chore(deps): update python dependencies by renovate[bot] · Pull Request #36 · dannysauer/stampbot

renovate · 2026-02-09T05:58:22Z

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Type	Update
PyGithub	`2.8.1` → `2.9.0`	dependencies	minor
PyJWT	`2.11.0` → `2.12.1`	dependencies	minor
cosmic-ray	`8.4.3` → `8.4.4`	dev	patch
dynaconf	`3.2.12` → `3.2.13`	dependencies	patch
fastapi (changelog)	`0.128.0` → `0.135.2`	dependencies	minor
opentelemetry-api	`1.39.1` → `1.40.0`	dependencies	minor
opentelemetry-exporter-otlp	`1.39.1` → `1.40.0`	dependencies	minor
opentelemetry-sdk	`1.39.1` → `1.40.0`	dependencies	minor
pydantic-settings (changelog)	`2.12.0` → `2.13.1`	dependencies	minor
pytest-cov (changelog)	`7.0.0` → `7.1.0`	dev	minor
python	`>=3.11` → `==3.14.3`	dependencies	pin
ruff (source, changelog)	`0.14.14` → `0.15.8`	dev	minor
uvicorn (changelog)	`0.40.0` → `0.42.0`	dependencies	minor

Release Notes

pygithub/pygithub (PyGithub)

`v2.9.0`

Compare Source

Notable changes

Lazy PyGithub objects

The notion of lazy objects has been added to some PyGithub classes in version 2.6.0. This release now makes all CompletableGithubObjects optionally lazy (if useful). See PyGithub/PyGithub#3403 for a complete list.

In lazy mode, getting a PyGithub object does not send a request to the GitHub API. Only accessing methods and properties sends the necessary requests to the GitHub API:

# Use lazy mode
g = Github(auth=auth, lazy=True)

# these method calls do not send requests to the GitHub API
user = g.get_user("PyGithub")    # get the user
repo = user.get_repo("PyGithub") # get the user's repo
pull = repo.get_pull(3403)       # get a known pull request
issue = pull.as_issue()          # turn the pull request into an issue

# these method and property calls send requests to Github API
issue.create_reaction("rocket")  # create a reaction
created = repo.created_at        # get property of lazy object repo

# once a lazy object has been fetched, all properties are available (no more requests)
licence = repo.license

All PyGithub classes that implement CompletableGithubObject support lazy mode (if useful). This is only useful for classes that have methods creating, changing, or getting objects.

By default, PyGithub objects are not lazy.

PyGithub objects with a paginated property

The GitHub API has the "feature" of paginated properties. Some objects returned by the API have a property that allows for pagination. Fetching subsequent pages of that property means fetching the entire object (with all other properties) and the specified page of the paginated property. Iterating over the paginated property means fetching all other properties multiple times. Fortunately, the allowed size of each page (per_page is usually 300, in contrast to the "usual" per_page maximum of 100).

Objects with paginated properties:

Commit.files
Comparison.commits
EnterpriseConsumedLicenses.users

This PR makes iterating those paginated properties use the configured per_page setting.

It further allows to specify an individual per_page when either retrieving such objects, or fetching paginated properties.

See Classes with paginated properties for details.

Drop Python 3.8 support due to End-of-Life

Python 3.8 reached its end-of-life September 6, 2024. Support has been removed with this release.

Deprecations

Method delete of Reaction is deprecated, use IssueComment.delete_reaction,
PullRequestComment.delete_reaction, CommitComment.delete_reaction or Issue.delete_reaction instead.
Method Issue.assignee and parameter Issue.edit(assignee=…) are deprecated,
use Issue.assignees and Issue.edit(assignees=…) instead.
Method Organization.edit_hook is deprecated, use Organization.get_hook(id).edit(…) instead.
If you need to avoid Organization.get_hook(id) to fetch the Hook object from Github API,
use a lazy Github instance:

Github(…, lazy=True).get_organization(…).get_hook(id).edit(…)

Methods Team.add_to_members and Team.remove_from_members are deprecated,
use Team.add_membership or Team.remove_membership instead.

New Features

Consider per-page settings when iterating paginated properties by @EnricoMi in PyGithub/PyGithub#3377
Add Secret Scanning Alerts and Improve Code Scan Alerts by @matt-davis27 in PyGithub/PyGithub#3307

Improvements

More lazy objects by @EnricoMi in PyGithub/PyGithub#3403
Allow for enterprise base url prefixed with api. by @EnricoMi in PyGithub/PyGithub#3419
Add throw option to Workflow.create_dispatch to raise exceptions by @dblanchette in PyGithub/PyGithub#2966
Use GET url or _links.self as object url by @EnricoMi in PyGithub/PyGithub#3421
Add support for type parameter to get_issues by @nrysk in PyGithub/PyGithub#3381
Align implemented paths with OpenAPI spec by @EnricoMi in PyGithub/PyGithub#3413
Add suggested OpenAPI schemas by @EnricoMi in PyGithub/PyGithub#3411
Apply OpenAPI schemas by @EnricoMi in PyGithub/PyGithub#3412

Bug Fixes

Fix PaginatedList.totalCount returning 0 with GitHub deprecation notices by @odedperezcodes in PyGithub/PyGithub#3382
Use default type if known type is not supported by @EnricoMi in PyGithub/PyGithub#3365

Maintenance

Deprecate Reaction.delete by @iarspider in PyGithub/PyGithub#3435
Deprecate Issue.assignee by @EnricoMi in PyGithub/PyGithub#3366
Deprecate Orginization.edit_hook by @EnricoMi in PyGithub/PyGithub#3404
Deprecate Team.add_to_members and Team.remove_from_members by @EnricoMi in PyGithub/PyGithub#3368
Various minor OpenAPI fixes by @EnricoMi in PyGithub/PyGithub#3375
Update test key pair by @EnricoMi in PyGithub/PyGithub#3453
Pin CI lint Python version to 3.13 by @EnricoMi in PyGithub/PyGithub#3406
Improve error message on replay data mismatch by @EnricoMi in PyGithub/PyGithub#3385 and PyGithub/PyGithub#3386
Disable sleeps in tests by @EnricoMi in PyGithub/PyGithub#3383
Update autodoc defaults by @Aidan-McNay in PyGithub/PyGithub#3369
Add Python 3.14 to CI and tox by @EnricoMi in PyGithub/PyGithub#3429
Restrict PyPi release workflow permissions by @JLLeitschuh in PyGithub/PyGithub#3418
Fix OpenApi workflow by @EnricoMi in PyGithub/PyGithub#3389
Bump codecov/codecov-action from 3 to 5 by @dependabot[bot] in PyGithub/PyGithub#3284
Bump actions/setup-python from 5 to 6 by @dependabot[bot] in PyGithub/PyGithub#3370
Bump dawidd6/action-download-artifact from 3.0.0 to 3.1.4 by @dependabot[bot] in PyGithub/PyGithub#3282
Bump github/codeql-action from 3 to 4 by @dependabot[bot] in PyGithub/PyGithub#3391
Bump actions/upload-artifact from 4 to 5 by @dependabot[bot] in PyGithub/PyGithub#3394
Bump actions/download-artifact from 5 to 6 by @dependabot[bot] in PyGithub/PyGithub#3393
Drop Python 3.8 support due to EOL by @hugovk in PyGithub/PyGithub#3191
Merge changelog updates from v2.8 release branch by @EnricoMi in PyGithub/PyGithub#3367

New Contributors

@odedperezcodes made their first contribution in PyGithub/PyGithub#3382
@Aidan-McNay made their first contribution in PyGithub/PyGithub#3369
@nrysk made their first contribution in PyGithub/PyGithub#3381
@matt-davis27 made their first contribution in PyGithub/PyGithub#3307

Full Changelog: PyGithub/PyGithub@v2.8.0...v2.9.0

jpadilla/pyjwt (PyJWT)

`v2.12.1`

Compare Source

Changed


- Migrate the ``dev``, ``docs``, and ``tests`` package extras to dependency groups by @&#8203;kurtmckee in `#&#8203;1152 <https://github.com/jpadilla/pyjwt/pull/1152>`__

`v2.12.1 <https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1>`__
------------------------------------------------------------------------

Fixed
~~~~~

- Add missing ``typing_extensions`` dependency for Python < 3.11 in `#&#8203;1150 <https://github.com/jpadilla/pyjwt/issues/1150>`__

`v2.12.0 <https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0>`__
-----------------------------------------------------------------------

Fixed
~~~~~

- Annotate PyJWKSet.keys for pyright by @&#8203;tamird in `#&#8203;1134 <https://github.com/jpadilla/pyjwt/pull/1134>`__
- Close ``HTTPError`` response to prevent ``ResourceWarning`` on Python 3.14 by @&#8203;veeceey in `#&#8203;1133 <https://github.com/jpadilla/pyjwt/pull/1133>`__
- Do not keep ``algorithms`` dict in PyJWK instances by @&#8203;akx in `#&#8203;1143 <https://github.com/jpadilla/pyjwt/pull/1143>`__
- Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by @&#8203;dmbs335 in `GHSA-752w-5fwx-jx9f <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f>`__
- Use PyJWK algorithm when encoding without explicit algorithm in `#&#8203;1148 <https://github.com/jpadilla/pyjwt/pull/1148>`__

Added
~~~~~

- Docs: Add ``PyJWKClient`` API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache).

`v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0>`__
-----------------------------------------------------------------------

Fixed
~~~~~

- Enforce ECDSA curve validation per RFC 7518 Section 3.4.
- Fix build system warnings by @&#8203;kurtmckee in `#&#8203;1105 <https://github.com/jpadilla/pyjwt/pull/1105>`__
- Validate key against allowed types for Algorithm family in `#&#8203;964 <https://github.com/jpadilla/pyjwt/pull/964>`__
- Add iterator for JWKSet in `#&#8203;1041 <https://github.com/jpadilla/pyjwt/pull/1041>`__
- Validate `iss` claim is a string during encoding and decoding by @&#8203;pachewise in `#&#8203;1040 <https://github.com/jpadilla/pyjwt/pull/1040>`__
- Improve typing/logic for `options` in decode, decode_complete by @&#8203;pachewise in `#&#8203;1045 <https://github.com/jpadilla/pyjwt/pull/1045>`__
- Declare float supported type for lifespan and timeout by @&#8203;nikitagashkov in `#&#8203;1068 <https://github.com/jpadilla/pyjwt/pull/1068>`__
- Fix ``SyntaxWarning``\s/``DeprecationWarning``\s caused by invalid escape sequences by @&#8203;kurtmckee in `#&#8203;1103 <https://github.com/jpadilla/pyjwt/pull/1103>`__
- Development: Build a shared wheel once to speed up test suite setup times by @&#8203;kurtmckee in `#&#8203;1114 <https://github.com/jpadilla/pyjwt/pull/1114>`__
- Development: Test type annotations across all supported Python versions,
  increase the strictness of the type checking, and remove the mypy pre-commit hook
  by @&#8203;kurtmckee in `#&#8203;1112 <https://github.com/jpadilla/pyjwt/pull/1112>`__

Added
~~~~~

- Support Python 3.14, and test against PyPy 3.10 and 3.11 by @&#8203;kurtmckee in `#&#8203;1104 <https://github.com/jpadilla/pyjwt/pull/1104>`__
- Development: Migrate to ``build`` to test package building in CI by @&#8203;kurtmckee in `#&#8203;1108 <https://github.com/jpadilla/pyjwt/pull/1108>`__
- Development: Improve coverage config and eliminate unused test suite code by @&#8203;kurtmckee in `#&#8203;1115 <https://github.com/jpadilla/pyjwt/pull/1115>`__
- Docs: Standardize CHANGELOG links to PRs by @&#8203;kurtmckee in `#&#8203;1110 <https://github.com/jpadilla/pyjwt/pull/1110>`__
- Docs: Fix Read the Docs builds by @&#8203;kurtmckee in `#&#8203;1111 <https://github.com/jpadilla/pyjwt/pull/1111>`__
- Docs: Add example of using leeway with nbf by @&#8203;djw8605 in `#&#8203;1034 <https://github.com/jpadilla/pyjwt/pull/1034>`__
- Docs: Refactored docs with ``autodoc``; added ``PyJWS`` and ``jwt.algorithms`` docs by @&#8203;pachewise in `#&#8203;1045 <https://github.com/jpadilla/pyjwt/pull/1045>`__
- Docs: Documentation improvements for "sub" and "jti" claims by @&#8203;cleder in `#&#8203;1088 <https://github.com/jpadilla/pyjwt/pull/1088>`__
- Development: Add pyupgrade as a pre-commit hook by @&#8203;kurtmckee in `#&#8203;1109 <https://github.com/jpadilla/pyjwt/pull/1109>`__
- Add minimum key length validation for HMAC and RSA keys (CWE-326).
  Warns by default via ``InsecureKeyLengthWarning`` when keys are below
  minimum recommended lengths per RFC 7518 Section 3.2 (HMAC) and
  NIST SP 800-131A (RSA). Pass ``enforce_minimum_key_length=True`` in
  options to ``PyJWT`` or ``PyJWS`` to raise ``InvalidKeyError`` instead.
- Refactor ``PyJWT`` to own an internal ``PyJWS`` instance instead of
  calling global ``api_jws`` functions.

`v2.10.1 <https://github.com/jpadilla/pyjwt/compare/2.10.0...2.10.1>`__
-----------------------------------------------------------------------

Fixed
~~~~~

- Prevent partial matching of `iss` claim by @&#8203;fabianbadoi in `GHSA-75c5-xw7c-p5pm <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-75c5-xw7c-p5pm>`__

`v2.10.0 <https://github.com/jpadilla/pyjwt/compare/2.9.0...2.10.0>`__
-----------------------------------------------------------------------

Changed

Remove algorithm requirement from JWT API, instead relying on JWS API for enforcement, by @luhn in #975 <https://github.com/jpadilla/pyjwt/pull/975>__
Use Sequence for parameter types rather than List where applicable by @imnotjames in #970 <https://github.com/jpadilla/pyjwt/pull/970>__
Add JWK support to JWT encode by @luhn in #979 <https://github.com/jpadilla/pyjwt/pull/979>__
Encoding and decoding payloads using the none algorithm by @jpadilla in #c2629f6 <https://github.com/jpadilla/pyjwt/commit/c2629f66c593459e02616048443231ccbe18be16>__

Before:

.. code-block:: pycon

import jwt
jwt.encode({"payload": "abc"}, key=None, algorithm=None)

After:

.. code-block:: pycon

import jwt
jwt.encode({"payload": "abc"}, key=None, algorithm="none")
Added validation for 'sub' (subject) and 'jti' (JWT ID) claims in tokens by @Divan009 in #1005 <https://github.com/jpadilla/pyjwt/pull/1005>__
Refactor project configuration files from setup.cfg to pyproject.toml by @cleder in #995 <https://github.com/jpadilla/pyjwt/pull/995>__
Ruff linter and formatter changes by @gagandeepp in #1001 <https://github.com/jpadilla/pyjwt/pull/1001>__
Drop support for Python 3.8 (EOL) by @kkirsche in #1007 <https://github.com/jpadilla/pyjwt/pull/1007>__

Fixed


- Encode EC keys with a fixed bit length by @&#8203;etianen in `#&#8203;990 <https://github.com/jpadilla/pyjwt/pull/990>`__
- Add an RTD config file to resolve Read the Docs build failures by @&#8203;kurtmckee in `#&#8203;977 <https://github.com/jpadilla/pyjwt/pull/977>`__
- Docs: Update ``iat`` exception docs by @&#8203;pachewise in `#&#8203;974 <https://github.com/jpadilla/pyjwt/pull/974>`__
- Docs: Fix ``decode_complete`` scope and algorithms by @&#8203;RbnRncn in `#&#8203;982 <https://github.com/jpadilla/pyjwt/pull/982>`__
- Fix doctest for ``docs/usage.rst`` by @&#8203;pachewise in `#&#8203;986 <https://github.com/jpadilla/pyjwt/pull/986>`__
- Fix ``test_utils.py`` not to xfail by @&#8203;pachewise in `#&#8203;987 <https://github.com/jpadilla/pyjwt/pull/987>`__
- Docs: Correct `jwt.decode` audience param doc expression by @&#8203;peter279k in `#&#8203;994 <https://github.com/jpadilla/pyjwt/pull/994>`__

Added

Add support for python 3.13 by @hugovk in #972 <https://github.com/jpadilla/pyjwt/pull/972>__
Create SECURITY.md by @auvipy and @jpadilla in #973 <https://github.com/jpadilla/pyjwt/pull/973>__
Docs: Add PS256 encoding and decoding usage by @peter279k in #992 <https://github.com/jpadilla/pyjwt/pull/992>__
Docs: Add API docs for PyJWK by @luhn in #980 <https://github.com/jpadilla/pyjwt/pull/980>__
Docs: Add EdDSA algorithm encoding/decoding usage by @peter279k in #993 <https://github.com/jpadilla/pyjwt/pull/993>__
Include checkers and linters for pyproject.toml in pre-commit by @cleder in #1002 <https://github.com/jpadilla/pyjwt/pull/1002>__
Docs: Add ES256 decoding usage by @Gautam-Hegde in #1003 <https://github.com/jpadilla/pyjwt/pull/1003>__

`v2.12.0`

Compare Source

Security

Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by @dmbs335 in GHSA-752w-5fwx-jx9f

What's Changed

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #1132
chore(docs): fix docs build by @tamird in #1137
Annotate PyJWKSet.keys for pyright by @tamird in #1134
fix: close HTTPError to prevent ResourceWarning on Python 3.14 by @veeceey in #1133
chore: remove superfluous constants by @tamird in #1136
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #1135
chore(tests): enable mypy by @tamird in #1138
Bump actions/download-artifact from 7 to 8 by @dependabot[bot] in #1142
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #1141
[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #1145
fix: do not store reference to algorithms dict on PyJWK by @akx in #1143
Use PyJWK algorithm when encoding without explicit algorithm by @jpadilla in #1148

New Contributors

@tamird made their first contribution in #1137
@veeceey made their first contribution in #1133

Full Changelog: jpadilla/pyjwt@2.11.0...2.12.0

dynaconf/dynaconf (dynaconf)

`v3.2.13`

Compare Source

What's Changed

Bug Fixes

Fix @jinja and @format templating vulnerabilities. *By @pedro-psb *.
Fix failing @get converter. *By @rochacbruno *

Full Changelog: dynaconf/dynaconf@3.2.12...3.2.13

fastapi/fastapi (fastapi)

`v0.135.2`

Compare Source

Upgrades

⬆️ Increase lower bound to pydantic >=2.9.0. and fix the test suite. PR #15139 by @svlandeg.

Docs

📝 Add missing last release notes dates. PR #15202 by @tiangolo.
📝 Update docs for contributors and team members regarding translation PRs. PR #15200 by @YuriiMotov.
💄 Fix code blocks in reference docs overflowing table width. PR #15094 by @YuriiMotov.
📝 Fix duplicated words in docstrings. PR #15116 by @AhsanSheraz.
📝 Add docs for pyproject.toml with entrypoint. PR #15075 by @tiangolo.
📝 Update links in docs to no longer use the classes external-link and internal-link. PR #15061 by @tiangolo.
🔨 Add JS and CSS handling for automatic target=_blank for links in docs. PR #15063 by @tiangolo.
💄 Update styles for internal and external links in new tab. PR #15058 by @tiangolo.
📝 Add documentation for the FastAPI VS Code extension. PR #15008 by @savannahostrowski.
📝 Fix doctrings for max_digits and decimal_places. PR #14944 by @YuriiMotov.
📝 Add dates to release notes. PR #15001 by @YuriiMotov.

Translations

🌐 Update translations for zh (update-outdated). PR #15177 by @tiangolo.
🌐 Update translations for zh-hant (update-outdated). PR #15178 by @tiangolo.
🌐 Update translations for zh-hant (add-missing). PR #15176 by @tiangolo.
🌐 Update translations for zh (add-missing). PR #15175 by @tiangolo.
🌐 Update translations for ja (update-outdated). PR #15171 by @tiangolo.
🌐 Update translations for ko (update-outdated). PR #15170 by @tiangolo.
🌐 Update translations for tr (update-outdated). PR #15172 by @tiangolo.
🌐 Update translations for ko (add-missing). PR #15168 by @tiangolo.
🌐 Update translations for ja (add-missing). PR #15167 by @tiangolo.
🌐 Update translations for tr (add-missing). PR #15169 by @tiangolo.
🌐 Update translations for fr (update-outdated). PR #15165 by @tiangolo.
🌐 Update translations for fr (add-missing). PR #15163 by @tiangolo.
🌐 Update translations for uk (update-outdated). PR #15160 by @tiangolo.
🌐 Update translations for uk (add-missing). PR #15158 by @tiangolo.
🌐 Update translations for pt (add-missing). PR #15157 by @tiangolo.
🌐 Update translations for pt (update-outdated). PR #15159 by @tiangolo.
🌐 Update translations for es (update-outdated). PR #15155 by @tiangolo.
🌐 Update translations for es (add-missing). PR #15154 by @tiangolo.
🌐 Update translations for de (update-outdated). PR #15156 by @tiangolo.
🌐 Update translations for ru (update-and-add). PR #15152 by @tiangolo.
🌐 Update translations for de (add-missing). PR #15153 by @tiangolo.

Internal

🔨 Exclude spam comments from statistics in scripts/people.py. PR #15088 by @YuriiMotov.
⬆ Bump authlib from 1.6.7 to 1.6.9. PR #15128 by @dependabot[bot].
⬆ Bump pyasn1 from 0.6.2 to 0.6.3. PR #15143 by @dependabot[bot].
⬆ Bump ujson from 5.11.0 to 5.12.0. PR #15150 by @dependabot[bot].
🔨 Tweak translation workflow and translation fixer tool. PR #15166 by @YuriiMotov.
🔨 Fix commit_in_place passed via env variable in translate.yml workflow. PR #15151 by @YuriiMotov.
🔨 Update translation general prompt to enforce link style in translation matches the original link style. PR #15148 by @YuriiMotov.
👷 Re-enable translation workflow run by cron in CI (twice a month). PR #15145 by @YuriiMotov.
👷 Add ty to precommit. PR #15091 by @svlandeg.
⬆ Bump dorny/paths-filter from 3 to 4. PR #15106 by @dependabot[bot].
⬆ Bump cairosvg from 2.8.2 to 2.9.0. PR #15108 by @dependabot[bot].
⬆ Bump pyjwt from 2.11.0 to 2.12.0. PR #15110 by @dependabot[bot].
⬆ Bump black from 26.1.0 to 26.3.1. PR #15100 by @dependabot[bot].
🔨 Update script to autofix permalinks to account for headers with Markdown links. PR #15062 by @tiangolo.
📌 Pin Click for MkDocs live reload. PR #15057 by @tiangolo.
⬆ Bump werkzeug from 3.1.5 to 3.1.6. PR #14948 by @dependabot[bot].
⬆ Bump pydantic-ai from 1.62.0 to 1.63.0. PR #15035 by @dependabot[bot].
⬆ Bump pytest-codspeed from 4.2.0 to 4.3.0. PR #15034 by @dependabot[bot].
⬆ Bump strawberry-graphql from 0.291.2 to 0.307.1. PR #15033 by @dependabot[bot].
⬆ Bump typer from 0.21.1 to 0.24.1. PR #15032 by @dependabot[bot].
⬆ Bump actions/download-artifact from 7 to 8. PR #15020 by @dependabot[bot].
⬆ Bump actions/upload-artifact from 6 to 7. PR #15019 by @dependabot[bot].

`v0.135.1`

Compare Source

Fixes

🐛 Fix, avoid yield from a TaskGroup, only as an async context manager, closed in the request async exit stack. PR #15038 by @tiangolo.

Docs

✏️ Fix typo in docs/en/docs/_llm-test.md. PR #15007 by @adityagiri3600.
📝 Update Skill, optimize context, trim and refactor into references. PR #15031 by @tiangolo.

Internal

👥 Update FastAPI People - Experts. PR #15037 by @tiangolo.
👥 Update FastAPI People - Contributors and Translators. PR #15029 by @tiangolo.
👥 Update FastAPI GitHub topic repositories. PR #15036 by @tiangolo.

`v0.135.0`

Compare Source

Features

✨ Add support for Server Sent Events. PR #15030 by @tiangolo.
- New docs: Server-Sent Events (SSE).

`v0.134.0`

Compare Source

Features

✨ Add support for streaming JSON Lines and binary data with yield. PR #15022 by @tiangolo.
- This also upgrades Starlette from >=0.40.0 to >=0.46.0, as it's needed to properly unrwap and re-raise exceptions from exception groups.
- New docs: Stream JSON Lines.
- And new docs: Stream Data.

Docs

📝 Update Library Agent Skill with streaming responses. PR #15024 by @tiangolo.
📝 Update docs for responses and new stream with yield. PR #15023 by @tiangolo.
📝 Add await in StreamingResponse code example to allow cancellation. PR #14681 by @casperdcl.
📝 Rename docs_src/websockets to docs_src/websockets_ to avoid import errors. PR #14979 by @YuriiMotov.

Internal

🔨 Run tests with pytest-xdist and pytest-cov. PR #14992 by @YuriiMotov.

`v0.133.1`

Compare Source

Features

🔧 Add FastAPI Agent Skill. PR #14982 by @tiangolo.
- Read more about it in Library Agent Skills.

Internal

✅ Fix all tests are skipped on Windows. PR #14994 by @YuriiMotov.

`v0.133.0`

Compare Source

`v0.132.1`

Compare Source

Refactors

♻️ Refactor logic to handle OpenAPI and Swagger UI escaping data. PR #14986 by @tiangolo.

Internal

👥 Update FastAPI People - Experts. PR #14972 by @tiangolo.
👷 Allow skipping benchmark job in test workflow. PR #14974 by @YuriiMotov.

`v0.132.0`

Compare Source

Breaking Changes

🔒️ Add strict_content_type checking for JSON requests. PR #14978 by @tiangolo.
- Now FastAPI checks, by default, that JSON requests have a Content-Type header with a valid JSON value, like application/json, and rejects requests that don't.
- If the clients for your app don't send a valid Content-Type header you can disable this with strict_content_type=False.
- Check the new docs: Strict Content-Type Checking.

Internal

⬆ Bump flask from 3.1.2 to 3.1.3. PR #14949 by @dependabot[bot].
⬆ Update all dependencies to use griffelib instead of griffe. PR #14973 by @svlandeg.
🔨 Fix FastAPI People workflow. PR #14951 by @YuriiMotov.
👷 Do not run codspeed with coverage as it's not tracked. PR #14966 by @tiangolo.
👷 Do not include benchmark tests in coverage to speed up coverage processing. PR #14965 by @tiangolo.

`v0.131.0`

Compare Source

Breaking Changes

🗑️ Deprecate ORJSONResponse and UJSONResponse. PR #14964 by @tiangolo.

`v0.130.0`

Compare Source

Features

✨ Serialize JSON response with Pydantic (in Rust), when there's a Pydantic return type or response model. PR #14962 by @tiangolo.
- This results in 2x (or more) performance increase for JSON responses.
- New docs: Custom Response - JSON Performance.

`v0.129.2`

Compare Source

Internal

⬆️ Upgrade pytest. PR #14959 by @tiangolo.
👷 Fix CI, do not attempt to publish fastapi-slim. PR #14958 by @tiangolo.
➖ Drop support for fastapi-slim, no more versions will be released, use only "fastapi[standard]" or fastapi. PR #14957 by @tiangolo.
🔧 Update pyproject.toml, remove unneeded lines. PR #14956 by @tiangolo.

`v0.129.1`

Compare Source

Fixes

♻️ Fix JSON Schema for bytes, use "contentMediaType": "application/octet-stream" instead of "format": "binary". PR #14953 by @tiangolo.

Docs

🔨 Add Kapa.ai widget (AI chatbot). PR #14938 by @tiangolo.
🔥 Remove Python 3.9 specific files, no longer needed after updating translations. PR #14931 by @tiangolo.
📝 Update docs for JWT to prevent timing attacks. PR #14908 by @tiangolo.

Translations

✏️ Fix several typos in ru translations. PR #14934 by @argoarsiks.
🌐 Update translations for ko (update-all and add-missing). PR #14923 by @YuriiMotov.
🌐 Update translations for uk (add-missing). PR #14922 by @YuriiMotov.
🌐 Update translations for zh-hant (update-all and add-missing). PR #14921 by @YuriiMotov.
🌐 Update translations for fr (update-all and add-missing). PR #14920 by @YuriiMotov.
🌐 Update translations for de (update-all) . PR #14910 by @YuriiMotov.
🌐 Update translations for ja (update-all). PR #14916 by @YuriiMotov.
🌐 Update translations for pt (update-all). PR #14912 by @YuriiMotov.
🌐 Update translations for es (update-all and add-missing). PR #14911 by @YuriiMotov.
🌐 Update translations for zh (update-all). PR #14917 by @YuriiMotov.
🌐 Update translations for uk (update-all). PR #14914 by @YuriiMotov.
🌐 Update translations for tr (update-all). PR #14913 by @YuriiMotov.
🌐 Update translations for ru (update-outdated). PR #14909 by @YuriiMotov.

Internal

👷 Always run tests on push to master branch and when run by scheduler. PR #14940 by @YuriiMotov.
🎨 Upgrade typing syntax for Python 3.10. PR #14932 by @tiangolo.
⬆ Bump cryptography from 46.0.4 to 46.0.5. PR #14892 by @dependabot[bot].
⬆ Bump pillow from 12.1.0 to 12.1.1. PR #14899 by @dependabot[bot].

`v0.129.0`

Compare Source

Breaking Changes

➖ Drop support for Python 3.9. PR #14897 by @tiangolo.

Refactors

🎨 Update internal types for Python 3.10. PR #14898 by @tiangolo.

Docs

📝 Update highlights in webhooks docs. PR #14905 by @tiangolo.
📝 Update source examples and docs from Python 3.9 to 3.10. PR #14900 by @tiangolo.

Internal

🔨 Update docs.py scripts to migrate Python 3.9 to Python 3.10. PR #14906 by @tiangolo.

`v0.128.8`

Compare Source

Docs

📝 Fix grammar in docs/en/docs/tutorial/first-steps.md. PR #14708 by @SanjanaS10.

Internal

🔨 Tweak PDM hook script. PR #14895 by @tiangolo.
♻️ Update build setup for fastapi-slim, deprecate it, and make it only depend on fastapi. PR #14894 by @tiangolo.

`v0.128.7`

Compare Source

Features

✨ Show a clear error on attempt to include router into itself. PR #14258 by @JavierSanchezCastro.
✨ Replace dict by Mapping on HTTPException.headers. PR #12997 by @rijenkii.

Refactors

♻️ Simplify reading files in memory, do it sequentially instead of (fake) parallel. PR #14884 by @tiangolo.

Docs

📝 Use dfn tag for definitions instead of abbr in docs. PR #14744 by @YuriiMotov.

Internal

✅ Tweak comment in test to reference PR. PR #14885 by @tiangolo.
🔧 Update LLM-prompt for abbr and dfn tags. PR #14747 by @YuriiMotov.
✅ Test order for the submitted byte Files. PR #14828 by @valentinDruzhinin.
🔧 Configure test workflow to run tests with inline-snapshot=review. PR #14876 by @YuriiMotov.

[

Configuration

📅 Schedule: Branch creation - "before 6am on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

codecov · 2026-02-09T05:59:02Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (931443b) to head (4a876db).

Additional details and impacted files

@@            Coverage Diff            @@
##              main       #36   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            9         9           
  Lines          982       982           
  Branches       113       113           
=========================================
  Hits           982       982

Flag	Coverage Δ
unittests	`100.00% <ø> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

github-actions · 2026-02-09T06:00:03Z