Skip to content

chore(deps-backend)(deps): bump the minor-and-patch group across 1 directory with 4 updates#127

Merged
overwrite00 merged 1 commit into
developfrom
dependabot/pip/backend/develop/minor-and-patch-335ef56b69
Jul 2, 2026
Merged

chore(deps-backend)(deps): bump the minor-and-patch group across 1 directory with 4 updates#127
overwrite00 merged 1 commit into
developfrom
dependabot/pip/backend/develop/minor-and-patch-335ef56b69

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 4 updates in the /backend directory: fastapi, beautifulsoup4, slowapi and coverage.

Updates fastapi from 0.138.0 to 0.139.0

Release notes

Sourced from fastapi's releases.

0.139.0

Features

  • ✨ Support dependencies in app.frontend(), e.g. for automatic cookie authentication for the frontend. PR #15908 by @​tiangolo.

Translations

Internal

0.138.1

Refactors

  • ♻️ Refactor Library Skills, make info easier to find for agents. PR #15841 by @​tiangolo.

Internal

... (truncated)

Commits
  • cecd96d 🔖 Release version 0.139.0 (#15910)
  • aea6609 📝 Update release notes
  • 319be50 ✨ Support dependencies in app.frontend(), e.g. for automatic cookie authent...
  • 66a90f6 📝 Update release notes
  • d30a3eb 👥 Update FastAPI People - Experts (#15909)
  • 122f1b5 📝 Update release notes
  • fd6ece3 👥 Update FastAPI GitHub topic repositories (#15906)
  • ec2a6ad 📝 Update release notes
  • 9d7d7fe 🌐 Update translations for fr (update-outdated) (#15897)
  • 8dc852d 📝 Update release notes
  • Additional commits viewable in compare view

Updates beautifulsoup4 from 4.14.0 to 4.15.0

Updates slowapi from 0.1.9 to 0.1.10

Release notes

Sourced from slowapi's releases.

v0.1.10

What's Changed

New Contributors

Full Changelog: laurentS/slowapi@v0.1.9...v0.1.10

Changelog

Sourced from slowapi's changelog.

[0.1.10] - 2026-06-13

Changed

  • Added: allow usage of the request object in the except_when function (thanks @​colin99d)
  • Added more test exemption logic (thanks @​colin99)
  • Fix logger warning for Python 3.11 deprecation (thanks @​kevin868)
Commits
  • 75799a3 Update changelog
  • 6f22eab Merge pull request #212 from ecly/release-v0.1.10
  • 5e2b9c1 Merge pull request #238 from laurentS/drop-old-python
  • a83ec72 Update README
  • d1a20b6 Drop python 3.7 and 3.8 from CI checks
  • 8bf8b2e Make exempt_when with request backwards compatible
  • eaf5ba7 Bump version and update changelog
  • a72bcc6 Merge pull request #160 from colin99d/master
  • 42330fc Merge branch 'laurentS:master' into master
  • 91145c0 Fixed mypy error
  • Additional commits viewable in compare view

Updates coverage from 7.6.1 to 7.14.3

Changelog

Sourced from coverage's changelog.

Version 7.14.3 — 2026-06-22

  • Fix: the default ... exclusion rule now also matches function bodies whose closing return-type bracket is on its own line (for example, after a long -> dict[ ... ] annotation that a formatter has split over multiple lines). Closes issue 2185, thanks Mengjia Shang <pull 2196_>.

  • Fix: On 3.13t, we incorrectly issued Couldn't import C tracer errors. We can't import the C tracer because in 7.14.2 we stopped shipping compiled wheels for 3.13t. Thanks, Hugo van Kemenade <pull 2203_>_.

.. _issue 2185: coveragepy/coveragepy#2185 .. _pull 2196: coveragepy/coveragepy#2196 .. _pull 2203: coveragepy/coveragepy#2203

.. _changes_7-14-2:

Version 7.14.2 — 2026-06-20

  • Fix: some messages were being written to stdout, making coverage json -o - useless for capturing JSON output. Now messages are written to stderr, fixing issue 2197_.

  • Fix: CoverageData kept one SQLite connection per thread that recorded coverage, but never closed them when those threads terminated. On long runs with many short-lived threads this leaked one file descriptor per dead thread, eventually failing with OSError: [Errno 24] Too many open files. Connections belonging to terminated threads are now closed and dropped. Fixes issue 2192. Thanks, Matthew Lloyd <pull 2193_>.

  • Fix: when using sys.monitoring, we were assuming we could use the COVERAGE_ID tool id. But other tools might also assume they could use that id. Pre-allocated ids don't really make sense, so now we search for a usable one instead. Fixes issue 2187_.

  • Following the advice of cibuildwheel <no-13t_>_, we no longer distribute wheels for Python 3.13 free-threaded.

.. _issue 2187: coveragepy/coveragepy#2187 .. _issue 2192: coveragepy/coveragepy#2192 .. _pull 2193: coveragepy/coveragepy#2193 .. _issue 2197: coveragepy/coveragepy#2197 .. _no-13t: https://py-free-threading.github.io/ci/#building-free-threaded-wheels-with-cibuildwheel

.. _changes_7-14-1:

... (truncated)

Commits
  • 22f13ea docs: sample HTML for 7.14.3
  • 2ca4e5f docs: prep for 7.14.3
  • 01d714e docs: add changelog entry for #2203
  • f36248d fix: don't emit 'Couldn't import C tracer' warning for 3.13t (#2203)
  • 86d73d1 docs: thanks, Mengjia Shang
  • 3d4ae3c docs: add the #2196 pr link to CHANGES
  • f4b2b4d fix: exclude ... bodies after multi-line return-type annotations (#2185) (#...
  • 1980ed0 chore: bump sigstore/gh-action-sigstore-python (#2201)
  • bca3217 build: since we don't ship 3.13t, don't test it
  • 77550d8 docs: oops, mismatched pull requests
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…rectory with 4 updates

Bumps the minor-and-patch group with 4 updates in the /backend directory: [fastapi](https://github.com/fastapi/fastapi), [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/), [slowapi](https://github.com/laurents/slowapi) and [coverage](https://github.com/coveragepy/coveragepy).


Updates `fastapi` from 0.138.0 to 0.139.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.138.0...0.139.0)

Updates `beautifulsoup4` from 4.14.0 to 4.15.0

Updates `slowapi` from 0.1.9 to 0.1.10
- [Release notes](https://github.com/laurents/slowapi/releases)
- [Changelog](https://github.com/laurentS/slowapi/blob/master/CHANGELOG.md)
- [Commits](laurentS/slowapi@v0.1.9...v0.1.10)

Updates `coverage` from 7.6.1 to 7.14.3
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.6.1...7.14.3)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.139.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: beautifulsoup4
  dependency-version: 4.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: slowapi
  dependency-version: 0.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: coverage
  dependency-version: 7.14.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file lang:python Python-related scope:backend Backend-related changes labels Jul 2, 2026
@overwrite00 overwrite00 merged commit 412ec01 into develop Jul 2, 2026
5 checks passed
@dependabot dependabot Bot deleted the dependabot/pip/backend/develop/minor-and-patch-335ef56b69 branch July 2, 2026 10:38
overwrite00 added a commit that referenced this pull request Jul 2, 2026
…rectory with 4 updates (#127) (#129)

Bumps the minor-and-patch group with 4 updates in the /backend directory: [fastapi](https://github.com/fastapi/fastapi), [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/), [slowapi](https://github.com/laurents/slowapi) and [coverage](https://github.com/coveragepy/coveragepy).


Updates `fastapi` from 0.138.0 to 0.139.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.138.0...0.139.0)

Updates `beautifulsoup4` from 4.14.0 to 4.15.0

Updates `slowapi` from 0.1.9 to 0.1.10
- [Release notes](https://github.com/laurents/slowapi/releases)
- [Changelog](https://github.com/laurentS/slowapi/blob/master/CHANGELOG.md)
- [Commits](laurentS/slowapi@v0.1.9...v0.1.10)

Updates `coverage` from 7.6.1 to 7.14.3
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.6.1...7.14.3)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.139.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: beautifulsoup4
  dependency-version: 4.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: slowapi
  dependency-version: 0.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: coverage
  dependency-version: 7.14.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
overwrite00 added a commit that referenced this pull request Jul 13, 2026
* chore(deps-backend)(deps): bump the minor-and-patch group across 1 directory with 4 updates (#127)

Bumps the minor-and-patch group with 4 updates in the /backend directory: [fastapi](https://github.com/fastapi/fastapi), [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/), [slowapi](https://github.com/laurents/slowapi) and [coverage](https://github.com/coveragepy/coveragepy).


Updates `fastapi` from 0.138.0 to 0.139.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.138.0...0.139.0)

Updates `beautifulsoup4` from 4.14.0 to 4.15.0

Updates `slowapi` from 0.1.9 to 0.1.10
- [Release notes](https://github.com/laurents/slowapi/releases)
- [Changelog](https://github.com/laurentS/slowapi/blob/master/CHANGELOG.md)
- [Commits](laurentS/slowapi@v0.1.9...v0.1.10)

Updates `coverage` from 7.6.1 to 7.14.3
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.6.1...7.14.3)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.139.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: beautifulsoup4
  dependency-version: 4.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: slowapi
  dependency-version: 0.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: coverage
  dependency-version: 7.14.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-backend)(deps): bump the minor-and-patch group (#130)

Bumps the minor-and-patch group in /backend with 2 updates: [uvicorn](https://github.com/Kludex/uvicorn) and [coverage](https://github.com/coveragepy/coveragepy).


Updates `uvicorn` from 0.49.0 to 0.50.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.49.0...0.50.0)

Updates `coverage` from 7.14.3 to 7.15.0
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.14.3...7.15.0)

---
updated-dependencies:
- dependency-name: uvicorn
  dependency-version: 0.50.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: coverage
  dependency-version: 7.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-frontend)(deps): bump the minor-and-patch group (#131)

Bumps the minor-and-patch group in /frontend with 2 updates: [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) and [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom).


Updates `lucide-react` from 1.22.0 to 1.23.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/1.23.0/packages/lucide-react)

Updates `react-router-dom` from 7.18.0 to 7.18.1
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/react-router-dom@7.18.1/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.18.1/packages/react-router-dom)

---
updated-dependencies:
- dependency-name: lucide-react
  dependency-version: 1.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: react-router-dom
  dependency-version: 7.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-frontend)(deps-dev): bump the development-updates group across 1 directory with 3 updates (#133)

Bumps the development-updates group with 3 updates in the /frontend directory: [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js), [eslint](https://github.com/eslint/eslint) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).


Updates `@eslint/js` from 9.39.4 to 9.39.5
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v9.39.5/packages/js)

Updates `eslint` from 9.39.4 to 9.39.5
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.39.4...v9.39.5)

Updates `vite` from 8.1.0 to 8.1.4
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.39.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-updates
- dependency-name: eslint
  dependency-version: 9.39.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-updates
- dependency-name: vite
  dependency-version: 8.1.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix: prevent stack trace exposure in URLScan.io health check endpoint

CodeQL alert #15 (py/stack-trace-exposure, CWE-209/497): GET /api/reputation/test-urlscan
is a public unauthenticated endpoint that returned raw exception messages and type names
to the caller. Exception details are now logged server-side only; the client receives a
generic error message.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file lang:python Python-related scope:backend Backend-related changes

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant