Bump the all-python-dependencies group across 1 directory with 11 updates

[dependabot]

Bumps the all-python-dependencies group with 11 updates in the / directory:

Package	From	To
django	4.2.23	4.2.25
whitenoise	6.9.0	6.11.0
django-mysql	4.17.0	4.19.0
django-import-export	4.3.9	4.3.10
django-filter	25.1	25.2
numpy	2.2.5	2.3.3
pandas	2.3.1	2.3.3
sqlalchemy	2.0.42	2.0.43
google-cloud-bigquery[bqstorage,pandas]	3.35.1	3.38.0
debugpy	1.8.16	1.8.17
jsonschema	4.25.0	4.25.1

Updates django from 4.2.23 to 4.2.25

Commits

• 57d20b2 [4.2.x] Bumped version for 4.2.25 release.
• 9504bba [4.2.x] Fixed CVE-2025-59682 -- Fixed potential partial directory-traversal v...
• 38d9ef8 [4.2.x] Fixed CVE-2025-59681 -- Protected QuerySet.annotate(), alias(), aggre...
• 7c7d2a4 [4.2.x] Added stub release notes and release date for 4.2.25.
• 3e27d61 [4.2.x] Added missing backticks in docs/releases/security.txt.
• 07e5fb9 [4.2.x] Added CVE-2025-57833 to security archive.
• 5636e82 [4.2.x] Post-release version bump.
• 5e23d89 [4.2.x] Bumped version for 4.2.24 release.
• 31334e6 [4.2.x] Fixed CVE-2025-57833 -- Protected FilteredRelation against SQL inject...
• d5860d5 [4.2.x] Added stub release notes and release date for 4.2.24.
• Additional commits viewable in compare view

Updates whitenoise from 6.9.0 to 6.11.0

Changelog

Sourced from whitenoise's changelog.

6.11.0 (2025-09-18)

• Support Django 6.0.

6.10.0 (2025-09-09)

• Support Python 3.14.

Commits

• c9c06e9 Version 6.11.0
• 051c4e9 Support Django 6.0 (#665)
• c903cc1 Version 6.10.0
• a81bcb0 docs(django): use the stable version in URLs (#626)
• 67b4f32 Support Python 3.14 (#664)
• da8d333 [pre-commit.ci] pre-commit autoupdate (#663)
• 8000724 Bump the github-actions group with 2 updates (#662)
• 8fb339f Upgrade dependencies (#661)
• adf64dd Use uvx to run tox on GitHub Actions (#660)
• ad6eb20 [pre-commit.ci] pre-commit autoupdate (#659)
• Additional commits viewable in compare view

Updates django-mysql from 4.17.0 to 4.19.0

Changelog

Sourced from django-mysql's changelog.

4.19.0 (2025-09-18)

• Support Django 6.0.

4.18.0 (2025-09-08)

• Support Python 3.14.

• Add testing for new database versions:

  • MariaDB 12.0, 11.8
  • MySQL 8.4 and 9.4.

  Drop testing for EOL versions:

  • MariaDB 10.5
  • MySQL 8.0 and 9.0

  No changes were needed.

Commits

• 243140e Version 4.19.0
• 2bc533d Correct testing of Django 6.0 (#1166)
• 530b8a0 Support Django 6.0 (#1165)
• d5375b0 Version 4.18.0
• 0cf4a84 Update tested database versions (#1164)
• 10ca704 Support Python 3.14 (#1163)
• a8e867b Fix some types (#1162)
• d513ebd [pre-commit.ci] pre-commit autoupdate (#1161)
• 37e6514 Bump the github-actions group with 2 updates (#1160)
• 57e2470 Upgrade dependencies (#1159)
• Additional commits viewable in compare view

Updates django-import-export from 4.3.9 to 4.3.10

Release notes

Sourced from django-import-export's releases.

4.3.10

• Changelog

Changelog

Sourced from django-import-export's changelog.

4.3.10 (2025-09-26)

• Improved field value extraction for dict-based querysets (2098 <https://github.com/django-import-export/django-import-export/pull/2098>_)
• Performance improvements for membership checks (2090 <https://github.com/django-import-export/django-import-export/pull/2090>_)
• Fix ForeignKeyWidget export issue (2117 <https://github.com/django-import-export/django-import-export/pull/2117>_)
• Improved documentation for clean() methods (2115 <https://github.com/django-import-export/django-import-export/pull/2115>_)
• Documentation updates: JSONField export with attribute syntax (2100 <https://github.com/django-import-export/django-import-export/pull/2100>_)
• Documentation updates: handling TooManyFieldsSent (2103 <https://github.com/django-import-export/django-import-export/pull/2103>_)
• Updated Turkish translation (2101 <https://github.com/django-import-export/django-import-export/pull/2101>_)
• Updated Czech translation (2111 <https://github.com/django-import-export/django-import-export/pull/2111>_)

Commits

• 15ecbb9 release 4.3.10
• 341c27d Fix/foreign key widget export issue (#2117)
• 7333eef Improve API documentation for widget.clean() (#2115)
• e50a7fb [pre-commit.ci] pre-commit autoupdate (#2116)
• fb6259d updated czech translation (#2111)
• 5c9076a Update django.po (#2110)
• fcab876 minor improvements to control flow (#2093)
• 5f89b71 [pre-commit.ci] pre-commit autoupdate (#2109)
• 34a2969 Documents JSONField export with attribute syntax (#2100)
• 3dbd592 [pre-commit.ci] pre-commit autoupdate (#2105)
• Additional commits viewable in compare view

Updates django-filter from 25.1 to 25.2

Changelog

Sourced from django-filter's changelog.

Version 25.2 (2025-10-05)

• Added testing for Django 6.0.

• Dropped support for Django <5.2 LTS

• Dropped support for Python 3.9.

Commits

• 17ec565 Bumped version for 25.2 release.
• 9b4b8fd Updated testing for Django 6.0. (#1730)
• 1b07b3e Bump actions/setup-python from 5 to 6 in the github-actions group (#1726)
• 27a1168 Bump the github-actions group with 2 updates (#1722)
• 7f59b6f Add drf as optional dependencies (#1724)
• 635343e Add reference anchors to filter types to facilitate intersphinx refs (#1706)
• 7b3176e Document steps for postgres full text search (#1704)
• See full diff in compare view

Updates numpy from 2.2.5 to 2.3.3

Release notes

Sourced from numpy's releases.

2.3.3 (Sep 9, 2025)

NumPy 2.3.3 Release Notes

The NumPy 2.3.3 release is a patch release split between a number of maintenance updates and bug fixes. This release supports Python versions 3.11-3.14. Note that the 3.14.0 final is currently expected in Oct, 2025. This release is based on 3.14.0rc2.

Contributors

A total of 13 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Aleksandr A. Voyt +
• Bernard Roesler +
• Charles Harris
• Hunter Hogan +
• Joren Hammudoglu
• Maanas Arora
• Matti Picus
• Nathan Goldbaum
• Raghuveer Devulapalli
• Sanjay Kumar Sakamuri Kamalakar +
• Tobias Markus +
• Warren Weckesser
• Zebreus +

Pull requests merged

A total of 23 pull requests were merged for this release.

• #29440: MAINT: Prepare 2.3.x for further development.
• #29446: BUG: Fix test_configtool_pkgconfigdir to resolve PKG_CONFIG_DIR...
• #29447: BLD: allow targeting webassembly without emscripten
• #29460: MAINT: Backport write_release.py
• #29473: MAINT: Bump pypa/cibuildwheel from 3.1.0 to 3.1.2
• #29500: BUG: Always return a real dtype from linalg.cond (gh-18304) (#29333)
• #29501: MAINT: Add .file entry to all .s SVML files
• #29556: BUG: Casting from one timedelta64 to another didn't handle NAT.
• #29562: BLD: update vendored Meson to 1.8.3 [wheel build]
• #29563: BUG: Fix metadata not roundtripping when pickling datetime (#29555)
• #29587: TST: update link and version for Intel SDE download
• #29593: TYP: add sorted kwarg to unique
• #29672: MAINT: Update pythoncapi-compat from main.
• #29673: MAINT: Update cibuildwheel.
• #29674: MAINT: Fix typo in wheels.yml
• #29683: BUG, BLD: Correct regex for ppc64 VSX3/VSX4 feature detection
• #29684: TYP: ndarray.fill() takes no keyword arguments
• #29685: BUG: avoid thread-unsafe refcount check in temp elision
• #29687: CI: replace comment-hider action in mypy_primer workflow

... (truncated)

Commits

• f2a77a7 Merge pull request #29702 from charris/prepare-2.3.3
• 8641006 REL: Prepare for the NumPy 2.3.3 release [wheel build]
• f024265 Merge pull request #29701 from charris/backport-29697
• 84f2eed Merge pull request #29700 from charris/backport-29695
• 7cacdbf Update VXE and VXE2 detection regex patterns
• 028c469 TYP: appease ruff
• 4b80666 TYP: fix np.bool method declarations
• f2a6b75 Merge pull request #29691 from charris/backport-29665
• a707cbf Merge pull request #29689 from charris/backport-29662
• 3d66056 BUG: use correct input dtype in flatiter assignment
• Additional commits viewable in compare view

Updates pandas from 2.3.1 to 2.3.3

Release notes

Sourced from pandas's releases.

Pandas 2.3.3

We are pleased to announce the release of pandas 2.3.3. This release includes some improvements and fixes to the future string data type (preview feature for the upcoming pandas 3.0). We recommend that all users upgrade to this version.

See the full whatsnew for a list of all the changes. Pandas 2.3.3 supports Python 3.9 and higher, and is the first release to support Python 3.14.

The release will be available on the conda-forge channel:

conda install pandas --channel conda-forge

Or via PyPI:

python3 -m pip install --upgrade pandas

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Pandas 2.3.2

We are pleased to announce the release of pandas 2.3.2. This release includes some improvements and fixes to the future string data type (preview feature for the upcoming pandas 3.0). We recommend that all users upgrade to this version.

See the full whatsnew for a list of all the changes. Pandas 2.3.2 supports Python 3.9 and higher.

The release will be available on the conda-forge channel:

conda install pandas --channel conda-forge

Or via PyPI:

python3 -m pip install --upgrade pandas

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Commits

• 9c8bc3e RLS: 2.3.3
• 6aa788a [backport 2.3.x] DOC: prepare 2.3.3 whatsnew notes for release (#62499) (#62508)
• b64f0df [backport 2.3.x] BUG: avoid validation error for ufunc with string[python] ar...
• 058eb2b [backport 2.3.x] BUG: String[pyarrow] comparison with mixed object (#62424) (...
• 2ca088d [backport 2.3.x] DEPR: remove the Period resampling deprecation (#62480) (#62...
• 92bf98f [backport 2.3.x] BUG: fix .str.isdigit to honor unicode superscript for older...
• e57c7d6 Backport PR #62452 on branch 2.3.x (TST: Adjust tests for numexpr 2.13) (#62454)
• e0fe9a0 Backport to 2.3.x: REGR: from_records not initializing subclasses properly (#...
• 23a1085 BUG: improve future warning for boolean operations with missaligned indexes (...
• 6113696 Backport PR #62396 on branch 2.3.x (PKG/DOC: indicate Python 3.14 support in ...
• Additional commits viewable in compare view

Updates sqlalchemy from 2.0.42 to 2.0.43

Release notes

Sourced from sqlalchemy's releases.

2.0.43

Released: August 11, 2025

orm

• [orm] [bug] Fixed issue where using the post_update feature would apply incorrect "pre-fetched" values to the ORM objects after a multi-row UPDATE process completed. These "pre-fetched" values would come from any column that had an Column.onupdate callable or a version id generator used by orm.Mapper.version_id_generator; for a version id generator that delivered random identifiers like timestamps or UUIDs, this incorrect data would lead to a DELETE statement against those same rows to fail in the next step.

  References: #12748

• [orm] [bug] Fixed issue where _orm.mapped_column.use_existing_column parameter in _orm.mapped_column() would not work when the _orm.mapped_column() is used inside of an Annotated type alias in polymorphic inheritance scenarios. The parameter is now properly recognized and processed during declarative mapping configuration.

  References: #12787

• [orm] [bug] Improved the implementation of the _orm.selectin_polymorphic() inheritance loader strategy to properly render the IN expressions using chunks of 500 records each, in the same manner as that of the _orm.selectinload() relationship loader strategy. Previously, the IN expression would be arbitrarily large, leading to failures on databases that have limits on the size of IN expressions including Oracle Database.

  References: #12790

engine

• [engine] [usecase] Added new parameter create_engine.skip_autocommit_rollback which provides for a per-dialect feature of preventing the DBAPI .rollback() from being called under any circumstances, if the connection is detected as being in "autocommit" mode. This improves upon a critical performance issue identified in MySQL dialects where the network overhead of the .rollback() call remains prohibitive even if autocommit mode is set.

  References: #12784

postgresql

... (truncated)

Commits

• See full diff in compare view

Updates google-cloud-bigquery[bqstorage,pandas] from 3.35.1 to 3.38.0

Release notes

Sourced from google-cloud-bigquery[bqstorage,pandas]'s releases.

v3.38.0

3.38.0 (2025-09-15)

Features

• Add additional query stats (#2270) (7b1b718)

v3.37.0

3.37.0 (2025-09-08)

Features

• Updates to fastpath query execution (#2268) (ef2740a)

Bug Fixes

• Remove deepcopy while setting properties for _QueryResults (#2280) (33ea296)

Documentation

• Clarify that the presence of XyzJob.errors doesn't necessarily mean that the job has not completed or was unsuccessful (#2278) (6e88d7d)
• Clarify the api_method arg for client.query() (#2277) (8a13c12)

v3.36.0

3.36.0 (2025-08-20)

Features

• Add created/started/ended properties to RowIterator. (#2260) (0a95b24)
• Retry query jobs if jobBackendError or jobInternalError are encountered (#2256) (3deff1d)

Documentation

• Add a TROUBLESHOOTING.md file with tips for logging (#2262) (b684832)
• Update README to break infinite redirect loop (#2254) (8f03166)

Changelog

Sourced from google-cloud-bigquery[bqstorage,pandas]'s changelog.

3.38.0 (2025-09-15)

Features

• Add additional query stats (#2270) (7b1b718)

3.37.0 (2025-09-08)

Features

• Updates to fastpath query execution (#2268) (ef2740a)

Bug Fixes

• Remove deepcopy while setting properties for _QueryResults (#2280) (33ea296)

Documentation

• Clarify that the presence of XyzJob.errors doesn't necessarily mean that the job has not completed or was unsuccessful (#2278) (6e88d7d)
• Clarify the api_method arg for client.query() (#2277) (8a13c12)

3.36.0 (2025-08-20)

Features

• Add created/started/ended properties to RowIterator. (#2260) (0a95b24)
• Retry query jobs if jobBackendError or jobInternalError are encountered (#2256) (3deff1d)

Documentation

• Add a TROUBLESHOOTING.md file with tips for logging (#2262) (b684832)
• Update README to break infinite redirect loop (#2254) (8f03166)

Commits

• 7cad6cf chore(main): release 3.38.0 (#2289)
• c9aba64 chore(deps): update all dependencies (#2275)
• 7b1b718 feat: add additional query stats (#2270)
• 4b0ef0c chore(main): release 3.37.0 (#2269)
• 6e88d7d docs: clarify that the presence of XyzJob.errors doesn't necessarily mean ...
• 33ea296 fix: remove deepcopy while setting properties for _QueryResults (#2280)
• 8a13c12 docs: clarify the api_method arg for client.query() (#2277)
• 435ecdb bug: updates __eq__ comparison on TableConstraint (#2274)
• 43527af chore(deps): update all dependencies (#2259)
• ef2740a feat: updates to fastpath query execution (#2268)
• Additional commits viewable in compare view

Updates debugpy from 1.8.16 to 1.8.17

Commits

• 6cbdf87 update testing for python 3.14 (#1955)
• 2eb3afe Check if os.__file__ is available before using it (#1944)
• See full diff in compare view

Updates jsonschema from 4.25.0 to 4.25.1

Release notes

Sourced from jsonschema's releases.

v4.25.1

What's Changed

• Fix Validator protocol init to match runtime by @​sirosen in python-jsonschema/jsonschema#1396

Full Changelog: python-jsonschema/jsonschema@v4.25.0...v4.25.1

Changelog

Sourced from jsonschema's changelog.

v4.25.1

• Fix an incorrect required argument in the Validator protocol's type annotations (#1396).

Commits

• 331c384 Add the fix to the changelog.
• c1ec0a6 Merge pull request #1398 from python-jsonschema/dependabot/github_actions/ast...
• 8e7d594 Merge pull request #1399 from python-jsonschema/dependabot/github_actions/act...
• 460f4fa Merge pull request #1396 from sirosen/improve-protocol-init-signature
• 1e58409 [pre-commit.ci] auto fixes from pre-commit.com hooks
• 64bc217 Add a typing test for the Validator protocol
• 6c25741 Bump actions/checkout from 4 to 5
• bf603d5 Bump astral-sh/setup-uv from 6.4.3 to 6.5.0
• a916d8f Fix Validator protocol init to match runtime
• de60f18 Merge pull request #1397 from python-jsonschema/pre-commit-ci-update-config
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions