Skip to content

chore(deps): bump the python-dependencies group across 1 directory with 6 updates#825

Open
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/pip/lib/serve/rest-api/src/develop/python-dependencies-2d0908b786
Open

chore(deps): bump the python-dependencies group across 1 directory with 6 updates#825
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/pip/lib/serve/rest-api/src/develop/python-dependencies-2d0908b786

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 10, 2026
edited
Loading

Updates the requirements on boto3, cachetools, gunicorn, litellm[proxy], starlette and uvicorn to permit the latest version.
Updates boto3 from 1.40.76 to 1.42.64

Commits
  • 12c6ff2 Merge branch 'release-1.42.64'
  • e006a9a Bumping version to 1.42.64
  • e4935ee Add changelog entries from botocore
  • 3cb7506 Fix typo in CONTRIBUTING.rst: codstyle to codestyle (#4731)
  • 5e8adc5 Merge branch 'release-1.42.63'
  • 1c19e8c Merge branch 'release-1.42.63' into develop
  • ab9feea Bumping version to 1.42.63
  • ea37886 Add changelog entries from botocore
  • 1e80b23 Merge branch 'release-1.42.62'
  • e36ca90 Merge branch 'release-1.42.62' into develop
  • Additional commits viewable in compare view

Updates cachetools from 7.0.2 to 7.0.5

Changelog

Sourced from cachetools's changelog.

v7.0.5 (2026-03-09)

  • Minor @cachedmethod performance improvements.

v7.0.4 (2026-03-08)

  • Fix and properly document @cachedmethod.cache_key behavior.

  • Minor documentation improvements.

v7.0.3 (2026-03-05)

  • Fix DeprecationWarning when creating an autospec mock with @cachedmethod decorations.
Commits

Updates gunicorn to 25.1.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 25.1.0

New Features

  • Control Interface (gunicornc): Add interactive control interface for managing running Gunicorn instances, similar to birdc for BIRD routing daemon ([PR #3505](benoitc/gunicorn#3505))

    • Unix socket-based communication with JSON protocol
    • Interactive mode with readline support and command history
    • Commands: show all/workers/dirty/config/stats/listeners
    • Worker management: worker add/remove/kill, dirty add/remove
    • Server control: reload, reopen, shutdown
    • New settings: --control-socket, --control-socket-mode, --no-control-socket
    • New CLI tool: gunicornc for connecting to control socket
    • See Control Interface Guide for details

  • Dirty Stash: Add global shared state between workers via dirty.stash ([PR #3503](benoitc/gunicorn#3503))

    • In-memory key-value store accessible by all workers
    • Supports get, set, delete, clear, keys, and has operations
    • Useful for sharing state like feature flags, rate limits, or cached data

  • Dirty Binary Protocol: Implement efficient binary protocol for dirty arbiter IPC using TLV (Type-Length-Value) encoding ([PR #3500](benoitc/gunicorn#3500))

    • More efficient than JSON for binary data
    • Supports all Python types: str, bytes, int, float, bool, None, list, dict
    • Better performance for large payloads

  • Dirty TTIN/TTOU Signals: Add dynamic worker scaling for dirty arbiters ([PR #3504](benoitc/gunicorn#3504))

    • Send SIGTTIN to increase dirty workers
    • Send SIGTTOU to decrease dirty workers
    • Respects minimum worker constraints from app configurations

Changes

  • ASGI Worker: Promoted from beta to stable
  • Dirty Arbiters: Now marked as beta feature

Documentation

  • Fix Markdown formatting in /configure documentation
Commits
  • 2d43101 docs: merge gunicornc into 25.1.0 release
  • bf4ad8d docs: update 25.1.0 release date to 2026-02-13
  • 730350e Merge pull request #3505 from benoitc/feature/gunicornc-control-interface
  • 63df19b fix(tests): use process groups for reliable signal handling in PyPy
  • cd77bcc fix(tests): increase wait time for all server tests
  • 02ea985 fix(tests): improve server test reliability on FreeBSD
  • 6d81c9e fix: resolve pylint warnings
  • 7486baa fix: remove unused imports
  • 3e60d29 docs: add gunicornc control interface guide
  • e05e40d feat(ctl): add message-based dirty worker management
  • Additional commits viewable in compare view

Updates litellm[proxy] from 1.81.3 to 1.82.1

Release notes

Sourced from litellm[proxy]'s releases.

1.82.1

What's Changed

... (truncated)

Commits

Updates starlette to 0.52.1

Release notes

Sourced from starlette's releases.

Version 0.52.1

What's Changed

Full Changelog: Kludex/starlette@0.52.0...0.52.1

Changelog

Sourced from starlette's changelog.

0.52.1 (January 18, 2026)

Fixed

  • Only use typing_extensions in older Python versions #3109.

0.52.0 (January 18, 2026)

In this release, State can be accessed using dictionary-style syntax for improved type safety (#3036).

from collections.abc import AsyncIterator
from contextlib import asynccontextmanager
from typing import TypedDict
import httpx
from starlette.applications import Starlette
from starlette.requests import Request
class State(TypedDict):
http_client: httpx.AsyncClient
@​asynccontextmanager
async def lifespan(app: Starlette) -> AsyncIterator[State]:
async with httpx.AsyncClient() as client:
yield {"http_client": client}
async def homepage(request: Request[State]):
client = request.state["http_client"]
# If you run the below line with mypy or pyright, it will reveal the correct type.
reveal_type(client)  # Revealed type is 'httpx.AsyncClient'

See Accessing State for more details.

0.51.0 (January 10, 2026)

Added

  • Add allow_private_network in CORSMiddleware #3065.

Changed

  • Increase warning stacklevel on DeprecationWarning for wsgi module #3082.

... (truncated)

Commits

Updates uvicorn to 0.41.0

Release notes

Sourced from uvicorn's releases.

Version 0.41.0

Added

  • Add --limit-max-requests-jitter to stagger worker restarts (#2707)
  • Add socket path to scope["server"] (#2561)

Changed

  • Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

  • Ignore permission denied errors in watchfiles reloader (#2817)
  • Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
  • Reduce the log level of 'request limit exceeded' messages (#2788)

New Contributors

Full Changelog: Kludex/uvicorn@0.40.0...0.41.0

Changelog

Sourced from uvicorn's changelog.

0.41.0 (February 16, 2026)

Added

  • Add --limit-max-requests-jitter to stagger worker restarts (#2707)
  • Add socket path to scope["server"] (#2561)

Changed

  • Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

  • Ignore permission denied errors in watchfiles reloader (#2817)
  • Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
  • Reduce the log level of 'request limit exceeded' messages (#2788)

0.40.0 (December 21, 2025)

Remove

  • Drop support for Python 3.9 (#2772)

0.39.0 (December 21, 2025)

Fixed

  • Send close frame on ASGI return for WebSockets (#2769)
  • Explicitly start ASGI run with empty context (#2742)

0.38.0 (October 18, 2025)

Added

  • Support Python 3.14 (#2723)

0.37.0 (September 23, 2025)

Added

  • Add --timeout-worker-healthcheck option (#2711)
  • Add os.PathLike[str] type to ssl_ca_certs (#2676)

0.36.1 (September 23, 2025)

Fixed

  • Raise an exception when calling removed Config.setup_event_loop() (#2709)

0.36.0 (September 20, 2025)

... (truncated)

Commits
  • 9283c0f Version 0.41.0 (#2821)
  • a01a33e Add --limit-max-requests-jitter to stagger worker restarts (#2707)
  • 2ce65bd Ignore permission denied errors in watchfiles reloader (#2817)
  • 654f2ed Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
  • a03d9f6 Reduce the log level of 'request limit exceeded' messages (#2788)
  • e377de4 Add socket path to scope["server"] (#2561)
  • 0779f7f Poll for readiness in test_multiprocess_health_check and run_server (#2816)
  • 7e9ce2c Poll for PID changes in test_multiprocess_sighup instead of fixed sleep (#2...
  • 99f0d87 Fix grep warning in scripts/sync-version (#2807)
  • 7ae2e63 chore(deps): bump the python-packages group with 18 updates (#2801)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 10, 2026
@dependabot
chore(deps): bump the python-dependencies group across 1 directory wi…
f6feba8 
…th 6 updates

Updates the requirements on [boto3](https://github.com/boto/boto3), [cachetools](https://github.com/tkem/cachetools), [gunicorn](https://github.com/benoitc/gunicorn), [litellm[proxy]](https://github.com/BerriAI/litellm), [starlette](https://github.com/Kludex/starlette) and [uvicorn](https://github.com/Kludex/uvicorn) to permit the latest version.

Updates `boto3` from 1.40.76 to 1.42.64
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.40.76...1.42.64)

Updates `cachetools` from 7.0.2 to 7.0.5
- [Changelog](https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst)
- [Commits](tkem/cachetools@v7.0.2...v7.0.5)

Updates `gunicorn` to 25.1.0
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](benoitc/gunicorn@23.0.0...25.1.0)

Updates `litellm[proxy]` from 1.81.3 to 1.82.1
- [Release notes](https://github.com/BerriAI/litellm/releases)
- [Commits](https://github.com/BerriAI/litellm/commits/1.82.1)

Updates `starlette` to 0.52.1
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@0.40.0...0.52.1)

Updates `uvicorn` to 0.41.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.31.1...0.41.0)

---
updated-dependencies:
- dependency-name: boto3
  dependency-version: 1.42.64
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: cachetools
  dependency-version: 7.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: gunicorn
  dependency-version: 25.1.0
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: litellm[proxy]
  dependency-version: 1.82.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: starlette
  dependency-version: 0.52.1
  dependency-type: direct:production
  dependency-group: python-dependencies
- dependency-name: uvicorn
  dependency-version: 0.41.0
  dependency-type: direct:production
  dependency-group: python-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/pip/lib/serve/rest-api/src/develop/python-dependencies-2d0908b786 branch from a7c69cf to f6feba8 Compare March 17, 2026 09:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants