Skip to content

chore(deps): bump the major-updates group across 1 directory with 5 updates#171

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/pip/major-updates-ca2800ef40
Open

chore(deps): bump the major-updates group across 1 directory with 5 updates#171
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/pip/major-updates-ca2800ef40

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 6, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the major-updates group with 5 updates in the / directory:

Package From To
django 5.2.14 5.2.15
django-health-check 3.20.8 4.4.3
django-grappelli 4.0.3 5.0.0
gunicorn 23.0.0 26.0.0
django-debug-toolbar 5.2.0 7.0.0

Updates django from 5.2.14 to 5.2.15

Commits
  • 21e9840 [5.2.x] Bumped version for 5.2.15 release.
  • 9b62b0a [5.2.x] Fixed CVE-2026-48587 -- Ignored whitespace padding when checking Vary...
  • 050a3dc [5.2.x] Fixed CVE-2026-35193 -- Varied on Authorization when caching non-publ...
  • 366d9ae [5.2.x] Fixed CVE-2026-8404 -- Used Cache-Control directives case-insensitive...
  • 4e47d2b [5.2.x] Fixed CVE-2026-7666 -- Delayed setting SMTP connection until fully co...
  • 594360c [5.2.x] Fixed CVE-2026-6873 -- Prevented signed cookie salt namespace collisi...
  • e074d83 [5.2.x] Included commit hash in checksum file when building artifacts for rel...
  • c502754 [5.2.x] Updated links to severity levels in release notes.
  • 72f5b41 [5.2.x] Added stub release notes and release date for 5.2.15.
  • 7084825 [5.2.x] Refs #35844 -- Ran further selenium tests with --parallel=1.
  • Additional commits viewable in compare view

Updates django-health-check from 3.20.8 to 4.4.3

Release notes

Sourced from django-health-check's releases.

4.4.3

What's Changed

New Contributors

Full Changelog: codingjoe/django-health-check@4.4.2...4.4.3

4.4.2

What's Changed

  • Add sponsors to readme

Full Changelog: codingjoe/django-health-check@4.4.1...4.4.2

4.4.1

What's Changed

Full Changelog: codingjoe/django-health-check@4.4.0...4.4.1

4.4.0

What's Changed

New Contributors

Full Changelog: codingjoe/django-health-check@4.3.1...4.4.0

4.3.1

What's Changed

New Contributors

Full Changelog: codingjoe/django-health-check@4.3.0...4.3.1

4.3.0

What's Changed

... (truncated)

Commits
  • 46c7d08 Fix #742 -- Remove blank lines in OpenMetrics output (#741)
  • 0ef6677 [pre-commit.ci] pre-commit autoupdate
  • bf59fb0 Bump actions/checkout from 6 to 7
  • 2409afb [pre-commit.ci] pre-commit autoupdate
  • c2fb029 Update sponsor image link in README.md
  • 5e0ec1f [pre-commit.ci] pre-commit autoupdate
  • ccb4f7f Bump codecov/codecov-action from 6 to 7
  • d09fca3 Add sponsors section
  • 537935f [pre-commit.ci] pre-commit autoupdate
  • 7221356 [pre-commit.ci] pre-commit autoupdate
  • Additional commits viewable in compare view

Updates django-grappelli from 4.0.3 to 5.0.0

Changelog

Sourced from django-grappelli's changelog.

5.0.0 (April 29th, 2026)

  • Compatibility with Django 6.x

4.0.5 (not yet released)

4.0.4 (April 28th, 2026)

  • Improved: raised margins within radiolists
  • Improved: layout for multiple inputs in related widget
  • Improved: layout for related widget display in change list
Commits
  • 98c98e7 docs for upcoming release (5.0.0)
  • fa9fdbd fix with dashboard modules
  • fd0552f Merge branch 'master' into stable/5.0.x
  • be75293 docs for upcoming release (4.0.4)
  • dec6e41 apply label styles to legends in grp-rows, #1077
  • 0208cce hide datetime inline labels, #1077
  • 84d070b improving layout for related widget display in change list, related to #1072
  • 9e52129 improving layout for multiple inputs in related widget, #1072
  • 6622c4b improving layout for related widget display in change list, related to #1072
  • 1edb009 improving layout for multiple inputs in related widget, #1072
  • Additional commits viewable in compare view

Updates gunicorn from 23.0.0 to 26.0.0

Release notes

Sourced from gunicorn's releases.

26.0.0

Breaking Changes

  • Eventlet worker removed: The eventlet worker class has been dropped. Migrate to gevent, gthread, or tornado.

New Features

  • ASGI Framework Compatibility Suite: New end-to-end compatibility test harness covering Starlette, FastAPI, Litestar, Quart, Sanic, and BlackSheep. Current grid passes 438/444 tests (98%).
  • ASGI Test Suite Expansion: 134 additional ASGI unit tests covering protocol semantics, lifespan, websockets, and chunked framing.

Security

  • HTTP/1.1 Request-Target Validation (RFC 9112 sections 3.2.3, 3.2.4):
    • Reject authority-form request-target outside CONNECT
    • Reject asterisk-form request-target outside OPTIONS
    • Reject relative-reference request-targets
  • Header Field Hardening (RFC 9110):
    • Reject control characters in header field-value (section 5.5)
    • Reject forbidden trailer field-names (section 6.5.1)
    • Reject Content-Length list form (RFC 9112 section 6.3)
  • Request Smuggling Hardening:
    • Tighten keepalive gate and scope finish_body byte cap
    • Keep _body_receiver alive across the keepalive smuggling gate so pipelined requests cannot re-enter a closed body
    • Address parser/protocol findings from a six-point WSGI/ASGI audit
  • PROXY Protocol (ASGI): Enforce proxy_allow_ips and tighten v1/v2 parsing in the ASGI callback parser.
  • Connection Draining: Drain the connection on close per RFC 9112 section 9.6 to prevent reset-on-close truncation.

Bug Fixes

  • Body Framing on HEAD/204/304:
    • Keep Content-Length on HEAD and 304 responses (#3621)
    • Drop body framing on HEAD/204/304 even when the framework set it
    • Warn once when an ASGI app emits a body for a no-body response
  • HTTP/2 ASGI:
    • Fix _handle_stream_ended to set _body_complete in the async HTTP/2 handler so request bodies finalize correctly on stream end
    • Add InvalidChunkExtension mapping and fast-parser support in ASGI tests (#3565)
  • HTTP/1.1 100-Continue: Stop adding Transfer-Encoding: chunked to 100-Continue interim responses.
  • WebSocket Close Handshake (RFC 6455):
    • Comply with the close handshake state machine
    • Close the transport after the close handshake completes
    • Fix binary send when the text key is None
  • Early Hints: Validate headers in the early_hints callback to match process_headers; pass only the header name to InvalidHeader (#3588).
  • ASGI Framework Fixes:
    • Fix ASGI disconnect handling for Django-style apps
    • Fix Litestar request handling (use raw ASGI receive for body/headers)
    • Fix Litestar HTTP endpoints for compatibility tests
    • Fix Quart headers endpoint to normalize keys to lowercase
    • Fix Quart WebSocket close test app (missing accept())
    • Fix duplicate Transfer-Encoding header for BlackSheep streaming

... (truncated)

Commits
  • 5d819cf release: 26.0.0
  • b45c70d Merge pull request #3611 from zc-mattcen/docs-typo
  • 99c8d48 Merge pull request #3623 from benoitc/chore/drop-eventlet-add-h2-uvloop-test-...
  • 5a655af Merge pull request #3622 from benoitc/test/docker-port-and-ipv4-fixes
  • 201df19 chore: remove eventlet worker; add h2 and uvloop to test deps
  • f4ac8e1 test: pass action name to dirty client and stabilize after TTOU spam
  • 54d38af test: unblock docker fixtures on macOS hosts
  • 68843c8 Merge pull request #3621 from benoitc/fix/asgi-preserve-content-length-on-hea...
  • 31f2618 Merge pull request #3620 from benoitc/fix/asgi-proxy-protocol-trust-and-parsing
  • 41ec752 fix: keep Content-Length on HEAD and 304 responses
  • Additional commits viewable in compare view

Updates django-debug-toolbar from 5.2.0 to 7.0.0

Release notes

Sourced from django-debug-toolbar's releases.

7.0.0

This release features a change to use the shadow DOM. If a project is customizing the Django Debug Toolbar theme via variables a change will be required.

Changelog

  • Updated to render the toolbar in a shadow DOM for better isolation from the rest of the page. This can be disabled with the setting USE_SHADOW_DOM.
  • Note that custom themes overriding CSS variables on :root must move those overrides to #djDebug, and custom panels that rely on external styles or DOM lookups reaching into the toolbar will need updates to work with the shadow DOM.
  • Prevent check from failing when ROOT_URLCONF is not defined.
  • Prevent toolbar storage from failing when serialized panel data contains mapping keys that are not JSON-compatible.
  • Prevent debounce race conditions in the history panel for rapid fetch requests.
  • Added a note to the prerequisites section of the installation docs about requiring an up-to-date browser.
  • Dropped support for Django 4.2 and Django 5.1 .
  • Added graceful degradation for SQL queries that exceed sqlparse's token limits. When SQLParseError is raised, the SQL panel now automatically disables grouping and retries formatting, preventing crashes with large queries.
  • Upgraded the JavaScript code to use modern ECMAScript features using esupgrade.
  • Updated tox configuration to treat DeprecationWarning, ResourceWarning, and PendingDeprecationWarning as errors.
  • Clarified configuration documentation about SHOW_TOOLBAR_CALLBACK needing to respect django.conf.settings.DEBUG to match debug_toolbar_urls.
  • Fixed cookie expires calculation in djdt.cookie.set.
  • Account for the new CULL_PROBABILITY in Django 6.2 in tests.
  • Support Django 6.2's handling of booleans for non-PostgreSQL databases.
  • Changed the SQL panel to show the "Select" and "Explain" action buttons for all queries, not just SELECT statements.
  • Fixed SQL panel handling of binary parameters (e.g. from BinaryField) and GeoDjango PostGIS geometry parameters. EWKB geometry adapters are now serialized and reconstructed so that Select and Explain work correctly on spatial queries.

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from django-debug-toolbar's changelog.

7.0.0 (2026-06-17)

  • Prevent check from failing when ROOT_URLCONF is not defined.
  • Prevent toolbar storage from failing when serialized panel data contains mapping keys that are not JSON-compatible.
  • Prevent debounce race conditions in the history panel for rapid fetch requests.
  • Added a note to the prerequisites section of the installation docs about requiring an up-to-date browser.
  • Dropped support for Django 4.2 and Django 5.1 .
  • Updated to render the toolbar in a shadow DOM for better isolation from the rest of the page. This can be disabled with the setting USE_SHADOW_DOM.
  • Note that custom themes overriding CSS variables on :root must move those overrides to #djDebug, and custom panels that rely on external styles or DOM lookups reaching into the toolbar will need updates to work with the shadow DOM.
  • Added graceful degradation for SQL queries that exceed sqlparse's token limits. When SQLParseError is raised, the SQL panel now automatically disables grouping and retries formatting, preventing crashes with large queries.
  • Upgraded the JavaScript code to use modern ECMAScript features using esupgrade.
  • Updated tox configuration to treat DeprecationWarning, ResourceWarning, and PendingDeprecationWarning as errors.
  • Clarified configuration documentation about SHOW_TOOLBAR_CALLBACK needing to respect django.conf.settings.DEBUG to match debug_toolbar_urls.
  • Fixed cookie expires calculation in djdt.cookie.set.
  • Account for the new CULL_PROBABILITY in Django 6.2 in tests.
  • Support Django 6.2's handling of booleans for non-PostgreSQL databases.
  • Changed the SQL panel to show the "Select" and "Explain" action buttons for all queries, not just SELECT statements.
  • Fixed SQL panel handling of binary parameters (e.g. from BinaryField) and GeoDjango PostGIS geometry parameters. EWKB geometry adapters are now serialized and reconstructed so that Select and Explain work correctly on spatial queries.

6.3.0 (2026-04-01)

  • Replaced requirements_dev.txt file for pyproject.toml support with dependency groups.
  • Updated ReadTheDocs Python version to 3.13.
  • Modernize some panel styles and colors.
  • Standardize use of time/duration units and labels across panels.
  • Added translations for Lithuanian, Turkish and Uzbek.
  • Update the translations.
  • Expose a py.typed marker file.

... (truncated)

Commits
  • 6c66337 Version 7.0.0
  • 44bf141 Update translations
  • 9e844fd Fix binary parameter handling in SQL panel (#2391)
  • c364770 Mention @​gzip_page explicitly as a reason why the toolbar doesn't show up (#2...
  • 7475cf0 Change the SQL panel to show the select and explain buttons for all queries (...
  • 931a234 Bump actions/checkout from 6.0.2 to 6.0.3 in the github-actions group (#2384)
  • e153a97 Bump the minor-npm-dependencies group across 1 directory with 2 updates (#2390)
  • 67f16e4 Bump vite from 8.0.10 to 8.0.16 (#2389)
  • b02d594 Bump @​babel/core from 7.29.0 to 7.29.7 (#2388)
  • 0df3f3a pre-commit autoupdate (#2387)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 6, 2026
@dependabot
chore(deps): bump the major-updates group across 1 directory with 5 u…
13316cb 
…pdates

Bumps the major-updates group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [django](https://github.com/django/django) | `5.2.14` | `5.2.15` |
| [django-health-check](https://github.com/codingjoe/django-health-check) | `3.20.8` | `4.4.3` |
| [django-grappelli](https://github.com/sehmaschine/django-grappelli) | `4.0.3` | `5.0.0` |
| [gunicorn](https://github.com/benoitc/gunicorn) | `23.0.0` | `26.0.0` |
| [django-debug-toolbar](https://github.com/django-commons/django-debug-toolbar) | `5.2.0` | `7.0.0` |



Updates `django` from 5.2.14 to 5.2.15
- [Commits](django/django@5.2.14...5.2.15)

Updates `django-health-check` from 3.20.8 to 4.4.3
- [Release notes](https://github.com/codingjoe/django-health-check/releases)
- [Commits](codingjoe/django-health-check@3.20.8...4.4.3)

Updates `django-grappelli` from 4.0.3 to 5.0.0
- [Changelog](https://github.com/sehmaschine/django-grappelli/blob/master/docs/changelog.rst)
- [Commits](sehmaschine/django-grappelli@4.0.3...5.0.0)

Updates `gunicorn` from 23.0.0 to 26.0.0
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](benoitc/gunicorn@23.0.0...26.0.0)

Updates `django-debug-toolbar` from 5.2.0 to 7.0.0
- [Release notes](https://github.com/django-commons/django-debug-toolbar/releases)
- [Changelog](https://github.com/django-commons/django-debug-toolbar/blob/main/docs/changes.rst)
- [Commits](django-commons/django-debug-toolbar@5.2.0...7.0.0)

---
updated-dependencies:
- dependency-name: django
  dependency-version: 5.2.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: major-updates
- dependency-name: django-debug-toolbar
  dependency-version: 6.3.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: django-grappelli
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: django-health-check
  dependency-version: 4.4.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: gunicorn
  dependency-version: 26.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/major-updates-ca2800ef40 branch from 6e677d6 to 13316cb Compare June 27, 2026 21:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants