Bump the python-packages group with 8 updates

[dependabot]

Bumps the python-packages group with 8 updates:

Package	From	To
sqlalchemy	2.0.48	2.0.49
python-multipart	0.0.22	0.0.24
uvicorn	0.42.0	0.44.0
faker	40.12.0	40.13.0
gevent	25.9.1	26.4.0
respx	0.22.0	0.23.1
ruff	0.15.8	0.15.9
types-jwcrypto	1.5.0.20260402	1.5.7.20260409

Updates sqlalchemy from 2.0.48 to 2.0.49

Release notes

Sourced from sqlalchemy's releases.

2.0.49

Released: April 3, 2026

orm

• [orm] [bug] Fixed issue where _orm.Session.get() would bypass the identity map and emit unnecessary SQL when with_for_update=False was passed, rather than treating it equivalently to the default of None. Pull request courtesy of Joshua Swanson.

  References: #13176

• [orm] [bug] Fixed issue where chained _orm.joinedload() options would not be applied correctly when the final relationship in the chain is declared on a base mapper and accessed through a subclass mapper in a _orm.with_polymorphic() query. The path registry now correctly computes the natural path when a property declared on a base class is accessed through a path containing a subclass mapper, ensuring the loader option can be located during query compilation.

  References: #13193

• [orm] [bug] [inheritance] Fixed issue where using _orm.Load.options() to apply a chained loader option such as _orm.joinedload() or _orm.selectinload() with _orm.PropComparator.of_type() for a polymorphic relationship would not generate the necessary clauses for the polymorphic subclasses. The polymorphic loading strategy is now correctly propagated when using a call such as joinedload(A.b).options(joinedload(B.c.of_type(poly))) to match the behavior of direct chaining e.g. joinedload(A.b).joinedload(B.c.of_type(poly)).

  References: #13202

• [orm] [bug] [inheritance] Fixed issue where using chained loader options such as _orm.selectinload() after _orm.joinedload() with _orm.PropComparator.of_type() for a polymorphic relationship would not properly apply the chained loader option. The loader option is now correctly applied when using a call such as joinedload(A.b.of_type(poly)).selectinload(poly.SubClass.c) to eagerly load related objects.

  References: #13209

typing

• [typing] [bug] Fixed a typing issue where the typed members of :data:.func would return the appropriate class of the same name, however this creates an issue for

... (truncated)

Commits

• See full diff in compare view

Updates python-multipart from 0.0.22 to 0.0.24

Release notes

Sourced from python-multipart's releases.

Version 0.0.24

What's Changed

• Validate chunk_size in parse_form() by @​Kludex in Kludex/python-multipart#244

Full Changelog: Kludex/python-multipart@0.0.23...0.0.24

Version 0.0.23

What's Changed

• Remove unused trust_x_headers parameter and X-File-Name fallback by @​jhnstrk in Kludex/python-multipart#196
• Return processed length from QuerystringParser._internal_write by @​bysiber in Kludex/python-multipart#229
• Cleanup metadata dunders from __init__.py by @​Chesars in Kludex/python-multipart#227

New Contributors

• @​Chesars made their first contribution in Kludex/python-multipart#227
• @​bysiber made their first contribution in Kludex/python-multipart#229

Full Changelog: Kludex/python-multipart@0.0.22...0.0.23

Changelog

Sourced from python-multipart's changelog.

0.0.24 (2026-04-05)

• Validate chunk_size in parse_form() #244.

0.0.23 (2026-04-05)

• Remove unused trust_x_headers parameter and X-File-Name fallback #196.
• Return processed length from QuerystringParser._internal_write #229.
• Cleanup metadata dunders from __init__.py #227.

Commits

• b7cc76d Version 0.0.24 (#245)
• 8f1838d Validate chunk_size in parse_form() (#244)
• 2582c83 Restore mkdocstrings handler options to handler level (#243)
• 8f1dbed Harden GitHub Actions workflows and add zizmor audit (#242)
• 3a4be31 Unbreak docs build on newer pygments/mkdocstrings (#241)
• e59b6b7 Add #227 to changelog (#239)
• 4bd03ea Version 0.0.23 (#238)
• aa6f106 Return processed length from QuerystringParser._internal_write (#229)
• c856319 Remove unused trust_x_headers parameter and X-File-Name fallback (#196)
• 7303c74 Bump the python-packages group with 4 updates (#237)
• Additional commits viewable in compare view

Updates uvicorn from 0.42.0 to 0.44.0

Release notes

Sourced from uvicorn's releases.

Version 0.44.0

What's Changed

• Implement websocket keepalive pings for websockets-sansio by @​Kludex in Kludex/uvicorn#2888

Full Changelog: Kludex/uvicorn@0.43.0...0.44.0

Version 0.43.0

Changed

• Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)
• Use native context parameter for create_task on Python 3.11+ (#2859)
• Drop cast in ASGI types (#2875)

---

Full Changelog: Kludex/uvicorn@0.42.0...0.43.0

Changelog

Sourced from uvicorn's changelog.

0.44.0 (April 6, 2026)

Added

• Implement websocket keepalive pings for websockets-sansio (#2888)

0.43.0 (April 3, 2026)

You can quit Uvicorn now. We heard you, @​pamelafox - all 47 of your Ctrl+C's (thanks for flagging it, and thanks to @​tiangolo for the fix 🙏). See the tweet.

Changed

• Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)
• Use native context parameter for create_task on Python 3.11+ (#2859)
• Drop cast in ASGI types (#2875)

Commits

• edb54c4 Version 0.44.0 (#2890)
• 029be08 Implement websocket keepalive pings for websockets-sansio (#2888)
• 8d397c7 Version 0.43.0 (#2885)
• 587042d 🐛 Emit http.disconnect ASGI receive() event on server shutting down for s...
• c9a75fb chore(deps): bump the github-actions group with 3 updates (#2878)
• 84fd578 chore(deps): bump pygments from 2.19.2 to 2.20.0 (#2877)
• cd52d34 Use native context parameter for create_task on Python 3.11+ (#2859)
• 5211880 Drop cast in ASGI types (#2875)
• 1cb8e74 Add websocket 500 fallback header test (#2874)
• 28efbb2 chore(deps-dev): bump cryptography from 46.0.5 to 46.0.6 (#2873)
• Additional commits viewable in compare view

Updates faker from 40.12.0 to 40.13.0

Release notes

Sourced from faker's releases.

Release v40.13.0

See CHANGELOG.md.

Changelog

Sourced from faker's changelog.

v40.13.0 - 2026-04-06

• Fix: Ensure deterministic locale selection in multi-locale mode. Thanks @​just6660 and @​patakk.

Commits

• adb7c1a Bump version: 40.12.0 → 40.13.0
• eedde76 📝 Update CHANGELOG.md
• 6fa5e28 Follow-up to #2287: Add requested tests (#2358)
• ce98d84 Fix: Ensure deterministic locale selection in multi-locale mode (#2287)
• See full diff in compare view

Updates gevent from 25.9.1 to 26.4.0

Commits

• 2a096a9 Preparing release 26.4.0
• e80421d Merge pull request #2171 from gevent/ci-py-ver-updates
• 6cfa49b test__ssl.py: PROTOCOL_TLS deprecation fix
• e2ec5eb Fix deprecations about use of SSLContext without setting a protocol.
• 3890402 lint
• 26b5b7f psutil 6 deprecated .connections, use replacement .net_connections
• cbbd53e Clean up some warnings from leakcheck.
• 3840706 test__util is getting extra greenlets when combined with test__threadpool on ...
• 408aeeb test__select: libuv on recent versions of Python isn't producing the OSError ...
• 6b6ee4e Update python versions tested in CI.
• Additional commits viewable in compare view

Updates respx from 0.22.0 to 0.23.1

Release notes

Sourced from respx's releases.

Version 0.23.1

0.23.1 (8th April 2026)

Fixed

• Fix regression causing params pattern to stop working under some conditions, by doing a strict detection of ANY in multi items patterns (#313)

CI

• Update workflows actions (#310)

Version 0.23.0

0.23.0 (7th April 2026)

Fixed

• Fix data pattern with list value (#264)
• Fix and enhance incorrect documentations about iterable side effects (#287)
• Fix documentation typo, thanks @​markhobson (#298)
• Fix support for multiple slashes // in URL path by not using urljoin when prepending path, thanks @​lewiscollard and @​Skeen (#302)
• Type Route.respond json as Any to align with HTTPX, thanks @​JacobHayes (#284)
• Properly handle ANY in MuitiItems patterns (#289)

CI

• Fix test warnings (#267)
• Add Python 3.14 to test matrix, thanks @​carlosdorneles-mb (#300)
• Update nix flake, mypy target and workflows (#306, #282)

Changelog

Sourced from respx's changelog.

[0.23.1] - 2026-04-08

Fixed

• Fix regression causing params pattern to stop working under some conditions, by doing a strict detection of ANY in multi items patterns (#313)

CI

• Update workflows actions (#310)

[0.23.0] - 2026-04-07

Fixed

• Fix data pattern with list value (#264)
• Fix and enhance incorrect documentations about iterable side effects (#287)
• Fix documentation typo, thanks @​markhobson (#298)
• Fix support for multiple slashes // in URL path by not using urljoin when prepending path, thanks @​lewiscollard and @​Skeen (#302)
• Type Route.respond json as Any to align with HTTPX, thanks @​JacobHayes (#284)
• Properly handle ANY in MuitiItems patterns (#289)

CI

• Fix test warnings (#267)
• Add Python 3.14 to test matrix, thanks @​carlosdorneles-mb (#300)
• Update nix flake, mypy target and workflows (#306, #282)

Commits

• fc8b43b Release 0.23.1
• 1da5d2f Strict detection of ANY in multi items patterns (#313)
• 6f1bf70 Bump checkout and python actions (#310)
• 62aaeab Release 0.23.0
• d8edf3d Adjust badges
• b3a193d Add downloads badge to docs
• 9961e9b Handle multiple routes using MuitiItems pattern with ANY (#289)
• e51c2a6 Update Route.respond json type hint to Any to match HTTPX (#284)
• a499260 Bump less-action/reusables from 8 to 10 (#282)
• 7b44b51 Update nix flake and mypy target (#306)
• Additional commits viewable in compare view

Updates ruff from 0.15.8 to 0.15.9

Release notes

Sourced from ruff's releases.

0.15.9

Release Notes

Released on 2026-04-02.

Preview features

• [pyflakes] Flag annotated variable redeclarations as F811 in preview mode (#24244)
• [ruff] Allow dunder-named assignments in non-strict mode for RUF067 (#24089)

Bug fixes

• [flake8-errmsg] Avoid shadowing existing msg in fix for EM101 (#24363)
• [flake8-simplify] Ignore pre-initialization references in SIM113 (#24235)
• [pycodestyle] Fix W391 fixes for consecutive empty notebook cells (#24236)
• [pyupgrade] Fix UP008 nested class matching (#24273)
• [pyupgrade] Ignore strings with string-only escapes (UP012) (#16058)
• [ruff] RUF072: skip formfeeds on dedent (#24308)
• [ruff] Avoid re-using symbol in RUF024 fix (#24316)
• [ruff] Parenthesize expression in RUF050 fix (#24234)
• Disallow starred expressions as values of starred expressions (#24280)

Rule changes

• [flake8-simplify] Suppress SIM105 for except* before Python 3.12 (#23869)
• [pyflakes] Extend F507 to flag %-format strings with zero placeholders (#24215)
• [pyupgrade] UP018 should detect more unnecessarily wrapped literals (UP018) (#24093)
• [pyupgrade] Fix UP008 callable scope handling to support lambdas (#24274)
• [ruff] RUF010: Mark fix as unsafe when it deletes a comment (#24270)

Formatter

• Add nested-string-quote-style formatting option (#24312)

Documentation

• [flake8-bugbear] Clarify RUF071 fix safety for non-path string comparisons (#24149)
• [flake8-type-checking] Clarify import cycle wording for TC001/TC002/TC003 (#24322)

Other changes

• Avoid rendering fix lines with trailing whitespace after | (#24343)

Contributors

• @​charliermarsh
• @​MichaReiser
• @​tranhoangtu-it
• @​dylwil3
• @​zsol

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.9

Released on 2026-04-02.

Preview features

• [pyflakes] Flag annotated variable redeclarations as F811 in preview mode (#24244)
• [ruff] Allow dunder-named assignments in non-strict mode for RUF067 (#24089)

Bug fixes

• [flake8-errmsg] Avoid shadowing existing msg in fix for EM101 (#24363)
• [flake8-simplify] Ignore pre-initialization references in SIM113 (#24235)
• [pycodestyle] Fix W391 fixes for consecutive empty notebook cells (#24236)
• [pyupgrade] Fix UP008 nested class matching (#24273)
• [pyupgrade] Ignore strings with string-only escapes (UP012) (#16058)
• [ruff] RUF072: skip formfeeds on dedent (#24308)
• [ruff] Avoid re-using symbol in RUF024 fix (#24316)
• [ruff] Parenthesize expression in RUF050 fix (#24234)
• Disallow starred expressions as values of starred expressions (#24280)

Rule changes

• [flake8-simplify] Suppress SIM105 for except* before Python 3.12 (#23869)
• [pyflakes] Extend F507 to flag %-format strings with zero placeholders (#24215)
• [pyupgrade] UP018 should detect more unnecessarily wrapped literals (UP018) (#24093)
• [pyupgrade] Fix UP008 callable scope handling to support lambdas (#24274)
• [ruff] RUF010: Mark fix as unsafe when it deletes a comment (#24270)

Formatter

• Add nested-string-quote-style formatting option (#24312)

Documentation

• [flake8-bugbear] Clarify RUF071 fix safety for non-path string comparisons (#24149)
• [flake8-type-checking] Clarify import cycle wording for TC001/TC002/TC003 (#24322)

Other changes

• Avoid rendering fix lines with trailing whitespace after | (#24343)

Contributors

• @​charliermarsh
• @​MichaReiser
• @​tranhoangtu-it
• @​dylwil3
• @​zsol
• @​renovate

... (truncated)

Commits

• 724ccc1 Bump 0.15.9 (#24369)
• 96d9e09 [ty] Move the deferred submodule inside infer/builder (#24368)
• 130da28 [ty] Infer the extra_items keyword argument to class-based TypedDicts as an...
• a617c54 [ty] Validate type qualifiers in functional TypedDict fields and the `extra_i...
• d851708 [ty] Improve robustness of various type-qualifier-related checks (#24251)
• aecb587 Only run the release-gate on workflow dispatch (#24366)
• b889571 [ty] Use infer_type_expression for parsing parameter annotations and return...
• 3286a62 Add a "release-gate" step to the release workflow (#24365)
• 5f88756 Disallow starred expressions as values of starred expressions (#24280)
• 5c59f8a [pyupgrade] Ignore strings with string-only escapes (UP012) (#16058)
• Additional commits viewable in compare view

Updates types-jwcrypto from 1.5.0.20260402 to 1.5.7.20260409

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Coverage Report •

File	Stmts	Miss	Branch	BrPart	Cover	Missing
TOTAL	5335	625	814	159	88%

report-only-changed-files is enabled. No files were changed during this commit :)