Bump the python group with 5 updates

[dependabot]

Bumps the python group with 5 updates:

Package	From	To
django	5.2.10	5.2.11
django-allauth	65.14.0	65.14.1
gunicorn	25.0.1	25.0.3
djangorestframework-stubs[compatible-mypy]	3.16.7	3.16.8
ruff	0.14.14	0.15.0

Updates django from 5.2.10 to 5.2.11

Commits

• 4a96a19 [5.2.x] Bumped version for 5.2.11 release.
• ab0ad8d [5.2.x] Refs CVE-2026-1312 -- Raised ValueError when FilteredRelation aliases...
• e863ee2 [5.2.x] Fixed CVE-2026-1312 -- Protected order_by() from SQL injection via al...
• 3e68ccd [5.2.x] Fixed CVE-2026-1287 -- Protected against SQL injection in column alia...
• 9f2ada8 [5.2.x] Fixed CVE-2026-1285 -- Mitigated potential DoS in django.utils.text.T...
• 17a1d64 [5.2.x] Fixed CVE-2026-1207 -- Prevented SQL injections in RasterField lookup...
• 1ba9006 [5.2.x] Fixed CVE-2025-14550 -- Optimized repeated header parsing in ASGI req...
• 184e38a [5.2.x] Fixed CVE-2025-13473 -- Standardized timing of check_password() in mo...
• d8c551d [5.2.x] Added stub release notes and release date for 5.2.11 and 4.2.28.
• 3ea659d [5.2.x] Clarified regression nature of data loss bug in docs/releases/5.2.10....
• Additional commits viewable in compare view

Updates django-allauth from 65.14.0 to 65.14.1

Commits

• See full diff in compare view

Updates gunicorn from 25.0.1 to 25.0.3

Release notes

Sourced from gunicorn's releases.

25.0.3

What's Changed

Bug Fixes

• Fix RuntimeError when StopIteration raised in ASGI coroutine (#3484)
• Fix passing maxsplit in re.split() as positional argument (deprecated in Python 3.13)

Documentation

• Updated sponsorship section and homepage

Full Changelog: benoitc/gunicorn@25.0.2...25.0.3

25.0.2

What's Changed

Bug Fixes

• Fix ASGI concurrent request failures through nginx proxy
• Graceful disconnect handling for ASGI worker
• Lazy import dirty module for gevent compatibility

Other

• Increase CI timeout for signal tests on PyPy
• Remove trailing blank line in instrument/init.py

Full Changelog: benoitc/gunicorn@25.0.1...25.0.2

Commits

• fc85068 chore: prepare release 25.0.3
• 787602f docs: shorten README sponsor section
• a52c81f Merge pull request #3492 from benoitc/feature/improve-sponsorship
• 1afb2b7 Merge pull request #3490 from tyrossel/master
• 2ead70d docs: add Sponsor to top-level navigation
• 874e8be docs: shorten sponsor section on homepage
• 7293b21 docs: add prominent sponsorship options
• 70d571b docs: update homepage title and remove version display
• d301d53 fix: resolve RuntimeError when StopIteration raised in ASGI coroutine
• 9508df6 test: increase CI timeout for signal tests on PyPy
• Additional commits viewable in compare view

Updates djangorestframework-stubs[compatible-mypy] from 3.16.7 to 3.16.8

Commits

• See full diff in compare view

Updates ruff from 0.14.14 to 0.15.0

Release notes

Sourced from ruff's releases.

0.15.0

Release Notes

Released on 2026-02-03.

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

• Ruff now formats your code according to the 2026 style guide. See the formatter section below or in the blog post for a detailed list of changes.

• The linter now supports block suppression comments. For example, to suppress N803 for all parameters in this function:

  # ruff: disable[N803]
  def foo(
      legacyArg1,
      legacyArg2,
      legacyArg3,
      legacyArg4,
  ): ...
  # ruff: enable[N803]

  See the documentation for more details.

• The ruff:alpine Docker image is now based on Alpine 3.23 (up from 3.21).

• The ruff:debian and ruff:debian-slim Docker images are now based on Debian 13 "Trixie" instead of Debian 12 "Bookworm."

• Binaries for the ppc64 (64-bit big-endian PowerPC) architecture are no longer included in our releases. It should still be possible to build Ruff manually for this platform, if needed.

• Ruff now resolves all extended configuration files before falling back on a default Python version.

Stabilization

The following rules have been stabilized and are no longer in preview:

• blocking-http-call-httpx-in-async-function (ASYNC212)
• blocking-path-method-in-async-function (ASYNC240)
• blocking-input-in-async-function (ASYNC250)
• map-without-explicit-strict (B912)
• if-exp-instead-of-or-operator (FURB110)
• single-item-membership-test (FURB171)
• missing-maxsplit-arg (PLC0207)
• unnecessary-lambda (PLW0108)
• unnecessary-empty-iterable-within-deque-call (RUF037)
• in-empty-collection (RUF060)
• legacy-form-pytest-raises (RUF061)
• non-octal-permissions (RUF064)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.0

Released on 2026-02-03.

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

• Ruff now formats your code according to the 2026 style guide. See the formatter section below or in the blog post for a detailed list of changes.

• The linter now supports block suppression comments. For example, to suppress N803 for all parameters in this function:

  # ruff: disable[N803]
  def foo(
      legacyArg1,
      legacyArg2,
      legacyArg3,
      legacyArg4,
  ): ...
  # ruff: enable[N803]

  See the documentation for more details.

• The ruff:alpine Docker image is now based on Alpine 3.23 (up from 3.21).

• The ruff:debian and ruff:debian-slim Docker images are now based on Debian 13 "Trixie" instead of Debian 12 "Bookworm."

• Binaries for the ppc64 (64-bit big-endian PowerPC) architecture are no longer included in our releases. It should still be possible to build Ruff manually for this platform, if needed.

• Ruff now resolves all extended configuration files before falling back on a default Python version.

Stabilization

The following rules have been stabilized and are no longer in preview:

• blocking-http-call-httpx-in-async-function (ASYNC212)
• blocking-path-method-in-async-function (ASYNC240)
• blocking-input-in-async-function (ASYNC250)
• map-without-explicit-strict (B912)
• if-exp-instead-of-or-operator (FURB110)
• single-item-membership-test (FURB171)

... (truncated)

Commits

• ce5f7b6 Bump 0.15.0 (#23055)
• b4e40f5 [ty] Fix __contains__ to respect descriptors (#23056)
• 848cb72 [ty] Fix narrowing of nonlocal variables with conditional assignments (#22966)
• da7f33a [ty] Add a diagnostic for Final without assignment (#23001)
• e65f9a6 Document markdown formatting feature (#22990)
• c0c1b98 Format markdown code blocks with line-by-line regex parse (#22996)
• 9f8f3e1 Allow positional-only params with defaults in method overrides (#23037)
• ef83810 [ty] ecosystem-analyzer: Support bare git repositories (#23054)
• 54dfee4 Customize where the fix_title sub-diagnostic appears (#23044)
• b534607 2026 Ruff Formatter Style (#22735)
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
django	[>= 6.dev0, < 7]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (bc50393) to head (6e77573).

Additional details and impacted files

@@            Coverage Diff            @@
##            master      #279   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           49        49           
  Lines         1985      1985           
=========================================
  Hits          1985      1985           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.