Bump the pip-backend-patch-minor group across 1 directory with 18 updates by dependabot[bot] · Pull Request #23 · Prekzursil/WebCoder

dependabot · 2026-03-30T05:16:10Z

Bumps the pip-backend-patch-minor group with 18 updates in the /backend directory:

Package	From	To
asgiref	`3.8.1`	`3.11.1`
billiard	`4.2.1`	`4.2.4`
celery	`5.5.3`	`5.6.3`
click	`8.2.1`	`8.3.1`
django	`5.2.1`	`5.2.12`
django-cors-headers	`4.4.0`	`4.9.0`
djangorestframework	`3.16.0`	`3.17.1`
djangorestframework-simplejwt	`5.5.0`	`5.5.1`
kombu	`5.5.4`	`5.6.2`
prompt-toolkit	`3.0.51`	`3.0.52`
psycopg2-binary	`2.9.10`	`2.9.11`
pyjwt	`2.9.0`	`2.12.1`
redis	`6.2.0`	`6.4.0`
sqlparse	`0.5.3`	`0.5.5`
tzdata	`2025.2`	`2025.3`
wcwidth	`0.2.13`	`0.6.0`
pytest	`8.3.2`	`8.4.2`
pytest-django	`4.8.0`	`4.12.0`

Updates asgiref from 3.8.1 to 3.11.1

Changelog

Sourced from asgiref's changelog.

3.11.1 (2026-02-03)
SECURITY FIX CVE-2025-14550: There was a potential DoS vector for users of the asgiref.wsgi.WsgiToAsgi adapter. Malicious requests, including an unreasonably large number of values for the same header, could lead to resource exhaustion when building the WSGI environment.

To mitigate this, the algorithm is changed to be more efficient, and WsgiToAsgi gains a new optional duplicate_header_limit parameter, which defaults to 100. This specifies the number of times a single header may be repeated before the request is rejected as malformed.

You may override duplicate_header_limit when configuring your application::
application = WsgiToAsgi(wsgi_app, duplicate_header_limit=200)
Set duplicate_header_limit=None if you wish to disable this check.
Fixed a regression in 3.11.0 in sync_to_async when wrapping a callable with an attribute named context. (#537)
3.11.0 (2025-11-19)

sync_to_async gains a context parameter, similar to those for asyncio.create_task, TaskGroup &co, that can be used on Python 3.11+ to control the context used by the underlying task.

The parent context is already propagated by default but the additional control is useful if multiple sync_to_async calls need to share the same context, e.g. when used with asyncio.gather().

3.10.0 (2025-10-05)

Added AsyncSingleThreadContext context manager to ensure multiple AsyncToSync invocations use the same thread. (#511)

3.9.2 (2025-09-23)

Adds support for Python 3.14.

Fixes wsgi.errors file descriptor in WsgiToAsgi adapter.

3.9.1 (2025-07-08)

Fixed deletion of Local values affecting other contexts. (#523)

... (truncated)

Commits

d97a733 Releasing 3.11.1.
a50968a CVE-2025-14550: Fixed duplicate header handling in WsgiToAsgi.
0fb85a4 Fixed sync_to_async wrapping callables with attribute named context.
2b28409 Updated Hypercorn homepage URL (#539)
b7b15b2 Releasing 3.11.0.
901ee4f Added a custom context parameter for the sync_to_async (#536)
2138f03 Fixed typo in test file comment.
f587b12 Releasing 3.10.0.
b08087c Added AsyncSingleThreadContext (#511)
3471a0c Releasing 3.9.2
Additional commits viewable in compare view

Updates billiard from 4.2.1 to 4.2.4

Release notes

Sourced from billiard's releases.

v4.2.4

What's Changed

Eliminate usage of 'return' in 'finally' blocks by @torarvid in celery/billiard#438

Prepare for release: v4.2.4 by @Nusnus in celery/billiard#439

New Contributors

@torarvid made their first contribution in celery/billiard#438

Full Changelog: celery/billiard@v4.2.3...v4.2.4

v4.2.3

What's Changed

Ensure that task results are delivered during pool shutdown by @weetster in celery/billiard#435

Prepare for release: v4.2.3 by @Nusnus in celery/billiard#436

New Contributors

@weetster made their first contribution in celery/billiard#435

Full Changelog: celery/billiard@v4.2.2...v4.2.3

v4.2.2

What's Changed

Add codespell support (config, workflow to detect/not fix) and make it fix few typos by @yarikoptic in celery/billiard#416

initial python 3.13 support by @auvipy in celery/billiard#421

Copy code.co_qualname on Python >= 3.11 by @cjwatson in celery/billiard#423

Added DeepWiki to README by @Nusnus in celery/billiard#424

Fix the failing pre-commit.ci job by @cclauss in celery/billiard#429

GitHub Actions: Test on Python 3.14 release candidate 2 by @cclauss in celery/billiard#428

Keep GitHub Actions up to date with GitHub's Dependabot by @cclauss in celery/billiard#430

Bump the github-actions group with 2 updates by @dependabot[bot] in celery/billiard#431

Prepare for release: v4.2.2 by @Nusnus in celery/billiard#432

New Contributors

@yarikoptic made their first contribution in celery/billiard#416

@cjwatson made their first contribution in celery/billiard#423

@cclauss made their first contribution in celery/billiard#429

Full Changelog: celery/billiard@v4.2.1...v4.2.2

Changelog

Sourced from billiard's changelog.

4.2.4 - 2025-11-30

Eliminate usage of 'return' in 'finally' blocks (#438)

Prepare for release: v4.2.4 (#439)

4.2.3 - 2025-11-16

Ensure that task results are delivered during pool shutdown (#435)

Prepare for release: v4.2.3 (#436)

4.2.2 - 2025-09-20

Add codespell support (config, workflow to detect/not fix) and make it fix few typos

initial python 3.13 support

Copy code.co_qualname on Python >= 3.11

Added DeepWiki to README

Fix the failing pre-commit.ci job

GitHub Actions: Test on Python 3.14 release candidate 2

Keep GitHub Actions up to date with GitHub's Dependabot

Bump the github-actions group with 2 updates

Prepare for release: v4.2.2

Commits

69c2f29 Prepare for release: v4.2.4 (#439)
973c773 Eliminate usage of 'return' in 'finally' blocks (#438)
5115394 Bump actions/checkout from 5 to 6 in the github-actions group (#437)
e8f51d1 Prepare for release: v4.2.3 (#436)
8603172 Ensure that task results are delivered during pool shutdown (#435)
849a3e8 Bump github/codeql-action from 3 to 4 in the github-actions group
0642d2e Prepare for release: v4.2.2 (#432)
a954b74 Bump the github-actions group with 2 updates (#431)
57123cb Keep GitHub Actions up to date with GitHub's Dependabot (#430)
75d195c GitHub Actions: Test on Python 3.14 release candidate 2
Additional commits viewable in compare view

Updates celery from 5.5.3 to 5.6.3

Release notes

Sourced from celery's releases.

v5.6.3

What's Changed

Fix Django worker recursion bug + defensive checks for pool_cls.module by @maycuatroi1 in celery/celery#10048

Docs: Update user_preload_options example to use click. by @jorsyk in celery/celery#10056

Fix invalid configuration key "bootstrap_servers" in Kafka demo by @jorsyk in celery/celery#10060

Fix broken images on PyPI page by @Timour-Ilyas in celery/celery#10066

Remove broken reference. by @sueannioanis in celery/celery#10071

Removed --dist=loadscope from smoke tests by @Nusnus in celery/celery#10073

Docs: Clarify task_retry signal args may be None by @GangEunzzang in celery/celery#10076

Update example for Django by @sbc-khacnha in celery/celery#10081

Make tests compatible with pymongo >= 4.16 by @cjwatson in celery/celery#10074

fix: source install of cassandra-driver by @Izzette in celery/celery#10105

fix: register task cross-reference role in Sphinx extension by @veeceey in celery/celery#10100

fix: avoid cycle detection in native delayed delivery by @Izzette in celery/celery#10095

fix(asynpool): avoid AttributeError when proc lacks _sentinel_poll by @mriddle in celery/celery#10086

fix dusk_astronomical horizon sign (+18 -> -18) by @Mr-Neutr0n in celery/celery#10121

Fix/10106 onupdate col use lambda func by @ChickenBenny in celery/celery#10108

Fix warm shutdown RuntimeError with eventlet>=0.37.0 (#10083) by @ChickenBenny in celery/celery#10123

Fix 10109 db backend connection health by @ChickenBenny in celery/celery#10124

Database Backend filter unsupport sql engine arguments with nullpool #7355 by @ChickenBenny in celery/celery#10134

fix(beat): correct argument order in Service.reduce by @bysiber in celery/celery#10137

ci: declare explicit read-only token permissions in workflow jobs by @Rohan5commit in celery/celery#10139

chore: 'boto3to' to 'boto3 to' by @cuiweixie in celery/celery#10133

Database Backend: Add missing index on date_done (Fixes #10097) by @ChickenBenny in celery/celery#10098

docs: fix typo in CONTRIBUTING.rst by @Rohan5commit in celery/celery#10141

Refer to Flower / Prometheus for monitoring by @WilliamDEdwards in celery/celery#10140

docs: remove duplicated words in broker and routing docs by @Rohan5commit in celery/celery#10146

docs: fix stale version reference and grammar in README by @kelsonbrito50 in celery/celery#10145

docs: fix wording in Celery 5.3 worker pool notes by @Rohan5commit in celery/celery#10149

docs: fix duplicated wording in 3.1 changelog entry by @Rohan5commit in celery/celery#10152

docs: fix changelog typo in context manager wording by @Rohan5commit in celery/celery#10144

Fix/10096 worker fails to reconnect after redis failover by @ChickenBenny in celery/celery#10151

Improve on_after_finalize signal documentation by @Br1an67 in celery/celery#10155

Add non-commutative example to clarify partial arg ordering in canvas docs by @Br1an67 in celery/celery#10157

Remove redundant test_isa_mapping test (fixes #10077) by @daniel7an in celery/celery#10103

Upgrade pytest-celery to >=1.3.0 and adopt PYTEST_CELERY_PKG build arg by @Nusnus in celery/celery#10162

Remove deprecated args from redis get_connection call by @JaeHyuckSa in celery/celery#10036

Fix #6912 rpc backend reconnection error by @ChickenBenny in celery/celery#10179

Fix NameError with TYPE_CHECKING annotations on Python 3.14+ (PEP 649) by @drichardson in celery/celery#10165

docs: Add elaboration on prefetch multiplier settings (worker_prefetch_multiplier) and worker_eta_task_limit by @tsangwailam in celery/celery#10181

Fix O(K²) message bloat in a chain of chords by @Borzik in celery/celery#10171

Fix mock connection interfaces to prevent TypeError during exception handling by @ChickenBenny in celery/celery#10178

fix(trace): dispatch chain/callbacks on dedup fast-path for redelivered tasks by @aurangzaib048 in celery/celery#10159

Extract reconnect_on_error to BaseResultConsumer by @ChickenBenny in celery/celery#10189

pep 649 by @ericbuehl in celery/celery#10187

Fix#9722 friendly status errors for CLI by @ChickenBenny in celery/celery#10190

docs: clarify after_return behavior for retried tasks by @KianAnbarestani in celery/celery#10192

Add compression header to message protocol docs by @Br1an67 in celery/celery#10156

docs: fix duplicated word in bootsteps comment by @Rohan5commit in celery/celery#10153

Remove outdated autoreloader section from extending docs by @Br1an67 in celery/celery#10154

... (truncated)

Changelog

Sourced from celery's changelog.

5.6.3

:release-date: 2026-03-26 :release-by: Tomer Nosrati

What's Changed


- Fix Django worker recursion bug + defensive checks for pool_cls.__module__ ([#10048](https://github.com/celery/celery/issues/10048))
- Docs: Update user_preload_options example to use click. ([#10056](https://github.com/celery/celery/issues/10056))
- Fix invalid configuration key "bootstrap_servers" in Kafka demo ([#10060](https://github.com/celery/celery/issues/10060))
- Fix broken images on PyPI page ([#10066](https://github.com/celery/celery/issues/10066))
- Remove broken reference. ([#10071](https://github.com/celery/celery/issues/10071))
- Removed --dist=loadscope from smoke tests ([#10073](https://github.com/celery/celery/issues/10073))
- Docs: Clarify task_retry signal args may be None ([#10076](https://github.com/celery/celery/issues/10076))
- Update example for Django ([#10081](https://github.com/celery/celery/issues/10081))
- Make tests compatible with pymongo >= 4.16 ([#10074](https://github.com/celery/celery/issues/10074))
- fix: source install of cassandra-driver ([#10105](https://github.com/celery/celery/issues/10105))
- fix: register task cross-reference role in Sphinx extension ([#10100](https://github.com/celery/celery/issues/10100))
- fix: avoid cycle detection in native delayed delivery ([#10095](https://github.com/celery/celery/issues/10095))
- fix(asynpool): avoid AttributeError when proc lacks _sentinel_poll ([#10086](https://github.com/celery/celery/issues/10086))
- fix dusk_astronomical horizon sign (+18 -> -18) ([#10121](https://github.com/celery/celery/issues/10121))
- Fix/10106 onupdate col use lambda func ([#10108](https://github.com/celery/celery/issues/10108))
- Fix warm shutdown RuntimeError with eventlet>=0.37.0 ([#10083](https://github.com/celery/celery/issues/10083)) ([#10123](https://github.com/celery/celery/issues/10123))
- Fix 10109 db backend connection health ([#10124](https://github.com/celery/celery/issues/10124))
- Database Backend filter unsupport sql engine arguments with nullpool [#7355](https://github.com/celery/celery/issues/7355) ([#10134](https://github.com/celery/celery/issues/10134))
- fix(beat): correct argument order in Service.__reduce__ ([#10137](https://github.com/celery/celery/issues/10137))
- ci: declare explicit read-only token permissions in workflow jobs ([#10139](https://github.com/celery/celery/issues/10139))
- chore: 'boto3to' to 'boto3 to' ([#10133](https://github.com/celery/celery/issues/10133))
- Database Backend: Add missing index on date_done (Fixes [#10097](https://github.com/celery/celery/issues/10097)) ([#10098](https://github.com/celery/celery/issues/10098))
- docs: fix typo in CONTRIBUTING.rst ([#10141](https://github.com/celery/celery/issues/10141))
- Refer to Flower / Prometheus for monitoring ([#10140](https://github.com/celery/celery/issues/10140))
- docs: remove duplicated words in broker and routing docs ([#10146](https://github.com/celery/celery/issues/10146))
- docs: fix stale version reference and grammar in README ([#10145](https://github.com/celery/celery/issues/10145))
- docs: fix wording in Celery 5.3 worker pool notes ([#10149](https://github.com/celery/celery/issues/10149))
- docs: fix duplicated wording in 3.1 changelog entry ([#10152](https://github.com/celery/celery/issues/10152))
- docs: fix changelog typo in context manager wording ([#10144](https://github.com/celery/celery/issues/10144))
- Fix/10096 worker fails to reconnect after redis failover ([#10151](https://github.com/celery/celery/issues/10151))
- Improve on_after_finalize signal documentation ([#10155](https://github.com/celery/celery/issues/10155))
- Add non-commutative example to clarify partial arg ordering in canvas docs ([#10157](https://github.com/celery/celery/issues/10157))
- Remove redundant test_isa_mapping test (fixes [#10077](https://github.com/celery/celery/issues/10077)) ([#10103](https://github.com/celery/celery/issues/10103))
- Upgrade pytest-celery to >=1.3.0 and adopt PYTEST_CELERY_PKG build arg ([#10162](https://github.com/celery/celery/issues/10162))
- Remove deprecated args from redis get_connection call ([#10036](https://github.com/celery/celery/issues/10036))
- Fix [#6912](https://github.com/celery/celery/issues/6912) rpc backend reconnection error ([#10179](https://github.com/celery/celery/issues/10179))
- Fix NameError with TYPE_CHECKING annotations on Python 3.14+ (PEP 649) ([#10165](https://github.com/celery/celery/issues/10165))
- docs: Add elaboration on prefetch multiplier settings (worker_prefetch_multiplier) and worker_eta_task_limit ([#10181](https://github.com/celery/celery/issues/10181))
- Fix O(K²) message bloat in a chain of chords ([#10171](https://github.com/celery/celery/issues/10171))
- Fix mock connection interfaces to prevent `TypeError` during exception handling ([#10178](https://github.com/celery/celery/issues/10178))
- fix(trace): dispatch chain/callbacks on dedup fast-path for redelivered tasks ([#10159](https://github.com/celery/celery/issues/10159))
</tr></table>

... (truncated)

Commits

3f4d8d7 Prepare for release: v5.6.3 (#10221)
a989e8c fix: clear the timer while catch the exception (#10218)
d06de5f Chore(deps): Bump nick-fields/retry from 3 to 4 (#10213)
c3c19c3 Fix: prioritize request ignore_result over task definition (#10184)
d23be53 Remove outdated autoreloader section from extending docs (#10154)
ada2da7 docs: fix duplicated word in bootsteps comment\n\nSigned-off-by: Rohan Santho...
f45f62b Add compression header to message protocol docs (#10156)
9a27092 docs: clarify after_return behavior for retried tasks (#10192)
6ee6230 Fix#9722 friendly status errors for CLI (#10190)
a9a2d4c [pre-commit.ci] pre-commit autoupdate (#10186)
Additional commits viewable in compare view

Updates click from 8.2.1 to 8.3.1

Release notes

Sourced from click's releases.

8.3.1

This is the Click 8.3.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.3.1/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-1 Milestone: https://github.com/pallets/click/milestone/28

Don't discard pager arguments by correctly using subprocess.Popen. #3039 #3055

Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. #3066 #3065 #3068

Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. #3071 #3079

Fix rendering when prompt and confirm parameter prompt_suffix is empty. #3019 #3021

When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. #3069 #3090

Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. #3136 #3137

8.3.0

This is the Click 8.3.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.

We encourage everyone to upgrade. You can read more about our Version Support Policy on our website.

PyPI: https://pypi.org/project/click/8.3.0/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-0 Milestone https://github.com/pallets/click/milestone/27

Improved flag option handling: Reworked the relationship between flag_value and default parameters for better consistency:

The default parameter value is now preserved as-is and passed directly to CLI functions (no more unexpected transformations)

Exception: flag options with default=True maintain backward compatibility by defaulting to their flag_value

The default parameter can now be any type (bool, None, etc.)

Fixes inconsistencies reported in: #1992 #2514 #2610 #3024 #3030

Allow default to be set on Argument for nargs = -1. #2164 #3030

Show correct auto complete value for nargs option in combination with flag option #2813

Show correct auto complete value for nargs option in combination with flag option #2813

Fix handling of quoted and escaped parameters in Fish autocompletion. #2995 #3013

Lazily import shutil. #3023

Properly forward exception information to resources registered with click.core.Context.with_resource(). #2447 #3058

Fix regression related to EOF handling in CliRunner. #2939 #2940

8.2.2

This is the Click 8.2.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.2.2/

... (truncated)

Changelog

Sourced from click's changelog.

Version 8.3.1

Released 2025-11-15

Don't discard pager arguments by correctly using subprocess.Popen. :issue:3039 :pr:3055

Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. :issue:3066 :issue:3065 :pr:3068

Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. :issue:3071 :pr:3079

Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. :issue:3136 :pr:3137

Fix rendering when prompt and confirm parameter prompt_suffix is empty. :issue:3019 :pr:3021

When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. :issue:3069 :pr:3090

Version 8.3.0

Released 2025-09-17

Improved flag option handling: Reworked the relationship between flag_value and default parameters for better consistency:

The default parameter value is now preserved as-is and passed directly to CLI functions (no more unexpected transformations)

Exception: flag options with default=True maintain backward compatibility by defaulting to their flag_value

The default parameter can now be any type (bool, None, etc.)

Fixes inconsistencies reported in: :issue:1992 :issue:2514 :issue:2610 :issue:3024 :pr:3030

Allow default to be set on Argument for nargs = -1. :issue:2164 :pr:3030

Show correct auto complete value for nargs option in combination with flag option :issue:2813

Fix handling of quoted and escaped parameters in Fish autocompletion. :issue:2995 :pr:3013

Lazily import shutil. :pr:3023

Properly forward exception information to resources registered with click.core.Context.with_resource(). :issue:2447 :pr:3058

Fix regression related to EOF handling in CliRunner. :issue:2939 :pr:2940

Version 8.2.2

Released 2025-07-31

Fix reconciliation of default, flag_value and type parameters for flag options, as well as parsing and normalization of environment variables.

... (truncated)

Commits

1d038f2 release version 8.3.1
03f3889 Fix Ruff UP038 warning (#3141)
3867781 Fix Ruff UP038 warning
b91bb95 Provide altered context to callbacks to hide UNSET values as None (#3137)
437e1e3 Temporarily provide a fake context to the callback to hide UNSET values as ...
ea70da4 Don't test using a file in docs/ (#3102)
e27b307 Make uv run --all-extras pyright --verifytypes click pass (#3072)
a92c573 Fix test_edit to work with BSD sed (#3129)
bd131e1 Fix test_edit to work with BSD sed
0b5c6b7 Add Best practices section (#3127)
Additional commits viewable in compare view

Updates django from 5.2.1 to 5.2.12

Commits

4f382ca [5.2.x] Bumped version for 5.2.12 release.
b07ed2a [5.2.x] Fixed CVE-2026-25674 -- Prevented potentially incorrect permissions o...
4d3c184 [5.2.x] Fixed CVE-2026-25673 -- Simplified URLField scheme detection.
94e7f17 [5.2.x] Refs #36944 -- Added missing versionchanged annotation for MAX_LENGTH...
951fe8b [5.2.x] Pinned black == 25.12.0 for black docs checks and ensured they pass.
1db60ed [5.2.x] Aligned docs checks between GitHub Actions and local development.
703777c [5.2.x] Fixed #36944 -- Removed MAX_LENGTH_HTML and related 5M chars limit re...
a73eed2 [5.2.x] Pinned black == 25.12.0 in GitHub actions, pre-commit and test requir...
490e495 [5.2.x] Bumped minimum isort version to 7.0.0.
2bc009b [5.2.x] Added stub release notes and release date for 5.2.12 and 4.2.29.
Additional commits viewable in compare view

Updates django-cors-headers from 4.4.0 to 4.9.0

Changelog

Sourced from django-cors-headers's changelog.

4.9.0 (2025-09-18)

Support Django 6.0.

4.8.0 (2025-09-08)

Support Python 3.14.

4.7.0 (2025-02-06)

Support Django 5.2.

4.6.0 (2024-10-29)

Drop Django 3.2 to 4.1 support.

4.5.0 (2024-10-12)

Drop Python 3.8 support.

Support Python 3.13.

Commits

a3a3ad2 Version 4.9.0
2f5a94b Correct testing of Django 6.0 (#1015)
4356514 Support Django 6.0 (#1014)
eeaa041 Version 4.8.0
b760e4d Support Python 3.14 (#1013)
bf6abfb [pre-commit.ci] pre-commit autoupdate (#1012)
5d0c651 Upgrade dependencies (#1011)
873fd5f Use uvx to run tox on GitHub Actions (#1010)
f8aa330 [pre-commit.ci] pre-commit autoupdate (#1009)
b04460f [pre-commit.ci] pre-commit autoupdate (#1008)
Additional commits viewable in compare view

Updates djangorestframework from 3.16.0 to 3.17.1

Release notes

Sourced from djangorestframework's releases.

3.17.1

What's Changed

Bug fixes

Fix HTMLFormRenderer with empty datetime values by @p-r-a-v-i-n in encode/django-rest-framework#9928

Full Changelog: encode/django-rest-framework@3.17.0...3.17.1

3.17.0

What's Changed

Breaking changes

Drop support for Python 3.9 by @auvipy in encode/django-rest-framework#9781

Drop deprecated coreapi support by @browniebroke in encode/django-rest-framework#9895

Features

Add ability to specify output format for DurationField by @sevdog in encode/django-rest-framework#8532

Add missing decorators: @versioning_class(), @content_negotiation_class(), @metadata_class() for function-based views by @qqii in encode/django-rest-framework#9719

Add support for Python 3.14 by @cclauss in encode/django-rest-framework#9780

Support violation_error_code and violation_error_message from UniqueConstraint in UniqueTogetherValidator by @s-aleshin in encode/django-rest-framework#9766

Add support for ipaddress objects in JSONEncoder by @corenting in encode/django-rest-framework#9087

Add optional support to serialize BigInteger to string by @HoodyH in encode/django-rest-framework#9775

Add Django 6.0 support by @MehrazRumman in encode/django-rest-framework#9819

Bug fixes

Prevent small risk of Token overwrite by @mahdirahimi1999 in encode/django-rest-framework#9754

Fix UniqueTogetherValidator validation when condition references a read-only field by @ticosax in encode/django-rest-framework#9764

Fix validation on many to many field when default=None by @Genarito in encode/django-rest-framework#9790

Fix invalid SPDX license expression in __init__.py by @TheFunctionalGuy in encode/django-rest-framework#9799

Fix HTMLFormRenderer to ensure a valid datetime-local format by @mgaligniana in encode/django-rest-framework#9365

Fix mutable default arguments in OrderingFilter methods by @killerdevildog in encode/django-rest-framework#9742

Update TokenAdmin to respect USERNAME_FIELD of the user model by @m000 in encode/django-rest-framework#9836

Preserve ordering in MultipleChoiceField by @fbozhang in encode/django-rest-framework#9735

Translations

Update French translation by @SebCorbin in encode/django-rest-framework#9770

Update Brazilian Portuguese translations by @JVPinheiroReis in encode/django-rest-framework#9828

Fix and improve French translations by @deronnax in encode/django-rest-framework#9896

Add missing Russian translation by @minorytanaka in encode/django-rest-framework#9903

Packaging

Migrate packaging to pyproject.toml by @deronnax in encode/django-rest-framework#9056

Move package data rules from MANIFEST.in to pyproject.toml by @p-r-a-v-i-n in encode/django-rest-framework#9825

Set up release workflow with trusted publisher by @browniebroke in encode/django-rest-framework#9852

Other changes

Refactor token generation to use the secrets module by @mahdirahimi1999 in encode/django-rest-framework#9760

Add validation for decorator out-of-order with @api_view by @kernelshard in encode/django-rest-framework#9821

Switch to mkdocs material theme for documentation by @browniebroke in encode/django-rest-framework#9849

New Contributors

@khaledsukkar2 made their first contribution in encode/django-rest-framework#9717

... (truncated)

Commits

22e231c Prepare bug fix release 3.17.1 (#9931)
8e99b53 Add condition to skip pushed tags from forks (#9924)
c0407de Fix HTMLFormRenderer with empty datetime values (#9928)
30d58a7 Fix the book sizing in the documentation (#9926)
6f03b79 Tweak order of changes in release notes
021ab56 Bump version and update release notes for 3.17.0 (#9921)
19ebad7 Bump mkdocs-material[imaging] from 9.7.4 to 9.7.5 (#9923)
f222c55 Correct requires-python key in pyproject.toml
7e7de6f Remove code fences from release checklist
c599d30 Update release process
Additional commits viewable in compare view

Updates djangorestframework-simplejwt from 5.5.0 to 5.5.1

Release notes

Sourced from djangorestframework-simplejwt's releases.

v5.5.1

5.5.1

Missing Migration for rest_framework_simplejwt.token_blacklist app. A previously missing migration (0013_blacklist) has now been added. This issue arose because the migration file was mistakenly not generated earlier. This migration was never part of an official release, but users following the latest master branch may have encountered it.

Notes for Users If you previously ran makemigrations in production and have a 0013_blacklist migration in your django_migrations table, follow these steps before upgrading:

Roll back to the last known migration:
python manage.py migrate rest_framework_simplejwt.token_blacklist 0012
Upgrade djangorestframework-simplejwt to the latest version.

Apply the migrations correctly:
python manage.py migrate
Important: If other migrations depend on 0013_blacklist, be cautious when removing it. You may need to adjust or regenerate dependent migrations to ensure database integrity.

fix: add missing migration for token_blacklist app by @juanbailon in jazzband/djangorestframework-simplejwt#894

🌐 Fix typos and improve clarity in es_AR translations by @fabianfalon in jazzband/djangorestframework-simplejwt#876

docs: Add warning in docs for for_user usage by @vgrozdanic in jazzband/djangorestframework-simplejwt#872

feat: log warning if token is being created for inactive user by @vgrozdanic in jazzband/djangorestframework-simplejwt#873

ref: full tracebacks on exceptions by @vgrozdanic in jazzband/djangorestframework-simplejwt#...
Description has been truncated

dependabot · 2026-03-30T05:16:11Z

Labels

The following labels could not be found: area:ci, type:chore. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

chatgpt-codex-connector · 2026-03-30T05:16:16Z

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

Bumps the pip-backend-patch-minor group in /backend with 18 updates: | Package | From | To | | --- | --- | --- | | [asgiref](https://github.com/django/asgiref) | `3.8.1` | `3.11.1` | | [billiard](https://github.com/celery/billiard) | `4.2.1` | `4.2.4` | | [celery](https://github.com/celery/celery) | `5.5.3` | `5.6.3` | | [click](https://github.com/pallets/click) | `8.2.1` | `8.3.1` | | [django](https://github.com/django/django) | `5.2.1` | `5.2.12` | | [django-cors-headers](https://github.com/adamchainz/django-cors-headers) | `4.4.0` | `4.9.0` | | [djangorestframework](https://github.com/encode/django-rest-framework) | `3.16.0` | `3.17.1` | | [djangorestframework-simplejwt](https://github.com/jazzband/djangorestframework-simplejwt) | `5.5.0` | `5.5.1` | | [kombu](https://github.com/celery/kombu) | `5.5.4` | `5.6.2` | | [prompt-toolkit](https://github.com/prompt-toolkit/python-prompt-toolkit) | `3.0.51` | `3.0.52` | | [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.10` | `2.9.11` | | [pyjwt](https://github.com/jpadilla/pyjwt) | `2.9.0` | `2.12.1` | | [redis](https://github.com/redis/redis-py) | `6.2.0` | `6.4.0` | | [sqlparse](https://github.com/andialbrecht/sqlparse) | `0.5.3` | `0.5.5` | | [tzdata](https://github.com/python/tzdata) | `2025.2` | `2025.3` | | [wcwidth](https://github.com/jquast/wcwidth) | `0.2.13` | `0.6.0` | | [pytest](https://github.com/pytest-dev/pytest) | `8.3.2` | `8.4.2` | | [pytest-django](https://github.com/pytest-dev/pytest-django) | `4.8.0` | `4.12.0` | Updates `asgiref` from 3.8.1 to 3.11.1 - [Changelog](https://github.com/django/asgiref/blob/main/CHANGELOG.txt) - [Commits](django/asgiref@3.8.1...3.11.1) Updates `billiard` from 4.2.1 to 4.2.4 - [Release notes](https://github.com/celery/billiard/releases) - [Changelog](https://github.com/celery/billiard/blob/main/CHANGES.txt) - [Commits](celery/billiard@v4.2.1...v4.2.4) Updates `celery` from 5.5.3 to 5.6.3 - [Release notes](https://github.com/celery/celery/releases) - [Changelog](https://github.com/celery/celery/blob/v5.6.3/Changelog.rst) - [Commits](celery/celery@v5.5.3...v5.6.3) Updates `click` from 8.2.1 to 8.3.1 - [Release notes](https://github.com/pallets/click/releases) - [Changelog](https://github.com/pallets/click/blob/main/CHANGES.rst) - [Commits](pallets/click@8.2.1...8.3.1) Updates `django` from 5.2.1 to 5.2.12 - [Commits](django/django@5.2.1...5.2.12) Updates `django-cors-headers` from 4.4.0 to 4.9.0 - [Changelog](https://github.com/adamchainz/django-cors-headers/blob/main/CHANGELOG.rst) - [Commits](adamchainz/django-cors-headers@4.4.0...4.9.0) Updates `djangorestframework` from 3.16.0 to 3.17.1 - [Release notes](https://github.com/encode/django-rest-framework/releases) - [Commits](encode/django-rest-framework@3.16.0...3.17.1) Updates `djangorestframework-simplejwt` from 5.5.0 to 5.5.1 - [Release notes](https://github.com/jazzband/djangorestframework-simplejwt/releases) - [Changelog](https://github.com/jazzband/djangorestframework-simplejwt/blob/master/CHANGELOG.md) - [Commits](jazzband/djangorestframework-simplejwt@v5.5.0...v5.5.1) Updates `kombu` from 5.5.4 to 5.6.2 - [Release notes](https://github.com/celery/kombu/releases) - [Changelog](https://github.com/celery/kombu/blob/main/Changelog.rst) - [Commits](celery/kombu@v5.5.4...v5.6.2) Updates `prompt-toolkit` from 3.0.51 to 3.0.52 - [Release notes](https://github.com/prompt-toolkit/python-prompt-toolkit/releases) - [Changelog](https://github.com/prompt-toolkit/python-prompt-toolkit/blob/main/CHANGELOG) - [Commits](prompt-toolkit/python-prompt-toolkit@3.0.51...3.0.52) Updates `psycopg2-binary` from 2.9.10 to 2.9.11 - [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS) - [Commits](psycopg/psycopg2@2.9.10...2.9.11) Updates `pyjwt` from 2.9.0 to 2.12.1 - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](jpadilla/pyjwt@2.9.0...2.12.1) Updates `redis` from 6.2.0 to 6.4.0 - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](redis/redis-py@v6.2.0...v6.4.0) Updates `sqlparse` from 0.5.3 to 0.5.5 - [Changelog](https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG) - [Commits](andialbrecht/sqlparse@0.5.3...0.5.5) Updates `tzdata` from 2025.2 to 2025.3 - [Release notes](https://github.com/python/tzdata/releases) - [Changelog](https://github.com/python/tzdata/blob/master/NEWS.md) - [Commits](python/tzdata@2025.2...2025.3) Updates `wcwidth` from 0.2.13 to 0.6.0 - [Release notes](https://github.com/jquast/wcwidth/releases) - [Commits](jquast/wcwidth@0.2.13...0.6.0) Updates `pytest` from 8.3.2 to 8.4.2 - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@8.3.2...8.4.2) Updates `pytest-django` from 4.8.0 to 4.12.0 - [Release notes](https://github.com/pytest-dev/pytest-django/releases) - [Changelog](https://github.com/pytest-dev/pytest-django/blob/main/docs/changelog.rst) - [Commits](pytest-dev/pytest-django@v4.8.0...v4.12.0) --- updated-dependencies: - dependency-name: asgiref dependency-version: 3.11.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip-backend-patch-minor - dependency-name: billiard dependency-version: 4.2.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: pip-backend-patch-minor - dependency-name: celery dependency-version: 5.6.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip-backend-patch-minor - dependency-name: click dependency-version: 8.3.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip-backend-patch-minor - dependency-name: django dependency-version: 5.2.12 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: pip-backend-patch-minor - dependency-name: django-cors-headers dependency-version: 4.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip-backend-patch-minor - dependency-name: djangorestframework dependency-version: 3.17.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip-backend-patch-minor - dependency-name: djangorestframework-simplejwt dependency-version: 5.5.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: pip-backend-patch-minor - dependency-name: kombu dependency-version: 5.6.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip-backend-patch-minor - dependency-name: prompt-toolkit dependency-version: 3.0.52 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: pip-backend-patch-minor - dependency-name: psycopg2-binary dependency-version: 2.9.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: pip-backend-patch-minor - dependency-name: pyjwt dependency-version: 2.12.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip-backend-patch-minor - dependency-name: redis dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip-backend-patch-minor - dependency-name: sqlparse dependency-version: 0.5.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: pip-backend-patch-minor - dependency-name: tzdata dependency-version: '2025.3' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip-backend-patch-minor - dependency-name: wcwidth dependency-version: 0.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip-backend-patch-minor - dependency-name: pytest dependency-version: 8.4.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip-backend-patch-minor - dependency-name: pytest-django dependency-version: 4.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: pip-backend-patch-minor ... Signed-off-by: dependabot[bot] <support@github.com>

sonarqubecloud · 2026-03-30T23:03:19Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

dependabot Bot added the dependencies Pull requests that update a dependency file label Mar 30, 2026

dependabot Bot changed the title ~~Bump the pip-backend-patch-minor group in /backend with 18 updates~~ Bump the pip-backend-patch-minor group across 1 directory with 18 updates Mar 30, 2026

dependabot Bot force-pushed the dependabot/pip/backend/pip-backend-patch-minor-b19dd0be8b branch from 9be5f17 to d427780 Compare March 30, 2026 23:02

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the pip-backend-patch-minor group across 1 directory with 18 updates#23

Bump the pip-backend-patch-minor group across 1 directory with 18 updates#23
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/backend/pip-backend-patch-minor-b19dd0be8b

dependabot Bot commented on behalf of github Mar 30, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Mar 30, 2026

Uh oh!

chatgpt-codex-connector Bot commented Mar 30, 2026

Uh oh!

sonarqubecloud Bot commented Mar 30, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Mar 30, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

3.11.1 (2026-02-03)

3.11.0 (2025-11-19)

3.10.0 (2025-10-05)

3.9.2 (2025-09-23)

3.9.1 (2025-07-08)

v4.2.4

What's Changed

New Contributors

v4.2.3

What's Changed

New Contributors

v4.2.2

What's Changed

New Contributors

4.2.4 - 2025-11-30

4.2.3 - 2025-11-16

4.2.2 - 2025-09-20

v5.6.3

What's Changed

5.6.3

8.3.1

8.3.0

8.2.2

Version 8.3.1

Version 8.3.0

Version 8.2.2

4.9.0 (2025-09-18)

4.8.0 (2025-09-08)

4.7.0 (2025-02-06)

4.6.0 (2024-10-29)

4.5.0 (2024-10-12)

3.17.1

What's Changed

Bug fixes

3.17.0

What's Changed

Breaking changes

Features

Bug fixes

Translations

Packaging

Other changes

New Contributors

v5.5.1

5.5.1

Uh oh!

dependabot Bot commented on behalf of github Mar 30, 2026

Labels

Uh oh!

chatgpt-codex-connector Bot commented Mar 30, 2026

Uh oh!

sonarqubecloud Bot commented Mar 30, 2026

Quality Gate passed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Mar 30, 2026 •

edited

Loading