requirements: Upgrade Python requirements.

Signed-off-by: Anders Kaseorg <anders@zulip.com>

pyproject.toml

@@ -111,7 +111,7 @@ prod = [
 
   # Install Python Social Auth
   "social-auth-app-django",
-  "social-auth-core[azuread]", # https://github.com/python-social-auth/social-core/pull/1025
+  "social-auth-core[azuread,saml]",
   "python3-saml",
 
   # For encrypting a login token to the desktop app
@@ -169,7 +169,7 @@ prod = [
   "google-re2",
 
   # For querying recursive group membership
-  "django-cte>=2.0.0.dev20250610173146", # https://github.com/dimagi/django-cte/pull/116
+  "django-cte",
 
   # SCIM integration
   "django-scim2",
@@ -178,7 +178,7 @@ prod = [
   "circuitbreaker",
 
   # Runtime monkeypatching of django-stubs generics
-  "django-stubs-ext",
+  "django-stubs-ext==5.2.0", # https://github.com/typeddjango/django-stubs/issues/2715
 
   # Structured data representation with parsing.
   "pydantic",
@@ -482,6 +482,7 @@ ignore = [
     "N806", # Variable in function should be lowercase
     "PERF203", # `try`-`except` within a loop incurs performance overhead
     "PLC0414", # Import alias does not rename original package
+    "PLC0415", # `import` should be at the top-level of a file
     "PLC1901", # `s == ""` can be simplified to `not s` as an empty string is falsey
     "PLR0911", # Too many return statements
     "PLR0912", # Too many branches

version.py

@@ -49,4 +49,4 @@ API_FEATURE_LEVEL = 396
 #   historical commits sharing the same major version, in which case a
 #   minor version bump suffices.
 
-PROVISION_VERSION = (332, 0)  # bumped 2025-06-10 to upgrade Django
+PROVISION_VERSION = (333, 0)  # bumped 2025-06-24 to upgrade Python requirements

zerver/apps.py

@@ -1,6 +1,7 @@
 import logging
 from typing import Any
 
+import django_stubs_ext
 from django.apps import AppConfig
 from django.conf import settings
 from django.core.cache import cache
@@ -24,6 +25,8 @@ class ZerverConfig(AppConfig):
 
             setup_sentry(settings.SENTRY_DSN, get_config("machine", "deploy_type", "development"))
 
+        django_stubs_ext.monkeypatch()
+
         # We import zerver.signals here for the side effect of
         # registering the user_logged_in signal receiver.  This import
         # needs to be here (rather than e.g. at top-of-file) to avoid

zerver/lib/thumbnail.py

@@ -31,7 +31,7 @@ MAX_EMOJI_GIF_FILE_SIZE_BYTES = 128 * 1024  # 128 kb
 
 
 @dataclass(frozen=True)
-class BaseThumbnailFormat:
+class BaseThumbnailFormat:  # noqa: PLW1641
     extension: str
     max_width: int
     max_height: int

zerver/lib/validator.py

@@ -570,7 +570,7 @@ def check_string_or_int(var_name: str, val: object) -> str | int:
 
 
 @dataclass(eq=False)
-class WildValue:
+class WildValue:  # noqa: PLW1641
     var_name: str
     value: object
 

zerver/tests/test_signup.py

@@ -2311,7 +2311,7 @@ class RealmCreationTest(ZulipTestCase):
         result = self.client_get("/json/antispam_challenge")
         data = self.assert_json_success(result)
         self.assertEqual(data["algorithm"], "SHA-256")
-        self.assertEqual(data["maxnumber"], 500000)
+        self.assertEqual(data["max_number"], 500000)
         self.assertIn("signature", data)
         self.assertIn("challenge", data)
         self.assertIn("salt", data)