deps: bump the prod-deps group across 1 directory with 37 updates

[dependabot]

Updates the requirements on django, psycopg2-binary, celery, hiredis, django-compressor, django-pint, django-post-office, drf-yasg, jellyfish, markdown, pyyaml, xlsxwriter, xmlschema, lark, pandas, simple-salesforce, shapely, django-treebeard, django-two-factor-auth[phonenumbers], importlib-metadata, boto3, django-ses, uwsgi, coverage, coveralls, tox, psutil, faker, vcrpy, pytest, pre-commit, sphinx, sphinxcontrib-spelling, sphinx-rtd-theme, docutils, hypothesis and django-debug-toolbar to permit the latest version.
Updates django from 4.2.26 to 6.0.1

Commits

• 85eb963 [6.0.x] Bumped version for 6.0.1 release.
• ac4a550 [6.0.x] Added release date for 6.0.1.
• dcfc5b0 [6.0.x] Added release date for 5.2.10.
• 42bab76 [6.0.x] Fixed #36843, #36793 -- Reverted "Fixed #27489 -- Renamed permissions...
• 764af47 [6.0.x] Refs #33647 -- Fixed silent data truncation in bulk_create on Postgres.
• b7b5465 [6.0.x] Fixed #36829 -- Reverted value of ClearableFileInput.use_fieldset to ...
• 90daa65 [6.0.x] Fixed #30515 -- Documented resolve_url() in docs/topics/http/shortcut...
• d35daf8 [6.0.x] Fixed #36796 -- Handled lazy routes correctly in RoutePattern.match().
• 16107ab [6.0.x] Refs #36810 -- Avoided infinite recursion in LazyNonce.repr().
• 774543e [6.0.x] Fixed #36305 -- Added documentation indentation guidelines to contrib...
• Additional commits viewable in compare view

Updates psycopg2-binary from 2.9.10 to 2.9.11

Changelog

Sourced from psycopg2-binary's changelog.

Current release

What's new in psycopg 2.9.11 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.14.
• Avoid a segfault passing more arguments than placeholders if Python is built with assertions enabled (:ticket:[#1791](https://github.com/psycopg/psycopg2/issues/1791)).
• Add riscv64 platform binary packages (:ticket:[#1813](https://github.com/psycopg/psycopg2/issues/1813)).
• ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 18.
• Drop support for Python 3.8.

What's new in psycopg 2.9.10 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.13.
• Receive notifications on commit (:ticket:[#1728](https://github.com/psycopg/psycopg2/issues/1728)).
• ~psycopg2.errorcodes map and ~psycopg2.errors classes updated to PostgreSQL 17.
• Drop support for Python 3.7.

What's new in psycopg 2.9.9 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Add support for Python 3.12.
• Drop support for Python 3.6.

What's new in psycopg 2.9.8 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Wheel package bundled with PostgreSQL 16 libpq in order to add support for recent features, such as sslcertmode.

What's new in psycopg 2.9.7 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Fix propagation of exceptions raised during module initialization (:ticket:[#1598](https://github.com/psycopg/psycopg2/issues/1598)).
• Fix building when pg_config returns an empty string (:ticket:[#1599](https://github.com/psycopg/psycopg2/issues/1599)).
• Wheel package bundled with OpenSSL 1.1.1v.

What's new in psycopg 2.9.6 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

... (truncated)

Commits

• fd9ae8c chore: bump to version 2.9.11
• d923840 chore: update docs requirements
• d42dc71 Merge branch 'fix-1791'
• 4fde656 fix: avoid failed assert passing more arguments than placeholders
• 8308c19 fix: drop warning about the use of deprecated PyWeakref_GetObject function
• 1a1eabf build(deps): bump actions/github-script from 7 to 8
• 897af8b build(deps): bump peter-evans/repository-dispatch from 3 to 4
• ceefd30 build(deps): bump actions/checkout from 4 to 5
• 4dc5854 build(deps): bump actions/setup-python from 5 to 6
• 1945788 Merge pull request #1802 from edgarrmondragon/cp314-wheels
• Additional commits viewable in compare view

Updates celery from 5.5.3 to 5.6.2

Release notes

Sourced from celery's releases.

v5.6.2

What's Changed

• Fix recursive WorkController instantiation in DjangoWorkerFixup + AttributeError when pool_cls is a string by @​bruunotrindade in celery/celery#10045
• Bugfix: Revoked tasks now immediately update backend status to REVOKED by @​Nusnus in celery/celery#9869
• Prepare for release: v5.6.2 by @​Nusnus in celery/celery#10049

New Contributors

• @​bruunotrindade made their first contribution in celery/celery#10045

Full Changelog: celery/celery@v5.6.1...v5.6.2

v5.6.1

What's Changed

• Fix Redis Sentinel ACL authentication support by @​anthonykuzmich7 in celery/celery#10013
• Fix: Broker heartbeats not sent during graceful shutdown by @​weetster in celery/celery#9986
• docs #5410 -- Document confirm_publish broker transport option by @​JaeHyuckSa in celery/celery#10016
• close DB pools only in prefork mode by @​petrprikryl in celery/celery#10020
• Fix: Avoid unnecessary Django database connection creation during cleanup by @​snopoke in celery/celery#10015
• reliable prefork detection by @​petrprikryl in celery/celery#10023
• better coverage by @​petrprikryl in celery/celery#10029
• Docs: clarify result_extended vs periodic task metadata and show headers["periodic_task_name"] example by @​SpaceShaman in celery/celery#10030
• Stop importing pytest_subtests by @​cjwatson in celery/celery#10032
• Only use exceptiongroup backport for Python < 3.11 by @​cjwatson in celery/celery#10033
• Prepare for release: v5.6.1 by @​Nusnus in celery/celery#10037

New Contributors

• @​anthonykuzmich7 made their first contribution in celery/celery#10013
• @​weetster made their first contribution in celery/celery#9986
• @​JaeHyuckSa made their first contribution in celery/celery#10016
• @​snopoke made their first contribution in celery/celery#10015
• @​SpaceShaman made their first contribution in celery/celery#10030

Full Changelog: celery/celery@v5.6.0...v5.6.1

v5.6.0

Celery v5.6.0 is now available.

Key Highlights

See What's new in Celery 5.6 for a complete overview or read the main highlights below.

Python 3.9 Minimum Version

Celery 5.6.0 drops support for Python 3.8 (EOL). The minimum required Python version is now 3.9. Users still on Python 3.8 must upgrade their Python version before upgrading to Celery 5.6.0.

Additionally, this release includes initial support for Python 3.14.

SQS: Reverted to pycurl from urllib3

The switch from pycurl to urllib3 for the SQS transport (introduced in Celery 5.5.0 via Kombu) has been reverted due to critical issues affecting SQS users.

... (truncated)

Changelog

Sourced from celery's changelog.

5.6.2

:release-date: 2026-01-04 :release-by: Tomer Nosrati

What's Changed

- Fix recursive WorkController instantiation in DjangoWorkerFixup + AttributeError when pool_cls is a string ([#10045](https://github.com/celery/celery/issues/10045))
- Bugfix: Revoked tasks now immediately update backend status to REVOKED ([#9869](https://github.com/celery/celery/issues/9869))
- Prepare for release: v5.6.2 ([#10049](https://github.com/celery/celery/issues/10049))
.. _version-5.6.1:
5.6.1
:release-date: 2025-12-29
:release-by: Tomer Nosrati
What's Changed

• Fix Redis Sentinel ACL authentication support (#10013)
• Fix: Broker heartbeats not sent during graceful shutdown (#9986)
• docs #5410 -- Document confirm_publish broker transport option (#10016)
• close DB pools only in prefork mode (#10020)
• Fix: Avoid unnecessary Django database connection creation during cleanup (#10015)
• reliable prefork detection (#10023)
• better coverage (#10029)
• Docs: clarify result_extended vs periodic task metadata and show headers["periodic_task_name"] example (#10030)
• Stop importing pytest_subtests (#10032)
• Only use exceptiongroup backport for Python < 3.11 (#10033)
• Prepare for release: v5.6.1 (#10037)

.. _version-5.6.0:

5.6.0

:release-date: 2025-11-30 :release-by: Tomer Nosrati

Celery v5.6.0 is now available.

Key Highlights

See :ref:`whatsnew-5.6` for a complete overview or read the main highlights below.
</tr></table> 

... (truncated)

Commits

• 6a43c84 Prepare for release: v5.6.2 (#10049)
• 333a82f Bugfix: Revoked tasks now immediately update backend status to REVOKED (#9869)
• 9d6ab11 Fix recursive WorkController instantiation in DjangoWorkerFixup + AttributeEr...
• 21dbc73 Prepare for release: v5.6.1 (#10037)
• ba20bed Only use exceptiongroup backport for Python < 3.11 (#10033)
• 2167529 Stop importing pytest_subtests
• 0527296 Bump google-cloud-firestore from 2.21.0 to 2.22.0
• 5f8659b Clarify 'result_extended' setting usage in tasks
• f19db70 Bump mypy from 1.19.0 to 1.19.1 (#10028)
• 6da72bd better coverage (#10029)
• Additional commits viewable in compare view

Updates hiredis from 3.2.1 to 3.3.0

Release notes

Sourced from hiredis's releases.

3.3.0

Changes

• Add Python 3.14 to CI and wheels (#213 by @​zweizeichen)

Contributors

We'd like to thank all the contributors who worked on this release!

Commits

• 187d0f3 Version 3.3.0
• 3efcf03 Add Python 3.14 to CI and wheels (#213) (#215)
• 966cede Fix assertion in reader.c (#212)
• 78def30 Bump version to 3.3.0-dev
• See full diff in compare view

Updates django-compressor from 4.5.1 to 4.6.0

Changelog

Sourced from django-compressor's changelog.

Changelog

v4.6 (2025-11-10)

Full list of changes from v4.5.1 <https://github.com/django-compressor/django-compressor/compare/4.5.1...4.6>_

• Fixed compatibility with latest BS4.
• Removed top pin for rcssmin and rjsmin dependencies.
• Avoid compressing the same node concurrently in offline compression.
• Avoid use of deprecated ast.Constant.s
• Officially support Django 6.0
• Officially support Django 5.2
• Drop support for EOL Django 5.0
• Add support for Python 3.14.
• Add support for Python 3.13.
• Drop support for EOL Python 3.9.
• Drop support for EOL Python 3.8.

Commits

• 3ada994 Prepare 4.6.0.
• 1baa82a Remove CI testing for EOL Django 5.0.
• 8706a52 Add CI testing for Python 3.14 and Django 6.0.
• 7be9ce2 Bump brotli, lxml, and coverage test dependencies.
• d6fd813 Remove test version pinning for rcssmin and rjsmin.
• 2b46e7d Bump actions/setup-python from 5 to 6 (#1307)
• b97bb05 Disable bs4's multi valued attributes (#1296)
• 4e54330 Migrate packaging to pyproject.toml (#1313)
• 872f8d5 Remove version pinning for rcssmin and rjsmin (#1312)
• cc38666 Drop support for Python 3.9 (#1311)
• Additional commits viewable in compare view

Updates django-pint from 0.7.3 to 1.0.4

Release notes

Sourced from django-pint's releases.

v1.0.4

• Fix support for expressions (subqueries) in bulk updates (CarliJoy/django-pint#119)

v1.0.3

• Correct minimal Django version to 5.2 in pyproject.toml
• Fix documentation builds

Fix PyPI signatures

Fix broken pipeline for PyPI Sigstore uploads. No source code changes.

v1.0.1

Fix a problem with the release pipeline. No source code changes.

v1.0.0

What's Changed

• Makefile for easier dev setup by @​mmarras in CarliJoy/django-pint#100
• try unit conversion instead of literal dimensionality check #99 by @​mmarras in CarliJoy/django-pint#101
• convert numeric types to str before calling Decimal by @​SamuelJennings in CarliJoy/django-pint#108
• Migrate to pyproject and ruff by @​CarliJoy in CarliJoy/django-pint#118

New Contributors

• @​mmarras made their first contribution in CarliJoy/django-pint#100
• @​Adiorz made their first contribution in CarliJoy/django-pint#117

Full Changelog: CarliJoy/django-pint@v0.7.3...v1.0.0

Changelog

Sourced from django-pint's changelog.

Version 1.0.4

• Fix support for expressions (subqueries) in bulk updates (by @Adiorz, issue [#119](https://github.com/CarliJoy/django-pint/issues/119) <https://github.com/CarliJoy/django-pint/issues/119>_)

Version 1.0.3

• Correct minimal Django version to 5.2 in pyproject.toml
• Fix documentation builds

Version 1.0.2

• Fix broken pipeline for PyPI Sigstore uploads. No source code changes.

Version 1.0.1

• Fix Problem in Publish Pipeline using old upload-artifact (no source code changes)

Version 1.0.0

• Start following SemVer <https://semver.org/spec/v2.0.0.html>_
• Convert numeric types to str before calling Decimal [#101](https://github.com/CarliJoy/django-pint/issues/101) by @mmarra <https://github.com/CarliJoy/django-pint/pull/101>_
• Try unit conversion instead of literal dimensionality check [#108](https://github.com/CarliJoy/django-pint/issues/108) by @SamuelJennings <https://github.com/CarliJoy/django-pint/pull/108>_
• Drop support for Python 3.8 and 3.9 and Django 3.2
• Add support for Python 3.12, 3.13 and 3.14 and Django 6.0 [#116](https://github.com/CarliJoy/django-pint/issues/116) by @Adiorz <https://github.com/CarliJoy/django-pint/pull/117>_
• Modernize project setup: Use pyproject.toml only and ruff.

Version 0.7.2

• fix conversion of number input to DecimalField (issue [#106](https://github.com/CarliJoy/django-pint/issues/106) <https://github.com/CarliJoy/django-pint/issues/106>_)

Version 0.7.1

• fix wrong unit display in widget (issue [#43](https://github.com/CarliJoy/django-pint/issues/43) <https://github.com/CarliJoy/django-pint/issues/43>_)

Version 0.7.0

• drop support for Django (<3.2) and Python Versions (<3.7) as they reached EOL
• add PositiveIntegerQuantityField (merge request [#39](https://github.com/CarliJoy/django-pint/issues/39) from jwygoda_)
• fix display of negative and scientific numbers in Widget (merger request [#41](https://github.com/CarliJoy/django-pint/issues/41) from mikeford3_)

Version 0.6.3

• fix error with Django 3.2 (issue [#36](https://github.com/CarliJoy/django-pint/issues/36)_)
• remove PrecisionError
• restructure function a bit, add more type annotations

Version 0.6.2

• only a internal technical release as the PyPi token had to be removed due to security breach before and no new token was set before

... (truncated)

Commits

• a1179f5 Merge pull request #120 from Adiorz/fix/support-expressions-in-bulk-updates
• 432792b docs: added author and issue
• 6d8b267 docs: add patch release entry to changelog
• 9d2514b [pre-commit.ci] auto fixes from pre-commit.com hooks
• 342cd92 fix: support expressions (subqueries) in bulk updates
• 2ab1034 👽 update used ci/cd template
• a4bb6bc Merge pull request #116 from CarliJoy/pre-commit-ci-update-config
• 092c8b8 [pre-commit.ci] auto fixes from pre-commit.com hooks
• eedda5d [pre-commit.ci] pre-commit autoupdate
• 67fa3b9 Fix minimal django version
• Additional commits viewable in compare view

Updates django-post-office from 3.10.1 to 3.11.0

Release notes

Sourced from django-post-office's releases.

v3.11

• Added Python 3.14 and Django 6.0 compatibility. Thanks @​selwin!
• Replaced bleach with nh3 for HTML sanitization. bleach has been deprecated since 2023. Thanks @​selwin!
• Added SESWebhookHandler and SparkPostWebhookHandler for handling webhook events (beta feature). Thanks @​selwin!
• Optimized the way templates are fetched during email delivery. Thanks @​selwin!

Changelog

Sourced from django-post-office's changelog.

Changelog

Unreleased

• Replaced bleach with nh3 for HTML sanitization. bleach has been deprecated since 2023. Thanks @​selwin!
• Added SESWebhookHandler and SparkPostWebhookHandler for handling webhook events (beta feature). Thanks @​selwin!
• Optimized the way templates are fetched during email delivery. Thanks @​selwin!

Commits

• 825af68 Bump version to 3.11
• 99be3b5 Delete publish.yml (#513)
• a360b79 Improve tests (#509)
• fe7c583 Python314 fix (#511)
• 0556f5e Updated test.yml so tests don't get triggered twice (#512)
• 00ddbc1 Webhooks (#510)
• 936d1ac Updated README.md
• 91fbc6c Webhook handlers (#505)
• 0f68aaf Merge branch 'webhooks'
• 5b7fdf9 Move tests (#508)
• Additional commits viewable in compare view

Updates drf-yasg from 1.21.10 to 1.21.14

Release notes

Sourced from drf-yasg's releases.

1.21.14

FIXED: Fix missing swagger-ui sourcemaps (#950)

1.21.12

FIXED: Bring the bundled swagger ui up to date (#944) IMPROVED: Update the logout button to use a POST request. (#945) ADDED: Add a live demo domain (#946) ADDED: Handle annotations that are not available at runtime (#941)

1.21.11

FIXED: Fix list views with parameters in last path segment not named "list" views (#917) ADDED: Allow overriding produces/consumes with @​swagger_auto_schema decorator (#916) FIXED: Fix filter parameters not appearing in swagger with django-filter>=25 (#926) IMPROVED: Update Python, Django, and DRF versions and packaging configuration (#922) IMPROVED: Remove usage of pkg_resources (#928) FIXED: Fix call_view_method warning to include the method name again (#923) ADDED: Add a hide download button option (#848) ADDED: Add ruff linters (#903)

Changelog

Sourced from drf-yasg's changelog.

######### Changelog #########

---

1.21.14

---

---

1.21.13

---

FIXED: Fix missing swagger-ui sourcemaps (:pr:950)

---

1.21.12

---

FIXED: Bring the bundled swagger ui up to date (:pr:944) IMPROVED: Update the logout button to use a POST request. (:pr:945) ADDED: Add a live demo domain (:pr:946) ADDED: Handle annotations that are not available at runtime (:pr:941)

---

1.21.11

---

FIXED: Fix list views with parameters in last path segment not named "list" views (:pr:917) ADDED: Allow overriding produces/consumes with @​swagger_auto_schema decorator (:pr:916) FIXED: Fix filter parameters not appearing in swagger with django-filter>=25 (:pr:926) IMPROVED: Update Python, Django, and DRF versions and packaging configuration (:pr:922) IMPROVED: Remove usage of pkg_resources (:pr:928) FIXED: Fix call_view_method warning to include the method name again (:pr:923) ADDED: Add a hide download button option (:pr:848) ADDED: Add ruff linters (:pr:903)

---

1.21.10

---

FIXED: Fix type hints when using postponed evaluation of annotations (PEP-563) (:pr:840) IMPROVED: Update JSON & YAML renderers to not use a "." in their format string (:pr:911) FIXED: Fix lint errors when comparing types with == instead of is (:pr:868) IMPROVED: Update swagger-ui-dist to address CVE-2021-46708 (:pr:904)

---

1.21.9

---

ADDED: Added support for zoneinfo object fields (:pr:908)

... (truncated)

Commits

• 7dceb27 Add version 1.21.14 details to the changelog (#952)
• 763cdd6 Add version 1.21.13 details to the changelog (#951)
• a0559fc Add missing swagger-ui sourcemaps (#950)
• 2bf74d0 Add version 1.21.12 details to the changelog (#948)
• b421e89 swagger ui fix (#944)
• 40fee2b Add live demo domain and environment variables (#946)
• 1785b84 Update logout button to use POST request. (#945)
• 0522cc1 Rename github actions files to .yaml (#942)
• 3a38123 Bump actions/checkout from 5 to 6 in the github-actions group (#943)
• b252a0d Handle annotations not available at runtime (#941)
• Additional commits viewable in compare view

Updates jellyfish from 1.2.0 to 1.2.1

Updates markdown from 3.9 to 3.10.1

Release notes

Sourced from markdown's releases.

Release 3.10.1

Fixed

• Ensure nested elements inside inline comments are properly unescaped (#1571).
• Make the docs build successfully with mkdocstrings-python 2.0 (#1575).
• Fix infinite loop when multiple bogus or unclosed HTML comments appear in input (#1578).
• Fix another infinite loop when handling bad comments (#1586).

Release 3.10.0

Changed

• Officially support Python 3.14 and PyPy 3.11 and drop support for Python 3.9 and PyPy 3.9.

Fixed

• Fix an HTML comment parsing case in some Python versions that can cause an infinite loop (#1554).
• Revert the default behavior of USE_DEFINITION_ORDER (to True). The new behavior introduced in 3.9.0 is experimental and results are inconsistent. It should not have been made the default behavior (#1561).

Changelog

Sourced from markdown's changelog.

[3.10.1] - 2026-01-21

Fixed

• Ensure nested elements inside inline comments are properly unescaped (#1571).
• Make the docs build successfully with mkdocstrings-python 2.0 (#1575).
• Fix infinite loop when multiple bogus or unclosed HTML comments appear in input (#1578).
• Fix another infinite loop when handling bad comments (#1586).

[3.10.0] - 2025-11-03

Changed

• Officially support Python 3.14 and PyPy 3.11 and drop support for Python 3.9 and PyPy 3.9.

Fixed

• Fix an HTML comment parsing case in some Python versions that can cause an infinite loop (#1554).
• Revert the default behavior of USE_DEFINITION_ORDER (to True). The new behavior introduced in 3.9.0 is experimental and results are inconsistent. It should not have been made the default behavior (#1561).

[3.9.0] - 2025-09-04

Changed

• Footnotes are now ordered by the occurrence of their references in the document. A new configuration option for the footnotes extension, USE_DEFINITION_ORDER, has been added to support restoring the previous behavior of ordering footnotes by the occurrence of definitions (#1367).

Fixed

• Ensure inline processing iterates through elements in document order (#1546).
• Fix handling of incomplete HTML tags in code spans in Python 3.14 (#1547).

[3.8.2] - 2025-06-19

Fixed

• Fix codecs deprecation in Python 3.14 (#1537).
• Fix issue with unclosed comment parsing in Python 3.14 (#1537).
• Fix issue with unclosed declarations in Python 3.14 (#1537).
• Fix issue with unclosed HTML tag <foo and Python 3.14 (#1537).

[3.8.1] - 2025-06-18

Fixed

... (truncated)

Commits

• e5fa5b8 Bump version to 3.10.1
• f925349 More HTML fixes
• 9933a0a Revert "Allow reference links with backticks"
• 07dfa4e Allow reference links with backticks
• fb6b27a Fix infinite loop when text contains multiple unclosed comments
• 89112c2 Make the docs build successfully with mkdocstrings-python 2.0
• 961856c Update link
• 2b49115 Ensure nested elements inside inline comments are properly unescaped.
• 22e89c1 Bump version to 3.10
• c138aea + PY314 - PY39
• Additional commits viewable in compare view

Updates pyyaml from 6.0.2 to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

• Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

• yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)

Commits

• 49790e7 Release 6.0.3 (#889)
• See full diff in compare view

Updates xlsxwriter from 3.2.8 to 3.2.9

Changelog

Sourced from xlsxwriter's changelog.

Release 3.2.9 - September 16 2025

• Removed the py.typed file since it was causing a lot of downstream CI failures where consumers weren't handling the xlsxwriter types correctly or taking them into account.

  The file will be re-added once the xlsxwriter typing is more comprehensive.

Commits

• e943bee Prep for release 3.2.9
• 392bd9e typing: remove py.typed file
• See full diff in compare view

Updates xmlschema from 4.1.0 to 4.3.1

Release notes

Sourced from xmlschema's releases.

v4.3.1 (2026-01-17)

• normalize_url(): workaround for issue #467 (UNC paths with Python < 3.12.5)
• META_SCHEMA and BASE_SCHEMA paths converted to 'file' URL scheme
• Clean optional dependencies

v4.3.0 (2026-01-06)

• Add arguments validation for schemas and validation methods (by validation contexts)
• Add custom XPath parser for find/findall/iterfind APIs on schemas for match singleton sequence also if position is a number greater than 1 in predicate expression (issue #468)
• Improve build of XSD elements and groups, using a three-state built flag for components
• Extend and fix memory tests (Python 3.14+ seems to consume more memory)
• Drop support for Python 3.9 and add development support for Python 3.15

v4.2.0 (2025-10-14)

• Add arguments validation for schemas and validation methods (by validation contexts)
• Add SchemaSettings dataclass for storing read-only settings for schema instances and for managing package default settings
• Add block argument to XMLResource class (issue #464)
• Add MAX_SCHEMA_SOURCES package limit (1000, applied to XsdGlobals global maps instances)
• Add MAX_XML_ELEMENTS package limit (1,000,000, applied to non-lazy XMLResource instances)
• Reduce MAX_XML_DEPTH limit to 1000 and apply it to all XMLResource instances
• Fix for substitute match in case of unexpected child (issue #461)

Changelog

Sourced from xmlschema's changelog.

v4.3.1_ (2026-01-17)

• normalize_url(): workaround for issue #467 (UNC paths with Python < 3.12.5)
• META_SCHEMA and BASE_SCHEMA paths converted to 'file' URL scheme
• Clean optional dependencies

v4.3.0_ (2026-01-03)

• Add arguments validation for schemas and validation methods (by validation contexts)
• Add custom XPath parser for find/findall/iterfind APIs on schemas for match singleton sequence also if position is a number greater than 1 in predicate expression (issue #468)
• Improve build of XSD elements and groups, using a three-state built flag for components
• Extend and fix memory tests (Python 3.14+ seems to consume more memory)
• Drop support for Python 3.9 and add development support for Python 3.15

v4.2.0_ (2025-10-14)

• Add arguments validation for schemas and validation methods (by validation contexts)
• Add SchemaSettings dataclass for storing read-only settings for schema instances and for managing package default settings
• Add block argument to XMLResource class (issue #464)
• Add MAX_SCHEMA_SOURCES package limit (1000, applied to XsdGlobals global maps instances)
• Add MAX_XML_ELEMENTS package limit (1,000,000, applied to non-lazy XMLResource instances)
• Reduce MAX_XML_DEPTH limit to 1000 and apply it to all XMLResource instances
• Fix for substitute match in case of unexpected child (issue #461)

Commits

• 64b103f Add a test for meta-schema URLs and relax memory test for Python 3.14
• 508d1a2 Update bugfix release information and clean deps of pyproject.toml
• 4fc64bd Refactor LocationPath and add a workaround for issue #467
• dfec443 Don't serialize cached properties
• 91c1956 Add caching module with class SchemaCache
• 2bfb931 Update CI tests and release info
• a1d7d3c Change built status of components from bool to optional bool
• ce822bd Extend and fix memory tests
• fa41056 Add a custom XPath parser for schema find/findall/iterfind APIs
• b237528 Add a test with UNC path
• Additional commits viewable in compare view

Updates lark from 1.2.2 to 1.3.1

Release notes

Sourced from lark's releases.

1.3.1 - Bugfix + source build now contains complete project data

What's Changed

• Bugfix: Restore support for custom input, alongside text and TextSlice by @​erezsh in lark-parser/lark#1562
• Keep sdist in sync with git (include all files in source build, including docs, tests and examples) by @​chanicpanic in lark-parser/lark#1561

Full Changelog: lark-parser/lark@1.3.0...1.3.1

1.3.0 - Introduces text-slices, Earley fix, and various small improvements

New features

• Lark can now parse in sections of strings, using TextSlice, as a faster alternative to creating a "copy-slice" with s[i:j]. Learn more
• Added support to match on Tree instances
• When serializing a Lark instance, added the option to include the grammar object (before compilation).
• Added convenience method Tree.find_token()

Bugfixes

• Bugfix of an edge case in Earley related to representation of ambiguity.
• Bugfixes in the standalone parser related to imports
• Bugfix in indenter - now dedents always contain line information
• Various small bugfixes (see PR list below)

Full list of PRs

• Docs: Rephrase v_args() documentation to underline it only applies to Transformer classes by @​skepppy in lark-parser/lark#1458
• Tiny refactor for PR #1451 by @​erezsh in lark-parser/lark#1459
• Earley: share nodes created by the scanner with the completer by @​chanicpanic in lark-parser/lark#1451
• Better error in Lark.parse when using on_error when parser!=lalr (issue #1311) by @​erezsh in lark-parser/lark#1460
• Fix Symbol.__eq__ to return false when comparing with None by @​weaversam8 in lark-parser/lark#1481
• Mention internal/external transformers in the documentation by @​odanoburu in lark-parser/lark#1486
• Add Tree.find_token() method by @​makukha in lark-parser/lark#1467
• Type Terminal.__init__ by @​Liam-DeVoe in lark-parser/lark#1503
• Add guidance on handling comments in languages with significant indentation by @​nchammas in lark-parser/lark#1502
• [docs] Small fix for PR 1507 by @​erezsh in lark-parser/lark#1508
• Add note on binding power of numeric quantifiers by @​414owen in lark-parser/lark#1507
• Wrap functools.partial in staticmethod() to add compatibility with Python 3.14 by @​hrnciar in lark-parser/lark#1483
• Fix generic type of Transformer_InPlaceRecursive by @​lbhm in lark-parser/lark#1518
• Added TextSlice; Lark can now parse/lex a text-slice by @​erezsh in lark-parser/lark#1452
• Support match on tree by @​colm...

  Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.