chore(deps): bump the dependencies group across 1 directory with 11 updates

[dependabot]

Bumps the dependencies group with 11 updates in the /src/backend directory:

Package	From	To
bleach	4.1.0	6.3.0
boto3	1.43.8	1.43.9
botocore	1.43.8	1.43.9
django	5.2.14	6.0.5
django-allauth	65.14.3	65.16.1
django-otp	1.3.0	1.7.0
importlib-metadata	8.7.1	9.0.0
protobuf	6.33.6	7.34.1
wrapt	1.17.3	2.1.2
click	8.3.3	8.4.0
ty	0.0.1a21	0.0.37

Updates bleach from 4.1.0 to 6.3.0

Changelog

Sourced from bleach's changelog.

Version 6.3.0 (October 27th, 2025)

Backwards incompatible changes

• Dropped support for Python 3.9. (#756)

Security fixes

None

Bug fixes

• Add support for Python 3.14. (#758)
• Fix wbr handling. (#488)

Version 6.2.0 (October 29th, 2024)

Backwards incompatible changes

• Dropped support for Python 3.8. (#737)

Security fixes

None

Bug fixes

• Add support for Python 3.13. (#736)
• Remove six depdenncy. (#618)
• Update known-good versions for tinycss2. (#732)
• Fix additional < followed by characters and EOF issues. (#728)

Version 6.1.0 (October 6th, 2023)

Backwards incompatible changes

• Dropped support for Python 3.7. (#709)

Security fixes

None

Bug fixes

• Add support for Python 3.12. (#710)

... (truncated)

Commits

• 5546d5d chore: prep for 6.3.0 release
• 88df3ff chore: fix readthedocs
• d8b2fb4 fix: fix wbr handling (#488)
• 55e48ce chore: add support for Python 3.14 (#758)
• a4d6cdd chore: drop support for Python 3.9 (#756)
• 172d92f Bump actions/setup-python from 5.6.0 to 6.0.0
• df88612 Bump actions/checkout from 4.2.2 to 5.0.0
• cbcf6b1 Bump actions/cache from 4.2.3 to 4.3.0
• d9aa7ef Switch from dependabot reviewers to CODEOWNERS
• 06f0f76 Update setuptools, wheel, and twine for devs
• Additional commits viewable in compare view

Updates boto3 from 1.43.8 to 1.43.9

Commits

• 6d47260 Merge branch 'release-1.43.9'
• 7fb9872 Bumping version to 1.43.9
• 1881c7f Add changelog entries from botocore
• 9ff48ec Merge branch 'release-1.43.8' into develop
• See full diff in compare view

Updates botocore from 1.43.8 to 1.43.9

Commits

• 994b6d7 Merge branch 'release-1.43.9'
• 386e9cb Bumping version to 1.43.9
• f1997ac Update endpoints model
• 964083c Update to latest models
• fc709c3 Update resource leak test scaling factors and CI Python resolution (#3705)
• 4841c13 Merge branch 'release-1.43.8' into develop
• See full diff in compare view

Updates django from 5.2.14 to 6.0.5

Commits

• 8f8ad09 [6.0.x] Bumped version for 6.0.5 release.
• 44ad76e [6.0.x] Fixed CVE-2026-6907 -- Prevented caching of requests when Vary header...
• 1b0184a [6.0.x] Fixed CVE-2026-35192 -- Ensured Vary header is sent when setting sess...
• ad8f9e1 [6.0.x] Fixed CVE-2026-5766 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE in Memory...
• 990ab01 [6.0.x] Fixed #37039 -- Removed outdated note from QuerySet.iterator() docs.
• f0c269f [6.0.x] Fixed typo in stub release notes for 5.2.14.
• 8bcd15b [6.0.x] Fixed #37067 -- Added trailing slash in django_file_prefixes().
• 3cdec64 [6.0.x] Refs CVE-2026-25674 -- Clarified role of umask in upload permissions.
• 5dd5c70 [6.0.x] Added stub release notes and release date for 6.0.5 and 5.2.14.
• 8ee7341 [6.0.x] Refs #373, #34122 -- Removed warning that ForeignObject is an interna...
• Additional commits viewable in compare view

Updates django-allauth from 65.14.3 to 65.16.1

Commits

• See full diff in compare view

Updates django-otp from 1.3.0 to 1.7.0

Changelog

Sourced from django-otp's changelog.

v1.7.0 - January 07, 2026 - Async support

• [#185](https://github.com/django-otp/django-otp/issues/185)_: Make OTPMiddleware async capable

Thanks to Aljosha Papsch.

.. _#185: django-otp/django-otp#185

v1.6.3 - October 25, 2025 - Spanish update

• [#182](https://github.com/django-otp/django-otp/issues/182)_: Correct missing Spanish translations
• [#181](https://github.com/django-otp/django-otp/issues/181)_: Wrong :rtype: in StaticToken.random_token docstring

.. _#181: django-otp/django-otp#181 .. _#182: django-otp/django-otp#182

v1.6.2 - October 21, 2025 - Cleanup

• [#179](https://github.com/django-otp/django-otp/issues/179)_: Add missing gettext strings
• [#180](https://github.com/django-otp/django-otp/issues/180)_: Remove tests from wheels

.. _#179: django-otp/django-otp#179 .. _#180: django-otp/django-otp#180

v1.6.1 - July 08, 2025 - Small improvements

• Allow a {token} placeholder in :setting:OTP_EMAIL_SUBJECT.

v1.6.0 - April 02, 2025 - Django 5.2

• Update test matrix for Django 5.2.
• Remove support for Django 3.2.

v1.5.4 - September 06, 2024 - Ignore proxy models when enumerating device classes

• [#161](https://github.com/django-otp/django-otp/issues/161)_: Discard proxied models when iterating device models

.. _#161: django-otp/django-otp#161

... (truncated)

Commits

• fc0d50b Version 1.7.0
• 56e4ce3 Refactor test utilities
• 8c4d4c2 Update test matrix for Django 6.0
• 0ac4ff3 Cleanup and changelog
• b10df0d Make OTPMiddleware async capable. (#185)
• 8121179 Raise requires-python to 3.8.
• 38b7eba Version 1.6.3
• b9026d7 Correct Missing Spanish Translations
• ae18ba9 Fix #181: misdocumented return type.
• c9eef89 Version 1.6.2
• Additional commits viewable in compare view

Updates importlib-metadata from 8.7.1 to 9.0.0

Changelog

Sourced from importlib-metadata's changelog.

v9.0.0

Deprecations and Removals

• Added MetadataNotFound (subclass of FileNotFoundError) and updated Distribution.metadata/metadata() to raise it when the metadata files are missing instead of returning Nonepython/cpython#143387#532)

v8.9.0

Features

• python/cpython#110937python/cpython#140141, python/cpython#143658)

v8.8.0

Features

• Removed Python 3.9 compatibility.

Commits

• a9f883f Finalize
• 9b0dfdf Raise an exception when no metadata file is found (#532)
• 0f2229c Merge branch 'main' into feature/no-metadata-exception
• 2f4088e Remove news fragments about internal details.
• 0ac2720 Add news fragment.
• a5c2154 Finalize
• e66e226 Drop support for EOL Python 3.9 (#530)
• 6027933 Add news fragment.
• b89388a Import os_helper directly.
• 2dcb761 Add uniform exclusions for test.support.
• Additional commits viewable in compare view

Updates protobuf from 6.33.6 to 7.34.1

Release notes

Sourced from protobuf's releases.

Protocol Buffers v34.0-rc1

Announcements

• This version includes breaking changes to: C++, Objective-C, PHP, Python.
• [Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (protocolbuffers/protobuf@0a5c2f6)
• [C++] Make generator headers private (protocolbuffers/protobuf@3a2af35)
• [C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (protocolbuffers/protobuf@7a75898)
• [C++] Add [[nodiscard]] to many APIs. (protocolbuffers/protobuf@a70115f)
• [C++] Make the arena-enabled constructors of RepeatedField, RepeatedPtrField, and Map private. (protocolbuffers/protobuf@ef890c3)
• [C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (protocolbuffers/protobuf@b76faa9)
• [C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (protocolbuffers/protobuf@b115358)
• [C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (protocolbuffers/protobuf@68346ec)
• [C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (protocolbuffers/protobuf@837a2cd)
• [C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() && !is_repeated()) instead (protocolbuffers/protobuf@9dbc5d4)
• [C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (protocolbuffers/protobuf@c301c2c)
• [C++] All entity names have length limit (2afb0dc)
• [ObjC] Remove generate_minimal_imports generation option warning (protocolbuffers/protobuf@45b1297)
• [ObjC] Fix nullability annotations on some GPB*Dictionary types. (protocolbuffers/protobuf@ea67d6d)
• [ObjC] Remove -[GPBFieldDescriptor optional] (protocolbuffers/protobuf@3414dc1)
• [Other] Remove deprecated flag for enabling MSVC support (protocolbuffers/protobuf@97c979b)
• [PHP] Remove deprecated PHP APIs (protocolbuffers/protobuf@9c45014)
• [PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (protocolbuffers/protobuf@4208121, protocolbuffers/protobuf@cd76e67, protocolbuffers/protobuf@4208121)
• [PHP] Add PHP typehints for setters and remove redundant GPBUtil checks (protocolbuffers/protobuf#25296) (protocolbuffers/protobuf@aee03b7)
• [PHP] support default values for editions/proto2 (protocolbuffers/protobuf#25161) (protocolbuffers/protobuf@b01099d)
• [Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (protocolbuffers/protobuf@5b116fe)
• [Python] Remove float_format/double_format from python proto text_format (protocolbuffers/protobuf@e4854a1)
• [Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (protocolbuffers/protobuf@00aaca1)
• [Python] Remove float_precision from python proto json_format (protocolbuffers/protobuf@f027f1f)
• [Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (protocolbuffers/protobuf@b76faa9)
• [Python] Remove deprecated FieldDescriptor.label (protocolbuffers/protobuf@0a8ff55)
• [Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (protocolbuffers/protobuf@c301c2c)
• Protobuf News may include additional announcements or pre-announcements for upcoming changes.
• Migration Guide may include additional guidance for breaking changes.

Bazel

• Fix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (#25168) (protocolbuffers/protobuf@8c857c3)
• Breaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (protocolbuffers/protobuf@0a5c2f6)
• Feat(bazel): wire up prebuilt protoc toolchain (#24115) (protocolbuffers/protobuf@cc23698)
• Migrate proto_descriptor_set (#23369) (protocolbuffers/protobuf@8d4dfdd)

Compiler

• Ruby codegen: support generation of rbs files (#15633) (protocolbuffers/protobuf@6ebdf85)
• Avoid collision name problems between a message named Xyz and a direct sibling enum named XyzView (protocolbuffers/protobuf@eba53e8)
• Generalizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (protocolbuffers/protobuf@ed3c571)
• Fix a bug with custom features outside of the pb package. (protocolbuffers/protobuf@872d3ce)
• Fix import option handling when include_imports isn't set. (protocolbuffers/protobuf@9ef9e80)
• Fix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (protocolbuffers/protobuf@1229d4a)
• Prevent accidental stripping of debug_redact options via import option. (protocolbuffers/protobuf@f58b098)

C++

• Add EnumerateEnumValues function. (protocolbuffers/protobuf@397d5d9)

... (truncated)

Commits

• See full diff in compare view

Updates wrapt from 1.17.3 to 2.1.2

Release notes

Sourced from wrapt's releases.

wrapt-2.1.2

See the project page on the Python Package Index at https://pypi.org/project/wrapt/2.1.2/ for more information.

wrapt-2.1.1

See the project page on the Python Package Index at https://pypi.org/project/wrapt/2.1.1/ for more information.

wrapt-2.1.0

See the project page on the Python Package Index at https://pypi.org/project/wrapt/2.1.0/ for more information.

wrapt-2.0.1

See the project page on the Python Package Index at https://pypi.org/project/wrapt/2.0.1/ for more information.

wrapt-2.0.0

See the project page on the Python Package Index at https://pypi.org/project/wrapt/2.0.0/ for more information.

Changelog

Sourced from wrapt's changelog.

Version 2.1.2

Bugs Fixed

• Building of Python wheels for riscv64 Linux platform had been accidentally removed from the build configuration. This has now been added back in.

• When a weak function proxy was created for a bound method and the instance it was bound to was garbage collected, calling the proxy would silently call the function as unbound instead of raising a ReferenceError.

• When deleting an attribute named __annotations__ on an object proxy, the attribute was only being deleted from the proxy and not also from the wrapped object.

Version 2.1.1

Bugs Fixed

• Search field for documentation hosted on Read the Docs wasn't working correctly due to JavaScript error.

• Missing tox.ini from source distribution package has been added.

Version 2.1.0

Features Changed

• Drop support for Python 3.8. Python version 3.9 or later is now required.

Bugs Fixed

• Improved type hints so that mypy and ty work better for methods of classes when using wrapt.decorator and wrapt.function_wrapper. Note that applying these to static methods still does not work correctly due to possibly limitations in those type checkers. The pyrefly tool still does not work correctly with wrapt.decorator and wrapt.function_wrapper applied to any methods of classes. Overall pyright provides the best experience when using wrapt with type checking.

Version 2.0.1

Bugs Fixed

• The wrapt.lazy_import() function wasn't included in the __all__ attribute of the wrapt module, meaning that it wasn't

... (truncated)

Commits

• 1381ae8 Merge branch 'release/2.1.2'
• 26ab4fd Update ready for 2.1.2 release.
• fbdbef4 Handle pypy which raises different exception type.
• 87baf75 Add tests for deletion of qualname and annotations.
• b48debf Decided only needed a patch level update,
• 06c698f Update release notes for annotation deletion bug.
• 6e6ed87 Merge pull request #313 from bysiber/fix/delattr-annotations
• 4fc2c23 Add test to call proxy after weakref cleared.
• 9e53a71 Add change notes for ReferenceError fix.
• 2cda4e6 Merge pull request #312 from bysiber/fix/weakfunctionproxy-expired-instance
• Additional commits viewable in compare view

Updates click from 8.3.3 to 8.4.0

Release notes

Sourced from click's releases.

8.4.0

This is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.

We encourage everyone to upgrade. You can read more about our Version Support Policy on our website.

PyPI: https://pypi.org/project/click/8.4.0/ Changes: https://click.palletsprojects.com/page/changes/#version-8-4-0 Milestone https://github.com/pallets/click/milestone/30

• ParamType typing improvements. #3371

  • :class:ParamType is now a generic abstract base class, parameterized by its converted value type.
  • :meth:~ParamType.convert return types are narrowed on all concrete types (str for :class:STRING, int for :class:INT, etc.).
  • :meth:~ParamType.to_info_dict returns specific :class:~typing.TypedDict subclasses instead of dict[str, Any].
  • :class:CompositeParamType and the number-range base are now generic with abstract methods.

• Refactor convert_type to extract type inference into a private _guess_type helper, and add :func:typing.overload signatures. #3372

• Parameter typing improvements. #2805

  • :class:Parameter is now an abstract base class, making explicit that it cannot be instantiated directly.
  • :attr:Parameter.name is now str instead of str | None. When expose_value=False, the name is set to "" instead of None.
  • The ctx parameter of :meth:Parameter.get_error_hint is now typed as Context | None, matching the runtime behavior.

• Split string values from default_map for parameters with nargs > 1 or :class:Tuple type, matching environment variable behavior. #2745 #3364

• Auto-detect type=UNPROCESSED for flag_value of non-basic types (not str, int, float, or bool), so programmer-provided Python objects like classes and enum members are passed through unchanged instead of being stringified. Previously type=click.UNPROCESSED had to be set explicitly. #2012 #3363

• The error hint now uses Command.get_help_option_names to pick non-shadowed help option names, so Try '... -h' no longer points to a subcommand option that shadows -h. All surviving names are shown (-h/--help). #2790 #3208

• Fix readline functionality on non-Windows platforms. Prompt text is now passed directly to readline instead of being printed separately, allowing proper backspace, line editing, and line wrapping behavior. #2968

... (truncated)

Changelog

Sourced from click's changelog.

Version 8.4.0

Released 2026-05-17

• :class:ParamType typing improvements. :pr:3371

  • :class:ParamType is now a generic abstract base class, parameterized by its converted value type.
  • :meth:~ParamType.convert return types are narrowed on all concrete types (str for :class:STRING, int for :class:INT, etc.).
  • :meth:~ParamType.to_info_dict returns specific :class:~typing.TypedDict subclasses instead of dict[str, Any].
  • :class:CompositeParamType and the number-range base are now generic with abstract methods.

• Refactor convert_type to extract type inference into a private _guess_type helper, and add :func:typing.overload signatures. :pr:3372

• :class:Parameter typing improvements. :pr:2805

  • :class:Parameter is now an abstract base class, making explicit that it cannot be instantiated directly.
  • :attr:Parameter.name is now str instead of str | None. When expose_value=False, the name is set to "" instead of None.
  • The ctx parameter of :meth:Parameter.get_error_hint is now typed as Context | None, matching the runtime behavior.

• Split string values from default_map for parameters with nargs > 1 or :class:Tuple type, matching environment variable behavior. :issue:2745 :pr:3364

• Auto-detect type=UNPROCESSED for flag_value of non-basic types (not str, int, float, or bool), so programmer-provided Python objects like classes and enum members are passed through unchanged instead of being stringified. Previously type=click.UNPROCESSED had to be set explicitly. :issue:2012 :pr:3363

• The error hint now uses :meth:Command.get_help_option_names to pick non-shadowed help option names, so Try '... -h' no longer points to a subcommand option that shadows -h. The longest surviving name is shown (--help over -h) for readability. :issue:2790 :pr:3208

• Fix readline functionality on non-Windows platforms. Prompt text is now passed directly to readline instead of being printed separately, allowing proper backspace, line editing, and line wrapping behavior. :issue:2968 :pr:2969

• Use :func:os.startfile on Windows to open URLs in :func:open_url, replacing the start built-in which cannot be invoked without shell=True. :issue:3164 :pr:3186

• Fix Fish shell completion errors when option help text contains newlines. :issue:3043 :pr:3126

... (truncated)

Commits

• 41f410f Release 8.4.0
• e3e69e3 Add type annotations for instance attributes in utils (#3422)
• 3bb230d WIP: Fix HelpFormatter.write_usage producing spurious characters (#3434)
• 63274a7 click.get_pager_file: add tests (#1572 followup) (#3405)
• 0551bf5 Fix HelpFormatter.write_usage producing spurious characters
• fc41aa1 Apply class-body annotations to KeepOpenFile for consistency
• b761eda Skip some tests on Windows
• 98302ac Check PAGER usage, color preservation and edge-cases
• dbdae17 Fix documentation
• 1aa2d53 Redesigned tests and get_pager_file branching to be more clear and not set color
• Additional commits viewable in compare view

Updates ty from 0.0.1a21 to 0.0.37

Release notes

Sourced from ty's releases.

0.0.37

Release Notes

Released on 2026-05-16.

Bug fixes

• Avoid unsound not in narrowing (#25161)
• Fix async iteration over narrowed typevars (#25155)
• Fix panic in double-inference for single starred positional TypedDict (#25176)
• Fix panic in disjoint base check (#25187)
• Fix panic in recursive binary inference (#25189)
• Fix panic in cyclic __new__ (#25185)
• Fix panic in reveal_protocol, reveal_mro, etc. with keyword arguments (#25179)
• Fix panic in imported overload definition (#25168)

LSP server

• Don't show argument inlay for case-insensitive matches or prefix/suffixes (#25174)
• Reduce CPU usage of the LSP when switching between large changesets (#25142)

Core type checking

• Avoid enforcing __new__ with custom metaclasses (#25180)
• Make overload public type reachability-aware (#25171)
• Only specialized types of generic class instances should influence variance (#25124)
• Preserve ParamSpec argument context through wrapper calls (#24934)
• Support partially specialized type context for collection literals (#24506)

Contributors

• @​RasmusNygren
• @​MichaReiser
• @​charliermarsh
• @​ibraheemdev

Install ty 0.0.37

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.37/ty-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ty/releases/download/0.0.37/ty-installer.ps1 | iex"

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.37

Released on 2026-05-16.

Bug fixes

• Avoid unsound not in narrowing (#25161)
• Fix async iteration over narrowed typevars (#25155)
• Fix panic in double-inference for single starred positional TypedDict (#25176)
• Fix panic in disjoint base check (#25187)
• Fix panic in recursive binary inference (#25189)
• Fix panic in cyclic __new__ (#25185)
• Fix panic in reveal_protocol, reveal_mro, etc. with keyword arguments (#25179)
• Fix panic in imported overload definition (#25168)

LSP server

• Don't show argument inlay for case-insensitive matches or prefix/suffixes (#25174)
• Reduce CPU usage of the LSP when switching between large changesets (#25142)

Core type checking

• Avoid enforcing __new__ with custom metaclasses (#25180)
• Make overload public type reachability-aware (#25171)
• Only specialized types of generic class instances should influence variance (#25124)
• Preserve ParamSpec argument context through wrapper calls (#24934)
• Support partially specialized type context for collection literals (#24506)

Contributors

• @​RasmusNygren
• @​MichaReiser
• @​charliermarsh
• @​ibraheemdev

0.0.36

Released on 2026-05-14.

Bug fixes

• Fix Go To-Definition for self-imported submodules (#25106)
• Fix ClassVar[Self] assignment checks for class objects (#24657)
• Fix attribute access on Callable-bounded TypeVars (#24793)
• Fix panic from TypedDict schema cycle with Self fields (#25094)
• Fix panic from accessing args[0] for static_assert (#25149)
• Fix panic from non-name walrus target access (#25121)
• Fix singleton classification for runtime typing objects (#25099)
• Guard self-referential TypeOf recursion in generic callables (#24668)
• Preserve lexical ParamSpec scope for returned Callable annotations (#24909)

... (truncated)

Commits

• f18aed6 Bump version to 0.0.37 (#3473)
• a63e559 Bump version to 0.0.36 (#3463)
• 94370d5 Update prek dependencies (#3449)
• bc12d1c Bump version to 0.0.35 (#3436)
• fb34d89 Build riscv64 manylinux binary (#3402)
• 05def00 Update maturin to v1.13.1 (#3417)
• 569c081 Update prek dependencies (#3416)
• 608f8ff Update renovate configuration (#3379)
• 518b61d Update uraimo/run-on-arch-action action to v3.1.0 (#3405)
• 5542959 Update pre-commit hook astral-sh/ruff-pre-commit to v0.15.12 (#3404)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud