Bump the production-version-updates group across 1 directory with 9 updates

[dependabot]

Bumps the production-version-updates group with 9 updates in the / directory:

Package	From	To
alembic	1.16.4	1.16.5
sqlalchemy	2.0.41	2.0.43
sqlalchemy-utils	0.41.2	0.42.0
anyio	4.9.0	4.10.0
certifi	2025.7.14	2025.8.3
flupy	1.2.2	1.2.3
greenlet	3.2.3	3.2.4
starlette	0.47.1	0.47.3
typing-extensions	4.14.1	4.15.0

Updates alembic from 1.16.4 to 1.16.5

Release notes

Sourced from alembic's releases.

1.16.5

Released: August 27, 2025

bug

• [bug] [mysql] Fixed Python-side autogenerate rendering of index expressions in MySQL dialect by aligning it with SQLAlchemy's MySQL index expression rules. Pull request courtesy david-fed.

  References: #1492

• [bug] [config] Fixed issue where new pyproject.toml config would fail to parse the integer value used for the truncate_slug_length parameter. Pull request courtesy Luís Henrique Allebrandt Schunemann.

  References: #1709

Commits

• See full diff in compare view

Updates sqlalchemy from 2.0.41 to 2.0.43

Release notes

Sourced from sqlalchemy's releases.

2.0.43

Released: August 11, 2025

orm

• [orm] [bug] Fixed issue where using the post_update feature would apply incorrect "pre-fetched" values to the ORM objects after a multi-row UPDATE process completed. These "pre-fetched" values would come from any column that had an Column.onupdate callable or a version id generator used by orm.Mapper.version_id_generator; for a version id generator that delivered random identifiers like timestamps or UUIDs, this incorrect data would lead to a DELETE statement against those same rows to fail in the next step.

  References: #12748

• [orm] [bug] Fixed issue where _orm.mapped_column.use_existing_column parameter in _orm.mapped_column() would not work when the _orm.mapped_column() is used inside of an Annotated type alias in polymorphic inheritance scenarios. The parameter is now properly recognized and processed during declarative mapping configuration.

  References: #12787

• [orm] [bug] Improved the implementation of the _orm.selectin_polymorphic() inheritance loader strategy to properly render the IN expressions using chunks of 500 records each, in the same manner as that of the _orm.selectinload() relationship loader strategy. Previously, the IN expression would be arbitrarily large, leading to failures on databases that have limits on the size of IN expressions including Oracle Database.

  References: #12790

engine

• [engine] [usecase] Added new parameter create_engine.skip_autocommit_rollback which provides for a per-dialect feature of preventing the DBAPI .rollback() from being called under any circumstances, if the connection is detected as being in "autocommit" mode. This improves upon a critical performance issue identified in MySQL dialects where the network overhead of the .rollback() call remains prohibitive even if autocommit mode is set.

  References: #12784

postgresql

... (truncated)

Commits

• See full diff in compare view

Updates sqlalchemy-utils from 0.41.2 to 0.42.0

Release notes

Sourced from sqlalchemy-utils's releases.

0.42.0

• Drop support for Python 3.7 and 3.8.
• Drop support for sqlalchemy 1.3.
• Add support for Python 3.12 and 3.13.
• Add a Read the Docs configuration file.
• Make documentation builds reproducible.
• Test documentation builds in CI.
• Fix Pendulum parsing of datetime instances with timezones. (#755)
• Migrate package metadata to PEP 621 format in pyproject.toml
• Migrate to ruff <https://docs.astral.sh/ruff/>_ for code linting and formatting, replacing flake8 and isort with a faster Rust-based tool.

Changelog

Sourced from sqlalchemy-utils's changelog.

0.42.0 (2025-08-30) ^^^^^^^^^^^^^^^^^^^

• Drop support for Python 3.7 and 3.8.
• Drop support for sqlalchemy 1.3.
• Add support for Python 3.12 and 3.13.
• Add a Read the Docs configuration file.
• Make documentation builds reproducible.
• Test documentation builds in CI.
• Fix Pendulum parsing of datetime instances with timezones. (#755)
• Migrate package metadata to PEP 621 format in pyproject.toml
• Migrate to ruff <https://docs.astral.sh/ruff/>_ for code linting and formatting, replacing flake8 and isort with a faster Rust-based tool.

Commits

• 2cd4b00 Release 0.42.0
• be118cc Merge branch 'master' into releases
• 9de2325 Bump version to 0.42.0
• 9749666 Merge pull request #788 from kurtmckee/use-pyupgrade
• cf767be Merge pull request #787 from kurtmckee/update-docs-builds
• 12e1784 Run pre-commit run -a
• 1e4ec91 Add pyupgrade as a pre-commit hook
• f9ee4a4 Resolve "unknown interpreted text role" warnings
• 2cb371f Fix doc build errors (autodoc needs sqlalchemy-utils importable)
• c52e14f Update the Read the Docs OS and Python versions
• Additional commits viewable in compare view

Updates anyio from 4.9.0 to 4.10.0

Release notes

Sourced from anyio's releases.

4.10.0

• Added the feed_data() method to the BufferedByteReceiveStream class, allowing users to inject data directly into the buffer
• Added various class methods to wrap existing sockets as listeners or socket streams:
  • SocketListener.from_socket()
  • SocketStream.from_socket()
  • UNIXSocketStream.from_socket()
  • UDPSocket.from_socket()
  • ConnectedUDPSocket.from_socket()
  • UNIXDatagramSocket.from_socket()
  • ConnectedUNIXDatagramSocket.from_socket()
• Added a hierarchy of connectable stream classes for transparently connecting to various remote or local endpoints for exchanging bytes or objects
• Added context manager mix-in classes (anyio.ContextManagerMixin and anyio.AsyncContextManagerMixin) to help write classes that embed other context managers, particularly cancel scopes or task groups (#905; PR by @​agronholm and @​tapetersen)
• Added the ability to specify the thread name in start_blocking_portal() (#818; PR by @​davidbrochart)
• Added anyio.notify_closing to allow waking anyio.wait_readable and anyio.wait_writable before closing a socket. Among other things, this prevents an OSError on the ProactorEventLoop. (#896; PR by @​graingert)
• Incorporated several documentation improvements from the EuroPython 2025 sprint (special thanks to the sprinters: Emmanuel Okedele, Jan Murre, Euxenia Miruna Goia and Christoffer Fjord)
• Added a documentation page explaining why one might want to use AnyIO's APIs instead of asyncio's
• Updated the to_interpreters module to use the public concurrent.interpreters API on Python 3.14 or later
• Fixed anyio.Path.copy() and anyio.Path.copy_into() failing on Python 3.14.0a7
• Fixed return annotation of __aexit__ on async context managers. CMs which can suppress exceptions should return bool, or None otherwise. (#913; PR by @​Enegg)
• Fixed rollover boundary check in SpooledTemporaryFile so that rollover only occurs when the buffer size exceeds max_size (#915; PR by @​11kkw)
• Migrated testing and documentation dependencies from extras to dependency groups
• Fixed compatibility of anyio.to_interpreter with Python 3.14.0b2 (#926; PR by @​hroncok)
• Fixed SyntaxWarning on Python 3.14 about return in finally (#816)
• Fixed RunVar name conflicts. RunVar instances with the same name should not share storage (#880; PR by @​vimfu)
• Renamed the BrokenWorkerIntepreter exception to BrokenWorkerInterpreter. The old name is available as a deprecated alias. (#938; PR by @​ayussh-verma)
• Fixed an edge case in CapacityLimiter on asyncio where a task, waiting to acquire a limiter gets cancelled and is subsequently granted a token from the limiter, but before the cancellation is delivered, and then fails to notify the next waiting task (#947)

Changelog

Sourced from anyio's changelog.

Version history

This library adheres to Semantic Versioning 2.0 <http://semver.org/>_.

UNRELEASED

• Set None as the default type argument for anyio.abc.TaskStatus

4.10.0

• Added the feed_data() method to the BufferedByteReceiveStream class, allowing users to inject data directly into the buffer

• Added various class methods to wrap existing sockets as listeners or socket streams:

  • SocketListener.from_socket()
  • SocketStream.from_socket()
  • UNIXSocketStream.from_socket()
  • UDPSocket.from_socket()
  • ConnectedUDPSocket.from_socket()
  • UNIXDatagramSocket.from_socket()
  • ConnectedUNIXDatagramSocket.from_socket()

• Added a hierarchy of connectable stream classes for transparently connecting to various remote or local endpoints for exchanging bytes or objects

• Added context manager mix-in classes (anyio.ContextManagerMixin and anyio.AsyncContextManagerMixin) to help write classes that embed other context managers, particularly cancel scopes or task groups ([#905](https://github.com/agronholm/anyio/issues/905) <https://github.com/agronholm/anyio/pull/905>_; PR by @​agronholm and @​tapetersen)

• Added the ability to specify the thread name in start_blocking_portal() ([#818](https://github.com/agronholm/anyio/issues/818) <https://github.com/agronholm/anyio/issues/818>_; PR by @​davidbrochart)

• Added anyio.notify_closing to allow waking anyio.wait_readable and anyio.wait_writable before closing a socket. Among other things, this prevents an OSError on the ProactorEventLoop. ([#896](https://github.com/agronholm/anyio/issues/896) <https://github.com/agronholm/anyio/pull/896>_; PR by @​graingert)

• Incorporated several documentation improvements from the EuroPython 2025 sprint (special thanks to the sprinters: Emmanuel Okedele, Jan Murre, Euxenia Miruna Goia and Christoffer Fjord)

• Added a documentation page explaining why one might want to use AnyIO's APIs instead of asyncio's

• Updated the to_interpreters module to use the public concurrent.interpreters API on Python 3.14 or later

• Fixed anyio.Path.copy() and anyio.Path.copy_into() failing on Python 3.14.0a7

• Fixed return annotation of __aexit__ on async context managers. CMs which can suppress exceptions should return bool, or None otherwise. ([#913](https://github.com/agronholm/anyio/issues/913) <https://github.com/agronholm/anyio/pull/913>_; PR by @​Enegg)

• Fixed rollover boundary check in SpooledTemporaryFile so that rollover only occurs when the buffer size exceeds max_size ([#915](https://github.com/agronholm/anyio/issues/915) <https://github.com/agronholm/anyio/pull/915>_; PR by @​11kkw)

• Migrated testing and documentation dependencies from extras to dependency groups

... (truncated)

Commits

• 0cf55b8 Bumped up the version
• b029df5 Updated the to_interpreter module to use the public API on Python 3.14 (#956)
• 01f02cf Incorporated EP2025 sprint feedback and added a new section (#955)
• d896480 [pre-commit.ci] pre-commit autoupdate (#954)
• 0282b81 Added the BufferedByteReceiveStream.feed_data() method (#945)
• 19e5477 Fixed a cancellation edge case for asyncio CapacityLimiter (#952)
• 4666df3 [pre-commit.ci] pre-commit autoupdate (#946)
• 38c2567 [pre-commit.ci] pre-commit autoupdate (#942)
• 3db73ac Add missing imports for Readcting to cancellation in worker threads example (...
• 2eda004 Added an example on how to use move_on_after() with shielding
• Additional commits viewable in compare view

Updates certifi from 2025.7.14 to 2025.8.3

Commits

• a97d9ad 2025.08.03 (#362)
• See full diff in compare view

Updates flupy from 1.2.2 to 1.2.3

Commits

• See full diff in compare view

Updates greenlet from 3.2.3 to 3.2.4

Changelog

Sourced from greenlet's changelog.

3.2.4 (2025-08-07)

.. note::

The 3.2.x series will be the last to support Python 3.9.

• Various small build/test changes for less common configurations (e.g., building CPython with assertions enabled but NOT debugging), contributed by Michał Górny. Note that while greenlet will BUILD in a free-threaded Python, it will cause the GIL to be allocated and used, and memory may leak. Also note that these configurations are not tested by this project's CI.
• Fix an assertion error on debug builds of Python 3.14 when using the experimental JIT. See :issue:460 <https://github.com/python-greenlet/greenlet/issues/460>_.

Commits

• 65f8da8 Preparing release 3.2.4
• b2c6559 Update CHANGES for release.
• b2aa1aa Merge pull request #462 from python-greenlet/issue460
• a1990d8 Python3.14/JIT: Save and restore the PyThreadState current_executor object.
• 68af251 Py3.14 w/JIT: Fix leakchecks.
• 74a65bd Various free-threaded fixes; bump tested Python version.
• e3e2953 Merge pull request #459 from mgorny/py314-debug-build-failure
• bdb5f44 Merge pull request #456 from mgorny/setuptools-test-dep
• b288f43 Merge pull request #457 from mgorny/fix-assert-test-skips
• 739cc55 Fix py312+ crash test skips to correctly check for assertions
• Additional commits viewable in compare view

Updates starlette from 0.47.1 to 0.47.3

Release notes

Sourced from starlette's releases.

Version 0.47.3

Fixed

• Use asyncio.iscoroutinefunction for Python 3.12 and older by @​mjpieters in encode/starlette#2984

---

New Contributors

• @​mjpieters made their first contribution in encode/starlette#2984

Full Changelog: Kludex/starlette@0.47.2...0.47.3

0.47.2

Fixed

• Make UploadFile check for future rollover #2962.

---

New Contributors

• @​HonakerM made their first contribution in encode/starlette#2962

Full Changelog: Kludex/starlette@0.47.1...0.47.2

Changelog

Sourced from starlette's changelog.

0.47.3 (August 24, 2025)

Fixed

• Use asyncio.iscoroutinefunction for Python 3.12 and older #2984.

0.47.2 (July 20, 2025)

Fixed

• Make UploadFile check for future rollover #2962.

Commits

• cb8f84f Version 0.47.3 (#2985)
• 3d7430a Use asyncio.iscoroutinefunction for Python 3.12 and older (#2984)
• 6ee94f2 Version 0.47.2 (#2965)
• 9f7ec2e Make UploadFile check for future rollover (#2962)
• 540ff5f Bump the python-packages group with 7 updates (#2957)
• d4dd545 docs: add Google Analytics (#2963)
• See full diff in compare view

Updates typing-extensions from 4.14.1 to 4.15.0

Release notes

Sourced from typing-extensions's releases.

4.15.0

No user-facing changes since 4.15.0rc1.

New features since 4.14.1:

• Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
• Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
• Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.

4.15.0rc1

• Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
• Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
• Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.

Changelog

Sourced from typing-extensions's changelog.

Release 4.15.0 (August 25, 2025)

No user-facing changes since 4.15.0rc1.

Release 4.15.0rc1 (August 18, 2025)

• Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
• Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
• Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.

Commits

• 9d1637e Prepare release 4.15.0 (#658)
• 4bd67c5 Coverage: exclude some noise (#656)
• e589a26 Coverage: add detailed report to job summary (#655)
• 67d37fe Coverage: Implement fail_under (#654)
• e9ae26f Don't delete previous coverage comment (#653)
• ac80bb7 Add Coverage workflow (#623)
• abaaafd Prepare release 4.15.0rc1 (#650)
• 9810405 Add @disjoint_base (PEP 800) (#634)
• 7ee9e05 Backport type_params fix from CPython (#646)
• 1e8eb9c Do not refer to PEP 705 as being experimental (#648)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[mrlonis]

@dependabot recreate

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.