Bump the dependencies group with 12 updates

[dependabot]

Bumps the dependencies group with 12 updates:

Package	From	To
django	5.2.6	5.2.7
psycopg2	2.9.10	2.9.11
django-filter	25.1	25.2
boto3	1.40.45	1.40.50
attrs	25.3.0	25.4.0
sentry-sdk	2.39.0	2.41.0
faker	37.8.0	37.11.0
ipython	9.5.0	9.6.0
django-stubs	5.2.5	5.2.7
djangorestframework-stubs	3.16.3	3.16.4
boto3-stubs	1.40.45	1.40.50
ruff	0.13.3	0.14.0

Updates django from 5.2.6 to 5.2.7

Commits

• 3cff320 [5.2.x] Bumped version for 5.2.7 release.
• ed8fc39 [5.2.x] Fixed CVE-2025-59682 -- Fixed potential partial directory-traversal v...
• 52fbae0 [5.2.x] Fixed CVE-2025-59681 -- Protected QuerySet.annotate(), alias(), aggre...
• 1794cbf [5.2.x] Made cosmetic edits to 5.2.7 release notes.
• 81625a1 [5.2.x] Fixed #36587 -- Clarified usage of list.insert() for upload handlers.
• 6f3813e [5.2.x] Fixed #35877, Refs #36128 -- Documented unique constraint when migrat...
• 10a2d3b [5.2.x] Added stub release notes and release date for 5.2.7, 5.1.13, and 4.2.25.
• b2773a3 [5.2.x] Refs #25508 -- Used QuerySet.repr in docs/ref/contrib/postgres/se...
• 7554c54 [5.2.x] Fixed #36581 -- Updated serialization examples from XML to JSON.
• 2a2936c [5.2.x] Updated translations from Transifex.
• Additional commits viewable in compare view

Updates psycopg2 from 2.9.10 to 2.9.11

Changelog

Sourced from psycopg2's changelog.

Current release

What's new in psycopg 2.9.11 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.14.
• Avoid a segfault passing more arguments than placeholders if Python is built with assertions enabled (:ticket:[#1791](https://github.com/psycopg/psycopg2/issues/1791)).
• ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 18.
• Drop support for Python 3.8.

What's new in psycopg 2.9.10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.13.
• Receive notifications on commit (:ticket:[#1728](https://github.com/psycopg/psycopg2/issues/1728)).
• ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 17.
• Drop support for Python 3.7.

What's new in psycopg 2.9.9 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.12.
• Drop support for Python 3.6.

What's new in psycopg 2.9.8 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Wheel package bundled with PostgreSQL 16 libpq in order to add support for recent features, such as sslcertmode.

What's new in psycopg 2.9.7 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Fix propagation of exceptions raised during module initialization (:ticket:[#1598](https://github.com/psycopg/psycopg2/issues/1598)).
• Fix building when pg_config returns an empty string (:ticket:[#1599](https://github.com/psycopg/psycopg2/issues/1599)).
• Wheel package bundled with OpenSSL 1.1.1v.

What's new in psycopg 2.9.6 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

... (truncated)

Commits

• fd9ae8c chore: bump to version 2.9.11
• d923840 chore: update docs requirements
• d42dc71 Merge branch 'fix-1791'
• 4fde656 fix: avoid failed assert passing more arguments than placeholders
• 8308c19 fix: drop warning about the use of deprecated PyWeakref_GetObject function
• 1a1eabf build(deps): bump actions/github-script from 7 to 8
• 897af8b build(deps): bump peter-evans/repository-dispatch from 3 to 4
• ceefd30 build(deps): bump actions/checkout from 4 to 5
• 4dc5854 build(deps): bump actions/setup-python from 5 to 6
• 1945788 Merge pull request #1802 from edgarrmondragon/cp314-wheels
• Additional commits viewable in compare view

Updates django-filter from 25.1 to 25.2

Changelog

Sourced from django-filter's changelog.

Version 25.2 (2025-10-05)

• Added testing for Django 6.0.

• Dropped support for Django <5.2 LTS

• Dropped support for Python 3.9.

Commits

• 17ec565 Bumped version for 25.2 release.
• 9b4b8fd Updated testing for Django 6.0. (#1730)
• 1b07b3e Bump actions/setup-python from 5 to 6 in the github-actions group (#1726)
• 27a1168 Bump the github-actions group with 2 updates (#1722)
• 7f59b6f Add drf as optional dependencies (#1724)
• 635343e Add reference anchors to filter types to facilitate intersphinx refs (#1706)
• 7b3176e Document steps for postgres full text search (#1704)
• See full diff in compare view

Updates boto3 from 1.40.45 to 1.40.50

Commits

• d8b4186 Merge branch 'release-1.40.50'
• 8fc5b24 Bumping version to 1.40.50
• f4d0097 Add changelog entries from botocore
• 660a1ec Merge branch 'release-1.40.49'
• a5eec70 Merge branch 'release-1.40.49' into develop
• a06ac9e Bumping version to 1.40.49
• 4dd0569 Add changelog entries from botocore
• 5ad0248 Merge branch 'release-1.40.48'
• 578c49e Merge branch 'release-1.40.48' into develop
• 01618f3 Bumping version to 1.40.48
• Additional commits viewable in compare view

Updates attrs from 25.3.0 to 25.4.0

Commits

• See full diff in compare view

Updates sentry-sdk from 2.39.0 to 2.41.0

Release notes

Sourced from sentry-sdk's releases.

2.41.0

Various fixes & improvements

• feat: Add concurrent.futures patch to threading integration (#4770) by @​alexander-alderman-webb

  The SDK now makes sure to automatically preserve span relationships when using ThreadPoolExecutor.

• chore: Remove old metrics code (#4899) by @​sentrivana

  Removed all code related to the deprecated experimental metrics feature (sentry_sdk.metrics).

• ref: Remove "experimental" from log function name (#4901) by @​sentrivana

• fix(ai): Add mapping for gen_ai message roles (#4884) by @​shellmayr

• feat(metrics): Add trace metrics behind an experiments flag (#4898) by @​k-fish

2.40.0

Various fixes & improvements

• Add LiteLLM integration (#4864) by @​constantinius Once you've enabled the new LiteLLM integration, you can use the Sentry AI Agents Monitoring, a Sentry dashboard that helps you understand what's going on with your AI requests:

  import sentry_sdk
  from sentry_sdk.integrations.litellm import LiteLLMIntegration
  sentry_sdk.init(
      dsn="<your-dsn>",
      # Set traces_sample_rate to 1.0 to capture 100%
      # of transactions for tracing.
      traces_sample_rate=1.0,
      # Add data like inputs and responses;
      # see https://docs.sentry.io/platforms/python/data-management/data-collected/ for more info
      send_default_pii=True,
      integrations=[
          LiteLLMIntegration(),
      ],
  )

• Litestar: Copy request info to prevent cookies mutation (#4883) by @​alexander-alderman-webb

• Add tracing to DramatiqIntegration (#4571) by @​Igreh

• Also emit spans for MCP tool calls done by the LLM (#4875) by @​constantinius

• Option to not trace HTTP requests based on status codes (#4869) by @​alexander-alderman-webb You can now disable transactions for incoming requests with specific HTTP status codes. The new trace_ignore_status_codes option accepts a set of status codes as integers. If a transaction wraps a request that results in one of the provided status codes, the transaction will be unsampled.

  import sentry_sdk
  sentry_sdk.init(
  trace_ignore_status_codes={301, 302, 303, *range(305, 400), 404},
  )

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.41.0

Various fixes & improvements

• feat: Add concurrent.futures patch to threading integration (#4770) by @​alexander-alderman-webb

  The SDK now makes sure to automatically preserve span relationships when using ThreadPoolExecutor.

• chore: Remove old metrics code (#4899) by @​sentrivana

  Removed all code related to the deprecated experimental metrics feature (sentry_sdk.metrics).

• ref: Remove "experimental" from log function name (#4901) by @​sentrivana

• fix(ai): Add mapping for gen_ai message roles (#4884) by @​shellmayr

• feat(metrics): Add trace metrics behind an experiments flag (#4898) by @​k-fish

2.40.0

Various fixes & improvements

• Add LiteLLM integration (#4864) by @​constantinius Once you've enabled the new LiteLLM integration, you can use the Sentry AI Agents Monitoring, a Sentry dashboard that helps you understand what's going on with your AI requests:

  import sentry_sdk
  from sentry_sdk.integrations.litellm import LiteLLMIntegration
  sentry_sdk.init(
      dsn="<your-dsn>",
      # Set traces_sample_rate to 1.0 to capture 100%
      # of transactions for tracing.
      traces_sample_rate=1.0,
      # Add data like inputs and responses;
      # see https://docs.sentry.io/platforms/python/data-management/data-collected/ for more info
      send_default_pii=True,
      integrations=[
          LiteLLMIntegration(),
      ],
  )

• Litestar: Copy request info to prevent cookies mutation (#4883) by @​alexander-alderman-webb

• Add tracing to DramatiqIntegration (#4571) by @​Igreh

• Also emit spans for MCP tool calls done by the LLM (#4875) by @​constantinius

• Option to not trace HTTP requests based on status codes (#4869) by @​alexander-alderman-webb You can now disable transactions for incoming requests with specific HTTP status codes. The new trace_ignore_status_codes option accepts a set of status codes as integers. If a transaction wraps a request that results in one of the provided status codes, the transaction will be unsampled.

  import sentry_sdk
  sentry_sdk.init(
  trace_ignore_status_codes={301, 302, 303, *range(305, 400), 404},
  )

... (truncated)

Commits

• 685287d Update CHANGELOG.md
• 272af1b release: 2.41.0
• 1f8c008 feat(metrics): Add trace metrics behind an experiments flag (#4898)
• a049747 ref: Remove "experimental" from log func name (#4901)
• 7997368 chore: Remove old metrics code (#4899)
• 55e903e ci: Bump Python version for linting (#4897)
• f32e391 feat: Add concurrent.futures patch to threading integration (#4770)
• b1dd2dc fix(ai): add mapping for gen_ai message roles (#4884)
• a879d82 ci: Remove toxgen check (#4892)
• 87f8f39 Merge branch 'release/2.40.0'
• Additional commits viewable in compare view

Updates faker from 37.8.0 to 37.11.0

Release notes

Sourced from faker's releases.

Release v37.11.0

See CHANGELOG.md.

Release v37.10.0

See CHANGELOG.md.

Release v37.9.0

See CHANGELOG.md.

Changelog

Sourced from faker's changelog.

v37.11.0 - 2025-10-07

• Add French company APE code. Thanks @​fabien-michel.

v37.9.0 - 2025-10-07

• Add names generation to en_KE locale. Thanks @​titustum.

Commits

• 2a366a6 Bump version: 37.10.0 → 37.11.0
• 84890eb Bump version: 37.9.0 → 37.10.0
• 6e9b7ef 📝 Update CHANGELOG.md
• e8f344f 💄 Lint code
• de0efef feat: add french company APE code (#2263)
• d4826a7 Bump version: 37.8.0 → 37.9.0
• e49d9a1 📝 Update CHANGELOG.md
• 923863e 📝 Update CHANGELOG.md
• e089c8f 💄 Lint code
• b91c7c1 Add names generation to en_KE locale (#2255)
• See full diff in compare view

Updates ipython from 9.5.0 to 9.6.0

Commits

• 48b00eb release 9.6.0
• d87f745 Add release notes for 9.6 (#15002)
• cfacd05 Type-guided partial evaluation for completion of unitialized variables (#14993)
• 7c97122 Fix: Add support for forward_char as a keyboard shortcut (#15003)
• 521e985 Fix missing command 'forward_char'
• 64484bb This will work
• f3a53d8 Fix downstream further
• c40b9ef Add release notes for 9.6
• 7c20fd6 Fix downstream compatibility
• cc81ca1 Add module ignoring functionality to debugger (#14973)
• Additional commits viewable in compare view

Updates django-stubs from 5.2.5 to 5.2.7

Commits

• See full diff in compare view

Updates djangorestframework-stubs from 3.16.3 to 3.16.4

Commits

• See full diff in compare view

Updates boto3-stubs from 1.40.45 to 1.40.50

Release notes

Sourced from boto3-stubs's releases.

8.8.0 - Python 3.8 runtime is back

Changed

• [services] install_requires section is calculated based on dependencies in use, so typing-extensions version is set properly
• [all] Replaced typing imports with collections.abc with a fallback to typing for Python <3.9
• [all] Added aliases for builtins.list, builtins.set, builtins.dict, and builtins.type, so Python 3.8 runtime should work as expected again (reported by @​YHallouard in #340 and @​Omri-Ben-Yair in #336)
• [all] Unions use the same type annotations as the rest of the structures due to proper fallbacks

Fixed

• [services] Universal input/output shapes were not replaced properly in service subresources
• [docs] Simplified doc links rendering for services
• [services] Cleaned up unnecessary imports in client.pyi
• [builder] Import records with fallback are always rendered

Commits

• See full diff in compare view

Updates ruff from 0.13.3 to 0.14.0

Release notes

Sourced from ruff's releases.

0.14.0

Release Notes

Released on 2025-10-07.

Breaking changes

• Update default and latest Python versions for 3.14 (#20725)

Preview features

• [flake8-bugbear] Include certain guaranteed-mutable expressions: tuples, generators, and assignment expressions (B006) (#20024)
• [refurb] Add fixes for FURB101 and FURB103 (#20520)
• [ruff] Extend FA102 with listed PEP 585-compatible APIs (#20659)

Bug fixes

• [flake8-annotations] Fix return type annotations to handle shadowed builtin symbols (ANN201, ANN202, ANN204, ANN205, ANN206) (#20612)
• [flynt] Fix f-string quoting for mixed quote joiners (FLY002) (#20662)
• [isort] Fix inserting required imports before future imports (I002) (#20676)
• [ruff] Handle argfile expansion errors gracefully (#20691)
• [ruff] Skip RUF051 if else/elif block is present (#20705)
• [ruff] Improve handling of intermixed comments inside from-imports (#20561)

Documentation

• [flake8-comprehensions] Clarify fix safety documentation (C413) (#20640)

Contributors

• @​danparizher
• @​terror
• @​TaKO8Ki
• @​ntBre
• @​njhearp
• @​amyreese
• @​IDrokin117
• @​chirizxc

Install ruff 0.14.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.14.0/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

</tr></table> 

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.0

Released on 2025-10-07.

Breaking changes

• Update default and latest Python versions for 3.14 (#20725)

Preview features

• [flake8-bugbear] Include certain guaranteed-mutable expressions: tuples, generators, and assignment expressions (B006) (#20024)
• [refurb] Add fixes for FURB101 and FURB103 (#20520)
• [ruff] Extend FA102 with listed PEP 585-compatible APIs (#20659)

Bug fixes

• [flake8-annotations] Fix return type annotations to handle shadowed builtin symbols (ANN201, ANN202, ANN204, ANN205, ANN206) (#20612)
• [flynt] Fix f-string quoting for mixed quote joiners (FLY002) (#20662)
• [isort] Fix inserting required imports before future imports (I002) (#20676)
• [ruff] Handle argfile expansion errors gracefully (#20691)
• [ruff] Skip RUF051 if else/elif block is present (#20705)
• [ruff] Improve handling of intermixed comments inside from-imports (#20561)

Documentation

• [flake8-comprehensions] Clarify fix safety documentation (C413) (#20640)

Contributors

• @​danparizher
• @​terror
• @​TaKO8Ki
• @​ntBre
• @​njhearp
• @​amyreese
• @​IDrokin117
• @​chirizxc

0.13.x

See changelogs/0.13.x

0.12.x

See changelogs/0.12.x

0.11.x

See changelogs/0.11.x

... (truncated)

Commits

• beea8cd Bump 0.14.0 (#20751)
• 416e956 [ty] Infer better specializations of unions with None (etc) (#20749)
• 88c0ce3 Update default and latest Python versions for 3.14 (#20725)
• 8fb29ea [ruff] improve handling of intermixed comments inside from-imports (#20561)
• 23ebfe7 [ty] Fix tiny mistake in protocol tests (#20743)
• f90d646 [ty] Make infer_method_information less confusing (#20740)
• 15af4c0 Move --show-settings snapshots to separate files (#20741)
• 76f8e5b Refactor Rust lint test structure to use RuffTestFixture (#20689)
• b66a3e7 [refurb] Add fixes for FURB101, FURB103 (#20520)
• 70f51e9 [ty] Print display of types when a property test fails (#20720)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions