Bump the backend-python-runtime group in /backend with 6 updates

[dependabot]

Bumps the backend-python-runtime group in /backend with 6 updates:

Package	From	To
fastapi	0.138.0	0.138.1
sqlmodel	0.0.38	0.0.39
anyio	4.14.0	4.14.1
click	8.4.1	8.4.2
coverage	7.14.2	7.14.3
greenlet	3.5.2	3.5.3

Updates fastapi from 0.138.0 to 0.138.1

Release notes

Sourced from fastapi's releases.

0.138.1

Refactors

• ♻️ Refactor Library Skills, make info easier to find for agents. PR #15841 by @​tiangolo.

Internal

• 👷 Simplify pull request workflow triggers. PR #15836 by @​tiangolo.
• 👷 Update issue-manager to 0.7.1. PR #15833 by @​tiangolo.
• ⬆️ Update issue-manager to 0.7.0. PR #15831 by @​tiangolo.
• 🔧 Update sponsors: Add TestMu again. PR #15830 by @​tiangolo.
• 🔒️ Update zizmor workflow security checks. PR #15820 by @​tiangolo.
• ⬆ Bump pydantic-settings from 2.14.1 to 2.14.2. PR #15799 by @​dependabot[bot].

Commits

• b90c49a 🔖 Release version 0.138.1 (#15842)
• 1f2f3df 📝 Update release notes
• 0af003a ♻️ Refactor Library Skills, make info easier to find for agents (#15841)
• d5494c1 📝 Update release notes
• 82c527e 👷 Simplify pull request workflow triggers (#15836)
• 3f28dbe 📝 Update release notes
• f6ea6b1 👷 Update issue-manager to 0.7.1 (#15833)
• 219ac63 📝 Update release notes
• fcc8e1f ⬆️ Update issue-manager to 0.7.0 (#15831)
• 457f4c7 📝 Update release notes
• Additional commits viewable in compare view

Updates sqlmodel from 0.0.38 to 0.0.39

Changelog

Sourced from sqlmodel's changelog.

0.0.39 (2026-06-25)

Features

• ✨ Add SQLModel Agent Library Skill, install with uvx library-skills. PR #2017 by @​tiangolo.

Fixes

• 🐛 Fix type of __sqlmodel_relationships__. PR #1996 by @​svlandeg.

Docs

• 📝 Update docs badges: remove Publish badge, it doesn't give extra information. PR #2009 by @​tiangolo.
• 📝 Update and simplify docs about help and management. PR #1978 by @​tiangolo.
• 📝 Update docs about contributing, reference central docs. PR #1975 by @​tiangolo.
• 📝 Update security policy. PR #1973 by @​tiangolo.
• 📝 Update link syntax to minimal Markdown. PR #1800 by @​tiangolo.
• 📝 Update admonitions, simplify and use defaults. PR #1915 by @​tiangolo.
• 🔒️ Only allow team members to modify dependencies. PR #1914 by @​svlandeg.

Internal

• 👷 Simplify pull request workflow triggers. PR #2016 by @​tiangolo.
• 👷 Update issue-manager to 0.7.1. PR #2015 by @​tiangolo.
• ⬆️ Update issue-manager to 0.7.0. PR #2014 by @​tiangolo.
• 🔒️ Update zizmor workflow security checks. PR #2010 by @​tiangolo.
• 👷 Fix alls-green test dependency. PR #2008 by @​tiangolo.
• ⬆ Bump the python-packages group with 5 updates. PR #2006 by @​dependabot[bot].
• ⬆ Bump https://github.com/crate-ci/typos from v1.47.1 to v1.47.2 in the pre-commit group. PR #2005 by @​dependabot[bot].
• ⬆ Bump astral-sh/setup-uv from 8.1.0 to 8.2.0 in the github-actions group. PR #2004 by @​dependabot[bot].
• ⬆ Bump the python-packages group with 3 updates. PR #2000 by @​dependabot[bot].
• ⬆ Bump https://github.com/crate-ci/typos from v1.46.0 to v1.47.1 in the pre-commit group. PR #1999 by @​dependabot[bot].
• ⬆ Bump the github-actions group with 2 updates. PR #1998 by @​dependabot[bot].
• ⬆ Bump sqlalchemy from 2.0.49 to 2.0.50. PR #1992 by @​dependabot[bot].
• ⬆ Bump the python-packages group across 1 directory with 9 updates. PR #1995 by @​dependabot[bot].
• ⬆ Bump eps1lon/actions-label-merge-conflict from 3.0.3 to 3.1.0 in the github-actions group. PR #1993 by @​dependabot[bot].
• ⬆️ Bump Pydantic to 2.13.4. PR #1985 by @​YuriiMotov.
• 👷 Automate release preparation. PR #1988 by @​tiangolo.
• 🔥 Remove old package stub slim, not used nor needed. PR #1987 by @​tiangolo.
• ⬆ Bump the github-actions group with 2 updates. PR #1983 by @​dependabot[bot].
• 👷 Configure Dependabot to group updates and update weekly. PR #1972 by @​YuriiMotov.
• 🔥 Remove config files now in central GitHub repo. PR #1979 by @​tiangolo.
• ⬆ Bump zizmorcore/zizmor-action from 0.5.3 to 0.5.5. PR #1974 by @​dependabot[bot].
• 👷 Fix branch name in guard-dependencies.yml. PR #1916 by @​svlandeg.
• ♻️ Migrate docs to Zensical. PR #1913 by @​tiangolo.
• ⬆ Bump ruff from 0.15.12 to 0.15.13. PR #1910 by @​dependabot[bot].
• 🔒️ Add zizmor and fix audit findings. PR #1871 by @​YuriiMotov.
• ⬆ Bump ty from 0.0.34 to 0.0.35. PR #1904 by @​dependabot[bot].
• ⬆ Bump actions/add-to-project from 1.0.2 to 2.0.0. PR #1900 by @​dependabot[bot].
• ⬆ Bump actions/labeler from 6.0.1 to 6.1.0. PR #1902 by @​dependabot[bot].

... (truncated)

Commits

• 8c684aa Release version 0.0.39 (#2018)
• aea0093 📝 Update release notes
• 8c47440 ✨ Add SQLModel Agent Library Skill, install with uvx library-skills (#2017)
• 558ab39 📝 Update release notes
• 08d0b98 👷 Simplify pull request workflow triggers (#2016)
• c18a765 📝 Update release notes
• 66ebd45 👷 Update issue-manager to 0.7.1 (#2015)
• 91df863 📝 Update release notes
• 10049e3 ⬆️ Update issue-manager to 0.7.0 (#2014)
• 0f0d5ad 📝 Update release notes
• Additional commits viewable in compare view

Updates anyio from 4.14.0 to 4.14.1

Release notes

Sourced from anyio's releases.

4.14.1

• Fixed teardown of higher-scoped async fixtures failing on asyncio with RuntimeError: Attempted to exit cancel scope in a different task than it was entered in when an async test raise an outcome exception (e.g., pytest.skip(), pytest.xfail(), or pytest.fail()) (#1179; PR by @​EmmanuelNiyonshuti)
• Fixed CapacityLimiter.total_tokens rejecting a value of 0 when the limiter was instantiated outside of an event loop, contradicting the documented behavior of allowing 0 total tokens (#1183; PR by @​nyxst4ck)

Commits

• 149b9e9 Bumped up the version
• 377518c Bump actions/checkout from 6 to 7 in the github-actions group (#1186)
• b42a2f5 [pre-commit.ci] pre-commit autoupdate (#1185)
• 3ceb6ff Allow 0 tokens in a CapacityLimiter instantiated outside an event loop (#1183)
• e10d1db Add missing await to open_file() in file I/O concurrency example (#1182)
• 1dbc3b6 OutcomeException should not discard test runner_task (#1180)
• See full diff in compare view

Updates click from 8.4.1 to 8.4.2

Release notes

Sourced from click's releases.

8.4.2

This is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.4.2/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-2 Milestone: https://github.com/pallets/click/milestone/34

• Fix Fish shell completion broken in 8.4.0 by #3126. Newlines and tabs in option help text are now escaped, keeping the original completion format while still supporting multi-line help. #3502 #3043 #3504 #3508
• Deprecated commands and options with empty or missing help text no longer render a stray leading space before the (DEPRECATED) label. #3509
• A {class}Group with invoke_without_command=True marks its subcommand as optional in the usage help, showing [COMMAND] instead of COMMAND. #3059 #3507
• echo_via_pager flushes after each write, so passing a generator streams output to the pager incrementally instead of staying hidden until the pipe buffer fills. #3242 #2542 #3534
• echo_via_pager and get_pager_file no longer close a borrowed stdout stream when no external pager runs, completing the partial I/O operation on closed file fix from #3482. #3449 #3533
• Fix CLI usage symopsis for optional arguments producing double square brackets [[a|b|c]]... whose type already brackets their metavar. #3578
• {func}version_option resolves a package_name that does not match an installed distribution as an import (top-level module) name via {func}importlib.metadata.packages_distributions. Packages whose top-level module name differs from their distribution name (PIL vs Pillow, jwt vs PyJWT) no longer raise RuntimeError out of the box. #2331 #1884 #3125 #3582

Changelog

Sourced from click's changelog.

Version 8.4.2

Unreleased

• Fix Fish shell completion broken in 8.4.0 by {pr}3126. Newlines and tabs in option help text are now escaped, keeping the original completion format while still supporting multi-line help. {issue}3502 {issue}3043 {pr}3504 {pr}3508
• Deprecated commands and options with empty or missing help text no longer render a stray leading space before the (DEPRECATED) label. {pr}3509
• A {class}Group with invoke_without_command=True marks its subcommand as optional in the usage help, showing [COMMAND] instead of COMMAND. {issue}3059 {pr}3507
• echo_via_pager flushes after each write, so passing a generator streams output to the pager incrementally instead of staying hidden until the pipe buffer fills. {issue}3242 {issue}2542 {pr}3534
• echo_via_pager and get_pager_file no longer close a borrowed stdout stream when no external pager runs, completing the partial I/O operation on closed file fix from {pr}3482. {issue}3449 {pr}3533

Commits

• b2e30a1 Release version 8.4.2
• 7a16b20 Fix package_name resolution when module differs from distribution name (#3582)
• bec5928 Fix package_name resolution when top-level module differs from distribution...
• 916883a Fix tests to not rely on -Wdefault option (#3591)
• 09195f6 Fix double-bracketing of choices in synopsis (#3578)
• 1557e26 Check for warning exception with idiomatic context manager
• d9ff133 Static typing improvements in click.shell_completion (#3460)
• 762c97e Fix double-bracketing of choices in synopsis
• 8929d39 Convert changes to markdown. (#3559)
• 237be50 Move changes headings down a level.
• Additional commits viewable in compare view

Updates coverage from 7.14.2 to 7.14.3

Changelog

Sourced from coverage's changelog.

Version 7.14.3 — 2026-06-22

• Fix: the default ... exclusion rule now also matches function bodies whose closing return-type bracket is on its own line (for example, after a long -> dict[ ... ] annotation that a formatter has split over multiple lines). Closes issue 2185, thanks Mengjia Shang <pull 2196_>.

• Fix: On 3.13t, we incorrectly issued Couldn't import C tracer errors. We can't import the C tracer because in 7.14.2 we stopped shipping compiled wheels for 3.13t. Thanks, Hugo van Kemenade <pull 2203_>_.

.. _issue 2185: coveragepy/coveragepy#2185 .. _pull 2196: coveragepy/coveragepy#2196 .. _pull 2203: coveragepy/coveragepy#2203

.. _changes_7-14-2:

Commits

• 22f13ea docs: sample HTML for 7.14.3
• 2ca4e5f docs: prep for 7.14.3
• 01d714e docs: add changelog entry for #2203
• f36248d fix: don't emit 'Couldn't import C tracer' warning for 3.13t (#2203)
• 86d73d1 docs: thanks, Mengjia Shang
• 3d4ae3c docs: add the #2196 pr link to CHANGES
• f4b2b4d fix: exclude ... bodies after multi-line return-type annotations (#2185) (#...
• 1980ed0 chore: bump sigstore/gh-action-sigstore-python (#2201)
• bca3217 build: since we don't ship 3.13t, don't test it
• 77550d8 docs: oops, mismatched pull requests
• Additional commits viewable in compare view

Updates greenlet from 3.5.2 to 3.5.3

Changelog

Sourced from greenlet's changelog.

3.5.3 (2026-06-26)

• Fix a crash on free-threaded builds when multiple greenlets were holding a critical section on an object and the GIL for the thread was dropped. See issue 513 <https://github.com/python-greenlet/greenlet/issues/513>_. Thanks to ddorian.

Commits

• 6ee8c2c Preparing release 3.5.3
• 6ec0bbb Merge pull request #514 from python-greenlet/issue513-preserve-crit-section
• c03a7e6 Py3.13+: Preserve thread state critical_section to prevent crash on free-thre...
• bc10829 Speed up manylinux test runs by only running the core checks; only start many...
• c2db75d Back to development: 3.5.3
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions