Bump the python-dependencies group across 1 directory with 17 updates by dependabot[bot] · Pull Request #2366 · Materials-Consortia/optimade-python-tools

dependabot · 2026-04-22T07:28:44Z

Bumps the python-dependencies group with 17 updates in the / directory:

Package	From	To
pydantic	`2.12.5`	`2.13.3`
pydantic-settings	`2.12.0`	`2.14.0`
requests	`2.32.5`	`2.33.1`
elasticsearch	`7.17.12`	`7.17.13`
pymongo	`4.15.5`	`4.17.0`
uvicorn	`0.40.0`	`0.45.0`
fastapi	`0.127.0`	`0.136.0`
starlette	`0.50.0`	`1.0.0`
aiida-core	`2.7.2`	`2.8.0`
rich	`14.2.0`	`15.0.0`
ase	`3.26.0`	`3.28.0`
mike	`2.1.3`	`2.2.0`
mkdocs-autorefs	`1.4.3`	`1.4.4`
mkdocs-material	`9.7.1`	`9.7.6`
mkdocstrings	`1.0.0`	`1.0.4`
griffe	`1.15.0`	`2.0.2`
jarvis-tools	`2025.5.30`	`2026.4.2`

Updates pydantic from 2.12.5 to 2.13.3

Release notes

Sourced from pydantic's releases.

v2.13.3 2026-04-20

v2.13.3 (2026-04-20)

What's Changed

Fixes

Handle AttributeError subclasses with from_attributes by @Viicos in #13096

Full Changelog: pydantic/pydantic@v2.13.2...v2.13.3

v2.13.2 2026-04-17

v2.13.2 (2026-04-17)

What's Changed

Fixes

Fix ValidationInfo.field_name missing with model_validate_json() by @Viicos in #13084

Full Changelog: pydantic/pydantic@v2.13.1...v2.13.2

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

Fix ValidationInfo.data missing with model_validate_json() by @davidhewitt in #13079

Full Changelog: pydantic/pydantic@v2.13.0...v2.13.1

v2.13.0 2026-04-13

v2.13.0 (2026-04-13)

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

Packaging

Add zizmor for GitHub Actions workflow linting by @Viicos in #13039

Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by @Viicos in #13064

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.13.3 (2026-04-20)

GitHub release

What's Changed

Fixes

Handle AttributeError subclasses with from_attributes by @Viicos in #13096

v2.13.2 (2026-04-17)

GitHub release

What's Changed

Fixes

Fix ValidationInfo.field_name missing with model_validate_json() by @Viicos in #13084

v2.13.1 (2026-04-15)

GitHub release

What's Changed

Fixes

Fix ValidationInfo.data missing with model_validate_json() by @davidhewitt in #13079

v2.13.0 (2026-04-13)

GitHub release

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

New Features

Allow default factories of private attributes to take validated model data by @Viicos in #13013

Changes

... (truncated)

Commits

9e9a111 Fix backported test
1ec8c6a Prepare release v2.13.3
fb4f204 Handle AttributeError subclasses with from_attributes
ca3ddd1 Prepare release v2.13.2
000e823 Fix ValidationInfo.field_name missing with model_validate_json()
d45d8be Prepare release 2.13.1
54aca60 Fix ValidationInfo.data missing with model_validate_json()
46bf4fa Fix Pydantic release workflow (#13067)
1b359ed Prepare release v2.13.0 (#13065)
b1bf194 Fix model equality when using runtime extra configuration (#13062)
Additional commits viewable in compare view

Updates pydantic-settings from 2.12.0 to 2.14.0

Release notes

Sourced from pydantic-settings's releases.

v2.14.0

What's Changed

Fix parsing env vars into Optional Strict types by @hramezani in pydantic/pydantic-settings#792

Fix RecursionError with mutually recursive models in CLI by @hramezani in pydantic/pydantic-settings#794

Fix env_file from model_config ignored in CliApp.run() (#795) by @hramezani in pydantic/pydantic-settings#796

Update dependencies by @hramezani in pydantic/pydantic-settings#798

Add Dependabot configuration by @hramezani in pydantic/pydantic-settings#801

Bump samuelcolvin/check-python-version from 4.1 to 5 by @dependabot[bot] in pydantic/pydantic-settings#802

Bump actions/upload-artifact from 4 to 7 by @dependabot[bot] in pydantic/pydantic-settings#803

Bump actions/checkout from 4 to 6 by @dependabot[bot] in pydantic/pydantic-settings#804

Bump astral-sh/setup-uv from 5 to 7 by @dependabot[bot] in pydantic/pydantic-settings#805

Bump actions/setup-python from 5 to 6 by @dependabot[bot] in pydantic/pydantic-settings#806

Ignore chardet and group GitHub Actions in Dependabot by @hramezani in pydantic/pydantic-settings#808

Bump actions/download-artifact from 4 to 8 in the github-actions group by @dependabot[bot] in pydantic/pydantic-settings#809

Bump the python-packages group with 2 updates by @dependabot[bot] in pydantic/pydantic-settings#810

Support reading .env files from FIFOs (e.g. 1Password Environments) by @JacobHayes in pydantic/pydantic-settings#776

Fix AliasChoices ignored when changing provider priority by @hramezani in pydantic/pydantic-settings#813

fix: resolve KeyError in run_subcommand for underscore field names by @bradykieffer in pydantic/pydantic-settings#799

Bump the python-packages group with 3 updates by @dependabot[bot] in pydantic/pydantic-settings#814

Fix Literal[numeric Enum] coercion for CLI and env vars by @m9810223 in pydantic/pydantic-settings#811

Fix nested discriminated unions not discovered by env/CLI providers by @hramezani in pydantic/pydantic-settings#816

Bump the python-packages group with 3 updates by @dependabot[bot] in pydantic/pydantic-settings#820

CLI ensure env nested max split internally. by @kschwab in pydantic/pydantic-settings#821

Bump the python-packages group with 4 updates by @dependabot[bot] in pydantic/pydantic-settings#824

Migrate boto3-stubs to types-boto3 by @hramezani in pydantic/pydantic-settings#831

Fix CLI not recognizing field name with validate_by_name and AliasChoices by @hramezani in pydantic/pydantic-settings#826

Allow customisation of the dotevn setting source to filter variables by @CaselIT in pydantic/pydantic-settings#832

Bump the python-packages group with 3 updates by @dependabot[bot] in pydantic/pydantic-settings#833

Introduce yamlfmt by @Viicos in pydantic/pydantic-settings#836

Bump boto3 from 1.42.82 to 1.42.83 in the python-packages group by @dependabot[bot] in pydantic/pydantic-settings#837

Introduce zizmor by @Viicos in pydantic/pydantic-settings#838

Fix CliPositionalArg[list[CustomType]] crash for custom types by @hramezani in pydantic/pydantic-settings#839

Add note about Mypy plugin for BaseSettings.__init__() by @Viicos in pydantic/pydantic-settings#842

Fix cli_ignore_unknown_args=True not working on subcommands by @hramezani in pydantic/pydantic-settings#844

Bump the python-packages group with 4 updates by @dependabot[bot] in pydantic/pydantic-settings#847

Fix CLI descriptions lost under python -OO by falling back to json_schema_extra by @hramezani in pydantic/pydantic-settings#843

Prepare release 2.14.0 by @hramezani in pydantic/pydantic-settings#848

New Contributors

@dependabot[bot] made their first contribution in pydantic/pydantic-settings#802

@JacobHayes made their first contribution in pydantic/pydantic-settings#776

@bradykieffer made their first contribution in pydantic/pydantic-settings#799

@CaselIT made their first contribution in pydantic/pydantic-settings#832

Full Changelog: pydantic/pydantic-settings@v2.13.1...v2.14.0

v2.13.1

What's Changed

Fix regression for bool fields since 2.13.0 by @hramezani in pydantic/pydantic-settings#784

Fix RecursionError with self-referential models in CliApp by @hramezani in pydantic/pydantic-settings#783

... (truncated)

Commits

8916bee Prepare release 2.14.0 (#848)
39e551c Fix CLI descriptions lost under python -OO by falling back to `json_schema_...
9ed7f48 Bump the python-packages group with 4 updates (#847)
617c690 Fix cli_ignore_unknown_args=True not working on subcommands (#844)
577c05f Add note about Mypy plugin for BaseSettings.__init__() (#842)
2355bc5 Fix CliPositionalArg[list[CustomType]] crash for custom types (#839)
16bd6fd Introduce zizmor (#838)
df8b239 Bump boto3 from 1.42.82 to 1.42.83 in the python-packages group (#837)
c5401a2 Introduce yamlfmt (#836)
953e28e Bump the python-packages group with 3 updates (#833)
Additional commits viewable in compare view

Updates requests from 2.32.5 to 2.33.1

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)

Fixed Content-Type header parsing for malformed values. (#7309)

Improved error consistency for malformed header values. (#7308)

New Contributors

@ferdnyc made their first contribution in psf/requests#7277

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

v2.33.0

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

New Contributors

@M0d3v1 made their first contribution in psf/requests#6865

@aminvakil made their first contribution in psf/requests#7220

@E8Price made their first contribution in psf/requests#6960

@mitre88 made their first contribution in psf/requests#7244

@magsen made their first contribution in psf/requests#6553

@Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)

Fixed Content-Type header parsing for malformed values. (#7309)

Improved error consistency for malformed header values. (#7308)

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

Commits

111d2b7 v2.33.1
f0198e6 Fix malformed value parsing for Content-Type (#7309)
bc7dd0f Fix cosmetic header validity parsing regex (#7308)
4443b1a Fix unintended test extra (#7306)
389eea5 Cleanup extracted file after extract_zipped_path test (#7305)
7407309 Packaging: DRY out extras definition (#7277)
bc04dfd v2.33.0
66d21cb Merge commit from fork
8b9bc8f Move badges to top of README (#7293)
e331a28 Remove unused extraction call (#7292)
Additional commits viewable in compare view

Updates elasticsearch from 7.17.12 to 7.17.13

Commits

See full diff in compare view

Updates pymongo from 4.15.5 to 4.17.0

Release notes

Sourced from pymongo's releases.

PyMongo 4.17.0

Community notes

What's Changed

refactor(ci): replace shell=True and awk pipes with native Python by @RinZ27 in mongodb/mongo-python-driver#2671

PYTHON-5697 - Migrate 8.0+ tests to Windows 2022 by @NoahStapp in mongodb/mongo-python-driver#2681

[Spec Resync] 01-19-2026 by @mongodb-drivers-pr-bot[bot] in mongodb/mongo-python-driver#2680

Bump pyright from 1.1.407 to 1.1.408 by @dependabot[bot] in mongodb/mongo-python-driver#2675

PYTHON-5692 - [Infrastructure] Improve dependabot version updates by @NoahStapp in mongodb/mongo-python-driver#2682

PYTHON-5605 - Drop usage of Ubuntu 20 by @NoahStapp in mongodb/mongo-python-driver#2683

PYTHON-5699 & PYTHON-5698 [Spec Resync] 01-26-2026 by @mongodb-drivers-pr-bot[bot] in mongodb/mongo-python-driver#2685

PYTHON-5703 Use Ubuntu24 for AWS Auth tests by @blink1073 in mongodb/mongo-python-driver#2686

PYTHON-5704 Skip free-threading for enterprise auth builds by @blink1073 in mongodb/mongo-python-driver#2687

Bump astral-sh/setup-uv from 7.1.6 to 7.2.0 in the actions group across 1 directory by @dependabot[bot] in mongodb/mongo-python-driver#2684

Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 in the actions group by @dependabot[bot] in mongodb/mongo-python-driver#2692

PYTHON-1357 - Refactor Cursor and CommandCursor by @NoahStapp in mongodb/mongo-python-driver#2691

[Spec Resync] 02-02-2026 by @mongodb-drivers-pr-bot[bot] in mongodb/mongo-python-driver#2694

PYTHON-5467 Add codecov integration by @blink1073 in mongodb/mongo-python-driver#2690

Bump astral-sh/setup-uv from 7.2.0 to 7.2.1 in the actions group by @dependabot[bot] in mongodb/mongo-python-driver#2700

PYTHON-XXXX Fixed typo in Running Tests Locally section. by @caseyclements in mongodb/mongo-python-driver#2698

PYTHON-5467 Fix codecov upload by @blink1073 in mongodb/mongo-python-driver#2701

PYTHON-5467 Fix codecov upload on Evergreen by @blink1073 in mongodb/mongo-python-driver#2702

PYTHON-5715 Add appName to OIDC test failpoints by @blink1073 in mongodb/mongo-python-driver#2697

PYTHON-5705 Improve fallback for PyOpenSSL windows system certs loading by @blink1073 in mongodb/mongo-python-driver#2688

PYTHON-3898 Add coverage to all variants by @blink1073 in mongodb/mongo-python-driver#2705

PYTHON-5729 Pin setuptools when using older gevent by @blink1073 in mongodb/mongo-python-driver#2708

Bump the actions group with 2 updates by @dependabot[bot] in mongodb/mongo-python-driver#2711

PYTHON-5708 Temporarily skip some BSON encryption tests by @blink1073 in mongodb/mongo-python-driver#2709

PYTHON-5732 Use mongodb-runner in Evergreen Tests by @blink1073 in mongodb/mongo-python-driver#2703

PYTHON-5731 - Server selection deprioritization only for overload errors on replica sets by @NoahStapp in mongodb/mongo-python-driver#2710

PYTHON-5737 - BSON encoding/decoding performance improvements by @NoahStapp in mongodb/mongo-python-driver#2715

[Spec Resync] 03-02-2026 by @mongodb-drivers-pr-bot[bot] in mongodb/mongo-python-driver#2716

Python 4542 - Improved sessions API by @NoahStapp in mongodb/mongo-python-driver#2712

PYTHON-5742 - Add Copilot instructions by @NoahStapp in mongodb/mongo-python-driver#2717

PYTHON-5747 Add jira link to spec resync PR by @sleepyStick in mongodb/mongo-python-driver#2723

PYTHON-5114 Test suite reduce killAllSessions calls by @ShaneHarvey in mongodb/mongo-python-driver#2721

PYTHON-5748 Remove unused SpecRunner class by @ShaneHarvey in mongodb/mongo-python-driver#2725

PYTHON-5754 Fix USE_ACTIVE_VENV support by @aclark4life in mongodb/mongo-python-driver#2728

PYTHON-5753 Add just recipes for running coverage tests locally by @aclark4life in mongodb/mongo-python-driver#2727

PYTHON-5758 Remove unused validation functions by @aclark4life in mongodb/mongo-python-driver#2733

PYTHON-5757 Deprecate Python 2 methods in SON by @aclark4life in mongodb/mongo-python-driver#2732

PYTHON-5766 Add codecov badge to readme by @aclark4life in mongodb/mongo-python-driver#2737

Bump the actions group across 1 directory with 4 updates by @dependabot[bot] in mongodb/mongo-python-driver#2736

[Spec Resync] 03-30-2026 by @mongodb-drivers-pr-bot[bot] in mongodb/mongo-python-driver#2741

Bump astral-sh/setup-uv from 7.3.0 to 7.6.0 in the actions group by @dependabot[bot] in mongodb/mongo-python-driver#2740

PYTHON-5401: Add AI Generated Contributions Policy by @Jibola in mongodb/mongo-python-driver#2696

PYTHON-5768 Add AGENTS.md w/copilot instructions by @aclark4life in mongodb/mongo-python-driver#2744

PYTHON-5791 - test_list_database_names should not check ordering by @NoahStapp in mongodb/mongo-python-driver#2751

PYTHON-5668 - Merge backpressure branch into mainline by @NoahStapp in mongodb/mongo-python-driver#2729

PYTHON-5795 Fix absolute link to CONTRIBUTING.md in README.md by @aclark4life in mongodb/mongo-python-driver#2756

... (truncated)

Changelog

Sourced from pymongo's changelog.

Changes in Version 4.17.0 (2026/04/20)

PyMongo 4.17 brings a number of changes including:

has_key, iterkeys and itervalues in :class:bson.son.SON have been deprecated and will be removed in PyMongo 5.0. These methods were deprecated in favor of the standard dictionary containment operator in and the keys() and values() methods, respectively.

Added the :meth:~pymongo.asynchronous.client_session.AsyncClientSession.bind and :meth:~pymongo.client_session.ClientSession.bind methods that allow users to bind a session to all database operations within the scope of a context manager instead of having to explicitly pass the session to each individual operation. See the Transactions docs <https://www.mongodb.com/docs/languages/python/pymongo-driver/current/crud/transactions/#methods>_ for examples and more information.

Added support for MongoDB's Intelligent Workload Management (IWM) and ingress connection rate limiting features. The driver now gracefully handles write-blocking scenarios and optimizes connection establishment during high-load conditions to maintain application availability. See the IWM <https://www.mongodb.com/docs/atlas/intelligent-workload-management>_ or Overload Errors <https://www.mongodb.com/docs/atlas/overload-errors/?interface=driver&language=python>_ docs for more information.

Changes in Version 4.16.0 (2026/01/07)

PyMongo 4.16 brings a number of changes including:

Removed invalid documents from :class:bson.errors.InvalidDocument error messages as doing so may leak sensitive user data. Instead, invalid documents are stored in :attr:bson.errors.InvalidDocument.document.

PyMongo now requires dnspython>=2.6.1, since dnspython 1.0 is no longer maintained. The minimum version is 2.6.1 to account for CVE-2023-29483 <https://www.cve.org/CVERecord?id=CVE-2023-29483>_.

Removed support for Eventlet. Eventlet is actively being sunset by its maintainers and has compatibility issues with PyMongo's dnspython dependency.

Use Zstandard support from the standard library for Python 3.14+, and use backports.zstd for older versions.

Fixed return type annotation for find_one_and_* methods on :class:~pymongo.asynchronous.collection.AsyncCollection and :class:~pymongo.synchronous.collection.Collection to include None.

Added support for NumPy 1D-arrays in :class:bson.binary.BinaryVector.

Prevented :class:~pymongo.encryption.ClientEncryption from loading the crypt shared library to fix "MongoCryptError: An existing crypt_shared library is loaded by the application" unless the linked library search path is set.

Commits

f2103a9 Prep branch v4.17
3491c08 PYTHON-5801 - Update changelog for 4.17 release (#2762)
912ef33 PYTHON-5798 - Overload retargeting prose tests do not ensure that sec… (#2760)
b4e2c03 PYTHON-5800 - Simple collation is included in index information (#2761)
f31ba09 PYTHON-5797 - Add IWM and Overload Error links to changelog (#2757)
5da9183 PYTHON-5794 - Add prose tests to verify correct retry behavior when a… (#2755)
35e51a5 Revert "PYTHON-5768 Add AGENTS.md w/copilot instructions" (#2744) (#2754)
f41dd5c PYTHON-5772 Increase _gcp_helpers.py coverage (#2749)
49e7a05 PYTHON-5760 Increase _azure_helpers.py coverage (#2747)
a2b0cd8 PYTHON-5795 Fix absolute link to CONTRIBUTING.md in README.md (#2756)
Additional commits viewable in compare view

Updates uvicorn from 0.40.0 to 0.45.0

Release notes

Sourced from uvicorn's releases.

Version 0.45.0

What's Changed

Preserve forwarded client ports in proxy headers middleware by @Kludex in Kludex/uvicorn#2903

Accept os.PathLike for log_config by @Kludex in Kludex/uvicorn#2905

Accept log_level strings case-insensitively by @Kludex in Kludex/uvicorn#2907

Raise helpful ImportError when PyYAML is missing for YAML log config by @Kludex in Kludex/uvicorn#2906

Revert empty context for ASGI runs by @Kludex in Kludex/uvicorn#2911

Add --reset-contextvars flag to isolate ASGI request context by @Kludex in Kludex/uvicorn#2912

Revert "Emit http.disconnect on server shutdown for streaming responses" (#2829) by @Kludex in Kludex/uvicorn#2913

New Contributors

@Krishnachaitanyakc made their first contribution in Kludex/uvicorn#2870

Full Changelog: Kludex/uvicorn@0.44.0...0.45.0

Version 0.44.0

What's Changed

Implement websocket keepalive pings for websockets-sansio by @Kludex in Kludex/uvicorn#2888

Full Changelog: Kludex/uvicorn@0.43.0...0.44.0

Version 0.43.0

Changed

Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)

Use native context parameter for create_task on Python 3.11+ (#2859)

Drop cast in ASGI types (#2875)

Full Changelog: Kludex/uvicorn@0.42.0...0.43.0

Version 0.42.0

Changed

Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

Escape brackets and backslash in httptools HEADER_RE regex (#2824)

Fix multiple issues in websockets sans-io implementation (#2825)

New Contributors

@bysiber made their first contribution in Kludex/uvicorn#2825

... (truncated)

Changelog

Sourced from uvicorn's changelog.

0.45.0 (April 21, 2026)

Added

Add --reset-contextvars flag to isolate ASGI request context (#2912)

Accept os.PathLike for log_config (#2905)

Accept log_level strings case-insensitively (#2907)

Changed

Revert "Emit http.disconnect on server shutdown for streaming responses" (#2913)

Revert "Explicitly start ASGI run with empty context" (#2911)

Fixed

Preserve forwarded client ports in proxy headers middleware (#2903)

Raise helpful ImportError when PyYAML is missing for YAML log config (#2906)

0.44.0 (April 6, 2026)

Added

Implement websocket keepalive pings for websockets-sansio (#2888)

0.43.0 (April 3, 2026)

You can quit Uvicorn now. We heard you, @pamelafox - all 47 of your Ctrl+C's (thanks for flagging it, and thanks to @tiangolo for the fix 🙏). See the tweet.

Changed

Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)

Use native context parameter for create_task on Python 3.11+ (#2859)

Drop cast in ASGI types (#2875)

0.42.0 (March 16, 2026)

Changed

Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

Escape brackets and backslash in httptools HEADER_RE regex (#2824)

Fix multiple issues in websockets sans-io implementation (#2825)

0.41.0 (February 16, 2026)

Added

Add --limit-max-requests-jitter to stagger worker restarts (#2707)

... (truncated)

Commits

2c423bd Version 0.45.0 (#2914)
7f027f8 Revert "Emit http.disconnect on server shutdown for streaming responses" (#...
73a80c3 Add --reset-contextvars flag to isolate ASGI request context (#2912)
45c0b56 Revert empty context for ASGI runs (#2911)
850d926 Raise helpful ImportError when PyYAML is missing for YAML log config (#2906)
fdcacb4 Accept log_level strings case-insensitively (#2907)
70f247f Accept os.PathLike for log_config (#2905)
18edfa7 Preserve forwarded client ports in proxy headers middleware (#2903)
77843e0 Stabilize websocket keepalive ping test (#2904)
3703339 chore(deps-dev): bump pytest from 9.0.2 to 9.0.3 (#2902)
Additional commits viewable in compare view

Updates fastapi from 0.127.0 to 0.136.0

Release notes

Sourced from fastapi's releases.

0.136.0

Upgrades

⬆️ Support free-threaded Python 3.14t. PR #15149 by @svlandeg.

0.135.4

Refactors

🔥 Remove April Fool's @app.vibe() 🤪. PR #15363 by @tiangolo.

Internal

⬆ Bump cryptography from 46.0.5 to 46.0.7. PR #15314 by @dependabot[bot].

⬆ Bump strawberry-graphql from 0.307.1 to 0.312.3. PR #15309 by @dependabot[bot].

🔨 Add pre-commit hook to ensure latest release header has date. PR #15293 by @YuriiMotov.

0.135.3

Features

✨ Add support for @app.vibe(). PR #15280 by @tiangolo.

New docs: Vibe Coding.

Docs

✏️ Fix typo for client_secret in OAuth2 form docstrings. PR #14946 by @bysiber.

Internal

👥 Update FastAPI People - Experts. PR #15279 by @tiangolo.

⬆ Bump orjson from 3.11.7 to 3.11.8. PR #15276 by @dependabot[bot].

⬆ Bump ruff from 0.15.0 to 0.15.8. PR #15277 by @dependabot[bot].

👥 Update FastAPI GitHub topic repositories. PR #15274 by @tiangolo.

⬆ Bump fastmcp from 2.14.5 to 3.2.0. PR #15267 by @dependabot[bot].

👥 Update FastAPI People - Contributors and Translators. PR #15270 by @tiangolo.

⬆ Bump requests from 2.32.5 to 2.33.0. PR #15228 by @dependabot[bot].

👷 Add ty check to lint.sh. PR #15136 by @svlandeg.

0.135.2

Upgrades

⬆️ Increase lower bound to pydantic >=2.9.0. and fix the test suite. PR #15139 by @svlandeg.

Docs

📝 Add missing last release notes dates. PR #15202 by @tiangolo.

📝 Update docs for contributors and team members regarding translation PRs. PR #15200 by @YuriiMotov.

💄 Fix code blocks in reference docs overflowing table width. PR #15094 by @YuriiMotov.

📝 Fix duplicated words in docstrings. PR #15116 by @AhsanSheraz.

📝 Add docs for pyproject.toml with entrypoint. PR #15075 by @tiangolo.

📝 Update links in docs to no longer use the classes external-link and internal-link. PR #15061 by ...
Description has been truncated

codecov · 2026-04-22T08:40:10Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.56%. Comparing base (28f7ee2) to head (55b1305).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2366   +/-   ##
=======================================
  Coverage   90.56%   90.56%           
=======================================
  Files          75       75           
  Lines        5032     5034    +2     
=======================================
+ Hits         4557     4559    +2     
  Misses        475      475

Flag	Coverage Δ
project	`90.56% <100.00%> (+<0.01%)`	⬆️
validator	`90.56% <100.00%> (+<0.01%)`	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

CasperWA · 2026-04-22T08:57:44Z

@ml-evs if these updates are good for you, please merge :)

ml-evs · 2026-04-23T12:54:19Z

@ml-evs if these updates are good for you, please merge :)

Wow, I haven't kept up with all this starlette drama... the fix looks and works fine, will just have to keep an eye on how FastAPI want to manage this deprecation.

Bumps the python-dependencies group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.3` | | [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.12.0` | `2.14.0` | | [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.1` | | [elasticsearch](https://github.com/elastic/elasticsearch-py) | `7.17.12` | `7.17.13` | | [pymongo](https://github.com/mongodb/mongo-python-driver) | `4.15.5` | `4.17.0` | | [uvicorn](https://github.com/Kludex/uvicorn) | `0.40.0` | `0.45.0` | | [fastapi](https://github.com/fastapi/fastapi) | `0.127.0` | `0.136.0` | | [starlette](https://github.com/Kludex/starlette) | `0.50.0` | `1.0.0` | | [aiida-core](https://github.com/aiidateam/aiida-core) | `2.7.2` | `2.8.0` | | [rich](https://github.com/Textualize/rich) | `14.2.0` | `15.0.0` | | [ase](https://gitlab.com/ase/ase) | `3.26.0` | `3.28.0` | | [mike](https://github.com/jimporter/mike) | `2.1.3` | `2.2.0` | | [mkdocs-autorefs](https://github.com/mkdocstrings/autorefs) | `1.4.3` | `1.4.4` | | [mkdocs-material](https://github.com/squidfunk/mkdocs-material) | `9.7.1` | `9.7.6` | | [mkdocstrings](https://github.com/mkdocstrings/mkdocstrings) | `1.0.0` | `1.0.4` | | [griffe](https://github.com/mkdocstrings/griffe) | `1.15.0` | `2.0.2` | | [jarvis-tools](https://github.com/atomgptlab/jarvis-tools) | `2025.5.30` | `2026.4.2` | Updates `pydantic` from 2.12.5 to 2.13.3 - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](pydantic/pydantic@v2.12.5...v2.13.3) Updates `pydantic-settings` from 2.12.0 to 2.14.0 - [Release notes](https://github.com/pydantic/pydantic-settings/releases) - [Commits](pydantic/pydantic-settings@v2.12.0...v2.14.0) Updates `requests` from 2.32.5 to 2.33.1 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.5...v2.33.1) Updates `elasticsearch` from 7.17.12 to 7.17.13 - [Release notes](https://github.com/elastic/elasticsearch-py/releases) - [Commits](https://github.com/elastic/elasticsearch-py/commits) Updates `pymongo` from 4.15.5 to 4.17.0 - [Release notes](https://github.com/mongodb/mongo-python-driver/releases) - [Changelog](https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst) - [Commits](mongodb/mongo-python-driver@4.15.5...4.17.0) Updates `uvicorn` from 0.40.0 to 0.45.0 - [Release notes](https://github.com/Kludex/uvicorn/releases) - [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md) - [Commits](Kludex/uvicorn@0.40.0...0.45.0) Updates `fastapi` from 0.127.0 to 0.136.0 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.127.0...0.136.0) Updates `starlette` from 0.50.0 to 1.0.0 - [Release notes](https://github.com/Kludex/starlette/releases) - [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md) - [Commits](Kludex/starlette@0.50.0...1.0.0) Updates `aiida-core` from 2.7.2 to 2.8.0 - [Release notes](https://github.com/aiidateam/aiida-core/releases) - [Changelog](https://github.com/aiidateam/aiida-core/blob/main/CHANGELOG.md) - [Commits](aiidateam/aiida-core@v2.7.2...v2.8.0) Updates `rich` from 14.2.0 to 15.0.0 - [Release notes](https://github.com/Textualize/rich/releases) - [Changelog](https://github.com/Textualize/rich/blob/master/CHANGELOG.md) - [Commits](Textualize/rich@v14.2.0...v15.0.0) Updates `ase` from 3.26.0 to 3.28.0 - [Changelog](https://gitlab.com/ase/ase/blob/master/CHANGELOG.rst) - [Commits](https://gitlab.com/ase/ase/compare/3.26.0...3.28.0) Updates `mike` from 2.1.3 to 2.2.0 - [Release notes](https://github.com/jimporter/mike/releases) - [Changelog](https://github.com/jimporter/mike/blob/master/CHANGES.md) - [Commits](jimporter/mike@v2.1.3...v2.2.0) Updates `mkdocs-autorefs` from 1.4.3 to 1.4.4 - [Release notes](https://github.com/mkdocstrings/autorefs/releases) - [Changelog](https://github.com/mkdocstrings/autorefs/blob/main/CHANGELOG.md) - [Commits](mkdocstrings/autorefs@1.4.3...1.4.4) Updates `mkdocs-material` from 9.7.1 to 9.7.6 - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](squidfunk/mkdocs-material@9.7.1...9.7.6) Updates `mkdocstrings` from 1.0.0 to 1.0.4 - [Release notes](https://github.com/mkdocstrings/mkdocstrings/releases) - [Changelog](https://github.com/mkdocstrings/mkdocstrings/blob/main/CHANGELOG.md) - [Commits](mkdocstrings/mkdocstrings@1.0.0...1.0.4) Updates `griffe` from 1.15.0 to 2.0.2 - [Release notes](https://github.com/mkdocstrings/griffe/releases) - [Changelog](https://github.com/mkdocstrings/griffe/blob/main/CHANGELOG.md) - [Commits](mkdocstrings/griffe@1.15.0...2.0.2) Updates `jarvis-tools` from 2025.5.30 to 2026.4.2 - [Release notes](https://github.com/atomgptlab/jarvis-tools/releases) - [Commits](https://github.com/atomgptlab/jarvis-tools/commits/v2026.4.2) --- updated-dependencies: - dependency-name: pydantic dependency-version: 2.13.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: pydantic-settings dependency-version: 2.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: requests dependency-version: 2.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: elasticsearch dependency-version: 7.17.13 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: pymongo dependency-version: 4.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: uvicorn dependency-version: 0.45.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: fastapi dependency-version: 0.136.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: starlette dependency-version: 1.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: python-dependencies - dependency-name: aiida-core dependency-version: 2.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: rich dependency-version: 15.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: python-dependencies - dependency-name: ase dependency-version: 3.28.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: mike dependency-version: 2.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: mkdocs-autorefs dependency-version: 1.4.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: mkdocs-material dependency-version: 9.7.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: mkdocstrings dependency-version: 1.0.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: griffe dependency-version: 2.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: python-dependencies - dependency-name: jarvis-tools dependency-version: 2026.4.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: python-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

The landing page Router is taken directly from Starlette, instead of via FastAPI's APIRouter implementation. This leads to an issue with the, now deprecated, implementation of events (on_startup, on_shutdown), which are still checked for and expected when FastAPI includes routers in other routers or its application. I've just copied over the workaround FastAPI itself have implemented in the init-method of APIRouter.

dependabot Bot added the dependency_updates Issues pertaining to updates to our dependencies that are breaking the eager build label Apr 22, 2026

dependabot Bot requested review from CasperWA and ml-evs as code owners April 22, 2026 07:28

CasperWA mentioned this pull request Apr 22, 2026

Bump requests from 2.32.5 to 2.33.0 #2360

Closed

CasperWA enabled auto-merge (squash) April 22, 2026 10:22

dependabot Bot and others added 2 commits April 23, 2026 13:54

ml-evs force-pushed the dependabot/pip/main/python-dependencies-77414d3949 branch from bc6a316 to 55b1305 Compare April 23, 2026 12:54

ml-evs approved these changes Apr 23, 2026

View reviewed changes

CasperWA merged commit 049c411 into main Apr 23, 2026
10 checks passed

CasperWA deleted the dependabot/pip/main/python-dependencies-77414d3949 branch April 23, 2026 13:01

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the python-dependencies group across 1 directory with 17 updates#2366

Bump the python-dependencies group across 1 directory with 17 updates#2366
CasperWA merged 2 commits intomainfrom
dependabot/pip/main/python-dependencies-77414d3949

dependabot Bot commented on behalf of github Apr 22, 2026

Uh oh!

codecov Bot commented Apr 22, 2026 •

edited

Loading

Uh oh!

CasperWA commented Apr 22, 2026

Uh oh!

ml-evs commented Apr 23, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

dependabot Bot commented on behalf of github Apr 22, 2026

v2.13.3 2026-04-20

v2.13.3 (2026-04-20)

What's Changed

Fixes

v2.13.2 2026-04-17

v2.13.2 (2026-04-17)

What's Changed

Fixes

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

v2.13.0 2026-04-13

v2.13.0 (2026-04-13)

What's Changed

Packaging

v2.13.3 (2026-04-20)

What's Changed

Fixes

v2.13.2 (2026-04-17)

What's Changed

Fixes

v2.13.1 (2026-04-15)

What's Changed

Fixes

v2.13.0 (2026-04-13)

What's Changed

New Features

Changes

v2.14.0

What's Changed

New Contributors

v2.13.1

What's Changed

v2.33.1

2.33.1 (2026-03-30)

New Contributors

v2.33.0

2.33.0 (2026-03-25)

New Contributors

2.33.1 (2026-03-30)

2.33.0 (2026-03-25)

PyMongo 4.17.0

What's Changed

Changes in Version 4.17.0 (2026/04/20)

Changes in Version 4.16.0 (2026/01/07)

Version 0.45.0

What's Changed

New Contributors

Version 0.44.0

What's Changed

Version 0.43.0

Changed

Version 0.42.0

Changed

Fixed

New Contributors

0.45.0 (April 21, 2026)

Added

Changed

Fixed

0.44.0 (April 6, 2026)

Added

0.43.0 (April 3, 2026)

Changed

0.42.0 (March 16, 2026)

Changed

Fixed

0.41.0 (February 16, 2026)

Added

0.136.0

Upgrades

0.135.4

Refactors

Internal

0.135.3

Features

Docs

codecov Bot commented Apr 22, 2026 •

edited

Loading