Skip to content

Bump the minor-and-patch group in /api with 8 updates#2192

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/api/minor-and-patch-fbb686e9e4
Closed

Bump the minor-and-patch group in /api with 8 updates#2192
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/api/minor-and-patch-fbb686e9e4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 21, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group in /api with 8 updates:

Package From To
alembic 1.17.2 1.18.4
psutil 7.0.0 7.2.2
sqlalchemy[asyncio] 2.0.40 2.0.49
watchfiles 1.0.5 1.2.0
werkzeug 3.1.6 3.1.8
azure-identity 1.25.1 1.25.3
azure-mgmt-network 30.1.0 30.2.0
azure-storage-blob 12.28.0 12.29.0

Updates alembic from 1.17.2 to 1.18.4

Release notes

Sourced from alembic's releases.

1.18.4

Released: February 10, 2026

bug

  • [bug] [operations] Reverted the behavior of Operations.add_column() that would automatically render the "PRIMARY KEY" keyword inline when a Column with primary_key=True is added. The automatic behavior, added in version 1.18.2, is now opt-in via the new Operations.add_column.inline_primary_key parameter. This change restores the ability to render a PostgreSQL SERIAL column, which is required to be primary_key=True, while not impacting the ability to render a separate primary key constraint. This also provides consistency with the Operations.add_column.inline_references parameter and gives users explicit control over SQL generation.

    To render PRIMARY KEY inline, use the Operations.add_column.inline_primary_key parameter set to True:

    op.add_column( "my_table", Column("id", Integer, primary_key=True), inline_primary_key=True )References: #1232

1.18.3

Released: January 29, 2026

bug

  • [bug] [autogenerate] Fixed regression in version 1.18.0 due to #1771 where autogenerate would raise NoReferencedTableError when a foreign key constraint referenced a table that was not part of the initial table load, including tables filtered out by the EnvironmentContext.configure.include_name callable or tables in remote schemas that were not included in the initial reflection run.

    The change in #1771 was a performance optimization that eliminated additional reflection queries for tables that were only referenced by foreign keys but not explicitly included in the main reflection run. However, this optimization inadvertently removed the creation of Table objects for these referenced tables, causing autogenerate to fail when processing foreign key constraints that pointed to them.

    The fix creates placeholder Table objects for foreign key targets

... (truncated)

Commits

Updates psutil from 7.0.0 to 7.2.2

Changelog

Sourced from psutil's changelog.

7.2.2 — 2026-01-28 ^^^^^^^^^^^^^^^^^^

Enhancements

  • :gh:2705: [Linux]: :meth:Process.wait now uses pidfd_open() + poll() (no busy loop). Requires Linux >= 5.3 and Python >= 3.9.
  • :gh:2705: [macOS], [BSD]: :meth:Process.wait now uses kqueue() (no busy loop).

Bug fixes

  • :gh:2701, [macOS]: fix compilation error on macOS < 10.7. (patch by :user:Sergey Fedorov <barracuda156>)
  • :gh:2707, [macOS]: fix potential memory leaks in error paths of :meth:Process.memory_full_info and :meth:Process.threads.
  • :gh:2708, [macOS]: :meth:Process.cmdline and :meth:Process.environ may fail with OSError: [Errno 0] Undefined error (from sysctl(KERN_PROCARGS2)). They now raise :exc:AccessDenied instead.

7.2.1 — 2025-12-29 ^^^^^^^^^^^^^^^^^^

Bug fixes

  • :gh:2699, [FreeBSD], [NetBSD]: :func:heap_info does not detect small allocations (<= 1K). In order to fix that, we now flush internal jemalloc cache before fetching the metrics.

7.2.0 — 2025-12-23 ^^^^^^^^^^^^^^^^^^

Enhancements

  • :gh:1275: new :func:heap_info and :func:heap_trim functions, providing direct access to the platform's native C :term:heap allocator (glibc, mimalloc, libmalloc). Useful to create tools to detect memory leaks.
  • :gh:2403, [Linux]: publish wheels for Linux musl.
  • :gh:2680: unit tests are no longer installed / part of the distribution. They now live under tests/ instead of psutil/tests.

Bug fixes

  • :gh:2684, [FreeBSD], [critical]: compilation fails on FreeBSD 14 due to missing include.
  • :gh:2691, [Windows]: fix memory leak in :func:net_if_stats due to missing Py_CLEAR.

Compatibility notes

... (truncated)

Commits
  • 9eea97d Pre-release
  • 938ac64 Rm sphinxcontrib.googleanalytics; override layout.html
  • 9dcbb7e Add sphinxcontrib-googleanalytics to requirements.txt
  • 76eaf9a Try to add google analytics to doc
  • de1cafa Update doc mentioning Process.wait() internal details
  • bb30943 Refact can_use_pidfd_open() and can_use_kqueue()
  • a571717 #2708, macos / cmdline / environ; raise AD instead of OSError(0) (#2709)
  • 8b98c3e Pre-release
  • 700b7e6 [macOS] fix potential leaks in error paths (#2707)
  • 7cc7923 Windows / cmdline(): be more defensive in free()ing in case of error
  • Additional commits viewable in compare view

Updates sqlalchemy[asyncio] from 2.0.40 to 2.0.49

Release notes

Sourced from sqlalchemy[asyncio]'s releases.

2.0.49

Released: April 3, 2026

orm

  • [orm] [bug] Fixed issue where _orm.Session.get() would bypass the identity map and emit unnecessary SQL when with_for_update=False was passed, rather than treating it equivalently to the default of None. Pull request courtesy of Joshua Swanson.

    References: #13176

  • [orm] [bug] Fixed issue where chained _orm.joinedload() options would not be applied correctly when the final relationship in the chain is declared on a base mapper and accessed through a subclass mapper in a _orm.with_polymorphic() query. The path registry now correctly computes the natural path when a property declared on a base class is accessed through a path containing a subclass mapper, ensuring the loader option can be located during query compilation.

    References: #13193

  • [orm] [bug] [inheritance] Fixed issue where using _orm.Load.options() to apply a chained loader option such as _orm.joinedload() or _orm.selectinload() with _orm.PropComparator.of_type() for a polymorphic relationship would not generate the necessary clauses for the polymorphic subclasses. The polymorphic loading strategy is now correctly propagated when using a call such as joinedload(A.b).options(joinedload(B.c.of_type(poly))) to match the behavior of direct chaining e.g. joinedload(A.b).joinedload(B.c.of_type(poly)).

    References: #13202

  • [orm] [bug] [inheritance] Fixed issue where using chained loader options such as _orm.selectinload() after _orm.joinedload() with _orm.PropComparator.of_type() for a polymorphic relationship would not properly apply the chained loader option. The loader option is now correctly applied when using a call such as joinedload(A.b.of_type(poly)).selectinload(poly.SubClass.c) to eagerly load related objects.

    References: #13209

typing

  • [typing] [bug] Fixed a typing issue where the typed members of :data:.func would return the appropriate class of the same name, however this creates an issue for

... (truncated)

Commits

Updates watchfiles from 1.0.5 to 1.2.0

Release notes

Sourced from watchfiles's releases.

v1.2.0 2026-05-17

What's Changed

New Contributors

Full Changelog: samuelcolvin/watchfiles@v1.1.1...v1.2.0

v1.1.1 2025-10-14

What's Changed

New Contributors

Full Changelog: samuelcolvin/watchfiles@v1.1.0...v1.1.1

v1.1.0 2025-06-15

What's Changed

Full Changelog: samuelcolvin/watchfiles@v1.0.5...v1.1.0

Commits

Updates werkzeug from 3.1.6 to 3.1.8

Release notes

Sourced from werkzeug's releases.

3.1.8

This is the Werkzeug 3.1.8 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.8/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-8 Milestone: https://github.com/pallets/werkzeug/milestone/45?closed=1

  • Request.host and get_host return the empty string if the header is missing or has invalid characters. #3142

3.1.7

This is the Werkzeug 3.1.7 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Werkzeug/3.1.7/ Changes: https://werkzeug.palletsprojects.com/page/changes/#version-3-1-7 Milestone: https://github.com/pallets/werkzeug/milestone/44?closed=1

  • parse_list_header preserves partially quoted items, discards empty items, and returns empty for unclosed quoted values. #3128
  • WWWAuthenticate.to_header does not produce a trailing space when there are no parameters. #3127
  • Transfer-Encoding is parsed as a set. #3134
  • Request.host, get_host, and host_is_trusted validate the characters of the value. An empty value is no longer allowed. A Unix socket server address is ignored. The trusted_list argument to host_is_trusted is optional. #3113
  • Fix multipart form parser handling of newline at boundary. #3088
  • Response.make_conditional sets the Accept-Ranges header even if it is not a satisfiable range request. #3108
  • merge_slashes merges any number of consecutive slashes. #3121
Changelog

Sourced from werkzeug's changelog.

Version 3.1.8

Released 2026-04-02

  • Request.host and get_host return the empty string if the header is missing or has invalid characters. :issue:3142

Version 3.1.7

Released 2026-03-23

  • parse_list_header preserves partially quoted items, discards empty items, and returns empty for unclosed quoted values. :pr:3128
  • WWWAuthenticate.to_header does not produce a trailing space when there are no parameters. :issue:3127
  • Transfer-Encoding is parsed as a set. :pr:3134
  • Request.host, get_host, and host_is_trusted validate the characters of the value. An empty value is no longer allowed. A Unix socket server address is ignored. The trusted_list argument to host_is_trusted is optional. :pr:3113
  • Fix multipart form parser handling of newline at boundary. :issue:3088
  • Response.make_conditional sets the Accept-Ranges header even if it is not a satisfiable range request. :issue:3108
  • merge_slashes merges any number of consecutive slashes. :issue:3121
Commits

Updates azure-identity from 1.25.1 to 1.25.3

Commits

Updates azure-mgmt-network from 30.1.0 to 30.2.0

Commits
  • f0b5410 [AutoRelease] t2-network-2026-01-27-03038(can only be merged by SDK owner) (#...
  • a5b6075 [sdk generation pipeline] Fix changelog duplication when re-generating manage...
  • bc2aa06 [AutoRelease] t2-managementgroups-2026-02-12-46489(can only be merged by SDK ...
  • 0de9dbc [VoiceLive] Release 1.2.0b4 (#45185)
  • 45d5bae [VoiceLive] Add AgentSessionConfig, remove FoundryAgentTool, rename filler re...
  • 7c6e947 [Tables] Fix tests (#45101)
  • de6a083 Increment package version after release of azure-identity (#45150)
  • f04a541 Increment package version after release of azure-core (#45127)
  • 7611e0f Update ServiceLabel for Application Insights (#45095)
  • 67b9d0f Modify labels for Content Safety in CODEOWNERS (#45098)
  • Additional commits viewable in compare view

Updates azure-storage-blob from 12.28.0 to 12.29.0

Release notes

Sourced from azure-storage-blob's releases.

azure-storage-blob_12.29.0

12.29.0 (2026-05-14)

Features Added

  • Stable release of features from 12.29.0b1

Bugs Fixed

  • Fixed an issue where BlobClient's download_blob did not retry upon ServiceReponseError and ServiceResponseTimeoutError exceptions
  • Fixed various issues with configuring logging via logging_enable and logging_body keywords on a per-request basis and with retries. Prior to this fix logging may have not behaved as expected, especially on retries.
  • Fix a potential memory leak caused by improper exception handling that could occur under rare circumstances.
Commits
  • e73548b Release date
  • 60f7b16 Changed release date
  • 5280297 Modified release date to 5/12/2026
  • 15e1ae9 NO_CI [Doc] Update references to wiki pages (#46169)
  • 3f5c4d2 cibuildwheel not necessary in build-system metadata for `azure-storage-ex...
  • 5b5b757 Modified release date to 2026-05-11
  • 8b9a3e5 [Storage][101] Cherry pick recent fixes and release prep (#46659)
  • fdae976 Merge branch 'main' into release/storage/stg101
  • 1e540de Fix typing contract for max_concurrency in File Share client (#45637)
  • fa44dea Fix typing contract for max_concurrency in Datalake client (#45631)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the minor-and-patch group in /api with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [alembic](https://github.com/sqlalchemy/alembic) | `1.17.2` | `1.18.4` |
| [psutil](https://github.com/giampaolo/psutil) | `7.0.0` | `7.2.2` |
| [sqlalchemy[asyncio]](https://github.com/sqlalchemy/sqlalchemy) | `2.0.40` | `2.0.49` |
| [watchfiles](https://github.com/samuelcolvin/watchfiles) | `1.0.5` | `1.2.0` |
| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.6` | `3.1.8` |
| [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.1` | `1.25.3` |
| [azure-mgmt-network](https://github.com/Azure/azure-sdk-for-python) | `30.1.0` | `30.2.0` |
| [azure-storage-blob](https://github.com/Azure/azure-sdk-for-python) | `12.28.0` | `12.29.0` |


Updates `alembic` from 1.17.2 to 1.18.4
- [Release notes](https://github.com/sqlalchemy/alembic/releases)
- [Changelog](https://github.com/sqlalchemy/alembic/blob/main/CHANGES)
- [Commits](https://github.com/sqlalchemy/alembic/commits)

Updates `psutil` from 7.0.0 to 7.2.2
- [Changelog](https://github.com/giampaolo/psutil/blob/master/docs/changelog.rst)
- [Commits](giampaolo/psutil@v7.0.0...v7.2.2)

Updates `sqlalchemy[asyncio]` from 2.0.40 to 2.0.49
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

Updates `watchfiles` from 1.0.5 to 1.2.0
- [Release notes](https://github.com/samuelcolvin/watchfiles/releases)
- [Commits](samuelcolvin/watchfiles@v1.0.5...v1.2.0)

Updates `werkzeug` from 3.1.6 to 3.1.8
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@3.1.6...3.1.8)

Updates `azure-identity` from 1.25.1 to 1.25.3
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Commits](Azure/azure-sdk-for-python@azure-identity_1.25.1...azure-identity_1.25.3)

Updates `azure-mgmt-network` from 30.1.0 to 30.2.0
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Commits](Azure/azure-sdk-for-python@azure-mgmt-network_30.1.0...azure-mgmt-network_30.2.0)

Updates `azure-storage-blob` from 12.28.0 to 12.29.0
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Commits](Azure/azure-sdk-for-python@azure-storage-blob_12.28.0...azure-storage-blob_12.29.0)

---
updated-dependencies:
- dependency-name: alembic
  dependency-version: 1.18.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: psutil
  dependency-version: 7.2.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: sqlalchemy[asyncio]
  dependency-version: 2.0.49
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: watchfiles
  dependency-version: 1.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: werkzeug
  dependency-version: 3.1.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: azure-identity
  dependency-version: 1.25.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: azure-mgmt-network
  dependency-version: 30.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: azure-storage-blob
  dependency-version: 12.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 21, 2026
@dependabot @github

dependabot Bot commented on behalf of github May 21, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #2193.

@dependabot dependabot Bot closed this May 21, 2026
@dependabot dependabot Bot deleted the dependabot/uv/api/minor-and-patch-fbb686e9e4 branch May 21, 2026 16:14
@netlify

netlify Bot commented May 21, 2026

Copy link
Copy Markdown

Deploy Preview for transformerlab canceled.

Name Link
🔨 Latest commit cc28f87
🔍 Latest deploy log https://app.netlify.com/projects/transformerlab/deploys/6a0f2f58b5c44c0008004c46

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants