Skip to content

build(deps-dev): bump schemathesis from 4.15.2 to 4.16.1 in /clients/python#2657

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/clients/python/schemathesis-4.16.1
Open

build(deps-dev): bump schemathesis from 4.15.2 to 4.16.1 in /clients/python#2657
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/clients/python/schemathesis-4.16.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026

Bumps schemathesis from 4.15.2 to 4.16.1.

Release notes

Sourced from schemathesis's releases.

Release 4.16.1

🐛 Fixed

  • auth API on LazySchema to match BaseSchema. #3797

Release 4.16.0

🚀 Added

  • schemathesis.openapi.require_security_scheme() for scoping auth providers to specific OpenAPI security schemes. #3745

🐛 Fixed

  • Query parameters not serialized when style/explode are omitted from the spec, ignoring OpenAPI 3.0 defaults.
  • Use the matching registered serializer for multipart fields with encoding.contentType. #3785
  • before_call hook setting a missing required header in the coverage phase had no effect. #3784
  • Request timeouts reported as a check failure when a replay made them flaky.

positive_data_acceptance false positives

  • example values violating constraints (examples phase):

    • When an object schema-level example has a property violating a nested format constraint (e.g. date-time without timezone).
    • When a parameter-level example value violates its declared schema type.
    • When a schema-level parameter example violates the parameter's own constraints (e.g. pattern).
    • When a response-derived parameter example violates the parameter's schema constraints.
    • When a response-derived parameter example violates the parameter's format constraint.
    • When a property example violates its field's own type (also applies to the coverage phase).
    • For content-encoded header parameters with object examples.
    • For property examples violating anyOf/oneOf constraints via bundled $refs.
    • For array body properties with minItems > 1 and object items.
    • When assembled body violates the schema (e.g. allOf with additionalProperties: false).
    • When a required property has an unsatisfiable schema.

  • Composition (allOf / oneOf / anyOf / $ref) in the coverage phase:

    • For oneOf branches with nested multi-$ref allOf.
    • For oneOf body schemas where generated values satisfy multiple branches simultaneously.
    • For oneOf body schemas where a branch requires fields only defined in the parent schema.
    • When an anyOf branch has const: null but a sibling type constraint excludes null.
    • When a multi-level allOf chain causes required properties from a base schema to be generated as null.
    • For body schemas with $ref + additionalProperties: false and pattern/minLength/maxLength constraints.

  • enum vs sibling constraints (coverage phase):

    • For required array properties with an unsatisfiable enum constraint.
    • For body properties where all enum values violate a sibling constraint (e.g. maxLength).
    • When an enum contains values violating the declared type (e.g. YAML-parsed false for type: string).
    • When enum contains values violating the declared type in template body generation.

  • Structural required / properties mismatches:

    • When a nested required field is unsatisfiable, making the parent object invalid (coverage phase).

... (truncated)

Changelog

Sourced from schemathesis's changelog.

4.16.1 - 2026-04-26

🐛 Fixed

  • auth API on LazySchema to match BaseSchema. #3797

4.16.0 - 2026-04-26

🚀 Added

  • schemathesis.openapi.require_security_scheme() for scoping auth providers to specific OpenAPI security schemes. #3745

🐛 Fixed

  • Query parameters not serialized when style/explode are omitted from the spec, ignoring OpenAPI 3.0 defaults.
  • Use the matching registered serializer for multipart fields with encoding.contentType. #3785
  • before_call hook setting a missing required header in the coverage phase had no effect. #3784
  • Request timeouts reported as a check failure when a replay made them flaky.

positive_data_acceptance false positives

  • example values violating constraints (examples phase):

    • When an object schema-level example has a property violating a nested format constraint (e.g. date-time without timezone).
    • When a parameter-level example value violates its declared schema type.
    • When a schema-level parameter example violates the parameter's own constraints (e.g. pattern).
    • When a response-derived parameter example violates the parameter's schema constraints.
    • When a response-derived parameter example violates the parameter's format constraint.
    • When a property example violates its field's own type (also applies to the coverage phase).
    • For content-encoded header parameters with object examples.
    • For property examples violating anyOf/oneOf constraints via bundled $refs.
    • For array body properties with minItems > 1 and object items.
    • When assembled body violates the schema (e.g. allOf with additionalProperties: false).
    • When a required property has an unsatisfiable schema.

  • Composition (allOf / oneOf / anyOf / $ref) in the coverage phase:

    • For oneOf branches with nested multi-$ref allOf.
    • For oneOf body schemas where generated values satisfy multiple branches simultaneously.
    • For oneOf body schemas where a branch requires fields only defined in the parent schema.
    • When an anyOf branch has const: null but a sibling type constraint excludes null.
    • When a multi-level allOf chain causes required properties from a base schema to be generated as null.
    • For body schemas with $ref + additionalProperties: false and pattern/minLength/maxLength constraints.

  • enum vs sibling constraints (coverage phase):

    • For required array properties with an unsatisfiable enum constraint.
    • For body properties where all enum values violate a sibling constraint (e.g. maxLength).
    • When an enum contains values violating the declared type (e.g. YAML-parsed false for type: string).
    • When enum contains values violating the declared type in template body generation.

  • Structural required / properties mismatches:

    • When a nested required field is unsatisfiable, making the parent object invalid (coverage phase).

... (truncated)

Commits
  • 99fb9b6 chore: Release 4.16.1
  • f0b7e3e fix: auth API on LazySchema to match BaseSchema
  • e23062c docs: Fix selective auth example
  • b1ec7b0 chore: Update pre-commit
  • b314cb4 build: Remove unneeded files from source distribution
  • 2edad15 chore: Release 4.16.0
  • 07d749e fix: Query parameters not serialized when style/explode are omitted from ...
  • 71a1b8e test: Add more tests
  • 5b6308c fix: Request timeouts reported as a check failure when a replay made them flaky
  • a37cd2c fix: False positive in negative_data_rejection for `application/x-www-form-...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps-dev): bump schemathesis in /clients/python
1793879 
Bumps [schemathesis](https://github.com/schemathesis/schemathesis) from 4.15.2 to 4.16.1.
- [Release notes](https://github.com/schemathesis/schemathesis/releases)
- [Changelog](https://github.com/schemathesis/schemathesis/blob/master/CHANGELOG.md)
- [Commits](schemathesis/schemathesis@v4.15.2...v4.16.1)

---
updated-dependencies:
- dependency-name: schemathesis
  dependency-version: 4.16.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 27, 2026
@google-oss-prow google-oss-prow Bot requested a review from chambridge April 27, 2026 15:32
@google-oss-prow
Copy link
Copy Markdown
Contributor

google-oss-prow Bot commented Apr 27, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign tarilabs for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@google-oss-prow google-oss-prow Bot requested a review from fege April 27, 2026 15:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chambridge chambridge Awaiting requested review from chambridge

@fege fege Awaiting requested review from fege

Assignees

No one assigned

Labels

Area/MR Python client dependencies Pull requests that update a dependency file python Pull requests that update Python code size/M

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants