Skip to content

Bump the dependencies group across 1 directory with 6 updates #434

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 16, 2025
Merged

Bump the dependencies group across 1 directory with 6 updates #434

merged 3 commits into from
Oct 16, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 30, 2025
edited
Loading

Bumps the dependencies group with 6 updates in the / directory:

Package From To
astroquery 0.4.10 0.4.11
click 8.2.1 8.3.0
django 4.2.23 4.2.24
django-cors-headers 4.7.0 4.9.0
tom-tns 0.3.1 0.3.2
tomtoolkit 2.26.0 2.26.2

Updates astroquery from 0.4.10 to 0.4.11

Release notes

Sourced from astroquery's releases.

v0.4.11

What's Changed

... (truncated)

Changelog

Sourced from astroquery's changelog.

0.4.11 (2025-09-19)

API changes

esa.hubble ^^^^^^^^^^

  • Removal of the deprecated query_hst_tap method, use query_tap instead. #3367

gaia ^^^^

  • Deprecated band from load_data as it has no effect on upstream response any more. #3278

mast ^^^^

  • Deprecated the product parameter in the Tesscut.get_sectors, Tesscut.get_cutouts, and Tesscut.download_cutouts methods. Support for TESS Image Calibration (TICA) high-level science products has been removed; only Science Processing Operations Center (SPOC) products are supported. #3391

Service fixes and enhancements

alma ^^^^

  • Bug fix in footprint_to_reg that did not allow regions to be plotted. #3285

esa.euclid ^^^^^^^^^^

  • New method, get_scientific_product_list, to retrieve scientific LE3 products. #3313

  • New cross-match method #3386

esa.hubble ^^^^^^^^^^

  • Internal refactor of the module to use to PyVO. #3367

... (truncated)

Commits
  • fc20cf3 Preparing release v0.4.11
  • caec513 Finalizing changelog for v0.4.11
  • 8d10133 Merge pull request #3420 from bsipocz/MAINT_pre-release-fixes
  • c588b25 MAINT: adding windows specific warning ignores
  • 4caac9e MAINT: add pytest-timeout dependency — this should work around stuck CI jobs
  • 2713972 MAINT: exclude bots from release notes
  • 726d6ff MAINT: update mailmap
  • 4bc9d1e MAINT: remove old pyvo skip
  • 47c736c MAINT: fixing integral test and doctests
  • 8a0a427 Merge pull request #3415 from bsipocz/ENH_irsa_list_catalogs_filter_desc
  • Additional commits viewable in compare view

Updates click from 8.2.1 to 8.3.0

Release notes

Sourced from click's releases.

8.3.0

This is the Click 8.3.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.

We encourage everyone to upgrade. You can read more about our Version Support Policy on our website.

PyPI: https://pypi.org/project/click/8.3.0/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-0 Milestone https://github.com/pallets/click/milestone/27

  • Improved flag option handling: Reworked the relationship between flag_value and default parameters for better consistency:

    • The default parameter value is now preserved as-is and passed directly to CLI functions (no more unexpected transformations)
    • Exception: flag options with default=True maintain backward compatibility by defaulting to their flag_value
    • The default parameter can now be any type (bool, None, etc.)
    • Fixes inconsistencies reported in: #1992 #2514 #2610 #3024 #3030

  • Allow default to be set on Argument for nargs = -1. #2164 #3030

  • Show correct auto complete value for nargs option in combination with flag option #2813

  • Show correct auto complete value for nargs option in combination with flag option #2813

  • Fix handling of quoted and escaped parameters in Fish autocompletion. #2995 #3013

  • Lazily import shutil. #3023

  • Properly forward exception information to resources registered with click.core.Context.with_resource(). #2447 #3058

  • Fix regression related to EOF handling in CliRunner. #2939 #2940

8.2.2

This is the Click 8.2.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.2.2/ Changes: https://click.palletsprojects.com/page/changes/#version-8-2-2 Milestone: https://github.com/pallets/click/milestone/25

  • Fix reconciliation of default, flag_value and type parameters for flag options, as well as parsing and normalization of environment variables. #2952 #2956
  • Fix typing issue in BadParameter and MissingParameter exceptions for the parameter param_hint that did not allow for a sequence of string where the underlying functino _join_param_hints allows for it. #2777 #2990
  • Use the value of Enum choices to render their default value in help screen. #2911 #3004
  • Fix completion for the Z shell (zsh) for completion items containing colons. #2703 #2846
  • Don't include envvar in error hint when not configured. #2971 #2972

... (truncated)

Changelog

Sourced from click's changelog.

Version 8.3.0

Released 2025-09-17

  • Improved flag option handling: Reworked the relationship between flag_value and default parameters for better consistency:

    • The default parameter value is now preserved as-is and passed directly to CLI functions (no more unexpected transformations)
    • Exception: flag options with default=True maintain backward compatibility by defaulting to their flag_value
    • The default parameter can now be any type (bool, None, etc.)
    • Fixes inconsistencies reported in: :issue:1992 :issue:2514 :issue:2610 :issue:3024 :pr:3030

  • Allow default to be set on Argument for nargs = -1. :issue:2164 :pr:3030

  • Show correct auto complete value for nargs option in combination with flag option :issue:2813

  • Fix handling of quoted and escaped parameters in Fish autocompletion. :issue:2995 :pr:3013

  • Lazily import shutil. :pr:3023

  • Properly forward exception information to resources registered with click.core.Context.with_resource(). :issue:2447 :pr:3058

  • Fix regression related to EOF handling in CliRunner. :issue:2939 :pr:2940

Version 8.2.2

Released 2025-07-31

  • Fix reconciliation of default, flag_value and type parameters for flag options, as well as parsing and normalization of environment variables. :issue:2952 :pr:2956
  • Fix typing issue in BadParameter and MissingParameter exceptions for the parameter param_hint that did not allow for a sequence of string where the underlying function _join_param_hints allows for it. :issue:2777 :pr:2990
  • Use the value of Enum choices to render their default value in help screen. Refs :issue:2911 :pr:3004
  • Fix completion for the Z shell (zsh) for completion items containing colons. :issue:2703 :pr:2846
  • Don't include envvar in error hint when not configured. :issue:2971 :pr:2972
  • Fix a rare race in click.testing.StreamMixer's finalization that manifested as a ValueError on close in a multi-threaded test session. :issue:2993 :pr:2991
Commits
  • 00fadb8 Release version 8.3.0
  • 2a0e3ba testing/CliRunner: Fix regression related to EOF introduced in 262bdf0 (#2940)
  • e11a1ef Merge branch 'main' into fix-cli-runner-prompt-eof-handling
  • 36deba8 Forward exception information to resources registered in a context (#3058)
  • f2cae7a #2447 Add summary of PR to changelog for 8.3.x
  • 7c7ec36 #2447 Split resource exception handling tests in single and nested
  • 92129c5 #2447 Added exception forwarding to context tests
  • 555fa9b #2447 Forward exception data to exit stack when calling __exit__
  • 16fe802 Add more tests on Enum rendering (#3053)
  • d36de6f Add more tests on Enum rendering their item's names and not values
  • Additional commits viewable in compare view

Updates django from 4.2.23 to 4.2.24

Commits
  • 5e23d89 [4.2.x] Bumped version for 4.2.24 release.
  • 31334e6 [4.2.x] Fixed CVE-2025-57833 -- Protected FilteredRelation against SQL inject...
  • d5860d5 [4.2.x] Added stub release notes and release date for 4.2.24.
  • c3f9871 [4.2.x] Fixed #36499 -- Adjusted utils_tests.test_html.TestUtilsHtml.test_str...
  • 2a79837 [4.2.x] Fixed test_utils.tests.HTMLEqualTests.test_parsing_errors following P...
  • 7335a1a [4.2.x] Refs #36535 -- Doc'd that docutils < 0.22 is required.
  • 591b23a [4.2.x] Fixed GitHub Action that checks commit prefixes to fetch PR head corr...
  • 0c9ab35 [4.2.x] Added GitHub Action to enforce stable branch commit message prefix.
  • 8293b0f [4.2.x] Added follow-up to CVE-2025-48432 to security archive.
  • bc4d96c [4.2.x] Post-release version bump.
  • See full diff in compare view

Updates django-cors-headers from 4.7.0 to 4.9.0

Changelog

Sourced from django-cors-headers's changelog.

4.9.0 (2025-09-18)

  • Support Django 6.0.

4.8.0 (2025-09-08)

  • Support Python 3.14.
Commits

Updates tom-tns from 0.3.1 to 0.3.2

Updates tomtoolkit from 2.26.0 to 2.26.2

Release notes

Sourced from tomtoolkit's releases.

tomtoolkit 2.26.2

Full Changelog: TOMToolkit/tom_base@2.26.1...2.26.2

tomtoolkit 2.26.1

What's Changed

Full Changelog: TOMToolkit/tom_base@2.26.0...2.26.1

Commits
  • 93c6138 add missed migration
  • 382df67 Merge pull request #1304 from TOMToolkit/dependabot/pip/django-4.2.24
  • 576498e Bump django from 4.2.22 to 4.2.24
  • eb55e55 Merge pull request #1298 from TOMToolkit/1250-lco-request-form-window-start-a...
  • 9158e78 Merge branch 'dev' into 1250-lco-request-form-window-start-and-end-should-all...
  • c3384ac Merge pull request #1293 from talister/1280-add-H-G-fields
  • 0974a0e Merge branch 'dev' into 1280-add-H-G-fields
  • 8451c9b Remove unused import
  • cffce96 Ensure backwards compatibility with old form fields (custom templates)
  • bdda86d Merge pull request #1297 from griffin-h/feature/merge_reduceddatums
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Sep 30, 2025
@dependabot dependabot bot force-pushed the dependabot/uv/dependencies-73fdf66f43 branch 3 times, most recently from 42fdc8a to 2f539d7 Compare October 13, 2025 16:34
@davner davner self-assigned this Oct 14, 2025
@dependabot dependabot bot force-pushed the dependabot/uv/dependencies-73fdf66f43 branch from 2f539d7 to 967538c Compare October 14, 2025 19:11
@davner
Copy link
Member

davner commented Oct 14, 2025

@dependabot rebase

@dependabot dependabot bot force-pushed the dependabot/uv/dependencies-73fdf66f43 branch from 967538c to a82127d Compare October 14, 2025 20:35
dependabot bot and others added 2 commits October 16, 2025 13:40
@dependabot @davner
Bump the dependencies group across 1 directory with 6 updates
d352e96 
Bumps the dependencies group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [astroquery](https://github.com/astropy/astroquery) | `0.4.10` | `0.4.11` |
| [click](https://github.com/pallets/click) | `8.2.1` | `8.3.0` |
| [django](https://github.com/django/django) | `4.2.23` | `4.2.24` |
| [django-cors-headers](https://github.com/adamchainz/django-cors-headers) | `4.7.0` | `4.9.0` |
| tom-tns | `0.3.1` | `0.3.2` |
| [tomtoolkit](https://github.com/TOMToolkit/tom_base) | `2.26.0` | `2.26.2` |



Updates `astroquery` from 0.4.10 to 0.4.11
- [Release notes](https://github.com/astropy/astroquery/releases)
- [Changelog](https://github.com/astropy/astroquery/blob/main/CHANGES.rst)
- [Commits](astropy/astroquery@v0.4.10...v0.4.11)

Updates `click` from 8.2.1 to 8.3.0
- [Release notes](https://github.com/pallets/click/releases)
- [Changelog](https://github.com/pallets/click/blob/main/CHANGES.rst)
- [Commits](pallets/click@8.2.1...8.3.0)

Updates `django` from 4.2.23 to 4.2.24
- [Commits](django/django@4.2.23...4.2.24)

Updates `django-cors-headers` from 4.7.0 to 4.9.0
- [Changelog](https://github.com/adamchainz/django-cors-headers/blob/main/CHANGELOG.rst)
- [Commits](adamchainz/django-cors-headers@4.7.0...4.9.0)

Updates `tom-tns` from 0.3.1 to 0.3.2

Updates `tomtoolkit` from 2.26.0 to 2.26.2
- [Release notes](https://github.com/TOMToolkit/tom_base/releases)
- [Commits](TOMToolkit/tom_base@2.26.0...2.26.2)

---
updated-dependencies:
- dependency-name: astroquery
  dependency-version: 0.4.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: click
  dependency-version: 8.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: django
  dependency-version: 4.2.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: django-cors-headers
  dependency-version: 4.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: tom-tns
  dependency-version: 0.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: tomtoolkit
  dependency-version: 2.26.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@davner
GOATS-974: Update pyproject.toml.
ed0eece
@davner davner force-pushed the dependabot/uv/dependencies-73fdf66f43 branch from a82127d to ed0eece Compare October 16, 2025 20:40
@davner davner requested a review from Copilot October 16, 2025 20:42
Copilot
Copilot AI reviewed Oct 16, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates 6 Python dependencies to their latest versions, focusing on security patches and minor feature updates. The changes include updates to web framework components (Django, Click), astronomical data libraries (astroquery), and TOM Toolkit components.

  • Updated Django from 4.2.23 to 4.2.24 for security fixes
  • Updated Click from 8.2.1 to 8.3.0 with improved flag option handling
  • Updated astroquery from 0.4.10 to 0.4.11 with bug fixes and new features

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@codecov
Copy link

codecov bot commented Oct 16, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.45%. Comparing base (3dd8b42) to head (876e711).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #434   +/-   ##
=======================================
  Coverage   77.45%   77.45%           
=======================================
  Files         244      244           
  Lines        7834     7834           
  Branches      477      477           
=======================================
  Hits         6068     6068           
  Misses       1677     1677           
  Partials       89       89

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@davner davner merged commit 569b0b9 into main Oct 16, 2025
6 checks passed
@davner davner deleted the dependabot/uv/dependencies-73fdf66f43 branch October 16, 2025 20:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@davner davner

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@davner