build(deps): bump the minor-updates group across 1 directory with 10 updates

[dependabot]

Bumps the minor-updates group with 10 updates in the / directory:

Package	From	To
certifi	2025.6.15	2025.8.3
charset-normalizer	3.4.2	3.4.3
django	5.2.4	5.2.5
django-allauth[mfa]	65.10.0	65.11.0
django-bootstrap5	25.1	25.2
ruff	0.12.3	0.12.9
pre-commit	4.2.0	4.3.0
bandit	1.8.0	1.8.6
mypy	1.11.2	1.17.1
django-stubs[compatible-mypy]	5.1.0	5.2.2

Updates certifi from 2025.6.15 to 2025.8.3

Commits

• a97d9ad 2025.08.03 (#362)
• ddd90c6 2025.07.14 (#359)
• d905221 2025.07.09 (#358)
• See full diff in compare view

Updates charset-normalizer from 3.4.2 to 3.4.3

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.3

3.4.3 (2025-08-09)

Changed

• mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
• automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

• Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
• Support for Python 3.14

Fixed

• sdist archive contained useless directories.
• automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. (#633)

Misc

• SBOM are automatically published to the relevant GitHub release to comply with regulatory changes. Each published wheel comes with its SBOM. We choose CycloneDX as the format.
• Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel.

Changelog

Sourced from charset-normalizer's changelog.

3.4.3 (2025-08-09)

Changed

• mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
• automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

• Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
• Support for Python 3.14

Fixed

• sdist archive contained useless directories.
• automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. (#633)

Misc

• SBOM are automatically published to the relevant GitHub release to comply with regulatory changes. Each published wheel comes with its SBOM. We choose CycloneDX as the format.
• Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel.

Commits

• 46f662d Release 3.4.3 (#638)
• 1a059b2 🔧 skip building on freethreaded as we're not confident it is stable
• 2275e3d 📝 final note in CHANGELOG.md
• c96acdf 📝 update release date on CHANGELOG.md
• 43e5460 📝 update README.md
• f277074 🔧 automatically lower confidence on small bytes str on non Unicode res...
• 15ae241 🐛 automatically fallback on valid UTF-16 or UTF-32 even if the md says it...
• 37397c1 🔧 enable 3.14 in nox test_mypyc session
• cb82537 ⏪ revert license due to compat python 3.7 issue setuptools
• 6a2efeb 🎨 fix linter errors
• Additional commits viewable in compare view

Updates django from 5.2.4 to 5.2.5

Commits

• a3b1107 [5.2.x] Bumped version for 5.2.5 release.
• 0489f54 [5.2.x] Added release date for 5.2.5.
• a9c7d4b [5.2.x] Refs #36485 -- Grouped docs checks under a unified make check target.
• 5ad6d43 [5.2.x] Refs #34140 -- Added dedicated code block formatting section in docs/...
• bdc3f9e [5.2.x] Fixed #36530 -- Extended fields.E347 to check for ManyToManyField inv...
• f01ceae [5.2.x] Fixed #36535 -- Ensured compatibility with docutils 0.19 through 0.22.
• 5ca58ce [5.2.x] Corrected assertNumQueries() example in docs/topics/testing/tools.txt.
• b3bb723 [5.2.x] Fixed #34871, #36518 -- Implemented unresolved lookups expression rep...
• e5ccb69 [5.2.x] Fixed #36198 -- Implemented unresolved transform expression replacement.
• 5aefd00 [5.2.x] Fixed writer_name deprecation warning in docutils 0.22+.
• Additional commits viewable in compare view

Updates django-allauth[mfa] from 65.10.0 to 65.11.0

Commits

• See full diff in compare view

Updates django-bootstrap5 from 25.1 to 25.2

Changelog

Sourced from django-bootstrap5's changelog.

25.2 (2025-07-30)

• Fix help text and error IDs for aria-describedby (#746, thanks @​xi).
• Symlink CHANGELOG.md into docs for Sphinx (#750).
• Drop support for Django 5.0 (EOL) (#751).
• Add support for Django 5.2 (#753).
• Uset setup-uv and uv build (#759).
• Use uv.lock in GitHub Actions (#760).

Commits

• 9fefc3d Release 25.2 (#762)
• eea99e3 Use uv.lock in GitHub Actions (#760)
• 9df9451 Use setup-uv and uv build (#759)
• 915cb07 Create FUNDING.yml
• 133bdad Bump dependabot/fetch-metadata from 2.3.0 to 2.4.0 (#755)
• 3b97f82 Add Django versions to exceptions (#754)
• 06506b5 Add missing version for Django 5.2
• 804d581 Add support for Django 5.2 (#753)
• 342185b Drop support for Django 5.0 (EOL) (#751)
• f2abc1f Symlink CHANGELOG.md into docs for Sphinx (#750)
• Additional commits viewable in compare view

Updates ruff from 0.12.3 to 0.12.9

Release notes

Sourced from ruff's releases.

0.12.9

Release Notes

Preview features

• [airflow] Add check for airflow.secrets.cache.SecretCache (AIR301) (#17707)
• [ruff] Offer a safe fix for multi-digit zeros (RUF064) (#19847)

Bug fixes

• [flake8-blind-except] Fix BLE001 false-positive on raise ... from None (#19755)
• [flake8-comprehensions] Fix false positive for C420 with attribute, subscript, or slice assignment targets (#19513)
• [flake8-simplify] Fix handling of U+001C..U+001F whitespace (SIM905) (#19849)

Rule changes

• [pylint] Use lowercase hex characters to match the formatter (PLE2513) (#19808)

Documentation

• Fix lint.future-annotations link (#19876)

Other changes

• Build riscv64 binaries for release (#19819)
• Add rule code to error description in GitLab output (#19896)

Contributors

• @​AlexWaygood
• @​Gankra
• @​MatthewMckee4
• @​MichaReiser
• @​PrettyWood
• @​RazerM
• @​carljm
• @​danparizher
• @​dcreager
• @​deliro
• @​dhruvmanila
• @​ember91
• @​ffgan
• @​harupy
• @​ibraheemdev
• @​mtshiba
• @​nguu0123
• @​ntBre
• @​oconnor663
• @​prabhusneha
• @​renovate

... (truncated)

Changelog

Sourced from ruff's changelog.

0.12.9

Preview features

• [airflow] Add check for airflow.secrets.cache.SecretCache (AIR301) (#17707)
• [ruff] Offer a safe fix for multi-digit zeros (RUF064) (#19847)

Bug fixes

• [flake8-blind-except] Fix BLE001 false-positive on raise ... from None (#19755)
• [flake8-comprehensions] Fix false positive for C420 with attribute, subscript, or slice assignment targets (#19513)
• [flake8-simplify] Fix handling of U+001C..U+001F whitespace (SIM905) (#19849)

Rule changes

• [pylint] Use lowercase hex characters to match the formatter (PLE2513) (#19808)

Documentation

• Fix lint.future-annotations link (#19876)

Other changes

• Build riscv64 binaries for release (#19819)
• Add rule code to error description in GitLab output (#19896)

0.12.8

Preview features

• [flake8-use-pathlib] Expand PTH201 to check all PurePath subclasses (#19440)

Bug fixes

• [flake8-blind-except] Change BLE001 to correctly parse exception tuples (#19747)
• [flake8-errmsg] Exclude typing.cast from EM101 (#19656)
• [flake8-simplify] Fix raw string handling in SIM905 for embedded quotes (#19591)
• [flake8-import-conventions] Avoid false positives for NFKC-normalized __debug__ import aliases in ICN001 (#19411)
• [isort] Fix syntax error after docstring ending with backslash (I002) (#19505)
• [pylint] Mark PLC0207 fixes as unsafe when *args unpacking is present (#19679)
• [pyupgrade] Prevent infinite loop with I002 (UP010, UP035) (#19413)
• [ruff] Parenthesize generator expressions in f-strings (RUF010) (#19434)

Rule changes

• [eradicate] Don't flag pyrefly pragmas as unused code (ERA001) (#19731)

Documentation

• Replace "associative" with "commutative" in docs for RUF036 (#19706)

... (truncated)

Commits

• ef42246 Bump 0.12.9 (#19917)
• dc2e8ab [ty] support kw_only=True for dataclass() and field() (#19677)
• 9aaa82d Feature/build riscv64 bin (#19819)
• 3288ac2 [ty] Add caching to CodeGeneratorKind::matches() (#19912)
• 1167ed6 [ty] Rename functionArgumentNames to callArgumentNames inlay hint setting...
• 2ee47d8 [ty] Default ty.inlayHints.* server settings to true (#19910)
• d324ced [ty] Remove py-fuzzer skips for seeds that are no longer slow (#19906)
• 5a570c8 [ty] fix deferred name loading in PEP695 generic classes/functions (#19888)
• baadb5a [ty] Add some additional type safety to CycleDetector (#19903)
• df0648a [flake8-blind-except] Fix BLE001 false-positive on raise ... from None ...
• Additional commits viewable in compare view

Updates pre-commit from 4.2.0 to 4.3.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.3.0

Features

• language: docker / language: docker_image: detect rootless docker.
  • #3446 PR by @​matthewhughes934.
  • #1243 issue by @​dkolepp.
• language: julia: avoid startup.jl when executing hooks.
  • #3496 PR by @​ericphanson.
• language: dart: support latest dart versions which require a higher sdk lower bound.
  • #3507 PR by @​bc-lee.

Changelog

Sourced from pre-commit's changelog.

4.3.0 - 2025-08-09

Features

• language: docker / language: docker_image: detect rootless docker.
  • #3446 PR by @​matthewhughes934.
  • #1243 issue by @​dkolepp.
• language: julia: avoid startup.jl when executing hooks.
  • #3496 PR by @​ericphanson.
• language: dart: support latest dart versions which require a higher sdk lower bound.
  • #3507 PR by @​bc-lee.

Commits

• b74a22d v4.3.0
• cc899de Merge pull request #3507 from bc-lee/dart-fix
• 2a0bcea Downgrade Dart SDK version installed in the CI
• f1cc7a4 Make Dart pre-commit hook compatible with the latest Dart SDKs
• 72a3b71 Merge pull request #3504 from pre-commit/pre-commit-ci-update-config
• c8925a4 [pre-commit.ci] pre-commit autoupdate
• a5fe6c5 Merge pull request #3496 from ericphanson/eph/jl-startup
• 6f1f433 Julia language: skip startup.jl file
• c681721 Merge pull request #3499 from pre-commit/pre-commit-ci-update-config
• 4fd4537 [pre-commit.ci] pre-commit autoupdate
• Additional commits viewable in compare view

Updates bandit from 1.8.0 to 1.8.6

Release notes

Sourced from bandit's releases.

1.8.6

What's Changed

• Bump sigstore/cosign-installer from 3.8.2 to 3.9.0 by @​dependabot in PyCQA/bandit#1279
• Bump docker/setup-buildx-action from 3.10.0 to 3.11.1 by @​dependabot in PyCQA/bandit#1278
• added hint to FreeBSD package in doc/source/integrations.rst by @​daniel-mohr in PyCQA/bandit#1282
• Bump sigstore/cosign-installer from 3.9.0 to 3.9.1 by @​dependabot in PyCQA/bandit#1284
• Huggingface revision pinning by @​lukehinds in PyCQA/bandit#1281

New Contributors

• @​daniel-mohr made their first contribution in PyCQA/bandit#1282

Full Changelog: PyCQA/bandit@1.8.5...1.8.6

1.8.5

What's Changed

• Fix the rendering of the CI/CD doc by @​ericwb in PyCQA/bandit#1274
• Fix for publish to PyPI failure by @​ericwb in PyCQA/bandit#1273

Full Changelog: PyCQA/bandit@1.8.4...1.8.5

1.8.4

What's Changed

• Add more random functions to B311 check by @​aripollak in PyCQA/bandit#1235
• Metadata: rename classifier to classifiers by @​ericwb in PyCQA/bandit#1237
• Bump sigstore/cosign-installer from 3.8.0 to 3.8.1 by @​dependabot in PyCQA/bandit#1239
• Bump docker/build-push-action from 6.13.0 to 6.14.0 by @​dependabot in PyCQA/bandit#1238
• Bump docker/build-push-action from 6.14.0 to 6.15.0 by @​dependabot in PyCQA/bandit#1240
• Bump docker/setup-buildx-action from 3.9.0 to 3.10.0 by @​dependabot in PyCQA/bandit#1241
• Bump docker/login-action from 3.3.0 to 3.4.0 by @​dependabot in PyCQA/bandit#1245
• Bump bandit version in bug template by @​ericwb in PyCQA/bandit#1247
• Fix traceback from trojansource plugin by @​ericwb in PyCQA/bandit#1248
• Ensure the man page is built by @​ericwb in PyCQA/bandit#1257
• Update documentation to cover --severity-level and --confidence-level by @​bmos in PyCQA/bandit#1254
• Use license property in lieu of classifier by @​ericwb in PyCQA/bandit#1259
• Fix up some of the warnings when building docs by @​ericwb in PyCQA/bandit#1258
• Add a doc describing various integrations by @​ericwb in PyCQA/bandit#1253
• Use ubuntu latest for readthedocs build by @​ericwb in PyCQA/bandit#1260
• Bump docker/build-push-action from 6.15.0 to 6.16.0 by @​dependabot in PyCQA/bandit#1261
• Bump sigstore/cosign-installer from 3.8.1 to 3.8.2 by @​dependabot in PyCQA/bandit#1262
• Remove etc from list of temp paths by @​ericwb in PyCQA/bandit#1263
• Bump docker/build-push-action from 6.16.0 to 6.17.0 by @​dependabot in PyCQA/bandit#1265
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in PyCQA/bandit#1266
• Bump docker/build-push-action from 6.17.0 to 6.18.0 by @​dependabot in PyCQA/bandit#1268
• add github-actions documentation by @​Killpit in PyCQA/bandit#1172

New Contributors

• @​aripollak made their first contribution in PyCQA/bandit#1235
• @​bmos made their first contribution in PyCQA/bandit#1254
• @​Killpit made their first contribution in PyCQA/bandit#1172

... (truncated)

Commits

• 2d0b675 Huggingface revision pinning (#1281)
• 4cd1337 Bump sigstore/cosign-installer from 3.9.0 to 3.9.1 (#1284)
• ffed1bb added hint to FreeBSD package in doc/source/integrations.rst (#1282)
• 090ba0f Bump docker/setup-buildx-action from 3.10.0 to 3.11.1 (#1278)
• 33c6789 Bump sigstore/cosign-installer from 3.8.2 to 3.9.0 (#1279)
• 23d269a Fix for publish to PyPI failure (#1273)
• e3ff8b5 Fix the rendering of the CI/CD doc (#1274)
• 61d1667 add github-actions documentation (#1172)
• cea2b1c Bump docker/build-push-action from 6.17.0 to 6.18.0 (#1268)
• 2d577a6 [pre-commit.ci] pre-commit autoupdate (#1266)
• Additional commits viewable in compare view

Updates mypy from 1.11.2 to 1.17.1

Changelog

Sourced from mypy's changelog.

Mypy 1.17.1

• Retain None as constraints bottom if no bottoms were provided (Stanislav Terliakov, PR 19485)
• Fix "ignored exception in hasattr" in dmypy (Stanislav Terliakov, PR 19428)
• Prevent a crash when InitVar is redefined with a method in a subclass (Stanislav Terliakov, PR 19453)

Acknowledgements

Thanks to all mypy contributors who contributed to this release:

• Alexey Makridenko
• Brian Schubert
• Chad Dombrova
• Chainfire
• Charlie Denton
• Charulata
• Christoph Tyralla
• CoolCat467
• Donal Burns
• Guy Wilson
• Ivan Levkivskyi
• johnthagen
• Jukka Lehtosalo
• Łukasz Kwieciński
• Marc Mueller
• Michael J. Sullivan
• Mikhail Golubev
• Sebastian Rittau
• Shantanu
• Stanislav Terliakov
• wyattscarpenter

I’d also like to thank my employer, Dropbox, for supporting mypy development.

Mypy 1.16

We’ve just uploaded mypy 1.16 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Different Property Getter and Setter Types

Mypy now supports using different types for a property getter and setter:

class A:
    _value: int
</tr></table> 

... (truncated)

Commits

• acb2983 Bump version to 1.17.1
• 933c913 Retain None as constraints bottom if no bottoms were provided (#19485)
• 5f4428f Fix "ignored exception in hasattr" in dmypy (#19428)
• 88fdeaa Prevent a crash when InitVar is redefined with a method in a subclass (#19453)
• e44d14f Bump version to 1.17.1+dev
• 0260991 Update version string
• 3901aa2 Updates to 1.17 changelog (#19436)
• 7d13396 Initial changelog for 1.17 release (#19427)
• a182dec Combine the revealed types of multiple iteration steps in a more robust manne...
• ab4fd57 Improve the handling of "iteration dependent" errors and notes in finally cla...
• Additional commits viewable in compare view

Updates django-stubs[compatible-mypy] from 5.1.0 to 5.2.2

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions