chore(deps): Bump the dependencies group across 1 directory with 14 updates by dependabot[bot] · Pull Request #286 · Debakel/Dumpstermap

dependabot · 2026-05-01T06:53:19Z

Bumps the dependencies group with 13 updates in the / directory:

Package	From	To
psycopg2-binary	`2.9.11`	`2.9.12`
requests	`2.32.5`	`2.33.1`
gunicorn	`25.0.1`	`25.3.0`
dj-database-url	`3.1.0`	`3.1.2`
django-environ	`0.12.0`	`0.13.0`
pytest	`9.0.2`	`9.0.3`
pytest-django	`4.11.1`	`4.12.0`
python-dotenv	`1.2.1`	`1.2.2`
sentry-sdk	`2.51.0`	`2.58.0`
pytz	`2025.2`	`2026.1.post1`
whitenoise	`6.11.0`	`6.12.0`
geopandas	`1.1.2`	`1.1.3`
pre-commit	`4.5.1`	`4.6.0`

Updates psycopg2-binary from 2.9.11 to 2.9.12

Changelog

Sourced from psycopg2-binary's changelog.

Current release

What's new in psycopg 2.9.12 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Fix infinite loop with malformed interval (:ticket:1835).

What's new in psycopg 2.9.11 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Add support for Python 3.14.

Avoid a segfault passing more arguments than placeholders if Python is built with assertions enabled (:ticket:[#1791](https://github.com/psycopg/psycopg2/issues/1791)).

Add riscv64 platform binary packages (:ticket:[#1813](https://github.com/psycopg/psycopg2/issues/1813)).

~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 18.

Drop support for Python 3.8.

What's new in psycopg 2.9.10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Add support for Python 3.13.

Receive notifications on commit (:ticket:[#1728](https://github.com/psycopg/psycopg2/issues/1728)).

~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 17.

Drop support for Python 3.7.

What's new in psycopg 2.9.9 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

Add support for Python 3.12.

Drop support for Python 3.6.

What's new in psycopg 2.9.8 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

Wheel package bundled with PostgreSQL 16 libpq in order to add support for recent features, such as sslcertmode.

What's new in psycopg 2.9.7 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

Fix propagation of exceptions raised during module initialization (:ticket:[#1598](https://github.com/psycopg/psycopg2/issues/1598)).

... (truncated)

Commits

3a6d9d6 ci: include almalinux in whieel building
ebca6bf chore: bump to version 3.9.12
0196f02 build(deps): bump pypa/cibuildwheel from 3.3.1 to 3.4.0
d157bdc build(deps): bump docker/setup-qemu-action from 3 to 4
7fccc0f build(deps): bump actions/upload-artifact from 6 to 7
d52a61e chore: bump dependency libraries
b231d72 chore: fix building binary images
6d76e84 Merge pull request #1836 from psycopg/fix-1835
f7e314c fix: overflow in malformed interval
eb905c1 docs: replace bare except clause with except Exception
Additional commits viewable in compare view

Updates requests from 2.32.5 to 2.33.1

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)

Fixed Content-Type header parsing for malformed values. (#7309)

Improved error consistency for malformed header values. (#7308)

New Contributors

@ferdnyc made their first contribution in psf/requests#7277

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

v2.33.0

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

New Contributors

@M0d3v1 made their first contribution in psf/requests#6865

@aminvakil made their first contribution in psf/requests#7220

@E8Price made their first contribution in psf/requests#6960

@mitre88 made their first contribution in psf/requests#7244

@magsen made their first contribution in psf/requests#6553

@Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)

Fixed Content-Type header parsing for malformed values. (#7309)

Improved error consistency for malformed header values. (#7308)

2.33.0 (2026-03-25)

Announcements

📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

Various typo fixes and doc improvements.

Commits

111d2b7 v2.33.1
f0198e6 Fix malformed value parsing for Content-Type (#7309)
bc7dd0f Fix cosmetic header validity parsing regex (#7308)
4443b1a Fix unintended test extra (#7306)
389eea5 Cleanup extracted file after extract_zipped_path test (#7305)
7407309 Packaging: DRY out extras definition (#7277)
bc04dfd v2.33.0
66d21cb Merge commit from fork
8b9bc8f Move badges to top of README (#7293)
e331a28 Remove unused extraction call (#7292)
Additional commits viewable in compare view

Updates gunicorn from 25.0.1 to 25.3.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 25.3.0

Bug Fixes

HTTP/2 ASGI Body Duplication: Fix request body being received twice in HTTP/2 ASGI requests, causing JSON parsing errors with "Extra data" messages (#3558)

ASGI Chunked EOF Handling: Add finish() method to callback parser to handle chunked encoding edge case where connection closes before final CRLF after zero-chunk

HTTP/2 Documentation: Fix http_protocols examples to use comma-separated string instead of list syntax (#3561)

Chunked Encoding: Reject chunk extensions containing bare CR bytes per RFC 9112 (#3556)

Request Line Limit: Fix --limit-request-line 0 to mean unlimited as documented, instead of using default maximum. Works with both Python and fast C parser. (#3563)

Security

ASGI Parser Header Validation: Add security checks per RFC 9110/9112:

Reject duplicate Content-Length headers

Reject requests with both Content-Length and Transfer-Encoding

Reject chunked transfer encoding in HTTP/1.0

Reject stacked chunked encoding

Validate Transfer-Encoding values

Strict chunk size validation

Changes

Fast HTTP Parser: Update to gunicorn_h1c >= 0.6.3 for asgi_headers property and InvalidChunkExtension validation for bare CR rejection

ASGI PROXY Protocol: Add PROXY protocol v1/v2 support to callback parser

Docker Images: Update to Python 3.14

Gunicorn 25.2.0

New Features

Fast HTTP Parser (gunicorn_h1c 0.4.1): Integrate new exception types and limit parameters from gunicorn_h1c 0.4.1 for both WSGI and ASGI workers

Requires gunicorn_h1c >= 0.4.1 for http_parser='fast'

Falls back to Python parser in auto mode if version not met

Proper HTTP status codes for limit errors (414, 431)

Bug Fixes

uWSGI Async Workers: Fix InvalidUWSGIHeader: incomplete header error when using gevent or gthread workers with uwsgi protocol behind nginx. (#3552, [PR #3554](benoitc/gunicorn#3554))

... (truncated)

Commits

9bce72c Update changelog with missing 25.3.0 changes
2a15fdb Fix pylint isinstance-second-argument-not-valid-type warning
8d08aaa Fix --limit-request-line 0 to mean unlimited
d40a374 Fix pytest-asyncio configuration and treq_asgi hex escapes
da8bd48 Remove unused AsyncRequest class
b00f125 Integrate gunicorn_h1c 0.6.3 with InvalidChunkExtension support
bdb2ebd Reject chunk extensions with bare CR bytes (RFC 9112)
7057fc9 Fix http_protocols documentation to use string syntax
d43acb8 Update to gunicorn_h1c >= 0.6.2 for asgi_headers support
cbd27e8 Merge pull request #3559 from benleembruggen/fix/http2-asgi-body-duplication
Additional commits viewable in compare view

Updates dj-database-url from 3.1.0 to 3.1.2

Release notes

Sourced from dj-database-url's releases.

v3.1.2

What's Changed

Bump cryptography from 46.0.3 to 46.0.5 by @dependabot[bot] in jazzband/dj-database-url#293

Bump django from 5.2.9 to 5.2.11 by @dependabot[bot] in jazzband/dj-database-url#294

Bump urllib3 from 2.6.2 to 2.6.3 by @dependabot[bot] in jazzband/dj-database-url#295

Bump wheel from 0.45.1 to 0.46.2 by @dependabot[bot] in jazzband/dj-database-url#296

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jazzband/dj-database-url#297

New Contributors

@dependabot[bot] made their first contribution in jazzband/dj-database-url#293

Full Changelog: jazzband/dj-database-url@v3.1.1...v3.1.2

v3.1.1

What's Changed

Add tests directory to source distribution by @yohaann196 in jazzband/dj-database-url#285

Switch linting and formatting from flake8+isort+black to ruff; add typos to pre-commit; fix typos by @akx in jazzband/dj-database-url#281

Add project URLs to pyproject.toml by @luzfcb in jazzband/dj-database-url#287

Update .pre-commit-config.yaml to use pinned version numbers. by @mattseymour in jazzband/dj-database-url#289

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jazzband/dj-database-url#291

New Contributors

@yohaann196 made their first contribution in jazzband/dj-database-url#285

@luzfcb made their first contribution in jazzband/dj-database-url#287

Full Changelog: jazzband/dj-database-url@v3.1.0...v3.1.1

Changelog

Sourced from dj-database-url's changelog.

CHANGELOG

Commits

e77149f [pre-commit.ci] pre-commit autoupdate (#297)
6beffe6 Fix a regression in adding tests/ dir to source package
f9c3130 Bump wheel from 0.45.1 to 0.46.2 (#296)
5337838 Bump urllib3 from 2.6.2 to 2.6.3 (#295)
6fc3664 Bump django from 5.2.9 to 5.2.11 (#294)
19805c9 Bump cryptography from 46.0.3 to 46.0.5 (#293)
1b102cd Update project URLs in pyproject.toml
e41afda [pre-commit.ci] pre-commit autoupdate (#291)
dba6077 Update .pre-commit-config.yaml to use pinned version numbers. (#289)
e6f4ccc Add pytest to dependencies
Additional commits viewable in compare view

Updates django from 6.0.1 to 6.0.4

Commits

141e791 [6.0.x] Bumped version for 6.0.4 release.
393dbc5 [6.0.x] Fixed CVE-2026-33034 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE on body ...
0910af6 [6.0.x] Fixed CVE-2026-33033 -- Mitigated potential DoS in MultiPartParser.
428c48f [6.0.x] Fixed CVE-2026-4292 -- Disallowed instance creation via ModelAdmin.li...
08a752c [6.0.x] Fixed CVE-2026-4277 -- Checked add permissions in GenericInlineModelA...
a623c39 [6.0.x] Fixed CVE-2026-3902 -- Ignored headers with underscores in ASGIRequest.
ffc83c5 [6.0.x] Refs #36949 -- Removed hardcoded pks in modeladmin tests.
4eb38f6 [6.0.x] Fixed #36973 -- Made fields.E348 check detect further clashes between...
640c431 [6.0.x] Refs #36862 -- Reiterated security note on both variants of RemoteUse...
ea8e293 [6.0.x] Fixed #36949 -- Improved RelatedFieldWidgetWrapper <label>s.
Additional commits viewable in compare view

Updates django-environ from 0.12.0 to 0.13.0

Release notes

Sourced from django-environ's releases.

v0.13.0

v0.13.0_ - 18-February-2026

Added +++++

Added optional warnings when defaults are used [#582](https://github.com/joke2k/django-environ/issues/582) <https://github.com/joke2k/django-environ/pull/582>_.

Added choices argument support for value validation in Env.str(...) [#555](https://github.com/joke2k/django-environ/issues/555) <https://github.com/joke2k/django-environ/pull/555>_.

Added Valkey support via valkey:// and valkeys:// cache URL schemes [#554](https://github.com/joke2k/django-environ/issues/554) <https://github.com/joke2k/django-environ/pull/554>_.

Added support for rediss:// scheme in channels URL parsing [#573](https://github.com/joke2k/django-environ/issues/573) <https://github.com/joke2k/django-environ/pull/573>_.

Added django-prometheus database backend aliases to DB URL parsing schemes [#559](https://github.com/joke2k/django-environ/issues/559) <https://github.com/joke2k/django-environ/pull/559>_.

Changed +++++++

Declared support for Python 3.14 [#580](https://github.com/joke2k/django-environ/issues/580) <https://github.com/joke2k/django-environ/pull/580>_.

Declared support for Django 5.2 and Django 6.0 [#578](https://github.com/joke2k/django-environ/issues/578) <https://github.com/joke2k/django-environ/pull/578>_.

Fixed +++++

Improved type hint coverage and related lint issues [#546](https://github.com/joke2k/django-environ/issues/546) <https://github.com/joke2k/django-environ/pull/546>_.

Fixed typos in the FAQ page [#445](https://github.com/joke2k/django-environ/issues/445) <https://github.com/joke2k/django-environ/pull/445>_.

v0.12.1

Changelog

Fixed

Fixed PostgreSQL cluster URL parsing with bracketed IPv6 hosts in recent Python versions, preventing failures in runtime URL parsing and related regression tests [#574](https://github.com/joke2k/django-environ/issues/574) <https://github.com/joke2k/django-environ/issues/574>_.

Fixed debug logging in Env.get_value() to avoid evaluating lazy default objects when DEBUG logging is enabled [#571](https://github.com/joke2k/django-environ/issues/571) <https://github.com/joke2k/django-environ/issues/571>_.

Changelog

Sourced from django-environ's changelog.

v0.13.0_ - 18-February-2026

Added +++++

Added optional warnings when defaults are used [#582](https://github.com/joke2k/django-environ/issues/582) <https://github.com/joke2k/django-environ/pull/582>_.

Added choices argument support for value validation in Env.str(...) [#555](https://github.com/joke2k/django-environ/issues/555) <https://github.com/joke2k/django-environ/pull/555>_.

Added Valkey support via valkey:// and valkeys:// cache URL schemes [#554](https://github.com/joke2k/django-environ/issues/554) <https://github.com/joke2k/django-environ/pull/554>_.

Added support for rediss:// scheme in channels URL parsing [#573](https://github.com/joke2k/django-environ/issues/573) <https://github.com/joke2k/django-environ/pull/573>_.

Added django-prometheus database backend aliases to DB URL parsing schemes [#559](https://github.com/joke2k/django-environ/issues/559) <https://github.com/joke2k/django-environ/pull/559>_.

Changed +++++++

Declared support for Python 3.14 [#580](https://github.com/joke2k/django-environ/issues/580) <https://github.com/joke2k/django-environ/pull/581>_.

Declared support for Django 5.2 and Django 6.0 [#578](https://github.com/joke2k/django-environ/issues/578) <https://github.com/joke2k/django-environ/pull/578>_.

Fixed +++++

Improved type hint coverage and related lint issues [#546](https://github.com/joke2k/django-environ/issues/546) <https://github.com/joke2k/django-environ/pull/546>_.

Fixed typos in the FAQ page [#445](https://github.com/joke2k/django-environ/issues/445) <https://github.com/joke2k/django-environ/pull/445>_.

v0.12.1_ - 13-February-2026

Fixed +++++

Fixed PostgreSQL cluster URL parsing with bracketed IPv6 hosts in recent Python versions, preventing failures in runtime URL parsing and related regression tests [#574](https://github.com/joke2k/django-environ/issues/574) <https://github.com/joke2k/django-environ/issues/574>_.

Fixed debug logging in Env.get_value() to avoid evaluating lazy default objects when DEBUG logging is enabled [#571](https://github.com/joke2k/django-environ/issues/571) <https://github.com/joke2k/django-environ/issues/571>_.

Commits

00746d0 docs: add Django 5.2 and 6.0 support to README
d1f1159 Release 0.13.0
d82e361 Add optional warnings when defaults are used (#582)
a78f7c8 Fixed some typos in the FAQ page (#445)
24b299e Feature/add choice parameter and raise an exception if fetched value is not w...
c441413 Add django-prometheus database backends to DB_SCHEMES (#559)
98a0aad Fix lint issues in environ type hints
f4e77e4 feat(cache): add valkey and valkeys as allowed schemes (#554)
dd4d308 Add type hints (#546)
3137c4f Support lower case options for Django Redis cache backend (#550)
Additional commits viewable in compare view

Updates pytest from 9.0.2 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

#12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

#13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

Previously this resulted in an internal assertion failure during plugin loading.

Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

#13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

#14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

#14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

#13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.

#13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.

#14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.

#14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

#12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

-- by aleguy02

Commits

a7d58d7 Prepare release version 9.0.3
089d981 Merge pull request #14366 from bluetech/revert-14193-backport
8127eaf Revert "Fix: assertrepr_compare respects dict insertion order (#14050) (#14193)"
99a7e60 Merge pull request #14363 from pytest-dev/patchback/backports/9.0.x/95d8423bd...
ddee02a Merge pull request #14343 from bluetech/cve-2025-71176-simple
74eac69 doc: Update training info (#14298) (#14301)
f92dee7 Merge pull request #14267 from pytest-dev/patchback/backports/9.0.x/d6fa26c62...
7ee58ac Merge pull request #12378 from Pierre-Sassoulas/fix-implicit-str-concat-and-d...
37da870 Merge pull request #14259 from mitre88/patch-4 (#14268)
c34bfa3 Add explanation for string context diffs (#14257) (#14266)
Additional commits viewable in compare view

Updates pytest-django from 4.11.1 to 4.12.0

Changelog

Sourced from pytest-django's changelog.

v4.12.0 (2026-02-14)

Compatibility ^^^^^^^^^^^^^

Official Python 3.14 support.

Dropped support for Python 3.9, minimum version is now Python 3.10.

Official Django 6.0 support.

Improvements ^^^^^^^^^^^^

The :ref:multiple databases <multi-db> support added in v4.3.0 is no longer considered experimental.

Added :func:@pytest.mark.django_isolate_apps <pytest.mark.django_isolate_apps> for isolating Django's app registry in pytest tests, and a :fixture:django_isolated_apps fixture to access the isolated Apps registry instance if needed.

Commits

a2a9495 Release 4.12.0
020bc23 tests: make sure access to default can also be blocked
bcefbe8 Add support for isolating apps in tests
39c8dcc plugin: add a note why we reorder tests
1830acd pyproject.toml: require pytest 9 for self tests, switch to native toml config...
f19da08 Fix the order of the test cases that use the live_server fixture
92858ee docs: add pytest 9.0+ native TOML configuration format
3f550d9 build(deps): bump hynek/build-and-inspect-python-package
1f50dd2 Drop obsolete traces of Django 5.0 in CI
247ec1c Fix PytestCollectionWarning for TestRunner class (#1259)
Additional commits viewable in compare view

Updates python-dotenv from 1.2.1 to 1.2.2

Release notes

Sourced from python-dotenv's releases.

v1.2.2

Added

Support for Python 3.14, including the free-threaded (3.14t) build. (#)

Changed

The dotenv run command now forwards flags directly to the specified command by @bbc2 in theskumar/python-dotenv#607

Improved documentation clarity regarding override behavior and the reference page.

Updated PyPy support to version 3.11.

Documentation for FIFO file support.

Support for Python 3.9.

Fixed

Improved set_key and unset_key behavior when interacting with symlinks by @bbc2 in #790c5

Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by @JYOuyang in theskumar/python-dotenv#590

Breaking Changes

dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Misc

skip 000 permission tests for root user by @burnout-projects in theskumar/python-dotenv#561

Bump actions/checkout from 5 to 6 in the github-actions group by @dependabot[bot] in theskumar/python-dotenv#593

Add Windows testing to CI by @bbc2 in theskumar/python-dotenv#604

Improve workflow efficiency with best practices by @theskumar in theskumar/python-dotenv#609

Remove the use of sh in tests by @bbc2 in theskumar/python-dotenv#612

New Contributors

@JYOuyang made their first contribution in theskumar/python-dotenv#590

@burnout-projects made their first contribution in theskumar/python-dotenv#561

@cpackham-atlnz made their first contribution in theskumar/python-dotenv#597

Full Changelog: theskumar/python-dotenv@v1.2.1...v1.2.2

Changelog

Sourced from python-dotenv's changelog.

[1.2.2] - 2026-03-01

Added

Support for Python 3.14, including the free-threaded (3.14t) build. (#588)

Changed

The dotenv run command now forwards flags directly to the specified command by [@bbc2] in #607

Improved documentation clarity regarding override behavior and the reference page.

Updated PyPy support to version 3.11.

Documentation for FIFO file support.

Dropped Support for Python 3.9.

Fixed

Improved set_key and unset_key behavior when interacting with symlinks by [@bbc2] in [790c5c0]

Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@JYOuyang] in #590

Breaking Changes

dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Commits

36004e0 Bump version: 1.2.1 → 1.2.2
eb20252 docs: update changelog for v1.2.2
790c5c0 Merge commit from fork
43340da Remove the use of sh in tests (#612)
09d7cee docs: clarify override behavior and document FIFO support (#610)
c8de288 ci: improve workflow efficiency with best practices (#609)
7bd9e3d Add Windows testing to CI (#604)
1baaf04 Drop Python 3.9 support and update to PyPy 3.11 (#608)
4a22cf8 ci: enable testing on Python 3.14t (free-threaded) (#588)
e2e8e77 Fix license specifier (#597)
Additional commits viewable in compare view

Updates sentry-sdk from 2.51.0 to 2.58.0

Release notes

Sourced from sentry-sdk's releases.

2.58.0

New Features ✨

(ai) Redact base64 data URLs in image_url content blocks by @ericapisani in #5953

(integrations) Instrument pyreqwest tracing by @servusdei2018 in #5682

(litellm) Add async callbacks by @alexander-alderman-webb in #5969

Bug Fixes 🐛

Anthropic

Capture exceptions for stream() calls by @alexander-alderman-webb in #5950

Stop setting transaction status when child span fails by @alexander-alderman-webb in #5717

Only finish relevant spans in .create() patches by @alexander-alderman-webb in #5716

Pydantic Ai

Adapt import for new library versions by @alexander-alderman-webb in #5984

Use first-class hooks when available by @alexander-alderman-webb in #5947

Other

(huggingface_hub) Stop setting transaction status when a child span fails by @Zenithatic in #5952

(litellm) Avoid double span exits when streaming by @alexander-alderman-webb in #5933

(wsgi) Respect HTTP_X_FORWARDED_PROTO in request.url construction by @sl0thentr0py in #5963

Internal Changes 🔧

Litellm

Replace mocks with httpx types in rate-limit test by @alexander-alderman-webb in #5975

Replace mocks with httpx types in embedding tests by @alexander-alderman-webb in #5970

Replace mocks with httpx types in nonstreaming completion() tests by @alexander-alderman-webb in #5937

Remove dead attributes by @alexander-alderman-webb in #5985

Other

(ai) Remove gen_ai.tool.type span attribute by @ericapisani in #5964

(anthropic) Separate sync and async .create() patches by @alexander-alderman-webb in #5715

(openai) Split token counting by API for easier deprecation by @ericapisani in #5930

(openai-agents) Remove error attributes by @alexander-alderman-webb in #5986

(opentelemetry) Ignore mypy error by @alexander-alderman-webb in #5927

🤖 Update test matrix with new releases (04/13) by @github-actions in #5983

Fix license metadata in setup.py by @sl0thentr0py in #5934

Update validate-pr workflow by @stephanie-anderson in #5931

Other

Handle None span context in the span processor and pin tokenizers version for anthropic tests on Python 3.8 by @alexander-alderman-webb in #5967

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.58.0

New Features ✨

(ai) Redact base64 data URLs in image_url content blocks by @ericapisani in #5953

(integrations) Instrument pyreqwest tracing by @servusdei2018 in #5682

(litellm) Add async callbacks by @alexander-alderman-webb in #5969

Bug Fixes 🐛

Anthropic

Capture exceptions for stream() calls by @alexander-alderman-webb in #5950

Stop setting transaction status when child span fails by @alexander-alderman-webb in #5717

Only finish relevant spans in .create() patches by @alexander-alderman-webb in #5716

Pydantic Ai

Adapt import for new library versions by @alexander-alderman-webb in #5984

Use first-class hooks when available by @alexander-alderman-webb in #5947

Other

(huggingface_hub) Stop setting transaction status when a child span fails by @Zenithatic in #5952

(litellm) Avoid double span exits when streaming by @alexander-alderman-webb in #5933

(wsgi) Respect HTTP_X_FORWARDED_PROTO in request.url construction by @sl0thentr0py in #5963

Internal Changes 🔧

Litellm

Replace mocks with httpx types in rate-limit test by @alexander-alderman-webb in #5975

Replace mocks with httpx types in embedding tests by @alexander-alderman-webb in #5970

Replace mocks with httpx types in nonstreaming completion() tests by @alexander-alderman-webb in #5937

Remove dead attributes by @alexander-alderman-webb in #5985

Other

(ai) Remove gen_ai.tool.type span attribute by @ericapisani in #5964

(anthropic) Separate sync and async .create() patches by @alexander-alderman-webb in #5715

(openai) Split token counting by API for easier deprecation by @ericapisani in #5930

(openai-agents) Remove err...
Description has been truncated

…pdates Bumps the dependencies group with 13 updates in the / directory: | Package | From | To | | --- | --- | --- | | [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.11` | `2.9.12` | | [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.1` | | [gunicorn](https://github.com/benoitc/gunicorn) | `25.0.1` | `25.3.0` | | [dj-database-url](https://github.com/jazzband/dj-database-url) | `3.1.0` | `3.1.2` | | [django-environ](https://github.com/joke2k/django-environ) | `0.12.0` | `0.13.0` | | [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` | | [pytest-django](https://github.com/pytest-dev/pytest-django) | `4.11.1` | `4.12.0` | | [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` | | [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.51.0` | `2.58.0` | | [pytz](https://github.com/stub42/pytz) | `2025.2` | `2026.1.post1` | | [whitenoise](https://github.com/evansd/whitenoise) | `6.11.0` | `6.12.0` | | [geopandas](https://github.com/geopandas/geopandas) | `1.1.2` | `1.1.3` | | [pre-commit](https://github.com/pre-commit/pre-commit) | `4.5.1` | `4.6.0` | Updates `psycopg2-binary` from 2.9.11 to 2.9.12 - [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS) - [Commits](psycopg/psycopg2@2.9.11...2.9.12) Updates `requests` from 2.32.5 to 2.33.1 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.5...v2.33.1) Updates `gunicorn` from 25.0.1 to 25.3.0 - [Release notes](https://github.com/benoitc/gunicorn/releases) - [Commits](benoitc/gunicorn@25.0.1...25.3.0) Updates `dj-database-url` from 3.1.0 to 3.1.2 - [Release notes](https://github.com/jazzband/dj-database-url/releases) - [Changelog](https://github.com/jazzband/dj-database-url/blob/master/CHANGELOG.md) - [Commits](jazzband/dj-database-url@v3.1.0...v3.1.2) Updates `django` from 6.0.1 to 6.0.4 - [Commits](django/django@6.0.1...6.0.4) Updates `django-environ` from 0.12.0 to 0.13.0 - [Release notes](https://github.com/joke2k/django-environ/releases) - [Changelog](https://github.com/joke2k/django-environ/blob/develop/CHANGELOG.rst) - [Commits](joke2k/django-environ@v0.12.0...v0.13.0) Updates `pytest` from 9.0.2 to 9.0.3 - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@9.0.2...9.0.3) Updates `pytest-django` from 4.11.1 to 4.12.0 - [Release notes](https://github.com/pytest-dev/pytest-django/releases) - [Changelog](https://github.com/pytest-dev/pytest-django/blob/main/docs/changelog.rst) - [Commits](pytest-dev/pytest-django@v4.11.1...v4.12.0) Updates `python-dotenv` from 1.2.1 to 1.2.2 - [Release notes](https://github.com/theskumar/python-dotenv/releases) - [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md) - [Commits](theskumar/python-dotenv@v1.2.1...v1.2.2) Updates `sentry-sdk` from 2.51.0 to 2.58.0 - [Release notes](https://github.com/getsentry/sentry-python/releases) - [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md) - [Commits](getsentry/sentry-python@2.51.0...2.58.0) Updates `pytz` from 2025.2 to 2026.1.post1 - [Release notes](https://github.com/stub42/pytz/releases) - [Commits](stub42/pytz@release_2025.2...release_2026.1.post1) Updates `whitenoise` from 6.11.0 to 6.12.0 - [Changelog](https://github.com/evansd/whitenoise/blob/main/docs/changelog.rst) - [Commits](evansd/whitenoise@6.11.0...6.12.0) Updates `geopandas` from 1.1.2 to 1.1.3 - [Release notes](https://github.com/geopandas/geopandas/releases) - [Changelog](https://github.com/geopandas/geopandas/blob/main/CHANGELOG.md) - [Commits](geopandas/geopandas@v1.1.2...v1.1.3) Updates `pre-commit` from 4.5.1 to 4.6.0 - [Release notes](https://github.com/pre-commit/pre-commit/releases) - [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md) - [Commits](pre-commit/pre-commit@v4.5.1...v4.6.0) --- updated-dependencies: - dependency-name: psycopg2-binary dependency-version: 2.9.12 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: requests dependency-version: 2.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: gunicorn dependency-version: 25.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: dj-database-url dependency-version: 3.1.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: django dependency-version: 6.0.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: django-environ dependency-version: 0.13.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: pytest dependency-version: 9.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: pytest-django dependency-version: 4.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: python-dotenv dependency-version: 1.2.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: sentry-sdk dependency-version: 2.58.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: pytz dependency-version: 2026.1.post1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: whitenoise dependency-version: 6.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: geopandas dependency-version: 1.1.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: pre-commit dependency-version: 4.6.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 1, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): Bump the dependencies group across 1 directory with 14 updates#286

chore(deps): Bump the dependencies group across 1 directory with 14 updates#286
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/dependencies-cff9583033

dependabot Bot commented on behalf of github May 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 1, 2026

Current release

v2.33.1

2.33.1 (2026-03-30)

New Contributors

v2.33.0

2.33.0 (2026-03-25)

New Contributors

2.33.1 (2026-03-30)

2.33.0 (2026-03-25)

Gunicorn 25.3.0

Bug Fixes

Security

Changes

Gunicorn 25.2.0

New Features

Bug Fixes

v3.1.2

What's Changed

New Contributors

v3.1.1

What's Changed

New Contributors

CHANGELOG

v0.13.0

v0.13.0_ - 18-February-2026

v0.12.1

Changelog

v0.13.0_ - 18-February-2026

v0.12.1_ - 13-February-2026

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

Improved documentation

Contributor-facing changes

v4.12.0 (2026-02-14)

v1.2.2

Added

Changed

Fixed

Breaking Changes

Misc

New Contributors

[1.2.2] - 2026-03-01

Added

Changed

Fixed

Breaking Changes

2.58.0

New Features ✨

Bug Fixes 🐛

Anthropic

Pydantic Ai

Other

Internal Changes 🔧

Litellm

Other

Other

2.58.0

New Features ✨

Bug Fixes 🐛

Anthropic

Pydantic Ai

Other

Internal Changes 🔧

Litellm

Other

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

`v0.13.0`_ - 18-February-2026

`v0.13.0`_ - 18-February-2026

`v0.12.1`_ - 13-February-2026