chore: upgrade dependencies (#2173)

tdruez · web-flow · commit 110f4e7b81fd · 2026-06-12T17:02:14.000+04:00
Signed-off-by: tdruez &lt;tdruez@aboutcode.org&gt;
diff --git a/Makefile b/Makefile
@@ -81,6 +81,16 @@ fix:
 	@echo "-> Run Ruff linter"
 	uvx ruff check --fix
 
+outdated:
+	@echo "-> Check for outdated packages (with 7 days cooldown)"
+	uv tree --outdated --exclude-newer "7 days"
+	@echo "-> Audit the project's dependencies for known vulnerabilities"
+	uv audit
+
+upgrade:
+	# Update the versions in pyproject.toml
+	uv lock
+
 ########################################################################################
 # Local venv commands (legacy)
 ########################################################################################
diff --git a/pyproject.toml b/pyproject.toml
@@ -34,59 +34,66 @@ classifiers = [
 
 dependencies = [
   "importlib-metadata==8.7.1",
-  "setuptools==82.0.0",
+  "setuptools==82.0.1",
   # Django related
-  "Django==6.0.4",
+  "Django==6.0.5",
   "django-environ==0.13.0",
   "django-crispy-forms==2.6",
   "crispy-bootstrap3==2024.1",
   "django-filter==25.2",
-  "djangorestframework==3.16.1",
+  "djangorestframework==3.17.1",
   "django-taggit==6.1.0",
   "django-htmx==1.27.0",
   # Database
-  "psycopg[binary]==3.3.3",
+  "psycopg[binary]==3.3.4",
   # wait_for_database Django management command
   "django-probes==1.8.0",
   # Task queue
-  "rq==2.7.0",
-  "django-rq==3.2.2",
-  "redis==7.3.0",
+  "rq==2.9.0",
+  "django-rq==4.1.0",
+  "redis==7.4.0",
   # WSGI server
-  "gunicorn==25.1.0",
+  "gunicorn==26.0.0",
+  "packaging==26.2",
   # Docker
   "container-inspector==33.1.0",
   # ScanCode-toolkit
   "scancode-toolkit[packages]==32.5.0",
-  "extractcode[full]==31.0.0",
+  "extractcode[full]==31.1.0",
   "commoncode==32.4.2",
   "Beautifulsoup4[chardet]==4.14.3",
   "packageurl-python==0.17.6",
   # FetchCode
-  "fetchcode==0.8.0",
+  "fetchcode==0.8.2",
   "fetchcode-container==1.2.3.210512; sys_platform == 'linux'",
   # Inspectors
   "elf-inspector==0.0.3",
   "go-inspector==0.5.0",
   "rust-inspector==0.2.1",
   "binary-inspector==0.2.0",
-  "python-inspector==0.15.0",
+  "python-inspector==0.15.2",
   "source-inspector==0.7.1; sys_platform != 'darwin' and platform_machine != 'arm64'",
   "aboutcode-toolkit==11.1.1",
   # Utilities
   "XlsxWriter==3.2.9",
   "openpyxl==3.1.5",
   "requests==2.33.1",
-  "GitPython==3.1.46",
+  "charset-normalizer==3.4.7",
+  "chardet==7.4.3",
+  "urllib3==2.7.0",
+  "idna==3.16",
+  "GitPython==3.1.50",
+  "lxml==6.1.1",
+  "certifi==2026.5.20",
   # Profiling
   "pyinstrument==5.1.2",
   # CycloneDX
-  "cyclonedx-python-lib==11.6.0",
+  "cyclonedx-python-lib==11.7.0",
   "jsonschema==4.26.0",
   # MatchCode-toolkit
   "matchcode-toolkit==7.2.2",
   # Univers
-  "univers==31.1.0",
+  "univers==32.0.1",
   # Markdown
   "markdown-it-py==4.0.0",
   "bleach==6.3.0",
@@ -104,13 +111,13 @@ dependencies = [
 [project.optional-dependencies]
 dev = [
   # Validation
-  "ruff==0.15.5",
+  "ruff==0.15.14",
   "doc8==2.0.0",
   # Debug
-  "django-debug-toolbar==6.2.0",
+  "django-debug-toolbar==6.3.0",
   # Documentation
   "Sphinx==8.1.3",
-  "sphinx-rtd-theme==3.0.2",
+  "sphinx-rtd-theme==3.1.0",
   "sphinx-rtd-dark-mode==1.3.0",
   "sphinxcontrib-django==2.5",
 ]
@@ -160,6 +167,12 @@ scan_single_package = "scanpipe.pipelines.scan_single_package:ScanSinglePackage"
 [tool.setuptools.packages.find]
 where = ["."]
 
+[tool.uv]
+# Copy files instead of hardlinking, works across all filesystems
+link-mode = "copy"
+# Ignore package versions published in the last 7 days for safety
+exclude-newer = "7 days"
+
 [tool.ruff]
 line-length = 88
 extend-exclude = ["migrations", "var"]
diff --git a/uv.lock b/uv.lock
