Skip to content

core: bump geoip2 from 5.1.0 to 5.2.0#19429

Merged
rissson merged 1 commit intomainfrom
dependabot/uv/geoip2-5.2.0
Jan 14, 2026
Merged

core: bump geoip2 from 5.1.0 to 5.2.0#19429
rissson merged 1 commit intomainfrom
dependabot/uv/geoip2-5.2.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 14, 2026

Bumps geoip2 from 5.1.0 to 5.2.0.

Release notes

Sourced from geoip2's releases.

5.2.0

  • IMPORTANT: Python 3.10 or greater is required. If you are using an older version, please use an earlier release.
  • maxminddb has been upgraded to 3.0.0. This includes free-threading support.
  • Setuptools has been replaced with the uv build backend for building the package.
  • A new anonymizer object has been added to geoip2.models.Insights. This object is a geoip2.records.Anonymizer and contains the following fields: confidence, network_last_seen, provider_name, is_anonymous, is_anonymous_vpn, is_hosting_provider, is_public_proxy, is_residential_proxy, and is_tor_exit_node. These provide information about VPN and proxy usage.
  • A new ip_risk_snapshot property has been added to geoip2.records.Traits. This is a float ranging from 0.01 to 99 that represents the risk associated with the IP address. A higher score indicates a higher risk. This field is only available from the Insights end point.
  • The following properties on geoip2.records.Traits have been deprecated: is_anonymous, is_anonymous_vpn, is_hosting_provider, is_public_proxy, is_residential_proxy, and is_tor_exit_node. Please use the anonymizer object in the Insights model instead.
Changelog

Sourced from geoip2's changelog.

5.2.0 (2025-11-20) ++++++++++++++++++

  • IMPORTANT: Python 3.10 or greater is required. If you are using an older version, please use an earlier release.
  • maxminddb has been upgraded to 3.0.0. This includes free-threading support.
  • Setuptools has been replaced with the uv build backend for building the package.
  • A new anonymizer object has been added to geoip2.models.Insights. This object is a geoip2.records.Anonymizer and contains the following fields: confidence, network_last_seen, provider_name, is_anonymous, is_anonymous_vpn, is_hosting_provider, is_public_proxy, is_residential_proxy, and is_tor_exit_node. These provide information about VPN and proxy usage.
  • A new ip_risk_snapshot property has been added to geoip2.records.Traits. This is a float ranging from 0.01 to 99 that represents the risk associated with the IP address. A higher score indicates a higher risk. This field is only available from the Insights end point.
  • The following properties on geoip2.records.Traits have been deprecated: is_anonymous, is_anonymous_vpn, is_hosting_provider, is_public_proxy, is_residential_proxy, and is_tor_exit_node. Please use the anonymizer object in the Insights model instead.
Commits
  • d6cd6a0 Update for v5.2.0
  • 0a8e9fd Run uv via tox
  • 818b170 Add tox-uv as a dev dep
  • 4a85021 Add check to ensure that we are not on main
  • 734ee82 Update file path
  • 8861e4a Set release date
  • 025cbe3 Merge pull request #285 from maxmind/dependabot/uv/ruff-0.14.5
  • 469afb0 Bump ruff from 0.14.4 to 0.14.5
  • e57ba2f Merge pull request #284 from maxmind/dependabot/github_actions/astral-sh/setu...
  • d834949 Merge pull request #281 from maxmind/greg/eng-3310-ip-risk-and-anonymous-plus...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
core: bump geoip2 from 5.1.0 to 5.2.0
0858924 
Bumps [geoip2](https://github.com/maxmind/GeoIP2-python) from 5.1.0 to 5.2.0.
- [Release notes](https://github.com/maxmind/GeoIP2-python/releases)
- [Changelog](https://github.com/maxmind/GeoIP2-python/blob/main/HISTORY.rst)
- [Commits](maxmind/GeoIP2-python@v5.1.0...v5.2.0)

---
updated-dependencies:
- dependency-name: geoip2
  dependency-version: 5.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jan 14, 2026
@dependabot dependabot bot requested a review from a team as a code owner January 14, 2026 15:21
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jan 14, 2026
@codecov
Copy link

codecov bot commented Jan 14, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.30%. Comparing base (8c217b5) to head (0858924).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #19429      +/-   ##
==========================================
+ Coverage   93.12%   93.30%   +0.18%     
==========================================
  Files         949      949              
  Lines       52422    52422              
==========================================
+ Hits        48816    48912      +96     
+ Misses       3606     3510      -96
Flag Coverage Δ
conformance 38.77% <ø> (+<0.01%) ⬆️
e2e 44.72% <ø> (+1.33%) ⬆️
integration 23.37% <ø> (-0.06%) ⬇️
unit 91.57% <ø> (+<0.01%) ⬆️
unit-migrate 91.61% <ø> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@netlify
Copy link

netlify bot commented Jan 14, 2026

Deploy Preview for authentik-docs ready!

Name Link
🔨 Latest commit 0858924
🔍 Latest deploy log https://app.netlify.com/projects/authentik-docs/deploys/6967b467441b2900087520b2
😎 Deploy Preview https://deploy-preview-19429--authentik-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@rissson rissson enabled auto-merge (squash) January 14, 2026 15:53
@rissson rissson merged commit 79329fe into main Jan 14, 2026
101 checks passed
@rissson rissson deleted the dependabot/uv/geoip2-5.2.0 branch January 14, 2026 15:58
kensternberg-authentik added a commit that referenced this pull request Jan 14, 2026
@kensternberg-authentik
Merge branch 'main' into dev
42ad526 
* main: (87 commits)
  core: bump importlib-metadata from 8.6.1 to 8.7.1 (#19430)
  core: bump geoip2 from 5.1.0 to 5.2.0 (#19429)
  core: bump debugpy from 1.8.14 to 1.8.19 (#19414)
  core: remove session migration (#14568)
  website/docs: add 2026.2 release notes draft page (#19418)
  core: bump wsproto from 1.2.0 to 1.3.2 (#19417)
  core: bump bpython from 0.25 to 0.26 (#19408)
  core: bump pdoc from 15.0.3 to 16.0.0 (#19413)
  core: bump ruff from 0.11.9 to 0.14.11 (#19410)
  core: bump python-kadmin-rs from 0.6.1 to 0.6.3 (#19416)
  core: bump drf-orjson-renderer from 1.7.3 to 1.8.0 (#19415)
  core: bump black from 25.1.0 to 25.12.0 (#19412)
  core: bump lxml from 6.0.0 to 6.0.2 (#19409)
  core: bump xmlsec from 1.3.16 to 1.3.17 (#19411)
  core: bump library/nginx from `06eb0c8` to `e3a22a7` in /website (#19394)
  core: bump library/node from `03729a7` to `6222695` in /website (#19393)
  website/docs: remove "beta" tag from 2025.12 (#19404)
  website/docs: add import to discord policy (#19397)
  web: bump @types/node from 25.0.7 to 25.0.8 in /web (#19392)
  website/docs: mention dynamic overrides in redirect stage documentation (#19368)
  ...
tacerus pushed a commit to tacerus/authentik that referenced this pull request Feb 9, 2026
@dependabot @tacerus
core: bump geoip2 from 5.1.0 to 5.2.0 (goauthentik#19429)
db4e814 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit 79329fe)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rissson rissson rissson approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rissson