Bump the dependencies group with 7 updates

[dependabot]

Bumps the dependencies group with 7 updates:

Package	From	To
pydantic	2.12.5	2.13.2
aws-lambda-powertools	3.27.0	3.28.0
boto3	1.42.88	1.42.91
aws-cdk-lib	2.248.0	2.250.0
ruff	0.15.10	0.15.11
hypothesis	6.151.12	6.152.1
mkdocstrings	1.0.3	1.0.4

Updates pydantic from 2.12.5 to 2.13.2

Release notes

Sourced from pydantic's releases.

v2.13.1 2026-04-15

v2.13.1 (2026-04-15)

What's Changed

Fixes

• Fix ValidationInfo.data missing with model_validate_json() by @​davidhewitt in #13079

Full Changelog: pydantic/pydantic@v2.13.0...v2.13.1

v2.13.0 2026-04-13

v2.13.0 (2026-04-13)

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

Packaging

• Add zizmor for GitHub Actions workflow linting by @​Viicos in #13039
• Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by @​Viicos in #13064

New Features

• Allow default factories of private attributes to take validated model data by @​Viicos in #13013

Changes

• Warn when serializing fixed length tuples with too few items by @​arvindsaripalli in #13016

Fixes

• Change type of Any when synthesizing _build_sources for BaseSettings.__init__() signature in the mypy plugin by @​Viicos in #13049
• Fix model equality when using runtime extra configuration by @​Viicos in #13062

New Contributors

• @​arvindsaripalli made their first contribution in #13016

Full Changelog: pydantic/pydantic@v2.12.0...v2.13.0

v2.13.0b3 2026-03-31

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.13.2 (2026-04-17)

GitHub release

What's Changed

Fixes

• Fix ValidationInfo.field_name missing with model_validate_json() by @​Viicos in #13084

v2.13.1 (2026-04-15)

GitHub release

What's Changed

Fixes

• Fix ValidationInfo.data missing with model_validate_json() by @​davidhewitt in #13079

v2.13.0 (2026-04-13)

GitHub release

The highlights of the v2.13 release are available in the blog post. Several minor changes (considered non-breaking changes according to our versioning policy) are also included in this release. Make sure to look into them before upgrading.

This release contains the updated pydantic.v1 namespace, matching version 1.10.26 which includes support for Python 3.14.

What's Changed

See the beta releases for all changes sinces 2.12.

New Features

• Allow default factories of private attributes to take validated model data by @​Viicos in #13013

Changes

• Warn when serializing fixed length tuples with too few items by @​arvindsaripalli in #13016

Fixes

• Change type of Any when synthesizing _build_sources for BaseSettings.__init__() signature in the mypy plugin by @​Viicos in #13049
• Fix model equality when using runtime extra configuration by @​Viicos in #13062

Packaging

• Add zizmor for GitHub Actions workflow linting by @​Viicos in #13039

... (truncated)

Commits

• ca3ddd1 Prepare release v2.13.2
• 000e823 Fix ValidationInfo.field_name missing with model_validate_json()
• d45d8be Prepare release 2.13.1
• 54aca60 Fix ValidationInfo.data missing with model_validate_json()
• 46bf4fa Fix Pydantic release workflow (#13067)
• 1b359ed Prepare release v2.13.0 (#13065)
• b1bf194 Fix model equality when using runtime extra configuration (#13062)
• 17a35e3 Update jiter to v0.14.0 (#13064)
• feea402 Use simulation mode in Codspeed CI (#13063)
• 671c9b0 Add basic benchmarks for model equality (#13061)
• Additional commits viewable in compare view

Updates aws-lambda-powertools from 3.27.0 to 3.28.0

Release notes

Sourced from aws-lambda-powertools's releases.

v3.28.0

Summary

This release brings dependency injection, an enriched Request object, OpenAPI improvements, and internal refactoring to the Event Handler.

• Dependency injection: type-safe Depends() with nested resolution, caching, and test overrides
• Enriched Request: resolved_event and context properties bridge middleware and dependencies
• OpenAPI status_code: set default response status code on route decorators
• Query string fix: parameters no longer dropped when both single and multi-value query strings are present

A huge thanks to @​JustinBerger, @​Iamrodos, and @​ran-isenberg for their contributions!

Dependency injection with Depends()

Docs

You can now use Depends() to declare typed dependencies directly in route handler signatures: no decorators, no global state. Dependencies are resolved automatically, cached per invocation, and support nested dependency trees.

import os
from typing import Any
import boto3
from typing_extensions import Annotated
from aws_lambda_powertools.event_handler import APIGatewayHttpResolver
from aws_lambda_powertools.event_handler.depends import Depends
from aws_lambda_powertools.utilities.typing import LambdaContext
app = APIGatewayHttpResolver()
def get_dynamodb_table():
dynamodb = boto3.resource("dynamodb")
return dynamodb.Table(os.environ["TABLE_NAME"])
@​app.get("/orders")
def list_orders(table: Annotated[Any, Depends(get_dynamodb_table)]):
return table.scan()["Items"]

For testing, swap any dependency without monkeypatching:

app.dependency_overrides[get_dynamodb_table] = lambda: mock_table

Enriched Request object

... (truncated)

Changelog

Sourced from aws-lambda-powertools's changelog.

[v3.28.0] - 2026-04-14

Bug Fixes

• data_class: merge querystring parameters in ALB/APIGW classes (#8154)

Maintenance

• version bump

Commits

• 9f2c57d chore: version bump
• 7fc9efb fix(data_class): merge querystring parameters in ALB/APIGW classes (#8154)
• cd8829b feat(event_handler): enrich request object (#8153)
• 6bcb8a3 chore: bump dependabot dependencies. (#8152)
• f06db0a chore(deps-dev): bump aws-cdk from 2.1117.0 to 2.1118.0 in the aws-cdk group ...
• 8673ede chore(deps): bump cryptography from 46.0.6 to 46.0.7 (#8132)
• 45d25e9 feat(event_handler): adding status_code OpenAPI field (#8130)
• d488548 docs: adding new Lambda features (#7917)
• 4cb9997 feat(event_handler): add Dependency injection with Depends() (#8128)
• f1d07ab fix(event_handler): read swagger files with UTF-8 encoding (#8131)
• Additional commits viewable in compare view

Updates boto3 from 1.42.88 to 1.42.91

Commits

• d5b7391 Merge branch 'release-1.42.91'
• f8d1385 Bumping version to 1.42.91
• 3e83422 Add changelog entries from botocore
• ac298d4 Merge branch 'release-1.42.90'
• 1a92783 Merge branch 'release-1.42.90' into develop
• c16e41e Bumping version to 1.42.90
• ec6d8b3 Add changelog entries from botocore
• e73a6f9 Bump aws-actions/configure-aws-credentials from 6.0.0 to 6.1.0 (#4767)
• 54a9dc1 Merge branch 'release-1.42.89'
• 0cb8ca5 Merge branch 'release-1.42.89' into develop
• Additional commits viewable in compare view

Updates aws-cdk-lib from 2.248.0 to 2.250.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.250.0

⚠ BREAKING CHANGES

• ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

aws-emr: AWS::EMR::Cluster: MonitoringConfiguration property removed. aws-emr: AWS::EMR::Cluster: CloudWatchLogConfiguration type removed. aws-emr: AWS::EMR::Cluster: EMRConfiguration type removed. aws-emr: AWS::EMR::Cluster: MonitoringConfiguration type removed.

Features

• s3files: s3Files Lambda L1 integration (#37547) (af41262)
• update L1 CloudFormation resource definitions (#37582) (c99ce64)
• mediapackagev2: add region attribute on mediapackagev2 resources and extra naming validation (#37526) (112ed67)

Bug Fixes

• eks-v2: respect securityGroup(s) in KubectlProviderOptions (#37247) (4c530fa), closes #36653
• lambda-nodejs: if entry path is not under project root, bundling in Docker fails in an unclear way (#37572) (73662df)

---

Alpha modules (2.250.0-alpha.0)

v2.249.0

⚠ BREAKING CHANGES

• L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

aws-appstream: AWS::AppStream::Stack: Id attribute removed. aws-appsync: AWS::AppSync::GraphQLApi: LogConfig.CloudWatchLogsRoleArn property is now required. aws-appsync: AWS::AppSync::GraphQLApi: LogConfig.FieldLogLevel property is now required. aws-kafkaconnect: AWS::KafkaConnect::Connector: ProvisionedCapacity.McuCount property is now required.

Features

• batch: add AL2023 image types and default to AL2023 (under feature flag) (#37539) (6c1251c), closes #35839 #37205
• update L1 CloudFormation resource definitions (f28bb0e)
• update L1 CloudFormation resource definitions (#37530) (117562c)
• core: add source tracing for L1 construct property mutations (#37543) (8f38378)

Bug Fixes

... (truncated)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.250.0-alpha.0 (2026-04-14)

2.249.0-alpha.0 (2026-04-10)

2.248.0-alpha.0 (2026-04-02)

2.247.0-alpha.0 (2026-04-02)

Features

• mediapackagev2-alpha: new L2 construct (#37279) (7debfb9)

2.246.0-alpha.0 (2026-03-31)

2.245.0-alpha.0 (2026-03-27)

Features

• s3tables-alpha: add support for partition spec, sort order, and table properties (#36811) (2696cd1)
• s3tables-alpha: add metrics configuration support for TableBucket (#37275) (e8786f5)
• s3tables-alpha: implement ITaggableV2 on TableBucket and Table L2 constructs (#37277) (69c8944), closes #33054

2.244.0-alpha.0 (2026-03-19)

Bug Fixes

• kinesisanalytics-flink-alpha: mark deprecated flink runtimes as deprecated (#37155) (0a89447)

2.243.0-alpha.0 (2026-03-11)

2.242.0-alpha.0 (2026-03-10)

Features

• mixins-preview: allow passing resource objects into properties in CFN Property mixins (#37148) (f238629)
• mixins-preview: generate EventBridge pattern for all events (#37081) (f30e836)
• mixins-preview: support custom merge strategies via IMergeStrategy (#37170) (0dec011)

2.241.0-alpha.0 (2026-03-02)

Features

... (truncated)

Commits

• 26014d4 chore(release): 2.250.0 (#37592)
• 2ebf82f chore: trigger build
• 89773c3 chore: update analytics metadata blueprints
• 235eece chore(release): 2.250.0
• af41262 feat(s3files): s3Files Lambda L1 integration (#37547)
• 3d64593 chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 in the npm_and_yarn...
• 74d1e8b chore(security-guardian): improve failure messages (#37542)
• a0588ed chore(ci): use workflow_run pattern for auto integ test to fix PR secret acce...
• 4c530fa fix(eks-v2): respect securityGroup(s) in KubectlProviderOptions (#37247)
• 109e0c3 chore(merge-back): 2.249.0 (#37584)
• Additional commits viewable in compare view

Updates ruff from 0.15.10 to 0.15.11

Release notes

Sourced from ruff's releases.

0.15.11

Release Notes

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

• [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

• [flake8-async] Add override mention to ASYNC109 docs (#24666)
• Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

• @​augustelalande
• @​anishgirianish
• @​benberryallwood
• @​charliermarsh
• @​Dev-iL

Install ruff 0.15.11

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.ps1 | iex"

Download ruff 0.15.11

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ruff-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
ruff-i686-pc-windows-msvc.zip	x86 Windows	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.11

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

• [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

• [flake8-async] Add override mention to ASYNC109 docs (#24666)
• Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

• @​augustelalande
• @​anishgirianish
• @​benberryallwood
• @​charliermarsh
• @​Dev-iL

Commits

• 53554b1 Bump 0.15.11 (#24678)
• 08c56c8 Factor out the mdtest crate (#24616)
• 725fbb7 [ty] Use partially qualified names when reporting diagnostics regarding bad c...
• ddd6a30 [ty] Do not suggest argument completion when at value of keyword argument (#2...
• 9282e61 Disallow @​disjoint_base on TypedDicts and Protocols (#24671)
• e9986d8 [ty] Reject using properties with Never setters or deleters (#24510)
• 9cf212f [ty] Normalize property setter and deleter wrappers (#24509)
• 12a1589 Add override mention to ASYNC109 docs (#24666)
• dccb03d [ty] Avoid panicking on overloaded Callable type context (#24661)
• 61f9a0a [ty] Sync vendored typeshed stubs (#24646)
• Additional commits viewable in compare view

Updates hypothesis from 6.151.12 to 6.152.1

Release notes

Sourced from hypothesis's releases.

Hypothesis for Python - version 6.152.1

Improve some internal type hints.

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.152.0

Hypothesis generally recommends that the ".hypothesis" directory not be checked into version control. As a result, Hypothesis now automatically creates a ".gitignore" with "*" in the ".hypothesis" directory, which excludes it from being tracked by git.

If you do want to check ".hypothesis" into git, you can remove the ".gitignore" file. Hypothesis will not re-create it unless the entire ".hypothesis" directory is removed.

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.151.14

This patch fixes our "from_regex()" type annotations so that "from_regex(..., alphabet=None)" is accepted.

This patch also adds unicode line breaks and thai combining vowels to our list of constant strings to upweight at runtime.

The canonical version of these notes (with links) is on readthedocs.

Hypothesis for Python - version 6.151.13

This patch removes some newly unnecessary "# type: ignore" comments.

The canonical version of these notes (with links) is on readthedocs.

Commits

• d451213 Bump hypothesis-python version to 6.152.1 and update changelog
• c95fa97 Merge pull request #4706 from Liam-DeVoe/typing-fix
• 7dd2cfd Merge remote-tracking branch 'upstream/master' into typing-fix
• 35fdf62 Bump hypothesis-python version to 6.152.0 and update changelog
• 0cb15c5 tighten check for typing
• 0e03204 Merge pull request #4704 from Liam-DeVoe/auto-ignore-.hypothesis
• 3625c63 fix ci failures
• 8a8a6a1 reword for clarity
• 0102250 fix ci
• e571cf3 Bump hypothesis-python version to 6.151.14 and update changelog
• Additional commits viewable in compare view

Updates mkdocstrings from 1.0.3 to 1.0.4

Release notes

Sourced from mkdocstrings's releases.

1.0.4

1.0.4 - 2026-04-15

Compare with 1.0.3

Bug Fixes

• Add timeout when downloading inventories (10 seconds) (3d1969a by Simon Lloyd). Issue-819

Changelog

Sourced from mkdocstrings's changelog.

1.0.4 - 2026-04-15

Compare with 1.0.3

Bug Fixes

• Add timeout when downloading inventories (10 seconds) (3d1969a by Simon Lloyd). Issue-819

Commits

• a938528 chore: Prepare release 1.0.4
• 1eaa224 ci: Lint and type-check
• 80e090d Merge branch 'main' of github.com:mkdocstrings/mkdocstrings
• 5f82a58 chore: Template upgrade
• 3d1969a fix: Add timeout when downloading inventories (10 seconds)
• a0c47b9 docs: Fix broken link in README
• e500a2b chore: Update sponsors section in README
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions