Bump the python-packages group with 5 updates

[dependabot]

Bumps the python-packages group with 5 updates:

Package	From	To
asgi-correlation-id	4.3.4	5.0.0
python-multipart	0.0.29	0.0.30
uvicorn	0.48.0	0.49.0
faker	40.19.1	40.21.0
ruff	0.15.14	0.15.15

Updates asgi-correlation-id from 4.3.4 to 5.0.0

Release notes

Sourced from asgi-correlation-id's releases.

v5.0.0

Breaking changes

• Dropped support for Python versions < 3.10 (#106)
• Removed the Celery extension and all related public API (#111). Users relying on this can follow the instructions in the relevant section of the README.
• Reverted the default UUID-validator to a looser check that accepts any parseable UUID-format string, including nginx $request_id and OpenTelemetry trace IDs (#108, reverting #92). This is a breaking change for users relying on strict UUID v4 validation — pass a custom validator to restore the old behavior.

Improvements and fixes

• Officially added support for Python 3.13 and 3.14
• Modernized type annotations for Python 3.10+ baseline
• Corrected uvicorn doc examples (#110)
• Switched to uv, ty, and ruff for packaging, linting, and formatting

Full Changelog: snok/asgi-correlation-id@v4.3.4...v5.0.0

Commits

• 4c2b461 chore: Bump version from 4.x to 5.0.0
• d8c5490 refactor: Type sentry_extension explicitly
• a33a677 chore: Upgrade pre-commit hook
• f8bdfd9 chore: Move pytest config to pyproject.toml
• 77bb5f4 docs: Add celery hook documentation
• fea1a06 breaking: Drop celery extension
• 8cff4b9 fix: Revert UUID validator to loose check for nginx/OTEL compatibility (#89, ...
• cfdd255 docs: Correct uvicorn example
• 2d2cad5 refactor: Drop quoted import for logging.LogRecord
• 974653d chore: Fix lints, formatting, and types to support Python 3.14
• Additional commits viewable in compare view

Updates python-multipart from 0.0.29 to 0.0.30

Release notes

Sourced from python-multipart's releases.

Version 0.0.30

What's Changed

• Treat only & as the urlencoded field separator by @​Kludex in Kludex/python-multipart#290
• Ignore RFC 2231 extended parameters in parse_options_header by @​Kludex in Kludex/python-multipart#291

Full Changelog: Kludex/python-multipart@0.0.29...0.0.30

Changelog

Sourced from python-multipart's changelog.

0.0.30 (2026-05-31)

• Parse application/x-www-form-urlencoded bodies per the WHATWG URL standard, treating only & as a field separator #290.
• Ignore RFC 2231/5987 extended parameters (name*, filename*) in parse_options_header, keeping the plain parameter authoritative per RFC 7578 §4.2 #291.

Commits

• 9d3ead5 Version 0.0.30 (#292)
• 3506c15 Ignore RFC 2231 extended parameters in parse_options_header (#291)
• d69df35 Treat only & as the urlencoded field separator (#290)
• 1e6ff97 Bump idna from 3.11 to 3.15 (#289)
• See full diff in compare view

Updates uvicorn from 0.48.0 to 0.49.0

Release notes

Sourced from uvicorn's releases.

Version 0.49.0

What's Changed

• Bump httptools minimum version to 0.8.0 by @​Kludex in Kludex/uvicorn#2962
• Consume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) by @​Kludex in Kludex/uvicorn#2971

Full Changelog: Kludex/uvicorn@0.48.0...0.49.0

Changelog

Sourced from uvicorn's changelog.

0.49.0 (June 3, 2026)

Changed

• Bump httptools minimum version to 0.8.0 (#2962)
• Consume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) (#2971)

Commits

• 3ef2e3e Version 0.49.0 (#2973)
• eeb64b1 Consume duplicate forwarding headers in ProxyHeadersMiddleware (#2971)
• 630f4ac Make the watchfiles reload tests deterministic (#2972)
• 9154922 chore(deps): bump the github-actions group across 1 directory with 6 updates ...
• 739727a Migrate docs deploy from Cloudflare Pages to Workers (#2967)
• be4a240 Gate docs preview deploy on Cloudflare token presence (#2966)
• c489d7e Bump httptools minimum version to 0.8.0 (#2962)
• 9f547bd Skip docs preview deploy for Dependabot PRs (#2961)
• 44446b8 Migrate documentation from MkDocs Material to Zensical (#2959)
• cfd659c Bump pymdown-extensions to 10.21.3 (#2958)
• Additional commits viewable in compare view

Updates faker from 40.19.1 to 40.21.0

Release notes

Sourced from faker's releases.

Release v40.21.0

See CHANGELOG.md.

Release v40.20.0

See CHANGELOG.md.

Changelog

Sourced from faker's changelog.

v40.21.0 - 2026-06-02

• Add banks list for en_GB locale (#2363). Thanks @​osolomientsev.

v40.20.0 - 2026-06-01

• Add pan and gstin generators to en_IN SSN provider (#2357). Thanks @​RedZapdos123.
• Improve barcode provider test coverage (#2382). Thanks @​lphuc2250gma.
• Bump liskin/gh-problem-matcher-wrap from 3 to 4 (#2381). Thanks @​dependabot[bot].

Commits

• 8b06111 Bump version: 40.20.0 → 40.21.0
• 8ec76fb 📝 Update CHANGELOG.md
• fbd8c03 add banks list for en_GB locale (#2363)
• 3672645 Bump version: 40.19.1 → 40.20.0
• b369e13 📝 Update CHANGELOG.md
• 7ec6acd chore: improve faker maintenance path (#2382)
• 0535f12 Bump liskin/gh-problem-matcher-wrap from 3 to 4 (#2381)
• 0bed3fc Add pan and gstin generators to en_IN SSN provider (#2357)
• See full diff in compare view

Updates ruff from 0.15.14 to 0.15.15

Release notes

Sourced from ruff's releases.

0.15.15

Release Notes

Released on 2026-05-28.

Preview features

• Fix Markdown closing fence handling (#25310)
• [pyflakes] Report duplicate imports in typing.TYPE_CHECKING block (F811) (#22560)

Bug fixes

• [pyflakes] Treat function-scope bare annotations as locals per PEP 526 (F821) (#21540)

Performance

• Avoid redundant TokenValue drops in the lexer (#25300)
• Reduce memory usage by dropping token-excess capacity and improve performance by approximating the initial tokens Vec size (#25354)
• Use ThinVec in AST to shrink Stmt (#25361)

Documentation

• Fix line-length example for --config option (#25389)
• [flake8-comprehensions] Document RecursionError edge case in __len__ (C416) (#25286)
• [mccabe] Improve example (C901) (#25287)
• [pyupgrade] Clarify fix safety docs (UP007, UP045) (#25288)
• [refurb] Document FURB192 exception change for empty sequences (#25317)
• [ruff] Document false negative for user-defined types (RUF013) (#25289)

Formatter

• Fix formatting of lambdas nested within f-strings (#25398)

Server

• Return code action for codeAction/resolve requests that contain no or no valid URL (#25365)

Other changes

• Expand semantic syntax errors for invalid walruses (#25415)

Contributors

• @​chirizxc
• @​ntBre
• @​adityasingh2400
• @​charliermarsh
• @​fallintoplace
• @​martin-schlossarek
• @​MichaReiser

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.15

Released on 2026-05-28.

Preview features

• Fix Markdown closing fence handling (#25310)
• [pyflakes] Report duplicate imports in typing.TYPE_CHECKING block (F811) (#22560)

Bug fixes

• [pyflakes] Treat function-scope bare annotations as locals per PEP 526 (F821) (#21540)

Performance

• Avoid redundant TokenValue drops in the lexer (#25300)
• Reduce memory usage by dropping token-excess capacity and improve performance by approximating the initial tokens Vec size (#25354)
• Use ThinVec in AST to shrink Stmt (#25361)

Documentation

• Fix line-length example for --config option (#25389)
• [flake8-comprehensions] Document RecursionError edge case in __len__ (C416) (#25286)
• [mccabe] Improve example (C901) (#25287)
• [pyupgrade] Clarify fix safety docs (UP007, UP045) (#25288)
• [refurb] Document FURB192 exception change for empty sequences (#25317)
• [ruff] Document false negative for user-defined types (RUF013) (#25289)

Formatter

• Fix formatting of lambdas nested within f-strings (#25398)

Server

• Return code action for codeAction/resolve requests that contain no or no valid URL (#25365)

Other changes

• Expand semantic syntax errors for invalid walruses (#25415)

Contributors

• @​chirizxc
• @​ntBre
• @​adityasingh2400
• @​charliermarsh
• @​fallintoplace
• @​martin-schlossarek
• @​MichaReiser
• @​Ruchir28

Commits

• db5aa0a Bump 0.15.15 (#25431)
• 366fe21 [ty] Improve diagnostics for syntax errors in forward annotations (#25158)
• e2e1e64 [ty] Remove excess capacity from more Salsa cached collections (#25411)
• 1bd77e1 [ty] Use diagnostic message as tie breaker when sorting (#25424)
• 7e1bc1e Add agent skills for working on ty (#25422)
• 574e107 Expand semantic syntax errors for invalid walruses (#25415)
• 4a7ca06 [ty] Display docs for matching parameter when hovering over the name of an ar...
• 5432709 Refine a few agents instructions (#25423)
• 3cb09eb [ty] Support typing.TypeForm (#25334)
• c8cd59f [ty] Infer class attributes assigned by metaclass initialization (#25342)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Coverage Report •

File	Stmts	Miss	Branch	BrPart	Cover	Missing
syncmaster/worker
transfer.py	76	11	10	6	85%	29–31, 39, 77–78, 109–112, 126
TOTAL	5368	642	832	174	88%