chore(deps): bump the python-deps group with 5 updates

[dependabot]

Updates the requirements on uvicorn[standard], sse-starlette, pydantic-settings, asyncssh and ruff to permit the latest version.
Updates uvicorn[standard] to 0.47.0

Release notes

Sourced from uvicorn[standard]'s releases.

Version 0.47.0

What's Changed

• Eagerly import the ASGI app in the parent process by @​Kludex in Kludex/uvicorn#2919
• Add ssl_context_factory for custom SSLContext configuration by @​Kludex in Kludex/uvicorn#2920
• Treat fd=0 as a valid file descriptor with reload/workers by @​eltoder in Kludex/uvicorn#2927

Full Changelog: Kludex/uvicorn@0.46.0...0.47.0

Changelog

Sourced from uvicorn[standard]'s changelog.

0.47.0 (May 14, 2026)

Added

• Add ssl_context_factory for custom SSLContext configuration (#2920)

Changed

• Eagerly import the ASGI app in the parent process (#2919)

Fixed

• Treat fd=0 as a valid file descriptor with reload/workers (#2927)

0.46.0 (April 23, 2026)

Added

• Support ws_max_size in wsproto implementation (#2915)
• Support ws_ping_interval and ws_ping_timeout in wsproto implementation (#2916)

Changed

• Use bytearray for incoming WebSocket message buffer in websockets-sansio (#2917)

0.45.0 (April 21, 2026)

Added

• Add --reset-contextvars flag to isolate ASGI request context (#2912)
• Accept os.PathLike for log_config (#2905)
• Accept log_level strings case-insensitively (#2907)

Changed

• Revert "Emit http.disconnect on server shutdown for streaming responses" (#2913)
• Revert "Explicitly start ASGI run with empty context" (#2911)

Fixed

• Preserve forwarded client ports in proxy headers middleware (#2903)
• Raise helpful ImportError when PyYAML is missing for YAML log config (#2906)

0.44.0 (April 6, 2026)

Added

• Implement websocket keepalive pings for websockets-sansio (#2888)

0.43.0 (April 3, 2026)

... (truncated)

Commits

• 479a2c0 Version 0.47.0 (#2937)
• 89347fd Add 7-day cooldown for dependency resolution via uv exclude-newer (#2936)
• 767315b Drop unused contents/actions permissions from zizmor workflow (#2935)
• f25ee43 chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (#2933)
• 8782666 Fix typo in docs/deployment/index.md. (#2932)
• ad5ff87 Treat fd=0 as a valid file descriptor with reload/workers (#2927)
• 6761b2c Remove Hugging Face sponsor block from docs (#2923)
• 438f648 Surface sponsors on welcome page and sidebar (#2921)
• 10ddc6d Add ssl_context_factory for custom SSLContext configuration (#2920)
• b499bc4 Eagerly import the ASGI app in the parent process (#2919)
• See full diff in compare view

Updates sse-starlette from 3.4.2 to 3.4.4

Release notes

Sourced from sse-starlette's releases.

v3.4.4

Full Changelog: sysid/sse-starlette@v3.4.3...v3.4.4

v3.4.3

What's Changed

• chore(deps): bump granian from 2.6.0 to 2.7.4 by @​dependabot[bot] in sysid/sse-starlette#185
• chore(deps): bump urllib3 from 2.6.3 to 2.7.0 by @​dependabot[bot] in sysid/sse-starlette#186

Full Changelog: sysid/sse-starlette@v3.4.2...v3.4.3

Commits

• e093395 Bump version to 3.4.4
• a6799e1 new release workflow
• d033a97 Bump version to 3.4.3
• 6a34c6a Merge pull request #186 from sysid/dependabot/uv/urllib3-2.7.0
• e0be426 chore(deps): bump urllib3 from 2.6.3 to 2.7.0
• d8d43ab Merge pull request #185 from sysid/dependabot/uv/granian-2.7.4
• 5854ac0 chore(deps): bump granian from 2.6.0 to 2.7.4
• See full diff in compare view

Updates pydantic-settings from 2.14.0 to 2.14.1

Release notes

Sourced from pydantic-settings's releases.

v2.14.1

What's Changed

• Bump the python-packages group with 4 updates by @​dependabot[bot] in pydantic/pydantic-settings#850
• Bump the python-packages group with 5 updates by @​dependabot[bot] in pydantic/pydantic-settings#854
• Bump the github-actions group with 3 updates by @​dependabot[bot] in pydantic/pydantic-settings#853
• Bump the python-packages group with 2 updates by @​dependabot[bot] in pydantic/pydantic-settings#856
• Fix field named cls conflicting with classmethod parameter by @​hramezani in pydantic/pydantic-settings#858
• Prepare release 2.14.1 by @​hramezani in pydantic/pydantic-settings#859

Full Changelog: pydantic/pydantic-settings@v2.14.0...v2.14.1

Commits

• e95c30b Prepare release 2.14.1 (#859)
• 0c87345 Fix field named cls conflicting with classmethod parameter (#858)
• 7bd0072 Bump the python-packages group with 2 updates (#856)
• b03e573 Bump the github-actions group with 3 updates (#853)
• eaa3b43 Bump the python-packages group with 5 updates (#854)
• 9f95615 Bump the python-packages group with 4 updates (#850)
• See full diff in compare view

Updates asyncssh from 2.22.0 to 2.23.0

Changelog

Sourced from asyncssh's changelog.

Release 2.23.0 (8 May 2026)

• Added support for "Match localnetwork". Thanks go to Théophile Bastian for reporting this new match type, added in OpenSSH 9.4.

• Enabled support for RSA with SHA-2 signatures in ssh-agent and Pageant. Thanks go to GitHub user Netzvamp for reporting this.

• Changed MAC algorithm negotation to be skipped when using AEAD ciphers. Thanks go to GitHub user LilleCarl for reporting this issue and suggesting a potential fix.

• Improved graceful termination when using ProxyCommand, waiting for the ProxyCommand tunnel to close when cleaning up a connection. Thanks go to Simon Liétar for reporting this issue and helping to investigate possible solutions.

• Blocked unsafe user substitutions from being used in server config. Thanks go to GitHub user 0xHunSec for reporting this problem and providing reproduction code.

• Fixed an issue with config evaluation when "Match final" was combined with Hostname directives. Thanks go to GitHub user commonism for reporting this issue and coming up with a reproducible test case and a potential fix.

• Fixed a resource leak in xauth support. Thanks go to GitHub user taovinci0 for reporting this problem and providing an initial version of a fix.

• Fixed issue with multi-hop ProxyJump directives in a config file not working correctly. Thanks go to Rémi Benoit for reporting this problem and providing a detailed root cause analysis.

• Fixed string encoding in SFTPName objects returned by realpath(). Thanks go to GitHub user vivodi for reporting this and providing reproduction code.

Commits

• c060703 Bump version number up to 2.23.0 and update change log
• 2af2382 Catch unsafe user substitutions in config
• a9dba89 Fix string encoding in SFTPName objects returned by realpath()
• d2653a1 Work around import issue introduced in fido2 version 2.2.0
• ff9745f Fix latest mypy issues
• 5972676 Add unit test for server advertising an empty list of MAC algs
• 049eaad Skip MAC address selection when AEAD ciphers are selected
• 038b440 Fix line wrapping
• b80da41 Fix NameError in PQDH when handling invalid algorithms
• 94a996c Update documentation for SSHServer.server_requested
• Additional commits viewable in compare view

Updates ruff from 0.15.12 to 0.15.13

Release notes

Sourced from ruff's releases.

0.15.13

Release Notes

Released on 2026-05-14.

Preview features

• Add a rule to flag lazy imports that are eagerly evaluated (#25016)
• [pylint] Standardize diagnostic message (PLR0914, PLR0917) (#24996)

Bug fixes

• Fix F811 false positive for class methods (#24933)
• Fix setting selection for multi-folder workspace (#24819)
• [eradicate] Fix false positive for lines with leading whitespace (ERA001) (#25122)
• [flake8-pyi] Fix false positive for f-string debug specifier (PYI016) (#24098)

Rule changes

• Always include panic payload in panic diagnostic message (#24873)
• Restrict PYI034 for in-place operations to enclosing class (#24511)
• Improve error message for parameters that are declared global (#24902)
• Update known stdlib (#25103)

Performance

• [isort] Avoid constructing glob::Patterns for literal known modules (#25123)

CLI

• Add TOML examples to --config help text (#25013)
• Colorize ruff check 'All checks passed' (#25085)

Configuration

• Increase max allowed value of line-length setting (#24962)

Documentation

• Add D203 to rules that conflict with the formatter (#25044)
• Clarify COM819 and formatter interaction (#25045)
• Clarify that NotImplemented is a value, not an exception (F901) (#25054)
• Update number of lint rules supported (#24942)

Other changes

• Simplify the playground's markdown template (#24924)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.13

Released on 2026-05-14.

Preview features

• Add a rule to flag lazy imports that are eagerly evaluated (#25016)
• [pylint] Standardize diagnostic message (PLR0914, PLR0917) (#24996)

Bug fixes

• Fix F811 false positive for class methods (#24933)
• Fix setting selection for multi-folder workspace (#24819)
• [eradicate] Fix false positive for lines with leading whitespace (ERA001) (#25122)
• [flake8-pyi] Fix false positive for f-string debug specifier (PYI016) (#24098)

Rule changes

• Always include panic payload in panic diagnostic message (#24873)
• Restrict PYI034 for in-place operations to enclosing class (#24511)
• Improve error message for parameters that are declared global (#24902)
• Update known stdlib (#25103)

Performance

• [isort] Avoid constructing glob::Patterns for literal known modules (#25123)

CLI

• Add TOML examples to --config help text (#25013)
• Colorize ruff check 'All checks passed' (#25085)

Configuration

• Increase max allowed value of line-length setting (#24962)

Documentation

• Add D203 to rules that conflict with the formatter (#25044)
• Clarify COM819 and formatter interaction (#25045)
• Clarify that NotImplemented is a value, not an exception (F901) (#25054)
• Update number of lint rules supported (#24942)

Other changes

• Simplify the playground's markdown template (#24924)

Contributors

• @​MichaReiser

... (truncated)

Commits

• 2afb467 Bump 0.15.13 (#25157)
• 3008796 [ty] classify TypeVar semantic tokens as type parameters (#24891)
• 79470e3 [isort] Avoid constructing glob::Patterns for literal known modules (#25123)
• 2522549 Remove shellcheck from prek (#25154)
• 7db7170 [ty] Support TypedDict key completions in incomplete, anonymous contexts (#25...
• bb3dd53 [ty] Run full iteration analysis on narrowed typevars (#25143)
• 828cdb7 [ty] Isolate file-watching test environment (#25151)
• 89e1d86 [ty] Preserve TypedDict keys through dict unpacking (#24523)
• 86f3064 [ty] Avoid accessing args[0] for static_assert (#25149)
• ed819f9 [ty] Treat custom enum __new__ values as dynamic (#25136)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions