Skip to content

chore(deps): bump the python-dependencies group with 11 updates#985

Open
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/pip/dev/python-dependencies-3da10e0d61
Open

chore(deps): bump the python-dependencies group with 11 updates#985
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/pip/dev/python-dependencies-3da10e0d61

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-dependencies group with 11 updates:

Package From To
bleach 6.3.0 6.4.0
coverage 7.14.1 7.14.3
django 5.2.14 5.2.15
django-haystack 3.3.0 3.4.0
greenlet 3.5.1 3.5.3
htmlgenerator 1.2.32 1.2.33
openai 2.40.0 2.44.0
pillow 12.2.0 12.3.0
prettytable 3.17.0 3.18.0
redis 7.4.0 7.4.1
beautifulsoup4 4.14.3 4.15.0

Updates bleach from 6.3.0 to 6.4.0

Changelog

Sourced from bleach's changelog.

Version 6.4.0 (June 5th, 2026)

NOTE: 2026-06-05: Bleach is no longer maintained. There will be no future releases including for security issues. See issue: <https://github.com/mozilla/bleach/issues/698>__

Backwards incompatible changes

  • Dropped support for pypy 3.10. (#764)

Security fixes

  • Fix bug 2023812 / GHSA-8rfp-98v4-mmr6.

    Fix XSS issue with sanitize_uri_value where disallowed schemes with Unicode invisible characters wouldn't be rejected.

    For example::

    import bleach payload1 = 'Click' result1 = bleach.clean(payload1) print(repr(result1))

    outputs::

    'Click'

    See the advisory for details.

  • Fix GHSA-gj48-438w-jh9v.

    Fix issue where URI sanitization wasn't happening in formaction attributes.

    See the advisory for details.

Bug fixes

  • Add support for pypy 3.11. (#764)

  • Drop version max in tinycss2 pin. (#772)

    This removes one of the things we had to keep checking and updating. Users now own the responsibility for correctness with the version of tinycss2 they're using.

Commits
  • f0355a7 fix: fix last release date in CHANGES
  • ae4e8a2 chore: bleach 6.4.0 and final release
  • 970df58 fix: uri-sanitization in formaction attributes
  • 7c4867c fix: xss bypass in allowed protocol test using unicode invisible characters
  • 913ab75 fix: reduce redundancy in workflow jobs
  • 218c15a fix: rework pip caching
  • 4f0b097 fix: fix tox platform restrictions
  • e95a79d chore: update pytest
  • 91539d4 Bump actions/cache from 5.0.3 to 5.0.4
  • cd47b4c fix: handle left-angle-bracket that's not a tag (#733)
  • Additional commits viewable in compare view

Updates coverage from 7.14.1 to 7.14.3

Changelog

Sourced from coverage's changelog.

Version 7.14.3 — 2026-06-22

  • Fix: the default ... exclusion rule now also matches function bodies whose closing return-type bracket is on its own line (for example, after a long -> dict[ ... ] annotation that a formatter has split over multiple lines). Closes issue 2185, thanks Mengjia Shang <pull 2196_>.

  • Fix: On 3.13t, we incorrectly issued Couldn't import C tracer errors. We can't import the C tracer because in 7.14.2 we stopped shipping compiled wheels for 3.13t. Thanks, Hugo van Kemenade <pull 2203_>_.

.. _issue 2185: coveragepy/coveragepy#2185 .. _pull 2196: coveragepy/coveragepy#2196 .. _pull 2203: coveragepy/coveragepy#2203

.. _changes_7-14-2:

Version 7.14.2 — 2026-06-20

  • Fix: some messages were being written to stdout, making coverage json -o - useless for capturing JSON output. Now messages are written to stderr, fixing issue 2197_.

  • Fix: CoverageData kept one SQLite connection per thread that recorded coverage, but never closed them when those threads terminated. On long runs with many short-lived threads this leaked one file descriptor per dead thread, eventually failing with OSError: [Errno 24] Too many open files. Connections belonging to terminated threads are now closed and dropped. Fixes issue 2192. Thanks, Matthew Lloyd <pull 2193_>.

  • Fix: when using sys.monitoring, we were assuming we could use the COVERAGE_ID tool id. But other tools might also assume they could use that id. Pre-allocated ids don't really make sense, so now we search for a usable one instead. Fixes issue 2187_.

  • Following the advice of cibuildwheel <no-13t_>_, we no longer distribute wheels for Python 3.13 free-threaded.

.. _issue 2187: coveragepy/coveragepy#2187 .. _issue 2192: coveragepy/coveragepy#2192 .. _pull 2193: coveragepy/coveragepy#2193 .. _issue 2197: coveragepy/coveragepy#2197 .. _no-13t: https://py-free-threading.github.io/ci/#building-free-threaded-wheels-with-cibuildwheel

.. _changes_7-14-1:

Commits
  • 22f13ea docs: sample HTML for 7.14.3
  • 2ca4e5f docs: prep for 7.14.3
  • 01d714e docs: add changelog entry for #2203
  • f36248d fix: don't emit 'Couldn't import C tracer' warning for 3.13t (#2203)
  • 86d73d1 docs: thanks, Mengjia Shang
  • 3d4ae3c docs: add the #2196 pr link to CHANGES
  • f4b2b4d fix: exclude ... bodies after multi-line return-type annotations (#2185) (#...
  • 1980ed0 chore: bump sigstore/gh-action-sigstore-python (#2201)
  • bca3217 build: since we don't ship 3.13t, don't test it
  • 77550d8 docs: oops, mismatched pull requests
  • Additional commits viewable in compare view

Updates django from 5.2.14 to 5.2.15

Commits
  • 21e9840 [5.2.x] Bumped version for 5.2.15 release.
  • 9b62b0a [5.2.x] Fixed CVE-2026-48587 -- Ignored whitespace padding when checking Vary...
  • 050a3dc [5.2.x] Fixed CVE-2026-35193 -- Varied on Authorization when caching non-publ...
  • 366d9ae [5.2.x] Fixed CVE-2026-8404 -- Used Cache-Control directives case-insensitive...
  • 4e47d2b [5.2.x] Fixed CVE-2026-7666 -- Delayed setting SMTP connection until fully co...
  • 594360c [5.2.x] Fixed CVE-2026-6873 -- Prevented signed cookie salt namespace collisi...
  • e074d83 [5.2.x] Included commit hash in checksum file when building artifacts for rel...
  • c502754 [5.2.x] Updated links to severity levels in release notes.
  • 72f5b41 [5.2.x] Added stub release notes and release date for 5.2.15.
  • 7084825 [5.2.x] Refs #35844 -- Ran further selenium tests with --parallel=1.
  • Additional commits viewable in compare view

Updates django-haystack from 3.3.0 to 3.4.0

Release notes

Sourced from django-haystack's releases.

Test improvements and patching Patch GHSA-r3hx-x5rh-p9vv

What's Changed

New Contributors

Full Changelog: django-haystack/django-haystack@v3.3.0...v3.4.0

Commits

Updates greenlet from 3.5.1 to 3.5.3

Changelog

Sourced from greenlet's changelog.

3.5.3 (2026-06-26)

  • Fix a crash on free-threaded builds when multiple greenlets were holding a critical section on an object and the GIL for the thread was dropped. See issue 513 <https://github.com/python-greenlet/greenlet/issues/513>_. Thanks to ddorian.

3.5.2 (2026-06-17)

  • The minimum supported version of Python 3.15 is now 3.15b2.
  • Fix some garbage-collection related crashes on free-threaded Python 3.15. Thanks to Kumar Aditya in PR [#511](https://github.com/python-greenlet/greenlet/issues/511) <https://github.com/python-greenlet/greenlet/pull/511>_.
  • Improve garbage collection of greenlets. This mostly applies to Python 3.15. Thanks to Kumar Aditya in PR [#512](https://github.com/python-greenlet/greenlet/issues/512) <https://github.com/python-greenlet/greenlet/pull/512>_.
Commits
  • 6ee8c2c Preparing release 3.5.3
  • 6ec0bbb Merge pull request #514 from python-greenlet/issue513-preserve-crit-section
  • c03a7e6 Py3.13+: Preserve thread state critical_section to prevent crash on free-thre...
  • bc10829 Speed up manylinux test runs by only running the core checks; only start many...
  • c2db75d Back to development: 3.5.3
  • 0b64e9c Preparing release 3.5.2
  • 3e28d27 Add change note for #512 [skip ci]
  • 6563c5e Merge pull request #512 from kumaraditya303/ft-mem
  • ab6eff6 add ignore for win 3.10
  • 41f5349 revert back to fails_leakcheck_on_py314_or_less
  • Additional commits viewable in compare view

Updates htmlgenerator from 1.2.32 to 1.2.33

Release notes

Sourced from htmlgenerator's releases.

v1.2.33

Bug Fixes

Commits

  • 154cccf: bump version (Sam)
Commits

Updates openai from 2.40.0 to 2.44.0

Release notes

Sourced from openai's releases.

v2.44.0

2.44.0 (2026-06-24)

Full Changelog: v2.43.0...v2.44.0

Bug Fixes

  • auth: prioritize first auth header (797e336)

v2.43.0

2.43.0 (2026-06-17)

Full Changelog: v2.42.0...v2.43.0

Features

  • api: update OpenAPI spec or Stainless config (2254235)

v2.42.0

2.42.0 (2026-06-16)

Full Changelog: v2.41.1...v2.42.0

Features

  • api: admin spend_alerts (6134198)
  • api: manual updates (f337bf4)
  • api: update OpenAPI spec or Stainless config (7015158)

Build System

v2.41.1

2.41.1 (2026-06-05)

Full Changelog: v2.41.0...v2.41.1

Build System

  • Remove scheduled release workflow trigger (#3366) (2a91011)

v2.41.0

2.41.0 (2026-06-03)

Full Changelog: v2.40.0...v2.41.0

Features

... (truncated)

Changelog

Sourced from openai's changelog.

2.44.0 (2026-06-24)

Full Changelog: v2.43.0...v2.44.0

Bug Fixes

  • auth: prioritize first auth header (797e336)

2.43.0 (2026-06-17)

Full Changelog: v2.42.0...v2.43.0

Features

  • api: update OpenAPI spec or Stainless config (2254235)

2.42.0 (2026-06-16)

Full Changelog: v2.41.1...v2.42.0

Features

  • api: admin spend_alerts (6134198)
  • api: manual updates (f337bf4)
  • api: update OpenAPI spec or Stainless config (7015158)

Build System

2.41.1 (2026-06-05)

Full Changelog: v2.41.0...v2.41.1

Build System

  • Remove scheduled release workflow trigger (#3366) (2a91011)

2.41.0 (2026-06-03)

Full Changelog: v2.40.0...v2.41.0

Features

  • api: responses.moderation and chat_completions.moderation (87e46c2)
Commits

Updates pillow from 12.2.0 to 12.3.0

Release notes

Sourced from pillow's releases.

12.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.3.0.html

Removals

Documentation

Dependencies

Testing

... (truncated)

Commits
  • bb1d8e8 12.3.0 version bump
  • e63fc48 Add release notes for SBOM and performance improvements (#9747)
  • 13b701b Add release notes for #9679
  • 5564ca7 List methods
  • a0920fd Speed up ImageChops operations (#9738)
  • 07e9a6c Speed up Image.filter() (#9736)
  • a94578c Speed up Image.getchannel(), Image.merge(), Image.putalpha() and `Image...
  • 53e02c4 Speed up Image.fill(), Image.linear_gradient() and `Image.radial_gradient...
  • af03747 Speed up Image.resample() (#9739)
  • 5c9ca56 Speed up alpha_composite, matrix, negative, quantize (#9740)
  • Additional commits viewable in compare view

Updates prettytable from 3.17.0 to 3.18.0

Release notes

Sourced from prettytable's releases.

Release 3.18.0

Added

Changed

Deprecated

  • Performance: deprecate and defer import of OptionsType (#462) @​hugovk
  • Performance: deprecate and defer import of TableHandler (#460) @​hugovk

Fixed

Commits
  • 069405f Speed up import time (#471)
  • 95810e2 Add support for Python 3.16 (#470)
  • 868b51e Stop testing experimental Python 3.13t (#469)
  • d02b216 Expand tabs in cell values so columns stay aligned (#468)
  • e4c9c69 Drop stale align/valign keys when field_names are renamed (#465)
  • 266ff5d Document header_horizontal_char and remove a duplicate docstring line (#467)
  • 144749c Performance: deprecate and defer import of OptionsType (#462)
  • 23f3eb7 Bump mypy from 1.20.2 to 2.1.0 in the pip group (#466)
  • 2fe26d3 Bump mypy from 1.19.1 to 1.20.2 in the actions group (#464)
  • e4babc3 Hash pin GitHub Actions (#463)
  • Additional commits viewable in compare view

Updates redis from 7.4.0 to 7.4.1

Release notes

Sourced from redis's releases.

7.4.1

Changes

🐛 Bug Fixes

  • Preserve explicit None for client metadata config (#4081)

🧰 Maintenance

  • Updating PyJWT dependency. (#4100)
  • Addressing dependency vulnerabilities and flaky test fixes (source diff)

We'd like to thank all the contributors who worked on this release! @​elena-kolevska @​vladvildanov @​petyaslavova

Commits
  • f93955c Updating PyJWT dependency. (#4100)
  • 582cc35 Backporting flaky test fixes and dependency vulnerabilities related changes
  • 680abe9 Updating lib version to 7.4.1 and supported Redis server versions in README.md
  • 7c3188b Preserve explicit None for client metadata config (#4081)
  • See full diff in compare view

Updates beautifulsoup4 from 4.14.3 to 4.15.0

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
django [>= 6.dev0, < 7]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the python-dependencies group with 11 updates:

| Package | From | To |
| --- | --- | --- |
| [bleach](https://github.com/mozilla/bleach) | `6.3.0` | `6.4.0` |
| [coverage](https://github.com/coveragepy/coveragepy) | `7.14.1` | `7.14.3` |
| [django](https://github.com/django/django) | `5.2.14` | `5.2.15` |
| [django-haystack](https://github.com/django-haystack/django-haystack) | `3.3.0` | `3.4.0` |
| [greenlet](https://github.com/python-greenlet/greenlet) | `3.5.1` | `3.5.3` |
| [htmlgenerator](https://github.com/basxsoftwareassociation/htmlgenerator) | `1.2.32` | `1.2.33` |
| [openai](https://github.com/openai/openai-python) | `2.40.0` | `2.44.0` |
| [pillow](https://github.com/python-pillow/Pillow) | `12.2.0` | `12.3.0` |
| [prettytable](https://github.com/prettytable/prettytable) | `3.17.0` | `3.18.0` |
| [redis](https://github.com/redis/redis-py) | `7.4.0` | `7.4.1` |
| [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/) | `4.14.3` | `4.15.0` |


Updates `bleach` from 6.3.0 to 6.4.0
- [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES)
- [Commits](mozilla/bleach@v6.3.0...v6.4.0)

Updates `coverage` from 7.14.1 to 7.14.3
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.14.1...7.14.3)

Updates `django` from 5.2.14 to 5.2.15
- [Commits](django/django@5.2.14...5.2.15)

Updates `django-haystack` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/django-haystack/django-haystack/releases)
- [Changelog](https://github.com/django-haystack/django-haystack/blob/master/docs/changelog.rst)
- [Commits](django-haystack/django-haystack@v3.3.0...v3.4.0)

Updates `greenlet` from 3.5.1 to 3.5.3
- [Changelog](https://github.com/python-greenlet/greenlet/blob/master/CHANGES.rst)
- [Commits](python-greenlet/greenlet@3.5.1...3.5.3)

Updates `htmlgenerator` from 1.2.32 to 1.2.33
- [Release notes](https://github.com/basxsoftwareassociation/htmlgenerator/releases)
- [Commits](basxsoftwareassociation/htmlgenerator@v1.2.32...v1.2.33)

Updates `openai` from 2.40.0 to 2.44.0
- [Release notes](https://github.com/openai/openai-python/releases)
- [Changelog](https://github.com/openai/openai-python/blob/main/CHANGELOG.md)
- [Commits](openai/openai-python@v2.40.0...v2.44.0)

Updates `pillow` from 12.2.0 to 12.3.0
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@12.2.0...12.3.0)

Updates `prettytable` from 3.17.0 to 3.18.0
- [Release notes](https://github.com/prettytable/prettytable/releases)
- [Changelog](https://github.com/prettytable/prettytable/blob/main/CHANGELOG.md)
- [Commits](prettytable/prettytable@3.17.0...3.18.0)

Updates `redis` from 7.4.0 to 7.4.1
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](redis/redis-py@v7.4.0...v7.4.1)

Updates `beautifulsoup4` from 4.14.3 to 4.15.0

---
updated-dependencies:
- dependency-name: bleach
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: coverage
  dependency-version: 7.14.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: django
  dependency-version: 5.2.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: django-haystack
  dependency-version: 3.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: greenlet
  dependency-version: 3.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: htmlgenerator
  dependency-version: 1.2.33
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: openai
  dependency-version: 2.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: pillow
  dependency-version: 12.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: prettytable
  dependency-version: 3.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: redis
  dependency-version: 7.4.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: beautifulsoup4
  dependency-version: 4.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants