deps: bump the django group across 1 directory with 8 updates

[dependabot]

Updates the requirements on django, django-allauth, django-import-export, django-parler, django-guardian, django-polymorphic, django-flex-menus and django-hijack to permit the latest version.
Updates django from 5.2.12 to 5.2.14

Commits

• 024c26b [5.2.x] Bumped version for 5.2.14 release.
• 2115d4e [5.2.x] Fixed CVE-2026-6907 -- Prevented caching of requests when Vary header...
• 47cf968 [5.2.x] Fixed CVE-2026-35192 -- Ensured Vary header is sent when setting sess...
• 2ec27ed [5.2.x] Fixed CVE-2026-5766 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE in Memory...
• ed18840 [5.2.x] Fixed typo in stub release notes for 5.2.14.
• de3f622 [5.2.x] Added stub release notes and release date for 5.2.14.
• fb61c8a [5.2.x] Refs CVE-2026-4292 -- Isolated new test in AdminViewListEditable.
• bd1a758 [5.2.x] Fixed two issues in release helper scripts/verify_release.sh.
• da57aaa [5.2.x] Added CVE-2026-3902, CVE-2026-4277, CVE-2026-4292, CVE-2026-33033, an...
• c9a8bdb [5.2.x] Post-release version bump.
• Additional commits viewable in compare view

Updates django-allauth from 65.14.3 to 65.16.1

Commits

• See full diff in compare view

Updates django-import-export from 4.4.0 to 4.4.1

Release notes

Sourced from django-import-export's releases.

4.4.1

• Changelog

Changelog

Sourced from django-import-export's changelog.

4.4.1 (2026-05-05)

• Refactor lookup value retrieval in Field and CachedForeignKeyWidget (2146 <https://github.com/django-import-export/django-import-export/pull/2146>_)
• Fix IncorrectLookupParameters when exporting from filtered change view (2154 <https://github.com/django-import-export/django-import-export/pull/2154>_)
• Fix console error 'resource select input not found' on export (2158 <https://github.com/django-import-export/django-import-export/pull/2158>_)
• Fix CachedForeignKeyWidget type mismatch on non-string lookup fields (2159 <https://github.com/django-import-export/django-import-export/pull/2159>_)

Commits

• f4cfc4d updated changelog
• See full diff in compare view

Updates django-parler from 2.3 to 2.4

Release notes

Sourced from django-parler's releases.

v2.4

What's Changed

• feat: Add Django 6.0 and Python 3.13 support, fix deprecated APIs by @​t0kubetsu in django-parler/django-parler#368
• fix: Handle delete "keep_parents" args in django Model.delete() by @​pierreben in django-parler/django-parler#366
• fix: test on Django 5 by @​mbi in django-parler/django-parler#359
• fix: typo by @​moritztim in django-parler/django-parler#355
• fix: check cache before clear by @​elterrien in django-parler/django-parler#356
• fix: fallback to Meta.formfield_callback by @​arthurschuster in django-parler/django-parler#352
• fix: documentation for django-polymorphic imports by @​anachronic in django-parler/django-parler#317
• fix: drop Django 5.0 support; admin uses log_deletions (added in 5.1) by @​t0kubetsu in django-parler/django-parler#370
• docs: Fix a few typos by @​timgates42 in django-parler/django-parler#323
• docs: Bump django from 2.2.24 to 3.2.24 in /docs/_ext/djangodummy by @​dependabot[bot] in django-parler/django-parler#349
• docs: Bump djangorestframework from 3.12.4 to 3.15.2 in /docs/_ext/djangodummy by @​dependabot[bot] in django-parler/django-parler#371
• chore: Enhance tests workflow with coverage reporting by @​fsbraun in django-parler/django-parler#372
• chore: Add GitHub Actions workflow for publishing to PyPI by @​fsbraun in django-parler/django-parler#374
• chore: Install Django in publish-to-live-pypi workflow by @​fsbraun in django-parler/django-parler#375
• chore: Syntax in pypi actions by @​fsbraun in django-parler/django-parler#376

New Contributors

• @​pierreben made their first contribution in django-parler/django-parler#366
• @​mbi made their first contribution in django-parler/django-parler#359
• @​moritztim made their first contribution in django-parler/django-parler#355
• @​elterrien made their first contribution in django-parler/django-parler#356
• @​t0kubetsu made their first contribution in django-parler/django-parler#368
• @​arthurschuster made their first contribution in django-parler/django-parler#352
• @​fsbraun made their first contribution in django-parler/django-parler#372
• @​anachronic made their first contribution in django-parler/django-parler#317

Full Changelog: django-parler/django-parler@v2.3...v2.4

Changelog

Sourced from django-parler's changelog.

Changes in 2.4 (2026-05-14)

• Added Django 6.0 support.
• Added Python 3.13 support.
• Dropped Django 4.2 LTS support (end of extended support, April 2026).
• Dropped Django 5.0 support. The admin's delete_translation view calls ModelAdmin.log_deletions, which was introduced in Django 5.1 — so translation deletion raised AttributeError on 5.0. The install requirement is now Django>=5.1.
• Replaced removed csrf_protect_m decorator with @method_decorator(csrf_protect) in the admin.
• Replaced deprecated unique_together with models.UniqueConstraint in the translated fields model.
• Added a validate_constraints() call alongside validate_unique() in form validation so UniqueConstraint violations surface through the form.
• Updated log_deletion() call to the renamed log_deletions() with its new signature (Django 6).
• Fixed a thread-safety bug in SortedSelectMixin.sort_choices() where the deep-copy guard was skipped for the second and later optgroups, causing .sort() to mutate the caller's choices list.
• Expanded the test suite with new modules covering admin views, cache, forms, managers, model construction, template tags, views, and widgets.
• Test matrix: Django 5.1, 5.2, 6.0 × Python 3.10–3.13.

Commits

• 60e9841 fix: Syntax in pypi actions (#376)
• 85d0020 Install Django in publish-to-live-pypi workflow (#375)
• 101fded chore: Add GitHub Actions workflow for publishing to PyPI (#374)
• 2b0bf19 Update changelog for version 2.4 release date
• e676606 fix: drop Django 5.0 support; admin uses log_deletions (added in 5.1) (#370)
• 01893a3 Fix documentation for django-polymorphic imports (#317)
• f85c705 chore: Enhance tests workflow with coverage reporting (#372)
• 72dd293 Bump djangorestframework from 3.12.4 to 3.15.2 in /docs/_ext/djangodummy (#371)
• 40d00c2 Bump django from 2.2.24 to 3.2.24 in /docs/_ext/djangodummy (#349)
• eef87ce fallback to Meta.formfield_callback (#352)
• Additional commits viewable in compare view

Updates django-guardian from 3.3.0 to 3.3.1

Release notes

Sourced from django-guardian's releases.

3.3.1

What's Changed

• Improve managers typing and reduce code duplication by @​sevdog in django-guardian/django-guardian#962
• add dependabot configuration by @​Natgho in django-guardian/django-guardian#964
• Bump the github-actions group with 3 updates by @​dependabot[bot] in django-guardian/django-guardian#965
• Fix possible IndexError when trying to bulk-assign permissions by @​sevdog in django-guardian/django-guardian#969
• 🤖 Update coverage badge to 97.8% by @​github-actions[bot] in django-guardian/django-guardian#970
• Fix indentation in code example by @​jmwhitworth in django-guardian/django-guardian#971
• Bump astral-sh/setup-uv from 5 to 7 in the github-actions group by @​dependabot[bot] in django-guardian/django-guardian#975
• release process section is added by @​Natgho in django-guardian/django-guardian#977
• 429 document how to migrate from generic object permissions to direct foreign keys by @​Natgho in django-guardian/django-guardian#978
• Issue966 by @​Natgho in django-guardian/django-guardian#976
• minor version update by @​Natgho in django-guardian/django-guardian#979

New Contributors

• @​jmwhitworth made their first contribution in django-guardian/django-guardian#971

Full Changelog: django-guardian/django-guardian@3.3.0...3.3.1

Commits

• 55d47ba Merge pull request #979 from django-guardian/version-update-3-3-1
• fefaa91 minor version update
• 8ea54bb Fix Issue 966 (#976)
• ec417f9 429 document how to migrate from generic object permissions to direct foreign...
• 5667e5b Add release process documentation (#977)
• 582fc93 Merge pull request #975 from django-guardian/dependabot/github_actions/github...
• 16abffc Bump astral-sh/setup-uv from 5 to 7 in the github-actions group
• 4dba1aa Merge pull request #971 from jmwhitworth/docs/fix-group-model
• 3cf3bee Merge pull request #970 from django-guardian/auto-update-coverage-badge
• 5cbcf7d Fix indentation in code example
• Additional commits viewable in compare view

Updates django-polymorphic from 4.11.2 to 4.11.3

Release notes

Sourced from django-polymorphic's releases.

v4.11.3

What's Changed

• Bump requests from 2.32.5 to 2.33.0 by @​dependabot[bot] in django-commons/django-polymorphic#877
• Bump cryptography from 46.0.5 to 46.0.6 by @​dependabot[bot] in django-commons/django-polymorphic#878
• Bump pygments from 2.19.2 to 2.20.0 by @​dependabot[bot] in django-commons/django-polymorphic#879
• Bump pytest from 9.0.2 to 9.0.3 by @​dependabot[bot] in django-commons/django-polymorphic#882
• Bump cryptography from 46.0.6 to 46.0.7 by @​dependabot[bot] in django-commons/django-polymorphic#881
• Bump the gha-updates group with 7 updates by @​dependabot[bot] in django-commons/django-polymorphic#880
• jazzband -> django-commons updates by @​bckohan in django-commons/django-polymorphic#883
• 🤖 Update Code of Conduct 🤖 by @​github-actions[bot] in django-commons/django-polymorphic#884
• upgrade lock file, upgrade type checking, cut release for django-commons by @​bckohan in django-commons/django-polymorphic#885
• move codecov from token to oidc by @​bckohan in django-commons/django-polymorphic#886
• fix release workflow by @​bckohan in django-commons/django-polymorphic#887

New Contributors

• @​github-actions[bot] made their first contribution in django-commons/django-polymorphic#884

Full Changelog: django-commons/django-polymorphic@v4.11.2...v4.11.3

Commits

• 866c93f fix release workflow
• 98c2b67 move codecov from token to oidc
• 46efb98 fix release workflow, spellcheck
• 0651e8b update setup-just action
• 814abca upgrade lock file, upgrade type checking, cut release for django-commons
• 4e977e6 Update CODE_OF_CONDUCT.md from django-commons
• 7c07349 jazzband -> django-commons updates
• 61b460c Bump the gha-updates group with 7 updates
• 77c8730 Bump cryptography from 46.0.6 to 46.0.7
• 0913418 Bump pytest from 9.0.2 to 9.0.3
• Additional commits viewable in compare view

Updates django-flex-menus to 0.4.2

Release notes

Sourced from django-flex-menus's releases.

Release v0.4.2

• no changes

Commits

• fb4742d update release workflow
• 44c3e26 update release wo
• e3f7094 update build.yml
• 175dd85 update build.yml
• 86910d1 Release v0.4.2
• 0add13c update gitignore
• 120407e remove api docs
• c1e8b62 new release
• 4914800 refactor: move flex_menu out of src/ layout
• ae894cc update docs build command
• Additional commits viewable in compare view

Updates django-hijack from 3.7.6 to 3.7.8

Release notes

Sourced from django-hijack's releases.

3.7.8

What's Changed

• Fix #823 -- Prevent stale request.user copy in hijack middleware by @​M-Hassan-Raza in django-hijack/django-hijack#893

New Contributors

• @​M-Hassan-Raza made their first contribution in django-hijack/django-hijack#893

Full Changelog: django-hijack/django-hijack@3.7.7...3.7.8

3.7.7

What's Changed

• Improve project link by @​adamchainz in django-hijack/django-hijack#892

New Contributors

• @​adamchainz made their first contribution in django-hijack/django-hijack#892

Full Changelog: django-hijack/django-hijack@3.7.6...3.7.7

Commits

• 37ab9a2 Fix #823 -- Prevent stale request.user copy in hijack middleware (#893)
• ba7a008 Bump ruff from 0.15.10 to 0.15.11
• e65176c Bump ruff from 0.15.9 to 0.15.10
• e1888e0 Bump ruff from 0.15.8 to 0.15.9
• cc2fede Bump global-jsdom from 28.0.0 to 29.0.0
• c33ac49 Bump jsdom from 28.1.0 to 29.0.1
• 416235f Bump codecov/codecov-action from 5 to 6
• e53f7e5 Bump ruff from 0.15.7 to 0.15.8
• b8b01cf Fix existing and all relevant project links
• 6cbc23a Bump ruff from 0.15.6 to 0.15.7
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

👀 Manual Review Required

Reason: Requires manual review (critical package or major/minor update)

This dependency update requires manual review before merging.

Please:

1. Review the changelog
2. Check for breaking changes
3. Verify tests pass
4. Merge when ready

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.