chore: upgrade dependencies

Signed-off-by: tdruez <tdruez@aboutcode.org>

Author: tdruez

Makefile

@@ -77,6 +77,16 @@ fix:
 	@echo "-> Run Ruff linter"
 	uvx ruff check --fix
 
+outdated:
+	@echo "-> Check for outdated packages (with 7 days cooldown)"
+	uv tree --outdated --exclude-newer "7 days"
+	@echo "-> Audit the project's dependencies for known vulnerabilities"
+	uv audit
+
+upgrade:
+	# Update the versions in pyproject.toml
+	uv lock
+
 ########################################################################################
 # Local venv commands (legacy)
 ########################################################################################

pyproject.toml

@@ -34,31 +34,31 @@ classifiers = [
 
 dependencies = [
   "importlib-metadata==8.7.1",
-  "setuptools==82.0.0",
+  "setuptools==82.0.1",
   # Django related
-  "Django==6.0.4",
+  "Django==6.0.5",
   "django-environ==0.13.0",
   "django-crispy-forms==2.6",
   "crispy-bootstrap3==2024.1",
   "django-filter==25.2",
-  "djangorestframework==3.16.1",
+  "djangorestframework==3.17.1",
   "django-taggit==6.1.0",
   "django-htmx==1.27.0",
   # Database
-  "psycopg[binary]==3.3.3",
+  "psycopg[binary]==3.3.4",
   # wait_for_database Django management command
   "django-probes==1.8.0",
   # Task queue
-  "rq==2.7.0",
-  "django-rq==3.2.2",
-  "redis==7.3.0",
+  "rq==2.9.0",
+  "django-rq==4.1.0",
+  "redis==7.4.0",
   # WSGI server
-  "gunicorn==25.1.0",
+  "gunicorn==26.0.0",
   # Docker
   "container-inspector==33.1.0",
   # ScanCode-toolkit
   "scancode-toolkit[packages]==32.5.0",
-  "extractcode[full]==31.0.0",
+  "extractcode[full]==31.1.0",
   "commoncode==32.4.2",
   "Beautifulsoup4[chardet]==4.14.3",
   "packageurl-python==0.17.6",
@@ -77,7 +77,10 @@ dependencies = [
   "XlsxWriter==3.2.9",
   "openpyxl==3.1.5",
   "requests==2.33.1",
-  "GitPython==3.1.46",
+  "urllib3==2.7.0",
+  "idna==3.16",
+  "GitPython==3.1.50",
+  "lxml==6.1.1",
   # Profiling
   "pyinstrument==5.1.2",
   # CycloneDX
@@ -104,10 +107,10 @@ dependencies = [
 [project.optional-dependencies]
 dev = [
   # Validation
-  "ruff==0.15.5",
+  "ruff==0.15.14",
   "doc8==2.0.0",
   # Debug
-  "django-debug-toolbar==6.2.0",
+  "django-debug-toolbar==6.3.0",
   # Documentation
   "Sphinx==8.1.3",
   "sphinx-rtd-theme==3.0.2",
@@ -160,6 +163,12 @@ scan_single_package = "scanpipe.pipelines.scan_single_package:ScanSinglePackage"
 [tool.setuptools.packages.find]
 where = ["."]
 
+[tool.uv]
+# Copy files instead of hardlinking, works across all filesystems
+link-mode = "copy"
+# Ignore package versions published in the last 7 days for safety
+exclude-newer = "7 days"
+
 [tool.ruff]
 line-length = 88
 extend-exclude = ["migrations", "var"]