Skip to content

chore(deps): bump the backend-dependencies group across 1 directory with 13 updates#53

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/backend/backend-dependencies-eb7522f6b5
Open

chore(deps): bump the backend-dependencies group across 1 directory with 13 updates#53
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/backend/backend-dependencies-eb7522f6b5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 20, 2026

Copy link
Copy Markdown

Bumps the backend-dependencies group with 13 updates in the /backend directory:

Package From To
fastapi 0.136.3 0.138.0
openai 2.28.0 2.43.0
pydantic 2.12.5 2.13.4
slowapi 0.1.9 0.1.10
ruff 0.8.0 0.15.18
pypdf 6.13.2 6.13.3
langchain-community 0.4.1 0.4.2
tiktoken 0.12.0 0.13.0
boto3 1.42.68 1.43.34
orjson 3.11.7 3.11.9
pytest 9.0.3 9.1.1
pandas 3.0.1 3.0.3
tqdm 4.67.3 4.68.3

Updates fastapi from 0.136.3 to 0.138.0

Release notes

Sourced from fastapi's releases.

0.138.0

Features

  • ✨ Add support for app.frontend("/", directory="dist") and router.frontend("/", directory="dist"). PR #15800 by @​tiangolo.

Docs

Translations

Internal

0.137.2

Features

  • ✨ Add iter_route_contexts() for advanced use cases that used to use router.routes (e.g. Jupyverse). PR #15785 by @​tiangolo.

Translations

Internal

... (truncated)

Commits

Updates openai from 2.28.0 to 2.43.0

Release notes

Sourced from openai's releases.

v2.43.0

2.43.0 (2026-06-17)

Full Changelog: v2.42.0...v2.43.0

Features

  • api: update OpenAPI spec or Stainless config (2254235)

v2.42.0

2.42.0 (2026-06-16)

Full Changelog: v2.41.1...v2.42.0

Features

  • api: admin spend_alerts (6134198)
  • api: manual updates (f337bf4)
  • api: update OpenAPI spec or Stainless config (7015158)

Build System

v2.41.1

2.41.1 (2026-06-05)

Full Changelog: v2.41.0...v2.41.1

Build System

  • Remove scheduled release workflow trigger (#3366) (2a91011)

v2.41.0

2.41.0 (2026-06-03)

Full Changelog: v2.40.0...v2.41.0

Features

  • api: responses.moderation and chat_completions.moderation (87e46c2)

v2.40.0

2.40.0 (2026-06-01)

Full Changelog: v2.39.0...v2.40.0

Features

... (truncated)

Changelog

Sourced from openai's changelog.

2.43.0 (2026-06-17)

Full Changelog: v2.42.0...v2.43.0

Features

  • api: update OpenAPI spec or Stainless config (2254235)

2.42.0 (2026-06-16)

Full Changelog: v2.41.1...v2.42.0

Features

  • api: admin spend_alerts (6134198)
  • api: manual updates (f337bf4)
  • api: update OpenAPI spec or Stainless config (7015158)

Build System

2.41.1 (2026-06-05)

Full Changelog: v2.41.0...v2.41.1

Build System

  • Remove scheduled release workflow trigger (#3366) (2a91011)

2.41.0 (2026-06-03)

Full Changelog: v2.40.0...v2.41.0

Features

  • api: responses.moderation and chat_completions.moderation (87e46c2)

2.40.0 (2026-06-01)

Full Changelog: v2.39.0...v2.40.0

Features

  • api: Add Amazon Bedrock Responses support

Bug Fixes

  • api: allow setting bedrock api keys on the client directly (4d5bfde)

... (truncated)

Commits

Updates pydantic from 2.12.5 to 2.13.4

Release notes

Sourced from pydantic's releases.

v2.13.4 2026-05-06

v2.13.4 (2026-05-06)

What's Changed

Packaging

Fixes

Full Changelog: pydantic/pydantic@v2.13.3...v2.13.4

v2.13.3 2026-04-20

v2.13.3 (2026-04-20)

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.13.2...v2.13.3

v2.13.2 2026-04-17

v2.13.2 (2026-04-17)

What's Changed

Fixes

  • Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

Full Changelog: pydantic/pydantic@v2.13.1...v2.13.2

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

Full Changelog: pydantic/pydantic@v2.13.0...v2.13.1

v2.13.0 2026-04-13

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.13.4 (2026-05-06)

GitHub release

What's Changed

Packaging

Fixes

v2.13.3 (2026-04-20)

GitHub release

What's Changed

Fixes

v2.13.2 (2026-04-17)

GitHub release

What's Changed

Fixes

  • Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

v2.13.1 (2026-04-15)

GitHub release

What's Changed

Fixes

v2.13.0 (2026-04-13)

GitHub release

The highlights of the v2.13 release are available in the blog post.

... (truncated)

Commits
  • cf67d4b Fix linting
  • f0d8a21 Prepare release v2.13.4
  • 5e3fe1d Check for pydantic tag pattern in CI
  • 7f9edcc Document tagging conventions
  • b46a0c9 Adapt pydantic-core linker flags on macOS
  • 50629c8 Update to PyPy 7.3.22
  • 8522ebb Preserve RootModel core metadata
  • a37f3af Adapt MISSING sentinel test to work with unreleased typing_extensions ver...
  • 909259a Remove Logfire example in documentation
  • 2c4174c Bump libc from 0.2.155 to 0.2.185
  • Additional commits viewable in compare view

Updates slowapi from 0.1.9 to 0.1.10

Release notes

Sourced from slowapi's releases.

v0.1.10

What's Changed

New Contributors

Full Changelog: laurentS/slowapi@v0.1.9...v0.1.10

Changelog

Sourced from slowapi's changelog.

[0.1.10] - 2026-06-13

Changed

  • Added: allow usage of the request object in the except_when function (thanks @​colin99d)
  • Added more test exemption logic (thanks @​colin99)
  • Fix logger warning for Python 3.11 deprecation (thanks @​kevin868)
Commits
  • 75799a3 Update changelog
  • 6f22eab Merge pull request #212 from ecly/release-v0.1.10
  • 5e2b9c1 Merge pull request #238 from laurentS/drop-old-python
  • a83ec72 Update README
  • d1a20b6 Drop python 3.7 and 3.8 from CI checks
  • 8bf8b2e Make exempt_when with request backwards compatible
  • eaf5ba7 Bump version and update changelog
  • a72bcc6 Merge pull request #160 from colin99d/master
  • 42330fc Merge branch 'laurentS:master' into master
  • 91145c0 Fixed mypy error
  • Additional commits viewable in compare view

Updates ruff from 0.8.0 to 0.15.18

Release notes

Sourced from ruff's releases.

0.15.18

Release Notes

Released on 2026-06-18.

Preview features

  • Handle nested ruff:ignore comments (#25791)
  • Stop displaying severity in output (#26050)
  • Use human-readable names in CLI output (#25937)
  • Use human-readable names in LSP and playground diagnostics (#26058)
  • [pydocstyle] Prevent property docstrings starting with verbs (D421) (#23775)
  • [flake8-pyi] Extend PYI033 to Python files (#26129)

Bug fixes

  • Detect equivalent numeric mapping keys (#26009)
  • Detect mapping keys equivalent to booleans (#25982)
  • Detect repeated signed and complex dictionary keys (#26007)

Rule changes

  • [flake8-pyi] Rename PYI033 to legacy-type-comment (#26131)

Performance

  • Use ThinVec for call keywords (#25999)
  • Inline parser recovery context checks (#26038)
  • Match parser keywords as bytes (#26037)
  • Move value parsing out of lexing (#25360)

Server

  • Render subdiagnostics and secondary annotations as related information (#26011)

Documentation

  • Update fix availability for always-fixable rules (#26091)
  • [flake8-tidy-imports] Add fix safety section (TID252) (#17491)

Parser

  • Reject __debug__ lambda parameters (#26022)
  • Reject _ as a match-pattern target (#25977)
  • Reject multiple starred names in sequence patterns (#25976)
  • Reject parenthesized star imports (#26021)
  • Reject starred comprehension targets (#26023)
  • Reject unparenthesized generator expressions in class bases (#25978)
  • Reject yield expressions after commas (#26024)
  • Validate function type parameter default order (#25981)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.18

Released on 2026-06-18.

Preview features

  • Handle nested ruff:ignore comments (#25791)
  • Stop displaying severity in output (#26050)
  • Use human-readable names in CLI output (#25937)
  • Use human-readable names in LSP and playground diagnostics (#26058)
  • [pydocstyle] Prevent property docstrings starting with verbs (D421) (#23775)
  • [flake8-pyi] Extend PYI033 to Python files (#26129)

Bug fixes

  • Detect equivalent numeric mapping keys (#26009)
  • Detect mapping keys equivalent to booleans (#25982)
  • Detect repeated signed and complex dictionary keys (#26007)

Rule changes

  • [flake8-pyi] Rename PYI033 to legacy-type-comment (#26131)

Performance

  • Use ThinVec for call keywords (#25999)
  • Inline parser recovery context checks (#26038)
  • Match parser keywords as bytes (#26037)
  • Move value parsing out of lexing (#25360)

Server

  • Render subdiagnostics and secondary annotations as related information (#26011)

Documentation

  • Update fix availability for always-fixable rules (#26091)
  • [flake8-tidy-imports] Add fix safety section (TID252) (#17491)

Parser

  • Reject __debug__ lambda parameters (#26022)
  • Reject _ as a match-pattern target (#25977)
  • Reject multiple starred names in sequence patterns (#25976)
  • Reject parenthesized star imports (#26021)
  • Reject starred comprehension targets (#26023)
  • Reject unparenthesized generator expressions in class bases (#25978)
  • Reject yield expressions after commas (#26024)
  • Validate function type parameter default order (#25981)

... (truncated)

Commits

Updates pypdf from 6.13.2 to 6.13.3

Release notes

Sourced from pypdf's releases.

Version 6.13.3, 2026-06-17

What's new

Security (SEC)

Performance Improvements (PI)

Robustness (ROB)

Maintenance (MAINT)

Full Changelog

Changelog

Sourced from pypdf's changelog.

Version 6.13.3, 2026-06-17

Security (SEC)

  • Apply MAX_DECLARED_STREAM_LENGTH to streams without length as well (#3871)

Performance Improvements (PI)

  • Avoid per-pixel getpixel loop for 1-bit indexed images (#3854)

Robustness (ROB)

  • Several fixes

Maintenance (MAINT)

  • Make mypy assert messages consistent (#3849)

Full Changelog

Commits
  • 9aa05e7 REL: 6.13.3
  • bbd083d SEC: Apply MAX_DECLARED_STREAM_LENGTH to streams without length as well (#3871)
  • d5cd266 ROB: Guard text operators against missing operands in extract_text (#3861)
  • 82f1f90 ROB: Tolerate malformed /Limits in index2label (#3858)
  • 0276a6f PI: Avoid per-pixel getpixel loop for 1-bit indexed images (#3854)
  • 41a9c3c MAINT: Make mypy assert messages consistent (#3849)
  • d1bba60 MAINT: Increase readability of PdfDocCommon (#3834)
  • 53b6fbc DEV: Bump codecov/codecov-action from 6.0.1 to 7.0.0 (#3859)
  • e07c223 MAINT: Enforce G004 (no f-strings in logging) (#3845)
  • 5270f76 ROB: Guard zero unitsPerEm in from_truetype_font_file (#3846)
  • Additional commits viewable in compare view

Updates langchain-community from 0.4.1 to 0.4.2

Release notes

Sourced from langchain-community's releases.

langchain-community==0.4.2

Sunsetting langchain-community

langchain-community is being sunset. See langchain-ai/langchain-community#674 for details and guidance. Thank you to everyone who has contributed integrations, fixes, reviews, and maintenance over the years.

What's Changed

... (truncated)

Commits
  • 7c10a5f fix: bump deps and fix test (#676)
  • 0d3630d fix: sunset package (#675)
  • 3ade247 chore(deps): bump urllib3 from 2.6.3 to 2.7.0 in /libs/community (#662)
  • 27c60ba chore(deps): bump langsmith from 0.7.31 to 0.8.4 in /libs/community (#666)
  • 2e8d934 chore(deps): bump jupyter-server from 2.17.0 to 2.18.0 in /libs/community (#654)
  • f0b16c2 chore(deps): bump mistune from 3.2.0 to 3.2.1 in /libs/community (#656)
  • bfbfe3f chore(deps): update scikit-learn requirement from <2,>=1.2.2 to >=1.7.2,<2 in...
  • 4cbef29 chore(deps): update hdbcli requirement from <3,>=2.19.21 to >=2.28.20,<3 in /...
  • 22377e1 chore(deps): update keybert requirement from >=0.8.5 to >=0.9.0 in /libs/comm...
  • c4dbaa2 chore(deps): bump notebook from 7.5.4 to 7.5.6 in /libs/community (#646)
  • Additional commits viewable in compare view

Updates tiktoken from 0.12.0 to 0.13.0

Changelog

Sourced from tiktoken's changelog.

[v0.13.0]

  • Update fancy-regex for significantly increased performance
  • Branch byte pair encoding to fix performance on unusual input
  • Fix AttributeError caused by incomplete redaction of experimental code
  • Update version of pyo3
  • Update version of optional dependency blobfile
Commits

Updates boto3 from 1.42.68 to 1.43.34

Commits

Updates orjson from 3.11.7 to 3.11.9

Release notes

Sourced from orjson's releases.

3.11.9

Changed

  • Build now depends on Rust 1.95 or later instead of 1.89.

Fixed

  • Fix building on Rust 1.95.

3.11.8

Changed

  • Build and compatibility improvements.
Changelog

Sourced from orjson's changelog.

3.11.9 - 2026-05-06

Changed

  • Build now depends on Rust 1.95 or later instead of 1.89.

Fixed

  • Fix building on Rust 1.95.

3.11.8 - 2026-03-31

Changed

  • Build and compatibility improvements.
Commits

…ith 13 updates

Bumps the backend-dependencies group with 13 updates in the /backend directory:

| Package | From | To |
| --- | --- | --- |
| [fastapi](https://github.com/fastapi/fastapi) | `0.136.3` | `0.138.0` |
| [openai](https://github.com/openai/openai-python) | `2.28.0` | `2.43.0` |
| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.4` |
| [slowapi](https://github.com/laurents/slowapi) | `0.1.9` | `0.1.10` |
| [ruff](https://github.com/astral-sh/ruff) | `0.8.0` | `0.15.18` |
| [pypdf](https://github.com/py-pdf/pypdf) | `6.13.2` | `6.13.3` |
| [langchain-community](https://github.com/langchain-ai/langchain-community) | `0.4.1` | `0.4.2` |
| [tiktoken](https://github.com/openai/tiktoken) | `0.12.0` | `0.13.0` |
| [boto3](https://github.com/boto/boto3) | `1.42.68` | `1.43.34` |
| [orjson](https://github.com/ijl/orjson) | `3.11.7` | `3.11.9` |
| [pytest](https://github.com/pytest-dev/pytest) | `9.0.3` | `9.1.1` |
| [pandas](https://github.com/pandas-dev/pandas) | `3.0.1` | `3.0.3` |
| [tqdm](https://github.com/tqdm/tqdm) | `4.67.3` | `4.68.3` |



Updates `fastapi` from 0.136.3 to 0.138.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.136.3...0.138.0)

Updates `openai` from 2.28.0 to 2.43.0
- [Release notes](https://github.com/openai/openai-python/releases)
- [Changelog](https://github.com/openai/openai-python/blob/main/CHANGELOG.md)
- [Commits](openai/openai-python@v2.28.0...v2.43.0)

Updates `pydantic` from 2.12.5 to 2.13.4
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v2.12.5...v2.13.4)

Updates `slowapi` from 0.1.9 to 0.1.10
- [Release notes](https://github.com/laurents/slowapi/releases)
- [Changelog](https://github.com/laurentS/slowapi/blob/master/CHANGELOG.md)
- [Commits](laurentS/slowapi@v0.1.9...v0.1.10)

Updates `ruff` from 0.8.0 to 0.15.18
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.8.0...0.15.18)

Updates `pypdf` from 6.13.2 to 6.13.3
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](py-pdf/pypdf@6.13.2...6.13.3)

Updates `langchain-community` from 0.4.1 to 0.4.2
- [Release notes](https://github.com/langchain-ai/langchain-community/releases)
- [Commits](langchain-ai/langchain-community@libs/community/v0.4.1...libs/community/v0.4.2)

Updates `tiktoken` from 0.12.0 to 0.13.0
- [Release notes](https://github.com/openai/tiktoken/releases)
- [Changelog](https://github.com/openai/tiktoken/blob/main/CHANGELOG.md)
- [Commits](openai/tiktoken@0.12.0...0.13.0)

Updates `boto3` from 1.42.68 to 1.43.34
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.42.68...1.43.34)

Updates `orjson` from 3.11.7 to 3.11.9
- [Release notes](https://github.com/ijl/orjson/releases)
- [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md)
- [Commits](ijl/orjson@3.11.7...3.11.9)

Updates `pytest` from 9.0.3 to 9.1.1
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.0.3...9.1.1)

Updates `pandas` from 3.0.1 to 3.0.3
- [Release notes](https://github.com/pandas-dev/pandas/releases)
- [Commits](pandas-dev/pandas@v3.0.1...v3.0.3)

Updates `tqdm` from 4.67.3 to 4.68.3
- [Release notes](https://github.com/tqdm/tqdm/releases)
- [Commits](tqdm/tqdm@v4.67.3...v4.68.3)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.138.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-dependencies
- dependency-name: openai
  dependency-version: 2.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-dependencies
- dependency-name: pydantic
  dependency-version: 2.13.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-dependencies
- dependency-name: slowapi
  dependency-version: 0.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-dependencies
- dependency-name: ruff
  dependency-version: 0.15.18
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-dependencies
- dependency-name: pypdf
  dependency-version: 6.13.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-dependencies
- dependency-name: langchain-community
  dependency-version: 0.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-dependencies
- dependency-name: tiktoken
  dependency-version: 0.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-dependencies
- dependency-name: boto3
  dependency-version: 1.43.34
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-dependencies
- dependency-name: orjson
  dependency-version: 3.11.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-dependencies
- dependency-name: pytest
  dependency-version: 9.1.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: backend-dependencies
- dependency-name: pandas
  dependency-version: 3.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: backend-dependencies
- dependency-name: tqdm
  dependency-version: 4.68.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: backend-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants