chore: bump the python-dependencies group with 6 updates

[dependabot]

Updates the requirements on fastapi, starlette, pydantic-core, sqlalchemy, pyjwt and ruff to permit the latest version.
Updates fastapi to 0.136.3

Release notes

Sourced from fastapi's releases.

0.136.3

Refactors

• ♻️ Do not accept underscore headers when using convert_underscores=True (the default). PR #15589 by @​tiangolo.

Commits

• 8206485 🔖 Release version 0.136.3
• c910e01 📝 Update release notes
• 063b5bf ♻️ Do not accept underscore headers when using convert_underscores=True (th...
• 22b02e2 🔖 Release version 0.136.2
• 3b252a2 📝 Update release notes
• c7fb785 ♻️ Validate Server Sent Event fields to avoid applications from sending broke...
• cb83b83 📝 Update release notes
• 00f805c ✅ Update tests, don't double dispose the engine (#15587)
• 3675137 📝 Update release notes
• 7b57e42 📝 Document --entrypoint CLI option (#15464)
• Additional commits viewable in compare view

Updates starlette to 1.1.0

Release notes

Sourced from starlette's releases.

Version 1.1.0

What's Changed

• Use "application/octet-stream" as the FileResponse media type fallback by @​ATOM00blue in Kludex/starlette#3283
• Only dispatch standard HTTP verbs in HTTPEndpoint by @​Kludex in Kludex/starlette#3286
• Reject absolute paths in StaticFiles.lookup_path by @​Kludex in Kludex/starlette#3287

New Contributors

• @​ATOM00blue made their first contribution in Kludex/starlette#3283

Full Changelog: Kludex/starlette@1.0.1...1.1.0

Changelog

Sourced from starlette's changelog.

1.1.0 (May 23, 2026)

Added

• Use "application/octet-stream" as the FileResponse media type fallback #3283.

Fixed

• Only dispatch standard HTTP verbs in HTTPEndpoint #3286.
• Reject absolute paths in StaticFiles.lookup_path #3287.

1.0.1 (May 21, 2026)

Fixed

• Ignore malformed Host header when constructing request.url #3279.

1.0.0 (March 22, 2026)

Starlette 1.0 is here!

After nearly eight years since its creation, Starlette has reached its first stable release. Thank you to everyone who tested the release candidate and reported issues.

You can read more on the blog post.

Added

• Track session access and modification in SessionMiddleware #3166.

Fixed

• Handle websocket denial responses in StreamingResponse and FileResponse #3189.
• Use bytearray for field accumulation in FormParser #3179.
• Move parser.finalize() inside try/except in MultiPartParser.parse() #3153.

1.0.0rc1 (February 23, 2026)

We're ready! I'm thrilled to announce the first release candidate for Starlette 1.0.

Starlette was created in June 2018 by Tom Christie, and has been on ZeroVer for years. Today, it's downloaded almost 10 million times a day, serves as the foundation for FastAPI, and has inspired many other frameworks. In the age of AI, Starlette continues to play an important role as a dependency of the Python MCP SDK.

This release focuses on removing deprecated features that were marked for removal in 1.0.0, along with some last minute bug fixes. It's a release candidate, so we can gather feedback from the community before the final 1.0.0 release soon.

A huge thank you to all the contributors who have helped make Starlette what it is today.

... (truncated)

Commits

• a4ff83b Version 1.1.0 (#3289)
• fd53168 Reject absolute paths in StaticFiles.lookup_path (#3287)
• e3f9722 Only dispatch standard HTTP verbs in HTTPEndpoint (#3286)
• 348f86d Use "application/octet-stream" as the FileResponse media type fallback (#...
• 48f8e33 Version 1.0.1 (#3281)
• f078832 Remove Hugging Face sponsor block from docs (#3280)
• 472951e chore(deps): bump the github-actions group with 2 updates (#3277)
• 764dab0 Ignore malformed Host header when constructing request.url (#3279)
• 19d0811 Harden GitHub Actions workflows and Dependabot config (#3276)
• 01f4637 chore(deps): bump idna from 3.10 to 3.15 (#3274)
• Additional commits viewable in compare view

Updates pydantic-core to 2.47.0

Changelog

Sourced from pydantic-core's changelog.

v2.14.0a1 (2026-05-22)

GitHub release

What's Changed

Packaging

• Add PyEmscripten platform tag support by @​Viicos, @​greateggsgreg and @​sinaatalay in #13199: pydantic-core now has a 3.14 wheel published with the pyemscripten_2026_0 platform tag. Note that this wheel can only be used with Pyodide 314.0 and greater, still in development. It is recommended to wait for the final 314.0 release (and for Pydantic to publish a new wheel in a future 2.14 release).

Changes

• Accept None in MultiHostUrl.build()'s hosts parameter by @​Viicos in #13068
• Drop support for Python 3.9 by @​Viicos in #13070
• Remove support for eval_type_backport() by @​Viicos in #13133
• Only deepcopy non-updated fields in model_copy() by @​connorcarpenter15 in #13087

Fixes

• Add Mypy plugin workaround for dynamic models defined in functions by @​ilevkivskyi in #13177
• Fallback to create_model() overload definition when __base__ is set to a type variable in the Mypy plugin by @​cyphercodes in #13146

New Contributors

• @​ilevkivskyi made their first contribution in #13177
• @​cyphercodes made their first contribution in #13146
• @​connorcarpenter15 made their first contribution in #13087

v2.13.4 (2026-05-06)

GitHub release

What's Changed

Packaging

• Bump libc from 0.2.155 to 0.2.185 by @​Viicos in #13109
• Adapt pydantic-core linker flags on macOS by @​washingtoneg and @​Viicos in #13147

Fixes

• Preserve RootModel core metadata by @​Viicos in #13129

... (truncated)

Commits

• See full diff in compare view

Updates sqlalchemy to 2.0.50

Release notes

Sourced from sqlalchemy's releases.

2.0.50

Released: May 24, 2026

orm

• [orm] [bug] Fixed issue where using _orm.joinedload() with PropComparator.of_type() targeting a joined-table subclass combined with PropComparator.and_() referencing a column on that subclass would generate invalid SQL, where the subclass column was not adapted to the subquery alias. Pull request courtesy Joaquin Hui Gomez.

  References: #13203

• [orm] [bug] Fixed issue where the presence of a SessionEvents.do_orm_execute() event hook would cause internal execution options such as yield_per and loader-specific state from the first orm_pre_session_exec pass to leak into the second pass, leading to errors when using relationship loaders such as selectinload() and immediateload(). The execution options passed to the second compilation pass are now based on the original options plus only the explicit updates made via ORMExecuteState.update_execution_options() within the event hook.

  References: #13301

• [orm] [bug] Fixed issue where using _orm.with_polymorphic() on a leaf class (a subclass with no further descendants) or a non-inherited class would fail with an AttributeError when used in an ORM statement, due to _orm.configure_mappers() not being triggered implicitly. The fix ensures that AliasedInsp participates in the _post_inspect hook, triggering mapper configuration during ORM statement compilation.

  References: #13319

sql

• [sql] [bug] Fixed issue where floor division (//) between a Float or Numeric numerator and an Integer denominator would omit the FLOOR() SQL wrapper on dialects where Dialect.div_is_floordiv is True (the default, including PostgreSQL and SQLite). FLOOR() is now applied if either the denominator or the numerator is a non-integer, so that expressions such as float_col // int_col render as FLOOR(float_col / int_col) instead of the incorrect float_col / int_col. Pull request courtesy r266-tech.

  References: #10528

postgresql

... (truncated)

Commits

• See full diff in compare view

Updates pyjwt to 2.13.0

Release notes

Sourced from pyjwt's releases.

2.13.0

PyJWT 2.13.0 — Security Release

This release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.

Security

• GHSA-xgmm-8j9v-c9wx — JWK JSON accepted as HMAC secret (algorithm confusion). HMACAlgorithm.prepare_key previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in algorithms=[…] and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. Reported by @​aradona91.

• GHSA-jq35-7prp-9v3f — Algorithm allow-list bypass with PyJWK / PyJWKClient. When verifying with a PyJWK, the caller's algorithms=[…] allow-list was checked against the token header alg as a string only; actual verification used the algorithm bound to the PyJWK. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header alg to match the PyJWK's algorithm before verification. Reported by @​sushi-gif.

• GHSA-w7vc-732c-9m39 — DoS via base64 decode of unused payload segment when b64=false. For detached-payload JWS (b64=false), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied detached_payload. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. Reported by @​thesmartshadow.

• GHSA-993g-76c3-p5m4 — PyJWKClient accepts non-HTTP(S) URIs. PyJWKClient.fetch_data passed its URI to urllib.request.urlopen, which by default also handles file://, ftp://, and data: schemes. An application that fed an attacker-influenced URI into PyJWKClient could be coerced into reading local files or reaching other unintended schemes. PyJWKClient now rejects any URI whose scheme isn't http or https. Reported by @​KEIJOT.

• GHSA-fhv5-28vv-h8m8 — PyJWKClient cache wiped on fetch error. A finally-block put(jwk_set=None) cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. Reported by @​eddieran.

Fixed

• Reject empty HMAC keys outright in HMACAlgorithm.prepare_key with InvalidKeyError instead of accepting them with only a warning. Defends against the os.getenv("JWT_SECRET", "") footgun. Thanks to @​SnailSploit and @​spartan8806 for the reports.
• Forward per-call options (including enforce_minimum_key_length) from PyJWT.decode through to PyJWS._verify_signature. The option was previously silently dropped between the two layers, so it only took effect when set on the PyJWT instance. Thanks to @​WLUB for the report.
• RFC 7797 §3 compliance for b64=false: the encoder now auto-adds "b64" to crit, and the decoder rejects tokens that set b64=false without listing it in crit. Thanks to @​MachineLearning-Nerd for the report.

Changed

• Migrate the dev, docs, and tests package extras to dependency groups, by @​kurtmckee in #1152.

Upgrade notes

Most fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:

• Empty HMAC keys now raise. If your app passed "" or b"" as a secret (often via a missing env var, e.g. os.getenv("JWT_SECRET", "")), encode/decode will now raise InvalidKeyError. This is the intended behavior — fix the configuration.
• PyJWK decoding now requires the token's alg to match the JWK's algorithm. Previously a mismatch was silently honored if the header alg appeared in the allow-list. Tokens that relied on this mismatch will now fail with InvalidAlgorithmError.
• PyJWKClient now rejects non-HTTP(S) URIs at construction time. Tests or dev environments that fetched JWKS from file:// URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct PyJWKSet.from_dict(...) directly).
• b64=false tokens are now strictly RFC 7515 / 7797 compliant. Tokens with a non-empty compact-form payload segment, or that omit "b64" from crit, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.
• enforce_minimum_key_length set per-call now takes effect. Callers who passed options={"enforce_minimum_key_length": True} to jwt.decode() previously got no enforcement; they will now get InvalidKeyError on undersized keys, as documented.

Full changelog: jpadilla/pyjwt@2.12.1...2.13.0

Changelog

Sourced from pyjwt's changelog.

v2.13.0 <https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0>__

Security

- Reject JWK JSON documents passed as raw HMAC secrets in
  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that
  the existing PEM/SSH guard did not cover. Reported by @aradona91 in
  `GHSA-xgmm-8j9v-c9wx <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx>`__.
- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during
  verification so the caller's ``algorithms=[...]`` allow-list cannot be
  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported
  by @sushi-gif in `GHSA-jq35-7prp-9v3f <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f>`__.
- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-
  influenced URIs cannot read local files or reach unintended schemes via
  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported
  by @KEIJOT in `GHSA-993g-76c3-p5m4 <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4>`__.
- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.
  The previous ``finally``-block ``put(None)`` pattern cleared the cache
  on any transient outage, turning one bad JWKS request into application-
  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8>`__.
- Skip the unconditional base64 decode of the compact-form payload segment
  when ``b64=false`` is set in the protected header, and require that
  segment to be empty (RFC 7515 Appendix F detached form). Closes an
  unauthenticated DoS amplifier. Reported by @thesmartshadow in
  `GHSA-w7vc-732c-9m39 <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39>`__.
Fixed

- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with
  ``InvalidKeyError`` instead of accepting them with only a warning.
  Thanks to @SnailSploit and @spartan8806 for independently flagging the
  footgun.
- Forward per-call ``options`` (including ``enforce_minimum_key_length``)
  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the
  option actually takes effect when set at the call site rather than only
  on the ``PyJWT`` instance. Thanks to @WLUB for the report.
- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds
  ``&quot;b64&quot;`` to the ``crit`` header parameter, and the decoder rejects
  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to
  @MachineLearning-Nerd for the report.
Changed



Migrate the dev, docs, and tests package extras to dependency groups by @​kurtmckee in [#1152](https://github.com/jpadilla/pyjwt/issues/1152) &lt;https://github.com/jpadilla/pyjwt/pull/1152&gt;__

v2.12.1 &lt;https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1&gt;__
</tr></table>

... (truncated)

Commits

• 7144e45 Apply ruff format
• d2f4bec Restore cast() calls with cross-version type: ignore for prepare_key
• 22f478c Remove redundant casts in RSAAlgorithm.prepare_key and `ECAlgorithm.prepare...
• 95791b1 Bundle security fixes and hardening into 2.13.0
• dcc27a9 [pre-commit.ci] pre-commit autoupdate (#1155)
• 9d08a9a [pre-commit.ci] pre-commit autoupdate (#1146)
• b87c100 Bump codecov/codecov-action from 5 to 6 (#1154)
• 40e3147 Migrate development extras to dependency groups (#1152)
• See full diff in compare view

Updates ruff to 0.15.14

Release notes

Sourced from ruff's releases.

0.15.14

Release Notes

Released on 2026-05-21.

Preview features

• [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
• [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
• [pylint] Implement too-many-try-statements (W0717) (#23970)
• [ruff] Add incorrect-decorator-order (RUF074) (#23461)
• [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

• Fix lambda formatting in interpolated string expressions (#25144)
• Treat generic frozenset annotations as immutable (#25251)
• [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
• [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

• [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
• [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

• Avoid unnecessary parser lookahead for operators (#25290)

Documentation

• Update code example setting Neovim LSP log level (#25284)

Other changes

• Add full PEP 798 support (#25104)
• Add a parser recursion limit (#24810)
• Update various ruff_python_stdlib APIs (#25273)

Contributors

• @​ocaballeror
• @​lerebear
• @​samuelcolvin
• @​baltasarblanco
• @​aconal-com
• @​anishgirianish
• @​JelleZijlstra
• @​AlexWaygood
• @​ntBre

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.14

Released on 2026-05-21.

Preview features

• [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
• [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
• [pylint] Implement too-many-try-statements (W0717) (#23970)
• [ruff] Add incorrect-decorator-order (RUF074) (#23461)
• [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

• Fix lambda formatting in interpolated string expressions (#25144)
• Treat generic frozenset annotations as immutable (#25251)
• [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
• [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

• [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
• [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

• Avoid unnecessary parser lookahead for operators (#25290)

Documentation

• Update code example setting Neovim LSP log level (#25284)

Other changes

• Add full PEP 798 support (#25104)
• Add a parser recursion limit (#24810)
• Update various ruff_python_stdlib APIs (#25273)

Contributors

• @​ocaballeror
• @​lerebear
• @​samuelcolvin
• @​baltasarblanco
• @​aconal-com
• @​anishgirianish
• @​JelleZijlstra
• @​AlexWaygood
• @​ntBre
• @​adityasingh2400

... (truncated)

Commits

• 9ad2da3 Bump 0.15.14 (#25295)
• c714e84 [ty] Modernize setup of union types in mdtests (#25291)
• 8a8e35e [flake8-comprehensions] Skip C417 for lambdas with positional-only parame...
• aea5ed4 Avoid unnecessary parser lookahead for operators (#25290)
• e9d72bb [ty] Allow enum member accesses on self (#25077)
• 6cbd59b Set exclude-newer = "7 days" in our PEP-723 scripts (#25285)
• 9999a39 Update code example on how to update Neovim LSP log level (#25284)
• 67d8c54 [ty] Retain recursively-defined state in binary expressions (#25277)
• 25a3191 [ty] Refine Callable class-decorator fallback for unknown results (#25250)
• c423054 Add a recursion limit to the parser (#24810)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.

[ychab]

@dependabot rebase

[dependabot]

Looks like this PR is closed. If the branch still exists, you can re-open the PR and then use @dependabot rebase or @dependabot recreate. If the branch was deleted, Dependabot will create a new PR on the next scheduled run, or you can trigger an update from the Dependency graph page.