Skip to content

chore(deps): bump the package-updates group across 1 directory with 5 updates#3799

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/package-updates-71891b75f7
Closed

chore(deps): bump the package-updates group across 1 directory with 5 updates#3799
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/package-updates-71891b75f7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 12, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on django-storages[s3], django, environs[django], bandit[toml] and django-stubs to permit the latest version.
Updates django-storages[s3] to 1.14.6

Changelog

Sourced from django-storages[s3]'s changelog.

1.14.6 (2025-04-01)


Google Cloud

  • Add option to sign URLs via IAM Blob API ([#1427](https://github.com/jschneier/django-storages/issues/1427)_)

S3

  • Fix exists calls when using SSE-C ([#1451](https://github.com/jschneier/django-storages/issues/1451)_)
  • Default url_protocol to https: if set to None ([#1483](https://github.com/jschneier/django-storages/issues/1483)_)

.. _#1427: jschneier/django-storages#1427 .. _#1451: jschneier/django-storages#1451 .. _#1483: jschneier/django-storages#1483

1.14.5 (2025-02-15)


General

  • Revert exists() behavior to pre-1.14.4 semantics with additional hardening for Django versions < 4.2 to fix CVE-2024-39330. This change matches the eventual behavior Django itself shipped with. ([#1484](https://github.com/jschneier/django-storages/issues/1484), [#1486](https://github.com/jschneier/django-storages/issues/1486))
  • Add support for Django 5.1 ([#1444](https://github.com/jschneier/django-storages/issues/1444)_)

Azure

  • Deprecated: The setting AZURE_API_VERSION/api_version setting is deprecated in favor of the new AZURE_CLIENT_OPTIONS setting. A future version will remove support for this setting.
  • Add AZURE_CLIENT_OPTIONS settings to enable customization of all BlobServiceClient parameters such as api_version and all retry* options. ([#1432](https://github.com/jschneier/django-storages/issues/1432)_)

Dropbox

  • As part of the above hardening fix a bug was uncovered whereby a root_path setting would be applied multiple times during save() ([#1484](https://github.com/jschneier/django-storages/issues/1484)_)
  • Fix setting OAuth2 access token via env var ([#1452](https://github.com/jschneier/django-storages/issues/1452)_)

FTP

  • Fix incorrect exists() results due to an errant appended slash ([#1438](https://github.com/jschneier/django-storages/issues/1438)_)

Google Cloud

... (truncated)

Commits

Updates django from 5.2.15 to 6.0.6

Commits
  • ee93f65 [6.0.x] Bumped version for 6.0.6 release.
  • 1721035 [6.0.x] Fixed CVE-2026-48587 -- Ignored whitespace padding when checking Vary...
  • 664652f [6.0.x] Fixed CVE-2026-35193 -- Varied on Authorization when caching non-publ...
  • b433025 [6.0.x] Fixed CVE-2026-8404 -- Used Cache-Control directives case-insensitive...
  • 625a670 [6.0.x] Fixed CVE-2026-7666 -- Delayed setting SMTP connection until fully co...
  • c807d9c [6.0.x] Fixed CVE-2026-6873 -- Prevented signed cookie salt namespace collisi...
  • 98a75e3 [6.0.x] Included commit hash in checksum file when building artifacts for rel...
  • dd895d6 [6.0.x] Updated translations from Transifex.
  • 49ca2db [6.0.x] Updated links to severity levels in release notes.
  • c9f32a2 [6.0.x] Added stub release notes and release date for 6.0.6 and 5.2.15.
  • Additional commits viewable in compare view

Updates environs[django] to 15.0.1

Changelog

Sourced from environs[django]'s changelog.

15.0.1 (2026-04-06)

Bug fixes:

  • Exported environment variables take precedence over .env files (regression from 15.0.0) (#464). Thanks DougEdey-Slice for reporting.

15.0.0 (2026-03-31)

Features:

  • Env.read_env no longer mutates os.environ (#393). Values from .env files are loaded into the Env instance only. This comes with two breaking changes:
    • Env.read_env is now an instance method rather than a @staticmethod. Env.read_env() -> env.read_env()
    • The verbose parameter of read_env is been removed.

Other changes:

  • Drop support for marshmallow 3, which is EOL. marshmallow>=4.0.0 is supported.
  • Minor typing improvements (#463).

14.6.0 (2026-02-19)

Bug fixes:

  • Fix variable expansion with other characters (#359). Thanks flymanzhao for reporting and veeceey for the PR.

Other changes:

  • Update lowest supported marshmallow version to 3.26.2 (#448). Thanks whyscream for the PR.

14.5.0 (2025-11-02)

Features:

  • Add strip_whitespace param to FileAwareEnv (#431). Thanks eandersons for the suggestion and PR.

Other changes:

  • Drop support for Python 3.9, which is EOL.

14.4.0 (2025-10-29)

Features:

  • Add support for ISO 8601 durations to env.timedelta. (#434). Thanks lucas-bremond for the suggestion and PR.

... (truncated)

Commits

Updates bandit[toml] to 1.9.4

Release notes

Sourced from bandit[toml]'s releases.

1.9.4

What's Changed

New Contributors

Full Changelog: PyCQA/bandit@1.9.3...1.9.4

Commits
  • 92ae8b8 Fix B106 reporting wrong line number on multiline function calls (#1360)
  • c8c8a55 Lower version guard in check_ast_node to Python 3.12 (#1355)
  • 8f2f928 Fix B615 false positive when revision is set via variable (#1358)
  • e27493f Include filename in nosec 'no failed test' warning (#1363)
  • b69b336 Fix B613 crash when reading from stdin (#1361)
  • e418b79 Bump docker/build-push-action from 6.18.0 to 6.19.2 (#1357)
  • ff646fd Bump docker/login-action from 3.6.0 to 3.7.0 (#1353)
  • c0def6c chore: fixed some typos in comments (#1351)
  • 765f00d Limit B614 to torch.load deserializers (#1348)
  • 06fbbab Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (#1347)
  • Additional commits viewable in compare view

Updates django-stubs from 5.2.9 to 6.0.5

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

… updates

Updates the requirements on [django-storages[s3]](https://github.com/jschneier/django-storages), [django](https://github.com/django/django), [environs[django]](https://github.com/sloria/environs), [bandit[toml]](https://github.com/PyCQA/bandit) and [django-stubs](https://github.com/typeddjango/django-stubs) to permit the latest version.

Updates `django-storages[s3]` to 1.14.6
- [Changelog](https://github.com/jschneier/django-storages/blob/master/CHANGELOG.rst)
- [Commits](jschneier/django-storages@1.14.4...1.14.6)

Updates `django` from 5.2.15 to 6.0.6
- [Commits](django/django@5.2.15...6.0.6)

Updates `environs[django]` to 15.0.1
- [Changelog](https://github.com/sloria/environs/blob/main/CHANGELOG.md)
- [Commits](sloria/environs@11.0.0...15.0.1)

Updates `bandit[toml]` to 1.9.4
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](PyCQA/bandit@1.7.9...1.9.4)

Updates `django-stubs` from 5.2.9 to 6.0.5
- [Release notes](https://github.com/typeddjango/django-stubs/releases)
- [Commits](typeddjango/django-stubs@5.2.9...6.0.5)

---
updated-dependencies:
- dependency-name: django-storages[s3]
  dependency-version: 1.14.6
  dependency-type: direct:production
  dependency-group: package-updates
- dependency-name: django
  dependency-version: 6.0.6
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: package-updates
- dependency-name: environs[django]
  dependency-version: 15.0.1
  dependency-type: direct:production
  dependency-group: package-updates
- dependency-name: bandit[toml]
  dependency-version: 1.9.4
  dependency-type: direct:development
  dependency-group: package-updates
- dependency-name: django-stubs
  dependency-version: 6.0.5
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: package-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update Python:uv code labels Jun 12, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 16, 2026
@dependabot
dependabot Bot deleted the dependabot/uv/package-updates-71891b75f7 branch June 16, 2026 06:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update Python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant