Skip to content

deps(py)(deps): bump the python-non-major group across 1 directory with 7 updates#45

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/pip/backend/develop/python-non-major-5976806fb4
Open

deps(py)(deps): bump the python-non-major group across 1 directory with 7 updates#45
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/pip/backend/develop/python-non-major-5976806fb4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-non-major group with 7 updates in the /backend directory:

Package From To
django 5.1.4 5.1.15
sentry-sdk 2.60.0 2.63.0
certifi 2026.5.20 2026.6.17
click 8.4.1 8.4.2
django-timezone-field 7.2.1 7.2.2
tzlocal 5.3.1 5.4.4
wcwidth 0.7.0 0.8.1

Updates django from 5.1.4 to 5.1.15

Commits
  • 6ef1f6f [5.1.x] Bumped version for 5.1.15 release.
  • 0db9ea4 [5.1.x] Fixed CVE-2025-64460 -- Corrected quadratic inner text accumulation i...
  • 9c6a5bd [5.1.x] Fixed CVE-2025-13372 -- Protected FilteredRelation against SQL inject...
  • e419ad8 [5.1.x] Added script to archive EOL stable branches.
  • ca4251d [5.1.x] Refs #36743 -- Added missing release notes for 5.1.15 and 4.2.27.
  • f354296 [5.1.x] Fixed #36743 -- Increased URL max length enforced in HttpResponseRedi...
  • cae6f5c [5.1.x] Added timeout-minutes directive to all GitHub Actions workflows.
  • 6f35c2e [5.1.x] Added stub release notes and release date for 5.1.15 and 4.2.27.
  • a9311fc [5.1.x] Configured dangerous-triggers zizmor rule.
  • dc29fe1 [5.1.x] Addressed unpinned-uses zizmor finding.
  • Additional commits viewable in compare view

Updates sentry-sdk from 2.60.0 to 2.63.0

Release notes

Sourced from sentry-sdk's releases.

2.63.0

Bug Fixes 🐛

Fastapi

Other

Internal Changes 🔧

2.62.0

New Features ✨

  • Add integration for aiomysql by @​tonal in #4703

    We're adding support for the aiomysql package. To enable the integration, add it to your integrations list:

    import sentry_sdk
    from sentry_sdk.integrations.aiomysql import AioMySQLIntegration
    sentry_sdk.init(
    traces_sample_rate=1.0,
    integrations=[AioMySQLIntegration()],
    )

  • Support HTTPX2 by @​sentrivana in #6463

    We're adding out-of-the-box support for HTTPX2. As long as use the package, the Sentry integration will be enabled automatically and you should see your requests instrumented in Sentry.

    import httpx2
    import sentry_sdk
    sentry_sdk.init(...)
    with sentry_sdk.start_transaction(name="testing_sentry"):

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.63.0

Bug Fixes 🐛

Fastapi

Other

Internal Changes 🔧

2.62.0

New Features ✨

  • Add integration for aiomysql by @​tonal in #4703

    We're adding support for the aiomysql package. To enable the integration, add it to your integrations list:

    import sentry_sdk
    from sentry_sdk.integrations.aiomysql import AioMySQLIntegration
    sentry_sdk.init(
    traces_sample_rate=1.0,
    integrations=[AioMySQLIntegration()],
    )

  • Support HTTPX2 by @​sentrivana in #6463

    We're adding out-of-the-box support for HTTPX2. As long as use the package, the Sentry integration will be enabled automatically and you should see your requests instrumented in Sentry.

    import httpx2
    import sentry_sdk
    sentry_sdk.init(...)

... (truncated)

Commits
  • 44b008a update changelog
  • 0b2af51 Update CHANGELOG.md
  • 250caad release: 2.63.0
  • 72a57de fix(flask): Set user data on scope at request start (#6566)
  • 6a4c3a1 fix: Remove 0000 trace_id fallbacks (#6570)
  • 1df9835 feat(falcon): Set name and source on request span when streaming (#6562)
  • 77874bd test(falcon): Support span streaming (#6561)
  • 6bcfb9c fix(fastapi): Prevent double wrapping of sync handlers on FastAPI >= 0.137 (#...
  • 72d972c fix(fastapi): use effective_route_context path for prefixed routers (#6572)
  • cc802f6 feat(chalice): Add span streaming support to Chalice integration (#6503)
  • Additional commits viewable in compare view

Updates certifi from 2026.5.20 to 2026.6.17

Commits

Updates click from 8.4.1 to 8.4.2

Release notes

Sourced from click's releases.

8.4.2

This is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.4.2/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-2 Milestone: https://github.com/pallets/click/milestone/34

  • Fix Fish shell completion broken in 8.4.0 by #3126. Newlines and tabs in option help text are now escaped, keeping the original completion format while still supporting multi-line help. #3502 #3043 #3504 #3508
  • Deprecated commands and options with empty or missing help text no longer render a stray leading space before the (DEPRECATED) label. #3509
  • A {class}Group with invoke_without_command=True marks its subcommand as optional in the usage help, showing [COMMAND] instead of COMMAND. #3059 #3507
  • echo_via_pager flushes after each write, so passing a generator streams output to the pager incrementally instead of staying hidden until the pipe buffer fills. #3242 #2542 #3534
  • echo_via_pager and get_pager_file no longer close a borrowed stdout stream when no external pager runs, completing the partial I/O operation on closed file fix from #3482. #3449 #3533
  • Fix CLI usage symopsis for optional arguments producing double square brackets [[a|b|c]]... whose type already brackets their metavar. #3578
  • {func}version_option resolves a package_name that does not match an installed distribution as an import (top-level module) name via {func}importlib.metadata.packages_distributions. Packages whose top-level module name differs from their distribution name (PIL vs Pillow, jwt vs PyJWT) no longer raise RuntimeError out of the box. #2331 #1884 #3125 #3582
Changelog

Sourced from click's changelog.

Version 8.4.2

Unreleased

  • Fix Fish shell completion broken in 8.4.0 by {pr}3126. Newlines and tabs in option help text are now escaped, keeping the original completion format while still supporting multi-line help. {issue}3502 {issue}3043 {pr}3504 {pr}3508
  • Deprecated commands and options with empty or missing help text no longer render a stray leading space before the (DEPRECATED) label. {pr}3509
  • A {class}Group with invoke_without_command=True marks its subcommand as optional in the usage help, showing [COMMAND] instead of COMMAND. {issue}3059 {pr}3507
  • echo_via_pager flushes after each write, so passing a generator streams output to the pager incrementally instead of staying hidden until the pipe buffer fills. {issue}3242 {issue}2542 {pr}3534
  • echo_via_pager and get_pager_file no longer close a borrowed stdout stream when no external pager runs, completing the partial I/O operation on closed file fix from {pr}3482. {issue}3449 {pr}3533
Commits
  • b2e30a1 Release version 8.4.2
  • 7a16b20 Fix package_name resolution when module differs from distribution name (#3582)
  • bec5928 Fix package_name resolution when top-level module differs from distribution...
  • 916883a Fix tests to not rely on -Wdefault option (#3591)
  • 09195f6 Fix double-bracketing of choices in synopsis (#3578)
  • 1557e26 Check for warning exception with idiomatic context manager
  • d9ff133 Static typing improvements in click.shell_completion (#3460)
  • 762c97e Fix double-bracketing of choices in synopsis
  • 8929d39 Convert changes to markdown. (#3559)
  • 237be50 Move changes headings down a level.
  • Additional commits viewable in compare view

Updates django-timezone-field from 7.2.1 to 7.2.2

Commits

Updates tzlocal from 5.3.1 to 5.4.4

Changelog

Sourced from tzlocal's changelog.

5.4.4 (unreleased)

  • Improved handling if you have a syntax error in /etc/clock.

5.4.3 (2026-06-17)

  • Moved the tests back, removed the ones that check for symlinks. See issue #146

5.4.2 (2026-06-16)

  • [Yanked for distribution issues]

5.4.1 (2026-06-16)

  • [Yanked for distribution issues]

5.4 (2026-06-15)

  • Open files with Zone names as ascii.

  • Moved tests under tzlocal/tests and include them in distributions.

  • Dropped support for Python 3.9 and added support for 3.14.

Commits

Updates wcwidth from 0.7.0 to 0.8.1

Release notes

Sourced from wcwidth's releases.

0.8.1: Improved corrections tables

Full Changelog: jquast/wcwidth@0.8.0...0.8.1

0.8.0: new terminal-aware wcstwidth() function

  • New support for Variation Selector 15 Emojis as narrow, #211.
  • New argument, term_program for wcstwidth(), width(), clip(), wrap(), ljust(), rjust(), and center(). False disables corrections; True auto-detects by TERM_PROGRAM or TERM; string values accept canonical names matching list_term_programs(). wcstwidth()_ defaults to True; all other functions default to False.
  • Improved performance on Python 3.15 using standard library iter_graphemes() #206.
  • Improved memory usage and import time for Python 3.15 using lazy imports #221.
  • Bugfix Invisible_Stacker viramas now form conjuncts (Burmese, Khmer, etc.) and change some Virama width calculations to match jacobsandlund/uucode_ (ghostty) #223.
  • Updated graphemes width maximum now 2, matching Ghostty, foot, and Windows Terminal #224.

Full Changelog: jquast/wcwidth@0.7.0...0.8.0

Commits
  • d1c99fe hyperlink and wordfix
  • edb344a set to 0.8.1 not 2, not yet
  • 00d6fef Improve corrections tables (zeroer, narrow_wider, narrow_zeroer) (#226)
  • e8405a6 'of of' -> 'of', formatting
  • 1de17df set release date for 0.8.0 in readme
  • 9df7261 more docs
  • be0fdb2 document better
  • 2d9925b wcstwidth(term_program=True) default argument
  • 169c846 Terminal software identity-assisted wcswidth() (#220)
  • e4f76d5 bugfix virama with mc width is capped at 2, also (#225)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…th 7 updates

Bumps the python-non-major group with 7 updates in the /backend directory:

| Package | From | To |
| --- | --- | --- |
| [django](https://github.com/django/django) | `5.1.4` | `5.1.15` |
| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.60.0` | `2.63.0` |
| [certifi](https://github.com/certifi/python-certifi) | `2026.5.20` | `2026.6.17` |
| [click](https://github.com/pallets/click) | `8.4.1` | `8.4.2` |
| [django-timezone-field](https://github.com/mfogel/django-timezone-field) | `7.2.1` | `7.2.2` |
| [tzlocal](https://github.com/regebro/tzlocal) | `5.3.1` | `5.4.4` |
| [wcwidth](https://github.com/jquast/wcwidth) | `0.7.0` | `0.8.1` |



Updates `django` from 5.1.4 to 5.1.15
- [Commits](django/django@5.1.4...5.1.15)

Updates `sentry-sdk` from 2.60.0 to 2.63.0
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](getsentry/sentry-python@2.60.0...2.63.0)

Updates `certifi` from 2026.5.20 to 2026.6.17
- [Commits](certifi/python-certifi@2026.05.20...2026.06.17)

Updates `click` from 8.4.1 to 8.4.2
- [Release notes](https://github.com/pallets/click/releases)
- [Changelog](https://github.com/pallets/click/blob/main/CHANGES.md)
- [Commits](pallets/click@8.4.1...8.4.2)

Updates `django-timezone-field` from 7.2.1 to 7.2.2
- [Commits](mfogel/django-timezone-field@7.2.1...7.2.2)

Updates `tzlocal` from 5.3.1 to 5.4.4
- [Changelog](https://github.com/regebro/tzlocal/blob/master/CHANGES.txt)
- [Commits](https://github.com/regebro/tzlocal/commits)

Updates `wcwidth` from 0.7.0 to 0.8.1
- [Release notes](https://github.com/jquast/wcwidth/releases)
- [Commits](jquast/wcwidth@0.7.0...0.8.1)

---
updated-dependencies:
- dependency-name: django
  dependency-version: 5.1.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-non-major
- dependency-name: sentry-sdk
  dependency-version: 2.63.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-non-major
- dependency-name: certifi
  dependency-version: 2026.6.17
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-non-major
- dependency-name: click
  dependency-version: 8.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-non-major
- dependency-name: django-timezone-field
  dependency-version: 7.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-non-major
- dependency-name: tzlocal
  dependency-version: 5.4.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-non-major
- dependency-name: wcwidth
  dependency-version: 0.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-non-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: backend, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants