Skip to content

Bump the python-dependencies group across 1 directory with 5 updates#51

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/python-dependencies-1fc426f8fb
Open

Bump the python-dependencies group across 1 directory with 5 updates#51
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/python-dependencies-1fc426f8fb

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 6, 2026

Bumps the python-dependencies group with 5 updates in the / directory:

Package From To
django-allauth 65.15.0 65.15.1
gunicorn 25.1.0 25.3.0
pillow 12.1.1 12.2.0
sentry-sdk 2.55.0 2.57.0
openai 2.29.0 2.30.0

Updates django-allauth from 65.15.0 to 65.15.1

Commits

Updates gunicorn from 25.1.0 to 25.3.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 25.3.0

Bug Fixes

  • HTTP/2 ASGI Body Duplication: Fix request body being received twice in HTTP/2 ASGI requests, causing JSON parsing errors with "Extra data" messages (#3558)

  • ASGI Chunked EOF Handling: Add finish() method to callback parser to handle chunked encoding edge case where connection closes before final CRLF after zero-chunk

  • HTTP/2 Documentation: Fix http_protocols examples to use comma-separated string instead of list syntax (#3561)

  • Chunked Encoding: Reject chunk extensions containing bare CR bytes per RFC 9112 (#3556)

  • Request Line Limit: Fix --limit-request-line 0 to mean unlimited as documented, instead of using default maximum. Works with both Python and fast C parser. (#3563)

Security

  • ASGI Parser Header Validation: Add security checks per RFC 9110/9112:
    • Reject duplicate Content-Length headers
    • Reject requests with both Content-Length and Transfer-Encoding
    • Reject chunked transfer encoding in HTTP/1.0
    • Reject stacked chunked encoding
    • Validate Transfer-Encoding values
    • Strict chunk size validation

Changes

  • Fast HTTP Parser: Update to gunicorn_h1c >= 0.6.3 for asgi_headers property and InvalidChunkExtension validation for bare CR rejection

  • ASGI PROXY Protocol: Add PROXY protocol v1/v2 support to callback parser

  • Docker Images: Update to Python 3.14

Gunicorn 25.2.0

New Features

  • Fast HTTP Parser (gunicorn_h1c 0.4.1): Integrate new exception types and limit parameters from gunicorn_h1c 0.4.1 for both WSGI and ASGI workers
    • Requires gunicorn_h1c >= 0.4.1 for http_parser='fast'
    • Falls back to Python parser in auto mode if version not met
    • Proper HTTP status codes for limit errors (414, 431)

Bug Fixes

  • uWSGI Async Workers: Fix InvalidUWSGIHeader: incomplete header error when using gevent or gthread workers with uwsgi protocol behind nginx. (#3552, [PR #3554](benoitc/gunicorn#3554))

... (truncated)

Commits
  • 9bce72c Update changelog with missing 25.3.0 changes
  • 2a15fdb Fix pylint isinstance-second-argument-not-valid-type warning
  • 8d08aaa Fix --limit-request-line 0 to mean unlimited
  • d40a374 Fix pytest-asyncio configuration and treq_asgi hex escapes
  • da8bd48 Remove unused AsyncRequest class
  • b00f125 Integrate gunicorn_h1c 0.6.3 with InvalidChunkExtension support
  • bdb2ebd Reject chunk extensions with bare CR bytes (RFC 9112)
  • 7057fc9 Fix http_protocols documentation to use string syntax
  • d43acb8 Update to gunicorn_h1c >= 0.6.2 for asgi_headers support
  • cbd27e8 Merge pull request #3559 from benleembruggen/fix/http2-asgi-body-duplication
  • Additional commits viewable in compare view

Updates pillow from 12.1.1 to 12.2.0

Release notes

Sourced from pillow's releases.

12.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html

Documentation

Dependencies

Testing

Other changes

... (truncated)

Commits

Updates sentry-sdk from 2.55.0 to 2.57.0

Release notes

Sourced from sentry-sdk's releases.

2.57.0

New Features ✨

Langchain

Other

Bug Fixes 🐛

Openai

Other

Internal Changes 🔧

Ai

Langchain

Openai

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.57.0

New Features ✨

Langchain

Other

Bug Fixes 🐛

Openai

Other

Internal Changes 🔧

Ai

Langchain

Openai

... (truncated)

Commits
  • 9790785 Update CHANGELOG.md
  • 21f5dc3 release: 2.57.0
  • ae28669 fix(openai): Only wrap types with _iterator for streamed responses (#5917)
  • 2d91800 build(deps): bump getsentry/craft/.github/workflows/changelog-preview.yml fro...
  • 9c97dac build(deps): bump getsentry/craft from 2.25.0 to 2.25.2 (#5911)
  • 7516309 fix: Add cycle detection to exceptions_from_error (#5880)
  • 2604409 feat: Add experimental async transport (port of PR #4572) (#5646)
  • 49a5978 fix(ci): Update validate-pr action to remove draft enforcement (#5918)
  • b8a4945 ref(ai): Remove unused GEN_AI_PIPELINE operation constant (#5886)
  • e231708 ci: 🤖 Update test matrix with new releases (03/30) (#5912)
  • Additional commits viewable in compare view

Updates openai from 2.29.0 to 2.30.0

Release notes

Sourced from openai's releases.

v2.30.0

2.30.0 (2026-03-25)

Full Changelog: v2.29.0...v2.30.0

Features

  • api: add keys field to Click/DoubleClick/Drag/Move/Scroll computer actions (ee1bbed)

Bug Fixes

  • api: align SDK response types with expanded item schemas (f3f258a)
  • sanitize endpoint path params (89f6698)
  • types: make type required in ResponseInputMessageItem (cfdb167)

Chores

  • ci: skip lint on metadata-only changes (faa93e1)
  • internal: update gitignore (c468477)
  • tests: bump steady to v0.19.4 (f350af8)
  • tests: bump steady to v0.19.5 (5c03401)
  • tests: bump steady to v0.19.6 (b6353b8)
  • tests: bump steady to v0.19.7 (1d654be)

Refactors

  • tests: switch from prism to steady (4a82035)
Changelog

Sourced from openai's changelog.

2.30.0 (2026-03-25)

Full Changelog: v2.29.0...v2.30.0

Features

  • api: add keys field to Click/DoubleClick/Drag/Move/Scroll computer actions (ee1bbed)

Bug Fixes

  • api: align SDK response types with expanded item schemas (f3f258a)
  • sanitize endpoint path params (89f6698)
  • types: make type required in ResponseInputMessageItem (cfdb167)

Chores

  • ci: skip lint on metadata-only changes (faa93e1)
  • internal: update gitignore (c468477)
  • tests: bump steady to v0.19.4 (f350af8)
  • tests: bump steady to v0.19.5 (5c03401)
  • tests: bump steady to v0.19.6 (b6353b8)
  • tests: bump steady to v0.19.7 (1d654be)

Refactors

  • tests: switch from prism to steady (4a82035)
Commits
  • 5ae2cc1 release: 2.30.0
  • 6e772ae fix(api): align SDK response types with expanded item schemas
  • cd72fba feat(api): add keys field to Click/DoubleClick/Drag/Move/Scroll computer actions
  • 4f43fe3 chore(tests): bump steady to v0.19.7
  • 23bc027 chore(ci): skip lint on metadata-only changes
  • e3c59bf chore(tests): bump steady to v0.19.6
  • 56ad9ca fix(types): make type required in ResponseInputMessageItem
  • 78c764b chore(internal): update gitignore
  • 634b74e chore(tests): bump steady to v0.19.5
  • c8c9508 chore(tests): bump steady to v0.19.4
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the python-dependencies group across 1 directory with 5 updates
3f61400 
Bumps the python-dependencies group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [django-allauth](https://github.com/sponsors/pennersr) | `65.15.0` | `65.15.1` |
| [gunicorn](https://github.com/benoitc/gunicorn) | `25.1.0` | `25.3.0` |
| [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` |
| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.55.0` | `2.57.0` |
| [openai](https://github.com/openai/openai-python) | `2.29.0` | `2.30.0` |



Updates `django-allauth` from 65.15.0 to 65.15.1
- [Commits](https://github.com/sponsors/pennersr/commits)

Updates `gunicorn` from 25.1.0 to 25.3.0
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](benoitc/gunicorn@25.1.0...25.3.0)

Updates `pillow` from 12.1.1 to 12.2.0
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@12.1.1...12.2.0)

Updates `sentry-sdk` from 2.55.0 to 2.57.0
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](getsentry/sentry-python@2.55.0...2.57.0)

Updates `openai` from 2.29.0 to 2.30.0
- [Release notes](https://github.com/openai/openai-python/releases)
- [Changelog](https://github.com/openai/openai-python/blob/main/CHANGELOG.md)
- [Commits](openai/openai-python@v2.29.0...v2.30.0)

---
updated-dependencies:
- dependency-name: django-allauth
  dependency-version: 65.15.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: gunicorn
  dependency-version: 25.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: pillow
  dependency-version: 12.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: sentry-sdk
  dependency-version: 2.57.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: openai
  dependency-version: 2.30.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants