chore(deps): bump dj-database-url from 2.3.0 to 3.1.0 #5394
Conversation
Bumps [dj-database-url](https://github.com/jazzband/dj-database-url) from 2.3.0 to 3.1.0. - [Release notes](https://github.com/jazzband/dj-database-url/releases) - [Changelog](https://github.com/jazzband/dj-database-url/blob/master/CHANGELOG.md) - [Commits](jazzband/dj-database-url@v2.3.0...v3.1.0) --- updated-dependencies: - dependency-name: dj-database-url dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
github-project-automation
bot
moved this from Backlog
to Ready
in 📌 OWASP BLT Project Board
|
Important Review skippedBot user detected. To trigger a single review, invoke the You can disable this status message by setting the Comment |
📊 Monthly LeaderboardHi @dependabot[bot]! Here's how you rank for January 2026: 🎉 Welcome! This is your first contribution this month. Top 3 Contributors
Leaderboard based on contributions in January 2026. Keep up the great work! 🚀 |
![sentry[bot]](https://avatars.githubusercontent.com/u/1396951?s=60&v=4){kind=small}
| Django = "^5.2.9" | ||
| dj-database-url = "^2.3.0" | ||
| dj-database-url = "^3.1.0" | ||
| django-allauth = "^65.13.1" |
There was a problem hiding this comment.
Bug: The call to dj_database_url.config uses the ssl_require argument, which was removed in version 3.0.0 of the library, causing a startup crash.
Severity: CRITICAL | Confidence: High
🔍 Detailed Analysis
The application is being updated to use dj-database-url version 3.1.0. This version no longer supports the ssl_require keyword argument in its config function, which is a breaking change from versions prior to 3.0.0. The code in blt/settings.py calls dj_database_url.config with the now-removed ssl_require argument. This will raise a TypeError when the application initializes its database configuration in any environment where a DATABASE_URL is set, causing a fatal startup crash.
💡 Suggested Fix
Remove the ssl_require=False argument from the dj_database_url.config() call in blt/settings.py. SSL configuration should now be managed directly within the DATABASE_URL environment variable using query parameters like ?sslmode=require if needed.
🤖 Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: pyproject.toml#L13
Potential issue: The application is being updated to use `dj-database-url` version
3.1.0. This version no longer supports the `ssl_require` keyword argument in its
`config` function, which is a breaking change from versions prior to 3.0.0. The code in
`blt/settings.py` calls `dj_database_url.config` with the now-removed `ssl_require`
argument. This will raise a `TypeError` when the application initializes its database
configuration in any environment where a `DATABASE_URL` is set, causing a fatal startup
crash.
Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 8144346
github-actions
bot
added
has-peer-review
Bumps dj-database-url from 2.3.0 to 3.1.0.
Release notes
Sourced from dj-database-url's releases.
Changelog
Sourced from dj-database-url's changelog.
Commits
36ec238Update CHANGELOG.md84fd050Switch to moderndicttype hints for improved readability and consistency.9929991Merge branch 'akx/ci-split'59b3cd6Update workflow to be uv compatable37b252eMigrate release workflow toreleaseevents, update actions, and integrate `...a01d6b1Update project to use uv.9894298Expand test matrix to support Python 3.14 and Django 6.0, update compatibilit...438ec39Update license to BSD-3-Clause in setup.py (#279)8a3c372[pre-commit.ci] pre-commit autoupdate (#278)390d524[pre-commit.ci] pre-commit autoupdate (#276)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)