MESH-2092 Bump the dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the dependencies group with 5 updates in the / directory:

Package	From	To
cryptography	46.0.2	46.0.3
fastapi	0.118.3	0.120.4
uvicorn	0.37.0	0.38.0
pydantic	2.12.2	2.12.3
starlette	0.48.0	0.49.1

Updates cryptography from 46.0.2 to 46.0.3

Changelog

Sourced from cryptography's changelog.

46.0.3 - 2025-10-15

* Fixed compilation when using LibreSSL 4.2.0.
.. _v46-0-2:

Commits

• c0af4dd release 46.0.3 (#13681)
• See full diff in compare view

Updates fastapi from 0.118.3 to 0.120.4

Release notes

Sourced from fastapi's releases.

0.120.4

Fixes

• 🐛 Fix security schemes in OpenAPI when added at the top level app. PR #14266 by @​YuriiMotov.

0.120.3

Refactors

• ♻️ Reduce internal cyclic recursion in dependencies, from 2 functions calling each other to 1 calling itself. PR #14256 by @​tiangolo.
• ♻️ Refactor internals of dependencies, simplify code and remove get_param_sub_dependant. PR #14255 by @​tiangolo.
• ♻️ Refactor internals of dependencies, simplify using dataclasses. PR #14254 by @​tiangolo.

Docs

• 📝 Update note for untranslated pages. PR #14257 by @​YuriiMotov.

0.120.2

Fixes

• 🐛 Fix separation of schemas with nested models introduced in 0.119.0. PR #14246 by @​tiangolo.

Internal

• 🔧 Add sponsor: SerpApi. PR #14248 by @​tiangolo.
• ⬆ Bump actions/download-artifact from 5 to 6. PR #14236 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #14237 by @​pre-commit-ci[bot].
• ⬆ Bump actions/upload-artifact from 4 to 5. PR #14235 by @​dependabot[bot].

0.120.1

Upgrades

• ⬆️ Bump Starlette to <0.50.0. PR #14234 by @​YuriiMotov.

Internal

• 🔧 Add license and license-files to pyproject.toml, remove License from classifiers. PR #14230 by @​YuriiMotov.

0.120.0

There are no major nor breaking changes in this release. ☕️

The internal reference documentation now uses annotated_doc.Doc instead of typing_extensions.Doc, this adds a new (very small) dependency on annotated-doc, a package made just to provide that Doc documentation utility class.

I would expect typing_extensions.Doc to be deprecated and then removed at some point from typing_extensions, for that reason there's the new annotated-doc micro-package. If you are curious about this, you can read more in the repo for annotated-doc.

This new version 0.120.0 only contains that transition to the new home package for that utility class Doc.

Translations

• 🌐 Sync German docs. PR #14188 by @​nilslindemann.

... (truncated)

Commits

• fad35ef 🔖 Release version 0.120.4
• 4d57c13 📝 Update release notes
• 496de18 🐛 Fix security schemes in OpenAPI when added at the top level app (#14266)
• 2cf04ee 🔖 Release version 0.120.3
• ec00f5a 📝 Update release notes
• 8b46d88 📝 Update note for untranslated pages (#14257)
• 17fcbbe 📝 Update release notes
• dcfb8b9 ♻️ Reduce internal cyclic recursion in dependencies, from 2 functions calling...
• 1fc586c 📝 Update release notes
• bb88a0f ♻️ Refactor internals of dependencies, simplify code and remove `get_param_su...
• Additional commits viewable in compare view

Updates uvicorn from 0.37.0 to 0.38.0

Release notes

Sourced from uvicorn's releases.

Version 0.38.0

What's Changed

• Support Python 3.14 by @​Kludex in Kludex/uvicorn#2723

---

New Contributors

• @​NGANAMODEIJunior made their first contribution in Kludex/uvicorn#2713

Full Changelog: Kludex/uvicorn@0.37.0...0.38.0

Changelog

Sourced from uvicorn's changelog.

0.38.0 (October 18, 2025)

Added

• Support Python 3.14 (#2723)

Commits

• 3850ad6 Version 0.38.0 (#2733)
• 9b3f17a Support Python 3.14 (#2723)
• ce79f95 Revert "Add Marcelo Trylesinski to the license (#2699)" (#2730)
• dbf8797 docs: add social icons (#2728)
• 58f28be Add section about event loop (#2725)
• 93d9510 Bump docs dependencies (#2724)
• 9b1c6c4 Move Marcelo Trylesinski to maintainers in pyproject.toml (#2719)
• 57a61d8 Add discord to README (#2718)
• 7ef5f9f chore(deps): bump astral-sh/setup-uv from 6.7.0 to 6.8.0 (#2717)
• 6d26d88 Update pyproject.toml for PEP639 compliance (#2713)
• See full diff in compare view

Updates pydantic from 2.12.2 to 2.12.3

Release notes

Sourced from pydantic's releases.

v2.12.3 2025-10-17

v2.12.3 (2025-10-17)

What's Changed

This is the third 2.13 patch release, fixing issues related to the FieldInfo class, and reverting a change to the supported after model validator function signatures.

• Raise a warning when an invalid after model validator function signature is raised by @​Viicos in #12414. Starting in 2.12.0, using class methods for after model validators raised an error, but the error wasn't raised concistently. We decided to emit a deprecation warning instead.
• Add FieldInfo.asdict() method, improve documentation around FieldInfo by @​Viicos in #12411. This also adds back support for mutations on FieldInfo classes, that are reused as Annotated metadata. However, note that this is still not a supported pattern. Instead, please refer to the added example in the documentation.

The blog post section on changes was also updated to document the changes related to serialize_as_any.

Full Changelog: pydantic/pydantic@v2.12.2...v2.12.3

Changelog

Sourced from pydantic's changelog.

v2.12.3 (2025-10-17)

GitHub release

What's Changed

This is the third 2.12 patch release, fixing issues related to the FieldInfo class, and reverting a change to the supported after model validator function signatures.

• Raise a warning when an invalid after model validator function signature is raised by @​Viicos in #12414. Starting in 2.12.0, using class methods for after model validators raised an error, but the error wasn't raised concistently. We decided to emit a deprecation warning instead.
• Add FieldInfo.asdict() method, improve documentation around FieldInfo by @​Viicos in #12411. This also add back support for mutations on FieldInfo classes, that are reused as Annotated metadata. However, note that this is still not a supported pattern. Instead, please refer to the added example in the documentation.

The blog post section on changes was also updated to document the changes related to serialize_as_any.

Commits

• 1a8850d Prepare release 2.12.3
• 09dbcf2 Add FieldInfo.asdict() method, improve documentation around FieldInfo
• 5da4331 Improve documentation about serialize as any behavior
• 9c86324 Raise a warning when an invalid after model validator function signature is r...
• 36a73c6 Update pydantic-extra-types dependency to version >=2.10.6
• See full diff in compare view

Updates starlette from 0.48.0 to 0.49.1

Release notes

Sourced from starlette's releases.

Version 0.49.1

This release fixes a security vulnerability in the parsing logic of the Range header in FileResponse.

You can view the full security advisory: GHSA-7f5h-v6xp-fcq8

Fixed

• Optimize the HTTP ranges parsing logic 4ea6e22b489ec388d6004cfbca52dd5b147127c5

---

Full Changelog: Kludex/starlette@0.49.0...0.49.1

Version 0.49.0

Added

• Add encoding parameter to Config class #2996.
• Support multiple cookie headers in Request.cookies #3029.
• Use Literal type for WebSocketEndpoint encoding values #3027.

Changed

• Do not pollute exception context in Middleware when using BaseHTTPMiddleware #2976.

---

New Contributors

• @​TheWesDias made their first contribution in Kludex/starlette#3017
• @​gmos2104 made their first contribution in Kludex/starlette#3027
• @​secrett2633 made their first contribution in Kludex/starlette#2996
• @​adam-sikora made their first contribution in Kludex/starlette#2976

Full Changelog: Kludex/starlette@0.48.0...0.49.0

Changelog

Sourced from starlette's changelog.

0.49.1 (October 28, 2025)

This release fixes a security vulnerability in the parsing logic of the Range header in FileResponse.

You can view the full security advisory: GHSA-7f5h-v6xp-fcq8

Fixed

• Optimize the HTTP ranges parsing logic 4ea6e22b489ec388d6004cfbca52dd5b147127c5

0.49.0 (October 28, 2025)

Added

• Add encoding parameter to Config class #2996.
• Support multiple cookie headers in Request.cookies #3029.
• Use Literal type for WebSocketEndpoint encoding values #3027.

Changed

• Do not pollute exception context in Middleware when using BaseHTTPMiddleware #2976.

Commits

• 7e4b742 Version 0.49.1 (#3047)
• 4ea6e22 Merge commit from fork
• 7d88ea6 Version 0.49.0 (#3046)
• 26d66bb Do not pollute exception context in Middleware (#2976)
• a59397d Set encodings when reading config files (#2996)
• 3b7f0cb test: add test for unknown status (#3035)
• b09ce1a docs: fix legibility issues on sponsorship page (#3039)
• 0f0edcf Revert "Add Marcelo Trylesinski to the license (#3025)" (#3044)
• 3912d63 docs: add social icons (#3038)
• 4915a93 Add discord to README/docs (#3034)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.