Bump the patch-updates group across 1 directory with 5 updates

[dependabot]

Bumps the patch-updates group with 5 updates in the /stats-api directory:

Package	From	To
flask-cors	6.0.2	6.0.4
pydantic	2.13.2	2.13.4
ruff	0.15.11	0.15.16
ty	0.0.31	0.0.44
sqlalchemy	2.0.49	2.0.50

Updates flask-cors from 6.0.2 to 6.0.4

Release notes

Sourced from flask-cors's releases.

6.0.4

What's Changed

• Add MyPy Typing by @​corydolphin in corydolphin/flask-cors#409

Full Changelog: corydolphin/flask-cors@6.0.3...6.0.4

6.0.3

What's Changed

• Derive package version from git tag via setuptools-scm by @​corydolphin in corydolphin/flask-cors#405
• Improve CI/CD security with least privilege and build separation by @​corydolphin in corydolphin/flask-cors#406

Full Changelog: corydolphin/flask-cors@6.0.2...6.0.3

6.0.3-pre

What's Changed

• Derive package version from git tag via setuptools-scm by @​corydolphin in corydolphin/flask-cors#405
• Improve CI/CD security with least privilege and build separation by @​corydolphin in corydolphin/flask-cors#406

Full Changelog: corydolphin/flask-cors@6.0.2...6.0.3

Commits

• d601665 Add strict MyPy Typing
• c8e8871 Harden release publishing workflow (#406)
• e1d4034 Derive package version from git tag via setuptools-scm (#405)
• See full diff in compare view

Updates pydantic from 2.13.2 to 2.13.4

Release notes

Sourced from pydantic's releases.

v2.13.4 2026-05-06

v2.13.4 (2026-05-06)

What's Changed

Packaging

• Bump libc from 0.2.155 to 0.2.185 by @​Viicos in #13109
• Adapt pydantic-core linker flags on macOS by @​washingtoneg and @​Viicos in #13147

Fixes

• Preserve RootModel core metadata by @​Viicos in #13129

Full Changelog: pydantic/pydantic@v2.13.3...v2.13.4

v2.13.3 2026-04-20

v2.13.3 (2026-04-20)

What's Changed

Fixes

• Handle AttributeError subclasses with from_attributes by @​Viicos in #13096

Full Changelog: pydantic/pydantic@v2.13.2...v2.13.3

Changelog

Sourced from pydantic's changelog.

v2.13.4 (2026-05-06)

GitHub release

What's Changed

Packaging

• Bump libc from 0.2.155 to 0.2.185 by @​Viicos in #13109
• Adapt pydantic-core linker flags on macOS by @​washingtoneg and @​Viicos in #13147

Fixes

• Preserve RootModel core metadata by @​Viicos in #13129

v2.13.3 (2026-04-20)

GitHub release

What's Changed

Fixes

• Handle AttributeError subclasses with from_attributes by @​Viicos in #13096

Commits

• cf67d4b Fix linting
• f0d8a21 Prepare release v2.13.4
• 5e3fe1d Check for pydantic tag pattern in CI
• 7f9edcc Document tagging conventions
• b46a0c9 Adapt pydantic-core linker flags on macOS
• 50629c8 Update to PyPy 7.3.22
• 8522ebb Preserve RootModel core metadata
• a37f3af Adapt MISSING sentinel test to work with unreleased typing_extensions ver...
• 909259a Remove Logfire example in documentation
• 2c4174c Bump libc from 0.2.155 to 0.2.185
• Additional commits viewable in compare view

Updates ruff from 0.15.11 to 0.15.16

Release notes

Sourced from ruff's releases.

0.15.16

Release Notes

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.16

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

0.15.15

... (truncated)

Commits

• 6c498ab Bump 0.15.16 (#25635)
• e51e132 [flake8-async] Implement yield-in-context-manager-in-async-generator (`AS...
• 7c6dcd9 [ty] Add caching for pattern match narrowing (#25613)
• 27058fc [ty] Compact retained definition and expression identities (#25606)
• bf80d05 Fix CODEOWNERS syntax (#25622)
• 10ccd51 Shrink additional parser AST collections (#25465)
• 0d7135f [ty] Upgrade Salsa (#25545)
• 49493a3 [ty] Show type alias value on hover (#25381)
• 85207d3 [ty] sys.implementation.version is not sys.version_info (#25608)
• a8a0614 [ty] Avoid retaining duplicate function signatures (#25609)
• Additional commits viewable in compare view

Updates ty from 0.0.31 to 0.0.44

Release notes

Sourced from ty's releases.

0.0.44

Release Notes

Released on 2026-06-04.

Bug fixes

• Avoid treating sys.implementation.version like sys.version_info (#25608)
• Fix anchor point for override diagnostics (#25621)

LSP server

• Show type alias value on hover (#25381)

Performance

• Add caching for pattern match narrowing (#25613)
• Compact retained definition and expression identities (#25606)
• Reuse expression cache for TypedDict union inference (#25643)
• Upgrade Salsa (#25545)

Core type checking

• Enable narrowing for unions of TypedDict (#25188)

Contributors

• @​lerebear
• @​MichaReiser
• @​carljm
• @​pierrem964
• @​charliermarsh
• @​Hugo-Polloli

Install ty 0.0.44

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.44/ty-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ty/releases/download/0.0.44/ty-installer.ps1 | iex"

Download ty 0.0.44

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.44

Released on 2026-06-04.

Bug fixes

• Avoid treating sys.implementation.version like sys.version_info (#25608)
• Fix anchor point for override diagnostics (#25621)

LSP server

• Show type alias value on hover (#25381)

Performance

• Add caching for pattern match narrowing (#25613)
• Compact retained definition and expression identities (#25606)
• Reuse expression cache for TypedDict union inference (#25643)
• Upgrade Salsa (#25545)

Core type checking

• Enable narrowing for unions of TypedDict (#25188)

Contributors

• @​lerebear
• @​MichaReiser
• @​carljm
• @​pierrem964
• @​charliermarsh
• @​Hugo-Polloli

0.0.43

Released on 2026-06-03.

Bug fixes

• Don't inject Unknown from non-callable elements of intersection call (#25538)
• Don't needlessly disambiguate the same type alias (#25563)
• Fix variance inference for nested type aliases (#25567)
• Ignore rejected member annotations for synthesized bindings (#25427)
• Normalize dynamic class literals in cycle recovery (#25558)
• Register file roots for first-party search paths (#25522)
• Treat union-bound typevars like unions for possibly-missing-attribute (#25561)

LSP server

• Suppress importable completions that are already in scope (#25479)

... (truncated)

Commits

• f5523e2 Bump version to 0.0.44 (#3667)
• 29ce314 Bump version to 0.0.43 (#3648)
• 794322d Update docker/build-push-action action to v7.2.0 (#3629)
• ce89685 Update prek dependencies (#3628)
• 792fb71 Update docker/login-action action to v4.2.0 (#3630)
• 5c37747 Update docker/metadata-action action to v6.1.0 (#3631)
• 5a3e169 Update docker/setup-buildx-action action to v4.1.0 (#3632)
• c2500cc Release: Force usage of PyPI as the index (#3616)
• 7f8cb64 Bump version to 0.0.42 (#3615)
• 41bb0d2 Bump version to 0.0.41 (#3601)
• Additional commits viewable in compare view

Updates sqlalchemy from 2.0.49 to 2.0.50

Release notes

Sourced from sqlalchemy's releases.

2.0.50

Released: May 24, 2026

orm

• [orm] [bug] Fixed issue where using _orm.joinedload() with PropComparator.of_type() targeting a joined-table subclass combined with PropComparator.and_() referencing a column on that subclass would generate invalid SQL, where the subclass column was not adapted to the subquery alias. Pull request courtesy Joaquin Hui Gomez.

  References: #13203

• [orm] [bug] Fixed issue where the presence of a SessionEvents.do_orm_execute() event hook would cause internal execution options such as yield_per and loader-specific state from the first orm_pre_session_exec pass to leak into the second pass, leading to errors when using relationship loaders such as selectinload() and immediateload(). The execution options passed to the second compilation pass are now based on the original options plus only the explicit updates made via ORMExecuteState.update_execution_options() within the event hook.

  References: #13301

• [orm] [bug] Fixed issue where using _orm.with_polymorphic() on a leaf class (a subclass with no further descendants) or a non-inherited class would fail with an AttributeError when used in an ORM statement, due to _orm.configure_mappers() not being triggered implicitly. The fix ensures that AliasedInsp participates in the _post_inspect hook, triggering mapper configuration during ORM statement compilation.

  References: #13319

sql

• [sql] [bug] Fixed issue where floor division (//) between a Float or Numeric numerator and an Integer denominator would omit the FLOOR() SQL wrapper on dialects where Dialect.div_is_floordiv is True (the default, including PostgreSQL and SQLite). FLOOR() is now applied if either the denominator or the numerator is a non-integer, so that expressions such as float_col // int_col render as FLOOR(float_col / int_col) instead of the incorrect float_col / int_col. Pull request courtesy r266-tech.

  References: #10528

postgresql

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions