Bump the optional group with 4 updates

[dependabot]

Updates the requirements on coreapi, django-guardian, pygments and pyyaml to permit the latest version.
Updates coreapi from 2.3.1 to 2.3.3

Commits

• 2685e5d Version 2.3.3 (Clean up PyPI package)
• 27f4f6e Version 2.3.2 (Compat with API Star schemas)
• e0eca9d Merge pull request #144 from edmorley/indicate-python3-support
• 64fd5f1 Add Python 2/3 trove classifiers to setup.py
• b550a2d Test against Python 3.5 and 3.6
• See full diff in compare view

Updates django-guardian to 3.2.0

Release notes

Sourced from django-guardian's releases.

3.2.0 The Bozkir progression

What's Changed

• Update enforcement contact link in CODE_OF_CONDUCT.md by @​Natgho in django-guardian/django-guardian#918
• Optional cached anonymous user - Pr 907 by @​Natgho in django-guardian/django-guardian#912
• generator warnings and logics are added for security purposes by @​Natgho in django-guardian/django-guardian#920
• rollback compatible create anon user fix is developed by @​Natgho in django-guardian/django-guardian#919
• 644 using inlines in django admin with guardian by @​Natgho in django-guardian/django-guardian#921

Full Changelog: django-guardian/django-guardian@3.1.3...3.2.0

Commits

• 4120d00 Merge pull request #921 from django-guardian/644-using-inlines-in-django-admi...
• c896b22 Merge pull request #919 from django-guardian/770-migration-rollback-fix
• 3814e23 Merge branch 'main' into 770-migration-rollback-fix
• 9485489 Merge pull request #920 from django-guardian/666-permissionrequiredmixin-does...
• e01e2e1 check only username field fixing
• e1ae3c5 show warning instead of error for backward compatibility and giving time the ...
• 63c10f5 Merge branch 'main' into 644-using-inlines-in-django-admin-with-guardian
• b27ebbd Merge branch 'main' into 666-permissionrequiredmixin-does-not-warn-against-us...
• d7ed4a3 Merge branch 'main' into 770-migration-rollback-fix
• 03fed69 Merge pull request #912 from django-guardian/pr-907
• Additional commits viewable in compare view

Updates pygments to 2.19.2

Release notes

Sourced from pygments's releases.

2.19.2

• Lua: Fix regression introduced in 2.19.0 (#2882, #2839)

Changelog

Sourced from pygments's changelog.

Version 2.19.2

(released June 21st, 2025)

• Lua: Fix regression introduced in 2.19.0 (#2882, #2839)

Version 2.19.1

(released January 6th, 2025)

• Updated lexers:

  • Ini: Fix quoted string regression introduced in 2.19.0
  • Lua: Fix a regression introduced in 2.19.0

Version 2.19.0

(released January 5th, 2025)

• New lexers:

  • CodeQL (#2819)
  • Debian Sources (#2788, #2747)
  • Gleam (#2662)
  • GoogleSQL (#2820, #2814)
  • JSON5 (#2734, #1880)
  • Maple (#2763, #2548)
  • NumbaIR (#2433)
  • PDDL (#2799, #2616)
  • Rego (#2794)
  • TableGen (#2751)
  • Vue.js (#2832)

• Updated lexers:

  • BQN: Various improvements (#2789)
  • C#: Fix number highlighting (#986, #2727), add file keyword (#2726, #2805, #2806), add various other keywords (#2745, #2770)
  • CSS: Add revert (#2766, #2775)
  • Debian control: Add Change-By field (#2757)
  • Elip: Improve punctuation handling (#2651)
  • Igor: Add int (#2801)
  • Ini: Fix quoted strings with embedded comment characters (#2767, #2720)
  • Java: Support functions returning types containing a question mark (#2737)
  • JavaScript: Support private identiiers (#2729, #2671)
  • LLVM: Add splat, improve floating-point number parsing (#2755)
  • Lua: Improve variable detection, add built-in functions (#2829)
  • Macaulay2: Update to 1.24.11 (#2800)
  • PostgreSQL: Add more EXPLAIN keywords (#2785), handle / (#2774)
  • S-Lexer: Fix keywords (#2082, #2750)
  • TransactSQL: Fix single-line comments (#2717)

... (truncated)

Commits

• cfca62e Prepare v2.19.2 release.
• 6688300 Disable pyodide (currently broken.)
• 66997c3 Update ruff version.
• 94dda77 Update CHANGES.
• 26634c8 Merge pull request #2882 from thavelick/fix_lua_runaway_regex
• b6a51ec fix lua regex causing runaway backtracking.
• edef94d Investigation for #2839.
• fb6a00e Merge pull request #2837 from dlazin/sql-cleanup
• bf7aa23 Clean up sql.py
• b583de4 Prepare 2.19.1 release.
• Additional commits viewable in compare view

Updates pyyaml to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

• Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

• yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)

6.0.2 (2024-08-06)

• yaml/pyyaml#808 -- Support for Cython 3.x and Python 3.13

6.0.1 (2023-07-18)

• yaml/pyyaml#702 -- pin Cython build dep to < 3.0

6.0 (2021-10-13)

• yaml/pyyaml#327 -- Change README format to Markdown
• yaml/pyyaml#483 -- Add a test for YAML 1.1 types
• yaml/pyyaml#497 -- fix float resolver to ignore . and ._
• yaml/pyyaml#550 -- drop Python 2.7
• yaml/pyyaml#553 -- Fix spelling of “hexadecimal”
• yaml/pyyaml#556 -- fix representation of Enum subclasses
• yaml/pyyaml#557 -- fix libyaml extension compiler warnings
• yaml/pyyaml#560 -- fix ResourceWarning on leaked file descriptors
• yaml/pyyaml#561 -- always require Loader arg to yaml.load()
• yaml/pyyaml#564 -- remove remaining direct distutils usage

5.4.1 (2021-01-20)

• yaml/pyyaml#480 -- Fix stub compat with older pyyaml versions that may unwittingly load it

5.4 (2021-01-19)

• yaml/pyyaml#407 -- Build modernization, remove distutils, fix metadata, build wheels, CI to GHA
• yaml/pyyaml#472 -- Fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader
• yaml/pyyaml#441 -- Fix memory leak in implicit resolver setup
• yaml/pyyaml#392 -- Fix py2 copy support for timezone objects
• yaml/pyyaml#378 -- Fix compatibility with Jython

5.3.1 (2020-03-18)

• yaml/pyyaml#386 -- Prevents arbitrary code execution during python/object/new constructor

5.3 (2020-01-06)

• yaml/pyyaml#290 -- Use is instead of equality for comparing with None
• yaml/pyyaml#270 -- Fix typos and stylistic nit
• yaml/pyyaml#309 -- Fix up small typo
• yaml/pyyaml#161 -- Fix handling of slots
• yaml/pyyaml#358 -- Allow calling add_multi_constructor with None
• yaml/pyyaml#285 -- Add use of safe_load() function in README
• yaml/pyyaml#351 -- Fix reader for Unicode code points over 0xFFFF

... (truncated)

Commits

• 49790e7 Release 6.0.3 (#889)
• 41309b0 Release 6.0.2 (#819)
• dd9f0e1 6.0.2rc1 (#809)
• f5527a2 disable CI trigger on PR edits
• b4d80a7 Python 3.12 + musllinux_1_1_x86_64 wheel support
• c42fa3b 6.0.1 release
• ae08bdc block Cython 3.0+ as a build dep (#702)
• f873cfe Add python 3.11 support (#663)
• 8cdff2c 6.0 release
• a4fb55e Update Python 3.10 versions for Windows build
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[Copilot]

Pull request overview

This PR updates four optional dependencies to permit their latest versions. These are automated dependency updates from Dependabot that allow the project to use newer versions of optional packages.

Changes:

• Updated coreapi from 2.3.1 to 2.3.3 (pinned exact version)
• Updated django-guardian to allow versions up to 3.3 (previously capped at 2.5)
• Updated pygments to allow versions from 2.17 to 2.20 (changed from ~=2.17.0)
• Updated pyyaml to allow versions up to 6.1 (previously capped at 5.4)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.