Update all dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
actions/upload-artifact	action	minor	v4.5.0 -> v4.6.0
cgr.dev/chainguard/python	final	digest	be8b29d -> 807a800
cgr.dev/chainguard/python	stage	digest	30d982e -> 03e4584
fastapi (changelog)	dependencies	patch	0.115.6 -> 0.115.7
github/codeql-action	action	patch	v3.28.0 -> v3.28.5
oxsecurity/megalinter	action	minor	v8.3.0 -> v8.4.0
sqlalchemy (changelog)	dependencies	patch	2.0.36 -> 2.0.37
stefanzweifel/git-auto-commit-action	action	minor	v5.0.1 -> v5.1.0
step-security/harden-runner	action	patch	v2.10.2 -> v2.10.4

---

Release Notes

actions/upload-artifact (actions/upload-artifact)

v4.6.0

Compare Source

What's Changed

• Expose env vars to control concurrency and timeout by @​yacaovsnc in https://github.com/actions/upload-artifact/pull/662

Full Changelog: actions/upload-artifact@v4...v4.6.0

fastapi/fastapi (fastapi)

v0.115.7

Compare Source

Upgrades

• ⬆️ Upgrade python-multipart to >=0.0.18. PR #​13219 by @​DanielKusyDev.
• ⬆️ Bump Starlette to allow up to 0.45.0: >=0.40.0,<0.46.0. PR #​13117 by @​Kludex.
• ⬆️ Upgrade jinja2 to >=3.1.5. PR #​13194 by @​DanielKusyDev.

Refactors

• ✅ Simplify tests for websockets. PR #​13202 by @​alejsdev.
• ✅ Simplify tests for request_form_models . PR #​13183 by @​alejsdev.
• ✅ Simplify tests for separate_openapi_schemas. PR #​13201 by @​alejsdev.
• ✅ Simplify tests for security. PR #​13200 by @​alejsdev.
• ✅ Simplify tests for schema_extra_example. PR #​13197 by @​alejsdev.
• ✅ Simplify tests for request_model. PR #​13195 by @​alejsdev.
• ✅ Simplify tests for request_forms_and_files. PR #​13185 by @​alejsdev.
• ✅ Simplify tests for request_forms. PR #​13184 by @​alejsdev.
• ✅ Simplify tests for path_query_params. PR #​13181 by @​alejsdev.
• ✅ Simplify tests for path_operation_configurations. PR #​13180 by @​alejsdev.
• ✅ Simplify tests for header_params. PR #​13179 by @​alejsdev.
• ✅ Simplify tests for extra_models. PR #​13178 by @​alejsdev.
• ✅ Simplify tests for extra_data_types. PR #​13177 by @​alejsdev.
• ✅ Simplify tests for cookie_params. PR #​13176 by @​alejsdev.
• ✅ Simplify tests for dependencies. PR #​13174 by @​alejsdev.
• ✅ Simplify tests for body_updates. PR #​13172 by @​alejsdev.
• ✅ Simplify tests for body_nested_models. PR #​13171 by @​alejsdev.
• ✅ Simplify tests for body_multiple_params. PR #​13170 by @​alejsdev.
• ✅ Simplify tests for body_fields. PR #​13169 by @​alejsdev.
• ✅ Simplify tests for body. PR #​13168 by @​alejsdev.
• ✅ Simplify tests for bigger_applications. PR #​13167 by @​alejsdev.
• ✅ Simplify tests for background_tasks. PR #​13166 by @​alejsdev.
• ✅ Simplify tests for additional_status_codes. PR #​13149 by @​tiangolo.

Docs

• ✏️ Update Strawberry integration docs. PR #​13155 by @​kinuax.
• 🔥 Remove unused Peewee tutorial files. PR #​13158 by @​alejsdev.
• 📝 Update image in body-nested-model docs. PR #​11063 by @​untilhamza.
• 📝 Update fastapi-cli UI examples in docs. PR #​13107 by @​Zhongheng-Cheng.
• 👷 Add new GitHub Action to update contributors, translators, and translation reviewers. PR #​13136 by @​tiangolo.
• ✏️ Fix typo in docs/en/docs/virtual-environments.md. PR #​13124 by @​tiangolo.
• ✏️ Fix error in docs/en/docs/contributing.md. PR #​12899 by @​kingsubin.
• 📝 Minor corrections in docs/en/docs/tutorial/sql-databases.md. PR #​13081 by @​alv2017.
• 📝 Update includes in docs/ru/docs/tutorial/query-param-models.md. PR #​12994 by @​alejsdev.
• ✏️ Fix typo in README installation instructions. PR #​13011 by @​dave-hay.
• 📝 Update docs for fastapi-cli. PR #​13031 by @​tiangolo.

Translations

• 🌐 Update Portuguese Translation for docs/pt/docs/tutorial/request-forms.md. PR #​13216 by @​Joao-Pedro-P-Holanda.
• 🌐 Update Portuguese translation for docs/pt/docs/advanced/settings.md. PR #​13209 by @​ceb10n.
• 🌐 Add Portuguese translation for docs/pt/docs/tutorial/security/oauth2-jwt.md. PR #​13205 by @​ceb10n.
• 🌐 Add Indonesian translation for docs/id/docs/index.md. PR #​13191 by @​gerry-sabar.
• 🌐 Add Indonesian translation for docs/id/docs/tutorial/static-files.md. PR #​13092 by @​guspan-tanadi.
• 🌐 Add Portuguese translation for docs/pt/docs/tutorial/security/get-current-user.md. PR #​13188 by @​ceb10n.
• 🌐 Remove Wrong Portuguese translations location for docs/pt/docs/advanced/benchmarks.md. PR #​13187 by @​ceb10n.
• 🌐 Update Portuguese translations. PR #​13156 by @​nillvitor.
• 🌐 Update Russian translation for docs/ru/docs/tutorial/security/first-steps.md. PR #​13159 by @​Yarous.
• ✏️ Delete unnecessary backspace in docs/ja/docs/tutorial/path-params-numeric-validations.md. PR #​12238 by @​FakeDocument.
• 🌐 Update Chinese translation for docs/zh/docs/fastapi-cli.md. PR #​13102 by @​Zhongheng-Cheng.
• 🌐 Add new Spanish translations for all docs with new LLM-assisted system using PydanticAI. PR #​13122 by @​tiangolo.
• 🌐 Update existing Spanish translations using the new LLM-assisted system using PydanticAI. PR #​13118 by @​tiangolo.
• 🌐 Update Chinese translation for docs/zh/docs/advanced/security/oauth2-scopes.md. PR #​13110 by @​ChenPu2002.
• 🌐 Add Indonesian translation for docs/id/docs/tutorial/path-params.md. PR #​13086 by @​gerry-sabar.
• 🌐 Add Korean translation for docs/ko/docs/tutorial/sql-databases.md. PR #​13093 by @​GeumBinLee.
• 🌐 Update Chinese translation for docs/zh/docs/async.md. PR #​13095 by @​Zhongheng-Cheng.
• 🌐 Add Chinese translation for docs/zh/docs/advanced/openapi-webhooks.md. PR #​13091 by @​Zhongheng-Cheng.
• 🌐 Add Chinese translation for docs/zh/docs/advanced/async-tests.md. PR #​13074 by @​Zhongheng-Cheng.
• 🌐 Add Ukrainian translation for docs/uk/docs/fastapi-cli.md. PR #​13020 by @​ykertytsky.
• 🌐 Add Chinese translation for docs/zh/docs/advanced/events.md. PR #​12512 by @​ZhibangYue.
• 🌐 Add Russian translation for /docs/ru/docs/tutorial/sql-databases.md. PR #​13079 by @​alv2017.
• 🌐 Update Chinese translation for docs/zh/docs/advanced/testing-dependencies.md. PR #​13066 by @​Zhongheng-Cheng.
• 🌐 Update Traditional Chinese translation for docs/zh-hant/docs/tutorial/index.md. PR #​13075 by @​codingjenny.
• 🌐 Add Chinese translation for docs/zh/docs/tutorial/sql-databases.md. PR #​13051 by @​Zhongheng-Cheng.
• 🌐 Update Chinese translation for docs/zh/docs/tutorial/query-params-str-validations.md. PR #​12928 by @​Vincy1230.
• 🌐 Add Chinese translation for docs/zh/docs/tutorial/header-param-models.md. PR #​13040 by @​Zhongheng-Cheng.
• 🌐 Update Chinese translation for docs/zh/docs/tutorial/path-params.md. PR #​12926 by @​Vincy1230.
• 🌐 Update Chinese translation for docs/zh/docs/tutorial/first-steps.md. PR #​12923 by @​Vincy1230.
• 🌐 Update Russian translation for docs/ru/docs/deployment/docker.md. PR #​13048 by @​anklav24.
• 🌐 Add Portuguese translation for docs/pt/docs/advanced/generate-clients.md. PR #​13030 by @​vitumenezes.
• 🌐 Add Indonesian translation for docs/id/docs/tutorial/first-steps.md. PR #​13042 by @​gerry-sabar.
• 🌐 Add Chinese translation for docs/zh/docs/tutorial/cookie-param-models.md. PR #​13038 by @​Zhongheng-Cheng.
• 🌐 Add Chinese translation for docs/zh/docs/tutorial/request-form-models.md. PR #​13045 by @​Zhongheng-Cheng.
• 🌐 Add Russian translation for docs/ru/docs/virtual-environments.md. PR #​13026 by @​alv2017.
• 🌐 Add Korean translation for docs/ko/docs/tutorial/testing.md. PR #​12968 by @​jts8257.
• 🌐 Add Korean translation for docs/ko/docs/advanced/async-test.md. PR #​12918 by @​icehongssii.
• 🌐 Add Russian translation for docs/ru/docs/tutorial/security/oauth2-jwt.md. PR #​10601 by @​AlertRED.
• 🌐 Add Russian translation for docs/ru/docs/tutorial/security/simple-oauth2.md. PR #​10599 by @​AlertRED.
• 🌐 Add Russian translation for docs/ru/docs/tutorial/security/get-current-user.md. PR #​10594 by @​AlertRED.
• 🌐 Add Traditional Chinese translation for docs/zh-hant/docs/features.md. PR #​12441 by @​codingjenny.
• 🌐 Add Traditional Chinese translation for docs/zh-hant/docs/virtual-environments.md. PR #​12791 by @​Vincy1230.
• 🌐 Add Korean translation for docs/ko/docs/advanced/templates.md. PR #​12726 by @​Heumhub.
• 🌐 Add Russian translation for docs/ru/docs/fastapi-cli.md. PR #​13041 by @​alv2017.
• 🌐 Add Korean translation for docs/ko/docs/tutorial/cookie-param-models.md. PR #​13000 by @​hard-coders.
• 🌐 Add Korean translation for docs/ko/docs/tutorial/header-param-models.md. PR #​13001 by @​hard-coders.
• 🌐 Add Korean translation for docs/ko/docs/tutorial/request-form-models.md. PR #​13002 by @​hard-coders.
• 🌐 Add Korean translation for docs/ko/docs/tutorial/request-forms.md. PR #​13003 by @​hard-coders.
• 🌐 Add Korean translation for docs/ko/docs/resources/index.md. PR #​13004 by @​hard-coders.
• 🌐 Add Korean translation for docs/ko/docs/how-to/configure-swagger-ui.md. PR #​12898 by @​nahyunkeem.
• 🌐 Add Korean translation to docs/ko/docs/advanced/additional-status-codes.md. PR #​12715 by @​nahyunkeem.
• 🌐 Add Traditional Chinese translation for docs/zh-hant/docs/tutorial/first-steps.md. PR #​12467 by @​codingjenny.

Internal

• 🔧 Add Pydantic 2 trove classifier. PR #​13199 by @​johnthagen.
• 👥 Update FastAPI People - Sponsors. PR #​13231 by @​tiangolo.
• 👷 Refactor FastAPI People Sponsors to use 2 tokens. PR #​13228 by @​tiangolo.
• 👷 Update token for FastAPI People - Sponsors. PR #​13225 by @​tiangolo.
• 👷 Add independent CI automation for FastAPI People - Sponsors. PR #​13221 by @​tiangolo.
• 👷 Add retries to Smokeshow. PR #​13151 by @​tiangolo.
• 🔧 Update Speakeasy sponsor graphic. PR #​13147 by @​chailandau.
• 👥 Update FastAPI GitHub topic repositories. PR #​13146 by @​tiangolo.
• 👷‍♀️ Add script for GitHub Topic Repositories and update External Links. PR #​13135 by @​alejsdev.
• 👥 Update FastAPI People - Contributors and Translators. PR #​13145 by @​tiangolo.
• ⬆ Bump markdown-include-variants from 0.0.3 to 0.0.4. PR #​13129 by @​dependabot[bot].
• ⬆ Bump inline-snapshot from 0.14.0 to 0.18.1. PR #​13132 by @​dependabot[bot].
• ⬆ Bump mkdocs-macros-plugin from 1.0.5 to 1.3.7. PR #​13133 by @​dependabot[bot].
• 🔨 Add internal scripts to generate language translations with PydanticAI, include Spanish prompt. PR #​13123 by @​tiangolo.
• ⬆ Bump astral-sh/setup-uv from 4 to 5. PR #​13096 by @​dependabot[bot].
• 🔧 Update sponsors: rename CryptAPI to BlockBee. PR #​13078 by @​tiangolo.
• ⬆ Bump pypa/gh-action-pypi-publish from 1.12.2 to 1.12.3. PR #​13055 by @​dependabot[bot].
• ⬆ Bump types-ujson from 5.7.0.1 to 5.10.0.20240515. PR #​13018 by @​dependabot[bot].
• ⬆ Bump black from 24.3.0 to 24.10.0. PR #​13014 by @​dependabot[bot].
• ⬆ Bump inline-snapshot from 0.13.0 to 0.14.0. PR #​13017 by @​dependabot[bot].
• ⬆ Bump dirty-equals from 0.6.0 to 0.8.0. PR #​13015 by @​dependabot[bot].
• ⬆ Bump cloudflare/wrangler-action from 3.12 to 3.13. PR #​12996 by @​dependabot[bot].
• ⬆ Bump astral-sh/setup-uv from 3 to 4. PR #​12982 by @​dependabot[bot].
• 🔧 Remove duplicate actions/checkout in notify-translations.yml. PR #​12915 by @​tinyboxvk.
• 🔧 Update team members. PR #​13033 by @​tiangolo.
• 📝 Update sponsors: remove Codacy. PR #​13032 by @​tiangolo.

github/codeql-action (github/codeql-action)

v3.28.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.5 - 24 Jan 2025

• Update default CodeQL bundle version to 2.20.3. #​2717

See the full CHANGELOG.md for more information.

v3.28.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.4 - 23 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.3 - 22 Jan 2025

• Update default CodeQL bundle version to 2.20.2. #​2707
• Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the CodeQL Action sync tool and the Actions runner did not have Zstandard installed. #​2710
• Uploading debug artifacts for CodeQL analysis is temporarily disabled. #​2712

See the full CHANGELOG.md for more information.

v3.28.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.2 - 21 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.1 - 10 Jan 2025

• CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #​2677
• Update default CodeQL bundle version to 2.20.1. #​2678

See the full CHANGELOG.md for more information.

oxsecurity/megalinter (oxsecurity/megalinter)

v8.4.0

Compare Source

• Core

  • PHP Linters use now the bartlett/sarif-php-converters first official release 1.0.0 to generate SARIF reports, by @​llaville in #​4357
  • Upgrade PHP engine from 8.3 to 8.4 and allow Psalm 5.26 to run on this context (by @​llaville)
  • Linters can specify in the pre/post commands with a run_before_linters / run_after_linters parameter whether the command is to be executed before/after the execution of the linters themselves (by @​bdovaz in #​4482)
  • Bump python version to 3.12.8, by @​echoix in #​4372
  • Update to .NET 9, by @​bdovaz in #​4488
  • Upgrade PHP engine from 8.3 to 8.4, by @​llaville in #​4524

• New linters

  • Reactivate clj-style (Clojure formatter) since its bug is fixed, by @​nvuillam in #​4369
  • New python formatter: PYTHON_RUFF_FORMAT, by @​nvuillam in #​4329

• Disabled linters

  • Snakemake has been disabled, because its dependency datrie not maintained, and issue open in snakemake repo since july is still pending

• Linters enhancements

  • Add support to phpstan/extension-installer Composer plugin for automatic installation of PHPStan extensions, by @​llaville in #​4337
    • Learn more about context on GH-4328
  • Allow Terrascan to lint in file lint mode, by @​bdovaz in #​4498
  • Add sarif output to golangci-lint, by @​bdovaz in #​4557

• Plugins

  • Add prettier for markdown, by Qin Li

• Fixes

  • swiftlint Fix swiftlint error where linter is unable to find lintable files. Fixes #​440, by @​Noraldeno in #​4427
  • jscpd url fixes, by @​alexanderbazhenoff in #​4352
  • Don't call get_pr_data if GitLeaks linter is not active, by @​bdovaz in #​4469
  • Fix linter disabled reason usage, by @​bdovaz in #​4466

• Doc

  • Add contributing docs on venv, by @​bdovaz in #​4479
  • Add disabled linter badge, by @​bdovaz in #​4477
  • Add AzureCommentReporter instructions, by @​bdovaz in #​4480

• CI

  • Fix up gitpod config and workflow to support uv 0.5.0+ by @​echoix in #​4373
  • Use uv.lock file to build docker images, by @​echoix in #​4374
  • Update Renovate schedules for uv and sfdx-hardis, by @​echoix in #​4568
  • Variabilize version and use renovate for updates for the following linters:
    • all GO linters
    • all REPOSITORY linters
    • arm-ttk
    • bash-shfmt
    • bicep
    • clj-kondo
    • cljstyle
    • csharpier
    • dart
    • ktlint
    • kubescape
    • lychee
    • luacheck
    • markdown-link-check
    • perlcritic
    • raku
    • tsqllint

• Linter versions upgrades (66)

  • actionlint from 1.7.6 to 1.7.7
  • ansible-lint from 24.12.2 to 25.1.0
  • banditto 1.8.2
  • bash-exec from 5.2.26 to 5.2.37
  • bicep_linter from to 0.33.13
  • cfn-lint 1.22.7
  • checkov from to 3.2.357
  • checkstyle from 10.20.1 to 10.21.1
  • clang-format from 17.0.6 to 19.1.4
  • clippy 0.1.84
  • clj-kondo from 2024.11.14 to 2025.01.16
  • cljstyle from 0.15.0 to 0.17.642
  • csharpier from 0.30.2 to 0.30.6
  • cspell from 8.16.0 to 8.17.2
  • devskim from 1.0.44 to 1.0.51
  • djlint from 1.36.1 to 1.36.4
  • dotnet-format from 8.0.111 to 9.0.102
  • editorconfig-checker from 3.0.3 to 3.1.2
  • git_diff from 2.45.2 to 2.47.2
  • gitleaks from 8.21.2 to 8.23.2
  • golangci-lint from 1.62.0 to 1.63.4
  • grype from 0.79.5 to 0.87.0
  • helm from 3.14.3 to 3.16.3
  • ktlint from 1.4.1 to 1.5.0
  • lightning-flow-scanner from 2.36.0 to 2.39.0
  • lychee from 0.17.0 to 0.18.0
  • markdownlint from 0.43.0 to 0.44.0
  • mypy from 1.13.0 to 1.14.0
  • mypy from 1.14.0 to 1.14.1
  • php-cs-fixer from 3.64.0 to 7.4.0
  • phpcs from 3.11.1 to 3.11.3
  • phplint from 9.5.4 to 9.5.6
  • phpstan from 2.0.2 to 2.1.2
  • pmd from 7.7.0 to 7.9.0
  • powershell from 7.4.2 to 7.4.6
  • powershell_formatter from 7.4.2 to 7.4.6
  • prettier from 3.3.3 to 3.4.2
  • protolint from 0.50.5 to 0.52.0
  • psalm from Psalm.5.26.1@​ to Psalm.6.0.0@​
  • pylint from 3.3.1 to 3.3.3
  • pyright from 1.1.389 to 1.1.392
  • raku from 2020.10 to 2024.10
  • revive from 1.5.1 to 1.6.0
  • rubocop from 1.68.0 to 1.71.0
  • ruff-format from 0.8.6 to 0.9.3
  • ruff from 0.8.0 to 0.9.3
  • scalafix from 0.13.0 to 0.14.0
  • selene from 0.27.1 to 0.28.0
  • sfdx-scanner-apex from 4.7.0 to 4.8.0
  • sfdx-scanner-aura from 4.7.0 to 4.8.0
  • sfdx-scanner-lwc from 4.7.0 to 4.8.0
  • snakemake from 8.25.3 to 8.27.1
  • sqlfluff from 3.2.5 to 3.3.0
  • stylelint from 16.10.0 to 16.14.0
  • swiftlint from 0.57.0 to 0.58.2
  • syft from 1.17.0 to 1.19.0
  • terraform-fmt from 1.10.0 to 1.10.3
  • terraform-fmt from 1.9.8 to 1.10.0
  • terragrunt from 0.68.14 to 0.69.13
  • tflint from 0.54.0 to 0.55.0
  • trivy-sbom from 0.57.1 to 0.58.2
  • trivy from 0.57.1 to 0.58.2
  • trufflehog from 3.84.1 to 3.88.2
  • v8r from 4.2.0 to 4.2.1
  • vale from 3.9.1 to 3.9.4
  • xmllint from 21207 to 21304

stefanzweifel/git-auto-commit-action (stefanzweifel/git-auto-commit-action)

v5.1.0

Compare Source

Changed

• Include github.actor_id in default commit_author (#​354) @​parkerbxyz

Fixed

• docs(README): fix broken protected branch docs link (#​346) @​scarf005
• Update README.md (#​343) @​Kludex

Dependency Updates

• Bump bats from 1.11.0 to 1.11.1 (#​353) @​dependabot
• Bump github/super-linter from 6 to 7 (#​342) @​dependabot
• Bump github/super-linter from 5 to 6 (#​335) @​dependabot

step-security/harden-runner (step-security/harden-runner)

v2.10.4

Compare Source

What's Changed

Fixed a potential Harden-Runner post step failure that could occur when printing agent service logs. The fix gracefully handles failures without failing the post step.

Full Changelog: step-security/harden-runner@v2...v2.10.4

v2.10.3

Compare Source

What's Changed

Fixed an issue where DNS requests using uppercase characters (e.g., EXAMPLE.com) were blocked even when the domain was present in the allowed list. This update standardizes domain names to lowercase for consistent comparison.

Full Changelog: step-security/harden-runner@v2...v2.10.3

---

Configuration

📅 Schedule: Branch creation - "every 1 hours every weekday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.