build(deps): bump the production-dependencies group across 1 directory with 11 updates

[dependabot]

Bumps the production-dependencies group with 11 updates in the / directory:

Package	From	To
grpcio	1.78.1	1.80.0
grpcio-testing	1.78.1	1.80.0
grpcio-tools	1.78.1	1.80.0
gunicorn	25.1.0	25.3.0
idna	3.11	3.13
imap-tools	1.11.1	1.12.1
peewee	4.0.0	4.0.5
phonenumbers	9.0.24	9.0.29
pyopenssl	25.3.0	26.1.0
requests	2.32.5	2.33.1
pytest	9.0.2	9.0.3

Updates grpcio from 1.78.1 to 1.80.0

Release notes

Sourced from grpcio's releases.

Release v1.80.0

This is release 1.80.0 (glimmering) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• [ssl] Implement TLS private key signer in Python. (#41701)
• [TLS Credentials]: Private Key Offload Implementation. (#41606)
• Fix max sockaddr struct size on OpenBSD. (#40454)
• [core] Enable EventEngine for Python by default, and EventEngine fork support in Python and Ruby. (#41432)
• [TLS Credentials]: Create InMemoryCertificateProvider to update certificates independently. (#41484)
• [Ruby] Build/test ruby 4.0 and build native gems with Ruby 4.0 support. (#41324)
• [EventEngine] Remove an incorrect std::move in DNSServiceResolver constructor. (#41502)
• [RR and WRR] enable change to connect from a random index. (#41472)
• [xds] Implement gRFC A101. (#41051)

C++

• [C++] Add SNI override option to C++ channel credentials options API. (#41460)

C#

• [C# tools] Option to append Async to server side method names #39010. (#39797)

Objective-C

• [Fix][Compiler] Plugins fall back to the edition 2023 for older protobuf. (#41357)

PHP

• [PHP] Disable php infinite recursion check for callback from Core to PHP. (#41835)
• [PHP] Fix runtime error with PHp8.5 alpha because zend_exception_get_defaul…. (#40337)

Python

• [Python] Fix GRPC_TRACE not working when absl log initialized in cython. (#41814)
• Revert "[Python] Align GRPC_ENABLE_FORK_SUPPORT env defaults in core and python (#41455)". (#41769)
• [Python] Fix AsyncIO Server maximum_concurrent_rpcs enforcement preventing negative active_rpcs count. (#41532)
• [Python] Docs: correct grpc.Compression references. (#41705)
• [Python] [Typeguard] Part 4 - Add Typeguard to AIO stack in tests . (#40226)

... (truncated)

Commits

• f5e2d6e [Release] Bump version to 1.80.0 (on v1.80.x branch) (#41857)
• 938cfec [subchannel connection scaling] fix when we reset backoff (#41935)
• 91778be [Backport][v1.80.x][Python] New _create method for aio.Metadata (#41888)
• f10b9f2 [bzlmod] upgrade rules_swift to avoid BCR CI breakage on Windows with bazel 7...
• be4c1c5 [subchannel] fix crash in connection scaling code (#41853)
• a71df73 [Release] Bump version to 1.80.0-pre1 (on v1.80.x branch) (#41844)
• 3ca09e4 [Python] Fix GRPC_TRACE and add test to check the GRPC_TRACE logs print (#41814)
• 260c6fd [PHP] Disable php infinite recursion check for callback from Core to PHP (#41...
• 50957c5 [Flakiness] Delete flaky iomgr fd_conservation_posix_test and create an Event...
• e1e1d0a [Bzlmod] Turn off bzlmod for PSM python tests. (#41810)
• Additional commits viewable in compare view

Updates grpcio-testing from 1.78.1 to 1.80.0

Updates grpcio-tools from 1.78.1 to 1.80.0

Release notes

Sourced from grpcio-tools's releases.

Release v1.80.0

This is release 1.80.0 (glimmering) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• [ssl] Implement TLS private key signer in Python. (#41701)
• [TLS Credentials]: Private Key Offload Implementation. (#41606)
• Fix max sockaddr struct size on OpenBSD. (#40454)
• [core] Enable EventEngine for Python by default, and EventEngine fork support in Python and Ruby. (#41432)
• [TLS Credentials]: Create InMemoryCertificateProvider to update certificates independently. (#41484)
• [Ruby] Build/test ruby 4.0 and build native gems with Ruby 4.0 support. (#41324)
• [EventEngine] Remove an incorrect std::move in DNSServiceResolver constructor. (#41502)
• [RR and WRR] enable change to connect from a random index. (#41472)
• [xds] Implement gRFC A101. (#41051)

C++

• [C++] Add SNI override option to C++ channel credentials options API. (#41460)

C#

• [C# tools] Option to append Async to server side method names #39010. (#39797)

Objective-C

• [Fix][Compiler] Plugins fall back to the edition 2023 for older protobuf. (#41357)

PHP

• [PHP] Disable php infinite recursion check for callback from Core to PHP. (#41835)
• [PHP] Fix runtime error with PHp8.5 alpha because zend_exception_get_defaul…. (#40337)

Python

• [Python] Fix GRPC_TRACE not working when absl log initialized in cython. (#41814)
• Revert "[Python] Align GRPC_ENABLE_FORK_SUPPORT env defaults in core and python (#41455)". (#41769)
• [Python] Fix AsyncIO Server maximum_concurrent_rpcs enforcement preventing negative active_rpcs count. (#41532)
• [Python] Docs: correct grpc.Compression references. (#41705)
• [Python] [Typeguard] Part 4 - Add Typeguard to AIO stack in tests . (#40226)

... (truncated)

Commits

• f5e2d6e [Release] Bump version to 1.80.0 (on v1.80.x branch) (#41857)
• a71df73 [Release] Bump version to 1.80.0-pre1 (on v1.80.x branch) (#41844)
• 1299baa [Python] Add language features to exported proto files (#41501)
• 522dbbb [Release] Bump version to 1.79.0-dev (on master branch) (#41291)
• See full diff in compare view

Updates gunicorn from 25.1.0 to 25.3.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 25.3.0

Bug Fixes

• HTTP/2 ASGI Body Duplication: Fix request body being received twice in HTTP/2 ASGI requests, causing JSON parsing errors with "Extra data" messages (#3558)

• ASGI Chunked EOF Handling: Add finish() method to callback parser to handle chunked encoding edge case where connection closes before final CRLF after zero-chunk

• HTTP/2 Documentation: Fix http_protocols examples to use comma-separated string instead of list syntax (#3561)

• Chunked Encoding: Reject chunk extensions containing bare CR bytes per RFC 9112 (#3556)

• Request Line Limit: Fix --limit-request-line 0 to mean unlimited as documented, instead of using default maximum. Works with both Python and fast C parser. (#3563)

Security

• ASGI Parser Header Validation: Add security checks per RFC 9110/9112:
  • Reject duplicate Content-Length headers
  • Reject requests with both Content-Length and Transfer-Encoding
  • Reject chunked transfer encoding in HTTP/1.0
  • Reject stacked chunked encoding
  • Validate Transfer-Encoding values
  • Strict chunk size validation

Changes

• Fast HTTP Parser: Update to gunicorn_h1c >= 0.6.3 for asgi_headers property and InvalidChunkExtension validation for bare CR rejection

• ASGI PROXY Protocol: Add PROXY protocol v1/v2 support to callback parser

• Docker Images: Update to Python 3.14

Gunicorn 25.2.0

New Features

• Fast HTTP Parser (gunicorn_h1c 0.4.1): Integrate new exception types and limit parameters from gunicorn_h1c 0.4.1 for both WSGI and ASGI workers
  • Requires gunicorn_h1c >= 0.4.1 for http_parser='fast'
  • Falls back to Python parser in auto mode if version not met
  • Proper HTTP status codes for limit errors (414, 431)

Bug Fixes

• uWSGI Async Workers: Fix InvalidUWSGIHeader: incomplete header error when using gevent or gthread workers with uwsgi protocol behind nginx. (#3552, [PR #3554](benoitc/gunicorn#3554))

... (truncated)

Commits

• 9bce72c Update changelog with missing 25.3.0 changes
• 2a15fdb Fix pylint isinstance-second-argument-not-valid-type warning
• 8d08aaa Fix --limit-request-line 0 to mean unlimited
• d40a374 Fix pytest-asyncio configuration and treq_asgi hex escapes
• da8bd48 Remove unused AsyncRequest class
• b00f125 Integrate gunicorn_h1c 0.6.3 with InvalidChunkExtension support
• bdb2ebd Reject chunk extensions with bare CR bytes (RFC 9112)
• 7057fc9 Fix http_protocols documentation to use string syntax
• d43acb8 Update to gunicorn_h1c >= 0.6.2 for asgi_headers support
• cbd27e8 Merge pull request #3559 from benleembruggen/fix/http2-asgi-body-duplication
• Additional commits viewable in compare view

Updates idna from 3.11 to 3.13

Changelog

Sourced from idna's changelog.

3.13 (2026-04-22) +++++++++++++++++

• Correct classification error for codepoint U+A7F1

3.12 (2026-04-21) +++++++++++++++++

• Update to Unicode 17.0.0.
• Issue a deprecation warning for the transitional argument.
• Added lazy-loading to provide some performance improvements.
• Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.

Thanks to Rodrigo Nogueira for contributions to this release.

Commits

• 89cdfd2 Release v3.13
• 1eb0686 Pre-release 3.13
• 5f20d1e Merge pull request #220 from kjd/unicode-next
• 4ea8425 Regenerate idnadata.py with correct NFKC_CF data
• fd47341 Use NFKC_CF from Unicode data files instead of Python's unicodedata module
• a5304a4 Merge pull request #219 from kjd/release-3.12
• d80d6f9 Release v3.12
• 1bb44dd Merge pull request #218 from kjd/release-candidate-3.12rc0
• 909c49d Release candidate for 3.12
• c5459a1 Merge pull request #217 from kjd/housekeeping-2
• Additional commits viewable in compare view

Updates imap-tools from 1.11.1 to 1.12.1

Release notes

Sourced from imap-tools's releases.

v1.12.1

• Fixed: BaseMailBox.login now quotes username to handle special IMAP characters (e.g. *)

v1.12.0

• Changed: MailMessage.headers now are lazy dict-like mapping - LazyHeaders. It fetches header values when accessed only. Actually it is braking change, but in most cases it will works with old code. The change saves memory and processor time.

Changelog

Sourced from imap-tools's changelog.

1.12.1

• Fixed: BaseMailBox.login now quotes username to handle special IMAP characters (e.g. *)

1.12.0

• Changed: MailMessage.headers now are lazy dict-like mapping - LazyHeaders. It fetches header values when accessed only. Actually it is braking change, but in most cases it will works with old code. The change saves memory and processor time.

Commits

• 4ff405b vers
• 6443dd6 Fixes the username quoting when using login with a username containing charac...
• 74083c4 doc
• 4db2562 doc
• c59a607 MailMessage.headers - LazyHeaders
• 32ddf22 MailMessage.headers docs
• See full diff in compare view

Updates peewee from 4.0.0 to 4.0.5

Release notes

Sourced from peewee's releases.

4.0.5

• Fix bug where db_value() may not get called in subclasses of Postgres JSONField / BinaryJSONField, refs #3044.
• Fix bug where indexes for table may be defined on multiple schema, #3043.
• Always fall-through to base exception class if exception is not recognized in DB drivers. This simplifies checking driver-specific subclasses of standard DB-API exceptions.

View commits

4.0.4

• Fix SQL generation for partial indexes with nulls (not) distinct clause.
• Raise an ImproperlyConfigured if pg driver unavailable at model definition-time when field db-hooks are used, rather than AttributeError.

View commits

4.0.3

• Refactor test suite - this was a mechanical refactor, just moving things around and trying to group things more clearly. Also added new tests covering some gaps.
• Expand multi-value types to include generator expressions, so you can write stuff like .in(a for a in iterable if cond).
• Ensure quotes embedded in entity names are escaped.
• Improved specification of FOR UPDATE clauses.
• Fix for negative values in paginate() method.
• Fix for newer MySQL server versions in feature detection code.
• More robust handling of unusual aliases / invalid attr names in cursor wrapper.
• Better handling of duplicated column names in cursor wrapper implementations.
• Improve performance of ModelCursorWrapper when reconstructing model instance graphs after multi-table selects.
• If only psycopg3 is installed, use it by default (#3036)

View commits

4.0.2

• Remove all Python 2.x compatibility code.
• Add streaming result cursors to pwasyncio module via db.iterate(query).
• Better serialization and deserialization of datetimes and binary data in the DataSet module. Previously binary data was encoded as base64, going forward hex is the new default. For base64 specify base64_bytes=True.
• Improvements to Postgres BinaryJSONField, support atomic removal of sub-elements, as well as alternate helper for extracting sub-elements and querying array length.
• Pydantic integration

View commits

4.0.1

• Ensure gr_context is set on greenlet in greenlet_spawn so that contextvars will be operable in sync handlers.
• Removed SqliteExtDatabase (it basically served no purpose in 4.0). Use SqliteDatabase instead.
• Moved driver and extension-specific pooled implementations into the corresponding extension module rather than putting all into playhouse.pool.
• Restore custom dumps option for postgres JSON fields.
• Major docs rewrite / reorganization.

View commits

Changelog

Sourced from peewee's changelog.

4.0.5

• Fix bug where db_value() may not get called in subclasses of Postgres JSONField / BinaryJSONField, refs #3044.
• Fix bug where indexes for table may be defined on multiple schema, #3043.
• Always fall-through to base exception class if exception is not recognized in DB drivers. This simplifies checking driver-specific subclasses of standard DB-API exceptions.

View commits

4.0.4

• Fix SQL generation for partial indexes with nulls (not) distinct clause.
• Raise an ImproperlyConfigured if pg driver unavailable at model definition-time when field db-hooks are used, rather than AttributeError.

View commits

4.0.3

• Refactor test suite - this was a mechanical refactor, just moving things around and trying to group things more clearly. Also added new tests covering some gaps.
• Expand multi-value types to include generator expressions, so you can write stuff like .in(a for a in iterable if cond).
• Ensure quotes embedded in entity names are escaped.
• Improved specification of FOR UPDATE clauses.
• Fix for negative values in paginate() method.
• Fix for newer MySQL server versions in feature detection code.
• More robust handling of unusual aliases / invalid attr names in cursor wrapper.
• Better handling of duplicated column names in cursor wrapper implementations.
• Improve performance of ModelCursorWrapper when reconstructing model instance graphs after multi-table selects.
• If only psycopg3 is installed, use it by default (#3036)

View commits

4.0.2

• Remove all Python 2.x compatibility code.
• Add streaming result cursors to pwasyncio module via db.iterate(query).
• Better serialization and deserialization of datetimes and binary data in the DataSet module. Previously binary data was encoded as base64, going forward hex is the new default. For base64 specify base64_bytes=True.
• Improvements to Postgres BinaryJSONField, support atomic removal of sub-elements, as well as alternate helper for extracting sub-elements and querying array length.
• Pydantic integration

... (truncated)

Commits

• 93da1ac 4.0.5
• b0b5f1a Tests for #3044 - custom db_value in json field subclass
• 4f2bbfb Pass through to db_value(), don't just naively wrap. fixes #3044
• 19a1ca7 Ensure we don't introspect pg indexes defined on diff schema.
• 2fc7057 Merge pull request #3042 from JacksonKontny/add-scalars-documentation
• eb909b1 Add documentation for scalars method
• e031803 Rename some duplicate-named tests.
• 6575593 Few more clarifications for gaps in docs.
• be15346 Clarify some inconsistencies in doc
• f3d8645 Always fallback to base if exc not in known db-api for wrapper.
• Additional commits viewable in compare view

Updates phonenumbers from 9.0.24 to 9.0.29

Commits

• 510e486 Prep for 9.0.29 release
• 61b9db6 Generated files for metadata
• 8ed9a07 Merge metadata changes from upstream 9.0.29
• 6e7a12a Prep for 9.0.28 release
• ff287ef Merge code changes from upstream 9.0.28
• 665a4a7 Generated files for metadata
• 57d319d Merge metadata changes from upstream 9.0.28
• 3b082bf Prep for 9.0.27 release
• c496532 Generated files for metadata
• ee29e85 Merge metadata changes from upstream 9.0.27
• Additional commits viewable in compare view

Updates pyopenssl from 25.3.0 to 26.1.0

Changelog

Sourced from pyopenssl's changelog.

26.1.0 (2026-04-24)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations: ^^^^^^^^^^^^^

Changes: ^^^^^^^^

• Maximum supported cryptography version is now 47.x.
• Fixed X509Name field setters to correctly pass the value length to OpenSSL. Previously, values containing NUL bytes would be silently truncated, causing a divergence between the stored ASN.1 value and the value visible from Python. Credit to BudongJW for reporting the issue. CVE-2026-40475

26.0.0 (2026-03-15)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Dropped support for Python 3.7.
• The minimum cryptography version is now 46.0.0.

Deprecations: ^^^^^^^^^^^^^

Changes: ^^^^^^^^

• Added support for using aws-lc instead of OpenSSL.
• Properly raise an error if a DTLS cookie callback returned a cookie longer than DTLS1_COOKIE_LENGTH bytes. Previously this would result in a buffer-overflow. Credit to dark_haxor for reporting the issue. CVE-2026-27459
• Added OpenSSL.SSL.Connection.get_group_name to determine which group name was negotiated.
• Context.set_tlsext_servername_callback now handles exceptions raised in the callback by calling sys.excepthook and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to Leury Castillo for reporting this issue. CVE-2026-27448

Commits

• 3be23b6 Prepare 26.1.0 release (#1495)
• e6be3fc Add note on versioning policy (#1494)
• 402177b Bump actions/upload-artifact in /.github/actions/upload-coverage (#1492)
• 08c796c Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#1491)
• 12478f5 Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (#1489)
• f72218e Add +/- 1 second tolerance for clock adjustments (#1481)
• 358cbf2 Prepare for 26.0.0 release (#1487)
• a8d28e7 Bump actions/cache from 4 to 5 (#1486)
• 6fefff0 Add aws-lc compatibility to tests and CI (#1476)
• a739f96 Bump actions/download-artifact from 8.0.0 to 8.0.1 (#1485)
• Additional commits viewable in compare view

Updates requests from 2.32.5 to 2.33.1

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

New Contributors

• @​ferdnyc made their first contribution in psf/requests#7277

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

v2.33.0

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

New Contributors

• @​M0d3v1 made their first contribution in psf/requests#6865
• @​aminvakil made their first contribution in psf/requests#7220
• @​E8Price made their first contribution in psf/requests#6960
• @​mitre88 made their first contribution in psf/requests#7244
• @​magsen made their first contribution in psf/requests#6553
• @​Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

Commits

• 111d2b7 v2.33.1
• f0198e6 Fix malformed value parsing for Content-Type (#7309)
• bc7dd0f Fix cosmetic header validity parsing regex (#7308)
• 4443b1a Fix unintended test extra (#7306)
• 389eea5 Cleanup extracted file after extract_zipped_path test (#7305)
• 7407309 Packaging: DRY out extras definition (#7277)
• bc04dfd v2.33.0
• 66d21cb Merge commit from fork
• 8b9bc8f Move badges to top of README (#7293)
• e331a28 Remove unused extraction call (#7292)
• Additional commits viewable in compare view

Updates pytest from 9.0.2 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

• #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

• #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

  Previously this resulted in an internal assertion failure during plugin loading.

  Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

• #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

• #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

• #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

• #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
• #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
• #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
• #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

• #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

  -- by aleguy02

Commits

• a7d58d7 Prepare release version 9.0.3
• 089d981 Merge pull request #14366 from bluetech/revert-14193-backport
• 8127eaf Revert "Fix: assertrepr_compare respects dict insertion order (#14050) (#14193)"
• 99a7e60 Merge pull request #14363 from pytest-dev/patchback/backports/9.0.x/95d8423bd...
• ddee02a Merge pull request #14343 from bluetech/cve-2025-71176-simple
• 74eac69 doc: Update training info (#14298) (#14301)
• f92dee7 Merge pull request #14267 from pytest-dev/patchback/backports/9.0.x/d6fa26c62...
• 7ee58ac Merge pull request #12378 from Pierre-Sassoulas/fix-implicit-str-concat-and-d...
• 37da870 Merge pull request #14259 from mitre88/patch-4 (#14268)
• c34bfa3 Add explanation for string context diffs (#14257) (#14266)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions