Skip to content

build(deps-dev): bump the safe group across 1 directory with 5 updates#333

Open
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/uv/dev/safe-cdec3d9fc3
Open

build(deps-dev): bump the safe group across 1 directory with 5 updates#333
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/uv/dev/safe-cdec3d9fc3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 2, 2026

Bumps the safe group with 5 updates in the / directory:

Package From To
hatch 1.16.5 1.17.0
pyright 1.1.409 1.1.410
ruff 0.15.13 0.15.15
fastapi 0.136.1 0.136.3
pytest-asyncio 1.3.0 1.4.0

Updates hatch from 1.16.5 to 1.17.0

Release notes

Sourced from hatch's releases.

Hatchling v1.17.0

Added:

  • The app build target now embeds the project version in the name of binaries

Hatch v1.17.0

Changed:

  • The hatch fmt command is now deprecated in favor of the new hatch check command group
  • Migrate HTTP client from httpx to httpx2

Added:

  • Add hatch check command group with subcommands for check code (linting), check fmt (formatting), and check types (type checking)
  • Add hatch check types command for type checking using Pyrefly, with --summarize and --cover flags
  • Add hatch env lock command to generate PEP 751 compliant lockfiles (pylock.toml) for environments
  • Add hatch dep lock and hatch lock commands as shortcuts for locking the active environment
  • Add hatch dep sync command for syncing dependencies from a lockfile
  • Add pluggable dependency locker interface with built-in UV and pip implementations
  • Add --cover-xml and --cover-xml-output flags to the hatch test command for generating XML coverage reports
  • Add linehaul telemetry data to User-Agent header for PyPI download statistics
  • Auto-create environment when locking if it doesn't exist

Fixed:

  • Fix help output formatting for the run command
Commits

Updates pyright from 1.1.409 to 1.1.410

Commits

Updates ruff from 0.15.13 to 0.15.15

Release notes

Sourced from ruff's releases.

0.15.15

Release Notes

Released on 2026-05-28.

Preview features

  • Fix Markdown closing fence handling (#25310)
  • [pyflakes] Report duplicate imports in typing.TYPE_CHECKING block (F811) (#22560)

Bug fixes

  • [pyflakes] Treat function-scope bare annotations as locals per PEP 526 (F821) (#21540)

Performance

  • Avoid redundant TokenValue drops in the lexer (#25300)
  • Reduce memory usage by dropping token-excess capacity and improve performance by approximating the initial tokens Vec size (#25354)
  • Use ThinVec in AST to shrink Stmt (#25361)

Documentation

  • Fix line-length example for --config option (#25389)
  • [flake8-comprehensions] Document RecursionError edge case in __len__ (C416) (#25286)
  • [mccabe] Improve example (C901) (#25287)
  • [pyupgrade] Clarify fix safety docs (UP007, UP045) (#25288)
  • [refurb] Document FURB192 exception change for empty sequences (#25317)
  • [ruff] Document false negative for user-defined types (RUF013) (#25289)

Formatter

  • Fix formatting of lambdas nested within f-strings (#25398)

Server

  • Return code action for codeAction/resolve requests that contain no or no valid URL (#25365)

Other changes

  • Expand semantic syntax errors for invalid walruses (#25415)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.15

Released on 2026-05-28.

Preview features

  • Fix Markdown closing fence handling (#25310)
  • [pyflakes] Report duplicate imports in typing.TYPE_CHECKING block (F811) (#22560)

Bug fixes

  • [pyflakes] Treat function-scope bare annotations as locals per PEP 526 (F821) (#21540)

Performance

  • Avoid redundant TokenValue drops in the lexer (#25300)
  • Reduce memory usage by dropping token-excess capacity and improve performance by approximating the initial tokens Vec size (#25354)
  • Use ThinVec in AST to shrink Stmt (#25361)

Documentation

  • Fix line-length example for --config option (#25389)
  • [flake8-comprehensions] Document RecursionError edge case in __len__ (C416) (#25286)
  • [mccabe] Improve example (C901) (#25287)
  • [pyupgrade] Clarify fix safety docs (UP007, UP045) (#25288)
  • [refurb] Document FURB192 exception change for empty sequences (#25317)
  • [ruff] Document false negative for user-defined types (RUF013) (#25289)

Formatter

  • Fix formatting of lambdas nested within f-strings (#25398)

Server

  • Return code action for codeAction/resolve requests that contain no or no valid URL (#25365)

Other changes

  • Expand semantic syntax errors for invalid walruses (#25415)

Contributors

... (truncated)

Commits
  • db5aa0a Bump 0.15.15 (#25431)
  • 366fe21 [ty] Improve diagnostics for syntax errors in forward annotations (#25158)
  • e2e1e64 [ty] Remove excess capacity from more Salsa cached collections (#25411)
  • 1bd77e1 [ty] Use diagnostic message as tie breaker when sorting (#25424)
  • 7e1bc1e Add agent skills for working on ty (#25422)
  • 574e107 Expand semantic syntax errors for invalid walruses (#25415)
  • 4a7ca06 [ty] Display docs for matching parameter when hovering over the name of an ar...
  • 5432709 Refine a few agents instructions (#25423)
  • 3cb09eb [ty] Support typing.TypeForm (#25334)
  • c8cd59f [ty] Infer class attributes assigned by metaclass initialization (#25342)
  • Additional commits viewable in compare view

Updates fastapi from 0.136.1 to 0.136.3

Release notes

Sourced from fastapi's releases.

0.136.3

Refactors

  • ♻️ Do not accept underscore headers when using convert_underscores=True (the default). PR #15589 by @​tiangolo.

0.136.2

Refactors

  • ♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR #15588 by @​tiangolo.

Docs

Translations

Internal

... (truncated)

Commits
  • 8206485 🔖 Release version 0.136.3
  • c910e01 📝 Update release notes
  • 063b5bf ♻️ Do not accept underscore headers when using convert_underscores=True (th...
  • 22b02e2 🔖 Release version 0.136.2
  • 3b252a2 📝 Update release notes
  • c7fb785 ♻️ Validate Server Sent Event fields to avoid applications from sending broke...
  • cb83b83 📝 Update release notes
  • 00f805c ✅ Update tests, don't double dispose the engine (#15587)
  • 3675137 📝 Update release notes
  • 7b57e42 📝 Document --entrypoint CLI option (#15464)
  • Additional commits viewable in compare view

Updates pytest-asyncio from 1.3.0 to 1.4.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio v1.4.0

1.4.0 - 2026-05-26

Deprecated

  • Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

  • Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

    The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged.

    Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

  • Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
  • Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)
  • Updated minimum supported pytest version to v8.4.0. (#1397)

Fixed

  • Fixed a ResourceWarning: unclosed event loop warning that could occur when a synchronous test called asyncio.run() or otherwise unset the current event loop after pytest-asyncio had run an async test or fixture. (#724)

Notes for Downstream Packagers

  • Added dependency on sphinx-tabs >= 3.5 to organize documentation examples into tabs. (#1395)

pytest-asyncio v1.4.0a2

1.4.0a2 - 2026-05-02

Deprecated

  • Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

  • Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

    The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged on pytest 8.4+.

    Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

  • Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
  • Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)

... (truncated)

Commits
  • 6e14cd2 chore: Prepare release of v1.4.0.
  • 4b900fb Build(deps): Bump codecov/codecov-action from 6.0.0 to 6.0.1
  • ab9f632 Build(deps): Bump zipp from 3.23.1 to 4.1.0
  • a56fc77 Build(deps): Bump hypothesis from 6.152.6 to 6.152.8
  • e8bae9b Build(deps): Bump requests from 2.34.0 to 2.34.2
  • fc43340 Build(deps): Bump idna from 3.14 to 3.15
  • 762eaf5 Build(deps): Bump jaraco-functools from 4.4.0 to 4.5.0
  • b62e222 Build(deps): Bump click from 8.3.3 to 8.4.0
  • 9190447 Build(deps): Bump pydantic from 2.13.3 to 2.13.4
  • 82a393c ci: Remove unnecessary debug output.
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps-dev): bump the safe group across 1 directory with 5 updates
9b464a7 
Bumps the safe group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [hatch](https://github.com/pypa/hatch) | `1.16.5` | `1.17.0` |
| [pyright](https://github.com/RobertCraigie/pyright-python) | `1.1.409` | `1.1.410` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.13` | `0.15.15` |
| [fastapi](https://github.com/fastapi/fastapi) | `0.136.1` | `0.136.3` |
| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `1.3.0` | `1.4.0` |



Updates `hatch` from 1.16.5 to 1.17.0
- [Release notes](https://github.com/pypa/hatch/releases)
- [Commits](pypa/hatch@hatch-v1.16.5...hatch-v1.17.0)

Updates `pyright` from 1.1.409 to 1.1.410
- [Release notes](https://github.com/RobertCraigie/pyright-python/releases)
- [Commits](RobertCraigie/pyright-python@v1.1.409...v1.1.410)

Updates `ruff` from 0.15.13 to 0.15.15
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.13...0.15.15)

Updates `fastapi` from 0.136.1 to 0.136.3
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.136.1...0.136.3)

Updates `pytest-asyncio` from 1.3.0 to 1.4.0
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](pytest-dev/pytest-asyncio@v1.3.0...v1.4.0)

---
updated-dependencies:
- dependency-name: hatch
  dependency-version: 1.17.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: safe
- dependency-name: pyright
  dependency-version: 1.1.410
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: safe
- dependency-name: ruff
  dependency-version: 0.15.15
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: safe
- dependency-name: fastapi
  dependency-version: 0.136.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: safe
- dependency-name: pytest-asyncio
  dependency-version: 1.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: safe
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants