chore(deps): Bump the dependencies group across 1 directory with 11 updates by dependabot[bot] · Pull Request #283 · Debakel/Dumpstermap

dependabot · 2026-04-01T06:20:46Z

Bumps the dependencies group with 10 updates in the / directory:

Package	From	To
requests	`2.32.5`	`2.33.1`
gunicorn	`25.0.1`	`25.3.0`
dj-database-url	`3.1.0`	`3.1.2`
django-environ	`0.12.0`	`0.13.0`
pytest-django	`4.11.1`	`4.12.0`
python-dotenv	`1.2.1`	`1.2.2`
sentry-sdk	`2.51.0`	`2.57.0`
pytz	`2025.2`	`2026.1.post1`
whitenoise	`6.11.0`	`6.12.0`
geopandas	`1.1.2`	`1.1.3`

Updates requests from 2.32.5 to 2.33.1

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)

Fixed Content-Type header parsing for malformed values. (#7309)

Improved error consistency for malformed header values. (#7308)

New Contributors

@ferdnyc made their first contribution in psf/requests#7277

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

v2.33.0

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

New Contributors

@M0d3v1 made their first contribution in psf/requests#6865

@aminvakil made their first contribution in psf/requests#7220

@E8Price made their first contribution in psf/requests#6960

@mitre88 made their first contribution in psf/requests#7244

@magsen made their first contribution in psf/requests#6553

@Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)

Fixed Content-Type header parsing for malformed values. (#7309)

Improved error consistency for malformed header values. (#7308)

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

Commits

111d2b7 v2.33.1
f0198e6 Fix malformed value parsing for Content-Type (#7309)
bc7dd0f Fix cosmetic header validity parsing regex (#7308)
4443b1a Fix unintended test extra (#7306)
389eea5 Cleanup extracted file after extract_zipped_path test (#7305)
7407309 Packaging: DRY out extras definition (#7277)
bc04dfd v2.33.0
66d21cb Merge commit from fork
8b9bc8f Move badges to top of README (#7293)
e331a28 Remove unused extraction call (#7292)
Additional commits viewable in compare view

Updates gunicorn from 25.0.1 to 25.3.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 25.3.0

Bug Fixes

HTTP/2 ASGI Body Duplication: Fix request body being received twice in HTTP/2 ASGI requests, causing JSON parsing errors with "Extra data" messages (#3558)

ASGI Chunked EOF Handling: Add finish() method to callback parser to handle chunked encoding edge case where connection closes before final CRLF after zero-chunk

HTTP/2 Documentation: Fix http_protocols examples to use comma-separated string instead of list syntax (#3561)

Chunked Encoding: Reject chunk extensions containing bare CR bytes per RFC 9112 (#3556)

Request Line Limit: Fix --limit-request-line 0 to mean unlimited as documented, instead of using default maximum. Works with both Python and fast C parser. (#3563)

Security

ASGI Parser Header Validation: Add security checks per RFC 9110/9112:

Reject duplicate Content-Length headers

Reject requests with both Content-Length and Transfer-Encoding

Reject chunked transfer encoding in HTTP/1.0

Reject stacked chunked encoding

Validate Transfer-Encoding values

Strict chunk size validation

Changes

Fast HTTP Parser: Update to gunicorn_h1c >= 0.6.3 for asgi_headers property and InvalidChunkExtension validation for bare CR rejection

ASGI PROXY Protocol: Add PROXY protocol v1/v2 support to callback parser

Docker Images: Update to Python 3.14

Gunicorn 25.2.0

New Features

Fast HTTP Parser (gunicorn_h1c 0.4.1): Integrate new exception types and limit parameters from gunicorn_h1c 0.4.1 for both WSGI and ASGI workers

Requires gunicorn_h1c >= 0.4.1 for http_parser='fast'

Falls back to Python parser in auto mode if version not met

Proper HTTP status codes for limit errors (414, 431)

Bug Fixes

uWSGI Async Workers: Fix InvalidUWSGIHeader: incomplete header error when using gevent or gthread workers with uwsgi protocol behind nginx. (#3552, [PR #3554](benoitc/gunicorn#3554))

... (truncated)

Commits

9bce72c Update changelog with missing 25.3.0 changes
2a15fdb Fix pylint isinstance-second-argument-not-valid-type warning
8d08aaa Fix --limit-request-line 0 to mean unlimited
d40a374 Fix pytest-asyncio configuration and treq_asgi hex escapes
da8bd48 Remove unused AsyncRequest class
b00f125 Integrate gunicorn_h1c 0.6.3 with InvalidChunkExtension support
bdb2ebd Reject chunk extensions with bare CR bytes (RFC 9112)
7057fc9 Fix http_protocols documentation to use string syntax
d43acb8 Update to gunicorn_h1c >= 0.6.2 for asgi_headers support
cbd27e8 Merge pull request #3559 from benleembruggen/fix/http2-asgi-body-duplication
Additional commits viewable in compare view

Updates dj-database-url from 3.1.0 to 3.1.2

Release notes

Sourced from dj-database-url's releases.

v3.1.2

What's Changed

Bump cryptography from 46.0.3 to 46.0.5 by @dependabot[bot] in jazzband/dj-database-url#293

Bump django from 5.2.9 to 5.2.11 by @dependabot[bot] in jazzband/dj-database-url#294

Bump urllib3 from 2.6.2 to 2.6.3 by @dependabot[bot] in jazzband/dj-database-url#295

Bump wheel from 0.45.1 to 0.46.2 by @dependabot[bot] in jazzband/dj-database-url#296

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jazzband/dj-database-url#297

New Contributors

@dependabot[bot] made their first contribution in jazzband/dj-database-url#293

Full Changelog: jazzband/dj-database-url@v3.1.1...v3.1.2

v3.1.1

What's Changed

Add tests directory to source distribution by @yohaann196 in jazzband/dj-database-url#285

Switch linting and formatting from flake8+isort+black to ruff; add typos to pre-commit; fix typos by @akx in jazzband/dj-database-url#281

Add project URLs to pyproject.toml by @luzfcb in jazzband/dj-database-url#287

Update .pre-commit-config.yaml to use pinned version numbers. by @mattseymour in jazzband/dj-database-url#289

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jazzband/dj-database-url#291

New Contributors

@yohaann196 made their first contribution in jazzband/dj-database-url#285

@luzfcb made their first contribution in jazzband/dj-database-url#287

Full Changelog: jazzband/dj-database-url@v3.1.0...v3.1.1

Changelog

Sourced from dj-database-url's changelog.

CHANGELOG

Commits

e77149f [pre-commit.ci] pre-commit autoupdate (#297)
6beffe6 Fix a regression in adding tests/ dir to source package
f9c3130 Bump wheel from 0.45.1 to 0.46.2 (#296)
5337838 Bump urllib3 from 2.6.2 to 2.6.3 (#295)
6fc3664 Bump django from 5.2.9 to 5.2.11 (#294)
19805c9 Bump cryptography from 46.0.3 to 46.0.5 (#293)
1b102cd Update project URLs in pyproject.toml
e41afda [pre-commit.ci] pre-commit autoupdate (#291)
dba6077 Update .pre-commit-config.yaml to use pinned version numbers. (#289)
e6f4ccc Add pytest to dependencies
Additional commits viewable in compare view

Updates django from 6.0.1 to 6.0.3

Commits

a0d3bdb [6.0.x] Bumped version for 6.0.3 release.
264d5c7 [6.0.x] Fixed CVE-2026-25674 -- Prevented potentially incorrect permissions o...
b1444d9 [6.0.x] Fixed CVE-2026-25673 -- Simplified URLField scheme detection.
1b22d53 [6.0.x] Fixed #36961 -- Fixed TypeError in deprecation warnings if Django is ...
27ed90a [6.0.x] Ensured spelling checks pass OK.
659bacf [6.0.x] Aligned docs checks between GitHub Actions and local development.
e65c412 [6.0.x] Adjusted default DoS severity level in Security Policy.
5b70253 [6.0.x] Fixed #36848 -- Mentioned BadRequest exception in docs/ref/views.txt.
3a04b22 [6.0.x] Fixed #36951 -- Removed empty exc_info from log_task_finished signal ...
d112203 [6.0.x] Fixed #36944 -- Removed MAX_LENGTH_HTML and related 5M chars limit re...
Additional commits viewable in compare view

Updates django-environ from 0.12.0 to 0.13.0

Release notes

Sourced from django-environ's releases.

v0.13.0

v0.13.0_ - 18-February-2026

Added +++++

Added optional warnings when defaults are used [#582](https://github.com/joke2k/django-environ/issues/582) <https://github.com/joke2k/django-environ/pull/582>_.

Added choices argument support for value validation in Env.str(...) [#555](https://github.com/joke2k/django-environ/issues/555) <https://github.com/joke2k/django-environ/pull/555>_.

Added Valkey support via valkey:// and valkeys:// cache URL schemes [#554](https://github.com/joke2k/django-environ/issues/554) <https://github.com/joke2k/django-environ/pull/554>_.

Added support for rediss:// scheme in channels URL parsing [#573](https://github.com/joke2k/django-environ/issues/573) <https://github.com/joke2k/django-environ/pull/573>_.

Added django-prometheus database backend aliases to DB URL parsing schemes [#559](https://github.com/joke2k/django-environ/issues/559) <https://github.com/joke2k/django-environ/pull/559>_.

Changed +++++++

Declared support for Python 3.14 [#580](https://github.com/joke2k/django-environ/issues/580) <https://github.com/joke2k/django-environ/pull/580>_.

Declared support for Django 5.2 and Django 6.0 [#578](https://github.com/joke2k/django-environ/issues/578) <https://github.com/joke2k/django-environ/pull/578>_.

Fixed +++++

Improved type hint coverage and related lint issues [#546](https://github.com/joke2k/django-environ/issues/546) <https://github.com/joke2k/django-environ/pull/546>_.

Fixed typos in the FAQ page [#445](https://github.com/joke2k/django-environ/issues/445) <https://github.com/joke2k/django-environ/pull/445>_.

v0.12.1

Changelog

Fixed

Fixed PostgreSQL cluster URL parsing with bracketed IPv6 hosts in recent Python versions, preventing failures in runtime URL parsing and related regression tests [#574](https://github.com/joke2k/django-environ/issues/574) <https://github.com/joke2k/django-environ/issues/574>_.

Fixed debug logging in Env.get_value() to avoid evaluating lazy default objects when DEBUG logging is enabled [#571](https://github.com/joke2k/django-environ/issues/571) <https://github.com/joke2k/django-environ/issues/571>_.

Changelog

Sourced from django-environ's changelog.

v0.13.0_ - 18-February-2026

Added +++++

Added optional warnings when defaults are used [#582](https://github.com/joke2k/django-environ/issues/582) <https://github.com/joke2k/django-environ/pull/582>_.

Added choices argument support for value validation in Env.str(...) [#555](https://github.com/joke2k/django-environ/issues/555) <https://github.com/joke2k/django-environ/pull/555>_.

Added Valkey support via valkey:// and valkeys:// cache URL schemes [#554](https://github.com/joke2k/django-environ/issues/554) <https://github.com/joke2k/django-environ/pull/554>_.

Added support for rediss:// scheme in channels URL parsing [#573](https://github.com/joke2k/django-environ/issues/573) <https://github.com/joke2k/django-environ/pull/573>_.

Added django-prometheus database backend aliases to DB URL parsing schemes [#559](https://github.com/joke2k/django-environ/issues/559) <https://github.com/joke2k/django-environ/pull/559>_.

Changed +++++++

Declared support for Python 3.14 [#580](https://github.com/joke2k/django-environ/issues/580) <https://github.com/joke2k/django-environ/pull/581>_.

Declared support for Django 5.2 and Django 6.0 [#578](https://github.com/joke2k/django-environ/issues/578) <https://github.com/joke2k/django-environ/pull/578>_.

Fixed +++++

Improved type hint coverage and related lint issues [#546](https://github.com/joke2k/django-environ/issues/546) <https://github.com/joke2k/django-environ/pull/546>_.

Fixed typos in the FAQ page [#445](https://github.com/joke2k/django-environ/issues/445) <https://github.com/joke2k/django-environ/pull/445>_.

v0.12.1_ - 13-February-2026

Fixed +++++

Fixed PostgreSQL cluster URL parsing with bracketed IPv6 hosts in recent Python versions, preventing failures in runtime URL parsing and related regression tests [#574](https://github.com/joke2k/django-environ/issues/574) <https://github.com/joke2k/django-environ/issues/574>_.

Fixed debug logging in Env.get_value() to avoid evaluating lazy default objects when DEBUG logging is enabled [#571](https://github.com/joke2k/django-environ/issues/571) <https://github.com/joke2k/django-environ/issues/571>_.

Commits

00746d0 docs: add Django 5.2 and 6.0 support to README
d1f1159 Release 0.13.0
d82e361 Add optional warnings when defaults are used (#582)
a78f7c8 Fixed some typos in the FAQ page (#445)
24b299e Feature/add choice parameter and raise an exception if fetched value is not w...
c441413 Add django-prometheus database backends to DB_SCHEMES (#559)
98a0aad Fix lint issues in environ type hints
f4e77e4 feat(cache): add valkey and valkeys as allowed schemes (#554)
dd4d308 Add type hints (#546)
3137c4f Support lower case options for Django Redis cache backend (#550)
Additional commits viewable in compare view

Updates pytest-django from 4.11.1 to 4.12.0

Changelog

Sourced from pytest-django's changelog.

v4.12.0 (2026-02-14)

Compatibility ^^^^^^^^^^^^^

Official Python 3.14 support.

Dropped support for Python 3.9, minimum version is now Python 3.10.

Official Django 6.0 support.

Improvements ^^^^^^^^^^^^

The :ref:multiple databases <multi-db> support added in v4.3.0 is no longer considered experimental.

Added :func:@pytest.mark.django_isolate_apps <pytest.mark.django_isolate_apps> for isolating Django's app registry in pytest tests, and a :fixture:django_isolated_apps fixture to access the isolated Apps registry instance if needed.

Commits

a2a9495 Release 4.12.0
020bc23 tests: make sure access to default can also be blocked
bcefbe8 Add support for isolating apps in tests
39c8dcc plugin: add a note why we reorder tests
1830acd pyproject.toml: require pytest 9 for self tests, switch to native toml config...
f19da08 Fix the order of the test cases that use the live_server fixture
92858ee docs: add pytest 9.0+ native TOML configuration format
3f550d9 build(deps): bump hynek/build-and-inspect-python-package
1f50dd2 Drop obsolete traces of Django 5.0 in CI
247ec1c Fix PytestCollectionWarning for TestRunner class (#1259)
Additional commits viewable in compare view

Updates python-dotenv from 1.2.1 to 1.2.2

Release notes

Sourced from python-dotenv's releases.

v1.2.2

Added

Support for Python 3.14, including the free-threaded (3.14t) build. (#)

Changed

The dotenv run command now forwards flags directly to the specified command by @bbc2 in theskumar/python-dotenv#607

Improved documentation clarity regarding override behavior and the reference page.

Updated PyPy support to version 3.11.

Documentation for FIFO file support.

Support for Python 3.9.

Fixed

Improved set_key and unset_key behavior when interacting with symlinks by @bbc2 in #790c5

Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by @JYOuyang in theskumar/python-dotenv#590

Breaking Changes

dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Misc

skip 000 permission tests for root user by @burnout-projects in theskumar/python-dotenv#561

Bump actions/checkout from 5 to 6 in the github-actions group by @dependabot[bot] in theskumar/python-dotenv#593

Add Windows testing to CI by @bbc2 in theskumar/python-dotenv#604

Improve workflow efficiency with best practices by @theskumar in theskumar/python-dotenv#609

Remove the use of sh in tests by @bbc2 in theskumar/python-dotenv#612

New Contributors

@JYOuyang made their first contribution in theskumar/python-dotenv#590

@burnout-projects made their first contribution in theskumar/python-dotenv#561

@cpackham-atlnz made their first contribution in theskumar/python-dotenv#597

Full Changelog: theskumar/python-dotenv@v1.2.1...v1.2.2

Changelog

Sourced from python-dotenv's changelog.

[1.2.2] - 2026-03-01

Added

Support for Python 3.14, including the free-threaded (3.14t) build. (#588)

Changed

The dotenv run command now forwards flags directly to the specified command by [@bbc2] in #607

Improved documentation clarity regarding override behavior and the reference page.

Updated PyPy support to version 3.11.

Documentation for FIFO file support.

Dropped Support for Python 3.9.

Fixed

Improved set_key and unset_key behavior when interacting with symlinks by [@bbc2] in [790c5c0]

Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@JYOuyang] in #590

Breaking Changes

dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Commits

36004e0 Bump version: 1.2.1 → 1.2.2
eb20252 docs: update changelog for v1.2.2
790c5c0 Merge commit from fork
43340da Remove the use of sh in tests (#612)
09d7cee docs: clarify override behavior and document FIFO support (#610)
c8de288 ci: improve workflow efficiency with best practices (#609)
7bd9e3d Add Windows testing to CI (#604)
1baaf04 Drop Python 3.9 support and update to PyPy 3.11 (#608)
4a22cf8 ci: enable testing on Python 3.14t (free-threaded) (#588)
e2e8e77 Fix license specifier (#597)
Additional commits viewable in compare view

Updates sentry-sdk from 2.51.0 to 2.57.0

Release notes

Sourced from sentry-sdk's releases.

2.57.0

New Features ✨

Langchain

Set gen_ai.operation.name and gen_ai.pipeline.name on LLM spans by @ericapisani in #5849

Broaden AI provider detection beyond OpenAI and Anthropic by @ericapisani in #5707

Update LLM span operation to gen_ai.generate_text by @ericapisani in #5796

Other

Add experimental async transport by @BYK in #5646

See Experimental async transport: your feedback is needed getsentry/sentry-python#5919 for details.

Bug Fixes 🐛

Openai

Only wrap types with _iterator for streamed responses by @alexander-alderman-webb in #5917

Always set gen_ai.response.streaming for Responses by @alexander-alderman-webb in #5697

Simplify Responses input handling by @alexander-alderman-webb in #5695

Use max_output_tokens for Responses API by @alexander-alderman-webb in #5693

Always set gen_ai.response.streaming for Completions by @alexander-alderman-webb in #5692

Simplify Completions input handling by @alexander-alderman-webb in #5690

Simplify embeddings input handling by @alexander-alderman-webb in #5688

Other

(google-genai) Guard response extraction by @alexander-alderman-webb in #5869

Add cycle detection to exceptions_from_error by @ericapisani in #5880

Internal Changes 🔧

Ai

Remove unused GEN_AI_PIPELINE operation constant by @ericapisani in #5886

Rename generate_text to text_completion by @ericapisani in #5885

Langchain

Add text completion test by @alexander-alderman-webb in #5740

Add tool execution test by @alexander-alderman-webb in #5739

Add basic agent test with Responses call by @alexander-alderman-webb in #5726

Replace mocks with httpx types by @alexander-alderman-webb in #5724

Consolidate span origin assertion by @alexander-alderman-webb in #5723

Consolidate available tools assertion by @alexander-alderman-webb in #5721

Openai

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.57.0

New Features ✨

Langchain

Set gen_ai.operation.name and gen_ai.pipeline.name on LLM spans by @ericapisani in #5849

Broaden AI provider detection beyond OpenAI and Anthropic by @ericapisani in #5707

Update LLM span operation to gen_ai.generate_text by @ericapisani in #5796

Other

Add experimental async transport by @BYK in #5646

See Experimental async transport: your feedback is needed getsentry/sentry-python#5919 for details.

Bug Fixes 🐛

Openai

Only wrap types with _iterator for streamed responses by @alexander-alderman-webb in #5917

Always set gen_ai.response.streaming for Responses by @alexander-alderman-webb in #5697

Simplify Responses input handling by @alexander-alderman-webb in #5695

Use max_output_tokens for Responses API by @alexander-alderman-webb in #5693

Always set gen_ai.response.streaming for Completions by @alexander-alderman-webb in #5692

Simplify Completions input handling by @alexander-alderman-webb in #5690

Simplify embeddings input handling by @alexander-alderman-webb in #5688

Other

(google-genai) Guard response extraction by @alexander-alderman-webb in #5869

Add cycle detection to exceptions_from_error by @ericapisani in #5880

Internal Changes 🔧

Ai

Remove unused GEN_AI_PIPELINE operation constant by @ericapisani in #5886

Rename generate_text to text_completion by @ericapisani in #5885

Langchain

Add text completion test by @alexander-alderman-webb in #5740

Add tool execution test by @alexander-alderman-webb in #5739

Add basic agent test with Responses call by @alexander-alderman-webb in #5726

Replace mocks with httpx types by @alexander-alderman-webb in #5724

Consolidate span origin assertion by @alexander-alderman-webb in #5723

Consolidate available tools assertion by @alexander-alderman-webb in #5721

Openai

... (truncated)

Commits

9790785 Update CHANGELOG.md
21f5dc3 release: 2.57.0
ae28669 fix(openai): Only wrap types with _iterator for streamed responses (#5917)
2d91800 build(deps): bump getsentry/craft/.github/workflows/changelog-preview.yml fro...
9c97dac build(deps): bump getsentry/craft from 2.25.0 to 2.25.2 (#5911)
7516309 fix: Add cycle detection to exceptions_from_error (#5880)
2604409 feat: Add experimental async transport (port of PR #4572) (#5646)
49a5978 fix(ci): Update validate-pr action to remove draft enforcement (#5918)
b8a4945 ref(ai): Remove unused GEN_AI_PIPELINE operation constant (#5886)
e231708 ci: 🤖 Update test matrix with new releases (03/30) (#5912)
Additional commits viewable in compare view

Updates pytz from 2025.2 to 2026.1.post1

Commits

02509d0 Update test runners for new Pythons and github actions
43c1cb2 Bump version number to 2026.1.post1
6ee7e56 Try to access resource using importlib.resources
95fe75d Bump version number to 2026.1 (2026a)
7034275 Updates for upstream directory layout changes
4dd79d3 IANA 2026a
08d7e76 Squashed 'tz/' changes from 7e1145bfdb..e23c045f8f
b07d947 try to access resource using importlib.resources
See full diff in compare view

Updates whitenoise from 6.11.0 to 6.12.0

Changelog

Sourced from whitenoise's changelog.

6.12.0 (2026-02-27)

Drop Python 3.9 support.

Fix potential unauthorised file access vulnerability in "autorefesh" mode. See PR [#684](https://github.com/evansd/whitenoise/issues/684) <https://github.com/evansd/whitenoise/pull/684>__ for details, and a reminder that autorefresh mode has always been documented as unsuitable for production use. Thanks Seth Larson for reporting.

Commits

1e3a30b Version 6.12.0
bc4c738 Merge pull request #684 from evansd/use-commonpath
505ed8d Use os.path.commonpath() to identify child paths
b6d8ed4 Upgrade dependencies (#683)
edc79de [pre-commit.ci] pre-commit autoupdate (#682)
79fb2f1 Bump the github-actions group with 2 updates (#680)
2b245df [pre-commit.ci] pre-commit autoupdate (#681)
dcb50f3 Upgrade dependencies (#678)
1c4a746 [pre-commit.ci] pre-commit autoupdate (#677)
e7f970a Bump actions/checkout from 5 to 6 in the github-actions group (#676)
Additional commits viewable in compare view

Updates geopandas from 1.1.2 to 1.1.3

Release notes

Sourced from geopandas's releases.

Version 1.1.3

What's Changed

This release addresses a handful of small compatibility issues with pandas 3.0 and backports some bugfixes.

Bug fixes:

Improved compatibility with pandas 3.0 Copy-on-Write feature, making use of deferred copies where possible (#3298, #3711).

Fix GeoSeries.sample_points not accepting list-like size when generating points using pointpaterns (#3710).

Fix from_wkt/wkb to correctly handle missing values with pandas 3 (where the new str dtype is used) (#3714).

Fix to_postgis to correctly handle missing values with pandas 3 (where the new str dtype is used) (#3722).

Using loc to assign column values to a new row index now correctly preserves the column CRS and geometry dtype on pandas 3.1, due to an upstream bug fix (#3741, Pandas #62523)

Random states in pointpats methods of sample_points can now be fixed with rng (#3737).

Full Changelog: geopandas/geopandas@v1.1.2...v1.1.3

Changelog

Sourced from geopandas's changelog.

Version 1.1.3 (March 10, 2026)

This release addresses a handful of small compatibility issues with pandas 3.0 and backports some bugfixes.

Bug fixes:

Improved compatibility with pandas 3.0 Copy-on-Write feature, making use of deferred copies where possible (#3298, #3711).

Fix...
Description has been truncated

…pdates Bumps the dependencies group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.1` | | [gunicorn](https://github.com/benoitc/gunicorn) | `25.0.1` | `25.3.0` | | [dj-database-url](https://github.com/jazzband/dj-database-url) | `3.1.0` | `3.1.2` | | [django-environ](https://github.com/joke2k/django-environ) | `0.12.0` | `0.13.0` | | [pytest-django](https://github.com/pytest-dev/pytest-django) | `4.11.1` | `4.12.0` | | [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` | | [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.51.0` | `2.57.0` | | [pytz](https://github.com/stub42/pytz) | `2025.2` | `2026.1.post1` | | [whitenoise](https://github.com/evansd/whitenoise) | `6.11.0` | `6.12.0` | | [geopandas](https://github.com/geopandas/geopandas) | `1.1.2` | `1.1.3` | Updates `requests` from 2.32.5 to 2.33.1 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.5...v2.33.1) Updates `gunicorn` from 25.0.1 to 25.3.0 - [Release notes](https://github.com/benoitc/gunicorn/releases) - [Commits](benoitc/gunicorn@25.0.1...25.3.0) Updates `dj-database-url` from 3.1.0 to 3.1.2 - [Release notes](https://github.com/jazzband/dj-database-url/releases) - [Changelog](https://github.com/jazzband/dj-database-url/blob/master/CHANGELOG.md) - [Commits](jazzband/dj-database-url@v3.1.0...v3.1.2) Updates `django` from 6.0.1 to 6.0.3 - [Commits](django/django@6.0.1...6.0.3) Updates `django-environ` from 0.12.0 to 0.13.0 - [Release notes](https://github.com/joke2k/django-environ/releases) - [Changelog](https://github.com/joke2k/django-environ/blob/develop/CHANGELOG.rst) - [Commits](joke2k/django-environ@v0.12.0...v0.13.0) Updates `pytest-django` from 4.11.1 to 4.12.0 - [Release notes](https://github.com/pytest-dev/pytest-django/releases) - [Changelog](https://github.com/pytest-dev/pytest-django/blob/main/docs/changelog.rst) - [Commits](pytest-dev/pytest-django@v4.11.1...v4.12.0) Updates `python-dotenv` from 1.2.1 to 1.2.2 - [Release notes](https://github.com/theskumar/python-dotenv/releases) - [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md) - [Commits](theskumar/python-dotenv@v1.2.1...v1.2.2) Updates `sentry-sdk` from 2.51.0 to 2.57.0 - [Release notes](https://github.com/getsentry/sentry-python/releases) - [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md) - [Commits](getsentry/sentry-python@2.51.0...2.57.0) Updates `pytz` from 2025.2 to 2026.1.post1 - [Release notes](https://github.com/stub42/pytz/releases) - [Commits](stub42/pytz@release_2025.2...release_2026.1.post1) Updates `whitenoise` from 6.11.0 to 6.12.0 - [Changelog](https://github.com/evansd/whitenoise/blob/main/docs/changelog.rst) - [Commits](evansd/whitenoise@6.11.0...6.12.0) Updates `geopandas` from 1.1.2 to 1.1.3 - [Release notes](https://github.com/geopandas/geopandas/releases) - [Changelog](https://github.com/geopandas/geopandas/blob/main/CHANGELOG.md) - [Commits](geopandas/geopandas@v1.1.2...v1.1.3) --- updated-dependencies: - dependency-name: requests dependency-version: 2.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: gunicorn dependency-version: 25.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: dj-database-url dependency-version: 3.1.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: django dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: django-environ dependency-version: 0.13.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: pytest-django dependency-version: 4.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: python-dotenv dependency-version: 1.2.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: sentry-sdk dependency-version: 2.57.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: pytz dependency-version: 2026.1.post1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: whitenoise dependency-version: 6.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: geopandas dependency-version: 1.1.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-01T06:52:36Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 1, 2026

dependabot Bot closed this May 1, 2026

dependabot Bot deleted the dependabot/pip/dependencies-c096f9d037 branch May 1, 2026 06:52

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): Bump the dependencies group across 1 directory with 11 updates#283

chore(deps): Bump the dependencies group across 1 directory with 11 updates#283
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/dependencies-c096f9d037

dependabot Bot commented on behalf of github Apr 1, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v2.33.1

2.33.1 (2026-03-30)

New Contributors

v2.33.0

2.33.0 (2026-03-25)

New Contributors

2.33.1 (2026-03-30)

2.33.0 (2026-03-25)

Gunicorn 25.3.0

Bug Fixes

Security

Changes

Gunicorn 25.2.0

New Features

Bug Fixes

v3.1.2

What's Changed

New Contributors

v3.1.1

What's Changed

New Contributors

CHANGELOG

v0.13.0

v0.13.0_ - 18-February-2026

v0.12.1

Changelog

v0.13.0_ - 18-February-2026

v0.12.1_ - 13-February-2026

v4.12.0 (2026-02-14)

v1.2.2

Added

Changed

Fixed

Breaking Changes

Misc

New Contributors

[1.2.2] - 2026-03-01

Added

Changed

Fixed

Breaking Changes

2.57.0

New Features ✨

Langchain

Other

Bug Fixes 🐛

Openai

Other

Internal Changes 🔧

Ai

Langchain

Openai

2.57.0

New Features ✨

Langchain

Other

Bug Fixes 🐛

Openai

Other

Internal Changes 🔧

Ai

Langchain

Openai

6.12.0 (2026-02-27)

Version 1.1.3

What's Changed

Version 1.1.3 (March 10, 2026)

Uh oh!

dependabot Bot commented on behalf of github May 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

dependabot Bot commented on behalf of github Apr 1, 2026 •

edited

Loading

`v0.13.0`_ - 18-February-2026

`v0.13.0`_ - 18-February-2026

`v0.12.1`_ - 13-February-2026