Skip to content

chore(deps)(deps): bump the python-dependencies group with 7 updates#869

Merged
tschm merged 1 commit into
mainfrom
dependabot/uv/python-dependencies-61d9f7590a
Jul 7, 2026
Merged

chore(deps)(deps): bump the python-dependencies group with 7 updates#869
tschm merged 1 commit into
mainfrom
dependabot/uv/python-dependencies-61d9f7590a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-dependencies group with 7 updates:

Package From To
narwhals 2.22.1 2.23.0
fastapi 0.138.2 0.139.0
uvicorn 0.49.0 0.50.2
marimo 0.23.11 0.23.13
hypothesis 6.155.7 6.156.1
syrupy 5.3.4 5.5.1
ty 0.0.55 0.0.56

Updates narwhals from 2.22.1 to 2.23.0

Release notes

Sourced from narwhals's releases.

Narwhals v2.23.0

Changes

✨ Enhancements

  • feat: Add selectors.enum (#3729)
  • feat: Add support for Float16 datatype (#3725)
  • feat: add top-level covariance expression (#3684)
  • feat(ibis): support y/q/mo/d units in dt.offset_by (#3683)

🐞 Bug fixes

  • fix: Explicitely pass orient="row" in pl.from_numpy (#3732)
  • fix: Allow to select polars Categorical with fixed categories (#3727)
  • fix: Lift sample arguments validation, bump pyright and numpy deps (#3724)
  • fix(typing): Preserve stable Expr subclass through when/then/otherwise chains (#3708)
  • fix(pyarrow): correct corr null handling and expose corr/cov in stable.v1 (#3687)
  • fix(tests): Parametrize CSV conflicting-separator tests (#3686)

📖 Documentation

  • ci: Add lightgbm downstream test (#3699)
  • docs: Add pandera to the ecosystem page (#3692)
  • docs: Add warning when adding Narwhals with extras (#3658)

🛠️ Other improvements

  • fix: address polars deprecation of how='horizontal' in concat (#3731)
  • chore: Address various CI failures (#3712)
  • ci: Add scikit-learn to downstream tests (#3609)
  • ci: Run workflows only if changes involves them (#3680)
  • ci: Fix fairlearn installation (#3695)

Thank you to all our contributors for making this release possible! @​FBruzzesi, @​MarcoGorelli, @​cosmicBboy, @​dependabot[bot], @​e10v, @​gaoflow, @​renovate[bot], dependabot[bot] and renovate[bot]

Commits
  • 5a22ee6 release: Bump version to 2.23.0
  • 140e8dd fix: Explicitely pass orient="row" in pl.from_numpy (#3732)
  • aae89b4 chore(deps): lock file maintenance (#3735)
  • 18940ef fix: address polars deprecation of how='horizontal' in concat (#3731)
  • e52d382 feat: Add selectors.enum (#3729)
  • 579ee38 feat: Add support for Float16 datatype (#3725)
  • d525999 fix: Allow to select polars Categorical with fixed categories (#3727)
  • dc6a66b chore(deps): lock file maintenance (#3728)
  • 35e1681 chore(deps): lock file maintenance (#3711)
  • 6d40bf7 fix: Lift sample arguments validation, bump pyright and numpy deps (#3724)
  • Additional commits viewable in compare view

Updates fastapi from 0.138.2 to 0.139.0

Release notes

Sourced from fastapi's releases.

0.139.0

Features

  • ✨ Support dependencies in app.frontend(), e.g. for automatic cookie authentication for the frontend. PR #15908 by @​tiangolo.

Translations

Internal

Commits
  • cecd96d 🔖 Release version 0.139.0 (#15910)
  • aea6609 📝 Update release notes
  • 319be50 ✨ Support dependencies in app.frontend(), e.g. for automatic cookie authent...
  • 66a90f6 📝 Update release notes
  • d30a3eb 👥 Update FastAPI People - Experts (#15909)
  • 122f1b5 📝 Update release notes
  • fd6ece3 👥 Update FastAPI GitHub topic repositories (#15906)
  • ec2a6ad 📝 Update release notes
  • 9d7d7fe 🌐 Update translations for fr (update-outdated) (#15897)
  • 8dc852d 📝 Update release notes
  • Additional commits viewable in compare view

Updates uvicorn from 0.49.0 to 0.50.2

Release notes

Sourced from uvicorn's releases.

Version 0.50.1

What's Changed

New Contributors

Full Changelog: Kludex/uvicorn@0.50.0...0.50.1

Version 0.50.0

What's Changed

Full Changelog: Kludex/uvicorn@0.49.0...0.50.0

Changelog

Sourced from uvicorn's changelog.

0.50.2 (July 6, 2026)

Fixed

  • Require websockets>=13.0, which the default websockets-sansio implementation needs (#3021)

0.50.1 (July 6, 2026)

Fixed

  • Split comma-separated Sec-WebSocket-Protocol values in the websockets-sansio implementation (#3019)

0.50.0 (July 4, 2026)

If you use WebSockets, note that --ws auto now picks the websockets-sansio implementation. You shouldn't need it, but you can pin --ws websockets to get the deprecated legacy one back.

Changed

  • Exit with the dedicated code 3 on any startup failure: app loading, socket bind and lifespan startup errors previously exited with a mix of 0, 1 and 3 (#3001)
  • Stop the multiprocess supervisor when a worker exits with code 3 instead of restarting it forever (#3001)
  • Default --ws auto to websockets-sansio when websockets is installed (#2985)
  • Skip the eager app import in the parent process with --reload or --workers, fixing a memory regression introduced in 0.47.0 (#3012)
  • Build a fresh asgi scope dict per request (#2977)
  • Cache the asgi scope sub-dict per connection (#2976)
  • Avoid copying single-frame WebSocket payloads in websockets-sansio (#2983)
  • Memoize trusted host checks in ProxyHeadersMiddleware (#2970)
  • Replace click.style with an internal ANSI style helper (#2981)

Deprecated

  • Deprecate the legacy websockets implementation; use websockets-sansio or wsproto instead (#2985)
Commits
  • a1b570c Version 0.50.2 (#3022)
  • 83c7da7 Require websockets>=13.0 for the default sansio implementation (#3021)
  • b4d0116 Version 0.50.1 (#3020)
  • 2a9151d Split comma-separated Sec-WebSocket-Protocol values in the websockets-sansi...
  • 1bf3ab4 Cover the excluded-directory branch in FileFilter with a direct test (#3014)
  • 837b5f9 Deflake multiprocess, reload, and signal supervisor tests (#2975)
  • 21d2c16 Version 0.50.0 (#3013)
  • 6c42e8d Skip the eager app import in the parent when spawning workers (#3012)
  • 56a4631 Exit with a dedicated code on startup failure and stop the supervisor when a ...
  • 3314dfc chore(deps): bump the github-actions group with 4 updates (#3007)
  • Additional commits viewable in compare view

Updates marimo from 0.23.11 to 0.23.13

Release notes

Sourced from marimo's releases.

0.23.12

What's Changed

✨ Enhancements

  • Improve anywidget invalid module error messages (#10026)
  • WandB models updated (#10040)
  • LazyStore dual-mode WASM backend (#9898)
  • Avoid forced min-width and horizontal clipping in mobile app view (#10023)
  • Stamp context attachments (#9994)
  • Update llm-info model catalog and backfill descriptions (#10002)
  • Hydrate islands from JSON payloads (#9987)
  • Suppress kernel-dependent table controls in static export (#10007)
  • Keyboard and screen-reader accessibility for mo.ui.file_browser (#10005)
  • synonyms for showing code in the command palette (#9993)
  • Defer marimo-pair references and improve code mode prompts (#9985)
  • Support array protocol objects (torch.Tensor, JAX, etc.) in mo.audio (#9943)

🐛 Bug fixes

  • Use CSS styles for width/height to support percentage values (#9966)
  • Close pty master before reaping to avoid event-loop deadlock (#10031)
  • Bump ruff version for test failures (#10029)
  • Remove unavailable models (#10025)
  • Keep with_dynamic_directory serving after a directory symlink swap (#10015)
  • Avoid double formatting in mo.output.replace (#9909)
  • Typing for numpy as indices (#10014)
  • Use GITHUB_TOKEN for sync-llm-info PR creation (#9998)
  • Ignore D421 property-docstring-starts-with-verb lint rule (#9992)

📝 Other changes

  • Support pydantic-ai v2 (#9973)
  • Tighten import handling and fix SetComprehension typo (#9607) (ea3c57c)
  • Clarify UIElement value is read-only (#9382) (bf0468d)
  • Anywidget refresh value (#9454) (f7b1571)
  • Support multiple markdown flavors in marimo export md (#9586) (8565003)
  • Upgrade frontend to Tailwind v4.3 and lint deprecated classes (#9995)

Contributors

Thanks to all our community and contributors who made this release possible: @​akshayka, @​allin2, @​app/github-actions, @​dmadisetti, @​kirangadhave, @​koaning, @​ktaletsk, @​Light2Dark, @​lxingy3, @​mscolnick, @​peter-gy, @​Vitaliy-Pikalo

New Contributors

Full Changelog: marimo-team/marimo@0.23.11...0.23.12

Commits

Updates hypothesis from 6.155.7 to 6.156.1

Commits
  • 5f23056 Bump hypothesis version to 6.156.1 and update changelog
  • b45fc67 Merge pull request #4785 from Liam-DeVoe/fix-release
  • afd3210 reword
  • f6ff3d7 cut a new release
  • e77dd6f Bump hypothesis version to 6.156.0 and update changelog
  • 3205ada Merge pull request #4783 from Liam-DeVoe/fix-release
  • c604da9 more ci fixes
  • 72dee8d Merge pull request #4782 from Liam-DeVoe/fix-release
  • 95f0de6 fix release CI
  • 5ff525a Merge pull request #4776 from Liam-DeVoe/rust-cathetus-migration
  • Additional commits viewable in compare view

Updates syrupy from 5.3.4 to 5.5.1

Release notes

Sourced from syrupy's releases.

v5.5.1

What's Changed

New Contributors

Full Changelog: syrupy-project/syrupy@v5.5.0...v5.5.1

v5.5.0

What's Changed

NOTE: Test suites using pytest-xdist that previously passed due to incomplete snapshot support may now fail if unused snapshots are detected. You can use --snapshot-warn-unused to downgrade unused snapshot detection from an error to a warning though it's not recommended.

Full Changelog: syrupy-project/syrupy@v5.4.0...v5.5.0

v5.4.0

What's Changed

Full Changelog: syrupy-project/syrupy@v5.3.4...v5.4.0

Changelog

Sourced from syrupy's changelog.

v5.5.1 (2026-07-06)

What's Changed

New Contributors

Full Changelog: syrupy-project/syrupy@v5.5.0...v5.5.1

v5.5.0 (2026-07-06)

What's Changed

NOTE: Test suites using pytest-xdist that previously passed due to incomplete snapshot support may now fail if unused snapshots are detected. You can use --snapshot-warn-unused to downgrade unused snapshot detection from an error to a warning though it's not recommended.

Full Changelog: syrupy-project/syrupy@v5.4.0...v5.5.0

v5.4.0 (2026-07-01)

What's Changed

Full Changelog: syrupy-project/syrupy@v5.3.4...v5.4.0

Commits
  • fa60dc7 fix: Defer registering pytest-xdist hook pytest_testnodedown to avoid "un...
  • 65288ad chore(release): 5.5.0 [skip ci]
  • 321632c feat: detect unused snapshots under pytest-xdist (#1132)
  • 727dd9c chore(deps): update dependency hypothesis to v6.156.1 (#1139)
  • 30706cd chore(deps): update dependency coverage to v7.15.0 (#1138)
  • 7ac8e70 chore(release): 5.4.0 [skip ci]
  • 0af971e chore(deps): update dependency ruff to v0.15.20 (#1137)
  • fd98f5d chore(deps): update python docker tag to v3.14.6 (#1136)
  • 39d9bcd chore(deps): update dependency ruff to v0.15.19 (#1135)
  • bb98904 chore(deps): update python docker tag to v3.14.5 (#1133)
  • Additional commits viewable in compare view

Updates ty from 0.0.55 to 0.0.56

Release notes

Sourced from ty's releases.

0.0.56

Release Notes

Released on 2026-07-01.

Bug fixes

  • Avoid MRO cycle when collecting NamedTuple fields (#26464)
  • Model int and str enum value normalization (#26349)
  • Prefer reflected operators by runtime class (#26434, #26474)

CLI

  • Exit with status 130 when interrupted (#26465)

Performance

  • Avoid exponential OR-pattern reachability (#26481)
  • Reduce bound typevar identity overhead (#26396)

Core type checking

  • Infer generic class pattern capture types (#26479)
  • Narrow exact tuples through sequence patterns (#26424)
  • Recognize inherited enum member constructors (#26410)
  • Respect return-context inference when filtering overloads (#26454)
  • Sync vendored typeshed stubs (#26501). Typeshed diff

Contributors

Install ty 0.0.56

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.56/ty-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ty/releases/download/0.0.56/ty-installer.ps1 | iex"

Download ty 0.0.56

| File | Platform | Checksum |

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.56

Released on 2026-07-01.

Bug fixes

  • Avoid MRO cycle when collecting NamedTuple fields (#26464)
  • Model int and str enum value normalization (#26349)
  • Prefer reflected operators by runtime class (#26434, #26474)

CLI

  • Exit with status 130 when interrupted (#26465)

Performance

  • Avoid exponential OR-pattern reachability (#26481)
  • Reduce bound typevar identity overhead (#26396)

Core type checking

  • Infer generic class pattern capture types (#26479)
  • Narrow exact tuples through sequence patterns (#26424)
  • Recognize inherited enum member constructors (#26410)
  • Respect return-context inference when filtering overloads (#26454)
  • Sync vendored typeshed stubs (#26501). Typeshed diff

Contributors

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the python-dependencies group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [narwhals](https://github.com/narwhals-dev/narwhals) | `2.22.1` | `2.23.0` |
| [fastapi](https://github.com/fastapi/fastapi) | `0.138.2` | `0.139.0` |
| [uvicorn](https://github.com/Kludex/uvicorn) | `0.49.0` | `0.50.2` |
| [marimo](https://github.com/marimo-team/marimo) | `0.23.11` | `0.23.13` |
| [hypothesis](https://github.com/HypothesisWorks/hypothesis) | `6.155.7` | `6.156.1` |
| [syrupy](https://github.com/syrupy-project/syrupy) | `5.3.4` | `5.5.1` |
| [ty](https://github.com/astral-sh/ty) | `0.0.55` | `0.0.56` |


Updates `narwhals` from 2.22.1 to 2.23.0
- [Release notes](https://github.com/narwhals-dev/narwhals/releases)
- [Commits](narwhals-dev/narwhals@v2.22.1...v2.23.0)

Updates `fastapi` from 0.138.2 to 0.139.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.138.2...0.139.0)

Updates `uvicorn` from 0.49.0 to 0.50.2
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.49.0...0.50.2)

Updates `marimo` from 0.23.11 to 0.23.13
- [Release notes](https://github.com/marimo-team/marimo/releases)
- [Commits](marimo-team/marimo@0.23.11...0.23.13)

Updates `hypothesis` from 6.155.7 to 6.156.1
- [Release notes](https://github.com/HypothesisWorks/hypothesis/releases)
- [Commits](HypothesisWorks/hypothesis@v6.155.7...v6.156.1)

Updates `syrupy` from 5.3.4 to 5.5.1
- [Release notes](https://github.com/syrupy-project/syrupy/releases)
- [Changelog](https://github.com/syrupy-project/syrupy/blob/main/CHANGELOG.md)
- [Commits](syrupy-project/syrupy@v5.3.4...v5.5.1)

Updates `ty` from 0.0.55 to 0.0.56
- [Release notes](https://github.com/astral-sh/ty/releases)
- [Changelog](https://github.com/astral-sh/ty/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ty@0.0.55...0.0.56)

---
updated-dependencies:
- dependency-name: narwhals
  dependency-version: 2.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: fastapi
  dependency-version: 0.139.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: uvicorn
  dependency-version: 0.50.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: marimo
  dependency-version: 0.23.13
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: hypothesis
  dependency-version: 6.156.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: syrupy
  dependency-version: 5.5.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: ty
  dependency-version: 0.0.56
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from tschm as a code owner July 7, 2026 05:09
@tschm tschm merged commit 00a6837 into main Jul 7, 2026
66 checks passed
@tschm tschm deleted the dependabot/uv/python-dependencies-61d9f7590a branch July 7, 2026 06:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant