Skip to content

chore(deps): bump the all-deps group across 1 directory with 6 updates#696

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/lib/python-sdk/all-deps-f50e987a39
Open

chore(deps): bump the all-deps group across 1 directory with 6 updates#696
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/lib/python-sdk/all-deps-f50e987a39

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 9, 2026
edited
Loading

Bumps the all-deps group with 6 updates in the /lib/python-sdk directory:

Package From To
httpx 0.27.2 0.28.1
mypy 1.19.0 1.20.0
ruff 0.11.13 0.15.10
tomlkit 0.13.3 0.14.0
types-pyyaml 6.0.12.20250915 6.0.12.20260408
datamodel-code-generator 0.43.1 0.56.0

Updates httpx from 0.27.2 to 0.28.1

Release notes

Sourced from httpx's releases.

Version 0.28.1

0.28.1 (6th December, 2024)

  • Fix SSL case where verify=False together with client side certificates.

Version 0.28.0

0.28.0 (28th November, 2024)

The 0.28 release includes a limited set of deprecations.

Deprecations:

We are working towards a simplified SSL configuration API.

For users of the standard verify=True or verify=False cases, or verify=<ssl_context> case this should require no changes. The following cases have been deprecated...

  • The verify argument as a string argument is now deprecated and will raise warnings.
  • The cert argument is now deprecated and will raise warnings.

Our revised SSL documentation covers how to implement the same behaviour with a more constrained API.

The following changes are also included:

  • The deprecated proxies argument has now been removed.
  • The deprecated app argument has now been removed.
  • JSON request bodies use a compact representation. (#3363)
  • Review URL percent escape sets, based on WHATWG spec. (#3371, #3373)
  • Ensure certifi and httpcore are only imported if required. (#3377)
  • Treat socks5h as a valid proxy scheme. (#3178)
  • Cleanup Request() method signature in line with client.request() and httpx.request(). (#3378)
  • Bugfix: When passing params={}, always strictly update rather than merge with an existing querystring. (#3364)
Changelog

Sourced from httpx's changelog.

0.28.1 (6th December, 2024)

  • Fix SSL case where verify=False together with client side certificates.

0.28.0 (28th November, 2024)

Be aware that the default JSON request bodies now use a more compact representation. This is generally considered a prefered style, tho may require updates to test suites.

The 0.28 release includes a limited set of deprecations...

Deprecations:

We are working towards a simplified SSL configuration API.

For users of the standard verify=True or verify=False cases, or verify=<ssl_context> case this should require no changes. The following cases have been deprecated...

  • The verify argument as a string argument is now deprecated and will raise warnings.
  • The cert argument is now deprecated and will raise warnings.

Our revised SSL documentation covers how to implement the same behaviour with a more constrained API.

The following changes are also included:

  • The deprecated proxies argument has now been removed.
  • The deprecated app argument has now been removed.
  • JSON request bodies use a compact representation. (#3363)
  • Review URL percent escape sets, based on WHATWG spec. (#3371, #3373)
  • Ensure certifi and httpcore are only imported if required. (#3377)
  • Treat socks5h as a valid proxy scheme. (#3178)
  • Cleanup Request() method signature in line with client.request() and httpx.request(). (#3378)
  • Bugfix: When passing params={}, always strictly update rather than merge with an existing querystring. (#3364)
Commits

Updates mypy from 1.19.0 to 1.20.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 1.20

We’ve just uploaded mypy 1.20.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Planned Changes to Defaults and Flags in Mypy 2.0

As a reminder, we are planning to enable --local-partial-types by default in mypy 2.0, which will likely be the next feature release. This will often require at least minor code changes. This option is implicitly enabled by mypy daemon, so this makes the behavior of daemon and non-daemon modes consistent.

Note that this release improves the compatibility of --local-partial-types significantly to make the switch easier (see below for more).

This can also be configured in a mypy configuration file (use False to disable):

local_partial_types = True

For more information, refer to the documentation.

We will also enable --strict-bytes by default in mypy 2.0. This usually requires at most minor code changes to adopt. For more information, refer to the documentation.

Finally, --allow-redefinition-new will be renamed to --allow-redefinition. If you want to continue using the older --allow-redefinition semantics which are less flexible (e.g. limited support for conditional redefinitions), you can switch to --allow-redefinition-old, which is currently supported as an alias to the legacy --allow-redefinition behavior. To use --allow-redefinition in the upcoming mypy 2.0, you can't use --no-local-partial-types. For more information, refer to the documentation.

Better Type Narrowing

Mypy's implementation of narrowing has been substantially reworked. Mypy will now narrow more aggressively, more consistently, and more correctly. In particular, you are likely to notice new narrowing behavior in equality expressions (==), containment expressions (in),

... (truncated)

Commits
  • 770d3ca Remove +dev from version
  • 4738ffa Changelog updates for 1.20 (#21109)
  • b4f07a7 Use 'native-parser' instead of 'native-parse' for optional dependency (#21115)
  • 7bec7b7 [mypyc] Document librt and librt.base64 (#21114)
  • c482596 --allow-redefinition-new is no longer experimental (#21110)
  • c916ca3 sdist: include misc/{diff-cache,apply-cache-diff}.py for `mypy/test/test_di...
  • b137e4e [mypyc] Speed up native-to-native imports within the same group (#21101)
  • 978b711 [mypyc] Fix range loop variable off-by-one after loop exit (#21098)
  • 67ada30 [stubtest] Check runtime availability of private types not marked `@type_chec...
  • bdef6ef librt cache tests: build respecting MYPY_TEST_PREFIX (#21097)
  • Additional commits viewable in compare view

Updates ruff from 0.11.13 to 0.15.10

Release notes

Sourced from ruff's releases.

0.15.10

Release Notes

Released on 2026-04-09.

Preview features

  • [flake8-logging] Allow closures in except handlers (LOG004) (#24464)
  • [flake8-self] Make SLF diagnostics robust to non-self-named variables (#24281)
  • [flake8-simplify] Make the fix for collapsible-if safe in preview (SIM102) (#24371)

Bug fixes

  • Avoid emitting multi-line f-string elements before Python 3.12 (#24377)
  • Avoid syntax error from E502 fixes in f-strings and t-strings (#24410)
  • Strip form feeds from indent passed to dedent_to (#24381)
  • [pyupgrade] Fix panic caused by handling of octals (UP012) (#24390)
  • Reject multi-line f-string elements before Python 3.12 (#24355)

Rule changes

  • [ruff] Treat f-string interpolation as potential side effect (RUF019) (#24426)

Server

  • Add support for custom file extensions (#24463)

Documentation

  • Document adding fixes in CONTRIBUTING.md (#24393)
  • Fix JSON typo in settings example (#24517)

Contributors

Install ruff 0.15.10

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.10/ruff-installer.sh | sh

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.10

Released on 2026-04-09.

Preview features

  • [flake8-logging] Allow closures in except handlers (LOG004) (#24464)
  • [flake8-self] Make SLF diagnostics robust to non-self-named variables (#24281)
  • [flake8-simplify] Make the fix for collapsible-if safe in preview (SIM102) (#24371)

Bug fixes

  • Avoid emitting multi-line f-string elements before Python 3.12 (#24377)
  • Avoid syntax error from E502 fixes in f-strings and t-strings (#24410)
  • Strip form feeds from indent passed to dedent_to (#24381)
  • [pyupgrade] Fix panic caused by handling of octals (UP012) (#24390)
  • Reject multi-line f-string elements before Python 3.12 (#24355)

Rule changes

  • [ruff] Treat f-string interpolation as potential side effect (RUF019) (#24426)

Server

  • Add support for custom file extensions (#24463)

Documentation

  • Document adding fixes in CONTRIBUTING.md (#24393)
  • Fix JSON typo in settings example (#24517)

Contributors

0.15.9

Released on 2026-04-02.

Preview features

  • [pyflakes] Flag annotated variable redeclarations as F811 in preview mode (#24244)
  • [ruff] Allow dunder-named assignments in non-strict mode for RUF067 (#24089)

... (truncated)

Commits
  • 252f761 Bump 0.15.10 (#24519)
  • 37a1ec8 [ty] Fix assignability of intersections with bounded typevars (#24502)
  • f518cc9 [ty] Allow partially stringified type[…] annotations (#24518)
  • 16c4090 docs: fix JSON typo in settings example (#24517)
  • 99d97bd [ty] Tighten up a few edge cases in Concatenate type-expression parsing (#2...
  • 2714e34 [ty] Enable pull-diagnostics by default in E2E tests (#24516)
  • d8bc700 LSP: Add support for custom extensions (#24463)
  • a45f96d [ty] stop special-casing str constructor (#24514)
  • 87a0f01 [ruff] Treat f-string interpolation as potential side effect in RUF019 (#24426)
  • e9ba848 [ty] Fix excess subscript argument inference for non-generic types (#24354)
  • Additional commits viewable in compare view

Updates tomlkit from 0.13.3 to 0.14.0

Release notes

Sourced from tomlkit's releases.

0.14.0

What's Changed

New Contributors

Full Changelog: python-poetry/tomlkit@0.13.3...0.14.0

Changelog

Sourced from tomlkit's changelog.

[0.14.0] - 2026-01-13

Changed

  • Drop support for Python older than 3.9. Remove 3.8 from the CI matrix.

Added

  • Custom encoders can now receive _parent and _sort_keys parameters to enable proper encoding of nested structures. (#429)
  • Add String.type property to get the string type. (#443)

Fixed

  • Fixed tomlkit.boolean() API to correctly handle boolean inputs. (#442)
Commits
  • 090a28e chore(deps-dev): bump setuptools from 70.0.0 to 78.1.1 (#453)
  • 9bccd76 chore: bump version to 0.14.0 in pyproject.toml and init.py
  • e457892 chore(deps-dev): bump urllib3 from 2.2.2 to 2.6.3 (#452)
  • 82970a1 chore: update pre-commit hooks and refactor imports for consistency
  • edba395 chore: update Python version and GitHub Actions to use latest versions (#451)
  • 5495784 feat: add String.type property to retrieve the string type
  • a61a4d5 [pre-commit.ci] pre-commit autoupdate (#444)
  • 87ace5e [pre-commit.ci] pre-commit autoupdate (#438)
  • 3687d0d fix: update boolean function to handle both string and boolean inputs correctly
  • 6042e0c feat: enhance custom encoders to accept _parent and _sort_keys parameters (#436)
  • Additional commits viewable in compare view

Updates types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408

Commits

Updates datamodel-code-generator from 0.43.1 to 0.56.0

Release notes

Sourced from datamodel-code-generator's releases.

0.56.0

Breaking Changes

Code Generation Changes

  • Generated default field syntax changed - Fields with structured defaults (dicts, lists, model references) now use Field(default_value, validate_default=True) instead of default_factory=lambda: TypeAdapter(...).validate_python(...) or default_factory=lambda: Model.model_validate(...). This produces simpler, more readable code but changes the generated output format. (#3050)
  • TypeAdapter import removed from generated code - Generated models no longer import TypeAdapter from pydantic since validate_default=True handles validation natively. (#3050)
  • Default value handling for model-referencing fields rewritten - Fields with defaults referencing Pydantic models (BaseModel, RootModel, type aliases) now generate Field(<raw_value>, validate_default=True) instead of default_factory=lambda: Model.model_validate(...), default_factory=lambda: TypeAdapter(...).validate_python(...), or default_factory=lambda: Model(...). Empty collection defaults changed from default_factory=list/default_factory=dict to Field([], validate_default=True)/Field({}, validate_default=True). The generated code is semantically equivalent under Pydantic v2 but textually different, which will break snapshot tests or tooling that matches exact output. pydantic.TypeAdapter is no longer imported in generated code. (#3070)
  • Default values for model-referencing fields now use validate_default=True instead of default_factory lambdas - Fields with structured defaults (dicts, lists, or scalars referencing Pydantic models/RootModels) previously generated default_factory=lambda: ModelName.model_validate(value) or default_factory=lambda: ModelName(value). They now generate Field(value, validate_default=True), producing simpler but different output. Empty collection defaults changed from default_factory=list/default_factory=dict to Field([], validate_default=True)/Field({}, validate_default=True). Users who regenerate code will see different output. (#3071) Before: 
    count: CountType | None = Field(default_factory=lambda: CountType(10))
items: dict[str, Item] | None = Field(default_factory=dict, title='Items')
    After: 
    count: CountType | None = Field(10, validate_default=True)
items: dict[str, Item] | None = Field({}, title='Items', validate_default=True)
  • Default values for fields referencing models now use validate_default=True instead of default_factory=lambda: - Fields with structured defaults (dicts/lists) that reference Pydantic models previously generated default_factory=lambda: Model.model_validate(...) or default_factory=lambda: TypeAdapter(Type).validate_python(...) patterns. They now generate the raw default value directly with validate_default=True (e.g., Field({'key': 'val'}, validate_default=True) instead of Field(default_factory=lambda: Model.model_validate({'key': 'val'}))). This changes the generated code output and may affect users who depend on the exact generated code structure, pin generated output in tests, or use custom post-processing. The runtime behavior should be equivalent for Pydantic v2 users. (#3072)
  • TypeAdapter import removed from generated code - Generated code no longer imports pydantic.TypeAdapter for default value handling. Code that previously used TypeAdapter(...).validate_python(...) in default factories now uses inline defaults with validate_default=True. (#3072)
  • Integer and boolean discriminator values now supported in generated Literal types - Discriminator fields previously only generated string literal values. They now support int and bool discriminator values (e.g., Literal[1] instead of Literal['1']), which changes generated code for schemas using integer discriminator mappings. (#3072)

API/CLI Changes

  • ValidatedDefault and WrappedDefault classes removed - These internal classes were exported from datamodel_code_generator.model.base and have been removed. Code importing these types will break: 
    # Before (broken)
from datamodel_code_generator.model.base import ValidatedDefault, WrappedDefault
    (#3050)
  • SUPPORTS_WRAPPED_DEFAULT and SUPPORTS_VALIDATED_DEFAULT class variables removed - These flags were removed from the DataModel base class. Custom model classes that override these variables will see attribute errors. (#3050)
  • Internal types ValidatedDefault and WrappedDefault removed - The datamodel_code_generator.model._types module was deleted and ValidatedDefault/WrappedDefault are no longer exported from datamodel_code_generator.model.base. Code that imports or subclasses these types will break. The SUPPORTS_WRAPPED_DEFAULT and SUPPORTS_VALIDATED_DEFAULT class variables were removed from DataModel and its subclasses; custom model classes referencing these attributes will need updating. (#3070)
  • Removed WrappedDefault, ValidatedDefault classes and SUPPORTS_WRAPPED_DEFAULT, SUPPORTS_VALIDATED_DEFAULT class variables - The WrappedDefault and ValidatedDefault classes from datamodel_code_generator.model._types (re-exported via datamodel_code_generator.model.base) have been deleted. The DataModel class variables SUPPORTS_WRAPPED_DEFAULT and SUPPORTS_VALIDATED_DEFAULT have also been removed. Code that imports or references these will break. (#3071)
  • New --allow-remote-refs / --no-allow-remote-refs CLI option and allow_remote_refs config field - Remote $ref fetching over HTTP/HTTPS now emits a deprecation warning by default. Pass --allow-remote-refs to suppress the warning, or --no-allow-remote-refs to block remote fetching entirely. In a future version, remote fetching will be disabled by default. Users relying on remote $ref resolution should add --allow-remote-refs to their invocations to avoid the deprecation warning and prepare for the future default change. (#3072)
  • New SchemaFetchError exception for HTTP fetch failures - Remote schema fetching now raises SchemaFetchError (instead of propagating raw httpx exceptions) on HTTP errors, non-2xx status codes, or unexpected HTML responses. Users catching specific httpx exceptions from remote ref resolution will need to catch SchemaFetchError instead. (#3072)

Error Handling Changes

  • Missing local $ref now raises Error instead of FileNotFoundError - Previously, when a $ref pointed to a non-existent local file, a raw FileNotFoundError propagated to callers. Now it raises datamodel_code_generator.Error with the message "$ref file not found: <path>". Programmatic users catching FileNotFoundError specifically will need to catch Error instead (#3051)
  • HTTP fetch failures now raise SchemaFetchError instead of propagating raw exceptions - HTTP errors (4xx/5xx status codes), unexpected HTML responses, and transport errors (DNS, timeout, connection) that previously resulted in downstream YAML/JSON parse errors or raw httpx exceptions now raise SchemaFetchError (a subclass of Error) before parsing is attempted. Users catching specific parse errors or httpx exceptions for these scenarios will need to update their error handling (#3051)
  • HTTP fetch errors now raise SchemaFetchError instead of raw httpx exceptions - The get_body() function in http.py now catches HTTP errors and raises SchemaFetchError (a new Error subclass) for HTTP status >= 400, network failures, and unexpected HTML responses. Code that caught raw httpx exceptions from remote schema fetching will need to catch SchemaFetchError instead. (#3071)
  • Remote $ref fetching now emits FutureWarning without --allow-remote-refs - Fetching remote HTTP/HTTPS $ref references without explicitly passing --allow-remote-refs now emits a FutureWarning deprecation warning. In a future version, remote fetching will be disabled by default. Users relying on implicit remote ref fetching should add --allow-remote-refs to suppress the warning. (#3071)
  • HTTP fetch errors now raise SchemaFetchError with validation of response content type - Previously, fetching a remote $ref that returned an HTML error page would silently pass the HTML through as schema content. Now it raises SchemaFetchError if the response has text/html content type or a 4xx/5xx status code. This may cause previously-silent failures to become loud errors. (#3072)

Default Behavior Changes

  • Implicit remote $ref fetching now emits FutureWarning - When a $ref resolves to an HTTP(S) URL and --allow-remote-refs is not explicitly passed, the tool still fetches the remote reference but emits a FutureWarning. This may cause failures in environments running with -W error (warnings as errors) or strict warning filters. Pass --allow-remote-refs explicitly to suppress the warning (#3051)
  • Remote $ref fetching now emits a FutureWarning - When the parser encounters an HTTP/HTTPS $ref without --allow-remote-refs being explicitly set, a FutureWarning is emitted warning that remote fetching will be disabled by default in a future version. Pass --allow-remote-refs to silence the warning, or --no-allow-remote-refs to block remote fetching immediately. (#3070)

Custom Template Update Required

  • Type alias templates updated with fields guard - All six type alias templates (TypeAliasAnnotation.jinja2, TypeAliasType.jinja2, TypeStatement.jinja2, UnionTypeAliasAnnotation.jinja2, UnionTypeAliasType.jinja2, UnionTypeStatement.jinja2) now wrap the main body in {% if fields %}...{% else %} blocks that fall back to {{ base_class }} when no fields are present. Users with custom copies of these templates must add the same guard or handle the empty-fields case. (#3070)
  • Type alias Jinja2 templates now require fields guard and base_class fallback - The built-in templates TypeAliasAnnotation.jinja2, TypeAliasType.jinja2, TypeStatement.jinja2, and their Union variants now wrap field access in {%- if fields %}...{%- else %} blocks with a base_class fallback for empty field lists. Users with custom templates derived from the old versions will need to add similar guards. (#3071)
  • Type alias templates (TypeAliasAnnotation.jinja2, TypeAliasType.jinja2, TypeStatement.jinja2, and their Union variants) now handle an empty fields list with a fallback to base_class - If you have custom copies of these templates, they need to be updated to include the new {%- if fields %}...{%- else %}...{%- endif %} branching logic. Without this update, custom templates may error when fields is empty. (#3072)

... (truncated)

Changelog

Sourced from datamodel-code-generator's changelog.

0.56.0 - 2026-04-04

Breaking Changes

Code Generation Changes

  • Generated default field syntax changed - Fields with structured defaults (dicts, lists, model references) now use Field(default_value, validate_default=True) instead of default_factory=lambda: TypeAdapter(...).validate_python(...) or default_factory=lambda: Model.model_validate(...). This produces simpler, more readable code but changes the generated output format. (#3050)
  • TypeAdapter import removed from generated code - Generated models no longer import TypeAdapter from pydantic since validate_default=True handles validation natively. (#3050)
  • Default value handling for model-referencing fields rewritten - Fields with defaults referencing Pydantic models (BaseModel, RootModel, type aliases) now generate Field(<raw_value>, validate_default=True) instead of default_factory=lambda: Model.model_validate(...), default_factory=lambda: TypeAdapter(...).validate_python(...), or default_factory=lambda: Model(...). Empty collection defaults changed from default_factory=list/default_factory=dict to Field([], validate_default=True)/Field({}, validate_default=True). The generated code is semantically equivalent under Pydantic v2 but textually different, which will break snapshot tests or tooling that matches exact output. pydantic.TypeAdapter is no longer imported in generated code. (#3070)
  • Default values for model-referencing fields now use validate_default=True instead of default_factory lambdas - Fields with structured defaults (dicts, lists, or scalars referencing Pydantic models/RootModels) previously generated default_factory=lambda: ModelName.model_validate(value) or default_factory=lambda: ModelName(value). They now generate Field(value, validate_default=True), producing simpler but different output. Empty collection defaults changed from default_factory=list/default_factory=dict to Field([], validate_default=True)/Field({}, validate_default=True). Users who regenerate code will see different output. (#3071) Before: 
    count: CountType | None = Field(default_factory=lambda: CountType(10))
items: dict[str, Item] | None = Field(default_factory=dict, title='Items')
    After: 
    count: CountType | None = Field(10, validate_default=True)
items: dict[str, Item] | None = Field({}, title='Items', validate_default=True)
  • Default values for fields referencing models now use validate_default=True instead of default_factory=lambda: - Fields with structured defaults (dicts/lists) that reference Pydantic models previously generated default_factory=lambda: Model.model_validate(...) or default_factory=lambda: TypeAdapter(Type).validate_python(...) patterns. They now generate the raw default value directly with validate_default=True (e.g., Field({'key': 'val'}, validate_default=True) instead of Field(default_factory=lambda: Model.model_validate({'key': 'val'}))). This changes the generated code output and may affect users who depend on the exact generated code structure, pin generated output in tests, or use custom post-processing. The runtime behavior should be equivalent for Pydantic v2 users. (#3072)
  • TypeAdapter import removed from generated code - Generated code no longer imports pydantic.TypeAdapter for default value handling. Code that previously used TypeAdapter(...).validate_python(...) in default factories now uses inline defaults with validate_default=True. (#3072)
  • Integer and boolean discriminator values now supported in generated Literal types - Discriminator fields previously only generated string literal values. They now support int and bool discriminator values (e.g., Literal[1] instead of Literal['1']), which changes generated code for schemas using integer discriminator mappings. (#3072)

API/CLI Changes

  • ValidatedDefault and WrappedDefault classes removed - These internal classes were exported from datamodel_code_generator.model.base and have been removed. Code importing these types will break: 
    # Before (broken)
from datamodel_code_generator.model.base import ValidatedDefault, WrappedDefault
    (#3050)
  • SUPPORTS_WRAPPED_DEFAULT and SUPPORTS_VALIDATED_DEFAULT class variables removed - These flags were removed from the DataModel base class. Custom model classes that override these variables will see attribute errors. (#3050)
  • Internal types ValidatedDefault and WrappedDefault removed - The datamodel_code_generator.model._types module was deleted and ValidatedDefault/WrappedDefault are no longer exported from datamodel_code_generator.model.base. Code that imports or subclasses these types will break. The SUPPORTS_WRAPPED_DEFAULT and SUPPORTS_VALIDATED_DEFAULT class variables were removed from DataModel and its subclasses; custom model classes referencing these attributes will need updating. (#3070)
  • Removed WrappedDefault, ValidatedDefault classes and SUPPORTS_WRAPPED_DEFAULT, SUPPORTS_VALIDATED_DEFAULT class variables - The WrappedDefault and ValidatedDefault classes from datamodel_code_generator.model._types (re-exported via datamodel_code_generator.model.base) have been deleted. The DataModel class variables SUPPORTS_WRAPPED_DEFAULT and SUPPORTS_VALIDATED_DEFAULT have also been removed. Code that imports or references these will break. (#3071)
  • New --allow-remote-refs / --no-allow-remote-refs CLI option and allow_remote_refs config field - Remote $ref fetching over HTTP/HTTPS now emits a deprecation warning by default. Pass --allow-remote-refs to suppress the warning, or --no-allow-remote-refs to block remote fetching entirely. In a future version, remote fetching will be disabled by default. Users relying on remote $ref resolution should add --allow-remote-refs to their invocations to avoid the deprecation warning and prepare for the future default change. (#3072)
  • New SchemaFetchError exception for HTTP fetch failures - Remote schema fetching now raises SchemaFetchError (instead of propagating raw httpx exceptions) on HTTP errors, non-2xx status codes, or unexpected HTML responses. Users catching specific httpx exceptions from remote ref resolution will need to catch SchemaFetchError instead. (#3072)

Error Handling Changes

  • Missing local $ref now raises Error instead of FileNotFoundError - Previously, when a $ref pointed to a non-existent local file, a raw FileNotFoundError propagated to callers. Now it raises datamodel_code_generator.Error with the message "$ref file not found: <path>". Programmatic users catching FileNotFoundError specifically will need to catch Error instead (#3051)
  • HTTP fetch failures now raise SchemaFetchError instead of propagating raw exceptions - HTTP errors (4xx/5xx status codes), unexpected HTML responses, and transport errors (DNS, timeout, connection) that previously resulted in downstream YAML/JSON parse errors or raw httpx exceptions now raise SchemaFetchError (a subclass of Error) before parsing is attempted. Users catching specific parse errors or httpx exceptions for these scenarios will need to update their error handling (#3051)
  • HTTP fetch errors now raise SchemaFetchError instead of raw httpx exceptions - The get_body() function in http.py now catches HTTP errors and raises SchemaFetchError (a new Error subclass) for HTTP status >= 400, network failures, and unexpected HTML responses. Code that caught raw httpx exceptions from remote schema fetching will need to catch SchemaFetchError instead. (#3071)
  • Remote $ref fetching now emits FutureWarning without --allow-remote-refs - Fetching remote HTTP/HTTPS $ref references without explicitly passing --allow-remote-refs now emits a FutureWarning deprecation warning. In a future version, remote fetching will be disabled by default. Users relying on implicit remote ref fetching should add --allow-remote-refs to suppress the warning. (#3071)
  • HTTP fetch errors now raise SchemaFetchError with validation of response content type - Previously, fetching a remote $ref that returned an HTML error page would silently pass the HTML through as schema content. Now it raises SchemaFetchError if the response has text/html content type or a 4xx/5xx status code. This may cause previously-silent failures to become loud errors. (#3072)

Default Behavior Changes

  • Implicit remote $ref fetching now emits FutureWarning - When a $ref resolves to an HTTP(S) URL and --allow-remote-refs is not explicitly passed, the tool still fetches the remote reference but emits a FutureWarning. This may cause failures in environments running with -W error (warnings as errors) or strict warning filters. Pass --allow-remote-refs explicitly to suppress the warning (#3051)
  • Remote $ref fetching now emits a FutureWarning - When the parser encounters an HTTP/HTTPS $ref without --allow-remote-refs being explicitly set, a FutureWarning is emitted warning that remote fetching will be disabled by default in a future version. Pass --allow-remote-refs to silence the warning, or --no-allow-remote-refs to block remote fetching immediately. (#3070)

Custom Template Update Required

  • Type alias templates updated with fields guard - All six type alias templates (TypeAliasAnnotation.jinja2, TypeAliasType.jinja2, TypeStatement.jinja2, UnionTypeAliasAnnotation.jinja2, UnionTypeAliasType.jinja2, UnionTypeStatement.jinja2) now wrap the main body in {% if fields %}...{% else %} blocks that fall back to {{ base_class }} when no fields are present. Users with custom copies of these templates must add the same guard or handle the empty-fields case. (#3070)
  • Type alias Jinja2 templates now require fields guard and base_class fallback - The built-in templates TypeAliasAnnotation.jinja2, TypeAliasType.jinja2, TypeStatement.jinja2, and their Union variants now wrap field access in {%- if fields %}...{%- else %} blocks with a base_class fallback for empty field lists. Users with custom templates derived from the old versions will need to add similar guards. (#3071)

... (truncated)

Commits
  • 52d9ef9 [codex] Refresh project usage list (#3072)
  • 7d41fef Support JSON files for mapping options (#3071)
  • 5a8cd0d Fix non-string OpenAPI discriminator literals (#3070)
  • 5dcbc09 Fix type alias template crash with reuse_model on empty fields (#3060)
  • 8c96599 docs: update llms.txt files
  • c771079 docs: update CLI reference documentation and prompt data
  • f6d4cbd Add --allow-remote-refs to disable HTTP fetching of $ref by default (#3051)
  • 7e1a5c7 Update release draft model and preserve breaking changes (#3057)
  • 5bd8eab Add ryaml as optional YAML backend for faster parsing (#3055)
  • af51cd7 Update projects list with notable AI/LLM ecosystem projects (#3053)
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Issue or PR related to Python tooling labels Apr 9, 2026
This was referenced Apr 9, 2026
Closed
Closed
Closed
@github-actions github-actions bot added sdk Issue or PR related to our SDKs py-sdk Related to Python SDK labels Apr 9, 2026
@bryan-thompsoncodes bryan-thompsoncodes mentioned this pull request Apr 10, 2026
Merged
@dependabot
chore(deps): bump the all-deps group in /lib/python-sdk with 6 updates
4cefb25 
Bumps the all-deps group in /lib/python-sdk with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [httpx](https://github.com/encode/httpx) | `0.27.2` | `0.28.1` |
| [mypy](https://github.com/python/mypy) | `1.19.0` | `1.20.0` |
| [ruff](https://github.com/astral-sh/ruff) | `0.11.13` | `0.15.10` |
| [tomlkit](https://github.com/sdispater/tomlkit) | `0.13.3` | `0.14.0` |
| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20250915` | `6.0.12.20260408` |
| [datamodel-code-generator](https://github.com/koxudaxi/datamodel-code-generator) | `0.43.1` | `0.56.0` |


Updates `httpx` from 0.27.2 to 0.28.1
- [Release notes](https://github.com/encode/httpx/releases)
- [Changelog](https://github.com/encode/httpx/blob/master/CHANGELOG.md)
- [Commits](encode/httpx@0.27.2...0.28.1)

Updates `mypy` from 1.19.0 to 1.20.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v1.19.0...v1.20.0)

Updates `ruff` from 0.11.13 to 0.15.10
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.11.13...0.15.10)

Updates `tomlkit` from 0.13.3 to 0.14.0
- [Release notes](https://github.com/sdispater/tomlkit/releases)
- [Changelog](https://github.com/python-poetry/tomlkit/blob/master/CHANGELOG.md)
- [Commits](python-poetry/tomlkit@0.13.3...0.14.0)

Updates `types-pyyaml` from 6.0.12.20250915 to 6.0.12.20260408
- [Commits](https://github.com/python/typeshed/commits)

Updates `datamodel-code-generator` from 0.43.1 to 0.56.0
- [Release notes](https://github.com/koxudaxi/datamodel-code-generator/releases)
- [Changelog](https://github.com/koxudaxi/datamodel-code-generator/blob/main/CHANGELOG.md)
- [Commits](koxudaxi/datamodel-code-generator@0.43.1...0.56.0)

---
updated-dependencies:
- dependency-name: httpx
  dependency-version: 0.28.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: mypy
  dependency-version: 1.20.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: ruff
  dependency-version: 0.15.10
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: tomlkit
  dependency-version: 0.14.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: types-pyyaml
  dependency-version: 6.0.12.20260408
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-deps
- dependency-name: datamodel-code-generator
  dependency-version: 0.56.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot changed the title chore(deps): bump the all-deps group in /lib/python-sdk with 6 updates chore(deps): bump the all-deps group across 1 directory with 6 updates Apr 10, 2026
@dependabot dependabot bot force-pushed the dependabot/pip/lib/python-sdk/all-deps-f50e987a39 branch from f236e82 to 4cefb25 Compare April 10, 2026 20:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file py-sdk Related to Python SDK python Issue or PR related to Python tooling sdk Issue or PR related to our SDKs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants