Skip to content

build(deps): bump django-select2 from 8.1.2 to 8.4.3#13633

Merged
giohappy merged 2 commits intomasterfrom
dependabot/pip/django-select2-8.4.3
Oct 21, 2025
Merged

build(deps): bump django-select2 from 8.1.2 to 8.4.3#13633
giohappy merged 2 commits intomasterfrom
dependabot/pip/django-select2-8.4.3

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 20, 2025

Bumps django-select2 from 8.1.2 to 8.4.3.

Release notes

Sourced from django-select2's releases.

8.4.3

Full Changelog: codingjoe/django-select2@8.4.2...8.4.3

8.4.2

What's Changed

Full Changelog: codingjoe/django-select2@8.4.1...8.4.2

8.4.1

SECURITY UPDATE

  • CVE-2025-48383 -- Widget instance secret cache key leaking across multiple requests with a single process.

Special Thanks to @​neartik and @​ronanboiteau 💖

Full Changelog: codingjoe/django-select2@8.4.0...8.4.1

8.4.0

What's Changed

Full Changelog: codingjoe/django-select2@8.3.0...8.4.0

8.3.0

Drop official support for EOL Python, Django and Node versions

  • Drop Django < 4.2 LTS support
  • Drop Django 5.0 support
  • Drop Python < 3.10 support
  • Update CI node version to lts/*

8.2.3

What's Changed

Full Changelog: codingjoe/django-select2@8.2.2...8.2.3

8.2.2

What's Changed

... (truncated)

Commits
  • aba4d02 Use npm install over CI since we don't maintain a lock file
  • c585f3b Use OpenID Connect to publish releases on PyPi & NPMJS
  • 834d4d9 Bump actions/setup-node from 5 to 6
  • 9b98cba Bump isort from 6.1.0 to 7.0.0
  • e906c98 Bump isort from 6.0.1 to 6.1.0
  • 9ae62fd Bump black from 25.1.0 to 25.9.0
  • 77f06fa Bump actions/setup-node from 4 to 5
  • ae15705 Bump actions/setup-python from 5 to 6
  • 009e99f Bump actions/checkout from 4 to 5
  • e5aa01f Bump bandit from 1.8.5 to 1.8.6
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump django-select2 from 8.1.2 to 8.4.3
9b7f21c 
Bumps [django-select2](https://github.com/codingjoe/django-select2) from 8.1.2 to 8.4.3.
- [Release notes](https://github.com/codingjoe/django-select2/releases)
- [Commits](codingjoe/django-select2@8.1.2...8.4.3)

---
updated-dependencies:
- dependency-name: django-select2
  dependency-version: 8.4.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file minor A low priority issue which might affect only some users and /or not the main functionality labels Oct 20, 2025
@cla-bot cla-bot bot added the cla-signed CLA Bot: community license agreement signed label Oct 20, 2025
@dependabot dependabot bot mentioned this pull request Oct 20, 2025
Closed
@codecov
Copy link

codecov bot commented Oct 20, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 73.97%. Comparing base (e529915) to head (684bfb5).
⚠️ Report is 9 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #13633      +/-   ##
==========================================
+ Coverage   67.34%   73.97%   +6.62%     
==========================================
  Files         930      930              
  Lines       54945    54945              
  Branches     7402     7402              
==========================================
+ Hits        37002    40644    +3642     
+ Misses      16372    12682    -3690     
- Partials     1571     1619      +48
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@giohappy giohappy self-requested a review October 21, 2025 09:40
@giohappy giohappy merged commit b9cffb5 into master Oct 21, 2025
15 checks passed
@giohappy giohappy deleted the dependabot/pip/django-select2-8.4.3 branch October 21, 2025 09:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@giohappy giohappy giohappy approved these changes

Assignees

No one assigned

Labels

cla-signed CLA Bot: community license agreement signed dependencies Pull requests that update a dependency file minor A low priority issue which might affect only some users and /or not the main functionality

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@giohappy