build(anoncat-demo-app): bump the pip-deps group in /anoncat-demo-app/app with 4 updates

[dependabot]

Updates the requirements on django, djangorestframework, django-filter and medcat to permit the latest version.
Updates django to 6.0.5

Commits

• 8f8ad09 [6.0.x] Bumped version for 6.0.5 release.
• 44ad76e [6.0.x] Fixed CVE-2026-6907 -- Prevented caching of requests when Vary header...
• 1b0184a [6.0.x] Fixed CVE-2026-35192 -- Ensured Vary header is sent when setting sess...
• ad8f9e1 [6.0.x] Fixed CVE-2026-5766 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE in Memory...
• 990ab01 [6.0.x] Fixed #37039 -- Removed outdated note from QuerySet.iterator() docs.
• f0c269f [6.0.x] Fixed typo in stub release notes for 5.2.14.
• 8bcd15b [6.0.x] Fixed #37067 -- Added trailing slash in django_file_prefixes().
• 3cdec64 [6.0.x] Refs CVE-2026-25674 -- Clarified role of umask in upload permissions.
• 5dd5c70 [6.0.x] Added stub release notes and release date for 6.0.5 and 5.2.14.
• 8ee7341 [6.0.x] Refs #373, #34122 -- Removed warning that ForeignObject is an interna...
• Additional commits viewable in compare view

Updates djangorestframework to 3.17.1

Release notes

Sourced from djangorestframework's releases.

3.17.1

What's Changed

Bug fixes

• Fix HTMLFormRenderer with empty datetime values by @​p-r-a-v-i-n in encode/django-rest-framework#9928

Full Changelog: encode/django-rest-framework@3.17.0...3.17.1

Commits

• 22e231c Prepare bug fix release 3.17.1 (#9931)
• 8e99b53 Add condition to skip pushed tags from forks (#9924)
• c0407de Fix HTMLFormRenderer with empty datetime values (#9928)
• 30d58a7 Fix the book sizing in the documentation (#9926)
• 6f03b79 Tweak order of changes in release notes
• 021ab56 Bump version and update release notes for 3.17.0 (#9921)
• 19ebad7 Bump mkdocs-material[imaging] from 9.7.4 to 9.7.5 (#9923)
• f222c55 Correct requires-python key in pyproject.toml
• 7e7de6f Remove code fences from release checklist
• c599d30 Update release process
• Additional commits viewable in compare view

Updates django-filter to 25.2

Changelog

Sourced from django-filter's changelog.

Version 25.2 (2025-10-05)

• Added testing for Django 6.0.

• Dropped support for Django <5.2 LTS

• Dropped support for Python 3.9.

Version 25.1 (2025-02-14)

• Removed the in-built API schema generation methods, which have been deprecated since v23.2.

  You should use drf-spectacular <https://drf-spectacular.readthedocs.io/en/latest/>_ for generating OpenAPI schemas with DRF.

• Dropped support for EOL Python 3.8.

• Added testing against Python 3.13.

• Added official support for Django 5.2.

Version 24.3 (2024-08-02)

• Adds official support for Django 5.1.

• Allow using dictionaries for grouped choices on Django 5.0+.

  Thanks to Sævar Öfjörð Magnússon.

• Adds unknown_field_behavior FilterSet option to allowing warning and ignore behaviours for unknown field types during FilterSet generation.

  Thanks to Loes.

Version 24.2 (2024-03-27)

• Fixed a regression in v23.4 where callable choices were incorrectly evaluated at filter instantiation, on Django versions prior to 5.0.

  Thanks to Craig de Stigter for the report and reproduce.

Version 24.1 (2024-03-08)

• Updated supported Python and Django versions, and resolved upcoming Django

... (truncated)

Commits

• 17ec565 Bumped version for 25.2 release.
• 9b4b8fd Updated testing for Django 6.0. (#1730)
• 1b07b3e Bump actions/setup-python from 5 to 6 in the github-actions group (#1726)
• 27a1168 Bump the github-actions group with 2 updates (#1722)
• 7f59b6f Add drf as optional dependencies (#1724)
• 635343e Add reference anchors to filter types to facilitate intersphinx refs (#1706)
• 7b3176e Document steps for postgres full text search (#1704)
• 27dd672 Updated Change notes for 25.1 release.
• 2ea3817 Added Trove classifier for Django 5.2.
• 4d2306c Replaced hardcoded pks in tests (#1703)
• Additional commits viewable in compare view

Updates medcat to 2.7.0

Release notes

Sourced from medcat's releases.

MedCAT v2.7.0

🩺 MedCAT v2.7 Release Notes

This release focuses on usability improvements, pipeline observability, and several bug fixes across MedCAT components, including fixes for RelCAT and MetaCAT behaviour.

🚀 New Features & Enhancements

• Pipeline Timing / Speed Metrics – Added options to report the time spent in different pipeline stages, including:
  • Tokenisation
  • NER
  • Entity linking
  • Individual addon components
    This helps users understand performance bottlenecks in their MedCAT pipelines.
• Shorthand DeID Imports – Added a simplified import path for the DeID model:

  from medcat.deid import DeIdModel

  This replaces the longer internal import path previously required.

• Australian Model Bundle Support – Added explicit support for AU model bundles, enabling easier building and distribution of Australian clinical models.

🐛 Bug Fixes

• RelCAT Usability Fix – Fixed a typo that prevented RelCAT (relation extraction) from functioning correctly.
• MetaCAT Shuffle Fix – Corrected an issue where shuffling could still occur even when shuffle was disabled.
• RelCAT Typing Fix – Resolved typing issues affecting RelCAT components.
• Supervised Training Improvements – Improved the way supervised training synchronises entities in documents with expected dataset annotations. This simplifies batched training workflows for some linker implementations (e.g. embedding linker) and prevents edge cases where batched annotations could remain unprocessed.

🧰 Other Improvements

• Documentation Migration – MedCAT documentation has been migrated to MkDocs, improving maintainability and navigation.
• Tutorial & Script Automation – Fixed issues with the script used to automatically update tutorial and script versions.

---

This release improves pipeline transparency, training robustness, and component usability, while continuing to stabilise the MedCAT v2 ecosystem.

What's Changed

• issue(medcat): CU-869c5kge0 Fix the script for automated bumps of tutorials / scripts. by @​mart-r in CogStack/cogstack-nlp#343
• feature(medcat): CU-869c7cxh7 Add shorthand import for deid by @​mart-r in CogStack/cogstack-nlp#346
• issue(medcat): CU-869c87tt9 Fix typo in relcat. by @​mart-r in CogStack/cogstack-nlp#349
• docs(medcat): Switch Medcat to Mkdocs by @​alhendrickson in CogStack/cogstack-nlp#361
• feat(medcat):CU-869cgny1k Add pipe speed options by @​mart-r in CogStack/cogstack-nlp#369
• feat(medcat): CU-869ccxgj7 Add AU model bundle support by @​mart-r in CogStack/cogstack-nlp#371
• feat(medcat): CU-869cgny1k Add pipe tokenizer speed by @​mart-r in CogStack/cogstack-nlp#370
• Pushing bug fix for shuffle by @​shubham-s-agarwal in CogStack/cogstack-nlp#381
• bug(medcat): CU-869cqnmtk Fix RelCAT typing issue by @​mart-r in CogStack/cogstack-nlp#388
• bug(medcat): CU-869ckx6dr Allow for better supervised training by @​mart-r in CogStack/cogstack-nlp#374

... (truncated)

Commits

• 7c12cae bug(medcat): CU-869ckx6dr Allow for better supervised training (#374)
• b43c22e bug(medcat): CU-869cqnmtk Fix RelCAT typing issue (#388)
• 2fabac9 CU-869cqb94m: Bump urllib major version to 2. (#384)
• 981e2d8 Pushing bug fix for shuffle (#381)
• 57b9586 feat(medcat): CU-869cgny1k Add pipe tokenizer speed (#370)
• 614af59 feat(medcat): CU-869ccxgj7 Add AU model bundle support (#371)
• a2106b0 CU-869ckmuga: Add automation for medcat-service version bumps (#373)
• 5f3abb6 chore(medcat-service): bump medcat to 2.6.0 (#372)
• 79f00cf feat(medcat):CU-869cgny1k Add pipe speed options (#369)
• e35d9dc fix(medcat-trainer): Fix opentelemetry tracing running with wsgi command (#366)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[tomolopolis]

Task linked: CU-869c5kge0 Fix automated bump PRs script
Task linked: CU-869c7cxh7 Create shortcut for DeID model imports
Task linked: CU-869c87tt9 Fix typo in relcat
Task linked: CU-869cgny1k Add pipeline option for pipeline speed investigations

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml