Bump the python-dependencies group across 1 directory with 9 updates

[dependabot]

Bumps the python-dependencies group with 9 updates in the / directory:

Package	From	To
elasticsearch	7.17.12	7.17.13
pymongo	4.15.5	4.16.0
fastapi	0.127.0	0.128.0
starlette	0.50.0	0.52.1
aiida-core	2.7.2	2.7.3
rich	14.2.0	14.3.1
ase	3.26.0	3.27.0
mkdocstrings[python]	1.0.0	1.0.2
jarvis-tools	2025.5.30	2025.8.30

Updates elasticsearch from 7.17.12 to 7.17.13

Commits

• See full diff in compare view

Updates pymongo from 4.15.5 to 4.16.0

Release notes

Sourced from pymongo's releases.

PyMongo 4.16.0

Community notes:

Changelog

Sourced from pymongo's changelog.

Changes in Version 4.16.0 (2026/01/07)

PyMongo 4.16 brings a number of changes including:

• Removed invalid documents from :class:bson.errors.InvalidDocument error messages as doing so may leak sensitive user data. Instead, invalid documents are stored in :attr:bson.errors.InvalidDocument.document.
• PyMongo now requires dnspython>=2.6.1, since dnspython 1.0 is no longer maintained. The minimum version is 2.6.1 to account for CVE-2023-29483 <https://www.cve.org/CVERecord?id=CVE-2023-29483>_.
• Removed support for Eventlet. Eventlet is actively being sunset by its maintainers and has compatibility issues with PyMongo's dnspython dependency.
• Use Zstandard support from the standard library for Python 3.14+, and use backports.zstd for older versions.
• Fixed return type annotation for find_one_and_* methods on :class:~pymongo.asynchronous.collection.AsyncCollection and :class:~pymongo.synchronous.collection.Collection to include None.
• Added support for NumPy 1D-arrays in :class:bson.binary.BinaryVector.
• Prevented :class:~pymongo.encryption.ClientEncryption from loading the crypt shared library to fix "MongoCryptError: An existing crypt_shared library is loaded by the application" unless the linked library search path is set.

Commits

• 3290101 Prepare 4.16.0 release (#2672)
• 1be94d2 PYTHON-5685 Fix unified spec sync metadata for csot and sessions tests (#2669)
• 6585d9c PYTHON-2442: Refactor: use _asdict() in _options_dict() (#2670)
• fdb1f7e PYTHON-5677 Prevent ClientEncryption from loading crypt shared library (#2659)
• 0cd9763 Bump zizmorcore/zizmor-action from cb3d8e846e148d1111d90b03375b9c03deceda37 t...
• 2f263d4 PYTHON-5680 Fix handling of expectedDocuments in Unified Test Runner (#2665)
• e9658b2 Add 4.15.5 release date to changelog (#2666)
• 10dd204 Update coverage[toml] requirement from <=7.10.6,>=5 to >=5,<=7.10.7 (#2662)
• 1300677 [Spec Resync] 12-22-2025 (#2663)
• 18c1f14 PYTHON-5529 Introduce optin setting to await for MinPoolSize population (#2664)
• Additional commits viewable in compare view

Updates fastapi from 0.127.0 to 0.128.0

Release notes

Sourced from fastapi's releases.

0.128.0

Breaking Changes

• ➖ Drop support for pydantic.v1. PR #14609 by @​tiangolo.

Internal

• ✅ Run performance tests only on Pydantic v2. PR #14608 by @​tiangolo.

0.127.1

Refactors

• 🔊 Add a custom FastAPIDeprecationWarning. PR #14605 by @​tiangolo.

Docs

• 📝 Add documentary to website. PR #14600 by @​tiangolo.

Translations

• 🌐 Update translations for de (update-outdated). PR #14602 by @​nilslindemann.
• 🌐 Update translations for de (update-outdated). PR #14581 by @​nilslindemann.

Internal

• 🔧 Update pre-commit to use local Ruff instead of hook. PR #14604 by @​tiangolo.
• ✅ Add missing tests for code examples. PR #14569 by @​YuriiMotov.
• 👷 Remove lint job from test CI workflow. PR #14593 by @​YuriiMotov.
• 👷 Update secrets check. PR #14592 by @​tiangolo.
• 👷 Run CodSpeed tests in parallel to other tests to speed up CI. PR #14586 by @​tiangolo.
• 🔨 Update scripts and pre-commit to autofix files. PR #14585 by @​tiangolo.

Commits

• 8322a44 🔖 Release version 0.128.0
• 4b2cfcf 📝 Update release notes
• e300630 ➖ Drop support for pydantic.v1 (#14609)
• 1b3bea8 📝 Update release notes
• 34e8841 ✅ Run performance tests only on Pydantic v2 (#14608)
• cd90c78 🔖 Release version 0.127.1
• 93f4dfd 📝 Update release notes
• 535b5da 🔊 Add a custom FastAPIDeprecationWarning (#14605)
• 6b53786 📝 Update release notes
• d98f4eb 🔧 Update pre-commit to use local Ruff instead of hook (#14604)
• Additional commits viewable in compare view

Updates starlette from 0.50.0 to 0.52.1

Release notes

Sourced from starlette's releases.

Version 0.52.1

What's Changed

• Only use typing_extensions in older Python versions by @​Kludex in Kludex/starlette#3109

---

Full Changelog: Kludex/starlette@0.52.0...0.52.1

Version 0.52.0

In this release, State can be accessed using dictionary-style syntax for improved type safety (#3036).

from collections.abc import AsyncIterator
from contextlib import asynccontextmanager
from typing import TypedDict
import httpx
from starlette.applications import Starlette
from starlette.requests import Request
class State(TypedDict):
http_client: httpx.AsyncClient
@​asynccontextmanager
async def lifespan(app: Starlette) -> AsyncIterator[State]:
async with httpx.AsyncClient() as client:
yield {"http_client": client}
async def homepage(request: Request[State]):
client = request.state["http_client"]
# If you run the below line with mypy or pyright, it will reveal the correct type.
reveal_type(client)  # Revealed type is 'httpx.AsyncClient'

See Accessing State for more details.

---

Full Changelog: Kludex/starlette@0.51.0...0.52.0

Version 0.51.0

Added

• Add allow_private_network in CORSMiddleware #3065.

Changed

... (truncated)

Changelog

Sourced from starlette's changelog.

0.52.1 (January 18, 2026)

Fixed

• Only use typing_extensions in older Python versions #3109.

0.52.0 (January 18, 2026)

In this release, State can be accessed using dictionary-style syntax for improved type safety (#3036).

from collections.abc import AsyncIterator
from contextlib import asynccontextmanager
from typing import TypedDict
import httpx
from starlette.applications import Starlette
from starlette.requests import Request
class State(TypedDict):
http_client: httpx.AsyncClient
@​asynccontextmanager
async def lifespan(app: Starlette) -> AsyncIterator[State]:
async with httpx.AsyncClient() as client:
yield {"http_client": client}
async def homepage(request: Request[State]):
client = request.state["http_client"]
# If you run the below line with mypy or pyright, it will reveal the correct type.
reveal_type(client)  # Revealed type is 'httpx.AsyncClient'

See Accessing State for more details.

0.51.0 (January 10, 2026)

Added

• Add allow_private_network in CORSMiddleware #3065.

Changed

• Increase warning stacklevel on DeprecationWarning for wsgi module #3082.

Commits

• e5b8a5d Version 0.52.1 (#3110)
• d02eade Only use typing_extensions in older Python versions (#3109)
• f490b42 Version 0.52.0 (#3107)
• d8c7cf9 Turn State into a Mapping (#3036)
• cfce146 chore: bump coverage (#3103)
• 9138e55 fix: setup github pages for deployment (#3102)
• aff6df7 docs: add environment for github docs (#3101)
• 434bab9 docS: fix gh pages deploy (#3100)
• 03426be docs: replace mkdocs by zensical (#3098)
• df2ee22 Version 0.51.0 (#3097)
• Additional commits viewable in compare view

Updates aiida-core from 2.7.2 to 2.7.3

Release notes

Sourced from aiida-core's releases.

AiiDA v2.7.3

See CHANGELOG.md

Changelog

Sourced from aiida-core's changelog.

v2.7.3 - 2026-01-23

Fixes

Transport

• Improve path escaping in OpenSSH transport for special characters (#7171) [4c89d9624]
• Fix a critical race condition in TransportQueue (#7144) [b02a233af]
• Add semaphore control to AsyncSshTransport::exec_command_wait_async to prevent SSH connection overwhelm (#7144) [985d5c809]

Engine

• Fix: Avoid mutating _polling_jobs inside slurm scheduler (#7155) [9f03a8e4c]

Devops

• Switch PyPI publishing to OIDC trusted publishing (#7173) [c4e320816]

Commits

• 67e97fb Release v2.7.3
• de48e38 Switch from token-based to OIDC trusted publishing
• 782ba2a Improve path escaping in OpenSSH transport for special characters
• 60ef336 Fix: Avoid mutating _polling_jobs inside (slurm) scheduler (#7155)
• e395345 Fixes a critical race condition in TransportQueue.
• 53ea84d Add semaphore control to AsyncSshTransport::exec_command_wait_async to preven...
• 29bde8d Fix PyPI index url (#6923)
• 9d0a86f Merge release/2.7.2 into support/2.7.x (#7132)
• 2befa6b Release v2.7.2
• 4005693 CI fixes
• See full diff in compare view

Updates rich from 14.2.0 to 14.3.1

Release notes

Sourced from rich's releases.

The Nerdy Fix release

Fixed issue with characters outside of unicode range reporting 0 cell size

[14.3.1] - 2026-01-24

Fixed

• Fixed characters out of unicode range reporting a cell size if 0 Textualize/rich#3944

The more emojis release

Rich now has support for multi-codepoint emojis. There have also been some Markdown improvements, and a number of fixes. See the release notes below for details.

[14.3.0] - 2026-01-24

Fixed

• IPython now respects when a Console instance is passed to pretty.install Textualize/rich#3915
• Fixed extraneous blank line on non-interactive disabled Progress Textualize/rich#3905
• Fixed extra padding on first cell in columns Textualize/rich#3935
• Fixed trailing whitespace removed when soft_wrap=True Textualize/rich#3937
• Fixed style new-lines when soft_wrap = True and a print style is set Textualize/rich#3938

Added

• Added support for some multi-codepopint glyphs (will fix alignment issues for these characters) Textualize/rich#3930
• Added support for UNICODE_VERSION environment variable Textualize/rich#3930
• Added last_render_height property to LiveRender Textualize/rich#3934
• Expose locals_max_depth and locals_overflow in traceback.install Textualize/rich#3906
• Added Segment.split_lines_terminator Textualize/rich#3938

Changed

• cells.cell_len now has a unicode_version parameter (that you probably should never change) Textualize/rich#3930
• Live will not write a new line if there was nothing rendered Textualize/rich#3934
• Changed style of Markdown headers Textualize/rich#3942
• Changed style of Markdown tables, added markdown.table.header and markdown.table.border styles Textualize/rich#3942
• Changed style of Markdown rules Textualize/rich#3942

Changelog

Sourced from rich's changelog.

[14.3.1] - 2026-01-24

Fixed

• Fixed characters out of unicode range reporting a cell size if 0 Textualize/rich#3944

[14.3.0] - 2026-01-24

Fixed

• IPython now respects when a Console instance is passed to pretty.install Textualize/rich#3915
• Fixed extraneous blank line on non-interactive disabled Progress Textualize/rich#3905
• Fixed extra padding on first cell in columns Textualize/rich#3935
• Fixed trailing whitespace removed when soft_wrap=True Textualize/rich#3937
• Fixed style new-lines when soft_wrap = True and a print style is set Textualize/rich#3938

Added

• Added support for some multi-codepopint glyphs (will fix alignment issues for these characters) Textualize/rich#3930
• Added support for UNICODE_VERSION environment variable Textualize/rich#3930
• Added last_render_height property to LiveRender Textualize/rich#3934
• Expose locals_max_depth and locals_overflow in traceback.install Textualize/rich#3906
• Added Segment.split_lines_terminator Textualize/rich#3938

Changed

• cells.cell_len now has a unicode_version parameter (that you probably should never change) Textualize/rich#3930
• Live will not write a new line if there was nothing rendered Textualize/rich#3934
• Changed style of Markdown headers Textualize/rich#3942
• Changed style of Markdown tables, added markdown.table.header and markdown.table.border styles Textualize/rich#3942
• Changed style of Markdown rules Textualize/rich#3942

Commits

• f2a1c3b Merge pull request #3944 from Textualize/nerf-fonts
• 2e5a5da changelog
• 73ee823 fix fonts
• 36fe3f7 docstring
• 9a99acc Merge pull request #3828 from RyanSharafuddin/master
• 2f56d4d Merge pull request #3942 from Textualize/markdown-style
• 97b5bea typo
• 9303d77 markdown test
• 900052c bump
• e9b0e19 Update to markdown styles
• Additional commits viewable in compare view

Updates ase from 3.26.0 to 3.27.0

Commits

• bbddb82 ASE version 3.27.0
• 9b59235 Merge branch 'fix-1851' into 'master'
• 211871f Merge branch 'ci-fixes' into 'master'
• 6658c2b attempt to fix warnings in windows job
• 1ce3dcf Rename test_bad_restart.py
• 372583a Convert restart into str in todict
• d57625f fix test that was platform-specific for some reason
• 1348389 use exitstack for creation/closing of tempfiles
• bb6f5c8 use exitstack in a way that requires less indentation
• 722e8ec ignore warning about binary incompatibility
• Additional commits viewable in compare view

Updates mkdocstrings[python] from 1.0.0 to 1.0.2

Release notes

Sourced from mkdocstrings[python]'s releases.

1.0.2

1.0.2 - 2026-01-24

Compare with 1.0.1

Code Refactoring

• Use global instances for handlers and autorefs (9f79141 by Timothée Mazzucotelli).

1.0.1

1.0.1 - 2026-01-19

Compare with 1.0.0

Code Refactoring

• Support manual cross-references in Zensical too (d37d907 by Timothée Mazzucotelli).
• Support cross-references in Zensical (f43f1ee by Timothée Mazzucotelli). PR-812

Changelog

Sourced from mkdocstrings[python]'s changelog.

1.0.2 - 2026-01-24

Compare with 1.0.1

Code Refactoring

• Use global instances for handlers and autorefs (9f79141 by Timothée Mazzucotelli).

1.0.1 - 2026-01-19

Compare with 1.0.0

Code Refactoring

• Support manual cross-references in Zensical too (d37d907 by Timothée Mazzucotelli).
• Support cross-references in Zensical (f43f1ee by Timothée Mazzucotelli). PR-812

Commits

• 4e66617 chore: Prepare release 1.0.2
• 9f79141 refactor: Use global instances for handlers and autorefs
• cb8a3c7 chore: Prepare release 1.0.1
• d37d907 refactor: Support manual cross-references in Zensical too
• 0edd18a chore: Clean up after v1
• f43f1ee refactor: Support cross-references in Zensical
• b6a33e2 chore: Update sponsors section in README
• afefc0f chore: Fix docs-deploy duty
• cc54d77 chore: Template upgrade
• See full diff in compare view

Updates jarvis-tools from 2025.5.30 to 2025.8.30

Commits

• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions