chore(deps)(deps): bump the production-dependencies group across 1 directory with 27 updates by dependabot[bot] · Pull Request #39 · Poolchaos/Serelo

dependabot · 2026-03-30T14:04:42Z

Bumps the production-dependencies group with 27 updates in the /backend directory:

Package	From	To
fastapi	`0.109.0`	`0.135.2`
uvicorn	`0.27.0`	`0.42.0`
pydantic	`2.5.3`	`2.12.5`
pydantic-settings	`2.1.0`	`2.13.1`
email-validator	`2.1.0`	`2.3.0`
motor	`3.3.2`	`3.7.1`
pymongo	`4.6.1`	`4.16.0`
miniopy-async	`1.19`	`1.23.4`
minio	`7.2.3`	`7.2.20`
pyjwt	`2.9.0`	`2.12.1`
python-multipart	`0.0.6`	`0.0.22`
bleach	`6.1.0`	`6.3.0`
prometheus-client	`0.19.0`	`0.24.1`
celery	`5.3.4`	`5.6.3`
python-docx	`1.1.0`	`1.2.0`
reportlab	`4.0.7`	`4.4.10`
openpyxl	`3.1.2`	`3.1.5`
anthropic	`0.39.0`	`0.86.0`
google-generativeai	`0.8.3`	`0.8.6`
tiktoken	`0.5.2`	`0.12.0`
scikit-learn	`1.3.2`	`1.8.0`
pyyaml	`6.0.1`	`6.0.3`
markdown	`3.5.1`	`3.10.2`
pytest-xdist	`3.5.0`	`3.8.0`
httpx	`0.26.0`	`0.28.1`
ruff	`0.1.11`	`0.15.8`
python-dotenv	`1.0.0`	`1.2.2`

Updates fastapi from 0.109.0 to 0.135.2

Release notes

Sourced from fastapi's releases.

0.135.2

Upgrades

⬆️ Increase lower bound to pydantic >=2.9.0. and fix the test suite. PR #15139 by @svlandeg.

Docs

📝 Add missing last release notes dates. PR #15202 by @tiangolo.

📝 Update docs for contributors and team members regarding translation PRs. PR #15200 by @YuriiMotov.

💄 Fix code blocks in reference docs overflowing table width. PR #15094 by @YuriiMotov.

📝 Fix duplicated words in docstrings. PR #15116 by @AhsanSheraz.

📝 Add docs for pyproject.toml with entrypoint. PR #15075 by @tiangolo.

📝 Update links in docs to no longer use the classes external-link and internal-link. PR #15061 by @tiangolo.

🔨 Add JS and CSS handling for automatic target=_blank for links in docs. PR #15063 by @tiangolo.

💄 Update styles for internal and external links in new tab. PR #15058 by @tiangolo.

📝 Add documentation for the FastAPI VS Code extension. PR #15008 by @savannahostrowski.

📝 Fix doctrings for max_digits and decimal_places. PR #14944 by @YuriiMotov.

📝 Add dates to release notes. PR #15001 by @YuriiMotov.

Translations

🌐 Update translations for zh (update-outdated). PR #15177 by @tiangolo.

🌐 Update translations for zh-hant (update-outdated). PR #15178 by @tiangolo.

🌐 Update translations for zh-hant (add-missing). PR #15176 by @tiangolo.

🌐 Update translations for zh (add-missing). PR #15175 by @tiangolo.

🌐 Update translations for ja (update-outdated). PR #15171 by @tiangolo.

🌐 Update translations for ko (update-outdated). PR #15170 by @tiangolo.

🌐 Update translations for tr (update-outdated). PR #15172 by @tiangolo.

🌐 Update translations for ko (add-missing). PR #15168 by @tiangolo.

🌐 Update translations for ja (add-missing). PR #15167 by @tiangolo.

🌐 Update translations for tr (add-missing). PR #15169 by @tiangolo.

🌐 Update translations for fr (update-outdated). PR #15165 by @tiangolo.

🌐 Update translations for fr (add-missing). PR #15163 by @tiangolo.

🌐 Update translations for uk (update-outdated). PR #15160 by @tiangolo.

🌐 Update translations for uk (add-missing). PR #15158 by @tiangolo.

🌐 Update translations for pt (add-missing). PR #15157 by @tiangolo.

🌐 Update translations for pt (update-outdated). PR #15159 by @tiangolo.

🌐 Update translations for es (update-outdated). PR #15155 by @tiangolo.

🌐 Update translations for es (add-missing). PR #15154 by @tiangolo.

🌐 Update translations for de (update-outdated). PR #15156 by @tiangolo.

🌐 Update translations for ru (update-and-add). PR #15152 by @tiangolo.

🌐 Update translations for de (add-missing). PR #15153 by @tiangolo.

Internal

🔨 Exclude spam comments from statistics in scripts/people.py. PR #15088 by @YuriiMotov.

⬆ Bump authlib from 1.6.7 to 1.6.9. PR #15128 by @dependabot[bot].

⬆ Bump pyasn1 from 0.6.2 to 0.6.3. PR #15143 by @dependabot[bot].

⬆ Bump ujson from 5.11.0 to 5.12.0. PR #15150 by @dependabot[bot].

🔨 Tweak translation workflow and translation fixer tool. PR #15166 by @YuriiMotov.

... (truncated)

Commits

25a3697 🔖 Release version 0.135.2
ab125da 📝 Update release notes
122b6d4 📝 Add missing last release notes dates (#15202)
68ac0ab 📝 Update release notes
ea6e287 📝 Update docs for contributors and team members regarding translation PRs (#1...
d0a6f20 📝 Update release notes
fd9e192 💄 Fix code blocks in reference docs overflowing table width (#15094)
fce9460 📝 Update release notes
0227991 🔨 Exclude spam comments from statistics in scripts/people.py (#15088)
cbd64b0 📝 Update release notes
Additional commits viewable in compare view

Updates uvicorn from 0.27.0 to 0.42.0

Release notes

Sourced from uvicorn's releases.

Version 0.42.0

Changed

Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

Escape brackets and backslash in httptools HEADER_RE regex (#2824)

Fix multiple issues in websockets sans-io implementation (#2825)

New Contributors

@bysiber made their first contribution in Kludex/uvicorn#2825

Full Changelog: Kludex/uvicorn@0.41.0...0.42.0

Version 0.41.0

Added

Add --limit-max-requests-jitter to stagger worker restarts (#2707)

Add socket path to scope["server"] (#2561)

Changed

Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

Ignore permission denied errors in watchfiles reloader (#2817)

Ensure lifespan shutdown runs when should_exit is set during startup (#2812)

Reduce the log level of 'request limit exceeded' messages (#2788)

New Contributors

@t-kawasumi made their first contribution in Kludex/uvicorn#2776

@fardyn made their first contribution in Kludex/uvicorn#2800

@ewie made their first contribution in Kludex/uvicorn#2807

@shevron made their first contribution in Kludex/uvicorn#2788

@jonashaag made their first contribution in Kludex/uvicorn#2707

Full Changelog: Kludex/uvicorn@0.40.0...0.41.0

Version 0.40.0

What's Changed

... (truncated)

Changelog

Sourced from uvicorn's changelog.

0.42.0 (March 16, 2026)

Changed

Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

Escape brackets and backslash in httptools HEADER_RE regex (#2824)

Fix multiple issues in websockets sans-io implementation (#2825)

0.41.0 (February 16, 2026)

Added

Add --limit-max-requests-jitter to stagger worker restarts (#2707)

Add socket path to scope["server"] (#2561)

Changed

Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

Ignore permission denied errors in watchfiles reloader (#2817)

Ensure lifespan shutdown runs when should_exit is set during startup (#2812)

Reduce the log level of 'request limit exceeded' messages (#2788)

0.40.0 (December 21, 2025)

Remove

Drop support for Python 3.9 (#2772)

0.39.0 (December 21, 2025)

Fixed

Send close frame on ASGI return for WebSockets (#2769)

Explicitly start ASGI run with empty context (#2742)

0.38.0 (October 18, 2025)

Added

Support Python 3.14 (#2723)

0.37.0 (September 23, 2025)

Added

... (truncated)

Commits

02bed6f Version 0.42.0 (#2852)
d8f2501 chore: pre-create Config objects in benchmarks to measure protocol hot paths ...
9dbb783 Add WebSocket protocol benchmarks for wsproto and websockets-sansio (#2849)
b3c69da Use bytearray for request body accumulation (#2845)
3f3ebee Disable pytest-xdist for CodSpeed benchmark runs (#2847)
d072de7 Add fragmented body benchmark for chunked body accumulation (#2846)
e300c2c Add CodSpeed benchmark suite for HTTP protocol hot paths (#2844)
1fa6976 Escape brackets and backslash in httptools HEADER_RE regex (#2824)
59ec1de Fix multiple issues in websockets sansio implementation (#2825)
2fc0efc Clarify Windows asyncio event loop selection in docs (#2843)
Additional commits viewable in compare view

Updates pydantic from 2.5.3 to 2.12.5

Release notes

Sourced from pydantic's releases.

v2.12.5 2025-11-26

v2.12.5 (2025-11-26)

This is the fifth 2.12 patch release, addressing an issue with the MISSING sentinel and providing several documentation improvements.

The next 2.13 minor release will be published in a couple weeks, and will include a new polymorphic serialization feature addressing the remaining unexpected changes to the serialize as any behavior.

Fix pickle error when using model_construct() on a model with MISSING as a default value by @ornariece in #12522.

Several updates to the documentation by @Viicos.

Full Changelog: pydantic/pydantic@v2.12.4...v2.12.5

v2.12.4 2025-11-05

v2.12.4 (2025-11-05)

This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.

This patch release also fixes an issue with the serialization of IP address types, when serialize_as_any is used. The next patch release will try to address the remaining issues with serialize as any behavior by introducing a new polymorphic serialization feature, that should be used in most cases in place of serialize as any.

Fix issue with forward references in parent TypedDict classes by @Viicos in #12427.

This issue is only relevant on Python 3.14 and greater.

Exclude fields with exclude_if from JSON Schema required fields by @Viicos in #12430

Revert URL percent-encoding of credentials in the build() method of the AnyUrl and Dsn types by @davidhewitt in pydantic-core#1833.

This was initially considered as a bugfix, but caused regressions and as such was fully reverted. The next release will include an opt-in option to percent-encode components of the URL.

Add type inference for IP address types by @davidhewitt in pydantic-core#1868.

The 2.12 changes to the serialize_as_any behavior made it so that IP address types could not properly serialize to JSON.

Avoid getting default values from defaultdict by @davidhewitt in pydantic-core#1853.

This fixes a subtle regression in the validation behavior of the collections.defaultdict type.

Fix issue with field serializers on nested typed dictionaries by @davidhewitt in pydantic-core#1879.

Add more pydantic-core builds for the three-threaded version of Python 3.14 by @davidhewitt in pydantic-core#1864.

Full Changelog: pydantic/pydantic@v2.12.3...v2.12.4

v2.12.3 2025-10-17

v2.12.3 (2025-10-17)

What's Changed

This is the third 2.13 patch release, fixing issues related to the FieldInfo class, and reverting a change to the supported after model validator function signatures.

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.12.5 (2025-11-26)

GitHub release

This is the fifth 2.12 patch release, addressing an issue with the MISSING sentinel and providing several documentation improvements.

The next 2.13 minor release will be published in a couple weeks, and will include a new polymorphic serialization feature addressing the remaining unexpected changes to the serialize as any behavior.

Fix pickle error when using model_construct() on a model with MISSING as a default value by @ornariece in #12522.

Several updates to the documentation by @Viicos.

v2.12.4 (2025-11-05)

GitHub release

This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.

This patch release also fixes an issue with the serialization of IP address types, when serialize_as_any is used. The next patch release will try to address the remaining issues with serialize as any behavior by introducing a new polymorphic serialization feature, that should be used in most cases in place of serialize as any.

Fix issue with forward references in parent TypedDict classes by @Viicos in #12427.

This issue is only relevant on Python 3.14 and greater.

Exclude fields with exclude_if from JSON Schema required fields by @Viicos in #12430

Revert URL percent-encoding of credentials in the build() method of the AnyUrl and Dsn types by @davidhewitt in pydantic-core#1833.

This was initially considered as a bugfix, but caused regressions and as such was fully reverted. The next release will include an opt-in option to percent-encode components of the URL.

Add type inference for IP address types by @davidhewitt in pydantic-core#1868.

The 2.12 changes to the serialize_as_any behavior made it so that IP address types could not properly serialize to JSON.

Avoid getting default values from defaultdict by @davidhewitt in pydantic-core#1853.

This fixes a subtle regression in the validation behavior of the collections.defaultdict type.

Fix issue with field serializers on nested typed dictionaries by @davidhewitt in pydantic-core#1879.

Add more pydantic-core builds for the three-threaded version of Python 3.14 by @davidhewitt in pydantic-core#1864.

v2.12.3 (2025-10-17)

GitHub release

... (truncated)

Commits

bd2d0dd Prepare release v2.12.5
7d0302e Document security implications when using create_model()
e9ef980 Fix typo in Standard Library Types documentation
f2c20c0 Add pydantic-docs dev dependency, make use of versioning blocks
a76c1aa Update documentation about JSON Schema
8cbc72c Add documentation about custom __init__()
99eba59 Add additional test for FieldInfo.get_default()
c710769 Special case MISSING sentinel in smart_deepcopy()
20a9d77 Do not delete mock validator/serializer in rebuild_dataclass()
c86515a Update parts of the model and revalidate_instances documentation
Additional commits viewable in compare view

Updates pydantic-settings from 2.1.0 to 2.13.1

Release notes

Sourced from pydantic-settings's releases.

v2.13.0

What's Changed

fix: Deterministic alias selection when using validate_by_name by @chbndrhnns in pydantic/pydantic-settings#707

add deep merge functionality to config file sources by @pmeier in pydantic/pydantic-settings#698

Add support for AWS Secrets Manager VersionId parameter by @jcyamacho in pydantic/pydantic-settings#708

bugfix: Return None for inaccessible GCP Secret Manager secrets by @zaphod72 in pydantic/pydantic-settings#712

Bugfix for cli_kebab_case="all" and CliImplicitFlag[bool] by @Digity101 in pydantic/pydantic-settings#702

Unpack type alisases when looking for NoDecode by @tselepakis in pydantic/pydantic-settings#695

CliToggleFlag and CliDualFlag by @kschwab in pydantic/pydantic-settings#717

Fix for CLI duplicate enum field values. by @kschwab in pydantic/pydantic-settings#722

fixed load nested config from env by @Sube-py in pydantic/pydantic-settings#723

Add non-Path files support (for example Traversable) and open files using Path.open method by @mahenzon in pydantic/pydantic-settings#724

add one more traversable test by @mahenzon in pydantic/pydantic-settings#725

CLI fix fox external list args. by @kschwab in pydantic/pydantic-settings#727

fix: handle case-insensitive retrieval in GoogleSecretManagerSettingsSource by @ezwiefel in pydantic/pydantic-settings#730

CLI test fixes for help text formatting. by @kschwab in pydantic/pydantic-settings#735

Avoid conflicts with the NAME environment variable in WSL by @kzrnm in pydantic/pydantic-settings#747

fix: When restoring init kwargs, use deterministic order by @chbndrhnns in pydantic/pydantic-settings#746

Add env_prefix_target by @kzrnm in pydantic/pydantic-settings#749

Remove (default: …) in the help message for CliToggleFlag by @kzrnm in pydantic/pydantic-settings#740

Add support for CLI serialize styles. by @kschwab in pydantic/pydantic-settings#755

Add support for overriding default help on CLI internal parser. by @kschwab in pydantic/pydantic-settings#758

CLI format_help method support by @kschwab in pydantic/pydantic-settings#759

feat(gcp): support SecretVersion annotation for per-field secret versioning by @ezwiefel in pydantic/pydantic-settings#763

Allow snake_case_conversion with env_prefix for Azure Key Vault source by @cstarkers in pydantic/pydantic-settings#762

fix: Only override preferred_key when no value was found by @chbndrhnns in pydantic/pydantic-settings#767

Update deps by @hramezani in pydantic/pydantic-settings#768

CLI coerce numeric types. by @kschwab in pydantic/pydantic-settings#769

CLI Union Discriminator Choices in Help by @kschwab in pydantic/pydantic-settings#764

Add nested path support for yaml_config_section (fixes #772) by @hugo-romero-mm in pydantic/pydantic-settings#773

Prepare release 2.13.0 by @hramezani in pydantic/pydantic-settings#777

New Contributors

@pmeier made their first contribution in pydantic/pydantic-settings#698

@jcyamacho made their first contribution in pydantic/pydantic-settings#708

@zaphod72 made their first contribution in pydantic/pydantic-settings#712

@Digity101 made their first contribution in pydantic/pydantic-settings#702

@Sube-py made their first contribution in pydantic/pydantic-settings#723

@mahenzon made their first contribution in pydantic/pydantic-settings#724

@kzrnm made their first contribution in pydantic/pydantic-settings#747

@cstarkers made their first contribution in pydantic/pydantic-settings#762

@hugo-romero-mm made their first contribution in pydantic/pydantic-settings#773

Full Changelog: pydantic/pydantic-settings@v2.12.0...v2.13.0

v2.12.0

What's Changed

Support for enum kebab case. by @kschwab in pydantic/pydantic-settings#686

Apply source order: init > env > dotenv > secrets > defaults and pres… by @chbndrhnns in pydantic/pydantic-settings#688

Add NestedSecretsSettings source by @makukha in pydantic/pydantic-settings#690

... (truncated)

Commits

e87d12d v2.13.1 (#790)
acf8c14 Fix JSON decoding for parameterized PEP 695 type aliases (#780)
58b236a Fix AttributeError with nested env vars for dict fields (#785) (#786)
4933f06 Fix CLI parsing error for set field types since 2.13.0 (#787) (#788)
bd0ebe6 Fix RecursionError with self-referential models in CliApp (#783)
eb7840e Fix regression for bool fields since 2.13.0 (#784)
198e71c Prepare release 2.13.0 (#777)
de71e84 Add nested path support for yaml_config_section (fixes #772) (#773)
0f8f951 CLI Union Discriminator Choices in Help (#764)
ce9804c CLI coerce numeric types. (#769)
Additional commits viewable in compare view

Updates email-validator from 2.1.0 to 2.3.0

Release notes

Sourced from email-validator's releases.

v2.3.0

The package name is changed from using an underscore (email_validator) to a dash (email-validator) to match PyPi's normalized package name.

The library no longer checks that the local part is at most 64 characters because a more careful reading of RFC 5321 indicates the limit is optional and such email addresses have been found in the wild. However the check can be restored using a new strict=True parameter, and the overall 254 character email address length limit is still in place.

New EmailSyntaxError messages are used for some exiting syntax errors related to @-sign homoglyphs and invalid characters in internationalized domains.

When using allow_display_name=True, display names are now returned with Unicode NFC normalization.

TypeError is now raised if something other than str (or bytes) is passed as the email address.

2.2.0 (June 20, 2024)

Email addresses with internationalized local parts could, with rare Unicode characters, be returned as valid but actually be invalid in their normalized form (returned in the normalized field). Local parts now re-validated after Unicode NFC normalization to ensure that invalid characters cannot be injected into the normalized address and that characters with length-increasing NFC normalizations cannot cause a local part to exceed the maximum length after normalization.

The length check for email addresses with internationalized local parts is now also applied to the original address string prior to Unicode NFC normalization, which may be longer and could exceed the maximum email address length, to protect callers who do not use the returned normalized address.

Improved error message for IDNA domains that are too long or have invalid characters after Unicode normalization.

A new option to parse My Name <address@domain> strings, i.e. a display name plus an email address in angle brackets, is now available. It is off by default.

Improvements to Python typing.

Some additional tests added.

v2.1.2

2.1.2 (June 16, 2024)

The domain name length limit is corrected from 255 to 253 IDNA ASCII characters. I misread the RFCs.

When a domain name has no MX record but does have an A or AAAA record, if none of the IP addresses in the response are globally reachable (i.e. not Private-Use, Loopback, etc.), the response is treated as if there was no A/AAAA response and the email address will fail the deliverability check.

When a domain name has no MX record but does have an A or AAAA record, the mx field in the object returned by validate_email incorrectly held the IP addresses rather than the domain itself.

Fixes in tests.

v2.1.1 (February 26, 2024)

Fixed typo 'marking' instead of 'marketing' in case-insensitive mailbox name list.

When DNS-based deliverability checks fail, in some cases exceptions are now thrown with raise ... from for better nested exception tracking.

Fixed tests to work when no local resolver can be configured.

This project is now licensed under the Unlicense (instead of CC0).

Minor improvements to tests.

Minor improvements to code style.

Changelog

Sourced from email-validator's changelog.

2.3.0 (August 26, 2025)

The package name is changed from using an underscore (email_validator) to a dash (email-validator) to match PyPi's normalized package name.

The library no longer checks that the local part is at most 64 characters because a more careful reading of RFC 5321 indicates the limit is optional and such email addresses have been found in the wild. However the check can be restored using a new strict=True parameter, and the overall 254 character email address length limit is still in place.

New EmailSyntaxError messages are used for some exiting syntax errors related to @-sign homoglyphs and invalid characters in internationalized domains.

When using allow_display_name=True, display names are now returned with Unicode NFC normalization.

TypeError is now raised if something other than str (or bytes) is passed as the email address.

2.2.0 (June 20, 2024)

Email addresses with internationalized local parts could, with rare Unicode characters, be returned as valid but actually be invalid in their normalized form (returned in the normalized field). In particular, it is possible to get a normalized address with a ";" character, which is not valid and could change the interpretation of the address. Local parts now re-validated after Unicode NFC normalization to ensure that invalid characters cannot be injected into the normalized address and that characters with length-increasing NFC normalizations cannot cause a local part to exceed the maximum length after normalization. Thanks to khanh@calif.io from https://calif.io for reporting the issue.

The length check for email addresses with internationalized local parts is now also applied to the original address string prior to Unicode NFC normalization, which may be longer and could exceed the maximum email address length, to protect callers who do not use the returned normalized address.

Improved error message for IDNA domains that are too long or have invalid characters after Unicode normalization.

A new option to parse My Name <address@domain> strings, i.e. a display name plus an email address in angle brackets, is now available. It is off by default.

Improvements to Python typing.

Some additional tests added.

2.1.2 (June 16, 2024)

The domain name length limit is corrected from 255 to 253 IDNA ASCII characters. I misread the RFCs.

When a domain name has no MX record but does have an A or AAAA record, if none of the IP addresses in the response are globally reachable (i.e. not Private-Use, Loopback, etc.), the response is treated as if there was no A/AAAA response and the email address will fail the deliverability check.

When a domain name has no MX record but does have an A or AAAA record, the mx field in the object returned by validate_email incorrectly held the IP addresses rather than the domain itself.

Fixes in tests.

2.1.1 (February 26, 2024)

Fixed typo 'marking' instead of 'marketing' in case-insensitive mailbox name list.

When DNS-based deliverability checks fail, in some cases exceptions are now thrown with raise ... from for better nested exception tracking.

Fixed tests to work when no local resolver can be configured.

This project is now licensed under the Unlicense (instead of CC0).

Minor improvements to tests.

Minor improvements to code style.

Commits

030a63a Version 2.3.0
e943a0f Raise TypeError when an invalid argument is passed for email, closes #155
f90d256 Remove local part length check unless new strict flag is given, fixes #158
98800ba Add explicit checks for internationalized domain name characters invalid unde...
936aead Fix final syntax checks on normalized internationalized domains checking the ...
8043de4 NFC-normalize display names per UTS #39
bc08faa Add one-off error messages for full-width-at and small-commercial-at which ar...
a1c90ab Split exceptions_types.py into exceptions.py and types.py
dbcf07c Change package name from using underscore to dash to match PyPi normalized pa...
7c22208 Support ALLOW_DISPLAY_NAME and ALLOW_EMPTY_LOCAL in the CLI (#145)
Additional commits viewable in compare view

Updates motor from 3.3.2 to 3.7.1

Release notes

Sourced from motor's releases.

Motor 3.7.1

Community notes: https://www.mongodb.com/community/forums/t/motor-3-7-1-released/321388.

Motor 3.7.0

Community notes: https://www.mongodb.com/community/forums/t/motor-3-7-0-released/311077/3

Motor 3.6.1

What's Changed

PYTHON-4962 Adopt zizmor GitHub Actions security scanner by @blink1073 in mongodb/motor#312

MOTOR-1413 Install pymongo from v4.9 branch when installing from source by @blink1073 in mongodb/motor#313

PYTHON-5017 Use a separate PyPI publish step by @blink1073 in mongodb/motor#314

PYTHON-5017 Fix post-publish step by @blink1073 in mongodb/motor#315

MOTOR-1420 Add detailed return type to to_list method by @SaidBySolo in mongodb/motor#316

MOTOR-1420 Use generic return type for to_list() by @ShaneHarvey in mongodb/motor#318

Add changelog for 3.6.1 by @blink1073 in mongodb/motor#317

New Contributors

@SaidBySolo made their first contribution in mongodb/motor#316

Full Changelog: mongodb/motor@3.6.0...3.6.1

Motor 3.6.0

Community notes: https://www.mongodb.com/community/forums/t/motor-3-6-0-released/297834

Motor 3.5.3

Add GitHub Attestation support to release process.

Motor 3.5.2

Update the PyMongo dependency requirement to >=4.5 and <4.9. Apps that require PyMongo >=4.9 must upgrade to Motor >=3.6.

Motor 3.5.1

What's Changed

MOTOR-1335 AsyncIOMotorClient is not suscriptable by @blink1073 in mongodb/motor#293

MOTOR-1336 Add changelog for 3.5.1 by @blink1073 in mongodb/motor#294

Full Changelog: mongodb/motor@3.5.0...3.5.1

Motor 3.5.0

What's Changed

Drop support for Python 3.7.

Switch to using Hatchling as a build backend and remove setup.py.

Add Secure Software Development Life Cycle automation to release process. GitHub Releases for pymongocrypt now include a Software Bill of Materials, and signature files corresponding to the distribution files released on PyPI.

New Contributors

@Doekeb made their first contribution in mongodb/motor#272

Full Changelog: mongodb/motor@3.4.0...3.5.0

Motor 3.4.0

... (truncated)

Changelog

Sourced from motor's changelog.

Motor 3.7.1

The 3.7.1 release contains only documentation changes.

.. warning:: As of May 14th, 2025, Motor is deprecated in favor of the GA release of the PyMongo Async API. No new features will be added to Motor, and only bug fixes will be provided until it reaches end of life on May 14th, 2026. After that, only critical bug fixes will be made until final support ends on May 14th, 2027. We strongly recommend migrating to the PyMongo Async API while Motor is still supported. For help transitioning, see the Migrate to PyMongo Async guide <https://www.mongodb.com/docs/languages/python/pymongo-driver/current/reference/migration/>_.

Motor 3.7.0

Add support for PyMongo 4.10.

Drop support for Python 3.8.

Drop support for MongoDB 3.6.

Motor 3.6.1

Add return type to to_list method in stub file.

Fix ability to install pymongo from source while testing.

Motor 3.6.0

Add support for MongoDB 8.0 and PyMongo 4.9.

The length parameter in :meth:MotorCursor.to_list is now optional.

.. note::

This is the last planned minor version of Motor. We are sunsetting Motor in favor of native asyncio support in PyMongo 4.9+. We will continue to provide security releases and bug fixes for Motor, but it will not gain new features.

Motor 3.5.1

Fix runtime behavior of Motor generic class typing, e.g. client: AsyncIOMotorClient[Dict[str, Any]].

Motor 3.5.0

Drop support for Python 3.7.

Switch to using Hatchling as a build backend and remove setup.py.

Add Secure Software Development Life Cycle automation to release process. GitHub Releases for pymongocrypt now include a Software Bill of Materials, and signature files corresponding to the distribution files released on PyPI.

Motor 3.4.0

... (truncated)

Commits

1b2e255 Bump version to 3.7.1 for release (#337)
c734a3a Update changelog for 3.7.1 (#336)
e20ae5f PYTHON-5377 - Further update assets to align with GA release of Async PyMongo...
f6a70b8 PYTHON-5377 - Update assets to align with GA release of Async PyMongo (#334)
83f735a PYTHON-5353 Use pinned sources for GitHub Actions (#333)
c291853 PYTHON-5348 Fix CodeQL Scanning for GitHub Actions (#332)
d5d0995 MOTOR-1453 & MOTOR-1454 Update expected attributes tests and links (#331)

…rectory with 27 updates Bumps the production-dependencies group with 27 updates in the /backend directory: | Package | From | To | | --- | --- | --- | | [fastapi](https://github.com/fastapi/fastapi) | `0.109.0` | `0.135.2` | | [uvicorn](https://github.com/Kludex/uvicorn) | `0.27.0` | `0.42.0` | | [pydantic](https://github.com/pydantic/pydantic) | `2.5.3` | `2.12.5` | | [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.1.0` | `2.13.1` | | [email-validator](https://github.com/JoshData/python-email-validator) | `2.1.0` | `2.3.0` | | [motor](https://github.com/mongodb/motor) | `3.3.2` | `3.7.1` | | [pymongo](https://github.com/mongodb/mongo-python-driver) | `4.6.1` | `4.16.0` | | [miniopy-async](https://github.com/hlf20010508/miniopy-async) | `1.19` | `1.23.4` | | [minio](https://github.com/minio/minio-py) | `7.2.3` | `7.2.20` | | [pyjwt](https://github.com/jpadilla/pyjwt) | `2.9.0` | `2.12.1` | | [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.6` | `0.0.22` | | [bleach](https://github.com/mozilla/bleach) | `6.1.0` | `6.3.0` | | [prometheus-client](https://github.com/prometheus/client_python) | `0.19.0` | `0.24.1` | | [celery](https://github.com/celery/celery) | `5.3.4` | `5.6.3` | | [python-docx](https://github.com/python-openxml/python-docx) | `1.1.0` | `1.2.0` | | [reportlab](https://www.reportlab.com/) | `4.0.7` | `4.4.10` | | [openpyxl](https://openpyxl.readthedocs.io) | `3.1.2` | `3.1.5` | | [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.39.0` | `0.86.0` | | [google-generativeai](https://github.com/google/generative-ai-python) | `0.8.3` | `0.8.6` | | [tiktoken](https://github.com/openai/tiktoken) | `0.5.2` | `0.12.0` | | [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.3.2` | `1.8.0` | | [pyyaml](https://github.com/yaml/pyyaml) | `6.0.1` | `6.0.3` | | [markdown](https://github.com/Python-Markdown/markdown) | `3.5.1` | `3.10.2` | | [pytest-xdist](https://github.com/pytest-dev/pytest-xdist) | `3.5.0` | `3.8.0` | | [httpx](https://github.com/encode/httpx) | `0.26.0` | `0.28.1` | | [ruff](https://github.com/astral-sh/ruff) | `0.1.11` | `0.15.8` | | [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.0` | `1.2.2` | Updates `fastapi` from 0.109.0 to 0.135.2 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.109.0...0.135.2) Updates `uvicorn` from 0.27.0 to 0.42.0 - [Release notes](https://github.com/Kludex/uvicorn/releases) - [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md) - [Commits](Kludex/uvicorn@0.27.0...0.42.0) Updates `pydantic` from 2.5.3 to 2.12.5 - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](pydantic/pydantic@v2.5.3...v2.12.5) Updates `pydantic-settings` from 2.1.0 to 2.13.1 - [Release notes](https://github.com/pydantic/pydantic-settings/releases) - [Commits](pydantic/pydantic-settings@v2.1.0...v2.13.1) Updates `email-validator` from 2.1.0 to 2.3.0 - [Release notes](https://github.com/JoshData/python-email-validator/releases) - [Changelog](https://github.com/JoshData/python-email-validator/blob/main/CHANGELOG.md) - [Commits](JoshData/python-email-validator@v2.1.0...v2.3.0) Updates `motor` from 3.3.2 to 3.7.1 - [Release notes](https://github.com/mongodb/motor/releases) - [Changelog](https://github.com/mongodb/motor/blob/master/doc/changelog.rst) - [Commits](mongodb/motor@3.3.2...3.7.1) Updates `pymongo` from 4.6.1 to 4.16.0 - [Release notes](https://github.com/mongodb/mongo-python-driver/releases) - [Changelog](https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst) - [Commits](mongodb/mongo-python-driver@4.6.1...4.16.0) Updates `miniopy-async` from 1.19 to 1.23.4 - [Release notes](https://github.com/hlf20010508/miniopy-async/releases) - [Commits](hlf20010508/miniopy-async@1.19...1.23.4) Updates `minio` from 7.2.3 to 7.2.20 - [Release notes](https://github.com/minio/minio-py/releases) - [Commits](minio/minio-py@7.2.3...7.2.20) Updates `pyjwt` from 2.9.0 to 2.12.1 - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](jpadilla/pyjwt@2.9.0...2.12.1) Updates `python-multipart` from 0.0.6 to 0.0.22 - [Release notes](https://github.com/Kludex/python-multipart/releases) - [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md) - [Commits](Kludex/python-multipart@0.0.6...0.0.22) Updates `bleach` from 6.1.0 to 6.3.0 - [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES) - [Commits](mozilla/bleach@v6.1.0...v6.3.0) Updates `prometheus-client` from 0.19.0 to 0.24.1 - [Release notes](https://github.com/prometheus/client_python/releases) - [Commits](prometheus/client_python@v0.19.0...v0.24.1) Updates `celery` from 5.3.4 to 5.6.3 - [Release notes](https://github.com/celery/celery/releases) - [Changelog](https://github.com/celery/celery/blob/v5.6.3/Changelog.rst) - [Commits](celery/celery@v5.3.4...v5.6.3) Updates `python-docx` from 1.1.0 to 1.2.0 - [Changelog](https://github.com/python-openxml/python-docx/blob/master/HISTORY.rst) - [Commits](python-openxml/python-docx@v1.1.0...v1.2.0) Updates `reportlab` from 4.0.7 to 4.4.10 Updates `openpyxl` from 3.1.2 to 3.1.5 Updates `anthropic` from 0.39.0 to 0.86.0 - [Release notes](https://github.com/anthropics/anthropic-sdk-python/releases) - [Changelog](https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md) - [Commits](anthropics/anthropic-sdk-python@v0.39.0...v0.86.0) Updates `google-generativeai` from 0.8.3 to 0.8.6 - [Release notes](https://github.com/google/generative-ai-python/releases) - [Changelog](https://github.com/google-gemini/deprecated-generative-ai-python/blob/main/RELEASE.md) - [Commits](google-gemini/deprecated-generative-ai-python@v0.8.3...v0.8.6) Updates `tiktoken` from 0.5.2 to 0.12.0 - [Release notes](https://github.com/openai/tiktoken/releases) - [Changelog](https://github.com/openai/tiktoken/blob/main/CHANGELOG.md) - [Commits](openai/tiktoken@0.5.2...0.12.0) Updates `scikit-learn` from 1.3.2 to 1.8.0 - [Release notes](https://github.com/scikit-learn/scikit-learn/releases) - [Commits](scikit-learn/scikit-learn@1.3.2...1.8.0) Updates `pyyaml` from 6.0.1 to 6.0.3 - [Release notes](https://github.com/yaml/pyyaml/releases) - [Changelog](https://github.com/yaml/pyyaml/blob/6.0.3/CHANGES) - [Commits](yaml/pyyaml@6.0.1...6.0.3) Updates `markdown` from 3.5.1 to 3.10.2 - [Release notes](https://github.com/Python-Markdown/markdown/releases) - [Changelog](https://github.com/Python-Markdown/markdown/blob/master/docs/changelog.md) - [Commits](Python-Markdown/markdown@3.5.1...3.10.2) Updates `pytest-xdist` from 3.5.0 to 3.8.0 - [Release notes](https://github.com/pytest-dev/pytest-xdist/releases) - [Changelog](https://github.com/pytest-dev/pytest-xdist/blob/master/CHANGELOG.rst) - [Commits](pytest-dev/pytest-xdist@v3.5.0...v3.8.0) Updates `httpx` from 0.26.0 to 0.28.1 - [Release notes](https://github.com/encode/httpx/releases) - [Changelog](https://github.com/encode/httpx/blob/master/CHANGELOG.md) - [Commits](encode/httpx@0.26.0...0.28.1) Updates `ruff` from 0.1.11 to 0.15.8 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@v0.1.11...0.15.8) Updates `python-dotenv` from 1.0.0 to 1.2.2 - [Release notes](https://github.com/theskumar/python-dotenv/releases) - [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md) - [Commits](theskumar/python-dotenv@v1.0.0...v1.2.2) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.135.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: uvicorn dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: pydantic dependency-version: 2.12.5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: pydantic-settings dependency-version: 2.13.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: email-validator dependency-version: 2.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: motor dependency-version: 3.7.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: pymongo dependency-version: 4.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: miniopy-async dependency-version: 1.23.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: minio dependency-version: 7.2.20 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: pyjwt dependency-version: 2.12.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: python-multipart dependency-version: 0.0.22 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: bleach dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: prometheus-client dependency-version: 0.24.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: celery dependency-version: 5.6.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: python-docx dependency-version: 1.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: reportlab dependency-version: 4.4.10 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: openpyxl dependency-version: 3.1.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: anthropic dependency-version: 0.86.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: google-generativeai dependency-version: 0.8.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: tiktoken dependency-version: 0.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: scikit-learn dependency-version: 1.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: pyyaml dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: markdown dependency-version: 3.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: pytest-xdist dependency-version: 3.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: httpx dependency-version: 0.28.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: ruff dependency-version: 0.15.8 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: python-dotenv dependency-version: 1.2.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-03-30T14:04:43Z

Labels

The following labels could not be found: dependencies, python, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps)(deps): bump the production-dependencies group across 1 directory with 27 updates#39

chore(deps)(deps): bump the production-dependencies group across 1 directory with 27 updates#39
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/backend/production-dependencies-4eb1372483

dependabot Bot commented on behalf of github Mar 30, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Mar 30, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Mar 30, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

0.135.2

Upgrades

Docs

Translations

Internal

Version 0.42.0

Changed

Fixed

New Contributors

Version 0.41.0

Added

Changed

Fixed

New Contributors

Version 0.40.0

What's Changed

0.42.0 (March 16, 2026)

Changed

Fixed

0.41.0 (February 16, 2026)

Added

Changed

Fixed

0.40.0 (December 21, 2025)

Remove

0.39.0 (December 21, 2025)

Fixed

0.38.0 (October 18, 2025)

Added

0.37.0 (September 23, 2025)

Added

v2.12.5 2025-11-26

v2.12.5 (2025-11-26)

v2.12.4 2025-11-05

v2.12.4 (2025-11-05)

v2.12.3 2025-10-17

v2.12.3 (2025-10-17)

What's Changed

v2.12.5 (2025-11-26)

v2.12.4 (2025-11-05)

v2.12.3 (2025-10-17)

v2.13.0

What's Changed

New Contributors

v2.12.0

What's Changed

v2.3.0

2.2.0 (June 20, 2024)

v2.1.2

2.1.2 (June 16, 2024)

v2.1.1 (February 26, 2024)

2.3.0 (August 26, 2025)

2.2.0 (June 20, 2024)

2.1.2 (June 16, 2024)

2.1.1 (February 26, 2024)

Motor 3.7.1

Motor 3.7.0

Motor 3.6.1

What's Changed

New Contributors

Motor 3.6.0

Motor 3.5.3

Motor 3.5.2

Motor 3.5.1

What's Changed

Motor 3.5.0

What's Changed

New Contributors

Motor 3.4.0

Motor 3.7.1

Motor 3.7.0

Motor 3.6.1

Motor 3.6.0

Motor 3.5.1

Motor 3.5.0

Motor 3.4.0

Uh oh!

dependabot Bot commented on behalf of github Mar 30, 2026 •

edited

Loading