chore(deps): bump the dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the dependencies group with 8 updates in the /src/backend directory:

Package	From	To
django	5.2.14	6.0.5
ty	0.0.1a21	0.0.39
bleach	4.1.0	6.3.0
blessed	1.42.0	1.44.0
django-allauth	65.14.3	65.17.0
django-otp	1.3.0	1.7.0
protobuf	6.33.6	7.35.0
wrapt	1.17.3	2.2.1

Updates django from 5.2.14 to 6.0.5

Commits

• 8f8ad09 [6.0.x] Bumped version for 6.0.5 release.
• 44ad76e [6.0.x] Fixed CVE-2026-6907 -- Prevented caching of requests when Vary header...
• 1b0184a [6.0.x] Fixed CVE-2026-35192 -- Ensured Vary header is sent when setting sess...
• ad8f9e1 [6.0.x] Fixed CVE-2026-5766 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE in Memory...
• 990ab01 [6.0.x] Fixed #37039 -- Removed outdated note from QuerySet.iterator() docs.
• f0c269f [6.0.x] Fixed typo in stub release notes for 5.2.14.
• 8bcd15b [6.0.x] Fixed #37067 -- Added trailing slash in django_file_prefixes().
• 3cdec64 [6.0.x] Refs CVE-2026-25674 -- Clarified role of umask in upload permissions.
• 5dd5c70 [6.0.x] Added stub release notes and release date for 6.0.5 and 5.2.14.
• 8ee7341 [6.0.x] Refs #373, #34122 -- Removed warning that ForeignObject is an interna...
• Additional commits viewable in compare view

Updates ty from 0.0.1a21 to 0.0.39

Release notes

Sourced from ty's releases.

0.0.39

Release Notes

Released on 2026-05-22.

This release removes the Python 3.9 branches from our vendored standard library stubs. ty now only has "full" support for Python 3.10 and later, but will still report version-specific syntax errors and other diagnostics when --python-version 3.9 is provided via the CLI.

Bug fixes

• Avoid panicking on __new__ assignments to classes (#25282)
• Preserve declaration order when synthesizing class fields (#25249)
• Respect dict-compatible fallbacks in TypedDict unions (#25242)
• Retain recursively-defined state in binary expressions (#25277)

LSP server

• Add Quick Fix to remove redundant cast (#25211)
• Classify property declaration semantic tokens (#25322)
• Escape HTML syntax in docstring rendering (#25247)
• Prefer symbols from standard library over those of the same name from third party libraries for import completions. (#25108)
• Support type aliases in document symbols (#25302)

Diagnostics

• Add error context for extra callable parameters (#25269)

Performance

• Avoid exponential blow-up in fall-through narrowing (#25278)
• Speed up include filtering for projects with many literal include patterns (#25266)

Core type checking

• Allow enum member accesses on self (#25077)
• Emit a diagnostic for subclassing with order=True (#21704)
• Full-scope bidirectional inference for unconstrained container literals (#25279)
• Infer dict(TypedDict) as dict[str, object] (#24852)
• Refine Callable class-decorator fallback for unknown results (#25250)
• Reject incompatible explicit variance in generic base classes (#25327)
• Support multi-inference through type aliases (#25245)
• Sync vendored typeshed stubs (#25271, #25172)

Contributors

• @​ibraheemdev
• @​MatthewMckee4
• @​sqqueak
• @​lerebear

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.39

Released on 2026-05-22.

This release removes the Python 3.9 branches from our vendored standard library stubs. ty now only has "full" support for Python 3.10 and later, but will still report version-specific syntax errors and other diagnostics when --python-version 3.9 is provided via the CLI.

Bug fixes

• Avoid panicking on __new__ assignments to classes (#25282)
• Preserve declaration order when synthesizing class fields (#25249)
• Respect dict-compatible fallbacks in TypedDict unions (#25242)
• Retain recursively-defined state in binary expressions (#25277)

LSP server

• Add Quick Fix to remove redundant cast (#25211)
• Classify property declaration semantic tokens (#25322)
• Escape HTML syntax in docstring rendering (#25247)
• Prefer symbols from standard library over those of the same name from third party libraries for import completions. (#25108)
• Support type aliases in document symbols (#25302)

Diagnostics

• Add error context for extra callable parameters (#25269)

Performance

• Avoid exponential blow-up in fall-through narrowing (#25278)
• Speed up include filtering for projects with many literal include patterns (#25266)

Core type checking

• Allow enum member accesses on self (#25077)
• Emit a diagnostic for subclassing with order=True (#21704)
• Full-scope bidirectional inference for unconstrained container literals (#25279)
• Infer dict(TypedDict) as dict[str, object] (#24852)
• Refine Callable class-decorator fallback for unknown results (#25250)
• Reject incompatible explicit variance in generic base classes (#25327)
• Support multi-inference through type aliases (#25245)
• Sync vendored typeshed stubs (#25271, #25172)

Contributors

• @​ibraheemdev
• @​MatthewMckee4
• @​sqqueak
• @​lerebear
• @​sharkdp

... (truncated)

Commits

• 0205125 Bump version to 0.0.39 (#3516)
• ae8058d Update maturin to v1.13.3 (#3494)
• 33b60f8 Update prek dependencies (#3495)
• 1d3efc1 Bump version to 0.0.38 (#3492)
• f5100cc scripts/update_schemastore: use -C to allow re-running schema update on exist...
• f18aed6 Bump version to 0.0.37 (#3473)
• a63e559 Bump version to 0.0.36 (#3463)
• 94370d5 Update prek dependencies (#3449)
• bc12d1c Bump version to 0.0.35 (#3436)
• fb34d89 Build riscv64 manylinux binary (#3402)
• Additional commits viewable in compare view

Updates bleach from 4.1.0 to 6.3.0

Changelog

Sourced from bleach's changelog.

Version 6.3.0 (October 27th, 2025)

Backwards incompatible changes

• Dropped support for Python 3.9. (#756)

Security fixes

None

Bug fixes

• Add support for Python 3.14. (#758)
• Fix wbr handling. (#488)

Version 6.2.0 (October 29th, 2024)

Backwards incompatible changes

• Dropped support for Python 3.8. (#737)

Security fixes

None

Bug fixes

• Add support for Python 3.13. (#736)
• Remove six depdenncy. (#618)
• Update known-good versions for tinycss2. (#732)
• Fix additional < followed by characters and EOF issues. (#728)

Version 6.1.0 (October 6th, 2023)

Backwards incompatible changes

• Dropped support for Python 3.7. (#709)

Security fixes

None

Bug fixes

• Add support for Python 3.12. (#710)

... (truncated)

Commits

• 5546d5d chore: prep for 6.3.0 release
• 88df3ff chore: fix readthedocs
• d8b2fb4 fix: fix wbr handling (#488)
• 55e48ce chore: add support for Python 3.14 (#758)
• a4d6cdd chore: drop support for Python 3.9 (#756)
• 172d92f Bump actions/setup-python from 5.6.0 to 6.0.0
• df88612 Bump actions/checkout from 4.2.2 to 5.0.0
• cbcf6b1 Bump actions/cache from 4.2.3 to 4.3.0
• d9aa7ef Switch from dependabot reviewers to CODEOWNERS
• 06f0f76 Update setuptools, wheel, and twine for devs
• Additional commits viewable in compare view

Updates blessed from 1.42.0 to 1.44.0

Release notes

Sourced from blessed's releases.

1.43: bugfix leaked XTGETTCAP responses into inkey()

What's Changed

• bugfix leaked XTGETTCAP responses into inkey() by @​jquast in jquast/blessed#383

Full Changelog: jquast/blessed@1.42...1.43

1.17.9: Initial support for Python 3.10

• bugfix: Now imports on 3.10+

1.15.0: Disable various integration tests, support python 3.7

No release notes provided.

1.14.0: bugfix term.wrap for text containing newlines

• bugfix: term.wrap misbehaved for text containing newlines, #74

1.13.0: new Terminal.split_seqs() function, speed enhancement

• enhancement: method Terminal.split_seqs introduced, and 4x cost reduction in related sequence-aware functions, #29.
• deprecated: function blessed.sequences.measure_length superseded by blessed.sequences.iter_parse if necessary.
• deprecated: warnings about "binary-packed capabilities" are no longer emitted on strange terminal types, making best effort.

1.12.0: add Terminal.get_location() method

• enhancement: method Terminal.get_locationreturns the(row, col)`` position of the cursor at the time of call for attached terminal.
• enhancement: a keyboard now detected as stdin when stream is sys.stderr.

Changelog

Sourced from blessed's changelog.

.. py:currentmodule:: blessed.terminal

Version History

1.44

• improve: reduce errant XTGETTCAP output for Terminal.app and ConEmu.exe :ghpull:385.

1.43

• bugfix: regression of XTGETTCAP responses leaking into first call for empty/non-response terminals (libvte/Gnome Terminal), in versions 1.40 to 1.42 :ghpull:383.

1.42

• bugfix: regression in :meth:~.Terminal.cbreak and :meth:~.Terminal.raw were not thread-safe broken in versions 1.40 and 1.41, remove signal ignore of SIGTTOU :ghissue:380.

1.41

• bugfix: :meth:~.Terminal.get_location broken in 1.40, returned a generator instead of a tuple. :ghissue:378.

1.40

• improved: jinxed_ is now required on all platforms, providing a curses-free and singleton-free <https://jinxed.readthedocs.io/en/stable/capabilities.html#singleton-free>_ implementation of the subset of curses_ used by blessed. The jinxed_ 1.5.0 release provides a terminal capability database <https://jinxed.readthedocs.io/en/stable/capabilities.html#database> of 45 terminals and their common aliases.

• improved: Class initialization of :class:~.Terminal() now uses XTGETTCAP_ to determine preferred terminal name TN, 24-bit color support RGB, number of colors Co, italic, and blink capabilities.

  This improves detection of Terminal kind and number_of_colors over protocols like serial that cannot forward any environment variables or ssh that do not forward COLORTERM.

• introduced: A :exc:UserWarning is emitted when :meth:~.Terminal.__getattr__ resolves an unknown terminal capability name, helping developers catch typos like term.bld (missing bold). The warning can be suppressed by setting the environment variable BLESSED_NOWARN_UNKNOWN_CAPS.

• bugfix: Fixed internal typo susimpleript to the correct terminfo name ssubm for the enter_susimpleript_mode capability. This was previously masked by curses_ returning an empty string for unknown capabilities.

1.39

• introduced: :meth:~.Terminal.progress_bar for OSC 9;4 sequence <https://ghostty.org/docs/vt/osc/conemu#change-progress-state-(osc-94)>_.
• introduced: :meth:~.Terminal.text_sized -- wrap text in Kitty text sizing protocol (OSC 66) escape sequences, with graceful fallback to plain text when the terminal does not support the protocol.
• introduced: :class:~.Keystroke of name CPR_RESPONSE for asynchronous capture of Cursor Position Report responses via :meth:~.Terminal.inkey. New argument capture_cpr=True resolves the legacy F3 key ambiguity and matches against

... (truncated)

Commits

• See full diff in compare view

Updates django-allauth from 65.14.3 to 65.17.0

Commits

• See full diff in compare view

Updates django-otp from 1.3.0 to 1.7.0

Changelog

Sourced from django-otp's changelog.

v1.7.0 - January 07, 2026 - Async support

• [#185](https://github.com/django-otp/django-otp/issues/185)_: Make OTPMiddleware async capable

Thanks to Aljosha Papsch.

.. _#185: django-otp/django-otp#185

v1.6.3 - October 25, 2025 - Spanish update

• [#182](https://github.com/django-otp/django-otp/issues/182)_: Correct missing Spanish translations
• [#181](https://github.com/django-otp/django-otp/issues/181)_: Wrong :rtype: in StaticToken.random_token docstring

.. _#181: django-otp/django-otp#181 .. _#182: django-otp/django-otp#182

v1.6.2 - October 21, 2025 - Cleanup

• [#179](https://github.com/django-otp/django-otp/issues/179)_: Add missing gettext strings
• [#180](https://github.com/django-otp/django-otp/issues/180)_: Remove tests from wheels

.. _#179: django-otp/django-otp#179 .. _#180: django-otp/django-otp#180

v1.6.1 - July 08, 2025 - Small improvements

• Allow a {token} placeholder in :setting:OTP_EMAIL_SUBJECT.

v1.6.0 - April 02, 2025 - Django 5.2

• Update test matrix for Django 5.2.
• Remove support for Django 3.2.

v1.5.4 - September 06, 2024 - Ignore proxy models when enumerating device classes

• [#161](https://github.com/django-otp/django-otp/issues/161)_: Discard proxied models when iterating device models

.. _#161: django-otp/django-otp#161

... (truncated)

Commits

• fc0d50b Version 1.7.0
• 56e4ce3 Refactor test utilities
• 8c4d4c2 Update test matrix for Django 6.0
• 0ac4ff3 Cleanup and changelog
• b10df0d Make OTPMiddleware async capable. (#185)
• 8121179 Raise requires-python to 3.8.
• 38b7eba Version 1.6.3
• b9026d7 Correct Missing Spanish Translations
• ae18ba9 Fix #181: misdocumented return type.
• c9eef89 Version 1.6.2
• Additional commits viewable in compare view

Updates protobuf from 6.33.6 to 7.35.0

Release notes

Sourced from protobuf's releases.

Protocol Buffers v34.0-rc1

Announcements

• This version includes breaking changes to: C++, Objective-C, PHP, Python.
• [Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (protocolbuffers/protobuf@0a5c2f6)
• [C++] Make generator headers private (protocolbuffers/protobuf@3a2af35)
• [C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (protocolbuffers/protobuf@7a75898)
• [C++] Add [[nodiscard]] to many APIs. (protocolbuffers/protobuf@a70115f)
• [C++] Make the arena-enabled constructors of RepeatedField, RepeatedPtrField, and Map private. (protocolbuffers/protobuf@ef890c3)
• [C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (protocolbuffers/protobuf@b76faa9)
• [C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (protocolbuffers/protobuf@b115358)
• [C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (protocolbuffers/protobuf@68346ec)
• [C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (protocolbuffers/protobuf@837a2cd)
• [C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() && !is_repeated()) instead (protocolbuffers/protobuf@9dbc5d4)
• [C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (protocolbuffers/protobuf@c301c2c)
• [C++] All entity names have length limit (2afb0dc)
• [ObjC] Remove generate_minimal_imports generation option warning (protocolbuffers/protobuf@45b1297)
• [ObjC] Fix nullability annotations on some GPB*Dictionary types. (protocolbuffers/protobuf@ea67d6d)
• [ObjC] Remove -[GPBFieldDescriptor optional] (protocolbuffers/protobuf@3414dc1)
• [Other] Remove deprecated flag for enabling MSVC support (protocolbuffers/protobuf@97c979b)
• [PHP] Remove deprecated PHP APIs (protocolbuffers/protobuf@9c45014)
• [PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (protocolbuffers/protobuf@4208121, protocolbuffers/protobuf@cd76e67, protocolbuffers/protobuf@4208121)
• [PHP] Add PHP typehints for setters and remove redundant GPBUtil checks (protocolbuffers/protobuf#25296) (protocolbuffers/protobuf@aee03b7)
• [PHP] support default values for editions/proto2 (protocolbuffers/protobuf#25161) (protocolbuffers/protobuf@b01099d)
• [Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (protocolbuffers/protobuf@5b116fe)
• [Python] Remove float_format/double_format from python proto text_format (protocolbuffers/protobuf@e4854a1)
• [Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (protocolbuffers/protobuf@00aaca1)
• [Python] Remove float_precision from python proto json_format (protocolbuffers/protobuf@f027f1f)
• [Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (protocolbuffers/protobuf@b76faa9)
• [Python] Remove deprecated FieldDescriptor.label (protocolbuffers/protobuf@0a8ff55)
• [Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (protocolbuffers/protobuf@c301c2c)
• Protobuf News may include additional announcements or pre-announcements for upcoming changes.
• Migration Guide may include additional guidance for breaking changes.

Bazel

• Fix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (#25168) (protocolbuffers/protobuf@8c857c3)
• Breaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (protocolbuffers/protobuf@0a5c2f6)
• Feat(bazel): wire up prebuilt protoc toolchain (#24115) (protocolbuffers/protobuf@cc23698)
• Migrate proto_descriptor_set (#23369) (protocolbuffers/protobuf@8d4dfdd)

Compiler

• Ruby codegen: support generation of rbs files (#15633) (protocolbuffers/protobuf@6ebdf85)
• Avoid collision name problems between a message named Xyz and a direct sibling enum named XyzView (protocolbuffers/protobuf@eba53e8)
• Generalizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (protocolbuffers/protobuf@ed3c571)
• Fix a bug with custom features outside of the pb package. (protocolbuffers/protobuf@872d3ce)
• Fix import option handling when include_imports isn't set. (protocolbuffers/protobuf@9ef9e80)
• Fix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (protocolbuffers/protobuf@1229d4a)
• Prevent accidental stripping of debug_redact options via import option. (protocolbuffers/protobuf@f58b098)

C++

• Add EnumerateEnumValues function. (protocolbuffers/protobuf@397d5d9)

... (truncated)

Commits

• See full diff in compare view

Updates wrapt from 1.17.3 to 2.2.1

Release notes

Sourced from wrapt's releases.

wrapt 2.2.1

Full release notes: https://wrapt.readthedocs.io/en/latest/changes.html#version-2-2-1

Install from PyPi (recommended):

pip install wrapt==2.2.1

PyPi uploads follow each GitHub release; if pip reports the version is unavailable, the matching PyPi upload may not have happened yet.

Pre-built wheels are provided for a range of Python versions and platforms (Linux x86_64/aarch64/riscv64, macOS x86_64 and arm64, Windows x86_64 and arm64, plus PyPy and free-threaded builds). The source distribution is also attached together with SHA256SUMS for verification.

wrapt 2.2.1rc1

Release candidate. Release notes for the upcoming 2.2.1 final (work in progress): https://wrapt.readthedocs.io/en/latest/changes.html#version-2-2-1

May be installable from PyPi:

pip install wrapt==2.2.1rc1

If pip reports the version is unavailable, this candidate either has not been uploaded yet or is not being published to PyPi. Use the attached wheels or build from the source distribution instead:

tar xf wrapt-2.2.1rc1.tar.gz
cd wrapt-2.2.1rc1
pip install .

SHA256SUMS is attached for verification of the archives.

wrapt 2.2.0

Full release notes: https://wrapt.readthedocs.io/en/latest/changes.html#version-2-2-0

Install from PyPi (recommended):

pip install wrapt==2.2.0

PyPi uploads follow each GitHub release; if pip reports the version is unavailable, the matching PyPi upload may not have happened yet.

Pre-built wheels are provided for a range of Python versions and platforms (Linux x86_64/aarch64/riscv64, macOS x86_64 and arm64, Windows x86_64 and arm64, plus PyPy and free-threaded

... (truncated)

Changelog

Sourced from wrapt's changelog.

Version 2.2.1

Bugs Fixed

• Reverted the change in 2.2.0 which had aligned the C implementation of FunctionWrapper.__get__ with the pure Python implementation by substituting Py_None for NULL before invoking the wrapped descriptor's __get__ slot. The change was based on a misreading of what the pure Python path does once it crosses back into C. The pure Python path calls self.__wrapped__.__get__(None, owner) from Python, and for any built-in descriptor that call is dispatched through the __get__ slot wrapper inside CPython, which converts Py_None back to NULL before the wrapped descriptor's tp_descr_get is invoked. The pre 2.2.0 C path called tp_descr_get directly with obj as received, which is NULL on class access, so it was already producing the same value the Python path produces after the slot wrapper's Py_None to NULL conversion. Substituting Py_None for NULL before tp_descr_get was called caused the wrapped descriptor to see a value it would never see during ordinary class attribute lookup. Native CPython descriptors other than func_descr_get fast path on obj == NULL and return the descriptor unchanged. With Py_None substituted in they fall through to a type check against the owner type of the descriptor, and NoneType does not satisfy that check, so a TypeError is raised. This broke class attribute access for any built-in or C extension descriptor (method_descriptor, wrapper_descriptor, getset_descriptor, member_descriptor) wrapped by @wrapt.decorator or @wrapt.function_wrapper. The failure mode is most likely to show up in instrumentation libraries that monkey patch built-in methods onto classes and where some inspection or binding step then accesses the wrapped attribute through the class. The existing test suite did not catch the regression because all wrappers in the test suite are applied to pure Python functions, whose func_descr_get slot treats NULL and Py_None equivalently. A new regression test has been added which wraps a method_descriptor and exercises class attribute access, so the missing coverage of non-function descriptors is now in place. With thanks to brettlangdon <https://github.com/brettlangdon>_ for reporting the regression and identifying the underlying cause.

Version 2.2.0

A special thanks to devdanzin <https://github.com/devdanzin>_ for providing an extremely useful analysis of issues in the wrapt C extension. Their analysis led to the majority of the fixes and updates in this release and their help is much appreciated.

New Features

... (truncated)

Commits

• 787db02 Merge branch 'release/2.2.1'
• da8f21f Update to 2.2.1 for final release.
• d89dce9 Skip CPython specific descriptor tests on PyPy.
• 86f4e0e Go with 2.2.1rc1 instead of 2.2.1.dev1.
• 94bd940 Run descriptor get tests against both implementations.
• 00541d5 Merge branch 'develop' of github.com:GrahamDumpleton/wrapt into develop
• daddcfe Merge pull request #341 from brettlangdon/brettlangdon/descriptor.tests
• 0583a12 Revert Py_None substitution in C FunctionWrapper.get.
• f8d4a2e Add test coverage for native descriptors
• 0dbbba1 Update to 2.2.1.dev1 to test fixes.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.