deps(python): bump uvicorn from 0.34.2 to 0.40.0 in /backend

[dependabot]

Bumps uvicorn from 0.34.2 to 0.40.0.

Release notes

Sourced from uvicorn's releases.

Version 0.40.0

What's Changed

• Drop Python 3.9 by @​Kludex in Kludex/uvicorn#2772

Full Changelog: Kludex/uvicorn@0.39.0...0.40.0

Version 0.39.0

What's Changed

• explicitly start ASGI run with empty context by @​pmeier in Kludex/uvicorn#2742
• fix(websockets): Send close frame on ASGI return by @​Kludex in Kludex/uvicorn#2769

New Contributors

• @​pmeier made their first contribution in Kludex/uvicorn#2742

Full Changelog: Kludex/uvicorn@0.38.0...0.39.0

Version 0.38.0

What's Changed

• Support Python 3.14 by @​Kludex in Kludex/uvicorn#2723

---

New Contributors

• @​NGANAMODEIJunior made their first contribution in Kludex/uvicorn#2713

Full Changelog: Kludex/uvicorn@0.37.0...0.38.0

Version 0.37.0

What's Changed

• Add --timeout-worker-healthcheck setting by @​Kludex in Kludex/uvicorn#2711
• Add os.PathLike[str] type to ssl_ca_certs by @​rnv812 in Kludex/uvicorn#2676

New Contributors

• @​LincolnPuzey made their first contribution in Kludex/uvicorn#2669
• @​rnv812 made their first contribution in Kludex/uvicorn#2676

Full Changelog: Kludex/uvicorn@0.36.1...0.37.0

Version 0.36.1

What's Changed

• Raise an exception when calling removed Config.setup_event_loop() by @​Kludex in Kludex/uvicorn#2709

Full Changelog: Kludex/uvicorn@0.36.0...0.36.1

Version 0.36.0

Added

• Support custom IOLOOPs by @​gnir-work in Kludex/uvicorn#2435

... (truncated)

Changelog

Sourced from uvicorn's changelog.

0.40.0 (December 21, 2025)

Remove

• Drop support for Python 3.9 (#2772)

0.39.0 (December 21, 2025)

Fixed

• Send close frame on ASGI return for WebSockets (#2769)
• Explicitly start ASGI run with empty context (#2742)

0.38.0 (October 18, 2025)

Added

• Support Python 3.14 (#2723)

0.37.0 (September 23, 2025)

Added

• Add --timeout-worker-healthcheck option (#2711)
• Add os.PathLike[str] type to ssl_ca_certs (#2676)

0.36.1 (September 23, 2025)

Fixed

• Raise an exception when calling removed Config.setup_event_loop() (#2709)

0.36.0 (September 20, 2025)

Added

• Support custom IOLOOPs (#2435)
• Allow to provide importable string in --http, --ws and --loop (#2658)

0.35.0 (June 28, 2025)

Added

• Add WebSocketsSansIOProtocol (#2540)

Changed

• Refine help message for option --proxy-headers (#2653)

0.34.3 (June 1, 2025)

... (truncated)

Commits

• 9ff6004 Version 0.40.0 (#2773)
• 19df042 Drop Python 3.9 (#2772)
• 865ce7c Run strict mypy on test suite (#2771)
• 4f40b84 Version 0.39.0 (#2770)
• 5692dfc fix(websockets): Send close frame on ASGI return (#2769)
• 4194764 chore(deps): bump the github-actions group with 2 updates (#2763)
• d94bf28 explicitly start ASGI run with empty context (#2742)
• 8ae0bcb chore(deps): bump the github-actions group with 2 updates (#2748)
• 4744ff9 Add groups configuration for GitHub Actions (#2747)
• 0391372 chore(deps): bump astral-sh/setup-uv from 6.8.0 to 7.1.2 (#2746)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Summary by cubic

Upgrade uvicorn from 0.34.2 to 0.40.0 in the backend to pick up bug fixes and Python 3.14 support. This drops Python 3.9 and improves WebSocket close handling.

• Migration
  • Ensure backend runtime is Python 3.10+ (update CI, Docker base image, and local dev).

^{Written for commit f1dc2d8. Summary will update on new commits.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[cubic-dev-ai]

No issues found across 2 files

[dependabot]

Dependabot attempted to update this pull request, but because the branch dependabot/uv/backend/uvicorn-0.40.0 is protected it was unable to do so.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.