build: bump dependencies (#32975)

* build(deps): bump babel

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump filelock

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump GitPython

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump Jinja2

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump Pillow

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump PyJWT

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump pypdf

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump pydyf

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump werkzeug

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump bs4

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump bleach

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump chardet

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump croniter

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump cryptography

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump pyopenssl

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump cssutils

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump markdown2

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump markupsafe

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump num2words

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump openpyxl

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump phonenumbers

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump psutil

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump pydantic

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump pyotp

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump dateutil

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump ipython

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump pytz

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump hiredis

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump requests-oauthlib

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump requests

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump rsa

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump sql_metadata

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump tenacity

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump traceback-with-variables

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump tomli

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump uuid-utils

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump xlrd

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump zxcvbn

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump markdownify

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump google libraries

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump posthog

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* build(deps): bump vobject

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* fix(zxcvbn): set max password length as 128

We allow checking till 128 characters, v4.5.0 has a default max of 72

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

---------

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

frappe/utils/password_strength.py

@@ -25,7 +25,7 @@ def test_password_strength(password: str, user_inputs: "Iterable[object] | None"
 		# will still be checked.
 		password = password[:128]
 
-	result = zxcvbn(password, user_inputs)
+	result = zxcvbn(password, user_inputs, max_length=128)
 	result["feedback"] = get_feedback(result.get("score"), result.get("sequence"))
 	return result
 

pyproject.toml

@@ -9,85 +9,85 @@ readme = "README.md"
 dynamic = ["version"]
 dependencies = [
     # core dependencies
-    "Babel~=2.13.1",
+    "Babel~=2.16.0",
     "Click~=8.2.0",
-    "filelock~=3.13.1",
+    "filelock~=3.18.0",
     "filetype~=1.2.0",
-    "GitPython~=3.1.34",
+    "GitPython~=3.1.44",
-    "Jinja2~=3.1.2",
+    "Jinja2~=3.1.6",
-    "Pillow~=11.0.0",
+    "Pillow~=11.2.1",
-    "PyJWT~=2.8.0",
+    "PyJWT~=2.10.1",
     # We depend on internal attributes,
     # do NOT add loose requirements on PyMySQL versions.
     "PyMySQL==1.1.1",
-    "pypdf~=3.17.0",
+    "pypdf~=5.6.0",
     "PyPika @ git+https://github.com/frappe/pypika@093984977ce157d35e048c51d9ff55a1f0f44570",
     "mysqlclient==2.2.7",
     "PyQRCode~=1.2.1",
     "PyYAML~=6.0.2",
     "RestrictedPython~=8.0",
     "WeasyPrint==59.0",
-    "pydyf==0.10.0",
+    "pydyf==0.11.0",
-    "Werkzeug==3.0.6",
+    "Werkzeug==3.1.3",
     "Whoosh~=2.7.4",
-    "beautifulsoup4~=4.12.2",
+    "beautifulsoup4~=4.13.4",
     "bleach-allowlist~=1.0.3",
-    "bleach[css]~=6.0.0",
+    "bleach[css]~=6.2.0",
-    "chardet~=5.1.0",
+    "chardet~=5.2.0",
-    "croniter~=2.0.1",
+    "croniter~=6.0.0",
-    "cryptography~=44.0.1",
+    "cryptography~=45.0.4",
-    "cssutils~=2.9.0",
+    "cssutils~=2.11.1",
     "email-reply-parser~=0.5.12",
     "gunicorn @ git+https://github.com/frappe/gunicorn@bb554053bb87218120d76ab6676af7015680e8b6",
     "html5lib~=1.1",
-    "ipython~=8.15.0",
+    "ipython~=8.37.0",
     "ldap3~=2.9",
-    "markdown2~=2.4.8",
+    "markdown2~=2.5.3",
-    "MarkupSafe>=2.1.0,<3",
+    "MarkupSafe~=3.0.2",
-    "num2words~=0.5.12",
+    "num2words~=0.5.14",
     "oauthlib~=3.2.2",
-    "openpyxl~=3.1.2",
+    "openpyxl~=3.1.5",
     "passlib~=1.7.4",
     "pdfkit~=1.0.0",
-    "phonenumbers==8.13.55",
+    "phonenumbers~=9.0.7",
     "premailer~=3.10.0",
-    "psutil~=5.9.5",
+    "psutil~=7.0.0",
     "psycopg2-binary~=2.9.1",
-    "pyOpenSSL~=25.0.0",
+    "pyOpenSSL~=25.1.0",
-    "pydantic~=2.10.2",
+    "pydantic~=2.11.7",
-    "pyotp~=2.8.0",
+    "pyotp~=2.9.0",
-    "python-dateutil~=2.8.2",
+    "python-dateutil~=2.9.0",
-    "pytz==2023.3",
+    "pytz==2025.2",
     "rauth~=0.7.3",
     "redis~=6.2.0",
-    "hiredis~=3.0.0",
+    "hiredis~=3.2.1",
-    "requests-oauthlib~=1.3.1",
+    "requests-oauthlib~=2.0.0",
-    "requests~=2.32.0",
+    "requests~=2.32.4",
     # We depend on internal attributes of RQ.
     # Do NOT add loose requirements on RQ versions.
     # Audit the code changes w.r.t. background_jobs.py before updating.
     "rq==2.4.0",
-    "rsa>=4.1",
+    "rsa~=4.9",
     "semantic-version~=2.10.0",
     "sentry-sdk~=1.45.1",
     "sqlparse~=0.5.0",
-    "sql_metadata~=2.11.0",
+    "sql_metadata~=2.17.0",
-    "tenacity~=8.2.2",
+    "tenacity~=9.1.2",
     "terminaltables~=3.1.10",
-    "traceback-with-variables~=2.0.4",
+    "traceback-with-variables~=2.2.0",
     "typing_extensions>=4.6.1,<5",
-    "tomli~=2.0.1",
+    "tomli~=2.2.1",
-    "uuid-utils~=0.10.0",
+    "uuid-utils~=0.11.0",
-    "xlrd~=2.0.1",
+    "xlrd~=2.0.2",
-    "zxcvbn~=4.4.28",
+    "zxcvbn~=4.5.0",
-    "markdownify~=0.14.1",
+    "markdownify~=1.1.0",
 
     # integration dependencies
-    "google-api-python-client~=2.2.0",
+    "google-api-python-client~=2.172.0",
-    "google-auth-oauthlib~=0.4.4",
+    "google-auth-oauthlib~=1.2.2",
-    "google-auth~=1.29.0",
+    "google-auth~=2.40.3",
-    "posthog~=3.21.0",
+    "posthog~=5.0.0",
-    "vobject~=0.9.7",
+    "vobject~=0.9.9",
     "pycountry~=24.6.1",
 ]