deps: update to django5

api/app/settings/test.py

@@ -64,5 +64,3 @@
 """
 
 ENABLE_POSTPONE_DECORATOR = False
-
-DEBUG = True

api/app/urls.py

@@ -49,7 +49,7 @@
         ),
     ]
 
-if settings.DEBUG:
+if settings.DEBUG:  # pragma: no cover
     urlpatterns = [
         re_path(r"^__debug__/", include("debug_toolbar.urls")),
     ] + urlpatterns

api/app_analytics/migrations/0007_rename_environment_id_created_at_index.py

@@ -0,0 +1,18 @@
+# Generated by Django 5.2.9 on 2025-12-31 15:34
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("app_analytics", "0006_add_labels"),
+    ]
+
+    operations = [
+        migrations.RenameIndex(
+            model_name="apiusageraw",
+            new_name="app_analyti_environ_b61cad_idx",
+            old_fields=("environment_id", "created_at"),
+        ),
+    ]

api/app_analytics/models.py

@@ -62,7 +62,7 @@ class APIUsageRaw(models.Model):
     labels = HStoreField(default=dict)
 
     class Meta:
-        index_together = (("environment_id", "created_at"),)
+        indexes = [models.Index(fields=["environment_id", "created_at"])]
 
 
 class AbstractBucket(LifecycleModelMixin, models.Model):  # type: ignore[misc]

api/audit/views.py

@@ -105,7 +105,7 @@ def _get_organisation(self) -> Organisation | None:
 
         Since we're applying the base filters to the query set
         """
-        return (
+        return (  # type: ignore[no-any-return]
             self.request.user.organisations.filter(  # type: ignore[union-attr]
                 userorganisation__role=OrganisationRole.ADMIN
             )

api/custom_auth/mfa/trench/command/remove_backup_code.py

@@ -11,6 +11,8 @@ def remove_backup_code_command(user_id: Any, method_name: str, code: str) -> Non
         .values_list("_backup_codes", flat=True)
         .first()
     )
+    if serialized_codes is None:  # pragma: no cover
+        return
     codes = MFAMethod._BACKUP_CODES_DELIMITER.join(
         _remove_code_from_set(  # type: ignore[arg-type]
             backup_codes=set(serialized_codes.split(MFAMethod._BACKUP_CODES_DELIMITER)),

api/custom_auth/mfa/trench/views/base.py

@@ -38,7 +38,7 @@ def post(request: Request, method: str) -> Response:
         try:
             user = request.user
             mfa = create_mfa_method_command(
-                user_id=user.id,
+                user_id=user.id,  # type: ignore[arg-type]
                 name=method,
             )
         except MFAValidationError as cause:
@@ -57,7 +57,7 @@ def post(request: Request, method: str) -> Response:
         if not serializer.is_valid():
             return Response(status=HTTP_400_BAD_REQUEST, data=serializer.errors)
         backup_codes = activate_mfa_method_command(
-            user_id=request.user.id,
+            user_id=request.user.id,  # type: ignore[arg-type]
             name=method,
             code=serializer.validated_data["code"],
         )
@@ -71,7 +71,8 @@ class MFAMethodDeactivationView(APIView):
     def post(request: Request, method: str) -> Response:
         try:
             deactivate_mfa_method_command(
-                mfa_method_name=method, user_id=request.user.id
+                mfa_method_name=method,
+                user_id=request.user.id,  # type: ignore[arg-type]
             )
             return Response(status=HTTP_204_NO_CONTENT)
         except MFAValidationError as cause:

api/environments/identities/managers.py

@@ -34,7 +34,7 @@ def with_context(
         self,
         integrations: "Iterable[IntegrationConfig] | None" = None,
         extra_select_related: "Iterable[str] | None" = None,
-        extra_prefetch_related: "Iterable[str | Prefetch] | None" = None,
+        extra_prefetch_related: "Iterable[str | Prefetch] | None" = None,  # type: ignore[type-arg]
     ) -> "QuerySet[Identity]":
         from integrations.integration import IDENTITY_INTEGRATIONS
 

api/environments/identities/migrations/0006_rename_environment_created_date_index.py

@@ -0,0 +1,28 @@
+# Generated by Django 5.2.9 on 2025-12-31 15:29
+from common.migrations.helpers import PostgresOnlyRunSQL
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("identities", "0005_revert_sanitized_identifiers"),
+    ]
+
+    operations = [
+        migrations.SeparateDatabaseAndState(
+            state_operations=[
+                migrations.RenameIndex(
+                    model_name="identity",
+                    new_name="environment_environ_341dc9_idx",
+                    old_fields=("environment", "created_date"),
+                ),
+            ],
+            database_operations=[
+                PostgresOnlyRunSQL(
+                    'ALTER INDEX "environments_identity_environment_id_created_date_idx" RENAME TO "environment_environ_341dc9_idx"',
+                    reverse_sql='ALTER INDEX "environment_environ_341dc9_idx" RENAME TO "environments_identity_environment_id_created_date_idx"'
+                )
+            ],
+        )
+    ]

api/environments/identities/models.py

@@ -39,7 +39,7 @@ class Meta:
         # Note that the environment / created_date index is added only to postgres, so we can add it concurrently to
         # avoid any downtime. If people using MySQL / Oracle have issues with poor performance on the identities table,
         # we can provide them the SQL to add it manually in a small window of downtime.
-        index_together = (("environment", "created_date"),)
+        indexes = [models.Index(fields=["environment", "created_date"])]
 
     def natural_key(self):  # type: ignore[no-untyped-def]
         return self.identifier, self.environment.api_key

api/environments/managers.py

@@ -11,7 +11,7 @@ def filter_for_document_builder(  # type: ignore[no-untyped-def]
         self,
         *args,
         extra_select_related: list[str] | None = None,
-        extra_prefetch_related: list[Prefetch | str] | None = None,
+        extra_prefetch_related: list[Prefetch | str] | None = None,  # type: ignore[type-arg]
         **kwargs,
     ):
         return (

api/features/admin.py

@@ -43,12 +43,12 @@ class FeatureAdmin(SimpleHistoryAdmin):  # type: ignore[misc]
 class FeatureSegmentAdmin(admin.ModelAdmin):  # type: ignore[type-arg]
     model = FeatureSegment
 
-    def add_view(self, *args, **kwargs):  # type: ignore[no-untyped-def]
-        self.exclude = ("priority",)
+    def add_view(self, *args, **kwargs):  # type: ignore[no-untyped-def]  # pragma: no cover
+        self.exclude = ("priority",)  # type: ignore[misc]
         return super(FeatureSegmentAdmin, self).add_view(*args, **kwargs)
 
-    def change_view(self, *args, **kwargs):  # type: ignore[no-untyped-def]
-        self.exclude = ()
+    def change_view(self, *args, **kwargs):  # type: ignore[no-untyped-def]  # pragma: no cover
+        self.exclude = ()  # type: ignore[misc]
         return super(FeatureSegmentAdmin, self).change_view(*args, **kwargs)
 
 

api/features/feature_health/services.py

@@ -145,7 +145,7 @@ def dismiss_feature_health_event(
     FeatureHealthEvent.objects.create(
         feature=feature_health_event.feature,
         environment=feature_health_event.environment,
-        type=FeatureHealthEventType.HEALTHY,
+        type=FeatureHealthEventType.HEALTHY.value,
         reason=json.dumps(reason),
         provider_name=feature_health_event.provider_name,
         external_id=feature_health_event.external_id,

api/features/feature_states/permissions.py

@@ -14,6 +14,6 @@ def has_permission(self, request: Request, view: APIView) -> bool:
         except Environment.DoesNotExist:
             return False
 
-        return request.user.has_environment_permission(  # type: ignore[union-attr]
+        return request.user.has_environment_permission(  # type: ignore[union-attr,no-any-return]
             UPDATE_FEATURE_STATE, environment
         )

api/features/import_export/permissions.py

@@ -29,7 +29,7 @@ def has_permission(self, request: Request, view: APIView) -> bool:
             return False
 
         environment = Environment.objects.get(id=request.data["environment_id"])
-        return request.user.is_environment_admin(environment)  # type: ignore[union-attr]
+        return request.user.is_environment_admin(environment)  # type: ignore[union-attr,no-any-return]
 
 
 class DownloadFeatureExportPermissions(IsAuthenticated):
@@ -39,7 +39,7 @@ def has_permission(self, request: Request, view: APIView) -> bool:
 
         feature_export = FeatureExport.objects.get(id=view.kwargs["feature_export_id"])
 
-        return request.user.is_environment_admin(feature_export.environment)  # type: ignore[union-attr]
+        return request.user.is_environment_admin(feature_export.environment)  # type: ignore[union-attr,no-any-return]
 
 
 class FeatureExportListPermissions(IsAuthenticated):
@@ -50,7 +50,7 @@ def has_permission(self, request: Request, view: ListAPIView) -> bool:  # type:
         project = Project.objects.get(id=view.kwargs["project_pk"])
         # The user will only see environment feature exports
         # that the user is an environment admin.
-        return request.user.has_project_permission(VIEW_PROJECT, project)  # type: ignore[union-attr]
+        return request.user.has_project_permission(VIEW_PROJECT, project)  # type: ignore[union-attr,no-any-return]
 
 
 class FeatureImportListPermissions(IsAuthenticated):
@@ -61,4 +61,4 @@ def has_permission(self, request: Request, view: ListAPIView) -> bool:  # type:
         project = Project.objects.get(id=view.kwargs["project_pk"])
         # The user will only see environment feature imports
         # that the user is an environment admin.
-        return request.user.has_project_permission(VIEW_PROJECT, project)  # type: ignore[union-attr]
+        return request.user.has_project_permission(VIEW_PROJECT, project)  # type: ignore[union-attr,no-any-return]

api/features/permissions.py

@@ -120,10 +120,10 @@ def has_permission(self, request: Request, view: GenericViewSet) -> bool:  # typ
 
                     tag_ids = list(feature.tags.values_list("id", flat=True))
 
-                return request.user.has_environment_permission(  # type: ignore[union-attr]
+                return request.user.has_environment_permission(  # type: ignore[union-attr,no-any-return]
                     required_permission,
                     environment,
-                    tag_ids=tag_ids,  # type: ignore[arg-type]
+                    tag_ids=tag_ids,
                 )
             return False
 
@@ -144,10 +144,10 @@ def has_object_permission(
         if permission in TAG_SUPPORTED_ENVIRONMENT_PERMISSIONS:
             tag_ids = list(obj.feature.tags.values_list("id", flat=True))
 
-        return request.user.has_environment_permission(  # type: ignore[union-attr]
+        return request.user.has_environment_permission(  # type: ignore[union-attr,no-any-return]
             permission,
-            environment=obj.environment,  # type: ignore[arg-type]
-            tag_ids=tag_ids,  # type: ignore[arg-type]
+            environment=obj.environment,
+            tag_ids=tag_ids,
         )
 
 

api/features/versioning/permissions.py

@@ -31,10 +31,10 @@ def has_permission(self, request: Request, view: GenericViewSet) -> bool:  # typ
             feature = Feature.objects.get(id=feature_id, project=environment.project)
             tag_ids = list(feature.tags.values_list("id", flat=True))
 
-        return request.user.has_environment_permission(  # type: ignore[union-attr]
+        return request.user.has_environment_permission(  # type: ignore[union-attr,no-any-return]
             permission=required_permission,
             environment=environment,
-            tag_ids=tag_ids,  # type: ignore[arg-type]
+            tag_ids=tag_ids,
         )
 
     def has_object_permission(
@@ -53,10 +53,10 @@ def has_object_permission(
         if required_permission in TAG_SUPPORTED_ENVIRONMENT_PERMISSIONS:
             tag_ids = list(obj.feature.tags.values_list("id", flat=True))
 
-        return request.user.has_environment_permission(  # type: ignore[union-attr]
+        return request.user.has_environment_permission(  # type: ignore[union-attr,no-any-return]
             permission=required_permission,
             environment=obj.environment,
-            tag_ids=tag_ids,  # type: ignore[arg-type]
+            tag_ids=tag_ids,
         )
 
 
@@ -73,11 +73,11 @@ def has_permission(self, request: Request, view: GenericViewSet) -> bool:  # typ
         environment = Environment.objects.get(id=environment_pk)
 
         if view.action == "list":
-            return request.user.has_environment_permission(  # type: ignore[union-attr]
+            return request.user.has_environment_permission(  # type: ignore[union-attr,no-any-return]
                 permission=VIEW_ENVIRONMENT, environment=environment
             )
 
-        return request.user.has_environment_permission(  # type: ignore[union-attr]
+        return request.user.has_environment_permission(  # type: ignore[union-attr,no-any-return]
             permission=UPDATE_FEATURE_STATE, environment=environment
         )
 
@@ -87,13 +87,13 @@ def has_object_permission(
         view: GenericViewSet,  # type: ignore[override,type-arg]
         obj: FeatureState,
     ) -> bool:
-        if view.action == "retrieve":
-            return request.user.has_environment_permission(  # type: ignore[union-attr]
+        if view.action == "retrieve":  # pragma: no cover
+            return request.user.has_environment_permission(  # type: ignore[union-attr,no-any-return]
                 permission=VIEW_ENVIRONMENT,
-                environment=obj.environment,  # type: ignore[arg-type]
+                environment=obj.environment,
             )
 
-        return request.user.has_environment_permission(  # type: ignore[union-attr]
+        return request.user.has_environment_permission(  # type: ignore[union-attr,no-any-return]
             permission=UPDATE_FEATURE_STATE,
-            environment=obj.environment,  # type: ignore[arg-type]
+            environment=obj.environment,
         )

api/features/versioning/versioning_service.py

@@ -33,7 +33,7 @@ def get_environment_flags_list(
     additional_filters: Q = None,  # type: ignore[assignment]
     additional_select_related_args: typing.Iterable[str] = None,  # type: ignore[assignment]
     additional_prefetch_related_args: typing.Iterable[
-        typing.Union[str, Prefetch]
+        typing.Union[str, Prefetch[typing.Any]]
     ] = None,  # type: ignore[assignment]
     from_replica: bool = False,
 ) -> list[FeatureState]:
@@ -64,7 +64,7 @@ def get_environment_flags_dict(
     additional_filters: Q = None,  # type: ignore[assignment]
     additional_select_related_args: typing.Iterable[str] = None,  # type: ignore[assignment]
     additional_prefetch_related_args: typing.Iterable[
-        typing.Union[str, Prefetch]
+        typing.Union[str, Prefetch[typing.Any]]
     ] = None,  # type: ignore[assignment]
     key_function: typing.Callable[[FeatureState], tuple] = None,  # type: ignore[type-arg,assignment]
     from_replica: bool = False,
@@ -507,7 +507,7 @@ def _get_feature_states_queryset(
     additional_filters: Q = None,  # type: ignore[assignment]
     additional_select_related_args: typing.Iterable[str] = None,  # type: ignore[assignment]
     additional_prefetch_related_args: typing.Iterable[
-        typing.Union[str, Prefetch]
+        typing.Union[str, Prefetch[typing.Any]]
     ] = None,  # type: ignore[assignment]
     from_replica: bool = False,
 ) -> QuerySet[FeatureState]:

api/organisations/chargebee/webhook_handlers.py

@@ -1,5 +1,6 @@
 import logging
 from datetime import datetime
+from datetime import timezone as dttz
 
 from django.utils import timezone
 from rest_framework import status
@@ -129,7 +130,7 @@ def process_subscription(request: Request) -> Response:  # noqa: C901
         cancellation_date = subscription.get("current_term_end")
         if cancellation_date is not None:
             cancellation_date = datetime.fromtimestamp(cancellation_date).replace(
-                tzinfo=timezone.utc  # type: ignore[attr-defined]
+                tzinfo=dttz.utc
             )
         else:
             cancellation_date = timezone.now()
@@ -168,9 +169,7 @@ def process_subscription(request: Request) -> Response:  # noqa: C901
         else:
             osic_defaults["current_billing_term_ends_at"] = datetime.fromtimestamp(
                 current_term_end
-            ).replace(
-                tzinfo=timezone.utc  # type: ignore[attr-defined]
-            )
+            ).replace(tzinfo=dttz.utc)
 
     if "current_term_start" in subscription:
         current_term_start = subscription["current_term_start"]
@@ -179,9 +178,7 @@ def process_subscription(request: Request) -> Response:  # noqa: C901
         else:
             osic_defaults["current_billing_term_starts_at"] = datetime.fromtimestamp(
                 current_term_start
-            ).replace(
-                tzinfo=timezone.utc  # type: ignore[attr-defined]
-            )
+            ).replace(tzinfo=dttz.utc)
 
     OrganisationSubscriptionInformationCache.objects.update_or_create(
         organisation_id=existing_subscription.organisation_id,

api/organisations/permissions/permissions.py

@@ -230,4 +230,4 @@ def has_permission(self, request: Request, view: View) -> bool:
             return False
 
         # All organisation users can see api usage notifications.
-        return request.user.belongs_to(view.kwargs.get("organisation_pk"))  # type: ignore[union-attr]
+        return request.user.belongs_to(view.kwargs.get("organisation_pk"))  # type: ignore[union-attr,no-any-return]