chore(deps): bump the python-minor-patch group across 2 directories with 7 updates

[dependabot]

Bumps the python-minor-patch group with 4 updates in the /opendata_module directory: pyyaml, setuptools, dill and django.
Bumps the python-minor-patch group with 4 updates in the /reports_module directory: pyyaml, jinja2, requests and jsonschema.

Updates pyyaml from 6.0.2 to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

• Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

• yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)

Commits

• 49790e7 Release 6.0.3 (#889)
• See full diff in compare view

Updates setuptools from 75.3.0 to 75.3.2

Changelog

Sourced from setuptools's changelog.

v75.3.2

• Fixed version error in changelog.

v75.3.1

Bugfixes

• Fix wheel file naming to follow binary distribution specification -- by :user:di (#4877)

v76.0.0

Deprecations and Removals

• Synced with pypa/distutils@5589d7527 including a simplified shebang generation when building scripts (#4863). (#4865)

v75.9.1

Bugfixes

• Fix ImportError in distutils when configuring for linking. (#4866)

v75.9.0

Features

• pypa/distutils#327#4852)

v75.8.2

Bugfixes

• Fixed pkg_resources.require(...) to also consider standardised dist-info directories. (#4856)

... (truncated)

Commits

• 1148613 Merge tag 'v75.3.1'
• 51a09c9 Mark failing test as xfail.
• be96588 Mark failing tests as xfail. Ref #4864.
• 5cac330 Pin ruff at 2024-10-29 to avoid emergent failures from later releases.
• 23b7b52 Bump version: 75.3.0 → 75.3.1
• 1740976 Repoint the news fragment.
• 9559193 Merge pull request #4766 from di/fix/3777
• b10fa52 Reduce Ruff configs that duplicates upstream after skeleton merge (#4857)
• 45375cd Reduce Ruff configs that duplicates upstream after skeleton merge
• c11a494 Bump version: 75.9.1 → 76.0.0
• Additional commits viewable in compare view

Updates dill from 0.3.9 to 0.4.0

Commits

• 16eb90b tag: 0.4.0
• cd7a5a8 Bump jinja2 from 3.1.5 to 3.1.6 in /docs (#705)
• 0717bd1 move travis build of 3.9 to focal (#708)
• 599265e fix CodeType support for PyPy3.11 7.3.19+ (#707)
• acc49cf update docs requirements; CI for pypy3.11 (#702)
• a3d129f support pypy-3.11 (#701)
• 7f678e7 Bump jinja2 from 3.1.4 to 3.1.5 in /docs (#695)
• 5adb444 updated copyright for 2025 (#696)
• c8b8c57 fix typo in requirements (#693)
• e3c85c8 Bump starlette from 0.37.2 to 0.40.0 in /docs (#686)
• Additional commits viewable in compare view

Updates django from 4.2.19 to 4.2.24

Commits

• 5e23d89 [4.2.x] Bumped version for 4.2.24 release.
• 31334e6 [4.2.x] Fixed CVE-2025-57833 -- Protected FilteredRelation against SQL inject...
• d5860d5 [4.2.x] Added stub release notes and release date for 4.2.24.
• c3f9871 [4.2.x] Fixed #36499 -- Adjusted utils_tests.test_html.TestUtilsHtml.test_str...
• 2a79837 [4.2.x] Fixed test_utils.tests.HTMLEqualTests.test_parsing_errors following P...
• 7335a1a [4.2.x] Refs #36535 -- Doc'd that docutils < 0.22 is required.
• 591b23a [4.2.x] Fixed GitHub Action that checks commit prefixes to fetch PR head corr...
• 0c9ab35 [4.2.x] Added GitHub Action to enforce stable branch commit message prefix.
• 8293b0f [4.2.x] Added follow-up to CVE-2025-48432 to security archive.
• bc4d96c [4.2.x] Post-release version bump.
• Additional commits viewable in compare view

Updates pyyaml from 6.0.2 to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

• Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

• yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)

Commits

• 49790e7 Release 6.0.3 (#889)
• See full diff in compare view

Updates pyyaml from 6.0.2 to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

• Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

• yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)

Commits

• 49790e7 Release 6.0.3 (#889)
• See full diff in compare view

Updates jinja2 from 3.1.5 to 3.1.6

Release notes

Sourced from jinja2's releases.

3.1.6

This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.6/ Changes: https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6

• The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. GHSA-cpwx-vrp4-4pq7

Changelog

Sourced from jinja2's changelog.

Version 3.1.6

Released 2025-03-05

• The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:cpwx-vrp4-4pq7

Commits

• 1520688 release version 3.1.6
• 90457bb Merge commit from fork
• 065334d attr filter uses env.getattr
• 033c200 start version 3.1.6
• bc68d4e use global contributing guide (#2070)
• 247de5e use global contributing guide
• ab8218c use project advisory link instead of global
• b4ffc8f release version 3.1.5 (#2066)
• See full diff in compare view

Updates pyyaml from 6.0.2 to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

• Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

• yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)

Commits

• 49790e7 Release 6.0.3 (#889)
• See full diff in compare view

Updates requests from 2.32.3 to 2.32.5

Release notes

Sourced from requests's releases.

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

v2.32.4

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file. (#6965)

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS. (#6926)
• Dropped support for pypy 3.9 following its end of support. (#6926)

Changelog

Sourced from requests's changelog.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

2.32.4 (2025-06-10)

Security

• CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file.

Improvements

• Numerous documentation improvements

Deprecations

• Added support for pypy 3.11 for Linux and macOS.
• Dropped support for pypy 3.9 following its end of support.

Commits

• b25c87d v2.32.5
• 131e506 Merge pull request #7010 from psf/dependabot/github_actions/actions/checkout-...
• b336cb2 Bump actions/checkout from 4.2.0 to 5.0.0
• 46e939b Update publish workflow to use artifact-id instead of name
• 4b9c546 Merge pull request #6999 from psf/dependabot/github_actions/step-security/har...
• 7618dbe Bump step-security/harden-runner from 2.12.0 to 2.13.0
• 2edca11 Add support for Python 3.14 and drop support for Python 3.8 (#6993)
• fec96cd Update Makefile rules (#6996)
• d58d8aa docs: clarify timeout parameter uses seconds in Session.request (#6994)
• 91a3eab Bump github/codeql-action from 3.28.5 to 3.29.0
• Additional commits viewable in compare view

Updates jsonschema from 4.23.0 to 4.25.1

Release notes

Sourced from jsonschema's releases.

v4.25.1

What's Changed

• Fix Validator protocol init to match runtime by @​sirosen in python-jsonschema/jsonschema#1396

Full Changelog: python-jsonschema/jsonschema@v4.25.0...v4.25.1

v4.25.0

What's Changed

• Add support for the iri and iri-reference formats to the format-nongpl extra by @​jkowalleck in python-jsonschema/jsonschema#1388

New Contributors

• @​jkowalleck made their first contribution in python-jsonschema/jsonschema#1388

Full Changelog: python-jsonschema/jsonschema@v4.24.1...v4.25.0

v4.24.1

What's Changed

• Unambiguously quote and escape properties in JSON path rendering by @​kurtmckee in python-jsonschema/jsonschema#1390
• Drop python<3.9 backports by @​hackowitz-af in python-jsonschema/jsonschema#1367

New Contributors

• @​hackowitz-af made their first contribution in python-jsonschema/jsonschema#1367
• @​kurtmckee made their first contribution in python-jsonschema/jsonschema#1390

Full Changelog: python-jsonschema/jsonschema@v4.24.0...v4.24.1

v4.24.0

What's Changed

• Fix calculation of evaluated properties by @​V02460 in python-jsonschema/jsonschema#1351
• Support for Python 3.8 has been dropped, as it is end-of-life.

New Contributors

• @​bkueng made their first contribution in python-jsonschema/jsonschema#1326
• @​V02460 made their first contribution in python-jsonschema/jsonschema#1351

Full Changelog: python-jsonschema/jsonschema@v4.23.0...v4.24.0

Changelog

Sourced from jsonschema's changelog.

v4.25.1

• Fix an incorrect required argument in the Validator protocol's type annotations (#1396).

v4.25.0

• Add support for the iri and iri-reference formats to the format-nongpl extra via the MIT-licensed rfc3987-syntax. They were alread supported by the format extra. (#1388).

v4.24.1

• Properly escape segments in ValidationError.json_path (#139).

v4.24.0

• Fix improper handling of unevaluatedProperties in the presence of additionalProperties (#1351).
• Support for Python 3.8 has been dropped, as it is end-of-life.

Commits

• 331c384 Add the fix to the changelog.
• c1ec0a6 Merge pull request #1398 from python-jsonschema/dependabot/github_actions/ast...
• 8e7d594 Merge pull request #1399 from python-jsonschema/dependabot/github_actions/act...
• 460f4fa Merge pull request #1396 from sirosen/improve-protocol-init-signature
• 1e58409 [pre-commit.ci] auto fixes from pre-commit.com hooks
• 64bc217 Add a typing test for the Validator protocol
• 6c25741 Bump actions/checkout from 4 to 5
• bf603d5 Bump astral-sh/setup-uv from 6.4.3 to 6.5.0
• a916d8f Fix Validator protocol init to match runtime
• de60f18 Merge pull request #1397 from python-jsonschema/pre-commit-ci-update-config
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud