Skip to content

Bump the pip-dependency-updates group across 3 directories with 3 updates#68816

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/airflow-core/pip-dependency-updates-72f83f7f84
Closed

Bump the pip-dependency-updates group across 3 directories with 3 updates#68816
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/airflow-core/pip-dependency-updates-72f83f7f84

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on aiosqlite, fastapi and datamodel-code-generator to permit the latest version.
Updates aiosqlite to 0.22.1

Changelog

Sourced from aiosqlite's changelog.

v0.22.1

Bug fix release

NOTE: Starting with v0.22.0, the aiosqlite.Connection object no longer inherits from threading.Thread. If not using aiosqlite as a context manager, clients must await connection.close() or call connection.stop() to ensure the helper thread is completed and terminated correctly. A ResourceWarning will be emitted for any connection that is garbage collected without being closed or stopped.

  • Added synchronous stop() method to aiosqlite.Connection to enable safe cleanup and termination of the background thread without dependence on having an active event loop (#370)
$ git shortlog -s v0.22.0...v0.22.1
     2	Amethyst Reese

v0.22.0

Feature release

  • Support set_authorizer query access controls (#349)
  • Wait for transaction queue to complete when closing connection (#305)
  • Emit warning when connection goes out of scope without being closed (#355)
  • Remove dependency on typing_extensions (#365)
$ git shortlog -s v0.21.0...v0.22.0
     1	Alec Berryman
     1	Amethyst Reese
     1	David Andreoletti
     1	Markus Heidelberg
     1	beerpsi
    19	dependabot[bot]

v0.21.0

Maintenance release

  • Fix: close connection correctly when BaseException raised in connection (#317)
  • Metadata improvements

... (truncated)

Commits

Updates fastapi to 0.139.0

Release notes

Sourced from fastapi's releases.

0.139.0

Features

  • ✨ Support dependencies in app.frontend(), e.g. for automatic cookie authentication for the frontend. PR #15908 by @​tiangolo.

Translations

Internal

Commits
  • cecd96d 🔖 Release version 0.139.0 (#15910)
  • aea6609 📝 Update release notes
  • 319be50 ✨ Support dependencies in app.frontend(), e.g. for automatic cookie authent...
  • 66a90f6 📝 Update release notes
  • d30a3eb 👥 Update FastAPI People - Experts (#15909)
  • 122f1b5 📝 Update release notes
  • fd6ece3 👥 Update FastAPI GitHub topic repositories (#15906)
  • ec2a6ad 📝 Update release notes
  • 9d7d7fe 🌐 Update translations for fr (update-outdated) (#15897)
  • 8dc852d 📝 Update release notes
  • Additional commits viewable in compare view

Updates datamodel-code-generator from 0.33.0 to 0.67.0

Release notes

Sourced from datamodel-code-generator's releases.

0.67.0

Breaking Changes

Default Behavior Changes

  • Auto input-type CSV fallback is now conditional - When --input-file-type auto is used, infer_input_type() previously treated any YAML parse failure as CSV data. It now falls back to CSV only when the text looks like CSV (non-empty lines with consistent, non-zero comma counts). Inputs that were previously inferred as csv — including malformed JSON/YAML and ragged CSV with inconsistent column counts (e.g. id,name,tel\n1,taro\n) — will no longer be inferred as CSV. (#3536)
  • GitHub Action extra-args no longer undergoes shell expansion - The Action previously appended extra-args directly into the shell command (datamodel-codegen "${ARGS[@]}" ${{ inputs.extra-args }}), so the value was subject to word-splitting, glob expansion, variable expansion, and command substitution. It is now tokenized with Python's shlex.split. Workflows that relied on shell features inside extra-args (globs like *.json, variables like $HOME, or command substitution $(...)) will no longer have them expanded and must pass literal, individually-quoted arguments instead. (#3542)
  • GitHub Action extras input is now validated against a whitelist - Previously any value passed to the extras input was accepted and injected into the pip install spec. It is now validated against the fixed set graphql, http, validation, ruff, all; any other value now fails the install step with ::error::Unsupported extras value: <value> instead of being passed through. Workflows passing extras values outside this set will now error. (#3542)

Error Handling Changes

  • Malformed auto-detected input now raises an error instead of silently inferring CSV - Under auto inference, input that fails YAML parsing and does not look like CSV now raises Error rather than falling back to CSV and attempting generation. The error message was also expanded to include the underlying YAML parser error, e.g. Can't infer input file type from the input data. YAML parser error: <Type>: <detail>. Please specify the input file type explicitly with --input-file-type option. Workflows depending on the old blanket-CSV fallback must now pass --input-file-type csv explicitly. (#3536)

What's Changed

... (truncated)

Changelog

Sourced from datamodel-code-generator's changelog.

0.67.0 - 2026-07-03

Breaking Changes

Default Behavior Changes

  • Auto input-type CSV fallback is now conditional - When --input-file-type auto is used, infer_input_type() previously treated any YAML parse failure as CSV data. It now falls back to CSV only when the text looks like CSV (non-empty lines with consistent, non-zero comma counts). Inputs that were previously inferred as csv — including malformed JSON/YAML and ragged CSV with inconsistent column counts (e.g. id,name,tel\n1,taro\n) — will no longer be inferred as CSV. (#3536)
  • GitHub Action extra-args no longer undergoes shell expansion - The Action previously appended extra-args directly into the shell command (datamodel-codegen "${ARGS[@]}" ${{ inputs.extra-args }}), so the value was subject to word-splitting, glob expansion, variable expansion, and command substitution. It is now tokenized with Python's shlex.split. Workflows that relied on shell features inside extra-args (globs like *.json, variables like $HOME, or command substitution $(...)) will no longer have them expanded and must pass literal, individually-quoted arguments instead. (#3542)
  • GitHub Action extras input is now validated against a whitelist - Previously any value passed to the extras input was accepted and injected into the pip install spec. It is now validated against the fixed set graphql, http, validation, ruff, all; any other value now fails the install step with ::error::Unsupported extras value: <value> instead of being passed through. Workflows passing extras values outside this set will now error. (#3542)

Error Handling Changes

  • Malformed auto-detected input now raises an error instead of silently inferring CSV - Under auto inference, input that fails YAML parsing and does not look like CSV now raises Error rather than falling back to CSV and attempting generation. The error message was also expanded to include the underlying YAML parser error, e.g. Can't infer input file type from the input data. YAML parser error: <Type>: <detail>. Please specify the input file type explicitly with --input-file-type option. Workflows depending on the old blanket-CSV fallback must now pass --input-file-type csv explicitly. (#3536)

What's Changed

Full Changelog: koxudaxi/datamodel-code-generator@0.66.3...0.67.0

... (truncated)

Commits

Updates datamodel-code-generator from 0.33.0 to 0.67.0

Release notes

Sourced from datamodel-code-generator's releases.

0.67.0

Breaking Changes

Default Behavior Changes

  • Auto input-type CSV fallback is now conditional - When --input-file-type auto is used, infer_input_type() previously treated any YAML parse failure as CSV data. It now falls back to CSV only when the text looks like CSV (non-empty lines with consistent, non-zero comma counts). Inputs that were previously inferred as csv — including malformed JSON/YAML and ragged CSV with inconsistent column counts (e.g. id,name,tel\n1,taro\n) — will no longer be inferred as CSV. (#3536)
  • GitHub Action extra-args no longer undergoes shell expansion - The Action previously appended extra-args directly into the shell command (datamodel-codegen "${ARGS[@]}" ${{ inputs.extra-args }}), so the value was subject to word-splitting, glob expansion, variable expansion, and command substitution. It is now tokenized with Python's shlex.split. Workflows that relied on shell features inside extra-args (globs like *.json, variables like $HOME, or command substitution $(...)) will no longer have them expanded and must pass literal, individually-quoted arguments instead. (#3542)
  • GitHub Action extras input is now validated against a whitelist - Previously any value passed to the extras input was accepted and injected into the pip install spec. It is now validated against the fixed set graphql, http, validation, ruff, all; any other value now fails the install step with ::error::Unsupported extras value: <value> instead of being passed through. Workflows passing extras values outside this set will now error. (#3542)

Error Handling Changes

  • Malformed auto-detected input now raises an error instead of silently inferring CSV - Under auto inference, input that fails YAML parsing and does not look like CSV now raises Error rather than falling back to CSV and attempting generation. The error message was also expanded to include the underlying YAML parser error, e.g. Can't infer input file type from the input data. YAML parser error: <Type>: <detail>. Please specify the input file type explicitly with --input-file-type option. Workflows depending on the old blanket-CSV fallback must now pass --input-file-type csv explicitly. (#3536)

What's Changed

... (truncated)

Changelog

Sourced from datamodel-code-generator's changelog.

0.67.0 - 2026-07-03

Breaking Changes

Default Behavior Changes

  • Auto input-type CSV fallback is now conditional - When --input-file-type auto is used, infer_input_type() previously treated any YAML parse failure as CSV data. It now falls back to CSV only when the text looks like CSV (non-empty lines with consistent, non-zero comma counts). Inputs that were previously inferred as csv — including malformed JSON/YAML and ragged CSV with inconsistent column counts (e.g. id,name,tel\n1,taro\n) — will no longer be inferred as CSV. (#3536)
  • GitHub Action extra-args no longer undergoes shell expansion - The Action previously appended extra-args directly into the shell command (datamodel-codegen "${ARGS[@]}" ${{ inputs.extra-args }}), so the value was subject to word-splitting, glob expansion, variable expansion, and command substitution. It is now tokenized with Python's shlex.split. Workflows that relied on shell features inside extra-args (globs like *.json, variables like $HOME, or command substitution $(...)) will no longer have them expanded and must pass literal, individually-quoted arguments instead. (#3542)
  • GitHub Action extras input is now validated against a whitelist - Previously any value passed to the extras input was accepted and injected into the pip install spec. It is now validated against the fixed set graphql, http, validation, ruff, all; any other value now fails the install step with ::error::Unsupported extras value: <value> instead of being passed through. Workflows passing extras values outside this set will now error. (#3542)

Error Handling Changes

  • Malformed auto-detected input now raises an error instead of silently inferring CSV - Under auto inference, input that fails YAML parsing and does not look like CSV now raises Error rather than falling back to CSV and attempting generation. The error message was also expanded to include the underlying YAML parser error, e.g. Can't infer input file type from the input data. YAML parser error: <Type>: <detail>. Please specify the input file type explicitly with --input-file-type option. Workflows depending on the old blanket-CSV fallback must now pass --input-file-type csv explicitly. (#3536)

What's Changed

Full Changelog: koxudaxi/datamodel-code-generator@0.66.3...0.67.0

... (truncated)

Commits

Updates datamodel-code-generator from 0.33.0 to 0.67.0

Release notes

Sourced from datamodel-code-generator's releases.

0.67.0

Breaking Changes

Default Behavior Changes

  • Auto input-type CSV fallback is now conditional - When --input-file-type auto is used, infer_input_type() previously treated any YAML parse failure as CSV data. It now falls back to CSV only when the text looks like CSV (non-empty lines with consistent, non-zero comma counts). Inputs that were previously inferred as csv — including malformed JSON/YAML and ragged CSV with inconsistent column counts (e.g. id,name,tel\n1,taro\n) — will no longer be inferred as CSV. (#3536)
  • GitHub Action extra-args no longer undergoes shell expansion - The Action previously appended extra-args directly into the shell command (datamodel-codegen "${ARGS[@]}" ${{ inputs.extra-args }}), so the value was subject to word-splitting, glob expansion, variable expansion, and command substitution. It is now tokenized with Python's shlex.split. Workflows...

    Description has been truncated

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 22, 2026
@dependabot dependabot Bot added python Pull requests that update Python code dependencies Pull requests that update a dependency file labels Jun 22, 2026
@dependabot
dependabot Bot force-pushed the dependabot/pip/airflow-core/pip-dependency-updates-72f83f7f84 branch 8 times, most recently from 9c88e30 to eb119d4 Compare June 30, 2026 17:05
@dependabot
dependabot Bot force-pushed the dependabot/pip/airflow-core/pip-dependency-updates-72f83f7f84 branch 2 times, most recently from b165c7e to 52c3fc7 Compare July 2, 2026 17:05
@dependabot
dependabot Bot requested a review from henry3260 as a code owner July 2, 2026 17:05
@potiuk

potiuk commented Jul 3, 2026

Copy link
Copy Markdown
Member

@dependabot recreate

@dependabot
dependabot Bot force-pushed the dependabot/pip/airflow-core/pip-dependency-updates-72f83f7f84 branch 2 times, most recently from da0dad0 to e222c82 Compare July 3, 2026 17:05
@potiuk

potiuk commented Jul 5, 2026

Copy link
Copy Markdown
Member

@dependabot rebase

@dependabot
dependabot Bot force-pushed the dependabot/pip/airflow-core/pip-dependency-updates-72f83f7f84 branch 2 times, most recently from 44a587c to 2b48166 Compare July 6, 2026 17:06
…ates

Updates the requirements on [aiosqlite](https://github.com/omnilib/aiosqlite), [fastapi](https://github.com/fastapi/fastapi) and [datamodel-code-generator](https://github.com/koxudaxi/datamodel-code-generator) to permit the latest version.

Updates `aiosqlite` to 0.22.1
- [Changelog](https://github.com/omnilib/aiosqlite/blob/main/CHANGELOG.md)
- [Commits](omnilib/aiosqlite@v0.20.0...v0.22.1)

Updates `fastapi` to 0.139.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.129.0...0.139.0)

Updates `datamodel-code-generator` from 0.33.0 to 0.67.0
- [Release notes](https://github.com/koxudaxi/datamodel-code-generator/releases)
- [Changelog](https://github.com/koxudaxi/datamodel-code-generator/blob/main/CHANGELOG.md)
- [Commits](koxudaxi/datamodel-code-generator@0.33.0...0.67.0)

Updates `datamodel-code-generator` from 0.33.0 to 0.67.0
- [Release notes](https://github.com/koxudaxi/datamodel-code-generator/releases)
- [Changelog](https://github.com/koxudaxi/datamodel-code-generator/blob/main/CHANGELOG.md)
- [Commits](koxudaxi/datamodel-code-generator@0.33.0...0.67.0)

Updates `datamodel-code-generator` from 0.33.0 to 0.67.0
- [Release notes](https://github.com/koxudaxi/datamodel-code-generator/releases)
- [Changelog](https://github.com/koxudaxi/datamodel-code-generator/blob/main/CHANGELOG.md)
- [Commits](koxudaxi/datamodel-code-generator@0.33.0...0.67.0)

Updates `datamodel-code-generator` from 0.33.0 to 0.67.0
- [Release notes](https://github.com/koxudaxi/datamodel-code-generator/releases)
- [Changelog](https://github.com/koxudaxi/datamodel-code-generator/blob/main/CHANGELOG.md)
- [Commits](koxudaxi/datamodel-code-generator@0.33.0...0.67.0)

---
updated-dependencies:
- dependency-name: aiosqlite
  dependency-version: 0.22.1
  dependency-type: direct:production
  dependency-group: pip-dependency-updates
- dependency-name: datamodel-code-generator
  dependency-version: 0.64.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: pip-dependency-updates
- dependency-name: datamodel-code-generator
  dependency-version: 0.64.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: pip-dependency-updates
- dependency-name: datamodel-code-generator
  dependency-version: 0.64.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: pip-dependency-updates
- dependency-name: datamodel-code-generator
  dependency-version: 0.64.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: pip-dependency-updates
- dependency-name: fastapi
  dependency-version: 0.137.1
  dependency-type: direct:production
  dependency-group: pip-dependency-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/pip/airflow-core/pip-dependency-updates-72f83f7f84 branch from 2b48166 to de2098d Compare July 7, 2026 17:05
@potiuk

potiuk commented Jul 8, 2026

Copy link
Copy Markdown
Member

Closing — this grouped bump collides with three intentional version caps that Dependabot can't see:

  • aiosqlite <0.22.0 — 0.22.x leaves a thread hanging under SQLAlchemy 2 (see the comment at the pin + aiosqlite#369); the SQLAlchemy-side fix isn't released yet.
  • fastapi <0.137.0 — FastAPI 0.137's lazy router inclusion triggers cadwyn RouterGenerationError and breaks api-server/dag-processor startup. The cap was added deliberately in Cap fastapi <0.137 and fix execution API health empty-path route #68578; it can only be relaxed once cadwyn supports 0.137.
  • datamodel-code-generator ==0.67.0 — the newer generator drops = None defaults from nullable-optional fields, turning ~200 fields across the Task SDK / CTL API clients from optional into required (a breaking model-contract change).

Each of these needs its own deliberate change (and, for cadwyn/FastAPI, an upstream fix) rather than a blanket cap bump, so this PR can't be merged as-is. The follow-up work is tracked in the CI / Dev Env board.


Drafted-by: Claude Code (Opus 4.8); reviewed by @potiuk before posting

@potiuk potiuk closed this Jul 8, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 8, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area:airflow-ctl area:task-sdk backport-to-airflow-ctl/v0-1-test dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant