deps: bump the python-deps group across 1 directory with 3 updates

[dependabot]

Updates the requirements on starlette, sse-starlette and pytest-cov to permit the latest version.
Updates starlette to 1.0.0

Release notes

Sourced from starlette's releases.

Version 1.0.0

Starlette 1.0 is here! 🎉

After nearly eight years since its creation, Starlette has reached its first stable release.

A special thank you to @​lovelydinosaur, the creator of Starlette, Uvicorn, HTTPX and MkDocs, whose work helped to lay the foundation for the modern async Python ecosystem. 🙏

Thank you to @​adriangb, @​graingert, @​agronholm, @​florimondmanca, @​aminalaee, @​tiangolo, @​alex-oleshkevich, @​abersheeran, and @​uSpike for helping make Starlette what it is today. And to all my sponsors - especially @​tiangolo, @​huggingface, and @​elevenlabs - thank you for your support!

Thank you to all 290+ contributors who have shaped Starlette over the years! ❤️

Read more on the blog post.

Check out the full release notes at https://www.starlette.io/release-notes/#100-march-22-2026

---

Full Changelog: Kludex/starlette@1.0.0rc1...1.0.0

Changelog

Sourced from starlette's changelog.

1.0.0 (March 22, 2026)

Starlette 1.0 is here!

After nearly eight years since its creation, Starlette has reached its first stable release. Thank you to everyone who tested the release candidate and reported issues.

You can read more on the blog post.

Added

• Track session access and modification in SessionMiddleware #3166.

Fixed

• Handle websocket denial responses in StreamingResponse and FileResponse #3189.
• Use bytearray for field accumulation in FormParser #3179.
• Move parser.finalize() inside try/except in MultiPartParser.parse() #3153.

1.0.0rc1 (February 23, 2026)

We're ready! I'm thrilled to announce the first release candidate for Starlette 1.0.

Starlette was created in June 2018 by Tom Christie, and has been on ZeroVer for years. Today, it's downloaded almost 10 million times a day, serves as the foundation for FastAPI, and has inspired many other frameworks. In the age of AI, Starlette continues to play an important role as a dependency of the Python MCP SDK.

This release focuses on removing deprecated features that were marked for removal in 1.0.0, along with some last minute bug fixes. It's a release candidate, so we can gather feedback from the community before the final 1.0.0 release soon.

A huge thank you to all the contributors who have helped make Starlette what it is today. In particular, I'd like to recognize:

• Kim Christie - The original creator of Starlette, Uvicorn, and MkDocs, and the current maintainer of HTTPX. Kim's work helped lay the foundation for the modern async Python ecosystem.
• Adrian Garcia Badaracco - One of the smartest people I know, whom I have the pleasure of working with at Pydantic.
• Thomas Grainger - My async teacher, always ready to help with questions.
• Alex Grönholm - Another async mentor, always prompt to help with questions.
• Florimond Manca - Always present in the early days of both Starlette and Uvicorn, and helped a lot in the ecosystem.
• Amin Alaee - Contributed a lot with file-related PRs.
• Sebastián Ramírez - Maintains FastAPI upstream, and always in contact to help with upstream issues.
• Alex Oleshkevich - Helped a lot on templates and many discussions.
• abersheeran - My go-to person when I need help on many subjects.

I'd also like to thank my sponsors for their support. A special thanks to @​tiangolo, @​huggingface, and @​elevenlabs for their generous sponsorship, and to all my other sponsors:

... (truncated)

Commits

• 0e88e92 Version 1.0.0 (#3178)
• 9ee9519 Handle websocket denial responses in streaming and file responses (#3189)
• a0bcc26 chore(deps-dev): bump black from 26.1.0 to 26.3.1 (#3183)
• 79b3f26 chore(deps-dev): bump the python-packages group with 7 updates (#3168)
• 789b926 Use bytearray for field accumulation in FormParser (#3179)
• a1fd9d8 docs: fix typo in routing.md (#3176)
• c14d0f7 Document session cookie security flags (#3169)
• c2e2878 Move parser.finalize() inside try/except in MultiPartParser.parse() (#3153)
• 89630a8 chore(deps): bump the github-actions group with 3 updates (#3167)
• 4647e53 Track session access and modification in SessionMiddleware (#3166)
• Additional commits viewable in compare view

Updates sse-starlette to 3.3.4

Release notes

Sourced from sse-starlette's releases.

v3.3.4

What's Changed

• chore(deps): bump cbor2 from 5.8.0 to 5.9.0 by @​dependabot[bot] in sysid/sse-starlette#177
• chore(deps): bump ujson from 5.11.0 to 5.12.0 by @​dependabot[bot] in sysid/sse-starlette#176
• chore(deps): bump requests from 2.32.5 to 2.33.0 by @​dependabot[bot] in sysid/sse-starlette#178
• chore(deps): bump cryptography from 46.0.5 to 46.0.6 by @​dependabot[bot] in sysid/sse-starlette#179

Full Changelog: sysid/sse-starlette@v3.3.3...v3.3.4

Commits

• c938db3 Bump version to 3.3.4
• eefd6dc Merge pull request #179 from sysid/dependabot/uv/cryptography-46.0.6
• d9e9b82 chore(deps): bump cryptography from 46.0.5 to 46.0.6
• 28cd775 Merge pull request #178 from sysid/dependabot/uv/requests-2.33.0
• 2e52732 Merge pull request #176 from sysid/dependabot/uv/ujson-5.12.0
• bac335e Merge pull request #177 from sysid/dependabot/uv/cbor2-5.9.0
• d465468 chore(deps): bump requests from 2.32.5 to 2.33.0
• 7434cd3 chore(deps): bump cbor2 from 5.8.0 to 5.9.0
• fc2455a chore(deps): bump ujson from 5.11.0 to 5.12.0
• 5f84539 Bump version to 3.3.3
• Additional commits viewable in compare view

Updates pytest-cov to 7.1.0

Changelog

Sourced from pytest-cov's changelog.

7.1.0 (2026-03-21)

• Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See [#641](https://github.com/pytest-dev/pytest-cov/issues/641) <https://github.com/pytest-dev/pytest-cov/issues/641>_.

• Improve handling of ResourceWarning from sqlite3.

  The plugin adds warning filter for sqlite3 ResourceWarning unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.

  With this fix one can suppress ResourceWarning from sqlite3 from command line::

  pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...

• Various improvements to documentation. Contributed by Art Pelling in [#718](https://github.com/pytest-dev/pytest-cov/issues/718) <https://github.com/pytest-dev/pytest-cov/pull/718>_ and "vivodi" in [#738](https://github.com/pytest-dev/pytest-cov/issues/738) <https://github.com/pytest-dev/pytest-cov/pull/738>. Also closed [#736](https://github.com/pytest-dev/pytest-cov/issues/736) <https://github.com/pytest-dev/pytest-cov/issues/736>.

• Fixed some assertions in tests. Contributed by in Markéta Machová in [#722](https://github.com/pytest-dev/pytest-cov/issues/722) <https://github.com/pytest-dev/pytest-cov/pull/722>_.

• Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).

7.0.0 (2025-09-09)

• Dropped support for subprocesses measurement.

  It was a feature added long time ago when coverage lacked a nice way to measure subprocesses created in tests. It relied on a .pth file, there was no way to opt-out and it created bad interations with coverage's new patch system <https://coverage.readthedocs.io/en/latest/config.html#run-patch>_ added in 7.10 <https://coverage.readthedocs.io/en/7.10.6/changes.html#version-7-10-0-2025-07-24>_.

  To migrate to this release you might need to enable the suprocess patch, example for .coveragerc:

  .. code-block:: ini

  [run] patch = subprocess

  This release also requires at least coverage 7.10.6.

• Switched packaging to have metadata completely in pyproject.toml and use hatchling <https://pypi.org/project/hatchling/>_ for building. Contributed by Ofek Lev in [#551](https://github.com/pytest-dev/pytest-cov/issues/551) <https://github.com/pytest-dev/pytest-cov/pull/551>_ with some extras in [#716](https://github.com/pytest-dev/pytest-cov/issues/716) <https://github.com/pytest-dev/pytest-cov/pull/716>_.

• Removed some not really necessary testing deps like six.

... (truncated)

Commits

• 66c8a52 Bump version: 7.0.0 → 7.1.0
• f707662 Make the examples use pypy 3.11.
• 6049a78 Make context test use the old ctracer (seems the new sysmon tracer behaves di...
• 8ebf20b Update changelog.
• 861d30e Remove the backup context manager - shouldn't be needed since coverage 5.0, ...
• fd4c956 Pass the precision on the nulled total (seems that there's some caching goion...
• 78c9c4e Only run the 3.9 on older deps.
• 4849a92 Punctuation.
• 197c35e Update changelog and hopefully I don't forget to publish release again :))
• 14dc1c9 Update examples to use 3.11 and make the adhoc layout example look a bit more...
• Additional commits viewable in compare view

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.