build(deps-dev): bump kafka-python from 1.4.7 to 2.3.0

[dependabot]

Bumps kafka-python from 1.4.7 to 2.3.0.

Release notes

Sourced from kafka-python's releases.

2.2.15 (July 1, 2025)

Fixes

• Fix KafkaProducer broken method names (@​llk89 / #2660)
• Fix spelling mistake in KafkaConsumer docs (@​Xeus-CC / #2659)

2.2.14 (June 27, 2025)

Fixes

• python2 fixups (#2655)
• Fix coordinator lock contention during close() (#2652)

2.2.13 (June 20, 2025)

Fixes

• Use client.await_ready() to simplify blocking wait and add timeout to admin client (#2648)
• Fixup import style in example.py

Documentation

• update README kafka version badge to include 4.0

2.2.12 (June 18, 2025)

Fixes

• Fix construction of final GSSAPI authentication message (#2647)
• Avoid RuntimeError on mutated _completed_fetches deque in consumer fetcher (#2646)
• Throw exception on invalid bucket type (#2642)

2.2.11 (June 5, 2025)

Fixes

• Do not ignore metadata response for single topic with error (#2640)
• Fix decoding bug in AWS_MSK_IAM mechanism (#2639)
• Add synchronized decorator; add lock to subscription state (#2636)
• Update build links in documentation (#2634)

2.2.10 (May 22, 2025)

Fixes

• Set the current host in the SASL configs (#2633)
• Fix sasl gssapi plugin: do not rely on client_ctx.complete in auth_bytes() (#2631)

2.2.9 (May 21, 2025)

... (truncated)

Changelog

Sourced from kafka-python's changelog.

2.3.0 (Nov 20, 2025) ####################

CLI

• python -m cli interfaces for kafka.admin, kafka.consumer, kafka.producer (#2650)

Producer

• KIP-654: Abort transaction with pending data with TransactionAbortedError (#2662)
• KafkaProducer: Handle UnknownProducerIdError (#2663)
• KIP-467: Augment ProduceResponse error messaging for specific culprit records (#2661)
• Add transactional_id to KafkaProducer Keyword Arguments docstring

Consumer

• KIP-345: Consumer group static membership (#2625)
• KIP-207: Add ListOffsetsRequest v5 / handle OffsetNotAvailableError (#2657)
• Fetcher: Add missing argument in debug log (#2665)

AdminClient

• KIP-430: Return Authorized Operations in Describe Responses (#2656)
• Add send_request() and send_requests() to KafkaAdminClient (#2649)

Maintenance

• Remove old/unused kafka.protocol.pickle (#2653)
• Switch protocol code to getattr/setattr from dict (#2654)
• Drop unused imports (#2651)

Project Infra

• Bump github/codeql-action from 3 to 4 (#2678)
• Bump actions/setup-python from 5 to 6 (#2674)
• Bump actions/setup-java from 4 to 5 (#2673)
• Bump actions/checkout from 4 to 5 (#2669)
• Bump actions/checkout from 5 to 6 (#2694)
• NixOS helpers

2.2.18 (Nov 20, 2025) #####################

Fixes

• Add ProducerBatch.lt for heapq (#2698)

2.2.17 (Nov 20, 2025)

... (truncated)

Commits

• 63d9634 Release 2.3.0
• 1569334 Add ProducerBatch.lt for heapq (#2698)
• 5904e5d minor api docs formatting cleanups
• 84d1394 Add cli modules to docs/; add top level kafka.main with help message
• dc470da Update changelog
• c75f97c SOCKS5: support looking up names remotely (#2666)
• 4197302 Add internal poll to consumer.position() (#2696)
• 8d38aa7 Initiate Coordinator Reconnect w/ Backoff from Heartbeat Thread (#2695)
• 7e38cf2 Bump actions/checkout from 5 to 6 (#2694)
• 38a105b Changelog updates
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[haileyok]

i'd be careful bumping this. i ran into a ton of problems with kafka-python and while bumping the library itself didn't actually affect me at all when i tried (both 1.x and 2.x have problems with SASL authentication...) it was a weird process. would need some testing to make sure it doesn't break things.