Skip to content

Comments

fix(deps): update all dependencies#545

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/all
Open

fix(deps): update all dependencies#545
renovate[bot] wants to merge 1 commit intomainfrom
renovate/all

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jan 12, 2026

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Type Update Change Age Confidence
actions/checkout action patch v6.0.1v6.0.2 age confidence
certifi dependencies minor 2026.1.42026.2.25 age confidence
cgr.dev/chainguard/python final digest 66a97fc47fe69a
cgr.dev/chainguard/python stage digest 2ea83e2ec75fa1
fastapi (changelog) dependencies minor ^0.128.0^0.133.0 age confidence
github/codeql-action action minor v4.31.9v4.32.4 age confidence
ortelius/workflow-toolkit action patch v1.0.176v1.0.185 age confidence
peter-evans/create-pull-request action minor v8.0.0v8.1.0 age confidence
sqlalchemy (changelog) dependencies patch 2.0.452.0.47 age confidence
starlette (changelog) dependencies minor ^0.50.0^0.52.0 age confidence
step-security/harden-runner action minor v2.14.0v2.15.0 age confidence
uvicorn (changelog) dependencies minor ^0.40.0^0.41.0 age confidence

Release Notes

actions/checkout (actions/checkout)

v6.0.2

Compare Source

certifi/python-certifi (certifi)

v2026.2.25

Compare Source

fastapi/fastapi (fastapi)

v0.133.0

Compare Source

v0.132.1

Compare Source

Refactors
Internal

v0.132.0

Compare Source

Breaking Changes
  • 🔒️ Add strict_content_type checking for JSON requests. PR #​14978 by @​tiangolo.
    • Now FastAPI checks, by default, that JSON requests have a Content-Type header with a valid JSON value, like application/json, and rejects requests that don't.
    • If the clients for your app don't send a valid Content-Type header you can disable this with strict_content_type=False.
    • Check the new docs: Strict Content-Type Checking.
Internal

v0.131.0

Compare Source

Breaking Changes

v0.130.0

Compare Source

Features

v0.129.2

Compare Source

Internal

v0.129.1

Compare Source

Fixes
  • ♻️ Fix JSON Schema for bytes, use "contentMediaType": "application/octet-stream" instead of "format": "binary". PR #​14953 by @​tiangolo.
Docs
Translations
Internal

v0.129.0

Compare Source

Breaking Changes
Refactors
Docs
Internal

v0.128.8

Compare Source

Docs
Internal

v0.128.7

Compare Source

Features
Refactors
  • ♻️ Simplify reading files in memory, do it sequentially instead of (fake) parallel. PR #​14884 by @​tiangolo.
Docs
Internal

v0.128.6

Compare Source

Fixes
Translations
Internal

v0.128.5

Compare Source

Refactors
  • ♻️ Refactor and simplify Pydantic v2 (and v1) compatibility internal utils. PR #​14862 by @​tiangolo.
Internal
  • ✅ Add inline snapshot tests for OpenAPI before changes from Pydantic v2. PR #​14864 by @​tiangolo.

v0.128.4

Compare Source

Refactors
  • ♻️ Refactor internals, simplify Pydantic v2/v1 utils, create_model_field, better types for lenient_issubclass. PR #​14860 by @​tiangolo.
  • ♻️ Simplify internals, remove Pydantic v1 only logic, no longer needed. PR #​14857 by @​tiangolo.
  • ♻️ Refactor internals, cleanup unneeded Pydantic v1 specific logic. PR #​14856 by @​tiangolo.
Translations
Internal

v0.128.3

Compare Source

Refactors
  • ♻️ Re-implement on_event in FastAPI for compatibility with the next Starlette, while keeping backwards compatibility. PR #​14851 by @​tiangolo.
Upgrades
  • ⬆️ Upgrade Starlette supported version range to starlette>=0.40.0,<1.0.0. PR #​14853 by @​tiangolo.
Translations
Internal
  • 👷 Run tests with Starlette from git. PR #​14849 by @​tiangolo.
  • 👷 Run tests with lower bound uv sync, upgrade fastapi[all] minimum dependencies: ujson >=5.8.0, orjson >=3.9.3. PR #​14846 by @​tiangolo.

v0.128.2

Compare Source

Features
Fixes
Docs
Translations
Internal

v0.128.1

Compare Source

Features
  • ✨ Add viewport meta tag to improve Swagger UI on mobile devices. PR #​14777 by @​Joab0.
  • 🚸 Improve error message for invalid query parameter type annotations. PR #​14479 by @​retwish.
Fixes
Refactors
Docs
Translations
Internal
github/codeql-action (github/codeql-action)

v4.32.4

Compare Source

  • Update default CodeQL bundle version to 2.24.2. #​3493
  • Added an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when private package registries are configured. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. #​3473
  • When the CodeQL Action is run with debugging enabled in Default Setup and private package registries are configured, the "Setup proxy for registries" step will output additional diagnostic information that can be used for troubleshooting. #​3486
  • Added a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. #​3485
  • Added a setting which enables GitHub-managed workflows, such as Default Setup, to use a nightly CodeQL CLI release instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. #​3484

v4.32.3

Compare Source

  • Added experimental support for testing connections to private package registries. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. #​3466

v4.32.2

Compare Source

v4.32.1

Compare Source

  • A warning is now shown in Default Setup workflow logs if a private package registry is configured using a GitHub Personal Access Token (PAT), but no username is configured. #​3422
  • Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. #​3421

v4.32.0

Compare Source

v4.31.11

Compare Source

  • When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #​3409
  • Improved error handling throughout the CodeQL Action. #​3415
  • Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #​3318
  • The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #​3403

v4.31.10

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.10 - 12 Jan 2026
  • Update default CodeQL bundle version to 2.23.9. #​3393

See the full CHANGELOG.md for more information.

ortelius/workflow-toolkit (ortelius/workflow-toolkit)

v1.0.185

Compare Source

1.0.185 (2026-02-11)

v1.0.184

Compare Source

1.0.184 (2026-01-26)

v1.0.183

Compare Source

1.0.183 (2026-01-26)

v1.0.182

Compare Source

1.0.182 (2026-01-23)

v1.0.181

Compare Source

1.0.181 (2026-01-23)

v1.0.180

Compare Source

1.0.180 (2026-01-22)

v1.0.179

Compare Source

1.0.179 (2026-01-16)

v1.0.178

Compare Source

1.0.178 (2026-01-15)

v1.0.177

Compare Source

1.0.177 (2026-01-12)
peter-evans/create-pull-request (peter-evans/create-pull-request)

v8.1.0: Create Pull Request v8.1.0

Compare Source

What's Changed
New Contributors

Full Changelog: peter-evans/create-pull-request@v8.0.0...v8.1.0

Kludex/starlette (starlette)

v0.52.1: Version 0.52.1

Compare Source

What's Changed


Full Changelog: Kludex/starlette@0.52.0...0.52.1

v0.52.0: Version 0.52.0

Compare Source

In this release, State can be accessed using dictionary-style syntax for improved type safety (#​3036).

from collections.abc import AsyncIterator
from contextlib import asynccontextmanager
from typing import TypedDict

import httpx

from starlette.applications import Starlette
from starlette.requests import Request

class State(TypedDict):
    http_client: httpx.AsyncClient

@&#8203;asynccontextmanager
async def lifespan(app: Starlette) -> AsyncIterator[State]:
    async with httpx.AsyncClient() as client:
        yield {"http_client": client}

async def homepage(request: Request[State]):
    client = request.state["http_client"]
    # If you run the below line with mypy or pyright, it will reveal the correct type.
    reveal_type(client)  # Revealed type is 'httpx.AsyncClient'

See Accessing State for more details.


Full Changelog: Kludex/starlette@0.51.0...0.52.0

v0.51.0: Version 0.51.0

Compare Source

Added

  • Add allow_private_network in CORSMiddleware #​3065.

Changed

  • Increase warning stacklevel on DeprecationWarning for wsgi module #​3082.

New Contributors

Full Changelog: Kludex/starlette@0.50.0...0.51.0

step-security/harden-runner (step-security/harden-runner)

v2.15.0

Compare Source

What's Changed

Windows and macOS runner support

We are excited to announce that Harden Runner now supports Windows and macOS runners, extending runtime security beyond Linux for the first time.

Insights for Windows and macOS runners will be displayed in the same consistent format you are already familiar with from Linux runners, giving you a unified view of runtime activity across all platforms.

Full Changelog: step-security/harden-runner@v2.14.2...v2.15.0

v2.14.2

[Compare Source](https://redirect.github.com/st


Configuration

📅 Schedule: Branch creation - "every 1 hours every weekday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/all branch 7 times, most recently from 9dadbe3 to eddcce4 Compare January 18, 2026 10:38
@renovate renovate bot force-pushed the renovate/all branch 13 times, most recently from d3f9ac6 to f33acc2 Compare January 27, 2026 22:41
@renovate renovate bot force-pushed the renovate/all branch 4 times, most recently from a6e7e8f to 6b5d62a Compare February 3, 2026 00:52
@renovate renovate bot force-pushed the renovate/all branch 6 times, most recently from 3aaacab to 5967c7e Compare February 7, 2026 05:50
@renovate renovate bot force-pushed the renovate/all branch 12 times, most recently from b2a9f76 to 825b55f Compare February 14, 2026 01:25
@renovate renovate bot force-pushed the renovate/all branch 10 times, most recently from da0d40d to 823b6b8 Compare February 23, 2026 12:35
@renovate renovate bot force-pushed the renovate/all branch 6 times, most recently from ca34ae9 to d138bbb Compare February 25, 2026 02:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants