build(deps): bump the django group across 1 directory with 9 updates

[dependabot]

Updates the requirements on django-filter, django-cors-headers, django-environ, django, django-tiptap, djangorestframework, django-graphql-jwt, django-anymail[amazon_ses] and django-storages[boto3] to permit the latest version.
Updates django-filter from 22.1 to 25.1

Changelog

Sourced from django-filter's changelog.

Version 25.1 (2025-02-14)

• Removed the in-built API schema generation methods, which have been deprecated since v23.2.

  You should use drf-spectacular <https://drf-spectacular.readthedocs.io/en/latest/>_ for generating OpenAPI schemas with DRF.

• Dropped support for EOL Python 3.8.

• Added testing against Python 3.13.

• Added official support for Django 5.2.

Version 24.3 (2024-08-02)

• Adds official support for Django 5.1.

• Allow using dictionaries for grouped choices on Django 5.0+.

  Thanks to Sævar Öfjörð Magnússon.

• Adds unknown_field_behavior FilterSet option to allowing warning and ignore behaviours for unknown field types during FilterSet generation.

  Thanks to Loes.

Version 24.2 (2024-03-27)

• Fixed a regression in v23.4 where callable choices were incorrectly evaluated at filter instantiation, on Django versions prior to 5.0.

  Thanks to Craig de Stigter for the report and reproduce.

Version 24.1 (2024-03-08)

• Updated supported Python and Django versions, and resolved upcoming Django deprecations.

  Required versions are now at least Python 3.8 and Django 4.2.

  Thanks to Michael Manganiello.

• Allowed passing a FilterSet class to the filterset_factory().

  Thanks to Birger Schacht.

... (truncated)

Commits

• 27dd672 Updated Change notes for 25.1 release.
• 2ea3817 Added Trove classifier for Django 5.2.
• 4d2306c Replaced hardcoded pks in tests (#1703)
• fbf5a76 Update tox after Django 5.2 alpha release. (#1700)
• 1e76d68 Use QueryDict for data default. (#1691)
• e709e5d Add testing against Python 3.13.
• ccde000 Dropped support for EOL Python 3.8.
• 2a644e1 Removed deprecated schema generation methods from DRF backend. (#1698)
• 2494df9 fix typo in filterset.txt (#1695)
• 3656174 Translated using Weblate (Czech) (#1687)
• Additional commits viewable in compare view

Updates django-cors-headers from 4.4.0 to 4.7.0

Changelog

Sourced from django-cors-headers's changelog.

4.7.0 (2025-02-06)

• Support Django 5.2.

4.6.0 (2024-10-29)

• Drop Django 3.2 to 4.1 support.

4.5.0 (2024-10-12)

• Drop Python 3.8 support.

• Support Python 3.13.

Commits

• 9568acb Version 4.7.0
• 14e1129 Support Django 5.2 (#988)
• 4c551e9 Run pre-commit, coverage, and readthedocs on Python 3.13
• 88c0c48 Upgrade django-stubs to 5.1.2
• 0bb6fe5 Upgrade Black used by blacken-docs to 25.1.0
• 0d20b5a [pre-commit.ci] pre-commit autoupdate (#987)
• 81c98d9 Upgrade requirements (#986)
• beac952 [pre-commit.ci] pre-commit autoupdate (#985)
• de836c8 Bump astral-sh/setup-uv from 4 to 5 in the github-actions group (#984)
• 4d3a833 Upgrade requirements (#982)
• Additional commits viewable in compare view

Updates django-environ from 0.11.2 to 0.12.0

Release notes

Sourced from django-environ's releases.

v0.12.0

Fixed Include prefix in the ImproperlyConfigured error message #513.

Added Add support for Python 3.12 and 3.13 #538.

Add support for Django 5.1 #535.

Add support for Django CockroachDB driver #509.

Add support for Django Channels #266.

Changed Disabled inline comments handling by default due to potential side effects. While the feature itself is useful, the project’s philosophy dictates that it should not be enabled by default for all users #499.

Removed Removed support of Python 3.6, 3.7 and 3.8 #538.

Removed support of Django 1.x. #538.

Changelog

Sourced from django-environ's changelog.

v0.12.0_ - 8-November-2024

Fixed +++++

• Include prefix in the ImproperlyConfigured error message [#513](https://github.com/joke2k/django-environ/issues/513) <https://github.com/joke2k/django-environ/issues/513>_.

Added +++++

• Add support for Python 3.12 and 3.13 [#538](https://github.com/joke2k/django-environ/issues/538) <https://github.com/joke2k/django-environ/issues/538>_.
• Add support for Django 5.1 [#535](https://github.com/joke2k/django-environ/issues/535) <https://github.com/joke2k/django-environ/issues/535>_.
• Add support for Django CockroachDB driver [#509](https://github.com/joke2k/django-environ/issues/509) <https://github.com/joke2k/django-environ/issues/509>_.
• Add support for Django Channels [#266](https://github.com/joke2k/django-environ/issues/266) <https://github.com/joke2k/django-environ/issues/266>_.

Changed +++++++

• Disabled inline comments handling by default due to potential side effects. While the feature itself is useful, the project's philosophy dictates that it should not be enabled by default for all users [#499](https://github.com/joke2k/django-environ/issues/499) <https://github.com/joke2k/django-environ/issues/499>_.

Removed +++++++

• Removed support of Python 3.6, 3.7 and 3.8 [#538](https://github.com/joke2k/django-environ/issues/538) <https://github.com/joke2k/django-environ/issues/538>_.
• Removed support of Django 1.x. [#538](https://github.com/joke2k/django-environ/issues/538) <https://github.com/joke2k/django-environ/issues/538>_.

Commits

• 176e812 Merge pull request #545 from joke2k/develop
• 993b36c Merge branch 'main' into develop
• 00c8203 Update change log
• 8e844ac Correct code style
• 6abdb86 Add tests for kwarg overriding engine/backend from urls
• d92e11b Update change log
• 60164fd chore: Prefer Redis default port 6379
• 8b70d9f feat: Redis Pub/Sub
• 8729165 feat: Channels URL support
• 0f2e088 Update change log
• Additional commits viewable in compare view

Updates django to 5.1.6

Commits

• 8c9973c [5.1.x] Bumped version for 5.1.6 release.
• df27e43 [5.1.x] Added release date for 5.1.6, 5.0.12, and 4.2.19.
• 4a04944 [5.1.x] Clarified docs for default email value in UserManager.create_user().
• b814f4c [5.1.x] Refs #35612 -- Extended docs on how the security team evaluates reports.
• 328d54f [5.1.x] Refs #36140 -- Added missing import in django/contrib/auth/forms.py.
• 8552eef [5.1.x] Fixed #36140 -- Allowed BaseUserCreationForm to define non required p...
• 76b4fb7 [5.1.x] Fixed #36162 -- Fixed the black Makefile docs rule to work on macOS.
• 173edeb [5.1.x] Corrected ArrayAgg example for ordering usage.
• 4f0169e [5.1.x] Tweaked docs to avoid reformatting given new black version.
• 9d1945d [5.1.x] Clarified the Releaser's discretion for determining and postponing th...
• Additional commits viewable in compare view

Updates django-tiptap from 0.0.10 to 0.0.18

Updates djangorestframework from 3.15.1 to 3.15.2

Release notes

Sourced from djangorestframework's releases.

3.15.2

What's Changed

• Add @​api_view example to caching documentation by @​BradWells in encode/django-rest-framework#9131
• Update docstring by @​jthevos in encode/django-rest-framework#9340
• Apply black formatting to caching markdown by @​jthevos in encode/django-rest-framework#9341
• Update renderers documentation example by @​mgaligniana in encode/django-rest-framework#9362
• Removing live examples of tutorial code that are no longer hosted by @​TGoddessana in encode/django-rest-framework#9363
• Docs: Remove an unnecessary step from quickstart.md by @​gogowitsch in encode/django-rest-framework#9387
• Documentation: Add Python 3.12 to the requirements by @​Szaroslav in encode/django-rest-framework#9382
• Tweak README.md links. by @​tomchristie in encode/django-rest-framework#9375
• Revert "Ensure CursorPagination respects nulls in the ordering field" by @​max-muoto in encode/django-rest-framework#9381
• use warnings rather than logging a warning for DecimalField warnings by @​terencehonles in encode/django-rest-framework#9367
• 20240426 docs by @​peterthomassen in encode/django-rest-framework#9392
• Cleanup by @​peterthomassen in encode/django-rest-framework#9393
• tests: Check urlpatterns after cleanups by @​stanislavlevin in encode/django-rest-framework#9400
• docs: Correct some evaluation results and a httpie option in Tutorial1 by @​wkwkhautbois in encode/django-rest-framework#9421
• Add __hash__ method for permissions.OperandHolder class by @​vanya909 in encode/django-rest-framework#9417
• Fix potential XSS vulnerability in break_long_headers template filter by @​ch4n3-yoon in encode/django-rest-framework#9435
• Version 3.15.2. by @​tomchristie in encode/django-rest-framework#9439

New Contributors

• @​BradWells made their first contribution in encode/django-rest-framework#9131
• @​jthevos made their first contribution in encode/django-rest-framework#9340
• @​gogowitsch made their first contribution in encode/django-rest-framework#9387
• @​Szaroslav made their first contribution in encode/django-rest-framework#9382
• @​wkwkhautbois made their first contribution in encode/django-rest-framework#9421
• @​ch4n3-yoon made their first contribution in encode/django-rest-framework#9435

Full Changelog: encode/django-rest-framework@3.15.1...3.15.2

Commits

• c7a7eae Version 3.15.2 (#9439)
• 3b41f01 Fix potential XSS vulnerability in break_long_headers template filter (#9435)
• fe92f0d Add __hash__ method for permissions.OperandHolder class (#9417)
• fbdab09 docs: Correct some evaluation results and a httpie option in Tutorial1 (#9421)
• 36d5c0e tests: Check urlpatterns after cleanups (#9400)
• 9d4ed05 Don't use Windows line endings
• b34bde4 Fix typo in setup.cfg setting
• ab681f2 Update requirements in docs
• 2237724 bump pygments (security hygiene)
• d58b8da Update deprecation hints
• Additional commits viewable in compare view

Updates django-graphql-jwt from 0.3.0 to 0.4.0

Release notes

Sourced from django-graphql-jwt's releases.

v0.4.0 (2023-08-04)

• Added german translation
• Added support for any root query name

v0.3.4 (2021-08-12)

• Added JSONWebTokenBackend.get_user method

v0.3.3 (2021-07-24)

• Added Graphene V2 support

v0.3.2 (2021-04-09)

• Added support for PyJWT>=2
• Removed signals providing_args
• Added JWT_COOKIE_SAMESITE setting
• Added support for Graphene v3

v0.3.1 (2020-04-04)

• Set JWT-refresh-token cookie on tokenAuth mutation
• Read token/refresh-token from cookies (TokenAuth, Refresh, Verify and Revoke mutations)
• Add refreshExpiredIn field
• Add token payload to tokenAuth mutation
• Add DeleteJSONWebTokenCookie and DeleteRefreshTokenCookie mutations
• Add JWT_REUSE_REFRESH_TOKENS setting in order to reuse the refresh token instances
• Add JWT_HIDE_TOKEN_FIELDS setting (prevent XSS exploitation)
• Add JWT_CSRF_ROTATION setting
• Add JWT_COOKIE_PATH and JWT_COOKIE_DOMAIN settings
• Removed ugettext in favor of gettext

Changelog

Sourced from django-graphql-jwt's changelog.

0.4.0

• Added german translation
• Added support for any root query name

0.3.4

• Added JSONWebTokenBackend.get_user method

0.3.3

• Added Graphene V2 support

0.3.2

• Added support for PyJWT>=2
• Removed signals providing_args
• Added JWT_COOKIE_SAMESITE setting
• Added support for Graphene v3

0.3.1

• Set JWT-refresh-token cookie on tokenAuth mutation
• Read token/refresh-token from cookies (TokenAuth, Refresh, Verify and Revoke mutations)
• Add refreshExpiresIn field
• Add token payload to tokenAuth mutation
• Add DeleteJSONWebTokenCookie and DeleteRefreshTokenCookie mutations
• Add JWT_REUSE_REFRESH_TOKENS setting in order to reuse the refresh token instances
• Add JWT_HIDE_TOKEN_FIELDS setting (prevent XSS exploitation)
• Add JWT_CSRF_ROTATION setting
• Add JWT_COOKIE_PATH and JWT_COOKIE_DOMAIN settings
• Removed ugettext in favor of gettext

Commits

• 0debe4f 0.4.0
• 10d2408 Added ResolveInfoTestCase
• 4a45e21 Removed GraphQLResolveInfo in favor of graphene ResolveInfo
• 2290b30 Added USE_TZ to test settings
• a8941a1 Merge pull request #320 from flavors/fix/allow-any
• f8ef841 Fixed allow_any tests
• a5db342 Updated github workflows
• 9660f0e Removed poetry in favor of hatchling
• ea3a76e Added Django 4 support
• 5606274 Updated gitignore
• Additional commits viewable in compare view

Updates django-anymail[amazon_ses] from 11.0.1 to 12.0

Release notes

Sourced from django-anymail[amazon_ses]'s releases.

v12.0

Changelog

v11.1

Changelog

Changelog

Sourced from django-anymail[amazon_ses]'s changelog.

v12.0

2024-09-09

Breaking changes

* Require **Django 4.0 or later** and Python 3.8 or later.
Features

* **Resend:** Add support for ``send_at``.
Fixes

* **Unisender Go:** Fix several problems in Anymail's Unisender Go status tracking
  webhook. Rework signature checking to fix false validation errors (particularly
  on "clicked" and "opened" events). Properly handle "use single event" webhook
  option. Correctly verify WEBHOOK_SECRET when set. Provide Unisender Go's
  ``delivery_status`` code and unsubscribe form ``comment`` in Anymail's
  ``event.description``. Treat soft bounces as "deferred" rather than "bounced".
  (Thanks to `@MikeVL`_ for fixing the signature validation problem.)

Other



Mandrill (docs): Explain how cc and bcc handling depends on

Mandrill's "preserve recipients" option. (Thanks to @dgilmanAIDENTIFIED_

for reporting the issue.)


Postal (docs): Update links to Postal's new documentation site.

(Thanks to @jmduke_.)


v11.1
2024-08-07
Features



Brevo: Support Brevo's new "Complaint," "Error" and "Loaded by proxy"
tracking events. (Thanks to @originell_ for the update.)

Deprecations
</tr></table> 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>

<li><a href="https://github.com/anymail/django-anymail/commit/35383c7140289e82b39ada5980077898aa07d18d&quot;&gt;&lt;code&gt;35383c7&lt;/code&gt;&lt;/a> Release 12.0</li>

<li><a href="https://github.com/anymail/django-anymail/commit/063fb08a588de7432107c640e9030b457ded7df7&quot;&gt;&lt;code&gt;063fb08&lt;/code&gt;&lt;/a> Amazon SES: add webhook extension points; close webhook boto3 clients</li>

<li><a href="https://github.com/anymail/django-anymail/commit/1da9011f50e9e3c178d7958a1ff21f8b73b2f797&quot;&gt;&lt;code&gt;1da9011&lt;/code&gt;&lt;/a> CI/CD: use Python 3.12 by default</li>

<li><a href="https://github.com/anymail/django-anymail/commit/0e020b21e2d1b8804ad85b98c0d9ba3d4a67cb77&quot;&gt;&lt;code&gt;0e020b2&lt;/code&gt;&lt;/a> Docs: update tooling</li>

<li><a href="https://github.com/anymail/django-anymail/commit/2324cb48a365605b1a500acebdc635b958555804&quot;&gt;&lt;code&gt;2324cb4&lt;/code&gt;&lt;/a> Drop Python 3.7</li>

<li><a href="https://github.com/anymail/django-anymail/commit/e4331d224955a7df8b09063f639304d58163660a&quot;&gt;&lt;code&gt;e4331d2&lt;/code&gt;&lt;/a> Unisender Go: Fix status tracking webhook and tests.</li>

<li><a href="https://github.com/anymail/django-anymail/commit/2f2a888f610ec37577ecbcad92959ef89fa0fe16&quot;&gt;&lt;code&gt;2f2a888&lt;/code&gt;&lt;/a> Resend: add support for send_at</li>

<li><a href="https://github.com/anymail/django-anymail/commit/af6eaea5657ff2a0d51f36f742c61b1785b9b63e&quot;&gt;&lt;code&gt;af6eaea&lt;/code&gt;&lt;/a> Docs: Note Mandrill's cc/bcc handling depends on preserve_recipients</li>

<li><a href="https://github.com/anymail/django-anymail/commit/03f5fb7641c3c13eba7b3dd471f768c4b39fbbe4&quot;&gt;&lt;code&gt;03f5fb7&lt;/code&gt;&lt;/a> Docs: Update outdated Postal links</li>

<li><a href="https://github.com/anymail/django-anymail/commit/397dcf5f8a6dcbdf84c0e769919a531559c3658e&quot;&gt;&lt;code&gt;397dcf5&lt;/code&gt;&lt;/a> Docs: prep for upcoming RTD build changes</li>

<li>Additional commits viewable in <a href="https://github.com/anymail/django-anymail/compare/v11.0.1...v12.0&quot;&gt;compare view</a></li>

</ul>

</details>
<br />


Updates django-storages[boto3] from 1.14.4 to 1.14.5

Changelog
Sourced from django-storages[boto3]'s changelog.

1.14.5 (2025-02-15)

General

Revert exists() behavior to pre-1.14.4 semantics with additional hardening for Django versions < 4.2 to fix
CVE-2024-39330. This change matches the eventual behavior Django itself shipped with. ([#1484](https://github.com/jschneier/django-storages/issues/1484), [#1486](https://github.com/jschneier/django-storages/issues/1486))
Add support for Django 5.1 ([#1444](https://github.com/jschneier/django-storages/issues/1444)_)

Azure

Deprecated: The setting AZURE_API_VERSION/api_version setting is deprecated in favor of
the new AZURE_CLIENT_OPTIONS setting. A future version will remove support for this setting.
Add AZURE_CLIENT_OPTIONS settings to enable customization of all BlobServiceClient parameters
such as api_version and all retry* options. ([#1432](https://github.com/jschneier/django-storages/issues/1432)_)

Dropbox

As part of the above hardening fix a bug was uncovered whereby a root_path setting would be applied
multiple times during save() ([#1484](https://github.com/jschneier/django-storages/issues/1484)_)
Fix setting OAuth2 access token via env var ([#1452](https://github.com/jschneier/django-storages/issues/1452)_)

FTP

Fix incorrect exists() results due to an errant appended slash ([#1438](https://github.com/jschneier/django-storages/issues/1438)_)

Google Cloud

Switch checksum to crc32c to fix downloading when running in FIPS mode ([#1473](https://github.com/jschneier/django-storages/issues/1473)_)
Fix double decompression when using gzip ([#1457](https://github.com/jschneier/django-storages/issues/1457)_)

.. _#1484: jschneier/django-storages#1484
.. _#1486: jschneier/django-storages#1486
.. _#1444: jschneier/django-storages#1444
.. _#1432: jschneier/django-storages#1432
.. _#1473: jschneier/django-storages#1473
.. _#1457: jschneier/django-storages#1457
.. _#1452: jschneier/django-storages#1452
.. _#1438: jschneier/django-storages#1438



Commits

3c0fe9f Release version 1.14.5 (#1487)
5db357a Apply additional validation in overwrite path (#1486)
394e5d6 Revert "[general] Write overwriting files in terms of .exists() (#1422)" (#1484)
af98a96 Exclude Python3.10 and Python3.11 with Django main (#1485)
b79ea31 [gcloud] Fix double decompression when using gzip (#1457)
b3513ec [gcloud] use a different checksum method to fix downloading in FIPS mode (#1473)
fda4e23 Fix Google Cloud tests (#1476)
f029e50 [docs/gcloud] (#1459)
48702fa [docs/azure] Fix typo in the max_memory_size config option (#1458)
1725606 [dropbox] Fix setting oauth2 access token via env var (#1452)
Additional commits viewable in compare view




Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.