From 2325ad2e1c95e1dd1fdefdc0961d0771278b7d7e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Mar 2026 15:35:44 +0100 Subject: [PATCH 1/6] chore(deps): bump the github-actions group with 3 updates (#746) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the github-actions group with 3 updates: [jakebailey/pyright-action](https://github.com/jakebailey/pyright-action), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `jakebailey/pyright-action` from 2 to 3
Release notes

Sourced from jakebailey/pyright-action's releases.

v3.0.0

v2.3.3

v2.3.2

... (truncated)

Commits

Updates `actions/upload-artifact` from 6 to 7
Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: https://github.com/actions/upload-artifact/compare/v6...v7.0.0

Commits

Updates `actions/download-artifact` from 7 to 8
Release notes

Sourced from actions/download-artifact's releases.

v8.0.0

v8 - What's new

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to false.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Full Changelog: https://github.com/actions/download-artifact/compare/v7...v8.0.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linter.yaml | 2 +- .github/workflows/python-publish.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/linter.yaml b/.github/workflows/linter.yaml index 7586b4db2..e3eb5c3df 100644 --- a/.github/workflows/linter.yaml +++ b/.github/workflows/linter.yaml @@ -43,7 +43,7 @@ jobs: - name: Run Pyright (Pylance equivalent) id: pyright continue-on-error: true - uses: jakebailey/pyright-action@v2 + uses: jakebailey/pyright-action@v3 with: pylance-version: latest-release diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml index c6e6da0fa..4fe4a7781 100644 --- a/.github/workflows/python-publish.yml +++ b/.github/workflows/python-publish.yml @@ -26,7 +26,7 @@ jobs: run: uv build - name: Upload distributions - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: release-dists path: dist/ @@ -40,7 +40,7 @@ jobs: steps: - name: Retrieve release distributions - uses: actions/download-artifact@v7 + uses: actions/download-artifact@v8 with: name: release-dists path: dist/ From 8b647bdc8ad38551a19ba6bdd566ac9f9c714ef8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Mar 2026 09:29:47 +0100 Subject: [PATCH 2/6] chore(deps): bump the all group with 13 updates (#747) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the all group with 13 updates: | Package | From | To | | --- | --- | --- | | [google-api-core](https://github.com/googleapis/google-cloud-python) | `2.29.0` | `2.30.0` | | [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.134.0` | | [sse-starlette](https://github.com/sysid/sse-starlette) | `3.2.0` | `3.3.2` | | [starlette](https://github.com/Kludex/starlette) | `0.50.0` | `0.52.1` | | [grpcio](https://github.com/grpc/grpc) | `1.76.0` | `1.78.0` | | [grpcio-tools](https://github.com/grpc/grpc) | `1.76.0` | `1.78.0` | | [grpcio-reflection](https://grpc.io) | `1.76.0` | `1.78.0` | | [datamodel-code-generator](https://github.com/koxudaxi/datamodel-code-generator) | `0.53.0` | `0.54.0` | | [ruff](https://github.com/astral-sh/ruff) | `0.14.14` | `0.15.4` | | [types-protobuf](https://github.com/typeshed-internal/stub_uploader) | `6.32.1.20251210` | `6.32.1.20260221` | | [autoflake](https://github.com/PyCQA/autoflake) | `2.3.1` | `2.3.3` | | [trio](https://github.com/python-trio/trio) | `0.32.0` | `0.33.0` | | [uvicorn](https://github.com/Kludex/uvicorn) | `0.40.0` | `0.41.0` | Updates `google-api-core` from 2.29.0 to 2.30.0
Release notes

Sourced from google-api-core's releases.

google-api-core: v2.30.0

2.30.0 (2026-02-17)

Bug Fixes

Commits

Updates `fastapi` from 0.128.0 to 0.134.0
Release notes

Sourced from fastapi's releases.

0.134.0

Features

  • ✨ Add support for streaming JSON Lines and binary data with yield. PR #15022 by @​tiangolo.
    • This also upgrades Starlette from >=0.40.0 to >=0.46.0, as it's needed to properly unrwap and re-raise exceptions from exception groups.
    • New docs: Stream JSON Lines.
    • And new docs: Stream Data.

Docs

  • 📝 Update Library Agent Skill with streaming responses. PR #15024 by @​tiangolo.
  • 📝 Update docs for responses and new stream with yield. PR #15023 by @​tiangolo.
  • 📝 Add await in StreamingResponse code example to allow cancellation. PR #14681 by @​casperdcl.
  • 📝 Rename docs_src/websockets to docs_src/websockets_ to avoid import errors. PR #14979 by @​YuriiMotov.

Internal

0.133.1

Features

Internal

0.133.0

Upgrades

0.132.1

Refactors

  • ♻️ Refactor logic to handle OpenAPI and Swagger UI escaping data. PR #14986 by @​tiangolo.

Internal

0.132.0

Breaking Changes

  • 🔒️ Add strict_content_type checking for JSON requests. PR #14978 by @​tiangolo.
    • Now FastAPI checks, by default, that JSON requests have a Content-Type header with a valid JSON value, like application/json, and rejects requests that don't.
    • If the clients for your app don't send a valid Content-Type header you can disable this with strict_content_type=False.

... (truncated)

Commits

Updates `sse-starlette` from 3.2.0 to 3.3.2
Release notes

Sourced from sse-starlette's releases.

v3.3.2

What's Changed

Full Changelog: https://github.com/sysid/sse-starlette/compare/v3.3.1...v3.3.2

v3.3.1

What's Changed

Full Changelog: https://github.com/sysid/sse-starlette/compare/v3.3.0...v3.3.1

v3.3.0

What's Changed

  • feat: expose shutdown event for cooperative generator shutdown (#167)

Full Changelog: https://github.com/sysid/sse-starlette/compare/v3.2.0...v3.3.0

Commits

Updates `starlette` from 0.50.0 to 0.52.1
Release notes

Sourced from starlette's releases.

Version 0.52.1

What's Changed

Full Changelog: https://github.com/Kludex/starlette/compare/0.52.0...0.52.1

Version 0.52.0

In this release, State can be accessed using dictionary-style syntax for improved type safety (#3036).

from collections.abc import AsyncIterator
from contextlib import asynccontextmanager
from typing import TypedDict

import httpx


from starlette.applications import Starlette
from starlette.requests import Request


class State(TypedDict):
http_client: httpx.AsyncClient


@​asynccontextmanager
async def lifespan(app: Starlette) -> AsyncIterator[State]:
async with httpx.AsyncClient() as client:
yield {"http_client": client}


async def homepage(request: Request[State]):
client = request.state["http_client"]
# If you run the below line with mypy or pyright, it will reveal the
correct type.
reveal_type(client)  # Revealed type is 'httpx.AsyncClient'

See Accessing State for more details.

Full Changelog: https://github.com/Kludex/starlette/compare/0.51.0...0.52.0

Version 0.51.0

Added

  • Add allow_private_network in CORSMiddleware #3065.

Changed

... (truncated)

Changelog

Sourced from starlette's changelog.

0.52.1 (January 18, 2026)

Fixed

  • Only use typing_extensions in older Python versions #3109.

0.52.0 (January 18, 2026)

In this release, State can be accessed using dictionary-style syntax for improved type safety (#3036).

from collections.abc import AsyncIterator
from contextlib import asynccontextmanager
from typing import TypedDict

import httpx


from starlette.applications import Starlette
from starlette.requests import Request


class State(TypedDict):
http_client: httpx.AsyncClient


@​asynccontextmanager
async def lifespan(app: Starlette) -> AsyncIterator[State]:
async with httpx.AsyncClient() as client:
yield {"http_client": client}


async def homepage(request: Request[State]):
client = request.state["http_client"]
# If you run the below line with mypy or pyright, it will reveal the
correct type.
reveal_type(client)  # Revealed type is 'httpx.AsyncClient'

See Accessing State for more details.

0.51.0 (January 10, 2026)

Added

  • Add allow_private_network in CORSMiddleware #3065.

Changed

  • Increase warning stacklevel on DeprecationWarning for wsgi module #3082.
Commits

Updates `grpcio` from 1.76.0 to 1.78.0
Release notes

Sourced from grpcio's releases.

Release v1.78.0

This is release 1.78.0 (gutsy) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

C++

  • adding address_sorting dep in naming test build. (#41045)

Objective-C

  • [Backport][v1.78.x][Fix][Compiler] Plugins fall back to the edition 2023 for older protobuf. (#41358)

Python

  • [python] aio: fix race condition causing asyncio.run() to hang forever during the shutdown process. (#40989)
  • [Python] Migrate to pyproject.toml build system from setup.py builds. (#40833)
  • [Python] Log error details when ExecuteBatchError occurs (at DEBUG level). (#40921)
  • [Python] Update setuptools min version to 77.0.1 . (#40931)

Ruby

  • [ruby] Fix version comparison for the ruby_abi_version symbol for ruby 4 compatibility. (#41061)

Release v1.78.0-pre2

This is a prerelease of gRPC Core 1.78.0 (gutsy).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This prerelease contains refinements, improvements, and bug fixes.

Release v1.78.0-pre1

This is a prerelease of gRPC Core 1.78.0 (gutsy).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This prerelease contains refinements, improvements, and bug fixes.

Commits

Updates `grpcio-tools` from 1.76.0 to 1.78.0
Release notes

Sourced from grpcio-tools's releases.

Release v1.78.0

This is release 1.78.0 (gutsy) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

C++

  • adding address_sorting dep in naming test build. (#41045)

Objective-C

  • [Backport][v1.78.x][Fix][Compiler] Plugins fall back to the edition 2023 for older protobuf. (#41358)

Python

  • [python] aio: fix race condition causing asyncio.run() to hang forever during the shutdown process. (#40989)
  • [Python] Migrate to pyproject.toml build system from setup.py builds. (#40833)
  • [Python] Log error details when ExecuteBatchError occurs (at DEBUG level). (#40921)
  • [Python] Update setuptools min version to 77.0.1 . (#40931)

Ruby

  • [ruby] Fix version comparison for the ruby_abi_version symbol for ruby 4 compatibility. (#41061)

Release v1.78.0-pre2

This is a prerelease of gRPC Core 1.78.0 (gutsy).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This prerelease contains refinements, improvements, and bug fixes.

Release v1.78.0-pre1

This is a prerelease of gRPC Core 1.78.0 (gutsy).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This prerelease contains refinements, improvements, and bug fixes.

Commits

Updates `grpcio-reflection` from 1.76.0 to 1.78.0 Updates `datamodel-code-generator` from 0.53.0 to 0.54.0
Release notes

Sourced from datamodel-code-generator's releases.

0.54.0

Breaking Changes

Code Generation Changes

  • Enum member names from oneOf/anyOf const constructs now use title field when provided - Previously, when creating enums from oneOf/anyOf constructs with const values, the title field was incorrectly ignored and enum member names were generated using the pattern {type}_{value} (e.g., integer_200). Now, when a title is specified, it is correctly used as the enum member name (e.g., OK instead of integer_200). Users who have code depending on the previously generated enum member names will need to update their references. (#2975) Before: 
    class StatusCode(IntEnum):
    integer_200 = 200
    integer_404 = 404
    integer_500 = 500
    After: 
    class StatusCode(IntEnum):
    OK = 200
    Not_Found = 404
    Server_Error = 500
  • Field names matching Python builtins are now automatically sanitized - When a field name matches a Python builtin type AND the field's type annotation uses that same builtin (e.g., int: int, list: list[str], dict: dict[str, Any]), the field is now renamed with a trailing underscore (e.g., int_) and an alias is added to preserve the original JSON field name. This prevents Python syntax issues and shadowing of builtin types. Previously, such fields were generated as-is (e.g., int: int | None = None), which could cause code that shadows Python builtins. After this change, the same field becomes int_: int | None = Field(None, alias='int'). This affects fields named: int, float, bool, str, bytes, list, dict, set, frozenset, tuple, and other Python builtins when their type annotation uses the matching builtin type. (#2968)
  • $ref with non-standard metadata fields no longer triggers schema merging - Previously, when a $ref was combined with non-standard fields like markdownDescription, if, then, else, or other extras not in the whitelist, the generator would merge schemas and potentially create duplicate models (e.g., UserWithExtra alongside User). Now, only whitelisted schema-affecting extras (currently just const) trigger merging. This means:
    • Fewer merged/duplicate models will be generated
    • References are preserved directly instead of being expanded
    • Field types may change from inline merged types to direct references Example schema:
    properties:
  user:
    $ref: "#/definitions/User"
    nullable: true
    markdownDescription: "A user object"
    Before: Could generate a merged UserWithMarkdownDescription model After: Directly uses User | None reference (#2993)
  • Enum member names no longer get underscore suffix with --capitalise-enum-members - Previously, enum values like replace, count, index would generate REPLACE_, COUNT_, INDEX_ when using --capitalise-enum-members. Now they correctly generate REPLACE, COUNT, INDEX. The underscore suffix is only added when --use-subclass-enum is also used AND the lowercase name conflicts with builtin type methods. Users relying on the previous naming (e.g., referencing MyEnum.REPLACE_ in code) will need to update to use the new names without trailing underscores. (#2999)
  • Fields using $ref with inline keywords now include merged metadata - When a schema property uses $ref alongside additional keywords (e.g., const, enum, readOnly, constraints), the generator now correctly merges metadata (description, title, constraints, defaults, readonly/writeOnly) from the referenced schema into the field definition. Previously, this metadata was lost. For example, a field like type: Type may now become type: Type = Field(..., description='Type of this object.', title='type') when the referenced schema includes those attributes. This also affects additionalProperties and OpenAPI parameter schemas. (#2997)

What's Changed

... (truncated)

Changelog

Sourced from datamodel-code-generator's changelog.

0.54.0 - 2026-02-14

Breaking Changes

Code Generation Changes

  • Enum member names from oneOf/anyOf const constructs now use title field when provided - Previously, when creating enums from oneOf/anyOf constructs with const values, the title field was incorrectly ignored and enum member names were generated using the pattern {type}_{value} (e.g., integer_200). Now, when a title is specified, it is correctly used as the enum member name (e.g., OK instead of integer_200). Users who have code depending on the previously generated enum member names will need to update their references. (#2975) Before: 
    class StatusCode(IntEnum):
    integer_200 = 200
    integer_404 = 404
    integer_500 = 500
    After: 
    class StatusCode(IntEnum):
    OK = 200
    Not_Found = 404
    Server_Error = 500
  • Field names matching Python builtins are now automatically sanitized - When a field name matches a Python builtin type AND the field's type annotation uses that same builtin (e.g., int: int, list: list[str], dict: dict[str, Any]), the field is now renamed with a trailing underscore (e.g., int_) and an alias is added to preserve the original JSON field name. This prevents Python syntax issues and shadowing of builtin types. Previously, such fields were generated as-is (e.g., int: int | None = None), which could cause code that shadows Python builtins. After this change, the same field becomes int_: int | None = Field(None, alias='int'). This affects fields named: int, float, bool, str, bytes, list, dict, set, frozenset, tuple, and other Python builtins when their type annotation uses the matching builtin type. (#2968)
  • $ref with non-standard metadata fields no longer triggers schema merging - Previously, when a $ref was combined with non-standard fields like markdownDescription, if, then, else, or other extras not in the whitelist, the generator would merge schemas and potentially create duplicate models (e.g., UserWithExtra alongside User). Now, only whitelisted schema-affecting extras (currently just const) trigger merging. This means:
    • Fewer merged/duplicate models will be generated
    • References are preserved directly instead of being expanded
    • Field types may change from inline merged types to direct references Example schema:
    properties:
  user:
    $ref: "#/definitions/User"
    nullable: true
    markdownDescription: "A user object"
    Before: Could generate a merged UserWithMarkdownDescription model After: Directly uses User | None reference (#2993)
  • Enum member names no longer get underscore suffix with --capitalise-enum-members - Previously, enum values like replace, count, index would generate REPLACE_, COUNT_, INDEX_ when using --capitalise-enum-members. Now they correctly generate REPLACE, COUNT, INDEX. The underscore suffix is only added when --use-subclass-enum is also used AND the lowercase name conflicts with builtin type methods. Users relying on the previous naming (e.g., referencing MyEnum.REPLACE_ in code) will need to update to use the new names without trailing underscores. (#2999)
  • Fields using $ref with inline keywords now include merged metadata - When a schema property uses $ref alongside additional keywords (e.g., const, enum, readOnly, constraints), the generator now correctly merges metadata (description, title, constraints, defaults, readonly/writeOnly) from the referenced schema into the field definition. Previously, this metadata was lost. For example, a field like type: Type may now become type: Type = Field(..., description='Type of this object.', title='type') when the referenced schema includes those attributes. This also affects additionalProperties and OpenAPI parameter schemas. (#2997)

What's Changed

... (truncated)

Commits

Updates `ruff` from 0.14.14 to 0.15.4
Release notes

Sourced from ruff's releases.

0.15.4

Release Notes

Released on 2026-02-26.

This is a follow-up release to 0.15.3 that resolves a panic when the new rule PLR1712 was enabled with any rule that analyzes definitions, such as many of the ANN or D rules.

Bug fixes

  • Fix panic on access to definitions after analyzing definitions (#23588)
  • [pyflakes] Suppress false positive in F821 for names used before del in stub files (#23550)

Documentation

  • Clarify first-party import detection in Ruff (#23591)
  • Fix incorrect import-heading example (#23568)

Contributors

Install ruff 0.15.4

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf
https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.sh
| sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm
https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.ps1
| iex"

Download ruff 0.15.4

File Platform Checksum
ruff-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
ruff-x86_64-apple-darwin.tar.gz Intel macOS checksum
ruff-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
ruff-i686-pc-windows-msvc.zip x86 Windows checksum
ruff-x86_64-pc-windows-msvc.zip x64 Windows checksum
ruff-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
ruff-i686-unknown-linux-gnu.tar.gz x86 Linux checksum
ruff-powerpc64-unknown-linux-gnu.tar.gz PPC64 Linux checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.4

Released on 2026-02-26.

This is a follow-up release to 0.15.3 that resolves a panic when the new rule PLR1712 was enabled with any rule that analyzes definitions, such as many of the ANN or D rules.

Bug fixes

  • Fix panic on access to definitions after analyzing definitions (#23588)
  • [pyflakes] Suppress false positive in F821 for names used before del in stub files (#23550)

Documentation

  • Clarify first-party import detection in Ruff (#23591)
  • Fix incorrect import-heading example (#23568)

Contributors

0.15.3

Released on 2026-02-26.

Preview features

  • Drop explicit support for .qmd file extension (#23572)

    This can now be enabled instead by setting the extension option:

    # ruff.toml
extension = { qmd = "markdown" }

    pyproject.toml
    

    [tool.ruff]
extension = { qmd = "markdown" }

  • Include configured extensions in file discovery (#23400)

  • [flake8-bandit] Allow suspicious imports in TYPE_CHECKING blocks (S401-S415) (#23441)

  • [flake8-bugbear] Allow B901 in pytest hook wrappers (#21931)

  • [flake8-import-conventions] Add missing conventions from upstream (ICN001, ICN002) (#21373)

... (truncated)

Commits

Updates `types-protobuf` from 6.32.1.20251210 to 6.32.1.20260221
Commits

Updates `autoflake` from 2.3.1 to 2.3.3
Release notes

Sourced from autoflake's releases.

v2.3.3

What's Changed

Full Changelog: https://github.com/PyCQA/autoflake/compare/v2.3.2...v2.3.3

v2.3.2

What's Changed