⬆️(dependencies) update python dependencies

renovate.json

@@ -25,6 +25,12 @@
       "matchPackageNames": ["pylint"],
       "allowedVersions": "<4.0.0"
     },
+    {
+      "groupName": "allowed django versions",
+      "matchManagers": ["pep621"],
+      "matchPackageNames": ["django"],
+      "allowedVersions": "<6.0.0"
+    },
     {
       "enabled": false,
       "groupName": "ignored js dependencies",

src/backend/core/tests/authentication/test_backends.py

@@ -5,7 +5,6 @@
 from unittest import mock
 
 from django.core.exceptions import SuspiciousOperation
-from django.test.utils import override_settings
 
 import pytest
 import responses
@@ -323,85 +322,6 @@ def get_userinfo_mocked(*args):
     assert models.User.objects.count() == 1
 
 
-@override_settings(OIDC_OP_USER_ENDPOINT="http://oidc.endpoint.test/userinfo")
-@responses.activate
-def test_authentication_get_userinfo_json_response():
-    """Test get_userinfo method with a JSON response."""
-
-    responses.add(
-        responses.GET,
-        re.compile(r".*/userinfo"),
-        json={
-            "first_name": "John",
-            "last_name": "Doe",
-            "email": "[email protected]",
-        },
-        status=200,
-    )
-
-    oidc_backend = OIDCAuthenticationBackend()
-    result = oidc_backend.get_userinfo("fake_access_token", None, None)
-
-    assert result["first_name"] == "John"
-    assert result["last_name"] == "Doe"
-    assert result["email"] == "[email protected]"
-
-
-@override_settings(OIDC_OP_USER_ENDPOINT="http://oidc.endpoint.test/userinfo")
-@responses.activate
-def test_authentication_get_userinfo_token_response(monkeypatch, settings):
-    """Test get_userinfo method with a token response."""
-    settings.OIDC_RP_SIGN_ALGO = "HS256"  # disable JWKS URL call
-    responses.add(
-        responses.GET,
-        re.compile(r".*/userinfo"),
-        body="fake.jwt.token",
-        status=200,
-        content_type="application/jwt",
-    )
-
-    def mock_verify_token(self, token):  # pylint: disable=unused-argument
-        return {
-            "first_name": "Jane",
-            "last_name": "Doe",
-            "email": "[email protected]",
-        }
-
-    monkeypatch.setattr(OIDCAuthenticationBackend, "verify_token", mock_verify_token)
-
-    oidc_backend = OIDCAuthenticationBackend()
-    result = oidc_backend.get_userinfo("fake_access_token", None, None)
-
-    assert result["first_name"] == "Jane"
-    assert result["last_name"] == "Doe"
-    assert result["email"] == "[email protected]"
-
-
-@override_settings(OIDC_OP_USER_ENDPOINT="http://oidc.endpoint.test/userinfo")
-@responses.activate
-def test_authentication_get_userinfo_invalid_response(settings):
-    """
-    Test get_userinfo method with an invalid JWT response that
-    causes verify_token to raise an error.
-    """
-    settings.OIDC_RP_SIGN_ALGO = "HS256"  # disable JWKS URL call
-    responses.add(
-        responses.GET,
-        re.compile(r".*/userinfo"),
-        body="fake.jwt.token",
-        status=200,
-        content_type="application/jwt",
-    )
-
-    oidc_backend = OIDCAuthenticationBackend()
-
-    with pytest.raises(
-        SuspiciousOperation,
-        match="User info response was not valid JWT",
-    ):
-        oidc_backend.get_userinfo("fake_access_token", None, None)
-
-
 def test_authentication_getter_existing_disabled_user_via_sub(
     django_assert_num_queries, monkeypatch
 ):

src/backend/core/tests/test_models_documents.py

@@ -1393,7 +1393,7 @@ def test_models_documents_restore_complex(django_assert_num_queries):
     assert child2.ancestors_deleted_at == document.deleted_at
 
     # Restore the item
-    with django_assert_num_queries(13):
+    with django_assert_num_queries(14):
         document.restore()
     document.refresh_from_db()
     child1.refresh_from_db()

src/backend/pyproject.toml

@@ -25,22 +25,22 @@ license = { file = "LICENSE" }
 readme = "README.md"
 requires-python = ">=3.12"
 dependencies = [
-    "beautifulsoup4==4.14.2",
-    "boto3==1.40.74",
+    "beautifulsoup4==4.14.3",
+    "boto3==1.42.17",
     "Brotli==1.2.0",
-    "celery[redis]==5.5.3",
+    "celery[redis]==5.6.0",
     "django-configurations==2.5.1",
     "django-cors-headers==4.9.0",
-    "django-countries==8.1.0",
+    "django-countries==8.2.0",
     "django-csp==4.0",
     "django-filter==25.2",
     "django-lasuite[all]==0.0.22",
     "django-parler==2.3",
     "django-redis==6.0.0",
     "django-storages[s3]==1.14.6",
     "django-timezone-field>=5.1",
-    "django==5.2.9",
-    "django-treebeard==4.7.1",
+    "django<6.0.0",
+    "django-treebeard==4.8.0",
     "djangorestframework==3.16.1",
     "drf_spectacular==0.29.0",
     "dockerflow==2024.4.2",
@@ -50,16 +50,16 @@ dependencies = [
     "jsonschema==4.25.1",
     "lxml==6.0.2",
     "markdown==3.10",
-    "mozilla-django-oidc==4.0.1",
+    "mozilla-django-oidc==5.0.2",
     "nested-multipart-parser==1.6.0",
-    "openai==2.8.0",
-    "psycopg[binary]==3.2.12",
-    "pycrdt==0.12.43", 
+    "openai==2.14.0",
+    "psycopg[binary]==3.3.2",
+    "pycrdt==0.12.44", 
     "PyJWT==2.10.1",
     "python-magic==0.4.27",
     "redis<6.0.0",
     "requests==2.32.5",
-    "sentry-sdk==2.44.0",
+    "sentry-sdk==2.48.0",
     "whitenoise==6.11.0",
 ]
 
@@ -73,20 +73,20 @@ dependencies = [
 dev = [
     "django-extensions==4.1",
     "django-test-migrations==1.5.0",
-    "drf-spectacular-sidecar==2025.10.1",
+    "drf-spectacular-sidecar==2025.12.1",
     "freezegun==1.5.5",
     "ipdb==0.13.13",
-    "ipython==9.7.0",
-    "pyfakefs==5.10.2",
+    "ipython==9.8.0",
+    "pyfakefs==6.0.0",
     "pylint-django==2.6.1",
     "pylint<4.0.0",
     "pytest-cov==7.0.0",
     "pytest-django==4.11.1",
-    "pytest==9.0.1",
+    "pytest==9.0.2",
     "pytest-icdiff==0.9",
     "pytest-xdist==3.8.0",
     "responses==0.25.8",
-    "ruff==0.14.5",
+    "ruff==0.14.10",
     "types-requests==2.32.4.20250913",
 ]