Skip to content

dependabot(pip)(deps): bump the pip-minor-patch group in /backend with 21 updates#19

Merged
alexops-dev merged 2 commits into
mainfrom
dependabot/pip/backend/pip-minor-patch-68245f2120
Jul 2, 2026
Merged

dependabot(pip)(deps): bump the pip-minor-patch group in /backend with 21 updates#19
alexops-dev merged 2 commits into
mainfrom
dependabot/pip/backend/pip-minor-patch-68245f2120

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps the pip-minor-patch group in /backend with 21 updates:

Package From To
alembic 1.13.3 1.18.4
anyio 4.5.0 4.14.1
blinker 1.8.2 1.9.0
click 8.1.7 8.4.2
exceptiongroup 1.2.2 1.3.1
fastapi 0.115.0 0.138.0
httpcore 1.0.6 1.0.9
httpx 0.27.2 0.28.1
idna 3.10 3.18
iniconfig 2.0.0 2.3.0
mako 1.3.5 1.3.12
pluggy 1.5.0 1.6.0
psycopg2-binary 2.9.9 2.9.12
pydantic 2.9.2 2.13.4
pydantic-core 2.23.4 2.47.0
python-dotenv 1.0.1 1.2.2
sqlalchemy 2.0.35 2.0.51
tomli 2.0.2 2.4.1
typing-extensions 4.12.2 4.15.0
uvicorn 0.31.1 0.49.0
werkzeug 3.1.6 3.1.8

Updates alembic from 1.13.3 to 1.18.4

Release notes

Sourced from alembic's releases.

1.18.4

Released: February 10, 2026

bug

  • [bug] [operations] Reverted the behavior of Operations.add_column() that would automatically render the "PRIMARY KEY" keyword inline when a Column with primary_key=True is added. The automatic behavior, added in version 1.18.2, is now opt-in via the new Operations.add_column.inline_primary_key parameter. This change restores the ability to render a PostgreSQL SERIAL column, which is required to be primary_key=True, while not impacting the ability to render a separate primary key constraint. This also provides consistency with the Operations.add_column.inline_references parameter and gives users explicit control over SQL generation.

    To render PRIMARY KEY inline, use the Operations.add_column.inline_primary_key parameter set to True:

    op.add_column( "my_table", Column("id", Integer, primary_key=True), inline_primary_key=True )References: #1232

1.18.3

Released: January 29, 2026

bug

  • [bug] [autogenerate] Fixed regression in version 1.18.0 due to #1771 where autogenerate would raise NoReferencedTableError when a foreign key constraint referenced a table that was not part of the initial table load, including tables filtered out by the EnvironmentContext.configure.include_name callable or tables in remote schemas that were not included in the initial reflection run.

    The change in #1771 was a performance optimization that eliminated additional reflection queries for tables that were only referenced by foreign keys but not explicitly included in the main reflection run. However, this optimization inadvertently removed the creation of Table objects for these referenced tables, causing autogenerate to fail when processing foreign key constraints that pointed to them.

    The fix creates placeholder Table objects for foreign key targets

... (truncated)

Commits

Updates anyio from 4.5.0 to 4.14.1

Release notes

Sourced from anyio's releases.

4.14.1

  • Fixed teardown of higher-scoped async fixtures failing on asyncio with RuntimeError: Attempted to exit cancel scope in a different task than it was entered in when an async test raise an outcome exception (e.g., pytest.skip(), pytest.xfail(), or pytest.fail()) (#1179; PR by @​EmmanuelNiyonshuti)
  • Fixed CapacityLimiter.total_tokens rejecting a value of 0 when the limiter was instantiated outside of an event loop, contradicting the documented behavior of allowing 0 total tokens (#1183; PR by @​nyxst4ck)

4.14.0

  • Added support for Python 3.15

  • Added an asynchronous implementation of the itertools module (#998; PR by @​11kkw)

  • Added the local_port parameter to connect_tcp() to allow binding to a specific local port before connecting (#1067; PR by @​nullwiz)

  • Added support for custom capacity limiters in async path and file I/O functions and classes

  • Added the create_task() task group method for easier asyncio migration (returns a TaskHandle) (#1098)

  • Changed TaskGroup.start_soon() to return a TaskHandle

  • Added an option for TaskGroup.start() to return a TaskHandle (which then contains the start value in the start_value property)

  • Added the cancel() convenience method to TaskGroup as a shortcut for cancelling the task group's cancel scope

  • Improved the error message when a known backend is not installed to suggest the install command (#1115; PR by @​EmmanuelNiyonshuti)

  • Improved anyio.Path to preserve subclass types by returning Self in methods that return path objects (#1130; PR by @​EmmanuelNiyonshuti)

  • Changed the parameter type annotation in anyio.Path.write_bytes() to accept any ReadableBuffer, thus allowing it to accept bytearray and memoryview to match pathlib.Path.write_bytes() (#1135; PR by @​SAY-5)

  • Changed several type annotations to only accept callables returning coroutine-like objects instead of arbitrary awaitables:

    • TaskGroup.start_soon()
    • TaskGroup.start()
    • anyio.from_thread.run()

    This reverts an earlier change from v3.7.0 which was made in error. (#1153)

  • Changed anyio.run to support callables returning arbitrary awaitables at runtime on all backends. Previously, this only worked on asyncio (#1171; PR by @​gschaffner)

  • Changed several classes (and their subclasses) to have __slots__ (with __weakref__):

    • anyio.CancelScope
    • anyio.CapacityLimiter
    • anyio.Condition
    • anyio.Event
    • anyio.Lock
    • anyio.ResourceGuard
    • anyio.Semaphore
  • Fixed cancellation exception escaping a cancel scope when triggered via check_cancelled() in a worker thread (#1113)

  • Fixed TaskGroup raising AttributeError instead of a clear error when entered more than once (#1109; PR by @​bahtya)

... (truncated)

Commits
  • 149b9e9 Bumped up the version
  • 377518c Bump actions/checkout from 6 to 7 in the github-actions group (#1186)
  • b42a2f5 [pre-commit.ci] pre-commit autoupdate (#1185)
  • 3ceb6ff Allow 0 tokens in a CapacityLimiter instantiated outside an event loop (#1183)
  • e10d1db Add missing await to open_file() in file I/O concurrency example (#1182)
  • 1dbc3b6 OutcomeException should not discard test runner_task (#1180)
  • ffe9133 Bumped up the version
  • f8b9f01 Fixed asyncio lock waiter deadlocks after cancellation (#1145)
  • d517ee1 [pre-commit.ci] pre-commit autoupdate (#1176)
  • 550b68e Make anyio.run support Awaitable at runtime on all backends (#1171)
  • Additional commits viewable in compare view

Updates blinker from 1.8.2 to 1.9.0

Release notes

Sourced from blinker's releases.

1.9.0

This is the Blinker 1.9.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/blinker/1.9.0/ Changes: https://blinker.readthedocs.io/en/stable/#version-1-9-0 Milestone: https://github.com/pallets-eco/blinker/milestone/1?closed=1

  • Drop support for Python 3.8. #175
  • Remove previously deprecated __version__, receiver_connected, Signal.temporarily_connected_to and WeakNamespace. #172
  • Skip weakref signal cleanup if the interpreter is shutting down. #173
Changelog

Sourced from blinker's changelog.

Version 1.9.0

Released 2024-11-08

  • Drop support for Python 3.8. :pr:175
  • Remove previously deprecated __version__, receiver_connected, Signal.temporarily_connected_to and WeakNamespace. :pr:172
  • Skip weakref signal cleanup if the interpreter is shutting down. :issue:173
Commits
  • 669f3a0 release version 1.9.0
  • cfe116f try disabling attestions on test pypi
  • 16e4bd7 Merge pull request #174 from projectgus/bugfix/weakref_disconnect_shutdown
  • 42561fd Fix "Exception ignored" in weakref callback during interpreter shutdown.
  • dcce3e9 Merge pull request #175 from pallets-eco/drop-python3.8
  • efa95ea drop support for python 3.8
  • 8230518 update dev dependencies
  • 94f1202 update dev dependencies
  • 8c983ec remove previously deprecated code (#172)
  • f5915f3 set up pre-commit lite workflow
  • Additional commits viewable in compare view

Updates click from 8.1.7 to 8.4.2

Release notes

Sourced from click's releases.

8.4.2

This is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.4.2/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-2 Milestone: https://github.com/pallets/click/milestone/34

  • Fix Fish shell completion broken in 8.4.0 by #3126. Newlines and tabs in option help text are now escaped, keeping the original completion format while still supporting multi-line help. #3502 #3043 #3504 #3508
  • Deprecated commands and options with empty or missing help text no longer render a stray leading space before the (DEPRECATED) label. #3509
  • A {class}Group with invoke_without_command=True marks its subcommand as optional in the usage help, showing [COMMAND] instead of COMMAND. #3059 #3507
  • echo_via_pager flushes after each write, so passing a generator streams output to the pager incrementally instead of staying hidden until the pipe buffer fills. #3242 #2542 #3534
  • echo_via_pager and get_pager_file no longer close a borrowed stdout stream when no external pager runs, completing the partial I/O operation on closed file fix from #3482. #3449 #3533
  • Fix CLI usage symopsis for optional arguments producing double square brackets [[a|b|c]]... whose type already brackets their metavar. #3578
  • {func}version_option resolves a package_name that does not match an installed distribution as an import (top-level module) name via {func}importlib.metadata.packages_distributions. Packages whose top-level module name differs from their distribution name (PIL vs Pillow, jwt vs PyJWT) no longer raise RuntimeError out of the box. #2331 #1884 #3125 #3582

8.4.1

This is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.4.1/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-1 Milestone: https://github.com/pallets/click/milestone/32

  • get_parameter_source() is available during eager callbacks and type conversion again. #3458 #3484
  • Zsh completion scripts parse correctly on Windows. #3277 # 3466
  • Shell completion of Choice Enum values produces a valid completion result. #3015
  • Fix empty byte-string handling in echo. #3487
  • Fix closed file error with echo_via_pager. #3449

8.4.0

This is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.

We encourage everyone to upgrade. You can read more about our [Version Support Policy][version] on our website.

... (truncated)

Changelog

Sourced from click's changelog.

Version 8.4.2

Released 2026-06-24

  • Fix Fish shell completion broken in 8.4.0 by {pr}3126. Newlines and tabs in option help text are now escaped, keeping the original completion format while still supporting multi-line help. {issue}3502 {issue}3043 {pr}3504 {pr}3508
  • Deprecated commands and options with empty or missing help text no longer render a stray leading space before the (DEPRECATED) label. {pr}3509
  • A {class}Group with invoke_without_command=True marks its subcommand as optional in the usage help, showing [COMMAND] instead of COMMAND. {issue}3059 {pr}3507
  • echo_via_pager flushes after each write, so passing a generator streams output to the pager incrementally instead of staying hidden until the pipe buffer fills. {issue}3242 {issue}2542 {pr}3534
  • echo_via_pager and get_pager_file no longer close a borrowed stdout stream when no external pager runs, completing the partial I/O operation on closed file fix from {pr}3482. {issue}3449 {pr}3533
  • Fix CLI usage symopsis for optional arguments producing double square brackets [[a|b|c]]... whose type already brackets their metavar. {pr}3578
  • {func}version_option resolves a package_name that does not match an installed distribution as an import (top-level module) name via {func}importlib.metadata.packages_distributions. Packages whose top-level module name differs from their distribution name (PIL vs Pillow, jwt vs PyJWT) no longer raise RuntimeError out of the box. {issue}2331 {issue}1884 {issue}3125 {pr}3582

Version 8.4.1

Released 2026-05-21

  • get_parameter_source() is available during eager callbacks and type conversion again. {issue}3458 {pr}3484
  • Zsh completion scripts parse correctly on Windows. {issue}3277 {pr}3466
  • Shell completion of Enum values used as Choice options produces a valid completion result. {issue}3015 {pr}3471
  • Fix empty byte-string handling in echo. {issue}3487 {pr}3493
  • Fix closed file error with echo_via_pager. {issue}3449 {pr}3482
  • Fix open_url on Windows when the file path contains spaces. {issue}2994 {pr}3478

Version 8.4.0

Released 2026-05-17

  • {class}ParamType typing improvements. {pr}3371

    • {class}ParamType is now a generic abstract base class,

... (truncated)

Commits
  • b2e30a1 Release version 8.4.2
  • 7a16b20 Fix package_name resolution when module differs from distribution name (#3582)
  • bec5928 Fix package_name resolution when top-level module differs from distribution...
  • 916883a Fix tests to not rely on -Wdefault option (#3591)
  • 09195f6 Fix double-bracketing of choices in synopsis (#3578)
  • 1557e26 Check for warning exception with idiomatic context manager
  • d9ff133 Static typing improvements in click.shell_completion (#3460)
  • 762c97e Fix double-bracketing of choices in synopsis
  • 8929d39 Convert changes to markdown. (#3559)
  • 237be50 Move changes headings down a level.
  • Additional commits viewable in compare view

Updates exceptiongroup from 1.2.2 to 1.3.1

Release notes

Sourced from exceptiongroup's releases.

1.3.1

  • Fixed AttributeError: 'TracebackException' object has no attribute 'exceptions' when formatting unpickled TBEs from another Python process which did not apply the exceptiongroup patches (#144)

1.3.0

  • Added **kwargs to function and method signatures as appropriate to match the signatures in the standard library
  • In line with the stdlib typings in typeshed, updated (Base)ExceptionGroup generic types to define defaults for their generic arguments (defaulting to BaseExceptionGroup[BaseException] and ExceptionGroup[Exception]) (PR by @​mikenerone)
  • Changed BaseExceptionGroup.__init__() to directly call BaseException.__init__() instead of the superclass __init__() in order to emulate the CPython behavior (broken or not) (PR by @​cfbolz)
  • Changed the exceptions attribute to always return the same tuple of exceptions, created from the original exceptions sequence passed to BaseExceptionGroup to match CPython behavior (#143)
Changelog

Sourced from exceptiongroup's changelog.

Version history

This library adheres to Semantic Versioning 2.0 <http://semver.org/>_.

UNRELEASED

  • Fixed the repr() of exception groups being affected by mutation of the original exception sequence after construction ([#154](https://github.com/agronholm/exceptiongroup/issues/154) <https://github.com/agronholm/exceptiongroup/issues/154>_)

1.3.1

  • Fixed AttributeError: 'TracebackException' object has no attribute 'exceptions' when formatting unpickled TBEs from another Python process which did not apply the exceptiongroup patches ([#144](https://github.com/agronholm/exceptiongroup/issues/144) <https://github.com/agronholm/exceptiongroup/issues/144>_)

1.3.0

  • Added **kwargs to function and method signatures as appropriate to match the signatures in the standard library
  • In line with the stdlib typings in typeshed, updated (Base)ExceptionGroup generic types to define defaults for their generic arguments (defaulting to BaseExceptionGroup[BaseException] and ExceptionGroup[Exception]) (PR by @​mikenerone)
  • Changed BaseExceptionGroup.__init__() to directly call BaseException.__init__() instead of the superclass __init__() in order to emulate the CPython behavior (broken or not) (PR by @​cfbolz)
  • Changed the exceptions attribute to always return the same tuple of exceptions, created from the original exceptions sequence passed to BaseExceptionGroup to match CPython behavior ([#143](https://github.com/agronholm/exceptiongroup/issues/143) <https://github.com/agronholm/exceptiongroup/issues/143>_)

1.2.2

  • Removed an assert in exceptiongroup._formatting that caused compatibility issues with Sentry ([#123](https://github.com/agronholm/exceptiongroup/issues/123) <https://github.com/agronholm/exceptiongroup/issues/123>_)

1.2.1

  • Updated the copying of __notes__ to match CPython behavior (PR by CF Bolz-Tereick)
  • Corrected the type annotation of the exception handler callback to accept a BaseExceptionGroup instead of BaseException
  • Fixed type errors on Python < 3.10 and the type annotation of suppress() (PR by John Litborn)

1.2.0

  • Added special monkeypatching if Apport <https://github.com/canonical/apport>_ has

... (truncated)

Commits
  • ddddb6f Added the release version
  • 49c5e60 Fixed AttributeError when formatting unpickled TBEs from an unpatched process
  • 1be517f [pre-commit.ci] pre-commit autoupdate (#152)
  • af0ea2f [pre-commit.ci] pre-commit autoupdate (#149)
  • 7c980a8 Removed pin on pyright version
  • ef85336 Fixed typing job not finding Python 3.14
  • 080b3f4 Pinned pyright version to fix typeshed related failure
  • ac66090 Added Python 3.14 to the test matrix
  • a0da94d Fixed test failures on Python 3.14
  • 77fba8a Added the release version
  • Additional commits viewable in compare view

Updates fastapi from 0.115.0 to 0.138.0

Release notes

Sourced from fastapi's releases.

0.138.0

Features

  • ✨ Add support for app.frontend("/", directory="dist") and router.frontend("/", directory="dist"). PR #15800 by @​tiangolo.

Docs

Translations

Internal

0.137.2

Features

  • ✨ Add iter_route_contexts() for advanced use cases that used to use router.routes (e.g. Jupyverse). PR #15785 by @​tiangolo.

Translations

Internal

... (truncated)

Commits

Updates httpcore from 1.0.6 to 1.0.9

Release notes

Sourced from httpcore's releases.

Version 1.0.9 (April 24th, 2025)

Version 1.0.8 (April 11th, 2025)

  • Fix AttributeError when importing on Python 3.14. (#1005)

Version 1.0.7 (November 15th, 2024)

  • Support proxy=… configuration on ConnectionPool(). (#974)
Changelog

Sourced from httpcore's changelog.

Version 1.0.9 (April 24th, 2025)

Version 1.0.8 (April 11th, 2025)

  • Fix AttributeError when importing on Python 3.14. (#1005)

Version 1.0.7 (November 15th, 2024)

  • Support proxy=… configuration on ConnectionPool(). (#974)
Commits

Updates httpx from 0.27.2 to 0.28.1

Release notes

Sourced from httpx's releases.

Version 0.28.1

0.28.1 (6th December, 2024)

  • Fix SSL case where verify=False together with client side certificates.

Version 0.28.0

0.28.0 (28th November, 2024)

The 0.28 release includes a limited set of deprecations.

Deprecations:

We are working towards a simplified SSL configuration API.

For users of the standard verify=True or verify=False cases, or verify=<ssl_context> case this should require no changes. The following cases have been deprecated...

  • The verify argument as a string argument is now deprecated and will raise warnings.
  • The cert argument is now deprecated and will raise warnings.

Our revised SSL documentation covers how to implement the same behaviour with a more constrained API.

The following changes are also included:

  • The deprecated proxies argument has now been removed.
  • The deprecated app argument has now been removed.
  • JSON request bodies use a compact representation. (#3363)
  • Review URL percent escape sets, based on WHATWG spec. (#3371, #3373)
  • Ensure certifi and httpcore are only imported if required. (#3377)
  • Treat socks5h as a valid proxy scheme. (#3178)
  • Cleanup Request() method signature in line with client.request() and httpx.request(). (#3378)
  • Bugfix: When passing params={}, always strictly update rather than merge with an existing querystring. (#3364)
Changelog

Sourced from httpx's changelog.

0.28.1 (6th December, 2024)

  • Fix SSL case where verify=False together with client side certificates.

0.28.0 (28th November, 2024)

Be aware that the default JSON request bodies now use a more compact representation. This is generally considered a prefered style, tho may require updates to test suites.

The 0.28 release includes a limited set of deprecations...

Deprecations:

We are working towards a simplified SSL configuration API.

For users of the standard verify=True or verify=False cases, or verify=<ssl_context> case this should require no changes. The following cases have been deprecated...

  • The verify argument as a string argument is now deprecated and will raise warnings.
  • The cert argument is now deprecated and will raise warnings.

Our revised SSL documentation covers how to implement the same behaviour with a more constrained API.

The following changes are also included:

  • The deprecated proxies argument has now been removed.
  • The deprecated app argument has now been removed.
  • JSON request bodies use a compact representation. (#3363)
  • Review URL percent escape sets, based on WHATWG spec. (#3371, #3373)
  • Ensure certifi and httpcore are only imported if required. (#3377)
  • Treat socks5h as a valid proxy scheme. (#3178)
  • Cleanup Request() method signature in line with client.request() and httpx.request(). (#3378)
  • Bugfix: When passing params={}, always strictly update rather than merge with an existing querystring. (#3364)
Commits

Updates idna from 3.10 to 3.18

Changelog

Sourced from idna's changelog.

3.18 (2026-06-02)

  • When decoding a domain, add a display argument that will pass through invalid labels rather than raising an exception.

3.17 (2026-05-28)

  • Substantial 75% reduction in memory usage through new data structures and some optimization in processing speed.
  • Added a general 1024-character input length cap to the public validation, conversion, and codec entry points. This is well above any legitimate domain or label and guards against pathological inputs.

3.16 (2026-05-22)

  • Add a command-line interface (python -m idna, also available as the idna script). Encodes or decodes one or more domains supplied as arguments or on standard input, with options to select A-label or U-label output and control error handling.
  • Raise the minimum supported Python version to 3.9
  • Various code quality improvements

3.15 (2026-05-12)

  • Enforce DNS-length cap on individual labels early in check_label, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.
  • Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared _unicode_dots_re from idna.core in the codec module.
  • Use raise ... from err for proper exception chaining and switch internal string formatting to f-strings.
  • Allow flit_core 4.x in the build backend.
  • Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.
  • Add Dependabot configuration for GitHub Actions.
  • Convert README and HISTORY from reStructuredText to Markdown.
  • Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.

Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.

3.14 (2026-05-10)

  • Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass

... (truncated)

Commits
  • f39ea90 Release 3.18
  • 40f4e40 Pre-release 3.18rc0
  • 1a5bf80 Merge pull request #253 from kjd/lenient-decode
  • 5bbb26f Merge branch 'master' into lenient-decode
  • c532bae Rename decode() lenient= option to display= (issue #248)
  • 0b1758b Merge pull request #252 from kjd/release-3.17
  • f48619c Release 3.17
  • 7421ba8 Pre-release 3.17rc0
  • 22ebb73 Merge pull request #251 from kjd/structure-optimizations
  • 2a7ac0a Drop redundant parallel-arrays comment from uts46data
  • Additional commits viewable in compare view

Updates iniconfig from 2.0.0 to 2.3.0

Release notes

Sourced from iniconfig's releases.

Version 2.3.0

What's Changed

Full Changelog: pytest-dev/iniconfig@v2.2.0...v2.3.0

Version 2.2.0

No release notes provided.

v2.1.0

What's Changed

New Contributors

Full Changelog: pytest-dev/iniconfig@v2.0.0...v2.1.0

Changelog

Sourced from iniconfig's changelog.

2.3.0

  • add IniConfig.parse() classmethod with strip_inline_comments parameter (fixes #55)
    • by default (strip_inline_comments=True), inline comments are properly stripped from values
    • set strip_inline_comments=False to preserve old behavior if needed
  • IniConfig() constructor maintains backward compatibility (does not strip inline comments)
  • users should migrate to IniConfig.parse() for correct comment handling
  • add strip_section_whitespace parameter to IniConfig.parse() (regarding #4)
    • opt-in parameter to strip Unicode whitespace from section names
    • when True, strips Unicode whitespace (U+00A0, U+2000, U+3000, etc.) from section names
    • when False (default), preserves existing behavior for backward compatibility
  • clarify Unicode whitespace handling (regarding #4)
    • since iniconfig 2.0.0 (Python 3 only), all strings are Unicode by default
    • Python 3's str.strip() has handled Unicode whitespace since Python 3.0 (2008)
    • iniconfig automatically benefits from this in all supported versions (Python >= 3.10)
    • key names and values have Unicode whitespace properly stripped using Python's built-in methods

2.2.0

  • drop Python 3.8 and 3.9 support (now requires Python >= 3.10)
  • add Python 3.14 classifier
  • migrate from hatchling to setuptools 77 with setuptools_scm
  • adopt PEP 639 license specifiers and PEP 740 build attestations
  • migrate from black + pyupgrade to ruff
  • migrate CI to uv and unified test workflow
  • automate GitHub releases and PyPI publishing via Trusted Publishing
  • include tests in sdist
  • modernize code for Python 3.10+ (remove future annotations, TYPE_CHECKING guards)
  • rename _ParsedLine to ParsedLine

2.1.0

  • fix artifact building - pin minimal version of hatch
  • drop eol python 3.8
  • add python 3.12 and 3.13
Commits

Bumps the pip-minor-patch group in /backend with 21 updates:

| Package | From | To |
| --- | --- | --- |
| [alembic](https://github.com/sqlalchemy/alembic) | `1.13.3` | `1.18.4` |
| [anyio](https://github.com/agronholm/anyio) | `4.5.0` | `4.14.1` |
| [blinker](https://github.com/pallets-eco/blinker) | `1.8.2` | `1.9.0` |
| [click](https://github.com/pallets/click) | `8.1.7` | `8.4.2` |
| [exceptiongroup](https://github.com/agronholm/exceptiongroup) | `1.2.2` | `1.3.1` |
| [fastapi](https://github.com/fastapi/fastapi) | `0.115.0` | `0.138.0` |
| [httpcore](https://github.com/encode/httpcore) | `1.0.6` | `1.0.9` |
| [httpx](https://github.com/encode/httpx) | `0.27.2` | `0.28.1` |
| [idna](https://github.com/kjd/idna) | `3.10` | `3.18` |
| [iniconfig](https://github.com/pytest-dev/iniconfig) | `2.0.0` | `2.3.0` |
| [mako](https://github.com/sqlalchemy/mako) | `1.3.5` | `1.3.12` |
| [pluggy](https://github.com/pytest-dev/pluggy) | `1.5.0` | `1.6.0` |
| [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.9` | `2.9.12` |
| [pydantic](https://github.com/pydantic/pydantic) | `2.9.2` | `2.13.4` |
| [pydantic-core](https://github.com/pydantic/pydantic) | `2.23.4` | `2.47.0` |
| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |
| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.35` | `2.0.51` |
| [tomli](https://github.com/hukkin/tomli) | `2.0.2` | `2.4.1` |
| [typing-extensions](https://github.com/python/typing_extensions) | `4.12.2` | `4.15.0` |
| [uvicorn](https://github.com/Kludex/uvicorn) | `0.31.1` | `0.49.0` |
| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.6` | `3.1.8` |


Updates `alembic` from 1.13.3 to 1.18.4
- [Release notes](https://github.com/sqlalchemy/alembic/releases)
- [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES)
- [Commits](https://github.com/sqlalchemy/alembic/commits)

Updates `anyio` from 4.5.0 to 4.14.1
- [Release notes](https://github.com/agronholm/anyio/releases)
- [Commits](agronholm/anyio@4.5.0...4.14.1)

Updates `blinker` from 1.8.2 to 1.9.0
- [Release notes](https://github.com/pallets-eco/blinker/releases)
- [Changelog](https://github.com/pallets-eco/blinker/blob/main/CHANGES.rst)
- [Commits](pallets-eco/blinker@1.8.2...1.9.0)

Updates `click` from 8.1.7 to 8.4.2
- [Release notes](https://github.com/pallets/click/releases)
- [Changelog](https://github.com/pallets/click/blob/main/CHANGES.md)
- [Commits](pallets/click@8.1.7...8.4.2)

Updates `exceptiongroup` from 1.2.2 to 1.3.1
- [Release notes](https://github.com/agronholm/exceptiongroup/releases)
- [Changelog](https://github.com/agronholm/exceptiongroup/blob/main/CHANGES.rst)
- [Commits](agronholm/exceptiongroup@1.2.2...1.3.1)

Updates `fastapi` from 0.115.0 to 0.138.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.115.0...0.138.0)

Updates `httpcore` from 1.0.6 to 1.0.9
- [Release notes](https://github.com/encode/httpcore/releases)
- [Changelog](https://github.com/encode/httpcore/blob/master/CHANGELOG.md)
- [Commits](encode/httpcore@1.0.6...1.0.9)

Updates `httpx` from 0.27.2 to 0.28.1
- [Release notes](https://github.com/encode/httpx/releases)
- [Changelog](https://github.com/encode/httpx/blob/master/CHANGELOG.md)
- [Commits](encode/httpx@0.27.2...0.28.1)

Updates `idna` from 3.10 to 3.18
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md)
- [Commits](kjd/idna@v3.10...v3.18)

Updates `iniconfig` from 2.0.0 to 2.3.0
- [Release notes](https://github.com/pytest-dev/iniconfig/releases)
- [Changelog](https://github.com/pytest-dev/iniconfig/blob/main/CHANGELOG)
- [Commits](pytest-dev/iniconfig@v2.0.0...v2.3.0)

Updates `mako` from 1.3.5 to 1.3.12
- [Release notes](https://github.com/sqlalchemy/mako/releases)
- [Changelog](https://github.com/sqlalchemy/mako/blob/main/CHANGES)
- [Commits](https://github.com/sqlalchemy/mako/commits)

Updates `pluggy` from 1.5.0 to 1.6.0
- [Changelog](https://github.com/pytest-dev/pluggy/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pluggy@1.5.0...1.6.0)

Updates `psycopg2-binary` from 2.9.9 to 2.9.12
- [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS)
- [Commits](psycopg/psycopg2@2.9.9...2.9.12)

Updates `pydantic` from 2.9.2 to 2.13.4
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v2.9.2...v2.13.4)

Updates `pydantic-core` from 2.23.4 to 2.47.0
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/commits)

Updates `python-dotenv` from 1.0.1 to 1.2.2
- [Release notes](https://github.com/theskumar/python-dotenv/releases)
- [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md)
- [Commits](theskumar/python-dotenv@v1.0.1...v1.2.2)

Updates `sqlalchemy` from 2.0.35 to 2.0.51
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

Updates `tomli` from 2.0.2 to 2.4.1
- [Changelog](https://github.com/hukkin/tomli/blob/master/CHANGELOG.md)
- [Commits](hukkin/tomli@2.0.2...2.4.1)

Updates `typing-extensions` from 4.12.2 to 4.15.0
- [Release notes](https://github.com/python/typing_extensions/releases)
- [Changelog](https://github.com/python/typing_extensions/blob/main/CHANGELOG.md)
- [Commits](python/typing_extensions@4.12.2...4.15.0)

Updates `uvicorn` from 0.31.1 to 0.49.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.31.1...0.49.0)

Updates `werkzeug` from 3.1.6 to 3.1.8
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@3.1.6...3.1.8)

---
updated-dependencies:
- dependency-name: alembic
  dependency-version: 1.18.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-minor-patch
- dependency-name: anyio
  dependency-version: 4.14.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-minor-patch
- dependency-name: blinker
  dependency-version: 1.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-minor-patch
- dependency-name: click
  dependency-version: 8.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-minor-patch
- dependency-name: exceptiongroup
  dependency-version: 1.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-minor-patch
- dependency-name: fastapi
  dependency-version: 0.138.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-minor-patch
- dependency-name: httpcore
  dependency-version: 1.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip-minor-patch
- dependency-name: httpx
  dependency-version: 0.28.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-minor-patch
- dependency-name: idna
  dependency-version: '3.18'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-minor-patch
- dependency-name: iniconfig
  dependency-version: 2.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-minor-patch
- dependency-name: mako
  dependency-version: 1.3.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip-minor-patch
- dependency-name: pluggy
  dependency-version: 1.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-minor-patch
- dependency-name: psycopg2-binary
  dependency-version: 2.9.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip-minor-patch
- dependency-name: pydantic
  dependency-version: 2.13.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-minor-patch
- dependency-name: pydantic-core
  dependency-version: 2.47.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-minor-patch
- dependency-name: python-dotenv
  dependency-version: 1.2.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-minor-patch
- dependency-name: sqlalchemy
  dependency-version: 2.0.51
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip-minor-patch
- dependency-name: tomli
  dependency-version: 2.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-minor-patch
- dependency-name: typing-extensions
  dependency-version: 4.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-minor-patch
- dependency-name: uvicorn
  dependency-version: 0.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-minor-patch
- dependency-name: werkzeug
  dependency-version: 3.1.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: backend, pip. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 2, 2026
@alexops-dev alexops-dev merged commit e11ba4c into main Jul 2, 2026
@dependabot dependabot Bot deleted the dependabot/pip/backend/pip-minor-patch-68245f2120 branch July 2, 2026 12:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant