Skip to content

chore(deps): bump the pip-backend-updates group across 1 directory with 11 updates#318

Merged
anchapin merged 2 commits intomainfrom
dependabot/pip/backend/pip-backend-updates-c8f29f6a3c
Feb 13, 2026
Merged

chore(deps): bump the pip-backend-updates group across 1 directory with 11 updates#318
anchapin merged 2 commits intomainfrom
dependabot/pip/backend/pip-backend-updates-c8f29f6a3c

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 12, 2026
edited
Loading

Bumps the pip-backend-updates group with 11 updates in the /backend directory:

Package From To
fastapi 0.120.0 0.128.0
uvicorn[standard] 0.38.0 0.40.0
pydantic 2.12.3 2.12.5
pydantic-settings 2.11.0 2.12.0
alembic 1.17.0 1.18.0
redis[asyncio] 7.0.0 7.1.0
python-multipart 0.0.20 0.0.21
tomli 2.3.0 2.4.0
pytest-asyncio 1.2.0 1.3.0
ruff 0.14.2 0.14.11
black 25.9.0 25.12.0

Updates fastapi from 0.120.0 to 0.128.0

Release notes

Sourced from fastapi's releases.

0.128.0

Breaking Changes

Internal

0.127.1

Refactors

Docs

Translations

Internal

0.127.0

Breaking Changes

Translations

  • 🔧 Add LLM prompt file for Korean, generated from the existing translations. PR #14546 by @​tiangolo.
  • 🔧 Add LLM prompt file for Japanese, generated from the existing translations. PR #14545 by @​tiangolo.

Internal

0.126.0

Upgrades

  • ➖ Drop support for Pydantic v1, keeping short temporary support for Pydantic v2's pydantic.v1. PR #14575 by @​tiangolo.

... (truncated)

Commits

Updates uvicorn[standard] from 0.38.0 to 0.40.0

Release notes

Sourced from uvicorn[standard]'s releases.

Version 0.40.0

What's Changed

Full Changelog: Kludex/uvicorn@0.39.0...0.40.0

Version 0.39.0

What's Changed

New Contributors

Full Changelog: Kludex/uvicorn@0.38.0...0.39.0

Changelog

Sourced from uvicorn[standard]'s changelog.

0.40.0 (December 21, 2025)

Remove

  • Drop support for Python 3.9 (#2772)

0.39.0 (December 21, 2025)

Fixed

  • Send close frame on ASGI return for WebSockets (#2769)
  • Explicitly start ASGI run with empty context (#2742)
Commits

Updates pydantic from 2.12.3 to 2.12.5

Release notes

Sourced from pydantic's releases.

v2.12.5 2025-11-26

v2.12.5 (2025-11-26)

This is the fifth 2.12 patch release, addressing an issue with the MISSING sentinel and providing several documentation improvements.

The next 2.13 minor release will be published in a couple weeks, and will include a new polymorphic serialization feature addressing the remaining unexpected changes to the serialize as any behavior.

  • Fix pickle error when using model_construct() on a model with MISSING as a default value by @​ornariece in #12522.
  • Several updates to the documentation by @​Viicos.

Full Changelog: pydantic/pydantic@v2.12.4...v2.12.5

v2.12.4 2025-11-05

v2.12.4 (2025-11-05)

This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.

This patch release also fixes an issue with the serialization of IP address types, when serialize_as_any is used. The next patch release will try to address the remaining issues with serialize as any behavior by introducing a new polymorphic serialization feature, that should be used in most cases in place of serialize as any.

Full Changelog: pydantic/pydantic@v2.12.3...v2.12.4

Changelog

Sourced from pydantic's changelog.

v2.12.5 (2025-11-26)

GitHub release

This is the fifth 2.12 patch release, addressing an issue with the MISSING sentinel and providing several documentation improvements.

The next 2.13 minor release will be published in a couple weeks, and will include a new polymorphic serialization feature addressing the remaining unexpected changes to the serialize as any behavior.

  • Fix pickle error when using model_construct() on a model with MISSING as a default value by @​ornariece in #12522.
  • Several updates to the documentation by @​Viicos.

v2.12.4 (2025-11-05)

GitHub release

This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.

This patch release also fixes an issue with the serialization of IP address types, when serialize_as_any is used. The next patch release will try to address the remaining issues with serialize as any behavior by introducing a new polymorphic serialization feature, that should be used in most cases in place of serialize as any.

Commits
  • bd2d0dd Prepare release v2.12.5
  • 7d0302e Document security implications when using create_model()
  • e9ef980 Fix typo in Standard Library Types documentation
  • f2c20c0 Add pydantic-docs dev dependency, make use of versioning blocks
  • a76c1aa Update documentation about JSON Schema
  • 8cbc72c Add documentation about custom __init__()
  • 99eba59 Add additional test for FieldInfo.get_default()
  • c710769 Special case MISSING sentinel in smart_deepcopy()
  • 20a9d77 Do not delete mock validator/serializer in rebuild_dataclass()
  • c86515a Update parts of the model and revalidate_instances documentation
  • Additional commits viewable in compare view

Updates pydantic-settings from 2.11.0 to 2.12.0

Release notes

Sourced from pydantic-settings's releases.

v2.12.0

What's Changed

New Contributors

Full Changelog: pydantic/pydantic-settings@v2.11.0...v2.12.0

Commits

Updates alembic from 1.17.0 to 1.18.0

Release notes

Sourced from alembic's releases.

1.18.0

Released: January 9, 2026

feature

  • [feature] [operations] When alembic is run in "verbose" mode, alembic now logs a message to indicate from which file is used to load the configuration.

    References: #1737

  • [feature] [autogenerate] Autogenerate reflection sweeps now use the "bulk" inspector methods introduced in SQLAlchemy 2.0, which for selected dialects including PostgreSQL and Oracle use batched queries to reflect whole collections of tables using O(1) queries rather than O(N).

    References: #1771

  • [feature] [autogenerate] Release 1.18.0 introduces a plugin system that allows for automatic loading of third-party extensions as well as configurable autogenerate compare functionality on a per-environment basis.

    The Plugin class provides a common interface for extensions that register handlers among Alembic's existing extension points such as Operations.register_operation() and Operations.implementation_for(). A new interface for registering autogenerate comparison handlers, Plugin.add_autogenerate_comparator(), provides for autogenerate compare functionality that may be custom-configured on a per-environment basis using the new EnvironmentContext.configure.autogenerate_plugins parameter.

    The change does not impact well known Alembic add-ons such as alembic-utils, which continue to work as before; however, such add-ons have the option to provide plugin entrypoints going forward.

    As part of this change, Alembic's autogenerate compare functionality is reorganized into a series of internal plugins under the alembic.autogenerate namespace, which may be individually or collectively identified for inclusion and/or exclusion within the EnvironmentContext.configure() call using a new parameter EnvironmentContext.configure.autogenerate_plugins. This parameter is also where third party comparison plugins may also be indicated.

    See alembic.plugins.toplevel for complete documentation on the new Plugin class as well as autogenerate-specific usage instructions.

... (truncated)

Commits

Updates redis[asyncio] from 7.0.0 to 7.1.0

Release notes

Sourced from redis[asyncio]'s releases.

7.1.0

Changes

🚀 New Features

  • Adding MSETEX command support. (#3823)
  • Adding CLAIM option to XREADGROUP command + unit tests (#3825)
  • Apply routing and response aggregation policies in OSS Cluster mode (#3834)

🧪 Experimental Features

  • Adding support for CAS/CAD commands. (#3837)
  • Adding support for HYBRID search. (#3813 #3843)

🔥 Breaking changes (in experimental features)

  • Replace default health check and failure detector with custom (#3822)

🐛 Bug Fixes

  • Add **options to parse functions for sentinel (#3831)
  • Generating unique command cache key (#3765)

🧰 Maintenance

  • Adding Redis 8.4 RC1 image to test matrix. (#3820)
  • Remove Python 3.9 support. Add Python 3.14 support. (#3814)
  • Sync readme with 7.0.1 and update lib version to latest stable released version - 7.0.1 (#3821)
  • Bump rojopolis/spellcheck-github-actions from 0.52.0 to 0.53.0 (#3827)
  • Bump actions/upload-artifact from 4 to 5 (#3828)
  • Bump github/codeql-action from 3 to 4 (#3829)
  • Fixing flaky tests (#3833 #3838)
  • Update 8.4 RC image tag to 8.4-RC1-pre.2 for pipeline test matrix (#3832)
  • Add missing f-string when returning an error. (#3841)
  • Adding latest 8.4 image to test matrix. Updating the Hybrid VSIM query format to be in sync with spec after srv issue was fixed. (#3843)
  • Expand cluster READ_COMMANDS with additional read-only commands and reorganize the list of commands by category (#3845)
  • Update Type Hints for List Command Parameters from str to KeyT (#3848)
  • Changing log level to be debug for failed maintenance notification enablement when enabled='auto' (#3851)
  • Added custom event handler section (#3853)
  • Changing current version to 8.4 as it is already GA (#3854)

We'd like to thank all the contributors who worked on this release! @​ShubhamKaudewar @​matthewwiese @​peperon @​vladvildanov @​petyaslavova

7.0.1

Changes

This release adds small fixes related to documentation.

🧰 Maintenance

  • Add 'multi_database' section to documentation index (313d93f)
  • Revised multi-database client documentation(78df745)
  • Adding info about Multi-database client in README.md (3f7a55e)

... (truncated)

Commits
  • f7c1755 Changing current version to 8.4 as it is already GA (#3854)
  • 2235cc7 Added custom event handler section (#3853)
  • 8cc50a5 Changing log level to be debug for failed maintenance notification enablement...
  • d1769a2 #3612 Generating unique command cache key (#3765)
  • b49dce1 Update Type Hints for List Command Parameters from str to KeyT (#3848)
  • 46ff042 Expand cluster READ_COMMANDS with additional read-only commands and reorganiz...
  • dc47675 Updating lib version to 7.1.0 and added note in README that Python 3.9 suppor...
  • f026c1e Adding latest 8.4 image to test matrix. Updating the Hybrid VSIM query format...
  • a5ab18f Adding support for HYBRID search. (#3813)
  • e6fb505 Adding support for CAS/CAD commands. (#3837)
  • Additional commits viewable in compare view

Updates python-multipart from 0.0.20 to 0.0.21

Release notes

Sourced from python-multipart's releases.

Version 0.0.21

What's Changed

New Contributors

Full Changelog: Kludex/python-multipart@0.0.20...0.0.21

Changelog

Sourced from python-multipart's changelog.

0.0.21 (2025-12-17)

  • Add support for Python 3.14 and drop EOL 3.8 and 3.9 #216.
Commits
  • 1f72955 Version 0.0.21 (#217)
  • 47ecfed Add support for Python 3.14 and drop EOL 3.8 and 3.9 (#216)
  • f18b709 Bump the github-actions group across 1 directory with 4 updates (#214)
  • b388e9a chore: use depedency-groups in pyproject.toml (#212)
  • 6113e75 Bump the github-actions group across 1 directory with 3 updates (#210)
  • 7aa8d99 Bump ruff from 0.8.0 to 0.11.7 (#203)
  • 3e909f5 Bump astral-sh/setup-uv from 4 to 5 in the github-actions group (#198)
  • See full diff in compare view

Updates tomli from 2.3.0 to 2.4.0

Changelog

Sourced from tomli's changelog.

2.4.0

  • Added
    • TOML v1.1.0 compatibility
    • Binary wheels for Windows arm64
Commits
  • a678e6f Bump version: 2.3.0 → 2.4.0
  • b8a1358 Tests: remove now needless "TOML compliance"->"burntsushi" format conversion
  • 4979375 Update GitHub actions
  • f890dd1 Update pre-commit hooks
  • d9c65c3 Add 2.4.0 change log
  • 0efe49d Update README for v2.4.0
  • 9eb2125 TOML 1.1: Make seconds optional in Date-Time and Time (#203)
  • 12314bd TOML 1.1: Add \xHH Unicode escape code to basic strings (#202)
  • 2a2aa62 TOML 1.1: Allow newlines and trailing comma in inline tables (#200)
  • 38297f8 Xfail on tests for TOML 1.1 features not yet supported
  • Additional commits viewable in compare view

Updates pytest-asyncio from 1.2.0 to 1.3.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio 1.3.0

1.3.0 - 2025-11-10

Removed

  • Support for Python 3.9 (#1278)

Added

  • Support for pytest 9 (#1279)

Notes for Downstream Packagers

  • Tested Python versions include free threaded Python 3.14t (#1274)
  • Tests are run in the same pytest process, instead of spawning a subprocess with pytest.Pytester.runpytest_subprocess. This prevents the test suite from accidentally using a system installation of pytest-asyncio, which could result in test errors. (#1275)
Commits
  • 2e9695f docs: Compile changelog for v1.3.0
  • dd0e9ba docs: Reference correct issue in news fragment.
  • 4c31abe Build(deps): Bump nh3 from 0.3.1 to 0.3.2
  • 13e9477 Link to migration guides from changelog
  • 4d2cf3c tests: handle Python 3.14 DefaultEventLoopPolicy deprecation warnings
  • ee3549b test: Remove obsolete test for the event_loop fixture.
  • 7a67c82 tests: Fix failing test by preventing warning conversion to error.
  • a17b689 test: add pytest config to isolated test directories
  • 18afc9d fix(tests): replace runpytest_subprocess with runpytest
  • cdc6bd1 Add support for pytest 9 and drop Python 3.9 support
  • Additional commits viewable in compare view

Updates ruff from 0.14.2 to 0.14.11

Release notes

Sourced from ruff's releases.

0.14.11

Release Notes

Released on 2026-01-08.

Preview features

  • Consolidate diagnostics for matched disable/enable suppression comments (#22099)
  • Report diagnostics for invalid/unmatched range suppression comments (#21908)
  • [airflow] Passing positional argument into airflow.lineage.hook.HookLineageCollector.create_asset is not allowed (AIR303) (#22046)
  • [refurb] Mark FURB192 fix as always unsafe (#22210)
  • [ruff] Add non-empty-init-module (RUF067) (#22143)

Bug fixes

  • Fix GitHub format for multi-line diagnostics (#22108)
  • [flake8-unused-arguments] Mark **kwargs in TypeVar as used (ARG001) (#22214)

Rule changes

  • Add help: subdiagnostics for several Ruff rules that can sometimes appear to disagree with ty (#22331)
  • [pylint] Demote PLW1510 fix to display-only (#22318)
  • [pylint] Ignore identical members (PLR1714) (#22220)
  • [pylint] Improve diagnostic range for PLC0206 (#22312)
  • [ruff] Improve fix title for RUF102 invalid rule code (#22100)
  • [flake8-simplify]: Avoid unnecessary builtins import for SIM105 (#22358)

Configuration

  • Allow Python 3.15 as valid target-version value in preview (#22419)
  • Check required-version before parsing rules (#22410)
  • Include configured src directories when resolving graphs (#22451)

Documentation

  • Update T201 suggestion to not use root logger to satisfy LOG015 (#22059)
  • Fix iter example in unsafe fixes doc (#22118)
  • [flake8_print] better suggestion for basicConfig in T201 docs (#22101)
  • [pylint] Restore the fix safety docs for PLW0133 (#22211)
  • Fix Jupyter notebook discovery info for editors (#22447)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.11

Released on 2026-01-08.

Preview features

  • Consolidate diagnostics for matched disable/enable suppression comments (#22099)
  • Report diagnostics for invalid/unmatched range suppression comments (#21908)
  • [airflow] Passing positional argument into airflow.lineage.hook.HookLineageCollector.create_asset is not allowed (AIR303) (#22046)
  • [refurb] Mark FURB192 fix as always unsafe (#22210)
  • [ruff] Add non-empty-init-module (RUF067) (#22143)

Bug fixes

  • Fix GitHub format for multi-line diagnostics (#22108)
  • [flake8-unused-arguments] Mark **kwargs in TypeVar as used (ARG001) (#22214)

Rule changes

  • Add help: subdiagnostics for several Ruff rules that can sometimes appear to disagree with ty (#22331)
  • [pylint] Demote PLW1510 fix to display-only (#22318)
  • [pylint] Ignore identical members (PLR1714) (#22220)
  • [pylint] Improve diagnostic range for PLC0206 (#22312)
  • [ruff] Improve fix title for RUF102 invalid rule code (#22100)
  • [flake8-simplify]: Avoid unnecessary builtins import for SIM105 (#22358)

Configuration

  • Allow Python 3.15 as valid target-version value in preview (#22419)
  • Check required-version before parsing rules (#22410)
  • Include configured src directories when resolving graphs (#22451)

Documentation

  • Update T201 suggestion to not use root logger to satisfy LOG015 (#22059)
  • Fix iter example in unsafe fixes doc (#22118)
  • [flake8_print] better suggestion for basicConfig in T201 docs (#22101)
  • [pylint] Restore the fix safety docs for PLW0133 (#22211)
  • Fix Jupyter notebook discovery info for editors (#22447)

Contributors

... (truncated)

Commits
  • c920cf8 Bump 0.14.11 (#22462)
  • bb757b5 [ty] Don't show diagnostics for excluded files (#22455)
  • 1f49e8e Include configured src directories when resolving graphs (#22451)
  • 701f513 [ty] Only consider fully static pivots when deriving transitive constraints (...
  • eea9ad8 Pin maturin version (#22454)
  • eeac2bd [ty] Optimize union building for unions with many enum-literal members (#22363)
  • 7319c37 docs: fix jupyter notebook discovery info for editors (#22447)
  • 805503c [ruff] Improve fix title for RUF102 invalid rule code (#22100)
  • 68a2f6c [ty] Fix super() with TypeVar-annotated self and cls parameter (#22208)
  • abaa735 [ty] Improve UnionBuilder performance by changing Type::is_subtype_of cal...
  • Additional commits viewable in compare view

Updates black from 25.9.0 to 25.12.0

Release notes

Sourced from black's releases.

25.12.0

Please test out the draft 2026 style in version 26.1a1! This style will be finalized in the January release (26.1.0). Most of the changes in --preview will be in the 2026 stable style, but not all. Please share your feedback!

This release (25.12.0) will still produce the 2025 style.

Highlights

  • Black no longer supports running with Python 3.9 (#4842)

Stable style

  • Fix bug where comments preceding # fmt: off/# fmt: on blocks were incorrectly removed, particularly affecting Jupytext's # %% [markdown] comments (#4845)
  • Fix crash when multiple # fmt: skip comments are used in a multi-part if-clause, on string literals, or on dictionary entries with long lines (#4872)
  • Fix possible crash when fmt: directives aren't on the top level (#4856)

Preview style

  • Fix fmt: skip skipping the line after instead of the line it's on (#4855)
  • Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting (#4865)
  • Fix fix_fmt_skip_in_one_liners crashing on with statements (#4853)
  • Fix fix_fmt_skip_in_one_liners crashing on annotated parameters (#4854)
  • Fix new lines being added after imports with # fmt: skip on them (#4894)

Packaging

  • Releases now include arm64 Windows binaries and wheels (#4814)

Integrations

  • Add output-file input to GitHub Action psf/black to write formatter output to a file for artifact capture and log cleanliness (#4824)

25.11.0

Highlights

  • Enable base 3.14 support (#4804)
  • Add support for the new Python 3.14 t-string syntax introduced by PEP 750 (#4805)

Stable style

  • Fix bug where comments between # fmt: off and # fmt: on were reformatted (#4811)
  • Comments containing fmt directives now preserve their exact formatting instead of being normalized (#4811)

... (truncated)

Changelog

Sourced from black's changelog.

25.12.0

Highlights

  • Black no longer supports running with Python 3.9 (#4842)

Stable style

  • Fix bug where comments preceding # fmt: off/# fmt: on blocks were incorrectly removed, particularly affecting Jupytext's # %% [markdown] comments (#4845)
  • Fix crash when multiple # fmt: skip comments are used in a multi-part if-clause, on string literals, or on dictionary entries with long lines (#4872)
  • Fix possible crash when fmt: directives aren't on the top level (#4856)

Preview style

  • Fix fmt: skip skipping the line after instead of the line it's on (#4855)
  • Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting (

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 12, 2026

Labels

The following labels could not be found: python. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

anchapin added a commit that referenced this pull request Feb 12, 2026
@anchapin @claude
fix(ci): Resolve Prepare Base Images failure
b4bfcd9 
Fixes two issues causing the Prepare Base Images job to fail:

1. Hash calculation inconsistency:
   - Updated hash calculation in CI and Build Base Images workflows
   - Now only includes files actually copied by Dockerfile:
     * ai-engine/requirements.txt
     * ai-engine/requirements-dev.txt
     * backend/requirements.txt
   - Previously included unrelated files like backend/src/requirements.txt
     and requirements-test.txt which aren't used in Docker build
   - This ensures CI and Build Base Images calculate identical hashes,
     allowing proper caching and preventing unnecessary rebuilds

2. redis[asyncio] dependency issue:
   - redis 7.1.0 removed the [asyncio] extra as asyncio support is now
     built-in
   - Changed redis[asyncio]==7.1.0 to redis>=7.1.0 in:
     * backend/requirements.txt
     * backend/setup.py
     * backend/src/requirements.txt
   - Eliminates deprecation warning and potential installation issues

Related: PR #318 (dependabot/pip/backend/pip-backend-updates-c8f29f6a3c)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 12, 2026
View reviewed changes
@claude
Copy link

claude bot commented Feb 12, 2026

Code Review Summary

Overall Assessment: ✅ Approved with minor conditions

This is a standard Dependabot PR updating 11 Python packages in the backend. The changes are low-risk but have one important consideration.

Key Findings

1. ⚠️ Breaking Change: FastAPI drops pydantic.v1 support

FastAPI 0.128.0 completely removes support for pydantic.v1. Before merging, please verify:

# Run this to check for pydantic.v1 usage:
grep -r "pydantic.v1\|from pydantic import v1" backend/ ai-engine/

If any results are found, they need to be migrated to Pydantic v2 syntax before merging.

2. Python 3.9 Support Dropped

Multiple packages in this update have dropped Python 3.9 support:

  • uvicorn, pydantic-settings, redis, pytest-asyncio, python-multipart, black

This is acceptable since the project already uses Python 3.11+ in CI/CD and Dockerfiles.

3. ✅ CI Workflow Improvements

The hash calculation changes in workflow files are actually improvements:

  • Now only hashes files actually copied by Dockerfile
  • More granular cache invalidation = better CI performance

4. Package Changes Summary

Package From To Notes
fastapi 0.120.0 0.128.0 ⚠️ Drops pydantic.v1 support
uvicorn 0.38.0 0.40.0 Drops Python 3.9, WebSocket fixes
pydantic 2.12.3 2.12.5 Bug fixes, pickle error fix
pydantic-settings 2.11.0 2.12.0 Drops Python 3.9, new features
alembic 1.17.0 1.18.0 Plugin system, performance
redis 7.0.0 7.1.0 New features, bug fixes
pytest-asyncio 1.2.0 1.3.0 Drops Python 3.9, pytest 9 support
ruff 0.14.2 0.14.11 Bug fixes, improvements
black 25.9.0 25.12.0 Crash fixes, drops Python 3.9

Recommendations

Before Merging:

  1. ✅ Verify no pydantic.v1 usage exists in codebase
  2. ✅ Ensure CI tests pass for this PR
  3. ✅ Monitor for any unexpected behavior post-merge

Post-Merge:

  • Consider testing WebSocket endpoints specifically (uvicorn had relevant fixes)

Conclusion

This PR is safe to merge once pydantic.v1 usage is verified to be absent. The updates include bug fixes and minor improvements with no security concerns noted in the changelogs.

dependabot bot and others added 2 commits February 12, 2026 21:40
@dependabot @anchapin
chore(deps): bump the pip-backend-updates group across 1 directory wi…
4e41e9d 
…th 11 updates

Bumps the pip-backend-updates group with 11 updates in the /backend directory:

| Package | From | To |
| --- | --- | --- |
| [fastapi](https://github.com/fastapi/fastapi) | `0.120.0` | `0.128.0` |
| [uvicorn[standard]](https://github.com/Kludex/uvicorn) | `0.38.0` | `0.40.0` |
| [pydantic](https://github.com/pydantic/pydantic) | `2.12.3` | `2.12.5` |
| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.11.0` | `2.12.0` |
| [alembic](https://github.com/sqlalchemy/alembic) | `1.17.0` | `1.18.0` |
| [redis[asyncio]](https://github.com/redis/redis-py) | `7.0.0` | `7.1.0` |
| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.21` |
| [tomli](https://github.com/hukkin/tomli) | `2.3.0` | `2.4.0` |
| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `1.2.0` | `1.3.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.14.2` | `0.14.11` |
| [black](https://github.com/psf/black) | `25.9.0` | `25.12.0` |

Updates `fastapi` from 0.120.0 to 0.128.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.120.0...0.128.0)

Updates `uvicorn[standard]` from 0.38.0 to 0.40.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.38.0...0.40.0)

Updates `pydantic` from 2.12.3 to 2.12.5
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v2.12.3...v2.12.5)

Updates `pydantic-settings` from 2.11.0 to 2.12.0
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@v2.11.0...v2.12.0)

Updates `alembic` from 1.17.0 to 1.18.0
- [Release notes](https://github.com/sqlalchemy/alembic/releases)
- [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES)
- [Commits](https://github.com/sqlalchemy/alembic/commits)

Updates `redis[asyncio]` from 7.0.0 to 7.1.0
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](redis/redis-py@v7.0.0...v7.1.0)

Updates `python-multipart` from 0.0.20 to 0.0.21
- [Release notes](https://github.com/Kludex/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md)
- [Commits](Kludex/python-multipart@0.0.20...0.0.21)

Updates `tomli` from 2.3.0 to 2.4.0
- [Changelog](https://github.com/hukkin/tomli/blob/master/CHANGELOG.md)
- [Commits](hukkin/tomli@2.3.0...2.4.0)

Updates `pytest-asyncio` from 1.2.0 to 1.3.0
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](pytest-dev/pytest-asyncio@v1.2.0...v1.3.0)

Updates `ruff` from 0.14.2 to 0.14.11
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.14.2...0.14.11)

Updates `black` from 25.9.0 to 25.12.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@25.9.0...25.12.0)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.128.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-backend-updates
- dependency-name: uvicorn[standard]
  dependency-version: 0.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-backend-updates
- dependency-name: pydantic
  dependency-version: 2.12.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip-backend-updates
- dependency-name: pydantic-settings
  dependency-version: 2.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-backend-updates
- dependency-name: alembic
  dependency-version: 1.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-backend-updates
- dependency-name: redis[asyncio]
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-backend-updates
- dependency-name: python-multipart
  dependency-version: 0.0.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip-backend-updates
- dependency-name: tomli
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-backend-updates
- dependency-name: pytest-asyncio
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-backend-updates
- dependency-name: ruff
  dependency-version: 0.14.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip-backend-updates
- dependency-name: black
  dependency-version: 25.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-backend-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@anchapin @claude
fix(ci): Resolve Prepare Base Images failure
e547fb3 
Fixes two issues causing the Prepare Base Images job to fail:

1. Hash calculation inconsistency:
   - Updated hash calculation in CI and Build Base Images workflows
   - Now only includes files actually copied by Dockerfile:
     * ai-engine/requirements.txt
     * ai-engine/requirements-dev.txt
     * backend/requirements.txt
   - Previously included unrelated files like backend/src/requirements.txt
     and requirements-test.txt which aren't used in Docker build
   - This ensures CI and Build Base Images calculate identical hashes,
     allowing proper caching and preventing unnecessary rebuilds

2. redis[asyncio] dependency issue:
   - redis 7.1.0 removed the [asyncio] extra as asyncio support is now
     built-in
   - Changed redis[asyncio]==7.1.0 to redis>=7.1.0 in:
     * backend/requirements.txt
     * backend/setup.py
     * backend/src/requirements.txt
   - Eliminates deprecation warning and potential installation issues

Related: PR #318 (dependabot/pip/backend/pip-backend-updates-c8f29f6a3c)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@anchapin anchapin force-pushed the dependabot/pip/backend/pip-backend-updates-c8f29f6a3c branch from b4bfcd9 to e547fb3 Compare February 13, 2026 02:40
@claude
Copy link

claude bot commented Feb 13, 2026

PR Review: Dependency Updates

This is an automated Dependabot PR updating backend pip dependencies. Overall, the updates look good, but I found one critical issue that should be addressed before merging.

Critical Issue

Inconsistent python-multipart version across files:

The Dependabot update correctly changed python-multipart from 0.0.220.0.21 in requirements.txt, but this appears to be an unintended downgrade (likely a bug in the base dependency declaration).

File Version Issue
backend/requirements.txt 0.0.22 (unchanged) ✅ Correct version
backend/src/requirements.txt 0.0.22 (unchanged) ✅ Correct version
backend/setup.py 0.0.21 ❌ Downgraded from 0.0.22

Recommendation: Revert setup.py line 18 back to 'python-multipart==0.0.22', to maintain consistency with the requirements files.

Breaking Change to Note

FastAPI 0.120.0 → 0.128.0 drops Pydantic v1 support

The codebase appears to be compatible with this change already:

  • ✅ No usage of pydantic.v1 namespace found (only a commented reference in backend/src/api/embeddings.py:152)
  • ✅ Using modern BaseModel from pydantic (not legacy imports)
  • ⚠️ One @validator decorator found in backend/src/api/conversions.py:70 — this is still valid in Pydantic v2, but consider migrating to @field_validator for future compatibility

Other Updates (All Good)

Package Change Notes
fastapi 0.120.0 → 0.128.0 ⚠️ Drops pydantic.v1 support (codebase ready)
uvicorn 0.38.0 → 0.40.0 ✅ Patch updates, safe
pydantic 2.12.3 → 2.12.5 ✅ Patch updates, safe
pydantic-settings 2.11.0 → 2.12.0 ✅ Minor version, compatible
alembic 1.17.0 → 1.18.0 ✅ Patch updates, safe
redis 7.0.0 → 7.1.0 ✅ Minor version, compatible
pytest-asyncio 1.2.0 → 1.3.0 ✅ Patch updates, safe
ruff 0.14.2 → 0.14.11 ✅ Patch updates, safe
black 25.9.0 → 25.12.0 ✅ Minor version, compatible
tomli 2.3.0 → 2.4.0 ✅ Patch updates, safe

Workflow Changes

The CI workflow hash changes are good improvements:

  • Now includes ai-engine/requirements-dev.txt in the hash calculation (was missing before)
  • This ensures proper cache invalidation when dev dependencies change

✅ These changes in .github/workflows/ are correct and should improve CI reliability.

Recommendation

Requested Change: Fix the python-multipart version inconsistency in setup.py before merging.

After fixing that one line, this PR can be safely merged.

@anchapin anchapin merged commit e22d635 into main Feb 13, 2026
17 of 21 checks passed
@anchapin anchapin deleted the dependabot/pip/backend/pip-backend-updates-c8f29f6a3c branch February 13, 2026 06:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backend dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@anchapin