Bump the python group across 1 directory with 7 updates

[dependabot]

Updates the requirements on pydantic-settings[yaml], uvicorn[standard], sqlalchemy[asyncio], boto3, boto3-stubs[dynamodb], moto[dynamodb] and ruff to permit the latest version.
Updates pydantic-settings[yaml] to 2.13.1

Commits

• e87d12d v2.13.1 (#790)
• acf8c14 Fix JSON decoding for parameterized PEP 695 type aliases (#780)
• 58b236a Fix AttributeError with nested env vars for dict fields (#785) (#786)
• 4933f06 Fix CLI parsing error for set field types since 2.13.0 (#787) (#788)
• bd0ebe6 Fix RecursionError with self-referential models in CliApp (#783)
• eb7840e Fix regression for bool fields since 2.13.0 (#784)
• 198e71c Prepare release 2.13.0 (#777)
• de71e84 Add nested path support for yaml_config_section (fixes #772) (#773)
• 0f8f951 CLI Union Discriminator Choices in Help (#764)
• ce9804c CLI coerce numeric types. (#769)
• Additional commits viewable in compare view

Updates uvicorn[standard] to 0.44.0

Release notes

Sourced from uvicorn[standard]'s releases.

Version 0.44.0

What's Changed

• Implement websocket keepalive pings for websockets-sansio by @​Kludex in Kludex/uvicorn#2888

Full Changelog: Kludex/uvicorn@0.43.0...0.44.0

Changelog

Sourced from uvicorn[standard]'s changelog.

0.44.0 (April 6, 2026)

Added

• Implement websocket keepalive pings for websockets-sansio (#2888)

0.43.0 (April 3, 2026)

You can quit Uvicorn now. We heard you, @​pamelafox - all 47 of your Ctrl+C's (thanks for flagging it, and thanks to @​tiangolo for the fix 🙏). See the tweet.

Changed

• Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)
• Use native context parameter for create_task on Python 3.11+ (#2859)
• Drop cast in ASGI types (#2875)

0.42.0 (March 16, 2026)

Changed

• Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

• Escape brackets and backslash in httptools HEADER_RE regex (#2824)
• Fix multiple issues in websockets sans-io implementation (#2825)

0.41.0 (February 16, 2026)

Added

• Add --limit-max-requests-jitter to stagger worker restarts (#2707)
• Add socket path to scope["server"] (#2561)

Changed

• Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

• Ignore permission denied errors in watchfiles reloader (#2817)
• Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
• Reduce the log level of 'request limit exceeded' messages (#2788)

0.40.0 (December 21, 2025)

Remove

• Drop support for Python 3.9 (#2772)

... (truncated)

Commits

• edb54c4 Version 0.44.0 (#2890)
• 029be08 Implement websocket keepalive pings for websockets-sansio (#2888)
• 8d397c7 Version 0.43.0 (#2885)
• 587042d 🐛 Emit http.disconnect ASGI receive() event on server shutting down for s...
• c9a75fb chore(deps): bump the github-actions group with 3 updates (#2878)
• 84fd578 chore(deps): bump pygments from 2.19.2 to 2.20.0 (#2877)
• cd52d34 Use native context parameter for create_task on Python 3.11+ (#2859)
• 5211880 Drop cast in ASGI types (#2875)
• 1cb8e74 Add websocket 500 fallback header test (#2874)
• 28efbb2 chore(deps-dev): bump cryptography from 46.0.5 to 46.0.6 (#2873)
• Additional commits viewable in compare view

Updates sqlalchemy[asyncio] to 2.0.49

Release notes

Sourced from sqlalchemy[asyncio]'s releases.

2.0.49

Released: April 3, 2026

orm

• [orm] [bug] Fixed issue where _orm.Session.get() would bypass the identity map and emit unnecessary SQL when with_for_update=False was passed, rather than treating it equivalently to the default of None. Pull request courtesy of Joshua Swanson.

  References: #13176

• [orm] [bug] Fixed issue where chained _orm.joinedload() options would not be applied correctly when the final relationship in the chain is declared on a base mapper and accessed through a subclass mapper in a _orm.with_polymorphic() query. The path registry now correctly computes the natural path when a property declared on a base class is accessed through a path containing a subclass mapper, ensuring the loader option can be located during query compilation.

  References: #13193

• [orm] [bug] [inheritance] Fixed issue where using _orm.Load.options() to apply a chained loader option such as _orm.joinedload() or _orm.selectinload() with _orm.PropComparator.of_type() for a polymorphic relationship would not generate the necessary clauses for the polymorphic subclasses. The polymorphic loading strategy is now correctly propagated when using a call such as joinedload(A.b).options(joinedload(B.c.of_type(poly))) to match the behavior of direct chaining e.g. joinedload(A.b).joinedload(B.c.of_type(poly)).

  References: #13202

• [orm] [bug] [inheritance] Fixed issue where using chained loader options such as _orm.selectinload() after _orm.joinedload() with _orm.PropComparator.of_type() for a polymorphic relationship would not properly apply the chained loader option. The loader option is now correctly applied when using a call such as joinedload(A.b.of_type(poly)).selectinload(poly.SubClass.c) to eagerly load related objects.

  References: #13209

typing

• [typing] [bug] Fixed a typing issue where the typed members of :data:.func would return the appropriate class of the same name, however this creates an issue for

... (truncated)

Commits

• See full diff in compare view

Updates boto3 from 1.42.85 to 1.42.88

Commits

• f92a06c Merge branch 'release-1.42.88'
• 9bdec29 Bumping version to 1.42.88
• d880788 Add changelog entries from botocore
• 39a4122 chore: add additional text to CONTRIBUTING.rst (#4749)
• 8d65320 Merge branch 'release-1.42.87'
• fdcbb88 Merge branch 'release-1.42.87' into develop
• aff7ae5 Bumping version to 1.42.87
• a58071d Add changelog entries from botocore
• bf26a45 Add boto3 version clarification for login with console credentials (#4758)
• a4315bc Merge branch 'release-1.42.86'
• Additional commits viewable in compare view

Updates boto3-stubs[dynamodb] to 1.42.88

Commits

• See full diff in compare view

Updates moto[dynamodb] to 5.1.22

Changelog

Sourced from moto[dynamodb]'s changelog.

5.1.22

Docker Digest for 5.1.22: sha256:1e3802c95726373544967b428201c548f0247c15b00db2d96a5ba0a77d8643b8

New Methods:
    * APIGateway:
        * delete_model()
* Athena:
    * tag_resource()
    * untag_resource()


Pipes:

list_tags_for_resource()



OSIS:

delete_resource_policy()
get_resource_policy()
put_resource_policy()



RDS:

copy_db_cluster_parameter_group()



STS:

get_access_key_info()



Transfer:

list_servers()





Miscellaneous:
* CloudFormation now supports the creation/update/deletion of AWS::CloudWatch::Dashboard resources
* CloudFormation now supports the creation/update/deletion of AWS::KMS::Alias resources
* CloudFormation now supports the creation/update/deletion of AWS::SSM::Document resources
* EC2: create_fleet() now supports the parameters DryRun and LaunchTemplateConfigs.Overrides
* EC2: describe_network_interfaces() now supports the 'attachment.attachment-id'-filter
* EC2: Instances created from a LaunchTemplate now have the 'aws:ec2launchtemplate:id' and 'aws:ec2launchtemplate:version' tags
* RDS: create_db_cluster_parameter_group() now validates the provided group name/description/familiy
* RDS: delete_db_cluster_parameter_group() now validates that the provided group exists
* S3: delete_object() now supports IfMatch
* SecretsManager: create-secret() now throw ResourceExistsException for duplicate requests with different token (broken since 5.1.11)
* SQS: send_message() now returns the SequenceNumber-attribute
* VPCLattice: list_access_log_subscriptions() now also supports arns as resourceIdentifiers

5.1.21

Docker Digest for 5.1.21: sha256:93ad54da7badce7f9c13e5e6439c93564c764663c42872d2c39f718aa484047a

General:
    * Moto now supports the new AWS partition for the EU sovereign cloud ('eusc-de-east-1')

... (truncated)

Commits

• 28d5ca8 Pre-Release: Up Version Number
• f58dc18 Prep release 5.1.22 (#9824)
• 84cbb40 chore: update SSM default parameters (#9828)
• 2f32dc1 chore: update EC2 Instance Types (#9827)
• 2a1c7ca chore: update EC2 Instance Offerings (#9826)
• e063c5a chore: update EMR Instance Types (#9825)
• 681b47a API Gateway: implement DeleteModel operation (#9823)
• d652e4a STS: implement GetAccessKeyInfo operation (#9822)
• 40a6520 Implement Athena TagResource and UntagResource (#9796)
• dc425e8 Modernize Java tests (#9817)
• Additional commits viewable in compare view

Updates ruff from 0.15.9 to 0.15.10

Release notes

Sourced from ruff's releases.

0.15.10

Release Notes

Released on 2026-04-09.

Preview features

• [flake8-logging] Allow closures in except handlers (LOG004) (#24464)
• [flake8-self] Make SLF diagnostics robust to non-self-named variables (#24281)
• [flake8-simplify] Make the fix for collapsible-if safe in preview (SIM102) (#24371)

Bug fixes

• Avoid emitting multi-line f-string elements before Python 3.12 (#24377)
• Avoid syntax error from E502 fixes in f-strings and t-strings (#24410)
• Strip form feeds from indent passed to dedent_to (#24381)
• [pyupgrade] Fix panic caused by handling of octals (UP012) (#24390)
• Reject multi-line f-string elements before Python 3.12 (#24355)

Rule changes

• [ruff] Treat f-string interpolation as potential side effect (RUF019) (#24426)

Server

• Add support for custom file extensions (#24463)

Documentation

• Document adding fixes in CONTRIBUTING.md (#24393)
• Fix JSON typo in settings example (#24517)

Contributors

• @​charliermarsh
• @​dylwil3
• @​silverstein
• @​anishgirianish
• @​shizukushq
• @​zanieb
• @​AlexWaygood

Install ruff 0.15.10

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.10/ruff-installer.sh | sh

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.10

Released on 2026-04-09.

Preview features

• [flake8-logging] Allow closures in except handlers (LOG004) (#24464)
• [flake8-self] Make SLF diagnostics robust to non-self-named variables (#24281)
• [flake8-simplify] Make the fix for collapsible-if safe in preview (SIM102) (#24371)

Bug fixes

• Avoid emitting multi-line f-string elements before Python 3.12 (#24377)
• Avoid syntax error from E502 fixes in f-strings and t-strings (#24410)
• Strip form feeds from indent passed to dedent_to (#24381)
• [pyupgrade] Fix panic caused by handling of octals (UP012) (#24390)
• Reject multi-line f-string elements before Python 3.12 (#24355)

Rule changes

• [ruff] Treat f-string interpolation as potential side effect (RUF019) (#24426)

Server

• Add support for custom file extensions (#24463)

Documentation

• Document adding fixes in CONTRIBUTING.md (#24393)
• Fix JSON typo in settings example (#24517)

Contributors

• @​charliermarsh
• @​dylwil3
• @​silverstein
• @​anishgirianish
• @​shizukushq
• @​zanieb
• @​AlexWaygood

Commits

• 252f761 Bump 0.15.10 (#24519)
• 37a1ec8 [ty] Fix assignability of intersections with bounded typevars (#24502)
• f518cc9 [ty] Allow partially stringified type[…] annotations (#24518)
• 16c4090 docs: fix JSON typo in settings example (#24517)
• 99d97bd [ty] Tighten up a few edge cases in Concatenate type-expression parsing (#2...
• 2714e34 [ty] Enable pull-diagnostics by default in E2E tests (#24516)
• d8bc700 LSP: Add support for custom extensions (#24463)
• a45f96d [ty] stop special-casing str constructor (#24514)
• 87a0f01 [ruff] Treat f-string interpolation as potential side effect in RUF019 (#24426)
• e9ba848 [ty] Fix excess subscript argument inference for non-generic types (#24354)
• Additional commits viewable in compare view

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.