.3

Changelog

Sourced from pytest-benchmark's changelog.

v5.2.3 (2025-11-09)

• Add support for pytest 9.0.
• Moved the README.rst/CHANGELOG.rst concatenation from setup.py to pyproject.toml.

v5.2.2 (2025-11-07)

• Fixed auto-disable to work with newer xdist (pytest-benchmark auto disables benchmarks if xdist is enabled by design). Contributed by Thomas B. Brunner in [#294](https://github.com/ionelmc/pytest-benchmark/issues/294) <https://github.com/ionelmc/pytest-benchmark/pull/294>_.

v5.2.1 (2025-11-04)

• Add markers so pytest doesn't try to assert-rewrite the plugin internals (fixes those pytest.PytestAssertRewriteWarning: Module already imported so cannot be rewritten; pytest_benchmark warnings).

v5.2.0 (2025-10-30)

• Added support for a per-round teardown function to pedantic mode. Contributed Patrick Winter by [#264](https://github.com/ionelmc/pytest-benchmark/issues/264) <https://github.com/ionelmc/pytest-benchmark/pull/264>_.
• Added --benchmark-time-unit option. Contributed by Tony Kuo in [#281](https://github.com/ionelmc/pytest-benchmark/issues/281) <https://github.com/ionelmc/pytest-benchmark/pull/281>_.
• Fixed deprecated hook examples in docstrings. Contributed by Ali-Akber Saifee in [#284](https://github.com/ionelmc/pytest-benchmark/issues/284) <https://github.com/ionelmc/pytest-benchmark/pull/284>_.
• Changed --benchmark-compare-fail to accept percentages higher than 100%. Contributed by Ben Avrahami in [#280](https://github.com/ionelmc/pytest-benchmark/issues/280) <https://github.com/ionelmc/pytest-benchmark/pull/280>_.
• Added minimal typing support. Contributed by Sorin Sbarnea in [#290](https://github.com/ionelmc/pytest-benchmark/issues/290) <https://github.com/ionelmc/pytest-benchmark/pull/290>_.
• Fixed support for Python 3.9. Contributed by Enno Gotthold in [#291](https://github.com/ionelmc/pytest-benchmark/issues/291) <https://github.com/ionelmc/pytest-benchmark/pull/291>_.
• Replaced the complicated and broken code of pytest_benchmark.utils.clonefunc with a simple return of the input. That function was supposed to allow benchmarking with the cost of PyPy JIT included but it's a hassle to maintain.
• Moved the instrumentation pause outside the round loops (in addition to tracing, profiling is paused too). Pedantic mode will keep doing this per round (as the user manually controls the round count). This is necessary because in some scenarios setting and unsetting the tracer too much will overflow an internal counter (found to cause "OverflowError: events set too many times" at least on Python 3.13).

Commits

• b857483 Bump version: 5.2.2 → 5.2.3
• 7f5abf9 Add a note about the readme.
• b8e5f53 Fix bad wrap.
• 931d50f Add back some escapes. Oops.
• d5c2f7e Add support for pytest 9.0. Fixes #295.
• 9a3888a Move readme+changelog extraction to static pyproject config.
• d34bf73 Bump version: 5.2.1 → 5.2.2
• cf2ac34 Bump prek.
• 8bfc327 Improve formatting (docutils chokes on those arguments with colons and bracke...
• 190b487 Prefix all headings with letters to allow docutils or whatever generate stabl...
• Additional commits viewable in compare view

Updates requests from 2.32.3 to 2.32.5

Release notes

Sourced from requests's releases.

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

v2.32.4

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS. (#6926)
• Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS.
• Dropped support for pypy 3.9 following its end of support.

Commits

• b25c87d v2.32.5
• 131e506 Merge pull request #7010 from psf/dependabot/github_actions/actions/checkout-...
• b336cb2 Bump actions/checkout from 4.2.0 to 5.0.0
• 46e939b Update publish workflow to use artifact-id instead of name
• 4b9c546 Merge pull request #6999 from psf/dependabot/github_actions/step-security/har...
• 7618dbe Bump step-security/harden-runner from 2.12.0 to 2.13.0
• 2edca11 Add support for Python 3.14 and drop support for Python 3.8 (#6993)
• fec96cd Update Makefile rules (#6996)
• d58d8aa docs: clarify timeout parameter uses seconds in Session.request (#6994)
• 91a3eab Bump github/codeql-action from 3.28.5 to 3.29.0
• Additional commits viewable in compare view

Updates ruff from 0.8.4 to 0.14.11

Release notes

Sourced from ruff's releases.

0.14.11

Release Notes

Released on 2026-01-08.

Preview features

• Consolidate diagnostics for matched disable/enable suppression comments (#22099)
• Report diagnostics for invalid/unmatched range suppression comments (#21908)
• [airflow] Passing positional argument into airflow.lineage.hook.HookLineageCollector.create_asset is not allowed (AIR303) (#22046)
• [refurb] Mark FURB192 fix as always unsafe (#22210)
• [ruff] Add non-empty-init-module (RUF067) (#22143)

Bug fixes

• Fix GitHub format for multi-line diagnostics (#22108)
• [flake8-unused-arguments] Mark **kwargs in TypeVar as used (ARG001) (#22214)

Rule changes

• Add help: subdiagnostics for several Ruff rules that can sometimes appear to disagree with ty (#22331)
• [pylint] Demote PLW1510 fix to display-only (#22318)
• [pylint] Ignore identical members (PLR1714) (#22220)
• [pylint] Improve diagnostic range for PLC0206 (#22312)
• [ruff] Improve fix title for RUF102 invalid rule code (#22100)
• [flake8-simplify]: Avoid unnecessary builtins import for SIM105 (#22358)

Configuration

• Allow Python 3.15 as valid target-version value in preview (#22419)
• Check required-version before parsing rules (#22410)
• Include configured src directories when resolving graphs (#22451)

Documentation

• Update T201 suggestion to not use root logger to satisfy LOG015 (#22059)
• Fix iter example in unsafe fixes doc (#22118)
• [flake8_print] better suggestion for basicConfig in T201 docs (#22101)
• [pylint] Restore the fix safety docs for PLW0133 (#22211)
• Fix Jupyter notebook discovery info for editors (#22447)

Contributors

• @​charliermarsh
• @​ntBre
• @​cenviity
• @​njhearp
• @​cbachhuber
• @​jelle-openai
• @​AlexWaygood

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.11

Released on 2026-01-08.

Preview features

• Consolidate diagnostics for matched disable/enable suppression comments (#22099)
• Report diagnostics for invalid/unmatched range suppression comments (#21908)
• [airflow] Passing positional argument into airflow.lineage.hook.HookLineageCollector.create_asset is not allowed (AIR303) (#22046)
• [refurb] Mark FURB192 fix as always unsafe (#22210)
• [ruff] Add non-empty-init-module (RUF067) (#22143)

Bug fixes

• Fix GitHub format for multi-line diagnostics (#22108)
• [flake8-unused-arguments] Mark **kwargs in TypeVar as used (ARG001) (#22214)

Rule changes

• Add help: subdiagnostics for several Ruff rules that can sometimes appear to disagree with ty (#22331)
• [pylint] Demote PLW1510 fix to display-only (#22318)
• [pylint] Ignore identical members (PLR1714) (#22220)
• [pylint] Improve diagnostic range for PLC0206 (#22312)
• [ruff] Improve fix title for RUF102 invalid rule code (#22100)
• [flake8-simplify]: Avoid unnecessary builtins import for SIM105 (#22358)

Configuration

• Allow Python 3.15 as valid target-version value in preview (#22419)
• Check required-version before parsing rules (#22410)
• Include configured src directories when resolving graphs (#22451)

Documentation

• Update T201 suggestion to not use root logger to satisfy LOG015 (#22059)
• Fix iter example in unsafe fixes doc (#22118)
• [flake8_print] better suggestion for basicConfig in T201 docs (#22101)
• [pylint] Restore the fix safety docs for PLW0133 (#22211)
• Fix Jupyter notebook discovery info for editors (#22447)

Contributors

• @​charliermarsh
• @​ntBre
• @​cenviity
• @​njhearp
• @​cbachhuber
• @​jelle-openai
• @​AlexWaygood
• @​ValdonVitija

... (truncated)

Commits

• c920cf8 Bump 0.14.11 (#22462)
• bb757b5 [ty] Don't show diagnostics for excluded files (#22455)
• 1f49e8e Include configured src directories when resolving graphs (#22451)
• 701f513 [ty] Only consider fully static pivots when deriving transitive constraints (...
• eea9ad8 Pin maturin version (#22454)
• eeac2bd [ty] Optimize union building for unions with many enum-literal members (#22363)
• 7319c37 docs: fix jupyter notebook discovery info for editors (#22447)
• 805503c [ruff] Improve fix title for RUF102 invalid rule code (#22100)
• 68a2f6c [ty] Fix super() with TypeVar-annotated self and cls parameter (#22208)
• abaa735 [ty] Improve UnionBuilder performance by changing Type::is_subtype_of cal...
• Additional commits viewable in compare view

Updates types-requests from 2.32.0.20241016 to 2.32.4.20260107

Commits

• See full diff in compare view

Updates alembic from 1.13.2 to 1.18.0

Release notes

Sourced from alembic's releases.

1.18.0

Released: January 9, 2026

feature

• [feature] [operations] When alembic is run in "verbose" mode, alembic now logs a message to indicate from which file is used to load the configuration.

  References: #1737

• [feature] [autogenerate] Autogenerate reflection sweeps now use the "bulk" inspector methods introduced in SQLAlchemy 2.0, which for selected dialects including PostgreSQL and Oracle use batched queries to reflect whole collections of tables using O(1) queries rather than O(N).

  References: #1771

• [feature] [autogenerate] Release 1.18.0 introduces a plugin system that allows for automatic loading of third-party extensions as well as configurable autogenerate compare functionality on a per-environment basis.

  The Plugin class provides a common interface for extensions that register handlers among Alembic's existing extension points such as Operations.register_operation() and Operations.implementation_for(). A new interface for registering autogenerate comparison handlers, Plugin.add_autogenerate_comparator(), provides for autogenerate compare functionality that may be custom-configured on a per-environment basis using the new EnvironmentContext.configure.autogenerate_plugins parameter.

  The change does not impact well known Alembic add-ons such as alembic-utils, which continue to work as before; however, such add-ons have the option to provide plugin entrypoints going forward.

  As part of this change, Alembic's autogenerate compare functionality is reorganized into a series of internal plugins under the alembic.autogenerate...

  Description has been truncated

[dependabot]

Labels

The following labels could not be found: dependencies, dev, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Test Results (ubuntu-latest/Python 3.12)

0 tests   - 576   0 ✅ ±  0   0s ⏱️ -58s
0 suites  -   1   0 💤 ±  0 
0 files    -   1   0 ❌  - 576 

Results for commit e211143. ± Comparison against base commit 80ecdd6.

♻️ This comment has been updated with latest results.

[github-actions]

Test Results (ubuntu-latest/Python 3.11)

0 tests   - 576   0 ✅ ±  0   0s ⏱️ -55s
0 suites  -   1   0 💤 ±  0 
0 files    -   1   0 ❌  - 576 

Results for commit e211143. ± Comparison against base commit 80ecdd6.

♻️ This comment has been updated with latest results.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.