pip: bump the pip-updates group across 1 directory with 10 updates

[dependabot]

Bumps the pip-updates group with 10 updates in the /api directory:

Package	From	To
anyio	4.9.0	4.10.0
certifi	2025.7.9	2025.8.3
charset-normalizer	3.4.2	3.4.3
cryptography	45.0.5	45.0.6
djangorestframework	3.16.0	3.16.1
docutils	0.21.2	0.22
jsonschema	4.24.0	4.25.1
requests	2.32.4	2.32.5
rpds-py	0.26.0	0.27.0
typing-extensions	4.14.1	4.15.0

Updates anyio from 4.9.0 to 4.10.0

Release notes

Sourced from anyio's releases.

4.10.0

• Added the feed_data() method to the BufferedByteReceiveStream class, allowing users to inject data directly into the buffer
• Added various class methods to wrap existing sockets as listeners or socket streams:
  • SocketListener.from_socket()
  • SocketStream.from_socket()
  • UNIXSocketStream.from_socket()
  • UDPSocket.from_socket()
  • ConnectedUDPSocket.from_socket()
  • UNIXDatagramSocket.from_socket()
  • ConnectedUNIXDatagramSocket.from_socket()
• Added a hierarchy of connectable stream classes for transparently connecting to various remote or local endpoints for exchanging bytes or objects
• Added context manager mix-in classes (anyio.ContextManagerMixin and anyio.AsyncContextManagerMixin) to help write classes that embed other context managers, particularly cancel scopes or task groups (#905; PR by @​agronholm and @​tapetersen)
• Added the ability to specify the thread name in start_blocking_portal() (#818; PR by @​davidbrochart)
• Added anyio.notify_closing to allow waking anyio.wait_readable and anyio.wait_writable before closing a socket. Among other things, this prevents an OSError on the ProactorEventLoop. (#896; PR by @​graingert)
• Incorporated several documentation improvements from the EuroPython 2025 sprint (special thanks to the sprinters: Emmanuel Okedele, Jan Murre, Euxenia Miruna Goia and Christoffer Fjord)
• Added a documentation page explaining why one might want to use AnyIO's APIs instead of asyncio's
• Updated the to_interpreters module to use the public concurrent.interpreters API on Python 3.14 or later
• Fixed anyio.Path.copy() and anyio.Path.copy_into() failing on Python 3.14.0a7
• Fixed return annotation of __aexit__ on async context managers. CMs which can suppress exceptions should return bool, or None otherwise. (#913; PR by @​Enegg)
• Fixed rollover boundary check in SpooledTemporaryFile so that rollover only occurs when the buffer size exceeds max_size (#915; PR by @​11kkw)
• Migrated testing and documentation dependencies from extras to dependency groups
• Fixed compatibility of anyio.to_interpreter with Python 3.14.0b2 (#926; PR by @​hroncok)
• Fixed SyntaxWarning on Python 3.14 about return in finally (#816)
• Fixed RunVar name conflicts. RunVar instances with the same name should not share storage (#880; PR by @​vimfu)
• Renamed the BrokenWorkerIntepreter exception to BrokenWorkerInterpreter. The old name is available as a deprecated alias. (#938; PR by @​ayussh-verma)
• Fixed an edge case in CapacityLimiter on asyncio where a task, waiting to acquire a limiter gets cancelled and is subsequently granted a token from the limiter, but before the cancellation is delivered, and then fails to notify the next waiting task (#947)

Changelog

Sourced from anyio's changelog.

Version history

This library adheres to Semantic Versioning 2.0 <http://semver.org/>_.

UNRELEASED

• Set None as the default type argument for anyio.abc.TaskStatus

4.10.0

• Added the feed_data() method to the BufferedByteReceiveStream class, allowing users to inject data directly into the buffer

• Added various class methods to wrap existing sockets as listeners or socket streams:

  • SocketListener.from_socket()
  • SocketStream.from_socket()
  • UNIXSocketStream.from_socket()
  • UDPSocket.from_socket()
  • ConnectedUDPSocket.from_socket()
  • UNIXDatagramSocket.from_socket()
  • ConnectedUNIXDatagramSocket.from_socket()

• Added a hierarchy of connectable stream classes for transparently connecting to various remote or local endpoints for exchanging bytes or objects

• Added context manager mix-in classes (anyio.ContextManagerMixin and anyio.AsyncContextManagerMixin) to help write classes that embed other context managers, particularly cancel scopes or task groups ([#905](https://github.com/agronholm/anyio/issues/905) <https://github.com/agronholm/anyio/pull/905>_; PR by @​agronholm and @​tapetersen)

• Added the ability to specify the thread name in start_blocking_portal() ([#818](https://github.com/agronholm/anyio/issues/818) <https://github.com/agronholm/anyio/issues/818>_; PR by @​davidbrochart)

• Added anyio.notify_closing to allow waking anyio.wait_readable and anyio.wait_writable before closing a socket. Among other things, this prevents an OSError on the ProactorEventLoop. ([#896](https://github.com/agronholm/anyio/issues/896) <https://github.com/agronholm/anyio/pull/896>_; PR by @​graingert)

• Incorporated several documentation improvements from the EuroPython 2025 sprint (special thanks to the sprinters: Emmanuel Okedele, Jan Murre, Euxenia Miruna Goia and Christoffer Fjord)

• Added a documentation page explaining why one might want to use AnyIO's APIs instead of asyncio's

• Updated the to_interpreters module to use the public concurrent.interpreters API on Python 3.14 or later

• Fixed anyio.Path.copy() and anyio.Path.copy_into() failing on Python 3.14.0a7

• Fixed return annotation of __aexit__ on async context managers. CMs which can suppress exceptions should return bool, or None otherwise. ([#913](https://github.com/agronholm/anyio/issues/913) <https://github.com/agronholm/anyio/pull/913>_; PR by @​Enegg)

• Fixed rollover boundary check in SpooledTemporaryFile so that rollover only occurs when the buffer size exceeds max_size ([#915](https://github.com/agronholm/anyio/issues/915) <https://github.com/agronholm/anyio/pull/915>_; PR by @​11kkw)

• Migrated testing and documentation dependencies from extras to dependency groups

... (truncated)

Commits

• 0cf55b8 Bumped up the version
• b029df5 Updated the to_interpreter module to use the public API on Python 3.14 (#956)
• 01f02cf Incorporated EP2025 sprint feedback and added a new section (#955)
• d896480 [pre-commit.ci] pre-commit autoupdate (#954)
• 0282b81 Added the BufferedByteReceiveStream.feed_data() method (#945)
• 19e5477 Fixed a cancellation edge case for asyncio CapacityLimiter (#952)
• 4666df3 [pre-commit.ci] pre-commit autoupdate (#946)
• 38c2567 [pre-commit.ci] pre-commit autoupdate (#942)
• 3db73ac Add missing imports for Readcting to cancellation in worker threads example (...
• 2eda004 Added an example on how to use move_on_after() with shielding
• Additional commits viewable in compare view

Updates certifi from 2025.7.9 to 2025.8.3

Commits

• a97d9ad 2025.08.03 (#362)
• ddd90c6 2025.07.14 (#359)
• See full diff in compare view

Updates charset-normalizer from 3.4.2 to 3.4.3

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.3

3.4.3 (2025-08-09)

Changed

• mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
• automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

• Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
• Support for Python 3.14

Fixed

• sdist archive contained useless directories.
• automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. (#633)

Misc

• SBOM are automatically published to the relevant GitHub release to comply with regulatory changes. Each published wheel comes with its SBOM. We choose CycloneDX as the format.
• Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel.

Changelog

Sourced from charset-normalizer's changelog.

3.4.3 (2025-08-09)

Changed

• mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
• automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

• Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
• Support for Python 3.14

Fixed

• sdist archive contained useless directories.
• automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. (#633)

Misc

• SBOM are automatically published to the relevant GitHub release to comply with regulatory changes. Each published wheel comes with its SBOM. We choose CycloneDX as the format.
• Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel.

Commits

• 46f662d Release 3.4.3 (#638)
• 1a059b2 🔧 skip building on freethreaded as we're not confident it is stable
• 2275e3d 📝 final note in CHANGELOG.md
• c96acdf 📝 update release date on CHANGELOG.md
• 43e5460 📝 update README.md
• f277074 🔧 automatically lower confidence on small bytes str on non Unicode res...
• 15ae241 🐛 automatically fallback on valid UTF-16 or UTF-32 even if the md says it...
• 37397c1 🔧 enable 3.14 in nox test_mypyc session
• cb82537 ⏪ revert license due to compat python 3.7 issue setuptools
• 6a2efeb 🎨 fix linter errors
• Additional commits viewable in compare view

Updates cryptography from 45.0.5 to 45.0.6

Changelog

Sourced from cryptography's changelog.

