⬆ Bump the python-packages group with 18 updates

[dependabot]

Updates the requirements on zizmor, fastapi[standard], python-multipart, tenacity, pydantic, emails, alembic, psycopg[binary], sqlmodel, pydantic-settings, sentry-sdk[fastapi], pyjwt, pytest, mypy, ty, ruff, prek and coverage to permit the latest version.
Updates zizmor from 1.23.1 to 1.25.2

Release notes

Sourced from zizmor's releases.

v1.25.2

Bug Fixes 🐛🔗

• Fixed a bug where the unpinned-tools audit would incorrectly flag the aquasecurity/trivy-action action as installing an unpinned tool version, rather than aquasecurity/setup-trivy (#2018)

v1.25.1

Bug Fixes 🐛🔗

• Fixed a bug where the cache-poisoning audit would fail to consider release events as exempt from cache usage findings when filtered by a tag condition (#2004)

• Fixed a typo when suggesting --fix flags for findings (#2010)

  Many thanks to @​0xdea for implementing this fix!

• Fixed a typo in unpinned-tools annotations (#2008)

  Many thanks to @​martincostello for implementing this fix!

• Fixed a bug where the github-app audit would incorrectly flag some safe uses of actions/create-github-app-token as unsafe (#2011)

v1.25.0

New Features 🌈🔗

• zizmor's finding severities can now be remapped on a per-audit basis. See the configuration for details (#1913)

  Many thanks to @​Proximyst for proposing and implementing this improvement!

• New audit: github-app detects dangerous usages of GitHub App installation tokens (#1926)

• New audit: [unpinned-tools] detects actions that install tools without pinning to a specific version (#1820)

• zizmor now accepts the --no-ignores flag to disable all ignore comments and configurations when reporting findings (#1935)

• zizmor's LSP now honors the --persona flag on the CLI (#1943)

• zizmor is now aware of Docker-based action definitions, in addition to the pre-existing support for "composite" actions (#1965)

Enhancements🔗

• Recommend gh issue edit --add-label / gh pr edit --add-label as a replacement for actions-ecosystem/action-add-labels in superfluous-actions

• Recommend gh issue edit --remove-label / gh pr edit --remove-label as a replacement for actions-ecosystem/action-remove-labels in superfluous-actions

• Recommend jq as a replacement for sergeysova/jq-action in superfluous-actions

• Recommend git add, git commit, and git push as a replacement for stefanzweifel/git-auto-commit-action in superfluous-actions

• Recommend git add, git commit, and git push as a replacement for EndBug/add-and-commit in superfluous-actions

• tibdex/github-app-token is now recognized as an archived action by archived-uses (#1910)

... (truncated)

Changelog

Sourced from zizmor's changelog.

1.25.2

Bug Fixes 🐛

• Fixed a bug where the [unpinned-tools] audit would incorrectly flag the @​aquasecurity/trivy-action action as installing an unpinned tool version, rather than @​aquasecurity/setup-trivy (#2018)

1.25.1

Bug Fixes 🐛

• Fixed a bug where the [cache-poisoning] audit would fail to consider release events as exempt from cache usage findings when filtered by a tag condition (#2004)

• Fixed a typo when suggesting --fix flags for findings (#2010)

  Many thanks to @​0xdea for implementing this fix!

• Fixed a typo in [unpinned-tools] annotations (#2008)

  Many thanks to @​martincostello for implementing this fix!

• Fixed a bug where the [github-app] audit would incorrectly flag some safe uses of @​actions/create-github-app-token as unsafe (#2011)

1.25.0

New Features 🌈

• zizmor's finding severities can now be remapped on a per-audit basis. See the configuration for details (#1913)

  Many thanks to @​Proximyst for proposing and implementing this improvement!

• New audit: [github-app] detects dangerous usages of GitHub App installation tokens (#1926)

• New audit: [unpinned-tools] detects actions that install tools without pinning to a specific version (#1820)

• zizmor now accepts the --no-ignores flag to disable all ignore comments and configurations when reporting findings (#1935)

• zizmor's LSP now honors the --persona flag on the CLI (#1943)

• zizmor is now aware of Docker-based action definitions, in addition to the pre-existing support for "composite" actions (#1965)

... (truncated)

Commits

• b50d8f6 zizmor 1.25.2 (#2022)
• e8c9648 Bump rustls-webpki to 0.103.13 (#2021)
• 9e19bde Bump aws-lc crates (#2020)
• 49cb189 Bump rand to 0.9.4 (#2019)
• bfdb649 unpinned-tools: fix trivy action being detected (#2018)
• 9300d3b ww/release (#2016)
• 331917a chore: drop serde_yaml rename (#2015)
• 506f085 github-app: test repositories, not repository (#2011)
• 53dea37 unpinned-tools, docs: fix typos (#2008)
• 8068e11 fix: replace --fix=unsafe with --fix=unsafe-only in suggestion (#2010)
• Additional commits viewable in compare view

Updates fastapi[standard] to 0.136.1

Release notes

Sourced from fastapi[standard]'s releases.

0.136.1

Upgrades

• ⬆️ Update Pydantic v2 code to address deprecations. PR #15101 by @​svlandeg.

Internal

• 🔨 Tweak translation script. PR #15174 by @​YuriiMotov.
• ⬆ Bump mkdocs-material from 9.7.1 to 9.7.6. PR #15408 by @​dependabot[bot].
• ⬆ Bump inline-snapshot from 0.31.1 to 0.32.6. PR #15409 by @​dependabot[bot].
• ⬆ Bump pytest-codspeed from 4.3.0 to 4.4.0. PR #15407 by @​dependabot[bot].
• ⬆ Bump pytest-cov from 7.0.0 to 7.1.0. PR #15406 by @​dependabot[bot].
• ⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR #15405 by @​dependabot[bot].
• ⬆ Bump mypy from 1.19.1 to 1.20.1. PR #15410 by @​dependabot[bot].
• ⬆ Bump python-dotenv from 1.2.1 to 1.2.2. PR #15400 by @​dependabot[bot].
• ⬆ Bump starlette from 0.52.1 to 1.0.0. PR #15397 by @​dependabot[bot].
• ⬆ Bump pygithub from 2.8.1 to 2.9.1. PR #15396 by @​dependabot[bot].
• ⬆ Bump pyjwt from 2.12.0 to 2.12.1. PR #15393 by @​dependabot[bot].
• ⬆ Bump zizmor from 1.23.1 to 1.24.1. PR #15394 by @​dependabot[bot].
• ⬆ Bump strawberry-graphql from 0.312.3 to 0.314.3. PR #15395 by @​dependabot[bot].
• ⬆ Bump python-multipart from 0.0.22 to 0.0.26. PR #15360 by @​dependabot[bot].
• ⬆ Bump authlib from 1.6.9 to 1.6.11. PR #15373 by @​dependabot[bot].
• ⬆ Bump aiohttp from 3.13.3 to 3.13.4. PR #15282 by @​dependabot[bot].
• ⬆ Bump pygments from 2.19.2 to 2.20.0. PR #15263 by @​dependabot[bot].
• ⬆ Bump pymdown-extensions from 10.20.1 to 10.21.2. PR #15391 by @​YuriiMotov.
• ⬆ Bump pillow from 12.1.1 to 12.2.0. PR #15333 by @​dependabot[bot].
• ⬆ Bump pytest from 9.0.2 to 9.0.3. PR #15334 by @​dependabot[bot].
• ⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR #15374 by @​dependabot[bot].
• ⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR #15385 by @​dependabot[bot].
• 🔧 Update sponsors: remove Zuplo. PR #15369 by @​tiangolo.
• 🔧 Update sponsors: remove Speakeasy. PR #15368 by @​tiangolo.
• 🔒️ Add zizmor and fix audit findings. PR #15316 by @​YuriiMotov.

Commits

• e54e5a8 🔖 Release version 0.136.1
• 9a8a5fd 📝 Update release notes
• 7815a32 ⬆️ Update Pydantic v2 code to address deprecations (#15101)
• ef1c927 📝 Update release notes
• 38039e1 🔨 Tweak translation script (#15174)
• 4fa826c 📝 Update release notes
• c394156 ⬆ Bump mkdocs-material from 9.7.1 to 9.7.6 (#15408)
• ae230ad 📝 Update release notes
• d9eb39d ⬆ Bump inline-snapshot from 0.31.1 to 0.32.6 (#15409)
• 4f8b5d1 📝 Update release notes
• Additional commits viewable in compare view

Updates python-multipart from 0.0.27 to 0.0.29

Release notes

Sourced from python-multipart's releases.

Version 0.0.29

What's Changed

• Handle malformed RFC 2231 continuations in parse_options_header by @​manunio in Kludex/python-multipart#270

Full Changelog: Kludex/python-multipart@0.0.28...0.0.29

Version 0.0.28

What's Changed

• Speed up partial-boundary tail scan via bytes.find by @​Kludex in Kludex/python-multipart#281
• Cap multipart boundary length at 256 bytes by @​Kludex in Kludex/python-multipart#282

Full Changelog: Kludex/python-multipart@0.0.27...0.0.28

Changelog

Sourced from python-multipart's changelog.

0.0.29 (2026-05-17)

• Handle malformed RFC 2231 continuations in parse_options_header #270.

0.0.28 (2026-05-10)

• Speed up partial-boundary tail scan via bytes.find #281.
• Cap multipart boundary length at 256 bytes #282.

Commits

• e3d6853 Version 0.0.29 (#288)
• a60dcdc Handle malformed RFC 2231 continuations in parse_options_header (#270)
• 75c33b2 Add 7-day cooldown for dependency resolution via uv exclude-newer (#286)
• a078b8e Bump urllib3 from 2.6.3 to 2.7.0 (#285)
• 7d8d28b Version 0.0.28 (#284)
• b0dd125 Cap multipart boundary length at 256 bytes (#282)
• d1b5739 Speed up partial-boundary tail scan via bytes.find (#281)
• 09cb8c3 Make the long_boundary benchmark dominated by the patched code path (#280)
• a6467c9 Revert "Switch CodSpeed benchmarks to walltime mode" (#279)
• 9a96900 Switch CodSpeed benchmarks to walltime mode (#278)
• Additional commits viewable in compare view

Updates tenacity from 8.5.0 to 9.1.4

Release notes

Sourced from tenacity's releases.

9.1.4

What's Changed

• Fix retry() annotations with async sleep= function by @​Zac-HD in jd/tenacity#555

Full Changelog: jd/tenacity@9.1.3...9.1.4

9.1.3

What's Changed

• Apply formatting to num seconds in before_sleep_log by @​aguinane in jd/tenacity#489
• Support Python 3.14 by @​sandrobonazzola in jd/tenacity#528
• Typing: Accept non-standard logger in helpers logging something by @​k4nar in jd/tenacity#540
• feat(wait): add wait_exception strategy by @​capitan-davide in jd/tenacity#541
• docs: fix syntax error in wait_chain docstring example by @​VedantMadane in jd/tenacity#548
• chore: drop Python 3.9 support (EOL) by @​Zac-HD in jd/tenacity#552
• Support async sleep for sync fn-to-retry by @​Zac-HD in jd/tenacity#551

New Contributors

• @​aguinane made their first contribution in jd/tenacity#489
• @​sandrobonazzola made their first contribution in jd/tenacity#528
• @​k4nar made their first contribution in jd/tenacity#540
• @​capitan-davide made their first contribution in jd/tenacity#541
• @​VedantMadane made their first contribution in jd/tenacity#548
• @​Zac-HD made their first contribution in jd/tenacity#552

Full Changelog: jd/tenacity@9.1.2...9.1.3

9.1.2

Full Changelog: jd/tenacity@9.1.1...9.1.2

9.1.1

What's Changed

• Test with Python 3.13 by @​edgarrmondragon in jd/tenacity#480
• ci: remove Python 3.8 support by @​jd in jd/tenacity#515
• fix: return "Self" from "BaseRetrying.copy" by @​ThirVondukr in jd/tenacity#518
• ci: upload on PyPI using trusted publishing by @​jd in jd/tenacity#520
• Add re.Pattern to allowed match types by @​robertschweizer in jd/tenacity#497

New Contributors

• @​Young-Lord made their first contribution in jd/tenacity#491
• @​edgarrmondragon made their first contribution in jd/tenacity#480
• @​ThirVondukr made their first contribution in jd/tenacity#518
• @​robertschweizer made their first contribution in jd/tenacity#497

Full Changelog: jd/tenacity@9.0.0...9.1.0

tenacity 9.0.0

What's Changed

• Respects min argument for wait_random_exponential by @​yxtay in jd/tenacity#425
• Bump major version to warn API breakage on statistics attribute

... (truncated)

Commits

• d4e868d Fix retry() annotations with async sleep= function (#555)
• 24415eb support async sleep for sync fn (#551)
• 3bf33b4 chore: drop Python 3.9 support (EOL) (#552)
• 7027da3 chore(deps): bump the github-actions group with 2 updates (#550)
• 21ae7d0 docs: fix syntax error in wait_chain docstring example (#548)
• ef12c9e chore(deps): bump actions/checkout in the github-actions group (#547)
• c35a4b3 chore(deps): bump the github-actions group with 2 updates (#545)
• e792bba ci: fix mypy (#546)
• 0f55245 ci: remove reno requirements (#542)
• 815c34f feat(wait): add wait_exception strategy (#541)
• Additional commits viewable in compare view

Updates pydantic from 2.12.5 to 2.13.4

Release notes

Sourced from pydantic's releases.

v2.13.4 2026-05-06

v2.13.4 (2026-05-06)

What's Changed

Packaging

• Bump libc from 0.2.155 to 0.2.185 by @​Viicos in #13109
• Adapt pydantic-core linker flags on macOS by @​washingtoneg and @​Viicos in #13147

Fixes

• Preserve RootModel core metadata by @​Viicos in #13129

Full Changelog: pydantic/pydantic@v2.13.3...v2.13.4

v2.13.3 2026-04-20

v2.13.3 (2026-04-20)

What's Changed

Fixes

• Handle AttributeError subclasses with from_attributes by @​Viicos in #13096

Full Changelog: pydantic/pydantic@v2.13.2...v2.13.3

v2.13.2 2026-04-17

v2.13.2 (2026-04-17)

What's Changed

Fixes

• Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

Full Changelog: pydantic/pydantic@v2.13.1...v2.13.2

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

• Fix ValidationInfo.data missing with model_validate_json() by @​davidhewitt in #13079

Full Changelog: pydantic/pydantic@v2.13.0...v2.13.1

v2.13.0 2026-04-13

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.13.4 (2026-05-06)

GitHub release

What's Changed

Packaging

• Bump libc from 0.2.155 to 0.2.185 by @​Viicos in #13109
• Adapt pydantic-core linker flags on macOS by @​washingtoneg and @​Viicos in #13147

Fixes

• Preserve RootModel core metadata by @​Viicos in #13129

v2.13.3 (2026-04-20)

GitHub release

What's Changed

Fixes

• Handle AttributeError subclasses with from_attributes by @​Viicos in #13096

v2.13.2 (2026-04-17)

GitHub release

What's Changed

Fixes

• Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

v2.13.1 (2026-04-15)

GitHub release

What's Changed

Fixes

• Fix ValidationInfo.data missing with model_validate_json() by @​davidhewitt in #13079

v2.13.0 (2026-04-13)

GitHub release

The highlights of the v2.13 release are available in the blog post.

... (truncated)

Commits

• cf67d4b Fix linting
• f0d8a21 Prepare release v2.13.4
• 5e3fe1d Check for pydantic tag pattern in CI
• 7f9edcc Document tagging conventions
• b46a0c9 Adapt pydantic-core linker flags on macOS
• 50629c8 Update to PyPy 7.3.22
• 8522ebb Preserve RootModel core metadata
• a37f3af Adapt MISSING sentinel test to work with unreleased typing_extensions ver...
• 909259a Remove Logfire example in documentation
• 2c4174c Bump libc from 0.2.155 to 0.2.185
• Additional commits viewable in compare view

Updates emails from 0.6 to 1.1.2

Release notes

Sourced from emails's releases.

v1.1.2

Full Changelog: lavr/python-emails@v1.1.1...v1.1.2

v1.1.1

Full Changelog: lavr/python-emails@v1.1.0...v1.1.1

v1.1.0

What's Changed

• feat: add async SMTP support and Message.send_async() by @​lavr in lavr/python-emails#211
• overhaul documentation structure and build by @​lavr in lavr/python-emails#212

Full Changelog: lavr/python-emails@v1.0.2...v1.1.0

v1.0.2

Added

• Documentation build check in CI (#208)
• ReadTheDocs configuration (.readthedocs.yaml)

Fixed

• Jinja2 is now an optional dependency — install with pip install emails[jinja2] (#207, #161)

v1.0.1

Full Changelog: lavr/python-emails@v1.0.0...v1.0.1

v1.0.0

Changelog

1.0

Breaking changes

• Require Python 3.10+ (dropped 3.9) (#188)
• HTML transformation dependencies (cssutils, lxml, chardet, requests, premailer) are now optional — install with pip install emails[html] (#190)
• Removed Python 2 compatibility helpers to_bytes, to_native, to_unicode from emails.utils (#197)
• Replaced vendored emails.packages.dkim with upstream dkimpy package — use import dkim directly (#196)

Added

• reply_to parameter for Message (#115)
• Content-based MIME type detection via puremagic when file extension is missing (#163)
• Data URI support in transformer — data: URIs are preserved as-is (#62)
• Type hints for public API (#191)
• mypy in CI (#194)
• Python 3.13 and 3.14 support (#184)
• Django CI jobs with Django 4.2, 5.2, 6.0 (#201)
• CC/BCC importing in MsgLoader (#182)
• RFC 6532 support — non-ASCII characters in email addresses (#138)

... (truncated)

Changelog

Sourced from emails's changelog.

Changelog

1.0.2

Added

• Documentation build check in CI (#208)
• ReadTheDocs configuration (.readthedocs.yaml)

Fixed

• Jinja2 is now an optional dependency — install with pip install emails[jinja2] (#207, #161)
• Message.as_bytes() now serializes messages with CRLF line endings for RFC 5321-compliant SMTP delivery (#213)

1.0

Breaking changes

• Require Python 3.10+ (dropped 3.9) (#188)
• HTML transformation dependencies (cssutils, lxml, chardet, requests, premailer) are now optional — install with pip install emails[html] (#190)
• Removed Python 2 compatibility helpers to_bytes, to_native, to_unicode from emails.utils (#197)
• Replaced vendored emails.packages.dkim with upstream dkimpy package — use import dkim directly (#196)

Added

• reply_to parameter for Message (#115)
• Content-based MIME type detection via puremagic when file extension is missing (#163)
• Data URI support in transformer — data: URIs are preserved as-is (#62)
• Type hints for public API (#191)
• mypy in CI (#194)
• Python 3.13 and 3.14 support (#184)
• Django CI jobs with Django 4.2, 5.2, 6.0 (#201)
• CC/BCC importing in MsgLoader (#182)
• RFC 6532 support — non-ASCII characters in email addresses (#138)
• In-memory SMTP backend (#136)
• SMTP integration tests using Mailpit (#186)

Fixed

• Double stream read in BaseFile.mime for file-like attachments (#199)
• as_bytes DKIM signing bug (#194)
• SMTP connection is now properly closed on any initialization failure (#180)
• SMTP connection is now properly closed on failed login (#173)
• Incorrect isinstance check in parse_name_and_email_list (#176)
• Message encoding to bytes in SMTP backend (#152)
• Unique filename generation for attachments
• Regex escape sequence warning (#148)
• Replaced deprecated cgi module with email.message
• Coverage reports now correctly exclude emails/testsuite/

... (truncated)

Commits

• 67ef38b Release v1.1.2
• 3a5a55c tests: generate DKIM RSA keys on the fly via cryptography
• e18d04b README badge fix
• 93784e7 ci/cd: rtd publish debug
• 3634f44 badge fix
• 42942e8 Release v1.1.1
• bd72398 set pypi licence
• a940210 README update
• 5549b5b rtd build fix
• 2fc1e4b rtd build fix
• Additional commits viewable in compare view

Updates alembic from 1.18.1 to 1.18.4

Release notes

Sourced from alembic's releases.

1.18.4

Released: February 10, 2026

bug

• [bug] [operations] Reverted the behavior of Operations.add_column() that would automatically render the "PRIMARY KEY" keyword inline when a Column with primary_key=True is added. The automatic behavior, added in version 1.18.2, is now opt-in via the new Operations.add_column.inline_primary_key parameter. This change restores the ability to render a PostgreSQL SERIAL column, which is required to be primary_key=True, while not impacting the ability to render a separate primary key constraint. This also provides consistency with the Operations.add_column.inline_references parameter and gives users explicit control over SQL generation.

  To render PRIMARY KEY inline, use the Operations.add_column.inline_primary_key parameter set to True:

  op.add_column( "my_table", Column("id", Integer, primary_key=True), inline_primary_key=True )References: #1232

1.18.3

Released: January 29, 2026

bug

• [bug] [autogenerate] Fixed regression in version 1.18.0 due to #1771 where autogenerate would raise NoReferencedTableError when a foreign key constraint referenced a table that was not part of the initial table load, including tables filtered out by the EnvironmentContext.configure.include_name callable or tables in remote schemas that were not included in the initial reflection run.

  The change in #1771 was a performance optimization that eliminated additional reflection queries for tables that were only referenced by foreign keys but not explicitly included in the main reflection run. However, this optimization inadvertently removed the creation of Table objects for these referenced tables, causing autogenerate to fail when processing foreign key constraints that pointed to them.

  The fix creates placeholder Table objects for foreign key targets

... (truncated)

Commits

• See full diff in compare view

Updates psycopg[binary] to 3.3.4

Changelog

Sourced from psycopg[binary]'s changelog.

.. currentmodule:: psycopg

.. index:: single: Release notes single: News

psycopg release notes

Future releases

Psycopg 3.3.5 (unreleased) ^^^^^^^^^^^^^^^^^^^^^^^^^^

• Discard prepared statements upon :sql:ALTER * or DISCARD * (:ticket:[#1307](https://github.com/psycopg/psycopg/issues/1307)).

Current release

Psycopg 3.3.4 ^^^^^^^^^^^^^

• Fix possible spurious connection timeout in systems with very long uptimes in C extension (:ticket:[#1280](https://github.com/psycopg/psycopg/issues/1280)).
• Fix client-side adaptation of enums whose name require quotes (:ticket:[#1298](https://github.com/psycopg/psycopg/issues/1298)).
• Consistently populate ~Cursor.statusmessage after ~Cursor.executemany() (:ticket:[#1302](https://github.com/psycopg/psycopg/issues/1302)).

Psycopg 3.3.3 ^^^^^^^^^^^^^

• Retain Error.pgconn when raising a single exception for multiple connection attempt errors (:ticket:[#1246](https://github.com/psycopg/psycopg/issues/1246)).
• Return a proper error when server sends ErrorResponse for a Sync after a Parse (:ticket:[#1260](https://github.com/psycopg/psycopg/issues/1260)).

Psycopg 3.3.2 ^^^^^^^^^^^^^

Fix race condition in adapters at startup (:ticket:[#1230](https://github.com/psycopg/psycopg/issues/1230)).

Psycopg 3.3.1 ^^^^^^^^^^^^^

... (truncated)

Commits

• 83f1103 chore: bump psycopg_pool package version to 3.3.1
• 1828770 chore: bump psycopg package version to 3.3.4
• 8be14bb Merge pull request #1301 from oliverhaas/fix/sync-pool-open-race
• aee0bf2 fix(pool): fix race in the construction of the sync ConnectionPool lock
• bc4d303 chore(deps): bump the actions group across 1 directory with 4 updates
• 785379f fix: retain statusmessage after executemany with returning=False
• 8882a73 perf: do less if X in Y: return Y[X] for cache-like patterns
• 2f78539 Merge pull request #1299 from dvarrazzo/fix-camel-enum
• 37ef1dc test: skip test on crdb depending on precise regtype behaviour
• 7f2f1d1 fix: fix client-side representation of enums requiring quotes
• Additional commits viewable in compare view

Updates sqlmodel from 0.0.31 to 0.0.38

Release notes

Sourced from sqlmodel's releases.

0.0.38

Fixes

• 🐛 Fix type annotation in SQLModel.__new__, avoid explicitly returning Any. PR #1846 by @​carljm.
• 🐛 Fix tuple_ return type annotation. PR #1639 by @​kakeruzoku.

Docs

• ✏️ Fix typos in contributing.md. PR #1842 by @​GopalGB.
• 🔥 Remove outdated Python 3.9 tutorial file. PR #1822 by @​svlandeg.
• 📝 Fix ambiguous phrasing regarding HeroPublicWithTeam model. PR #1678 by @​berkaykrc.
• 🔨 Handle external links target=_blank and CSS automatically in JS and CSS. PR #1799 by @​tiangolo.
• 📝 Document .in_() method. PR #619 by @​masylum.
• 📝 Fix small typos in the documentation. PR #1641 by @​svlandeg.

Internal

• 🔨 Add pre-commit hook to ensure latest release header has date. PR #1786 by @​YuriiMotov.
• ⬆ Bump pillow from 12.1.1 to 12.2.0. PR #1845 by @​dependabot[bot].
• ⬆ Bump fastapi from 0.135.2 to 0.135.3. PR #1844 by @​dependabot[bot].
• ⬆ Bump prek from 0.3.6 to 0.3.8. PR #1829 by @​dependabot[bot].
• ⬆ Bump pygithub from 2.8.1 to 2.9.0. PR #1827 by @​dependabot[bot].
• ⬆ Bump fastapi from 0.135.1 to 0.135.2. PR #1828 by @​dependabot[bot].
• ➕ Add a direct dependency on typing-extensions. PR #1815 by @​musicinmybrain.
• ⬆ Bump mkdocs-material from 9.7.5 to 9.7.6. PR #1825 by @​dependabot[bot].
• ⬆ Bump ruff from 0.15.6 to 0.15.7. PR #1826 by @​dependabot[bot].
• ⬆ Bump prek from 0.3.5 to 0.3.6. PR #1817 by @​dependabot[bot].
• 📌 Update internal dependency limits. PR #1809 by @​svlandeg.
• ⬆ Bump ruff from 0.15.5 to 0.15.6. PR #1814 by @​dependabot[bot].
• ⬆ Bump cairosvg from 2.8.2 to 2.9.0. PR #1813 by @​dependabot[bot].
• ⬆ Bump dorny/paths-filter from 3 to 4. PR #1812 by @​dependabot[bot].
• ⬆ Bump black from 26.3.0 to 26.3.1. PR #1811 by @​dependabot[bot].
• ⬆ Bump mkdocs-material from 9.7.4 to 9.7.5. PR #1808 by @​dependabot[bot].
• ⬆ Bump prek from 0.3.4 to 0.3.5. PR #1807 by @​dependabot[bot].
• ⬆ Bump black from 26.1.0 to 26.3.0. PR #1803 by @​dependabot[bot].
• ⬆ Bump ruff from 0.15.4 to 0.15.5. PR #1801 by @​dependabot[bot].
• ⬆ Bump mkdocs-material from 9.7.3 to 9.7.4. PR #1797 by @​dependabot[bot].
• ⬆ Bump sqlalchemy from 2.0.47 to 2.0.48. PR #1793 by @​dependabot[bot].
• ⬆ Bump prek from 0.3.3 to ...

  Description has been truncated