build(deps): bump the privacy-shield-python group across 1 directory with 5 updates

[dependabot]

Updates the requirements on fastapi, httpx, uvicorn, cachetools and websockets to permit the latest version.
Updates fastapi to 0.136.3

Release notes

Sourced from fastapi's releases.

0.136.3

Refactors

• ♻️ Do not accept underscore headers when using convert_underscores=True (the default). PR #15589 by @​tiangolo.

Commits

• 8206485 🔖 Release version 0.136.3
• c910e01 📝 Update release notes
• 063b5bf ♻️ Do not accept underscore headers when using convert_underscores=True (th...
• 22b02e2 🔖 Release version 0.136.2
• 3b252a2 📝 Update release notes
• c7fb785 ♻️ Validate Server Sent Event fields to avoid applications from sending broke...
• cb83b83 📝 Update release notes
• 00f805c ✅ Update tests, don't double dispose the engine (#15587)
• 3675137 📝 Update release notes
• 7b57e42 📝 Document --entrypoint CLI option (#15464)
• Additional commits viewable in compare view

Updates httpx to 0.28.1

Release notes

Sourced from httpx's releases.

Version 0.28.1

0.28.1 (6th December, 2024)

• Fix SSL case where verify=False together with client side certificates.

Changelog

Sourced from httpx's changelog.

0.28.1 (6th December, 2024)

• Fix SSL case where verify=False together with client side certificates.

0.28.0 (28th November, 2024)

Be aware that the default JSON request bodies now use a more compact representation. This is generally considered a prefered style, tho may require updates to test suites.

The 0.28 release includes a limited set of deprecations...

Deprecations:

We are working towards a simplified SSL configuration API.

For users of the standard verify=True or verify=False cases, or verify=<ssl_context> case this should require no changes. The following cases have been deprecated...

• The verify argument as a string argument is now deprecated and will raise warnings.
• The cert argument is now deprecated and will raise warnings.

Our revised SSL documentation covers how to implement the same behaviour with a more constrained API.

The following changes are also included:

• The deprecated proxies argument has now been removed.
• The deprecated app argument has now been removed.
• JSON request bodies use a compact representation. (#3363)
• Review URL percent escape sets, based on WHATWG spec. (#3371, #3373)
• Ensure certifi and httpcore are only imported if required. (#3377)
• Treat socks5h as a valid proxy scheme. (#3178)
• Cleanup Request() method signature in line with client.request() and httpx.request(). (#3378)
• Bugfix: When passing params={}, always strictly update rather than merge with an existing querystring. (#3364)

0.27.2 (27th August, 2024)

Fixed

• Reintroduced supposedly-private URLTypes shortcut. (#2673)

0.27.1 (27th August, 2024)

Added

• Support for zstd content decoding using the python zstandard package is added. Installable using httpx[zstd]. (#3139)

Fixed

• Improved error messaging for InvalidURL exceptions. (#3250)
• Fix app type signature in ASGITransport. (#3109)

0.27.0 (21st February, 2024)

... (truncated)

Commits

• 26d48e0 Version 0.28.1 (#3445)
• 89599a9 Fix verify=False, cert=... case. (#3442)
• 8ecb86f Add test for request params behavior changes (#3364) (#3440)
• 0cb7e5a Bump the python-packages group with 11 updates (#3434)
• 15e21e9 Updating deprecated docstring Client() class (#3426)
• 80960fa Version 0.28.0. (#3419)
• a33c878 Fix extensions type annotation. (#3380)
• ce7e14d Error on verify as str. (#3418)
• 47f4a96 Handle empty zstd responses (#3412)
• 189fc4b Update CHANGELOG.md, fix typo(s) (#3406)
• Additional commits viewable in compare view

Updates uvicorn to 0.49.0

Release notes

Sourced from uvicorn's releases.

Version 0.49.0

What's Changed

• Bump httptools minimum version to 0.8.0 by @​Kludex in Kludex/uvicorn#2962
• Consume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) by @​Kludex in Kludex/uvicorn#2971

Full Changelog: Kludex/uvicorn@0.48.0...0.49.0

Changelog

Sourced from uvicorn's changelog.

0.49.0 (June 3, 2026)

Changed

• Bump httptools minimum version to 0.8.0 (#2962)
• Consume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) (#2971)

0.48.0 (May 24, 2026)

Changed

• Default ssl_ciphers to None and use OpenSSL defaults (#2940)

Fixed

• Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)

0.47.0 (May 14, 2026)

Added

• Add ssl_context_factory for custom SSLContext configuration (#2920)

Changed

• Eagerly import the ASGI app in the parent process (#2919)

Fixed

• Treat fd=0 as a valid file descriptor with reload/workers (#2927)

0.46.0 (April 23, 2026)

Added

• Support ws_max_size in wsproto implementation (#2915)
• Support ws_ping_interval and ws_ping_timeout in wsproto implementation (#2916)

Changed

• Use bytearray for incoming WebSocket message buffer in websockets-sansio (#2917)

0.45.0 (April 21, 2026)

Added

• Add --reset-contextvars flag to isolate ASGI request context (#2912)
• Accept os.PathLike for log_config (#2905)
• Accept log_level strings case-insensitively (#2907)

... (truncated)

Commits

• 3ef2e3e Version 0.49.0 (#2973)
• eeb64b1 Consume duplicate forwarding headers in ProxyHeadersMiddleware (#2971)
• 630f4ac Make the watchfiles reload tests deterministic (#2972)
• 9154922 chore(deps): bump the github-actions group across 1 directory with 6 updates ...
• 739727a Migrate docs deploy from Cloudflare Pages to Workers (#2967)
• be4a240 Gate docs preview deploy on Cloudflare token presence (#2966)
• c489d7e Bump httptools minimum version to 0.8.0 (#2962)
• 9f547bd Skip docs preview deploy for Dependabot PRs (#2961)
• 44446b8 Migrate documentation from MkDocs Material to Zensical (#2959)
• cfd659c Bump pymdown-extensions to 10.21.3 (#2958)
• Additional commits viewable in compare view

Updates cachetools to 7.1.4

Changelog

Sourced from cachetools's changelog.

v7.1.4 (2026-05-22)

• Minor unit test improvements.

• Update build environment.

v7.1.3 (2026-05-18)

• Minor type stub improvements.

• Update build environment.

v7.1.2 (2026-05-16)

• Minor type stub improvements.

• Minor documentation improvements.

• Modernize build environment.

v7.1.1 (2026-05-03)

• Various type stub improvements.

v7.1.0 (2026-05-01)

• Add type stubs based on the work of the good people at typeshed <https://github.com/python/typeshed/tree/main/stubs/cachetools/>__.

• Update unit tests.

v7.0.6 (2026-04-20)

• Minor code improvements.

• Update project URLs.

• Update CI environment.

... (truncated)

Commits

• 48284d7 Release v7.1.4.
• 55ea96b Update build environment.
• c5439fe Add threading tests for lock-only decorators.
• 91828fc Run threading tests unconditionally with timeout.
• 16952ed Release v7.1.3.
• 92dd756 Prepare v7.1.3.
• ced08f5 Improve cachetools.func type stubs.
• d809d7b Update build environment.
• c84b5e5 Release v7.1.2.
• 39ad61c Prepare v7.1.2.
• Additional commits viewable in compare view

Updates websockets to 16.0

Release notes

Sourced from websockets's releases.

16.0

See https://websockets.readthedocs.io/en/stable/project/changelog.html for details.

Commits

• d4303a5 Release version 16.0.
• 851bcd7 Bump pypa/cibuildwheel from 3.3.0 to 3.3.1
• 740c8d3 Temporarily remove the trio implementation.
• 92ea055 Add missing changelog entry.
• ba74244 Document bug fix.
• 9410483 Pin sphinx to avoid error in sphinxcontrib-trio.
• 8e4d408 Document asyncio's TLS read buffer.
• cb3500b Stop referring to the asyncio implementation as new.
• 6563a9c The threading implementation supports max_queue.
• 9f17e92 Clarify that protocol_mutex protects pending_pings.
• Additional commits viewable in compare view

[Lightheartdevs]

Codex grouped dependency audit: work on more before merging.

Checks are green, but this Privacy Shield batch is runtime-sensitive: FastAPI, HTTPX, Uvicorn, cachetools, and websockets all move materially. Privacy Shield handles proxy/privacy behavior, so please run focused tests for startup, middleware, redaction, HTTP proxy calls, websocket/SSE paths if applicable, and shutdown/lifespan before merging.