Skip to content

chore(deps): update fastapi requirement from >=0.136.1 to >=0.138.2#124

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/fastapi-gte-0.138.2
Open

chore(deps): update fastapi requirement from >=0.136.1 to >=0.138.2#124
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/fastapi-gte-0.138.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on fastapi to permit the latest version.

Commits
  • 702fea8 🔖 Release version 0.138.2 (#15864)
  • 6466865 📝 Update release notes
  • b790e14 ♻️ Make app.frontend() return 404 for methods other than GET or HEAD wi...
  • c2708d9 📝 Update release notes
  • 403b1fa 🔧 Update sponsors: remove Stainless (#15862)
  • 1929ac2 📝 Update release notes
  • cba4158 ♻️ Refactor how sponsors data is handled for banners (#15852)
  • b90c49a 🔖 Release version 0.138.1 (#15842)
  • 1f2f3df 📝 Update release notes
  • 0af003a ♻️ Refactor Library Skills, make info easier to find for agents (#15841)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

View with Codesmith Autofix with Codesmith
Need help on this PR? Tag /codesmith with what you need. Autofix is disabled.

Updates the requirements on [fastapi](https://github.com/fastapi/fastapi) to permit the latest version.
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.136.1...0.138.2)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.138.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @github

dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@blacksmith-sh

blacksmith-sh Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Found 11 test failures on Blacksmith runners:

Failures

Test View Logs
TestAppBoot/test_health_includes_version View Logs
TestAppBoot/test_health_returns_200 View Logs
TestAppBoot/test_ready_includes_components View Logs
TestAppBoot/test_ready_returns_json View Logs
TestWebhookIngestion/test_accepted_event_reaches_queue View Logs
TestWebhookIngestion/test_accepted_response_has_kind_field View Logs
TestWebhookIngestion/test_accepted_response_has_status_field View Logs
TestWebhookIngestion/test_duplicate_delivery_returns_202 View Logs
TestWebhookIngestion/test_signed_issue_opened_returns_202 View Logs
TestWebhookIngestion/test_unsigned_webhook_returns_401 View Logs
TestWebhookIngestion/test_wrong_signature_returns_401 View Logs

Fix with Codesmith
Need help on this PR? Tag /codesmith with what you need.

@sonarqubecloud

sonarqubecloud Bot commented Jul 1, 2026

Copy link
Copy Markdown

@YiWang24

YiWang24 commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

代码审查报告

风险等级: 低 | 审查置信度: 高 | 结论: 可直接合入

摘要: Dependabot 自动创建的 fastapi 依赖版本更新,仅修改 pyproject.toml 中版本要求,从 0.136.1 → 0.138.2。

变更分析

# 位置 变更内容 风险评估
1 pyproject.toml:21 fastapi>=0.136.1 → fastapi>=0.138.2 低风险

审查结论

可直接合入

  • 变更类型:依赖版本更新(minor version bump)
  • 影响范围:仅放宽版本要求,不锁定具体版本
  • 回归风险:低(向后兼容的 minor 版本更新)
  • 建议:合入前确认 CI 测试通过

验证建议

  • 确认 fastapi 0.138.x 的 changelog 无 breaking changes
  • 运行应用集成测试确保兼容性

@YiWang24

YiWang24 commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

代码审查报告

风险等级: 低 | 审查置信度: 高 | 结论: 可直接合入

变更摘要

  • 变更意图:依赖版本升级
  • 涉及模块: pyproject.toml
  • 影响范围: 非功能性 - 仅更新 FastAPI 最低版本要求
  • 变更内容: fastapi>=0.136.1fastapi>=0.138.2

详细分析

无影响变更

# 位置 变更内容 风险评估
1 pyproject.toml:21 FastAPI 版本要求从 0.136.1 升至 0.138.2 低风险 - 依赖升级

兼容性检查

  • ✅ 小版本升级 (0.136 → 0.138),遵循语义化版本
  • ✅ 根据 FastAPI 发布记录,0.138.x 主要是 bug 修复和小改进
  • ✅ 无破坏性变更记录
  • ✅ Secret Scan 工作流已通过 (说明无敏感信息引入)

建议验证项

  • 在测试环境确认无回归
  • 检查 CI 其他工作流是否通过

结论

可直接合入 - 标准依赖升级,无代码变更,风险极低


审查完成于: $(date -u +"%Y-%m-%d %H:%M UTC")

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant