deps: bump the django group across 1 directory with 8 updates by dependabot[bot] · Pull Request #79 · FAIR-DM/fairdm

dependabot · 2026-06-19T15:36:32Z

Bumps the django group with 8 updates in the / directory:

Package	From	To
django	`5.2.12`	`5.2.15`
django-allauth	`65.14.3`	`65.18.0`
django-import-export	`4.4.0`	`4.4.1`
django-parler	`2.3`	`2.4`
django-lifecycle	`1.2.7`	`1.3.0`
django-guardian	`3.3.0`	`3.3.2`
django-polymorphic	`4.11.2`	`4.11.5`
django-hijack	`3.7.6`	`3.7.8`

Updates django from 5.2.12 to 5.2.15

Commits

21e9840 [5.2.x] Bumped version for 5.2.15 release.
9b62b0a [5.2.x] Fixed CVE-2026-48587 -- Ignored whitespace padding when checking Vary...
050a3dc [5.2.x] Fixed CVE-2026-35193 -- Varied on Authorization when caching non-publ...
366d9ae [5.2.x] Fixed CVE-2026-8404 -- Used Cache-Control directives case-insensitive...
4e47d2b [5.2.x] Fixed CVE-2026-7666 -- Delayed setting SMTP connection until fully co...
594360c [5.2.x] Fixed CVE-2026-6873 -- Prevented signed cookie salt namespace collisi...
e074d83 [5.2.x] Included commit hash in checksum file when building artifacts for rel...
c502754 [5.2.x] Updated links to severity levels in release notes.
72f5b41 [5.2.x] Added stub release notes and release date for 5.2.15.
7084825 [5.2.x] Refs #35844 -- Ran further selenium tests with --parallel=1.
Additional commits viewable in compare view

Updates django-allauth from 65.14.3 to 65.18.0

Commits

See full diff in compare view

Updates django-import-export from 4.4.0 to 4.4.1

Release notes

Sourced from django-import-export's releases.

4.4.1

Changelog

Changelog

Sourced from django-import-export's changelog.

4.4.1 (2026-05-05)

Refactor lookup value retrieval in Field and CachedForeignKeyWidget (2146 <https://github.com/django-import-export/django-import-export/pull/2146>_)

Fix IncorrectLookupParameters when exporting from filtered change view (2154 <https://github.com/django-import-export/django-import-export/pull/2154>_)

Fix console error 'resource select input not found' on export (2158 <https://github.com/django-import-export/django-import-export/pull/2158>_)

Fix CachedForeignKeyWidget type mismatch on non-string lookup fields (2159 <https://github.com/django-import-export/django-import-export/pull/2159>_)

Commits

f4cfc4d updated changelog
See full diff in compare view

Updates django-parler from 2.3 to 2.4

Release notes

Sourced from django-parler's releases.

v2.4

What's Changed

feat: Add Django 6.0 and Python 3.13 support, fix deprecated APIs by @t0kubetsu in django-parler/django-parler#368

fix: Handle delete "keep_parents" args in django Model.delete() by @pierreben in django-parler/django-parler#366

fix: test on Django 5 by @mbi in django-parler/django-parler#359

fix: typo by @moritztim in django-parler/django-parler#355

fix: check cache before clear by @elterrien in django-parler/django-parler#356

fix: fallback to Meta.formfield_callback by @arthurschuster in django-parler/django-parler#352

fix: documentation for django-polymorphic imports by @anachronic in django-parler/django-parler#317

fix: drop Django 5.0 support; admin uses log_deletions (added in 5.1) by @t0kubetsu in django-parler/django-parler#370

docs: Fix a few typos by @timgates42 in django-parler/django-parler#323

docs: Bump django from 2.2.24 to 3.2.24 in /docs/_ext/djangodummy by @dependabot[bot] in django-parler/django-parler#349

docs: Bump djangorestframework from 3.12.4 to 3.15.2 in /docs/_ext/djangodummy by @dependabot[bot] in django-parler/django-parler#371

chore: Enhance tests workflow with coverage reporting by @fsbraun in django-parler/django-parler#372

chore: Add GitHub Actions workflow for publishing to PyPI by @fsbraun in django-parler/django-parler#374

chore: Install Django in publish-to-live-pypi workflow by @fsbraun in django-parler/django-parler#375

chore: Syntax in pypi actions by @fsbraun in django-parler/django-parler#376

New Contributors

@pierreben made their first contribution in django-parler/django-parler#366

@mbi made their first contribution in django-parler/django-parler#359

@moritztim made their first contribution in django-parler/django-parler#355

@elterrien made their first contribution in django-parler/django-parler#356

@t0kubetsu made their first contribution in django-parler/django-parler#368

@arthurschuster made their first contribution in django-parler/django-parler#352

@fsbraun made their first contribution in django-parler/django-parler#372

@anachronic made their first contribution in django-parler/django-parler#317

Full Changelog: django-parler/django-parler@v2.3...v2.4

Changelog

Sourced from django-parler's changelog.

Changes in 2.4 (2026-05-14)

Attention: django-parler 2.4 induces migrations to translated models by replacing unique_together be a unique constraint. This missing migration can show up as a warning.

Added Django 6.0 support.

Added Python 3.13 support.

Dropped Django 4.2 LTS support (end of extended support, April 2026).

Dropped Django 5.0 support. The admin's delete_translation view calls ModelAdmin.log_deletions, which was introduced in Django 5.1 — so translation deletion raised AttributeError on 5.0. The install requirement is now Django>=5.1.

Replaced removed csrf_protect_m decorator with @method_decorator(csrf_protect) in the admin.

Replaced deprecated unique_together with models.UniqueConstraint in the translated fields model.

Added a validate_constraints() call alongside validate_unique() in form validation so UniqueConstraint violations surface through the form.

Updated log_deletion() call to the renamed log_deletions() with its new signature (Django 6).

Fixed a thread-safety bug in SortedSelectMixin.sort_choices() where the deep-copy guard was skipped for the second and later optgroups, causing .sort() to mutate the caller's choices list.

Expanded the test suite with new modules covering admin views, cache, forms, managers, model construction, template tags, views, and widgets.

Test matrix: Django 5.1, 5.2, 6.0 × Python 3.10–3.13.

Commits

60e9841 fix: Syntax in pypi actions (#376)
85d0020 Install Django in publish-to-live-pypi workflow (#375)
101fded chore: Add GitHub Actions workflow for publishing to PyPI (#374)
2b0bf19 Update changelog for version 2.4 release date
e676606 fix: drop Django 5.0 support; admin uses log_deletions (added in 5.1) (#370)
01893a3 Fix documentation for django-polymorphic imports (#317)
f85c705 chore: Enhance tests workflow with coverage reporting (#372)
72dd293 Bump djangorestframework from 3.12.4 to 3.15.2 in /docs/_ext/djangodummy (#371)
40d00c2 Bump django from 2.2.24 to 3.2.24 in /docs/_ext/djangodummy (#349)
eef87ce fallback to Meta.formfield_callback (#352)
Additional commits viewable in compare view

Updates django-lifecycle from 1.2.7 to 1.3.0

Release notes

Sourced from django-lifecycle's releases.

1.3.0

What's Changed

Update supported Python/Django versions for pypi and fix badges by @marciomazza in rsinger86/django-lifecycle#185

Full Changelog: rsinger86/django-lifecycle@1.2.7...1.3.0

Changelog

Sourced from django-lifecycle's changelog.

1.3.0

Confirm support for Python 3.13, 3.14 and Django 6.0. Thanks, @marciomazza!

Commits

0021726 chore: Bump version to 1.3.0
f1cee0b Merge pull request #185 from marciomazza/fix/missing-pypi-versions
2c5c416 Update supported Python/Django versions and fix badges
See full diff in compare view

Updates django-guardian from 3.3.0 to 3.3.2

Release notes

Sourced from django-guardian's releases.

3.3.2

What's Changed

Add note box regarding Meta inheritance by @rgaiacs in django-guardian/django-guardian#973

Fixed user and group inconsistency with get perms by @paulmartin91 in django-guardian/django-guardian#974

Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 in the github-actions group by @dependabot[bot] in django-guardian/django-guardian#981

Documentation: fix readme link to docs, add paperless-ngx to usage by @shamoon in django-guardian/django-guardian#980

Move common code from shortcuts into dedicated methods by @sevdog in django-guardian/django-guardian#982

Bump the github-actions group with 2 updates by @dependabot[bot] in django-guardian/django-guardian#993

Remove a query in prefetch_perms() #813 by @jacobtylerwalls in django-guardian/django-guardian#991

Avoid external Actions badge in testing docs by @marko1olo in django-guardian/django-guardian#996

Bump version to 3.3.2 by @Natgho in django-guardian/django-guardian#997

New Contributors

@rgaiacs made their first contribution in django-guardian/django-guardian#973

@shamoon made their first contribution in django-guardian/django-guardian#980

@jacobtylerwalls made their first contribution in django-guardian/django-guardian#991

@marko1olo made their first contribution in django-guardian/django-guardian#996

Full Changelog: django-guardian/django-guardian@3.3.1...3.3.2

3.3.1

What's Changed

Improve managers typing and reduce code duplication by @sevdog in django-guardian/django-guardian#962

add dependabot configuration by @Natgho in django-guardian/django-guardian#964

Bump the github-actions group with 3 updates by @dependabot[bot] in django-guardian/django-guardian#965

Fix possible IndexError when trying to bulk-assign permissions by @sevdog in django-guardian/django-guardian#969

🤖 Update coverage badge to 97.8% by @github-actions[bot] in django-guardian/django-guardian#970

Fix indentation in code example by @jmwhitworth in django-guardian/django-guardian#971

Bump astral-sh/setup-uv from 5 to 7 in the github-actions group by @dependabot[bot] in django-guardian/django-guardian#975

release process section is added by @Natgho in django-guardian/django-guardian#977

429 document how to migrate from generic object permissions to direct foreign keys by @Natgho in django-guardian/django-guardian#978

Issue966 by @Natgho in django-guardian/django-guardian#976

minor version update by @Natgho in django-guardian/django-guardian#979

New Contributors

@jmwhitworth made their first contribution in django-guardian/django-guardian#971

Full Changelog: django-guardian/django-guardian@3.3.0...3.3.1

Commits

ad73590 Merge pull request #997 from django-guardian/3_3_2_version_bump
cb664c7 Bump version to 3.3.2
a23ab07 Merge pull request #996 from marko1olo/fix-rtd-testing-badge-fetch
6f400c4 Avoid external Actions badge in docs
9fde55e Merge pull request #991 from jacobtylerwalls/jtw/remove-query
cea2abf Merge branch 'main' into jtw/remove-query
fadf39b Merge pull request #993 from django-guardian/dependabot/github_actions/github...
dc370d0 Bump the github-actions group with 2 updates
3c4db78 Address review.
cd59107 Remove a query in prefetch_perms() #813
Additional commits viewable in compare view

Updates django-polymorphic from 4.11.2 to 4.11.5

Release notes

Sourced from django-polymorphic's releases.

v4.11.5

What's Changed

Zizmor fixes by @bckohan in django-commons/django-polymorphic#889

Add remaining tests for coverage by @bckohan in django-commons/django-polymorphic#876

fix: return first PolymorphicParentModelAdmin by @niltonpimentel02 in django-commons/django-polymorphic#894

Fix concurrency setting on reusable workflows by @bckohan in django-commons/django-polymorphic#900

Full Changelog: django-commons/django-polymorphic@v4.11.4...v4.11.5

v4.11.4

What's Changed

Bump the gha-updates group with 6 updates by @dependabot[bot] in django-commons/django-polymorphic#888

Bump urllib3 from 2.6.3 to 2.7.0 by @dependabot[bot] in django-commons/django-polymorphic#891

Bump idna from 3.13 to 3.15 by @dependabot[bot] in django-commons/django-polymorphic#892

🤖 Update Code of Conduct 🤖 by @github-actions[bot] in django-commons/django-polymorphic#897

fix pylint errors on all() and filter() by @bckohan in django-commons/django-polymorphic#899

Full Changelog: django-commons/django-polymorphic@v4.11.3...v4.11.4

v4.11.3

What's Changed

Bump requests from 2.32.5 to 2.33.0 by @dependabot[bot] in django-commons/django-polymorphic#877

Bump cryptography from 46.0.5 to 46.0.6 by @dependabot[bot] in django-commons/django-polymorphic#878

Bump pygments from 2.19.2 to 2.20.0 by @dependabot[bot] in django-commons/django-polymorphic#879

Bump pytest from 9.0.2 to 9.0.3 by @dependabot[bot] in django-commons/django-polymorphic#882

Bump cryptography from 46.0.6 to 46.0.7 by @dependabot[bot] in django-commons/django-polymorphic#881

Bump the gha-updates group with 7 updates by @dependabot[bot] in django-commons/django-polymorphic#880

jazzband -> django-commons updates by @bckohan in django-commons/django-polymorphic#883

🤖 Update Code of Conduct 🤖 by @github-actions[bot] in django-commons/django-polymorphic#884

upgrade lock file, upgrade type checking, cut release for django-commons by @bckohan in django-commons/django-polymorphic#885

move codecov from token to oidc by @bckohan in django-commons/django-polymorphic#886

fix release workflow by @bckohan in django-commons/django-polymorphic#887

New Contributors

@github-actions[bot] made their first contribution in django-commons/django-polymorphic#884

Full Changelog: django-commons/django-polymorphic@v4.11.2...v4.11.3

Commits

c60b16b Fix concurrency setting on reusable workflows
b72b987 add one additional test, update changelog, bump version
5a7fe54 Potential fix for pull request finding
ff11ac8 fix: return first PolymorphicParentModelAdmin
5b16d49 revert playwright browser install change, address review findings
47ebd5b fix tests
f76dbf6 add remaining tests for coverage
94415bd remove name on code cov upload
75607d5 format all workflows
387a4c1 pin docker images, add zizmor config
Additional commits viewable in compare view

Updates django-hijack from 3.7.6 to 3.7.8

Release notes

Sourced from django-hijack's releases.

3.7.8

What's Changed

Fix #823 -- Prevent stale request.user copy in hijack middleware by @M-Hassan-Raza in django-hijack/django-hijack#893

New Contributors

@M-Hassan-Raza made their first contribution in django-hijack/django-hijack#893

Full Changelog: django-hijack/django-hijack@3.7.7...3.7.8

3.7.7

What's Changed

Improve project link by @adamchainz in django-hijack/django-hijack#892

New Contributors

@adamchainz made their first contribution in django-hijack/django-hijack#892

Full Changelog: django-hijack/django-hijack@3.7.6...3.7.7

Commits

37ab9a2 Fix #823 -- Prevent stale request.user copy in hijack middleware (#893)
ba7a008 Bump ruff from 0.15.10 to 0.15.11
e65176c Bump ruff from 0.15.9 to 0.15.10
e1888e0 Bump ruff from 0.15.8 to 0.15.9
cc2fede Bump global-jsdom from 28.0.0 to 29.0.0
c33ac49 Bump jsdom from 28.1.0 to 29.0.1
416235f Bump codecov/codecov-action from 5 to 6
e53f7e5 Bump ruff from 0.15.7 to 0.15.8
b8b01cf Fix existing and all relevant project links
6cbc23a Bump ruff from 0.15.6 to 0.15.7
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the django group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [django](https://github.com/django/django) | `5.2.12` | `5.2.15` | | [django-allauth](https://github.com/sponsors/pennersr) | `65.14.3` | `65.18.0` | | [django-import-export](https://github.com/django-import-export/django-import-export) | `4.4.0` | `4.4.1` | | [django-parler](https://github.com/edoburu/django-parler) | `2.3` | `2.4` | | [django-lifecycle](https://github.com/rsinger86/django-lifecycle) | `1.2.7` | `1.3.0` | | [django-guardian](https://github.com/django-guardian/django-guardian) | `3.3.0` | `3.3.2` | | [django-polymorphic](https://github.com/django-commons/django-polymorphic) | `4.11.2` | `4.11.5` | | [django-hijack](https://github.com/django-hijack/django-hijack) | `3.7.6` | `3.7.8` | Updates `django` from 5.2.12 to 5.2.15 - [Commits](django/django@5.2.12...5.2.15) Updates `django-allauth` from 65.14.3 to 65.18.0 - [Commits](https://github.com/sponsors/pennersr/commits) Updates `django-import-export` from 4.4.0 to 4.4.1 - [Release notes](https://github.com/django-import-export/django-import-export/releases) - [Changelog](https://github.com/django-import-export/django-import-export/blob/main/docs/changelog.rst) - [Commits](django-import-export/django-import-export@4.4.0...4.4.1) Updates `django-parler` from 2.3 to 2.4 - [Release notes](https://github.com/edoburu/django-parler/releases) - [Changelog](https://github.com/django-parler/django-parler/blob/master/CHANGES.rst) - [Commits](django-parler/django-parler@v2.3...v2.4) Updates `django-lifecycle` from 1.2.7 to 1.3.0 - [Release notes](https://github.com/rsinger86/django-lifecycle/releases) - [Changelog](https://github.com/rsinger86/django-lifecycle/blob/master/CHANGELOG.md) - [Commits](rsinger86/django-lifecycle@1.2.7...1.3.0) Updates `django-guardian` from 3.3.0 to 3.3.2 - [Release notes](https://github.com/django-guardian/django-guardian/releases) - [Commits](django-guardian/django-guardian@3.3.0...3.3.2) Updates `django-polymorphic` from 4.11.2 to 4.11.5 - [Release notes](https://github.com/django-commons/django-polymorphic/releases) - [Commits](django-commons/django-polymorphic@v4.11.2...v4.11.5) Updates `django-hijack` from 3.7.6 to 3.7.8 - [Release notes](https://github.com/django-hijack/django-hijack/releases) - [Changelog](https://github.com/django-hijack/django-hijack/blob/master/docs/release-button.png) - [Commits](django-hijack/django-hijack@3.7.6...3.7.8) --- updated-dependencies: - dependency-name: django dependency-version: 5.2.15 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: django - dependency-name: django-allauth dependency-version: 65.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: django - dependency-name: django-import-export dependency-version: 4.4.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: django - dependency-name: django-parler dependency-version: '2.4' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: django - dependency-name: django-lifecycle dependency-version: 1.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: django - dependency-name: django-guardian dependency-version: 3.3.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: django - dependency-name: django-polymorphic dependency-version: 4.11.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: django - dependency-name: django-hijack dependency-version: 3.7.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: django ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-06-19T15:36:34Z

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

github-actions · 2026-06-19T15:36:47Z

👀 Manual Review Required

Reason: Requires manual review (critical package or major/minor update)

This dependency update requires manual review before merging.

Please:

Review the changelog
Check for breaking changes
Verify tests pass
Merge when ready

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps: bump the django group across 1 directory with 8 updates#79

deps: bump the django group across 1 directory with 8 updates#79
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/django-c5b3139de6

dependabot Bot commented on behalf of github Jun 19, 2026

Uh oh!

dependabot Bot commented on behalf of github Jun 19, 2026

Uh oh!

github-actions Bot commented Jun 19, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 19, 2026

4.4.1

4.4.1 (2026-05-05)

v2.4

What's Changed

New Contributors

Changes in 2.4 (2026-05-14)

1.3.0

What's Changed

1.3.0

3.3.2

What's Changed

New Contributors

3.3.1

What's Changed

New Contributors

v4.11.5

What's Changed

v4.11.4

What's Changed

v4.11.3

What's Changed

New Contributors

3.7.8

What's Changed

New Contributors

3.7.7

What's Changed

New Contributors

Uh oh!

dependabot Bot commented on behalf of github Jun 19, 2026

Labels

Uh oh!

github-actions Bot commented Jun 19, 2026

👀 Manual Review Required

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants