Skip to content

Bump the python-packages group with 5 updates#331

Merged
MTSOnGithub merged 1 commit intodevelopfrom
dependabot/uv/python-packages-860449e6d8
Feb 5, 2026
Merged

Bump the python-packages group with 5 updates#331
MTSOnGithub merged 1 commit intodevelopfrom
dependabot/uv/python-packages-860449e6d8

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 5, 2026

Bumps the python-packages group with 5 updates:

Package From To
fastapi 0.128.0 0.128.1
alembic 1.18.2 1.18.3
pyjwt 2.10.1 2.11.0
coverage 7.13.2 7.13.3
prek 0.3.0 0.3.1

Updates fastapi from 0.128.0 to 0.128.1

Release notes

Sourced from fastapi's releases.

0.128.1

Features

  • ✨ Add viewport meta tag to improve Swagger UI on mobile devices. PR #14777 by @​Joab0.
  • 🚸 Improve error message for invalid query parameter type annotations. PR #14479 by @​retwish.

Fixes

  • 🐛 Update ValidationError schema to include input and ctx. PR #14791 by @​jonathan-fulton.
  • 🐛 Fix TYPE_CHECKING annotations for Python 3.14 (PEP 649). PR #14789 by @​mgu.
  • 🐛 Strip whitespaces from Authorization header credentials. PR #14786 by @​WaveTheory1.
  • 🐛 Fix OpenAPI duplication of anyOf refs for app-level responses with specified content and model as Union. PR #14463 by @​DJMcoder.

Refactors

Docs

Translations

... (truncated)

Commits

Updates alembic from 1.18.2 to 1.18.3

Release notes

Sourced from alembic's releases.

1.18.3

Released: January 29, 2026

bug

  • [bug] [autogenerate] Fixed regression in version 1.18.0 due to #1771 where autogenerate would raise NoReferencedTableError when a foreign key constraint referenced a table that was not part of the initial table load, including tables filtered out by the EnvironmentContext.configure.include_name callable or tables in remote schemas that were not included in the initial reflection run.

    The change in #1771 was a performance optimization that eliminated additional reflection queries for tables that were only referenced by foreign keys but not explicitly included in the main reflection run. However, this optimization inadvertently removed the creation of Table objects for these referenced tables, causing autogenerate to fail when processing foreign key constraints that pointed to them.

    The fix creates placeholder Table objects for foreign key targets that are not reflected, allowing the autogenerate comparison to proceed without error while maintaining the performance improvement from #1771. When multiple foreign keys reference different columns in the same filtered table, the placeholder table accumulates all necessary columns. These placeholder tables may be visible when using the EnvironmentContext.configure.include_object callable to inspect ForeignKeyConstraint objects; they will have the name, schema and basic column information for the relevant columns present.

    References: #1787

  • [bug] [general] Fixed regression caused by #1669 which requires SQLAlchemy objects to support generic type subscripting; for the older SQLAlchemy 1.4 series, this requires version 1.4.23. Changed the minimum requirements to require version 1.4.23 rather than 1.4.0.

    References: #1788

Commits

Updates pyjwt from 2.10.1 to 2.11.0

Release notes

Sourced from pyjwt's releases.

2.11.0

What's Changed

... (truncated)

Changelog

Sourced from pyjwt's changelog.

v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0>__

Fixed


- Enforce ECDSA curve validation per RFC 7518 Section 3.4.
- Fix build system warnings by @kurtmckee in `[#1105](https://github.com/jpadilla/pyjwt/issues/1105) <https://github.com/jpadilla/pyjwt/pull/1105>`__
- Validate key against allowed types for Algorithm family in `[#964](https://github.com/jpadilla/pyjwt/issues/964) <https://github.com/jpadilla/pyjwt/pull/964>`__
- Add iterator for JWKSet in `[#1041](https://github.com/jpadilla/pyjwt/issues/1041) <https://github.com/jpadilla/pyjwt/pull/1041>`__
- Validate `iss` claim is a string during encoding and decoding by @pachewise in `[#1040](https://github.com/jpadilla/pyjwt/issues/1040) <https://github.com/jpadilla/pyjwt/pull/1040>`__
- Improve typing/logic for `options` in decode, decode_complete by @pachewise in `[#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045>`__
- Declare float supported type for lifespan and timeout by @nikitagashkov in `[#1068](https://github.com/jpadilla/pyjwt/issues/1068) <https://github.com/jpadilla/pyjwt/pull/1068>`__
- Fix ``SyntaxWarning``\s/``DeprecationWarning``\s caused by invalid escape sequences by @kurtmckee in `[#1103](https://github.com/jpadilla/pyjwt/issues/1103) <https://github.com/jpadilla/pyjwt/pull/1103>`__
- Development: Build a shared wheel once to speed up test suite setup times by @kurtmckee in `[#1114](https://github.com/jpadilla/pyjwt/issues/1114) <https://github.com/jpadilla/pyjwt/pull/1114>`__
- Development: Test type annotations across all supported Python versions,
  increase the strictness of the type checking, and remove the mypy pre-commit hook
  by @kurtmckee in `[#1112](https://github.com/jpadilla/pyjwt/issues/1112) <https://github.com/jpadilla/pyjwt/pull/1112>`__

Added

  • Support Python 3.14, and test against PyPy 3.10 and 3.11 by @​kurtmckee in [#1104](https://github.com/jpadilla/pyjwt/issues/1104) <https://github.com/jpadilla/pyjwt/pull/1104>__
  • Development: Migrate to build to test package building in CI by @​kurtmckee in [#1108](https://github.com/jpadilla/pyjwt/issues/1108) <https://github.com/jpadilla/pyjwt/pull/1108>__
  • Development: Improve coverage config and eliminate unused test suite code by @​kurtmckee in [#1115](https://github.com/jpadilla/pyjwt/issues/1115) <https://github.com/jpadilla/pyjwt/pull/1115>__
  • Docs: Standardize CHANGELOG links to PRs by @​kurtmckee in [#1110](https://github.com/jpadilla/pyjwt/issues/1110) <https://github.com/jpadilla/pyjwt/pull/1110>__
  • Docs: Fix Read the Docs builds by @​kurtmckee in [#1111](https://github.com/jpadilla/pyjwt/issues/1111) <https://github.com/jpadilla/pyjwt/pull/1111>__
  • Docs: Add example of using leeway with nbf by @​djw8605 in [#1034](https://github.com/jpadilla/pyjwt/issues/1034) <https://github.com/jpadilla/pyjwt/pull/1034>__
  • Docs: Refactored docs with autodoc; added PyJWS and jwt.algorithms docs by @​pachewise in [#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045>__
  • Docs: Documentation improvements for "sub" and "jti" claims by @​cleder in [#1088](https://github.com/jpadilla/pyjwt/issues/1088) <https://github.com/jpadilla/pyjwt/pull/1088>__
  • Development: Add pyupgrade as a pre-commit hook by @​kurtmckee in [#1109](https://github.com/jpadilla/pyjwt/issues/1109) <https://github.com/jpadilla/pyjwt/pull/1109>__
  • Add minimum key length validation for HMAC and RSA keys (CWE-326). Warns by default via InsecureKeyLengthWarning when keys are below minimum recommended lengths per RFC 7518 Section 3.2 (HMAC) and NIST SP 800-131A (RSA). Pass enforce_minimum_key_length=True in options to PyJWT or PyJWS to raise InvalidKeyError instead.
  • Refactor PyJWT to own an internal PyJWS instance instead of calling global api_jws functions.
Commits

Updates coverage from 7.13.2 to 7.13.3

Changelog

Sourced from coverage's changelog.

Version 7.13.3 — 2026-02-03

  • Fix: in some situations, third-party code was measured when it shouldn't have been, slowing down test execution. This happened with layered virtual environments such as uv sometimes makes. The problem is fixed, closing issue 2082_. Now any directory on sys.path that is inside a virtualenv is considered third-party code.

.. _issue 2082: coveragepy/coveragepy#2082

.. _changes_7-13-2:

Commits
  • 6bf962f docs: sample HTML for 7.13.3
  • 9f2e54c docs: prep for 7.13.3
  • 6208c42 fix: find third-party packages in more locations. #2082
  • edb5016 refactor: make dataclass imports uniform
  • b05826a chore: bump actions/setup-python in the action-dependencies group (#2126)
  • b519e17 refactor: no need for ox_profile connection
  • 775f1cb build: remove pudb, I can install it if I need it
  • 0ccb1fe chore: make upgrade
  • e9e2a0e chore: bump actions/checkout in the action-dependencies group (#2122)
  • 77e1a04 chore: make upgrade
  • Additional commits viewable in compare view

Updates prek from 0.3.0 to 0.3.1

Release notes

Sourced from prek's releases.

0.3.1

Release Notes

Released on 2026-01-31.

Enhancements

  • Add language: swift support (#1463)
  • Add language: haskell support (#1484)
  • Extract go version constraint from go.mod (#1457)
  • Warn when config file exists but fails to parse (#1487)
  • Add GitHub artifact attestations to release and build-docker workflow (#1494, #1497)
  • Allow GIT_CONFIG_PARAMETERS for private repository authentication (#1472)
  • Show progress bar when running builtin hooks (#1504)

Bug fixes

  • Cap ARG_MAX at 1<<19 for safety (#1506)
  • Don't check Python executable path in health check (#1496)

Documentation

  • Include CocoIndex as a project using prek (#1477)
  • Add commands for artifact verification using GitHub Attestations (#1500)

Contributors

Install prek 0.3.1

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/j178/prek/releases/download/v0.3.1/prek-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/j178/prek/releases/download/v0.3.1/prek-installer.ps1 | iex"

Install prebuilt binaries via Homebrew

... (truncated)

Changelog

Sourced from prek's changelog.

0.3.1

Released on 2026-01-31.

Enhancements

  • Add language: swift support (#1463)
  • Add language: haskell support (#1484)
  • Extract go version constraint from go.mod (#1457)
  • Warn when config file exists but fails to parse (#1487)
  • Add GitHub artifact attestations to release and build-docker workflow (#1494, #1497)
  • Allow GIT_CONFIG_PARAMETERS for private repository authentication (#1472)
  • Show progress bar when running builtin hooks (#1504)

Bug fixes

  • Cap ARG_MAX at 1<<19 for safety (#1506)
  • Don't check Python executable path in health check (#1496)

Documentation

  • Include CocoIndex as a project using prek (#1477)
  • Add commands for artifact verification using GitHub Attestations (#1500)

Contributors

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the python-packages group with 5 updates
3f1ba04 
Bumps the python-packages group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.128.1` |
| [alembic](https://github.com/sqlalchemy/alembic) | `1.18.2` | `1.18.3` |
| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.10.1` | `2.11.0` |
| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.2` | `7.13.3` |
| [prek](https://github.com/j178/prek) | `0.3.0` | `0.3.1` |


Updates `fastapi` from 0.128.0 to 0.128.1
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.128.0...0.128.1)

Updates `alembic` from 1.18.2 to 1.18.3
- [Release notes](https://github.com/sqlalchemy/alembic/releases)
- [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES)
- [Commits](https://github.com/sqlalchemy/alembic/commits)

Updates `pyjwt` from 2.10.1 to 2.11.0
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](jpadilla/pyjwt@2.10.1...2.11.0)

Updates `coverage` from 7.13.2 to 7.13.3
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.13.2...7.13.3)

Updates `prek` from 0.3.0 to 0.3.1
- [Release notes](https://github.com/j178/prek/releases)
- [Changelog](https://github.com/j178/prek/blob/master/CHANGELOG.md)
- [Commits](j178/prek@v0.3.0...v0.3.1)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.128.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: alembic
  dependency-version: 1.18.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: pyjwt
  dependency-version: 2.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: coverage
  dependency-version: 7.13.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: prek
  dependency-version: 0.3.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the type:dependency Dependency-related changes label Feb 5, 2026
@MTSOnGithub MTSOnGithub enabled auto-merge (rebase) February 5, 2026 05:33
@MTSOnGithub MTSOnGithub merged commit 546afdc into develop Feb 5, 2026
26 checks passed
@MTSOnGithub MTSOnGithub deleted the dependabot/uv/python-packages-860449e6d8 branch February 5, 2026 05:44
@github-actions
Copy link

github-actions bot commented Feb 5, 2026

Coverage

Coverage Report •
FileStmtsMissCoverMissing
TOTAL531161488% 
report-only-changed-files is enabled. No files were changed during this commit :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MTSOnGithub MTSOnGithub MTSOnGithub approved these changes

Assignees

No one assigned

Labels

type:dependency Dependency-related changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MTSOnGithub