fix(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
actions/checkout	action	major	v5.0.0 -> v6.0.1
certifi	dependencies	minor	2025.10.5 -> 2025.11.12
cgr.dev/chainguard/python	final	digest	aff11fb -> ca9d5a5
cgr.dev/chainguard/python	stage	digest	b766b72 -> 2a649c9
fastapi (changelog)	dependencies	minor	0.120.1 -> 0.124.0
github/codeql-action	action	patch	v4.31.0 -> v4.31.7
ortelius/workflow-toolkit	action	digest	d1fc2a2 -> a0751e4
oxsecurity/megalinter	action	minor	v9.1.0 -> v9.2.0
peter-evans/create-pull-request	action	patch	v7.0.8 -> v7.0.11
pydantic (changelog)	dependencies	patch	2.12.3 -> 2.12.5
step-security/harden-runner	action	patch	v2.13.1 -> v2.13.3

---

Release Notes

actions/checkout (actions/checkout)

v6.0.1

Compare Source

v6.0.0

Compare Source

v5.0.1

Compare Source

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in #​2301

Full Changelog: actions/checkout@v5...v5.0.1

certifi/python-certifi (certifi)

v2025.11.12

Compare Source

fastapi/fastapi (fastapi)

v0.124.0

Compare Source

Features

• 🚸 Improve tracebacks by adding endpoint metadata. PR #​14306 by @​savannahostrowski.

Internal

• ✏️ Fix typo in scripts/mkdocs_hooks.py. PR #​14457 by @​yujiteshima.

v0.123.10

Compare Source

Fixes

• 🐛 Fix using class (not instance) dependency that has __call__ method. PR #​14458 by @​YuriiMotov.
• 🐛 Fix separate_input_output_schemas=False with computed_field. PR #​14453 by @​YuriiMotov.

v0.123.9

Compare Source

v0.123.8

Compare Source

Fixes

• 🐛 Fix OpenAPI security scheme OAuth2 scopes declaration, deduplicate security schemes with different scopes. PR #​14455 by @​tiangolo.

v0.123.7

Compare Source

Fixes

• 🐛 Fix evaluating stringified annotations in Python 3.10. PR #​11355 by @​chaen.

v0.123.6

Compare Source

Fixes

• 🐛 Fix support for functools wraps and partial combined, for async and regular functions and classes in path operations and dependencies. PR #​14448 by @​tiangolo.

v0.123.5

Compare Source

Features

• ✨ Allow using dependables with functools.partial(). PR #​9753 by @​lieryan.
• ✨ Add support for wrapped functions (e.g. @functools.wraps()) used with forward references. PR #​5077 by @​lucaswiman.
• ✨ Handle wrapped dependencies. PR #​9555 by @​phy1729.

Fixes

• 🐛 Fix optional sequence handling with new union syntax from Python 3.10. PR #​14430 by @​Viicos.

Refactors

• 🔥 Remove dangling extra condiitonal no longer needed. PR #​14435 by @​tiangolo.
• ♻️ Refactor internals, update is_coroutine check to reuse internal supported variants (unwrap, check class). PR #​14434 by @​tiangolo.

Translations

• 🌐 Sync German docs. PR #​14367 by @​nilslindemann.

v0.123.4

Compare Source

Fixes

• 🐛 Fix OpenAPI schema support for computed fields when using separate_input_output_schemas=False. PR #​13207 by @​vgrafe.

Docs

• 📝 Fix docstring of servers parameter. PR #​14405 by @​YuriiMotov.

v0.123.3

Compare Source

Fixes

• 🐛 Fix Query\Header\Cookie parameter model alias. PR #​14360 by @​YuriiMotov.
• 🐛 Fix optional sequence handling in serialize sequence value with Pydantic V2. PR #​14297 by @​YuriiMotov.

v0.123.2

Compare Source

Fixes

• 🐛 Fix unformatted {type_} in FastAPIError. PR #​14416 by @​Just-Helpful.
• 🐛 Fix parsing extra non-body parameter list. PR #​14356 by @​YuriiMotov.
• 🐛 Fix parsing extra Form parameter list. PR #​14303 by @​YuriiMotov.
• 🐛 Fix support for form values with empty strings interpreted as missing (None if that's the default), for compatibility with HTML forms. PR #​13537 by @​MarinPostma.

Docs

• 📝 Add tip on how to install pip in case of No module named pip error in virtual-environments.md. PR #​14211 by @​zadevhub.
• 📝 Update Primary Key notes for the SQL databases tutorial to avoid confusion. PR #​14120 by @​FlaviusRaducu.
• 📝 Clarify estimation note in documentation. PR #​14070 by @​SaisakthiM.

v0.123.1

Compare Source

Fixes

• 🐛 Avoid accessing non-existing "$ref" key for Pydantic v2 compat remapping. PR #​14361 by @​svlandeg.
• 🐛 Fix TypeError when encoding a decimal with a NaN or Infinity value. PR #​12935 by @​kentwelcome.

Internal

• 🐛 Fix Windows UnicodeEncodeError in CLI test. PR #​14295 by @​hemanth-thirthahalli.
• 🔧 Update sponsors: add Greptile. PR #​14429 by @​tiangolo.
• 👥 Update FastAPI GitHub topic repositories. PR #​14426 by @​tiangolo.
• ⬆ Bump markdown-include-variants from 0.0.6 to 0.0.7. PR #​14423 by @​YuriiMotov.
• 👥 Update FastAPI People - Sponsors. PR #​14422 by @​tiangolo.
• 👥 Update FastAPI People - Contributors and Translators. PR #​14420 by @​tiangolo.

v0.123.0

Compare Source

Fixes

• 🐛 Cache dependencies that don't use scopes and don't have sub-dependencies with scopes. PR #​14419 by @​tiangolo.

v0.122.1

Compare Source

Fixes

• 🐛 Fix hierarchical security scope propagation. PR #​5624 by @​kristjanvalur.

Docs

• 💅 Update CSS to explicitly use emoji font. PR #​14415 by @​tiangolo.

Internal

• ⬆ Bump markdown-include-variants from 0.0.5 to 0.0.6. PR #​14418 by @​YuriiMotov.

v0.122.0

Compare Source

Fixes

• 🐛 Use 401 status code in security classes when credentials are missing. PR #​13786 by @​YuriiMotov.
  • If your code depended on these classes raising the old (less correct) 403 status code, check the new docs about how to override the classes, to use the same old behavior: Use Old 403 Authentication Error Status Codes.

Internal

• 🔧 Configure labeler to exclude files that start from underscore for lang-all label. PR #​14213 by @​YuriiMotov.
• 👷 Add pre-commit config with local script for permalinks. PR #​14398 by @​tiangolo.
• 💄 Use font Fira Code to fix display of Rich panels in docs in Windows. PR #​14387 by @​tiangolo.
• 👷 Add custom pre-commit CI. PR #​14397 by @​tiangolo.
• ⬆ Bump actions/checkout from 5 to 6. PR #​14381 by @​dependabot[bot].
• 👷 Upgrade latest-changes GitHub Action and pin actions/checkout@v5. PR #​14403 by @​svlandeg.
• 🛠️ Add add-permalinks and add-permalinks-page to scripts/docs.py. PR #​14033 by @​YuriiMotov.
• 🔧 Upgrade Material for MkDocs and remove insiders. PR #​14375 by @​tiangolo.

v0.121.3

Compare Source

0.121.3

Refactors

• ♻️ Make the result of Depends() and Security() hashable, as a workaround for other tools interacting with these internal parts. PR #​14372 by @​tiangolo.

Upgrades

• ⬆️ Bump Starlette to <0.51.0. PR #​14282 by @​musicinmybrain.

Docs

• 📝 Add missing hash part. PR #​14369 by @​nilslindemann.
• 📝 Fix typos in code comments. PR #​14364 by @​Edge-Seven.
• 📝 Add docs for using FastAPI Cloud. PR #​14359 by @​tiangolo.

v0.121.2

Compare Source

Fixes

• 🐛 Fix handling of JSON Schema attributes named "$ref". PR #​14349 by @​tiangolo.

Docs

• 📝 Add EuroPython talk & podcast episode with Sebastián Ramírez. PR #​14260 by @​clytaemnestra.
• ✏️ Fix links and add missing permalink in docs. PR #​14217 by @​YuriiMotov.

Translations

• 🌐 Update Portuguese translations with LLM prompt. PR #​14228 by @​ceb10n.
• 🔨 Add Portuguese translations LLM prompt. PR #​14208 by @​ceb10n.
• 🌐 Sync Russian docs. PR #​14331 by @​YuriiMotov.
• 🌐 Sync German docs. PR #​14317 by @​nilslindemann.

v0.121.1

Compare Source

Fixes

• 🐛 Fix Depends(func, scope='function') for top level (parameterless) dependencies. PR #​14301 by @​luzzodev.

Docs

• 📝 Upate docs for advanced dependencies with yield, noting the changes in 0.121.0, adding scope. PR #​14287 by @​tiangolo.

Internal

• ⬆ Bump ruff from 0.13.2 to 0.14.3. PR #​14276 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #​14289 by @​pre-commit-ci[bot].

v0.121.0

Compare Source

Features

• ✨ Add support for dependencies with scopes, support scope="request" for dependencies with yield that exit before the response is sent. PR #​14262 by @​tiangolo.
  • New docs: Dependencies with yield - Early exit and scope.

Internal

• 👥 Update FastAPI People - Contributors and Translators. PR #​14273 by @​tiangolo.
• 👥 Update FastAPI People - Sponsors. PR #​14274 by @​tiangolo.
• 👥 Update FastAPI GitHub topic repositories. PR #​14280 by @​tiangolo.
• ⬆ Bump mkdocs-macros-plugin from 1.4.0 to 1.4.1. PR #​14277 by @​dependabot[bot].
• ⬆ Bump mkdocstrings[python] from 0.26.1 to 0.30.1. PR #​14279 by @​dependabot[bot].

v0.120.4

Compare Source

Fixes

• 🐛 Fix security schemes in OpenAPI when added at the top level app. PR #​14266 by @​YuriiMotov.

v0.120.3

Compare Source

Refactors

• ♻️ Reduce internal cyclic recursion in dependencies, from 2 functions calling each other to 1 calling itself. PR #​14256 by @​tiangolo.
• ♻️ Refactor internals of dependencies, simplify code and remove get_param_sub_dependant. PR #​14255 by @​tiangolo.
• ♻️ Refactor internals of dependencies, simplify using dataclasses. PR #​14254 by @​tiangolo.

Docs

• 📝 Update note for untranslated pages. PR #​14257 by @​YuriiMotov.

v0.120.2

Compare Source

Fixes

• 🐛 Fix separation of schemas with nested models introduced in 0.119.0. PR #​14246 by @​tiangolo.

Internal

• 🔧 Add sponsor: SerpApi. PR #​14248 by @​tiangolo.
• ⬆ Bump actions/download-artifact from 5 to 6. PR #​14236 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #​14237 by @​pre-commit-ci[bot].
• ⬆ Bump actions/upload-artifact from 4 to 5. PR #​14235 by @​dependabot[bot].

github/codeql-action (github/codeql-action)

v4.31.7

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.7 - 05 Dec 2025

• Update default CodeQL bundle version to 2.23.7. #​3343

See the full CHANGELOG.md for more information.

v4.31.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.6 - 01 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.5 - 24 Nov 2025

• Update default CodeQL bundle version to 2.23.6. #​3321

See the full CHANGELOG.md for more information.

v4.31.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.4 - 18 Nov 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.3 - 13 Nov 2025

• CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
• Update default CodeQL bundle version to 2.23.5. #​3288

See the full CHANGELOG.md for more information.

v4.31.2

Compare Source

v4.31.1

Compare Source

oxsecurity/megalinter (oxsecurity/megalinter)

v9.2.0

Compare Source

• New linters

  • Salesforce Code Analyzer, by @​abdeslamads
    • SALESFORCE_CODE_ANALYZER_APEX
    • SALESFORCE_CODE_ANALYZER_AURA
    • SALESFORCE_CODE_ANALYZER_LWC

• Disabled linters

  • Reactivate checkov

• Deprecated linters

  • Deprecate terrascan as the project is discontinued. Will be completely removed in a future version.
  • SALESFORCE_SFDX_SCANNER_* linters have been deprecated and will be removed in a future version. (they are replaced by SALESFORCE_CODE_ANALYZER_* linters)

• Media

  • Looking for the best CI/CD Pipeline Linting Tool? Try MegaLinter!, by Seasoned Developer
  • (Brazilian) Qualidade e Segurança em Código com MegaLinter: automatizando análises em MAUI com GitHub Actions, by Canal dotNET

• Linters enhancements

  • Install dotenv-linter deterministically, by @​bdovaz in #​6385

• Fixes

  • #​6544: Add GITHUB_TOKEN in docker build command for custom flavor
  • Hide warning when compiling a regex
  • Fix formatting in descriptor files to reduce changes in generated markdown, by @​echoix in #​6449

• Reporters

  • Add conversion from Jenkins variables to related Git based reporters variables

• Doc

  • Keep jsonschema html docs updated when using build.py --doc, by @​echoix in #​6447
  • Commit updated license info generated from build script by @​echoix in #​6448
  • Recreate docs/descriptors folder, delete old pages by @​echoix in #​6451

• Flavors

  • Add GITHUB_TOKEN in docker buildx build command for custom flavor, by @​davidfevre-gouv-nc in #​6545

• CI

  • Optimize performances of standalone linters releases
  • Renovate: Add langchain group for package updates, by @​echoix in #​6400
  • Refactor file handling in build.py to use pathlib for improved readability, by @​echoix in #​6450

• mega-linter-runner

  • Handle upgrade of stefanzweifel/git-auto-commit-action to v7

• Linter versions upgrades (53)

  • actionlint from 1.7.7 to 1.7.9
  • ansible-lint from 25.9.1 to 25.11.1
  • bandit from 1.8.6 to 1.9.2
  • bicep_linter from 0.38.33 to 0.39.26
  • black from 25.9.0 to 25.11.0
  • cfn-lint from 1.40.0 to 1.41.0
  • checkov from 3.2.413 to 3.2.495
  • checkstyle from 11.1.0 to 12.1.0
  • clippy from 0.1.90 to 0.1.91
  • clj-kondo from 2025.09.22 to 2025.10.23
  • csharpier from 1.1.2 to 1.2.1
  • cspell from 9.2.1 to 9.3.2
  • dotenv-linter from 3.3.0 to 4.0.0
  • dotnet-format from 9.0.110 to 9.0.111
  • editorconfig-checker from 3.4.0 to 3.6.0
  • git_diff from 2.47.0 to 2.49.1
  • gitleaks from 8.28.0 to 8.30.0
  • golangci-lint from 2.5.0 to 2.6.2
  • grype from 0.100.0 to 0.104.1
  • isort from 6.1.0 to 7.0.0
  • kics from 2.1.14 to 2.1.16
  • ktlint from 1.7.1 to 1.8.0
  • kubescape from 3.0.41 to 3.0.45
  • php-cs-fixer from 3.88.2 to 3.90.0
  • phpcs from 4.0.0 to 4.0.1
  • phpstan from 2.1.30 to 2.1.32
  • pmd from 7.17.0 to 7.18.0
  • powershell from 7.5.3 to 7.5.4
  • pylint from 3.3.9 to 4.0.3
  • pyright from 1.1.406 to 1.1.407
  • raku from 2024.12 to 2025.11
  • revive from 1.12.0 to 1.13.0
  • robocop from 6.7.2 to 6.11.0
  • roslynator from 0.10.2.0 to 0.11.0.0
  • rst-lint from 1.4.0 to 2.0.2
  • rubocop from 1.81.1 to 1.81.7
  • ruff-format from 0.13.3 to 0.14.6
  • ruff from 0.13.3 to 0.14.6
  • scalafix from 0.14.3 to 0.14.4
  • secretlint from 11.2.4 to 11.2.5
  • snakemake from 9.11.9 to 9.13.7
  • sqlfluff from 3.4.2 to 3.5.0
  • stylelint from 16.24.0 to 16.26.0
  • swiftlint from 0.61.0 to 0.62.2
  • syft from 1.33.0 to 1.38.0
  • terraform-fmt from 1.13.3 to 1.14.0
  • terragrunt from 0.88.1 to 0.93.10
  • tflint from 0.59.1 to 0.60.0
  • trivy-sbom from 0.67.0 to 0.67.2
  • trivy from 0.67.0 to 0.67.2
  • trufflehog from 3.90.11 to 3.91.1
  • vale from 3.12.0 to 3.13.0
  • xmllint from 21308 to 21309

peter-evans/create-pull-request (peter-evans/create-pull-request)

v7.0.11: Create Pull Request v7.0.11

Compare Source

What's Changed

• fix: restrict remote prune to self-hosted runners by @​peter-evans in #​4250

Full Changelog: peter-evans/create-pull-request@v7.0.10...v7.0.11

v7.0.10: Create Pull Request v7.0.10

Compare Source

⚙️ Fixes an issue where updating a pull request failed when targeting a forked repository with the same owner as its parent.

What's Changed

• build(deps): bump the github-actions group with 2 updates by @​dependabot[bot] in #​4235
• build(deps-dev): bump prettier from 3.6.2 to 3.7.3 in the npm group by @​dependabot[bot] in #​4240
• fix: provider list pulls fallback for multi fork same owner by @​peter-evans in #​4245

New Contributors

• @​obnyis made their first contribution in #​4064

Full Changelog: peter-evans/create-pull-request@v7.0.9...v7.0.10

v7.0.9: Create Pull Request v7.0.9

Compare Source

⚙️ Fixes an incompatibility with the recently released actions/checkout@v6.

What's Changed

• ~70 dependency updates by @​dependabot
• docs: fix workaround description about ready_for_review by @​ybiquitous in #​3939
• Docs: add-paths default behavior by @​joeflack4 in #​3928
• docs: update to create-github-app-token v2 by @​Goooler in #​4063
• Fix compatibility with actions/checkout@​v6 by @​ericsciple in #​4230

New Contributors

• @​joeflack4 made their first contribution in #​3928
• @​Goooler made their first contribution in #​4063
• @​ericsciple made their first contribution in #​4230

Full Changelog: peter-evans/create-pull-request@v7.0.8...v7.0.9

pydantic/pydantic (pydantic)

v2.12.5: 2025-11-26

Compare Source

v2.12.5 (2025-11-26)

This is the fifth 2.12 patch release, addressing an issue with the MISSING sentinel and providing several documentation improvements.

The next 2.13 minor release will be published in a couple weeks, and will include a new polymorphic serialization feature addressing
the remaining unexpected changes to the serialize as any behavior.

• Fix pickle error when using model_construct() on a model with MISSING as a default value by @​ornariece in #​12522.
• Several updates to the documentation by @​Viicos.

Full Changelog: pydantic/pydantic@v2.12.4...v2.12.5

v2.12.4

Compare Source

step-security/harden-runner (step-security/harden-runner)

v2.13.3

Compare Source

What's Changed

• Fixed an issue where process events were not uploaded in certain edge cases.

Full Changelog: step-security/harden-runner@v2.13.2...v2.13.3

v2.13.2

Compare Source

What's Changed

• Fixed an issue where there was a limit of 512 allowed endpoints when using block egress policy. This restriction has been removed, allowing for an unlimited number of endpoints to be configured.
• Harden Runner now automatically detects if the agent is already pre-installed on a custom VM image used by a GitHub-hosted runner. When detected, the action will skip reinstallation and use the existing agent.

Full Changelog: step-security/harden-runner@v2.13.1...v2.13.2

---

Configuration

📅 Schedule: Branch creation - "every 1 hours every weekday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.