build(deps): bump the pip group across 1 directory with 8 updates

[dependabot]

Bumps the pip group with 8 updates in the /WHartTest_Django directory:

Package	From	To
django	5.2	5.2.8
djangorestframework-simplejwt	5.3.1	5.5.1
langchain-core	0.3.60	0.3.80
langgraph-checkpoint	2.0.26	3.0.0
langgraph-checkpoint-sqlite	2.0.10	2.0.11
langchain-community	0.3.24	0.3.27
langchain-text-splitters	0.3.8	0.3.9
pypdf	5.6.0	6.4.0

Updates django from 5.2 to 5.2.8

Commits

• 47fe39a [5.2.x] Bumped version for 5.2.8 release.
• ac9fcf6 [5.2.x] Refs CVE-2025-64459 -- Avoided propagating invalid arguments to Q on ...
• 6703f36 [5.2.x] Fixed CVE-2025-64459 -- Prevented SQL injections in Q/QuerySet via th...
• 4f5d904 [5.2.x] Fixed CVE-2025-64458 -- Mitigated potential DoS in HttpResponseRedire...
• cbdf128 [5.2.x] Fixed #36704 -- Fixed system check error for proxy model with a compo...
• 6775888 [5.2.x] Fixed #36696 -- Fixed NameError when inspecting functions with deferr...
• d5dfffa [5.2.x] Added stub release notes and release date for 5.2.8, 5.1.14, and 4.2.26.
• 368f955 [5.2.x] Fixed #36681 -- Removed English pluralization bias from example in do...
• 71267c9 [5.2.x] Fixed #35095 -- Clarified Swiss number formatting in docs/topics/i18n...
• 9b37bd5 [5.2.x] Made RemoteTestResultTest.test_pickle_errors_detection() compatible w...
• Additional commits viewable in compare view

Updates djangorestframework-simplejwt from 5.3.1 to 5.5.1

Release notes

Sourced from djangorestframework-simplejwt's releases.

v5.5.1

5.5.1

Missing Migration for rest_framework_simplejwt.token_blacklist app. A previously missing migration (0013_blacklist) has now been added. This issue arose because the migration file was mistakenly not generated earlier. This migration was never part of an official release, but users following the latest master branch may have encountered it.

Notes for Users If you previously ran makemigrations in production and have a 0013_blacklist migration in your django_migrations table, follow these steps before upgrading:

1. Roll back to the last known migration:

python manage.py migrate rest_framework_simplejwt.token_blacklist 0012

2. Upgrade djangorestframework-simplejwt to the latest version.
3. Apply the migrations correctly:

python manage.py migrate

Important: If other migrations depend on 0013_blacklist, be cautious when removing it. You may need to adjust or regenerate dependent migrations to ensure database integrity.

• fix: add missing migration for token_blacklist app by @​juanbailon in jazzband/djangorestframework-simplejwt#894
• 🌐 Fix typos and improve clarity in es_AR translations by @​fabianfalon in jazzband/djangorestframework-simplejwt#876
• docs: Add warning in docs for for_user usage by @​vgrozdanic in jazzband/djangorestframework-simplejwt#872
• feat: log warning if token is being created for inactive user by @​vgrozdanic in jazzband/djangorestframework-simplejwt#873
• ref: full tracebacks on exceptions by @​vgrozdanic in jazzband/djangorestframework-simplejwt#870
• #858 New i18n messages by @​Cloves23 in jazzband/djangorestframework-simplejwt#879
• Repair the type annotations in the TokenViewBase class. by @​triplepoint in jazzband/djangorestframework-simplejwt#880
• fix: Token.outstand forces users to install blacklist app by @​Andrew-Chen-Wang in jazzband/djangorestframework-simplejwt#884
• fix: PytestConfigWarning Unknown config option: python_paths by @​vgrozdanic in jazzband/djangorestframework-simplejwt#886
• fix: Do not copy iat claim from refresh token by @​vgrozdanic in jazzband/djangorestframework-simplejwt#888
• fix: add missing migration for token_blacklist app by @​juanbailon in jazzband/djangorestframework-simplejwt#894
• Update Persian translations (fa, fa_IR) for Django application by @​mahdirahimi1999 in jazzband/djangorestframework-simplejwt#897
• fix: always stringify user_id claim (#887)

New Contributors

• @​fabianfalon made their first contribution in jazzband/djangorestframework-simplejwt#876
• @​Cloves23 made their first contribution in jazzband/djangorestframework-simplejwt#879
• @​triplepoint made their first contribution in jazzband/djangorestframework-simplejwt#880
• @​juanbailon made their first contribution in jazzband/djangorestframework-simplejwt#894

Full Changelog: jazzband/djangorestframework-simplejwt@v5.5.0...v5.5.1

v5.5.0

Differing Behavior Change

• Adds new refresh tokens to OutstandingToken db. by @​thecarpetjasp in jazzband/djangorestframework-simplejwt#866

What's Changed

• Cap PyJWT version to <2.10.0 to avoid incompatibility with subject claim type requirement by @​grayver in jazzband/djangorestframework-simplejwt#843
• Add specific "token expired" exceptions by @​vainu-arto in jazzband/djangorestframework-simplejwt#830
• Fix user_id type mismatch when user claim is not pk by @​jdg-journeyfront in jazzband/djangorestframework-simplejwt#851
• Caching signing key by @​henryfool91 in jazzband/djangorestframework-simplejwt#859

... (truncated)

Changelog

Sourced from djangorestframework-simplejwt's changelog.

5.5.1

Missing Migration for rest_framework_simplejwt.token_blacklist app. A previously missing migration (0013_blacklist) has now been added. This issue arose because the migration file was mistakenly not generated earlier. This migration was never part of an official release, but users following the latest master branch may have encountered it.

Notes for Users If you previously ran makemigrations in production and have a 0013_blacklist migration in your django_migrations table, follow these steps before upgrading:

1. Roll back to the last known migration:

python manage.py migrate rest_framework_simplejwt.token_blacklist 0012

2. Upgrade djangorestframework-simplejwt to the latest version.
3. Apply the migrations correctly:

python manage.py migrate

Important: If other migrations depend on 0013_blacklist, be cautious when removing it. You may need to adjust or regenerate dependent migrations to ensure database integrity.

• fix: add missing migration for token_blacklist app by @​juanbailon in jazzband/djangorestframework-simplejwt#894
• 🌐 Fix typos and improve clarity in es_AR translations by @​fabianfalon in jazzband/djangorestframework-simplejwt#876
• docs: Add warning in docs for for_user usage by @​vgrozdanic in jazzband/djangorestframework-simplejwt#872
• feat: log warning if token is being created for inactive user by @​vgrozdanic in jazzband/djangorestframework-simplejwt#873
• ref: full tracebacks on exceptions by @​vgrozdanic in jazzband/djangorestframework-simplejwt#870
• #858 New i18n messages by @​Cloves23 in jazzband/djangorestframework-simplejwt#879
• Repair the type annotations in the TokenViewBase class. by @​triplepoint in jazzband/djangorestframework-simplejwt#880
• fix: Token.outstand forces users to install blacklist app by @​Andrew-Chen-Wang in jazzband/djangorestframework-simplejwt#884
• fix: PytestConfigWarning Unknown config option: python_paths by @​vgrozdanic in jazzband/djangorestframework-simplejwt#886
• fix: Do not copy iat claim from refresh token by @​vgrozdanic in jazzband/djangorestframework-simplejwt#888
• fix: add missing migration for token_blacklist app by @​juanbailon in jazzband/djangorestframework-simplejwt#894
• Update Persian translations (fa, fa_IR) for Django application by @​mahdirahimi1999 in jazzband/djangorestframework-simplejwt#897
• fix: always stringify user_id claim in jazzband/djangorestframework-simplejwt#887

5.5.0

• Cap PyJWT version to <2.10.0 to avoid incompatibility with subject claim type requirement by @​grayver in jazzband/djangorestframework-simplejwt#843
• Add specific "token expired" exceptions by @​vainu-arto in jazzband/djangorestframework-simplejwt#830
• Fix user_id type mismatch when user claim is not pk by @​jdg-journeyfront in jazzband/djangorestframework-simplejwt#851
• Caching signing key by @​henryfool91 in jazzband/djangorestframework-simplejwt#859
• Adds new refresh tokens to OutstandingToken db. by @​thecarpetjasp in jazzband/djangorestframework-simplejwt#866

5.4.0

• Changed string formatting in views by @​Egor-oop in jazzband/djangorestframework-simplejwt#750
• Enhance BlacklistMixin with Generic Type for Accurate Type Inference by @​Dresdn in jazzband/djangorestframework-simplejwt#768
• Improve type of Token.for_user to allow subclasses by @​sterliakov in jazzband/djangorestframework-simplejwt#776
• Fix the Null value of the OutstandingToken of the BlacklistMixin.blacklist by @​JaeHyuckSa in jazzband/djangorestframework-simplejwt#806
• Fix: Disable refresh token for inactive user. by @​ajay09 in jazzband/djangorestframework-simplejwt#814
• Add option to allow inactive user authentication and token generation by @​zxkeyy in jazzband/djangorestframework-simplejwt#834
• Drop Django <4.2, DRF <3.14, Python <3.9 by @​Andrew-Chen-Wang in jazzband/djangorestframework-simplejwt#839
  • Note, many deprecated versions are only officially not supported but probably still work fine.
• Add support for EdDSA and other algorithms in jwt.algorithms.requires_cryptography (#822) jazzband/djangorestframework-simplejwt#823

Commits

• be0301e Update locale files (#878)
• a2d0a02 Update CHANGELOG.md for 5.5.1 (#891)
• a3f0e6d [pre-commit.ci] pre-commit autoupdate (#892)
• d77ae20 fix: always stringify user_id claim (#887)
• 890e136 Fix ref.
• e58e16b For rST fixes.
• 6bc2a14 Fix rST syntax.
• b358417 Remove pin for Sphinx.
• d63d86d Update RTD config
• 71c72e1 chore: add Django 5.2 support to test matrix and packaging
• Additional commits viewable in compare view

Updates langchain-core from 0.3.60 to 0.3.80

Release notes

Sourced from langchain-core's releases.

langchain-core==0.3.80

Changes since langchain-core==0.3.79

release(core): 0.3.80 (#34039) fix(core): fix validation for input variables in f-string templates, restrict functionality supported by jinja2, mustache templates (GHSA-6qv9-48xg-fc7f) (#34038)

langchain-core==0.3.79

Changes since langchain-core==0.3.78

release(core): 0.3.79 (#33401) fix(core): handle parent/child mustache vars (#33346)

langchain-core==0.3.78

Changes since langchain-core==0.3.77

release(core): 0.3.78 (#33253) feat(core): add optional include_id param to convert_to_openai_messages function (#33248)

Commits

• 640d85c release(core): 0.3.80 (#34039)
• fa7789d fix(core): fix validation for input variables in f-string templates, restrict...
• b93d2f7 release(core): 0.3.79 (#33401)
• a763ebe release(anthropic): 0.3.22 (#33394)
• 5fa1094 fix(anthropic,standard-tests): carry over updates to v0.3 (#33393)
• dd4de69 fix(core): handle parent/child mustache vars (#33346)
• 5459ff1 chore: cap lib upper bounds, run sync (#33320)
• f95669a release(openai): 0.3.35 (#33299)
• 3a465d6 feat(openai): enable stream_usage when using default base URL and client (#33...
• 0b51de4 release(core): 0.3.78 (#33253)
• Additional commits viewable in compare view

Updates langgraph-checkpoint from 2.0.26 to 3.0.0

Release notes

Sourced from langgraph-checkpoint's releases.

checkpoint==3.0.0

Changes since checkpoint==2.1.2

• release: Checkpointers 3.0 (#6313)
• chore: Restrict "json" type deserialization (#6269)
• feat: adding cursory Python 3.14 support (#6298)
• style: fixes for ref docs (#6297)
• chore: drop Python 3.9 (and syntax) (#6289)
• docs: style linting (#6260)
• fix: rename away from LangGraph Platform (#6281)

checkpointpostgres==3.0.0

Changes since checkpointpostgres==2.0.25

• release: Checkpointers 3.0 (#6313)
• feat: adding cursory Python 3.14 support (#6298)
• chore: drop Python 3.9 (and syntax) (#6289)
• docs: style linting (#6260)

checkpointsqlite==3.0.0

Changes since checkpointsqlite==2.0.11

• release: Checkpointers 3.0 (#6313)
• chore: Restrict "json" type deserialization (#6269)
• feat: adding cursory Python 3.14 support (#6298)
• chore: drop Python 3.9 (and syntax) (#6289)
• docs: style linting (#6260)
• chore(checkpoint): bump patch version (#6244)
• chore(deps): upgrade dependencies with uv lock --upgrade (#6211)
• fix(checkpoint-sqlite): Handle TTL refresh correctly in AsyncSqliteStore.asearch (#5213)
• chore(deps): upgrade dependencies with uv lock --upgrade (#6176)
• test: Add tests for before and limit parameters for list SqliteSaver (#5816)
• chore(deps): upgrade dependencies with uv lock --upgrade (#6146)
• fix(checkpoint): preserve non-ascii text in InMemoryStore embeddings (#6111)
• feat(langgraph): implement redis node level cache (#5834)

checkpoint==2.1.2

Changes since checkpoint==2.1.1

• chore(checkpoint): bump patch version (#6244)
• fix(checkpoint): handle metadata.writes when serializing old checkpoints with Jsonb (#6236)
• chore(deps): upgrade dependencies with uv lock --upgrade (#6211)
• chore(deps): upgrade dependencies with uv lock --upgrade (#6176)
• fix(checkpoint): use tolerant float comparison to fix test failing on x86_64 architecture (#6157)
• chore(deps): upgrade dependencies with uv lock --upgrade (#6146)
• fix(checkpoint): preserve non-ascii text in InMemoryStore embeddings (#6111)
• feat(sdk-py): client qparams (#5918)
• feat(langgraph): implement redis node level cache (#5834)
• fix: add resiliency for task cancellation (#5846)
• perf: Save updated_channels to checkpoint (#5828)

... (truncated)

Commits

• fca3e45 release: Checkpointers 3.0 (#6313)
• c5744f5 chore: Restrict "json" type deserialization (#6269)
• d298b48 fix: rollback doc redirects (#6301)
• c4144bb release: langgraph + langgraph-prebuilt v1.0.0 (#6300)
• 2c3e380 feat: adding cursory Python 3.14 support (#6298)
• cf39fa5 fix(docs): fix catchall redirect (#6299)
• 7e666b5 style: fixes for ref docs (#6297)
• 3f400b3 fix(cli): install local deps in editable mode (#6294)
• 6527df6 chore: release rcs for prebuilt + langgraph (#6296)
• aec841b chore(prebuilt): un-deprecate tool node for now (#6295)
• Additional commits viewable in compare view

Updates langgraph-checkpoint-sqlite from 2.0.10 to 2.0.11

Release notes

Sourced from langgraph-checkpoint-sqlite's releases.

checkpointsqlite==2.0.11

Changes since checkpointsqlite==2.0.10

• chore(checkpoint-sqlite): Release 2.0.11 (#5667)
• fix(checkpoint-sqlite): add validation to filter keys in sql store (#5666)
• langgraph-checkpoint 2.1.1
• fix(docs): broken URL in _AIO_ERROR_MSG for AsyncSqliteSaver (#5483)
• fix[deps]: update lockfiles / deps bounds for internal tools (#5301)
• langgraph: remove support for thread_ts (old alias for checkpoint_id) (#5295)
• Fix deadlock in SqliteStore
• Reduce extraneous keys in checkpoint.metadata
• If FuturesDict callback has been GCed, don't call it
• Preparation for 0.5 release: langgraph-checkpoint (#5124)
• Restore compatibility with custom checkpointer classes created in prior versions
• serialize/deserialize pandas with pickle fallback (#5057)
• Support numpy array serialization in JsonPlusSerializer (#5035)
• Update ormsgpack (#5034)
• Remove Checkpoint.pending_sends

Commits

• a3d7b6f chore(checkpoint-sqlite): Release 2.0.11 (#5667)
• bc9d45b fix(checkpoint-sqlite): add validation to filter keys in sql store (#5666)
• 7d3f008 docs: more thorough notes on v0.6 features and changes (#5623)
• ed678f4 Merge branch 'main' into sr/version-added-for-context
• 22411ba lint
• 5b9021f typo
• aaff464 move deprecation note for config_schema
• 3a23a25 docs: [LangGraph Server Changelog Bot] Changelog updates for new version(s) (...
• f685739 Update changelog via LangGraph Server Changelog Bot
• cdaa7ba chore: typing for headers in remote graph (#5653)
• Additional commits viewable in compare view

Updates langchain-community from 0.3.24 to 0.3.27

Commits

• bdf1cd3 fix(langchain): update deps
• 77c9819 fix(text-splitters): update langchain-core version to 0.3.72
• 7f015b6 fix(text-splitters): update lock for release
• 71ad451 Merge branch 'master' of github.com:langchain-ai/langchain
• 2c42893 fix(langchain): update langchain-core version to 0.3.72
• 0e139fb release(langchain): 0.3.27 (#32227)
• 622bb05 fix(langchain): class HTMLSemanticPreservingSplitter ignores the text inside ...
• 56dde3a feat(langchain): v1 scaffolding (#32166)
• bd3d649 release(core): 0.3.72 (#32214)
• fb5da83 fix(core): Dereference Refs for pydantic schema fails in tool schema generati...
• Additional commits viewable in compare view

Updates langchain-text-splitters from 0.3.8 to 0.3.9

Commits

• 77c9819 fix(text-splitters): update langchain-core version to 0.3.72
• 7f015b6 fix(text-splitters): update lock for release
• 71ad451 Merge branch 'master' of github.com:langchain-ai/langchain
• 2c42893 fix(langchain): update langchain-core version to 0.3.72
• 0e139fb release(langchain): 0.3.27 (#32227)
• 622bb05 fix(langchain): class HTMLSemanticPreservingSplitter ignores the text inside ...
• 56dde3a feat(langchain): v1 scaffolding (#32166)
• bd3d649 release(core): 0.3.72 (#32214)
• fb5da83 fix(core): Dereference Refs for pydantic schema fails in tool schema generati...
• a7d0e42 docs: fix typos in documentation (#32201)
• Additional commits viewable in compare view

Updates pypdf from 5.6.0 to 6.4.0

Release notes

Sourced from pypdf's releases.

Version 6.4.0, 2025-11-23

What's new

Security (SEC)

• Reduce default limit for LZW decoding by @​stefan6419846

New Features (ENH)

• Parse and format comb fields in text widget annotations (#3519) by @​PJBrs

Robustness (ROB)

• Silently ignore Adobe Ascii85 whitespace for suffix detection (#3528) by @​mbierma

Full Changelog

Version 6.3.0, 2025-11-16

What's new

New Features (ENH)

• Wrap and align text in flattened PDF forms (#3465) by @​PJBrs

Bug Fixes (BUG)

• Fix missing "PreventGC" when cloning (#3520) by @​patrick91
• Preserve JPEG image quality by default (#3516) by @​Lucas-C

Full Changelog

Version 6.2.0, 2025-11-09

What's new

New Features (ENH)

• Add 'strict' parameter to PDFWriter (#3503) by @​Arya-A-Nair

Bug Fixes (BUG)

• PdfWriter.append fails when there are articles being None (#3509) by @​Noah-Houghton

Documentation (DOC)

• Execute docs examples in CI (#3507) by @​ievgen-kapinos

Full Changelog

Version 6.1.3, 2025-10-22

What's new

Security (SEC)

• Allow limiting size of LZWDecode streams (#3502) by @​stefan6419846
• Avoid infinite loop when reading broken DCT-based inline images (#3501) by @​stefan6419846

Bug Fixes (BUG)

• PageObject.scale() scales media box incorrectly (#3489) by @​Nid01

... (truncated)

Changelog

Sourced from pypdf's changelog.

Version 6.4.0, 2025-11-23

Security (SEC)

• Reduce default limit for LZW decoding

New Features (ENH)

• Parse and format comb fields in text widget annotations (#3519)

Robustness (ROB)

• Silently ignore Adobe Ascii85 whitespace for suffix detection (#3528)

Full Changelog

Version 6.3.0, 2025-11-16

New Features (ENH)

• Wrap and align text in flattened PDF forms (#3465)

Bug Fixes (BUG)

• Fix missing "PreventGC" when cloning (#3520)
• Preserve JPEG image quality by default (#3516)

Full Changelog

Version 6.2.0, 2025-11-09

New Features (ENH)

• Add 'strict' parameter to PDFWriter (#3503)

Bug Fixes (BUG)

• PdfWriter.append fails when there are articles being None (#3509)

Documentation (DOC)

• Execute docs examples in CI (#3507)

Full Changelog

Version 6.1.3, 2025-10-22

Security (SEC)

• Allow limiting size of LZWDecode streams (#3502)
• Avoid infinite loop when reading broken DCT-based inline images (#3501)

Bug Fixes (BUG)

• PageObject.scale() scales media box incorrectly (#3489)

Robustness (ROB)

• Fail with explicit exception when image mode is an empty array (#3500)

Full Changelog

... (truncated)

Commits

• 310e571 REL: 6.4.0
• 9618672 Merge commit from fork
• 41e2e55 MAINT: Disable automated tagging on release
• 82faf98 ROB: Silently ignore Adobe Ascii85 whitespace for suffix detection (#3528)
• cd172d9 DEV: Bump actions/checkout from 5 to 6 (#3531)
• ff561f4 STY: Tweak PdfWriter (#3337)
• e9e3735 MAINT: Update comments, check for warning message (#3521)
• 905745a TST: Add test for retrieving P image with alpha mask (#3525)
• bd433f7 ENH: Parse and format comb fields in text widget annotations (#3519)
• c0caa5d REL: 6.3.0
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.