Skip to content

build(deps): bump the pip group across 1 directory with 9 updates#94

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/WHartTest_Django/pip-a74a23f3ee
Open

build(deps): bump the pip group across 1 directory with 9 updates#94
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/WHartTest_Django/pip-a74a23f3ee

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 8, 2026

Bumps the pip group with 9 updates in the /WHartTest_Django directory:

Package From To
django 5.2 5.2.14
djangorestframework-simplejwt 5.3.1 5.5.1
python-dotenv 1.1.1 1.2.2
langgraph 1.0.6 1.0.10rc1
langchain-openai 1.1.7 1.1.14
langchain-core 1.2.7 1.2.28
langchain-text-splitters 1.1.0 1.1.2
pypdf 5.6.0 6.10.2
unstructured 0.17.2 0.18.18

Updates django from 5.2 to 5.2.14

Commits

Updates djangorestframework-simplejwt from 5.3.1 to 5.5.1

Release notes

Sourced from djangorestframework-simplejwt's releases.

v5.5.1

5.5.1

Missing Migration for rest_framework_simplejwt.token_blacklist app. A previously missing migration (0013_blacklist) has now been added. This issue arose because the migration file was mistakenly not generated earlier. This migration was never part of an official release, but users following the latest master branch may have encountered it.

Notes for Users If you previously ran makemigrations in production and have a 0013_blacklist migration in your django_migrations table, follow these steps before upgrading:

  1. Roll back to the last known migration:
python manage.py migrate rest_framework_simplejwt.token_blacklist 0012
  1. Upgrade djangorestframework-simplejwt to the latest version.
  2. Apply the migrations correctly:
python manage.py migrate

Important: If other migrations depend on 0013_blacklist, be cautious when removing it. You may need to adjust or regenerate dependent migrations to ensure database integrity.

New Contributors

Full Changelog: jazzband/djangorestframework-simplejwt@v5.5.0...v5.5.1

v5.5.0

Differing Behavior Change

What's Changed

... (truncated)

Changelog

Sourced from djangorestframework-simplejwt's changelog.

5.5.1

Missing Migration for rest_framework_simplejwt.token_blacklist app. A previously missing migration (0013_blacklist) has now been added. This issue arose because the migration file was mistakenly not generated earlier. This migration was never part of an official release, but users following the latest master branch may have encountered it.

Notes for Users If you previously ran makemigrations in production and have a 0013_blacklist migration in your django_migrations table, follow these steps before upgrading:

  1. Roll back to the last known migration:
python manage.py migrate rest_framework_simplejwt.token_blacklist 0012
  1. Upgrade djangorestframework-simplejwt to the latest version.
  2. Apply the migrations correctly:
python manage.py migrate

Important: If other migrations depend on 0013_blacklist, be cautious when removing it. You may need to adjust or regenerate dependent migrations to ensure database integrity.

5.5.0

5.4.0

Commits

Updates python-dotenv from 1.1.1 to 1.2.2

Release notes

Sourced from python-dotenv's releases.

v1.2.2

Added

  • Support for Python 3.14, including the free-threaded (3.14t) build. (#)

Changed

  • The dotenv run command now forwards flags directly to the specified command by @​bbc2 in theskumar/python-dotenv#607
  • Improved documentation clarity regarding override behavior and the reference page.
  • Updated PyPy support to version 3.11.
  • Documentation for FIFO file support.
  • Support for Python 3.9.

Fixed

Breaking Changes

  • dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

  • In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

  • dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Misc

New Contributors

Full Changelog: theskumar/python-dotenv@v1.2.1...v1.2.2

v1.2.1

What's Changed

... (truncated)

Changelog

Sourced from python-dotenv's changelog.

[1.2.2] - 2026-03-01

Added

  • Support for Python 3.14, including the free-threaded (3.14t) build. (#588)

Changed

  • The dotenv run command now forwards flags directly to the specified command by [@​bbc2] in #607
  • Improved documentation clarity regarding override behavior and the reference page.
  • Updated PyPy support to version 3.11.
  • Documentation for FIFO file support.
  • Dropped Support for Python 3.9.

Fixed

  • Improved set_key and unset_key behavior when interacting with symlinks by [@​bbc2] in [790c5c0]
  • Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@​JYOuyang] in #590

Breaking Changes

  • dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

  • In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

  • dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

[1.2.1] - 2025-10-26

  • Move more config to pyproject.toml, removed setup.cfg
  • Add support for reading .env from FIFOs (Unix) by [@​sidharth-sudhir] in #586

[1.2.0] - 2025-10-26

Commits

Updates langgraph from 1.0.6 to 1.0.10rc1

Release notes

Sourced from langgraph's releases.

langgraph==1.0.10rc1

Changes since 1.0.9

  • release: Candidate (#6947)
  • Merge commit from fork
  • chore: add tests to confirm expected subgraph persistence behavior (#6943)
  • fix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes numeric task segments (#6864)
  • chore: add make type target for type checking (#6748)

langgraph==1.0.9

Changes since 1.0.8

  • release: langgraph + prebuilt (#6875)
  • fix: sequential interrupt handling w/ functional API (#6863)
  • chore: state_updated_at sort by (#6857)
  • chore: bump orjson (#6852)
  • chore: conformance testing (#6842)
  • chore(deps): bump the all-dependencies group in /libs/langgraph with 6 updates (#6815)
  • chore(deps): bump protobuf from 6.33.4 to 6.33.5 in /libs/langgraph (#6833)
  • chore(deps): bump cryptography from 46.0.3 to 46.0.5 in /libs/langgraph (#6837)
  • chore(deps): bump nbconvert from 7.16.6 to 7.17.0 in /libs/langgraph (#6832)
  • chore: server runtime type (#6774)
  • refactor: replace bare except with BaseException in AsyncQueue (#6765)

langgraph-prebuilt==1.0.9

Changes since prebuilt==1.0.8

  • release: prebuilt 1.0.9 and langgraph 1.1.5 (#7401)
  • feat: enhance runtime w/ more execution information (#7363)
  • fix: tool node injection bug (#7391)
  • release(langgraph): 1.1.4 (#7356)
  • chore(deps): bump pygments from 2.19.2 to 2.20.0 in /libs/prebuilt (#7354)
  • chore(deps): bump langchain-core from 1.2.20 to 1.2.22 in /libs/prebuilt in the minor-and-patch group (#7289)
  • chore(deps): bump requests from 2.32.5 to 2.33.0 in /libs/prebuilt (#7281)
  • chore(deps): bump the all-dependencies group in /libs/prebuilt with 2 updates (#7247)
  • release(checkpoint-postgres): 3.0.5 (#7221)
  • release(langgraph): 1.1.3 (#7215)
  • chore(deps): bump the all-dependencies group in /libs/sdk-py with 2 updates (#7197)
  • chore(deps): bump the all-dependencies group in /libs/prebuilt with 2 updates (#7196)
  • chore(deps): bump orjson from 3.11.5 to 3.11.6 in /libs/prebuilt (#7145)
  • release(langgraph): 1.1.2 (#7135)
  • release(langgraph): 1.1.1 (#7120)
  • release(langgraph): 1.1 (#7102)
  • chore(deps): bump the all-dependencies group across 1 directory with 3 updates (#7072)
  • chore(deps): bump the all-dependencies group across 1 directory with 4 updates (#7073)
  • release(langgraph) 1.0.10 (#6967)
  • release(checkpoint): 0.4.1 (#6966)
  • chore: add serde events (#6954)
  • chore: update defaults (#6953)
  • release: rc2 (#6949)

... (truncated)

Commits
  • a04ec5d release: Candidate (#6947)
  • 50df7d4 Merge commit from fork
  • c4a4a46 chore: add tests to confirm expected subgraph persistence behavior (#6943)
  • f178eb8 fix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes nu...
  • 48167d7 chore(deps): bump the all-dependencies group in /libs/cli with 2 updates (#6920)
  • 806878a chore(deps): bump the all-dependencies group in /libs/checkpoint-postgres wit...
  • 8087e6a docs(sdk-py): update auth docstrings to default-deny pattern (#6933)
  • 8fbdb14 release(sdk-py): 0.3.9 (#6932)
  • 5093802 chore(deps): bump the all-dependencies group in /libs/checkpoint with 2 updat...
  • b89ef60 feat(sdk-py): add extract parameter to threads.search() (#6880)
  • Additional commits viewable in compare view

Updates langchain-openai from 1.1.7 to 1.1.14

Release notes

Sourced from langchain-openai's releases.

langchain-openai==1.1.14

Changes since langchain-openai==1.1.13

release(openai): 1.1.14 (#36820) fix(openai): use SSRF-safe transport for image token counting (#36819) chore(deps): bump pytest to 9.0.3 (#36801) chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/partners/openai (#36795) chore: bump pillow from 12.1.1 to 12.2.0 in /libs/partners/openai (#36777)

langchain-openai==1.1.13

Changes since langchain-openai==1.1.12

release(openai): 1.1.13 (#36729) fix(openai): handle content blocks without type key in responses api conversion (#36725) chore(model-profiles): refresh model profile data (#36539) chore(openai): fix broken vcr cassette playback and add ci guard (#36502) fix(openai,groq,openrouter): use is-not-None checks in usage metadata token extraction (#36500) fix(core): fixed typos in the documentation (#36459) chore(model-profiles): refresh model profile data (#36455) feat(core): impute placeholder filenames for OpenAI file inputs (#36433) chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385) chore(model-profiles): refresh model profile data (#36368) fix(openai): update computer call test (#36352) fix(openai): let user-provided User-Agent override the Azure default (#35523) chore: bump requests from 2.32.5 to 2.33.0 in /libs/partners/openai (#36248)

langchain-openai==1.1.12

Changes since langchain-openai==1.1.11

fix(openai): bump min core version (#36180) release(openai): 1.1.12 (#36178) fix(core,model-profiles): add missing ModelProfile fields, warn on schema drift (#36129) fix(openai): support phase parameter (#36161) fix(openai): preserve namespace field in streaming function_call chunks (#36108) ci: suppress pytest streaming output in CI (#36092) ci: avoid unnecessary dep installs in lint targets (#36046) chore(model-profiles): refresh model profile data (#36039) chore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/openai (#35860) fix(openai): add type: message to Responses API input items (#35693) perf(.github): set a timeout on get min versions HTTP calls (#35851) feat(model-profiles): new fields + Makefile target (#35788) fix(openai): close PIL Image handles in token counting to prevent fd leak (#35742) fix(openai): typo (#35763) chore(model-profiles): refresh model profile data (#35754)

langchain-openai==1.1.11

Changes since langchain-openai==1.1.10

fix(openai): bump min core version (#35705) release(openai): 1.1.11 (#35703)

... (truncated)

Commits
  • b7447c6 fix(infra): skip serdes tests in min-version release step (#36818)
  • 41c0cc5 release(openai): 1.1.14 (#36820)
  • 0516156 fix(openai): use SSRF-safe transport for image token counting (#36819)
  • 338aa81 fix(core): restore cloud metadata IPs and link-local range in SSRF policy (#3...
  • 51e9548 chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (#36797)
  • e85c418 chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (#36798)
  • 789126e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (#36799)
  • 937b3eb chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (#36800)
  • a06c205 ci(infra): validate issue checkboxes by section (#36811)
  • aa33b06 fix(langchain-classic): suppress mypy errors in compat code (#36806)
  • Additional commits viewable in compare view

Updates langchain-core from 1.2.7 to 1.2.28

Release notes

Sourced from langchain-core's releases.

langchain-core==1.2.28

Changes since langchain-core==1.2.27

release(core): release 1.2.28 (#36614) fix(core): add more sanitization to templates (#36612)

langchain-core==1.2.27

Changes since langchain-core==1.2.26

release(core): 1.2.27 (#36586) fix(core): handle symlinks in deprecated prompt save path (#36585) chore: add comment explaining pygments>=2.20.0 (#36570)

Credit to Jeff Ponte (@​JDP-Security) for reporting the symlink resolution issue in #36585.

langchain-core==1.2.26

Changes since langchain-core==1.2.25

release(core): 1.2.26 (#36511) fix(core): add init validator and serialization mappings for Bedrock models (#34510) feat(core): add ChatBaseten to serializable mapping (#36510) chore(core): drop gpt-3.5-turbo from docstrings (#36497) fix(core): correct parameter names in filter_messages docstring example (#36462)

langchain-core==1.2.25

Changes since langchain-core==1.2.24

release(core): 1.2.25 (#36473) fix(core): harden check for txt files in deprecated prompt loading functions (#36471) fix(core): fixed typos in the documentation (#36459)

Credit to Jeff Ponte (@​JDP-Security) for reporting the symlink resolution issue resolved in #36471.

langchain-core==1.2.24

Changes since langchain-core==1.2.23

release(core): 1.2.24 (#36434) feat(core): impute placeholder filenames for OpenAI file inputs (#36433) chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385) fix(core): add "computer" to _WellKnownOpenAITools (#36261)

langchain-core==1.2.23

Changes since langchain-core==1.2.22

release(core): 1.2.23 (#36323) revert: Revert "fix(core): trace invocation params in metadata" (#36322) chore: bump requests from 2.32.5 to 2.33.0 in /libs/core (#36243)

langchain-core==1.2.22

Changes since langchain-core==1.2.21

... (truncated)

Commits

Updates langchain-text-splitters from 1.1.0 to 1.1.2

Release notes

Sourced from langchain-text-splitters's releases.

langchain-text-splitters==1.1.2

Changes since langchain-text-splitters==1.1.1

release(text-splitters): 1.1.2 (#36822) fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from_url (#36821) chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (#36797) chore(deps): bump pytest to 9.0.3 (#36801) chore: bump pytest from 9.0.2 to 9.0.3 in /libs/text-splitters (#36714) chore: add comment explaining pygments>=2.20.0 (#36570) release(core): 1.2.26 (#36511) chore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385) fix(text-splitters): prevent silent data loss for empty dict values in RecursiveJsonSplitter (#35079) feat(text-splitters): support spacy tests with Python 3.14 (#36198) fix(infra): correct lint_diff relative paths in package makefiles (#36333) chore: bump requests from 2.32.5 to 2.33.0 in /libs/text-splitters (#36238) chore: bump nltk from 3.9.3 to 3.9.4 in /libs/text-splitters (#36237) chore(partners): bump langchain-core min to 1.2.21 (#36183) chore(text-splitters): bump nltk in lock file (#36112) ci: suppress pytest streaming output in CI (#36092) chore(text-splitters): speed up ci (#36050) ci: avoid unnecessary dep installs in lint targets (#36046) chore: bump orjson from 3.11.5 to 3.11.6 in /libs/text-splitters (#35856) chore: bump locks, lint (#35985) perf(.github): set a timeout on get min versions HTTP calls (#35851) chore: bump tornado from 6.5.2 to 6.5.5 in /libs/text-splitters (#35774) chore: bump the minor-and-patch group across 3 directories with 3 updates (#35589) chore: bump the other-deps group across 3 directories with 2 updates (#35512) chore: bump nltk from 3.9.2 to 3.9.3 in /libs/text-splitters (#35449) chore: bump the other-deps group across 3 directories with 2 updates (#35407)

langchain-text-splitters==1.1.1

Changes since langchain-text-splitters==1.1.0

release(text-splitters): 1.1.1 (#35318) fix(text-splitters): prevent JSFrameworkTextSplitter from mutating self._separators on each split_text() call (#35316) chore: bump transformers from 5.1.0 to 5.2.0 in /libs/text-splitters in the other-deps group across 1 directory (#35279) chore: bump the other-deps group across 3 directories with 2 updates (#35255) style: bump ruff version to 0.15 (#35042) fix: Server-Side Request Forgery (SSRF) in HTMLHeaderTextSplitter.split_text_from_url (#35196) feat(text-splitters): add model_kwargs to SentenceTransformersTokenTextSplitter (#35113) chore(deps): bump langsmith from 0.4.31 to 0.6.3 in /libs/text-splitters (#35162) chore(deps): bump the other-deps group across 3 directories with 12 updates (#35127) chore(deps): bump the other-deps group across 3 directories with 8 updates (#35120) chore: add make type target (#35015) revert: "chore: add typing target in Makefile" (#35013) chore: add typing target in Makefile (#35012) fix(text-splitters): reverse preserved elements iterator in HTMLSemanticPreservingSplitter (#34080) chore: enrich pyproject.toml files (#34980) chore(deps): bump the uv group across 20 directories with 3 updates (#34941) chore: upgrade urllib3 to 2.6.3 (#34940)

... (truncated)

Commits
  • 58c4e5b release(text-splitters): 1.1.2 (#36822)
  • c289bf1 fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from...
  • b7447c6 fix(infra): skip serdes tests in min-version release step (#36818)
  • 41c0cc5 release(openai): 1.1.14 (#36820)
  • 0516156 fix(openai): use SSRF-safe transport for image token counting (#36819)
  • 338aa81 fix(core): restore cloud metadata IPs and link-local range in SSRF policy (#3...
  • 51e9548 chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (#36797)
  • e85c418 chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (

@dependabot
build(deps): bump the pip group across 1 directory with 9 updates
fe6e90f 
Bumps the pip group with 9 updates in the /WHartTest_Django directory:

| Package | From | To |
| --- | --- | --- |
| [django](https://github.com/django/django) | `5.2` | `5.2.14` |
| [djangorestframework-simplejwt](https://github.com/jazzband/djangorestframework-simplejwt) | `5.3.1` | `5.5.1` |
| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |
| [langgraph](https://github.com/langchain-ai/langgraph) | `1.0.6` | `1.0.10rc1` |
| [langchain-openai](https://github.com/langchain-ai/langchain) | `1.1.7` | `1.1.14` |
| [langchain-core](https://github.com/langchain-ai/langchain) | `1.2.7` | `1.2.28` |
| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `1.1.0` | `1.1.2` |
| [pypdf](https://github.com/py-pdf/pypdf) | `5.6.0` | `6.10.2` |
| [unstructured](https://github.com/Unstructured-IO/unstructured) | `0.17.2` | `0.18.18` |



Updates `django` from 5.2 to 5.2.14
- [Commits](django/django@5.2...5.2.14)

Updates `djangorestframework-simplejwt` from 5.3.1 to 5.5.1
- [Release notes](https://github.com/jazzband/djangorestframework-simplejwt/releases)
- [Changelog](https://github.com/jazzband/djangorestframework-simplejwt/blob/master/CHANGELOG.md)
- [Commits](jazzband/djangorestframework-simplejwt@v5.3.1...v5.5.1)

Updates `python-dotenv` from 1.1.1 to 1.2.2
- [Release notes](https://github.com/theskumar/python-dotenv/releases)
- [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md)
- [Commits](theskumar/python-dotenv@v1.1.1...v1.2.2)

Updates `langgraph` from 1.0.6 to 1.0.10rc1
- [Release notes](https://github.com/langchain-ai/langgraph/releases)
- [Commits](langchain-ai/langgraph@1.0.6...1.0.10rc1)

Updates `langchain-openai` from 1.1.7 to 1.1.14
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain-openai==1.1.7...langchain-openai==1.1.14)

Updates `langchain-core` from 1.2.7 to 1.2.28
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain-core==1.2.7...langchain-core==1.2.28)

Updates `langchain-text-splitters` from 1.1.0 to 1.1.2
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@langchain-text-splitters==1.1.0...langchain-text-splitters==1.1.2)

Updates `pypdf` from 5.6.0 to 6.10.2
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](py-pdf/pypdf@5.6.0...6.10.2)

Updates `unstructured` from 0.17.2 to 0.18.18
- [Release notes](https://github.com/Unstructured-IO/unstructured/releases)
- [Changelog](https://github.com/Unstructured-IO/unstructured/blob/main/CHANGELOG.md)
- [Commits](Unstructured-IO/unstructured@0.17.2...0.18.18)

---
updated-dependencies:
- dependency-name: django
  dependency-version: 5.2.14
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: djangorestframework-simplejwt
  dependency-version: 5.5.1
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: python-dotenv
  dependency-version: 1.2.2
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: langgraph
  dependency-version: 1.0.10rc1
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: langchain-openai
  dependency-version: 1.1.14
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: langchain-core
  dependency-version: 1.2.28
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: langchain-text-splitters
  dependency-version: 1.1.2
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pypdf
  dependency-version: 6.10.2
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: unstructured
  dependency-version: 0.18.18
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants