chore(deps): bump the runtime-dependencies group across 1 directory with 9 updates

[dependabot]

Updates the requirements on fastapi, gunicorn, langchain, langfuse, langgraph, langgraph-checkpoint-postgres, openai, poethepoet and psycopg to permit the latest version.
Updates fastapi to 0.136.1

Release notes

Sourced from fastapi's releases.

0.136.1

Upgrades

• ⬆️ Update Pydantic v2 code to address deprecations. PR #15101 by @​svlandeg.

Internal

• 🔨 Tweak translation script. PR #15174 by @​YuriiMotov.
• ⬆ Bump mkdocs-material from 9.7.1 to 9.7.6. PR #15408 by @​dependabot[bot].
• ⬆ Bump inline-snapshot from 0.31.1 to 0.32.6. PR #15409 by @​dependabot[bot].
• ⬆ Bump pytest-codspeed from 4.3.0 to 4.4.0. PR #15407 by @​dependabot[bot].
• ⬆ Bump pytest-cov from 7.0.0 to 7.1.0. PR #15406 by @​dependabot[bot].
• ⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR #15405 by @​dependabot[bot].
• ⬆ Bump mypy from 1.19.1 to 1.20.1. PR #15410 by @​dependabot[bot].
• ⬆ Bump python-dotenv from 1.2.1 to 1.2.2. PR #15400 by @​dependabot[bot].
• ⬆ Bump starlette from 0.52.1 to 1.0.0. PR #15397 by @​dependabot[bot].
• ⬆ Bump pygithub from 2.8.1 to 2.9.1. PR #15396 by @​dependabot[bot].
• ⬆ Bump pyjwt from 2.12.0 to 2.12.1. PR #15393 by @​dependabot[bot].
• ⬆ Bump zizmor from 1.23.1 to 1.24.1. PR #15394 by @​dependabot[bot].
• ⬆ Bump strawberry-graphql from 0.312.3 to 0.314.3. PR #15395 by @​dependabot[bot].
• ⬆ Bump python-multipart from 0.0.22 to 0.0.26. PR #15360 by @​dependabot[bot].
• ⬆ Bump authlib from 1.6.9 to 1.6.11. PR #15373 by @​dependabot[bot].
• ⬆ Bump aiohttp from 3.13.3 to 3.13.4. PR #15282 by @​dependabot[bot].
• ⬆ Bump pygments from 2.19.2 to 2.20.0. PR #15263 by @​dependabot[bot].
• ⬆ Bump pymdown-extensions from 10.20.1 to 10.21.2. PR #15391 by @​YuriiMotov.
• ⬆ Bump pillow from 12.1.1 to 12.2.0. PR #15333 by @​dependabot[bot].
• ⬆ Bump pytest from 9.0.2 to 9.0.3. PR #15334 by @​dependabot[bot].
• ⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR #15374 by @​dependabot[bot].
• ⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR #15385 by @​dependabot[bot].
• 🔧 Update sponsors: remove Zuplo. PR #15369 by @​tiangolo.
• 🔧 Update sponsors: remove Speakeasy. PR #15368 by @​tiangolo.
• 🔒️ Add zizmor and fix audit findings. PR #15316 by @​YuriiMotov.

Commits

• e54e5a8 🔖 Release version 0.136.1
• 9a8a5fd 📝 Update release notes
• 7815a32 ⬆️ Update Pydantic v2 code to address deprecations (#15101)
• ef1c927 📝 Update release notes
• 38039e1 🔨 Tweak translation script (#15174)
• 4fa826c 📝 Update release notes
• c394156 ⬆ Bump mkdocs-material from 9.7.1 to 9.7.6 (#15408)
• ae230ad 📝 Update release notes
• d9eb39d ⬆ Bump inline-snapshot from 0.31.1 to 0.32.6 (#15409)
• 4f8b5d1 📝 Update release notes
• Additional commits viewable in compare view

Updates gunicorn to 25.3.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 25.3.0

Bug Fixes

• HTTP/2 ASGI Body Duplication: Fix request body being received twice in HTTP/2 ASGI requests, causing JSON parsing errors with "Extra data" messages (#3558)

• ASGI Chunked EOF Handling: Add finish() method to callback parser to handle chunked encoding edge case where connection closes before final CRLF after zero-chunk

• HTTP/2 Documentation: Fix http_protocols examples to use comma-separated string instead of list syntax (#3561)

• Chunked Encoding: Reject chunk extensions containing bare CR bytes per RFC 9112 (#3556)

• Request Line Limit: Fix --limit-request-line 0 to mean unlimited as documented, instead of using default maximum. Works with both Python and fast C parser. (#3563)

Security

• ASGI Parser Header Validation: Add security checks per RFC 9110/9112:
  • Reject duplicate Content-Length headers
  • Reject requests with both Content-Length and Transfer-Encoding
  • Reject chunked transfer encoding in HTTP/1.0
  • Reject stacked chunked encoding
  • Validate Transfer-Encoding values
  • Strict chunk size validation

Changes

• Fast HTTP Parser: Update to gunicorn_h1c >= 0.6.3 for asgi_headers property and InvalidChunkExtension validation for bare CR rejection

• ASGI PROXY Protocol: Add PROXY protocol v1/v2 support to callback parser

• Docker Images: Update to Python 3.14

Commits

• 9bce72c Update changelog with missing 25.3.0 changes
• 2a15fdb Fix pylint isinstance-second-argument-not-valid-type warning
• 8d08aaa Fix --limit-request-line 0 to mean unlimited
• d40a374 Fix pytest-asyncio configuration and treq_asgi hex escapes
• da8bd48 Remove unused AsyncRequest class
• b00f125 Integrate gunicorn_h1c 0.6.3 with InvalidChunkExtension support
• bdb2ebd Reject chunk extensions with bare CR bytes (RFC 9112)
• 7057fc9 Fix http_protocols documentation to use string syntax
• d43acb8 Update to gunicorn_h1c >= 0.6.2 for asgi_headers support
• cbd27e8 Merge pull request #3559 from benleembruggen/fix/http2-asgi-body-duplication
• Additional commits viewable in compare view

Updates langchain to 1.2.17

Release notes

Sourced from langchain's releases.

langchain-core==1.2.17

Changes since langchain-core==1.2.16

release(core): 1.2.17 (#35527) fix(core): extract usage metadata from serialized tracer message outputs (#35526) chore: bump the langchain-deps group across 3 directories with 7 updates (#35513) chore: bump the langchain-deps group across 3 directories with 14 updates (#35441)

Commits

• b339f65 release(langchain): 1.2.17 (#37110)
• 04e7a55 fix(fireworks): translate canonical multimodal content blocks for chat comple...
• a1f336f fix(core): preserve structured inputs on tool runs in tracers (#37108)
• ba56ac6 feat(langchain): add respond decision to HITL middleware (#37095)
• b6b836a chore: bump notebook from 7.4.5 to 7.5.6 in /libs/langchain (#37104)
• 3d96874 chore: bump notebook from 7.4.7 to 7.5.6 in /libs/text-splitters (#37105)
• 5ac6224 chore: bump aiohttp from 3.13.4 to 3.13.5 in /libs/partners/fireworks (#37106)
• 90caeef chore: bump requests from 2.33.0 to 2.33.1 in /libs/partners/fireworks (#37107)
• 38553c3 release(perplexity): 1.2.0 (#37091)
• 28f5448 feat(perplexity): add PerplexityEmbeddings (#37082)
• Additional commits viewable in compare view

Updates langfuse to 4.5.1

Commits

• See full diff in compare view

Updates langgraph to 1.1.10

Release notes

Sourced from langgraph's releases.

langgraph==1.1.10

Changes since 1.1.9

• release(prebuilt): 1.0.12, langgraph 1.1.10 (#7623)
• Revert "chore: node-level timeouts" (#7627)
• release(checkpoint): 4.0.3 (#7625)
• chore(deps): bump nbconvert from 7.17.0 to 7.17.1 in /libs/langgraph (#7573)
• chore(deps): bump python-dotenv from 1.2.1 to 1.2.2 in /libs/langgraph (#7574)
• chore: node-level timeouts (#7599)
• release(prebuilt): 1.0.11 (#7610)
• feat(prebuilt): allow ToolNode tools to return list[Command | ToolMessage] (#7596)

Commits

• cb328b5 release(prebuilt): 1.0.12, langgraph 1.1.10 (#7623)
• d177a0d Revert "chore: node-level timeouts" (#7627)
• 372d54d release(checkpoint): 4.0.3 (#7625)
• f4aee54 fix(prebuilt): hydrate ToolNode state from channels via pregel helpers (#7594)
• 85cd64e fix(checkpoint): revive lc=2 JSON blobs for safe types without allowlist (#7582)
• 53a9806 chore(deps): bump nbconvert from 7.17.0 to 7.17.1 in /libs/langgraph (#7573)
• 219fbbe chore(deps): bump python-dotenv from 1.2.1 to 1.2.2 in /libs/langgraph (#7574)
• aeff954 chore: node-level timeouts (#7599)
• 1a248cb release(prebuilt): 1.0.11 (#7610)
• 45246f6 feat(prebuilt): allow ToolNode tools to return list[Command | ToolMessage] (#...
• Additional commits viewable in compare view

Updates langgraph-checkpoint-postgres to 3.0.5

Release notes

Sourced from langgraph-checkpoint-postgres's releases.

langgraph-checkpoint-postgres==3.0.5

Changes since checkpointpostgres==3.0.4

• release(checkpoint-postgres): 3.0.5 (#7221)
• fix: re-use connection (#7220)
• chore(deps): bump ruff from 0.15.5 to 0.15.6 in /libs/checkpoint-postgres in the all-dependencies group (#7194)
• chore(deps): bump the all-dependencies group across 1 directory with 2 updates (#7071)
• release(checkpoint): 0.4.1 (#6966)
• chore: add serde events (#6954)
• chore: update defaults (#6953)
• release: rc2 (#6949)
• release: Candidate (#6947)
• Merge commit from fork
• chore(deps): bump the all-dependencies group in /libs/checkpoint-postgres with 2 updates (#6916)
• chore: add make type target for type checking (#6748)
• chore: bump orjson (#6852)
• chore(deps): bump langchain-core from 1.2.7 to 1.2.11 in /libs/checkpoint-postgres (#6831)
• chore(deps): bump the all-dependencies group in /libs/checkpoint-postgres with 2 updates (#6808)

Commits

• f393a54 release(checkpoint-postgres): 3.0.5 (#7221)
• 2e0fc1c fix: re-use connection (#7220)
• 7031421 release(langgraph): 1.1.3 (#7215)
• e9075b3 feat: add execution info to runtime (#7143)
• de9d7f3 chore(deps): bump the all-dependencies group in /libs/sdk-py with 2 updates (...
• 99190b4 chore(deps): bump the all-dependencies group in /libs/checkpoint-conformance ...
• 1b671bd chore(deps): bump the all-dependencies group in /libs/cli/js-monorepo-example...
• 35a3de8 chore(deps): bump the all-dependencies group in /libs/langgraph with 2 update...
• 6d6d989 chore(deps): bump the all-dependencies group in /libs/prebuilt with 2 updates...
• 9ed7572 chore(deps): bump ruff from 0.15.5 to 0.15.6 in /libs/checkpoint-postgres in ...
• Additional commits viewable in compare view

Updates openai to 2.33.0

Release notes

Sourced from openai's releases.

v2.33.0

2.33.0 (2026-04-28)

Full Changelog: v2.32.0...v2.33.0

Features

• api: api update (18f834a)

Bug Fixes

• api: correct prompt_cache_retention enum value from in-memory to in_memory (#1822) (f9d2d13)

Chores

• ci: remove release-doctor workflow (00b2091)

Changelog

Sourced from openai's changelog.

2.33.0 (2026-04-28)

Full Changelog: v2.32.0...v2.33.0

Features

• api: api update (18f834a)

Bug Fixes

• api: correct prompt_cache_retention enum value from in-memory to in_memory (#1822) (f9d2d13)

Chores

• ci: remove release-doctor workflow (00b2091)

2.32.0 (2026-04-15)

Full Changelog: v2.31.0...v2.32.0

Features

• api: Add detail to InputFileContent (60de21d)
• api: add OAuthErrorCode type (0c8d2c3)
• client: add event handler implementation for websockets (0280d05)
• client: allow enqueuing to websockets even when not connected (67aa20e)
• client: support reconnection in websockets (eb72a95)

Bug Fixes

• ensure file data are only sent as 1 parameter (c0c2ecd)

Documentation

• improve examples (84712fa)

2.31.0 (2026-04-08)

Full Changelog: v2.30.0...v2.31.0

Features

• api: add phase field to conversations message (3e5834e)
• api: add web_search_call.results to ResponseIncludable type (ffd8741)
• client: add support for short-lived tokens (#1608) (22fe722)
• client: support sending raw data over websockets (f1bc52e)

... (truncated)

Commits

• 94c88b8 release: 2.33.0 (#3119)
• c5b099c release: 2.33.0
• cb63de7 codegen metadata
• 18f834a feat(api): api update
• 00b2091 chore(ci): remove release-doctor workflow
• f9d2d13 fix(api): correct prompt_cache_retention enum value from in-memory to in_memo...
• e507a4e release: 2.32.0 (#3074)
• 750354e release: 2.31.0
• 5be9536 feat(client): add support for short-lived tokens (#1608)
• f1fd4fa feat(client): support sending raw data over websockets
• Additional commits viewable in compare view

Updates poethepoet to 0.45.0

Release notes

Sourced from poethepoet's releases.

0.45.0

Enhancements

• Add support for forwarding free arguments via $POE_EXTRA_ARGS by @​timrid in nat-n/poethepoet#380

Fixes

• Handle cancelled tasks correctly by @​timrid in nat-n/poethepoet#378
• Preserve quotes in :+/:- operator arguments (#333) by @​nat-n in nat-n/poethepoet#377
• Handle ctrl+c attempt on windows if running bat/cmd scripts by @​NSPC911 in nat-n/poethepoet#382

New Contributors

• @​timrid made their first contribution in nat-n/poethepoet#378

Full Changelog: nat-n/poethepoet@v0.44.0...v0.45.0

Commits

• 244cf0b Bump version to 0.45.0
• 3a6c09a feat: support forwarding free arguments via $POE_EXTRA_ARGS (#380)
• a1edcda fix: preserve quotes in :+/:- operator arguments (#333) (#377)
• 3e60a85 fix: handle cancelled asyncio tasks correctly (#378)
• bbdd435 fix: handle ctrl+c attempt on windows if running bat/cmd scripts (#382)
• 67a623d Bump version to 0.44.0
• 472f390 feat!: support recursive includes #317 (#372)
• 3168956 chore: optimize tests to run 17pc faster (#371)
• 6a25fba chore: bump version to 0.43.0
• 83091a5 feat!: treat false boolean args as unset env vars and add private vars (#359)
• Additional commits viewable in compare view

Updates psycopg to 3.3.4

Changelog

Sourced from psycopg's changelog.

.. currentmodule:: psycopg

.. index:: single: Release notes single: News

psycopg release notes

Current release

Psycopg 3.3.4 ^^^^^^^^^^^^^

• Fix possible spurious connection timeout in systems with very long uptimes in C extension (:ticket:[#1280](https://github.com/psycopg/psycopg/issues/1280)).
• Fix client-side adaptation of enums whose name require quotes (:ticket:[#1298](https://github.com/psycopg/psycopg/issues/1298)).
• Consistently populate ~Cursor.statusmessage after ~Cursor.executemany() (:ticket:[#1302](https://github.com/psycopg/psycopg/issues/1302)).

Psycopg 3.3.3 ^^^^^^^^^^^^^

• Retain Error.pgconn when raising a single exception for multiple connection attempt errors (:ticket:[#1246](https://github.com/psycopg/psycopg/issues/1246)).
• Return a proper error when server sends ErrorResponse for a Sync after a Parse (:ticket:[#1260](https://github.com/psycopg/psycopg/issues/1260)).

Psycopg 3.3.2 ^^^^^^^^^^^^^

Fix race condition in adapters at startup (:ticket:[#1230](https://github.com/psycopg/psycopg/issues/1230)).

Psycopg 3.3.1 ^^^^^^^^^^^^^

Fix iteration on server-side cursors (:ticket:[#1226](https://github.com/psycopg/psycopg/issues/1226)).

Psycopg 3.3.0

.. rubric:: New top-level features

• Add :ref:template strings queries \<template-strings> (:ticket:[#1054](https://github.com/psycopg/psycopg/issues/1054)).

... (truncated)

Commits

• 83f1103 chore: bump psycopg_pool package version to 3.3.1
• 1828770 chore: bump psycopg package version to 3.3.4
• 8be14bb Merge pull request #1301 from oliverhaas/fix/sync-pool-open-race
• aee0bf2 fix(pool): fix race in the construction of the sync ConnectionPool lock
• bc4d303 chore(deps): bump the actions group across 1 directory with 4 updates
• 785379f fix: retain statusmessage after executemany with returning=False
• 8882a73 perf: do less if X in Y: return Y[X] for cache-like patterns
• 2f78539 Merge pull request #1299 from dvarrazzo/fix-camel-enum
• 37ef1dc test: skip test on crdb depending on precise regtype behaviour
• 7f2f1d1 fix: fix client-side representation of enums requiring quotes
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions