Bump the minor-patch group across 1 directory with 5 updates

[dependabot]

Bumps the minor-patch group with 5 updates in the / directory:

Package	From	To
fastapi	0.129.0	0.135.1
pydantic-settings	2.13.0	2.13.1
bandit	1.9.3	1.9.4
responses	0.25.8	0.26.0
ruff	0.15.1	0.15.4

Updates fastapi from 0.129.0 to 0.135.1

Release notes

Sourced from fastapi's releases.

0.135.1

Fixes

• 🐛 Fix, avoid yield from a TaskGroup, only as an async context manager, closed in the request async exit stack. PR #15038 by @​tiangolo.

Docs

• ✏️ Fix typo in docs/en/docs/_llm-test.md. PR #15007 by @​adityagiri3600.
• 📝 Update Skill, optimize context, trim and refactor into references. PR #15031 by @​tiangolo.

Internal

• 👥 Update FastAPI People - Experts. PR #15037 by @​tiangolo.
• 👥 Update FastAPI People - Contributors and Translators. PR #15029 by @​tiangolo.
• 👥 Update FastAPI GitHub topic repositories. PR #15036 by @​tiangolo.

0.135.0

Features

• ✨ Add support for Server Sent Events. PR #15030 by @​tiangolo.
  • New docs: Server-Sent Events (SSE).

0.134.0

Features

• ✨ Add support for streaming JSON Lines and binary data with yield. PR #15022 by @​tiangolo.
  • This also upgrades Starlette from >=0.40.0 to >=0.46.0, as it's needed to properly unrwap and re-raise exceptions from exception groups.
  • New docs: Stream JSON Lines.
  • And new docs: Stream Data.

Docs

• 📝 Update Library Agent Skill with streaming responses. PR #15024 by @​tiangolo.
• 📝 Update docs for responses and new stream with yield. PR #15023 by @​tiangolo.
• 📝 Add await in StreamingResponse code example to allow cancellation. PR #14681 by @​casperdcl.
• 📝 Rename docs_src/websockets to docs_src/websockets_ to avoid import errors. PR #14979 by @​YuriiMotov.

Internal

• 🔨 Run tests with pytest-xdist and pytest-cov. PR #14992 by @​YuriiMotov.

0.133.1

Features

• 🔧 Add FastAPI Agent Skill. PR #14982 by @​tiangolo.
  • Read more about it in Library Agent Skills.

Internal

• ✅ Fix all tests are skipped on Windows. PR #14994 by @​YuriiMotov.

... (truncated)

Commits

• ca5f60e 🔖 Release version 0.135.1
• 87f75aa 📝 Update release notes
• 8a9258b 🐛 Fix, avoid yield from a TaskGroup, only as an async context manager, closed...
• 6038507 📝 Update release notes
• c796ba4 👥 Update FastAPI People - Experts (#15037)
• b24aa03 📝 Update release notes
• 2c61047 ✏️ Fix typo in docs/en/docs/_llm-test.md (#15007)
• e3bbeef 📝 Update release notes
• d726c8c 📝 Update release notes
• cf514e6 👥 Update FastAPI People - Contributors and Translators (#15029)
• Additional commits viewable in compare view

Updates pydantic-settings from 2.13.0 to 2.13.1

Commits

• e87d12d v2.13.1 (#790)
• acf8c14 Fix JSON decoding for parameterized PEP 695 type aliases (#780)
• 58b236a Fix AttributeError with nested env vars for dict fields (#785) (#786)
• 4933f06 Fix CLI parsing error for set field types since 2.13.0 (#787) (#788)
• bd0ebe6 Fix RecursionError with self-referential models in CliApp (#783)
• eb7840e Fix regression for bool fields since 2.13.0 (#784)
• See full diff in compare view

Updates bandit from 1.9.3 to 1.9.4

Release notes

Sourced from bandit's releases.

1.9.4

What's Changed

• chore: fixed some typos in comments by @​jakob1379 in PyCQA/bandit#1351
• Bump docker/login-action from 3.6.0 to 3.7.0 by @​dependabot[bot] in PyCQA/bandit#1353
• Bump docker/build-push-action from 6.18.0 to 6.19.2 by @​dependabot[bot] in PyCQA/bandit#1357
• Fix B613 crash when reading from stdin by @​worksbyfriday in PyCQA/bandit#1361
• Include filename in nosec 'no failed test' warning by @​worksbyfriday in PyCQA/bandit#1363
• Fix B615 false positive when revision is set via variable by @​worksbyfriday in PyCQA/bandit#1358
• Lower version guard in check_ast_node to Python 3.12 by @​rcgray in PyCQA/bandit#1355
• Fix B106 reporting wrong line number on multiline function calls by @​worksbyfriday in PyCQA/bandit#1360

New Contributors

• @​jakob1379 made their first contribution in PyCQA/bandit#1351
• @​worksbyfriday made their first contribution in PyCQA/bandit#1361
• @​rcgray made their first contribution in PyCQA/bandit#1355

Full Changelog: PyCQA/bandit@1.9.3...1.9.4

Commits

• 92ae8b8 Fix B106 reporting wrong line number on multiline function calls (#1360)
• c8c8a55 Lower version guard in check_ast_node to Python 3.12 (#1355)
• 8f2f928 Fix B615 false positive when revision is set via variable (#1358)
• e27493f Include filename in nosec 'no failed test' warning (#1363)
• b69b336 Fix B613 crash when reading from stdin (#1361)
• e418b79 Bump docker/build-push-action from 6.18.0 to 6.19.2 (#1357)
• ff646fd Bump docker/login-action from 3.6.0 to 3.7.0 (#1353)
• c0def6c chore: fixed some typos in comments (#1351)
• See full diff in compare view

Updates responses from 0.25.8 to 0.26.0

Release notes

Sourced from responses's releases.

0.26.0

• When using assert_all_requests_are_fired=True, assertions about unfired requests are now raised even when an exception occurs in the context manager or decorated function. Previously, these assertions were suppressed when exceptions occurred. This new behavior provides valuable debugging context about which mocked requests were or weren't called.
• Consider the Retry-After header when handling retries

Changelog

Sourced from responses's changelog.

0.26.0

• When using assert_all_requests_are_fired=True, assertions about unfired requests are now raised even when an exception occurs in the context manager or decorated function. Previously, these assertions were suppressed when exceptions occurred. This new behavior provides valuable debugging context about which mocked requests were or weren't called.
• Consider the Retry-After header when handling retries

Commits

• 94913d0 release: 0.26.0
• 051b79e Make assert_all_requests_are_fired always assert on exception (#782)
• 0905cb8 Fix query_param_matcher not matching empty query parameter values (#787)
• e0c6faa ci(release): Switch from action-prepare-release to Craft (#785)
• 1be3a73 fix: Consider the Retry-After header when handling retries (#784)
• c6730fb Merge branch 'release/0.25.8'
• See full diff in compare view

Updates ruff from 0.15.1 to 0.15.4

Release notes

Sourced from ruff's releases.

0.15.4

Release Notes

Released on 2026-02-26.

This is a follow-up release to 0.15.3 that resolves a panic when the new rule PLR1712 was enabled with any rule that analyzes definitions, such as many of the ANN or D rules.

Bug fixes

• Fix panic on access to definitions after analyzing definitions (#23588)
• [pyflakes] Suppress false positive in F821 for names used before del in stub files (#23550)

Documentation

• Clarify first-party import detection in Ruff (#23591)
• Fix incorrect import-heading example (#23568)

Contributors

• @​stakeswky
• @​ntBre
• @​thejcannon
• @​GeObts

Install ruff 0.15.4

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.ps1 | iex"

Download ruff 0.15.4

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ruff-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
ruff-i686-pc-windows-msvc.zip	x86 Windows	checksum
ruff-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
ruff-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
ruff-i686-unknown-linux-gnu.tar.gz	x86 Linux	checksum
ruff-powerpc64-unknown-linux-gnu.tar.gz	PPC64 Linux	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.4

Released on 2026-02-26.

This is a follow-up release to 0.15.3 that resolves a panic when the new rule PLR1712 was enabled with any rule that analyzes definitions, such as many of the ANN or D rules.

Bug fixes

• Fix panic on access to definitions after analyzing definitions (#23588)
• [pyflakes] Suppress false positive in F821 for names used before del in stub files (#23550)

Documentation

• Clarify first-party import detection in Ruff (#23591)
• Fix incorrect import-heading example (#23568)

Contributors

• @​stakeswky
• @​ntBre
• @​thejcannon
• @​GeObts

0.15.3

Released on 2026-02-26.

Preview features

• Drop explicit support for .qmd file extension (#23572)

  This can now be enabled instead by setting the extension option:

  # ruff.toml
  extension = { qmd = "markdown" }
  pyproject.toml
  [tool.ruff]
  extension = { qmd = "markdown" }

• Include configured extensions in file discovery (#23400)

• [flake8-bandit] Allow suspicious imports in TYPE_CHECKING blocks (S401-S415) (#23441)

• [flake8-bugbear] Allow B901 in pytest hook wrappers (#21931)

• [flake8-import-conventions] Add missing conventions from upstream (ICN001, ICN002) (#21373)

... (truncated)

Commits

• f14edd8 Bump 0.15.4 (#23595)
• fd09d37 Fix panic on access to definitions after analyzing definitions (#23588)
• 81d655f [pyflakes] suppress false positive in F821 for names used before del in...
• 625b4f5 [ruff] docs: Clarify first-party import detection in Ruff (#23591)
• 60facfa one word typo fix in a while_loop.md test case (#23589)
• fbb9fa7 docs: fix incorrect import-heading example (#23568)
• 5bc49a9 Increase the ruleset size to 16 bits (#23586)
• a62ba8c [ty] Fix overloaded callable assignability for unary Callable targets (#23277)
• e5f2f36 Bump 0.15.3 (#23585)
• 0e19fc9 [ty] defer calculating conjunctions in narrowing constraints (#23552)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

The minor update of this production dependency was not automatically approved. For production dependencies, these semver updates can be automatically approved: patch

[JCMOSCON1976]

Approved