chore(deps): bump the python-deps group with 15 updates by dependabot[bot] · Pull Request #19 · jgoy-labs/server-nexe

dependabot · 2026-04-19T14:54:07Z

Updates the requirements on fastapi, starlette, uvicorn, pydantic, httpx, qdrant-client, click, rich, typer, python-dotenv, numpy, prometheus-client, tenacity, psutil and huggingface-hub to permit the latest version.
Updates fastapi from 0.128.8 to 0.136.0

Release notes

Sourced from fastapi's releases.

0.136.0

Upgrades

⬆️ Support free-threaded Python 3.14t. PR #15149 by @svlandeg.

0.135.4

Refactors

🔥 Remove April Fool's @app.vibe() 🤪. PR #15363 by @tiangolo.

Internal

⬆ Bump cryptography from 46.0.5 to 46.0.7. PR #15314 by @dependabot[bot].

⬆ Bump strawberry-graphql from 0.307.1 to 0.312.3. PR #15309 by @dependabot[bot].

🔨 Add pre-commit hook to ensure latest release header has date. PR #15293 by @YuriiMotov.

0.135.3

Features

✨ Add support for @app.vibe(). PR #15280 by @tiangolo.

New docs: Vibe Coding.

Docs

✏️ Fix typo for client_secret in OAuth2 form docstrings. PR #14946 by @bysiber.

Internal

👥 Update FastAPI People - Experts. PR #15279 by @tiangolo.

⬆ Bump orjson from 3.11.7 to 3.11.8. PR #15276 by @dependabot[bot].

⬆ Bump ruff from 0.15.0 to 0.15.8. PR #15277 by @dependabot[bot].

👥 Update FastAPI GitHub topic repositories. PR #15274 by @tiangolo.

⬆ Bump fastmcp from 2.14.5 to 3.2.0. PR #15267 by @dependabot[bot].

👥 Update FastAPI People - Contributors and Translators. PR #15270 by @tiangolo.

⬆ Bump requests from 2.32.5 to 2.33.0. PR #15228 by @dependabot[bot].

👷 Add ty check to lint.sh. PR #15136 by @svlandeg.

0.135.2

Upgrades

⬆️ Increase lower bound to pydantic >=2.9.0. and fix the test suite. PR #15139 by @svlandeg.

Docs

📝 Add missing last release notes dates. PR #15202 by @tiangolo.

📝 Update docs for contributors and team members regarding translation PRs. PR #15200 by @YuriiMotov.

💄 Fix code blocks in reference docs overflowing table width. PR #15094 by @YuriiMotov.

📝 Fix duplicated words in docstrings. PR #15116 by @AhsanSheraz.

📝 Add docs for pyproject.toml with entrypoint. PR #15075 by @tiangolo.

📝 Update links in docs to no longer use the classes external-link and internal-link. PR #15061 by @tiangolo.

... (truncated)

Commits

708606c 🔖 Release version 0.136.0
13be6a3 📝 Update release notes
4b26487 ⬆️ Support free-threaded Python 3.14t (#15149)
f796c34 🔖 Release version 0.135.4
09d1d1c 📝 Update release notes
ae4e45c 🔥 Remove April Fool's @app.vibe() 🤪 (#15363)
9653034 📝 Update release notes
6f9a102 ⬆ Bump cryptography from 46.0.5 to 46.0.7 (#15314)
eba8942 📝 Update release notes
77d080c ⬆ Bump strawberry-graphql from 0.307.1 to 0.312.3 (#15309)
Additional commits viewable in compare view

Updates starlette to 1.0.0

Release notes

Sourced from starlette's releases.

Version 1.0.0

Starlette 1.0 is here! 🎉

After nearly eight years since its creation, Starlette has reached its first stable release.

A special thank you to @lovelydinosaur, the creator of Starlette, Uvicorn, HTTPX and MkDocs, whose work helped to lay the foundation for the modern async Python ecosystem. 🙏

Thank you to @adriangb, @graingert, @agronholm, @florimondmanca, @aminalaee, @tiangolo, @alex-oleshkevich, @abersheeran, and @uSpike for helping make Starlette what it is today. And to all my sponsors - especially @tiangolo, @huggingface, and @elevenlabs - thank you for your support!

Thank you to all 290+ contributors who have shaped Starlette over the years! ❤️

Read more on the blog post.

Check out the full release notes at https://www.starlette.io/release-notes/#100-march-22-2026

Full Changelog: Kludex/starlette@1.0.0rc1...1.0.0

Changelog

Sourced from starlette's changelog.

1.0.0 (March 22, 2026)

Starlette 1.0 is here!

After nearly eight years since its creation, Starlette has reached its first stable release. Thank you to everyone who tested the release candidate and reported issues.

You can read more on the blog post.

Added

Track session access and modification in SessionMiddleware #3166.

Fixed

Handle websocket denial responses in StreamingResponse and FileResponse #3189.

Use bytearray for field accumulation in FormParser #3179.

Move parser.finalize() inside try/except in MultiPartParser.parse() #3153.

1.0.0rc1 (February 23, 2026)

We're ready! I'm thrilled to announce the first release candidate for Starlette 1.0.

Starlette was created in June 2018 by Tom Christie, and has been on ZeroVer for years. Today, it's downloaded almost 10 million times a day, serves as the foundation for FastAPI, and has inspired many other frameworks. In the age of AI, Starlette continues to play an important role as a dependency of the Python MCP SDK.

This release focuses on removing deprecated features that were marked for removal in 1.0.0, along with some last minute bug fixes. It's a release candidate, so we can gather feedback from the community before the final 1.0.0 release soon.

A huge thank you to all the contributors who have helped make Starlette what it is today. In particular, I'd like to recognize:

Kim Christie - The original creator of Starlette, Uvicorn, and MkDocs, and the current maintainer of HTTPX. Kim's work helped lay the foundation for the modern async Python ecosystem.

Adrian Garcia Badaracco - One of the smartest people I know, whom I have the pleasure of working with at Pydantic.

Thomas Grainger - My async teacher, always ready to help with questions.

Alex Grönholm - Another async mentor, always prompt to help with questions.

Florimond Manca - Always present in the early days of both Starlette and Uvicorn, and helped a lot in the ecosystem.

Amin Alaee - Contributed a lot with file-related PRs.

Sebastián Ramírez - Maintains FastAPI upstream, and always in contact to help with upstream issues.

Alex Oleshkevich - Helped a lot on templates and many discussions.

abersheeran - My go-to person when I need help on many subjects.

I'd also like to thank my sponsors for their support. A special thanks to @tiangolo, @huggingface, and @elevenlabs for their generous sponsorship, and to all my other sponsors:

... (truncated)

Commits

0e88e92 Version 1.0.0 (#3178)
9ee9519 Handle websocket denial responses in streaming and file responses (#3189)
a0bcc26 chore(deps-dev): bump black from 26.1.0 to 26.3.1 (#3183)
79b3f26 chore(deps-dev): bump the python-packages group with 7 updates (#3168)
789b926 Use bytearray for field accumulation in FormParser (#3179)
a1fd9d8 docs: fix typo in routing.md (#3176)
c14d0f7 Document session cookie security flags (#3169)
c2e2878 Move parser.finalize() inside try/except in MultiPartParser.parse() (#3153)
89630a8 chore(deps): bump the github-actions group with 3 updates (#3167)
4647e53 Track session access and modification in SessionMiddleware (#3166)
Additional commits viewable in compare view

Updates uvicorn from 0.34.3 to 0.44.0

Release notes

Sourced from uvicorn's releases.

Version 0.44.0

What's Changed

Implement websocket keepalive pings for websockets-sansio by @Kludex in Kludex/uvicorn#2888

Full Changelog: Kludex/uvicorn@0.43.0...0.44.0

Version 0.43.0

Changed

Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)

Use native context parameter for create_task on Python 3.11+ (#2859)

Drop cast in ASGI types (#2875)

Full Changelog: Kludex/uvicorn@0.42.0...0.43.0

Version 0.42.0

Changed

Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

Escape brackets and backslash in httptools HEADER_RE regex (#2824)

Fix multiple issues in websockets sans-io implementation (#2825)

New Contributors

@bysiber made their first contribution in Kludex/uvicorn#2825

Full Changelog: Kludex/uvicorn@0.41.0...0.42.0

Version 0.41.0

Added

Add --limit-max-requests-jitter to stagger worker restarts (#2707)

Add socket path to scope["server"] (#2561)

Changed

Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

Ignore permission denied errors in watchfiles reloader (#2817)

... (truncated)

Changelog

Sourced from uvicorn's changelog.

0.44.0 (April 6, 2026)

Added

Implement websocket keepalive pings for websockets-sansio (#2888)

0.43.0 (April 3, 2026)

You can quit Uvicorn now. We heard you, @pamelafox - all 47 of your Ctrl+C's (thanks for flagging it, and thanks to @tiangolo for the fix 🙏). See the tweet.

Changed

Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)

Use native context parameter for create_task on Python 3.11+ (#2859)

Drop cast in ASGI types (#2875)

0.42.0 (March 16, 2026)

Changed

Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

Escape brackets and backslash in httptools HEADER_RE regex (#2824)

Fix multiple issues in websockets sans-io implementation (#2825)

0.41.0 (February 16, 2026)

Added

Add --limit-max-requests-jitter to stagger worker restarts (#2707)

Add socket path to scope["server"] (#2561)

Changed

Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

Ignore permission denied errors in watchfiles reloader (#2817)

Ensure lifespan shutdown runs when should_exit is set during startup (#2812)

Reduce the log level of 'request limit exceeded' messages (#2788)

0.40.0 (December 21, 2025)

Remove

Drop support for Python 3.9 (#2772)

... (truncated)

Commits

edb54c4 Version 0.44.0 (#2890)
029be08 Implement websocket keepalive pings for websockets-sansio (#2888)
8d397c7 Version 0.43.0 (#2885)
587042d 🐛 Emit http.disconnect ASGI receive() event on server shutting down for s...
c9a75fb chore(deps): bump the github-actions group with 3 updates (#2878)
84fd578 chore(deps): bump pygments from 2.19.2 to 2.20.0 (#2877)
cd52d34 Use native context parameter for create_task on Python 3.11+ (#2859)
5211880 Drop cast in ASGI types (#2875)
1cb8e74 Add websocket 500 fallback header test (#2874)
28efbb2 chore(deps-dev): bump cryptography from 46.0.5 to 46.0.6 (#2873)
Additional commits viewable in compare view

Updates pydantic from 2.10.6 to 2.13.2

Release notes

Sourced from pydantic's releases.

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

Fix ValidationInfo.data missing with model_validate_json() by @davidhewitt in #13079

Full Changelog: pydantic/pydantic@v2.13.0...v2.13.1

v2.13.0 2026-04-13

v2.13.0 (2026-04-13)

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

Packaging

Add zizmor for GitHub Actions workflow linting by @Viicos in #13039

Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by @Viicos in #13064

New Features

Allow default factories of private attributes to take validated model data by @Viicos in #13013

Changes

Warn when serializing fixed length tuples with too few items by @arvindsaripalli in #13016

Fixes

Change type of Any when synthesizing _build_sources for BaseSettings.__init__() signature in the mypy plugin by @Viicos in #13049

Fix model equality when using runtime extra configuration by @Viicos in #13062

New Contributors

@arvindsaripalli made their first contribution in #13016

Full Changelog: pydantic/pydantic@v2.12.0...v2.13.0

v2.13.0b3 2026-03-31

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.13.2 (2026-04-17)

GitHub release

What's Changed

Fixes

Fix ValidationInfo.field_name missing with model_validate_json() by @Viicos in #13084

v2.13.1 (2026-04-15)

GitHub release

What's Changed

Fixes

Fix ValidationInfo.data missing with model_validate_json() by @davidhewitt in #13079

v2.13.0 (2026-04-13)

GitHub release

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

New Features

Allow default factories of private attributes to take validated model data by @Viicos in #13013

Changes

Warn when serializing fixed length tuples with too few items by @arvindsaripalli in #13016

Fixes

Change type of Any when synthesizing _build_sources for BaseSettings.__init__() signature in the mypy plugin by @Viicos in #13049

Fix model equality when using runtime extra configuration by @Viicos in #13062

Packaging

Add zizmor for GitHub Actions workflow linting by @Viicos in #13039

... (truncated)

Commits

ca3ddd1 Prepare release v2.13.2
000e823 Fix ValidationInfo.field_name missing with model_validate_json()
d45d8be Prepare release 2.13.1
54aca60 Fix ValidationInfo.data missing with model_validate_json()
46bf4fa Fix Pydantic release workflow (#13067)
1b359ed Prepare release v2.13.0 (#13065)
b1bf194 Fix model equality when using runtime extra configuration (#13062)
17a35e3 Update jiter to v0.14.0 (#13064)
feea402 Use simulation mode in Codspeed CI (#13063)
671c9b0 Add basic benchmarks for model equality (#13061)
Additional commits viewable in compare view

Updates httpx from 0.27.2 to 0.28.1

Release notes

Sourced from httpx's releases.

Version 0.28.1

0.28.1 (6th December, 2024)

Fix SSL case where verify=False together with client side certificates.

Version 0.28.0

0.28.0 (28th November, 2024)

The 0.28 release includes a limited set of deprecations.

Deprecations:

We are working towards a simplified SSL configuration API.

For users of the standard verify=True or verify=False cases, or verify=<ssl_context> case this should require no changes. The following cases have been deprecated...

The verify argument as a string argument is now deprecated and will raise warnings.

The cert argument is now deprecated and will raise warnings.

Our revised SSL documentation covers how to implement the same behaviour with a more constrained API.

The following changes are also included:

The deprecated proxies argument has now been removed.

The deprecated app argument has now been removed.

JSON request bodies use a compact representation. (#3363)

Review URL percent escape sets, based on WHATWG spec. (#3371, #3373)

Ensure certifi and httpcore are only imported if required. (#3377)

Treat socks5h as a valid proxy scheme. (#3178)

Cleanup Request() method signature in line with client.request() and httpx.request(). (#3378)

Bugfix: When passing params={}, always strictly update rather than merge with an existing querystring. (#3364)

Changelog

Sourced from httpx's changelog.

0.28.1 (6th December, 2024)

Fix SSL case where verify=False together with client side certificates.

0.28.0 (28th November, 2024)

Be aware that the default JSON request bodies now use a more compact representation. This is generally considered a prefered style, tho may require updates to test suites.

The 0.28 release includes a limited set of deprecations...

Deprecations:

We are working towards a simplified SSL configuration API.

For users of the standard verify=True or verify=False cases, or verify=<ssl_context> case this should require no changes. The following cases have been deprecated...

The verify argument as a string argument is now deprecated and will raise warnings.

The cert argument is now deprecated and will raise warnings.

Our revised SSL documentation covers how to implement the same behaviour with a more constrained API.

The following changes are also included:

The deprecated proxies argument has now been removed.

The deprecated app argument has now been removed.

JSON request bodies use a compact representation. (#3363)

Review URL percent escape sets, based on WHATWG spec. (#3371, #3373)

Ensure certifi and httpcore are only imported if required. (#3377)

Treat socks5h as a valid proxy scheme. (#3178)

Cleanup Request() method signature in line with client.request() and httpx.request(). (#3378)

Bugfix: When passing params={}, always strictly update rather than merge with an existing querystring. (#3364)

Commits

26d48e0 Version 0.28.1 (#3445)
89599a9 Fix verify=False, cert=... case. (#3442)
8ecb86f Add test for request params behavior changes (#3364) (#3440)
0cb7e5a Bump the python-packages group with 11 updates (#3434)
15e21e9 Updating deprecated docstring Client() class (#3426)
80960fa Version 0.28.0. (#3419)
a33c878 Fix extensions type annotation. (#3380)
ce7e14d Error on verify as str. (#3418)
47f4a96 Handle empty zstd responses (#3412)
189fc4b Update CHANGELOG.md, fix typo(s) (#3406)
Additional commits viewable in compare view

Updates qdrant-client from 1.16.1 to 1.17.1

Release notes

Sourced from qdrant-client's releases.

v1.17.1

Change Log

Features 🌊

#1162 - add a way to provide custom headers in http and grpc by @Anush008 @joein

#1166 - do not use fastembed for bm25 inference with hosted qdrant by @joein

Fixes 🔧

#1169 - do not modify date filters in local mode by @jnMetaCode

#1168 - run server version check in a thread to avoid blocking async client by @joein

#1157 - fix type hint error in grpc_uploader with older versions of protobuf by @joein

Thanks to everyone who contributed to the current release! @jnMetaCode @Anush008 @joein

v1.17.0

Change Log

Features 🚢

#1154 - introduce relevance feedback, add enable_hnsw option to payload indexes, add timeouts to upsert methods, weighted RRF, and more by @joein @coszio @generall

Fixes ⚙️

#1138 - fix score threshold for fusion queries by @cbcoutinho

Thanks to everyone who contributed to the current release! @cbcoutinho @generall @coszio @joein

v1.16.2

Change Log

Deprecations ⏳

#1110 - drop python3.9 support by @joein

Fixes ⚙️

#1132- adjust numpy versioning by @joein

#1133 - propagate lookup_from correctly in query_points_groups by @joein

#1134 - fix qdrant-client import in read-only systems by @holyMolyTolli

Thanks to everyone who contributed to the current release! @holyMolyTolli @joein

Commits

cd5eb25 bump version to v1.17.1
1699d30 feat: Add support for custom headers (#1162)
a410b9d fix: do not modify payload filters in local mode in-place (#1169)
7a01e54 new: run server version check in a thread, don't check bm25 availabil… (#1168)
cb4af4f deprecate: completely replace fastembed bm25 with qdrant core bm25 in hosted ...
2763397 fix: fix type hint union with grpc enum with old protobuf (#1157)
e7101dc bump version to v1.17.0
e50eb17 Update models 1.17 (#1154)
5234450 fix: apply score_threshold filtering after fusion queries in local mode (#1138)
49fa101 bump version to 1.16.2
Additional commits viewable in compare view

Updates click from 8.1.7 to 8.3.2

Release notes

Sourced from click's releases.

8.3.2

This is the Click 8.3.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.3.2/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-2 Milestone: https://github.com/pallets/click/milestone/29

Fix handling of flag_value when is_flag=False to allow such options to be used without an explicit value. #3084 #3152

Hide Sentinel.UNSET values as None when using lookup_default(). #3136 #3199 #3202 #3209 #3212 #3224

Prevent _NamedTextIOWrapper from closing streams owned by StreamMixer. #824 #2991 #2993 #3110 #3139 #3140

Add comprehensive tests for CliRunner stream lifecycle, covering logging interaction, multi-threaded safety, and sequential invocation isolation. Add high-iteration stress tests behind a stress marker with a dedicated CI job. #3139

Fix callable flag_value being instantiated when used as a default via default=True. #3121 #3201 #3213 #3225

8.3.1

This is the Click 8.3.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.3.1/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-1 Milestone: https://github.com/pallets/click/milestone/28

Don't discard pager arguments by correctly using subprocess.Popen. #3039 #3055

Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. #3066 #3065 #3068

Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. #3071 #3079

Fix rendering when prompt and confirm parameter prompt_suffix is empty. #3019 #3021

When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. #3069 #3090

Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. #3136 #3137

8.3.0

This is the Click 8.3.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.

We encourage everyone to upgrade. You can read more about our Version Support Policy on our website.

PyPI: https://pypi.org/project/click/8.3.0/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-0 Milestone https://github.com/pallets/click/milestone/27

Improved flag option handling: Reworked the relationship between flag_value and default parameters for better consistency:

The default parameter value is now preserved as-is and passed directly to CLI functions (no more unexpected transformations)

... (truncated)

Changelog

Sourced from click's changelog.

Version 8.3.2

Released 2026-04-02

Fix handling of flag_value when is_flag=False to allow such options to be used without an explicit value. :issue:3084 :pr:3152

Hide Sentinel.UNSET values as None when using lookup_default(). :issue:3136 :pr:3199 :pr:3202 :pr:3209 :pr:3212 :pr:3224

Prevent _NamedTextIOWrapper from closing streams owned by StreamMixer. :issue:824 :issue:2991 :issue:2993 :issue:3110 :pr:3139 :pr:3140

Add comprehensive tests for CliRunner stream lifecycle, covering logging interaction, multi-threaded safety, and sequential invocation isolation. Add high-iteration stress tests behind a stress marker with a dedicated CI job. :pr:3139

Fix callable flag_value being instantiated when used as a default via default=True. :issue:3121 :pr:3201 :pr:3213 :pr:3225

Version 8.3.1

Released 2025-11-15

Don't discard pager arguments by correctly using subprocess.Popen. :issue:3039 :pr:3055

Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. :issue:3066 :issue:3065 :pr:3068

Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. :issue:3071 :pr:3079

Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. :issue:3136 :pr:3137

Fix rendering when prompt and confirm parameter prompt_suffix is empty. :issue:3019 :pr:3021

When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. :issue:3069 :pr:3090

Version 8.3.0

Released 2025-09-17

Improved flag option handling: Reworked the relationship between flag_value and default parameters for better consistency:

The default parameter value is now preserved as-is and passed directly to CLI functions (no more unexpected transformations)

Exception: flag options with default=True maintain backward compatibility by defaulting to their flag_value

The default parameter can now be any type (bool, None, etc.)

Fixes inconsistencies reported in: :issue:1992 :issue:2514 :issue:2610

... (truncated)

Commits

052c006 Change update release date.
502b7ce Merge branch 'stable' of https://github.com/pallets/click into release-8.3.2
a0a37e4 Change publish to werkzeug latest. (#3301)
57be6fc Change publish to werkzeug latest.
781d6a8 Update publish workflows (#3266)
ff795b6 Update precommit pins with tox
dd87ef4 Update github action pins with tox
93d3f9d Release version 8.3.2
3299ba1 Add missing PR to changelog. (#3264)
b7f62c4 Add missing PR to changelog.
Additional commits viewable in compare view

Updates rich from 13.7.0 to 15.0.0

Release notes

Sourced from rich's releases.

The So Long 3.8 Release

A few fixes. The major version bump is to honor the passing of 3.8 support which reached its EOL in October 7, 2024

[15.0.0] - 2026-04-12

Changed

Breaking change: Dropped support for Python3.8

Fixed

Fixed empty print ignoring the end parameter Textualize/rich#4075

Fixed Text.from_ansi removing newlines Textualize/rich#4076

Fixed FileProxy.isatty not proxying Textualize/rich#4077

Fixed inline code in Markdown tables cells Textualize/rich#4079

The Faster Startup Release

No new features in this release, but there should be improved startup time for Rich apps, and potentially improved runtime if you have a lot of links.

[14.3.4] - 2026-04-11

Changed

Improved import time with lazy loading Textualize/rich#4070

Changed link id generation to avoid random number generation at runtime Textualize/rich#3845

The infinite Release

Fixed a infinite loop in split_graphemes

[14.3.3] - 2026-02-19

Fixed

Fixed infinite loop with cells.split_graphemes Textualize/rich#4006

The ZWJy release

A fix for cell_len edge cases

[14.3.2] - 2026-02-01

Fixed

Fixed solo ZWJ crash Textualize/rich#3953

Fixed control codes reporting width of 1 Textualize/rich#3953

The Nerdy Fix release

Fixed issue with characters outside of unicode range reporting 0 cell size

[14.3.1] - 2026-01-24

... (truncated)

Changelog

Sourced from rich's changelog.

[15.0.0] - 2026-04-12

Changed

Breaking change: Dropped support for Python3.8

Fixed

Fixed empty print ignoring the end parameter Textualize/rich#4075

Fixed Text.from_ansi removing newlines Textualize/rich#4076

Fixed FileProxy.isatty not proxying Textualize/rich#4077

Fixed inline code in Markdown tables cells Textualize/rich#4079

[14.3.4] - 2026-04-11

Changed

Improved import time with lazy loading Textualize/rich#4070

Changed link id generation to avoid random number generation at runtime Textualize/rich#3845

[14.3.3] - 2026-02-19

Fixed

Fixed infinite loop with cells.split_graphemes Textualize/rich#4006

[14.3.2] - 2026-02-01

Fixed

Fixed solo ZWJ crash Textualize/rich#3953

Fixed control codes reporting width of 1 Description has been truncated

Updates the requirements on [fastapi](https://github.com/fastapi/fastapi), [starlette](https://github.com/Kludex/starlette), [uvicorn](https://github.com/Kludex/uvicorn), [pydantic](https://github.com/pydantic/pydantic), [httpx](https://github.com/encode/httpx), [qdrant-client](https://github.com/qdrant/qdrant-client), [click](https://github.com/pallets/click), [rich](https://github.com/Textualize/rich), [typer](https://github.com/fastapi/typer), [python-dotenv](https://github.com/theskumar/python-dotenv), [numpy](https://github.com/numpy/numpy), [prometheus-client](https://github.com/prometheus/client_python), [tenacity](https://github.com/jd/tenacity), [psutil](https://github.com/giampaolo/psutil) and [huggingface-hub](https://github.com/huggingface/huggingface_hub) to permit the latest version. Updates `fastapi` from 0.128.8 to 0.136.0 - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.128.8...0.136.0) Updates `starlette` to 1.0.0 - [Release notes](https://github.com/Kludex/starlette/releases) - [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md) - [Commits](Kludex/starlette@0.49.1...1.0.0) Updates `uvicorn` from 0.34.3 to 0.44.0 - [Release notes](https://github.com/Kludex/uvicorn/releases) - [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md) - [Commits](Kludex/uvicorn@0.34.3...0.44.0) Updates `pydantic` from 2.10.6 to 2.13.2 - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/v2.13.2/HISTORY.md) - [Commits](pydantic/pydantic@v2.10.6...v2.13.2) Updates `httpx` from 0.27.2 to 0.28.1 - [Release notes](https://github.com/encode/httpx/releases) - [Changelog](https://github.com/encode/httpx/blob/master/CHANGELOG.md) - [Commits](encode/httpx@0.27.2...0.28.1) Updates `qdrant-client` from 1.16.1 to 1.17.1 - [Release notes](https://github.com/qdrant/qdrant-client/releases) - [Commits](qdrant/qdrant-client@v1.16.1...v1.17.1) Updates `click` from 8.1.7 to 8.3.2 - [Release notes](https://github.com/pallets/click/releases) - [Changelog](https://github.com/pallets/click/blob/main/CHANGES.rst) - [Commits](pallets/click@8.1.7...8.3.2) Updates `rich` from 13.7.0 to 15.0.0 - [Release notes](https://github.com/Textualize/rich/releases) - [Changelog](https://github.com/Textualize/rich/blob/master/CHANGELOG.md) - [Commits](Textualize/rich@v13.7.0...v15.0.0) Updates `typer` from 0.9.0 to 0.24.1 - [Release notes](https://github.com/fastapi/typer/releases) - [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md) - [Commits](fastapi/typer@0.9.0...0.24.1) Updates `python-dotenv` from 1.2.1 to 1.2.2 - [Release notes](https://github.com/theskumar/python-dotenv/releases) - [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md) - [Commits](theskumar/python-dotenv@v1.2.1...v1.2.2) Updates `numpy` from 1.26.4 to 2.4.4 - [Release notes](https://github.com/numpy/numpy/releases) - [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst) - [Commits](numpy/numpy@v1.26.4...v2.4.4) Updates `prometheus-client` from 0.19.0 to 0.25.0 - [Release notes](https://github.com/prometheus/client_python/releases) - [Commits](prometheus/client_python@v0.19.0...v0.25.0) Updates `tenacity` from 9.1.2 to 9.1.4 - [Release notes](https://github.com/jd/tenacity/releases) - [Commits](jd/tenacity@9.1.2...9.1.4) Updates `psutil` from 5.9.8 to 7.2.2 - [Changelog](https://github.com/giampaolo/psutil/blob/master/docs/changelog.rst) - [Commits](giampaolo/psutil@v5.9.8...v7.2.2) Updates `huggingface-hub` from 0.36.2 to 1.11.0 - [Release notes](https://github.com/huggingface/huggingface_hub/releases) - [Commits](huggingface/huggingface_hub@v0.36.2...v1.11.0) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.136.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: starlette dependency-version: 1.0.0 dependency-type: direct:production dependency-group: python-deps - dependency-name: uvicorn dependency-version: 0.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: pydantic dependency-version: 2.13.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: httpx dependency-version: 0.28.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: qdrant-client dependency-version: 1.17.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: click dependency-version: 8.3.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: rich dependency-version: 15.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: python-deps - dependency-name: typer dependency-version: 0.24.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: python-dotenv dependency-version: 1.2.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-deps - dependency-name: numpy dependency-version: 2.4.4 dependency-type: direct:production update-type: version-update:semver-major dependency-group: python-deps - dependency-name: prometheus-client dependency-version: 0.25.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-deps - dependency-name: tenacity dependency-version: 9.1.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-deps - dependency-name: psutil dependency-version: 7.2.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: python-deps - dependency-name: huggingface-hub dependency-version: 1.11.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: python-deps ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-04-26T14:53:21Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

… Cluster 6) PEP 484 forbids implicit Optional. Annotates Optional[X] = None in: - core/config.py:261 — get_module_allowlist(config) (#5) - core/cli/utils/api_client.py:29 — NexeAPIClient.__init__(base_url) (#9) - core/cli/chat_cli.py:99 — _format_stats_line(model_name) (#19) - core/endpoints/chat.py:67 — _get_system_prompt(lang) (#59) The dependent arg-type finding #28 (chat_cli.py:423 forwarding the dict value to _format_stats_line) disappears via the #19 fix. 5 mypy findings closed in one edit, no behavioural change.

… nous Release consolidada v0.9.0 resultant de dues fases de treball: ## Fase 1 — Sprints 0-4 vacances 2-5 abril (42 bugs) Coordinat en sessions independents: - **Sprint 0-1**: memoria v1 (Qdrant embedded singleton, SessionManager v1) - **Sprint 2**: fix critic tray.py bloqueja teclat (_RamMonitor background) - **Sprint 3**: 13 bugs test instal·lacio neta + 5 fixes installer - #12 guard thinking+MEM_SAVE, #13 labels col·leccions, #14 pantalla benvinguda clickable, #15 i18n general, #16 tray nom+versio, #17 tray link web, #20 SEC-004 MIME validation - Installer: select_model() prompt_tier+chat_format, validacio Metal MLX - **Sprint 4**: refactoring — helpers extrets (ollama_helpers.py, tray_monitor.py, lifespan_modules.py), DEFAULT_VECTOR_SIZE constant, i18n get_message() complet - **Director 01/04**: 5 UX features (copy, sidebar, rename, donate, X doc) + 3 memory fixes (MEM_SAVE post-render strip, XSS fix, race condition Lock, [MEM:N] token mismatch) Auditoria global final APTE (2026-04-02). ## Fase 2 — HOMAD 2026-04-06 (27 bugs + Ollama GUI) 3 blocs de bugs del fitxer bugs-server-nexe.md (pre-release test): **Bloc 1 — Critics (5)** - #7 Reinstal·lacio 3 modes (wipe/overwrite/backup) + stop server + Keychain - #8 TOCTOU master key (os.open atomic) - #10 DreamingCycle connection leak (6/6 funcions) - #29 Phi-3.5 fora del cataleg - Ollama GUI: ollama serve headless (no open -a Ollama al Dock) **Bloc 2 — Mitjana (12)** - #21 validate_string_input API v1 - #22 auth 21 endpoints + docs gated - #17 MEM_SAVE injection strict (whitelist Unicode, blacklist) - #32 history_floor context budget - #15 Ollama breaker semantic (4xx no infra) - #16 SessionManager RLock reentrant - #19 MLX cache singleton double-checked locking - #11 Bootstrap token renewal + retry backoff (1,5,30) - #13 Qdrant pool flush + logger.warning - #20 Module cycles consumer + startup summary - #9 SQL MIN portable (Python min()) - #28 Installer --skip-model-download **Bloc 3 — Baixa (11)** - #3 HF_TOKEN warning silenciat - #4 ANSI constants buides sense TTY - #5 Qdrant didactic isatty guards - #6 warnings position_ids + Some weights filtered - #12 discover_modules early return - #14 TQDM_DISABLE runtime servidor - #18 encoding fallback utf-8 → cp1252 → latin-1 - #23 Ollama no silent fallback → HTTPException 404 - #26 _backend_model_exists best-effort + logger mitigant - #27 _BACKEND_ALIASES backwards-compat - #30 Info.plist LSUIElement=false verificats Workflow HOMAD: Dev paral·lels (Opus) + 9 passades Consultor independents amb Dev D intermedi per findings. Tot verificat al codi real. ## Pytest consolidat **4389 passed**, 7 fails pre-existents (test_chat_unit::test_long_text_truncated, test_root::test_enabled_modules, test_security::test_long_context_truncated, 4× test_memory_helper_async::TestGetMemoryApi), 0 regressions. ## Fitxers nous - core/endpoints/chat_engines/ollama_helpers.py (Sprint 4) - core/lifespan_modules.py (Sprint 4) - installer/tray_monitor.py (Sprint 4) - installer/installer_reinstall.py (Bloc 1 Bug 7) ## Stats - 61 fitxers modificats (57 codi/knowledge/tests/installer/personality + README.md + 3 nous) - +1870 / -674 linies ## Version bump v0.8.5 → v0.9.0 (cataleg, pyproject, README, CHANGELOG, index.html, footer) ## Post-release pendent - Build DMG v0.9.0 (/dmg-nexe) amb tots els fixes - Notaritzacio Apple (re-firma si cal) - Test manual DMG per Bug 30 (icona Dock) + smoke tests release - Webs .org i .com ja desplegades durant vacances NO PUSH en aquest commit — pendent OK explicit Jordi per al tag v0.9.0 final i push a GitHub release.

… Cluster 6) PEP 484 forbids implicit Optional. Annotates Optional[X] = None in: - core/config.py:261 — get_module_allowlist(config) (#5) - core/cli/utils/api_client.py:29 — NexeAPIClient.__init__(base_url) (#9) - core/cli/chat_cli.py:99 — _format_stats_line(model_name) (#19) - core/endpoints/chat.py:67 — _get_system_prompt(lang) (#59) The dependent arg-type finding #28 (chat_cli.py:423 forwarding the dict value to _format_stats_line) disappears via the #19 fix. 5 mypy findings closed in one edit, no behavioural change.

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 19, 2026

dependabot Bot closed this Apr 26, 2026

dependabot Bot deleted the dependabot/pip/python-deps-b99656aacc branch April 26, 2026 14:53

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the python-deps group with 15 updates#19

chore(deps): bump the python-deps group with 15 updates#19
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-deps-b99656aacc

dependabot Bot commented on behalf of github Apr 19, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Apr 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

0.136.0

Upgrades

0.135.4

Refactors

Internal

0.135.3

Features

Docs

Internal

0.135.2

Upgrades

Docs

Version 1.0.0

1.0.0 (March 22, 2026)

Added

Fixed

1.0.0rc1 (February 23, 2026)

Version 0.44.0

What's Changed

Version 0.43.0

Changed

Version 0.42.0

Changed

Fixed

New Contributors

Version 0.41.0

Added

Changed

Fixed

0.44.0 (April 6, 2026)

Added

0.43.0 (April 3, 2026)

Changed

0.42.0 (March 16, 2026)

Changed

Fixed

0.41.0 (February 16, 2026)

Added

Changed

Fixed

0.40.0 (December 21, 2025)

Remove

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

v2.13.0 2026-04-13

v2.13.0 (2026-04-13)

What's Changed

Packaging

New Features

Changes

Fixes

New Contributors

v2.13.0b3 2026-03-31

v2.13.2 (2026-04-17)

What's Changed

Fixes

v2.13.1 (2026-04-15)

What's Changed

Fixes

v2.13.0 (2026-04-13)

What's Changed

New Features

Changes

Fixes

Packaging

Version 0.28.1

0.28.1 (6th December, 2024)

Version 0.28.0

0.28.0 (28th November, 2024)

0.28.1 (6th December, 2024)

0.28.0 (28th November, 2024)

v1.17.1

Change Log

Features 🌊

Fixes 🔧

dependabot Bot commented on behalf of github Apr 19, 2026 •

edited

Loading