Skip to content

chore(deps): bump the python-dependencies group across 1 directory with 6 updates#192

Open
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/uv/python-dependencies-e8d9762431
Open

chore(deps): bump the python-dependencies group across 1 directory with 6 updates#192
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/uv/python-dependencies-e8d9762431

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 17, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-dependencies group with 6 updates in the / directory:

Package From To
fastapi 0.138.1 0.139.2
gitpython 3.1.50 3.1.52
websockets 16.0 16.1
pgvector 0.4.2 0.5.0
ruff 0.15.20 0.15.22
mypy 2.1.0 2.3.0

Updates fastapi from 0.138.1 to 0.139.2

Release notes

Sourced from fastapi's releases.

0.139.2

Fixes

  • 🐛 Refactor router route building to make it thread-safe, mainly relevant for tests running in parallel threads (uncommon). PR #16013 by @​tiangolo.

0.139.1

Fixes

  • 🐛 Fix frontend fallback support for doted paths like /users/john.doe. PR #16011 by @​tiangolo.

Docs

  • 📝 Fix topic repository list not being displayed and skip_users not being applied. PR #15995 by @​YuriiMotov.

Translations

Internal

... (truncated)

Commits
  • 866b7a3 🔖 Release version 0.139.2 (#16014)
  • 7b3effe 📝 Update release notes
  • 7fe315c 🐛 Refactor router route building to make it thread-safe, mainly relevant for ...
  • c48e67b 🔖 Release version 0.139.1 (#16012)
  • 2acc4fb 📝 Update release notes
  • eb75fd0 🐛 Fix frontend fallback support for doted paths like /users/john.doe (#16011)
  • 9b8410b 📝 Update release notes
  • e24d44c 📝 Fix topic repository list not being displayed and skip_users not being ap...
  • 93b78f8 📝 Update release notes
  • b959b44 📝 Update release notes
  • Additional commits viewable in compare view

Updates gitpython from 3.1.50 to 3.1.52

Release notes

Sourced from gitpython's releases.

3.1.52 Security

GHSA-rwj8-pgh3-r573: Environment-variable exfiltration via os.path.expandvars() on Repo.clone_from() URL

What's Changed

Full Changelog: gitpython-developers/GitPython@3.1.51...3.1.52

3.1.51 - Security

What's Changed

New Contributors

Full Changelog: gitpython-developers/GitPython@3.1.50...3.1.51

Commits
  • f8b6df5 bump patch level prior to release
  • c65dfb3 Merge pull request #2172 from gitpython-developers/fix-clone-expandvars
  • 8ac5a30 fix: prevent environment expansion in clone URLs
  • 7a46dfc Merge pull request #2171 from gitpython-developers/fix-windows-tests
  • 67082d6 test: skip relative config include across Windows drives
  • 7b0764d bump to v3.1.51
  • af027be Merge pull request #2163 from gitpython-developers/fix-unguarded-blame
  • 701ce32 fix: Guard unsafe git command options (GHSA-956x-8gvw-wg5v)
  • 65a7283 Merge pull request #2168 from gitpython-developers/advisory-fix-1
  • 3e59876 Merge pull request #2169 from gitpython-developers/fix-config-assert
  • Additional commits viewable in compare view

Updates websockets from 16.0 to 16.1

Release notes

Sourced from websockets's releases.

16.1

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

Commits
  • 4df6f90 Release version 16.1.
  • 7c69eca Increase timeout for building wheels.
  • 493864e Complete and review changelog.
  • 73ff538 Temporarily remove the trio implementation (again).
  • 77f7d71 Shorten changelog and docstring for previous commit.
  • 84859e1 Add text argument to broadcast() to force the frame type
  • 1a38f5a Document research on removing a workaround.
  • 99431ee Apply code style to docs/conf.py.
  • bf97b98 Fix typos in tests.
  • 21a3418 Fix typos in comments
  • Additional commits viewable in compare view

Updates pgvector from 0.4.2 to 0.5.0

Changelog

Sourced from pgvector's changelog.

0.5.0 (2026-07-06)

  • Added experimental support for type hints
  • Changed vector and halfvec types to return list for Django, SQLAlchemy, SQLModel, and Peewee
  • Changed vector type to return Vector object for Psycopg 3, Psycopg 2, asyncpg, and pg8000
  • Removed utils package (use top-level pgvector package instead)
  • Removed re-exported classes (use top-level pgvector package instead)
  • Removed dependency on NumPy
  • Dropped support for Python < 3.10
  • Dropped support for SQLAlchemy < 2
Commits

Updates ruff from 0.15.20 to 0.15.22

Release notes

Sourced from ruff's releases.

0.15.22

Release Notes

Released on 2026-07-16.

Preview features

  • [pycodestyle] Add an autofix for E402 (#22212)
  • [refurb] Allow subclassing builtins in stub files (FURB189) (#26812)
  • [ruff] Add rule to replace noqa comments with ruff:ignore (RUF105) (#26423)
  • [ruff] Add rule to use human-readable names in ruff:ignore comments (RUF106) (#26682)
  • [ruff] Add rule to use human-readable names in configuration selectors (RUF201) (#26772)

Bug fixes

  • [flake8-pyi] Fix false positive in __all__ (PYI053) (#26872)

Rule changes

  • [pylint] Ignore mutable type updates in redefined-loop-name (PLW2901) (#25733)

Performance

  • Avoid redundant lexer token bookkeeping (#26765)
  • Avoid redundant pending-indentation writes (#26774)
  • Avoid unnecessary identifier lookahead (#26525)
  • Reuse parser scratch buffers (#26798)

Documentation

  • Document argfile support (#26803)
  • [flake8-datetimez] Clarify naming guidance for datetime.today (DTZ002) (#26658)
  • [pycodestyle] Document E731 fix safety (#26847)
  • [ruff] Clarify intentional async contexts for unused-async (RUF029) (#26641)

Contributors

Install ruff 0.15.22

Install prebuilt binaries via shell script

</tr></table> 

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.22

Released on 2026-07-16.

Preview features

  • [pycodestyle] Add an autofix for E402 (#22212)
  • [refurb] Allow subclassing builtins in stub files (FURB189) (#26812)
  • [ruff] Add rule to replace noqa comments with ruff:ignore (RUF105) (#26423)
  • [ruff] Add rule to use human-readable names in ruff:ignore comments (RUF106) (#26682)
  • [ruff] Add rule to use human-readable names in configuration selectors (RUF201) (#26772)

Bug fixes

  • [flake8-pyi] Fix false positive in __all__ (PYI053) (#26872)

Rule changes

  • [pylint] Ignore mutable type updates in redefined-loop-name (PLW2901) (#25733)

Performance

  • Avoid redundant lexer token bookkeeping (#26765)
  • Avoid redundant pending-indentation writes (#26774)
  • Avoid unnecessary identifier lookahead (#26525)
  • Reuse parser scratch buffers (#26798)

Documentation

  • Document argfile support (#26803)
  • [flake8-datetimez] Clarify naming guidance for datetime.today (DTZ002) (#26658)
  • [pycodestyle] Document E731 fix safety (#26847)
  • [ruff] Clarify intentional async contexts for unused-async (RUF029) (#26641)

Contributors

0.15.21

Released on 2026-07-09.

Preview features

... (truncated)

Commits

Updates mypy from 2.1.0 to 2.3.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Packaging changes

Mypy 2.3

We've just uploaded mypy 2.3.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

The Upcoming Switch to the New Native Parser

We are planning to enable the new native parser (--native-parser) by default soon. We recommend that you test the native parser in your projects and report any issues in the mypy issue tracker.

Mypyc Free-threading Memory Safety

Free-threaded Python builds that don't have the GIL require additional synchronization primitives or lock-free algorithms to ensure memory safety when there are race conditions (for example, when a thread reads a list item while another thread writes the same list item concurrently). This release greatly improves memory safety of free threading.

List operations are now memory-safe on free threaded Python builds, even in the presence of race conditions. This has some performance cost. For list-heavy workloads, using librt.vecs.vec instead of list is often significantly faster, but note that vec is not (and likely won't be) fully memory safe, and the user is expected to avoid race conditions. The newly introduced librt.threading.Lock helps with this. Using variable-length tuples can also be more efficient than lists, since tuples are immutable and don't require expensive synchronization to ensure memory safety.

Instance attribute access is also (mostly) memory safe now on free-threaded builds in the presence of race conditions. We are planning to fix the remaining unsafe cases in a future release.

Full list of changes:

  • Make attribute access memory safe on free-threaded builds (Jukka Lehtosalo, PR 21705)
  • Fix unsafe borrowing of instance attributes with free-threading (Jukka Lehtosalo, PR 21688)
  • Make list get/set item more memory safe on free-threaded builds (Jukka Lehtosalo, PR 21683)
  • Don't borrow list items on free-threaded builds (Jukka Lehtosalo, PR 21679)
  • Make multiple assignment from list memory-safe on free-threaded builds (Jukka Lehtosalo, PR 21684)

... (truncated)

Commits
  • 8aabf84 Drop +dev from version
  • 4d8ad2a Update changelog for 2.3 release (#21728)
  • 2c21546 [mypyc] Update documentation of race conditions under free threading (#21726)
  • a9f62a3 [mypyc] Make attribute access memory safe on free-threaded builds (#21705)
  • 0faa413 Use PYODIDE environment variable for Emscripten cross-compilation detection...
  • 3d75cdb [mypyc] Borrow final attributes more aggressively (#21702)
  • 24c237d [mypyc] Improve documentation of Final (#21713)
  • b5be217 [mypyc] Update free threading Python compatibility docs (#21711)
  • cbcb51a Narrow for frozendict membership check (#21709)
  • af2bc0f Sync typeshed (#21707)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 17, 2026
@github-actions
github-actions Bot enabled auto-merge (rebase) July 17, 2026 20:23
…th 6 updates

Bumps the python-dependencies group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [fastapi](https://github.com/fastapi/fastapi) | `0.138.1` | `0.139.2` |
| [gitpython](https://github.com/gitpython-developers/GitPython) | `3.1.50` | `3.1.52` |
| [websockets](https://github.com/python-websockets/websockets) | `16.0` | `16.1` |
| [pgvector](https://github.com/pgvector/pgvector-python) | `0.4.2` | `0.5.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.20` | `0.15.22` |
| [mypy](https://github.com/python/mypy) | `2.1.0` | `2.3.0` |



Updates `fastapi` from 0.138.1 to 0.139.2
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.138.1...0.139.2)

Updates `gitpython` from 3.1.50 to 3.1.52
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](gitpython-developers/GitPython@3.1.50...3.1.52)

Updates `websockets` from 16.0 to 16.1
- [Release notes](https://github.com/python-websockets/websockets/releases)
- [Commits](python-websockets/websockets@16.0...16.1)

Updates `pgvector` from 0.4.2 to 0.5.0
- [Changelog](https://github.com/pgvector/pgvector-python/blob/master/CHANGELOG.md)
- [Commits](pgvector/pgvector-python@v0.4.2...v0.5.0)

Updates `ruff` from 0.15.20 to 0.15.22
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.20...0.15.22)

Updates `mypy` from 2.1.0 to 2.3.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v2.1.0...v2.3.0)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.139.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: gitpython
  dependency-version: 3.1.52
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: mypy
  dependency-version: 2.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: pgvector
  dependency-version: 0.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: ruff
  dependency-version: 0.15.22
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: websockets
  dependency-version: '16.1'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/uv/python-dependencies-e8d9762431 branch from 3fbc5ac to fab46e0 Compare July 17, 2026 20:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant