Skip to content

deps(py)(deps): bump the python-non-major group across 1 directory with 8 updates#46

Closed
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/pip/backend/develop/python-non-major-91e5977a5d
Closed

deps(py)(deps): bump the python-non-major group across 1 directory with 8 updates#46
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/pip/backend/develop/python-non-major-91e5977a5d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-non-major group with 8 updates in the /backend directory:

Package From To
django 5.1.4 5.1.15
pillow 12.2.0 12.3.0
sentry-sdk 2.60.0 2.64.0
certifi 2026.5.20 2026.6.17
click 8.4.1 8.4.2
django-timezone-field 7.2.1 7.2.2
tzlocal 5.3.1 5.4.4
wcwidth 0.7.0 0.8.2

Updates django from 5.1.4 to 5.1.15

Commits
  • 6ef1f6f [5.1.x] Bumped version for 5.1.15 release.
  • 0db9ea4 [5.1.x] Fixed CVE-2025-64460 -- Corrected quadratic inner text accumulation i...
  • 9c6a5bd [5.1.x] Fixed CVE-2025-13372 -- Protected FilteredRelation against SQL inject...
  • e419ad8 [5.1.x] Added script to archive EOL stable branches.
  • ca4251d [5.1.x] Refs #36743 -- Added missing release notes for 5.1.15 and 4.2.27.
  • f354296 [5.1.x] Fixed #36743 -- Increased URL max length enforced in HttpResponseRedi...
  • cae6f5c [5.1.x] Added timeout-minutes directive to all GitHub Actions workflows.
  • 6f35c2e [5.1.x] Added stub release notes and release date for 5.1.15 and 4.2.27.
  • a9311fc [5.1.x] Configured dangerous-triggers zizmor rule.
  • dc29fe1 [5.1.x] Addressed unpinned-uses zizmor finding.
  • Additional commits viewable in compare view

Updates pillow from 12.2.0 to 12.3.0

Release notes

Sourced from pillow's releases.

12.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.3.0.html

Removals

Documentation

Dependencies

Testing

... (truncated)

Commits
  • bb1d8e8 12.3.0 version bump
  • e63fc48 Add release notes for SBOM and performance improvements (#9747)
  • 13b701b Add release notes for #9679
  • 5564ca7 List methods
  • a0920fd Speed up ImageChops operations (#9738)
  • 07e9a6c Speed up Image.filter() (#9736)
  • a94578c Speed up Image.getchannel(), Image.merge(), Image.putalpha() and `Image...
  • 53e02c4 Speed up Image.fill(), Image.linear_gradient() and `Image.radial_gradient...
  • af03747 Speed up Image.resample() (#9739)
  • 5c9ca56 Speed up alpha_composite, matrix, negative, quantize (#9740)
  • Additional commits viewable in compare view

Updates sentry-sdk from 2.60.0 to 2.64.0

Release notes

Sourced from sentry-sdk's releases.

2.64.0

The SDK now extracts all gen_ai spans out of a transaction and sends them as v2 envelope items by default. This prevents gen_ai spans from being dropped when the transaction payload exceeds size limits. Because they are no longer constrained by transaction size limits, AI message data is also no longer truncated. To keep the previous behavior, set stream_gen_ai_spans=False.

Self-hosted Sentry users should opt out with stream_gen_ai_spans=False, since streamed gen_ai spans may not be ingested by their Sentry instance.

Bug Fixes 🐛

Documentation 📚

Internal Changes 🔧

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.64.0

The SDK now extracts all gen_ai spans out of a transaction and sends them as v2 envelope items by default. This prevents gen_ai spans from being dropped when the transaction payload exceeds size limits. Because they are no longer constrained by transaction size limits, AI message data is also no longer truncated. To keep the previous behavior, set stream_gen_ai_spans=False.

Self-hosted Sentry users should opt out with stream_gen_ai_spans=False, since streamed gen_ai spans may not be ingested by their Sentry instance.

Bug Fixes 🐛

Documentation 📚

Internal Changes 🔧

... (truncated)

Commits
  • 9cb0167 Call out changed stream_gen_ai_spans default value
  • bdbe208 Update CHANGELOG.md
  • 8966e45 release: 2.64.0
  • 7074643 ci: 🤖 Update test matrix with new releases (06/29) (#6682)
  • b0f319f (test): exclude django 6.1 alphas and betas from tox (#6690)
  • a661615 (test): need to include the alpha tag for mcp package inclusion (#6688)
  • 9c83606 ci(mcp): Pin mcp package to <2.0.0 while alphas are in flight (#6687)
  • 1dd161d feat: Set sentry.trace_lifecycle attr in span streaming (#6684)
  • 5dabd02 fix(pydantic-ai): Stop truncating in the streaming trace lifecycle (#6659)
  • 7991f71 ref: Make stream_gen_ai_spans opt out (#6658)
  • Additional commits viewable in compare view

Updates certifi from 2026.5.20 to 2026.6.17

Commits

Updates click from 8.4.1 to 8.4.2

Release notes

Sourced from click's releases.

8.4.2

This is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.4.2/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-2 Milestone: https://github.com/pallets/click/milestone/34

  • Fix Fish shell completion broken in 8.4.0 by #3126. Newlines and tabs in option help text are now escaped, keeping the original completion format while still supporting multi-line help. #3502 #3043 #3504 #3508
  • Deprecated commands and options with empty or missing help text no longer render a stray leading space before the (DEPRECATED) label. #3509
  • A {class}Group with invoke_without_command=True marks its subcommand as optional in the usage help, showing [COMMAND] instead of COMMAND. #3059 #3507
  • echo_via_pager flushes after each write, so passing a generator streams output to the pager incrementally instead of staying hidden until the pipe buffer fills. #3242 #2542 #3534
  • echo_via_pager and get_pager_file no longer close a borrowed stdout stream when no external pager runs, completing the partial I/O operation on closed file fix from #3482. #3449 #3533
  • Fix CLI usage symopsis for optional arguments producing double square brackets [[a|b|c]]... whose type already brackets their metavar. #3578
  • {func}version_option resolves a package_name that does not match an installed distribution as an import (top-level module) name via {func}importlib.metadata.packages_distributions. Packages whose top-level module name differs from their distribution name (PIL vs Pillow, jwt vs PyJWT) no longer raise RuntimeError out of the box. #2331 #1884 #3125 #3582
Changelog

Sourced from click's changelog.

Version 8.4.2

Released 2026-06-24

  • Fix Fish shell completion broken in 8.4.0 by {pr}3126. Newlines and tabs in option help text are now escaped, keeping the original completion format while still supporting multi-line help. {issue}3502 {issue}3043 {pr}3504 {pr}3508
  • Deprecated commands and options with empty or missing help text no longer render a stray leading space before the (DEPRECATED) label. {pr}3509
  • A {class}Group with invoke_without_command=True marks its subcommand as optional in the usage help, showing [COMMAND] instead of COMMAND. {issue}3059 {pr}3507
  • echo_via_pager flushes after each write, so passing a generator streams output to the pager incrementally instead of staying hidden until the pipe buffer fills. {issue}3242 {issue}2542 {pr}3534
  • echo_via_pager and get_pager_file no longer close a borrowed stdout stream when no external pager runs, completing the partial I/O operation on closed file fix from {pr}3482. {issue}3449 {pr}3533
  • Fix CLI usage symopsis for optional arguments producing double square brackets [[a|b|c]]... whose type already brackets their metavar. {pr}3578
  • {func}version_option resolves a package_name that does not match an installed distribution as an import (top-level module) name via {func}importlib.metadata.packages_distributions. Packages whose top-level module name differs from their distribution name (PIL vs Pillow, jwt vs PyJWT) no longer raise RuntimeError out of the box. {issue}2331 {issue}1884 {issue}3125 {pr}3582
Commits
  • b2e30a1 Release version 8.4.2
  • 7a16b20 Fix package_name resolution when module differs from distribution name (#3582)
  • bec5928 Fix package_name resolution when top-level module differs from distribution...
  • 916883a Fix tests to not rely on -Wdefault option (#3591)
  • 09195f6 Fix double-bracketing of choices in synopsis (#3578)
  • 1557e26 Check for warning exception with idiomatic context manager
  • d9ff133 Static typing improvements in click.shell_completion (#3460)
  • 762c97e Fix double-bracketing of choices in synopsis
  • 8929d39 Convert changes to markdown. (#3559)
  • 237be50 Move changes headings down a level.
  • Additional commits viewable in compare view

Updates django-timezone-field from 7.2.1 to 7.2.2

Commits

Updates tzlocal from 5.3.1 to 5.4.4

Changelog

Sourced from tzlocal's changelog.

5.4.4 (2026-06-29)

  • Improved handling if you have a syntax error in /etc/clock.

5.4.3 (2026-06-17)

  • Moved the tests back, removed the ones that check for symlinks. See issue #146

5.4.2 (2026-06-16)

  • [Yanked for distribution issues]

5.4.1 (2026-06-16)

  • [Yanked for distribution issues]

5.4 (2026-06-15)

  • Open files with Zone names as ascii.

  • Moved tests under tzlocal/tests and include them in distributions.

  • Dropped support for Python 3.9 and added support for 3.14.

Commits
  • 42dfd05 Preparing release 5.4.4
  • fa95c1d Fixing a failure if you have a syntax error in /etc/clock (#182)
  • 4bed98b Back to development: 5.4.4
  • 0d7e42c Preparing release 5.4.3
  • c07a82c Something got messed up in pyproject.toml
  • d415450 Back to development: 5.4.3
  • e1c41bf Preparing release 5.4.2
  • 6818f13 Merge branch 'master' of github.com:regebro/tzlocal
  • 2aa45f7 Back to development: 5.4.2
  • 0af7719 Preparing release 5.4.1
  • Additional commits viewable in compare view

Updates wcwidth from 0.7.0 to 0.8.2

Release notes

Sourced from wcwidth's releases.

0.8.2: bugfix: IndexError when 'n' exceeds length

Full Changelog: jquast/wcwidth@0.8.1...0.8.2

0.8.1: Improved corrections tables

Full Changelog: jquast/wcwidth@0.8.0...0.8.1

0.8.0: new terminal-aware wcstwidth() function

  • New support for Variation Selector 15 Emojis as narrow, #211.
  • New argument, term_program for wcstwidth(), width(), clip(), wrap(), ljust(), rjust(), and center(). False disables corrections; True auto-detects by TERM_PROGRAM or TERM; string values accept canonical names matching list_term_programs(). wcstwidth()_ defaults to True; all other functions default to False.
  • Improved performance on Python 3.15 using standard library iter_graphemes() #206.
  • Improved memory usage and import time for Python 3.15 using lazy imports #221.
  • Bugfix Invisible_Stacker viramas now form conjuncts (Burmese, Khmer, etc.) and change some Virama width calculations to match jacobsandlund/uucode_ (ghostty) #223.
  • Updated graphemes width maximum now 2, matching Ghostty, foot, and Windows Terminal #224.

Full Changelog: jquast/wcwidth@0.7.0...0.8.0

Commits
  • 4c91403 bugfix: IndexError when 'n' exceeds length (#228)
  • d1c99fe hyperlink and wordfix
  • edb344a set to 0.8.1 not 2, not yet
  • 00d6fef Improve corrections tables (zeroer, narrow_wider, narrow_zeroer) (#226)
  • e8405a6 'of of' -> 'of', formatting
  • 1de17df set release date for 0.8.0 in readme
  • 9df7261 more docs
  • be0fdb2 document better
  • 2d9925b wcstwidth(term_program=True) default argument
  • 169c846 Terminal software identity-assisted wcswidth() (#220)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…th 8 updates

Bumps the python-non-major group with 8 updates in the /backend directory:

| Package | From | To |
| --- | --- | --- |
| [django](https://github.com/django/django) | `5.1.4` | `5.1.15` |
| [pillow](https://github.com/python-pillow/Pillow) | `12.2.0` | `12.3.0` |
| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.60.0` | `2.64.0` |
| [certifi](https://github.com/certifi/python-certifi) | `2026.5.20` | `2026.6.17` |
| [click](https://github.com/pallets/click) | `8.4.1` | `8.4.2` |
| [django-timezone-field](https://github.com/mfogel/django-timezone-field) | `7.2.1` | `7.2.2` |
| [tzlocal](https://github.com/regebro/tzlocal) | `5.3.1` | `5.4.4` |
| [wcwidth](https://github.com/jquast/wcwidth) | `0.7.0` | `0.8.2` |



Updates `django` from 5.1.4 to 5.1.15
- [Commits](django/django@5.1.4...5.1.15)

Updates `pillow` from 12.2.0 to 12.3.0
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@12.2.0...12.3.0)

Updates `sentry-sdk` from 2.60.0 to 2.64.0
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](getsentry/sentry-python@2.60.0...2.64.0)

Updates `certifi` from 2026.5.20 to 2026.6.17
- [Commits](certifi/python-certifi@2026.05.20...2026.06.17)

Updates `click` from 8.4.1 to 8.4.2
- [Release notes](https://github.com/pallets/click/releases)
- [Changelog](https://github.com/pallets/click/blob/main/CHANGES.md)
- [Commits](pallets/click@8.4.1...8.4.2)

Updates `django-timezone-field` from 7.2.1 to 7.2.2
- [Commits](mfogel/django-timezone-field@7.2.1...7.2.2)

Updates `tzlocal` from 5.3.1 to 5.4.4
- [Changelog](https://github.com/regebro/tzlocal/blob/master/CHANGES.txt)
- [Commits](regebro/tzlocal@5.3.1...5.4.4)

Updates `wcwidth` from 0.7.0 to 0.8.2
- [Release notes](https://github.com/jquast/wcwidth/releases)
- [Commits](jquast/wcwidth@0.7.0...0.8.2)

---
updated-dependencies:
- dependency-name: django
  dependency-version: 5.1.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-non-major
- dependency-name: pillow
  dependency-version: 12.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-non-major
- dependency-name: sentry-sdk
  dependency-version: 2.64.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-non-major
- dependency-name: certifi
  dependency-version: 2026.6.17
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-non-major
- dependency-name: click
  dependency-version: 8.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-non-major
- dependency-name: django-timezone-field
  dependency-version: 7.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-non-major
- dependency-name: tzlocal
  dependency-version: 5.4.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-non-major
- dependency-name: wcwidth
  dependency-version: 0.8.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-non-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: backend, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot @github

dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 13, 2026
@dependabot dependabot Bot deleted the dependabot/pip/backend/develop/python-non-major-91e5977a5d branch July 13, 2026 09:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants