dependabot[bot]
f25ee43e68
chore(deps): bump urllib3 from 2.6.3 to 2.7.0 ( #2933 )
2026-05-12 07:58:53 +02:00
dependabot[bot]
3703339cdc
chore(deps-dev): bump pytest from 9.0.2 to 9.0.3 ( #2902 )
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-14 09:03:58 +02:00
Marcelo Trylesinski
12b823eb8a
Bump locked dependencies ( #2894 )
2026-04-08 09:35:01 +00:00
dependabot[bot]
84fd578224
chore(deps): bump pygments from 2.19.2 to 2.20.0 ( #2877 )
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-31 09:44:16 -04:00
dependabot[bot]
28efbb24bd
chore(deps-dev): bump cryptography from 46.0.5 to 46.0.6 ( #2873 )
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 46.0.5
to 46.0.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst ">cryptography's
changelog</a>.</em></p>
<blockquote>
<p>46.0.6 - 2026-03-25</p>
<pre><code>
* **SECURITY ISSUE**: Fixed a bug where name constraints were not
applied
to peer names during verification when the leaf certificate contains a
wildcard DNS SAN. Ordinary X.509 topologies are not affected by this
bug,
including those used by the Web PKI. Credit to **Oleh Konko (1seal)**
for
reporting the issue. **CVE-2026-34073**
<p>.. _v46-0-5:<br />
</code></pre></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="91d728897bhttps://redirect.github.com/pyca/cryptography/issues/14542 ">#14542</a>
(<a
href="https://redirect.github.com/pyca/cryptography/issues/14543 ">#14543</a>)</li>
<li>See full diff in <a
href="https://github.com/pyca/cryptography/compare/46.0.5...46.0.6 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/Kludex/uvicorn/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-28 11:03:41 +01:00
dependabot[bot]
c61f9d4ebd
chore(deps): bump requests from 2.32.5 to 2.33.0 ( #2871 )
...
Bumps [requests](https://github.com/psf/requests ) from 2.32.5 to 2.33.0.
- [Release notes](https://github.com/psf/requests/releases )
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md )
- [Commits](https://github.com/psf/requests/compare/v2.32.5...v2.33.0 )
---
updated-dependencies:
- dependency-name: requests
dependency-version: 2.33.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-27 08:42:53 +01:00
Marcelo Trylesinski
e300c2c75d
Add CodSpeed benchmark suite for HTTP protocol hot paths ( #2844 )
...
* Add CodSpeed benchmark suite for HTTP protocol hot paths
* Suppress mypy operator error on ASGI message body concatenation
* Use OIDC token and pin CodSpeed action to latest commit
2026-03-15 15:37:09 +00:00
dependabot[bot]
7ae2e6375a
chore(deps): bump the python-packages group with 18 updates ( #2801 )
...
* chore(deps): bump the python-packages group with 18 updates
Bumps the python-packages group with 18 updates:
| Package | From | To |
| --- | --- | --- |
| [click](https://github.com/pallets/click ) | `8.3.0` | `8.3.1` |
| [python-dotenv](https://github.com/theskumar/python-dotenv ) | `1.1.1` | `1.2.1` |
| [watchfiles](https://github.com/samuelcolvin/watchfiles ) | `1.1.0` | `1.1.1` |
| [websockets](https://github.com/python-websockets/websockets ) | `13.1` | `16.0` |
| [ruff](https://github.com/astral-sh/ruff ) | `0.11.9` | `0.14.14` |
| [pytest](https://github.com/pytest-dev/pytest ) | `8.3.5` | `9.0.2` |
| [pytest-mock](https://github.com/pytest-dev/pytest-mock ) | `3.14.0` | `3.15.1` |
| [pytest-xdist[psutil]](https://github.com/pytest-dev/pytest-xdist ) | `3.6.1` | `3.8.0` |
| [mypy](https://github.com/python/mypy ) | `1.15.0` | `1.19.1` |
| [types-pyyaml](https://github.com/typeshed-internal/stub_uploader ) | `6.0.12.20250402` | `6.0.12.20250915` |
| [cryptography](https://github.com/pyca/cryptography ) | `46.0.3` | `46.0.4` |
| [coverage](https://github.com/coveragepy/coveragepy ) | `7.8.0` | `7.13.2` |
| [twine](https://github.com/pypa/twine ) | `6.1.0` | `6.2.0` |
| [a2wsgi](https://github.com/abersheeran/a2wsgi ) | `1.10.8` | `1.10.10` |
| [wsproto](https://github.com/python-hyper/wsproto ) | `1.2.0` | `1.3.2` |
| [mkdocs-material](https://github.com/squidfunk/mkdocs-material ) | `9.6.21` | `9.7.1` |
| [mkdocstrings-python](https://github.com/mkdocstrings/python ) | `1.18.2` | `2.0.1` |
| [mkdocs-llmstxt](https://github.com/pawamoy/mkdocs-llmstxt ) | `0.4.0` | `0.5.0` |
Updates `click` from 8.3.0 to 8.3.1
- [Release notes](https://github.com/pallets/click/releases )
- [Changelog](https://github.com/pallets/click/blob/main/CHANGES.rst )
- [Commits](https://github.com/pallets/click/compare/8.3.0...8.3.1 )
Updates `python-dotenv` from 1.1.1 to 1.2.1
- [Release notes](https://github.com/theskumar/python-dotenv/releases )
- [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md )
- [Commits](https://github.com/theskumar/python-dotenv/compare/v1.1.1...v1.2.1 )
Updates `watchfiles` from 1.1.0 to 1.1.1
- [Release notes](https://github.com/samuelcolvin/watchfiles/releases )
- [Commits](https://github.com/samuelcolvin/watchfiles/compare/v1.1.0...v1.1.1 )
Updates `websockets` from 13.1 to 16.0
- [Release notes](https://github.com/python-websockets/websockets/releases )
- [Commits](https://github.com/python-websockets/websockets/compare/13.1...16.0 )
Updates `ruff` from 0.11.9 to 0.14.14
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/0.11.9...0.14.14 )
Updates `pytest` from 8.3.5 to 9.0.2
- [Release notes](https://github.com/pytest-dev/pytest/releases )
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pytest-dev/pytest/compare/8.3.5...9.0.2 )
Updates `pytest-mock` from 3.14.0 to 3.15.1
- [Release notes](https://github.com/pytest-dev/pytest-mock/releases )
- [Changelog](https://github.com/pytest-dev/pytest-mock/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pytest-dev/pytest-mock/compare/v3.14.0...v3.15.1 )
Updates `pytest-xdist[psutil]` from 3.6.1 to 3.8.0
- [Release notes](https://github.com/pytest-dev/pytest-xdist/releases )
- [Changelog](https://github.com/pytest-dev/pytest-xdist/blob/master/CHANGELOG.rst )
- [Commits](https://github.com/pytest-dev/pytest-xdist/compare/v3.6.1...v3.8.0 )
Updates `mypy` from 1.15.0 to 1.19.1
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md )
- [Commits](https://github.com/python/mypy/compare/v1.15.0...v1.19.1 )
Updates `types-pyyaml` from 6.0.12.20250402 to 6.0.12.20250915
- [Commits](https://github.com/typeshed-internal/stub_uploader/commits )
Updates `cryptography` from 46.0.3 to 46.0.4
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/46.0.3...46.0.4 )
Updates `coverage` from 7.8.0 to 7.13.2
- [Release notes](https://github.com/coveragepy/coveragepy/releases )
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst )
- [Commits](https://github.com/coveragepy/coveragepy/compare/7.8.0...7.13.2 )
Updates `twine` from 6.1.0 to 6.2.0
- [Release notes](https://github.com/pypa/twine/releases )
- [Changelog](https://github.com/pypa/twine/blob/main/docs/changelog.rst )
- [Commits](https://github.com/pypa/twine/compare/6.1.0...6.2.0 )
Updates `a2wsgi` from 1.10.8 to 1.10.10
- [Commits](https://github.com/abersheeran/a2wsgi/compare/v1.10.8...v1.10.10 )
Updates `wsproto` from 1.2.0 to 1.3.2
- [Changelog](https://github.com/python-hyper/wsproto/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/python-hyper/wsproto/compare/1.2.0...1.3.2 )
Updates `mkdocs-material` from 9.6.21 to 9.7.1
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases )
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG )
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.6.21...9.7.1 )
Updates `mkdocstrings-python` from 1.18.2 to 2.0.1
- [Release notes](https://github.com/mkdocstrings/python/releases )
- [Changelog](https://github.com/mkdocstrings/python/blob/main/CHANGELOG.md )
- [Commits](https://github.com/mkdocstrings/python/compare/1.18.2...2.0.1 )
Updates `mkdocs-llmstxt` from 0.4.0 to 0.5.0
- [Release notes](https://github.com/pawamoy/mkdocs-llmstxt/releases )
- [Changelog](https://github.com/pawamoy/mkdocs-llmstxt/blob/main/CHANGELOG.md )
- [Commits](https://github.com/pawamoy/mkdocs-llmstxt/compare/0.4.0...0.5.0 )
---
updated-dependencies:
- dependency-name: click
dependency-version: 8.3.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: python-packages
- dependency-name: python-dotenv
dependency-version: 1.2.1
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: python-packages
- dependency-name: watchfiles
dependency-version: 1.1.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: python-packages
- dependency-name: websockets
dependency-version: '16.0'
dependency-type: direct:development
update-type: version-update:semver-major
dependency-group: python-packages
- dependency-name: ruff
dependency-version: 0.14.14
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: python-packages
- dependency-name: pytest
dependency-version: 9.0.2
dependency-type: direct:development
update-type: version-update:semver-major
dependency-group: python-packages
- dependency-name: pytest-mock
dependency-version: 3.15.1
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: python-packages
- dependency-name: pytest-xdist[psutil]
dependency-version: 3.8.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: python-packages
- dependency-name: mypy
dependency-version: 1.19.1
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: python-packages
- dependency-name: types-pyyaml
dependency-version: 6.0.12.20250915
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: python-packages
- dependency-name: cryptography
dependency-version: 46.0.4
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: python-packages
- dependency-name: coverage
dependency-version: 7.13.2
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: python-packages
- dependency-name: twine
dependency-version: 6.2.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: python-packages
- dependency-name: a2wsgi
dependency-version: 1.10.10
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: python-packages
- dependency-name: wsproto
dependency-version: 1.3.2
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: python-packages
- dependency-name: mkdocs-material
dependency-version: 9.7.1
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: python-packages
- dependency-name: mkdocstrings-python
dependency-version: 2.0.1
dependency-type: direct:development
update-type: version-update:semver-major
dependency-group: python-packages
- dependency-name: mkdocs-llmstxt
dependency-version: 0.5.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: python-packages
...
Signed-off-by: dependabot[bot] <support@github.com>
* Keep websockets pinned at 13.1, remove stale type: ignore comments
websockets 16.0 has breaking API changes (removed legacy module
from type stubs, renamed exceptions) that require a separate
migration effort. Keep it at 13.1 for now.
The two removed `type: ignore` comments became unused with mypy 1.19.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>
2026-02-15 17:53:17 +00:00
dependabot[bot]
4532a39a67
chore(deps-dev): bump cryptography from 46.0.3 to 46.0.5 ( #2814 )
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 46.0.3 to 46.0.5.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/46.0.3...46.0.5 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-version: 46.0.5
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-15 14:33:36 +00:00
dependabot[bot]
4aff1b95f4
chore(deps): bump urllib3 from 2.5.0 to 2.6.3 ( #2803 )
...
Bumps [urllib3](https://github.com/urllib3/urllib3 ) from 2.5.0 to 2.6.3.
- [Release notes](https://github.com/urllib3/urllib3/releases )
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst )
- [Commits](https://github.com/urllib3/urllib3/compare/2.5.0...2.6.3 )
---
updated-dependencies:
- dependency-name: urllib3
dependency-version: 2.6.3
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-15 14:28:38 +00:00
Marcelo Trylesinski
19df042c54
Drop Python 3.9 ( #2772 )
2025-12-21 14:56:01 +01:00
Marcelo Trylesinski
9b3f17a549
Support Python 3.14 ( #2723 )
...
Co-authored-by: Jair Henrique <jair.henrique@gmail.com>
2025-10-18 15:38:06 +02:00
Marcelo Trylesinski
93d9510749
Bump docs dependencies ( #2724 )
2025-10-11 08:51:24 +00:00
Marcelo Trylesinski
bf337d62d5
Use uv instead of plain pip ( #2693 )
2025-09-13 10:13:29 +02:00
