MESH-2092 Bump the dependencies group with 4 updates

[dependabot]

Bumps the dependencies group with 4 updates: cryptography, fastapi, gunicorn and starlette.

Updates cryptography from 46.0.4 to 46.0.5

Changelog

Sourced from cryptography's changelog.

46.0.5 - 2026-02-10

* An attacker could create a malicious public key that reveals portions of your
  private key when using certain uncommon elliptic curves (binary curves).
  This version now includes additional security checks to prevent this attack.
  This issue only affects binary elliptic curves, which are rarely used in
  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and
  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.
  **CVE-2026-26007**
* Support for ``SECT*`` binary elliptic curves is deprecated and will be
  removed in the next release.
.. v46-0-4:

Commits

• 06e120e bump version for 46.0.5 release (#14289)
• 0eebb9d EC check key on cofactor > 1 (#14287)
• bedf6e1 fix openssl version on 46 branch (#14220)
• See full diff in compare view

Updates fastapi from 0.128.6 to 0.128.7

Release notes

Sourced from fastapi's releases.

0.128.7

Features

• ✨ Show a clear error on attempt to include router into itself. PR #14258 by @​JavierSanchezCastro.
• ✨ Replace dict by Mapping on HTTPException.headers. PR #12997 by @​rijenkii.

Refactors

• ♻️ Simplify reading files in memory, do it sequentially instead of (fake) parallel. PR #14884 by @​tiangolo.

Docs

• 📝 Use dfn tag for definitions instead of abbr in docs. PR #14744 by @​YuriiMotov.

Internal

• ✅ Tweak comment in test to reference PR. PR #14885 by @​tiangolo.
• 🔧 Update LLM-prompt for abbr and dfn tags. PR #14747 by @​YuriiMotov.
• ✅ Test order for the submitted byte Files. PR #14828 by @​valentinDruzhinin.
• 🔧 Configure test workflow to run tests with inline-snapshot=review. PR #14876 by @​YuriiMotov.

Commits

• 8f82c94 🔖 Release version 0.128.7
• 5bb3423 📝 Update release notes
• 6ce5e3e ✅ Tweak comment in test to reference PR (#14885)
• 65da3dd 📝 Update release notes
• 81f82fd 🔧 Update LLM-prompt for abbr and dfn tags (#14747)
• ff72101 📝 Update release notes
• ca76a4e 📝 Use dfn tag for definitions instead of abbr in docs (#14744)
• 1133a45 📝 Update release notes
• 38f9659 ✅ Test order for the submitted byte Files (#14828)
• 3f1cc8f 📝 Update release notes
• Additional commits viewable in compare view

Updates gunicorn from 25.0.2 to 25.0.3

Release notes

Sourced from gunicorn's releases.

25.0.3

What's Changed

Bug Fixes

• Fix RuntimeError when StopIteration raised in ASGI coroutine (#3484)
• Fix passing maxsplit in re.split() as positional argument (deprecated in Python 3.13)

Documentation

• Updated sponsorship section and homepage

Full Changelog: benoitc/gunicorn@25.0.2...25.0.3

Commits

• fc85068 chore: prepare release 25.0.3
• 787602f docs: shorten README sponsor section
• a52c81f Merge pull request #3492 from benoitc/feature/improve-sponsorship
• 1afb2b7 Merge pull request #3490 from tyrossel/master
• 2ead70d docs: add Sponsor to top-level navigation
• 874e8be docs: shorten sponsor section on homepage
• 7293b21 docs: add prominent sponsorship options
• 70d571b docs: update homepage title and remove version display
• d301d53 fix: resolve RuntimeError when StopIteration raised in ASGI coroutine
• 68abb98 fix: passing maxsplit in re.split() as positional argument is deprecated
• See full diff in compare view

Updates starlette from 0.50.0 to 0.52.1

Release notes

Sourced from starlette's releases.

Version 0.52.1

What's Changed

• Only use typing_extensions in older Python versions by @​Kludex in Kludex/starlette#3109

---

Full Changelog: Kludex/starlette@0.52.0...0.52.1

Version 0.52.0

In this release, State can be accessed using dictionary-style syntax for improved type safety (#3036).

from collections.abc import AsyncIterator
from contextlib import asynccontextmanager
from typing import TypedDict
import httpx
from starlette.applications import Starlette
from starlette.requests import Request
class State(TypedDict):
http_client: httpx.AsyncClient
@​asynccontextmanager
async def lifespan(app: Starlette) -> AsyncIterator[State]:
async with httpx.AsyncClient() as client:
yield {"http_client": client}
async def homepage(request: Request[State]):
client = request.state["http_client"]
# If you run the below line with mypy or pyright, it will reveal the correct type.
reveal_type(client)  # Revealed type is 'httpx.AsyncClient'

See Accessing State for more details.

---

Full Changelog: Kludex/starlette@0.51.0...0.52.0

Version 0.51.0

Added

• Add allow_private_network in CORSMiddleware #3065.

Changed

... (truncated)

Changelog

Sourced from starlette's changelog.

0.52.1 (January 18, 2026)

Fixed

• Only use typing_extensions in older Python versions #3109.

0.52.0 (January 18, 2026)

In this release, State can be accessed using dictionary-style syntax for improved type safety (#3036).

from collections.abc import AsyncIterator
from contextlib import asynccontextmanager
from typing import TypedDict
import httpx
from starlette.applications import Starlette
from starlette.requests import Request
class State(TypedDict):
http_client: httpx.AsyncClient
@​asynccontextmanager
async def lifespan(app: Starlette) -> AsyncIterator[State]:
async with httpx.AsyncClient() as client:
yield {"http_client": client}
async def homepage(request: Request[State]):
client = request.state["http_client"]
# If you run the below line with mypy or pyright, it will reveal the correct type.
reveal_type(client)  # Revealed type is 'httpx.AsyncClient'

See Accessing State for more details.

0.51.0 (January 10, 2026)

Added

• Add allow_private_network in CORSMiddleware #3065.

Changed

• Increase warning stacklevel on DeprecationWarning for wsgi module #3082.

Commits

• e5b8a5d Version 0.52.1 (#3110)
• d02eade Only use typing_extensions in older Python versions (#3109)
• f490b42 Version 0.52.0 (#3107)
• d8c7cf9 Turn State into a Mapping (#3036)
• cfce146 chore: bump coverage (#3103)
• 9138e55 fix: setup github pages for deployment (#3102)
• aff6df7 docs: add environment for github docs (#3101)
• 434bab9 docS: fix gh pages deploy (#3100)
• 03426be docs: replace mkdocs by zensical (#3098)
• df2ee22 Version 0.51.0 (#3097)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

☂️ Python Coverage

current status: ✅

Overall Coverage

Lines	Covered	Coverage	Threshold	Status
2931	2719	93%	85%	🟢

New Files

No new covered files...

Modified Files

No covered modified files...

updated for commit: e25cacc by action🐍

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.