deps(py)(deps): bump the python-non-major group across 1 directory with 6 updates

[dependabot]

Bumps the python-non-major group with 6 updates in the /backend directory:

Package	From	To
django	5.1.4	5.1.15
sentry-sdk	2.60.0	2.63.0
certifi	2026.5.20	2026.6.17
django-timezone-field	7.2.1	7.2.2
tzlocal	5.3.1	5.4.3
wcwidth	0.7.0	0.8.1

Updates django from 5.1.4 to 5.1.15

Commits

• 6ef1f6f [5.1.x] Bumped version for 5.1.15 release.
• 0db9ea4 [5.1.x] Fixed CVE-2025-64460 -- Corrected quadratic inner text accumulation i...
• 9c6a5bd [5.1.x] Fixed CVE-2025-13372 -- Protected FilteredRelation against SQL inject...
• e419ad8 [5.1.x] Added script to archive EOL stable branches.
• ca4251d [5.1.x] Refs #36743 -- Added missing release notes for 5.1.15 and 4.2.27.
• f354296 [5.1.x] Fixed #36743 -- Increased URL max length enforced in HttpResponseRedi...
• cae6f5c [5.1.x] Added timeout-minutes directive to all GitHub Actions workflows.
• 6f35c2e [5.1.x] Added stub release notes and release date for 5.1.15 and 4.2.27.
• a9311fc [5.1.x] Configured dangerous-triggers zizmor rule.
• dc29fe1 [5.1.x] Addressed unpinned-uses zizmor finding.
• Additional commits viewable in compare view

Updates sentry-sdk from 2.60.0 to 2.63.0

Release notes

Sourced from sentry-sdk's releases.

2.63.0

Bug Fixes 🐛

Fastapi

• Prevent double wrapping of sync handlers on FastAPI >= 0.137 by @​jhonny-on in #6569
• Use effective_route_context path for prefixed routers by @​ericapisani in #6572

Other

• (asgi) Gate query string and client IP behind send_default_pii by @​ericapisani in #6501
• (serializer) Avoid creating reference cycles on every call by @​Malkiz223 in #6563
• (user) Set user.ip_address on telemetry if present by @​sentrivana in #6555
• Remove 0000 trace_id fallbacks by @​sl0thentr0py in #6570
• MANIFEST.in: Graft tests directory. by @​charlesroelli in #6237

Internal Changes 🔧

• (fastapi) Verify request info capture with POST endpoints by @​alexander-alderman-webb in #6287
• (starlette) Verify request info capture with POST endpoints by @​alexander-alderman-webb in #6269

2.62.0

New Features ✨

• Add integration for aiomysql by @​tonal in #4703

  We're adding support for the aiomysql package. To enable the integration, add it to your integrations list:

  import sentry_sdk
  from sentry_sdk.integrations.aiomysql import AioMySQLIntegration
  sentry_sdk.init(
  traces_sample_rate=1.0,
  integrations=[AioMySQLIntegration()],
  )

• Support HTTPX2 by @​sentrivana in #6463

  We're adding out-of-the-box support for HTTPX2. As long as use the package, the Sentry integration will be enabled automatically and you should see your requests instrumented in Sentry.

  import httpx2
  import sentry_sdk
  sentry_sdk.init(...)
  with sentry_sdk.start_transaction(name="testing_sentry"):

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.63.0

Bug Fixes 🐛

Fastapi

• Prevent double wrapping of sync handlers on FastAPI >= 0.137 by @​jhonny-on in #6569
• Use effective_route_context path for prefixed routers by @​ericapisani in #6572

Other

• (asgi) Gate query string and client IP behind send_default_pii by @​ericapisani in #6501
• (serializer) Avoid creating reference cycles on every call by @​Malkiz223 in #6563
• (user) Set user.ip_address on telemetry if present by @​sentrivana in #6555
• Remove 0000 trace_id fallbacks by @​sl0thentr0py in #6570
• MANIFEST.in: Graft tests directory. by @​charlesroelli in #6237

Internal Changes 🔧

• (fastapi) Verify request info capture with POST endpoints by @​alexander-alderman-webb in #6287
• (starlette) Verify request info capture with POST endpoints by @​alexander-alderman-webb in #6269

2.62.0

New Features ✨

• Add integration for aiomysql by @​tonal in #4703

  We're adding support for the aiomysql package. To enable the integration, add it to your integrations list:

  import sentry_sdk
  from sentry_sdk.integrations.aiomysql import AioMySQLIntegration
  sentry_sdk.init(
  traces_sample_rate=1.0,
  integrations=[AioMySQLIntegration()],
  )

• Support HTTPX2 by @​sentrivana in #6463

  We're adding out-of-the-box support for HTTPX2. As long as use the package, the Sentry integration will be enabled automatically and you should see your requests instrumented in Sentry.

  import httpx2
  import sentry_sdk
  sentry_sdk.init(...)

... (truncated)

Commits

• 44b008a update changelog
• 0b2af51 Update CHANGELOG.md
• 250caad release: 2.63.0
• 72a57de fix(flask): Set user data on scope at request start (#6566)
• 6a4c3a1 fix: Remove 0000 trace_id fallbacks (#6570)
• 1df9835 feat(falcon): Set name and source on request span when streaming (#6562)
• 77874bd test(falcon): Support span streaming (#6561)
• 6bcfb9c fix(fastapi): Prevent double wrapping of sync handlers on FastAPI >= 0.137 (#...
• 72d972c fix(fastapi): use effective_route_context path for prefixed routers (#6572)
• cc802f6 feat(chalice): Add span streaming support to Chalice integration (#6503)
• Additional commits viewable in compare view

Updates certifi from 2026.5.20 to 2026.6.17

Commits

• d0ac52f 2026.06.17 (#418)
• d46de62 Bump actions/checkout from 6.0.2 to 6.0.3 (#417)
• 6c183ec fix: update Requests docs link to canonical URL (#415)
• 36e3568 Bump dessant/lock-threads from 6.0.0 to 6.0.2
• See full diff in compare view

Updates django-timezone-field from 7.2.1 to 7.2.2

Commits

• d568270 Release v7.2.2
• e384293 Update dev dependencies, clears a security advisory (#163)
• 4f483d3 Confirm Django 6.1 support (#159)
• b67805e Update Django dependency lower bound from 3.2 to 4.2 (#162)
• 8879188 Fix CI Django version specifier to pin to intended minor version (#161)
• See full diff in compare view

Updates tzlocal from 5.3.1 to 5.4.3

Changelog

Sourced from tzlocal's changelog.

5.4.3 (2026-06-17)

• Moved the tests back, removed the ones that check for symlinks. See issue #146

5.4.2 (2026-06-16)

• [Yanked for distribution issues]

5.4.1 (2026-06-16)

• [Yanked for distribution issues]

5.4 (2026-06-15)

• Open files with Zone names as ascii.

• Moved tests under tzlocal/tests and include them in distributions.

• Dropped support for Python 3.9 and added support for 3.14.

Commits

• 0d7e42c Preparing release 5.4.3
• c07a82c Something got messed up in pyproject.toml
• d415450 Back to development: 5.4.3
• e1c41bf Preparing release 5.4.2
• 6818f13 Merge branch 'master' of github.com:regebro/tzlocal
• 2aa45f7 Back to development: 5.4.2
• 0af7719 Preparing release 5.4.1
• 54f2a8f Maturify
• e47e818 Removed the tests for symlinks (#178)
• 52779e2 Revert "Move tests (#176)"
• Additional commits viewable in compare view

Updates wcwidth from 0.7.0 to 0.8.1

Release notes

Sourced from wcwidth's releases.

0.8.1: Improved corrections tables

• Improved corrections tables by @​jquast in jquast/wcwidth#226

Full Changelog: jquast/wcwidth@0.8.0...0.8.1

0.8.0: new terminal-aware wcstwidth() function

• New support for Variation Selector 15 Emojis as narrow, #211.
• New argument, term_program for wcstwidth(), width(), clip(), wrap(), ljust(), rjust(), and center(). False disables corrections; True auto-detects by TERM_PROGRAM or TERM; string values accept canonical names matching list_term_programs(). wcstwidth()_ defaults to True; all other functions default to False.
• Improved performance on Python 3.15 using standard library iter_graphemes() #206.
• Improved memory usage and import time for Python 3.15 using lazy imports #221.
• Bugfix Invisible_Stacker viramas now form conjuncts (Burmese, Khmer, etc.) and change some Virama width calculations to match jacobsandlund/uucode_ (ghostty) #223.
• Updated graphemes width maximum now 2, matching Ghostty, foot, and Windows Terminal #224.

Full Changelog: jquast/wcwidth@0.7.0...0.8.0

Commits

• d1c99fe hyperlink and wordfix
• edb344a set to 0.8.1 not 2, not yet
• 00d6fef Improve corrections tables (zeroer, narrow_wider, narrow_zeroer) (#226)
• e8405a6 'of of' -> 'of', formatting
• 1de17df set release date for 0.8.0 in readme
• 9df7261 more docs
• be0fdb2 document better
• 2d9925b wcstwidth(term_program=True) default argument
• 169c846 Terminal software identity-assisted wcswidth() (#220)
• e4f76d5 bugfix virama with mc width is capped at 2, also (#225)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: backend, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.