Bump uvicorn from 0.38.0 to 0.40.0 #104

dependabot · 2025-12-22T19:19:19Z

Bumps uvicorn from 0.38.0 to 0.40.0.

Release notes

Version 0.40.0

What's Changed

Drop Python 3.9 by @Kludex in Kludex/uvicorn#2772

Full Changelog: Kludex/uvicorn@0.39.0...0.40.0

Version 0.39.0

What's Changed

explicitly start ASGI run with empty context by @pmeier in Kludex/uvicorn#2742

fix(websockets): Send close frame on ASGI return by @Kludex in Kludex/uvicorn#2769

New Contributors

@pmeier made their first contribution in Kludex/uvicorn#2742

Full Changelog: Kludex/uvicorn@0.38.0...0.39.0

Changelog

Sourced from uvicorn's changelog.

0.40.0 (December 21, 2025)

Remove

Drop support for Python 3.9 (#2772)

0.39.0 (December 21, 2025)

Fixed

Send close frame on ASGI return for WebSockets (#2769)

Explicitly start ASGI run with empty context (#2742)

Commits

9ff6004 Version 0.40.0 (#2773)
19df042 Drop Python 3.9 (#2772)
865ce7c Run strict mypy on test suite (#2771)
4f40b84 Version 0.39.0 (#2770)
5692dfc fix(websockets): Send close frame on ASGI return (#2769)
4194764 chore(deps): bump the github-actions group with 2 updates (#2763)
d94bf28 explicitly start ASGI run with empty context (#2742)
8ae0bcb chore(deps): bump the github-actions group with 2 updates (#2748)
4744ff9 Add groups configuration for GitHub Actions (#2747)
0391372 chore(deps): bump astral-sh/setup-uv from 6.8.0 to 7.1.2 (#2746)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

github-actions · 2025-12-22T19:19:29Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 3d26a2c.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package	Version	Score	Details
pip/uvicorn	0.40.0	Unknown	Unknown

Scanned Files

requirements.txt

Bumps [uvicorn](https://github.com/Kludex/uvicorn) from 0.38.0 to 0.40.0. - [Release notes](https://github.com/Kludex/uvicorn/releases) - [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md) - [Commits](Kludex/uvicorn@0.38.0...0.40.0) --- updated-dependencies: - dependency-name: uvicorn dependency-version: 0.40.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Dec 22, 2025