deps(deps): bump the python-minor group across 1 directory with 5 updates

[dependabot]

Bumps the python-minor group with 5 updates in the / directory:

Package	From	To
fastapi	0.127.0	0.128.0
alembic	1.17.2	1.18.1
aiosqlite	0.22.0	0.22.1
prometheus-client	0.23.1	0.24.1
ruff	0.14.10	0.14.13

Updates fastapi from 0.127.0 to 0.128.0

Release notes

Sourced from fastapi's releases.

0.128.0

Breaking Changes

• ➖ Drop support for pydantic.v1. PR #14609 by @​tiangolo.

Internal

• ✅ Run performance tests only on Pydantic v2. PR #14608 by @​tiangolo.

0.127.1

Refactors

• 🔊 Add a custom FastAPIDeprecationWarning. PR #14605 by @​tiangolo.

Docs

• 📝 Add documentary to website. PR #14600 by @​tiangolo.

Translations

• 🌐 Update translations for de (update-outdated). PR #14602 by @​nilslindemann.
• 🌐 Update translations for de (update-outdated). PR #14581 by @​nilslindemann.

Internal

• 🔧 Update pre-commit to use local Ruff instead of hook. PR #14604 by @​tiangolo.
• ✅ Add missing tests for code examples. PR #14569 by @​YuriiMotov.
• 👷 Remove lint job from test CI workflow. PR #14593 by @​YuriiMotov.
• 👷 Update secrets check. PR #14592 by @​tiangolo.
• 👷 Run CodSpeed tests in parallel to other tests to speed up CI. PR #14586 by @​tiangolo.
• 🔨 Update scripts and pre-commit to autofix files. PR #14585 by @​tiangolo.

Commits

• 8322a44 🔖 Release version 0.128.0
• 4b2cfcf 📝 Update release notes
• e300630 ➖ Drop support for pydantic.v1 (#14609)
• 1b3bea8 📝 Update release notes
• 34e8841 ✅ Run performance tests only on Pydantic v2 (#14608)
• cd90c78 🔖 Release version 0.127.1
• 93f4dfd 📝 Update release notes
• 535b5da 🔊 Add a custom FastAPIDeprecationWarning (#14605)
• 6b53786 📝 Update release notes
• d98f4eb 🔧 Update pre-commit to use local Ruff instead of hook (#14604)
• Additional commits viewable in compare view

Updates alembic from 1.17.2 to 1.18.1

Release notes

Sourced from alembic's releases.

1.18.1

Released: January 14, 2026

bug

• [bug] [autogenerate] Fixed issue in new plugin system where the configured logger was not correctly using the __name__ token to identify the logger.

  References: #1779

• [bug] [operations] Revised the change regarding SQLAlchemy 2.1 and deprecation warnings related to isolate_from_table=True. Further developments in release 2.1 have revised how this parameter will be modified.

1.18.0

Released: January 9, 2026

feature

• [feature] [operations] When alembic is run in "verbose" mode, alembic now logs a message to indicate from which file is used to load the configuration.

  References: #1737

• [feature] [autogenerate] Autogenerate reflection sweeps now use the "bulk" inspector methods introduced in SQLAlchemy 2.0, which for selected dialects including PostgreSQL and Oracle use batched queries to reflect whole collections of tables using O(1) queries rather than O(N).

  References: #1771

• [feature] [autogenerate] Release 1.18.0 introduces a plugin system that allows for automatic loading of third-party extensions as well as configurable autogenerate compare functionality on a per-environment basis.

  The Plugin class provides a common interface for extensions that register handlers among Alembic's existing extension points such as Operations.register_operation() and Operations.implementation_for(). A new interface for registering autogenerate comparison handlers, Plugin.add_autogenerate_comparator(), provides for autogenerate compare functionality that may be custom-configured on a per-environment basis using the new EnvironmentContext.configure.autogenerate_plugins parameter.

  The change does not impact well known Alembic add-ons such as

... (truncated)

Commits

• See full diff in compare view

Updates aiosqlite from 0.22.0 to 0.22.1

Changelog

Sourced from aiosqlite's changelog.

v0.22.1

Bug fix release

NOTE: Starting with v0.22.0, the aiosqlite.Connection object no longer inherits from threading.Thread. If not using aiosqlite as a context manager, clients must await connection.close() or call connection.stop() to ensure the helper thread is completed and terminated correctly. A ResourceWarning will be emitted for any connection that is garbage collected without being closed or stopped.

• Added synchronous stop() method to aiosqlite.Connection to enable safe cleanup and termination of the background thread without dependence on having an active event loop (#370)

$ git shortlog -s v0.22.0...v0.22.1
     2	Amethyst Reese

Commits

• 9b127ce Version bump v0.22.1
• 5c3f61c Improve stop semantics for connections (#370)
• See full diff in compare view

Updates prometheus-client from 0.23.1 to 0.24.1

Release notes

Sourced from prometheus-client's releases.

v0.24.1

• [Django] Pass correct registry to MultiProcessCollector by @​jelly in prometheus/client_python#1152

v0.24.0

What's Changed

• Add an AIOHTTP exporter by @​Lexicality in prometheus/client_python#1139
• Add remove_matching() method for metric label deletion by @​hazel-shen in prometheus/client_python#1121
• fix(multiprocess): avoid double-building child metric names (#1035) by @​hazel-shen in prometheus/client_python#1146
• Don't interleave histogram metrics in multi-process collector by @​cjwatson in prometheus/client_python#1148
• Relax registry type annotations for exposition by @​cjwatson in prometheus/client_python#1149
• Added compression support in pushgateway by @​ritesh-avesha in prometheus/client_python#1144
• Add Django exporter (#1088) by @​Chadys in prometheus/client_python#1143

Full Changelog: prometheus/client_python@v0.23.1...v0.24.0

Commits

• f417f6e Release 0.24.1
• 6f0e967 Pass correct registry to MultiProcessCollector (#1152)
• c5024d3 Release 0.24.0
• e1cdc20 Add Django exporter (#1088) (#1143)
• 7b99592 Added compression support in pushgateway (#1144)
• 13df124 Relax registry type annotations for exposition (#1149)
• a264ec0 Don't interleave histogram metrics in multi-process collector (#1148)
• e8f8bae fix(multiprocess): avoid double-building child metric names (#1035) (#1146)
• 1783ca8 Add support for Python 3.14 (#1142)
• 378510b Add remove_matching() method for metric label deletion (#1121)
• Additional commits viewable in compare view

Updates ruff from 0.14.10 to 0.14.13

Release notes

Sourced from ruff's releases.

0.14.13

Release Notes

Released on 2026-01-15.

This is a follow-up release to 0.14.12. Because of an issue publishing the WASM packages, there is no GitHub release or Git tag for 0.14.12, although the package was published to PyPI. The contents of the 0.14.13 release are identical to 0.14.12.

0.14.12

Preview features

• [flake8-blind-except] Allow more logging methods (BLE001) (#22057)
• [ruff] Respect lint.pydocstyle.property-decorators in RUF066 (#22515)

Bug fixes

• Fix configuration path in --show-settings (#22478)
• Respect fmt: skip for multiple statements on the same logical line (#22119)

Rule changes

• [pydocstyle] Update Rust crate imperative to v1.0.7 (D401) (#22519)
• [isort] Insert imports in alphabetical order (I002) (#22493)

Documentation

• Add llms.txt support for documentation (#22463)
• Use prek in documentation and CI (#22505)
• [flake8-pytest-style] Add check parameter example to PT017 docs (#22546)
• [ruff] Make example error out-of-the-box (RUF103) (#22558)
• [ruff] document RUF100 trailing comment fix behavior (#22479)

Other changes

• wasm: Require explicit logging initialization (#22587)

Contributors

• @​terror
• @​harupy
• @​Jkhall81
• @​dhruvmanila
• @​lubaskinc0de
• @​zanieb
• @​MeGaGiGaGon
• @​charliermarsh
• @​renovate
• @​dylwil3
• @​MichaReiser
• @​11happy

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.13

Released on 2026-01-15.

This is a follow-up release to 0.14.12. Because of an issue publishing the WASM packages, there is no GitHub release or Git tag for 0.14.12, although the package was published to PyPI. The contents of the 0.14.13 release are identical to 0.14.12.

0.14.12

Released on 2026-01-15.

Preview features

• [flake8-blind-except] Allow more logging methods (BLE001) (#22057)
• [ruff] Respect lint.pydocstyle.property-decorators in RUF066 (#22515)

Bug fixes

• Fix configuration path in --show-settings (#22478)
• Respect fmt: skip for multiple statements on the same logical line (#22119)

Rule changes

• [pydocstyle] Update Rust crate imperative to v1.0.7 (D401) (#22519)
• [isort] Insert imports in alphabetical order (I002) (#22493)

Documentation

• Add llms.txt support for documentation (#22463)
• Use prek in documentation and CI (#22505)
• [flake8-pytest-style] Add check parameter example to PT017 docs (#22546)
• [ruff] Make example error out-of-the-box (RUF103) (#22558)
• [ruff] document RUF100 trailing comment fix behavior (#22479)

Other changes

• wasm: Require explicit logging initialization (#22587)

Contributors

• @​terror
• @​harupy
• @​Jkhall81
• @​dhruvmanila
• @​lubaskinc0de
• @​zanieb
• @​MeGaGiGaGon
• @​charliermarsh
• @​renovate
• @​dylwil3
• @​MichaReiser

... (truncated)

Commits

• b4b8299 [ty] Make NamedTuple(...) and namedtuple(...) calls stricter (#22601)
• fd9f87d Bump 0.14.13 (#22604)
• 048f02f [ty] Remove redundant re-exports that share the same top-most module
• a72af10 [ty] Add ModuleName::top
• 2f34836 [ty] Add test capturing redundant re-exports from pandas
• db9eee7 [ty] Attach origin module on to re-exported symbols
• 2cbd68a [ty] Move fully qualified name into auto-import implementation
• 2a09467 Add trailing slashes to npm publish paths (#22603)
• eca58ca [ty] Override __file__ to str when applicable on imported modules (#22333)
• aa9f1b2 Further improvements to typing conformance script (#22596)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.