Skip to content

chore(deps): bump the python-minor-patch group across 2 directories with 8 updates #192

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

chore(deps): bump the python-minor-patch group across 2 directories with 8 updates #192

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 16, 2025
edited
Loading

Bumps the python-minor-patch group with 5 updates in the /opendata_module directory:

Package From To
pyyaml 6.0.2 6.0.3
setuptools 75.3.0 75.3.2
dill 0.3.9 0.4.0
django 4.2.19 4.2.25
psycopg2 2.9.10 2.9.11

Bumps the python-minor-patch group with 4 updates in the /reports_module directory: pyyaml, jinja2, requests and jsonschema.

Updates pyyaml from 6.0.2 to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

  • Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

  • yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)
Commits

Updates setuptools from 75.3.0 to 75.3.2

Changelog

Sourced from setuptools's changelog.

v75.3.2

  • Fixed version error in changelog.

v75.3.1

Bugfixes

  • Fix wheel file naming to follow binary distribution specification -- by :user:di (#4877)

v76.0.0

Deprecations and Removals

v75.9.1

Bugfixes

  • Fix ImportError in distutils when configuring for linking. (#4866)

v75.9.0

Features

  • pypa/distutils#327#4852)

v75.8.2

Bugfixes

  • Fixed pkg_resources.require(...) to also consider standardised dist-info directories. (#4856)

... (truncated)

Commits
  • 1148613 Merge tag 'v75.3.1'
  • 51a09c9 Mark failing test as xfail.
  • be96588 Mark failing tests as xfail. Ref #4864.
  • 5cac330 Pin ruff at 2024-10-29 to avoid emergent failures from later releases.
  • 23b7b52 Bump version: 75.3.0 → 75.3.1
  • 1740976 Repoint the news fragment.
  • 9559193 Merge pull request #4766 from di/fix/3777
  • b10fa52 Reduce Ruff configs that duplicates upstream after skeleton merge (#4857)
  • 45375cd Reduce Ruff configs that duplicates upstream after skeleton merge
  • c11a494 Bump version: 75.9.1 → 76.0.0
  • Additional commits viewable in compare view

Updates dill from 0.3.9 to 0.4.0

Commits

Updates django from 4.2.19 to 4.2.25

Commits
  • 57d20b2 [4.2.x] Bumped version for 4.2.25 release.
  • 9504bba [4.2.x] Fixed CVE-2025-59682 -- Fixed potential partial directory-traversal v...
  • 38d9ef8 [4.2.x] Fixed CVE-2025-59681 -- Protected QuerySet.annotate(), alias(), aggre...
  • 7c7d2a4 [4.2.x] Added stub release notes and release date for 4.2.25.
  • 3e27d61 [4.2.x] Added missing backticks in docs/releases/security.txt.
  • 07e5fb9 [4.2.x] Added CVE-2025-57833 to security archive.
  • 5636e82 [4.2.x] Post-release version bump.
  • 5e23d89 [4.2.x] Bumped version for 4.2.24 release.
  • 31334e6 [4.2.x] Fixed CVE-2025-57833 -- Protected FilteredRelation against SQL inject...
  • d5860d5 [4.2.x] Added stub release notes and release date for 4.2.24.
  • Additional commits viewable in compare view

Updates psycopg2 from 2.9.10 to 2.9.11

Changelog

Sourced from psycopg2's changelog.

Current release

What's new in psycopg 2.9.11 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Add support for Python 3.14.
  • Avoid a segfault passing more arguments than placeholders if Python is built with assertions enabled (:ticket:[#1791](https://github.com/psycopg/psycopg2/issues/1791)).
  • ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 18.
  • Drop support for Python 3.8.

What's new in psycopg 2.9.10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Add support for Python 3.13.
  • Receive notifications on commit (:ticket:[#1728](https://github.com/psycopg/psycopg2/issues/1728)).
  • ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 17.
  • Drop support for Python 3.7.

What's new in psycopg 2.9.9 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Add support for Python 3.12.
  • Drop support for Python 3.6.

What's new in psycopg 2.9.8 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Wheel package bundled with PostgreSQL 16 libpq in order to add support for recent features, such as sslcertmode.

What's new in psycopg 2.9.7 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Fix propagation of exceptions raised during module initialization (:ticket:[#1598](https://github.com/psycopg/psycopg2/issues/1598)).
  • Fix building when pg_config returns an empty string (:ticket:[#1599](https://github.com/psycopg/psycopg2/issues/1599)).
  • Wheel package bundled with OpenSSL 1.1.1v.

What's new in psycopg 2.9.6 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

... (truncated)

Commits
  • fd9ae8c chore: bump to version 2.9.11
  • d923840 chore: update docs requirements
  • d42dc71 Merge branch 'fix-1791'
  • 4fde656 fix: avoid failed assert passing more arguments than placeholders
  • 8308c19 fix: drop warning about the use of deprecated PyWeakref_GetObject function
  • 1a1eabf build(deps): bump actions/github-script from 7 to 8
  • 897af8b build(deps): bump peter-evans/repository-dispatch from 3 to 4
  • ceefd30 build(deps): bump actions/checkout from 4 to 5
  • 4dc5854 build(deps): bump actions/setup-python from 5 to 6
  • 1945788 Merge pull request #1802 from edgarrmondragon/cp314-wheels
  • Additional commits viewable in compare view

Updates pyyaml from 6.0.2 to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

  • Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

  • yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)
Commits

Updates pyyaml from 6.0.2 to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

  • Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

  • yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)
Commits

Updates jinja2 from 3.1.5 to 3.1.6

Release notes

Sourced from jinja2's releases.

3.1.6

This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.6/ Changes: https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6

  • The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. GHSA-cpwx-vrp4-4pq7
Changelog

Sourced from jinja2's changelog.

Version 3.1.6

Released 2025-03-05

  • The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:cpwx-vrp4-4pq7
Commits

Updates pyyaml from 6.0.2 to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

  • Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

  • yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)
Commits

Updates requests from 2.32.3 to 2.32.5

Release notes

Sourced from requests's releases.

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.

v2.32.4

2.32.4 (2025-06-10)

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.11 for Linux and macOS. (#6926)
  • Dropped support for pypy 3.9 following its end of support. (#6926)
Changelog

Sourced from requests's changelog.

2.32.5 (2025-08-18)

Bugfixes

  • The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

  • Added support for Python 3.14.
  • Dropped support for Python 3.8 following its end of support.

2.32.4 (2025-06-10)

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.11 for Linux and macOS.
  • Dropped support for pypy 3.9 following its end of support.
Commits
  • b25c87d v2.32.5
  • 131e506 Merge pull request #7010 from psf/dependabot/github_actions/actions/checkout-...
  • b336cb2 Bump actions/checkout from 4.2.0 to 5.0.0
  • 46e939b Update publish workflow to use artifact-id instead of name
  • 4b9c546 Merge pull request #6999 from psf/dependabot/github_actions/step-security/har...
  • 7618dbe Bump step-security/harden-runner from 2.12.0 to 2.13.0
  • 2edca11 Add support for Python 3.14 and drop support for Python 3.8 (#6993)
  • fec96cd Update Makefile rules (#6996)
  • d58d8aa docs: clarify timeout parameter uses seconds in Session.request (#6994)
  • 91a3eab Bump github/codeql-action from 3.28.5 to 3.29.0
  • Additional commits viewable in compare view

Updates jsonschema from 4.23.0 to 4.25.1

Release notes

Sourced from jsonschema's releases.

v4.25.1

What's Changed

Full Changelog: python-jsonschema/jsonschema@v4.25.0...v4.25.1

v4.25.0

What's Changed

New Contributors

Full Changelog: python-jsonschema/jsonschema@v4.24.1...v4.25.0

v4.24.1

What's Changed

New Contributors

Full Changelog: python-jsonschema/jsonschema@v4.24.0...v4.24.1

v4.24.0

What's Changed

New Contributors

Full Changelog: python-jsonschema/jsonschema@v4.23.0...v4.24.0

Changelog

Sourced from jsonschema's changelog.

v4.25.1

  • Fix an incorrect required argument in the Validator protocol's type annotations (#1396).

v4.25.0

  • Add support for the iri and iri-reference formats to the format-nongpl extra via the MIT-licensed rfc3987-syntax. They were alread supported by the format extra. (#1388).

v4.24.1

  • Properly escape segments in ValidationError.json_path (#139).

v4.24.0

  • Fix improper handling of unevaluatedProperties in the presence of additionalProperties (#1351).
  • Support for Python 3.8 has been dropped, as it is end-of-life.
Commits
  • 331c384 Add the fix to the changelog.
  • c1ec0a6 Merge pull request #1398 from python-jsonschema/dependabot/github_actions/ast...
  • 8e7d594 Merge pull request #1399 from python-jsonschema/dependabot/github_actions/act...
  • 460f4fa Merge pull request #1396 from sirosen/improve-protocol-init-signature
  • 1e58409 [pre-commit.ci] auto fixes from pre-commit.com hooks
  • 64bc217 Add a typing test for the Validator protocol
  • 6c25741 Bump actions/checkout from 4 to 5
  • bf603d5 Bump astral-sh/setup-uv from 6.4.3 to 6.5.0
  • a916d8f Fix Validator protocol init to match runtime
  • de60f18 Merge pull request #1397 from python-jsonschema/pre-commit-ci-update-config
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the python-minor-patch group across 2 directories w…
568b188 
…ith 8 updates

Bumps the python-minor-patch group with 5 updates in the /opendata_module directory:

| Package | From | To |
| --- | --- | --- |
| [pyyaml](https://github.com/yaml/pyyaml) | `6.0.2` | `6.0.3` |
| [setuptools](https://github.com/pypa/setuptools) | `75.3.0` | `75.3.2` |
| [dill](https://github.com/uqfoundation/dill) | `0.3.9` | `0.4.0` |
| [django](https://github.com/django/django) | `4.2.19` | `4.2.25` |
| [psycopg2](https://github.com/psycopg/psycopg2) | `2.9.10` | `2.9.11` |

Bumps the python-minor-patch group with 4 updates in the /reports_module directory: [pyyaml](https://github.com/yaml/pyyaml), [jinja2](https://github.com/pallets/jinja), [requests](https://github.com/psf/requests) and [jsonschema](https://github.com/python-jsonschema/jsonschema).


Updates `pyyaml` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/yaml/pyyaml/releases)
- [Changelog](https://github.com/yaml/pyyaml/blob/6.0.3/CHANGES)
- [Commits](yaml/pyyaml@6.0.2...6.0.3)

Updates `setuptools` from 75.3.0 to 75.3.2
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](pypa/setuptools@v75.3.0...v75.3.2)

Updates `dill` from 0.3.9 to 0.4.0
- [Release notes](https://github.com/uqfoundation/dill/releases)
- [Commits](uqfoundation/dill@0.3.9...0.4.0)

Updates `django` from 4.2.19 to 4.2.25
- [Commits](django/django@4.2.19...4.2.25)

Updates `psycopg2` from 2.9.10 to 2.9.11
- [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS)
- [Commits](psycopg/psycopg2@2.9.10...2.9.11)

Updates `pyyaml` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/yaml/pyyaml/releases)
- [Changelog](https://github.com/yaml/pyyaml/blob/6.0.3/CHANGES)
- [Commits](yaml/pyyaml@6.0.2...6.0.3)

Updates `pyyaml` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/yaml/pyyaml/releases)
- [Changelog](https://github.com/yaml/pyyaml/blob/6.0.3/CHANGES)
- [Commits](yaml/pyyaml@6.0.2...6.0.3)

Updates `jinja2` from 3.1.5 to 3.1.6
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@3.1.5...3.1.6)

Updates `pyyaml` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/yaml/pyyaml/releases)
- [Changelog](https://github.com/yaml/pyyaml/blob/6.0.3/CHANGES)
- [Commits](yaml/pyyaml@6.0.2...6.0.3)

Updates `requests` from 2.32.3 to 2.32.5
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.3...v2.32.5)

Updates `jsonschema` from 4.23.0 to 4.25.1
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases)
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst)
- [Commits](python-jsonschema/jsonschema@v4.23.0...v4.25.1)

---
updated-dependencies:
- dependency-name: pyyaml
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: setuptools
  dependency-version: 75.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: dill
  dependency-version: 0.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor-patch
- dependency-name: django
  dependency-version: 4.2.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: psycopg2
  dependency-version: 2.9.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: pyyaml
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: pyyaml
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: jinja2
  dependency-version: 3.1.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: pyyaml
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: requests
  dependency-version: 2.32.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: jsonschema
  dependency-version: 4.25.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-minor-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Oct 16, 2025
@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 16, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant