Skip to content

build(deps): bump the pip group across 1 directory with 10 updates#2

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/backend/uclapi/pip-2f12f11dd9
Open

build(deps): bump the pip group across 1 directory with 10 updates#2
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/backend/uclapi/pip-2f12f11dd9

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Sep 4, 2025

Bumps the pip group with 10 updates in the /backend/uclapi directory:

Package From To
django 3.2.23 4.2.22
deepdiff 6.3.1 8.6.1
djangorestframework 3.14.0 3.15.2
dnspython 2.4.2 2.7.0
eventlet 0.33.3 0.40.3
gunicorn 21.2.0 23.0.0
python-jose 3.3.0 3.4.0
requests 2.32.2 2.32.4
tqdm 4.65.0 4.66.3
cryptography 43.0.1 44.0.1

Updates django from 3.2.23 to 4.2.22

Commits
  • 7275cc5 [4.2.x] Bumped version for 4.2.22 release.
  • ac03c5e [4.2.x] Fixed CVE-2025-48432 -- Escaped formatting arguments in `log_response...
  • c62f4ee [4.2.x] Added stub release notes and release date for 4.2.22.
  • c5b4263 [4.2.x] Fixed #36402, Refs #35980 -- Updated built package name in reusable a...
  • 32fd8de [4.2.x] Added helpers in csrf_tests and logging_tests to assert logs from `lo...
  • acbe655 [4.2.x] Refs #26688 -- Added tests for log_response() internal helper.
  • dc365ca [4.2.x] Refs #35980 -- Added release note about changes in release artifacts ...
  • c454afb [4.2.x] Removed "Expected" from release date for 4.2.21.
  • 5b29315 [4.2.x] Cleaned up CVE-2025-32873 security archive description.
  • 0d54958 [4.2.x] Added CVE-2025-32873 to security archive.
  • Additional commits viewable in compare view

Updates deepdiff from 6.3.1 to 8.6.1

Release notes

Sourced from deepdiff's releases.

8.5.0

  • Updating deprecated pydantic calls
  • Switching to pyproject.toml
  • Fix for moving nested tables when using iterable_compare_func. by
  • Fix recursion depth limit when hashing numpy.datetime64
  • Moving from legacy setuptools use to pyproject.toml

8.4.1

  • pytz is not required.

8.4.0

  • Adding BaseOperatorPlus base class for custom operators
  • default_timezone can be passed now to set your default timezone to something other than UTC.
  • New summarization algorithm that produces valid json
  • Better type hint support

8.1.1

Adding Python 3.13 to setup.py

8.1.0

  • Removing deprecated lines from setup.py
  • Added prefix option to pretty()
  • Fixes hashing of numpy boolean values.
  • Fixes slots comparison when the attribute doesn't exist.
  • Relaxing orderly-set reqs
  • Added Python 3.13 support
  • Only lower if clean_key is instance of str #504
  • Fixes issue where the key deep_distance is not returned when both compared items are equal #510
  • Fixes exclude_paths fails to work in certain cases
  • exclude_paths fails to work #509
  • Fixes to_json() method chokes on standard json.dumps() kwargs such as sort_keys
  • to_dict() method chokes on standard json.dumps() kwargs #490
  • Fixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty
  • Fixes accessing the affected_root_keys property on the diff object returned by DeepDiff fails when one of the dicts is empty #508

8.0.1 - extra import of numpy is removed

8.0.0

With the introduction of threshold_to_diff_deeper, the values returned are different than in previous versions of DeepDiff. You can still get the older values by setting threshold_to_diff_deeper=0. However to signify that enough has changed in this release that the users need to update the parameters passed to DeepDiff, we will be doing a major version update.

  • use_enum_value=True makes it so when diffing enum, we use the enum's value. It makes it so comparing an enum to a string or any other value is not reported as a type change.
  • threshold_to_diff_deeper=float is a number between 0 and 1. When comparing dictionaries that have a small intersection of keys, we will report the dictionary as a new_value instead of reporting individual keys changed. If you set it to zero, you get the same results as DeepDiff 7.0.1 and earlier, which means this feature is disabled. The new default is 0.33 which means if less that one third of keys between dictionaries intersect, report it as a new object.
  • Deprecated ordered-set and switched to orderly-set. The ordered-set package was not being maintained anymore and starting Python 3.6, there were better options for sets that ordered. I forked one of the new implementations, modified it, and published it as orderly-set.
  • Added use_log_scale:bool and log_scale_similarity_threshold:float. They can be used to ignore small changes in numbers by comparing their differences in logarithmic space. This is different than ignoring the difference based on significant digits.
  • json serialization of reversed lists.
  • Fix for iterable moved items when iterable_compare_func is used.
  • Pandas and Polars support.

7.0.1

  • When verbose=2, return new_path when the path and new_path are different (for example when ignore_order=True and the index of items have changed).

... (truncated)

Commits

Updates djangorestframework from 3.14.0 to 3.15.2

Release notes

Sourced from djangorestframework's releases.

3.15.2

What's Changed

New Contributors

Full Changelog: encode/django-rest-framework@3.15.1...3.15.2

Version 3.15.1

What's Changed

New Contributors

... (truncated)

Commits
  • c7a7eae Version 3.15.2 (#9439)
  • 3b41f01 Fix potential XSS vulnerability in break_long_headers template filter (#9435)
  • fe92f0d Add __hash__ method for permissions.OperandHolder class (#9417)
  • fbdab09 docs: Correct some evaluation results and a httpie option in Tutorial1 (#9421)
  • 36d5c0e tests: Check urlpatterns after cleanups (#9400)
  • 9d4ed05 Don't use Windows line endings
  • b34bde4 Fix typo in setup.cfg setting
  • ab681f2 Update requirements in docs
  • 2237724 bump pygments (security hygiene)
  • d58b8da Update deprecation hints
  • Additional commits viewable in compare view

Updates dnspython from 2.4.2 to 2.7.0

Release notes

Sourced from dnspython's releases.

dnspython 2.7.0

See What's New for details.

The minimum supported version of Python is 3.9.

My thanks to the many people who have contributed to this release. Also thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

dnspython 2.6.1

See What's New for details.

This is a bug fix release for 2.6.0 where the "TuDoor" fix erroneously suppressed legitimate Truncated exceptions. This caused the stub resolver to timeout instead of failing over to TCP when a legitimate truncated response was received over UDP.

This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

dnspython 2.6.0

See What's New for details.

This release addresses the potential DoS issue discussed in the "TuDoor" paper (CVE-2023-29483). The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or give up entirely, possibly denying service for that resolution. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired.

Thank you to all the contributors to this release, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

dnspython 2.5.0

See the What's New page for a summary of this release.

Thanks to all the contributors, and, as usual, thanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

Changelog

Sourced from dnspython's changelog.

2.7.0

  • dns.query.https() and dns.asyncquery.https() now support HTTP/3 and the http_version parameter may be used to specify which version to use.

  • If the cryptography module is installed, then dnspython will now create deterministic ECDSA signatures by default. Cryptography, if installed, must be at least version 43. Thanks to Jakob Schlyter for adding the feature.

  • The RESINFO and WALLET RdataTypes are now supported.

  • The COOKIE and Report-Channel EDNS0 options are now supported.

  • All supported RdataTypes can now be imported at a single time rather than lazily on first use by calling dns.rdata.load_all_types().

  • The SVCB and HTTPS records now support the ohttp parameter.

  • xfr() and inbound_xfr() now share a common implementation.

  • Tokens are now supported for QUIC and HTTP/3.

  • dns.message.from_wire() now saves the input wire format in the Message's "wire" attribute. Likewise, dns.message.Message.to_wire() now records the generated wire format in that attribute.

  • The dns.message.Message object now has a get_options() helper to retrieve EDNS0 options of a specified type, and an extended_errors() helper to retrieve the list of EDE options in a message (if any).

  • dns.message.make_response() now has a copy mode which controls how sections are copied. By default, a copy mode appropriate for the opcode is used. This is currently dns.message.CopyMode.QUESTION for all opcodes.

  • If an IP address is used as the hostname in a URL, the https query code now passes the sni_hostname to httpx as this is required to get httpx to validate the certificate and check for an IP subject alternative name.

  • The minimum supported aioquic version is now 1.0.0.

  • The minimum supported Python version is now 3.9.

2.6.1

  • The Tudoor fix ate legitimate Truncated exceptions, preventing the resolver from failing over to TCP and causing the query to timeout #1053.

2.6.0

... (truncated)

Commits

Updates eventlet from 0.33.3 to 0.40.3

Changelog

Sourced from eventlet's changelog.

0.40.3

  • [SECURITY] Fix request smuggling vulnerability by discarding trailers (#1062)

0.40.2

  • Fix compatibility issues identified with Python 3.14 on Linux (#1058)
  • Make database removal safer with IF EXISTS (#1056)
  • Prepare jobs and CI/CD for python 3.14 (#1055)

0.40.1

  • [fix] "Fix" fork() so it "works" on Python 3.13, and "works" better on older Python versions (#1047)
    • Behavior change: threads created by eventlet.green.threading.Thread and threading.Thead will be visible across both modules if monkey patching was used. Previously each module would only list threads created in that module.
    • Bug fix: after fork(), greenlet threads are correctly listed in threading.enumerate() if monkey patching was used. You should not use fork()-without-execve().
  • [fix] Fix patching of removed URLopener class in Python 3.14 (#1053)
  • [fix] ReferenceError except while count rlock (#1042)
  • [fix] Replace deprecated datetime.utcfromtimestamp (#1050)
  • [fix][env] Remove duplicate steps (#1049)
  • [fix] Replace deprecated datetime.datetime.utcnow (#1046)

0.40.0

  • [fix] Fix ssl test when linking against openssl 3.5 (#1034)
  • Drop support Python 3.8 (#1021)
  • [doc] Various doc updates (#981, #1033)
  • [env] Drop PyPy support (#1035 #1037)

0.39.1

  • [fix] Make LightQueue and derivatives subscriptable (#1027)

0.39.0

  • [fix] Remove monotonic from requirements (#1018)
  • [fix] wsgi: Clean up some override logic (#999)
  • [fix] Correct line lookup from inspect.getsourcelines() (#990)
  • Drop support of Python 3.7 (#967)
  • [fix] Calling eventlet.sleep(0) isn't really blocking, so don't blow up (#1015)

0.38.2

... (truncated)

Commits
  • b0d9133 Update changelog for version 0.40.3 (#1064)
  • 0bfebd1 [SECURITY] Fix request smuggling vulnerability by discarding trailers (#1062)
  • e073b83 Update changelog for version 0.40.2 (#1060)
  • 06d9572 Fix tests on Python 3.14 on Linux (#1058)
  • d4d5b8f Make database removal safer with IF EXISTS (#1056)
  • 2f217ca Prepare jobs and CI/CD for python 3.14 (#1055)
  • d1e7a94 Update changelog for version 0.40.1 (#1052)
  • 6e9c034 Fix patching of removed URLopener class in Python 3.14 (#1053)
  • e470c1f Handle ReferenceError except while count rlock (#1042)
  • a4dcd4d "Fix" fork() so it "works" on Python 3.13, and "works" better on older Python...
  • Additional commits viewable in compare view

Updates gunicorn from 21.2.0 to 23.0.0

Release notes

Sourced from gunicorn's releases.

23.0.0

Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and which improve safety

You're invited to upgrade asap your own installation.

23.0.0 - 2024-08-10

  • minor docs fixes (:pr:3217, :pr:3089, :pr:3167)
  • worker_class parameter accepts a class (:pr:3079)
  • fix deadlock if request terminated during chunked parsing (:pr:2688)
  • permit receiving Transfer-Encodings: compress, deflate, gzip (:pr:3261)
  • permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:3261)
  • sdist generation now explicitly excludes sphinx build folder (:pr:3257)
  • decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising TypeError (:pr:2336)
  • raise correct Exception when encounting invalid chunked requests (:pr:3258)
  • the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:3192)
  • include IPv6 loopback address [::1] in default for :ref:forwarded-allow-ips and :ref:proxy-allow-ips (:pr:3192)

** NOTE **

  • The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release
  • Review your :ref:forwarded-allow-ips setting if you are still not seeing the SCRIPT_NAME transmitted
  • Review your :ref:forwarder-headers setting if you are missing headers after upgrading from a version prior to 22.0.0

** Breaking changes **

  • refuse requests where the uri field is empty (:pr:3255)
  • refuse requests with invalid CR/LR/NUL in heade field values (:pr:3253)
  • remove temporary --tolerate-dangerous-framing switch from 22.0 (:pr:3260)
  • If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies.

Fix CVE-2024-1135

Gunicorn 22.0 has been released

Gunicorn 22.0.0 has been released. This version fix the numerous security vulnerabilities. You're invited to upgrade asap your own installation.

Changes:

22.0.0 - 2024-04-17
===================

    

  • use utime to notify workers liveness
    • 

  • migrate setup to pyproject.toml
    • 

  • fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
    • 

  • parsing additional requests is no longer attempted past unsupported request framing
    • 

  • on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
    • 

  • requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
    • 

  • Trailer fields are no longer inspected for headers indicating secure scheme
</tr></table>

... (truncated)

Commits
  • 411986d fix doc
  • 334392e Merge pull request #2559 from laggardkernel/bugfix/reexec-env
  • e75c353 Merge pull request #3189 from pajod/patch-py36
  • 9357b28 keep document user in access_log_format setting
  • 79fdef0 bump to 23.0.0
  • 3acd9fb Merge pull request #2620 from talkerbox/improve-access-log-format-docs
  • 3f56d76 Merge pull request #3192 from pajod/patch-allowed-script-name
  • 256d474 docs: revert duped directive
  • ffa48b5 test: default change was intentional
  • 52538ca docs: recommend SCRIPT_NAME=/subfolder
  • Additional commits viewable in compare view

Updates python-jose from 3.3.0 to 3.4.0

Release notes

Sourced from python-jose's releases.

3.4.0

News

  • Remove support for Python 3.6 and 3.7
  • Added support for Python 3.10 and 3.11

Bug fixes and Improvements

  • Updating CryptographyAESKey::encrypt to generate 96 bit IVs for GCM block cipher mode
  • Fix for PEM key comparisons caused by line lengths and new lines
  • Fix for CVE-2024-33664 - JWE limited to 250KiB
  • Fix for CVE-2024-33663 - signing JWT with public key is now forbidden
  • Replace usage of deprecated datetime.utcnow() with datetime.now(UTC)

Housekeeping

  • Updated Github Actions Workflows
  • Updated to use tox 4.x
  • Revise codecov integration
  • Fixed DeprecationWarnings
Changelog

Sourced from python-jose's changelog.

3.4.0 -- 2025-02-14

News

  • Remove support for Python 3.6 and 3.7
  • Added support for Python 3.10 and 3.11

Bug fixes and Improvements

  • Updating CryptographyAESKey::encrypt to generate 96 bit IVs for GCM block cipher mode
  • Fix for PEM key comparisons caused by line lengths and new lines
  • Fix for CVE-2024-33664 - JWE limited to 250KiB
  • Fix for CVE-2024-33663 - signing JWT with public key is now forbidden
  • Replace usage of deprecated datetime.utcnow() with datetime.now(UTC)

Housekeeping

  • Updated Github Actions Workflows
  • Updated to use tox 4.x
  • Revise codecov integration
  • Fixed DeprecationWarnings
Commits

Updates requests from 2.32.2 to 2.32.4

Release notes

Sourced from requests's releases.

v2.32.4

2.32.4 (2025-06-10)

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.11 for Linux and macOS. (#6926)
  • Dropped support for pypy 3.9 following its end of support. (#6926)

v2.32.3

2.32.3 (2024-05-29)

Bugfixes

  • Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
  • Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)
Changelog

Sourced from requests's changelog.

2.32.4 (2025-06-10)

Security

  • CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

  • Numerous documentation improvements

Deprecations

  • Added support for pypy 3.11 for Linux and macOS.
  • Dropped support for pypy 3.9 following its end of support.

2.32.3 (2024-05-29)

Bugfixes

  • Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of HTTPAdapter. (#6716)
  • Fixed issue where Requests started failing to run on Python versions compiled without the ssl module. (#6724)
Commits
  • 021dc72 Polish up release tooling for last manual release
  • 821770e Bump version and add release notes for v2.32.4
  • 59f8aa2 Add netrc file search information to authentication documentation (#6876)
  • 5b4b64c Add more tests to prevent regression of CVE 2024 47081
  • 7bc4587 Add new test to check netrc auth leak (#6962)
  • 96ba401 Only use hostname to do netrc lookup instead of netloc
  • 7341690 Merge pull request #6951 from tswast/patch-1
  • 6716d7c remove links
  • a7e1c74 Update docs/conf.py
  • c799b81 docs: fix dead links to kenreitz.org
  • Additional commits viewable in compare view

Updates tqdm from 4.65.0 to 4.66.3

Release notes

Sourced from tqdm's releases.

tqdm v4.66.3 stable

tqdm v4.66.2 stable

  • pandas: add DataFrame.progress_map (#1549)
  • notebook: fix HTML padding (#1506)
  • keras: fix resuming training when verbose>=2 (#1508)
  • fix format_num negative fractions missing leading zero (#1548)
  • fix Python 3.12 DeprecationWarning on import (#1519)
  • linting: use f-strings (#1549)
  • update tests (#1549)
  • CI: bump actions (#1549)

tqdm v4.66.1 stable

  • fix utils.envwrap types (#1493 <- #1491, #1320 <- #966, #1319)
    • e.g. cloudwatch & kubernetes workaround: export TQDM_POSITION=-1
  • drop mentions of unsupported Python versions

tqdm v4.66.0 stable

  • environment variables to override defaults (TQDM_*) (#1491 <- #1061, #950 <- #614, #1318, #619, #612, #370)
    • e.g. in CI jobs, export TQDM_MININTERVAL=5 to avoid log spam
    • add tests & docs for tqdm.utils.envwrap
  • fix & update CLI completion
  • fix & update API docs
  • minor code tidy: replace os.path => pathlib.Path
  • fix docs image hosting
  • release with CI bot account again (cli/cli#6680)

tqdm v4.65.2 stable

  • exclude examples from distributed wheel (#1492)

tqdm v4.65.1 stable

  • migrate setup.{cfg,py} => pyproject.toml (#1490)
    • fix asv benchmarks
    • update docs
  • fix snap build (#1490)
  • fix & update tests (#1490)
    • fix flaky notebook tests
    • bump pre-commit
    • bump workflow actions
Commits

Updates cryptography from 43.0.1 to 44.0.1

Changelog

Sourced from cryptography's changelog.

44.0.1 - 2025-02-11


* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.1.
* We now build ``armv7l`` ``manylinux`` wheels and publish them to PyPI.
* We now build ``manylinux_2_34`` wheels and publish them to PyPI.

.. _v44-0-0:


44.0.0 - 2024-11-27

  • BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.9.
  • Deprecated Python 3.7 support. Python 3.7 is no longer supported by the Python core team. Support for Python 3.7 will be removed in a future cryptography release.
  • Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.0.
  • macOS wheels are now built against the macOS 10.13 SDK. Users on older versions of macOS should upgrade, or they will need to build cryptography themselves.
  • Enforce the :rfc:5280 requirement that extended key usage extensions must not be empty.
  • Added support for timestamp extraction to the :class:~cryptography.fernet.MultiFernet class.
  • Relax the Authority Key Identifier requirements on root CA certificates during X.509 verification to allow fields permitted by :rfc:5280 but forbidden by the CA/Browser BRs.
  • Added support for :class:~cryptography.hazmat.primitives.kdf.argon2.Argon2id when using OpenSSL 3.2.0+.
  • Added support for the :class:~cryptography.x509.Admissions certificate extension.
  • Added basic support for PKCS7 decryption (including S/MIME 3.2) via :func:~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der, :func:~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_pem, and :func:~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_smime.

.. _v43-0-3:

43.0.3 - 2024-10-18


* Fixed release metadata for ``cryptography-vectors``

.. _v43-0-2:


43.0.2 - 2024-10-18

  • Fixed compilation when using LibreSSL 4.0.0.

.. _v43-0-1:

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump the pip group across 1 directory with 10 updates
4e90625 
Bumps the pip group with 10 updates in the /backend/uclapi directory:

| Package | From | To |
| --- | --- | --- |
| [django](https://github.com/django/django) | `3.2.23` | `4.2.22` |
| [deepdiff](https://github.com/seperman/deepdiff) | `6.3.1` | `8.6.1` |
| [djangorestframework](https://github.com/encode/django-rest-framework) | `3.14.0` | `3.15.2` |
| [dnspython](https://github.com/rthalley/dnspython) | `2.4.2` | `2.7.0` |
| [eventlet](https://github.com/eventlet/eventlet) | `0.33.3` | `0.40.3` |
| [gunicorn](https://github.com/benoitc/gunicorn) | `21.2.0` | `23.0.0` |
| [python-jose](https://github.com/mpdavis/python-jose) | `3.3.0` | `3.4.0` |
| [requests](https://github.com/psf/requests) | `2.32.2` | `2.32.4` |
| [tqdm](https://github.com/tqdm/tqdm) | `4.65.0` | `4.66.3` |
| [cryptography](https://github.com/pyca/cryptography) | `43.0.1` | `44.0.1` |



Updates `django` from 3.2.23 to 4.2.22
- [Commits](django/django@3.2.23...4.2.22)

Updates `deepdiff` from 6.3.1 to 8.6.1
- [Release notes](https://github.com/seperman/deepdiff/releases)
- [Changelog](https://github.com/seperman/deepdiff/blob/master/docs/changelog.rst)
- [Commits](https://github.com/seperman/deepdiff/commits)

Updates `djangorestframework` from 3.14.0 to 3.15.2
- [Release notes](https://github.com/encode/django-rest-framework/releases)
- [Commits](encode/django-rest-framework@3.14.0...3.15.2)

Updates `dnspython` from 2.4.2 to 2.7.0
- [Release notes](https://github.com/rthalley/dnspython/releases)
- [Changelog](https://github.com/rthalley/dnspython/blob/main/doc/whatsnew.rst)
- [Commits](rthalley/dnspython@v2.4.2...v2.7.0)

Updates `eventlet` from 0.33.3 to 0.40.3
- [Changelog](https://github.com/eventlet/eventlet/blob/master/NEWS)
- [Commits](eventlet/eventlet@v0.33.3...0.40.3)

Updates `gunicorn` from 21.2.0 to 23.0.0
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](benoitc/gunicorn@21.2.0...23.0.0)

Updates `python-jose` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/mpdavis/python-jose/releases)
- [Changelog](https://github.com/mpdavis/python-jose/blob/master/CHANGELOG.md)
- [Commits](mpdavis/python-jose@3.3.0...3.4.0)

Updates `requests` from 2.32.2 to 2.32.4
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.2...v2.32.4)

Updates `tqdm` from 4.65.0 to 4.66.3
- [Release notes](https://github.com/tqdm/tqdm/releases)
- [Commits](tqdm/tqdm@v4.65.0...v4.66.3)

Updates `cryptography` from 43.0.1 to 44.0.1
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@43.0.1...44.0.1)

---
updated-dependencies:
- dependency-name: django
  dependency-version: 4.2.22
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: deepdiff
  dependency-version: 8.6.1
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: djangorestframework
  dependency-version: 3.15.2
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: dnspython
  dependency-version: 2.7.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: eventlet
  dependency-version: 0.40.3
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: gunicorn
  dependency-version: 23.0.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: python-jose
  dependency-version: 3.4.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: requests
  dependency-version: 2.32.4
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: tqdm
  dependency-version: 4.66.3
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: cryptography
  dependency-version: 44.0.1
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Sep 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants