Bump the minor-patch group with 6 updates

[dependabot]

Bumps the minor-patch group with 6 updates:

Package	From	To
fastapi	0.121.1	0.121.3
pypandoc	1.16	1.16.2
click	8.3.0	8.3.1
pre-commit	4.4.0	4.5.0
bandit	1.8.6	1.9.2
ruff	0.14.4	0.14.6

Updates fastapi from 0.121.1 to 0.121.3

Release notes

Sourced from fastapi's releases.

0.121.3

Refactors

• ♻️ Make the result of Depends() and Security() hashable, as a workaround for other tools interacting with these internal parts. PR #14372 by @​tiangolo.

Upgrades

• ⬆️ Bump Starlette to <0.51.0. PR #14282 by @​musicinmybrain.

Docs

• 📝 Add missing hash part. PR #14369 by @​nilslindemann.
• 📝 Fix typos in code comments. PR #14364 by @​Edge-Seven.
• 📝 Add docs for using FastAPI Cloud. PR #14359 by @​tiangolo.

0.121.2

Fixes

• 🐛 Fix handling of JSON Schema attributes named "$ref". PR #14349 by @​tiangolo.

Docs

• 📝 Add EuroPython talk & podcast episode with Sebastián Ramírez. PR #14260 by @​clytaemnestra.
• ✏️ Fix links and add missing permalink in docs. PR #14217 by @​YuriiMotov.

Translations

• 🌐 Update Portuguese translations with LLM prompt. PR #14228 by @​ceb10n.
• 🔨 Add Portuguese translations LLM prompt. PR #14208 by @​ceb10n.
• 🌐 Sync Russian docs. PR #14331 by @​YuriiMotov.
• 🌐 Sync German docs. PR #14317 by @​nilslindemann.

Commits

• 325fd16 🔖 Release version 0.121.3
• 7659b70 📝 Update release notes
• 8570163 ♻️ Make the result of Depends() and Security() hashable, as a workaround ...
• 566e315 📝 Update release notes
• 569226e ⬆️ Bump Starlette to <0.51.0 (#14282)
• 33a75f4 📝 Update release notes
• 89baa70 📝 Add missing hash part (#14369)
• 827ed1e 📝 Update release notes
• df83eb7 📝 Fix typos in code comments (#14364)
• 4e84f31 📝 Update release notes
• Additional commits viewable in compare view

Updates pypandoc from 1.16 to 1.16.2

Release notes

Sourced from pypandoc's releases.

Latest Development Version

Commits

• c3afa88: pypandoc v1.16 (JessicaTegner)

Commits

• eaafdbe pypandoc v1.16.2
• 5face72 Merge pull request #415 from JessicaTegner/jessica/tinytex_fix
• 71dedd4 [pre-commit.ci] auto fixes from pre-commit.com hooks
• 1999a28 remove tinytex
• 811741a skip pdf testi n ci
• 9f830b3 Use PyTinyTeX instead in ci
• 35035f6 pypandoc v1.16.1
• a44afee Merge pull request #414 from JessicaTegner/jessica/cifix
• dbb1505 [pre-commit.ci] auto fixes from pre-commit.com hooks
• dd30edc Improvements to CI
• See full diff in compare view

Updates click from 8.3.0 to 8.3.1

Release notes

Sourced from click's releases.

8.3.1

This is the Click 8.3.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.3.1/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-1 Milestone: https://github.com/pallets/click/milestone/28

• Don't discard pager arguments by correctly using subprocess.Popen. #3039 #3055
• Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. #3066 #3065 #3068
• Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. #3071 #3079
• Fix rendering when prompt and confirm parameter prompt_suffix is empty. #3019 #3021
• When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. #3069 #3090
• Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. #3136 #3137

Changelog

Sourced from click's changelog.

Version 8.3.1

Released 2025-11-15

• Don't discard pager arguments by correctly using subprocess.Popen. :issue:3039 :pr:3055
• Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. :issue:3066 :issue:3065 :pr:3068
• Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. :issue:3071 :pr:3079
• Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. :issue:3136 :pr:3137
• Fix rendering when prompt and confirm parameter prompt_suffix is empty. :issue:3019 :pr:3021
• When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. :issue:3069 :pr:3090

Commits

• 1d038f2 release version 8.3.1
• 03f3889 Fix Ruff UP038 warning (#3141)
• 3867781 Fix Ruff UP038 warning
• b91bb95 Provide altered context to callbacks to hide UNSET values as None (#3137)
• 437e1e3 Temporarily provide a fake context to the callback to hide UNSET values as ...
• ea70da4 Don't test using a file in docs/ (#3102)
• e27b307 Make uv run --all-extras pyright --verifytypes click pass (#3072)
• a92c573 Fix test_edit to work with BSD sed (#3129)
• bd131e1 Fix test_edit to work with BSD sed
• 0b5c6b7 Add Best practices section (#3127)
• Additional commits viewable in compare view

Updates pre-commit from 4.4.0 to 4.5.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.5.0

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

Changelog

Sourced from pre-commit's changelog.

4.5.0 - 2025-11-22

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

Commits

• 1af6c8f v4.5.0
• 3358a3b Merge pull request #3585 from pre-commit/hazmat
• bdf6879 add pre-commit hazmat
• e436690 Merge pull request #3584 from pre-commit/exitstack
• 8d34f95 use ExitStack instead of start + stop
• 9c7ea88 Merge pull request #3583 from pre-commit/forward-compat-map-manifest
• 844dacc add forward-compat error message
• 6a1d543 Merge pull request #3582 from pre-commit/move-gc-back
• 66278a9 move logic for gc back to commands.gc
• 1b32c50 Merge pull request #3579 from pre-commit/pre-commit-ci-update-config
• Additional commits viewable in compare view

Updates bandit from 1.8.6 to 1.9.2

Release notes

Sourced from bandit's releases.

1.9.2

What's Changed

• Argparse Python 3.14 enhancements by @​ericwb in PyCQA/bandit#1331
• Check whether Constant value is str by @​ericwb in PyCQA/bandit#1333

Full Changelog: PyCQA/bandit@1.9.1...1.9.2

1.9.1

What's Changed

• More Python version related fixes by @​ericwb in PyCQA/bandit#1327

Full Changelog: PyCQA/bandit@1.9.0...1.9.1

1.9.0

What's Changed

• Add instructions for Maintainers to create/publish a release by @​ericwb in PyCQA/bandit#1275
• Bump sigstore/cosign-installer from 3.9.1 to 3.9.2 by @​dependabot[bot] in PyCQA/bandit#1289
• Bump docker/login-action from 3.4.0 to 3.5.0 by @​dependabot[bot] in PyCQA/bandit#1290
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1291
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in PyCQA/bandit#1292
• Replace deprecated datetime.datetime.utcnow() by @​purplezimmermann in PyCQA/bandit#1295
• Bump actions/setup-python from 5 to 6 by @​dependabot[bot] in PyCQA/bandit#1296
• Bump sigstore/cosign-installer from 3.9.2 to 3.10.0 by @​dependabot[bot] in PyCQA/bandit#1298
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1303
• Fix typos by @​Shortfinga in PyCQA/bandit#1305
• Bump docker/login-action from 3.5.0 to 3.6.0 by @​dependabot[bot] in PyCQA/bandit#1306
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1315
• Bump sigstore/cosign-installer from 3.10.0 to 4.0.0 by @​dependabot[bot] in PyCQA/bandit#1317
• Support of Python 3.14 by @​ericwb in PyCQA/bandit#1323
• Drop support of end-of-life Python 3.9 by @​ericwb in PyCQA/bandit#1325
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in PyCQA/bandit#1324

New Contributors

• @​purplezimmermann made their first contribution in PyCQA/bandit#1295
• @​Shortfinga made their first contribution in PyCQA/bandit#1305

Full Changelog: PyCQA/bandit@1.8.6...1.9.0

Commits

• ea0d187 Check whether Constant value is str (#1333)
• 8bf7594 Argparse Python 3.14 enhancements (#1331)
• a255dfa More Python version related fixes (#1327)
• 3f07bb0 [pre-commit.ci] pre-commit autoupdate (#1324)
• c8c3fb8 Drop support of end-of-life Python 3.9 (#1325)
• 5c30350 Support of Python 3.14 (#1323)
• e1ffdf6 Bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#1317)
• 176d4ca [pre-commit.ci] pre-commit autoupdate (#1315)
• 2fc3e9c Bump docker/login-action from 3.5.0 to 3.6.0 (#1306)
• 6a68546 Fix typos (#1305)
• Additional commits viewable in compare view

Updates ruff from 0.14.4 to 0.14.6

Release notes

Sourced from ruff's releases.

0.14.6

Release Notes

Released on 2025-11-21.

Preview features

• [flake8-bandit] Support new PySNMP API paths (S508, S509) (#21374)

Bug fixes

• Adjust own-line comment placement between branches (#21185)
• Avoid syntax error when formatting attribute expressions with outer parentheses, parenthesized value, and trailing comment on value (#20418)
• Fix panic when formatting comments in unary expressions (#21501)
• Respect fmt: skip for compound statements on a single line (#20633)
• [refurb] Fix FURB103 autofix (#21454)
• [ruff] Fix false positive for complex conversion specifiers in logging-eager-conversion (RUF065) (#21464)

Rule changes

• [ruff] Avoid false positive on ClassVar reassignment (RUF012) (#21478)

CLI

• Render hyperlinks for lint errors (#21514)
• Add a ruff analyze option to skip over imports in TYPE_CHECKING blocks (#21472)

Documentation

• Limit eglot-format hook to eglot-managed Python buffers (#21459)
• Mention force-exclude in "Configuration > Python file discovery" (#21500)

Contributors

• @​ntBre
• @​dylwil3
• @​gauthsvenkat
• @​MichaReiser
• @​thamer
• @​Ruchir28
• @​thejcannon
• @​danparizher
• @​chirizxc

Install ruff 0.14.6

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.14.6/ruff-installer.sh | sh
</tr></table> 

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.6

Released on 2025-11-21.

Preview features

• [flake8-bandit] Support new PySNMP API paths (S508, S509) (#21374)

Bug fixes

• Adjust own-line comment placement between branches (#21185)
• Avoid syntax error when formatting attribute expressions with outer parentheses, parenthesized value, and trailing comment on value (#20418)
• Fix panic when formatting comments in unary expressions (#21501)
• Respect fmt: skip for compound statements on a single line (#20633)
• [refurb] Fix FURB103 autofix (#21454)
• [ruff] Fix false positive for complex conversion specifiers in logging-eager-conversion (RUF065) (#21464)

Rule changes

• [ruff] Avoid false positive on ClassVar reassignment (RUF012) (#21478)

CLI

• Render hyperlinks for lint errors (#21514)
• Add a ruff analyze option to skip over imports in TYPE_CHECKING blocks (#21472)

Documentation

• Limit eglot-format hook to eglot-managed Python buffers (#21459)
• Mention force-exclude in "Configuration > Python file discovery" (#21500)

Contributors

• @​ntBre
• @​dylwil3
• @​gauthsvenkat
• @​MichaReiser
• @​thamer
• @​Ruchir28
• @​thejcannon
• @​danparizher
• @​chirizxc

0.14.5

Released on 2025-11-13.

Preview features

• [flake8-simplify] Apply SIM113 when index variable is of type int (#21395)

... (truncated)

Commits

• 59c6cb5 Bump 0.14.6 (#21558)
• 54dba15 [ty] Improve debug messages when imports fail (#21555)
• 1af3185 [ty] Add support for relative import completions
• 553e568 [ty] Refactor detection of import statements for completions
• cdef3f5 [ty] Use dedicated collector for completions
• 6178822 [ty] Attach subdiagnostics to unresolved-import errors for relative imports...
• 6b7adb0 [ty] support PEP 613 type aliases (#21394)
• 06941c1 [ty] More low-hanging fruit for inlay hint goto-definition (#21548)
• eb7c098 [ty] implement TypedDict structural assignment (#21467)
• 1b28fc1 [ty] Add more random TypeDetails and tests (#21546)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

The minor update of this production dependency was not automatically approved. For production dependencies, these semver updates can be automatically approved: patch