chore(deps)(deps): bump the production-dependencies group across 1 directory with 28 updates by dependabot[bot] · Pull Request #40 · Poolchaos/Serelo

dependabot · 2026-06-15T13:09:56Z

Bumps the production-dependencies group with 28 updates in the /backend directory:

Package	From	To
fastapi	`0.109.0`	`0.137.1`
uvicorn	`0.27.0`	`0.49.0`
pydantic	`2.5.3`	`2.13.4`
pydantic-settings	`2.1.0`	`2.14.1`
email-validator	`2.1.0`	`2.3.0`
motor	`3.3.2`	`3.7.1`
pymongo	`4.6.1`	`4.17.0`
miniopy-async	`1.19`	`1.23.5`
minio	`7.2.3`	`7.2.20`
pyjwt	`2.9.0`	`2.13.0`
python-multipart	`0.0.6`	`0.0.32`
slowapi	`0.1.9`	`0.1.10`
bleach	`6.1.0`	`6.4.0`
prometheus-client	`0.19.0`	`0.25.0`
celery	`5.3.4`	`5.6.3`
python-docx	`1.1.0`	`1.2.0`
reportlab	`4.0.7`	`4.5.1`
openpyxl	`3.1.2`	`3.1.5`
anthropic	`0.39.0`	`0.109.1`
google-generativeai	`0.8.3`	`0.8.6`
tiktoken	`0.5.2`	`0.13.0`
scikit-learn	`1.3.2`	`1.9.0`
pyyaml	`6.0.1`	`6.0.3`
markdown	`3.5.1`	`3.10.2`
pytest-xdist	`3.5.0`	`3.8.0`
httpx	`0.26.0`	`0.28.1`
ruff	`0.1.11`	`0.15.17`
python-dotenv	`1.0.0`	`1.2.2`

Updates fastapi from 0.109.0 to 0.137.1

Release notes

Sourced from fastapi's releases.

0.137.1

Fixes

🚨 Fix typing checks for APIRoute. PR #15765 by @tiangolo.

🐛 Fix bug, allow empty path in path operation in prefixless router. PR #15763 by @tiangolo.

0.137.0

Breaking Changes

♻️ Refactor internals to preserve APIRouter and APIRoute instances. PR #15745 by @tiangolo.

Unblocks ✨ SO MANY THINGS ✨

Before this, router.include_router(other_router) would take each path operation from other_router and "clone" it, or recreate it from scratch.

This would mean that in the end there was only one top level router, part of the app.

The way it is structured here is that there are a few additional classes to handle intermediate metadata for router and route inclusion. That way the information of "router X includes Y and Y includes Z" is stored somewhere, without affecting (recreating / clonning) the final route.

Non Objectives

Dependencies for 404: previously I intended to support dependencies that would be executed even for 404, but that would conflict with the fact that a router could not find a match, but the next router did find a match. Executing dependencies in the router that did not find a match would not make sense, they could consume the request, body, etc. This original idea was discarded.

Specific Breaking Changes

Now router.routes is no longer a plain list of APIRoute objects, it can contain these intermediate objects that can contain additional routers, forming a tree.

Any logic that depended on iterating on the router.routes directly would be affected, that logic cannot expect to be able to extract data from a plain list of routes, as it's no longer a plain list but a tree.

Additionally, any logic that iterated on router.routes to modify them would now also see these new objects, and would not see all the routes in the app.

router.routes should be considered an internal implementation detail, only passed around to the FastAPI functions that need it.

Features

Adding routes (path operations) after a router is included now works, they are reflected as they are not copied.

Including subrouter in mainrouter can be done before adding routes (path operations) to subrouter, because now the the entire object is stored instead of copying the routes.

As routes are not copied, in some cases that might save some memory.

Alpha Features

This is not documented yet, so it's not officially supported yet and could change in the future.

But, as APIRoute and APIRouter instances are now preserved, they could be customized.

APIRouter has two new methods, .matches() and .handle(), counterpart to the existing ones in APIRoute. With this a router could customize how it matches and handles requests. For example, it could match only requests that include some specific header, for example for handling versions in headers.

Still, for now, consider this very experimental and potentially changing and breaking in the future.

Future Features Enabled

... (truncated)

Commits

a82e5f2 🔖 Release version 0.137.1 (#15766)
edd1461 📝 Update release notes
b78c822 🚨 Fix typing checks for APIRoute (#15765)
e0f8cad 📝 Update release notes
d8aad20 🐛 Fix bug, allow empty path in path operation in prefixless router (#15763)
9a9c4ad 🔖 Release version 0.137.0 (#15748)
c6d5897 📝 Update release notes
31d097f 📝 Update release notes (#15747)
ba609a8 📝 Update release notes
8e1d774 ♻️ Refactor internals to preserve APIRouter and APIRoute instances (#15745)
Additional commits viewable in compare view

Updates uvicorn from 0.27.0 to 0.49.0

Release notes

Sourced from uvicorn's releases.

Version 0.49.0

What's Changed

Bump httptools minimum version to 0.8.0 by @Kludex in Kludex/uvicorn#2962

Consume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) by @Kludex in Kludex/uvicorn#2971

Full Changelog: Kludex/uvicorn@0.48.0...0.49.0

Version 0.48.0

What's Changed

Default ssl_ciphers to None and use OpenSSL defaults by @Kludex in Kludex/uvicorn#2940

Ignore duplicate forwarding headers in ProxyHeadersMiddleware by @Kludex in Kludex/uvicorn#2944

Full Changelog: Kludex/uvicorn@0.47.0...0.48.0

Version 0.47.0

What's Changed

Eagerly import the ASGI app in the parent process by @Kludex in Kludex/uvicorn#2919

Add ssl_context_factory for custom SSLContext configuration by @Kludex in Kludex/uvicorn#2920

Treat fd=0 as a valid file descriptor with reload/workers by @eltoder in Kludex/uvicorn#2927

Full Changelog: Kludex/uvicorn@0.46.0...0.47.0

Version 0.46.0

What's Changed

Support ws_max_size in wsproto implementation by @Kludex in Kludex/uvicorn#2915

Support ws_ping_interval and ws_ping_timeout in wsproto implementation by @Kludex in Kludex/uvicorn#2916

Use bytearray for incoming WebSocket message buffer in websockets-sansio by @Kludex in Kludex/uvicorn#2917

Full Changelog: Kludex/uvicorn@0.45.0...0.46.0

Version 0.45.0

What's Changed

Preserve forwarded client ports in proxy headers middleware by @Kludex in Kludex/uvicorn#2903

Accept os.PathLike for log_config by @Kludex in Kludex/uvicorn#2905

Accept log_level strings case-insensitively by @Kludex in Kludex/uvicorn#2907

Raise helpful ImportError when PyYAML is missing for YAML log config by @Kludex in Kludex/uvicorn#2906

Revert empty context for ASGI runs by @Kludex in Kludex/uvicorn#2911

Add --reset-contextvars flag to isolate ASGI request context by @Kludex in Kludex/uvicorn#2912

Revert "Emit http.disconnect on server shutdown for streaming responses" (#2829) by @Kludex in Kludex/uvicorn#2913

New Contributors

@Krishnachaitanyakc made their first contribution in Kludex/uvicorn#2870

Full Changelog: Kludex/uvicorn@0.44.0...0.45.0

Version 0.44.0

What's Changed

Implement websocket keepalive pings for websockets-sansio by @Kludex in Kludex/uvicorn#2888

... (truncated)

Changelog

Sourced from uvicorn's changelog.

0.49.0 (June 3, 2026)

Changed

Bump httptools minimum version to 0.8.0 (#2962)

Consume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) (#2971)

0.48.0 (May 24, 2026)

Changed

Default ssl_ciphers to None and use OpenSSL defaults (#2940)

Fixed

Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)

0.47.0 (May 14, 2026)

Added

Add ssl_context_factory for custom SSLContext configuration (#2920)

Changed

Eagerly import the ASGI app in the parent process (#2919)

Fixed

Treat fd=0 as a valid file descriptor with reload/workers (#2927)

0.46.0 (April 23, 2026)

Added

Support ws_max_size in wsproto implementation (#2915)

Support ws_ping_interval and ws_ping_timeout in wsproto implementation (#2916)

Changed

Use bytearray for incoming WebSocket message buffer in websockets-sansio (#2917)

0.45.0 (April 21, 2026)

Added

Add --reset-contextvars flag to isolate ASGI request context (#2912)

Accept os.PathLike for log_config (#2905)

Accept log_level strings case-insensitively (#2907)

... (truncated)

Commits

3ef2e3e Version 0.49.0 (#2973)
eeb64b1 Consume duplicate forwarding headers in ProxyHeadersMiddleware (#2971)
630f4ac Make the watchfiles reload tests deterministic (#2972)
9154922 chore(deps): bump the github-actions group across 1 directory with 6 updates ...
739727a Migrate docs deploy from Cloudflare Pages to Workers (#2967)
be4a240 Gate docs preview deploy on Cloudflare token presence (#2966)
c489d7e Bump httptools minimum version to 0.8.0 (#2962)
9f547bd Skip docs preview deploy for Dependabot PRs (#2961)
44446b8 Migrate documentation from MkDocs Material to Zensical (#2959)
cfd659c Bump pymdown-extensions to 10.21.3 (#2958)
Additional commits viewable in compare view

Updates pydantic from 2.5.3 to 2.13.4

Release notes

Sourced from pydantic's releases.

v2.13.4 2026-05-06

v2.13.4 (2026-05-06)

What's Changed

Packaging

Bump libc from 0.2.155 to 0.2.185 by @Viicos in #13109

Adapt pydantic-core linker flags on macOS by @washingtoneg and @Viicos in #13147

Fixes

Preserve RootModel core metadata by @Viicos in #13129

Full Changelog: pydantic/pydantic@v2.13.3...v2.13.4

v2.13.3 2026-04-20

v2.13.3 (2026-04-20)

What's Changed

Fixes

Handle AttributeError subclasses with from_attributes by @Viicos in #13096

Full Changelog: pydantic/pydantic@v2.13.2...v2.13.3

v2.13.2 2026-04-17

v2.13.2 (2026-04-17)

What's Changed

Fixes

Fix ValidationInfo.field_name missing with model_validate_json() by @Viicos in #13084

Full Changelog: pydantic/pydantic@v2.13.1...v2.13.2

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

Fix ValidationInfo.data missing with model_validate_json() by @davidhewitt in #13079

Full Changelog: pydantic/pydantic@v2.13.0...v2.13.1

v2.13.0 2026-04-13

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.13.4 (2026-05-06)

GitHub release

What's Changed

Packaging

Bump libc from 0.2.155 to 0.2.185 by @Viicos in #13109

Adapt pydantic-core linker flags on macOS by @washingtoneg and @Viicos in #13147

Fixes

Preserve RootModel core metadata by @Viicos in #13129

v2.13.3 (2026-04-20)

GitHub release

What's Changed

Fixes

Handle AttributeError subclasses with from_attributes by @Viicos in #13096

v2.13.2 (2026-04-17)

GitHub release

What's Changed

Fixes

Fix ValidationInfo.field_name missing with model_validate_json() by @Viicos in #13084

v2.13.1 (2026-04-15)

GitHub release

What's Changed

Fixes

Fix ValidationInfo.data missing with model_validate_json() by @davidhewitt in #13079

v2.13.0 (2026-04-13)

GitHub release

The highlights of the v2.13 release are available in the blog post.

... (truncated)

Commits

cf67d4b Fix linting
f0d8a21 Prepare release v2.13.4
5e3fe1d Check for pydantic tag pattern in CI
7f9edcc Document tagging conventions
b46a0c9 Adapt pydantic-core linker flags on macOS
50629c8 Update to PyPy 7.3.22
8522ebb Preserve RootModel core metadata
a37f3af Adapt MISSING sentinel test to work with unreleased typing_extensions ver...
909259a Remove Logfire example in documentation
2c4174c Bump libc from 0.2.155 to 0.2.185
Additional commits viewable in compare view

Updates pydantic-settings from 2.1.0 to 2.14.1

Release notes

Sourced from pydantic-settings's releases.

v2.14.1

What's Changed

Bump the python-packages group with 4 updates by @dependabot[bot] in pydantic/pydantic-settings#850

Bump the python-packages group with 5 updates by @dependabot[bot] in pydantic/pydantic-settings#854

Bump the github-actions group with 3 updates by @dependabot[bot] in pydantic/pydantic-settings#853

Bump the python-packages group with 2 updates by @dependabot[bot] in pydantic/pydantic-settings#856

Fix field named cls conflicting with classmethod parameter by @hramezani in pydantic/pydantic-settings#858

Prepare release 2.14.1 by @hramezani in pydantic/pydantic-settings#859

Full Changelog: pydantic/pydantic-settings@v2.14.0...v2.14.1

v2.14.0

What's Changed

Fix parsing env vars into Optional Strict types by @hramezani in pydantic/pydantic-settings#792

Fix RecursionError with mutually recursive models in CLI by @hramezani in pydantic/pydantic-settings#794

Fix env_file from model_config ignored in CliApp.run() (#795) by @hramezani in pydantic/pydantic-settings#796

Update dependencies by @hramezani in pydantic/pydantic-settings#798

Add Dependabot configuration by @hramezani in pydantic/pydantic-settings#801

Bump samuelcolvin/check-python-version from 4.1 to 5 by @dependabot[bot] in pydantic/pydantic-settings#802

Bump actions/upload-artifact from 4 to 7 by @dependabot[bot] in pydantic/pydantic-settings#803

Bump actions/checkout from 4 to 6 by @dependabot[bot] in pydantic/pydantic-settings#804

Bump astral-sh/setup-uv from 5 to 7 by @dependabot[bot] in pydantic/pydantic-settings#805

Bump actions/setup-python from 5 to 6 by @dependabot[bot] in pydantic/pydantic-settings#806

Ignore chardet and group GitHub Actions in Dependabot by @hramezani in pydantic/pydantic-settings#808

Bump actions/download-artifact from 4 to 8 in the github-actions group by @dependabot[bot] in pydantic/pydantic-settings#809

Bump the python-packages group with 2 updates by @dependabot[bot] in pydantic/pydantic-settings#810

Support reading .env files from FIFOs (e.g. 1Password Environments) by @JacobHayes in pydantic/pydantic-settings#776

Fix AliasChoices ignored when changing provider priority by @hramezani in pydantic/pydantic-settings#813

fix: resolve KeyError in run_subcommand for underscore field names by @bradykieffer in pydantic/pydantic-settings#799

Bump the python-packages group with 3 updates by @dependabot[bot] in pydantic/pydantic-settings#814

Fix Literal[numeric Enum] coercion for CLI and env vars by @m9810223 in pydantic/pydantic-settings#811

Fix nested discriminated unions not discovered by env/CLI providers by @hramezani in pydantic/pydantic-settings#816

Bump the python-packages group with 3 updates by @dependabot[bot] in pydantic/pydantic-settings#820

CLI ensure env nested max split internally. by @kschwab in pydantic/pydantic-settings#821

Bump the python-packages group with 4 updates by @dependabot[bot] in pydantic/pydantic-settings#824

Migrate boto3-stubs to types-boto3 by @hramezani in pydantic/pydantic-settings#831

Fix CLI not recognizing field name with validate_by_name and AliasChoices by @hramezani in pydantic/pydantic-settings#826

Allow customisation of the dotevn setting source to filter variables by @CaselIT in pydantic/pydantic-settings#832

Bump the python-packages group with 3 updates by @dependabot[bot] in pydantic/pydantic-settings#833

Introduce yamlfmt by @Viicos in pydantic/pydantic-settings#836

Bump boto3 from 1.42.82 to 1.42.83 in the python-packages group by @dependabot[bot] in pydantic/pydantic-settings#837

Introduce zizmor by @Viicos in pydantic/pydantic-settings#838

Fix CliPositionalArg[list[CustomType]] crash for custom types by @hramezani in pydantic/pydantic-settings#839

Add note about Mypy plugin for BaseSettings.__init__() by @Viicos in pydantic/pydantic-settings#842

Fix cli_ignore_unknown_args=True not working on subcommands by @hramezani in pydantic/pydantic-settings#844

Bump the python-packages group with 4 updates by @dependabot[bot] in pydantic/pydantic-settings#847

Fix CLI descriptions lost under python -OO by falling back to json_schema_extra by @hramezani in pydantic/pydantic-settings#843

Prepare release 2.14.0 by @hramezani in pydantic/pydantic-settings#848

... (truncated)

Commits

e95c30b Prepare release 2.14.1 (#859)
0c87345 Fix field named cls conflicting with classmethod parameter (#858)
7bd0072 Bump the python-packages group with 2 updates (#856)
b03e573 Bump the github-actions group with 3 updates (#853)
eaa3b43 Bump the python-packages group with 5 updates (#854)
9f95615 Bump the python-packages group with 4 updates (#850)
8916bee Prepare release 2.14.0 (#848)
39e551c Fix CLI descriptions lost under python -OO by falling back to `json_schema_...
9ed7f48 Bump the python-packages group with 4 updates (#847)
617c690 Fix cli_ignore_unknown_args=True not working on subcommands (#844)
Additional commits viewable in compare view

Updates email-validator from 2.1.0 to 2.3.0

Release notes

Sourced from email-validator's releases.

v2.3.0

The package name is changed from using an underscore (email_validator) to a dash (email-validator) to match PyPi's normalized package name.

The library no longer checks that the local part is at most 64 characters because a more careful reading of RFC 5321 indicates the limit is optional and such email addresses have been found in the wild. However the check can be restored using a new strict=True parameter, and the overall 254 character email address length limit is still in place.

New EmailSyntaxError messages are used for some exiting syntax errors related to @-sign homoglyphs and invalid characters in internationalized domains.

When using allow_display_name=True, display names are now returned with Unicode NFC normalization.

TypeError is now raised if something other than str (or bytes) is passed as the email address.

2.2.0 (June 20, 2024)

Email addresses with internationalized local parts could, with rare Unicode characters, be returned as valid but actually be invalid in their normalized form (returned in the normalized field). Local parts now re-validated after Unicode NFC normalization to ensure that invalid characters cannot be injected into the normalized address and that characters with length-increasing NFC normalizations cannot cause a local part to exceed the maximum length after normalization.

The length check for email addresses with internationalized local parts is now also applied to the original address string prior to Unicode NFC normalization, which may be longer and could exceed the maximum email address length, to protect callers who do not use the returned normalized address.

Improved error message for IDNA domains that are too long or have invalid characters after Unicode normalization.

A new option to parse My Name <address@domain> strings, i.e. a display name plus an email address in angle brackets, is now available. It is off by default.

Improvements to Python typing.

Some additional tests added.

v2.1.2

2.1.2 (June 16, 2024)

The domain name length limit is corrected from 255 to 253 IDNA ASCII characters. I misread the RFCs.

When a domain name has no MX record but does have an A or AAAA record, if none of the IP addresses in the response are globally reachable (i.e. not Private-Use, Loopback, etc.), the response is treated as if there was no A/AAAA response and the email address will fail the deliverability check.

When a domain name has no MX record but does have an A or AAAA record, the mx field in the object returned by validate_email incorrectly held the IP addresses rather than the domain itself.

Fixes in tests.

v2.1.1 (February 26, 2024)

Fixed typo 'marking' instead of 'marketing' in case-insensitive mailbox name list.

When DNS-based deliverability checks fail, in some cases exceptions are now thrown with raise ... from for better nested exception tracking.

Fixed tests to work when no local resolver can be configured.

This project is now licensed under the Unlicense (instead of CC0).

Minor improvements to tests.

Minor improvements to code style.

Changelog

Sourced from email-validator's changelog.

2.3.0 (August 26, 2025)

The package name is changed from using an underscore (email_validator) to a dash (email-validator) to match PyPi's normalized package name.

The library no longer checks that the local part is at most 64 characters because a more careful reading of RFC 5321 indicates the limit is optional and such email addresses have been found in the wild. However the check can be restored using a new strict=True parameter, and the overall 254 character email address length limit is still in place.

New EmailSyntaxError messages are used for some exiting syntax errors related to @-sign homoglyphs and invalid characters in internationalized domains.

When using allow_display_name=True, display names are now returned with Unicode NFC normalization.

TypeError is now raised if something other than str (or bytes) is passed as the email address.

2.2.0 (June 20, 2024)

Email addresses with internationalized local parts could, with rare Unicode characters, be returned as valid but actually be invalid in their normalized form (returned in the normalized field). In particular, it is possible to get a normalized address with a ";" character, which is not valid and could change the interpretation of the address. Local parts now re-validated after Unicode NFC normalization to ensure that invalid characters cannot be injected into the normalized address and that characters with length-increasing NFC normalizations cannot cause a local part to exceed the maximum length after normalization. Thanks to khanh@calif.io from https://calif.io for reporting the issue.

The length check for email addresses with internationalized local parts is now also applied to the original address string prior to Unicode NFC normalization, which may be longer and could exceed the maximum email address length, to protect callers who do not use the returned normalized address.

Improved error message for IDNA domains that are too long or have invalid characters after Unicode normalization.

A new option to parse My Name <address@domain> strings, i.e. a display name plus an email address in angle brackets, is now available. It is off by default.

Improvements to Python typing.

Some additional tests added.

2.1.2 (June 16, 2024)

The domain name length limit is corrected from 255 to 253 IDNA ASCII characters. I misread the RFCs.

When a domain name has no MX record but does have an A or AAAA record, if none of the IP addresses in the response are globally reachable (i.e. not Private-Use, Loopback, etc.), the response is treated as if there was no A/AAAA response and the email address will fail the deliverability check.

When a domain name has no MX record but does have an A or AAAA record, the mx field in the object returned by validate_email incorrectly held the IP addresses rather than the domain itself.

Fixes in tests.

2.1.1 (February 26, 2024)

Fixed typo 'marking' instead of 'marketing' in case-insensitive mailbox name list.

When DNS-based deliverability checks fail, in some cases exceptions are now thrown with raise ... from for better nested exception tracking.

Fixed tests to work when no local resolver can be configured.

This project is now licensed under the Unlicense (instead of CC0).

Minor improvements to tests.

Minor improvements to code style.

Commits

030a63a Version 2.3.0
e943a0f Raise TypeError when an invalid argument is passed for email, closes #155
f90d256 Remove local part length check unless new strict flag is given, fixes #158
98800ba Add explicit checks for internationalized domain name characters invalid unde...
936aead Fix final syntax checks on normalized internationalized domains checking the ...
8043de4 NFC-normalize display names per UTS #39
bc08faa Add one-off error messages for full-width-at and small-commercial-at which ar...
a1c90ab Split exceptions_types.py into exceptions.py and types.py
dbcf07c Change package name from using underscore to dash to match PyPi normalized pa...
7c22208 Support ALLOW_DISPLAY_NAME and ALLOW_EMPTY_LOCAL in the CLI (#145)
Additional commits viewable in compare view

Updates motor from 3.3.2 to 3.7.1

Release notes

Sourced from motor's releases.

Motor 3.7.1

Community notes: https://www.mongodb.com/community/forums/t/motor-3-7-1-released/321388.

Motor 3.7.0

Community notes: https://www.mongodb.com/community/forums/t/motor-3-7-0-released/311077/3

Motor 3.6.1

What's Changed

PYTHON-4962 Adopt zizmor GitHub Actions security scanner by @blink1073 in mongodb/motor#312

MOTOR-1413 Install pymongo from v4.9 branch when installing from source by @blink1073 in mongodb/motor#313

PYTHON-5017 Use a separate PyPI publish step by @blink1073 in mongodb/motor#314

PYTHON-5017 Fix post-publish step by @blink1073 in mongodb/motor#315

MOTOR-1420 Add detailed return type to to_list method by @SaidBySolo in mongodb/motor#316

MOTOR-1420 Use generic return type for to_list() by @ShaneHarvey in mongodb/motor#318

Add changelog for 3.6.1 by @blink1073 in mongodb/motor#317

New Contributors

@SaidBySolo made their first contribution in mongodb/motor#316

Full Changelog: mongodb/motor@3.6.0...3.6.1

Motor 3.6.0

Community notes: https://www.mongodb.com/community/forums/t/motor-3-6-0-released/297834

Motor 3.5.3

Add GitHub Attestation support to release process.

Motor 3.5.2

Update the PyMongo dependency requirement to >=4.5 and <4.9. Apps that require PyMongo >=4.9 must upgrade to Motor >=3.6.

Motor 3.5.1

What's Changed

MOTOR-1335 AsyncIOMotorClient is not suscriptable by @blink1073 in mongodb/motor#293

MOTOR-1336 Add changelog for 3.5.1 by @blink1073 in mongodb/motor#294

Full Changelog: mongodb/motor@3.5.0...3.5.1

Motor 3.5.0

What's Changed

Drop support for Python 3.7.

Switch to using Hatchling as a build backend and remove setup.py.

Add Secure Software Development Life Cycle automation to release process. GitHub Releases for pymongocrypt now include a Software Bill of Materials, and signature files corresponding to the distribution files released on PyPI.

New Contributors

@Doekeb made their first contribution in mongodb/motor#272

Full Changelog: mongodb/motor@3.4.0...3.5.0

Motor 3.4.0

... (truncated)

Changelog

Sourced from motor's changelog.

Motor 3.7.1

The 3.7.1 release contains only documentation changes.

.. warning:: As of May 14th, 2025, Motor is deprecated in favor of the GA release of the PyMongo Async API. No new features will be added to Motor, and only bug fixes will be provided until it reaches end of life on May 14th, 2026. After that, only critical bug fixes will be made until final support ends on May 14th, 2027. We strongly recommend migrating to the PyMongo Async API while Motor is still supported. For help transitioning, see the Migrate to PyMongo Async guide <https://www.mongodb.com/docs/languages/python/pymongo-driver/current/reference/migration/>_.

Motor 3.7.0

Add support for PyMongo 4.10.

Drop support for Python 3.8.

Drop support for MongoDB 3.6.

Motor 3.6.1

Add return type to to_list method in stub file.

Fix ability to install pymongo from source while testing.

Motor 3.6.0

Add support for MongoDB 8.0 and PyMongo 4.9.

The length parameter in :meth:MotorCursor.to_list is now optional.

.. note::

This is the last planned minor version of Motor. We are sunsetting Motor in favor of native asyncio support in PyMongo 4.9+. We will continue to provide security releases and bug fixes for Motor, but it will not gain new features.

Motor 3.5.1

Fix runtime behavior of Motor generic class typing, e.g. client: AsyncIOMotorClient[Dict[str, Any]].

Motor 3.5.0

Drop support for Python 3.7.

Switch to using Hatchling as a build backend and remove setup.py.

Add Secure Software Development Life Cycle automation to release process. GitHub Releases for pymongocrypt now include a Software Bill of Materials, and signature files corresponding to the distribution files released on PyPI.

Motor 3.4.0

... (truncated)

Commits

1b2e255 Bump version to 3.7.1 for release (#337)
c734a3a Update changelog for 3.7.1 (#336)
e20ae5f PYTHON-5377 - Further update assets to align with GA release of Async PyMongo...
f6a70b8 PYTHON-5377 - Update assets to align with GA release of Async PyMongo (#334)
83f735a PYTHON-5353 Use pinned sources for GitHub Actions (#333)
c291853 PYTHON-5348 Fix CodeQL Scanning for GitHub Actions (#332)
d5d0995 MOTOR-1453 & MOTOR-1454 Update expected attributes tests and links (#331)
eae1d25 PYTHON-5188 Make version setting a part of the release process (#330)
a879ce5 PYTHON-5131 Migrate off of Ubuntu 20.04 GitHub Actions Runners (#329)
6751d66 PYTHON-5136 Add check-json to pre-commit checks (#328)
Additional commits viewable in compare view

Updates pymongo from 4.6.1 to 4.17.0

Release notes

Sourced from pymongo's releases.

PyMongo 4.17.0

Community notes

What's Changed

refactor(ci): replace shell=True and awk pipes with native Python by @RinZ27 in mongodb/mongo-python-driver#2671

PYTHON-5697 - Migrate 8.0+ tests to Windows 2022 by @NoahStapp in mongodb/mongo-python-driver#2681

[Spec Resync] 01-19-2026 by @mongodb-drivers-pr-bot[bot] in mongodb/mongo-python-driver#2680

Bump pyright from 1.1.407 to 1.1.408 by @dependabot[bot] in mongodb/mongo-python-driver#2675

PYTHON-5692 - [Infrastructure] Improve dependabot version updates by @NoahStapp in mongodb/mongo-python-driver#2682

PYTHON-5605 - Drop usage of Ubuntu 20 by @NoahStapp in mongodb/mongo-python-driver#2683

PYTHON-5699 & PYTHON-5698 [Spec Resync] 01-26-2026 by @mongodb-drivers-pr-bot[bot] in mongodb/mongo-python-driver#2685

PYTHON-5703 Use Ubuntu24 for AWS Auth tests by @blink1073 in mongodb/mongo-python-driver#2686

PYTHON-5704 Skip free-threading for enterprise auth builds by @blink1073 in mongodb/mongo-python-driver#2687

Bump astral-sh/setup-uv from 7.1.6 to 7.2.0 in the actions group across 1 directory by @dependabot[bot] in mongodb/mongo-python-driver#2684

Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 in the actions group by @dependabot[bot] in mongodb/mongo-python-driver#2692

PYTHON-1357 - Refactor Cursor and CommandCursor by @NoahStapp in mongodb/mongo-python-driver#2691

[Spec Resync] 02-02-2026 by @mongodb-drivers-pr-bot[bot] in mongodb/mongo-python-driver#2694

PYTHON-5467 Add codecov integration by @blink1073 in mongodb/mongo-python-driver#2690

Bump astral-sh/setup-uv from 7.2.0 to 7.2.1 in the actions group by @dependabot[bot] in mongodb/mongo-python-driver#2700

PYTHON-XXXX Fixed typo in Running Tests Locally section. by @caseyclements in mongodb/mongo-python-driver#2698

PYTHON-5467 Fix codecov upload by @blink1073 in Description has been truncated

…rectory with 28 updates Bumps the production-dependencies group with 28 updates in the /backend directory: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.109.0` | `0.137.1` | | [uvicorn](https://github.com/Kludex/uvicorn) | `0.27.0` | `0.49.0` | | [pydantic](https://github.com/pydantic/pydantic) | `2.5.3` | `2.13.4` | | [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.1.0` | `2.14.1` | | [email-validator](https://github.com/JoshData/python-email-validator) | `2.1.0` | `2.3.0` | | [motor](https://github.com/mongodb/motor) | `3.3.2` | `3.7.1` | | [pymongo](https://github.com/mongodb/mongo-python-driver) | `4.6.1` | `4.17.0` | | [miniopy-async](https://github.com/hlf20010508/miniopy-async) | `1.19` | `1.23.5` | | [minio](https://github.com/minio/minio-py) | `7.2.3` | `7.2.20` | | [pyjwt](https://github.com/jpadilla/pyjwt) | `2.9.0` | `2.13.0` | | [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.6` | `0.0.32` | | [slowapi](https://github.com/laurents/slowapi) | `0.1.9` | `0.1.10` | | [bleach](https://github.com/mozilla/bleach) | `6.1.0` | `6.4.0` | | [prometheus-client](https://github.com/prometheus/client_python) | `0.19.0` | `0.25.0` | | [celery](https://github.com/celery/celery) | `5.3.4` | `5.6.3` | | [python-docx](https://github.com/python-openxml/python-docx) | `1.1.0` | `1.2.0` | | [reportlab](https://www.reportlab.com/) | `4.0.7` | `4.5.1` | | [openpyxl](https://openpyxl.readthedocs.io) | `3.1.2` | `3.1.5` | | [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.39.0` | `0.109.1` | | [google-generativeai](https://github.com/google/generative-ai-python) | `0.8.3` | `0.8.6` | | [tiktoken](https://github.com/openai/tiktoken) | `0.5.2` | `0.13.0` | | [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.3.2` | `1.9.0` | | [pyyaml](https://github.com/yaml/pyyaml) | `6.0.1` | `6.0.3` | | [markdown](https://github.com/Python-Markdown/markdown) | `3.5.1` | `3.10.2` | | [pytest-xdist](https://github.com/pytest-dev/pytest-xdist) | `3.5.0` | `3.8.0` | | [httpx](https://github.com/encode/httpx) | `0.26.0` | `0.28.1` | | [ruff](https://github.com/astral-sh/ruff) | `0.1.11` | `0.15.17` | | [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.0` | `1.2.2` | Updates `fastapi` from 0.109.0 to 0.137.1 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.109.0...0.137.1) Updates `uvicorn` from 0.27.0 to 0.49.0 - [Release notes](https://github.com/Kludex/uvicorn/releases) - [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md) - [Commits](Kludex/uvicorn@0.27.0...0.49.0) Updates `pydantic` from 2.5.3 to 2.13.4 - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](pydantic/pydantic@v2.5.3...v2.13.4) Updates `pydantic-settings` from 2.1.0 to 2.14.1 - [Release notes](https://github.com/pydantic/pydantic-settings/releases) - [Commits](pydantic/pydantic-settings@v2.1.0...v2.14.1) Updates `email-validator` from 2.1.0 to 2.3.0 - [Release notes](https://github.com/JoshData/python-email-validator/releases) - [Changelog](https://github.com/JoshData/python-email-validator/blob/main/CHANGELOG.md) - [Commits](JoshData/python-email-validator@v2.1.0...v2.3.0) Updates `motor` from 3.3.2 to 3.7.1 - [Release notes](https://github.com/mongodb/motor/releases) - [Changelog](https://github.com/mongodb/motor/blob/master/doc/changelog.rst) - [Commits](mongodb/motor@3.3.2...3.7.1) Updates `pymongo` from 4.6.1 to 4.17.0 - [Release notes](https://github.com/mongodb/mongo-python-driver/releases) - [Changelog](https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst) - [Commits](mongodb/mongo-python-driver@4.6.1...4.17.0) Updates `miniopy-async` from 1.19 to 1.23.5 - [Release notes](https://github.com/hlf20010508/miniopy-async/releases) - [Commits](hlf20010508/miniopy-async@1.19...1.23.5) Updates `minio` from 7.2.3 to 7.2.20 - [Release notes](https://github.com/minio/minio-py/releases) - [Commits](minio/minio-py@7.2.3...7.2.20) Updates `pyjwt` from 2.9.0 to 2.13.0 - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](jpadilla/pyjwt@2.9.0...2.13.0) Updates `python-multipart` from 0.0.6 to 0.0.32 - [Release notes](https://github.com/Kludex/python-multipart/releases) - [Changelog](https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md) - [Commits](Kludex/python-multipart@0.0.6...0.0.32) Updates `slowapi` from 0.1.9 to 0.1.10 - [Release notes](https://github.com/laurents/slowapi/releases) - [Changelog](https://github.com/laurentS/slowapi/blob/master/CHANGELOG.md) - [Commits](laurentS/slowapi@v0.1.9...v0.1.10) Updates `bleach` from 6.1.0 to 6.4.0 - [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES) - [Commits](mozilla/bleach@v6.1.0...v6.4.0) Updates `prometheus-client` from 0.19.0 to 0.25.0 - [Release notes](https://github.com/prometheus/client_python/releases) - [Commits](prometheus/client_python@v0.19.0...v0.25.0) Updates `celery` from 5.3.4 to 5.6.3 - [Release notes](https://github.com/celery/celery/releases) - [Changelog](https://github.com/celery/celery/blob/v5.6.3/Changelog.rst) - [Commits](celery/celery@v5.3.4...v5.6.3) Updates `python-docx` from 1.1.0 to 1.2.0 - [Changelog](https://github.com/python-openxml/python-docx/blob/master/HISTORY.rst) - [Commits](python-openxml/python-docx@v1.1.0...v1.2.0) Updates `reportlab` from 4.0.7 to 4.5.1 Updates `openpyxl` from 3.1.2 to 3.1.5 Updates `anthropic` from 0.39.0 to 0.109.1 - [Release notes](https://github.com/anthropics/anthropic-sdk-python/releases) - [Changelog](https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md) - [Commits](anthropics/anthropic-sdk-python@v0.39.0...v0.109.1) Updates `google-generativeai` from 0.8.3 to 0.8.6 - [Release notes](https://github.com/google/generative-ai-python/releases) - [Changelog](https://github.com/google-gemini/deprecated-generative-ai-python/blob/main/RELEASE.md) - [Commits](google-gemini/deprecated-generative-ai-python@v0.8.3...v0.8.6) Updates `tiktoken` from 0.5.2 to 0.13.0 - [Release notes](https://github.com/openai/tiktoken/releases) - [Changelog](https://github.com/openai/tiktoken/blob/main/CHANGELOG.md) - [Commits](openai/tiktoken@0.5.2...0.13.0) Updates `scikit-learn` from 1.3.2 to 1.9.0 - [Release notes](https://github.com/scikit-learn/scikit-learn/releases) - [Commits](scikit-learn/scikit-learn@1.3.2...1.9.0) Updates `pyyaml` from 6.0.1 to 6.0.3 - [Release notes](https://github.com/yaml/pyyaml/releases) - [Changelog](https://github.com/yaml/pyyaml/blob/6.0.3/CHANGES) - [Commits](yaml/pyyaml@6.0.1...6.0.3) Updates `markdown` from 3.5.1 to 3.10.2 - [Release notes](https://github.com/Python-Markdown/markdown/releases) - [Changelog](https://github.com/Python-Markdown/markdown/blob/master/docs/changelog.md) - [Commits](Python-Markdown/markdown@3.5.1...3.10.2) Updates `pytest-xdist` from 3.5.0 to 3.8.0 - [Release notes](https://github.com/pytest-dev/pytest-xdist/releases) - [Changelog](https://github.com/pytest-dev/pytest-xdist/blob/master/CHANGELOG.rst) - [Commits](pytest-dev/pytest-xdist@v3.5.0...v3.8.0) Updates `httpx` from 0.26.0 to 0.28.1 - [Release notes](https://github.com/encode/httpx/releases) - [Changelog](https://github.com/encode/httpx/blob/master/CHANGELOG.md) - [Commits](encode/httpx@0.26.0...0.28.1) Updates `ruff` from 0.1.11 to 0.15.17 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@v0.1.11...0.15.17) Updates `python-dotenv` from 1.0.0 to 1.2.2 - [Release notes](https://github.com/theskumar/python-dotenv/releases) - [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md) - [Commits](theskumar/python-dotenv@v1.0.0...v1.2.2) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.137.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: uvicorn dependency-version: 0.49.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: pydantic dependency-version: 2.13.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: pydantic-settings dependency-version: 2.14.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: email-validator dependency-version: 2.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: motor dependency-version: 3.7.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: pymongo dependency-version: 4.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: miniopy-async dependency-version: 1.23.5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: minio dependency-version: 7.2.20 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: pyjwt dependency-version: 2.13.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: python-multipart dependency-version: 0.0.32 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: slowapi dependency-version: 0.1.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: bleach dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: prometheus-client dependency-version: 0.25.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: celery dependency-version: 5.6.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: python-docx dependency-version: 1.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: reportlab dependency-version: 4.5.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: openpyxl dependency-version: 3.1.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: anthropic dependency-version: 0.109.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: google-generativeai dependency-version: 0.8.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: tiktoken dependency-version: 0.13.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: scikit-learn dependency-version: 1.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: pyyaml dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: markdown dependency-version: 3.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: pytest-xdist dependency-version: 3.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: httpx dependency-version: 0.28.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: ruff dependency-version: 0.15.17 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: python-dotenv dependency-version: 1.2.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-06-15T13:09:57Z

Labels

The following labels could not be found: dependencies, python, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps)(deps): bump the production-dependencies group across 1 directory with 28 updates#40

chore(deps)(deps): bump the production-dependencies group across 1 directory with 28 updates#40
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/backend/production-dependencies-379d448724

dependabot Bot commented on behalf of github Jun 15, 2026

Uh oh!

dependabot Bot commented on behalf of github Jun 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 15, 2026

0.137.1

Fixes

0.137.0

Breaking Changes

Non Objectives

Specific Breaking Changes

Features

Alpha Features

Future Features Enabled

Version 0.49.0

What's Changed

Version 0.48.0

What's Changed

Version 0.47.0

What's Changed

Version 0.46.0

What's Changed

Version 0.45.0

What's Changed

New Contributors

Version 0.44.0

What's Changed

0.49.0 (June 3, 2026)

Changed

0.48.0 (May 24, 2026)

Changed

Fixed

0.47.0 (May 14, 2026)

Added

Changed

Fixed

0.46.0 (April 23, 2026)

Added

Changed

0.45.0 (April 21, 2026)

Added

v2.13.4 2026-05-06

v2.13.4 (2026-05-06)

What's Changed

Packaging

Fixes

v2.13.3 2026-04-20

v2.13.3 (2026-04-20)

What's Changed

Fixes

v2.13.2 2026-04-17

v2.13.2 (2026-04-17)

What's Changed

Fixes

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

v2.13.0 2026-04-13

v2.13.4 (2026-05-06)

What's Changed

Packaging

Fixes

v2.13.3 (2026-04-20)

What's Changed

Fixes

v2.13.2 (2026-04-17)

What's Changed

Fixes

v2.13.1 (2026-04-15)

What's Changed

Fixes

v2.13.0 (2026-04-13)

v2.14.1

What's Changed

v2.14.0

What's Changed

v2.3.0

2.2.0 (June 20, 2024)

v2.1.2

2.1.2 (June 16, 2024)

v2.1.1 (February 26, 2024)

2.3.0 (August 26, 2025)