Skip to content

build(deps-dev): bump the python-django group in /python/django with 4 updates#408

Merged
github-actions[bot] merged 1 commit intomainfrom
dependabot/uv/python/django/python-django-75c0baedaf
Apr 27, 2026
Merged

build(deps-dev): bump the python-django group in /python/django with 4 updates#408
github-actions[bot] merged 1 commit intomainfrom
dependabot/uv/python/django/python-django-75c0baedaf

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026

Bumps the python-django group in /python/django with 4 updates: pip, psycopg2-binary, ruff and wheel.

Updates pip from 26.0.1 to 26.1

Changelog

Sourced from pip's changelog.

26.1 (2026-04-26)

Deprecations and Removals

  • Drop support for Python 3.9. ([#13795](https://github.com/pypa/pip/issues/13795) <https://github.com/pypa/pip/issues/13795>_)

Features

  • Add experimental support to read requirements from standardized pylock.toml files (-r pylock.toml). ([#13876](https://github.com/pypa/pip/issues/13876) <https://github.com/pypa/pip/issues/13876>_)
  • Allow --uploaded-prior-to to accept a duration in days (e.g., P3D for 3 days ago). ([#13674](https://github.com/pypa/pip/issues/13674) <https://github.com/pypa/pip/issues/13674>_)

Enhancements

  • Speed up dependency resolution when there are complex conflicts. ([#13859](https://github.com/pypa/pip/issues/13859) <https://github.com/pypa/pip/issues/13859>_)
  • Reduce memory usage when resolving large dependency trees. ([#13843](https://github.com/pypa/pip/issues/13843) <https://github.com/pypa/pip/issues/13843>_)
  • Emit a deprecation warning when pip imports an unexpected module after installation of a distribution has started. ([#13912](https://github.com/pypa/pip/issues/13912) <https://github.com/pypa/pip/issues/13912>_)
  • Allow URL constraints to apply to requirements with extras. ([#12018](https://github.com/pypa/pip/issues/12018) <https://github.com/pypa/pip/issues/12018>_)
  • Allow unpinned requirements to use hashes from constraints. Constraints like {name}=={version} --hash=... feeds into hash verification for a corresponding requirement. ([#9243](https://github.com/pypa/pip/issues/9243) <https://github.com/pypa/pip/issues/9243>_)
  • Improve conflict reports that involve direct URLs. ([#13932](https://github.com/pypa/pip/issues/13932) <https://github.com/pypa/pip/issues/13932>_)
  • Show all errors instead of first error for faulty dependency_groups definitions. ([#13917](https://github.com/pypa/pip/issues/13917) <https://github.com/pypa/pip/issues/13917>_)

Bug Fixes

  • Fix recovery hint for missing RECORD file to use --ignore-installed instead of --force-reinstall. ([#12645](https://github.com/pypa/pip/issues/12645) <https://github.com/pypa/pip/issues/12645>_)
  • Fix misleading error message when a constraint file cannot be opened. ([#13226](https://github.com/pypa/pip/issues/13226) <https://github.com/pypa/pip/issues/13226>_)
  • Show the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. ([#13494](https://github.com/pypa/pip/issues/13494) <https://github.com/pypa/pip/issues/13494>_)
  • Remove the adjacent __pycache__ directory when a .py file is removed. ([#13725](https://github.com/pypa/pip/issues/13725) <https://github.com/pypa/pip/issues/13725>_)
  • Force UTF-8 encoding for :pep:723 metadata. ([#13861](https://github.com/pypa/pip/issues/13861) <https://github.com/pypa/pip/issues/13861>_)
  • Minor performance improvement when filtering candidates during resolution. ([#13916](https://github.com/pypa/pip/issues/13916) <https://github.com/pypa/pip/issues/13916>_)
  • Fix a hang on Windows when stdout is closed during verbose output. ([#13927](https://github.com/pypa/pip/issues/13927) <https://github.com/pypa/pip/issues/13927>_)
  • Common path prefixes are determined by path segment, not character by character. ([#13847](https://github.com/pypa/pip/issues/13847) <https://github.com/pypa/pip/issues/13847>_)
  • Fix installing .tar.gz source distributions that look like a zip file. ([#13867](https://github.com/pypa/pip/issues/13867) <https://github.com/pypa/pip/issues/13867>_)

Vendored Libraries

  • Upgrade certifi to 2026.2.25
  • Upgrade packaging to 26.2
  • Upgrade requests to 2.33.1
  • Upgrade tomli to 2.3.1
  • Upgrade urllib3 to 2.6.3

... (truncated)

Commits
  • 90b2b3e Bump for release
  • 193f289 Update AUTHORS.txt
  • 63c3709 Merge pull request #13876 from sbidoul/install-from-pylock-reqs-sbi
  • e5fe702 Merge pull request #13949 from pypa/revert-13888-resolver-editable-links
  • 122a14a Revert "Allow editable installs to satisfy direct-URL dependencies (#13888)"
  • c335252 -r pylock.toml: add pip-wheel -r pylock.toml test
  • ba2fc12 -r pylock.toml: proper error with remote pylock.toml containing directory ent...
  • 747c4ae Merge pull request #13948 from ichard26/reword-news
  • 3517841 -r pylock: refine filename pylock-ness test
  • 2f7ad8c -r pylock.toml: fix crash with pip wheel and pip lock
  • Additional commits viewable in compare view

Updates psycopg2-binary from 2.9.11 to 2.9.12

Changelog

Sourced from psycopg2-binary's changelog.

Current release

What's new in psycopg 2.9.12 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Fix infinite loop with malformed interval (:ticket:1835).

What's new in psycopg 2.9.11 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Add support for Python 3.14.
  • Avoid a segfault passing more arguments than placeholders if Python is built with assertions enabled (:ticket:[#1791](https://github.com/psycopg/psycopg2/issues/1791)).
  • Add riscv64 platform binary packages (:ticket:[#1813](https://github.com/psycopg/psycopg2/issues/1813)).
  • ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 18.
  • Drop support for Python 3.8.

What's new in psycopg 2.9.10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Add support for Python 3.13.
  • Receive notifications on commit (:ticket:[#1728](https://github.com/psycopg/psycopg2/issues/1728)).
  • ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 17.
  • Drop support for Python 3.7.

What's new in psycopg 2.9.9 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Add support for Python 3.12.
  • Drop support for Python 3.6.

What's new in psycopg 2.9.8 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Wheel package bundled with PostgreSQL 16 libpq in order to add support for recent features, such as sslcertmode.

What's new in psycopg 2.9.7 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Fix propagation of exceptions raised during module initialization (:ticket:[#1598](https://github.com/psycopg/psycopg2/issues/1598)).

... (truncated)

Commits
  • 3a6d9d6 ci: include almalinux in whieel building
  • ebca6bf chore: bump to version 3.9.12
  • 0196f02 build(deps): bump pypa/cibuildwheel from 3.3.1 to 3.4.0
  • d157bdc build(deps): bump docker/setup-qemu-action from 3 to 4
  • 7fccc0f build(deps): bump actions/upload-artifact from 6 to 7
  • d52a61e chore: bump dependency libraries
  • b231d72 chore: fix building binary images
  • 6d76e84 Merge pull request #1836 from psycopg/fix-1835
  • f7e314c fix: overflow in malformed interval
  • eb905c1 docs: replace bare except clause with except Exception
  • Additional commits viewable in compare view

Updates ruff from 0.15.11 to 0.15.12

Release notes

Sourced from ruff's releases.

0.15.12

Release Notes

Released on 2026-04-24.

Preview features

  • Implement #ruff:file-ignore file-level suppressions (#23599)
  • Implement #ruff:ignore logical-line suppressions (#23404)
  • Revert preview changes to displayed diagnostic severity in LSP (#24789)
  • [airflow] Implement task-branch-as-short-circuit (AIR004) (#23579)
  • [flake8-bugbear] Fix break/continue handling in loop-iterator-mutation (B909) (#24440)
  • [pylint] Fix PLC2701 for type parameter scopes (#24576)

Rule changes

  • [pandas-vet] Suggest .array as well in PD011 (#24805)

CLI

  • Respect default Unix permissions for cache files (#24794)

Documentation

  • [pylint] Fix PLR0124 description not to claim self-comparison always returns the same value (#24749)
  • [pyupgrade] Expand docs on reusable TypeVars and scoping (UP046) (#24153)
  • Improve rules table accessibility (#24711)

Contributors

Install ruff 0.15.12

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.12/ruff-installer.sh | sh

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.12

Released on 2026-04-24.

Preview features

  • Implement #ruff:file-ignore file-level suppressions (#23599)
  • Implement #ruff:ignore logical-line suppressions (#23404)
  • Revert preview changes to displayed diagnostic severity in LSP (#24789)
  • [airflow] Implement task-branch-as-short-circuit (AIR004) (#23579)
  • [flake8-bugbear] Fix break/continue handling in loop-iterator-mutation (B909) (#24440)
  • [pylint] Fix PLC2701 for type parameter scopes (#24576)

Rule changes

  • [pandas-vet] Suggest .array as well in PD011 (#24805)

CLI

  • Respect default Unix permissions for cache files (#24794)

Documentation

  • [pylint] Fix PLR0124 description not to claim self-comparison always returns the same value (#24749)
  • [pyupgrade] Expand docs on reusable TypeVars and scoping (UP046) (#24153)
  • Improve rules table accessibility (#24711)

Contributors

Commits
  • 66f93cf Bump 0.15.12 (#24815)
  • 476a4d0 [ty] Complete support for more detailed diagnostics on possibly unbound error...
  • ed669ea Implement #ruff:file-ignore file-level suppressions (#23599)
  • e73d952 [ty] Include inferred type in invalid-key concise diagnostic for union/inte...
  • 80feb29 [ty] report only dead annotation-only locals as unused (#24811)
  • 0fbf2bc Drop deprecated license classifier (#24808)
  • 43b174c [ty] Infer lambda parameter types with Callable type context (#24317)
  • 4f449ae [ty] Add error context for intersection types (#24772)
  • 5b4e753 [ty] Add support for goto in literal enum member inlay hint (#24792)
  • e7cc762 [ty] Add error context for TypedDict assignments (#24790)
  • Additional commits viewable in compare view

Updates wheel from 0.46.3 to 0.47.0

Release notes

Sourced from wheel's releases.

0.47.0

  • Added the wheel info subcommand to display metadata about wheel files without unpacking them (#639)
  • Fixed WheelFile raising Missing RECORD file when the wheel filename contains uppercase characters (e.g. Django-3.2.5.whl) but the .dist-info directory inside uses normalized lowercase naming (#411)
Changelog

Sourced from wheel's changelog.

Release Notes

0.47.0 (2026-04-22)

  • Added the wheel info subcommand to display metadata about wheel files without unpacking them ([#639](https://github.com/pypa/wheel/issues/639) <https://github.com/pypa/wheel/issues/639>_)
  • Fixed WheelFile raising Missing RECORD file when the wheel filename contains uppercase characters (e.g. Django-3.2.5.whl) but the .dist-info directory inside uses normalized lowercase naming ([#411](https://github.com/pypa/wheel/issues/411) <https://github.com/pypa/wheel/issues/411>_)

0.46.3 (2026-01-22)

  • Fixed ImportError: cannot import name '_setuptools_logging' from 'wheel' when installed alongside an old version of setuptools and running the bdist_wheel command ([#676](https://github.com/pypa/wheel/issues/676) <https://github.com/pypa/wheel/issues/676>_)

0.46.2 (2026-01-22)

  • Restored the bdist_wheel command for compatibility with setuptools older than v70.1
  • Importing wheel.bdist_wheel now emits a FutureWarning instead of a DeprecationWarning
  • Fixed wheel unpack potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)

0.46.1 (2025-04-08)

  • Temporarily restored the wheel.macosx_libfile module ([#659](https://github.com/pypa/wheel/issues/659) <https://github.com/pypa/wheel/issues/659>_)

0.46.0 (2025-04-03)

  • Dropped support for Python 3.8
  • Removed the bdist_wheel setuptools command implementation and entry point. The wheel.bdist_wheel module is now just an alias to setuptools.command.bdist_wheel, emitting a deprecation warning on import.
  • Removed vendored packaging in favor of a run-time dependency on it
  • Made the wheel.metadata module private (with a deprecation warning if it's imported
  • Made the wheel.cli package private (no deprecation warning)
  • Fixed an exception when calling the convert command with an empty description field

0.45.1 (2024-11-23)

  • Fixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name

... (truncated)

Commits
  • efd83a7 Created a new release
  • bb69216 Reordered the changelog entries
  • d5a1763 fix(wheelfile): resolve .dist-info path case-insensitively when reading wheel...
  • 5718957 [pre-commit.ci] pre-commit autoupdate (#685)
  • 6258068 chore: log_level is better than log_cli_level (#684)
  • 2975deb Require tox >= 4.22
  • 47674ba chore: add check-sdist to checks (#681)
  • 56223f6 __package____spec__.parent (#679)
  • 0ce509e Added the wheel info subcommand (#669)
  • 39039c0 Improved the index page
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps-dev): bump the python-django group
4590459 
Bumps the python-django group in /python/django with 4 updates: [pip](https://github.com/pypa/pip), [psycopg2-binary](https://github.com/psycopg/psycopg2), [ruff](https://github.com/astral-sh/ruff) and [wheel](https://github.com/pypa/wheel).


Updates `pip` from 26.0.1 to 26.1
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](pypa/pip@26.0.1...26.1)

Updates `psycopg2-binary` from 2.9.11 to 2.9.12
- [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS)
- [Commits](psycopg/psycopg2@2.9.11...2.9.12)

Updates `ruff` from 0.15.11 to 0.15.12
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.11...0.15.12)

Updates `wheel` from 0.46.3 to 0.47.0
- [Release notes](https://github.com/pypa/wheel/releases)
- [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst)
- [Commits](pypa/wheel@0.46.3...0.47.0)

---
updated-dependencies:
- dependency-name: pip
  dependency-version: '26.1'
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-django
- dependency-name: psycopg2-binary
  dependency-version: 2.9.12
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-django
- dependency-name: ruff
  dependency-version: 0.15.12
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-django
- dependency-name: wheel
  dependency-version: 0.47.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-django
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 27, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 27, 2026 01:13
@dependabot dependabot Bot added the python:uv Pull requests that update python:uv code label Apr 27, 2026
@github-actions github-actions Bot enabled auto-merge (squash) April 27, 2026 01:13
@github-actions github-actions Bot merged commit aa10ce4 into main Apr 27, 2026
32 checks passed
@dependabot dependabot Bot deleted the dependabot/uv/python/django/python-django-75c0baedaf branch April 27, 2026 01:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants