Bump the python-packages group with 5 updates

[dependabot]

Bumps the python-packages group with 5 updates:

Package	From	To
fastapi	0.128.0	0.128.1
alembic	1.18.2	1.18.3
pyjwt	2.10.1	2.11.0
coverage	7.13.2	7.13.3
prek	0.3.0	0.3.1

Updates fastapi from 0.128.0 to 0.128.1

Release notes

Sourced from fastapi's releases.

0.128.1

Features

• ✨ Add viewport meta tag to improve Swagger UI on mobile devices. PR #14777 by @​Joab0.
• 🚸 Improve error message for invalid query parameter type annotations. PR #14479 by @​retwish.

Fixes

• 🐛 Update ValidationError schema to include input and ctx. PR #14791 by @​jonathan-fulton.
• 🐛 Fix TYPE_CHECKING annotations for Python 3.14 (PEP 649). PR #14789 by @​mgu.
• 🐛 Strip whitespaces from Authorization header credentials. PR #14786 by @​WaveTheory1.
• 🐛 Fix OpenAPI duplication of anyOf refs for app-level responses with specified content and model as Union. PR #14463 by @​DJMcoder.

Refactors

• 🎨 Tweak types for mypy. PR #14816 by @​tiangolo.
• 🏷️ Re-export IncEx type from Pydantic instead of duplicating it. PR #14641 by @​mvanderlee.
• 💡 Update comment for Pydantic internals. PR #14814 by @​tiangolo.

Docs

• 📝 Update docs for contributing translations, simplify title. PR #14817 by @​tiangolo.
• 📝 Fix typing issue in docs_src/app_testing/app_b code example. PR #14573 by @​timakaa.
• 📝 Fix example of license identifier in documentation. PR #14492 by @​johnson-earls.
• 📝 Add banner to translated pages. PR #14809 by @​YuriiMotov.
• 📝 Add links to related sections of docs to docstrings. PR #14776 by @​YuriiMotov.
• 📝 Update embedded code examples to Python 3.10 syntax. PR #14758 by @​YuriiMotov.
• 📝 Fix dependency installation command in docs/en/docs/contributing.md. PR #14757 by @​YuriiMotov.
• 📝 Use return type annotation instead of response_model when possible. PR #14753 by @​YuriiMotov.
• 📝 Use WSGIMiddleware from a2wsgi instead of deprecated fastapi.middleware.wsgi.WSGIMiddleware. PR #14756 by @​YuriiMotov.
• 📝 Fix minor typos in release notes. PR #14780 by @​whyvineet.
• 🐛 Fix copy button in custom.js. PR #14722 by @​fcharrier.
• 📝 Add contribution instructions about LLM generated code and comments and automated tools for PRs. PR #14706 by @​tiangolo.
• 📝 Update docs for management tasks. PR #14705 by @​tiangolo.
• 📝 Update docs about managing translations. PR #14704 by @​tiangolo.
• 📝 Update docs for contributing with translations. PR #14701 by @​tiangolo.
• 📝 Specify language code for code block. PR #14656 by @​YuriiMotov.

Translations

• 🌐 Improve LLM prompt of uk documentation. PR #14795 by @​roli2py.
• 🌐 Update translations for ja (update-outdated). PR #14588 by @​tiangolo.
• 🌐 Update translations for uk (update outdated, found by fixer tool). PR #14739 by @​YuriiMotov.
• 🌐 Update translations for tr (update-outdated). PR #14745 by @​tiangolo.
• 🌐 Update llm-prompt.md for Korean language. PR #14763 by @​seuthootDev.
• 🌐 Update translations for ko (update outdated, found by fixer tool). PR #14738 by @​YuriiMotov.
• 🌐 Update translations for de (update-outdated). PR #14690 by @​tiangolo.
• 🌐 Update LLM prompt for Russian translations. PR #14733 by @​YuriiMotov.
• 🌐 Update translations for ru (update-outdated). PR #14693 by @​tiangolo.
• 🌐 Update translations for pt (update-outdated). PR #14724 by @​tiangolo.

... (truncated)

Commits

• 1de0de5 🔖 Release version 0.128.1
• 734c95b 📝 Update release notes
• 84a5bcf ⬇️ Downgrade LLM translations model to GPT-5 to reduce mistakes (#14823)
• 0e06400 📝 Update release notes
• ad29e44 🌐 Improve LLM prompt of uk documentation (#14795)
• 71ceac2 📝 Update release notes
• b0e99d6 🌐 Update translations for ja (update-outdated) (#14588)
• cec4be0 📝 Update release notes
• aea6137 🐛 Fix translation script commit in place (#14818)
• fe5b617 📝 Update release notes
• Additional commits viewable in compare view

Updates alembic from 1.18.2 to 1.18.3

Release notes

Sourced from alembic's releases.

1.18.3

Released: January 29, 2026

bug

• [bug] [autogenerate] Fixed regression in version 1.18.0 due to #1771 where autogenerate would raise NoReferencedTableError when a foreign key constraint referenced a table that was not part of the initial table load, including tables filtered out by the EnvironmentContext.configure.include_name callable or tables in remote schemas that were not included in the initial reflection run.

  The change in #1771 was a performance optimization that eliminated additional reflection queries for tables that were only referenced by foreign keys but not explicitly included in the main reflection run. However, this optimization inadvertently removed the creation of Table objects for these referenced tables, causing autogenerate to fail when processing foreign key constraints that pointed to them.

  The fix creates placeholder Table objects for foreign key targets that are not reflected, allowing the autogenerate comparison to proceed without error while maintaining the performance improvement from #1771. When multiple foreign keys reference different columns in the same filtered table, the placeholder table accumulates all necessary columns. These placeholder tables may be visible when using the EnvironmentContext.configure.include_object callable to inspect ForeignKeyConstraint objects; they will have the name, schema and basic column information for the relevant columns present.

  References: #1787

• [bug] [general] Fixed regression caused by #1669 which requires SQLAlchemy objects to support generic type subscripting; for the older SQLAlchemy 1.4 series, this requires version 1.4.23. Changed the minimum requirements to require version 1.4.23 rather than 1.4.0.

  References: #1788

Commits

• See full diff in compare view

Updates pyjwt from 2.10.1 to 2.11.0

Release notes

Sourced from pyjwt's releases.

2.11.0

What's Changed

• Fixed type error in comment by @​shuhaib-aot in jpadilla/pyjwt#1026
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1018
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1033
• Make note of use of leeway with nbf by @​djw8605 in jpadilla/pyjwt#1034
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1035
• Fixes #964: Validate key against allowed types for Algorithm family by @​pachewise in jpadilla/pyjwt#985
• Feat #1024: Add iterator for PyJWKSet by @​pachewise in jpadilla/pyjwt#1041
• Fixes #1039: Add iss, issuer type checks by @​pachewise in jpadilla/pyjwt#1040
• Fixes #660: Improve typing/logic for options in decode, decode_complete; Improve docs by @​pachewise in jpadilla/pyjwt#1045
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1042
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1052
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1053
• Fix #1022: Map algorithm=None to "none" by @​qqii in jpadilla/pyjwt#1056
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1055
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1058
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1060
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1061
• Fixes #1047: Correct PyJWKClient.get_signing_key_from_jwt annotation by @​khvn26 in jpadilla/pyjwt#1048
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1062
• Fixed doc string typo in _validate_jti() function #1063 by @​kuldeepkhatke in jpadilla/pyjwt#1064
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1065
• Update SECURITY.md by @​auvipy in jpadilla/pyjwt#1057
• Typing fix: use float instead of int for lifespan and timeout by @​nikitagashkov in jpadilla/pyjwt#1068
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1067
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1071
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1076
• Fix TYP header documentation by @​fobiasmog in jpadilla/pyjwt#1046
• doc: Document claims sub and jti by @​cleder in jpadilla/pyjwt#1088
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1077
• Bump actions/setup-python from 5 to 6 by @​dependabot[bot] in jpadilla/pyjwt#1089
• Bump actions/stale from 8 to 10 by @​dependabot[bot] in jpadilla/pyjwt#1090
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in jpadilla/pyjwt#1083
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1091
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1093
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1096
• Resolve package build warnings by @​kurtmckee in jpadilla/pyjwt#1105
• Support Python 3.14, and test against PyPy 3.10+ by @​kurtmckee in jpadilla/pyjwt#1104
• Fix a SyntaxWarning caused by invalid escape sequences by @​kurtmckee in jpadilla/pyjwt#1103
• Standardize CHANGELOG links to PRs by @​kurtmckee in jpadilla/pyjwt#1110
• Migrate from pep517, which is deprecated, to build by @​kurtmckee in jpadilla/pyjwt#1108
• Fix incorrectly-named test suite function by @​kurtmckee in jpadilla/pyjwt#1116
• Fix Read the Docs builds by @​kurtmckee in jpadilla/pyjwt#1111
• Bump actions/download-artifact from 4 to 6 by @​dependabot[bot] in jpadilla/pyjwt#1118
• Escalate test suite warnings to errors by @​kurtmckee in jpadilla/pyjwt#1107
• Add pyupgrade as a pre-commit hook by @​kurtmckee in jpadilla/pyjwt#1109
• Simplify the test suite decorators by @​kurtmckee in jpadilla/pyjwt#1113
• Improve coverage config and eliminate unused test suite code by @​kurtmckee in jpadilla/pyjwt#1115
• Build a shared wheel once in the test suite by @​kurtmckee in jpadilla/pyjwt#1114

... (truncated)

Changelog

Sourced from pyjwt's changelog.

v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0>__

Fixed

- Enforce ECDSA curve validation per RFC 7518 Section 3.4.
- Fix build system warnings by @kurtmckee in `[#1105](https://github.com/jpadilla/pyjwt/issues/1105) <https://github.com/jpadilla/pyjwt/pull/1105>`__
- Validate key against allowed types for Algorithm family in `[#964](https://github.com/jpadilla/pyjwt/issues/964) <https://github.com/jpadilla/pyjwt/pull/964>`__
- Add iterator for JWKSet in `[#1041](https://github.com/jpadilla/pyjwt/issues/1041) <https://github.com/jpadilla/pyjwt/pull/1041>`__
- Validate `iss` claim is a string during encoding and decoding by @pachewise in `[#1040](https://github.com/jpadilla/pyjwt/issues/1040) <https://github.com/jpadilla/pyjwt/pull/1040>`__
- Improve typing/logic for `options` in decode, decode_complete by @pachewise in `[#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045>`__
- Declare float supported type for lifespan and timeout by @nikitagashkov in `[#1068](https://github.com/jpadilla/pyjwt/issues/1068) <https://github.com/jpadilla/pyjwt/pull/1068>`__
- Fix ``SyntaxWarning``\s/``DeprecationWarning``\s caused by invalid escape sequences by @kurtmckee in `[#1103](https://github.com/jpadilla/pyjwt/issues/1103) <https://github.com/jpadilla/pyjwt/pull/1103>`__
- Development: Build a shared wheel once to speed up test suite setup times by @kurtmckee in `[#1114](https://github.com/jpadilla/pyjwt/issues/1114) <https://github.com/jpadilla/pyjwt/pull/1114>`__
- Development: Test type annotations across all supported Python versions,
  increase the strictness of the type checking, and remove the mypy pre-commit hook
  by @kurtmckee in `[#1112](https://github.com/jpadilla/pyjwt/issues/1112) <https://github.com/jpadilla/pyjwt/pull/1112>`__
Added

• Support Python 3.14, and test against PyPy 3.10 and 3.11 by @​kurtmckee in [#1104](https://github.com/jpadilla/pyjwt/issues/1104) <https://github.com/jpadilla/pyjwt/pull/1104>__
• Development: Migrate to build to test package building in CI by @​kurtmckee in [#1108](https://github.com/jpadilla/pyjwt/issues/1108) <https://github.com/jpadilla/pyjwt/pull/1108>__
• Development: Improve coverage config and eliminate unused test suite code by @​kurtmckee in [#1115](https://github.com/jpadilla/pyjwt/issues/1115) <https://github.com/jpadilla/pyjwt/pull/1115>__
• Docs: Standardize CHANGELOG links to PRs by @​kurtmckee in [#1110](https://github.com/jpadilla/pyjwt/issues/1110) <https://github.com/jpadilla/pyjwt/pull/1110>__
• Docs: Fix Read the Docs builds by @​kurtmckee in [#1111](https://github.com/jpadilla/pyjwt/issues/1111) <https://github.com/jpadilla/pyjwt/pull/1111>__
• Docs: Add example of using leeway with nbf by @​djw8605 in [#1034](https://github.com/jpadilla/pyjwt/issues/1034) <https://github.com/jpadilla/pyjwt/pull/1034>__
• Docs: Refactored docs with autodoc; added PyJWS and jwt.algorithms docs by @​pachewise in [#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045>__
• Docs: Documentation improvements for "sub" and "jti" claims by @​cleder in [#1088](https://github.com/jpadilla/pyjwt/issues/1088) <https://github.com/jpadilla/pyjwt/pull/1088>__
• Development: Add pyupgrade as a pre-commit hook by @​kurtmckee in [#1109](https://github.com/jpadilla/pyjwt/issues/1109) <https://github.com/jpadilla/pyjwt/pull/1109>__
• Add minimum key length validation for HMAC and RSA keys (CWE-326). Warns by default via InsecureKeyLengthWarning when keys are below minimum recommended lengths per RFC 7518 Section 3.2 (HMAC) and NIST SP 800-131A (RSA). Pass enforce_minimum_key_length=True in options to PyJWT or PyJWS to raise InvalidKeyError instead.
• Refactor PyJWT to own an internal PyJWS instance instead of calling global api_jws functions.

Commits

• 697344d bump up version
• e4d0aec fix: pre-commit
• df9a6a0 fix: failing test
• 2b2e53c fix: docs
• 635c8d8 fix: failing mypy
• 96ae356 feat: add minimum key length validation for HMAC and RSA
• 5b86227 fix: enforce ECDSA curve validation per RFC 7518 Section 3.4
• 04947d7 Bump actions/download-artifact from 6 to 7 (#1125)
• dd44834 Fix leeway value in usage documentation (#1124)
• 407f0bd Thoroughly test type annotations, and resolve errors (#1112)
• Additional commits viewable in compare view

Updates coverage from 7.13.2 to 7.13.3

Changelog

Sourced from coverage's changelog.

Version 7.13.3 — 2026-02-03

• Fix: in some situations, third-party code was measured when it shouldn't have been, slowing down test execution. This happened with layered virtual environments such as uv sometimes makes. The problem is fixed, closing issue 2082_. Now any directory on sys.path that is inside a virtualenv is considered third-party code.

.. _issue 2082: coveragepy/coveragepy#2082

.. _changes_7-13-2:

Commits

• 6bf962f docs: sample HTML for 7.13.3
• 9f2e54c docs: prep for 7.13.3
• 6208c42 fix: find third-party packages in more locations. #2082
• edb5016 refactor: make dataclass imports uniform
• b05826a chore: bump actions/setup-python in the action-dependencies group (#2126)
• b519e17 refactor: no need for ox_profile connection
• 775f1cb build: remove pudb, I can install it if I need it
• 0ccb1fe chore: make upgrade
• e9e2a0e chore: bump actions/checkout in the action-dependencies group (#2122)
• 77e1a04 chore: make upgrade
• Additional commits viewable in compare view

Updates prek from 0.3.0 to 0.3.1

Release notes

Sourced from prek's releases.

0.3.1

Release Notes

Released on 2026-01-31.

Enhancements

• Add language: swift support (#1463)
• Add language: haskell support (#1484)
• Extract go version constraint from go.mod (#1457)
• Warn when config file exists but fails to parse (#1487)
• Add GitHub artifact attestations to release and build-docker workflow (#1494, #1497)
• Allow GIT_CONFIG_PARAMETERS for private repository authentication (#1472)
• Show progress bar when running builtin hooks (#1504)

Bug fixes

• Cap ARG_MAX at 1<<19 for safety (#1506)
• Don't check Python executable path in health check (#1496)

Documentation

• Include CocoIndex as a project using prek (#1477)
• Add commands for artifact verification using GitHub Attestations (#1500)

Contributors

• @​halms
• @​Haleshot
• @​simono
• @​tisonkun
• @​fllesser
• @​j178
• @​shaanmajid

Install prek 0.3.1

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/j178/prek/releases/download/v0.3.1/prek-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/j178/prek/releases/download/v0.3.1/prek-installer.ps1 | iex"

Install prebuilt binaries via Homebrew

... (truncated)

Changelog

Sourced from prek's changelog.

0.3.1

Released on 2026-01-31.

Enhancements

• Add language: swift support (#1463)
• Add language: haskell support (#1484)
• Extract go version constraint from go.mod (#1457)
• Warn when config file exists but fails to parse (#1487)
• Add GitHub artifact attestations to release and build-docker workflow (#1494, #1497)
• Allow GIT_CONFIG_PARAMETERS for private repository authentication (#1472)
• Show progress bar when running builtin hooks (#1504)

Bug fixes

• Cap ARG_MAX at 1<<19 for safety (#1506)
• Don't check Python executable path in health check (#1496)

Documentation

• Include CocoIndex as a project using prek (#1477)
• Add commands for artifact verification using GitHub Attestations (#1500)

Contributors

• @​halms
• @​Haleshot
• @​simono
• @​tisonkun
• @​fllesser
• @​j178
• @​shaanmajid

Commits

• bc142a2 Fix permission for docker attestation (#1511)
• 41a26c1 Bump version to 0.3.1 (#1510)
• d12e0be Support haskell language (#1484)
• f3d26b6 Run each language tests in a separate job (#1508)
• b1dcb30 Skip version_info test if not built in git repository (#1507)
• 14726d8 Cap ARG_MAX at 1<<19 for safety (#1506)
• 1000d9b Add a note about the .pre-commit-config.yaml file name for new users (#1505)
• 09f1a99 docs(installation): miscellaneous cleanup (#1502)
• d342579 Show progress bar when running builtin hooks (#1504)
• 7e1a497 docs: add commands for artifact verification using GitHub Attestations (#1500)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Coverage Report •

File	Stmts	Miss	Cover	Missing
TOTAL	5311	614	88%

report-only-changed-files is enabled. No files were changed during this commit :)