Bump the "app-dependencies" group with 1 updates across multiple ecosystems

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the app-dependencies group with 5 updates:

Package	From	To
sqlalchemy	2.0.44	2.0.45
fastapi	0.123.0	0.127.0
typer	0.20.0	0.20.1
pytest	9.0.1	9.0.2
ruff	0.14.7	0.14.10

Updates sqlalchemy from 2.0.44 to 2.0.45

Release notes

Sourced from sqlalchemy's releases.

2.0.45

Released: December 9, 2025

orm

• [orm] [bug] Fixed issue where calling Mapper.add_property() within mapper event hooks such as MapperEvents.instrument_class(), MapperEvents.after_mapper_constructed(), or MapperEvents.before_mapper_configured() would raise an AttributeError because the mapper's internal property collections were not yet initialized. The Mapper.add_property() method now handles early-stage property additions correctly, allowing properties including column properties, deferred columns, and relationships to be added during mapper initialization events. Pull request courtesy G Allajmi.

  References: #12858

• [orm] [bug] Fixed issue in Python 3.14 where dataclass transformation would fail when a mapped class using MappedAsDataclass included a relationship() referencing a class that was not available at runtime (e.g., within a TYPE_CHECKING block). This occurred when using Python 3.14's PEP 649 deferred annotations feature, which is the default behavior without a from __future__ import annotations directive.

  References: #12952

examples

• [examples] [bug] Fixed the "short_selects" performance example where the cache was being used in all the examples, making it impossible to compare performance with and without the cache. Less important comparisons like "lambdas" and "baked queries" have been removed.

sql

• [sql] [bug] Some improvements to the _sql.ClauseElement.params() method to replace bound parameters in a query were made, however the ultimate issue in #12915 involving ORM _orm.aliased() cannot be fixed fully until 2.1, where the method is being rewritten to work without relying on Core cloned traversal.

  References: #12915

• [sql] [bug] Fixed issue where using the ColumnOperators.in_() operator with a nested CompoundSelect statement (e.g. an INTERSECT of UNION queries) would raise a NotImplementedError when the

... (truncated)

Commits

• See full diff in compare view

Updates fastapi from 0.123.0 to 0.127.0

Release notes

Sourced from fastapi's releases.

0.127.0

Breaking Changes

• 🔊 Add deprecation warnings when using pydantic.v1. PR #14583 by @​tiangolo.

Translations

• 🔧 Add LLM prompt file for Korean, generated from the existing translations. PR #14546 by @​tiangolo.
• 🔧 Add LLM prompt file for Japanese, generated from the existing translations. PR #14545 by @​tiangolo.

Internal

• ⬆️ Upgrade OpenAI model for translations to gpt-5.2. PR #14579 by @​tiangolo.

0.126.0

Upgrades

• ➖ Drop support for Pydantic v1, keeping short temporary support for Pydantic v2's pydantic.v1. PR #14575 by @​tiangolo.
  • The minimum version of Pydantic installed is now pydantic >=2.7.0.
  • The standard dependencies now include pydantic-settings >=2.0.0 and pydantic-extra-types >=2.0.0.

Docs

• 📝 Fix duplicated variable in docs_src/python_types/tutorial005_py39.py. PR #14565 by @​paras-verma7454.

Translations

• 🔧 Add LLM prompt file for Ukrainian, generated from the existing translations. PR #14548 by @​tiangolo.

Internal

• 🔧 Tweak pre-commit to allow committing release-notes. PR #14577 by @​tiangolo.
• ⬆️ Use prek as a pre-commit alternative. PR #14572 by @​tiangolo.
• 👷 Add performance tests with CodSpeed. PR #14558 by @​tiangolo.

0.125.0

Breaking Changes

• 🔧 Drop support for Python 3.8. PR #14563 by @​tiangolo.
  • This would actually not be a breaking change as no code would really break. Any Python 3.8 installer would just refuse to install the latest version of FastAPI and would only install 0.124.4. Only marking it as a "breaking change" to make it visible.

Refactors

• ♻️ Upgrade internal syntax to Python 3.9+ 🎉. PR #14564 by @​tiangolo.

Docs

• ⚰️ Remove Python 3.8 from CI and remove Python 3.8 examples from source docs. PR #14559 by @​YuriiMotov and @​tiangolo.

Translations

... (truncated)

Commits

• c4a1ab5 🔖 Release version 0.127.0
• 22c7200 📝 Update release notes
• 6e42bcd 🔊 Add deprecation warnings when using pydantic.v1 (#14583)
• 6513d4d 📝 Update release notes
• 1d93d53 ⬆️ Upgrade OpenAI model for translations to gpt-5.2 (#14579)
• c2c1cc8 📝 Update release notes
• 5289259 🔧 Add LLM prompt file for Korean, generated from the existing translations (#...
• 5783910 📝 Update release notes
• 026b43e 🔧 Add LLM prompt file for Japanese, generated from the existing translations ...
• 6b591dd 📝 Update release notes
• Additional commits viewable in compare view

Updates typer from 0.20.0 to 0.20.1

Release notes

Sourced from typer's releases.

0.20.1

Features

• ✨ Add support for standard tracebacks via the env TYPER_STANDARD_TRACEBACK. PR #1299 by @​colin-nolan.

Fixes

• 🐛 Ensure that options_metavar is passed through correctly. PR #816 by @​gar1t.
• 🐛 Ensure an optional argument is shown in brackets, even when metavar is set. PR #1409 by @​svlandeg.
• 🐛 Ensure that the default rich_markup_mode is interpreted correctly. PR #1304 by @​svlandeg.

Refactors

• ♻️ Refactor the handling of shellingham. PR #1347 by @​nathanjmcdougall.

Docs

• 📝 Ensure that bold letters are rendered correctly in printing.md. PR #1365 by @​svlandeg.
• 🩺 Update test badge to only reflect pushes to master. PR #1414 by @​svlandeg.
• 📝 Update console output on the Rich help formatting page. PR #1430 by @​svlandeg.
• 📝 Update emoji used in Rich help formatting tutorial. PR #1429 by @​svlandeg.
• 📝 Remove duplicate explanation how the path is resolved. PR #956 by @​dennis-rall.
• 📝 Update docs to use Typer() more prominently. PR #1418 by @​svlandeg.
• 💄 Use font 'Fira Code' to fix display of Rich panels in docs in Windows. PR #1419 by @​tiangolo.

Internal

• 🔨 Add --showlocals to test.sh. PR #1169 by @​rickwporter.
• ⬆ Bump ruff from 0.14.6 to 0.14.8. PR #1436 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1434 by @​pre-commit-ci[bot].
• ✅ Update tests to use mod.app . PR #1427 by @​svlandeg.
• ⬆ Bump actions/checkout from 5 to 6. PR #1426 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1425 by @​pre-commit-ci[bot].
• ⬆ Bump ruff from 0.14.5 to 0.14.6. PR #1423 by @​dependabot[bot].
• ⬆ Bump actions/checkout from 5 to 6. PR #1417 by @​dependabot[bot].
• 👷 Upgrade latest-changes GitHub Action and pin actions/checkout@v5. PR #1424 by @​tiangolo.
• 🔧 Upgrade Material for MkDocs and remove insiders. PR #1416 by @​tiangolo.
• ⬆ Bump mkdocs-material from 9.6.23 to 9.7.0. PR #1404 by @​dependabot[bot].
• ⬆ Bump mkdocs-macros-plugin from 1.4.1 to 1.5.0. PR #1406 by @​dependabot[bot].
• ⬆ Bump ruff from 0.14.4 to 0.14.5. PR #1407 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1413 by @​pre-commit-ci[bot].
• ⬆ Bump ruff from 0.14.3 to 0.14.4. PR #1402 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1403 by @​pre-commit-ci[bot].
• ⬆ Bump ruff from 0.14.2 to 0.14.3. PR #1396 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1399 by @​pre-commit-ci[bot].
• ⬆ Bump mkdocs-material from 9.6.22 to 9.6.23. PR #1398 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1394 by @​pre-commit-ci[bot].
• ⬆ Bump ruff from 0.14.1 to 0.14.2. PR #1383 by @​dependabot[bot].
• ⬆ Bump actions/upload-artifact from 4 to 5. PR #1388 by @​dependabot[bot].
• ⬆ Bump mkdocs-macros-plugin from 1.4.0 to 1.4.1. PR #1389 by @​dependabot[bot].

... (truncated)

Changelog

Sourced from typer's changelog.

0.20.1

Features

• ✨ Add support for standard tracebacks via the env TYPER_STANDARD_TRACEBACK. PR #1299 by @​colin-nolan.

Fixes

• 🐛 Ensure that options_metavar is passed through correctly. PR #816 by @​gar1t.
• 🐛 Ensure an optional argument is shown in brackets, even when metavar is set. PR #1409 by @​svlandeg.
• 🐛 Ensure that the default rich_markup_mode is interpreted correctly. PR #1304 by @​svlandeg.

Refactors

• ♻️ Refactor the handling of shellingham. PR #1347 by @​nathanjmcdougall.

Docs

• 📝 Ensure that bold letters are rendered correctly in printing.md. PR #1365 by @​svlandeg.
• 🩺 Update test badge to only reflect pushes to master. PR #1414 by @​svlandeg.
• 📝 Update console output on the Rich help formatting page. PR #1430 by @​svlandeg.
• 📝 Update emoji used in Rich help formatting tutorial. PR #1429 by @​svlandeg.
• 📝 Remove duplicate explanation how the path is resolved. PR #956 by @​dennis-rall.
• 📝 Update docs to use Typer() more prominently. PR #1418 by @​svlandeg.
• 💄 Use font 'Fira Code' to fix display of Rich panels in docs in Windows. PR #1419 by @​tiangolo.

Internal

• 🔨 Add --showlocals to test.sh. PR #1169 by @​rickwporter.
• ⬆ Bump ruff from 0.14.6 to 0.14.8. PR #1436 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1434 by @​pre-commit-ci[bot].
• ✅ Update tests to use mod.app . PR #1427 by @​svlandeg.
• ⬆ Bump actions/checkout from 5 to 6. PR #1426 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1425 by @​pre-commit-ci[bot].
• ⬆ Bump ruff from 0.14.5 to 0.14.6. PR #1423 by @​dependabot[bot].
• ⬆ Bump actions/checkout from 5 to 6. PR #1417 by @​dependabot[bot].
• 👷 Upgrade latest-changes GitHub Action and pin actions/checkout@v5. PR #1424 by @​tiangolo.
• 🔧 Upgrade Material for MkDocs and remove insiders. PR #1416 by @​tiangolo.
• ⬆ Bump mkdocs-material from 9.6.23 to 9.7.0. PR #1404 by @​dependabot[bot].
• ⬆ Bump mkdocs-macros-plugin from 1.4.1 to 1.5.0. PR #1406 by @​dependabot[bot].
• ⬆ Bump ruff from 0.14.4 to 0.14.5. PR #1407 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1413 by @​pre-commit-ci[bot].
• ⬆ Bump ruff from 0.14.3 to 0.14.4. PR #1402 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1403 by @​pre-commit-ci[bot].
• ⬆ Bump ruff from 0.14.2 to 0.14.3. PR #1396 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1399 by @​pre-commit-ci[bot].
• ⬆ Bump mkdocs-material from 9.6.22 to 9.6.23. PR #1398 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1394 by @​pre-commit-ci[bot].
• ⬆ Bump ruff from 0.14.1 to 0.14.2. PR #1383 by @​dependabot[bot].
• ⬆ Bump actions/upload-artifact from 4 to 5. PR #1388 by @​dependabot[bot].

... (truncated)

Commits

• e777d1d 🔖 Release version 0.20.1
• 0cbd43f 📝 Update release notes
• 10f23a4 🐛 Ensure that options_metavar is passed through correctly (#816)
• f61933c 📝 Update release notes
• 2cfdb99 🐛 Ensure an optional argument is shown in brackets, even when metavar is se...
• bc43a7a 📝 Update release notes
• fd4241f ♻️ Refactor the handling of shellingham (#1347)
• b400735 📝 Update release notes
• f0a432a 📝 Ensure that bold letters are rendered correctly in printing.md (#1365)
• f654f9d 📝 Update release notes
• Additional commits viewable in compare view

Updates pytest from 9.0.1 to 9.0.2

Release notes

Sourced from pytest's releases.

9.0.2

pytest 9.0.2 (2025-12-06)

Bug fixes

• #13896: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.

  You may enable it again by passing -p terminalprogress. We may enable it by default again once compatibility improves in the future.

  Additionally, when the environment variable TERM is dumb, the escape codes are no longer emitted, even if the plugin is enabled.

• #13904: Fixed the TOML type of the tmp_path_retention_count settings in the API reference from number to string.

• #13946: The private config.inicfg attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.

• #13965: Fixed quadratic-time behavior when handling unittest subtests in Python 3.10.

Improved documentation

• #4492: The API Reference now contains cross-reference-able documentation of pytest's command-line flags <command-line-flags>.

Commits

• 3d10b51 Prepare release version 9.0.2
• 188750b Merge pull request #14030 from pytest-dev/patchback/backports/9.0.x/1e4b01d1f...
• b7d7bef Merge pull request #14014 from bluetech/compat-note
• bd08e85 Merge pull request #14013 from pytest-dev/patchback/backports/9.0.x/922b60377...
• bc78386 Add CLI options reference documentation (#13930)
• 5a4e398 Fix docs typo (#14005) (#14008)
• d7ae6df Merge pull request #14006 from pytest-dev/maintenance/update-plugin-list-tmpl...
• 556f6a2 pre-commit: fix rst-lint after new release (#13999) (#14001)
• c60fbe6 Fix quadratic-time behavior when handling unittest subtests in Python 3.10 ...
• 73d9b01 Merge pull request #13995 from nicoddemus/patchback/backports/9.0.x/1b5200c0f...
• Additional commits viewable in compare view

Updates ruff from 0.14.7 to 0.14.10

Release notes

Sourced from ruff's releases.

0.14.10

Release Notes

Released on 2025-12-18.

Preview features

• [formatter] Fluent formatting of method chains (#21369)
• [formatter] Keep lambda parameters on one line and parenthesize the body if it expands (#21385)
• [flake8-implicit-str-concat] New rule to prevent implicit string concatenation in collections (ISC004) (#21972)
• [flake8-use-pathlib] Make fixes unsafe when types change in compound statements (PTH104, PTH105, PTH109, PTH115) (#22009)
• [refurb] Extend support for Path.open (FURB101, FURB103) (#21080)

Bug fixes

• [pyupgrade] Fix parsing named Unicode escape sequences (UP032) (#21901)

Rule changes

• [eradicate] Ignore ruff:disable and ruff:enable comments in ERA001 (#22038)
• [flake8-pytest-style] Allow match and check keyword arguments without an expected exception type (PT010) (#21964)
• [syntax-errors] Annotated name cannot be global (#20868)

Documentation

• Add uv and ty to the Ruff README (#21996)
• Document known lambda formatting deviations from Black (#21954)
• Update setup.md (#22024)
• [flake8-bandit] Fix broken link (S704) (#22039)

Other changes

• Fix playground Share button showing "Copied!" before clipboard copy completes (#21942)

Contributors

• @​dylwil3
• @​charliecloudberry
• @​charliermarsh
• @​chirizxc
• @​ntBre
• @​zanieb
• @​amyreese
• @​hauntsaninja
• @​11happy
• @​mahiro72
• @​MichaReiser
• @​phongddo
• @​PeterJCLaw

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.10

Released on 2025-12-18.

Preview features

• [formatter] Fluent formatting of method chains (#21369)
• [formatter] Keep lambda parameters on one line and parenthesize the body if it expands (#21385)
• [flake8-implicit-str-concat] New rule to prevent implicit string concatenation in collections (ISC004) (#21972)
• [flake8-use-pathlib] Make fixes unsafe when types change in compound statements (PTH104, PTH105, PTH109, PTH115) (#22009)
• [refurb] Extend support for Path.open (FURB101, FURB103) (#21080)

Bug fixes

• [pyupgrade] Fix parsing named Unicode escape sequences (UP032) (#21901)

Rule changes

• [eradicate] Ignore ruff:disable and ruff:enable comments in ERA001 (#22038)
• [flake8-pytest-style] Allow match and check keyword arguments without an expected exception type (PT010) (#21964)
• [syntax-errors] Annotated name cannot be global (#20868)

Documentation

• Add uv and ty to the Ruff README (#21996)
• Document known lambda formatting deviations from Black (#21954)
• Update setup.md (#22024)
• [flake8-bandit] Fix broken link (S704) (#22039)

Other changes

• Fix playground Share button showing "Copied!" before clipboard copy completes (#21942)

Contributors

• @​dylwil3
• @​charliecloudberry
• @​charliermarsh
• @​chirizxc
• @​ntBre
• @​zanieb
• @​amyreese
• @​hauntsaninja
• @​11happy
• @​mahiro72
• @​MichaReiser
• @​phongddo
• @​PeterJCLaw

0.14.9

... (truncated)

Commits

• 45bbb4c Bump 0.14.10 (#22058)
• 42b9727 [ty] Use datatest instead of dirtest (#21937)
• f7ec178 [ty] Gracefully handle client requests that can't be deserialized (#22051)
• c315164 [ty] Don't suggest keyword statements when only expressions are valid
• bb1955e [ty] Use cursor context in a few more places...
• 070e08a [ty] Move completion function to the top
• bab3924 [ty] Refactor completion generation
• 10748b2 [flake8-pytest-style] Allow match and check keyword arguments without a...
• 56539db [ty] Fix some configuration panics in the LSP (#22040)
• 8d32ad1 [ty] Add support for attribute docstrings (#22036)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions