fix(deps): lock file maintenance poetry dependencies (master)

[red-hat-konflux]

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
		lockFileMaintenance	All locks refreshed
aiokafka (changelog)	dependencies	minor	^0.13.0 → ^0.14.0
maturin (changelog)	dependencies	patch	=1.13.1 → =1.13.3
uvicorn (changelog)	dependencies	minor	^0.45.0 → ^0.47.0

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Release Notes

aio-libs/aiokafka (aiokafka)

v0.14.0

Compare Source

===================

New features:

• Add rack-aware fetching from the closest in-sync replica (KIP-392) via the new
  client_rack option on :class:AIOKafkaConsumer. When set and the brokers
  support FetchRequest v11 (Kafka 2.4+) with a replica.selector.class
  configured, the consumer will fetch from a same-rack follower instead of the
  partition leader, reducing cross-AZ traffic and tail latency.
  (prs #​1159 and #​1160 by @​GlebShipilov)

Bugfixes:

• Fix type annotation for AIOKafkaAdminClient (issue #​1148)
• Return back and deprecate api_version parameter in client classes
  (issue #​1147)
• Avoid failures when a transaction coordinator is dead by removing deprecated code
  (issue #​1151)
• Properly manage batch max size and linger_ms. A batch will be always
  produced if the max size or the lingering time is reached
  (pr #​1142 by @​vmaurin)

pyo3/maturin (maturin)

v1.13.3

Compare Source

• Fix: disable abi3 in pyo3 config for version-specific fallback builds (#​3180)

v1.13.2

Compare Source

• Fix: resolve test failures in distro packaging environments (#​3129)
• Fix: redirect tracing output to stderr to avoid breaking PEP 517 (#​3131)
• Fix: skip interpreters with empty output for WSL2 cross-compile (#​3137)
• Fix: set explicit lib_name in pyo3 config for Android abi3 cross-compilation (#​3130)
• Chore: add sysconfig/cpython-freebsd-15.0-amd64.txt (#​3140)
• Quote python-version in generated GitHub Actions workflow
• Update rustls-webpki
• Fix: two-phase bridge detection for conditional abi3 features (#​3144)
• Update cargo-zigbuild to 0.22.2
• Update pyo3 to 0.28.3
• Treat pyo3 0.29.0+ as having Windows import lib support (raw-dylib) (#​3145)
• Fix bin bindings with external shared library dependencies (#​3147)
• Upgrade MSRV to 1.89.0 (#​3149)
• Musllinux oci image (#​3152)
• Remove Cirrus CI for FreeBSD (#​3156)
• Perf: defer stage_artifact copy-back, finalize via rename when unpatched (#​3155)
• Perf: eliminate stage_artifact double-copy, drop was_patched flag (#​3157)
• Fix release pipeline (#​3158)
• Auditwheel: copy unpatched cargo output back before in-place patching (#​3159)
• Develop: fail loudly when pip leaves a stale ~ install behind (#​1922) (#​3161)
• Provide a link for the lib.name in Cargo.toml (#​3167)
• Fix duplicated version in changelog (#​3171)
• Switch to actions/attest from attest-build-provenance (#​3169)
• Switch generation to actions/attest action, upgrade to v4 (#​3170)
• Fix: avoid duplicate --interpreter panic in PEP 517 backend (#​3175)
• Add trusted publishing options to generate-ci (#​3176)
• Fix(sdist): handle symlinked Cargo.toml pointing outside project root (#​3178)
• Stop install cffi for Python 3.8 in Dockerfile
• Fix: support pixi-managed virtualenvs in maturin develop (#​3165)
• Support PEP 783 pyemscripten_*_wasm32 wheel platform tag (#​3163)

Kludex/uvicorn (uvicorn)

v0.47.0: Version 0.47.0

Compare Source

What's Changed

• Eagerly import the ASGI app in the parent process by @​Kludex in #​2919
• Add ssl_context_factory for custom SSLContext configuration by @​Kludex in #​2920
• Treat fd=0 as a valid file descriptor with reload/workers by @​eltoder in #​2927

Full Changelog: Kludex/uvicorn@0.46.0...0.47.0

v0.46.0: Version 0.46.0

Compare Source

What's Changed

• Support ws_max_size in wsproto implementation by @​Kludex in #​2915
• Support ws_ping_interval and ws_ping_timeout in wsproto implementation by @​Kludex in #​2916
• Use bytearray for incoming WebSocket message buffer in websockets-sansio by @​Kludex in #​2917

Full Changelog: Kludex/uvicorn@0.45.0...0.46.0

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 04:59 AM ( * 0-4 * * * ) in timezone Europe/Prague, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

Summary by Sourcery

Update Python project dependencies to newer versions and refresh Poetry lock file.

Enhancements:

• Bump aiokafka dependency to the 0.14.x series for Kafka client improvements.
• Upgrade uvicorn to the 0.47.x series for updated ASGI server capabilities.
• Update maturin build dependency to 1.13.3 for improved Rust-based packaging support.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Refreshes Poetry dependency lock file and bumps aiokafka, uvicorn, and maturin versions in pyproject.toml to newer minor/patch releases, keeping runtime and build tooling up to date.

File-Level Changes

Change	Details	Files
Update runtime Kafka and ASGI server dependencies to newer minor versions.	Bump aiokafka dependency constraint from ^0.13.0 to ^0.14.0 while retaining lz4 extra. Bump uvicorn dependency constraint from ^0.45.0 to ^0.47.0.	pyproject.toml poetry.lock
Update Rust-based build tooling dependency maturin to latest compatible patch version and refresh lockfile.	Change maturin pin from =1.13.1 to =1.13.3, keeping the explicit pinning strategy. Regenerate Poetry lockfile to align with updated dependency versions.	pyproject.toml poetry.lock

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[github-actions]

SC Environment Impact Assessment

Overall Impact: ⚪ NONE

No SC Environment-specific impacts detected in this PR.

What was checked

This PR was automatically scanned for:

• Database migrations
• ClowdApp configuration changes
• Kessel integration changes
• AWS service integrations (S3, RDS, ElastiCache)
• Kafka topic changes
• Secrets management changes
• External dependencies

[sourcery-ai]

Hey - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[red-hat-konflux]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.