Update dependency datasette to v0.65.2 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
datasette (source, changelog)	0.64.3 -> 0.65.2

GitHub Vulnerability Alerts

CVE-2025-64481

Impact

Deployed instances of Datasette prior to 0.65.2 and 1.0a21 include an open redirect vulnerability.

Hits to the path //example.com/foo/bar/ (the trailing slash is required) will redirect the user to https://example.com/foo/bar.

Patches

This problem has been patched in both Datasette 0.65.2 and 1.0a21.

Workarounds

If Datasette is running behind a proxy that proxy could be configured to replace // with / in incoming request URLs.

---

Release Notes

simonw/datasette (datasette)

v0.65.2

Compare Source

• Fixes an open redirect security issue: Datasette instances would redirect to example.com/foo/bar if you accessed the path //example.com/foo/bar. Thanks to James Jefferies for the fix. #​2429
• Upgraded for compatibility with Python 3.14.
• Fixed datasette publish cloudrun to work with changes to the underlying Cloud Run architecture. #​2511
• Minor upgrades to fix warnings, including pkg_resources deprecation.

v0.65.1

Compare Source

• Fixed bug with upgraded HTTPX 0.28.0 dependency. #​2443

v0.65

Compare Source

• Upgrade for compatibility with Python 3.13 (by vendoring Pint dependency). (#​2434)
• Dropped support for Python 3.8.

v0.64.8

Compare Source

• Security improvement: 404 pages used to reflect content from the URL path, which could be used to display misleading information to Datasette users. 404 errors no longer display additional information from the URL. (#​2359)
• Backported a better fix for correctly extracting named parameters from canned query SQL against SQLite 3.46.0. (#​2353)

v0.64.7

Compare Source

• Fixed a bug where canned queries with named parameters threw an error when run against SQLite 3.46.0. (#​2353)

v0.64.6

Compare Source

• Fixed a bug where CSV export with expanded labels could fail if a foreign key reference did not correctly resolve. (#​2214)

v0.64.5

Compare Source

• Dropped dependency on click-default-group-wheel, which could cause a dependency conflict. (#​2197)

v0.64.4

Compare Source

• Fix for a crashing bug caused by viewing the table page for a named in-memory database. #​2189

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (6f0077e) to head (0ebb216).

Additional details and impacted files

@@            Coverage Diff            @@
##              main       #88   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            3         3           
  Lines          494       494           
  Branches        63        63           
=========================================
  Hits           494       494           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.