chore: bump the python-deps group in /app with 13 updates by dependabot[bot] · Pull Request #638 · hackforla/peopledepot

dependabot · 2026-02-13T08:15:42Z

Bumps the python-deps group in /app with 13 updates:

Package	From	To
django	`4.2.27`	`5.2.11`
django-extensions	`3.2.3`	`4.1`
django-linear-migrations	`2.16.0`	`2.19.0`
django-phonenumber-field[phonenumbers]	`8.0.0`	`8.4.0`
django-timezone-field	`7.0`	`7.2.1`
djangorestframework	`3.15.2`	`3.16.1`
drf-spectacular	`0.28.0`	`0.29.0`
markdown	`3.7`	`3.10.2`
psycopg2-binary	`2.9.10`	`2.9.11`
pytest-cov	`6.0.0`	`7.0.0`
pytest-django	`4.9.0`	`4.11.1`
pytest-xdist	`3.6.1`	`3.8.0`
tzdata	`2024.2`	`2025.3`

Updates django from 4.2.27 to 5.2.11

Commits

4a96a19 [5.2.x] Bumped version for 5.2.11 release.
ab0ad8d [5.2.x] Refs CVE-2026-1312 -- Raised ValueError when FilteredRelation aliases...
e863ee2 [5.2.x] Fixed CVE-2026-1312 -- Protected order_by() from SQL injection via al...
3e68ccd [5.2.x] Fixed CVE-2026-1287 -- Protected against SQL injection in column alia...
9f2ada8 [5.2.x] Fixed CVE-2026-1285 -- Mitigated potential DoS in django.utils.text.T...
17a1d64 [5.2.x] Fixed CVE-2026-1207 -- Prevented SQL injections in RasterField lookup...
1ba9006 [5.2.x] Fixed CVE-2025-14550 -- Optimized repeated header parsing in ASGI req...
184e38a [5.2.x] Fixed CVE-2025-13473 -- Standardized timing of check_password() in mo...
d8c551d [5.2.x] Added stub release notes and release date for 5.2.11 and 4.2.28.
3ea659d [5.2.x] Clarified regression nature of data loss bug in docs/releases/5.2.10....
Additional commits viewable in compare view

Updates django-extensions from 3.2.3 to 4.1

Release notes

Sourced from django-extensions's releases.

4.1

What's Changed

Add: show_permissions command (#1920)

Improvement: graph_models, style per app (#1848)

Fix: JSONField, bulk_update's (#1924)

New Contributors

@ahmad88me made their first contribution in django-extensions/django-extensions#1848

Full Changelog: django-extensions/django-extensions@4.0...4.1

4.0

What's Changed

Improvement: Support for Python 3.12 and 3.13

Improvement: Support for Django 5.x

Improvement: Switch from setup.{cfg,py} to pyproject.toml

Improvement: graph_models, Add option to display field choices in graph_models (#1854)

Improvement: graph_models, Add webp support (#1857)

Improvement: graph_models, Support for ordering edges on pydot/dot/graphviz (#1914)

Improvement: mail_debug, Update mail_debug command to use aiosmtpd (#1880)

Improvement: shell_plus, Improve error message for missing import (#1898)

Improvement: reset_db, Add reset_db support for django_tenants (#1855)

Improvement: docs, various improvements (#1852, #1888, #1882, #1901, #1912, #1913)

Improvement: jobs, Handle non-package modules when looking for job definitions (#1887)

Improvement: Add django-prometheus DB backends support (#1800)

Improvement: Call post_command when the command raises an unhandled exception (#1837)

Fix: sqldiff, do not consider ('serial', 'integer') nor ('bigserial', 'bigint') as a field-type-differ (#1867)

Fix: shell_plus, Fix start up order and add history (#1869)

Remove pipchecker and associated tests (#1906)

Following Django's release numbering style more closely (see https://docs.djangoproject.com/en/5.2/internals/release-process/ )

New Contributors

@dimitrismistriotis made their first contribution in django-extensions/django-extensions#1859

@titouanc made their first contribution in django-extensions/django-extensions#1854

@dmwyatt made their first contribution in django-extensions/django-extensions#1872

@stianjensen made their first contribution in django-extensions/django-extensions#1898

@PapaZ810 made their first contribution in django-extensions/django-extensions#1888

@kviktor made their first contribution in django-extensions/django-extensions#1857

@aripollak made their first contribution in django-extensions/django-extensions#1913

@flowgunso made their first contribution in django-extensions/django-extensions#1914

@anitahammer made their first contribution in django-extensions/django-extensions#1869

@nicolaspanel made their first contribution in django-extensions/django-extensions#1867

@yujinyuz made their first contribution in django-extensions/django-extensions#1855

@soof-golan made their first contribution in django-extensions/django-extensions#1852

@ghickman made their first contribution in django-extensions/django-extensions#1887

@jrobichaud made their first contribution in django-extensions/django-extensions#1837

Full Changelog: django-extensions/django-extensions@3.2.3...4.0

3.2.4b1

... (truncated)

Changelog

Sourced from django-extensions's changelog.

4.1

Changes:

Add: show_permissions command (#1920)

Improvement: graph_models, style per app (#1848)

Fix: JSONField, bulk_update's (#1924)

4.0

Changes:

Improvement: Support for Python 3.12 and 3.13

Improvement: Support for Django 5.x

Improvement: Switch from setup.{cfg,py} to pyproject.toml

Improvement: graph_models, Add option to display field choices in graph_models (#1854)

Improvement: graph_models, Add webp support (#1857)

Improvement: graph_models, Support for ordering edges on pydot/dot/graphviz (#1914)

Improvement: mail_debug, Update mail_debug command to use aiosmtpd (#1880)

Improvement: shell_plus, Improve error message for missing import (#1898)

Improvement: reset_db, Add reset_db support for django_tenants (#1855)

Improvement: docs, various improvements (#1852, #1888, #1882, #1901, #1912, #1913)

Improvement: jobs, Handle non-package modules when looking for job definitions (#1887)

Improvement: Add django-prometheus DB backends support (#1800)

Improvement: Call post_command when the command raises an unhandled exception (#1837)

Fix: sqldiff, do not consider ('serial', 'integer') nor ('bigserial', 'bigint') as a field-type-differ (#1867)

Fix: shell_plus, Fix start up order and add history (#1869)

Remove pipchecker and associated tests (#1906)

Following Django's release numbering style more closely (see https://docs.djangoproject.com/en/5.2/internals/release-process/ )

Commits

ad01551 v4.1
2c3e914 update CHANGELOG
fb5b2af ruff format
7e978d2 graph_models style per app (#1848)
067064e avoid trying to serialize expressions when serializing default values
a886068 update CHANGELOG
d824501 Add show_permissions management command (#1920)
934f93f bumped version number
c4577df v4.0
7cdb43a pyproject formatting
Additional commits viewable in compare view

Updates django-linear-migrations from 2.16.0 to 2.19.0

Changelog

Sourced from django-linear-migrations's changelog.

2.19.0 (2025-09-18)

Support Django 6.0.

2.18.0 (2025-09-08)

Support Python 3.14.

Support tuples for Migration.dependencies in rebase_migration.

Thanks to Tom Grainger for the report in Issue [#368](https://github.com/adamchainz/django-linear-migrations/issues/368) <https://github.com/adamchainz/django-linear-migrations/issues/368>__.

2.17.0 (2025-02-06)

Support Django 5.2.

Commits

07db9d0 Version 2.19.0
ab3ea75 Correct testing of Django 6.0 (#400)
9039aaa Support Django 6.0 (#399)
4dcb191 Version 2.18.0
ad214ca Support tuples for Migration.dependencies in rebase_migration (#398)
4bf6d3d Support Python 3.14 (#397)
17c484f [pre-commit.ci] pre-commit autoupdate (#396)
003a8b6 Bump the github-actions group with 2 updates (#395)
3f71f49 Upgrade dependencies (#394)
b494fef Use uvx to run tox on GitHub Actions (#393)
Additional commits viewable in compare view

Updates django-phonenumber-field[phonenumbers] from 8.0.0 to 8.4.0

Release notes

Sourced from django-phonenumber-field[phonenumbers]'s releases.

8.4.0

What's Changed

Handle empty values in SplitPhoneNumberField with max_length by @SupImDos in stefanfoulis/django-phonenumber-field#652

Update supported Python and Django versions by @adamchainz in stefanfoulis/django-phonenumber-field#649

Full Changelog: django-phonenumber-field/django-phonenumber-field@8.3.0...8.4.0

8.3.0

What's Changed

Allow configuring empty_value and max_length for SplitPhoneNumberField by @ilkkao in stefanfoulis/django-phonenumber-field#632

Mimics django CharField behavior more closely: - empty_value offers controls over the normalization (typically, the empty str "" or None) - max_length allows using the form field with forms_for_model

New Contributors

@ilkkao made their first contribution in stefanfoulis/django-phonenumber-field#632

Full Changelog: django-phonenumber-field/django-phonenumber-field@8.2.0...8.3.0

8.2.0

What's Changed

Fix lost region when PHONENUMBER_DEFAULT_FORMAT is NATIONAL by @bblanchon in stefanfoulis/django-phonenumber-field#636

Bump actions/setup-python from 5 to 6 by @dependabot[bot] in stefanfoulis/django-phonenumber-field#642

Fix translations by @interDist in stefanfoulis/django-phonenumber-field#641

Add Hungarian locale by @karolyi in stefanfoulis/django-phonenumber-field#643

New Contributors

@bblanchon made their first contribution in stefanfoulis/django-phonenumber-field#636

Full Changelog: django-phonenumber-field/django-phonenumber-field@8.1.0...8.2.0

8.1.0

What's Changed

Remove non-geo phone numbers from the SplitPhoneNumberWidget by @francoisfreitag in stefanfoulis/django-phonenumber-field#614

The phone number prefix field allows to select a world region, and maps to its prefix (e.g. get +33 for France). It was incorrectly offering regions reserved for very specific use and which cannot be mapped to a world region. Example prefixes include 800 (Universal International Freephone Service), 808 (Universal International Shared Cost Number), 870 (Global Mobile Satellite System), and others. If such a prefix was selected, the field would plainly crash. Since the prefix purpose is to let users select a world region, prevent from selecting non-geo options in the prefix list. Please open an issue if you would like to see this use case supported.

Document how to customize SplitPhoneNumberField fields by @francoisfreitag in stefanfoulis/django-phonenumber-field#631

Clarify translations context for error messages by @francoisfreitag in stefanfoulis/django-phonenumber-field#613

Compatibility

Add support for Django 5.2 by @adamchainz in stefanfoulis/django-phonenumber-field#630

Add support for Django 5.1 by @francoisfreitag in stefanfoulis/django-phonenumber-field#616

Add support for Python 3.13 by @francoisfreitag in stefanfoulis/django-phonenumber-field#617

Drop support for Django 3.2 by @francoisfreitag in stefanfoulis/django-phonenumber-field#615

Drop python3.8 from test matrix and metadata by @francoisfreitag in stefanfoulis/django-phonenumber-field#626

... (truncated)

Commits

7e7d0fc Handle empty values in SplitPhoneNumberField with max_length
bb21997 Bump actions/checkout from 5.0.1 to 6.0.0
3a29c91 Pin GitHub actions to the commit hash
82a6afa Remove Django 5.0 from metadata and test matrix
b31ac84 Update supported Python and Django versions
7fa4ce8 Bump actions/download-artifact from 5 to 6
162b1af Bump actions/upload-artifact from 4 to 5
412517c Support max_length argument for SplitPhoneNumberField
3e11f80 Allow configuring empty_value for SplitPhoneNumberField
bb70de6 translations: Remove line location from messages files
Additional commits viewable in compare view

Updates django-timezone-field from 7.0 to 7.2.1

Commits

8255408 Release v7.2.1
a09fd2f Release v7.2
02be229 Update lockfile of dev dependencies (#153)
d7832de Update changelog
83c1c90 Support Django 6.0 (#150)
4fb0dd1 Run tests against Python 3.14 (#151)
65401a3 Officially support django 5.2 (#146)
1bc5e7c Add github FUNDING.yml
31d7750 Pin on poetry <2
268095d Release v7.1
Additional commits viewable in compare view

Updates djangorestframework from 3.15.2 to 3.16.1

Release notes

Sourced from djangorestframework's releases.

v3.16.1

This release fixes a few bugs, clean-up some old code paths for unsupported Python versions and improve translations.

Minor changes

Cleanup optional backports.zoneinfo dependency and conditions on unsupported Python 3.8 and lower in #9681. Python versions prior to 3.9 were already unsupported so this isn't considered as a breaking change.

Bug fixes

Fix regression in unique_together validation with SerializerMethodField in #9712

Fix UniqueTogetherValidator to handle fields with source attribute in #9688

Drop HTML line breaks on long headers in browsable API in #9438

Translations

Add Kazakh locale support in #9713

Update translations for Korean translations in #9571

Update German translations in #9676

Update Chinese translations in #9675

Update Arabic translations-sal in #9595

Update Persian translations in #9576

Update Spanish translations in #9701

Update Turkish Translations in #9749

Fix some typos in Brazilian Portuguese translations in #9673

Documentation

Removed reference to GitHub Issues and Discussions in #9660

Add drf-restwind and update outdated images in browsable-api.md in #9680

Updated funding page to represent current scope in #9686

Fix broken Heroku JSON Schema link in #9693

Update Django documentation links to use stable version in #9698

Expand docs on unique constraints cause 'required=True' in #9725

Revert extension back from djangorestframework-guardian2 to djangorestframework-guardian in #9734

Add note to tutorial about required request in serializer context when using HyperlinkedModelSerializer in #9732

Internal changes

Update GitHub Actions to use Ubuntu 24.04 for testing in #9677

Update test matrix to use Django 5.2 stable version in #9679

Add pyupgrade to pre-commit hooks in #9682

Fix test with Django 5 when pytz is available in #9715

New Contributors

@araggohnxd made their first contribution in #9673

@mbeijen made their first contribution in #9660

@stefan6419846 made their first contribution in #9676

@ren000thomas made their first contribution in #9675

@ulgens made their first contribution in #9682

... (truncated)

Commits

de018df Prepare 3.16.1 release (#9752)
a7d050f Turkish Translation updates (#9749)
853969c Fix test with Django 5 when pytz is available (#9715)
2ae8c11 Add note to tutorial about required request in serializer context when using ...
70e54f4 Revert docs back to djangorestframework-guardian (#9734)
3038494 Document that unique constraints cause required=True in ModelSerializer (#9...
4bb46c2 Add Kazakh(kk) locale support (#9713)
e454758 Fix regression in unique_together validation with SerializerMethodField (#9712)
33d59fe Update Spanish translations (#9701)
c0202a0 Update Django documentation links to use stable version (#9698)
Additional commits viewable in compare view

Updates drf-spectacular from 0.28.0 to 0.29.0

Release notes

Sourced from drf-spectacular's releases.

0.29.0

Thank you for all the patience with the release!

Important notes

Finally fixed the memory leak thanks to @artKucher.

Another performance improvement is the usage of the C versions of yaml, if available.

Apart from that, there are a lot of small improvements and bugfixes.

PRs

Link to SerializerMethod docs by @johnthagen in tfranzel/drf-spectacular#1377

Document Django 5.1 support in README by @johnthagen in tfranzel/drf-spectacular#1376

Bump django from 4.2.11 to 4.2.18 in /requirements by @dependabot[bot] in tfranzel/drf-spectacular#1366

Document how to lazily annotate a recursive SerializerMethod by @johnthagen in tfranzel/drf-spectacular#1384

Fix docs compile issue and update some old code by @mikemanger in tfranzel/drf-spectacular#1389

Add allauth's DRF token auth #1401 by @tfranzel in tfranzel/drf-spectacular#1404

Bump django from 4.2.18 to 4.2.20 in /requirements by @dependabot[bot] in tfranzel/drf-spectacular#1403

Allow setting callable for ENUM_NAME_OVERRIDES by @q0w in tfranzel/drf-spectacular#1406

fix: correct port mapping for the container in README by @mbienkowsk in tfranzel/drf-spectacular#1408

Fix python 3.11 slice index by @yegorLitvinov in tfranzel/drf-spectacular#1411

Add Django REST framework 3.16 support by @pauloxnet in tfranzel/drf-spectacular#1420

fixes prefix estimation on windows by @originell in tfranzel/drf-spectacular#1440

Bump django from 4.2.20 to 4.2.24 in /requirements by @dependabot[bot] in tfranzel/drf-spectacular#1451

fix: sort list to produce same hash by @florianvazelle in tfranzel/drf-spectacular#1433

Add typing.Generic to default lib_doc_excludes by @maxhowald in tfranzel/drf-spectacular#1429

Fix DecimalField with decimal_places and max_digits equal. by @keter2002 in tfranzel/drf-spectacular#1457

Fix default for array types by @TheSuperiorStanislav in tfranzel/drf-spectacular#1437

Bump django from 4.2.24 to 4.2.25 in /requirements by @dependabot[bot] in tfranzel/drf-spectacular#1458

Fix OpenApiViewExtension not providing view instance under self.target by @astro-stan in tfranzel/drf-spectacular#1405

Enhance bug report template with instructions for better clarity. by @Antoliny0919 in tfranzel/drf-spectacular#1357

Add option to overwrite serializer description #1463 by @tfranzel in tfranzel/drf-spectacular#1464

Improve to_filter_name support for django_filter by @matwey in tfranzel/drf-spectacular#1446

fix: camelize tuples/fixed length array by @CharString in tfranzel/drf-spectacular#1432

Fix memory leak by @artKucher in tfranzel/drf-spectacular#1416

fix: add check condition, that serializer meta has model attribute by @kritohanzo in tfranzel/drf-spectacular#1397

[django-filter] Add null_label if set in ChoiceFilter by @epou in tfranzel/drf-spectacular#1450

Add l18n handling for Decimal field #1466 by @tfranzel in tfranzel/drf-spectacular#1467

New Contributors

@mikemanger made their first contribution in tfranzel/drf-spectacular#1389

@mbienkowsk made their first contribution in tfranzel/drf-spectacular#1408

@yegorLitvinov made their first contribution in tfranzel/drf-spectacular#1411

@pauloxnet made their first contribution in tfranzel/drf-spectacular#1420

@originell made their first contribution in tfranzel/drf-spectacular#1440

@florianvazelle made their first contribution in tfranzel/drf-spectacular#1433

@maxhowald made their first contribution in tfranzel/drf-spectacular#1429

@keter2002 made their first contribution in tfranzel/drf-spectacular#1457

@TheSuperiorStanislav made their first contribution in tfranzel/drf-spectacular#1437

@astro-stan made their first contribution in tfranzel/drf-spectacular#1405

... (truncated)

Changelog

Sourced from drf-spectacular's changelog.

0.29.0 (2025-11-01)

Add l18n handling for Decimal field [#1466](https://github.com/tfranzel/drf-spectacular/issues/1466) <https://github.com/tfranzel/drf-spectacular/issues/1466>_

Fix LogoutSerializer for JWT/dj_rest_auth [#1392](https://github.com/tfranzel/drf-spectacular/issues/1392) <https://github.com/tfranzel/drf-spectacular/issues/1392>_

fix: support token blacklist feature in rest_auth [Bart van Andel]

[django-filter] Add null_label if set in ChoiceFilter ([#1450](https://github.com/tfranzel/drf-spectacular/issues/1450) <https://github.com/tfranzel/drf-spectacular/issues/1450>_) [Enric Pou]

fix: camelize tuples/fixed length array ([#1432](https://github.com/tfranzel/drf-spectacular/issues/1432) <https://github.com/tfranzel/drf-spectacular/issues/1432>_) [Chris Wesseling]

Fix items:False case in enum hook [#1432](https://github.com/tfranzel/drf-spectacular/issues/1432) <https://github.com/tfranzel/drf-spectacular/issues/1432>_

Add option to overwrite serializer description [#1463](https://github.com/tfranzel/drf-spectacular/issues/1463) <https://github.com/tfranzel/drf-spectacular/issues/1463>_

Fix OpenApiViewExtension not providing view instance under self.target ([#1405](https://github.com/tfranzel/drf-spectacular/issues/1405) <https://github.com/tfranzel/drf-spectacular/issues/1405>_) [astro-stan]

Move list default fix to source of the problem [#1436](https://github.com/tfranzel/drf-spectacular/issues/1436) <https://github.com/tfranzel/drf-spectacular/issues/1436>_

Improve confusing doc [#1461](https://github.com/tfranzel/drf-spectacular/issues/1461) <https://github.com/tfranzel/drf-spectacular/issues/1461>_

Add assert to pagination test [#1459](https://github.com/tfranzel/drf-spectacular/issues/1459) <https://github.com/tfranzel/drf-spectacular/issues/1459>_

fix SafeString handling for picky CDumper ([#1435](https://github.com/tfranzel/drf-spectacular/issues/1435) <https://github.com/tfranzel/drf-spectacular/issues/1435>_)

Remove EOL 3.7 from suite; pydantic not updated for <=3.8

Fix DecimalField with decimal_places and max_digits equal. [keter2002]

fix test for i18n changes on DRF ([#1444](https://github.com/tfranzel/drf-spectacular/issues/1444) <https://github.com/tfranzel/drf-spectacular/issues/1444>_)

Improve to_filter_name support for django_filter [Matwey V. Kornilov]

fixes prefix estimation on windows [Luis Nell]

Fix default for array types [Stanislav Khlud]

fix: use CSafeDumper for render yaml if available [florian]

fix: sort list to produce same hash [florian]

Add typing.Generic to default lib_doc_excludes [Max Howald]

Add get_doc test for class that inherits from Generic [Max Howald]

Add Django REST framework 3.16 support [Paolo Melchiorre]

Fix memory leak [artemkucher]

Fix python 3.11 slice index [Egor Litvinov]

fix: correct port mapping for the container in README [Maksym Bieńkowski]

Update docs [q0w]

Allow setting callable for ENUM_NAME_OVERRIDES [q0w]

Add allauth's DRF token auth [#1401](https://github.com/tfranzel/drf-spectacular/issues/1401) <https://github.com/tfranzel/drf-spectacular/issues/1401>_

update away from retired GH worker image

add condition to check, that serializer Meta has model attribute [aliev_vt]

Fix docs compile issue and update some old code ([#1389](https://github.com/tfranzel/drf-spectacular/issues/1389) <https://github.com/tfranzel/drf-spectacular/issues/1389>_) [Mike Manger]

Fix location of @extend_schema_field [johnthagen]

Remove reference to non-exposed lazy_serializer [johnthagen]

Document how to lazily define a recursive SerializerMethod [johnthagen]

Link to SerializerMethod docs [johnthagen]

Document Django 5.1 support in README [johnthagen]

Bump django from 4.2.11 to 4.2.18 in /requirements [dependabot[bot]]

Enhance bug report template with instructions for better clarity [antoliny0919]

add pydantic computed field to tests [#1354](https://github.com/tfranzel/drf-spectacular/issues/1354) <https://github.com/tfranzel/drf-spectacular/issues/1354>_

Breaking changes / important additions:

Finally fixed the memory leak thanks to @artKucher.

Another performance improvement is the usage of the C versions of yaml, if available.

Apart from that, there are a lot of small improvements and bugfixes.

Commits

7a7a1f2 disable py3.8 target due to pyproject.toml issues
ff7a62b fix docs
e58143b version bump
e40b287 Renovate project setup #1162
62fc98b Merge pull request #1467 from tfranzel/decimal_l18n
d7247a5 Add l18n handling for Decimal field #1466
5221afd Merge branch '#1392'
88302fa Fix LogoutSerializer for JWT/dj_rest_auth #1392
f7138e3 fix: support token blacklist feature in rest_auth
2c71a35 [django-filter] Add null_label if set in ChoiceFilter (#1450)
Additional commits viewable in compare view

Updates markdown from 3.7 to 3.10.2

Release notes

Sourced from markdown's releases.

Release 3.10.2

Fixed

Fix a regression related to comment handling (#1590).

More reliable fix for </ (#1593).

Release 3.10.1

Fixed

Ensure nested elements inside inline comments are properly unescaped (#1571).

Make the docs build successfully with mkdocstrings-python 2.0 (#1575).

Fix infinite loop when multiple bogus or unclosed HTML comments appear in input (#1578).

Fix another infinite loop when handling bad comments (#1586).

Release 3.10.0

Changed

Officially support Python 3.14 and PyPy 3.11 and drop support for Python 3.9 and PyPy 3.9.

Fixed

Fix an HTML comment parsing case in some Python versions that can cause an infinite loop (#1554).

Revert the default behavior of USE_DEFINITION_ORDER (to True). The new behavior introduced in 3.9.0 is experimental and results are inconsistent. It should not have been made the default behavior (#1561).

Release 3.9.0

Changed

Footnotes are now ordered by the occurrence of their references in the document. A new configuration option for the footnotes extension, USE_DEFINITION_ORDER, has been added to support restoring the previous behavior of ordering footnotes by the occurrence of definitions (#1367).

Fixed

Ensure inline processing iterates through elements in document order (#1546).

Fix handling of incomplete HTML tags in code spans in Python 3.14 (#1547).

Release 3.8.2

Fixed

Fix codecs deprecation in Python 3.14.

Fix issue with unclosed comment parsing in Python 3.14.

Fix issue with unclosed declarations in Python 3.14.

Fix issue with unclosed HTML tag <foo and Python 3.14.

Release 3.8.1

... (truncated)

Changelog

Sourced from markdown's changelog.

[3.10.2] - 2026-02-09

Fixed

Fix a regression related to comment handling (#1590).

More reliable fix for </ (#1593).

[3.10.1] - 2026-01-21

Fixed

Ensure nested elements inside inline comments are properly unescaped (#1571).

Make the docs build successfully with mkdocstrings-python 2.0 (#1575).

Fix infinite loop when multiple bogus or unclosed HTML comments appear in input (#1578).

Fix another infinite loop when handling bad comments (#1586).

[3.10.0] - 2025-11-03

Changed

Officially support Python 3.14 and PyPy 3.11 and drop support for Python 3.9 and PyPy 3.9.

Fixed

Fix an HTML comment parsing case in some Python versions that can cause an infinite loop (#1554).

Revert the default behavior of USE_DEFINITION_ORDER (to True). The new behavior introduced in 3.9.0 is experimental and results are inconsistent. It should not have been made the default behavior (#1561).

[3.9.0] - 2025-09-04

Changed

Footnotes are now ordered by the occurrence of their references in the document. A new configuration option for the footnotes extension, USE_DEFINITION_ORDER, has been added to support restoring the previous behavior of ordering footnotes by the occurrence of definitions (#1367).

Fixed

Ensure inline processing iterates through elements in document order (#1546).

Fix handling of incomplete HTML tags in code spans in Python 3.14 (#1547).

[3.8.2] - 2025-06-19

Fixed

Fix codecs deprecation in Python 3.14 (#1537).

... (truncated)

Commits

e7a0efb Bump version to 3.10.2
6301833 Document HTML sanitation policy
7f29f1a More reliable fix for </
c438647 Fix regression of special comments
e5fa5b8 Bump version to 3.10.1
Description has been truncated

Bumps the python-deps group in /app with 13 updates: | Package | From | To | | --- | --- | --- | | [django](https://github.com/django/django) | `4.2.27` | `5.2.11` | | [django-extensions](https://github.com/django-extensions/django-extensions) | `3.2.3` | `4.1` | | [django-linear-migrations](https://github.com/adamchainz/django-linear-migrations) | `2.16.0` | `2.19.0` | | [django-phonenumber-field[phonenumbers]](https://github.com/stefanfoulis/django-phonenumber-field) | `8.0.0` | `8.4.0` | | [django-timezone-field](https://github.com/mfogel/django-timezone-field) | `7.0` | `7.2.1` | | [djangorestframework](https://github.com/encode/django-rest-framework) | `3.15.2` | `3.16.1` | | [drf-spectacular](https://github.com/tfranzel/drf-spectacular) | `0.28.0` | `0.29.0` | | [markdown](https://github.com/Python-Markdown/markdown) | `3.7` | `3.10.2` | | [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.10` | `2.9.11` | | [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `6.0.0` | `7.0.0` | | [pytest-django](https://github.com/pytest-dev/pytest-django) | `4.9.0` | `4.11.1` | | [pytest-xdist](https://github.com/pytest-dev/pytest-xdist) | `3.6.1` | `3.8.0` | | [tzdata](https://github.com/python/tzdata) | `2024.2` | `2025.3` | Updates `django` from 4.2.27 to 5.2.11 - [Commits](django/django@4.2.27...5.2.11) Updates `django-extensions` from 3.2.3 to 4.1 - [Release notes](https://github.com/django-extensions/django-extensions/releases) - [Changelog](https://github.com/django-extensions/django-extensions/blob/main/CHANGELOG.md) - [Commits](django-extensions/django-extensions@3.2.3...4.1) Updates `django-linear-migrations` from 2.16.0 to 2.19.0 - [Changelog](https://github.com/adamchainz/django-linear-migrations/blob/main/CHANGELOG.rst) - [Commits](adamchainz/django-linear-migrations@2.16.0...2.19.0) Updates `django-phonenumber-field[phonenumbers]` from 8.0.0 to 8.4.0 - [Release notes](https://github.com/stefanfoulis/django-phonenumber-field/releases) - [Changelog](https://github.com/django-phonenumber-field/django-phonenumber-field/blob/main/CHANGELOG.rst) - [Commits](django-phonenumber-field/django-phonenumber-field@8.0.0...8.4.0) Updates `django-timezone-field` from 7.0 to 7.2.1 - [Commits](mfogel/django-timezone-field@7.0...7.2.1) Updates `djangorestframework` from 3.15.2 to 3.16.1 - [Release notes](https://github.com/encode/django-rest-framework/releases) - [Commits](encode/django-rest-framework@3.15.2...3.16.1) Updates `drf-spectacular` from 0.28.0 to 0.29.0 - [Release notes](https://github.com/tfranzel/drf-spectacular/releases) - [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst) - [Commits](tfranzel/drf-spectacular@0.28.0...0.29.0) Updates `markdown` from 3.7 to 3.10.2 - [Release notes](https://github.com/Python-Markdown/markdown/releases) - [Changelog](https://github.com/Python-Markdown/markdown/blob/master/docs/changelog.md) - [Commits](Python-Markdown/markdown@3.7...3.10.2) Updates `psycopg2-binary` from 2.9.10 to 2.9.11 - [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS) - [Commits](psycopg/psycopg2@2.9.10...2.9.11) Updates `pytest-cov` from 6.0.0 to 7.0.0 - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](pytest-dev/pytest-cov@v6.0.0...v7.0.0) Updates `pytest-django` from 4.9.0 to 4.11.1 - [Release notes](https://github.com/pytest-dev/pytest-django/releases) - [Changelog](https://github.com/pytest-dev/pytest-django/blob/main/docs/changelog.rst) - [Commits](pytest-dev/pytest-django@v4.9.0...v4.11.1) Updates `pytest-xdist` from 3.6.1 to 3.8.0 - [Release notes](https://github.com/pytest-dev/pytest-xdist/releases) - [Changelog](https://github.com/pytest-dev/pytest-xdist/blob/master/CHANGELOG.rst) - [Commits](pytest-dev/pytest-xdist@v3.6.1...v3.8.0) Updates `tzdata` from 2024.2 to 2025.3 - [Release notes](https://github.com/python/tzdata/releases) - [Changelog](https://github.com/python/tzdata/blob/master/NEWS.md) - [Commits](python/tzdata@2024.2...2025.3) --- updated-dependencies: - dependency-name: django dependency-version: 5.2.11 dependency-type: direct:production update-type: version-update:semver-major dependency-group: pip - dependency-name: django-extensions dependency-version: '4.1' dependency-type: direct:production update-type: version-update:semver-major dependency-group: pip - dependency-name: django-linear-migrations dependency-version: 2.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip - dependency-name: django-phonenumber-field[phonenumbers] dependency-version: 8.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip - dependency-name: django-timezone-field dependency-version: 7.2.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip - dependency-name: djangorestframework dependency-version: 3.16.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip - dependency-name: drf-spectacular dependency-version: 0.29.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip - dependency-name: markdown dependency-version: 3.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip - dependency-name: psycopg2-binary dependency-version: 2.9.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: pip - dependency-name: pytest-cov dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: pip - dependency-name: pytest-django dependency-version: 4.11.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip - dependency-name: pytest-xdist dependency-version: 3.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip - dependency-name: tzdata dependency-version: '2025.3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com>

fyliu and others added 2 commits February 13, 2026 00:06

Update dependabot grouping for Python dependencies

5791846

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Feb 13, 2026

github-project-automation bot added this to P: PD: Project Board Feb 13, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore: bump the python-deps group in /app with 13 updates#638

chore: bump the python-deps group in /app with 13 updates#638
dependabot[bot] wants to merge 2 commits intomainfrom
dependabot/pip/app/pip-4a5dced7a3

dependabot bot commented on behalf of github Feb 13, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Comments

Uh oh!

Conversation

dependabot bot commented on behalf of github Feb 13, 2026

4.1

What's Changed

New Contributors

4.0

What's Changed

New Contributors

3.2.4b1

4.1

4.0

2.19.0 (2025-09-18)

2.18.0 (2025-09-08)

2.17.0 (2025-02-06)

8.4.0

What's Changed

8.3.0

What's Changed

New Contributors

8.2.0

What's Changed

New Contributors

8.1.0

What's Changed

Compatibility

v3.16.1

Minor changes

Bug fixes

Translations

Documentation

Internal changes

New Contributors

0.29.0

Important notes

PRs

New Contributors

0.29.0 (2025-11-01)

Release 3.10.2

Fixed

Release 3.10.1

Fixed

Release 3.10.0

Changed

Fixed

Release 3.9.0

Changed

Fixed

Release 3.8.2

Fixed

Release 3.8.1

[3.10.2] - 2026-02-09

Fixed

[3.10.1] - 2026-01-21

Fixed

[3.10.0] - 2025-11-03

Changed

Fixed

[3.9.0] - 2025-09-04

Changed

Fixed

[3.8.2] - 2025-06-19

Fixed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Comments