chore(deps): bump the python-dependencies group with 11 updates#985
Open
dependabot[bot] wants to merge 1 commit into
Open
chore(deps): bump the python-dependencies group with 11 updates#985dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the python-dependencies group with 11 updates: | Package | From | To | | --- | --- | --- | | [bleach](https://github.com/mozilla/bleach) | `6.3.0` | `6.4.0` | | [coverage](https://github.com/coveragepy/coveragepy) | `7.14.1` | `7.14.3` | | [django](https://github.com/django/django) | `5.2.14` | `5.2.15` | | [django-haystack](https://github.com/django-haystack/django-haystack) | `3.3.0` | `3.4.0` | | [greenlet](https://github.com/python-greenlet/greenlet) | `3.5.1` | `3.5.3` | | [htmlgenerator](https://github.com/basxsoftwareassociation/htmlgenerator) | `1.2.32` | `1.2.33` | | [openai](https://github.com/openai/openai-python) | `2.40.0` | `2.44.0` | | [pillow](https://github.com/python-pillow/Pillow) | `12.2.0` | `12.3.0` | | [prettytable](https://github.com/prettytable/prettytable) | `3.17.0` | `3.18.0` | | [redis](https://github.com/redis/redis-py) | `7.4.0` | `7.4.1` | | [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/) | `4.14.3` | `4.15.0` | Updates `bleach` from 6.3.0 to 6.4.0 - [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES) - [Commits](mozilla/bleach@v6.3.0...v6.4.0) Updates `coverage` from 7.14.1 to 7.14.3 - [Release notes](https://github.com/coveragepy/coveragepy/releases) - [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst) - [Commits](coveragepy/coveragepy@7.14.1...7.14.3) Updates `django` from 5.2.14 to 5.2.15 - [Commits](django/django@5.2.14...5.2.15) Updates `django-haystack` from 3.3.0 to 3.4.0 - [Release notes](https://github.com/django-haystack/django-haystack/releases) - [Changelog](https://github.com/django-haystack/django-haystack/blob/master/docs/changelog.rst) - [Commits](django-haystack/django-haystack@v3.3.0...v3.4.0) Updates `greenlet` from 3.5.1 to 3.5.3 - [Changelog](https://github.com/python-greenlet/greenlet/blob/master/CHANGES.rst) - [Commits](python-greenlet/greenlet@3.5.1...3.5.3) Updates `htmlgenerator` from 1.2.32 to 1.2.33 - [Release notes](https://github.com/basxsoftwareassociation/htmlgenerator/releases) - [Commits](basxsoftwareassociation/htmlgenerator@v1.2.32...v1.2.33) Updates `openai` from 2.40.0 to 2.44.0 - [Release notes](https://github.com/openai/openai-python/releases) - [Changelog](https://github.com/openai/openai-python/blob/main/CHANGELOG.md) - [Commits](openai/openai-python@v2.40.0...v2.44.0) Updates `pillow` from 12.2.0 to 12.3.0 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@12.2.0...12.3.0) Updates `prettytable` from 3.17.0 to 3.18.0 - [Release notes](https://github.com/prettytable/prettytable/releases) - [Changelog](https://github.com/prettytable/prettytable/blob/main/CHANGELOG.md) - [Commits](prettytable/prettytable@3.17.0...3.18.0) Updates `redis` from 7.4.0 to 7.4.1 - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](redis/redis-py@v7.4.0...v7.4.1) Updates `beautifulsoup4` from 4.14.3 to 4.15.0 --- updated-dependencies: - dependency-name: bleach dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: coverage dependency-version: 7.14.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: django dependency-version: 5.2.15 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: django-haystack dependency-version: 3.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: greenlet dependency-version: 3.5.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: htmlgenerator dependency-version: 1.2.33 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: openai dependency-version: 2.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: pillow dependency-version: 12.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: prettytable dependency-version: 3.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: redis dependency-version: 7.4.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: beautifulsoup4 dependency-version: 4.15.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the python-dependencies group with 11 updates:
6.3.06.4.07.14.17.14.35.2.145.2.153.3.03.4.03.5.13.5.31.2.321.2.332.40.02.44.012.2.012.3.03.17.03.18.07.4.07.4.14.14.34.15.0Updates
bleachfrom 6.3.0 to 6.4.0Changelog
Sourced from bleach's changelog.
Commits
f0355a7fix: fix last release date in CHANGESae4e8a2chore: bleach 6.4.0 and final release970df58fix: uri-sanitization in formaction attributes7c4867cfix: xss bypass in allowed protocol test using unicode invisible characters913ab75fix: reduce redundancy in workflow jobs218c15afix: rework pip caching4f0b097fix: fix tox platform restrictionse95a79dchore: update pytest91539d4Bump actions/cache from 5.0.3 to 5.0.4cd47b4cfix: handle left-angle-bracket that's not a tag (#733)Updates
coveragefrom 7.14.1 to 7.14.3Changelog
Sourced from coverage's changelog.
Commits
22f13eadocs: sample HTML for 7.14.32ca4e5fdocs: prep for 7.14.301d714edocs: add changelog entry for #2203f36248dfix: don't emit 'Couldn't import C tracer' warning for 3.13t (#2203)86d73d1docs: thanks, Mengjia Shang3d4ae3cdocs: add the #2196 pr link to CHANGESf4b2b4dfix: exclude...bodies after multi-line return-type annotations (#2185) (#...1980ed0chore: bump sigstore/gh-action-sigstore-python (#2201)bca3217build: since we don't ship 3.13t, don't test it77550d8docs: oops, mismatched pull requestsUpdates
djangofrom 5.2.14 to 5.2.15Commits
21e9840[5.2.x] Bumped version for 5.2.15 release.9b62b0a[5.2.x] Fixed CVE-2026-48587 -- Ignored whitespace padding when checking Vary...050a3dc[5.2.x] Fixed CVE-2026-35193 -- Varied on Authorization when caching non-publ...366d9ae[5.2.x] Fixed CVE-2026-8404 -- Used Cache-Control directives case-insensitive...4e47d2b[5.2.x] Fixed CVE-2026-7666 -- Delayed setting SMTP connection until fully co...594360c[5.2.x] Fixed CVE-2026-6873 -- Prevented signed cookie salt namespace collisi...e074d83[5.2.x] Included commit hash in checksum file when building artifacts for rel...c502754[5.2.x] Updated links to severity levels in release notes.72f5b41[5.2.x] Added stub release notes and release date for 5.2.15.7084825[5.2.x] Refs #35844 -- Ran further selenium tests with --parallel=1.Updates
django-haystackfrom 3.3.0 to 3.4.0Release notes
Sourced from django-haystack's releases.
Commits
eb05f19Patch GHSA-r3hx-x5rh-p9vv for ElasticSearch 1.x users294bb04[pre-commit.ci] pre-commit autoupdate (#2057)9173441GitHub Actions: remove CodeQL8080047GitHub Actions: zizmor fixesfe84b1a[pre-commit.ci] pre-commit autoupdate (#2056)ef71d6f[pre-commit.ci] pre-commit autoupdate (#2054)9d9894bActions: limit permissions for tests847a469[pre-commit.ci] pre-commit autoupdate (#2050)c474f95Bump the github-actions group with 2 updates (#2051)7e1d806add postgres backend to backend_support.rstUpdates
greenletfrom 3.5.1 to 3.5.3Changelog
Sourced from greenlet's changelog.
Commits
6ee8c2cPreparing release 3.5.36ec0bbbMerge pull request #514 from python-greenlet/issue513-preserve-crit-sectionc03a7e6Py3.13+: Preserve thread state critical_section to prevent crash on free-thre...bc10829Speed up manylinux test runs by only running the core checks; only start many...c2db75dBack to development: 3.5.30b64e9cPreparing release 3.5.23e28d27Add change note for #512 [skip ci]6563c5eMerge pull request #512 from kumaraditya303/ft-memab6eff6add ignore for win 3.1041f5349revert back to fails_leakcheck_on_py314_or_lessUpdates
htmlgeneratorfrom 1.2.32 to 1.2.33Release notes
Sourced from htmlgenerator's releases.
Commits
154cccfbump version887dd23fix: exportf06e5adfix: exportUpdates
openaifrom 2.40.0 to 2.44.0Release notes
Sourced from openai's releases.
... (truncated)
Changelog
Sourced from openai's changelog.
Commits
6d9262drelease: 2.44.0d356275[codex] Add AWS Bedrock provider authentication (#3398)f47f9a2fix(auth): prioritize first auth headere20b6b8release: 2.43.04d35453feat(api): update OpenAPI spec or Stainless config2bba15erelease: 2.42.01ec3e82codegen metadata93c2ecafeat(api): manual updatesb269f88codegen metadataee821d6feat(api): admin spend_alertsUpdates
pillowfrom 12.2.0 to 12.3.0Release notes
Sourced from pillow's releases.
... (truncated)
Commits
bb1d8e812.3.0 version bumpe63fc48Add release notes for SBOM and performance improvements (#9747)13b701bAdd release notes for #96795564ca7List methodsa0920fdSpeed up ImageChops operations (#9738)07e9a6cSpeed upImage.filter()(#9736)a94578cSpeed upImage.getchannel(),Image.merge(),Image.putalpha()and `Image...53e02c4Speed upImage.fill(),Image.linear_gradient()and `Image.radial_gradient...af03747Speed upImage.resample()(#9739)5c9ca56Speed upalpha_composite,matrix,negative,quantize(#9740)Updates
prettytablefrom 3.17.0 to 3.18.0Release notes
Sourced from prettytable's releases.
Commits
069405fSpeed up import time (#471)95810e2Add support for Python 3.16 (#470)868b51eStop testing experimental Python 3.13t (#469)d02b216Expand tabs in cell values so columns stay aligned (#468)e4c9c69Drop stalealign/valignkeys whenfield_namesare renamed (#465)266ff5dDocumentheader_horizontal_charand remove a duplicate docstring line (#467)144749cPerformance: deprecate and defer import ofOptionsType(#462)23f3eb7Bump mypy from 1.20.2 to 2.1.0 in the pip group (#466)2fe26d3Bump mypy from 1.19.1 to 1.20.2 in the actions group (#464)e4babc3Hash pin GitHub Actions (#463)Updates
redisfrom 7.4.0 to 7.4.1Release notes
Sourced from redis's releases.
Commits
f93955cUpdating PyJWT dependency. (#4100)582cc35Backporting flaky test fixes and dependency vulnerabilities related changes680abe9Updating lib version to 7.4.1 and supported Redis server versions in README.md7c3188bPreserve explicit None for client metadata config (#4081)Updates
beautifulsoup4from 4.14.3 to 4.15.0Most Recent Ignore Conditions Applied to This Pull Request
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions