diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 8c31ed46d..0e7bc610a 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -13,3 +13,37 @@ updates:
       interval: weekly
     cooldown:
       default-days: 7
+  
+  - package-ecosystem: "pip"
+    directory: "/"
+
+    groups:
+      test:
+        patterns:
+          - "pytest*"
+          - "attrs"
+          - "importlib-metadata"
+          - "pytz"
+
+      docs:
+        patterns:
+          - "mkdocs"
+          - "pylinkvalidator"
+
+      optional:
+        patterns:
+          - "coreapi"
+          - "coreschema"
+          - "django-filter"
+          - "django-guardian"
+          - "inflection"
+          - "legacy-cgi"
+          - "markdown"
+          - "psycopg*"
+          - "pygments"
+          - "pyyaml"
+
+    schedule:
+      interval: weekly
+    cooldown:
+      default-days: 7
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 4e9d3a234..5b74c0c21 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -84,7 +84,6 @@ jobs:
     - run: if [ $WAIT_TIME == 5 ]; then echo cannot start mkdocs server on http://localhost:8000; exit 1; fi
     
     - name: Check links
-      continue-on-error: true
       run: pylinkvalidate.py -P http://localhost:8000/
   
     - run: echo "Done"
diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md
index a00a3873f..e4fff74a6 100644
--- a/docs/api-guide/authentication.md
+++ b/docs/api-guide/authentication.md
@@ -89,7 +89,7 @@ Note that when a request may successfully authenticate, but still be denied perm
 
 ## Django 5.1+ `LoginRequiredMiddleware`
 
-If you're running Django 5.1+ and use the [`LoginRequiredMiddleware`][login-required-middleware], please note that all views from DRF are opted-out of this middleware.  This is because the authentication in DRF is based authentication and permissions classes, which may be determined after the middleware has been applied.  Additionally, when the request is not authenticated, the middleware redirects the user to the login page, which is not suitable for API requests, where it's preferable to return a 401 status code.
+If you're running Django 5.1+ and use the [`LoginRequiredMiddleware`][login-required-middleware], please note that all views from DRF are opted-out of this middleware.  This is because the authentication in DRF is based on authentication and permissions classes, which may be determined after the middleware has been applied.  Additionally, when the request is not authenticated, the middleware redirects the user to the login page, which is not suitable for API requests, where it's preferable to return a 401 status code.
 
 REST framework offers an equivalent mechanism for DRF views via the global settings, `DEFAULT_AUTHENTICATION_CLASSES` and `DEFAULT_PERMISSION_CLASSES`.  They should be changed accordingly if you need to enforce that API requests are logged in.
 
diff --git a/docs/api-guide/permissions.md b/docs/api-guide/permissions.md
index b8179490e..8acbdf77d 100644
--- a/docs/api-guide/permissions.md
+++ b/docs/api-guide/permissions.md
@@ -138,7 +138,10 @@ Provided they inherit from `rest_framework.permissions.BasePermission`, permissi
             return Response(content)
 
 !!! note
-    Composition of permissions supports `&` (and), `|` (or) and `~` (not) operators.
+    Composition of permissions supports the `&` (and), `|` (or) and `~` (not) operators, and also allows the use of brackets `(` `)` to group expressions.
+
+    Operators follow the same precedence and associativity rules as standard logical operators (`~` highest, then `&`, then `|`).
+
 
 # API Reference
 
diff --git a/docs/community/3.10-announcement.md b/docs/community/3.10-announcement.md
index a2135fd20..898ccde9f 100644
--- a/docs/community/3.10-announcement.md
+++ b/docs/community/3.10-announcement.md
@@ -145,4 +145,4 @@ continued development by **[signing up for a paid plan][funding]**.
 
 [legacy-core-api-docs]:https://github.com/encode/django-rest-framework/blob/3.14.0/docs/coreapi/index.md
 [sponsors]: https://fund.django-rest-framework.org/topics/funding/#our-sponsors
-[funding]: funding.md
+[funding]: https://opencollective.com/django-rest-framework
diff --git a/docs/community/3.11-announcement.md b/docs/community/3.11-announcement.md
index e913d5e0a..02f90d71f 100644
--- a/docs/community/3.11-announcement.md
+++ b/docs/community/3.11-announcement.md
@@ -111,4 +111,4 @@ continued development by **[signing up for a paid plan][funding]**.
 *Many thanks to all our [wonderful sponsors][sponsors], and in particular to our premium backers, [Sentry](https://getsentry.com/welcome/), [Stream](https://getstream.io/?utm_source=drf&utm_medium=banner&utm_campaign=drf), [ESG](https://software.esg-usa.com/), [Rollbar](https://rollbar.com/?utm_source=django&utm_medium=sponsorship&utm_campaign=freetrial), [Cadre](https://cadre.com), [Kloudless](https://hubs.ly/H0f30Lf0), [Lights On Software](https://lightsonsoftware.com), and [Retool](https://retool.com/?utm_source=djangorest&utm_medium=sponsorship).*
 
 [sponsors]: https://fund.django-rest-framework.org/topics/funding/#our-sponsors
-[funding]: funding.md
+[funding]: https://opencollective.com/django-rest-framework
diff --git a/docs/community/3.12-announcement.md b/docs/community/3.12-announcement.md
index 5264ddd85..dd6dc9610 100644
--- a/docs/community/3.12-announcement.md
+++ b/docs/community/3.12-announcement.md
@@ -178,4 +178,4 @@ continued development by **[signing up for a paid plan][funding]**.
 *Many thanks to all our [wonderful sponsors][sponsors], and in particular to our premium backers, [Sentry](https://getsentry.com/welcome/), [Stream](https://getstream.io/?utm_source=drf&utm_medium=banner&utm_campaign=drf), [ESG](https://software.esg-usa.com/), [Rollbar](https://rollbar.com/?utm_source=django&utm_medium=sponsorship&utm_campaign=freetrial), [Cadre](https://cadre.com), [Kloudless](https://hubs.ly/H0f30Lf0), [Lights On Software](https://lightsonsoftware.com), and [Retool](https://retool.com/?utm_source=djangorest&utm_medium=sponsorship).*
 
 [sponsors]: https://fund.django-rest-framework.org/topics/funding/#our-sponsors
-[funding]: funding.md
+[funding]: https://opencollective.com/django-rest-framework
diff --git a/docs/community/3.4-announcement.md b/docs/community/3.4-announcement.md
index 2c68b178a..2b3d5df6d 100644
--- a/docs/community/3.4-announcement.md
+++ b/docs/community/3.4-announcement.md
@@ -177,7 +177,7 @@ The full set of itemized release notes [are available here][release-notes].
 
 [sponsors]: https://fund.django-rest-framework.org/topics/funding/#our-sponsors
 [moss]: mozilla-grant.md
-[funding]: funding.md
+[funding]: https://opencollective.com/django-rest-framework
 [core-api]: https://www.coreapi.org/
 [command-line-client]: https://github.com/encode/django-rest-framework/blob/3.4.7/docs/topics/api-clients.md#command-line-client
 [client-library]: https://github.com/encode/django-rest-framework/blob/3.4.7/docs/topics/api-clients.md#python-client-library
diff --git a/docs/community/3.5-announcement.md b/docs/community/3.5-announcement.md
index eb3bf7fd5..3b0a22dfc 100644
--- a/docs/community/3.5-announcement.md
+++ b/docs/community/3.5-announcement.md
@@ -251,7 +251,7 @@ in version 3.3 and raised a deprecation warning in 3.4. Its usage is now mandato
 ---
 
 [sponsors]: https://fund.django-rest-framework.org/topics/funding/#our-sponsors
-[funding]: funding.md
+[funding]: https://opencollective.com/django-rest-framework
 [uploads]: https://core-api.github.io/python-client/api-guide/utils/#file
 [downloads]: https://core-api.github.io/python-client/api-guide/codecs/#downloadcodec
 [schema-generation-api]: ../api-guide/schemas.md#schemagenerator
diff --git a/docs/community/3.6-announcement.md b/docs/community/3.6-announcement.md
index 9e45473ee..3f4250db4 100644
--- a/docs/community/3.6-announcement.md
+++ b/docs/community/3.6-announcement.md
@@ -193,7 +193,7 @@ Once work on those refinements is complete, we'll be starting feature work
 on realtime support, for the 3.7 release.
 
 [sponsors]: https://fund.django-rest-framework.org/topics/funding/#our-sponsors
-[funding]: funding.md
+[funding]: https://opencollective.com/django-rest-framework
 [api-docs]: ../topics/documenting-your-api.md
 [js-docs]: https://github.com/encode/django-rest-framework/blob/3.14.0/docs/topics/api-clients.md#javascript-client-library
 [py-docs]: https://github.com/encode/django-rest-framework/blob/3.14.0/docs/topics/api-clients.md#python-client-library
diff --git a/docs/community/3.7-announcement.md b/docs/community/3.7-announcement.md
index 49f68ead2..3a8298817 100644
--- a/docs/community/3.7-announcement.md
+++ b/docs/community/3.7-announcement.md
@@ -125,6 +125,6 @@ We're still planning to work on improving real-time support for REST framework b
 
 This will likely be timed so that any REST framework development here ties in with similar work on [API Star][api-star].
 
-[funding]: funding.md
+[funding]: https://opencollective.com/django-rest-framework
 [schema-docs]: ../api-guide/schemas.md
 [api-star]: https://github.com/encode/apistar
diff --git a/docs/community/3.8-announcement.md b/docs/community/3.8-announcement.md
index eef3ae0c9..7bf0015a9 100644
--- a/docs/community/3.8-announcement.md
+++ b/docs/community/3.8-announcement.md
@@ -91,7 +91,7 @@ We're currently working towards moving to using [OpenAPI][openapi] as our defaul
 
 We're doing some consolidation in order to make this happen. It's planned that 3.9 will drop the `coreapi` and `coreschema` libraries, and instead use `apistar` for the API documentation generation, schema generation, and API client libraries.
 
-[funding]: funding.md
+[funding]: https://opencollective.com/django-rest-framework
 [gh5886]: https://github.com/encode/django-rest-framework/issues/5886
 [gh5705]: https://github.com/encode/django-rest-framework/issues/5705
 [openapi]: https://www.openapis.org/
diff --git a/docs/community/3.9-announcement.md b/docs/community/3.9-announcement.md
index bd886482c..1680d919e 100644
--- a/docs/community/3.9-announcement.md
+++ b/docs/community/3.9-announcement.md
@@ -203,7 +203,7 @@ web framework, which is building a foundational set of tooling for working with
 ASGI.
 
 
-[funding]: funding.md
+[funding]: https://opencollective.com/django-rest-framework
 [gh5886]: https://github.com/encode/django-rest-framework/issues/5886
 [gh5705]: https://github.com/encode/django-rest-framework/issues/5705
 [openapi]: https://www.openapis.org/
diff --git a/docs/community/jobs.md b/docs/community/jobs.md
index f3ce37d15..7b16330d3 100644
--- a/docs/community/jobs.md
+++ b/docs/community/jobs.md
@@ -1,6 +1,6 @@
 # Jobs
 
-Looking for a new Django REST Framework related role? On this site we provide a list of job resources that may be helpful. It's also worth checking out if any of [our sponsors are hiring][drf-funding].
+Looking for a new Django REST Framework related role? On this site we provide a list of job resources that may be helpful. It's also worth checking out if any of [our sponsors are hiring][sponsors].
 
 
 ## Places to look for Django REST Framework Jobs
@@ -22,7 +22,7 @@ Looking for a new Django REST Framework related role? On this site we provide a
 
 Know of any other great resources for Django REST Framework jobs that are missing in our list? Please [submit a pull request][submit-pr] or [email us][anna-email].
 
-Wonder how else you can help? One of the best ways you can help Django REST Framework is to ask interviewers if their company is signed up for [REST Framework sponsorship][drf-funding] yet.
+Wonder how else you can help? One of the best ways you can help Django REST Framework is to ask interviewers if their company is signed up for [REST Framework sponsorship][sponsors] yet.
 
 
 [djangoproject-website]: https://www.djangoproject.com/community/jobs/
@@ -38,6 +38,6 @@ Wonder how else you can help? One of the best ways you can help Django REST Fram
 [remoteok-com]: https://remoteok.com/remote-django-jobs
 [remotepython-com]: https://www.remotepython.com/jobs/
 [pyjobs-com]: https://www.pyjobs.com/
-[drf-funding]: https://fund.django-rest-framework.org/topics/funding/
+[sponsors]: https://fund.django-rest-framework.org/topics/funding/#our-sponsors
 [submit-pr]: https://github.com/encode/django-rest-framework
 [anna-email]: mailto:anna@django-rest-framework.org
diff --git a/docs/community/mozilla-grant.md b/docs/community/mozilla-grant.md
index 5248f5cc0..9a7491b61 100644
--- a/docs/community/mozilla-grant.md
+++ b/docs/community/mozilla-grant.md
@@ -37,7 +37,7 @@ at the end of May 2016.
 I have formed a UK limited company, [Encode](https://www.encode.io/), which will
 act as the business entity behind REST framework. I will be issuing monthly reports
 from Encode on progress both towards the Mozilla grant, and for development time
-funded via the [REST framework paid plans](funding.md).
+funded via the REST framework paid plans.
 
 <!-- Begin MailChimp Signup Form -->
 <link href="//cdn-images.mailchimp.com/embedcode/classic-10_7.css" rel="stylesheet" type="text/css">
diff --git a/pyproject.toml b/pyproject.toml
index 6613f1a66..121ac357f 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -44,13 +44,11 @@ dev = [
   { include-group = "test" },
 ]
 test = [
-  # temporary pin of attrs
-  "attrs==22.1.0",
-  "importlib-metadata<5.0",
+  "importlib-metadata<9.0",
 
   # Pytest for running the tests.
-  "pytest>=7.0.1,<8",
-  "pytest-cov>=4.0.0,<5.0",
+  "pytest==9.*",
+  "pytest-cov==7.*",
   "pytest-django>=4.5.2,<5",
 
   # Remove when dropping support for Django<5.0
@@ -58,22 +56,24 @@ test = [
 ]
 docs = [
   # MkDocs to build our documentation.
-  "mkdocs==1.6.0",
+  "mkdocs==1.6.1",
   # pylinkvalidator to check for broken links in documentation.
   "pylinkvalidator==0.3",
 ]
 optional = [
   # Optional packages which may be used with REST framework.
-  "coreapi==2.3.1",
+  "coreapi==2.3.3",
   "coreschema==0.0.4",
   "django-filter",
-  "django-guardian>=2.4.0,<2.5",
+  "django-guardian>=2.4.0,<3.3",
   "inflection==0.5.1",
   "legacy-cgi; python_version>='3.13'",
   "markdown>=3.3.7",
   "psycopg[binary]>=3.1.8",
-  "pygments~=2.17.0",
-  "pyyaml>=5.3.1,<5.4",
+  "pygments>=2.17,<2.20",
+  "pyyaml>=5.3.1,<6.1",
+  # setuptools is needed for coreapi (imports pkg_resources)
+  "setuptools<82",
 ]
 django42 = [ "django>=4.2,<5.0" ]
 django50 = [ "django>=5.0,<5.1" ]
@@ -118,7 +118,10 @@ keep_full_version = true
 [tool.pytest.ini_options]
 addopts = "--tb=short --strict-markers -ra"
 testpaths = [ "tests" ]
-filterwarnings = [ "ignore:CoreAPI compatibility is deprecated*:rest_framework.RemovedInDRF318Warning" ]
+filterwarnings = [
+  "ignore:CoreAPI compatibility is deprecated*:rest_framework.RemovedInDRF318Warning",
+  "ignore:'cgi' is deprecated:DeprecationWarning",
+]
 
 [tool.coverage.run]
 # NOTE: source is ignored with pytest-cov (but uses the same).
diff --git a/tox.ini b/tox.ini
index b13eabd1a..00e5bd57b 100644
--- a/tox.ini
+++ b/tox.ini
@@ -10,7 +10,7 @@ envlist =
        docs
 
 [testenv]
-commands = python -W error::DeprecationWarning -W error::PendingDeprecationWarning runtests.py --coverage {posargs}
+commands = pytest --cov --cov-report xml {posargs}
 envdir = {toxworkdir}/venvs/{envname}
 setenv =
        PYTHONDONTWRITEBYTECODE=1