Skip to content

chore: bump the development-dependencies group across 1 directory with 4 updates#188

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/main/development-dependencies-f1510f8867
Open

chore: bump the development-dependencies group across 1 directory with 4 updates#188
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/main/development-dependencies-f1510f8867

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 11, 2026
edited
Loading

Bumps the development-dependencies group with 4 updates in the / directory: sphinx, myst-parser, tomli and black.

Updates sphinx from 8.2.3 to 9.1.0

Release notes

Sourced from sphinx's releases.

Sphinx 9.1.0

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Dependencies

  • #14153: Drop Python 3.11 support.
  • #12555: Drop Docutils 0.20 support. Patch by Adam Turner

Features added

  • Add add_static_dir() for copying static assets from extensions to the build output. Patch by Jared Dillard

Bugs fixed

  • #14189: autodoc: Fix duplicate :no-index-entry: for modules. Patch by Adam Turner
  • #13713: Fix compatibility with MyST-Parser. Patch by Adam Turner
  • Fix tests for Python 3.15. Patch by Adam Turner
  • #14089: autodoc: Fix default option parsing. Patch by Adam Turner
  • Remove incorrect static typing assertions. Patch by Adam Turner
  • #14050: LaTeXTranslator fails to build documents using the "acronym" standard role. Patch by Günter Milde
  • LaTeX: Fix rendering for grid filled merged vertical cell. Patch by Tim Nordell
  • #14228: LaTeX: Fix overrun footer for cases of merged vertical table cells. Patch by Tim Nordell
  • #14207: Fix creating HTMLThemeFactory objects in third-party extensions. Patch by Adam Turner
  • #3099: LaTeX: PDF build crashes if a code-block contains more than circa 1350 codelines (about 27 a4-sized pages at default pointsize). Patch by Jean-François B.
  • #14064: LaTeX: TABs ending up in sphinxVerbatim fail to obey tab stops. Patch by Jean-François B.
  • #14089: autodoc: Improve support for non-weakreferencable objects. Patch by Adam Turner
  • LaTeX: Fix accidental removal at 3.5.0 (#8854) of the documentation of literalblockcappos key of sphinxsetup. Patch by Jean-François B.

... (truncated)

Changelog

Sourced from sphinx's changelog.

Release 9.1.0 (released Dec 31, 2025)

Dependencies

  • #14153: Drop Python 3.11 support.
  • #12555: Drop Docutils 0.20 support. Patch by Adam Turner

Features added

  • Add :meth:~sphinx.application.Sphinx.add_static_dir for copying static assets from extensions to the build output. Patch by Jared Dillard

Bugs fixed

  • #14189: autodoc: Fix duplicate :no-index-entry: for modules. Patch by Adam Turner
  • #13713: Fix compatibility with MyST-Parser. Patch by Adam Turner
  • Fix tests for Python 3.15. Patch by Adam Turner
  • #14089: autodoc: Fix default option parsing. Patch by Adam Turner
  • Remove incorrect static typing assertions. Patch by Adam Turner
  • #14050: LaTeXTranslator fails to build documents using the "acronym" standard role. Patch by Günter Milde
  • LaTeX: Fix rendering for grid filled merged vertical cell. Patch by Tim Nordell
  • #14228: LaTeX: Fix overrun footer for cases of merged vertical table cells. Patch by Tim Nordell
  • #14207: Fix creating HTMLThemeFactory objects in third-party extensions. Patch by Adam Turner
  • #3099: LaTeX: PDF build crashes if a code-block contains more than circa 1350 codelines (about 27 a4-sized pages at default pointsize). Patch by Jean-François B.
  • #14064: LaTeX: TABs ending up in sphinxVerbatim fail to obey tab stops. Patch by Jean-François B.
  • #14089: autodoc: Improve support for non-weakreferencable objects. Patch by Adam Turner
  • LaTeX: Fix accidental removal at 3.5.0 (#8854) of the documentation of literalblockcappos key of :ref:'sphinxsetup' <latexsphinxsetup>. Patch by Jean-François B.
Commits
  • cc7c6f4 Bump to 9.1.0 final
  • b127b94 Add app.add_static_dir() for copying extension static files (#14219)
  • 20f1c46 LaTeX: Inhibit breaks for rows with merged vertical cells (#14227)
  • 3c85411 Polish CHANGES.rst (#14225)
  • 9ee5446 LaTeX: restore 1.7 documentation of literalblockcappos (#14224)
  • d75d602 LaTeX: improve (again...) some code comments in time for 9.1.0 (#14222)
  • 8dca61d Improve some LaTeX code comments (#14220)
  • 8ab9600 Bump to 9.1.0 candidate 2
  • d59b237 autodoc: Improve support for non-weakreferencable objects
  • 964424b Use the correct reference for using existing extensions (#14157)
  • Additional commits viewable in compare view

Updates myst-parser from 4.0.1 to 5.0.0

Release notes

Sourced from myst-parser's releases.

v5.0.0

MyST-Parser 5.0.0

Release Date: 2026-01-15

This release significantly bumps the supported versions of core dependencies:

‼️ Breaking Changes

This release updates the minimum supported versions:

  • Python: >=3.11 (dropped Python 3.10, tests up to 3.14)
  • Sphinx: >=8,<10 (dropped Sphinx 7, added Sphinx 9)
  • Docutils: >=0.20,<0.23 (dropped docutils 0.19, added docutils 0.22)
  • markdown-it-py: ~=4.0 (upgraded from v3)

⬆️ Dependency Upgrades

👌 Improvements

📚 Documentation

🔧 Internal / Maintenance

Full Changelog: v4.0.1...v5.0.0

Changelog

Sourced from myst-parser's changelog.

5.0.0 - 2026-01-15

This release significantly bumps the supported versions of core dependencies:

‼️ Breaking Changes

This release updates the minimum supported versions:

  • Python: >=3.11 (dropped Python 3.10, tests up to 3.14)
  • Sphinx: >=8,<10 (dropped Sphinx 7, added Sphinx 9)
  • Docutils: >=0.20,<0.23 (dropped docutils 0.19, added docutils 0.22)
  • markdown-it-py: ~=4.0 (upgraded from v3)

⬆️ Dependency Upgrades

  • ⬆️ Upgrade to markdown-it-py v4 by gh-user:chrisjsewell in gh-pr:1060
  • ⬆️ Drop Python 3.10 and Sphinx 7 by gh-user:chrisjsewell in gh-pr:1059
  • ⬆️ Drop docutils 0.19 by gh-user:chrisjsewell in gh-pr:1061
  • ⬆️ Add support for Python 3.14 by gh-user:chrisjsewell in gh-pr:1075
  • ⬆️ Support Sphinx v9 by gh-user:chrisjsewell in gh-pr:1076
  • ⬆️ Allow docutils 0.22 by gh-user:chrisjsewell in gh-pr:1084

👌 Improvements

  • 👌 Improve generation of meta nodes by gh-user:AA-Turner in gh-pr:1080

📚 Documentation

  • 📚 Fix typo in tables.md by gh-user:electricalgorithm in gh-pr:1034
  • 📚 Fix minor typo in cross-referencing.md by gh-user:krassowski in gh-pr:1036

🔧 Internal / Maintenance

  • 🔧 Update pre-commit by gh-user:chrisjsewell in gh-pr:1058
  • 🔧 Add AGENTS.md by gh-user:chrisjsewell in gh-pr:1083

Full Changelog: v4.0.1...v5.0.0

Commits

Updates tomli from 2.3.0 to 2.4.1

Changelog

Sourced from tomli's changelog.

2.4.1

  • Fixed
    • Limit number of parts of a TOML key to address quadratic time complexity

2.4.0

  • Added
    • TOML v1.1.0 compatibility
    • Binary wheels for Windows arm64
Commits
  • c5f4469 Bump version: 2.4.0 → 2.4.1
  • 2bcd262 Add change log for 2.4.1 and 2.3.1
  • e1fdb94 Limit number of parts of a key (#286)
  • c20c491 pre-commit autoupdate
  • 920e20b Update performance benchmark and results
  • 064e492 Merge pull request #280 from hukkin/version-2.4.0
  • a678e6f Bump version: 2.3.0 → 2.4.0
  • b8a1358 Tests: remove now needless "TOML compliance"->"burntsushi" format conversion
  • 4979375 Update GitHub actions
  • f890dd1 Update pre-commit hooks
  • Additional commits viewable in compare view

Updates black from 25.12.0 to 26.3.1

Release notes

Sourced from black's releases.

26.3.1

Stable style

  • Prevent Jupyter notebook magic masking collisions from corrupting cells by using exact-length placeholders for short magics and aborting if a placeholder can no longer be unmasked safely (#5038)

Configuration

  • Always hash cache filename components derived from --python-cell-magics so custom magic names cannot affect cache paths (#5038)

Blackd

  • Disable browser-originated requests by default, add configurable origin allowlisting and request body limits, and bound executor submissions to improve backpressure (#5039)

26.3.0

Stable style

  • Don't double-decode input, causing non-UTF-8 files to be corrupted (#4964)
  • Fix crash on standalone comment in lambda default arguments (#4993)
  • Preserve parentheses when # type: ignore comments would be merged with other comments on the same line, preventing AST equivalence failures (#4888)

Preview style

  • Fix bug where if guards in case blocks were incorrectly split when the pattern had a trailing comma (#4884)
  • Fix string_processing crashing on unassigned long string literals with trailing commas (one-item tuples) (#4929)
  • Simplify implementation of the power operator "hugging" logic (#4918)

Packaging

  • Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (#4930)

Performance

  • Introduce winloop for windows as an alternative to uvloop (#4996)
  • Remove deprecated function uvloop.install() in favor of uvloop.new_event_loop() (#4996)
  • Rename maybe_install_uvloop function to maybe_use_uvloop to simplify loop installation and creation of either a uvloop/winloop evenloop or default eventloop (#4996)

Output

... (truncated)

Changelog

Sourced from black's changelog.

Version 26.3.1

Stable style

  • Prevent Jupyter notebook magic masking collisions from corrupting cells by using exact-length placeholders for short magics and aborting if a placeholder can no longer be unmasked safely (#5038)

Configuration

  • Always hash cache filename components derived from --python-cell-magics so custom magic names cannot affect cache paths (#5038)

Blackd

  • Disable browser-originated requests by default, add configurable origin allowlisting and request body limits, and bound executor submissions to improve backpressure (#5039)

Version 26.3.0

Stable style

  • Don't double-decode input, causing non-UTF-8 files to be corrupted (#4964)
  • Fix crash on standalone comment in lambda default arguments (#4993)
  • Preserve parentheses when # type: ignore comments would be merged with other comments on the same line, preventing AST equivalence failures (#4888)

Preview style

  • Fix bug where if guards in case blocks were incorrectly split when the pattern had a trailing comma (#4884)
  • Fix string_processing crashing on unassigned long string literals with trailing commas (one-item tuples) (#4929)
  • Simplify implementation of the power operator "hugging" logic (#4918)

Packaging

  • Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (#4930)

Performance

  • Introduce winloop for windows as an alternative to uvloop (#4996)
  • Remove deprecated function uvloop.install() in favor of uvloop.new_event_loop() (#4996)
  • Rename maybe_install_uvloop function to maybe_use_uvloop to simplify loop installation and creation of either a uvloop/winloop eventloop or default eventloop (#4996)

... (truncated)

Commits

@dependabot dependabot Bot added the Dependencies Pull requests that update a dependency file label May 11, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 11, 2026 01:39
@dependabot dependabot Bot requested review from adrienpessu and felickz May 11, 2026 01:39
@dependabot dependabot Bot added the Dependencies Pull requests that update a dependency file label May 11, 2026
github-license-compliance[bot]
github-license-compliance Bot found potential problems May 11, 2026
View reviewed changes
Comment thread Pipfile.lock
Comment thread Pipfile.lock
Comment thread Pipfile.lock
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 11, 2026
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
pip/babel 2.18.0 UnknownUnknown
pip/black 26.3.1 UnknownUnknown
pip/certifi 2026.4.22 🟢 6.4
Details
CheckScoreReason
Code-Review🟢 5Found 1/2 approved changesets -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 88 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 8
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 10security policy file detected
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/charset-normalizer 3.4.7 UnknownUnknown
pip/click 8.3.3 UnknownUnknown
pip/docutils 0.22.4 UnknownUnknown
pip/idna 3.14 UnknownUnknown
pip/imagesize 2.0.0 🟢 3.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 0Found 0/15 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/markdown-it-py 4.2.0 UnknownUnknown
pip/mdit-py-plugins 0.6.0 UnknownUnknown
pip/myst-parser 5.0.0 UnknownUnknown
pip/packaging 26.2 UnknownUnknown
pip/pathspec 1.1.1 UnknownUnknown
pip/platformdirs 4.9.6 UnknownUnknown
pip/pygments 2.20.0 UnknownUnknown
pip/pytokens 0.4.1 UnknownUnknown
pip/requests 2.34.0 UnknownUnknown
pip/roman-numerals 4.1.0 UnknownUnknown
pip/sphinx 9.1.0 UnknownUnknown
pip/tomli 2.4.1 UnknownUnknown

Scanned Files

  • Pipfile.lock

@dependabot
chore: bump the development-dependencies group across 1 directory wit…
81f37aa 
…h 4 updates

Bumps the development-dependencies group with 4 updates in the / directory: [sphinx](https://github.com/sphinx-doc/sphinx), [myst-parser](https://github.com/executablebooks/MyST-Parser), [tomli](https://github.com/hukkin/tomli) and [black](https://github.com/psf/black).


Updates `sphinx` from 8.2.3 to 9.1.0
- [Release notes](https://github.com/sphinx-doc/sphinx/releases)
- [Changelog](https://github.com/sphinx-doc/sphinx/blob/master/CHANGES.rst)
- [Commits](sphinx-doc/sphinx@v8.2.3...v9.1.0)

Updates `myst-parser` from 4.0.1 to 5.0.0
- [Release notes](https://github.com/executablebooks/MyST-Parser/releases)
- [Changelog](https://github.com/executablebooks/MyST-Parser/blob/master/CHANGELOG.md)
- [Commits](executablebooks/MyST-Parser@v4.0.1...v5.0.0)

Updates `tomli` from 2.3.0 to 2.4.1
- [Changelog](https://github.com/hukkin/tomli/blob/master/CHANGELOG.md)
- [Commits](hukkin/tomli@2.3.0...2.4.1)

Updates `black` from 25.12.0 to 26.3.1
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@25.12.0...26.3.1)

---
updated-dependencies:
- dependency-name: black
  dependency-version: 26.3.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development-dependencies
- dependency-name: myst-parser
  dependency-version: 5.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development-dependencies
- dependency-name: sphinx
  dependency-version: 9.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development-dependencies
- dependency-name: tomli
  dependency-version: 2.4.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore: bump the development-dependencies group with 4 updates chore: bump the development-dependencies group across 1 directory with 4 updates May 11, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/main/development-dependencies-f1510f8867 branch from a43d679 to 81f37aa Compare May 11, 2026 19:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@felickz felickz Awaiting requested review from felickz felickz is a code owner automatically assigned from advanced-security/oss-maintainers

@adrienpessu adrienpessu Awaiting requested review from adrienpessu adrienpessu is a code owner automatically assigned from advanced-security/oss-maintainers

1 more reviewer

@github-license-compliance github-license-compliance[bot] github-license-compliance[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants