Skip to content

MAINT: Bump the minor-and-patch group with 8 updates#2114

Open
dependabot[bot] wants to merge 3 commits into
mainfrom
dependabot/uv/minor-and-patch-e63007c678
Open

MAINT: Bump the minor-and-patch group with 8 updates#2114
dependabot[bot] wants to merge 3 commits into
mainfrom
dependabot/uv/minor-and-patch-e63007c678

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 8 updates:

Package From To
alembic 1.18.4 1.18.5
fastapi 0.138.0 0.138.2
openai 2.43.0 2.44.0
pillow 12.2.0 12.3.0
playwright 1.60.0 1.61.0
ty 0.0.53 0.0.55
pytest-rerunfailures 16.3 16.4
ruff 0.15.19 0.15.20

Updates alembic from 1.18.4 to 1.18.5

Release notes

Sourced from alembic's releases.

1.18.5

Released: June 25, 2026

usecase

  • [usecase] [commands] Added --splice support to the merge() command. Previously, the merge command would suggest using --splice when attempting to merge non-head revisions, but the flag was not actually accepted by the command. The splice parameter is now available in both the command-line interface and the command.merge() function, matching the existing support in command.revision(). Pull request courtesy Kadir Can Ozden.

    References: #1712

  • [usecase] [environment] Added ScriptDirectory.get_heads.consider_depends_on parameter to ScriptDirectory.get_heads(). When set to True, head revisions that are also a dependency of another revision via depends_on are excluded from the result, matching the effective heads that would be present in the alembic_version table after running all upgrades.

    References: #1806

bug

  • [bug] [autogenerate] Fixed rendering of dialect keyword arguments containing ~sqlalchemy.schema.Column objects within sequences, such as postgresql_include. These were previously rendered using repr(), producing invalid Python in the generated migration scripts. Column objects within list or tuple values are now correctly rendered as their string column names. Pull request courtesy Ajay Singh.

    References: #1258

  • [bug] [mysql] Implemented type comparison for ENUM datatypes on MySQL, which checks that the individual enum values are equivalent. If additional entries are on either side, this generates a diff. Changes of order do not generate a diff. Pull request courtesy Furkan Köykıran.

    References: #1745, #779

  • [bug] [operations] Fixed bug where the inline_references parameter of Operations.add_column() did not include foreign key referential actions such as ON DELETE, ON UPDATE, DEFERRABLE, INITIALLY, and MATCH when rendering the inline REFERENCES clause.

... (truncated)

Commits

Updates fastapi from 0.138.0 to 0.138.2

Release notes

Sourced from fastapi's releases.

0.138.1

Refactors

  • ♻️ Refactor Library Skills, make info easier to find for agents. PR #15841 by @​tiangolo.

Internal

Commits
  • 702fea8 🔖 Release version 0.138.2 (#15864)
  • 6466865 📝 Update release notes
  • b790e14 ♻️ Make app.frontend() return 404 for methods other than GET or HEAD wi...
  • c2708d9 📝 Update release notes
  • 403b1fa 🔧 Update sponsors: remove Stainless (#15862)
  • 1929ac2 📝 Update release notes
  • cba4158 ♻️ Refactor how sponsors data is handled for banners (#15852)
  • b90c49a 🔖 Release version 0.138.1 (#15842)
  • 1f2f3df 📝 Update release notes
  • 0af003a ♻️ Refactor Library Skills, make info easier to find for agents (#15841)
  • Additional commits viewable in compare view

Updates openai from 2.43.0 to 2.44.0

Release notes

Sourced from openai's releases.

v2.44.0

2.44.0 (2026-06-24)

Full Changelog: v2.43.0...v2.44.0

Bug Fixes

  • auth: prioritize first auth header (797e336)
Changelog

Sourced from openai's changelog.

2.44.0 (2026-06-24)

Full Changelog: v2.43.0...v2.44.0

Bug Fixes

  • auth: prioritize first auth header (797e336)
Commits

Updates pillow from 12.2.0 to 12.3.0

Release notes

Sourced from pillow's releases.

12.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.3.0.html

Removals

Documentation

Dependencies

Testing

... (truncated)

Commits
  • bb1d8e8 12.3.0 version bump
  • e63fc48 Add release notes for SBOM and performance improvements (#9747)
  • 13b701b Add release notes for #9679
  • 5564ca7 List methods
  • a0920fd Speed up ImageChops operations (#9738)
  • 07e9a6c Speed up Image.filter() (#9736)
  • a94578c Speed up Image.getchannel(), Image.merge(), Image.putalpha() and `Image...
  • 53e02c4 Speed up Image.fill(), Image.linear_gradient() and `Image.radial_gradient...
  • af03747 Speed up Image.resample() (#9739)
  • 5c9ca56 Speed up alpha_composite, matrix, negative, quantize (#9740)
  • Additional commits viewable in compare view

Updates playwright from 1.60.0 to 1.61.0

Release notes

Sourced from playwright's releases.

v1.61.0

🔑 WebAuthn passkeys

New Credentials virtual authenticator, available via browserContext.credentials, lets tests register passkeys and answer navigator.credentials.create() / navigator.credentials.get() ceremonies in the page — no real hardware key required, works in all browsers:

context = browser.new_context()
Seed a passkey your backend provisioned for a test user.
context.credentials.create("example.com",
id=credential_id,
user_handle=user_handle,
private_key=private_key,
public_key=public_key,
)
context.credentials.install()
page = context.new_page()
page.goto("https://example.com/login")
The page's navigator.credentials.get() is answered with the seeded passkey.

You can also let the app register a passkey once in a setup test, read it back with credentials.get(), and seed it into later tests — see Credentials for details.

🗃️ Web Storage

New WebStorage API, available via page.localStorage and page.sessionStorage, reads and writes the page's storage for the current origin:

page.local_storage.set_item("token", "abc")
token = page.local_storage.get_item("token")
items = page.session_storage.items()

New APIs

🛠️ Other improvements

  • Playwright now supports Ubuntu 26.04.
  • HAR and trace recordings now include WebSocket requests.

Browser Versions

  • Chromium 149.0.7827.55
  • Mozilla Firefox 151.0
  • WebKit 26.5

This version was also tested against the following stable channels:

... (truncated)

Commits
  • bd499b2 build(deps): bump typing-extensions from 4.14.1 to 4.15.0 (#3119)
  • 5b318a5 build(deps): bump mypy from 1.19.1 to 2.1.0 (#3117)
  • e6bfce9 build(deps): bump actions/checkout from 6 to 7 in the actions group across 1 ...
  • 2b41bf8 devops(driver): assemble driver from npm package and Node.js builds (#3122)
  • f75d727 feat(docker): add Ubuntu 26.04 (Resolute Raccoon) image (#3113)
  • 613c3bf chore(roll): v1.61.0 (#3102)
  • f7c6259 chore(python): drop Python 3.9, add 3.14 (#3109)
  • 0d7c116 build(deps-dev): bump setuptools from 80.9.0 to 82.0.1 (#3105)
  • 47ea94a build(deps): bump mypy from 1.17.1 to 1.19.1 (#3104)
  • 42d4b83 build(deps-dev): bump auditwheel from 6.4.0 to 6.4.2 (#3106)
  • Additional commits viewable in compare view

Updates ty from 0.0.53 to 0.0.55

Release notes

Sourced from ty's releases.

0.0.55

Release Notes

Released on 2026-06-26.

LSP server

  • Render full diagnostics in color (#26384)

Documentation

  • Document colored diagnostic output (#3858)

Performance

  • Improve vendored filesystem concurrency (#26408)
  • Optimize enum comparisons in equality evaluation (#26340)
  • Remove redundant semantic index shrinks (#26392)
  • Use never-change durability for one-shot checks (#26359)

Core type checking

  • Correct enum alias detection and scalar constructors (#26345)
  • Fix structural pattern binding inference (#26411)
  • Improve variable-length tuple slicing (#26151)
  • Infer class and mapping pattern bindings (#25941)
  • Infer empty collection constructors from later uses (#26389)
  • Skip shadowed submodule bindings during import analysis (#26385)
  • Sync vendored typeshed stubs (#26406). Typeshed diff
  • Track literal iterable emptiness for reachability (#25222)
  • Validate positional class patterns against __match_args__ (#26195)

Contributors

Install ty 0.0.55

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.55/ty-installer.sh | sh

Install prebuilt binaries via powershell script

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.55

Released on 2026-06-26.

LSP server

  • Render full diagnostics in color (#26384)

Documentation

  • Document colored diagnostic output (#3858)

Performance

  • Improve vendored filesystem concurrency (#26408)
  • Optimize enum comparisons in equality evaluation (#26340)
  • Remove redundant semantic index shrinks (#26392)
  • Use never-change durability for one-shot checks (#26359)

Core type checking

  • Correct enum alias detection and scalar constructors (#26345)
  • Fix structural pattern binding inference (#26411)
  • Improve variable-length tuple slicing (#26151)
  • Infer class and mapping pattern bindings (#25941)
  • Infer empty collection constructors from later uses (#26389)
  • Skip shadowed submodule bindings during import analysis (#26385)
  • Sync vendored typeshed stubs (#26406). Typeshed diff
  • Track literal iterable emptiness for reachability (#25222)
  • Validate positional class patterns against __match_args__ (#26195)

Contributors

0.0.54

Released on 2026-06-25.

Bug fixes

  • Avoid duplicate configuration error output (#26375)
  • Avoid stack overflows in reachability analysis (#26272)
  • Fix divergent recursive tuple cycle handling in ty (#26316)
  • Fix panic from relation queries during cycle recovery (#26335)

... (truncated)

Commits

Updates pytest-rerunfailures from 16.3 to 16.4

Changelog

Sourced from pytest-rerunfailures's changelog.

16.4 (2026-07-01)

Breaking changes ++++++++++++++++

  • Drop support for pytest 8.1. Minimum pytest version is now 8.2.

Features ++++++++

  • Add support for pytest 9.1.

  • Rerun tests with failed subtests. This feature is only available on pytest 9.0 and later. The pytest-subtests plugin is not supported. Fixes [#315](https://github.com/pytest-dev/pytest-rerunfailures/issues/315) <https://github.com/pytest-dev/pytest-rerunfailures/issues/315>_.

  • Add --reruns-delay-backoff-factor option (and the matching reruns_delay_backoff_factor marker kwarg / ini setting) to grow the rerun delay after each attempt for an exponential backoff. The delay before the n-th re-run is reruns_delay * reruns_delay_backoff_factor ** (n - 1). The default factor is 1.0, so existing behaviour (a constant delay) is unchanged.

Commits
  • e5a86e5 Preparing release 16.4
  • 4ddc213 Add --reruns-delay-backoff-factor for exponential rerun backoff (#336)
  • 483fce7 Bump the actions group with 2 updates (#337)
  • 9d7756f Drop support for pytest 8.1. Add support for pytest 9.1. (#335)
  • f095a51 Support rerunning on subtest errors in pytest 9.0 and newer (#330)
  • 89aeccc chore: drop redundant pyupgrade by Ruff UP, extend ruff config, drop setu...
  • 035bc11 Back to development: 16.4
  • See full diff in compare view

Updates ruff from 0.15.19 to 0.15.20

Release notes

Sourced from ruff's releases.

0.15.20

Release Notes

Released on 2026-06-25.

Preview features

  • Allow human-readable names in rule selectors (#25887)
  • Emit a warning instead of an error for unknown rule selectors (#26113)
  • Match noqa shebang handling in ruff:ignore comments (#26286)
  • [ruff] Remove pytest-fixture-autouse (RUF076) (#26240, #26371)

Documentation

  • Add versioning sections to custom crate READMEs (#26317)
  • Update ruff_python_parser README for crates.io (#26315)
  • [perflint] Clarify that PERF402 applies to any iterable (#26242)

Contributors

Install ruff 0.15.20

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.ps1 | iex"

Download ruff 0.15.20

File Platform Checksum
ruff-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
ruff-x86_64-apple-darwin.tar.gz Intel macOS checksum
ruff-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
ruff-i686-pc-windows-msvc.zip x86 Windows checksum
ruff-x86_64-pc-windows-msvc.zip x64 Windows checksum
ruff-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
ruff-i686-unknown-linux-gnu.tar.gz x86 Linux checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.20

Released on 2026-06-25.

Preview features

  • Allow human-readable names in rule selectors (#25887)
  • Emit a warning instead of an error for unknown rule selectors (#26113)
  • Match noqa shebang handling in ruff:ignore comments (#26286)
  • [ruff] Remove pytest-fixture-autouse (RUF076) (#26240, #26371)

Documentation

  • Add versioning sections to custom crate READMEs (#26317)
  • Update ruff_python_parser README for crates.io (#26315)
  • [perflint] Clarify that PERF402 applies to any iterable (#26242)

Contributors

Commits
  • f82a36b Bump 0.15.20 (#26376)
  • af32943 Improve the summarise-ecosystem-results skill (#26378)
  • 485ebab Remove RUF076 name from schema (#26371)
  • ef81835 [ty] Implement rust-analyzer's "Click for full compiler diagnostic" feature (...
  • 572b31e [ruff] Remove pytest-fixture-autouse (RUF076) (#26240)
  • f703f21 Allow human-readable names in rule selectors (#25887)
  • 0d726b2 [ty] Reuse equality semantics for membership compatibility (#25955)
  • dbe6e98 [ty] Infer definite equality comparison results (#26337)
  • e700ea3 [ty] Prove TypedDict structural patterns exhaustive (#26285)
  • 6a0d2ec [ty] Widen inferred class-valued instance attributes (#26338)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the minor-and-patch group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [alembic](https://github.com/sqlalchemy/alembic) | `1.18.4` | `1.18.5` |
| [fastapi](https://github.com/fastapi/fastapi) | `0.138.0` | `0.138.2` |
| [openai](https://github.com/openai/openai-python) | `2.43.0` | `2.44.0` |
| [pillow](https://github.com/python-pillow/Pillow) | `12.2.0` | `12.3.0` |
| [playwright](https://github.com/microsoft/playwright-python) | `1.60.0` | `1.61.0` |
| [ty](https://github.com/astral-sh/ty) | `0.0.53` | `0.0.55` |
| [pytest-rerunfailures](https://github.com/pytest-dev/pytest-rerunfailures) | `16.3` | `16.4` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.19` | `0.15.20` |


Updates `alembic` from 1.18.4 to 1.18.5
- [Release notes](https://github.com/sqlalchemy/alembic/releases)
- [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES)
- [Commits](https://github.com/sqlalchemy/alembic/commits)

Updates `fastapi` from 0.138.0 to 0.138.2
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.138.0...0.138.2)

Updates `openai` from 2.43.0 to 2.44.0
- [Release notes](https://github.com/openai/openai-python/releases)
- [Changelog](https://github.com/openai/openai-python/blob/main/CHANGELOG.md)
- [Commits](openai/openai-python@v2.43.0...v2.44.0)

Updates `pillow` from 12.2.0 to 12.3.0
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@12.2.0...12.3.0)

Updates `playwright` from 1.60.0 to 1.61.0
- [Release notes](https://github.com/microsoft/playwright-python/releases)
- [Commits](microsoft/playwright-python@v1.60.0...v1.61.0)

Updates `ty` from 0.0.53 to 0.0.55
- [Release notes](https://github.com/astral-sh/ty/releases)
- [Changelog](https://github.com/astral-sh/ty/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ty@0.0.53...0.0.55)

Updates `pytest-rerunfailures` from 16.3 to 16.4
- [Changelog](https://github.com/pytest-dev/pytest-rerunfailures/blob/master/CHANGES.rst)
- [Commits](pytest-dev/pytest-rerunfailures@16.3...16.4)

Updates `ruff` from 0.15.19 to 0.15.20
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.19...0.15.20)

---
updated-dependencies:
- dependency-name: alembic
  dependency-version: 1.18.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: fastapi
  dependency-version: 0.138.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: openai
  dependency-version: 2.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: pillow
  dependency-version: 12.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: playwright
  dependency-version: 1.61.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: ty
  dependency-version: 0.0.55
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: pytest-rerunfailures
  dependency-version: '16.4'
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: ruff
  dependency-version: 0.15.20
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 1, 2026
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@romanlutz romanlutz self-assigned this Jul 1, 2026
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants