From 27e146f8700e769b1f7dce45c7cd29ef9776068c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Jul 2026 11:45:42 +0000 Subject: [PATCH 1/4] Bump astral-sh/setup-uv from 8.3.1 to 8.3.2 (#13102) Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 8.3.1 to 8.3.2.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=astral-sh/setup-uv&package-manager=github_actions&previous-version=8.3.1&new-version=8.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-cd.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 15abcd75076..e4703eef93b 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -219,7 +219,7 @@ jobs: # important: do not use system python env: UV_PYTHON_PREFERENCE: only-managed - uses: astral-sh/setup-uv@v8.3.1 + uses: astral-sh/setup-uv@v8.3.2 with: python-version: ${{ matrix.pyver }} activate-environment: true @@ -324,7 +324,7 @@ jobs: # important: do not use system python env: UV_PYTHON_PREFERENCE: only-managed - uses: astral-sh/setup-uv@v8.3.1 + uses: astral-sh/setup-uv@v8.3.2 with: python-version: ${{ matrix.pyver }} activate-environment: true @@ -396,7 +396,7 @@ jobs: # important: do not use system python env: UV_PYTHON_PREFERENCE: only-managed - uses: astral-sh/setup-uv@v8.3.1 + uses: astral-sh/setup-uv@v8.3.2 with: python-version: ${{ matrix.pyver }} activate-environment: true From dc9f0008db81a783c18c7cc8ab73a42931b55872 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Jul 2026 11:51:27 +0000 Subject: [PATCH 2/4] Bump charset-normalizer from 3.4.8 to 3.4.9 (#13105) Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer) from 3.4.8 to 3.4.9.
Release notes

Sourced from charset-normalizer's releases.

Version 3.4.9

3.4.9 (2026-07-07)

Fixed

  • Regression in our fallback path leading to a decode error. (#771) We've yanked 3.4.8 as a result of that bug.
Changelog

Sourced from charset-normalizer's changelog.

3.4.9 (2026-07-07)

Fixed

  • Regression in our fallback path leading to a decode error. (#771) We've yanked 3.4.8 as a result of that bug.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=charset-normalizer&package-manager=pip&previous-version=3.4.8&new-version=3.4.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index a9eef63a071..69c9e2e386c 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -55,7 +55,7 @@ cffi==2.1.0 # pycares cfgv==3.5.0 # via pre-commit -charset-normalizer==3.4.8 +charset-normalizer==3.4.9 # via requests click==8.4.2 # via diff --git a/requirements/dev.txt b/requirements/dev.txt index 3f1fc5a4787..e006874a672 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -55,7 +55,7 @@ cffi==2.1.0 # pycares cfgv==3.5.0 # via pre-commit -charset-normalizer==3.4.8 +charset-normalizer==3.4.9 # via requests click==8.4.2 # via diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index d54a504c8b2..ade053c613a 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -12,7 +12,7 @@ babel==2.18.0 # via sphinx certifi==2026.6.17 # via requests -charset-normalizer==3.4.8 +charset-normalizer==3.4.9 # via requests click==8.4.2 # via towncrier diff --git a/requirements/doc.txt b/requirements/doc.txt index 209f526bb24..3cc02c1e5d9 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -12,7 +12,7 @@ babel==2.18.0 # via sphinx certifi==2026.6.17 # via requests -charset-normalizer==3.4.8 +charset-normalizer==3.4.9 # via requests click==8.4.2 # via towncrier From 471d505a9c93b8171737ec5f797d2a7385be7dda Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Jul 2026 11:58:10 +0000 Subject: [PATCH 3/4] Bump filelock from 3.29.6 to 3.29.7 (#13107) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.29.6 to 3.29.7.
Release notes

Sourced from filelock's releases.

3.29.7

What's Changed

Full Changelog: https://github.com/tox-dev/filelock/compare/3.29.6...3.29.7

Commits
  • 1efb893 _util: drop the dead st_mtime=0 short-circuit in raise_on_not_writable_file (...
  • 3547d58 soft_rw: evict a non-regular write marker without reading it (#588)
  • 616400e asyncio: detect cross-instance reentrant deadlocks before the poll loop (#586)
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=filelock&package-manager=pip&previous-version=3.29.6&new-version=3.29.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/lint.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 69c9e2e386c..50ca8bc7c55 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -80,7 +80,7 @@ exceptiongroup==1.3.1 # via pytest execnet==2.1.2 # via pytest-xdist -filelock==3.29.6 +filelock==3.29.7 # via # python-discovery # virtualenv diff --git a/requirements/dev.txt b/requirements/dev.txt index e006874a672..c5076add783 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -78,7 +78,7 @@ exceptiongroup==1.3.1 # via pytest execnet==2.1.2 # via pytest-xdist -filelock==3.29.6 +filelock==3.29.7 # via # python-discovery # virtualenv diff --git a/requirements/lint.txt b/requirements/lint.txt index 9afaf2cbc8a..5efdfbf7c37 100644 --- a/requirements/lint.txt +++ b/requirements/lint.txt @@ -38,7 +38,7 @@ distlib==0.4.3 # via virtualenv exceptiongroup==1.3.1 # via pytest -filelock==3.29.6 +filelock==3.29.7 # via # python-discovery # virtualenv From 2519225794807027b0f3f09c5639f0b772df12cc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Jul 2026 11:59:25 +0000 Subject: [PATCH 4/4] Bump sphinxcontrib-mermaid from 2.0.2 to 2.0.3 (#13110) Bumps [sphinxcontrib-mermaid](https://github.com/mgaitan/sphinxcontrib-mermaid) from 2.0.2 to 2.0.3.
Changelog

Sourced from sphinxcontrib-mermaid's changelog.

2.0.3 (July 7, 2026)

  • Capture mmdc error message as string for nicer error display
  • Fix local JS module imports on root-level pages by ensuring a valid relative ES module specifier (#246)
  • Defer rendering of Mermaid diagrams hidden by a parent (e.g. Reveal.js slides, unopened tabs) until they become visible, fixing broken SVGs
Commits
  • f992df7 Merge pull request #249 from mgaitan/tkp/203
  • 7ced3de bump to 2.0.3
  • 7346af2 Merge pull request #227 from drillan/fix/lazy-render-hidden-elements
  • b6d1fdc Merge branch 'master' into fix/lazy-render-hidden-elements
  • 425076f Apply zoom to deferred diagrams and fix zoom completion loop
  • 9261af4 Merge pull request #248 from timkpaine/tkp/hf
  • a902799 Fix local JS module imports on root-level pages
  • 881b38a Merge pull request #245 from imphil/string-error-message
  • 4fa3848 fix: Capture mmdc error message as string
  • 1a6cad0 Backfill CHANGELOG for 2.0.2
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sphinxcontrib-mermaid&package-manager=pip&previous-version=2.0.2&new-version=2.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index 50ca8bc7c55..2dedb6e2f42 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -275,7 +275,7 @@ sphinxcontrib-htmlhelp==2.1.0 # via sphinx sphinxcontrib-jsmath==1.0.1 # via sphinx -sphinxcontrib-mermaid==2.0.2 +sphinxcontrib-mermaid==2.0.3 # via -r requirements/doc.in sphinxcontrib-qthelp==2.0.0 # via sphinx diff --git a/requirements/dev.txt b/requirements/dev.txt index c5076add783..ca38b7bab11 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -267,7 +267,7 @@ sphinxcontrib-htmlhelp==2.1.0 # via sphinx sphinxcontrib-jsmath==1.0.1 # via sphinx -sphinxcontrib-mermaid==2.0.2 +sphinxcontrib-mermaid==2.0.3 # via -r requirements/doc.in sphinxcontrib-qthelp==2.0.0 # via sphinx diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index ade053c613a..2b6cd4e33a7 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -73,7 +73,7 @@ sphinxcontrib-htmlhelp==2.1.0 # via sphinx sphinxcontrib-jsmath==1.0.1 # via sphinx -sphinxcontrib-mermaid==2.0.2 +sphinxcontrib-mermaid==2.0.3 # via -r requirements/doc.in sphinxcontrib-qthelp==2.0.0 # via sphinx diff --git a/requirements/doc.txt b/requirements/doc.txt index 3cc02c1e5d9..365a9e2e6fc 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -68,7 +68,7 @@ sphinxcontrib-htmlhelp==2.1.0 # via sphinx sphinxcontrib-jsmath==1.0.1 # via sphinx -sphinxcontrib-mermaid==2.0.2 +sphinxcontrib-mermaid==2.0.3 # via -r requirements/doc.in sphinxcontrib-qthelp==2.0.0 # via sphinx