Bump the python-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the python-dependencies group with 6 updates in the / directory:

Package	From	To
django	5.2.10	5.2.11
gunicorn	24.1.1	25.1.0
django-tasks	0.11.0	0.12.0
playwright	1.57.0	1.58.0
pytest-django	4.11.1	4.12.0
faker	40.1.2	40.4.0

Updates django from 5.2.10 to 5.2.11

Commits

• 4a96a19 [5.2.x] Bumped version for 5.2.11 release.
• ab0ad8d [5.2.x] Refs CVE-2026-1312 -- Raised ValueError when FilteredRelation aliases...
• e863ee2 [5.2.x] Fixed CVE-2026-1312 -- Protected order_by() from SQL injection via al...
• 3e68ccd [5.2.x] Fixed CVE-2026-1287 -- Protected against SQL injection in column alia...
• 9f2ada8 [5.2.x] Fixed CVE-2026-1285 -- Mitigated potential DoS in django.utils.text.T...
• 17a1d64 [5.2.x] Fixed CVE-2026-1207 -- Prevented SQL injections in RasterField lookup...
• 1ba9006 [5.2.x] Fixed CVE-2025-14550 -- Optimized repeated header parsing in ASGI req...
• 184e38a [5.2.x] Fixed CVE-2025-13473 -- Standardized timing of check_password() in mo...
• d8c551d [5.2.x] Added stub release notes and release date for 5.2.11 and 4.2.28.
• 3ea659d [5.2.x] Clarified regression nature of data loss bug in docs/releases/5.2.10....
• Additional commits viewable in compare view

Updates gunicorn from 24.1.1 to 25.1.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 25.1.0

New Features

• Control Interface (gunicornc): Add interactive control interface for managing running Gunicorn instances, similar to birdc for BIRD routing daemon ([PR #3505](benoitc/gunicorn#3505))

  • Unix socket-based communication with JSON protocol
  • Interactive mode with readline support and command history
  • Commands: show all/workers/dirty/config/stats/listeners
  • Worker management: worker add/remove/kill, dirty add/remove
  • Server control: reload, reopen, shutdown
  • New settings: --control-socket, --control-socket-mode, --no-control-socket
  • New CLI tool: gunicornc for connecting to control socket
  • See Control Interface Guide for details

• Dirty Stash: Add global shared state between workers via dirty.stash ([PR #3503](benoitc/gunicorn#3503))

  • In-memory key-value store accessible by all workers
  • Supports get, set, delete, clear, keys, and has operations
  • Useful for sharing state like feature flags, rate limits, or cached data

• Dirty Binary Protocol: Implement efficient binary protocol for dirty arbiter IPC using TLV (Type-Length-Value) encoding ([PR #3500](benoitc/gunicorn#3500))

  • More efficient than JSON for binary data
  • Supports all Python types: str, bytes, int, float, bool, None, list, dict
  • Better performance for large payloads

• Dirty TTIN/TTOU Signals: Add dynamic worker scaling for dirty arbiters ([PR #3504](benoitc/gunicorn#3504))

  • Send SIGTTIN to increase dirty workers
  • Send SIGTTOU to decrease dirty workers
  • Respects minimum worker constraints from app configurations

Changes

• ASGI Worker: Promoted from beta to stable
• Dirty Arbiters: Now marked as beta feature

Documentation

• Fix Markdown formatting in /configure documentation

25.0.3

What's Changed

Bug Fixes

• Fix RuntimeError when StopIteration raised in ASGI coroutine (#3484)
• Fix passing maxsplit in re.split() as positional argument (deprecated in Python 3.13)

... (truncated)

Commits

• 2d43101 docs: merge gunicornc into 25.1.0 release
• bf4ad8d docs: update 25.1.0 release date to 2026-02-13
• 730350e Merge pull request #3505 from benoitc/feature/gunicornc-control-interface
• 63df19b fix(tests): use process groups for reliable signal handling in PyPy
• cd77bcc fix(tests): increase wait time for all server tests
• 02ea985 fix(tests): improve server test reliability on FreeBSD
• 6d81c9e fix: resolve pylint warnings
• 7486baa fix: remove unused imports
• 3e60d29 docs: add gunicornc control interface guide
• e05e40d feat(ctl): add message-based dirty worker management
• Additional commits viewable in compare view

Updates django-tasks from 0.11.0 to 0.12.0

Release notes

Sourced from django-tasks's releases.

0.12.0

Breaking changes

DB and RQ backends have been extracted into their own packages

From this version onwards, django-tasks will aim to mirror the upstream django.tasks package as much as possible. Therefore, the database and RQ backends have been extracted into their own packages. If you previously used either the DB or RQ backends, you can install them from their new homes:

• https://github.com/RealOrangeOne/django-tasks-db
• https://github.com/RealOrangeOne/django-tasks-rq

They are available starting at 0.12.0 on PyPI, with the features which they would have received in this version. See their release notes for more information.

Ideas and suggestions can still be made to this repository, but changes will go through Django's feature development processes.

This change is done with the aim of making the ecosystem much simpler to explain. See RealOrangeOne/django-tasks#241 for more details.

Task metadata is no more

After a single release, metadata has been removed. This keeps the package in line with upstream django.tasks features. In future, notable feature improvements will be made upstream first, and then ported into django-tasks.

What's Changed

• Adresses #190 -- Failing task when exception raised for Import string by @​p-r-a-v-i-n in RealOrangeOne/django-tasks#231
• Align task status with Django SUCCESSFUL by @​cnaples79 in RealOrangeOne/django-tasks#230
• Extract RQ and DB backends into separate packages by @​RealOrangeOne in RealOrangeOne/django-tasks#240
• Remove metadata support by @​RealOrangeOne in RealOrangeOne/django-tasks#239

New Contributors

• @​cnaples79 made their first contribution in RealOrangeOne/django-tasks#230

Full Changelog: RealOrangeOne/django-tasks@0.11.0...0.12.0

Commits

• caaf809 Version 0.12.0
• f3188b4 Remove metadata support (#239)
• 7fe9c77 Extract RQ and DB backends into separate packages (#240)
• 17bd95f Align task status with Django's "SUCCESSFUL" (#230)
• 983fa7f Rename constant to match Django
• e310b68 Add feature for metadata support (#234)
• fbeca7b Correctly handle tasks which fail due to import error (#231)
• 2405573 Add async enqueue path for database backend (#232)
• See full diff in compare view

Updates playwright from 1.57.0 to 1.58.0

Release notes

Sourced from playwright's releases.

v1.58.0

Trace Viewer Improvements

• New 'system' theme option follows your OS dark/light mode preference
• Search functionality (Cmd/Ctrl+F) is now available in code editors
• Network details panel has been reorganized for better usability
• JSON responses are now automatically formatted for readability

Thanks to @​cpAdm for contributing these improvements!

Miscellaneous

browser_type.connect_over_cdp() now accepts an is_local option. When set to True, it tells Playwright that it runs on the same host as the CDP server, enabling file system optimizations.

Breaking Changes ⚠️

• Removed _react and _vue selectors. See locators guide for alternatives.
• Removed :light selector engine suffix. Use standard CSS selectors instead.
• Option devtools from browser_type.launch() has been removed. Use args=['--auto-open-devtools-for-tabs'] instead.
• Removed macOS 13 support for WebKit. We recommend to upgrade your macOS version, or keep using an older Playwright version.

Browser Versions

• Chromium 145.0.7632.6
• Mozilla Firefox 146.0.1
• WebKit 26.0

This version was also tested against the following stable channels:

• Google Chrome 144
• Microsoft Edge 144

Commits

• 47a5d35 chore: roll to 1.58.0 (#3026)
• d3f5438 chore: throw FileNotFoundError for nonexistant files (#3014)
• 731b539 chore: implement Request.service_worker (#3013)
• See full diff in compare view

Updates pytest-django from 4.11.1 to 4.12.0

Changelog

Sourced from pytest-django's changelog.

v4.12.0 (2026-02-14)

Compatibility ^^^^^^^^^^^^^

• Official Python 3.14 support.
• Dropped support for Python 3.9, minimum version is now Python 3.10.
• Official Django 6.0 support.

Improvements ^^^^^^^^^^^^

• The :ref:multiple databases <multi-db> support added in v4.3.0 is no longer considered experimental.
• Added :func:@pytest.mark.django_isolate_apps <pytest.mark.django_isolate_apps> for isolating Django's app registry in pytest tests, and a :fixture:django_isolated_apps fixture to access the isolated Apps registry instance if needed.

Commits

• a2a9495 Release 4.12.0
• 020bc23 tests: make sure access to default can also be blocked
• bcefbe8 Add support for isolating apps in tests
• 39c8dcc plugin: add a note why we reorder tests
• 1830acd pyproject.toml: require pytest 9 for self tests, switch to native toml config...
• f19da08 Fix the order of the test cases that use the live_server fixture
• 92858ee docs: add pytest 9.0+ native TOML configuration format
• 3f550d9 build(deps): bump hynek/build-and-inspect-python-package
• 1f50dd2 Drop obsolete traces of Django 5.0 in CI
• 247ec1c Fix PytestCollectionWarning for TestRunner class (#1259)
• Additional commits viewable in compare view

Updates faker from 40.1.2 to 40.4.0

Release notes

Sourced from faker's releases.

Release v40.4.0

See CHANGELOG.md.

Release v40.3.0

See CHANGELOG.md.

Release v40.2.0

See CHANGELOG.md.

Release v40.1.3

See CHANGELOG.md.

Changelog

Sourced from faker's changelog.

v40.4.0 - 2026-02-06

• Add passport and cie for it_IT. Thanks @​ElektroDuck.

v40.3.0 - 2026-02-06

• Add major Greek banks to el_GR bank provider. Thanks @​bon12-gr.

v40.2.0 - 2026-02-06

• Update internet pt_bR provider (domains, tlds, slugify). Thanks @​MorganaSilva.

v40.1.3 - 2026-02-06

• fix pyfloat TypeError when combining positive=True with max_value. Thanks @​odrigobnogueira.

Commits

• 58edc9a Bump version: 40.3.0 → 40.4.0
• 460b45a 📝 Update CHANGELOG.md
• d8eb52f 💄 Lint code
• 0f010e1 Fix/italian identity documents (#2310)
• a94fed9 Bump version: 40.2.0 → 40.3.0
• 23e837c 📝 Update CHANGELOG.md
• cbc336c 💄 Lint code
• 7b86902 Add major GR banks to el_GR bank provider (#2306)
• 38fe21c Docs: Add faker-healthcare-provider to community providers (#2307)
• ac2ce32 Add AI Assistance Disclosure section to PR template
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions