deps: bump the django group across 1 directory with 9 updates

[dependabot]

Updates the requirements on django, django-allauth, django-import-export, django-parler, django-lifecycle, django-guardian, django-polymorphic, django-flex-menus and django-hijack to permit the latest version.
Updates django from 5.2.12 to 5.2.15

Commits

• 21e9840 [5.2.x] Bumped version for 5.2.15 release.
• 9b62b0a [5.2.x] Fixed CVE-2026-48587 -- Ignored whitespace padding when checking Vary...
• 050a3dc [5.2.x] Fixed CVE-2026-35193 -- Varied on Authorization when caching non-publ...
• 366d9ae [5.2.x] Fixed CVE-2026-8404 -- Used Cache-Control directives case-insensitive...
• 4e47d2b [5.2.x] Fixed CVE-2026-7666 -- Delayed setting SMTP connection until fully co...
• 594360c [5.2.x] Fixed CVE-2026-6873 -- Prevented signed cookie salt namespace collisi...
• e074d83 [5.2.x] Included commit hash in checksum file when building artifacts for rel...
• c502754 [5.2.x] Updated links to severity levels in release notes.
• 72f5b41 [5.2.x] Added stub release notes and release date for 5.2.15.
• 7084825 [5.2.x] Refs #35844 -- Ran further selenium tests with --parallel=1.
• Additional commits viewable in compare view

Updates django-allauth from 65.14.3 to 65.18.0

Commits

• See full diff in compare view

Updates django-import-export from 4.4.0 to 4.4.1

Release notes

Sourced from django-import-export's releases.

4.4.1

• Changelog

Changelog

Sourced from django-import-export's changelog.

4.4.1 (2026-05-05)

• Refactor lookup value retrieval in Field and CachedForeignKeyWidget (2146 <https://github.com/django-import-export/django-import-export/pull/2146>_)
• Fix IncorrectLookupParameters when exporting from filtered change view (2154 <https://github.com/django-import-export/django-import-export/pull/2154>_)
• Fix console error 'resource select input not found' on export (2158 <https://github.com/django-import-export/django-import-export/pull/2158>_)
• Fix CachedForeignKeyWidget type mismatch on non-string lookup fields (2159 <https://github.com/django-import-export/django-import-export/pull/2159>_)

Commits

• f4cfc4d updated changelog
• See full diff in compare view

Updates django-parler from 2.3 to 2.4

Release notes

Sourced from django-parler's releases.

v2.4

What's Changed

• feat: Add Django 6.0 and Python 3.13 support, fix deprecated APIs by @​t0kubetsu in django-parler/django-parler#368
• fix: Handle delete "keep_parents" args in django Model.delete() by @​pierreben in django-parler/django-parler#366
• fix: test on Django 5 by @​mbi in django-parler/django-parler#359
• fix: typo by @​moritztim in django-parler/django-parler#355
• fix: check cache before clear by @​elterrien in django-parler/django-parler#356
• fix: fallback to Meta.formfield_callback by @​arthurschuster in django-parler/django-parler#352
• fix: documentation for django-polymorphic imports by @​anachronic in django-parler/django-parler#317
• fix: drop Django 5.0 support; admin uses log_deletions (added in 5.1) by @​t0kubetsu in django-parler/django-parler#370
• docs: Fix a few typos by @​timgates42 in django-parler/django-parler#323
• docs: Bump django from 2.2.24 to 3.2.24 in /docs/_ext/djangodummy by @​dependabot[bot] in django-parler/django-parler#349
• docs: Bump djangorestframework from 3.12.4 to 3.15.2 in /docs/_ext/djangodummy by @​dependabot[bot] in django-parler/django-parler#371
• chore: Enhance tests workflow with coverage reporting by @​fsbraun in django-parler/django-parler#372
• chore: Add GitHub Actions workflow for publishing to PyPI by @​fsbraun in django-parler/django-parler#374
• chore: Install Django in publish-to-live-pypi workflow by @​fsbraun in django-parler/django-parler#375
• chore: Syntax in pypi actions by @​fsbraun in django-parler/django-parler#376

New Contributors

• @​pierreben made their first contribution in django-parler/django-parler#366
• @​mbi made their first contribution in django-parler/django-parler#359
• @​moritztim made their first contribution in django-parler/django-parler#355
• @​elterrien made their first contribution in django-parler/django-parler#356
• @​t0kubetsu made their first contribution in django-parler/django-parler#368
• @​arthurschuster made their first contribution in django-parler/django-parler#352
• @​fsbraun made their first contribution in django-parler/django-parler#372
• @​anachronic made their first contribution in django-parler/django-parler#317

Full Changelog: django-parler/django-parler@v2.3...v2.4

Changelog

Sourced from django-parler's changelog.

Changes in 2.4 (2026-05-14)

Attention: django-parler 2.4 induces migrations to translated models by replacing unique_together be a unique constraint. This missing migration can show up as a warning.

• Added Django 6.0 support.
• Added Python 3.13 support.
• Dropped Django 4.2 LTS support (end of extended support, April 2026).
• Dropped Django 5.0 support. The admin's delete_translation view calls ModelAdmin.log_deletions, which was introduced in Django 5.1 — so translation deletion raised AttributeError on 5.0. The install requirement is now Django>=5.1.
• Replaced removed csrf_protect_m decorator with @method_decorator(csrf_protect) in the admin.
• Replaced deprecated unique_together with models.UniqueConstraint in the translated fields model.
• Added a validate_constraints() call alongside validate_unique() in form validation so UniqueConstraint violations surface through the form.
• Updated log_deletion() call to the renamed log_deletions() with its new signature (Django 6).
• Fixed a thread-safety bug in SortedSelectMixin.sort_choices() where the deep-copy guard was skipped for the second and later optgroups, causing .sort() to mutate the caller's choices list.
• Expanded the test suite with new modules covering admin views, cache, forms, managers, model construction, template tags, views, and widgets.
• Test matrix: Django 5.1, 5.2, 6.0 × Python 3.10–3.13.

Commits

• 60e9841 fix: Syntax in pypi actions (#376)
• 85d0020 Install Django in publish-to-live-pypi workflow (#375)
• 101fded chore: Add GitHub Actions workflow for publishing to PyPI (#374)
• 2b0bf19 Update changelog for version 2.4 release date
• e676606 fix: drop Django 5.0 support; admin uses log_deletions (added in 5.1) (#370)
• 01893a3 Fix documentation for django-polymorphic imports (#317)
• f85c705 chore: Enhance tests workflow with coverage reporting (#372)
• 72dd293 Bump djangorestframework from 3.12.4 to 3.15.2 in /docs/_ext/djangodummy (#371)
• 40d00c2 Bump django from 2.2.24 to 3.2.24 in /docs/_ext/djangodummy (#349)
• eef87ce fallback to Meta.formfield_callback (#352)
• Additional commits viewable in compare view

Updates django-lifecycle from 1.2.7 to 1.3.0

Release notes

Sourced from django-lifecycle's releases.

1.3.0

What's Changed

• Update supported Python/Django versions for pypi and fix badges by @​marciomazza in rsinger86/django-lifecycle#185

Full Changelog: rsinger86/django-lifecycle@1.2.7...1.3.0

Changelog

Sourced from django-lifecycle's changelog.

1.3.0

• Confirm support for Python 3.13, 3.14 and Django 6.0. Thanks, @​marciomazza!

Commits

• 0021726 chore: Bump version to 1.3.0
• f1cee0b Merge pull request #185 from marciomazza/fix/missing-pypi-versions
• 2c5c416 Update supported Python/Django versions and fix badges
• See full diff in compare view

Updates django-guardian from 3.3.0 to 3.3.2

Release notes

Sourced from django-guardian's releases.

3.3.2

What's Changed

• Add note box regarding Meta inheritance by @​rgaiacs in django-guardian/django-guardian#973
• Fixed user and group inconsistency with get perms by @​paulmartin91 in django-guardian/django-guardian#974
• Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 in the github-actions group by @​dependabot[bot] in django-guardian/django-guardian#981
• Documentation: fix readme link to docs, add paperless-ngx to usage by @​shamoon in django-guardian/django-guardian#980
• Move common code from shortcuts into dedicated methods by @​sevdog in django-guardian/django-guardian#982
• Bump the github-actions group with 2 updates by @​dependabot[bot] in django-guardian/django-guardian#993
• Remove a query in prefetch_perms() #813 by @​jacobtylerwalls in django-guardian/django-guardian#991
• Avoid external Actions badge in testing docs by @​marko1olo in django-guardian/django-guardian#996
• Bump version to 3.3.2 by @​Natgho in django-guardian/django-guardian#997

New Contributors

• @​rgaiacs made their first contribution in django-guardian/django-guardian#973
• @​shamoon made their first contribution in django-guardian/django-guardian#980
• @​jacobtylerwalls made their first contribution in django-guardian/django-guardian#991
• @​marko1olo made their first contribution in django-guardian/django-guardian#996

Full Changelog: django-guardian/django-guardian@3.3.1...3.3.2

3.3.1

What's Changed

• Improve managers typing and reduce code duplication by @​sevdog in django-guardian/django-guardian#962
• add dependabot configuration by @​Natgho in django-guardian/django-guardian#964
• Bump the github-actions group with 3 updates by @​dependabot[bot] in django-guardian/django-guardian#965
• Fix possible IndexError when trying to bulk-assign permissions by @​sevdog in django-guardian/django-guardian#969
• 🤖 Update coverage badge to 97.8% by @​github-actions[bot] in django-guardian/django-guardian#970
• Fix indentation in code example by @​jmwhitworth in django-guardian/django-guardian#971
• Bump astral-sh/setup-uv from 5 to 7 in the github-actions group by @​dependabot[bot] in django-guardian/django-guardian#975
• release process section is added by @​Natgho in django-guardian/django-guardian#977
• 429 document how to migrate from generic object permissions to direct foreign keys by @​Natgho in django-guardian/django-guardian#978
• Issue966 by @​Natgho in django-guardian/django-guardian#976
• minor version update by @​Natgho in django-guardian/django-guardian#979

New Contributors

• @​jmwhitworth made their first contribution in django-guardian/django-guardian#971

Full Changelog: django-guardian/django-guardian@3.3.0...3.3.1

Commits

• ad73590 Merge pull request #997 from django-guardian/3_3_2_version_bump
• cb664c7 Bump version to 3.3.2
• a23ab07 Merge pull request #996 from marko1olo/fix-rtd-testing-badge-fetch
• 6f400c4 Avoid external Actions badge in docs
• 9fde55e Merge pull request #991 from jacobtylerwalls/jtw/remove-query
• cea2abf Merge branch 'main' into jtw/remove-query
• fadf39b Merge pull request #993 from django-guardian/dependabot/github_actions/github...
• dc370d0 Bump the github-actions group with 2 updates
• 3c4db78 Address review.
• cd59107 Remove a query in prefetch_perms() #813
• Additional commits viewable in compare view

Updates django-polymorphic from 4.11.2 to 4.11.5

Release notes

Sourced from django-polymorphic's releases.

v4.11.5

What's Changed

• Zizmor fixes by @​bckohan in django-commons/django-polymorphic#889
• Add remaining tests for coverage by @​bckohan in django-commons/django-polymorphic#876
• fix: return first PolymorphicParentModelAdmin by @​niltonpimentel02 in django-commons/django-polymorphic#894
• Fix concurrency setting on reusable workflows by @​bckohan in django-commons/django-polymorphic#900

Full Changelog: django-commons/django-polymorphic@v4.11.4...v4.11.5

v4.11.4

What's Changed

• Bump the gha-updates group with 6 updates by @​dependabot[bot] in django-commons/django-polymorphic#888
• Bump urllib3 from 2.6.3 to 2.7.0 by @​dependabot[bot] in django-commons/django-polymorphic#891
• Bump idna from 3.13 to 3.15 by @​dependabot[bot] in django-commons/django-polymorphic#892
• 🤖 Update Code of Conduct 🤖 by @​github-actions[bot] in django-commons/django-polymorphic#897
• fix pylint errors on all() and filter() by @​bckohan in django-commons/django-polymorphic#899

Full Changelog: django-commons/django-polymorphic@v4.11.3...v4.11.4

v4.11.3

What's Changed

• Bump requests from 2.32.5 to 2.33.0 by @​dependabot[bot] in django-commons/django-polymorphic#877
• Bump cryptography from 46.0.5 to 46.0.6 by @​dependabot[bot] in django-commons/django-polymorphic#878
• Bump pygments from 2.19.2 to 2.20.0 by @​dependabot[bot] in django-commons/django-polymorphic#879
• Bump pytest from 9.0.2 to 9.0.3 by @​dependabot[bot] in django-commons/django-polymorphic#882
• Bump cryptography from 46.0.6 to 46.0.7 by @​dependabot[bot] in django-commons/django-polymorphic#881
• Bump the gha-updates group with 7 updates by @​dependabot[bot] in django-commons/django-polymorphic#880
• jazzband -> django-commons updates by @​bckohan in django-commons/django-polymorphic#883
• 🤖 Update Code of Conduct 🤖 by @​github-actions[bot] in django-commons/django-polymorphic#884
• upgrade lock file, upgrade type checking, cut release for django-commons by @​bckohan in django-commons/django-polymorphic#885
• move codecov from token to oidc by @​bckohan in django-commons/django-polymorphic#886
• fix release workflow by @​bckohan in django-commons/django-polymorphic#887

New Contributors

• @​github-actions[bot] made their first contribution in django-commons/django-polymorphic#884

Full Changelog: django-commons/django-polymorphic@v4.11.2...v4.11.3

Commits

• c60b16b Fix concurrency setting on reusable workflows
• b72b987 add one additional test, update changelog, bump version
• 5a7fe54 Potential fix for pull request finding
• ff11ac8 fix: return first PolymorphicParentModelAdmin
• 5b16d49 revert playwright browser install change, address review findings
• 47ebd5b fix tests
• f76dbf6 add remaining tests for coverage
• 94415bd remove name on code cov upload
• 75607d5 format all workflows
• 387a4c1 pin docker images, add zizmor config
• Additional commits viewable in compare view

Updates django-flex-menus to 0.4.2

Release notes

Sourced from django-flex-menus's releases.

Release v0.4.2

• no changes

Commits

• fb4742d update release workflow
• 44c3e26 update release wo
• e3f7094 update build.yml
• 175dd85 update build.yml
• 86910d1 Release v0.4.2
• 0add13c update gitignore
• 120407e remove api docs
• c1e8b62 new release
• 4914800 refactor: move flex_menu out of src/ layout
• ae894cc update docs build command
• Additional commits viewable in compare view

Updates django-hijack from 3.7.6 to 3.7.8

Release notes

Sourced from django-hijack's releases.

3.7.8

What's Changed

• Fix #823 -- Prevent stale request.user copy in hijack middleware by @​M-Hassan-Raza in django-hijack/django-hijack#893

New Contributors

• @​M-Hassan-Raza made their first contribution in django-hijack/django-hijack#893

Full Changelog: django-hijack/django-hijack@3.7.7...3.7.8

3.7.7

What's Changed

• Improve project link by @​adamchainz in django-hijack/django-hijack#892

New Contributors

• @​adamchainz made their first contribution in django-hijack/django-hijack#892

Full Changelog: django-hijack/django-hijack@3.7.6...3.7.7

Commits

• 37ab9a2 Fix #823 -- Prevent stale request.user copy in hijack middleware (#893)
• ba7a008 Bump ruff from 0.15.10 to 0.15.11
• e65176c Bump ruff from 0.15.9 to 0.15.10
• e1888e0 Bump ruff from 0.15.8 to 0.15.9
• cc2fede Bump global-jsdom from 28.0.0 to 29.0.0
• c33ac49 Bump jsdom from 28.1.0 to 29.0.1
• 416235f Bump codecov/codecov-action from 5 to 6
• e53f7e5 Bump ruff from 0.15.7 to 0.15.8
• b8b01cf Fix existing and all relevant project links
• 6cbc23a Bump ruff from 0.15.6 to 0.15.7
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

👀 Manual Review Required

Reason: Requires manual review (critical package or major/minor update)

This dependency update requires manual review before merging.

Please:

1. Review the changelog
2. Check for breaking changes
3. Verify tests pass
4. Merge when ready

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.