fix(deps): update all non-major pep621 dependencies

[red-hat-konflux]

This PR contains the following updates:

Package	Change	Age	Confidence
boto3	==1.41.5 -> ==1.42.3
celery (source, changelog)	==5.5.3 -> ==5.6.0
fastapi (changelog)	==0.122.0 -> ==0.123.9
pytest-httpx (changelog)	==0.35.0 -> ==0.36.0
ruff (source, changelog)	==0.14.7 -> ==0.14.8
types-boto3-lite	==1.41.5 -> ==1.42.3

---

Release Notes

boto/boto3 (boto3)

v1.42.3

Compare Source

======

• api-change:lambda: [botocore] Add DisallowedByVpcEncryptionControl to the LastUpdateStatusReasonCode and StateReasonCode enums to represent failures caused by VPC Encryption Controls.

v1.42.2

Compare Source

======

• api-change:bedrock: [botocore] Adding support in Amazon Bedrock to customize models with reinforcement fine-tuning (RFT) and support for updating the existing Custom Model Deployments.
• api-change:sagemaker: [botocore] Introduces Serverless training: A fully managed compute infrastructure that abstracts away all infrastructure complexity, allowing you to focus purely on model development.

Added AI model customization assets used to train, refine, and evaluate custom models during the model customization process.

v1.42.1

Compare Source

======

• api-change:bedrock: [botocore] Adds the audioDataDeliveryEnabled boolean field to the Model Invocation Logging Configuration.
• api-change:bedrock-agentcore: [botocore] Support for AgentCore Evaluations and Episodic memory strategy for AgentCore Memory.
• api-change:bedrock-agentcore-control: [botocore] Supports AgentCore Evaluations, Policy, Episodic Memory Strategy, Resource Based Policy for Runtime and Gateway APIs, API Gateway Rest API Targets and enhances JWT authorizer.
• api-change:bedrock-runtime: [botocore] Adds support for Audio Blocks and Streaming Image Output plus new Stop Reasons of malformed_model_output and malformed_tool_use.
• api-change:ce: [botocore] This release updates existing Savings Plans Purchase Analyzer and Recommendations APIs to support Database Savings Plans.
• api-change:datazone: [botocore] Amazon DataZone now supports exporting Catalog datasets as Amazon S3 tables, and provides automatic business glossary term suggestions for data assets.
• api-change:endpoint-rules: [botocore] Update endpoint-rules client to latest version
• api-change:fsx: [botocore] S3 Access Points support for FSx for NetApp ONTAP
• api-change:guardduty: [botocore] Adding support for extended threat detection for Amazon EC2 and Amazon ECS. Adding support for wild card suppression rules.
• api-change:lambda: [botocore] Launching Lambda durable functions - a new feature to build reliable multi-step applications and AI workflows natively within the Lambda developer experience.
• api-change:logs: [botocore] CloudWatch Logs adds managed S3 Tables integration to access logs using other analytical tools, as well as facets and field indexing to simplify log analytics in CloudWatch Logs Insights.
• api-change:nova-act: [botocore] Initial release of Nova Act SDK. The Nova Act service enables customers to build and manage fleets of agents for automating production UI workflows with high reliability, fastest time-to-value, and ease of implementation at scale.
• api-change:observabilityadmin: [botocore] CloudWatch Observability Admin adds pipelines configuration for third party log ingestion and transformation of all logs ingested, integration of CloudWatch logs with S3 Tables, and AWS account or organization level enablement for 7 AWS services.
• api-change:opensearch: [botocore] GPU-acceleration helps you build large-scale vector databases faster and more efficiently. You can enable this feature on new OpenSearch domains and OpenSearch Serverless collections. This feature uses GPU-acceleration to reduce the time needed to index data into vector indexes.
• api-change:opensearchserverless: [botocore] GPU-acceleration helps you build large-scale vector databases faster and more efficiently. You can enable this feature on new OpenSearch domains and OpenSearch Serverless collections. This feature uses GPU-acceleration to reduce the time needed to index data into vector indexes.
• api-change:rds: [botocore] RDS Oracle and SQL Server: Add support for adding, modifying, and removing additional storage volumes, offering up to 256TiB storage; RDS SQL Server: Support Developer Edition via custom engine versions for development and testing purposes; M7i/R7i instances with Optimize CPU for cost savings.
• api-change:s3: [botocore] New S3 Storage Class FSX_ONTAP
• api-change:s3control: [botocore] Add support for S3 Storage Lens Advanced Performance Metrics, Expanded Prefixes metrics report, and export to S3 Tables.
• api-change:s3tables: [botocore] Add storage class, replication, and table record expiration features to S3 Tables.
• api-change:s3vectors: [botocore] Amazon S3 Vectors provides cost-effective, elastic, and durable vector storage for queries based on semantic meaning and similarity.
• api-change:sagemaker: [botocore] Added support for serverless MLflow Apps.

Added support for new HubContentTypes (DataSet and JsonDoc) in Private Hub for AI model customization assets, enabling tracking and management of training datasets and evaluators (reward functions/prompts) throughout the ML lifecycle.

• api-change:savingsplans: [botocore] Added support for Amazon Database Savings Plans
• api-change:securityhub: [botocore] ITSM enhancements: DRYRUN mode for testing ticket creation, ServiceNow now uses AWS Secrets Manager for credentials, ConnectorRegistrationsV2 renamed to RegisterConnectorV2, added ServiceQuotaExceededException error, and ConnectorStatus visibility in CreateConnectorV2.

v1.42.0

Compare Source

======

• api-change:appintegrations: [botocore] This release adds support for MCP servers via the ApplicationType field, allowing customers to register their Bedrock AgentCore gateways as third party applications.
• api-change:bedrock-agent: [botocore] Support audio and video ingestion on Bedrock Knowledge Bases.
• api-change:bedrock-agent-runtime: [botocore] Support audio and video content retrieval on Bedrock Knowledge Bases.
• api-change:cleanrooms: [botocore] AWS Clean Rooms now supports privacy-enhancing synthetic dataset generation for custom ML training.
• api-change:cleanroomsml: [botocore] AWS Clean Rooms ML now supports privacy-enhancing synthetic dataset generation for custom ML training.
• api-change:connect: [botocore] This is a combined re:Invent release for Amazon Connect.
• api-change:connectcampaignsv2: [botocore] This release added support for new WhatsApp channel and Journey type outbound campaign
• api-change:connectparticipant: [botocore] Amazon Connect now supports message processing that intercepts and processes chat messages before they reach any participant.
• api-change:customer-profiles: [botocore] This release introduces, CRUD APIs for the DomainObjectType and Recommender resources, APIs to offer statistical insights on Object Type Attributes, Changes to SegmentDefinition APIs to support SQL queries to create Segments, and Changes to Domain APIs to support Data Store.
• api-change:eks: [botocore] This release adds support for EKS Capabilities
• api-change:endpoint-rules: [botocore] Update endpoint-rules client to latest version
• api-change:glue: [botocore] feature: Glue: Add support for Iceberg materialized view in Glue Data Catalog, including updated CreateTable API to support materialized views and new APIs for managing data refresh for materialized views.
  feature: Glue: Add support for Iceberg table encryption keys and struct field defaults.
• api-change:lambda: [botocore] Launching Lambda Managed Instances - a new feature to run Lambda on EC2.
• api-change:lexv2-models: [botocore] Adds support for speech-to-speech models for human-like, adaptive, and expressive voice interactions. Also adds support for speech model preference, allowing customers to select which speech model they want to use for speech-to-text requests.
• api-change:marketplace-agreement: [botocore] This release supports 1/multi-product transactions via offer sets. DescribeAgreement and SearchAgreements APIs now return offer set IDs. SearchAgreements also supports filtering by offer set ID and 2/variable payment pricing terms will be returned through GetAgreementTerms.
• api-change:marketplace-catalog: [botocore] This release introduces offer set entity in AWS Marketplace Catalog API to enable multi-product transaction. Offer set enables sellers to group multiple private offers into a single-click purchase experience, simplifying procurement for customers purchasing multi-product solutions.
• api-change:partnercentral-account: [botocore] Initial GA launch of Partner Central Account
• api-change:partnercentral-benefits: [botocore] Initial GA launch of Partner Central Benefits
• api-change:partnercentral-selling: [botocore] New Features:
  Lead Management APIs for capturing and nurturing leads
  Lead invitation support for partner collaboration
  Lead-to-opportunity conversion operations
  AWS Marketplace OfferSets support for opportunities
• api-change:personalize: [botocore] This release adds support for includedDatasetColumns and performIncrementalUpdate in solution APIs, and rankingInfluence in campaign and batch inference APIs.
• api-change:qconnect: [botocore] New AIAgent types: Orchestration for ModelContextProtocol tool integration, CaseSummary for Amazon Connect Case summaries, NoteTaker for Agent Assistance notes. Added ListSpans and Retrieve APIs. Enhanced Q in Connect AssistantAssociationType to support Bring Your Own Bedrock Knowledge Bases.
• api-change:route53globalresolver: [botocore] Add SDK for Amazon Route 53 Global Resolver, a fully managed DNS resolver service that offers broad DNS-filtering security controls.
• enhancement:AWSCRT: [botocore] Update awscrt version to 0.29.1
• enhancement:s3: Adds partial TransferConfig support for CRT transfer managers.
• feature:s3: Added crt mode to preferred_transfer_client parameter in TransferConfig to enable CRT transfer client in all environments.

celery/celery (celery)

v5.6.0

Compare Source

=====

:release-date: 2025-11-30
:release-by: Tomer Nosrati

Celery v5.6.0 is now available.

Key Highlights

See :ref:`whatsnew-5.6` for a complete overview or read the main highlights below.

Python 3.9 Minimum Version
--------------------------

Celery 5.6.0 drops support for Python 3.8 (EOL). The minimum required Python
version is now 3.9. Users still on Python 3.8 must upgrade their Python version
before upgrading to Celery 5.6.0.

Additionally, this release includes initial support for Python 3.14.

SQS: Reverted to ``pycurl`` from ``urllib3``
--------------------------------------------

The switch from ``pycurl`` to ``urllib3`` for the SQS transport (introduced in
Celery 5.5.0 via Kombu) has been reverted due to critical issues affecting SQS
users:

- Processing throughput dropped from ~100 tasks/sec to ~3/sec in some environments
- ``UnknownOperationException`` errors causing container crash loops
- Silent message processing failures with no error logs

Users of the SQS transport must ensure ``pycurl`` is installed. If you removed
``pycurl`` after upgrading to Celery 5.5.0, you will need to reinstall it.

Contributed by `@auvipy <https://github.com/auvipy>`_ in
`#&#8203;9620 <https://github.com/celery/celery/pull/9620>`_.

Security Fix: Broker Credential Leak Prevention
------------------------------------------------

Fixed a security issue where broker URLs containing passwords were being logged
in plaintext by the delayed delivery mechanism. Broker credentials are now
properly sanitized in all log output.

Contributed by `@giancarloromeo <https://github.com/giancarloromeo>`_ in
`#&#8203;9997 <https://github.com/celery/celery/pull/9997>`_.

Memory Leak Fixes
-----------------

Two significant memory leaks have been fixed in this release:

**Exception Handling Memory Leak**: Fixed a critical memory leak in task exception
handling that was particularly severe on Python 3.11+ due to enhanced traceback
data. The fix properly breaks reference cycles in tracebacks to allow garbage
collection.

Contributed by `@jaiganeshs21 <https://github.com/jaiganeshs21>`_ in
`#&#8203;9799 <https://github.com/celery/celery/pull/9799>`_.

**Pending Result Memory Leak**: Fixed a memory leak where ``AsyncResult``
subscriptions were not being cleaned up when results were forgotten.

Contributed by `@tsoos99dev <https://github.com/tsoos99dev>`_ in
`#&#8203;9806 <https://github.com/celery/celery/pull/9806>`_.

ETA Task Memory Limit
---------------------

New configuration option :setting:`worker_eta_task_limit` to prevent out-of-memory
crashes when workers fetch large numbers of ETA or countdown tasks. Previously,
workers could exhaust available memory when the broker contained many scheduled tasks.

Example usage:

.. code-block:: python

    app.conf.worker_eta_task_limit = 1000

Contributed by `@sashu2310 <https://github.com/sashu2310>`_ in
`#&#8203;9853 <https://github.com/celery/celery/pull/9853>`_.

Queue Type Selection for Auto-created Queues
--------------------------------------------

New configuration options allow specifying the queue type and exchange type when
Celery auto-creates missing queues. This is particularly useful for RabbitMQ users
who want to use quorum queues with auto-created queues.

Configuration options:

- :setting:`task_create_missing_queue_type`: Sets the queue type for auto-created
  queues (e.g., ``quorum``, ``classic``)
- :setting:`task_create_missing_queue_exchange_type`: Sets the exchange type for
  auto-created queues

Example usage:

.. code-block:: python

    app.conf.task_create_missing_queue_type = 'quorum'

Contributed by `@ghirailghiro <https://github.com/ghirailghiro>`_ in
`#&#8203;9815 <https://github.com/celery/celery/pull/9815>`_.

What's Changed

• Prepare for release: v5.6.0 (#​10010)

.. _version-5.6.0rc2:

fastapi/fastapi (fastapi)

v0.123.9

Compare Source

Fixes

• 🐛 Fix OAuth2 scopes in OpenAPI in extra corner cases, parent dependency with scopes, sub-dependency security scheme without scopes. PR #​14459 by @​tiangolo.

v0.123.8

Compare Source

Fixes

• 🐛 Fix OpenAPI security scheme OAuth2 scopes declaration, deduplicate security schemes with different scopes. PR #​14455 by @​tiangolo.

v0.123.7

Compare Source

Fixes

• 🐛 Fix evaluating stringified annotations in Python 3.10. PR #​11355 by @​chaen.

v0.123.6

Compare Source

Fixes

• 🐛 Fix support for functools wraps and partial combined, for async and regular functions and classes in path operations and dependencies. PR #​14448 by @​tiangolo.

v0.123.5

Compare Source

Features

• ✨ Allow using dependables with functools.partial(). PR #​9753 by @​lieryan.
• ✨ Add support for wrapped functions (e.g. @functools.wraps()) used with forward references. PR #​5077 by @​lucaswiman.
• ✨ Handle wrapped dependencies. PR #​9555 by @​phy1729.

Fixes

• 🐛 Fix optional sequence handling with new union syntax from Python 3.10. PR #​14430 by @​Viicos.

Refactors

• 🔥 Remove dangling extra condiitonal no longer needed. PR #​14435 by @​tiangolo.
• ♻️ Refactor internals, update is_coroutine check to reuse internal supported variants (unwrap, check class). PR #​14434 by @​tiangolo.

Translations

• 🌐 Sync German docs. PR #​14367 by @​nilslindemann.

v0.123.4

Compare Source

Fixes

• 🐛 Fix OpenAPI schema support for computed fields when using separate_input_output_schemas=False. PR #​13207 by @​vgrafe.

Docs

• 📝 Fix docstring of servers parameter. PR #​14405 by @​YuriiMotov.

v0.123.3

Compare Source

Fixes

• 🐛 Fix Query\Header\Cookie parameter model alias. PR #​14360 by @​YuriiMotov.
• 🐛 Fix optional sequence handling in serialize sequence value with Pydantic V2. PR #​14297 by @​YuriiMotov.

v0.123.2

Compare Source

Fixes

• 🐛 Fix unformatted {type_} in FastAPIError. PR #​14416 by @​Just-Helpful.
• 🐛 Fix parsing extra non-body parameter list. PR #​14356 by @​YuriiMotov.
• 🐛 Fix parsing extra Form parameter list. PR #​14303 by @​YuriiMotov.
• 🐛 Fix support for form values with empty strings interpreted as missing (None if that's the default), for compatibility with HTML forms. PR #​13537 by @​MarinPostma.

Docs

• 📝 Add tip on how to install pip in case of No module named pip error in virtual-environments.md. PR #​14211 by @​zadevhub.
• 📝 Update Primary Key notes for the SQL databases tutorial to avoid confusion. PR #​14120 by @​FlaviusRaducu.
• 📝 Clarify estimation note in documentation. PR #​14070 by @​SaisakthiM.

v0.123.1

Compare Source

Fixes

• 🐛 Avoid accessing non-existing "$ref" key for Pydantic v2 compat remapping. PR #​14361 by @​svlandeg.
• 🐛 Fix TypeError when encoding a decimal with a NaN or Infinity value. PR #​12935 by @​kentwelcome.

Internal

• 🐛 Fix Windows UnicodeEncodeError in CLI test. PR #​14295 by @​hemanth-thirthahalli.
• 🔧 Update sponsors: add Greptile. PR #​14429 by @​tiangolo.
• 👥 Update FastAPI GitHub topic repositories. PR #​14426 by @​tiangolo.
• ⬆ Bump markdown-include-variants from 0.0.6 to 0.0.7. PR #​14423 by @​YuriiMotov.
• 👥 Update FastAPI People - Sponsors. PR #​14422 by @​tiangolo.
• 👥 Update FastAPI People - Contributors and Translators. PR #​14420 by @​tiangolo.

v0.123.0

Compare Source

Fixes

• 🐛 Cache dependencies that don't use scopes and don't have sub-dependencies with scopes. PR #​14419 by @​tiangolo.

v0.122.1

Compare Source

Fixes

• 🐛 Fix hierarchical security scope propagation. PR #​5624 by @​kristjanvalur.

Docs

• 💅 Update CSS to explicitly use emoji font. PR #​14415 by @​tiangolo.

Internal

• ⬆ Bump markdown-include-variants from 0.0.5 to 0.0.6. PR #​14418 by @​YuriiMotov.

Colin-b/pytest_httpx (pytest-httpx)

v0.36.0

Compare Source

Changed

• pytest required version is now 9.

Added

• Explicit support for python 3.14.
• match_params parameter is now available on responses and callbacks registration, as well as request(s) retrieval. Allowing to provide query parameters as a dict instead of being part of the matched URL.
  • This parameter allows to perform partial query params matching (refer to documentation for more information).

Fixed

• URL with more than one value for the same parameter were not matched properly (matching was performed on the first value).
• httpx_mock.add_exception is now properly documented (accepts BaseException instead of Exception).

Removed

• pytest 8 is not supported anymore.
• python 3.9 is not supported anymore.

astral-sh/ruff (ruff)

v0.14.8

Compare Source

Released on 2025-12-04.

Preview features

• [flake8-bugbear] Catch yield expressions within other statements (B901) (#​21200)
• [flake8-use-pathlib] Mark fixes unsafe for return type changes (PTH104, PTH105, PTH109, PTH115) (#​21440)

Bug fixes

• Fix syntax error false positives for await outside functions (#​21763)
• [flake8-simplify] Fix truthiness assumption for non-iterable arguments in tuple/list/set calls (SIM222, SIM223) (#​21479)

Documentation

• Suggest using --output-file option in GitLab integration (#​21706)

Other changes

• [syntax-error] Default type parameter followed by non-default type parameter (#​21657)

Contributors

• @​kieran-ryan
• @​11happy
• @​danparizher
• @​ntBre

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: uv.lock

Command failed: uv lock --upgrade-package celery --upgrade-package fastapi --upgrade-package pytest-httpx --upgrade-package ruff
Using CPython 3.12.11 interpreter at: /usr/bin/python3
  × No solution found when resolving dependencies:
  ╰─▶ Because pytest-httpx==0.36.0 depends on pytest>=9.dev0 and
      automated-actions:dev depends on pytest==8.4.2, we can conclude that
      automated-actions:dev and pytest-httpx==0.36.0 are incompatible.
      And because automated-actions:dev depends on pytest-httpx==0.36.0 and
      your workspace requires automated-actions:dev, we can conclude that your
      workspace's requirements are unsatisfiable.

File name: uv.lock

Command failed: uv lock --upgrade-package ruff
Using CPython 3.12.11 interpreter at: /usr/bin/python3
  × No solution found when resolving dependencies:
  ╰─▶ Because pytest-httpx==0.36.0 depends on pytest>=9.dev0 and
      automated-actions:dev depends on pytest==8.4.2, we can conclude that
      automated-actions:dev and pytest-httpx==0.36.0 are incompatible.
      And because automated-actions:dev depends on pytest-httpx==0.36.0 and
      your workspace requires automated-actions:dev, we can conclude that your
      workspace's requirements are unsatisfiable.

File name: uv.lock

Command failed: uv lock --upgrade-package ruff
Using CPython 3.12.11 interpreter at: /usr/bin/python3
  × No solution found when resolving dependencies:
  ╰─▶ Because pytest-httpx==0.36.0 depends on pytest>=9.dev0 and
      automated-actions:dev depends on pytest==8.4.2, we can conclude that
      automated-actions:dev and pytest-httpx==0.36.0 are incompatible.
      And because automated-actions:dev depends on pytest-httpx==0.36.0 and
      your workspace requires automated-actions:dev, we can conclude that your
      workspace's requirements are unsatisfiable.

File name: uv.lock

Command failed: uv lock --upgrade-package boto3 --upgrade-package ruff --upgrade-package types-boto3-lite
Using CPython 3.12.11 interpreter at: /usr/bin/python3
  × No solution found when resolving dependencies:
  ╰─▶ Because pytest-httpx==0.36.0 depends on pytest>=9.dev0 and
      automated-actions:dev depends on pytest==8.4.2, we can conclude that
      automated-actions:dev and pytest-httpx==0.36.0 are incompatible.
      And because automated-actions:dev depends on pytest-httpx==0.36.0 and
      your workspace requires automated-actions:dev, we can conclude that your
      workspace's requirements are unsatisfiable.

File name: uv.lock

Command failed: uv lock --upgrade-package ruff
Using CPython 3.12.11 interpreter at: /usr/bin/python3
  × No solution found when resolving dependencies:
  ╰─▶ Because pytest-httpx==0.36.0 depends on pytest>=9.dev0 and
      automated-actions:dev depends on pytest==8.4.2, we can conclude that
      automated-actions:dev and pytest-httpx==0.36.0 are incompatible.
      And because automated-actions:dev depends on pytest-httpx==0.36.0 and
      your workspace requires automated-actions:dev, we can conclude that your
      workspace's requirements are unsatisfiable.