pip: bump the pip-updates group across 1 directory with 10 updates

[dependabot]

Bumps the pip-updates group with 10 updates in the /api directory:

Package	From	To
anyio	4.10.0	4.11.0
asgiref	3.9.1	3.10.0
attrs	25.3.0	25.4.0
certifi	2025.8.3	2025.10.5
cryptography	45.0.7	46.0.2
django	5.1.7	5.2.7
docutils	0.22	0.22.2
markupsafe	3.0.2	3.0.3
pyyaml	6.0.2	6.0.3
whitenoise	6.10.0	6.11.0

Updates anyio from 4.10.0 to 4.11.0

Release notes

Sourced from anyio's releases.

4.11.0

• Added support for cancellation reasons (the reason parameter to CancelScope.cancel()) (#975)
• Bumped the minimum version of Trio to v0.31.0
• Added the ability to enter the event loop from foreign (non-worker) threads by passing the return value of anyio.lowlevel.current_token() to anyio.from_thread.run() and anyio.from_thread.run_sync() as the token keyword argument (#256)
• Added pytest option (anyio_mode = "auto") to make the pytest plugin automatically handle all async tests (#971)
• Added the anyio.Condition.wait_for() method for feature parity with asyncio (#974)
• Changed the default type argument of anyio.abc.TaskStatus from Any to None (#964)
• Fixed TCP listener behavior to guarantee the same ephemeral port is used for all socket listeners when local_port=0 (#857; PR by @​11kkw and @​agronholm)
• Fixed inconsistency between Trio and asyncio where a TCP stream that previously raised a BrokenResourceError on send() would still raise BrokenResourceError after the stream was closed on asyncio, but ClosedResourceError on Trio. They now both raise a ClosedResourceError in this scenario. (#671)

Changelog

Sourced from anyio's changelog.

Version history

This library adheres to Semantic Versioning 2.0 <http://semver.org/>_.

UNRELEASED

• Set None as the default type argument for anyio.abc.TaskStatus
• Added support for uvloop=True on Windows via the winloop_ implementation ([#960](https://github.com/agronholm/anyio/issues/960) <https://github.com/agronholm/anyio/pull/960>_; PR by @​Vizonex)

.. _winloop: https://github.com/Vizonex/Winloop

4.11.0

• Added support for cancellation reasons (the reason parameter to CancelScope.cancel()) ([#975](https://github.com/agronholm/anyio/issues/975) <https://github.com/agronholm/anyio/pull/975>_)
• Bumped the minimum version of Trio to v0.31.0
• Added the ability to enter the event loop from foreign (non-worker) threads by passing the return value of anyio.lowlevel.current_token() to anyio.from_thread.run() and anyio.from_thread.run_sync() as the token keyword argument ([#256](https://github.com/agronholm/anyio/issues/256) <https://github.com/agronholm/anyio/issues/256>_)
• Added pytest option (anyio_mode = "auto") to make the pytest plugin automatically handle all async tests ([#971](https://github.com/agronholm/anyio/issues/971) <https://github.com/agronholm/anyio/pull/971>_)
• Added the anyio.Condition.wait_for() method for feature parity with asyncio ([#974](https://github.com/agronholm/anyio/issues/974) <https://github.com/agronholm/anyio/pull/974>_)
• Changed the default type argument of anyio.abc.TaskStatus from Any to None ([#964](https://github.com/agronholm/anyio/issues/964) <https://github.com/agronholm/anyio/pull/964>_)
• Fixed TCP listener behavior to guarantee the same ephemeral port is used for all socket listeners when local_port=0 ([#857](https://github.com/agronholm/anyio/issues/857) <https://github.com/agronholm/anyio/issues/857>_; PR by @​11kkw and @​agronholm)
• Fixed inconsistency between Trio and asyncio where a TCP stream that previously raised a BrokenResourceError on send() would still raise BrokenResourceError after the stream was closed on asyncio, but ClosedResourceError on Trio. They now both raise a ClosedResourceError in this scenario. ([#671](https://github.com/agronholm/anyio/issues/671) <https://github.com/agronholm/anyio/issues/671>_)

4.10.0

• Added the feed_data() method to the BufferedByteReceiveStream class, allowing users to inject data directly into the buffer

• Added various class methods to wrap existing sockets as listeners or socket streams:

  • SocketListener.from_socket()
  • SocketStream.from_socket()
  • UNIXSocketStream.from_socket()
  • UDPSocket.from_socket()

... (truncated)

Commits

• 08737af Bumped up the version
• 8bb9fe0 Fixed the inconsistent exception on sending to a closed TCP stream (#980)
• 9637093 [pre-commit.ci] pre-commit autoupdate (#981)
• f1bc6ee Fixed changelog entry formatting
• 0b58964 Mentioned the sub-interpreter support in the README
• 1ed112c Ensure same port is used for IPv4/IPv6 when creating TCP listener with local_...
• aceeee0 Re-enabled coverage reporting on macOS
• 6b890dc Reworded a changelog entry and added PR links to others
• 944257d Updated pre-commit modules
• 087975f Fixed a documentation style (#976)
• Additional commits viewable in compare view

Updates asgiref from 3.9.1 to 3.10.0

Changelog

Sourced from asgiref's changelog.

3.10.0 (2025-10-05)

• Added AsyncSingleThreadContext context manager to ensure multiple AsyncToSync invocations use the same thread. (#511)

3.9.2 (2025-09-23)

• Adds support for Python 3.14.

• Fixes wsgi.errors file descriptor in WsgiToAsgi adapter.

Commits

• f587b12 Releasing 3.10.0.
• b08087c Added AsyncSingleThreadContext (#511)
• 3471a0c Releasing 3.9.2
• 4f892bd Remove Python 3.8 from tox
• 83cd6f3 Run CI against Python 3.14
• 796b9f1 Fix incorrect Trailer header (#531)
• 29b108b Fixed #529: wsgi.errors should be a StringIO (#530)
• See full diff in compare view

Updates attrs from 25.3.0 to 25.4.0

Commits

• See full diff in compare view

Updates certifi from 2025.8.3 to 2025.10.5

Commits

• fb14ac4 2025.10.05 (#371)
• 2c7c7ee Add Python 3.14 classifier in setup.py
• 1a5cb7b Bump actions/setup-python from 5.6.0 to 6.0.0 (#367)
• dea5960 Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 (#366)
• 83566b7 Bump actions/checkout from 4.2.2 to 5.0.0
• ca2e121 Bump actions/download-artifact from 4.3.0 to 5.0.0
• See full diff in compare view

Updates cryptography from 45.0.7 to 46.0.2

Changelog

Sourced from cryptography's changelog.

46.0.2 - 2025-09-30

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.
.. _v46-0-1:
46.0.1 - 2025-09-16

• Fixed an issue where users installing via pip on Python 3.14 development versions would not properly install a dependency.
• Fixed an issue building the free-threaded macOS 3.14 wheels.

.. _v46-0-0:

46.0.0 - 2025-09-16

* **BACKWARDS INCOMPATIBLE:** Support for Python 3.7 has been removed.
* Support for OpenSSL < 3.0 is deprecated and will be removed in the next
  release.
* Support for ``x86_64`` macOS (including publishing wheels) is deprecated
  and will be removed in two releases. We will switch to publishing an
  ``arm64`` only wheel for macOS.
* Support for 32-bit Windows (including publishing wheels) is deprecated
  and will be removed in two releases. Users should move to a 64-bit
  Python installation.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.3.
* We now build ``ppc64le`` ``manylinux`` wheels and publish them to PyPI.
* We now build ``win_arm64`` (Windows on Arm) wheels and publish them to PyPI.
* Added support for free-threaded Python 3.14.
* Removed the deprecated ``get_attribute_for_oid`` method on
  :class:`~cryptography.x509.CertificateSigningRequest`. Users should use
  :meth:`~cryptography.x509.Attributes.get_attribute_for_oid` instead.
* Removed the deprecated ``CAST5``, ``SEED``, ``IDEA``, and ``Blowfish``
  classes from the cipher module. These are still available in
  :doc:`/hazmat/decrepit/index`.
* In X.509, when performing a PSS signature with a SHA-3 hash, it is now
  encoded with the official NIST SHA3 OID.
.. _v45-0-7:

Commits

• 99efe5a bump version for 46.0.2 (#13531)
• e735cfc release 46.0.1 (#13450)
• 4e457ff Explicitly specify python in mac uv build invocation (#13447)
• 2726efd Depend on CFFI 2.0.0 or newer on Python > 3.8 (#13448)
• 6223062 release 46.0.0 (#13446)
• 563c491 Update comment for pyopenssl-release tag (#13445)
• d2f6f7f Bump downstream dependencies in CI (#13439)
• e7ab02b we'll ship this with 3.5.3 why not (#13442)
• 0b68a4b Another pair of bump dependencies fix (#13444)
• e076d08 Attempt to fix commit message for bump downstreams (#13440)
• Additional commits viewable in compare view

Updates django from 5.1.7 to 5.2.7

Commits

• 3cff320 [5.2.x] Bumped version for 5.2.7 release.
• ed8fc39 [5.2.x] Fixed CVE-2025-59682 -- Fixed potential partial directory-traversal v...
• 52fbae0 [5.2.x] Fixed CVE-2025-59681 -- Protected QuerySet.annotate(), alias(), aggre...
• 1794cbf [5.2.x] Made cosmetic edits to 5.2.7 release notes.
• 81625a1 [5.2.x] Fixed #36587 -- Clarified usage of list.insert() for upload handlers.
• 6f3813e [5.2.x] Fixed #35877, Refs #36128 -- Documented unique constraint when migrat...
• 10a2d3b [5.2.x] Added stub release notes and release date for 5.2.7, 5.1.13, and 4.2.25.
• b2773a3 [5.2.x] Refs #25508 -- Used QuerySet.repr in docs/ref/contrib/postgres/se...
• 7554c54 [5.2.x] Fixed #36581 -- Updated serialization examples from XML to JSON.
• 2a2936c [5.2.x] Updated translations from Transifex.
• Additional commits viewable in compare view

Updates docutils from 0.22 to 0.22.2

Commits

• See full diff in compare view

Updates markupsafe from 3.0.2 to 3.0.3

Release notes

Sourced from markupsafe's releases.

3.0.3

This is the MarkupSafe 3.0.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/MarkupSafe/3.0.3/ Changes: https://markupsafe.palletsprojects.com/page/changes/#version-3-0-3 Milestone: https://github.com/pallets/markupsafe/milestone/15?closed=1

• __version__ raises DeprecationWarning instead of UserWarning. #487
• Adopt multi-phase initialization PEP 489 for the C extension. #494
• Build Windows ARM64 wheels. #485
• Build Python 3.14 wheels. #503
• Build riscv64 wheels. #505

Changelog

Sourced from markupsafe's changelog.

Version 3.0.3

Released 2025-09-27

• __version__ raises DeprecationWarning instead of UserWarning. :issue:487
• Adopt multi-phase initialisation (:pep:489) for the C extension. :issue:494
• Build Windows ARM64 wheels. :issue:485
• Build Python 3.14 wheels. :issue:503
• Build riscv64 wheels. :issue:505

Commits

• 297fc8e release version 3.0.3
• 7e4e6ce Free-threading: run with pytest-run-paralell (#507)
• 6100b9c enable riscv64 wheels (#506)
• c9d5ecf enable riscv64 wheels
• 2f9b337 tox for 3.14
• 78d951a update dev dependencies
• bb6744e add entry
• 65c4134 upgrade cibuildwheel, add cp314 wheels and test on CPython 3.14 (#504)
• 3a9bd88 add cp314 wheels
• aafe44d remove slsa provenance (#501)
• Additional commits viewable in compare view

Updates pyyaml from 6.0.2 to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

• Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

• yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)

Commits

• 49790e7 Release 6.0.3 (#889)
• See full diff in compare view

Updates whitenoise from 6.10.0 to 6.11.0

Changelog

Sourced from whitenoise's changelog.

6.11.0 (2025-09-18)

• Support Django 6.0.

Commits

• c9c06e9 Version 6.11.0
• 051c4e9 Support Django 6.0 (#665)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions