fix(deps): bump the backend group in /backend with 2 updates

[dependabot]

Bumps the backend group in /backend with 2 updates: fastapi and ruff.

Updates fastapi from 0.128.0 to 0.128.5

Release notes

Sourced from fastapi's releases.

0.128.5

Refactors

• ♻️ Refactor and simplify Pydantic v2 (and v1) compatibility internal utils. PR #14862 by @​tiangolo.

Internal

• ✅ Add inline snapshot tests for OpenAPI before changes from Pydantic v2. PR #14864 by @​tiangolo.

0.128.4

Refactors

• ♻️ Refactor internals, simplify Pydantic v2/v1 utils, create_model_field, better types for lenient_issubclass. PR #14860 by @​tiangolo.
• ♻️ Simplify internals, remove Pydantic v1 only logic, no longer needed. PR #14857 by @​tiangolo.
• ♻️ Refactor internals, cleanup unneeded Pydantic v1 specific logic. PR #14856 by @​tiangolo.

Translations

• 🌐 Update translations for fr (outdated pages). PR #14839 by @​YuriiMotov.
• 🌐 Update translations for tr (outdated and missing). PR #14838 by @​YuriiMotov.

Internal

• ⬆️ Upgrade development dependencies. PR #14854 by @​tiangolo.

0.128.3

Refactors

• ♻️ Re-implement on_event in FastAPI for compatibility with the next Starlette, while keeping backwards compatibility. PR #14851 by @​tiangolo.

Upgrades

• ⬆️ Upgrade Starlette supported version range to starlette>=0.40.0,<1.0.0. PR #14853 by @​tiangolo.

Translations

• 🌐 Update translations for ru (update-outdated). PR #14834 by @​tiangolo.

Internal

• 👷 Run tests with Starlette from git. PR #14849 by @​tiangolo.
• 👷 Run tests with lower bound uv sync, upgrade fastapi[all] minimum dependencies: ujson >=5.8.0, orjson >=3.9.3. PR #14846 by @​tiangolo.

0.128.2

Features

• ✨ Add support for PEP695 TypeAliasType. PR #13920 by @​cstruct.
• ✨ Allow Response type hint as dependency annotation. PR #14794 by @​jonathan-fulton.

Fixes

... (truncated)

Commits

• dedf140 🔖 Release version 0.128.5
• 79d4dfb 📝 Update release notes
• 9f4ecf5 ✅ Add inline snapshot tests for OpenAPI before changes from Pydantic v2 (#14864)
• c48539f 📝 Update release notes
• 2e7d375 ♻️ Refactor and simplify Pydantic v2 (and v1) compatibility internal utils (#...
• 8eac94b 🔖 Release version 0.128.4
• 58cdfc7 📝 Update release notes
• d59fbc3 ♻️ Refactor internals, simplify Pydantic v2/v1 utils, create_model_field, b...
• cc6ced6 📝 Update release notes
• cf55bad ♻️ Simplify internals, remove Pydantic v1 only logic, no longer needed (#14857)
• Additional commits viewable in compare view

Updates ruff from 0.14.14 to 0.15.0

Release notes

Sourced from ruff's releases.

0.15.0

Release Notes

Released on 2026-02-03.

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

• Ruff now formats your code according to the 2026 style guide. See the formatter section below or in the blog post for a detailed list of changes.

• The linter now supports block suppression comments. For example, to suppress N803 for all parameters in this function:

  # ruff: disable[N803]
  def foo(
      legacyArg1,
      legacyArg2,
      legacyArg3,
      legacyArg4,
  ): ...
  # ruff: enable[N803]

  See the documentation for more details.

• The ruff:alpine Docker image is now based on Alpine 3.23 (up from 3.21).

• The ruff:debian and ruff:debian-slim Docker images are now based on Debian 13 "Trixie" instead of Debian 12 "Bookworm."

• Binaries for the ppc64 (64-bit big-endian PowerPC) architecture are no longer included in our releases. It should still be possible to build Ruff manually for this platform, if needed.

• Ruff now resolves all extended configuration files before falling back on a default Python version.

Stabilization

The following rules have been stabilized and are no longer in preview:

• blocking-http-call-httpx-in-async-function (ASYNC212)
• blocking-path-method-in-async-function (ASYNC240)
• blocking-input-in-async-function (ASYNC250)
• map-without-explicit-strict (B912)
• if-exp-instead-of-or-operator (FURB110)
• single-item-membership-test (FURB171)
• missing-maxsplit-arg (PLC0207)
• unnecessary-lambda (PLW0108)
• unnecessary-empty-iterable-within-deque-call (RUF037)
• in-empty-collection (RUF060)
• legacy-form-pytest-raises (RUF061)
• non-octal-permissions (RUF064)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.0

Released on 2026-02-03.

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

• Ruff now formats your code according to the 2026 style guide. See the formatter section below or in the blog post for a detailed list of changes.

• The linter now supports block suppression comments. For example, to suppress N803 for all parameters in this function:

  # ruff: disable[N803]
  def foo(
      legacyArg1,
      legacyArg2,
      legacyArg3,
      legacyArg4,
  ): ...
  # ruff: enable[N803]

  See the documentation for more details.

• The ruff:alpine Docker image is now based on Alpine 3.23 (up from 3.21).

• The ruff:debian and ruff:debian-slim Docker images are now based on Debian 13 "Trixie" instead of Debian 12 "Bookworm."

• Binaries for the ppc64 (64-bit big-endian PowerPC) architecture are no longer included in our releases. It should still be possible to build Ruff manually for this platform, if needed.

• Ruff now resolves all extended configuration files before falling back on a default Python version.

Stabilization

The following rules have been stabilized and are no longer in preview:

• blocking-http-call-httpx-in-async-function (ASYNC212)
• blocking-path-method-in-async-function (ASYNC240)
• blocking-input-in-async-function (ASYNC250)
• map-without-explicit-strict (B912)
• if-exp-instead-of-or-operator (FURB110)
• single-item-membership-test (FURB171)

... (truncated)

Commits

• ce5f7b6 Bump 0.15.0 (#23055)
• b4e40f5 [ty] Fix __contains__ to respect descriptors (#23056)
• 848cb72 [ty] Fix narrowing of nonlocal variables with conditional assignments (#22966)
• da7f33a [ty] Add a diagnostic for Final without assignment (#23001)
• e65f9a6 Document markdown formatting feature (#22990)
• c0c1b98 Format markdown code blocks with line-by-line regex parse (#22996)
• 9f8f3e1 Allow positional-only params with defaults in method overrides (#23037)
• ef83810 [ty] ecosystem-analyzer: Support bare git repositories (#23054)
• 54dfee4 Customize where the fix_title sub-diagnostic appears (#23044)
• b534607 2026 Ruff Formatter Style (#22735)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions