Bump the python-packages group with 5 updates

[dependabot]

Bumps the python-packages group with 5 updates:

Package	From	To
pydantic-settings	2.13.0	2.13.1
sqlalchemy	2.0.46	2.0.47
fastapi	0.129.0	0.133.1
faker	40.4.0	40.5.1
ruff	0.15.1	0.15.2

Updates pydantic-settings from 2.13.0 to 2.13.1

Commits

• e87d12d v2.13.1 (#790)
• acf8c14 Fix JSON decoding for parameterized PEP 695 type aliases (#780)
• 58b236a Fix AttributeError with nested env vars for dict fields (#785) (#786)
• 4933f06 Fix CLI parsing error for set field types since 2.13.0 (#787) (#788)
• bd0ebe6 Fix RecursionError with self-referential models in CliApp (#783)
• eb7840e Fix regression for bool fields since 2.13.0 (#784)
• See full diff in compare view

Updates sqlalchemy from 2.0.46 to 2.0.47

Release notes

Sourced from sqlalchemy's releases.

2.0.47

Released: February 24, 2026

orm

• [orm] [bug] Fixed issue when using ORM mappings with Python 3.14's PEP 649 feature that no longer requires "future annotations", where the ORM's introspection of the __init__ method of mapped classes would fail if non-present identifiers in annotations were present. The vendored getfullargspec() method has been amended to use Format.FORWARDREF under Python 3.14 to prevent resolution of names that aren't present.

  References: #13104

engine

• [engine] [usecase] The connection object returned by _engine.Engine.raw_connection() now supports the context manager protocol, automatically returning the connection to the pool when exiting the context.

  References: #13116

postgresql

• [postgresql] [bug] Fixed an issue in the PostgreSQL dialect where foreign key constraint reflection would incorrectly swap or fail to capture onupdate and ondelete values when these clauses appeared in a different order than expected in the constraint definition. This issue primarily affected PostgreSQL-compatible databases such as CockroachDB, which may return ON DELETE before ON UPDATE in the constraint definition string. The reflection logic now correctly parses both clauses regardless of their ordering.

  References: #13105

• [postgresql] [bug] Fixed issue in the engine_insertmanyvalues feature where using PostgreSQL's ON CONFLICT clause with _dml.Insert.returning.sort_by_parameter_order enabled would generate invalid SQL when the insert used an implicit sentinel (server-side autoincrement primary key). The generated SQL would incorrectly declare a sentinel counter column in the imp_sen table alias without providing corresponding values in the VALUES clause, leading to a ProgrammingError indicating column count mismatch. The fix allows batch execution mode when embed_values_counter is active, as the embedded counter provides the ordering capability needed even with upsert behaviors, rather than unnecessarily downgrading to row-at-a-time execution.

... (truncated)

Commits

• See full diff in compare view

Updates fastapi from 0.129.0 to 0.133.1

Release notes

Sourced from fastapi's releases.

0.133.1

Features

• 🔧 Add FastAPI Agent Skill. PR #14982 by @​tiangolo.
  • Read more about it in Library Agent Skills.

Internal

• ✅ Fix all tests are skipped on Windows. PR #14994 by @​YuriiMotov.

0.133.0

Upgrades

• ⬆️ Add support for Starlette 1.0.0+. PR #14987 by @​tiangolo.

0.132.1

Refactors

• ♻️ Refactor logic to handle OpenAPI and Swagger UI escaping data. PR #14986 by @​tiangolo.

Internal

• 👥 Update FastAPI People - Experts. PR #14972 by @​tiangolo.
• 👷 Allow skipping benchmark job in test workflow. PR #14974 by @​YuriiMotov.

0.132.0

Breaking Changes

• 🔒️ Add strict_content_type checking for JSON requests. PR #14978 by @​tiangolo.
  • Now FastAPI checks, by default, that JSON requests have a Content-Type header with a valid JSON value, like application/json, and rejects requests that don't.
  • If the clients for your app don't send a valid Content-Type header you can disable this with strict_content_type=False.
  • Check the new docs: Strict Content-Type Checking.

Internal

• ⬆ Bump flask from 3.1.2 to 3.1.3. PR #14949 by @​dependabot[bot].
• ⬆ Update all dependencies to use griffelib instead of griffe. PR #14973 by @​svlandeg.
• 🔨 Fix FastAPI People workflow. PR #14951 by @​YuriiMotov.
• 👷 Do not run codspeed with coverage as it's not tracked. PR #14966 by @​tiangolo.
• 👷 Do not include benchmark tests in coverage to speed up coverage processing. PR #14965 by @​tiangolo.

0.131.0

Breaking Changes

• 🗑️ Deprecate ORJSONResponse and UJSONResponse. PR #14964 by @​tiangolo.

0.130.0

Features

• ✨ Serialize JSON response with Pydantic (in Rust), when there's a Pydantic return type or response model. PR #14962 by @​tiangolo.

... (truncated)

Commits

• a4ad07b 📝 Update release notes
• 728b097 🔖 Release version 0.133.1
• 84a8760 📝 Update release notes
• 4d78ca6 📝 Update release notes
• 4fce9ce 🔧 Add FastAPI Agents Skill (#14982)
• 2b47673 📝 Update release notes
• 1fa1065 ✅ Fix all tests are skipped on Windows (#14994)
• daba0aa 🔖 Release version 0.133.0
• 0c3581d 📝 Update release notes
• c73bc94 ⬆️ Add support for Starlette 1.0.0+ (#14987)
• Additional commits viewable in compare view

Updates faker from 40.4.0 to 40.5.1

Release notes

Sourced from faker's releases.

Release v40.5.1

See CHANGELOG.md.

Release v40.5.0

See CHANGELOG.md.

Changelog

Sourced from faker's changelog.

v40.5.1 - 2026-02-23

• Fix _get_local_timezone() missing return statement. Thanks @​bysiber.

v40.5.0 - 2026-02-23

• Add missing formats and remove duplicates in user_name_formats. Thanks @​WannaFight.

Commits

• 5f403be Bump version: 40.5.0 → 40.5.1
• a573f1f 📝 Update CHANGELOG.md
• 143c483 Bump version: 40.4.0 → 40.5.0
• 298613b 📝 Update CHANGELOG.md
• 8823340 Fix _get_local_timezone() missing return statement (#2327)
• 83b3ca3 💄 lint code
• f2c15df test: add unit tests for slugify utility function (#2323)
• 9ae0122 docs: Add AI Provider to community providers list (#2321)
• 40ffcaa Docs: Add faker-ecommerce-provider to community providers (#2319)
• f62ecf9 fix: add missing formats and remove duplicates in user_name_formats (#2318)
• See full diff in compare view

Updates ruff from 0.15.1 to 0.15.2

Release notes

Sourced from ruff's releases.

0.15.2

Release Notes

Released on 2026-02-19.

Preview features

• Expand the default rule set (#23385)

  In preview, Ruff now enables a significantly expanded default rule set of 412 rules, up from the stable default set of 59 rules. The new rules are mostly a superset of the stable defaults, with the exception of these rules, which are removed from the preview defaults:

  • multiple-imports-on-one-line (E401)
  • module-import-not-at-top-of-file (E402)
  • module-import-not-at-top-of-file (E701)
  • multiple-statements-on-one-line-semicolon (E702)
  • useless-semicolon (E703)
  • none-comparison (E711)
  • true-false-comparison (E712)
  • not-in-test (E713)
  • not-is-test (E714)
  • type-comparison (E721)
  • lambda-assignment (E731)
  • ambiguous-variable-name (E741)
  • ambiguous-class-name (E742)
  • ambiguous-function-name (E743)
  • undefined-local-with-import-star (F403)
  • undefined-local-with-import-star-usage (F405)
  • undefined-local-with-nested-import-star-usage (F406)
  • forward-annotation-syntax-error (F722)

  If you use preview and prefer the old defaults, you can restore them with configuration like:

  # ruff.toml
  [lint]
  select = ["E4", "E7", "E9", "F"]
  pyproject.toml
  [tool.ruff.lint]
  select = ["E4", "E7", "E9", "F"]

  If you do give them a try, feel free to share your feedback in the GitHub discussion!

• [flake8-pyi] Also check string annotations (PYI041) (#19023)

Bug fixes

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.2

Released on 2026-02-19.

Preview features

• Expand the default rule set (#23385)

  In preview, Ruff now enables a significantly expanded default rule set of 412 rules, up from the stable default set of 59 rules. The new rules are mostly a superset of the stable defaults, with the exception of these rules, which are removed from the preview defaults:

  • multiple-imports-on-one-line (E401)
  • module-import-not-at-top-of-file (E402)
  • module-import-not-at-top-of-file (E701)
  • multiple-statements-on-one-line-semicolon (E702)
  • useless-semicolon (E703)
  • none-comparison (E711)
  • true-false-comparison (E712)
  • not-in-test (E713)
  • not-is-test (E714)
  • type-comparison (E721)
  • lambda-assignment (E731)
  • ambiguous-variable-name (E741)
  • ambiguous-class-name (E742)
  • ambiguous-function-name (E743)
  • undefined-local-with-import-star (F403)
  • undefined-local-with-import-star-usage (F405)
  • undefined-local-with-nested-import-star-usage (F406)
  • forward-annotation-syntax-error (F722)

  If you use preview and prefer the old defaults, you can restore them with configuration like:

  # ruff.toml
  [lint]
  select = ["E4", "E7", "E9", "F"]
  pyproject.toml
  [tool.ruff.lint]
  select = ["E4", "E7", "E9", "F"]

  If you do give them a try, feel free to share your feedback in the GitHub discussion!

... (truncated)

Commits

• 9d18ee9 Hard code workflow name and cancel-in-progress only for PRs (#23431)
• 7cc15f0 Bump 0.15.2 (#23430)
• d1b5443 Add extension mapping to configuration file options (#23384)
• 222574a Expand the default rule set (#23385)
• 1465b5d [flake8-async] Fix in_async_context logic (#23426)
• 410902f [pyupgrade] Fix handling of typing.{io,re} (UP035) (#23131)
• 729610a [ty] Fall back to ambiguous for large control flow graphs (#23399)
• 1425c18 [ty] Add code folding support
• 97acaae [ty] Fix stack overflow for self-referential TypeOf in annotations (#23407)
• 1f380c8 [ty] Update tests reveal_type and Never (#23418)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Coverage Report •

File	Stmts	Miss	Branch	BrPart	Cover	Missing
TOTAL	5311	614	812	159	88%

report-only-changed-files is enabled. No files were changed during this commit :)