📝 Update release notes

[skip ci]
⬆ Bump the python-packages group with 15 updates (#15594 )
2026-05-26 01:10:21 -04:00 · 2026-05-24 13:03:53 +00:00 · 2026-05-24 15:03:23 +02:00 · 2026-05-24 11:07:04 +00:00 · 2026-05-24 13:06:37 +02:00 · 2026-05-24 11:01:06 +00:00
6 changed files with 516 additions and 404 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -4,26 +4,47 @@ updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
-      interval: "daily"
+      interval: "weekly"
    cooldown:
      default-days: 7
    commit-message:
      prefix: ⬆
+    labels:
+      - "internal"
+      - "dependencies"
+      - "github_actions"
+    groups:
+      github-actions:
+        patterns:
+          - "*"
  # Python
  - package-ecosystem: "uv"
    directory: "/"
    schedule:
-      interval: "daily"
+      interval: "weekly"
    cooldown:
      default-days: 7
    commit-message:
      prefix: ⬆
+    groups:
+      python-packages:
+        dependency-type: "development"
+        patterns:
+          - "*"
  # pre-commit
  - package-ecosystem: "pre-commit"
    directory: "/"
    schedule:
-      interval: "daily"
+      interval: "weekly"
    cooldown:
      default-days: 7
    commit-message:
      prefix: ⬆
+    labels:
+      - "internal"
+      - "dependencies"
+      - "pre-commit"
+    groups:
+      pre-commit:
+        patterns:
+          - "*"
--- a/docs/en/docs/deployment/manually.md
+++ b/docs/en/docs/deployment/manually.md
@@ -56,7 +56,6 @@ There are several alternatives, including:
 * [Hypercorn](https://hypercorn.readthedocs.io/): an ASGI server compatible with HTTP/2 and Trio among other features.
 * [Daphne](https://github.com/django/daphne): the ASGI server built for Django Channels.
 * [Granian](https://github.com/emmett-framework/granian): A Rust HTTP server for Python applications.
-* [NGINX Unit](https://unit.nginx.org/howto/fastapi/): NGINX Unit is a lightweight and versatile web application runtime.

 ## Server Machine and Server Program { #server-machine-and-server-program }

--- a/docs/en/docs/release-notes.md
+++ b/docs/en/docs/release-notes.md
@@ -7,6 +7,17 @@ hide:

 ## Latest Changes

+### Docs
+
+* ✏️ Use `Annotated` in inline example in `docs/en/docs/tutorial/body-multiple-params.md`. PR [#15591](https://github.com/fastapi/fastapi/pull/15591) by [@TheArchons](https://github.com/TheArchons).
+* 📝 Remove "NGINX Unit" from the list of ASGI-servers in docs. PR [#15475](https://github.com/fastapi/fastapi/pull/15475) by [@angryfoxx](https://github.com/angryfoxx).
+* 📝 Update `docs/en/docs/tutorial/security/oauth2-jwt.md`. PR [#14781](https://github.com/fastapi/fastapi/pull/14781) by [@zadevhub](https://github.com/zadevhub).
+
+### Internal
+
+* ⬆ Bump the python-packages group with 15 updates. PR [#15594](https://github.com/fastapi/fastapi/pull/15594) by [@dependabot[bot]](https://github.com/apps/dependabot).
+* 👷 Configure Dependabot to group updates and update weekly. PR [#15560](https://github.com/fastapi/fastapi/pull/15560) by [@YuriiMotov](https://github.com/YuriiMotov).
+
 ## 0.136.3 (2026-05-23)

 ### Refactors
--- a/docs/en/docs/tutorial/body-multiple-params.md
+++ b/docs/en/docs/tutorial/body-multiple-params.md
@@ -126,7 +126,7 @@ By default, **FastAPI** will then expect its body directly.
 But if you want it to expect a JSON with a key `item` and inside of it the model contents, as it does when you declare extra body parameters, you can use the special `Body` parameter `embed`:

 ```Python
-item: Item = Body(embed=True)
+item: Annotated[Item, Body(embed=True)]
 ```

 as in:
--- a/docs/en/docs/tutorial/security/oauth2-jwt.md
+++ b/docs/en/docs/tutorial/security/oauth2-jwt.md
@@ -18,7 +18,7 @@ eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4

 It is not encrypted, so, anyone could recover the information from the contents.

-But it's signed. So, when you receive a token that you emitted, you can verify that you actually emitted it.
+But it's signed. So, when you receive a token that you issued, you can verify that it was you who issued it.

 That way, you can create a token with an expiration of, let's say, 1 week. And then when the user comes back the next day with the token, you know that user is still logged in to your system.

--- a/uv.lock
+++ b/uv.lock
Author	SHA1	Message	Date
github-actions[bot]	6cbdde2315	📝 Update release notes [skip ci]	2026-05-24 13:03:53 +00:00
dependabot[bot]	1464678ba6	⬆ Bump the python-packages group with 15 updates (#15594 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-24 15:03:23 +02:00
github-actions[bot]	1a84bbc00b	📝 Update release notes [skip ci]	2026-05-24 11:07:04 +00:00
Yurii Motov	3fdc54edab	👷 Configure Dependabot to group updates and update weekly (#15560 )	2026-05-24 13:06:37 +02:00
github-actions[bot]	09ba2cec98	📝 Update release notes [skip ci]	2026-05-24 11:01:06 +00:00
Alexander Li	3e3d38930e	✏️ Use `Annotated` in inline example in `docs/en/docs/tutorial/body-multiple-params.md` (#15591 )	2026-05-24 13:00:37 +02:00
github-actions[bot]	84f205c8f7	📝 Update release notes [skip ci]	2026-05-24 10:57:12 +00:00
Ömer 🇹🇷	7baefe7144	📝 Remove "NGINX Unit" from the list of ASGI-servers in docs (#15475 )	2026-05-24 12:56:40 +02:00
github-actions[bot]	2895c51ba8	📝 Update release notes [skip ci]	2026-05-24 10:29:48 +00:00
zadevhub	21c46919fc	📝 Update `docs/en/docs/tutorial/security/oauth2-jwt.md` (#14781 ) Co-authored-by: Sebastián Ramírez <tiangolo@gmail.com> Co-authored-by: Yurii Motov <109919500+YuriiMotov@users.noreply.github.com>	2026-05-24 10:29:22 +00:00