Django-Styleguide-Example icon indicating copy to clipboard operation
Django-Styleguide-Example copied to clipboard
verified publisher icon HackSoftware

Bump the dependencies group across 1 directory with 19 updates

Open dependabot[bot] opened this issue 2 months ago • 0 comments

Bumps the dependencies group with 19 updates in the / directory:

Package From To
django 5.2.7 5.2.8
celery 5.5.3 5.6.0
django-structlog[celery] 9.1.1 10.0.0
boto3 1.40.52 1.42.0
sentry-sdk 2.42.0 2.46.0
google-api-python-client 2.184.0 2.187.0
google-auth 2.41.1 2.43.0
google-auth-httplib2 0.2.0 0.2.1
google-auth-oauthlib 1.2.2 1.2.3
pytest 8.4.2 9.0.1
faker 37.11.0 38.2.0
ipython 9.6.0 9.7.0
django-debug-toolbar 6.0.0 6.1.0
mypy 1.18.2 1.19.0
django-stubs 5.2.7 5.2.8
djangorestframework-stubs 3.16.4 3.16.5
boto3-stubs 1.40.52 1.41.5
ruff 0.14.0 0.14.7
pre-commit 4.3.0 4.5.0

Updates django from 5.2.7 to 5.2.8

Commits
  • 47fe39a [5.2.x] Bumped version for 5.2.8 release.
  • ac9fcf6 [5.2.x] Refs CVE-2025-64459 -- Avoided propagating invalid arguments to Q on ...
  • 6703f36 [5.2.x] Fixed CVE-2025-64459 -- Prevented SQL injections in Q/QuerySet via th...
  • 4f5d904 [5.2.x] Fixed CVE-2025-64458 -- Mitigated potential DoS in HttpResponseRedire...
  • cbdf128 [5.2.x] Fixed #36704 -- Fixed system check error for proxy model with a compo...
  • 6775888 [5.2.x] Fixed #36696 -- Fixed NameError when inspecting functions with deferr...
  • d5dfffa [5.2.x] Added stub release notes and release date for 5.2.8, 5.1.14, and 4.2.26.
  • 368f955 [5.2.x] Fixed #36681 -- Removed English pluralization bias from example in do...
  • 71267c9 [5.2.x] Fixed #35095 -- Clarified Swiss number formatting in docs/topics/i18n...
  • 9b37bd5 [5.2.x] Made RemoteTestResultTest.test_pickle_errors_detection() compatible w...
  • Additional commits viewable in compare view

Updates celery from 5.5.3 to 5.6.0

Release notes

Sourced from celery's releases.

v5.6.0

Celery v5.6.0 is now available.

Key Highlights

See What's new in Celery 5.6 for a complete overview or read the main highlights below.

Python 3.9 Minimum Version

Celery 5.6.0 drops support for Python 3.8 (EOL). The minimum required Python version is now 3.9. Users still on Python 3.8 must upgrade their Python version before upgrading to Celery 5.6.0.

Additionally, this release includes initial support for Python 3.14.

SQS: Reverted to pycurl from urllib3

The switch from pycurl to urllib3 for the SQS transport (introduced in Celery 5.5.0 via Kombu) has been reverted due to critical issues affecting SQS users.

Contributed by @​auvipy in celery/celery#9620.

Security Fix: Broker Credential Leak Prevention

Fixed a security issue where broker URLs containing passwords were being logged in plaintext by the delayed delivery mechanism. Broker credentials are now properly sanitized in all log output.

Contributed by @​giancarloromeo in celery/celery#9997.

Memory Leak Fixes

Two significant memory leaks have been fixed in this release:

Exception Handling Memory Leak: Fixed a critical memory leak in task exception handling that was particularly severe on Python 3.11+ due to enhanced traceback data. The fix properly breaks reference cycles in tracebacks to allow garbage collection.

Contributed by @​jaiganeshs21 in celery/celery#9799.

Pending Result Memory Leak: Fixed a memory leak where AsyncResult subscriptions were not being cleaned up when results were forgotten.

Contributed by @​tsoos99dev in celery/celery#9806.

ETA Task Memory Limit

New configuration option worker_eta_task_limit to prevent out-of-memory crashes when workers fetch large numbers of ETA or countdown tasks. Previously, workers could exhaust available memory when the broker contained many scheduled tasks.

Example usage:

app.conf.worker_eta_task_limit = 1000

Contributed by @​sashu2310 in celery/celery#9853.

Queue Type Selection for Auto-created Queues

... (truncated)

Changelog

Sourced from celery's changelog.

5.6.0

:release-date: 2025-11-30 :release-by: Tomer Nosrati

Celery v5.6.0 is now available.

Key Highlights


See :ref:`whatsnew-5.6` for a complete overview or read the main highlights below.

Python 3.9 Minimum Version


Celery 5.6.0 drops support for Python 3.8 (EOL). The minimum required Python
version is now 3.9. Users still on Python 3.8 must upgrade their Python version
before upgrading to Celery 5.6.0.


Additionally, this release includes initial support for Python 3.14.


SQS: Reverted to pycurl from urllib3


The switch from pycurl to urllib3 for the SQS transport (introduced in
Celery 5.5.0 via Kombu) has been reverted due to critical issues affecting SQS
users:


    

  • Processing throughput dropped from ~100 tasks/sec to ~3/sec in some environments
    • 

  • UnknownOperationException errors causing container crash loops
    • 

  • Silent message processing failures with no error logs
    • 



Users of the SQS transport must ensure pycurl is installed. If you removed
pycurl after upgrading to Celery 5.5.0, you will need to reinstall it.


Contributed by @auvipy <https://github.com/auvipy>_ in
[#9620](https://github.com/celery/celery/issues/9620) <https://github.com/celery/celery/pull/9620>_.


Security Fix: Broker Credential Leak Prevention


Fixed a security issue where broker URLs containing passwords were being logged
in plaintext by the delayed delivery mechanism. Broker credentials are now
properly sanitized in all log output.


Contributed by @giancarloromeo <https://github.com/giancarloromeo>_ in
[#9997](https://github.com/celery/celery/issues/9997) <https://github.com/celery/celery/pull/9997>_.


Memory Leak Fixes
</tr></table>

... (truncated)

Commits

Updates django-structlog[celery] from 9.1.1 to 10.0.0

Changelog

Sourced from django-structlog[celery]'s changelog.

10.0.0 (October 22, 2025)

New: - Add 5xx and cancelled request log level config. See [#935](https://github.com/jrobichaud/django-structlog/issues/935) <https://github.com/jrobichaud/django-structlog/pull/935>. Special thanks to @fcortes <https://github.com/fcortes>. - Add python 3.14 support. See [#937](https://github.com/jrobichaud/django-structlog/issues/937) <https://github.com/jrobichaud/django-structlog/pull/937>_.

Changes: - Drop python 3.9 support.

Commits
  • 6c2feb5 Merge pull request #938 from jrobichaud/fix-readme
  • efcd704 fix error in readme (gotta add a checker)
  • fa277f6 Merge pull request #937 from jrobichaud/python-3.14
  • 238d813 Fix mypy regression when dropping 3.9
  • ee56156 Add python 3.14 support
  • f46461e Merge pull request #936 from jrobichaud/update-changelog
  • c76d11f update changelog
  • fbc9dea Merge pull request #935 from fcortes/add-access-log-level-config
  • a86d073 feat(env): add REQUEST_CANCELLED_LOG_LEVEL config
  • 9268401 feat(env): add STATUX_5XX_LOG_LEVEL config
  • Additional commits viewable in compare view

Updates boto3 from 1.40.52 to 1.42.0

Commits
  • 7ce189b Merge branch 'release-1.42.0'
  • 29d92d1 Bumping version to 1.42.0
  • 743f945 Add changelog entries from botocore
  • e3744fd Merge pull request #4629 from hssyoo/crt-mode
  • 39215b6 Merge branch 'release-1.41.5'
  • 79f2845 Merge branch 'release-1.41.5' into develop
  • 0fc8075 Bumping version to 1.41.5
  • 573d359 Add changelog entries from botocore
  • 177e900 Remove backticks from error msg
  • ff9d88c Add warning
  • Additional commits viewable in compare view

Updates sentry-sdk from 2.42.0 to 2.46.0

Release notes

Sourced from sentry-sdk's releases.

2.46.0

Various fixes & improvements

2.45.0

Various fixes & improvements

  • OTLPIntegration (#4877) by @​sl0thentr0py

    Enable the new OTLP integration with the code snippet below, and your OpenTelemetry instrumentation will be automatically sent to Sentry's OTLP ingestion endpoint.

      import sentry_sdk
  from sentry_sdk.integrations.otlp import OTLPIntegration

    sentry_sdk.init(
    
dsn="<your-dsn>",
    
# Add data like inputs and responses;
    
# see https://docs.sentry.io/platforms/python/data-management/data-collected/ for more info
    
send_default_pii=True,
    
integrations=[
    
OTLPIntegration(),
    
],
    
)

    Under the hood, this will setup:

    • A SpanExporter that will automatically set up the OTLP ingestion endpoint from your DSN
    • A Propagator that ensures Distributed Tracing works
    • Trace/Span linking for all other Sentry events such as Errors, Logs, Crons and Metrics

    If you were using the SentrySpanProcessor before, we recommend migrating over to OTLPIntegration since it's a much simpler setup.

  • feat(integrations): implement context management for invoke_agent spans (#5089) by @​constantinius

  • feat(loguru): Capture extra (#5096) by @​sentrivana

  • feat: Attach server.address to metrics (#5113) by @​alexander-alderman-webb

  • fix: Cast message and detail attributes before appending exception notes (#5114) by @​alexander-alderman-webb

  • fix(integrations): ensure that GEN_AI_AGENT_NAME is properly set for GEN_AI spans under an invoke_agent span (#5030) by @​constantinius

  • fix(logs): Update sentry.origin (#5112) by @​sentrivana

  • chore: Deprecate description truncation option for Redis spans (#5073) by @​alexander-alderman-webb

  • chore: Deprecate max_spans LangChain parameter (#5074) by @​alexander-alderman-webb

  • chore(toxgen): Check availability of pip and add detail to exceptions (#5076) by @​alexander-alderman-webb

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.46.0

Various fixes & improvements

2.45.0

Various fixes & improvements

  • OTLPIntegration (#4877) by @​sl0thentr0py

    Enable the new OTLP integration with the code snippet below, and your OpenTelemetry instrumentation will be automatically sent to Sentry's OTLP ingestion endpoint.

      import sentry_sdk
  from sentry_sdk.integrations.otlp import OTLPIntegration

    sentry_sdk.init(
    
dsn="<your-dsn>",
    
# Add data like inputs and responses;
    
# see https://docs.sentry.io/platforms/python/data-management/data-collected/ for more info
    
send_default_pii=True,
    
integrations=[
    
OTLPIntegration(),
    
],
    
)

    Under the hood, this will setup:

    • A SpanExporter that will automatically set up the OTLP ingestion endpoint from your DSN
    • A Propagator that ensures Distributed Tracing works
    • Trace/Span linking for all other Sentry events such as Errors, Logs, Crons and Metrics

    If you were using the SentrySpanProcessor before, we recommend migrating over to OTLPIntegration since it's a much simpler setup.

  • feat(integrations): implement context management for invoke_agent spans (#5089) by @​constantinius

  • feat(loguru): Capture extra (#5096) by @​sentrivana

  • feat: Attach server.address to metrics (#5113) by @​alexander-alderman-webb

  • fix: Cast message and detail attributes before appending exception notes (#5114) by @​alexander-alderman-webb

  • fix(integrations): ensure that GEN_AI_AGENT_NAME is properly set for GEN_AI spans under an invoke_agent span (#5030) by @​constantinius

  • fix(logs): Update sentry.origin (#5112) by @​sentrivana

  • chore: Deprecate description truncation option for Redis spans (#5073) by @​alexander-alderman-webb

... (truncated)

Commits
  • d3375bc Update CHANGELOG.md
  • 23abfe2 release: 2.46.0
  • ca19d63 feat: Preserve metadata on wrapped coroutines (#5105)
  • cf165e3 build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#5136)
  • b8d6a57 build(deps): bump actions/create-github-app-token from 2.1.4 to 2.2.0 (#5137)
  • c0c28b8 build(deps): bump supercharge/redis-github-action from 1.8.0 to 1.8.1 (#5138)
  • fb18c21 fix(pydantic-ai): Make imports defensive to avoid ModuleNotFoundError (#5135)
  • f945e38 Fix openai-agents import (#5132)
  • 8596f89 fix(integrations): enhance input handling for embeddings in LiteLLM integrati...
  • 0e6e808 test(openai-agents): Remove MagicMock from mocked ModelResponse (#5126)
  • Additional commits viewable in compare view

Updates google-api-python-client from 2.184.0 to 2.187.0

Release notes

Sourced from google-api-python-client's releases.

v2.187.0

2.187.0 (2025-11-04)

Features

... (truncated)

Commits

Updates google-auth from 2.41.1 to 2.43.0

Release notes

Sourced from google-auth's releases.

google-auth 2.43.0

2.43.0 (2025-11-05)

Features

  • Add public wrapper for _mtls_helper.check_use_client_cert which enables mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509 cert sources detected (#1859) (1535eccb)

  • Enable mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, if the MWID/X.509 cert sources detected (#1848) (395e405b)

  • onboard google-auth to librarian (#1838) (c503eaa5)

v2.42.1

2.42.1 (2025-10-30)

Bug Fixes

v2.42.0

2.42.0 (2025-10-24)

Features

  • Add trust boundary support for external accounts. (#1809) (36ecb1d)

Bug Fixes

  • Read scopes from ADC json for impersoanted cred (#1820) (62c0fc8)
Changelog

Sourced from google-auth's changelog.

2.43.0 (2025-11-05)

Features

  • Add public wrapper for _mtls_helper.check_use_client_cert which enables mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509 cert sources detected (#1859) Add public wrapper for check_use_client_cert which enables mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, when the MWID/X.509 cert sources detected. Also, fix check_use_client_cert to return boolean value. Change #1848 added the check_use_client_cert method that helps know if client cert should be used for mTLS connection. However, that was in a private class, thus, created a public wrapper of the same function so that it can be used by python Client Libraries. Also, updated check_use_client_cert to return a boolean value instead of existing string value for better readability and future scope. --------- (1535eccbff0ad8f3fd6a9775316ac8b77dca66ba)
  • Enable mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, if the MWID/X.509 cert sources detected (#1848) The Python SDK will use a hybrid approach for mTLS enablement:
  • If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is set (either true or false), the SDK will respect that setting. This is necessary for test scenarios and users who need to explicitly control mTLS behavior.
  • If the GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is not set, the SDK will automatically enable mTLS only if it detects Managed Workload Identity (MWID) or X.509 Workforce Identity Federation (WIF) certificate sources. In other cases where the variable is not set, mTLS will remain disabled. ** This change also adds the helper method check_use_client_cert and it's unit test, which will be used for checking the criteria for setting the mTLS to true ** This change is only for Auth-Library, other changes will be created for Client-Library use-cases. --------- (395e405b64b56ddb82ee639958c2e8056ad2e82b)

2.42.1 (2025-10-30)

Bug Fixes

2.42.0 (2025-10-24)

Features

  • Add trust boundary support for external accounts. (#1809) (36ecb1d)

... (truncated)

Commits
  • 89a8838 chore: librarian release pull request: 20251105T230735Z (#1863)
  • 79564e2 chore: update prev version in state (#1862)
  • 1535ecc feat: Add public wrapper for _mtls_helper.check_use_client_cert which enables...
  • 54502a7 chore: update secret (#1860)
  • 395e405 feat: Enable mTLS if GOOGLE_API_USE_CLIENT_CERTIFICATE is not set, if the MW...
  • f2708b2 chore: secret upadte (#1857)
  • c503eaa feat: onboard google-auth to librarian (#1838)
  • 5d1b862 chore(main): release 2.42.1 (#1853)
  • b074cad fix: catch ValueError for json.loads() (#1842)
  • cb62f57 chore: secret update (#1851)
  • Additional commits viewable in compare view

Updates google-auth-httplib2 from 0.2.0 to 0.2.1

Release notes

Sourced from google-auth-httplib2's releases.

v0.2.1

0.2.1 (2025-10-30)

Bug Fixes

  • deps: Require google-auth >= 1.32.0,<3.0.0 (a69b725)
  • deps: Require httplib2 >= 0.19.0,<1.0.0 (a69b725)
  • Drop python 3.6; require python 3.7+ (a69b725)
  • Remove setup.cfg configuration for creating universal wheels (#191) (c2be0ae)
Changelog

Sourced from google-auth-httplib2's changelog.

0.2.1 (2025-10-30)

Bug Fixes

  • deps: Require google-auth >= 1.32.0,<3.0.0 (a69b725)
  • deps: Require httplib2 >= 0.19.0,<1.0.0 (a69b725)
  • Drop python 3.6; require python 3.7+ (a69b725)
  • Remove setup.cfg configuration for creating universal wheels (#191) (c2be0ae)
Commits ...

Description has been truncated

dependabot[bot] avatar Dec 01 '25 10:12 dependabot[bot]