chore(deps): update python dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
pydantic (changelog)	2.13.0 → 2.13.4
requests (changelog)	2.33.1 → 2.34.2
typer (changelog)	0.24.1 → 0.26.1

---

Release Notes

pydantic/pydantic (pydantic)

v2.13.4: 2026-05-06

Compare Source

v2.13.4 (2026-05-06)

What's Changed

Packaging

• Bump libc from 0.2.155 to 0.2.185 by @​Viicos in #​13109
• Adapt pydantic-core linker flags on macOS by @​washingtoneg and @​Viicos in #​13147

Fixes

• Preserve RootModel core metadata by @​Viicos in #​13129

Full Changelog: pydantic/pydantic@v2.13.3...v2.13.4

v2.13.3

Compare Source

GitHub release

What's Changed

Fixes

• Handle AttributeError subclasses with from_attributes by @​Viicos in #​13096

v2.13.2

Compare Source

v2.13.1: 2026-04-15

Compare Source

v2.13.1 (2026-04-15)

What's Changed

Fixes

• Fix ValidationInfo.data missing with model_validate_json() by @​davidhewitt in #​13079

Full Changelog: pydantic/pydantic@v2.13.0...v2.13.1

psf/requests (requests)

v2.34.2

Compare Source

• Moved headers input type back to Mapping to avoid invariance issues
  with MutableMapping and inferred dict types. Users calling
  Request.headers.update() may need to narrow typing in their code. (#​7441)

v2.34.1

Compare Source

Bugfixes

• Widened json input type from dict and list to Mapping
  and Sequence. (#​7436)
• Changed headers input type to MutableMapping and removed None from
  Request.headers typing to improve handling for users. (#​7431)
• Response.reason moved from str | None to str to improve handling
  for users. (#​7437)
• Fixed a bug where some bodies with custom __getattr__ implementations
  weren't being properly detected as Iterables. (#​7433)

v2.34.0

Compare Source

Announcements

• Requests 2.34.0 introduces inline types, replacing those provided by
  typeshed. Public API types should be fully compatible with mypy, pyright,
  and ty. We believe types are comprehensive but if you find issues, please
  report them to the pinned tracking issue.

  Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for
  helping review and test the types ahead of the release. (#​7272)

Improvements

• Digest Auth hashing algorithms have added usedforsecurity=False to clarify
  security considerations. (#​7310)
• Requests added support for Python 3.15 based on beta1. Downstream projects
  should be able to start testing prior to its release in October. (#​7422)
• Requests added support for Python 3.14t. (#​7419)

Bugfixes

• Response.history no longer contains a reference to itself, preventing
  accidental looping when traversing the history list. (#​7328)
• Requests no longer performs greedy matching on no_proxy domains. The
  proxy_bypass implementation has been updated with CPython's fix from
  bpo-39057. (#​7427)
• Requests no longer incorrectly strips duplicate leading slashes in
  URI paths. This should address user issues with specific presigned
  URLs. Note the full fix requires urllib3 2.7.0+. (#​7315)

fastapi/typer (typer)

v0.26.1

Compare Source

Fixes

• 🐛 Ensure that an envvar set for typer.Option works as expected. PR #​1788 by @​svlandeg.

Internal

• ⬆ Bump python-dotenv from 1.2.1 to 1.2.2. PR #​1714 by @​dependabot[bot].

v0.26.0

Compare Source

Breaking Changes

• ➖ Vendor Click and streamline Typer's functionality and code base. PR #​1774 by @​svlandeg.
  • Typer no longer depends on Click as a third party dependency, it vendors (includes the source code of) Click.
  • This simplifies the work done by both Click and Typer teams.
  • It allows Typer to evolve independently, and enables several new planned features.
  • It will solve several dependency conflict situations for projects that use some packages that depend on Click and some that depend on Typer.
  • This also means that Click-specific functionality is no longer supported, like extracting the Click app and adding Click-specific plug-ins, or customizing the field types with Click-specific types.
  • You can read more about it in the docs for Vendored Click.

Docs

• 📝 Update and simplify docs about help and management. PR #​1778 by @​tiangolo.
• 📝 Update contributing docs, reference central docs. PR #​1777 by @​tiangolo.
• 📝 Update security policy. PR #​1775 by @​tiangolo.
• 📝 Update link syntax to minimal Markdown. PR #​1623 by @​tiangolo.
• 📝 Update and simplify usage of admonitions. PR #​1755 by @​tiangolo.

Internal

• 📌 Pin max version of Click to >= 8.2.1, < 8.4 temporarily to prevent incompatibilities. PR #​1753 by @​tiangolo.
  • Superseded by vendoring Click.
• 👷 Configure Dependabot to group updates and update weekly. PR #​1768 by @​YuriiMotov.
• 🔥 Remove config files now in central GitHub repo. PR #​1780 by @​tiangolo.
• ⬆ Bump idna from 3.11 to 3.15. PR #​1771 by @​dependabot[bot].
• ⬆ Bump pymdown-extensions from 10.21.2 to 10.21.3. PR #​1772 by @​dependabot[bot].
• 📝 Fix categorization of PR 1475 in release notes. PR #​1769 by @​svlandeg.
• ✅ Add Fish shell completion tests for colon options. PR #​1475 by @​Mohamed-Elwasila.
• ✅ Extend completion unit tests for zsh, powershell and pwsh. PR #​1767 by @​ADiTyaRaj8969.
• ⬆ Bump actions/github-script from 7.1.0 to 9.0.0. PR #​1746 by @​dependabot[bot].
• 🔧 Fix GitHub link in docs. PR #​1754 by @​tiangolo.
• ⬆️ Migrate to Zensical. PR #​1470 by @​tiangolo.
• ⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR #​1741 by @​dependabot[bot].
• 🔧 Remove unnecessary Ruff rule. PR #​1752 by @​tiangolo.
• 🔒️ Add zizmor and fix audit findings. PR #​1705 by @​YuriiMotov.
• 🔒️ Only allow team members to modify dependencies. PR #​1744 by @​svlandeg.
• ⬆ Bump mypy from 2.0.0 to 2.1.0. PR #​1742 by @​dependabot[bot].
• ⬆ Bump pydantic-settings from 2.14.0 to 2.14.1. PR #​1739 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.34 to 0.0.35. PR #​1740 by @​dependabot[bot].
• ⬆ Bump actions/add-to-project from 1.0.2 to 2.0.0. PR #​1731 by @​dependabot[bot].
• ⬆ Bump actions/labeler from 6.0.1 to 6.1.0. PR #​1734 by @​dependabot[bot].
• ⬆ Bump pydantic from 2.13.3 to 2.13.4. PR #​1736 by @​dependabot[bot].
• ⬆ Bump prek from 0.3.11 to 0.3.13. PR #​1735 by @​dependabot[bot].
• ⬆ Bump mypy from 1.20.2 to 2.0.0. PR #​1737 by @​dependabot[bot].
• 👷 Add pre-commit for typos. PR #​1730 by @​tiangolo.
• ⬆ Bump ty from 0.0.33 to 0.0.34. PR #​1729 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.32 to 0.0.33. PR #​1724 by @​dependabot[bot].

v0.25.1

Compare Source

Features

• 🔧 Add Typer Library Skill for Agents. PR #​1620 by @​svlandeg.

Internal

• ⬆ Bump ruff from 0.15.11 to 0.15.12. PR #​1722 by @​dependabot[bot].
• ⬆ Bump prek from 0.3.10 to 0.3.11. PR #​1723 by @​dependabot[bot].

v0.25.0

Compare Source

Features

• 🚸 Don't truncate code lines in traceback when formatted with Rich. PR #​1695 by @​YuriiMotov.

v0.24.2

Compare Source

Fixes

• 🐛 Ensure that typer.launch forwards correctly when launching a file. PR #​1708 by @​svlandeg.

Refactors

• 🎨 Ensure ty runs without errors. PR #​1628 by @​svlandeg.

Docs

• 📝 Add dates to release notes. PR #​1612 by @​YuriiMotov.
• 💄 Fix code blocks in reference docs overflowing table width. PR #​1630 by @​YuriiMotov.
• 📝 Fix broken link to FastAPI and Friends newsletter. PR #​1540 by @​Karlemami.
• 🔨 Handle external links target=_blank and CSS automatically in JS and CSS. PR #​1622 by @​tiangolo.
• 📝 Remove link to Typer developer survey. PR #​1609 by @​svlandeg.
• ✏️ Clean up documentation in install.md file. PR #​1606 by @​Johandielangman.

Internal

• ⬆ Bump mypy from 1.20.1 to 1.20.2. PR #​1715 by @​dependabot[bot].
• ⬆ Bump prek from 0.3.9 to 0.3.10. PR #​1716 by @​dependabot[bot].
• ⬆ Bump pydantic-settings from 2.13.1 to 2.14.0. PR #​1713 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.31 to 0.0.32. PR #​1711 by @​dependabot[bot].
• ⬆ Bump pydantic from 2.13.2 to 2.13.3. PR #​1712 by @​dependabot[bot].
• ⬆ Bump pygments from 2.19.2 to 2.20.0. PR #​1667 by @​dependabot[bot].
• ⬆ Bump pymdown-extensions from 10.20 to 10.21.2. PR #​1710 by @​YuriiMotov.
• ⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR #​1700 by @​dependabot[bot].
• ⬆ Bump pydantic from 2.13.1 to 2.13.2. PR #​1703 by @​dependabot[bot].
• ⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR #​1701 by @​dependabot[bot].
• ⬆ Bump ruff from 0.15.10 to 0.15.11. PR #​1704 by @​dependabot[bot].
• ⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR #​1702 by @​dependabot[bot].
• ⬆ Bump astral-sh/setup-uv from 7.6.0 to 8.1.0. PR #​1699 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.30 to 0.0.31. PR #​1696 by @​dependabot[bot].
• ⬆ Bump pydantic from 2.13.0 to 2.13.1. PR #​1697 by @​dependabot[bot].
• 🔒 Pin GitHub actions by commit SHA. PR #​1666 by @​YuriiMotov.
• ⬆ Bump ty from 0.0.29 to 0.0.30. PR #​1693 by @​dependabot[bot].
• ⬆ Bump prek from 0.3.8 to 0.3.9. PR #​1691 by @​dependabot[bot].
• ⬆ Bump pygithub from 2.9.0 to 2.9.1. PR #​1692 by @​dependabot[bot].
• ⬆ Bump rich from 14.3.3 to 15.0.0. PR #​1688 by @​dependabot[bot].
• ⬆ Bump pydantic from 2.12.5 to 2.13.0. PR #​1687 by @​dependabot[bot].
• ⬆ Bump mypy from 1.20.0 to 1.20.1. PR #​1689 by @​dependabot[bot].
• ⬆ Bump cryptography from 46.0.6 to 46.0.7. PR #​1682 by @​dependabot[bot].
• ⬆ Bump ruff from 0.15.9 to 0.15.10. PR #​1684 by @​dependabot[bot].
• ⬆ Bump pytest from 9.0.2 to 9.0.3. PR #​1681 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.28 to 0.0.29. PR #​1678 by @​dependabot[bot].
• ⬆ Bump ruff from 0.15.8 to 0.15.9. PR #​1674 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.27 to 0.0.28. PR #​1675 by @​dependabot[bot].
• ⬆ Bump pillow from 12.1.1 to 12.2.0. PR #​1672 by @​dependabot[bot].
• ⬆ Bump mypy from 1.19.1 to 1.20.0. PR #​1670 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.26 to 0.0.27. PR #​1669 by @​dependabot[bot].
• ⬆ Bump cryptography from 46.0.5 to 46.0.6. PR #​1661 by @​dependabot[bot].
• ⬆ Bump ruff from 0.15.7 to 0.15.8. PR #​1659 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.25 to 0.0.26. PR #​1660 by @​dependabot[bot].
• 👷 Configure ty to exit with error code on warnings. PR #​1657 by @​svlandeg.
• ⬆ Bump requests from 2.32.5 to 2.33.0. PR #​1656 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.24 to 0.0.25. PR #​1652 by @​dependabot[bot].
• ⬆ Bump prek from 0.3.6 to 0.3.8. PR #​1648 by @​dependabot[bot].
• ⬆ Bump pytest-cov from 7.0.0 to 7.1.0. PR #​1649 by @​dependabot[bot].
• ⬆ Bump pygithub from 2.8.1 to 2.9.0. PR #​1650 by @​dependabot[bot].
• ⬆ Bump mkdocs-material from 9.7.5 to 9.7.6. PR #​1645 by @​dependabot[bot].
• ⬆ Bump ruff from 0.15.6 to 0.15.7. PR #​1644 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.23 to 0.0.24. PR #​1646 by @​dependabot[bot].
• ⬆ Bump prek from 0.3.5 to 0.3.6. PR #​1638 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.22 to 0.0.23. PR #​1639 by @​dependabot[bot].
• ⬆ Bump pyjwt from 2.10.1 to 2.12.0. PR #​1636 by @​dependabot[bot].
• ⬆ Bump cairosvg from 2.8.2 to 2.9.0. PR #​1635 by @​dependabot[bot].
• ⬆ Bump ruff from 0.15.5 to 0.15.6. PR #​1633 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.21 to 0.0.22. PR #​1634 by @​dependabot[bot].
• ⬆ Bump dorny/paths-filter from 3 to 4. PR #​1632 by @​dependabot[bot].
• ⬆ Bump mkdocs-material from 9.7.4 to 9.7.5. PR #​1629 by @​dependabot[bot].
• ⬆ Bump prek from 0.3.4 to 0.3.5. PR #​1627 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.20 to 0.0.21. PR #​1624 by @​dependabot[bot].
• ⬆ Bump ruff from 0.15.4 to 0.15.5. PR #​1625 by @​dependabot[bot].
• ⬆ Bump mkdocs-material from 9.7.3 to 9.7.4. PR #​1621 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.19 to 0.0.20. PR #​1618 by @​dependabot[bot].
• ⬆ Bump prek from 0.3.3 to 0.3.4. PR #​1617 by @​dependabot[bot].
• ⬆ Bump ruff from 0.15.2 to 0.15.4. PR #​1616 by @​dependabot[bot].
• ⬆ Bump ty from 0.0.18 to 0.0.19. PR #​1615 by @​dependabot[bot].
• ⬆ Bump actions/download-artifact from 7 to 8. PR #​1614 by @​dependabot[bot].
• ⬆ Bump actions/upload-artifact from 6 to 7. PR #​1613 by @​dependabot[bot].
• ⬆ Bump mkdocs-material from 9.7.2 to 9.7.3. PR #​1611 by @​dependabot[bot].
• ⬆ Bump mkdocstrings-python from 2.0.1 to 2.0.3. PR #​1605 by @​svlandeg.
• ⬆ Bump ty from 0.0.17 to 0.0.18. PR #​1602 by @​dependabot[bot].
• ⬆ Bump griffe-warnings-deprecated from 1.1.0 to 1.1.1. PR #​1603 by @​dependabot[bot].
• ⬆ Bump griffe-typingdoc from 0.3.0 to 0.3.1. PR #​1604 by @​dependabot[bot].
• 🔧 Upgrade pytest version and config. PR #​1570 by @​tiangolo.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "before 3am on Monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.