chore(deps): bump the major-updates group across 1 directory with 4 updates

[dependabot]

Bumps the major-updates group with 4 updates in the / directory: django-health-check, django-grappelli, gunicorn and django-debug-toolbar.

Updates django-health-check from 3.20.8 to 4.4.1

Release notes

Sourced from django-health-check's releases.

4.4.1

What's Changed

• Update deprecated redis_url test case by @​M-Hassan-Raza in codingjoe/django-health-check#726
• Add atlassian extra depnency test group by @​codingjoe in codingjoe/django-health-check#732
• Fix Atlassian incident checks by @​M-Hassan-Raza in codingjoe/django-health-check#731

Full Changelog: codingjoe/django-health-check@4.4.0...4.4.1

4.4.0

What's Changed

• Resolve #724 -- Add public dataclass field as OpenMetric label by @​RemiDesgrange in codingjoe/django-health-check#725

New Contributors

• @​RemiDesgrange made their first contribution in codingjoe/django-health-check#725

Full Changelog: codingjoe/django-health-check@4.3.1...4.4.0

4.3.1

What's Changed

• Clean up storage probe files when validation fails by @​M-Hassan-Raza in codingjoe/django-health-check#717

New Contributors

• @​M-Hassan-Raza made their first contribution in codingjoe/django-health-check#717

Full Changelog: codingjoe/django-health-check@4.3.0...4.3.1

4.3.0

What's Changed

• Ref #701 -- Add support for a custom executor for synchronous checks by @​codingjoe in codingjoe/django-health-check#716

Full Changelog: codingjoe/django-health-check@4.2.2...4.3.0

4.2.2

What's Changed

• Link to stable psutil docs by @​codingjoe in codingjoe/django-health-check#695
• Ref #701 -- Close dangling DB connections and reduce memory foodprint by @​codingjoe in codingjoe/django-health-check#702
• Fix #699 -- Gracefully handle None value from active_queues in Celery by @​saschabuehrle in codingjoe/django-health-check#700

New Contributors

• @​saschabuehrle made their first contribution in codingjoe/django-health-check#700

Full Changelog: codingjoe/django-health-check@4.2.1...4.2.2

4.2.1

What's Changed

... (truncated)

Commits

• 4cf70f4 Fix Atlassian incident checks
• 3c37158 Add atlassian extra depnency test group
• 4a3de19 [pre-commit.ci] pre-commit autoupdate
• 9e35a96 [pre-commit.ci] pre-commit autoupdate
• 5a98604 Update deprecated redis_url test case (#726)
• e480bc0 Resolve #724 -- Add public dataclass field as OpenMetric label (#725)
• e56c871 Clean up storage probe files when validation fails (#717)
• 3421a3c Update copilot review instructions
• c674d2f Revert "Update celery requirement from >=5.0.0 to >=5.6.3"
• 04a22e5 Revert "Update flit-core requirement from >=3.2 to >=3.12.0"
• Additional commits viewable in compare view

Updates django-grappelli from 4.0.3 to 5.0.0

Changelog

Sourced from django-grappelli's changelog.

5.0.0 (April 29th, 2026)

• Compatibility with Django 6.x

4.0.5 (not yet released)

4.0.4 (April 28th, 2026)

• Improved: raised margins within radiolists
• Improved: layout for multiple inputs in related widget
• Improved: layout for related widget display in change list

Commits

• 98c98e7 docs for upcoming release (5.0.0)
• fa9fdbd fix with dashboard modules
• fd0552f Merge branch 'master' into stable/5.0.x
• be75293 docs for upcoming release (4.0.4)
• dec6e41 apply label styles to legends in grp-rows, #1077
• 0208cce hide datetime inline labels, #1077
• 84d070b improving layout for related widget display in change list, related to #1072
• 9e52129 improving layout for multiple inputs in related widget, #1072
• 6622c4b improving layout for related widget display in change list, related to #1072
• 1edb009 improving layout for multiple inputs in related widget, #1072
• Additional commits viewable in compare view

Updates gunicorn from 23.0.0 to 26.0.0

Release notes

Sourced from gunicorn's releases.

26.0.0

Breaking Changes

• Eventlet worker removed: The eventlet worker class has been dropped. Migrate to gevent, gthread, or tornado.

New Features

• ASGI Framework Compatibility Suite: New end-to-end compatibility test harness covering Starlette, FastAPI, Litestar, Quart, Sanic, and BlackSheep. Current grid passes 438/444 tests (98%).
• ASGI Test Suite Expansion: 134 additional ASGI unit tests covering protocol semantics, lifespan, websockets, and chunked framing.

Security

• HTTP/1.1 Request-Target Validation (RFC 9112 sections 3.2.3, 3.2.4):
  • Reject authority-form request-target outside CONNECT
  • Reject asterisk-form request-target outside OPTIONS
  • Reject relative-reference request-targets
• Header Field Hardening (RFC 9110):
  • Reject control characters in header field-value (section 5.5)
  • Reject forbidden trailer field-names (section 6.5.1)
  • Reject Content-Length list form (RFC 9112 section 6.3)
• Request Smuggling Hardening:
  • Tighten keepalive gate and scope finish_body byte cap
  • Keep _body_receiver alive across the keepalive smuggling gate so pipelined requests cannot re-enter a closed body
  • Address parser/protocol findings from a six-point WSGI/ASGI audit
• PROXY Protocol (ASGI): Enforce proxy_allow_ips and tighten v1/v2 parsing in the ASGI callback parser.
• Connection Draining: Drain the connection on close per RFC 9112 section 9.6 to prevent reset-on-close truncation.

Bug Fixes

• Body Framing on HEAD/204/304:
  • Keep Content-Length on HEAD and 304 responses (#3621)
  • Drop body framing on HEAD/204/304 even when the framework set it
  • Warn once when an ASGI app emits a body for a no-body response
• HTTP/2 ASGI:
  • Fix _handle_stream_ended to set _body_complete in the async HTTP/2 handler so request bodies finalize correctly on stream end
  • Add InvalidChunkExtension mapping and fast-parser support in ASGI tests (#3565)
• HTTP/1.1 100-Continue: Stop adding Transfer-Encoding: chunked to 100-Continue interim responses.
• WebSocket Close Handshake (RFC 6455):
  • Comply with the close handshake state machine
  • Close the transport after the close handshake completes
  • Fix binary send when the text key is None
• Early Hints: Validate headers in the early_hints callback to match process_headers; pass only the header name to InvalidHeader (#3588).
• ASGI Framework Fixes:
  • Fix ASGI disconnect handling for Django-style apps
  • Fix Litestar request handling (use raw ASGI receive for body/headers)
  • Fix Litestar HTTP endpoints for compatibility tests
  • Fix Quart headers endpoint to normalize keys to lowercase
  • Fix Quart WebSocket close test app (missing accept())
  • Fix duplicate Transfer-Encoding header for BlackSheep streaming

... (truncated)

Commits

• 5d819cf release: 26.0.0
• b45c70d Merge pull request #3611 from zc-mattcen/docs-typo
• 99c8d48 Merge pull request #3623 from benoitc/chore/drop-eventlet-add-h2-uvloop-test-...
• 5a655af Merge pull request #3622 from benoitc/test/docker-port-and-ipv4-fixes
• 201df19 chore: remove eventlet worker; add h2 and uvloop to test deps
• f4ac8e1 test: pass action name to dirty client and stabilize after TTOU spam
• 54d38af test: unblock docker fixtures on macOS hosts
• 68843c8 Merge pull request #3621 from benoitc/fix/asgi-preserve-content-length-on-hea...
• 31f2618 Merge pull request #3620 from benoitc/fix/asgi-proxy-protocol-trust-and-parsing
• 41ec752 fix: keep Content-Length on HEAD and 304 responses
• Additional commits viewable in compare view

Updates django-debug-toolbar from 5.2.0 to 6.3.0

Release notes

Sourced from django-debug-toolbar's releases.

6.3.0

What's Changed

• remove requirement_dev.txt from project by @​p-r-a-v-i-n in django-commons/django-debug-toolbar#2277
• Upgraded ReadTheDocs Python version to 3.13. by @​tim-schilling in django-commons/django-debug-toolbar#2307
• Modernize some panel styles and colors by @​federicobond in django-commons/django-debug-toolbar#2285
• Update the translatable strings for the application. by @​tim-schilling in django-commons/django-debug-toolbar#2311
• Update translations 2026-02-09 by @​tim-schilling in django-commons/django-debug-toolbar#2312
• Add a py.typed file, to make types available downstream by @​brianhelba in django-commons/django-debug-toolbar#2314
• Emit RedirectsPanel warning on usage rather than set up. by @​tim-schilling in django-commons/django-debug-toolbar#2326
• Highlighted docs on disabling browser caching. by @​tim-schilling in django-commons/django-debug-toolbar#2302
• Only patch the cache methods once. by @​tim-schilling in django-commons/django-debug-toolbar#2332
• Add CacheStore, a store that uses Django's cache framework by @​robhudson in django-commons/django-debug-toolbar#2304

Changelog from docs:

• Replaced requirements_dev.txt file for pyproject.toml support with dependency groups.
• Updated ReadTheDocs Python version to 3.13.
• Modernize some panel styles and colors.
• Standardize use of time/duration units and labels across panels.
• Added translations for Lithuanian, Turkish and Uzbek.
• Update the translations.
• Expose a py.typed marker file.
• Updated RedirectsPanel to emit the deprecation warning when it’s used rather than on instantiation.
• Highlighted the documentation about disabling the browser’s caching to ensure the latest static assets are used.
• Fixed bug with CachePanel so the cache patching is only applied once.
• Added debug_toolbar.store.CacheStore for storing toolbar data using Django’s cache framework. This provides persistence without requiring database migrations, and works with any cache backend (Memcached, Redis, database, file-based, etc.).
• Added CACHE_BACKEND and CACHE_KEY_PREFIX settings to configure the CacheStore.

New Contributors

• @​brianhelba made their first contribution in django-commons/django-debug-toolbar#2314

Full Changelog: django-commons/django-debug-toolbar@6.2.0...6.3.0

6.2.0

What's Changed

• Deprecate RedirectsPanel in favor of the HistoryPanel by @​JohananOppongAmoateng in django-commons/django-debug-toolbar#2223
• Add cache view to example app by @​federicobond in django-commons/django-debug-toolbar#2243
• Add zizmor for GHA security analysis by @​tim-schilling in django-commons/django-debug-toolbar#2201
• Add indent size of 2 for yml files. by @​tim-schilling in django-commons/django-debug-toolbar#2244
• Reduce the number of test runs in CI. by @​tim-schilling in django-commons/django-debug-toolbar#2248
• Store the code coverage files on each test run for CI. by @​tim-schilling in django-commons/django-debug-toolbar#2245
• Use double-quotes for GITHUB_REF_NAME shell variable. by @​tim-schilling in django-commons/django-debug-toolbar#2250
• Add Django 6.0 to testing matrix by @​adamchainz in django-commons/django-debug-toolbar#2249
• Add Django 6.0 to testing matrix by @​adamchainz in django-commons/django-debug-toolbar#2251
• Persist the credentials because coverage_comment needs them. by @​tim-schilling in django-commons/django-debug-toolbar#2252
• Show cache alias instead of backend repr in calls table by @​federicobond in django-commons/django-debug-toolbar#2219

... (truncated)

Changelog

Sourced from django-debug-toolbar's changelog.

6.3.0 (2026-04-01)

• Replaced requirements_dev.txt file for pyproject.toml support with dependency groups.
• Updated ReadTheDocs Python version to 3.13.
• Modernize some panel styles and colors.
• Standardize use of time/duration units and labels across panels.
• Added translations for Lithuanian, Turkish and Uzbek.
• Update the translations.
• Expose a py.typed marker file.
• Updated RedirectsPanel to emit the deprecation warning when it's used rather than on instantiation.
• Highlighted the documentation about disabling the browser's caching to ensure the latest static assets are used.
• Fixed bug with CachePanel so the cache patching is only applied once.
• Added debug_toolbar.store.CacheStore for storing toolbar data using Django's cache framework. This provides persistence without requiring database migrations, and works with any cache backend (Memcached, Redis, database, file-based, etc.).
• Added CACHE_BACKEND and CACHE_KEY_PREFIX settings to configure the CacheStore.

6.2.0 (2026-01-20)

• Deprecated RedirectsPanel in favor of HistoryPanel for viewing toolbar data from redirected requests.
• Fixed support for generating code coverage comments in PRs.
• Added Django 6.0 to the testing matrix. Removed Django 5.0 to save CI resources.
• Show the cache backend alias and cache backend class name instead of the cache instance in the cache panel.
• Dropped support for the Python 3.9, it has reached its end of life date.
• Toggle tracking the toolbar's queries when using debug_toolbar.store.DatabaseStore with SKIP_TOOLBAR_QUERIES.
• Fixed font family for code blocks and stack traces in the toolbar.
• Added test to confirm Django's TestCase.assertNumQueries works.
• Fixed string representation of values in settings panel.
• Declared support for Django 6.0.

6.1.0 (2025-10-30)

• Added support for async to timer panel.
• Added a note about the default password in make example.
• Removed logging about the toolbar failing to serialize a value into JSON.
• Moved the the import statement of debug_toolbar.urls to within the if statement's scope on the installation documentation.

... (truncated)

Commits

• b3f943b Version 6.3.0
• 013631b [pre-commit.ci] pre-commit autoupdate
• eeff5d1 Bump actions/cache from 5.0.3 to 5.0.4 in the github-actions group
• 3a87785 Add store that uses cache framework
• 0573846 [pre-commit.ci] pre-commit autoupdate
• 7403bed Only patch the cache methods once.
• 0d25b3a Bump actions/download-artifact in the github-actions group (#2333)
• c89c8cf Bump zizmorcore/zizmor-action in the github-actions group
• 7ae8fac [pre-commit.ci] pre-commit autoupdate (#2328)
• 695cdb2 Highlighted docs on disabling browser caching. (#2302)
• Additional commits viewable in compare view