Skip to content

chore(deps): bump the major-updates group across 1 directory with 4 updates#163

Open
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/pip/major-updates-83ac913933
Open

chore(deps): bump the major-updates group across 1 directory with 4 updates#163
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/pip/major-updates-83ac913933

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 2, 2026

Bumps the major-updates group with 4 updates in the / directory: django-health-check, django-grappelli, gunicorn and django-debug-toolbar.

Updates django-health-check from 3.20.8 to 4.4.0

Release notes

Sourced from django-health-check's releases.

4.4.0

What's Changed

New Contributors

Full Changelog: codingjoe/django-health-check@4.3.1...4.4.0

4.3.1

What's Changed

New Contributors

Full Changelog: codingjoe/django-health-check@4.3.0...4.3.1

4.3.0

What's Changed

Full Changelog: codingjoe/django-health-check@4.2.2...4.3.0

4.2.2

What's Changed

New Contributors

Full Changelog: codingjoe/django-health-check@4.2.1...4.2.2

4.2.1

What's Changed

Full Changelog: codingjoe/django-health-check@4.2.0...4.2.1

4.2.0

What's Changed

... (truncated)

Commits
  • e480bc0 Resolve #724 -- Add public dataclass field as OpenMetric label (#725)
  • e56c871 Clean up storage probe files when validation fails (#717)
  • 3421a3c Update copilot review instructions
  • c674d2f Revert "Update celery requirement from >=5.0.0 to >=5.6.3"
  • 04a22e5 Revert "Update flit-core requirement from >=3.2 to >=3.12.0"
  • 4d47e8a Revert "Update aio-pika requirement from >=9.0.0 to >=9.6.2"
  • e0d4479 Revert "Update django requirement from >=5.2 to >=5.2.13"
  • 8994dcc Revert "Update confluent-kafka requirement from >=2.0.0 to >=2.14.0"
  • 1f31638 Ref #701 -- Add support for a custom executor for synchronous checks (#716)
  • b79e960 Bump actions/upload-pages-artifact from 4 to 5
  • Additional commits viewable in compare view

Updates django-grappelli from 4.0.3 to 5.0.0

Changelog

Sourced from django-grappelli's changelog.

5.0.0 (April 29th, 2026)

  • Compatibility with Django 6.x

4.0.5 (not yet released)

4.0.4 (April 28th, 2026)

  • Improved: raised margins within radiolists
  • Improved: layout for multiple inputs in related widget
  • Improved: layout for related widget display in change list
Commits
  • 98c98e7 docs for upcoming release (5.0.0)
  • fa9fdbd fix with dashboard modules
  • fd0552f Merge branch 'master' into stable/5.0.x
  • be75293 docs for upcoming release (4.0.4)
  • dec6e41 apply label styles to legends in grp-rows, #1077
  • 0208cce hide datetime inline labels, #1077
  • 84d070b improving layout for related widget display in change list, related to #1072
  • 9e52129 improving layout for multiple inputs in related widget, #1072
  • 6622c4b improving layout for related widget display in change list, related to #1072
  • 1edb009 improving layout for multiple inputs in related widget, #1072
  • Additional commits viewable in compare view

Updates gunicorn from 23.0.0 to 25.3.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 25.3.0

Bug Fixes

  • HTTP/2 ASGI Body Duplication: Fix request body being received twice in HTTP/2 ASGI requests, causing JSON parsing errors with "Extra data" messages (#3558)

  • ASGI Chunked EOF Handling: Add finish() method to callback parser to handle chunked encoding edge case where connection closes before final CRLF after zero-chunk

  • HTTP/2 Documentation: Fix http_protocols examples to use comma-separated string instead of list syntax (#3561)

  • Chunked Encoding: Reject chunk extensions containing bare CR bytes per RFC 9112 (#3556)

  • Request Line Limit: Fix --limit-request-line 0 to mean unlimited as documented, instead of using default maximum. Works with both Python and fast C parser. (#3563)

Security

  • ASGI Parser Header Validation: Add security checks per RFC 9110/9112:
    • Reject duplicate Content-Length headers
    • Reject requests with both Content-Length and Transfer-Encoding
    • Reject chunked transfer encoding in HTTP/1.0
    • Reject stacked chunked encoding
    • Validate Transfer-Encoding values
    • Strict chunk size validation

Changes

  • Fast HTTP Parser: Update to gunicorn_h1c >= 0.6.3 for asgi_headers property and InvalidChunkExtension validation for bare CR rejection

  • ASGI PROXY Protocol: Add PROXY protocol v1/v2 support to callback parser

  • Docker Images: Update to Python 3.14

Gunicorn 25.2.0

New Features

  • Fast HTTP Parser (gunicorn_h1c 0.4.1): Integrate new exception types and limit parameters from gunicorn_h1c 0.4.1 for both WSGI and ASGI workers
    • Requires gunicorn_h1c >= 0.4.1 for http_parser='fast'
    • Falls back to Python parser in auto mode if version not met
    • Proper HTTP status codes for limit errors (414, 431)

Bug Fixes

  • uWSGI Async Workers: Fix InvalidUWSGIHeader: incomplete header error when using gevent or gthread workers with uwsgi protocol behind nginx. (#3552, [PR #3554](benoitc/gunicorn#3554))

... (truncated)

Commits
  • 9bce72c Update changelog with missing 25.3.0 changes
  • 2a15fdb Fix pylint isinstance-second-argument-not-valid-type warning
  • 8d08aaa Fix --limit-request-line 0 to mean unlimited
  • d40a374 Fix pytest-asyncio configuration and treq_asgi hex escapes
  • da8bd48 Remove unused AsyncRequest class
  • b00f125 Integrate gunicorn_h1c 0.6.3 with InvalidChunkExtension support
  • bdb2ebd Reject chunk extensions with bare CR bytes (RFC 9112)
  • 7057fc9 Fix http_protocols documentation to use string syntax
  • d43acb8 Update to gunicorn_h1c >= 0.6.2 for asgi_headers support
  • cbd27e8 Merge pull request #3559 from benleembruggen/fix/http2-asgi-body-duplication
  • Additional commits viewable in compare view

Updates django-debug-toolbar from 5.2.0 to 6.3.0

Release notes

Sourced from django-debug-toolbar's releases.

6.3.0

What's Changed

Changelog from docs:

  • Replaced requirements_dev.txt file for pyproject.toml support with dependency groups.
  • Updated ReadTheDocs Python version to 3.13.
  • Modernize some panel styles and colors.
  • Standardize use of time/duration units and labels across panels.
  • Added translations for Lithuanian, Turkish and Uzbek.
  • Update the translations.
  • Expose a py.typed marker file.
  • Updated RedirectsPanel to emit the deprecation warning when it’s used rather than on instantiation.
  • Highlighted the documentation about disabling the browser’s caching to ensure the latest static assets are used.
  • Fixed bug with CachePanel so the cache patching is only applied once.
  • Added debug_toolbar.store.CacheStore for storing toolbar data using Django’s cache framework. This provides persistence without requiring database migrations, and works with any cache backend (Memcached, Redis, database, file-based, etc.).
  • Added CACHE_BACKEND and CACHE_KEY_PREFIX settings to configure the CacheStore.

New Contributors

Full Changelog: django-commons/django-debug-toolbar@6.2.0...6.3.0

6.2.0

What's Changed

... (truncated)

Changelog

Sourced from django-debug-toolbar's changelog.

6.3.0 (2026-04-01)

  • Replaced requirements_dev.txt file for pyproject.toml support with dependency groups.
  • Updated ReadTheDocs Python version to 3.13.
  • Modernize some panel styles and colors.
  • Standardize use of time/duration units and labels across panels.
  • Added translations for Lithuanian, Turkish and Uzbek.
  • Update the translations.
  • Expose a py.typed marker file.
  • Updated RedirectsPanel to emit the deprecation warning when it's used rather than on instantiation.
  • Highlighted the documentation about disabling the browser's caching to ensure the latest static assets are used.
  • Fixed bug with CachePanel so the cache patching is only applied once.
  • Added debug_toolbar.store.CacheStore for storing toolbar data using Django's cache framework. This provides persistence without requiring database migrations, and works with any cache backend (Memcached, Redis, database, file-based, etc.).
  • Added CACHE_BACKEND and CACHE_KEY_PREFIX settings to configure the CacheStore.

6.2.0 (2026-01-20)

  • Deprecated RedirectsPanel in favor of HistoryPanel for viewing toolbar data from redirected requests.
  • Fixed support for generating code coverage comments in PRs.
  • Added Django 6.0 to the testing matrix. Removed Django 5.0 to save CI resources.
  • Show the cache backend alias and cache backend class name instead of the cache instance in the cache panel.
  • Dropped support for the Python 3.9, it has reached its end of life date.
  • Toggle tracking the toolbar's queries when using debug_toolbar.store.DatabaseStore with SKIP_TOOLBAR_QUERIES.
  • Fixed font family for code blocks and stack traces in the toolbar.
  • Added test to confirm Django's TestCase.assertNumQueries works.
  • Fixed string representation of values in settings panel.
  • Declared support for Django 6.0.

6.1.0 (2025-10-30)

  • Added support for async to timer panel.
  • Added a note about the default password in make example.
  • Removed logging about the toolbar failing to serialize a value into JSON.
  • Moved the the import statement of debug_toolbar.urls to within the if statement's scope on the installation documentation.

... (truncated)

Commits
  • b3f943b Version 6.3.0
  • 013631b [pre-commit.ci] pre-commit autoupdate
  • eeff5d1 Bump actions/cache from 5.0.3 to 5.0.4 in the github-actions group
  • 3a87785 Add store that uses cache framework
  • 0573846 [pre-commit.ci] pre-commit autoupdate
  • 7403bed Only patch the cache methods once.
  • 0d25b3a Bump actions/download-artifact in the github-actions group (#2333)
  • c89c8cf Bump zizmorcore/zizmor-action in the github-actions group
  • 7ae8fac [pre-commit.ci] pre-commit autoupdate (#2328)
  • 695cdb2 Highlighted docs on disabling browser caching. (#2302)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the major-updates group across 1 directory with 4 u…
6766cd9 
…pdates

Bumps the major-updates group with 4 updates in the / directory: [django-health-check](https://github.com/codingjoe/django-health-check), [django-grappelli](https://github.com/sehmaschine/django-grappelli), [gunicorn](https://github.com/benoitc/gunicorn) and [django-debug-toolbar](https://github.com/django-commons/django-debug-toolbar).


Updates `django-health-check` from 3.20.8 to 4.4.0
- [Release notes](https://github.com/codingjoe/django-health-check/releases)
- [Commits](codingjoe/django-health-check@3.20.8...4.4.0)

Updates `django-grappelli` from 4.0.3 to 5.0.0
- [Changelog](https://github.com/sehmaschine/django-grappelli/blob/master/docs/changelog.rst)
- [Commits](sehmaschine/django-grappelli@4.0.3...5.0.0)

Updates `gunicorn` from 23.0.0 to 25.3.0
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](benoitc/gunicorn@23.0.0...25.3.0)

Updates `django-debug-toolbar` from 5.2.0 to 6.3.0
- [Release notes](https://github.com/django-commons/django-debug-toolbar/releases)
- [Changelog](https://github.com/django-commons/django-debug-toolbar/blob/main/docs/changes.rst)
- [Commits](django-commons/django-debug-toolbar@5.2.0...6.3.0)

---
updated-dependencies:
- dependency-name: django-health-check
  dependency-version: 4.4.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: django-grappelli
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: gunicorn
  dependency-version: 25.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: django-debug-toolbar
  dependency-version: 6.3.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants