Skip to content

chore(deps): bump the all-dependencies group across 1 directory with 5 updates#354

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/backend/all-dependencies-d91581b311
Open

chore(deps): bump the all-dependencies group across 1 directory with 5 updates#354
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/backend/all-dependencies-d91581b311

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 24, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on cryptography, fastapi[standard], numpy, sqlalchemy and uv-build to permit the latest version.
Updates cryptography from 48.0.1 to 49.0.0

Changelog

Sourced from cryptography's changelog.

49.0.0 - 2026-06-12


* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.
  We now only publish ``arm64`` wheels for macOS.
* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.
  Users should move to a 64-bit Python installation.
* **BACKWARDS INCOMPATIBLE:** Removed the deprecated
  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,
  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,
  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use
  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,
  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``
  instead. These were deprecated in version 40.0.
* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`
  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block
  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.
  Attempting to encrypt or decrypt more data than the counter allows before it
  would overflow now raises a :class:`ValueError` rather than silently diverging
  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows
  encrypting up to 256 GiB with a given nonce.
* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA
  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises
  a :class:`ValueError`. Such certificates are invalid, but older versions of
  Java emitted them; previously they loaded with a deprecation warning.
* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``
  is set. The build now derives the Python include directory from
  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which
  previously caused the build to fail during cross-compilations for embedded
  systems, on hosts which have same-version Python development headers
  installed as the target Python.
* Added support for signing and verifying X.509 certificates, certificate
  signing requests, and certificate revocation lists with
  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading
  certificates that contain ML-DSA public keys.
* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to
  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the
  encapsulated key from the ciphertext returned by
  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.
* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,
  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and
  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`
  now accept any extension type. Previously only a fixed set of extension
  types was supported, which made it impossible to account for otherwise
  unrecognized critical extensions during path validation.
* Added support for using :class:`~cryptography.x509.Certificate`,
  :class:`~cryptography.x509.CertificateSigningRequest`, and
  :class:`~cryptography.x509.CertificateRevocationList` as field types in
  :doc:`/hazmat/asn1/index` structures.
* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that
</tr></table> 

... (truncated)

Commits
  • e300bbe bump version and changelog for 49.0.0 (#15030)
  • fa74cd8 Add external mu (message representative) support for ML-DSA (#14979)
  • f594db3 chore(deps): bump openssl from 0.10.80 to 0.10.81 (#15029)
  • 608e011 chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (#15028)
  • a322bc4 chore(deps): bump cc from 1.2.63 to 1.2.64 (#15027)
  • 33181a7 Reject critical nameConstraints extensions containing directoryName constrain...
  • 6080dc7 Bump dependencies that dependabot isn't (#15026)
  • 121faa3 chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (#15023)
  • 829520b Add more robust processing for DH parameters. (#15016)
  • 0f05001 Bump downstream dependencies in CI (#15025)
  • Additional commits viewable in compare view

Updates fastapi[standard] to 0.138.0

Release notes

Sourced from fastapi[standard]'s releases.

0.138.0

Features

  • ✨ Add support for app.frontend("/", directory="dist") and router.frontend("/", directory="dist"). PR #15800 by @​tiangolo.

Docs

Translations

Internal

Commits

Updates numpy from 2.4.6 to 2.5.0

Release notes

Sourced from numpy's releases.

v2.5.0 (June 21, 2026)

NumPy 2.5.0 Release Notes

Numpy 2.5.0 is a transitional release. It drops support for Python 3.11, marking the end of distutils, and expires a large number of deprecations made in the 2.0.x release. It also improves free threading and brings sorting into compliance with the array-api standard with the addition of descending sorts. There is also a fair amount of preparation for Python 3.15, which will be supported starting with the first rc.

This release supports Python versions 3.12-3.14.

Highlights

  • Distutils has been removed,
  • Many expired deprecations, see below,
  • Many new deprecations, see below,
  • Many static typing improvements.
  • Improved support for free threading,
  • Support for descending sorts,

See New Features below for other additions.

Deprecations

  • numpy.char.chararray is deprecated. Use an ndarray with a string or bytes dtype instead.

    (gh-30605)

  • numpy.take now correctly checks if the result can be cast to the provided out=out under the same-kind rule. A DeprecationWarning is given now when this check fails. Previously, take incorrectly checked if out could be cast to the result (the wrong direction). This deprecation also affects compress and possibly other functions. (Future versions of NumPy may tighten the casting check further.)

    (gh-30615)

  • The numpy.char.[as]array functions are deprecated. Use an numpy.[as]array with a string or bytes dtype instead.

    (gh-30802)

  • Setting the dtype attribute is deprecated because mutating an array is unsafe if an array is shared, especially by multiple threads. As an alternative, you can create a view with a new dtype via array.view(dtype=new_dtype).

    (gh-29244)

... (truncated)

Commits
  • 6910b28 Merge pull request #31706 from charris/prepare-2.5.0-release
  • e0acd2b REL: Prepare for the NumPy 2.5.0 release.
  • 8d928b7 Merge pull request #31704 from charris/backport-31649
  • c2055ba MAINT: update openblas to 0.3.33.112.0 (#31649)
  • ce17c81 Merge pull request #31703 from charris/backport-31609
  • 3de6203 BUG: fix StringDType distinct-allocator bugs and add tests (#31609)
  • c723971 Merge pull request #31700 from charris/backport-31694
  • 64513b2 MAINT: Bump pypa/cibuildwheel from 3.4.1 to 4.1.0
  • 04707f0 Merge pull request #31698 from charris/try-fix-emscripten
  • 5cf0686 MAINT: Try to fix emscripten wheel build.
  • Additional commits viewable in compare view

Updates sqlalchemy from 2.0.50 to 2.0.51

Release notes

Sourced from sqlalchemy's releases.

2.0.51

Released: June 15, 2026

orm

  • [orm] [bug] Fixed issue where _orm.subqueryload() combined with PropComparator.of_type() and PropComparator.and_() would silently drop the additional filter criteria, causing all related objects to be loaded instead of only those matching the filter. The LoaderCriteriaOption was being constructed against the base entity rather than the effective entity indicated by PropComparator.of_type(). Pull request courtesy Arya Rizky.

    References: #13207

  • [orm] [bug] Fixed bug where a failure during tpc_prepare() within _orm.Session.commit() for a two-phase session would raise IllegalStateChangeError instead of the original database exception. The internal _prepare_impl() method's error handler was unable to invoke _orm.SessionTransaction.rollback() due to a state-change guard, preventing proper cleanup and masking the underlying error.

    References: #13356

engine

  • [engine] [bug] Fixed issue where Result.freeze() would lose track of ambiguous column names present in the original CursorResult, causing key-based access on the thawed result to silently return a value instead of raising InvalidRequestError. The SimpleResultMetaData now accepts and propagates ambiguous key information so that frozen, thawed, and pickled results raise consistently for duplicate column names. Pull request courtesy Saurabh Kohli.

    References: #9427

sql

  • [sql] [bug] Fixed issue where _sql.StatementLambdaElement would proxy attribute access through the cached "expected" expression rather than the resolved expression, causing stale closure-bound parameter values to be used when a lambda statement was extended with non-lambda criteria such as an additional .where() clause. Courtesy cjc0013.

    References: #10827

... (truncated)

Commits

Updates uv-build to 0.11.24

Release notes

Sourced from uv-build's releases.

0.11.24

Release Notes

Released on 2026-06-23.

Python

  • Add CPython 3.15.0b3 (#19964)

Preview features

  • Make project environments relocatable under preview (#19965)

Performance

  • Use a compact index for lazy version maps (#19959)

Bug fixes

  • Allow disabling exclude-newer (#19934)
  • Avoid archive id collisions (#19949)
  • Reapply "Fix transparent Python upgrades in project environments" (#19928)
  • Clean up partial tool entrypoint installs (#19966)
  • Fix relocatable activate.fish and broaden Fish version support (#19856)

Install uv 0.11.24

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-installer.ps1 | iex"

Download uv 0.11.24

File Platform Checksum
uv-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
uv-x86_64-apple-darwin.tar.gz Intel macOS checksum
uv-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
uv-i686-pc-windows-msvc.zip x86 Windows checksum
uv-x86_64-pc-windows-msvc.zip x64 Windows checksum
uv-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
uv-i686-unknown-linux-gnu.tar.gz x86 Linux checksum

... (truncated)

Changelog

Sourced from uv-build's changelog.

0.11.24

Released on 2026-06-23.

Python

  • Add CPython 3.15.0b3 (#19964)

Preview features

  • Make project environments relocatable under preview (#19965)

Performance

  • Use a compact index for lazy version maps (#19959)

Bug fixes

  • Allow disabling exclude-newer (#19934)
  • Avoid archive id collisions (#19949)
  • Reapply "Fix transparent Python upgrades in project environments" (#19928)
  • Clean up partial tool entrypoint installs (#19966)
  • Fix relocatable activate.fish and broaden Fish version support (#19856)

0.11.23

Released on 2026-06-19.

Bug fixes

  • Revert "Fix transparent Python upgrades in project environments" to mitigate unintended breakage in pre-commit-uv (#19925)
  • Restore old behavior where workspace members "hidden" by an intermediate pyproject.toml would be treated as standalone projects (#19926)

0.11.22

Released on 2026-06-18.

Enhancements

  • Publish wheels before sdists in uv publish (#19831)
  • Add TY and RUFF env vars for providing paths for binaries used by uv format and uv check (#19821)

Preview features

  • Allow configuring preview features in uv.toml and pyproject.toml (#18437)
  • Update the lockfile during uv check --no-sync (#19909)
  • Add --script to uv check and uv metadata (#19860)
  • Report workspace-exclusive dependency groups in workspace metadata (#19862)
  • Support SARIF as a uv audit output (#19872)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…5 updates

Updates the requirements on [cryptography](https://github.com/pyca/cryptography), [fastapi[standard]](https://github.com/fastapi/fastapi), [numpy](https://github.com/numpy/numpy), [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) and [uv-build](https://github.com/astral-sh/uv) to permit the latest version.

Updates `cryptography` from 48.0.1 to 49.0.0
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@48.0.1...49.0.0)

Updates `fastapi[standard]` to 0.138.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.136.3...0.138.0)

Updates `numpy` from 2.4.6 to 2.5.0
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v2.4.6...v2.5.0)

Updates `sqlalchemy` from 2.0.50 to 2.0.51
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

Updates `uv-build` to 0.11.24
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](astral-sh/uv@0.11.19...0.11.24)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 49.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: fastapi[standard]
  dependency-version: 0.138.0
  dependency-type: direct:production
  dependency-group: all-dependencies
- dependency-name: numpy
  dependency-version: 2.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: sqlalchemy
  dependency-version: 2.0.51
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: uv-build
  dependency-version: 0.11.24
  dependency-type: direct:development
  dependency-group: all-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added chore Routine maintenance tasks that don't affect product functionality. python:uv Pull requests that update python:uv code labels Jun 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

chore Routine maintenance tasks that don't affect product functionality. python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants