Skip to content

deps: bump the production-dependencies group across 1 directory with 3 updates#193

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/main/production-dependencies-4b0b2bb4a4
Open

deps: bump the production-dependencies group across 1 directory with 3 updates#193
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/main/production-dependencies-4b0b2bb4a4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 26, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the production-dependencies group with 3 updates in the / directory: ghastoolkit, sphinx and myst-parser.

Updates ghastoolkit from 0.18.2 to 0.18.3

Release notes

Sourced from ghastoolkit's releases.

0.18.3

What's Changed

Full Changelog: GeekMasher/ghastoolkit@0.18.2...0.18.3

Commits
  • 3d1c38d Merge pull request #362 from GeekMasher/v0_18_3
  • 09fbab6 feat(version): v0.18.3
  • 1b95fda Merge pull request #360 from GeekMasher/dependabot/uv/uv-8177a8837a
  • 901fd8e Merge pull request #361 from GeekMasher/dependabot/github_actions/production-...
  • ffcf3e2 build(deps): bump astral-sh/setup-uv
  • ba2e6fe build(deps): bump urllib3 in the uv group across 1 directory
  • 3125357 Merge pull request #359 from GeekMasher/dependabot/github_actions/production-...
  • 98d22da build(deps): bump astral-sh/setup-uv
  • eab36c0 Merge pull request #358 from GeekMasher/dependabot/github_actions/production-...
  • 0b9e46e build(deps): bump the production-dependencies group across 1 directory with 2...
  • See full diff in compare view

Updates sphinx from 8.2.3 to 9.1.0

Release notes

Sourced from sphinx's releases.

Sphinx 9.1.0

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Dependencies

  • #14153: Drop Python 3.11 support.
  • #12555: Drop Docutils 0.20 support. Patch by Adam Turner

Features added

  • Add add_static_dir() for copying static assets from extensions to the build output. Patch by Jared Dillard

Bugs fixed

  • #14189: autodoc: Fix duplicate :no-index-entry: for modules. Patch by Adam Turner
  • #13713: Fix compatibility with MyST-Parser. Patch by Adam Turner
  • Fix tests for Python 3.15. Patch by Adam Turner
  • #14089: autodoc: Fix default option parsing. Patch by Adam Turner
  • Remove incorrect static typing assertions. Patch by Adam Turner
  • #14050: LaTeXTranslator fails to build documents using the "acronym" standard role. Patch by Günter Milde
  • LaTeX: Fix rendering for grid filled merged vertical cell. Patch by Tim Nordell
  • #14228: LaTeX: Fix overrun footer for cases of merged vertical table cells. Patch by Tim Nordell
  • #14207: Fix creating HTMLThemeFactory objects in third-party extensions. Patch by Adam Turner
  • #3099: LaTeX: PDF build crashes if a code-block contains more than circa 1350 codelines (about 27 a4-sized pages at default pointsize). Patch by Jean-François B.
  • #14064: LaTeX: TABs ending up in sphinxVerbatim fail to obey tab stops. Patch by Jean-François B.
  • #14089: autodoc: Improve support for non-weakreferencable objects. Patch by Adam Turner
  • LaTeX: Fix accidental removal at 3.5.0 (#8854) of the documentation of literalblockcappos key of sphinxsetup. Patch by Jean-François B.

... (truncated)

Changelog

Sourced from sphinx's changelog.

Release 9.1.0 (released Dec 31, 2025)

Dependencies

  • #14153: Drop Python 3.11 support.
  • #12555: Drop Docutils 0.20 support. Patch by Adam Turner

Features added

  • Add :meth:~sphinx.application.Sphinx.add_static_dir for copying static assets from extensions to the build output. Patch by Jared Dillard

Bugs fixed

  • #14189: autodoc: Fix duplicate :no-index-entry: for modules. Patch by Adam Turner
  • #13713: Fix compatibility with MyST-Parser. Patch by Adam Turner
  • Fix tests for Python 3.15. Patch by Adam Turner
  • #14089: autodoc: Fix default option parsing. Patch by Adam Turner
  • Remove incorrect static typing assertions. Patch by Adam Turner
  • #14050: LaTeXTranslator fails to build documents using the "acronym" standard role. Patch by Günter Milde
  • LaTeX: Fix rendering for grid filled merged vertical cell. Patch by Tim Nordell
  • #14228: LaTeX: Fix overrun footer for cases of merged vertical table cells. Patch by Tim Nordell
  • #14207: Fix creating HTMLThemeFactory objects in third-party extensions. Patch by Adam Turner
  • #3099: LaTeX: PDF build crashes if a code-block contains more than circa 1350 codelines (about 27 a4-sized pages at default pointsize). Patch by Jean-François B.
  • #14064: LaTeX: TABs ending up in sphinxVerbatim fail to obey tab stops. Patch by Jean-François B.
  • #14089: autodoc: Improve support for non-weakreferencable objects. Patch by Adam Turner
  • LaTeX: Fix accidental removal at 3.5.0 (#8854) of the documentation of literalblockcappos key of :ref:'sphinxsetup' <latexsphinxsetup>. Patch by Jean-François B.
Commits
  • cc7c6f4 Bump to 9.1.0 final
  • b127b94 Add app.add_static_dir() for copying extension static files (#14219)
  • 20f1c46 LaTeX: Inhibit breaks for rows with merged vertical cells (#14227)
  • 3c85411 Polish CHANGES.rst (#14225)
  • 9ee5446 LaTeX: restore 1.7 documentation of literalblockcappos (#14224)
  • d75d602 LaTeX: improve (again...) some code comments in time for 9.1.0 (#14222)
  • 8dca61d Improve some LaTeX code comments (#14220)
  • 8ab9600 Bump to 9.1.0 candidate 2
  • d59b237 autodoc: Improve support for non-weakreferencable objects
  • 964424b Use the correct reference for using existing extensions (#14157)
  • Additional commits viewable in compare view

Updates myst-parser from 4.0.1 to 5.1.0

Release notes

Sourced from myst-parser's releases.

v5.1.0

✨ New Features

👌 Improvements

  • 👌 Update myst_gfm_only mode to use the unified gfm_plugin, which now includes GFM autolinks, alerts, and improved strikethrough/tasklist handling by @​chrisjsewell in #1128
  • 👌 Improve MathJax 4 compatibility for Sphinx 9 by @​chrisjsewell in #1110
  • 👌 Stop directive-option parsing at colon fences, fixing nested colon fence directives by @​chrisjsewell in #1133

🐛 Bug Fixes

⬆️ Dependency Upgrades

New Contributors

Full Changelog: executablebooks/MyST-Parser@v5.0.0...v5.1.0

v5.0.0

MyST-Parser 5.0.0

Release Date: 2026-01-15

This release significantly bumps the supported versions of core dependencies:

‼️ Breaking Changes

This release updates the minimum supported versions:

  • Python: >=3.11 (dropped Python 3.10, tests up to 3.14)
  • Sphinx: >=8,<10 (dropped Sphinx 7, added Sphinx 9)
  • Docutils: >=0.20,<0.23 (dropped docutils 0.19, added docutils 0.22)
  • markdown-it-py: ~=4.0 (upgraded from v3)

... (truncated)

Changelog

Sourced from myst-parser's changelog.

5.1.0 - 2026-05-13

✨ New Features

  • ✨ Add "alert" syntax extension for GFM alerts (e.g. > [!NOTE]), see by gh-user:chrisjsewell in gh-pr:1128
  • ✨ Add "gfm_autolink" syntax extension for GFM autolinks, see by gh-user:chrisjsewell in gh-pr:1128
  • ✨ Add myst_strikethrough_single_tilde config option to allow single tilde (~) for strikethrough by gh-user:chrisjsewell in gh-pr:1128
  • ✨ Add myst_colon_fence_exact_match config option to require the closing colon fence to have exactly the same number of colons as the opening, see by gh-user:chrisjsewell in gh-pr:1128

👌 Improvements

  • 👌 Update myst_gfm_only mode to use the unified gfm_plugin, which now includes GFM autolinks, alerts, and improved strikethrough/tasklist handling by gh-user:chrisjsewell in gh-pr:1128
  • 👌 Improve MathJax 4 compatibility for Sphinx 9 by gh-user:chrisjsewell in gh-pr:1110
  • 👌 Stop directive-option parsing at colon fences, fixing nested colon fence directives by gh-user:chrisjsewell in gh-pr:1133

🐛 Bug Fixes

  • 🐛 Use docname instead of source path in warning locations by gh-user:chrisjsewell in gh-pr:1114
  • 🐛 Correctly encode & in Markdown URLs by not HTML-escaping refuri by gh-user:chrisjsewell in gh-pr:1126
  • 🐛 Fix RemovedInSphinx10Warning for inventory item iteration by gh-user:chrisjsewell in gh-pr:1129
  • 🐛 Pin mdit-py-plugins>=0.6.1 for nested field list fix by gh-user:chrisjsewell in gh-pr:1134

⬆️ Dependency Upgrades

  • ⬆️ Upgrade to markdown-it-py~=4.2 and mdit-py-plugins~=0.6 by gh-user:chrisjsewell in gh-pr:1128
  • ⬆️ Update pygments requirement from <2.20 to <2.21 by gh-user:chrisjsewell in gh-pr:1117

Full Changelog: v5.0.0...v5.1.0

5.0.0 - 2026-01-15

This release significantly bumps the supported versions of core dependencies:

‼️ Breaking Changes

This release updates the minimum supported versions:

  • Python: >=3.11 (dropped Python 3.10, tests up to 3.14)
  • Sphinx: >=8,<10 (dropped Sphinx 7, added Sphinx 9)
  • Docutils: >=0.20,<0.23 (dropped docutils 0.19, added docutils 0.22)
  • markdown-it-py: ~=4.0 (upgraded from v3)

⬆️ Dependency Upgrades

  • ⬆️ Upgrade to markdown-it-py v4 by gh-user:chrisjsewell in gh-pr:1060
  • ⬆️ Drop Python 3.10 and Sphinx 7 by gh-user:chrisjsewell in gh-pr:1059
  • ⬆️ Drop docutils 0.19 by gh-user:chrisjsewell in gh-pr:1061
  • ⬆️ Add support for Python 3.14 by gh-user:chrisjsewell in gh-pr:1075
  • ⬆️ Support Sphinx v9 by gh-user:chrisjsewell in gh-pr:1076
  • ⬆️ Allow docutils 0.22 by gh-user:chrisjsewell in gh-pr:1084

... (truncated)

Commits
  • 2871eb9 🚀 Release v5.1.0 (#1135)
  • cc5db37 🐛 FIX: Pin mdit-py-plugins>=0.6.1 for nested field list fix (#1134)
  • 4ce57f9 👌 Stop directive-option parsing at colon fences (#1133)
  • cfcc327 ⬆️ Bump mypy from 2.0.0 to 2.1.0 (#1131)
  • 691738c ⬆️ Bump ruff from 0.15.10 to 0.15.12 (#1132)
  • 0fb1ae9 👌 IMPROVE: MathJax 4 compatibility (Sphinx 9) (#1110)
  • f153b4b ⬆️ Bump actions/setup-python from 5 to 6 (#1092)
  • 93acf8d [pre-commit.ci] pre-commit autoupdate (#1095)
  • a5f1d69 ⬆️ Update pygments requirement from <2.20 to <2.21 (#1117)
  • 8381296 🐛 FIX: Use docname instead of source path in warning locations (#1114)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added the Dependencies Pull requests that update a dependency file label May 26, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 26, 2026 20:41
@dependabot dependabot Bot requested review from adrienpessu and felickz May 26, 2026 20:41
@dependabot dependabot Bot added the Dependencies Pull requests that update a dependency file label May 26, 2026
github-license-compliance[bot]
github-license-compliance Bot found potential problems May 26, 2026
View reviewed changes
Comment thread Pipfile.lock
Comment thread Pipfile.lock
@github-actions

github-actions Bot commented May 26, 2026
edited
Loading

Copy link
Copy Markdown

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 2 package(s) with unknown licenses.
  • ⚠️ 1 packages with OpenSSF Scorecard issues.
See the Details below.

License Issues

Pipfile.lock

PackageVersionLicenseIssue Type
ghastoolkit0.18.3NullUnknown License
idna3.18NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
pip/babel 2.18.0 UnknownUnknown
pip/certifi 2026.5.20 🟢 5.8
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 78 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 7
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 0Found 0/2 approved changesets -- score normalized to 0
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/certifi 2026.5.20 🟢 5.8
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 78 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 7
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 0Found 0/2 approved changesets -- score normalized to 0
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/charset-normalizer 3.4.7 UnknownUnknown
pip/charset-normalizer 3.4.7 UnknownUnknown
pip/docutils 0.22.4 UnknownUnknown
pip/ghastoolkit 0.18.3 UnknownUnknown
pip/idna 3.18 UnknownUnknown
pip/idna 3.18 UnknownUnknown
pip/imagesize 2.0.0 ⚠️ 2.8
Details
CheckScoreReason
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 0Found 0/15 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/markdown-it-py 4.2.0 UnknownUnknown
pip/mdit-py-plugins 0.6.1 UnknownUnknown
pip/myst-parser 5.1.0 UnknownUnknown
pip/packaging 26.2 UnknownUnknown
pip/pygments 2.20.0 UnknownUnknown
pip/requests 2.34.2 UnknownUnknown
pip/requests 2.34.2 UnknownUnknown
pip/roman-numerals 4.1.0 UnknownUnknown
pip/snowballstemmer 3.1.1 🟢 4.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 1/30 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Packaging🟢 10packaging workflow detected
pip/sphinx 9.1.0 UnknownUnknown

Scanned Files

  • Pipfile.lock

@dependabot
deps: bump the production-dependencies group across 1 directory with …
6e49e5d 
…3 updates

Bumps the production-dependencies group with 3 updates in the / directory: [ghastoolkit](https://github.com/GeekMasher/ghastoolkit), [sphinx](https://github.com/sphinx-doc/sphinx) and [myst-parser](https://github.com/executablebooks/MyST-Parser).


Updates `ghastoolkit` from 0.18.2 to 0.18.3
- [Release notes](https://github.com/GeekMasher/ghastoolkit/releases)
- [Commits](GeekMasher/ghastoolkit@0.18.2...0.18.3)

Updates `sphinx` from 8.2.3 to 9.1.0
- [Release notes](https://github.com/sphinx-doc/sphinx/releases)
- [Changelog](https://github.com/sphinx-doc/sphinx/blob/master/CHANGES.rst)
- [Commits](sphinx-doc/sphinx@v8.2.3...v9.1.0)

Updates `myst-parser` from 4.0.1 to 5.1.0
- [Release notes](https://github.com/executablebooks/MyST-Parser/releases)
- [Changelog](https://github.com/executablebooks/MyST-Parser/blob/master/CHANGELOG.md)
- [Commits](executablebooks/MyST-Parser@v4.0.1...v5.1.0)

---
updated-dependencies:
- dependency-name: ghastoolkit
  dependency-version: 0.18.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: myst-parser
  dependency-version: 5.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: sphinx
  dependency-version: 9.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/main/production-dependencies-4b0b2bb4a4 branch from 199ddb3 to 6e49e5d Compare June 4, 2026 04:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@felickz felickz Awaiting requested review from felickz felickz is a code owner automatically assigned from advanced-security/oss-maintainers

@adrienpessu adrienpessu Awaiting requested review from adrienpessu adrienpessu is a code owner automatically assigned from advanced-security/oss-maintainers

1 more reviewer

@github-license-compliance github-license-compliance[bot] github-license-compliance[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants