Skip to content

Bump the python-major group across 1 directory with 4 updates#33

Merged
arajkovic merged 1 commit into
mainfrom
dependabot/uv/main/python-major-d5c2a3d6ae
May 22, 2026
Merged

Bump the python-major group across 1 directory with 4 updates#33
arajkovic merged 1 commit into
mainfrom
dependabot/uv/main/python-major-d5c2a3d6ae

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 22, 2026

Bumps the python-major group with 4 updates in the / directory: dj-database-url, django-treebeard, gunicorn and pytest.

Updates dj-database-url from 2.3.0 to 3.1.2

Release notes

Sourced from dj-database-url's releases.

v3.1.2

What's Changed

New Contributors

Full Changelog: jazzband/dj-database-url@v3.1.1...v3.1.2

v3.1.1

What's Changed

New Contributors

Full Changelog: jazzband/dj-database-url@v3.1.0...v3.1.1

v3.1.0

What's Changed

New Contributors

Full Changelog: jazzband/dj-database-url@v3.0.1...v3.1.0

v3.0.1

What's Changed

Full Changelog: jazzband/dj-database-url@v3.0.0...v3.0.1

v3.0.0

... (truncated)

Changelog

Sourced from dj-database-url's changelog.

CHANGELOG

v3.1.0 (2026-01-03)

  • Add support for Django 6.0
  • Update CI structure.
  • Migrate to UV for dependency management and builds.
  • Python >3.10 support.

v3.0.1 (2025-07-01)

  • Drop dependency on typing_extensions.

v3.0.0 (2025-05-18)

Bumping to version 3; changes to code do break some API compatibility.

  • Implement a new decorator registry pattern to implement checks on database connection string.
  • You can now support and implement your own database strings by extending the @​register functionality.
  • Update supported python versions and django versions.
Commits
  • e77149f [pre-commit.ci] pre-commit autoupdate (#297)
  • 6beffe6 Fix a regression in adding tests/ dir to source package
  • f9c3130 Bump wheel from 0.45.1 to 0.46.2 (#296)
  • 5337838 Bump urllib3 from 2.6.2 to 2.6.3 (#295)
  • 6fc3664 Bump django from 5.2.9 to 5.2.11 (#294)
  • 19805c9 Bump cryptography from 46.0.3 to 46.0.5 (#293)
  • 1b102cd Update project URLs in pyproject.toml
  • e41afda [pre-commit.ci] pre-commit autoupdate (#291)
  • dba6077 Update .pre-commit-config.yaml to use pinned version numbers. (#289)
  • e6f4ccc Add pytest to dependencies
  • Additional commits viewable in compare view

Updates django-treebeard from 4.8.0 to 5.1.0

Changelog

Sourced from django-treebeard's changelog.

Release 5.1.0 (May 12, 2026)

Treebeard 5.1.0 is a bugfix release.

  • Fixed add_child and add_sibling behaviour for inherited models using NS_Node.
  • Improved query efficiency for AL Trees, for several query operations.
  • Added a parent param to MP_Node.find_problems to allow inspecting only a portion of a tree.
  • Added a find_problems method to NS_Node to identify issues with nested sets.
  • Made license notices for code adapted from third party libraries explicit.

Release 5.0.5 (Feb 19, 2026)

Treebeard 5.0.5 is a bugfix release.

  • Reverted change to lock root nodes when adding a new root, which had unwanted performance implications.

Release 5.0.4 (Feb 19, 2026)

Treebeard 5.0.4 is a bugfix release.

  • Fixed TypeError when adding root nodes for MP and LT trees with node_order_by set.

Release 5.0.3 (Feb 18, 2026)

Treebeard 5.0.3 is a bugfix release.

  • Added row locks to prevent potential race conditions when concurrently calling add_child() on the same node, or when concurrently adding root nodes.

Release 5.0.2 (Feb 13, 2026)

Treebeard 5.0.2 is a bugfix release.

  • MP and NS nodes are refreshed from the database after a move, for a better developer experience. Previously it was left to the developer to refresh manually if they needed to use the node, and this was the source of numerous issues.
  • Fixed handling of reverse ordering in node_order_by.
  • Fixed handling of inherited models in TreeAdmin.
  • Fixed adding root nodes for inherited models.
  • Handled null values of fields specified in node_order_by more gracefully: ignore the field for the purpose of ordering and log a warning to indicate that the value likely needs to be

... (truncated)

Commits
  • dded7b5 Bump to version 5.1.0
  • 09838ab Add a helper function to assert that find_problems returns no problems
  • aabd9df Performance optimisations for NS_Node.find_problems
  • 9e9383f Fix NS_Node.add_child and add_sibling on inherited models
  • f30ef0e Add a find_problems method for NS_Node
  • 8bf7a14 fix: fixing french typos and semantic errors
  • cf81dca Add license notices for code adapted from third party libs
  • 677e671 Fix versions in documentation being out of sync with package
  • 9008148 Add an optional parent param to find_problems.
  • 0847f5c chore: add project urls to package metadata
  • Additional commits viewable in compare view

Updates gunicorn from 23.0.0 to 26.0.0

Release notes

Sourced from gunicorn's releases.

26.0.0

Breaking Changes

  • Eventlet worker removed: The eventlet worker class has been dropped. Migrate to gevent, gthread, or tornado.

New Features

  • ASGI Framework Compatibility Suite: New end-to-end compatibility test harness covering Starlette, FastAPI, Litestar, Quart, Sanic, and BlackSheep. Current grid passes 438/444 tests (98%).
  • ASGI Test Suite Expansion: 134 additional ASGI unit tests covering protocol semantics, lifespan, websockets, and chunked framing.

Security

  • HTTP/1.1 Request-Target Validation (RFC 9112 sections 3.2.3, 3.2.4):
    • Reject authority-form request-target outside CONNECT
    • Reject asterisk-form request-target outside OPTIONS
    • Reject relative-reference request-targets
  • Header Field Hardening (RFC 9110):
    • Reject control characters in header field-value (section 5.5)
    • Reject forbidden trailer field-names (section 6.5.1)
    • Reject Content-Length list form (RFC 9112 section 6.3)
  • Request Smuggling Hardening:
    • Tighten keepalive gate and scope finish_body byte cap
    • Keep _body_receiver alive across the keepalive smuggling gate so pipelined requests cannot re-enter a closed body
    • Address parser/protocol findings from a six-point WSGI/ASGI audit
  • PROXY Protocol (ASGI): Enforce proxy_allow_ips and tighten v1/v2 parsing in the ASGI callback parser.
  • Connection Draining: Drain the connection on close per RFC 9112 section 9.6 to prevent reset-on-close truncation.

Bug Fixes

  • Body Framing on HEAD/204/304:
    • Keep Content-Length on HEAD and 304 responses (#3621)
    • Drop body framing on HEAD/204/304 even when the framework set it
    • Warn once when an ASGI app emits a body for a no-body response
  • HTTP/2 ASGI:
    • Fix _handle_stream_ended to set _body_complete in the async HTTP/2 handler so request bodies finalize correctly on stream end
    • Add InvalidChunkExtension mapping and fast-parser support in ASGI tests (#3565)
  • HTTP/1.1 100-Continue: Stop adding Transfer-Encoding: chunked to 100-Continue interim responses.
  • WebSocket Close Handshake (RFC 6455):
    • Comply with the close handshake state machine
    • Close the transport after the close handshake completes
    • Fix binary send when the text key is None
  • Early Hints: Validate headers in the early_hints callback to match process_headers; pass only the header name to InvalidHeader (#3588).
  • ASGI Framework Fixes:
    • Fix ASGI disconnect handling for Django-style apps
    • Fix Litestar request handling (use raw ASGI receive for body/headers)
    • Fix Litestar HTTP endpoints for compatibility tests
    • Fix Quart headers endpoint to normalize keys to lowercase
    • Fix Quart WebSocket close test app (missing accept())
    • Fix duplicate Transfer-Encoding header for BlackSheep streaming

... (truncated)

Commits
  • 5d819cf release: 26.0.0
  • b45c70d Merge pull request #3611 from zc-mattcen/docs-typo
  • 99c8d48 Merge pull request #3623 from benoitc/chore/drop-eventlet-add-h2-uvloop-test-...
  • 5a655af Merge pull request #3622 from benoitc/test/docker-port-and-ipv4-fixes
  • 201df19 chore: remove eventlet worker; add h2 and uvloop to test deps
  • f4ac8e1 test: pass action name to dirty client and stabilize after TTOU spam
  • 54d38af test: unblock docker fixtures on macOS hosts
  • 68843c8 Merge pull request #3621 from benoitc/fix/asgi-preserve-content-length-on-hea...
  • 31f2618 Merge pull request #3620 from benoitc/fix/asgi-proxy-protocol-trust-and-parsing
  • 41ec752 fix: keep Content-Length on HEAD and 304 responses
  • Additional commits viewable in compare view

Updates pytest from 8.4.2 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

  • #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

  • #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

    Previously this resulted in an internal assertion failure during plugin loading.

    Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

  • #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

  • #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

  • #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

  • #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
  • #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
  • #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
  • #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

  • #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

    -- by aleguy02

9.0.2

pytest 9.0.2 (2025-12-06)

Bug fixes

  • #13896: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.

    You may enable it again by passing -p terminalprogress. We may enable it by default again once compatibility improves in the future.

    Additionally, when the environment variable TERM is dumb, the escape codes are no longer emitted, even if the plugin is enabled.

  • #13904: Fixed the TOML type of the tmp_path_retention_count settings in the API reference from number to string.

  • #13946: The private config.inicfg attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the python-major group across 1 directory with 4 updates
51b2469 
Bumps the python-major group with 4 updates in the / directory: [dj-database-url](https://github.com/jazzband/dj-database-url), [django-treebeard](https://github.com/django-treebeard/django-treebeard), [gunicorn](https://github.com/benoitc/gunicorn) and [pytest](https://github.com/pytest-dev/pytest).


Updates `dj-database-url` from 2.3.0 to 3.1.2
- [Release notes](https://github.com/jazzband/dj-database-url/releases)
- [Changelog](https://github.com/jazzband/dj-database-url/blob/master/CHANGELOG.md)
- [Commits](jazzband/dj-database-url@v2.3.0...v3.1.2)

Updates `django-treebeard` from 4.8.0 to 5.1.0
- [Changelog](https://github.com/django-treebeard/django-treebeard/blob/master/CHANGES.md)
- [Commits](django-treebeard/django-treebeard@4.8.0...5.1.0)

Updates `gunicorn` from 23.0.0 to 26.0.0
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](benoitc/gunicorn@23.0.0...26.0.0)

Updates `pytest` from 8.4.2 to 9.0.3
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@8.4.2...9.0.3)

---
updated-dependencies:
- dependency-name: dj-database-url
  dependency-version: 3.1.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-major
- dependency-name: django-treebeard
  dependency-version: 5.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-major
- dependency-name: gunicorn
  dependency-version: 26.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python-major
- dependency-name: pytest
  dependency-version: 9.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: python-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 22, 2026
@arajkovic arajkovic self-requested a review May 22, 2026 10:44
@arajkovic arajkovic merged commit ed1092c into main May 22, 2026
2 checks passed
@arajkovic arajkovic deleted the dependabot/uv/main/python-major-d5c2a3d6ae branch May 22, 2026 10:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arajkovic arajkovic arajkovic approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@arajkovic