Bump the "templates" group with 8 updates across multiple ecosystems

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps django-debug-toolbar from 5.2.0 to 6.0.0.

Release notes

Sourced from django-debug-toolbar's releases.

6.0.0

Description

The v6.0.0 release of Django Debug Toolbar significantly revamps how panels for the toolbar work. Each panel will now persist its data in a store. A store can either be backed by various backends. The toolbar will support a memory and database backend to start.

The toolbar is now using Django's SafeExceptionReporterFilter.cleanse_setting() function to filter out sensitive information. Some data will be replaced with "********************". This is because the toolbar could be configured to write the request information to a persistent store such as a cache or database.

Django applications with basic installations are backwards compatible with this change. If there are hooks into the internals of the toolbar, such as DebugToolbar.store_id then it will be backwards incompatible.

Third-party panels will need updating. Any data that is stored in record_stats will need to be fetched back out from self.get_stats() before being able to be rendered. This is to support loading an instance of the toolbar from persisted data. A simple example of this transition can be found in debug_toolbar/panels/cache.py in PR 2138

How to upgrade

• Changes required if the toolbar isn't installed entirely programmatically
  • If you experience RuntimeError: Model class debug_toolbar.models.HistoryEntry doesn't declare an explicit app_label and isn't in an application in INSTALLED_APPS, you need to remove the reference to the toolbar's urls in your urls.py file and MIDDLEWARE setting when the toolbar isn't in INSTALLED_APPS
• If you have a custom panel, you'll need to adjust record_stats and use self.get_stats() to fetch data for rendering
• If you'd like to use the database store, see TOOLBAR_STORE_CLASS for more info

Why did the internals change?

The Django Debug Toolbar is a popular package we did not want to block the community from pursuing the async path for Django applications. Writing the request data to a store better positions the toolbar for async projects. It also opens the door for it being usable in production as well with API integrations.

What's Changed

• Log serialization warning when a panel errors. by @​tim-schilling in django-commons/django-debug-toolbar#1810
• Improve clarity of record_stats for serialization. by @​tim-schilling in django-commons/django-debug-toolbar#1965
• Update serializable branch with main by @​tim-schilling in django-commons/django-debug-toolbar#2072
• Remove pin for django-csp. by @​tim-schilling in django-commons/django-debug-toolbar#2132
• Fixes #2073 -- Added DatabaseStore for persistent debug data storage. by @​dr-rompecabezas in django-commons/django-debug-toolbar#2121
• Disabled document.cookie linter by @​tim-schilling in django-commons/django-debug-toolbar#2139
• Added check for pytest as test runner for IS_RUNNING_TESTS. by @​tim-schilling in django-commons/django-debug-toolbar#2137
• Remove Type Hints from CspRenderingTestCase by @​andoriyaprashant in django-commons/django-debug-toolbar#2144
• Add show_toolbar_with_docker function for Docker IP handling by @​matthiask in django-commons/django-debug-toolbar#2153
• Support serializable toolbar by @​tim-schilling in django-commons/django-debug-toolbar#2138
• Deduplicate staticfiles by @​matthiask in django-commons/django-debug-toolbar#2155
• Fixes #2158 -- Made static file objects orderable by @​matthiask in django-commons/django-debug-toolbar#2161
• Fixes #2160 -- Corrected links to static files by @​matthiask in django-commons/django-debug-toolbar#2162
• Fixes #2151 -- Forwarded args and kwargs in URLMixin.url by @​matthiask in django-commons/django-debug-toolbar#2163
• Fixes #2159 -- Do not HTML-escape traces in the cache and profiling panel by @​matthiask in django-commons/django-debug-toolbar#2164

Full Changelog: django-commons/django-debug-toolbar@5.2.0...6.0.0

Acknowlegements

Thank you to all the contributors who made this release possible. Thank you to @​robhudson, @​matthiask, @​tim-schilling, @​salty-ivy and @​dr-rompecabezas for their support, development and reviews of the serializable toolbar changes. A special shout-out to @​matthiask for leading the Djangonaut Space Session 4 team of @​dr-rompecabezas, @​andoriyaprashant and @​blingblin-g.

Changelog

Sourced from django-debug-toolbar's changelog.

6.0.0 (2025-07-22)

• Added support for checking if pytest as the test runner when determining if tests are running.
• Added show_toolbar_with_docker function to check Docker host IP address when running inside Docker containers.
• Defines the BaseStore interface for request storage mechanisms.
• Added the setting TOOLBAR_STORE_CLASS to configure the request storage mechanism. Defaults to debug_toolbar.store.MemoryStore.
• Rename store_id properties to request_id and Toolbar.store to Toolbar.init_store.
• Support Panel instances with stored stats via Panel.load_stats_from_store.
• Swapped Toolbar._store for the get_store() class.
• Created a StoredDebugToolbar that support creating an instance of the toolbar representing an old request. It should only be used for fetching panels' contents.
• Drop raw_params from query data.
• Queries now have a unique djdt_query_id. The SQL forms now reference this id and avoid passing SQL to be executed.
• Move the formatting logic of SQL queries to just before rendering in SQLPanel.content.
• Make Panel.panel_id a class member.
• Update all panels to utilize data from Panel.get_stats() to load content to render. Specifically for Panel.title and Panel.nav_title.
• Extend example app to contain an async version.
• Added debug_toolbar.store.DatabaseStore for persistent debug data storage.
• Deduplicated static files in the staticfiles panel.

Commits

• 4e47b94 Version 6.0.0
• 08a110e Fixes #2159 -- Do not HTML-escape traces in the cache and profiling panel
• b40dd8a Fixes 2151 -- Forwarded args and kwargs in URLMixin.url (#2163)
• cda2553 Fixes #2160 -- Corrected links to static files (#2162)
• 569528b Fixes #2158 -- Made static file objects orderable (#2161)
• 8ee45ed [pre-commit.ci] pre-commit autoupdate
• afd5e7e Deduplicate staticfiles (#2155)
• 9ee6c20 Merge remote-tracking branch 'origin/serializable'
• afcc4e1 [pre-commit.ci] pre-commit autoupdate (#2154)
• 2fafbb4 Merge branch 'main' into serializable
• Additional commits viewable in compare view

Bumps ruff from 0.12.3 to 0.12.5.

Release notes

Sourced from ruff's releases.

0.12.5

Release Notes

Preview features

• [flake8-use-pathlib] Add autofix for PTH101, PTH104, PTH105, PTH121 (#19404)
• [ruff] Support byte strings (RUF055) (#18926)

Bug fixes

• Fix unreachable panic in parser (#19183)
• [flake8-pyi] Skip fix if all Union members are None (PYI016) (#19416)
• [perflint] Parenthesize generator expressions (PERF401) (#19325)
• [pylint] Handle empty comments after line continuation (PLR2044) (#19405)

Rule changes

• [pep8-naming] Fix N802 false positives for CGIHTTPRequestHandler and SimpleHTTPRequestHandler (#19432)

Contributors

• @​AlexWaygood
• @​BurntSushi
• @​CodeMan62
• @​Gankra
• @​MichaReiser
• @​UnboundVariable
• @​chirizxc
• @​danparizher
• @​dcreager
• @​dhruvmanila
• @​dylwil3
• @​github-actions
• @​ibraheemdev
• @​ntBre
• @​oconnor663
• @​renovate
• @​sharkdp
• @​soundsonacid
• @​thejchap

Install ruff 0.12.5

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.12.5/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

... (truncated)

Changelog

Sourced from ruff's changelog.

0.12.5

Preview features

• [flake8-use-pathlib] Add autofix for PTH101, PTH104, PTH105, PTH121 (#19404)
• [ruff] Support byte strings (RUF055) (#18926)

Bug fixes

• Fix unreachable panic in parser (#19183)
• [flake8-pyi] Skip fix if all Union members are None (PYI016) (#19416)
• [perflint] Parenthesize generator expressions (PERF401) (#19325)
• [pylint] Handle empty comments after line continuation (PLR2044) (#19405)

Rule changes

• [pep8-naming] Fix N802 false positives for CGIHTTPRequestHandler and SimpleHTTPRequestHandler (#19432)

0.12.4

Preview features

• [flake8-type-checking, pyupgrade, ruff] Add from __future__ import annotations when it would allow new fixes (TC001, TC002, TC003, UP037, RUF013) (#19100)
• [flake8-use-pathlib] Add autofix for PTH109 (#19245)
• [pylint] Detect indirect pathlib.Path usages for unspecified-encoding (PLW1514) (#19304)

Bug fixes

• [flake8-bugbear] Fix B017 false negatives for keyword exception arguments (#19217)
• [flake8-use-pathlib] Fix false negative on direct Path() instantiation (PTH210) (#19388)
• [flake8-django] Fix DJ008 false positive for abstract models with type-annotated abstract field (#19221)
• [isort] Fix I002 import insertion after docstring with multiple string statements (#19222)
• [isort] Treat form feed as valid whitespace before a semicolon (#19343)
• [pydoclint] Fix SyntaxError from fixes with line continuations (D201, D202) (#19246)
• [refurb] FURB164 fix should validate arguments and should usually be marked unsafe (#19136)

Rule changes

• [flake8-use-pathlib] Skip single dots for invalid-pathlib-with-suffix (PTH210) on versions >= 3.14 (#19331)
• [pep8_naming] Avoid false positives on standard library functions with uppercase names (N802) (#18907)
• [pycodestyle] Handle brace escapes for t-strings in logical lines (#19358)
• [pylint] Extend invalid string character rules to include t-strings (#19355)
• [ruff] Allow strict kwarg when checking for starmap-zip (RUF058) in Python 3.14+ (#19333)

Documentation

• [flake8-type-checking] Make TC010 docs example more realistic (#19356)
• Make more documentation examples error out-of-the-box (#19288,#19272,#19291,#19296,#19292,#19295,#19297,#19309)

Commits

• d13228a Bump 0.12.5 (#19528)
• 9461d30 [ty] Rename type_api => ty_extensions (#19523)
• 63d1d33 [ty] Added support for "go to references" in ty playground. (#19516)
• e0149cd [ty] Return a tuple spec from the iterator protocol (#19496)
• 2a00eca [ty] Exhaustiveness checking & reachability for match statements (#19508)
• 3d17897 [ty] Fix narrowing and reachability of class patterns with arguments (#19512)
• fa1df4c [ty] Implemented partial support for "find references" language server featur...
• 89258f1 [flake8-use-pathlib] Add autofix for PTH101, PTH104, PTH105, PTH121...
• 1dcef1a [perflint] Parenthesize generator expressions (PERF401) (#19325)
• ba629fe [pep8-naming] Fix N802 false positives for CGIHTTPRequestHandler and `S...
• Additional commits viewable in compare view

Bumps @testing-library/jest-dom from 6.6.3 to 6.6.4.

Release notes

Sourced from @​testing-library/jest-dom's releases.

v6.6.4

6.6.4 (2025-07-26)

Performance Improvements

• replace chalk with picocolors (#659) (707e647)

Commits

• 707e647 perf: replace chalk with picocolors (#659)
• 918b6fb docs: add InfiniteXyy as a contributor for code, and bug (#650)
• See full diff in compare view

Bumps rollup from 4.45.1 to 4.46.1.

Release notes

Sourced from rollup's releases.

v4.46.1

4.46.1

2025-07-28

Bug Fixes

• Do not fail when using the in operator on external namespaces (#6036)

Pull Requests

• #6036: disables optimization for external namespace when using the in operator (@​TrickyPi)

v4.46.0

4.46.0

2025-07-27

Features

• Optimize in checks on namespaces to keep them treeshake-able (#6029)

Pull Requests

• #5991: feat: update linux-loongarch64-gnu (@​wojiushixiaobai, @​lukastaegert)
• #6029: feat: optimize in checks on namespaces to keep them treeshake-able (@​cyyynthia, @​lukastaegert)
• #6033: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)

v4.45.3

4.45.3

2025-07-26

Bug Fixes

• Do not fail build if a const is reassigned but warn instead (#6020)
• Fail with a helpful error message if an exported binding is not defined (#6023)

Pull Requests

• #6014: chore(deps): update dependency @​vue/language-server to v3 (@​renovate[bot])
• #6015: chore(deps): update dependency vue-tsc to v3 (@​renovate[bot], @​lukastaegert)
• #6016: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #6017: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6020: Make const reassignments only a warning (@​lukastaegert)
• #6023: Throw descriptive error message for used export is not defined (@​TrickyPi)
• #6027: feat: upgrade to NAPI-RS 3 stable (@​Brooooooklyn)
• #6028: Update eslint-plugin-unicorn to resolve vulnerability (@​lukastaegert)
• #6034: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)

Changelog

Sourced from rollup's changelog.

4.46.1

2025-07-28

Bug Fixes

• Do not fail when using the in operator on external namespaces (#6036)

Pull Requests

• #6036: disables optimization for external namespace when using the in operator (@​TrickyPi)

4.46.0

2025-07-27

Features

• Optimize in checks on namespaces to keep them treeshake-able (#6029)

Pull Requests

• #5991: feat: update linux-loongarch64-gnu (@​wojiushixiaobai, @​lukastaegert)
• #6029: feat: optimize in checks on namespaces to keep them treeshake-able (@​cyyynthia, @​lukastaegert)
• #6033: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)

4.45.3

2025-07-26

Bug Fixes

• Do not fail build if a const is reassigned but warn instead (#6020)
• Fail with a helpful error message if an exported binding is not defined (#6023)

Pull Requests

• #6014: chore(deps): update dependency @​vue/language-server to v3 (@​renovate[bot])
• #6015: chore(deps): update dependency vue-tsc to v3 (@​renovate[bot], @​lukastaegert)
• #6016: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #6017: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6020: Make const reassignments only a warning (@​lukastaegert)
• #6023: Throw descriptive error message for used export is not defined (@​TrickyPi)
• #6027: feat: upgrade to NAPI-RS 3 stable (@​Brooooooklyn)
• #6028: Update eslint-plugin-unicorn to resolve vulnerability (@​lukastaegert)
• #6034: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)

Commits

• 244dc20 4.46.1
• 6031a33 disables optimization for external namespace when using the in operator (#6036)
• 09794f1 4.46.0
• 9a8614f feat: optimize in checks on namespaces to keep them treeshake-able (#6029)
• fdd48a9 feat: update linux-loongarch64-gnu (#5991)
• 461b1ac fix(deps): update swc monorepo (major) (#6033)
• d6908c9 4.45.3
• ccdde29 Fix option name
• a29ef7a 4.45.2
• 9f3835e Fix package name for ppc64 architecture
• Additional commits viewable in compare view

Bumps jest from 30.0.4 to 30.0.5.

Changelog

Sourced from jest's changelog.

30.0.5

Features

• [jest-config] Allow testMatch to take a string value
• [jest-worker] Let workerIdleMemoryLimit accept 0 to always restart worker child processes

Fixes

• [expect] Fix bigint error (#15702)

Commits

• 22236cf v30.0.5
• See full diff in compare view

Bumps babel-jest from 30.0.4 to 30.0.5.

Changelog

Sourced from babel-jest's changelog.

30.0.5

Features

• [jest-config] Allow testMatch to take a string value
• [jest-worker] Let workerIdleMemoryLimit accept 0 to always restart worker child processes

Fixes

• [expect] Fix bigint error (#15702)

Commits

• 22236cf v30.0.5
• See full diff in compare view

Bumps @testing-library/dom from 10.4.0 to 10.4.1.

Release notes

Sourced from @​testing-library/dom's releases.

v10.4.1

10.4.1 (2025-07-27)

Bug Fixes

• deps: replace chalk with picocolors (#1341) (225a3e4)

Commits

• 225a3e4 fix(deps): replace chalk with picocolors (#1341)
• See full diff in compare view

Bumps jest-environment-jsdom from 30.0.4 to 30.0.5.

Changelog

Sourced from jest-environment-jsdom's changelog.

30.0.5

Features

• [jest-config] Allow testMatch to take a string value
• [jest-worker] Let workerIdleMemoryLimit accept 0 to always restart worker child processes

Fixes

• [expect] Fix bigint error (#15702)

Commits

• 22236cf v30.0.5
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[MatMoore]

Closing as the dependabot config is not working as intended.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.