⬆️(dependencies) update python dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
celery (source, changelog)	==5.6.2 → ==5.6.3			project.dependencies	patch
django-lasuite	==0.0.22 → ==0.0.26			project.dependencies	patch
djangorestframework (changelog)	==3.16.1 → ==3.17.1			project.dependencies	minor
dockerflow	==2024.4.2 → ==2026.3.4			project.dependencies	major
drf-spectacular-sidecar	==2026.1.1 → ==2026.4.1			project.optional-dependencies	minor
faker (changelog)	==40.1.0 → ==40.12.0			project.optional-dependencies	minor	40.13.0
gunicorn (changelog)	==23.0.0 → ==25.3.0			project.dependencies	major
ipython	==9.8.0 → ==9.12.0			project.optional-dependencies	minor
langchain-text-splitters (changelog)	==1.1.0 → ==1.1.1			project.dependencies	patch
psycopg (changelog)	==3.3.2 → ==3.3.3			project.dependencies	patch
pyfakefs (changelog)	==6.0.0 → ==6.1.6			project.optional-dependencies	minor	6.2.0
pylint (changelog)	==4.0.4 → ==4.0.5			project.optional-dependencies	patch
pytest-cov (changelog)	==7.0.0 → ==7.1.0			project.optional-dependencies	minor
pytest-django (changelog)	==4.11.1 → ==4.12.0			project.optional-dependencies	minor
python (source)	~=3.12.0 → ~=3.14.3			requires-python	minor	3.14.4
redis (changelog)	==5.3.1 → ==7.4.0			project.dependencies	major
responses (changelog)	==0.25.8 → ==0.26.0			project.optional-dependencies	minor
ruff (source, changelog)	==0.14.10 → ==0.15.9			project.optional-dependencies	minor	0.15.10
sentry-sdk (changelog)	==2.48.0 → ==2.57.0			project.dependencies	minor
types-requests (changelog)	==2.32.4.20250913 → ==2.33.0.20260402			project.optional-dependencies	minor	2.33.0.20260408
whitenoise (changelog)	==6.11.0 → ==6.12.0			project.dependencies	minor

---

Release Notes

celery/celery (celery)

v5.6.3

Compare Source

What's Changed

• Fix Django worker recursion bug + defensive checks for pool_cls.module by @​maycuatroi1 in #​10048
• Docs: Update user_preload_options example to use click. by @​jorsyk in #​10056
• Fix invalid configuration key "bootstrap_servers" in Kafka demo by @​jorsyk in #​10060
• Fix broken images on PyPI page by @​Timour-Ilyas in #​10066
• Remove broken reference. by @​sueannioanis in #​10071
• Removed --dist=loadscope from smoke tests by @​Nusnus in #​10073
• Docs: Clarify task_retry signal args may be None by @​GangEunzzang in #​10076
• Update example for Django by @​sbc-khacnha in #​10081
• Make tests compatible with pymongo >= 4.16 by @​cjwatson in #​10074
• fix: source install of cassandra-driver by @​Izzette in #​10105
• fix: register task cross-reference role in Sphinx extension by @​veeceey in #​10100
• fix: avoid cycle detection in native delayed delivery by @​Izzette in #​10095
• fix(asynpool): avoid AttributeError when proc lacks _sentinel_poll by @​mriddle in #​10086
• fix dusk_astronomical horizon sign (+18 -> -18) by @​Mr-Neutr0n in #​10121
• Fix/10106 onupdate col use lambda func by @​ChickenBenny in #​10108
• Fix warm shutdown RuntimeError with eventlet>=0.37.0 (#​10083) by @​ChickenBenny in #​10123
• Fix 10109 db backend connection health by @​ChickenBenny in #​10124
• Database Backend filter unsupport sql engine arguments with nullpool #​7355 by @​ChickenBenny in #​10134
• fix(beat): correct argument order in Service.reduce by @​bysiber in #​10137
• ci: declare explicit read-only token permissions in workflow jobs by @​Rohan5commit in #​10139
• chore: 'boto3to' to 'boto3 to' by @​cuiweixie in #​10133
• Database Backend: Add missing index on date_done (Fixes #​10097) by @​ChickenBenny in #​10098
• docs: fix typo in CONTRIBUTING.rst by @​Rohan5commit in #​10141
• Refer to Flower / Prometheus for monitoring by @​WilliamDEdwards in #​10140
• docs: remove duplicated words in broker and routing docs by @​Rohan5commit in #​10146
• docs: fix stale version reference and grammar in README by @​kelsonbrito50 in #​10145
• docs: fix wording in Celery 5.3 worker pool notes by @​Rohan5commit in #​10149
• docs: fix duplicated wording in 3.1 changelog entry by @​Rohan5commit in #​10152
• docs: fix changelog typo in context manager wording by @​Rohan5commit in #​10144
• Fix/10096 worker fails to reconnect after redis failover by @​ChickenBenny in #​10151
• Improve on_after_finalize signal documentation by @​Br1an67 in #​10155
• Add non-commutative example to clarify partial arg ordering in canvas docs by @​Br1an67 in #​10157
• Remove redundant test_isa_mapping test (fixes #​10077) by @​daniel7an in #​10103
• Upgrade pytest-celery to >=1.3.0 and adopt PYTEST_CELERY_PKG build arg by @​Nusnus in #​10162
• Remove deprecated args from redis get_connection call by @​JaeHyuckSa in #​10036
• Fix #​6912 rpc backend reconnection error by @​ChickenBenny in #​10179
• Fix NameError with TYPE_CHECKING annotations on Python 3.14+ (PEP 649) by @​drichardson in #​10165
• docs: Add elaboration on prefetch multiplier settings (worker_prefetch_multiplier) and worker_eta_task_limit by @​tsangwailam in #​10181
• Fix O(K²) message bloat in a chain of chords by @​Borzik in #​10171
• Fix mock connection interfaces to prevent TypeError during exception handling by @​ChickenBenny in #​10178
• fix(trace): dispatch chain/callbacks on dedup fast-path for redelivered tasks by @​aurangzaib048 in #​10159
• Extract reconnect_on_error to BaseResultConsumer by @​ChickenBenny in #​10189
• pep 649 by @​ericbuehl in #​10187
• Fix#9722 friendly status errors for CLI by @​ChickenBenny in #​10190
• docs: clarify after_return behavior for retried tasks by @​KianAnbarestani in #​10192
• Add compression header to message protocol docs by @​Br1an67 in #​10156
• docs: fix duplicated word in bootsteps comment by @​Rohan5commit in #​10153
• Remove outdated autoreloader section from extending docs by @​Br1an67 in #​10154
• Fix: prioritize request ignore_result over task definition by @​patri27826 in #​10184
• fix: clear the timer while catch the exception by @​ChickenBenny in #​10218
• Prepare for release: v5.6.3 by @​Nusnus in #​10221

New Contributors

• @​maycuatroi1 made their first contribution in #​10048
• @​jorsyk made their first contribution in #​10056
• @​Timour-Ilyas made their first contribution in #​10066
• @​sueannioanis made their first contribution in #​10071
• @​GangEunzzang made their first contribution in #​10076
• @​sbc-khacnha made their first contribution in #​10081
• @​veeceey made their first contribution in #​10100
• @​mriddle made their first contribution in #​10086
• @​Mr-Neutr0n made their first contribution in #​10121
• @​ChickenBenny made their first contribution in #​10108
• @​bysiber made their first contribution in #​10137
• @​Rohan5commit made their first contribution in #​10139
• @​cuiweixie made their first contribution in #​10133
• @​kelsonbrito50 made their first contribution in #​10145
• @​Br1an67 made their first contribution in #​10155
• @​daniel7an made their first contribution in #​10103
• @​drichardson made their first contribution in #​10165
• @​tsangwailam made their first contribution in #​10181
• @​Borzik made their first contribution in #​10171
• @​aurangzaib048 made their first contribution in #​10159
• @​ericbuehl made their first contribution in #​10187
• @​KianAnbarestani made their first contribution in #​10192
• @​patri27826 made their first contribution in #​10184

Full Changelog: celery/celery@v5.6.2...v5.6.3

suitenumerique/django-lasuite (django-lasuite)

v0.0.26

Compare Source

Changed

• ✨(oidc) allow login_hint param #​69

Fixed

• 🐛(oidc) make iss claim optional in introspection response validation

v0.0.25

Compare Source

Added

• 💄(admin) allow admin header color customization
• 🍱(core) vendor mime.types file i/o fetching from Apache

v0.0.24

Compare Source

Changed

• 🚸(oidc) ignore case when fallback on email #​61
• 🔊(oidc) improve logging for improperly configured authorization clients #​66

Fixed

• 🐛(oidc) use correct session key for token expiration check #​56
• 📝(oidc) fix misleading docstring in AuthorizationServerClient #​66
• 📝(oidc) document required oidc_op_url for resource server configuration #​66

v0.0.23

Compare Source

• ⬆️(oidc) allow use mozilla-django-oidc >5.0.0 with PyJWT
• ♻️(malware) reuse existing file_hash when rescheduling a task

encode/django-rest-framework (djangorestframework)

v3.17.1

Compare Source

What's Changed

Bug fixes

• Fix HTMLFormRenderer with empty datetime values by @​p-r-a-v-i-n in #​9928

Full Changelog: encode/django-rest-framework@3.17.0...3.17.1

v3.17.0

Compare Source

What's Changed

Breaking changes

• Drop support for Python 3.9 by @​auvipy in #​9781
• Drop deprecated coreapi support by @​browniebroke in #​9895

Features

• Add ability to specify output format for DurationField by @​sevdog in #​8532
• Add missing decorators: @versioning_class(), @content_negotiation_class(), @metadata_class() for function-based views by @​qqii in #​9719
• Add support for Python 3.14 by @​cclauss in #​9780
• Support violation_error_code and violation_error_message from UniqueConstraint in UniqueTogetherValidator by @​s-aleshin in #​9766
• Add support for ipaddress objects in JSONEncoder by @​corenting in #​9087
• Add optional support to serialize BigInteger to string by @​HoodyH in #​9775
• Add Django 6.0 support by @​MehrazRumman in #​9819

Bug fixes

• Prevent small risk of Token overwrite by @​mahdirahimi1999 in #​9754
• Fix UniqueTogetherValidator validation when condition references a read-only field by @​ticosax in #​9764
• Fix validation on many to many field when default=None by @​Genarito in #​9790
• Fix invalid SPDX license expression in __init__.py by @​TheFunctionalGuy in #​9799
• Fix HTMLFormRenderer to ensure a valid datetime-local format by @​mgaligniana in #​9365
• Fix mutable default arguments in OrderingFilter methods by @​killerdevildog in #​9742
• Update TokenAdmin to respect USERNAME_FIELD of the user model by @​m000 in #​9836
• Preserve ordering in MultipleChoiceField by @​fbozhang in #​9735

Translations

• Update French translation by @​SebCorbin in #​9770
• Update Brazilian Portuguese translations by @​JVPinheiroReis in #​9828
• Fix and improve French translations by @​deronnax in #​9896
• Add missing Russian translation by @​minorytanaka in #​9903

Packaging

• Migrate packaging to pyproject.toml by @​deronnax in #​9056
• Move package data rules from MANIFEST.in to pyproject.toml by @​p-r-a-v-i-n in #​9825
• Set up release workflow with trusted publisher by @​browniebroke in #​9852

Other changes

• Refactor token generation to use the secrets module by @​mahdirahimi1999 in #​9760
• Add validation for decorator out-of-order with @api_view by @​kernelshard in #​9821
• Switch to mkdocs material theme for documentation by @​browniebroke in #​9849

New Contributors

• @​khaledsukkar2 made their first contribution in #​9717
• @​qqii made their first contribution in #​9719
• @​zankoAn made their first contribution in #​9788
• @​uche-wealth made their first contribution in #​9795
• @​s-aleshin made their first contribution in #​9766
• @​Infamous003 made their first contribution in #​9794
• @​Genarito made their first contribution in #​9790
• @​TheFunctionalGuy made their first contribution in #​9799
• @​mahdighadiriii made their first contribution in #​9800
• @​p-r-a-v-i-n made their first contribution in #​9801
• @​itssimon made their first contribution in #​9718
• @​huynguyengl99 made their first contribution in #​9785
• @​corenting made their first contribution in #​9087
• @​killerdevildog made their first contribution in #​9742
• @​dayandavid made their first contribution in #​9820
• @​abhishektiwari made their first contribution in #​9826
• @​HoodyH made their first contribution in #​9775
• @​Shrikantgiri25 made their first contribution in #​9808
• @​JVPinheiroReis made their first contribution in #​9828
• @​m000 made their first contribution in #​9836
• @​Nabute made their first contribution in #​9767
• @​therealjozber made their first contribution in #​9845
• @​nexapytech made their first contribution in #​9867
• @​RispaJoseph made their first contribution in #​9874
• @​LorenzoGuideri made their first contribution in #​9875
• @​maldoinc made their first contribution in #​9893
• @​0Nafi0 made their first contribution in #​9861
• @​MoeSalah1999 made their first contribution in #​9870
• @​kelsonbrito50 made their first contribution in #​9901
• @​fbozhang made their first contribution in #​9735
• @​minorytanaka made their first contribution in #​9903
• @​kosbemrunal made their first contribution in #​9904
• @​htvictoire made their first contribution in #​9916

Full Changelog: encode/django-rest-framework@3.16.1...3.17.0

mozilla-services/python-dockerflow (dockerflow)

v2026.3.4

Compare Source

v2026.1.26

Compare Source

tfranzel/drf-spectacular-sidecar (drf-spectacular-sidecar)

v2026.4.1

Compare Source

v2026.3.1

Compare Source

joke2k/faker (faker)

v40.12.0

Compare Source

• Add address providers for ar_DZ and fr_DZ locales (#​2341). Thanks @​othmane099.

v40.11.1

Compare Source

• Fix: rebind deepcopy proxies to copied Faker instances. Thanks @​SunS1eep1ng.

v40.11.0

Compare Source

• Add major Swiss banks to de_CH bank provider. Thanks @​raphael-s.

v40.10.0

Compare Source

• Fix: mixed-gender names in es_MX locale. Thanks @​rodrigobnogueira.

v40.9.0

Compare Source

• Fix pt_PT postalcode format in address provider. Thanks @​filipemattar.

v40.8.1

Compare Source

• Fix mutable default providers. Thanks @​Dhi13man.

v40.8.0

Compare Source

• Add free email domains to hu_HU locale. Thanks @​majorzoltan80.

v40.7.0

Compare Source

• Improve Polish address grammar: categorize street types and prefixes. Thanks @​Francooo2221.

v40.6.0

Compare Source

• Add country names to he_IL locale. Thanks @​Moo64c.

v40.5.1

Compare Source

• Fix _get_local_timezone() missing return statement. Thanks @​bysiber.

v40.5.0

Compare Source

• Add missing formats and remove duplicates in user_name_formats. Thanks @​WannaFight.

v40.4.0

Compare Source

• Add passport and cie for it_IT. Thanks @​ElektroDuck.

v40.3.0

Compare Source

• Add major Greek banks to el_GR bank provider. Thanks @​bon12-gr.

v40.2.0

Compare Source

• Update internet pt_bR provider (domains, tlds, slugify). Thanks @​MorganaSilva.

v40.1.3

Compare Source

• fix pyfloat TypeError when combining positive=True with max_value. Thanks @​odrigobnogueira.

v40.1.2

Compare Source

• Make tzdata conditionally required based on platform. Thanks @​rodrigobnogueira.

v40.1.1

Compare Source

• Fix grouping for -i CLI parameter. Thanks @​crd.

benoitc/gunicorn (gunicorn)

v25.3.0: Gunicorn 25.3.0

Compare Source

Bug Fixes

• HTTP/2 ASGI Body Duplication: Fix request body being received twice in HTTP/2
  ASGI requests, causing JSON parsing errors with "Extra data" messages
  (#​3558)

• ASGI Chunked EOF Handling: Add finish() method to callback parser to handle
  chunked encoding edge case where connection closes before final CRLF after zero-chunk

• HTTP/2 Documentation: Fix http_protocols examples to use comma-separated string
  instead of list syntax (#​3561)

• Chunked Encoding: Reject chunk extensions containing bare CR bytes per RFC 9112
  (#​3556)

• Request Line Limit: Fix --limit-request-line 0 to mean unlimited as documented,
  instead of using default maximum. Works with both Python and fast C parser.
  (#​3563)

Security

• ASGI Parser Header Validation: Add security checks per RFC 9110/9112:
  • Reject duplicate Content-Length headers
  • Reject requests with both Content-Length and Transfer-Encoding
  • Reject chunked transfer encoding in HTTP/1.0
  • Reject stacked chunked encoding
  • Validate Transfer-Encoding values
  • Strict chunk size validation

Changes

• Fast HTTP Parser: Update to gunicorn_h1c >= 0.6.3 for asgi_headers property
  and InvalidChunkExtension validation for bare CR rejection

• ASGI PROXY Protocol: Add PROXY protocol v1/v2 support to callback parser

• Docker Images: Update to Python 3.14

v25.2.0: Gunicorn 25.2.0

Compare Source

New Features

• Fast HTTP Parser (gunicorn_h1c 0.4.1): Integrate new exception types and limit parameters from gunicorn_h1c 0.4.1 for both WSGI and ASGI workers
  • Requires gunicorn_h1c >= 0.4.1 for http_parser='fast'
  • Falls back to Python parser in auto mode if version not met
  • Proper HTTP status codes for limit errors (414, 431)

Bug Fixes

• uWSGI Async Workers: Fix InvalidUWSGIHeader: incomplete header error when using gevent or gthread workers with uwsgi protocol behind nginx. (#​3552, PR #​3554)

• FileWrapper Iterator Protocol: Add __iter__ and __next__ methods to FileWrapper for full PEP 3333 compliance. (#​3396, PR #​3550)

Performance

• ASGI HTTP Parser Optimizations: Improve ASGI worker HTTP parsing performance
  • Callback-based parsing with direct bytearray buffer operations
  • Use bytearray.find() directly instead of converting to bytes first
  • Use index-based iteration for header parsing instead of list.pop(0) (O(1) vs O(n))

v25.1.0: Gunicorn 25.1.0

Compare Source

New Features

• Control Interface (gunicornc): Add interactive control interface for managing
  running Gunicorn instances, similar to birdc for BIRD routing daemon
  (PR #​3505)

  • Unix socket-based communication with JSON protocol
  • Interactive mode with readline support and command history
  • Commands: show all/workers/dirty/config/stats/listeners
  • Worker management: worker add/remove/kill, dirty add/remove
  • Server control: reload, reopen, shutdown
  • New settings: --control-socket, --control-socket-mode, --no-control-socket
  • New CLI tool: gunicornc for connecting to control socket
  • See Control Interface Guide for details

• Dirty Stash: Add global shared state between workers via dirty.stash
  (PR #​3503)

  • In-memory key-value store accessible by all workers
  • Supports get, set, delete, clear, keys, and has operations
  • Useful for sharing state like feature flags, rate limits, or cached data

• Dirty Binary Protocol: Implement efficient binary protocol for dirty arbiter IPC
  using TLV (Type-Length-Value) encoding
  (PR #​3500)

  • More efficient than JSON for binary data
  • Supports all Python types: str, bytes, int, float, bool, None, list, dict
  • Better performance for large payloads

• Dirty TTIN/TTOU Signals: Add dynamic worker scaling for dirty arbiters
  (PR #​3504)

  • Send SIGTTIN to increase dirty workers
  • Send SIGTTOU to decrease dirty workers
  • Respects minimum worker constraints from app configurations

Changes

• ASGI Worker: Promoted from beta to stable
• Dirty Arbiters: Now marked as beta feature

Documentation

• Fix Markdown formatting in /configure documentation

v25.0.3

Compare Source

What's Changed

Bug Fixes

• Fix RuntimeError when StopIteration raised in ASGI coroutine (#​3484)
• Fix passing maxsplit in re.split() as positional argument (deprecated in Python 3.13)

Documentation

• Updated sponsorship section and homepage

Full Changelog: benoitc/gunicorn@25.0.2...25.0.3

v25.0.2: Release 25.0.2

Compare Source

Bug Fixes

• Fix ASGI concurrent request failures through nginx proxy by normalizing
  sockaddr tuples to handle both 2-tuple (IPv4) and 4-tuple (IPv6) formats
  (PR #​3485)

• Fix graceful disconnect handling for ASGI worker to properly handle
  client disconnects without raising exceptions
  (PR #​3485)

• Fix lazy import of dirty module for gevent compatibility - prevents
  import errors when concurrent.futures is imported before gevent monkey-patching
  (PR #​3483)

Changes

• Refactor: Extract _normalize_sockaddr utility function for consistent
  socket address handling across workers

• Add license headers to all Python source files

• Update copyright year to 2026 in LICENSE and NOTICE files

v25.0.1

Compare Source

Bug Fixes

• Fix ASGI streaming responses (SSE) hanging: add chunked transfer encoding for
  HTTP/1.1 responses without Content-Length header. Without chunked encoding,
  clients wait for connection close to determine end-of-response.

Changes

• Update celery_alternative example to use FastAPI with native ASGI worker and
  uvloop for async task execution

Testing

• Add ASGI compliance test suite with Docker-based integration tests covering HTTP,
  WebSocket, streaming, lifespan, framework integration (Starlette, FastAPI),
  HTTP/2, and concurrency scenarios

v25.0.0: Gunicorn 25.0.0

Compare Source

New Features

• Dirty Arbiters: Separate process pool for executing long-running, blocking
  operations (AI model loading, heavy computation) without blocking HTTP workers
  (PR #​3460)

  • Inspired by Erlang's dirty schedulers
  • Asyncio-based with Unix socket IPC
  • Stateful workers that persist loaded resources
  • New settings: --dirty-app, --dirty-workers, --dirty-timeout,
    --dirty-threads, --dirty-graceful-timeout
  • Lifecycle hooks: on_dirty_starting, dirty_post_fork,
    dirty_worker_init, dirty_worker_exit

• Per-App Worker Allocation for Dirty Arbiters: Control how many dirty workers
  load each app for memory optimization with heavy models
  (PR #​3473)

  • Set workers class attribute on DirtyApp (e.g., workers = 2)
  • Or use config format module:class:N (e.g., myapp:HeavyModel:2)
  • Requests automatically routed to workers with the target app
  • New exception DirtyNoWorkersAvailableError for graceful error handling
  • Example: 8 workers × 10GB model = 80GB → with workers=2: 20GB (75% savings)

• HTTP/2 Support (Beta): Native HTTP/2 (RFC 7540) support for improved performance
  with modern clients (PR #​3468)

  • Multiplexed streams over a single connection
  • Header compression (HPACK)
  • Flow control and stream prioritization
  • Works with gthread, gevent, and ASGI workers
  • New settings: --http-protocols, --http2-max-concurrent-streams,
    --http2-initial-window-size, --http2-max-frame-size, --http2-max-header-list-size
  • Requires SSL/TLS and h2 library: pip install gunicorn[http2]
  • New example: examples/http2_gevent/ with Docker and tests

• HTTP 103 Early Hints: Support for RFC 8297 Early Hints to enable browsers to
  preload resources before the final response
  (PR #​3468)

  • WSGI: environ['wsgi.early_hints'](headers) callback
  • ASGI: http.response.informational message type
  • Works with both HTTP/1.1 and HTTP/2

• uWSGI Protocol for ASGI Worker: The ASGI worker now supports receiving requests
  via the uWSGI binary protocol from nginx
  (PR #​3467)

Bug Fixes

• Fix HTTP/2 ALPN negotiation for gevent and eventlet workers when
  do_handshake_on_connect is False (the default). The TLS handshake is now
  explicitly performed before checking selected_alpn_protocol().

• Fix setproctitle initialization with systemd socket activation
  (#​3465)

• Fix Expect: 100-continue handling: ignore the header for HTTP/1.0 requests
  since 100-continue is only valid for HTTP/1.1+
  (PR #​3463)

• Fix missing _expected_100_continue attribute in UWSGIRequest

• Disable setproctitle on macOS to prevent segfaults during process title updates

• Publish full exception traceback when the application fails to load
  (#​3462)

• Fix ASGI: quick shutdown on SIGINT/SIGQUIT, graceful on SIGTERM

Deprecations

• Eventlet Worker: The eventlet worker is deprecated and will be removed in
  Gunicorn 26.0. Eventlet itself is no longer actively maintained.
  Please migrate to gevent, gthread, or another supported worker type.

Changes

• Remove obsolete Makefile targets
  (PR #​3471)
• Replace RST with markdown documentation format

v24.1.1

Compare Source

Bug Fixes

• Fix forwarded_allow_ips and proxy_allow_ips to remain as strings for backward
  compatibility with external tools like uvicorn. Network validation now uses strict
  mode to detect invalid CIDR notation (e.g., 192.168.1.1/24 where host bits are set)
  (#​3458,
  PR #​3459)

---

Full Changelog: <https://githu

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "before 7am on monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: src/backend/uv.lock

Command failed: uv lock --upgrade-package celery --upgrade-package django-lasuite --upgrade-package djangorestframework --upgrade-package dockerflow --upgrade-package drf-spectacular-sidecar --upgrade-package faker --upgrade-package gunicorn --upgrade-package ipython --upgrade-package langchain-text-splitters --upgrade-package psycopg --upgrade-package pyfakefs --upgrade-package pylint --upgrade-package pytest-cov --upgrade-package pytest-django --upgrade-package python --upgrade-package redis --upgrade-package responses --upgrade-package ruff --upgrade-package sentry-sdk --upgrade-package types-requests --upgrade-package whitenoise
Using CPython 3.14.4 interpreter at: /opt/containerbase/tools/python/3.14.4/bin/python3
warning: Resolving despite existing lockfile due to fork markers being disjoint with `requires-python`: `python_full_version == '3.12.*'` vs `python_full_version >= '3.14.3' and python_full_version < '3.15'`
  × No solution found when resolving dependencies:
  ╰─▶ Because kombu[redis]>=5.6.0 depends on one of:
          redis>=4.5.2,<4.5.5
          redis>4.5.5,<5.0.2
          redis>5.0.2,<6.5
      and one of:
          redis>=4.5.2,<4.5.5
          redis>4.5.5,<5.0.2
          redis>5.0.2,<6.5
      we can conclude that kombu[redis]>=5.6.0,<=5.6.1 depends on one of:
          redis>=4.5.2,<4.5.5
          redis>4.5.5,<5.0.2
          redis>5.0.2,<6.5

      And because kombu[redis]>=5.0.0,<=5.0.1 was yanked (reason: Does not
      upgrade to amqp>5.0) and only the following versions of kombu[redis]
      are available:
          kombu[redis]==0.1.0
          kombu[redis]==0.2.0
          kombu[redis]==0.9.0
          kombu[redis]==0.9.1
          kombu[redis]==0.9.2
          kombu[redis]==0.9.4
          kombu[redis]==0.9.5
          kombu[redis]==0.9.6
          kombu[redis]==0.9.7
          kombu[redis]==1.0.0
          kombu[redis]==1.0.1
          kombu[redis]==1.0.2
          kombu[redis]==1.0.3
          kombu[redis]==1.0.4
          kombu[redis]==1.0.5
          kombu[redis]==1.0.6
          kombu[redis]==1.0.7
          kombu[redis]==1.1.0
          kombu[redis]==1.1.1
          kombu[redis]==1.1.2
          kombu[redis]==1.1.3
          kombu[redis]==1.1.4
          kombu[redis]==1.1.5
          kombu[redis]==1.1.6
          kombu[redis]==1.2.0
          kombu[redis]==1.2.1
          kombu[redis]==1.3.0
          kombu[redis]==1.3.1
          kombu[redis]==1.3.2
          kombu[redis]==1.3.3
          kombu[redis]==1.3.4
          kombu[redis]==1.3.5
          kombu[redis]==1.4.0
          kombu[redis]==1.4.1
          kombu[redis]==1.4.2
          kombu[redis]==1.4.3
          kombu[redis]==1.5.0
          kombu[redis]==1.5.1
          kombu[redis]==2.0.0
          kombu[redis]==2.1.0
          kombu[redis]==2.1.1
          kombu[redis]==2.1.2
          kombu[redis]==2.1.3
          kombu[redis]==2.1.4
          kombu[redis]==2.1.5
          kombu[redis]==2.1.6
          kombu[redis]==2.1.7
          kombu[redis]==2.1.8
          kombu[redis]==2.2.0
          kombu[redis]==2.2.1
          kombu[redis]==2.2.2
          kombu[redis]==2.2.3
          kombu[redis]==2.2.4
          kombu[redis]==2.2.5
          kombu[redis]==2.2.6
          kombu[redis]==2.3.0
          kombu[redis]==2.3.1
          kombu[redis]==2.3.2
          kombu[redis]==2.4.0
          kombu[redis]==2.4.1
          kombu[redis]==2.4.2
          kombu[redis]==2.4.3
          kombu[redis]==2.4.4
          kombu[redis]==2.4.5
          kombu[redis]==2.4.6
          kombu[redis]==2.4.7
          kombu[redis]==2.4.8
          kombu[redis]==2.4.9
          kombu[redis]==2.4.10
          kombu[redis]==2.5.0
          kombu[redis]==2.5.1
          kombu[redis]==2.5.2
          kombu[redis]==2.5.3
          kombu[redis]==2.5.4
          kombu[redis]==2.5.5
          kombu[redis]==2.5.6
          kombu[redis]==2.5.7
          kombu[redis]==2.5.8
          kombu[redis]==2.5.9
          kombu[redis]==2.5.10
          kombu[redis]==2.5.11
          kombu[redis]==2.5.12
          kombu[redis]==2.5.13
          kombu[redis]==2.5.14
          kombu[redis]==2.5.15
          kombu[redis]==2.5.16
          kombu[redis]==3.0.0
          kombu[redis]==3.0.1
          kombu[redis]==3.0.2
          kombu[redis]==3.0.3
          kombu[redis]==3.0.4
          kombu[redis]==3.0.5
          kombu[redis]==3.0.6
          kombu[redis]==3.0.7
          kombu[redis]==3.0.8
          kombu[redis]==3.0.9
          kombu[redis]==3.0.10
          kombu[redis]==3.0.11
          kombu[redis]==3.0.12
          kombu[redis]==3.0.13
          kombu[redis]==3.0.14
          kombu[redis]==3.0.15
          kombu[redis]==3.0.16
          kombu[redis]==3.0.17
          kombu[redis]==3.0.18
          kombu[redis]==3.0.19
          kombu[redis]==3.0.20
          kombu[redis]==3.0.21
          kombu[redis]==3.0.22
          kombu[redis]==3.0.23
          kombu[redis]==3.0.24
          kombu[redis]==3.0.25
          kombu[redis]==3.0.26
          kombu[redis]==3.0.27
          kombu[redis]==3.0.28
          kombu[redis]==3.0.29
          kombu[redis]==3.0.30
          kombu[redis]==3.0.31
          kombu[redis]==3.0.32
          kombu[redis]==3.0.33
          kombu[redis]==3.0.34
          kombu[redis]==3.0.35
          kombu[redis]==3.0.36
          kombu[redis]==3.0.37
          kombu[redis]==4.0.0
          kombu[redis]==4.0.1
          kombu[redis]==4.0.2
          kombu[redis]==4.1.0
          kombu[redis]==4.2.0
          kombu[redis]==4.2.1
          kombu[redis]==4.2.2.post1
          kombu[redis]==4.3.0
          kombu[redis]==4.4.0
          kombu[redis]==4.5.0
          kombu[redis]==4.6.0
          kombu[redis]==4.6.1
          kombu[redis]==4.6.2
          kombu[redis]==4.6.3
          kombu[redis]==4.6.4
          kombu[redis]==4.6.5
          kombu[redis]==4.6.6
          kombu[redis]==4.6.7
          kombu[redis]==4.6.8
          kombu[redis]==4.6.9
          kombu[redis]==4.6.10
          kombu[redis]==4.6.11
          kombu[redis]==5.0.0
          kombu[redis]==5.0.1
          kombu[redis]==5.0.2
          kombu[redis]==5.1.0
          kombu[redis]==5.2.0
          kombu[redis]==5.2.1
          kombu[redis]==5.2.2
          kombu[redis]==5.2.3
          kombu[redis]==5.2.4
          kombu[redis]==5.3.0
          kombu[redis]==5.3.1
          kombu[redis]==5.3.2
          kombu[redis]==5.3.3
          kombu[redis]==5.3.4
          kombu[redis]==5.3.5
          kombu[redis]==5.3.6
          kombu[redis]==5.3.7
          kombu[redis]==5.4.0
          kombu[redis]==5.4.1
          kombu[redis]==5.4.2
          kombu[redis]==5.5.0
          kombu[redis]==5.5.1
          kombu[redis]==5.5.2
          kombu[redis]==5.5.3
          kombu[redis]==5.5.4
          kombu[redis]==5.6.0
          kombu[redis]==5.6.1
          kombu[redis]==5.6.2
      we can conclude that all of:
          kombu[redis]>4.6.11,<5.0.2
          kombu[redis]>5.5.4,<5.6.2
      depend on one of:
          redis>=4.5.2,<4.5.5
          redis>4.5.5,<5.0.2
          redis>5.0.2,<6.5

      And because kombu[redis]==5.6.2 depends on one of:
          redis>=4.5.2,<4.5.5
          redis>4.5.5,<5.0.2
          redis>5.0.2,<6.5
      and celery[redis]==5.6.3 depends on kombu[redis], we can conclude that
      celery[redis]==5.6.3, all of:
          kombu>4.6.11,<5.0.2
          kombu>5.5.4
      , all of:
          redis<4.5.2
          redis==4.5.5
          redis==5.0.2
          redis>=6.5
       are incompatible.
      And because celery==5.6.3 depends on kombu>=5.6.0 and your project
      depends on celery[redis]==5.6.3, we can conclude that your project
      depends on one of:
          redis>=4.5.2,<4.5.5
          redis>4.5.5,<5.0.2
          redis>5.0.2,<6.5

      And because your project depends on redis==7.4.0 and your project
      requires find[dev], we can conclude that your project's requirements
      are unsatisfiable.

      hint: Pre-releases are available for `kombu` in the requested
      range (e.g., 5.6.0rc2), but pre-releases weren't enabled (try:
      `--prerelease=allow`)