Bump the python-dependencies group across 1 directory with 12 updates

[dependabot]

Bumps the python-dependencies group with 12 updates in the / directory:

Package	From	To
pydantic-settings	2.12.0	2.13.0
elasticsearch	7.17.12	7.17.13
pymongo	4.15.5	4.16.0
fastapi	0.127.0	0.129.0
starlette	0.50.0	0.52.1
aiida-core	2.7.2	2.7.3
rich	14.2.0	14.3.2
ase	3.26.0	3.27.0
mkdocs-autorefs	1.4.3	1.4.4
mkdocstrings[python]	1.0.0	1.0.3
griffe	1.15.0	2.0.0
jarvis-tools	2025.5.30	2026.1.10

Updates pydantic-settings from 2.12.0 to 2.13.0

Commits

• 198e71c Prepare release 2.13.0 (#777)
• de71e84 Add nested path support for yaml_config_section (fixes #772) (#773)
• 0f8f951 CLI Union Discriminator Choices in Help (#764)
• ce9804c CLI coerce numeric types. (#769)
• e460f0b Update deps (#768)
• a04b034 fix: Only override preferred_key when no value was found (#767)
• f6ddaee Allow snake_case_conversion with env_prefix for Azure Key Vault source (#...
• 6ce78bc feat(gcp): support SecretVersion annotation for per-field secret versioning (...
• 21c7093 CLI format_help method support (#759)
• 0e96e9c Add support for overriding default help on CLI internal parser. (#758)
• Additional commits viewable in compare view

Updates elasticsearch from 7.17.12 to 7.17.13

Commits

• See full diff in compare view

Updates pymongo from 4.15.5 to 4.16.0

Release notes

Sourced from pymongo's releases.

PyMongo 4.16.0

Community notes:

Changelog

Sourced from pymongo's changelog.

Changes in Version 4.16.0 (2026/01/07)

PyMongo 4.16 brings a number of changes including:

• Removed invalid documents from :class:bson.errors.InvalidDocument error messages as doing so may leak sensitive user data. Instead, invalid documents are stored in :attr:bson.errors.InvalidDocument.document.
• PyMongo now requires dnspython>=2.6.1, since dnspython 1.0 is no longer maintained. The minimum version is 2.6.1 to account for CVE-2023-29483 <https://www.cve.org/CVERecord?id=CVE-2023-29483>_.
• Removed support for Eventlet. Eventlet is actively being sunset by its maintainers and has compatibility issues with PyMongo's dnspython dependency.
• Use Zstandard support from the standard library for Python 3.14+, and use backports.zstd for older versions.
• Fixed return type annotation for find_one_and_* methods on :class:~pymongo.asynchronous.collection.AsyncCollection and :class:~pymongo.synchronous.collection.Collection to include None.
• Added support for NumPy 1D-arrays in :class:bson.binary.BinaryVector.
• Prevented :class:~pymongo.encryption.ClientEncryption from loading the crypt shared library to fix "MongoCryptError: An existing crypt_shared library is loaded by the application" unless the linked library search path is set.

Commits

• 3290101 Prepare 4.16.0 release (#2672)
• 1be94d2 PYTHON-5685 Fix unified spec sync metadata for csot and sessions tests (#2669)
• 6585d9c PYTHON-2442: Refactor: use _asdict() in _options_dict() (#2670)
• fdb1f7e PYTHON-5677 Prevent ClientEncryption from loading crypt shared library (#2659)
• 0cd9763 Bump zizmorcore/zizmor-action from cb3d8e846e148d1111d90b03375b9c03deceda37 t...
• 2f263d4 PYTHON-5680 Fix handling of expectedDocuments in Unified Test Runner (#2665)
• e9658b2 Add 4.15.5 release date to changelog (#2666)
• 10dd204 Update coverage[toml] requirement from <=7.10.6,>=5 to >=5,<=7.10.7 (#2662)
• 1300677 [Spec Resync] 12-22-2025 (#2663)
• 18c1f14 PYTHON-5529 Introduce optin setting to await for MinPoolSize population (#2664)
• Additional commits viewable in compare view

Updates fastapi from 0.127.0 to 0.129.0

Release notes

Sourced from fastapi's releases.

0.129.0

Breaking Changes

• ➖ Drop support for Python 3.9. PR #14897 by @​tiangolo.

Refactors

• 🎨 Update internal types for Python 3.10. PR #14898 by @​tiangolo.

Docs

• 📝 Update highlights in webhooks docs. PR #14905 by @​tiangolo.
• 📝 Update source examples and docs from Python 3.9 to 3.10. PR #14900 by @​tiangolo.

Internal

• 🔨 Update docs.py scripts to migrate Python 3.9 to Python 3.10. PR #14906 by @​tiangolo.

0.128.8

Docs

• 📝 Fix grammar in docs/en/docs/tutorial/first-steps.md. PR #14708 by @​SanjanaS10.

Internal

• 🔨 Tweak PDM hook script. PR #14895 by @​tiangolo.
• ♻️ Update build setup for fastapi-slim, deprecate it, and make it only depend on fastapi. PR #14894 by @​tiangolo.

0.128.7

Features

• ✨ Show a clear error on attempt to include router into itself. PR #14258 by @​JavierSanchezCastro.
• ✨ Replace dict by Mapping on HTTPException.headers. PR #12997 by @​rijenkii.

Refactors

• ♻️ Simplify reading files in memory, do it sequentially instead of (fake) parallel. PR #14884 by @​tiangolo.

Docs

• 📝 Use dfn tag for definitions instead of abbr in docs. PR #14744 by @​YuriiMotov.

Internal

• ✅ Tweak comment in test to reference PR. PR #14885 by @​tiangolo.
• 🔧 Update LLM-prompt for abbr and dfn tags. PR #14747 by @​YuriiMotov.
• ✅ Test order for the submitted byte Files. PR #14828 by @​valentinDruzhinin.
• 🔧 Configure test workflow to run tests with inline-snapshot=review. PR #14876 by @​YuriiMotov.

0.128.6

... (truncated)

Commits

• a2e5136 🔖 Release version 0.129.0
• b7ce02a 📝 Update release notes
• 31d9750 🔨 Update docs.py scripts to migrate Python 3.9 to Python 3.10 (#14906)
• 109cc8a 📝 Update release notes
• c82a3d8 📝 Update highlights in webhooks docs (#14905)
• 0e46065 📝 Update release notes
• c9e2277 📝 Update source examples and docs from Python 3.9 to 3.10 (#14900)
• d06ab3f 📝 Update release notes
• 3da206c 🎨 Update internal types for Python 3.10 (#14898)
• cc903bd 📝 Update release notes
• Additional commits viewable in compare view

Updates starlette from 0.50.0 to 0.52.1

Release notes

Sourced from starlette's releases.

Version 0.52.1

What's Changed

• Only use typing_extensions in older Python versions by @​Kludex in Kludex/starlette#3109

---

Full Changelog: Kludex/starlette@0.52.0...0.52.1

Version 0.52.0

In this release, State can be accessed using dictionary-style syntax for improved type safety (#3036).

from collections.abc import AsyncIterator
from contextlib import asynccontextmanager
from typing import TypedDict
import httpx
from starlette.applications import Starlette
from starlette.requests import Request
class State(TypedDict):
http_client: httpx.AsyncClient
@​asynccontextmanager
async def lifespan(app: Starlette) -> AsyncIterator[State]:
async with httpx.AsyncClient() as client:
yield {"http_client": client}
async def homepage(request: Request[State]):
client = request.state["http_client"]
# If you run the below line with mypy or pyright, it will reveal the correct type.
reveal_type(client)  # Revealed type is 'httpx.AsyncClient'

See Accessing State for more details.

---

Full Changelog: Kludex/starlette@0.51.0...0.52.0

Version 0.51.0

Added

• Add allow_private_network in CORSMiddleware #3065.

Changed

... (truncated)

Changelog

Sourced from starlette's changelog.

0.52.1 (January 18, 2026)

Fixed

• Only use typing_extensions in older Python versions #3109.

0.52.0 (January 18, 2026)

In this release, State can be accessed using dictionary-style syntax for improved type safety (#3036).

from collections.abc import AsyncIterator
from contextlib import asynccontextmanager
from typing import TypedDict
import httpx
from starlette.applications import Starlette
from starlette.requests import Request
class State(TypedDict):
http_client: httpx.AsyncClient
@​asynccontextmanager
async def lifespan(app: Starlette) -> AsyncIterator[State]:
async with httpx.AsyncClient() as client:
yield {"http_client": client}
async def homepage(request: Request[State]):
client = request.state["http_client"]
# If you run the below line with mypy or pyright, it will reveal the correct type.
reveal_type(client)  # Revealed type is 'httpx.AsyncClient'

See Accessing State for more details.

0.51.0 (January 10, 2026)

Added

• Add allow_private_network in CORSMiddleware #3065.

Changed

• Increase warning stacklevel on DeprecationWarning for wsgi module #3082.

Commits

• e5b8a5d Version 0.52.1 (#3110)
• d02eade Only use typing_extensions in older Python versions (#3109)
• f490b42 Version 0.52.0 (#3107)
• d8c7cf9 Turn State into a Mapping (#3036)
• cfce146 chore: bump coverage (#3103)
• 9138e55 fix: setup github pages for deployment (#3102)
• aff6df7 docs: add environment for github docs (#3101)
• 434bab9 docS: fix gh pages deploy (#3100)
• 03426be docs: replace mkdocs by zensical (#3098)
• df2ee22 Version 0.51.0 (#3097)
• Additional commits viewable in compare view

Updates aiida-core from 2.7.2 to 2.7.3

Release notes

Sourced from aiida-core's releases.

AiiDA v2.7.3

See CHANGELOG.md

Changelog

Sourced from aiida-core's changelog.

v2.7.3 - 2026-01-23

Fixes

Transport

• Improve path escaping in OpenSSH transport for special characters (#7171) [4c89d9624]
• Fix a critical race condition in TransportQueue (#7144) [b02a233af]
• Add semaphore control to AsyncSshTransport::exec_command_wait_async to prevent SSH connection overwhelm (#7144) [985d5c809]

Engine

• Fix: Avoid mutating _polling_jobs inside slurm scheduler (#7155) [9f03a8e4c]

Devops

• Switch PyPI publishing to OIDC trusted publishing (#7173) [c4e320816]

Commits

• 67e97fb Release v2.7.3
• de48e38 Switch from token-based to OIDC trusted publishing
• 782ba2a Improve path escaping in OpenSSH transport for special characters
• 60ef336 Fix: Avoid mutating _polling_jobs inside (slurm) scheduler (#7155)
• e395345 Fixes a critical race condition in TransportQueue.
• 53ea84d Add semaphore control to AsyncSshTransport::exec_command_wait_async to preven...
• 29bde8d Fix PyPI index url (#6923)
• 9d0a86f Merge release/2.7.2 into support/2.7.x (#7132)
• 2befa6b Release v2.7.2
• 4005693 CI fixes
• See full diff in compare view

Updates rich from 14.2.0 to 14.3.2

Release notes

Sourced from rich's releases.

The ZWJy release

A fix for cell_len edge cases

[14.3.2] - 2026-02-01

Fixed

• Fixed solo ZWJ crash Textualize/rich#3953
• Fixed control codes reporting width of 1 Textualize/rich#3953

The Nerdy Fix release

Fixed issue with characters outside of unicode range reporting 0 cell size

[14.3.1] - 2026-01-24

Fixed

• Fixed characters out of unicode range reporting a cell size if 0 Textualize/rich#3944

The more emojis release

Rich now has support for multi-codepoint emojis. There have also been some Markdown improvements, and a number of fixes. See the release notes below for details.

[14.3.0] - 2026-01-24

Fixed

• IPython now respects when a Console instance is passed to pretty.install Textualize/rich#3915
• Fixed extraneous blank line on non-interactive disabled Progress Textualize/rich#3905
• Fixed extra padding on first cell in columns Textualize/rich#3935
• Fixed trailing whitespace removed when soft_wrap=True Textualize/rich#3937
• Fixed style new-lines when soft_wrap = True and a print style is set Textualize/rich#3938

Added

• Added support for some multi-codepopint glyphs (will fix alignment issues for these characters) Textualize/rich#3930
• Added support for UNICODE_VERSION environment variable Textualize/rich#3930
• Added last_render_height property to LiveRender Textualize/rich#3934
• Expose locals_max_depth and locals_overflow in traceback.install Textualize/rich#3906
• Added Segment.split_lines_terminator Textualize/rich#3938

Changed

• cells.cell_len now has a unicode_version parameter (that you probably should never change) Textualize/rich#3930
• Live will not write a new line if there was nothing rendered Textualize/rich#3934
• Changed style of Markdown headers Textualize/rich#3942
• Changed style of Markdown tables, added markdown.table.header and markdown.table.border styles Textualize/rich#3942
• Changed style of Markdown rules Textualize/rich#3942

Changelog

Sourced from rich's changelog.

[14.3.2] - 2026-02-01

Fixed

• Fixed solo ZWJ crash Textualize/rich#3953
• Fixed control codes reporting width of 1 Textualize/rich#3953

[14.3.1] - 2026-01-24

Fixed

• Fixed characters out of unicode range reporting a cell size if 0 Textualize/rich#3944

[14.3.0] - 2026-01-24

Fixed

• IPython now respects when a Console instance is passed to pretty.install Textualize/rich#3915
• Fixed extraneous blank line on non-interactive disabled Progress Textualize/rich#3905
• Fixed extra padding on first cell in columns Textualize/rich#3935
• Fixed trailing whitespace removed when soft_wrap=True Textualize/rich#3937
• Fixed style new-lines when soft_wrap = True and a print style is set Textualize/rich#3938

Added

• Added support for some multi-codepopint glyphs (will fix alignment issues for these characters) Textualize/rich#3930
• Added support for UNICODE_VERSION environment variable Textualize/rich#3930
• Added last_render_height property to LiveRender Textualize/rich#3934
• Expose locals_max_depth and locals_overflow in traceback.install Textualize/rich#3906
• Added Segment.split_lines_terminator Textualize/rich#3938

Changed

• cells.cell_len now has a unicode_version parameter (that you probably should never change) Textualize/rich#3930
• Live will not write a new line if there was nothing rendered Textualize/rich#3934
• Changed style of Markdown headers Textualize/rich#3942
• Changed style of Markdown tables, added markdown.table.header and markdown.table.border styles Textualize/rich#3942
• Changed style of Markdown rules Textualize/rich#3942

Commits

• 0752ff0 Merge pull request #3953 from Textualize/zwj-fix
• 54ae0cf simplify
• 07edb85 refine
• 31930dd fix test
• 454fcfc stupid comment
• 13f87a4 Fix ZWJ and edge cases
• 1d402e0 fix dates
• f2a1c3b Merge pull request #3944 from Textualize/nerf-fonts
• 2e5a5da changelog
• 73ee823 fix fonts
• Additional commits viewable in compare view

Updates ase from 3.26.0 to 3.27.0

Commits

• bbddb82 ASE version 3.27.0
• 9b59235 Merge branch 'fix-1851' into 'master'
• 211871f Merge branch 'ci-fixes' into 'master'
• 6658c2b attempt to fix warnings in windows job
• 1ce3dcf Rename test_bad_restart.py
• 372583a Convert restart into str in todict
• d57625f fix test that was platform-specific for some reason
• 1348389 use exitstack for creation/closing of tempfiles
• bb6f5c8 use exitstack in a way that requires less indentation
• 722e8ec ignore warning about binary incompatibility
• Additional commits viewable in compare view

Updates mkdocs-autorefs from 1.4.3 to 1.4.4

Release notes

Sourced from mkdocs-autorefs's releases.

1.4.4

1.4.4 - 2026-02-10

Compare with 1.4.3

Code Refactoring

• Register headings with a Markdown processor rather than the on_page_content hook and the table of contents (17665e2 by Timothée Mazzucotelli).

Changelog

Sourced from mkdocs-autorefs's changelog.

1.4.4 - 2026-02-10

Compare with 1.4.3

Code Refactoring

• Register headings with a Markdown processor rather than the on_page_content hook and the table of contents (17665e2 by Timothée Mazzucotelli).

Commits

• 73c897a chore: Prepare release 1.4.4
• 1753b0a ci: Ignore unused type ignore comments
• 62cfc22 chore: Symbol reorganization
• 17665e2 refactor: Register headings with a Markdown processor rather than the `on_pag...
• 4664b97 ci: Ignore type warning
• 632d8e9 chore: Update YORE comment
• 3e9bc2f docs: Explain how to find out the anchor of a heading
• See full diff in compare view

Updates mkdocstrings[python] from 1.0.0 to 1.0.3

Release notes

Sourced from mkdocstrings[python]'s releases.

1.0.3

1.0.3 - 2026-02-07

Compare with 1.0.2

Bug Fixes

• Forward extension instances directly passed from Zensical (65b27ec by Timothée Mazzucotelli).
• Propagate Zensical's zrelpath processor (dbf263d by Timothée Mazzucotelli).

1.0.2

1.0.2 - 2026-01-24

Compare with 1.0.1

Code Refactoring

• Use global instances for handlers and autorefs (9f79141 by Timothée Mazzucotelli).

1.0.1

1.0.1 - 2026-01-19

Compare with 1.0.0

Code Refactoring

• Support manual cross-references in Zensical too (d37d907 by Timothée Mazzucotelli).
• Support cross-references in Zensical (f43f1ee by Timothée Mazzucotelli). PR-812

Changelog

Sourced from mkdocstrings[python]'s changelog.

1.0.3 - 2026-02-07

Compare with 1.0.2

Bug Fixes

• Forward extension instances directly passed from Zensical (65b27ec by Timothée Mazzucotelli).
• Propagate Zensical's zrelpath processor (dbf263d by Timothée Mazzucotelli).

1.0.2 - 2026-01-24

Compare with 1.0.1

Code Refactoring

• Use global instances for handlers and autorefs (9f79141 by Timothée Mazzucotelli).

1.0.1 - 2026-01-19

Compare with 1.0.0

Code Refactoring

• Support manual cross-references in Zensical too (d37d907 by Timothée Mazzucotelli).
• Support cross-references in Zensical (f43f1ee by Timothée Mazzucotelli). PR-812

Commits

• 8bdff16 chore: Prepare release 1.0.3
• 65b27ec fix: Forward extension instances directly passed from Zensical
• 1624e2c ci: Update lint/type-checking
• cc3d6a4 chore: Template upgrade
• dbf263d fix: Propagate Zensical's zrelpath processor
• 4e66617 chore: Prepare release 1.0.2
• 9f79141 refactor: Use global instances for handlers and autorefs
• cb8a3c7 chore: Prepare release 1.0.1
• d37d907 refactor: Support manual cross-references in Zensical too
• 0edd18a chore: Clean up after v1
• Additional commits viewable in compare view

Updates griffe from 1.15.0 to 2.0.0

Changelog

Sourced from griffe's changelog.

2.0.0 - 2026-02-09

Compare with 1.15.0

Breaking Changes

This version removes previously deprecated API:

• ExportedName: Public object was removed
• infer_docstring_style(options): Parameter was removed
• parse_auto(options): Parameter was removed
• parse_google(options): Parameter was removed
• parse_numpy(options): Parameter was removed
• parse_sphinx(options): Parameter was removed
• assert_git_repo: Public object was removed
• get_latest_tag: Public object was removed
• get_repo_root: Public object was removed
• tmp_worktree: Public object was removed

Features

• Support merging overload annotations into implementation (584cdb5 by Timothée Mazzucotelli). Issue-442, PR-443
• Add support for PEP 750 template strings (59266a9 by ellie). PR-440

Bug Fixes

• Keep newlines in parameter (and other multiline directives) descriptions in Sphinx docstrings (1fde0d2 by Timothée Mazzucotelli). Issue-mkdocstrings-808, PR-438

Code Refactoring

• Make griffe imports lazy in CLI (4772456 by Timothée Mazzucotelli).
• Split to griffe, griffecli and griffelib uv workspaces (162c31c by Bartosz Sławecki). Issue-408, PR-434, Co-authored-by: Timothée Mazzucotelli dev@pawamoy.fr
• Remove deprecated code (dcb075e by Bartosz Sławecki). PR-433, Co-authored-by: Timothée Mazzucotelli dev@pawamoy.fr

Build

• Declare tag pattern for uv-dynamic-versioning (no v prefix) (c869c97 by Timothée Mazzucotelli). Upstream-issue
• Change build system to hatchling (09b0682 by Bartosz Sławecki). PR-430

Commits

• bc86dc3 chore: Prepare release 2.0.0
• 4772456 refactor: Make griffe imports lazy in CLI
• c869c97 build: Declare tag pattern for uv-dynamic-versioning (no v prefix)
• cb535e0 docs: Update example command in home page
• 40b0a79 chore: Simplify build duty
• 852b5d2 chore: Fix sdist file inclusion
• d750a74 chore: Allow building subpackages in root dist folder
• 9cb6f13 chore: Ignore dist dirs in subpackages
• 584cdb5 feat: Support merging overload annotations into implementation
• 59266a9 feat: Add support for PEP 750 template strings
• Additional commits viewable in compare view

Updates jarvis-tools from 2025.5.30 to 2026.1.10

Commits

• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.59%. Comparing base (86fa66e) to head (b300086).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2353   +/-   ##
=======================================
  Coverage   90.59%   90.59%           
=======================================
  Files          75       75           
  Lines        5030     5030           
=======================================
  Hits         4557     4557           
  Misses        473      473           

Flag	Coverage Δ
project	90.59% <ø> (ø)
validator	90.59% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.