deps: bump the prod-deps group across 1 directory with 35 updates

[dependabot]

Bumps the prod-deps group with 35 updates in the / directory:

Package	From	To
django	4.2.26	6.0
psycopg2-binary	2.9.10	2.9.11
celery	5.5.3	5.6.2
hiredis	3.2.1	3.3.0
brotli	1.1.0	1.2.0
django-compressor	4.5.1	4.6.0
django-post-office	3.10.1	3.11.0
drf-yasg	1.21.10	1.21.11
jellyfish	1.2.0	1.2.1
markdown	3.9	3.10
pyyaml	6.0.2	6.0.3
xlsxwriter	3.2.8	3.2.9
xmlschema	4.1.0	4.2.0
lark	1.2.2	1.3.1
simple-salesforce	1.12.8	1.12.9
shapely	2.0.7	2.1.2
django-treebeard	4.7.1	4.8.0
django-two-factor-auth[phonenumbers]	1.17.0	1.18.1
importlib-metadata	8.7.0	8.7.1
boto3	1.40.30	1.42.21
django-ses	4.4.0	4.5.0
uwsgi	2.0.30	2.0.31
coverage	7.10.6	7.13.1
coveralls	4.0.1	4.0.2
tox	4.30.2	4.33.0
psutil	7.0.0	7.2.1
faker	37.6.0	40.1.0
vcrpy	7.0.0	8.1.1
pytest	8.4.2	9.0.2
pre-commit	4.3.0	4.5.1
sphinx	7.4.7	9.1.0
sphinxcontrib-spelling	8.0.0	8.0.2
docutils	0.21.2	0.22.4
hypothesis	6.138.16	6.148.13
django-debug-toolbar	6.0.0	6.1.0

Updates django from 4.2.26 to 6.0

Commits

• 36b5f39 [6.0.x] Bumped version for 6.0 release.
• 4f46d1f [6.0.x] Updated man page for Django 6.0.
• a9f5ca5 [6.0.x] Refs #35859 -- Clarified Tasks ref and topics docs regarding availabl...
• 45f9e0e [6.0.x] Finalized release notes for Django 6.0.
• ac44a55 [6.0.x] Made cosmetic edits to docs/releases/6.0.txt.
• 00575b7 [6.0.x] Updated translations from Transifex.
• 8414487 [6.0.x] Refs #35444 -- Fixed typo in PostgreSQL StringAgg deprecation warning.
• 1f8f36e [6.0.x] Added CVE-2025-13372 and CVE-2025-64460 to security archive.
• 224fc79 [6.0.x] Added stub release notes for 5.2.10.
• 1dbd07a [6.0.x] Fixed CVE-2025-64460 -- Corrected quadratic inner text accumulation i...
• Additional commits viewable in compare view

Updates psycopg2-binary from 2.9.10 to 2.9.11

Changelog

Sourced from psycopg2-binary's changelog.

Current release

What's new in psycopg 2.9.11 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.14.
• Avoid a segfault passing more arguments than placeholders if Python is built with assertions enabled (:ticket:[#1791](https://github.com/psycopg/psycopg2/issues/1791)).
• Add riscv64 platform binary packages (:ticket:[#1813](https://github.com/psycopg/psycopg2/issues/1813)).
• ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 18.
• Drop support for Python 3.8.

What's new in psycopg 2.9.10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.13.
• Receive notifications on commit (:ticket:[#1728](https://github.com/psycopg/psycopg2/issues/1728)).
• ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 17.
• Drop support for Python 3.7.

What's new in psycopg 2.9.9 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.12.
• Drop support for Python 3.6.

What's new in psycopg 2.9.8 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Wheel package bundled with PostgreSQL 16 libpq in order to add support for recent features, such as sslcertmode.

What's new in psycopg 2.9.7 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Fix propagation of exceptions raised during module initialization (:ticket:[#1598](https://github.com/psycopg/psycopg2/issues/1598)).
• Fix building when pg_config returns an empty string (:ticket:[#1599](https://github.com/psycopg/psycopg2/issues/1599)).
• Wheel package bundled with OpenSSL 1.1.1v.

What's new in psycopg 2.9.6 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

... (truncated)

Commits

• fd9ae8c chore: bump to version 2.9.11
• d923840 chore: update docs requirements
• d42dc71 Merge branch 'fix-1791'
• 4fde656 fix: avoid failed assert passing more arguments than placeholders
• 8308c19 fix: drop warning about the use of deprecated PyWeakref_GetObject function
• 1a1eabf build(deps): bump actions/github-script from 7 to 8
• 897af8b build(deps): bump peter-evans/repository-dispatch from 3 to 4
• ceefd30 build(deps): bump actions/checkout from 4 to 5
• 4dc5854 build(deps): bump actions/setup-python from 5 to 6
• 1945788 Merge pull request #1802 from edgarrmondragon/cp314-wheels
• Additional commits viewable in compare view

Updates celery from 5.5.3 to 5.6.2

Release notes

Sourced from celery's releases.

v5.6.2

What's Changed

• Fix recursive WorkController instantiation in DjangoWorkerFixup + AttributeError when pool_cls is a string by @​bruunotrindade in celery/celery#10045
• Bugfix: Revoked tasks now immediately update backend status to REVOKED by @​Nusnus in celery/celery#9869
• Prepare for release: v5.6.2 by @​Nusnus in celery/celery#10049

New Contributors

• @​bruunotrindade made their first contribution in celery/celery#10045

Full Changelog: celery/celery@v5.6.1...v5.6.2

v5.6.1

What's Changed

• Fix Redis Sentinel ACL authentication support by @​anthonykuzmich7 in celery/celery#10013
• Fix: Broker heartbeats not sent during graceful shutdown by @​weetster in celery/celery#9986
• docs #5410 -- Document confirm_publish broker transport option by @​JaeHyuckSa in celery/celery#10016
• close DB pools only in prefork mode by @​petrprikryl in celery/celery#10020
• Fix: Avoid unnecessary Django database connection creation during cleanup by @​snopoke in celery/celery#10015
• reliable prefork detection by @​petrprikryl in celery/celery#10023
• better coverage by @​petrprikryl in celery/celery#10029
• Docs: clarify result_extended vs periodic task metadata and show headers["periodic_task_name"] example by @​SpaceShaman in celery/celery#10030
• Stop importing pytest_subtests by @​cjwatson in celery/celery#10032
• Only use exceptiongroup backport for Python < 3.11 by @​cjwatson in celery/celery#10033
• Prepare for release: v5.6.1 by @​Nusnus in celery/celery#10037

New Contributors

• @​anthonykuzmich7 made their first contribution in celery/celery#10013
• @​weetster made their first contribution in celery/celery#9986
• @​JaeHyuckSa made their first contribution in celery/celery#10016
• @​snopoke made their first contribution in celery/celery#10015
• @​SpaceShaman made their first contribution in celery/celery#10030

Full Changelog: celery/celery@v5.6.0...v5.6.1

v5.6.0

Celery v5.6.0 is now available.

Key Highlights

See What's new in Celery 5.6 for a complete overview or read the main highlights below.

Python 3.9 Minimum Version

Celery 5.6.0 drops support for Python 3.8 (EOL). The minimum required Python version is now 3.9. Users still on Python 3.8 must upgrade their Python version before upgrading to Celery 5.6.0.

Additionally, this release includes initial support for Python 3.14.

SQS: Reverted to pycurl from urllib3

The switch from pycurl to urllib3 for the SQS transport (introduced in Celery 5.5.0 via Kombu) has been reverted due to critical issues affecting SQS users.

... (truncated)

Changelog

Sourced from celery's changelog.

5.6.2

:release-date: 2026-01-04 :release-by: Tomer Nosrati

What's Changed

- Fix recursive WorkController instantiation in DjangoWorkerFixup + AttributeError when pool_cls is a string ([#10045](https://github.com/celery/celery/issues/10045))
- Bugfix: Revoked tasks now immediately update backend status to REVOKED ([#9869](https://github.com/celery/celery/issues/9869))
- Prepare for release: v5.6.2 ([#10049](https://github.com/celery/celery/issues/10049))
.. _version-5.6.1:
5.6.1
:release-date: 2025-12-29
:release-by: Tomer Nosrati
What's Changed

• Fix Redis Sentinel ACL authentication support (#10013)
• Fix: Broker heartbeats not sent during graceful shutdown (#9986)
• docs #5410 -- Document confirm_publish broker transport option (#10016)
• close DB pools only in prefork mode (#10020)
• Fix: Avoid unnecessary Django database connection creation during cleanup (#10015)
• reliable prefork detection (#10023)
• better coverage (#10029)
• Docs: clarify result_extended vs periodic task metadata and show headers["periodic_task_name"] example (#10030)
• Stop importing pytest_subtests (#10032)
• Only use exceptiongroup backport for Python < 3.11 (#10033)
• Prepare for release: v5.6.1 (#10037)

.. _version-5.6.0:

5.6.0

:release-date: 2025-11-30 :release-by: Tomer Nosrati

Celery v5.6.0 is now available.

Key Highlights

See :ref:`whatsnew-5.6` for a complete overview or read the main highlights below.
</tr></table> 

... (truncated)

Commits

• 6a43c84 Prepare for release: v5.6.2 (#10049)
• 333a82f Bugfix: Revoked tasks now immediately update backend status to REVOKED (#9869)
• 9d6ab11 Fix recursive WorkController instantiation in DjangoWorkerFixup + AttributeEr...
• 21dbc73 Prepare for release: v5.6.1 (#10037)
• ba20bed Only use exceptiongroup backport for Python < 3.11 (#10033)
• 2167529 Stop importing pytest_subtests
• 0527296 Bump google-cloud-firestore from 2.21.0 to 2.22.0
• 5f8659b Clarify 'result_extended' setting usage in tasks
• f19db70 Bump mypy from 1.19.0 to 1.19.1 (#10028)
• 6da72bd better coverage (#10029)
• Additional commits viewable in compare view

Updates hiredis from 3.2.1 to 3.3.0

Release notes

Sourced from hiredis's releases.

3.3.0

Changes

• Add Python 3.14 to CI and wheels (#213 by @​zweizeichen)

Contributors

We'd like to thank all the contributors who worked on this release!

Commits

• 187d0f3 Version 3.3.0
• 3efcf03 Add Python 3.14 to CI and wheels (#213) (#215)
• 966cede Fix assertion in reader.c (#212)
• 78def30 Bump version to 3.3.0-dev
• See full diff in compare view

Updates brotli from 1.1.0 to 1.2.0

Release notes

Sourced from brotli's releases.

v1.2.0

SECURITY

• python: added Decompressor::can_accept_more_data method and optional output_buffer_limit argument Decompressor::process; that allows mitigation of unexpectedly large output; reported by Charles Chan (https://github.com/charleswhchan)

Added

• decoder / encoder: added static initialization to reduce binary size
• python: allow limiting decoder output (see SECURITY section)
• CLI: brcat alias; allow decoding concatenated brotli streams
• kt: pure Kotlin decoder
• cgo: support "raw" dictionaries
• build: Bazel modules

Removed

• java: dropped finalize() for native entities

Fixed

• java: in compress pass correct length to native encoder

Improved

• build: install man pages
• build: updated / fixed / refined Bazel buildfiles
• encoder: faster encoding
• cgo: link via pkg-config
• python: modernize extension / allow multi-phase module initialization

Changed

• decoder / encoder: static tables use "small" model (allows 2GiB+ binaries)

v1.2.0 RC2

What's Changed (compared to RC1)

• pick changes from Debian patch by @​copybara-service[bot] in google/brotli#1349
• pick changes from Alpine patch by @​copybara-service[bot] in google/brotli#1348
• pick VCPKG patches by @​copybara-service[bot] in google/brotli#1350
• fix copy-paste in Java decoder by @​copybara-service[bot] in google/brotli#1357

v1.2.0 RC1

IMPORTANT: though this is a pre-release for v1.2.0, it is expected that some changes will be added before release; most notably concerning build files: patches applied by Alpine, Debian, Conan, VCPKG will be partially/fully integrated.

SECURITY

• python: added Decompressor::can_accept_more_data method and optional output_buffer_limit argument Decompressor::process; that allows mitigation of unexpectedly large output; reported by Charles Chan (https://github.com/charleswhchan)

Added

• decoder / encoder: added static initialization to reduce binary size
• python: allow limiting decoder output (see SECURITY section)

... (truncated)

Changelog

Sourced from brotli's changelog.

[1.2.0] - 2025-10-27

SECURITY

• python: added Decompressor::can_accept_more_data method and optional output_buffer_limit argument Decompressor::process; that allows mitigation of unexpectedly large output; reported by Charles Chan (https://github.com/charleswhchan)

Added

• decoder / encoder: added static initialization to reduce binary size
• python: allow limiting decoder output (see SECURITY section)
• CLI: brcat alias; allow decoding concatenated brotli streams
• kt: pure Kotlin decoder
• cgo: support "raw" dictionaries
• build: Bazel modules

Removed

• java: dropped finalize() for native entities

Fixed

• java: in compress pass correct length to native encoder

Improved

• build: install man pages
• build: updated / fixed / refined Bazel buildfiles
• encoder: faster encoding
• cgo: link via pkg-config
• python: modernize extension / allow multi-phase module initialization

Changed

• decoder / encoder: static tables use "small" model (allows 2GiB+ binaries)

Commits

• 028fb5a release v1.2.0
• 390de5b build and test csharp decoder
• 3499acb regenerate go/kt/js/ts
• 8ca2312 fix release workflow
• ee771da fix copy-paste in Java decoder
• 42aee32 try to fix release workflow
• 392c06b redesign release resource uploading
• 1964cdb ramp up all GH actions plugins
• 61605b1 pick VCPKG patches
• 4b0f27b pick changes from Alpine patch
• Additional commits viewable in compare view

Updates django-compressor from 4.5.1 to 4.6.0

Changelog

Sourced from django-compressor's changelog.

Changelog

v4.6 (2025-11-10)

Full list of changes from v4.5.1 <https://github.com/django-compressor/django-compressor/compare/4.5.1...4.6>_

• Fixed compatibility with latest BS4.
• Removed top pin for rcssmin and rjsmin dependencies.
• Avoid compressing the same node concurrently in offline compression.
• Avoid use of deprecated ast.Constant.s
• Officially support Django 6.0
• Officially support Django 5.2
• Drop support for EOL Django 5.0
• Add support for Python 3.14.
• Add support for Python 3.13.
• Drop support for EOL Python 3.9.
• Drop support for EOL Python 3.8.

Commits

• 3ada994 Prepare 4.6.0.
• 1baa82a Remove CI testing for EOL Django 5.0.
• 8706a52 Add CI testing for Python 3.14 and Django 6.0.
• 7be9ce2 Bump brotli, lxml, and coverage test dependencies.
• d6fd813 Remove test version pinning for rcssmin and rjsmin.
• 2b46e7d Bump actions/setup-python from 5 to 6 (#1307)
• b97bb05 Disable bs4's multi valued attributes (#1296)
• 4e54330 Migrate packaging to pyproject.toml (#1313)
• 872f8d5 Remove version pinning for rcssmin and rjsmin (#1312)
• cc38666 Drop support for Python 3.9 (#1311)
• Additional commits viewable in compare view

Updates django-post-office from 3.10.1 to 3.11.0

Release notes

Sourced from django-post-office's releases.

v3.11

• Added Python 3.14 and Django 6.0 compatibility. Thanks @​selwin!
• Replaced bleach with nh3 for HTML sanitization. bleach has been deprecated since 2023. Thanks @​selwin!
• Added SESWebhookHandler and SparkPostWebhookHandler for handling webhook events (beta feature). Thanks @​selwin!
• Optimized the way templates are fetched during email delivery. Thanks @​selwin!

Changelog

Sourced from django-post-office's changelog.

Changelog

Unreleased

• Replaced bleach with nh3 for HTML sanitization. bleach has been deprecated since 2023. Thanks @​selwin!
• Added SESWebhookHandler and SparkPostWebhookHandler for handling webhook events (beta feature). Thanks @​selwin!
• Optimized the way templates are fetched during email delivery. Thanks @​selwin!

Commits

• 825af68 Bump version to 3.11
• 99be3b5 Delete publish.yml (#513)
• a360b79 Improve tests (#509)
• fe7c583 Python314 fix (#511)
• 0556f5e Updated test.yml so tests don't get triggered twice (#512)
• 00ddbc1 Webhooks (#510)
• 936d1ac Updated README.md
• 91fbc6c Webhook handlers (#505)
• 0f68aaf Merge branch 'webhooks'
• 5b7fdf9 Move tests (#508)
• Additional commits viewable in compare view

Updates drf-yasg from 1.21.10 to 1.21.11

Release notes

Sourced from drf-yasg's releases.

1.21.11

FIXED: Fix list views with parameters in last path segment not named "list" views (#917) ADDED: Allow overriding produces/consumes with @​swagger_auto_schema decorator (#916) FIXED: Fix filter parameters not appearing in swagger with django-filter>=25 (#926) IMPROVED: Update Python, Django, and DRF versions and packaging configuration (#922) IMPROVED: Remove usage of pkg_resources (#928) FIXED: Fix call_view_method warning to include the method name again (#923) ADDED: Add a hide download button option (#848) ADDED: Add ruff linters (#903)

Changelog

Sourced from drf-yasg's changelog.

######### Changelog #########

---

1.21.11

---

FIXED: Fix list views with parameters in last path segment not named "list" views (:pr:917) ADDED: Allow overriding produces/consumes with @​swagger_auto_schema decorator (:pr:916) FIXED: Fix filter parameters not appearing in swagger with django-filter>=25 (:pr:926) IMPROVED: Update Python, Django, and DRF versions and packaging configuration (:pr:922) IMPROVED: Remove usage of pkg_resources (:pr:928) FIXED: Fix call_view_method warning to include the method name again (:pr:923) ADDED: Add a hide download button option (:pr:848) ADDED: Add ruff linters (:pr:903)

---

1.21.10

---

FIXED: Fix type hints when using postponed evaluation of annotations (PEP-563) (:pr:840) IMPROVED: Update JSON & YAML renderers to not use a "." in their format string (:pr:911) FIXED: Fix lint errors when comparing types with == instead of is (:pr:868) IMPROVED: Update swagger-ui-dist to address CVE-2021-46708 (:pr:904)

---

1.21.9

---

ADDED: Added support for zoneinfo object fields (:pr:908)

---

1.21.8

---

ADDED: Python 3.11 and 3.12 support (:pr:891) FIXED: Fix pkg_resources version lookups for Python 3.9+ (:pr:891)

---

1.21.7

---

Release date: Jul 20, 2023

ADDED: Added drf_yasg.inspectors.query.DrfAPICompatInspector (:pr:857) ADDED: Added DrfAPICompatInspector to serve as a replacement CoreAPICompatInspector (:pr:857) ADDED: Allow DEFAULT_SPEC_RENDERERS default renderers to be overriden in the settings (:pr:857) FIXED: Fixed redoc source mapping (:pr:859)

... (truncated)

Commits

• f8cb2db Add version 1.21.11 details to the changelog (#939)
• 0c6d08d Update the ruff lint rules (#920)
• 055a74d Bump actions/setup-python from 5 to 6 in the github-actions group (#937)
• a8813ac Bump actions/checkout from 4 to 5 in the github-actions group (#936)
• 9f4b449 Restore the live demo and replace heroku with apprunner (#935)
• 2983251 fix list views with parameters in last path segment not named "list" views (#...
• a746893 allow overriding produces/consumes with @​swagger_auto_schema decorator (#916)
• e747ad6 Fixes issue with filter parameters not appearing in Swagger after upgrading t...
• ee3c871 update Python, Django, and DRF versions & packaging configuration (#922)
• be6eeed Remove usage of pkg_resources (#928)
• Additional commits viewable in compare view

Updates jellyfish from 1.2.0 to 1.2.1

Updates markdown from 3.9 to 3.10

Release notes

Sourced from markdown's releases.

Release 3.10.0

Changed

• Officially support Python 3.14 and PyPy 3.11 and drop support for Python 3.9 and PyPy 3.9.

Fixed

• Fix an HTML comment parsing case in some Python versions that can cause an infinite loop (#1554).
• Revert the default behavior of USE_DEFINITION_ORDER (to True). The new behavior introduced in 3.9.0 is experimental and results are inconsistent. It should not have been made the default behavior (#1561).

Changelog

Sourced from markdown's changelog.

title: Changelog toc_depth: 2

Python-Markdown Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to the Python Version Specification. See the Contributing Guide for details.

[Unreleased]

Fixed

• Ensure nested elements inside inline comments are properly unescaped (#1571).
• Make the docs build successfully with mkdocstrings-python 2.0 (#1575).
• Fix infinite loop when multiple bogus or unclosed HTML comments appear in input (#1578).

[3.10.0] - 2025-11-03

Changed

• Officially support Python 3.14 and PyPy 3.11 and drop support for Python 3.9 and PyPy 3.9.

Fixed

• Fix an HTML comment parsing case in some Python versions that can cause an infinite loop (#1554).
• Revert the default behavior of USE_DEFINITION_ORDER (to True). The new behavior introduced in 3.9.0 is experimental and results are inconsistent. It should not have been made the default behavior (#1561).

[3.9.0] - 2025-09-04

Changed

• Footnotes are now ordered by the occurrence of their references in the document. A new configuration option for the footnotes extension, USE_DEFINITION_ORDER, has been added to support restoring the previous behavior of ordering footnotes by the occurrence of definitions (#1367).

Fixed

• Ensure inline processing iterates through elements in document order (#1546).
• Fix handling of incomplete HTML tags in code spans in Python 3.14 (#1547).

[3.8.2] - 2025-06-19

... (truncated)

Commits

• 22e89c1 Bump version to 3.10
• c138aea + PY314 - PY39
• 746f7f5 cleanup
• a5ee2b4 Revert the default behavior of USE_DEFINITION_ORDER
• 5354daf Fix an HTML comment parsing case that can cause an infinite loop
• See full diff in compare view

Updates pyyaml from 6.0.2 to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

• Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

• yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)

Commits

• 49790e7 Release 6.0.3 (#889)
• See full diff in compare view

Updates xlsxwriter from 3.2.8 to 3.2.9

Changelog

Sourced from xlsxwriter's changelog.

Release 3.2.9 - September 16 2025

• Removed the py.typed file since it was causing a lot of downstream CI failures where consumers weren't handling the xlsxwriter types correctly or taking them into account.

  The file will be re-added once the xlsxwriter typing is more comprehensive.

Commits

• e943bee Prep for release 3.2.9
• 392bd9e typing: remove py.typed file
• See full diff in compare view

Updates xmlschema from 4.1.0 to 4.2.0

Release notes

Sourced from xmlschema's releases.

v4.2.0 (2025-10-14)

• Add arguments validation for schemas and validation methods (by validation contexts)
• Add SchemaSettings dataclass for storing read-only settings for schema instances and for managing package default settings
• Add block argument to XMLResource class (issue #464)
• Add MAX_SCHEMA_SOURCES package limit (1000, applied to XsdGlobals global maps instances)
• Add MAX_XML_ELEMENTS package limit (1,000,000, applied to non-lazy XMLResource instances)
• Reduce MAX_XML_DEPTH limit to 1000 and apply it to all XMLResource instances
• Fix for substitute match in case of unexpected child (issue #461)

Changelog

Sourced from xmlschema's changelog.

v4.2.0_ (2025-10-14)

• Add arguments validation for schemas and validation methods (by validation contexts)
• Add SchemaSettings dataclass for storing read-only settings for schema instances and for managing package default settings
• Add block argument to XMLResource class (issue #464)
• Add MAX_SCHEMA_SOURCES package limit (1000, applied to XsdGlobals global maps instances)
• Add MAX_XML_ELEMENTS package limit (1,000,000, applied to non-lazy XMLResource instances)
• Reduce MAX_XML_DEPTH limit to 1000 and apply it to all XMLResource instances
• Fix for substitute match in case of unexpected child (issue #461)

Commits

• 2783030 Bump minor release
• 7c77a12 Include publiccode.yml validation workflow for CI and README changes
• 04c19d5 Fix XsdGroup.match_element (issue #461)
• dd4f279 Merge pull request #463 from publiccode-pr-bot/chore/add-publiccode-parser-ac...
• 1bd7aa6 Update GitHub workflow for CI
• 76b0f67 Patch mypy tests with protocols
• 28727bb Update docs and release info
• e4131ea Add from_settings() class method to schemas
• 0aea8de Rewrite validation contexts as normal classes
• d443d7b Full validation of context arguments
• Additional commits viewable in compare view

Updates lark from 1.2.2 to 1.3.1

Release notes

Sourced from lark's releases.

1.3.1 - Bugfix + source build now contains complete project data

What's Changed

• Bugfix: Restore support for custom input, alongside text and TextSlice by @​erezsh in lark-parser/lark#1562
• Keep sdist in sync with git (include all files in source build, including docs, tests and examples) by @​chanicpanic in lark-parser/lark#1561

Full Changelog: lark-parser/lark@1.3.0...1.3.1

1.3.0 - Introduces text-slices, Earley fix, and various small improvements

New features

• Lark can now parse in sections of strings, using TextSlice, as a faster alternative to creating a "copy-slice" with s[i:j]. Learn more
• Added support to match on Tree instances
• When serializing a Lark instance, added the option to include the grammar object (before compilation).
• Added convenience method Tree.find_token()

Bugfixes

• Bugfix of an edge case in Earley related to representation of ambiguity.
• Bugfixes in the standalone parser related to imports
• Bugfix in indenter - now dedents always contain line information
• Various small bugfixes (see PR list below)

Full list of PRs

• Docs: Rephrase v_args() documentation to underline it only applies to Transformer classes by @​skepppy in lark-parser/lark#1458
• Tiny refactor for PR #1451 by @​erezsh in lark-parser/lark#1459
• Earley: share nodes created by the scanner with the completer by @​chanicpanic in lark-parser/lark#1451
• Better error in Lark.parse when using on_error when parser!=lalr (issue #1311) by @​erezsh in lark-parser/lark#1460
• Fix Symbol.__eq__ to return false when comparing with None by @​weaversam8 in lark-parser/lark#1481
• Mention internal/external transformers in the documentation by @​odanoburu in lark-parser/lark#1486
• Add Tree.find_token() method by @​makukha in lark-parser/lark#1467
• Type Terminal.__init__ by @​Liam-DeVoe in lark-parser/lark#1503
• Add guidance on handling comments in languages with significant indentation by @​nchammas in lark-parser/lark#1502
• [docs] Small fix for PR 1507 by @​erezsh in lark-parser/lark#1508
• Add note on binding power of numeric quantifiers by @​414owen in lark-parser/lark#1507
• Wrap functools.partial in staticmethod() to add compatibility with Python 3.14 by @​hrnciar in lark-parser/lark#1483
• Fix generic type of Transformer_InPlaceRecursive by @​lbhm in lark-parser/lark#1518
• Added TextSlice; Lark can now parse/lex a text-slice by @​erezsh in lark-parser/lark#1452
• Support match on tree by @​colmmurphyxyz in lark-parser/lark#1521
• Docs: Updated link of DSL article to a new version by @​erezsh in lark-parser/lark#1529
• better error messages for shift/reduct conflicts by @​skogsbaer in lark-parser/lark#1531
• Serialize Lark.grammar (fixes issue #1472) by @​NasalDaemon in lark-parser/lark#1506
• Fixes for PR #1506, which adds the option to cache the grammar definition by @​erezsh in lark-parser/lark#1540
• Bugfix in indenter - now always creating dedents with line information by @​erezsh in lark-parser/lark#1547
• Bugfix: issue when unpickling in the standalone parser, due to lingering Token instances by @​erezsh in lark-parser/lark#1553
• Include missing import in standalone parser by @​pdeibert in lark-parser/lark#1541
• Version bump (1.3.0) by @​erezsh in lark-parser/lark#1554

New Contributors

• @​skepppy made their first contribution in lark-parser/lark#1458

... (truncated)

Commits

• f79772c Version bump (1.3.1)
• b64e9f4 Merge pull request #1561 from chanicpanic/sdist-git
• ad0ea5f Update MANIFEST.in
• 1f6f03c Merge pull request #1562 from lark-parser/issue1560
• 7c365de Added custom input test (based on code from examples)
• 19bbbee Bugfix: Restore support for custom input, alongside text and TextSlice (Issue...
• dbcb60e Keep sdist in sync with git
• e332c2d Version bump (1.3.0)
• aa5666c Merge pull request #1541 from pdeibert/master
• 41934d3 Merge pull request #1553 from lark-parser/issue1552
• Additional commits viewable in compare view

Updates simple-salesforce from 1.12.8 to 1.12.9

Release notes

Sourced from simple-salesforce's releases.

v1.12.9

What's Changed

• fix: missing key 'name' in exception message by @​hofrob in simple-salesforce/simple-salesforce#795

New Contributors