45.0.6 - 2025-08-05

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.2.
.. _v45-0-5:

Commits

• 66198c2 Bump for release (#13249)
• See full diff in compare view

Updates djangorestframework from 3.16.0 to 3.16.1

Release notes

Sourced from djangorestframework's releases.

v3.16.1

This release fixes a few bugs, clean-up some old code paths for unsupported Python versions and improve translations.

Minor changes

• Cleanup optional backports.zoneinfo dependency and conditions on unsupported Python 3.8 and lower in #9681. Python versions prior to 3.9 were already unsupported so this isn't considered as a breaking change.

Bug fixes

• Fix regression in unique_together validation with SerializerMethodField in #9712
• Fix UniqueTogetherValidator to handle fields with source attribute in #9688
• Drop HTML line breaks on long headers in browsable API in #9438

Translations

• Add Kazakh locale support in #9713
• Update translations for Korean translations in #9571
• Update German translations in #9676
• Update Chinese translations in #9675
• Update Arabic translations-sal in #9595
• Update Persian translations in #9576
• Update Spanish translations in #9701
• Update Turkish Translations in #9749
• Fix some typos in Brazilian Portuguese translations in #9673

Documentation

• Removed reference to GitHub Issues and Discussions in #9660
• Add drf-restwind and update outdated images in browsable-api.md in #9680
• Updated funding page to represent current scope in #9686
• Fix broken Heroku JSON Schema link in #9693
• Update Django documentation links to use stable version in #9698
• Expand docs on unique constraints cause 'required=True' in #9725
• Revert extension back from djangorestframework-guardian2 to djangorestframework-guardian in #9734
• Add note to tutorial about required request in serializer context when using HyperlinkedModelSerializer in #9732

Internal changes

• Update GitHub Actions to use Ubuntu 24.04 for testing in #9677
• Update test matrix to use Django 5.2 stable version in #9679
• Add pyupgrade to pre-commit hooks in #9682
• Fix test with Django 5 when pytz is available in #9715

New Contributors

• @​araggohnxd made their first contribution in #9673
• @​mbeijen made their first contribution in #9660
• @​stefan6419846 made their first contribution in #9676
• @​ren000thomas made their first contribution in #9675
• @​ulgens made their first contribution in #9682

... (truncated)

Commits

• de018df Prepare 3.16.1 release (#9752)
• a7d050f Turkish Translation updates (#9749)
• 853969c Fix test with Django 5 when pytz is available (#9715)
• 2ae8c11 Add note to tutorial about required request in serializer context when using ...
• 70e54f4 Revert docs back to djangorestframework-guardian (#9734)
• 3038494 Document that unique constraints cause required=True in ModelSerializer (#9...
• 4bb46c2 Add Kazakh(kk) locale support (#9713)
• e454758 Fix regression in unique_together validation with SerializerMethodField (#9712)
• 33d59fe Update Spanish translations (#9701)
• c0202a0 Update Django documentation links to use stable version (#9698)
• Additional commits viewable in compare view

Updates docutils from 0.21.2 to 0.22

Commits

• See full diff in compare view

Updates jsonschema from 4.24.0 to 4.25.1

Release notes

Sourced from jsonschema's releases.

v4.25.1

What's Changed

• Fix Validator protocol init to match runtime by @​sirosen in python-jsonschema/jsonschema#1396

Full Changelog: python-jsonschema/jsonschema@v4.25.0...v4.25.1

v4.25.0

What's Changed

• Add support for the iri and iri-reference formats to the format-nongpl extra by @​jkowalleck in python-jsonschema/jsonschema#1388

New Contributors

• @​jkowalleck made their first contribution in python-jsonschema/jsonschema#1388

Full Changelog: python-jsonschema/jsonschema@v4.24.1...v4.25.0

v4.24.1

What's Changed

• Unambiguously quote and escape properties in JSON path rendering by @​kurtmckee in python-jsonschema/jsonschema#1390
• Drop python<3.9 backports by @​hackowitz-af in python-jsonschema/jsonschema#1367

New Contributors

• @​hackowitz-af made their first contribution in python-jsonschema/jsonschema#1367
• @​kurtmckee made their first contribution in python-jsonschema/jsonschema#1390

Full Changelog: python-jsonschema/jsonschema@v4.24.0...v4.24.1

Changelog

Sourced from jsonschema's changelog.

v4.25.1

• Fix an incorrect required argument in the Validator protocol's type annotations (#1396).

v4.25.0

• Add support for the iri and iri-reference formats to the format-nongpl extra via the MIT-licensed rfc3987-syntax. They were alread supported by the format extra. (#1388).

v4.24.1

• Properly escape segments in ValidationError.json_path (#139).

Commits

• 331c384 Add the fix to the changelog.
• c1ec0a6 Merge pull request #1398 from python-jsonschema/dependabot/github_actions/ast...
• 8e7d594 Merge pull request #1399 from python-jsonschema/dependabot/github_actions/act...
• 460f4fa Merge pull request #1396 from sirosen/improve-protocol-init-signature
• 1e58409 [pre-commit.ci] auto fixes from pre-commit.com hooks
• 64bc217 Add a typing test for the Validator protocol
• 6c25741 Bump actions/checkout from 4 to 5
• bf603d5 Bump astral-sh/setup-uv from 6.4.3 to 6.5.0
• a916d8f Fix Validator protocol init to match runtime
• de60f18 Merge pull request #1397 from python-jsonschema/pre-commit-ci-update-config
• Additional commits viewable in compare view

Updates requests from 2.32.4 to 2.32.5

Release notes

Sourced from requests's releases.

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

Changelog

Sourced from requests's changelog.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

Commits

• b25c87d v2.32.5
• 131e506 Merge pull request #7010 from psf/dependabot/github_actions/actions/checkout-...
• b336cb2 Bump actions/checkout from 4.2.0 to 5.0.0
• 46e939b Update publish workflow to use artifact-id instead of name
• 4b9c546 Merge pull request #6999 from psf/dependabot/github_actions/step-security/har...
• 7618dbe Bump step-security/harden-runner from 2.12.0 to 2.13.0
• 2edca11 Add support for Python 3.14 and drop support for Python 3.8 (#6993)
• fec96cd Update Makefile rules (#6996)
• d58d8aa docs: clarify timeout parameter uses seconds in Session.request (#6994)
• 91a3eab Bump github/codeql-action from 3.28.5 to 3.29.0
• Additional commits viewable in compare view

Updates rpds-py from 0.26.0 to 0.27.0

Release notes

Sourced from rpds-py's releases.

v0.27.0

What's Changed

• Allow packaging of wheels for riscv64 architecture by @​ffgan in crate-py/rpds#150

New Contributors

• @​ffgan made their first contribution in crate-py/rpds#150

Full Changelog: crate-py/rpds@v0.26.0...v0.27.0

Commits

• c7cd37d Tag a release for RISC
• 7adac99 Merge pull request #150 from ffgan/feature/allow_riscv_package
• 439ad44 fix format error
• 2091f27 downgrade riscv64 manylinux version
• 29a539f Merge branch 'crate-py:main' into feature/allow_riscv_package
• 7546f2d Allow packaging of wheels for riscv64 architecture
• 8ede3f4 Merge pull request #149 from crate-py/dependabot/github_actions/github/codeql...
• 0840694 Merge pull request #148 from crate-py/dependabot/github_actions/astral-sh/set...
• 725aabe Bump github/codeql-action from 3.29.2 to 3.29.3
• db4a842 Bump astral-sh/setup-uv from 6.3.1 to 6.4.1
• See full diff in compare view

Updates typing-extensions from 4.14.1 to 4.15.0

Release notes

Sourced from typing-extensions's releases.

4.15.0

No user-facing changes since 4.15.0rc1.

New features since 4.14.1:

• Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
• Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
• Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.

4.15.0rc1

• Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
• Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
• Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.

Changelog

Sourced from typing-extensions's changelog.

Release 4.15.0 (August 25, 2025)

No user-facing changes since 4.15.0rc1.

Release 4.15.0rc1 (August 18, 2025)

• Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
• Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
• Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.

Commits

• 9d1637e Prepare release 4.15.0 (#658)
• 4bd67c5 Coverage: exclude some noise (#656)
• e589a26 Coverage: add detailed report to job summary (#655)
• 67d37fe Coverage: Implement fail_under (#654)
• e9ae26f Don't delete previous coverage comment (#653)
• ac80bb7 Add Coverage workflow (#623)
• abaaafd Prepare release 4.15.0rc1 (#650)
• 9810405 Add @disjoint_base (PEP 800) (#634)
• 7ee9e05 Backport type_params fix from CPython (#646)
• 1e8eb9c Do not refer to PEP 705 as being experimental (#648)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions