Bumps the python-dependencies group with 5 updates in the / directory:

Updates pydantic from 2.13.3 to 2.13.4

Sourced from pydantic's releases.

v2.13.4 2026-05-06

v2.13.4 (2026-05-06)

What's Changed

Packaging

• Bump libc from 0.2.155 to 0.2.185 by @​Viicos in #13109
• Adapt pydantic-core linker flags on macOS by @​washingtoneg and @​Viicos in #13147

Fixes

• Preserve RootModel core metadata by @​Viicos in #13129

Full Changelog: pydantic/pydantic@v2.13.3...v2.13.4

Sourced from pydantic's changelog.

v2.13.4 (2026-05-06)

GitHub release

What's Changed

Packaging

• Bump libc from 0.2.155 to 0.2.185 by @​Viicos in #13109
• Adapt pydantic-core linker flags on macOS by @​washingtoneg and @​Viicos in #13147

Fixes

• Preserve RootModel core metadata by @​Viicos in #13129

• cf67d4b Fix linting
• f0d8a21 Prepare release v2.13.4
• 5e3fe1d Check for pydantic tag pattern in CI
• 7f9edcc Document tagging conventions
• b46a0c9 Adapt pydantic-core linker flags on macOS
• 50629c8 Update to PyPy 7.3.22
• 8522ebb Preserve RootModel core metadata
• a37f3af Adapt MISSING sentinel test to work with unreleased typing_extensions ver...
• 909259a Remove Logfire example in documentation
• 2c4174c Bump libc from 0.2.155 to 0.2.185
• See full diff in compare view

Updates pydantic-settings from 2.14.0 to 2.14.1

Sourced from pydantic-settings's releases.

v2.14.1

What's Changed

• Bump the python-packages group with 4 updates by @​dependabot[bot] in pydantic/pydantic-settings#850
• Bump the python-packages group with 5 updates by @​dependabot[bot] in pydantic/pydantic-settings#854
• Bump the github-actions group with 3 updates by @​dependabot[bot] in pydantic/pydantic-settings#853
• Bump the python-packages group with 2 updates by @​dependabot[bot] in pydantic/pydantic-settings#856
• Fix field named cls conflicting with classmethod parameter by @​hramezani in pydantic/pydantic-settings#858
• Prepare release 2.14.1 by @​hramezani in pydantic/pydantic-settings#859

Full Changelog: pydantic/pydantic-settings@v2.14.0...v2.14.1

• e95c30b Prepare release 2.14.1 (#859)
• 0c87345 Fix field named cls conflicting with classmethod parameter (#858)
• 7bd0072 Bump the python-packages group with 2 updates (#856)
• b03e573 Bump the github-actions group with 3 updates (#853)
• eaa3b43 Bump the python-packages group with 5 updates (#854)
• 9f95615 Bump the python-packages group with 4 updates (#850)
• See full diff in compare view

Updates requests from 2.33.1 to 2.34.2

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

• Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

v2.34.1

2.34.1 (2026-05-13)

Bugfixes

• Widened json input type from dict and list to Mapping and Sequence. (#7436)
• Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
• Response.reason moved from str | None to str to improve handling for users. (#7437)
• Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

New Contributors

• @​k223kim made their first contribution in psf/requests#7433

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13

v2.34.0

2.34.0 (2026-05-11)

Announcements

• Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

  Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

• Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
• Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
• Requests added support for Python 3.14t. (#7419)

Bugfixes

• Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
• Requests no longer performs greedy matching on no_proxy domains. The

... (truncated)

Sourced from requests's changelog.

2.34.2 (2026-05-14)

• Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

2.34.1 (2026-05-13)

Bugfixes

• Widened json input type from dict and list to Mapping and Sequence. (#7436)
• Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
• Response.reason moved from str | None to str to improve handling for users. (#7437)
• Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

2.34.0 (2026-05-11)

Announcements

• Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

  Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

• Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
• Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
• Requests added support for Python 3.14t. (#7419)

Bugfixes

• Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
• Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
• Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)

• 6e83187 v2.34.2
• 84d10f0 Move Request.headers back to Mapping (#7441)
• b7b549b v2.34.1
• e511bc7 Fix mutability issues with headers input types (#7431)
• 5691f59 Update JsonType containers to read-based collections (#7436)
• 2144213 Constrain Response.reason to str (#7437)
• 6404f34 Fix prepare_body stream detection for __getattr__-based file wrappers (#7...
• 0b401c7 v2.34.0
• 86b378d Align Session.get parameters with requests.get (#7429)
• a4f9a59 Port bpo-39057 to Requests (#7427)
• Additional commits viewable in compare view

Updates uvicorn from 0.45.0 to 0.47.0

Sourced from uvicorn's releases.

Version 0.47.0

What's Changed

• Eagerly import the ASGI app in the parent process by @​Kludex in Kludex/uvicorn#2919
• Add ssl_context_factory for custom SSLContext configuration by @​Kludex in Kludex/uvicorn#2920
• Treat fd=0 as a valid file descriptor with reload/workers by @​eltoder in Kludex/uvicorn#2927

Full Changelog: Kludex/uvicorn@0.46.0...0.47.0

Version 0.46.0

What's Changed

• Support ws_max_size in wsproto implementation by @​Kludex in Kludex/uvicorn#2915
• Support ws_ping_interval and ws_ping_timeout in wsproto implementation by @​Kludex in Kludex/uvicorn#2916
• Use bytearray for incoming WebSocket message buffer in websockets-sansio by @​Kludex in Kludex/uvicorn#2917

Full Changelog: Kludex/uvicorn@0.45.0...0.46.0

Sourced from uvicorn's changelog.

0.47.0 (May 14, 2026)

Added

• Add ssl_context_factory for custom SSLContext configuration (#2920)

Changed

• Eagerly import the ASGI app in the parent process (#2919)

Fixed

• Treat fd=0 as a valid file descriptor with reload/workers (#2927)

0.46.0 (April 23, 2026)

Added

• Support ws_max_size in wsproto implementation (#2915)
• Support ws_ping_interval and ws_ping_timeout in wsproto implementation (#2916)

Changed

• Use bytearray for incoming WebSocket message buffer in websockets-sansio (#2917)

• 479a2c0 Version 0.47.0 (#2937)
• 89347fd Add 7-day cooldown for dependency resolution via uv exclude-newer (#2936)
• 767315b Drop unused contents/actions permissions from zizmor workflow (#2935)
• f25ee43 chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (#2933)
• 8782666 Fix typo in docs/deployment/index.md. (#2932)
• ad5ff87 Treat fd=0 as a valid file descriptor with reload/workers (#2927)
• 6761b2c Remove Hugging Face sponsor block from docs (#2923)
• 438f648 Surface sponsors on welcome page and sidebar (#2921)
• 10ddc6d Add ssl_context_factory for custom SSLContext configuration (#2920)
• b499bc4 Eagerly import the ASGI app in the parent process (#2919)
• Additional commits viewable in compare view

Updates fastapi from 0.136.0 to 0.136.1

Sourced from fastapi's releases.

0.136.1

Upgrades

• ⬆️ Update Pydantic v2 code to address deprecations. PR #15101 by @​svlandeg.

Internal

• 🔨 Tweak translation script. PR #15174 by @​YuriiMotov.
• ⬆ Bump mkdocs-material from 9.7.1 to 9.7.6. PR #15408 by @​dependabot[bot].
• ⬆ Bump inline-snapshot from 0.31.1 to 0.32.6. PR #15409 by @​dependabot[bot].
• ⬆ Bump pytest-codspeed from 4.3.0 to 4.4.0. PR #15407 by @​dependabot[bot].
• ⬆ Bump pytest-cov from 7.0.0 to 7.1.0. PR #15406 by @​dependabot[bot].
• ⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR #15405 by @​dependabot[bot].
• ⬆ Bump mypy from 1.19.1 to 1.20.1. PR #15410 by @​dependabot[bot].
• ⬆ Bump python-dotenv from 1.2.1 to 1.2.2. PR #15400 by @​dependabot[bot].
• ⬆ Bump starlette from 0.52.1 to 1.0.0. PR #15397 by @​dependabot[bot].
• ⬆ Bump pygithub from 2.8.1 to 2.9.1. PR #15396 by @​dependabot[bot].
• ⬆ Bump pyjwt from 2.12.0 to 2.12.1. PR #15393 by @​dependabot[bot].
• ⬆ Bump zizmor from 1.23.1 to 1.24.1. PR #15394 by @​dependabot[bot].
• ⬆ Bump strawberry-graphql from 0.312.3 to 0.314.3. PR #15395 by @​dependabot[bot].
• ⬆ Bump python-multipart from 0.0.22 to 0.0.26. PR #15360 by @​dependabot[bot].
• ⬆ Bump authlib from 1.6.9 to 1.6.11. PR #15373 by @​dependabot[bot].
• ⬆ Bump aiohttp from 3.13.3 to 3.13.4. PR #15282 by @​dependabot[bot].
• ⬆ Bump pygments from 2.19.2 to 2.20.0. PR #15263 by @​dependabot[bot].
• ⬆ Bump pymdown-extensions from 10.20.1 to 10.21.2. PR #15391 by @​YuriiMotov.
• ⬆ Bump pillow from 12.1.1 to 12.2.0. PR #15333 by @​dependabot[bot].
• ⬆ Bump pytest from 9.0.2 to 9.0.3. PR #15334 by @​dependabot[bot].
• ⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR #15374 by @​dependabot[bot].
• ⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR #15385 by @​dependabot[bot].
• 🔧 Update sponsors: remove Zuplo. PR #15369 by @​tiangolo.
• 🔧 Update sponsors: remove Speakeasy. PR #15368 by @​tiangolo.
• 🔒️ Add zizmor and fix audit findings. PR #15316 by @​YuriiMotov.

• e54e5a8 🔖 Release version 0.136.1
• 9a8a5fd 📝 Update release notes
• 7815a32 ⬆️ Update Pydantic v2 code to address deprecations (#15101)
• ef1c927 📝 Update release notes
• 38039e1 🔨 Tweak translation script (#15174)
• 4fa826c 📝 Update release notes
• c394156 ⬆ Bump mkdocs-material from 9.7.1 to 9.7.6 (#15408)
• ae230ad 📝 Update release notes
• d9eb39d ⬆ Bump inline-snapshot from 0.31.1 to 0.32.6 (#15409)
• 4f8b5d1 📝 Update release notes
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions