Skip to content

build(deps): bump the api group across 1 directory with 5 updates#244

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/api-d0172d72ef
Open

build(deps): bump the api group across 1 directory with 5 updates#244
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/api-d0172d72ef

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 25, 2026

Bumps the api group with 5 updates in the / directory:

Package From To
redis 7.2.1 7.4.0
fastapi 0.135.1 0.135.2
uvicorn 0.41.0 0.42.0
azure-identity 1.25.2 1.25.3
black 26.1.0 26.3.1

Updates redis from 7.2.1 to 7.4.0

Release notes

Sourced from redis's releases.

7.4.0

Changes

🐛 Bug Fixes

  • Fix AttributeError in cluster metrics recording when connection is None or ClusterNode object instance is used to extract the connection info (#3999)
  • Fixing security concern in repr methods for ConnectionPools - passwords might leak in plain text logs (#3998)
  • Refactored connection count and SCH metric collection (#4001)

🧪 Experimental Features

-Refactored health check logic for MultiDBClient (#3994)

🧰 Maintenance

  • Expose basic Otel classes and functions to be importable through redis.observability to match the examples in the readthedocs (#3996)

We'd like to thank all the contributors who worked on this release! @​vladvildanov @​petyaslavova

7.3.0

Changes

OpenTelemetry Native Metrics Support for asynchronous clients Added comprehensive OpenTelemetry metrics support for asynchronous clients following the OpenTelemetry Database Client Semantic Conventions. Metric groups include:

  • Command metrics: Operation duration with retry tracking
  • Connection basic: Connection count and creation time
  • Resiliency: Errors, handoffs, timeout relaxation
  • Connection advanced: Wait time and use time
  • Pubsub metrics: Published and received messages
  • Stream metrics: Processing duration and maintenance notifications

🚀 New Features

  • Added OTel instrumentation and metrics export for async client (#3977)

🐛 Bug Fixes

  • [async] Adding access to cluster client's nodes_manager and set_response_callback in ClusterPipeline objects (#3989)
  • fix(connection): Ensure we have an initialized protocol in connection (#3981)

🧰 Maintenance

  • fix: use KeysT for blpop and brpop keys parameter type annotation (#3987 #3990)
  • Bump actions/upload-artifact from 6 to 7 (#3985)
  • fix: replace 3 bare except clauses with except Exception (#3980)

We'd like to thank all the contributors who worked on this release! @​mitre88 @​turanalmammadov @​haosenwang1018 @​Medno @​vladvildanov @​petyaslavova

Commits
  • b72f24a Updating lib version to 7.4.0
  • 0a4e0af Refactored health check logic for MultiDBClient (#3994)
  • 15492c9 Refactored connection count and SCH metric collection (#4001)
  • cd964ac Expose basic Otel classes and funtions to be importable through redis.observa...
  • 46ab74d Fixing security concern in repr methods for ConnectionPools - passwords m...
  • 26482db Fix AttributeError in cluster metrics recording when connection is None or Cl...
  • 8ecbc7a Updating lib version to 7.3.0
  • 11043df typing: accept single-key input for blpop and brpop (#3990)
  • d958125 fix: use KeysT for blpop and brpop keys parameter type annotation (#3987)
  • 75bf91b [async] Adding access to cluster client's nodes_manager and set_response_call...
  • Additional commits viewable in compare view

Updates fastapi from 0.135.1 to 0.135.2

Release notes

Sourced from fastapi's releases.

0.135.2

Upgrades

  • ⬆️ Increase lower bound to pydantic >=2.9.0. and fix the test suite. PR #15139 by @​svlandeg.

Docs

Translations

Internal

... (truncated)

Commits
  • 25a3697 🔖 Release version 0.135.2
  • ab125da 📝 Update release notes
  • 122b6d4 📝 Add missing last release notes dates (#15202)
  • 68ac0ab 📝 Update release notes
  • ea6e287 📝 Update docs for contributors and team members regarding translation PRs (#1...
  • d0a6f20 📝 Update release notes
  • fd9e192 💄 Fix code blocks in reference docs overflowing table width (#15094)
  • fce9460 📝 Update release notes
  • 0227991 🔨 Exclude spam comments from statistics in scripts/people.py (#15088)
  • cbd64b0 📝 Update release notes
  • Additional commits viewable in compare view

Updates uvicorn from 0.41.0 to 0.42.0

Release notes

Sourced from uvicorn's releases.

Version 0.42.0

Changed

  • Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

  • Escape brackets and backslash in httptools HEADER_RE regex (#2824)
  • Fix multiple issues in websockets sans-io implementation (#2825)

New Contributors

Full Changelog: Kludex/uvicorn@0.41.0...0.42.0

Changelog

Sourced from uvicorn's changelog.

0.42.0 (March 16, 2026)

Changed

  • Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

  • Escape brackets and backslash in httptools HEADER_RE regex (#2824)
  • Fix multiple issues in websockets sans-io implementation (#2825)
Commits
  • 02bed6f Version 0.42.0 (#2852)
  • d8f2501 chore: pre-create Config objects in benchmarks to measure protocol hot paths ...
  • 9dbb783 Add WebSocket protocol benchmarks for wsproto and websockets-sansio (#2849)
  • b3c69da Use bytearray for request body accumulation (#2845)
  • 3f3ebee Disable pytest-xdist for CodSpeed benchmark runs (#2847)
  • d072de7 Add fragmented body benchmark for chunked body accumulation (#2846)
  • e300c2c Add CodSpeed benchmark suite for HTTP protocol hot paths (#2844)
  • 1fa6976 Escape brackets and backslash in httptools HEADER_RE regex (#2824)
  • 59ec1de Fix multiple issues in websockets sansio implementation (#2825)
  • 2fc0efc Clarify Windows asyncio event loop selection in docs (#2843)
  • Additional commits viewable in compare view

Updates azure-identity from 1.25.2 to 1.25.3

Release notes

Sourced from azure-identity's releases.

azure-identity_1.25.3

1.25.3 (2026-03-12)

Bugs Fixed

  • Fixed an issue where an expired token could skip refresh when a recent token request was made, due to the retry delay taking precedence over expiration. (#45496)

Other Changes

  • Bumped minimum dependency on msal to >=1.35.1.
Commits

Updates black from 26.1.0 to 26.3.1

Release notes

Sourced from black's releases.

26.3.1

Stable style

  • Prevent Jupyter notebook magic masking collisions from corrupting cells by using exact-length placeholders for short magics and aborting if a placeholder can no longer be unmasked safely (#5038)

Configuration

  • Always hash cache filename components derived from --python-cell-magics so custom magic names cannot affect cache paths (#5038)

Blackd

  • Disable browser-originated requests by default, add configurable origin allowlisting and request body limits, and bound executor submissions to improve backpressure (#5039)

26.3.0

Stable style

  • Don't double-decode input, causing non-UTF-8 files to be corrupted (#4964)
  • Fix crash on standalone comment in lambda default arguments (#4993)
  • Preserve parentheses when # type: ignore comments would be merged with other comments on the same line, preventing AST equivalence failures (#4888)

Preview style

  • Fix bug where if guards in case blocks were incorrectly split when the pattern had a trailing comma (#4884)
  • Fix string_processing crashing on unassigned long string literals with trailing commas (one-item tuples) (#4929)
  • Simplify implementation of the power operator "hugging" logic (#4918)

Packaging

  • Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (#4930)

Performance

  • Introduce winloop for windows as an alternative to uvloop (#4996)
  • Remove deprecated function uvloop.install() in favor of uvloop.new_event_loop() (#4996)
  • Rename maybe_install_uvloop function to maybe_use_uvloop to simplify loop installation and creation of either a uvloop/winloop evenloop or default eventloop (#4996)

Output

... (truncated)

Changelog

Sourced from black's changelog.

26.3.1

Stable style

  • Prevent Jupyter notebook magic masking collisions from corrupting cells by using exact-length placeholders for short magics and aborting if a placeholder can no longer be unmasked safely (#5038)

Configuration

  • Always hash cache filename components derived from --python-cell-magics so custom magic names cannot affect cache paths (#5038)

Blackd

  • Disable browser-originated requests by default, add configurable origin allowlisting and request body limits, and bound executor submissions to improve backpressure (#5039)

26.3.0

Stable style

  • Don't double-decode input, causing non-UTF-8 files to be corrupted (#4964)
  • Fix crash on standalone comment in lambda default arguments (#4993)
  • Preserve parentheses when # type: ignore comments would be merged with other comments on the same line, preventing AST equivalence failures (#4888)

Preview style

  • Fix bug where if guards in case blocks were incorrectly split when the pattern had a trailing comma (#4884)
  • Fix string_processing crashing on unassigned long string literals with trailing commas (one-item tuples) (#4929)
  • Simplify implementation of the power operator "hugging" logic (#4918)

Packaging

  • Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (#4930)

Performance

  • Introduce winloop for windows as an alternative to uvloop (#4996)
  • Remove deprecated function uvloop.install() in favor of uvloop.new_event_loop() (#4996)
  • Rename maybe_install_uvloop function to maybe_use_uvloop to simplify loop installation and creation of either a uvloop/winloop eventloop or default eventloop (#4996)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the api group across 1 directory with 5 updates
3f073f5 
Bumps the api group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [redis](https://github.com/redis/redis-py) | `7.2.1` | `7.4.0` |
| [fastapi](https://github.com/fastapi/fastapi) | `0.135.1` | `0.135.2` |
| [uvicorn](https://github.com/Kludex/uvicorn) | `0.41.0` | `0.42.0` |
| [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.2` | `1.25.3` |
| [black](https://github.com/psf/black) | `26.1.0` | `26.3.1` |



Updates `redis` from 7.2.1 to 7.4.0
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](redis/redis-py@v7.2.1...v7.4.0)

Updates `fastapi` from 0.135.1 to 0.135.2
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.135.1...0.135.2)

Updates `uvicorn` from 0.41.0 to 0.42.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.41.0...0.42.0)

Updates `azure-identity` from 1.25.2 to 1.25.3
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.2...azure-identity_1.25.3)

Updates `black` from 26.1.0 to 26.3.1
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@26.1.0...26.3.1)

---
updated-dependencies:
- dependency-name: redis
  dependency-version: 7.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: api
- dependency-name: fastapi
  dependency-version: 0.135.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: api
- dependency-name: uvicorn
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: api
- dependency-name: azure-identity
  dependency-version: 1.25.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: api
- dependency-name: black
  dependency-version: 26.3.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: api
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Mar 25, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 25, 2026 16:26
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Mar 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants