Skip to content

deps(pip): bump the production group across 1 directory with 4 updates#15

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/production-69cd6b7161
Closed

deps(pip): bump the production group across 1 directory with 4 updates#15
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/production-69cd6b7161

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown

Updates the requirements on httpx, tenacity, fastapi and uvicorn to permit the latest version.
Updates httpx to 0.28.1

Release notes

Sourced from httpx's releases.

Version 0.28.1

0.28.1 (6th December, 2024)

  • Fix SSL case where verify=False together with client side certificates.
Changelog

Sourced from httpx's changelog.

0.28.1 (6th December, 2024)

  • Fix SSL case where verify=False together with client side certificates.

0.28.0 (28th November, 2024)

Be aware that the default JSON request bodies now use a more compact representation. This is generally considered a prefered style, tho may require updates to test suites.

The 0.28 release includes a limited set of deprecations...

Deprecations:

We are working towards a simplified SSL configuration API.

For users of the standard verify=True or verify=False cases, or verify=<ssl_context> case this should require no changes. The following cases have been deprecated...

  • The verify argument as a string argument is now deprecated and will raise warnings.
  • The cert argument is now deprecated and will raise warnings.

Our revised SSL documentation covers how to implement the same behaviour with a more constrained API.

The following changes are also included:

  • The deprecated proxies argument has now been removed.
  • The deprecated app argument has now been removed.
  • JSON request bodies use a compact representation. (#3363)
  • Review URL percent escape sets, based on WHATWG spec. (#3371, #3373)
  • Ensure certifi and httpcore are only imported if required. (#3377)
  • Treat socks5h as a valid proxy scheme. (#3178)
  • Cleanup Request() method signature in line with client.request() and httpx.request(). (#3378)
  • Bugfix: When passing params={}, always strictly update rather than merge with an existing querystring. (#3364)

0.27.2 (27th August, 2024)

Fixed

  • Reintroduced supposedly-private URLTypes shortcut. (#2673)

0.27.1 (27th August, 2024)

Added

  • Support for zstd content decoding using the python zstandard package is added. Installable using httpx[zstd]. (#3139)

Fixed

  • Improved error messaging for InvalidURL exceptions. (#3250)
  • Fix app type signature in ASGITransport. (#3109)

0.27.0 (21st February, 2024)

... (truncated)

Commits

Updates tenacity to 9.1.4

Release notes

Sourced from tenacity's releases.

9.1.4

What's Changed

Full Changelog: jd/tenacity@9.1.3...9.1.4

Commits
  • d4e868d Fix retry() annotations with async sleep= function (#555)
  • 24415eb support async sleep for sync fn (#551)
  • 3bf33b4 chore: drop Python 3.9 support (EOL) (#552)
  • 7027da3 chore(deps): bump the github-actions group with 2 updates (#550)
  • 21ae7d0 docs: fix syntax error in wait_chain docstring example (#548)
  • ef12c9e chore(deps): bump actions/checkout in the github-actions group (#547)
  • c35a4b3 chore(deps): bump the github-actions group with 2 updates (#545)
  • e792bba ci: fix mypy (#546)
  • 0f55245 ci: remove reno requirements (#542)
  • 815c34f feat(wait): add wait_exception strategy (#541)
  • Additional commits viewable in compare view

Updates fastapi to 0.138.2

Commits
  • 702fea8 🔖 Release version 0.138.2 (#15864)
  • 6466865 📝 Update release notes
  • b790e14 ♻️ Make app.frontend() return 404 for methods other than GET or HEAD wi...
  • c2708d9 📝 Update release notes
  • 403b1fa 🔧 Update sponsors: remove Stainless (#15862)
  • 1929ac2 📝 Update release notes
  • cba4158 ♻️ Refactor how sponsors data is handled for banners (#15852)
  • b90c49a 🔖 Release version 0.138.1 (#15842)
  • 1f2f3df 📝 Update release notes
  • 0af003a ♻️ Refactor Library Skills, make info easier to find for agents (#15841)
  • Additional commits viewable in compare view

Updates uvicorn to 0.49.0

Release notes

Sourced from uvicorn's releases.

Version 0.49.0

What's Changed

Full Changelog: Kludex/uvicorn@0.48.0...0.49.0

Changelog

Sourced from uvicorn's changelog.

0.49.0 (June 3, 2026)

Changed

  • Bump httptools minimum version to 0.8.0 (#2962)
  • Consume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) (#2971)

0.48.0 (May 24, 2026)

Changed

  • Default ssl_ciphers to None and use OpenSSL defaults (#2940)

Fixed

  • Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)

0.47.0 (May 14, 2026)

Added

  • Add ssl_context_factory for custom SSLContext configuration (#2920)

Changed

  • Eagerly import the ASGI app in the parent process (#2919)

Fixed

  • Treat fd=0 as a valid file descriptor with reload/workers (#2927)

0.46.0 (April 23, 2026)

Added

  • Support ws_max_size in wsproto implementation (#2915)
  • Support ws_ping_interval and ws_ping_timeout in wsproto implementation (#2916)

Changed

  • Use bytearray for incoming WebSocket message buffer in websockets-sansio (#2917)

0.45.0 (April 21, 2026)

Added

  • Add --reset-contextvars flag to isolate ASGI request context (#2912)
  • Accept os.PathLike for log_config (#2905)
  • Accept log_level strings case-insensitively (#2907)

... (truncated)

Commits
  • 3ef2e3e Version 0.49.0 (#2973)
  • eeb64b1 Consume duplicate forwarding headers in ProxyHeadersMiddleware (#2971)
  • 630f4ac Make the watchfiles reload tests deterministic (#2972)
  • 9154922 chore(deps): bump the github-actions group across 1 directory with 6 updates ...
  • 739727a Migrate docs deploy from Cloudflare Pages to Workers (#2967)
  • be4a240 Gate docs preview deploy on Cloudflare token presence (#2966)
  • c489d7e Bump httptools minimum version to 0.8.0 (#2962)
  • 9f547bd Skip docs preview deploy for Dependabot PRs (#2961)
  • 44446b8 Migrate documentation from MkDocs Material to Zensical (#2959)
  • cfd659c Bump pymdown-extensions to 10.21.3 (#2958)
  • Additional commits viewable in compare view

@dependabot @github

dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot force-pushed the dependabot/pip/production-69cd6b7161 branch 3 times, most recently from 3db7d51 to f9ffce1 Compare June 28, 2026 00:27
@dependabot dependabot Bot force-pushed the dependabot/pip/production-69cd6b7161 branch from f9ffce1 to 00ba7b8 Compare June 28, 2026 22:05
Updates the requirements on [httpx](https://github.com/encode/httpx), [tenacity](https://github.com/jd/tenacity), [fastapi](https://github.com/fastapi/fastapi) and [uvicorn](https://github.com/Kludex/uvicorn) to permit the latest version.

Updates `httpx` to 0.28.1
- [Release notes](https://github.com/encode/httpx/releases)
- [Changelog](https://github.com/encode/httpx/blob/master/CHANGELOG.md)
- [Commits](encode/httpx@0.24.0...0.28.1)

Updates `tenacity` to 9.1.4
- [Release notes](https://github.com/jd/tenacity/releases)
- [Commits](jd/tenacity@8.2.0...9.1.4)

Updates `fastapi` to 0.138.2
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.95.0...0.138.2)

Updates `uvicorn` to 0.49.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.22.0...0.49.0)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.128.8
  dependency-type: direct:production
  dependency-group: production
- dependency-name: httpx
  dependency-version: 0.28.1
  dependency-type: direct:production
  dependency-group: production
- dependency-name: tenacity
  dependency-version: 9.1.2
  dependency-type: direct:production
  dependency-group: production
- dependency-name: uvicorn
  dependency-version: 0.39.0
  dependency-type: direct:production
  dependency-group: production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/production-69cd6b7161 branch from 00ba7b8 to a8a9d47 Compare June 30, 2026 12:11
@dependabot @github

dependabot Bot commented on behalf of github Jul 5, 2026

Copy link
Copy Markdown
Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 5, 2026
@dependabot dependabot Bot deleted the dependabot/pip/production-69cd6b7161 branch July 5, 2026 22:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants