build(deps): bump the all-python-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the all-python-dependencies group with 7 updates in the /src directory:

Package	From	To
uvicorn	0.41.0	0.45.0
psycopg2	2.9.11	2.9.12
django	5.2.12	5.2.13
djangorestframework	3.16.1	3.17.1
requests	2.32.5	2.33.1
django-watchman	1.4.0	1.5.0
twilio	9.10.2	9.10.5

Updates uvicorn from 0.41.0 to 0.45.0

Release notes

Sourced from uvicorn's releases.

Version 0.45.0

What's Changed

• Preserve forwarded client ports in proxy headers middleware by @​Kludex in Kludex/uvicorn#2903
• Accept os.PathLike for log_config by @​Kludex in Kludex/uvicorn#2905
• Accept log_level strings case-insensitively by @​Kludex in Kludex/uvicorn#2907
• Raise helpful ImportError when PyYAML is missing for YAML log config by @​Kludex in Kludex/uvicorn#2906
• Revert empty context for ASGI runs by @​Kludex in Kludex/uvicorn#2911
• Add --reset-contextvars flag to isolate ASGI request context by @​Kludex in Kludex/uvicorn#2912
• Revert "Emit http.disconnect on server shutdown for streaming responses" (#2829) by @​Kludex in Kludex/uvicorn#2913

New Contributors

• @​Krishnachaitanyakc made their first contribution in Kludex/uvicorn#2870

Full Changelog: Kludex/uvicorn@0.44.0...0.45.0

Version 0.44.0

What's Changed

• Implement websocket keepalive pings for websockets-sansio by @​Kludex in Kludex/uvicorn#2888

Full Changelog: Kludex/uvicorn@0.43.0...0.44.0

Version 0.43.0

Changed

• Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)
• Use native context parameter for create_task on Python 3.11+ (#2859)
• Drop cast in ASGI types (#2875)

---

Full Changelog: Kludex/uvicorn@0.42.0...0.43.0

Version 0.42.0

Changed

• Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

• Escape brackets and backslash in httptools HEADER_RE regex (#2824)
• Fix multiple issues in websockets sans-io implementation (#2825)

---

New Contributors

• @​bysiber made their first contribution in Kludex/uvicorn#2825

---

... (truncated)

Changelog

Sourced from uvicorn's changelog.

0.45.0 (April 21, 2026)

Added

• Add --reset-contextvars flag to isolate ASGI request context (#2912)
• Accept os.PathLike for log_config (#2905)
• Accept log_level strings case-insensitively (#2907)

Changed

• Revert "Emit http.disconnect on server shutdown for streaming responses" (#2913)
• Revert "Explicitly start ASGI run with empty context" (#2911)

Fixed

• Preserve forwarded client ports in proxy headers middleware (#2903)
• Raise helpful ImportError when PyYAML is missing for YAML log config (#2906)

0.44.0 (April 6, 2026)

Added

• Implement websocket keepalive pings for websockets-sansio (#2888)

0.43.0 (April 3, 2026)

You can quit Uvicorn now. We heard you, @​pamelafox - all 47 of your Ctrl+C's (thanks for flagging it, and thanks to @​tiangolo for the fix 🙏). See the tweet.

Changed

• Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)
• Use native context parameter for create_task on Python 3.11+ (#2859)
• Drop cast in ASGI types (#2875)

0.42.0 (March 16, 2026)

Changed

• Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

• Escape brackets and backslash in httptools HEADER_RE regex (#2824)
• Fix multiple issues in websockets sans-io implementation (#2825)

Commits

• 2c423bd Version 0.45.0 (#2914)
• 7f027f8 Revert "Emit http.disconnect on server shutdown for streaming responses" (#...
• 73a80c3 Add --reset-contextvars flag to isolate ASGI request context (#2912)
• 45c0b56 Revert empty context for ASGI runs (#2911)
• 850d926 Raise helpful ImportError when PyYAML is missing for YAML log config (#2906)
• fdcacb4 Accept log_level strings case-insensitively (#2907)
• 70f247f Accept os.PathLike for log_config (#2905)
• 18edfa7 Preserve forwarded client ports in proxy headers middleware (#2903)
• 77843e0 Stabilize websocket keepalive ping test (#2904)
• 3703339 chore(deps-dev): bump pytest from 9.0.2 to 9.0.3 (#2902)
• Additional commits viewable in compare view

Updates psycopg2 from 2.9.11 to 2.9.12

Changelog

Sourced from psycopg2's changelog.

Current release

What's new in psycopg 2.9.12 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Fix infinite loop with malformed interval (:ticket:1835).

What's new in psycopg 2.9.11 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.14.
• Avoid a segfault passing more arguments than placeholders if Python is built with assertions enabled (:ticket:[#1791](https://github.com/psycopg/psycopg2/issues/1791)).
• Add riscv64 platform binary packages (:ticket:[#1813](https://github.com/psycopg/psycopg2/issues/1813)).
• ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 18.
• Drop support for Python 3.8.

What's new in psycopg 2.9.10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.13.
• Receive notifications on commit (:ticket:[#1728](https://github.com/psycopg/psycopg2/issues/1728)).
• ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 17.
• Drop support for Python 3.7.

What's new in psycopg 2.9.9 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.12.
• Drop support for Python 3.6.

What's new in psycopg 2.9.8 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Wheel package bundled with PostgreSQL 16 libpq in order to add support for recent features, such as sslcertmode.

What's new in psycopg 2.9.7 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Fix propagation of exceptions raised during module initialization (:ticket:[#1598](https://github.com/psycopg/psycopg2/issues/1598)).

... (truncated)

Commits

• 3a6d9d6 ci: include almalinux in whieel building
• ebca6bf chore: bump to version 3.9.12
• 0196f02 build(deps): bump pypa/cibuildwheel from 3.3.1 to 3.4.0
• d157bdc build(deps): bump docker/setup-qemu-action from 3 to 4
• 7fccc0f build(deps): bump actions/upload-artifact from 6 to 7
• d52a61e chore: bump dependency libraries
• b231d72 chore: fix building binary images
• 6d76e84 Merge pull request #1836 from psycopg/fix-1835
• f7e314c fix: overflow in malformed interval
• eb905c1 docs: replace bare except clause with except Exception
• Additional commits viewable in compare view

Updates django from 5.2.12 to 5.2.13

Commits

• 7d831a9 [5.2.x] Bumped version for 5.2.13 release.
• 49e1e2b [5.2.x] Fixed CVE-2026-33034 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE on body ...
• 0b46789 [5.2.x] Fixed CVE-2026-33033 -- Mitigated potential DoS in MultiPartParser.
• 397c220 [5.2.x] Fixed CVE-2026-4292 -- Disallowed instance creation via ModelAdmin.li...
• 60ffa95 [5.2.x] Fixed CVE-2026-4277 -- Checked add permissions in GenericInlineModelA...
• 1cc2a76 [5.2.x] Fixed CVE-2026-3902 -- Ignored headers with underscores in ASGIRequest.
• 2a8a76a [5.2.x] Added stub release notes and release date for 5.2.13 and 4.2.30.
• 90924f5 [5.2.x] Bumped black to 26.3.1.
• 0ee44c6 [5.2.x] Applied Black's 2026 stable style.
• 89b4d94 [5.2.x] Combined scripts confirm_release.sh and test_new_version.sh into veri...
• Additional commits viewable in compare view

Updates djangorestframework from 3.16.1 to 3.17.1

Release notes

Sourced from djangorestframework's releases.

3.17.1

What's Changed

Bug fixes

• Fix HTMLFormRenderer with empty datetime values by @​p-r-a-v-i-n in encode/django-rest-framework#9928

Full Changelog: encode/django-rest-framework@3.17.0...3.17.1

3.17.0

What's Changed

Breaking changes

• Drop support for Python 3.9 by @​auvipy in encode/django-rest-framework#9781
• Drop deprecated coreapi support by @​browniebroke in encode/django-rest-framework#9895

Features

• Add ability to specify output format for DurationField by @​sevdog in encode/django-rest-framework#8532
• Add missing decorators: @versioning_class(), @content_negotiation_class(), @metadata_class() for function-based views by @​qqii in encode/django-rest-framework#9719
• Add support for Python 3.14 by @​cclauss in encode/django-rest-framework#9780
• Support violation_error_code and violation_error_message from UniqueConstraint in UniqueTogetherValidator by @​s-aleshin in encode/django-rest-framework#9766
• Add support for ipaddress objects in JSONEncoder by @​corenting in encode/django-rest-framework#9087
• Add optional support to serialize BigInteger to string by @​HoodyH in encode/django-rest-framework#9775
• Add Django 6.0 support by @​MehrazRumman in encode/django-rest-framework#9819

Bug fixes

• Prevent small risk of Token overwrite by @​mahdirahimi1999 in encode/django-rest-framework#9754
• Fix UniqueTogetherValidator validation when condition references a read-only field by @​ticosax in encode/django-rest-framework#9764
• Fix validation on many to many field when default=None by @​Genarito in encode/django-rest-framework#9790
• Fix invalid SPDX license expression in __init__.py by @​TheFunctionalGuy in encode/django-rest-framework#9799
• Fix HTMLFormRenderer to ensure a valid datetime-local format by @​mgaligniana in encode/django-rest-framework#9365
• Fix mutable default arguments in OrderingFilter methods by @​killerdevildog in encode/django-rest-framework#9742
• Update TokenAdmin to respect USERNAME_FIELD of the user model by @​m000 in encode/django-rest-framework#9836
• Preserve ordering in MultipleChoiceField by @​fbozhang in encode/django-rest-framework#9735

Translations

• Update French translation by @​SebCorbin in encode/django-rest-framework#9770
• Update Brazilian Portuguese translations by @​JVPinheiroReis in encode/django-rest-framework#9828
• Fix and improve French translations by @​deronnax in encode/django-rest-framework#9896
• Add missing Russian translation by @​minorytanaka in encode/django-rest-framework#9903

Packaging

• Migrate packaging to pyproject.toml by @​deronnax in encode/django-rest-framework#9056
• Move package data rules from MANIFEST.in to pyproject.toml by @​p-r-a-v-i-n in encode/django-rest-framework#9825
• Set up release workflow with trusted publisher by @​browniebroke in encode/django-rest-framework#9852

Other changes

• Refactor token generation to use the secrets module by @​mahdirahimi1999 in encode/django-rest-framework#9760
• Add validation for decorator out-of-order with @api_view by @​kernelshard in encode/django-rest-framework#9821
• Switch to mkdocs material theme for documentation by @​browniebroke in encode/django-rest-framework#9849

New Contributors

• @​khaledsukkar2 made their first contribution in encode/django-rest-framework#9717

... (truncated)

Commits

• 22e231c Prepare bug fix release 3.17.1 (#9931)
• 8e99b53 Add condition to skip pushed tags from forks (#9924)
• c0407de Fix HTMLFormRenderer with empty datetime values (#9928)
• 30d58a7 Fix the book sizing in the documentation (#9926)
• 6f03b79 Tweak order of changes in release notes
• 021ab56 Bump version and update release notes for 3.17.0 (#9921)
• 19ebad7 Bump mkdocs-material[imaging] from 9.7.4 to 9.7.5 (#9923)
• f222c55 Correct requires-python key in pyproject.toml
• 7e7de6f Remove code fences from release checklist
• c599d30 Update release process
• Additional commits viewable in compare view

Updates requests from 2.32.5 to 2.33.1

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

New Contributors

• @​ferdnyc made their first contribution in psf/requests#7277

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

v2.33.0

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

New Contributors

• @​M0d3v1 made their first contribution in psf/requests#6865
• @​aminvakil made their first contribution in psf/requests#7220
• @​E8Price made their first contribution in psf/requests#6960
• @​mitre88 made their first contribution in psf/requests#7244
• @​magsen made their first contribution in psf/requests#6553
• @​Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

Commits

• 111d2b7 v2.33.1
• f0198e6 Fix malformed value parsing for Content-Type (#7309)
• bc7dd0f Fix cosmetic header validity parsing regex (#7308)
• 4443b1a Fix unintended test extra (#7306)
• 389eea5 Cleanup extracted file after extract_zipped_path test (#7305)
• 7407309 Packaging: DRY out extras definition (#7277)
• bc04dfd v2.33.0
• 66d21cb Merge commit from fork
• 8b9bc8f Move badges to top of README (#7293)
• e331a28 Remove unused extraction call (#7292)
• Additional commits viewable in compare view

Updates django-watchman from 1.4.0 to 1.5.0

Release notes

Sourced from django-watchman's releases.

1.5.0

Fixed

• #228 Fix database health check for Oracle — use SELECT 1 FROM DUAL instead of SELECT 1 which Oracle does not support without a FROM clause
• #231 Raise TypeError when WATCHMAN_CHECKS is a string instead of a sequence — prevents confusing ImportError when parentheses are used without a trailing comma (e.g. ('single.check'))

Documentation

• #229 Add monitoring integrations reference documentation for common uptime monitoring vendors
• #230 Improve API reference documentation with comprehensive docstrings and restructured layout

Changelog

Sourced from django-watchman's changelog.

1.5.0 (2026-03-07)

Fixed

• #228 Fix database health check for Oracle — use SELECT 1 FROM DUAL instead of SELECT 1 which Oracle does not support without a FROM clause
• #231 Raise TypeError when WATCHMAN_CHECKS is a string instead of a sequence — prevents confusing ImportError when parentheses are used without a trailing comma (e.g. ('single.check'))

Documentation

• #229 Add monitoring integrations reference documentation for common uptime monitoring vendors
• #230 Improve API reference documentation with comprehensive docstrings and restructured layout

Commits

• 44f3523 Release 1.5.0
• cc46456 Raise TypeError when WATCHMAN_CHECKS is a string instead of a sequence (#231)
• 3029fba Improve API reference documentation (#230)
• 9372a5d Add monitoring integrations reference documentation (#229)
• 183fc51 Fix database health check for Oracle (#228)
• See full diff in compare view

Updates twilio from 9.10.2 to 9.10.5

Release notes

Sourced from twilio's releases.

9.10.5

Release Notes

Twiml

• Add backgroundNoiseReduction, speechTimeout, deepgramSmartFormat, ignoreBackchannel, events attributes to <ConversationRelay>

Api

• Enabled incoming phone numbers(IPN) public apis in stage-ie1

Data-ingress

• 2026-04-09

• Content updates:
• Added parameter(s) to GetDataSync: datasetId

• 2026-04-09

• Minor updates (formatting, metadata)

• 2026-04-06

• Minor updates (formatting, metadata)

• 2026-04-06

• Minor updates (formatting, metadata)

• 2026-04-06

• Minor updates (formatting, metadata)

• 2026-04-06

• Minor updates (formatting, metadata)

• 2026-04-06

• Content updates:
• Added properties to CloudAppSourceUpdate: config
• Added properties to CloudAppDatasetUpdate: schedule
• Added properties to WarehouseSourceUpdate: config
• Added properties to WarehouseDatasetUpdate: schedule

• 2026-04-06

• Content updates:
• Updated description for GetCloudAppPreviewResult
• Updated description for GetWarehousePreviewResult
• Updated description for GetDataSampleResult

• 2026-03-27

• Add schema oneOf back without discriminator

• 2026-03-26

• Minor updates (formatting, metadata)

• 2026-03-26

• Added prod-us1 to supportedRealms for all endpoints

• 2026-03-25

• Minor updates (formatting, metadata)

• 2026-03-24

• Minor updates (formatting, metadata)

• 2026-03-24

• Minor updates (formatting, metadata)

• 2026-03-24

• Minor updates (formatting, metadata)

• 2026-03-24

• Added 10 new path(s):

... (truncated)

Changelog

Sourced from twilio's changelog.

[2026-04-14] Version 9.10.5

Twiml

• Add backgroundNoiseReduction, speechTimeout, deepgramSmartFormat, ignoreBackchannel, events attributes to <ConversationRelay>

Api

• Enabled incoming phone numbers(IPN) public apis in stage-ie1

Data-ingress

• 2026-04-09

• Content updates:
• Added parameter(s) to GetDataSync: datasetId

• 2026-04-09

• Minor updates (formatting, metadata)

• 2026-04-06

• Minor updates (formatting, metadata)

• 2026-04-06

• Minor updates (formatting, metadata)

• 2026-04-06

• Minor updates (formatting, metadata)

• 2026-04-06

• Minor updates (formatting, metadata)

• 2026-04-06

• Content updates:
• Added properties to CloudAppSourceUpdate: config
• Added properties to CloudAppDatasetUpdate: schedule
• Added properties to WarehouseSourceUpdate: config
• Added properties to WarehouseDatasetUpdate: schedule

• 2026-04-06

• Content updates:
• Updated description for GetCloudAppPreviewResult
• Updated description for GetWarehousePreviewResult
• Updated description for GetDataSampleResult

• 2026-03-27

• Add schema oneOf back without discriminator

• 2026-03-26

• Minor updates (formatting, metadata)

• 2026-03-26

• Added prod-us1 to supportedRealms for all endpoints

• 2026-03-25

• Minor updates (formatting, metadata)

• 2026-03-24

• Minor updates (formatting, metadata)

• 2026-03-24

• Minor updates (formatting, metadata)

• 2026-03-24

• Minor updates (formatting, metadata)

• 2026-03-24

• Added 10 new path(s):
• /v1/DataSyncs (ListDataSyncs, TriggerDataSync)

... (truncated)

Commits

• 31d8c94 Release 9.10.5
• 88d9b75 [Librarian] Regenerated @ 40ca64a22aef42a337cb49d1d4e4c4f48ae3b6e4 21ed5806ef...
• a3ea20d Release 9.10.4
• 09318f2 [Librarian] Regenerated @ 6e3b90a45885c596ade6b11ff7100254b15c9403 c02f66cc96...
• 2e9d66f Release 9.10.3
• 7319870 [Librarian] Regenerated @ 6e3b90a45885c596ade6b11ff7100254b15c9403 b84ee26554...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions