Bump the python-dependencies group with 7 updates

[dependabot]

Bumps the python-dependencies group with 7 updates:

Package	From	To
fastapi	0.114.0	0.115.0
uvicorn	0.30.6	0.31.0
anyio	4.4.0	4.6.0
idna	3.8	3.10
pydantic	2.9.1	2.9.2
pydantic-core	2.23.3	2.24.0
starlette	0.38.5	0.39.2

Updates fastapi from 0.114.0 to 0.115.0

Release notes

Sourced from fastapi's releases.

0.115.0

Highlights

Now you can declare Query, Header, and Cookie parameters with Pydantic models. 🎉

Query Parameter Models

Use Pydantic models for Query parameters:

from typing import Annotated, Literal
from fastapi import FastAPI, Query
from pydantic import BaseModel, Field
app = FastAPI()
class FilterParams(BaseModel):
limit: int = Field(100, gt=0, le=100)
offset: int = Field(0, ge=0)
order_by: Literal["created_at", "updated_at"] = "created_at"
tags: list[str] = []
@​app.get("/items/")
async def read_items(filter_query: Annotated[FilterParams, Query()]):
return filter_query

Read the new docs: Query Parameter Models.

Header Parameter Models

Use Pydantic models for Header parameters:

from typing import Annotated
from fastapi import FastAPI, Header
from pydantic import BaseModel
app = FastAPI()
class CommonHeaders(BaseModel):
host: str
save_data: bool
if_modified_since: str | None = None
traceparent: str | None = None
</tr></table>

... (truncated)

Commits

• 40e33e4 🔖 Release version 0.115.0
• b36047b 📝 Update release notes
• 7eadeb6 📝 Update release notes
• 55035f4 ✨ Add support for Pydantic models for parameters using Query, Cookie, `He...
• 0903da7 📝 Update release notes
• 4b2b14a ⬆ [pre-commit.ci] pre-commit autoupdate (#12204)
• 35df20c 📝 Update release notes
• 8eb3c56 🌐 Add Portuguese translation for `docs/pt/docs/advanced/security/http-basic-a...
• 2ada161 🔖 Release version 0.114.2
• 3a5fd71 📝 Update release notes
• Additional commits viewable in compare view

Updates uvicorn from 0.30.6 to 0.31.0

Release notes

Sourced from uvicorn's releases.

Version 0.31.0

Added

Improve ProxyHeadersMiddleware (#2468) and (#2231):

• Fix the host for requests from clients running on the proxy server itself.
• Fallback to host that was already set for empty x-forwarded-for headers.
• Also allow specifying IP Networks as trusted hosts. This greatly simplifies deployments on docker swarm/Kubernetes, where the reverse proxy might have a dynamic IP.
  • This includes support for IPv6 Address/Networks.

---

Full Changelog: encode/uvicorn@0.30.6...0.31.0

Changelog

Sourced from uvicorn's changelog.

0.31.0 (2024-09-27)

Added

Improve ProxyHeadersMiddleware (#2468) and (#2231):

• Fix the host for requests from clients running on the proxy server itself.
• Fallback to host that was already set for empty x-forwarded-for headers.
• Also allow to specify IP Networks as trusted hosts. This greatly simplifies deployments on docker swarm/kubernetes, where the reverse proxy might have a dynamic IP.
  • This includes support for IPv6 Address/Networks.

Commits

• a507532 Version 0.31.0 (#2469)
• 84dd2c4 Improve ProxyHeadersMiddleware (#2468)
• 3d26ab4 Bump cryptography from 42.0.8 to 43.0.1 (#2453)
• 47304d9 Add tests and requirements.txt to sdist (#2438)
• 1cb0c32 Add missing init files in the test suite (#2432)
• See full diff in compare view

Updates anyio from 4.4.0 to 4.6.0

Release notes

Sourced from anyio's releases.

4.6.0

• Dropped support for Python 3.8 (as #698 cannot be resolved without cancel message support)
• Fixed 100% CPU use on asyncio while waiting for an exiting task group to finish while said task group is within a cancelled cancel scope (#695)
• Fixed cancel scopes on asyncio not propagating CancelledError on exit when the enclosing cancel scope has been effectively cancelled (#698)
• Fixed asyncio task groups not yielding control to the event loop at exit if there were no child tasks to wait on
• Fixed inconsistent task uncancellation with asyncio cancel scopes belonging to a task group when said task group has child tasks running

4.5.0

• Improved the performance of anyio.Lock and anyio.Semaphore on asyncio (even up to 50 %)
• Added the fast_acquire parameter to anyio.Lock and anyio.Semaphore to further boost performance at the expense of safety (acquire() will not yield control back if there is no contention)
• Added support for the from_uri(), full_match(), parser methods/properties in anyio.Path, newly added in Python 3.13 (#737)
• Added support for more keyword arguments for run_process() and open_process(): startupinfo, creationflags, pass_fds, user, group, extra_groups and umask (#742)
• Improved the type annotations and support for PathLike in run_process() and open_process() to allow for path-like arguments, just like subprocess.Popen
• Changed the ResourceWarning from an unclosed memory object stream to include its address for easier identification
• Changed start_blocking_portal() to always use daemonic threads, to accommodate the "loitering event loop" use case
• Bumped the minimum version of Trio to v0.26.1
• Fixed __repr__() of MemoryObjectItemReceiver, when item is not defined (#767; PR by @​Danipulok)
• Fixed to_process.run_sync() failing to initialize if __main__.__file__ pointed to a file in a nonexistent directory (#696)
• Fixed AssertionError: feed_data after feed_eof on asyncio when a subprocess is closed early, before its output has been read (#490)
• Fixed TaskInfo.has_pending_cancellation() on asyncio not respecting shielded scopes (#771; PR by @​gschaffner)
• Fixed SocketStream.receive() returning bytearray instead of bytes when using asyncio with ProactorEventLoop (Windows) (#776)
• Fixed quitting the debugger in a pytest test session while in an active task group failing the test instead of exiting the test session (because the exit exception arrives in an exception group)
• Fixed support for Linux abstract namespaces in UNIX sockets that was broken in v4.2 (#781 <agronholm/anyio#781>_; PR by @​tapetersen)
• Fixed KeyboardInterrupt (ctrl+c) hanging the asyncio pytest runner

Changelog

Sourced from anyio's changelog.

Version history

This library adheres to Semantic Versioning 2.0 <http://semver.org/>_.

4.6.0

• Dropped support for Python 3.8 (as [#698](https://github.com/agronholm/anyio/issues/698) <https://github.com/agronholm/anyio/issues/698>_ cannot be resolved without cancel message support)
• Fixed 100% CPU use on asyncio while waiting for an exiting task group to finish while said task group is within a cancelled cancel scope ([#695](https://github.com/agronholm/anyio/issues/695) <https://github.com/agronholm/anyio/issues/695>_)
• Fixed cancel scopes on asyncio not propagating CancelledError on exit when the enclosing cancel scope has been effectively cancelled ([#698](https://github.com/agronholm/anyio/issues/698) <https://github.com/agronholm/anyio/issues/698>_)
• Fixed asyncio task groups not yielding control to the event loop at exit if there were no child tasks to wait on
• Fixed inconsistent task uncancellation with asyncio cancel scopes belonging to a task group when said task group has child tasks running

4.5.0

• Improved the performance of anyio.Lock and anyio.Semaphore on asyncio (even up to 50 %)
• Added the fast_acquire parameter to anyio.Lock and anyio.Semaphore to further boost performance at the expense of safety (acquire() will not yield control back if there is no contention)
• Added support for the from_uri(), full_match(), parser methods/properties in anyio.Path, newly added in Python 3.13 ([#737](https://github.com/agronholm/anyio/issues/737) <https://github.com/agronholm/anyio/issues/737>_)
• Added support for more keyword arguments for run_process() and open_process(): startupinfo, creationflags, pass_fds, user, group, extra_groups and umask ([#742](https://github.com/agronholm/anyio/issues/742) <https://github.com/agronholm/anyio/issues/742>_)
• Improved the type annotations and support for PathLike in run_process() and open_process() to allow for path-like arguments, just like subprocess.Popen
• Changed the ResourceWarning from an unclosed memory object stream to include its address for easier identification
• Changed start_blocking_portal() to always use daemonic threads, to accommodate the "loitering event loop" use case
• Bumped the minimum version of Trio to v0.26.1
• Fixed __repr__() of MemoryObjectItemReceiver, when item is not defined ([#767](https://github.com/agronholm/anyio/issues/767) <https://github.com/agronholm/anyio/pull/767>_; PR by @​Danipulok)
• Fixed to_process.run_sync() failing to initialize if __main__.__file__ pointed to a file in a nonexistent directory ([#696](https://github.com/agronholm/anyio/issues/696) <https://github.com/agronholm/anyio/issues/696>_)
• Fixed AssertionError: feed_data after feed_eof on asyncio when a subprocess is closed early, before its output has been read ([#490](https://github.com/agronholm/anyio/issues/490) <https://github.com/agronholm/anyio/issues/490>_)

... (truncated)

Commits

• 8cce749 Bumped up the version
• 01a37c6 Fixed TaskGroup and CancelScope exit issues on asyncio (#774)
• 7f35ce7 Bumped up the version
• 108cc83 [pre-commit.ci] pre-commit autoupdate (#788)
• d1aea98 Fixed KeyboardInterrupt hanging the asyncio test runner (#779)
• c1aff53 [pre-commit.ci] pre-commit autoupdate (#785)
• 89d8b4c Use sphinx_rtd_theme also as an extension
• 4e9f18d Enabled uvloop to be used in the test suite on Python 3.13
• 7de6441 Pin Sphinx to a compatible version with sphinx-rtd-theme
• 41647f4 Fixed feed_data after feed_eof assertion errors on asyncio (#752)
• Additional commits viewable in compare view

Updates idna from 3.8 to 3.10

Changelog

Sourced from idna's changelog.

3.10 (2024-09-15) +++++++++++++++++

• Reverted to Unicode 15.1.0 data. Unicode 16 has some significant changes to UTS46 processing that will require more work to properly implement.

3.9 (2024-09-13) ++++++++++++++++

• Update to Unicode 16.0.0
• Deprecate setup.cfg in favour of pyproject.toml
• Use ruff for code formatting

Thanks to Waket Zheng for contributions to this release.

Commits

• 729225d Release v3.10
• 3eef168 Merge pull request #194 from kjd/revert-unicode-16
• ceca619 Revert Unicode 16.0.0 data updates
• c43ac75 Merge pull request #191 from kjd/release-3.9
• 1b8800a Release v3.9
• a1fd168 Merge pull request #190 from kjd/unicode-16
• 7732c61 Merge branch 'master' into unicode-16
• 4ed183d Refactor membership test
• 762216b Format with ruff
• 580ece9 Implement changes to UTS46 algorithm
• Additional commits viewable in compare view

Updates pydantic from 2.9.1 to 2.9.2

Release notes

Sourced from pydantic's releases.

v2.9.2 (2024-09-17)

What's Changed

Fixes

• Do not error when trying to evaluate annotations of private attributes by @​Viicos in #10358
• Adding notes on designing sound Callable discriminators by @​sydney-runkle in #10400
• Fix serialization schema generation when using PlainValidator by @​Viicos in #10427
• Fix Union serialization warnings by @​sydney-runkle in pydantic/pydantic-core#1449
• Fix variance issue in _IncEx type alias, only allow True by @​Viicos in #10414
• Fix ZoneInfo validation with various invalid types by @​sydney-runkle in #10408

Full Changelog: pydantic/pydantic@v2.9.1...v2.9.2

Changelog

Sourced from pydantic's changelog.

v2.9.2 (2024-09-17)

GitHub release

What's Changed

Fixes

• Do not error when trying to evaluate annotations of private attributes by @​Viicos in #10358
• Adding notes on designing sound Callable discriminators by @​sydney-runkle in #10400
• Fix serialization schema generation when using PlainValidator by @​Viicos in #10427
• Fix Union serialization warnings by @​sydney-runkle in pydantic/pydantic-core#1449
• Fix variance issue in _IncEx type alias, only allow True by @​Viicos in #10414
• Fix ZoneInfo validation with various invalid types by @​sydney-runkle in #10408

Commits

• 7cedbfb history updates
• 7eab2b8 v bump
• c0a288f Fix ZoneInfo with various invalid types (#10408)
• ea6115d Fix variance issue in _IncEx type alias, only allow True (#10414)
• fbfe25a Fix serialization schema generation when using PlainValidator (#10427)
• 26cff3c Adding notes on designing callable discriminators (#10400)
• 8a0e7ad Do not error when trying to evaluate annotations of private attributes (#10358)
• See full diff in compare view

Updates pydantic-core from 2.23.3 to 2.24.0

Release notes

Sourced from pydantic-core's releases.

v2.24.0 2024-09-20

What's Changed

Features

• Add milliseconds option to ser_json_timedelta config parameter by @​ollz272 in pydantic/pydantic-core#1427
• Add support for unpacked TypedDict to type hint variadic keyword arguments in ArgumentsValidator by @​Viicos in pydantic/pydantic-core#1451

Fixes

• Do not require padding when decoding base64 bytes by @​bschoenmaeckers in pydantic/pydantic-core#1448
• Support wider variety of enum validation cases by @​sydney-runkle in pydantic/pydantic-core#1456

New Contributors

• @​bschoenmaeckers made their first contribution in pydantic/pydantic-core#1448

Full Changelog: pydantic/pydantic-core@v2.23.4...v2.24.0

v2.23.4 2024-09-16

What's Changed

• Fix variance issue in _IncEx type alias, only allow True by @​Viicos in pydantic/pydantic-core#1453
• Clean up serialization warnings for invalid data in unions by @​sydney-runkle in pydantic/pydantic-core#1449

Full Changelog: pydantic/pydantic-core@v2.23.3...v2.23.4

Commits

• 31a5156 Prep for v2.24.0 (#1458)
• f3f436e Add support for unpacked TypedDict to type hint variadic keyword arguments ...
• 8c1a0da Support wider variety of enum validation cases (#1456)
• e0b4c94 feat: add 'millisecond' option to ser_json_timedelta config parameter (#1427)
• bc0c97a Do not require padding when decoding base64 bytes (#1448)
• dbe03f6 version bump
• 4a0c332 Clean up serialization warnings for invalid data in unions (#1449)
• 16331d7 Fix variance issue in _IncEx type alias, only allow True (#1453)
• See full diff in compare view

Updates starlette from 0.38.5 to 0.39.2

Release notes

Sourced from starlette's releases.

Version 0.39.2

Fixed

• Allow use of request.url_for when only "app" scope is available #2672.
• Fix internal type hints to support python-multipart==0.0.12 #2708.

---

Full Changelog: encode/starlette@0.39.1...0.39.2

Version 0.39.1

Fixed

• Avoid regex re-compilation in responses.py and schemas.py #2700.
• Improve performance of get_route_path by removing regular expression usage #2701.
• Consider FileResponse.chunk_size when handling multiple ranges #2703.
• Use token_hex for generating multipart boundary strings #2702.

---

Full Changelog: encode/starlette@0.39.0...0.39.1

Version 0.39.0

Added

• Add support for HTTP Range to FileResponse #2697

---

Full Changelog: encode/starlette@0.38.6...0.39.0

Version 0.38.6

Fixed

• Close unclosed MemoryObjectReceiveStream in TestClient #2693.

---

Full Changelog: encode/starlette@0.38.5...0.38.6

Changelog

Sourced from starlette's changelog.

0.39.2 (September 29, 2024)

Fixed

• Allow use of request.url_for when only "app" scope is available #2672.
• Fix internal type hints to support python-multipart==0.0.12 #2708.

0.39.1 (September 25, 2024)

Fixed

• Avoid regex re-compilation in responses.py and schemas.py #2700.
• Improve performance of get_route_path by removing regular expression usage #2701.
• Consider FileResponse.chunk_size when handling multiple ranges #2703.
• Use token_hex for generating multipart boundary strings #2702.

0.39.0 (September 23, 2024)

Added

• Add support for HTTP Range to FileResponse #2697.

0.38.6 (September 22, 2024)

Fixed

• Close unclosed MemoryObjectReceiveStream in TestClient #2693.

Commits

• 0b50b9c Version 0.39.2 (#2710)
• fe46d99 Support request.url_for when only "app" scope is avaialable (#2672)
• 1a6018e Support python-multipart 0.0.12 (#2708)
• fa7b382 Version 0.39.1 (#2706)
• 075efd0 generate boundary with token_hex (#2702)
• b8139f9 Consider FileResponse.chunk_size when handling multiple ranges (#2703)
• 4fbf766 test: add tests in test_requests (#2677)
• d289ac7 perf: stop use re on get_route_path (#2701)
• 9d4d5a5 perf: avoid regex re-compile (#2700)
• 65bfd74 Version 0.39.0 (#2699)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Superseded by #3.