⬆️(dependencies) update python dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
bandit (source, changelog)	==1.7.5 -> ==1.8.3
black (changelog)	==23.9.1 -> ==25.1.0
cssselect	==1.2.0 -> ==1.3.0
django-configurations (source)	==2.4.1 -> ==2.5.1
django-cors-headers (changelog)	==4.2.0 -> ==4.7.0
dockerflow	==2022.8.0 -> ==2024.4.2
factory-boy	==3.3.0 -> ==3.3.3
flake8 (changelog)	==6.1.0 -> ==7.2.0
gunicorn (changelog)	==21.2.0 -> ==23.0.0
ipython	==8.15.0 -> ==9.2.0
isort (changelog)	==5.12.0 -> ==6.0.1
lxml (source, changelog)	==4.9.3 -> ==5.4.0
msgpack (changelog)	==1.0.7 -> ==1.1.0
mysqlclient	==2.2.0 -> ==2.2.7
psycopg2-binary (source, changelog)	==2.9.8 -> ==2.9.10
pylint (changelog)	==2.17.6 -> ==3.3.7
pylint-django	==2.5.3 -> ==2.6.1
pytest (changelog)	==7.4.2 -> ==8.3.5
pytest-cov (changelog)	==4.1.0 -> ==6.1.1
pytest-django (changelog)	==4.5.2 -> ==4.11.1
pytz	==2023.3.post1 -> ==2025.2
responses (changelog)	==0.23.3 -> ==0.25.7
sentry-sdk (changelog)	==1.31.0 -> ==2.28.0
time-machine (changelog)	==2.13.0 -> ==2.16.0
twine	==4.0.2 -> ==6.1.0

---

Release Notes

PyCQA/bandit (bandit)

v1.8.3

Compare Source

What's Changed

• Bump docker/build-push-action from 6.10.0 to 6.11.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1220
• Bump docker/build-push-action from 6.11.0 to 6.12.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1221
• Bump docker/build-push-action from 6.12.0 to 6.13.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1222
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/PyCQA/bandit/pull/1229
• Update bug template to include latest released versions by @​ericwb in https://github.com/PyCQA/bandit/pull/1218
• Add markupsafe.Markup XSS plugin by @​Daverball in https://github.com/PyCQA/bandit/pull/1225
• Warn not error on an nonexistant test given by @​ericwb in https://github.com/PyCQA/bandit/pull/1230
• Bump sigstore/cosign-installer from 3.7.0 to 3.8.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1233
• Bump docker/setup-buildx-action from 3.8.0 to 3.9.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1234
• B107: Skip None values in hardcoded password detection by @​lukehinds in https://github.com/PyCQA/bandit/pull/1232
• Pytorch fix by @​lukehinds in https://github.com/PyCQA/bandit/pull/1231

New Contributors

• @​Daverball made their first contribution in https://github.com/PyCQA/bandit/pull/1225

Full Changelog: PyCQA/bandit@1.8.2...1.8.3

v1.8.2

Compare Source

What's Changed

• Revert "Start testing with 3.14 alphas" by @​ericwb in https://github.com/PyCQA/bandit/pull/1217

Full Changelog: PyCQA/bandit@1.8.1...1.8.2

v1.8.1

Compare Source

What's Changed

• Bump docker/build-push-action from 6.9.0 to 6.10.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1209
• Update the bug template with latest bandit version by @​ericwb in https://github.com/PyCQA/bandit/pull/1208
• Add Mercedes-Benz to sponsor list by @​ericwb in https://github.com/PyCQA/bandit/pull/1210
• Bump docker/setup-buildx-action from 3.7.1 to 3.8.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1211
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/PyCQA/bandit/pull/1213
• Start testing with 3.14 alphas by @​ericwb in https://github.com/PyCQA/bandit/pull/1189
• Remove lxml (B320 & B410) from blacklist by @​djbrown in https://github.com/PyCQA/bandit/pull/1212
• Clarify "getting started" docs by @​Flimm in https://github.com/PyCQA/bandit/pull/963

New Contributors

• @​djbrown made their first contribution in https://github.com/PyCQA/bandit/pull/1212
• @​Flimm made their first contribution in https://github.com/PyCQA/bandit/pull/963

Full Changelog: PyCQA/bandit@1.8.0...1.8.1

v1.8.0

Compare Source

What's Changed

• Bump docker/build-push-action from 6.7.0 to 6.9.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1178
• Rename doc file to match proper bandit ID by @​ericwb in https://github.com/PyCQA/bandit/pull/1183
• Removal of Python 3.8 support by @​ericwb in https://github.com/PyCQA/bandit/pull/1174
• Add more insecure cryptography cipher algorithms by @​ericwb in https://github.com/PyCQA/bandit/pull/1185
• Bump docker/setup-buildx-action from 3.6.1 to 3.7.1 by @​dependabot in https://github.com/PyCQA/bandit/pull/1186
• Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1187
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/PyCQA/bandit/pull/1162
• No need to check httpx client without timeout defined by @​ericwb in https://github.com/PyCQA/bandit/pull/1177
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/PyCQA/bandit/pull/1191
• Mark Python 3.13 as officially supported by @​ericwb in https://github.com/PyCQA/bandit/pull/1192
• Update project urls with added links by @​ericwb in https://github.com/PyCQA/bandit/pull/1193
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/PyCQA/bandit/pull/1196
• Add a JSON to seek funding from the FLOSS/fund by @​ericwb in https://github.com/PyCQA/bandit/pull/1194
• Remove Sentry as a sponsor by @​ericwb in https://github.com/PyCQA/bandit/pull/1198
• Remove more leftover OpenStack references by @​ericwb in https://github.com/PyCQA/bandit/pull/1195

Full Changelog: PyCQA/bandit@1.7.10...1.8.0

v1.7.10

Compare Source

What's Changed

• Bump docker/build-push-action from 5.4.0 to 6.0.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1147
• Suggested small refactors in assignments by @​ericwb in https://github.com/PyCQA/bandit/pull/1150
• Performance improvement in blacklist function by @​ericwb in https://github.com/PyCQA/bandit/pull/1148
• Add test for usage of FTP_TLS by @​ericwb in https://github.com/PyCQA/bandit/pull/1149
• New check: B113: TrojanSource - Bidirectional control characters by @​Lucas-C in https://github.com/PyCQA/bandit/pull/757
• Bump docker/build-push-action from 6.0.0 to 6.1.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1152
• feat(plugins): add support for httpx in B113 by @​mkniewallner in https://github.com/PyCQA/bandit/pull/1060
• Nit: remove unused variable by @​ericwb in https://github.com/PyCQA/bandit/pull/1153
• Add recent releases to version choice in bug report by @​ericwb in https://github.com/PyCQA/bandit/pull/1151
• Bump docker/build-push-action from 6.1.0 to 6.2.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1155
• Bump docker/build-push-action from 6.2.0 to 6.3.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1157
• Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1156
• Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1158
• Bump docker/login-action from 3.2.0 to 3.3.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1159
• Bump docker/build-push-action from 6.3.0 to 6.5.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1160
• Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 by @​dependabot in https://github.com/PyCQA/bandit/pull/1163
• Bump docker/build-push-action from 6.5.0 to 6.6.1 by @​dependabot in https://github.com/PyCQA/bandit/pull/1166
• Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1165
• Bump docker/build-push-action from 6.6.1 to 6.7.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1168
• Use consistent file naming of docs by @​ericwb in https://github.com/PyCQA/bandit/pull/1170
• Pytorch Load / Save Plugin by @​lukehinds in https://github.com/PyCQA/bandit/pull/1114

New Contributors

• @​Lucas-C made their first contribution in https://github.com/PyCQA/bandit/pull/757

Full Changelog: PyCQA/bandit@1.7.9...1.7.10

v1.7.9

Compare Source

What's Changed

• Bump docker/build-push-action from 5.1.0 to 5.2.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1117
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/PyCQA/bandit/pull/1119
• New logo for Bandit based on raccoon by @​ericwb in https://github.com/PyCQA/bandit/pull/1121
• Start testing on Python 3.13 by @​ericwb in https://github.com/PyCQA/bandit/pull/1122
• Bump docker/build-push-action from 5.2.0 to 5.3.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1123
• Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1124
• Bump docker/login-action from 3.0.0 to 3.1.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1125
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/PyCQA/bandit/pull/1126
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/PyCQA/bandit/pull/1127
• Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1130
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/PyCQA/bandit/pull/1131
• Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1132
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/PyCQA/bandit/pull/1133
• Updates banner logo so it renders well in dark mode by @​ericwb in https://github.com/PyCQA/bandit/pull/1134
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/PyCQA/bandit/pull/1135
• Add a sponsor section to README by @​ericwb in https://github.com/PyCQA/bandit/pull/1137
• Ensure sarif extra is included as part of doc build by @​ericwb in https://github.com/PyCQA/bandit/pull/1139
• Bump docker/login-action from 3.1.0 to 3.2.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1142
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/PyCQA/bandit/pull/1143
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in https://github.com/PyCQA/bandit/pull/1145
• Guard against empty call argument list by @​ericwb in https://github.com/PyCQA/bandit/pull/1146
• Bump docker/build-push-action from 5.3.0 to 5.4.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1144
• Support configfile in .bandit file by @​bersbersbers in https://github.com/PyCQA/bandit/pull/1052

New Contributors

• @​pre-commit-ci made their first contribution in https://github.com/PyCQA/bandit/pull/1119
• @​bersbersbers made their first contribution in https://github.com/PyCQA/bandit/pull/1052

Full Changelog: PyCQA/bandit@1.7.8...1.7.9

v1.7.8

Compare Source

What's Changed

• Incorrect tag naming in readme by @​lukehinds in https://github.com/PyCQA/bandit/pull/1105
• Utilize PyPI's trusted publishing by @​ericwb in https://github.com/PyCQA/bandit/pull/1107
• Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1109
• Add 1.7.7 to versions of bug template by @​ericwb in https://github.com/PyCQA/bandit/pull/1110
• Use datetime to avoid updating copyright year by @​ericwb in https://github.com/PyCQA/bandit/pull/1112
• filter data is safe for tarfile extractall by @​etienneschalk in https://github.com/PyCQA/bandit/pull/1111
• Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by @​dependabot in https://github.com/PyCQA/bandit/pull/1115
• [B605] Add functions that are vulnerable to shell injection. by @​shihai1991 in https://github.com/PyCQA/bandit/pull/1116
• Add a SARIF output formatter by @​ericwb in https://github.com/PyCQA/bandit/pull/1113

New Contributors

• @​etienneschalk made their first contribution in https://github.com/PyCQA/bandit/pull/1111
• @​shihai1991 made their first contribution in https://github.com/PyCQA/bandit/pull/1116

Full Changelog: PyCQA/bandit@1.7.7...1.7.8

v1.7.7

Compare Source

What's Changed

• Add the new release to bandit versions of bug template by @​ericwb in https://github.com/PyCQA/bandit/pull/1075
• Bump actions/setup-python from 4 to 5 by @​dependabot in https://github.com/PyCQA/bandit/pull/1076
• Handle variant in how policy is passed in paramiko by @​ericwb in https://github.com/PyCQA/bandit/pull/1078
• Flag str.replace as possible sql injection by @​costaparas in https://github.com/PyCQA/bandit/pull/1044
• defusedxml: Show correct module name by @​kajinamit in https://github.com/PyCQA/bandit/pull/1081
• Add tidelift to the sponsor funding list by @​ericwb in https://github.com/PyCQA/bandit/pull/1089
• Create a security policy by @​ericwb in https://github.com/PyCQA/bandit/pull/1091
• Fix up issues found running Bandit on itself by @​ericwb in https://github.com/PyCQA/bandit/pull/1093
• Add random.randbytes to blacklist calls by @​ericwb in https://github.com/PyCQA/bandit/pull/1096
• Prepend ./ for files specified as CLI args by @​ericwb in https://github.com/PyCQA/bandit/pull/1094
• Rework GitPython dependency to be an extra for bandit-baseline by @​ericwb in https://github.com/PyCQA/bandit/pull/1099
• Bump actions/dependency-review-action from 3 to 4 by @​dependabot in https://github.com/PyCQA/bandit/pull/1101
• Introduce Official Bandit Images by @​lukehinds in https://github.com/PyCQA/bandit/pull/1088
• Remove markdown formatting in reStructuredText formatted README by @​ericwb in https://github.com/PyCQA/bandit/pull/1103
• Downsize the org:repo name by @​lukehinds in https://github.com/PyCQA/bandit/pull/1104

New Contributors

• @​kajinamit made their first contribution in https://github.com/PyCQA/bandit/pull/1081

Full Changelog: PyCQA/bandit@1.7.6...1.7.7

v1.7.6

Compare Source

What's Changed

• Update bug report to include version 1.7.5 by @​ericwb in https://github.com/PyCQA/bandit/pull/993
• Render Python 3.10 in drop down correctly by @​ericwb in https://github.com/PyCQA/bandit/pull/997
• Remove checks for Python2 urllib by @​ericwb in https://github.com/PyCQA/bandit/pull/999
• Improper detection of non-requests module by @​ericwb in https://github.com/PyCQA/bandit/pull/1011
• xmlrpclib replaced with xmlrpc in Python3 by @​ericwb in https://github.com/PyCQA/bandit/pull/1012
• language and linting updates by @​marksmayo in https://github.com/PyCQA/bandit/pull/1015
• Adds check for crypt module usage as weak hash by @​ericwb in https://github.com/PyCQA/bandit/pull/1018
• Switch to tox 4 by @​mportesdev in https://github.com/PyCQA/bandit/pull/1020
• Skip unnecessary pip install commands in the pythonpackage.yml workflow by @​mportesdev in https://github.com/PyCQA/bandit/pull/1021
• Update versions of used GitHub Actions by @​mportesdev in https://github.com/PyCQA/bandit/pull/1024
• Update pre-commit hooks by @​mportesdev in https://github.com/PyCQA/bandit/pull/1026
• Add random.Random to B311 checks by @​shiftinv in https://github.com/PyCQA/bandit/pull/940
• Add a copy button to all code snippets in docs by @​ericwb in https://github.com/PyCQA/bandit/pull/1030
• Replace pbr in favor of importlib by @​ericwb in https://github.com/PyCQA/bandit/pull/1016
• Switch from open collective to PSF by @​ericwb in https://github.com/PyCQA/bandit/pull/1031
• Make pre-commit run Bandit hook using a single process by @​Klavionik in https://github.com/PyCQA/bandit/pull/1029
• Remove support for Python 3.7 due to end-of-life by @​ericwb in https://github.com/PyCQA/bandit/pull/1034
• Update asserts.py documentation by @​deronnax in https://github.com/PyCQA/bandit/pull/1036
• Simplify wrap_file_object by @​mportesdev in https://github.com/PyCQA/bandit/pull/1037
• django_rawsql_used: support keyword arguments used in RawSQL by @​kevinmarsh in https://github.com/PyCQA/bandit/pull/765
• Avoid gitpyhon CVE-2022-24439 by @​carlosduelo in https://github.com/PyCQA/bandit/pull/1048
• Update blacklist call documentation by @​costaparas in https://github.com/PyCQA/bandit/pull/1045
• Support ignoring blacklists by name by @​costaparas in https://github.com/PyCQA/bandit/pull/1046
• Fix dependabot to update github actions by @​ericwb in https://github.com/PyCQA/bandit/pull/1057
• Bump actions/checkout from 3 to 4 by @​dependabot in https://github.com/PyCQA/bandit/pull/1058
• Fix for ReadtheDocs build by @​ericwb in https://github.com/PyCQA/bandit/pull/1061
• fix(plugins/B507): also detect class instances by @​mkniewallner in https://github.com/PyCQA/bandit/pull/1064
• Use mirror repository for black pre-commit hook by @​mportesdev in https://github.com/PyCQA/bandit/pull/1070
• Add official support of Python 3.12 by @​ericwb in https://github.com/PyCQA/bandit/pull/1068
• Fix crash on pyproject.toml without bandit config by @​javajawa in https://github.com/PyCQA/bandit/pull/1073
• refactor: remove importlib-metadata fallback by @​mkniewallner in https://github.com/PyCQA/bandit/pull/1066
• Fixes for sphinx build by @​ericwb in https://github.com/PyCQA/bandit/pull/1063

New Contributors

• @​marksmayo made their first contribution in https://github.com/PyCQA/bandit/pull/1015
• @​shiftinv made their first contribution in https://github.com/PyCQA/bandit/pull/940
• @​Klavionik made their first contribution in https://github.com/PyCQA/bandit/pull/1029
• @​deronnax made their first contribution in https://github.com/PyCQA/bandit/pull/1036
• @​kevinmarsh made their first contribution in https://github.com/PyCQA/bandit/pull/765
• @​carlosduelo made their first contribution in https://github.com/PyCQA/bandit/pull/1048
• @​costaparas made their first contribution in https://github.com/PyCQA/bandit/pull/1045
• @​dependabot made their first contribution in https://github.com/PyCQA/bandit/pull/1058
• @​javajawa made their first contribution in https://github.com/PyCQA/bandit/pull/1073

Full Changelog: PyCQA/bandit@1.7.5...1.7.6

psf/black (black)

v25.1.0

Compare Source

Highlights

This release introduces the new 2025 stable style (#​4558), stabilizing the following
changes:

• Normalize casing of Unicode escape characters in strings to lowercase (#​2916)
• Fix inconsistencies in whether certain strings are detected as docstrings (#​4095)
• Consistently add trailing commas to typed function parameters (#​4164)
• Remove redundant parentheses in if guards for case blocks (#​4214)
• Add parentheses to if clauses in case blocks when the line is too long (#​4269)
• Whitespace before # fmt: skip comments is no longer normalized (#​4146)
• Fix line length computation for certain expressions that involve the power operator
  (#​4154)
• Check if there is a newline before the terminating quotes of a docstring (#​4185)
• Fix type annotation spacing between * and more complex type variable tuple (#​4440)

The following changes were not in any previous release:

• Remove parentheses around sole list items (#​4312)
• Generic function definitions are now formatted more elegantly: parameters are split
  over multiple lines first instead of type parameter definitions (#​4553)

Stable style

• Fix formatting cells in IPython notebooks with magic methods and starting or trailing
  empty lines (#​4484)
• Fix crash when formatting with statements containing tuple generators/unpacking
  (#​4538)

Preview style

• Fix/remove string merging changing f-string quotes on f-strings with internal quotes
  (#​4498)
• Collapse multiple empty lines after an import into one (#​4489)
• Prevent string_processing and wrap_long_dict_values_in_parens from removing
  parentheses around long dictionary values (#​4377)
• Move wrap_long_dict_values_in_parens from the unstable to preview style (#​4561)

Packaging

• Store license identifier inside the License-Expression metadata field, see
  PEP 639. (#​4479)

Performance

• Speed up the is_fstring_start function in Black's tokenizer (#​4541)

Integrations

• If using stdin with --stdin-filename set to a force excluded path, stdin won't be
  formatted. (#​4539)

v24.10.0

Compare Source

Highlights

• Black is now officially tested with Python 3.13 and provides Python 3.13
  mypyc-compiled wheels. (#​4436) (#​4449)
• Black will issue an error when used with Python 3.12.5, due to an upstream memory
  safety issue in Python 3.12.5 that can cause Black's AST safety checks to fail. Please
  use Python 3.12.6 or Python 3.12.4 instead. (#​4447)
• Black no longer supports running with Python 3.8 (#​4452)

Stable style

• Fix crashes involving comments in parenthesised return types or X | Y style unions.
  (#​4453)
• Fix skipping Jupyter cells with unknown %% magic (#​4462)

Preview style

• Fix type annotation spacing between * and more complex type variable tuple (i.e. def fn(*args: *tuple[*Ts, T]) -> None: pass) (#​4440)

Caching

• Fix bug where the cache was shared between runs with and without --unstable (#​4466)

Packaging

• Upgrade version of mypyc used to 1.12 beta (#​4450) (#​4449)
• blackd now requires a newer version of aiohttp. (#​4451)

Output

• Added Python target version information on parse error (#​4378)
• Add information about Black version to internal error messages (#​4457)

v24.8.0

Compare Source

Stable style

• Fix crash when # fmt: off is used before a closing parenthesis or bracket. (#​4363)

Packaging

• Packaging metadata updated: docs are explictly linked, the issue tracker is now also
  linked. This improves the PyPI listing for Black. (#​4345)

Parser

• Fix regression where Black failed to parse a multiline f-string containing another
  multiline string (#​4339)
• Fix regression where Black failed to parse an escaped sing

---

Configuration

📅 Schedule: Branch creation - "before 7am on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.