Bump the python-packages group with 4 updates

[dependabot]

Bumps the python-packages group with 4 updates: fastapi, alembic, apscheduler and types-jwcrypto.

Updates fastapi from 0.120.0 to 0.120.4

Release notes

Sourced from fastapi's releases.

0.120.4

Fixes

• 🐛 Fix security schemes in OpenAPI when added at the top level app. PR #14266 by @​YuriiMotov.

0.120.3

Refactors

• ♻️ Reduce internal cyclic recursion in dependencies, from 2 functions calling each other to 1 calling itself. PR #14256 by @​tiangolo.
• ♻️ Refactor internals of dependencies, simplify code and remove get_param_sub_dependant. PR #14255 by @​tiangolo.
• ♻️ Refactor internals of dependencies, simplify using dataclasses. PR #14254 by @​tiangolo.

Docs

• 📝 Update note for untranslated pages. PR #14257 by @​YuriiMotov.

0.120.2

Fixes

• 🐛 Fix separation of schemas with nested models introduced in 0.119.0. PR #14246 by @​tiangolo.

Internal

• 🔧 Add sponsor: SerpApi. PR #14248 by @​tiangolo.
• ⬆ Bump actions/download-artifact from 5 to 6. PR #14236 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #14237 by @​pre-commit-ci[bot].
• ⬆ Bump actions/upload-artifact from 4 to 5. PR #14235 by @​dependabot[bot].

0.120.1

Upgrades

• ⬆️ Bump Starlette to <0.50.0. PR #14234 by @​YuriiMotov.

Internal

• 🔧 Add license and license-files to pyproject.toml, remove License from classifiers. PR #14230 by @​YuriiMotov.

Commits

• fad35ef 🔖 Release version 0.120.4
• 4d57c13 📝 Update release notes
• 496de18 🐛 Fix security schemes in OpenAPI when added at the top level app (#14266)
• 2cf04ee 🔖 Release version 0.120.3
• ec00f5a 📝 Update release notes
• 8b46d88 📝 Update note for untranslated pages (#14257)
• 17fcbbe 📝 Update release notes
• dcfb8b9 ♻️ Reduce internal cyclic recursion in dependencies, from 2 functions calling...
• 1fc586c 📝 Update release notes
• bb88a0f ♻️ Refactor internals of dependencies, simplify code and remove `get_param_su...
• Additional commits viewable in compare view

Updates alembic from 1.17.0 to 1.17.1

Release notes

Sourced from alembic's releases.

1.17.1

Released: October 28, 2025

usecase

• [usecase] [commands] Added command.current.check_heads parameter to command.current() command, available from the command line via the --check-heads option to alembic current. This tests if all head revisions are applied to the database and raises DatabaseNotAtHead (or from the command line, exits with a non-zero exit code) if this is not the case. The parameter operates equvialently to the cookbook recipe cookbook_check_heads. Pull request courtesy Stefan Scherfke.

  References: #1705

bug

• [bug] [commands] Disallow ':' character in custom revision identifiers. Previously, using a colon in a revision ID (e.g., 'REV:1') would create the revision, however revisions with colons in them are not correctly interpreted by other commands, as it overlaps with the revision range syntax. Pull request courtesy Kim Wooseok with original implementation by Hrushikesh Patil.

  References: #1540

Commits

• See full diff in compare view

Updates apscheduler from 3.11.0 to 3.11.1

Release notes

Sourced from apscheduler's releases.

3.11.1

• Fixed scheduler.shutdown() not raising SchedulerNotRunning (or raising the wrong exception) for asynchronous schedulers when the scheduler is in fact not running
• Fixed CronTrigger sticking on a folded datetime during the fall-back DST transition (#1021 <agronholm/apscheduler#1021>_; PR by @​berianjames)`

Changelog

Sourced from apscheduler's changelog.

Version history

To find out how to migrate your application from a previous version of APScheduler, see the :doc:migration section <migration>.

3.11.1

• Fixed scheduler.shutdown() not raising SchedulerNotRunning (or raising the wrong exception) for asynchronous schedulers when the scheduler is in fact not running
• Fixed CronTrigger sticking on a folded datetime during the fall-back DST transition (#1021 agronholm/apscheduler#1021_; PR by @​berianjames)`

3.11.0

• Dropped support for Python 3.6 and 3.7
• Added support for ZoneInfo time zones and deprecated support for pytz time zones
• Added CalendarIntervalTrigger, backported from the 4.x series
• Added the ability to export and import jobs via scheduler.export_jobs() and scheduler.import_jobs(), respectively
• Removed the dependency on six
• Changed ProcessPoolExecutor to spawn new subprocesses from scratch instead of forking on all platform
• Fixed AsyncIOScheduler inadvertently creating a defunct event loop at start, leading to the scheduler not working at all
• Fixed ProcessPoolExecutor not respecting the passed keyword arguments when a broken pool was being replaced

3.10.4

• Fixed incorrect module name being generated for references to class methods via a subclass where the subclass does not override the method

3.10.3

• Fixed TypeError related to entry point iteration on Python 3.9 (PR by CrypticDriver)

3.10.2

• Ensured consistent support for both PySide and PyQt (v6 to v2) on QtScheduler
• Replaced uses of the deprecated pkg_resources module with importlib.metadata (PR by Ran Benita)
• Fixed scheduling class methods like B.methodname where the B class inherits from class A and methodname is a class method of class A
• Fixed scheduler sleeping for too long (and thus jobs missing their scheduled run times) if its wakeup cycle takes too much time (fix by kbasten)

3.10.1

... (truncated)

Commits

• f4df139 Added the release version
• 25be7b7 Fixed CronTrigger getting stuck on fallback DST transition (#1079)
• 1261386 Updated etcd image repository name
• b1f5636 Fixed shutdown() not raising the correct exception for some schedulers
• See full diff in compare view

Updates types-jwcrypto from 1.5.0.20250516 to 1.5.0.20251102

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.