Skip to content

Bump the python-packages group with 4 updates#397

Merged
MTSOnGithub merged 1 commit into
developfrom
dependabot/uv/python-packages-2734cca8d3
Jul 9, 2026
Merged

Bump the python-packages group with 4 updates#397
MTSOnGithub merged 1 commit into
developfrom
dependabot/uv/python-packages-2734cca8d3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-packages group with 4 updates: uvicorn, mypy, prek and setuptools.

Updates uvicorn from 0.49.0 to 0.51.0

Release notes

Sourced from uvicorn's releases.

Version 0.51.0

What's Changed

Full Changelog: Kludex/uvicorn@0.50.2...0.51.0

Version 0.50.1

What's Changed

New Contributors

Full Changelog: Kludex/uvicorn@0.50.0...0.50.1

Version 0.50.0

What's Changed

Full Changelog: Kludex/uvicorn@0.49.0...0.50.0

Changelog

Sourced from uvicorn's changelog.

0.51.0 (July 8, 2026)

Added

  • Restart workers one at a time on SIGHUP, bringing each replacement up before retiring the old worker, so reloads no longer drop requests (#3025)

Removed

  • Remove colorama from the standard extra (#3027)

0.50.2 (July 6, 2026)

Fixed

  • Require websockets>=13.0, which the default websockets-sansio implementation needs (#3021)

0.50.1 (July 6, 2026)

Fixed

  • Split comma-separated Sec-WebSocket-Protocol values in the websockets-sansio implementation (#3019)

0.50.0 (July 4, 2026)

If you use WebSockets, note that --ws auto now picks the websockets-sansio implementation. You shouldn't need it, but you can pin --ws websockets to get the deprecated legacy one back.

Changed

  • Exit with the dedicated code 3 on any startup failure: app loading, socket bind and lifespan startup errors previously exited with a mix of 0, 1 and 3 (#3001)
  • Stop the multiprocess supervisor when a worker exits with code 3 instead of restarting it forever (#3001)
  • Default --ws auto to websockets-sansio when websockets is installed (#2985)
  • Skip the eager app import in the parent process with --reload or --workers, fixing a memory regression introduced in 0.47.0 (#3012)
  • Build a fresh asgi scope dict per request (#2977)
  • Cache the asgi scope sub-dict per connection (#2976)
  • Avoid copying single-frame WebSocket payloads in websockets-sansio (#2983)
  • Memoize trusted host checks in ProxyHeadersMiddleware (#2970)
  • Replace click.style with an internal ANSI style helper (#2981)

Deprecated

  • Deprecate the legacy websockets implementation; use websockets-sansio or wsproto instead (#2985)
Commits
  • e4d0b05 Version 0.51.0 (#3028)
  • 944e43d Remove colorama from the standard extra (#3027)
  • 2e78770 Restart workers with overlap on SIGHUP for near-zero-downtime reloads (#3025)
  • a1b570c Version 0.50.2 (#3022)
  • 83c7da7 Require websockets>=13.0 for the default sansio implementation (#3021)
  • b4d0116 Version 0.50.1 (#3020)
  • 2a9151d Split comma-separated Sec-WebSocket-Protocol values in the websockets-sansi...
  • 1bf3ab4 Cover the excluded-directory branch in FileFilter with a direct test (#3014)
  • 837b5f9 Deflake multiprocess, reload, and signal supervisor tests (#2975)
  • 21d2c16 Version 0.50.0 (#3013)
  • Additional commits viewable in compare view

Updates mypy from 2.1.0 to 2.2.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 2.2

We've just uploaded mypy 2.2.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Support for Closed TypedDicts (PEP 728)

Mypy now supports closed TypedDicts as specified in PEP 728. A closed TypedDict cannot have extra keys beyond those explicitly defined. This allows the type checker to determine that certain operations are safe when they otherwise wouldn't be due to the potential presence of unknown keys.

You can use the closed keyword argument with TypedDict:

HasName = TypedDict("HasName", {"name": str})
HasOnlyName = TypedDict("HasOnlyName", {"name": str}, closed=True)
Movie = TypedDict("Movie", {"name": str, "year": int})
movie: Movie = {"name": "Nimona", "year": 2023}
has_name: HasName = movie  # OK: HasName is open (default)
has_only_name: HasOnlyName = movie  # Error: HasOnlyName is closed and Movie has extra "year" key

Closed TypedDicts enable more precise type checking because the type checker knows exactly which keys are present. This is particularly useful when working with TypedDict unions or when you want to ensure that a TypedDict conforms to an exact shape.

The closed keyword also enables safe type narrowing with in checks:

Book = TypedDict('Book', {'book': str}, closed=True)
DVD = TypedDict('DVD', {'dvd': str}, closed=True)
type Inventory = Book | DVD
def print_type(inventory: Inventory) -> None:
if "book" in inventory:
# Type is narrowed to Book here - safe because DVD is closed
print(inventory["book"])
else:
# Type is narrowed to DVD here
print(inventory["dvd"])
</tr></table>

... (truncated)

Commits

Updates prek from 0.4.6 to 0.4.8

Release notes

Sourced from prek's releases.

0.4.8

Release Notes

Released on 2026-07-04.

Enhancements

  • Add default_env configuration (#2288)
  • Rename auto-update to update (#2286)

Bug fixes

  • Fix progress collapse ordering (#2291)
  • Fix progress insertion after collapsed rows (#2292)

Contributors

Install prek 0.4.8

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/j178/prek/releases/download/v0.4.8/prek-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/j178/prek/releases/download/v0.4.8/prek-installer.ps1 | iex"

Install prebuilt binaries via Homebrew

brew install prek

Download prek 0.4.8

File Platform Checksum
prek-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
prek-x86_64-apple-darwin.tar.gz Intel macOS checksum
prek-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
prek-i686-pc-windows-msvc.zip x86 Windows checksum
prek-x86_64-pc-windows-msvc.zip x64 Windows checksum
prek-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
prek-i686-unknown-linux-gnu.tar.gz x86 Linux checksum

... (truncated)

Changelog

Sourced from prek's changelog.

0.4.8

Released on 2026-07-04.

Enhancements

  • Add default_env configuration (#2288)
  • Rename auto-update to update (#2286)

Bug fixes

  • Fix progress collapse ordering (#2291)
  • Fix progress insertion after collapsed rows (#2292)

Contributors

Commits

Updates setuptools from 81.0.0 to 83.0.0

Changelog

Sourced from setuptools's changelog.

v83.0.0

Features

  • Require Python 3.10 or later.

Bugfixes

  • MANIFEST.in matching (via FileList) is now insensitive to Unicode normalization form. A pattern authored in one form (e.g. NFC, as typically saved by editors) now matches a file whose name is stored on disk in another (e.g. NFD, as produced by macOS APFS/HFS+). Previously an exclude, global-exclude, recursive-exclude, or prune rule could silently fail to drop a non-ASCII-named file from the source distribution, publishing it despite the exclusion -- see GHSA-h35f-9h28-mq5c.

Deprecations and Removals

  • pypa/distutils#334

v82.0.1

Bugfixes

  • Fix the loading of launcher manifest.xml file. (#5047)
  • Replaced deprecated json.__version__ with fixture in tests. (#5186)

Improved Documentation

  • Add advice about how to improve predictability when installing sdists. (#5168)

Misc

v82.0.0

... (truncated)

Commits
  • 6519f72 Bump version: 82.0.1 → 83.0.0
  • d1151b1 Merge pull request #5250 from pypa/feature/distutils-d7633fbed
  • a2df31e Capture removal of dry_run parameter in changelog.
  • 00144dc Moved newsfragment to the release where it occurred.
  • a4a5a2b Add news fragment.
  • 77470c2 Merge https://github.com/pypa/distutils into feature/distutils-d7633fbed
  • 3c43897 Merge pull request #5247 from pypa/copilot/fix-pypy-version-issue
  • bb6ea66 Bump PyPy from 3.10 to 3.11 in CI workflow
  • a2bc3ac Fix broken intersphinx reference to build's installation docs
  • 2d6a739 Use stacked parametrize decorators instead of itertools.product
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the python-packages group with 4 updates: [uvicorn](https://github.com/Kludex/uvicorn), [mypy](https://github.com/python/mypy), [prek](https://github.com/j178/prek) and [setuptools](https://github.com/pypa/setuptools).


Updates `uvicorn` from 0.49.0 to 0.51.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.49.0...0.51.0)

Updates `mypy` from 2.1.0 to 2.2.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v2.1.0...v2.2.0)

Updates `prek` from 0.4.6 to 0.4.8
- [Release notes](https://github.com/j178/prek/releases)
- [Changelog](https://github.com/j178/prek/blob/master/CHANGELOG.md)
- [Commits](j178/prek@v0.4.6...v0.4.8)

Updates `setuptools` from 81.0.0 to 83.0.0
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](pypa/setuptools@v81.0.0...v83.0.0)

---
updated-dependencies:
- dependency-name: uvicorn
  dependency-version: 0.51.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: mypy
  dependency-version: 2.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: prek
  dependency-version: 0.4.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: setuptools
  dependency-version: 83.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the type:dependency Dependency-related changes label Jul 9, 2026
@MTSOnGithub MTSOnGithub enabled auto-merge (rebase) July 9, 2026 05:18
@MTSOnGithub MTSOnGithub merged commit 130054c into develop Jul 9, 2026
25 of 26 checks passed
@MTSOnGithub MTSOnGithub deleted the dependabot/uv/python-packages-2734cca8d3 branch July 9, 2026 05:29
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown

Coverage

Coverage Report •
FileStmtsMissBranchBrPartCoverMissing
TOTAL536864283217487% 
report-only-changed-files is enabled. No files were changed during this commit :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

type:dependency Dependency-related changes

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant