Bump the pip-all group across 1 directory with 14 updates

[dependabot]

Bumps the pip-all group with 14 updates in the / directory:

Package	From	To
django	6.0.5	6.0.6
django-debug-toolbar	6.3.0	7.0.0
django-environ	0.13.0	0.14.0
gunicorn	25.3.0	26.0.0
requests	2.33.1	2.34.2
sentry-sdk	2.59.0	2.63.0
behave-django	1.9.0	2.0.0
black	26.3.1	26.5.1
coverage	7.13.5	7.14.1
django-stubs	6.0.3	6.0.5
djangorestframework-stubs	3.16.9	3.17.0
mypy	1.20.2	2.1.0
selenium	4.43.0	4.45.0
types-requests	2.33.0.20260503	2.33.0.20260518

Updates django from 6.0.5 to 6.0.6

Commits

• ee93f65 [6.0.x] Bumped version for 6.0.6 release.
• 1721035 [6.0.x] Fixed CVE-2026-48587 -- Ignored whitespace padding when checking Vary...
• 664652f [6.0.x] Fixed CVE-2026-35193 -- Varied on Authorization when caching non-publ...
• b433025 [6.0.x] Fixed CVE-2026-8404 -- Used Cache-Control directives case-insensitive...
• 625a670 [6.0.x] Fixed CVE-2026-7666 -- Delayed setting SMTP connection until fully co...
• c807d9c [6.0.x] Fixed CVE-2026-6873 -- Prevented signed cookie salt namespace collisi...
• 98a75e3 [6.0.x] Included commit hash in checksum file when building artifacts for rel...
• dd895d6 [6.0.x] Updated translations from Transifex.
• 49ca2db [6.0.x] Updated links to severity levels in release notes.
• c9f32a2 [6.0.x] Added stub release notes and release date for 6.0.6 and 5.2.15.
• Additional commits viewable in compare view

Updates django-debug-toolbar from 6.3.0 to 7.0.0

Release notes

Sourced from django-debug-toolbar's releases.

7.0.0

This release features a change to use the shadow DOM. If a project is customizing the Django Debug Toolbar theme via variables a change will be required.

Changelog

• Updated to render the toolbar in a shadow DOM for better isolation from the rest of the page. This can be disabled with the setting USE_SHADOW_DOM.
• Note that custom themes overriding CSS variables on :root must move those overrides to #djDebug, and custom panels that rely on external styles or DOM lookups reaching into the toolbar will need updates to work with the shadow DOM.
• Prevent check from failing when ROOT_URLCONF is not defined.
• Prevent toolbar storage from failing when serialized panel data contains mapping keys that are not JSON-compatible.
• Prevent debounce race conditions in the history panel for rapid fetch requests.
• Added a note to the prerequisites section of the installation docs about requiring an up-to-date browser.
• Dropped support for Django 4.2 and Django 5.1 .
• Added graceful degradation for SQL queries that exceed sqlparse's token limits. When SQLParseError is raised, the SQL panel now automatically disables grouping and retries formatting, preventing crashes with large queries.
• Upgraded the JavaScript code to use modern ECMAScript features using esupgrade.
• Updated tox configuration to treat DeprecationWarning, ResourceWarning, and PendingDeprecationWarning as errors.
• Clarified configuration documentation about SHOW_TOOLBAR_CALLBACK needing to respect django.conf.settings.DEBUG to match debug_toolbar_urls.
• Fixed cookie expires calculation in djdt.cookie.set.
• Account for the new CULL_PROBABILITY in Django 6.2 in tests.
• Support Django 6.2's handling of booleans for non-PostgreSQL databases.
• Changed the SQL panel to show the "Select" and "Explain" action buttons for all queries, not just SELECT statements.
• Fixed SQL panel handling of binary parameters (e.g. from BinaryField) and GeoDjango PostGIS geometry parameters. EWKB geometry adapters are now serialized and reconstructed so that Select and Explain work correctly on spatial queries.

What's Changed

• Prevent check from erroring when ROOT_URLCONF is not defined by @​scott-8 in django-commons/django-debug-toolbar#2342
• Add browser based JavaScript via vitest by @​codingjoe in django-commons/django-debug-toolbar#2348
• Exclude package-lock.json from pre-commit autoformatting by @​matthiask in django-commons/django-debug-toolbar#2355
• Resolve debounce race condition by @​codingjoe in django-commons/django-debug-toolbar#2356
• Refs #2356: Add a note to the prerequisites section about requiring a modern browser by @​matthiask in django-commons/django-debug-toolbar#2357
• Add contribution documentation on running JS tests by @​federicobond in django-commons/django-debug-toolbar#2359
• Drop support for Django 4.2 and Django 5.1 . by @​p-r-a-v-i-n in django-commons/django-debug-toolbar#2360
• Drop Promise.try and change documented Baseline target to Widely-Available by @​codingjoe in django-commons/django-debug-toolbar#2361
• Use shadow dom to render the toolbar by @​federicobond in django-commons/django-debug-toolbar#2266
• Add graceful degradation for large SQL queries by @​kkm-horikawa in django-commons/django-debug-toolbar#2291
• Update the version for biome schema. by @​tim-schilling in django-commons/django-debug-toolbar#2364
• Update JS syntax to Baseline 2025 using esupgrade by @​codingjoe in django-commons/django-debug-toolbar#2346
• Treat some warnings as errors in CI by @​tim-schilling in django-commons/django-debug-toolbar#2258
• Export getDebugElement utility javascript function. by @​tim-schilling in django-commons/django-debug-toolbar#2373
• Clarified configuration documentation about SHOW_TOOLBAR_CALLBACK by @​tim-schilling in django-commons/django-debug-toolbar#2372
• Handle non-JSON mapping keys in toolbar storage by @​puneetdixit200 in django-commons/django-debug-toolbar#2376
• Fixed cookie expires calculation by @​leduythuccs in django-commons/django-debug-toolbar#2377
• Handle cache culling and boolean lookup changes in Django 6.2 by @​tim-schilling in django-commons/django-debug-toolbar#2385
• Change the SQL panel to show the select and explain buttons for all queries by @​matthiask in django-commons/django-debug-toolbar#2393
• Mention @​gzip_page explicitly as a reason why the toolbar doesn't show up by @​matthiask in django-commons/django-debug-toolbar#2392
• Fix binary parameter handling in SQL panel by @​matthiask in django-commons/django-debug-toolbar#2391
• Version 7.0.0 by @​tim-schilling in django-commons/django-debug-toolbar#2386

New Contributors

• @​scott-8 made their first contribution in django-commons/django-debug-toolbar#2342

... (truncated)

Changelog

Sourced from django-debug-toolbar's changelog.

7.0.0 (2026-06-17)

• Prevent check from failing when ROOT_URLCONF is not defined.
• Prevent toolbar storage from failing when serialized panel data contains mapping keys that are not JSON-compatible.
• Prevent debounce race conditions in the history panel for rapid fetch requests.
• Added a note to the prerequisites section of the installation docs about requiring an up-to-date browser.
• Dropped support for Django 4.2 and Django 5.1 .
• Updated to render the toolbar in a shadow DOM for better isolation from the rest of the page. This can be disabled with the setting USE_SHADOW_DOM.
• Note that custom themes overriding CSS variables on :root must move those overrides to #djDebug, and custom panels that rely on external styles or DOM lookups reaching into the toolbar will need updates to work with the shadow DOM.
• Added graceful degradation for SQL queries that exceed sqlparse's token limits. When SQLParseError is raised, the SQL panel now automatically disables grouping and retries formatting, preventing crashes with large queries.
• Upgraded the JavaScript code to use modern ECMAScript features using esupgrade.
• Updated tox configuration to treat DeprecationWarning, ResourceWarning, and PendingDeprecationWarning as errors.
• Clarified configuration documentation about SHOW_TOOLBAR_CALLBACK needing to respect django.conf.settings.DEBUG to match debug_toolbar_urls.
• Fixed cookie expires calculation in djdt.cookie.set.
• Account for the new CULL_PROBABILITY in Django 6.2 in tests.
• Support Django 6.2's handling of booleans for non-PostgreSQL databases.
• Changed the SQL panel to show the "Select" and "Explain" action buttons for all queries, not just SELECT statements.
• Fixed SQL panel handling of binary parameters (e.g. from BinaryField) and GeoDjango PostGIS geometry parameters. EWKB geometry adapters are now serialized and reconstructed so that Select and Explain work correctly on spatial queries.

Commits

• 6c66337 Version 7.0.0
• 44bf141 Update translations
• 9e844fd Fix binary parameter handling in SQL panel (#2391)
• c364770 Mention @​gzip_page explicitly as a reason why the toolbar doesn't show up (#2...
• 7475cf0 Change the SQL panel to show the select and explain buttons for all queries (...
• 931a234 Bump actions/checkout from 6.0.2 to 6.0.3 in the github-actions group (#2384)
• e153a97 Bump the minor-npm-dependencies group across 1 directory with 2 updates (#2390)
• 67f16e4 Bump vite from 8.0.10 to 8.0.16 (#2389)
• b02d594 Bump @​babel/core from 7.29.0 to 7.29.7 (#2388)
• 0df3f3a pre-commit autoupdate (#2387)
• Additional commits viewable in compare view

Updates django-environ from 0.13.0 to 0.14.0

Release notes

Sourced from django-environ's releases.

v0.14.0

django-environ 0.14.0 improves type annotations across Env and updates Env.read_env() to support caller-owned file-like objects without closing them.

This is the final django-environ release supporting Python 3.9.

Added

• Type annotations and matching docstring information for Env methods.
• A conditional typing_extensions dependency providing TypeAlias on Python 3.9.

Changed

• Env.read_env() now accepts path-like and file-like objects without closing file-like objects supplied by the caller.

Fixed

• Env.read_env() now raises an explicit error when it cannot determine the caller frame used to resolve the default .env path.

Full changelog: joke2k/django-environ@v0.13.0...v0.14.0

PyPI: https://pypi.org/project/django-environ/0.14.0/

Changelog

Sourced from django-environ's changelog.

v0.14.0_ - 18-June-2026

Added +++++

• Added type annotations and matching docstring information to Env methods [#633](https://github.com/joke2k/django-environ/issues/633) <https://github.com/joke2k/django-environ/pull/633>_.
• Added a Python 3.9 compatibility dependency on typing_extensions for TypeAlias [#633](https://github.com/joke2k/django-environ/issues/633) <https://github.com/joke2k/django-environ/pull/633>_.

Changed +++++++

• Updated Env.read_env() to accept path-like and file-like objects without closing file-like objects supplied by the caller [#633](https://github.com/joke2k/django-environ/issues/633) <https://github.com/joke2k/django-environ/pull/633>_.

Fixed +++++

• Added an explicit error when Env.read_env() cannot determine its caller frame while resolving the default .env path [#633](https://github.com/joke2k/django-environ/issues/633) <https://github.com/joke2k/django-environ/pull/633>_.

Commits

• 6e1b461 Merge pull request #635 from joke2k/release/0.14.0
• b65f66e chore(release): prepare 0.14.0
• 39f980a Merge pull request #633 from joke2k/hotfix/0.14-apply-pr-600
• 020825c ci: allow release and hotfix PRs to target main
• 6c1dd5b fix(typing): support TypeAlias on Python 3.9
• c0d7b2b Ensure Env.read_env supports any file-like object
• c41ee54 Guard against an inability to read stack frames
• 64bfe4b Add type information to docstrings
• 791df95 Add type annotations to str and bool parameters of methods in Env
• 4370592 Merge branch 'develop' into main
• See full diff in compare view

Updates gunicorn from 25.3.0 to 26.0.0

Release notes

Sourced from gunicorn's releases.

26.0.0

Breaking Changes

• Eventlet worker removed: The eventlet worker class has been dropped. Migrate to gevent, gthread, or tornado.

New Features

• ASGI Framework Compatibility Suite: New end-to-end compatibility test harness covering Starlette, FastAPI, Litestar, Quart, Sanic, and BlackSheep. Current grid passes 438/444 tests (98%).
• ASGI Test Suite Expansion: 134 additional ASGI unit tests covering protocol semantics, lifespan, websockets, and chunked framing.

Security

• HTTP/1.1 Request-Target Validation (RFC 9112 sections 3.2.3, 3.2.4):
  • Reject authority-form request-target outside CONNECT
  • Reject asterisk-form request-target outside OPTIONS
  • Reject relative-reference request-targets
• Header Field Hardening (RFC 9110):
  • Reject control characters in header field-value (section 5.5)
  • Reject forbidden trailer field-names (section 6.5.1)
  • Reject Content-Length list form (RFC 9112 section 6.3)
• Request Smuggling Hardening:
  • Tighten keepalive gate and scope finish_body byte cap
  • Keep _body_receiver alive across the keepalive smuggling gate so pipelined requests cannot re-enter a closed body
  • Address parser/protocol findings from a six-point WSGI/ASGI audit
• PROXY Protocol (ASGI): Enforce proxy_allow_ips and tighten v1/v2 parsing in the ASGI callback parser.
• Connection Draining: Drain the connection on close per RFC 9112 section 9.6 to prevent reset-on-close truncation.

Bug Fixes

• Body Framing on HEAD/204/304:
  • Keep Content-Length on HEAD and 304 responses (#3621)
  • Drop body framing on HEAD/204/304 even when the framework set it
  • Warn once when an ASGI app emits a body for a no-body response
• HTTP/2 ASGI:
  • Fix _handle_stream_ended to set _body_complete in the async HTTP/2 handler so request bodies finalize correctly on stream end
  • Add InvalidChunkExtension mapping and fast-parser support in ASGI tests (#3565)
• HTTP/1.1 100-Continue: Stop adding Transfer-Encoding: chunked to 100-Continue interim responses.
• WebSocket Close Handshake (RFC 6455):
  • Comply with the close handshake state machine
  • Close the transport after the close handshake completes
  • Fix binary send when the text key is None
• Early Hints: Validate headers in the early_hints callback to match process_headers; pass only the header name to InvalidHeader (#3588).
• ASGI Framework Fixes:
  • Fix ASGI disconnect handling for Django-style apps
  • Fix Litestar request handling (use raw ASGI receive for body/headers)
  • Fix Litestar HTTP endpoints for compatibility tests
  • Fix Quart headers endpoint to normalize keys to lowercase
  • Fix Quart WebSocket close test app (missing accept())
  • Fix duplicate Transfer-Encoding header for BlackSheep streaming

... (truncated)

Commits

• 5d819cf release: 26.0.0
• b45c70d Merge pull request #3611 from zc-mattcen/docs-typo
• 99c8d48 Merge pull request #3623 from benoitc/chore/drop-eventlet-add-h2-uvloop-test-...
• 5a655af Merge pull request #3622 from benoitc/test/docker-port-and-ipv4-fixes
• 201df19 chore: remove eventlet worker; add h2 and uvloop to test deps
• f4ac8e1 test: pass action name to dirty client and stabilize after TTOU spam
• 54d38af test: unblock docker fixtures on macOS hosts
• 68843c8 Merge pull request #3621 from benoitc/fix/asgi-preserve-content-length-on-hea...
• 31f2618 Merge pull request #3620 from benoitc/fix/asgi-proxy-protocol-trust-and-parsing
• 41ec752 fix: keep Content-Length on HEAD and 304 responses
• Additional commits viewable in compare view

Updates requests from 2.33.1 to 2.34.2

Release notes

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

• Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

v2.34.1

2.34.1 (2026-05-13)

Bugfixes

• Widened json input type from dict and list to Mapping and Sequence. (#7436)
• Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
• Response.reason moved from str | None to str to improve handling for users. (#7437)
• Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

New Contributors

• @​k223kim made their first contribution in psf/requests#7433

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13

v2.34.0

2.34.0 (2026-05-11)

Announcements

• Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

  Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

• Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
• Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
• Requests added support for Python 3.14t. (#7419)

Bugfixes

• Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
• Requests no longer performs greedy matching on no_proxy domains. The

... (truncated)

Changelog

Sourced from requests's changelog.

2.34.2 (2026-05-14)

• Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

2.34.1 (2026-05-13)

Bugfixes

• Widened json input type from dict and list to Mapping and Sequence. (#7436)
• Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
• Response.reason moved from str | None to str to improve handling for users. (#7437)
• Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

2.34.0 (2026-05-11)

Announcements

• Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

  Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

• Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
• Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
• Requests added support for Python 3.14t. (#7419)

Bugfixes

• Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
• Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
• Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)

Commits

• 6e83187 v2.34.2
• 84d10f0 Move Request.headers back to Mapping (#7441)
• b7b549b v2.34.1
• e511bc7 Fix mutability issues with headers input types (#7431)
• 5691f59 Update JsonType containers to read-based collections (#7436)
• 2144213 Constrain Response.reason to str (#7437)
• 6404f34 Fix prepare_body stream detection for __getattr__-based file wrappers (#7...
• 0b401c7 v2.34.0
• 86b378d Align Session.get parameters with requests.get (#7429)
• a4f9a59 Port bpo-39057 to Requests (#7427)
• Additional commits viewable in compare view

Updates sentry-sdk from 2.59.0 to 2.63.0

Release notes

Sourced from sentry-sdk's releases.

2.63.0

Bug Fixes 🐛

Fastapi

• Prevent double wrapping of sync handlers on FastAPI >= 0.137 by @​jhonny-on in #6569
• Use effective_route_context path for prefixed routers by @​ericapisani in #6572

Other

• (asgi) Gate query string and client IP behind send_default_pii by @​ericapisani in #6501
• (serializer) Avoid creating reference cycles on every call by @​Malkiz223 in #6563
• (user) Set user.ip_address on telemetry if present by @​sentrivana in #6555
• Remove 0000 trace_id fallbacks by @​sl0thentr0py in #6570
• MANIFEST.in: Graft tests directory. by @​charlesroelli in #6237

Internal Changes 🔧

• (fastapi) Verify request info capture with POST endpoints by @​alexander-alderman-webb in #6287
• (starlette) Verify request info capture with POST endpoints by @​alexander-alderman-webb in #6269

2.62.0

New Features ✨

• Add integration for aiomysql by @​tonal in #4703

  We're adding support for the aiomysql package. To enable the integration, add it to your integrations list:

  import sentry_sdk
  from sentry_sdk.integrations.aiomysql import AioMySQLIntegration
  sentry_sdk.init(
  traces_sample_rate=1.0,
  integrations=[AioMySQLIntegration()],
  )

• Support HTTPX2 by @​sentrivana in #6463

  We're adding out-of-the-box support for HTTPX2. As long as use the package, the Sentry integration will be enabled automatically and you should see your requests instrumented in Sentry.

  import httpx2
  import sentry_sdk
  sentry_sdk.init(...)
  with sentry_sdk.start_transaction(name="testing_sentry"):

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.63.0

Bug Fixes 🐛

Fastapi

• Prevent double wrapping of sync handlers on FastAPI >= 0.137 by @​jhonny-on in #6569
• Use effective_route_context path for prefixed routers by @​ericapisani in #6572

Other

• (asgi) Gate query string and client IP behind send_default_pii by @​ericapisani in #6501
• (serializer) Avoid creating reference cycles on every call by @​Malkiz223 in #6563
• (user) Set user.ip_address on telemetry if present by @​sentrivana in #6555
• Remove 0000 trace_id fallbacks by @​sl0thentr0py in #6570
• MANIFEST.in: Graft tests directory. by @​charlesroelli in #6237

Internal Changes 🔧

• (fastapi) Verify request info capture with POST endpoints by @​alexander-alderman-webb in #6287
• (starlette) Verify request info capture with POST endpoints by @​alexander-alderman-webb in #6269

2.62.0

New Features ✨

• Add integration for aiomysql by @​tonal in #4703

  We're adding support for the aiomysql package. To enable the integration, add it to your integrations list:

  import sentry_sdk
  from sentry_sdk.integrations.aiomysql import AioMySQLIntegration
  sentry_sdk.init(
  traces_sample_rate=1.0,
  integrations=[AioMySQLIntegration()],
  )

• Support HTTPX2 by @​sentrivana in #6463

  We're adding out-of-the-box support for HTTPX2. As long as use the package, the Sentry integration will be enabled automatically and you should see your requests instrumented in Sentry.

  import httpx2
  import sentry_sdk
  sentry_sdk.init(...)

... (truncated)

Commits

• 44b008a update changelog
• 0b2af51 Update CHANGELOG.md
• 250caad release: 2.63.0
• 72a57de fix(flask): Set user data on scope at request start (#6566)
• 6a4c3a1 fix: Remove 0000 trace_id fallbacks (#6570)
• 1df9835 feat(falcon): Set name and source on request span when streaming (#6562)
• 77874bd test(falcon): Support span streaming (#6561)
• 6bcfb9c fix(fastapi): Prevent double wrapping of sync handlers on FastAPI >= 0.137 (#...
• 72d972c fix(fastapi): use effective_route_context path for prefixed routers (#6572)
• cc802f6 feat(chalice): Add span streaming support to Chalice integration (#6503)
• Additional commits viewable in compare view

Updates behave-django from 1.9.0 to 2.0.0

Release notes

Sourced from behave-django's releases.

Release 2.0.0

2.0.0 (2026-06-04)

Breaking Changes

• Auto-isolate context.fixtures per Behave scope (#179) by @​bittner in behave/behave-django#183

Bugfixes

• Fix RecursionError on Django 4.1+ when running without --simple by @​smashaal in behave/behave-django#181
• Fix double base_url in get_url() for absolute URLs by @​bittner in behave/behave-django#185

Features and Improvements

• Cover Django 6.0, drop Python 3.9 and Django 4.2, 5.0 and 5.1; update test matrix to Django 5.2 and 6.0 by @​bittner in behave/behave-django#182
• Document custom LiveServerTestCase host for remote browsers by @​bittner in behave/behave-django#184
• Snapshot context.fixtures in user mode to avoid ContextMaskWarning by @​bittner in behave/behave-django#186

Full Changelog: behave/behave-django@1.9.0...2.0.0

Changelog

Sourced from behave-django's changelog.

2.0.0 (2026-06-04) ++++++++++++++++++

Breaking Changes

• context.fixtures is now automatically isolated per Behave scope (feature, rule, scenario): fixtures loaded in one scenario no longer leak into the next. Fixtures set in before_all(), before_feature() or before_rule() still propagate to nested scopes. The manual context.fixtures = [] reset is no longer needed.

Features and Improvements

• Cover Django 6.0, drop Python 3.9 and Django 4.2, 5.0 and 5.1
• Document how to configure a custom LiveServerTestCase host for remote browsers
• Add unit tests for the pageobject module

Bugfixes

• Fix RecursionError on Django 4.1+ without --simple, caused by settings overrides piling up across scenarios
• Fix double base_url when get_url() receives an absolute URL
• Avoid ContextMaskWarning by snapshotting context.fixtures in user mode

Commits

• 77da3db Release 2.0.0
• 2e8de5a Snapshot context.fixtures in user mode to avoid ContextMaskWarning
• 7d6a1cc Add unit tests for the pageobject module
• 4773009 Fix double base_url when get_url() receives an absolute URL
• d1a650c Document custom LiveServerTestCase host for remote browsers
• 8c3b7dc Auto-isolate context.fixtures per behave scope (#179)
• de2a4e5 Update test matrix to Django 5.2 and 6.0
• 59c1dc1 Fix RecursionError on Django 4.1+ without --simple
• 5172540 Remove obsolete Makefile (docs are generated via sphinx-build directly)
• 515c40e Update GH actions
• Additional commits viewable in compare view

Updates black from 26.3.1 to 26.5.1

Release notes

Sourced from black's releases.

26.5.1

Stable style

• Fix unstable formatting of annotated assignments whose subscript annotation contains an inline comment (e.g. x: list[ # pyright: ignore[...]) (#5130)
• Preserve inline comments (including # type: ignore) immediately before a # fmt: skip line, avoiding AST equivalence failures (#5139)

Packaging

• Correct the version in the published executables (#5137)

Documentation

• Add Neovim integration guide covering conform.nvim, ALE, and simple command approaches (#5124)

26.5.0

Highlights

• Add support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810), both new syntactic features in Python 3.15 (#5048)
• Python 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so performance may be slower than on existing Python versions. Wheels will be provided once Python 3.15 is later in its release cycle. (#5127)

Stable style

• Fix # fmt: skip being ignored in nested if expressions with parenthesized in clauses (#4903)
• Add syntactic support for Python 3.15 (#5048)
• Fix crash when an f-string follows a # fmt: off comment inside brackets (#5097)
• Preserve multiline compound statement headers when # fmt: skip is placed on the colon line (#5117)

Preview style

• Improve heuristics around whether blank lines should appear before, within and after groups of same-name decorated functions (such as @overload groups) in .pyi stub files (#5021)
• Fix blank lines being removed between a function and a decorated class in .pyi stub files (#5092)
• Prevent string merger from creating unsplittable long lines when a pragma comment (e.g. # type: ignore) follows the closing bracket (#5096)

Packaging

• Run CI on 3.15 (#5127)

Output

... (truncated)

Changelog

Sourced from black's changelog.

Version 26.5.1

Stable style

• Fix unstable formatting of annotated assignments whose subscript annotation contains an inline comment (e.g. x: list[ # pyright: ignore[...]) (#5130)
• Preserve inline comments (including # type: ignore) immediately before a # fmt: skip line, avoiding AST equivalence failures (#5139)

Packaging

• Correct the version in the published executables (#5137)

Documentation

• Add Neovim integration guide covering conform.nvim, ALE, and simple command approaches (#5124)

Version 26.5.0

Highlights

• Add support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810), both new syntactic features in Python 3.15 (#5048)
• Python 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so performance may be slower than on existing Python versions. Wheels will be provided once Python 3.15 is later in its release cycle. (#5127)

Stable style

• Fix # fmt: skip being ignored in nested if expressions with parenthesized in clauses (#4903)
• Add syntactic support for Python 3.15 (#5048)
• Fix crash when an f-string follows a # fmt: off comment inside brackets (#5097)
• Preserve multiline compound statement headers when # fmt: skip is placed on the colon line (#5117)

Preview style

• Improve heuristics around whether blank lines should appear before, within and after groups of same-name decorated functions (such as @overload groups) in .pyi stub files (#5021)
• Fix blank lines being removed between a function and a decorated class in .pyi stub files (#5092)
• Prevent string merger from creating unsplittable long lines when a pragma comment (e.g. # type: ignore) follows the closing bracket (#5096)

Packaging

• Run CI on 3.15 (#5127)

... (truncated)

Commits

• 87928e6 Prepare release 26.5.1 (#5140)
• c970a49 Preserve comments before fmt: skip lines (#5139)
• 5809338 Preserve inline comments inside annotation subscripts (#5130)
• 61361b7 docs: add Neovim integration guide and fix http link (#5124)
• ebe6018 CI Hotfixes (#5136)
• 9cbd95f Fix publish binaries again on Windows (#5134)
• 3dc8e6c Add new changelog (#5132)
• 6d0fff0 Fix publish binaries workflow (#5133)
• d2490e2 Prepare release 26.5.0 (#5131)
• 2b13ea7 Preserve multiline headers with fmt skip (#5117)
• Additional commits viewable in compare view

Updates coverage from 7.13.5 to 7.14.1

Changelog

Sourced from coverage's changelog.

Version 7.14.1 — 2026-05-26

• Fix: the HTML report used typographic niceties to make file paths more readable by adding a small amount of space around slashes. Those spaces interfered with searching the page for file paths of interest. Now the report uses CSS to accomplish the same visual tweak so that searches with slashes work correctly. Closes issue 2170_.

• Add a 3.16 PyPI classifier <hugo-316_>_ since we test on the 3.16 main branch.

.. _issue 2170: coveragepy/coveragepy#2170 .. _hugo-316: https://mastodon.social/@​hugovk/116588523571204490

.. _changes_7-14-0:

Version 7.14.0 — 2026-05-10

• Feature: now when running one of the reporting commands, if there are parallel data files that need combining, they will be implicitly combined before creating the report. There is no option to avoid the combination; let us know if you have a use case that requires it. Thanks, Tim Hatch <pull 2162_>. Closes issue 1781.

• Fix: the output from combine was too verbose, listing each file consi...

  Description has been truncated

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud