Bump the all group across 1 directory with 7 updates

[dependabot]

Bumps the all group with 7 updates in the / directory:

Package	From	To
click	8.3.1	8.3.2
cryptography	46.0.5	46.0.6
django	5.2.11	5.2.12
pyasn1	0.6.2	0.6.3
tomli	2.4.0	2.4.1
uvicorn	0.41.0	0.44.0
whitenoise	6.11.0	6.12.0

Updates click from 8.3.1 to 8.3.2

Release notes

Sourced from click's releases.

8.3.2

This is the Click 8.3.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.3.2/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-2 Milestone: https://github.com/pallets/click/milestone/29

• Fix handling of flag_value when is_flag=False to allow such options to be used without an explicit value. #3084 #3152
• Hide Sentinel.UNSET values as None when using lookup_default(). #3136 #3199 #3202 #3209 #3212 #3224
• Prevent _NamedTextIOWrapper from closing streams owned by StreamMixer. #824 #2991 #2993 #3110 #3139 #3140
• Add comprehensive tests for CliRunner stream lifecycle, covering logging interaction, multi-threaded safety, and sequential invocation isolation. Add high-iteration stress tests behind a stress marker with a dedicated CI job. #3139
• Fix callable flag_value being instantiated when used as a default via default=True. #3121 #3201 #3213 #3225

Changelog

Sourced from click's changelog.

Version 8.3.2

Released 2026-04-02

• Fix handling of flag_value when is_flag=False to allow such options to be used without an explicit value. :issue:3084 :pr:3152
• Hide Sentinel.UNSET values as None when using lookup_default(). :issue:3136 :pr:3199 :pr:3202 :pr:3209 :pr:3212 :pr:3224
• Prevent _NamedTextIOWrapper from closing streams owned by StreamMixer. :issue:824 :issue:2991 :issue:2993 :issue:3110 :pr:3139 :pr:3140
• Add comprehensive tests for CliRunner stream lifecycle, covering logging interaction, multi-threaded safety, and sequential invocation isolation. Add high-iteration stress tests behind a stress marker with a dedicated CI job. :pr:3139
• Fix callable flag_value being instantiated when used as a default via default=True. :issue:3121 :pr:3201 :pr:3213 :pr:3225

Commits

• 052c006 Change update release date.
• 502b7ce Merge branch 'stable' of https://github.com/pallets/click into release-8.3.2
• a0a37e4 Change publish to werkzeug latest. (#3301)
• 57be6fc Change publish to werkzeug latest.
• 781d6a8 Update publish workflows (#3266)
• ff795b6 Update precommit pins with tox
• dd87ef4 Update github action pins with tox
• 93d3f9d Release version 8.3.2
• 3299ba1 Add missing PR to changelog. (#3264)
• b7f62c4 Add missing PR to changelog.
• Additional commits viewable in compare view

Updates cryptography from 46.0.5 to 46.0.6

Changelog

Sourced from cryptography's changelog.

46.0.6 - 2026-03-25

* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied
  to peer names during verification when the leaf certificate contains a
  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,
  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for
  reporting the issue. **CVE-2026-34073**
.. _v46-0-5:

Commits

• 91d7288 Cherry-pick #14542 (#14543)
• See full diff in compare view

Updates django from 5.2.11 to 5.2.12

Commits

• 4f382ca [5.2.x] Bumped version for 5.2.12 release.
• b07ed2a [5.2.x] Fixed CVE-2026-25674 -- Prevented potentially incorrect permissions o...
• 4d3c184 [5.2.x] Fixed CVE-2026-25673 -- Simplified URLField scheme detection.
• 94e7f17 [5.2.x] Refs #36944 -- Added missing versionchanged annotation for MAX_LENGTH...
• 951fe8b [5.2.x] Pinned black == 25.12.0 for black docs checks and ensured they pass.
• 1db60ed [5.2.x] Aligned docs checks between GitHub Actions and local development.
• 703777c [5.2.x] Fixed #36944 -- Removed MAX_LENGTH_HTML and related 5M chars limit re...
• a73eed2 [5.2.x] Pinned black == 25.12.0 in GitHub actions, pre-commit and test requir...
• 490e495 [5.2.x] Bumped minimum isort version to 7.0.0.
• 2bc009b [5.2.x] Added stub release notes and release date for 5.2.12 and 4.2.29.
• Additional commits viewable in compare view

Updates pyasn1 from 0.6.2 to 0.6.3

Release notes

Sourced from pyasn1's releases.

Release 0.6.3

It's a minor release.

• Added nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).
• Fixed OverflowError from oversized BER length field.
• Fixed DeprecationWarning stacklevel for deprecated attributes.
• Fixed asDateTime incorrect fractional seconds parsing.

All changes are noted in the CHANGELOG.

Changelog

Sourced from pyasn1's changelog.

Revision 0.6.3, released 16-03-2026

• CVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (thanks for reporting, romanticpragmatism)
• Fixed OverflowError from oversized BER length field [issue #54](pyasn1/pyasn1#54) [pr #100](pyasn1/pyasn1#100)
• Fixed DeprecationWarning stacklevel for deprecated attributes [issue #86](pyasn1/pyasn1#86) [pr #101](pyasn1/pyasn1#101)
• Fixed asDateTime incorrect fractional seconds parsing [issue #81](pyasn1/pyasn1#81) [pr #102](pyasn1/pyasn1#102)

Commits

• af65c3b Prepare release 0.6.3
• 5a49bd1 Merge commit from fork
• 5494ba4 Fix asDateTime incorrect fractional seconds parsing (#102)
• 71f486e Fix DeprecationWarning stacklevel for deprecated attributes (#101)
• d7cb42d Fix OverflowError from oversized BER length field (#100)
• See full diff in compare view

Updates tomli from 2.4.0 to 2.4.1

Changelog

Sourced from tomli's changelog.

2.4.1

• Fixed
  • Limit number of parts of a TOML key to address quadratic time complexity

Commits

• c5f4469 Bump version: 2.4.0 → 2.4.1
• 2bcd262 Add change log for 2.4.1 and 2.3.1
• e1fdb94 Limit number of parts of a key (#286)
• c20c491 pre-commit autoupdate
• 920e20b Update performance benchmark and results
• 064e492 Merge pull request #280 from hukkin/version-2.4.0
• See full diff in compare view

Updates uvicorn from 0.41.0 to 0.44.0

Release notes

Sourced from uvicorn's releases.

Version 0.44.0

What's Changed

• Implement websocket keepalive pings for websockets-sansio by @​Kludex in Kludex/uvicorn#2888

Full Changelog: Kludex/uvicorn@0.43.0...0.44.0

Version 0.43.0

Changed

• Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)
• Use native context parameter for create_task on Python 3.11+ (#2859)
• Drop cast in ASGI types (#2875)

---

Full Changelog: Kludex/uvicorn@0.42.0...0.43.0

Version 0.42.0

Changed

• Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

• Escape brackets and backslash in httptools HEADER_RE regex (#2824)
• Fix multiple issues in websockets sans-io implementation (#2825)

---

New Contributors

• @​bysiber made their first contribution in Kludex/uvicorn#2825

---

Full Changelog: Kludex/uvicorn@0.41.0...0.42.0

Changelog

Sourced from uvicorn's changelog.

0.44.0 (April 6, 2026)

Added

• Implement websocket keepalive pings for websockets-sansio (#2888)

0.43.0 (April 3, 2026)

You can quit Uvicorn now. We heard you, @​pamelafox - all 47 of your Ctrl+C's (thanks for flagging it, and thanks to @​tiangolo for the fix 🙏). See the tweet.

Changed

• Emit http.disconnect ASGI receive() event on server shutting down for streaming responses (#2829)
• Use native context parameter for create_task on Python 3.11+ (#2859)
• Drop cast in ASGI types (#2875)

0.42.0 (March 16, 2026)

Changed

• Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

• Escape brackets and backslash in httptools HEADER_RE regex (#2824)
• Fix multiple issues in websockets sans-io implementation (#2825)

Commits

• edb54c4 Version 0.44.0 (#2890)
• 029be08 Implement websocket keepalive pings for websockets-sansio (#2888)
• 8d397c7 Version 0.43.0 (#2885)
• 587042d 🐛 Emit http.disconnect ASGI receive() event on server shutting down for s...
• c9a75fb chore(deps): bump the github-actions group with 3 updates (#2878)
• 84fd578 chore(deps): bump pygments from 2.19.2 to 2.20.0 (#2877)
• cd52d34 Use native context parameter for create_task on Python 3.11+ (#2859)
• 5211880 Drop cast in ASGI types (#2875)
• 1cb8e74 Add websocket 500 fallback header test (#2874)
• 28efbb2 chore(deps-dev): bump cryptography from 46.0.5 to 46.0.6 (#2873)
• Additional commits viewable in compare view

Updates whitenoise from 6.11.0 to 6.12.0

Changelog

Sourced from whitenoise's changelog.

6.12.0 (2026-02-27)

• Drop Python 3.9 support.
• Fix potential unauthorised file access vulnerability in "autorefesh" mode. See PR [#684](https://github.com/evansd/whitenoise/issues/684) <https://github.com/evansd/whitenoise/pull/684>__ for details, and a reminder that autorefresh mode has always been documented as unsuitable for production use. Thanks Seth Larson for reporting.

Commits

• 1e3a30b Version 6.12.0
• bc4c738 Merge pull request #684 from evansd/use-commonpath
• 505ed8d Use os.path.commonpath() to identify child paths
• b6d8ed4 Upgrade dependencies (#683)
• edc79de [pre-commit.ci] pre-commit autoupdate (#682)
• 79fb2f1 Bump the github-actions group with 2 updates (#680)
• 2b245df [pre-commit.ci] pre-commit autoupdate (#681)
• dcb50f3 Upgrade dependencies (#678)
• 1c4a746 [pre-commit.ci] pre-commit autoupdate (#677)
• e7f970a Bump actions/checkout from 5 to 6 in the github-actions group (#676)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.