chore(deps): bump the python-dependencies group with 29 updates by dependabot[bot] · Pull Request #668 · TreyWW/MyFinances

dependabot · 2026-05-10T00:21:20Z

Bumps the python-dependencies group with 29 updates:

Package	From	To
bleach	`6.1.0`	`6.3.0`
boto3	`1.34.76`	`1.43.6`
django-storages	`1.14.2`	`1.14.6`
pillow	`12.1.1`	`12.2.0`
django	`5.2.12`	`5.2.14`
djangorestframework	`3.16.1`	`3.17.1`
mypy	`1.18.2`	`1.19.1`
djangorestframework-stubs	`3.16.8`	`3.16.9`
grpcio	`1.78.0`	`1.80.0`
typos	`1.44.0`	`1.46.1`
pulumi-aws	`6.83.2`	`6.83.3`
types-python-dateutil	`2.9.0.20260305`	`2.9.0.20260508`
types-markdown	`3.10.2.20260211`	`3.10.2.20260508`
types-pygments	`2.19.0.20251121`	`2.20.0.20260508`
types-psycopg2	`2.9.21.20260223`	`2.9.21.20260509`
types-pycurl	`7.45.7.20251101`	`7.46.0.20260509`
types-six	`1.17.0.20251009`	`1.17.0.20260408`
social-auth-app-django	`5.6.0`	`5.9.0`
django-environ	`0.11.2`	`0.13.0`
python-dateutil	`2.9.0`	`2.9.0.post0`
django-htmx	`1.17.3`	`1.27.0`
django-markdownify	`0.9.3`	`0.9.6`
model-bakery	`1.17.0`	`1.23.4`
mkdocs-material	`9.7.4`	`9.7.6`
mysqlclient	`2.2.0`	`2.2.8`
mariadb	`1.1.8`	`1.1.14`
psycopg2-binary	`2.9.11`	`2.9.12`
coverage	`7.13.4`	`7.13.5`
bump-my-version	`0.19.3`	`0.33.0`

Updates bleach from 6.1.0 to 6.3.0

Changelog

Sourced from bleach's changelog.

Version 6.3.0 (October 27th, 2025)

Backwards incompatible changes

Dropped support for Python 3.9. (#756)

Security fixes

None

Bug fixes

Add support for Python 3.14. (#758)

Fix wbr handling. (#488)

Version 6.2.0 (October 29th, 2024)

Backwards incompatible changes

Dropped support for Python 3.8. (#737)

Security fixes

None

Bug fixes

Add support for Python 3.13. (#736)

Remove six depdenncy. (#618)

Update known-good versions for tinycss2. (#732)

Fix additional < followed by characters and EOF issues. (#728)

Commits

5546d5d chore: prep for 6.3.0 release
88df3ff chore: fix readthedocs
d8b2fb4 fix: fix wbr handling (#488)
55e48ce chore: add support for Python 3.14 (#758)
a4d6cdd chore: drop support for Python 3.9 (#756)
172d92f Bump actions/setup-python from 5.6.0 to 6.0.0
df88612 Bump actions/checkout from 4.2.2 to 5.0.0
cbcf6b1 Bump actions/cache from 4.2.3 to 4.3.0
d9aa7ef Switch from dependabot reviewers to CODEOWNERS
06f0f76 Update setuptools, wheel, and twine for devs
Additional commits viewable in compare view

Updates boto3 from 1.34.76 to 1.43.6

Commits

f2ccf9f Merge branch 'release-1.43.6'
ffb5712 Bumping version to 1.43.6
cc7756a Add changelog entries from botocore
500f6a7 Merge branch 'release-1.43.5'
05f5628 Merge branch 'release-1.43.5' into develop
65d9798 Bumping version to 1.43.5
357614a Add changelog entries from botocore
5128f23 Bump https://github.com/astral-sh/ruff-pre-commit (#4785)
96f1897 Merge branch 'release-1.43.4'
91de1d8 Merge branch 'release-1.43.4' into develop
Additional commits viewable in compare view

Updates django-storages from 1.14.2 to 1.14.6

Changelog

Sourced from django-storages's changelog.

1.14.6 (2025-04-01)

Google Cloud

Add option to sign URLs via IAM Blob API ([#1427](https://github.com/jschneier/django-storages/issues/1427)_)

S3

Fix exists calls when using SSE-C ([#1451](https://github.com/jschneier/django-storages/issues/1451)_)

Default url_protocol to https: if set to None ([#1483](https://github.com/jschneier/django-storages/issues/1483)_)

.. _#1427: jschneier/django-storages#1427 .. _#1451: jschneier/django-storages#1451 .. _#1483: jschneier/django-storages#1483

1.14.5 (2025-02-15)

General

Revert exists() behavior to pre-1.14.4 semantics with additional hardening for Django versions < 4.2 to fix CVE-2024-39330. This change matches the eventual behavior Django itself shipped with. ([#1484](https://github.com/jschneier/django-storages/issues/1484), [#1486](https://github.com/jschneier/django-storages/issues/1486))

Add support for Django 5.1 ([#1444](https://github.com/jschneier/django-storages/issues/1444)_)

Azure

Deprecated: The setting AZURE_API_VERSION/api_version setting is deprecated in favor of the new AZURE_CLIENT_OPTIONS setting. A future version will remove support for this setting.

Add AZURE_CLIENT_OPTIONS settings to enable customization of all BlobServiceClient parameters such as api_version and all retry* options. ([#1432](https://github.com/jschneier/django-storages/issues/1432)_)

Dropbox

As part of the above hardening fix a bug was uncovered whereby a root_path setting would be applied multiple times during save() ([#1484](https://github.com/jschneier/django-storages/issues/1484)_)

Fix setting OAuth2 access token via env var ([#1452](https://github.com/jschneier/django-storages/issues/1452)_)

FTP

Fix incorrect exists() results due to an errant appended slash ([#1438](https://github.com/jschneier/django-storages/issues/1438)_)

Google Cloud

... (truncated)

Commits

3658c3d Bump version for release (#1497)
d51b0bf Release version 1.14.6 (#1496)
6ef553d [s3] Default url_protocol to https: if set to None (#1483)
80031d3 [docs/azure] Fix broken link (#1492)
8363be3 [s3] Pass object parameters to head_object in exists (#1451)
aa8a82e [docs/gcloud] Clean-up querystring auth language (#1489)
758ad6f [gcloud] Add option to sign URLs via IAM Blob API (#1427)
03566dc Add missing CHANGELOG entry for Dropbox fix (#1488)
3c0fe9f Release version 1.14.5 (#1487)
5db357a Apply additional validation in overwrite path (#1486)
Additional commits viewable in compare view

Updates pillow from 12.1.1 to 12.2.0

Release notes

Sourced from pillow's releases.

12.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html

Documentation

Update 12.2.0 release notes #9522 [@hugovk]

Add loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm #9482 [@bitplane]

Update Python versions #9515 [@radarhere]

Jeffrey A. Clark -> Jeffrey 'Alex' Clark #9513 [@aclark4life]

Add release notes for #9394, #9419 and #9456 #9467 [@radarhere]

Add Amiga Workbench .info loader to 3rd party plugins list #9459 [@bitplane]

Merge PFM documentation into PPM #9434 [@radarhere]

Update macOS tested Pillow versions #9431 [@radarhere]

Fix CVE number #9430 [@hugovk]

Dependencies

Update xz to 5.8.3 #9523 [@radarhere]

Update libjpeg-turbo to 3.1.4.1 #9507 [@radarhere]

Update libpng to 1.6.56 #9499 [@radarhere]

Update freetype to 2.14.3 #9485 [@radarhere]

Updated libavif to 1.4.1 #9479 [@radarhere]

Updated harfbuzz to 13.2.1 #9461 [@radarhere]

Update Ghostscript to 10.7.0 #9469 [@radarhere]

Update harfbuzz to 13.0.1 #9453 [@radarhere]

Update libavif to 1.4.0 #9460 [@radarhere]

Update freetype to 2.14.2 #9449 [@radarhere]

Update actions/download-artifact action to v8 #9451 [@renovate[bot]]

Updated libpng to 1.6.55 #9425 [@radarhere]

Testing

Cleanup .spider extension in the same test where it is added #9517 [@radarhere]

Run tests in parallel via tox for 3.5x speedup #9516 [@hugovk]

Enable colour in CI logs #9486 [@hugovk]

Update Ghostscript to 10.7.0 #9469 [@radarhere]

Simplify TGA test code #9477 [@radarhere]

Update tests to check for ValueError when encoding an empty image #9464 [@radarhere]

Upgrade CI from macos-15-intel to macos-26-intel #9454 [@hugovk]

Add check-case-conflict hook #9446 [@radarhere]

Specify platform when pulling docker image #9440 [@radarhere]

GHA: Cache libavif and webp builds for Ubuntu #9437 [@hugovk]

Update macOS tested Pillow versions #9431 [@radarhere]

Other changes

Check calloc return value #9527 [@radarhere]

Check all allocs in the Arrow tree #9488 [@wiredfool]

Reject non-numeric elements inside list coords #9526 [@hugovk]

Move variable declaration inside define #9525 [@radarhere]

... (truncated)

Commits

3c41c09 12.2.0 version bump
cdaa29e Check calloc return value (#9527)
585b2f5 Check calloc return value
ecf011e Check all allocs in the Arrow tree (#9488)
cf6de8c Reject non-numeric elements inside list coords (#9526)
ffdcede Update 12.2.0 release notes (#9522)
7929d77 Added security release notes (#149)
c4f7aa5 Added security release notes
22cdb5f Move variable declaration inside define (#9525)
fc15b3b Resize tall images vertically first (#9524)
Additional commits viewable in compare view

Updates django from 5.2.12 to 5.2.14

Commits

024c26b [5.2.x] Bumped version for 5.2.14 release.
2115d4e [5.2.x] Fixed CVE-2026-6907 -- Prevented caching of requests when Vary header...
47cf968 [5.2.x] Fixed CVE-2026-35192 -- Ensured Vary header is sent when setting sess...
2ec27ed [5.2.x] Fixed CVE-2026-5766 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE in Memory...
ed18840 [5.2.x] Fixed typo in stub release notes for 5.2.14.
de3f622 [5.2.x] Added stub release notes and release date for 5.2.14.
fb61c8a [5.2.x] Refs CVE-2026-4292 -- Isolated new test in AdminViewListEditable.
bd1a758 [5.2.x] Fixed two issues in release helper scripts/verify_release.sh.
da57aaa [5.2.x] Added CVE-2026-3902, CVE-2026-4277, CVE-2026-4292, CVE-2026-33033, an...
c9a8bdb [5.2.x] Post-release version bump.
Additional commits viewable in compare view

Updates djangorestframework from 3.16.1 to 3.17.1

Release notes

Sourced from djangorestframework's releases.

3.17.1

What's Changed

Bug fixes

Fix HTMLFormRenderer with empty datetime values by @p-r-a-v-i-n in encode/django-rest-framework#9928

Full Changelog: encode/django-rest-framework@3.17.0...3.17.1

3.17.0

What's Changed

Breaking changes

Drop support for Python 3.9 by @auvipy in encode/django-rest-framework#9781

Drop deprecated coreapi support by @browniebroke in encode/django-rest-framework#9895

Features

Add ability to specify output format for DurationField by @sevdog in encode/django-rest-framework#8532

Add missing decorators: @versioning_class(), @content_negotiation_class(), @metadata_class() for function-based views by @qqii in encode/django-rest-framework#9719

Add support for Python 3.14 by @cclauss in encode/django-rest-framework#9780

Support violation_error_code and violation_error_message from UniqueConstraint in UniqueTogetherValidator by @s-aleshin in encode/django-rest-framework#9766

Add support for ipaddress objects in JSONEncoder by @corenting in encode/django-rest-framework#9087

Add optional support to serialize BigInteger to string by @HoodyH in encode/django-rest-framework#9775

Add Django 6.0 support by @MehrazRumman in encode/django-rest-framework#9819

Bug fixes

Prevent small risk of Token overwrite by @mahdirahimi1999 in encode/django-rest-framework#9754

Fix UniqueTogetherValidator validation when condition references a read-only field by @ticosax in encode/django-rest-framework#9764

Fix validation on many to many field when default=None by @Genarito in encode/django-rest-framework#9790

Fix invalid SPDX license expression in __init__.py by @TheFunctionalGuy in encode/django-rest-framework#9799

Fix HTMLFormRenderer to ensure a valid datetime-local format by @mgaligniana in encode/django-rest-framework#9365

Fix mutable default arguments in OrderingFilter methods by @killerdevildog in encode/django-rest-framework#9742

Update TokenAdmin to respect USERNAME_FIELD of the user model by @m000 in encode/django-rest-framework#9836

Preserve ordering in MultipleChoiceField by @fbozhang in encode/django-rest-framework#9735

Translations

Update French translation by @SebCorbin in encode/django-rest-framework#9770

Update Brazilian Portuguese translations by @JVPinheiroReis in encode/django-rest-framework#9828

Fix and improve French translations by @deronnax in encode/django-rest-framework#9896

Add missing Russian translation by @minorytanaka in encode/django-rest-framework#9903

Packaging

Migrate packaging to pyproject.toml by @deronnax in encode/django-rest-framework#9056

Move package data rules from MANIFEST.in to pyproject.toml by @p-r-a-v-i-n in encode/django-rest-framework#9825

Set up release workflow with trusted publisher by @browniebroke in encode/django-rest-framework#9852

Other changes

Refactor token generation to use the secrets module by @mahdirahimi1999 in encode/django-rest-framework#9760

Add validation for decorator out-of-order with @api_view by @kernelshard in encode/django-rest-framework#9821

Switch to mkdocs material theme for documentation by @browniebroke in encode/django-rest-framework#9849

New Contributors

@khaledsukkar2 made their first contribution in encode/django-rest-framework#9717

... (truncated)

Commits

22e231c Prepare bug fix release 3.17.1 (#9931)
8e99b53 Add condition to skip pushed tags from forks (#9924)
c0407de Fix HTMLFormRenderer with empty datetime values (#9928)
30d58a7 Fix the book sizing in the documentation (#9926)
6f03b79 Tweak order of changes in release notes
021ab56 Bump version and update release notes for 3.17.0 (#9921)
19ebad7 Bump mkdocs-material[imaging] from 9.7.4 to 9.7.5 (#9923)
f222c55 Correct requires-python key in pyproject.toml
7e7de6f Remove code fences from release checklist
c599d30 Update release process
Additional commits viewable in compare view

Updates mypy from 1.18.2 to 1.19.1

Changelog

Sourced from mypy's changelog.

Mypy 1.19.1

Fix noncommutative joins with bounded TypeVars (Shantanu, PR 20345)

Respect output format for cached runs by serializing raw errors in cache metas (Ivan Levkivskyi, PR 20372)

Allow types.NoneType in match cases (A5rocks, PR 20383)

Fix mypyc generator regression with empty tuple (BobTheBuidler, PR 20371)

Fix crash involving Unpack-ed TypeVarTuple (Shantanu, PR 20323)

Fix crash on star import of redefinition (Ivan Levkivskyi, PR 20333)

Fix crash on typevar with forward ref used in other module (Ivan Levkivskyi, PR 20334)

Fail with an explicit error on PyPy (Ivan Levkivskyi, PR 20389)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

A5rocks

BobTheBuidler

bzoracler

Chainfire

Christoph Tyralla

David Foster

Frank Dana

Guo Ci

iap

Ivan Levkivskyi

James Hilton-Balfe

jhance

Joren Hammudoglu

Jukka Lehtosalo

KarelKenens

Kevin Kannammalil

Marc Mueller

Michael Carlstrom

Michael J. Sullivan

Piotr Sawicki

Randolf Scholz

Shantanu

Sigve Sebastian Farstad

sobolevn

Stanislav Terliakov

Stephen Morton

Theodore Ando

Thiago J. Barbalho

wyattscarpenter

I’d also like to thank my employer, Dropbox, for supporting mypy development.

Mypy 1.18

We’ve just uploaded mypy 1.18.1 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance

... (truncated)

Commits

412c19a Bump version to 1.19.1
20aea0a Update changelog for 1.19.1 (#20414)
2b23b50 Serialize raw errors in cache metas (#20372)
f60f90f Fail on PyPy in main instead of setup.py (#20389)
58d485b Fail with an explicit error on PyPy (#20384)
a4b31a2 Allow types.NoneType in match cases (#20383)
8a6eff4 [mypyc] fix generator regression with empty tuple (#20371)
70eceea Fix noncommutative joins with bounded TypeVars (#20345)
3890fc4 Fix crash involving Unpack-ed TypeVarTuple (#20323)
c93d917 Fix crash on star import of redefinition (#20333)
Additional commits viewable in compare view

Updates djangorestframework-stubs from 3.16.8 to 3.16.9

Release notes

Sourced from djangorestframework-stubs's releases.

3.16.9

Versioning

This will be the last version to support django-stubs 5.2. But django-stubs 6.0 will mostly also work if you use older Django.

This will be the last version to target djangorestframework 3.16 -- the next version will be updating to 3.17.

Mypy 1.20 is now supported.

Help wanted!

👉 Your help is needed to update stubs for djangorestframework version 3.17!

See https://github.com/typeddjango/djangorestframework-stubs/blob/master/scripts/stubtest/allowlist_todo_317.txt for changed APIs

Before starting work, check that nobody has yet opened a pull request on the same topic: https://github.com/typeddjango/djangorestframework-stubs/pulls

Open pull requests, but keep changes small.

What's Changed

Add stub for APIClient.generic by @noamkush in typeddjango/djangorestframework-stubs#911

Fix RelatedField.get_queryset type by @amaral-daniel in typeddjango/djangorestframework-stubs#912

Fix incorrect function signatures in documentation and schemas by @emmanuel-ferdman in typeddjango/djangorestframework-stubs#909

Remove redundant subclass method annotations in pagination by @brianhelba in typeddjango/djangorestframework-stubs#917

Fix propagation of QuerySet row-type through APIs handling QuerySet by @brianhelba in typeddjango/djangorestframework-stubs#916

Fix incomplete types in rest_framework.schemas by @emmanuel-ferdman in typeddjango/djangorestframework-stubs#919

Fix incomplete types in rest_framework.utils by @emmanuel-ferdman in typeddjango/djangorestframework-stubs#935

Housekeeping

Update dependency mypy to >=1.13,<1.21 & fix tests by @intgr in typeddjango/djangorestframework-stubs#940

Add @override decorators & align mypy config with django-stubs by @intgr in typeddjango/djangorestframework-stubs#928

CI: Fix Ruff unused noqa: F811 directive by @intgr in typeddjango/djangorestframework-stubs#926

Version 3.16.9 release by @intgr in typeddjango/djangorestframework-stubs#942

New Contributors

@amaral-daniel made their first contribution in typeddjango/djangorestframework-stubs#912

Full Changelog: typeddjango/djangorestframework-stubs@3.16.8...3.16.9

Commits

8d36f73 Version 3.16.9 release (#942)
478165c Update dependency mypy to >=1.13,<1.21 & fix tests (#940)
0b29d9d Lock file maintenance (#939)
3a3009a Lock file maintenance
e80bdb2 [pre-commit.ci] pre-commit autoupdate (#937)
95adbfc Fix incomplete types in rest_framework.utils (#935)
a0f2554 Update dependency types-requests to v2.33.0.20260327 (#936)
3093590 Update dependency uv_build to >=0.11.0,<0.12.0 (#933)
1e2da42 Update dependency types-requests to v2.32.4.20260324 (#934)
579fcce Lock file maintenance
Additional commits viewable in compare view

Updates grpcio from 1.78.0 to 1.80.0

Release notes

Sourced from grpcio's releases.

Release v1.80.0

This is release 1.80.0 (glimmering) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

[ssl] Implement TLS private key signer in Python. (#41701)

[TLS Credentials]: Private Key Offload Implementation. (#41606)

Fix max sockaddr struct size on OpenBSD. (#40454)

[core] Enable EventEngine for Python by default, and EventEngine fork support in Python and Ruby. (#41432)

[TLS Credentials]: Create InMemoryCertificateProvider to update certificates independently. (#41484)

[Ruby] Build/test ruby 4.0 and build native gems with Ruby 4.0 support. (#41324)

[EventEngine] Remove an incorrect std::move in DNSServiceResolver constructor. (#41502)

[RR and WRR] enable change to connect from a random index. (#41472)

[xds] Implement gRFC A101. (#41051)

C++

[C++] Add SNI override option to C++ channel credentials options API. (#41460)

C#

[C# tools] Option to append Async to server side method names #39010. (#39797)

Objective-C

[Fix][Compiler] Plugins fall back to the edition 2023 for older protobuf. (#41357)

PHP

[PHP] Disable php infinite recursion check for callback from Core to PHP. (#41835)

[PHP] Fix runtime error with PHp8.5 alpha because zend_exception_get_defaul…. (#40337)

Python

[Python] Fix GRPC_TRACE not working when absl log initialized in cython. (#41814)

Revert "[Python] Align GRPC_ENABLE_FORK_SUPPORT env defaults in core and python (#41455)". (#41769)

[Python] Fix AsyncIO Server maximum_concurrent_rpcs enforcement preventing negative active_rpcs count. (#41532)

[Python] Docs: correct grpc.Compression references. (#41705)

[Python] [Typeguard] Part 4 - Add Typeguard to AIO stack in tests . (#40226)

... (truncated)

Commits

f5e2d6e [Release] Bump version to 1.80.0 (on v1.80.x branch) (#41857)
938cfec [subchannel connection scaling] fix when we reset backoff (#41935)
91778be [Backport][v1.80.x][Python] New _create method for aio.Metadata (#41888)
f10b9f2 [bzlmod] upgrade rules_swift to avoid BCR CI breakage on Windows with bazel 7...
be4c1c5 [subchannel] fix crash in connection scaling code (#41853)
a71df73 [Release] Bump version to 1.80.0-pre1 (on v1.80.x branch) (#41844)
3ca09e4 [Python] Fix GRPC_TRACE and add test to check the GRPC_TRACE logs print (#41814)
260c6fd [PHP] Disable php infinite recursion check for callback from Core to PHP (#41...
50957c5 [Flakiness] Delete flaky iomgr fd_conservation_posix_test and create an Event...
e1e1d0a [Bzlmod] Turn off bzlmod for PSM python tests. (#41810)
Additional commits viewable in compare view

Updates typos from 1.44.0 to 1.46.1

Release notes

Sourced from typos's releases.

v1.46.1

[1.46.1] - 2026-05-08

Fixes

Don't correct to confidentials

v1.46.0

[1.46.0] - 2026-04-30

Features

Updated the dictionary with the April 2026 changes

v1.45.2

[1.45.2] - 2026-04-27

Fixes

Ignore ssh ed25519 public keys

v1.45.1

[1.45.1] - 2026-04-13

Fixes

(action) Use a temp dir for caching

v1.45.0

[1.45.0] - 2026-04-01

Features

Updated the dictionary with the March 2026 changes

Changelog

Sourced from typos's changelog.

[1.46.1] - 2026-05-08

Fixes

Don't correct to confidentials

[1.46.0] - 2026-04-30

Features

Updated the dictionary with the April 2026 changes

[1.45.2] - 2026-04-27

Fixes

Ignore ssh ed25519 public keys

[1.45.1] - 2026-04-13

Fixes

(action) Use a temp dir for caching

[1.45.0] - 2026-04-01

Features

Updated the dictionary with the March 2026 changes

Commits

5374cbf chore: Release
52448f5 docs: Update changelog
030c719 Merge pull request #1552 from epage/fixes
7a688c7 fix(dict): Confidentials isn't valid
3bcd3b3 Merge pull request #1548 from crate-ci/renovate/maturin-1.x
5294011 chore(deps): Update compatible (#1547)
c3be360 chore(deps): Update dependency maturin to >=1.13,<1.14
bbaefad chore: Release
c19f54c chore: Release
d65608b docs: Update changelog
Additional commits viewable in compare view

Updates pulumi-aws from 6.83.2 to 6.83.3

Release notes

Sourced from pulumi-aws's releases.

v6.83.3

Backport/security release

Commits

0ca3121 Get tokens from ESC
6355f4e Update Go toolchain to 1.25.5 (security backport) (#6251)
See full diff in compare view

Updates types-python-dateutil from 2.9.0.20260305 to 2.9.0.20260508

Commits

See full diff in compare view

Updates types-markdown from 3.10.2.20260211 to 3.10.2.20260508

Commits

See full diff in compare view

Updates types-pygments from 2.19.0.20251121 to 2.20.0.20260508

Commits

See full diff in compare view

Updates types-psycopg2 from 2.9.21.20260223 to 2.9.21.20260509

Commits

See full diff in compare view

Updates types-pycurl from 7.45.7.20251101 to 7.46.0.20260509

Commits

See full diff in compare view

Updates types-six from 1.17.0.20251009 to 1.17.0.20260408

Commits

See full diff in compare view

Updates social-auth-app-django from 5.6.0 to 5.9.0

Release notes

Sourced from social-auth-app-django's releases.

5.9.0

Changed

Added async support to SocialAuthExceptionMiddleware

Dropped support for Django 5.1, Django 5.2 is now the minimum supported version

Loosened the social-auth-core dependency to allow compatible 4.x releases

Improved release automation and GitHub release asset publishing

5.8.0

Changed

Added explicit Django 5.1, 5.2, and 6.0 package classifiers

DjangoStrategy now lazily creates a session when initialized without a request

Removed legacy replaces metadata from historical squashed migrations

Updated historical unique_together migration declarations for newer Django compatibility

5.7.0

Changed

Integrated with social_core using registry instead of monkey patching it

Donations

This project welcomes donations to make the development sustainable. The following platforms are available for funding Python Social Auth:

GitHub Sponsors

Open Collective

Changelog

Sourced from social-auth-app-django's changelog.

5.9.0 - 2026-04-29

Changed

Added async support to SocialAuthExceptionMiddleware

Dropped support for Django 5.1, Django 5.2 is now the minimum supported version

Loosened the social-auth-core dependency to allow compatible 4.x releases

Improved release automatio...
Description has been truncated

Bumps the python-dependencies group with 29 updates: | Package | From | To | | --- | --- | --- | | [bleach](https://github.com/mozilla/bleach) | `6.1.0` | `6.3.0` | | [boto3](https://github.com/boto/boto3) | `1.34.76` | `1.43.6` | | [django-storages](https://github.com/jschneier/django-storages) | `1.14.2` | `1.14.6` | | [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` | | [django](https://github.com/django/django) | `5.2.12` | `5.2.14` | | [djangorestframework](https://github.com/encode/django-rest-framework) | `3.16.1` | `3.17.1` | | [mypy](https://github.com/python/mypy) | `1.18.2` | `1.19.1` | | [djangorestframework-stubs](https://github.com/typeddjango/djangorestframework-stubs) | `3.16.8` | `3.16.9` | | [grpcio](https://github.com/grpc/grpc) | `1.78.0` | `1.80.0` | | [typos](https://github.com/crate-ci/typos) | `1.44.0` | `1.46.1` | | [pulumi-aws](https://github.com/pulumi/pulumi-aws) | `6.83.2` | `6.83.3` | | [types-python-dateutil](https://github.com/python/typeshed) | `2.9.0.20260305` | `2.9.0.20260508` | | [types-markdown](https://github.com/python/typeshed) | `3.10.2.20260211` | `3.10.2.20260508` | | [types-pygments](https://github.com/python/typeshed) | `2.19.0.20251121` | `2.20.0.20260508` | | [types-psycopg2](https://github.com/python/typeshed) | `2.9.21.20260223` | `2.9.21.20260509` | | [types-pycurl](https://github.com/python/typeshed) | `7.45.7.20251101` | `7.46.0.20260509` | | [types-six](https://github.com/python/typeshed) | `1.17.0.20251009` | `1.17.0.20260408` | | [social-auth-app-django](https://github.com/python-social-auth/social-app-django) | `5.6.0` | `5.9.0` | | [django-environ](https://github.com/joke2k/django-environ) | `0.11.2` | `0.13.0` | | [python-dateutil](https://github.com/dateutil/dateutil) | `2.9.0` | `2.9.0.post0` | | [django-htmx](https://github.com/adamchainz/django-htmx) | `1.17.3` | `1.27.0` | | [django-markdownify](https://github.com/erwinmatijsen/django-markdownify) | `0.9.3` | `0.9.6` | | [model-bakery](https://github.com/model-bakers/model_bakery) | `1.17.0` | `1.23.4` | | [mkdocs-material](https://github.com/squidfunk/mkdocs-material) | `9.7.4` | `9.7.6` | | [mysqlclient](https://github.com/PyMySQL/mysqlclient) | `2.2.0` | `2.2.8` | | [mariadb](https://github.com/mariadb-corporation/mariadb-connector-python) | `1.1.8` | `1.1.14` | | [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.11` | `2.9.12` | | [coverage](https://github.com/coveragepy/coveragepy) | `7.13.4` | `7.13.5` | | [bump-my-version](https://github.com/callowayproject/bump-my-version) | `0.19.3` | `0.33.0` | Updates `bleach` from 6.1.0 to 6.3.0 - [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES) - [Commits](mozilla/bleach@v6.1.0...v6.3.0) Updates `boto3` from 1.34.76 to 1.43.6 - [Release notes](https://github.com/boto/boto3/releases) - [Commits](boto/boto3@1.34.76...1.43.6) Updates `django-storages` from 1.14.2 to 1.14.6 - [Changelog](https://github.com/jschneier/django-storages/blob/master/CHANGELOG.rst) - [Commits](jschneier/django-storages@1.14.2...1.14.6) Updates `pillow` from 12.1.1 to 12.2.0 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@12.1.1...12.2.0) Updates `django` from 5.2.12 to 5.2.14 - [Commits](django/django@5.2.12...5.2.14) Updates `djangorestframework` from 3.16.1 to 3.17.1 - [Release notes](https://github.com/encode/django-rest-framework/releases) - [Commits](encode/django-rest-framework@3.16.1...3.17.1) Updates `mypy` from 1.18.2 to 1.19.1 - [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) - [Commits](python/mypy@v1.18.2...v1.19.1) Updates `djangorestframework-stubs` from 3.16.8 to 3.16.9 - [Release notes](https://github.com/typeddjango/djangorestframework-stubs/releases) - [Commits](typeddjango/djangorestframework-stubs@3.16.8...3.16.9) Updates `grpcio` from 1.78.0 to 1.80.0 - [Release notes](https://github.com/grpc/grpc/releases) - [Commits](grpc/grpc@v1.78.0...v1.80.0) Updates `typos` from 1.44.0 to 1.46.1 - [Release notes](https://github.com/crate-ci/typos/releases) - [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md) - [Commits](crate-ci/typos@v1.44.0...v1.46.1) Updates `pulumi-aws` from 6.83.2 to 6.83.3 - [Release notes](https://github.com/pulumi/pulumi-aws/releases) - [Changelog](https://github.com/pulumi/pulumi-aws/blob/master/CHANGELOG_OLD.md) - [Commits](pulumi/pulumi-aws@v6.83.2...v6.83.3) Updates `types-python-dateutil` from 2.9.0.20260305 to 2.9.0.20260508 - [Commits](https://github.com/python/typeshed/commits) Updates `types-markdown` from 3.10.2.20260211 to 3.10.2.20260508 - [Commits](https://github.com/python/typeshed/commits) Updates `types-pygments` from 2.19.0.20251121 to 2.20.0.20260508 - [Commits](https://github.com/python/typeshed/commits) Updates `types-psycopg2` from 2.9.21.20260223 to 2.9.21.20260509 - [Commits](https://github.com/python/typeshed/commits) Updates `types-pycurl` from 7.45.7.20251101 to 7.46.0.20260509 - [Commits](https://github.com/python/typeshed/commits) Updates `types-six` from 1.17.0.20251009 to 1.17.0.20260408 - [Commits](https://github.com/python/typeshed/commits) Updates `social-auth-app-django` from 5.6.0 to 5.9.0 - [Release notes](https://github.com/python-social-auth/social-app-django/releases) - [Changelog](https://github.com/python-social-auth/social-app-django/blob/master/CHANGELOG.md) - [Commits](python-social-auth/social-app-django@5.6.0...5.9.0) Updates `django-environ` from 0.11.2 to 0.13.0 - [Release notes](https://github.com/joke2k/django-environ/releases) - [Changelog](https://github.com/joke2k/django-environ/blob/develop/CHANGELOG.rst) - [Commits](joke2k/django-environ@v0.11.2...v0.13.0) Updates `python-dateutil` from 2.9.0 to 2.9.0.post0 - [Release notes](https://github.com/dateutil/dateutil/releases) - [Changelog](https://github.com/dateutil/dateutil/blob/master/NEWS) - [Commits](dateutil/dateutil@2.9.0...2.9.0.post0) Updates `django-htmx` from 1.17.3 to 1.27.0 - [Changelog](https://github.com/adamchainz/django-htmx/blob/main/docs/changelog.rst) - [Commits](adamchainz/django-htmx@1.17.3...1.27.0) Updates `django-markdownify` from 0.9.3 to 0.9.6 - [Commits](erwinmatijsen/django-markdownify@0.9.3...0.9.6) Updates `model-bakery` from 1.17.0 to 1.23.4 - [Release notes](https://github.com/model-bakers/model_bakery/releases) - [Changelog](https://github.com/model-bakers/model_bakery/blob/main/CHANGELOG.md) - [Commits](model-bakers/model_bakery@1.17.0...1.23.4) Updates `mkdocs-material` from 9.7.4 to 9.7.6 - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](squidfunk/mkdocs-material@9.7.4...9.7.6) Updates `mysqlclient` from 2.2.0 to 2.2.8 - [Release notes](https://github.com/PyMySQL/mysqlclient/releases) - [Changelog](https://github.com/PyMySQL/mysqlclient/blob/main/HISTORY.rst) - [Commits](PyMySQL/mysqlclient@v2.2.0...v2.2.8) Updates `mariadb` from 1.1.8 to 1.1.14 - [Release notes](https://github.com/mariadb-corporation/mariadb-connector-python/releases) - [Changelog](https://github.com/mariadb-corporation/mariadb-connector-python/blob/1.1/CHANGELOG.md) - [Commits](mariadb-corporation/mariadb-connector-python@v1.1.8...v1.1.14) Updates `psycopg2-binary` from 2.9.11 to 2.9.12 - [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS) - [Commits](psycopg/psycopg2@2.9.11...2.9.12) Updates `coverage` from 7.13.4 to 7.13.5 - [Release notes](https://github.com/coveragepy/coveragepy/releases) - [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst) - [Commits](coveragepy/coveragepy@7.13.4...7.13.5) Updates `bump-my-version` from 0.19.3 to 0.33.0 - [Release notes](https://github.com/callowayproject/bump-my-version/releases) - [Changelog](https://github.com/callowayproject/bump-my-version/blob/master/CHANGELOG.md) - [Commits](callowayproject/bump-my-version@0.19.3...0.33.0) --- updated-dependencies: - dependency-name: bleach dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: boto3 dependency-version: 1.43.6 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: django-storages dependency-version: 1.14.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: pillow dependency-version: 12.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: django dependency-version: 5.2.14 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: djangorestframework dependency-version: 3.17.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: mypy dependency-version: 1.19.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: djangorestframework-stubs dependency-version: 3.16.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: grpcio dependency-version: 1.80.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: typos dependency-version: 1.46.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: pulumi-aws dependency-version: 6.83.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: types-python-dateutil dependency-version: 2.9.0.20260508 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: types-markdown dependency-version: 3.10.2.20260508 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: types-pygments dependency-version: 2.20.0.20260508 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: types-psycopg2 dependency-version: 2.9.21.20260509 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: types-pycurl dependency-version: 7.46.0.20260509 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: types-six dependency-version: 1.17.0.20260408 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: social-auth-app-django dependency-version: 5.9.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: django-environ dependency-version: 0.13.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: python-dateutil dependency-version: 2.9.0.post0 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: django-htmx dependency-version: 1.27.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: django-markdownify dependency-version: 0.9.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: model-bakery dependency-version: 1.23.4 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-dependencies - dependency-name: mkdocs-material dependency-version: 9.7.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: mysqlclient dependency-version: 2.2.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: mariadb dependency-version: 1.1.14 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: psycopg2-binary dependency-version: 2.9.12 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: coverage dependency-version: 7.13.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-dependencies - dependency-name: bump-my-version dependency-version: 0.33.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: python-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-05-10T00:21:38Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 18 package(s) with unknown licenses.
⚠️ 1 packages with OpenSSF Scorecard issues.

See the Details below.

License Issues

poetry.lock

Package	Version	License	Issue Type
boto3	1.43.6	Null	Unknown License
botocore	1.43.6	Null	Unknown License
django	5.2.14	Null	Unknown License
django-environ	0.13.0	Null	Unknown License
djangorestframework	3.17.1	Null	Unknown License
djangorestframework-stubs	3.16.9	Null	Unknown License
librt	0.10.0	Null	Unknown License
mkdocs-material	9.7.6	Null	Unknown License
model-bakery	1.23.4	Null	Unknown License
pulumi-aws	6.83.3	Null	Unknown License
social-auth-app-django	5.9.0	Null	Unknown License
types-markdown	3.10.2.20260508	Null	Unknown License
types-psycopg2	2.9.21.20260509	Null	Unknown License
types-pycurl	7.46.0.20260509	Null	Unknown License
types-pygments	2.20.0.20260508	Null	Unknown License
types-python-dateutil	2.9.0.20260508	Null	Unknown License
types-six	1.17.0.20260408	Null	Unknown License
typos	1.46.1	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

pip/anyio

4.13.0

Unknown

pip/bleach

6.3.0

🟢 5.9

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/17 approved changesets -- score normalized to 0
Maintained	🟢 9	11 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 9
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Pinned-Dependencies	🟢 4	dependency not pinned by hash detected -- score normalized to 4
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

pip/boto3

1.43.6

Unknown

pip/botocore

1.43.6

Unknown

pip/bracex

2.6

Unknown

pip/bump-my-version

0.33.0

Unknown

pip/coverage

7.13.5

Unknown

pip/django

5.2.14

Unknown

pip/django-environ

0.13.0

Unknown

pip/django-htmx

1.27.0

Unknown

pip/django-markdownify

0.9.6

⚠️ 2.4

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Code-Review	⚠️ 0	Found 1/13 approved changesets -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

pip/django-storages

1.14.6

Unknown

pip/djangorestframework

3.17.1

Unknown

pip/djangorestframework-stubs

3.16.9

Unknown

pip/exceptiongroup

1.3.1

Unknown

pip/grpcio

1.80.0

Unknown

pip/h11

0.16.0

🟢 4.4

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 5	Found 9/18 approved changesets -- score normalized to 5
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

pip/httpcore

1.0.9

Unknown

pip/httpx

0.28.1

Unknown

pip/librt

0.10.0

Unknown

pip/mariadb

1.1.14

🟢 4.1

Details

Check	Score	Reason
Maintained	🟢 5	7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	no SAST tool detected
Security-Policy	⚠️ 0	security policy file not detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
Packaging	🟢 10	packaging workflow detected

pip/mkdocs-material

9.7.6

Unknown

pip/model-bakery

1.23.4

Unknown

pip/mypy

1.19.1

Unknown

pip/mysqlclient

2.2.8

Unknown

pip/pillow

12.2.0

Unknown

pip/psycopg2-binary

2.9.12

Unknown

pip/pulumi-aws

6.83.3

Unknown

pip/python-dateutil

2.9.0.post0

🟢 5.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/17 approved changesets -- score normalized to 2
Maintained	🟢 10	13 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 9	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	🟢 8	2 out of the last 2 releases have a total of 2 signed artifacts.
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

pip/s3transfer

0.17.0

🟢 8

Details

Check	Score	Reason
Code-Review	🟢 6	Found 14/21 approved changesets -- score normalized to 6
Maintained	🟢 10	24 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	🟢 10	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	🟢 10	all dependencies are pinned
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 6	branch protection is not maximal on development and all release branches
SAST	🟢 10	SAST tool is run on all commits

pip/social-auth-app-django

5.9.0

Unknown

pip/types-markdown

3.10.2.20260508

Unknown

pip/types-psycopg2

2.9.21.20260509

Unknown

pip/types-pycurl

7.46.0.20260509

Unknown

pip/types-pygments

2.20.0.20260508

Unknown

pip/types-python-dateutil

2.9.0.20260508

Unknown

pip/types-six

1.17.0.20260408

Unknown

pip/typos

1.46.1

Unknown

pip/wcmatch

10.1

Unknown

Scanned Files

poetry.lock

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 10, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the python-dependencies group with 29 updates#668

chore(deps): bump the python-dependencies group with 29 updates#668
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/python-dependencies-6ef17a9a48

dependabot Bot commented on behalf of github May 10, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented May 10, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github May 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Version 6.3.0 (October 27th, 2025)

Version 6.2.0 (October 29th, 2024)

Google Cloud

S3

General

Azure

Dropbox

FTP

Google Cloud

12.2.0

Documentation

Dependencies

Testing

Other changes

3.17.1

What's Changed

Bug fixes

3.17.0

What's Changed

Breaking changes

Features

Bug fixes

Translations

Packaging

Other changes

New Contributors

Mypy 1.19.1

Acknowledgements

Mypy 1.18

3.16.9

Versioning

Help wanted!

What's Changed

Housekeeping

New Contributors

Release v1.80.0

Core

C++

C#

Objective-C

PHP

Python

v1.46.1

[1.46.1] - 2026-05-08

Fixes

v1.46.0

[1.46.0] - 2026-04-30

Features

v1.45.2

[1.45.2] - 2026-04-27

Fixes

v1.45.1

[1.45.1] - 2026-04-13

Fixes

v1.45.0

[1.45.0] - 2026-04-01

Features

[1.46.1] - 2026-05-08

Fixes

[1.46.0] - 2026-04-30

Features

[1.45.2] - 2026-04-27

Fixes

[1.45.1] - 2026-04-13

Fixes

[1.45.0] - 2026-04-01

Features

v6.83.3

5.9.0

Changed

5.8.0

Changed

5.7.0

Changed

Donations

5.9.0 - 2026-04-29

dependabot Bot commented on behalf of github May 10, 2026 •

edited

Loading