build(deps): bump the minor-and-patch group with 10 updates

[dependabot]

Bumps the minor-and-patch group with 10 updates:

Package	From	To
boto3	1.39.9	1.42.42
botocore-stubs	1.38.46	1.42.41
celery	5.5.3	5.6.2
django-browser-reload	1.18.0	1.21.0
django-click	2.4.1	2.5.0
django-cors-headers	4.7.0	4.9.0
django-markdownify	0.9.5	0.9.6
django-oauth-toolkit	3.0.1	3.2.0
social-auth-core	4.7.0	4.8.3
rich	14.0.0	14.3.2

Updates boto3 from 1.39.9 to 1.42.42

Commits

• 79499f4 Merge branch 'release-1.42.42'
• f649133 Bumping version to 1.42.42
• 73523d2 Add changelog entries from botocore
• 60637f8 Merge branch 'release-1.42.41'
• 0307240 Merge branch 'release-1.42.41' into develop
• 662d4a3 Bumping version to 1.42.41
• 5dcc61b Add changelog entries from botocore
• 15a7817 Merge branch 'release-1.42.40'
• 6bea792 Merge branch 'release-1.42.40' into develop
• 3f92d07 Bumping version to 1.42.40
• Additional commits viewable in compare view

Updates botocore-stubs from 1.38.46 to 1.42.41

Commits

• See full diff in compare view

Updates celery from 5.5.3 to 5.6.2

Release notes

Sourced from celery's releases.

v5.6.2

What's Changed

• Fix recursive WorkController instantiation in DjangoWorkerFixup + AttributeError when pool_cls is a string by @​bruunotrindade in celery/celery#10045
• Bugfix: Revoked tasks now immediately update backend status to REVOKED by @​Nusnus in celery/celery#9869
• Prepare for release: v5.6.2 by @​Nusnus in celery/celery#10049

New Contributors

• @​bruunotrindade made their first contribution in celery/celery#10045

Full Changelog: celery/celery@v5.6.1...v5.6.2

v5.6.1

What's Changed

• Fix Redis Sentinel ACL authentication support by @​anthonykuzmich7 in celery/celery#10013
• Fix: Broker heartbeats not sent during graceful shutdown by @​weetster in celery/celery#9986
• docs #5410 -- Document confirm_publish broker transport option by @​JaeHyuckSa in celery/celery#10016
• close DB pools only in prefork mode by @​petrprikryl in celery/celery#10020
• Fix: Avoid unnecessary Django database connection creation during cleanup by @​snopoke in celery/celery#10015
• reliable prefork detection by @​petrprikryl in celery/celery#10023
• better coverage by @​petrprikryl in celery/celery#10029
• Docs: clarify result_extended vs periodic task metadata and show headers["periodic_task_name"] example by @​SpaceShaman in celery/celery#10030
• Stop importing pytest_subtests by @​cjwatson in celery/celery#10032
• Only use exceptiongroup backport for Python < 3.11 by @​cjwatson in celery/celery#10033
• Prepare for release: v5.6.1 by @​Nusnus in celery/celery#10037

New Contributors

• @​anthonykuzmich7 made their first contribution in celery/celery#10013
• @​weetster made their first contribution in celery/celery#9986
• @​JaeHyuckSa made their first contribution in celery/celery#10016
• @​snopoke made their first contribution in celery/celery#10015
• @​SpaceShaman made their first contribution in celery/celery#10030

Full Changelog: celery/celery@v5.6.0...v5.6.1

v5.6.0

Celery v5.6.0 is now available.

Key Highlights

See What's new in Celery 5.6 for a complete overview or read the main highlights below.

Python 3.9 Minimum Version

Celery 5.6.0 drops support for Python 3.8 (EOL). The minimum required Python version is now 3.9. Users still on Python 3.8 must upgrade their Python version before upgrading to Celery 5.6.0.

Additionally, this release includes initial support for Python 3.14.

SQS: Reverted to pycurl from urllib3

The switch from pycurl to urllib3 for the SQS transport (introduced in Celery 5.5.0 via Kombu) has been reverted due to critical issues affecting SQS users.

... (truncated)

Changelog

Sourced from celery's changelog.

5.6.2

:release-date: 2026-01-04 :release-by: Tomer Nosrati

What's Changed

- Fix recursive WorkController instantiation in DjangoWorkerFixup + AttributeError when pool_cls is a string ([#10045](https://github.com/celery/celery/issues/10045))
- Bugfix: Revoked tasks now immediately update backend status to REVOKED ([#9869](https://github.com/celery/celery/issues/9869))
- Prepare for release: v5.6.2 ([#10049](https://github.com/celery/celery/issues/10049))
.. _version-5.6.1:
5.6.1
:release-date: 2025-12-29
:release-by: Tomer Nosrati
What's Changed

• Fix Redis Sentinel ACL authentication support (#10013)
• Fix: Broker heartbeats not sent during graceful shutdown (#9986)
• docs #5410 -- Document confirm_publish broker transport option (#10016)
• close DB pools only in prefork mode (#10020)
• Fix: Avoid unnecessary Django database connection creation during cleanup (#10015)
• reliable prefork detection (#10023)
• better coverage (#10029)
• Docs: clarify result_extended vs periodic task metadata and show headers["periodic_task_name"] example (#10030)
• Stop importing pytest_subtests (#10032)
• Only use exceptiongroup backport for Python < 3.11 (#10033)
• Prepare for release: v5.6.1 (#10037)

.. _version-5.6.0:

5.6.0

:release-date: 2025-11-30 :release-by: Tomer Nosrati

Celery v5.6.0 is now available.

Key Highlights

See :ref:`whatsnew-5.6` for a complete overview or read the main highlights below.
</tr></table> 

... (truncated)

Commits

• 6a43c84 Prepare for release: v5.6.2 (#10049)
• 333a82f Bugfix: Revoked tasks now immediately update backend status to REVOKED (#9869)
• 9d6ab11 Fix recursive WorkController instantiation in DjangoWorkerFixup + AttributeEr...
• 21dbc73 Prepare for release: v5.6.1 (#10037)
• ba20bed Only use exceptiongroup backport for Python < 3.11 (#10033)
• 2167529 Stop importing pytest_subtests
• 0527296 Bump google-cloud-firestore from 2.21.0 to 2.22.0
• 5f8659b Clarify 'result_extended' setting usage in tasks
• f19db70 Bump mypy from 1.19.0 to 1.19.1 (#10028)
• 6da72bd better coverage (#10029)
• Additional commits viewable in compare view

Updates django-browser-reload from 1.18.0 to 1.21.0

Changelog

Sourced from django-browser-reload's changelog.

1.21.0 (2025-09-22)

• Add Content Security Policy (CSP) nonce support to the listener script tag, in both the middleware and the Jinja template tag.

  PR [#340](https://github.com/adamchainz/django-browser-reload/issues/340) <https://github.com/adamchainz/django-browser-reload/pull/340>__.

1.20.0 (2025-09-18)

• Support Django 6.0.

1.19.0 (2025-09-08)

• Support Python 3.14.

• Support the django-jinja template backend.

  Thanks to Jake Howard in PR [#309](https://github.com/adamchainz/django-browser-reload/issues/309) <https://github.com/adamchainz/django-browser-reload/pull/309>__.

Commits

• d21e7d8 Version 1.21.0
• 41835a5 Add CSP nonce support (#340)
• 3571cb8 Improve usage and description
• 1061afd Promote django-watchfiles
• ec22846 Remove outdated ASGI note
• 10301ed Improve tagline
• d944e33 Version 1.20.0
• b77a1dc Correct testing of Django 6.0 (#339)
• 9794a77 Support Django 6.0 (#338)
• ca5fbd0 Version 1.19.0
• Additional commits viewable in compare view

Updates django-click from 2.4.1 to 2.5.0

Release notes

Sourced from django-click's releases.

2.5.0

What's Changed

• Migrate to pyproject.toml by @​p-r-a-v-i-n in django-commons/django-click#67
• Support for Python 3.13, 3.14 and Django 6.0 by @​ulgens
• Multiple upgrades to modern testing tooling by @​ulgens
• Documentation improvements and cleanup by @​ulgens and @​FlipperPA

New Contributors

• @​p-r-a-v-i-n made their first contribution in django-commons/django-click#67

Full Changelog: django-commons/django-click@2.4.1...v2.5.0

Commits

• 2e9918d Improve readme (#70)
• 2f7d2ee migrate to pyproject.toml
• f4863a3 Merge pull request #65 from ulgens/drop-django5.0-eol
• b71cd0d Drop support for Django 5.0 (EOL)
• 9c4add4 Merge pull request #64 from ulgens/new-django-support
• e8302fc Merge pull request #68 from django-commons/remove-redundant-dependencies
• 967966b Remove redundant linter packages
• 7eec0fe Remove redundant automation packages
• 8f63377 Add support for Django 5.2, 6.0, and the main branch
• 86c0f1a Merge pull request #66 from ulgens/django-trove
• Additional commits viewable in compare view

Updates django-cors-headers from 4.7.0 to 4.9.0

Changelog

Sourced from django-cors-headers's changelog.

4.9.0 (2025-09-18)

• Support Django 6.0.

4.8.0 (2025-09-08)

• Support Python 3.14.

Commits

• a3a3ad2 Version 4.9.0
• 2f5a94b Correct testing of Django 6.0 (#1015)
• 4356514 Support Django 6.0 (#1014)
• eeaa041 Version 4.8.0
• b760e4d Support Python 3.14 (#1013)
• bf6abfb [pre-commit.ci] pre-commit autoupdate (#1012)
• 5d0c651 Upgrade dependencies (#1011)
• 873fd5f Use uvx to run tox on GitHub Actions (#1010)
• f8aa330 [pre-commit.ci] pre-commit autoupdate (#1009)
• b04460f [pre-commit.ci] pre-commit autoupdate (#1008)
• Additional commits viewable in compare view

Updates django-markdownify from 0.9.5 to 0.9.6

Commits

• f40a6fa Fix setup.py
• f62366f Merge pull request #67 from erwinmatijsen/v0.9.6
• 0c9e888 Update dependencies, drop support for Python 3.6
• fd9cb8b Merge pull request #65 from erwinmatijsen/dependabot/pip/docs/source/urllib3-...
• fc96118 Bump urllib3 from 2.3.0 to 2.6.0 in /docs/source
• b2bce15 Merge pull request #62 from erwinmatijsen/docs
• 45c98e5 Update docs requirements
• 81a1828 Merge branch 'main' of github.com:erwinmatijsen/django-markdownify
• 78f618f Update certifi
• df0370b Merge pull request #59 from erwinmatijsen/gh-56
• Additional commits viewable in compare view

Updates django-oauth-toolkit from 3.0.1 to 3.2.0

Release notes

Sourced from django-oauth-toolkit's releases.

Release 3.2.0

[3.2.0] - 2025-11-13

Added

• Support for Django 5.2
• Support for Python 3.14 (Django >= 5.2.8)
• #1539 Add device authorization grant support
• #1630 use token_checksum for lookup in _get_token_from_authentication_server

Fixed

• #1252 Fix crash when 'client' is in token request body
• #1496 Fix error when Bearer token string is empty but preceded by Bearer keyword.

Release 3.1.0

NOTE: This is the first release under the new django-oauth organization. The project moved in order to be more independent and to bypass quota limits on parallel CI jobs we were encountering in Jazzband. The project will emulateDjango Commons going forward in it's operation. We're always on the look for willing maintainers and contributors. Feel free to start participating any time. PR's are always welcome.

Added

• #1506 Support for Wildcard Origin and Redirect URIs - Adds a new setting ALLOW_URL_WILDCARDS. This feature is useful for working with CI service such as cloudflare, netlify, and vercel that offer branch deployments for development previews and user acceptance testing.
• #1586 Turkish language support added

Changed

The project is now hosted in the django-oauth organization.

Fixed

• #1517 OP prompts for logout when no OP session
• #1512 client_secret not marked sensitive
• #1521 Fix 0012 migration loading access token table into memory
• #1584 Fix IDP container in docker compose environment could not find templates and static files.
• #1562 Fix: Handle AttributeError in IntrospectTokenView
• #1583 Fix: Missing pt_BR translations

Changelog

Sourced from django-oauth-toolkit's changelog.

[3.2.0] - 2025-11-13

Added

• Support for Django 5.2
• Support for Python 3.14 (Django >= 5.2.8)
• #1539 Add device authorization grant support

Fixed

• #1252 Fix crash when 'client' is in token request body
• #1496 Fix error when Bearer token string is empty but preceded by Bearer keyword.
• #1630 use token_checksum for lookup in _get_token_from_authentication_server

[3.1.0] - 2025-10-03

NOTE: This is the first release under the new django-oauth organization. The project moved in order to be more independent and to bypass quota limits on parallel CI jobs we were encountering in Jazzband. The project will emulate Django Commons going forward in it's operation. We're always on the lookout for willing maintainers and contributors. Feel free to start participating any time. PR's are always welcome.

Added

• #1506 Support for Wildcard Origin and Redirect URIs - Adds a new setting ALLOW_URL_WILDCARDS. This feature is useful for working with CI service such as cloudflare, netlify, and vercel that offer branch deployments for development previews and user acceptance testing.
• #1586 Turkish language support added

Changed

The project is now hosted in the django-oauth organization.

Fixed

• #1517 OP prompts for logout when no OP session
• #1512 client_secret not marked sensitive
• #1521 Fix 0012 migration loading access token table into memory
• #1584 Fix IDP container in docker compose environment could not find templates and static files.
• #1562 Fix: Handle AttributeError in IntrospectTokenView
• #1583 Fix: Missing pt_BR translations

Commits

• 66c0cf0 chore: Release 3.2.0 (#1622)
• b8f4d5b fix: use token_checksum for lookup in _get_token_from_authentication_server (...
• 3197955 fix python version to allow 3.14.* (anything <3.15) (#1631)
• 94dd076 FIX reStructuredText syntax. (#1618)
• bade920 Fixed Handled error in OAuth2ExtraTokenMiddleware when authheader has `Bearer...
• 2cc2b60 fix: token request throws an error when client is provided in body (#1252)
• 87fef47 feat: Add device authorization grant (device code flow - rfc 8628) (#1539)
• 01dfd06 chore: ignore *.orig (#1615)
• 6863d82 chore: defer codecov notify until all jobs done (#1616)
• ef7ca6d chore: defer codecov notify until all jobs done (#1614)
• Additional commits viewable in compare view

Updates social-auth-core from 4.7.0 to 4.8.3

Release notes

Sourced from social-auth-core's releases.

Release 4.8.3

Changed

• Added registry to configure default strategy

Donations

This project welcomes donations to make the development sustainable. The following platforms are available for funding Python Social Auth:

• GitHub Sponsors
• Open Collective

Release 4.8.2

Changed

• The timeout parameter can be again configured
• Refactored HTTP authentication code
• Loosened some type checks for better downstream compatibility
• ID_KEY is now configurable
• Improved token expiry validation
• Additional OIDC parameters are now supported
• Improved refresh token logic
• Extended type annotations
• String RelayState in SAML is again supported
• Better handle OpenID exceptions

Removed

• itembase backend
• nk backend
• OAuth1 backend for Yahoo
• Do you see more backends where matching service is no longer available? Tell us to help identify unused code.

Donations

This project welcomes donations to make the development sustainable. The following platforms are available for funding Python Social Auth:

• GitHub Sponsors
• Open Collective

Release 4.8.1

Changed

• Fixed extra_data() invocation from refresh_token()
• Replaced jose with PyJWT in Ping backend
• Dropped OAuth1 backend for OpenStreetMap

Added

• OAuth2 URLs can now be overridden in the configuration

... (truncated)

Changelog

Sourced from social-auth-core's changelog.

4.8.3 - 2025-12-18

Changed

• Added registry to configured default strategy

4.8.2 - 2025-12-18

Changed

• The timeout parameter can be again configured
• Refactored HTTP authentication code
• Loosened some type checks for better downstream compatibility
• ID_KEY is now configurable
• Improved token expiry validation
• Additional OIDC parameters are now supported
• Improved refresh token logic
• Extended type annotations
• String RelayState in SAML is again supported
• Better handle OpenID exceptions

Removed

• itembase backend
• nk backend
• OAuth1 backend for Yahoo
• Do you see more backends where matching service is no longer available? Tell us to help identify unused code.

4.8.1 - 2025-10-09

Changed

• Fixed extra_data() invocation from refresh_token()
• Replaced jose with PyJWT in Ping backend
• Dropped OAuth1 backend for OpenStreetMap

Added

• OAuth2 URLs can now be overridden in the configuration

4.8.0 - 2025-10-07

Changed

• Fixed Gitea backend API authentication headers
• Improved RelayState and attributes handling in the SAML backend
• Changed domains for VK backend
• All API calls now include User-Agent header
• OIDC uses info from id_token when not present in the response
• Bring back option to skip and customize at_hash validation in OIDC

... (truncated)

Commits

• 5bd8ec7 chore: version bump 4.8.2
• 6b4e142 feat: provide way to configure default strategy
• 9c93ae2 chore: move type checking to a single workflow
• 174de11 chore: remove swig depency from tests
• e6ea908 chore: fix typo in changelog (#1489)
• 2b0660b chore: version bump 4.8.2
• fccb5c5 fix(deps): update dependency ty to v0.0.3 (#1487)
• 78e522a fix: restore previous behaviour for handling RelayState in SAML (#1469)
• 96535a1 fix(open-id): correctly wrap connection exception
• a997eab fix(deps): update dependency ty to v0.0.2 (#1485)
• Additional commits viewable in compare view

Updates rich from 14.0.0 to 14.3.2

Release notes

Sourced from rich's releases.

The ZWJy release

A fix for cell_len edge cases

[14.3.2] - 2026-02-01

Fixed

• Fixed solo ZWJ crash Textualize/rich#3953
• Fixed control codes reporting width of 1 Textualize/rich#3953

The Nerdy Fix release

Fixed issue with characters outside of unicode range reporting 0 cell size

[14.3.1] - 2026-01-24

Fixed

• Fixed characters out of unicode range reporting a cell size if 0 Textualize/rich#3944

The more emojis release

Rich now has support for multi-codepoint emojis. There have also been some Markdown improvements, and a number of fixes. See the release notes below for details.

[14.3.0] - 2026-01-24

Fixed

• IPython now respects when a Console instance is passed to pretty.install Textualize/rich#3915
• Fixed extraneous blank line on non-interactive disabled Progress Textualize/rich#3905
• Fixed extra padding on first cell in columns Textualize/rich#3935
• Fixed trailing whitespace removed when soft_wrap=True Textualize/rich#3937
• Fixed style new-lines when soft_wrap = True and a print style is set Textualize/rich#3938

Added

• Added support for some multi-codepopint glyphs (will fix alignment issues for these characters) Textualize/rich#3930
• Added support for UNICODE_VERSION environment variable Textualize/rich#3930
• Added last_render_height property to LiveRender Textualize/rich#3934
• Expose locals_max_depth and locals_overflow in traceback.install Textualize/rich#3906
• Added Segment.split_lines_terminator Textualize/rich#3938

Changed

• cells.cell_len now has a unicode_version parameter (that you probably should never change) Textualize/rich#3930
• Live will not write a new line if there was nothing rendered Textualize/rich#3934
• Changed style of Markdown headers Textualize/rich#3942
• Changed style of Markdown tables, added markdown.table.header and markdown.table.border styles Textualize/rich#3942
• Changed style of Markdown rules Textualize/rich#3942

The Easy as Pi release

This release bumps Python compatibility to the just-released Python 3.14.

... (truncated)

Changelog

Sourced from rich's changelog.

[14.3.2] - 2026-02-01

Fixed

• Fixed solo ZWJ crash Textualize/rich#3953
• Fixed control codes reporting width of 1 Textualize/rich#3953

[14.3.1] - 2026-01-24

Fixed

• Fixed characters out of unicode range reporting a cell size if 0 Textualize/rich#3944

[14.3.0] - 2026-01-24

Fixed

• IPython now respects when a Console instance is passed to pretty.install Textualize/rich#3915
• Fixed extraneous blank line on non-interactive disabled Progress Textualize/rich#3905
• Fixed extra padding on first cell in columns Textualize/rich#3935
• Fixed trailing whitespace removed when soft_wrap=True Textualize/rich#3937
• Fixed style new-lines when soft_wrap = True and a print style is set Textualize/rich#3938

Added

• Added support for some multi-codepopint glyphs (will fix alignment issues for these characters) Textualize/rich#3930
• Added support for UNICODE_VERSION environment variable Textualize/rich#3930
• Added last_render_height property to LiveRender Textualize/rich#3934
• Expose locals_max_depth and locals_overflow in traceback.install Textualize/rich#3906
• Added Segment.split_lines_terminator Textualize/rich#3938

Changed

• cells.cell_len now has a unicode_version parameter (that you probably should never change) Textualize/rich#3930
• Live will not write a new line if there was nothing rendered Textualize/rich#3934
• Changed style of Markdown headers Textualize/rich#3942
• Changed style of Markdown tables, added markdown.table.header and markdown.table.border styles Textualize/rich#3942
• Changed style of Markdown rules Textualize/rich#3942

[14.2.0] - 2025-10-09

Changed

• Python3.14 compatibility Textualize/rich#3861

Fixed

• Fixed exception when calling inspect on objects with unusual __qualname__ attribute Textualize/rich#3894

[14.1.0] - 2025-06-25

... (truncated)

Commits

• 0752ff0 Merge pull request #3953 from Textualize/zwj-fix
• 54ae0cf simplify
• 07edb85 refine
• 31930dd fix test
• 454fcfc stupid comment
• 13f87a4 Fix ZWJ and edge cases
• 1d402e0 fix dates
• f2a1c3b Merge pull request #3944 from Textualize/nerf-fonts
• 2e5a5da changelog
• 73ee823 fix fonts
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.