Bump the python-dependencies group across 1 directory with 2 updates by dependabot[bot] · Pull Request #35 · angela-tarantula/jsonpatchx

dependabot · 2026-03-31T05:37:41Z

Bumps the python-dependencies group with 2 updates in the / directory: jsonpointer and fastapi.

Updates jsonpointer from 3.1.0 to 3.1.1

Commits

ada0cad bump version to 3.1.1
bea0f7e Merge pull request #68 from nsano-rururu/test-py313and314
e6844d7 Merge branch 'master' into test-py313and314
0e9ea50 Merge pull request #69 from angela-tarantula/patch-1
928959c Fix flake8 issue
b657276 Merge branch 'master' into patch-1
1233257 add test case from pull request description
97cd230 Merge pull request #74 from stefankoegl/v3.1
b798115 release v3.1.0
5f89969 Merge pull request #73 from stefankoegl/update-python
Additional commits viewable in compare view

Updates fastapi from 0.135.1 to 0.135.2

Release notes

0.135.2

Upgrades

⬆️ Increase lower bound to pydantic >=2.9.0. and fix the test suite. PR #15139 by @svlandeg.

Docs

📝 Add missing last release notes dates. PR #15202 by @tiangolo.

📝 Update docs for contributors and team members regarding translation PRs. PR #15200 by @YuriiMotov.

💄 Fix code blocks in reference docs overflowing table width. PR #15094 by @YuriiMotov.

📝 Fix duplicated words in docstrings. PR #15116 by @AhsanSheraz.

📝 Add docs for pyproject.toml with entrypoint. PR #15075 by @tiangolo.

📝 Update links in docs to no longer use the classes external-link and internal-link. PR #15061 by @tiangolo.

🔨 Add JS and CSS handling for automatic target=_blank for links in docs. PR #15063 by @tiangolo.

💄 Update styles for internal and external links in new tab. PR #15058 by @tiangolo.

📝 Add documentation for the FastAPI VS Code extension. PR #15008 by @savannahostrowski.

📝 Fix doctrings for max_digits and decimal_places. PR #14944 by @YuriiMotov.

📝 Add dates to release notes. PR #15001 by @YuriiMotov.

Translations

🌐 Update translations for zh (update-outdated). PR #15177 by @tiangolo.

🌐 Update translations for zh-hant (update-outdated). PR #15178 by @tiangolo.

🌐 Update translations for zh-hant (add-missing). PR #15176 by @tiangolo.

🌐 Update translations for zh (add-missing). PR #15175 by @tiangolo.

🌐 Update translations for ja (update-outdated). PR #15171 by @tiangolo.

🌐 Update translations for ko (update-outdated). PR #15170 by @tiangolo.

🌐 Update translations for tr (update-outdated). PR #15172 by @tiangolo.

🌐 Update translations for ko (add-missing). PR #15168 by @tiangolo.

🌐 Update translations for ja (add-missing). PR #15167 by @tiangolo.

🌐 Update translations for tr (add-missing). PR #15169 by @tiangolo.

🌐 Update translations for fr (update-outdated). PR #15165 by @tiangolo.

🌐 Update translations for fr (add-missing). PR #15163 by @tiangolo.

🌐 Update translations for uk (update-outdated). PR #15160 by @tiangolo.

🌐 Update translations for uk (add-missing). PR #15158 by @tiangolo.

🌐 Update translations for pt (add-missing). PR #15157 by @tiangolo.

🌐 Update translations for pt (update-outdated). PR #15159 by @tiangolo.

🌐 Update translations for es (update-outdated). PR #15155 by @tiangolo.

🌐 Update translations for es (add-missing). PR #15154 by @tiangolo.

🌐 Update translations for de (update-outdated). PR #15156 by @tiangolo.

🌐 Update translations for ru (update-and-add). PR #15152 by @tiangolo.

🌐 Update translations for de (add-missing). PR #15153 by @tiangolo.

Internal

🔨 Exclude spam comments from statistics in scripts/people.py. PR #15088 by @YuriiMotov.

⬆ Bump authlib from 1.6.7 to 1.6.9. PR #15128 by @dependabot[bot].

⬆ Bump pyasn1 from 0.6.2 to 0.6.3. PR #15143 by @dependabot[bot].

⬆ Bump ujson from 5.11.0 to 5.12.0. PR #15150 by @dependabot[bot].

🔨 Tweak translation workflow and translation fixer tool. PR #15166 by @YuriiMotov.

... (truncated)

Commits

25a3697 🔖 Release version 0.135.2
ab125da 📝 Update release notes
122b6d4 📝 Add missing last release notes dates (#15202)
68ac0ab 📝 Update release notes
ea6e287 📝 Update docs for contributors and team members regarding translation PRs (#1...
d0a6f20 📝 Update release notes
fd9e192 💄 Fix code blocks in reference docs overflowing table width (#15094)
fce9460 📝 Update release notes
0227991 🔨 Exclude spam comments from statistics in scripts/people.py (#15088)
cbd64b0 📝 Update release notes
Additional commits viewable in compare view

github-actions · 2026-03-31T05:37:58Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 1 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 1d3cff6.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

uv.lock

Package	Version	License	Issue Type
fastapi	0.135.2	Null	Unknown License

Allowed Licenses:
Apache-2.0, MIT, MIT-0, BSD-2-Clause, BSD-3-Clause, MPL-2.0, 0BSD, Python-2.0, Python-2.0.1, GPL-1.0-or-later, GPL-2.0-or-later

Excluded from license check:
pkg:pypi/jsonpointer@3.1.0, pkg:pypi/pytest-cov@7.1.0, pkg:pypi/ruff@0.15.7, pkg:pypi/uvicorn@0.42.0, pkg:pypi/pyinstaller@6.19.0, pkg:pypi/python-jsonpath@2.0.2, pkg:pypi/pyinstaller-hooks-contrib@2026.3, pkg:pypi/uv@0.10.12

OpenSSF Scorecard

Package

Version

Score

Details

pip/fastapi

0.135.2

Unknown

pip/jsonpointer

3.1.1

🟢 4.6

Details

Check	Score	Reason
Code-Review	🟢 5	Found 4/7 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 10	14 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

Scanned Files

uv.lock

angela-tarantula · 2026-03-31T13:10:01Z

@dependabot recreate

angela-tarantula · 2026-04-01T01:53:40Z

@dependabot recreate

Bumps the python-dependencies group with 2 updates: [jsonpointer](https://github.com/stefankoegl/python-json-pointer) and [fastapi](https://github.com/fastapi/fastapi). Updates `jsonpointer` from 3.1.0 to 3.1.1 - [Commits](stefankoegl/python-json-pointer@v3.1.0...v3.1.1) Updates `fastapi` from 0.135.1 to 0.135.2 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.135.1...0.135.2) --- updated-dependencies: - dependency-name: jsonpointer dependency-version: 3.1.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: fastapi dependency-version: 0.135.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 31, 2026

dependabot Bot requested a review from angela-tarantula as a code owner March 31, 2026 05:37

dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 31, 2026

dependabot Bot had a problem deploying to dependabot-automation March 31, 2026 05:37 Failure

dependabot Bot temporarily deployed to codecov-automation March 31, 2026 05:37 Inactive

dependabot Bot temporarily deployed to dependabot-automation March 31, 2026 05:47 Inactive

dependabot Bot had a problem deploying to dependabot-automation March 31, 2026 05:48 Failure

dependabot Bot changed the title ~~Bump the python-dependencies group with 2 updates~~ Bump the python-dependencies group across 1 directory with 2 updates Mar 31, 2026

dependabot Bot force-pushed the dependabot/uv/python-dependencies-d1b196a29e branch from 1f059fb to 4ed78d6 Compare March 31, 2026 13:12

dependabot Bot temporarily deployed to codecov-automation March 31, 2026 13:12 Inactive

dependabot Bot temporarily deployed to dependabot-automation March 31, 2026 13:12 Inactive

dependabot Bot temporarily deployed to codecov-automation March 31, 2026 13:12 Inactive

dependabot Bot force-pushed the dependabot/uv/python-dependencies-d1b196a29e branch from 4ed78d6 to 1988ea0 Compare April 1, 2026 01:19

dependabot Bot temporarily deployed to codecov-automation April 1, 2026 01:19 Inactive

dependabot Bot temporarily deployed to dependabot-automation April 1, 2026 01:19 Inactive

dependabot Bot temporarily deployed to codecov-automation April 1, 2026 01:19 Inactive

angela-tarantula temporarily deployed to codecov-automation April 1, 2026 01:51 — with GitHub Actions Inactive

angela-tarantula had a problem deploying to dependabot-automation April 1, 2026 01:51 — with GitHub Actions Failure

angela-tarantula temporarily deployed to codecov-automation April 1, 2026 01:51 — with GitHub Actions Inactive

dependabot Bot force-pushed the dependabot/uv/python-dependencies-d1b196a29e branch from cbef4d7 to 1d3cff6 Compare April 1, 2026 01:55

dependabot Bot temporarily deployed to dependabot-automation April 1, 2026 01:55 Inactive

dependabot Bot temporarily deployed to codecov-automation April 1, 2026 01:55 Inactive

angela-tarantula approved these changes Apr 1, 2026

View reviewed changes

angela-tarantula merged commit a2c4fe1 into main Apr 1, 2026
12 checks passed

angela-tarantula deleted the dependabot/uv/python-dependencies-d1b196a29e branch April 1, 2026 02:06

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the python-dependencies group across 1 directory with 2 updates#35

Bump the python-dependencies group across 1 directory with 2 updates#35
angela-tarantula merged 1 commit intomainfrom
dependabot/uv/python-dependencies-d1b196a29e

dependabot Bot commented on behalf of github Mar 31, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented Mar 31, 2026 •

edited

Loading

Uh oh!

angela-tarantula commented Mar 31, 2026

Uh oh!

angela-tarantula commented Apr 1, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Mar 31, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

0.135.2

Upgrades

Docs

Translations

Internal

Uh oh!

github-actions Bot commented Mar 31, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Dependency Review

Snapshot Warnings

License Issues

uv.lock

OpenSSF Scorecard

Scanned Files

Uh oh!

angela-tarantula commented Mar 31, 2026

Uh oh!

angela-tarantula commented Apr 1, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Mar 31, 2026 •

edited

Loading

github-actions Bot commented Mar 31, 2026 •

edited

Loading