Skip to content

chore(deps-dev): bump fastapi from 0.138.1 to 0.139.0#108

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/fastapi-0.139.0
Open

chore(deps-dev): bump fastapi from 0.138.1 to 0.139.0#108
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/fastapi-0.139.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps fastapi from 0.138.1 to 0.139.0.

Release notes

Sourced from fastapi's releases.

0.139.0

Features

  • ✨ Support dependencies in app.frontend(), e.g. for automatic cookie authentication for the frontend. PR #15908 by @​tiangolo.

Translations

Internal

Commits
  • cecd96d 🔖 Release version 0.139.0 (#15910)
  • aea6609 📝 Update release notes
  • 319be50 ✨ Support dependencies in app.frontend(), e.g. for automatic cookie authent...
  • 66a90f6 📝 Update release notes
  • d30a3eb 👥 Update FastAPI People - Experts (#15909)
  • 122f1b5 📝 Update release notes
  • fd6ece3 👥 Update FastAPI GitHub topic repositories (#15906)
  • ec2a6ad 📝 Update release notes
  • 9d7d7fe 🌐 Update translations for fr (update-outdated) (#15897)
  • 8dc852d 📝 Update release notes
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.138.1 to 0.139.0.
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.138.1...0.139.0)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.139.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file security Security-related dependency or maintenance work labels Jul 6, 2026
@dependabot dependabot Bot requested a review from direct41 as a code owner July 6, 2026 04:14
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file security Security-related dependency or maintenance work labels Jul 6, 2026
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown

AI Risk Manager

  • Decision: review_required
  • Headline: Run a focused 10-minute risk review before merge; risk score 38.
  • Risk score: 38/100
  • Scope: impacted
  • Changed files: 1
  • PR delta: new=1, resolved=1, unchanged=0
  • Support: l2 / supported / ci=advisory
  • Profiles: code_risk:supported, ui_flow_risk:not_applicable, business_invariant_risk:not_applicable

Review Focus

  • Review dependency drift and validate changed runtime behavior with focused tests.

Top Risks

  • [medium] [new] pr_dependency_change_without_test_delta at pyproject.toml: PR changes dependency boundaries without any test delta. Trust: moderate (0.75). Action: Resolve the dependency set, run the package vulnerability audit, and execute focused compatibility tests for the affected integration.

Suppression Hints

If a finding is intentional, add one of these entries to .airiskignore:

- key: "pr_dependency_change_without_test_delta:pyproject.toml:sig:pr-risk:deps-without-tests:pyproject.toml"

Test First

  • [medium] pr_dependency_change_without_test_delta at pyproject.toml (4 min): Resolve the dependency set, run the package vulnerability audit, and execute focused compatibility tests for the affected integration.

Full details: see pr_summary.json, merge_triage.md, report.md, findings.json, and test_plan.json.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file security Security-related dependency or maintenance work

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants