chore(deps): bump the minor-updates group across 1 directory with 13 updates

[dependabot]

Bumps the minor-updates group with 13 updates in the / directory:

Package	From	To
boto3	1.36.10	1.37.4
django	5.1.5	5.1.6
django-cors-headers	4.6.0	4.7.0
django-storages	1.14.4	1.14.5
djangorestframework-simplejwt	5.4.0	5.5.0
environs	14.1.0	14.1.1
psycopg	3.2.4	3.2.5
whitenoise	6.8.2	6.9.0
flake8	7.1.1	7.1.2
isort	6.0.0	6.0.1
locust	2.32.8	2.33.0
model-bakery	1.20.1	1.20.4
pytest-django	4.9.0	4.10.0

Updates boto3 from 1.36.10 to 1.37.4

Commits

• 0c61b96 Merge branch 'release-1.37.4'
• b474be9 Bumping version to 1.37.4
• de332a9 Add changelog entries from botocore
• b0cfdee Merge branch 'release-1.37.3'
• 63a9bb2 Merge branch 'release-1.37.3' into develop
• fd96968 Bumping version to 1.37.3
• 8c09caa Add changelog entries from botocore
• 474cfa0 Merge branch 'release-1.37.2'
• 4245512 Merge branch 'release-1.37.2' into develop
• d10ead8 Bumping version to 1.37.2
• Additional commits viewable in compare view

Updates django from 5.1.5 to 5.1.6

Commits

• 8c9973c [5.1.x] Bumped version for 5.1.6 release.
• df27e43 [5.1.x] Added release date for 5.1.6, 5.0.12, and 4.2.19.
• 4a04944 [5.1.x] Clarified docs for default email value in UserManager.create_user().
• b814f4c [5.1.x] Refs #35612 -- Extended docs on how the security team evaluates reports.
• 328d54f [5.1.x] Refs #36140 -- Added missing import in django/contrib/auth/forms.py.
• 8552eef [5.1.x] Fixed #36140 -- Allowed BaseUserCreationForm to define non required p...
• 76b4fb7 [5.1.x] Fixed #36162 -- Fixed the black Makefile docs rule to work on macOS.
• 173edeb [5.1.x] Corrected ArrayAgg example for ordering usage.
• 4f0169e [5.1.x] Tweaked docs to avoid reformatting given new black version.
• 9d1945d [5.1.x] Clarified the Releaser's discretion for determining and postponing th...
• Additional commits viewable in compare view

Updates django-cors-headers from 4.6.0 to 4.7.0

Changelog

Sourced from django-cors-headers's changelog.

4.7.0 (2025-02-06)

• Support Django 5.2.

Commits

• 9568acb Version 4.7.0
• 14e1129 Support Django 5.2 (#988)
• 4c551e9 Run pre-commit, coverage, and readthedocs on Python 3.13
• 88c0c48 Upgrade django-stubs to 5.1.2
• 0bb6fe5 Upgrade Black used by blacken-docs to 25.1.0
• 0d20b5a [pre-commit.ci] pre-commit autoupdate (#987)
• 81c98d9 Upgrade requirements (#986)
• beac952 [pre-commit.ci] pre-commit autoupdate (#985)
• de836c8 Bump astral-sh/setup-uv from 4 to 5 in the github-actions group (#984)
• 4d3a833 Upgrade requirements (#982)
• Additional commits viewable in compare view

Updates django-storages from 1.14.4 to 1.14.5

Changelog

Sourced from django-storages's changelog.

1.14.5 (2025-02-15)

---

General

• Revert exists() behavior to pre-1.14.4 semantics with additional hardening for Django versions < 4.2 to fix CVE-2024-39330. This change matches the eventual behavior Django itself shipped with. ([#1484](https://github.com/jschneier/django-storages/issues/1484), [#1486](https://github.com/jschneier/django-storages/issues/1486))
• Add support for Django 5.1 ([#1444](https://github.com/jschneier/django-storages/issues/1444)_)

Azure

• Deprecated: The setting AZURE_API_VERSION/api_version setting is deprecated in favor of the new AZURE_CLIENT_OPTIONS setting. A future version will remove support for this setting.
• Add AZURE_CLIENT_OPTIONS settings to enable customization of all BlobServiceClient parameters such as api_version and all retry* options. ([#1432](https://github.com/jschneier/django-storages/issues/1432)_)

Dropbox

• As part of the above hardening fix a bug was uncovered whereby a root_path setting would be applied multiple times during save() ([#1484](https://github.com/jschneier/django-storages/issues/1484)_)
• Fix setting OAuth2 access token via env var ([#1452](https://github.com/jschneier/django-storages/issues/1452)_)

FTP

• Fix incorrect exists() results due to an errant appended slash ([#1438](https://github.com/jschneier/django-storages/issues/1438)_)

Google Cloud

• Switch checksum to crc32c to fix downloading when running in FIPS mode ([#1473](https://github.com/jschneier/django-storages/issues/1473)_)
• Fix double decompression when using gzip ([#1457](https://github.com/jschneier/django-storages/issues/1457)_)

.. _#1484: jschneier/django-storages#1484 .. _#1486: jschneier/django-storages#1486 .. _#1444: jschneier/django-storages#1444 .. _#1432: jschneier/django-storages#1432 .. _#1473: jschneier/django-storages#1473 .. _#1457: jschneier/django-storages#1457 .. _#1452: jschneier/django-storages#1452 .. _#1438: jschneier/django-storages#1438

Commits

• 3c0fe9f Release version 1.14.5 (#1487)
• 5db357a Apply additional validation in overwrite path (#1486)
• 394e5d6 Revert "[general] Write overwriting files in terms of .exists() (#1422)" (#1484)
• af98a96 Exclude Python3.10 and Python3.11 with Django main (#1485)
• b79ea31 [gcloud] Fix double decompression when using gzip (#1457)
• b3513ec [gcloud] use a different checksum method to fix downloading in FIPS mode (#1473)
• fda4e23 Fix Google Cloud tests (#1476)
• f029e50 [docs/gcloud] (#1459)
• 48702fa [docs/azure] Fix typo in the max_memory_size config option (#1458)
• 1725606 [dropbox] Fix setting oauth2 access token via env var (#1452)
• Additional commits viewable in compare view

Updates djangorestframework-simplejwt from 5.4.0 to 5.5.0

Release notes

Sourced from djangorestframework-simplejwt's releases.

v5.5.0

Differing Behavior Change

• Adds new refresh tokens to OutstandingToken db. by @​thecarpetjasp in jazzband/djangorestframework-simplejwt#866

What's Changed

• Cap PyJWT version to <2.10.0 to avoid incompatibility with subject claim type requirement by @​grayver in jazzband/djangorestframework-simplejwt#843
• Add specific "token expired" exceptions by @​vainu-arto in jazzband/djangorestframework-simplejwt#830
• Fix user_id type mismatch when user claim is not pk by @​jdg-journeyfront in jazzband/djangorestframework-simplejwt#851
• Caching signing key by @​henryfool91 in jazzband/djangorestframework-simplejwt#859

Full Changelog: jazzband/djangorestframework-simplejwt@v5.4.0...v5.5.0

Changelog

Sourced from djangorestframework-simplejwt's changelog.

5.5.0

• Cap PyJWT version to <2.10.0 to avoid incompatibility with subject claim type requirement by @​grayver in jazzband/djangorestframework-simplejwt#843
• Add specific "token expired" exceptions by @​vainu-arto in jazzband/djangorestframework-simplejwt#830
• Fix user_id type mismatch when user claim is not pk by @​jdg-journeyfront in jazzband/djangorestframework-simplejwt#851
• Caching signing key by @​henryfool91 in jazzband/djangorestframework-simplejwt#859
• Adds new refresh tokens to OutstandingToken db. by @​thecarpetjasp in jazzband/djangorestframework-simplejwt#866

Commits

• faeea49 Update CHANGELOG.md (#869)
• eb8d61a Update locale files (#853)
• 93c4891 [pre-commit.ci] pre-commit autoupdate (#862)
• b962aca Adds new refresh tokens to OutstandingToken db. (#866)
• a041ccf Caching signing key (#859)
• a01cb8b Fix user_id type mismatch when user claim is not pk (#851)
• a9ee40d [pre-commit.ci] pre-commit autoupdate (#772)
• d4d0aaf Add ruff linter and formatter to pre-commit (#856)
• e99ea81 chore: clean redefinition of mock_jwk_module in backend tests (#855)
• d9c7331 remove unused imports
• Additional commits viewable in compare view

Updates environs from 14.1.0 to 14.1.1

Changelog

Sourced from environs's changelog.

14.1.1 (2025-02-10)

Bug fixes:

• Typing: Fix typing for env.list and env.dict to properly handle default and subcast arguments (#406). Thanks lucas-bremond for the PR.
• Add env to __all__ (#396). Thanks daveflr for reporting.

Changes:

• Backwards-incompatible: recurse, verbose, override, and return_path parameters to Env.read_env are now keyword-only.
• Backwards-incompatible: The required argument to parser methods is removed. Call a parser method without a default value to make it required.

Commits

• d784ad9 Bump version and update changelog
• 966c757 fix: properly handle typing of list and dict with defined defaults (#407)
• a5534cb [pre-commit.ci] pre-commit autoupdate (#405)
• 26c5c82 Fix up doc
• f460dbe Remove required argument from parser methods (#403)
• 051f36b Clarify usage of env.url (#401)
• e2a1c79 Use all ruff rules except ones explicitly ignored (#399)
• 0583dd9 Typing fixes (#398)
• d1a2f2c Add env to all (#397)
• 054fd1d Fix mypy config to only run against src and tests (#394)
• Additional commits viewable in compare view

Updates psycopg from 3.2.4 to 3.2.5

Changelog

Sourced from psycopg's changelog.

.. currentmodule:: psycopg

.. index:: single: Release notes single: News

psycopg release notes

Future releases

Python 3.3.0 (unreleased) ^^^^^^^^^^^^^^^^^^^^^^^^^

• Drop support for Python 3.8.

Current release

Psycopg 3.2.5 ^^^^^^^^^^^^^

• 3x faster UUID loading thanks to C implementation (:tickets:[#447](https://github.com/psycopg/psycopg/issues/447), [#998](https://github.com/psycopg/psycopg/issues/998)).

Psycopg 3.2.4 ^^^^^^^^^^^^^

• Don't lose notifies received whilst the ~Connection.notifies() iterator is not running (:ticket:[#962](https://github.com/psycopg/psycopg/issues/962)).
• Make sure that the notifies callback is called during the use of the ~Connection.notifies() generator (:ticket:[#972](https://github.com/psycopg/psycopg/issues/972)).
• Raise the correct error returned by the database (such as !AdminShutdown or !IdleInTransactionSessionTimeout) instead of a generic OperationalError when a server error causes a client disconnection (:ticket:[#988](https://github.com/psycopg/psycopg/issues/988)).
• Build macOS dependencies from sources instead using the Homebrew versions in order to avoid problems with MACOSX_DEPLOYMENT_TARGET (:ticket:[#858](https://github.com/psycopg/psycopg/issues/858)).
• Bump libpq to 17.2 in Linux and macOS binary packages.
• Bump libpq to 16.4 in Windows binary packages, using the vcpkg library__ (:ticket:[#966](https://github.com/psycopg/psycopg/issues/966)).

.. __: https://vcpkg.io/en/package/libpq

Psycopg 3.2.3 ^^^^^^^^^^^^^

... (truncated)

Commits

• 664b2a1 chore: bump psycopg package version to 3.2.5
• cd6589b chore: bump build libraries
• 68f8603 Merge branch 'cython-uuid-3.2' into maint-3.2
• dd1cefc docs: mention UUID speedup in release news
• 7f950cb chore(c): remove C UUIDDumper and UUIDBinaryDumper
• 393e162 perf(uuid): speed up UUID creation using a writable subclass
• 57a3889 perf(c): use PyObject_CallFunctionObjArgs in UUIDBinaryLoader
• 88f73fe perf(c): use PyObject_CallFunctionObjArgs in UUIDLoader
• 3a9ade7 test(c): test UUID.slots
• 811cb51 perf(c): Use hex_to_int_map in UUIDLoader
• Additional commits viewable in compare view

Updates whitenoise from 6.8.2 to 6.9.0

Changelog

Sourced from whitenoise's changelog.

6.9.0 (2025-02-06)

• Support Django 5.2.

Commits

• 62fbf7a Version 6.9.0
• 3bd4c67 Support Django 5.2 (#633)
• ae3fa94 Run pre-commit, coverage, and readthedocs on Python 3.13
• 9ee33c9 Upgrade Black used by blacken-docs to 25.1.0
• fd735f6 [pre-commit.ci] pre-commit autoupdate (#632)
• 80b8941 Remove documentation note on old request_finished bug (#631)
• 85f2ad9 Upgrade requirements (#624)
• 2cafe86 [pre-commit.ci] pre-commit autoupdate (#623)
• 1093c9a Bump astral-sh/setup-uv from 4 to 5 in the github-actions group (#622)
• 36c8b3e Upgrade requirements (#620)
• Additional commits viewable in compare view

Updates flake8 from 7.1.1 to 7.1.2

Commits

• fffee8b Release 7.1.2
• 19001f7 Merge pull request #1966 from PyCQA/limit-procs-to-file-count
• f35737a avoid starting unnecessary processes when file count is limited
• See full diff in compare view

Updates isort from 6.0.0 to 6.0.1

Release notes

Sourced from isort's releases.

6.0.1

Changes

• fix multi_line_output_modes docs (#2096) @​xinydev
• Ruff rules PT for pytest (#2372) @​cclauss
• Ruff rules B017, B028, and E203 (#2371) @​cclauss
• Lint Python code with ruff (#2359) @​cclauss
• Fix test_find_imports_in_file_error failing on Windows (#2369) @​kobarity
• Move flake8 settings into pyproject.toml (#2360) @​cclauss
• Upgrade to uv>=0.6.0 and enable-cache (#2364) @​cclauss
• Apply some ruff rules (#2353) @​cclauss

🪲 Fixes

• Add OSError handling in find_imports_in_file (#2331) @​kobarity
• Link GH as changelog (#2354) @​staticdev

👷 Continuous Integration

• Remove Safety (#2373) @​staticdev

Commits

• c8ab4a5 Merge pull request #2096 from xinydev/fix-docs
• ee477e9 Merge branch 'main' into fix-docs
• 790bb06 Merge pull request #2372 from cclauss/ruff-rules-PT
• 168d850 Merge branch 'main' into ruff-rules-PT
• 6165d6b Merge pull request #2373 from PyCQA/ci/remove-safety
• f776259 Remove Safety
• 176ada2 Ruff rules PT for pytest
• 3305894 Merge pull request #2371 from cclauss/ruff-rules-B017-B028-E203
• 1708f3e Ruff rules B017, B028, and E203
• 1157b58 Merge pull request #2359 from cclauss/ruff
• Additional commits viewable in compare view

Updates locust from 2.32.8 to 2.33.0

Release notes

Sourced from locust's releases.

2.33.0

What's Changed

• Bump vitest from 2.1.6 to 2.1.9 in /locust/webui by @​dependabot in locustio/locust#3044
• Remove uv lock file from build artifacts by @​mquinnfd in locustio/locust#3055
• FastHttpUser: Accept brotli and zstd compression encoding by @​kamilbednarz in locustio/locust#3048
• Improve error message on missing user_count or spawn_rate in swarm payload by @​cyberw in locustio/locust#3052
• Enable HTML Report Filename Parsing by @​ktchani in locustio/locust#3049
• Update vite to 6.0.11 by @​cyberw in locustio/locust#3056
• Use enter to automatically open web UI in default browser by @​cyberw in locustio/locust#3057
• dos: correct venv activation path in docs by @​n0h0 in locustio/locust#3058
• docs: update python-requests documentation links by @​n0h0 in locustio/locust#3059

New Contributors

• @​kamilbednarz made their first contribution in locustio/locust#3048
• @​ktchani made their first contribution in locustio/locust#3049
• @​n0h0 made their first contribution in locustio/locust#3058

Full Changelog: locustio/locust@2.32.10...2.33.0

2.32.10

What's Changed

• Use uv/hatch instead of Poetry by @​mquinnfd in locustio/locust#3039
• Add uv lock file to builds by @​mquinnfd in locustio/locust#3047

Full Changelog: locustio/locust@2.32.9...2.32.10

2.32.9

What's Changed

• Fix issue where empty WebUI property is not parsed correctly by @​timhovius in locustio/locust#3012
• Update docs for stats.py file by @​gabriel-check24 in locustio/locust#3038
• Add iter_lines Method to FastHttpSession Class by @​MasterKey-Pro in locustio/locust#3024

New Contributors

• @​timhovius made their first contribution in locustio/locust#3012
• @​gabriel-check24 made their first contribution in locustio/locust#3038
• @​MasterKey-Pro made their first contribution in locustio/locust#3024

Full Changelog: locustio/locust@2.32.8...2.32.9

Changelog

Sourced from locust's changelog.

2.33.0 (2025-02-24)

Full Changelog

Fixed bugs:

• uv.lock ends up in root of site-packages #3053

2.33.0 (2025-02-22)

Full Changelog

Fixed bugs:

• UnboundLocalError: local variable 'user_count' referenced before assignment #3051

Merged pull requests:

• docs: update python-requests documentation links #3059 (n0h0)
• dos: correct venv activation path in docs #3058 (n0h0)
• Use enter to automatically open web UI in default browser #3057 (cyberw)
• Update vite to 6.0.11 #3056 (cyberw)
• Remove uv lock file from build artifacts #3055 (mquinnfd)
• Improve error message on missing user_count or spawn_rate in swarm payload #3052 (cyberw)
• Enable HTML Report Filename Parsing #3049 (ktchani)
• FastHttpUser: Accept brotli and zstd compression encoding #3048 (kamilbednarz)
• Bump vitest from 2.1.6 to 2.1.9 in /locust/webui #3044 (dependabot[bot])

2.32.10 (2025-02-18)

Full Changelog

Closed issues:

• Switch from Poetry to uv #3033

Merged pull requests:

• Add uv lock file to builds #3047 (mquinnfd)
• Use uv/hatch instead of Poetry #3039 (mquinnfd)

2.32.9 (2025-02-10)

Full Changelog

Fixed bugs:

• Cannot Update Custom options in the Web UI when Default Value is None #3011

Merged pull requests:

... (truncated)

Commits

• c5af270 Merge pull request #3059 from n0h0/fix-python-requests-link
• d01765d Merge pull request #3058 from n0h0/fix-venv-bin-activate
• 6335881 docs: update python-requests documentation links
• 018cbb5 dos: correct venv activation path in docs
• d6812b2 Update changelog (going to bump minor revision in next release)
• 77831cd Merge pull request #3057 from locustio/Use-enter-to-automatically-open-web-ui...
• a8c7b90 Use enter to open webui: Support mac/unix style newlines & fix test case.
• 5984304 Use enter to open UI in default browser
• c6eaf25 Update changelog in preparation of 2.32.11
• 3bb8ff0 Merge pull request #3056 from locustio/update-vite
• Additional commits viewable in compare view

Updates model-bakery from 1.20.1 to 1.20.4

Release notes

Sourced from model-bakery's releases.

1.20.4

What's Changed

• fix: should not skip auto now fields but assign with specified value by @​mattwang44 in model-bakers/model_bakery#520

Full Changelog: model-bakers/model_bakery@1.20.3...1.20.4

1.20.3

What's Changed

• fix: auto now fields should be skipped by @​mattwang44 in model-bakers/model_bakery#507
• Isolate Recipe defaults to prevent modification via instances by @​gildegoma in model-bakers/model_bakery#509

New Contributors

• @​mattwang44 made their first contribution in model-bakers/model_bakery#507
• @​gildegoma made their first contribution in model-bakers/model_bakery#509

Full Changelog: model-bakers/model_bakery@1.20.2...1.20.3

1.20.2

What's Changed

• fix and test regression in 1.18.3 forbidding setting GFK by a function by @​PetrDlouhy in model-bakers/model_bakery#515
• fix and test regression in 1.19.3 forbidding setting GFK via proxy model by @​PetrDlouhy in model-bakers/model_bakery#517

New Contributors

• @​PetrDlouhy made their first contribution in model-bakers/model_bakery#515

Full Changelog: model-bakers/model_bakery@1.20.1...1.20.2

Changelog

Sourced from model-bakery's changelog.

1.20.4

Changed

• Fix regression introduced in 1.20.3 that prevented using auto_now and auto_now_add fields with seq or callable.

1.20.3

Changed

• Fix support of auto_now and auto_now_add fields in combination with _fill_optional
• Isolate Recipe defaults to prevent modification via instances

1.20.2

Changed

• Fix setting GFK parameter by a callable
• Fix regression forbidding using Proxy models as GFK

Commits

• 2ef7632 Bump 1.20.4
• 096742d Fix #519 --Do not skip auto now fields, but assign with specified value (#520)
• 8051e3f Bump 1.20.3
• c648c1e Isolate Recipe defaults to prevent modification via instances (#509)
• c0af32a Fix support of auto_now fields in combination with _fill_optional (#507)
• 258dfb2 Bump 1.20.2
• 8f826f0 Attempt to fix docs
• f0ab3fc Fix #518 -- fix regression forbidding setting GFK via proxy model (#517)
• 52355a8 Fix #516 -- fix regression forbidding setting GFK by a function (#515)
• See full diff in compare view

Updates pytest-django from 4.9.0 to 4.10.0

Release notes

Sourced from pytest-django's releases.

v4.10.0

https://github.com/pytest-dev/pytest-django/blob/main/docs/changelog.rst#v4100-2025-02-10

Changelog

Sourced from pytest-django's changelog.

v4.10.0 (2025-02-10)

Compatibility ^^^^^^^^^^^^^

• Added official support for Python 3.13.

Improvements ^^^^^^^^^^^^

• Added using argument to :fixture:django_assert_num_queries and :fixture:django_assert_max_num_queries to easily specify the database alias to use.

Bugfixes ^^^^^^^^

• Fixed lock/unlock of db breaks if pytest is executed twice in the same process.

Commits

• d8dc3d9 Release 4.10.0
• 50a5578 build(deps): bump hynek/build-and-inspect-python-package
• 54a5950 build(deps): bump pypa/gh-action-pypi-publish from 1.10.0 to 1.12.4
• c030eb9 Bump codecov/codecov-action from 4 to 5
• 0ee43ef Adds using to django_assert_num_queries (#1170)
• c3018d6 Developer QOL (#1174)
• 120c2a5 ci: update runs-on to ubuntu 24.04
• ba6c6a6 tox: update ruff and mypy
• e2c6cee Add Python 3.13 support
• f422f1d Remove setup.py file
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions