deps: bump the prod-deps group across 1 directory with 37 updates

[dependabot]

Bumps the prod-deps group with 37 updates in the / directory:

Package	From	To
django	4.2.26	6.0.1
psycopg2-binary	2.9.10	2.9.11
celery	5.5.3	5.6.2
hiredis	3.2.1	3.3.0
brotli	1.1.0	1.2.0
django-compressor	4.5.1	4.6.0
django-pint	0.7.3	1.0.3
django-post-office	3.10.1	3.11.0
drf-yasg	1.21.10	1.21.14
jellyfish	1.2.0	1.2.1
markdown	3.9	3.10
pyyaml	6.0.2	6.0.3
xlsxwriter	3.2.8	3.2.9
xmlschema	4.1.0	4.3.1
lark	1.2.2	1.3.1
simple-salesforce	1.12.8	1.12.9
shapely	2.0.7	2.1.2
django-treebeard	4.7.1	4.8.0
django-two-factor-auth[phonenumbers]	1.17.0	1.18.1
importlib-metadata	8.7.0	8.7.1
boto3	1.40.30	1.42.30
django-ses	4.4.0	4.6.0
uwsgi	2.0.30	2.0.31
coverage	7.10.6	7.13.1
coveralls	4.0.1	4.0.2
tox	4.30.2	4.34.1
psutil	7.0.0	7.2.1
faker	37.6.0	40.1.2
vcrpy	7.0.0	8.1.1
pytest	8.4.2	9.0.2
pre-commit	4.3.0	4.5.1
sphinx	7.4.7	9.1.0
sphinxcontrib-spelling	8.0.0	8.0.2
sphinx-rtd-theme	3.0.2	3.1.0
docutils	0.21.2	0.22.4
hypothesis	6.138.16	6.150.2
django-debug-toolbar	6.0.0	6.1.0

Updates django from 4.2.26 to 6.0.1

Commits

• 85eb963 [6.0.x] Bumped version for 6.0.1 release.
• ac4a550 [6.0.x] Added release date for 6.0.1.
• dcfc5b0 [6.0.x] Added release date for 5.2.10.
• 42bab76 [6.0.x] Fixed #36843, #36793 -- Reverted "Fixed #27489 -- Renamed permissions...
• 764af47 [6.0.x] Refs #33647 -- Fixed silent data truncation in bulk_create on Postgres.
• b7b5465 [6.0.x] Fixed #36829 -- Reverted value of ClearableFileInput.use_fieldset to ...
• 90daa65 [6.0.x] Fixed #30515 -- Documented resolve_url() in docs/topics/http/shortcut...
• d35daf8 [6.0.x] Fixed #36796 -- Handled lazy routes correctly in RoutePattern.match().
• 16107ab [6.0.x] Refs #36810 -- Avoided infinite recursion in LazyNonce.repr().
• 774543e [6.0.x] Fixed #36305 -- Added documentation indentation guidelines to contrib...
• Additional commits viewable in compare view

Updates psycopg2-binary from 2.9.10 to 2.9.11

Changelog

Sourced from psycopg2-binary's changelog.

Current release

What's new in psycopg 2.9.11 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.14.
• Avoid a segfault passing more arguments than placeholders if Python is built with assertions enabled (:ticket:[#1791](https://github.com/psycopg/psycopg2/issues/1791)).
• Add riscv64 platform binary packages (:ticket:[#1813](https://github.com/psycopg/psycopg2/issues/1813)).
• ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 18.
• Drop support for Python 3.8.

What's new in psycopg 2.9.10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.13.
• Receive notifications on commit (:ticket:[#1728](https://github.com/psycopg/psycopg2/issues/1728)).
• ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 17.
• Drop support for Python 3.7.

What's new in psycopg 2.9.9 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.12.
• Drop support for Python 3.6.

What's new in psycopg 2.9.8 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Wheel package bundled with PostgreSQL 16 libpq in order to add support for recent features, such as sslcertmode.

What's new in psycopg 2.9.7 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Fix propagation of exceptions raised during module initialization (:ticket:[#1598](https://github.com/psycopg/psycopg2/issues/1598)).
• Fix building when pg_config returns an empty string (:ticket:[#1599](https://github.com/psycopg/psycopg2/issues/1599)).
• Wheel package bundled with OpenSSL 1.1.1v.

What's new in psycopg 2.9.6 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

... (truncated)

Commits

• fd9ae8c chore: bump to version 2.9.11
• d923840 chore: update docs requirements
• d42dc71 Merge branch 'fix-1791'
• 4fde656 fix: avoid failed assert passing more arguments than placeholders
• 8308c19 fix: drop warning about the use of deprecated PyWeakref_GetObject function
• 1a1eabf build(deps): bump actions/github-script from 7 to 8
• 897af8b build(deps): bump peter-evans/repository-dispatch from 3 to 4
• ceefd30 build(deps): bump actions/checkout from 4 to 5
• 4dc5854 build(deps): bump actions/setup-python from 5 to 6
• 1945788 Merge pull request #1802 from edgarrmondragon/cp314-wheels
• Additional commits viewable in compare view

Updates celery from 5.5.3 to 5.6.2

Release notes

Sourced from celery's releases.

v5.6.2

What's Changed

• Fix recursive WorkController instantiation in DjangoWorkerFixup + AttributeError when pool_cls is a string by @​bruunotrindade in celery/celery#10045
• Bugfix: Revoked tasks now immediately update backend status to REVOKED by @​Nusnus in celery/celery#9869
• Prepare for release: v5.6.2 by @​Nusnus in celery/celery#10049

New Contributors

• @​bruunotrindade made their first contribution in celery/celery#10045

Full Changelog: celery/celery@v5.6.1...v5.6.2

v5.6.1

What's Changed

• Fix Redis Sentinel ACL authentication support by @​anthonykuzmich7 in celery/celery#10013
• Fix: Broker heartbeats not sent during graceful shutdown by @​weetster in celery/celery#9986
• docs #5410 -- Document confirm_publish broker transport option by @​JaeHyuckSa in celery/celery#10016
• close DB pools only in prefork mode by @​petrprikryl in celery/celery#10020
• Fix: Avoid unnecessary Django database connection creation during cleanup by @​snopoke in celery/celery#10015
• reliable prefork detection by @​petrprikryl in celery/celery#10023
• better coverage by @​petrprikryl in celery/celery#10029
• Docs: clarify result_extended vs periodic task metadata and show headers["periodic_task_name"] example by @​SpaceShaman in celery/celery#10030
• Stop importing pytest_subtests by @​cjwatson in celery/celery#10032
• Only use exceptiongroup backport for Python < 3.11 by @​cjwatson in celery/celery#10033
• Prepare for release: v5.6.1 by @​Nusnus in celery/celery#10037

New Contributors

• @​anthonykuzmich7 made their first contribution in celery/celery#10013
• @​weetster made their first contribution in celery/celery#9986
• @​JaeHyuckSa made their first contribution in celery/celery#10016
• @​snopoke made their first contribution in celery/celery#10015
• @​SpaceShaman made their first contribution in celery/celery#10030

Full Changelog: celery/celery@v5.6.0...v5.6.1

v5.6.0

Celery v5.6.0 is now available.

Key Highlights

See What's new in Celery 5.6 for a complete overview or read the main highlights below.

Python 3.9 Minimum Version

Celery 5.6.0 drops support for Python 3.8 (EOL). The minimum required Python version is now 3.9. Users still on Python 3.8 must upgrade their Python version before upgrading to Celery 5.6.0.

Additionally, this release includes initial support for Python 3.14.

SQS: Reverted to pycurl from urllib3

The switch from pycurl to urllib3 for the SQS transport (introduced in Celery 5.5.0 via Kombu) has been reverted due to critical issues affecting SQS users.

... (truncated)

Changelog

Sourced from celery's changelog.

5.6.2

:release-date: 2026-01-04 :release-by: Tomer Nosrati

What's Changed

- Fix recursive WorkController instantiation in DjangoWorkerFixup + AttributeError when pool_cls is a string ([#10045](https://github.com/celery/celery/issues/10045))
- Bugfix: Revoked tasks now immediately update backend status to REVOKED ([#9869](https://github.com/celery/celery/issues/9869))
- Prepare for release: v5.6.2 ([#10049](https://github.com/celery/celery/issues/10049))
.. _version-5.6.1:
5.6.1
:release-date: 2025-12-29
:release-by: Tomer Nosrati
What's Changed

• Fix Redis Sentinel ACL authentication support (#10013)
• Fix: Broker heartbeats not sent during graceful shutdown (#9986)
• docs #5410 -- Document confirm_publish broker transport option (#10016)
• close DB pools only in prefork mode (#10020)
• Fix: Avoid unnecessary Django database connection creation during cleanup (#10015)
• reliable prefork detection (#10023)
• better coverage (#10029)
• Docs: clarify result_extended vs periodic task metadata and show headers["periodic_task_name"] example (#10030)
• Stop importing pytest_subtests (#10032)
• Only use exceptiongroup backport for Python < 3.11 (#10033)
• Prepare for release: v5.6.1 (#10037)

.. _version-5.6.0:

5.6.0

:release-date: 2025-11-30 :release-by: Tomer Nosrati

Celery v5.6.0 is now available.

Key Highlights

See :ref:`whatsnew-5.6` for a complete overview or read the main highlights below.
</tr></table> 

... (truncated)

Commits

• 6a43c84 Prepare for release: v5.6.2 (#10049)
• 333a82f Bugfix: Revoked tasks now immediately update backend status to REVOKED (#9869)
• 9d6ab11 Fix recursive WorkController instantiation in DjangoWorkerFixup + AttributeEr...
• 21dbc73 Prepare for release: v5.6.1 (#10037)
• ba20bed Only use exceptiongroup backport for Python < 3.11 (#10033)
• 2167529 Stop importing pytest_subtests
• 0527296 Bump google-cloud-firestore from 2.21.0 to 2.22.0
• 5f8659b Clarify 'result_extended' setting usage in tasks
• f19db70 Bump mypy from 1.19.0 to 1.19.1 (#10028)
• 6da72bd better coverage (#10029)
• Additional commits viewable in compare view

Updates hiredis from 3.2.1 to 3.3.0

Release notes

Sourced from hiredis's releases.

3.3.0

Changes

• Add Python 3.14 to CI and wheels (#213 by @​zweizeichen)

Contributors

We'd like to thank all the contributors who worked on this release!

Commits

• 187d0f3 Version 3.3.0
• 3efcf03 Add Python 3.14 to CI and wheels (#213) (#215)
• 966cede Fix assertion in reader.c (#212)
• 78def30 Bump version to 3.3.0-dev
• See full diff in compare view

Updates brotli from 1.1.0 to 1.2.0

Release notes

Sourced from brotli's releases.

v1.2.0

SECURITY

• python: added Decompressor::can_accept_more_data method and optional output_buffer_limit argument Decompressor::process; that allows mitigation of unexpectedly large output; reported by Charles Chan (https://github.com/charleswhchan)

Added

• decoder / encoder: added static initialization to reduce binary size
• python: allow limiting decoder output (see SECURITY section)
• CLI: brcat alias; allow decoding concatenated brotli streams
• kt: pure Kotlin decoder
• cgo: support "raw" dictionaries
• build: Bazel modules

Removed

• java: dropped finalize() for native entities

Fixed

• java: in compress pass correct length to native encoder

Improved

• build: install man pages
• build: updated / fixed / refined Bazel buildfiles
• encoder: faster encoding
• cgo: link via pkg-config
• python: modernize extension / allow multi-phase module initialization

Changed

• decoder / encoder: static tables use "small" model (allows 2GiB+ binaries)

v1.2.0 RC2

What's Changed (compared to RC1)

• pick changes from Debian patch by @​copybara-service[bot] in google/brotli#1349
• pick changes from Alpine patch by @​copybara-service[bot] in google/brotli#1348
• pick VCPKG patches by @​copybara-service[bot] in google/brotli#1350
• fix copy-paste in Java decoder by @​copybara-service[bot] in google/brotli#1357

v1.2.0 RC1

IMPORTANT: though this is a pre-release for v1.2.0, it is expected that some changes will be added before release; most notably concerning build files: patches applied by Alpine, Debian, Conan, VCPKG will be partially/fully integrated.

SECURITY

• python: added Decompressor::can_accept_more_data method and optional output_buffer_limit argument Decompressor::process; that allows mitigation of unexpectedly large output; reported by Charles Chan (https://github.com/charleswhchan)

Added

• decoder / encoder: added static initialization to reduce binary size
• python: allow limiting decoder output (see SECURITY section)

... (truncated)

Changelog

Sourced from brotli's changelog.

[1.2.0] - 2025-10-27

SECURITY

• python: added Decompressor::can_accept_more_data method and optional output_buffer_limit argument Decompressor::process; that allows mitigation of unexpectedly large output; reported by Charles Chan (https://github.com/charleswhchan)

Added

• decoder / encoder: added static initialization to reduce binary size
• python: allow limiting decoder output (see SECURITY section)
• CLI: brcat alias; allow decoding concatenated brotli streams
• kt: pure Kotlin decoder
• cgo: support "raw" dictionaries
• build: Bazel modules

Removed

• java: dropped finalize() for native entities

Fixed

• java: in compress pass correct length to native encoder

Improved

• build: install man pages
• build: updated / fixed / refined Bazel buildfiles
• encoder: faster encoding
• cgo: link via pkg-config
• python: modernize extension / allow multi-phase module initialization

Changed

• decoder / encoder: static tables use "small" model (allows 2GiB+ binaries)

Commits

• 028fb5a release v1.2.0
• 390de5b build and test csharp decoder
• 3499acb regenerate go/kt/js/ts
• 8ca2312 fix release workflow
• ee771da fix copy-paste in Java decoder
• 42aee32 try to fix release workflow
• 392c06b redesign release resource uploading
• 1964cdb ramp up all GH actions plugins
• 61605b1 pick VCPKG patches
• 4b0f27b pick changes from Alpine patch
• Additional commits viewable in compare view

Updates django-compressor from 4.5.1 to 4.6.0

Changelog

Sourced from django-compressor's changelog.

Changelog

v4.6 (2025-11-10)

Full list of changes from v4.5.1 <https://github.com/django-compressor/django-compressor/compare/4.5.1...4.6>_

• Fixed compatibility with latest BS4.
• Removed top pin for rcssmin and rjsmin dependencies.
• Avoid compressing the same node concurrently in offline compression.
• Avoid use of deprecated ast.Constant.s
• Officially support Django 6.0
• Officially support Django 5.2
• Drop support for EOL Django 5.0
• Add support for Python 3.14.
• Add support for Python 3.13.
• Drop support for EOL Python 3.9.
• Drop support for EOL Python 3.8.

Commits

• 3ada994 Prepare 4.6.0.
• 1baa82a Remove CI testing for EOL Django 5.0.
• 8706a52 Add CI testing for Python 3.14 and Django 6.0.
• 7be9ce2 Bump brotli, lxml, and coverage test dependencies.
• d6fd813 Remove test version pinning for rcssmin and rjsmin.
• 2b46e7d Bump actions/setup-python from 5 to 6 (#1307)
• b97bb05 Disable bs4's multi valued attributes (#1296)
• 4e54330 Migrate packaging to pyproject.toml (#1313)
• 872f8d5 Remove version pinning for rcssmin and rjsmin (#1312)
• cc38666 Drop support for Python 3.9 (#1311)
• Additional commits viewable in compare view

Updates django-pint from 0.7.3 to 1.0.3

Release notes

Sourced from django-pint's releases.

v1.0.3

• Correct minimal Django version to 5.2 in pyproject.toml
• Fix documentation builds

Fix PyPI signatures

Fix broken pipeline for PyPI Sigstore uploads. No source code changes.

v1.0.1

Fix a problem with the release pipeline. No source code changes.

v1.0.0

What's Changed

• Makefile for easier dev setup by @​mmarras in CarliJoy/django-pint#100
• try unit conversion instead of literal dimensionality check #99 by @​mmarras in CarliJoy/django-pint#101
• convert numeric types to str before calling Decimal by @​SamuelJennings in CarliJoy/django-pint#108
• Migrate to pyproject and ruff by @​CarliJoy in CarliJoy/django-pint#118

New Contributors

• @​mmarras made their first contribution in CarliJoy/django-pint#100
• @​Adiorz made their first contribution in CarliJoy/django-pint#117

Full Changelog: CarliJoy/django-pint@v0.7.3...v1.0.0

Changelog

Sourced from django-pint's changelog.

Version 1.0.3

• Correct minimal Django version to 5.2 in pyproject.toml
• Fix documentation builds

Version 1.0.2

• Fix broken pipeline for PyPI Sigstore uploads. No source code changes.

Version 1.0.1

• Fix Problem in Publish Pipeline using old upload-artifact (no source code changes)

Version 1.0.0

• Start following SemVer <https://semver.org/spec/v2.0.0.html>_
• Convert numeric types to str before calling Decimal [#101](https://github.com/CarliJoy/django-pint/issues/101) by @mmarra <https://github.com/CarliJoy/django-pint/pull/101>_
• Try unit conversion instead of literal dimensionality check [#108](https://github.com/CarliJoy/django-pint/issues/108) by @SamuelJennings <https://github.com/CarliJoy/django-pint/pull/108>_
• Drop support for Python 3.8 and 3.9 and Django 3.2
• Add support for Python 3.12, 3.13 and 3.14 and Django 6.0 [#116](https://github.com/CarliJoy/django-pint/issues/116) by @Adiorz <https://github.com/CarliJoy/django-pint/pull/117>_
• Modernize project setup: Use pyproject.toml only and ruff.

Version 0.7.2

• fix conversion of number input to DecimalField (issue [#106](https://github.com/CarliJoy/django-pint/issues/106) <https://github.com/CarliJoy/django-pint/issues/106>_)

Version 0.7.1

• fix wrong unit display in widget (issue [#43](https://github.com/CarliJoy/django-pint/issues/43) <https://github.com/CarliJoy/django-pint/issues/43>_)

Version 0.7.0

• drop support for Django (<3.2) and Python Versions (<3.7) as they reached EOL
• add PositiveIntegerQuantityField (merge request [#39](https://github.com/CarliJoy/django-pint/issues/39) from jwygoda_)
• fix display of negative and scientific numbers in Widget (merger request [#41](https://github.com/CarliJoy/django-pint/issues/41) from mikeford3_)

Version 0.6.3

• fix error with Django 3.2 (issue [#36](https://github.com/CarliJoy/django-pint/issues/36)_)
• remove PrecisionError
• restructure function a bit, add more type annotations

Version 0.6.2

• only a internal technical release as the PyPi token had to be removed due to security breach before and no new token was set before releasing 0.6.1

Version 0.6.1

... (truncated)

Commits

• 67fa3b9 Fix minimal django version
• cdccb65 Fix docs
• dbc1df9 Update changelog
• d8912be Publish Pipeline: Use newer version of sigstore
• 26d263a Update changelog
• bf21c31 Fix publish pipeline: Use upload artifacts version 4
• 3a079f2 Merge pull request #118 from CarliJoy/migrate_to_pyproject_and_ruff
• a302da5 prepare new release
• 68b6277 Modernize: use pyproject.toml only and ruff
• 599410c feat: upgrade python up to 3.14 and django up to 6.0 (#117)
• Additional commits viewable in compare view

Updates django-post-office from 3.10.1 to 3.11.0

Release notes

Sourced from django-post-office's releases.

v3.11

• Added Python 3.14 and Django 6.0 compatibility. Thanks @​selwin!
• Replaced bleach with nh3 for HTML sanitization. bleach has been deprecated since 2023. Thanks @​selwin!
• Added SESWebhookHandler and SparkPostWebhookHandler for handling webhook events (beta feature). Thanks @​selwin!
• Optimized the way templates are fetched during email delivery. Thanks @​selwin!

Changelog

Sourced from django-post-office's changelog.

Changelog

Unreleased

• Replaced bleach with nh3 for HTML sanitization. bleach has been deprecated since 2023. Thanks @​selwin!
• Added SESWebhookHandler and SparkPostWebhookHandler for handling webhook events (beta feature). Thanks @​selwin!
• Optimized the way templates are fetched during email delivery. Thanks @​selwin!

Commits

• 825af68 Bump version to 3.11
• 99be3b5 Delete publish.yml (#513)
• a360b79 Improve tests (#509)
• fe7c583 Python314 fix (#511)
• 0556f5e Updated test.yml so tests don't get triggered twice (#512)
• 00ddbc1 Webhooks (#510)
• 936d1ac Updated README.md
• 91fbc6c Webhook handlers (#505)
• 0f68aaf Merge branch 'webhooks'
• 5b7fdf9 Move tests (#508)
• Additional commits viewable in compare view

Updates drf-yasg from 1.21.10 to 1.21.14

Release notes

Sourced from drf-yasg's releases.

1.21.14

FIXED: Fix missing swagger-ui sourcemaps (#950)

1.21.12

FIXED: Bring the bundled swagger ui up to date (#944) IMPROVED: Update the logout button to use a POST request. (#945) ADDED: Add a live demo domain (#946) ADDED: Handle annotations that are not available at runtime (#941)

1.21.11

FIXED: Fix list views with parameters in last path segment not named "list" views (#917) ADDED: Allow overriding produces/consumes with @​swagger_auto_schema decorator (#916) FIXED: Fix filter parameters not appearing in swagger with django-filter>=25 (#926) IMPROVED: Update Python, Django, and DRF versions and packaging configuration (#922) IMPROVED: Remove usage of pkg_resources (#928) FIXED: Fix call_view_method warning to include the method name again (#923) ADDED: Add a hide download button option (#848) ADDED: Add ruff linters (#903)

Changelog

Sourced from drf-yasg's changelog.

######### Changelog #########

---

1.21.14

---

---

1.21.13

---

FIXED: Fix missing swagger-ui sourcemaps (:pr:950)

---

1.21.12

---

FIXED: Bring the bundled swagger ui up to date (:pr:944) IMPROVED: Update the logout button to use a POST request. (:pr:945) ADDED: Add a live demo domain (:pr:946) ADDED: Handle annotations that are not available at runtime (:pr:941)

---

1.21.11

---

FIXED: Fix list views with parameters in last path segment not named "list" views (:pr:917) ADDED: Allow overriding produces/consumes with @​swagger_auto_schema decorator (:pr:916) FIXED: Fix filter parameters not appearing in swagger with django-filter>=25 (:pr:926) IMPROVED: Update Python, Django, and DRF versions and packaging configuration (:pr:922) IMPROVED: Remove usage of pkg_resources (:pr:928) FIXED: Fix call_view_method warning to include the method name again (:pr:923) ADDED: Add a hide download button option (:pr:848) ADDED: Add ruff linters (:pr:903)

---

1.21.10

---

FIXED: Fix type hints when using postponed evaluation of annotations (PEP-563) (:pr:840) IMPROVED: Update JSON & YAML renderers to not use a "." in their format string (:pr:911) FIXED: Fix lint errors when comparing types with == instead of is (:pr:868) IMPROVED: Update swagger-ui-dist to address CVE-2021-46708 (:pr:904)

---

1.21.9

---

ADDED: Added support for zoneinfo object fields (:pr:908)

... (truncated)

Commits

• 7dceb27 Add version 1.21.14 details to the changelog (#952)
• 763cdd6 Add version 1.21.13 details to the changelog (#951)
• a0559fc Add missing swagger-ui sourcemaps (#950)
• 2bf74d0 Add version 1.21.12 details to the changelog (#948)
• b421e89 swagger ui fix (#944)
• 40fee2b Add live demo domain and environment variables (#946)
• 1785b84 Update logout button to use POST request. (#945)
• 0522cc1 Rename github actions files to .yaml (#942)
• 3a38123 Bump actions/checkout from 5 to 6 in the github-actions group (#943)
• b252a0d Handle annotations not available at runtime (#941)
• Additional commits viewable in compare view

Updates jellyfish from 1.2.0 to 1.2.1

Updates markdown from 3.9 to 3.10

Release notes

Sourced from markdown's releases.

Release 3.10.0

Changed

• Officially support Python 3.14 and PyPy 3.11 and drop support for Python 3.9 and PyPy 3.9.

Fixed

• Fix an HTML comment parsing case in some Python versions that can cause an infinite loop (#1554).
• Revert the default behavior of USE_DEFINITION_ORDER (to True). The new behavior introduced in 3.9.0 is experimental and results are inconsistent. It should not have been made the default behavior (#1561).

Changelog

Sourced from markdown's changelog.

title: Changelog toc_depth: 2

Python-Markdown Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to the Python Version Specification. See the Contributing Guide for details.

[Unreleased]

Fixed

• Ensure nested elements inside inline comments are properly unescaped (#1571).
• Make the docs build successfully with mkdocstrings-python 2.0 (#1575).
• Fix infinite loop when multiple bogus or unclosed HTML comments appear in input (#1578).

[3.10.0] - 2025-11-03

Changed

• Officially support Python 3.14 and PyPy 3.11 and drop support for Python 3.9 and PyPy 3.9.

Fixed

• Fix an HTML comment parsing case in some Python versions that can cause an infinite loop (#1554).
• Revert the default behavior of USE_DEFINITION_ORDER (to True). The new behavior introduced in 3.9.0 is experimental and results are inconsistent. It should not have been made the default behavior (#1561).

[3.9.0] - 2025-09-04

Changed

• Footnotes are now ordered by the occurrence of their references in the document. A new configuration option for the footnotes extension, USE_DEFINITION_ORDER, has been added to support restoring the previous behavior of ordering footnotes by the occurrence of definitions (#1367).

Fixed

• Ensure inline processing iterates through elements in document order (#1546).
• Fix handling of incomplete HTML tags in code spans in Python 3.14 (#1547).

[3.8.2] - 2025-06-19

... (truncated)

Commits

• 22e89c1 Bump version to 3.10
• c138aea + PY314 - PY39
• 746f7f5 cleanup
• a5ee2b4 Revert the default behavior of USE_DEFINITION_ORDER
• 5354daf Fix an HTML comment parsing case that can cause an infinite loop
• See full diff in compare view

Updates pyyaml from 6.0.2 to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

• Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

• yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)

Commits

• 49790e7 Release 6.0.3 (#889)
• See full diff in compare view

Updates xlsxwriter from 3.2.8 to 3.2.9

Changelog

Sourced from xlsxwriter's changelog.

Release 3.2.9 - September 16 2025

• Removed the py.typed file since it was causing a lot of downstream CI failures where consumers weren't handling the xlsxwriter types correctly or taking them into account.

  The file will be re-added once the xlsxwriter typing is more comprehensive.

Commits

• e943bee Prep for release 3.2.9
• 392bd9e typing: remove py.typed file
• See full diff in compare view

Updates xmlschema from 4.1.0 to 4.3.1

Release notes

Sourced from xmlschema's releases.

v4.3.1 (2026-01-17)

• normalize_url(): workaround for issue #467 (UNC paths with Python < 3.12.5)
• META_SCHEMA and BASE_SCHEMA paths converted to 'file' URL scheme
• Clean optional dependencies

v4.3.0 (2026-01-06)

• Add arguments validation for schemas and validation methods (by validation contexts)
• Add custom XPath parser for find/findall/iterfind APIs on schemas for match singleton sequence also if position is a number greater than 1 in predicate expression (issue #468)
• Improve build of XSD elements and groups, using a three-state built flag for components
• Extend and fix memory tests (Python 3.14+ seems to consume more memory)
• Drop support for Python 3.9 and add development support for Python 3.15

v4.2.0 (2025-10-14)

• Add arguments validation for schemas and validation methods (by validation contexts)
• Add SchemaSettings dataclass for storing read-only settings for schema instances and for managing package default settings
• Add block argument to XMLResource class (issue #464)
• Add MAX_SCHEMA_SOURCES package limit (1000, applied to XsdGlobals global maps instances)
• Add MAX_XML_ELEMENTS package limit (1,000,000, applied to non-lazy XMLResource instances)
• Reduce MAX_XML_DEPTH limit to 1000 and apply it to all XMLResource instances
• Fix for substitute match in case of unexpected child (issue #461)

Changelog

Sourced from xmlschema's changelog.

v4.3.1_ (2026-01-17)

• normalize_url(): workaround for issue #467 (UNC paths with Python < 3.12.5)
• META_SCHEMA and BASE_SCHEMA paths converted to 'file' URL scheme
• Clean optional dependencies

v4.3.0_ (2026-01-03)

• Add arguments validation for schemas and validation methods (by validation contexts)
• Add custom XPath parser for find/findall/iterfind APIs on schemas for match singleton sequence also if position is a number greater than 1 in predicate expression (issue #468)
• Improve build of XSD elements and groups, using a three-state built flag for components
• Extend and fix memory tests (Python 3.14+ seems to consume more memory)
• Drop support for Python 3.9 and add development support for Python 3.15

v4.2.0_ (2025-10-14)

• Add arguments validation for schemas and validation methods (by validation contexts)
• Add SchemaSettings dataclass for storing read-only settings for schema instances and for managing package default settings
• Add block argument to XMLResource class (issue #464)
• Add MAX_SCHEMA_SOURCES package limit (1000, applied to XsdGlobals global maps instances)
• Add MAX_XML_ELEMENTS package limit (1,000,000, applied to non-lazy XMLResource instances)
• Reduce MAX_XML_DEPTH limit to 1000 and apply it to all XMLResource instances
• Fix for substitute match in case of unexpected child (issue #461)

Commits

• 64b103f Add a test for meta-schema URLs and relax memory test for Python 3.14
• 508d1a2 Update bugfix release information and clean deps of pyproject.toml
• 4fc64bd Refactor LocationPath and add a workaround for issue #467
• dfec443 Don't serialize cached properties
• 91c1956 Add caching module with class SchemaCache
• 2bfb931 Update CI tests and release info
• a1d7d3c Change built status of components from bool to optional bool
• ce822bd Extend and fix memory tests
• fa41056 Add a custom XPath parser for schema find/findall/iterfind APIs
• b237528 Add a test with UNC path
• Additional commits viewable in compare view

Updates lark from 1.2.2 to 1.3.1

Release notes

Sourced from lark's releases.

Description has been truncated