chore(deps): bump the python-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the python-dependencies group with 6 updates in the /backend directory:

Package	From	To
uvicorn	0.46.0	0.48.0
asyncpg	0.29.0	0.31.0
pgvector	0.2.5	0.4.2
python-multipart	0.0.27	0.0.30
pytest-asyncio	1.3.0	1.4.0
torch	2.2.2	2.12.0+cpu

Updates uvicorn from 0.46.0 to 0.48.0

Release notes

Sourced from uvicorn's releases.

Version 0.48.0

What's Changed

• Default ssl_ciphers to None and use OpenSSL defaults by @​Kludex in Kludex/uvicorn#2940
• Ignore duplicate forwarding headers in ProxyHeadersMiddleware by @​Kludex in Kludex/uvicorn#2944

Full Changelog: Kludex/uvicorn@0.47.0...0.48.0

Version 0.47.0

What's Changed

• Eagerly import the ASGI app in the parent process by @​Kludex in Kludex/uvicorn#2919
• Add ssl_context_factory for custom SSLContext configuration by @​Kludex in Kludex/uvicorn#2920
• Treat fd=0 as a valid file descriptor with reload/workers by @​eltoder in Kludex/uvicorn#2927

Full Changelog: Kludex/uvicorn@0.46.0...0.47.0

Changelog

Sourced from uvicorn's changelog.

0.48.0 (May 24, 2026)

Changed

• Default ssl_ciphers to None and use OpenSSL defaults (#2940)

Fixed

• Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)

0.47.0 (May 14, 2026)

Added

• Add ssl_context_factory for custom SSLContext configuration (#2920)

Changed

• Eagerly import the ASGI app in the parent process (#2919)

Fixed

• Treat fd=0 as a valid file descriptor with reload/workers (#2927)

Commits

• 73e84e5 Version 0.48.0 (#2951)
• 45ea116 Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)
• dd4394c chore(deps): bump idna from 3.11 to 3.15 (#2941)
• abe0781 Default ssl_ciphers to None and use OpenSSL defaults (#2940)
• 479a2c0 Version 0.47.0 (#2937)
• 89347fd Add 7-day cooldown for dependency resolution via uv exclude-newer (#2936)
• 767315b Drop unused contents/actions permissions from zizmor workflow (#2935)
• f25ee43 chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (#2933)
• 8782666 Fix typo in docs/deployment/index.md. (#2932)
• ad5ff87 Treat fd=0 as a valid file descriptor with reload/workers (#2927)
• Additional commits viewable in compare view

Updates asyncpg from 0.29.0 to 0.31.0

Release notes

Sourced from asyncpg's releases.

v0.31.0

Enable Python 3.14 with experimental subinterpreter/freethreading support.

Improvements

• Add Python 3.14 support, experimental subinterpreter/freethreading support (#1279) (by @​elprans in 9e42642b)

• Avoid performing type introspection on known types (#1243) (by @​elprans in 5c9986c4)

• Make prepare() not use named statements by default when cache is disabled (#1245) (by @​elprans in 5b14653e)

• Implement connection service file functionality (#1223) (by @​AndrewJackson2020 in 1d63bb15)

Fixes

• Fix multi port connection string issue (#1222) (by @​AndrewJackson2020 in 01c0db7b)

• Avoid leaking connections if _can_use_connection fails (#1269) (by @​yuliy-openai in e94302d2)

Other

• Drop support for EOL Python 3.8 (#1281) (by @​elprans in 6c2c4904)

v0.30.0

Support Python 3.13 and PostgreSQL 17.

Improvements

• Implement GSSAPI authentication (by @​eltoder in 1d4e5680 for #1122)

• Implement SSPI authentication (by @​eltoder in 1aab2094 for #1128)

• Add initial typings (by @​bryanforbes in d42432bf for #1127)

• Allow building with Cython 3

... (truncated)

Commits

• 71775a6 asyncpg v0.31.0
• 508cae6 Test on PostgreSQL 18 (#1290)
• e534e5f Bump cibuildwheel
• 07fe512 Bump pgproto
• 648b35f Bump Cython to 3.2.1 (#1288)
• 9e42642 Add Python 3.14 support, experimental subinterpreter/freethreading support (#...
• 6fe1c49 Move development deps away from extras and into dependency groups (#1280)
• 7a54816 Fix a couple of missed Python version guards
• 6c2c490 Drop support for EOL Python 3.8 (#1281)
• 4c60ae8 Bump version to 0.31.0.dev0
• Additional commits viewable in compare view

Updates pgvector from 0.2.5 to 0.4.2

Changelog

Sourced from pgvector's changelog.

0.4.2 (2025-12-04)

• Added support for Django 6
• Added support for str objects for bit type with SQLAlchemy

0.4.1 (2025-04-26)

• Fixed SparseVector constructor for SciPy sparse matrices

0.4.0 (2025-03-15)

• Added top-level pgvector package
• Added support for pg8000
• Added support for bytes to Bit constructor
• Changed globally option to default to False for Psycopg 2
• Changed arrays option to default to True for Psycopg 2
• Fixed equality for Vector, HalfVector, Bit, and SparseVector classes
• Fixed indices and values methods of SparseVector returning tuple instead of list in some cases
• Dropped support for Python < 3.9

0.3.6 (2024-10-26)

• Added arrays option for Psycopg 2

0.3.5 (2024-10-05)

• Added avg function with type casting to SQLAlchemy
• Added globally option for Psycopg 2

0.3.4 (2024-09-26)

• Added schema option for asyncpg

0.3.3 (2024-09-09)

• Improved support for cursor factories with Psycopg 2

0.3.2 (2024-07-17)

• Fixed error with asyncpg and pgvector < 0.7

0.3.1 (2024-07-10)

• Fixed error parsing zero sparse vectors
• Fixed error with Psycopg 2 and pgvector < 0.7
• Fixed error message when vector type not found with Psycopg 3

0.3.0 (2024-06-25)

• Added support for halfvec, bit, and sparsevec types to Django

... (truncated)

Commits

• 2968f25 Version bump to 0.4.2 [skip ci]
• 674f5ba Updated checkout action [skip ci]
• e2986da Added support for Django 6
• e211ba4 Test with Python 3.14 on CI
• 1a72b75 Updated pgvector on CI
• c820a53 Simplified examples [skip ci]
• caf1a2e Added docs for binary quantization with SQLAlchemy [skip ci]
• dc9a8f9 Added test for binary quantization with re-ranking
• 33dee60 Added support for str objects for bit type with SQLAlchemy - #137
• ee3e71c Updated format for license identifier
• Additional commits viewable in compare view

Updates python-multipart from 0.0.27 to 0.0.30

Release notes

Sourced from python-multipart's releases.

Version 0.0.30

What's Changed

• Treat only & as the urlencoded field separator by @​Kludex in Kludex/python-multipart#290
• Ignore RFC 2231 extended parameters in parse_options_header by @​Kludex in Kludex/python-multipart#291

Full Changelog: Kludex/python-multipart@0.0.29...0.0.30

Version 0.0.29

What's Changed

• Handle malformed RFC 2231 continuations in parse_options_header by @​manunio in Kludex/python-multipart#270

Full Changelog: Kludex/python-multipart@0.0.28...0.0.29

Version 0.0.28

What's Changed

• Speed up partial-boundary tail scan via bytes.find by @​Kludex in Kludex/python-multipart#281
• Cap multipart boundary length at 256 bytes by @​Kludex in Kludex/python-multipart#282

Full Changelog: Kludex/python-multipart@0.0.27...0.0.28

Changelog

Sourced from python-multipart's changelog.

0.0.30 (2026-05-31)

• Parse application/x-www-form-urlencoded bodies per the WHATWG URL standard, treating only & as a field separator #290.
• Ignore RFC 2231/5987 extended parameters (name*, filename*) in parse_options_header, keeping the plain parameter authoritative per RFC 7578 §4.2 #291.

0.0.29 (2026-05-17)

• Handle malformed RFC 2231 continuations in parse_options_header #270.

0.0.28 (2026-05-10)

• Speed up partial-boundary tail scan via bytes.find #281.
• Cap multipart boundary length at 256 bytes #282.

Commits

• 9d3ead5 Version 0.0.30 (#292)
• 3506c15 Ignore RFC 2231 extended parameters in parse_options_header (#291)
• d69df35 Treat only & as the urlencoded field separator (#290)
• 1e6ff97 Bump idna from 3.11 to 3.15 (#289)
• e3d6853 Version 0.0.29 (#288)
• a60dcdc Handle malformed RFC 2231 continuations in parse_options_header (#270)
• 75c33b2 Add 7-day cooldown for dependency resolution via uv exclude-newer (#286)
• a078b8e Bump urllib3 from 2.6.3 to 2.7.0 (#285)
• 7d8d28b Version 0.0.28 (#284)
• b0dd125 Cap multipart boundary length at 256 bytes (#282)
• Additional commits viewable in compare view

Updates pytest-asyncio from 1.3.0 to 1.4.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio v1.4.0

1.4.0 - 2026-05-26

Deprecated

• Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

• Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

  The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged.

  Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

• Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
• Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)
• Updated minimum supported pytest version to v8.4.0. (#1397)

Fixed

• Fixed a ResourceWarning: unclosed event loop warning that could occur when a synchronous test called asyncio.run() or otherwise unset the current event loop after pytest-asyncio had run an async test or fixture. (#724)

Notes for Downstream Packagers

• Added dependency on sphinx-tabs >= 3.5 to organize documentation examples into tabs. (#1395)

pytest-asyncio v1.4.0a2

1.4.0a2 - 2026-05-02

Deprecated

• Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

• Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

  The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged on pytest 8.4+.

  Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

• Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
• Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)

... (truncated)

Commits

• 6e14cd2 chore: Prepare release of v1.4.0.
• 4b900fb Build(deps): Bump codecov/codecov-action from 6.0.0 to 6.0.1
• ab9f632 Build(deps): Bump zipp from 3.23.1 to 4.1.0
• a56fc77 Build(deps): Bump hypothesis from 6.152.6 to 6.152.8
• e8bae9b Build(deps): Bump requests from 2.34.0 to 2.34.2
• fc43340 Build(deps): Bump idna from 3.14 to 3.15
• 762eaf5 Build(deps): Bump jaraco-functools from 4.4.0 to 4.5.0
• b62e222 Build(deps): Bump click from 8.3.3 to 8.4.0
• 9190447 Build(deps): Bump pydantic from 2.13.3 to 2.13.4
• 82a393c ci: Remove unnecessary debug output.
• Additional commits viewable in compare view

Updates torch from 2.2.2 to 2.12.0+cpu

[dependabot]

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[madfam-io]

@dependabot recreate