deps: bump the deps group across 1 directory with 5 updates

[dependabot]

Updates the requirements on fastapi, sentry-sdk[fastapi], playwright, openai and uvicorn to permit the latest version.
Updates fastapi from 0.136.1 to 0.136.3

Release notes

Sourced from fastapi's releases.

0.136.3

Refactors

• ♻️ Do not accept underscore headers when using convert_underscores=True (the default). PR #15589 by @​tiangolo.

0.136.2

Refactors

• ♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR #15588 by @​tiangolo.

Docs

• 📝 Document --entrypoint CLI option. PR #15464 by @​YuriiMotov.
• 📝 Update and simplify docs about help and management. PR #15583 by @​tiangolo.
• 📝 Add docs references to central contributing docs. PR #15580 by @​tiangolo.
• 📝 Update security policy. PR #15577 by @​tiangolo.
• 🍱 Update sponsors: TalorData image. PR #15562 by @​tiangolo.
• 📝 Update docs, simplify usage of admonitions, only default ones. PR #15553 by @​tiangolo.
• 📝 Fix image URLs in index.md. PR #15534 by @​YuriiMotov.
• ✏️ Fix Azkaban spelling typo in virtual-environments.md‎. PR #15463 by @​isaacbernat.
• 💄 Improve layout and styling. PR #15462 by @​alejsdev.
• 💄 Refactor opinions section with interactive tabs and new logos. PR #15458 by @​alejsdev.
• 📝 Add FastAPI Conf '26 announcement to docs. PR #15457 by @​alejsdev.

Translations

• 🌐 Improve translation consistency in ‎docs/pt/docs/advanced/generate-clients.md‎. PR #15456 by @​Will-thom.
• 🌐 Update translations for ja (update-outdated). PR #15530 by @​tiangolo.
• 🌐 Update translations for uk (update-outdated). PR #15529 by @​tiangolo.
• 🌐 Update translations for pt (update-outdated). PR #15528 by @​tiangolo.
• 🌐 Update translations for de (update-outdated). PR #15527 by @​tiangolo.
• 🌐 Update translations for tr (update-outdated). PR #15526 by @​tiangolo.
• 🌐 Update translations for ko (update-outdated). PR #15525 by @​tiangolo.
• 🌐 Update translations for zh-hant (update-outdated). PR #15524 by @​tiangolo.
• 🌐 Update translations for fr (update-outdated). PR #15522 by @​tiangolo.
• 🌐 Update translations for es (update-outdated). PR #15523 by @​tiangolo.
• 🌐 Update translations for zh (update-outdated). PR #15520 by @​tiangolo.
• 🌐 Update translations for ru (update-outdated). PR #15521 by @​tiangolo.
• 🌐 Fix typos in Spanish LLM-prompt. PR #15472 by @​crr004.

Internal

• ✅ Update tests, don't double dispose the engine. PR #15587 by @​tiangolo.
• ⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR #13583 by @​dikos1337.
• 🔥 Remove config files now in central GitHub repo. PR #15585 by @​tiangolo.
• ⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR #15502 by @​dependabot[bot].
• ⬆ Bump idna from 3.11 to 3.15. PR #15565 by @​dependabot[bot].
• ⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR #15571 by @​dependabot[bot].
• 🔧 Migrate docs from MkDocs to Zensical. PR #15563 by @​tiangolo.
• 🔒️ Only allow team members to modify dependencies. PR #15548 by @​svlandeg.

... (truncated)

Commits

• 8206485 🔖 Release version 0.136.3
• c910e01 📝 Update release notes
• 063b5bf ♻️ Do not accept underscore headers when using convert_underscores=True (th...
• 22b02e2 🔖 Release version 0.136.2
• 3b252a2 📝 Update release notes
• c7fb785 ♻️ Validate Server Sent Event fields to avoid applications from sending broke...
• cb83b83 📝 Update release notes
• 00f805c ✅ Update tests, don't double dispose the engine (#15587)
• 3675137 📝 Update release notes
• 7b57e42 📝 Document --entrypoint CLI option (#15464)
• Additional commits viewable in compare view

Updates sentry-sdk[fastapi] to 2.61.0

Release notes

Sourced from sentry-sdk[fastapi]'s releases.

2.61.0

New Features ✨

• Add server.address to transformed spans when stream_gen_ai_spans=True by @​alexander-alderman-webb in #6307

• Allow integrations to define control flow exceptions by @​sentrivana in #6425

• Disable string truncation for events by default by @​alexander-alderman-webb in #6290

  Following a previous significant increase of the string truncation limit, we've now completely removed the limit by default. In case you have large strings in your events, you should now be able to see them.

  In rare cases, if you have really long strings (or a lot of them), you might see envelopes being dropped because of their size. If that happens, you can set the max_value_length init option to the previous value of 100_000:

  sentry_sdk.init(
      ...,
      max_value_length=100_000,
  )

Bug Fixes 🐛

Langchain

• Stop setting transaction status when child span fails by @​alexander-alderman-webb in #6301
• Catch TypeError on langchain.agents import by @​alexander-alderman-webb in #6268

Openai Agents

• Handle starting_agent keyword argument in runner patches by @​ericapisani in #6428
• Remove hosted MCP tool spans by @​alexander-alderman-webb in #6391
• Use name, not description in start_span by @​sentrivana in #6323
• Stop setting transaction status when child span fails by @​alexander-alderman-webb in #6303

Pydantic AI

• Stop setting tokens on Invoke Agent spans by @​alexander-alderman-webb in #6320
• Stop setting transaction status when child span fails by @​alexander-alderman-webb in #6302
• Remove Agent.run_stream_events() patch by @​alexander-alderman-webb in #6281

Strawberry

• Wrap yields in try-except to ensure span cleanup by @​ericapisani in #6381
• Fix AttributeError on graphql_span in resolve by @​sentrivana in #6289

Other

• (anthropic) Do not set gen_ai.response.model to None by @​alexander-alderman-webb in #6312
• (asyncpg) Use Sentry span attribute name conventions by @​ericapisani in #6306
• (boto3) Guard setting method by @​sentrivana in #6288

... (truncated)

Changelog

Sourced from sentry-sdk[fastapi]'s changelog.

2.61.0

New Features ✨

• Add server.address to transformed spans when stream_gen_ai_spans=True by @​alexander-alderman-webb in #6307

• Allow integrations to define control flow exceptions by @​sentrivana in #6425

• Disable string truncation for events by default by @​alexander-alderman-webb in #6290

  Following a previous significant increase of the string truncation limit, we've now completely removed the limit by default. In case you have large strings in your events, you should now be able to see them.

  In rare cases, if you have really long strings (or a lot of them), you might see envelopes being dropped because of their size. If that happens, you can set the max_value_length init option to the previous value of 100_000:

  sentry_sdk.init(
      ...,
      max_value_length=100_000,
  )

Bug Fixes 🐛

Langchain

• Stop setting transaction status when child span fails by @​alexander-alderman-webb in #6301
• Catch TypeError on langchain.agents import by @​alexander-alderman-webb in #6268

Openai Agents

• Handle starting_agent keyword argument in runner patches by @​ericapisani in #6428
• Remove hosted MCP tool spans by @​alexander-alderman-webb in #6391
• Use name, not description in start_span by @​sentrivana in #6323
• Stop setting transaction status when child span fails by @​alexander-alderman-webb in #6303

Pydantic AI

• Stop setting tokens on Invoke Agent spans by @​alexander-alderman-webb in #6320
• Stop setting transaction status when child span fails by @​alexander-alderman-webb in #6302
• Remove Agent.run_stream_events() patch by @​alexander-alderman-webb in #6281

Strawberry

• Wrap yields in try-except to ensure span cleanup by @​ericapisani in #6381
• Fix AttributeError on graphql_span in resolve by @​sentrivana in #6289

Other

• (anthropic) Do not set gen_ai.response.model to None by @​alexander-alderman-webb in #6312
• (asyncpg) Use Sentry span attribute name conventions by @​ericapisani in #6306

... (truncated)

Commits

• 53df878 Update CHANGELOG.md
• 24f6bf7 Update CHANGELOG.md
• f50bec5 Update CHANGELOG.md
• 3546946 release: 2.61.0
• 54f7686 feat(span-streaming): Add more attrs to segment spans (#6432)
• 7e27e34 feat(openai): Support span streaming (#6431)
• 139a9a1 feat: Add server.address to transformed spans when `stream_gen_ai_spans=Tru...
• 7bf1d6e fix(openai_agents): Handle starting_agent keyword argument in runner patches ...
• 5662d86 test(langchain): Deduplicate by removing node.callspec.id matching (#6426)
• fb9def2 feat(huey): Migrate Huey integration to spans-first tracing (#6399)
• Additional commits viewable in compare view

Updates playwright from 1.59.0 to 1.60.0

Release notes

Sourced from playwright's releases.

v1.60.0

🐍 Python improvements

• New FormData class for building multipart/form-data request bodies — pass to api_request_context.post(form=…) etc.
• expect.soft(...) soft assertions collect multiple failures in a test instead of stopping at the first one. Requires up-to-date pytest integration to work.
• All timeout parameters now accept datetime.timedelta — applies wherever a timeout is taken, e.g. page.goto(), locator.click(), expect(...).to_be_visible().
• Async context manager support across more APIs — async with now works for objects returned from screencast.show_actions(), screencast.show_overlays(), etc.
• page.expect_request(...) and page.expect_response(...) now accept async predicates.
• Typed overloads for expect_event / wait_for_event so the event payload type is inferred per event name.

🌐 HAR recording on Tracing

tracing.start_har() / tracing.stop_har() expose HAR recording as a first-class tracing API, with the same content, mode and url_filter options as record_har:

context.tracing.start_har("trace.har")
page = context.new_page()
page.goto("https://playwright.dev")
context.tracing.stop_har()

🪝 Drop API

New locator.drop() simulates an external drag-and-drop of files or clipboard-like data onto an element. Playwright dispatches dragenter, dragover, and drop with a synthetic DataTransfer in the page context — works cross-browser and is great for testing upload zones:

page.locator("#dropzone").drop(
    files={"name": "note.txt", "mime_type": "text/plain", "buffer": b"hello"},
)
page.locator("#dropzone").drop(
data={
"text/plain": "hello world",
"text/uri-list": "https://example.com",
},
)

🎯 Aria snapshots

• expect(page).to_match_aria_snapshot() now works on a Page, in addition to a Locator — equivalent to asserting against page.locator("body").
• New boxes option on locator.aria_snapshot() / page.aria_snapshot() appends each element's bounding box as [box=x,y,width,height], useful for AI consumption.

New APIs

Browser, Context and Page

• Event browser.on("context") — fired when a new context is created on the browser.
• BrowserContext now mirrors lifecycle events from its pages: browser_context.on("download"), browser_context.on("frameattached"), browser_context.on("framedetached"), browser_context.on("framenavigated"), browser_context.on("pageclose"), browser_context.on("pageload").

Locators and Assertions

... (truncated)

Commits

• 93f3201 chore: roll driver to 1.60.0 (#3079)
• 0ebdf2d feat(assertions): add expect.soft() for collecting multiple failures (#3065)
• 18810d8 feat: add FormData class for form and multipart requests (#3060)
• b846cee chore: roll to 1.60.0-beta-1778142790000 (#3069)
• 873c5c7 fix(setup): update auditwheel to 6.4.0 for InWheel tempdir fix (#3063)
• 9df9fac feat: accept datetime.timedelta for timeout parameters (#3059)
• 856ae37 devops: Update EsrpRelease (#3064)
• 161bd3d build(deps): bump flake8 from 7.2.0 to 7.3.0 (#2896)
• ac9bf29 build(deps): bump types-requests from 2.32.4.20250809 to 2.32.4.20260107 (#2975)
• deb2df8 build(deps): bump pytest-cov from 6.3.0 to 7.1.0 (#2976)
• Additional commits viewable in compare view

Updates openai from 2.37.0 to 2.38.0

Release notes

Sourced from openai's releases.

v2.38.0

2.38.0 (2026-05-21)

Full Changelog: v2.37.0...v2.38.0

Features

• api: api update (33d1d01)
• api: manual updates (a21700a)
• api: update OpenAPI spec or Stainless config (00265c5)

Chores

• api: docs updates (ee10152)
• check release PR custom code sync (2638779)
• remove release automation trigger (bd6eea5)
• trigger release automation (f62d082)

Changelog

Sourced from openai's changelog.

2.38.0 (2026-05-21)

Full Changelog: v2.37.0...v2.38.0

Features

• api: api update (33d1d01)
• api: manual updates (a21700a)
• api: update OpenAPI spec or Stainless config (00265c5)

Chores

• api: docs updates (ee10152)
• check release PR custom code sync (2638779)
• remove release automation trigger (bd6eea5)
• trigger release automation (f62d082)

Commits

• e757667 release: 2.38.0
• b85b647 feat(api): api update
• d881c67 Revert "chore: check release PR custom code sync"
• d4a3228 chore: check release PR custom code sync
• 4888838 chore: remove release automation trigger
• 74978f0 chore: trigger release automation
• bab18af chore(api): docs updates
• a6f899a feat(api): manual updates
• 2897485 feat(api): update OpenAPI spec or Stainless config
• a2f1d6c codegen metadata
• Additional commits viewable in compare view

Updates uvicorn from 0.46.0 to 0.48.0

Release notes

Sourced from uvicorn's releases.

Version 0.48.0

What's Changed

• Default ssl_ciphers to None and use OpenSSL defaults by @​Kludex in Kludex/uvicorn#2940
• Ignore duplicate forwarding headers in ProxyHeadersMiddleware by @​Kludex in Kludex/uvicorn#2944

Full Changelog: Kludex/uvicorn@0.47.0...0.48.0

Version 0.47.0

What's Changed

• Eagerly import the ASGI app in the parent process by @​Kludex in Kludex/uvicorn#2919
• Add ssl_context_factory for custom SSLContext configuration by @​Kludex in Kludex/uvicorn#2920
• Treat fd=0 as a valid file descriptor with reload/workers by @​eltoder in Kludex/uvicorn#2927

Full Changelog: Kludex/uvicorn@0.46.0...0.47.0

Changelog

Sourced from uvicorn's changelog.

0.48.0 (May 24, 2026)

Changed

• Default ssl_ciphers to None and use OpenSSL defaults (#2940)

Fixed

• Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)

0.47.0 (May 14, 2026)

Added

• Add ssl_context_factory for custom SSLContext configuration (#2920)

Changed

• Eagerly import the ASGI app in the parent process (#2919)

Fixed

• Treat fd=0 as a valid file descriptor with reload/workers (#2927)

Commits

• 73e84e5 Version 0.48.0 (#2951)
• 45ea116 Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)
• dd4394c chore(deps): bump idna from 3.11 to 3.15 (#2941)
• abe0781 Default ssl_ciphers to None and use OpenSSL defaults (#2940)
• 479a2c0 Version 0.47.0 (#2937)
• 89347fd Add 7-day cooldown for dependency resolution via uv exclude-newer (#2936)
• 767315b Drop unused contents/actions permissions from zizmor workflow (#2935)
• f25ee43 chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (#2933)
• 8782666 Fix typo in docs/deployment/index.md. (#2932)
• ad5ff87 Treat fd=0 as a valid file descriptor with reload/workers (#2927)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions